A cli tool to migrate Trend Micro Deep Security to the cloud.
Project description
Trend Micro Policy Migrator
Moves your existing on-prem Deep Security deployment to CloudOne Workload Security.
Automatically.
TABLE OF CONTENTS
Quickstart
Use the package manager pip to install dsmigrator.
-
Run
pip install dsmigrator
on a machine with access to your DSM. -
Run
dsmg -k
and fill out the credential prompts.
Capabilities
Here's the current feature map of what the tool can migrate:
- Policies
- Policy settings
- Anti-Malware Scan Configurations
- IPS, LI, and IM custom rules
- Firewall rules
- Schedules
- Contexts
- IP lists
- MAC lists
- Port lists
- [BETA] Tasks (still quite buggy)
- [BETA] Computer Groups
- Application Control (everything)
- Self-signed certificate support for authenticated requests
Known limitations
- Cannot migrate customized IM/LI/IP rules. Another tool will be incoming to help aid a manual process in identifying each rule that has been customized, but they will never migrate automatically due to an API limitation
- Won't migrate cloud accounts. Must be reconfigured/reauthenticated in Cloud One
- Doesn't migrate DSM settings, make sure to check these manually.
- Application Control support is not on the roadmap currently. Please open an issue if this is
Usage
Command Reference
Usage: dsmg [OPTIONS]
Moves your on-prem DS deployment to the cloud!
Options:
-ou, --original-url TEXT A resolvable FQDN for the old DSM, with port
number (e.g. https://192.168.1.1:4119/)
-oa, --original-api-key TEXT API key for the old DSM with Full Access
permissions
-nu, --new-url TEXT Destination url [default:
https://cloudone.trendmicro.com/]
-coa, --cloud-one-api-key TEXT API key for Cloud One Workload Security with
Full Access permissions
-d, --delete-policies / --keep-policies
Wipes existing policies in Cloud One (not
required, but will give best results)
-t, --tasks (BETA) Enable the task migrator (may be
buggy)
-k, --insecure Suppress the InsecureRequestWarning for
self-signed certificates
-f, --filter TEXT A list of policy names in form '[name, name,
...]' which are the only ones which will be
transferred.
--help Show this message and exit.
Use Environment Variables
You can optionally use the following environment variables to pass in your credentials:
ORIGINAL_API_KEY
ORIGINAL_URL
CLOUD_ONE_API_KEY
Requirements
- Python3 (only tested on Python 3.7 or greater so far, so your mileage may vary)
- One api key for your old Deep Security Manager with "Full Access" permissions
- One api key for your Cloud One account with "Full Access" permissions
- A resolvable FQDN to your old Deep Security Manager
NOTE: DS Migrator currently only supports migrations from Deep Security 20 and 12.
Contributing
- Run ./dev-setup.sh, which will download nix and nix flakes.
- Run
nix develop
which will download and build dependencies, and drop you in a shell.
Support
For support, please open an issue on Github.
License
GNU General Public License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
dsmigrator-0.5.0.tar.gz
(39.9 kB
view hashes)
Built Distribution
dsmigrator-0.5.0-py3-none-any.whl
(59.0 kB
view hashes)
Close
Hashes for dsmigrator-0.5.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 24bedf1d26f46c369a4c44d161965094f1aeb96cb7b9ef2bd430c06a70235d59 |
|
MD5 | 6586ccbc5557dd6a73879d1fd193881e |
|
BLAKE2b-256 | c887690b66a3b4a0572a750e9046319cb8f07e613ff6694ade001936fcb433f3 |