安全云脑 SECMASTER-创建告警:Python

时间：2023-12-06 18:52:42

安全云脑 SECMASTER

Python

创建一条告警，告警名称为MyXXX，标签为MyXXX，URL为http://xxx，发生次数为4次，置信度为4，严重等级为tips。

# coding: utf-8

from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdksecmaster.v2.region.secmaster_region import SecMasterRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdksecmaster.v2 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.getenv("CLOUD_SDK_AK")
    sk = os.getenv("CLOUD_SDK_SK")

    credentials = BasicCredentials(ak, sk) \

    client = SecMasterClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(SecMasterRegion.value_of("cn-north-4")) \
        .build()

    try:
        request = CreateAlertRequest()
        listFileInfoDataObject = [
            AlertFileInfo(
                file_path="MyXXX",
                file_content="MyXXX",
                file_new_path="MyXXX",
                file_hash="MyXXX",
                file_md5="MyXXX",
                file_sha256="MyXXX",
                file_attr="MyXXX"
            )
        ]
        listUserInfoDataObject = [
            AlertUserInfo(
                user_id="909494e3-558e-46b6-a9eb-07a8e18ca62f",
                user_name="MyXXX"
            )
        ]
        listProcessDataObject = [
            AlertProcess(
                process_name="MyXXX",
                process_path="MyXXX",
                process_pid=123,
                process_uid=123,
                process_cmdline="MyXXX"
            )
        ]
        malwareDataObject = AlertMalware(
            malware_family="family",
            malware_class="恶意占用内存"
        )
        remediationDataObject = AlertRemediation(
            recommendation="MyXXX",
            url="MyXXX"
        )
        listResourceListDataObject = [
            AlertResourceList(
                id="909494e3-558e-46b6-a9eb-07a8e18ca62f",
                name="MyXXX",
                type="MyXXX",
                region_id="909494e3-558e-46b6-a9eb-07a8e18ca62f",
                domain_id="909494e3-558e-46b6-a9eb-07a8e18ca62f",
                project_id="909494e3-558e-46b6-a9eb-07a8e18ca62f",
                ep_id="909494e3-558e-46b6-a9eb-07a8e18ca62f",
                ep_name="MyXXX",
                tags="909494e3-558e-46b6-a9eb-07a8e18ca62f"
            )
        ]
        destGeoNetworkList = AlertDestGeo(
            latitude=90,
            longitude=180
        )
        srcGeoNetworkList = AlertSrcGeo(
            latitude=90,
            longitude=180
        )
        listNetworkListDataObject = [
            AlertNetworkList(
                direction="{}",
                protocol="TCP",
                src_ip="192.168.0.1",
                src_port=1,
                src_domain="xxx",
                src_geo=srcGeoNetworkList,
                dest_ip="192.168.0.1",
                dest_port="1",
                dest_domain="xxx",
                dest_geo=destGeoNetworkList
            )
        ]
        dataSourceDataObject = AlertDataSource(
            source_type=3,
            domain_id="909494e3-558e-46b6-a9eb-07a8e18ca62f",
            project_id="909494e3-558e-46b6-a9eb-07a8e18ca62f",
            region_id="909494e3-558e-46b6-a9eb-07a8e18ca62f",
            product_name="test",
            product_feature="test"
        )
        environmentDataObject = AlertEnvironment(
            vendor_type="MyXXX",
            domain_id="909494e3-558e-46b6-a9eb-07a8e18ca62f",
            region_id="909494e3-558e-46b6-a9eb-07a8e18ca62f",
            project_id="909494e3-558e-46b6-a9eb-07a8e18ca62f"
        )
        dataObjectbody = Alert(
            version="1.0",
            id="909494e3-558e-46b6-a9eb-07a8e18ca62f",
            workspace_id="909494e3-558e-46b6-a9eb-07a8e18ca620",
            labels="MyXXX",
            environment=environmentDataObject,
            data_source=dataSourceDataObject,
            first_observed_time="2021-01-30T23:00:00Z+0800",
            last_observed_time="2021-01-30T23:00:00Z+0800",
            create_time="2021-01-30T23:00:00Z+0800",
            arrive_time="2021-01-30T23:00:00Z+0800",
            title="MyXXX",
            description="This my XXXX",
            source_url="http://xxx",
            count=4,
            confidence=4,
            severity="TIPS",
            criticality=4,
            network_list=listNetworkListDataObject,
            resource_list=listResourceListDataObject,
            remediation=remediationDataObject,
            verification_state="Unknown – 未知,True_Positive – 确认,False_Positive – 误报。默认填写Unknown",
            handle_status="Open – 打开,Block – 阻塞,Closed – 关闭。默认填写Open",
            sla=60000,
            update_time="2021-01-30T23:00:00Z+0800",
            close_time="2021-01-30T23:00:00Z+0800",
            ipdrr_phase="Prepartion|Detection and Analysis|Containm,Eradication& Recovery| Post-Incident-Activity",
            simulation="false",
            actor="刘一博",
            owner="MyXXX",
            creator="MyXXX",
            close_reason="误检;已解决;重复;其他",
            close_comment="误检;已解决;重复;其他",
            malware=malwareDataObject,
            system_info={},
            process=listProcessDataObject,
            user_info=listUserInfoDataObject,
            file_info=listFileInfoDataObject,
            system_alert_table={}
        )
        request.body = CreateAlertRequestBody(
            data_object=dataObjectbody
        )
        response = client.create_alert(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)