API:获取所有IPS_Rules

Question

我遇到了一个REST脚本的问题，这个脚本工作了3个月，现在脚本出现了错误。在“api_ipsrule.list_intrusion_prevention_rules(api_version).intrusion_prevention_rules”=ips_rules“行上，脚本会因以下错误而中止：

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "E:\PythonInstall\lib\site-packages\deepsecurity\api\intrusion_prevention_rules_api.py", line 380, in list_intrusion_prevention_rules
    (data) = self.list_intrusion_prevention_rules_with_http_info(api_version, **kwargs)  # noqa: E501
  File "E:\PythonInstall\lib\site-packages\deepsecurity\api\intrusion_prevention_rules_api.py", line 458, in list_intrusion_prevention_rules_with_http_info
    collection_formats=collection_formats)
  File "E:\PythonInstall\lib\site-packages\deepsecurity\api_client.py", line 322, in call_api
    _preload_content, _request_timeout)
  File "E:\PythonInstall\lib\site-packages\deepsecurity\api_client.py", line 153, in __call_api
    _request_timeout=_request_timeout)
  File "E:\PythonInstall\lib\site-packages\deepsecurity\api_client.py", line 343, in request
    headers=headers)
  File "E:\PythonInstall\lib\site-packages\deepsecurity\rest.py", line 238, in GET
    query_params=query_params)
  File "E:\PythonInstall\lib\site-packages\deepsecurity\rest.py", line 228, in request
    raise ApiException(http_resp=r)
deepsecurity.rest.ApiException: (500)
Reason:
HTTP response headers: HTTPHeaderDict({'X-Frame-Options': 'SAMEORIGIN', 'X-XSS-Protection': '1;mode=block', 'Cache-Control': 'no-cache,no-store', 'Pragma': 'no-cache', 'X-DSM-Version': 'Deep Security/11.2.225', 'Content-Type': 'application/json', 'Content-Length': '35', 'Date': 'Mon, 07 Oct 2019 12:23:51 GMT', 'Connection': 'close'})
HTTP response body: {"message":"Internal server error"}

脚本

Script:
from __future__ import print_function
import sys, warnings
import deepsecurity
import datetime
import logging
import smtplib
from deepsecurity.rest import ApiException
from pprint import pprint

deepsecurity.Configuration.verify_ssl = False
# Setup
if not sys.warnoptions:
    warnings.simplefilter("ignore")
configuration = deepsecurity.Configuration()
configuration.host = 'https://HOST:4119/api'


# Authentication
configuration.api_key["api-secret-key"] = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
# Initialization

logger = logging.getLogger()
handler = logging.StreamHandler()
formatter = logging.Formatter(
        '%(asctime)s %(name)-12s %(levelname)-8s %(message)s')
handler.setFormatter(formatter)
logger.addHandler(handler)
logger.setLevel(logging.INFO)

handler_file = logging.FileHandler("e:\\script\\log\\log.txt")
handler_file.setLevel(logging.DEBUG)
formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
handler_file.setFormatter(formatter)
logger.addHandler(handler_file)

logger.info("Start Initialization DSCycleStart")
api_version = 'v1'
api_ipsrule = deepsecurity.IntrusionPreventionRulesApi(deepsecurity.ApiClient(configuration))

filename = "e:\\script\\config\\ruleids_dscycle.txt"
open(filename, 'w').close()
f = open(filename, "a")

logger.info("Start First")
ips_rules = api_ipsrule.list_intrusion_prevention_rules(api_version).intrusion_prevention_rules
for rule in ips_rules:
    f.write(str(rule.id) + "\n")
    highestid = rule.id

logger.info("Start Second")
# BC there is a limit of 5000 per query, it has to be done twice to get up to 10000
search_criteria = deepsecurity.SearchCriteria()
search_criteria.id_value = highestid
search_criteria.id_test = "greater-than"
search_filter = deepsecurity.SearchFilter(None, [search_criteria])


ips_rules = api_ipsrule.search_intrusion_prevention_rules(api_version, search_filter=search_filter).intrusion_prevention_rules
for rule in ips_rules:
    f.write(str(rule.id) + "\n")

logger.info("Finish DSCycleStart")

知道有什么改变了吗?我能做些什么？

Answer 1

我知道这里可能会发生什么事。大约一个月前，一个可供下载的深度安全规则更新(，DSRU)包含缺少一些元数据的规则。这并不影响规则的功能，但确实会导致从API中获取规则的问题。DSRU已被更正，因此当前可用的19-044具有完整的元数据。API也得到了改进，以避免在以后的版本中出现这种风险。

要确认是否有受影响的版本，我建议您看看是否有入侵预防规则，这些规则缺少它们的“发布日期”(在GUI中显示为N/A )。如果您有缺少元数据的版本，则可以通过从19-044之前回滚到DSRU，然后应用最新的DSRU来解决API问题。

我在&D的趋势微公司工作。