def tune_app_control(api, configuration, api_version, api_exception): try: # Create a PoliciesApi object policies_api = api.PoliciesApi(api.ApiClient(configuration)) # List policies using version v1 of the API policies_list = policies_api.list_policies(api_version) # View the list of policies # return policies_list except api_exception as e: return "Exception: " + str(e) # Search computer in deep security dashboard search_criteria = api.SearchCriteria() search_criteria.field_name = "displayName" search_criteria.string_value = '%' + search_name + '%' search_criteria.string_test = "equal" search_criteria.string_wildcards = True # Create search filter to find computer search_filter = api.SearchFilter(None, [search_criteria]) # Create a ComputerApi object computer_api = api.ComputersApi(api.ApiClient(configuration)) try: # Perform the search computer_details = computer_api.search_computers(api_version, search_filter=search_filter) ec2_instance_id = [] ds_ids = [] for ec2_details in computer_details.computers: ec2_instance_id.append(ec2_details.ec2_virtual_machine_summary.instance_id) ds_ids.append(ec2_details.id) # Set the Reconnaissance Scan value setting_value = api.SettingValue() setting_value.value = "true" # Add the SettingValue to a ComputerSettings object computer_settings = api.ComputerSettings() computer_settings.firewall_setting_reconnaissance_enabled = setting_value app_controll_settings = api.ApplicationControlComputerExtension() app_controll_settings.state = app_control_status # Add the ComputerSettings object to a Computer object computer = api.Computer() computer.computer_settings = computer_settings computer.application_control = app_controll_settings for ds_id in ds_ids: computer_api.modify_computer(ds_id, computer, api_version, overrides=True) return ec2_instance_id except api_exception as e: return "Exception: " + str(e)
def getruleid(rule_type, rule_to_apply, configuration, api_version): # Get the rule id policy_instance = deepsecurity.PoliciesApi( deepsecurity.ApiClient(configuration)) if ("ips" in rule_type): rule_instance = deepsecurity.IntrusionPreventionRulesApi( deepsecurity.ApiClient(configuration)) if ("im" in rule_type): rule_instance = deepsecurity.IntegrityMonitoringRulesApi( deepsecurity.ApiClient(configuration)) if ("li" in rule_type): rule_instance = deepsecurity.LogInspectionRulesApi( deepsecurity.ApiClient(configuration)) rule_id = 0 try: if ("ips" in rule_type): rule_response = rule_instance.list_intrusion_prevention_rules( api_version) attrs = rule_response._intrusion_prevention_rules rule_id = getid(attrs, rule_to_apply) if ("im" in rule_type): rule_response = rule_instance.list_integrity_monitoring_rules( api_version) attrs = rule_response._integrity_monitoring_rules rule_id = getid(attrs, rule_to_apply) if ("li" in rule_type): rule_response = rule_instance.list_log_inspection_rules( api_version) attrs = rule_response._log_inspection_rules rule_id = getid(attrs, rule_to_apply) return (rule_id) except ApiException as e: print( "An exception occurred when calling IntrusionPreventionRulesApi.list_intrusion_prevention_rules: %s\n" % e)
def checkifwrson(policy_id, configuration, api_version, overrides): policies_api = deepsecurity.PoliciesApi( deepsecurity.ApiClient(configuration)) current_wrs_settings = policies_api.describe_policy(policy_id, api_version, overrides=False) return (current_wrs_settings.web_reputation.state)
def describe_policy(self, policy_id, description): if not sys.warnoptions: warnings.simplefilter("ignore") api_instance = ds.PoliciesApi(ds.ApiClient(self.configuration)) policy = ds.Policy() description = description[:1998] + (description[1998:] and '..') policy.description = description api_response = api_instance.modify_policy(policy_id, policy, self.api_version, overrides=False) return api_response
def listpolicies(configuration, api_version, overrides): try: # Get the policies policy_names = [] policy_instance = deepsecurity.PoliciesApi( deepsecurity.ApiClient(configuration)) policy_response = policy_instance.list_policies(api_version, overrides=overrides) for policy in policy_response.policies: policy_names.append(policy.name) return (policy_names) except ApiException as e: print( "An exception occurred when calling ComputersApi.list_computers: %s\n" % e)
def request_policies(self): """Returns a list of all policies in the DS environment""" api_instance = deepsecurity.PoliciesApi(deepsecurity.ApiClient(self.api_config)) try: api_response = api_instance.list_policies(self.api_version, overrides=False) except deepsecurity.rest.ApiException as e: self.handle_api_exception(e,"POLICIES") except urllib3.exceptions.MaxRetryError as e: raise Exception(self.MAX_RETRY_ERROR_MSG) except urllib3.exceptions.LocationParseError: raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH))) except Exception as e: raise Exception("Generic connection error!" + str(e) + "Generic connection error!") #return {item.id : item for item in api_response.policies} return api_response.policies
def checkifruleassigned(rule_to_apply, rule_type, rule_id, policy_id, configuration, api_version, overrides): policy_instance = deepsecurity.PoliciesApi( deepsecurity.ApiClient(configuration)) try: found = False policies = policy_instance.list_policies(api_version, overrides=overrides) for policy in policies.policies: if policy.id == policy_id: if ("ips" in rule_type): if (rule_id != 0) and (policy.intrusion_prevention.rule_ids is not None): for policy_ids in policy.intrusion_prevention.rule_ids: if policy_ids == rule_id: print(rule_type + " rule \"" + rule_to_apply + " is already assigned") found = True break if ("im" in rule_type): if (rule_id != 0) and (policy.integrity_monitoring.rule_ids is not None): for policy_ids in policy.integrity_monitoring.rule_ids: if policy_ids == rule_id: print(rule_type + " rule \"" + rule_to_apply + " is already assigned") found = True break if ("li" in rule_type): if (rule_id != 0) and (policy.log_inspection.rule_ids is not None): for policy_ids in policy.log_inspection.rule_ids: if policy_ids == rule_id: print(rule_type + " rule \"" + rule_to_apply + " is already assigned") found = True break if (found == False): #id_array=arr.array('I',policy.intrusion_prevention.rule_ids) print(rule_type + " rule \"" + rule_to_apply + " was not assigned, need to assign it to the policy") return (found) except ApiException as e: print( "An exception occurred when calling PoliciesApi.list_policies: %s\n" % e)
def modifywrsstate(policy_id, configuration, api_version, overrides, on_off): print("Changing the WRS state to: " + on_off) policies_api = deepsecurity.PoliciesApi( deepsecurity.ApiClient(configuration)) current_wrs_settings = policies_api.describe_policy(policy_id, api_version, overrides=False) #Configure sending policy updates when the policy changes web_reputation_policy_extension = deepsecurity.WebReputationPolicyExtension( ) web_reputation_policy_extension.state = on_off policy = deepsecurity.Policy() policy.web_reputation = web_reputation_policy_extension # Modify the policy on Deep Security Manager modified_policy = policies_api.modify_policy(policy_id, policy, api_version)
def get_policies_list(api, configuration, api_version, api_exception): """ Gets a list of policies on the Deep Security Manager :return: A PoliciesApi object that contains a list of policies. """ try: # Create a PoliciesApi object policies_api = api.PoliciesApi(api.ApiClient(configuration)) # List policies using version v1 of the API policies_list = policies_api.list_policies(api_version) # View the list of policies return policies_list except api_exception as e: return "Exception: " + str(e)
def applicationcontroltest(host_id, policy_id, configuration, api_version, overrides, operating_system): print("---Running The Application Control Test---") #Check if Application control is already enabled enabled = False policies_api = deepsecurity.PoliciesApi(deepsecurity.ApiClient(configuration)) application_control_policy_extension = deepsecurity.ApplicationControlPolicyExtension() if(application_control_policy_extension.state is not None): if("on" in application_control_policy_extension.state): enabled = True #If application control is not enabled, enable it if(enabled == False): print("Enabling Application Control") enabledisableapplicationcontrol(policy_id, policies_api, application_control_policy_extension, api_version, "on") done = False while done == False: print("Waiting for Application Control Baseline to finish...") #put a sleep here to allow the policy to update and the baseline to start time.sleep(30) status = getacstatus(host_id, policy_id, configuration, api_version, overrides) if(status is not None): if("sending policy" in status.lower() or "application control inventory scan in progress" in status.lower() or "security update in progress" in status.lower()): time.sleep(10) else: print("Application Control Baseline complete") done = True #Run the tests runtest(operating_system) # If Application Control was not previously on, turn it off again to return the policy to it's original state if(enabled == False): enabledisableapplicationcontrol(policy_id, policies_api, application_control_policy_extension, api_version, "off") #Clean up after the tests and reset the system to it's original state cleanup(policy_id, policies_api, application_control_policy_extension, api_version, enabled, operating_system) # Perform a heartbeat to get the events to Cloud One or Deep Security Manager sendheartbeat(operating_system) print("---Application Control Test Completed---")
def assignlirule(rule_to_apply, rule_id, policy_id, configuration, api_version, overrides, add_rule): try: # Get the current list of rules from the policy policies_api = deepsecurity.PoliciesApi( deepsecurity.ApiClient(configuration)) current_rules = policies_api.describe_policy(policy_id, api_version, overrides=False) # Add the rule_id if it doesn't already exist in current_rules if (add_rule == True): print("Adding the " + rule_to_apply + " rule to the policy") if current_rules.log_inspection.rule_ids is None: current_rules.log_inspection.rule_ids = rule_id elif rule_id not in current_rules.log_inspection.rule_ids: current_rules.log_inspection.rule_ids.append(rule_id) # Remove the rule_id if it was originally unassigned else: print("Removing the " + rule_to_apply + " rule from the policy") current_rules.log_inspection.rule_ids.remove(rule_id) # Add the new and existing intrusion prevention rules to a policy log_inspection_policy_extension = deepsecurity.LogInspectionPolicyExtension( ) log_inspection_policy_extension.rule_ids = current_rules.log_inspection.rule_ids policy = deepsecurity.Policy() policy.log_inspection = log_inspection_policy_extension # Configure sending policy updates when the policy changes policy.auto_requires_update = "on" # Modify the policy on Deep Security Manager modified_policy = policies_api.modify_policy(policy_id, policy, api_version) except ApiException as e: print( "An exception occurred when calling PolicyIntegrityMonitoringRuleAssignmentsRecommendationsApi.add_intrusion_prevention_rule_ids_to_policy: %s\n" % e)
def getpolicyid(configuration, api_version, overrides): # List the policies available and print them out so the user can choose available_policies = listpolicies(configuration, api_version, overrides) count = 1 for policy in available_policies: print(str(count) + " = " + policy) count += 1 policy_selected = False while (policy_selected == False): print( "Enter the number for the policy you will be using for these tests?" ) selected_policy = input() if ((not selected_policy.isdigit()) or (int(selected_policy) > (len(available_policies)))): print("Invalid option, please try again") elif (int(selected_policy) == 0): print("Invalid option, please try again") else: selected_policy = int(selected_policy) - 1 print("You have selected to use: " + available_policies[selected_policy]) policy_to_update = available_policies[selected_policy] policy_selected = True # Get the policy id policy_instance = deepsecurity.PoliciesApi( deepsecurity.ApiClient(configuration)) try: policies = policy_instance.list_policies(api_version, overrides=overrides) for policy in policies.policies: if policy.name == policy_to_update: return (policy.id) except ApiException as e: print( "An exception occurred when calling PoliciesApi.list_policies: %s\n" % e)
def sign_in_to_deep_security(): """ Sign in to Deep Security """ global DSM global configuration configuration = client.Configuration() DSM_policy = client.PoliciesApi(client.ApiClient(configuration)) DSM_client = client.ComputersApi(client.ApiClient(configuration)) if 'apiKey' not in os.environ: print("apiKey is REQUIRED environment variables for this AWS Lambda function") return None ds_api_key = os.environ['apiKey'] ds_hostname = None if 'dsHostname' in os.environ: ds_hostname = os.environ['dsHostname'] ds_port = None if 'dsPort' in os.environ: ds_port = os.environ['dsPort'] # ds_ignore_ssl_validation = None # if 'dsIgnoreSslValidation' in os.environ: ds_ignore_ssl_validation = os.environ['dsIgnoreSslValidation'] try: # DSM connection string configuration.host = 'https://' + ds_hostname + ':' + ds_port + '/api' configuration.verify_ssl = False # Authentication configuration.api_key['api-secret-key'] = ds_api_key api_version = 'v1' policies_list = DSM_policy.list_policies(api_version) computer_list = DSM_client.list_computers(api_version) print("Signed into Deep Security") except api_exception as ex: print("Could not successfully sign into Deep Security. Threw exception: {}".format(ex))
with open(property_file) as raw_properties: properties = json.load(raw_properties) secret_key = properties['secretkey'] url = properties['url'] api_version = 'v1' # Add DSM host information to the API client configuration configuration = api.Configuration() configuration.host = url configuration.api_key['api-secret-key'] = secret_key # Initialization # Set Any Required Values api_instance = api.PoliciesApi(api.ApiClient(configuration)) # Add column titles to comma-separated values string csv = "Policy ID;Name;Description;Antimalware;Antimalware manual scan configuration id;Antimalware real time scan configuration;Antimalware Scheduled scan configuration;Application control;firewall;integrity monitoring;interface types;intrusion prevention;recommendation scan mode;log_inspection;web reputation\n" overrides = False try: policies = api_instance.list_policies(api_version, overrides=overrides) for policy in policies.policies: module_info = [] module_info.append(policy.id) module_info.append(policy.name) module_info.append( policy.description.replace('\n', ' ').replace('\r', ''))
import deepsecurity from deepsecurity.rest import ApiException from pprint import pprint # Setup if not sys.warnoptions: warnings.simplefilter("ignore") configuration = deepsecurity.Configuration() configuration.host = 'https://192.168.75.210:4119/api' # Authentication configuration.api_key['api-secret-key'] = '2:PZGmBIe8rcKSF6fK2HeMkoyh5ZrC/fQeeyJyUjcpzyk=' # Initialization # Set Any Required Values api_instance = deepsecurity.PoliciesApi(deepsecurity.ApiClient(configuration)) api_version = 'v1' search_criteria = deepsecurity.SearchCriteria() search_criteria.field_name = "name" search_criteria.string_test = "equal" search_criteria.string_value = "%Linux Server%" # Create a search filter search_filter = deepsecurity.SearchFilter(None, [search_criteria]) policies_api = deepsecurity.PoliciesApi(deepsecurity.ApiClient(configuration)) computers_api = deepsecurity.ComputersApi(deepsecurity.ApiClient(configuration)) computer = deepsecurity.Computer() try: # Perform the search