from splunk.clilib.cli_common import getMergedConf # nCircle Variables config_file = 'ncircle' counter_file = 'counter_file.txt' latest_counter = 211000 _TIMEOUT = 5 for key in getMergedConf(config_file).keys(): try: host = getMergedConf(config_file)[key]['host'] user = getMergedConf(config_file)[key]['username'] password = getMergedConf(config_file)[key]['password'] jsonStruct = nCircleAPI._getConfigFile(counter_file) if not jsonStruct.get(host + user + "_maxId"): jsonStruct[host + user + "_maxId"] = latest_counter try: # Connect to the server and login (server, session) = nCircleAPI._login(host, user, password) # Construct query to get latest audit records result = server.call(session, 'SESSION', 'getUserObject', {}) params = {} params['query'] = "id > \'%s\'" % (jsonStruct[host + user + "_maxId"]) newAuditRecords = server.call(session, 'class.AuditLog', 'search', params) if newAuditRecords: for newAuditRecord in newAuditRecords:
vulnList = {} hostList = {} osList = {} config_file = 'ncircle' # Get the audit records _TIMEOUT = 5 for key in getMergedConf(config_file).keys(): try: host = getMergedConf(config_file)[key]['host'] user = getMergedConf(config_file)[key]['username'] password = getMergedConf(config_file)[key]['password'] # Get the latest Audit IDs for each device profiler storedAuditIDs = nCircleAPI._getConfigFile(audit_file) try: # Connect to the server and login (server, session) = nCircleAPI._login(host, user, password) # Find new audits for each device profilers for deviceProfiler in deviceProfilers: #get latest AuditID into the condition for fetching the audit records if not storedAuditIDs.get(deviceProfiler): storedAuditIDs[deviceProfiler] = blg #bulgarian constant to get audits from ID 5000 storedAuditID = blg else: storedAuditID = storedAuditIDs[deviceProfiler]