diff --git a/User Audit/audit_test_full.py b/User Audit/audit_test_full.py index 7bdfa8a..596d1b6 100644 --- a/User Audit/audit_test_full.py +++ b/User Audit/audit_test_full.py @@ -32,15 +32,29 @@ def flatten(x, name='', exclude=exclude): token = os.environ.get('API_KEY') base_url = "https://api.kennasecurity.com" -users_url= base_url + "/users" +per_page = 10 +users_url= base_url + "/users?per_page=" + str(per_page) roles_url = base_url + "/roles" audit_logs_url = base_url + "/audit_logs/" headers = {"Accept": "application/json", "X-Risk-Token":token} +pages = -1 +page = 1 +users_df = pd.DataFrame() + +while True: + paged_url = users_url + "&page=" + str(page) + print("Requesting data from", paged_url) + users_response = requests.get(paged_url, headers=headers).json() + users_df = pd.concat([users_df, pd.DataFrame(json_normalize([flatten_json(x) for x in users_response['users']]))], ignore_index=True) + # do this once + if 'meta' in users_response and pages == -1: + pages = users_response['meta']['pages'] + print("Page", page, "of", pages) + if page >= pages: + break + page += 1 -users_response = requests.get(users_url, headers=headers).json() - -users_df = pd.DataFrame(json_normalize([flatten_json(x) for x in users_response['users']])) users_df = users_df.rename(columns={"id":"user_id","created_at":"user_created_at","updated_at":"user_updated_at"}) users_df['user_created_at'] = pd.to_datetime(users_df['user_created_at'], format='%Y-%m-%d', errors='coerce').dt.date @@ -126,36 +140,33 @@ def flatten(x, name='', exclude=exclude): audit_logs_processed.append(event_data) audit_df = pd.DataFrame(audit_logs_processed) - -# Open the existing workbook with 'openpyxl' wb = load_workbook('cvm_user_audit.xlsx') +users_sheet = wb['Users'] -# Write the 'Audit Logs' DataFrame to the workbook -with pd.ExcelWriter('cvm_user_audit.xlsx', engine='openpyxl') as writer: - writer.book = wb - merged_df = pd.merge(users_df, audit_df, left_on="user_id", right_on="kenna_user_id", how="inner") - merged_df.to_excel(writer, sheet_name='Audit Logs') +# Define a fill for highlighting cells +green_fill = PatternFill(start_color='00FF00', end_color='00FF00', fill_type='solid') - # Get the 'Users' sheet - users_sheet = wb['Users'] +# Get emails from audit logs data with 'source' as 'API' +api_emails = [log['user_email'] for log in audit_logs_processed if log['source'] == 'API'] - # Define a fill for highlighting cells - green_fill = PatternFill(start_color='00FF00', end_color='00FF00', fill_type='solid') +# Iterate over the rows in the 'Users' DataFrame +for i, row in users_df.iterrows(): + email = row['email'] # Assuming 'email' is a column in your DataFrame + # Check if the email is in api_emails + if email in api_emails: + # If it is, highlight the entire row + for j in range(1, len(row) + 1): + print("Highlighting") + users_sheet.cell(row=i+2, column=j).fill = green_fill # i+2 because DataFrame is 0-indexed and Worksheet is 1-indexed, and we have a header row - # Get emails from audit logs data with 'source' as 'API' - api_emails = [log['user_email'] for log in audit_logs_processed if log['source'] == 'API'] +# Save the workbook +wb.save('cvm_user_audit.xlsx') - # Iterate over the rows in the 'Users' DataFrame - for i, row in users_df.iterrows(): - email = row['email'] # Assuming 'email' is a column in your DataFrame - # Check if the email is in api_emails - if email in api_emails: - # If it is, highlight the entire row - for j in range(1, len(row) + 1): - users_sheet.cell(row=i+2, column=j).fill = green_fill # i+2 because DataFrame is 0-indexed and Worksheet is 1-indexed, and we have a header row +# Write the 'Audit Logs' DataFrame to the workbook +with pd.ExcelWriter('cvm_user_audit.xlsx', engine='openpyxl', mode='a') as writer: + merged_df = pd.merge(users_df, audit_df, left_on="user_id", right_on="kenna_user_id", how="inner") + merged_df.to_excel(writer, sheet_name='Audit Logs') - # Save the workbook - wb.save('cvm_user_audit.xlsx') print('User, role, and audit log data has been saved to the file cvm_user_audit.xlsx.') print('Users that have never logged in are highlighted in red. Users that have not logged in for over 30 days are highlighted in yellow.') diff --git a/User Audit/useraudit.py b/User Audit/useraudit.py index 939694e..e52bbe5 100644 --- a/User Audit/useraudit.py +++ b/User Audit/useraudit.py @@ -31,8 +31,8 @@ def flatten(x, name='', exclude=exclude): token = sys.argv[1] # increase per_page to get more data per request -per_page = 500 -base_url = "http://api.stg1.us.kennasecurity.com" +per_page = 10 +base_url = "http://api.kennasecurity.com" users_url= base_url + "/users?per_page=" + str(per_page) roles_url = base_url + "/roles" @@ -53,8 +53,8 @@ def flatten(x, name='', exclude=exclude): users_df = pd.concat([users_df, pd.DataFrame(json_normalize([flatten_json(x) for x in users_response['users']]))], ignore_index=True) # do this once if 'meta' in users_response and pages == -1: - pages = users_response['meta']['pages'] + 1 - if page > pages: + pages = users_response['meta']['pages'] + if page >= pages: break page += 1