def create_api_call(): if USE_SSL: return duo_client.Admin(ikey=INTEGRATION_KEY, skey=SECRET_KEY, host=HOST, ca_certs='DISABLE') return duo_client.Admin(ikey=INTEGRATION_KEY, skey=SECRET_KEY, host=HOST)
def run(self): Responder.run(self) if self.get_param('data.dataType') == 'username': str_username = self.get_param('data.data', None, 'No artifacts available') admin_api = duo_client.Admin(self.iKey, self.sKey, self.API_hostname) response = admin_api.get_users_by_name(username=str_username) # print(response) user_id=response[0]["user_id"] # print("user_id:",user_id) r = admin_api.update_user(user_id=user_id,status='disabled') # print("response:",r) if r.get('status') == 'disabled': self.report({'message': 'User is locked in Duo Security.'}) else: self.error('Failed to lock User Account in Duo.') else: self.error('Incorrect dataType. "username" expected.')
def main(): try: state = pickle.load(open(options.statepath, "rb")) except IOError: # Oh, you're new. # Note API v2 expect full, correct and within range timestamps in millisec so we start recently # API v1 uses normal timestamps in seconds instead state = { "administration": 0, "administration_offset": None, "authentication": 1547000000000, "authentication_offset": None, "telephony": 0, "telephony_offset": None, } # Convert v1 (sec) timestamp to v2 (ms)... if state["authentication"] < 1547000000000: state["authentication"] = int(str(state["authentication"]) + "000") duo = duo_client.Admin(ikey=options.IKEY, skey=options.SKEY, host=options.URL) mozmsg = mozdef.MozDefEvent(options.MOZDEF_URL) mozmsg.tags = ["duosecurity"] if options.update_tags != "": mozmsg.tags.append(options.update_tags) mozmsg.set_category("authentication") mozmsg.source = "DuoSecurityAPI" if options.DEBUG: mozmsg.debug = options.DEBUG mozmsg.set_send_to_syslog(True, only_syslog=True) # This will process events for all 3 log types and send them to MozDef. the state stores the last position in the # log when this script was last called. # NOTE: If administration and telephone logs support a "v2" API in the future it will most likely need to have the # same code with `next_offset` as authentication uses. state = process_events( mozmsg, duo.get_administrator_log(mintime=state["administration"] + 1), "administration", state) state = process_events( mozmsg, duo.get_authentication_log( api_version=2, limit="1000", sort="ts:asc", mintime=state["authentication"] + 1, next_offset=state["authentication_offset"], ), "authentication", state, ) state = process_events( mozmsg, duo.get_telephony_log(mintime=state["telephony"] + 1), "telephony", state) pickle.dump(state, open(options.statepath, "wb"))
def _setup_plugins_config(self): """Setup values from plugins.ini configuration.""" option = get_plugin_config_options('duo') try: self.admin_api = duo_client.Admin( ikey=option['integration_key'], skey=option['secret_key'], host=option['api_hostname'], ) except KeyError as err: raise PluginError('No "%s" option in plugins.ini' % err.message)
def create_api_call(): if USE_SSL: client = duo_client.Admin( ikey=INTEGRATION_KEY, skey=SECRET_KEY, host=HOST, ) else: client = duo_client.Admin(ikey=INTEGRATION_KEY, skey=SECRET_KEY, host=HOST, ca_certs='DISABLE') try: client._make_request = lambda method, uri, body, headers: override_make_request( client, method, uri, body, headers) except Exception as e: demisto.error( "Error making request - failed to create client: {}".format(e)) raise Exception return client
def main(mytimer: func.TimerRequest) -> None: logging.info('Starting script') admin_api = duo_client.Admin( ikey=CISCO_DUO_INTEGRATION_KEY, skey=CISCO_DUO_SECRET_KEY, host=CISCO_DUO_API_HOSTNAME, ) sentinel = AzureSentinelConnector(log_analytics_uri=LOG_ANALYTICS_URI, workspace_id=WORKSPACE_ID, shared_key=SHARED_KEY, log_type=LOG_TYPE, queue_size=5000) state_manager = StateManager( FILE_SHARE_CONN_STRING, file_path='cisco_duo_trust_monitor_logs_last_ts.txt') process_trust_monitor_events(admin_api, state_manager=state_manager, sentinel=sentinel) state_manager = StateManager(FILE_SHARE_CONN_STRING, file_path='cisco_duo_auth_logs_last_ts.txt') process_auth_logs(admin_api, state_manager=state_manager, sentinel=sentinel) state_manager = StateManager(FILE_SHARE_CONN_STRING, file_path='cisco_duo_admin_logs_last_ts.txt') process_admin_logs(admin_api, state_manager=state_manager, sentinel=sentinel) state_manager = StateManager(FILE_SHARE_CONN_STRING, file_path='cisco_duo_tele_logs_last_ts.txt') process_tele_logs(admin_api, state_manager=state_manager, sentinel=sentinel) state_manager = StateManager( FILE_SHARE_CONN_STRING, file_path='cisco_duo_offline_enrollment_logs_last_ts.txt') process_offline_enrollment_logs(admin_api, state_manager=state_manager, sentinel=sentinel) logging.info('Script finished. Sent events: {}'.format( sentinel.successfull_sent_events_number))
def admin_api_from_config(config_path): """ Return a duo_client.Admin object created using the parameters stored in a config file. """ config = ConfigParser.ConfigParser() config.read(config_path) config_d = dict(config.items('duo')) ca_certs = config_d.get("ca_certs", None) if ca_certs is None: ca_certs = config_d.get("ca", None) return duo_client.Admin( ikey=config_d['ikey'], skey=config_d['skey'], host=config_d['host'], ca_certs=ca_certs, )
def main(): try: state = pickle.load(open(options.statepath, 'rb')) except IOError: # Oh, you're new. # Note API v2 expect full, correct and within range timestamps in millisec so we start recently # API v1 uses normal timestamps in seconds instead state = { 'administration': 0, 'authentication': 1547000000000, 'telephony': 0 } # Convert v1 (sec) timestamp to v2 (ms)... if state['authentication'] < 1547000000000: state['authentication'] = int(str(state['authentication']) + '000') duo = duo_client.Admin(ikey=options.IKEY, skey=options.SKEY, host=options.URL) mozmsg = mozdef.MozDefEvent(options.MOZDEF_URL) mozmsg.tags = ['duosecurity'] if options.update_tags != '': mozmsg.tags.append(options.update_tags) mozmsg.set_category('authentication') mozmsg.source = 'DuoSecurityAPI' if options.DEBUG: mozmsg.debug = options.DEBUG mozmsg.set_send_to_syslog(True, only_syslog=True) # This will process events for all 3 log types and send them to MozDef. the state stores the last position in the # log when this script was last called. state = process_events( mozmsg, duo.get_administrator_log(mintime=state['administration'] + 1), 'administration', state) # TODO Should use `next_offset` instead of mintime in the future (for api v2) as its more efficient state = process_events( mozmsg, duo.get_authentication_log(api_version=2, mintime=state['authentication'] + 1), 'authentication', state) state = process_events( mozmsg, duo.get_telephony_log(mintime=state['telephony'] + 1), 'telephony', state) pickle.dump(state, open(options.statepath, 'wb'))
def init_duoclient(self, config): try: client = duo_client.Admin( ikey=config['duoclient']['ikey'], skey=config['duoclient']['skey'], host=config['duoclient']['host'], user_agent=('Duo Log Sync/' + __version__), ) logging.info( "Adminapi initialized for ikey {} and host {}...".format( config['duoclient']['ikey'], config['duoclient']['host'])) except Exception as e: logging.error( "Unable to create duo client. Pls check credentials...") sys.exit(1) return client