def blacklistLoop(): sha1input = "" md5input = "" sha256input = "" for root, dirs, files in os.walk(dir_to_whitelist): for file in files: # print(os.path.join(root, file)) if file.endswith(".exe") | file.endswith(".dll") | file.endswith(".EXE") | file.endswith(".DLL"): filename = os.path.join(root, file) # filename = root + "\\" + file try: sha1input = hashlib.sha1(open(filename, 'rb').read()).hexdigest() md5input = hashlib.md5(open(filename, 'rb').read()).hexdigest() sha256input = hashlib.sha256(open(filename, 'rb').read()).hexdigest() except IOError: print("Unable to open file for hashing") sys.exc_clear() sha1base64 = base64.b64encode(sha1input.decode('hex')) md5base64 = base64.b64encode(md5input.decode('hex')) sha256base64 = base64.b64encode(sha256input.decode('hex')) mc = mcafee.client(ePOIP, '8443', ePOUser, ePOUserPwd, 'https', 'json') PresentTimeDate = time.strftime("%c") PresentHost = socket.gethostname() filePath = os.path.normpath(filename) repString = '[{"sha256":"' + sha256base64 + '","sha1":"' + sha1base64 + '","md5":"' + md5base64 + '","reputation":"' + reputationBlack + '","name":"' + str(file) + '","comment":"' + PresentTimeDate + " " + "Blacklisted by Script" + " on Host: " + PresentHost + "," + " " + "Located at path: " + str(json.dumps(filePath).replace('\"', '')) + '"}]' print('Adding Blacklisted Files to TIE Server: ' + repString) mc.tie.setReputations(repString)
def main(): global epo epo = mcafee.client(SERVER, '8443', USERNAME, PASSWORD) systems = (line.rstrip('\n') for line in open(input_filename)) for host in systems: if not epo.system.find(host): print(host + " doesn't exist in ePo") file = open( output_filename, "a") # open file and append logs. write will clear the file file.write(host + "\n") else: print(host + " is in ePo")
def main(argv): global epo, verbose epo = mcafee.client(SERVER, '8443', USERNAME, PASSWORD) filename = "" remove_tag = False verbose = False wake_up_agent = False #step 1. Read cli arguments try: opts, args = getopt.getopt(argv, "hi:rwv", ["filename="]) except getopt.GetoptError: print("mcafee_apply_tag.py -i <input file> [-r, remove tag]") sys.exit(2) for opt, arg in opts: if opt == "-h": print("mcafee_apply_tag.py -i <input file>") print("This script allows to assign/remove tags") print("-i <file> import file with hostnames") print("-r remove tag instead") print("-v verbose output") sys.exit() elif opt in ("-i", "--ifile"): filename = arg elif opt in ("-r", "--remove"): remove_tag = True elif opt == "-v": verbose = True elif opt == "-w": wake_up_agent = True cis = (line.rstrip('\n') for line in open(filename)) if remove_tag: for ci in cis: epo.system.clearTag(ci, TAG_NAME) print("Tag /" + TAG_NAME + "/ removed from " + ci) else: for ci in cis: epo.system.applyTag(ci, TAG_NAME) print("Tag /" + TAG_NAME + "/ assigned to " + ci) # wake up agents if wake_up_agent: for ci in cis: epo.system.wakeupAgent(ci, '', '', '', 'True') print("Wake-up call sent")
def main(epo_host, epo_port, epo_un, epo_pw, set_tag, system_file, verbose): try: # Create an ePO client object mc = mcafee.client(epo_host, epo_port, epo_un, epo_pw) except e: print( "Failed to authenticate to ePO. Please ensure the username and password are correct, and that the " "account is a superuser.") exit() try: # Get file for reading operations this_file = open(system_file, 'r') except e: print( "Failed to read system file. Perhaps the location or file name is incorrect?" ) exit() # Apply the tag for each system in file systems_updated = 0 system_count = 0 for this_system in this_file: epo_system = this_system.rstrip('\n') if verbose: print("Applying tag: {} to system: {}".format(set_tag, epo_system)) change_result = mc.system.applyTag(epo_system, set_tag) if change_result == 1: if verbose: print("Applying tag: {} to system: {}".format( set_tag, epo_system)) systems_updated += 1 else: print("Failed to apply tag: {} to system: {}".format( set_tag, epo_system)) print( "Perhaps the system already has the tag or the system was not found in ePO" ) system_count += 1 print("Successfully added tag: {} to {}/{} systems".format( set_tag, systems_updated, system_count))
def main(): total_hosts = 0 # Step 0. Open Epo connection and grab query epo = mcafee.client(SERVER, '8443', USERNAME, PASSWORD) query = epo.core.executeQuery( '439' ) # get query "DAT file distribution". epo.core.listQueries will show all # Step 1. Get query and output to CSV csvfile = open(CSVFILENAME, "w") for q in query: # print(q[u'EPOProdPropsView_VIRUSCAN.datver'], q[u'count']) csvfile.write( json.dumps(q[u'EPOProdPropsView_VIRUSCAN.datver']) + ";" + json.dumps(q[u'count']) + "\n") csvfile.close() # Step 2. Process logs. Build final report for q in query: total_hosts += int(json.dumps(q[u'count'])) last_6_days_DAT_hosts = int(json.dumps(query[0][u'count']))+int(json.dumps(query[1][u'count']))+ \ int(json.dumps(query[2][u'count']))+int(json.dumps(query[3][u'count']))+ \ int(json.dumps(query[4][u'count']))+int(json.dumps(query[5][u'count'])) current_compliance_level = (last_6_days_DAT_hosts * 100 / total_hosts ) #int is always bigger then 1 DAT_0_share = int(json.dumps(query[0][u'count'])) * 100 / total_hosts DAT_1_share = int(json.dumps(query[1][u'count'])) * 100 / total_hosts DAT_2_share = int(json.dumps(query[2][u'count'])) * 100 / total_hosts DAT_3_share = int(json.dumps(query[3][u'count'])) * 100 / total_hosts DAT_4_share = int(json.dumps(query[4][u'count'])) * 100 / total_hosts DAT_5_share = int(json.dumps(query[5][u'count'])) * 100 / total_hosts old_DAT_share = 100 - current_compliance_level reportfile = open(REPORTFILENAME, "a") reportfile.write(datetime.datetime.now().strftime("%Y-%m-%d") + ";" + str(current_compliance_level) + ";" + \ str(total_hosts) + ";" + str(last_6_days_DAT_hosts) + ";" + str(DAT_0_share) + ";" + \ str(DAT_1_share) + ";" + str(DAT_2_share) + ";" + str(DAT_3_share) + ";" + str(DAT_4_share) + ";" + \ str(DAT_5_share) + ";" + str(old_DAT_share) + "\n" ) reportfile.close()
def main(argv): global epo, verbose epo = mcafee.client(SERVER, '8443', USERNAME, PASSWORD) try: opts, args = getopt.getopt(argv, "hi:", ["filename="]) except getopt.GetoptError: print("delstock.py -i <input file>") sys.exit(2) for opt, arg in opts: if opt == "-h": print("delstock.py -i <input file>") print("This script will remove unneeded machines from ePo") print("-i <file> import file with hostnames") sys.exit() elif opt in ("-i", "--ifile"): filename = arg stock = (line.rstrip('\n') for line in open(filename)) for host in stock: if epo.system.find(host): epo.system.delete(host) print(host + ' is deleted')
def main(): # Main Function args = request_args() if args.epo_password is None: args.epo_password = get_ePO_password(args.epo_user) # Connect to ePO mc = mcafee.client(args.epo, args.epo_port, args.epo_user, args.epo_password) # Grab ePO managed Instance Ids and System Names endpoint_instances = epoInstances(mc) # Create list of only the AWS Instance Ids for Systems in ePO Database endpoint_instanceids = epoInstanceIds(mc, endpoint_instances) # Create a list of all instance ids in all AWS regions aws_instances = awsInstanceIds(args.access_key, args.secret_key) # Create a list of AWS Instance Ids that remain in the ePO Database but no longer exist in AWS uniques = ePOnotinAWS(endpoint_instanceids, aws_instances) # Delete all systems that remain in ePO Database but no longer exist in AWS deleteEPOUniqueInstances(mc, endpoint_instances, uniques)
# This script executes a custom query against ePO to return a list of systems with Custom Prop 1 equal to 'CN=*', and no desired tag # It then tags the system, and issues an agent wakeup call. import mcafee # ePO IP ePOIP = '' # Login username ePOUser = '' # Login user's password ePOUserPwd = '' # Tag Name ePOTag = 'Server' mc = mcafee.client(ePOIP, '8443', ePOUser, ePOUserPwd, 'https', 'json') ePOTagSet = mc.system.findTag(ePOTag) if ePOTagSet: for ePOTagInfo in ePOTagSet: systems = mc.core.executeQuery( target='EPOLeafNode', select= '(select EPOComputerProperties.ComputerName EPOComputerProperties.ParentID EPOComputerProperties.UserProperty1)', where= '(and(startsWith EPOComputerProperties.UserProperty1 "CN=") (doesNotHaveTag EPOLeafNode.AppliedTags ' + str(ePOTagInfo['tagId']) + '))') if systems: for system in systems: mc.eeadmin.assignUser( systemNode='True', nodeId=str(system['EPOComputerProperties.ParentID']), dn=system['EPOComputerProperties.UserProperty1'])
from dxlclient.client import DxlClient from dxlmarclient import MarClient # Import common logging and configuration sys.path.append(os.path.dirname(os.path.abspath(__file__)) + "/..") from common import * # Configure local logger logging.getLogger().setLevel(logging.ERROR) logger = logging.getLogger(__name__) # Create DXL configuration from file config = DxlClientConfig.create_dxl_config_from_file(CONFIG_FILE) # Connect to ePO with WebAPI mc = mcafee.client('{epoip}','8443','{account}','{pwd}','https','json') #ePOTag = 'Suspect' class MyFirstInstanceCallback(FirstInstanceCallback): """ My first instance callback """ def on_first_instance(self, first_instance_dict, original_event): # Display the DXL topic that the event was received on print "First instance on topic: " + original_event.destination_topic # Dump the dictionary print json.dumps(first_instance_dict, sort_keys=True, indent=4, separators=(',', ': ')) agentGuid = json.dumps(first_instance_dict['agentGuid'])[1:-1] fileName = json.dumps(first_instance_dict['name'])[1:-1]
def main(): ''' The main functiona allows different operations: 1.- Manually import of hash 2.- Import a list of hashes via csv file 3.- Automatic calculation of the hash of a file and further submission 4.- Automatic calculation of the hashed of a folder and further submission ''' option = parseargs() ipaddress = option.ipaddress port = option.port username = option.username password = option.password path_to_file = option.import_file path_to_object = option.object_path mc = mcafee.client(ipaddress, port, username, password, 'https','json') if path_to_file: try: with open(path_to_file, 'rb') as csvfile: lines = csv.reader(csvfile) for line in lines: try: sha1 = line[0] md5 = line[1] reputation = line[2] file_comment = line[3] file_name = line[4] except Exception as er: print "Error - Format file error" break send_reputation(mc, sha1, md5, reputation, file_comment, file_name) except Exception as er: print 'Error opening file: %s' % er elif path_to_object: if isfile(path_to_object): sha1, md5 = get_hash(path_to_object) file_name = path_to_object.split(os.sep)[-1] file_comment = option.file_comment reputation = option.value send_reputation(mc, sha1, md5, reputation, file_comment, file_name) else: list_of_files = get_files(path_to_object) for unique_file in list_of_files: sha1, md5 = get_hash(unique_file) file_name = unique_file.split(os.sep)[-1] file_comment = option.file_comment reputation = option.value send_reputation(mc, sha1, md5, reputation, file_comment, file_name) else: sha1 = option.sha1_string md5 = option.md5_string reputation = option.value file_name = option.file_name file_comment = option.file_comment send_reputation(mc, sha1, md5, reputation, file_comment, file_name)
a browser, encode the URL. Parameters: fileReps (param 1) - JSON string of file reputations. At least one hash need to be present. Optional parameters: "name" and "comment". Ex: [{"sha1":"frATnSF1c5s8yw0REAZ4IL5qvSk=","md5":"8se7isyX+S6Yei1Ah9AhsQ==","sha256":"39Gv4ExOzWr5SMNMrObQJ3A3SSSzEoz2MFi4X8YNAVQ=","reputation":"99"},{"sha1":"d3HtjhR0Eb3qN6c+vVxeqVVe0t4=","md5":"V+0uApv5yjk4PSpnHvT7UA==","reputation":"85"}] certReps (param 2) - JSON string of certificate reputations. Both sha1 and publicKeySha1 are required. Optional parameter: "comment". Ex: [{"sha1":"frATnSF1c5s8yw0REAZ4IL5qvSk=","publicKeySha1":"frATnSF1c5s8yw0REAZ4IL5qvSk=","reputation":"99"}] ''' import base64 import csv import json import mcafee mc = mcafee.client('your IP here', '8443', 'your ePO username', 'your ePO user passwd') # Read the file and set the reputations with open('reputations.csv') as f: fileReputations = csv.reader(f) for rowofdata in fileReputations: name = rowofdata[0].lower() hashType = rowofdata[1].lower() fileHash = rowofdata[2].upper() reputation = rowofdata[3] comment = rowofdata[4] Info = json.dumps([{hashType:base64.b64encode(fileHash.decode("hex")),'reputation':reputation,'name':name,'comment':comment}]) print mc.tie.setReputations(Info)
ePOIP = raw_input('Please enter IP of McAfee ePO Server: ') # Prompt for ePO username ePOUser = '' while ePOUser == '': ePOUser = raw_input('Username: '******'s password ePOUserPwd = '' while ePOUserPwd == '': ePOUserPwd = getpass.getpass('Password: '******'config.yaml') as f: data = yaml.load(f, Loader=yaml.FullLoader) mc = mcafee.client(ePOIP, '8443', ePOUser, ePOUserPwd) currentPath = os.getcwd() # Create extensions, policies, and tasks by Group and Order, and Check-in any Packages extensions = [] packages = [] policies = [] tasks = [] for key, value in data.items(): for key2, value2 in value.items(): for item in value2: if item['Type'] == 'Extension': extensions.append(item) elif item['Type'] == 'Package': packages.append(item) elif item['Type'] == 'Policy':