2

想用 Python 搜索 DSaaS 全局规则,看看某个 HASH/SHA256 是否在全局规则集中。

代码如下。如何在 search_filter 对象中获取 SHA256 值 (hash256)?

    hash256 = str(input("Pleas enter the hash that you would like to search: "))
    print(hash256)

    try:
        search_filter = deepsecurity.SearchFilter()

        api_response = api_instance.search_global_rules(api_version, search_filter=search_filter)
        pprint(api_response)
    except ApiException as e:
        print("An exception occurred when calling GlobalRulesApi.search_global_rules: %s\n" % e)

无法通过 HASH 进行搜索

4

1 回答 1

1

为了对应用程序控制全局规则执行搜索,您需要首先创建一个SearchCriteria如下

# Create SearchCriteria
searchCriteria = deepsecurity.SearchCriteria(
    field_name='sha256',
    string_test='equal',
    string_value=hash256
)

然后将其添加到您的SearchFilter对象

search_filter = deepsecurity.SearchFilter(search_criteria=searchCriteria)

总体而言,您的代码如下

hash256 = str(input("Please enter the hash that you would like to search: "))
print(hash256)

# Create SearchCriteria
searchCriteria = deepsecurity.SearchCriteria(
    field_name='sha256',
    string_test='equal',
    string_value=hash256
)

# Add SearchCriteria to SearchFilter
search_filter = deepsecurity.SearchFilter(search_criteria=searchCriteria)

try:
    api_response = api_instance.search_global_rules(api_version, search_filter=search_filter)
    pprint(api_response)
except ApiException as e:
    print("An exception occurred when calling GlobalRulesApi.search_global_rules: %s\n" % e)

查看本指南以了解高级搜索,例如使用通配符等。

PS 我在趋势科技的 Deep Security 团队工作。

于 2019-08-15T20:55:08.040 回答