Welcome to my journey of continuous discovery. Enjoy your visit.
Threat response gives you the ability to automate list management. Lists can be updated with content from any alert source. Members can be add for for a length of time between 1 hour and forever.
Threat Response List types:
Using some simple scripts you can leverage list membership to remediate compromised accounts. This Project will introduce retrieving data in a JSON format using a REST API.
No defense can stop every attack. When something does get through, Proofpoint Threat Response takes the manual labor and guesswork out of incident response to help you resolve threats faster and more efficiently. Get an actionable view of threats, enrich alerts, and automate forensic collection and comparison. For verified threats, quarantine and contain users, hosts, and malicious email attachments—automatically or at the push of a button.
What is a REST API (from WikiPedia)?
Representational State Transfer (REST) is an architectural style that defines a set of constraints to be used for creating web services. Web Services that conform to the REST architectural style, or RESTful web services, provide interoperability between computer systems on the Internet. REST-compliant web services allow the requesting systems to access and manipulate textual representations of web resources by using a uniform and predefined set of stateless operations. Other kinds of web services, such as SOAP web services, expose their own arbitrary sets of operations.[1]
Blah.blah. blah. That is a great definition but too much information.
REST API provides a standard way to GET, POST (create new), DELETE or PUT (update) data from or to an application using a URL. That's it, just those four things.
Now you know everything a REST API can do. The only piece you need to worry about is the URL of the application, if the application require authentication and in what format to exchange the data.
For this section we will be using Proofpoint Threat Response as our sample application and the JSON format. Threat Response does require authentication. so pay attention to the application keys sections of the scripts.
There are three iterations of the script with comments.
The Three Scripts:
ptr-get-list-members-basic.py : uses no authentication and shows resolution for Secure Request Warning
ptr-get-list-members-with-auth.py : adds authentication header to use API keys
ptr-get-list-members.py : allows variables and includes comments