Otto background

Intro to Using the Automox API: Customizing Events

Automation is key to the modern enterprise. Automox wants to help with that by providing an API to its users. The API interface is protected with a key which can be found in the console.

There are a number of API features to use which can be found here. In this example we will go over using the Events API using python. Be sure to log in to the console, navigate to Settings, and you’ll find the API Key at the bottom of the page.

The data from the API is in JSON format. In this example we will look at the Events call in the API . The fields in the Events JSON are:

{
   "create_time": "2018-06-12T14:33:17.455Z",
   "data": {
     "firstname": "string",
     "lastname": "string",
     "email": "string",
     "orgname": "string",
     "ip": "string",
     "os": "string",
     "systemname": "string",
     "text": "string",
     "status": 0,
     "patches": "string"
   },
   "id": 0,
   "name": "system.add",
   "policy_id": 0,
   "policy_name": "string",
   "policy_type_name": "string",
   "server_id": 0,
   "server_name": "string",
   "user_id": 0
 }
]
 

Sample output from calling events is below:

{   'create_time': '2018-06-11T07:00:14+0000',
   'data': {   'status': '1',
               'text': 'Failed to apply patches ("kubectl")},
   'id': 4284390,
   'name': 'system.policy.action',
   'organization_id': 1,
   'policy_id': 212,
   'policy_name': 'Nightly Patch',
   'policy_type_name': 'patch',
   'server_id': 434,
   'server_name': 'example.com',
   'user_id': None}
 

To access the data we will use Python and the requests package. The simplest example would be to just return all the data to the screen.

import requests
pageText=requests.get("https://console.automox.com/api/events?api_key=yourKey").json()
print(pageText)


This will create a file with the time stamp in the name with all events in it. This would make for easy parsing in your SEIM or even in Excel.You may notice is that it is a bit hard to read, since it is just a JSON dump. Let's go over converting some select data to CSV.

from datetime import datetime
import requests
filename=datetime.now().strftime('%Y-%m-%d %H:%M:%S') + "-events.csv"
fh=open(filename, "w+")
pageText=requests.get("https://console.automox.com/api/events?api_key=yourKey").json()
for event in pageText:
   if 'data' in event:
      csvRow = event['create_time'].split('+')[0]
       + "," + event['server_name'] + "," + event['data']['text']
      fh.write(str(csvRow))
fh.close()
 

You could go further and only show errors by checking the status of the message, allowing for a table output or CSV. And of course you may not want to hardcode the API Key, instead provide them on the command line using argparse. Also adding in to limit to the most X recent errors.

#!/usr/bin/env python3
import json
import requests
from prettytable import PrettyTable
import shutil
import argparse
from datetime import datetime
parser = argparse.ArgumentParser(description='Automox API Example')
parser.add_argument('--limit', help="Limit results to X", type=int)
parser.add_argument('--csv', help="Output as CSV",  action="store_true")
parser.add_argument('--table', help="Output as table",  action="store_true")
parser.add_argument('--errors', help="Show errors only",  action="store_true")
parser.add_argument('apiKey', help="API Key ", type=str)
args=parser.parse_args()
def formatCell(x):
   x.rstrip("\r\n")
   #make sizeable for screen
   termWidth=shutil.get_terminal_size().columns
   #Assume half the screen for error messages
   colWidth= round(termWidth /2)
   chunks=""
   if len(x) > colWidth:
       for chunk in [x[i:i+colWidth] for i in range(0, len(x), colWidth)]:
           if len(chunk) == colWidth:
               chunks += chunk + "\n"
           else:
               chunks += chunk
       return chunks
   else:
       return x
baseUrl="https://console.automox.com/api/events?api_key="
url=baseUrl + args.apiKey
i=0
pageText=requests.get(url).json()
if args.csv:
   filename=datetime.now().strftime('%Y-%m-%d %H:%M:%S') + "-events.csv"
   fh=open(filename, "w+")

table=PrettyTable(["Date", "Host", "Error"])
table.align["Error"] = "l"
for event in pageText:
   if 'data' in event:
       if 'status' in event['data']:
           if event['data']['status'] != 0:
               if args.table:
                   table.add_row([event['create_time'].split('+')[0], event['server_name'], formatCell(event['data']['text'])])
               if args.csv:
                   csvRow = event['create_time'].split('+')[0] + "," + event['server_name'] + "," + event['data']['text']
                   fh.write(str(csvRow))
           if args.limit:
               if i >= args.limit:
                   break
               i+=1
if args.table:
   print(table)
if args.csv:
   fh.close()
 

Usage:

events.py [-h] [--limit LIMIT] [--csv] [--table] [--errors] apiKey
 
Automox API Example
 
positional arguments:
 apiKey         API Key
 
optional arguments:
 -h, --help     show this help message and exit
 --limit LIMIT  Limit results to X
 --csv          Output as CSV
 --table        Output as table
 --errors       Show errors only
 

This just scratches the surface of what you can do with the Automox API. I hope this helps you out with automating your use of Automox. Please let me know if you have any questions.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

Dive deeper into this topic

loading...