Skip to main content Link Menu Expand (external link) Document Search Copy Copied
Documentation

Compliance Airgap with the API in PowerShell

Use of the scripts requires authentication by following this process.

N.B Compliance Airgap can only be used with assets already on Cyberwatch.

In case the TLS certificate of the Cyberwatch server cannot be recognized by the machine running this script, it is necessary to execute the following code snippet before those snippets:

add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

Compliance Airgap Scripts + Usage

  1. Retrieve the Compliance Airgap download script and the Upload script, fill in the $API_URL and $CREDENTIALS variables.

  2. After executing the download script, a compliance_scripts folder is created that contains the scripts to generate results.

  3. To execute the scripts, you must move the scripts folder itself to the asset you want to analyze and run the run script. To avoid any risk of executing an undesirable script, take the folder itself, not just its contents.
    Linux: bash ./compliance.sh > result.txt
    PowerShell: .\compliance.ps1 | Out-File -Encoding ASCII -FilePath result.txt
    N.B This will create an result.txt file with the result. Then move result.txt to an uploads folder on the system with the Upload script.

  4. Send the script results present in the uploads folder with the Upload script.

Download script for Compliance Airgap 

# -------------------------------------
# CONFIGURATION
# Please check and complete these items
# -------------------------------------

$API_URL = ""
$CREDENTIALS = "access_key:secret_key"

# -------------------------
# RUN
# -------------------------

$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($CREDENTIALS))

$os = Read-Host -Prompt "Input the OS for scripts (from $API_URL/cbw_assets/os), ex : 'windows_10_21h1_64'"
$repository = Read-Host -Prompt "Input one Repository to fetch, ex : 'CIS_Benchmark'"
Function FetchImporterScripts {
  <#
.SYNOPSIS
        Example script to fetch Compliance Airgap scripts
#>

  Write-Output "-------------------------------------------"
  Write-Output "Cyberwatch - Fetch Compliance Airgap scripts"
  Write-Output "-------------------------------------------"

  # Test the client connection
  Write-Output "INFO: Checking API connection and credentials..."
  try {
    $response = Invoke-WebRequest -URI $API_URL/api/v3/ping -Method Get -Headers @{
      "Accept"      = "application/json; charset=utf-8"
      Authorization = "Basic $encodedCreds"
    }

    $response.Content
  }
  catch {
    Write-Output "ERROR: Connection failed. Please check the following error message : '$_'"
    Return
  }

  # Clean old files
  Write-Output "INFO: Cleaning old files..."
  Remove-Item -LiteralPath ".\compliance_scripts" -Force -Recurse -ErrorAction Ignore
  Write-Output "INFO: Done."

  # Create the base folders
  New-Item -path ".\compliance_scripts" -Force -ItemType Directory | Out-Null
  New-Item -path ".\uploads" -Force -ItemType Directory | Out-Null

  # Fetch available scanning scripts from the API
  Write-Output "INFO: Fetching filtered compliance scripts..."
  Write-Output "$API_URL/api/v2/compliances/scripts?os=$os&repositories%5B%5D=$repository"
  $response = Invoke-RestMethod -URI "$API_URL/api/v2/compliances/scripts?os=$os&repositories%5B%5D=$repository" -Method Get -Headers @{
    "Accept"      = "application/json; charset=utf-8"
    Authorization = "Basic $encodedCreds"
  }

  # Fetch content of each scripts and attachments
  $response | ForEach-Object {
    Write-Output "INFO: Fetching content for '$($_.code)' ..."
    $scanning_script = ($_)
    $scanning_script_path = ".\compliance_scripts\"+$scanning_script.filename.ToLower().replace("::", "\")
    Write-Output $scanning_script.filename
    $scanning_script.script_content | New-Item -path $scanning_script_path -Force -ItemType File | Out-Null 
    Write-Output "INFO: Script saved at $($(Resolve-Path -Path $scanning_script_path).Path)."
  }

  Write-Output "---------------------------------------------------------------------"
  Write-Output "Script completed!"
  Write-Output "To continue, please now:"
  Write-Output "1) Run the fetched scripts with 'compliance.ps1' or 'compliance.sh' on the targeted systems"
  Write-Output "2) Put the results of the scripts as TXT files in the 'upload' folder"
  Write-Output "3) Run the compliance 'upload' script"
  Write-Output "---------------------------------------------------------------------"

}

FetchImporterScripts

Upload script for Compliance Airgap 

# -------------------------------------
# CONFIGURATION
# Please check and complete these items
# -------------------------------------

$API_URL = ""
$CREDENTIALS = "access_key:secret_key"

# -------------------------
# RUN
# -------------------------

Write-Output "-------------------------------------------"
Write-Output "Cyberwatch - Send Compliance Airgap results for analysis"
Write-Output "-------------------------------------------"

$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($CREDENTIALS))

Function SendResultsImporter {
    <#
.SYNOPSIS
        Example script to send Compliance Airgap scripts results
#>

    try {
        $response = Invoke-WebRequest -URI $API_URL/api/v3/ping -Method Get -Headers @{
            "Accept"      = "application/json; charset=utf-8"
            Authorization = "Basic $encodedCreds"
        }

        $response.Content
    }
    catch {
        Write-Output "ERROR: Connection failed. Please check the following error message : '$_'"
        Return
    }

    # Load results and send them to Cyberwatch
    Write-Output "INFO: Searching for available results..."
    $available_results = Get-ChildItem -Recurse -File -Path ".\uploads"
    Write-Output "INFO: Done. Found $($available_results.count) results to be processed and sent for analysis."

    $available_results | ForEach-Object {
        Write-Output "INFO: Reading $($_.FullName) content..."
        $content = [IO.File]::ReadAllText($_.FullName)
        Write-Output "INFO: Sending $($_.FullName) content to the API..."
        $body_content = @{ output = $content } | ConvertTo-Json
        $response = Invoke-WebRequest -URI $API_URL/api/v2/compliances/scripts -Method POST -Body $body_content -Headers @{
            "Accept"      = "application/json; charset=utf-8"
            "Content-Type" = "application/json"
            Authorization = "Basic $encodedCreds"
        }
        Write-Output "INFO: Done."
    }

    Write-Output "---------------------------------------------------------------------"
    Write-Output "Script completed!"
    Write-Output "Your scans are now being processed by your Cyberwatch nodes."
    Write-Output "Please log on $API_URL to see the results."
    Write-Output "---------------------------------------------------------------------"

}

SendResultsImporter