0

我有一个 Python API 查询来收集所有入侵防御规则以及与每个规则关联的计算机的 ID,但是在大约 14000 条记录后出现错误:

调用 ComputerIntrusionPreventionRuleDetailsApi.list_intrusion_prevention_rules_on_computer: (500) 时发生异常原因:HTTP 响应标头:HTTPHeaderDict({'X-Frame-Options': 'SAMEORIGIN', 'X-XSS-P rotection': '1;mode=block' , 'Cache-Control': 'no-cache,no-store', 'Pragma': 'no-cache', 'X-DSM-Version': 'Deep Security/12.0.296', 'Content-Type': 'application/json', 'Content-Length': '35', 'Date': 'Fri, 16 Oct 2020 14:04:02 GMT', 'Connect ion': 'close'}) HTTP 响应正文:{" message":"内部服务器错误"}

我的脚本如下:

# -*- coding: utf-8 -*-
from __future__ import print_function
import sys, warnings
import pymssql
import datetime
import deepsecurity
import json
import requests
import urllib3
from deepsecurity.rest import ApiException
from urllib3.exceptions import InsecureRequestWarning
from pprint import pprint
urllib3.disable_warnings(InsecureRequestWarning)
if not sys.warnoptions:
               warnings.simplefilter("ignore")
configuration = deepsecurity.Configuration()
configuration.host = "Server/api/"


# Authentication
configuration.api_key['api-secret-key'] = 'Key'

# Initialization
# Set Any Required Values
conn = pymssql.connect("localhost","" ,"", "DeepSecurity")
cursor = conn.cursor()
cursor2 = conn.cursor()
api_instance = deepsecurity.ComputerIntrusionPreventionRuleDetailsApi(deepsecurity.ApiClient(configuration))
api_instance2 = deepsecurity.ComputersApi(deepsecurity.ApiClient(configuration))
api_version = 'v1'

overrides = False

try:
        recorddt = datetime.datetime.now()
        api_response2 = api_instance2.list_computers(api_version, overrides=overrides)

        for y in  api_response2.computers:
         
          api_response = api_instance.list_intrusion_prevention_rules_on_computer(y.id,api_version,overrides=overrides)
          for x in  api_response.intrusion_prevention_rules:


         
           strCVE=(x.cve)
           clean_cve=str(strCVE).replace("['", "").replace("']", "").replace("'", "")

           
           
           cursor.executemany("INSERT INTO ip_rules VALUES (%d, %s, %s ,%s,%s) ", [(x.id,x.name,clean_cve,recorddt,y.id)])
           conn.commit()
except ApiException as e:
               print("An exception occurred when calling ComputerIntrusionPreventionRuleDetailsApi.list_intrusion_prevention_rules_on_computer: %s\n" % e)

4

1 回答 1

0

我猜它发生在循环(list_intrusion_prevention_rules_on_computer)具有不同的计算机ID(如y.id)。

趋势科技服务器深度安全防护系统管理中心似乎能够识别异常并返回 500 内部服务器错误(并带有标头信息)。因此,您可能需要检查 server0.log 中是否有任何异常,您可能会从中获得一些线索。

您还想确定哪些计算机未能分配预防规则并重试。

于 2020-10-20T08:14:27.200 回答