Deep Security API - Intrusion Prevention Rules - Error

192 views Asked by At

I have a Python API query to gather all the Intrusion Prevention Rules and the ID of the computers associated with each but I get an error after around 14000 records which is :

An exception occurred when calling ComputerIntrusionPreventionRuleDetailsApi.lis t_intrusion_prevention_rules_on_computer: (500) Reason: HTTP response headers: HTTPHeaderDict({'X-Frame-Options': 'SAMEORIGIN', 'X-XSS-P rotection': '1;mode=block', 'Cache-Control': 'no-cache,no-store', 'Pragma': 'no- cache', 'X-DSM-Version': 'Deep Security/12.0.296', 'Content-Type': 'application/ json', 'Content-Length': '35', 'Date': 'Fri, 16 Oct 2020 14:04:02 GMT', 'Connect ion': 'close'}) HTTP response body: {"message":"Internal server error"}

My Script is the following :

# -*- coding: utf-8 -*-
from __future__ import print_function
import sys, warnings
import pymssql
import datetime
import deepsecurity
import json
import requests
import urllib3
from deepsecurity.rest import ApiException
from urllib3.exceptions import InsecureRequestWarning
from pprint import pprint
urllib3.disable_warnings(InsecureRequestWarning)
if not sys.warnoptions:
               warnings.simplefilter("ignore")
configuration = deepsecurity.Configuration()
configuration.host = "Server/api/"


# Authentication
configuration.api_key['api-secret-key'] = 'Key'

# Initialization
# Set Any Required Values
conn = pymssql.connect("localhost","" ,"", "DeepSecurity")
cursor = conn.cursor()
cursor2 = conn.cursor()
api_instance = deepsecurity.ComputerIntrusionPreventionRuleDetailsApi(deepsecurity.ApiClient(configuration))
api_instance2 = deepsecurity.ComputersApi(deepsecurity.ApiClient(configuration))
api_version = 'v1'

overrides = False

try:
        recorddt = datetime.datetime.now()
        api_response2 = api_instance2.list_computers(api_version, overrides=overrides)

        for y in  api_response2.computers:
         
          api_response = api_instance.list_intrusion_prevention_rules_on_computer(y.id,api_version,overrides=overrides)
          for x in  api_response.intrusion_prevention_rules:


         
           strCVE=(x.cve)
           clean_cve=str(strCVE).replace("['", "").replace("']", "").replace("'", "")

           
           
           cursor.executemany("INSERT INTO ip_rules VALUES (%d, %s, %s ,%s,%s) ", [(x.id,x.name,clean_cve,recorddt,y.id)])
           conn.commit()
except ApiException as e:
               print("An exception occurred when calling ComputerIntrusionPreventionRuleDetailsApi.list_intrusion_prevention_rules_on_computer: %s\n" % e)

1

There are 1 answers

1
HsiehYY On

I guess it happened while looping (list_intrusion_prevention_rules_on_computer) with different computer id (as y.id).

Deep Security Manager seems to be able to identify the exception and return 500 Internal server error (and with header information). So, you might want to check if any exceptions in server0.log where you might get some cues.

You also want to identify which computer(s) failed to get prevention rules assigned and retry again.