from splunk.clilib.cli_common import getMergedConf
# nCircle Variables
config_file = 'ncircle'
counter_file = 'counter_file.txt'
latest_counter = 211000
_TIMEOUT = 5
for key in getMergedConf(config_file).keys():
try:
host = getMergedConf(config_file)[key]['host']
user = getMergedConf(config_file)[key]['username']
password = getMergedConf(config_file)[key]['password']
jsonStruct = nCircleAPI._getConfigFile(counter_file)
if not jsonStruct.get(host + user + "_maxId"):
jsonStruct[host + user + "_maxId"] = latest_counter
try:
# Connect to the server and login
(server, session) = nCircleAPI._login(host, user, password)
# Construct query to get latest audit records
result = server.call(session, 'SESSION', 'getUserObject', {})
params = {}
params['query'] = "id > \'%s\'" % (jsonStruct[host + user + "_maxId"])
newAuditRecords = server.call(session, 'class.AuditLog', 'search', params)
if newAuditRecords:
for newAuditRecord in newAuditRecords:
vulnList = {}
hostList = {}
osList = {}
config_file = 'ncircle'
# Get the audit records
_TIMEOUT = 5
for key in getMergedConf(config_file).keys():
try:
host = getMergedConf(config_file)[key]['host']
user = getMergedConf(config_file)[key]['username']
password = getMergedConf(config_file)[key]['password']
# Get the latest Audit IDs for each device profiler
storedAuditIDs = nCircleAPI._getConfigFile(audit_file)
try:
# Connect to the server and login
(server, session) = nCircleAPI._login(host, user, password)
# Find new audits for each device profilers
for deviceProfiler in deviceProfilers:
#get latest AuditID into the condition for fetching the audit records
if not storedAuditIDs.get(deviceProfiler):
storedAuditIDs[deviceProfiler] = blg #bulgarian constant to get audits from ID 5000
storedAuditID = blg
else:
storedAuditID = storedAuditIDs[deviceProfiler]
