def main(): parser = argparse.ArgumentParser() subparsers = parser.add_subparsers(dest='action') proxy_list = subparsers.add_parser('list', help='list configured proxies') proxy_list = commonArgs(proxy_list) proxy_add= subparsers.add_parser('add', help='create proxies') proxy_add = commonArgs(proxy_add) proxy_add.add_argument('host', help='host to add to proxy list') # parser_file = subparsers.add_parser('file', # help='Load data from file') # parser_file.add_argument('filename', # help='file to import data') args = vars(parser.parse_args()) if args['user']: print("This script only supports v2 of the API. Please use --token") exit() else: vc = vectra.VectraClient(url=args['url'], token=args['token']) if args['action'] == 'list': proxies = vc.get_proxies().json()['proxies'] pprint.pprint(proxies) elif args['action'] == 'add': resp = vc.add_proxy(host=args['host']) pprint.pprint(resp.json()['proxy'])
def main(): parser = argparse.ArgumentParser() parser = commonArgs(parser) parser.add_argument('-c', '--category', choices=[ "botnet", "command", "reconnaissance", "lateral", "exfiltration" ], help='detection category') parser.add_argument('-t', '--type', dest='detection_type', help='detection type') parser.add_argument('--src', dest='src_ip', help='ip address of source host') parser.add_argument('--threat', dest='threat_gte', type=int, help='minimum threat score') parser.add_argument('--certainty', type=int, dest='certainty_gte', help='minimum certainty score') parser.add_argument('--host', dest='host_id', help='host id attributed to detection') args = vars(parser.parse_args()) if args['user']: args['password'] = getPassword() vc = vectra.VectraClient(url=args['url'], user=args['user'], password=args['password']) else: vc = vectra.VectraClient(url=args['url'], token=args['token']) resp = vc.get_detections(category=args.get('category', None), certainty_gte=args.get('certainty_gte', None), detection_type=args.get('detection_type', None), fields=args.get('fields', None), host_id=args.get('host_id', None), order=args.get('order', None), page=args.get('page', None), page_size=args.get('page_size', None), src_ip=args.get('src_ip', None), state=args.get('state', None), threat_gte=args.get('threat_gte', None)) print resp.json()
def main(): parser = argparse.ArgumentParser() subparsers = parser.add_subparsers(dest='action') # Host score subparser parser_score = subparsers.add_parser( 'score', help='retrieve hosts base on threat/certainty score') parser_score = commonArgs(parser_score) parser_score.add_argument( '-t', '--threat', dest='threat_gte', type=int, help='minimum threat score (default: %(default)s)', default=75) parser_score.add_argument( '-c', '--certainty', type=int, dest='certainty_gte', help='minimum certainty score (default: %(default)s)', default=75) # Host tags subparser parser_tags = subparsers.add_parser( 'tags', help='retrieve hosts base on threat/certainty score') parser_tags = commonArgs(parser_tags) parser_tags.add_argument('-g', '--tags', required=True, help='tags assigned to hosts') # Advanced query parser_adv = subparsers.add_parser( 'advance', help='retrieve hosts base on threat/certainty score') parser_adv = commonArgs(parser_adv) parser_adv.add_argument( '-c', '--certainty', type=int, dest='certainty_gte', help='minimum certainty score (default: %(default)s)') parser_adv.add_argument('-g', '--tags', help='tags assigned to hosts') parser_adv.add_argument('-i', '--ip', dest='last_source', help='ip address of host') parser_adv.add_argument('-k', '--key_asset', action='store_true', help='host marked as a key asset') parser_adv.add_argument('-m', '--mac', dest='mac_address', help='mac address of host') parser_adv.add_argument('-t', '--threat', dest='threat_gte', type=int, help='minimum threat score (default: %(default)s)') args = vars(parser.parse_args()) if args['user']: args['password'] = getPassword() vc = vectra.VectraClient(url=args['url'], user=args['user'], password=args['password']) else: vc = vectra.VectraClient(url=args['url'], token=args['token']) resp = vc.get_hosts(certainty_gte=args.get('certainty_gte', None), threat_gte=args.get('threat_gte', None), tags=args.get('tags', None), last_source=args.get('last_source', None), is_key_asset=args.get('key_asset', None), mac_address=args.get('mac_address', None)) print resp.json()
import json import requests import vat.vectra as vectra from operator import itemgetter from vat.cli import commonArgs, getPassword requests.packages.urllib3.disable_warnings() parser = argparse.ArgumentParser() subparsers = parser.add_subparsers(dest='action') parser_host = subparsers.add_parser('host', help='retrieve data from Vectra brain') parser_host = commonArgs(parser_host) parser_host.add_argument( '--summary', help= 'summarize based on total count or per detection (default: %(default)s)', choices=['total', 'detection'], default='total') parser_file = subparsers.add_parser('file', help='Load data from file') parser_file.add_argument( '--summary', help= 'summarize based on total count or per detection (default: %(default)s)', choices=['total', 'detection'], default='total') parser_file.add_argument('filename', help='file to import data')