umbr-api 1.0.3

Description:

umbrapi 1.0.3

Docs





Tests







Package






GitHub





Guidelines







umbr_api is Cisco Umbrella APIs wrapper and a command-line utility.
Cisco Umbrella uses the internet’s
DNS infrastructure to block malicious destinations before a connection is
ever established. By delivering security from the cloud, it also provide
more effective security and easy deployment options.
umbr_api supports Enforcement API, Reporting API, and Management API
with some limitations. With help of umbr_api you can add new sites and
URLs to black lists, remove or show current entries, quickly check
the latest security events, or check a status of registered computers
or networks.
Using of command line tools, like umbr_api can immediately provide
information to administrators of the system without myriads of clicks
through GUI interfaces, two-factor authentications, etc.

References:

Cisco Umbrella Enforcement API
Cisco Umbrella Reporting API
Cisco Umbrella Management API



Was created mostly for educational purposes.

Installation
To install from a local folder execute at the ‘umbr_api’ root directory:
pip3 install -e . --no-use-pep517
To install extra requirements from a local folder execute at the ‘umbr_api’
root directory:
pip3 install -e .[dev] --no-use-pep517
pip3 install -e .[doc] --no-use-pep517
pip3 install -e .[dev_lint] --no-use-pep517
To install from production The Python Package Index (PyPI) https://pypi.org
execute:
pip3 install umbr_api
To install from GitHub:
pip3 install git+https://github.com/kolatz/umbr_api.git
To install from a local archive:
pip3 install filename.tar.gz
Please note, that you still need to register and activate API key from Cisco
to enable functionality.


Use of command-line utility
main() in umbrella.py will be registered as umbrella executable.
So, you can run it directly.
Examples (Enforcement API):
umbrella add www.example.com http://www.example.com/images
umbrella add example.com example.com --force
umbrella del www.example.com
umbrella del 555XXXXX --key YOUR-CUSTOMER-KEY-IS-HERE-0123456789
umbrella get 100
umbrella get --key YOUR-CUSTOMER-KEY-IS-HERE-0123456789


Use API wrapper
You need to import particular functions or modules from umbr_api. For example:
from umbr_api import get
get.get_list(key='YOUR-CUSTOMER-KEY-IS-HERE-0123456789')

from umbr_api.add import add
add(domain='example.com', url='example.com', key='YOUR-CUSTOMER-KEY-IS-HERE-0123456789')

There three main functions:

umbr_api.get.get_list
umbr_api.add.add
umbr_api.remove.remove



The API key should be specified via CLI, or it could be read it from
enforcement.json within package data\ folder.


API key

How to obtain API key
You can sign up for 14 day free trial here: https://signup.umbrella.com/


How to use API key

Provide it as an argument for command-line utility

umbrella del www.example.com --key YOUR-CUSTOMER-KEY-IS-HERE-0123456789

Provide it as part of a program call

from umbr_api.get import get_list
response = get_list(key='YOUR-CUSTOMER-KEY-IS-HERE-0123456789')
#. Create data/enforcement.json file in umbr_api package directory.
This is an unsecured and unsupported way because of storing key in clear text
format. To find package directory:
import os
import umbr_api
print(os.path.abspath(umbr_api.__file__))
#. API key can be read from a keyring for command-line execution. To save
API key you can use:
umbrella keyring --add YOUR-CUSTOMER-KEY-IS-HERE-0123456789
umbrella keyring --show

Note

Only macOS platform is tested for keyrings
By default all python apps can read the values of the keys from a keyring
umbrella will try to use --key firstly, then keychain, and finally data/enforcement.json file within umbr_api package directory.





Supported methods

Enforcement API

Add (POST)
Get (GET)
Remove (DELETE)



Management API

Networks (GET)
Roaming Computers (GET)
Internal Networks (GET)
Virtual Appliances (GET)
Sites (GET)
Users (GET)
Roles (GET)



Reporting API

Security Activity Report (GET)
Destinations: Top Identities (GET)
Destinations: Most recent requests (GET)




Limitations

Lack of documentation
You heed to have an active subscription or evaluation
Asserts will be removed with compiling to optimized byte code. This caused various protections to be removed.
Other methods for change or delete entities are not supported and no plans to do that



Known issues
Error while accessing macOS keyring
Python’s binaries may not be signed and they will fail to get an access to
macOS keyring. You should resign them manually to fix it. Error message:
keyring.backends._OS_X_API.SecAuthFailure: (-25293, 'Security Auth Failure: make sure python is signed with codesign util')
$ codesign -v `which python`
/Users/user/.virtualenvs/builings/bin/python: invalid Info.plist (plist or signature have been modified)
In architecture: x86_64
$ codesign -f -s - `which python`
/Users/user/.virtualenvs/builings/bin/python: replacing existing signature


Documentation
Documentation pages based on README.rst file and docstrings.

http://umbr-api.readthedocs.io/en/latest/


Note

A symbolic link README.rst –> docs/README.rst was used to create ToC in Sphinx, which doesn’t support relative paths for ToC.




Contribution guidelines

https://github.com/kolatz/umbr_api/blob/master/docs/CONTRIBUTING.md



Who do I talk to

https://github.com/kolatz/