Joren/Wazuh-SentinelOne
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add .env

Browse Source
This commit is contained in:
Joren
2025-02-26 16:00:09 +01:00
parent 4de5b1b9b7
commit c4acc58c1b
2 changed files with 21 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.env_sample Normal file
View File

@@ -0,0 +1,2 @@
API_KEY=your-secret-api-key
MANAGEMENT_CONSOLE_URL=https://your-management-console-url

37
sentinel_one.py
View File

@@ -3,12 +3,16 @@ import re
import requests import requests
import json import json
from datetime import datetime from datetime import datetime
from dotenv import load_dotenv
# User-defined variables # Load environment variables from .env file
api_url = "https://<MANAGEMENT_CONSOLE_URL>/web/api/v2.1/threats?limit=10" load_dotenv()
api_key = "<API_KEY>"
# Retrieve API key and management console URL securely
api_url = os.getenv("MANAGEMENT_CONSOLE_URL") + "/web/api/v2.1/threats?limit=10"
api_key = os.getenv("API_KEY")
log_file_path = "/var/log/sentinelone.json" log_file_path = "/var/log/sentinelone.json"
custom_timestamp = "" #Enter your preferred timestamp within the quotes using the format 2023-01-01T00:00:00 custom_timestamp = "" # Enter your preferred timestamp using format 2023-01-01T00:00:00
def get_last_timestamp(log_file_path): def get_last_timestamp(log_file_path):
@@ -29,6 +33,7 @@ def get_last_timestamp(log_file_path):
except FileNotFoundError: except FileNotFoundError:
return None return None
def get_logs(start_timestamp): def get_logs(start_timestamp):
headers = { headers = {
'Authorization': f'ApiToken {api_key}', 'Authorization': f'ApiToken {api_key}',
@@ -47,7 +52,12 @@ def get_logs(start_timestamp):
print(f"Failed to fetch logs: {response.status_code}") print(f"Failed to fetch logs: {response.status_code}")
return None return None
def main(): def main():
if not api_key or not api_url:
print("Error: API key or Management Console URL not set. Check your .env file.")
return
# Get the last timestamp from the log file # Get the last timestamp from the log file
last_timestamp = get_last_timestamp(log_file_path) last_timestamp = get_last_timestamp(log_file_path)
if last_timestamp: if last_timestamp:
@@ -56,27 +66,17 @@ def main():
print("Log file is empty or doesn't exist.") print("Log file is empty or doesn't exist.")
if custom_timestamp: if custom_timestamp:
# If custom timestamp is specified, check the log file first
last_timestamp_from_file = get_last_timestamp(log_file_path) last_timestamp_from_file = get_last_timestamp(log_file_path)
if last_timestamp_from_file: start_timestamp = last_timestamp_from_file if last_timestamp_from_file else custom_timestamp
start_timestamp = last_timestamp_from_file print(f"Using timestamp: {start_timestamp}")
print(f"Using last timestamp from log file: {start_timestamp}")
else: else:
start_timestamp = custom_timestamp start_timestamp = last_timestamp if last_timestamp else None
print(f"Using custom timestamp: {start_timestamp}") print(f"Using last timestamp from log file: {start_timestamp}" if start_timestamp else "No last timestamp found.")
else:
start_timestamp = last_timestamp
if last_timestamp:
print(f"Using last timestamp from log file: {start_timestamp}")
else:
print("No last timestamp found in log file.")
start_timestamp = None # Reset start timestamp to None if neither custom nor file timestamp available
# Query the SentinelOne API for logs since the start timestamp # Query the SentinelOne API for logs since the start timestamp
logs = get_logs(start_timestamp) logs = get_logs(start_timestamp)
if logs: if logs:
# Write the logs to the local log file
with open(log_file_path, 'a') as file: with open(log_file_path, 'a') as file:
for log in logs['data']: for log in logs['data']:
file.write(json.dumps(log)) file.write(json.dumps(log))
@@ -85,5 +85,6 @@ def main():
else: else:
print("No logs fetched.") print("No logs fetched.")
if __name__ == "__main__": if __name__ == "__main__":
main() main()