search

akamai / AkamaiOPEN-edgegrid-python

This library implements an Authentication handler for the Akamai OPEN EdgeGrid Authentication scheme
Apache License 2.0
88 stars 52 forks source link

DXE-2673 [BUG] 400 Error - SIEM API Python Example #68

Closed estelae closed 1 month ago

estelae commented 1 year ago

Describe the bug SIEM API (https://techdocs.akamai.com/siem-integration/reference/get-configid) has a recipe called Fetch security event in time-based mode | Python that uses this library. It does not work and returns an error.

To Reproduce Steps to reproduce the behavior:

import requests
from akamai.edgegrid import EdgeGridAuth, EdgeRc
from urllib.parse import urljoin

edgerc = EdgeRc('~/.edgerc.txt')
section = 'default'
baseurl = 'https://%s' % edgerc.get(section, 'host')

session = requests.Session()
session.auth = EdgeGridAuth.from_edgerc(edgerc, section)

configId = "12345"

path = "https://hostname/siem/v1/configs/{}".format(configId)

headers = {
    "Accept": "application/json"}

querystring = {
    "from": "1488816442",
    "to": "1488816784",
    "limit": 1000
}

result = session.get(urljoin(baseurl, path),
                     headers=headers, params=querystring)
print(result.status_code)
print(result.json())

Expected behavior For the documentation example to work.

Actual behavior It outputs this error.

{
'type': 'https://problems.cloudsecurity.akamaiapis.net/siem/v1/missing-parameters',
'title': 'Missing mandatory parameter(s) or illegal parameter parameter(s) in the request',
'instance': 'https://{host}/siem/v1/configs/{configid}?from={from}',
'detail': 'Missing mandatory parameter(s) or illegal parameter parameter(s) in the request',
'method': 'GET'
...
}

Judging from the instance above, it appears that only the first query parameter is being recognized. If the & character is encoded to %26 in the signature generation then the instance variable changes to 'instance': 'https://{host}/siem/v1/configs/{configid}?from={from}&to={to}&limit={limit}', but gives a 401 error for the signature not matching. If the & character is encoded to %26 in the request and signature, then it returns a 400 error for missing parameters.

dstopka commented 1 year ago

Hi @estelae,

Thank you for opening an issue. I'll be investigating it and I'll get back to you once I learn more about it.

Kind regards, Darek

lkowalsk-akamai-com commented 1 month ago

Hi @estelae

SIEM api can only fetch data starting from 12 hours in the past. So, you may get 400 due to:

from & to needs to be within the past 12 hours from needs to be less than to

Looks like you are using some dummy values for the query params and mostporobalby this is the issue here.

Please let us know if this clarification helps.