def move_policy(sensor, targetPolicy):
global eptoken
global epserver
bit9 = bit9api.bit9Api(
"https://"+epserver, # Replace with actual Bit9 server URL
token=eptoken,
ssl_verify=False # Don't validate server's SSL certificate. Set to True unless using self-signed cert on IIS
)
# policy to send the naughty host to
targetPolicyName = targetPolicy
destPolicies = bit9.search('v1/policy', ['name:'+targetPolicyName])
if len(destPolicies)==0:
raise ValueError("Cannot find destination policy "+targetPolicyName)
# find the computer id
destComputer = bit9.search('v1/computer', ['cbSensorId:'+str(sensor)])
if len(destComputer)==0:
raise ValueError("Cannot find computer named "+hostname)
for c in destComputer:
print "Moving computer %s from policy %s to policy %s" % (c['name'], c['policyName'], targetPolicyName)
c['policyId'] = destPolicies[0]['id']
bit9.update('v1/computer', c)
def main(argv):
parser = build_cli_parser()
args = parser.parse_args()
if not args.server or not args.token or args.query is None:
print "Missing required param; run with --help for usage"
sys.exit(-1)
print "Computer search criteria: %s" % args.query
logger.info("Computer search criteria: %s" % args.query)
bit9 = bit9Api (args.server, token=args.token, ssl_verify=args.ssl_verify)
search_conditions = args.query
comps = bit9.search('v1/computer', search_conditions)
for comp in comps:
if comp['ccLevel'] != 0:
print "%s already performing a Cache Consistency check. Skipping this computer." % comp['name']
logger.info("%s already performing a Cache Consistency check. Skipping this computer." % comp['name'])
continue
agent_id = comp['id']
ccLevel = raw_input("\n\nInitiate Cache Check for Computer '%s' in policy '%s'\n"
"Cache consistency check level can be one of:\n"
"0 = None\n"
"1 = Quick verification\n"
"2 = Rescan known files\n"
"3 = Full scan for new files: [0,1,2,3] " % (comp['name'], comp['policyName']))
if not ccLevel in ['1', '2','3']:
print "User response was not '1', '2' or '3'. Skipping cache check for %s!" % comp['name']
logger.info("User response was not '1', '2' or '3'. Skipping cache check for %s!" % comp['name'])
ccLevel = 0
refreshFlags = raw_input("\nRequest Resync of Policy Rules for Computer '%s' in policy '%s'\n"
"Resync of policy rules can be one of:\n"
"0 = None\n"
"1 = Refresh confg list\n"
"2 = Refresh config list from the file: [0,1,2] " % (comp['name'], comp['policyName']))
if refreshFlags == '1':
refreshFlags = 32
elif refreshFlags == '2':
refreshFlags = 4096
else:
print "User response was not '1' or '2'. Skipping policy rules sync for Computer %s!" % comp['name']
logger.info("User response was not '1' or '2'. Skipping policy rules sync for Computer %s!" % comp['name'])
refreshFlags = 0
if ccLevel == 0 and refreshFlags == 0:
print "\nCache Check and Policy Refresh both unset, skipping %s" % comp['name']
logger.info("Cache Check and Policy Refresh both unset, skipping %s" % comp['name'])
pass
else:
init_cc(bit9, agent_id, ccLevel, refreshFlags)
+++++++++++++++++++++++
Please update the script with appropriate Bit9 server address and Bit9 token script.
"""
import time
from datetime import datetime
import sys
import os
# Include our common folder, presumably peer of current folder
sys.path.append(os.path.join(os.path.dirname(os.path.dirname(__file__)), 'common'))
import bit9api
bit9 = bit9api.bit9Api(
"https://localhost", # Replace with actual Bit9 server URL
token="<enter your Bit9 API token here>", # Replace with actual Bit9 user token for VT integration
ssl_verify=False # Don't validate server's SSL certificate. Set to True unless using self-signed cert on IIS
)
# Setup our arguments (these could be, for example, passed from the command line)
switchTime = "4/1/2015 8:04AM" # When to switch policies
targetPolicyName = "sales-2" # Target policy name
computerCondition = ['policyName:sales-1', 'ipAddress!10.0.1.*', 'deleted:false'] # Condition for computers to move
# Sleep until specified time
sleepTime = datetime.strptime(switchTime, '%m/%d/%Y %I:%M%p') - datetime.today()
if sleepTime.total_seconds()>0:
print('Sleeping for %d seconds' % sleepTime.total_seconds())
time.sleep(sleepTime.total_seconds())
import bit9api
except ImportError:
# Import our common bit9api (assumed to live in common folder, sibling to current folder)
commonPath = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'common')
sys.path.append(commonPath)
import bit9api
logging.basicConfig(format='%(asctime)s %(levelname)s:%(message)s', level=logging.DEBUG)
logging.getLogger("requests").setLevel(logging.WARNING)
logging.getLogger("urllib3").setLevel(logging.WARNING)
requests.packages.urllib3.disable_warnings()
bit9 = bit9api.bit9Api(
"https://localhost", # Replace with actual Bit9 server URL
token="<enter your Bit9 API token here>", # Replace with actual Bit9 user token for VT integration
ssl_verify=False # Don't validate server's SSL certificate. Set to True unless using self-signed cert on IIS
)
vtConnector = virusTotalConnector(
bit9,
vt_token='<enter your VT API key here>', # Replace with your VT key
allow_uploads=True, # Allow VT connector to upload binary files to VirusTotal
connector_name='VirusTotal',
download_location=r'c:\test' # Replace with actual local file location. If not set,
# script will try to access shared folder where this file resides
# Note that you do not want to end your path with a backslash. ie. use
# r'c:\test' *not* r'c:\test\'.
)
print("\n*** VT script starting")
import sys
import os
import time
# Includes the "common" folder that comes from GitHub
sys.path.append(os.path.join(os.path.dirname(os.path.dirname(__file__)), 'common'))
import bit9api
bit9 = bit9api.bit9Api(
"https://bit9.server.xyz", # Replace with actual Bit9 server URL
token="api_token", # Replace with actual Bit9 user token for VT integration
ssl_verify=False # Don't validate server's SSL certificate. Set to True unless using self-signed cert on IIS
)
# Set the desired debug properties here. Documentation for this can be found here: https://github.com/carbonblack/bit9platform/tree/master/bit9PlatformAPI/docs
kernelTrace = 4
debugLevel = 6
debugDuration = 1
# Find all computers with the specified name that are connected
comps = bit9.search('v1/computer', ['name:DOMAIN\NAME', 'connected:true'])
# Iterate through each computer that was found and perform the specified actions
for c in comps:
print("Changing debug level for computer %s (IP: %s)" % (c['name'], c['ipAddress']))
c['kernelDebugLevel'] = kernelTrace
c['debugLevel'] = debugLevel
c['debugDuration'] = debugDuration
bit9.update('v1/computer', c,'','changeDiagnostics=true')
# Sleep for the debugDuration
import sys
import os
import time
# Includes the "common" folder that comes from GitHub
sys.path.append(
os.path.join(os.path.dirname(os.path.dirname(__file__)), 'common'))
import bit9api
bit9 = bit9api.bit9Api(
"https://bit9.server.xyz", # Replace with actual Bit9 server URL
token="api_token", # Replace with actual Bit9 user token for VT integration
ssl_verify=
False # Don't validate server's SSL certificate. Set to True unless using self-signed cert on IIS
)
# Set the desired debug properties here. Documentation for this can be found here: https://github.com/carbonblack/bit9platform/tree/master/bit9PlatformAPI/docs
kernelTrace = 4
debugLevel = 6
debugDuration = 1
# Find all computers with the specified name that are connected
comps = bit9.search('v1/computer', ['name:DOMAIN\NAME', 'connected:true'])
# Iterate through each computer that was found and perform the specified actions
for c in comps:
print("Changing debug level for computer %s (IP: %s)" %
(c['name'], c['ipAddress']))
c['kernelDebugLevel'] = kernelTrace
c['debugLevel'] = debugLevel
c['debugDuration'] = debugDuration
self.bit9_pending_analysis[md5] = uuid
self.ll_tasks[uuid] = "pending"
except Exception as ex:
logging.error(ex)
# Report to Bit9 that we had error analyzing this file. This means we will not try analysis again.
pa['analysisStatus'] = 4 # (status: Error)
pa['analysisError'] = 'Lastline %s' % str(ex)
# Update Bit9 status for this file
self.b9_api.update('v1/pendingAnalysis', pa)
# -------------------------------------------------------------------------------------------------
# Main body of the script
b9_api = bit9api.bit9Api(
server = 'https://B9_SERVER',
ssl_verify = False, # Validate cert against CA
token = 'B9_API_TOKEN' # Need to add B9 API token here
)
ll_api = LastlineAPI(
url = 'https://analysis.lastline.com',
key = 'LL_API_KEY', # Need to add Lastline API key here
token = 'LL_API_TOKEN', # Need to add Lastline API token here
strong_cert = False) # Validate cert against CA
# Need to specify an existing accessible path here (such as c:\\test\\)
connector = LastlineConnector(b9_api, ll_api, download_file_location="c:\\test\\")
connector.start()
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pprint import pprint
import logging, csv, os, requests
from bit9api import bit9Api
logging.basicConfig()
requests.packages.urllib3.disable_warnings()
userhome = os.path.expanduser('~')
csv_name = userhome + '/Desktop/test.csv'
server='https://bit9server.bit9se.com/'
api_token= 'AACB5C5F-D9B4-4694-AB9A-8640FF79D401'
bit9 = bit9Api (server, token=api_token, ssl_verify=False)
search_conditions = ['']
#search_conditions = ['uninstalled:False']
comps = bit9.search('v1/computer', search_conditions)
'''
Current enforcement level. Can be one of:
20=High (Block Unapproved)
30=Medium (Prompt Unapproved)
35=Local approval
40=Low (Monitor Unapproved)
60=None (Visibility)
80=None (Disabled)
'''
enf_dict={20:'high', 30:'medium', 35:'local_approval', 40:'low', 60:'visibility_only', 80:'agent_disabled'}
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pprint import pprint
import logging, csv, os, requests
from bit9api import bit9Api
logging.basicConfig()
requests.packages.urllib3.disable_warnings()
userhome = os.path.expanduser('~')
csv_name = userhome + '/Desktop/test.csv'
server = 'https://bit9server.bit9se.com/'
api_token = 'AACB5C5F-D9B4-4694-AB9A-8640FF79D401'
bit9 = bit9Api(server, token=api_token, ssl_verify=False)
search_conditions = ['']
#search_conditions = ['uninstalled:False']
comps = bit9.search('v1/computer', search_conditions)
'''
Current enforcement level. Can be one of:
20=High (Block Unapproved)
30=Medium (Prompt Unapproved)
35=Local approval
40=Low (Monitor Unapproved)
60=None (Visibility)
80=None (Disabled)
'''
enf_dict = {
20: 'high',
def main(argv):
parser = build_cli_parser()
args = parser.parse_args()
if not args.server or not args.token or args.query is None:
print "Missing required param; run with --help for usage"
sys.exit(-1)
print "Computer search criteria: %s" % args.query
logger.info("Computer search criteria: %s" % args.query)
bit9 = bit9Api(args.server, token=args.token, ssl_verify=args.ssl_verify)
search_conditions = args.query
comps = bit9.search('v1/computer', search_conditions)
for comp in comps:
if comp['ccLevel'] != 0:
print "%s already performing a Cache Consistency check. Skipping this computer." % comp[
'name']
logger.info(
"%s already performing a Cache Consistency check. Skipping this computer."
% comp['name'])
continue
agent_id = comp['id']
ccLevel = raw_input(
"\n\nInitiate Cache Check for Computer '%s' in policy '%s'\n"
"Cache consistency check level can be one of:\n"
"0 = None\n"
"1 = Quick verification\n"
"2 = Rescan known files\n"
"3 = Full scan for new files: [0,1,2,3] " %
(comp['name'], comp['policyName']))
if not ccLevel in ['1', '2', '3']:
print "User response was not '1', '2' or '3'. Skipping cache check for %s!" % comp[
'name']
logger.info(
"User response was not '1', '2' or '3'. Skipping cache check for %s!"
% comp['name'])
ccLevel = 0
refreshFlags = raw_input(
"\nRequest Resync of Policy Rules for Computer '%s' in policy '%s'\n"
"Resync of policy rules can be one of:\n"
"0 = None\n"
"1 = Refresh confg list\n"
"2 = Refresh config list from the file: [0,1,2] " %
(comp['name'], comp['policyName']))
if refreshFlags == '1':
refreshFlags = 32
elif refreshFlags == '2':
refreshFlags = 4096
else:
print "User response was not '1' or '2'. Skipping policy rules sync for Computer %s!" % comp[
'name']
logger.info(
"User response was not '1' or '2'. Skipping policy rules sync for Computer %s!"
% comp['name'])
refreshFlags = 0
if ccLevel == 0 and refreshFlags == 0:
print "\nCache Check and Policy Refresh both unset, skipping %s" % comp[
'name']
logger.info(
"Cache Check and Policy Refresh both unset, skipping %s" %
comp['name'])
pass
else:
init_cc(bit9, agent_id, ccLevel, refreshFlags)
import time
from datetime import datetime
import sys
import os
# Include our common folder, presumably peer of current folder
sys.path.append(
os.path.join(os.path.dirname(os.path.dirname(__file__)), 'common'))
import bit9api
bit9 = bit9api.bit9Api(
"https://10.xx.xx.xx", # Replace with actual Bit9 server URL
token=
"D1E83724-xxxx-xxxx-xxxx-BB8232528F75", # Replace with actual Bit9 API user token
ssl_verify=
False # Don't validate server's SSL certificate. Set to True unless using self-signed cert on IIS
)
# Setup our arguments (these could be, for example, passed from the command line)
targetPolicyName = "POLICY_NAME" # Target policy name
computerCondition = ['name:DOMAIN\HOSTNAME'] # Condition for computers to move
# Find our destination policy by name
destPolicies = bit9.search('v1/policy', ['name:' + targetPolicyName])
if len(destPolicies) == 0:
raise ValueError("Cannot find destination policy " + targetPolicyName)
# Our condition is "The computer with the defined hostname"
comps = bit9.search('v1/computer', computerCondition)
for c in comps: # Move each returned computer to the defined policy
print("Moving computer %s from policy %s to policy %s" %
import os
# Include our common folder, presumably peer of current folder
sys.path.append(
os.path.join(os.path.dirname(os.path.dirname(__file__)), 'common'))
import bit9api
user_inputs = {}
Server = input("Enter the FQDN or IP of your Cb Protection Server : ")
API = input('Enter your API Token : ')
Hostname = input(
'Enter the Hostname of the computers\'s policy you are changing: ')
bit9 = bit9api.bit9Api(
"https://{0}".format(Server), # Replace with actual Bit9 server URL
token="{0}".format(API), # Replace with actual Bit9 API user token
ssl_verify=
False # Don't validate server's SSL certificate. Set to True unless using self-signed cert on IIS
)
# Setup our arguments (these could be, for example, passed from the command line)
targetPolicyName = "Lockdown" # Target policy name
computerCondition = ['name:{0}'.format(Hostname)
] # Condition for computers to move
# Find our destination policy by name
destPolicies = bit9.search('v1/policy', ['name:' + targetPolicyName])
if len(destPolicies) == 0:
raise ValueError("Cannot find destination policy " + targetPolicyName)
# Our condition is "The computer with the defined hostname"
comps = bit9.search('v1/computer', computerCondition)
