def run_script(args): # configure the command line args parser = core.get_arg_parser(prog='ds-to-aws-waf.py iplists', add_help=True) parser.add_argument('-l', '--list', action='store_true', required=False, help='List the available Deep Security IP Lists and the AWS WAF IP Sets') # change to i from -d/--ds? parser.add_argument('-i', '--id', action='store', dest="ip_list", required=False, help='Specify an IP List by ID within Deep Security as the source for the AWS WAF IP Set') script = Script(args[1:], parser) if script.args.list: # List the available Deep Security IP Lists and AWS WAF IP Sets script.connect() script.get_available_aws_sets() script.print_lists() elif script.args.ip_list: script.connect() if script.args.dryrun: script._log("***********************************************************************", priority=True) script._log("* DRY RUN ENABLED. NO CHANGES WILL BE MADE", priority=True) script._log("***********************************************************************", priority=True) # get the specified Deep Security IP Lists (already cached) ip_list = script.get_ds_list(script.args.ip_list) # create the IP Set if ip_list: script.create_ip_set(ip_list) script.clean_up()
def run_script(args): # configure the command line args parser = core.get_arg_parser(prog='ds-to-aws-waf.py sqli', add_help=True) parser.add_argument('-l', '--list', action='store_true', required=False, help='List the available EC2 instances') parser.add_argument('--tag', action=core.StoreNameValuePairOnEquals, nargs="+", dest="tags", required=False, help='Specify the tags to filter the EC2 instances by. Multiple tags are cumulative') parser.add_argument('--create-match', action='store_true', required=False, dest="create_match", help='Create the SQLi match condition for use in various rules') parser.add_argument('--map-to-wacl', action='store_true', required=False, dest="map_to_wacl", help='Attempt to map each instance to an AWS WAF WACL') parser.add_argument('--create-rule', action='store_true', required=False, dest="create_rule", help='Create the SQLi rule for instances that can be mapped to an AWS WAF WACL. Used in conjunction with -l/--list') script = Script(args[1:], parser) if script.args.list: # List the available EC2 instances and cross reference with Deep Security script.connect() script.get_ec2_instances() script.get_deep_security_info() script.get_waf_support_structures() script.map_instances_to_wacls() recommendations = script.compare_ec2_to_deep_security() script.print_recommendations(recommendations) if script.args.create_rule: if script.args.dryrun: script._log("***********************************************************************", priority=True) script._log("* DRY RUN ENABLED. NO CHANGES WILL BE MADE", priority=True) script._log("***********************************************************************", priority=True) # create the rule and update the WACLs # --dryrun is handled directly in the functions rule_created = False for instance_id, wacl_id in script.instances_to_wacls.items(): if not rule_created: script.create_wacl_rule() # idempotent rule_created = True script.update_wacl(wacl_id) if script.args.create_match: script.connect() if script.args.dryrun: script._log("***********************************************************************", priority=True) script._log("* DRY RUN ENABLED. NO CHANGES WILL BE MADE", priority=True) script._log("***********************************************************************", priority=True) # create the recommend SQLi match condition script.create_match_condition() if script.args.map_to_wacl: script.connect() script.get_waf_support_structures() script.map_instances_to_wacls() script.print_instances_to_wacls_map() if script.args.create_rule and not script.args.list: script._log("The --create-rule switch must be used with the -l/--list switch", priority=True) script.clean_up()
def run_script(args): # configure the command line args parser = core.get_arg_parser(prog='ds-analyze-findings analyze', add_help=True) parser.add_argument( '-l', '--list', action='store_true', required=False, help='List the available Amazon Inspector assessment runs') parser.add_argument( '--run-arn', action='store', dest='run_arn', required=False, help='Analyze the findings of this Amazon Inspector assessment run') parser.add_argument( '--mitigate', action='store_true', dest='mitigate', required=False, help= 'Mitigate Amazon Inspector findings when possible using Deep Security') #parser.add_argument('-i', '--id', action='store', dest="ip_list", required=False, help='Specify an IP List by ID within Deep Security as the source for the AWS WAF IP Set') script = Script(args[1:], parser) details = None if script.args.list: # List the available findings in Amazon Inspector script.connect() details = script.get_findings() script.list_run_arns(details) elif script.args.run_arn: script.connect() details = script.get_findings() if details: results = script.reconcile_findings(details, script.args.run_arn) if results: script.print_results(results, details) if script.args.mitigate: if script.args.dry_run: script._log( "***********************************************************************", priority=True) script._log("* DRY RUN ENABLED. NO CHANGES WILL BE MADE", priority=True) script._log( "***********************************************************************", priority=True) script.mitigate(results) script.clean_up() return details
def run_script(args): # configure the command line args parser = core.get_arg_parser(prog='ds-to-aws-waf.py iplists', add_help=True) parser.add_argument( '-l', '--list', action='store_true', required=False, help='List the available Deep Security IP Lists and the AWS WAF IP Sets' ) # change to i from -d/--ds? parser.add_argument( '-i', '--id', action='store', dest="ip_list", required=False, help= 'Specify an IP List by ID within Deep Security as the source for the AWS WAF IP Set' ) script = Script(args[1:], parser) if script.args.list: # List the available Deep Security IP Lists and AWS WAF IP Sets script.connect() script.get_available_aws_sets() script.print_lists() elif script.args.ip_list: script.connect() if script.args.dryrun: script._log( "***********************************************************************", priority=True) script._log("* DRY RUN ENABLED. NO CHANGES WILL BE MADE", priority=True) script._log( "***********************************************************************", priority=True) # get the specified Deep Security IP Lists (already cached) ip_list = script.get_ds_list(script.args.ip_list) # create the IP Set if ip_list: script.create_ip_set(ip_list) script.clean_up()
def run_script(args): # configure the command line args parser = core.get_arg_parser(prog='ds-analyze-findings coverage', add_help=True) parser.add_argument('--print-cve-only', action='store_true', dest='print_cve_only', required=False, help='Print only the CVEs covered by both Amazon Inspector and Deep Security. Useful to piping to other commands when not used with the --verbose switch') script = Script(args[1:], parser) script.connect() in_inspector = script.get_cves_from_inspector() in_ds = script.get_cves_in_ds() coverage = script.compare_cves(in_inspector, in_ds) if script.args.print_cve_only: coverage.sort() print "\n".join(coverage) else: script.print_coverage(coverage, in_inspector, in_ds) script.clean_up() return coverage
def run_script(args): # configure the command line args parser = core.get_arg_parser(prog='ds-to-aws-waf.py xss', add_help=True) parser.add_argument('-l', '--list', action='store_true', required=False, help='List the available EC2 instances') parser.add_argument( '--tag', action=core.StoreNameValuePairOnEquals, nargs="+", dest="tags", required=False, help= 'Specify the tags to filter the EC2 instances by. Multiple tags are cumulative' ) parser.add_argument( '--create-match', action='store_true', required=False, dest="create_match", help='Create the SQLi & XSS match conditions for use in various rules') parser.add_argument('--map-to-wacl', action='store_true', required=False, dest="map_to_wacl", help='Attempt to map each instance to an AWS WAF WACL') parser.add_argument( '--create-rule', action='store_true', required=False, dest="create_rule", help= 'Create the SQLi & XSS rule for instances that can be mapped to an AWS WAF WACL. Used in conjunction with -l/--list' ) script = Script(args[1:], parser) if script.args.list: # List the available EC2 instances and cross reference with Deep Security script.connect() script.get_ec2_instances() script.get_deep_security_info() script.get_waf_support_structures() script.map_instances_to_wacls() xss_recommendations = script.compare_ec2_to_deep_security() sqli_recommendations = script.compare_ec2_to_deep_security() script.print_recommendations(recommendations) if script.args.create_rule: if script.args.dryrun: script._log( "***********************************************************************", priority=True) script._log("* DRY RUN ENABLED. NO CHANGES WILL BE MADE", priority=True) script._log( "***********************************************************************", priority=True) # create the rule and update the WACLs # --dryrun is handled directly in the functions rule_created = False for instance_id, wacl_id in script.instances_to_wacls.items(): if not rule_created: script.create_wacl_rule() # idempotent rule_created = True script.update_wacl(wacl_id) if script.args.create_match: script.connect() if script.args.dryrun: script._log( "***********************************************************************", priority=True) script._log("* DRY RUN ENABLED. NO CHANGES WILL BE MADE", priority=True) script._log( "***********************************************************************", priority=True) # create the recommend XSS match condition script.create_match_condition() if script.args.map_to_wacl: script.connect() script.get_waf_support_structures() script.map_instances_to_wacls() script.print_instances_to_wacls_map() if script.args.create_rule and not script.args.list: script._log( "The --create-rule switch must be used with the -l/--list switch", priority=True) script.clean_up()