def tune_app_control(api, configuration, api_version, api_exception):
try:
# Create a PoliciesApi object
policies_api = api.PoliciesApi(api.ApiClient(configuration))
# List policies using version v1 of the API
policies_list = policies_api.list_policies(api_version)
# View the list of policies
# return policies_list
except api_exception as e:
return "Exception: " + str(e)
# Search computer in deep security dashboard
search_criteria = api.SearchCriteria()
search_criteria.field_name = "displayName"
search_criteria.string_value = '%' + search_name + '%'
search_criteria.string_test = "equal"
search_criteria.string_wildcards = True
# Create search filter to find computer
search_filter = api.SearchFilter(None, [search_criteria])
# Create a ComputerApi object
computer_api = api.ComputersApi(api.ApiClient(configuration))
try:
# Perform the search
computer_details = computer_api.search_computers(api_version, search_filter=search_filter)
ec2_instance_id = []
ds_ids = []
for ec2_details in computer_details.computers:
ec2_instance_id.append(ec2_details.ec2_virtual_machine_summary.instance_id)
ds_ids.append(ec2_details.id)
# Set the Reconnaissance Scan value
setting_value = api.SettingValue()
setting_value.value = "true"
# Add the SettingValue to a ComputerSettings object
computer_settings = api.ComputerSettings()
computer_settings.firewall_setting_reconnaissance_enabled = setting_value
app_controll_settings = api.ApplicationControlComputerExtension()
app_controll_settings.state = app_control_status
# Add the ComputerSettings object to a Computer object
computer = api.Computer()
computer.computer_settings = computer_settings
computer.application_control = app_controll_settings
for ds_id in ds_ids:
computer_api.modify_computer(ds_id, computer, api_version, overrides=True)
return ec2_instance_id
except api_exception as e:
return "Exception: " + str(e)
def getruleid(rule_type, rule_to_apply, configuration, api_version):
# Get the rule id
policy_instance = deepsecurity.PoliciesApi(
deepsecurity.ApiClient(configuration))
if ("ips" in rule_type):
rule_instance = deepsecurity.IntrusionPreventionRulesApi(
deepsecurity.ApiClient(configuration))
if ("im" in rule_type):
rule_instance = deepsecurity.IntegrityMonitoringRulesApi(
deepsecurity.ApiClient(configuration))
if ("li" in rule_type):
rule_instance = deepsecurity.LogInspectionRulesApi(
deepsecurity.ApiClient(configuration))
rule_id = 0
try:
if ("ips" in rule_type):
rule_response = rule_instance.list_intrusion_prevention_rules(
api_version)
attrs = rule_response._intrusion_prevention_rules
rule_id = getid(attrs, rule_to_apply)
if ("im" in rule_type):
rule_response = rule_instance.list_integrity_monitoring_rules(
api_version)
attrs = rule_response._integrity_monitoring_rules
rule_id = getid(attrs, rule_to_apply)
if ("li" in rule_type):
rule_response = rule_instance.list_log_inspection_rules(
api_version)
attrs = rule_response._log_inspection_rules
rule_id = getid(attrs, rule_to_apply)
return (rule_id)
except ApiException as e:
print(
"An exception occurred when calling IntrusionPreventionRulesApi.list_intrusion_prevention_rules: %s\n"
% e)
def checkifwrson(policy_id, configuration, api_version, overrides):
policies_api = deepsecurity.PoliciesApi(
deepsecurity.ApiClient(configuration))
current_wrs_settings = policies_api.describe_policy(policy_id,
api_version,
overrides=False)
return (current_wrs_settings.web_reputation.state)
def describe_policy(self, policy_id, description):
if not sys.warnoptions:
warnings.simplefilter("ignore")
api_instance = ds.PoliciesApi(ds.ApiClient(self.configuration))
policy = ds.Policy()
description = description[:1998] + (description[1998:] and '..')
policy.description = description
api_response = api_instance.modify_policy(policy_id,
policy,
self.api_version,
overrides=False)
return api_response
def listpolicies(configuration, api_version, overrides):
try:
# Get the policies
policy_names = []
policy_instance = deepsecurity.PoliciesApi(
deepsecurity.ApiClient(configuration))
policy_response = policy_instance.list_policies(api_version,
overrides=overrides)
for policy in policy_response.policies:
policy_names.append(policy.name)
return (policy_names)
except ApiException as e:
print(
"An exception occurred when calling ComputersApi.list_computers: %s\n"
% e)
def request_policies(self):
"""Returns a list of all policies in the DS environment"""
api_instance = deepsecurity.PoliciesApi(deepsecurity.ApiClient(self.api_config))
try:
api_response = api_instance.list_policies(self.api_version, overrides=False)
except deepsecurity.rest.ApiException as e:
self.handle_api_exception(e,"POLICIES")
except urllib3.exceptions.MaxRetryError as e:
raise Exception(self.MAX_RETRY_ERROR_MSG)
except urllib3.exceptions.LocationParseError:
raise TypeError( ("API Configuration values on {} are NOT VALID".format(self.API_CONFIG_PATH)))
except Exception as e:
raise Exception("Generic connection error!" + str(e) + "Generic connection error!")
#return {item.id : item for item in api_response.policies}
return api_response.policies
def checkifruleassigned(rule_to_apply, rule_type, rule_id, policy_id,
configuration, api_version, overrides):
policy_instance = deepsecurity.PoliciesApi(
deepsecurity.ApiClient(configuration))
try:
found = False
policies = policy_instance.list_policies(api_version,
overrides=overrides)
for policy in policies.policies:
if policy.id == policy_id:
if ("ips" in rule_type):
if (rule_id != 0) and (policy.intrusion_prevention.rule_ids
is not None):
for policy_ids in policy.intrusion_prevention.rule_ids:
if policy_ids == rule_id:
print(rule_type + " rule \"" + rule_to_apply +
" is already assigned")
found = True
break
if ("im" in rule_type):
if (rule_id != 0) and (policy.integrity_monitoring.rule_ids
is not None):
for policy_ids in policy.integrity_monitoring.rule_ids:
if policy_ids == rule_id:
print(rule_type + " rule \"" + rule_to_apply +
" is already assigned")
found = True
break
if ("li" in rule_type):
if (rule_id != 0) and (policy.log_inspection.rule_ids
is not None):
for policy_ids in policy.log_inspection.rule_ids:
if policy_ids == rule_id:
print(rule_type + " rule \"" + rule_to_apply +
" is already assigned")
found = True
break
if (found == False):
#id_array=arr.array('I',policy.intrusion_prevention.rule_ids)
print(rule_type + " rule \"" + rule_to_apply +
" was not assigned, need to assign it to the policy")
return (found)
except ApiException as e:
print(
"An exception occurred when calling PoliciesApi.list_policies: %s\n"
% e)
def modifywrsstate(policy_id, configuration, api_version, overrides, on_off):
print("Changing the WRS state to: " + on_off)
policies_api = deepsecurity.PoliciesApi(
deepsecurity.ApiClient(configuration))
current_wrs_settings = policies_api.describe_policy(policy_id,
api_version,
overrides=False)
#Configure sending policy updates when the policy changes
web_reputation_policy_extension = deepsecurity.WebReputationPolicyExtension(
)
web_reputation_policy_extension.state = on_off
policy = deepsecurity.Policy()
policy.web_reputation = web_reputation_policy_extension
# Modify the policy on Deep Security Manager
modified_policy = policies_api.modify_policy(policy_id, policy,
api_version)
def get_policies_list(api, configuration, api_version, api_exception):
""" Gets a list of policies on the Deep Security Manager
:return: A PoliciesApi object that contains a list of policies.
"""
try:
# Create a PoliciesApi object
policies_api = api.PoliciesApi(api.ApiClient(configuration))
# List policies using version v1 of the API
policies_list = policies_api.list_policies(api_version)
# View the list of policies
return policies_list
except api_exception as e:
return "Exception: " + str(e)
def applicationcontroltest(host_id, policy_id, configuration, api_version, overrides, operating_system):
print("---Running The Application Control Test---")
#Check if Application control is already enabled
enabled = False
policies_api = deepsecurity.PoliciesApi(deepsecurity.ApiClient(configuration))
application_control_policy_extension = deepsecurity.ApplicationControlPolicyExtension()
if(application_control_policy_extension.state is not None):
if("on" in application_control_policy_extension.state):
enabled = True
#If application control is not enabled, enable it
if(enabled == False):
print("Enabling Application Control")
enabledisableapplicationcontrol(policy_id, policies_api, application_control_policy_extension, api_version, "on")
done = False
while done == False:
print("Waiting for Application Control Baseline to finish...")
#put a sleep here to allow the policy to update and the baseline to start
time.sleep(30)
status = getacstatus(host_id, policy_id, configuration, api_version, overrides)
if(status is not None):
if("sending policy" in status.lower() or "application control inventory scan in progress" in status.lower() or "security update in progress" in status.lower()):
time.sleep(10)
else:
print("Application Control Baseline complete")
done = True
#Run the tests
runtest(operating_system)
# If Application Control was not previously on, turn it off again to return the policy to it's original state
if(enabled == False):
enabledisableapplicationcontrol(policy_id, policies_api, application_control_policy_extension, api_version, "off")
#Clean up after the tests and reset the system to it's original state
cleanup(policy_id, policies_api, application_control_policy_extension, api_version, enabled, operating_system)
# Perform a heartbeat to get the events to Cloud One or Deep Security Manager
sendheartbeat(operating_system)
print("---Application Control Test Completed---")
def assignlirule(rule_to_apply, rule_id, policy_id, configuration, api_version,
overrides, add_rule):
try:
# Get the current list of rules from the policy
policies_api = deepsecurity.PoliciesApi(
deepsecurity.ApiClient(configuration))
current_rules = policies_api.describe_policy(policy_id,
api_version,
overrides=False)
# Add the rule_id if it doesn't already exist in current_rules
if (add_rule == True):
print("Adding the " + rule_to_apply + " rule to the policy")
if current_rules.log_inspection.rule_ids is None:
current_rules.log_inspection.rule_ids = rule_id
elif rule_id not in current_rules.log_inspection.rule_ids:
current_rules.log_inspection.rule_ids.append(rule_id)
# Remove the rule_id if it was originally unassigned
else:
print("Removing the " + rule_to_apply + " rule from the policy")
current_rules.log_inspection.rule_ids.remove(rule_id)
# Add the new and existing intrusion prevention rules to a policy
log_inspection_policy_extension = deepsecurity.LogInspectionPolicyExtension(
)
log_inspection_policy_extension.rule_ids = current_rules.log_inspection.rule_ids
policy = deepsecurity.Policy()
policy.log_inspection = log_inspection_policy_extension
# Configure sending policy updates when the policy changes
policy.auto_requires_update = "on"
# Modify the policy on Deep Security Manager
modified_policy = policies_api.modify_policy(policy_id, policy,
api_version)
except ApiException as e:
print(
"An exception occurred when calling PolicyIntegrityMonitoringRuleAssignmentsRecommendationsApi.add_intrusion_prevention_rule_ids_to_policy: %s\n"
% e)
def getpolicyid(configuration, api_version, overrides):
# List the policies available and print them out so the user can choose
available_policies = listpolicies(configuration, api_version, overrides)
count = 1
for policy in available_policies:
print(str(count) + " = " + policy)
count += 1
policy_selected = False
while (policy_selected == False):
print(
"Enter the number for the policy you will be using for these tests?"
)
selected_policy = input()
if ((not selected_policy.isdigit()) or (int(selected_policy) >
(len(available_policies)))):
print("Invalid option, please try again")
elif (int(selected_policy) == 0):
print("Invalid option, please try again")
else:
selected_policy = int(selected_policy) - 1
print("You have selected to use: " +
available_policies[selected_policy])
policy_to_update = available_policies[selected_policy]
policy_selected = True
# Get the policy id
policy_instance = deepsecurity.PoliciesApi(
deepsecurity.ApiClient(configuration))
try:
policies = policy_instance.list_policies(api_version,
overrides=overrides)
for policy in policies.policies:
if policy.name == policy_to_update:
return (policy.id)
except ApiException as e:
print(
"An exception occurred when calling PoliciesApi.list_policies: %s\n"
% e)
def sign_in_to_deep_security():
"""
Sign in to Deep Security
"""
global DSM
global configuration
configuration = client.Configuration()
DSM_policy = client.PoliciesApi(client.ApiClient(configuration))
DSM_client = client.ComputersApi(client.ApiClient(configuration))
if 'apiKey' not in os.environ:
print("apiKey is REQUIRED environment variables for this AWS Lambda function")
return None
ds_api_key = os.environ['apiKey']
ds_hostname = None
if 'dsHostname' in os.environ: ds_hostname = os.environ['dsHostname']
ds_port = None
if 'dsPort' in os.environ: ds_port = os.environ['dsPort']
# ds_ignore_ssl_validation = None
# if 'dsIgnoreSslValidation' in os.environ: ds_ignore_ssl_validation = os.environ['dsIgnoreSslValidation']
try:
# DSM connection string
configuration.host = 'https://' + ds_hostname + ':' + ds_port + '/api'
configuration.verify_ssl = False
# Authentication
configuration.api_key['api-secret-key'] = ds_api_key
api_version = 'v1'
policies_list = DSM_policy.list_policies(api_version)
computer_list = DSM_client.list_computers(api_version)
print("Signed into Deep Security")
except api_exception as ex:
print("Could not successfully sign into Deep Security. Threw exception: {}".format(ex))
with open(property_file) as raw_properties:
properties = json.load(raw_properties)
secret_key = properties['secretkey']
url = properties['url']
api_version = 'v1'
# Add DSM host information to the API client configuration
configuration = api.Configuration()
configuration.host = url
configuration.api_key['api-secret-key'] = secret_key
# Initialization
# Set Any Required Values
api_instance = api.PoliciesApi(api.ApiClient(configuration))
# Add column titles to comma-separated values string
csv = "Policy ID;Name;Description;Antimalware;Antimalware manual scan configuration id;Antimalware real time scan configuration;Antimalware Scheduled scan configuration;Application control;firewall;integrity monitoring;interface types;intrusion prevention;recommendation scan mode;log_inspection;web reputation\n"
overrides = False
try:
policies = api_instance.list_policies(api_version, overrides=overrides)
for policy in policies.policies:
module_info = []
module_info.append(policy.id)
module_info.append(policy.name)
module_info.append(
policy.description.replace('\n', ' ').replace('\r', ''))
import deepsecurity
from deepsecurity.rest import ApiException
from pprint import pprint
# Setup
if not sys.warnoptions:
warnings.simplefilter("ignore")
configuration = deepsecurity.Configuration()
configuration.host = 'https://192.168.75.210:4119/api'
# Authentication
configuration.api_key['api-secret-key'] = '2:PZGmBIe8rcKSF6fK2HeMkoyh5ZrC/fQeeyJyUjcpzyk='
# Initialization
# Set Any Required Values
api_instance = deepsecurity.PoliciesApi(deepsecurity.ApiClient(configuration))
api_version = 'v1'
search_criteria = deepsecurity.SearchCriteria()
search_criteria.field_name = "name"
search_criteria.string_test = "equal"
search_criteria.string_value = "%Linux Server%"
# Create a search filter
search_filter = deepsecurity.SearchFilter(None, [search_criteria])
policies_api = deepsecurity.PoliciesApi(deepsecurity.ApiClient(configuration))
computers_api = deepsecurity.ComputersApi(deepsecurity.ApiClient(configuration))
computer = deepsecurity.Computer()
try:
# Perform the search
