-
Notifications
You must be signed in to change notification settings - Fork 25
/
O365WebServiceParser.py
executable file
·387 lines (293 loc) · 13.4 KB
/
O365WebServiceParser.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
# NOTE: this is a Proof of Concept script, please test before using in production!
# Copyright (c) 2018 Cisco and/or its affiliates.
# This software is licensed to you under the terms of the Cisco Sample
# Code License, Version 1.0 (the "License"). You may obtain a copy of the
# License at
# https://developer.cisco.com/docs/licenses
# All use of the material herein must be in accordance with the terms of
# the License. All rights not expressly granted by the License are
# reserved. Unless required by applicable law or agreed to separately in
# writing, software distributed under the License is distributed on an "AS
# IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
# or implied.
import getpass
import json
import os
import requests
import sys
import datetime
import time
import uuid
import ciscosparkapi
# import supporting functions from additional file
from Firepower import Firepower
# Config Paramters
CONFIG_FILE = "config.json"
CONFIG_DATA = None
# Object Prefix
OBJECT_PREFIX = ""
# A function to load CONFIG_DATA from file
def loadConfig():
global CONFIG_DATA
sys.stdout.write("\n")
sys.stdout.write("Loading config data...")
sys.stdout.write("\n")
# If we have a stored config file, then use it, otherwise create an empty one
if os.path.isfile(CONFIG_FILE):
# Open the CONFIG_FILE and load it
with open(CONFIG_FILE, 'r') as config_file:
CONFIG_DATA = json.loads(config_file.read())
sys.stdout.write("Config loading complete.")
sys.stdout.write("\n")
sys.stdout.write("\n")
else:
sys.stdout.write("Config file not found, loading empty defaults...")
sys.stdout.write("\n")
sys.stdout.write("\n")
# Set the CONFIG_DATA defaults
CONFIG_DATA = {
"FMC_IP": "",
"FMC_USER": "",
"FMC_PASS": "",
"IP_UUID": "",
"URL_UUID": "",
"SERVICE": False,
"SSL_VERIFY": False,
"SSL_CERT": "/path/to/certificate",
"AUTO_DEPLOY": False,
"VERSION": 0,
"WEBEX_ACCESS_TOKEN": "",
"WEBEX_ROOM_ID": "",
}
# A function to store CONFIG_DATA to file
def saveConfig():
sys.stdout.write("Saving config data...")
sys.stdout.write("\n")
with open(CONFIG_FILE, 'w') as output_file:
json.dump(CONFIG_DATA, output_file, indent=4)
# A function to deploy pending policy pushes
def DeployPolicies(fmc):
# Get pending deployments
pending_deployments = fmc.getPendingDeployments()
# Setup a dict to hold our deployments
deployments = {}
# See if there are pending deployments
if pending_deployments['paging']['count'] > 0:
# Iterate through pending deployments
for item in pending_deployments['items']:
# Only get ones that can be deployed
if item['canBeDeployed']:
# Only get ones that don't cause traffic interruption
if item['trafficInterruption'] == "NO":
# If there are multiple devices, append them
if item['version'] in deployments:
device_list = deployments[item['version']]
device_list.append(item['device']['id'])
deployments[item['version']] = device_list
else:
deployments[item['version']] = [item['device']['id']]
# Build JSON for each of our deployments
for version, devices in deployments.items():
deployment_json = {
"type": "DeploymentRequest",
"version": version,
"forceDeploy": False,
"ignoreWarning": True,
"deviceList": devices,
}
fmc.postDeployments(deployment_json)
sys.stdout.write("All pending deployments have been requested.\n")
else:
sys.stdout.write("There were zero pending deployments.\n")
# Function that can be used to schedule the O365WebServiceParser to refresh at intervals. Caution: this creates an infinite loop.
# Takes the O365WebServiceParser function and the interval as parameters.
def intervalScheduler(function, interval):
# user feedback
sys.stdout.write("\n")
sys.stdout.write("O365 Web Service Parser will be refreshed every %d seconds. Please use ctrl-C to exit.\n" %interval)
sys.stdout.write("\n")
# interval loop, unless keyboard interrupt
try:
while True:
function()
# get current time, for user feedback
date_time = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
sys.stdout.write("\n")
sys.stdout.write("[%s] O365 Web Service Parser executed by IntervalScheduler, current interval is %d seconds. Please use ctrl-C to exit.\n" % (date_time, interval))
sys.stdout.write("\n")
# sleep for X amount of seconds and then run again. Caution: this creates an infinite loop to check the Web Service Feed for changes
time.sleep(interval)
# handle keyboard interrupt
except (KeyboardInterrupt, SystemExit):
sys.stdout.write("\n")
sys.stdout.write("\n")
sys.stdout.write("Exiting... O365 Web Service Parser will not be automatically refreshed anymore.\n")
sys.stdout.write("\n")
sys.stdout.flush()
pass
# function to parse the Web Service, so that it can be called iteratively (e.g by the scheduler function)
def WebServiceParser():
# Instantiate a Firepower object
fmc = Firepower(CONFIG_DATA)
# If there's no defined Network Object, make one, then store the UUID - else, get the current object
if CONFIG_DATA['IP_UUID'] is '':
# Create the JSON to submit
object_json = {
'name': OBJECT_PREFIX + 'O365_Web_Service_IPs',
'type': 'NetworkGroup',
'overridable': True,
}
# Create the Network Group object in the FMC
ip_group_object = fmc.createObject('networkgroups', object_json)
# Save the UUID of the object
CONFIG_DATA['IP_UUID'] = ip_group_object['id']
saveConfig()
else:
# Get the Network Group object of the specified UUID
ip_group_object = fmc.getObject('networkgroups', CONFIG_DATA['IP_UUID'])
# If there's no defined URL Object, make one, then store the UUID
if CONFIG_DATA['URL_UUID'] is '':
# Create the JSON to submit
object_json = {
'name': OBJECT_PREFIX + 'O365_Web_Service_URLs',
'type': 'UrlGroup',
'overridable': True,
}
# Create the URL Group object in the FMC
url_group_object = fmc.createObject('urlgroups', object_json)
# Save the UUID of the object
CONFIG_DATA['URL_UUID'] = url_group_object['id']
saveConfig()
else:
# Get the URL Group object of the specified UUID
url_group_object = fmc.getObject('urlgroups', CONFIG_DATA['URL_UUID'])
# Get the latest version of the loaded feed
latestVersion = CONFIG_DATA['VERSION']
# create GUID for GET requests
clientRequestId = str(uuid.uuid4())
# URL needed to check latest version
webServiceVersionURL = "https://endpoints.office.com/version?clientrequestid="
# assemble URL for get request for version
getURLVersion = webServiceVersionURL + clientRequestId
# do GET request
reqVersion = requests.get(getURLVersion)
# grab output in JSON format
version = reqVersion.json()
# loop through version list and grab Wordwide list version
for element in version:
if(element['instance'] == 'Worldwide'):
newVersion = int(element['latest'])
# if the version did not change, the Web Service feed was not updated.
if(newVersion == latestVersion):
# user feed back
sys.stdout.write("\n")
sys.stdout.write("Web Service List has NOT been updated since the last load, no update needed!\n")
sys.stdout.write("\n")
# check if there is a newer version
if(newVersion > latestVersion):
# update version and save the config
CONFIG_DATA['VERSION'] = newVersion
# user feedback
sys.stdout.write("\n")
sys.stdout.write("New version of Office 365 worldwide commercial service instance endpoints detected: %(version)s" % {'version': CONFIG_DATA['VERSION']})
sys.stdout.write("\n")
### PARSE JSON FEED ###
# URL needed for the worldwide web service feed
webServiceURL = "https://endpoints.office.com/endpoints/worldwide?clientrequestid="
# assemble URL for get request
getURL = webServiceURL + clientRequestId
# do GET request
req = requests.get(getURL)
# initiate lists to be filled with addresses
URL_List = []
IP_List = []
# error handling if true then the request was HTTP 200, so successful
if(req.status_code == 200):
# grab output in JSON format
output = req.json()
# iterate through each 'item' in the JSON data
for item in output:
# make sure URLs exist in the item
if 'urls' in item:
# iterate through all URLs in each item
for url in item['urls']:
# remove asterisks to put URLs into Firepower format
# (https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118852-technote-firesight-00.html#anc14)
url = url.replace('*','')
# if the URL hasn't already been appended, then append it
if url not in URL_List:
URL_List.append(url)
# make sure IPs exist in the item
if 'ips' in item:
# iterate through all IPs in each item
for ip in item['ips']:
# if the IP hasn't already been appended, then append it
if ip not in IP_List:
IP_List.append(ip)
# Reset the fetched Network Group object to clear the 'literals'
ip_group_object['literals'] = []
ip_group_object.pop('links', None)
# Add all the fetched IPs to the 'literals'of the Network Group object
for ip_address in IP_List:
ip_group_object['literals'].append({'type': 'Network', 'value': ip_address})
# Update the NetworkGroup object
fmc.updateObject('networkgroups', CONFIG_DATA['IP_UUID'], ip_group_object)
# Reset the fetched URL Group object to clear the 'literals'
url_group_object['literals'] = []
url_group_object.pop('links', None)
# Add all the fetched URLs to the 'literals' of the URL Group object
for url in URL_List:
url_group_object['literals'].append({'type': 'Url', 'url': url})
# Update the UrlGroup object
fmc.updateObject('urlgroups', CONFIG_DATA['URL_UUID'], url_group_object)
# user feed back
sys.stdout.write("\n")
sys.stdout.write("Web Service List has been successfully updated!\n")
sys.stdout.write("\n")
saveConfig()
# If the user wants us to deploy policies, then do it
if CONFIG_DATA['AUTO_DEPLOY']:
DeployPolicies(fmc)
# if Webex Teams tokens set, then send message to Webex room
if CONFIG_DATA['WEBEX_ACCESS_TOKEN'] is '' or CONFIG_DATA['WEBEX_ROOM_ID'] is '':
# user feed back
sys.stdout.write("Webex Teams not set.\n")
sys.stdout.write("\n")
else:
# adjust the Webex message based on the config
if CONFIG_DATA['AUTO_DEPLOY']:
message_text = "Microsoft Office 365 objects have been successfully updated! Firepower policy deployment was initiated..."
else:
message_text = "Microsoft Office 365 objects have been successfully updated! Firepower policy deployment is required."
# instantiate the Webex handler with the access token
webex = ciscosparkapi.CiscoSparkAPI(CONFIG_DATA['WEBEX_ACCESS_TOKEN'])
# post a message to the specified Webex room
message = webex.messages.create(CONFIG_DATA['WEBEX_ROOM_ID'], text=message_text)
##############END PARSE FUNCTION##############START EXECUTION SCRIPT##############
if __name__ == "__main__":
# Load config data from file
loadConfig()
# If not hard coded, get the FMC IP, Username, and Password
if CONFIG_DATA['FMC_IP'] is '':
CONFIG_DATA['FMC_IP'] = input("FMC IP Address: ")
if CONFIG_DATA['FMC_USER'] is '':
CONFIG_DATA['FMC_USER'] = input("FMC Username: ")
if CONFIG_DATA['FMC_PASS'] is '':
CONFIG_DATA['FMC_PASS'] = getpass.getpass("FMC Password: ")
# Save the FMC data
saveConfig()
try:
if CONFIG_DATA['SERVICE']:
# Calls the intervalScheduler for automatic refreshing (pass O365WebServiceParser function and interval in seconds (1 hour = 3600 seconds))
intervalScheduler(WebServiceParser, 3600) #set to 1 hour
else:
# Execute O365WebServiceParser just once
WebServiceParser()
except (KeyboardInterrupt, SystemExit):
sys.stdout.write("\n")
sys.stdout.write("\n")
sys.stdout.write("Exiting...\n")
sys.stdout.write("\n")
sys.stdout.flush()
pass
# end of script