def main():
parser = argparse.ArgumentParser()
subparsers = parser.add_subparsers(dest='action')
proxy_list = subparsers.add_parser('list', help='list configured proxies')
proxy_list = commonArgs(proxy_list)
proxy_add= subparsers.add_parser('add', help='create proxies')
proxy_add = commonArgs(proxy_add)
proxy_add.add_argument('host', help='host to add to proxy list')
# parser_file = subparsers.add_parser('file',
# help='Load data from file')
# parser_file.add_argument('filename',
# help='file to import data')
args = vars(parser.parse_args())
if args['user']:
print("This script only supports v2 of the API. Please use --token")
exit()
else:
vc = vectra.VectraClient(url=args['url'], token=args['token'])
if args['action'] == 'list':
proxies = vc.get_proxies().json()['proxies']
pprint.pprint(proxies)
elif args['action'] == 'add':
resp = vc.add_proxy(host=args['host'])
pprint.pprint(resp.json()['proxy'])
def main():
parser = argparse.ArgumentParser()
parser = commonArgs(parser)
parser.add_argument('-c',
'--category',
choices=[
"botnet", "command", "reconnaissance", "lateral",
"exfiltration"
],
help='detection category')
parser.add_argument('-t',
'--type',
dest='detection_type',
help='detection type')
parser.add_argument('--src',
dest='src_ip',
help='ip address of source host')
parser.add_argument('--threat',
dest='threat_gte',
type=int,
help='minimum threat score')
parser.add_argument('--certainty',
type=int,
dest='certainty_gte',
help='minimum certainty score')
parser.add_argument('--host',
dest='host_id',
help='host id attributed to detection')
args = vars(parser.parse_args())
if args['user']:
args['password'] = getPassword()
vc = vectra.VectraClient(url=args['url'],
user=args['user'],
password=args['password'])
else:
vc = vectra.VectraClient(url=args['url'], token=args['token'])
resp = vc.get_detections(category=args.get('category', None),
certainty_gte=args.get('certainty_gte', None),
detection_type=args.get('detection_type', None),
fields=args.get('fields', None),
host_id=args.get('host_id', None),
order=args.get('order', None),
page=args.get('page', None),
page_size=args.get('page_size', None),
src_ip=args.get('src_ip', None),
state=args.get('state', None),
threat_gte=args.get('threat_gte', None))
print resp.json()
def main():
parser = argparse.ArgumentParser()
subparsers = parser.add_subparsers(dest='action')
# Host score subparser
parser_score = subparsers.add_parser(
'score', help='retrieve hosts base on threat/certainty score')
parser_score = commonArgs(parser_score)
parser_score.add_argument(
'-t',
'--threat',
dest='threat_gte',
type=int,
help='minimum threat score (default: %(default)s)',
default=75)
parser_score.add_argument(
'-c',
'--certainty',
type=int,
dest='certainty_gte',
help='minimum certainty score (default: %(default)s)',
default=75)
# Host tags subparser
parser_tags = subparsers.add_parser(
'tags', help='retrieve hosts base on threat/certainty score')
parser_tags = commonArgs(parser_tags)
parser_tags.add_argument('-g',
'--tags',
required=True,
help='tags assigned to hosts')
# Advanced query
parser_adv = subparsers.add_parser(
'advance', help='retrieve hosts base on threat/certainty score')
parser_adv = commonArgs(parser_adv)
parser_adv.add_argument(
'-c',
'--certainty',
type=int,
dest='certainty_gte',
help='minimum certainty score (default: %(default)s)')
parser_adv.add_argument('-g', '--tags', help='tags assigned to hosts')
parser_adv.add_argument('-i',
'--ip',
dest='last_source',
help='ip address of host')
parser_adv.add_argument('-k',
'--key_asset',
action='store_true',
help='host marked as a key asset')
parser_adv.add_argument('-m',
'--mac',
dest='mac_address',
help='mac address of host')
parser_adv.add_argument('-t',
'--threat',
dest='threat_gte',
type=int,
help='minimum threat score (default: %(default)s)')
args = vars(parser.parse_args())
if args['user']:
args['password'] = getPassword()
vc = vectra.VectraClient(url=args['url'],
user=args['user'],
password=args['password'])
else:
vc = vectra.VectraClient(url=args['url'], token=args['token'])
resp = vc.get_hosts(certainty_gte=args.get('certainty_gte', None),
threat_gte=args.get('threat_gte', None),
tags=args.get('tags', None),
last_source=args.get('last_source', None),
is_key_asset=args.get('key_asset', None),
mac_address=args.get('mac_address', None))
print resp.json()
import json
import requests
import vat.vectra as vectra
from operator import itemgetter
from vat.cli import commonArgs, getPassword
requests.packages.urllib3.disable_warnings()
parser = argparse.ArgumentParser()
subparsers = parser.add_subparsers(dest='action')
parser_host = subparsers.add_parser('host',
help='retrieve data from Vectra brain')
parser_host = commonArgs(parser_host)
parser_host.add_argument(
'--summary',
help=
'summarize based on total count or per detection (default: %(default)s)',
choices=['total', 'detection'],
default='total')
parser_file = subparsers.add_parser('file', help='Load data from file')
parser_file.add_argument(
'--summary',
help=
'summarize based on total count or per detection (default: %(default)s)',
choices=['total', 'detection'],
default='total')
parser_file.add_argument('filename', help='file to import data')
