def __init__(self, connection, configuration): self.logger = logger.set_logger(__name__) self.endpoint_start = '' headers = dict() host_port = connection.get('host') + ':' + str( connection.get('port', '')) headers['accept'] = 'application/json' auth = configuration.get('auth') if auth is not None and auth.get('token', None) is not None: headers['Authorization'] = 'token {}'.format(auth.get('token')) url_modifier_function = None headers['user-agent'] = _USER_AGENT self.timeout = connection['options'].get('timeout') self.result_limit = connection['options'].get('result_limit') if self.result_limit > _MAX_RESULT: self.logger.warning( "The length exceeds length limit. Use default length: %s", _MAX_RESULT) self.result_limit = _MAX_RESULT self.client = RestApiClient(host_port, None, headers, url_modifier_function, cert_verify=connection.get( 'selfSignedCert', True), sni=connection.get('sni', None))
class APIClient(): PING_ENDPOINT = 'sensor' PROCESS_ENDPOINT = 'process' def __init__(self, connection, configuration): self.endpoint_start = 'api/v1/' auth = configuration.get('auth') headers = dict() headers['X-Auth-Token'] = auth.get('token') self.client = RestApiClient(connection.get('host'), connection.get('port'), headers, cert_verify=connection.get( 'selfSignedCert', True), sni=connection.get('sni', None)) self.timeout = connection['options'].get('timeout') def ping_box(self): endpoint = self.endpoint_start + self.PING_ENDPOINT return self.client.call_api(endpoint, 'GET', timeout=self.timeout) def run_search(self, query_expression, start=0, rows=10): headers = dict() endpoint = self.endpoint_start + self.PROCESS_ENDPOINT data = [("q", query_expression), ("start", start), ("rows", rows)] sort_by = 'start asc' # The purpose of this is to maintain order stability when doing paging data.append(("sort", sort_by)) return self.client.call_api(endpoint, 'GET', headers, urldata=data, timeout=self.timeout)
def parse_query(self, data): proxy_host = self.options['proxy_host'] proxy_port = self.options['proxy_port'] connection, configuration = unwrap_connection_options(self.options) client = RestApiClient( proxy_host, proxy_port, url_modifier_function=lambda host_port, endpoint, headers: f'https://{host_port}{endpoint}', cert_verify=self.options.get('proxy_cert')) response = client.call_api('/parse_query', 'POST', data=json.dumps({ 'module': connection['type'], 'data_source': {}, 'data': data, 'options': connection['options'] }), timeout=self.options.get('timeout')) return json.loads(response.bytes)
def translate_results(self, data_source, data): # A proxy translation call passes the entire data source connection object in as the options # Top-most connection host and port are for the proxy proxy_host = self.options['proxy_host'] proxy_port = self.options['proxy_port'] connection, configuration = unwrap_connection_options(self.options) client = RestApiClient( proxy_host, proxy_port, url_modifier_function=lambda host_port, endpoint, headers: f'http://{host_port}{endpoint}') response = client.call_api('/translate_results', 'POST', data=json.dumps({ 'module': connection['type'], "data_source": data_source, "results": data, "options": connection['options'] }), timeout=self.options.get('timeout')) return json.loads(response.bytes)
def __init__(self, connection, configuration): """Initialization. :param connection: dict, connection dict :param configuration: dict,config dict""" headers = dict() url_modifier_function = None default_api_version = 'v1.0' auth = configuration.get('auth') self.endpoint = '{api_version}/security/alerts'.format( api_version=default_api_version) self.host = connection.get('host') self.search_timeout = connection['options'].get('timeout') if auth: if 'access_token' in auth: headers['Authorization'] = "Bearer " + auth['access_token'] self.client = RestApiClient( connection.get('host'), connection.get('port', None), headers, url_modifier_function=url_modifier_function, cert_verify=connection.get('selfSignedCert', True), sni=connection.get('sni', None))
def __init__(self, connection, configuration): headers = dict() url_modifier_function = None auth = configuration.get('auth') self.indices = configuration.get('elastic_ecs', {}).get('indices', None) if isinstance(self.indices, list): # Get list of all indices self.indices = ",".join(self.indices) if self.indices: self.endpoint = self.indices + '/' + '_search' else: self.endpoint = '_search' if auth: if 'username' in auth and 'password' in auth: headers['Authorization'] = b"Basic " + base64.b64encode( (auth['username'] + ':' + auth['password']).encode('ascii')) elif 'api_key' in auth and 'id' in auth: headers['Authorization'] = b"ApiKey " + base64.b64encode( (auth['id'] + ':' + auth['api_key']).encode('ascii')) elif 'access_token' in auth: headers['Authorization'] = "Bearer " + auth['access_token'] self.client = RestApiClient( connection.get('host'), connection.get('port'), connection.get('cert', None), headers, url_modifier_function=url_modifier_function, cert_verify=connection.get('selfSignedCert', True), mutual_auth=connection.get('use_securegateway', False), sni=connection.get('sni', None))
class APIClient(): PING_TIMEOUT_IN_SECONDS = 10 def __init__(self, connection, configuration): self.endpoint_start = 'alertflex-ctrl/rest/stix-alerts' headers = dict() auth = configuration.get('auth') headers['Authorization'] = b"Basic " + base64.b64encode( (auth['username'] + ':' + auth['password']).encode('ascii')) url_modifier_function = None self.client = RestApiClient(connection.get('host'), connection.get('port'), headers, url_modifier_function, cert_verify=connection.get( 'selfSignedCert', False)) def ping_data_source(self): endpoint = self.endpoint_start + '/status' return self.client.call_api(endpoint, 'GET', timeout=self.PING_TIMEOUT_IN_SECONDS) def get_search_results(self, query_expression, offset=None, length=None): endpoint = self.endpoint_start + '/search' data = {'query': query_expression} result = self.client.call_api(endpoint, 'GET', urldata=data) return result def delete_search(self, search_id): # Optional since this may not be supported by the data source API # Delete the search return {"code": 200, "success": True}
def __init__(self, connection, configuration): self.auth = configuration.get('auth') self.logger = logger.set_logger(__name__) nonce = "".join([ secrets.choice(string.ascii_letters + string.digits) for _ in range(64) ]) timestamp = int(datetime.now(timezone.utc).timestamp()) * 1000 self.auth = configuration.get('auth') auth_key = f"{self.auth['api_key']}{nonce}{timestamp}" auth_key = auth_key.encode("utf-8") api_key_hash = hashlib.sha256(auth_key).hexdigest() headers = { "x-xdr-timestamp": str(timestamp), "x-xdr-nonce": nonce, "x-xdr-auth-id": str(self.auth['api_key_id']), "Authorization": api_key_hash } self.client = RestApiClient( connection.get('host'), connection.get('port', None), headers, url_modifier_function=None, ) self.result_limit = connection['options'].get('result_limit') self.timeout = connection['options']['timeout'] self.quota_threshold = connection['quota_threshold'] self.connector = __name__.split('.')[1]
class APIClient: """API Client to handle all calls.""" PING_TIMEOUT_IN_SECONDS = 10 def __init__(self, connection, configuration): """Initialization. :param connection: dict, connection dict :param configuration: dict,config dict""" headers = dict() url_modifier_function = None auth = configuration.get('auth') self.endpoint = 'api/advancedqueries/run' self.host = connection.get('host') if auth: if 'access_token' in auth: headers['Authorization'] = "Bearer " + auth['access_token'] self.client = RestApiClient( connection.get('host'), connection.get('port', None), connection.get('cert', None), headers, url_modifier_function=url_modifier_function, cert_verify=connection.get('selfSignedCert', True), mutual_auth=connection.get('use_securegateway', False), sni=connection.get('sni', None)) def ping_box(self): """Ping the endpoint.""" endpoint = '/api' return self.client.call_api(endpoint, 'GET', timeout=self.PING_TIMEOUT_IN_SECONDS) def run_search(self, query_expression, offset=DEFAULT_OFFSET, length=DEFAULT_LIMIT): """get the response from MSatp endpoints :param query_expression: str, search_id :param offset: int,offset value :param length: int,length value :return: response, json object""" serialize = '| serialize rn = row_number() | where rn >= {offset} | limit {length}' headers = dict() headers['Content-Type'] = 'application/json' headers['Accept'] = 'application/json' endpoint = self.endpoint query_expression = query_expression + serialize.format(offset=offset, length=length) query_expression = json.dumps({ 'Query': query_expression }).encode("utf-8") return self.client.call_api(endpoint, 'POST', headers=headers, data=query_expression)
def __init__(self, connection, configuration): self.auth = configuration.get('auth') headers = {'Accept': 'application/json'} self.client = RestApiClient(connection.get('host'), connection.get('port'), headers, cert_verify=connection.get( 'selfSignedCert', True))
class APIClient: """API Client to handle all calls.""" def __init__(self, connection, configuration): """Initialization. :param connection: dict, connection dict :param configuration: dict,config dict""" headers = dict() url_modifier_function = None default_api_version = 'v1.0' auth = configuration.get('auth') self.endpoint = '{api_version}/security/alerts'.format(api_version=default_api_version) self.host = connection.get('host') self.timeout = connection['options'].get('timeout') if auth: if 'access_token' in auth: headers['Authorization'] = "Bearer " + auth['access_token'] self.client = RestApiClient(connection.get('host'), connection.get('port', None), headers, url_modifier_function=url_modifier_function, cert_verify=connection.get('selfSignedCert', True), sni=connection.get('sni', None) ) def ping_box(self): """Ping the endpoint.""" params = dict() params['$top'] = 1 return self.client.call_api(self.endpoint, 'GET', urldata=params, timeout=self.timeout) def run_search(self, query_expression, length): """get the response from azure_sentinel endpoints :param query_expression: str, search_id :param length: int,length value :return: response, json object""" headers = dict() headers['Accept'] = 'application/json' params = dict() params['$filter'] = query_expression params['$top'] = length return self.client.call_api(self.endpoint, 'GET', headers, urldata=params, timeout=self.timeout) def next_page_run_search(self, next_page_url): """get the response from azure_sentinel endpoints :param next_page_url: str, search_id :return: response, json object""" headers = dict() headers['Accept'] = 'application/json' url = next_page_url.split('?', maxsplit=1)[1] endpoint = self.endpoint + '?' + url return self.client.call_api(endpoint, 'GET', headers, timeout=self.timeout)
def __init__(self, connection, configuration): self.logger = logger.set_logger(__name__) headers = {'Content-Type': 'application/json'} url_modifier_function = None self.auth = configuration.get('auth') self.client = RestApiClient( connection.get('host'), connection.get('port', None), headers, url_modifier_function=url_modifier_function) self.timeout = connection['options'].get('timeout')
def __init__(self, connection, configuration): self.logger = logger.set_logger(__name__) headers = {} url_modifier_function = None self.auth = configuration.get('auth') self.client = RestApiClient( connection.get('host'), port=None, headers=headers, cert_verify=False, url_modifier_function=url_modifier_function)
def __init__(self, connection, configuration): self.endpoint_start = 'api/v1/' auth = configuration.get('auth') headers = dict() headers['X-Auth-Token'] = auth.get('token') self.client = RestApiClient(connection.get('host'), connection.get('port'), headers, cert_verify=connection.get( 'selfSignedCert', True), sni=connection.get('sni', None)) self.timeout = connection['options'].get('timeout')
def __init__(self, connection, configuration): self.connection = connection self.configuration = configuration self.timeout = connection['options'].get('timeout') self.bundle_url = self.connection.get('url') auth = None conf_auth = configuration.get('auth', {}) if 'username' in conf_auth and 'password' in conf_auth: auth = (conf_auth['username'], conf_auth['password']) self.client = RestApiClient(None, auth=auth, url_modifier_function=lambda host_port, endpoint, headers: f'{endpoint}')
def __init__(self, connection, configuration): headers = dict() self.auth = configuration.get('auth') self.api_key = "ApiToken " + self.auth.get('apitoken') headers['Authorization'] = self.api_key headers['Content-type'] = 'application/json' self.timeout = connection['options']['timeout'] self.client = RestApiClient(connection.get('host'), connection.get('port', None), headers, url_modifier_function=None)
def __init__(self, connection, configuration): self.request_http_path = "https://{}:{}".format( connection['options']['proxy_host'], connection['options']['proxy_port']) self.timeout = connection['options']['timeout'] self.connection, self.configuration = self._unwrap_connection_options( copy.deepcopy(connection), copy.deepcopy(configuration)) self.client = RestApiClient( connection['options']['proxy_host'], connection['options']['proxy_port'], url_modifier_function=lambda host_port, endpoint, headers: f'https://{host_port}{endpoint}', cert_verify=connection['options'].get('proxy_cert'))
def __init__(self, connection, configuration): self.endpoint_start = 'api/v1/' auth = configuration.get('auth') headers = dict() headers['X-Auth-Token'] = auth.get('token') self.client = RestApiClient( connection.get('host'), connection.get('port'), connection.get('cert', None), headers, cert_verify=connection.get('selfSignedCert', True), mutual_auth=connection.get('use_securegateway', False), sni=connection.get('sni', None))
def __init__(self, connection, configuration): self.endpoint_start = 'alertflex-ctrl/rest/stix-alerts' headers = dict() auth = configuration.get('auth') headers['Authorization'] = b"Basic " + base64.b64encode( (auth['username'] + ':' + auth['password']).encode('ascii')) url_modifier_function = None self.client = RestApiClient(connection.get('host'), connection.get('port'), headers, url_modifier_function, cert_verify=connection.get( 'selfSignedCert', False))
def __init__(self, connection, configuration): self.endpoint_start_v1 = 'api/v1/' # Uses API v1 for `ping` and `processes search` endpoints. self.endpoint_start_v4 = 'api/v4/' # Uses API v4 for `events search` endpoint. auth = configuration.get('auth') headers = dict() headers['X-Auth-Token'] = auth.get('token') self.client = RestApiClient(connection.get('host'), connection.get('port'), headers, cert_verify=connection.get( 'selfSignedCert', True), sni=connection.get('sni', None)) self.timeout = connection['options'].get('timeout')
class APIClient(): PING_ENDPOINT = 'sensor' PROCESS_ENDPOINT = 'process' def __init__(self, connection, configuration): self.endpoint_start_v1 = 'api/v1/' # Uses API v1 for `ping` and `processes search` endpoints. self.endpoint_start_v4 = 'api/v4/' # Uses API v4 for `events search` endpoint. auth = configuration.get('auth') headers = dict() headers['X-Auth-Token'] = auth.get('token') self.client = RestApiClient(connection.get('host'), connection.get('port'), headers, cert_verify=connection.get( 'selfSignedCert', True), sni=connection.get('sni', None)) self.timeout = connection['options'].get('timeout') def ping_box(self): endpoint = self.endpoint_start_v1 + self.PING_ENDPOINT return self.client.call_api(endpoint, 'GET', timeout=self.timeout) def run_processes_search(self, query_expression, start=0, rows=10): """ https://developer.carbonblack.com/reference/enterprise-response/6.3/rest-api/#process-search Processes search using `/api/v1/process` """ headers = dict() process_endpoint = self.endpoint_start_v1 + self.PROCESS_ENDPOINT data = [("q", query_expression), ("start", start), ("rows", rows), ("sort", 'start asc')] return self.client.call_api(process_endpoint, 'GET', headers, urldata=data, timeout=self.timeout) def run_events_search(self, process_id, segment_id): """ https://developer.carbonblack.com/reference/enterprise-response/6.3/rest-api/#process-event-details Event details search for process X at segment Y using `/api/v4/process/(process_id)/(segment_id)/event` """ headers = dict() event_endpoint = self.endpoint_start_v4 + self.PROCESS_ENDPOINT + '/{}/{}/event'.format( process_id, segment_id) data = [] return self.client.call_api(event_endpoint, 'GET', headers, urldata=data, timeout=self.timeout)
def __init__(self, connection, configuration): # Uncomment when implementing data source API client. auth = configuration.get('auth') headers = dict() if auth: if 'principal' in auth and 'secret' in auth: headers['Authorization'] = b"Basic " + base64.b64encode( (auth['principal'] + ':' + auth['secret']).encode('ascii')) self.client = RestApiClient(connection.get('host'), port=None, headers=headers, url_modifier_function=None, cert_verify=True, sni=None, auth=None)
def __init__(self, connection, configuration): auth = configuration.get('auth') headers = dict() headers['X-Auth-Token'] = auth.get('token') headers['Accept'] = 'application/json' headers['Content-Type'] = 'application/json' self.org_key = auth.get('org_key') self.client = RestApiClient(connection.get('host'), connection.get('port'), headers, cert_verify=connection.get( 'selfSignedCert', True), sni=connection.get('sni', None)) self.timeout = connection['options'].get('timeout') self.result_limit = connection['options'].get('result_limit')
def __init__(self, params, host, port, headers, url_modifier_function, cert_verify, sni, auth): self.client = RestApiClient(host, port, headers, url_modifier_function, cert_verify, sni, auth) self.logger = logger.set_logger(__name__) self.url = params["url"] self.secret = params["client_secret"] self.user = params["config_uname"] self.password = params["config_pass"] self.client_id = params["client_id"] self.token_target = 'oauth/token' self.report_target = 'restAPI/online_report' self.qs_target = 'restAPI/quick_search' self.fields_target = 'restAPI/fieldsTitles' self.fields = {} self.get_token()
def get_events(self): payload = "{\"name\": \"Secret Server Events Logs\", \"parameters\": [{\"name\": \"startDate\", \"value\": '%s'} , {\"name\":\"endDate\",\"value\": '%s'}]}" % ( self.startDate, self.endDate) headers = { 'Authorization': self.accessToken, 'Content-Type': 'application/json' } endpoint = "SecretServer/api/v1/reports/execute" response = RestApiClient.call_api(self, endpoint, 'POST', headers=headers, data=payload, urldata=None, timeout=None) return_obj = {} if response.code != 200: response_txt = response.response.text ErrorResponder.fill_error(return_obj, message=response_txt) raise Exception(return_obj) collection = [] json_data = response.response.text eventData = json.loads(json_data) col = eventData['columns'] for obj in eventData['rows']: obj = dict(zip(col, obj)) collection.append(obj) return collection
def get_Secret(self): eventDetail = self.get_events() secretIdList = [] secretCollection = [] for obj in eventDetail: item = (obj['ItemId']) secretIdList.append(item) unique = set(secretIdList) for id in unique: secret_server_user_url = self.secret_detail + "/%s" % id headers = { 'Authorization': self.accessToken, 'Content-Type': 'application/json' } payload = {} response = RestApiClient.call_api(self, secret_server_user_url, 'GET', headers=headers, data=payload, urldata=None, timeout=None) secretCollection.append(response.response.text) json_data = json.dumps(secretCollection) collection = json.loads(json_data) return collection
def get_api_client(self): api_client = RestApiClient(self.connection.get('host'), self.connection.get('port'), self.headers, cert_verify=self.connection.get( 'selfSignedCert', True), sni=self.connection.get('sni', None)) return api_client
def __init__(self, connection, configuration): # Uncomment when implementing data source API client. auth_values = configuration.get('auth') auth = (auth_values['username'], auth_values['password']) headers = dict() headers['Accept'] = 'application/json' connection['host'] = 'data.reversinglabs.com' url_modifier_function = None self.client = RestApiClient( host=connection.get('host'), port=None, headers=headers, url_modifier_function=url_modifier_function, auth=auth) self.connection = connection self.namespace = connection.get('namespace')
def __init__(self, connection, configuration): # This version of the ariel APIClient is designed to function with # version 6.0 of the ariel API. self.endpoint_start = 'api/ariel/' self.urldata = {} headers = dict() host_port = connection.get('host') + ':' + \ str(connection.get('port', '')) headers['version'] = '8.0' headers['accept'] = 'application/json' auth = configuration.get('auth') if auth != None and auth.get('SEC', None) != None: headers['sec'] = auth.get('SEC') url_modifier_function = None proxy = connection.get('proxy') if proxy is not None: proxy_url = proxy.get('url') proxy_auth = proxy.get('auth') if (proxy_url is not None and proxy_auth is not None): headers['proxy'] = proxy_url headers['proxy-authorization'] = 'Basic ' + proxy_auth if proxy.get('x_forward_proxy', None) is not None: headers['x-forward-url'] = 'https://' + \ host_port + '/' # + endpoint, is set by 'add_endpoint_to_url_header' host_port = proxy.get('x_forward_proxy') if proxy.get('x_forward_proxy_auth', None) is not None: headers['x-forward-auth'] = proxy.get( 'x_forward_proxy_auth') headers['user-agent'] = 'UDS' url_modifier_function = self.add_endpoint_to_url_header self.data_lake = connection.get('data_lake') if self.data_lake: print('QRadar Cloud Data Lake enabled') self.client = RestApiClient( host_port, None, connection.get('cert', None), headers, url_modifier_function, cert_verify=connection.get('selfSignedCert', True), mutual_auth=connection.get('use_securegateway', False), sni=connection.get('sni', None))
class APIClient(): def __init__(self, connection, configuration): # Uncomment when implementing data source API client. auth = configuration.get('auth') headers = dict() if auth: if 'principal' in auth and 'secret' in auth: headers['Authorization'] = b"Basic " + base64.b64encode( (auth['principal'] + ':' + auth['secret']).encode('ascii')) self.client = RestApiClient(connection.get('host'), port=None, headers=headers, url_modifier_function=None, cert_verify=True, sni=None, auth=None) def ping_data_source(self): # Pings the data source endpoint = ENDPOINT_ALL + "?format=json&sinceSeconds=3600" pingresult = self.client.call_api(endpoint=endpoint, method='GET') return pingresult def create_search(self, query_expression): # Queries the data source return {"code": 200, "query_id": query_expression} def get_search_status(self, search_id): # Check the current status of the search return {"code": 200, "status": "COMPLETED"} def get_search_results(self, search_id): # Return the search results. Results must be in JSON format before being translated into STIX #resultdata = self.client.call_api(endpoint=ENDPOINT_ALL+search_id, method='GET')#working endpoint = ENDPOINT_ALL + "?format=json" resultdata = self.client.call_api(endpoint=endpoint, method='GET', urldata=search_id) # Check the current status of the search return resultdata def delete_search(self, search_id): # Optional since this may not be supported by the data source API # Delete the search return {"code": 200, "success": True}