def get_ips_rules(self):
ips_rules = dict()
search_criteria = api.SearchCriteria()
search_criteria.id_value = 0
search_criteria.id_test = 'greater-than'
search_filter = api.SearchFilter()
search_filter.max_items = 5000
search_filter.search_criteria = [search_criteria]
ips_api = api.IntrusionPreventionRulesApi(self.api_client)
while True:
try:
rule_list = ips_api.search_intrusion_prevention_rules(
self.api_version, search_filter=search_filter)
num_found = len(rule_list.intrusion_prevention_rules)
if num_found == 0:
break
except ApiException as e:
return 'Exception: ' + str(e)
for rule in rule_list.intrusion_prevention_rules:
ips_rules[rule.id] = rule
last_id = rule_list.intrusion_prevention_rules[-1].id
search_criteria.id_value = last_id
return ips_rules
def getruleid(rule_type, rule_to_apply, configuration, api_version):
# Get the rule id
policy_instance = deepsecurity.PoliciesApi(
deepsecurity.ApiClient(configuration))
if ("ips" in rule_type):
rule_instance = deepsecurity.IntrusionPreventionRulesApi(
deepsecurity.ApiClient(configuration))
if ("im" in rule_type):
rule_instance = deepsecurity.IntegrityMonitoringRulesApi(
deepsecurity.ApiClient(configuration))
if ("li" in rule_type):
rule_instance = deepsecurity.LogInspectionRulesApi(
deepsecurity.ApiClient(configuration))
rule_id = 0
try:
if ("ips" in rule_type):
rule_response = rule_instance.list_intrusion_prevention_rules(
api_version)
attrs = rule_response._intrusion_prevention_rules
rule_id = getid(attrs, rule_to_apply)
if ("im" in rule_type):
rule_response = rule_instance.list_integrity_monitoring_rules(
api_version)
attrs = rule_response._integrity_monitoring_rules
rule_id = getid(attrs, rule_to_apply)
if ("li" in rule_type):
rule_response = rule_instance.list_log_inspection_rules(
api_version)
attrs = rule_response._log_inspection_rules
rule_id = getid(attrs, rule_to_apply)
return (rule_id)
except ApiException as e:
print(
"An exception occurred when calling IntrusionPreventionRulesApi.list_intrusion_prevention_rules: %s\n"
% e)
def getIPSrules(cve):
# Initialization
# Set Any Required Values
api_instance = deepsecurity.IntrusionPreventionRulesApi(
deepsecurity.ApiClient(configuration))
api_version = 'v1'
# Set search criteria for the date range
search_criteria = deepsecurity.SearchCriteria()
search_criteria.field_name = "CVE"
search_criteria.string_value = "%" + cve + "%"
search_filter = deepsecurity.SearchFilter(None, [search_criteria])
try:
ipsrules = api_instance.search_intrusion_prevention_rules(
api_version, search_filter=search_filter)
i = 0
for ipsrid in ipsrules.intrusion_prevention_rules:
ipsruleidentifier = ipsrid.identifier
ipsrulename = ipsrid.name
print("ID: " + str(ipsruleidentifier), "- " + str(ipsrulename))
i += 1
except ApiException as e:
print(
"An exception occurred when calling IntrusionPreventionRulesApi.search_intrusion_prevention_rules: %s\n"
% e)
def request_ips_rules(self, condition=None, rule=None):
api_instance = deepsecurity.IntrusionPreventionRulesApi(
deepsecurity.ApiClient(self.api_config))
try:
api_response = api_instance.list_intrusion_prevention_rules(
self.version)
except Exception as e:
raise
return api_response.intrusion_prevention_rules
def search_ips_rules(self, criteria):
max_items = None
search_filter = deepsecurity.SearchFilter(max_items, criteria)
im_api = deepsecurity.IntrusionPreventionRulesApi(
deepsecurity.ApiClient(self.api_config))
try:
api_response = im_api.search_intrusion_prevention_rules(
self.version, search_filter=search_filter)
except Exception as e:
raise
return api_response.intrusion_prevention_rules
def get_ips_rules(self, cves):
api_instance = ds.IntrusionPreventionRulesApi(
ds.ApiClient(self.configuration))
api_response = api_instance.list_intrusion_prevention_rules(
self.api_version)
ids = []
unfixed = set(cves)
for rule in api_response.intrusion_prevention_rules:
if rule.cve is None:
continue
for cve in rule.cve:
if cve in cves:
ids.append(rule.id)
unfixed.discard(cve)
return ids, unfixed