0

Trying to add to reporting value for security updates on computer objects. using the list_computers method with the python SDK and using AWS TM 11.3.184.

Method reference: https://automation.deepsecurity.trendmicro.com/article/11_3/api-reference?platform=aws#operation/listComputers

According to the SDK documentation there should be a securityUpdates object inside the return (really security_updates in python return) that contain the status object inside. However, testing seems to show while security_updates exists its value is always None

Note: Btw secondary issue to note is the python SDK API reference shows camelcase (assuming as Java SDK returns as such) but the real return is snake case.

I have crosschecked with console and looking at a computer that has the security update status set "Up-to-Date" the object in API call return still shows None instead. In code snipped can see the end of the computer object return for this case

 'last_agent_communication': 1554232722261,
 'last_appliance_communication': None,
 'last_ip_used': '10.254.253.126',
 'last_send_policy_request': 1554148882568,
 'last_send_policy_success': 1554148896261,
 'log_inspection': {'module_status': {'agent_status': 'inactive',
                                      'agent_status_message': 'Off, not '
                                                              'installed, '
                                                              'no rules',
                                      'appliance_status': None,
                                      'appliance_status_message': None},
                    'rule_ids': None,
                    'state': 'off'},
 'no_connector_virtual_machine_summary': None,
 'platform': 'Amazon Linux (64 bit) (4.14.77-70.59.amzn1.x86_64)',
 'policy_id': 4,
 'relay_list_id': None,
 'sap': None,
 'security_updates': None,
 'tasks': None,
 'vmware_vm_virtual_machine_summary': None,
 'web_reputation': {'module_status': {'agent_status': 'inactive',
                                      'agent_status_message': 'Off, not '
                                                              'installed',
                                      'appliance_status': None,
                                      'appliance_status_message': None},
                    'state': 'off'},
 'workspace_virtual_machine_summary': None},

Expectation is like in the API documentation a return similar to this instead of None (in snake case of course in reality, this is copied from API ref):

"securityUpdates": {
"updateStatus": {
"status": "inactive",
"statusMessage": "string"
},
"lastChanged": 0,
"rules": [],
"antiMalware": [],
"webReputationService": [],
"manifests": [],
"other": []
},
GuyIncognito
  • 1

1 Answers1

0

You've found what I'll call "an accidental sneak preview of future DS API functionality". Although there's a docs bug that means securityUpdates is visible, it's not functionality offered in DS 11.3. My team has a case to fix the docs bug soon, but I'm sorry to see you got caught by it in the meantime.

As for the API Reference camel/snake case... the API Reference shows the "over the wire" JSON sent from the DSM, which uses camelCase. When the python SDK receives the JSON, it assigns values to snake_case variables (other SDKs assign to camelCase, or a tool like Postman displays the JSON directly). I can see how it's confusing though, since the str() of the python objects looks similar to json.

I hope that helps make sense of things, and that using the python SDK is otherwise going well for you!

P.S. I work in R&D for Trend Micro Deep Security

Morgan
  • 281
  • 2
  • 5
  • Thanks for the info. When you say "it's not functionality offered in DS 11.3" did you mean not yet, or that its going to be in a 11.4+ release? Any ETA as well? The camelcase/snakecase wasn't causing issues but I noticed it could cause confusion when I tried (like here) to reference output vs. documentation examples. I had figured it was defaulting to camelcase due to other cases like rest/java presumably using that syntax. Suppose if its not too much work to update the python version in doc page to reflect the SDK output form would be ideal, otherwise not a huge loss. – GuyIncognito Apr 04 '19 at 16:50
  • We are fixing the docs bug that causes securityUpdates to show in 11.3, but the feature itself will ship in a future release (I can't speak to when except to say soon, sorry). And to clarify, the docs camelCase is because we're showing JSON values (what you'd see using a tool like postman instead of an SDK), so it's not language specific at all. If we do show SDK specific output in the future, we sould definitely make sure python used snakecase. – Morgan Apr 05 '19 at 19:53