https://github.com/greenpau/py_sep_sdk

Unofficial Symantec Endpoint Protection API Client Library and Prometheus Exporter
https://github.com/greenpau/py_sep_sdk

grafana-dashboard prometheus-exporter sep symantec symantecendpointprotection symantecsep

Last synced: 25 days ago
JSON representation

Unofficial Symantec Endpoint Protection API Client Library and Prometheus Exporter

• Host: GitHub
• URL: https://github.com/greenpau/py_sep_sdk
• Owner: greenpau
• License: apache-2.0
• Created: 2019-06-03T15:24:41.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2019-06-03T15:26:10.000Z (over 5 years ago)
• Last Synced: 2024-05-02T05:08:46.507Z (6 months ago)
• Topics: grafana-dashboard, prometheus-exporter, sep, symantec, symantecendpointprotection, symantecsep
• Language: Python
• Homepage:
• Size: 501 KB
• Stars: 0
• Watchers: 3
• Forks: 4
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# py_sep_sdk

Unofficial Symantec Endpoint Protection Manager API Client Library.

References:

- [Symantec Endpoint Protection Manager REST API Reference](https://apidocs.symantec.com/home/saep)

## Installation

First, add `~/.py_sep_sdk.rc` user credentials file:

```

[credentials]

username = "admin"

password = "P@ssword"

domain = "EXAMPLE.COM"

[manager]

host = "sepm"

port = "8446"

protocol = "https"

```

Then, create installation package:

```bash

make package

```

Next, install the package:

```bash

$ sudo pip install dist/py_sep_sdk-1.0.8.tar.gz --no-binary py_sep_sdk

DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.

Processing ./dist/py_sep_sdk-1.0.8.tar.gz

Requirement already satisfied: setuptools in /usr/lib/python2.7/site-packages (from py-sep-sdk==1.0.8) (40.6.3)

Requirement already satisfied: wheel in /usr/lib/python2.7/site-packages (from py-sep-sdk==1.0.8) (0.32.3)

Requirement already satisfied: requests>=2.21.0 in /usr/lib/python2.7/site-packages (from py-sep-sdk==1.0.8) (2.21.0)

Requirement already satisfied: ipaddress in /usr/lib/python2.7/site-packages (from py-sep-sdk==1.0.8) (1.0.22)

Requirement already satisfied: urllib3<1.25,>=1.21.1 in /usr/lib/python2.7/site-packages (from requests>=2.21.0->py-sep-sdk==1.0.8) (1.24.1)

Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python2.7/site-packages (from requests>=2.21.0->py-sep-sdk==1.0.8) (3.0.4)

Requirement already satisfied: idna<2.9,>=2.5 in /usr/lib/python2.7/site-packages (from requests>=2.21.0->py-sep-sdk==1.0.8) (2.8)

Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python2.7/site-packages (from requests>=2.21.0->py-sep-sdk==1.0.8) (2018.11.29)

Skipping bdist_wheel for py-sep-sdk, due to binaries being disabled for it.

Installing collected packages: py-sep-sdk

  Running setup.py install for py-sep-sdk ... done

Successfully installed py-sep-sdk-1.0.8

```

If necessary, uninstall the package:

```bash

$ pip uninstall py-sep-sdk

Uninstalling py-sep-sdk-1.0.1:

  Would remove:

    /usr/bin/symc-sep-client

    /usr/lib/python2.7/site-packages/py_sep_sdk-1.0.1-py2.7.egg-info

    /usr/lib/python2.7/site-packages/py_sep_sdk/*

Proceed (y/n)? y

  Successfully uninstalled py-sep-sdk-1.0.1

```

## Getting Started

The package comes with `symc-sep-client` command line utility.

It is a great example if you want to learn how this API client

works.

### General Usage

```

symc-sep-client - Symantec EPM API Client

optional arguments:

  -h, --help            show this help message and exit

  -i FILE               Read from input file (or stdin); only works with non-

                        liver queries

  -o output             Write to output file (or stdout)

  --manager manager     SEP Manager IP address or name

  --filter KEY:VALUE    Object filters, e.g. ip:1.1.1.1, name:nysrv1

  --format {json,csv,yaml}

                        Output format

  --cron                Set for cronjobs

  --debug               Enable debugging

Available Actions:

  --get-version         performs live query for API version

  --get-domains         performs live query for domains

  --get-groups          performs live query for groups

  --get-computers       performs live query for computers

  --get-licenses        performs live query for licenses

  --get-policies        performs live query for policies

  --get-admin-users     performs live query for admin users

  --delete-agent AGENT_ID

                        deletes an agent from SEPM by its ID

  --get-prometheus-metrics

                        output Prometheus metrics

  --dump-agents         dumps agents

  --dump-operating-systems

                        dumps operating system types for the agents

  --dump-windows-server-agents

                        dumps agents with Windows Server OS

  --dump-duplicate-agents

                        dumps duplicate agents

  --dump-agent-info     dumps agent information

  --check-data          checks the quality of input data

documentation: https://github.com/greenpau/py_sep_sdk

```

### Computer Objects

The following command fetches all computer records from SEP Manager host

`sepmanager1` and stores them in `/tmp/computers.json`:

```bash

symc-sep-client --manager sepmanager1 --get-computers -o /tmp/computers.json

```

Next, having that data, a user may query for a specific server, e.g. `server1`:

```bash

symc-sep-client -i /tmp/computers.json --dump-agent-info --filter "name:server1" --debug

```

### Duplicate Computer Objects

The following sequence of commands helps getting rid of duplicate computer

objects in SEP Manager. Please pay attention and replace `sepmanager1` with

the name of an appropriate SEP Manager.

```bash

symc-sep-client --manager sepmanager1 --get-computers -o /tmp/computers.json

symc-sep-client -i /tmp/computers.json --dump-duplicate-agents --debug --format csv > /tmp/computers.dups.list

cat /tmp/computers.dups.list | cut -d";" -f1 | sort | uniq | sed 's/^/symc-sep-client --manager sepmanager1 --delete-agent /;s/$/; sleep 1;/' | grep -v "UniqueID" > /tmp/doit.sh

chmod +x /tmp/doit.sh

/tmp/doit.sh

```

### Prometheus Metrics

Configure the following `cron` job to collect and export SEP Manager metrics to Prometheus.

The `cron` argument is necessary when running the command via `cron`:

```

# crontab -l

SHELL=/bin/bash

*/5 * * * * symc-sep-client --get-prometheus-metrics -o /var/lib/node_exporter/sepm.prom --cron

```

The exported metrics are:

* `symc_sepm_agent_auto_protection_status`

* `symc_sepm_agent_auto_protection_status_total`

* `symc_sepm_agent_av_engine_status`

* `symc_sepm_agent_av_engine_status_total`

* `symc_sepm_agent_cids_browser_firefox_status`

* `symc_sepm_agent_cids_browser_firefox_status_total`

* `symc_sepm_agent_cids_browser_ie_status`

* `symc_sepm_agent_cids_browser_ie_status_total`

* `symc_sepm_agent_cids_defset_version`

* `symc_sepm_agent_cids_defset_version_total`

* `symc_sepm_agent_cids_engine_version`

* `symc_sepm_agent_cids_engine_version_total`

* `symc_sepm_agent_default_gateway_config`

* `symc_sepm_agent_default_gateway_config_total`

* `symc_sepm_agent_deployment_running_version`

* `symc_sepm_agent_deployment_running_version_total`

* `symc_sepm_agent_deployment_target_version`

* `symc_sepm_agent_deployment_target_version_total`

* `symc_sepm_agent_dhcp_server_config`

* `symc_sepm_agent_dhcp_server_config_total`

* `symc_sepm_agent_dns_server_config`

* `symc_sepm_agent_dns_server_config_total`

* `symc_sepm_agent_download_advisor_status`

* `symc_sepm_agent_download_advisor_status_total`

* `symc_sepm_agent_edr_status`

* `symc_sepm_agent_edr_status_total`

* `symc_sepm_agent_elam_status`

* `symc_sepm_agent_elam_status_total`

* `symc_sepm_agent_firewall_status`

* `symc_sepm_agent_firewall_status_total`

* `symc_sepm_agent_group_name_config`

* `symc_sepm_agent_group_name_config_total`

* `symc_sepm_agent_infection_severity`

* `symc_sepm_agent_install_client`

* `symc_sepm_agent_install_client_total`

* `symc_sepm_agent_ip_address_config`

* `symc_sepm_agent_ip_network_config`

* `symc_sepm_agent_ip_network_config_total`

* `symc_sepm_agent_is_cids_silent_mode`

* `symc_sepm_agent_is_cids_silent_mode_total`

* `symc_sepm_agent_is_duplicate`

* `symc_sepm_agent_is_duplicate_total`

* `symc_sepm_agent_is_infected_total`

* `symc_sepm_agent_is_online`

* `symc_sepm_agent_is_online_total`

* `symc_sepm_agent_is_vdi_client_total`

* `symc_sepm_agent_last_deployment_time`

* `symc_sepm_agent_last_heuristic_threat_time`

* `symc_sepm_agent_last_scan_time`

* `symc_sepm_agent_last_virus_time`

* `symc_sepm_agent_network_cids_status`

* `symc_sepm_agent_network_cids_status_total`

* `symc_sepm_agent_operating_system_version`

* `symc_sepm_agent_operating_system_version_total`

* `symc_sepm_agent_pep_status`

* `symc_sepm_agent_pep_status_total`

* `symc_sepm_agent_profile_version`

* `symc_sepm_agent_profile_version_total`

* `symc_sepm_agent_ptp_status`

* `symc_sepm_agent_ptp_status_total`

* `symc_sepm_agent_reboot_required_status`

* `symc_sepm_agent_reboot_required_status_total`

* `symc_sepm_agent_sonar_status`

* `symc_sepm_agent_sonar_status_total`

* `symc_sepm_agents_total`

* `symc_sepm_agent_tamper_status`

* `symc_sepm_agent_tamper_status_total`

* `symc_sepm_agent_type`

* `symc_sepm_agent_type_total`

* `symc_sepm_agent_version`

* `symc_sepm_agent_version_total`

* `symc_sepm_agent_wins_server_config`

* `symc_sepm_agent_wins_server_config_total`

* `symc_sepm_collector_errors`

* `symc_sepm_duplicate_agents_total`

* `symc_sepm_status_values`