cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Export Watchlist Values

Hi

Exporting Watchlist gives me the xml file of the watchlist definitions.

how can I export watchlist actual values?

3 Replies
trisiem
Level 9
Report Inappropriate Content
Message 2 of 4

Re: Export Watchlist Values

Hello,

 

It's really simple, you can use the API python wrapper to leverage some of the private API calls and get the data we want.

 

The following python code snippet should be self-explanatory:

 

>>> from msiempy import WatchlistManager
>>> all_watchlists = WatchlistManager()
>>> my_test_wl = [ w for w in all_watchlists if w['name'] == 'TEST-watchlist'][0]
>>> my_test_wl.load_values()
>>> my_test_wl['values'] 
['::0', '1.1.1.1', '2.2.2.2', '127.0.0.1', '']

 

I'm just unsure how many values at max you can get using this method.

 

Cheers.

Re: Export Watchlist Values

Hi, thank you

first time working with API

where do I need to execute this code snippet from??

trisiem
Level 9
Report Inappropriate Content
Message 4 of 4

Re: Export Watchlist Values

1/ You should install python on your VM / computer: https://www.python.org/downloads/

2/ Install the python wrapper library: Open a terminal and type: 

python3 -m pip install msiempy

On windows the python executable might be named differently https://docs.python.org/3/using/windows.html

3/ Try out the commands I shared from the Python Interpreter by launching

`python3` (or `py`) Without arguments.

4/ Read the library (`msiempy`) documentation  here: https://mfesiem.github.io/docs/msiempy/index.html. And make a python script for your use case. I.E the `dump_wl_values.py` following :

 

 

 

import argparse
from msiempy import WatchlistManager

if __name__ == "__main__":
    parser = argparse.ArgumentParser(description="Dump ESM Watchlist values to a text file.  ")
    parser.add_argument('--wl', help='ESM Watchlist name')
    parser.add_argument('--list','-l', action='store_true', help='List all Watchlists')
    parser.add_argument('--out', help='Output text file. Print only if none')
    args=parser.parse_args()
    all_watchlists = WatchlistManager()
    if args.list:
        print(all_watchlists.get_text(fields=['name','type','valueCount','active','source','id']))
    if args.wl:
        my_wl = [ w for w in all_watchlists if w['name'] == args.wl]
        if not len(my_wl):
            raise ValueError("Watchlist not found")
        else:
            my_wl=my_wl[0]
        my_wl.load_values()
        if args.out:
            with open(args.out, 'w') as o:
                #Write all values to file (edited)
                o.write('\n'.join(my_wl['values'])) 
        else:
            print('\n'.join(my_wl['values']))

 

 

 

This script is working and will export Watchlist values to text file. 

 

 

% python3 ./dump_wl_values.py -h               
usage: dump_wl_values.py [-h] [--wl WL] [--list] [--out OUT]

Dump ESM Watchlist values to a text file.

optional arguments:
  -h, --help  show this help message and exit
  --wl WL     ESM Watchlist name
  --list, -l  List all Watchlists
  --out OUT   Output text file. Print only if none

 

 

 Cheers !

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community