def loginspectiontest(rule_to_apply, policy_id, configuration, api_version, overrides, operating_system): print("---Running The Log Inspection Test---") #Get the LI Rule ID rule_id = getruleid("li", rule_to_apply, configuration, api_version) # Check if the rule is assigned to the policy found = checkifruleassigned(rule_to_apply, "li", rule_id, policy_id, configuration, api_version, overrides) # If the rule is not assigned, then assign it if (found == False): assignlirule(rule_to_apply, rule_id, policy_id, configuration, api_version, overrides, True) # Run the tests runtest(operating_system) # If the rule was not originally assigned, remove it to restore the state of the policy if (found == False): assignlirule(rule_to_apply, rule_id, policy_id, configuration, api_version, overrides, False) # Perform a heartbeat to get the events to Cloud One or Deep Security Manager sendheartbeat(operating_system) print("---Log Inspection Test Completed---")
def ipstest(rule_to_apply, policy_id, configuration, api_version, overrides, operating_system): #Get the IPS rule id for the rule defined by rule_to_apply print("---Running The Intrusion Prevention Test---") rule_id = getruleid("ips", rule_to_apply, configuration, api_version) #Check if the rule is assigned to the policy found = checkifruleassigned(rule_to_apply, "ips", rule_id, policy_id, configuration, api_version, overrides) #If the rule is not assigned, assign it if (found == False): assignipsrule(rule_to_apply, rule_id, policy_id, configuration, api_version, overrides, True) # Wait for the policy to be sent time.sleep(10) # Run the test runtest() #If the rule was not originally assigned, unassign it to restore the original state if (found == False): assignipsrule(rule_to_apply, rule_id, policy_id, configuration, api_version, overrides, False) #Perform a heartbeat to get the events to Cloud One or Deep Security Manager sendheartbeat(operating_system) print("---Intrusion Prevention Test Complete---")
def dockeramtest(host_id, policy_id, configuration, api_version, overrides, operating_system): # Check if Docker is installed print("---Running The Docker Test---") docker_installed = False if ("ubuntu" in operating_system or "redhat" in operating_system): print("Checking if Docker is installed") cmd = "sudo docker version" output = runcommand(cmd) if (output == ""): print("Docker not found; installing Docker") if ("ubuntu" in operating_system): cmd = "sudo apt-get install docker.io -y" output = runcommand(cmd) if ("redhat" in operating_system): cmd = "sudo yum install docker -y" output = runcommand(cmd) else: docker_installed = True if ("windows" in operating_system): print( "This test only works on ubuntu and redhat currently. Exiting!!") return () cmd = "docker version" output = runcommand(cmd) if ("docker" in output.lower() and "version" in output.lower() and "build" in output.lower()): print("Found docker installed already") docker_installed = True else: cmd = "curl https://download.docker.com/win/stable/Docker%20Desktop%20Installer.exe -o Docker_Desktop_Installer.exe" output = runcommand(cmd) cmd = "Docker_Desktop_Installer.exe install --quiet" output = runcommand(cmd) # Run the tests runtest(host_id, policy_id, configuration, api_version, overrides, operating_system) #Clean up after the tests and reset the system to it's original state if (docker_installed == False): cleanup(operating_system) # Perform a heartbeat to get the events to Cloud One or Deep Security Manager sendheartbeat(operating_system)
def antimalwaretest(operating_system): # Set up the filenames to write the downloaded files to tempfile = "eicar.com" tempfile2 = "eicar.com.txt" tempfile3 = "eicar_com.zip" tempfile4 = "eicarcom2.zip" # Attempt to download the various eicar test files print("---Running Anti-Malware Test---") print("Downloading eicar.com") downloadfileutf8('https://secure.eicar.org/eicar.com', tempfile) print("Downloading eicar.com.txt") downloadfileutf8('https://secure.eicar.org/eicar.com.txt', tempfile2) print("Downloading eicar_com.zip") downloadfilebinary('https://secure.eicar.org/eicar_com.zip', tempfile3) print("Downloading eicarcom2.zip") downloadfilebinary('https://secure.eicar.org/eicarcom2.zip', tempfile4) print("---Anti-Malware Test Complete---") #Perform a heartbeat to get the events to Cloud One or Deep Security Manager sendheartbeat(operating_system)
def applicationcontroltest(host_id, policy_id, configuration, api_version, overrides, operating_system): print("---Running The Application Control Test---") #Check if Application control is already enabled enabled = False policies_api = deepsecurity.PoliciesApi(deepsecurity.ApiClient(configuration)) application_control_policy_extension = deepsecurity.ApplicationControlPolicyExtension() if(application_control_policy_extension.state is not None): if("on" in application_control_policy_extension.state): enabled = True #If application control is not enabled, enable it if(enabled == False): print("Enabling Application Control") enabledisableapplicationcontrol(policy_id, policies_api, application_control_policy_extension, api_version, "on") done = False while done == False: print("Waiting for Application Control Baseline to finish...") #put a sleep here to allow the policy to update and the baseline to start time.sleep(30) status = getacstatus(host_id, policy_id, configuration, api_version, overrides) if(status is not None): if("sending policy" in status.lower() or "application control inventory scan in progress" in status.lower() or "security update in progress" in status.lower()): time.sleep(10) else: print("Application Control Baseline complete") done = True #Run the tests runtest(operating_system) # If Application Control was not previously on, turn it off again to return the policy to it's original state if(enabled == False): enabledisableapplicationcontrol(policy_id, policies_api, application_control_policy_extension, api_version, "off") #Clean up after the tests and reset the system to it's original state cleanup(policy_id, policies_api, application_control_policy_extension, api_version, enabled, operating_system) # Perform a heartbeat to get the events to Cloud One or Deep Security Manager sendheartbeat(operating_system) print("---Application Control Test Completed---")
def webreputationtest(policy_id, configuration, api_version, overrides, operating_system): print("---Running The Web Reputation Test---") # Check if WRS is on or off current_state = checkifwrson(policy_id, configuration, api_version, overrides) # If it's off, let's turn it on if ("off" in current_state): modifywrsstate(policy_id, configuration, api_version, overrides, "on") time.sleep(10) # Attempt to access each of the sites to trigger events print("Testing the Dangerous URL: http://wrs49.winshipway.com/") print(subprocess.call(['curl', 'http://wrs49.winshipway.com/'])) print("Testing the Highly Suspicious URL: http://wrs65.winshipway.com/") print(subprocess.call(['curl', 'http://wrs65.winshipway.com/'])) print("Testing the Suspicious URL: http://wrs70.winshipway.com/") print(subprocess.call(['curl', 'http://wrs70.winshipway.com/'])) print("Testing the Unrated URL: http://wrs71.winshipway.com/") print(subprocess.call(['curl', 'http://wrs71.winshipway.com/'])) print("Testing the Normal URL: http://wrs81.winshipway.com/") print(subprocess.call(['curl', 'http://wrs81.winshipway.com/'])) print("Testing the Dangerous C&C URL: http://ca91-1.winshipway.com/") print(subprocess.call(['curl', 'http://ca91-1.winshipway.com/'])) # If WRS was off originally, turn it off again if ("off" in current_state): modifywrsstate(policy_id, configuration, api_version, overrides, "off") # Perform a heartbeat to get the events to Cloud One or Deep Security Manager sendheartbeat(operating_system) print("---Web Reputation Test Completed---")