dome9 package

Submodules

dome9.dome9 module

class dome9.dome9.Dome9(key=None, secret=None, endpoint='https://api.dome9.com', apiVersion='v2')[source]

Bases: object

get_cloud_account(cloudId)[source]

Get a Cloud Account

Parameters:cloudId (str) – ID of the Cloud Account
Returns:Cloud Account object.
Return type:dict
Response object:
{
  "id": "00000000-0000-0000-0000-000000000000",
  "vendor": "aws",
  "name": "string",
  "externalAccountNumber": "string",
  "error": "string",
  "isFetchingSuspended": true,
  "creationDate": "2019-09-26T10:55:03Z",
  "credentials": {
    "apikey": "string",
    "arn": "string",
    "secret": "string",
    "iamUser": "string",
    "type": "UserBased",
    "isReadOnly": true
  },
  "iamSafe": {
    "awsGroupArn": "string",
    "awsPolicyArn": "string",
    "mode": "OptIn",
    "state": "Enabled",
    "excludedIamEntities": {
      "rolesArns": [
        "string"
      ],
      "usersArns": [
        "string"
      ]
    },
    "restrictedIamEntities": {
      "rolesArns": [
        "string"
      ],
      "usersArns": [
        "string"
      ]
    }
  },
  "netSec": {
    "regions": [
      {
        "region": "us_east_1",
        "name": "string",
        "hidden": true,
        "newGroupBehavior": "ReadOnly"
      }
    ]
  },
  "magellan": true,
  "fullProtection": true,
  "allowReadOnly": true,
  "organizationalUnitId": "00000000-0000-0000-0000-000000000000",
  "organizationalUnitPath": "string",
  "organizationalUnitName": "string",
  "lambdaScanner": true
}
list_aws_accounts()[source]

List AWS accounts

Returns:List of AWS Cloud Accounts.
Return type:list
Response object:
{
  "id": "00000000-0000-0000-0000-000000000000",
  "vendor": "aws",
  "name": "string",
  "externalAccountNumber": "string",
  "error": "string",
  "isFetchingSuspended": true,
  "creationDate": "2019-09-26T10:55:03Z",
  "credentials": {
    "apikey": "string",
    "arn": "string",
    "secret": "string",
    "iamUser": "string",
    "type": "UserBased",
    "isReadOnly": true
  },
  "iamSafe": {
    "awsGroupArn": "string",
    "awsPolicyArn": "string",
    "mode": "OptIn",
    "state": "Enabled",
    "excludedIamEntities": {
      "rolesArns": [
        "string"
      ],
      "usersArns": [
        "string"
      ]
    },
    "restrictedIamEntities": {
      "rolesArns": [
        "string"
      ],
      "usersArns": [
        "string"
      ]
    }
  },
  "netSec": {
    "regions": [
      {
        "region": "us_east_1",
        "name": "string",
        "hidden": true,
        "newGroupBehavior": "ReadOnly"
      }
    ]
  },
  "magellan": true,
  "fullProtection": true,
  "allowReadOnly": true,
  "organizationalUnitId": "00000000-0000-0000-0000-000000000000",
  "organizationalUnitPath": "string",
  "organizationalUnitName": "string",
  "lambdaScanner": true
}
list_azure_accounts()[source]

List Azure accounts

Returns:List of Azure Cloud Accounts.
Return type:list
Response object:
{
  "id": "00000000-0000-0000-0000-000000000000",
  "name": "string",
  "subscriptionId": "string",
  "tenantId": "string",
  "credentials": {
    "clientId": "string",
    "clientPassword": "string"
  },
  "operationMode": "Read",
  "error": "string",
  "creationDate": "2019-09-26T10:55:03Z",
  "organizationalUnitId": "00000000-0000-0000-0000-000000000000",
  "organizationalUnitPath": "string",
  "organizationalUnitName": "string",
  "vendor": "aws"
}
list_google_accounts()[source]

List Google Cloud Accounts

Returns:List of Google accounts.
Return type:list
Response object:
{
    "id": "00000000-0000-0000-0000-000000000000",
    "name": "string",
    "projectId": "string",
    "creationDate": "2019-09-26T10:55:03Z",
    "organizationalUnitId": "00000000-0000-0000-0000-000000000000",
    "organizationalUnitPath": "string",
    "organizationalUnitName": "string",
    "gsuite": {
        "gsuiteUser": "string",
        "domainName": "string"
    },
    "vendor": "aws"
}
list_kubernetes_accounts()[source]

List Kubernetes accounts

Returns:List of Kubernetes accounts.
Return type:list
Response object:
{
    "id": "00000000-0000-0000-0000-000000000000",
    "name": "string",
    "creationDate": "2019-09-26T10:55:03Z",
    "vendor": "aws",
    "organizationalUnitId": "00000000-0000-0000-0000-000000000000",
    "organizationalUnitPath": "string",
    "organizationalUnitName": "string"
}
list_cloud_accounts()[source]

List all accounts (AWS, Azure, GCP & Kubernetes)

Returns:List of Cloud Accounts.
Return type:list
Response object:
{
  "id": "00000000-0000-0000-0000-000000000000",
  "vendor": "aws",
  "name": "string",
  "externalAccountNumber": "string",
  "error": "string",
  "isFetchingSuspended": true,
  "creationDate": "2019-09-26T10:55:03Z",
  "credentials": {
    "apikey": "string",
    "arn": "string",
    "secret": "string",
    "iamUser": "string",
    "type": "UserBased",
    "isReadOnly": true
  },
  "iamSafe": {
    "awsGroupArn": "string",
    "awsPolicyArn": "string",
    "mode": "OptIn",
    "state": "Enabled",
    "excludedIamEntities": {
      "rolesArns": [
        "string"
      ],
      "usersArns": [
        "string"
      ]
    },
    "restrictedIamEntities": {
      "rolesArns": [
        "string"
      ],
      "usersArns": [
        "string"
      ]
    }
  },
  "netSec": {
    "regions": [
      {
        "region": "us_east_1",
        "name": "string",
        "hidden": true,
        "newGroupBehavior": "ReadOnly"
      }
    ]
  },
  "magellan": true,
  "fullProtection": true,
  "allowReadOnly": true,
  "organizationalUnitId": "00000000-0000-0000-0000-000000000000",
  "organizationalUnitPath": "string",
  "organizationalUnitName": "string",
  "lambdaScanner": true
}
connect_aws_account(name, secret, roleArn)[source]

Connect AWS account to Dome9

Parameters:
  • name (str) – Name of the new account
  • secret (str) – Secret of the AWS role
  • roleArn (str) – Role ARN. Identifier of the AWS role
Returns:

bool

connect_azure_account(name, tenantId, subscriptionId, applicationId, secretKey)[source]
list_protected_assets(textSearch='', filters=[], pageSize=1000)[source]

List all Cloud Assets

Parameters:
  • textSearch (list) – Filter query by using text string. (i.e.: prod-uk)
  • filters (list) – List of filters. [{name: “platform”, value: “aws”},{name: “cloudAccountId”, value: “0123456789”}]
  • of filter names (List) – organizationalUnitId, platform, type, cloudAccountId, region, network, resourceGroup.
  • pageSize (int) – Items per query
Returns:

Pagination of protected assets.

Return type:

dict

Response object:
{
    "searchRequest": {
        "pageSize": 10,
        "sorting": {
            "fieldName": null,
            "direction": 0
        },
        "filter": {
            "freeTextPhrase": null,
            "fields": [],
            "tags": [],
            "includedEntityTypes": null,
            "excludedEntityTypes": null
        },
        "searchAfter": [],
        "additionalFields": {
            "source": null,
            "filterFields": [],
            "sortField": {
                "fieldName": null,
                "direction": 1
            }
        }
    },
    "assets": [
        {
            "id": "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|5|internetGateway|igw-12341234-112345",
            "entityId": "igw-12341234",
            "externalCloudAccountId": "1234567890",
            "cloudAccountId": "ffffaaaa-ffff-ffff-aaaa-123412341234",
            "srl": "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|5|internetGateway|igw-12341234",
            "type": "InternetGateway",
            "name": "",
            "tags": [],
            "platform": "aws",
            "typeByPlatform": "aws|InternetGateway",
            "network": "vpc-12341234",
            "region": "us_west_2",
            "resourceGroup": "",
            "additionalFields": [
                {
                    "name": "IsBillable",
                    "value": "False"
                }
            ],
            "externalAdditionalFields": null
        }
    ],
    "totalCount": 102868,
    "aggregations": {
        "resourceGroup": [
            {
                "value": "myrg",
                "count": 96217
            }
        ],
        "cloudAccountId": [
            {
                "value": "12341234-1234-1234-1234-123412341234",
                "count": 7926
            }
        ],
        "type": [
            {
                "value": "azure|User",
                "count": 18
            },
            {
                "value": "azure|Bastion",
                "count": 16
            },
            {
                "value": "azure|VirtualNetworkGateway",
                "count": 16
            },
            {
                "value": "google|InstanceTemplate",
                "count": 16
            }
        ],
        "region": [
            {
                "value": "",
                "count": 54560
            },
            {
                "value": "us_east_1",
                "count": 8070
            },
            {
                "value": "eu_west_1",
                "count": 3985
            }
        ],
        "platform": [
            {
                "value": "aws",
                "count": 45584
            },
            {
                "value": "google",
                "count": 24263
            },
            {
                "value": "azure",
                "count": 20928
            },
            {
                "value": "kubernetes",
                "count": 12093
            }
        ],
        "network": [
            {
                "value": "",
                "count": 96480
            },
            {
                "value": "injectors-network",
                "count": 291
            },
            {
                "value": "vpc-12341234",
                "count": 183
            }
        ]
    },
    "searchAfter": [
        "ffffaaaa-ffff-ffff-aaaa-123412341234",
        "",
        "us_west_1",
        "vpc-12341234",
        "InternetGateway",
        "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|1|internetGateway|igw-12341234-123123"
    ]
}
list_rulesets()[source]

List Compliance Rulesets

Returns:List of Compliance rulesets.
Return type:list
Response object:
{
    "rules": [
        {
            "name": "string",
            "severity": "Low",
            "logic": "string",
            "description": "string",
            "remediation": "string",
            "complianceTag": "string",
            "domain": "string",
            "priority": "string",
            "controlTitle": "string",
            "ruleId": "string",
            "logicHash": "string",
            "isDefault": true
        }
    ],
    "accountId": 0,
    "createdTime": "2019-09-26T10:55:03Z",
    "updatedTime": "2019-09-26T10:55:03Z",
    "id": 0,
    "name": "string",
    "description": "string",
    "isTemplate": true,
    "hideInCompliance": true,
    "minFeatureTier": "Trial",
    "section": 0,
    "tooltipText": "string",
    "showBundle": true,
    "systemBundle": true,
    "cloudVendor": "aws",
    "version": 0,
    "language": "string",
    "rulesCount": 0
}
get_ruleset(rulesetId=None, name=None)[source]

Get a specific Compliance ruleset

Parameters:
  • rulesetId (str) – Locate ruleset by id
  • name (str) – Locate ruleset by name
Returns:

Compliance ruleset.

Return type:

dict

Response object:
{
    "rules": [
        {
            "name": "string",
            "severity": "Low",
            "logic": "string",
            "description": "string",
            "remediation": "string",
            "complianceTag": "string",
            "domain": "string",
            "priority": "string",
            "controlTitle": "string",
            "ruleId": "string",
            "logicHash": "string",
            "isDefault": true
        }
    ],
    "accountId": 0,
    "createdTime": "2019-09-26T10:55:03Z",
    "updatedTime": "2019-09-26T10:55:03Z",
    "id": 0,
    "name": "string",
    "description": "string",
    "isTemplate": true,
    "hideInCompliance": true,
    "minFeatureTier": "Trial",
    "section": 0,
    "tooltipText": "string",
    "showBundle": true,
    "systemBundle": true,
    "cloudVendor": "aws",
    "version": 0,
    "language": "string",
    "rulesCount": 0
}
create_ruleset(ruleset)[source]

Create a Compliance ruleset

Parameters:ruleset (dict) – Ruleset object.
Returns:Compliance ruleset.
Return type:dict
Response object:
{
    "rules": [
        {
            "name": "string",
            "severity": "Low",
            "logic": "string",
            "description": "string",
            "remediation": "string",
            "complianceTag": "string",
            "domain": "string",
            "priority": "string",
            "controlTitle": "string",
            "ruleId": "string",
            "logicHash": "string",
            "isDefault": true
        }
    ],
    "accountId": 0,
    "createdTime": "2019-09-26T10:55:03Z",
    "updatedTime": "2019-09-26T10:55:03Z",
    "id": 0,
    "name": "string",
    "description": "string",
    "isTemplate": true,
    "hideInCompliance": true,
    "minFeatureTier": "Trial",
    "section": 0,
    "tooltipText": "string",
    "showBundle": true,
    "systemBundle": true,
    "cloudVendor": "aws",
    "version": 0,
    "language": "string",
    "rulesCount": 0
}
update_ruleset(ruleset)[source]

Update a Compliance ruleset

Parameters:ruleset (dict) – Ruleset object.
Returns:Compliance ruleset.
Return type:dict
Response object:
{
    "rules": [
        {
            "name": "string",
            "severity": "Low",
            "logic": "string",
            "description": "string",
            "remediation": "string",
            "complianceTag": "string",
            "domain": "string",
            "priority": "string",
            "controlTitle": "string",
            "ruleId": "string",
            "logicHash": "string",
            "isDefault": true
        }
    ],
    "accountId": 0,
    "createdTime": "2019-09-26T10:55:03Z",
    "updatedTime": "2019-09-26T10:55:03Z",
    "id": 0,
    "name": "string",
    "description": "string",
    "isTemplate": true,
    "hideInCompliance": true,
    "minFeatureTier": "Trial",
    "section": 0,
    "tooltipText": "string",
    "showBundle": true,
    "systemBundle": true,
    "cloudVendor": "aws",
    "version": 0,
    "language": "string",
    "rulesCount": 0
}
delete_ruleset(rulesetId)[source]

Delete a Compliance ruleset

Parameters:rulesetId (str) – ID of the ruleset
Returns:Deletion status
Return type:bool
list_remediations()[source]

List Remediations

Returns:List of Remediation object.
Return type:list
Response object:
{
    "id": "00000000-0000-0000-0000-000000000000",
    "ruleLogicHash": "string",
    "ruleName": "string",
    "ruleId": "string",
    "logic": "string",
    "rulesetId": 0,
    "cloudAccountId": "00000000-0000-0000-0000-000000000000",
    "platform": "Aws",
    "comment": "string",
    "cloudBots": [
        "string"
    ]
}
get_remediation(remediationId)[source]

Get a specific remediation

Parameters:remediationId (str) – ID of the remediation
Returns:Remediation object.
Return type:dict
Response object:
{
    "id": "00000000-0000-0000-0000-000000000000",
    "ruleLogicHash": "string",
    "ruleName": "string",
    "ruleId": "string",
    "logic": "string",
    "rulesetId": 0,
    "cloudAccountId": "00000000-0000-0000-0000-000000000000",
    "platform": "Aws",
    "comment": "string",
    "cloudBots": [
        "string"
    ]
}
create_remediation(remediation)[source]

Create a Remediation

Parameters:remediation (dict) – Remediation object.
Returns:Remediation object.
Return type:dict
Response object:
{
    "id": "00000000-0000-0000-0000-000000000000",
    "ruleLogicHash": "string",
    "ruleName": "string",
    "ruleId": "string",
    "logic": "string",
    "rulesetId": 0,
    "cloudAccountId": "00000000-0000-0000-0000-000000000000",
    "platform": "Aws",
    "comment": "string",
    "cloudBots": [
        "string"
    ]
}
update_remediation(remediation)[source]

Update a Remediation

Parameters:remediation (dict) – Remediation object.
Returns:Remediation object.
Return type:dict
Response object:
{
    "id": "00000000-0000-0000-0000-000000000000",
    "ruleLogicHash": "string",
    "ruleName": "string",
    "ruleId": "string",
    "logic": "string",
    "rulesetId": 0,
    "cloudAccountId": "00000000-0000-0000-0000-000000000000",
    "platform": "Aws",
    "comment": "string",
    "cloudBots": [
        "string"
    ]
}
delete_remediation(remediationId)[source]

Delete a Remediation

Parameters:remediationId (str) – ID of the remediation
Returns:Deletion status
Return type:bool
list_exclusions()[source]

List all exclusions

Returns:List of Exclusion object.
Return type:list
Response object:
{
    "id": "00000000-0000-0000-0000-000000000000",
    "ruleLogicHash": "string",
    "ruleName": "string",
    "ruleId": "string",
    "logic": "string",
    "bundleId": 0,
    "cloudAccountId": "00000000-0000-0000-0000-000000000000",
    "cloudAccountType": "Aws",
    "comment": "string"
}
get_exclusion(exclusionId)[source]

Get a specific exclusion

Parameters:exclusionId (str) – ID of the exclusion
Returns:Exclusion object.
Return type:dict
Response object:
{
    "id": "00000000-0000-0000-0000-000000000000",
    "ruleLogicHash": "string",
    "ruleName": "string",
    "ruleId": "string",
    "logic": "string",
    "bundleId": 0,
    "cloudAccountId": "00000000-0000-0000-0000-000000000000",
    "cloudAccountType": "Aws",
    "comment": "string"
}
create_exclusion(exclusion)[source]

Create an exclusion

Parameters:exclusion (dict) – Exclusion object.
Returns:Exclusion object.
Return type:dict
Response object:
{
    "id": "00000000-0000-0000-0000-000000000000",
    "ruleLogicHash": "string",
    "ruleName": "string",
    "ruleId": "string",
    "logic": "string",
    "bundleId": 0,
    "cloudAccountId": "00000000-0000-0000-0000-000000000000",
    "cloudAccountType": "Aws",
    "comment": "string"
}
delete_exclusion(exclusionId)[source]

Delete an exclusion

Parameters:exclusionId (str) – Id of the exclusion
Returns:Deletion status
Return type:bool
run_assessment(rulesetId, cloudAccountId, cloudAccountType, region=None)[source]

Run compliance assessments on Cloud Accounts, and get the results

Parameters:
  • rulesetId (str) – Id of the Compliance Policy Ruleset to run
  • cloudAccountId (str) – Id of the Cloud Account
  • cloudAccountType (str) – Type of the Cloud Account (Google, Aws, Azure, Kubernetes, …)
  • region (str, optional) – Set a specific region. Defaults to None.
Returns:

Assessment result. Ref: /docs/source/schemas/AssessmentResults.json

Return type:

dict

Response object:
{
    "request": {
        "dome9CloudAccountId": "00000000-0000-0000-0000-000000000000",
        "externalCloudAccountId": "string",
        "cloudAccountId": "string",
        "region": "string",
        "cloudNetwork": "string",
        "cloudAccountType": "Aws",
        "requestId": "00000000-0000-0000-0000-000000000000"
    },
    "tests": [
        {
            "error": "string",
            "testedCount": 0,
            "relevantCount": 0,
            "nonComplyingCount": 0,
            "exclusionStats": {
                "testedCount": 0,
                "relevantCount": 0,
                "nonComplyingCount": 0
            },
            "entityResults": [
                {
                    "validationStatus": "Relevant",
                    "isRelevant": true,
                    "isValid": true,
                    "isExcluded": true,
                    "exclusionId": "00000000-0000-0000-0000-000000000000",
                    "remediationId": "00000000-0000-0000-0000-000000000000",
                    "error": "string",
                    "testObj": {}
                }
            ],
            "rule": {
                "name": "string",
                "severity": "Low",
                "logic": "string",
                "description": "string",
                "remediation": "string",
                "complianceTag": "string",
                "domain": "string",
                "priority": "string",
                "controlTitle": "string",
                "ruleId": "string",
                "logicHash": "string",
                "isDefault": true
            },
            "testPassed": true
        }
    ],
    "locationMetadata": {
        "account": {
            "srl": "string",
            "name": "string",
            "id": "string",
            "externalId": "string"
        },
        "region": {
            "srl": "string",
            "name": "string",
            "id": "string",
            "externalId": "string"
        },
        "cloudNetwork": {
            "srl": "string",
            "name": "string",
            "id": "string",
            "externalId": "string"
        }
    },
    "testEntities": {
        "notSupported": [{}],
        "instance": [{}],
        "securityGroup": [{}],
        "elb": [{}],
        "rds": [{}],
        "lambda": [{}],
        "region": [{}],
        "virtualMachine": [{}],
        "networkSecurityGroup": [{}],
        "cloudTrail": [{}],
        "nacl": [{}],
        "vpc": [{}],
        "subnet": [{}],
        "s3Bucket": [{}],
        "applicationLoadBalancer": [{}],
        "iamUser": [{}],
        "iamRole": [{}],
        "iam": [{}],
        "redshift": [{}],
        "kms": [{}],
        "default": [{}],
        "vmInstance": [{}],
        "iamGroup": [{}],
        "efs": [{}],
        "network": [{}],
        "elastiCache": [{}],
        "loadBalancer": [{}],
        "vNet": [{}],
        "sqldb": [{}],
        "redisCache": [{}],
        "applicationGateway": [{}],
        "resourceGroup": [{}],
        "sqlServer": [{}],
        "ecsCluster": [{}],
        "keyVault": [{}],
        "networkLoadBalancer": [{}],
        "networkInterface": [{}],
        "ecsTaskDefinition": [{}],
        "iamPolicy": [{}],
        "volume": [{}],
        "cloudFront": [{}],
        "kinesis": [{}],
        "iamServerCertificate": [{}],
        "route53HostedZone": [{}],
        "route53RecordSetGroup": [{}],
        "acmCertificate": [{}],
        "route53Domain": [{}],
        "storageAccount": [{}],
        "dynamoDbTable": [{}],
        "ami": [{}],
        "vpnGateway": [{}],
        "virtualMfaDevices": [{}],
        "internetGateway": [{}],
        "wafRegional": [{}],
        "lock": [{}],
        "vpnConnection": [{}],
        "ecsTask": [{}],
        "customerGateway": [{}],
        "gcpSecurityGroup": [{}],
        "elasticIP": [{}],
        "iamInstanceProfile": [{}],
        "storageBucket": [{}],
        "ecsService": [{}],
        "project": [{}],
        "serviceAccount": [{}],
        "kmsKeyRing": [{}],
        "dataWarehouse": [{}],
        "guardDutyDetector": [{}],
        "gcpIamPolicy": [{}],
        "gcpIamUser": [{}],
        "apiGateway": [{}],
        "gcpGsuiteUser": [{}],
        "gcpGsuiteGroup": [{}],
        "gcpIamGroup": [{}],
        "bigQuery": [{}],
        "routeTable": [{}],
        "gkeCluster": [{}],
        "postgreSQL": [{}],
        "vpcFlowLog": [{}],
        "iamAccountSummary": [{}],
        "sageMakerNotebook": [{}],
        "containerRegistry": [{}],
        "inspector": [{}],
        "kmsAliases": [{}],
        "passwordPolicy": [{}],
        "configurationRecorder": [{}],
        "cosmosDbAccount": [{}],
        "networkWatcher": [{}],
        "vpcPeeringConnection": [{}],
        "metricAlarm": [{}],
        "snsSubscription": [{}],
        "logGroup": [{}],
        "metricFilter": [{}],
        "cloudWatchEventsRule": [{}],
        "awsIamAccessKey": [{}],
        "kubernetesNode": [{}],
        "kubernetesPod": [{}],
        "kubernetesService": [{}],
        "logProfile": [{}],
        "policyAssignment": [{}],
        "kubernetesNetworkPolicy": [{}],
        "kubernetesIngress": [{}],
        "kubernetesPodSecurityPolicy": [{}],
        "cloudSql": [{}],
        "kubernetesKubelet": [
            {}
        ]
    },
    "dataSyncStatus": [
        {
            "entityType": "NotSupported",
            "recentlySuccessfulSync": true,
            "generalFetchPermissionIssues": true,
            "entitiesWithPermissionIssues": [
                {
                    "externalId": "string",
                    "name": "string",
                    "cloudVendorIdentifier": "string"
                }
            ]
        }
    ],
    "assessmentPassed": true,
    "hasErrors": true,
    "id": 0
}
get_assessment(assessmentId)[source]

Get results of an assesment by id

Parameters:assessmentId (str) – Report/Assessment id
Returns:Assesment result. Ref: /docs/source/schemas/AssessmentResults.json
Return type:dict
Response object:
{
    "request": {
        "dome9CloudAccountId": "00000000-0000-0000-0000-000000000000",
        "externalCloudAccountId": "string",
        "cloudAccountId": "string",
        "region": "string",
        "cloudNetwork": "string",
        "cloudAccountType": "Aws",
        "requestId": "00000000-0000-0000-0000-000000000000"
    },
    "tests": [
        {
            "error": "string",
            "testedCount": 0,
            "relevantCount": 0,
            "nonComplyingCount": 0,
            "exclusionStats": {
                "testedCount": 0,
                "relevantCount": 0,
                "nonComplyingCount": 0
            },
            "entityResults": [
                {
                    "validationStatus": "Relevant",
                    "isRelevant": true,
                    "isValid": true,
                    "isExcluded": true,
                    "exclusionId": "00000000-0000-0000-0000-000000000000",
                    "remediationId": "00000000-0000-0000-0000-000000000000",
                    "error": "string",
                    "testObj": {}
                }
            ],
            "rule": {
                "name": "string",
                "severity": "Low",
                "logic": "string",
                "description": "string",
                "remediation": "string",
                "complianceTag": "string",
                "domain": "string",
                "priority": "string",
                "controlTitle": "string",
                "ruleId": "string",
                "logicHash": "string",
                "isDefault": true
            },
            "testPassed": true
        }
    ],
    "locationMetadata": {
        "account": {
            "srl": "string",
            "name": "string",
            "id": "string",
            "externalId": "string"
        },
        "region": {
            "srl": "string",
            "name": "string",
            "id": "string",
            "externalId": "string"
        },
        "cloudNetwork": {
            "srl": "string",
            "name": "string",
            "id": "string",
            "externalId": "string"
        }
    },
    "testEntities": {
        "notSupported": [{}],
        "instance": [{}],
        "securityGroup": [{}],
        "elb": [{}],
        "rds": [{}],
        "lambda": [{}],
        "region": [{}],
        "virtualMachine": [{}],
        "networkSecurityGroup": [{}],
        "cloudTrail": [{}],
        "nacl": [{}],
        "vpc": [{}],
        "subnet": [{}],
        "s3Bucket": [{}],
        "applicationLoadBalancer": [{}],
        "iamUser": [{}],
        "iamRole": [{}],
        "iam": [{}],
        "redshift": [{}],
        "kms": [{}],
        "default": [{}],
        "vmInstance": [{}],
        "iamGroup": [{}],
        "efs": [{}],
        "network": [{}],
        "elastiCache": [{}],
        "loadBalancer": [{}],
        "vNet": [{}],
        "sqldb": [{}],
        "redisCache": [{}],
        "applicationGateway": [{}],
        "resourceGroup": [{}],
        "sqlServer": [{}],
        "ecsCluster": [{}],
        "keyVault": [{}],
        "networkLoadBalancer": [{}],
        "networkInterface": [{}],
        "ecsTaskDefinition": [{}],
        "iamPolicy": [{}],
        "volume": [{}],
        "cloudFront": [{}],
        "kinesis": [{}],
        "iamServerCertificate": [{}],
        "route53HostedZone": [{}],
        "route53RecordSetGroup": [{}],
        "acmCertificate": [{}],
        "route53Domain": [{}],
        "storageAccount": [{}],
        "dynamoDbTable": [{}],
        "ami": [{}],
        "vpnGateway": [{}],
        "virtualMfaDevices": [{}],
        "internetGateway": [{}],
        "wafRegional": [{}],
        "lock": [{}],
        "vpnConnection": [{}],
        "ecsTask": [{}],
        "customerGateway": [{}],
        "gcpSecurityGroup": [{}],
        "elasticIP": [{}],
        "iamInstanceProfile": [{}],
        "storageBucket": [{}],
        "ecsService": [{}],
        "project": [{}],
        "serviceAccount": [{}],
        "kmsKeyRing": [{}],
        "dataWarehouse": [{}],
        "guardDutyDetector": [{}],
        "gcpIamPolicy": [{}],
        "gcpIamUser": [{}],
        "apiGateway": [{}],
        "gcpGsuiteUser": [{}],
        "gcpGsuiteGroup": [{}],
        "gcpIamGroup": [{}],
        "bigQuery": [{}],
        "routeTable": [{}],
        "gkeCluster": [{}],
        "postgreSQL": [{}],
        "vpcFlowLog": [{}],
        "iamAccountSummary": [{}],
        "sageMakerNotebook": [{}],
        "containerRegistry": [{}],
        "inspector": [{}],
        "kmsAliases": [{}],
        "passwordPolicy": [{}],
        "configurationRecorder": [{}],
        "cosmosDbAccount": [{}],
        "networkWatcher": [{}],
        "vpcPeeringConnection": [{}],
        "metricAlarm": [{}],
        "snsSubscription": [{}],
        "logGroup": [{}],
        "metricFilter": [{}],
        "cloudWatchEventsRule": [{}],
        "awsIamAccessKey": [{}],
        "kubernetesNode": [{}],
        "kubernetesPod": [{}],
        "kubernetesService": [{}],
        "logProfile": [{}],
        "policyAssignment": [{}],
        "kubernetesNetworkPolicy": [{}],
        "kubernetesIngress": [{}],
        "kubernetesPodSecurityPolicy": [{}],
        "cloudSql": [{}],
        "kubernetesKubelet": [
            {}
        ]
    },
    "dataSyncStatus": [
        {
            "entityType": "NotSupported",
            "recentlySuccessfulSync": true,
            "generalFetchPermissionIssues": true,
            "entitiesWithPermissionIssues": [
                {
                    "externalId": "string",
                    "name": "string",
                    "cloudVendorIdentifier": "string"
                }
            ]
        }
    ],
    "assessmentPassed": true,
    "hasErrors": true,
    "id": 0
}
list_users()[source]

List all Dome9 users for the Dome9 account

Returns:User object. Ref: /docs/source/schemas/User.json
Return type:dict
Response object:
{
    "id": 0,
    "name": "string",
    "email": "MyName@gmail.com",
    "accountId": 0,
    "isSuspended": true,
    "isOwner": true,
    "isSuperUser": true,
    "isAuditor": true,
    "hasApiKey": true,
    "hasApiKeyV1": true,
    "hasApiKeyV2": true,
    "isMfaEnabled": true,
    "ssoEnabled": true,
    "roleIds": [
      0
    ],
    "iamSafe": null,
    "canSwitchRole": true,
    "isLocked": true,
    "lastLogin": "2022-05-24T17:41:03Z",
    "permissions": null,
    "calculatedPermissions": null,
    "isMobileDevicePaired": true,
    "mfaEnforcement": null
  }
get_user(userId)[source]

Get user registered in Dome9

Parameters:userId (id) – Id of the user
Returns:User object. Ref: /docs/source/schemas/User.json
Return type:dict
Response object:
{
    "id": 0,
    "name": "string",
    "email": "MyName@gmail.com",
    "accountId": 0,
    "isSuspended": true,
    "isOwner": true,
    "isSuperUser": true,
    "isAuditor": true,
    "hasApiKey": true,
    "hasApiKeyV1": true,
    "hasApiKeyV2": true,
    "isMfaEnabled": true,
    "ssoEnabled": true,
    "roleIds": [
      0
    ],
    "iamSafe": null,
    "canSwitchRole": true,
    "isLocked": true,
    "lastLogin": "2022-05-24T17:41:03Z",
    "permissions": null,
    "calculatedPermissions": null,
    "isMobileDevicePaired": true,
    "mfaEnforcement": null
  }
create_user(email, name, surname='')[source]

Create user in Dome9

Parameters:
  • email (str) – User email of the new user
  • name (str) – Name of the new user
  • surname (str, optional) – Surname of the new user. Defaults to “”
Returns:

User object. Ref: /docs/source/schemas/User.json

Return type:

dict

Response object:
{
    "id": 0,
    "name": "string",
    "email": "MyName@gmail.com",
    "accountId": 0,
    "isSuspended": true,
    "isOwner": true,
    "isSuperUser": true,
    "isAuditor": true,
    "hasApiKey": true,
    "hasApiKeyV1": true,
    "hasApiKeyV2": true,
    "isMfaEnabled": true,
    "ssoEnabled": true,
    "roleIds": [
      0
    ],
    "iamSafe": null,
    "canSwitchRole": true,
    "isLocked": true,
    "lastLogin": "2022-05-24T17:41:03Z",
    "permissions": null,
    "calculatedPermissions": null,
    "isMobileDevicePaired": true,
    "mfaEnforcement": null
  }
delete_user(userId)[source]

Delete a user in Dome9

Parameters:userId (str) – Id of the user
Returns:bool

Module contents

class dome9.Dome9(key=None, secret=None, endpoint='https://api.dome9.com', apiVersion='v2')[source]

Bases: object

get_cloud_account(cloudId)[source]

Get a Cloud Account

Parameters:cloudId (str) – ID of the Cloud Account
Returns:Cloud Account object.
Return type:dict
Response object:
{
  "id": "00000000-0000-0000-0000-000000000000",
  "vendor": "aws",
  "name": "string",
  "externalAccountNumber": "string",
  "error": "string",
  "isFetchingSuspended": true,
  "creationDate": "2019-09-26T10:55:03Z",
  "credentials": {
    "apikey": "string",
    "arn": "string",
    "secret": "string",
    "iamUser": "string",
    "type": "UserBased",
    "isReadOnly": true
  },
  "iamSafe": {
    "awsGroupArn": "string",
    "awsPolicyArn": "string",
    "mode": "OptIn",
    "state": "Enabled",
    "excludedIamEntities": {
      "rolesArns": [
        "string"
      ],
      "usersArns": [
        "string"
      ]
    },
    "restrictedIamEntities": {
      "rolesArns": [
        "string"
      ],
      "usersArns": [
        "string"
      ]
    }
  },
  "netSec": {
    "regions": [
      {
        "region": "us_east_1",
        "name": "string",
        "hidden": true,
        "newGroupBehavior": "ReadOnly"
      }
    ]
  },
  "magellan": true,
  "fullProtection": true,
  "allowReadOnly": true,
  "organizationalUnitId": "00000000-0000-0000-0000-000000000000",
  "organizationalUnitPath": "string",
  "organizationalUnitName": "string",
  "lambdaScanner": true
}
list_aws_accounts()[source]

List AWS accounts

Returns:List of AWS Cloud Accounts.
Return type:list
Response object:
{
  "id": "00000000-0000-0000-0000-000000000000",
  "vendor": "aws",
  "name": "string",
  "externalAccountNumber": "string",
  "error": "string",
  "isFetchingSuspended": true,
  "creationDate": "2019-09-26T10:55:03Z",
  "credentials": {
    "apikey": "string",
    "arn": "string",
    "secret": "string",
    "iamUser": "string",
    "type": "UserBased",
    "isReadOnly": true
  },
  "iamSafe": {
    "awsGroupArn": "string",
    "awsPolicyArn": "string",
    "mode": "OptIn",
    "state": "Enabled",
    "excludedIamEntities": {
      "rolesArns": [
        "string"
      ],
      "usersArns": [
        "string"
      ]
    },
    "restrictedIamEntities": {
      "rolesArns": [
        "string"
      ],
      "usersArns": [
        "string"
      ]
    }
  },
  "netSec": {
    "regions": [
      {
        "region": "us_east_1",
        "name": "string",
        "hidden": true,
        "newGroupBehavior": "ReadOnly"
      }
    ]
  },
  "magellan": true,
  "fullProtection": true,
  "allowReadOnly": true,
  "organizationalUnitId": "00000000-0000-0000-0000-000000000000",
  "organizationalUnitPath": "string",
  "organizationalUnitName": "string",
  "lambdaScanner": true
}
list_azure_accounts()[source]

List Azure accounts

Returns:List of Azure Cloud Accounts.
Return type:list
Response object:
{
  "id": "00000000-0000-0000-0000-000000000000",
  "name": "string",
  "subscriptionId": "string",
  "tenantId": "string",
  "credentials": {
    "clientId": "string",
    "clientPassword": "string"
  },
  "operationMode": "Read",
  "error": "string",
  "creationDate": "2019-09-26T10:55:03Z",
  "organizationalUnitId": "00000000-0000-0000-0000-000000000000",
  "organizationalUnitPath": "string",
  "organizationalUnitName": "string",
  "vendor": "aws"
}
list_google_accounts()[source]

List Google Cloud Accounts

Returns:List of Google accounts.
Return type:list
Response object:
{
    "id": "00000000-0000-0000-0000-000000000000",
    "name": "string",
    "projectId": "string",
    "creationDate": "2019-09-26T10:55:03Z",
    "organizationalUnitId": "00000000-0000-0000-0000-000000000000",
    "organizationalUnitPath": "string",
    "organizationalUnitName": "string",
    "gsuite": {
        "gsuiteUser": "string",
        "domainName": "string"
    },
    "vendor": "aws"
}
list_kubernetes_accounts()[source]

List Kubernetes accounts

Returns:List of Kubernetes accounts.
Return type:list
Response object:
{
    "id": "00000000-0000-0000-0000-000000000000",
    "name": "string",
    "creationDate": "2019-09-26T10:55:03Z",
    "vendor": "aws",
    "organizationalUnitId": "00000000-0000-0000-0000-000000000000",
    "organizationalUnitPath": "string",
    "organizationalUnitName": "string"
}
list_cloud_accounts()[source]

List all accounts (AWS, Azure, GCP & Kubernetes)

Returns:List of Cloud Accounts.
Return type:list
Response object:
{
  "id": "00000000-0000-0000-0000-000000000000",
  "vendor": "aws",
  "name": "string",
  "externalAccountNumber": "string",
  "error": "string",
  "isFetchingSuspended": true,
  "creationDate": "2019-09-26T10:55:03Z",
  "credentials": {
    "apikey": "string",
    "arn": "string",
    "secret": "string",
    "iamUser": "string",
    "type": "UserBased",
    "isReadOnly": true
  },
  "iamSafe": {
    "awsGroupArn": "string",
    "awsPolicyArn": "string",
    "mode": "OptIn",
    "state": "Enabled",
    "excludedIamEntities": {
      "rolesArns": [
        "string"
      ],
      "usersArns": [
        "string"
      ]
    },
    "restrictedIamEntities": {
      "rolesArns": [
        "string"
      ],
      "usersArns": [
        "string"
      ]
    }
  },
  "netSec": {
    "regions": [
      {
        "region": "us_east_1",
        "name": "string",
        "hidden": true,
        "newGroupBehavior": "ReadOnly"
      }
    ]
  },
  "magellan": true,
  "fullProtection": true,
  "allowReadOnly": true,
  "organizationalUnitId": "00000000-0000-0000-0000-000000000000",
  "organizationalUnitPath": "string",
  "organizationalUnitName": "string",
  "lambdaScanner": true
}
connect_aws_account(name, secret, roleArn)[source]

Connect AWS account to Dome9

Parameters:
  • name (str) – Name of the new account
  • secret (str) – Secret of the AWS role
  • roleArn (str) – Role ARN. Identifier of the AWS role
Returns:

bool

connect_azure_account(name, tenantId, subscriptionId, applicationId, secretKey)[source]
list_protected_assets(textSearch='', filters=[], pageSize=1000)[source]

List all Cloud Assets

Parameters:
  • textSearch (list) – Filter query by using text string. (i.e.: prod-uk)
  • filters (list) – List of filters. [{name: “platform”, value: “aws”},{name: “cloudAccountId”, value: “0123456789”}]
  • of filter names (List) – organizationalUnitId, platform, type, cloudAccountId, region, network, resourceGroup.
  • pageSize (int) – Items per query
Returns:

Pagination of protected assets.

Return type:

dict

Response object:
{
    "searchRequest": {
        "pageSize": 10,
        "sorting": {
            "fieldName": null,
            "direction": 0
        },
        "filter": {
            "freeTextPhrase": null,
            "fields": [],
            "tags": [],
            "includedEntityTypes": null,
            "excludedEntityTypes": null
        },
        "searchAfter": [],
        "additionalFields": {
            "source": null,
            "filterFields": [],
            "sortField": {
                "fieldName": null,
                "direction": 1
            }
        }
    },
    "assets": [
        {
            "id": "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|5|internetGateway|igw-12341234-112345",
            "entityId": "igw-12341234",
            "externalCloudAccountId": "1234567890",
            "cloudAccountId": "ffffaaaa-ffff-ffff-aaaa-123412341234",
            "srl": "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|5|internetGateway|igw-12341234",
            "type": "InternetGateway",
            "name": "",
            "tags": [],
            "platform": "aws",
            "typeByPlatform": "aws|InternetGateway",
            "network": "vpc-12341234",
            "region": "us_west_2",
            "resourceGroup": "",
            "additionalFields": [
                {
                    "name": "IsBillable",
                    "value": "False"
                }
            ],
            "externalAdditionalFields": null
        }
    ],
    "totalCount": 102868,
    "aggregations": {
        "resourceGroup": [
            {
                "value": "myrg",
                "count": 96217
            }
        ],
        "cloudAccountId": [
            {
                "value": "12341234-1234-1234-1234-123412341234",
                "count": 7926
            }
        ],
        "type": [
            {
                "value": "azure|User",
                "count": 18
            },
            {
                "value": "azure|Bastion",
                "count": 16
            },
            {
                "value": "azure|VirtualNetworkGateway",
                "count": 16
            },
            {
                "value": "google|InstanceTemplate",
                "count": 16
            }
        ],
        "region": [
            {
                "value": "",
                "count": 54560
            },
            {
                "value": "us_east_1",
                "count": 8070
            },
            {
                "value": "eu_west_1",
                "count": 3985
            }
        ],
        "platform": [
            {
                "value": "aws",
                "count": 45584
            },
            {
                "value": "google",
                "count": 24263
            },
            {
                "value": "azure",
                "count": 20928
            },
            {
                "value": "kubernetes",
                "count": 12093
            }
        ],
        "network": [
            {
                "value": "",
                "count": 96480
            },
            {
                "value": "injectors-network",
                "count": 291
            },
            {
                "value": "vpc-12341234",
                "count": 183
            }
        ]
    },
    "searchAfter": [
        "ffffaaaa-ffff-ffff-aaaa-123412341234",
        "",
        "us_west_1",
        "vpc-12341234",
        "InternetGateway",
        "1|ffffaaaa-ffff-ffff-aaaa-123412341234|rg|1|internetGateway|igw-12341234-123123"
    ]
}
list_rulesets()[source]

List Compliance Rulesets

Returns:List of Compliance rulesets.
Return type:list
Response object:
{
    "rules": [
        {
            "name": "string",
            "severity": "Low",
            "logic": "string",
            "description": "string",
            "remediation": "string",
            "complianceTag": "string",
            "domain": "string",
            "priority": "string",
            "controlTitle": "string",
            "ruleId": "string",
            "logicHash": "string",
            "isDefault": true
        }
    ],
    "accountId": 0,
    "createdTime": "2019-09-26T10:55:03Z",
    "updatedTime": "2019-09-26T10:55:03Z",
    "id": 0,
    "name": "string",
    "description": "string",
    "isTemplate": true,
    "hideInCompliance": true,
    "minFeatureTier": "Trial",
    "section": 0,
    "tooltipText": "string",
    "showBundle": true,
    "systemBundle": true,
    "cloudVendor": "aws",
    "version": 0,
    "language": "string",
    "rulesCount": 0
}
get_ruleset(rulesetId=None, name=None)[source]

Get a specific Compliance ruleset

Parameters:
  • rulesetId (str) – Locate ruleset by id
  • name (str) – Locate ruleset by name
Returns:

Compliance ruleset.

Return type:

dict

Response object:
{
    "rules": [
        {
            "name": "string",
            "severity": "Low",
            "logic": "string",
            "description": "string",
            "remediation": "string",
            "complianceTag": "string",
            "domain": "string",
            "priority": "string",
            "controlTitle": "string",
            "ruleId": "string",
            "logicHash": "string",
            "isDefault": true
        }
    ],
    "accountId": 0,
    "createdTime": "2019-09-26T10:55:03Z",
    "updatedTime": "2019-09-26T10:55:03Z",
    "id": 0,
    "name": "string",
    "description": "string",
    "isTemplate": true,
    "hideInCompliance": true,
    "minFeatureTier": "Trial",
    "section": 0,
    "tooltipText": "string",
    "showBundle": true,
    "systemBundle": true,
    "cloudVendor": "aws",
    "version": 0,
    "language": "string",
    "rulesCount": 0
}
create_ruleset(ruleset)[source]

Create a Compliance ruleset

Parameters:ruleset (dict) – Ruleset object.
Returns:Compliance ruleset.
Return type:dict
Response object:
{
    "rules": [
        {
            "name": "string",
            "severity": "Low",
            "logic": "string",
            "description": "string",
            "remediation": "string",
            "complianceTag": "string",
            "domain": "string",
            "priority": "string",
            "controlTitle": "string",
            "ruleId": "string",
            "logicHash": "string",
            "isDefault": true
        }
    ],
    "accountId": 0,
    "createdTime": "2019-09-26T10:55:03Z",
    "updatedTime": "2019-09-26T10:55:03Z",
    "id": 0,
    "name": "string",
    "description": "string",
    "isTemplate": true,
    "hideInCompliance": true,
    "minFeatureTier": "Trial",
    "section": 0,
    "tooltipText": "string",
    "showBundle": true,
    "systemBundle": true,
    "cloudVendor": "aws",
    "version": 0,
    "language": "string",
    "rulesCount": 0
}
update_ruleset(ruleset)[source]

Update a Compliance ruleset

Parameters:ruleset (dict) – Ruleset object.
Returns:Compliance ruleset.
Return type:dict
Response object:
{
    "rules": [
        {
            "name": "string",
            "severity": "Low",
            "logic": "string",
            "description": "string",
            "remediation": "string",
            "complianceTag": "string",
            "domain": "string",
            "priority": "string",
            "controlTitle": "string",
            "ruleId": "string",
            "logicHash": "string",
            "isDefault": true
        }
    ],
    "accountId": 0,
    "createdTime": "2019-09-26T10:55:03Z",
    "updatedTime": "2019-09-26T10:55:03Z",
    "id": 0,
    "name": "string",
    "description": "string",
    "isTemplate": true,
    "hideInCompliance": true,
    "minFeatureTier": "Trial",
    "section": 0,
    "tooltipText": "string",
    "showBundle": true,
    "systemBundle": true,
    "cloudVendor": "aws",
    "version": 0,
    "language": "string",
    "rulesCount": 0
}
delete_ruleset(rulesetId)[source]

Delete a Compliance ruleset

Parameters:rulesetId (str) – ID of the ruleset
Returns:Deletion status
Return type:bool
list_remediations()[source]

List Remediations

Returns:List of Remediation object.
Return type:list
Response object:
{
    "id": "00000000-0000-0000-0000-000000000000",
    "ruleLogicHash": "string",
    "ruleName": "string",
    "ruleId": "string",
    "logic": "string",
    "rulesetId": 0,
    "cloudAccountId": "00000000-0000-0000-0000-000000000000",
    "platform": "Aws",
    "comment": "string",
    "cloudBots": [
        "string"
    ]
}
get_remediation(remediationId)[source]

Get a specific remediation

Parameters:remediationId (str) – ID of the remediation
Returns:Remediation object.
Return type:dict
Response object:
{
    "id": "00000000-0000-0000-0000-000000000000",
    "ruleLogicHash": "string",
    "ruleName": "string",
    "ruleId": "string",
    "logic": "string",
    "rulesetId": 0,
    "cloudAccountId": "00000000-0000-0000-0000-000000000000",
    "platform": "Aws",
    "comment": "string",
    "cloudBots": [
        "string"
    ]
}
create_remediation(remediation)[source]

Create a Remediation

Parameters:remediation (dict) – Remediation object.
Returns:Remediation object.
Return type:dict
Response object:
{
    "id": "00000000-0000-0000-0000-000000000000",
    "ruleLogicHash": "string",
    "ruleName": "string",
    "ruleId": "string",
    "logic": "string",
    "rulesetId": 0,
    "cloudAccountId": "00000000-0000-0000-0000-000000000000",
    "platform": "Aws",
    "comment": "string",
    "cloudBots": [
        "string"
    ]
}
update_remediation(remediation)[source]

Update a Remediation

Parameters:remediation (dict) – Remediation object.
Returns:Remediation object.
Return type:dict
Response object:
{
    "id": "00000000-0000-0000-0000-000000000000",
    "ruleLogicHash": "string",
    "ruleName": "string",
    "ruleId": "string",
    "logic": "string",
    "rulesetId": 0,
    "cloudAccountId": "00000000-0000-0000-0000-000000000000",
    "platform": "Aws",
    "comment": "string",
    "cloudBots": [
        "string"
    ]
}
delete_remediation(remediationId)[source]

Delete a Remediation

Parameters:remediationId (str) – ID of the remediation
Returns:Deletion status
Return type:bool
list_exclusions()[source]

List all exclusions

Returns:List of Exclusion object.
Return type:list
Response object:
{
    "id": "00000000-0000-0000-0000-000000000000",
    "ruleLogicHash": "string",
    "ruleName": "string",
    "ruleId": "string",
    "logic": "string",
    "bundleId": 0,
    "cloudAccountId": "00000000-0000-0000-0000-000000000000",
    "cloudAccountType": "Aws",
    "comment": "string"
}
get_exclusion(exclusionId)[source]

Get a specific exclusion

Parameters:exclusionId (str) – ID of the exclusion
Returns:Exclusion object.
Return type:dict
Response object:
{
    "id": "00000000-0000-0000-0000-000000000000",
    "ruleLogicHash": "string",
    "ruleName": "string",
    "ruleId": "string",
    "logic": "string",
    "bundleId": 0,
    "cloudAccountId": "00000000-0000-0000-0000-000000000000",
    "cloudAccountType": "Aws",
    "comment": "string"
}
create_exclusion(exclusion)[source]

Create an exclusion

Parameters:exclusion (dict) – Exclusion object.
Returns:Exclusion object.
Return type:dict
Response object:
{
    "id": "00000000-0000-0000-0000-000000000000",
    "ruleLogicHash": "string",
    "ruleName": "string",
    "ruleId": "string",
    "logic": "string",
    "bundleId": 0,
    "cloudAccountId": "00000000-0000-0000-0000-000000000000",
    "cloudAccountType": "Aws",
    "comment": "string"
}
delete_exclusion(exclusionId)[source]

Delete an exclusion

Parameters:exclusionId (str) – Id of the exclusion
Returns:Deletion status
Return type:bool
run_assessment(rulesetId, cloudAccountId, cloudAccountType, region=None)[source]

Run compliance assessments on Cloud Accounts, and get the results

Parameters:
  • rulesetId (str) – Id of the Compliance Policy Ruleset to run
  • cloudAccountId (str) – Id of the Cloud Account
  • cloudAccountType (str) – Type of the Cloud Account (Google, Aws, Azure, Kubernetes, …)
  • region (str, optional) – Set a specific region. Defaults to None.
Returns:

Assessment result. Ref: /docs/source/schemas/AssessmentResults.json

Return type:

dict

Response object:
{
    "request": {
        "dome9CloudAccountId": "00000000-0000-0000-0000-000000000000",
        "externalCloudAccountId": "string",
        "cloudAccountId": "string",
        "region": "string",
        "cloudNetwork": "string",
        "cloudAccountType": "Aws",
        "requestId": "00000000-0000-0000-0000-000000000000"
    },
    "tests": [
        {
            "error": "string",
            "testedCount": 0,
            "relevantCount": 0,
            "nonComplyingCount": 0,
            "exclusionStats": {
                "testedCount": 0,
                "relevantCount": 0,
                "nonComplyingCount": 0
            },
            "entityResults": [
                {
                    "validationStatus": "Relevant",
                    "isRelevant": true,
                    "isValid": true,
                    "isExcluded": true,
                    "exclusionId": "00000000-0000-0000-0000-000000000000",
                    "remediationId": "00000000-0000-0000-0000-000000000000",
                    "error": "string",
                    "testObj": {}
                }
            ],
            "rule": {
                "name": "string",
                "severity": "Low",
                "logic": "string",
                "description": "string",
                "remediation": "string",
                "complianceTag": "string",
                "domain": "string",
                "priority": "string",
                "controlTitle": "string",
                "ruleId": "string",
                "logicHash": "string",
                "isDefault": true
            },
            "testPassed": true
        }
    ],
    "locationMetadata": {
        "account": {
            "srl": "string",
            "name": "string",
            "id": "string",
            "externalId": "string"
        },
        "region": {
            "srl": "string",
            "name": "string",
            "id": "string",
            "externalId": "string"
        },
        "cloudNetwork": {
            "srl": "string",
            "name": "string",
            "id": "string",
            "externalId": "string"
        }
    },
    "testEntities": {
        "notSupported": [{}],
        "instance": [{}],
        "securityGroup": [{}],
        "elb": [{}],
        "rds": [{}],
        "lambda": [{}],
        "region": [{}],
        "virtualMachine": [{}],
        "networkSecurityGroup": [{}],
        "cloudTrail": [{}],
        "nacl": [{}],
        "vpc": [{}],
        "subnet": [{}],
        "s3Bucket": [{}],
        "applicationLoadBalancer": [{}],
        "iamUser": [{}],
        "iamRole": [{}],
        "iam": [{}],
        "redshift": [{}],
        "kms": [{}],
        "default": [{}],
        "vmInstance": [{}],
        "iamGroup": [{}],
        "efs": [{}],
        "network": [{}],
        "elastiCache": [{}],
        "loadBalancer": [{}],
        "vNet": [{}],
        "sqldb": [{}],
        "redisCache": [{}],
        "applicationGateway": [{}],
        "resourceGroup": [{}],
        "sqlServer": [{}],
        "ecsCluster": [{}],
        "keyVault": [{}],
        "networkLoadBalancer": [{}],
        "networkInterface": [{}],
        "ecsTaskDefinition": [{}],
        "iamPolicy": [{}],
        "volume": [{}],
        "cloudFront": [{}],
        "kinesis": [{}],
        "iamServerCertificate": [{}],
        "route53HostedZone": [{}],
        "route53RecordSetGroup": [{}],
        "acmCertificate": [{}],
        "route53Domain": [{}],
        "storageAccount": [{}],
        "dynamoDbTable": [{}],
        "ami": [{}],
        "vpnGateway": [{}],
        "virtualMfaDevices": [{}],
        "internetGateway": [{}],
        "wafRegional": [{}],
        "lock": [{}],
        "vpnConnection": [{}],
        "ecsTask": [{}],
        "customerGateway": [{}],
        "gcpSecurityGroup": [{}],
        "elasticIP": [{}],
        "iamInstanceProfile": [{}],
        "storageBucket": [{}],
        "ecsService": [{}],
        "project": [{}],
        "serviceAccount": [{}],
        "kmsKeyRing": [{}],
        "dataWarehouse": [{}],
        "guardDutyDetector": [{}],
        "gcpIamPolicy": [{}],
        "gcpIamUser": [{}],
        "apiGateway": [{}],
        "gcpGsuiteUser": [{}],
        "gcpGsuiteGroup": [{}],
        "gcpIamGroup": [{}],
        "bigQuery": [{}],
        "routeTable": [{}],
        "gkeCluster": [{}],
        "postgreSQL": [{}],
        "vpcFlowLog": [{}],
        "iamAccountSummary": [{}],
        "sageMakerNotebook": [{}],
        "containerRegistry": [{}],
        "inspector": [{}],
        "kmsAliases": [{}],
        "passwordPolicy": [{}],
        "configurationRecorder": [{}],
        "cosmosDbAccount": [{}],
        "networkWatcher": [{}],
        "vpcPeeringConnection": [{}],
        "metricAlarm": [{}],
        "snsSubscription": [{}],
        "logGroup": [{}],
        "metricFilter": [{}],
        "cloudWatchEventsRule": [{}],
        "awsIamAccessKey": [{}],
        "kubernetesNode": [{}],
        "kubernetesPod": [{}],
        "kubernetesService": [{}],
        "logProfile": [{}],
        "policyAssignment": [{}],
        "kubernetesNetworkPolicy": [{}],
        "kubernetesIngress": [{}],
        "kubernetesPodSecurityPolicy": [{}],
        "cloudSql": [{}],
        "kubernetesKubelet": [
            {}
        ]
    },
    "dataSyncStatus": [
        {
            "entityType": "NotSupported",
            "recentlySuccessfulSync": true,
            "generalFetchPermissionIssues": true,
            "entitiesWithPermissionIssues": [
                {
                    "externalId": "string",
                    "name": "string",
                    "cloudVendorIdentifier": "string"
                }
            ]
        }
    ],
    "assessmentPassed": true,
    "hasErrors": true,
    "id": 0
}
get_assessment(assessmentId)[source]

Get results of an assesment by id

Parameters:assessmentId (str) – Report/Assessment id
Returns:Assesment result. Ref: /docs/source/schemas/AssessmentResults.json
Return type:dict
Response object:
{
    "request": {
        "dome9CloudAccountId": "00000000-0000-0000-0000-000000000000",
        "externalCloudAccountId": "string",
        "cloudAccountId": "string",
        "region": "string",
        "cloudNetwork": "string",
        "cloudAccountType": "Aws",
        "requestId": "00000000-0000-0000-0000-000000000000"
    },
    "tests": [
        {
            "error": "string",
            "testedCount": 0,
            "relevantCount": 0,
            "nonComplyingCount": 0,
            "exclusionStats": {
                "testedCount": 0,
                "relevantCount": 0,
                "nonComplyingCount": 0
            },
            "entityResults": [
                {
                    "validationStatus": "Relevant",
                    "isRelevant": true,
                    "isValid": true,
                    "isExcluded": true,
                    "exclusionId": "00000000-0000-0000-0000-000000000000",
                    "remediationId": "00000000-0000-0000-0000-000000000000",
                    "error": "string",
                    "testObj": {}
                }
            ],
            "rule": {
                "name": "string",
                "severity": "Low",
                "logic": "string",
                "description": "string",
                "remediation": "string",
                "complianceTag": "string",
                "domain": "string",
                "priority": "string",
                "controlTitle": "string",
                "ruleId": "string",
                "logicHash": "string",
                "isDefault": true
            },
            "testPassed": true
        }
    ],
    "locationMetadata": {
        "account": {
            "srl": "string",
            "name": "string",
            "id": "string",
            "externalId": "string"
        },
        "region": {
            "srl": "string",
            "name": "string",
            "id": "string",
            "externalId": "string"
        },
        "cloudNetwork": {
            "srl": "string",
            "name": "string",
            "id": "string",
            "externalId": "string"
        }
    },
    "testEntities": {
        "notSupported": [{}],
        "instance": [{}],
        "securityGroup": [{}],
        "elb": [{}],
        "rds": [{}],
        "lambda": [{}],
        "region": [{}],
        "virtualMachine": [{}],
        "networkSecurityGroup": [{}],
        "cloudTrail": [{}],
        "nacl": [{}],
        "vpc": [{}],
        "subnet": [{}],
        "s3Bucket": [{}],
        "applicationLoadBalancer": [{}],
        "iamUser": [{}],
        "iamRole": [{}],
        "iam": [{}],
        "redshift": [{}],
        "kms": [{}],
        "default": [{}],
        "vmInstance": [{}],
        "iamGroup": [{}],
        "efs": [{}],
        "network": [{}],
        "elastiCache": [{}],
        "loadBalancer": [{}],
        "vNet": [{}],
        "sqldb": [{}],
        "redisCache": [{}],
        "applicationGateway": [{}],
        "resourceGroup": [{}],
        "sqlServer": [{}],
        "ecsCluster": [{}],
        "keyVault": [{}],
        "networkLoadBalancer": [{}],
        "networkInterface": [{}],
        "ecsTaskDefinition": [{}],
        "iamPolicy": [{}],
        "volume": [{}],
        "cloudFront": [{}],
        "kinesis": [{}],
        "iamServerCertificate": [{}],
        "route53HostedZone": [{}],
        "route53RecordSetGroup": [{}],
        "acmCertificate": [{}],
        "route53Domain": [{}],
        "storageAccount": [{}],
        "dynamoDbTable": [{}],
        "ami": [{}],
        "vpnGateway": [{}],
        "virtualMfaDevices": [{}],
        "internetGateway": [{}],
        "wafRegional": [{}],
        "lock": [{}],
        "vpnConnection": [{}],
        "ecsTask": [{}],
        "customerGateway": [{}],
        "gcpSecurityGroup": [{}],
        "elasticIP": [{}],
        "iamInstanceProfile": [{}],
        "storageBucket": [{}],
        "ecsService": [{}],
        "project": [{}],
        "serviceAccount": [{}],
        "kmsKeyRing": [{}],
        "dataWarehouse": [{}],
        "guardDutyDetector": [{}],
        "gcpIamPolicy": [{}],
        "gcpIamUser": [{}],
        "apiGateway": [{}],
        "gcpGsuiteUser": [{}],
        "gcpGsuiteGroup": [{}],
        "gcpIamGroup": [{}],
        "bigQuery": [{}],
        "routeTable": [{}],
        "gkeCluster": [{}],
        "postgreSQL": [{}],
        "vpcFlowLog": [{}],
        "iamAccountSummary": [{}],
        "sageMakerNotebook": [{}],
        "containerRegistry": [{}],
        "inspector": [{}],
        "kmsAliases": [{}],
        "passwordPolicy": [{}],
        "configurationRecorder": [{}],
        "cosmosDbAccount": [{}],
        "networkWatcher": [{}],
        "vpcPeeringConnection": [{}],
        "metricAlarm": [{}],
        "snsSubscription": [{}],
        "logGroup": [{}],
        "metricFilter": [{}],
        "cloudWatchEventsRule": [{}],
        "awsIamAccessKey": [{}],
        "kubernetesNode": [{}],
        "kubernetesPod": [{}],
        "kubernetesService": [{}],
        "logProfile": [{}],
        "policyAssignment": [{}],
        "kubernetesNetworkPolicy": [{}],
        "kubernetesIngress": [{}],
        "kubernetesPodSecurityPolicy": [{}],
        "cloudSql": [{}],
        "kubernetesKubelet": [
            {}
        ]
    },
    "dataSyncStatus": [
        {
            "entityType": "NotSupported",
            "recentlySuccessfulSync": true,
            "generalFetchPermissionIssues": true,
            "entitiesWithPermissionIssues": [
                {
                    "externalId": "string",
                    "name": "string",
                    "cloudVendorIdentifier": "string"
                }
            ]
        }
    ],
    "assessmentPassed": true,
    "hasErrors": true,
    "id": 0
}
list_users()[source]

List all Dome9 users for the Dome9 account

Returns:User object. Ref: /docs/source/schemas/User.json
Return type:dict
Response object:
{
    "id": 0,
    "name": "string",
    "email": "MyName@gmail.com",
    "accountId": 0,
    "isSuspended": true,
    "isOwner": true,
    "isSuperUser": true,
    "isAuditor": true,
    "hasApiKey": true,
    "hasApiKeyV1": true,
    "hasApiKeyV2": true,
    "isMfaEnabled": true,
    "ssoEnabled": true,
    "roleIds": [
      0
    ],
    "iamSafe": null,
    "canSwitchRole": true,
    "isLocked": true,
    "lastLogin": "2022-05-24T17:41:03Z",
    "permissions": null,
    "calculatedPermissions": null,
    "isMobileDevicePaired": true,
    "mfaEnforcement": null
  }
get_user(userId)[source]

Get user registered in Dome9

Parameters:userId (id) – Id of the user
Returns:User object. Ref: /docs/source/schemas/User.json
Return type:dict
Response object:
{
    "id": 0,
    "name": "string",
    "email": "MyName@gmail.com",
    "accountId": 0,
    "isSuspended": true,
    "isOwner": true,
    "isSuperUser": true,
    "isAuditor": true,
    "hasApiKey": true,
    "hasApiKeyV1": true,
    "hasApiKeyV2": true,
    "isMfaEnabled": true,
    "ssoEnabled": true,
    "roleIds": [
      0
    ],
    "iamSafe": null,
    "canSwitchRole": true,
    "isLocked": true,
    "lastLogin": "2022-05-24T17:41:03Z",
    "permissions": null,
    "calculatedPermissions": null,
    "isMobileDevicePaired": true,
    "mfaEnforcement": null
  }
create_user(email, name, surname='')[source]

Create user in Dome9

Parameters:
  • email (str) – User email of the new user
  • name (str) – Name of the new user
  • surname (str, optional) – Surname of the new user. Defaults to “”
Returns:

User object. Ref: /docs/source/schemas/User.json

Return type:

dict

Response object:
{
    "id": 0,
    "name": "string",
    "email": "MyName@gmail.com",
    "accountId": 0,
    "isSuspended": true,
    "isOwner": true,
    "isSuperUser": true,
    "isAuditor": true,
    "hasApiKey": true,
    "hasApiKeyV1": true,
    "hasApiKeyV2": true,
    "isMfaEnabled": true,
    "ssoEnabled": true,
    "roleIds": [
      0
    ],
    "iamSafe": null,
    "canSwitchRole": true,
    "isLocked": true,
    "lastLogin": "2022-05-24T17:41:03Z",
    "permissions": null,
    "calculatedPermissions": null,
    "isMobileDevicePaired": true,
    "mfaEnforcement": null
  }
delete_user(userId)[source]

Delete a user in Dome9

Parameters:userId (str) – Id of the user
Returns:bool