Search code examples
deepsecurity

REST API: get all computers


I have a problem with a REST API Script, which was working until I upgraded Deep Security from 11.2.225 to 20.0.366. The error occurs on the line "for computer in api_comp.search_computers(api_version, search_filter=search_filter).computers:" the error which appears, when executing the script looks like this:

2021-06-21 13:38:00,529 root         INFO     Start Initialization
2021-06-21 13:38:00,536 root         INFO     Start read RuleIDs from DSCycle File
2021-06-21 13:38:00,539 root         INFO     Start read RuleIDs from Exception List File
2021-06-21 13:38:00,614 root         INFO     get all subpolicies of DS3
2021-06-21 13:38:01,997 root         INFO     get all applicationtypes for further filtering
2021-06-21 13:38:02,053 root         INFO     start policy DS3 Windows
Traceback (most recent call last):
File "E:\Script\ApplyNewIPSRulesInCycle.py", line 144, in <module>
for computer in api_comp.search_computers(api_version, search_filter=search_filter).computers:
File "E:\PythonInstall\lib\site-packages\deepsecurity\api\computers_api.py", line 614, in 
search_computers
(data) = self.search_computers_with_http_info(api_version, **kwargs)  # noqa: E501
File "E:\PythonInstall\lib\site-packages\deepsecurity\api\computers_api.py", line 698, in 
search_computers_with_http_info
collection_formats=collection_formats)
File "E:\PythonInstall\lib\site-packages\deepsecurity\api_client.py", line 322, in call_api
_preload_content, _request_timeout)
File "E:\PythonInstall\lib\site-packages\deepsecurity\api_client.py", line 153, in __call_api
_request_timeout=_request_timeout)
File "E:\PythonInstall\lib\site-packages\deepsecurity\api_client.py", line 365, in request
body=body)
File "E:\PythonInstall\lib\site-packages\deepsecurity\rest.py", line 275, in POST
body=body)
File "E:\PythonInstall\lib\site-packages\deepsecurity\rest.py", line 228, in request
raise ApiException(http_resp=r)
deepsecurity.rest.ApiException: (400)
Reason:
HTTP response headers: HTTPHeaderDict({'X-Frame-Options': 'SAMEORIGIN', 'X-XSS-Protection': 
'1;mode=block', 'Cache-Control': 'no-cache,no-store', 'Pragma': 'no-cache', 'X-DSM-Version': 
'Deep Security/20.0.366', 'Content-Type': 'application/json', 'Content-Length': '82', 'Date': 
'Mon, 21 Jun 2021 11:38:01 GMT', 'Connection': 'close'})
HTTP response body: {"message":"Invalid SearchFilter: choiceTest is not supported for field 
policyID"}

Needed Part of the Script:

# Get all subpolicies of basepolicy
logger.info("get all subpolicies of %s", basePolicy_d.name)
all_subpolicies = []
tempnew_policies = []
temp_policies = api_policy.search_policies(api_version, search_filter=search_filter).policies
while len(temp_policies) > 0:
    for p in temp_policies:
        search_criteria.numeric_value = p.id
        search_filter = deepsecurity.SearchFilter(None, [search_criteria])
        tempnew_policies.extend(api_policy.search_policies(api_version,     search_filter=search_filter).policies)
    all_subpolicies.extend(temp_policies)
    temp_policies = tempnew_policies
    tempnew_policies = []

# Get all ApplicationTypes with incoming direction

search_criteria = deepsecurity.SearchCriteria()
search_criteria.field_name = "direction"
search_criteria.choice_test = "equal"
search_criteria.choice_value = "incoming"
search_filter = deepsecurity.SearchFilter(None, [search_criteria])
appltypesid = []
logger.info("get all applicationtypes for further filtering")
appltypes = api_appltype.search_application_types(api_version,     search_filter=search_filter).application_types
for a in appltypes:
    appltypesid.append(a.id)

f = open("e:\\script\\export\\export.txt", "a")

# Go trough all the policies that are under the D-Group
for policy in all_subpolicies:
    logger.info("start policy %s", policy.name)
    mailmsg_add = ""
    # Get all computers in that policy
    search_criteria.field_name = "policyID"
    search_criteria.numeric_value = policy.id
    search_filter = deepsecurity.SearchFilter(None, [search_criteria])
    rulesToAdd = []
    for computer in api_comp.search_computers(api_version, search_filter=search_filter).computers:
        try:
            # Get all Recommendations per Computer
            recommendation_comp = api_rec_comp.list_intrusion_prevention_rule_ids_on_computer(computer.id, api_version)
            if recommendation_comp.recommended_to_assign_rule_ids is not None:
                for rule_id in recommendation_comp.recommended_to_assign_rule_ids:
                    # Check if ConnectionDirection of recommended IPS is incoming
                    rule = api_ipsrule.describe_intrusion_prevention_rule(rule_id, api_version)
                    logger.debug("check rule %s for list of policy %s", (str(rule.id) + ": " + rule.name), policy.name)
                    if rule.application_type_id in appltypesid and rule.id in dscycle_ruleids and rule.id not in exception_ruleids:
                        # TODO:Add to a list per Policy to add new policies
                        if rule.id not in rulesToAdd:
                            mailmsg_add += "- add rule " + (str(rule.id) + ": " + rule.name) + " \r\n"
                            logger.info("add rule %s to list of policy %s", (str(rule.id) + ": " + rule.name), policy.name)
                            rulesToAdd.append(rule.id)

                        f.write(policy.name + ";" + computer.host_name + ";" + str(rule.id) + ": " + rule.name + "\n")
        except Exception as e:
            logging.exception("Exception on Computer ", computer.id)
    
   

Does anyone have an idea on why this is failing, what has changed and what I can do?


Solution

  • The logs tell us the problem is happening within the policy loop. And the error message ("Invalid SearchFilter: choiceTest is not supported for field policyID") tells us the problem is the SearchFilter includes a choiceTest when trying to search on the policyID field.

    Looking at the code, I see the search_criteria variable is re-used. That means the third time it's used, it's carrying over the choiceTest value from the second time it was used.

    Try something like this (creating a new search criteria):

    # Get all computers in that policy    
    search_criteria_policy = deepsecurity.SearchCriteria()
    search_criteria_policy.field_name = "policyID"
    search_criteria_policy.numeric_value = policy.id
    

    P.S. I work in Trend Micro R&D