API:得到全部IPS_Rules

API: get all IPS_Rules

我的 REST API 脚本有问题,该脚本运行了 3 个月,现在该脚本因错误而中止。 在 "ips_rules = api_ipsrule.list_intrusion_prevention_rules(api_version).intrusion_prevention_rules" 行,脚本因以下错误而中止:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "E:\PythonInstall\lib\site-packages\deepsecurity\api\intrusion_prevention_rules_api.py", line 380, in list_intrusion_prevention_rules
    (data) = self.list_intrusion_prevention_rules_with_http_info(api_version, **kwargs)  # noqa: E501
  File "E:\PythonInstall\lib\site-packages\deepsecurity\api\intrusion_prevention_rules_api.py", line 458, in list_intrusion_prevention_rules_with_http_info
    collection_formats=collection_formats)
  File "E:\PythonInstall\lib\site-packages\deepsecurity\api_client.py", line 322, in call_api
    _preload_content, _request_timeout)
  File "E:\PythonInstall\lib\site-packages\deepsecurity\api_client.py", line 153, in __call_api
    _request_timeout=_request_timeout)
  File "E:\PythonInstall\lib\site-packages\deepsecurity\api_client.py", line 343, in request
    headers=headers)
  File "E:\PythonInstall\lib\site-packages\deepsecurity\rest.py", line 238, in GET
    query_params=query_params)
  File "E:\PythonInstall\lib\site-packages\deepsecurity\rest.py", line 228, in request
    raise ApiException(http_resp=r)
deepsecurity.rest.ApiException: (500)
Reason:
HTTP response headers: HTTPHeaderDict({'X-Frame-Options': 'SAMEORIGIN', 'X-XSS-Protection': '1;mode=block', 'Cache-Control': 'no-cache,no-store', 'Pragma': 'no-cache', 'X-DSM-Version': 'Deep Security/11.2.225', 'Content-Type': 'application/json', 'Content-Length': '35', 'Date': 'Mon, 07 Oct 2019 12:23:51 GMT', 'Connection': 'close'})
HTTP response body: {"message":"Internal server error"}

脚本

Script:
from __future__ import print_function
import sys, warnings
import deepsecurity
import datetime
import logging
import smtplib
from deepsecurity.rest import ApiException
from pprint import pprint

deepsecurity.Configuration.verify_ssl = False
# Setup
if not sys.warnoptions:
    warnings.simplefilter("ignore")
configuration = deepsecurity.Configuration()
configuration.host = 'https://HOST:4119/api'


# Authentication
configuration.api_key["api-secret-key"] = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
# Initialization

logger = logging.getLogger()
handler = logging.StreamHandler()
formatter = logging.Formatter(
        '%(asctime)s %(name)-12s %(levelname)-8s %(message)s')
handler.setFormatter(formatter)
logger.addHandler(handler)
logger.setLevel(logging.INFO)

handler_file = logging.FileHandler("e:\script\log\log.txt")
handler_file.setLevel(logging.DEBUG)
formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
handler_file.setFormatter(formatter)
logger.addHandler(handler_file)

logger.info("Start Initialization DSCycleStart")
api_version = 'v1'
api_ipsrule = deepsecurity.IntrusionPreventionRulesApi(deepsecurity.ApiClient(configuration))

filename = "e:\script\config\ruleids_dscycle.txt"
open(filename, 'w').close()
f = open(filename, "a")

logger.info("Start First")
ips_rules = api_ipsrule.list_intrusion_prevention_rules(api_version).intrusion_prevention_rules
for rule in ips_rules:
    f.write(str(rule.id) + "\n")
    highestid = rule.id

logger.info("Start Second")
# BC there is a limit of 5000 per query, it has to be done twice to get up to 10000
search_criteria = deepsecurity.SearchCriteria()
search_criteria.id_value = highestid
search_criteria.id_test = "greater-than"
search_filter = deepsecurity.SearchFilter(None, [search_criteria])


ips_rules = api_ipsrule.search_intrusion_prevention_rules(api_version, search_filter=search_filter).intrusion_prevention_rules
for rule in ips_rules:
    f.write(str(rule.id) + "\n")

logger.info("Finish DSCycleStart")

知道发生了什么变化或我可以做什么吗?

我知道这里会发生什么。大约一个月前,有一段短暂的时间可供下载的趋势科技深度安全防护系统规则更新 (DSRU) 包含缺少一些元数据的规则。这不会影响规则的功能,但会导致从 API 中获取规则时出现问题。 DSRU 已更正,因此当前可用的 19-044 具有完整的元数据。 API 也得到了改进,以避免在未来的版本中出现这种风险。

为了确认您是否有受影响的版本,我建议您查看是否有缺少 "issued date"(在 GUI 中显示为 N/A)的入侵防御规则。如果您确实拥有缺少元数据的版本,则可以通过回滚到 19-044 之前的 DSRU,然后应用最新的 DSRU 来解决 API 问题。

P.S。我在 Trend Micro 的 Deep Security 研发部门工作