### Table of Contents <a class="anchor" id="mainMenu"></a>

* [Chapter 1 - Introduction](#chapter1)
    * [1.1 - Logging Info, getting Help & Using Magics](#section_1_1)
    * [1.2 - Using ConnectAppGen](#section_1_2)
    * [1.3 - Packaging your ConnectApp](#section_1_3)
        
* [Chapter 2 - API Test Script](#chapter2)
    * [2.1. Preparing your Input Parameters](#section_2_1)
    * [2.2. Testing your API](#section_2_2)
    * [2.3. Final Test Script](#section_2_3)

* [Chapter 3 - API Resolve Script](#chapter3)
    * [3.1. Preparing your Input Parameters](#section_3_1)
    * [3.2. Static Resolve Script](#section_3_2)
    * [3.3. Resolving Parameters from your API](#section_3_3)
    * [3.4. Handling Exceptions](#section_3_4)
    * [3.5. Final Resolve Script](#section_3_5)

* [Chapter 4 - Action API Script](#chapter4)
    * [4.1. Preparing your Input Parameters](#section_4_1)
    * [4.2. Pushing Information to your API](#section_4_2)
    * [4.3. Final Action Script](#section_4_3)
* [Appendix A - Commands on Forescout Platform](#appendixA)

## Chapter 1 - Introduction <a class="anchor" id="chapter1"></a>

### 1.1. Logging Info, getting Help & Using Magics<a class="anchor" id="section_1_1"></a>
#### Set logging to INFO to see what will be logged to python_logs afterwards (during Development)

In [None]:
import logging

# by default: >= wraning (incl. error / critical) are showed. 
logging.debug('debug message')
logging.info('info message')
logging.warning('warn message')
logging.error('error message')
logging.critical('critical message')

In [None]:
logging.basicConfig()
logger = logging.getLogger()
#logger.setLevel(logging.INFO)
logger.setLevel(logging.DEBUG) # similar to fstool connect_module debug 5 10h

In [None]:
# given logger level is DEBUG - we are going to see all messages logged from : Debug, info, wan / error / critical. 
logging.debug('debug message')
logging.info('info message')
logging.warning('warn message')
logging.error('error message')
logging.critical('critical message')

In [None]:
# Getting Module methods

# import module
import urllib

# use dir(<module_name>)
dir(urllib)

In [None]:
# Get methods of request sub-mobulde 
dir(urllib.request)

In [None]:
# Get version of urllib.request sub-module
urllib.request.__version__

In [None]:
# Getting Help! - using ? , ??
urllib.request.Request??

In [None]:
# Getting help via help command
help(urllib.request.urlopen)

More information about urllib.request: https://docs.python.org/3/library/urllib.request.html 

### Magics 
Let's see some Magic: 
- Magics are specific to and provided by the IPython kernel. 
https://ipython.readthedocs.io/en/stable/interactive/magics.html

In [None]:
#%%writefile wfile.py
print("Hello World!")

In [None]:
! ls wfile.py

In [None]:
! python3 wfile.py

In [None]:
! rm wfile.py

[Back to Table of Contents](#mainMenu)

### 1.2. Using connectAppGen <a class="anchor" id="section_1_2"></a>

In [None]:
yamlInputFile = 'm3sp.yaml'

In [None]:
! cat {yamlInputFile}

In [None]:
! python3 generator.py {yamlInputFile}

[Back to Table of Contents](#mainMenu)

### 1.3. Packaging your ConnectApp <a class="anchor" id="section_1_3"></a>

In [None]:
folderName = 'm3sp_1.0.0'
testScript = f'{folderName}/m3sp_test.py'
resolveScript = f'{folderName}/m3sp_resolve.py'
actionScript = f'{folderName}/m3sp_send_data.py'

! ls {folderName}

In [None]:
#! cat {testScript}
#! cat {resolveScript}
#! cat {actionScrtip}

In [None]:
# Package the connectApp by Zipping the connectApp folderName 

! python3 -m zipfile -c {folderName}.zip {folderName}/

In [None]:
! ls -l {folderName}.zip

[Back to Table of Contents](#mainMenu)

### 2.  API Test Script <a class="anchor" id="chapter2"></a>

## 2.1. Preparing your Input Parameters <a class="anchor" id="section_2_1"></a>

In [None]:
! cat {testScript}

In [None]:
params = {}
# Panel Params
params['connect_m3sp_url'] = 'http://10.0.1.3:3000'
params['connect_m3sp_username'] = 'forescout'
params['connect_m3sp_passsword'] = '4Scout123'

m3sp_to_ct_props_map = {
     "department" : "connect_m3sp_department", 
     "description" : "connect_m3sp_description"  
}

In [None]:
params

In [None]:
params['connect_m3sp_url']

In [None]:
response = {}

properties = {}

properties[m3sp_to_ct_props_map['department']] = 'HR'
properties[m3sp_to_ct_props_map['description']] = 'Human Resources'
response['properties'] = properties

In [None]:
response

[Back to Table of Contents](#mainMenu)

## 2.2. Testing your API <a class="anchor" id="section_2_2"></a>

In [None]:
import urllib.request
import logging

In [None]:
# Server configuration fields will be available in the 'params' dictionary.
logging.info('===>Starting m3sp Test Script')

base_url = params['connect_m3sp_url']

headers = {
    'Content-Type': "application/json",
    'charset': 'utf-8',
    'User-Agent': "FSCT/1.16.2020"
    }

In [None]:
request = urllib.request.Request(base_url, headers=headers)
resp = urllib.request.urlopen(request)

In [None]:
# What do you think is the type of response? 

type(resp)

In [None]:
resp.getcode()

In [None]:
resp.getheaders()

In [None]:
resp.read()

In [None]:
resp.msg

In [None]:
response = {}

In [None]:
if resp.getcode() == 200:
    response['succeeded'] = True
    response['result_msg'] = 'Successfully connected.'
else:
    response['succeeded'] = False
    response['result_msg'] = 'Could not connect to m3sp Server'

logging.info('===>Ending m3sp Test Script')

In [None]:
response

## 2.3. Consolidated Test Script <a class="anchor" id="section_2_3"></a>

In [None]:
#%%writefile {testScript}

import urllib.request
import logging

logging.info('===>Starting m3sp Test Script')

base_url = params['connect_m3sp_url']

headers = {
    'Content-Type': "application/json",
    'charset': 'utf-8',
    'User-Agent': "FSCT/1.16.2020"
    }

request = urllib.request.Request(base_url, headers=headers)
resp = urllib.request.urlopen(request)

msg_resp = str(resp.read())
logging.info(f'===>Received Message: {msg_resp}')

# Return the 'response' dictionary, must have a 'succeded' field.
response = {}

if resp.getcode() == 200:
    response['succeeded'] = True
    response['result_msg'] = 'Successfully connected.'
else:
    response['succeeded'] = False
    response['result_msg'] = 'Could not connect to m3sp Server'

logging.info('===>Ending m3sp Test Script')

In [None]:
response

In [None]:
# Now build the first Distribution of the m3sp App - and use Test in Forescout ConnectApp  
! python3 -m zipfile -c {folderName}.zip {folderName}/

[Back to Table of Contents](#mainMenu)

## Chapter 3 - API Resolve Script <a class="anchor" id="chapter3"></a>

## 3.1. Preparing your Input Parameters <a class="anchor" id="section_3_1"></a>

In [None]:
params = {}
# Panel Params
params['connect_m3sp_url'] = 'http://10.0.1.3:3000'
params['connect_m3sp_username'] = 'forescout'
params['connect_m3sp_password'] = '4Scout123'
params['mac'] = '11aa33bb55cc'

m3sp_to_ct_props_map = {
     "department" : "connect_m3sp_department", 
     "description" : "connect_m3sp_description"  
}

[Back to Table of Contents](#mainMenu)

## 3.2. Static Resolve Script <a class="anchor" id="section_3_2"></a>

In [None]:
params

In [None]:
'mac' in params

In [None]:
#%%writefile {resolveScript}
import logging

logging.info("=======>>>>>Starting sample resolve Script.")

m3sp_to_ct_props_map = {
    "department": "connect_m3sp_department",
    "description": "connect_m3sp_description"
}

if "mac" in params:
    logging.info("=======>>>>>Resolving mac address: " + params["mac"])

response = {}
properties = {}

properties[m3sp_to_ct_props_map['department']] = "Marketing"
properties[m3sp_to_ct_props_map['description']] = f'Asset with mac:{params["mac"]} in Marketing.'

response["properties"] = properties

logging.info("=======>>>>> m3sp properties returned: {}".format(properties))

In [None]:
response

In [None]:
# Now build the second Distribution of the m3sp App - and use properties Resolve via Forescout Policy Engine
! python3 -m zipfile -c {folderName}.zip {folderName}/

[Back to Table of Contents](#mainMenu)

## 3.3. Resolving Parameters from your API <a class="anchor" id="section_3_3"></a>

In [None]:
import urllib.request
import logging
import json 

In [None]:
logging.info("=======>>>>>Starting Live resolve Script.")

base_url = params['connect_m3sp_url']

payload = {
    'username' : params['connect_m3sp_username'],
    'password' : params['connect_m3sp_password']
    }

headers = {
    'Content-Type': "application/json",
    'charset': 'utf-8',
    'User-Agent': "FSCT/1.16.2020"
    }

In [None]:
# Original Payload is a dictionary - we need to Serialize it to bytes-string
payload

In [None]:
# Serialize payload Object to a JSON formatted ``str``.
# using json.dumps to convert dict to 'str' and json.loads to convert 'str' back to dict.
json.dumps(payload)

In [None]:
# Convert String to bytes-string - with utf-8 encoding.
bytes(json.dumps(payload), encoding="utf-8")

In [None]:
request = urllib.request.Request(base_url + '/api/authenticate', headers=headers, \
                                 data=bytes(json.dumps(payload), encoding="utf-8"))

In [None]:
resp = urllib.request.urlopen(request)

In [None]:
resp.getcode()

In [None]:
bResponse = resp.read()
bResponse

In [None]:
type(bResponse)

In [None]:
# json.loads: Deserialize a string or bytes-string containing a serialized JSON document, to a Python object.
json.loads(bResponse)

In [None]:
jwt_token = json.loads(bResponse)['token']
jwt_token

In [None]:
# Device headers with the authorization token
device_headers = {
    'Content-Type': "application/json",
    'charset': 'utf-8',
    'User-Agent': "FSCT/1.16.2020",
    'Authorization': 'Bearer ' + str(jwt_token)
    }

In [None]:
params

In [None]:
'mac' in params

In [None]:
mac_addr = params['mac']
mac_addr

In [None]:
request = urllib.request.Request(base_url + '/api/getdevice/' + mac_addr, headers=device_headers)

In [None]:
request.full_url

In [None]:
request.headers

In [None]:
resp = urllib.request.urlopen(request)

In [None]:
resp_data = resp.read()

In [None]:
resp_data

In [None]:
resp_dict = json.loads(resp_data)
resp_dict[0]

In [None]:
resp_dict[0]['department']

In [None]:
for k, v in resp_dict[0].items():
    if k in m3sp_to_ct_props_map:
        properties[m3sp_to_ct_props_map[k]] = v

In [None]:
properties

In [None]:
response = {}
response['properties'] = properties

In [None]:
# How to tell Forescout Platform that an Error has occured? 

response["error"] = "=======>>>>>m3sp: No mac address to query."

# always good practice to log the errors too.. 
logging.info(response["error"])

[Back to Table of Contents](#mainMenu)

## 3.4. Handling Exceptions <a class="anchor" id="section_3_4"></a>

In [None]:
# How to handle Exceptions?
invalid_request = 1/0

In [None]:
# if you know the Error Types - implement exception handling for "ZeroDivisionError"
try:
    invalid_request = 1/0
except ZeroDivisionError as z: 
    print(f"{z}: Exception was received!\n")

In [None]:
# or use generic Error Handling - at least to be graceful handling 
try:
    invalid_request = 1/0
except: 
    print(f"Something went wrong!")

In [None]:
# https://docs.python.org/3/library/urllib.error.html

from urllib.request import HTTPError, URLError

try:
    request = urllib.request.Request(base_url + '/api/authenticate123', headers=headers, \
                                 data=bytes(json.dumps(payload), encoding="utf-8"))
    resp = urllib.request.urlopen(request)
    
except HTTPError as e: 
    print(f"HTTPError was received!\n{e}")

In [None]:
# Handling Multiple types of exceptions: 

from urllib.request import HTTPError, URLError
try:
    request = urllib.request.Request(base_url + '/api/authenticate123', headers=headers, \
                                 data=bytes(json.dumps(payload), encoding="utf-8"))
    resp = urllib.request.urlopen(request)
    
except HTTPError as e: 
    print(f"HTTPError was received!\n{e}")
    
except URLError as e: 
    print(f"URLError was received!\n{e}")

except Exception as e:
    print(f"General Exception happened!\n{e}")

[Back to Table of Contents](#mainMenu)

## 3.5. Final Resolve Script <a class="anchor" id="section_3_5"></a>

In [None]:
#%%writefile {resolveScript}

import urllib.request
import urllib.error 
import logging
import json

logging.info("=======>>>>>Starting m3sp resolve Script.")

m3sp_to_ct_props_map = {
    "department": "connect_m3sp_department",
    "description": "connect_m3sp_description"
}

base_url = params['connect_m3sp_url']

payload = {
    'username' : params['connect_m3sp_username'],
    'password' : params['connect_m3sp_password']
    }

headers = {
    'Content-Type': "application/json",
    'charset': 'utf-8',
    'User-Agent': "FSCT/1.16.2020"
    }

# Authenticate to get the Web Token
try:
    request = urllib.request.Request(base_url + '/api/authenticate', headers=headers, \
                                     data=bytes(json.dumps(payload), encoding="utf-8"))
    resp = urllib.request.urlopen(request)
    jwt_token = json.loads(resp.read())['token']
    logging.info('=======>>>>>m3sp: Recieved Token: ' + jwt_token)
except:
    logging.info('=======>>>>>m3sp: ERROR Authenticating to Server!')
    
# Device headers with the authorization token
device_headers = {
    'Content-Type': "application/json",
    'charset': 'utf-8',
    'User-Agent': "FSCT/1.16.2020",
    'Authorization': 'Bearer ' + str(jwt_token)
    }

# FS will provide a params{} dictionary with the dependent properties you defined in 'properties.conf' 
# for each of your App's custom properties.
logging.info("=======>>>>>m3sp: parameters supplied by CT: {}".format(params))

# Get info on the passed mac address from server
if "mac" in params:
    mac_addr = params["mac"]
    response = {}
    properties = {}
    logging.info("=======>>>>>m3sp: Resolving mac address: " + mac_addr)
    # Get device information
    try:
        request = urllib.request.Request(base_url + '/api/getdevice/' + mac_addr, headers=device_headers)
        resp = urllib.request.urlopen(request)
        request_response = json.loads(resp.read())
        if request_response:
            return_values = request_response[0]
            for key, value in return_values.items():
                if key in m3sp_to_ct_props_map:
                    properties[m3sp_to_ct_props_map[key]] = value
    except:
        response["error"] = "=======>>>>>m3sp: Error resolving mac address: " + mac_addr
        logging.info(response["error"])

    # All responses from scripts must contain the JSON object 'response'.
    response["properties"] = properties
    logging.info("=======>>>>>m3sp: response returned: {}".format(response))

else:
    response["error"] = "=======>>>>>m3sp: No mac address to query."
    logging.info(response["error"])


In [None]:
# Now build the third Distribution of the m3sp App - and you will get Live properties updates 
! python3 -m zipfile -c {folderName}.zip {folderName}/

[Back to Table of Contents](#mainMenu)

## Chapter 4 - Action API Script <a class="anchor" id="chapter4"></a>

## 4.1. Preparing your Input Parameter <a class="anchor" id="section_4_1"></a>

In [None]:
params = {}
# Panel Params
params['connect_m3sp_url'] = 'http://10.0.1.3:3000'
params['connect_m3sp_username'] = 'forescout'
params['connect_m3sp_password'] = '4Scout123'

m3sp_to_ct_props_map = {
     "department" : "connect_m3sp_department", 
     "description" : "connect_m3sp_description"  
}

# Action Params
params['connect_m3sp_malware_name'] = 'malware.py'
params['connect_m3sp_malware_filetype'] = 'Python'

# Add the simulated input for resolving properties for this mac-address
params['mac'] = '11aa33bb55cc'

[Back to Table of Contents](#mainMenu)

## 4.2. Pushing Information to your API <a class="anchor" id="section_4_2"></a>

In [None]:
import urllib.request, urllib.error
import logging
import json

In [None]:
logging.info("=======>>>>>Starting m3sp action Script.")

# CT will provide a params{} dictionary with the dependent properties you defined in 'properties.conf' for each of your App's custom properties.
logging.info("=======>>>>>m3sp: parameters supplied by CT: {}".format(params))

In [None]:
base_url = params['connect_m3sp_url']

payload = {
    'username' : params['connect_m3sp_username'],
    'password' : params['connect_m3sp_password']
    }

headers = {
    'Content-Type': "application/json",
    'charset': 'utf-8',
    'User-Agent': "FSCT/1.16.2020"
    }

# Authenticate
try:
    request = urllib.request.Request(base_url + '/api/authenticate', headers=headers, data=bytes(json.dumps(payload), encoding="utf-8"))
    resp = urllib.request.urlopen(request)
    jwt_token = json.loads(resp.read())['token']
    logging.info('=======>>>>>m3sp: Recieved Token: ' + jwt_token)
except:
    logging.info('=======>>>>>m3sp: ERROR Authenticating to Server!')

# Device headers with the authorization token
device_headers = {
    'Content-Type': "application/json",
    'charset': 'utf-8',
    'User-Agent': "FSCT/1.16.2020",
    'Authorization': 'Bearer ' + str(jwt_token)
    }

In [None]:
# ----   ACTION ----
device_info = {
    'malware_name' : params["connect_m3sp_malware_name"],
    'department' : params["connect_m3sp_malware_filetype"]
    }

response = {}

try:
    request = urllib.request.Request(base_url + '/api/senddata', headers=device_headers, \
                                     data=bytes(json.dumps(device_info), encoding="utf-8"))
    resp = urllib.request.urlopen(request)
    request_response = json.loads(resp.read())
    if resp.getcode() == 200:
        response['succeeded'] = True
    else:
        response['succeeded'] = False
except:
    response['succeeded'] = False
    logging.info("=======>>>>>Error sending data, server reurned: " + resp.getcode())

logging.info("=======>>>>>Ending m3sp action Script.: {}".format(response))

In [None]:
request_response

[Back to Table of Contents](#mainMenu)

## 4.3. Final Action Script <a class="anchor" id="section_4_3"></a>

In [None]:
#%%writefile {actionScript}
import json
import urllib.request, urllib.error
import logging

logging.info("=======>>>>>Starting m3sp action Script.")

# CT will provide a params{} dictionary with the dependent properties you defined in 'properties.conf' for each of your App's custom properties.
logging.info("=======>>>>>m3sp: parameters supplied by CT: {}".format(params))

# CT will provide a params{} dictionary with the dependent properties you defined in 'properties.conf' & 'ssytem.conf' for each of your App's custom properties.
base_url = params['connect_m3sp_url']

payload = {
    'username' : params['connect_m3sp_username'],
    'password' : params['connect_m3sp_password']
    }

headers = {
    'Content-Type': "application/json",
    'charset': 'utf-8',
    'User-Agent': "FSCT/1.16.2020"
    }

# Authenticate
try:
    request = urllib.request.Request(base_url + '/api/authenticate', headers=headers, data=bytes(json.dumps(payload), encoding="utf-8"))
    resp = urllib.request.urlopen(request)
    jwt_token = json.loads(resp.read())['token']
    logging.info('=======>>>>>m3sp: Recieved Token: ' + jwt_token)
except:
    logging.info('=======>>>>>m3sp: ERROR Authenticating to Server!')

# Device headers with the authorization token
device_headers = {
    'Content-Type': "application/json",
    'charset': 'utf-8',
    'User-Agent': "FSCT/1.16.2020",
    'Authorization': 'Bearer ' + str(jwt_token)
    }

# ----   ACTION ----
device_info = {
    'malware_name' : params["connect_m3sp_malware_name"],
    'department' : params["connect_m3sp_malware_filetype"]
    }

response = {}

try:
    request = urllib.request.Request(base_url + '/api/senddata', headers=device_headers, data=bytes(json.dumps(device_info), encoding="utf-8"))
    resp = urllib.request.urlopen(request)
    request_response = json.loads(resp.read())
    if resp.getcode() == 200:
        response['succeeded'] = True
    else:
        response['succeeded'] = False
except:
    response['succeeded'] = False
    logging.info("=======>>>>>Error sending data, server reurned: " + resp.getcode())

logging.info("=======>>>>>Ending m3sp action Script.: {}".format(response))

In [None]:
# Now build the Final Distribution of the m3sp App - and you will get Live properties updates, and you can send Data!
# Congratulations!
! python3 -m zipfile -c {folderName}.zip {folderName}/

[Back to Table of Contents](#mainMenu)

# Appendix A:  Commands on Forescout Platform <a class="anchor" id="appendixA"></a>

#### Commands to use on Forescout Platform to debug your App. 
On Forescout platform you can use the following command to increase to logging to 

- Set Debug Level to 5 for 10hours: 

fstool connect_module debug 5 10h

- Python Server Logs: 

cd /usr/local/forescout/plugin/connect_module/python_logs/

tail -f python_server.log

- Plugin Logs: 

cd /usr/local/forescout/log/plugin/connect/

tail -f connect.log

!pip install pyJWT

[Back to Table of Contents](#mainMenu)