Restore the Network Connection of a Security Agent
This task retrieves a list of Security Agents and then restores the network connection of an isolated Security Agent.
- Obtain an application ID and API key.
- Define the libraries and functions necessary to create JSON Web Tokens for authorization.
- Obtain the host name of the Security Agent that you want to reconnect to the network.
- Restore the network connection of the Security Agent.
Obtain an Application ID and API Key
This task retrieves the application ID and API key for an external application that consumes Apex Central Automation APIs.
-
Go to Administration > Settings > Automation API Access Settings.
The Automation API Access Settings screen appears.
-
Click Add.
The Application Access Settings section appears and displays the following information:
-
Application ID: Used by Apex Central to identify the external application
-
API key: Used by the external application to sign requests sent to Apex Central
-
API type: Indicates the API functions that the external application can access
-
- Select Enable application integration using Apex Central Automation APIs.
-
Configure the following settings.
-
Application name: Specify an easily identifiable name for the application.
-
Communication time-out: Select the maximum number of seconds allowed for a request to reach Apex Central after the application generates the request.
-
-
Click Save.
The Automation API Access Settings screen appears and displays the newly added application in the table.
-
In Python, assign values to following parameters.
Parameter
Value
use_application_idYour application ID
use_api_keyYour API key
use_url_baseYour server URL
use_application_id = YOUR_APPLICATION_ID use_api_key = YOUR_API_KEY use_url_base = YOUR_SERVER_URL
Define the Libraries and Functions Required for JSON Web Token Creation
This task defines the necessary libraries and functions for creating the JSON web token (JWT).
-
Define the necessary libraries.
import base64 import jwt import hashlib import time import json -
Define the function that creates the checksum.
def create_checksum(http_method, raw_url, headers, request_body): string_to_hash = http_method.upper() + '|' + raw_url.lower() + '|' + headers + '|' + request_body base64_string = base64.b64encode(hashlib.sha256(str.encode(string_to_hash)).digest()).decode('utf-8') return base64_string -
Define the function that creates the JWT.
def create_jwt_token(appication_id, api_key, http_method, raw_url, headers, request_body, iat=time.time(), algorithm='HS256', version='V1'): checksum = create_checksum(http_method, raw_url, headers, request_body) payload = {'appid': appication_id, 'iat': iat, 'version': version, 'checksum': checksum} token = jwt.encode(payload, api_key, algorithm=algorithm).decode('utf-8') return token
Obtain the Host Name of the Security Agent
This task retrieves the host name of the isolated Security Agent that you want to reconnect to the network.
-
Retrieve the list of Security Agents that are managed by the selected server,
and assign the response value to
r.For more information about the "List Security Agents" API, see https://automation.trendmicro.com/apex-central/api#tag/Security-Agents.
print('(Optional) Get the Security Agent list, if you does not have host name.') productAgentAPIPath = '/WebApp/API/AgentResource/ProductAgents' canonicalRequestHeaders = '' useRequestBody = '' useQueryString='' jwt_token = create_jwt_token(use_application_id, use_api_key, 'GET', productAgentAPIPath + useQueryString, canonicalRequestHeaders, useRequestBody, iat=time.time()) headers = {'Authorization': 'Bearer ' + jwt_token , 'Content-Type': 'application/json;charset=utf-8'} r = requests.get(use_url_base + productAgentAPIPath + useQueryString, headers=headers, verify=False) -
Perform error handling and print the API response.
if r.status_code !=200 and r.status_code!=201: print('Not successful, please handle your error') #Show the information of agents. # print(r.status_code) # print(json.dumps(r.json(), indent=4)) host_name = r.json()["result_content"][0]["host_name"] print("host name:", host_name) -
Locate the host name in the response.
200 { "result_code": 1, "result_description": "Operation successful", "result_content": [ { "entity_id": "492E8584-0114-694D-BF9D-44CC20141501", "product": "SLF_PRODUCT_OFFICESCAN_CE", "managing_server_id": "33111111-1111-AAAA-AAAA-111100000001", "ad_domain": "", "folder_path": "DOMAIN", "ip_address_list": "10.1.1.1", "mac_address_list": "00-60-59-A4-70-2D", "host_name": "client01", "isolation_status": "normal", "capabilities": [ "cmd_restore_isolated_agent", "cmd_isolate_agent", "cmd_relocate_agent", "cmd_uninstall_agent" ] }, ... { "entity_id": "80180123-1059-CCCC-CCCC-111100000010", "product": "SLF_PRODUCT_HEADLESS_DSM", "managing_server_id": "80180123-1059-694D-BF9D-44CC80320001", "ad_domain": "", "folder_path": "iptlab", "ip_address_list": "100.1.1.10", "mac_address_list": "00-50-56-A7-69-10", "host_name": "host8", "isolation_status": "not_supported", "capabilities": [] } ] } -
Verify that the Security Agent can be reconnected to the network using the
API.
Note:
If the
capabilitiesparameter containscmd_restore_isolated_agent, then the Security Agent can be reconnected to the network using the API. -
Assign a value to
host_name.### Setting the host name of security agent. print('Setting the host name of security agent.') host_name = r.json()["result_content"][0]["host_name"] print("host name:", host_name)
Restore the Network Connection of the Security Agent
This task restores the network connection of the isolated Security Agent.
-
Specify the host name of the Security Agent.
For more information about the "Isolate, Restore, Relocate, or Uninstall Security Agent" API, see https://automation.trendmicro.com/apex-central/api#operation/AgentResource_PostProductAgents.
To successfully restore the network connection of the Security Agent, you must include all of the following parameters in the payload.
Parameter
Value
Purpose
host_nameYOUR_HOST_NAMEIdentifies the endpoint on which the Security Agent is installed
actcmd_restore_isolated_agentRestores the network connection of the Security Agent
allow_multiple_matchTrueAllows modification of multiple Security Agents
You can identify the Security Agent using one or more (any combination) of the following parameters. In this use case, only
host_nameis specified.Name
Type
Description
entity_idString
GUID of the managed product agent
host_nameString
Endpoint name of the managed product agent
ip_addressString
IP address of the managed product agent
mac_addressString
MAC address of the managed product agent
productString
Trend Micro product on the server instance
### Restore isolate security agent network connection print('Restore isolate security agent network connection') productAgentAPIPath = '/WebApp/API/AgentResource/ProductAgents' canonicalRequestHeaders = '' useQueryString = '' payload = { "host_name":host_name, "act":"cmd_restore_isolated_agent", "allow_multiple_match":True } useRequestBody = json.dumps(payload) jwt_token = create_jwt_token(use_application_id, use_api_key, 'POST', productAgentAPIPath + useQueryString, canonicalRequestHeaders, useRequestBody, iat=time.time()) headers = {'Authorization': 'Bearer ' + jwt_token , 'Content-Type': 'application/json;charset=utf-8'} r = requests.post(use_url_base + productAgentAPIPath + useQueryString, headers=headers, data=useRequestBody, verify=False)Note:If the
allow_multiple_matchvalue isFalseand the specified parameters match multiple agents, the operation will be unsuccessful. -
Perform error handling and print the API response.
if r.status_code !=200 and r.status_code!=201: print('Not successful, please handle your error') print(r.status_code) print(json.dumps(r.json(), indent=4)) -
Verify that the
isolated_statusvalue isnormal.Value
Description
connection_restoration_pendingThe agent restoration command has been issued and reconnection of the Security Agent to the network is pending.
endpoint_isolation_pendingThe agent isolation command has been issued and agent isolation is pending.
isolatedThe Security Agent is currently isolated from the network.
normalThe network connection of the Security Agent is normal and, if applicable, can be isolated from the network.
not_supportedThe Security Agent version does not support this function.
If your request was successful, the response will be similar to the following:
200 { "result_code": 1, "result_description": "Operation successful", "result_content": [ { "entity_id":"8a1a84550462-40bc9afc-3770-16ac-cd6c", "product":"SLF_PRODUCT_OFFICESCAN_CE", "managing_server_id": "026332F39EBC-41C19604-02DD-2C5F-EDE5", "ad_domain":"", "folder_path":"Workgroup", "ip_address_list":"192.168.121.132", "mac_address_list":"00-0C-29-9B-AB-65", "host_name":"OSCECLIENT", "isolation_status":"normal", "capabilities":[ "cmd_uninstall_agent", "cmd_relocate_agent", "cmd_isolate_agent", "cmd_restore_isolated_agent" ] } ] }Important:Not all Security Agents can be reconnected to the network using the API. If the
result_codevalue is1and theresult_contentvalue is a null array[], the operation was successful but the specified Security Agent cannot be reconnected to the network using the API.