Since ePO inexplicibly does not allow you to apply a tag to the results of an EEPC query I'm trying to call the same ePO query from python, dump the results to a file, and then use that same file with python to apply the tag I want. Running the query is no problem, but I'm new to python so I'm having trouble dumping it to a file.....or would it be more efficient to store it in a list or array and iterate through that to apply the tag?
Efficiancy is always a matter of opinion... I personally would use both. I would store the information in an array that I can iterate through while always storing it to a file for future use and logging.
If you are having a hard time with dumping the info to a file then I would just iterate through an array. You can always go back and modify your code once you figure it out.
If I manually populate the list i.e. list = [1,2,3,4,5] I can iterate through it and write it out to a file no problem. My challenge is getting the results of core.executeQuery into a list or array.
The best way I have managed it in Powershell is with XML. By outputting in xml I can then iterate through the tree and pull out the info that I need...even put it into an array. Otherwise it would be a string which can be more complicated to manipulate. So consider what you are having it output as String, XML, JSON...and maybe tackle it from a different perspective.
Are you not able to apply a tag utilizing a server task?
Either way when you utilize the McAfee python API files the results that are returned to you are in a list. Each element within the list is a DICT of the data you requested. Here is a simple example to hopefully help you:
mc = mcafee.client(address, port, username, password)
target = 'EPOEvents'
select = '(select EPOEvents.DetectedUTC EPOEvents.ThreatName EPOEvents.AnalyzerName EPOEvents.SourceProcessName EPOEvents.TargetFileName EPOEvents.ThreatActionTaken)'
where = '( where ( and ( eq EPOEvents.AgentGUID "%s" ) ( newerThan EPOEvents.DetectedUTC 86400000 ) ) )' % (searchGUID)
order = '(order(asc EPOEvents.DetectedUTC))'
data = mc.core.executeQuery(target=target, select=select, where=where, order=order)
for event in data:
print string.ljust('Event Generated Time (UTC)', 40), string.ljust(event['EPOEvents.DetectedUTC'], 80)
print string.ljust('Detecting Product', 40), string.ljust(event['EPOEvents.AnalyzerName'], 80)
print string.ljust('Threat Name', 40), string.ljust(event['EPOEvents.ThreatName'], 80)
print string.ljust('Process Name', 40), string.ljust(event['EPOEvents.SourceProcessName'], 80)
print string.ljust('File Name', 40), string.ljust(event['EPOEvents.TargetFileName'], 80)
print string.ljust('Action Taken', 40), string.ljust(event['EPOEvents.ThreatActionTaken'], 80)
Now this code basically queries HBSS for events based on a Host Asset GUID and then loops the array and extracts the data.Message was edited by: mrjester on 9/23/13 9:35:45 PM CDT