示例#1
0
from datetime import datetime, timedelta
from dsp3.models.manager import Manager

dsm = Manager(username="******",
              password="******",
              host="127.0.0.1",
              port="4119")

#Example 1: Get antimalware events for all hosts in the last hour
# time_type options: "LAST_HOUR", "LAST_24_HOURS", "LAST_7_DAYS", "CUSTOM_RANGE"
am_events = dsm.antimalware_event_retrieve(time_type="LAST_HOUR")

#Example 2: Get fw events for all hosts during a specific time
date_to = datetime.now()
date_from = date_to - timedelta(hours=3)
fw_events = dsm.fw_event_retrieve(range_from=date_from,
                                  range_to=date_to,
                                  time_type="CUSTOM_RANGE")

#Example 3: Get web reputation events for a specific host in the last 24 hours
wr_events = dsm.webrep_event_retrieve(time_type="LAST_24_HOURS",
                                      host_id=11,
                                      host_type="SPECIFIC_HOST")

#Example 4: Retrieve DPI Events by Host Group
dpi_events = dsm.dpi_event_retrieve(time_type="LAST_24_HOURS",
                                    host_group_id=7,
                                    host_type="HOSTS_IN_GROUP")

dsm.end_session()
示例#2
0
"""

Run Script from project root dir:
  python -m app.intro.c_control_flow

"""

import json
from ..utils import utils
from dsp3.models.manager import Manager

username, password, tenant = utils.parse_dsas_crendentials()
dsm = Manager(username=username, password=password, tenant=tenant)
api_version = dsm.get_api_version()

#string interpolation
print('API version is: %d' % api_version)
print(f'API version is: {api_version}')
print('API version is {}'.format(api_version))

# conditional logic
if api_version > 10:
    print('we are good')

if api_version < 20:
    print('we are good')
else:
    print('what is going on in Ottawa?')

print('we are good\n') if api_version > 20 else print(
    'I am on the wrong version\n')
示例#3
0
def get_events():
    dsm = Manager(username="******",
                  password="******",
                  host="127.0.0.1",
                  port="4119")

    try:
        print("Getting AM events")
        am_events = dsm.antimalware_event_retrieve(time_type="LAST_HOUR")
        print("Getting Webrep events")
        webrep_events = dsm.webrep_event_retrieve(time_type="LAST_7_DAYS")
        print("Getting FW events")
        fw_events = dsm.fw_event_retrieve(time_type="LAST_7_DAYS")
        print("Getting DPI events")
        dpi_events = dsm.dpi_event_retrieve(time_type="LAST_7_DAYS")
        print("Getting IM events")
        im_events = dsm.im_event_retrieve(time_type="LAST_7_DAYS")
        print("Getting LI events")
        li_events = dsm.li_event_retrieve(time_type="LAST_7_DAYS")
        print("Getting System events")
        system_events = dsm.system_event_retrieve(time_type="LAST_7_DAYS")

        event_list = {
            'am_events': am_events,
            'webrep_events': webrep_events,
            'fw_events': fw_events,
            'dpi_events': dpi_events,
            'im_events': im_events,
            'li_events': li_events,
            'system_events': system_events
        }

        for file_name, events in event_list.items():
            process_event_list(file_name, events)

    except Exception as e:
        logging.error(e, exc_info=True)
    finally:
        dsm.end_session()
示例#4
0
#!/Users/jeff/playbooks/se_jam/venv/bin/python3.6

import datetime
import json

from ansible.module_utils.basic import *
from dsp3.models.manager import Manager


module = AnsibleModule(argument_spec=dict(ds_tenant=dict(required=True, aliases=['ds_tenant']),
                                          ds_user=dict(required=True, aliases=['ds_user']),
                                          ds_password=dict(required=True, aliases=['ds_password']),
                                          host_id=dict(required=True, aliases=['host_id'])))
ds_tenant = module.params.get('ds_tenant')
ds_user= module.params.get('ds_user')
ds_password = module.params.get('ds_password')
host_id = module.params.get('host_id')

dsm = Manager(username=ds_user, password=ds_password, tenant=ds_tenant)
dsm.set_trusted_update_mode(int(host_id), 3, False)
api_version = dsm.get_api_version()
dsm.end_session()


print(json.dumps({
    "api_version" : api_version
}))
ai = boto3.client('inspector')
findings = ai.list_findings()

findings_dict = ai.describe_findings(findingArns=findings['findingArns'])
cves = []

for finding in findings_dict['findings']:
    for attr in finding['attributes']:
        if attr['key'] == 'CVE_ID':
            cves.append(attr['value'])

print("Amazon Inspector Findings")
print(cves)

#Not secure. should be passed and environment variables to function
dsm = Manager(username="******", password="******", tenant="ACME CORP")
print("Getting DPI rules from DSM")
rules = dsm.dpi_rules_all()

dsm_cves_all = []
dsm_cves = []
for rule in rules:
    if 'cveNumbers' in rule and rule['cveNumbers'] != None:
        for cve in rule['cveNumbers'].split(","):
            dsm_cves_all.append(cve.strip())
            if cve.strip() in cves:
                dsm_cves.append(cve)

print()
print("DSM Coverage")
print(dsm_cves)
示例#6
0
with open('usecases/ips.txt') as f:
    ips = f.readlines()

for ip in ips:
    ip = ip.split(';')[0].strip()

    if "/" in ip:
        ip_addr = ipaddress.ip_network(ip)
        address = ip_addr.network_address.exploded
        if ip_addr.prefixlen == 16:
            pattern = re.compile("\d+\d{1,3}.\d{1,3}")
            ip_addr = re.search(pattern, address).group(0)
        elif ip_addr.prefixlen == 24:
            pattern = re.compile("\d{1,3}.\d{1,3}.\d{1,3}")
            ip_addr = re.search(pattern, address).group(0)
    else:
        ip_addr = ipaddress.ip_address(ip)


    rule = '<rule pat="X-Forwarded-For: %s" cmask="0x3" ctest="0x1">\n' % ip_addr
    rule = rule + 'drop "Found IP from Block List in XFF Header"\n'
    rule = rule + "</rule>\n"
    ruleXML = ruleXML + rule


dsm = Manager(username='******', password='******', tenant='ACME Corp')
result = dsm.dpi_rule_save("Web Server Common", "Block-X-Forward-List", True, True, "CUSTOM_XML", "DROP_CLOSE",
                           "ANY_PATTERNS_FOUND", "NORMAL", "DROP_CLOSE", "MEDIUM", ruleXML)
dsm.end_session()
print(result)
示例#7
0
'Secure Devops Pipeline'

import sys
import os
sys.path.append(os.path.join(os.path.dirname(__file__), '..', '..'))

from sejam_python_bootcamp import config
from dsp3.models.manager import Manager

dsm = Manager(username=config.DSAS_USER,
              password=config.DSAS_PASSWORD,
              tenant=config.DSAS_TENANT)

# Step 1: Initiate ansible development pipeline:
# Opens App Control maintenance window
# pull git repo to server
# shuts down exisiting docker container
# rebuilds new container
# closes app control maintenance window.

# Step 2: Use DSP3 to put Fernando's Donuts webserver in detect only mode.
#dsm.security_profile_assign_to_host(6122, 33603)

# Step 3: lauch sql injection attacks against fernando donuts then run

#dsm.host_getevents_now([33603])
#events = dsm.dpi_event_retreive(host_id=33603)['DPIEvents']['item']
#print(events[0])

# Step 4: use DSP3 to put Fernando's Donuts webserver in prevent mode.
#dsm.security_profile_assign_to_host(6123, 33603)
示例#8
0
"""

Run Script from project root dir:
  python -m app.intro.e_classes

"""

import json
from dsp3.models.manager import Manager
from ..utils import utils
from .person import Person

username, password, tenant = utils.parse_dsas_crendentials()
dsm = Manager(username=username, password=password, tenant=tenant)
hosts = dsm.host_retrieve_all()

if len(hosts) > 0:
    host_model = dsm.get_host_by_name(
        hosts[0]
        ['name'])  # check out utils -> dsp3_host.py file for model definition
    print(host_model.__dict__)
    print(json.dumps(host_model.__dict__))

jen = Person('Jen', 'Smith')
print(jen.first_name)
print(jen.last_name)
print(jen)
示例#9
0
from dsp3.models.manager import Manager

dsm = Manager(username="******",
              password="******",
              host="127.0.0.1",
              port="4119")

# Example 1: Retrieve DSM version.
version = dsm.manager_info_version()

# Example 2: Retrieve the status summary of the system.
status_summary = dsm.manager_info_status_summary()

#Example 3: Retrieve the status summary of each protection feature.
feature_summary = dsm.manager_info_feature_summary(1)

# Example 4: Retrieves detailed component info in current system
component_info = dsm.manager_info_components()

dsm.end_session()
示例#10
0
They needed to add 300 aws accounts to the DSM

https://help.deepsecurity.trendmicro.com/Add-Computers/add-aws.html

Add by AK/SAK
https://help.deepsecurity.trendmicro.com/Add-Computers/add-aws.html#Add5

Add by cross account role
https://help.deepsecurity.trendmicro.com/Add-Computers/add-aws.html#Add2


run file from project root dir as:
python -m app.customer_examples.add_aws_account

'''

username, password, tenant = utils.parse_dsas_crendentials()
access_key, secret_key = utils.parse_aws_crendentials()
dsm = Manager(username=username, password=password, tenant=tenant)

print(dsm.get_cloudaccounts(), end='\n')

dsm.add_aws_cloud_account_with_keys(access_key=access_key,
                                    secret_key=secret_key)

# or

#dsm.add_aws_cloud_account_with_cross_account_role('randomsecret2', 'arn:aws:iam::5385xvxv281:role/DS_Cross_account')

print(dsm.get_cloudaccounts(), end='\n')
dsm.end_session()
示例#11
0
 {
   "externalId": String,
   "roleArn": String,
 }
}


'''
import sys
import os
sys.path.append(os.path.join(os.path.dirname(__file__), '..', '..'))

from sejam_python_bootcamp import config
from dsp3.models.manager import Manager

dsm = Manager(username=config.DSAS_USER, password=config.DSAS_PASSWORD, tenant=config.DSAS_TENANT)
#print(dsm.add_aws_cloud_account_with_keys('access_key', 'secret_key'))

# or
print(dsm.get_api_version())

# How to set up cross account role - https://help.deepsecurity.trendmicro.com/Add-Computers/add-aws.html
print( dsm.add_aws_cloud_account_with_cross_account_role(config.EXTERNAL_ID, config.ARN)) 
# View DSPS Implentation -> https://github.com/jeffthorne/DSP3/blob/master/dsp3/utilities/cloudacct_utils.py


dsm.end_session()			# don' forget to end sessions. They can run out!



示例#12
0
from dsp3.models.manager import Manager

dsm = Manager(username="******", password="******", tenant="ACME Corp")

# list administrators
admins = dsm.administrators(
    admin_id=1, admin_op="eq")['ListAdministratorsResponse']['administrators']

# get admin where id = 1
admins = dsm.administrators(
    admin_id=1, admin_op="eq")['ListAdministratorsResponse']['administrators']

# get admin where id > 1
admins = dsm.administrators(
    admin_id=1, admin_op="gt")['ListAdministratorsResponse']['administrators']

dsm.end_session()
示例#13
0
from dsp3.models.manager import Manager

dsm = Manager(username="******",
              password="******",
              host="127.0.0.1",
              port="4119")

rules = dsm.list_block_by_hash_rules(
)  # returns json object representing list of Block by Hash Rules

# adds new block by hash rule. based on sha256 file hash.
# The blacklist rules are then applied and enforced on any agent that has AppControl turned on.
dsm.add_block_by_hash_rule(
    "0143f7ba86d17cabdfffdc5247362871ba35ffd431f2c3d314a09b8c568b692a",
    "Block test.sh File")
dsm.delete_block_by_hash_rule(1)  #deletes block by hash rule by rule id

dsm.end_session()
示例#14
0
from dsp3.models.manager import Manager


# authenticate to DSaS
dsm = Manager(username="******", password="******", tenant="ACME Corp")

# list event based tasks
event_tasks = dsm.event_based()

# delete an event based task
resp = dsm.event_based_delete(205)

# create and event based task
conditions = [{'field': 'hostname', 'key': '', 'value': 'k8s.*'}]
actions = [{'type': 'assign-group', 'parameterValue': 4201}]
resp = dsm.event_based_task_create("Test Task", conditions=conditions, actions=actions)


#end session
dsm.end_session()
示例#15
0
                tempDict[field] = type(obj[field]).__name__

    return tempDict


def process_event_list(file_name, events):
    fields = events[0].__keylist__
    file = open('%s.csv' % file_name, 'w')
    with file:
        writer = csv.DictWriter(file, fieldnames=fields)
        writer.writeheader()
        for event in events:
            writer.writerow(obj_to_dictionary(fields, event))


dsm = Manager(tenant='', username='', password='', verify_ssl=True)

print("Connected to Deep Security SaaS")
print("Session ID: " + dsm.session_id)
print("Retrieving firewall events (may take a while)...")

start = datetime.now()
end = start - timedelta(days=7)
delta = timedelta(hours=1)

print("Using " + str(delta) + " deltas.")

fw_events = []

while (start > end):
    chunk = dsm.fw_event_retrieve(range_from=(start - delta),
示例#16
0
from dsp3.models.manager import Manager

# authenticate to DSaS
dsm = Manager(username="******", password="******", tenant="ACME Corp")

# list report templates
reports = dsm.reports()

dsm.end_session()
示例#17
0
文件: alerts.py 项目: henryar/DSP3
from dsp3.models.manager import Manager

dsm = Manager(username="******", password="******", tenant="ACME Corp")

# retrieve all alerts
alerts = dsm.alerts()['ListAlertsResponse']['alerts']

# include alerts that have been dismissed
alerts = dsm.alerts(dismissed=True)['ListAlertsResponse']['alerts']

# retrieve alerts with an id >= 17601
alerts = dsm.alerts(dismissed=True, alert_id=17601,
                    op="ge")['ListAlertsResponse']['alerts']

# close session
dsm.end_session()
示例#18
0
from dsp3.models.manager import Manager


dsm = Manager(username='******', password='******',host="127.0.0.1", port="4119")

# get detail for a specific host by id
host = dsm.host_detail_retrieve(host_id=11)

# clear error and warnings for a host
dsm.host_clear_warnings_and_errors([11])

# initiate recommendation scans for a list of hosts by id
dsm.host_recommendation_scan([11, 12, 14])

# Immediately initiates the fetch of events from hosts identified by IDs. does not retrieve events
dsm.host_getevents_now(11)

# retrieve all hosts
hosts = dsm.host_retrieve_all()

# retrieve antimalware events for a specific host
am_events = dsm.antimalware_event_retrieve(host_id=11, host_type="SPECIFIC_HOST", time_type="LAST_24_HOURS")

# end dsm session
dsm.end_session()