def initial_query_service(self) -> QueryService:
credentials = Credentials(access_token=self.access_token,
verify=self.use_ssl)
query_service = QueryService(url=self.api_url,
credentials=credentials,
trust_env=self.trust_env)
return query_service
def query_loggings(query_data):
"""
This function handles all the querying of Cortex Logging service
"""
api_url = demisto.getIntegrationContext().get(
'api_url', 'https://api.us.paloaltonetworks.com')
credentials = Credentials(access_token=get_access_token(), verify=USE_SSL)
logging_service = LoggingService(url=api_url, credentials=credentials)
response = logging_service.query(query_data)
query_result = response.json()
if not response.ok:
status_code = query_result.get('statusCode', '')
error = query_result.get('error', '')
message = query_result.get('payload', {}).get('message', '')
raise Exception(
f"Error in query to Cortex [{status_code}] - {error}: {message}")
try:
query_id = query_result[
'queryId'] # access 'queryId' from 'query' response
except Exception as e:
raise Exception('Received error %s when querying logs.' % e)
poll_params = { # Prepare 'poll' params
"maxWaitTime": 3000 # waiting for response up to 3000ms
}
# we poll the logging service until we have a complete response
full_response = logging_service.poll(query_id, 0, poll_params)
# delete the query from the service
logging_service.delete(query_id)
return full_response
def initial_logging_service():
api_url = demisto.getIntegrationContext().get(
'api_url', 'https://api.us.paloaltonetworks.com')
credentials = Credentials(access_token=get_access_token(), verify=USE_SSL)
logging_service = LoggingService(url=api_url, credentials=credentials)
return logging_service
def credentials(options):
def write_credentials(c, options):
k = 'Credentials.write_credentials'
R = options['R']
try:
x = c.write_credentials(**R['R2_obj'][k])
except Exception as e:
print_exception(k, e)
sys.exit(1)
print(k, file=sys.stderr)
if x is not None:
print_response_json(options, k, x)
k = 'Credentials'
R = options['R']
try:
x = Credentials(**R['R0_obj'][k])
except Exception as e:
print_exception(k, e)
sys.exit(1)
setters(options, x)
methods(options, x)
# XXX pre-dates -m
if options['write_credentials']:
write_credentials(x, options)
return x
def query_loggings(query_data):
'''
This function handles all the querying of Cortex Logging service
'''
api_url = demisto.getIntegrationContext().get(
'api_url', 'https://api.us.paloaltonetworks.com')
credentials = Credentials(access_token=get_access_token())
logging_service = LoggingService(url=api_url, credentials=credentials)
query_result = logging_service.query(query_data).json()
try:
query_id = query_result[
'queryId'] # access 'queryId' from 'query' response
except Exception as e:
raise Exception(
'Received error %s when querying logs. Please check if your authentication token is valid'
% e)
poll_params = { # Prepare 'poll' params
"maxWaitTime": 3000 # waiting for response up to 3000ms
}
# we poll the logging service until we have a complete response
full_response = logging_service.poll(query_id, 0, poll_params)
# delete the query from the service
logging_service.delete(query_id)
return full_response
def main():
try:
profile = input("PROFILE to remove: ") or None
if profile is not None:
c = Credentials(profile=profile)
if confirm_delete(profile):
print("Removing PROFILE '%s'..." % profile)
op = c.remove_profile(profile)
if len(op) > 0:
print("\nPROFILE '%s' successfully removed.\n" % profile)
else:
print("\nPROFILE '%s' not found.\n" % profile)
else:
print("\nRemove PROFILE operation aborted.\n")
else:
print("\nMust specify a PROFILE to remove.\n")
except KeyboardInterrupt:
print("Exiting...")
def main():
try:
print("\nCollecting info needed to generate credentials file...\n")
client_id = input("CLIENT_ID: ")
client_secret = getpass.getpass(prompt="CLIENT_SECRET: ")
refresh_token = getpass.getpass(prompt="REFRESH_TOKEN: ")
profile = input("PROFILE [default]: ") or None
c = Credentials(client_id=client_id,
client_secret=client_secret,
refresh_token=refresh_token,
profile=profile)
if confirm_write(profile):
print("Writing credentials file...")
c.write_credentials()
print("Done!\n")
else:
print("\nWrite credentials operation aborted.\n")
except KeyboardInterrupt:
print("Exiting...")
#!/usr/bin/env python
from pancloud import LoggingService, Credentials
from math import floor
from time import time
from json import dumps, loads
ls = LoggingService(url="https://api.us.paloaltonetworks.com",
credentials=Credentials())
q = ls.query({
"query":
"select dst, app, misc, name-of-threatid from panw.threat where subtype='wildfire-virus' limit 5",
"startTime": 0, # 1970
"endTime": floor(time()), # now
"maxWaitTime": 30000
})
print(dumps(loads(q.text), indent=4, sort_keys=True))
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Example using shared HTTPClient session."""
import os
import sys
curpath = os.path.dirname(os.path.abspath(__file__))
sys.path[:0] = [os.path.join(curpath, os.pardir)]
from pancloud import HTTPClient, LoggingService, EventService, \
DirectorySyncService, Credentials
url = 'https://api.us.paloaltonetworks.com'
c = Credentials()
session = HTTPClient(url=url, credentials=c)
ls = LoggingService(session=session)
dss = DirectorySyncService(session=session)
es = EventService(session=session)
f = es.get_filters('EventFilter')
print("\nGET EVENT FILTERS...")
print("STATUS_CODE: {}, RESULT: \n\n{}\n".format(f.status_code, f.text))
a = dss.attributes()
print("\nGET ATTRIBUTES...")
print("STATUS_CODE: {}, RESULT: \n\n{}\n".format(a.status_code, a.text))
