File: sample1_managing_discovery_runs.py

package info (click to toggle)
python-azure 20250603%2Bgit-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 851,724 kB
  • sloc: python: 7,362,925; ansic: 804; javascript: 287; makefile: 195; sh: 145; xml: 109
file content (61 lines) | stat: -rw-r--r-- 2,632 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License.
'''
FILE: sample1_managing_discovery_runs.py

DESCRIPTION:
    This sample demonstrates how to create and manage discovery runs in a workspace using the discovery_groups module of the EasmClient

Prerequisites:
     * The Defender EASM client library for Python

USAGE:
    python sample1_managing_discovery_runs.py

    Set the following environment variables before running the sample:
    1) SUBSCRIPTION_ID - the subscription id for your resource
    2) WORKSPACE_NAME - the workspace name for your resource
    3) RESOURCE_GROUP - the resource group for your resource
    4) REGION - the azure region your resource is in
    5) HOSTS - a comma separated list of hosts you would like to run discovery on
    6) DOMAINS - a comma separated list of hosts you would like to run discovery on
'''

import itertools
import os
from azure.identity import InteractiveBrowserCredential
from azure.defender.easm import EasmClient

#To create an EasmClient, you need your subscription ID, region, and some sort of credential.
sub_id = os.environ['SUBSCRIPTION_ID']
workspace_name = os.environ['WORKSPACE_NAME']
resource_group = os.environ['RESOURCE_GROUP']
region = os.environ['REGION']
endpoint = f'{region}.easm.defender.microsoft.com'


# For the purposes of this demo, I've chosen the InteractiveBrowserCredential but any credential will work.
browser_credential = InteractiveBrowserCredential()
client = EasmClient(endpoint, resource_group, sub_id, workspace_name, browser_credential)

# in order to start discovery runs, we must first create a discovery group, which is a collection of known assets that we can pivot off of. these are created using the `discovery_groups.put` method

hosts = [{'kind': 'host', 'name': i.strip()} for i in os.environ['HOSTS'].split(',')]
domains = [{'kind': 'host', 'name': i.strip()} for i in os.environ['DOMAINS'].split(',')]
name = 'sample discovery group'
assets = hosts + domains
request = {
	'description': 'Discovery group made using the Defender EASM SDK sample',
	'seeds': assets
}

response = client.discovery_groups.put(name, request)

# Discovery groups created through the API's `put` method aren't run automatically, so we need to start the run ourselves.
client.discovery_groups.run(name)

for group in client.discovery_groups.list():
    print(group['name'])
    runs = client.discovery_groups.list_runs(group['name'])
    for run in itertools.islice(runs, 5):
        print(f" - started: {run['startedDate']}, finished: {run['completedDate']}, assets found: {run['totalAssetsFoundCount']}")