Welcome to Dome9’s documentation!¶
Accounts¶
get_cloud_account¶
-
dome9.dome9.Dome9.get_cloud_account(self, cloudId) Get a Cloud Account
Parameters: cloudId (str) – ID of the Cloud Account Returns: Cloud Account object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "vendor": "aws", "name": "string", "externalAccountNumber": "string", "error": "string", "isFetchingSuspended": true, "creationDate": "2019-09-26T10:55:03Z", "credentials": { "apikey": "string", "arn": "string", "secret": "string", "iamUser": "string", "type": "UserBased", "isReadOnly": true }, "iamSafe": { "awsGroupArn": "string", "awsPolicyArn": "string", "mode": "OptIn", "state": "Enabled", "excludedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] }, "restrictedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] } }, "netSec": { "regions": [ { "region": "us_east_1", "name": "string", "hidden": true, "newGroupBehavior": "ReadOnly" } ] }, "magellan": true, "fullProtection": true, "allowReadOnly": true, "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "lambdaScanner": true }
list_aws_accounts¶
-
dome9.dome9.Dome9.list_aws_accounts(self) List AWS accounts
Returns: List of AWS Cloud Accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "vendor": "aws", "name": "string", "externalAccountNumber": "string", "error": "string", "isFetchingSuspended": true, "creationDate": "2019-09-26T10:55:03Z", "credentials": { "apikey": "string", "arn": "string", "secret": "string", "iamUser": "string", "type": "UserBased", "isReadOnly": true }, "iamSafe": { "awsGroupArn": "string", "awsPolicyArn": "string", "mode": "OptIn", "state": "Enabled", "excludedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] }, "restrictedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] } }, "netSec": { "regions": [ { "region": "us_east_1", "name": "string", "hidden": true, "newGroupBehavior": "ReadOnly" } ] }, "magellan": true, "fullProtection": true, "allowReadOnly": true, "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "lambdaScanner": true }
list_azure_accounts¶
-
dome9.dome9.Dome9.list_azure_accounts(self) List Azure accounts
Returns: List of Azure Cloud Accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "name": "string", "subscriptionId": "string", "tenantId": "string", "credentials": { "clientId": "string", "clientPassword": "string" }, "operationMode": "Read", "error": "string", "creationDate": "2019-09-26T10:55:03Z", "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "vendor": "aws" }
list_google_accounts¶
-
dome9.dome9.Dome9.list_google_accounts(self) List Google Cloud Accounts
Returns: List of Google accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "name": "string", "projectId": "string", "creationDate": "2019-09-26T10:55:03Z", "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "gsuite": { "gsuiteUser": "string", "domainName": "string" }, "vendor": "aws" }
list_kubernetes_accounts¶
-
dome9.dome9.Dome9.list_kubernetes_accounts(self) List Kubernetes accounts
Returns: List of Kubernetes accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "name": "string", "creationDate": "2019-09-26T10:55:03Z", "vendor": "aws", "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string" }
list_cloud_accounts¶
-
dome9.dome9.Dome9.list_cloud_accounts(self) List all accounts (AWS, Azure, GCP & Kubernetes)
Returns: List of Cloud Accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "vendor": "aws", "name": "string", "externalAccountNumber": "string", "error": "string", "isFetchingSuspended": true, "creationDate": "2019-09-26T10:55:03Z", "credentials": { "apikey": "string", "arn": "string", "secret": "string", "iamUser": "string", "type": "UserBased", "isReadOnly": true }, "iamSafe": { "awsGroupArn": "string", "awsPolicyArn": "string", "mode": "OptIn", "state": "Enabled", "excludedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] }, "restrictedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] } }, "netSec": { "regions": [ { "region": "us_east_1", "name": "string", "hidden": true, "newGroupBehavior": "ReadOnly" } ] }, "magellan": true, "fullProtection": true, "allowReadOnly": true, "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "lambdaScanner": true }
Assets¶
list_protected_assets¶
-
dome9.dome9.Dome9.list_protected_assets(self, textSearch='', filters=[], pageSize=1000) List all Cloud Assets
Parameters: - textSearch (list) – Filter query by using text string. (i.e.: prod-uk)
- filters (list) – List of filters. [{name: “platform”, value: “aws”},{name: “cloudAccountId”, value: “0123456789”}]
- of filter names (List) – organizationalUnitId, platform, type, cloudAccountId, region, network, resourceGroup.
- pageSize (int) – Items per query
Returns: Pagination of protected assets.
Return type: dict
- Response object:
{ "searchRequest": { "pageSize": 10, "sorting": { "fieldName": null, "direction": 0 }, "filter": { "freeTextPhrase": null, "fields": [], "tags": [], "includedEntityTypes": null, "excludedEntityTypes": null }, "searchAfter": [], "additionalFields": { "source": null, "filterFields": [], "sortField": { "fieldName": null, "direction": 1 } } }, "assets": [ { "id": "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|5|internetGateway|igw-12341234-112345", "entityId": "igw-12341234", "externalCloudAccountId": "1234567890", "cloudAccountId": "ffffaaaa-ffff-ffff-aaaa-123412341234", "srl": "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|5|internetGateway|igw-12341234", "type": "InternetGateway", "name": "", "tags": [], "platform": "aws", "typeByPlatform": "aws|InternetGateway", "network": "vpc-12341234", "region": "us_west_2", "resourceGroup": "", "additionalFields": [ { "name": "IsBillable", "value": "False" } ], "externalAdditionalFields": null } ], "totalCount": 102868, "aggregations": { "resourceGroup": [ { "value": "myrg", "count": 96217 } ], "cloudAccountId": [ { "value": "12341234-1234-1234-1234-123412341234", "count": 7926 } ], "type": [ { "value": "azure|User", "count": 18 }, { "value": "azure|Bastion", "count": 16 }, { "value": "azure|VirtualNetworkGateway", "count": 16 }, { "value": "google|InstanceTemplate", "count": 16 } ], "region": [ { "value": "", "count": 54560 }, { "value": "us_east_1", "count": 8070 }, { "value": "eu_west_1", "count": 3985 } ], "platform": [ { "value": "aws", "count": 45584 }, { "value": "google", "count": 24263 }, { "value": "azure", "count": 20928 }, { "value": "kubernetes", "count": 12093 } ], "network": [ { "value": "", "count": 96480 }, { "value": "injectors-network", "count": 291 }, { "value": "vpc-12341234", "count": 183 } ] }, "searchAfter": [ "ffffaaaa-ffff-ffff-aaaa-123412341234", "", "us_west_1", "vpc-12341234", "InternetGateway", "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|1|internetGateway|igw-12341234-123123" ] }
Rulesets¶
get_ruleset¶
-
dome9.dome9.Dome9.get_ruleset(self, rulesetId=None, name=None) Get a specific Compliance ruleset
Parameters: - rulesetId (str) – Locate ruleset by id
- name (str) – Locate ruleset by name
Returns: Compliance ruleset.
Return type: dict
- Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
list_rulesets¶
-
dome9.dome9.Dome9.list_rulesets(self) List Compliance Rulesets
Returns: List of Compliance rulesets. Return type: list - Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
create_ruleset¶
-
dome9.dome9.Dome9.create_ruleset(self, ruleset) Create a Compliance ruleset
Parameters: ruleset (dict) – Ruleset object. Returns: Compliance ruleset. Return type: dict - Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
update_ruleset¶
-
dome9.dome9.Dome9.update_ruleset(self, ruleset) Update a Compliance ruleset
Parameters: ruleset (dict) – Ruleset object. Returns: Compliance ruleset. Return type: dict - Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
delete_ruleset¶
-
dome9.dome9.Dome9.delete_ruleset(self, rulesetId) Delete a Compliance ruleset
Parameters: rulesetId (str) – ID of the ruleset Returns: Deletion status Return type: bool
Remediations¶
list_remediations¶
-
dome9.dome9.Dome9.list_remediations(self) List Remediations
Returns: List of Remediation object. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "rulesetId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "platform": "Aws", "comment": "string", "cloudBots": [ "string" ] }
create_remediation¶
-
dome9.dome9.Dome9.create_remediation(self, remediation) Create a Remediation
Parameters: remediation (dict) – Remediation object. Returns: Remediation object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "rulesetId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "platform": "Aws", "comment": "string", "cloudBots": [ "string" ] }
update_remediation¶
-
dome9.dome9.Dome9.update_remediation(self, remediation) Update a Remediation
Parameters: remediation (dict) – Remediation object. Returns: Remediation object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "rulesetId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "platform": "Aws", "comment": "string", "cloudBots": [ "string" ] }
delete_remediation¶
-
dome9.dome9.Dome9.delete_remediation(self, remediationId) Delete a Remediation
Parameters: remediationId (str) – ID of the remediation Returns: Deletion status Return type: bool
Exclusions¶
list_exclusions¶
-
dome9.dome9.Dome9.list_exclusions(self) List all exclusions
Returns: List of Exclusion object. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "bundleId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "cloudAccountType": "Aws", "comment": "string" }
delete_exclusion¶
-
dome9.dome9.Dome9.delete_exclusion(self, exclusionId) Delete an exclusion
Parameters: exclusionId (str) – Id of the exclusion Returns: Deletion status Return type: bool
Assessments¶
run_assessment¶
-
dome9.dome9.Dome9.run_assessment(self, rulesetId, cloudAccountId, cloudAccountType, region=None) Run compliance assessments on Cloud Accounts, and get the results
Parameters: - rulesetId (str) – Id of the Compliance Policy Ruleset to run
- cloudAccountId (str) – Id of the Cloud Account
- cloudAccountType (str) – Type of the Cloud Account (Google, Aws, Azure, Kubernetes, …)
- region (str, optional) – Set a specific region. Defaults to None.
Returns: Assessment result. Ref: /docs/source/schemas/AssessmentResults.json
Return type: dict
- Response object:
{ "request": { "dome9CloudAccountId": "00000000-0000-0000-0000-000000000000", "externalCloudAccountId": "string", "cloudAccountId": "string", "region": "string", "cloudNetwork": "string", "cloudAccountType": "Aws", "requestId": "00000000-0000-0000-0000-000000000000" }, "tests": [ { "error": "string", "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0, "exclusionStats": { "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0 }, "entityResults": [ { "validationStatus": "Relevant", "isRelevant": true, "isValid": true, "isExcluded": true, "exclusionId": "00000000-0000-0000-0000-000000000000", "remediationId": "00000000-0000-0000-0000-000000000000", "error": "string", "testObj": {} } ], "rule": { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true }, "testPassed": true } ], "locationMetadata": { "account": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "region": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "cloudNetwork": { "srl": "string", "name": "string", "id": "string", "externalId": "string" } }, "testEntities": { "notSupported": [{}], "instance": [{}], "securityGroup": [{}], "elb": [{}], "rds": [{}], "lambda": [{}], "region": [{}], "virtualMachine": [{}], "networkSecurityGroup": [{}], "cloudTrail": [{}], "nacl": [{}], "vpc": [{}], "subnet": [{}], "s3Bucket": [{}], "applicationLoadBalancer": [{}], "iamUser": [{}], "iamRole": [{}], "iam": [{}], "redshift": [{}], "kms": [{}], "default": [{}], "vmInstance": [{}], "iamGroup": [{}], "efs": [{}], "network": [{}], "elastiCache": [{}], "loadBalancer": [{}], "vNet": [{}], "sqldb": [{}], "redisCache": [{}], "applicationGateway": [{}], "resourceGroup": [{}], "sqlServer": [{}], "ecsCluster": [{}], "keyVault": [{}], "networkLoadBalancer": [{}], "networkInterface": [{}], "ecsTaskDefinition": [{}], "iamPolicy": [{}], "volume": [{}], "cloudFront": [{}], "kinesis": [{}], "iamServerCertificate": [{}], "route53HostedZone": [{}], "route53RecordSetGroup": [{}], "acmCertificate": [{}], "route53Domain": [{}], "storageAccount": [{}], "dynamoDbTable": [{}], "ami": [{}], "vpnGateway": [{}], "virtualMfaDevices": [{}], "internetGateway": [{}], "wafRegional": [{}], "lock": [{}], "vpnConnection": [{}], "ecsTask": [{}], "customerGateway": [{}], "gcpSecurityGroup": [{}], "elasticIP": [{}], "iamInstanceProfile": [{}], "storageBucket": [{}], "ecsService": [{}], "project": [{}], "serviceAccount": [{}], "kmsKeyRing": [{}], "dataWarehouse": [{}], "guardDutyDetector": [{}], "gcpIamPolicy": [{}], "gcpIamUser": [{}], "apiGateway": [{}], "gcpGsuiteUser": [{}], "gcpGsuiteGroup": [{}], "gcpIamGroup": [{}], "bigQuery": [{}], "routeTable": [{}], "gkeCluster": [{}], "postgreSQL": [{}], "vpcFlowLog": [{}], "iamAccountSummary": [{}], "sageMakerNotebook": [{}], "containerRegistry": [{}], "inspector": [{}], "kmsAliases": [{}], "passwordPolicy": [{}], "configurationRecorder": [{}], "cosmosDbAccount": [{}], "networkWatcher": [{}], "vpcPeeringConnection": [{}], "metricAlarm": [{}], "snsSubscription": [{}], "logGroup": [{}], "metricFilter": [{}], "cloudWatchEventsRule": [{}], "awsIamAccessKey": [{}], "kubernetesNode": [{}], "kubernetesPod": [{}], "kubernetesService": [{}], "logProfile": [{}], "policyAssignment": [{}], "kubernetesNetworkPolicy": [{}], "kubernetesIngress": [{}], "kubernetesPodSecurityPolicy": [{}], "cloudSql": [{}], "kubernetesKubelet": [ {} ] }, "dataSyncStatus": [ { "entityType": "NotSupported", "recentlySuccessfulSync": true, "generalFetchPermissionIssues": true, "entitiesWithPermissionIssues": [ { "externalId": "string", "name": "string", "cloudVendorIdentifier": "string" } ] } ], "assessmentPassed": true, "hasErrors": true, "id": 0 }
get_assessment¶
-
dome9.dome9.Dome9.get_assessment(self, assessmentId) Get results of an assesment by id
Parameters: assessmentId (str) – Report/Assessment id Returns: Assesment result. Ref: /docs/source/schemas/AssessmentResults.json Return type: dict - Response object:
{ "request": { "dome9CloudAccountId": "00000000-0000-0000-0000-000000000000", "externalCloudAccountId": "string", "cloudAccountId": "string", "region": "string", "cloudNetwork": "string", "cloudAccountType": "Aws", "requestId": "00000000-0000-0000-0000-000000000000" }, "tests": [ { "error": "string", "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0, "exclusionStats": { "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0 }, "entityResults": [ { "validationStatus": "Relevant", "isRelevant": true, "isValid": true, "isExcluded": true, "exclusionId": "00000000-0000-0000-0000-000000000000", "remediationId": "00000000-0000-0000-0000-000000000000", "error": "string", "testObj": {} } ], "rule": { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true }, "testPassed": true } ], "locationMetadata": { "account": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "region": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "cloudNetwork": { "srl": "string", "name": "string", "id": "string", "externalId": "string" } }, "testEntities": { "notSupported": [{}], "instance": [{}], "securityGroup": [{}], "elb": [{}], "rds": [{}], "lambda": [{}], "region": [{}], "virtualMachine": [{}], "networkSecurityGroup": [{}], "cloudTrail": [{}], "nacl": [{}], "vpc": [{}], "subnet": [{}], "s3Bucket": [{}], "applicationLoadBalancer": [{}], "iamUser": [{}], "iamRole": [{}], "iam": [{}], "redshift": [{}], "kms": [{}], "default": [{}], "vmInstance": [{}], "iamGroup": [{}], "efs": [{}], "network": [{}], "elastiCache": [{}], "loadBalancer": [{}], "vNet": [{}], "sqldb": [{}], "redisCache": [{}], "applicationGateway": [{}], "resourceGroup": [{}], "sqlServer": [{}], "ecsCluster": [{}], "keyVault": [{}], "networkLoadBalancer": [{}], "networkInterface": [{}], "ecsTaskDefinition": [{}], "iamPolicy": [{}], "volume": [{}], "cloudFront": [{}], "kinesis": [{}], "iamServerCertificate": [{}], "route53HostedZone": [{}], "route53RecordSetGroup": [{}], "acmCertificate": [{}], "route53Domain": [{}], "storageAccount": [{}], "dynamoDbTable": [{}], "ami": [{}], "vpnGateway": [{}], "virtualMfaDevices": [{}], "internetGateway": [{}], "wafRegional": [{}], "lock": [{}], "vpnConnection": [{}], "ecsTask": [{}], "customerGateway": [{}], "gcpSecurityGroup": [{}], "elasticIP": [{}], "iamInstanceProfile": [{}], "storageBucket": [{}], "ecsService": [{}], "project": [{}], "serviceAccount": [{}], "kmsKeyRing": [{}], "dataWarehouse": [{}], "guardDutyDetector": [{}], "gcpIamPolicy": [{}], "gcpIamUser": [{}], "apiGateway": [{}], "gcpGsuiteUser": [{}], "gcpGsuiteGroup": [{}], "gcpIamGroup": [{}], "bigQuery": [{}], "routeTable": [{}], "gkeCluster": [{}], "postgreSQL": [{}], "vpcFlowLog": [{}], "iamAccountSummary": [{}], "sageMakerNotebook": [{}], "containerRegistry": [{}], "inspector": [{}], "kmsAliases": [{}], "passwordPolicy": [{}], "configurationRecorder": [{}], "cosmosDbAccount": [{}], "networkWatcher": [{}], "vpcPeeringConnection": [{}], "metricAlarm": [{}], "snsSubscription": [{}], "logGroup": [{}], "metricFilter": [{}], "cloudWatchEventsRule": [{}], "awsIamAccessKey": [{}], "kubernetesNode": [{}], "kubernetesPod": [{}], "kubernetesService": [{}], "logProfile": [{}], "policyAssignment": [{}], "kubernetesNetworkPolicy": [{}], "kubernetesIngress": [{}], "kubernetesPodSecurityPolicy": [{}], "cloudSql": [{}], "kubernetesKubelet": [ {} ] }, "dataSyncStatus": [ { "entityType": "NotSupported", "recentlySuccessfulSync": true, "generalFetchPermissionIssues": true, "entitiesWithPermissionIssues": [ { "externalId": "string", "name": "string", "cloudVendorIdentifier": "string" } ] } ], "assessmentPassed": true, "hasErrors": true, "id": 0 }
Users¶
create_user¶
-
dome9.dome9.Dome9.create_user(self, email, name, surname='') Create user in Dome9
Parameters: - email (str) – User email of the new user
- name (str) – Name of the new user
- surname (str, optional) – Surname of the new user. Defaults to “”
Returns: User object. Ref: /docs/source/schemas/User.json
Return type: dict
- Response object:
{ "id": 0, "name": "string", "email": "MyName@gmail.com", "accountId": 0, "isSuspended": true, "isOwner": true, "isSuperUser": true, "isAuditor": true, "hasApiKey": true, "hasApiKeyV1": true, "hasApiKeyV2": true, "isMfaEnabled": true, "ssoEnabled": true, "roleIds": [ 0 ], "iamSafe": null, "canSwitchRole": true, "isLocked": true, "lastLogin": "2022-05-24T17:41:03Z", "permissions": null, "calculatedPermissions": null, "isMobileDevicePaired": true, "mfaEnforcement": null }
list_users¶
-
dome9.dome9.Dome9.list_users(self) List all Dome9 users for the Dome9 account
Returns: User object. Ref: /docs/source/schemas/User.json Return type: dict - Response object:
{ "id": 0, "name": "string", "email": "MyName@gmail.com", "accountId": 0, "isSuspended": true, "isOwner": true, "isSuperUser": true, "isAuditor": true, "hasApiKey": true, "hasApiKeyV1": true, "hasApiKeyV2": true, "isMfaEnabled": true, "ssoEnabled": true, "roleIds": [ 0 ], "iamSafe": null, "canSwitchRole": true, "isLocked": true, "lastLogin": "2022-05-24T17:41:03Z", "permissions": null, "calculatedPermissions": null, "isMobileDevicePaired": true, "mfaEnforcement": null }
get_user¶
-
dome9.dome9.Dome9.get_user(self, userId) Get user registered in Dome9
Parameters: userId (id) – Id of the user Returns: User object. Ref: /docs/source/schemas/User.json Return type: dict - Response object:
{ "id": 0, "name": "string", "email": "MyName@gmail.com", "accountId": 0, "isSuspended": true, "isOwner": true, "isSuperUser": true, "isAuditor": true, "hasApiKey": true, "hasApiKeyV1": true, "hasApiKeyV2": true, "isMfaEnabled": true, "ssoEnabled": true, "roleIds": [ 0 ], "iamSafe": null, "canSwitchRole": true, "isLocked": true, "lastLogin": "2022-05-24T17:41:03Z", "permissions": null, "calculatedPermissions": null, "isMobileDevicePaired": true, "mfaEnforcement": null }
delete_user¶
-
dome9.dome9.Dome9.delete_user(self, userId) Delete a user in Dome9
Parameters: userId (str) – Id of the user Returns: bool
dome9 package¶
Submodules¶
dome9.dome9 module¶
-
class
dome9.dome9.Dome9(key=None, secret=None, endpoint='https://api.dome9.com', apiVersion='v2')[source]¶ Bases:
object-
get_cloud_account(cloudId)[source]¶ Get a Cloud Account
Parameters: cloudId (str) – ID of the Cloud Account Returns: Cloud Account object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "vendor": "aws", "name": "string", "externalAccountNumber": "string", "error": "string", "isFetchingSuspended": true, "creationDate": "2019-09-26T10:55:03Z", "credentials": { "apikey": "string", "arn": "string", "secret": "string", "iamUser": "string", "type": "UserBased", "isReadOnly": true }, "iamSafe": { "awsGroupArn": "string", "awsPolicyArn": "string", "mode": "OptIn", "state": "Enabled", "excludedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] }, "restrictedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] } }, "netSec": { "regions": [ { "region": "us_east_1", "name": "string", "hidden": true, "newGroupBehavior": "ReadOnly" } ] }, "magellan": true, "fullProtection": true, "allowReadOnly": true, "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "lambdaScanner": true }
-
list_aws_accounts()[source]¶ List AWS accounts
Returns: List of AWS Cloud Accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "vendor": "aws", "name": "string", "externalAccountNumber": "string", "error": "string", "isFetchingSuspended": true, "creationDate": "2019-09-26T10:55:03Z", "credentials": { "apikey": "string", "arn": "string", "secret": "string", "iamUser": "string", "type": "UserBased", "isReadOnly": true }, "iamSafe": { "awsGroupArn": "string", "awsPolicyArn": "string", "mode": "OptIn", "state": "Enabled", "excludedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] }, "restrictedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] } }, "netSec": { "regions": [ { "region": "us_east_1", "name": "string", "hidden": true, "newGroupBehavior": "ReadOnly" } ] }, "magellan": true, "fullProtection": true, "allowReadOnly": true, "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "lambdaScanner": true }
-
list_azure_accounts()[source]¶ List Azure accounts
Returns: List of Azure Cloud Accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "name": "string", "subscriptionId": "string", "tenantId": "string", "credentials": { "clientId": "string", "clientPassword": "string" }, "operationMode": "Read", "error": "string", "creationDate": "2019-09-26T10:55:03Z", "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "vendor": "aws" }
-
list_google_accounts()[source]¶ List Google Cloud Accounts
Returns: List of Google accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "name": "string", "projectId": "string", "creationDate": "2019-09-26T10:55:03Z", "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "gsuite": { "gsuiteUser": "string", "domainName": "string" }, "vendor": "aws" }
-
list_kubernetes_accounts()[source]¶ List Kubernetes accounts
Returns: List of Kubernetes accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "name": "string", "creationDate": "2019-09-26T10:55:03Z", "vendor": "aws", "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string" }
-
list_cloud_accounts()[source]¶ List all accounts (AWS, Azure, GCP & Kubernetes)
Returns: List of Cloud Accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "vendor": "aws", "name": "string", "externalAccountNumber": "string", "error": "string", "isFetchingSuspended": true, "creationDate": "2019-09-26T10:55:03Z", "credentials": { "apikey": "string", "arn": "string", "secret": "string", "iamUser": "string", "type": "UserBased", "isReadOnly": true }, "iamSafe": { "awsGroupArn": "string", "awsPolicyArn": "string", "mode": "OptIn", "state": "Enabled", "excludedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] }, "restrictedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] } }, "netSec": { "regions": [ { "region": "us_east_1", "name": "string", "hidden": true, "newGroupBehavior": "ReadOnly" } ] }, "magellan": true, "fullProtection": true, "allowReadOnly": true, "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "lambdaScanner": true }
-
connect_aws_account(name, secret, roleArn)[source]¶ Connect AWS account to Dome9
Parameters: - name (str) – Name of the new account
- secret (str) – Secret of the AWS role
- roleArn (str) – Role ARN. Identifier of the AWS role
Returns: bool
-
list_protected_assets(textSearch='', filters=[], pageSize=1000)[source]¶ List all Cloud Assets
Parameters: - textSearch (list) – Filter query by using text string. (i.e.: prod-uk)
- filters (list) – List of filters. [{name: “platform”, value: “aws”},{name: “cloudAccountId”, value: “0123456789”}]
- of filter names (List) – organizationalUnitId, platform, type, cloudAccountId, region, network, resourceGroup.
- pageSize (int) – Items per query
Returns: Pagination of protected assets.
Return type: dict
- Response object:
{ "searchRequest": { "pageSize": 10, "sorting": { "fieldName": null, "direction": 0 }, "filter": { "freeTextPhrase": null, "fields": [], "tags": [], "includedEntityTypes": null, "excludedEntityTypes": null }, "searchAfter": [], "additionalFields": { "source": null, "filterFields": [], "sortField": { "fieldName": null, "direction": 1 } } }, "assets": [ { "id": "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|5|internetGateway|igw-12341234-112345", "entityId": "igw-12341234", "externalCloudAccountId": "1234567890", "cloudAccountId": "ffffaaaa-ffff-ffff-aaaa-123412341234", "srl": "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|5|internetGateway|igw-12341234", "type": "InternetGateway", "name": "", "tags": [], "platform": "aws", "typeByPlatform": "aws|InternetGateway", "network": "vpc-12341234", "region": "us_west_2", "resourceGroup": "", "additionalFields": [ { "name": "IsBillable", "value": "False" } ], "externalAdditionalFields": null } ], "totalCount": 102868, "aggregations": { "resourceGroup": [ { "value": "myrg", "count": 96217 } ], "cloudAccountId": [ { "value": "12341234-1234-1234-1234-123412341234", "count": 7926 } ], "type": [ { "value": "azure|User", "count": 18 }, { "value": "azure|Bastion", "count": 16 }, { "value": "azure|VirtualNetworkGateway", "count": 16 }, { "value": "google|InstanceTemplate", "count": 16 } ], "region": [ { "value": "", "count": 54560 }, { "value": "us_east_1", "count": 8070 }, { "value": "eu_west_1", "count": 3985 } ], "platform": [ { "value": "aws", "count": 45584 }, { "value": "google", "count": 24263 }, { "value": "azure", "count": 20928 }, { "value": "kubernetes", "count": 12093 } ], "network": [ { "value": "", "count": 96480 }, { "value": "injectors-network", "count": 291 }, { "value": "vpc-12341234", "count": 183 } ] }, "searchAfter": [ "ffffaaaa-ffff-ffff-aaaa-123412341234", "", "us_west_1", "vpc-12341234", "InternetGateway", "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|1|internetGateway|igw-12341234-123123" ] }
-
list_rulesets()[source]¶ List Compliance Rulesets
Returns: List of Compliance rulesets. Return type: list - Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
-
get_ruleset(rulesetId=None, name=None)[source]¶ Get a specific Compliance ruleset
Parameters: - rulesetId (str) – Locate ruleset by id
- name (str) – Locate ruleset by name
Returns: Compliance ruleset.
Return type: dict
- Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
-
create_ruleset(ruleset)[source]¶ Create a Compliance ruleset
Parameters: ruleset (dict) – Ruleset object. Returns: Compliance ruleset. Return type: dict - Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
-
update_ruleset(ruleset)[source]¶ Update a Compliance ruleset
Parameters: ruleset (dict) – Ruleset object. Returns: Compliance ruleset. Return type: dict - Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
-
delete_ruleset(rulesetId)[source]¶ Delete a Compliance ruleset
Parameters: rulesetId (str) – ID of the ruleset Returns: Deletion status Return type: bool
-
list_remediations()[source]¶ List Remediations
Returns: List of Remediation object. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "rulesetId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "platform": "Aws", "comment": "string", "cloudBots": [ "string" ] }
-
get_remediation(remediationId)[source]¶ Get a specific remediation
Parameters: remediationId (str) – ID of the remediation Returns: Remediation object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "rulesetId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "platform": "Aws", "comment": "string", "cloudBots": [ "string" ] }
-
create_remediation(remediation)[source]¶ Create a Remediation
Parameters: remediation (dict) – Remediation object. Returns: Remediation object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "rulesetId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "platform": "Aws", "comment": "string", "cloudBots": [ "string" ] }
-
update_remediation(remediation)[source]¶ Update a Remediation
Parameters: remediation (dict) – Remediation object. Returns: Remediation object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "rulesetId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "platform": "Aws", "comment": "string", "cloudBots": [ "string" ] }
-
delete_remediation(remediationId)[source]¶ Delete a Remediation
Parameters: remediationId (str) – ID of the remediation Returns: Deletion status Return type: bool
-
list_exclusions()[source]¶ List all exclusions
Returns: List of Exclusion object. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "bundleId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "cloudAccountType": "Aws", "comment": "string" }
-
get_exclusion(exclusionId)[source]¶ Get a specific exclusion
Parameters: exclusionId (str) – ID of the exclusion Returns: Exclusion object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "bundleId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "cloudAccountType": "Aws", "comment": "string" }
-
create_exclusion(exclusion)[source]¶ Create an exclusion
Parameters: exclusion (dict) – Exclusion object. Returns: Exclusion object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "bundleId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "cloudAccountType": "Aws", "comment": "string" }
-
delete_exclusion(exclusionId)[source]¶ Delete an exclusion
Parameters: exclusionId (str) – Id of the exclusion Returns: Deletion status Return type: bool
-
run_assessment(rulesetId, cloudAccountId, cloudAccountType, region=None)[source]¶ Run compliance assessments on Cloud Accounts, and get the results
Parameters: - rulesetId (str) – Id of the Compliance Policy Ruleset to run
- cloudAccountId (str) – Id of the Cloud Account
- cloudAccountType (str) – Type of the Cloud Account (Google, Aws, Azure, Kubernetes, …)
- region (str, optional) – Set a specific region. Defaults to None.
Returns: Assessment result. Ref: /docs/source/schemas/AssessmentResults.json
Return type: dict
- Response object:
{ "request": { "dome9CloudAccountId": "00000000-0000-0000-0000-000000000000", "externalCloudAccountId": "string", "cloudAccountId": "string", "region": "string", "cloudNetwork": "string", "cloudAccountType": "Aws", "requestId": "00000000-0000-0000-0000-000000000000" }, "tests": [ { "error": "string", "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0, "exclusionStats": { "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0 }, "entityResults": [ { "validationStatus": "Relevant", "isRelevant": true, "isValid": true, "isExcluded": true, "exclusionId": "00000000-0000-0000-0000-000000000000", "remediationId": "00000000-0000-0000-0000-000000000000", "error": "string", "testObj": {} } ], "rule": { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true }, "testPassed": true } ], "locationMetadata": { "account": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "region": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "cloudNetwork": { "srl": "string", "name": "string", "id": "string", "externalId": "string" } }, "testEntities": { "notSupported": [{}], "instance": [{}], "securityGroup": [{}], "elb": [{}], "rds": [{}], "lambda": [{}], "region": [{}], "virtualMachine": [{}], "networkSecurityGroup": [{}], "cloudTrail": [{}], "nacl": [{}], "vpc": [{}], "subnet": [{}], "s3Bucket": [{}], "applicationLoadBalancer": [{}], "iamUser": [{}], "iamRole": [{}], "iam": [{}], "redshift": [{}], "kms": [{}], "default": [{}], "vmInstance": [{}], "iamGroup": [{}], "efs": [{}], "network": [{}], "elastiCache": [{}], "loadBalancer": [{}], "vNet": [{}], "sqldb": [{}], "redisCache": [{}], "applicationGateway": [{}], "resourceGroup": [{}], "sqlServer": [{}], "ecsCluster": [{}], "keyVault": [{}], "networkLoadBalancer": [{}], "networkInterface": [{}], "ecsTaskDefinition": [{}], "iamPolicy": [{}], "volume": [{}], "cloudFront": [{}], "kinesis": [{}], "iamServerCertificate": [{}], "route53HostedZone": [{}], "route53RecordSetGroup": [{}], "acmCertificate": [{}], "route53Domain": [{}], "storageAccount": [{}], "dynamoDbTable": [{}], "ami": [{}], "vpnGateway": [{}], "virtualMfaDevices": [{}], "internetGateway": [{}], "wafRegional": [{}], "lock": [{}], "vpnConnection": [{}], "ecsTask": [{}], "customerGateway": [{}], "gcpSecurityGroup": [{}], "elasticIP": [{}], "iamInstanceProfile": [{}], "storageBucket": [{}], "ecsService": [{}], "project": [{}], "serviceAccount": [{}], "kmsKeyRing": [{}], "dataWarehouse": [{}], "guardDutyDetector": [{}], "gcpIamPolicy": [{}], "gcpIamUser": [{}], "apiGateway": [{}], "gcpGsuiteUser": [{}], "gcpGsuiteGroup": [{}], "gcpIamGroup": [{}], "bigQuery": [{}], "routeTable": [{}], "gkeCluster": [{}], "postgreSQL": [{}], "vpcFlowLog": [{}], "iamAccountSummary": [{}], "sageMakerNotebook": [{}], "containerRegistry": [{}], "inspector": [{}], "kmsAliases": [{}], "passwordPolicy": [{}], "configurationRecorder": [{}], "cosmosDbAccount": [{}], "networkWatcher": [{}], "vpcPeeringConnection": [{}], "metricAlarm": [{}], "snsSubscription": [{}], "logGroup": [{}], "metricFilter": [{}], "cloudWatchEventsRule": [{}], "awsIamAccessKey": [{}], "kubernetesNode": [{}], "kubernetesPod": [{}], "kubernetesService": [{}], "logProfile": [{}], "policyAssignment": [{}], "kubernetesNetworkPolicy": [{}], "kubernetesIngress": [{}], "kubernetesPodSecurityPolicy": [{}], "cloudSql": [{}], "kubernetesKubelet": [ {} ] }, "dataSyncStatus": [ { "entityType": "NotSupported", "recentlySuccessfulSync": true, "generalFetchPermissionIssues": true, "entitiesWithPermissionIssues": [ { "externalId": "string", "name": "string", "cloudVendorIdentifier": "string" } ] } ], "assessmentPassed": true, "hasErrors": true, "id": 0 }
-
get_assessment(assessmentId)[source]¶ Get results of an assesment by id
Parameters: assessmentId (str) – Report/Assessment id Returns: Assesment result. Ref: /docs/source/schemas/AssessmentResults.json Return type: dict - Response object:
{ "request": { "dome9CloudAccountId": "00000000-0000-0000-0000-000000000000", "externalCloudAccountId": "string", "cloudAccountId": "string", "region": "string", "cloudNetwork": "string", "cloudAccountType": "Aws", "requestId": "00000000-0000-0000-0000-000000000000" }, "tests": [ { "error": "string", "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0, "exclusionStats": { "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0 }, "entityResults": [ { "validationStatus": "Relevant", "isRelevant": true, "isValid": true, "isExcluded": true, "exclusionId": "00000000-0000-0000-0000-000000000000", "remediationId": "00000000-0000-0000-0000-000000000000", "error": "string", "testObj": {} } ], "rule": { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true }, "testPassed": true } ], "locationMetadata": { "account": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "region": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "cloudNetwork": { "srl": "string", "name": "string", "id": "string", "externalId": "string" } }, "testEntities": { "notSupported": [{}], "instance": [{}], "securityGroup": [{}], "elb": [{}], "rds": [{}], "lambda": [{}], "region": [{}], "virtualMachine": [{}], "networkSecurityGroup": [{}], "cloudTrail": [{}], "nacl": [{}], "vpc": [{}], "subnet": [{}], "s3Bucket": [{}], "applicationLoadBalancer": [{}], "iamUser": [{}], "iamRole": [{}], "iam": [{}], "redshift": [{}], "kms": [{}], "default": [{}], "vmInstance": [{}], "iamGroup": [{}], "efs": [{}], "network": [{}], "elastiCache": [{}], "loadBalancer": [{}], "vNet": [{}], "sqldb": [{}], "redisCache": [{}], "applicationGateway": [{}], "resourceGroup": [{}], "sqlServer": [{}], "ecsCluster": [{}], "keyVault": [{}], "networkLoadBalancer": [{}], "networkInterface": [{}], "ecsTaskDefinition": [{}], "iamPolicy": [{}], "volume": [{}], "cloudFront": [{}], "kinesis": [{}], "iamServerCertificate": [{}], "route53HostedZone": [{}], "route53RecordSetGroup": [{}], "acmCertificate": [{}], "route53Domain": [{}], "storageAccount": [{}], "dynamoDbTable": [{}], "ami": [{}], "vpnGateway": [{}], "virtualMfaDevices": [{}], "internetGateway": [{}], "wafRegional": [{}], "lock": [{}], "vpnConnection": [{}], "ecsTask": [{}], "customerGateway": [{}], "gcpSecurityGroup": [{}], "elasticIP": [{}], "iamInstanceProfile": [{}], "storageBucket": [{}], "ecsService": [{}], "project": [{}], "serviceAccount": [{}], "kmsKeyRing": [{}], "dataWarehouse": [{}], "guardDutyDetector": [{}], "gcpIamPolicy": [{}], "gcpIamUser": [{}], "apiGateway": [{}], "gcpGsuiteUser": [{}], "gcpGsuiteGroup": [{}], "gcpIamGroup": [{}], "bigQuery": [{}], "routeTable": [{}], "gkeCluster": [{}], "postgreSQL": [{}], "vpcFlowLog": [{}], "iamAccountSummary": [{}], "sageMakerNotebook": [{}], "containerRegistry": [{}], "inspector": [{}], "kmsAliases": [{}], "passwordPolicy": [{}], "configurationRecorder": [{}], "cosmosDbAccount": [{}], "networkWatcher": [{}], "vpcPeeringConnection": [{}], "metricAlarm": [{}], "snsSubscription": [{}], "logGroup": [{}], "metricFilter": [{}], "cloudWatchEventsRule": [{}], "awsIamAccessKey": [{}], "kubernetesNode": [{}], "kubernetesPod": [{}], "kubernetesService": [{}], "logProfile": [{}], "policyAssignment": [{}], "kubernetesNetworkPolicy": [{}], "kubernetesIngress": [{}], "kubernetesPodSecurityPolicy": [{}], "cloudSql": [{}], "kubernetesKubelet": [ {} ] }, "dataSyncStatus": [ { "entityType": "NotSupported", "recentlySuccessfulSync": true, "generalFetchPermissionIssues": true, "entitiesWithPermissionIssues": [ { "externalId": "string", "name": "string", "cloudVendorIdentifier": "string" } ] } ], "assessmentPassed": true, "hasErrors": true, "id": 0 }
-
list_users()[source]¶ List all Dome9 users for the Dome9 account
Returns: User object. Ref: /docs/source/schemas/User.json Return type: dict - Response object:
{ "id": 0, "name": "string", "email": "MyName@gmail.com", "accountId": 0, "isSuspended": true, "isOwner": true, "isSuperUser": true, "isAuditor": true, "hasApiKey": true, "hasApiKeyV1": true, "hasApiKeyV2": true, "isMfaEnabled": true, "ssoEnabled": true, "roleIds": [ 0 ], "iamSafe": null, "canSwitchRole": true, "isLocked": true, "lastLogin": "2022-05-24T17:41:03Z", "permissions": null, "calculatedPermissions": null, "isMobileDevicePaired": true, "mfaEnforcement": null }
-
get_user(userId)[source]¶ Get user registered in Dome9
Parameters: userId (id) – Id of the user Returns: User object. Ref: /docs/source/schemas/User.json Return type: dict - Response object:
{ "id": 0, "name": "string", "email": "MyName@gmail.com", "accountId": 0, "isSuspended": true, "isOwner": true, "isSuperUser": true, "isAuditor": true, "hasApiKey": true, "hasApiKeyV1": true, "hasApiKeyV2": true, "isMfaEnabled": true, "ssoEnabled": true, "roleIds": [ 0 ], "iamSafe": null, "canSwitchRole": true, "isLocked": true, "lastLogin": "2022-05-24T17:41:03Z", "permissions": null, "calculatedPermissions": null, "isMobileDevicePaired": true, "mfaEnforcement": null }
-
create_user(email, name, surname='')[source]¶ Create user in Dome9
Parameters: - email (str) – User email of the new user
- name (str) – Name of the new user
- surname (str, optional) – Surname of the new user. Defaults to “”
Returns: User object. Ref: /docs/source/schemas/User.json
Return type: dict
- Response object:
{ "id": 0, "name": "string", "email": "MyName@gmail.com", "accountId": 0, "isSuspended": true, "isOwner": true, "isSuperUser": true, "isAuditor": true, "hasApiKey": true, "hasApiKeyV1": true, "hasApiKeyV2": true, "isMfaEnabled": true, "ssoEnabled": true, "roleIds": [ 0 ], "iamSafe": null, "canSwitchRole": true, "isLocked": true, "lastLogin": "2022-05-24T17:41:03Z", "permissions": null, "calculatedPermissions": null, "isMobileDevicePaired": true, "mfaEnforcement": null }
-
Module contents¶
-
class
dome9.Dome9(key=None, secret=None, endpoint='https://api.dome9.com', apiVersion='v2')[source]¶ Bases:
object-
get_cloud_account(cloudId)[source]¶ Get a Cloud Account
Parameters: cloudId (str) – ID of the Cloud Account Returns: Cloud Account object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "vendor": "aws", "name": "string", "externalAccountNumber": "string", "error": "string", "isFetchingSuspended": true, "creationDate": "2019-09-26T10:55:03Z", "credentials": { "apikey": "string", "arn": "string", "secret": "string", "iamUser": "string", "type": "UserBased", "isReadOnly": true }, "iamSafe": { "awsGroupArn": "string", "awsPolicyArn": "string", "mode": "OptIn", "state": "Enabled", "excludedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] }, "restrictedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] } }, "netSec": { "regions": [ { "region": "us_east_1", "name": "string", "hidden": true, "newGroupBehavior": "ReadOnly" } ] }, "magellan": true, "fullProtection": true, "allowReadOnly": true, "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "lambdaScanner": true }
-
list_aws_accounts()[source]¶ List AWS accounts
Returns: List of AWS Cloud Accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "vendor": "aws", "name": "string", "externalAccountNumber": "string", "error": "string", "isFetchingSuspended": true, "creationDate": "2019-09-26T10:55:03Z", "credentials": { "apikey": "string", "arn": "string", "secret": "string", "iamUser": "string", "type": "UserBased", "isReadOnly": true }, "iamSafe": { "awsGroupArn": "string", "awsPolicyArn": "string", "mode": "OptIn", "state": "Enabled", "excludedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] }, "restrictedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] } }, "netSec": { "regions": [ { "region": "us_east_1", "name": "string", "hidden": true, "newGroupBehavior": "ReadOnly" } ] }, "magellan": true, "fullProtection": true, "allowReadOnly": true, "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "lambdaScanner": true }
-
list_azure_accounts()[source]¶ List Azure accounts
Returns: List of Azure Cloud Accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "name": "string", "subscriptionId": "string", "tenantId": "string", "credentials": { "clientId": "string", "clientPassword": "string" }, "operationMode": "Read", "error": "string", "creationDate": "2019-09-26T10:55:03Z", "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "vendor": "aws" }
-
list_google_accounts()[source]¶ List Google Cloud Accounts
Returns: List of Google accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "name": "string", "projectId": "string", "creationDate": "2019-09-26T10:55:03Z", "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "gsuite": { "gsuiteUser": "string", "domainName": "string" }, "vendor": "aws" }
-
list_kubernetes_accounts()[source]¶ List Kubernetes accounts
Returns: List of Kubernetes accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "name": "string", "creationDate": "2019-09-26T10:55:03Z", "vendor": "aws", "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string" }
-
list_cloud_accounts()[source]¶ List all accounts (AWS, Azure, GCP & Kubernetes)
Returns: List of Cloud Accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "vendor": "aws", "name": "string", "externalAccountNumber": "string", "error": "string", "isFetchingSuspended": true, "creationDate": "2019-09-26T10:55:03Z", "credentials": { "apikey": "string", "arn": "string", "secret": "string", "iamUser": "string", "type": "UserBased", "isReadOnly": true }, "iamSafe": { "awsGroupArn": "string", "awsPolicyArn": "string", "mode": "OptIn", "state": "Enabled", "excludedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] }, "restrictedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] } }, "netSec": { "regions": [ { "region": "us_east_1", "name": "string", "hidden": true, "newGroupBehavior": "ReadOnly" } ] }, "magellan": true, "fullProtection": true, "allowReadOnly": true, "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "lambdaScanner": true }
-
connect_aws_account(name, secret, roleArn)[source]¶ Connect AWS account to Dome9
Parameters: - name (str) – Name of the new account
- secret (str) – Secret of the AWS role
- roleArn (str) – Role ARN. Identifier of the AWS role
Returns: bool
-
list_protected_assets(textSearch='', filters=[], pageSize=1000)[source]¶ List all Cloud Assets
Parameters: - textSearch (list) – Filter query by using text string. (i.e.: prod-uk)
- filters (list) – List of filters. [{name: “platform”, value: “aws”},{name: “cloudAccountId”, value: “0123456789”}]
- of filter names (List) – organizationalUnitId, platform, type, cloudAccountId, region, network, resourceGroup.
- pageSize (int) – Items per query
Returns: Pagination of protected assets.
Return type: dict
- Response object:
{ "searchRequest": { "pageSize": 10, "sorting": { "fieldName": null, "direction": 0 }, "filter": { "freeTextPhrase": null, "fields": [], "tags": [], "includedEntityTypes": null, "excludedEntityTypes": null }, "searchAfter": [], "additionalFields": { "source": null, "filterFields": [], "sortField": { "fieldName": null, "direction": 1 } } }, "assets": [ { "id": "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|5|internetGateway|igw-12341234-112345", "entityId": "igw-12341234", "externalCloudAccountId": "1234567890", "cloudAccountId": "ffffaaaa-ffff-ffff-aaaa-123412341234", "srl": "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|5|internetGateway|igw-12341234", "type": "InternetGateway", "name": "", "tags": [], "platform": "aws", "typeByPlatform": "aws|InternetGateway", "network": "vpc-12341234", "region": "us_west_2", "resourceGroup": "", "additionalFields": [ { "name": "IsBillable", "value": "False" } ], "externalAdditionalFields": null } ], "totalCount": 102868, "aggregations": { "resourceGroup": [ { "value": "myrg", "count": 96217 } ], "cloudAccountId": [ { "value": "12341234-1234-1234-1234-123412341234", "count": 7926 } ], "type": [ { "value": "azure|User", "count": 18 }, { "value": "azure|Bastion", "count": 16 }, { "value": "azure|VirtualNetworkGateway", "count": 16 }, { "value": "google|InstanceTemplate", "count": 16 } ], "region": [ { "value": "", "count": 54560 }, { "value": "us_east_1", "count": 8070 }, { "value": "eu_west_1", "count": 3985 } ], "platform": [ { "value": "aws", "count": 45584 }, { "value": "google", "count": 24263 }, { "value": "azure", "count": 20928 }, { "value": "kubernetes", "count": 12093 } ], "network": [ { "value": "", "count": 96480 }, { "value": "injectors-network", "count": 291 }, { "value": "vpc-12341234", "count": 183 } ] }, "searchAfter": [ "ffffaaaa-ffff-ffff-aaaa-123412341234", "", "us_west_1", "vpc-12341234", "InternetGateway", "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|1|internetGateway|igw-12341234-123123" ] }
-
list_rulesets()[source]¶ List Compliance Rulesets
Returns: List of Compliance rulesets. Return type: list - Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
-
get_ruleset(rulesetId=None, name=None)[source]¶ Get a specific Compliance ruleset
Parameters: - rulesetId (str) – Locate ruleset by id
- name (str) – Locate ruleset by name
Returns: Compliance ruleset.
Return type: dict
- Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
-
create_ruleset(ruleset)[source]¶ Create a Compliance ruleset
Parameters: ruleset (dict) – Ruleset object. Returns: Compliance ruleset. Return type: dict - Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
-
update_ruleset(ruleset)[source]¶ Update a Compliance ruleset
Parameters: ruleset (dict) – Ruleset object. Returns: Compliance ruleset. Return type: dict - Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
-
delete_ruleset(rulesetId)[source]¶ Delete a Compliance ruleset
Parameters: rulesetId (str) – ID of the ruleset Returns: Deletion status Return type: bool
-
list_remediations()[source]¶ List Remediations
Returns: List of Remediation object. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "rulesetId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "platform": "Aws", "comment": "string", "cloudBots": [ "string" ] }
-
get_remediation(remediationId)[source]¶ Get a specific remediation
Parameters: remediationId (str) – ID of the remediation Returns: Remediation object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "rulesetId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "platform": "Aws", "comment": "string", "cloudBots": [ "string" ] }
-
create_remediation(remediation)[source]¶ Create a Remediation
Parameters: remediation (dict) – Remediation object. Returns: Remediation object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "rulesetId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "platform": "Aws", "comment": "string", "cloudBots": [ "string" ] }
-
update_remediation(remediation)[source]¶ Update a Remediation
Parameters: remediation (dict) – Remediation object. Returns: Remediation object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "rulesetId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "platform": "Aws", "comment": "string", "cloudBots": [ "string" ] }
-
delete_remediation(remediationId)[source]¶ Delete a Remediation
Parameters: remediationId (str) – ID of the remediation Returns: Deletion status Return type: bool
-
list_exclusions()[source]¶ List all exclusions
Returns: List of Exclusion object. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "bundleId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "cloudAccountType": "Aws", "comment": "string" }
-
get_exclusion(exclusionId)[source]¶ Get a specific exclusion
Parameters: exclusionId (str) – ID of the exclusion Returns: Exclusion object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "bundleId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "cloudAccountType": "Aws", "comment": "string" }
-
create_exclusion(exclusion)[source]¶ Create an exclusion
Parameters: exclusion (dict) – Exclusion object. Returns: Exclusion object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "bundleId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "cloudAccountType": "Aws", "comment": "string" }
-
delete_exclusion(exclusionId)[source]¶ Delete an exclusion
Parameters: exclusionId (str) – Id of the exclusion Returns: Deletion status Return type: bool
-
run_assessment(rulesetId, cloudAccountId, cloudAccountType, region=None)[source]¶ Run compliance assessments on Cloud Accounts, and get the results
Parameters: - rulesetId (str) – Id of the Compliance Policy Ruleset to run
- cloudAccountId (str) – Id of the Cloud Account
- cloudAccountType (str) – Type of the Cloud Account (Google, Aws, Azure, Kubernetes, …)
- region (str, optional) – Set a specific region. Defaults to None.
Returns: Assessment result. Ref: /docs/source/schemas/AssessmentResults.json
Return type: dict
- Response object:
{ "request": { "dome9CloudAccountId": "00000000-0000-0000-0000-000000000000", "externalCloudAccountId": "string", "cloudAccountId": "string", "region": "string", "cloudNetwork": "string", "cloudAccountType": "Aws", "requestId": "00000000-0000-0000-0000-000000000000" }, "tests": [ { "error": "string", "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0, "exclusionStats": { "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0 }, "entityResults": [ { "validationStatus": "Relevant", "isRelevant": true, "isValid": true, "isExcluded": true, "exclusionId": "00000000-0000-0000-0000-000000000000", "remediationId": "00000000-0000-0000-0000-000000000000", "error": "string", "testObj": {} } ], "rule": { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true }, "testPassed": true } ], "locationMetadata": { "account": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "region": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "cloudNetwork": { "srl": "string", "name": "string", "id": "string", "externalId": "string" } }, "testEntities": { "notSupported": [{}], "instance": [{}], "securityGroup": [{}], "elb": [{}], "rds": [{}], "lambda": [{}], "region": [{}], "virtualMachine": [{}], "networkSecurityGroup": [{}], "cloudTrail": [{}], "nacl": [{}], "vpc": [{}], "subnet": [{}], "s3Bucket": [{}], "applicationLoadBalancer": [{}], "iamUser": [{}], "iamRole": [{}], "iam": [{}], "redshift": [{}], "kms": [{}], "default": [{}], "vmInstance": [{}], "iamGroup": [{}], "efs": [{}], "network": [{}], "elastiCache": [{}], "loadBalancer": [{}], "vNet": [{}], "sqldb": [{}], "redisCache": [{}], "applicationGateway": [{}], "resourceGroup": [{}], "sqlServer": [{}], "ecsCluster": [{}], "keyVault": [{}], "networkLoadBalancer": [{}], "networkInterface": [{}], "ecsTaskDefinition": [{}], "iamPolicy": [{}], "volume": [{}], "cloudFront": [{}], "kinesis": [{}], "iamServerCertificate": [{}], "route53HostedZone": [{}], "route53RecordSetGroup": [{}], "acmCertificate": [{}], "route53Domain": [{}], "storageAccount": [{}], "dynamoDbTable": [{}], "ami": [{}], "vpnGateway": [{}], "virtualMfaDevices": [{}], "internetGateway": [{}], "wafRegional": [{}], "lock": [{}], "vpnConnection": [{}], "ecsTask": [{}], "customerGateway": [{}], "gcpSecurityGroup": [{}], "elasticIP": [{}], "iamInstanceProfile": [{}], "storageBucket": [{}], "ecsService": [{}], "project": [{}], "serviceAccount": [{}], "kmsKeyRing": [{}], "dataWarehouse": [{}], "guardDutyDetector": [{}], "gcpIamPolicy": [{}], "gcpIamUser": [{}], "apiGateway": [{}], "gcpGsuiteUser": [{}], "gcpGsuiteGroup": [{}], "gcpIamGroup": [{}], "bigQuery": [{}], "routeTable": [{}], "gkeCluster": [{}], "postgreSQL": [{}], "vpcFlowLog": [{}], "iamAccountSummary": [{}], "sageMakerNotebook": [{}], "containerRegistry": [{}], "inspector": [{}], "kmsAliases": [{}], "passwordPolicy": [{}], "configurationRecorder": [{}], "cosmosDbAccount": [{}], "networkWatcher": [{}], "vpcPeeringConnection": [{}], "metricAlarm": [{}], "snsSubscription": [{}], "logGroup": [{}], "metricFilter": [{}], "cloudWatchEventsRule": [{}], "awsIamAccessKey": [{}], "kubernetesNode": [{}], "kubernetesPod": [{}], "kubernetesService": [{}], "logProfile": [{}], "policyAssignment": [{}], "kubernetesNetworkPolicy": [{}], "kubernetesIngress": [{}], "kubernetesPodSecurityPolicy": [{}], "cloudSql": [{}], "kubernetesKubelet": [ {} ] }, "dataSyncStatus": [ { "entityType": "NotSupported", "recentlySuccessfulSync": true, "generalFetchPermissionIssues": true, "entitiesWithPermissionIssues": [ { "externalId": "string", "name": "string", "cloudVendorIdentifier": "string" } ] } ], "assessmentPassed": true, "hasErrors": true, "id": 0 }
-
get_assessment(assessmentId)[source]¶ Get results of an assesment by id
Parameters: assessmentId (str) – Report/Assessment id Returns: Assesment result. Ref: /docs/source/schemas/AssessmentResults.json Return type: dict - Response object:
{ "request": { "dome9CloudAccountId": "00000000-0000-0000-0000-000000000000", "externalCloudAccountId": "string", "cloudAccountId": "string", "region": "string", "cloudNetwork": "string", "cloudAccountType": "Aws", "requestId": "00000000-0000-0000-0000-000000000000" }, "tests": [ { "error": "string", "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0, "exclusionStats": { "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0 }, "entityResults": [ { "validationStatus": "Relevant", "isRelevant": true, "isValid": true, "isExcluded": true, "exclusionId": "00000000-0000-0000-0000-000000000000", "remediationId": "00000000-0000-0000-0000-000000000000", "error": "string", "testObj": {} } ], "rule": { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true }, "testPassed": true } ], "locationMetadata": { "account": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "region": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "cloudNetwork": { "srl": "string", "name": "string", "id": "string", "externalId": "string" } }, "testEntities": { "notSupported": [{}], "instance": [{}], "securityGroup": [{}], "elb": [{}], "rds": [{}], "lambda": [{}], "region": [{}], "virtualMachine": [{}], "networkSecurityGroup": [{}], "cloudTrail": [{}], "nacl": [{}], "vpc": [{}], "subnet": [{}], "s3Bucket": [{}], "applicationLoadBalancer": [{}], "iamUser": [{}], "iamRole": [{}], "iam": [{}], "redshift": [{}], "kms": [{}], "default": [{}], "vmInstance": [{}], "iamGroup": [{}], "efs": [{}], "network": [{}], "elastiCache": [{}], "loadBalancer": [{}], "vNet": [{}], "sqldb": [{}], "redisCache": [{}], "applicationGateway": [{}], "resourceGroup": [{}], "sqlServer": [{}], "ecsCluster": [{}], "keyVault": [{}], "networkLoadBalancer": [{}], "networkInterface": [{}], "ecsTaskDefinition": [{}], "iamPolicy": [{}], "volume": [{}], "cloudFront": [{}], "kinesis": [{}], "iamServerCertificate": [{}], "route53HostedZone": [{}], "route53RecordSetGroup": [{}], "acmCertificate": [{}], "route53Domain": [{}], "storageAccount": [{}], "dynamoDbTable": [{}], "ami": [{}], "vpnGateway": [{}], "virtualMfaDevices": [{}], "internetGateway": [{}], "wafRegional": [{}], "lock": [{}], "vpnConnection": [{}], "ecsTask": [{}], "customerGateway": [{}], "gcpSecurityGroup": [{}], "elasticIP": [{}], "iamInstanceProfile": [{}], "storageBucket": [{}], "ecsService": [{}], "project": [{}], "serviceAccount": [{}], "kmsKeyRing": [{}], "dataWarehouse": [{}], "guardDutyDetector": [{}], "gcpIamPolicy": [{}], "gcpIamUser": [{}], "apiGateway": [{}], "gcpGsuiteUser": [{}], "gcpGsuiteGroup": [{}], "gcpIamGroup": [{}], "bigQuery": [{}], "routeTable": [{}], "gkeCluster": [{}], "postgreSQL": [{}], "vpcFlowLog": [{}], "iamAccountSummary": [{}], "sageMakerNotebook": [{}], "containerRegistry": [{}], "inspector": [{}], "kmsAliases": [{}], "passwordPolicy": [{}], "configurationRecorder": [{}], "cosmosDbAccount": [{}], "networkWatcher": [{}], "vpcPeeringConnection": [{}], "metricAlarm": [{}], "snsSubscription": [{}], "logGroup": [{}], "metricFilter": [{}], "cloudWatchEventsRule": [{}], "awsIamAccessKey": [{}], "kubernetesNode": [{}], "kubernetesPod": [{}], "kubernetesService": [{}], "logProfile": [{}], "policyAssignment": [{}], "kubernetesNetworkPolicy": [{}], "kubernetesIngress": [{}], "kubernetesPodSecurityPolicy": [{}], "cloudSql": [{}], "kubernetesKubelet": [ {} ] }, "dataSyncStatus": [ { "entityType": "NotSupported", "recentlySuccessfulSync": true, "generalFetchPermissionIssues": true, "entitiesWithPermissionIssues": [ { "externalId": "string", "name": "string", "cloudVendorIdentifier": "string" } ] } ], "assessmentPassed": true, "hasErrors": true, "id": 0 }
-
list_users()[source]¶ List all Dome9 users for the Dome9 account
Returns: User object. Ref: /docs/source/schemas/User.json Return type: dict - Response object:
{ "id": 0, "name": "string", "email": "MyName@gmail.com", "accountId": 0, "isSuspended": true, "isOwner": true, "isSuperUser": true, "isAuditor": true, "hasApiKey": true, "hasApiKeyV1": true, "hasApiKeyV2": true, "isMfaEnabled": true, "ssoEnabled": true, "roleIds": [ 0 ], "iamSafe": null, "canSwitchRole": true, "isLocked": true, "lastLogin": "2022-05-24T17:41:03Z", "permissions": null, "calculatedPermissions": null, "isMobileDevicePaired": true, "mfaEnforcement": null }
-
get_user(userId)[source]¶ Get user registered in Dome9
Parameters: userId (id) – Id of the user Returns: User object. Ref: /docs/source/schemas/User.json Return type: dict - Response object:
{ "id": 0, "name": "string", "email": "MyName@gmail.com", "accountId": 0, "isSuspended": true, "isOwner": true, "isSuperUser": true, "isAuditor": true, "hasApiKey": true, "hasApiKeyV1": true, "hasApiKeyV2": true, "isMfaEnabled": true, "ssoEnabled": true, "roleIds": [ 0 ], "iamSafe": null, "canSwitchRole": true, "isLocked": true, "lastLogin": "2022-05-24T17:41:03Z", "permissions": null, "calculatedPermissions": null, "isMobileDevicePaired": true, "mfaEnforcement": null }
-
create_user(email, name, surname='')[source]¶ Create user in Dome9
Parameters: - email (str) – User email of the new user
- name (str) – Name of the new user
- surname (str, optional) – Surname of the new user. Defaults to “”
Returns: User object. Ref: /docs/source/schemas/User.json
Return type: dict
- Response object:
{ "id": 0, "name": "string", "email": "MyName@gmail.com", "accountId": 0, "isSuspended": true, "isOwner": true, "isSuperUser": true, "isAuditor": true, "hasApiKey": true, "hasApiKeyV1": true, "hasApiKeyV2": true, "isMfaEnabled": true, "ssoEnabled": true, "roleIds": [ 0 ], "iamSafe": null, "canSwitchRole": true, "isLocked": true, "lastLogin": "2022-05-24T17:41:03Z", "permissions": null, "calculatedPermissions": null, "isMobileDevicePaired": true, "mfaEnforcement": null }
-
Dome9 is a web service that allows you to improve the security of your cloud technologies (AWS, Azure, GCP, Kubernetes, etc…). Through its service you can centralize all the information and perform security controls (GDPR, HIPAA, ISO27001…) individually or globally.
This repository contains a Python SDK of this tool. Initially its SDK did not have much functionality and that is why I developed this one to be able to work and include it within my continuous integration processes.
Installation¶
pip install dome9
Usage¶
from dome9 import Dome9
dome9 = Dome9(key='xxxxxx', secret='yyyyyyy')
rulesets = dome9.list_rulesets()
Authentication¶
There are two ways to authenticate:
- As Arguments: Passing variables on init -> Dome9(key=’xxxxxx’, secret=’yyyyyyy’)
- As Environment variables: Setting your credentials as environment variables -> DOME9_ACCESS_KEY and DOME9_SECRET_KEY
Example:
from dome9 import Dome9
dome9 = Dome9(key='xxxxxx', secret='yyyyyyy')
rulesets = dome9.list_rulesets()
export DOME9_ACCESS_KEY='xxxxxxxxxxxxxxxxxxxx'
export DOME9_SECRET_KEY='yyyyyyyyyyyyyyyyyyyy'
python -c "from dome9 import Dome9; print(Dome9().list_rulesets())"
Agile¶
import json
from dome9 import Dome9
cloudAccount = '00000-00000-00000-00000'
d9 = Dome9()
rulesetTemplate = {}
with open('ruleset','r') as f:
rulesetTemplate = json.loads(f.read())
# Step 1. Create ruleset
ruleset = d9.create_ruleset(rulesetTemplate)
# Step 2. Run Assessment
results = d9.run_assessment(rulesetId=ruleset['id'], cloudAccountId=cloudAccount)
# Step 3. Delete ruleset
ruleset = d9.delete_ruleset(ruleset['id'])