Security Apis and Threat Hunting Using Python: My Programmability Learning Journey

Security APIs and Threat Hunting
using Python
My Programmability Learning journey
Patrick Cardot, Alvaro Culebras, Jo Kern, Hadil Ghaban
Technical Solution Architect
Agenda Lunch at 12h30 to 13h15
Day-1
Install development Learn to write a

JSON Parsing REST APIs
environment python script
Day-2
Threat Hunting
Security APIs AMP Use Case Threat Hunting Python
Postman
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Lunch at 12h30 to 13h15
http://82.121.247.198/reg
Enter your mail please
Which
What do I
My Programmability Where do I development
need to learn
Learning Journey start ? Environment
?
?
My first Where can I

Codes Where find Where can I
share my
What can I Examples ? get help ?
code ?
try ?
What do I need to
learn ?
© 2020
2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What do I need to Learn ?
Learning What ?
Git & GitHub
RESTFul APIs Mandatory

YAML / JSON / XML
Python
What do I need to Learn ?
Learning What ?
Docker
NODE JS
Strongly Recommended
Javascript
Ansible
Netconf / RESTconf
Python
Python Level 1 Level 2
Deal with JSON Panda

Deal with CSV Flask
Deal with YAML Django

requests / urllib PyATS / Genie
Databases ( SQLite ) MultiThreading
Parsing dpkt ,numpy,R, etc…
Netmiko / pexcept
What do I need to Learn ? ( On top of )
Web Development
HTML / CSS
Javascript
PHP
Python Flask / Django Really Recommended
NeXt-UI
Cisco-ui
React / D3JS / infovis / …

Where do I start ?
© 2020
DEVNET Sign UP for Free !
https://developer.cisco.com/
Developer Workstation and Environment Setup
https://developer.cisco.com/learning/devnet-express/dnav4-track
Which
development
Environment ?
Your Development Environment
Your Development Environment
Set up your own development workstation
The Tools you need for this training
Did you installed
the tools ?
Let’s install them
© 2020
Developer Workstation and Environment Setup
https://developer.cisco.com/learning/devnet-express/devnet-
express-security-v1-1
Install Python
• www.python.org/downloads/windows/
Setup & Activate your Python Virtual Environment
• LINUX Open bash terminal at the “root of the repository”
• Windows open a CMD console and CD to your working directory
• Create and activate a Python virtual environment
# MacOS or Linux # Windows (bash)

python3.6 -m venv venv python -m venv venv
source venv/bin/activate venv\Scripts\activate
Visual Studio Code
• https://code.visualstudio.com/download
Install a git client ( Windows – Git Bash )
git-scm.com/downloads
Install Git client on LINUX
sudo apt-get install git-all
https://www.postman.com/downloads/
Install Postman REST Client
Cisco Webex Teams for Developers
https://developer.webex.com/
Developer Portal Interactive Docs
24/7 Dev Support Server SDKs
Your Bearer Token
Check Your Setup
http://82.121.247.198/check
http://82.121.247.198/check
• FOR PATRICK !
• Add everyone in the Webex Room and share the folder
• Let’s everyone install Python 3,7 + and venv ( needed for Day 1 )
• POSTMAN will be needed this afternoon
My First Codes
What can I try ?
© 2020
Start Your Security APIs Journey
VERY EASY EASY DIFFICULT
Umbrella Threat Response

Webex Team Identity Service Engine
AMP FMC
Cisco ASA DUO
ThreatGrid FDM
Meraki StealthWatch
Start here
If you start from scratch
ASAv
© 2020
Why Starting with an ASA ?
Easy to get . Download ASAv
You don’t need any licenses to start on APIs
When you learn RESTFul APIs on ASA. you understand how to interact with any
Cisco Security Solution ( with any network devices, with any Restful Server )
If you are familiar with CLI it will be very easy for you to understand what APIs do
Why Starting with an ASA ?
ASA APIs
SSH with Netmiko Action Collect
HTTPS APIs
Restful APIs
Expose Parse
JSON Format and parsing
Text Parsing
Store
Managing results
Collect
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Parse Store Expose Action
ASA REST API Documentation and Console
https://[ ASA admin ip addr ]/doc
Python, JavaScript or
Perl
POSTMAN create/modify/delete : an IP route
Copy/Edit the Code
Run the Code
Try something more difficult like managing
device’s interfaces
Webex Team
© 2020
Cisco Webex Teams for Developers
https://developer.webex.com/
Developer Portal Interactive Docs
24/7 Dev Support Server SDKs
Master Webex Team – Use a script to
Create a Webex Team Room
Send a Message into it
Explore Webex Team Chat Bots
https://developer.cisco.com/learning/tracks/collab-cloud
Are You Ready ?!
How do you “Lab”?
Watch
Just Watch
Now, Do
Watch and Do
Later
How do you learn best ?
© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
Ok Let’s GO !
After the break ! : 10 Mins

Security Apis and Threat Hunting Using Python: My Programmability Learning Journey

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Security Apis and Threat Hunting Using Python: My Programmability Learning Journey

Uploaded by

Copyright:

Available Formats

Security APIs and Threat Hunting

Install development Learn to write a

Enter your mail please

My first Where can I

Git & GitHub

RESTFul APIs Mandatory

Deal with JSON Panda

Deal with YAML Django

Databases ( SQLite ) MultiThreading

Parsing dpkt ,numpy,R, etc…

React / D3JS / infovis / …

Let’s install them

# MacOS or Linux # Windows (bash)

sudo apt-get install git-all

Developer Portal Interactive Docs

24/7 Dev Support Server SDKs

Umbrella Threat Response

Easy to get . Download ASAv

You don’t need any licenses to start on APIs

Developer Portal Interactive Docs

24/7 Dev Support Server SDKs

Create a Webex Team Room

Send a Message into it

Explore Webex Team Chat Bots

You might also like