A cli tool to migrate Trend Micro Deep Security to the cloud.
Project description
Trend Micro Deep Security Migrator
Moves your existing on-prem DS deployment to CloudOne Workload security. Automatically.
Quickstart
Use the package manager pip to install dsmigrator.
-
Run
pip install dsmigrator
on a machine with access to your DSM. -
Run
dsmg -k
and fill out the credential prompts.
Capabilities
Here's the current feature map of what the tool can migrate:
- Policies
- Policy settings
- Global manager settings
- Anti-Malware Scan Configurations
- IPS, LI, and IM custom rules
- Firewall rules
- Schedules
- Contexts
- IP lists
- MAC lists
- Port lists
- [BETA] Tasks (still quite buggy)
- [BETA] Computer Groups
- Application Control (everything)
- Certificate support for authenticated requests
Known limitations
- Cannot migrate customized IM/LI/IP rules. Another tool will be incoming to help aid a manual process in identifying each rule that has been customized, but they will never migrate automatically due to an API limitation
- Won't migrate cloud accounts. Must be reconfigured/reauthenticated in Cloud One
Usage
Command Reference
Usage: dsmg [OPTIONS]
Moves your on-prem DS deployment to the cloud!
Options:
-ou, --original-url TEXT A resolvable FQDN for the old DSM, with port
number (e.g. https://192.168.1.1:4119)
-oa, --original-api-key TEXT API key for the old DSM with Full Access
permissions
-nu, --new-url TEXT Destination url [default:
https://cloudone.trendmicro.com/]
-coa, --cloud-one-api-key TEXT API key for Cloud One Workload Security with
Full Access permissions
-d, --delete-policies / --keep-policies
Wipes existing policies in Cloud One (not
required, but will give best results)
-t, --tasks (BETA) Enable the task migrator (may be
buggy)
-k, --insecure Suppress the InsecureRequestWarning for
self-signed certificates
-c, --cert TEXT (Optional) Allows the use of a cert file
[default: False]
--help Show this message and exit.
Use Environment Variables
You can optionally use the following environment variables to pass in your credentials:
- ORIGINAL_API_KEY
- ORIGINAL_URL
- CLOUD_ONE_API_KEY
Requirements
- Python3 (only tested on Python 3.7 or greater so far, so your mileage may vary)
- One api key for your old Deep Security Manager with "Full Access" permissions
- One api key for your Cloud One account with "Full Access" permissions
- A resolvable FQDN to your old Deep Security Manager
NOTE: DS Migrator currently only supports migrations from Deep Security 20 and 12.
Contributing
- Run ./dev-setup.sh, which will download nix and nix flakes.
- Run
nix develop
which will download and build dependencies, and drop you in a shell.
(only tested on Arch and Ubuntu so far, so your mileage may vary)
Support
For support, please open an issue on Github.
License
GNU General Public License
GNU General Public License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for dsmigrator-0.4.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f8d07d3bb5eeff8e5751a9d037b7c4c9423fb3a25c4a64a0f62af381c5fd9250 |
|
MD5 | d91859986904c8d829da4856ec5bd0de |
|
BLAKE2b-256 | 0414ae28e2202341c8e665ed180b4adf716d096c2e39bff49173609dbc4741cf |