Maps CVEs to Deep Security IPS rule number(s). Output options are CSV
and JSON
.
The script uses the following environment variables:
DS_KEY
The script can then be called with or without the output-format
parameter, as shown below.
python3 cim.py
21-Oct-19 13:29:51 - INFO - Obtaining DS API key
21-Oct-19 13:29:51 - INFO - Set API version to v1
21-Oct-19 13:29:51 - INFO - Obtained DS API address: https://app.deepsecurity.trendmicro.com/api
21-Oct-19 13:29:51 - INFO - Initiating DS connection
21-Oct-19 13:29:51 - INFO - Obtaining IPS rules...
21-Oct-19 13:30:38 - INFO - Found 5000 rules
21-Oct-19 13:30:57 - INFO - Found 2015 rules
21-Oct-19 13:30:57 - INFO - Total IPS rules found: 7015
21-Oct-19 13:31:02 - INFO - Mapping CVEs to IPS rules
21-Oct-19 13:31:02 - INFO - CVE to IPS rule map:
CVE,IPS Rule ID
CVE-2006-0027,1
CVE-2006-3643,2
CVE-2006-5156,3
CVE-2006-4509,4
CVE-2006-6121,5
CVE-2004-1351,6
CVE-2003-0096,8 167 175
CVE-2006-5344,9
CVE-2006-2327,10
CVE-2006-5340,13
python3 cim.py --output-format json
21-Oct-19 12:36:23 - INFO - Obtaining DS API key
21-Oct-19 12:36:23 - INFO - Set API version to v1
21-Oct-19 12:36:23 - INFO - Obtained DS API address: https://app.deepsecurity.trendmicro.com/api
21-Oct-19 12:36:23 - INFO - Initiating DS connection
21-Oct-19 12:36:23 - INFO - Obtaining IPS rules...
21-Oct-19 12:37:17 - INFO - Found 5000 rules
21-Oct-19 12:37:37 - INFO - Found 2015 rules
21-Oct-19 12:37:37 - INFO - Total IPS rules found: 7015
21-Oct-19 12:37:48 - INFO - Mapping CVEs to IPS rules
21-Oct-19 12:37:48 - INFO - CVE to IPS rule map:
{
"CVE-2006-0027": [1],
"CVE-2006-3643": [2],
"CVE-2006-5156": [3],
"CVE-2006-4509": [4],
"CVE-2006-6121": [5],
"CVE-2004-1351": [6],
"CVE-2003-0096": [8, 167, 175],
"CVE-2006-5344": [9],
"CVE-2006-2327": [10],
"CVE-2006-5340": [13]
...
}
The only package CIM requires is the Deep Security SDK.
- Blog: oznetnerd.com
- Email: will@oznetnerd.com