dsp3.models package

Submodules

dsp3.models.host module

class dsp3.models.host.Host(ID, name, description, displayName, external, externalID, hostGroupID, hostType, platform, securityProfileID)

Bases: object

Represents a Deep Security Host

class dsp3.models.host.HostFilter(client, hostGroupId=None, host_id=None, securityProfileId=None, type=None)

Bases: object

get_transport()

dsp3.models.idfilter module

class dsp3.models.idfilter.IDFilter(id, operator, client)

Bases: object

get_transport()

dsp3.models.iplist module

class dsp3.models.iplist.IPList(id, name, description, ips)

Bases: object

Represents a Deep Security IPList

dsp3.models.manager module

class dsp3.models.manager.Manager(api_key: str = None, username: str = None, password: str = None, tenant: str = None, host: str = 'app.deepsecurity.trendmicro.com', port: int = '443', verify_ssl: bool = False, cacert_file: str = None, api_version: str = 'v1', proxy=None)

Bases: object

add_aws_cloud_account_with_cross_account_role(external_id, role_arn)
add_aws_cloud_account_with_keys(access_key, secret_key)
add_block_by_hash_rule(hash, description)

NOTE: This call only works with DSM’s > 10.2 This methods allows for the Adding of a new Block by Hash Rules to Global Ruleset.

Parameters:
  • hash – the sha256 hash of the file to bock
  • description – description of new BLock by Hash Rule
Returns:

rule that was successfully added along with its corresponding ruleID
administrators(admin_id: int = None, admin_op: str = None, max_items: int = None) → Dict[str, str]

administrators lists administrators.

:param admin_id used to define the starting point for the query. Combine with administratorIDOp. :params admin_op required if administratorID is specified. gt, ge, eq, lt,le :return: ListAdministratorsResponse json

alerts(alert_id: int = None, dismissed: bool = None, maxItems: int = None, op: str = None) → dict

alerts retrieves alert information from the dsm

Parameters:
  • alert_id – (optional) used to define the starting point for the query. Combine with op to page through results.
  • dismissed – (optional) include alerts that have been dismissed.
  • maxItems – (optional) the number of items to retrieve.
  • op – (optional, required if alertID is specified) Currently supported operations are: gt, ge, eq, lt,le
Returns:

ListAlertsResponse
antimailware_retrieve_by_name(name)

This function retrieves the AntiMalware with the provided name (Case sensitive)

Parameters:name – The name of the AntiMalware to retrieve which is case sensitive
Returns:AntiMalwareTransport object.
antimalware_event_retrieve(range_from=None, range_to=None, specific_time=None, time_type='LAST_HOUR', host_id=None, host_group_id=None, security_profile_id=None, host_type=None, event_id=1, event_operator='GREATER_THAN')

This function retreives antimalware (AM) events from the Deep Security Manager based on several criteria specifice as paramaters. Several parameters are options.

The first set of parameters are related to the time of event retrieval. All time parameters are optional and if not set time_type will default to “LAST_HOUR”.

Parameters:
  • range_from – retrieve events from this time. if range_from and range_to are set time_type is not required.
  • range_to – retrieve events to this time
  • specific_time – retieve event for a specific time. if specific_time isset time_type is not required.
  • time_type – options are: “LAST_HOUR”, “LAST_24_HOURS”, “LAST_7_DAYS”. if set range_from, range_to, and specific time are not to be specified.

The second set of parameters are related to the host/s AM event retreival is requested for. All host parameters are optional and if not set host_type will default to “ALL_HOSTS”.

Parameters:
  • host_id – host to retrieve events for. if set host_type defaults to “SPECIFIC_HOST”
  • host_group_id – group to retreive events for. if set host_type defaults to “HOSTS_IN_GROUP_AND_ALL_SUBGROUPS”
  • security_profile_id – security profile to retreive events for: if set host_type defaults to “HOSTS_USING_SECURITY_PROFILE”
  • host_type – optional. options are “ALL_HOSTS”, “HOSTS_IN_GROUP”, “HOSTS_USING_SECURITY_PROFILE”, “HOSTS_IN_GROUP_AND_ALL_SUBGROUPS”,”SPECIFIC_HOST”, “MY_HOSTS”

These parameters are used as a search criteria to limit the scope of objects returned by event transport object ID :param event_id: Event transport objects ID to filter by. if not set will default to 1 :param event_operator: options “GREATER_THAN”, “LESS_THAN”, “EQUAL”. if not set will default to “GREATER_THAN”

Returns:None or [] of AntiMalwareEvent
antimalware_retreive_all()
Returns:
api_keys()

api_key auth required to use this call

Returns:json object listing all api key info
appcontrol_event(event_id: int) → Dict[str, str]

Get the Application Control event with the specified event ID.

Parameters:event_id – the event ID
Returns:DescribeEventResponse json dict. containing the event with the specific ID
appcontrol_events(event_time: datetime.datetime = None, event_time_op: str = None, max_items: int = None) → Dict[str, str]

TODO: IMplement eventID and eventIDOp parameters NOTE: This call only supported in DS10 and higher

Parameters:
  • event_time – the event time to query for events.
  • event_time_op – gt(greater than), ge(greater than or equal to), eq(eqaul to), lt(less than), and le(less than or equal to). If an unsupported operator is provided, the default is ‘eq’.
  • max_items – the maximum number of events to return
Returns:

ListEventsResponse json dictionary
application_type_retreive_by_name(name)
cloudaccout_syncronize(id: str) → Dict[str, str]
Parameters:id
Returns:
cloudaccout_testconnection(id: str) → Dict[str, str]
Parameters:id
Returns:
computer_describe(host_id: int)
create_tenant(database_server_id: int, name: str, description: str, agent_initated_activation_password: str, time_zone: str, locale: str, modules_visible: List[str], hide_unlicensed_modules: bool, last_signin_time: int, tenant_state: str, activation_codes: List[str], username: str, password: str, full_name: str, admin_description: str, role_id: int, admin_locale: str, admin_time_zone: str, time_format: str, password_never_expires: bool, active: bool, mfa_type: str, phone_number: str, mobile_number: str, pager_number: str, email_address: str, primary_contact: bool, receive_notifications: bool, report_pdf_password_enabled: bool, report_pdf_password: str, utf_offset: str, bypass_tenant_cache: bool = False, confirmation_required: bool = False, asynchronous: bool = False, demo_mode: bool = False)
decision_log(decision_log_id: int) → Dict[str, str]
decision_log_details(decision_log_id: int, start_id: int = 1, count: int = 1) → Dict[str, str]
decision_logs() → Dict[str, str]
delete_block_by_hash_rule(rule_id)

NOTE: This call only works with DSM’s > 10.2 This method provides for deleting an existing Block by Hash Rules to Global Ruleset.

Parameters:rule_id – The id of the Block by Hash rule to delete
Returns:response payload
delete_ip_list(ids)

Deletes the ip_list with the give id

Parameters:ids – The id(s) of the ip_list(s) to delete as a string. For a single id use a string and a list of string ids for multiple deletions
Returns:None
dpi_event_retrieve(range_from=None, range_to=None, specific_time=None, time_type='LAST_HOUR', host_id=None, host_group_id=None, security_profile_id=None, host_type=None, event_id=1, event_operator='GREATER_THAN')

This function retrieves Deep Packet Inspection (DPI) events from the Deep Security Manager based on several criteria specifice as paramaters. Several parameters are options.

The first set of parameters are related to the time of event retrieval. All time parameters are optional and if not set time_type will default to “LAST_HOUR”.

Parameters:
  • range_from – retrieve events from this time. if range_from and range_to are set time_type is not required.
  • range_to – retrieve events to this time
  • specific_time – retieve event for a specific time. if specific_time isset time_type is not required.
  • time_type – options are: “LAST_HOUR”, “LAST_24_HOURS”, “LAST_7_DAYS”. if set range_from, range_to, and specific time are not to be specified.

The second set of parameters are related to the host/s AM event retreival is requested for. All host parameters are optional and if not set host_type will default to “ALL_HOSTS”.

Parameters:
  • host_id – host to retrieve events for. if set host_type defaults to “SPECIFIC_HOST”
  • host_group_id – group to retreive events for. if set host_type defaults to “HOSTS_IN_GROUP_AND_ALL_SUBGROUPS”
  • security_profile_id – security profile to retreive events for: if set host_type defaults to “HOSTS_USING_SECURITY_PROFILE”
  • host_type – optional. options are “ALL_HOSTS”, “HOSTS_IN_GROUP”, “HOSTS_USING_SECURITY_PROFILE”, “HOSTS_IN_GROUP_AND_ALL_SUBGROUPS”,”SPECIFIC_HOST”, “MY_HOSTS”

These parameters are used as a search criteria to limit the scope of objects returned by event transport object ID :param event_id: Event transport objects ID to filter by. if not set will default to 1 :param event_operator: options “GREATER_THAN”, “LESS_THAN”, “EQUAL”. if not set will default to “GREATER_THAN”

Returns:None or [] of DPIEventTransport
dpi_rule_retrieve_by_id(id)

Retrieves info on a DPI rule by rule id

Parameters:id – dpi rule id
Returns:suds.sudsobject.DPIRuleTransport
dpi_rule_retrieve_by_name(name)
dpi_rule_save(application_type, name, eventOnPacketDrop, eventOnPacketModify, templateType, patternAction, patternIf, priority, signatureAction, severity, ruleXML, detectOnly=False, disableEvent=False, ignoreRecommendations=False, includePacketData=False, patternCaseSensitive=False, raiseAlert=False, signatureCaseSensitive=False, cvssScore=0, authoritative=False)
dpi_rules_all()
Returns:
drift_applications(host_id: int, start_time: datetime.datetime, end_time: datetime.datetime, file_name: str, host_name: str)
end_session() → None
Returns:
event_based() → dict

List event-based tasks.

Returns:ListEventBasedTasksResponse json object
event_based_delete(id: int) → int

Delete an event-based task.

Parameters:id – id of event based task
Returns:http status code
event_based_task_create(name: str, conditions: List[dict], actions: List[dict], task_type: str = 'computer-created-by-system', enabled: bool = True) → dict
Parameters:name
:param conditions list of dicts {field:’‘, key:’‘, value:’‘}
field value one of: hostnameMatch, vcenterMatch, cloudProviderMatch, securityGroupMatch, imageIdMatch, esxMatch,folderMatch,platformMatch, applianceProtectionAvailable True or False, applianceProtectionActivated True or False, lastUsedIP, tagMatch, nsxSecurityGroupMatch
:param actions List of dicts {‘type’:’‘, ‘parameterValue’:’‘}
type value one of: activate, assign-policy, assign-relay, assign-group, deactivate
Parameters:type – one of: computer-created-by-system, agent-initiated-activation, agent-ip-changed, nsx-protection-changed, computer-powered-on-by-system

:param enabled the enabled state for this task.

Returns:CreateEventBasedTaskResponse
fw_event_retrieve(range_from=None, range_to=None, specific_time=None, time_type='LAST_HOUR', host_id=None, host_group_id=None, security_profile_id=None, host_type=None, event_id=1, event_operator='GREATER_THAN')

This function retrieves firewall (FW) events from the Deep Security Manager based on several criteria specifice as paramaters. Several parameters are options.

The first set of parameters are related to the time of event retrieval. All time parameters are optional and if not set time_type will default to “LAST_HOUR”.

Parameters:
  • range_from – retrieve events from this time. if range_from and range_to are set time_type is not required.
  • range_to – retrieve events to this time
  • specific_time – retieve event for a specific time. if specific_time isset time_type is not required.
  • time_type – options are: “LAST_HOUR”, “LAST_24_HOURS”, “LAST_7_DAYS”. if set range_from, range_to, and specific time are not to be specified.

The second set of parameters are related to the host/s AM event retreival is requested for. All host parameters are optional and if not set host_type will default to “ALL_HOSTS”.

Parameters:
  • host_id – host to retrieve events for. if set host_type defaults to “SPECIFIC_HOST”
  • host_group_id – group to retreive events for. if set host_type defaults to “HOSTS_IN_GROUP_AND_ALL_SUBGROUPS”
  • security_profile_id – security profile to retreive events for: if set host_type defaults to “HOSTS_USING_SECURITY_PROFILE”
  • host_type – optional. options are “ALL_HOSTS”, “HOSTS_IN_GROUP”, “HOSTS_USING_SECURITY_PROFILE”, “HOSTS_IN_GROUP_AND_ALL_SUBGROUPS”,”SPECIFIC_HOST”, “MY_HOSTS”

These parameters are used as a search criteria to limit the scope of objects returned by event transport object ID :param event_id: Event transport objects ID to filter by. if not set will default to 1 :param event_operator: options “GREATER_THAN”, “LESS_THAN”, “EQUAL”. if not set will default to “GREATER_THAN”

Returns:None or [] of FireWallEvent
fw_rule_retrieve_by_id(id)

Retrieves info on a FW rule by rule id

Parameters:id – fw rule id
Returns:suds.sudsobject.FirewallRuleTransport
fw_rule_save(fw_rule)
Parameters:fw_rule – FirewallRuleTransport object to create or save
Returns:Newly created FirewallRuleTransport object.
get_api_version() → int

Retrieves the api version of Trend Micro’s Deep Security SOAP Web Service.

Returns:int: The api version number.
get_cloudaccount(id)
Parameters:id
Returns:
get_cloudaccounts()
Returns:
get_host_by_name(name: str)
Parameters:name
Returns:
get_ip_list(id)
get_ip_list_by_name(name)
get_ip_lists_all() → List[dsp3.models.iplist.IPList]
get_jvmusage(manager_node_id: str = '', from_date: datetime.datetime = None, to_date: datetime.datetime = None) → Dict[str, str]
Parameters:
  • manager_node_id – ID of the manager node to retrieve usage info for. If not set, usage info for all manager nodes is retrieved.
  • from_date – The date from which to list the usage statistics. If not set, then a time of one hour ago is used.
  • to_date – The date up to which to gather the usage. If not set, the current time is used.
Returns:

Dict[str, str] containing json virtual machine statistics.
get_port_lists_all() → List[dsp3.models.portlist.PortList]

Retrieves a list of all reusable post lists.

Returns:List[dsp3.models.portlist.PortList]
get_security_profile(id: int)
Parameters:id – security policy id
Returns:suds.sudsobject.SecurityProfileTransport
get_security_profile_by_name(name)
Parameters:name – security policy name
Returns:suds.sudsobject.SecurityProfileTransport
get_trusted_update_mode(host_id: int) → str

This function retreives the trusted (maintenance) mode status of the host specified. NOTE: This call only supported in DS10 and higher

Parameters:host_id – the id of the host to retreive trust update mode (maintenance) status on
Returns:json string of the format { “DescribeTrustedUpdateModeResponse”:
{
“startTimeHuman”:”Sunday Jan 29 18:00:17 PM EST”, “endTimeHuman”:”Sunday Jan 29 18:10:17 PM EST”, “state”:”on”, “startTime”:1485730817728, “endTime”:1485731417728

}

}
hostRetrieveByHostGroup(id)
host_agent_activate(ids: List[int]) → None
Parameters:ids
Returns:
host_agent_deactivate(ids: List[int]) → None
Parameters:ids
Returns:
host_clear_warnings_and_errors(hosts)
Parameters:hosts – int if single host or list[int] if many hosts
Returns:
host_components(host_id: str)
Parameters:host_id
Returns:
host_create(host_transport)
host_delete(ids)
host_detail_retrieve(host_group_id: int = None, host_id: int = None, security_profile_id: int = None, host_type=None, host_detail_level: str = 'HIGH')

This function allows it, to get more information about hosts. (e.g. ‘virtual Name’ and ‘virtual Uuid’ of host)

Parameters:host_detail_level – options are: “LOW”, “MEDIUM” and “HIGH”
host_getevents_now(ids: List[int]) → None
Parameters:ids
Returns:
host_getevents_nowsync(id: str) → None
Parameters:id
Returns:
host_group_create(name, description='', external=False, external_id=None, parent_group_id=None)
Parameters:name
Returns:
host_group_delete(id)
host_group_retrieve_all()
Returns:List of HostGroupTransport objects. Example object below: (HostGroupTransport){
ID = 425 description = None name = “vpc-7b3bd512” external = True externalID = None parentGroupID = 424

}
host_group_retrieve_by_id(id)
host_group_retrieve_by_name(name)
host_integrity_scan(ids: List[int]) → None
Parameters:ids
Returns:
host_move_to_hosts_group(host_ids, host_group_id)
host_reccommendation_rule_ids_retrieve(host_id, rule_type=1, only_unassigned=False)
Parameters:
  • host_id
  • rule_type – 1=Intrusion Prevention application type rule, 2=Intrusion Prevention inspection rule, 4=Integrity Monitoring rule, 5=Log Inspection rule)
  • only_unassigned
Returns:

list of rule ids
host_recommendation_scan(ids: List[int])

This function runs a recomendation scan on an individual or list of hosts by id.

Parameters:ids – list of host ids to scan for reccomendations
Returns:None
host_retrieve_all()
Returns:
host_retrieve_by_hostgroup(host_group_id)

Retrieve hosts by host group.

Parameters:host_group_id – id of the host group.
Returns:List of HostTransport Objects. Example below:
(HostTransport){
ID = 1604 description = None name = “ec2-184-72-238-128.compute-1.amazonaws.com” displayName = “Ubuntu nginx Web Server” external = True externalID = None hostGroupID = 432 hostType = “STANDARD” platform = “Ubuntu Linux 12 (64 bit) (3.2.0-31-virtual)” securityProfileID = 201

}
host_status(id: int)
Parameters:id – DS host id as string
Returns:suds.sudsobject.HostStatusTransport
host_update_now(ids: List[int]) → None
Parameters:ids
Returns:
im_event_retrieve(range_from=None, range_to=None, specific_time=None, time_type='LAST_HOUR', host_id=None, host_group_id=None, security_profile_id=None, host_type=None, event_id=1, event_operator='GREATER_THAN')

This function retrieves integrity monitorinig (IM) events from the Deep Security Manager based on several criteria specifice as paramaters. Several parameters are options.

The first set of parameters are related to the time of event retrieval. All time parameters are optional and if not set time_type will default to “LAST_HOUR”.

Parameters:
  • range_from – retrieve events from this time. if range_from and range_to are set time_type is not required.
  • range_to – retrieve events to this time
  • specific_time – retieve event for a specific time. if specific_time isset time_type is not required.
  • time_type – options are: “LAST_HOUR”, “LAST_24_HOURS”, “LAST_7_DAYS”. if set range_from, range_to, and specific time are not to be specified.

The second set of parameters are related to the host/s AM event retreival is requested for. All host parameters are optional and if not set host_type will default to “ALL_HOSTS”.

Parameters:
  • host_id – host to retrieve events for. if set host_type defaults to “SPECIFIC_HOST”
  • host_group_id – group to retreive events for. if set host_type defaults to “HOSTS_IN_GROUP_AND_ALL_SUBGROUPS”
  • security_profile_id – security profile to retreive events for: if set host_type defaults to “HOSTS_USING_SECURITY_PROFILE”
  • host_type – optional. options are “ALL_HOSTS”, “HOSTS_IN_GROUP”, “HOSTS_USING_SECURITY_PROFILE”, “HOSTS_IN_GROUP_AND_ALL_SUBGROUPS”,”SPECIFIC_HOST”, “MY_HOSTS”

These parameters are used as a search criteria to limit the scope of objects returned by event transport object ID :param event_id: Event transport objects ID to filter by. if not set will default to 1 :param event_operator: options “GREATER_THAN”, “LESS_THAN”, “EQUAL”. if not set will default to “GREATER_THAN”

Returns:None or [] of IntegrityEventTransport
ip_list_save(ip_list)
is_instance_protected_by_malware(host_name)
li_event_retrieve(range_from=None, range_to=None, specific_time=None, time_type='LAST_HOUR', host_id=None, host_group_id=None, security_profile_id=None, host_type=None, event_id=1, event_operator='GREATER_THAN')

This function retrieves log inspection (LI) events from the Deep Security Manager based on several criteria specifice as paramaters. Several parameters are options.

The first set of parameters are related to the time of event retrieval. All time parameters are optional and if not set time_type will default to “LAST_HOUR”.

Parameters:
  • range_from – retrieve events from this time. if range_from and range_to are set time_type is not required.
  • range_to – retrieve events to this time
  • specific_time – retieve event for a specific time. if specific_time isset time_type is not required.
  • time_type – options are: “LAST_HOUR”, “LAST_24_HOURS”, “LAST_7_DAYS”. if set range_from, range_to, and specific time are not to be specified.

The second set of parameters are related to the host/s AM event retreival is requested for. All host parameters are optional and if not set host_type will default to “ALL_HOSTS”.

Parameters:
  • host_id – host to retrieve events for. if set host_type defaults to “SPECIFIC_HOST”
  • host_group_id – group to retreive events for. if set host_type defaults to “HOSTS_IN_GROUP_AND_ALL_SUBGROUPS”
  • security_profile_id – security profile to retreive events for: if set host_type defaults to “HOSTS_USING_SECURITY_PROFILE”
  • host_type – optional. options are “ALL_HOSTS”, “HOSTS_IN_GROUP”, “HOSTS_USING_SECURITY_PROFILE”, “HOSTS_IN_GROUP_AND_ALL_SUBGROUPS”,”SPECIFIC_HOST”, “MY_HOSTS”

These parameters are used as a search criteria to limit the scope of objects returned by event transport object ID :param event_id: Event transport objects ID to filter by. if not set will default to 1 :param event_operator: options “GREATER_THAN”, “LESS_THAN”, “EQUAL”. if not set will default to “GREATER_THAN”

Returns:None or [] of LogInspectionEventTransport
list_block_by_hash_rules()

NOTE: This call only works with DSM’s > 10.2

Returns:Listing of existing Block by Hash Rules from Global Ruleset
list_relays(ascending: bool = None, background: bool = False, failed: bool = False, max_items: int = None, offset: int = None, sort_by: str = None)

List relays :param ascending: (optional) set true indicate ascending. Default is true. This parameter only works with sortBy. :param background: (optional) If true, does not extends the session. Default false. :param failed: (optional) set true, indicate that the API only returns the failure records of enabling/disabling.

If false, the API returns valid relays according to the specified criteria. Default is false.
Parameters:
  • maxItems – (optional) the number of items to retrieve. The maximum value for this parameter is controlled by the “Maximum number of items to retrieve from database” setting on the administrator account, which defaults to 5000.
  • offset – (optional) used to define the starting point for the query. This parameter only works with sortBy.
  • sort_by – (optional) used to define the sorting field. The only available sorting column is Name. However, if sortBy is not specified, the default sorting column is id. This parameter can work with maxItems, ascending and offset.
Returns:

ListRelaysResponse a ListRelaysResponse with the host details.
manager_info_components() → dict

Retrieves detailed component info in current system

Returns:ComponentInfoElement
manager_info_feature_summary(timescale: int) → dict

Retrieves the status summary of each protection feature

:param timescale 1 [last 7 days] or 2 [last 24 hours] :return: FeatureSummaryElement

manager_info_status_summary() → dict

Retrieves the status summary of the system

Returns:StatusSummaryElement
manager_info_version() → str

Retrieve DSM version.

Returns:str representation of DSM version
reports(id: int = None, max_items: int = None, op: str = None)
List report templates.
param id:(optional) used to define the starting point for the query. Combine with op to page through results.
param max_integers:
 
param op:(optional, required if id is specified) Currently supported operations are: gt (greater than), ge (greater than or equal to), eq (equal to), lt (less than), le (less than or equal to)
return:ListReportTemplatesResponse with the report template details.
save_ip_list(ip_list: dsp3.models.iplist.IPList) → Dict
scripts(id: int = None, max_items: int = None, op: str = None)
Parameters:
  • id – (optional) used to define the starting point for the query. Combine with op to page through results.
  • max_integers
  • op – (optional, required if id is specified) Currently supported operations are: gt (greater than), ge (greater than or equal to), eq (equal to), lt (less than), le (less than or equal to)
Returns:

ListScriptsResponse with the list of scripts.
security_profile_assign_to_host(securityid: int, hostid: int) → None
Parameters:
  • securityid – security policy id
  • hostid – host id
Returns:
security_profile_reccommendation_rule_ids_retrieve(profile_id, rule_type=1)
Parameters:
  • profile_id – security policy id
  • rule_type – rule_type: 1=Intrusion Prevention application type rule, 2=Intrusion Prevention inspection rule, 4=Integrity Monitoring rule, 5=Log Inspection rule
Returns:

list of rule ids
security_profile_save(security_profile_transport_object)
Parameters:security_profile_transport_object – suds.sudsobject.SecurityProfileTransport
Returns:suds.sudsobject.SecurityProfileTransport
set_trusted_update_mode(host_id: int, duration: int = 0, enabled: bool = True) → str

This function sets the trusted (maintenance) mode status of the host specified for a specific duration. NOTE: This call only supported in DS10 and higher

Parameters:
  • host_id – host to enable or disable trusted (maintenance) mode for
  • duration – the amount of time to enable trusted mode. Not required for disable request
  • enabled – True to enable or False to disable trusted mode
Returns:

status code
software_retrieve_all()
system_event_retrieve(range_from=None, range_to=None, specific_time=None, time_type='LAST_HOUR', host_id=None, host_group_id=None, security_profile_id=None, host_type=None, event_id=1, event_operator='GREATER_THAN', includeNonHostEvents=True)

This function retrieves system events from the Deep Security Manager based on several criteria specifice as paramaters. Several parameters are options.

The first set of parameters are related to the time of event retrieval. All time parameters are optional and if not set time_type will default to “LAST_HOUR”.

Parameters:
  • range_from – retrieve events from this time. if range_from and range_to are set time_type is not required.
  • range_to – retrieve events to this time
  • specific_time – retieve event for a specific time. if specific_time isset time_type is not required.
  • time_type – options are: “LAST_HOUR”, “LAST_24_HOURS”, “LAST_7_DAYS”. if set range_from, range_to, and specific time are not to be specified.

The second set of parameters are related to the host/s AM event retreival is requested for. All host parameters are optional and if not set host_type will default to “ALL_HOSTS”.

Parameters:
  • host_id – host to retrieve events for. if set host_type defaults to “SPECIFIC_HOST”
  • host_group_id – group to retreive events for. if set host_type defaults to “HOSTS_IN_GROUP_AND_ALL_SUBGROUPS”
  • security_profile_id – security profile to retreive events for: if set host_type defaults to “HOSTS_USING_SECURITY_PROFILE”
  • host_type – optional. options are “ALL_HOSTS”, “HOSTS_IN_GROUP”, “HOSTS_USING_SECURITY_PROFILE”, “HOSTS_IN_GROUP_AND_ALL_SUBGROUPS”,”SPECIFIC_HOST”, “MY_HOSTS”

These parameters are used as a search criteria to limit the scope of objects returned by event transport object ID :param event_id: Event transport objects ID to filter by. if not set will default to 1 :param event_operator: options “GREATER_THAN”, “LESS_THAN”, “EQUAL”. if not set will default to “GREATER_THAN”

Returns:None or [] of SystemEventTransport
tenants()

api_key auth required to use this call

Returns:json object listing tenants
webrep_event_retrieve(range_from=None, range_to=None, specific_time=None, time_type='LAST_HOUR', host_id=None, host_group_id=None, security_profile_id=None, host_type=None, event_id=1, event_operator='GREATER_THAN')

This function retreives web reputation (WR) events from the Deep Security Manager based on several criteria specifice as paramaters. Several parameters are options.

The first set of parameters are related to the time of event retrieval. All time parameters are optional and if not set time_type will default to “LAST_HOUR”.

Parameters:
  • range_from – retrieve events from this time. if range_from and range_to are set time_type is not required.
  • range_to – retrieve events to this time
  • specific_time – retieve event for a specific time. if specific_time isset time_type is not required.
  • time_type – options are: “LAST_HOUR”, “LAST_24_HOURS”, “LAST_7_DAYS”. if set range_from, range_to, and specific time are not to be specified.

The second set of parameters are related to the host/s AM event retreival is requested for. All host parameters are optional and if not set host_type will default to “ALL_HOSTS”.

Parameters:
  • host_id – host to retrieve events for. if set host_type defaults to “SPECIFIC_HOST”
  • host_group_id – group to retreive events for. if set host_type defaults to “HOSTS_IN_GROUP_AND_ALL_SUBGROUPS”
  • security_profile_id – security profile to retreive events for: if set host_type defaults to “HOSTS_USING_SECURITY_PROFILE”
  • host_type – optional. options are “ALL_HOSTS”, “HOSTS_IN_GROUP”, “HOSTS_USING_SECURITY_PROFILE”, “HOSTS_IN_GROUP_AND_ALL_SUBGROUPS”,”SPECIFIC_HOST”, “MY_HOSTS”

These parameters are used as a search criteria to limit the scope of objects returned by event transport object ID :param event_id: Event transport objects ID to filter by. if not set will default to 1 :param event_operator: options “GREATER_THAN”, “LESS_THAN”, “EQUAL”. if not set will default to “GREATER_THAN”

Returns:None or [] of WebReputationEvent

dsp3.models.modify_trusted_update_mode_request module

class dsp3.models.modify_trusted_update_mode_request.ModifyTrustedUpdateModeRequest(duration: int, enabled: bool)

Bases: object

to_json()

dsp3.models.portlist module

class dsp3.models.portlist.PortList(id, name, description, ports, tbuid)

Bases: object

Represents a Deep Security Port List

dsp3.models.review_application_drift_request module

class dsp3.models.review_application_drift_request.DescribeApplicationRequest(scope)

Bases: object

to_json()
class dsp3.models.review_application_drift_request.PropertyFilter(file_name: str, host_name: str)

Bases: object

to_json()
class dsp3.models.review_application_drift_request.ReviewApplicationDriftRequest(scope: dsp3.models.review_application_drift_request.Scope, action: str = 'allow')

Bases: object

to_json()
class dsp3.models.review_application_drift_request.Scope(filter: dsp3.models.review_application_drift_request.PropertyFilter, time_range: dsp3.models.review_application_drift_request.TimeRange, host_group_id=0, smart_folder_id=None)

Bases: object

to_json()
class dsp3.models.review_application_drift_request.TimeRange(end: datetime.datetime = 0, start: datetime.datetime = 0)

Bases: object

to_json()

dsp3.models.timefilter module

class dsp3.models.timefilter.TimeFilter(suds_client, rangeFrom=None, rangeTo=None, specificTime=None, time_type='LAST_HOUR')

Bases: object

Represents a Deep Security TimeFilter Transport

get_transport()

Module contents