duplicate_exclusions_list's Introduction

Setup

Update your .env file with CLIENT_ID and API_KEY for SecureX from here: https://developer.cisco.com/docs/secure-endpoint/#!authentication/3-generate-securex-api-access-token

NOTE: The Event:Read scope is required for this script to function.

Also add CLOUD = (NAM, EU, APJC)

Example .env:

CLIENT_ID="client-abcde"
API_KEY="supersecretapikey"
CLOUD="NAM"

Requirements

Python version 3.5+

Go through the Authentication instructions for SecureX to integrate Secure Endpoint and create an API Client.

NOTE: The Secure Endpoints integration API key requires a read/write scope for this script to function.

Install python requirements:

pip install requests
pip install python-dotenv

Limitations

Current API calls prevent duplicating Threat type exclusions. If you have any of those in your exclusions list, you will need to manually duplicate those exclusions.

Usage

When you first run the script you'll get authenticated and then presented with a list of organizations you belong to.

Which organization would you like to list exclusions from?
[1] - Org 1
[2] - Org 2
[3] - Org 3
Input a number listed above:

Choose a number from the list and you'll be presented with a list of exclusion sets for that organization and an option to export all lists.

Which exclusion set would you like to duplicate?
[1] - List
[2] - Another list
[3] - Yet Another list
[4] - Oh Look another list
Input a number listed above:

Next you will see output regarding the progress of the exclusion list duplication.

Created new exclusion set. Another list - Copy
Added ioc exclusion to exclusion set.
Added fileExtension exclusion to exclusion set.
Added process exclusion to exclusion set.
Added process exclusion to exclusion set.
Added process exclusion to exclusion set.
Added process exclusion to exclusion set.
Added process exclusion to exclusion set.
Added process exclusion to exclusion set.
Added path exclusion to exclusion set.
Added path exclusion to exclusion set.
Added path exclusion to exclusion set.
Added process exclusion to exclusion set.
Added process exclusion to exclusion set.
Added executable exclusion to exclusion set.
Duplication process Completed.

duplicate_exclusions_list's People

Contributors

Watchers

duplicate_exclusions_list's Issues

Make authentication functions a separate class

Make authentication functions a separate class to facilitate use in other scripts.

Change env to have CLOUD options

CLIENT_ID = ""
API_KEY = ""

# If you're using NAM cloud, uncomment the following line.
#CLOUD = "NAM"

# If you're using EU cloud, uncomment the following line.
#CLOUD = "EU"

# If you're using APJC cloud, uncomment the following line.
#CLOUD = "APJC

Add a total count at the end of processing

To show how many exclusions were processed to the new list, add a count at the end like this:

Total Exclusions Processed: 71
Process: 52
Path: 12
Executable: 2
File Extension: 3
IOC: 2
Threat: 0

Recommend Projects

mafranks / duplicate_exclusions_list Goto Github PK

duplicate_exclusions_list's Introduction

Setup

Requirements

Limitations

Usage

duplicate_exclusions_list's People

Contributors

Watchers

duplicate_exclusions_list's Issues

Make authentication functions a separate class

Change env to have CLOUD options

Add a total count at the end of processing

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent