Ejemplos de SecurityCenter.query en Python

Ejemplo n.º 1

    {
        'asset_id': 28,
        'filters': {
            'sensor': 'HomeNet_Snort',
            'endtime': int(time.time()),
            'starttime': (int(time.time()) - 86400),
        },
    },
    {
        'asset_id': 29,
        'filters': {
            'type': 'nbs',
            'endtime': int(time.time()),
            'starttime': (int(time.time()) - 86400),
        },
    },
]

host = 'HOST'
username = '******'
password = '******'

sc = SecurityCenter(host, username, password)

for update in update_list:
    events = sc.query('sumip', source='lce', **update['filters'])
    ips = []
    for event in events:
        ips.append(event['address'])
    sc.asset_update(update['asset_id'], ips=ips)

Ejemplo n.º 2

Archivo: lce_unique_procs.py Proyecto: gitmovin/pySecurityCenter

sc = SecurityCenter(hostname, username, password)

queries = [{
    'eventName': 'Unique_Windows_Executable',
    'regex': re.compile(r'invoked \'(.*?)\''),
    'regex_type': 'single',
}, {
    'eventName': 'Daily_Command_Summary',
    'regex': re.compile(r'day: (.*?) \('),
    'regex_type': 'multiple',
}]

procs = set()

for query in queries:
    data = sc.query('syslog',
                    source='lce',
                    eventName=query['eventName'],
                    endtime=int(time.time()),
                    starttime=(int(time.time()) - (86400 * days)))
    for item in data:
        values = query['regex'].findall(item['message'])
        for value in values:
            if query['regex_type'] == 'single':
                procs.add(value)
            if query['regex_type'] == 'multiple':
                for val in value.split(', '):
                    procs.add(val)
print '%s:\t%s' % (len(procs), ', '.join(procs))

Ejemplo n.º 3

Archivo: canyouhack.py Proyecto: morristech/canyouhack

ip = sys.argv[1]

checkip = sys.argv[1]

#Ignore TLS Cert Error
if hasattr(ssl, '_create_unverified_context'):
    ssl._create_default_https_context = ssl._create_unverified_context

# Instantiate a Security Center instance and login with the credentials provided
sc = SecurityCenter(host, username, password)

#
vulns = sc.query('vulndetails',
                 exploitAvailable='true',
                 pluginType='active',
                 severity='3,4',
                 ip=checkip)

# Set IP Address:
ips = {}
if not vulns:
    print '\nYou Probably Cant Hack %s. Congrats!  : ) \n' % ip
else:
    for vuln in vulns:
        if vuln['ip'] not in ips:
            ips[vuln['ip']] = []
        ips[vuln['ip']].append(vuln)

# Now to print the output to the screen.  This could easily be rewritten to
# output to a file as well, or even parse it into a CSV file if needed.

Ejemplo n.º 4

Archivo: canyouhack.py Proyecto: jgamblin/canyouhack

ip = sys.argv[1]

checkip = sys.argv[1]


#Ignore TLS Cert Error
if hasattr(ssl, '_create_unverified_context'):
	ssl._create_default_https_context = ssl._create_unverified_context



# Instantiate a Security Center instance and login with the credentials provided
sc = SecurityCenter(host, username, password)

#
vulns = sc.query('vulndetails', exploitAvailable='true', pluginType='active', severity='3,4', ip=checkip)

# Set IP Address:
ips ={}
if not vulns:
    print '\nYou Probably Cant Hack %s. Congrats!  : ) \n' % ip
else:
    for vuln in vulns:
        if vuln['ip'] not in ips:
            ips[vuln['ip']] = []
        ips[vuln['ip']].append(vuln)

# Now to print the output to the screen.  This could easily be rewritten to
# output to a file as well, or even parse it into a CSV file if needed.
for ip in ips:
    print 'Yep, you can hack %s. \nHere is how:' %ip

Ejemplo n.º 5

Archivo: lce_assets.py Proyecto: cfiorille/pySecurityCenter

update_list = [{
    'asset_id': 28,
    'filters': {
        'sensor': 'HomeNet_Snort',
        'endtime': int(time.time()),
        'starttime': (int(time.time()) - 86400),
        },
    },{
    'asset_id': 29,
    'filters': {
        'type': 'nbs',
        'endtime': int(time.time()),
        'starttime': (int(time.time()) - 86400),
        },
    },
]

host = 'HOST'
username = '******'
password = '******'

sc = SecurityCenter(host, username, password)

for update in update_list:
    events = sc.query('sumip', source='lce', **update['filters'])
    ips = []
    for event in events:
        ips.append(event['address'])
    sc.asset_update(update['asset_id'], ips=ips)

Ejemplo n.º 6

Archivo: lce_unique_procs.py Proyecto: cfiorille/pySecurityCenter

sc = SecurityCenter(hostname, username, password)

queries = [{
    'eventName': 'Unique_Windows_Executable',
    'regex': re.compile(r'invoked \'(.*?)\''),
    'regex_type': 'single',
    },{
    'eventName': 'Daily_Command_Summary',
    'regex': re.compile(r'day: (.*?) \('),
    'regex_type': 'multiple',
    }
]

procs = set()

for query in queries:
    data = sc.query('syslog', source='lce',
                    eventName=query['eventName'],
                    endtime=int(time.time()),
                    starttime=(int(time.time()) - (86400 * days))
                   )
    for item in data:
        values = query['regex'].findall(item['message'])
        for value in values:
            if query['regex_type'] == 'single':
                procs.add(value)
            if query['regex_type'] == 'multiple':
                for val in value.split(', '):
                    procs.add(val)
print '%s:\t%s' % (len(procs), ', '.join(procs))