Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/greenpau/py_sep_sdk
Unofficial Symantec Endpoint Protection API Client Library and Prometheus Exporter
https://github.com/greenpau/py_sep_sdk
grafana-dashboard prometheus-exporter sep symantec symantecendpointprotection symantecsep
Last synced: 26 days ago
JSON representation
Unofficial Symantec Endpoint Protection API Client Library and Prometheus Exporter
- Host: GitHub
- URL: https://github.com/greenpau/py_sep_sdk
- Owner: greenpau
- License: apache-2.0
- Created: 2019-06-03T15:24:41.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2019-06-03T15:26:10.000Z (over 5 years ago)
- Last Synced: 2024-05-02T05:08:46.507Z (8 months ago)
- Topics: grafana-dashboard, prometheus-exporter, sep, symantec, symantecendpointprotection, symantecsep
- Language: Python
- Homepage:
- Size: 501 KB
- Stars: 0
- Watchers: 3
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# py_sep_sdk
Unofficial Symantec Endpoint Protection Manager API Client Library.
References:
- [Symantec Endpoint Protection Manager REST API Reference](https://apidocs.symantec.com/home/saep)## Installation
First, add `~/.py_sep_sdk.rc` user credentials file:
```
[credentials]
username = "admin"
password = "P@ssword"
domain = "EXAMPLE.COM"[manager]
host = "sepm"
port = "8446"
protocol = "https"
```Then, create installation package:
```bash
make package
```Next, install the package:
```bash
$ sudo pip install dist/py_sep_sdk-1.0.8.tar.gz --no-binary py_sep_sdk
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Processing ./dist/py_sep_sdk-1.0.8.tar.gz
Requirement already satisfied: setuptools in /usr/lib/python2.7/site-packages (from py-sep-sdk==1.0.8) (40.6.3)
Requirement already satisfied: wheel in /usr/lib/python2.7/site-packages (from py-sep-sdk==1.0.8) (0.32.3)
Requirement already satisfied: requests>=2.21.0 in /usr/lib/python2.7/site-packages (from py-sep-sdk==1.0.8) (2.21.0)
Requirement already satisfied: ipaddress in /usr/lib/python2.7/site-packages (from py-sep-sdk==1.0.8) (1.0.22)
Requirement already satisfied: urllib3<1.25,>=1.21.1 in /usr/lib/python2.7/site-packages (from requests>=2.21.0->py-sep-sdk==1.0.8) (1.24.1)
Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python2.7/site-packages (from requests>=2.21.0->py-sep-sdk==1.0.8) (3.0.4)
Requirement already satisfied: idna<2.9,>=2.5 in /usr/lib/python2.7/site-packages (from requests>=2.21.0->py-sep-sdk==1.0.8) (2.8)
Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python2.7/site-packages (from requests>=2.21.0->py-sep-sdk==1.0.8) (2018.11.29)
Skipping bdist_wheel for py-sep-sdk, due to binaries being disabled for it.
Installing collected packages: py-sep-sdk
Running setup.py install for py-sep-sdk ... done
Successfully installed py-sep-sdk-1.0.8
```If necessary, uninstall the package:
```bash
$ pip uninstall py-sep-sdk
Uninstalling py-sep-sdk-1.0.1:
Would remove:
/usr/bin/symc-sep-client
/usr/lib/python2.7/site-packages/py_sep_sdk-1.0.1-py2.7.egg-info
/usr/lib/python2.7/site-packages/py_sep_sdk/*
Proceed (y/n)? y
Successfully uninstalled py-sep-sdk-1.0.1
```## Getting Started
The package comes with `symc-sep-client` command line utility.
It is a great example if you want to learn how this API client
works.### General Usage
```
symc-sep-client - Symantec EPM API Clientoptional arguments:
-h, --help show this help message and exit-i FILE Read from input file (or stdin); only works with non-
liver queries
-o output Write to output file (or stdout)
--manager manager SEP Manager IP address or name
--filter KEY:VALUE Object filters, e.g. ip:1.1.1.1, name:nysrv1
--format {json,csv,yaml}
Output format
--cron Set for cronjobs
--debug Enable debuggingAvailable Actions:
--get-version performs live query for API version
--get-domains performs live query for domains
--get-groups performs live query for groups
--get-computers performs live query for computers
--get-licenses performs live query for licenses
--get-policies performs live query for policies
--get-admin-users performs live query for admin users
--delete-agent AGENT_ID
deletes an agent from SEPM by its ID
--get-prometheus-metrics
output Prometheus metrics
--dump-agents dumps agents
--dump-operating-systems
dumps operating system types for the agents
--dump-windows-server-agents
dumps agents with Windows Server OS
--dump-duplicate-agents
dumps duplicate agents
--dump-agent-info dumps agent information
--check-data checks the quality of input datadocumentation: https://github.com/greenpau/py_sep_sdk
```### Computer Objects
The following command fetches all computer records from SEP Manager host
`sepmanager1` and stores them in `/tmp/computers.json`:```bash
symc-sep-client --manager sepmanager1 --get-computers -o /tmp/computers.json
```Next, having that data, a user may query for a specific server, e.g. `server1`:
```bash
symc-sep-client -i /tmp/computers.json --dump-agent-info --filter "name:server1" --debug
```### Duplicate Computer Objects
The following sequence of commands helps getting rid of duplicate computer
objects in SEP Manager. Please pay attention and replace `sepmanager1` with
the name of an appropriate SEP Manager.```bash
symc-sep-client --manager sepmanager1 --get-computers -o /tmp/computers.json
symc-sep-client -i /tmp/computers.json --dump-duplicate-agents --debug --format csv > /tmp/computers.dups.list
cat /tmp/computers.dups.list | cut -d";" -f1 | sort | uniq | sed 's/^/symc-sep-client --manager sepmanager1 --delete-agent /;s/$/; sleep 1;/' | grep -v "UniqueID" > /tmp/doit.sh
chmod +x /tmp/doit.sh
/tmp/doit.sh
```### Prometheus Metrics
Configure the following `cron` job to collect and export SEP Manager metrics to Prometheus.
The `cron` argument is necessary when running the command via `cron`:```
# crontab -l
SHELL=/bin/bash*/5 * * * * symc-sep-client --get-prometheus-metrics -o /var/lib/node_exporter/sepm.prom --cron
```The exported metrics are:
* `symc_sepm_agent_auto_protection_status`
* `symc_sepm_agent_auto_protection_status_total`
* `symc_sepm_agent_av_engine_status`
* `symc_sepm_agent_av_engine_status_total`
* `symc_sepm_agent_cids_browser_firefox_status`
* `symc_sepm_agent_cids_browser_firefox_status_total`
* `symc_sepm_agent_cids_browser_ie_status`
* `symc_sepm_agent_cids_browser_ie_status_total`
* `symc_sepm_agent_cids_defset_version`
* `symc_sepm_agent_cids_defset_version_total`
* `symc_sepm_agent_cids_engine_version`
* `symc_sepm_agent_cids_engine_version_total`
* `symc_sepm_agent_default_gateway_config`
* `symc_sepm_agent_default_gateway_config_total`
* `symc_sepm_agent_deployment_running_version`
* `symc_sepm_agent_deployment_running_version_total`
* `symc_sepm_agent_deployment_target_version`
* `symc_sepm_agent_deployment_target_version_total`
* `symc_sepm_agent_dhcp_server_config`
* `symc_sepm_agent_dhcp_server_config_total`
* `symc_sepm_agent_dns_server_config`
* `symc_sepm_agent_dns_server_config_total`
* `symc_sepm_agent_download_advisor_status`
* `symc_sepm_agent_download_advisor_status_total`
* `symc_sepm_agent_edr_status`
* `symc_sepm_agent_edr_status_total`
* `symc_sepm_agent_elam_status`
* `symc_sepm_agent_elam_status_total`
* `symc_sepm_agent_firewall_status`
* `symc_sepm_agent_firewall_status_total`
* `symc_sepm_agent_group_name_config`
* `symc_sepm_agent_group_name_config_total`
* `symc_sepm_agent_infection_severity`
* `symc_sepm_agent_install_client`
* `symc_sepm_agent_install_client_total`
* `symc_sepm_agent_ip_address_config`
* `symc_sepm_agent_ip_network_config`
* `symc_sepm_agent_ip_network_config_total`
* `symc_sepm_agent_is_cids_silent_mode`
* `symc_sepm_agent_is_cids_silent_mode_total`
* `symc_sepm_agent_is_duplicate`
* `symc_sepm_agent_is_duplicate_total`
* `symc_sepm_agent_is_infected_total`
* `symc_sepm_agent_is_online`
* `symc_sepm_agent_is_online_total`
* `symc_sepm_agent_is_vdi_client_total`
* `symc_sepm_agent_last_deployment_time`
* `symc_sepm_agent_last_heuristic_threat_time`
* `symc_sepm_agent_last_scan_time`
* `symc_sepm_agent_last_virus_time`
* `symc_sepm_agent_network_cids_status`
* `symc_sepm_agent_network_cids_status_total`
* `symc_sepm_agent_operating_system_version`
* `symc_sepm_agent_operating_system_version_total`
* `symc_sepm_agent_pep_status`
* `symc_sepm_agent_pep_status_total`
* `symc_sepm_agent_profile_version`
* `symc_sepm_agent_profile_version_total`
* `symc_sepm_agent_ptp_status`
* `symc_sepm_agent_ptp_status_total`
* `symc_sepm_agent_reboot_required_status`
* `symc_sepm_agent_reboot_required_status_total`
* `symc_sepm_agent_sonar_status`
* `symc_sepm_agent_sonar_status_total`
* `symc_sepm_agents_total`
* `symc_sepm_agent_tamper_status`
* `symc_sepm_agent_tamper_status_total`
* `symc_sepm_agent_type`
* `symc_sepm_agent_type_total`
* `symc_sepm_agent_version`
* `symc_sepm_agent_version_total`
* `symc_sepm_agent_wins_server_config`
* `symc_sepm_agent_wins_server_config_total`
* `symc_sepm_collector_errors`
* `symc_sepm_duplicate_agents_total`
* `symc_sepm_status_values`