tid_val = args.tid_val
app_id = args.app_id
app_secret = args.app_secret
API = CyAPI(tid_val, app_id, app_secret, args.region)
else:
print("[-] Must provide valid token information")
exit(-1)
API.create_conn()
# use-case it to import csv and add hashes to globalquarantinelist
import pandas as pd
#modify filename as needed
df = pd.read_csv("GlobalQuarantine_20201203.csv")
for index, row in df.iterrows():
#print content of each row in column "SHA256 HASH"
print(row["SHA256 Hash"])
#edit comment as needed
#edit column name according to csv
API.add_to_global_list("quarantine",
"import from old tenant",
row["SHA256 Hash"],
category="None")
elif args.tid_val and args.app_id and args.app_secret:
tid_val = args.tid_val
app_id = args.app_id
app_secret = args.app_secret
API = CyAPI(tid_val, app_id, app_secret, args.region)
else:
print("[-] Must provide valid token information")
exit(-1)
if not args.force:
print("[+] Listing all Trusted Local threats in your environment")
else:
print(
"[+] Globally Safelisting all Trusted Local threats in your environment"
)
API.create_conn()
threats = API.get_threats()
tl_threats = []
for threat in threats:
if "Trusted" == threat.get('classification') and "Local" == threat.get(
'sub_classification'):
tl_threats.append(threat)
for threat in tl_threats:
if args.force:
API.add_to_global_list("safe", "Trusted Local", threat.get('sha256'))
else:
pprint(threat)