def delete_policies(sdsecure: SdSecureClient, ids: List):
for id in ids:
ok, res = sdsecure.delete_policy_id(id=id)
if not ok:
print(f"error deleting the policy {id}: {res}")
return EXIT_CODES.ERR_DELETING_POLICY
print(f"Deleted policy {id}")
return EXIT_CODES.OK
def initialize(self):
self._state = self.load_state()
config = self.get_config()
self._duration_in_seconds = config['duration_in_seconds']
self._kubernetes_config = config['kubernetes_config']
self._sysdig_api_token = config['sysdig_api_token']
self._sysdig_api_endpoint = config['sysdig_api_endpoint']
kubernetes_config = tempfile.NamedTemporaryFile(delete=False)
kubernetes_config.write(base64.b64decode(self._kubernetes_config))
kubernetes_config.close()
self._kubernetes_client = KubernetesClient(kubernetes_config.name)
self._sysdig_client = SdSecureClient(token=self._sysdig_api_token,
sdc_url=self._sysdig_api_endpoint)
os.remove(kubernetes_config.name)
return phantom.APP_SUCCESS
def usage():
print('usage: %s <sysdig-token> <policy name>' % sys.argv[0])
print('You can find your token at https://secure.sysdig.com/#/settings/user')
sys.exit(1)
#
# Parse arguments
#
if len(sys.argv) != 3:
usage()
sdc_token = sys.argv[1]
name = sys.argv[2]
#
# Instantiate the SDC client
#
sdclient = SdSecureClient(sdc_token, 'https://secure.sysdig.com')
ok, res = sdclient.get_policy(name)
#
# Return the result
#
if ok:
print(json.dumps(res, indent=2))
else:
print(res)
sys.exit(1)
print(
'You can find your token at https://app.sysdigcloud.com/#/settings/user'
)
sys.exit(1)
sdc_token = sys.argv[1]
#
# Load the config file
#
with open(sys.argv[2]) as cfile:
yaml_conf = cfile.read()
# Verify that the content is valid yaml
parsed_yaml_conf = yaml.load(yaml_conf)
sdclient = SdSecureClient(sdc_token, 'https://secure.sysdig.com')
#
# Push the configuration
#
ok, res = sdclient.set_user_falco_rules(yaml_conf)
#
# Check if everything went well
#
if ok:
print('user falco rules set successfully')
else:
print(res)
sys.exit(1)
from sdcclient import SdSecureClient
#
# Parse arguments
#
if len(sys.argv) != 2:
print 'usage: %s <sysdig-token>' % sys.argv[0]
print 'You can find your token at https://secure.sysdig.com/#/settings/user'
sys.exit(1)
sdc_token = sys.argv[1]
#
# Instantiate the SDC client
#
sdclient = SdSecureClient(sdc_token, 'https://secure.sysdig.com')
#
# Get the configuration
#
res = sdclient.get_user_falco_rules()
#
# Return the result
#
if res[0]:
sys.stdout.write(res[1]["userRulesFile"]["content"])
else:
print res[1]
sys.exit(1)
sys.exit(1)
#
# Check number of parameters
#
if len(sys.argv) < 2:
usage()
sdc_endpoint = sys.argv[1]
sdc_token = sys.argv[2]
#
# Instantiate the SDC client
#
sdclient = SdSecureClient(sdc_token, sdc_endpoint)
#
# Retrieve all the image profiles
#
ok, res = sdclient.list_image_profiles()
if not ok:
print(res)
sys.exit(1)
# Strip the surrounding json to only keep the list of profiles
res = res['profiles']
for profile in res:
print(("ID: {}, Name: {}".format(profile["profileId"], profile["imageName"])))
duration = None
from_sec = None
to_sec = None
if len(args) == 2:
duration = args[1]
elif len(args) == 3:
from_sec = args[1]
to_sec = args[2]
else:
usage()
#
# Instantiate the SDC client
#
sdclient = SdSecureClient(sdc_token, 'https://secure.sysdig.com')
if duration is not None:
res = sdclient.get_policy_events_duration(duration)
else:
res = sdclient.get_policy_events_range(from_sec, to_sec)
all_outputs = dict()
while True:
#
# Return the result
#
if not res[0]:
print res[1]
def usage():
print 'usage: %s <sysdig-token> <policy name>' % sys.argv[0]
print 'You can find your token at https://secure.sysdig.com/#/settings/user'
sys.exit(1)
#
# Parse arguments
#
if len(sys.argv) != 2:
usage()
sdc_token = sys.argv[1]
policy_json = sys.stdin.read()
#
# Instantiate the SDC client
#
sdclient = SdSecureClient(sdc_token, 'https://secure.sysdig.com')
res = sdclient.update_policy(policy_json)
#
# Return the result
#
if res[0]:
print json.dumps(res[1], indent=2)
else:
print res[1]
sys.exit(1)
def usage():
print 'usage: %s <sysdig-token>' % sys.argv[0]
print 'You can find your token at https://secure.sysdig.com/#/settings/user'
sys.exit(1)
#
# Parse arguments
#
if len(sys.argv) != 2:
usage()
sdc_token = sys.argv[1]
#
# Instantiate the SDC client
#
sdclient = SdSecureClient(sdc_token, 'https://secure.sysdig.com')
res = sdclient.list_policies()
#
# Return the result
#
if res[0]:
print json.dumps(res[1], indent=2)
else:
print res[1]
sys.exit(1)
from sdcclient import SdSecureClient
#
# Parse arguments
#
if len(sys.argv) != 2:
print('usage: %s <sysdig-token>' % sys.argv[0])
print('You can find your token at https://secure.sysdig.com/#/settings/user')
sys.exit(1)
sdc_token = sys.argv[1]
#
# Instantiate the SDC client
#
sdclient = SdSecureClient(sdc_token, 'https://secure.sysdig.com')
#
# Get the configuration
#
ok, res = sdclient.get_system_falco_rules()
#
# Return the result
#
if ok:
sys.stdout.write(res["systemRulesFile"]["content"])
else:
print(res)
sys.exit(1)
id = arg
elif opt in ("-n", "--name"):
name = arg
if len(id) + len(name) == 0:
usage()
if len(args) < 1:
usage()
sdc_token = args[0]
#
# Instantiate the SDC client
#
sdclient = SdSecureClient(sdc_token, 'https://secure.sysdig.com')
if len(id) > 0:
ok, res = sdclient.delete_policy_id(id)
else:
ok, res = sdclient.delete_policy_name(name)
#
# Return the result
#
if ok:
print(json.dumps(res, indent=2))
else:
print(res)
sys.exit(1)
print(
'You can find your token at https://secure.sysdig.com/#/settings/user')
sys.exit(1)
#
# Parse arguments
#
if len(sys.argv) != 2:
usage()
sdc_token = sys.argv[1]
policy_json = sys.stdin.read()
#
# Instantiate the SDC client
#
sdclient = SdSecureClient(sdc_token, 'https://secure.sysdig.com')
ok, res = sdclient.add_policy_json(policy_json)
#
# Return the result
#
if ok:
print((json.dumps(res, indent=2)))
else:
print(res)
sys.exit(1)
for opt, arg in opts:
if opt in ("-o", "--order-only"):
order_only = True
#
# Parse arguments
#
if len(args) < 1:
usage()
sdc_token = args[0]
#
# Instantiate the SDC client
#
sdclient = SdSecureClient(sdc_token, 'https://secure.sysdig.com')
ok, res = sdclient.get_policy_priorities()
if not ok:
print(res)
sys.exit(1)
# Strip the surrounding json to only keep the list of policy ids
res = res['priorities']['policyIds']
if not order_only:
priorities = res
ok, res = sdclient.list_policies()
if ok:
res['policies'].sort(key=lambda p: priorities.index(p['id']))
if len(sys.argv) != 2:
usage()
sdc_token = sys.argv[1]
priorities_json = sys.stdin.read()
try:
priorities_obj = json.loads(priorities_json)
except Exception as e:
print("priorities json is not valid json: {}".format(str(e)))
sys.exit(1)
#
# Instantiate the SDC client
#
sdclient = SdSecureClient(sdc_token, 'https://secure.sysdig.com')
#
# The argument to /api/policies/priorities is the list of ids wrapped
# in an object containing a version and dates. So fetch the list of
# priorities, update the list in-place and set it.
#
ok, res = sdclient.get_policy_priorities()
if not ok:
print(res)
sys.exit(1)
obj = res
obj['priorities']['policyIds'] = priorities_obj
for opt, arg in opts:
if opt in ("-s", "--save"):
save_dir = arg
#
# Parse arguments
#
if len(args) != 1:
usage()
sdc_token = args[0]
#
# Instantiate the SDC client
#
sdclient = SdSecureClient(sdc_token, 'https://secure.sysdig.com')
#
# Get the configuration
#
ok, res = sdclient.get_default_falco_rules_files()
#
# Return the result
#
if ok:
if save_dir == "":
pp = pprint.PrettyPrinter(indent=4)
pp.pprint(res)
else:
print(("Saving falco rules files below {}...".format(save_dir)))
cpath = arg
if load_dir != "" and (tag != "" or cpath != ""):
usage()
#
# Parse arguments
#
if len(args) != 1:
usage()
sdc_token = args[0]
#
# Instantiate the SDC client
#
sdclient = SdSecureClient(sdc_token, 'https://secure.sysdig.com')
files_obj = {}
if load_dir != "":
print("Loading falco rules files from {}...".format(load_dir))
ok, res = sdclient.load_default_falco_rules_files(load_dir)
if ok:
files_obj = res
else:
print(res)
sys.exit(1)
else:
with open(cpath, 'r') as content_file:
content = content_file.read()
required_engine_version = 0
cyaml = yaml.load(content)
def usage():
print 'usage: %s <sysdig-token>' % sys.argv[0]
print 'You can find your token at https://secure.sysdig.com/#/settings/user'
sys.exit(1)
#
# Parse arguments
#
if len(sys.argv) != 2:
usage()
sdc_token = sys.argv[1]
#
# Instantiate the SDC client
#
sdclient = SdSecureClient(sdc_token, 'https://secure.sysdig.com')
res = sdclient.create_default_policies()
#
# Return the result
#
if res[0]:
print json.dumps(res[1], indent=2)
else:
print res[1]
sys.exit(1)
'You can find your token at https://secure.sysdig.com/#/settings/user')
sys.exit(1)
#
# Parse arguments
#
if len(sys.argv) != 2:
usage()
sdc_token = sys.argv[1]
#
# Instantiate the SDC client
#
sdclient = SdSecureClient(sdc_token, 'https://secure.sysdig.com')
# Get a list of policyIds
ok, res = sdclient.list_policies()
policies = []
if not ok:
print(res)
sys.exit(1)
else:
policies = res
for policy in policies:
print("deleting policy: " + str(policy['id']))
ok, res = sdclient.delete_policy_id(policy['id'])
if not ok:
def usage():
print 'usage: %s <sysdig-token>' % sys.argv[0]
print 'You can find your token at https://secure.sysdig.com/#/settings/user'
sys.exit(1)
#
# Parse arguments
#
if len(sys.argv) != 2:
usage()
sdc_token = sys.argv[1]
#
# Instantiate the SDC client
#
sdclient = SdSecureClient(sdc_token, 'https://secure.sysdig.com')
res = sdclient.delete_all_policies()
#
# Return the result
#
if res[0]:
print res[1]
else:
print res[1]
sys.exit(1)