def test_event(self): events = EventManager( time_range="CUSTOM", start_time=datetime.now() - timedelta(days=QUERY_TIMERANGE), end_time=datetime.now() + timedelta(days=1), limit=1, ) events.load_data() event = events[0] event_from_ips_get_alert_data = Event(id=event["IPSIDAlertID"]) self.assertEqual( event["IPSIDAlertID"], "|".join([ str(event_from_ips_get_alert_data["ipsId"]["id"]), str(event_from_ips_get_alert_data["alertId"]), ]), ) if NitroSession().api_v == 2: print("CREATING EVENT MANUALLY FROM ID") data = Event().data_from_id(id=event["IPSIDAlertID"], use_query=True) event_from_direct_id_query = Event(data) print("EVENT RETREIVED : {}".format(event_from_direct_id_query)) print("ORIGINAL EVENT : {}".format(event)) self.assertEqual(event_from_direct_id_query, data)
def test_api_cmd_get_api_docs(self): s=NitroSession() help_page = etree.parse(BytesIO(requests.get('https://{esm_url}/rs/esm/v2/help'.format(esm_url=s.config.host), verify=s.config.ssl_verify).text.encode())) endpoints = [e.get('name') for e in help_page.iter() if 'esmCommand' in e.tag and e.get('name')] for index, line in enumerate(api_cmd_get_api_docs().splitlines()): self.assertIn(endpoints[index], line, "API ---list option broken")
def api_cmd_get_params_docs(): """ Get a list of all possible API calls with paramaters interpolation TODO: write a test """ s = NitroSession() docs = "" for k, v in s.PARAMS.items(): name = "{}".format(k) keywords = [] params = "" endpoint = "{}".format( urlparse(v[0] if not isinstance(v[0], Template) else v[0].template ).path) if isinstance(v[0], Template): keywords += [ s[1] or s[2] for s in Template.pattern.findall(v[0].template) if s[1] or s[2] ] if isinstance(v[1], Template): keywords += [ s[1] or s[2] for s in Template.pattern.findall(v[1].template) if s[1] or s[2] ] params = " ".join(["{}=<value>".format(k) for k in keywords]) docs += "msiem api --method '{}' {} # Call {} \n".format( name, '--args ' + params if params else params, endpoint) return docs
def api_cmd(args): """ Quickly make API requests to any enpoints with any data. Print resposne to sdtout as JSON. Request v2/alarmGetTriggeredAlarms: $ msiem api --method "v2/alarmGetTriggeredAlarms?triggeredTimeRange=LAST_24_HOURS&status=&pageSize=500&pageNumber=1" """ s = NitroSession() s.login() if args.list: print("All possible SIEM requests: ") print(api_cmd_get_api_docs()) print("Requests with API parameters interpolation") print(api_cmd_get_params_docs()) exit(0) if args.method: if args.method in s.PARAMS.keys(): res = s.request(args.method, **api_cmd_parse_interpolated_args(args.args)) else: res = s.api_request(args.method, api_cmd_get_data(args.data)) pprint_json(res)
def api_cmd_get_api_docs(): """ Get a list of all possible API calls """ s = NitroSession() help_page = etree.parse( BytesIO( requests.get('https://{esm_url}/rs/esm/v2/help'.format( esm_url=s.config.host), verify=s.config.ssl_verify).text.encode())) endpoints = [ e.get('name') for e in help_page.iter() if 'esmCommand' in e.tag and e.get('name') ] docs = "" for endp in endpoints: docs += "msiem api --method v2/{} --data <JSON string or file>\n".format( endp) return docs
def NitroSession(self): return NitroSession( NitroConfig(path=self._confDir + 'esmclient.config'))
import pprint from msiempy import NitroSession session = NitroSession() pprint.pprint(session.PARAMS)
from msiempy.__version__ import __version__ from msiempy import NitroSession session = NitroSession() print("msiempy verison: {}".format(__version__)) print("ESM version: {}".format(session.request("build_stamp")["buildStamp"]))
from msiempy import NitroSession import pprint session = NitroSession() filters = session.request("get_possible_filters") fields = session.request("get_possible_fields", type="EVENT", groupType="NO_GROUP") print() print() print("FIELDS NAMES S:\n{}".format(pprint.pformat(fields))) print() print() print("FIELDS NAMES YOU CAN USE IN FILTERS:\n{}".format( pprint.pformat(filters))) print() print() print("FIELDS NAMES SUMMARY:\n{}".format([field["name"] for field in fields])) print() print() print("FIELDS NAMES YOU CAN USE IN FILTERS SUMMARY:\n{}".format( [field["name"] for field in filters]))
from msiempy import NitroSession import pprint session = NitroSession() filters = session.request('get_possible_filters') fields = session.request('get_possible_fields', type='EVENT', groupType='NO_GROUP') print() print() print('FIELDS NAMES S:\n{}'.format(pprint.pformat(fields))) print() print() print('FIELDS NAMES YOU CAN USE IN FILTERS:\n{}'.format( pprint.pformat(filters))) print() print() print('FIELDS NAMES SUMMARY:\n{}'.format([field['name'] for field in fields])) print() print() print('FIELDS NAMES YOU CAN USE IN FILTERS SUMMARY:\n{}'.format( [field['name'] for field in filters]))
from msiempy.__version__ import __version__ from msiempy import NitroSession session=NitroSession() print('msiempy verison: {}'.format(__version__)) print('ESM version: {}'.format(session.request('build_stamp')['buildStamp']))
def dstools(pargs): """ Add datasources from CSV or INI files, list, search, remove. """ global devtree devtree = DevTree() if pargs.add: ds_dir = pargs.add new_files = None if os.path.isfile(ds_dir): new_files = [ds_dir] else: dsdir_path = verify_dir(ds_dir) new_files = scan_dir(dsdir_path) if not new_files: print("No datasource files found.") sys.exit(0) ds_lod = convert_ds_files(new_files) ds_to_verify = [] for ds in ds_lod: if ds['name'] in devtree: print('Duplicate datasource Name. Datasource not ' 'added: {} - {}.'.format(ds['name'], ds['ds_ip'])) continue if ds['ds_ip'] in devtree: print('Duplicate datasource IP. Datasource not ' 'added: {} - {}.'.format(ds['name'], ds['ds_ip'])) continue try: if ds.get('client', None): print("Adding Client Datasource: {}".format(ds)) resp = devtree.add_client(ds) else: print("Adding Datasource: {}".format(ds)) resp = devtree.add(ds) if not resp: print('Something went wrong, Datasource {} not added.') continue else: # Wait for the add DS query to execuite ... time.sleep(1) ds_status = NitroSession().api_request('dsAddDataSourcesStatus', {"jobId": resp}, retry=0) if not isinstance(ds_status, dict): print('Something went wrong, Datasource {} not added.\n{}'.format(ds['name'], ds_status)) continue while not ds_status['jobStatus'] == 'COMPLETE': time.sleep(1) ds_status = NitroSession().api_request('dsAddDataSourcesStatus', {"jobId": resp}, retry=0) if len(ds_status['unsuccessfulDatasources'])>0: print('Something went wrong, Datasource {} not added. {}'.format(ds['name'], ds_status['unsuccessfulDatasources'][0])) continue else: ds_to_verify.append(ds['name']) devtree.refresh() except Exception: print('Something went wrong, Datasource {} not added.\n{}'.format(ds['name'], traceback.format_exc() )) continue if len(ds_to_verify)>0: time.sleep(3) devtree.refresh() for ds in ds_to_verify: if search(ds, devtree): print('DataSource successfully added: {}'.format(ds)) else: print("Unknown issue occured while adding datasource {} and it was not added.".format(ds)) if pargs.search: print(search(pargs.search, devtree)) if pargs.delete: for ds_id in pargs.delete: ds = list(devtree.search_ds_group(field='ds_id', term=ds_id)) if len(ds): ds=ds[0] if pargs.force or input("Delete the datasource and all the data? \n{}\n[y/n]".format(ds)).lower().startswith('y'): ds.delete() else: print("Datasource not deleted") else: print("Datasource {} not found".format(ds_id)) if pargs.deleteclients: for ds_id in pargs.deletelients: ds = list(devtree.search_ds_group(field='ds_id', term=ds_id)) if len(ds): if pargs.force or input("Delete the datasource's clients and all the data. \n{}\n[y/n]".format(ds)).lower().startswith('y'): ds.delete_client() else: print("Datasource client not deleted") else: print("Datasource {} not found".format(ds_id)) if pargs.list: print(devtree.get_text(fields=['name', 'ds_ip', 'ds_id', 'parent_id', 'client', 'type_id', 'type','last_time']))