Ejemplos de Helper en Python

Ejemplo n.º 1

Archivo: action.py Proyecto: rapid7/insightconnect-plugins

    def run(self, params={}):
        # This action is supported in API v2.1 but not 2.0
        if self.connection.api_version == "2.0":
            raise PluginException(
                cause="Endpoint not found.",
                assistance=
                "This action is not supported in SentinelOne API v2.0. Verify that your SentinelOne console supports "
                "SentinelOne API v2.1 and try again.",
            )

        response = self.connection.agents_summary(
            Helper.join_or_empty(params.get(Input.SITE_IDS, [])),
            Helper.join_or_empty(params.get(Input.ACCOUNT_IDS, [])),
        )

        data = response.get("data", {})

        return {
            Output.DECOMMISSIONED: data.get("decommissioned", 0),
            Output.INFECTED: data.get("infected", 0),
            Output.OUT_OF_DATE: data.get("outOfDate", 0),
            Output.ONLINE: data.get("online", 0),
            Output.TOTAL: data.get("total", 0),
            Output.UP_TO_DATE: data.get("upToDate", 0),
        }

Ejemplo n.º 2

Archivo: action.py Proyecto: mwhite39/insightconnect-plugins

    def run(self, params={}):
        response = self.connection.activities_list({
            "groupIds":
            Helper.join_or_empty(params.get(Input.GROUP_IDS, [])),
            "includeHidden":
            params.get(Input.INCLUDE_HIDDEN, False),
            "skip":
            params.get(Input.SKIP, None),
            "siteIds":
            Helper.join_or_empty(params.get(Input.SITE_IDS, [])),
            "agentIds":
            Helper.join_or_empty(params.get(Input.AGENT_IDS, [])),
            "skipCount":
            params.get(Input.SKIP_COUNT, False),
            "ids":
            Helper.join_or_empty(params.get(Input.IDS, [])),
            "createdAt__lt":
            params.get(Input.CREATED_AT_LT, None),
            "createdAt__lte":
            params.get(Input.CREATED_AT_LTE, None),
            "cursor":
            params.get(Input.CURSOR, None),
            "countOnly":
            params.get(Input.COUNT_ONLY, False),
            "accountIds":
            Helper.join_or_empty(params.get(Input.ACCOUNT_IDS, [])),
            "limit":
            params.get(Input.LIMIT, 10),
            "sortBy":
            params.get(Input.SORT_BY, None),
            "createdAt__gt":
            params.get(Input.CREATED_AT_GT, None),
            "createdAt__between":
            params.get(Input.CREATED_AT_BETWEEN, None),
            "activityTypes":
            Helper.join_or_empty(params.get(Input.ACTIVITY_TYPES, [])),
            "threatIds":
            Helper.join_or_empty(params.get(Input.THREAT_IDS, [])),
            "sortOrder":
            params.get(Input.SORT_ORDER, None),
            "userEmails":
            Helper.join_or_empty(params.get(Input.USER_EMAILS, [])),
            "userIds":
            Helper.join_or_empty(params.get(Input.USER_IDS, [])),
            "createdAt__gte":
            params.get(Input.CREATED_AT_GTE, None),
        })

        data = []
        if Output.DATA in response:
            for i in response.get(Output.DATA):
                data.append(komand.helper.clean_dict(i))

        return {
            Output.DATA: data,
            Output.PAGINATION: response.get(Output.PAGINATION),
        }

Ejemplo n.º 3

Archivo: action.py Proyecto: mwhite39/insightconnect-plugins

    def run(self, params={}):
        response = self.connection.agents_summary(
            Helper.join_or_empty(params.get(Input.SITE_IDS, [])),
            Helper.join_or_empty(params.get(Input.ACCOUNT_IDS, [])),
        )

        return {
            Output.DECOMMISSIONED: response.get("decommissioned", 0),
            Output.INFECTED: response.get("infected", 0),
            Output.OUT_OF_DATE: response.get("outOfDate", 0),
            Output.ONLINE: response.get("online", 0),
            Output.TOTAL: response.get("total", 0),
            Output.UP_TO_DATE: response.get("upToDate", 0),
        }

Ejemplo n.º 4

Archivo: action.py Proyecto: mwhite39/insightconnect-plugins

    def run(self, params={}):
        response = self.connection.agents_processes(
            Helper.join_or_empty(params.get(Input.IDS, [])))

        data = []
        if "data" in response:
            for i in response.get("data"):
                data.append(komand.helper.clean_dict(i))

        return {Output.AGENTS_PROCESSES: data}

Ejemplo n.º 5

Archivo: action.py Proyecto: poruchikrj/insightconnect-plugins

    def run(self, params={}):
        response = self.connection.apps_by_agent_ids(
            Helper.join_or_empty(params.get(Input.IDS, [])))

        data = []
        if Output.DATA in response:
            for i in response.get(Output.DATA):
                data.append(insightconnect_plugin_runtime.helper.clean_dict(i))

        return {Output.DATA: data}

Ejemplo n.º 6

Archivo: connection.py Proyecto: poruchikrj/insightconnect-plugins

    def get_existing_blacklist(self, blacklist_hash: str):
        ids = self.get_item_ids_by_hash(blacklist_hash)
        ids = Helper.join_or_empty(ids)
        if not ids:
            return False

        response = self._call_api("GET",
                                  "restrictions",
                                  params={
                                      "type": "black_hash",
                                      "ids": ids,
                                  })

        existing_os_types = []
        for blacklist_entry in response.get("data", []):
            existing_os_types.append(blacklist_entry.get("osType"))

        return set(existing_os_types) == {"linux", "windows", "macos"}

Ejemplo n.º 7

    def run(self, params={}):
        response = self.connection.activities_list({
            "groupIds":
            Helper.join_or_empty(params.get(Input.GROUP_IDS, [])),
            "includeHidden":
            params.get(Input.INCLUDE_HIDDEN, False),
            "skip":
            params.get(Input.SKIP, None),
            "siteIds":
            Helper.join_or_empty(params.get(Input.SITE_IDS, [])),
            "agentIds":
            Helper.join_or_empty(params.get(Input.AGENT_IDS, [])),
            "skipCount":
            params.get(Input.SKIP_COUNT, False),
            "ids":
            Helper.join_or_empty(params.get(Input.IDS, [])),
            "createdAt__lt":
            params.get(Input.CREATED_AT_LT, None),
            "createdAt__lte":
            params.get(Input.CREATED_AT_LTE, None),
            "countOnly":
            params.get(Input.COUNT_ONLY, False),
            "accountIds":
            Helper.join_or_empty(params.get(Input.ACCOUNT_IDS, [])),
            "limit":
            params.get(Input.LIMIT, 1000),
            "sortBy":
            params.get(Input.SORT_BY, None),
            "createdAt__gt":
            params.get(Input.CREATED_AT_GT, None),
            "createdAt__between":
            params.get(Input.CREATED_AT_BETWEEN, None),
            "activityTypes":
            Helper.join_or_empty(params.get(Input.ACTIVITY_TYPES, [])),
            "threatIds":
            Helper.join_or_empty(params.get(Input.THREAT_IDS, [])),
            "sortOrder":
            params.get(Input.SORT_ORDER, None),
            "userEmails":
            Helper.join_or_empty(params.get(Input.USER_EMAILS, [])),
            "userIds":
            Helper.join_or_empty(params.get(Input.USER_IDS, [])),
            "createdAt__gte":
            params.get(Input.CREATED_AT_GTE, None),
        })

        data = []
        self.add_to_data(data, response)

        limit = params.get(Input.LIMIT, 1000)

        pagination = response.get("pagination")
        next_cursor = pagination.get("nextCursor")
        while next_cursor and not limit:
            response = self.connection.activities_list({
                "cursor": next_cursor,
            })

            data = self.add_to_data(data, response)
            pagination = response.get("pagination")
            next_cursor = pagination.get("nextCursor")

        return {Output.DATA: data}