Name

sn_vsc.SCEventUtil

Description

No description available

Script

var SCEventUtil = Class.create();
SCEventUtil.prototype = {
  constants: new sn_vsc.SecurityCenterConstants(),
  initialize: function() {},
  /**
   * This function will be called by script action Security center Event - Logins to handle
   * SC related login events.
   */
  loginEvent: function() {
      var that = this;
      var userGr = new GlideRecord(this.constants.SYS_USER);
      var userName = event.parm1;
      var currentIpAddress = event.parm2;
      var eventCreatedOn = event.sys_created_on;

      // Get current user
      userGr.addQuery('user_name', userName);
      userGr.query();

      // Check if user exists
      if (userGr.next()) {
          // Check if current user has roles we desire
          var query = 'role=' + this.constants.ADMIN_ROLE_SYS_ID + '^user=' + userGr.sys_id.toString();
          var sysUserRoleGr = new GlideRecord(this.constants.USER_HAS_ROLE);
          sysUserRoleGr.addEncodedQuery(query);
          sysUserRoleGr.query();
          if (sysUserRoleGr.hasNext()) {
             _checkAdminEvent(userGr, currentIpAddress);
          }
      } else {
          // No record, must be maint login
          // Check SNC Login Event
          _checkSncLoginEvent(currentIpAddress, userName);
      }

      /**
       * This function will log an admin login event to the sc events table
       * if the user logged in has the role admin.
       * @param {GlideRecord} gr - glide record of logged in user
       * @param {string} ipAddress - ip address of logged in user
       */
      function _checkAdminEvent(gr, ipAddress) {
          if (that._checkRole(gr, that.constants.ADMIN_ROLE_SYS_ID)) {
              // Grab event reference
              that._insertSecCenterEventRecord({
                  eventName: that.constants.scEvents.LOGIN_ADMIN,
                  ipAddress: ipAddress,
                  userGr: gr
              });
          }
      }

      /**
       * This function will log a snc login event to the sc events table
       * if the user logged in has snc prefixed to their name.
       * @param {string} name - username of logged in user
       * @param {string} ipAddress - ip address of logged in user
       */
      function _checkSncLoginEvent(ipAddress, userName) {
          if (userName.endsWith("@snc")) {
              // Grab event reference
              that._insertSecCenterEventRecord({
                  eventName: that.constants.scEvents.LOGIN_SNC,
                  ipAddress: ipAddress,
                  userName: userName
              });
          }
      }
  },

  /**
   * This function will be called by the script action Security center Event - Security Elevations
   * to handle SC related security elevation events
   */
  securityElevation: function() {
      var that = this;
      var elevatedUser = event.parm1;
      var elevatedTo = event.parm2;
      var eventCreatedOn = event.sys_created_on;

      // Grab user reference
      var userGr = this._userReference(elevatedUser);
      if (userGr) {
          // Log the security dashboard event and notify enabled users
          this._insertSecCenterEventRecord({
              eventName: this.constants.scEvents.SECURITY_ELEVATION,
              userGr: userGr
          });
      }
  },

  /**
   * This function will be called by the script action Security center Event - Impersonation Start
   * to handle SC related impersonation events
   */
  impersonation: function() {
      var that = this;
      var eventCreatedOn = event.sys_created_on;
      var userImpersonating = event.parm1;
      var userImpersonated = event.parm2;

      // Grab user reference
      var userGr = this._userReference(userImpersonating);
      if (userGr) {
          // Log the security dashboard event and notify impersonated user if HP
          this._insertSecCenterEventRecord({
              eventName: "impersonation",
              userGr: userGr,
              impersonated: userImpersonated
          });
      }
  },

  /**
   * This function will be called by the business rule SC - Store Export Data
   * to generate an export event.
   * @param {GlideRecord} current - The glide record of sys_user in it's current state
   */
  createExportEvent: function(current) {
      var jobGr = new GlideRecord(this.constants.SYS_POLL);
      jobGr.get(current.table_sys_id);
      if (jobGr.isValid()) {
          var exportedTableName = current.file_name.toString().split('.')[0];
          var exportByteSize = current.size_bytes.toString();
          var exportRecordCount = jobGr.max.toString();
          var exportData = {
              exportByteSize: exportByteSize,
              exportRecordCount: exportRecordCount
          };
          gs.eventQueue(this.constants.scEvents.EXPORT, jobGr, exportedTableName, JSON.stringify(exportData));
      }
  },
  /**
   * This function will be called by Security center Event - Export to generate the dashboard event record
   * for export events.
   */
  createTableExportEvent: function() {
      var that = this;
      var exportedTableName = event.parm1;
      var exportData = JSON.parse(event.parm2);
      var userName = event.user_name;

      /// User ref
      var userGr = new GlideRecord(this.constants.SYS_USER);
      userGr.addQuery("user_name", userName);
      userGr.query();
      userGr.next();

      // Check for classifications
      var classification = this.checkClassification(exportedTableName);

      var grTable = new GlideRecord('sys_db_object');
      grTable.addQuery('name', exportedTableName);
      grTable.query();
      grTable.next();
      var tableId = grTable.sys_id;

      // Log the security dashboard event
      this._insertSecCenterEventRecord({
          eventName: this.constants.scEvents.EXPORT,
          userGr: userGr,
          size: exportData['exportByteSize'],
          records: exportData['exportRecordCount'],
          table: tableId,
          classification: classification
      });
  },
  /**
   * This function will check if the current exported table contains classified columns.
   * It will return the classified columns on this table.
   * @param {string} tableName - The exported table name
   */
  checkClassification: function(tableName) {
      // Find all parent tables and possible classifications and build an encoded query
      var classifications = {};
      var extendedTables = this._getTables(tableName);
      for (var i = 0; i < extendedTables.length; i++) {
          extendedTables[i] = 'sys_dictionary.name=' + extendedTables[i];
      }

      // Find all classifications on columns from parent and child tables
      var dictClassGr = new GlideRecord(this.constants.DICT_CLASS);
      dictClassGr.addEncodedQuery(extendedTables.join('^OR'));
      dictClassGr.query();
      while (dictClassGr.next()) {
          classifications[dictClassGr.data_class.sys_id.toString()] = 1;
      }

      return Object.keys(classifications).toString();
  },

  /**
   * This function will insert a record to the sc events log.
   * @param {any} obj - This object will contain only the necessary parameters
   * for the type of security event being logged
   */
  _insertSecCenterEventRecord: function(obj) {
      // Insert into the mapped event table
      var eventTable = this.constants.scEventToTable[obj.eventName];
      var scEventGr = new GlideRecord(eventTable);
      scEventGr.initialize();
      scEventGr.user = obj.userGr ? obj.userGr.sys_id : null;
      scEventGr.user_name = obj.userGr ? obj.userGr.user_name : obj.userName;

      // Insert event specific data
      if (eventTable === "sn_vsc_login_event") {
          scEventGr.login_type = obj.eventName;
          scEventGr.ip_address = obj.ipAddress;
      } else if (eventTable === "sn_vsc_impersonation_event") {
          scEventGr.impersonated = obj.impersonated;
      } else if (eventTable === "sn_vsc_export_event") {
          scEventGr.size = obj.size;
          scEventGr.records = obj.records;
          scEventGr.classification = obj.classification;
          scEventGr.table = obj.table;
      }

      // Insert
      scEventGr.insert();
  },

  /*
   * Return an array of table names in the table parent hierarchy
   * @return ArrayList
   */
  _getTables: function(tableName) {
      var table = new GlideTableHierarchy(tableName);
      return table.getTables();
  },

  /**
   * // Grab user reference
   * @param {string} userName
   */
  _userReference: function(userName) {
      var userGr = new GlideRecord(this.constants.SYS_USER);
      userGr.addQuery('user_name', userName);
      userGr.query();
      if (userGr.next()) {
          return userGr;
      }
  },
  
   /**
   * This function will check if the user has a role
   * @param {GlideRecord} userGr - The glide record for sys_user
   * @param {string} roleId - The sys_id of the role being checked
   */
  _checkRole: function (userGr, roleId) {
      var userRoleGr = new GlideRecord(this.constants.USER_HAS_ROLE);
      userRoleGr.addQuery('user', userGr.sys_id);
      userRoleGr.addQuery('role', roleId);
      userRoleGr.query();
      if (userRoleGr.next()) {
          return userRoleGr;
      }
  },

  type: 'SCEventUtil'
};

Sys ID

29ded71b073e51102fe9f1e08c1ed044

Offical Documentation

Official Docs: