"""Delete applicative scan"""
import os
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(
os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'),
CONF.get('cyberwatch', 'api_key'),
CONF.get('cyberwatch', 'secret_key'))
APPLICATIVE_SCAN_ID = '' # ID of the applicative scan.
CLIENT.delete_applicative_scan(APPLICATIVE_SCAN_ID)
"""Get specific docker image"""
import os
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(
os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'),
CONF.get('cyberwatch', 'api_key'),
CONF.get('cyberwatch', 'secret_key'))
DOCKER_IMAGE_ID = '' # ID of the docker image.
CLIENT.docker_image(DOCKER_IMAGE_ID)
'''Delete a Server'''
import os
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key'))
CLIENT.ping()
SERVER_ID = '' #Id of the server you which to delete
RESULT = CLIENT.delete_server(SERVER_ID)
if RESULT:
print('Successfull deletion')
else:
print('Failure deletion')
"""Update cve_announcement"""
import os
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(
os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'),
CONF.get('cyberwatch', 'api_key'),
CONF.get('cyberwatch', 'secret_key'))
INFO = {
"score_custom": "",
"access_complexity": "",
"access_vector": "",
"availability_impact": "",
"confidentiality_impact": "",
"integrity_impact": "",
"privilege_required": "",
"scope": "",
"user_interaction": ""
}
CVE_CODE = ''
CLIENT.update_cve_announcement(CVE_CODE, INFO)
from cbw_api_toolbox.cbw_api import CBWApi
API_KEY = ''
SECRET_KEY = ''
API_URL = ''
servers = CBWApi(API_URL, API_KEY, SECRET_KEY).get_detailed_servers()
category_by_groups = {}
# append each server to a group by category dict
for server in servers:
if server and server.groups:
for group in server.groups:
if group.name not in category_by_groups:
category_by_groups[group.name] = {}
concerned_group = category_by_groups[group.name]
if server.category not in concerned_group:
concerned_group[server.category] = []
concerned_group[server.category].append(server)
for group in category_by_groups:
print("--- GROUP : {0} ---".format(group))
for category in category_by_groups[group]:
print("{0} : {1}".format(category,
len(category_by_groups[group][category])))
"""Update remote access"""
from cbw_api_toolbox.cbw_api import CBWApi
API_KEY = ''
SECRET_KEY = ''
API_URL = ''
CLIENT = CBWApi(API_URL, API_KEY, SECRET_KEY)
INFO = {"type": "", #mandatory, precises the type of the connection
"address": "", #mandatory, precises the IP address or the domain name of the targeted computer
"port": "", #mandatory, precises the port of the connection
"login": "", #mandatory, precises the login of the connection
"password": "", #precises the password of the connection
"key": "", #precises the key of the connection
"node": "" #precises the Cyberwatch source of the connection
}
REMOTE_ACCESS_ID = ''
CLIENT.update_remote_access(REMOTE_ACCESS_ID, INFO)
from cbw_api_toolbox.cbw_api import CBWApi
API_KEY = ''
SECRET_KEY = ''
API_URL = ''
CLIENT = CBWApi(API_URL, API_KEY, SECRET_KEY)
CLIENT.ping()
SERVER_ID = '' #Id of the server you which to delete
result = CLIENT.delete_server(SERVER_ID)
if result:
print('Successfull deletion')
else:
print('Failure deletion')
"""Get a specific security issue"""
import os
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key'))
SECURITY_ISSUE_ID = ''
CLIENT.security_issue(SECURITY_ISSUE_ID)
"""Update security issue"""
import os
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(
os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'),
CONF.get('cyberwatch', 'api_key'),
CONF.get('cyberwatch', 'secret_key'))
INFO = {
"cve_announcements":
[], # List of cve_announcements Code related to the security issue.
"description": "", # Description of the security issue
"level": "", # Severity of the security issue
"score": "", # Score of the security issue
"servers": [], # ID list of servers affected by the security issue.
"sid": "", # SID of the security issue
"title": "" # Title of the security issue
}
SECURITY_ISSUE_ID = ''
CLIENT.update_remote_access(SECURITY_ISSUE_ID, INFO)
def __init__(self, api_url, api_key, secret_key):
self.client = CBWApi(api_url, api_key, secret_key)
from cbw_api_toolbox.cbw_api import CBWApi
def post_splunk(url, token, payload):
"""
Send a post request to Splunk API
"""
headers = {'Authorization': 'Splunk {}'.format(token)}
res = requests.post(url=url, headers=headers, data=payload, verify=False)
res.raise_for_status()
return res.json()
# Load configuration from file api.conf
conf = ConfigParser()
conf.read(
os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
# Retrieve the computer from Cyberwatch API
CLIENT = CBWApi(conf.get('cyberwatch', 'url'),
conf.get('cyberwatch', 'api_key'),
conf.get('cyberwatch', 'secret_key'))
SERVER_ID = ''
server = CLIENT.server(SERVER_ID)
# Send the data to Splunk
post_splunk(
conf.get('splunk', 'url'), conf.get('splunk', 'token'),
'- Hostname: {}\n- Vulnerabilities count: {}'.format(
server.hostname, server.cve_announcements_count))
class CBWXlsx:
"""Class used to import/export file xlsx remote acesses"""
def __init__(self, api_url, api_key, secret_key):
self.client = CBWApi(api_url, api_key, secret_key)
def import_remote_accesses_xlsx(self, file_xlsx):
"""method to import remote accesses from an xlsx file"""
if not file_xlsx:
logging.fatal("No Files xlsx")
return None
if not file_xlsx.endswith(".xlsx"):
logging.fatal("Extension not valid")
return None
imported = xlrd.open_workbook(file_xlsx)
lines = imported.sheet_by_index(0)
response = []
titles = lines.row_values(0)
for line in range(1, lines.nrows):
text = lines.row_values(line)
address = lines.row_values(line)[0]
logging.debug("Creating remote access {}".format(address))
try:
info = {
"address": text[titles.index("HOST")],
"port": text[titles.index("PORT")],
"type": text[titles.index("TYPE")],
"login": text[titles.index("USERNAME")],
"password": text[titles.index("PASSWORD")],
"key": text[titles.index("KEY")],
"node_id": text[titles.index("NODE_ID")],
"server_groups": text[titles.index("SERVER_GROUPS")]
}
remote_access = self.client.create_remote_access(info)
response.append(remote_access)
logging.debug("Done")
except ValueError:
logging.fatal("Error format file xlsx::"
"HOST, PORT, TYPE, USERNAME,"
"PASSWORD, KEY, NODE_ID, SERVER_GROUPS")
return None
return response
def export_remote_accesses_xlsx(self,
file_xlsx="export_remote_accesses_" +
str(datetime.datetime.now()) + ".xlsx"):
"""Method to export remote access to an xlsx file"""
if not file_xlsx or file_xlsx == "":
logging.error("No xlsx file")
return False
if not file_xlsx.endswith(".xlsx"):
logging.error("Extension not valid")
return False
remote_accesses = self.client.remote_accesses()
logging.debug("Creating file xlsx")
workbook = xlsxwriter.Workbook(file_xlsx)
worksheet = workbook.add_worksheet(u"remote_accesses")
worksheet.write(0, 0, "HOST")
worksheet.write(0, 1, "PORT")
worksheet.write(0, 2, "TYPE")
worksheet.write(0, 3, "NODE_ID")
worksheet.write(0, 4, "SERVER_GROUPS")
logging.debug("Add remote accesses in file xlsx")
i = 1
for remote_access in remote_accesses:
worksheet.write(i, 0, remote_access.address)
worksheet.write(i, 1, remote_access.port)
worksheet.write(i, 2, remote_access.type)
worksheet.write(i, 3, remote_access.node_id)
if remote_access.server_id:
server = self.client.server(remote_access.server_id)
if server.groups:
group_name = ""
for group in server.groups:
group_name += group.name + ","
group_name = group_name[:-1]
worksheet.write(i, 4, group_name)
i += 1
workbook.close()
logging.debug("Done")
return True
"""Create a stored credentials"""
import os
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key'))
INFO = {"type": "", # mandatory, specifies the type of the stored credentials
"name": "", # mandatory, specifies the name of the stored credentials
"user": "", # specifies the user of the stored credentials
"password": "", # specifies the password in the stored credentials
"key": "", # specifies the secret key for credentials of type key
"endpoint": "", # entry point (URL) for credentials of type docker engine or docker registry
"ca_cert": "", # certificate of the certificate authority for TLS credentials like a docker engine
"client_cert": "", # specifies client private key for TLS credentials like a Docker engine
"client_key": "", # client certificate for TLS credentials like a Docker engine
"auth_password": "", # for SNMP, authentication password for SNMP credentials
"priv_password": "" # for SNMP, encryption password for SNMP credentials
}
CLIENT.create_stored_credential(INFO)
"""Get all applicative scans"""
import os
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(
os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'),
CONF.get('cyberwatch', 'api_key'),
CONF.get('cyberwatch', 'secret_key'))
CLIENT.applicative_scans()
"""get asset by asset_id"""
import os
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(
os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'),
CONF.get('cyberwatch', 'api_key'),
CONF.get('cyberwatch', 'secret_key'))
ASSET_ID = ''
CLIENT.server(ASSET_ID)
"""Get all the stored credentials"""
import os
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key'))
CLIENT.stored_credentials()
"""Example: Export the applications for each servers"""
# FOR THIS EXAMPLE YOU NEED TO INSTALL xlsxwriter : pip3 install xlsxwriter
import xlsxwriter # pylint: disable=import-error
from cbw_api_toolbox.cbw_api import CBWApi
API_KEY = ''
SECRET_KEY = ''
API_URL = ''
CLIENT = CBWApi(API_URL, API_KEY, SECRET_KEY)
CLIENT.ping()
SERVERS = CLIENT.servers()
EXPORTED = xlsxwriter.Workbook('cbw_export_servers_applications.xlsx')
for server in SERVERS:
server = CLIENT.server(server.id)
if server and server.applications:
print("Export applications for {0}".format(server.hostname))
worksheet = EXPORTED.add_worksheet(server.hostname)
worksheet.write(0, 0, "Application")
worksheet.write(0, 1, "Version")
row = 1
"""Get all the remote accesses"""
import os
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(
os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'),
CONF.get('cyberwatch', 'api_key'),
CONF.get('cyberwatch', 'secret_key'))
CLIENT.remote_accesses()
'''Delete an Asset'''
import os
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(
os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'),
CONF.get('cyberwatch', 'api_key'),
CONF.get('cyberwatch', 'secret_key'))
ASSET_ID = '' #Id of the asset you which to delete
CLIENT.delete_asset(ASSET_ID)
"""Get all docker images"""
import os
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(
os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'),
CONF.get('cyberwatch', 'api_key'),
CONF.get('cyberwatch', 'secret_key'))
CLIENT.docker_images()
import os
import csv
import logging
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
# Find the ID on [CYBERWATCH_URL]/cbw_assets/groups and edit the concerned stored credential (the ID will be in the URL)
# Example: "https://[CYBERWATCH_URL]/cbw_assets/groups/9/edit" the GROUP_ID is '9'
GROUP_ID = ""
CONF = ConfigParser()
CONF.read(
os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'),
CONF.get('cyberwatch', 'api_key'),
CONF.get('cyberwatch', 'secret_key'))
def to_csv(csv_lines, name_csv, path=""):
"""Write objects in csv_lines into a csv file"""
with open(os.path.join(path, name_csv), 'w', newline='') as csvfile:
spamwriter = csv.writer(csvfile,
delimiter=' ',
quotechar='|',
quoting=csv.QUOTE_MINIMAL)
spamwriter.writerow(['"sep=,"'])
fieldnames = csv_lines[0].keys()
writer = csv.DictWriter(csvfile, fieldnames=fieldnames)
writer.writeheader()
for line in csv_lines:
"""Delete remote access""" from cbw_api_toolbox.cbw_api import CBWApi API_KEY = '' SECRET_KEY = '' API_URL = '' CLIENT = CBWApi(API_URL, API_KEY, SECRET_KEY) REMOTE_ACCESS_ID = '' CLIENT.delete_remote_access(REMOTE_ACCESS_ID)
"""Create remote access"""
import os
import json
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(
os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', '..',
'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'),
CONF.get('cyberwatch', 'api_key'),
CONF.get('cyberwatch', 'secret_key'))
def match_system_cyberwatch(system):
"""Function used to match the system specified in the file with Cyberwatch syntax"""
if system == "windows":
return "CbwRam::RemoteAccess::WinRm::WithNegotiate", 5985
if system == "linux":
return "CbwRam::RemoteAccess::Ssh::WithPassword", 22
if system == "network device":
return "CbwRam::RemoteAccess::Snmp", 161
print("System '{}' not recognized, setting default as 'Linux' and port 22".
format(system))
return "CbwRam::RemoteAccess::Ssh::WithPassword", 22
def parse_json_file(json_file_path):
"""Parse the json file specified and create remote access objects in Cyberwatch"""
"""Fetch a list of all air gapped scanning scripts"""
import os
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(
os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', '..',
'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'),
CONF.get('cyberwatch', 'api_key'),
CONF.get('cyberwatch', 'secret_key'))
CLIENT.fetch_airgapped_scripts()
"""Example: Find all servers per group"""
import os
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(
os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'),
CONF.get('cyberwatch', 'api_key'),
CONF.get('cyberwatch', 'secret_key'))
CLIENT.ping()
SERVERS = CLIENT.servers()
CATEGORY_BY_GROUPS = {}
# append each server to a group by category dict
for server in SERVERS:
server = CLIENT.server(str(server.id))
for group in server.groups:
if group.name not in CATEGORY_BY_GROUPS:
CATEGORY_BY_GROUPS[group.name] = {}
concerned_group = CATEGORY_BY_GROUPS[group.name]
if server.category not in concerned_group:
concerned_group[server.category] = []
"""Update server attributes"""
import os
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(
os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'),
CONF.get('cyberwatch', 'api_key'),
CONF.get('cyberwatch', 'secret_key'))
SERVER_ID = '' #add the appropriate id server
INFO = {
"category": '',
"description": "",
"environment": {}, # Environment object
"deploying_period": "",
"ignoring_policy": "",
"compliance_groups":
[], # An array of of the compliance groups IDs you want to set on your
# server split by ',' (ex: [13, 20])
"groups": [] # An array of groups IDs you want to set on your
# server split by ',' (ex: [1, 2])
}
CLIENT.update_server(SERVER_ID, INFO)
"""Script affecting group(s) depending on hostname of the computers"""
import os
import re
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(
os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'),
CONF.get('cyberwatch', 'api_key'),
CONF.get('cyberwatch', 'secret_key'))
def build_groups_list(server_id, new_groups):
"""Append a list of groups to the list of a computer's existing groups"""
server_groups = CLIENT.server(str(server_id)).groups
all_groups = new_groups
if server_groups:
for group in server_groups:
all_groups.append(group.name)
return all_groups
# Dictionnary of regex corresponding to group(s)
# In this example:
# - hostname matching the regex "^.*desktop.*$" will be affected the "desktop" group
# - hostname matching the regex "^.*test.*$" will be affected both "dev_computers" and "test_api_example" groups
HOSTNAME_REGEX = {
"^.*desktop.*$": "desktop",
"""Create remote access"""
from cbw_api_toolbox.cbw_api import CBWApi
API_KEY = ''
SECRET_KEY = ''
API_URL = ''
CLIENT = CBWApi(API_URL, API_KEY, SECRET_KEY)
INFO = {
"type": "", #mandatory, precises the type of the connection
"address":
"", #mandatory, precises the IP address or the domain name of the targeted computer
"port": "", #mandatory, precises the port of the connection
"login": "", #mandatory, precises the login of the connection
"password": "", #precises the password of the connection
"key": "", #precises the key of the connection
"node": "" #precises the Cyberwatch source of the connection
}
CLIENT.create_remote_access(INFO)
"""Update a stored credentials"""
import os
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(
os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'),
CONF.get('cyberwatch', 'api_key'),
CONF.get('cyberwatch', 'secret_key'))
INFO = {
"type": "", # specifies the type of the stored credentials
"name": "", # specifies the name of the stored credentials
"endpoint":
"", # entry point (URL) for credentials of type docker engine or docker registry
"user": "", # specifies the user of the stored credentials
"password": "", # specifies the password in the stored credentials
"key": "", # specifies the secret key for credentials of type key
"auth_password":
"", # for SNMP, authentication password for SNMP credentials
"priv_password": "", # for SNMP, encryption password for SNMP credentials
"ca_cert":
"", # certificate of the certificate authority for TLS credentials like a docker engine
"client_cert":
"", # specifies client private key for TLS credentials like a Docker engine
"client_key":
"" # client certificate for TLS credentials like a Docker engine
}
"""Update remote access"""
import os
from configparser import ConfigParser
from cbw_api_toolbox.cbw_api import CBWApi
CONF = ConfigParser()
CONF.read(
os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf'))
CLIENT = CBWApi(CONF.get('cyberwatch', 'url'),
CONF.get('cyberwatch', 'api_key'),
CONF.get('cyberwatch', 'secret_key'))
INFO = {
"address":
"", #mandatory, precises the IP address or the domain name of the targeted computer
"node_id": "", #precises the Cyberwatch source of the connection
"priv_password":
"", #for SNMP, encryption password allowing to connect to the computer.
"auth_password":
"", #for SNMP, authentication password allowing to connect to the computer.
"port": "", #mandatory, precises the port of the connection
"login": "", #precises the login of the connection
"password": "", #precises the password of the connection
"key": "", #precises the key of the connection
}
REMOTE_ACCESS_ID = ''
CLIENT.update_remote_access(REMOTE_ACCESS_ID, INFO)
