search

redcanaryco / surveyor

A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.
MIT License
170 stars 59 forks source link

[BUG] S1 SiteID Parameter Required? #71

Closed rc-csmith closed 1 year ago

rc-csmith commented 2 years ago

Problem Description

Per help docs, either siteID or accountID is required (not both).

However, thie line requires a siteID to be given or it errors out https://github.com/redcanaryco/surveyor/blob/f257d684aea723689daeaf8f62ef12c9de2f4f81/products/sentinel_one.py#L87

Error message if no siteID defined:

python surveyor.py --deffile remoteadmin.json  --profile test --prefix test_s1 s1 --creds <REDACTED>
Traceback (most recent call last):
  File "/Users/<REDACTED>/Documents/Github/surveyor/surveyor.py", line 386, in <module>
    cli()
  File "/Users/<REDACTED>/Documents/virtual_env/lib/python3.9/site-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
  File "/Users/<REDACTED>/Documents/virtual_env/lib/python3.9/site-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
  File "/Users/<REDACTED>/Documents/virtual_env/lib/python3.9/site-packages/click/core.py", line 1657, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/Users/<REDACTED>/Documents/virtual_env/lib/python3.9/site-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/Users/<REDACTED>/Documents/virtual_env/lib/python3.9/site-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "/Users/<REDACTED>/Documents/virtual_env/lib/python3.9/site-packages/click/decorators.py", line 26, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/Users/<REDACTED>/Documents/Github/surveyor/surveyor.py", line 154, in s1
    survey(ctx, 's1')
  File "/Users/<REDACTED>/Documents/Github/surveyor/surveyor.py", line 232, in survey
    product = get_product_instance(product, **kwargs)
  File "/Users/<REDACTED>/Documents/Github/surveyor/load.py", line 37, in get_product_instance
    return subclass(**kwargs)
  File "/Users/<REDACTED>/Documents/Github/surveyor/products/sentinel_one.py", line 87, in __init__
    site_response_data = self._get_all_paginated_data(self._build_url('/web/api/v2.1/sites'),
  File "/Users/<REDACTED>/Documents/Github/surveyor/products/sentinel_one.py", line 267, in _get_all_paginated_data
    response.raise_for_status()
  File "/Users/<REDACTED>/Documents/virtual_env/lib/python3.9/site-packages/requests/models.py", line 960, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: BAD REQUEST for url: https://<REDACTED>.sentinelone.net/web/api/v2.1/sites?siteIds=&limit=1000

Cred file used:

[test]
url=https://<REDACTED>.sentinelone.net
token=<REDACTED>
account_id=<REDACTED>

Proposed Solution

Edit the code to make siteID optional

Workaround?

Ensure site IDs are defined either in the cmdline or cred file