def request_computers(self):
"""Returns a list with all computers in the DS environment"""
computers_list = []
api_instance = deepsecurity.ComputersApi(deepsecurity.ApiClient(self.api_config))
try:
while True:
paged_response = api_instance.search_computers(self.api_version,
expand=self.COMPUTER_EXPAND, overrides=False, search_filter=self.SEARCH_FILTER)
computers_list+=paged_response.computers
last_id = computers_list[-1].id
self.SEARCH_FILTER.search_criteria.id_value = last_id
if len(paged_response.computers) != self.SEARCH_FILTER.max_items:
break
except deepsecurity.rest.ApiException as e:
self.handle_api_exception(e,"COMPUTERS")
except urllib3.exceptions.MaxRetryError as e:
raise Exception(self.MAX_RETRY_ERROR_MSG)
except urllib3.exceptions.LocationParseError:
raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH)))
except Exception as e:
raise Exception("Generic connection error!" + str(e) + "Generic connection error!")
self.SEARCH_FILTER.search_criteria.id_value = 0 #Reset the Search Criteria
return computers_list
def get_affected_instance_in_deep_security(instance_id):
"""
Find and return the specified instance in Deep Security
Returns a deepsecurity.computers.Computer object or None
"""
result = None
# if not DSM: return result
DSM_computer = client.ComputersApi(client.ApiClient(configuration))
try:
# NEED TO CHANGE THIS CODE TO SEARCH SPECIFIC INSTANCE ID
search_filter = deepsecurity.SearchFilter()
overrides = True
response = DSM_computer.search_computers('v1', search_filter=search_filter, overrides=overrides)
for computer in response.computers:
if computer.ec2_virtual_machine_summary.instance_id == instance_id:
attr = vars(computer)
print(attr['_id'])
print(type(attr['_id']))
return attr['_id']
except api_exception as ex:
print("Could not find the instance in Deep Security. Threw exception: {}".format(ex))
def tune_app_control(api, configuration, api_version, api_exception):
try:
# Create a PoliciesApi object
policies_api = api.PoliciesApi(api.ApiClient(configuration))
# List policies using version v1 of the API
policies_list = policies_api.list_policies(api_version)
# View the list of policies
# return policies_list
except api_exception as e:
return "Exception: " + str(e)
# Search computer in deep security dashboard
search_criteria = api.SearchCriteria()
search_criteria.field_name = "displayName"
search_criteria.string_value = '%' + search_name + '%'
search_criteria.string_test = "equal"
search_criteria.string_wildcards = True
# Create search filter to find computer
search_filter = api.SearchFilter(None, [search_criteria])
# Create a ComputerApi object
computer_api = api.ComputersApi(api.ApiClient(configuration))
try:
# Perform the search
computer_details = computer_api.search_computers(api_version, search_filter=search_filter)
ec2_instance_id = []
ds_ids = []
for ec2_details in computer_details.computers:
ec2_instance_id.append(ec2_details.ec2_virtual_machine_summary.instance_id)
ds_ids.append(ec2_details.id)
# Set the Reconnaissance Scan value
setting_value = api.SettingValue()
setting_value.value = "true"
# Add the SettingValue to a ComputerSettings object
computer_settings = api.ComputerSettings()
computer_settings.firewall_setting_reconnaissance_enabled = setting_value
app_controll_settings = api.ApplicationControlComputerExtension()
app_controll_settings.state = app_control_status
# Add the ComputerSettings object to a Computer object
computer = api.Computer()
computer.computer_settings = computer_settings
computer.application_control = app_controll_settings
for ds_id in ds_ids:
computer_api.modify_computer(ds_id, computer, api_version, overrides=True)
return ec2_instance_id
except api_exception as e:
return "Exception: " + str(e)
def lambda_handler(event, context):
global DSM
global configuration
configuration = client.Configuration()
# DSM_policy = client.PoliciesApi(client.ApiClient(configuration))
# DSM_client = client.ComputersApi(client.ApiClient(configuration))
ds_api_key = '2:CC8BLAbBl8VH5sfPFjygafiV7heQc9fkHhDWkNjsxRk='
ds_hostname = 'app.deepsecurity.trendmicro.com'
ds_port = '443'
# ds_ignore_ssl_validation = None
# if 'dsIgnoreSslValidation' in os.environ: ds_ignore_ssl_validation = os.environ['dsIgnoreSslValidation']
try:
# DSM connection string
configuration.host = 'https://' + ds_hostname + ':' + ds_port + '/api'
configuration.verify_ssl = False
# Authentication
configuration.api_key['api-secret-key'] = ds_api_key
api_version = 'v1'
print("Signed into Deep Security")
except api_exception as ex:
print(
"Could not successfully sign into Deep Security. Threw exception: {}"
.format(ex))
# From here we have to fetch data
DSM_computer = client.ComputersApi(client.ApiClient(configuration))
try:
# NEED TO CHANGE THIS CODE TO SEARCH SPECIFIC INSTANCE ID
search_filter = deepsecurity.SearchFilter()
overrides = False
response = DSM_computer.search_computers('v1',
search_filter=search_filter,
overrides=overrides)
for computer in response.computers:
if computer.ec2_virtual_machine_summary.instance_id == 'i-0ab687235eddfb3ad':
attr = vars(computer)
instance_in_ds = attr['_id']
api_instance = deepsecurity.ScheduledTasksApi(
deepsecurity.ApiClient(configuration))
scheduled_task = deepsecurity.ScheduledTask(
).scan_for_recommendations_task_parameters
res = api_instance.create_scheduled_task(
scheduled_task, api_version)
print("Found the instance in Deep Security as computer {}".format(
len(response.computers)))
except api_exception as ex:
print(
"Could not find the instance in Deep Security. Threw exception: {}"
.format(ex))
def request_computers(self):
"""Returns a list with all computers in the DS environment"""
api_instance = deepsecurity.ComputersApi(
deepsecurity.ApiClient(self.api_config))
try:
api_response = api_instance.list_computers(self.version,
overrides=False)
except ApiException as e:
raise
return api_response.computers
def DeepSec_Api():
print ('Connecting to Deep Security Platform ...###Calling Deep Security API###')
if not sys.warnoptions:
warnings.simplefilter("ignore")
configuration=deepsecurity.Configuration()
configuration.host="https://app.deepsecurity.trendmicro.com:443/api"
#print ('deeptoken', deeptoken)
dee=deeptoken
print ('Fetching endpoint information using Access Key :', dee)
configuration.api_key['api-secret-key']=dee
api_instance=deepsecurity.ComputersApi(deepsecurity.ApiClient(configuration))
api_version='v1'
expand_options=deepsecurity.Expand()
expand_options.add(expand_options.none)
expand=expand_options.list()
overrides=False
try:
api_response=api_instance.list_computers(api_version,expand=expand,overrides=overrides)
#pprint(api_response)
except ApiException as e:
print("Exception: %s",e)
#sqlmain()
try:
conn = sqlmain()
c = conn.cursor()
print ('Downloading Report from Deep Security Platform ...###Calling Deep Security API###')
for item in tqdm(api_response.computers):
sql = f' INSERT INTO DeepSecurity(host_name, agent_version, computer_status, last_agent_communication, anti_malware, last_ip_used) ' \
f'VALUES(?, ?, ?, ?, ?, ?) '
cur = conn.cursor()
# Prepare data to insert
list_array = []
host_name = item.host_name if item.host_name else 'None';
agent_version = item.agent_version if item.agent_version else 'None';
computer_status = item.computer_status if item.computer_status else 'None';
last_agent_communication = str(item.last_agent_communication) if item.last_agent_communication else 'None';
anti_malware = item.anti_malware if item.anti_malware else 'None';
last_ip_used = item.last_ip_used if item.last_ip_used else 'None';
list_array.extend((host_name, agent_version, computer_status, last_agent_communication, anti_malware, last_ip_used))
# execute insert query
c.execute(sql, list_array)
conn.commit()
inserted_id = cur.lastrowid
#print(inserted_id)
except Error as e:
print(e)
finally:
if conn:
conn.close()
def request_computer_per_id(self, comp_id):
"""Returns a unique computer in the DS environment"""
api_instance = deepsecurity.ComputersApi(deepsecurity.ApiClient(self.api_config))
try:
api_response = api_instance.describe_computer(comp_id, self.api_version,
expand=self.COMPUTER_EXPAND, overrides=False)
except deepsecurity.rest.ApiException as e:
self.handle_api_exception(e,"COMPUTERS")
except urllib3.exceptions.MaxRetryError as e:
raise Exception(self.MAX_RETRY_ERROR_MSG)
except urllib3.exceptions.LocationParseError:
raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH)))
return api_response
def GetAllComputers(configuration):
expand = Expand(Expand.ec2_virtual_machine_summary)
expndList = expand.list()
# Set search criteria
search_criteria = api.SearchCriteria()
search_criteria.id_value = 0
search_criteria.id_test = "greater-than"
# Create a search filter with maximum returned items
page_size = 50
search_filter = api.SearchFilter()
search_filter.max_items = page_size
search_filter.search_criteria = [search_criteria]
# Perform the search and do work on the results
computers_api = api.ComputersApi(api.ApiClient(configuration))
paged_computers = []
while True:
try:
t0 = time.time()
computers = computers_api.search_computers(
api_version, search_filter=search_filter, expand=expndList)
t1 = time.time()
num_found = len(computers.computers)
current_paged_computers = []
if num_found == 0:
print("No computers found.")
break
for computer in computers.computers:
current_paged_computers.append(computer)
paged_computers.append(current_paged_computers)
# Get the ID of the last computer in the page and return it with the number of computers on the page
last_id = computers.computers[-1].id
search_criteria.id_value = last_id
print("Last ID: " + str(last_id),
"Computers found: " + str(num_found))
print("Return rate: {0} hosts/sec".format(num_found / (t1 - t0)))
if num_found != page_size:
print("Num_found {0} - Page size is {1}".format(
num_found, page_size))
except api_exception as e:
print("Exception: {0}".format(str(e)))
return paged_computers
def getcomputerinfo(host_id, policy_id, configuration, api_version, overrides):
try:
computer_instance = deepsecurity.ComputersApi(
deepsecurity.ApiClient(configuration))
computers = computer_instance.list_computers(api_version,
overrides=overrides)
for computer in computers.computers:
if (computer.policy_id == policy_id):
if (computer.id == host_id):
print(computer)
except ApiException as e:
print(
"An exception occurred when calling ComputersApi.list_computers: %s\n"
% e)
def get_computer_id(self, hostname):
print(f'Searching for "{hostname}" IDs...')
search_field = 'hostName'
search_computers_api = api.ComputersApi(
self.api_client).search_computers
computer = self._find_exact_match(search_field, hostname,
search_computers_api)
if not computer.computers:
sys.exit('Error: Could not find hostname')
computer_id = computer.computers[0].id
print(f'"{hostname}" - Computer ID: {computer_id}')
return computer_id
def get_computers(self):
expand = api.Expand(api.Expand.intrusion_prevention)
try:
computers_api = api.ComputersApi(self.api_client)
computer_list = computers_api.list_computers(self.api_version,
expand=expand.list(),
overrides=False)
except ApiException as e:
return 'Exception: ' + str(e)
computers = dict()
for computer in computer_list.computers:
computers[computer.host_name] = computer
return computers
def getacstatus(host_id, policy_id, configuration, api_version, overrides):
try:
computer_instance = deepsecurity.ComputersApi(
deepsecurity.ApiClient(configuration))
computers = computer_instance.list_computers(api_version,
overrides=overrides)
for computer in computers.computers:
if (computer.policy_id == policy_id):
if (computer.id == host_id):
if (computer.tasks is not None):
print("Current status: " +
computer.tasks.agent_tasks[0])
return (computer.tasks.agent_tasks[0])
else:
return (None)
except ApiException as e:
print(
"An exception occurred when calling ComputersApi.list_computers: %s\n"
% e)
def change_computer_name(self, current_name, new_name):
computer_id = self.get_computer_id(current_name)
computers_api = api.ComputersApi(self.api_client)
computer = api.Computer()
computer.host_name = new_name
try:
computers_api.modify_computer(computer_id,
computer,
self.api_version,
overrides=False)
print(
f'Successfully changed computer name from "{current_name}" to "{new_name}"'
)
except ApiException as e:
print(str(e))
sys.exit(1)
def sign_in_to_deep_security():
"""
Sign in to Deep Security
"""
global DSM
global configuration
configuration = client.Configuration()
DSM_policy = client.PoliciesApi(client.ApiClient(configuration))
DSM_client = client.ComputersApi(client.ApiClient(configuration))
if 'apiKey' not in os.environ:
print("apiKey is REQUIRED environment variables for this AWS Lambda function")
return None
ds_api_key = os.environ['apiKey']
ds_hostname = None
if 'dsHostname' in os.environ: ds_hostname = os.environ['dsHostname']
ds_port = None
if 'dsPort' in os.environ: ds_port = os.environ['dsPort']
# ds_ignore_ssl_validation = None
# if 'dsIgnoreSslValidation' in os.environ: ds_ignore_ssl_validation = os.environ['dsIgnoreSslValidation']
try:
# DSM connection string
configuration.host = 'https://' + ds_hostname + ':' + ds_port + '/api'
configuration.verify_ssl = False
# Authentication
configuration.api_key['api-secret-key'] = ds_api_key
api_version = 'v1'
policies_list = DSM_policy.list_policies(api_version)
computer_list = DSM_client.list_computers(api_version)
print("Signed into Deep Security")
except api_exception as ex:
print("Could not successfully sign into Deep Security. Threw exception: {}".format(ex))
def get_anti_malware_status_for_computers(api, configuration, api_version,
api_exception):
"""Obtains agent and appliance status for the Anti-Malware module of all computers.
Returns the status information of all computers that have the Anti-Malware module turned off,
or where the status of the module is not active as comma-separated values.
:param api: The Deep Security API modules.
:param configuration: Configuration object to pass to the api client.
:param api_version: The version of the API to use.
:param api_exception: The Deep Security API exception module.
:return: A string that can be saved as a CSV file.
"""
# Add column titles to comma-separated values string
csv = "Host Name,Module State,Agent or Appliance,Status,Status Message\r\n"
# Include Anti-Malware information in the returned Computer objects
expand = api.Expand(api.Expand.anti_malware)
try:
computers_api = api.ComputersApi(api.ApiClient(configuration))
computers = computers_api.list_computers(api_version,
expand=expand.list(),
overrides=False)
print('1')
# Get the list of computers and iterate over it
for computer in computers.computers:
# Module information to add to the CSV string
module_info = []
# Check that the computer has a an agent or appliance status
if computer.anti_malware.module_status:
agent_status = computer.anti_malware.module_status.agent_status
appliance_status = computer.anti_malware.module_status.appliance_status
else:
agent_status = None
appliance_status = None
# Agents that are not active for the module
if agent_status and agent_status != "inactive":
# Host name
module_info.append(computer.host_name)
# Module state
module_info.append(computer.anti_malware.state)
# Agent status and status message
module_info.append("Agent")
module_info.append(agent_status)
module_info.append(
computer.anti_malware.module_status.agent_status_message)
# Add the module info to the CSV string
csv_line = ""
for num, item in enumerate(module_info):
csv_line += item
if num != (len(module_info) - 1):
csv_line += ","
else:
csv_line += "\r\n"
csv += csv_line
# Appliances that are not active for the module
if appliance_status and appliance_status != "inactive":
# Host name
module_info.append(computer.host_name)
# Module state
module_info.append(computer.anti_malware.state)
# Appliance status and status message
module_info.append("Appliance")
module_info.append(appliance_status)
module_info.append(computer.anti_malware.module_status.
appliance_status_message)
# Add the module info to the CSV string
csv_line = ""
for num, item in enumerate(module_info):
csv_line += item
if num != (len(module_info) - 1):
csv_line += ","
else:
csv_line += "\r\n"
csv += csv_line
return csv
except api_exception as e:
return "Exception: " + str(e)
def _GetGroupComputers(self, configuration, groupID):
# Set search group criteria
search_group_criteria = api.SearchCriteria()
search_group_criteria.field_name = "groupID"
if groupID:
search_group_criteria.numeric_value = groupID
search_group_criteria.numeric_test = "equal"
else:
search_group_criteria.null_test = True
# Set search criteria
search_criteria = api.SearchCriteria()
search_criteria.id_value = 0
search_criteria.id_test = "greater-than"
# Create a search filter with maximum returned items
page_size = 250
search_filter = api.SearchFilter()
search_filter.max_items = page_size
search_filter.search_criteria = [
search_criteria, search_group_criteria
]
# Perform the search and do work on the results
computers_api = api.ComputersApi(api.ApiClient(configuration))
paged_computers = []
while True:
try:
expand = Expand(Expand.ec2_virtual_machine_summary)
t0 = time.time()
computers = computers_api.search_computers(
api_version,
search_filter=search_filter,
expand=expand.list())
t1 = time.time()
num_found = len(computers.computers)
current_paged_computers = []
if num_found == 0:
#This gets noise with so many threads
#print("No computers found.")
break
for computer in computers.computers:
current_paged_computers.append(computer)
paged_computers.append(current_paged_computers)
# Get the ID of the last computer in the page and return it with the number of computers on the page
last_id = computers.computers[-1].id
search_criteria.id_value = last_id
print("Last ID: " + str(last_id),
"Computers found: " + str(num_found))
print("Return rate: {0} hosts/sec".format(num_found /
(t1 - t0)))
if num_found != page_size:
print("Num_found {0} - Page size is {1}".format(
num_found, page_size))
except api_exception as e:
print("Exception: {0}".format(str(e)))
return paged_computers
with open(property_file) as raw_properties:
properties = json.load(raw_properties)
secret_key = properties['secretkey']
url = properties['url']
api_version = 'v1'
# Add DSM host information to the API client configuration
configuration = api.Configuration()
configuration.host = url
configuration.api_key['api-secret-key'] = secret_key
# Initialization
# Set Any Required Values
api_instance = api.ComputersApi(api.ApiClient(configuration))
# Add AV and IPS information
expand_options = api.Expand()
expand_options.add(api.Expand.computer_status)
expand_options.add(api.Expand.security_updates)
expand_options.add(api.Expand.intrusion_prevention)
expand_options.add(api.Expand.anti_malware)
expand_options.add(api.Expand.interfaces)
expand_options.add(api.Expand.azure_arm_virtual_machine_summary)
expand = expand_options.list()
overrides = False
# Set search criteria
search_criteria = api.SearchCriteria()
search_criteria.id_value = 0
search_criteria.id_test = "greater-than"
def gethostid(policy_id, configuration, api_version, overrides):
try:
# Get the hosts that are using the selected policy
hosts_using_policy = []
computer_instance = deepsecurity.ComputersApi(
deepsecurity.ApiClient(configuration))
computers = computer_instance.list_computers(api_version,
overrides=overrides)
for computer in computers.computers:
computer_info = []
if (computer.policy_id == policy_id):
host_string = computer.display_name + "(" + computer.host_name + ")"
hosts_using_policy.append(host_string)
# If not hosts are using the selected policy, exit
if hosts_using_policy is None:
print(
"There are no hosts with the selected policy assigned. Please assign the policy to the host under test and re-run the script"
)
exit()
# Otherwise prompt the user to confirm
if (len(hosts_using_policy) == 1):
y_or_n_selected = False
while (y_or_n_selected == False):
print("The host under test is: " + hosts_using_policy[0])
print("Is this correct (y/n)?")
host_correct = input()
if (host_correct.isalpha() and len(host_correct) == 1):
if ("y" in host_correct.lower()):
print("Using host: " + hosts_using_policy[0])
y_or_n_selected = True
else:
print(
"Please assign the policy you selected to the host under test or select the policy assigned to the host under test and try again"
)
exit()
else:
print("Invalid entry, please try again")
# If there is more than one host using the policy
# Prompt the user to provide the system under test
if (len(hosts_using_policy) > 1):
count = 1
for host in hosts_using_policy:
print(str(count) + " = " + host)
count += 1
print(
"Enter the number for the host you will be running these tests on?"
)
selected_host = input()
if (not selected_host.isdigit()) or (int(selected_host) >
(len(hosts_using_policy) + 1)
or selected_host == 0):
print("Invalid option, please try again")
selected_host = 0
selected_host = int(selected_host) - 1
print("You have selected to use: " +
hosts_using_policy[selected_host] +
" as the host under test")
host_to_select = hosts_using_policy[selected_host]
else:
print("This policy is assigned to: " + hosts_using_policy[0] +
" so this host is selected as the host under test")
host_to_select = hosts_using_policy[0]
# Get the host id
for computer in computers.computers:
if (computer.host_name in host_to_select):
return (computer.id)
except ApiException as e:
print(
"An exception occurred when calling ComputersApi.list_computers: %s\n"
% e)
configuration.api_key['api-secret-key'] = '2:PZGmBIe8rcKSF6fK2HeMkoyh5ZrC/fQeeyJyUjcpzyk='
# Initialization
# Set Any Required Values
api_instance = deepsecurity.PoliciesApi(deepsecurity.ApiClient(configuration))
api_version = 'v1'
search_criteria = deepsecurity.SearchCriteria()
search_criteria.field_name = "name"
search_criteria.string_test = "equal"
search_criteria.string_value = "%Linux Server%"
# Create a search filter
search_filter = deepsecurity.SearchFilter(None, [search_criteria])
policies_api = deepsecurity.PoliciesApi(deepsecurity.ApiClient(configuration))
computers_api = deepsecurity.ComputersApi(deepsecurity.ApiClient(configuration))
computer = deepsecurity.Computer()
try:
# Perform the search
policy_search_results = policies_api.search_policies(api_version, search_filter=search_filter)
# Assign the policy to the computer
computer.policy_id = REPLACE_WITH_THE_POLICY_ID_TO_ASSIGN
computers_api.modify_computer(REPLACE_WITH_THE_COMPUTER_ID_TO_MODIFY, computer, api_version)
except ApiException as e:
pprint( "Exception: " + str(e))
# Initialization
#DSAAS SOAP API Setup
client = zeep.Client(wsdl=url + '/webservice/Manager?WSDL',
transport=transport_with_basic_auth)
# client.wsdl.dump()
if tenant != "":
sessionId = client.service.authenticateTenant(tenant, username, password)
else:
sessionId = client.service.authenticate(username, password)
# Set Any Required Values
api_instance1 = deepsecurity.ComputersApi(
deepsecurity.ApiClient(configuration))
api_instance2 = deepsecurity.AntiMalwareConfigurationsApi(
deepsecurity.ApiClient(configuration))
api_version = 'v1'
overrides = False
dateNow = datetime.datetime.now() - datetime.timedelta(days=15)
def json_default(value):
if isinstance(value, datetime.datetime):
return dict(year=value.year,
month=value.month,
day=value.day,
hour=value.hour,
minute=value.minute,
