def make_api_conn(self):
if self.creds:
with open(args.creds, 'rb') as file:
creds = json.loads(file.read())
if not creds.get('region'):
creds['region'] = args.region
API = CyAPI(**creds)
elif self.tid_val and self.app_id and self.app_secret:
API = CyAPI(tid=self.tid_val,
app_id=self.app_id,
app_secret=self.app_secret,
region=self.region)
else:
print("[-] Must provide valid token information")
exit(-1)
if not self.delete:
print("[+] Listing all multiple clients in your environment")
else:
print("[+] Delete all multiple clients in your environment")
print(API.baseURL)
API.create_conn()
return API
class CylanceAnalyzer(Analyzer):
def __init__(self):
Analyzer.__init__(self)
self.tid = self.get_param('config.tid', None, 'Tenant ID is missing')
self.app_id = self.get_param('config.app_id', None, 'App_ID is missing')
self.app_secret = self.get_param('config.app_secret', None, 'Secret is missing')
self.polling_interval = self.get_param('config.polling_interval', 60)
self.API = CyAPI(self.tid, self.app_id, self.app_secret)
self.API.create_conn()
def artifacts(self, raw):
print("in artifacts")
artifacts = []
artifacts.append({'type':'file', 'value':'myhash'})
return artifacts
def run(self):
print("in self")
if self.data_type == 'hash':
data = self.get_param('data', None, 'Data is missing')
myurl = self.API.get_threat_download_url(sha256=data)
try:
print(myurl.data)
r = requests.get(myurl.data['url'], allow_redirects=True)
open('/tmp/sample', 'wb').write(r.content)
results = {
'downloaded': 'true',
'hash': data,
'url': myurl.data['url']
}
except:
self.error('hash does not exist in your tenant')
self.report(results)
def summary(self, raw):
print("in summary")
taxonomies = []
level = "safe"
namespace = "Cylance"
predicate = "info"
value = "truth"
result = {
'hash': self.data,
'downloaded': true
}
taxonomies.append(self.build_taxonomy(level, namespace, predicate, value))
return {"taxonomies": taxonomies}
creds['region'] = args.region
API = CyAPI(**creds)
elif args.tid_val and args.app_id and args.app_secret:
tid_val = args.tid_val
app_id = args.app_id
app_secret = args.app_secret
API = CyAPI(tid_val, app_id, app_secret, args.region)
else:
print("[-] Must provide valid token information")
exit(-1)
print("Getting Detections")
API.create_conn()
detections = API.get_detections()
ids = []
print("Got {} IDs".format(len(detections.data)))
for d in detections.data:
try:
ids.append(d['Id'])
except:
pprint(d)
from datetime import datetime
startTime = datetime.now()
# This is a non-paralellized way of doing it
""" Optional Health Check that the server is up and running
This is a non-authenticated health-check, but returns a
CYApi APIResonse Object
"""
conn_health = API.get_mtc_health_check()
if conn_health.is_success:
print(conn_health.data)
print("The MTC API Connection is ready!\n")
else:
print(
"MTC API Connection failed health-check.\n\nStatus Code:{}\n{} Exiting.."
.format(conn_health.status_code, conn_health.errors))
exit()
API.create_conn()
tenant_list = []
tenants = API.get_tenants()
print("Collecting Access to {} tenants.".format(len(tenants.data['listData'])))
# Collect the MTC Tenants, for the venueTenantId to call for tenant jwt bearer token.
for t in tenants.data['listData']:
app = API.get_tenant_app(t['venueTenantId'])
t['jwt'] = app.data
tenant_list.append(t)
print("Starting Tenant Loops")
# Set the tenant_app switch and send in the jwt to create the tenant CyAPI object for access to tenant API.
# Loop each tenant and output the number of Protect Devices for each tenant.
total_no_optics = 0