Security Manager API
Project description
Python library for FireMon APIs
Developed using Python 3.8.0 and requests 2.20.1
Table of Contents
- About The Project
- Setup
- Dependencies
- Policy Planner Usage
- Security Manager Usage
- Policy Optimizer Usage
- Orchestration API Usage
- Project Structure
- Flow of Execution
- License
About The Project
This library/project is created to jumpstart your Orchestration API, Policy planner API, Security Manager API, or Policy Optimizer API projects.
Setup
Setup - PyPi Install:
- To install the library, run the following command from the terminal.
pip install security-manager-apis
Setup - PyPi Upgrade:
To upgrade the library, run the following command from the terminal.
pip install --upgrade security-manager-apis
pip install -e .
If you don't plan to make any modifications to the project but still want to use it across your different projects, then do a local install.
pip install .
This will install all the dependencies listed in the setup.py file. Once done
you can use the library wherever you want.
Dependencies
Pre-requisite - Python 3.6 or greater version should be installed on your machine.
Upgrade pip on Mac:
- NOTE : This is important because, apparently, some Mac apps rely on Python 2 version, so if you attempt to upgrade the Python 2.x to Python 3.x on Mac OS, you will eventually break some apps, perhaps critical apps. With that in mind, you should not attempt to upgrade the current preinstalled Python release on the Mac; instead, you will just have the co-installation of Python 3 for full compatibility.
brew install python3
Upgrade pip on Windows:
python -m pip install --upgrade pip
Policy Planner Usage
Initializing a Policy Planner Class
from security_manager_apis import policy_planner
policyplan = policy_planner.PolicyPlannerApis(host: str, username: str, password: str, verify_ssl: bool, domain_id: str, workflow_name: str, suppress_ssl_warning: bool)
- host: Pointing to your FireMon server.
- username: The username that would be used to create the API connection to FireMon.
- password: The API password for the given user.
- domain_id: The Domain ID for the targeted workflow.
- workflow_name: The name of the targeted workflow.
- verify_ssl: Enabled by default. If you are running demo/test environment, good chance you'll need to set this one to
False. - suppress_ssl_warning: Set to False by default. Will supress any SSL warnings when set to
True.
Create a Policy Planner Ticket
policyplan.create_pp_ticket(request_body: dict)
- request_body: JSON of ticket to be created.
Request JSON Example:
{
"variables": {
"summary": "string",
"businessNeed": "string",
"priority": "string",
"dueDate": "YYYY-MM-DD HH:MM:SS",
"applicationName": "string",
"customer": "string",
"externalTicketId": "string",
"notes": "string",
"requesterName": "string",
"requesterEmail": "string",
"applicationOwner": "string",
"carbonCopy": [
"string",
"string"
]
},
"policyPlanRequirements": [
{
"sources": [
"string",
"string"
],
"destinations": [
"string",
"string"
],
"action": "string",
"services": [
"string",
"string"
],
"requirementType": "string",
"childKey": "string",
"variables": {}
}
]
}
Update a Policy Planner Ticket
policyplan.update_pp_ticket(ticket_id: str, request_body: dict)
- ticket_id: ID of ticket to be updated.
- request_body: JSON of updates to apply to the ticket.
Request JSON Example:
{
"variables": {
"summary": "string"
}
}
Querying for Policy Planner Tickets
policyplan.siql_query_pp_ticket(siql_query: str, page_size: int)
- siql_query: SIQL Query to use in search.
- page_size: Number of results to return.
Retrieving a Policy Planner Ticket
policyplan.pull_pp_ticket(ticket_id: str)
- ticket_id: ID of ticket to be retrieved.
Retrieving Policy Planner Ticket Event History
policyplan.pull_pp_ticket_events(ticket_id: str, page_size: int)
- ticket_id: ID of ticket to retrieve event history from.
- page_size: Number of events to return
Retrieving Policy Planner Ticket Attachments
policyplan.pull_pp_ticket_attachements(ticket_id: str, page_size=100)
- ticket_id: ID of ticket to retrieve event history from.
- page_size: Number of events to return
Download Policy Planner Ticket Attachments
policyplan.download_pp_ticket_attachment(self, ticket_id: str, attachment_id: str)
- ticket_id: ID of ticket to retrieve event history from.
- attachment_id: ID of attachment to fetch
Coding Example:
attachment_resp = pp.download_pp_ticket_attachment(ticket_id, attachment_id)
file_name = attachment_resp.headers['filename']
open(file_name, 'wb').write(attachment_resp.content)
Assigning a Policy Planner Ticket
policyplan.assign_pp_ticket(ticket_id: str, user_id: str)
- ticket_id: ID of ticket to assign user to.
- user_id: ID of user to be assigned.
Unassigning a Policy Planner Ticket
policyplan.unassign_pp_ticket(ticket_id: str)
- ticket_id: ID of ticket to remove assignee from.
Adding a Requirement to a Policy Planner Ticket
policyplan.add_req_pp_ticket(ticket_id: str, req_json: dict)
- ticket_id: ID of ticket to add requirement to.
- req_json: JSON of requirement to be added.
Requirement JSON Example:
{
"requirements":[
{
"requirementType":"RULE",
"childKey":"add_access",
"variables":{
"expiration":"2022-01-01T00:00:00+0000"
},
"destinations":[
"10.1.1.1/24"
],
"services":[
"tcp/22"
],
"sources":[
"10.0.0.0/24"
],
"action":"ACCEPT"
}
]
}
Replacing Requirements on a Policy Planner Ticket
policyplan.replace_req_pp_ticket(self, ticket_id: str, req_json: dict)
- ticket_id: ID of ticket to add requirements to.
- req_json: JSON of requirements to be added.
Completing a Policy Planner Ticket Task
policyplan.complete_task_pp_ticket(ticket_id: str, button_action: str)
- ticket_id: ID of ticket to add requirement to.
- button_action: Button value, options are: submit, complete, autoDesign, verify, approved, rejected
Running PCA for a Policy Planner Ticket
policyplan.run_pca(ticket_id: str, control_types: str, enable_risk_sa: str)
- ticket_id: ID of ticket to run PCA on.
- control_types: Control types as string array. Options: ALLOWED_SERVICES, CHANGE_WINDOW_VIOLATION, DEVICE_ACCESS_ANALYSIS, DEVICE_PROPERTY, DEVICE_STATUS, NETWORK_ACCESS_ANALYSIS, REGEX, REGEX_MULITPATTERN, RULE_SEARCH, RULE_USAGE, SERVICE_RISK_ANALYSIS, ZONE_MATRIX, ZONE_BASED_RULE_SEARCH
- enable_risk_sa: true or false
Adding Attachment to a Policy Planner Ticket
policyplan.add_attachment(ticket_id: str, file_name: str, f, description: str):
- ticket_id: ID of ticket to add attachment to.
- filename: File name of attachment.
- f: file stream.
- description: Description of file.
Adding Attachment Code Example:
file_name = "test_file.txt"
with open(file_name) as f:
policyplan.add_attachment('38', file_name, f, 'test upload')
Uploading Requirements via CSV to Policy Planner Ticket
policyplan.csv_req_upload(ticket_id: str, file_name: str, f, behavior="append"):
- ticket_id: ID of ticket to add attachment to.
- filename: File name of attachment.
- f: file stream.
- behavior: Defaulted to
append, passreplaceto replace all requirements on the ticket with the new CSV requirements
Uploading Requirements via CSV Code Example:
file_name = "test_req.csv"
with open(file_name) as f:
policyplan.csv_req_upload('1', file_name, f)
Retrieving Requirements from a Policy Planner Ticket
policyplan.get_reqs(ticket_id: str)
- ticket_id: ID of ticket to retrieve requirements from.
Retrieving Changes from a Policy Planner Ticket
policyplan.get_changes(ticket_id: str)
- ticket_id: ID of ticket to retrieve requirements from.
Updating Change on a Policy Planner Ticket
policyplan.update_change(ticket_id: str, req_id: str, change_id: str, change_json: dict)
- ticket_id: ID of ticket
- req_id: ID of requirement change is tied to
- change_id: ID of change to update
- change_json: JSON of change update
Deleting Requirements from a Policy Planner Ticket
policyplan.del_all_reqs(ticket_id: str)
- ticket_id: ID of ticket to delete requirements from.
Approving Requirement in a Policy Planner Ticket
policyplan.approve_req(ticket_id: str, req_id: str)
- ticket_id: ID of ticket that the requirement is tied to.
- req_id: ID of requiremnt to approve.
Add Comment to Policy Planner Ticket
policyplan.add_comment(ticket_id: str, comment: str)
- ticket_id: ID of ticket to add comment to.
- comment: Content of comment.
Retrieve All Policy Planner Ticket Comments
policyplan.get_comments(ticket_id: str)
- ticket_id: ID of ticket to retrieve comments from.
Delete Comment from Policy Planner Ticket
policyplan.del_comment(ticket_id: str, comment_id: str)
- ticket_id: ID of ticket to delete comment from.
- comment_id: ID of comment to delete.
Ending a Policy Planner Session
policyplan.logout()
Security Manager Usage
Initializing a Security Manager Class
from security_manager_apis import security_manager
securitymanager = security_manager.SecurityManagerApis(host: str, username: str, password: str, verify_ssl: bool, domain_id: str, suppress_ssl_warning: bool)
- host: Pointing to your FireMon server.
- username: The username that would be used to create the API connection to FireMon.
- password: The API password for the given user.
- verify_ssl: Enabled by default. If you are running demo/test environment, good chance you'll need to set this one to
False. - domain_id: The Domain ID for the targeted workflow.
- suppress_ssl_warning: Set to False by default. Will supress any SSL warnings when set to
True.
Get List of Devices in Security Manager
securitymanager.get_devices()
Manual Device Retrieval
securitymanager.manual_device_retrieval(device_id: str)
- device_id: ID of device to retrieve.
Create Device Group
securitymanager.create_device_group(device_group_name: str)
- device_group_name: Name of device group to create.
Get Device Group by Name
securitymanager.get_device_group_by_name(device_group_name: str)
- device_group_name: Name of device group to create.
Add Device to Device Group
securitymanager.add_to_device_group(device_group_id: str, device_id: str)
- device_group_id: ID of device group to add device to.
- device_id: ID of device to add to device group.
Adding a Supplemental Route
securitymanager.add_supp_route(device_id: str, supplemental_route: dict)
- device_id: ID of device to retrieve.
- supplemental_route: JSON of supplemental route.
Supplemental Route JSON Example
{
"destination": "10.0.0.25",
"deviceId": "2",
"drop": false,
"gateway": "10.0.0.26",
"interfaceName": "port1",
"metric": 3
}
Bulk Adding Supplemental Route via Text File
securitymanager.bulk_add_supp_route(f)
- f: File stream.
Supplemental Route Text File Example
deviceId,interfaceName,destination,gateway,virtualRouter,nextVirtualRouter,metric,drop
2,port1,10.0.0.25,10.0.0.26,,,4,true
2,,10.0.0.25,10.0.0.26,Default,Default,4,true
Note: The first line of this file will not be processed, it serves as an informational header.
Supplemental Route Bulk Upload Code Example
with open('supp_route.txt') as f:
securitymanager.bulk_add_supp_route(f)
f.close()
Security Manager SIQL Query
securitymanager.siql_query(query_type: str, query: str, page_size: int)
- query_type: What type of object to query. Options: secrule, policy, serviceobj, networkobj, device
- query: SIQL query to run.
- page_size: Number of results to return
Search for Device Zones
securitymanager.zone_search(device_id: str, page_size: int)
- device_id: Device ID
- page_size: Number of results to return
Retrieve Firewall Object
securitymanager.get_fw_obj(obj_type: str, device_id: str, match_id: str)
- obj_type: Type of firewall object. Options: NETWORK, SERVICE, ZONE, APP, PROFILE, SCHEDULE, URL_MATCHER, USER
- device_id: Device ID
- match_id: Match ID of targeted object
Retrieve Device Object
securitymanager.get_device_obj(device_id: str)
- device_id: Device ID
Retrieve Rule Documentation
securitymanager.get_rule_doc(device_id: str, rule_id: str)
- device_id: Device ID
- rule_id: Rule ID
Update Rule Documentation
securitymanager.update_rule_doc(device_id: str, rule_doc: dict)
- device_id: Device ID
- rule_doc: Rule documentation JSON
Rule Doc JSON Example:
{
"ruleId":"16959bc0-b9f7-436b-9851-aac6f3d98963",
"deviceId":3,
"props":[
{
"ruleId":"16959bc0-b9f7-436b-9851-aac6f3d98963",
"ruleCustomPropertyDefinition":{
"id":1,
"customPropertyDefinition":{
"id":1,
"name":"Business Justification",
"key":"business_justification",
"type":"STRING_ARRAY",
"filterable":true,
"inheritFromMgmtStation":false
},
"name":"Business Justification",
"key":"business_justification",
"type":"STRING_ARRAY"
},
"customProperty":{
"id":1,
"name":"Business Justification",
"key":"business_justification",
"type":"STRING_ARRAY",
"filterable":true,
"inheritFromMgmtStation":false
},
"stringarray": ["test update"]
}
]
}
Ending a Security Manager Session
securitymanager.logout()
Policy Optimizer Usage
Initializing a Policy Optimizer Class
from security_manager_apis import policy_optimizer
policyoptimizer = policy_optimizer.PolicyOptimizerApis(host: str, username: str, password: str, verify_ssl: bool, domain_id: str, workflow_name: str, suppress_ssl_warning: bool)
- host: Pointing to your FireMon server.
- username: The username that would be used to create the API connection to FireMon.
- password: The API password for the given user.
- verify_ssl: Enabled by default. If you are running demo/test environment, good chance you'll need to set this one to
False. - domain_id: The Domain ID for the targeted workflow.
- workflow_name: The name of the targeted workflow.
- suppress_ssl_warning: Set to False by default. Will supress any SSL warnings when set to
True.
Create a Policy Optimizer Ticket
policyoptimizer.create_pp_ticket(request_body: dict)
- request_body: JSON of ticket to be created.
Request JSON Example:
{
"deviceId": 1,
"policyId": "62c7344a-31b9-40a6-8e7e-0c9cd6407fbe",
"ruleId": "16959bc0-b9f7-436b-9851-aac6f3d98963"
}
Retrieve Policy Optimizer Ticket JSON
policyoptimizer.get_po_ticket(ticket_id: str)
- ticket_id: ID of ticket to be retrieved.
Assign Policy Optimizer Ticket to User
policyoptimizer.assign_po_ticket(ticket_id: str, user_id: str)
- ticket_id: ID of ticket to assign user to.
- user_id: ID of User to be assigned.
Complete a Policy Optimizer Ticket
policyoptimizer.complete_po_ticket(ticket_id: str, decision: dict)
- ticket_id: ID of ticket to complete.
- decision: JSON of decision to Certify/Decertify rule.
Certify JSON Example:
{
"variables":{
"ruleDecision":"certify",
"certifyRemarks":"string",
"nextReviewDate":"2022-01-01T00:00:00-0500"
}
}
Decertify JSON Example:
{
"variables":{
"ruleDecision":"decertify",
"ruleActions":"string",
"modifyRuleOptions":"string",
"moveToPosition": "string",
"removeOther": "string",
"disableRuleOptions":"string",
"removeRuleOptions":"string",
"decertifyRuleReason":"string"
}
}
Decertify JSON Structure:
ruleActionsOptions:- MODIFYRULE, which prompts a value for
modifyRuleOptions:removeObjects, which prompts a value forremoveOthermoveToRulePosition, which prompts a value formoveToPositionmodifyRuleOptions, which prompts a value forother
- DISABLERULE, which prompts a value for
disableRuleOptions:couldNotFindOwneraccessNoLongerNeededother
- REMOVERULE, which prompts a value for
removeRuleOptions:accessNoLongerNeededaccessIsTooRiskyother
- MODIFYRULE, which prompts a value for
Cancel a Policy Optimizer Ticket
policyoptimizer.cancel_po_ticket(ticket_id: str)
- ticket_id: ID of ticket to cancel.
Query Policy Optimizer Tickets
policyoptimizer.siql_query_po_ticket(parameters: dict)
- parameters: Parameters of query.
Params Example:
params = {'q': "review { workflow = 1 AND status ~ 'Review' }", 'pageSize': 20, 'domainId': 1, 'sortdir': 'asc'}
Ending a Policy Optimizer Session
policyoptimizer.logout()
Orchestration API Usage
Initializing an Orchestration API Class
from security_manager_apis import orchestration_apis
orchestration = orchestration_apis.OrchestrationApis(host: str, username: str, password: str, verify_ssl: bool, domain_id: str, suppress_ssl_warning=False)
- host: Pointing to your FireMon server.
- username: The username that would be used to create the API connection to FireMon.
- password: The API password for the given user.
- verify_ssl: Enabled by default. If you are running demo/test environment, good chance you'll need to set this one to
False. - domain_id: The Domain ID for the targeted workflow.
- suppress_ssl_warning: Set to False by default. Will supress any SSL warnings when set to
True.
Running Rule Recommendation
orchestration.rulerec_api(params: dict, req_json: dict)
- params: Parameters to use for recommendation.
- req_json: JSON of requirements to provide recommendation for.
Parameters Example
parameters = {'deviceGroupId': 1, 'addressMatchingStrategy': 'INTERSECTS', 'modifyBehavior': 'MODIFY', 'strategy': None}
Requirements Example
{
"requirements":[
{
"requirementType":"RULE",
"childKey":"add_access",
"variables":{
"expiration":"2022-01-01T00:00:00+0000"
},
"destinations":[
"10.1.1.1/24"
],
"services":[
"tcp/22"
],
"sources":[
"10.0.0.0/24"
],
"action":"ACCEPT"
}
]
}
Running Pre-Change Assessment
orchestration.pca_api(device_id: str, req_json: dict)
- device_id: ID of device to use when running Pre-Change Assessment.
- req_json: JSON of requirements to provide recommendation for.
Requirements Example
{
"requirements":[
{
"requirementType":"RULE",
"childKey":"add_access",
"variables":{
"expiration":"2022-01-01T00:00:00+0000"
},
"destinations":[
"10.1.1.1/24"
],
"services":[
"tcp/22"
],
"sources":[
"10.0.0.0/24"
],
"action":"ACCEPT"
}
]
}
Project Structure
application.properties- All the required URLS are placed here.get_properties_data.py- Read the properties file data and returns a parserpolicy_planner.py- Class to use Policy Planner APIssecurity_manager.py- Class to use Security Manager APIspolicy_optimizer.py- Class to use Policy Optimizer APIsorchestration_apis.py- Class to use Crchestration APIs
Flow of Execution
As soon as you execute the command to run this library, Authentication class will be called which will internally call get_auth_token() of authentication_api.py from authenticate_user module only once and
auth token will be set in the headers.
Then we pass headers to the HTTP requests so that user should get authenticated and can access the endpoints safely.
License
MIT.
