for info in hashes:
info = info.split('\0')[0].strip()
print (info)
hash,description = info.split(' - ')
detail = json.dumps(dsm.add_block_by_hash_rule(hash, description))
message = json.loads(detail)
print (message)
print ('\n')
input("Press Enter to continue...")
print ("\n" * 100)
case = 0
elif case == 2:
data = dsm.list_block_by_hash_rules()
data = data['DescribeGlobalRulesetResponse']['ruleset']['rules']
hash = str(input("Pleas enter the hash that you would like to search: "))
for into in data:
if (into['sha256']) == hash:
print ('\n' + "RULE ALREADY EXIST WITH THIS SHA 265")
print ("Rule ID: " + str(into['ruleID']))
print ("SHA 265: " + into['sha256'])
print ("Description: " + into['description'])
print ("Action: " + into['action'] + '\n')
input("Press Enter to continue...")
print ("\n" * 100)
case = 0
from dsp3.models.manager import Manager
from ..utils import utils
'''
Customer: Not disclosed in repo
run file from project root dir as:
python -m app.customer_examples.block_filehash
'''
username, password, tenant = utils.parse_dsas_crendentials()
dsm = Manager(username=username, password=password, tenant=tenant)
rules = dsm.list_block_by_hash_rules(
) # returns json object representing list of Block by Hash Rules
print(rules)
# How to get the sha256 has of a file on a mac: shasum -a 256 test.sh
# adds new block by hash rule. based on sha256 file hash.
# The blacklist rules are then applied and enforced on any agent that has AppControl turned on.
dsm.add_block_by_hash_rule(
"3c65c5bf26a8cb8912387e5f28c4b6192699185b70084739f4fcbe4200bc413c",
"Block test.sh File")
dsm.delete_block_by_hash_rule(1) #deletes block by hash rule by rule id
dsm.end_session()
# ssh to host