built4tech

Python script that allows to blacklist IPs on McAfee Network Security Platform. The uses is quite straightforward, bellow you can see some examples Usage nsmcli.py [-h] -u USER -p PASSWORD -nsm NSM_IP [-get_sensors][-get_qhosts][-sensor SENSOR_NAME][-i IP_ADDRESS][-quarantine][-remove] [-t {15,30,45,60,240,480,720,960,999}][--version] Examples of usage Get the list of sensors managed by a Network Security Manager nsmcli.py -u admin -p admin123 -nsm 192.168.0.202 -get_sensors Name ID           Model   Sensor     IP                     SW Ver    Sigset Ver   Active M2750-4pocs   1001     M-2750   192.168.0.203   7.5.3.16   7.6.14.9       1 Get the list of quarantine IPs nsmcli.py -u admin -p admin123 -nsm 192.168.0.202 -get_qhosts Quarantined hosts for M2750-4pocs ...

Hi all, In this post I want to introduce a Powershell script cmdlet that I have written to upload files to a McAfee Advanced Threat Defense box. This is the first time that I write something in Powershell, I have tried to follow the specifications specially in terms of output and binding, in such a way that the files to be uploaded to the ATD box can be piped from a list, external file or another cmdlet and in the same way the cmdlet outputs information in an object format that allows to work on the results obtained from the upload operation. Installation process: The Script can be downloaded from the following link: https://github.com/built4tech/submit-atd The current execution polity of the system where the cmdlet Script is going to be executed must allow the execution of unsigned scripts (Unresricted) If the current policy doesn't allow to execute unsigned scripts, you must change that policy, with the set-execution-policy cmdlet. It is important to n...

McAfee Sandboxing solution is called McAfee Advanced Threat Defense. This solution has a strong API that allows interesting use cases beyond the out of the box integrations that the solution provides. In this post I introduce a python application called atdsubmit.py, this is an unofficial not supported application that can help you understanding how the API works enabling you to build your own use cases. The application is available on  github . In nutshell the application gets through command line parameters the credentials to connect to ATD box and the folder to monitor, then it checks for any file creation event on the monitored folder and submit it to the ATD box. The application is a multi-threaded application with different sets of threads in such a way that every single mayor action is isolated from the rest. The following diagram shows how the application works, colors represent the different sets of threads: This is the help available on the repository: at...

McAfee SIEM has a strong API that allows to interact with the application programatically. This API offers a RESTful interface and its documentation is available in the following URL on a running ESM https://<ESM_IP>/rs/esm/help In this post, through a set of code snippets I will show you how to connect to the ESM API via RESTful and execute different API commands. 1) Initial connection to the API Server In this first code snippet we are authenticating against the API and we obtain a token in the response that we use in order to create an authenticated header that will be used for the rest of API connections. 2) Testing that we have all the authentication parameters needed. Getting the time of the system. In this second code snippet we use the just obtained authentication header in order to get the system time through the available command (essmgtGetESSTime)   3) Getting the version (builtstamp) of the system.   4) Other useful available ...