"""Delete applicative scan""" import os from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read( os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) APPLICATIVE_SCAN_ID = '' # ID of the applicative scan. CLIENT.delete_applicative_scan(APPLICATIVE_SCAN_ID)
"""Get specific docker image""" import os from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read( os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) DOCKER_IMAGE_ID = '' # ID of the docker image. CLIENT.docker_image(DOCKER_IMAGE_ID)
'''Delete a Server''' import os from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read(os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) CLIENT.ping() SERVER_ID = '' #Id of the server you which to delete RESULT = CLIENT.delete_server(SERVER_ID) if RESULT: print('Successfull deletion') else: print('Failure deletion')
"""Update cve_announcement""" import os from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read( os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) INFO = { "score_custom": "", "access_complexity": "", "access_vector": "", "availability_impact": "", "confidentiality_impact": "", "integrity_impact": "", "privilege_required": "", "scope": "", "user_interaction": "" } CVE_CODE = '' CLIENT.update_cve_announcement(CVE_CODE, INFO)
from cbw_api_toolbox.cbw_api import CBWApi API_KEY = '' SECRET_KEY = '' API_URL = '' servers = CBWApi(API_URL, API_KEY, SECRET_KEY).get_detailed_servers() category_by_groups = {} # append each server to a group by category dict for server in servers: if server and server.groups: for group in server.groups: if group.name not in category_by_groups: category_by_groups[group.name] = {} concerned_group = category_by_groups[group.name] if server.category not in concerned_group: concerned_group[server.category] = [] concerned_group[server.category].append(server) for group in category_by_groups: print("--- GROUP : {0} ---".format(group)) for category in category_by_groups[group]: print("{0} : {1}".format(category, len(category_by_groups[group][category])))
"""Update remote access""" from cbw_api_toolbox.cbw_api import CBWApi API_KEY = '' SECRET_KEY = '' API_URL = '' CLIENT = CBWApi(API_URL, API_KEY, SECRET_KEY) INFO = {"type": "", #mandatory, precises the type of the connection "address": "", #mandatory, precises the IP address or the domain name of the targeted computer "port": "", #mandatory, precises the port of the connection "login": "", #mandatory, precises the login of the connection "password": "", #precises the password of the connection "key": "", #precises the key of the connection "node": "" #precises the Cyberwatch source of the connection } REMOTE_ACCESS_ID = '' CLIENT.update_remote_access(REMOTE_ACCESS_ID, INFO)
from cbw_api_toolbox.cbw_api import CBWApi API_KEY = '' SECRET_KEY = '' API_URL = '' CLIENT = CBWApi(API_URL, API_KEY, SECRET_KEY) CLIENT.ping() SERVER_ID = '' #Id of the server you which to delete result = CLIENT.delete_server(SERVER_ID) if result: print('Successfull deletion') else: print('Failure deletion')
"""Get a specific security issue""" import os from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read(os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) SECURITY_ISSUE_ID = '' CLIENT.security_issue(SECURITY_ISSUE_ID)
"""Update security issue""" import os from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read( os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) INFO = { "cve_announcements": [], # List of cve_announcements Code related to the security issue. "description": "", # Description of the security issue "level": "", # Severity of the security issue "score": "", # Score of the security issue "servers": [], # ID list of servers affected by the security issue. "sid": "", # SID of the security issue "title": "" # Title of the security issue } SECURITY_ISSUE_ID = '' CLIENT.update_remote_access(SECURITY_ISSUE_ID, INFO)
def __init__(self, api_url, api_key, secret_key): self.client = CBWApi(api_url, api_key, secret_key)
from cbw_api_toolbox.cbw_api import CBWApi def post_splunk(url, token, payload): """ Send a post request to Splunk API """ headers = {'Authorization': 'Splunk {}'.format(token)} res = requests.post(url=url, headers=headers, data=payload, verify=False) res.raise_for_status() return res.json() # Load configuration from file api.conf conf = ConfigParser() conf.read( os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) # Retrieve the computer from Cyberwatch API CLIENT = CBWApi(conf.get('cyberwatch', 'url'), conf.get('cyberwatch', 'api_key'), conf.get('cyberwatch', 'secret_key')) SERVER_ID = '' server = CLIENT.server(SERVER_ID) # Send the data to Splunk post_splunk( conf.get('splunk', 'url'), conf.get('splunk', 'token'), '- Hostname: {}\n- Vulnerabilities count: {}'.format( server.hostname, server.cve_announcements_count))
class CBWXlsx: """Class used to import/export file xlsx remote acesses""" def __init__(self, api_url, api_key, secret_key): self.client = CBWApi(api_url, api_key, secret_key) def import_remote_accesses_xlsx(self, file_xlsx): """method to import remote accesses from an xlsx file""" if not file_xlsx: logging.fatal("No Files xlsx") return None if not file_xlsx.endswith(".xlsx"): logging.fatal("Extension not valid") return None imported = xlrd.open_workbook(file_xlsx) lines = imported.sheet_by_index(0) response = [] titles = lines.row_values(0) for line in range(1, lines.nrows): text = lines.row_values(line) address = lines.row_values(line)[0] logging.debug("Creating remote access {}".format(address)) try: info = { "address": text[titles.index("HOST")], "port": text[titles.index("PORT")], "type": text[titles.index("TYPE")], "login": text[titles.index("USERNAME")], "password": text[titles.index("PASSWORD")], "key": text[titles.index("KEY")], "node_id": text[titles.index("NODE_ID")], "server_groups": text[titles.index("SERVER_GROUPS")] } remote_access = self.client.create_remote_access(info) response.append(remote_access) logging.debug("Done") except ValueError: logging.fatal("Error format file xlsx::" "HOST, PORT, TYPE, USERNAME," "PASSWORD, KEY, NODE_ID, SERVER_GROUPS") return None return response def export_remote_accesses_xlsx(self, file_xlsx="export_remote_accesses_" + str(datetime.datetime.now()) + ".xlsx"): """Method to export remote access to an xlsx file""" if not file_xlsx or file_xlsx == "": logging.error("No xlsx file") return False if not file_xlsx.endswith(".xlsx"): logging.error("Extension not valid") return False remote_accesses = self.client.remote_accesses() logging.debug("Creating file xlsx") workbook = xlsxwriter.Workbook(file_xlsx) worksheet = workbook.add_worksheet(u"remote_accesses") worksheet.write(0, 0, "HOST") worksheet.write(0, 1, "PORT") worksheet.write(0, 2, "TYPE") worksheet.write(0, 3, "NODE_ID") worksheet.write(0, 4, "SERVER_GROUPS") logging.debug("Add remote accesses in file xlsx") i = 1 for remote_access in remote_accesses: worksheet.write(i, 0, remote_access.address) worksheet.write(i, 1, remote_access.port) worksheet.write(i, 2, remote_access.type) worksheet.write(i, 3, remote_access.node_id) if remote_access.server_id: server = self.client.server(remote_access.server_id) if server.groups: group_name = "" for group in server.groups: group_name += group.name + "," group_name = group_name[:-1] worksheet.write(i, 4, group_name) i += 1 workbook.close() logging.debug("Done") return True
"""Create a stored credentials""" import os from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read(os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) INFO = {"type": "", # mandatory, specifies the type of the stored credentials "name": "", # mandatory, specifies the name of the stored credentials "user": "", # specifies the user of the stored credentials "password": "", # specifies the password in the stored credentials "key": "", # specifies the secret key for credentials of type key "endpoint": "", # entry point (URL) for credentials of type docker engine or docker registry "ca_cert": "", # certificate of the certificate authority for TLS credentials like a docker engine "client_cert": "", # specifies client private key for TLS credentials like a Docker engine "client_key": "", # client certificate for TLS credentials like a Docker engine "auth_password": "", # for SNMP, authentication password for SNMP credentials "priv_password": "" # for SNMP, encryption password for SNMP credentials } CLIENT.create_stored_credential(INFO)
"""Get all applicative scans""" import os from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read( os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) CLIENT.applicative_scans()
"""get asset by asset_id""" import os from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read( os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) ASSET_ID = '' CLIENT.server(ASSET_ID)
"""Get all the stored credentials""" import os from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read(os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) CLIENT.stored_credentials()
"""Example: Export the applications for each servers""" # FOR THIS EXAMPLE YOU NEED TO INSTALL xlsxwriter : pip3 install xlsxwriter import xlsxwriter # pylint: disable=import-error from cbw_api_toolbox.cbw_api import CBWApi API_KEY = '' SECRET_KEY = '' API_URL = '' CLIENT = CBWApi(API_URL, API_KEY, SECRET_KEY) CLIENT.ping() SERVERS = CLIENT.servers() EXPORTED = xlsxwriter.Workbook('cbw_export_servers_applications.xlsx') for server in SERVERS: server = CLIENT.server(server.id) if server and server.applications: print("Export applications for {0}".format(server.hostname)) worksheet = EXPORTED.add_worksheet(server.hostname) worksheet.write(0, 0, "Application") worksheet.write(0, 1, "Version") row = 1
"""Get all the remote accesses""" import os from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read( os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) CLIENT.remote_accesses()
'''Delete an Asset''' import os from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read( os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) ASSET_ID = '' #Id of the asset you which to delete CLIENT.delete_asset(ASSET_ID)
"""Get all docker images""" import os from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read( os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) CLIENT.docker_images()
import os import csv import logging from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi # Find the ID on [CYBERWATCH_URL]/cbw_assets/groups and edit the concerned stored credential (the ID will be in the URL) # Example: "https://[CYBERWATCH_URL]/cbw_assets/groups/9/edit" the GROUP_ID is '9' GROUP_ID = "" CONF = ConfigParser() CONF.read( os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) def to_csv(csv_lines, name_csv, path=""): """Write objects in csv_lines into a csv file""" with open(os.path.join(path, name_csv), 'w', newline='') as csvfile: spamwriter = csv.writer(csvfile, delimiter=' ', quotechar='|', quoting=csv.QUOTE_MINIMAL) spamwriter.writerow(['"sep=,"']) fieldnames = csv_lines[0].keys() writer = csv.DictWriter(csvfile, fieldnames=fieldnames) writer.writeheader() for line in csv_lines:
"""Delete remote access""" from cbw_api_toolbox.cbw_api import CBWApi API_KEY = '' SECRET_KEY = '' API_URL = '' CLIENT = CBWApi(API_URL, API_KEY, SECRET_KEY) REMOTE_ACCESS_ID = '' CLIENT.delete_remote_access(REMOTE_ACCESS_ID)
"""Create remote access""" import os import json from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read( os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) def match_system_cyberwatch(system): """Function used to match the system specified in the file with Cyberwatch syntax""" if system == "windows": return "CbwRam::RemoteAccess::WinRm::WithNegotiate", 5985 if system == "linux": return "CbwRam::RemoteAccess::Ssh::WithPassword", 22 if system == "network device": return "CbwRam::RemoteAccess::Snmp", 161 print("System '{}' not recognized, setting default as 'Linux' and port 22". format(system)) return "CbwRam::RemoteAccess::Ssh::WithPassword", 22 def parse_json_file(json_file_path): """Parse the json file specified and create remote access objects in Cyberwatch"""
"""Fetch a list of all air gapped scanning scripts""" import os from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read( os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) CLIENT.fetch_airgapped_scripts()
"""Example: Find all servers per group""" import os from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read( os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) CLIENT.ping() SERVERS = CLIENT.servers() CATEGORY_BY_GROUPS = {} # append each server to a group by category dict for server in SERVERS: server = CLIENT.server(str(server.id)) for group in server.groups: if group.name not in CATEGORY_BY_GROUPS: CATEGORY_BY_GROUPS[group.name] = {} concerned_group = CATEGORY_BY_GROUPS[group.name] if server.category not in concerned_group: concerned_group[server.category] = []
"""Update server attributes""" import os from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read( os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) SERVER_ID = '' #add the appropriate id server INFO = { "category": '', "description": "", "environment": {}, # Environment object "deploying_period": "", "ignoring_policy": "", "compliance_groups": [], # An array of of the compliance groups IDs you want to set on your # server split by ',' (ex: [13, 20]) "groups": [] # An array of groups IDs you want to set on your # server split by ',' (ex: [1, 2]) } CLIENT.update_server(SERVER_ID, INFO)
"""Script affecting group(s) depending on hostname of the computers""" import os import re from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read( os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) def build_groups_list(server_id, new_groups): """Append a list of groups to the list of a computer's existing groups""" server_groups = CLIENT.server(str(server_id)).groups all_groups = new_groups if server_groups: for group in server_groups: all_groups.append(group.name) return all_groups # Dictionnary of regex corresponding to group(s) # In this example: # - hostname matching the regex "^.*desktop.*$" will be affected the "desktop" group # - hostname matching the regex "^.*test.*$" will be affected both "dev_computers" and "test_api_example" groups HOSTNAME_REGEX = { "^.*desktop.*$": "desktop",
"""Create remote access""" from cbw_api_toolbox.cbw_api import CBWApi API_KEY = '' SECRET_KEY = '' API_URL = '' CLIENT = CBWApi(API_URL, API_KEY, SECRET_KEY) INFO = { "type": "", #mandatory, precises the type of the connection "address": "", #mandatory, precises the IP address or the domain name of the targeted computer "port": "", #mandatory, precises the port of the connection "login": "", #mandatory, precises the login of the connection "password": "", #precises the password of the connection "key": "", #precises the key of the connection "node": "" #precises the Cyberwatch source of the connection } CLIENT.create_remote_access(INFO)
"""Update a stored credentials""" import os from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read( os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) INFO = { "type": "", # specifies the type of the stored credentials "name": "", # specifies the name of the stored credentials "endpoint": "", # entry point (URL) for credentials of type docker engine or docker registry "user": "", # specifies the user of the stored credentials "password": "", # specifies the password in the stored credentials "key": "", # specifies the secret key for credentials of type key "auth_password": "", # for SNMP, authentication password for SNMP credentials "priv_password": "", # for SNMP, encryption password for SNMP credentials "ca_cert": "", # certificate of the certificate authority for TLS credentials like a docker engine "client_cert": "", # specifies client private key for TLS credentials like a Docker engine "client_key": "" # client certificate for TLS credentials like a Docker engine }
"""Update remote access""" import os from configparser import ConfigParser from cbw_api_toolbox.cbw_api import CBWApi CONF = ConfigParser() CONF.read( os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', 'api.conf')) CLIENT = CBWApi(CONF.get('cyberwatch', 'url'), CONF.get('cyberwatch', 'api_key'), CONF.get('cyberwatch', 'secret_key')) INFO = { "address": "", #mandatory, precises the IP address or the domain name of the targeted computer "node_id": "", #precises the Cyberwatch source of the connection "priv_password": "", #for SNMP, encryption password allowing to connect to the computer. "auth_password": "", #for SNMP, authentication password allowing to connect to the computer. "port": "", #mandatory, precises the port of the connection "login": "", #precises the login of the connection "password": "", #precises the password of the connection "key": "", #precises the key of the connection } REMOTE_ACCESS_ID = '' CLIENT.update_remote_access(REMOTE_ACCESS_ID, INFO)