Skip to content

Instantly share code, notes, and snippets.

@noahbliss
Last active January 6, 2021 16:50
Show Gist options
  • Save noahbliss/d781a6cdbd8927e3ae58ed3d52ab6c3f to your computer and use it in GitHub Desktop.
Save noahbliss/d781a6cdbd8927e3ae58ed3d52ab6c3f to your computer and use it in GitHub Desktop.
Reference TrendMicro API client written in Julia
#!/usr/bin/env julia
# Noah Bliss - 2020-1-6
using HTTP
using JSON
using JSONWebTokens
using Dates
using SHA
using Base64
# These will stay the same for your tenant. See below for more vars you need to fill.
app_id = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
api_key = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
url_base = "https://xxxxxx.manage.trendmicro.com"
function create_checksum(http_method, raw_url, headers, request_body)
string_to_hash = "$(uppercase(http_method))|$(lowercase(raw_url))|$headers|$request_body"
base64_string = base64encode(sha256(string_to_hash))
return base64_string
end
function create_jwt_token(app_id, api_key, http_method, raw_url, headers, request_body)
iat=Int(floor(datetime2unix(Dates.now(UTC))))
version="V1"
checksum = create_checksum(http_method, raw_url, headers, request_body)
payload = json(Dict("appid" => app_id,
"iat" => iat,
"version" => version,
"checksum" => checksum))
encoding = JSONWebTokens.HS256(api_key)
token = JSONWebTokens.encode(encoding, payload)
return token
end
# productAgentAPIPath needs to be set depending on what you're trying to do.
canonicalRequestHeaders = ""
useQueryString = ""
productAgentAPIPath = "/WebApp/API/AgentResource/ProductAgents"
# If you want to interate over multiple machines, etc. I'd make this next area into a function.
# Details of your action. This uninstalls the agent on ComputerNameHere.
useRequestBody = json(Dict(
"host_name" => "ComputerNameHere",
"act" => "cmd_uninstall_agent",
"allow_multiple_match" => false
))
# Actually do the request: generate jwt, and post it.
jwt_token = create_jwt_token(app_id, api_key, "POST", "$productAgentAPIPath$useQueryString", canonicalRequestHeaders, useRequestBody)
headers = ["Authorization" => "Bearer $jwt_token", "Content-Type" => "application/json;charset=utf-8"]
response = HTTP.request("POST", "$url_base$productAgentAPIPath$useQueryString", headers, useRequestBody; require_ssl_verification = true)
response.status == 200 && println("Success")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment