search

gabstopper / smc-python

Forcepoint Security Management Center python library:(Moved to official Forcepoint repo)
https://github.com/Forcepoint/fp-NGFW-SMC-python
Apache License 2.0
29 stars 13 forks source link

count() method not understood #40

Closed jenhek closed 5 years ago

jenhek commented 6 years ago

The following code

` smc_ip = Host.objects.filter(address=hostip,exact_match=True)

if smc_ip.count() > 1: print ('IP ' + hostip + ' mehrfach vorhanden!.') print (smc_ip.count()) for host in list(smc_ip): print(host.name, host.address) sys.exit (-1) ` gives me

IP 134.61.113.1 mehrfach vorhanden!. 19 dc1.rc.rwth-ad.de 134.61.113.1

Is my understanding of count() wrong or what I do?

jenhek commented 6 years ago

To me it looks like "exact_match=True" is ignored.

jenhek commented 6 years ago

Here is a difference between what I have in the list and the return of count().

count() seems to return the same value as in the SMC, when I search for an IP ending with ".1" and I also get the ".10", ".11" and so on listed.

gabstopper commented 6 years ago

Sorry for the delay on this. I need to look at this a bit further as it seems exact_match queries are returning inexact matches on the SMC versions i've tested.

gabstopper commented 5 years ago

Hi Jenhek, This is a side effect of the way the SMC searches for elements. As you noticed, if you make the same query from the SMC itself, you will return multiple elements.

However, I have implemented a way in the collection that you can use to retrieve only the exact items you want to retrieve by specify an key/value pair when making the search.

For example, By default if the search might look like this:

from smc.elements.network import Host
result = Host.objects.filter('172.18.1.1', exact_match=True)
print(list(result))
[Host(name=myhost3), Host(name=myhost2), Host(name=myhost)]

In this case, each of the returned elements have addresses: 172.18.1.1 172.18.1.10 172.18.1.11

However, if you want a more accurate approach and always ensure exactness, you can do the following:

result = Host.objects.filter(address='172.18.1.1')
print(list(result))
print(len(list(result)))

Which returns:

[Host(name=myhost)]
1
gabstopper commented 5 years ago

One other thing to mention is that the 'exact_match' allows for searching against the name of the element and will indeed be honored in a search. To further the example above, if you do:

result = Host.objects.filter('myhost', exact_match=True)
print(list(result))

You get:

[Host(name=myhost)]

Even though the other hosts are 'myhost2' and 'myhost3'.

The SMC search capabilities for certain elements (like hosts for example) will also return results for specific fields in those elements types. In the case of hosts the address field becomes a field that will return results so you can search on that directly. In those cases, the exact_match field is ignored in the search.

In addition, the comments field is searchable as well.

jenhek commented 5 years ago

Am 28.03.19 um 01:32 schrieb David LePage:

result = Host.objects.filter('myhost', exact_match=True)
print(list(result))

Not applicable here, I tried to find multiple definitions with the same IP, as my processing in the app had to respect that.

-- Dipl.-Phys. Jens Hektor, Networks IT Center, RWTH Aachen University Room 2.04, Wendlingweg 10, 52074 Aachen (Germany) Phone: +49 241 80 29206 - Fax: +49 241 80 22666 http://www.itc.rwth-aachen.de - hektor@itc.rwth-aachen.de

jenhek commented 5 years ago

Am 28.03.19 um 01:27 schrieb David LePage:

However, if you want a more accurate approach and always ensure exactness, you can do the following:


result = Host.objects.filter(address='172.18.1.1')

That's what I ended up with, also.

-- Dipl.-Phys. Jens Hektor, Networks IT Center, RWTH Aachen University Room 2.04, Wendlingweg 10, 52074 Aachen (Germany) Phone: +49 241 80 29206 - Fax: +49 241 80 22666 http://www.itc.rwth-aachen.de - hektor@itc.rwth-aachen.de

gabstopper commented 5 years ago

Sounds good. Closing issue.