目录
前言
有时候我们需要在SOAR/SOC中集成对Endpoint protection的控制。
本文将介绍如何用python来调用SEP的API。
环境
- Python 3.6.x
- Symantec Endpoint Protection Manager
- Postman(API测试工具)
根据Symantec SEP的version不同,API亦有V1, V2 的区别。
在测试时发现fingerprint list api v1, v2 差别比较大,以下会详细介绍。
参考链接
- Broadcom - Symantec API
- Broadcom - SEP blacklist API
- https://{SEPM host}:{port}/sepm/restapidocs.html
正文
废话不多说直接上代码…
基础部分
- 导入基础模块
import requests
import json
import logging
import re
# Disable requests' warnings for insecure connections
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
#因为没有SSL verify 会报 warning,很难看,就把它disable了
log = logging.getLogger(__name__)
- 初始类
class SepClient:
def __init__(self, host, port=8446):
self.host = host #SEPM的IP
self.port = port
self.base_url = "https://{0}:{1}".format(self.host, self.port)
self.base_path = "/sepm/api/v1"
self.v2_base_path = "/sepm/api/v2"
self.auth_path = "/sepm/api/v1/identity/authenticate"
self._endpoints = {
"auth": self.auth_path,
"domains": self.base_path+"/domains",
"fingerprints_list_v1": self.base_path+"/policy-objects/fingerprints",
"fingerprints_list_by_id_v1": self.base_path+"/policy-objects/fingerprints/{}",
"fingerprints_list_v2": self.v2_base_path+"/policy-objects/fingerprints",
"fingerprints_list_by_id_v2": self.v2_base_path+"/policy-objects/fingerprints/{}"
}
self._headers = {
"content-type": "application/json", "Authorization": "Bearer {0}".format(self.login("username", "password"))}
- AUTH
(返回一个Token)
def login(self, username, password, domain="Default"):
url = self.base_url + self.auth_path
#username and password in SEPM
json =