def tune_app_control(api, configuration, api_version, api_exception):
try:
# Create a PoliciesApi object
policies_api = api.PoliciesApi(api.ApiClient(configuration))
# List policies using version v1 of the API
policies_list = policies_api.list_policies(api_version)
# View the list of policies
# return policies_list
except api_exception as e:
return "Exception: " + str(e)
# Search computer in deep security dashboard
search_criteria = api.SearchCriteria()
search_criteria.field_name = "displayName"
search_criteria.string_value = '%' + search_name + '%'
search_criteria.string_test = "equal"
search_criteria.string_wildcards = True
# Create search filter to find computer
search_filter = api.SearchFilter(None, [search_criteria])
# Create a ComputerApi object
computer_api = api.ComputersApi(api.ApiClient(configuration))
try:
# Perform the search
computer_details = computer_api.search_computers(api_version, search_filter=search_filter)
ec2_instance_id = []
ds_ids = []
for ec2_details in computer_details.computers:
ec2_instance_id.append(ec2_details.ec2_virtual_machine_summary.instance_id)
ds_ids.append(ec2_details.id)
# Set the Reconnaissance Scan value
setting_value = api.SettingValue()
setting_value.value = "true"
# Add the SettingValue to a ComputerSettings object
computer_settings = api.ComputerSettings()
computer_settings.firewall_setting_reconnaissance_enabled = setting_value
app_controll_settings = api.ApplicationControlComputerExtension()
app_controll_settings.state = app_control_status
# Add the ComputerSettings object to a Computer object
computer = api.Computer()
computer.computer_settings = computer_settings
computer.application_control = app_controll_settings
for ds_id in ds_ids:
computer_api.modify_computer(ds_id, computer, api_version, overrides=True)
return ec2_instance_id
except api_exception as e:
return "Exception: " + str(e)
def getruleid(rule_type, rule_to_apply, configuration, api_version):
# Get the rule id
policy_instance = deepsecurity.PoliciesApi(
deepsecurity.ApiClient(configuration))
if ("ips" in rule_type):
rule_instance = deepsecurity.IntrusionPreventionRulesApi(
deepsecurity.ApiClient(configuration))
if ("im" in rule_type):
rule_instance = deepsecurity.IntegrityMonitoringRulesApi(
deepsecurity.ApiClient(configuration))
if ("li" in rule_type):
rule_instance = deepsecurity.LogInspectionRulesApi(
deepsecurity.ApiClient(configuration))
rule_id = 0
try:
if ("ips" in rule_type):
rule_response = rule_instance.list_intrusion_prevention_rules(
api_version)
attrs = rule_response._intrusion_prevention_rules
rule_id = getid(attrs, rule_to_apply)
if ("im" in rule_type):
rule_response = rule_instance.list_integrity_monitoring_rules(
api_version)
attrs = rule_response._integrity_monitoring_rules
rule_id = getid(attrs, rule_to_apply)
if ("li" in rule_type):
rule_response = rule_instance.list_log_inspection_rules(
api_version)
attrs = rule_response._log_inspection_rules
rule_id = getid(attrs, rule_to_apply)
return (rule_id)
except ApiException as e:
print(
"An exception occurred when calling IntrusionPreventionRulesApi.list_intrusion_prevention_rules: %s\n"
% e)
def lambda_handler(event, context):
global DSM
global configuration
configuration = client.Configuration()
# DSM_policy = client.PoliciesApi(client.ApiClient(configuration))
# DSM_client = client.ComputersApi(client.ApiClient(configuration))
ds_api_key = '2:CC8BLAbBl8VH5sfPFjygafiV7heQc9fkHhDWkNjsxRk='
ds_hostname = 'app.deepsecurity.trendmicro.com'
ds_port = '443'
# ds_ignore_ssl_validation = None
# if 'dsIgnoreSslValidation' in os.environ: ds_ignore_ssl_validation = os.environ['dsIgnoreSslValidation']
try:
# DSM connection string
configuration.host = 'https://' + ds_hostname + ':' + ds_port + '/api'
configuration.verify_ssl = False
# Authentication
configuration.api_key['api-secret-key'] = ds_api_key
api_version = 'v1'
print("Signed into Deep Security")
except api_exception as ex:
print(
"Could not successfully sign into Deep Security. Threw exception: {}"
.format(ex))
# From here we have to fetch data
DSM_computer = client.ComputersApi(client.ApiClient(configuration))
try:
# NEED TO CHANGE THIS CODE TO SEARCH SPECIFIC INSTANCE ID
search_filter = deepsecurity.SearchFilter()
overrides = False
response = DSM_computer.search_computers('v1',
search_filter=search_filter,
overrides=overrides)
for computer in response.computers:
if computer.ec2_virtual_machine_summary.instance_id == 'i-0ab687235eddfb3ad':
attr = vars(computer)
instance_in_ds = attr['_id']
api_instance = deepsecurity.ScheduledTasksApi(
deepsecurity.ApiClient(configuration))
scheduled_task = deepsecurity.ScheduledTask(
).scan_for_recommendations_task_parameters
res = api_instance.create_scheduled_task(
scheduled_task, api_version)
print("Found the instance in Deep Security as computer {}".format(
len(response.computers)))
except api_exception as ex:
print(
"Could not find the instance in Deep Security. Threw exception: {}"
.format(ex))
def get_affected_instance_in_deep_security(instance_id):
"""
Find and return the specified instance in Deep Security
Returns a deepsecurity.computers.Computer object or None
"""
result = None
# if not DSM: return result
DSM_computer = client.ComputersApi(client.ApiClient(configuration))
try:
# NEED TO CHANGE THIS CODE TO SEARCH SPECIFIC INSTANCE ID
search_filter = deepsecurity.SearchFilter()
overrides = True
response = DSM_computer.search_computers('v1', search_filter=search_filter, overrides=overrides)
for computer in response.computers:
if computer.ec2_virtual_machine_summary.instance_id == instance_id:
attr = vars(computer)
print(attr['_id'])
print(type(attr['_id']))
return attr['_id']
except api_exception as ex:
print("Could not find the instance in Deep Security. Threw exception: {}".format(ex))
def getIPSrules(cve):
# Initialization
# Set Any Required Values
api_instance = deepsecurity.IntrusionPreventionRulesApi(
deepsecurity.ApiClient(configuration))
api_version = 'v1'
# Set search criteria for the date range
search_criteria = deepsecurity.SearchCriteria()
search_criteria.field_name = "CVE"
search_criteria.string_value = "%" + cve + "%"
search_filter = deepsecurity.SearchFilter(None, [search_criteria])
try:
ipsrules = api_instance.search_intrusion_prevention_rules(
api_version, search_filter=search_filter)
i = 0
for ipsrid in ipsrules.intrusion_prevention_rules:
ipsruleidentifier = ipsrid.identifier
ipsrulename = ipsrid.name
print("ID: " + str(ipsruleidentifier), "- " + str(ipsrulename))
i += 1
except ApiException as e:
print(
"An exception occurred when calling IntrusionPreventionRulesApi.search_intrusion_prevention_rules: %s\n"
% e)
def request_computers(self):
"""Returns a list with all computers in the DS environment"""
computers_list = []
api_instance = deepsecurity.ComputersApi(deepsecurity.ApiClient(self.api_config))
try:
while True:
paged_response = api_instance.search_computers(self.api_version,
expand=self.COMPUTER_EXPAND, overrides=False, search_filter=self.SEARCH_FILTER)
computers_list+=paged_response.computers
last_id = computers_list[-1].id
self.SEARCH_FILTER.search_criteria.id_value = last_id
if len(paged_response.computers) != self.SEARCH_FILTER.max_items:
break
except deepsecurity.rest.ApiException as e:
self.handle_api_exception(e,"COMPUTERS")
except urllib3.exceptions.MaxRetryError as e:
raise Exception(self.MAX_RETRY_ERROR_MSG)
except urllib3.exceptions.LocationParseError:
raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH)))
except Exception as e:
raise Exception("Generic connection error!" + str(e) + "Generic connection error!")
self.SEARCH_FILTER.search_criteria.id_value = 0 #Reset the Search Criteria
return computers_list
def search_firewall_rules(api, configuration, api_version, api_exception):
""" Searches the firewall rules for any rule that contains DHCP in the rule name.
:param api: The Deep Security API modules.
:param configuration: Configuration object to pass to the api client.
:param api_version: The version of the API to use.
:param api_exception: The Deep Security API exception module.
:return: A list containing all firewall rules that match the search criteria.
"""
# Define the search criteria
search_criteria = api.SearchCriteria()
search_criteria.field_name = "name"
search_criteria.string_value = "%DHCP%"
search_criteria.string_test = "equal"
search_criteria.string_wildcards = True
# Create search filter to find the rule
search_filter = api.SearchFilter(None,[search_criteria])
# Create a FirewallRulesApi object
firewall_rules_api = api.FirewallRulesApi(api.ApiClient(configuration))
try:
# Perform the search
firewall_rules = firewall_rules_api.search_firewall_rules(api_version, search_filter=search_filter)
firewall_rules_list = []
for rule in firewall_rules.firewall_rules:
firewall_rules_list.append(rule)
return firewall_rules
except api_exception as e:
return "Exception: " + str(e)
def __init__(self, api_key):
self.configuration = deepsecurity.Configuration()
self.configuration.host = f'https://{os.environ["ApiEndpoint"]}/api'
self.configuration.api_key['api-secret-key'] = api_key
self.connectorClient = deepsecurity.AWSConnectorsApi(
deepsecurity.ApiClient(self.configuration))
self.apiVersion = 'v1'
def checkifwrson(policy_id, configuration, api_version, overrides):
policies_api = deepsecurity.PoliciesApi(
deepsecurity.ApiClient(configuration))
current_wrs_settings = policies_api.describe_policy(policy_id,
api_version,
overrides=False)
return (current_wrs_settings.web_reputation.state)
def __init__(self):
ds_api_key = os.environ['DS_KEY']
self.api_version = os.environ.get('DS_API_VERSION', 'v1')
dsm_address = os.environ.get(
'DS_API_ADDRESS', 'https://app.deepsecurity.trendmicro.com/api')
config = api.Configuration()
config.host = dsm_address
config.api_key['api-secret-key'] = ds_api_key
self.api_client = api.ApiClient(config)
def request_computers(self):
"""Returns a list with all computers in the DS environment"""
api_instance = deepsecurity.ComputersApi(
deepsecurity.ApiClient(self.api_config))
try:
api_response = api_instance.list_computers(self.version,
overrides=False)
except ApiException as e:
raise
return api_response.computers
def request_ips_rules(self, condition=None, rule=None):
api_instance = deepsecurity.IntrusionPreventionRulesApi(
deepsecurity.ApiClient(self.api_config))
try:
api_response = api_instance.list_intrusion_prevention_rules(
self.version)
except Exception as e:
raise
return api_response.intrusion_prevention_rules
def request_stateful_configs(self):
"""Returns a list of all firewall stateful configs in the DS environment """
api_instance = deepsecurity.StatefulConfigurationsApi(deepsecurity.ApiClient(self.api_config))
try:
api_response = api_instance.list_stateful_configurations(self.api_version)
except deepsecurity.rest.ApiException as e:
self.handle_api_exception(e,"STATEFUL CONFIGURATIONS")
except urllib3.exceptions.MaxRetryError as e:
raise Exception(self.MAX_RETRY_ERROR_MSG)
except urllib3.exceptions.LocationParseError:
raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH)))
return api_response.stateful_configurations
def request_anti_malware_configs(self):
"""Returns list of all anti-malware configs in the DS environment """
api_instance = deepsecurity.AntiMalwareConfigurationsApi(deepsecurity.ApiClient(self.api_config))
try:
api_response = api_instance.list_anti_malwares(self.api_version)
except deepsecurity.rest.ApiException as e:
self.handle_api_exception(e, "ANTI-MALWARE CONFIGURATIONS")
except urllib3.exceptions.MaxRetryError as e:
raise Exception(self.MAX_RETRY_ERROR_MSG)
except urllib3.exceptions.LocationParseError:
raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH)))
return api_response.anti_malware_configurations
def request_im_rules(self):
"""Returns a list with all integrity monitor rule"""
api_instance = deepsecurity.IntegrityMonitoringRulesApi(
deepsecurity.ApiClient(self.api_config))
try:
api_response = api_instance.list_integrity_monitoring_rules(
self.version)
except Exception as e:
raise
return api_response.integrity_monitoring_rules
def configure_policy(self, policy_id, rule_ids):
api_instance = ds.PolicyIntrusionPreventionRuleAssignmentsRecommendationsApi(
ds.ApiClient(self.configuration))
intrusion_prevention_rule_ids = ds.RuleIDs()
intrusion_prevention_rule_ids.rule_ids = rule_ids
api_response = api_instance.add_intrusion_prevention_rule_ids_to_policy(
policy_id,
self.api_version,
intrusion_prevention_rule_ids=intrusion_prevention_rule_ids,
overrides=False)
return api_response
def DeepSec_Api():
print ('Connecting to Deep Security Platform ...###Calling Deep Security API###')
if not sys.warnoptions:
warnings.simplefilter("ignore")
configuration=deepsecurity.Configuration()
configuration.host="https://app.deepsecurity.trendmicro.com:443/api"
#print ('deeptoken', deeptoken)
dee=deeptoken
print ('Fetching endpoint information using Access Key :', dee)
configuration.api_key['api-secret-key']=dee
api_instance=deepsecurity.ComputersApi(deepsecurity.ApiClient(configuration))
api_version='v1'
expand_options=deepsecurity.Expand()
expand_options.add(expand_options.none)
expand=expand_options.list()
overrides=False
try:
api_response=api_instance.list_computers(api_version,expand=expand,overrides=overrides)
#pprint(api_response)
except ApiException as e:
print("Exception: %s",e)
#sqlmain()
try:
conn = sqlmain()
c = conn.cursor()
print ('Downloading Report from Deep Security Platform ...###Calling Deep Security API###')
for item in tqdm(api_response.computers):
sql = f' INSERT INTO DeepSecurity(host_name, agent_version, computer_status, last_agent_communication, anti_malware, last_ip_used) ' \
f'VALUES(?, ?, ?, ?, ?, ?) '
cur = conn.cursor()
# Prepare data to insert
list_array = []
host_name = item.host_name if item.host_name else 'None';
agent_version = item.agent_version if item.agent_version else 'None';
computer_status = item.computer_status if item.computer_status else 'None';
last_agent_communication = str(item.last_agent_communication) if item.last_agent_communication else 'None';
anti_malware = item.anti_malware if item.anti_malware else 'None';
last_ip_used = item.last_ip_used if item.last_ip_used else 'None';
list_array.extend((host_name, agent_version, computer_status, last_agent_communication, anti_malware, last_ip_used))
# execute insert query
c.execute(sql, list_array)
conn.commit()
inserted_id = cur.lastrowid
#print(inserted_id)
except Error as e:
print(e)
finally:
if conn:
conn.close()
def request_computer_groups(self):
api_instance = deepsecurity.ComputerGroupsApi(deepsecurity.ApiClient(self.api_config))
try:
api_response = api_instance.list_computer_groups(self.api_version)
except deepsecurity.rest.ApiException as e:
self.handle_api_exception(e,"COMPUTERS")
except urllib3.exceptions.MaxRetryError as e:
raise Exception(self.MAX_RETRY_ERROR_MSG)
except urllib3.exceptions.LocationParseError:
raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH)))
except Exception as e:
raise Exception("Generic connection error!" + str(e) + "Generic connection error!")
return api_response
def request_computer_per_id(self, comp_id):
"""Returns a unique computer in the DS environment"""
api_instance = deepsecurity.ComputersApi(deepsecurity.ApiClient(self.api_config))
try:
api_response = api_instance.describe_computer(comp_id, self.api_version,
expand=self.COMPUTER_EXPAND, overrides=False)
except deepsecurity.rest.ApiException as e:
self.handle_api_exception(e,"COMPUTERS")
except urllib3.exceptions.MaxRetryError as e:
raise Exception(self.MAX_RETRY_ERROR_MSG)
except urllib3.exceptions.LocationParseError:
raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH)))
return api_response
def describe_policy(self, policy_id, description):
if not sys.warnoptions:
warnings.simplefilter("ignore")
api_instance = ds.PoliciesApi(ds.ApiClient(self.configuration))
policy = ds.Policy()
description = description[:1998] + (description[1998:] and '..')
policy.description = description
api_response = api_instance.modify_policy(policy_id,
policy,
self.api_version,
overrides=False)
return api_response
def GetAllComputers(configuration):
expand = Expand(Expand.ec2_virtual_machine_summary)
expndList = expand.list()
# Set search criteria
search_criteria = api.SearchCriteria()
search_criteria.id_value = 0
search_criteria.id_test = "greater-than"
# Create a search filter with maximum returned items
page_size = 50
search_filter = api.SearchFilter()
search_filter.max_items = page_size
search_filter.search_criteria = [search_criteria]
# Perform the search and do work on the results
computers_api = api.ComputersApi(api.ApiClient(configuration))
paged_computers = []
while True:
try:
t0 = time.time()
computers = computers_api.search_computers(
api_version, search_filter=search_filter, expand=expndList)
t1 = time.time()
num_found = len(computers.computers)
current_paged_computers = []
if num_found == 0:
print("No computers found.")
break
for computer in computers.computers:
current_paged_computers.append(computer)
paged_computers.append(current_paged_computers)
# Get the ID of the last computer in the page and return it with the number of computers on the page
last_id = computers.computers[-1].id
search_criteria.id_value = last_id
print("Last ID: " + str(last_id),
"Computers found: " + str(num_found))
print("Return rate: {0} hosts/sec".format(num_found / (t1 - t0)))
if num_found != page_size:
print("Num_found {0} - Page size is {1}".format(
num_found, page_size))
except api_exception as e:
print("Exception: {0}".format(str(e)))
return paged_computers
def sign_in_to_deep_security():
"""
Sign in to Deep Security
"""
global DSM
global configuration
configuration = client.Configuration()
DSM_policy = client.PoliciesApi(client.ApiClient(configuration))
DSM_client = client.ComputersApi(client.ApiClient(configuration))
if 'apiKey' not in os.environ:
print("apiKey is REQUIRED environment variables for this AWS Lambda function")
return None
ds_api_key = os.environ['apiKey']
ds_hostname = None
if 'dsHostname' in os.environ: ds_hostname = os.environ['dsHostname']
ds_port = None
if 'dsPort' in os.environ: ds_port = os.environ['dsPort']
# ds_ignore_ssl_validation = None
# if 'dsIgnoreSslValidation' in os.environ: ds_ignore_ssl_validation = os.environ['dsIgnoreSslValidation']
try:
# DSM connection string
configuration.host = 'https://' + ds_hostname + ':' + ds_port + '/api'
configuration.verify_ssl = False
# Authentication
configuration.api_key['api-secret-key'] = ds_api_key
api_version = 'v1'
policies_list = DSM_policy.list_policies(api_version)
computer_list = DSM_client.list_computers(api_version)
print("Signed into Deep Security")
except api_exception as ex:
print("Could not successfully sign into Deep Security. Threw exception: {}".format(ex))
def search_im_rules(self, criteria):
max_items = None
search_filter = deepsecurity.SearchFilter(max_items, criteria)
im_api = deepsecurity.IntegrityMonitoringRulesApi(
deepsecurity.ApiClient(self.api_config))
try:
api_response = im_api.search_integrity_monitoring_rules(
self.version, search_filter=search_filter)
except Exception as e:
raise
return api_response.integrity_monitoring_rules
def search_ips_rules(self, criteria):
max_items = None
search_filter = deepsecurity.SearchFilter(max_items, criteria)
im_api = deepsecurity.IntrusionPreventionRulesApi(
deepsecurity.ApiClient(self.api_config))
try:
api_response = im_api.search_intrusion_prevention_rules(
self.version, search_filter=search_filter)
except Exception as e:
raise
return api_response.intrusion_prevention_rules
def getcomputerinfo(host_id, policy_id, configuration, api_version, overrides):
try:
computer_instance = deepsecurity.ComputersApi(
deepsecurity.ApiClient(configuration))
computers = computer_instance.list_computers(api_version,
overrides=overrides)
for computer in computers.computers:
if (computer.policy_id == policy_id):
if (computer.id == host_id):
print(computer)
except ApiException as e:
print(
"An exception occurred when calling ComputersApi.list_computers: %s\n"
% e)
def request_scheduled_tasks(self):
"""Returns a list with all scheduled tasks in the DS environment"""
api_instance = deepsecurity.ScheduledTasksApi(deepsecurity.ApiClient(self.api_config))
try:
api_response = api_instance.list_scheduled_tasks(self.api_version)
except deepsecurity.rest.ApiException as e:
self.handle_api_exception(e)
except urllib3.exceptions.MaxRetryError as e:
raise Exception(self.MAX_RETRY_ERROR_MSG)
except urllib3.exceptions.LocationParseError:
raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH)))
except Exception as e:
raise Exception("Generic connection error!" + str(e) + "Generic connection error!")
return api_response.scheduled_tasks
def listpolicies(configuration, api_version, overrides):
try:
# Get the policies
policy_names = []
policy_instance = deepsecurity.PoliciesApi(
deepsecurity.ApiClient(configuration))
policy_response = policy_instance.list_policies(api_version,
overrides=overrides)
for policy in policy_response.policies:
policy_names.append(policy.name)
return (policy_names)
except ApiException as e:
print(
"An exception occurred when calling ComputersApi.list_computers: %s\n"
% e)
def request_policies(self):
"""Returns a list of all policies in the DS environment"""
api_instance = deepsecurity.PoliciesApi(deepsecurity.ApiClient(self.api_config))
try:
api_response = api_instance.list_policies(self.api_version, overrides=False)
except deepsecurity.rest.ApiException as e:
self.handle_api_exception(e,"POLICIES")
except urllib3.exceptions.MaxRetryError as e:
raise Exception(self.MAX_RETRY_ERROR_MSG)
except urllib3.exceptions.LocationParseError:
raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH)))
except Exception as e:
raise Exception("Generic connection error!" + str(e) + "Generic connection error!")
#return {item.id : item for item in api_response.policies}
return api_response.policies
def get_externalid(self):
connector_settings_client = deepsecurity.AWSConnectorSettingsApi(
deepsecurity.ApiClient(self.configuration))
try:
connector_settings = connector_settings_client.list_aws_connector_settings(
self.apiVersion)
logger.info('Retrieved external id')
return connector_settings.external_id
except ApiException as e:
logger.info(
f"Exception when calling AWSConnectorSettingsApi.list_aws_connector_settings: {e}"
)
raise e
except Exception as e:
logger.info(e)
def __init__(self, dsm_address):
try:
ds_api_key = os.environ['DS_KEY']
self.api_version = os.environ.get('DS_API_VERSION', 'v1')
except KeyError:
sys.exit(
'"DS_KEY" environment variables are not set. Please set them and try again.'
)
config = api.Configuration()
config.host = dsm_address
config.api_key['api-secret-key'] = ds_api_key
self.api_client = api.ApiClient(config)
