{ 'asset_id': 28, 'filters': { 'sensor': 'HomeNet_Snort', 'endtime': int(time.time()), 'starttime': (int(time.time()) - 86400), }, }, { 'asset_id': 29, 'filters': { 'type': 'nbs', 'endtime': int(time.time()), 'starttime': (int(time.time()) - 86400), }, }, ] host = 'HOST' username = '******' password = '******' sc = SecurityCenter(host, username, password) for update in update_list: events = sc.query('sumip', source='lce', **update['filters']) ips = [] for event in events: ips.append(event['address']) sc.asset_update(update['asset_id'], ips=ips)
sc = SecurityCenter(hostname, username, password) queries = [{ 'eventName': 'Unique_Windows_Executable', 'regex': re.compile(r'invoked \'(.*?)\''), 'regex_type': 'single', }, { 'eventName': 'Daily_Command_Summary', 'regex': re.compile(r'day: (.*?) \('), 'regex_type': 'multiple', }] procs = set() for query in queries: data = sc.query('syslog', source='lce', eventName=query['eventName'], endtime=int(time.time()), starttime=(int(time.time()) - (86400 * days))) for item in data: values = query['regex'].findall(item['message']) for value in values: if query['regex_type'] == 'single': procs.add(value) if query['regex_type'] == 'multiple': for val in value.split(', '): procs.add(val) print '%s:\t%s' % (len(procs), ', '.join(procs))
ip = sys.argv[1] checkip = sys.argv[1] #Ignore TLS Cert Error if hasattr(ssl, '_create_unverified_context'): ssl._create_default_https_context = ssl._create_unverified_context # Instantiate a Security Center instance and login with the credentials provided sc = SecurityCenter(host, username, password) # vulns = sc.query('vulndetails', exploitAvailable='true', pluginType='active', severity='3,4', ip=checkip) # Set IP Address: ips = {} if not vulns: print '\nYou Probably Cant Hack %s. Congrats! : ) \n' % ip else: for vuln in vulns: if vuln['ip'] not in ips: ips[vuln['ip']] = [] ips[vuln['ip']].append(vuln) # Now to print the output to the screen. This could easily be rewritten to # output to a file as well, or even parse it into a CSV file if needed.
ip = sys.argv[1] checkip = sys.argv[1] #Ignore TLS Cert Error if hasattr(ssl, '_create_unverified_context'): ssl._create_default_https_context = ssl._create_unverified_context # Instantiate a Security Center instance and login with the credentials provided sc = SecurityCenter(host, username, password) # vulns = sc.query('vulndetails', exploitAvailable='true', pluginType='active', severity='3,4', ip=checkip) # Set IP Address: ips ={} if not vulns: print '\nYou Probably Cant Hack %s. Congrats! : ) \n' % ip else: for vuln in vulns: if vuln['ip'] not in ips: ips[vuln['ip']] = [] ips[vuln['ip']].append(vuln) # Now to print the output to the screen. This could easily be rewritten to # output to a file as well, or even parse it into a CSV file if needed. for ip in ips: print 'Yep, you can hack %s. \nHere is how:' %ip
update_list = [{ 'asset_id': 28, 'filters': { 'sensor': 'HomeNet_Snort', 'endtime': int(time.time()), 'starttime': (int(time.time()) - 86400), }, },{ 'asset_id': 29, 'filters': { 'type': 'nbs', 'endtime': int(time.time()), 'starttime': (int(time.time()) - 86400), }, }, ] host = 'HOST' username = '******' password = '******' sc = SecurityCenter(host, username, password) for update in update_list: events = sc.query('sumip', source='lce', **update['filters']) ips = [] for event in events: ips.append(event['address']) sc.asset_update(update['asset_id'], ips=ips)
sc = SecurityCenter(hostname, username, password) queries = [{ 'eventName': 'Unique_Windows_Executable', 'regex': re.compile(r'invoked \'(.*?)\''), 'regex_type': 'single', },{ 'eventName': 'Daily_Command_Summary', 'regex': re.compile(r'day: (.*?) \('), 'regex_type': 'multiple', } ] procs = set() for query in queries: data = sc.query('syslog', source='lce', eventName=query['eventName'], endtime=int(time.time()), starttime=(int(time.time()) - (86400 * days)) ) for item in data: values = query['regex'].findall(item['message']) for value in values: if query['regex_type'] == 'single': procs.add(value) if query['regex_type'] == 'multiple': for val in value.split(', '): procs.add(val) print '%s:\t%s' % (len(procs), ', '.join(procs))