QuickStart Advanced Fields
QuickStart Advanced Fields
QuickStart Advanced Fields
QuickStart is used for planning, deployment and tracking Protect mode by querying and updating multiple target computers in one operation. These updates can include placing computers in Scan mode, Protect mode and managing the computer's Offline Access Management (OAM).
Installation
Required Modules:
pip install -r requirements.txt
Edit reports.py and change the configuration options:
config = {'baseUrl': 'https://localhost:3000/api/v1', #Url of PrivilegeSecure API'UserId': '59057412c4e92dccc356552c' , #PrivilegeSecure superadmin account'provisionUser': 'jita.universal' , #account to filter in report}
Reporting
Single Report
A single report can be created by passing the OU flag --ou to reports.py as an argument
Example:
reports.py --ou "OU=ReportTEST,DC=rtest,DC=com"
[+] API key loaded from secure storageProcessing 16 of 16 systemsFile successfully saved to s1_report.xlsx
Additional arguments can be specified:
reports.py --help
usage: reports.py [-h] [--ou OU] [--file XLS_OUT][--input-file COMPUTERS_FILE][--protect-mode-file PROTECT_FILE][--linux-reg-file LINUX_FILE] [--dry-run][--ou-file OU_FILE] [--rm-api-key] [--no-save-api][--insecure] [--version]Generates Privilege Secure reports based on OU.optional arguments:-h, --help show this help message and exit--ou OU Specify the OU DN to filter on (OU=Computers,OU=Bulk,DC=rtest,DC=com)--file XLS_OUT Filename to save output (Default: s1_report.xlsx)--input-file COMPUTERS_FILE Instead of OU filtering, use a file containing a list of computers in "DOMAIN\Computer" format--protect-mode-file PROTECT_FILE Makes changes to systems/admins based from updated report file--linux-reg-file LINUX_FILE Registers an excel list of linux systems containing the required registration parameters--dry-run Displays changes but does not actually make them--ou-file OU_FILE File containing list of OUs to process.--rm-api-key Remove the securely stored API key--no-save-api Do not save API key locally--insecure Ignore certificate checks--version show program's version number and exit
```
## Bulk Reports
Reports can be created in bulk by passing the ou file flag --ou-file OUs.txt as an argument script. The text file specified needsto be a line delimited list of OUs to process .
Example:
```
OUs.txt
OU=ReportTEST,DC=rtest,DC=comOU=NonExistantSubOU1,OU=ReportTEST,DC=rtest,DC=comOU=SubOU2,OU=SubOU1,OU=ReportTEST,DC=rtest,DC=comOU=SubOU1,OU=ReportTEST,DC=rtest,DC=comOU=NonExistantSubOU1,OU=ReportTEST,DC=rtest,DC=com
Running a report on multiple OUs:
reports.py --ou-file OUs.txt
[+] API key loaded from secure storageProcessing OU: OU=ReportTEST,DC=rtest,DC=comProcessing 16 of 16 systemsProcessing OU: OU=NonExistantSubOU1,OU=ReportTEST,DC=rtest,DC=comProcessing 0 of 0 systemsProcessing OU: OU=SubOU2,OU=SubOU1,OU=ReportTEST,DC=rtest,DC=comProcessing 0 of 0 systemsProcessing OU: OU=SubOU1,OU=ReportTEST,DC=rtest,DC=comProcessing 3 of 3 systemsProcessing OU: OU=NonExistantSubOU1,OU=ReportTEST,DC=rtest,DC=comProcessing 0 of 0 systemsFile successfully saved to s1_report.xlsx
```
## Supplying a List of Systems
Instead of OUs, a file supplying a list of systems containing DOMAIN\Computer can be specified with the --input-file flag.
Example using target_computers.txt:
```
RTEST\BulkComp1012RTEST\BulkComp1013RTEST\BulkComp1014RTEST\BulkComp1015RTEST\BulkComp1016RTEST\BulkComp1017RTEST\BulkComp1018RTEST\HORIZONRTEST\LINKEDCLONEVM3RTEST\SRV-0RTEST\SRV-24RTEST\VMTEMP1RTEST\VMTEMP2
```
Running a report on a list of systems:
```
reports.py --input-file target_computers.txt
[+] API key loaded from secure storageProcessing 13 systemsFile successfully saved to s1_report.xlsx
## Making Changes to Systems
Using the --protect-mode-file flag will push changes to the systems specified in the spreadsheet generated by the reports.
## Managing the System's EDR Policy
With the change in 2.17 we can support multiple integrations to one or many EDR providers. This allows an organization to use specific naming conventions when creating the policy. The implications of this mean a change to how this is managed via QuickStart. You can verify the current configuration for EDR on field "O", and this is modified using the field "AC" Set EDR Integration.
The value passed into the AC field needs to match the naming convention chosen for the EDR integration.
arigrim@AriGrimshawsMBP SecureONE_2.18_Reporting % python3 reports_2.18.py --insecure --dry-run --protect-mode-file s1_report.xlsx [+] API key loaded from secure storage [!] DRY RUN ONLY - displaying proposed changes only. [] Updating 0 Users Persistence: [] Removing 0 Users from Inventory: [] Adding 0 Users to Inventory: [] Updating Protect Mode on 0 systems: [] Updating Scan Mode on 0 systems: [] Updating Directory Bridging Strategy on 0 systems: [] Updating EDR Integration on 3 systems: [+] System: ip-10-100-11-### EDR Integration: Carbon Black Cloud 1 [+] System: ip-10-100-11-## EDR Integration: CrowdStrike Falcon 1 [+] System: ip-10-100-11-## EDR Integration: SentinelOne 1 [] Updating Sudoers Representation on 0 systems: [*] Updating Offline Access Management on 0 systems:
## Managing the system's Offline Access Management (OAM) Policy
The excel sheet Computer Data contains a group of columns which report the system's "Offline Access Management" policy. OfflineAccess Management Enabled will report TRUE/FALSE if Privilege Secure is managing the built-in administrator account and/or an alternate administrator account.
The following policy options will be displayed for the computer's OAM Policy if it exists.
| Column Name | Value |
| --- | --- |
| OAM (Offline Access Management) Enabled | TRUE,FALSE |
| OAM Strategy | OS-BEST-PRACTICE, MANAGED-BUILT-IN, CUSTOM |
| OAM Name Template | an alpha-numeric with ? wildcards (ex: S1_ALT_??????) |
| OAM JITA User Can Access PW | TRUE,FALSE |
| OAM Use Alt Admin | TRUE,FALSE |
| OAM Manage Built-in PW | TRUE,FALSE |
| OAM Disable Built-in Admin | TRUE,FALSE |
If you wish to change any of this policy's options, set the Set OAM Enabled to TRUE/FALSE as appropriate.
The Strategy may be entered with any of following values: OS-BEST-PRACTICE, MANAGED-BUILT-IN, CUSTOM. If left blank it will default to the current value, or to OS-BEST-PRACTICE if no previous policy was set.
The OAM Name Template accepts a string with wildcards expressed by question marks (?). If left blank it will default to the currentvalue, or to "S1_ALT_??????".
The remaining options may be included, but must not conflict with the defined strategy.
## Default Settings by Strategy
| Option \ Strategy | OS-BEST-PRACTICE | MANAGED-BUILT-IN | CUSTOM |
| --- | --- | --- | --- |
| JITA User Can Access PW | FALSE | FALSE | FALSE |
| Use Alt Admin | TRUE | FALSE | required |
| OAM Manage Built-in PW | TRUE | TRUE | required |
| Disable Built-in Admin | TRUE | FALSE | required |
## Dry Run
Enabling --dry-run will only display the proposed changes and not make any actual changes to system. This is useful for seeingchanges before they occur.
Example:
reports.py --protect-mode-file OU=ReportTEST,DC=rtest,DC=com.xlsx --insecure --dry-run
[+] API key loaded from secure storage[!] DRY RUN ONLY - displaying proposed changes only.[*] Setting Users Persistent: [+] User: VMTEMP2\privilegesecure System: VMTEMP2 [+] User: RTEST\tkeeler System: VMTEMP2[*] Removing Users from Inventory: [-] User: RTEST\jbax System: VMTEMP2[*] Adding Users to Inventory: [+] User: RTEST\jbax System: VMTEMP1 [+] User: RTEST\kbui System: VMTEMP2[*] Enabling Protect Mode: [+] System: VMTEMP1 [+] System: VMTEMP2
```
## Processing Changes
When you are ready to make the changes, run without the --dry-run argument to make updates. Any failures/errors will bedisplayed in the output.
Example:
```
reports.py --protect-mode-file OU=ReportTEST,DC=rtest,DC=com.xlsx --insecure
[+] API key loaded from secure storage[!] Protect mode enabled - updates in progress![] Setting Users Persistent: [+] User: VMTEMP2\privilegesecure System: VMTEMP2 [!] Error submitting request: Url: https://localhost:3000/api/v1/computers/595e7cc39576068ad62b31a7/admins Response Code: 409 Response Body: {"message":"No changes made or administrator not in inventory"}. [+] User: RTEST\tkeeler System: VMTEMP2[] Removing Users from Inventory: [-] User: RTEST\jbax System: VMTEMP2 [!] Error submitting request: Url: https://localhost:3000/api/v1/computers/595e7cc39576068ad62b31a7/admins Response Code: 409 Response Body: {"message":"Administrator does not exist in inventory"}[] Adding Users to Inventory: [+] User: RTEST\jbax System: VMTEMP1 [+] User: RTEST\kbui System: VMTEMP2[] Enabling Protect Mode: [+] System: VMTEMP1 [+] System: VMTEMP2
## Registering Linux Computers
Linux registration prerequisites:
- [Linux Registrations Prerequisites](/docs/privilegesecure/4.2/discovery/configuration/linux-prerequisites.md)
Guide on registering linux system with Postman (using API):
- [Postman Linux Registration](/docs/privilegesecure/4.2/discovery/admin-guide/linux-management/postman-linux-registration.md)
Troubleshooting Linux Registration:
- [QuickStart Advanced Fields](#quickstart-advanced-fields)
You can also specify a an excel file containing a list of linux systems and credentials to register with Privilege Secure.
Example [linux_register.xlsx](/docs/privilegesecure/4.2/discovery/admin-guide/linux-management/attachments/360042878654_linux_register.xlsx):
| System | Username | Password | Admins[0] | Scan | Persistent | Secure | Nondomain |
| --- | --- | --- | --- | --- | --- | --- | --- |
| ip-10-30-1-247.us-west-2.compute.internal | registerAcct | welcome | 5b64514ec181fa007780acdd | TRUE | "" | FALSE | TRUE |
| ip-10-30-1-249.us-west-2.compute.internal | registerAcct | welcome | 5b64514ec181fa007780acdd | TRUE | "" | FALSE | TRUE |
| ip-10-30-1-172.us-west-2.compute.internal | ubuntu | welcome | 5b64514ec181fa007780acdd | TRUE | "" | FALSE | TRUE |
## Full QuickStart Excel File Layout
The full Excel file layout of the QuickStart file is detailed in the picture below:
