Security Manager API
Project description
Python library for FireMon APIs
Developed using Python 3.8.0 and requests 2.20.1
Table of Contents
- About The Project
- Setup
- Dependencies
- Policy Planner Usage
- Security Manager Usage
- Policy Optimizer Usage
- Orchestration API Usage
- Project Structure
- Flow of Execution
- License
About The Project
This library/project is created to jumpstart your Orchestration API, Policy planner API, Security Manager API, or Policy Optimizer API projects.
Setup
Setup - PyPi Install:
- To install the library, run the following command from the terminal.
pip install security-manager-apis
Setup - PyPi Upgrade:
To upgrade the library, run the following command from the terminal.
pip install --upgrade security-manager-apis
pip install -e .
If you don't plan to make any modifications to the project but still want to use it across your different projects, then do a local install.
pip install .
This will install all the dependencies listed in the setup.py
file. Once done
you can use the library wherever you want.
Dependencies
Pre-requisite - Python 3.6 or greater version should be installed on your machine.
Upgrade pip on Mac:
- NOTE : This is important because, apparently, some Mac apps rely on Python 2 version, so if you attempt to upgrade the Python 2.x to Python 3.x on Mac OS, you will eventually break some apps, perhaps critical apps. With that in mind, you should not attempt to upgrade the current preinstalled Python release on the Mac; instead, you will just have the co-installation of Python 3 for full compatibility.
brew install python3
Upgrade pip on Windows:
python -m pip install --upgrade pip
Policy Planner Usage
Initializing a Policy Planner Class
from security_manager_apis import policy_planner
policyplan = policy_planner.PolicyPlannerApis(host: str, username: str, password: str, verify_ssl: bool, domain_id: str, workflow_name: str, suppress_ssl_warning: bool)
- host: Pointing to your FireMon server.
- username: The username that would be used to create the API connection to FireMon.
- password: The API password for the given user.
- domain_id: The Domain ID for the targeted workflow.
- workflow_name: The name of the targeted workflow.
- verify_ssl: Enabled by default. If you are running demo/test environment, good chance you'll need to set this one to
False
. - suppress_ssl_warning: Set to False by default. Will supress any SSL warnings when set to
True
.
Create a Policy Planner Ticket
policyplan.create_pp_ticket(request_body: dict)
- request_body: JSON of ticket to be created.
Request JSON Example:
{
"variables": {
"summary": "string",
"businessNeed": "string",
"priority": "string",
"dueDate": "YYYY-MM-DD HH:MM:SS",
"applicationName": "string",
"customer": "string",
"externalTicketId": "string",
"notes": "string",
"requesterName": "string",
"requesterEmail": "string",
"applicationOwner": "string",
"carbonCopy": [
"string",
"string"
]
},
"policyPlanRequirements": [
{
"sources": [
"string",
"string"
],
"destinations": [
"string",
"string"
],
"action": "string",
"services": [
"string",
"string"
],
"requirementType": "string",
"childKey": "string",
"variables": {}
}
]
}
Update a Policy Planner Ticket
policyplan.update_pp_ticket(ticket_id: str, request_body: dict)
- ticket_id: ID of ticket to be updated.
- request_body: JSON of updates to apply to the ticket.
Request JSON Example:
{
"variables": {
"summary": "string"
}
}
Querying for Policy Planner Tickets
policyplan.siql_query_pp_ticket(siql_query: str, page_size: int)
- siql_query: SIQL Query to use in search.
- page_size: Number of results to return.
Retrieving a Policy Planner Ticket
policyplan.pull_pp_ticket(ticket_id: str)
- ticket_id: ID of ticket to be retrieved.
Assigning a Policy Planner Ticket
policyplan.assign_pp_ticket(ticket_id: str, user_id: str)
- ticket_id: ID of ticket to assign user to.
- user_id: ID of user to be assigned.
Adding a Requirement to a Policy Planner Ticket
policyplan.add_req_pp_ticket(ticket_id: str, req_json: dict)
- ticket_id: ID of ticket to add requirement to.
- req_json: JSON of requirement to be added.
Requirement JSON Example:
{
"requirements":[
{
"requirementType":"RULE",
"changes":[],
"childKey":"add_access",
"variables":{
"expiration":"2022-001-01T00:00:00+0000"
},
"destinations":[
"10.1.1.1/24"
],
"services":[
"tcp/22"
],
"sources":[
"10.0.0.0/24"
],
"action":"ACCEPT"
}
]
}
Completing a Policy Planner Ticket Task
policyplan.complete_task_pp_ticket(ticket_id: str, button_action: str)
- ticket_id: ID of ticket to add requirement to.
- button_action: Button value, options are: submit, complete, autoDesign, verify, approved, rejected
Running PCA for a Policy Planner Ticket
policyplan.run_pca(ticket_id: str, control_types: str, enable_risk_sa: str)
- ticket_id: ID of ticket to run PCA on.
- control_types: Control types as string array. Options: ALLOWED_SERVICES, CHANGE_WINDOW_VIOLATION, DEVICE_ACCESS_ANALYSIS, DEVICE_PROPERTY, DEVICE_STATUS, NETWORK_ACCESS_ANALYSIS, REGEX, REGEX_MULITPATTERN, RULE_SEARCH, RULE_USAGE, SERVICE_RISK_ANALYSIS, ZONE_MATRIX, ZONE_BASED_RULE_SEARCH
- enable_risk_sa: true or false
Adding Attachment to a Policy Planner Ticket
policyplan.add_attachment(ticket_id: str, file_name: str, f, description: str):
- ticket_id: ID of ticket to add attachment to.
- filename: File name of attachment.
- f: file stream.
- description: Description of file.
Adding Attachment Code Example:
file_name = "test_file.txt"
with open(file_name) as f:
policyplan.add_attachment('38', file_name, f, 'test upload')
Uploading Requirements via CSV to Policy Planner Ticket
policyplan.csv_req_upload(ticket_id: str, file_name: str, f):
- ticket_id: ID of ticket to add attachment to.
- filename: File name of attachment.
- f: file stream.
Uploading Requirements via CSV Code Example:
file_name = "test_req.csv"
with open(file_name) as f:
policyplan.csv_req_upload('1', file_name, f)
Retrieving Requirements from a Policy Planner Ticket
policyplan.get_reqs(ticket_id: str)
- ticket_id: ID of ticket to retrieve requirements from.
Deleting Requirements from a Policy Planner Ticket
policyplan.del_all_reqs(ticket_id: str)
- ticket_id: ID of ticket to delete requirements from.
Approving Requirement in a Policy Planner Ticket
policyplan.approve_req(ticket_id: str, req_id: str)
- ticket_id: ID of ticket that the requirement is tied to.
- req_id: ID of requiremnt to approve.
Add Comment to Policy Planner Ticket
policyplan.add_comment(ticket_id: str, comment: str)
- ticket_id: ID of ticket to add comment to.
- comment: Content of comment.
Retrieve All Policy Planner Ticket Comments
policyplan.get_comments(ticket_id: str)
- ticket_id: ID of ticket to retrieve comments from.
Delete Comment from Policy Planner Ticket
policyplan.del_comment(ticket_id: str, comment_id: str)
- ticket_id: ID of ticket to delete comment from.
- comment_id: ID of comment to delete.
Security Manager Usage
Initializing a Security Manager Class
from security_manager_apis import security_manager
securitymanager = security_manager.SecurityManagerApis(host: str, username: str, password: str, verify_ssl: bool, domain_id: str, suppress_ssl_warning: bool)
- host: Pointing to your FireMon server.
- username: The username that would be used to create the API connection to FireMon.
- password: The API password for the given user.
- verify_ssl: Enabled by default. If you are running demo/test environment, good chance you'll need to set this one to
False
. - domain_id: The Domain ID for the targeted workflow.
- suppress_ssl_warning: Set to False by default. Will supress any SSL warnings when set to
True
.
Get List of Devices in Security Manager
securitymanager.get_devices()
Manual Device Retrieval
securitymanager.manual_device_retrieval(device_id: str)
- device_id: ID of device to retrieve.
Adding a Supplemental Route
securitymanager.add_supp_route(device_id: str, supplemental_route: dict)
- device_id: ID of device to retrieve.
- supplemental_route: JSON of supplemental route.
Supplemental Route JSON Example
{
"destination": "10.0.0.25",
"deviceId": "2",
"drop": false,
"gateway": "10.0.0.26",
"interfaceName": "port1",
"metric": 3
}
Bulk Adding Supplemental Route via Text File
securitymanager.bulk_add_supp_route(f)
- f: File stream.
Supplemental Route Text File Example
deviceId,interfaceName,destination,gateway,virtualRouter,nextVirtualRouter,metric,drop
2,port1,10.0.0.25,10.0.0.26,,,4,true
2,,10.0.0.25,10.0.0.26,Default,Default,4,true
Note: The first line of this file will not be processed, it serves as an informational header.
Supplemental Route Bulk Upload Code Example
with open('supp_route.txt') as f:
securitymanager.bulk_add_supp_route(f)
f.close()
Security Manager SIQL Query
securitymanager.siql_query(query_type: str, query: str, page_size: int)
- query_type: What type of object to query. Options: secrule, policy, serviceobj, networkobj
- device_id: Device ID
- page_size: Number of results to return
Search for Device Zones
securitymanager.zone_search(device_id: str, page_size: int)
- device_id: Device ID
- page_size: Number of results to return
Retrieve Firewall Object
securitymanager.get_fw_obj(obj_type: str, device_id: str, match_id: str)
- obj_type: Type of firewall object. Options: NETWORK, SERVICE, ZONE, APP, PROFILE, SCHEDULE, URL_MATCHER, USER
- device_id: Device ID
- match_id: Match ID of targeted object
Retrieve Device Object
securitymanager.get_device_obj(device_id: str)
- device_id: Device ID
Retrieve Rule Documentation
securitymanager.get_rule_doc(device_id: str, rule_id: str)
- device_id: Device ID
- rule_id: Rule ID
Update Rule Documentation
securitymanager.update_rule_doc(device_id: str, rule_doc: dict)
- device_id: Device ID
- rule_doc: Rule documentation JSON
Rule Doc JSON Example:
{
"ruleId":"16959bc0-b9f7-436b-9851-aac6f3d98963",
"deviceId":3,
"props":[
{
"ruleId":"16959bc0-b9f7-436b-9851-aac6f3d98963",
"ruleCustomPropertyDefinition":{
"id":1,
"customPropertyDefinition":{
"id":1,
"name":"Business Justification",
"key":"business_justification",
"type":"STRING_ARRAY",
"filterable":true,
"inheritFromMgmtStation":false
},
"name":"Business Justification",
"key":"business_justification",
"type":"STRING_ARRAY"
},
"customProperty":{
"id":1,
"name":"Business Justification",
"key":"business_justification",
"type":"STRING_ARRAY",
"filterable":true,
"inheritFromMgmtStation":false
},
"stringarray": ["test update"]
}
]
}
Policy Optimizer Usage
Initializing a Policy Optimizer Class
from security_manager_apis import policy_optimizer
policyoptimizer = policy_optimizer.PolicyOptimizerApis(host: str, username: str, password: str, verify_ssl: bool, domain_id: str, workflow_name: str, suppress_ssl_warning: bool)
- host: Pointing to your FireMon server.
- username: The username that would be used to create the API connection to FireMon.
- password: The API password for the given user.
- verify_ssl: Enabled by default. If you are running demo/test environment, good chance you'll need to set this one to
False
. - domain_id: The Domain ID for the targeted workflow.
- workflow_name: The name of the targeted workflow.
- suppress_ssl_warning: Set to False by default. Will supress any SSL warnings when set to
True
.
Create a Policy Optimizer Ticket
policyoptimizer.create_pp_ticket(request_body: dict)
- request_body: JSON of ticket to be created.
Request JSON Example:
{
"deviceId": 1,
"policyId": "62c7344a-31b9-40a6-8e7e-0c9cd6407fbe",
"ruleId": "16959bc0-b9f7-436b-9851-aac6f3d98963"
}
Retrieve Policy Optimizer Ticket JSON
policyoptimizer.get_po_ticket(ticket_id: str)
- ticket_id: ID of ticket to be retrieved.
Assign Policy Optimizer Ticket to User
policyoptimizer.assign_po_ticket(ticket_id: str, user_id: str)
- ticket_id: ID of ticket to assign user to.
- user_id: ID of User to be assigned.
Orchestration API Usage
Initializing an Orchestration API Class
from security_manager_apis import orchestration_apis
orchestration = orchestration_apis.OrchestrationApis(host: str, username: str, password: str, verify_ssl: bool, domain_id: str, suppress_ssl_warning=False)
- host: Pointing to your FireMon server.
- username: The username that would be used to create the API connection to FireMon.
- password: The API password for the given user.
- verify_ssl: Enabled by default. If you are running demo/test environment, good chance you'll need to set this one to
False
. - domain_id: The Domain ID for the targeted workflow.
- suppress_ssl_warning: Set to False by default. Will supress any SSL warnings when set to
True
.
Running Rule Recommendation
orchestration.rulerec_api(params: dict, req_json: dict)
- params: Parameters to use for recommendation.
- req_json: JSON of requirements to provide recommendation for.
Parameters Example
parameters = {'deviceGroupId': 1, 'addressMatchingStrategy': 'INTERSECTS', 'modifyBehavior': 'MODIFY', 'strategy': None}
Requirements Example
{
"requirements":[
{
"requirementType":"RULE",
"changes":[],
"childKey":"add_access",
"variables":{
"expiration":"2022-001-01T00:00:00+0000"
},
"destinations":[
"10.1.1.1/24"
],
"services":[
"tcp/22"
],
"sources":[
"10.0.0.0/24"
],
"action":"ACCEPT"
}
]
}
Running Pre-Change Assessment
orchestration.pca_api(device_id: str, req_json: dict)
- device_id: ID of device to use when running Pre-Change Assessment.
- req_json: JSON of requirements to provide recommendation for.
Requirements Example
{
"requirements":[
{
"requirementType":"RULE",
"changes":[],
"childKey":"add_access",
"variables":{
"expiration":"2022-001-01T00:00:00+0000"
},
"destinations":[
"10.1.1.1/24"
],
"services":[
"tcp/22"
],
"sources":[
"10.0.0.0/24"
],
"action":"ACCEPT"
}
]
}
Project Structure
application.properties
- All the required URLS are placed here.get_properties_data.py
- Read the properties file data and returns a parserpolicy_planner.py
- Class to use Policy Planner APIssecurity_manager.py
- Class to use Security Manager APIspolicy_optimizer.py
- Class to use Policy Optimizer APIsorchestration_apis.py
- Class to use Crchestration APIs
Flow of Execution
As soon as you execute the command to run this library, Authentication class will be called which will internally call get_auth_token() of authentication_api.py
from authenticate_user
module only once and
auth token will be set in the headers.
Then we pass headers to the HTTP requests so that user should get authenticated and can access the endpoints safely.
License
MIT.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for security-manager-apis-0.2.1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | ced5139259835485c3e285dac85528f01f2f0e5a4775f19c020e9f910d54eca8 |
|
MD5 | cf300b77c19b04471967caca2740d27b |
|
BLAKE2b-256 | 20fa5233f36e719a725fdf385d91001bbf3df3aa29e2749d95c1683603da6fd5 |
Hashes for security_manager_apis-0.2.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5d35cb74e9e0b16b59b81989487697a301498fd051cd2ab1f9dca922050cd0b3 |
|
MD5 | 78547f76bf846f761ca70f55e3699943 |
|
BLAKE2b-256 | fe1b0e15c583184ed2ae436f05e0f2c481c171b654880ac41ac77e2170ccdfb4 |