Skip to main content

How to blacklist IPs on McAfee Network Security Platform

Python script that allows to blacklist IPs on McAfee Network Security Platform.

The uses is quite straightforward, bellow you can see some examples

Usage

nsmcli.py [-h] -u USER -p PASSWORD -nsm NSM_IP [-get_sensors][-get_qhosts][-sensor SENSOR_NAME][-i IP_ADDRESS][-quarantine][-remove] [-t {15,30,45,60,240,480,720,960,999}][--version]

Examples of usage

  1. Get the list of sensors managed by a Network Security Manager

    nsmcli.py -u admin -p admin123 -nsm 192.168.0.202 -get_sensors

    Name ID           Model   Sensor     IP                     SW Ver    Sigset Ver   Active
    M2750-4pocs   1001     M-2750   192.168.0.203   7.5.3.16   7.6.14.9       1
  2. Get the list of quarantine IPs
    nsmcli.py -u admin -p admin123 -nsm 192.168.0.202 -get_qhosts
    Quarantined hosts for M2750-4pocs
    IP Address   Time (Milliseconds)

    123.1.1.1      1375816982000
    124.1.1.1      1375818027000
  3. Set ip address 10.10.10.100 to quarantine during the default period of time

    nsmcli.py -u admin -p admin123 -nsm 192.168.0.202 -i 10.10.10.100 -quarantine
    Sensor M2750-4pocs IP 10.10.10.100 quarantine for FIFTEEN_MINUTES
  4. Remove ip address 10.10.10.100 from quarantine

    nsmcli.py -u admin -p admin123 -nsm 192.168.0.202 -i 10.10.10.100 -remove
    Sensor M2750-4pocs IP 10.10.10.100 removed from quarantine
  5. Set ip address 10.10.10.100 to quarantine during 45 minutes, get the list of sensors managed by te Network Security Manager and get the list of quarantine IP from sensor M2750-4pocs
    nsmcli.py -u admin -p admin123 -nsm 192.168.0.202 -i 10.10.10.101 -quarantine -t 45 -get_sensors -get_qhosts -sensor M2750-4pocs
    Sensor M2750-4pocs IP 10.10.10.101 quarantine for FORTYFIVE_MINUTES
    Name ID           Model   Sensor     IP                      SW Ver   Sigset Ver   Active
    M2750-4pocs   1001     M-2750    192.168.0.203   7.5.3.16   7.6.14.9      1
    Quarantined hosts for M2750-4pocs
    IP Address      Time (Milliseconds)
    123.1.1.1         1375816982000
    124.1.1.1         1375818027000
    10.10.10.100   1375818561000
    10.10.10.101   1375818608000
  6. Remove IP address 10.10.10.100 from quarantine, get the list of managed sensors and the list of quarantine IPs on sensor M2750-4pocs
    nsmcli.py -u admin -p admin123 -nsm 192.168.0.202 -i 10.10.10.100 -remove -get_sensors -get_qhosts -sensor M2750-4pocs
    Sensor M2750-4pocs IP 10.10.10.100 removed from quarantine
    Name ID           Model   Sensor     IP                    SW Ver   Sigset Ver   Active
    M2750-4pocs 1  001     M-2750   192.168.0.203  7.5.3.16  7.6.14.9       1
    Quarantined hosts for M2750-4pocs
    IP Address      Time (Milliseconds)
    123.1.1.1         1375816982000
    124.1.1.1         1375818027000
    10.10.10.101   1375818608000
    10.10.10.102   1375818798000
    10.10.10.103   1375818860000

You can get access to the code on https://github.com/built4tech/nsmcli
Labels:

Comments

  1. galiabacakNovember 7, 2022 at 10:51 AM

    Unfortunately, is not a|there is not any} trick to ensure that|to make sure that} you win each game you play at 소울카지노 one of the best roulette apps. However, many online avid gamers believe that methods such because the reverse Martingale strategy will enhance your odds. To help you get began, we’ve put collectively slightly more information about every beneath.

    ReplyDelete

Post a Comment

Popular posts from this blog

Working with McAfee SIEM API

McAfee SIEM has a strong API that allows to interact with the application programatically. This API offers a RESTful interface and its documentation is available in the following URL on a running ESM https://<ESM_IP>/rs/esm/help In this post, through a set of code snippets I will show you how to connect to the ESM API via RESTful and execute different API commands. 1) Initial connection to the API Server In this first code snippet we are authenticating against the API and we obtain a token in the response that we use in order to create an authenticated header that will be used for the rest of API connections. 2) Testing that we have all the authentication parameters needed. Getting the time of the system. In this second code snippet we use the just obtained authentication header in order to get the system time through the available command (essmgtGetESSTime)   3) Getting the version (builtstamp) of the system.   4) Other useful available ...
2 comments
Read more

Demonstrating Wannacry kill switch with McAfee Active Response

In this video, you can see the how Wannacry works, specifically the killswitch. Basically a system affected by Wannacry tries to connect to the killswitch link, if it does the infection stops and the system does't get infected or the malware propagated. During the video  I modified the killswith to point to localhost in order to demonstrate how the systems reacts when the killswitch server is not available. The solution used during this video is McAfee Active Response (MAR), this solution is McAfee Endpoint Detection and Response (EDR) able to trace the activity done by the endpoint when a suspicious file is executed.  McAfee Active Response uses Open Data Exchange Layer (DxL) to share endpoint trace information and execute live search queries.
Post a Comment
Read more