Created
June 29, 2016 18:34
-
-
Save jgarman/6c9a007b27b3f6acbe8a82a022c989b5 to your computer and use it in GitHub Desktop.
A small script using the Cb Protection API to mark a specific MD5 as locally approved on a given computer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from cbapi.protection import CbEnterpriseProtectionAPI, FileCatalog, Computer, FileInstance | |
from cbapi.errors import ObjectNotFoundError | |
import sys | |
import time | |
# set up DEBUG logging | |
import logging | |
root = logging.getLogger() | |
root.addHandler(logging.StreamHandler()) | |
logging.getLogger("cbapi").setLevel(logging.INFO) | |
# Connect to the Cb Enterprise Protection server using the "default" credentials in the credential file. | |
# see https://cbapi.readthedocs.io/en/latest/#api-credentials on how to create your credential file. | |
p = CbEnterpriseProtectionAPI() | |
# User inputs MD5 | |
inputHash = raw_input("What is your MD5 file hash: ") | |
fileDetails = p.select(FileCatalog).where("md5:{0}".format(inputHash)).first() | |
if not fileDetails: | |
print("The MD5 hash {0} was not found in the server's FileCatalog".format(inputHash)) | |
sys.exit(1) | |
# empty list of locally approved files | |
waitingForApproval = [] | |
# Asks for computer name to locally approve | |
compName = raw_input("What is the name of the computer you want to locally approve {0} on: ".format(inputHash)) | |
computers = p.select(Computer).where("name:*{0}".format(compName)).and_("deleted:false") | |
if not len(computers): | |
print("The computer named {0} was not found".format(compName)) | |
sys.exit(1) | |
confirmChoice = raw_input("Are you sure you want to LOCALLY APPROVE this file? (y/n) ") | |
if confirmChoice not in ["y", "Y"]: | |
print("Exiting.") | |
sys.exit(2) | |
for computer in computers: | |
fileInstance = p.select(FileInstance)\ | |
.where("fileCatalogId:{0}".format(fileDetails.id))\ | |
.and_("computerId:{0}".format(computer.id)).first() | |
if not fileInstance: | |
print("The computer id {0} did not have an instance of file with MD5 {1}".format(computer.id, inputHash)) | |
continue | |
fileInstance.localState = 2 | |
fileInstance.save() | |
waitingForApproval.append(fileInstance) | |
print("Set MD5 {0} on computer id {1} to local approval".format(inputHash, computer.id)) | |
print("Waiting for changes to take effect...") | |
# wait for all locally approved files to flip on | |
while len(waitingForApproval): | |
fileInstance = waitingForApproval.pop(0) | |
fileInstance.refresh() | |
if fileInstance.localState != 2: | |
waitingForApproval.append(fileInstance) | |
else: | |
print("MD5 {0} on computer id {1} now locally approved".format(inputHash, computer.id)) | |
if len(waitingForApproval): | |
time.sleep(2) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment