def tune_app_control(api, configuration, api_version, api_exception): try: # Create a PoliciesApi object policies_api = api.PoliciesApi(api.ApiClient(configuration)) # List policies using version v1 of the API policies_list = policies_api.list_policies(api_version) # View the list of policies # return policies_list except api_exception as e: return "Exception: " + str(e) # Search computer in deep security dashboard search_criteria = api.SearchCriteria() search_criteria.field_name = "displayName" search_criteria.string_value = '%' + search_name + '%' search_criteria.string_test = "equal" search_criteria.string_wildcards = True # Create search filter to find computer search_filter = api.SearchFilter(None, [search_criteria]) # Create a ComputerApi object computer_api = api.ComputersApi(api.ApiClient(configuration)) try: # Perform the search computer_details = computer_api.search_computers(api_version, search_filter=search_filter) ec2_instance_id = [] ds_ids = [] for ec2_details in computer_details.computers: ec2_instance_id.append(ec2_details.ec2_virtual_machine_summary.instance_id) ds_ids.append(ec2_details.id) # Set the Reconnaissance Scan value setting_value = api.SettingValue() setting_value.value = "true" # Add the SettingValue to a ComputerSettings object computer_settings = api.ComputerSettings() computer_settings.firewall_setting_reconnaissance_enabled = setting_value app_controll_settings = api.ApplicationControlComputerExtension() app_controll_settings.state = app_control_status # Add the ComputerSettings object to a Computer object computer = api.Computer() computer.computer_settings = computer_settings computer.application_control = app_controll_settings for ds_id in ds_ids: computer_api.modify_computer(ds_id, computer, api_version, overrides=True) return ec2_instance_id except api_exception as e: return "Exception: " + str(e)
def get_ips_rules(self): ips_rules = dict() search_criteria = api.SearchCriteria() search_criteria.id_value = 0 search_criteria.id_test = 'greater-than' search_filter = api.SearchFilter() search_filter.max_items = 5000 search_filter.search_criteria = [search_criteria] ips_api = api.IntrusionPreventionRulesApi(self.api_client) while True: try: rule_list = ips_api.search_intrusion_prevention_rules( self.api_version, search_filter=search_filter) num_found = len(rule_list.intrusion_prevention_rules) if num_found == 0: break except ApiException as e: return 'Exception: ' + str(e) for rule in rule_list.intrusion_prevention_rules: ips_rules[rule.id] = rule last_id = rule_list.intrusion_prevention_rules[-1].id search_criteria.id_value = last_id return ips_rules
def search_firewall_rules(api, configuration, api_version, api_exception): """ Searches the firewall rules for any rule that contains DHCP in the rule name. :param api: The Deep Security API modules. :param configuration: Configuration object to pass to the api client. :param api_version: The version of the API to use. :param api_exception: The Deep Security API exception module. :return: A list containing all firewall rules that match the search criteria. """ # Define the search criteria search_criteria = api.SearchCriteria() search_criteria.field_name = "name" search_criteria.string_value = "%DHCP%" search_criteria.string_test = "equal" search_criteria.string_wildcards = True # Create search filter to find the rule search_filter = api.SearchFilter(None,[search_criteria]) # Create a FirewallRulesApi object firewall_rules_api = api.FirewallRulesApi(api.ApiClient(configuration)) try: # Perform the search firewall_rules = firewall_rules_api.search_firewall_rules(api_version, search_filter=search_filter) firewall_rules_list = [] for rule in firewall_rules.firewall_rules: firewall_rules_list.append(rule) return firewall_rules except api_exception as e: return "Exception: " + str(e)
def getIPSrules(cve): # Initialization # Set Any Required Values api_instance = deepsecurity.IntrusionPreventionRulesApi( deepsecurity.ApiClient(configuration)) api_version = 'v1' # Set search criteria for the date range search_criteria = deepsecurity.SearchCriteria() search_criteria.field_name = "CVE" search_criteria.string_value = "%" + cve + "%" search_filter = deepsecurity.SearchFilter(None, [search_criteria]) try: ipsrules = api_instance.search_intrusion_prevention_rules( api_version, search_filter=search_filter) i = 0 for ipsrid in ipsrules.intrusion_prevention_rules: ipsruleidentifier = ipsrid.identifier ipsrulename = ipsrid.name print("ID: " + str(ipsruleidentifier), "- " + str(ipsrulename)) i += 1 except ApiException as e: print( "An exception occurred when calling IntrusionPreventionRulesApi.search_intrusion_prevention_rules: %s\n" % e)
def GetAllComputers(configuration): expand = Expand(Expand.ec2_virtual_machine_summary) expndList = expand.list() # Set search criteria search_criteria = api.SearchCriteria() search_criteria.id_value = 0 search_criteria.id_test = "greater-than" # Create a search filter with maximum returned items page_size = 50 search_filter = api.SearchFilter() search_filter.max_items = page_size search_filter.search_criteria = [search_criteria] # Perform the search and do work on the results computers_api = api.ComputersApi(api.ApiClient(configuration)) paged_computers = [] while True: try: t0 = time.time() computers = computers_api.search_computers( api_version, search_filter=search_filter, expand=expndList) t1 = time.time() num_found = len(computers.computers) current_paged_computers = [] if num_found == 0: print("No computers found.") break for computer in computers.computers: current_paged_computers.append(computer) paged_computers.append(current_paged_computers) # Get the ID of the last computer in the page and return it with the number of computers on the page last_id = computers.computers[-1].id search_criteria.id_value = last_id print("Last ID: " + str(last_id), "Computers found: " + str(num_found)) print("Return rate: {0} hosts/sec".format(num_found / (t1 - t0))) if num_found != page_size: print("Num_found {0} - Page size is {1}".format( num_found, page_size)) except api_exception as e: print("Exception: {0}".format(str(e))) return paged_computers
def _find_exact_match(self, search_field, search_string, object_api): search_criteria = api.SearchCriteria() search_criteria.field_name = search_field search_criteria.string_test = 'equal' search_criteria.string_value = search_string search_filter = api.SearchFilter(None, [search_criteria]) search_filter.max_items = 1 try: result = object_api(self.api_version, search_filter=search_filter) return result except ApiException as e: print(str(e)) sys.exit(1)
def GetAllGroups(self, configuration): # Set search criteria search_criteria = api.SearchCriteria() search_criteria.id_value = 0 search_criteria.id_test = "greater-than" # Create a search filter with maximum returned items page_size = 5000 search_filter = api.SearchFilter() search_filter.max_items = page_size search_filter.search_criteria = [search_criteria] groupsapi = api.ComputerGroupsApi(api.ApiClient(configuration)) paged_groups = [] try: while True: t0 = time.time() groups = groupsapi.search_computer_groups( api_version, search_filter=search_filter) t1 = time.time() num_found = len(groups.computer_groups) if num_found == 0: print("No groups found.") break paged_groups.extend(groups.computer_groups) # Get the ID of the last group in the page and return it with the number of groups on the page last_id = groups.computer_groups[-1].id search_criteria.id_value = last_id print("Last ID: " + str(last_id), "Groups found: " + str(num_found)) print("Return rate: {0} groups/sec".format(num_found / (t1 - t0))) if num_found != page_size: print("Num_found {0} - Page size is {1}".format( num_found, page_size)) except api_exception as e: return "Exception: " + str(e) return paged_groups
# Initialization # Set Any Required Values api_instance = api.ComputersApi(api.ApiClient(configuration)) # Add AV and IPS information expand_options = api.Expand() expand_options.add(api.Expand.computer_status) expand_options.add(api.Expand.security_updates) expand_options.add(api.Expand.intrusion_prevention) expand_options.add(api.Expand.anti_malware) expand_options.add(api.Expand.interfaces) expand_options.add(api.Expand.azure_arm_virtual_machine_summary) expand = expand_options.list() overrides = False # Set search criteria search_criteria = api.SearchCriteria() search_criteria.id_value = 0 search_criteria.id_test = "greater-than" # Create a search filter with maximum returned items page_size = 50 search_filter = api.SearchFilter() search_filter.max_items = page_size search_filter.search_criteria = [search_criteria] # Add column titles to comma-separated values string csv = "Host Name;Displayname;DNS Name;Agent version;Platform;IP Address;Agent Status;Agent Status Message;PolicyId;GroupId;Last Communication;Last Policy Sent;Last Policy Success;Update Status;AM Module State;AM Status;AM Status Message;AM Update Status;IPS Status;IPS Status Message\n" try: # Perform the search and do work on the results print("Start reading computers")
# Setup if not sys.warnoptions: warnings.simplefilter("ignore") configuration = deepsecurity.Configuration() configuration.host = 'https://192.168.75.210:4119/api' # Authentication configuration.api_key['api-secret-key'] = '2:PZGmBIe8rcKSF6fK2HeMkoyh5ZrC/fQeeyJyUjcpzyk=' # Initialization # Set Any Required Values api_instance = deepsecurity.PoliciesApi(deepsecurity.ApiClient(configuration)) api_version = 'v1' search_criteria = deepsecurity.SearchCriteria() search_criteria.field_name = "name" search_criteria.string_test = "equal" search_criteria.string_value = "%Linux Server%" # Create a search filter search_filter = deepsecurity.SearchFilter(None, [search_criteria]) policies_api = deepsecurity.PoliciesApi(deepsecurity.ApiClient(configuration)) computers_api = deepsecurity.ComputersApi(deepsecurity.ApiClient(configuration)) computer = deepsecurity.Computer() try: # Perform the search policy_search_results = policies_api.search_policies(api_version, search_filter=search_filter) # Assign the policy to the computer
def _GetGroupComputers(self, configuration, groupID): # Set search group criteria search_group_criteria = api.SearchCriteria() search_group_criteria.field_name = "groupID" if groupID: search_group_criteria.numeric_value = groupID search_group_criteria.numeric_test = "equal" else: search_group_criteria.null_test = True # Set search criteria search_criteria = api.SearchCriteria() search_criteria.id_value = 0 search_criteria.id_test = "greater-than" # Create a search filter with maximum returned items page_size = 250 search_filter = api.SearchFilter() search_filter.max_items = page_size search_filter.search_criteria = [ search_criteria, search_group_criteria ] # Perform the search and do work on the results computers_api = api.ComputersApi(api.ApiClient(configuration)) paged_computers = [] while True: try: expand = Expand(Expand.ec2_virtual_machine_summary) t0 = time.time() computers = computers_api.search_computers( api_version, search_filter=search_filter, expand=expand.list()) t1 = time.time() num_found = len(computers.computers) current_paged_computers = [] if num_found == 0: #This gets noise with so many threads #print("No computers found.") break for computer in computers.computers: current_paged_computers.append(computer) paged_computers.append(current_paged_computers) # Get the ID of the last computer in the page and return it with the number of computers on the page last_id = computers.computers[-1].id search_criteria.id_value = last_id print("Last ID: " + str(last_id), "Computers found: " + str(num_found)) print("Return rate: {0} hosts/sec".format(num_found / (t1 - t0))) if num_found != page_size: print("Num_found {0} - Page size is {1}".format( num_found, page_size)) except api_exception as e: print("Exception: {0}".format(str(e))) return paged_computers
def __init__(self): self.api_config = deepsecurity.Configuration() self.api_version = '' self.API_CONFIG_PATH = "config/api_config.yml" self.MAX_RETRY_ERROR_MSG = "ERROR: Failed to establish connection - Make sure the hostname is correct" self.MAX_ITEMS_PER_PAGE = 1000 #Up To 5000 expand_options = deepsecurity.Expand() expand_options.add( # deepsecurity.Expand.anti_malware, # deepsecurity.Expand.application_control, # deepsecurity.Expand.firewall, # deepsecurity.Expand.web_reputation, # deepsecurity.Expand.log_inspection, # deepsecurity.Expand.integrity_monitoring, # deepsecurity.Expand.intrusion_prevention, # deepsecurity.Expand.computer_settings, # deepsecurity.Expand.computer_status, # deepsecurity.Expand.ec2_virtual_machine_summary, # deepsecurity.Expand.azure_arm_virtual_machine_summary, # deepsecurity.Expand.azure_vm_virtual_machine_summary, # deepsecurity.Expand.gcp_virtual_machine_summary deepsecurity.Expand.all ) self.COMPUTER_EXPAND = expand_options.list() search_criteria = deepsecurity.SearchCriteria() search_criteria.id_value = 0 search_criteria.id_test = "greater-than" self.SEARCH_FILTER = deepsecurity.SearchFilter(max_items=self.MAX_ITEMS_PER_PAGE, search_criteria=search_criteria) #Turns off warnings unless specified if not sys.warnoptions: warnings.simplefilter("ignore") file_config = dict() try: with open(self.API_CONFIG_PATH, "r", encoding = 'utf-8') as cfg_fd: file_config = yaml.safe_load(cfg_fd.read()) if file_config is None: file_config = dict() self.api_config.host = file_config["host"] self.api_config.api_key['api-secret-key'] = file_config["api-secret-key"] self.api_version = file_config["api-version"] if not "https://" in self.api_config.host: self.api_config.host = "https://"+self.api_config.host except Exception as e: print(Fore.LIGHTRED_EX + "Error while loading the config/api_config.yml file, resetting it...") try: os.makedirs("config") except Exception as e: pass try: if "host" not in file_config or file_config["host"] == "https://<Your DSM Hostname or IP>:<DSM Port>/api" or \ "api-secret-key" not in file_config or file_config["api-secret-key"] == "" or "api-version" not in file_config: print(Fore.LIGHTRED_EX+"CONFIG FILE NOT SET!") print("{}Insert the DSM host (link) following this example {}[{}https://{}<Your DSM Hostname or IP>{}:{}<DSM Port if on-premise>{}/api{}]". format(Fore.LIGHTCYAN_EX, Fore.LIGHTWHITE_EX,Fore.LIGHTBLUE_EX, Fore.LIGHTGREEN_EX,Fore.LIGHTWHITE_EX,Fore.LIGHTRED_EX,Fore.LIGHTMAGENTA_EX,Fore.LIGHTWHITE_EX)) self.api_config.host = input("Inset the DSM Host: ").rstrip().lstrip() file_config["host"] = self.api_config.host if self.api_config.host == "": raise TypeError("Empty Host Configuration is NOT VALID") print(Fore.LIGHTCYAN_EX + "Insert the secret key for the API (Check the documentation if lost)") self.api_config.api_key['api-secret-key'] = input("Inset the Api Secret key: ").rstrip().lstrip() file_config["api-secret-key"] = self.api_config.api_key['api-secret-key'] if self.api_config.api_key['api-secret-key'] == "": raise TypeError("Empty key Configuration is NOT VALID") self.api_version = "v1" file_config["api-version"] = self.api_version print(Fore.LIGHTGREEN_EX + "Saving to config/api_config.yml (you can modify the info here)") try: with open(self.API_CONFIG_PATH, "w+") as config: yaml.dump(file_config,config, default_flow_style=False) except Exception as e: print("Could not save configs to file, you will have to type them again later") except Exception as e: raise IOError("Corrupted api_config, please re download the file: " + str(e)) if self.api_config.host is None or self.api_config.api_key is None or self.api_version is None: raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH)))