def delete_entry_from_intelfeed(api, entry, infile): """ Delete entry from Darktrace intelligence feed :param api: Valid and authenticated Darktrace API object :type api: Api :param entry: Entry to delete from Darktrace's intelligence feed :type entry: String :param infile: File containing one entry per line for deletion from Darktrace's intelligence feed :type infile: String :return: Response message :rtype: String """ if infile: results = [] with open(infile, 'r') as input_file: for line in input_file.readlines(): line = line.strip() if is_valid_ipv4_address(line) or is_valid_domain(line): results.append({ line: api.post('/intelfeed', postdata={'removeentry': line}, removeentry=line) }) else: results.append({ line: 'Not a valid IPv4 address or domain name' }) return results if entry: if is_valid_ipv4_address(entry) or is_valid_domain(entry): return api.post('/intelfeed', postdata={'removeentry': entry}, removeentry=entry) return 'Not a valid domain, hostname, ip address or file'
def test_is_valid_ipv4_address(): with pytest.raises(TypeError) as exc_info: is_valid_ipv4_address(10000000) assert isinstance(exc_info.value, TypeError) assert is_valid_ipv4_address('10.0.0.1') assert not is_valid_ipv4_address('Test') assert not is_valid_ipv4_address('10.0.0.0/24')
def get_endpoint_details(api, host, infile): """ Retrieve details for external IP addresses and hostnames. :param api: Darktrace API object with initialized config values :type api: Api :param host: External hostname to receive details for :type host: String :param infile: Input file with an endpoint on each line :type infile: String :return: Details for external host :rtype: Dict or List """ if infile: if not os.path.isfile(infile): raise click.UsageError('Input file does not exist') details = [] with open(infile) as input_list: for line in input_list.readlines(): details.append(api.get('/endpointdetails', additionalinfo='true', devices='true', ip=line.strip())) return details if is_valid_ipv4_address(host): details = api.get('/endpointdetails', additionalinfo='true', devices='true', ip=host) else: details = api.get('/endpointdetails', additionalinfo='true', devices='true', hostname=host) return details
def test_is_valid_ipv4_network(): with pytest.raises(AttributeError) as exc_info: is_valid_ipv4_network(10000000) assert isinstance(exc_info.value, AttributeError) assert is_valid_ipv4_network('10.0.0.0/24') assert is_valid_ipv4_network('10.0.0.0/24/24') assert is_valid_ipv4_network('10.0.0.1') assert not is_valid_ipv4_address('not_a_network')
def endpoint_details(program_state, host, infile, outfile): """Returns details for external IP addresses and hostnames.""" if not host and not infile: raise click.UsageError( 'Missing option "--host" / "-h" or "--infile" / "-i".') if host and not (is_valid_hostname(host) or is_valid_ipv4_address(host)): raise click.UsageError('Invalid hostname or IP address') output = get_endpoint_details(program_state.api, host, infile) process_output(output, outfile)
def ip_info(program_state, ip_address, days, outfile): """ Return device data for this IP address \b Arguments: IP_ADDRESS IP address to search """ if not is_valid_ipv4_address(ip_address): raise click.UsageError('not a valid IP address') output = get_device_info_by_ip(program_state.api, ip_address, days) process_output(output, outfile)