Development

Env preparation

Install Indeni server

• Install VMWare from here

• Download Indeni .ova from here

• See this guide on how to run the server and log in to it.

Install end device

end device = CHKP / PAN / etc security gateway

See this guide on how to install a new device for monitoring

GIT/JIRA - start

Create JIRA issue

Keep the JIRA issue + headline

GIT clone indeni-knowledge

• Create an ssh key for your computer/bitbucket account by following this tutorial

• Run

  git clone git@bitbucket.org:indeni/indeni-knowledge.git

   

Create feature branch

https://indeni.atlassian.net/wiki/spaces/IKP/pages/822018065/Working+with+Tickets+and+Branches This page will guide you through working with GIT

Development

Create IND directory

Directory will contain the files you write for the ADE

End-to-end ADE - summary & hands-on

Step by step guide for creating ADE + troubleshooting.

Create collection YAML (ADE)

See the “Ind file“ section of https://indeni.atlassian.net/wiki/spaces/IKP/pages/769130623 for info

Python parser script

Parsing techniques:

• XML - use helper_methods.parse_data_as_xml

• JSON - use helper_methods.parse_data_as_json

• SNMP - use the value

• Raw data - use TextFSM

  • https://codingpackets.com/blog/textfsm-getting-started/

  • https://github.com/google/textfsm/wiki/TextFSM
    http://textfsm.nornir.tech/

Then handle data using https://indeni.atlassian.net/wiki/spaces/IKP/pages/805929061

Search type: PYTHON in indeni-knowledge/parsers for examples

Write rule - YAML

If a rule templated exists - use it.

If not, the server team can either create a new template or write the rule in SCALA.

See

See the indeni-knowledge/rules/templatebased folder for examples

Write triage playbook (ATE)

These are workflows written in indeni-workflow block language.
See the indeni-knowledge/automation/workflows folder for examples

Write Unit testing

Write Integration testing (ATE only)

Trigger Alert

Manually trigger an alert to see if everything is working.

Trigger Playbook

Test

Create Test directory

command-runner test create <IND file> <test name> <input file>

Test against real device

• Copy new files to appropriate place in /usr/share/indeni-knowledge/overwrite/ on the indeni server

• Restart the indeni-collector service on the indeni server

Sanity

Mandatory checks (for PR, and when build is ready)

• Validate the code is integrated

• Validate metric exist and values are as expected

• Validate rule exists in Knowledge Explorer

• Validate alert is created

Code Integration

Commit

is a comprehensive guide on all the remaining steps.

Push

Create Pull Request

Pull Request review (PR review)

Merge

Create PR for existing code, to another branch

Follow these steps:

Find the commit id.
Create new branch from the target branch you would like to push into.
Checkout to this branch locally.
In “source-tree”, find the commit ID.
Example:

Open

Right click on this commit ID, and choose to create patch.
Example:

Open

After the new file patch created, use the Action —> “apply patch”. Make sure you are doing so, after your checked out to the desired branch, in which you would like to issue PR from:

Then, add the files to your local branch (git add…), commit and push.
When creating the new PR, make sure to specify the correct version you would like to integrate into.

Run sanity testing with the new build

Close JIRA issue