def get_events():
dsm = Manager(username="******",
password="******",
host="127.0.0.1",
port="4119")
try:
print("Getting AM events")
am_events = dsm.antimalware_event_retrieve(time_type="LAST_HOUR")
print("Getting Webrep events")
webrep_events = dsm.webrep_event_retrieve(time_type="LAST_7_DAYS")
print("Getting FW events")
fw_events = dsm.fw_event_retrieve(time_type="LAST_7_DAYS")
print("Getting DPI events")
dpi_events = dsm.dpi_event_retrieve(time_type="LAST_7_DAYS")
print("Getting IM events")
im_events = dsm.im_event_retrieve(time_type="LAST_7_DAYS")
print("Getting LI events")
li_events = dsm.li_event_retrieve(time_type="LAST_7_DAYS")
print("Getting System events")
system_events = dsm.system_event_retrieve(time_type="LAST_7_DAYS")
event_list = {
'am_events': am_events,
'webrep_events': webrep_events,
'fw_events': fw_events,
'dpi_events': dpi_events,
'im_events': im_events,
'li_events': li_events,
'system_events': system_events
}
for file_name, events in event_list.items():
process_event_list(file_name, events)
except Exception as e:
logging.error(e, exc_info=True)
finally:
dsm.end_session()
print("Connected to Deep Security SaaS")
print("Session ID: " + dsm.session_id)
print("Retrieving firewall events (may take a while)...")
start = datetime.now()
end = start - timedelta(days=7)
delta = timedelta(hours=1)
print("Using " + str(delta) + " deltas.")
fw_events = []
while (start > end):
chunk = dsm.fw_event_retrieve(range_from=(start - delta),
range_to=start,
time_type='CUSTOM_RANGE')
print("Chunk " + str(start), end='')
if (chunk):
chunk_size = len(chunk)
if (chunk == 50000):
print("WARNING: reached max size. Try a smaller delta.")
print(" written, retrieved " + str(chunk_size) + " events.")
fw_events.extend(chunk)
else:
print(" is empty.")
start = (start - delta)
dsm.end_session()
print("Retrieved " + str(len(fw_events)) + " events (" +
from datetime import datetime, timedelta
from dsp3.models.manager import Manager
dsm = Manager(username="******",
password="******",
host="127.0.0.1",
port="4119")
#Example 1: Get antimalware events for all hosts in the last hour
# time_type options: "LAST_HOUR", "LAST_24_HOURS", "LAST_7_DAYS", "CUSTOM_RANGE"
am_events = dsm.antimalware_event_retrieve(time_type="LAST_HOUR")
#Example 2: Get fw events for all hosts during a specific time
date_to = datetime.now()
date_from = date_to - timedelta(hours=3)
fw_events = dsm.fw_event_retrieve(range_from=date_from,
range_to=date_to,
time_type="CUSTOM_RANGE")
#Example 3: Get web reputation events for a specific host in the last 24 hours
wr_events = dsm.webrep_event_retrieve(time_type="LAST_24_HOURS",
host_id=11,
host_type="SPECIFIC_HOST")
#Example 4: Retrieve DPI Events by Host Group
dpi_events = dsm.dpi_event_retrieve(time_type="LAST_24_HOURS",
host_group_id=7,
host_type="HOSTS_IN_GROUP")
dsm.end_session()