Get best of the week

Kaspersky Security Center - New Level

On Habr there were already a couple of notes about automation of Kaspersky Security Center (KSC)


Here and here


Today, I suggest diving a little deeper and moving to a new level. Use: KSC Open API for Kaspersky Security Center 10+.


To monitor the status, the distribution of new workstations into groups, I had to use the Management Console to generate reports, it has extensive functionality, but its speed of operation leaves much to be desired.


And the appearance of support for the Open API was like a breath of fresh air, and immediately it was decided to use this solution, and as usual, a library was written in Go's favorite programming language that allowed access to the KSC server using the API it provided.


To use the package in our project, as usual, we need to get it:


go get -u github.com/pixfid/go-ksc/kaspersky


Import the package into the created project.


import (
    "github.com/pixfid/go-ksc/kaspersky"
)

We create a new client for working with the KSC server


func main() {
    ctx := context.Background()
        cfg := kaspersky.Config { //    
              Username: "login",
              Password: "password",
              Server: fmt.Sprintf(`https://%s:%s`, "ip", "port"),
        }

    client := kaspersky.New(cfg) //  
    client.KSCAuth(ctx) //
}

Authorization is simple, POSTan endpoint request /api/v1.0/login, with setting request headers:


Authorization: KSCBasic user=base64(login),pass=base64(pass)
X-KSC-VServer: x
Content-Length:2


If successful, the server will return: {}


, , accessor , requestId .


:


\ , , github.


:


func GetAllGroups(ctx context.Context, client *kaspersky.Client) *FullGroupsInfos {
    groups := &FullGroupsInfos{} //    .

    groupParam := kaspersky.HGParams{
        WstrFilter: `
        (&
            (!"KLGRP_CHLDHST_CNT" = 0)
            (!"grp_from_unassigned" = true)
        )`,
        VecFieldsToReturn: []string{
            "id",
            "name",
            "grp_full_name",
            "creationDate",
            "KLGRP_CHLDHST_CNT",
            "KLSRV_HSTSTAT_CRITICAL",
            "KLSRV_HSTSTAT_WARNING",
        },
        PParams: kaspersky.PParams{
            KlsrvhSlaveRecDepth:    0,
            KlgrpFindFromCurVsOnly: true,
        },
        LMaxLifeTime: 100,
    }

    accessor, _, _ := client.HostGroup.FindGroups(ctx, groupParam) //  
    count, _, _ := client.ChunkAccessor.GetItemsCount(ctx, accessor.StrAccessor) //     

    _, _ = client.ChunkAccessor.GetItemsChunk(ctx, kaspersky.ItemsChunkParams{
        StrAccessor: accessor.StrAccessor,
        NStart:      0,
        NCount:      count.Int,
    } , groups) //    
    client.ChunkAccessor.Release(ctx, accessor.StrAccessor) // 

    return groups
}

, API []byte, inteface{} .


:


{
  "pChunk" : {
    "KLCSP_ITERATOR_ARRAY" : [
      {
        "type" : "params",
        "value" : {
          "KLGRP_CHLDHST_CNT" : 1,
          "creationDate" : {
            "type" : "datetime",
            "value" : "2020-03-13T18:48:43Z"
          },
          "grp_full_name" : " /Broken/",
          "id" : 160,
          "name" : "Broken"
        }
      }
    ]
  },
  "PxgRetVal" : 1
}

:


ts, _, _ := client.Tasks.GetAllTasksOfHost(ctx, "domain.name", "d7f6c44c-6743-416d-81b3-343e464f1ec9")

d7f6c44c-6743-416d-81b3-343e464f1ec9 , KSC


:
{ "PxgRetVal": ["101", "117", "118", "192"] }


(, , ) .


func (ts *Tasks) SuspendTask(ctx context.Context, strTask string) ([]byte, error)
func (ts *Tasks) ResumeTask(ctx context.Context, strTask string) ([]byte, error)
func (ts *Tasks) RunTask(ctx context.Context, strTask string) ([]byte, error)
func (ts *Tasks) DeleteTask(ctx context.Context, strTask string) ([]byte, error)


API, KSC 10, KSC 12.


GitHub


.
C.

More articles:


All Articles