def signatures_combined_get(esp_public, esp_secret): # Get both built in and custom signatures signatures_built_in_list = esp_api_lib.object_list_get('signatures', esp_public, esp_secret) signatures_custom_list = esp_api_lib.object_list_get('custom_signatures', esp_public, esp_secret) # Check the signatures list from the server for duplicate ID's signatures_combined_dict = {} # Check and add for built-in sigs for signature in signatures_built_in_list: signature_identifier = signature['attributes']['identifier'].encode('utf-8') signature_id = int(signature['id']) signature_custom = False if signature_identifier not in signatures_combined_dict: signatures_combined_dict[signature_identifier] = {} signatures_combined_dict[signature_identifier]['signature_id'] = signature_id signatures_combined_dict[signature_identifier]['signature_custom'] = signature_custom else: esp_api_lib.exit_error('500', "Duplicate Signature Identifier found in the built-in signature list: " + json.dumps(signature)) # Check and add for custom sigs for signature in signatures_custom_list: signature_identifier = signature['attributes']['identifier'].encode('utf-8') signature_id = int(signature['id']) signature_custom = True if signature_identifier not in signatures_combined_dict: signatures_combined_dict[signature_identifier] = {} signatures_combined_dict[signature_identifier]['signature_id'] = signature_id signatures_combined_dict[signature_identifier]['signature_custom'] = signature_custom else: esp_api_lib.exit_error('500', "Duplicate Signature Identifier found in the custom signature list: " + json.dumps(signature)) return signatures_combined_dict
def compliance_get(csv_list, esp_public, esp_secret): # Validate expected fields were imported keys = ['compliance_standard_name', 'compliance_standard_description', 'compliance_domain_name', 'compliance_domain_identifier', 'compliance_control_name', 'compliance_control_identifier', 'compliance_control_description', 'signature_identifier'] for key in keys: if key not in csv_list[0]: esp_api_lib.exit_error(400, 'Expected key missing from import CSV: ' + str(key)) # Validate and set Org ID organization_list = esp_api_lib.object_list_get('organizations', esp_public, esp_secret) if len(organization_list) != 1: esp_api_lib.exit_error(500, 'Expected exactly 1 top level Organization, but got ' + str(len(organization_list))) organization_id = int(organization_list[0]['id']) # Validate and create nested structures for import import_dict = {} for row in csv_list: # Set and verify the row has all required values standard_name = row['compliance_standard_name'].encode('utf-8') if standard_name == '': esp_api_lib.exit_error(400, "Import sheet is missing compliance_standard_name for : " + json.dumps(row)) standard_description = row['compliance_standard_description'].encode('utf-8') if standard_description == '': esp_api_lib.exit_error(400, "Import sheet is missing compliance_standard_description for : " + json.dumps(row)) domain_name = row['compliance_domain_name'].encode('utf-8') if domain_name == '': esp_api_lib.exit_error(400, "Import sheet is missing the compliance_domain_name for : " + json.dumps(row)) domain_identifier = row['compliance_domain_identifier'].encode('utf-8') if domain_identifier == '': esp_api_lib.exit_error(400, "Import sheet is missing the compliance_domain_identifier for : " + json.dumps(row)) control_name = row['compliance_control_name'].encode('utf-8') if control_name == '': esp_api_lib.exit_error(400, "Import sheet is missing the compliance_control_name for : " + json.dumps(row)) control_identifier = row['compliance_control_identifier'].encode('utf-8') if control_identifier == '': esp_api_lib.exit_error(400, "Import sheet is missing the compliance_control_identifier for : " + json.dumps(row)) control_description = row['compliance_control_description'].encode('utf-8') if control_description == '': esp_api_lib.exit_error(400, "Import sheet is missing the compliance_control_description for : " + json.dumps(row)) signature_identifier = row['signature_identifier'].encode('utf-8') if signature_identifier == '': esp_api_lib.exit_error(400, "Import sheet is missing the signature_identifier for : " + json.dumps(row)) # Build nested structure if standard_name not in import_dict: import_dict[standard_name] = {} import_dict[standard_name]['organization_id'] = organization_id import_dict[standard_name]['compliance_standard_description'] = standard_description import_dict[standard_name]['domains'] = {} import_dict[standard_name]['domains'][domain_name] = {} import_dict[standard_name]['domains'][domain_name]['compliance_domain_identifier'] = domain_identifier import_dict[standard_name]['domains'][domain_name]['controls'] = {} import_dict[standard_name]['domains'][domain_name]['controls'][control_name] = {} import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['compliance_control_identifier'] = control_identifier import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['compliance_control_description'] = control_description import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['signature_identifier_list'] = [signature_identifier] import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['signature_ids'] = [] import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['custom_signature_ids'] = [] elif domain_name not in import_dict[standard_name]['domains']: import_dict[standard_name]['domains'][domain_name] = {} import_dict[standard_name]['domains'][domain_name]['compliance_domain_identifier'] = domain_identifier import_dict[standard_name]['domains'][domain_name]['controls'] = {} import_dict[standard_name]['domains'][domain_name]['controls'][control_name] = {} import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['compliance_control_identifier'] = control_identifier import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['compliance_control_description'] = control_description import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['signature_identifier_list'] = [signature_identifier] import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['signature_ids'] = [] import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['custom_signature_ids'] = [] elif control_name not in import_dict[standard_name]['domains'][domain_name]['controls']: import_dict[standard_name]['domains'][domain_name]['controls'][control_name] = {} import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['compliance_control_identifier'] = control_identifier import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['compliance_control_description'] = control_description import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['signature_identifier_list'] = [signature_identifier] import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['signature_ids'] = [] import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['custom_signature_ids'] = [] else: import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['signature_identifier_list'].append(signature_identifier) return import_dict
print('Sorting out ESP API Key...') esp_public, esp_secret = esp_api_lib.settings_get(args.public, args.secret) # --Main-- # compliance_standard_id = 0 if args.compliance_standard_id is None and args.compliance_standard_name is None: esp_api_lib.exit_error( 400, 'You need to either fill in a Custom Compliance Standard Name or ID.' ) elif args.compliance_standard_id is not None and args.compliance_standard_name is not None: esp_api_lib.exit_error( 400, 'You need to enter an ID OR a Standard Name, not both.') elif args.compliance_standard_id is None: print('API - Get the custom compliance standard id from name...') custom_compliance_standards_list = esp_api_lib.object_list_get( 'custom_compliance_standards', esp_public, esp_secret) custom_standards_id_list = custom_compliance_standards_filter( custom_compliance_standards_list, args.compliance_standard_name) if len(custom_standards_id_list) == 1: compliance_standard_id = custom_standards_id_list[0] elif len(custom_standards_id_list) > 1: esp_api_lib.exit_error( 400, 'More than 1 Compliance Standards found matching name specified! Please limit your filter to a single Compliance Standard.' ) else: esp_api_lib.exit_error( 400, 'No Compliance Standards found matching name specified!') else: compliance_standard_id = args.compliance_standard_id
def get_compliance_controls(standards_id_list, compliance_standards_list, compliance_domains_list, compliance_controls_list, esp_public, esp_secret): # Build a new list with the correct formatting object_list_new = [] # Deal with standard compliance frameworks for compliance_control in compliance_controls_list: object_new = {} # Check to see if the control is in a standard being exported object_new['compliance_standard_id'] = esp_api_lib.get_id_from_link( compliance_control['relationships']['compliance_standard']['links'] ['related']) if object_new['compliance_standard_id'] in standards_id_list: # Get compliance control information object_new['compliance_control_id'] = int(compliance_control['id']) object_new['compliance_control_description'] = compliance_control[ 'attributes']['description'].encode('utf-8') object_new['compliance_control_identifier'] = compliance_control[ 'attributes']['identifier'].encode('utf-8') object_new['compliance_control_created_at'] = compliance_control[ 'attributes']['created_at'].encode('utf-8') object_new['compliance_control_updated_at'] = compliance_control[ 'attributes']['updated_at'].encode('utf-8') object_new['compliance_control_name'] = compliance_control[ 'attributes']['name'].encode('utf-8') object_new['compliance_domain_id'] = esp_api_lib.get_id_from_link( compliance_control['relationships']['compliance_domain'] ['links']['related']) object_new[ 'compliance_standard_id'] = esp_api_lib.get_id_from_link( compliance_control['relationships']['compliance_standard'] ['links']['related']) for compliance_domain in compliance_domains_list: # Match and get Domain information if int(compliance_domain['id'] ) == object_new['compliance_domain_id']: object_new[ 'compliance_domain_created_at'] = compliance_domain[ 'attributes']['created_at'].encode('utf-8') object_new[ 'compliance_domain_updated_at'] = compliance_domain[ 'attributes']['updated_at'].encode('utf-8') object_new['compliance_domain_name'] = compliance_domain[ 'attributes']['name'].encode('utf-8') object_new[ 'compliance_domain_identifier'] = compliance_domain[ 'attributes']['identifier'].encode('utf-8') break for compliance_standard in compliance_standards_list: # Match and get Standards information if int(compliance_standard['id'] ) == object_new['compliance_standard_id']: object_new[ 'compliance_standard_description'] = compliance_standard[ 'attributes']['description'].encode('utf-8') object_new[ 'compliance_standard_created_at'] = compliance_standard[ 'attributes']['created_at'].encode('utf-8') object_new[ 'compliance_standard_updated_at'] = compliance_standard[ 'attributes']['updated_at'].encode('utf-8') object_new[ 'compliance_standard_name'] = compliance_standard[ 'attributes']['name'].encode('utf-8') break compliance_control_signature_api = 'compliance_controls/' + str( object_new['compliance_control_id']) + '/signatures' compliance_control_signature_list = esp_api_lib.object_list_get( compliance_control_signature_api, esp_public, esp_secret) for compliance_control_signature in compliance_control_signature_list: object_new_with_sig = object_new.copy() object_new_with_sig['signature_id'] = int( compliance_control_signature['id']) object_new_with_sig[ 'signature_description'] = compliance_control_signature[ 'attributes']['description'].encode('utf-8') object_new_with_sig[ 'signature_identifier'] = compliance_control_signature[ 'attributes']['identifier'].encode('utf-8') object_new_with_sig[ 'signature_created_at'] = compliance_control_signature[ 'attributes']['created_at'].encode('utf-8') object_new_with_sig[ 'signature_updated_at'] = compliance_control_signature[ 'attributes']['updated_at'].encode('utf-8') object_new_with_sig[ 'signature_name'] = compliance_control_signature[ 'attributes']['name'].encode('utf-8') object_new_with_sig[ 'signature_resolution'] = compliance_control_signature[ 'attributes']['resolution'].encode('utf-8') object_new_with_sig[ 'signature_risk_level'] = compliance_control_signature[ 'attributes']['risk_level'].encode('utf-8') object_new_with_sig[ 'signature_service_id'] = esp_api_lib.get_id_from_link( compliance_control_signature['relationships'] ['service']['links']['related']) object_new_with_sig['signature_custom'] = False object_list_new.append(object_new_with_sig) #object_list_new.append(object_new) # Only used if SIG block is commented out return object_list_new
def get_custom_compliance_controls(custom_standards_id_list, custom_compliance_standards_list, custom_compliance_domains_list, custom_compliance_controls_list, esp_public, esp_secret): # Build a new list with the correct formatting object_list_new = [] # Deal with standard compliance frameworks for compliance_control in custom_compliance_controls_list: object_new = {} # Check to see if the control is in a standard being exported object_new['compliance_standard_id'] = esp_api_lib.get_id_from_link( compliance_control['relationships']['custom_compliance_standard'] ['links']['related']) if object_new['compliance_standard_id'] in custom_standards_id_list: object_new['compliance_control_id'] = int(compliance_control['id']) object_new['compliance_control_description'] = compliance_control[ 'attributes']['description'].encode('utf-8') object_new['compliance_control_identifier'] = compliance_control[ 'attributes']['identifier'].encode('utf-8') object_new['compliance_control_created_at'] = compliance_control[ 'attributes']['created_at'].encode('utf-8') object_new['compliance_control_updated_at'] = compliance_control[ 'attributes']['updated_at'].encode('utf-8') object_new['compliance_control_name'] = compliance_control[ 'attributes']['name'].encode('utf-8') object_new['compliance_domain_id'] = esp_api_lib.get_id_from_link( compliance_control['relationships']['custom_compliance_domain'] ['links']['related']) for compliance_domain in custom_compliance_domains_list: if int(compliance_domain['id'] ) == object_new['compliance_domain_id']: object_new[ 'compliance_domain_created_at'] = compliance_domain[ 'attributes']['created_at'].encode('utf-8') object_new[ 'compliance_domain_updated_at'] = compliance_domain[ 'attributes']['updated_at'].encode('utf-8') object_new['compliance_domain_name'] = compliance_domain[ 'attributes']['name'].encode('utf-8') object_new[ 'compliance_domain_identifier'] = compliance_domain[ 'attributes']['identifier'].encode('utf-8') break for compliance_standard in custom_compliance_standards_list: if int(compliance_standard['id'] ) == object_new['compliance_standard_id']: object_new[ 'compliance_standard_description'] = compliance_standard[ 'attributes']['description'].encode('utf-8') object_new[ 'compliance_standard_created_at'] = compliance_standard[ 'attributes']['created_at'].encode('utf-8') object_new[ 'compliance_standard_updated_at'] = compliance_standard[ 'attributes']['updated_at'].encode('utf-8') object_new[ 'compliance_standard_name'] = compliance_standard[ 'attributes']['name'].encode('utf-8') break # Get attached signatures from link and add each as a line item compliance_control_signature_api = 'custom_compliance_controls/' + str( object_new['compliance_control_id']) + '/signatures' compliance_control_signature_list = esp_api_lib.object_list_get( compliance_control_signature_api, esp_public, esp_secret) for compliance_control_signature_link in compliance_control_signature_list: object_new_with_sig = object_new.copy() object_new_with_sig[ 'signature_id'] = esp_api_lib.get_id_from_link( compliance_control_signature_link['relationships'] ['signature']['links']['related']) compliance_control_signature_api_single = 'signatures/%d' % object_new_with_sig[ 'signature_id'] compliance_control_signature = esp_api_lib.object_get( compliance_control_signature_api_single, esp_public, esp_secret) object_new_with_sig[ 'signature_description'] = compliance_control_signature[ 'attributes']['description'].encode('utf-8') object_new_with_sig[ 'signature_identifier'] = compliance_control_signature[ 'attributes']['identifier'].encode('utf-8') object_new_with_sig[ 'signature_created_at'] = compliance_control_signature[ 'attributes']['created_at'].encode('utf-8') object_new_with_sig[ 'signature_updated_at'] = compliance_control_signature[ 'attributes']['updated_at'].encode('utf-8') object_new_with_sig[ 'signature_name'] = compliance_control_signature[ 'attributes']['name'].encode('utf-8') object_new_with_sig[ 'signature_resolution'] = compliance_control_signature[ 'attributes']['resolution'].encode('utf-8') object_new_with_sig[ 'signature_risk_level'] = compliance_control_signature[ 'attributes']['risk_level'].encode('utf-8') object_new_with_sig[ 'signature_service_id'] = esp_api_lib.get_id_from_link( compliance_control_signature['relationships'] ['service']['links']['related']) object_new_with_sig['signature_custom'] = False object_list_new.append(object_new_with_sig) # Get attached custom signatures from link and add each as a line item compliance_control_custom_signature_api = 'custom_compliance_controls/' + str( object_new['compliance_control_id']) + '/custom_signatures' compliance_control_custom_signature_list = esp_api_lib.object_list_get( compliance_control_custom_signature_api, esp_public, esp_secret) for compliance_control_signature_link in compliance_control_custom_signature_list: object_new_with_sig = object_new.copy() object_new_with_sig[ 'signature_id'] = esp_api_lib.get_id_from_link( compliance_control_signature_link['relationships'] ['custom_signature']['links']['related']) compliance_control_signature_api_single = 'custom_signatures/%d' % object_new_with_sig[ 'signature_id'] compliance_control_signature = esp_api_lib.object_get( compliance_control_signature_api_single, esp_public, esp_secret) object_new_with_sig[ 'signature_description'] = compliance_control_signature[ 'attributes']['description'].encode('utf-8') object_new_with_sig[ 'signature_identifier'] = compliance_control_signature[ 'attributes']['identifier'].encode('utf-8') object_new_with_sig[ 'signature_created_at'] = compliance_control_signature[ 'attributes']['created_at'].encode('utf-8') object_new_with_sig[ 'signature_updated_at'] = compliance_control_signature[ 'attributes']['updated_at'].encode('utf-8') object_new_with_sig[ 'signature_name'] = compliance_control_signature[ 'attributes']['name'].encode('utf-8') object_new_with_sig[ 'signature_resolution'] = compliance_control_signature[ 'attributes']['resolution'].encode('utf-8') object_new_with_sig[ 'signature_risk_level'] = compliance_control_signature[ 'attributes']['risk_level'].encode('utf-8') object_new_with_sig['signature_service_id'] = '' object_new_with_sig['signature_custom'] = True object_list_new.append(object_new_with_sig) return object_list_new
'compliance_control_name', 'compliance_control_identifier', 'compliance_control_description', 'signature_identifier', 'signature_name' ] esp_api_lib.write_to_csv(compliance_list_new, args.export_file_name, field_names) print('Blank CSV template created!') else: print() print('Sorting out ESP API Key...') esp_public, esp_secret = esp_api_lib.settings_get( args.public, args.secret) # --Main-- # print('Get the compliance standards objects from the ESP API...') compliance_standards_list = esp_api_lib.object_list_get( 'compliance_standards', esp_public, esp_secret) custom_compliance_standards_list = esp_api_lib.object_list_get( 'custom_compliance_standards', esp_public, esp_secret) print('Get list of standard IDs needed for export...') standards_id_list, custom_standards_id_list = compliance_standards_filter( compliance_standards_list, custom_compliance_standards_list, args.compliance_standard_name) if len(standards_id_list) > 0: print( 'Getting the Domains and Controls data from the ESP API (Built-in Compliance)...' ) compliance_domains_list = esp_api_lib.object_list_get( 'compliance_domains', esp_public, esp_secret) compliance_controls_list = esp_api_lib.object_list_get( 'compliance_controls', esp_public, esp_secret)
help='(Optional) - Export only the built-in signatures.') parser.add_argument('export_file_name', type=str, help='File to export to.') args = parser.parse_args() # --End parse command line arguments-- # # Sort out ESP API Key esp_public, esp_secret = esp_api_lib.settings_get(args.public, args.secret) # --Main-- # if args.custom and not args.builtin: print('Getting the custom signatures from the API...') custom_signatures_list = esp_api_lib.object_list_get( 'custom_signatures', esp_public, esp_secret) print('Formatting results into export format...') signatures_list_formatted = signatures_format(custom_signatures_list, True) elif not args.custom and args.builtin: print('Getting the built-in signatures from the API...') signatures_list = esp_api_lib.object_list_get('signatures', esp_public, esp_secret) print('Formatting results into export format...') signatures_list_formatted = signatures_format(signatures_list, False) else: print('Getting the built-in signatures from the API...') signatures_list = esp_api_lib.object_list_get('signatures', esp_public, esp_secret)