Merge pull request #792 from altanatsedenova/master

ebruersan · web-flow · commit bab8be4a9be4 · 2020-07-17T17:38:16.000+03:00
Update rule with cmdshell probe type.
diff --git a/samples/manage/sql-assessment-api/notebooks/CustomizationSamples/CustomRuleCmdShellProbe.json b/samples/manage/sql-assessment-api/notebooks/CustomizationSamples/CustomRuleCmdShellProbe.json
@@ -1,4 +1,4 @@
-﻿{
+{
   "schemaVersion": "1.0",
   "name": "CmdShell check",
   "version": "1.0.0",
@@ -14,21 +14,30 @@
       },
       "displayName": "CmdShell probe",
       "description": "This is an example of cmdshell probe type. ",
-      "message": "Empty list",
+      "message": "File @{stdout.name} has size @{stdout.size} and it's bigger than threshold = @{threshold} bytes",
       "level": "Warning",
-      "condition": "@stdout",
+      "threshold": 1024,
+      "condition": {
+        "lt": [
+          "@stdout.size",
+          "@threshold"
+        ]
+      },
       "probes": [
-        "ListOfDirectoryFilesAndSubdirectories"
+        {
+          "id": "ListOfDirectoryFiles",
+          "transform": {
+            "type": "parse",
+            "map": {
+              "stdout": "/^(?<date>\\d\\d/\\d\\d/\\d\\d\\d\\d)\\s+(?<time>\\d\\d:\\d\\d\\s(AM|PM))\\s+(?<size>[0-9.,]+)\\s+(?<name>.+)$/ix"
+            }
+          }
+        }
       ]
-    },
-	{
-            "id": ["DefaultRuleset"],
-            "itemType": "override",
-            "enabled": false
     }
   ],
   "probes": {
-    "ListOfDirectoryFilesAndSubdirectories": [
+    "ListOfDirectoryFiles": [
       {
         "type": "CmdShell",
         "target": {
@@ -43,4 +52,4 @@
       }
     ]
   }
-}
+}
diff --git a/samples/manage/sql-assessment-api/notebooks/SQLAssessmentAPITutorialNotebook.ipynb b/samples/manage/sql-assessment-api/notebooks/SQLAssessmentAPITutorialNotebook.ipynb
@@ -474,7 +474,7 @@
             "source": [
                 "## Probe types\r\n",
                 "### CmdShell\r\n",
-                "Create a new rule with CmdShell probe. CmdShell probe executes a CMD.EXE shell command and returns lines of text in variable @stdout. Use CMDSHELL instead of QUERY in probe definition to load a .cmd file. Use Regex parser transformation to extract data from @stdout\r\n",
+                "Create a new rule with CmdShell probe. CmdShell probe executes a CMD.EXE shell command and returns lines of text in variable @stdout. Use 'CMDSHELL' instead of 'SQL' in probe definition to load a .cmd file. Use Regex parser transformation to extract data from @stdout\r\n",
                 ""
             ],
             "metadata": {
diff --git a/samples/manage/sql-assessment-api/notebooks/notebooks.zip b/samples/manage/sql-assessment-api/notebooks/notebooks.zip
