9.4. Example Plugins

For more complete examples, look at the plugin files included with Tanium HAT out of the box.

9.4.1. Basic

This example doesn’t do much.

It provides all the required attributes of a plugin file, but since the all of the mode variables are empty, nothing will happen when this plugin is enabled.

When this plugin is enabled:

  • If get_tanium_data is enabled, this plugin will have nothing to do.
  • If get_internet_data is enabled, this plugin will have nothing to do.
  • If analyze_data is enabled, this plugin will have nothing to do.
1
2
3
4
5
6
7
VERSION = "1.1.0"
MINIMUM_THAT_VERSION = "1.1.0"
NAME = "plugin_name"
PRIORITY = 1
ANALYZE_DATA = OrderedDict()
GET_TANIUM_DATA = OrderedDict()
GET_INTERNET_DATA = []

9.4.2. Ask a question and analyze the results

This example does a little bit more.

It asks a question and performs a calculation against the results.

When this plugin is enabled:

  • If get_tanium_data is enabled, this plugin will write a CSV file called “all_products.csv” to config[data_path]
  • If get_internet_data is enabled, this plugin will have nothing to do.
  • If analyze_data is enabled, this plugin will:
    • load “all_products.csv” from config[data_path] as a pandas dataframe, and get the sum of all Count columns as “total_products”
    • “total_products” will be available to use via fetch in a layout file for updating a powerpoint file
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
VERSION = "1.1.0"
MINIMUM_THAT_VERSION = "1.1.0"
NAME = "plugin_name"
PRIORITY = 1
ANALYZE_DATA = OrderedDict()
GET_TANIUM_DATA = OrderedDict()
GET_INTERNET_DATA = []

# ask the question 'Get Installed Applications from all machines'
# and store results in "all_products.csv"
GET_TANIUM_DATA["all_products.csv"] = {
    "filters": [],
    "sensors": ["Installed Applications"],
}

ANALYZE_DATA["total_products"] = """
# use pandas to get a sum of the Count column from all_products.csv

csv = "all_products.csv"
df = self.load_csv_as_df(csv)

result = df['Count'].sum()
"""

9.4.3. Ask a question, get internet data, and analyze the results

This example builds on the previous one.

It asks a question, gets data from the internet, and performs a calculation against the results.

When this plugin is enabled:

  • If get_tanium_data is enabled, this plugin will write a CSV file called “all_products.csv” to config[data_path]
  • If get_internet_data is enabled, this plugin will have the result of function1 added to the CSV file called “internet_data.csv” in config[data_path]
  • If analyze_data is enabled, this plugin will:
    • load “all_products.csv” from config[data_path] as a pandas dataframe, and get the sum of all Count columns as “total_products”
    • load “internet_data.csv” from config[data_path] as a pandas dataframe, and get the function1 column value as “total_vulnerabilities”
    • get the previous two results to calculate an average as “average_vulnerabilities_per_product”
    • “total_products”, “total_vulnerabilities”, and “average_vulnerabilities_per_product” will be available to use via fetch in a layout file for updating a powerpoint file
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
VERSION = "1.1.0"
MINIMUM_THAT_VERSION = "1.1.0"
NAME = "plugin_name"
PRIORITY = 1
ANALYZE_DATA = OrderedDict()
GET_TANIUM_DATA = OrderedDict()

GET_INTERNET_DATA = [
    "function1",
]

# ask the question 'Get Installed Applications from all machines'
# and store results in "all_products.csv"
GET_TANIUM_DATA["all_products.csv"] = {
    "filters": [],
    "sensors": ["Installed Applications"],
}

ANALYZE_DATA["total_products"] = """
# use pandas to get a sum of the Count column from all_products.csv

csv = "all_products.csv"
df = self.load_csv_as_df(csv)

result = df['Count'].sum()
"""

ANALYZE_DATA["total_vulnerabilities"] = """
# Get function1 from internet_data.csv

csv = "internet_data.csv"
df = self.load_csv_as_df(csv)

result = df.iloc[0]["function1"]
"""

ANALYZE_DATA["average_vulnerabilities_per_product"] = """
# Get function1 from internet_data.csv

total_vulnerabilities = self.get_result("total_vulnerabilities")
total_products = self.get_result("total_products")

result = total_products / total_vulnerabilities
"""


def function1(wequests, pkgs, **kwargs):
    # hardcoded return of a value for examples sake
    ret = "97"
    return ret