msiempy

McAfee SIEM API Python wrapper

This module aims to provide a simple API wrapper around the McAfee SIEM API principal components.
Code design is accessible and pythonic via list-like and dict-like objects interfaces.

Main features

• ESM operations: monitor, show statuses
• Datasource operations: add, edit, delete - including client datasources, retreive from ID
• Alarm operations and querying: filter, load pages, acknowledge, unacknowledge, delete, get triggering event, retreive from ID
• Event operations and querying: group queries, filter, add fields, set event's note, retreive from ID
• Watchlist operations : list, add/remove watchlists, add/remove values, get values, retreive from ID
• Single stable session handler

Known module implementations

• msiem CLI : CLI tools for ESM
• esm_healthmon : Monitors ESM operations
• track-host: Rapidly request event logs to track a workstation
• See samples folder for other implementation examples and scripts !

Installation

python3 -m pip install msiempy

Read the library documentation

Disclaimer

This is an UNOFFICIAL project and is NOT sponsored or supported by McAfee, Inc. If you accidentally delete all of your datasources, don't call support (or us). Product access will always be in respect to McAfee's intellectual property.