msiempy.ESM : API documentation

class documentation

class msiempy.ESM(NitroObject): (source)

Enterprise Security Manager interface.

Object do not contain data, it's a simple interface to data structures / values returned by the SIEM or helper methods.

Exemples:

Fetch ESM infos

Print a few esm infos. ESM object has not state for it self, it's a simple interface to data structures / values returned by the SIEM.

>>> from msiempy import ESM
>>> esm=ESM()
>>> esm.version()
'11.2.1'
>>> esm.recs()
[('ERC-1', 144116287587483648)]
>>> esm.buildstamp()
'11.2.1 20190725050014'

Method	__init__	Undocumented
Method	text	Returns `"ESM object"`
Method	json	Not implemented
Method	refresh	Not implemented
Method	time	Returns: str: ESM time (GMT)
Method	buildstamp	Returns: Buildstamp string
Method	version	Returns: simple version string
Method	status	Get various ESM statuses.
Method	disks	Returns: `self.status()['hdd']`
Method	ram	Returns: `self.status()['ram']`
Method	backup_status	Returns: `dict`: Backup status and timestamps.
Method	callhome	Check callhome connection.
Method	rules_status	Returns: Rules autocheck status and timestamps.
Method	get_alerts	Tells the ESM to retrieve alerts from the provided device ID.
Method	recs	Get list of receivers name and id
Method	tz_offsets	Builds table of ESM timezones including offsets.
Method	timezones	Builds table of ESM timezones and names only. No offsets.
Method	tz_name_to_id	Get the timezone ID from it's name.
Method	tz_id_to_name	Get the timezone name from it's ID.
Method	type_id_to_venmod	Get the datasource vendor info from it's `type_id`.
Method	venmod_to_type_id	Get the datasource `type_id` info from it's `vendor` and `model`.
Method	rules_history	Returns: Policy Editor rule history.
Method	_map_status_int_fields	Undocumented
Instance Variable	_fields	Undocumented
Method	_get_timezones	Gets `list` of timezones from the ESM.
Method	_get_ds_types	Retrieves device table from ESM
Method	_format_ds_types	Callback to create type_id/vendor/model table

Inherited from NitroObject:

Class	NitroJSONEncoder	Custom JSON encoder that will use the approprtiate propertie depending of the type of NitroObject. TODO support json json dumping of QueryFilers, may be by making them inherits from NitroDict.
Instance Variable	nitro	`msiempy.core.session.NitroSession` object. Interface to the SIEM.

def __init__(self, *args, **kwargs): (source)

overrides msiempy.core.types.NitroObject.__init__

Undocumented

@property
def text(self): (source)

overrides msiempy.core.types.NitroObject.text

Returns "ESM object"

@property
def json(self): (source)

overrides msiempy.core.types.NitroObject.json

Not implemented

def refresh(self): (source)

overrides msiempy.core.types.NitroObject.refresh

Not implemented

def time(self): (source)

Returns:: str: ESM time (GMT)
Example:: 2017-07-06T12:21:59.0+0000

def buildstamp(self): (source)

Returns:: Buildstamp string
Example:: 10.0.2 20170516001031

def version(self): (source)

Returns:: simple version string
Example:: 10.1.0

def status(self): (source)

Get various ESM statuses.

Returns:

dict

ESM statuses includes:

cpu, example: Avail: 7977MB, Used: 7857MB, Free: 119MB
hdd, example: sda3 Size: 491GB, Used: 55GB(12%), Available: 413GB, Mount: /
ram
callHomeIp
autoBackupEnabled
autoBackupHour
autoBackupDay
backupNextTime
backupLastTime
rulesAndSoftwareCheckEnabled
rulesAndSoftNextCheck
rulesAndSoftLastCheck

Other functions exist to return subsets of this data also.

Note:: Uses internal API method SYS_GETSYSINFO

def _map_status_int_fields(self, status): (source)

Undocumented

def disks(self): (source)

Returns: self.status()['hdd']

def ram(self): (source)

Returns: self.status()['ram']

def backup_status(self): (source)

Returns:: dict: Backup status and timestamps.
Note:: Use status.

Example

{'autoBackupEnabled': True,
'autoBackupDay': 7,
'autoBackupHour': 0,
'backupLastTime': '07/03/2017 08:59:36',
'backupNextTime': '07/10/2017 08:59'}

def callhome(self): (source)

Check callhome connection.

Returns:: bool: If there is currently a callhome connection.
Note:: Use status.

def rules_status(self): (source)

Returns: Rules autocheck status and timestamps.

Note:: Use status.

Example:

{ 'rulesAndSoftwareCheckEnabled': True
'rulesAndSoftLastCheck': '07/06/2017 10:28:43',
'rulesAndSoftNextCheck': '07/06/2017 22:28:43',}

_fields = (source)

Undocumented

(type: List[str])

def get_alerts(self, ds_id, flows=(False)): (source)

Tells the ESM to retrieve alerts from the provided device ID.

Arguments:

ds_id: (str) IPSID for the device, e.g. 144116287587483648
flows: (bool) Also get flows from the device (default: False)

Returns: None

Note:: Uses internal API methods IPS_GETALERTSNOW and IPS_GETFLOWSNOW

@lru_cache(maxsize=None)
def recs(self): (source)

Get list of receivers name and id

Returns:: list[tuple(name, id)]

@lru_cache(maxsize=None)
def _get_timezones(self): (source)

Gets list of timezones from the ESM.

def tz_offsets(self): (source)

Builds table of ESM timezones including offsets.

Returns:: list[tuple()]: list of timezone tuples(name, id, offset)

Example:

[(1, 'Midway Island, Samoa', '-11:00'),
 (2, 'Hawaii', '-10:00'),
 ...
]

def timezones(self): (source)

Builds table of ESM timezones and names only. No offsets.

Returns:: dict: {timezone_id:timezone_name, ...}

def tz_name_to_id(self, tz_name): (source)

Get the timezone ID from it's name.

Arguments:

tz_name: (str) Case sensitive, exact match timezone name

Returns:

str, Timezone id or None if there is no match

def tz_id_to_name(self, tz_id): (source)

Get the timezone name from it's ID.

Arguments:

td_id: (str) Numerical string (Currently 1 to 74)

Returns:

str Timezone name or None if there is no match

def type_id_to_venmod(self, type_id): (source)

Get the datasource vendor info from it's type_id.

Arguments:

type_id: (str) Numerical string

Returns:

tuple(vendor, model) or None if there is no match

def venmod_to_type_id(self, vendor, model): (source)

Get the datasource type_id info from it's vendor and model.

Arguments:

vendor: (str) Exact vendor string including puncuation
model: (str) Exact model string including puncuation

Returns:

str Matching type_id or None if there is no match

def rules_history(self): (source)

Returns:: Policy Editor rule history.

@lru_cache(maxsize=None)
def _get_ds_types(self): (source)

Retrieves device table from ESM

Returns:: list of tuples output from callback: _format_ds_types()

def _format_ds_types(self, venmods): (source)

Callback to create type_id/vendor/model table

Arguments:

venmods (obj): request object from _get_ds_types

Returns:

list of tuples:

[(542, 'McAfee', 'SaaS Email Protection')
(326, 'McAfee', 'Web Gateway')
(406, 'Microsoft', 'ACS - SQL Pull')
(491, 'Microsoft', 'Endpoint Protection - SQL Pull')
(348, 'Microsoft', 'Exchange')]

Note:

This is a callback for _get_ds_types.

API Documentation for msiempy, generated by pydoctor 20.7.1 at 2020-11-18 14:02:21.