ciscodevnet / dne-security-code Goto Github PK

Python 98.10% Shell 1.90%

dne-security-code's Introduction

Cisco DevNet DevNet Express Security Track Code

This repository contains the sample code to go along with Cisco DevNet Learning Labs covering security topics. During the setup steps of the labs, you'll be asked to clone this repository down to your workstation to get started.

Getting started

Go to https://developer.cisco.com/learning/tracks/devnet-express-security#dne-security-verify and login or register if you're not registered.
Follow the instructions in the lab. The lab environment offers a step-by-step path to configure and run the examples of this repository.

Technical requirements

You may either do the labs in the virtual environment offered by Cisco or configure your own environment on your desktop.

Accessing Cisco virtual lab environment

You need a PC or MAC with the following software:

Anyconnect VPN client : either the package provided by Cisco for Windows environment or the free client available on Linux platform, openconnect http://ubuntuhandbook.org/index.php/2014/11/connect-cisco-anyconnect-vpn-ubuntu/.
RDP client to connect to windows, either the RDP client embarked in any windows OS or a free alternative such as Remmina https://remmina.org/how-to-install-remmina/. The connection parameters are provided in the lab environment.

Working on your own desktop

Python 3.6

Python is required to run the sample scripts.

You have to install Python 3.6. We suggest that you work in a virtual environment to work with Python. If you want to know more about virtual env, this document is an excellent introduction http://christopher5106.github.io/python/2017/10/12/python-packages-and-their-managers-apt-yum-easy_install-pip-virtualenv-conda.html. The lab explains how to install virtual-env. You can work with Miniconda as an alternative. To install Miniconda, follow the official instructions here: https://conda.io/miniconda.html.

Postman

You use Postman to test REST API calls in a graphical environment. To install Postman, follow the official instructions here: https://learning.getpostman.com/docs/postman/launching_postman/installation_and_updates/.

Creating virtual env with Conda

You should run the following commands on Linux to create a virtual environment with Conda:

$conda create --name cisco python=3.6
$source activate cisco

and you're done!

Contributing

Contributions are welcome, and we are glad to review changes through pull requests. See contributing.md for details.

The goal of these learning labs is to ensure a 'hands-on' learning approach rather than just theory or instructions.

About this Sample Code

Contributions are welcome, and we are glad to review changes through pull requests. See contributing.md for details.

Within this repository are several files and folders covering different topics and labs. This table provides details on what each is used for, and which labs they correspond to.

File / Folder	Description
`env_lab.py`	A Python file containing lab infrastructure details for routers, switches and appliances leveraged in the different labs. This file provides a centralized Python `import` that is used in other code samples to retrieve IPs, usernames, and passwords for connections
`env_user.template`	Similar to `env_lab.py`, this is a template for end users to copy within their own code repo as `env_user.py` where they can provide unique details for their own accounts. For example, their Webex Teams (formerly Cisco Spark) authentication token. Not all labs require this file, if one does it will be specified in setup.
`requirements.txt`	Global Python requirements file containing the requirements for all labs within this repository. Each folder also contains a local `requirements.txt` file.
`intro-python-code/`	Sample code and exercises for the Python Fundamentals Learning Labs Pulled in through a file copy in November 2018. Note that the submodule tracks with the `master` branch, but solutions are on the `solution` branch in the original CiscoDevNet/intro-python-code repository.
`intro-rest-api/`	Sample code and exercises for the REST API Fundamentals Learning Labs Pulled in through a file copy in November 2018.
`intro-umbrella/`	Sample code and exercises for the Introduction to Cisco Umbrella Learning Labs (Publishing Soon)
`verify/`	A series of verification scripts primarily used during DevNet Express events to ensure the workshop environment is fully operational.
`dev/`	Resources and information for building code samples and labs.
`requirements-dev.txt`	Python requirements file containing requirements only needed if developing new code samples.

Note: These code samples are also leveraged during DevNet Express events. If you are one of these events, your event proctors and hosts will walk you through event setup and verification steps as part of agenda.

Note: the mission-data directory contains the answsers in JSON files. This is as last resort only when the attendee is not able to solve it. Make sure that the attendees don't use this to "cheat".

Contributing

These learning modules are for public consumption, so you must ensure that you have the rights to any content that you contribute.

Getting Involved

If you’re a Cisco employee and would like to have access to make changes yourself, please add your GitHub ID and we’ll get in touch.
If you'd like to contribute to an existing lab, refer to contributing.md.
If you're interested in creating a new Cisco DevNet Learning Lab, please contact a DevNet administrator for guidance.

dne-security-code's People

Contributors

Stargazers

Watchers

dne-security-code's Issues

Umbrella Mission TODO's are already done, so it's too easy!!!

FDM API does not work with v1, need to be changed to v3 [line 73]

https://github.com/CiscoDevNet/dne-security-code/blob/v1.1-solutions/verify/backend/fdm.py

AMP unused argument - amp_get_eventes.py

‘filepath’ not used

--->

def write_events_to_file(filepath, ampevents):
with open(events_path, "w") as file:
json.dump(ampevents, file, indent=2)

Remove refrence to "verify/" folder in readme file

in the table in the readme file, there's a reference to the "verify/" directory. This directory isn't present in the repo (and is probably a remainder from DNE DNA)

AMP unused imports - amp_quey_param.py

Unused imports

--->

import webexteamssdk
from crayons import blue, red

directory name standardization

Could we please standardize the directory names?
Some have the "dne-security" prefix, eg dne-security-fdm-code
Some don't, eg amp-code

Can we please pick one or the other, and stick to it?
Thank you

ISE non-pythonic code - ise_mission.py

ise_mission.py

In the function ‘post_to_ise’ the payload is created in an extremely non-pythonic way. The nice thing is that there is a function in the code that can do it in a pythonic way: ‘createPayload’ (by the way: the function name is non-PEP8)

Original code

def post_to_ise(maclist, namelist):
    #TODO: Create the URL for the PUT request to apply the ANC policy! Hint: Make sure you pass the Auth paramenters for the API call
    url = MISSION
    env_lab.print_missing_mission_warn(env_lab.get_line())
    
    for items in maclist:
        payload = "{\r\n    \"OperationAdditionalData\": {\r\n    \"additionalData\": [{\r\n    \"name\": \"macAddress\",\r\n    \"value\": \""+ items + "\"\r\n    },\r\n    {\r\n    \"name\": \"policyName\",\r\n    \"value\": \"" + namelist + '"' + "\r\n    }]\r\n  }\r\n}"
        print(json.dumps(payload,sort_keys=True,indent=3))
        response = requests.request("PUT", url, data=payload, verify=False, headers=headers)
        if(response.status_code == 204):
            print("Done!..Applied Quarantine policy to the rogue endpoint...MAC: {0} Threat is now contained....".format(items))
        else:
            print("An error has ocurred with the following code %(error)s" % {'error': response.status_code})

Proposed code:
Import HTTPBasisAuth
Create the payload with the available function
Change the request call, added json=payload in stead of data=payload and added authentication

from requests.auth import HTTPBasicAuth
 
def post_to_ise(maclist, namelist):
    #TODO: Create the URL for the PUT request to apply the ANC policy! Hint: Make sure you pass the Auth paramenters for the API call
    url = MISSION
    env_lab.print_missing_mission_warn(env_lab.get_line())

    authentication = HTTPBasicAuth(username, password)
    for items in maclist:
        payload = createPayload(items, namelist)
        print(json.dumps(payload, sort_keys=True, indent=3))
        response = requests.put(url, json=payload, verify=False, headers=headers, auth=authentication)
        if response.status_code == 204:
            print("Done!..Applied Quarantine policy to the rogue endpoint...MAC: {0} Threat is now contained....".format(items))
        else:
            print("An error has ocurred with the following code %(error)s" % {'error': response.status_code})

Documentation for Module 1 needs to be updated to use Python 3.6 for development host.

On https://developer.cisco.com/learning/devnet-express/devnet-express-security-v1-1/dne-security-verify-v11/dne-security-verify-v-1-1/step/4

Step 3: Set up the Python Virtual Environment

The built-in CentOS RDP host actually needs "python3.6 -m venv venv" rather than "python3 -m venv venv"

when Umbrella mission is done there is a typo: "Umberlla Mission completed!!!" in webex teams

2 typos in umbrella mission

https://github.com/CiscoDevNet/dne-security-code/blob/v1.1-solutions/intro-umbrella/mission/umbrellamission.py

"domin_filter_ip = []"   line 137 should be     "domain_filter_ip = []"

"markdown=f"Umberlla Mission completed!!! \n\n"" line 206 should be "markdown=f"Umbrella Mission completed!!! \n\n""

AMP unused var - amp_custom_detect.py

variable "payload" is not used in "def post_to_amp" function

camelCase in Umbrella mission, mixed with snake_case - umbrellamission.py

many uses of camelCase in https://github.com/CiscoDevNet/dne-security-code/blob/master/intro-umbrella/mission/umbrellamission.py

AMP step 2 JSON pretty print

https://developer.cisco.com/learning/tracks/devnet-express-security/ampforendpoints/intro-into-amp-apis/step/2

Lab guide says:
"You should see a print out to the screen that looks similar to the section below: "
followed by JSON in a pretty format with colors

However, the code just outputs one big ugly blob of JSON text.

So either the lab guide needs to be corrected to match the code, or (preferably) the step2.py code needs to be corrected to json.dumps the JSON all pretty.

(thanks to John Frame for pointing it out)

AMP unused imports - amp_malware_count.py

not used:

import webexteamssdk
from crayons import blue

AMP unused imports - amp_mission.py

Unused imports

-->

from inspect import currentframe

Need to update the README(s)

They are a little boring today and could use some spicing up! Additionally, the contents need to be updated to reflect the v1.1 repo restructuring, coding patterns (use the env_lab.py and env_user.py configuration files), and lab/mission workflows.

"/search/submissions?after=2010-07-18T21:39:13Z&q={}"

then I got 44 hits, otherwise not much...

typo in learning lab FDM

https://developer.cisco.com/learning/devnet-express/devnet-express-security-v1-1/dne-firepower-v11/fdm-restapi-handson-v-1-1/step/4

$ python3 fdm_create_networks.py

should be (otherwise file not found error):

$ python3 fdm_create_network.py

"response" should be "req" in line 96 of the ISE mission

    print("An error has ocurred with the following code %(error)s" % {'error': response.status_code})

https://github.com/CiscoDevNet/dne-security-code/blob/v1.1-solutions/intro-ise/mission/ise_mission.py

umbrella pagination with get request not working - EnforcementGetRequest.py

"url_get" variable is not updated correctly in the while loop, causing the next page not to load.

https://github.com/CiscoDevNet/dne-security-code/blob/master/intro-umbrella/EnforcementGetRequest.py

Original code

# keep doing GET requests, until looped through all domains
while True:
    req = requests.get(url_get)
    json_file = req.json()
    for row in json_file["data"]:
        domain_list.append(row["name"])
    # GET requests will only list 200 domains, if more than that, it will request next bulk of 200 domains
    if bool(json_file["meta"]["next"]):
        Url = json_file["meta"]["next"]
    # break out of loop when finished
    else:    
        break

Fixed code

# keep doing GET requests, until looped through all domains
while True:
    req = requests.get(url_get)
    json_file = req.json()
    for row in json_file["data"]:
        domain_list.append(row["name"])
    # GET requests will only list 200 domains, if more than that, it will request next bulk of 200 domains
    if bool(json_file["meta"]["next"]):
        url_get = json_file["meta"]["next"]
    # break out of loop when finished
    else:    
        break

ciscodevnet / dne-security-code Goto Github PK

dne-security-code's Introduction

Cisco DevNet DevNet Express Security Track Code

Getting started

Technical requirements

Accessing Cisco virtual lab environment

Working on your own desktop

Python 3.6

Postman

Creating virtual env with Conda

Contributing

About this Sample Code

Contributing

Getting Involved

dne-security-code's People

Contributors

Stargazers

Watchers

Forkers

dne-security-code's Issues

Recommend Projects

Recommend Topics

Recommend Org