Skip to content

mafranks/duplicate_exclusions_list

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
.env
.env
 
 
README.md
README.md
 
 
duplicate_exclusions_list.py
duplicate_exclusions_list.py
 
 

Repository files navigation

Setup

Update your .env file with CLIENT_ID and API_KEY for SecureX from here: https://developer.cisco.com/docs/secure-endpoint/#!authentication/3-generate-securex-api-access-token

NOTE: The Event:Read scope is required for this script to function.

Also add CLOUD = (NAM, EU, APJC)

Example .env:

CLIENT_ID="client-abcde"
API_KEY="supersecretapikey"
CLOUD="NAM"

Requirements

Python version 3.5+

Go through the Authentication instructions for SecureX to integrate Secure Endpoint and create an API Client.

NOTE: The Secure Endpoints integration API key requires a read/write scope for this script to function.

Install python requirements:

pip install requests
pip install python-dotenv

Limitations

Current API calls prevent duplicating Threat type exclusions. If you have any of those in your exclusions list, you will need to manually duplicate those exclusions.

Usage

When you first run the script you'll get authenticated and then presented with a list of organizations you belong to.

Which organization would you like to list exclusions from?
[1] - Org 1
[2] - Org 2
[3] - Org 3
Input a number listed above:

Choose a number from the list and you'll be presented with a list of exclusion sets for that organization and an option to export all lists.

Which exclusion set would you like to duplicate?
[1] - List
[2] - Another list
[3] - Yet Another list
[4] - Oh Look another list
Input a number listed above:

Next you will see output regarding the progress of the exclusion list duplication.

Created new exclusion set. Another list - Copy
Added ioc exclusion to exclusion set.
Added fileExtension exclusion to exclusion set.
Added process exclusion to exclusion set.
Added process exclusion to exclusion set.
Added process exclusion to exclusion set.
Added process exclusion to exclusion set.
Added process exclusion to exclusion set.
Added process exclusion to exclusion set.
Added path exclusion to exclusion set.
Added path exclusion to exclusion set.
Added path exclusion to exclusion set.
Added process exclusion to exclusion set.
Added process exclusion to exclusion set.
Added executable exclusion to exclusion set.
Duplication process Completed.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages