VultureProject · nlancon · Jan 23, 2025 · Jan 27, 2025 · Jan 27, 2025 · Jan 28, 2025
diff --git a/vulture_os/services/frontend/form.py b/vulture_os/services/frontend/form.py
@@ -266,7 +266,9 @@ def __init__(self, *args, **kwargs):
                            "beyondtrust_pra_client_id", "beyondtrust_pra_secret", "beyondtrust_pra_host",
                            "lockself_x_auth_token", "lockself_x_ls_token", "lockself_host", "lockself_organization_id",
                            "cisco_umbrella_managed_org_api_key", "cisco_umbrella_managed_org_secret_key", "cisco_umbrella_managed_org_customers_id",
-                           "cisco_umbrella_managed_org_get_dns", "cisco_umbrella_managed_org_get_proxy"
+                           "cisco_umbrella_managed_org_get_dns", "cisco_umbrella_managed_org_get_proxy",
+                           "beyondtrust_reportings_client_id", "beyondtrust_reportings_secret", "beyondtrust_reportings_host",
+                           "beyondtrust_reportings_get_team_logs", "beyondtrust_reportings_get_access_session_logs", "beyondtrust_reportings_get_vault_account_activity_logs", "beyondtrust_reportings_get_support_session_logs",
                            ]:
             self.fields[field_name].required = False
 
@@ -379,7 +381,11 @@ class Meta:
                   "beyondtrust_pra_client_id", "beyondtrust_pra_secret", "beyondtrust_pra_host",
                   'lockself_x_auth_token', 'lockself_x_ls_token', 'lockself_host', 'lockself_organization_id',
                   'cisco_umbrella_managed_org_api_key', 'cisco_umbrella_managed_org_secret_key', 'cisco_umbrella_managed_org_customers_id',
-                  'cisco_umbrella_managed_org_get_dns', 'cisco_umbrella_managed_org_get_proxy'
+                  'cisco_umbrella_managed_org_get_dns', 'cisco_umbrella_managed_org_get_proxy',
+                  "beyondtrust_reportings_client_id", "beyondtrust_reportings_secret", "beyondtrust_reportings_host",
+                  "beyondtrust_reportings_get_team_logs", "beyondtrust_reportings_get_access_session_logs",
+                  "beyondtrust_reportings_get_vault_account_activity_logs",
+                  "beyondtrust_reportings_get_support_session_logs",
                   )
 
         widgets = {
@@ -589,6 +595,13 @@ class Meta:
             'cisco_umbrella_managed_org_customers_id': TextInput(attrs={'class': 'form-control', 'data-role': "tagsinput"}),
             'cisco_umbrella_managed_org_get_dns': CheckboxInput(attrs={'class': 'js-switch'}),
             'cisco_umbrella_managed_org_get_proxy': CheckboxInput(attrs={'class': 'js-switch'}),
+            'beyondtrust_reportings_client_id': TextInput(attrs={'class': 'form-control'}),
+            'beyondtrust_reportings_secret': TextInput(attrs={'type': 'password', 'class': 'form-control'}),
+            'beyondtrust_reportings_host': TextInput(attrs={'class': 'form-control'}),
+            'beyondtrust_reportings_get_team_logs': CheckboxInput(attrs={'class': 'js-switch'}),
+            'beyondtrust_reportings_get_access_session_logs': CheckboxInput(attrs={'class': 'js-switch'}),
+            'beyondtrust_reportings_get_vault_account_activity_logs': CheckboxInput(attrs={'class': 'js-switch'}),
+            'beyondtrust_reportings_get_support_session_logs': CheckboxInput(attrs={'class': 'js-switch'}),
         }
 
     def clean_name(self):

diff --git a/vulture_os/services/frontend/models.py b/vulture_os/services/frontend/models.py
@@ -1455,6 +1455,45 @@
     cisco_umbrella_managed_org_customers_tokens = models.JSONField(
         default=dict
     )
+    # Beyondtrust Reportings attributes
+    beyondtrust_reportings_client_id = models.TextField(
+        verbose_name=_("Beyondtrust Reportings client id"),
+        help_text=_("Beyondtrust Reportings client id"),
+        default="ex: 18xxxxxxxxxxxaf3e86b2xxxxxx77b4fc29eff",
+    )
+    beyondtrust_reportings_secret = models.TextField(
+        verbose_name=_("Beyondtrust Reportings secret"),
+        help_text=_("Beyondtrust Reportings secret"),
+        default="ex: Oxxxxxxxxxxqep8xxxxxxx22Y8S98GPcHkgNMK",
+    )
+    beyondtrust_reportings_host = models.TextField(
+        verbose_name=_("Beyondtrust Reportings host"),
+        help_text=_("Beyondtrust Reportings host"),
+        default="ex: https://xxx.xxx.com",
+    )
+    beyondtrust_reportings_api_token = models.JSONField(
+        default=dict
+    )
+    beyondtrust_reportings_get_team_logs = models.BooleanField(
+        verbose_name=_("Retrieve Beyondtrust Reportings Team logs"),
+        help_text=_("Retrieve Beyondtrust Reportings Team logs"),
+        default=False,
+    )
+    beyondtrust_reportings_get_access_session_logs = models.BooleanField(
+        verbose_name=_("Retrieve Beyondtrust Reportings AccessSession logs"),
+        help_text=_("Retrieve Beyondtrust Reportings AccessSession logs"),
+        default=False,
+    )
+    beyondtrust_reportings_get_vault_account_activity_logs = models.BooleanField(
+        verbose_name=_("Retrieve Beyondtrust Reportings VaultAccountActivity logs"),
+        help_text=_("Retrieve Beyondtrust Reportings VaultAccountActivity logs"),
+        default=False,
+    )
+    beyondtrust_reportings_get_support_session_logs = models.BooleanField(
+        verbose_name=_("Retrieve Beyondtrust Reportings SupportSession logs"),
+        help_text=_("Retrieve Beyondtrust Reportings SupportSession logs"),
+        default=False,
+    )
 
 
     @staticmethod
@@ -1491,7 +1530,7 @@
            # Test self.pk to prevent M2M errors when object isn't saved in DB
            if self.pk:
                for listener in self.listener_set.all():
                    l = listener.to_template()
                    # Remove frontend to prevent infinite loop
                    del l['frontend']
                    result['listeners'].append(l)
@@ -1535,7 +1574,7 @@
                                    for log_fwd in self.log_forwarders.all().only('id')]

        if not fields or "api_parser_custom_certificate" in fields:
            if result['api_parser_custom_certificate'] == None:
                result['api_parser_custom_certificate'] = {}

        return result
@@ -1557,9 +1596,9 @@
            listeners_list = ["Kafka:"] + self.kafka_brokers
        else:
            # Test self.pk to prevent M2M errors when object isn't saved in DB
            listeners_list = [str(l) for l in self.listener_set.all().only(*Listener.str_attrs())] if self.pk else []

        log_forwarders = [str(l) for l in self.log_forwarders.all()]

        mode = "UNKNOWN"
        for m in MODE_CHOICES:
@@ -2274,7 +2313,7 @@
        if self.rsyslog_port == 10000:
            try:
                self.rsyslog_port = Listener.objects.latest('rsyslog_port').rsyslog_port + 1
            except:
                # Let port 1000 if no listener defined yet
                pass
        super().save(*args, **kwargs)

diff --git a/vulture_os/services/templates/services/frontend_edit.html b/vulture_os/services/templates/services/frontend_edit.html
@@ -2124,6 +2124,57 @@ <h4 class="panel-title"><i class="icon fa fa-ban"></i> {% translate "Form errors
                           </div>
                         </div>
                       </div>
+                      <div class="col-md-12 api_clients_row" id="api_beyondtrust_reportings_row">
+                        <div class="form-group">
+                          <label class="col-sm-3 control-label">{{ form.beyondtrust_reportings_client_id.label }}</label>
+                          <div class="col-sm-5">
+                            {{ form.beyondtrust_reportings_client_id }}
+                            {{ form.beyondtrust_reportings_client_id.errors|safe }}
+                          </div>
+                        </div>
+                        <div class="form-group">
+                          <label class="col-sm-3 control-label">{{ form.beyondtrust_reportings_secret.label }}</label>
+                          <div class="col-sm-5">
+                            {{ form.beyondtrust_reportings_secret }}
+                            {{ form.beyondtrust_reportings_secret.errors|safe }}
+                          </div>
+                        </div>
+                        <div class="form-group">
+                          <label class="col-sm-3 control-label">{{ form.beyondtrust_reportings_host.label }}</label>
+                          <div class="col-sm-5">
+                            {{ form.beyondtrust_reportings_host }}
+                            {{ form.beyondtrust_reportings_host.errors|safe }}
+                          </div>
+                        </div>
+                        <div class="form-group">
+                          <label class="col-sm-3 control-label">{{ form.beyondtrust_reportings_get_team_logs.label }}</label>
+                          <div class="col-sm-5">
+                            {{ form.beyondtrust_reportings_get_team_logs }}
+                            {{ form.beyondtrust_reportings_get_team_logs.errors|safe }}
+                          </div>
+                        </div>
+                          <div class="form-group">
+                          <label class="col-sm-3 control-label">{{ form.beyondtrust_reportings_get_access_session_logs.label }}</label>
+                          <div class="col-sm-5">
+                            {{ form.beyondtrust_reportings_get_access_session_logs }}
+                            {{ form.beyondtrust_reportings_get_access_session_logs.errors|safe }}
+                          </div>
+                        </div>
+                          <div class="form-group">
+                          <label class="col-sm-3 control-label">{{ form.beyondtrust_reportings_get_vault_account_activity_logs.label }}</label>
+                          <div class="col-sm-5">
+                            {{ form.beyondtrust_reportings_get_vault_account_activity_logs }}
+                            {{ form.beyondtrust_reportings_get_vault_account_activity_logs.errors|safe }}
+                          </div>
+                        </div>
+                        <div class="form-group">
+                          <label class="col-sm-3 control-label">{{ form.beyondtrust_reportings_get_support_session_logs.label }}</label>
+                          <div class="col-sm-5">
+                            {{ form.beyondtrust_reportings_get_support_session_logs }}
+                            {{ form.beyondtrust_reportings_get_support_session_logs.errors|safe }}
+                          </div>
+                        </div>
+                      </div>
                       <div class="col-md-12 api-mode">
                         <div class="text-center mar-btm">
                           <button class="btn btn-warning" id="test_api_parser" type="button">

diff --git a/vulture_os/toolkit/api_parser/beyondtrust_pra/beyondtrust_pra.py b/vulture_os/toolkit/api_parser/beyondtrust_pra/beyondtrust_pra.py
@@ -23,6 +23,8 @@
 __doc__ = 'Beyondtrust PRA API'
 __parser__ = 'Beyondtrust PRA'
 
+# WARNING : THIS COLLECTOR IS DEPRECATED. PLEASE DO NOT UPDATE IT AND USE BEYONDTRUST_REPORTINGS INSTEAD
+
 import json
 import logging
 from copy import deepcopy

diff --git a/vulture_os/toolkit/api_parser/beyondtrust_reportings/__init__.py b/vulture_os/toolkit/api_parser/beyondtrust_reportings/__init__.py