def initial_query_service(self) -> QueryService: credentials = Credentials(access_token=self.access_token, verify=self.use_ssl) query_service = QueryService(url=self.api_url, credentials=credentials, trust_env=self.trust_env) return query_service
def query_loggings(query_data): """ This function handles all the querying of Cortex Logging service """ api_url = demisto.getIntegrationContext().get( 'api_url', 'https://api.us.paloaltonetworks.com') credentials = Credentials(access_token=get_access_token(), verify=USE_SSL) logging_service = LoggingService(url=api_url, credentials=credentials) response = logging_service.query(query_data) query_result = response.json() if not response.ok: status_code = query_result.get('statusCode', '') error = query_result.get('error', '') message = query_result.get('payload', {}).get('message', '') raise Exception( f"Error in query to Cortex [{status_code}] - {error}: {message}") try: query_id = query_result[ 'queryId'] # access 'queryId' from 'query' response except Exception as e: raise Exception('Received error %s when querying logs.' % e) poll_params = { # Prepare 'poll' params "maxWaitTime": 3000 # waiting for response up to 3000ms } # we poll the logging service until we have a complete response full_response = logging_service.poll(query_id, 0, poll_params) # delete the query from the service logging_service.delete(query_id) return full_response
def initial_logging_service(): api_url = demisto.getIntegrationContext().get( 'api_url', 'https://api.us.paloaltonetworks.com') credentials = Credentials(access_token=get_access_token(), verify=USE_SSL) logging_service = LoggingService(url=api_url, credentials=credentials) return logging_service
def credentials(options): def write_credentials(c, options): k = 'Credentials.write_credentials' R = options['R'] try: x = c.write_credentials(**R['R2_obj'][k]) except Exception as e: print_exception(k, e) sys.exit(1) print(k, file=sys.stderr) if x is not None: print_response_json(options, k, x) k = 'Credentials' R = options['R'] try: x = Credentials(**R['R0_obj'][k]) except Exception as e: print_exception(k, e) sys.exit(1) setters(options, x) methods(options, x) # XXX pre-dates -m if options['write_credentials']: write_credentials(x, options) return x
def query_loggings(query_data): ''' This function handles all the querying of Cortex Logging service ''' api_url = demisto.getIntegrationContext().get( 'api_url', 'https://api.us.paloaltonetworks.com') credentials = Credentials(access_token=get_access_token()) logging_service = LoggingService(url=api_url, credentials=credentials) query_result = logging_service.query(query_data).json() try: query_id = query_result[ 'queryId'] # access 'queryId' from 'query' response except Exception as e: raise Exception( 'Received error %s when querying logs. Please check if your authentication token is valid' % e) poll_params = { # Prepare 'poll' params "maxWaitTime": 3000 # waiting for response up to 3000ms } # we poll the logging service until we have a complete response full_response = logging_service.poll(query_id, 0, poll_params) # delete the query from the service logging_service.delete(query_id) return full_response
def main(): try: profile = input("PROFILE to remove: ") or None if profile is not None: c = Credentials(profile=profile) if confirm_delete(profile): print("Removing PROFILE '%s'..." % profile) op = c.remove_profile(profile) if len(op) > 0: print("\nPROFILE '%s' successfully removed.\n" % profile) else: print("\nPROFILE '%s' not found.\n" % profile) else: print("\nRemove PROFILE operation aborted.\n") else: print("\nMust specify a PROFILE to remove.\n") except KeyboardInterrupt: print("Exiting...")
def main(): try: print("\nCollecting info needed to generate credentials file...\n") client_id = input("CLIENT_ID: ") client_secret = getpass.getpass(prompt="CLIENT_SECRET: ") refresh_token = getpass.getpass(prompt="REFRESH_TOKEN: ") profile = input("PROFILE [default]: ") or None c = Credentials(client_id=client_id, client_secret=client_secret, refresh_token=refresh_token, profile=profile) if confirm_write(profile): print("Writing credentials file...") c.write_credentials() print("Done!\n") else: print("\nWrite credentials operation aborted.\n") except KeyboardInterrupt: print("Exiting...")
#!/usr/bin/env python from pancloud import LoggingService, Credentials from math import floor from time import time from json import dumps, loads ls = LoggingService(url="https://api.us.paloaltonetworks.com", credentials=Credentials()) q = ls.query({ "query": "select dst, app, misc, name-of-threatid from panw.threat where subtype='wildfire-virus' limit 5", "startTime": 0, # 1970 "endTime": floor(time()), # now "maxWaitTime": 30000 }) print(dumps(loads(q.text), indent=4, sort_keys=True))
#!/usr/bin/env python # -*- coding: utf-8 -*- """Example using shared HTTPClient session.""" import os import sys curpath = os.path.dirname(os.path.abspath(__file__)) sys.path[:0] = [os.path.join(curpath, os.pardir)] from pancloud import HTTPClient, LoggingService, EventService, \ DirectorySyncService, Credentials url = 'https://api.us.paloaltonetworks.com' c = Credentials() session = HTTPClient(url=url, credentials=c) ls = LoggingService(session=session) dss = DirectorySyncService(session=session) es = EventService(session=session) f = es.get_filters('EventFilter') print("\nGET EVENT FILTERS...") print("STATUS_CODE: {}, RESULT: \n\n{}\n".format(f.status_code, f.text)) a = dss.attributes() print("\nGET ATTRIBUTES...") print("STATUS_CODE: {}, RESULT: \n\n{}\n".format(a.status_code, a.text))