def move_policy(sensor, targetPolicy): global eptoken global epserver bit9 = bit9api.bit9Api( "https://"+epserver, # Replace with actual Bit9 server URL token=eptoken, ssl_verify=False # Don't validate server's SSL certificate. Set to True unless using self-signed cert on IIS ) # policy to send the naughty host to targetPolicyName = targetPolicy destPolicies = bit9.search('v1/policy', ['name:'+targetPolicyName]) if len(destPolicies)==0: raise ValueError("Cannot find destination policy "+targetPolicyName) # find the computer id destComputer = bit9.search('v1/computer', ['cbSensorId:'+str(sensor)]) if len(destComputer)==0: raise ValueError("Cannot find computer named "+hostname) for c in destComputer: print "Moving computer %s from policy %s to policy %s" % (c['name'], c['policyName'], targetPolicyName) c['policyId'] = destPolicies[0]['id'] bit9.update('v1/computer', c)
def main(argv): parser = build_cli_parser() args = parser.parse_args() if not args.server or not args.token or args.query is None: print "Missing required param; run with --help for usage" sys.exit(-1) print "Computer search criteria: %s" % args.query logger.info("Computer search criteria: %s" % args.query) bit9 = bit9Api (args.server, token=args.token, ssl_verify=args.ssl_verify) search_conditions = args.query comps = bit9.search('v1/computer', search_conditions) for comp in comps: if comp['ccLevel'] != 0: print "%s already performing a Cache Consistency check. Skipping this computer." % comp['name'] logger.info("%s already performing a Cache Consistency check. Skipping this computer." % comp['name']) continue agent_id = comp['id'] ccLevel = raw_input("\n\nInitiate Cache Check for Computer '%s' in policy '%s'\n" "Cache consistency check level can be one of:\n" "0 = None\n" "1 = Quick verification\n" "2 = Rescan known files\n" "3 = Full scan for new files: [0,1,2,3] " % (comp['name'], comp['policyName'])) if not ccLevel in ['1', '2','3']: print "User response was not '1', '2' or '3'. Skipping cache check for %s!" % comp['name'] logger.info("User response was not '1', '2' or '3'. Skipping cache check for %s!" % comp['name']) ccLevel = 0 refreshFlags = raw_input("\nRequest Resync of Policy Rules for Computer '%s' in policy '%s'\n" "Resync of policy rules can be one of:\n" "0 = None\n" "1 = Refresh confg list\n" "2 = Refresh config list from the file: [0,1,2] " % (comp['name'], comp['policyName'])) if refreshFlags == '1': refreshFlags = 32 elif refreshFlags == '2': refreshFlags = 4096 else: print "User response was not '1' or '2'. Skipping policy rules sync for Computer %s!" % comp['name'] logger.info("User response was not '1' or '2'. Skipping policy rules sync for Computer %s!" % comp['name']) refreshFlags = 0 if ccLevel == 0 and refreshFlags == 0: print "\nCache Check and Policy Refresh both unset, skipping %s" % comp['name'] logger.info("Cache Check and Policy Refresh both unset, skipping %s" % comp['name']) pass else: init_cc(bit9, agent_id, ccLevel, refreshFlags)
+++++++++++++++++++++++ Please update the script with appropriate Bit9 server address and Bit9 token script. """ import time from datetime import datetime import sys import os # Include our common folder, presumably peer of current folder sys.path.append(os.path.join(os.path.dirname(os.path.dirname(__file__)), 'common')) import bit9api bit9 = bit9api.bit9Api( "https://localhost", # Replace with actual Bit9 server URL token="<enter your Bit9 API token here>", # Replace with actual Bit9 user token for VT integration ssl_verify=False # Don't validate server's SSL certificate. Set to True unless using self-signed cert on IIS ) # Setup our arguments (these could be, for example, passed from the command line) switchTime = "4/1/2015 8:04AM" # When to switch policies targetPolicyName = "sales-2" # Target policy name computerCondition = ['policyName:sales-1', 'ipAddress!10.0.1.*', 'deleted:false'] # Condition for computers to move # Sleep until specified time sleepTime = datetime.strptime(switchTime, '%m/%d/%Y %I:%M%p') - datetime.today() if sleepTime.total_seconds()>0: print('Sleeping for %d seconds' % sleepTime.total_seconds()) time.sleep(sleepTime.total_seconds())
import bit9api except ImportError: # Import our common bit9api (assumed to live in common folder, sibling to current folder) commonPath = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'common') sys.path.append(commonPath) import bit9api logging.basicConfig(format='%(asctime)s %(levelname)s:%(message)s', level=logging.DEBUG) logging.getLogger("requests").setLevel(logging.WARNING) logging.getLogger("urllib3").setLevel(logging.WARNING) requests.packages.urllib3.disable_warnings() bit9 = bit9api.bit9Api( "https://localhost", # Replace with actual Bit9 server URL token="<enter your Bit9 API token here>", # Replace with actual Bit9 user token for VT integration ssl_verify=False # Don't validate server's SSL certificate. Set to True unless using self-signed cert on IIS ) vtConnector = virusTotalConnector( bit9, vt_token='<enter your VT API key here>', # Replace with your VT key allow_uploads=True, # Allow VT connector to upload binary files to VirusTotal connector_name='VirusTotal', download_location=r'c:\test' # Replace with actual local file location. If not set, # script will try to access shared folder where this file resides # Note that you do not want to end your path with a backslash. ie. use # r'c:\test' *not* r'c:\test\'. ) print("\n*** VT script starting")
import sys import os import time # Includes the "common" folder that comes from GitHub sys.path.append(os.path.join(os.path.dirname(os.path.dirname(__file__)), 'common')) import bit9api bit9 = bit9api.bit9Api( "https://bit9.server.xyz", # Replace with actual Bit9 server URL token="api_token", # Replace with actual Bit9 user token for VT integration ssl_verify=False # Don't validate server's SSL certificate. Set to True unless using self-signed cert on IIS ) # Set the desired debug properties here. Documentation for this can be found here: https://github.com/carbonblack/bit9platform/tree/master/bit9PlatformAPI/docs kernelTrace = 4 debugLevel = 6 debugDuration = 1 # Find all computers with the specified name that are connected comps = bit9.search('v1/computer', ['name:DOMAIN\NAME', 'connected:true']) # Iterate through each computer that was found and perform the specified actions for c in comps: print("Changing debug level for computer %s (IP: %s)" % (c['name'], c['ipAddress'])) c['kernelDebugLevel'] = kernelTrace c['debugLevel'] = debugLevel c['debugDuration'] = debugDuration bit9.update('v1/computer', c,'','changeDiagnostics=true') # Sleep for the debugDuration
import sys import os import time # Includes the "common" folder that comes from GitHub sys.path.append( os.path.join(os.path.dirname(os.path.dirname(__file__)), 'common')) import bit9api bit9 = bit9api.bit9Api( "https://bit9.server.xyz", # Replace with actual Bit9 server URL token="api_token", # Replace with actual Bit9 user token for VT integration ssl_verify= False # Don't validate server's SSL certificate. Set to True unless using self-signed cert on IIS ) # Set the desired debug properties here. Documentation for this can be found here: https://github.com/carbonblack/bit9platform/tree/master/bit9PlatformAPI/docs kernelTrace = 4 debugLevel = 6 debugDuration = 1 # Find all computers with the specified name that are connected comps = bit9.search('v1/computer', ['name:DOMAIN\NAME', 'connected:true']) # Iterate through each computer that was found and perform the specified actions for c in comps: print("Changing debug level for computer %s (IP: %s)" % (c['name'], c['ipAddress'])) c['kernelDebugLevel'] = kernelTrace c['debugLevel'] = debugLevel c['debugDuration'] = debugDuration
self.bit9_pending_analysis[md5] = uuid self.ll_tasks[uuid] = "pending" except Exception as ex: logging.error(ex) # Report to Bit9 that we had error analyzing this file. This means we will not try analysis again. pa['analysisStatus'] = 4 # (status: Error) pa['analysisError'] = 'Lastline %s' % str(ex) # Update Bit9 status for this file self.b9_api.update('v1/pendingAnalysis', pa) # ------------------------------------------------------------------------------------------------- # Main body of the script b9_api = bit9api.bit9Api( server = 'https://B9_SERVER', ssl_verify = False, # Validate cert against CA token = 'B9_API_TOKEN' # Need to add B9 API token here ) ll_api = LastlineAPI( url = 'https://analysis.lastline.com', key = 'LL_API_KEY', # Need to add Lastline API key here token = 'LL_API_TOKEN', # Need to add Lastline API token here strong_cert = False) # Validate cert against CA # Need to specify an existing accessible path here (such as c:\\test\\) connector = LastlineConnector(b9_api, ll_api, download_file_location="c:\\test\\") connector.start()
#!/usr/bin/env python # -*- coding: utf-8 -*- from pprint import pprint import logging, csv, os, requests from bit9api import bit9Api logging.basicConfig() requests.packages.urllib3.disable_warnings() userhome = os.path.expanduser('~') csv_name = userhome + '/Desktop/test.csv' server='https://bit9server.bit9se.com/' api_token= 'AACB5C5F-D9B4-4694-AB9A-8640FF79D401' bit9 = bit9Api (server, token=api_token, ssl_verify=False) search_conditions = [''] #search_conditions = ['uninstalled:False'] comps = bit9.search('v1/computer', search_conditions) ''' Current enforcement level. Can be one of: 20=High (Block Unapproved) 30=Medium (Prompt Unapproved) 35=Local approval 40=Low (Monitor Unapproved) 60=None (Visibility) 80=None (Disabled) ''' enf_dict={20:'high', 30:'medium', 35:'local_approval', 40:'low', 60:'visibility_only', 80:'agent_disabled'}
#!/usr/bin/env python # -*- coding: utf-8 -*- from pprint import pprint import logging, csv, os, requests from bit9api import bit9Api logging.basicConfig() requests.packages.urllib3.disable_warnings() userhome = os.path.expanduser('~') csv_name = userhome + '/Desktop/test.csv' server = 'https://bit9server.bit9se.com/' api_token = 'AACB5C5F-D9B4-4694-AB9A-8640FF79D401' bit9 = bit9Api(server, token=api_token, ssl_verify=False) search_conditions = [''] #search_conditions = ['uninstalled:False'] comps = bit9.search('v1/computer', search_conditions) ''' Current enforcement level. Can be one of: 20=High (Block Unapproved) 30=Medium (Prompt Unapproved) 35=Local approval 40=Low (Monitor Unapproved) 60=None (Visibility) 80=None (Disabled) ''' enf_dict = { 20: 'high',
def main(argv): parser = build_cli_parser() args = parser.parse_args() if not args.server or not args.token or args.query is None: print "Missing required param; run with --help for usage" sys.exit(-1) print "Computer search criteria: %s" % args.query logger.info("Computer search criteria: %s" % args.query) bit9 = bit9Api(args.server, token=args.token, ssl_verify=args.ssl_verify) search_conditions = args.query comps = bit9.search('v1/computer', search_conditions) for comp in comps: if comp['ccLevel'] != 0: print "%s already performing a Cache Consistency check. Skipping this computer." % comp[ 'name'] logger.info( "%s already performing a Cache Consistency check. Skipping this computer." % comp['name']) continue agent_id = comp['id'] ccLevel = raw_input( "\n\nInitiate Cache Check for Computer '%s' in policy '%s'\n" "Cache consistency check level can be one of:\n" "0 = None\n" "1 = Quick verification\n" "2 = Rescan known files\n" "3 = Full scan for new files: [0,1,2,3] " % (comp['name'], comp['policyName'])) if not ccLevel in ['1', '2', '3']: print "User response was not '1', '2' or '3'. Skipping cache check for %s!" % comp[ 'name'] logger.info( "User response was not '1', '2' or '3'. Skipping cache check for %s!" % comp['name']) ccLevel = 0 refreshFlags = raw_input( "\nRequest Resync of Policy Rules for Computer '%s' in policy '%s'\n" "Resync of policy rules can be one of:\n" "0 = None\n" "1 = Refresh confg list\n" "2 = Refresh config list from the file: [0,1,2] " % (comp['name'], comp['policyName'])) if refreshFlags == '1': refreshFlags = 32 elif refreshFlags == '2': refreshFlags = 4096 else: print "User response was not '1' or '2'. Skipping policy rules sync for Computer %s!" % comp[ 'name'] logger.info( "User response was not '1' or '2'. Skipping policy rules sync for Computer %s!" % comp['name']) refreshFlags = 0 if ccLevel == 0 and refreshFlags == 0: print "\nCache Check and Policy Refresh both unset, skipping %s" % comp[ 'name'] logger.info( "Cache Check and Policy Refresh both unset, skipping %s" % comp['name']) pass else: init_cc(bit9, agent_id, ccLevel, refreshFlags)
import time from datetime import datetime import sys import os # Include our common folder, presumably peer of current folder sys.path.append( os.path.join(os.path.dirname(os.path.dirname(__file__)), 'common')) import bit9api bit9 = bit9api.bit9Api( "https://10.xx.xx.xx", # Replace with actual Bit9 server URL token= "D1E83724-xxxx-xxxx-xxxx-BB8232528F75", # Replace with actual Bit9 API user token ssl_verify= False # Don't validate server's SSL certificate. Set to True unless using self-signed cert on IIS ) # Setup our arguments (these could be, for example, passed from the command line) targetPolicyName = "POLICY_NAME" # Target policy name computerCondition = ['name:DOMAIN\HOSTNAME'] # Condition for computers to move # Find our destination policy by name destPolicies = bit9.search('v1/policy', ['name:' + targetPolicyName]) if len(destPolicies) == 0: raise ValueError("Cannot find destination policy " + targetPolicyName) # Our condition is "The computer with the defined hostname" comps = bit9.search('v1/computer', computerCondition) for c in comps: # Move each returned computer to the defined policy print("Moving computer %s from policy %s to policy %s" %
import os # Include our common folder, presumably peer of current folder sys.path.append( os.path.join(os.path.dirname(os.path.dirname(__file__)), 'common')) import bit9api user_inputs = {} Server = input("Enter the FQDN or IP of your Cb Protection Server : ") API = input('Enter your API Token : ') Hostname = input( 'Enter the Hostname of the computers\'s policy you are changing: ') bit9 = bit9api.bit9Api( "https://{0}".format(Server), # Replace with actual Bit9 server URL token="{0}".format(API), # Replace with actual Bit9 API user token ssl_verify= False # Don't validate server's SSL certificate. Set to True unless using self-signed cert on IIS ) # Setup our arguments (these could be, for example, passed from the command line) targetPolicyName = "Lockdown" # Target policy name computerCondition = ['name:{0}'.format(Hostname) ] # Condition for computers to move # Find our destination policy by name destPolicies = bit9.search('v1/policy', ['name:' + targetPolicyName]) if len(destPolicies) == 0: raise ValueError("Cannot find destination policy " + targetPolicyName) # Our condition is "The computer with the defined hostname" comps = bit9.search('v1/computer', computerCondition)