# McAfee Mvision Cloud APIs

In [9]:
import requests
from requests.auth import HTTPBasicAuth
import json
from credentials import username, password

In [10]:
base_url = 'https://www.myshn.net/{}'

In [11]:
# List of tenants available for the specific credentials
# This happens when a user is associated to multiple tenants

url = base_url.format('shnapi/rest/external/api/v1/groups')
params = '?source=shn.ec.x'
url = url + params

r = requests.get(url, auth=HTTPBasicAuth(username, password))
value = json.loads(r.text)

if r.status_code == 200:
    print('Sucessful Authentication')
    tenant_id = [i['bps-tenant-id'] for i in value if i['company-name'] == 'Skyhigh5608'][0]
    print(f'Default Tenant ID: {tenant_id}')

else:
    print(f'Unsucessful authentication {r.status_code}')

print(value)

Sucessful Authentication
Default Tenant ID: 6F93BFFC-F34A-4D6D-B21E-8550DA6356CF
[{'bps-tenant-id': '6F93BFFC-F34A-4D6D-B21E-8550DA6356CF', 'company-name': 'Skyhigh5608'}, {'bps-tenant-id': '14FE51F8-5394-4F99-A6B6-CF224D618461', 'company-name': 'ISecG'}, {'bps-tenant-id': '57D35E70-8AF6-4391-9376-8CC2547E2762', 'company-name': 'Cesicat_POC'}, {'bps-tenant-id': '0AA1231F-B1CF-4B95-A60D-9054D7616129', 'company-name': 'dmontilla'}]


In [12]:
# Authentication procedure
auth_url = base_url.format('neo/neo-auth-service/oauth/token')
params = '?grant_type=password'
auth_url = auth_url + params

# BPS-TENANT-ID uses  a Default value which in my case is the ID related to the company-name Skyhgh5608, it is suppose that
# we can add this parameter on the header in order to logon to a different tenant, but in my tests I always connect
# to the default one no matters what value I introduce on the BPS-TENANT-ID parameter.
header = {
    'Content-Type': 'application/json',
    'x-auth-username': username,
    'x-auth-password': password,
    'BPS-TENANT-ID': tenant_id
}

r = requests.post(auth_url, headers=header)
value = json.loads(r.text)

if r.status_code == 200:
    print('Sucessful Authentication')
    auth_token = value['access_token']

else:
    print(f'Unsucessful authentication {r.status_code}')

print(value)

Sucessful Authentication
{'access_token': 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3ByaW5nLWJvb3QtYXBwbGljYXRpb24iXSwidGVuYW50TmFtZSI6IlNreWhpZ2g1NjA4IiwidXNlcl9uYW1lIjoiY2FybG9zX211bm96Z2Fycmlkb0BtY2FmZWUuY29tIiwic2NvcGUiOlsicmVhZCIsIndyaXRlIl0sInRlbmFudElEIjo3NzMwNCwiZXhwIjoxNjA1ODYyOTg4LCJ1c2VyIjoiY2FybG9zX211bm96Z2Fycmlkb0BtY2FmZWUuY29tIiwidXNlcklkIjo0MzYwNCwianRpIjoiNTI5ZjYwZGEtNDVjNC00YjEzLTkyZjItNGQ0NmIwYjNkNDJjIiwiZW1haWwiOiJjYXJsb3NfbXVub3pnYXJyaWRvQG1jYWZlZS5jb20iLCJjbGllbnRfaWQiOiJ0cnVzdGVkLWFwcCJ9.BlgrqC26pqfs9DVSZS_7PzzWCxe3Y3uL64_QaKEccwO1-uN0JZkq0YwVOERjY6z2HpxxrnFZJbLun8wdp_pSKvbn6UvNjBFUb9j8SuIKr61ogAlyRqTcDK3S9difhefp_RX5dePabdvJfJq_LpqWz2hVj1IjdiYzI2AK_fgN7mo', 'token_type': 'bearer', 'refresh_token': 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3ByaW5nLWJvb3QtYXBwbGljYXRpb24iXSwidGVuYW50TmFtZSI6IlNreWhpZ2g1NjA4IiwidXNlcl9uYW1lIjoiY2FybG9zX211bm96Z2Fycmlkb0BtY2FmZWUuY29tIiwic2NvcGUiOlsicmVhZCIsIndyaXRlIl0sImF0aSI6IjUyOWY2MGRhLTQ1YzQtNGIxMy05MmYyLTRkND

In [13]:
# AWS Shift left, submit a template for analysis using a Cloud Formation template

# Mvision Cloud supports multiple CSP (currently aws and azure).
# For aws MVision Cloud supports Cloudformation aswell as Terraform templates
# For azure Mvision Cloud supports Resource Manager aswell as Terraform templates
# This exaple uses aws and a Cloud formation template.

CSP = 'aws' 
url = base_url.format('neo/config-audit/devops/v1/scan')
params = f'?service={CSP}'
url = url + params

current_path = os.path.abspath(os.getcwd())
template_path = current_path + os.sep + 'templates' + os.sep + 'aws_s3_lifecycle_violation.json'

# IMPORTANT: As the template that is going to be submitted is open in binary ('rb') don't indicate application/json on the
# header
header = {
    #'Content-Type': 'application/json',
    'x-access-token': auth_token
}
payload = {}

files = [('templateFile', open(template_path, 'rb'))]

r = requests.post(url, headers=header, data=payload, files=files)
value = json.loads(r.text)

if r.status_code == 200:
    if 'Failure' in value['status']:
        print('Template file submitted succesfully, but a failure happens')
    else:
        url_scan_result = value['message']
else:
    print(f'Error submitting template, error code: {r.status_code}')

print(value)


{'file_name': 'aws_s3_lifecycle_violation.json', 'message': 'https://www.myshn.net/neo/config-audit/devops/v1/scan/result/5c4073d4-8025-47f4-8b44-a6fa943fd8db', 'status': 'The request is being processed. Please call the API to get the evaluation result.', 'additional_details': None}


In [16]:
# Check the status of the analysis
header = {
    'Content-Type': 'application/json',
    'x-access-token': auth_token
}


r = requests.get(url_scan_result, headers=header)
value = json.loads(r.text)

if r.status_code == 200:
    if value['status'] == "Submitted" or value['status'] == "In Progress":
        print('Analysis not yet completed')
    elif value['status'] == 'Failure':
        print('Something went wrong during analysis')
    else:
        print('Analysis completed')
        print('{0} violations found on template'.format({value['message']['violation_count']}))
else:
    print('Error checking if analysis was completed')

print(value)

Analysis completed
{4} violations found on template
{'file_name': 'aws_s3_lifecycle_violation.json', 'message': {'file_name': 'aws_s3_lifecycle_violation.json', 'violation_count': 4, 'policies_violated': ['S3 buckets should not be publicly writable', 'S3 buckets should not have unrestricted access', 'MFA Delete should be enabled on S3 buckets', 'S3 buckets should not be world readable']}, 'status': 'Success', 'additional_details': None}
