Welcome to my journey of continuous discovery. Enjoy your visit.

Ugli Scripting
Ugli Scripting
  • Home
  • Blog
  • .PY
    • Python 2.7 on Windows
    • Python 2.7 on Ubuntu
    • Python 2.7 IDE Set up
    • Run Python Script via CLI
    • Adding Python Packages
    • Basic REST API
  • .PS1
    • Install AD Module Win 10
    • Connecting to MSO and EOP
    • Storing Script Variables
    • Storing Secure Strings
    • Storing User Credentials
    • Basic REST API
  • Sample Integrations
    • Isolate SEP Clients
    • Force Password Change
    • o365 Account Remediation
    • Threat Response Lists
    • Endpoint Scripts
  • SITQ Lab
    • Lab Resources
    • AD Lab Account Imports
    • DLP Sample
  • More
    • Home
    • Blog
    • .PY
      • Python 2.7 on Windows
      • Python 2.7 on Ubuntu
      • Python 2.7 IDE Set up
      • Run Python Script via CLI
      • Adding Python Packages
      • Basic REST API
    • .PS1
      • Install AD Module Win 10
      • Connecting to MSO and EOP
      • Storing Script Variables
      • Storing Secure Strings
      • Storing User Credentials
      • Basic REST API
    • Sample Integrations
      • Isolate SEP Clients
      • Force Password Change
      • o365 Account Remediation
      • Threat Response Lists
      • Endpoint Scripts
    • SITQ Lab
      • Lab Resources
      • AD Lab Account Imports
      • DLP Sample
  • Home
  • Blog
  • .PY
    • Python 2.7 on Windows
    • Python 2.7 on Ubuntu
    • Python 2.7 IDE Set up
    • Run Python Script via CLI
    • Adding Python Packages
    • Basic REST API
  • .PS1
    • Install AD Module Win 10
    • Connecting to MSO and EOP
    • Storing Script Variables
    • Storing Secure Strings
    • Storing User Credentials
    • Basic REST API
  • Sample Integrations
    • Isolate SEP Clients
    • Force Password Change
    • o365 Account Remediation
    • Threat Response Lists
    • Endpoint Scripts
  • SITQ Lab
    • Lab Resources
    • AD Lab Account Imports
    • DLP Sample

Threat Response Lists

List Management

Threat response gives you the ability to automate list management.  Lists can be updated with content from any alert source.  Members can be add for for a length of time between 1 hour and forever.


Threat Response List types:

  • Host
  • URL
  • User
  • File
  • Allow Lists


Using some simple scripts you can leverage list membership to remediate compromised accounts.  This Project will introduce retrieving data in a JSON format using a REST API.

Learn More

No defense can stop every attack. When something does get through, Proofpoint Threat Response takes the manual labor and guesswork out of incident response to help you resolve threats faster and more  efficiently. Get an actionable view of threats, enrich alerts, and  automate forensic collection and comparison. For verified threats, quarantine and contain users, hosts, and malicious email  attachments—automatically or at the push of a button.

Product Website

Accessing List Members

Using Python 'requests' and JSON

What is a REST API (from WikiPedia)?


Representational State Transfer (REST) is an  architectural style that defines a set of constraints to be used for  creating web services. Web Services that conform to the REST  architectural style, or RESTful web services, provide interoperability between computer systems on the Internet. REST-compliant web services allow the requesting systems to access and manipulate textual representations of web resources by using a uniform and predefined set of stateless operations. Other kinds of web services, such as SOAP web services, expose their own arbitrary sets of operations.[1] 


Blah.blah. blah.  That is a great definition but too much information.


REST API provides a standard way to GET, POST (create new), DELETE or PUT (update) data from or to an application using a URL. That's it, just those four things.


Now you know everything a REST API can do.  The only piece you need to worry about is the URL of the application, if the application require authentication and in what format to exchange the data.


For this section we will be using Proofpoint Threat Response as our sample application and the JSON format.  Threat Response does require authentication. so pay attention to the application keys sections of the scripts.  


There are three iterations of the script with comments.


The Three Scripts:


ptr-get-list-members-basic.py : uses no authentication and shows resolution for Secure Request Warning

ptr-get-list-members-with-auth.py : adds authentication header to use API keys

ptr-get-list-members.py : allows variables and includes comments

Link to GitHub Repo

Copyright © 2018 Ugli Scripting - All Rights Reserved.

  • Blog
  • CV

Powered by GoDaddy