def __init__(self):
Analyzer.__init__(self)
self.tid = self.get_param('config.tid', None, 'Tenant ID is missing')
self.app_id = self.get_param('config.app_id', None, 'App_ID is missing')
self.app_secret = self.get_param('config.app_secret', None, 'Secret is missing')
self.polling_interval = self.get_param('config.polling_interval', 60)
self.API = CyAPI(self.tid, self.app_id, self.app_secret)
self.API.create_conn()
class CylanceAnalyzer(Analyzer):
def __init__(self):
Analyzer.__init__(self)
self.tid = self.get_param('config.tid', None, 'Tenant ID is missing')
self.app_id = self.get_param('config.app_id', None, 'App_ID is missing')
self.app_secret = self.get_param('config.app_secret', None, 'Secret is missing')
self.polling_interval = self.get_param('config.polling_interval', 60)
self.API = CyAPI(self.tid, self.app_id, self.app_secret)
self.API.create_conn()
def artifacts(self, raw):
print("in artifacts")
artifacts = []
artifacts.append({'type':'file', 'value':'myhash'})
return artifacts
def run(self):
print("in self")
if self.data_type == 'hash':
data = self.get_param('data', None, 'Data is missing')
myurl = self.API.get_threat_download_url(sha256=data)
try:
print(myurl.data)
r = requests.get(myurl.data['url'], allow_redirects=True)
open('/tmp/sample', 'wb').write(r.content)
results = {
'downloaded': 'true',
'hash': data,
'url': myurl.data['url']
}
except:
self.error('hash does not exist in your tenant')
self.report(results)
def summary(self, raw):
print("in summary")
taxonomies = []
level = "safe"
namespace = "Cylance"
predicate = "info"
value = "truth"
result = {
'hash': self.data,
'downloaded': true
}
taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
return {"taxonomies": taxonomies}
def make_api_conn(self):
if self.creds:
with open(args.creds, 'rb') as file:
creds = json.loads(file.read())
if not creds.get('region'):
creds['region'] = args.region
API = CyAPI(**creds)
elif self.tid_val and self.app_id and self.app_secret:
API = CyAPI(tid=self.tid_val,
app_id=self.app_id,
app_secret=self.app_secret,
region=self.region)
else:
print("[-] Must provide valid token information")
exit(-1)
if not self.delete:
print("[+] Listing all multiple clients in your environment")
else:
print("[+] Delete all multiple clients in your environment")
print(API.baseURL)
API.create_conn()
return API
##################################################################################
commandline = ParseArgs()
args = commandline.parse_args()
if args.debug_level:
debug_level = args.debug_level
if args.creds:
with open(args.creds, 'rb') as f:
creds = json.loads(f.read())
if not creds.get('region'):
creds['region'] = args.region
API = CyAPI(**creds)
elif args.tid_val and args.app_id and args.app_secret:
tid_val = args.tid_val
app_id = args.app_id
app_secret = args.app_secret
API = CyAPI(tid_val, app_id, app_secret, args.region)
else:
print("[-] Must provide valid token information")
exit(-1)
print("Getting Detections")
API.create_conn()
detections = API.get_detections()
args = commandline.parse_args()
if args.debug_level:
debug_level = args.debug_level
if args.creds:
with open(args.creds, 'rb') as f:
creds = json.loads(f.read())
if not creds.get('region'):
creds['region'] = args.region
if not creds.get('mtc'):
creds['mtc'] = args.mtc
API = CyAPI(**creds)
elif args.tid_val and args.app_id and args.app_secret:
tid_val = args.tid_val
app_id = args.app_id
app_secret = args.app_secret
API = CyAPI(tid_val, app_id, app_secret, args.region, args.mtc)
else:
print("[-] Must provide valid token information")
exit(-1)
""" Optional Health Check that the server is up and running
This is a non-authenticated health-check, but returns a
CYApi APIResonse Object
"""
##################################################################################
commandline = ParseArgs()
args = commandline.parse_args()
if args.debug_level:
debug_level = args.debug_level
if args.creds:
with open(args.creds, 'rb') as f:
creds = json.loads(f.read())
if not creds.get('region'):
creds['region'] = args.region
API = CyAPI(**creds)
elif args.tid_val and args.app_id and args.app_secret:
tid_val = args.tid_val
app_id = args.app_id
app_secret = args.app_secret
API = CyAPI(tid_val, app_id, app_secret, args.region)
else:
print("[-] Must provide valid token information")
exit(-1)
API.create_conn()
# use-case it to import csv and add hashes to globalquarantinelist
##################################################################################
commandline = ParseArgs()
args = commandline.parse_args()
if args.debug_level:
debug_level = args.debug_level
if args.creds:
with open(args.creds, 'rb') as f:
creds = json.loads(f.read())
if not creds.get('region'):
creds['region'] = args.region
API = CyAPI(**creds)
elif args.tid_val and args.app_id and args.app_secret:
tid_val = args.tid_val
app_id = args.app_id
app_secret = args.app_secret
API = CyAPI(tid_val, app_id, app_secret, args.region)
else:
print("[-] Must provide valid token information")
exit(-1)
if not args.force:
print("[+] Listing all Trusted Local threats in your environment")
else:
print(
def setUpClass(cls):
cls.API = CyAPI(cls.tid, cls.app_id, cls.app_secret, cls.region)
cls.log = logging.getLogger("TestLog")
commandline = ParseArgs()
args = commandline.parse_args()
if args.debug_level:
debug_level = args.debug_level
if args.creds:
with open(args.creds, 'rb') as f:
creds = json.loads(f.read())
if not creds.get('region'):
creds['region'] = args.region
API = CyAPI(**creds)
elif args.tid_val and args.app_id and args.app_secret:
tid_val = args.tid_val
app_id = args.app_id
app_secret = args.app_secret
API = CyAPI(tid_val, app_id, app_secret, args.region)
else:
print("[-] Must provide valid token information")
exit(-1)
API.create_conn()
cnt = 0
devices = API.get_devices()
##################################################################################
commandline = ParseArgs()
args = commandline.parse_args()
if args.debug_level:
cy.debug_level = args.debug_level
if args.creds2:
with open(args.creds2, 'rb') as f:
creds2 = json.loads(f.read())
if not creds2.get('region'):
creds2['region'] = args.region
API2 = CyAPI(**creds2)
if args.creds:
with open(args.creds, 'rb') as f:
creds = json.loads(f.read())
if not creds.get('region'):
creds['region'] = args.region
API = CyAPI(**creds)
elif args.tid_val and args.app_id and args.app_secret:
tid_val = args.tid_val
app_id = args.app_id
app_secret = args.app_secret
API = CyAPI(tid_val, app_id, app_secret, args.region)
##################################################################################
commandline = ParseArgs()
args = commandline.parse_args()
if args.debug_level:
debug_level = args.debug_level
if args.creds:
with open(args.creds, 'rb') as f:
creds = json.loads(f.read())
if not creds.get('region'):
creds['region'] = args.region
API = CyAPI(**creds)
elif args.tid_val and args.app_id and args.app_secret:
tid_val = args.tid_val
app_id = args.app_id
app_secret = args.app_secret
API = CyAPI(tid_val,app_id,app_secret,args.region)
else:
print("[-] Must provide valid token information")
exit(-1)
API.create_conn()
devices = API.get_devices()
detailed_devices = []
args = commandline.parse_args()
if args.debug_level:
debug_level = args.debug_level
if args.creds:
with open(args.creds, 'rb') as f:
creds = json.loads(f.read())
if not creds.get('region'):
creds['region'] = args.region
if not creds.get('mtc'):
creds['mtc'] = args.mtc
API = CyAPI(**creds)
elif args.tid_val and args.app_id and args.app_secret:
tid_val = args.tid_val
app_id = args.app_id
app_secret = args.app_secret
API = CyAPI(tid_val, app_id, app_secret, args.region, args.mtc)
else:
print("[-] Must provide valid token information")
exit(-1)
API.create_conn()
cnt = 0
header = "Count,ID,Name,Created\n"