dome9 package¶
Submodules¶
dome9.dome9 module¶
-
class
dome9.dome9.
Dome9
(key=None, secret=None, endpoint='https://api.dome9.com', apiVersion='v2')[source]¶ Bases:
object
-
get_cloud_account
(cloudId)[source]¶ Get a Cloud Account
Parameters: cloudId (str) – ID of the Cloud Account Returns: Cloud Account object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "vendor": "aws", "name": "string", "externalAccountNumber": "string", "error": "string", "isFetchingSuspended": true, "creationDate": "2019-09-26T10:55:03Z", "credentials": { "apikey": "string", "arn": "string", "secret": "string", "iamUser": "string", "type": "UserBased", "isReadOnly": true }, "iamSafe": { "awsGroupArn": "string", "awsPolicyArn": "string", "mode": "OptIn", "state": "Enabled", "excludedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] }, "restrictedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] } }, "netSec": { "regions": [ { "region": "us_east_1", "name": "string", "hidden": true, "newGroupBehavior": "ReadOnly" } ] }, "magellan": true, "fullProtection": true, "allowReadOnly": true, "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "lambdaScanner": true }
-
list_aws_accounts
()[source]¶ List AWS accounts
Returns: List of AWS Cloud Accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "vendor": "aws", "name": "string", "externalAccountNumber": "string", "error": "string", "isFetchingSuspended": true, "creationDate": "2019-09-26T10:55:03Z", "credentials": { "apikey": "string", "arn": "string", "secret": "string", "iamUser": "string", "type": "UserBased", "isReadOnly": true }, "iamSafe": { "awsGroupArn": "string", "awsPolicyArn": "string", "mode": "OptIn", "state": "Enabled", "excludedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] }, "restrictedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] } }, "netSec": { "regions": [ { "region": "us_east_1", "name": "string", "hidden": true, "newGroupBehavior": "ReadOnly" } ] }, "magellan": true, "fullProtection": true, "allowReadOnly": true, "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "lambdaScanner": true }
-
list_azure_accounts
()[source]¶ List Azure accounts
Returns: List of Azure Cloud Accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "name": "string", "subscriptionId": "string", "tenantId": "string", "credentials": { "clientId": "string", "clientPassword": "string" }, "operationMode": "Read", "error": "string", "creationDate": "2019-09-26T10:55:03Z", "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "vendor": "aws" }
-
list_google_accounts
()[source]¶ List Google Cloud Accounts
Returns: List of Google accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "name": "string", "projectId": "string", "creationDate": "2019-09-26T10:55:03Z", "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "gsuite": { "gsuiteUser": "string", "domainName": "string" }, "vendor": "aws" }
-
list_kubernetes_accounts
()[source]¶ List Kubernetes accounts
Returns: List of Kubernetes accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "name": "string", "creationDate": "2019-09-26T10:55:03Z", "vendor": "aws", "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string" }
-
list_cloud_accounts
()[source]¶ List all accounts (AWS, Azure, GCP & Kubernetes)
Returns: List of Cloud Accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "vendor": "aws", "name": "string", "externalAccountNumber": "string", "error": "string", "isFetchingSuspended": true, "creationDate": "2019-09-26T10:55:03Z", "credentials": { "apikey": "string", "arn": "string", "secret": "string", "iamUser": "string", "type": "UserBased", "isReadOnly": true }, "iamSafe": { "awsGroupArn": "string", "awsPolicyArn": "string", "mode": "OptIn", "state": "Enabled", "excludedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] }, "restrictedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] } }, "netSec": { "regions": [ { "region": "us_east_1", "name": "string", "hidden": true, "newGroupBehavior": "ReadOnly" } ] }, "magellan": true, "fullProtection": true, "allowReadOnly": true, "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "lambdaScanner": true }
-
connect_aws_account
(name, secret, roleArn)[source]¶ Connect AWS account to Dome9
Parameters: - name (str) – Name of the new account
- secret (str) – Secret of the AWS role
- roleArn (str) – Role ARN. Identifier of the AWS role
Returns: bool
-
list_protected_assets
(textSearch='', filters=[], pageSize=1000)[source]¶ List all Cloud Assets
Parameters: - textSearch (list) – Filter query by using text string. (i.e.: prod-uk)
- filters (list) – List of filters. [{name: “platform”, value: “aws”},{name: “cloudAccountId”, value: “0123456789”}]
- of filter names (List) – organizationalUnitId, platform, type, cloudAccountId, region, network, resourceGroup.
- pageSize (int) – Items per query
Returns: Pagination of protected assets.
Return type: dict
- Response object:
{ "searchRequest": { "pageSize": 10, "sorting": { "fieldName": null, "direction": 0 }, "filter": { "freeTextPhrase": null, "fields": [], "tags": [], "includedEntityTypes": null, "excludedEntityTypes": null }, "searchAfter": [], "additionalFields": { "source": null, "filterFields": [], "sortField": { "fieldName": null, "direction": 1 } } }, "assets": [ { "id": "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|5|internetGateway|igw-12341234-112345", "entityId": "igw-12341234", "externalCloudAccountId": "1234567890", "cloudAccountId": "ffffaaaa-ffff-ffff-aaaa-123412341234", "srl": "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|5|internetGateway|igw-12341234", "type": "InternetGateway", "name": "", "tags": [], "platform": "aws", "typeByPlatform": "aws|InternetGateway", "network": "vpc-12341234", "region": "us_west_2", "resourceGroup": "", "additionalFields": [ { "name": "IsBillable", "value": "False" } ], "externalAdditionalFields": null } ], "totalCount": 102868, "aggregations": { "resourceGroup": [ { "value": "myrg", "count": 96217 } ], "cloudAccountId": [ { "value": "12341234-1234-1234-1234-123412341234", "count": 7926 } ], "type": [ { "value": "azure|User", "count": 18 }, { "value": "azure|Bastion", "count": 16 }, { "value": "azure|VirtualNetworkGateway", "count": 16 }, { "value": "google|InstanceTemplate", "count": 16 } ], "region": [ { "value": "", "count": 54560 }, { "value": "us_east_1", "count": 8070 }, { "value": "eu_west_1", "count": 3985 } ], "platform": [ { "value": "aws", "count": 45584 }, { "value": "google", "count": 24263 }, { "value": "azure", "count": 20928 }, { "value": "kubernetes", "count": 12093 } ], "network": [ { "value": "", "count": 96480 }, { "value": "injectors-network", "count": 291 }, { "value": "vpc-12341234", "count": 183 } ] }, "searchAfter": [ "ffffaaaa-ffff-ffff-aaaa-123412341234", "", "us_west_1", "vpc-12341234", "InternetGateway", "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|1|internetGateway|igw-12341234-123123" ] }
-
list_rulesets
()[source]¶ List Compliance Rulesets
Returns: List of Compliance rulesets. Return type: list - Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
-
get_ruleset
(rulesetId=None, name=None)[source]¶ Get a specific Compliance ruleset
Parameters: - rulesetId (str) – Locate ruleset by id
- name (str) – Locate ruleset by name
Returns: Compliance ruleset.
Return type: dict
- Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
-
create_ruleset
(ruleset)[source]¶ Create a Compliance ruleset
Parameters: ruleset (dict) – Ruleset object. Returns: Compliance ruleset. Return type: dict - Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
-
update_ruleset
(ruleset)[source]¶ Update a Compliance ruleset
Parameters: ruleset (dict) – Ruleset object. Returns: Compliance ruleset. Return type: dict - Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
-
delete_ruleset
(rulesetId)[source]¶ Delete a Compliance ruleset
Parameters: rulesetId (str) – ID of the ruleset Returns: Deletion status Return type: bool
-
list_remediations
()[source]¶ List Remediations
Returns: List of Remediation object. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "rulesetId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "platform": "Aws", "comment": "string", "cloudBots": [ "string" ] }
-
get_remediation
(remediationId)[source]¶ Get a specific remediation
Parameters: remediationId (str) – ID of the remediation Returns: Remediation object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "rulesetId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "platform": "Aws", "comment": "string", "cloudBots": [ "string" ] }
-
create_remediation
(remediation)[source]¶ Create a Remediation
Parameters: remediation (dict) – Remediation object. Returns: Remediation object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "rulesetId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "platform": "Aws", "comment": "string", "cloudBots": [ "string" ] }
-
update_remediation
(remediation)[source]¶ Update a Remediation
Parameters: remediation (dict) – Remediation object. Returns: Remediation object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "rulesetId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "platform": "Aws", "comment": "string", "cloudBots": [ "string" ] }
-
delete_remediation
(remediationId)[source]¶ Delete a Remediation
Parameters: remediationId (str) – ID of the remediation Returns: Deletion status Return type: bool
-
list_exclusions
()[source]¶ List all exclusions
Returns: List of Exclusion object. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "bundleId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "cloudAccountType": "Aws", "comment": "string" }
-
get_exclusion
(exclusionId)[source]¶ Get a specific exclusion
Parameters: exclusionId (str) – ID of the exclusion Returns: Exclusion object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "bundleId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "cloudAccountType": "Aws", "comment": "string" }
-
create_exclusion
(exclusion)[source]¶ Create an exclusion
Parameters: exclusion (dict) – Exclusion object. Returns: Exclusion object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "bundleId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "cloudAccountType": "Aws", "comment": "string" }
-
delete_exclusion
(exclusionId)[source]¶ Delete an exclusion
Parameters: exclusionId (str) – Id of the exclusion Returns: Deletion status Return type: bool
-
run_assessment
(rulesetId, cloudAccountId, cloudAccountType, region=None)[source]¶ Run compliance assessments on Cloud Accounts, and get the results
Parameters: - rulesetId (str) – Id of the Compliance Policy Ruleset to run
- cloudAccountId (str) – Id of the Cloud Account
- cloudAccountType (str) – Type of the Cloud Account (Google, Aws, Azure, Kubernetes, …)
- region (str, optional) – Set a specific region. Defaults to None.
Returns: Assessment result. Ref: /docs/source/schemas/AssessmentResults.json
Return type: dict
- Response object:
{ "request": { "dome9CloudAccountId": "00000000-0000-0000-0000-000000000000", "externalCloudAccountId": "string", "cloudAccountId": "string", "region": "string", "cloudNetwork": "string", "cloudAccountType": "Aws", "requestId": "00000000-0000-0000-0000-000000000000" }, "tests": [ { "error": "string", "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0, "exclusionStats": { "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0 }, "entityResults": [ { "validationStatus": "Relevant", "isRelevant": true, "isValid": true, "isExcluded": true, "exclusionId": "00000000-0000-0000-0000-000000000000", "remediationId": "00000000-0000-0000-0000-000000000000", "error": "string", "testObj": {} } ], "rule": { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true }, "testPassed": true } ], "locationMetadata": { "account": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "region": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "cloudNetwork": { "srl": "string", "name": "string", "id": "string", "externalId": "string" } }, "testEntities": { "notSupported": [{}], "instance": [{}], "securityGroup": [{}], "elb": [{}], "rds": [{}], "lambda": [{}], "region": [{}], "virtualMachine": [{}], "networkSecurityGroup": [{}], "cloudTrail": [{}], "nacl": [{}], "vpc": [{}], "subnet": [{}], "s3Bucket": [{}], "applicationLoadBalancer": [{}], "iamUser": [{}], "iamRole": [{}], "iam": [{}], "redshift": [{}], "kms": [{}], "default": [{}], "vmInstance": [{}], "iamGroup": [{}], "efs": [{}], "network": [{}], "elastiCache": [{}], "loadBalancer": [{}], "vNet": [{}], "sqldb": [{}], "redisCache": [{}], "applicationGateway": [{}], "resourceGroup": [{}], "sqlServer": [{}], "ecsCluster": [{}], "keyVault": [{}], "networkLoadBalancer": [{}], "networkInterface": [{}], "ecsTaskDefinition": [{}], "iamPolicy": [{}], "volume": [{}], "cloudFront": [{}], "kinesis": [{}], "iamServerCertificate": [{}], "route53HostedZone": [{}], "route53RecordSetGroup": [{}], "acmCertificate": [{}], "route53Domain": [{}], "storageAccount": [{}], "dynamoDbTable": [{}], "ami": [{}], "vpnGateway": [{}], "virtualMfaDevices": [{}], "internetGateway": [{}], "wafRegional": [{}], "lock": [{}], "vpnConnection": [{}], "ecsTask": [{}], "customerGateway": [{}], "gcpSecurityGroup": [{}], "elasticIP": [{}], "iamInstanceProfile": [{}], "storageBucket": [{}], "ecsService": [{}], "project": [{}], "serviceAccount": [{}], "kmsKeyRing": [{}], "dataWarehouse": [{}], "guardDutyDetector": [{}], "gcpIamPolicy": [{}], "gcpIamUser": [{}], "apiGateway": [{}], "gcpGsuiteUser": [{}], "gcpGsuiteGroup": [{}], "gcpIamGroup": [{}], "bigQuery": [{}], "routeTable": [{}], "gkeCluster": [{}], "postgreSQL": [{}], "vpcFlowLog": [{}], "iamAccountSummary": [{}], "sageMakerNotebook": [{}], "containerRegistry": [{}], "inspector": [{}], "kmsAliases": [{}], "passwordPolicy": [{}], "configurationRecorder": [{}], "cosmosDbAccount": [{}], "networkWatcher": [{}], "vpcPeeringConnection": [{}], "metricAlarm": [{}], "snsSubscription": [{}], "logGroup": [{}], "metricFilter": [{}], "cloudWatchEventsRule": [{}], "awsIamAccessKey": [{}], "kubernetesNode": [{}], "kubernetesPod": [{}], "kubernetesService": [{}], "logProfile": [{}], "policyAssignment": [{}], "kubernetesNetworkPolicy": [{}], "kubernetesIngress": [{}], "kubernetesPodSecurityPolicy": [{}], "cloudSql": [{}], "kubernetesKubelet": [ {} ] }, "dataSyncStatus": [ { "entityType": "NotSupported", "recentlySuccessfulSync": true, "generalFetchPermissionIssues": true, "entitiesWithPermissionIssues": [ { "externalId": "string", "name": "string", "cloudVendorIdentifier": "string" } ] } ], "assessmentPassed": true, "hasErrors": true, "id": 0 }
-
get_assessment
(assessmentId)[source]¶ Get results of an assesment by id
Parameters: assessmentId (str) – Report/Assessment id Returns: Assesment result. Ref: /docs/source/schemas/AssessmentResults.json Return type: dict - Response object:
{ "request": { "dome9CloudAccountId": "00000000-0000-0000-0000-000000000000", "externalCloudAccountId": "string", "cloudAccountId": "string", "region": "string", "cloudNetwork": "string", "cloudAccountType": "Aws", "requestId": "00000000-0000-0000-0000-000000000000" }, "tests": [ { "error": "string", "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0, "exclusionStats": { "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0 }, "entityResults": [ { "validationStatus": "Relevant", "isRelevant": true, "isValid": true, "isExcluded": true, "exclusionId": "00000000-0000-0000-0000-000000000000", "remediationId": "00000000-0000-0000-0000-000000000000", "error": "string", "testObj": {} } ], "rule": { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true }, "testPassed": true } ], "locationMetadata": { "account": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "region": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "cloudNetwork": { "srl": "string", "name": "string", "id": "string", "externalId": "string" } }, "testEntities": { "notSupported": [{}], "instance": [{}], "securityGroup": [{}], "elb": [{}], "rds": [{}], "lambda": [{}], "region": [{}], "virtualMachine": [{}], "networkSecurityGroup": [{}], "cloudTrail": [{}], "nacl": [{}], "vpc": [{}], "subnet": [{}], "s3Bucket": [{}], "applicationLoadBalancer": [{}], "iamUser": [{}], "iamRole": [{}], "iam": [{}], "redshift": [{}], "kms": [{}], "default": [{}], "vmInstance": [{}], "iamGroup": [{}], "efs": [{}], "network": [{}], "elastiCache": [{}], "loadBalancer": [{}], "vNet": [{}], "sqldb": [{}], "redisCache": [{}], "applicationGateway": [{}], "resourceGroup": [{}], "sqlServer": [{}], "ecsCluster": [{}], "keyVault": [{}], "networkLoadBalancer": [{}], "networkInterface": [{}], "ecsTaskDefinition": [{}], "iamPolicy": [{}], "volume": [{}], "cloudFront": [{}], "kinesis": [{}], "iamServerCertificate": [{}], "route53HostedZone": [{}], "route53RecordSetGroup": [{}], "acmCertificate": [{}], "route53Domain": [{}], "storageAccount": [{}], "dynamoDbTable": [{}], "ami": [{}], "vpnGateway": [{}], "virtualMfaDevices": [{}], "internetGateway": [{}], "wafRegional": [{}], "lock": [{}], "vpnConnection": [{}], "ecsTask": [{}], "customerGateway": [{}], "gcpSecurityGroup": [{}], "elasticIP": [{}], "iamInstanceProfile": [{}], "storageBucket": [{}], "ecsService": [{}], "project": [{}], "serviceAccount": [{}], "kmsKeyRing": [{}], "dataWarehouse": [{}], "guardDutyDetector": [{}], "gcpIamPolicy": [{}], "gcpIamUser": [{}], "apiGateway": [{}], "gcpGsuiteUser": [{}], "gcpGsuiteGroup": [{}], "gcpIamGroup": [{}], "bigQuery": [{}], "routeTable": [{}], "gkeCluster": [{}], "postgreSQL": [{}], "vpcFlowLog": [{}], "iamAccountSummary": [{}], "sageMakerNotebook": [{}], "containerRegistry": [{}], "inspector": [{}], "kmsAliases": [{}], "passwordPolicy": [{}], "configurationRecorder": [{}], "cosmosDbAccount": [{}], "networkWatcher": [{}], "vpcPeeringConnection": [{}], "metricAlarm": [{}], "snsSubscription": [{}], "logGroup": [{}], "metricFilter": [{}], "cloudWatchEventsRule": [{}], "awsIamAccessKey": [{}], "kubernetesNode": [{}], "kubernetesPod": [{}], "kubernetesService": [{}], "logProfile": [{}], "policyAssignment": [{}], "kubernetesNetworkPolicy": [{}], "kubernetesIngress": [{}], "kubernetesPodSecurityPolicy": [{}], "cloudSql": [{}], "kubernetesKubelet": [ {} ] }, "dataSyncStatus": [ { "entityType": "NotSupported", "recentlySuccessfulSync": true, "generalFetchPermissionIssues": true, "entitiesWithPermissionIssues": [ { "externalId": "string", "name": "string", "cloudVendorIdentifier": "string" } ] } ], "assessmentPassed": true, "hasErrors": true, "id": 0 }
-
list_users
()[source]¶ List all Dome9 users for the Dome9 account
Returns: User object. Ref: /docs/source/schemas/User.json Return type: dict - Response object:
{ "id": 0, "name": "string", "email": "MyName@gmail.com", "accountId": 0, "isSuspended": true, "isOwner": true, "isSuperUser": true, "isAuditor": true, "hasApiKey": true, "hasApiKeyV1": true, "hasApiKeyV2": true, "isMfaEnabled": true, "ssoEnabled": true, "roleIds": [ 0 ], "iamSafe": null, "canSwitchRole": true, "isLocked": true, "lastLogin": "2022-05-24T17:41:03Z", "permissions": null, "calculatedPermissions": null, "isMobileDevicePaired": true, "mfaEnforcement": null }
-
get_user
(userId)[source]¶ Get user registered in Dome9
Parameters: userId (id) – Id of the user Returns: User object. Ref: /docs/source/schemas/User.json Return type: dict - Response object:
{ "id": 0, "name": "string", "email": "MyName@gmail.com", "accountId": 0, "isSuspended": true, "isOwner": true, "isSuperUser": true, "isAuditor": true, "hasApiKey": true, "hasApiKeyV1": true, "hasApiKeyV2": true, "isMfaEnabled": true, "ssoEnabled": true, "roleIds": [ 0 ], "iamSafe": null, "canSwitchRole": true, "isLocked": true, "lastLogin": "2022-05-24T17:41:03Z", "permissions": null, "calculatedPermissions": null, "isMobileDevicePaired": true, "mfaEnforcement": null }
-
create_user
(email, name, surname='')[source]¶ Create user in Dome9
Parameters: - email (str) – User email of the new user
- name (str) – Name of the new user
- surname (str, optional) – Surname of the new user. Defaults to “”
Returns: User object. Ref: /docs/source/schemas/User.json
Return type: dict
- Response object:
{ "id": 0, "name": "string", "email": "MyName@gmail.com", "accountId": 0, "isSuspended": true, "isOwner": true, "isSuperUser": true, "isAuditor": true, "hasApiKey": true, "hasApiKeyV1": true, "hasApiKeyV2": true, "isMfaEnabled": true, "ssoEnabled": true, "roleIds": [ 0 ], "iamSafe": null, "canSwitchRole": true, "isLocked": true, "lastLogin": "2022-05-24T17:41:03Z", "permissions": null, "calculatedPermissions": null, "isMobileDevicePaired": true, "mfaEnforcement": null }
-
Module contents¶
-
class
dome9.
Dome9
(key=None, secret=None, endpoint='https://api.dome9.com', apiVersion='v2')[source]¶ Bases:
object
-
get_cloud_account
(cloudId)[source]¶ Get a Cloud Account
Parameters: cloudId (str) – ID of the Cloud Account Returns: Cloud Account object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "vendor": "aws", "name": "string", "externalAccountNumber": "string", "error": "string", "isFetchingSuspended": true, "creationDate": "2019-09-26T10:55:03Z", "credentials": { "apikey": "string", "arn": "string", "secret": "string", "iamUser": "string", "type": "UserBased", "isReadOnly": true }, "iamSafe": { "awsGroupArn": "string", "awsPolicyArn": "string", "mode": "OptIn", "state": "Enabled", "excludedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] }, "restrictedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] } }, "netSec": { "regions": [ { "region": "us_east_1", "name": "string", "hidden": true, "newGroupBehavior": "ReadOnly" } ] }, "magellan": true, "fullProtection": true, "allowReadOnly": true, "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "lambdaScanner": true }
-
list_aws_accounts
()[source]¶ List AWS accounts
Returns: List of AWS Cloud Accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "vendor": "aws", "name": "string", "externalAccountNumber": "string", "error": "string", "isFetchingSuspended": true, "creationDate": "2019-09-26T10:55:03Z", "credentials": { "apikey": "string", "arn": "string", "secret": "string", "iamUser": "string", "type": "UserBased", "isReadOnly": true }, "iamSafe": { "awsGroupArn": "string", "awsPolicyArn": "string", "mode": "OptIn", "state": "Enabled", "excludedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] }, "restrictedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] } }, "netSec": { "regions": [ { "region": "us_east_1", "name": "string", "hidden": true, "newGroupBehavior": "ReadOnly" } ] }, "magellan": true, "fullProtection": true, "allowReadOnly": true, "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "lambdaScanner": true }
-
list_azure_accounts
()[source]¶ List Azure accounts
Returns: List of Azure Cloud Accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "name": "string", "subscriptionId": "string", "tenantId": "string", "credentials": { "clientId": "string", "clientPassword": "string" }, "operationMode": "Read", "error": "string", "creationDate": "2019-09-26T10:55:03Z", "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "vendor": "aws" }
-
list_google_accounts
()[source]¶ List Google Cloud Accounts
Returns: List of Google accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "name": "string", "projectId": "string", "creationDate": "2019-09-26T10:55:03Z", "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "gsuite": { "gsuiteUser": "string", "domainName": "string" }, "vendor": "aws" }
-
list_kubernetes_accounts
()[source]¶ List Kubernetes accounts
Returns: List of Kubernetes accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "name": "string", "creationDate": "2019-09-26T10:55:03Z", "vendor": "aws", "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string" }
-
list_cloud_accounts
()[source]¶ List all accounts (AWS, Azure, GCP & Kubernetes)
Returns: List of Cloud Accounts. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "vendor": "aws", "name": "string", "externalAccountNumber": "string", "error": "string", "isFetchingSuspended": true, "creationDate": "2019-09-26T10:55:03Z", "credentials": { "apikey": "string", "arn": "string", "secret": "string", "iamUser": "string", "type": "UserBased", "isReadOnly": true }, "iamSafe": { "awsGroupArn": "string", "awsPolicyArn": "string", "mode": "OptIn", "state": "Enabled", "excludedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] }, "restrictedIamEntities": { "rolesArns": [ "string" ], "usersArns": [ "string" ] } }, "netSec": { "regions": [ { "region": "us_east_1", "name": "string", "hidden": true, "newGroupBehavior": "ReadOnly" } ] }, "magellan": true, "fullProtection": true, "allowReadOnly": true, "organizationalUnitId": "00000000-0000-0000-0000-000000000000", "organizationalUnitPath": "string", "organizationalUnitName": "string", "lambdaScanner": true }
-
connect_aws_account
(name, secret, roleArn)[source]¶ Connect AWS account to Dome9
Parameters: - name (str) – Name of the new account
- secret (str) – Secret of the AWS role
- roleArn (str) – Role ARN. Identifier of the AWS role
Returns: bool
-
list_protected_assets
(textSearch='', filters=[], pageSize=1000)[source]¶ List all Cloud Assets
Parameters: - textSearch (list) – Filter query by using text string. (i.e.: prod-uk)
- filters (list) – List of filters. [{name: “platform”, value: “aws”},{name: “cloudAccountId”, value: “0123456789”}]
- of filter names (List) – organizationalUnitId, platform, type, cloudAccountId, region, network, resourceGroup.
- pageSize (int) – Items per query
Returns: Pagination of protected assets.
Return type: dict
- Response object:
{ "searchRequest": { "pageSize": 10, "sorting": { "fieldName": null, "direction": 0 }, "filter": { "freeTextPhrase": null, "fields": [], "tags": [], "includedEntityTypes": null, "excludedEntityTypes": null }, "searchAfter": [], "additionalFields": { "source": null, "filterFields": [], "sortField": { "fieldName": null, "direction": 1 } } }, "assets": [ { "id": "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|5|internetGateway|igw-12341234-112345", "entityId": "igw-12341234", "externalCloudAccountId": "1234567890", "cloudAccountId": "ffffaaaa-ffff-ffff-aaaa-123412341234", "srl": "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|5|internetGateway|igw-12341234", "type": "InternetGateway", "name": "", "tags": [], "platform": "aws", "typeByPlatform": "aws|InternetGateway", "network": "vpc-12341234", "region": "us_west_2", "resourceGroup": "", "additionalFields": [ { "name": "IsBillable", "value": "False" } ], "externalAdditionalFields": null } ], "totalCount": 102868, "aggregations": { "resourceGroup": [ { "value": "myrg", "count": 96217 } ], "cloudAccountId": [ { "value": "12341234-1234-1234-1234-123412341234", "count": 7926 } ], "type": [ { "value": "azure|User", "count": 18 }, { "value": "azure|Bastion", "count": 16 }, { "value": "azure|VirtualNetworkGateway", "count": 16 }, { "value": "google|InstanceTemplate", "count": 16 } ], "region": [ { "value": "", "count": 54560 }, { "value": "us_east_1", "count": 8070 }, { "value": "eu_west_1", "count": 3985 } ], "platform": [ { "value": "aws", "count": 45584 }, { "value": "google", "count": 24263 }, { "value": "azure", "count": 20928 }, { "value": "kubernetes", "count": 12093 } ], "network": [ { "value": "", "count": 96480 }, { "value": "injectors-network", "count": 291 }, { "value": "vpc-12341234", "count": 183 } ] }, "searchAfter": [ "ffffaaaa-ffff-ffff-aaaa-123412341234", "", "us_west_1", "vpc-12341234", "InternetGateway", "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|1|internetGateway|igw-12341234-123123" ] }
-
list_rulesets
()[source]¶ List Compliance Rulesets
Returns: List of Compliance rulesets. Return type: list - Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
-
get_ruleset
(rulesetId=None, name=None)[source]¶ Get a specific Compliance ruleset
Parameters: - rulesetId (str) – Locate ruleset by id
- name (str) – Locate ruleset by name
Returns: Compliance ruleset.
Return type: dict
- Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
-
create_ruleset
(ruleset)[source]¶ Create a Compliance ruleset
Parameters: ruleset (dict) – Ruleset object. Returns: Compliance ruleset. Return type: dict - Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
-
update_ruleset
(ruleset)[source]¶ Update a Compliance ruleset
Parameters: ruleset (dict) – Ruleset object. Returns: Compliance ruleset. Return type: dict - Response object:
{ "rules": [ { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true } ], "accountId": 0, "createdTime": "2019-09-26T10:55:03Z", "updatedTime": "2019-09-26T10:55:03Z", "id": 0, "name": "string", "description": "string", "isTemplate": true, "hideInCompliance": true, "minFeatureTier": "Trial", "section": 0, "tooltipText": "string", "showBundle": true, "systemBundle": true, "cloudVendor": "aws", "version": 0, "language": "string", "rulesCount": 0 }
-
delete_ruleset
(rulesetId)[source]¶ Delete a Compliance ruleset
Parameters: rulesetId (str) – ID of the ruleset Returns: Deletion status Return type: bool
-
list_remediations
()[source]¶ List Remediations
Returns: List of Remediation object. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "rulesetId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "platform": "Aws", "comment": "string", "cloudBots": [ "string" ] }
-
get_remediation
(remediationId)[source]¶ Get a specific remediation
Parameters: remediationId (str) – ID of the remediation Returns: Remediation object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "rulesetId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "platform": "Aws", "comment": "string", "cloudBots": [ "string" ] }
-
create_remediation
(remediation)[source]¶ Create a Remediation
Parameters: remediation (dict) – Remediation object. Returns: Remediation object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "rulesetId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "platform": "Aws", "comment": "string", "cloudBots": [ "string" ] }
-
update_remediation
(remediation)[source]¶ Update a Remediation
Parameters: remediation (dict) – Remediation object. Returns: Remediation object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "rulesetId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "platform": "Aws", "comment": "string", "cloudBots": [ "string" ] }
-
delete_remediation
(remediationId)[source]¶ Delete a Remediation
Parameters: remediationId (str) – ID of the remediation Returns: Deletion status Return type: bool
-
list_exclusions
()[source]¶ List all exclusions
Returns: List of Exclusion object. Return type: list - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "bundleId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "cloudAccountType": "Aws", "comment": "string" }
-
get_exclusion
(exclusionId)[source]¶ Get a specific exclusion
Parameters: exclusionId (str) – ID of the exclusion Returns: Exclusion object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "bundleId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "cloudAccountType": "Aws", "comment": "string" }
-
create_exclusion
(exclusion)[source]¶ Create an exclusion
Parameters: exclusion (dict) – Exclusion object. Returns: Exclusion object. Return type: dict - Response object:
{ "id": "00000000-0000-0000-0000-000000000000", "ruleLogicHash": "string", "ruleName": "string", "ruleId": "string", "logic": "string", "bundleId": 0, "cloudAccountId": "00000000-0000-0000-0000-000000000000", "cloudAccountType": "Aws", "comment": "string" }
-
delete_exclusion
(exclusionId)[source]¶ Delete an exclusion
Parameters: exclusionId (str) – Id of the exclusion Returns: Deletion status Return type: bool
-
run_assessment
(rulesetId, cloudAccountId, cloudAccountType, region=None)[source]¶ Run compliance assessments on Cloud Accounts, and get the results
Parameters: - rulesetId (str) – Id of the Compliance Policy Ruleset to run
- cloudAccountId (str) – Id of the Cloud Account
- cloudAccountType (str) – Type of the Cloud Account (Google, Aws, Azure, Kubernetes, …)
- region (str, optional) – Set a specific region. Defaults to None.
Returns: Assessment result. Ref: /docs/source/schemas/AssessmentResults.json
Return type: dict
- Response object:
{ "request": { "dome9CloudAccountId": "00000000-0000-0000-0000-000000000000", "externalCloudAccountId": "string", "cloudAccountId": "string", "region": "string", "cloudNetwork": "string", "cloudAccountType": "Aws", "requestId": "00000000-0000-0000-0000-000000000000" }, "tests": [ { "error": "string", "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0, "exclusionStats": { "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0 }, "entityResults": [ { "validationStatus": "Relevant", "isRelevant": true, "isValid": true, "isExcluded": true, "exclusionId": "00000000-0000-0000-0000-000000000000", "remediationId": "00000000-0000-0000-0000-000000000000", "error": "string", "testObj": {} } ], "rule": { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true }, "testPassed": true } ], "locationMetadata": { "account": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "region": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "cloudNetwork": { "srl": "string", "name": "string", "id": "string", "externalId": "string" } }, "testEntities": { "notSupported": [{}], "instance": [{}], "securityGroup": [{}], "elb": [{}], "rds": [{}], "lambda": [{}], "region": [{}], "virtualMachine": [{}], "networkSecurityGroup": [{}], "cloudTrail": [{}], "nacl": [{}], "vpc": [{}], "subnet": [{}], "s3Bucket": [{}], "applicationLoadBalancer": [{}], "iamUser": [{}], "iamRole": [{}], "iam": [{}], "redshift": [{}], "kms": [{}], "default": [{}], "vmInstance": [{}], "iamGroup": [{}], "efs": [{}], "network": [{}], "elastiCache": [{}], "loadBalancer": [{}], "vNet": [{}], "sqldb": [{}], "redisCache": [{}], "applicationGateway": [{}], "resourceGroup": [{}], "sqlServer": [{}], "ecsCluster": [{}], "keyVault": [{}], "networkLoadBalancer": [{}], "networkInterface": [{}], "ecsTaskDefinition": [{}], "iamPolicy": [{}], "volume": [{}], "cloudFront": [{}], "kinesis": [{}], "iamServerCertificate": [{}], "route53HostedZone": [{}], "route53RecordSetGroup": [{}], "acmCertificate": [{}], "route53Domain": [{}], "storageAccount": [{}], "dynamoDbTable": [{}], "ami": [{}], "vpnGateway": [{}], "virtualMfaDevices": [{}], "internetGateway": [{}], "wafRegional": [{}], "lock": [{}], "vpnConnection": [{}], "ecsTask": [{}], "customerGateway": [{}], "gcpSecurityGroup": [{}], "elasticIP": [{}], "iamInstanceProfile": [{}], "storageBucket": [{}], "ecsService": [{}], "project": [{}], "serviceAccount": [{}], "kmsKeyRing": [{}], "dataWarehouse": [{}], "guardDutyDetector": [{}], "gcpIamPolicy": [{}], "gcpIamUser": [{}], "apiGateway": [{}], "gcpGsuiteUser": [{}], "gcpGsuiteGroup": [{}], "gcpIamGroup": [{}], "bigQuery": [{}], "routeTable": [{}], "gkeCluster": [{}], "postgreSQL": [{}], "vpcFlowLog": [{}], "iamAccountSummary": [{}], "sageMakerNotebook": [{}], "containerRegistry": [{}], "inspector": [{}], "kmsAliases": [{}], "passwordPolicy": [{}], "configurationRecorder": [{}], "cosmosDbAccount": [{}], "networkWatcher": [{}], "vpcPeeringConnection": [{}], "metricAlarm": [{}], "snsSubscription": [{}], "logGroup": [{}], "metricFilter": [{}], "cloudWatchEventsRule": [{}], "awsIamAccessKey": [{}], "kubernetesNode": [{}], "kubernetesPod": [{}], "kubernetesService": [{}], "logProfile": [{}], "policyAssignment": [{}], "kubernetesNetworkPolicy": [{}], "kubernetesIngress": [{}], "kubernetesPodSecurityPolicy": [{}], "cloudSql": [{}], "kubernetesKubelet": [ {} ] }, "dataSyncStatus": [ { "entityType": "NotSupported", "recentlySuccessfulSync": true, "generalFetchPermissionIssues": true, "entitiesWithPermissionIssues": [ { "externalId": "string", "name": "string", "cloudVendorIdentifier": "string" } ] } ], "assessmentPassed": true, "hasErrors": true, "id": 0 }
-
get_assessment
(assessmentId)[source]¶ Get results of an assesment by id
Parameters: assessmentId (str) – Report/Assessment id Returns: Assesment result. Ref: /docs/source/schemas/AssessmentResults.json Return type: dict - Response object:
{ "request": { "dome9CloudAccountId": "00000000-0000-0000-0000-000000000000", "externalCloudAccountId": "string", "cloudAccountId": "string", "region": "string", "cloudNetwork": "string", "cloudAccountType": "Aws", "requestId": "00000000-0000-0000-0000-000000000000" }, "tests": [ { "error": "string", "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0, "exclusionStats": { "testedCount": 0, "relevantCount": 0, "nonComplyingCount": 0 }, "entityResults": [ { "validationStatus": "Relevant", "isRelevant": true, "isValid": true, "isExcluded": true, "exclusionId": "00000000-0000-0000-0000-000000000000", "remediationId": "00000000-0000-0000-0000-000000000000", "error": "string", "testObj": {} } ], "rule": { "name": "string", "severity": "Low", "logic": "string", "description": "string", "remediation": "string", "complianceTag": "string", "domain": "string", "priority": "string", "controlTitle": "string", "ruleId": "string", "logicHash": "string", "isDefault": true }, "testPassed": true } ], "locationMetadata": { "account": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "region": { "srl": "string", "name": "string", "id": "string", "externalId": "string" }, "cloudNetwork": { "srl": "string", "name": "string", "id": "string", "externalId": "string" } }, "testEntities": { "notSupported": [{}], "instance": [{}], "securityGroup": [{}], "elb": [{}], "rds": [{}], "lambda": [{}], "region": [{}], "virtualMachine": [{}], "networkSecurityGroup": [{}], "cloudTrail": [{}], "nacl": [{}], "vpc": [{}], "subnet": [{}], "s3Bucket": [{}], "applicationLoadBalancer": [{}], "iamUser": [{}], "iamRole": [{}], "iam": [{}], "redshift": [{}], "kms": [{}], "default": [{}], "vmInstance": [{}], "iamGroup": [{}], "efs": [{}], "network": [{}], "elastiCache": [{}], "loadBalancer": [{}], "vNet": [{}], "sqldb": [{}], "redisCache": [{}], "applicationGateway": [{}], "resourceGroup": [{}], "sqlServer": [{}], "ecsCluster": [{}], "keyVault": [{}], "networkLoadBalancer": [{}], "networkInterface": [{}], "ecsTaskDefinition": [{}], "iamPolicy": [{}], "volume": [{}], "cloudFront": [{}], "kinesis": [{}], "iamServerCertificate": [{}], "route53HostedZone": [{}], "route53RecordSetGroup": [{}], "acmCertificate": [{}], "route53Domain": [{}], "storageAccount": [{}], "dynamoDbTable": [{}], "ami": [{}], "vpnGateway": [{}], "virtualMfaDevices": [{}], "internetGateway": [{}], "wafRegional": [{}], "lock": [{}], "vpnConnection": [{}], "ecsTask": [{}], "customerGateway": [{}], "gcpSecurityGroup": [{}], "elasticIP": [{}], "iamInstanceProfile": [{}], "storageBucket": [{}], "ecsService": [{}], "project": [{}], "serviceAccount": [{}], "kmsKeyRing": [{}], "dataWarehouse": [{}], "guardDutyDetector": [{}], "gcpIamPolicy": [{}], "gcpIamUser": [{}], "apiGateway": [{}], "gcpGsuiteUser": [{}], "gcpGsuiteGroup": [{}], "gcpIamGroup": [{}], "bigQuery": [{}], "routeTable": [{}], "gkeCluster": [{}], "postgreSQL": [{}], "vpcFlowLog": [{}], "iamAccountSummary": [{}], "sageMakerNotebook": [{}], "containerRegistry": [{}], "inspector": [{}], "kmsAliases": [{}], "passwordPolicy": [{}], "configurationRecorder": [{}], "cosmosDbAccount": [{}], "networkWatcher": [{}], "vpcPeeringConnection": [{}], "metricAlarm": [{}], "snsSubscription": [{}], "logGroup": [{}], "metricFilter": [{}], "cloudWatchEventsRule": [{}], "awsIamAccessKey": [{}], "kubernetesNode": [{}], "kubernetesPod": [{}], "kubernetesService": [{}], "logProfile": [{}], "policyAssignment": [{}], "kubernetesNetworkPolicy": [{}], "kubernetesIngress": [{}], "kubernetesPodSecurityPolicy": [{}], "cloudSql": [{}], "kubernetesKubelet": [ {} ] }, "dataSyncStatus": [ { "entityType": "NotSupported", "recentlySuccessfulSync": true, "generalFetchPermissionIssues": true, "entitiesWithPermissionIssues": [ { "externalId": "string", "name": "string", "cloudVendorIdentifier": "string" } ] } ], "assessmentPassed": true, "hasErrors": true, "id": 0 }
-
list_users
()[source]¶ List all Dome9 users for the Dome9 account
Returns: User object. Ref: /docs/source/schemas/User.json Return type: dict - Response object:
{ "id": 0, "name": "string", "email": "MyName@gmail.com", "accountId": 0, "isSuspended": true, "isOwner": true, "isSuperUser": true, "isAuditor": true, "hasApiKey": true, "hasApiKeyV1": true, "hasApiKeyV2": true, "isMfaEnabled": true, "ssoEnabled": true, "roleIds": [ 0 ], "iamSafe": null, "canSwitchRole": true, "isLocked": true, "lastLogin": "2022-05-24T17:41:03Z", "permissions": null, "calculatedPermissions": null, "isMobileDevicePaired": true, "mfaEnforcement": null }
-
get_user
(userId)[source]¶ Get user registered in Dome9
Parameters: userId (id) – Id of the user Returns: User object. Ref: /docs/source/schemas/User.json Return type: dict - Response object:
{ "id": 0, "name": "string", "email": "MyName@gmail.com", "accountId": 0, "isSuspended": true, "isOwner": true, "isSuperUser": true, "isAuditor": true, "hasApiKey": true, "hasApiKeyV1": true, "hasApiKeyV2": true, "isMfaEnabled": true, "ssoEnabled": true, "roleIds": [ 0 ], "iamSafe": null, "canSwitchRole": true, "isLocked": true, "lastLogin": "2022-05-24T17:41:03Z", "permissions": null, "calculatedPermissions": null, "isMobileDevicePaired": true, "mfaEnforcement": null }
-
create_user
(email, name, surname='')[source]¶ Create user in Dome9
Parameters: - email (str) – User email of the new user
- name (str) – Name of the new user
- surname (str, optional) – Surname of the new user. Defaults to “”
Returns: User object. Ref: /docs/source/schemas/User.json
Return type: dict
- Response object:
{ "id": 0, "name": "string", "email": "MyName@gmail.com", "accountId": 0, "isSuspended": true, "isOwner": true, "isSuperUser": true, "isAuditor": true, "hasApiKey": true, "hasApiKeyV1": true, "hasApiKeyV2": true, "isMfaEnabled": true, "ssoEnabled": true, "roleIds": [ 0 ], "iamSafe": null, "canSwitchRole": true, "isLocked": true, "lastLogin": "2022-05-24T17:41:03Z", "permissions": null, "calculatedPermissions": null, "isMobileDevicePaired": true, "mfaEnforcement": null }
-