def main():
fqdn = '*****@*****.**'
location_name = 'sjc_sdwan_1 (San Jose, CA)'
print("\n\n ########## STARTING SDK ##########\n\n")
z = zscaler_python_sdk.zscaler()
z.get_zia_partner_creds_from_env(True)
z.set_cloud('betacloud')
z.authenticate_partner_api()
# Get Locations
print("\n\n ########## GET LOCATIONS (AFTER) ##########\n\n")
z.get_locations()
# Get a Location ID from get_location() output, comment exit below. After,
# insert the Location ID as the first parameter in z.create_sub_location below.
exit()
# Create Sub-Location
z.create_sub_location(
INSERT-LOCATION-ID,
"Python SDK Created Sub-Location",
"10.10.0.0/16",
gateway_options,
)
# Activate change
print("\n\n ########## ACTIVATE CHANGES ##########\n\n")
z.activate()
# Get Locations
print("\n\n ########## GET LOCATIONS (AFTER) ##########\n\n")
z.get_locations()
def main():
print("\n\n ########## STARTING SDK ##########\n\n")
z = zscaler_python_sdk.zscaler()
z.get_zia_creds_from_env(True)
z.set_cloud('betacloud')
z.authenticate_zia_api()
# Get ZIA blacklist
print("\n\n ########## GET BLACKLIST (BEFORE) ##########\n\n")
z.get_blacklist_urls()
# Python list of URLs to filter
print("\n\n ########## URL LIST TO ADD TO BLACKLIST ##########\n\n")
url_list = [
'umbrella.cisco.com', '.paloaltonetworks.com', '.versa-networks.com'
]
print(url_list)
# Add URL list to blacklist
print("\n\n ########## ADD URL LIST TO BLACKLIST ##########\n\n")
z.add_blacklist_urls(url_list)
# Activate changes
print("\n\n ########## ACTIVATE CHANGES ##########\n\n")
z.activate()
# Sleep for 10 seconds
print("\n\n ########## Sleep for 10 seconds ##########")
time.sleep(10)
# Get ZIA blacklist a second time to compare
print("\n\n ########## GET BLACKLIST (AFTER) ##########\n\n")
z.get_blacklist_urls()
def collect_events(helper, ew):
global_account = helper.get_arg('global_account')
cloud = helper.get_arg('cloud')
apikey = helper.get_arg('apikey')
username = global_account['username']
password = global_account['password']
# Get list of MD5's pending detonation
#session_key = helper.get_arg('session_key')
#input_name, input_items = inputs.inputs.popitem()
session_key = helper.context_meta['session_key']
#session_key = "dummy"
md5List = get_md5_list(username, password, session_key)
#Set envvars based on clear creds
os.environ["ZIA_USERNAME"] = username
os.environ["ZIA_PASSWORD"] = password
os.environ["ZIA_API"] = apikey
#API Login
helper.log_info("Login to Zscaler API: %s" % username)
z = zscaler_python_sdk.zscaler()
z.get_zia_creds_from_env(True)
z.set_cloud(cloud)
z.authenticate_zia_api()
helper.log_info("Login Success")
# Get the results and display them using the ResultsReader
reader = results.ResultsReader(md5List)
for item in reader:
if (item["md5"] == "none"):
helper.log_info("STOP: No queued MD5")
break
helper.log_info("Checking Zscaler Sandbox for MD5 : %s" % item["md5"])
quota = z.check_sandbox_quota()
#print(quota)
helper.log_info("Sandbox current quota : %s" % quota)
while quota['unused'] <= 0:
quota = z.check_sandbox_quota()
helper.log_info("waiting 1 sec...\tquota_left[" +
str(quota['unused']) + "']")
time.sleep(1)
helper.log_info("Loading Zscaler Sandbox for MD5 : %s" % item["md5"])
report = z.get_sandbox_report(item["md5"], "full")
#helper.log_info("Sandbox REPORT : %s" % report.text)
#print(item["md5"])
event = Event()
#event.stanza = input_name
event.data = report.text
ew.write_event(event)
def main():
print("\n\n ########## STARTING SDK ##########\n\n")
z = zscaler_python_sdk.zscaler()
z.get_zia_partner_creds_from_env(True)
z.set_cloud('betacloud')
z.authenticate_partner_api()
# Get all GRE tunnel details
print("\n\n ########## GET ALL GRE tunnel details ##########\n\n")
z.get_gre_tunnel_details()
def main():
static_ipv4 = 'X.X.X.X' # Your public static IP address
geoOverride = True # If wanting to manually configure IP GeoLocation
latitude = '47.608013'
longitude = '-122.335167'
location_name = 'sjc_sdwan_1 (San Jose, CA)'
print("\n\n ########## STARTING SDK ##########\n\n")
z = zscaler_python_sdk.zscaler()
z.get_zia_partner_creds_from_env(True)
z.set_cloud('betacloud')
z.authenticate_partner_api()
# Create static IP address
print("\n\n ########## CREATE STATIC IP ##########\n\n")
res = z.create_static_ip(static_ipv4,
latitude=latitude,
longitude=longitude,
geoOverride=geoOverride)
# Extract Static IP ID.
print("\n\n ########## EXTRACT STATIC IP ID ##########\n\n")
static_id = z.extract_id_from_response(res.content)
# Get closest DC VIPs by Source IP
print("\n\n ########## GET GRE VIPS BY SOURCE IP ##########\n\n")
res = z.get_gre_vips(static_ipv4, latitude=latitude, longitude=longitude)
# Extract Primary and Secondary VIPs
print("\n\n ########## EXTRACTING PRIMARY VIP ID ##########\n\n")
primary_gre_vip_id = z.extract_gre_vip_id_from_response(
'primary', res.content)
print("\n\n ########## EXTRACTING SECONDARY VIP ID ##########\n\n")
secondary_gre_vip_id = z.extract_gre_vip_id_from_response(
'secondary', res.content)
# Create GRE tunnel
print("\n\n ########## CREATE GRE TUNNEL ##########\n\n")
res = z.create_gre_tunnel(static_ipv4, primary_gre_vip_id,
secondary_gre_vip_id)
# Extract GRE Tunnel ID.
print("\n\n ########## EXTRACT GRE ID ##########\n\n")
gre_id = z.extract_id_from_response(res.content)
# Create Location with GRE Tunnel ID
print("\n\n ########## CREATE LOCATION WITH IP ADDRESS ##########\n\n")
res = z.create_location_with_ip_address(location_name, static_ipv4)
# Extract Location ID.
print("\n\n ########## EXTRACT LOCATION ID ##########\n\n")
location_id = z.extract_id_from_response(res.content)
def main():
fqdn = '*****@*****.**'
location_description = "Test driving the new Python SDK"
print("\n\n ########## STARTING SDK ##########\n\n")
z = zscaler_python_sdk.zscaler()
z.get_zia_partner_creds_from_env(True)
z.set_cloud('betacloud')
z.authenticate_partner_api()
# Get Locations (Before add)
print("\n\n ########## GET LOCATIONS (BEFORE) ##########\n\n")
z.get_locations()
# Pass FQDN. Will resposnd with VPN credential id
print("\n\n ########## CREATE VPN CREDENTIAL ##########\n\n")
res = z.create_vpn_credential(fqdn, None)
# Extract ID from the prior response.
print("\n\n ########## EXTRACT VPN CREDENTIAL ID ##########\n\n")
vpn_id = z.extract_vpn_credential_id(res.content)
# Pass location name, VPN credential id, and FQDN
print("\n\n ########## CREATE LOCATION ##########\n\n")
res = z.create_location(
location_description,
vpn_id,
fqdn
)
# Extract ID from the prior response.
print("\n\n ########## EXTRACT LOCATION ID ##########\n\n")
location_id = z.extract_location_id(res.content)
# Activate change
print("\n\n ########## ACTIVATE CHANGES ##########\n\n")
z.activate()
# Get Locations (After add)
print("\n\n ########## GET LOCATIONS (AFTER) ##########\n\n")
z.get_locations()
# Get VPN Credentials
print("\n\n ########## GET VPN CREDENTIALS ##########\n\n")
z.get_vpn_credentials()
# Get VPN Credentials by Id
print("\n\n ########## GET VPN CREDENTIALS BY ID ##########\n\n")
z.get_vpn_credential_by_id(vpn_id)
def main():
fqdn = '*****@*****.**'
location_name = 'sjc_sdwan_1 (San Jose, CA)'
print("\n\n ########## STARTING SDK ##########\n\n")
z = zscaler_python_sdk.zscaler()
z.get_zia_partner_creds_from_env(True)
z.set_cloud('betacloud')
z.authenticate_partner_api()
# Get Locations (Before add)
print("\n\n ########## GET LOCATIONS (BEFORE) ##########\n\n")
z.get_locations()
# Pass FQDN. Will resposnd with VPN credential id
print("\n\n ########## CREATE VPN CREDENTIAL ##########\n\n")
res = z.create_vpn_credential(fqdn, None)
# Extract ID from the prior response.
print("\n\n ########## EXTRACT VPN CREDENTIAL ID ##########\n\n")
vpn_id = z.extract_id_from_response(res.content)
# Pass location name, VPN credential id, and FQDN
print("\n\n ########## CREATE LOCATION ##########\n\n")
res = z.create_location_with_vpn_credential(
location_description,
vpn_id,
fqdn,
gateway_options
)
# Extract ID from the prior response.
print("\n\n ########## EXTRACT LOCATION ID ##########\n\n")
location_id = z.extract_location_id(res.content)
# Activate change
print("\n\n ########## ACTIVATE CHANGES ##########\n\n")
z.activate()
# Get Locations (After add)
print("\n\n ########## GET LOCATIONS (AFTER) ##########\n\n")
z.get_locations()
def main():
print("\n\n ########## STARTING SDK ##########\n\n")
z = zscaler_python_sdk.zscaler()
z.get_zia_creds_from_env(True)
z.set_cloud('zscalerthree')
z.authenticate_zia_api()
# Query Known Benign MD5 hash
print("\n\n ########## Query Known Benign MD5 hash ##########\n\n")
query1 = z.get_sanbox_report_md5('d732eef37d941722c8b23221bf173161')
# Query Known Malicious MD5 hash (summary)
print(
"\n\n ########## Query Known Malicious MD5 hash - summary report ##########\n\n"
)
query2 = z.get_sanbox_report_md5_summary(
'1acd57deafcbc29617a15708f45c31f0')
# Query Known Malicious MD5 hash (full report)
print(
"\n\n ########## Query Known Malicious MD5 hash - full report ##########\n\n"
)
query3 = z.get_sanbox_report_md5('1acd57deafcbc29617a15708f45c31f0')
# Parse report using is_md5hash_suspicious method to determine if file is malicious
print(
"\n\n ########## Parse report output to detemine if file is Suspicious ##########\n\n"
)
if z.is_md5hash_suspicious(query3):
print("The File Is Suspicious\n\n")
else:
print("The File Is Not Suspicious\n\n")
# Parse report using is_md5hash_malicious method to determine if file is malicious
print(
"\n\n ########## Parse report output to detemine if file is Malicious ##########\n\n"
)
if z.is_md5hash_malicious(query3):
print("The File Is Malicious\n\n")
else:
print("The File Is Not Malicious\n\n")
def main():
print("\n\n ########## STARTING SDK ##########\n\n")
z = zscaler_python_sdk.zscaler()
z.get_zia_partner_creds_from_env(True)
z.set_cloud('betacloud')
z.authenticate_partner_api()
# Get all public and private Zscaler Datacenter VIPs
print("\n\n ########## GET ALL PUBLIC AND PRIVATE VIPS ##########\n\n")
z.get_all_vips()
time.sleep(2)
# Get all public Zscaler Datacenter VIPs
print("\n\n ########## GET ALL PUBLIC VIPS ##########\n\n")
z.get_all_public_vips()
time.sleep(2)
# Get all private Zscaler Datacenter VIPs
print("\n\n ########## GET ALL PRIVATE VIPS ##########\n\n")
z.get_all_private_vips()
def stream_events(self, inputs, ew):
self.input_name, self.input_items = inputs.inputs.popitem()
session_key = self._input_definition.metadata["session_key"]
username = self.input_items["apiuser"]
password = self.input_items['apipass']
apikey = self.input_items['apikey']
filename = self.input_name.split("://")
checkpoint_dir = self._input_definition.metadata["checkpoint_dir"]
file = os.path.join(checkpoint_dir, filename[1])
# Setup Credentails for Zscaler API Login, these are stored encrypted using Splunk's API's
self.USERNAME = username
kind, input_name = self.input_name.split("://")
api_realm = kind + input_name + "__API__"
pass_realm = kind + input_name + "__PASS__"
try:
# If the password is not masked, mask it.
if password != self.MASK:
ew.log("INFO", "Encrypting Password")
self.encrypt_password(username, password, pass_realm, session_key, ew)
ew.log("INFO", "Masking Password")
self.mask_password(session_key, username, apikey, "password")
ew.log("INFO", "Getting Clear Passsword")
self.CLEAR_PASSWORD = self.get_password(session_key, username, pass_realm)
# If the apikey is not masked, mask it.
if apikey != self.MASK:
ew.log("INFO", "Encrypting APIKEY")
self.encrypt_password(username, apikey, api_realm, session_key, ew)
ew.log("INFO", "Masking APIKEY")
self.mask_password(session_key, username, password, "apikey")
ew.log("INFO", "Getting Clear APIKEY")
self.CLEAR_KEY = self.get_password(session_key, username, api_realm)
except Exception as e:
ew.log("ERROR", "Error: %s" % str(e))
print("ERROR", "Error: %s" % str(e))
#Set envvars based on clear creds
os.environ["ZIA_USERNAME"] = self.USERNAME
os.environ["ZIA_PASSWORD"] = self.CLEAR_PASSWORD
os.environ["ZIA_API"] = self.CLEAR_KEY
#API Login
ew.log("INFO", "Login to Zscaler API: %s" % username)
z = zscaler_python_sdk.zscaler()
z.get_zia_creds_from_env(True)
z.set_cloud(self.input_items['cloud'])
z.authenticate_zia_api()
ew.log("INFO", "Login Success")
# Get Audit Report
#load starttime from checkpoint file
ew.log("DEBUG", "Loading Checkpoint: " + file)
stime = self.load_checkpoint(file)
#if we get no time for checpoint default to 10 mins ago
if(not stime):
#set strt time a week ago, end time now
ew.log("DEBUG", "Cant determine last execiting time, using default [last 10 mins]")
startOffset = 604800
stime = int(round(time.time() * 1000)-startOffset)-1000
etime = int(round(time.time() * 1000)) -1000
ew.log("INFO", "Generating Report: " + str(stime) + "-" + str(etime))
generate = z.generate_audit_report(stime, etime)
ew.log("INFO", "Report generated status(" + str(generate.status_code) + ") :" + str(generate.text))
# print("\n\n ########## GENERATING API RESPONSE ##########")
#print(generate)
#if generate is "Status Code: 204":
#print("\n\n ########## GENERATING AUDIT REPORT SUCCESS ##########\n\n" + generate)
#else:
#print("\n\n ########## FAILED TO GENERATE REPORT ##########\n\n" + generate)
#return
#if generate is not "Status Code: 204":
# ew.log("INFO", "API Error: " + str(generate.text))
# return
status = z.check_audit_status()
#print(status + "\n")
#don't try to download report while status is executing
#there's more response types for this call we could look to handle too.
while status == "EXECUTING":
status=z.check_audit_status()
ew.log("INFO", "Looping Audit Log still generating, ServerSideStatus=" + status)
time.sleep(1)
ew.log("INFO","########## AUDIT REPORT GENERATED ##########\n\n")
report = z.get_audit_report("json")
logs = json.loads(report)
for (key, value) in logs.items():
#ew.log("DEBUG", "Key: " + str(key))
if(key == "log"):
for log in value:
#ew.log("DEBUG", "Log: " + str(log))
event = Event()
event.data = json.dumps(log)
ew.write_event(event)
ew.log("DEBUG", "Saving Chekpoint: " + file)
self.save_checkpoint(etime, file)
def collect_events(helper, ew):
global_account = helper.get_arg('global_account')
cloud = helper.get_arg('cloud')
apikey = helper.get_arg('apikey')
username = global_account['username']
password = global_account['password']
file = "checkpoint"
#Set envvars based on clear creds
os.environ["ZIA_USERNAME"] = username
os.environ["ZIA_PASSWORD"] = password
os.environ["ZIA_API"] = apikey
#API Login
helper.log_info("Login to Zscaler API: %s" % username)
z = zscaler_python_sdk.zscaler()
z.get_zia_creds_from_env(True)
z.set_cloud(cloud)
z.authenticate_zia_api()
helper.log_info("Login Success")
# Get Audit Report
#load starttime from checkpoint file
helper.log_debug("Loading Checkpoint: " + file)
stime = helper.get_check_point(file)
#if we get no time for checpoint default to 10 mins ago
if (not stime):
#set strt time a week ago, end time now
helper.log_debug(
"Cant determine last execution time, using default [last 10 mins]")
startOffset = 604800
stime = int(round(time.time() * 1000) - startOffset) - 1000
etime = int(round(time.time() * 1000)) - 1000
helper.log_info("Generating Report: " + str(stime) + "-" + str(etime))
generate = z.generate_audit_report(stime, etime)
helper.log_info("Report generated status(" + str(generate.status_code) +
") :" + str(generate.text))
# print("\n\n ########## GENERATING API RESPONSE ##########")
#print(generate)
#if generate is "Status Code: 204":
#print("\n\n ########## GENERATING AUDIT REPORT SUCCESS ##########\n\n" + generate)
#else:
#print("\n\n ########## FAILED TO GENERATE REPORT ##########\n\n" + generate)
#return
#if generate is not "Status Code: 204":
# helper.log_info("API Error: " + str(generate.text))
# return
status = z.check_audit_status()
#print(status + "\n")
#don't try to download report while status is executing
#there's more response types for this call we could look to handle too.
while status == "EXECUTING":
status = z.check_audit_status()
helper.log_info(
"Looping Audit Log still generating, ServerSideStatus=" + status)
time.sleep(1)
ew.log("INFO", "########## AUDIT REPORT GENERATED ##########\n\n")
report = z.get_audit_report("json")
logs = json.loads(report)
for (key, value) in logs.items():
#helper.log_debug("Key: " + str(key))
if (key == "log"):
for log in value:
#helper.log_debug("Log: " + str(log))
event = helper.new_event(json.dumps(log))
ew.write_event(event)
helper.log_debug("Saving Chekpoint: " + file)
helper.save_check_point(file, etime)
'''
# The following examples show usage of logging related helper functions.
# write to the log for this modular input using configured global log level or INFO as default
helper.log("log message")
# write to the log using specified log level
helper.log_debug("log message")
helper.log_info("log message")
helper.log_warning("log message")
helper.log_error("log message")
helper.log_critical("log message")
# set the log level for this modular input
# (log_level can be "debug", "info", "warning", "error" or "critical", case insensitive)
helper.set_log_level(log_level)
'''
'''
def stream_events(self, inputs, ew):
self.input_name, self.input_items = inputs.inputs.popitem()
session_key = self._input_definition.metadata["session_key"]
username = self.input_items["apiuser"]
password = self.input_items['apipass']
apikey = self.input_items['apikey']
# Run a one-shot search and display the results using the results reader
md5List = self.get_md5_list(username, password, session_key)
# Setup Credentails for Zscaler API Login, these are stored encrypted using Splunk's API's
self.USERNAME = username
kind, input_name = self.input_name.split("://")
api_realm = kind + input_name + "__API__"
pass_realm = kind + input_name + "__PASS__"
try:
# If the password is not masked, mask it.
if password != self.MASK:
ew.log("INFO", "Encrypting Password")
self.encrypt_password(username, password, pass_realm,
session_key, ew)
ew.log("INFO", "Masking Password")
self.mask_password(session_key, username, apikey, "password")
ew.log("INFO", "Getting Clear Passsword")
self.CLEAR_PASSWORD = self.get_password(session_key, username,
pass_realm)
# If the apikey is not masked, mask it.
if apikey != self.MASK:
ew.log("INFO", "Encrypting APIKEY")
self.encrypt_password(username, apikey, api_realm, session_key,
ew)
ew.log("INFO", "Masking APIKEY")
self.mask_password(session_key, username, password, "apikey")
ew.log("INFO", "Getting Clear APIKEY")
self.CLEAR_KEY = self.get_password(session_key, username,
api_realm)
except Exception as e:
ew.log("ERROR", "Error: %s" % str(e))
print("ERROR", "Error: %s" % str(e))
#Set envvars based on clear creds
os.environ["ZIA_USERNAME"] = self.USERNAME
os.environ["ZIA_PASSWORD"] = self.CLEAR_PASSWORD
os.environ["ZIA_API"] = self.CLEAR_KEY
#API Login
ew.log("INFO", "Login to Zscaler API: %s" % username)
z = zscaler_python_sdk.zscaler()
z.get_zia_creds_from_env(True)
z.set_cloud(self.input_items['cloud'])
z.authenticate_zia_api()
ew.log("INFO", "Login Success")
# Get the results and display them using the ResultsReader
reader = results.ResultsReader(md5List)
for item in reader:
if (item["md5"] == "none"):
ew.log("INFO", "STOP: No queued MD5")
break
ew.log("INFO",
"Checking Zscaler Sandbox for MD5 : %s" % item["md5"])
quota = z.check_sandbox_quota()
#print(quota)
ew.log("INFO", "Sandbox current quota : %s" % quota)
while quota['unused'] <= 0:
quota = z.check_sandbox_quota()
ew.log(
"INFO", "waiting 1 sec...\tquota_left[" +
str(quota['unused']) + "']")
time.sleep(1)
ew.log("INFO",
"Loading Zscaler Sandbox for MD5 : %s" % item["md5"])
report = z.get_sandbox_report(item["md5"], "full")
#ew.log("INFO", "Sandbox REPORT : %s" % report.text)
#print(item["md5"])
event = Event()
#event.stanza = input_name
event.data = report.text
ew.write_event(event)