def tune_app_control(api, configuration, api_version, api_exception): try: # Create a PoliciesApi object policies_api = api.PoliciesApi(api.ApiClient(configuration)) # List policies using version v1 of the API policies_list = policies_api.list_policies(api_version) # View the list of policies # return policies_list except api_exception as e: return "Exception: " + str(e) # Search computer in deep security dashboard search_criteria = api.SearchCriteria() search_criteria.field_name = "displayName" search_criteria.string_value = '%' + search_name + '%' search_criteria.string_test = "equal" search_criteria.string_wildcards = True # Create search filter to find computer search_filter = api.SearchFilter(None, [search_criteria]) # Create a ComputerApi object computer_api = api.ComputersApi(api.ApiClient(configuration)) try: # Perform the search computer_details = computer_api.search_computers(api_version, search_filter=search_filter) ec2_instance_id = [] ds_ids = [] for ec2_details in computer_details.computers: ec2_instance_id.append(ec2_details.ec2_virtual_machine_summary.instance_id) ds_ids.append(ec2_details.id) # Set the Reconnaissance Scan value setting_value = api.SettingValue() setting_value.value = "true" # Add the SettingValue to a ComputerSettings object computer_settings = api.ComputerSettings() computer_settings.firewall_setting_reconnaissance_enabled = setting_value app_controll_settings = api.ApplicationControlComputerExtension() app_controll_settings.state = app_control_status # Add the ComputerSettings object to a Computer object computer = api.Computer() computer.computer_settings = computer_settings computer.application_control = app_controll_settings for ds_id in ds_ids: computer_api.modify_computer(ds_id, computer, api_version, overrides=True) return ec2_instance_id except api_exception as e: return "Exception: " + str(e)
def getruleid(rule_type, rule_to_apply, configuration, api_version): # Get the rule id policy_instance = deepsecurity.PoliciesApi( deepsecurity.ApiClient(configuration)) if ("ips" in rule_type): rule_instance = deepsecurity.IntrusionPreventionRulesApi( deepsecurity.ApiClient(configuration)) if ("im" in rule_type): rule_instance = deepsecurity.IntegrityMonitoringRulesApi( deepsecurity.ApiClient(configuration)) if ("li" in rule_type): rule_instance = deepsecurity.LogInspectionRulesApi( deepsecurity.ApiClient(configuration)) rule_id = 0 try: if ("ips" in rule_type): rule_response = rule_instance.list_intrusion_prevention_rules( api_version) attrs = rule_response._intrusion_prevention_rules rule_id = getid(attrs, rule_to_apply) if ("im" in rule_type): rule_response = rule_instance.list_integrity_monitoring_rules( api_version) attrs = rule_response._integrity_monitoring_rules rule_id = getid(attrs, rule_to_apply) if ("li" in rule_type): rule_response = rule_instance.list_log_inspection_rules( api_version) attrs = rule_response._log_inspection_rules rule_id = getid(attrs, rule_to_apply) return (rule_id) except ApiException as e: print( "An exception occurred when calling IntrusionPreventionRulesApi.list_intrusion_prevention_rules: %s\n" % e)
def lambda_handler(event, context): global DSM global configuration configuration = client.Configuration() # DSM_policy = client.PoliciesApi(client.ApiClient(configuration)) # DSM_client = client.ComputersApi(client.ApiClient(configuration)) ds_api_key = '2:CC8BLAbBl8VH5sfPFjygafiV7heQc9fkHhDWkNjsxRk=' ds_hostname = 'app.deepsecurity.trendmicro.com' ds_port = '443' # ds_ignore_ssl_validation = None # if 'dsIgnoreSslValidation' in os.environ: ds_ignore_ssl_validation = os.environ['dsIgnoreSslValidation'] try: # DSM connection string configuration.host = 'https://' + ds_hostname + ':' + ds_port + '/api' configuration.verify_ssl = False # Authentication configuration.api_key['api-secret-key'] = ds_api_key api_version = 'v1' print("Signed into Deep Security") except api_exception as ex: print( "Could not successfully sign into Deep Security. Threw exception: {}" .format(ex)) # From here we have to fetch data DSM_computer = client.ComputersApi(client.ApiClient(configuration)) try: # NEED TO CHANGE THIS CODE TO SEARCH SPECIFIC INSTANCE ID search_filter = deepsecurity.SearchFilter() overrides = False response = DSM_computer.search_computers('v1', search_filter=search_filter, overrides=overrides) for computer in response.computers: if computer.ec2_virtual_machine_summary.instance_id == 'i-0ab687235eddfb3ad': attr = vars(computer) instance_in_ds = attr['_id'] api_instance = deepsecurity.ScheduledTasksApi( deepsecurity.ApiClient(configuration)) scheduled_task = deepsecurity.ScheduledTask( ).scan_for_recommendations_task_parameters res = api_instance.create_scheduled_task( scheduled_task, api_version) print("Found the instance in Deep Security as computer {}".format( len(response.computers))) except api_exception as ex: print( "Could not find the instance in Deep Security. Threw exception: {}" .format(ex))
def get_affected_instance_in_deep_security(instance_id): """ Find and return the specified instance in Deep Security Returns a deepsecurity.computers.Computer object or None """ result = None # if not DSM: return result DSM_computer = client.ComputersApi(client.ApiClient(configuration)) try: # NEED TO CHANGE THIS CODE TO SEARCH SPECIFIC INSTANCE ID search_filter = deepsecurity.SearchFilter() overrides = True response = DSM_computer.search_computers('v1', search_filter=search_filter, overrides=overrides) for computer in response.computers: if computer.ec2_virtual_machine_summary.instance_id == instance_id: attr = vars(computer) print(attr['_id']) print(type(attr['_id'])) return attr['_id'] except api_exception as ex: print("Could not find the instance in Deep Security. Threw exception: {}".format(ex))
def getIPSrules(cve): # Initialization # Set Any Required Values api_instance = deepsecurity.IntrusionPreventionRulesApi( deepsecurity.ApiClient(configuration)) api_version = 'v1' # Set search criteria for the date range search_criteria = deepsecurity.SearchCriteria() search_criteria.field_name = "CVE" search_criteria.string_value = "%" + cve + "%" search_filter = deepsecurity.SearchFilter(None, [search_criteria]) try: ipsrules = api_instance.search_intrusion_prevention_rules( api_version, search_filter=search_filter) i = 0 for ipsrid in ipsrules.intrusion_prevention_rules: ipsruleidentifier = ipsrid.identifier ipsrulename = ipsrid.name print("ID: " + str(ipsruleidentifier), "- " + str(ipsrulename)) i += 1 except ApiException as e: print( "An exception occurred when calling IntrusionPreventionRulesApi.search_intrusion_prevention_rules: %s\n" % e)
def request_computers(self): """Returns a list with all computers in the DS environment""" computers_list = [] api_instance = deepsecurity.ComputersApi(deepsecurity.ApiClient(self.api_config)) try: while True: paged_response = api_instance.search_computers(self.api_version, expand=self.COMPUTER_EXPAND, overrides=False, search_filter=self.SEARCH_FILTER) computers_list+=paged_response.computers last_id = computers_list[-1].id self.SEARCH_FILTER.search_criteria.id_value = last_id if len(paged_response.computers) != self.SEARCH_FILTER.max_items: break except deepsecurity.rest.ApiException as e: self.handle_api_exception(e,"COMPUTERS") except urllib3.exceptions.MaxRetryError as e: raise Exception(self.MAX_RETRY_ERROR_MSG) except urllib3.exceptions.LocationParseError: raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH))) except Exception as e: raise Exception("Generic connection error!" + str(e) + "Generic connection error!") self.SEARCH_FILTER.search_criteria.id_value = 0 #Reset the Search Criteria return computers_list
def search_firewall_rules(api, configuration, api_version, api_exception): """ Searches the firewall rules for any rule that contains DHCP in the rule name. :param api: The Deep Security API modules. :param configuration: Configuration object to pass to the api client. :param api_version: The version of the API to use. :param api_exception: The Deep Security API exception module. :return: A list containing all firewall rules that match the search criteria. """ # Define the search criteria search_criteria = api.SearchCriteria() search_criteria.field_name = "name" search_criteria.string_value = "%DHCP%" search_criteria.string_test = "equal" search_criteria.string_wildcards = True # Create search filter to find the rule search_filter = api.SearchFilter(None,[search_criteria]) # Create a FirewallRulesApi object firewall_rules_api = api.FirewallRulesApi(api.ApiClient(configuration)) try: # Perform the search firewall_rules = firewall_rules_api.search_firewall_rules(api_version, search_filter=search_filter) firewall_rules_list = [] for rule in firewall_rules.firewall_rules: firewall_rules_list.append(rule) return firewall_rules except api_exception as e: return "Exception: " + str(e)
def __init__(self, api_key): self.configuration = deepsecurity.Configuration() self.configuration.host = f'https://{os.environ["ApiEndpoint"]}/api' self.configuration.api_key['api-secret-key'] = api_key self.connectorClient = deepsecurity.AWSConnectorsApi( deepsecurity.ApiClient(self.configuration)) self.apiVersion = 'v1'
def checkifwrson(policy_id, configuration, api_version, overrides): policies_api = deepsecurity.PoliciesApi( deepsecurity.ApiClient(configuration)) current_wrs_settings = policies_api.describe_policy(policy_id, api_version, overrides=False) return (current_wrs_settings.web_reputation.state)
def __init__(self): ds_api_key = os.environ['DS_KEY'] self.api_version = os.environ.get('DS_API_VERSION', 'v1') dsm_address = os.environ.get( 'DS_API_ADDRESS', 'https://app.deepsecurity.trendmicro.com/api') config = api.Configuration() config.host = dsm_address config.api_key['api-secret-key'] = ds_api_key self.api_client = api.ApiClient(config)
def request_computers(self): """Returns a list with all computers in the DS environment""" api_instance = deepsecurity.ComputersApi( deepsecurity.ApiClient(self.api_config)) try: api_response = api_instance.list_computers(self.version, overrides=False) except ApiException as e: raise return api_response.computers
def request_ips_rules(self, condition=None, rule=None): api_instance = deepsecurity.IntrusionPreventionRulesApi( deepsecurity.ApiClient(self.api_config)) try: api_response = api_instance.list_intrusion_prevention_rules( self.version) except Exception as e: raise return api_response.intrusion_prevention_rules
def request_stateful_configs(self): """Returns a list of all firewall stateful configs in the DS environment """ api_instance = deepsecurity.StatefulConfigurationsApi(deepsecurity.ApiClient(self.api_config)) try: api_response = api_instance.list_stateful_configurations(self.api_version) except deepsecurity.rest.ApiException as e: self.handle_api_exception(e,"STATEFUL CONFIGURATIONS") except urllib3.exceptions.MaxRetryError as e: raise Exception(self.MAX_RETRY_ERROR_MSG) except urllib3.exceptions.LocationParseError: raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH))) return api_response.stateful_configurations
def request_anti_malware_configs(self): """Returns list of all anti-malware configs in the DS environment """ api_instance = deepsecurity.AntiMalwareConfigurationsApi(deepsecurity.ApiClient(self.api_config)) try: api_response = api_instance.list_anti_malwares(self.api_version) except deepsecurity.rest.ApiException as e: self.handle_api_exception(e, "ANTI-MALWARE CONFIGURATIONS") except urllib3.exceptions.MaxRetryError as e: raise Exception(self.MAX_RETRY_ERROR_MSG) except urllib3.exceptions.LocationParseError: raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH))) return api_response.anti_malware_configurations
def request_im_rules(self): """Returns a list with all integrity monitor rule""" api_instance = deepsecurity.IntegrityMonitoringRulesApi( deepsecurity.ApiClient(self.api_config)) try: api_response = api_instance.list_integrity_monitoring_rules( self.version) except Exception as e: raise return api_response.integrity_monitoring_rules
def configure_policy(self, policy_id, rule_ids): api_instance = ds.PolicyIntrusionPreventionRuleAssignmentsRecommendationsApi( ds.ApiClient(self.configuration)) intrusion_prevention_rule_ids = ds.RuleIDs() intrusion_prevention_rule_ids.rule_ids = rule_ids api_response = api_instance.add_intrusion_prevention_rule_ids_to_policy( policy_id, self.api_version, intrusion_prevention_rule_ids=intrusion_prevention_rule_ids, overrides=False) return api_response
def DeepSec_Api(): print ('Connecting to Deep Security Platform ...###Calling Deep Security API###') if not sys.warnoptions: warnings.simplefilter("ignore") configuration=deepsecurity.Configuration() configuration.host="https://app.deepsecurity.trendmicro.com:443/api" #print ('deeptoken', deeptoken) dee=deeptoken print ('Fetching endpoint information using Access Key :', dee) configuration.api_key['api-secret-key']=dee api_instance=deepsecurity.ComputersApi(deepsecurity.ApiClient(configuration)) api_version='v1' expand_options=deepsecurity.Expand() expand_options.add(expand_options.none) expand=expand_options.list() overrides=False try: api_response=api_instance.list_computers(api_version,expand=expand,overrides=overrides) #pprint(api_response) except ApiException as e: print("Exception: %s",e) #sqlmain() try: conn = sqlmain() c = conn.cursor() print ('Downloading Report from Deep Security Platform ...###Calling Deep Security API###') for item in tqdm(api_response.computers): sql = f' INSERT INTO DeepSecurity(host_name, agent_version, computer_status, last_agent_communication, anti_malware, last_ip_used) ' \ f'VALUES(?, ?, ?, ?, ?, ?) ' cur = conn.cursor() # Prepare data to insert list_array = [] host_name = item.host_name if item.host_name else 'None'; agent_version = item.agent_version if item.agent_version else 'None'; computer_status = item.computer_status if item.computer_status else 'None'; last_agent_communication = str(item.last_agent_communication) if item.last_agent_communication else 'None'; anti_malware = item.anti_malware if item.anti_malware else 'None'; last_ip_used = item.last_ip_used if item.last_ip_used else 'None'; list_array.extend((host_name, agent_version, computer_status, last_agent_communication, anti_malware, last_ip_used)) # execute insert query c.execute(sql, list_array) conn.commit() inserted_id = cur.lastrowid #print(inserted_id) except Error as e: print(e) finally: if conn: conn.close()
def request_computer_groups(self): api_instance = deepsecurity.ComputerGroupsApi(deepsecurity.ApiClient(self.api_config)) try: api_response = api_instance.list_computer_groups(self.api_version) except deepsecurity.rest.ApiException as e: self.handle_api_exception(e,"COMPUTERS") except urllib3.exceptions.MaxRetryError as e: raise Exception(self.MAX_RETRY_ERROR_MSG) except urllib3.exceptions.LocationParseError: raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH))) except Exception as e: raise Exception("Generic connection error!" + str(e) + "Generic connection error!") return api_response
def request_computer_per_id(self, comp_id): """Returns a unique computer in the DS environment""" api_instance = deepsecurity.ComputersApi(deepsecurity.ApiClient(self.api_config)) try: api_response = api_instance.describe_computer(comp_id, self.api_version, expand=self.COMPUTER_EXPAND, overrides=False) except deepsecurity.rest.ApiException as e: self.handle_api_exception(e,"COMPUTERS") except urllib3.exceptions.MaxRetryError as e: raise Exception(self.MAX_RETRY_ERROR_MSG) except urllib3.exceptions.LocationParseError: raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH))) return api_response
def describe_policy(self, policy_id, description): if not sys.warnoptions: warnings.simplefilter("ignore") api_instance = ds.PoliciesApi(ds.ApiClient(self.configuration)) policy = ds.Policy() description = description[:1998] + (description[1998:] and '..') policy.description = description api_response = api_instance.modify_policy(policy_id, policy, self.api_version, overrides=False) return api_response
def GetAllComputers(configuration): expand = Expand(Expand.ec2_virtual_machine_summary) expndList = expand.list() # Set search criteria search_criteria = api.SearchCriteria() search_criteria.id_value = 0 search_criteria.id_test = "greater-than" # Create a search filter with maximum returned items page_size = 50 search_filter = api.SearchFilter() search_filter.max_items = page_size search_filter.search_criteria = [search_criteria] # Perform the search and do work on the results computers_api = api.ComputersApi(api.ApiClient(configuration)) paged_computers = [] while True: try: t0 = time.time() computers = computers_api.search_computers( api_version, search_filter=search_filter, expand=expndList) t1 = time.time() num_found = len(computers.computers) current_paged_computers = [] if num_found == 0: print("No computers found.") break for computer in computers.computers: current_paged_computers.append(computer) paged_computers.append(current_paged_computers) # Get the ID of the last computer in the page and return it with the number of computers on the page last_id = computers.computers[-1].id search_criteria.id_value = last_id print("Last ID: " + str(last_id), "Computers found: " + str(num_found)) print("Return rate: {0} hosts/sec".format(num_found / (t1 - t0))) if num_found != page_size: print("Num_found {0} - Page size is {1}".format( num_found, page_size)) except api_exception as e: print("Exception: {0}".format(str(e))) return paged_computers
def sign_in_to_deep_security(): """ Sign in to Deep Security """ global DSM global configuration configuration = client.Configuration() DSM_policy = client.PoliciesApi(client.ApiClient(configuration)) DSM_client = client.ComputersApi(client.ApiClient(configuration)) if 'apiKey' not in os.environ: print("apiKey is REQUIRED environment variables for this AWS Lambda function") return None ds_api_key = os.environ['apiKey'] ds_hostname = None if 'dsHostname' in os.environ: ds_hostname = os.environ['dsHostname'] ds_port = None if 'dsPort' in os.environ: ds_port = os.environ['dsPort'] # ds_ignore_ssl_validation = None # if 'dsIgnoreSslValidation' in os.environ: ds_ignore_ssl_validation = os.environ['dsIgnoreSslValidation'] try: # DSM connection string configuration.host = 'https://' + ds_hostname + ':' + ds_port + '/api' configuration.verify_ssl = False # Authentication configuration.api_key['api-secret-key'] = ds_api_key api_version = 'v1' policies_list = DSM_policy.list_policies(api_version) computer_list = DSM_client.list_computers(api_version) print("Signed into Deep Security") except api_exception as ex: print("Could not successfully sign into Deep Security. Threw exception: {}".format(ex))
def search_im_rules(self, criteria): max_items = None search_filter = deepsecurity.SearchFilter(max_items, criteria) im_api = deepsecurity.IntegrityMonitoringRulesApi( deepsecurity.ApiClient(self.api_config)) try: api_response = im_api.search_integrity_monitoring_rules( self.version, search_filter=search_filter) except Exception as e: raise return api_response.integrity_monitoring_rules
def search_ips_rules(self, criteria): max_items = None search_filter = deepsecurity.SearchFilter(max_items, criteria) im_api = deepsecurity.IntrusionPreventionRulesApi( deepsecurity.ApiClient(self.api_config)) try: api_response = im_api.search_intrusion_prevention_rules( self.version, search_filter=search_filter) except Exception as e: raise return api_response.intrusion_prevention_rules
def getcomputerinfo(host_id, policy_id, configuration, api_version, overrides): try: computer_instance = deepsecurity.ComputersApi( deepsecurity.ApiClient(configuration)) computers = computer_instance.list_computers(api_version, overrides=overrides) for computer in computers.computers: if (computer.policy_id == policy_id): if (computer.id == host_id): print(computer) except ApiException as e: print( "An exception occurred when calling ComputersApi.list_computers: %s\n" % e)
def request_scheduled_tasks(self): """Returns a list with all scheduled tasks in the DS environment""" api_instance = deepsecurity.ScheduledTasksApi(deepsecurity.ApiClient(self.api_config)) try: api_response = api_instance.list_scheduled_tasks(self.api_version) except deepsecurity.rest.ApiException as e: self.handle_api_exception(e) except urllib3.exceptions.MaxRetryError as e: raise Exception(self.MAX_RETRY_ERROR_MSG) except urllib3.exceptions.LocationParseError: raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH))) except Exception as e: raise Exception("Generic connection error!" + str(e) + "Generic connection error!") return api_response.scheduled_tasks
def listpolicies(configuration, api_version, overrides): try: # Get the policies policy_names = [] policy_instance = deepsecurity.PoliciesApi( deepsecurity.ApiClient(configuration)) policy_response = policy_instance.list_policies(api_version, overrides=overrides) for policy in policy_response.policies: policy_names.append(policy.name) return (policy_names) except ApiException as e: print( "An exception occurred when calling ComputersApi.list_computers: %s\n" % e)
def request_policies(self): """Returns a list of all policies in the DS environment""" api_instance = deepsecurity.PoliciesApi(deepsecurity.ApiClient(self.api_config)) try: api_response = api_instance.list_policies(self.api_version, overrides=False) except deepsecurity.rest.ApiException as e: self.handle_api_exception(e,"POLICIES") except urllib3.exceptions.MaxRetryError as e: raise Exception(self.MAX_RETRY_ERROR_MSG) except urllib3.exceptions.LocationParseError: raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH))) except Exception as e: raise Exception("Generic connection error!" + str(e) + "Generic connection error!") #return {item.id : item for item in api_response.policies} return api_response.policies
def get_externalid(self): connector_settings_client = deepsecurity.AWSConnectorSettingsApi( deepsecurity.ApiClient(self.configuration)) try: connector_settings = connector_settings_client.list_aws_connector_settings( self.apiVersion) logger.info('Retrieved external id') return connector_settings.external_id except ApiException as e: logger.info( f"Exception when calling AWSConnectorSettingsApi.list_aws_connector_settings: {e}" ) raise e except Exception as e: logger.info(e)
def __init__(self, dsm_address): try: ds_api_key = os.environ['DS_KEY'] self.api_version = os.environ.get('DS_API_VERSION', 'v1') except KeyError: sys.exit( '"DS_KEY" environment variables are not set. Please set them and try again.' ) config = api.Configuration() config.host = dsm_address config.api_key['api-secret-key'] = ds_api_key self.api_client = api.ApiClient(config)