Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import jwt # PyJWT version 1.5.3 as of the time of authoring.
- import uuid
- import requests # requests version 2.18.4 as of the time of authoring.
- import json
- from datetime import datetime, timedelta
- import api_utils
- import pdb
- # 30 minutes from now
- timeout = 1800
- now = datetime.utcnow()
- timeout_datetime = now + timedelta(seconds=timeout)
- epoch_time = int((now - datetime(1970, 1, 1)).total_seconds())
- epoch_timeout = int((timeout_datetime - datetime(1970, 1, 1)).total_seconds())
- jti_val = str(uuid.uuid4())
- tid_val = "" # The tenant's unique identifier.
- app_id = "" # The application's unique identifier.
- app_secret = "" # The application's secret to sign the auth token with.
- AUTH_URL = "https://protectapi.cylance.com/auth/v2/token"
- claims = {
- "exp": epoch_timeout,
- "iat": epoch_time,
- "iss": "http://cylance.com",
- "sub": app_id,
- "tid": tid_val,
- "jti": jti_val
- # The following is optional and is being noted here as an example on how one can restrict
- # the list of scopes being requested
- # "scp": "policy:create, policy:list, policy:read, policy:update"
- }
- encoded = jwt.encode(claims, app_secret, algorithm='HS256')
- print "auth_token:\n" + encoded + "\n"
- payload = {"auth_token": encoded}
- headers = {"Content-Type": "application/json; charset=utf-8"}
- resp = requests.post(AUTH_URL, headers=headers, data=json.dumps(payload))
- print "http_status_code: " + str(resp.status_code)
- print "access_token:\n" + json.loads(resp.text)['access_token'] + "\n"
- #now testing getting info on a certain device to find download source of quarentined file
- url = "https://protectapi.cylance.com/devices/v2/macaddress/mymacaddress"
- headers = {
- 'Accept': "application/json",
- 'Authorization': "Bearer "+json.loads(resp.text)['access_token'],
- 'User-Agent': "PostmanRuntime/7.15.0",
- 'Cache-Control': "no-cache",
- 'Postman-Token': "",
- 'Host': "protectapi.cylance.com",
- 'accept-encoding': "gzip, deflate",
- 'Connection': "keep-alive",
- 'cache-control': "no-cache"
- }
- response = requests.request("GET", url, headers=headers)
- print response.text
- #testing to get file name that caused the threat
- #first request focus view data bc I think that will help
- #requesting the focus view list
- # focus_view_list_url = "https://protectapi.cylance.com/foci/v2?page=1&page_size=100"
- # focus_view_list_response = requests.request("GET",focus_view_list_url,headers=headers)
- # pdb.set_trace()
- # print focus_view_list_response.text
- #testing getting threat filepaths from windows machine
- #my own function that gets the filepaths of all the threats on a machine
- threat_filepaths = api_utils.get_threat_filepaths_windows('deviceid',headers)
- print threat_filepaths
- #protect ids contain dashes, optics ids dont
- device_optics_id = api_utils.conv_protect_to_optics_id('protect_id_format')
- print device_optics_id
- pdb.set_trace()
- #first get the list of pakcages, pick one package, and then deploy
- # response = requests.request("GET","https://protectapi.cylance.com/packages/v2?page=1&page_size=100&status=success", headers=headers)
- # pdb.set_trace()
- #in order to get package via the console. inspect element, network tab(no filtering, select all urls), reload page, then pick packages one
- #testing package execution using the api
- package_exec_headers = {
- 'Accept': "application/json",
- 'Authorization': "Bearer "+json.loads(resp.text)['access_token'],
- 'User-Agent': "PostmanRuntime/7.15.0",
- 'Cache-Control': "no-cache",
- 'Postman-Token': "",
- 'Host': "protectapi.cylance.com",
- 'accept-encoding': "gzip, deflate",
- 'Connection': "keep-alive",
- 'cache-control': "no-cache",
- }
- package_data = {"execution": {
- "name": "Package Execution",
- "target": {
- "devices": [device_optics_id]
- },
- "destination": "",
- "packageExecutions": [
- {
- "arguments": [
- "-threat_filename "+str(threat_filepaths[0])
- ],
- "package": "download url"
- }
- ],
- "keepResultsLocally": True
- }}
- package_data = json.dumps(package_data)
- package_exec_url = 'https://protectapi.cylance.com/packages/v2/executions/'
- package_response = requests.request("POST",package_exec_url,headers=headers,data=package_data)
- print package_response.text
- print package_response
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement