API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 22nd, 2019
129
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.23 KB | None | 0 0
raw download clone embed print report
  1. import jwt # PyJWT version 1.5.3 as of the time of authoring.
  2. import uuid
  3. import requests # requests version 2.18.4 as of the time of authoring.
  4. import json
  5. from datetime import datetime, timedelta
  6. import api_utils
  7. import pdb
  8. # 30 minutes from now
  9. timeout = 1800
  10. now = datetime.utcnow()
  11. timeout_datetime = now + timedelta(seconds=timeout)
  12. epoch_time = int((now - datetime(1970, 1, 1)).total_seconds())
  13. epoch_timeout = int((timeout_datetime - datetime(1970, 1, 1)).total_seconds())
  14. jti_val = str(uuid.uuid4())
  15. tid_val = "" # The tenant's unique identifier.
  16. app_id = "" # The application's unique identifier.
  17. app_secret = "" # The application's secret to sign the auth token with.
  18. AUTH_URL = "https://protectapi.cylance.com/auth/v2/token"
  19. claims = {
  20. "exp": epoch_timeout,
  21. "iat": epoch_time,
  22. "iss": "http://cylance.com",
  23. "sub": app_id,
  24. "tid": tid_val,
  25. "jti": jti_val
  26. # The following is optional and is being noted here as an example on how one can restrict
  27. # the list of scopes being requested
  28. # "scp": "policy:create, policy:list, policy:read, policy:update"
  29. }
  30. encoded = jwt.encode(claims, app_secret, algorithm='HS256')
  31. print "auth_token:\n" + encoded + "\n"
  32. payload = {"auth_token": encoded}
  33. headers = {"Content-Type": "application/json; charset=utf-8"}
  34. resp = requests.post(AUTH_URL, headers=headers, data=json.dumps(payload))
  35. print "http_status_code: " + str(resp.status_code)
  36. print "access_token:\n" + json.loads(resp.text)['access_token'] + "\n"
  37.  
  38.  
  39. #now testing getting info on a certain device to find download source of quarentined file
  40. url = "https://protectapi.cylance.com/devices/v2/macaddress/mymacaddress"
  41.  
  42. headers = {
  43. 'Accept': "application/json",
  44. 'Authorization': "Bearer "+json.loads(resp.text)['access_token'],
  45. 'User-Agent': "PostmanRuntime/7.15.0",
  46. 'Cache-Control': "no-cache",
  47. 'Postman-Token': "",
  48. 'Host': "protectapi.cylance.com",
  49. 'accept-encoding': "gzip, deflate",
  50. 'Connection': "keep-alive",
  51. 'cache-control': "no-cache"
  52. }
  53.  
  54. response = requests.request("GET", url, headers=headers)
  55. print response.text
  56.  
  57.  
  58. #testing to get file name that caused the threat
  59. #first request focus view data bc I think that will help
  60. #requesting the focus view list
  61. # focus_view_list_url = "https://protectapi.cylance.com/foci/v2?page=1&page_size=100"
  62. # focus_view_list_response = requests.request("GET",focus_view_list_url,headers=headers)
  63. # pdb.set_trace()
  64. # print focus_view_list_response.text
  65.  
  66.  
  67. #testing getting threat filepaths from windows machine
  68. #my own function that gets the filepaths of all the threats on a machine
  69. threat_filepaths = api_utils.get_threat_filepaths_windows('deviceid',headers)
  70. print threat_filepaths
  71.  
  72. #protect ids contain dashes, optics ids dont
  73. device_optics_id = api_utils.conv_protect_to_optics_id('protect_id_format')
  74.  
  75. print device_optics_id
  76. pdb.set_trace()
  77. #first get the list of pakcages, pick one package, and then deploy
  78. # response = requests.request("GET","https://protectapi.cylance.com/packages/v2?page=1&page_size=100&status=success", headers=headers)
  79. # pdb.set_trace()
  80.  
  81. #in order to get package via the console. inspect element, network tab(no filtering, select all urls), reload page, then pick packages one
  82.  
  83. #testing package execution using the api
  84. package_exec_headers = {
  85. 'Accept': "application/json",
  86. 'Authorization': "Bearer "+json.loads(resp.text)['access_token'],
  87. 'User-Agent': "PostmanRuntime/7.15.0",
  88. 'Cache-Control': "no-cache",
  89. 'Postman-Token': "",
  90. 'Host': "protectapi.cylance.com",
  91. 'accept-encoding': "gzip, deflate",
  92. 'Connection': "keep-alive",
  93. 'cache-control': "no-cache",
  94.  
  95. }
  96. package_data = {"execution": {
  97. "name": "Package Execution",
  98. "target": {
  99. "devices": [device_optics_id]
  100. },
  101. "destination": "",
  102. "packageExecutions": [
  103. {
  104. "arguments": [
  105. "-threat_filename "+str(threat_filepaths[0])
  106. ],
  107. "package": "download url"
  108. }
  109. ],
  110. "keepResultsLocally": True
  111. }}
  112. package_data = json.dumps(package_data)
  113. package_exec_url = 'https://protectapi.cylance.com/packages/v2/executions/'
  114. package_response = requests.request("POST",package_exec_url,headers=headers,data=package_data)
  115. print package_response.text
  116. print package_response
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!