def delete_entry_from_intelfeed(api, entry, infile):
"""
Delete entry from Darktrace intelligence feed
:param api: Valid and authenticated Darktrace API object
:type api: Api
:param entry: Entry to delete from Darktrace's intelligence feed
:type entry: String
:param infile: File containing one entry per line for deletion from Darktrace's intelligence feed
:type infile: String
:return: Response message
:rtype: String
"""
if infile:
results = []
with open(infile, 'r') as input_file:
for line in input_file.readlines():
line = line.strip()
if is_valid_ipv4_address(line) or is_valid_domain(line):
results.append({
line: api.post('/intelfeed', postdata={'removeentry': line}, removeentry=line)
})
else:
results.append({
line: 'Not a valid IPv4 address or domain name'
})
return results
if entry:
if is_valid_ipv4_address(entry) or is_valid_domain(entry):
return api.post('/intelfeed', postdata={'removeentry': entry}, removeentry=entry)
return 'Not a valid domain, hostname, ip address or file'
def test_is_valid_ipv4_address():
with pytest.raises(TypeError) as exc_info:
is_valid_ipv4_address(10000000)
assert isinstance(exc_info.value, TypeError)
assert is_valid_ipv4_address('10.0.0.1')
assert not is_valid_ipv4_address('Test')
assert not is_valid_ipv4_address('10.0.0.0/24')
def get_endpoint_details(api, host, infile):
"""
Retrieve details for external IP addresses and hostnames.
:param api: Darktrace API object with initialized config values
:type api: Api
:param host: External hostname to receive details for
:type host: String
:param infile: Input file with an endpoint on each line
:type infile: String
:return: Details for external host
:rtype: Dict or List
"""
if infile:
if not os.path.isfile(infile):
raise click.UsageError('Input file does not exist')
details = []
with open(infile) as input_list:
for line in input_list.readlines():
details.append(api.get('/endpointdetails', additionalinfo='true', devices='true', ip=line.strip()))
return details
if is_valid_ipv4_address(host):
details = api.get('/endpointdetails', additionalinfo='true', devices='true', ip=host)
else:
details = api.get('/endpointdetails', additionalinfo='true', devices='true', hostname=host)
return details
def test_is_valid_ipv4_network():
with pytest.raises(AttributeError) as exc_info:
is_valid_ipv4_network(10000000)
assert isinstance(exc_info.value, AttributeError)
assert is_valid_ipv4_network('10.0.0.0/24')
assert is_valid_ipv4_network('10.0.0.0/24/24')
assert is_valid_ipv4_network('10.0.0.1')
assert not is_valid_ipv4_address('not_a_network')
def endpoint_details(program_state, host, infile, outfile):
"""Returns details for external IP addresses and hostnames."""
if not host and not infile:
raise click.UsageError(
'Missing option "--host" / "-h" or "--infile" / "-i".')
if host and not (is_valid_hostname(host) or is_valid_ipv4_address(host)):
raise click.UsageError('Invalid hostname or IP address')
output = get_endpoint_details(program_state.api, host, infile)
process_output(output, outfile)
def ip_info(program_state, ip_address, days, outfile):
"""
Return device data for this IP address
\b
Arguments:
IP_ADDRESS IP address to search
"""
if not is_valid_ipv4_address(ip_address):
raise click.UsageError('not a valid IP address')
output = get_device_info_by_ip(program_state.api, ip_address, days)
process_output(output, outfile)