def initiate_scan(self, server_id, scan_type):
"""Initiate a scan on a specific server.
Args:
server_id (str): ID of server to be scanned
scan_type (str): Type of scan to be run.
Valid scan types:
sca - Configuration scan
csm - Configuration scan (same as sca)
svm - Software vulnerability scan
sva - Software vulnerability scan (same as svm)
sam - Server access management scan
fim - File integrity monitoring scan
sv - Agent self-verifiation scan
Returns:
dict: Dictionary describing command created as a result of this \
call
Failure throws an exception.
"""
sanity.validate_object_id(server_id)
if self.scan_type_supported(scan_type) is False:
exception_message = "Unsupported scan type: %s" % scan_type
raise CloudPassageValidation(exception_message)
else:
scan_type_normalized = self.supported_scans[scan_type]
request_body = {"scan": {"module": scan_type_normalized}}
endpoint = "/v1/servers/%s/scans" % server_id
request = HttpHelper(self.session)
response = request.post(endpoint, request_body)
command_info = response["command"]
return command_info
def list_all(self, **kwargs):
"""Returns a list of all servers.
This query is limited to 50 pages of 100 items,
totaling 500 servers.
Default filter returns only servers in the 'active' state.
Keyword Args:
state (list or str): A list or comma-separated string containing \
any of these: active, missing, deactivated
platform (list or str): A list or comma-separated string \
containing any of these: \
windows, debian, ubuntu, centos, oracle, rhel, etc...
cve (str): CVE ID. Example: CVE-2015-1234
kb (str): Search for presence of KB. Example: kb="KB2485376"
missing_kb (str): Search for absence of KB. \
Example: mising_kb="KB2485376"
Returns:
list: List of dictionary objects describing servers
"""
endpoint = "/v1/servers?per_page=100"
key = "servers"
max_pages = 300
request = HttpHelper(self.session)
params = utility.sanitize_url_params(kwargs)
response = request.get_paginated(endpoint,
key,
max_pages,
params=params)
return response
def last_scan_results(self, server_id, scan_type):
"""Get the results of scan_type performed on server_id.
Args:
server_id (str): ID of server
scan_type (str): Type of scan to filter results for
Valid scan types:
sca - Configuration scan
csm - Configuration scan (same as sca)
svm - Software vulnerability scan
sva - Software vulnerability scan (same as svm)
fim - File integrity monitoring scan
Returns:
dict: Dictionary object describing last scan results
"""
if self.scan_history_supported(scan_type) is False:
exception_message = "Unsupported scan type: %s" % scan_type
raise CloudPassageValidation(exception_message)
else:
scan_type_normalized = self.supported_scans[scan_type]
endpoint = "/v1/servers/%s/%s" % (server_id, scan_type_normalized)
request = HttpHelper(self.session)
response = request.get(endpoint)
return response
def create(self, fim_policy_id, server_id, **kwargs):
"""Creates a FIM baseline
Args:
fim_policy_id (str): ID of FIM policy to baseline
server_id (str): ID of server to use for generating baseline
Keyword Args:
expires (int): Number of days from today for expiration of baseline
comment (str): Guess.
Returns:
str: ID of new baseline
"""
sanity.validate_object_id([fim_policy_id, server_id])
request = HttpHelper(self.session)
endpoint = "/v1/fim_policies/%s/baselines" % fim_policy_id
request_body = {
"baseline": {
"server_id": server_id,
"expires": None,
"comment": None
}
}
if "expires" in kwargs:
request_body["baseline"]["expires"] = kwargs["expires"]
if "comment" in kwargs:
request_body["baseline"]["comment"] = kwargs["comment"]
response = request.post(endpoint, request_body)
policy_id = response["baseline"]["id"]
return policy_id
def create(self, group_name, **kwargs):
"""Creates a ServerGroup.
Args:
group_name (str): Name for the new group
Keyword Args:
firewall_policy_id (str): ID of firewall policy to be assigned to \
the group (deprecated- use linux_firewall_policy_id)
linux_firewall_policy_id (str): ID of linux firewall policy to \
associate with the new group
windows_firewall_policy_id (str): ID of Windows firewall policy \
to associate with the new group
policy_ids (list): List of Linux configuration policy IDs
windows_policy_ids (list): List of Windows configuration policy IDs
fim_policy_ids (list): List of Linux FIM policies
linux_fim_policy_ids (list): List of Linux FIM policies
windows_fim_policy_ids (list): List of Windows FIM policies
lids_policy_ids (list): List of LIDS policy IDs
tag (str): Server group tag-used for auto-assignment of group.
server_events_policy (str): Special events policy IDs
alert_profiles (list): List of alert profile IDs
Returns:
str: ID of newly-created group.
"""
endpoint = "/v1/groups"
group_data = {"name": group_name, "policy_ids": [], "tag": None}
body = {"group": utility.merge_dicts(group_data, kwargs)}
request = HttpHelper(self.session)
response = request.post(endpoint, body)
return response["group"]["id"]
def delete(self, policy_id):
"""Delete a policy by ID. Success returns None"""
sanity.validate_object_id(policy_id)
request = HttpHelper(self.session)
delete_endpoint = "%s/%s" % (self.endpoint(), policy_id)
request.delete(delete_endpoint)
return None
def create(self, policy_body):
"""Creates a policy from JSON document.
Returns the ID of the new policy
"""
request = HttpHelper(self.session)
request_body = utility.policy_to_dict(policy_body)
return request.post(self.endpoint(), request_body)["id"]
def update(self, policy_body):
"""Update a policy. Success returns None"""
request = HttpHelper(self.session)
request_body = utility.policy_to_dict(policy_body)
policy_id = request_body[self.policy_key()]["id"]
sanity.validate_object_id(policy_id)
update_endpoint = "%s/%s" % (self.endpoint(), policy_id)
request.put(update_endpoint, request_body)
return None
def list_all(self):
"""Returns a list of all system announcements
"""
session = self.session
endpoint = self.build_endpoint()
request = HttpHelper(session)
response = request.get(endpoint)
announcement_list = response["announcements"]
return announcement_list
def list_all(self, **kwargs):
"""This method retrieves all local user accounts
Keyword Args:
os_type (list or str): A list of local user accounts \
with the according os type.
username (list or str): A list of local user accounts \
with the according username.
admin (boolean): A list of local user accounts \
with the according admin.
active (boolean): A list of local user accounts \
with the according active settings.
last_login_at (str): A list of local user accounts \
last login at date in iso8601 format such as: 2017-01-01.
never_logged_in (boolean): A list of local user accounts \
with never logged in.
password_required (boolean): A list of local user accounts \
with the according password_required settings
password_expired (boolean): A list of local user accounts \
with the according password_expired settings
comment: A list of local user accounrs with the according comment
group_id (list or str): A list of local user accounts \
with the according group id
server_id (list or str): A list of local user accounts \
with the according server id
server_name (list or str): A list of local user accounts \
with the according server name
server_label (list or str): A list of local user accounts \
with the according server label
group_name (list or str): A list of local user accounts \
with the according group name
locked (boolean): A list of local user accounts \
with the according locked settings
gid (list or str): A list of local user accounts \
with the according gid
sid (list or str): A list of local user accounts \
with the according sid
Returns:
list: List of dictionary objects describing local user accounts
"""
endpoint = "/v1/local_accounts"
key = "accounts"
max_pages = 50
request = HttpHelper(self.session)
params = utility.sanitize_url_params(kwargs)
response = request.get_paginated(endpoint,
key,
max_pages,
params=params)
return response
def list_all(self):
"""Lists all policies of this type.
Returns:
list: List of policies (represented as dictionary-type objects)
Note:
This query is limited to 30 pages.
"""
request = HttpHelper(self.session)
return request.get_paginated(self.endpoint(), self.pagination_key(),
self.max_pages)
def describe(self, issue_id):
"""Get issue details by issue ID
Args:
issue_id (str): Issue ID
Returns:
dict: Dictionary object describing issue
"""
endpoint = "/v1/issues/%s" % issue_id
request = HttpHelper(self.session)
response = request.get(endpoint)
return response
def describe(self, policy_id):
"""Get the detailed configuration of a policy
Args:
policy_id (str): ID of the policy to retrieve \
detailed configuration information for
Returns:
dict: dictionary object representing the entire, detailed, policy
"""
request = HttpHelper(self.session)
describe_endpoint = "%s/%s" % (self.endpoint(), policy_id)
return request.get(describe_endpoint)[self.policy_key()]
def issues(self, server_id):
"""This method retrieves the detail of a server issues.
Args:
server_id (str): ID of server
Returns:
list: issues of the server
"""
sanity.validate_object_id(server_id)
endpoint = "/v1/servers/%s/issues" % server_id
request = HttpHelper(self.session)
response = request.get(endpoint)
return response
def list_local_accounts(self, server_id):
"""This method retrieves all local user accounts on the server\
specified by server ID
Args:
server_id (str): Server ID
Returns:
list: List of dictionary objects describing local user account
"""
endpoint = "/v1/servers/%s/accounts" % (server_id)
request = HttpHelper(self.session)
response = request.get(endpoint)
local_accounts = response["accounts"]
return local_accounts
def describe_local_account(self, server_id, username):
"""Get deatils on local user account
Args:
server_id (str): Server ID
username (str): username of the local user account
Returns:
dict: Dictionary object describing local user account
"""
endpoint = "/v1/servers/%s/accounts/%s" % (server_id, username)
request = HttpHelper(self.session)
response = request.get(endpoint)
account_detail = response["account"]
return account_detail
def describe(self, server_id):
"""Get server details by server ID
Args:
server_id (str): Server ID
Returns:
dict: Dictionary object describing server
"""
endpoint = "/v1/servers/%s" % server_id
request = HttpHelper(self.session)
response = request.get(endpoint)
server_details = response["server"]
return server_details
def findings(self, scan_id, findings_id):
"""Get FIM, CSM, and SVA findings details by scan and findings ID
Args:
scan_id (str): ID of scan_id
findings_id (str): ID of findings to retrieve
Returns:
dict: Dictionary object descrbing findings
"""
endpoint = "/v1/scans/%s/findings/%s" % (scan_id, findings_id)
request = HttpHelper(self.session)
response = request.get(endpoint)
return response
def list_members(self, group_id):
"""Returns a list of all member servers of a group_id
Args:
group_id (str): ID of group_id
Returns:
list: List of dictionary objects describing member servers
"""
endpoint = "/v1/groups/%s/servers" % group_id
request = HttpHelper(self.session)
response = request.get(endpoint)
servers = response["servers"]
return servers
def describe(self, group_id):
"""Describe a ServerGroup. In detail.
Args:
group_id (str): ID of group
Returns:
dict: Dictionary object describing group. In detail.
"""
endpoint = "/v1/groups/%s" % group_id
request = HttpHelper(self.session)
response = request.get(endpoint)
group = response["group"]
return group
def scan_details(self, scan_id):
"""Get detailed scan information
Args:
scan_id (str): ID of scan
Returns:
dict: Dictionary object describing scan details
"""
endpoint = "/v1/scans/%s" % scan_id
request = HttpHelper(self.session)
response = request.get(endpoint)
report = response["scan"]
return report
def command_details(self, server_id, command_id):
"""This method retrieves the details and status of a server command.
Args:
server_id (str): ID of server runnung command
command_id (str): ID of command running on server
Returns:
dict: Command status as a dictionary object.
Example:
::
{
"name": "",
"status: "",
"created_at": "",
"updated_at": "",
"result": ""
}
For server account creation and server account password resets, \
the password will be contained in the result field, as a dictionary:
::
{
"name": "",
"status: "",
"created_at": "",
"updated_at": "",
"result": {
"password": ""
}
}
"""
endpoint = "/v1/servers/%s/commands/%s" % (server_id, command_id)
request = HttpHelper(self.session)
response = request.get(endpoint)
command_status = response["command"]
return command_status
def resolve(self, issue_id):
"""Resolves an Issue.
Args: issue_id (str): ID of issue to be altered
Returns:
True if successful, throws exception otherwise.
"""
sanity.validate_object_id(issue_id)
endpoint = "/v1/issues/%s" % issue_id
response = None
body = {"status": "resolved"}
request = HttpHelper(self.session)
response = request.put(endpoint, body)
return response
def list_all(self, fim_policy_id):
"""Returns a list of all baselines for the indicated FIM policy
Args:
fim_policy_id (str): ID of fim policy
Returns:
list: List of all baselines for the given policy
"""
request = HttpHelper(self.session)
endpoint = "/v1/fim_policies/%s/baselines" % fim_policy_id
key = "baselines"
max_pages = 30
response = request.get_paginated(endpoint, key, max_pages)
return response
def describe(self, server_id, gid):
"""Get local user group deatils by server id and gid
Args:
server_id = Server ID
gid = gid
Returns:
list: List of dictionary object describing local user group detail
"""
endpoint = "/v1/local_groups?server_id=%s&gid=%s" % (server_id,
gid)
request = HttpHelper(self.session)
response = request.get(endpoint)
group_detail = response["local_groups"]
return group_detail
def list_connections(self, group_id, **kwargs):
"""This method retrieves all recently detected connections in the server\
group specified by Group ID
Args:
server_id (str): Group ID
Returns:
list: List of all recently detected connections in the srever group
"""
endpoint = "/v1/groups/%s/connections" % (group_id)
params = utility.sanitize_url_params(kwargs)
request = HttpHelper(self.session)
response = request.get(endpoint, params=params)
connections = response["connections"]
return connections
def delete(self, fim_policy_id, fim_baseline_id):
"""Delete a FIM baseline by ID
Args:
fim_policy_id (str): ID of FIM policy
fim_baseline_id (str): ID of baseline to be deleted
Returns:
None if successful, exceptions throw otherwise.
"""
sanity.validate_object_id([fim_policy_id, fim_baseline_id])
request = HttpHelper(self.session)
endpoint = "/v1/fim_policies/%s/baselines/%s" % (fim_policy_id,
fim_baseline_id)
request.delete(endpoint)
return None
def get_firewall_logs(self, server_id, pages):
"""This method retrieves the detail of a server firewall log.
Args:
server_id (str): ID of server
Returns:
list: firewall log of the server
"""
sanity.validate_object_id(server_id)
endpoint = "/v1/servers/%s/firewall_logs" % server_id
key = "agent_firewall_logs"
max_pages = pages
request = HttpHelper(self.session)
response = request.get_paginated(endpoint, key, max_pages)
return response
def list_all(self):
"""Returns a list of all groups for an account
This is represented as a list of dictionaries
This will only return a maximum of 20 pages, which amounts to
200 groups. If you have more than that, you should consider
using the SDK within a multi-threaded application so you don't
spend the rest of your life waiting on a list of groups.
"""
session = self.session
max_pages = 20
key = "groups"
endpoint = "/v1/groups"
request = HttpHelper(session)
groups = request.get_paginated(endpoint, key, max_pages)
return groups
def describe(self, fim_policy_id, baseline_id):
"""Returns the body of the baseline indicated by fim_baseline_id.
Args
fim_policy_id (str): ID of FIM policy
fim_baseline_id (str): ID of baseline
Returns:
dict: Dictionary describing FIM baseline
"""
request = HttpHelper(self.session)
endpoint = "/v1/fim_policies/%s/baselines/%s/details" % (fim_policy_id,
baseline_id)
response = request.get(endpoint)
result = response["baseline"]
return result