def _funct_zia_get_url_categories_function(self, event, *args, **kwargs): """Function: None""" try: rp = ResultPayload(PACKAGE_NAME, **kwargs) # Get the wf_instance_id of the workflow this Function was called in wf_instance_id = event.message["workflow_instance"][ "workflow_instance_id"] yield StatusMessage( "Starting '{0}' running in workflow '{1}'".format( FN_NAME, wf_instance_id)) # Get and validate required function inputs: fn_inputs = validate_fields([], kwargs) LOG.info("'{0}' inputs: %s", fn_inputs) if fn_inputs.get("zia_category_id") and fn_inputs.get( "zia_custom_only").lower() == "false": raise ValueError( "If parameter '{0}' is set then parameter '{1}' should be set to '{2}'." .format("zia_category_id", "zia_custom_only", "true")) # Test any enabled filters to ensure they are valid regular expressions. for f in ["zia_name_filter", "zia_url_filter"]: patt = fn_inputs.get(f) if patt and not is_regex(patt): raise ValueError( "The query filter '{}' does not have a valid regular expression." .format(repr(f))) # Remove 'zia_' prefix from function parameters. fn_inputs = dict( (k.split('_', 1)[1], v) for k, v in fn_inputs.items()) yield StatusMessage( "Validations complete. Starting business logic") ziacli = ZiaClient(self.opts, self.fn_options) result = ziacli.get_url_categories(**fn_inputs) yield StatusMessage( "Finished '{0}' that was running in workflow '{1}'".format( FN_NAME, wf_instance_id)) results = rp.done(True, result) LOG.info("'%s' complete", FN_NAME) yield StatusMessage( "Returning results for function '{}' with parameters '{}'.". format( FN_NAME, ", ".join("{!s}={!r}".format(k, v) for (k, v) in fn_inputs.items()))) # Produce a FunctionResult with the results yield FunctionResult(results) except Exception as e: yield FunctionError(e)
def _funct_zia_add_to_blocklist_function(self, event, *args, **kwargs): """Function: Add a URLs or IP addresses to the blocklist list. See link for URL guidelines: https://help.zscaler.com/zia/url-format-guidelines """ try: rp = ResultPayload(PACKAGE_NAME, **kwargs) # Get the wf_instance_id of the workflow this Function was called in wf_instance_id = event.message["workflow_instance"][ "workflow_instance_id"] yield StatusMessage( "Starting '{0}' running in workflow '{1}'".format( FN_NAME, wf_instance_id)) # Get and validate required function inputs: fn_inputs = validate_fields(["zia_blocklisturls", "zia_activate"], kwargs) LOG.info("'{0}' inputs: %s", fn_inputs) if fn_inputs.get("zia_category_id") and fn_inputs.get( "zia_custom_only").lower() == "false": raise ValueError("If parameter '{0}' is set parameter '{1}' should be set '{2}'.")\ .format("zia_category_id", "zia_custom_only", "true") yield StatusMessage( "Validations complete. Starting business logic") blocklisturls = fn_inputs.get("zia_blocklisturls") activate = fn_inputs.get("zia_activate") ziacli = ZiaClient(self.opts, self.fn_options) result = { "response": ziacli.blocklist_action(blocklisturls, "ADD_TO_LIST") } result["activation"] = ziacli.activate(activate) yield StatusMessage( "Finished '{0}' that was running in workflow '{1}'".format( FN_NAME, wf_instance_id)) results = rp.done(True, result) LOG.info("'%s' complete", FN_NAME) yield StatusMessage( "Returning results for function '{}' with parameters '{}'.". format( FN_NAME, ", ".join("{!s}={!r}".format(k, v) for (k, v) in fn_inputs.items()))) # Produce a FunctionResult with the results yield FunctionResult(results) except Exception as e: yield FunctionError(e)
def _funct_zia_remove_from_url_category_function(self, event, *args, **kwargs): """Function: Remove URLs or IP addresses from a URL Category. See following for URL guidelines https://help.zscaler.com/zia/url-format-guidelines""" try: rp = ResultPayload(PACKAGE_NAME, **kwargs) # Get the wf_instance_id of the workflow this Function was called in wf_instance_id = event.message["workflow_instance"][ "workflow_instance_id"] yield StatusMessage( "Starting '{0}' running in workflow '{1}'".format( FN_NAME, wf_instance_id)) # Get and validate required function inputs: fn_inputs = validate_fields([ "zia_configured_name", "zia_urls", "zia_category_id", "zia_activate" ], kwargs) LOG.info("'{0}' inputs: %s", fn_inputs) yield StatusMessage( "Validations complete. Starting business logic") category_id = fn_inputs.get("zia_category_id") configured_name = fn_inputs.get("zia_configured_name") urls = fn_inputs.get("zia_urls") activate = fn_inputs.get("zia_activate") ziacli = ZiaClient(self.opts, self.fn_options) result = { "response": ziacli.category_action(category_id, configured_name, urls, "REMOVE_FROM_LIST") } result["activation"] = ziacli.activate(activate) yield StatusMessage( "Finished '{0}' that was running in workflow '{1}'".format( FN_NAME, wf_instance_id)) results = rp.done(True, result) LOG.info("'%s' complete", FN_NAME) yield StatusMessage( "Returning results for function '{}' with parameters '{}'.". format( FN_NAME, ", ".join("{!s}={!r}".format(k, v) for (k, v) in fn_inputs.items()))) # Produce a FunctionResult with the results yield FunctionResult(results) except Exception as e: yield FunctionError(e)
def _funct_zia_add_url_category_function(self, event, *args, **kwargs): """Function: None""" try: rp = ResultPayload(PACKAGE_NAME, **kwargs) # Get the wf_instance_id of the workflow this Function was called in wf_instance_id = event.message["workflow_instance"][ "workflow_instance_id"] yield StatusMessage( "Starting '{0}' running in workflow '{1}'".format( FN_NAME, wf_instance_id)) # Get and validate required function inputs: fn_inputs = validate_fields([ "zia_configured_name", "zia_super_category", "zia_urls", "zia_custom_category", "zia_activate" ], kwargs) LOG.info("'{0}' inputs: %s", fn_inputs) yield StatusMessage( "Validations complete. Starting business logic") params = { "configured_name": fn_inputs.get("zia_configured_name"), "super_category": fn_inputs.get("zia_super_category"), "urls": fn_inputs.get("zia_urls"), "custom_category": fn_inputs.get("zia_custom_category"), "keywords": fn_inputs.get("zia_keywords"), } activate = fn_inputs.get("zia_activate") ziacli = ZiaClient(self.opts, self.fn_options) result = {"response": ziacli.add_url_category(**params)} result["activation"] = ziacli.activate(activate) yield StatusMessage( "Finished '{0}' that was running in workflow '{1}'".format( FN_NAME, wf_instance_id)) results = rp.done(True, result) LOG.info("'%s' complete", FN_NAME) yield StatusMessage( "Returning results for function '{}' with parameters '{}'.". format( FN_NAME, ", ".join("{!s}={!r}".format(k, v) for (k, v) in fn_inputs.items()))) # Produce a FunctionResult with the results yield FunctionResult(results) except Exception as e: yield FunctionError(e)
def _funct_zia_get_blocklist_function(self, event, *args, **kwargs): """Function: Get a list of block-listed URLs. """ try: rp = ResultPayload(PACKAGE_NAME, **kwargs) # Get the wf_instance_id of the workflow this Function was called in wf_instance_id = event.message["workflow_instance"][ "workflow_instance_id"] yield StatusMessage( "Starting '{0}' running in workflow '{1}'".format( FN_NAME, wf_instance_id)) # Get and validate required function inputs: fn_inputs = validate_fields([], kwargs) LOG.info("'{0}' inputs: %s", fn_inputs) url_filter_patt = fn_inputs.get("zia_url_filter") if url_filter_patt and not is_regex(url_filter_patt): raise ValueError( "The url query filter '{}' does not have a valid regular expression." .format("zia_url_filter")) yield StatusMessage( "Validations complete. Starting business logic") ziacli = ZiaClient(self.opts, self.fn_options) result = ziacli.get_blocklist_urls(url_filter=url_filter_patt) yield StatusMessage( "Finished '{0}' that was running in workflow '{1}'".format( FN_NAME, wf_instance_id)) results = rp.done(True, result) LOG.info("'%s' complete", FN_NAME) yield StatusMessage( "Returning results for function '{}' with parameters '{}'.". format( FN_NAME, ", ".join("{!s}={!r}".format(k, v) for (k, v) in fn_inputs.items()))) # Produce a FunctionResult with the results yield FunctionResult(results) except Exception as e: yield FunctionError(e)
def _funct_zia_get_sandbox_report_function(self, event, *args, **kwargs): """Function: Query an MD5 to see if it was run through the ZIA Sandbox. Get a full (i.e., complete) or summary detail report for a file that was analyzed. """ try: LOG = logging.getLogger(__name__) rp = ResultPayload(PACKAGE_NAME, **kwargs) # Get the wf_instance_id of the workflow this Function was called in wf_instance_id = event.message["workflow_instance"]["workflow_instance_id"] yield StatusMessage("Starting '{0}' running in workflow '{1}'".format(FN_NAME, wf_instance_id)) # Get and validate required function inputs: fn_inputs = validate_fields( ["zia_md5", "zia_full_report"], kwargs) LOG.info("'{0}' inputs: %s", fn_inputs) yield StatusMessage("Validations complete. Starting business logic") ziacli = ZiaClient(self.opts, self.fn_options) result = ziacli.get_sandbox_report(fn_inputs.get("zia_md5"), full=fn_inputs.get("zia_full_report")) yield StatusMessage("Finished '{0}' that was running in workflow '{1}'".format(FN_NAME, wf_instance_id)) results = rp.done(True, result) LOG.info("'%s' complete", FN_NAME) yield StatusMessage("Returning results for function '{}' with parameters '{}'." .format(FN_NAME, ", ".join("{!s}={!r}".format(k,v) for (k,v) in fn_inputs.items()))) # Produce a FunctionResult with the results yield FunctionResult(results) except Exception as e: yield FunctionError(e)
def selftest_function(opts): """ Simple test to verify Zia connectivity. """ fn_opts = opts.get("fn_zia", {}) try: ziacli = ZiaClient(opts, fn_opts) result = ziacli.get_blocklist_urls() if isinstance(result, dict): return { "state": "success", "reason": "Successful connection to Zia endpoint" } else: return { "state": "failure", "reason": "Failed to connect to Zia endpoint" } except Exception as e: return {"state": "failure", "status_code": e}
def _funct_zia_url_lookup_function(self, event, *args, **kwargs): """Function: Look up the categorization of a URL or set of URLs, e.g., ['abc.com', 'xyz.com']. See following for URL guidelines https://help.zscaler.com/zia/url-format-guidelines""" try: rp = ResultPayload(PACKAGE_NAME, **kwargs) # Get the wf_instance_id of the workflow this Function was called in wf_instance_id = event.message["workflow_instance"]["workflow_instance_id"] yield StatusMessage("Starting '{0}' running in workflow '{1}'".format(FN_NAME, wf_instance_id)) # Get and validate required function inputs: fn_inputs = validate_fields( ["zia_urls"], kwargs) LOG.info("'{0}' inputs: %s", fn_inputs) yield StatusMessage("Validations complete. Starting business logic") urls = fn_inputs.get("zia_urls") ziacli = ZiaClient(self.opts, self.fn_options) result = ziacli.url_lookup(urls) yield StatusMessage("Finished '{0}' that was running in workflow '{1}'".format(FN_NAME, wf_instance_id)) results = rp.done(True, result) LOG.info("'%s' complete", FN_NAME) yield StatusMessage("Returning results for function '{}' with parameters '{}'." .format(FN_NAME, ", ".join("{!s}={!r}".format(k,v) for (k,v) in fn_inputs.items()))) # Produce a FunctionResult with the results yield FunctionResult(results) except Exception as e: yield FunctionError(e)