These scripts will help you trigger events in Cloud One Workload Security
Note: These scripts are provided as-is with no implied support. You are welcome to comment if you find issues, but there's no guarantee on if or when they'll be fixed.
Before running these scripts, ensure you have the following:
-
A Cloud One Workload Security Account
-
A Ubuntu 18.04, Redhat 8, Amazon Linux or Windows Server
-
The system under test must have:
- python3
- python3-pip
- git
- curl
- wget
- netcat (Linux Only)
- unzip
sudo yum install -y python3 python3-pip git curl unzip wget jq
or
sudo apt install -y python3 python3-pip git curl unzip wget jq
-
You have installed the agent on the system and activated it in your Cloud One Workload Security console. For this step, you can use the code provided if you have an API Key generated from within the Cloud One console. If you don't have an API Key, refer to the Help Docs here - https://cloudone.trendmicro.com/docs/workload-security/api-cookbook-set-up/#create-an-api-key
export WorkloadSecurityApiKey=<Your API Key>
curl -L -X POST 'https://app.deepsecurity.trendmicro.com/api/agentdeploymentscripts'
-H 'Content-Type: application/json'
-H 'api-version: v1'
-H 'apiSecretKey: '"${WorkloadSecurityApiKey}"''
--data-raw '{
"platform": "linux",
"validateCertificateRequired": false,
"validateDigitalSignatureRequired": false,
"activationRequired": true,
"policyID": 432
}' | jq --raw-output .scriptBody > ~/dsa_deploy.sh
chmod +x ~/dsa_deploy.sh
sudo bash ~/dsa_deploy.sh
rm ~/dsa_deploy.sh # Optional Step
-
The files from this repository
-
Download these files and put them in a directory on the system under test
git clone https://github.com/GeorgeDavis-TM/cloudOneWorkloadSecurityDemo.git
-
-
The Python SDK for Deep Security/Cloud One Workload Security
-
Download the SDK from: https://automation.deepsecurity.trendmicro.com/sdk/20_0/v1/dsm-py-sdk.zip and put it in the same folder as the files you just downloaded
wget -P ~ https://automation.deepsecurity.trendmicro.com/sdk/20_0/v1/dsm-py-sdk.zip
-
Unzip the file
unzip ~/dsm-py-sdk.zip
-
Install the sdk dependencies from within the directory:
sudo python3 -m pip install .
or
sudo pip3 install .
-
-
Add the API Key to the
config.json
file-
Find the line
"apiSecretKey" = "<Your API Key>"
-
Change
<Your-API-Key>
to your actual API key. If you don't have an API Key, refer to the Help Docs here - https://cloudone.trendmicro.com/docs/workload-security/api-cookbook-set-up/#create-an-api-key -
Once you've added your API Key, save the file.
or
cd cloudOneWorkloadSecurityDemo
sed -i 's/<Your API Key>/'${WorkloadSecurityApiKey}'/g' config.json
-
-
Install python script dependencies using the requirements.txt file.
pip3 install -r requirements.txt
-
Configure your
config.json
file if you need to run in quiet mode.
Fields | Type | Description | Required? |
---|---|---|---|
tests |
List | Contains all the different tests you can run from this utility. Valid list items are ["Anti-Malware", "Intrusion Prevention", "Integrity Monitoring", "Web Reputation", "Log Inspection", "Application Control", "Docker Anti-Malware"] or simply ["All Tests"] |
Yes |
policyName |
String | The policy that is targeted for a demo attack | Yes |
hostName |
String | The exact hostname of the instance targeted | Yes |
confirmation |
Boolean | Override input confirmation to run the tests | Yes (for Quiet mode) |
dsmHost |
String | Cloud One Workload Security / Deep Security Manager URL (Default: https://cloudone.trendmicro.com:443 ) |
Optional. Used only for non-SaaS DSM tests |
apiSecretKey |
String | Cloud One Workload Security / Deep Security API Key. You can create an API Key using these instructions - https://cloudone.trendmicro.com/docs/workload-security/api-cookbook-set-up/#create-an-api-key | Yes |
- Now you can run the script using
python3 cloud_one_workload_security_demo.py
GitHub Repository Name | Description |
---|---|
WorkloadSecurityConnector-AWS | Automation scripts to setup the AWS Connector on Trend Micro Cloud One Workload Security / Deep Security (On-Prem on AWS) |
WorkloadSecurity-AWS-SNS | Setup Event forwarding with AWS SNS to build custom rules and workflow based on detection events |