Search code examples
pythondeepsecurity

DSaaS Python Script to Search for Global Rule by HASH


Would like to use Python to search the DSaaS global rules to see if a certain HASH/SHA256 is in the global rule set.

Code below. How do I get the SHA256 value (hash256) in the search_filter object?

    hash256 = str(input("Pleas enter the hash that you would like to search: "))
    print(hash256)

    try:
        search_filter = deepsecurity.SearchFilter()

        api_response = api_instance.search_global_rules(api_version, search_filter=search_filter)
        pprint(api_response)
    except ApiException as e:
        print("An exception occurred when calling GlobalRulesApi.search_global_rules: %s\n" % e)

Not getting the search to work by HASH


Solution

  • In order to perform a search on the Application Control Global Rules you will need to first create a SearchCriteria as follows

    # Create SearchCriteria
    searchCriteria = deepsecurity.SearchCriteria(
        field_name='sha256',
        string_test='equal',
        string_value=hash256
    )
    

    and then add it to your SearchFilter object

    search_filter = deepsecurity.SearchFilter(search_criteria=searchCriteria)
    

    Overall your code will be as follows

    hash256 = str(input("Please enter the hash that you would like to search: "))
    print(hash256)
    
    # Create SearchCriteria
    searchCriteria = deepsecurity.SearchCriteria(
        field_name='sha256',
        string_test='equal',
        string_value=hash256
    )
    
    # Add SearchCriteria to SearchFilter
    search_filter = deepsecurity.SearchFilter(search_criteria=searchCriteria)
    
    try:
        api_response = api_instance.search_global_rules(api_version, search_filter=search_filter)
        pprint(api_response)
    except ApiException as e:
        print("An exception occurred when calling GlobalRulesApi.search_global_rules: %s\n" % e)
    

    Check out this guide for advanced searches, such as using wildcards and more.

    P.S. I work for Trend Micro on the Deep Security team.