def signatures_combined_get(esp_public, esp_secret):
# Get both built in and custom signatures
signatures_built_in_list = esp_api_lib.object_list_get('signatures', esp_public, esp_secret)
signatures_custom_list = esp_api_lib.object_list_get('custom_signatures', esp_public, esp_secret)
# Check the signatures list from the server for duplicate ID's
signatures_combined_dict = {}
# Check and add for built-in sigs
for signature in signatures_built_in_list:
signature_identifier = signature['attributes']['identifier'].encode('utf-8')
signature_id = int(signature['id'])
signature_custom = False
if signature_identifier not in signatures_combined_dict:
signatures_combined_dict[signature_identifier] = {}
signatures_combined_dict[signature_identifier]['signature_id'] = signature_id
signatures_combined_dict[signature_identifier]['signature_custom'] = signature_custom
else:
esp_api_lib.exit_error('500', "Duplicate Signature Identifier found in the built-in signature list: " + json.dumps(signature))
# Check and add for custom sigs
for signature in signatures_custom_list:
signature_identifier = signature['attributes']['identifier'].encode('utf-8')
signature_id = int(signature['id'])
signature_custom = True
if signature_identifier not in signatures_combined_dict:
signatures_combined_dict[signature_identifier] = {}
signatures_combined_dict[signature_identifier]['signature_id'] = signature_id
signatures_combined_dict[signature_identifier]['signature_custom'] = signature_custom
else:
esp_api_lib.exit_error('500', "Duplicate Signature Identifier found in the custom signature list: " + json.dumps(signature))
return signatures_combined_dict
def compliance_get(csv_list, esp_public, esp_secret):
# Validate expected fields were imported
keys = ['compliance_standard_name',
'compliance_standard_description',
'compliance_domain_name',
'compliance_domain_identifier',
'compliance_control_name',
'compliance_control_identifier',
'compliance_control_description',
'signature_identifier']
for key in keys:
if key not in csv_list[0]:
esp_api_lib.exit_error(400, 'Expected key missing from import CSV: ' + str(key))
# Validate and set Org ID
organization_list = esp_api_lib.object_list_get('organizations', esp_public, esp_secret)
if len(organization_list) != 1:
esp_api_lib.exit_error(500, 'Expected exactly 1 top level Organization, but got ' + str(len(organization_list)))
organization_id = int(organization_list[0]['id'])
# Validate and create nested structures for import
import_dict = {}
for row in csv_list:
# Set and verify the row has all required values
standard_name = row['compliance_standard_name'].encode('utf-8')
if standard_name == '':
esp_api_lib.exit_error(400, "Import sheet is missing compliance_standard_name for : " + json.dumps(row))
standard_description = row['compliance_standard_description'].encode('utf-8')
if standard_description == '':
esp_api_lib.exit_error(400, "Import sheet is missing compliance_standard_description for : " + json.dumps(row))
domain_name = row['compliance_domain_name'].encode('utf-8')
if domain_name == '':
esp_api_lib.exit_error(400, "Import sheet is missing the compliance_domain_name for : " + json.dumps(row))
domain_identifier = row['compliance_domain_identifier'].encode('utf-8')
if domain_identifier == '':
esp_api_lib.exit_error(400, "Import sheet is missing the compliance_domain_identifier for : " + json.dumps(row))
control_name = row['compliance_control_name'].encode('utf-8')
if control_name == '':
esp_api_lib.exit_error(400, "Import sheet is missing the compliance_control_name for : " + json.dumps(row))
control_identifier = row['compliance_control_identifier'].encode('utf-8')
if control_identifier == '':
esp_api_lib.exit_error(400, "Import sheet is missing the compliance_control_identifier for : " + json.dumps(row))
control_description = row['compliance_control_description'].encode('utf-8')
if control_description == '':
esp_api_lib.exit_error(400, "Import sheet is missing the compliance_control_description for : " + json.dumps(row))
signature_identifier = row['signature_identifier'].encode('utf-8')
if signature_identifier == '':
esp_api_lib.exit_error(400, "Import sheet is missing the signature_identifier for : " + json.dumps(row))
# Build nested structure
if standard_name not in import_dict:
import_dict[standard_name] = {}
import_dict[standard_name]['organization_id'] = organization_id
import_dict[standard_name]['compliance_standard_description'] = standard_description
import_dict[standard_name]['domains'] = {}
import_dict[standard_name]['domains'][domain_name] = {}
import_dict[standard_name]['domains'][domain_name]['compliance_domain_identifier'] = domain_identifier
import_dict[standard_name]['domains'][domain_name]['controls'] = {}
import_dict[standard_name]['domains'][domain_name]['controls'][control_name] = {}
import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['compliance_control_identifier'] = control_identifier
import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['compliance_control_description'] = control_description
import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['signature_identifier_list'] = [signature_identifier]
import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['signature_ids'] = []
import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['custom_signature_ids'] = []
elif domain_name not in import_dict[standard_name]['domains']:
import_dict[standard_name]['domains'][domain_name] = {}
import_dict[standard_name]['domains'][domain_name]['compliance_domain_identifier'] = domain_identifier
import_dict[standard_name]['domains'][domain_name]['controls'] = {}
import_dict[standard_name]['domains'][domain_name]['controls'][control_name] = {}
import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['compliance_control_identifier'] = control_identifier
import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['compliance_control_description'] = control_description
import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['signature_identifier_list'] = [signature_identifier]
import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['signature_ids'] = []
import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['custom_signature_ids'] = []
elif control_name not in import_dict[standard_name]['domains'][domain_name]['controls']:
import_dict[standard_name]['domains'][domain_name]['controls'][control_name] = {}
import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['compliance_control_identifier'] = control_identifier
import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['compliance_control_description'] = control_description
import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['signature_identifier_list'] = [signature_identifier]
import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['signature_ids'] = []
import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['custom_signature_ids'] = []
else:
import_dict[standard_name]['domains'][domain_name]['controls'][control_name]['signature_identifier_list'].append(signature_identifier)
return import_dict
print('Sorting out ESP API Key...')
esp_public, esp_secret = esp_api_lib.settings_get(args.public, args.secret)
# --Main-- #
compliance_standard_id = 0
if args.compliance_standard_id is None and args.compliance_standard_name is None:
esp_api_lib.exit_error(
400,
'You need to either fill in a Custom Compliance Standard Name or ID.'
)
elif args.compliance_standard_id is not None and args.compliance_standard_name is not None:
esp_api_lib.exit_error(
400, 'You need to enter an ID OR a Standard Name, not both.')
elif args.compliance_standard_id is None:
print('API - Get the custom compliance standard id from name...')
custom_compliance_standards_list = esp_api_lib.object_list_get(
'custom_compliance_standards', esp_public, esp_secret)
custom_standards_id_list = custom_compliance_standards_filter(
custom_compliance_standards_list, args.compliance_standard_name)
if len(custom_standards_id_list) == 1:
compliance_standard_id = custom_standards_id_list[0]
elif len(custom_standards_id_list) > 1:
esp_api_lib.exit_error(
400,
'More than 1 Compliance Standards found matching name specified! Please limit your filter to a single Compliance Standard.'
)
else:
esp_api_lib.exit_error(
400, 'No Compliance Standards found matching name specified!')
else:
compliance_standard_id = args.compliance_standard_id
def get_compliance_controls(standards_id_list, compliance_standards_list,
compliance_domains_list, compliance_controls_list,
esp_public, esp_secret):
# Build a new list with the correct formatting
object_list_new = []
# Deal with standard compliance frameworks
for compliance_control in compliance_controls_list:
object_new = {}
# Check to see if the control is in a standard being exported
object_new['compliance_standard_id'] = esp_api_lib.get_id_from_link(
compliance_control['relationships']['compliance_standard']['links']
['related'])
if object_new['compliance_standard_id'] in standards_id_list:
# Get compliance control information
object_new['compliance_control_id'] = int(compliance_control['id'])
object_new['compliance_control_description'] = compliance_control[
'attributes']['description'].encode('utf-8')
object_new['compliance_control_identifier'] = compliance_control[
'attributes']['identifier'].encode('utf-8')
object_new['compliance_control_created_at'] = compliance_control[
'attributes']['created_at'].encode('utf-8')
object_new['compliance_control_updated_at'] = compliance_control[
'attributes']['updated_at'].encode('utf-8')
object_new['compliance_control_name'] = compliance_control[
'attributes']['name'].encode('utf-8')
object_new['compliance_domain_id'] = esp_api_lib.get_id_from_link(
compliance_control['relationships']['compliance_domain']
['links']['related'])
object_new[
'compliance_standard_id'] = esp_api_lib.get_id_from_link(
compliance_control['relationships']['compliance_standard']
['links']['related'])
for compliance_domain in compliance_domains_list:
# Match and get Domain information
if int(compliance_domain['id']
) == object_new['compliance_domain_id']:
object_new[
'compliance_domain_created_at'] = compliance_domain[
'attributes']['created_at'].encode('utf-8')
object_new[
'compliance_domain_updated_at'] = compliance_domain[
'attributes']['updated_at'].encode('utf-8')
object_new['compliance_domain_name'] = compliance_domain[
'attributes']['name'].encode('utf-8')
object_new[
'compliance_domain_identifier'] = compliance_domain[
'attributes']['identifier'].encode('utf-8')
break
for compliance_standard in compliance_standards_list:
# Match and get Standards information
if int(compliance_standard['id']
) == object_new['compliance_standard_id']:
object_new[
'compliance_standard_description'] = compliance_standard[
'attributes']['description'].encode('utf-8')
object_new[
'compliance_standard_created_at'] = compliance_standard[
'attributes']['created_at'].encode('utf-8')
object_new[
'compliance_standard_updated_at'] = compliance_standard[
'attributes']['updated_at'].encode('utf-8')
object_new[
'compliance_standard_name'] = compliance_standard[
'attributes']['name'].encode('utf-8')
break
compliance_control_signature_api = 'compliance_controls/' + str(
object_new['compliance_control_id']) + '/signatures'
compliance_control_signature_list = esp_api_lib.object_list_get(
compliance_control_signature_api, esp_public, esp_secret)
for compliance_control_signature in compliance_control_signature_list:
object_new_with_sig = object_new.copy()
object_new_with_sig['signature_id'] = int(
compliance_control_signature['id'])
object_new_with_sig[
'signature_description'] = compliance_control_signature[
'attributes']['description'].encode('utf-8')
object_new_with_sig[
'signature_identifier'] = compliance_control_signature[
'attributes']['identifier'].encode('utf-8')
object_new_with_sig[
'signature_created_at'] = compliance_control_signature[
'attributes']['created_at'].encode('utf-8')
object_new_with_sig[
'signature_updated_at'] = compliance_control_signature[
'attributes']['updated_at'].encode('utf-8')
object_new_with_sig[
'signature_name'] = compliance_control_signature[
'attributes']['name'].encode('utf-8')
object_new_with_sig[
'signature_resolution'] = compliance_control_signature[
'attributes']['resolution'].encode('utf-8')
object_new_with_sig[
'signature_risk_level'] = compliance_control_signature[
'attributes']['risk_level'].encode('utf-8')
object_new_with_sig[
'signature_service_id'] = esp_api_lib.get_id_from_link(
compliance_control_signature['relationships']
['service']['links']['related'])
object_new_with_sig['signature_custom'] = False
object_list_new.append(object_new_with_sig)
#object_list_new.append(object_new) # Only used if SIG block is commented out
return object_list_new
def get_custom_compliance_controls(custom_standards_id_list,
custom_compliance_standards_list,
custom_compliance_domains_list,
custom_compliance_controls_list, esp_public,
esp_secret):
# Build a new list with the correct formatting
object_list_new = []
# Deal with standard compliance frameworks
for compliance_control in custom_compliance_controls_list:
object_new = {}
# Check to see if the control is in a standard being exported
object_new['compliance_standard_id'] = esp_api_lib.get_id_from_link(
compliance_control['relationships']['custom_compliance_standard']
['links']['related'])
if object_new['compliance_standard_id'] in custom_standards_id_list:
object_new['compliance_control_id'] = int(compliance_control['id'])
object_new['compliance_control_description'] = compliance_control[
'attributes']['description'].encode('utf-8')
object_new['compliance_control_identifier'] = compliance_control[
'attributes']['identifier'].encode('utf-8')
object_new['compliance_control_created_at'] = compliance_control[
'attributes']['created_at'].encode('utf-8')
object_new['compliance_control_updated_at'] = compliance_control[
'attributes']['updated_at'].encode('utf-8')
object_new['compliance_control_name'] = compliance_control[
'attributes']['name'].encode('utf-8')
object_new['compliance_domain_id'] = esp_api_lib.get_id_from_link(
compliance_control['relationships']['custom_compliance_domain']
['links']['related'])
for compliance_domain in custom_compliance_domains_list:
if int(compliance_domain['id']
) == object_new['compliance_domain_id']:
object_new[
'compliance_domain_created_at'] = compliance_domain[
'attributes']['created_at'].encode('utf-8')
object_new[
'compliance_domain_updated_at'] = compliance_domain[
'attributes']['updated_at'].encode('utf-8')
object_new['compliance_domain_name'] = compliance_domain[
'attributes']['name'].encode('utf-8')
object_new[
'compliance_domain_identifier'] = compliance_domain[
'attributes']['identifier'].encode('utf-8')
break
for compliance_standard in custom_compliance_standards_list:
if int(compliance_standard['id']
) == object_new['compliance_standard_id']:
object_new[
'compliance_standard_description'] = compliance_standard[
'attributes']['description'].encode('utf-8')
object_new[
'compliance_standard_created_at'] = compliance_standard[
'attributes']['created_at'].encode('utf-8')
object_new[
'compliance_standard_updated_at'] = compliance_standard[
'attributes']['updated_at'].encode('utf-8')
object_new[
'compliance_standard_name'] = compliance_standard[
'attributes']['name'].encode('utf-8')
break
# Get attached signatures from link and add each as a line item
compliance_control_signature_api = 'custom_compliance_controls/' + str(
object_new['compliance_control_id']) + '/signatures'
compliance_control_signature_list = esp_api_lib.object_list_get(
compliance_control_signature_api, esp_public, esp_secret)
for compliance_control_signature_link in compliance_control_signature_list:
object_new_with_sig = object_new.copy()
object_new_with_sig[
'signature_id'] = esp_api_lib.get_id_from_link(
compliance_control_signature_link['relationships']
['signature']['links']['related'])
compliance_control_signature_api_single = 'signatures/%d' % object_new_with_sig[
'signature_id']
compliance_control_signature = esp_api_lib.object_get(
compliance_control_signature_api_single, esp_public,
esp_secret)
object_new_with_sig[
'signature_description'] = compliance_control_signature[
'attributes']['description'].encode('utf-8')
object_new_with_sig[
'signature_identifier'] = compliance_control_signature[
'attributes']['identifier'].encode('utf-8')
object_new_with_sig[
'signature_created_at'] = compliance_control_signature[
'attributes']['created_at'].encode('utf-8')
object_new_with_sig[
'signature_updated_at'] = compliance_control_signature[
'attributes']['updated_at'].encode('utf-8')
object_new_with_sig[
'signature_name'] = compliance_control_signature[
'attributes']['name'].encode('utf-8')
object_new_with_sig[
'signature_resolution'] = compliance_control_signature[
'attributes']['resolution'].encode('utf-8')
object_new_with_sig[
'signature_risk_level'] = compliance_control_signature[
'attributes']['risk_level'].encode('utf-8')
object_new_with_sig[
'signature_service_id'] = esp_api_lib.get_id_from_link(
compliance_control_signature['relationships']
['service']['links']['related'])
object_new_with_sig['signature_custom'] = False
object_list_new.append(object_new_with_sig)
# Get attached custom signatures from link and add each as a line item
compliance_control_custom_signature_api = 'custom_compliance_controls/' + str(
object_new['compliance_control_id']) + '/custom_signatures'
compliance_control_custom_signature_list = esp_api_lib.object_list_get(
compliance_control_custom_signature_api, esp_public,
esp_secret)
for compliance_control_signature_link in compliance_control_custom_signature_list:
object_new_with_sig = object_new.copy()
object_new_with_sig[
'signature_id'] = esp_api_lib.get_id_from_link(
compliance_control_signature_link['relationships']
['custom_signature']['links']['related'])
compliance_control_signature_api_single = 'custom_signatures/%d' % object_new_with_sig[
'signature_id']
compliance_control_signature = esp_api_lib.object_get(
compliance_control_signature_api_single, esp_public,
esp_secret)
object_new_with_sig[
'signature_description'] = compliance_control_signature[
'attributes']['description'].encode('utf-8')
object_new_with_sig[
'signature_identifier'] = compliance_control_signature[
'attributes']['identifier'].encode('utf-8')
object_new_with_sig[
'signature_created_at'] = compliance_control_signature[
'attributes']['created_at'].encode('utf-8')
object_new_with_sig[
'signature_updated_at'] = compliance_control_signature[
'attributes']['updated_at'].encode('utf-8')
object_new_with_sig[
'signature_name'] = compliance_control_signature[
'attributes']['name'].encode('utf-8')
object_new_with_sig[
'signature_resolution'] = compliance_control_signature[
'attributes']['resolution'].encode('utf-8')
object_new_with_sig[
'signature_risk_level'] = compliance_control_signature[
'attributes']['risk_level'].encode('utf-8')
object_new_with_sig['signature_service_id'] = ''
object_new_with_sig['signature_custom'] = True
object_list_new.append(object_new_with_sig)
return object_list_new
'compliance_control_name', 'compliance_control_identifier',
'compliance_control_description', 'signature_identifier',
'signature_name'
]
esp_api_lib.write_to_csv(compliance_list_new, args.export_file_name,
field_names)
print('Blank CSV template created!')
else:
print()
print('Sorting out ESP API Key...')
esp_public, esp_secret = esp_api_lib.settings_get(
args.public, args.secret)
# --Main-- #
print('Get the compliance standards objects from the ESP API...')
compliance_standards_list = esp_api_lib.object_list_get(
'compliance_standards', esp_public, esp_secret)
custom_compliance_standards_list = esp_api_lib.object_list_get(
'custom_compliance_standards', esp_public, esp_secret)
print('Get list of standard IDs needed for export...')
standards_id_list, custom_standards_id_list = compliance_standards_filter(
compliance_standards_list, custom_compliance_standards_list,
args.compliance_standard_name)
if len(standards_id_list) > 0:
print(
'Getting the Domains and Controls data from the ESP API (Built-in Compliance)...'
)
compliance_domains_list = esp_api_lib.object_list_get(
'compliance_domains', esp_public, esp_secret)
compliance_controls_list = esp_api_lib.object_list_get(
'compliance_controls', esp_public, esp_secret)
help='(Optional) - Export only the built-in signatures.')
parser.add_argument('export_file_name',
type=str,
help='File to export to.')
args = parser.parse_args()
# --End parse command line arguments-- #
# Sort out ESP API Key
esp_public, esp_secret = esp_api_lib.settings_get(args.public, args.secret)
# --Main-- #
if args.custom and not args.builtin:
print('Getting the custom signatures from the API...')
custom_signatures_list = esp_api_lib.object_list_get(
'custom_signatures', esp_public, esp_secret)
print('Formatting results into export format...')
signatures_list_formatted = signatures_format(custom_signatures_list,
True)
elif not args.custom and args.builtin:
print('Getting the built-in signatures from the API...')
signatures_list = esp_api_lib.object_list_get('signatures', esp_public,
esp_secret)
print('Formatting results into export format...')
signatures_list_formatted = signatures_format(signatures_list, False)
else:
print('Getting the built-in signatures from the API...')
signatures_list = esp_api_lib.object_list_get('signatures', esp_public,
esp_secret)