Discover Radware's GitHub repository, where you'll find a collection of open-source projects, tools, and resources.

LinkerScripts Hub

This script is for use at your own choice. The script is provided “as is” without any warranty of any kind and Radware disclaims any and all liability regarding any use of the script.
Luis Felipe Rivas
Luis Felipe Rivas

Radware API Integration: Retrieve Security and Operational Events for SIEM

Hello Community,

I’d like to share a Python-based solution that integrates Radware's API to retrieve Security and Operational Events and send them to a SIEM server in CEF format via Syslog.

Key Features:

  • Incremental Queries: Fetches only new events using timestamp files.

  • Scripts:

    • retrive_security_events.py

    • retrive_operational_events.py

  • Configurable: API credentials, Syslog details, and query intervals managed via example_config.json.

  • Automation: Designed to run every minute using cron jobs.

You can access the repository here:
Repository Link

Feedback:

I’m open to any suggestions or improvements. Let me know your thoughts!

Best regards,

2
G
Yehuda Pinchas
Yehuda Pinchas

Solution: How to Automate the Renewal SSL Certificates using ACME

Objective: Automating the renewal of SSL/TLS certificates for Alteon devices managed by Cyber Controller.

ACME Client: Utilizing 'dehydrated' for managing the lifecycle of certificates via Let's Encrypt Certificate Authority (CA).

Challenge Deployment: Utilizing the HTTP-01 challenge type, deploying and cleaning each domain's challenge to the Alteon devices to validate domain ownership before certificate issuance.

Certificate Provisioning: Automatically provisioning new certificates on designated Alteon devices upon successful renewal.

Logging: Maintaining detailed log files to track and review the last certificates renewal process.

Notifications: Sending email notifications upon completion, detailing success, unchanged or failure of the certificate renewal process.

In the event that Cyber Controller is unavailable, the secondary Cyber Controller server will send an email notification about that issue.

The solution is available on Radware's GitHub.

For step-by-step instructions, please follow the README.md file.

In case of any additional capabilities or changes please contact Radware's representative.

3
3 replies
View 1 more replies
FX

Thanks Yehuda

Does it support going through proxy?

Thanks

Frank

Yehuda Pinchas

Hi Frank,

In the current version, no.

Please contact a Radware representative for any additional requests or changes.

Thanks,

Yehuda

G
Yehuda Pinchas
Yehuda Pinchas

Cyber Controller Sites and Devices Cloner Tool

That tool will help with migration for organizations that want to copy sites and devices from a Cyber-Controller instance to another one.

More about the tool:

  • Copies sites (and nested sites recursively), ADC, and Defense Pro devices from the source Cyber Controller to the destination Cyber Controller.

  • Supports copying both the Physical Containers and Sites and Devices sections.

  • Tested on both Cyber Controller and Vision products, with various versions from Vision 4.85 to Cyber Controller 10.5.0.

  • Available on Radware’s GitHub.

Easier to use, follow the instructions in the README.md file.

4
G
Yuval Moran
Yuval Moran

New DDoS API python examples

Notes before starting:

This script example should be performed with the new Cloud DDoS Portal API.

Before proceeding, make sure you have obtained the CDDoS account ID.


# Function to get the settings of an asset
def AssetSettings(ACCOUNT_ID, AssetName):
    HEADERS = {"X-API-KEY": APIKEY}

    AssetsSettingsURL = f"{BASE_URL}/api/assets?type=account&id=" + ACCOUNT_ID

    r = requests.get(AssetsSettingsURL, headers=HEADERS)
    if not r.ok:
        raise Exception("Error occured while getting asset settings")
    r = r.json()
    r = r["reply"]

    for i in r:
        check = i["name"].replace(" ", "")
        if check == AssetName:  # Name of the asset in the portal
            print(i)  # Prints only the settings of the asset mentioned
            return


def Get_Security_Alerts(ACCOUNT_ID):
    HEADERS = {"X-API-KEY": APIKEY}

    # Get current epoch time and interval
    current_epoch_time = int(time.time()) * 1000  # current epoch time in milliseconds
    interval_epoch_time = str(current_epoch_time - 259200000)  # Last 72 hours
    current_epoch_time = str(current_epoch_time)

    NetworkSecurityAlertsURL = f"{BASE_URL}/api/alerts/events/?from={interval_epoch_time}&to={current_epoch_time}&id={ACCOUNT_ID}&severity=INFO,LOW,MEDIUM,HIGH&type=account"
    r = requests.get(NetworkSecurityAlertsURL, headers=HEADERS)
    if not r.ok:
        print(r.reason)
    else:
        text = json.dumps(r.json(), indent=2)
        print(text)


def Get_Operational_Alerts(ACCOUNT_ID):
    HEADERS = {"X-API-KEY": APIKEY}

    # Get current epoch time and interval
    current_epoch_time = int(time.time()) * 1000  # current epoch time in milliseconds
    interval_epoch_time = str(current_epoch_time - 259200000)  # Last 72 hours
    current_epoch_time = str(current_epoch_time)

    NetworkSecurityAlertsURL = f"{BASE_URL}/api/alerts/operational/?from={interval_epoch_time}&to={current_epoch_time}&id={ACCOUNT_ID}&severity=INFO,LOW,MEDIUM,HIGH&type=account"
    r = requests.get(NetworkSecurityAlertsURL, headers=HEADERS)
    if not r.ok:
        print(r.reason)
    else:
        text = json.dumps(r.json(), indent=2)
        print(text)
2
G
Yuval Moran
Yuval Moran

Activate a server asset

Notes before starting:

This script example should be performed with the new Cloud DDoS Portal API.

Before proceeding, make sure you have obtained the CDDoS account ID.

def activate_asset_server(ACCOUNT_ID, AssetID):
    HEADERS = {"Content-Type": "application/json", "X-API-KEY": APIKEY}

    # Activate asset
    Activate_asset_data_json = {
        "assets": [{"_id": {"_oid": AssetID}, "type": "server"}],
        "additional_email_text": "",
    }

    Activate_asset_data_json = json.dumps(Activate_asset_data_json)
    AssetactiveURL = (
        f"{BASE_URL}api/assets/activate/?isDivert=True&type=account&id=" + ACCOUNT_ID
    )

    r = requests.post(AssetactiveURL, headers=HEADERS, data=Activate_asset_data_json)
    if r.ok:
        print(f"{AssetID} - Activated successfully")
    else:
        raise Exception(
            f"Failed to Activate. Returned status code - {r.status_code}, {r.reason}"
        )

1
G