McAfee SIEM Command Line Interface and Python API
Project description
McAfee SIEM Command Line Interface and Python API
Based on the work of andywalen : https://github.com/andywalden
Installation
pip install msiem
msiem config --set auth
python3 setup.py test
Command Line Interface Help
$ msiem --help
usage: Use "msiem --help" for more information
McAfee SIEM Command Line Interface and Python API
positional arguments:
{config,alarms}
optional arguments:
-h, --help show this help message and exit
--version Show version
-v, --verbose Increase output verbosity
$ msiem alarms --help
optional arguments:
-h, --help show this help message and exit
--ack Acknowledge the alarms
--unack Unacknowledge the alarms
--delete Delete the alarms
--time_range time_range, -t time_range
Timerange in['CUSTOM', 'LAST_MINUTE',
'LAST_10_MINUTES', 'LAST_30_MINUTES', 'LAST_HOUR',
'CURRENT_DAY', 'PREVIOUS_DAY', 'LAST_24_HOURS',
'LAST_2_DAYS', 'LAST_3_DAYS', 'CURRENT_WEEK',
'PREVIOUS_WEEK', 'CURRENT_MONTH', 'PREVIOUS_MONTH',
'CURRENT_QUARTER', 'PREVIOUS_QUARTER', 'CURRENT_YEAR',
'PREVIOUS_YEAR']
--start_time time, --t1 time
Start trigger date
--end_time time, --t2 time
End trigger date
--status status Status of the alarm [ack|unack|all]
--filters '<key>=<match>' ['<key>=<match>' ...], -f '<key>=<match>' ['<key>=<match>' ...]
List of filters
--summary sumary Alarm summary filter
--assignee assignee Alarm assignee filter
--severity severity Alarm severity filter
--trigdate trigdate Alarm trigdate filter
--ackdate ackdate Alarm ackdate filter
--ackuser ackuser Alarm ackuser filter
--name name Alarm name filter
--msg msg Event msg filter
--count count Event count filter
--srcip srcip Event srcip filter
--dstip dstip Event dstip filter
--protocol protocol Event protocol filter
--date date Event date filter
--subtype subtype Event subtype filter
$ msiem config --help
usage: Use "msiem --help" for more information config [-h] [--list] [--set]
optional arguments:
-h, --help show this help message and exit
--list List configuration fields
--set Will inveractively prompt for configuration settings
CLI exemple
msiem alarms --ack -t LAST_3_DAYS --status ackowledged --filters msg=Wordpress srcip=2.150. dstip=10.1.
Python exemple
alarms = msiem.query.AlarmQuery(
time_range='LAST_24_HOURS',
filters=[('alarmName', 'High Severity Event'),
('severity', [80,85,90,95,100]),
('ruleMessage', 'HTTP')]
).execute()
alarms.show()
alarms.acknowledge()
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distributions
msiem-0.0.6-py3.7.egg
(48.5 kB
view hashes)
msiem-0.0.6-py3-none-any.whl
(22.3 kB
view hashes)