SDK to download the Netskope Events
Project description
Netskope SDK
Neskope SDK is Python library for dealing with API's to download the Netskope events.
Installation
Use the package manager pip to install NetskopeSDK.
pip install netskopesdk
Rest sdk Usage to pull the Alert & Events
from netskope_api.iterator.netskope_iterator import NetskopeIterator
from netskope_api.iterator.const import Const
from requests.exceptions import RequestException
import time
# Construct the params dict to pass the authentication details
params = {
Const.NSKP_TOKEN : "<REST-API-TOKEN>",
Const.NSKP_TENANT_HOSTNAME : "<HOSTNAME>",
# Optional param to pass the proxy hosts.
Const.NSKP_PROXIES : {"<PROXY-HOSTS>"},
Const.NSKP_EVENT_TYPE : "<EVENT-TYPE>",
Const.NSKP_ITERATOR_NAME : "<ITERATOR-NAME>",
Const.NSKP_USER_AGENT : "<SPLUNK-TENANT-HOSTNAME>"
# To query specific alert pass the NSKP_EVENT_TYPE as "alert" and the alert type.
# Const.NSKP_EVENT_TYPE : Const.EVENT_TYPE_ALERT,
# Const.NSKP_ALERT_TYPE : Const.ALERT_TYPE_DLP
}
DEFAULT_WAIT_TIME = 30
RESULT = "result"
WAIT_TIME = "wait_time"
# Create an Iterator
iterator = NetskopeIterator(params)
# Use the next() iterator to download the logs.
# Consume the message indefinitely in a loop and ingest the data to SIEM
while True:
response = (iterator.next())
try:
if response:
data = response.json()
if RESULT in data and len(data[RESULT]) != 0:
# processData()
# sleep() the thread to avoid constant polling
if WAIT_TIME in data:
time.sleep(data[WAIT_TIME])
else:
time.sleep(DEFAULT_WAIT_TIME)
else:
print("No response received from the iterator")
time.sleep(DEFAULT_WAIT_TIME)
except Exception as e:
time.sleep(DEFAULT_WAIT_TIME)
raise RequestException(e)
Rest sdk Usage to retrieve tokens used for subscribing to transaction events from PSL.
from requests.exceptions import RequestException
from netskope_api.iterator.const import Const
from netskope_api.token_management.netskope_management import NetskopeTokenManagement
if __name__ == '__main__':
params = {
Const.NSKP_TOKEN: "",
Const.NSKP_TENANT_HOSTNAME: "<HOSTNAME>",
# Optional param to pass the proxy hosts.
Const.NSKP_PROXIES : {"<PROXY-HOSTS>"}
}
sub_path_response = None
sub_key_response = None
try:
# Create token_management client
token_management = NetskopeTokenManagement(params)
token_management_response = token_management.get()
if token_management_response:
if "subscription" in token_management_response:
sub_path_response = token_management_response["subscription"]
if "subscription-key" in token_management_response:
sub_key_response = token_management_response["subscription-key"]
except Exception as e:
raise RequestException(e)
1. 200 response code means Customer is authorized to create/get subscription key and path.
2. 401 response code means Customer is not authorized to create/get subscription key and path.
This is a licensed feature, please contact Netskope support to purchase.
3. 403 response code means Netskope token used is not valid. Token is either expired or invalid.
When to use regenerate_and_get() API.
regenerate_and_get() API should only be used if google-cloud-pubsublite throws 401 invalid credentials exception
while using subscription key and path retrieved by using Netskope API.
Example error:
google.api_core.exceptions.Unauthenticated: 401 Request had invalid authentication credentials
grpc.aio._call.AioRpcError: <AioRpcError of RPC that terminated with:
status = StatusCode.UNAUTHENTICATED
details = "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential.
Regenerating subscription key will invalidate the existing key but subscription path will not be updated
so that clients can continue consuming events where they left off.
Note: Regenerating subscription key will invalidate the existing key.
from requests.exceptions import RequestException
from netskope_api.iterator.const import Const
from netskope_api.token_management.netskope_management import NetskopeTokenManagement
if __name__ == '__main__':
params = {
Const.NSKP_TOKEN: "",
Const.NSKP_TENANT_HOSTNAME: "<HOSTNAME>",
# Optional param to pass the proxy hosts.
Const.NSKP_PROXIES : {"<PROXY-HOSTS>"}
}
sub_path_response = None
sub_key_response = None
try:
# Create token_management client
token_management = NetskopeTokenManagement(params)
token_management_response = token_management.regenerate_and_get()
if token_management_response:
if "subscription" in token_management_response:
sub_path_response = token_management_response["subscription"]
if "subscription-key" in token_management_response:
sub_key_response = token_management_response["subscription-key"]
except Exception as e:
raise RequestException(e)
Example usage of web txn tokens using Pubsublite client library
Please install Pubsublite client library if not present.
pip install google-cloud-pubsublite
import concurrent.futures
import logging
import os
from concurrent.futures._base import TimeoutError
from google.cloud.pubsublite.cloudpubsub import SubscriberClient
from google.cloud.pubsublite.types import FlowControlSettings, MessageMetadata
from google.pubsub_v1 import PubsubMessage
from requests.exceptions import RequestException
from netskope_api.iterator.const import Const
from netskope_api.token_management.netskope_management import NetskopeTokenManagement
_logger = logging.getLogger()
def callback(message: PubsubMessage):
message_data = message.data.decode("utf-8")
metadata = MessageMetadata.decode(message.message_id)
_logger.info(
f"Received {message_data} of ordering key {message.ordering_key} with id {metadata}."
)
message.ack()
class PSLSubscriberClient:
def __init__(self):
configs = {
"messages_outstanding": 1000,
"bytes_outstanding": 3.5 * 1024 * 1024,
"timeout": 60,
"thread_count": 1
}
self.configs = configs
def make_default_thread_pool_executor(self):
return concurrent.futures.ThreadPoolExecutor(self.configs.get("thread_count"))
def stream(self, subscription_path):
global streaming_pull_future
per_partition_flow_control_settings = FlowControlSettings(
# Must be >0.
messages_outstanding=self.configs.get("messages_outstanding"),
# Must be greater than the allowed size of the largest message.
bytes_outstanding=self.configs.get("bytes_outstanding"),
)
executor = self.make_default_thread_pool_executor()
with SubscriberClient(executor=executor) as subscriber_client:
_logger.info(
"Listening for messages on the pub sub lite subscription {}".format(subscription_path))
streaming_pull_future = subscriber_client.subscribe(
subscription_path,
callback=callback,
per_partition_flow_control_settings=per_partition_flow_control_settings,
)
try:
timeout = self.configs.get("timeout")
if timeout:
streaming_pull_future.result(timeout=self.configs.get("timeout"))
else:
streaming_pull_future.result()
except TimeoutError or KeyboardInterrupt:
streaming_pull_future.cancel()
assert streaming_pull_future.done()
if __name__ == '__main__':
params = {
Const.NSKP_TOKEN: "",
Const.NSKP_TENANT_HOSTNAME: "<HOSTNAME>",
# Optional param to pass the proxy hosts.
Const.NSKP_PROXIES : {"<PROXY-HOSTS>"}
}
sub_path_response = None
sub_key_response = None
try:
# Create token_management client
token_management = NetskopeTokenManagement(params)
token_management_response = token_management.get()
if token_management_response:
if "subscription" in token_management_response:
sub_path_response = token_management_response["subscription"]
if "subscription-key" in token_management_response:
sub_key_response = token_management_response["subscription-key"]
except Exception as e:
raise RequestException(e)
os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = sub_key_response
psl_client = PSLSubscriberClient()
psl_client.stream(subscription_path=sub_path_response)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
netskopesdk-0.0.32.tar.gz
(11.6 kB
view details)
Built Distribution
File details
Details for the file netskopesdk-0.0.32.tar.gz.
File metadata
- Download URL: netskopesdk-0.0.32.tar.gz
- Upload date:
- Size: 11.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.8.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 62652b5127f5ff09e596c23635af53d98eb182a4763288bb27b26cf9b31b3c03 |
|
| MD5 | 1c54d973c79305d795626f7b37965f30 |
|
| BLAKE2b-256 | 357fe9e2cbfc67a0a30bd842ae08887778b748b447881fcc7454ff5d43ab3e47 |
Provenance
File details
Details for the file netskopesdk-0.0.32-py3-none-any.whl.
File metadata
- Download URL: netskopesdk-0.0.32-py3-none-any.whl
- Upload date:
- Size: 12.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.8.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | d10ecd0008b2f74a23dfa5a20689afbd463d9edd4710bf39b238bfb6f5e1f00e |
|
| MD5 | 312afe43b3e579882dee4ab3b27d1a13 |
|
| BLAKE2b-256 | dfaa3952014b621a1c097d392658506656b4eef0d7683594ffa37b0ee9c9a723 |
