1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61
|
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License.
'''
FILE: sample1_managing_discovery_runs.py
DESCRIPTION:
This sample demonstrates how to create and manage discovery runs in a workspace using the discovery_groups module of the EasmClient
Prerequisites:
* The Defender EASM client library for Python
USAGE:
python sample1_managing_discovery_runs.py
Set the following environment variables before running the sample:
1) SUBSCRIPTION_ID - the subscription id for your resource
2) WORKSPACE_NAME - the workspace name for your resource
3) RESOURCE_GROUP - the resource group for your resource
4) REGION - the azure region your resource is in
5) HOSTS - a comma separated list of hosts you would like to run discovery on
6) DOMAINS - a comma separated list of hosts you would like to run discovery on
'''
import itertools
import os
from azure.identity import InteractiveBrowserCredential
from azure.defender.easm import EasmClient
#To create an EasmClient, you need your subscription ID, region, and some sort of credential.
sub_id = os.environ['SUBSCRIPTION_ID']
workspace_name = os.environ['WORKSPACE_NAME']
resource_group = os.environ['RESOURCE_GROUP']
region = os.environ['REGION']
endpoint = f'{region}.easm.defender.microsoft.com'
# For the purposes of this demo, I've chosen the InteractiveBrowserCredential but any credential will work.
browser_credential = InteractiveBrowserCredential()
client = EasmClient(endpoint, resource_group, sub_id, workspace_name, browser_credential)
# in order to start discovery runs, we must first create a discovery group, which is a collection of known assets that we can pivot off of. these are created using the `discovery_groups.put` method
hosts = [{'kind': 'host', 'name': i.strip()} for i in os.environ['HOSTS'].split(',')]
domains = [{'kind': 'host', 'name': i.strip()} for i in os.environ['DOMAINS'].split(',')]
name = 'sample discovery group'
assets = hosts + domains
request = {
'description': 'Discovery group made using the Defender EASM SDK sample',
'seeds': assets
}
response = client.discovery_groups.put(name, request)
# Discovery groups created through the API's `put` method aren't run automatically, so we need to start the run ourselves.
client.discovery_groups.run(name)
for group in client.discovery_groups.list():
print(group['name'])
runs = client.discovery_groups.list_runs(group['name'])
for run in itertools.islice(runs, 5):
print(f" - started: {run['startedDate']}, finished: {run['completedDate']}, assets found: {run['totalAssetsFoundCount']}")
|