def __init__(self, api_key):
self.configuration = deepsecurity.Configuration()
self.configuration.host = f'https://{os.environ["ApiEndpoint"]}/api'
self.configuration.api_key['api-secret-key'] = api_key
self.connectorClient = deepsecurity.AWSConnectorsApi(
deepsecurity.ApiClient(self.configuration))
self.apiVersion = 'v1'
def lambda_handler(event, context):
global DSM
global configuration
configuration = client.Configuration()
# DSM_policy = client.PoliciesApi(client.ApiClient(configuration))
# DSM_client = client.ComputersApi(client.ApiClient(configuration))
ds_api_key = '2:CC8BLAbBl8VH5sfPFjygafiV7heQc9fkHhDWkNjsxRk='
ds_hostname = 'app.deepsecurity.trendmicro.com'
ds_port = '443'
# ds_ignore_ssl_validation = None
# if 'dsIgnoreSslValidation' in os.environ: ds_ignore_ssl_validation = os.environ['dsIgnoreSslValidation']
try:
# DSM connection string
configuration.host = 'https://' + ds_hostname + ':' + ds_port + '/api'
configuration.verify_ssl = False
# Authentication
configuration.api_key['api-secret-key'] = ds_api_key
api_version = 'v1'
print("Signed into Deep Security")
except api_exception as ex:
print(
"Could not successfully sign into Deep Security. Threw exception: {}"
.format(ex))
# From here we have to fetch data
DSM_computer = client.ComputersApi(client.ApiClient(configuration))
try:
# NEED TO CHANGE THIS CODE TO SEARCH SPECIFIC INSTANCE ID
search_filter = deepsecurity.SearchFilter()
overrides = False
response = DSM_computer.search_computers('v1',
search_filter=search_filter,
overrides=overrides)
for computer in response.computers:
if computer.ec2_virtual_machine_summary.instance_id == 'i-0ab687235eddfb3ad':
attr = vars(computer)
instance_in_ds = attr['_id']
api_instance = deepsecurity.ScheduledTasksApi(
deepsecurity.ApiClient(configuration))
scheduled_task = deepsecurity.ScheduledTask(
).scan_for_recommendations_task_parameters
res = api_instance.create_scheduled_task(
scheduled_task, api_version)
print("Found the instance in Deep Security as computer {}".format(
len(response.computers)))
except api_exception as ex:
print(
"Could not find the instance in Deep Security. Threw exception: {}"
.format(ex))
def __init__(self):
ds_api_key = os.environ['DS_KEY']
self.api_version = os.environ.get('DS_API_VERSION', 'v1')
dsm_address = os.environ.get(
'DS_API_ADDRESS', 'https://app.deepsecurity.trendmicro.com/api')
config = api.Configuration()
config.host = dsm_address
config.api_key['api-secret-key'] = ds_api_key
self.api_client = api.ApiClient(config)
def __init__(self, host, api_key, version):
self.host = host
self.api_key = api_key
self.version = version
try:
self.api_config = deepsecurity.Configuration()
self.api_config.host = host
self.api_config.api_key['api-secret-key'] = api_key
except:
raise TypeError("Invalid types: host - {} api_key - {}".format(
type(host), type(api_key)))
def DeepSec_Api():
print ('Connecting to Deep Security Platform ...###Calling Deep Security API###')
if not sys.warnoptions:
warnings.simplefilter("ignore")
configuration=deepsecurity.Configuration()
configuration.host="https://app.deepsecurity.trendmicro.com:443/api"
#print ('deeptoken', deeptoken)
dee=deeptoken
print ('Fetching endpoint information using Access Key :', dee)
configuration.api_key['api-secret-key']=dee
api_instance=deepsecurity.ComputersApi(deepsecurity.ApiClient(configuration))
api_version='v1'
expand_options=deepsecurity.Expand()
expand_options.add(expand_options.none)
expand=expand_options.list()
overrides=False
try:
api_response=api_instance.list_computers(api_version,expand=expand,overrides=overrides)
#pprint(api_response)
except ApiException as e:
print("Exception: %s",e)
#sqlmain()
try:
conn = sqlmain()
c = conn.cursor()
print ('Downloading Report from Deep Security Platform ...###Calling Deep Security API###')
for item in tqdm(api_response.computers):
sql = f' INSERT INTO DeepSecurity(host_name, agent_version, computer_status, last_agent_communication, anti_malware, last_ip_used) ' \
f'VALUES(?, ?, ?, ?, ?, ?) '
cur = conn.cursor()
# Prepare data to insert
list_array = []
host_name = item.host_name if item.host_name else 'None';
agent_version = item.agent_version if item.agent_version else 'None';
computer_status = item.computer_status if item.computer_status else 'None';
last_agent_communication = str(item.last_agent_communication) if item.last_agent_communication else 'None';
anti_malware = item.anti_malware if item.anti_malware else 'None';
last_ip_used = item.last_ip_used if item.last_ip_used else 'None';
list_array.extend((host_name, agent_version, computer_status, last_agent_communication, anti_malware, last_ip_used))
# execute insert query
c.execute(sql, list_array)
conn.commit()
inserted_id = cur.lastrowid
#print(inserted_id)
except Error as e:
print(e)
finally:
if conn:
conn.close()
def __init__(self, dsm_address):
try:
ds_api_key = os.environ['DS_KEY']
self.api_version = os.environ.get('DS_API_VERSION', 'v1')
except KeyError:
sys.exit(
'"DS_KEY" environment variables are not set. Please set them and try again.'
)
config = api.Configuration()
config.host = dsm_address
config.api_key['api-secret-key'] = ds_api_key
self.api_client = api.ApiClient(config)
def __init__(self):
try:
print('Obtaining DS API key')
ds_api_key = os.environ['DS_KEY']
self.api_version = os.environ.get('DS_API_VERSION', 'v1')
print(f'Set API version to {self.api_version}')
except KeyError:
sys.exit(
'"DS_KEY" environment variables are not set. Please set them and try again.'
)
dsm_address = os.environ.get(
'DS_API_ADDRESS', 'https://app.deepsecurity.trendmicro.com/api')
print(f'Obtained DS API address: {dsm_address}')
print('Initiating DS connection')
config = api.Configuration()
config.host = dsm_address
config.api_key['api-secret-key'] = ds_api_key
self.api_client = api.ApiClient(config)
def sign_in_to_deep_security():
"""
Sign in to Deep Security
"""
global DSM
global configuration
configuration = client.Configuration()
DSM_policy = client.PoliciesApi(client.ApiClient(configuration))
DSM_client = client.ComputersApi(client.ApiClient(configuration))
if 'apiKey' not in os.environ:
print("apiKey is REQUIRED environment variables for this AWS Lambda function")
return None
ds_api_key = os.environ['apiKey']
ds_hostname = None
if 'dsHostname' in os.environ: ds_hostname = os.environ['dsHostname']
ds_port = None
if 'dsPort' in os.environ: ds_port = os.environ['dsPort']
# ds_ignore_ssl_validation = None
# if 'dsIgnoreSslValidation' in os.environ: ds_ignore_ssl_validation = os.environ['dsIgnoreSslValidation']
try:
# DSM connection string
configuration.host = 'https://' + ds_hostname + ':' + ds_port + '/api'
configuration.verify_ssl = False
# Authentication
configuration.api_key['api-secret-key'] = ds_api_key
api_version = 'v1'
policies_list = DSM_policy.list_policies(api_version)
computer_list = DSM_client.list_computers(api_version)
print("Signed into Deep Security")
except api_exception as ex:
print("Could not successfully sign into Deep Security. Threw exception: {}".format(ex))
if not sys.warnoptions:
warnings.simplefilter("ignore")
# Get the DSM URL and API key from a JSON file
property_file = os.path.dirname(
os.path.abspath(__file__)) + '/../properties.json'
with open(property_file) as raw_properties:
properties = json.load(raw_properties)
secret_key = properties['secretkey']
url = properties['url']
api_version = 'v1'
# Add DSM host information to the API client configuration
configuration = api.Configuration()
configuration.host = url
configuration.api_key['api-secret-key'] = secret_key
# Initialization
# Set Any Required Values
api_instance = api.PoliciesApi(api.ApiClient(configuration))
# Add column titles to comma-separated values string
csv = "Policy ID;Name;Description;Antimalware;Antimalware manual scan configuration id;Antimalware real time scan configuration;Antimalware Scheduled scan configuration;Application control;firewall;integrity monitoring;interface types;intrusion prevention;recommendation scan mode;log_inspection;web reputation\n"
overrides = False
try:
policies = api_instance.list_policies(api_version, overrides=overrides)
#MY FIRST EXAMPLE FOR SEARCHING IPS RULES IN COMPUTERS
#MY FIRST EXAMPLE FOR SEARCHING IPS RULES IN COMPUTERS
from __future__ import print_function
import sys, warnings
import deepsecurity
from deepsecurity.rest import ApiException
from pprint import pprint
# Setup
if not sys.warnoptions:
warnings.simplefilter("ignore")
configuration = deepsecurity.Configuration()
configuration.host = 'https://192.168.75.210:4119/api'
# Authentication
configuration.api_key[
'api-secret-key'] = '2:PZGmBIe8rcKSF6fK2HeMkoyh5ZrC/fQeeyJyUjcpzyk='
# Initialization
# Set Any Required Values
api_instance = deepsecurity.ComputerIntrusionPreventionRuleAssignmentsRecommendationsApi(
deepsecurity.ApiClient(configuration))
computer_id = 1
api_version = 'v1'
overrides = False
try:
api_response = api_instance.list_intrusion_prevention_rule_ids_on_computer(
computer_id, api_version, overrides=overrides)
pprint(api_response)
except ApiException as e:
def main():
# Setup and connect to Cloud One Workload Security or Deep Security
api_version = 'v1'
overrides = False
if not sys.warnoptions:
warnings.simplefilter("ignore")
configuration = deepsecurity.Configuration()
configuration.host = 'https://cloudone.trendmicro.com:443/api'
configuration.api_key['api-secret-key'] = '<Your API Key>'
print("Welcome to the test suite for Cloud One Workload Security")
print(
"This script works by running a set of tests and assigns rules at the policy level if necessary"
)
# Get the Operating System information
operating_system = getoperatingsystem()
print("")
print("The policies in your Cloud One account are:")
# List the policies and get the policy_id
policy_id = getpolicyid(configuration, api_version, overrides)
# Check the hosts that the policy is applied to so we can know what host
# the tests are being run on
host_id = gethostid(policy_id, configuration, api_version, overrides)
print("")
time.sleep(2)
# Set the variables for the tests to run
ips_rule_to_apply = "Restrict Download Of EICAR Test File Over HTTP"
if ("redhat" in operating_system or "ubuntu" in operating_system):
im_rule_to_apply = "Unix - Open Port Monitor"
li_rule_to_apply = "Unix - Syslog"
if ("windows" in operating_system):
im_rule_to_apply = "Microsoft Windows - 'Hosts' file modified"
li_rule_to_apply = "Microsoft Windows Events"
# Check with the user what test the user wants to run
user_input = 0
while (user_input == 0):
print("The available tests are: ")
print("1 = Anti-Malware")
print("2 = Intrusion Prevention")
print("3 = Integrity Monitoring")
print("4 = Web Reputation")
print("5 = Log Inspection")
print(
"6 = Application Control (Note: This test takes about 3 minutes to run)"
)
print("7 = Docker Anti-Malware (only works on Ubuntu and Redhat)")
print("8 = All Tests")
print("Which test would you like to perform: ")
user_input = input()
if (not user_input.isdigit()) or (int(user_input) > 8):
print("Invalid option, please try again")
user_input = 0
# Run the anti-malware test
if (int(user_input) == 1):
antimalwaretest(operating_system)
exit()
# Run the intrusion prevention test
if (int(user_input) == 2):
ipstest(ips_rule_to_apply, policy_id, configuration, api_version,
overrides, operating_system)
exit()
# Run the Integrity Monitoring test
if (int(user_input) == 3):
integritymonitoringtest(host_id, im_rule_to_apply, policy_id,
configuration, api_version, overrides,
operating_system)
exit()
# Run the Web Reputation test
if (int(user_input) == 4):
webreputationtest(policy_id, configuration, api_version, overrides,
operating_system)
exit()
# Run the Log Inspection test
if (int(user_input) == 5):
loginspectiontest(li_rule_to_apply, policy_id, configuration,
api_version, overrides, operating_system)
exit()
# Run the Application Control test
if (int(user_input) == 6):
applicationcontroltest(host_id, policy_id, configuration, api_version,
overrides, operating_system)
exit()
# Run the Docker antimalware test
if (int(user_input) == 7):
dockeramtest(host_id, policy_id, configuration, api_version, overrides,
operating_system)
exit()
# Run all tests
if (int(user_input) == 8):
print("Running all tests")
antimalwaretest(operating_system)
ipstest(ips_rule_to_apply, policy_id, configuration, api_version,
overrides, operating_system)
integritymonitoringtest(host_id, im_rule_to_apply, policy_id,
configuration, api_version, overrides,
operating_system)
webreputationtest(policy_id, configuration, api_version, overrides,
operating_system)
loginspectiontest(li_rule_to_apply, policy_id, configuration,
api_version, overrides, operating_system)
applicationcontroltest(host_id, policy_id, configuration, api_version,
overrides, operating_system)
if ("ubuntu" in operating_system or "redhat" in operating_system):
dockeramtest(host_id, policy_id, configuration, api_version,
overrides, operating_system)
exit()
def __init__(self, url, api_key, verify_ssl, api_version):
self.configuration = ds.Configuration()
self.configuration.host = url
self.configuration.api_key['api-secret-key'] = api_key
self.configuration.verify_ssl = verify_ssl
self.api_version = api_version
def __init__(self):
self.api_config = deepsecurity.Configuration()
self.api_version = ''
self.API_CONFIG_PATH = "config/api_config.yml"
self.MAX_RETRY_ERROR_MSG = "ERROR: Failed to establish connection - Make sure the hostname is correct"
self.MAX_ITEMS_PER_PAGE = 1000 #Up To 5000
expand_options = deepsecurity.Expand()
expand_options.add(
# deepsecurity.Expand.anti_malware,
# deepsecurity.Expand.application_control,
# deepsecurity.Expand.firewall,
# deepsecurity.Expand.web_reputation,
# deepsecurity.Expand.log_inspection,
# deepsecurity.Expand.integrity_monitoring,
# deepsecurity.Expand.intrusion_prevention,
# deepsecurity.Expand.computer_settings,
# deepsecurity.Expand.computer_status,
# deepsecurity.Expand.ec2_virtual_machine_summary,
# deepsecurity.Expand.azure_arm_virtual_machine_summary,
# deepsecurity.Expand.azure_vm_virtual_machine_summary,
# deepsecurity.Expand.gcp_virtual_machine_summary
deepsecurity.Expand.all
)
self.COMPUTER_EXPAND = expand_options.list()
search_criteria = deepsecurity.SearchCriteria()
search_criteria.id_value = 0
search_criteria.id_test = "greater-than"
self.SEARCH_FILTER = deepsecurity.SearchFilter(max_items=self.MAX_ITEMS_PER_PAGE, search_criteria=search_criteria)
#Turns off warnings unless specified
if not sys.warnoptions:
warnings.simplefilter("ignore")
file_config = dict()
try:
with open(self.API_CONFIG_PATH, "r", encoding = 'utf-8') as cfg_fd:
file_config = yaml.safe_load(cfg_fd.read())
if file_config is None:
file_config = dict()
self.api_config.host = file_config["host"]
self.api_config.api_key['api-secret-key'] = file_config["api-secret-key"]
self.api_version = file_config["api-version"]
if not "https://" in self.api_config.host:
self.api_config.host = "https://"+self.api_config.host
except Exception as e:
print(Fore.LIGHTRED_EX + "Error while loading the config/api_config.yml file, resetting it...")
try:
os.makedirs("config")
except Exception as e:
pass
try:
if "host" not in file_config or file_config["host"] == "https://<Your DSM Hostname or IP>:<DSM Port>/api" or \
"api-secret-key" not in file_config or file_config["api-secret-key"] == "" or "api-version" not in file_config:
print(Fore.LIGHTRED_EX+"CONFIG FILE NOT SET!")
print("{}Insert the DSM host (link) following this example {}[{}https://{}<Your DSM Hostname or IP>{}:{}<DSM Port if on-premise>{}/api{}]".
format(Fore.LIGHTCYAN_EX, Fore.LIGHTWHITE_EX,Fore.LIGHTBLUE_EX, Fore.LIGHTGREEN_EX,Fore.LIGHTWHITE_EX,Fore.LIGHTRED_EX,Fore.LIGHTMAGENTA_EX,Fore.LIGHTWHITE_EX))
self.api_config.host = input("Inset the DSM Host: ").rstrip().lstrip()
file_config["host"] = self.api_config.host
if self.api_config.host == "":
raise TypeError("Empty Host Configuration is NOT VALID")
print(Fore.LIGHTCYAN_EX + "Insert the secret key for the API (Check the documentation if lost)")
self.api_config.api_key['api-secret-key'] = input("Inset the Api Secret key: ").rstrip().lstrip()
file_config["api-secret-key"] = self.api_config.api_key['api-secret-key']
if self.api_config.api_key['api-secret-key'] == "":
raise TypeError("Empty key Configuration is NOT VALID")
self.api_version = "v1"
file_config["api-version"] = self.api_version
print(Fore.LIGHTGREEN_EX + "Saving to config/api_config.yml (you can modify the info here)")
try:
with open(self.API_CONFIG_PATH, "w+") as config:
yaml.dump(file_config,config, default_flow_style=False)
except Exception as e:
print("Could not save configs to file, you will have to type them again later")
except Exception as e:
raise IOError("Corrupted api_config, please re download the file: " + str(e))
if self.api_config.host is None or self.api_config.api_key is None or self.api_version is None:
raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH)))
