def lookup_epo_unique_identifiers(
dxl_client, response_timeout=Client._DEFAULT_RESPONSE_TIMEOUT):
"""
Returns a ``set`` containing the unique identifiers for the ePO servers that are currently
exposed to the DXL fabric
:param dxl_client: The DXL client with which to perform the request
:param response_timeout: (optional) The maximum amount of time to wait for a response
:return: A ``set`` containing the unique identifiers for the ePO servers that are currently
exposed to the DXL fabric.
"""
res = EpoClient._sync_request(
dxl_client, Request("/mcafee/service/dxl/svcregistry/query"),
response_timeout, {"serviceType": EpoClient.DXL_SERVICE_TYPE})
res_dict = MessageUtils.json_to_dict(res)
ret_ids = set()
if "services" in res_dict:
for service in res_dict["services"].values():
if "requestChannels" in service:
channels = service['requestChannels']
for channel in channels:
if channel.startswith(EpoClient.DXL_REQUEST_PREFIX):
ret_ids.add(
channel[len(EpoClient.DXL_REQUEST_PREFIX):])
return ret_ids
def help(self, output_format=OutputFormat.VERBOSE):
# pylint: disable=line-too-long
"""
Returns the list of remote commands that are supported by the ePO server this client is
communicating with.
**Example Usage**
.. code-block:: python
# Display the help
print(epo_client.help())
**Example Response**
.. parsed-literal::
ComputerMgmt.createAgentDeploymentUrlCmd deployPath groupId urlName
agentVersionNumber agentHotFix [edit] [ahId] [fallBackAhId] - Create Agent
Deployment URL Command
ComputerMgmt.createCustomInstallPackageCmd deployPath [ahId] [fallBackAhId] -
Create Custom Install Package Command
ComputerMgmt.createDefaultAgentDeploymentUrlCmd tenantId - Create Default
Non-Editable Agent Deployment URL Command
ComputerMgmt.createTagGroup parentTagGroupId newTagGroupName - Create a new
subgroup under an existing tag group.
ComputerMgmt.deleteTag tagIds [forceDelete] - Delete one or more tags.
...
:param output_format: (optional) The output format for ePO to use when
returning the response. The list of `output formats` can be found
in the :class:`OutputFormat` constants class. If the command is
processed by the ePO-hosted `DXL Commands` service, this parameter
can only be set to :const:`OutputFormat.VERBOSE` or
:const:`OutputFormat.JSON`.
:raise Exception: If an unsupported `output format` is specified. This
exception is raised if the command is to be sent to an ePO-hosted
`DXL Commands` service and an `output format` of anything other
than :const:`OutputFormat.VERBOSE` or :const:`OutputFormat.JSON`
is specified.
:return: The result of the remote command execution
"""
res = self.run_command(
"core.help",
output_format=OutputFormat.JSON \
if output_format == OutputFormat.VERBOSE else output_format)
if output_format == OutputFormat.VERBOSE:
res_list = MessageUtils.json_to_dict(res)
res = os.linesep.join(res_list)
return res
def test_runcommand(self):
with BaseClientTest.create_client(max_retries=0) as dxl_client:
# Set up client, and register mock service
epo_client = EpoClient(dxl_client,
epo_unique_id=LOCAL_TEST_SERVER_NAME +
str(DEFAULT_EPO_SERVER_ID))
dxl_client.connect()
with MockEpoServer(dxl_client):
res = epo_client.run_command(
"system.find", {"searchText": SYSTEM_FIND_CMD_NAME},
output_format=OutputFormat.JSON)
# Load find result into dictionary
res_list = MessageUtils.json_to_dict(res)
self.assertEqual(res_list, SYSTEM_FIND_PAYLOAD)
dxl_client.disconnect()
def _query_service_registry(dxl_client, response_timeout, service_type):
"""
Queries the broker service registry for services.
:param dxl_client: The DXL client with which to perform the request.
:param response_timeout: The maximum amount of time to wait for a
response.
:param service_type: The service type to return data for.
:return: A ``list`` containing info for each registered service whose
``service_type`` matches the ``service_type`` parameter passed
into this method.
"""
res = EpoClient._decode_response(
EpoClient._sync_request(
dxl_client,
Request("/mcafee/service/dxl/svcregistry/query"),
response_timeout,
{"serviceType": service_type}))
res_dict = MessageUtils.json_to_dict(res)
return res_dict["services"].values() if "services" in res_dict else []
def test_run_command(self):
with self.create_client(max_retries=0) as dxl_client:
dxl_client.connect()
for use_commands_service in [True, False]:
with MockEpoServer(dxl_client,
use_commands_service=use_commands_service):
epo_client = EpoClient(
dxl_client,
epo_unique_id=LOCAL_TEST_SERVER_NAME +
str(DEFAULT_EPO_SERVER_ID))
# Run it twice to validate the command vs. remote
# service failover logic for request topics
for _ in range(2):
res = epo_client.run_command(
"system.find",
{"searchText": SYSTEM_FIND_OSTYPE_LINUX},
output_format=OutputFormat.JSON)
res_list = MessageUtils.json_to_dict(res)
self.assertEqual(res_list, SYSTEM_FIND_PAYLOAD)
# Create the client
with DxlClient(config) as dxl_client:
# Connect to the fabric
dxl_client.connect()
logger.info("Connected to DXL fabric.")
# Create client wrapper
client = OpenC2Client(dxl_client)
# Custom Actuator (VirusTotal)
@openc2.v10.CustomActuator(
"x-virustotal",
[("resource", stix2.properties.StringProperty(required=True))])
class VirusTotalActuator(object):
pass
# Send the command and receive the response
cmd = openc2.v10.Command(
action="query",
target=openc2.v10.Properties(properties=["url-report"]),
actuator=VirusTotalActuator(resource=URL))
response = client.send_command('/openc2-virustotal/service/api', cmd)
response_dict = MessageUtils.json_to_dict(response.serialize())
# Print out the response (convert dictionary to JSON for pretty printing)
print("Response:\n{0}".format(
MessageUtils.dict_to_json(response_dict, pretty_print=True)))
logging.getLogger().setLevel(logging.ERROR)
logger = logging.getLogger(__name__)
# Create DXL configuration from file
config = DxlClientConfig.create_dxl_config_from_file(CONFIG_FILE)
# The ePO unique identifier
EPO_UNIQUE_ID = None
# The search text
SEARCH_TEXT = "<specify-find-search-text>"
# Create the client
with DxlClient(config) as client:
# Connect to the fabric
client.connect()
# Create the ePO client
epo_client = EpoClient(client, EPO_UNIQUE_ID)
# Run the system find command
res = epo_client.run_command("system.find", {"searchText": SEARCH_TEXT},
output_format=OutputFormat.JSON)
# Load find result into dictionary
res_dict = MessageUtils.json_to_dict(res)
# Display the results
print(MessageUtils.dict_to_json(res_dict, pretty_print=True))
# Connect to the fabric
dxl_client.connect()
logger.info("Connected to DXL fabric.")
# Create client wrapper
client = DomainToolsApiClient(dxl_client)
# Invoke 'account_information' method on service, in default (dict) output
# format
resp_dict = client.account_information()
# Print out the response
print("Response in default output format:\n{0}".format(
MessageUtils.dict_to_json(resp_dict, pretty_print=True)))
# Invoke 'account_information' method on service, in 'json' output
resp_json = client.account_information(out_format="json")
# Print out the response
print("Response in json output format:\n{0}".format(
MessageUtils.dict_to_json(MessageUtils.json_to_dict(resp_json),
pretty_print=True)))
# Invoke 'account_information' method on service, in 'xml' output
resp_xml = client.account_information(out_format="xml")
# Print out the response
print("Response in xml output format:\n{}".format(resp_xml))