🌙
 

Subscribe to the Taegis™ VDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Extracting Dashboard Metrics

This article reviews how to create your own custom dashboard integration on third-party platforms using Secureworks® Taegis™ VDR metrics data exposed through the Public API.

You need a VDR API Client ID and Secret and basic Python language knowledge.

Create a Public API Client in VDR & Get an Authentication Token

The first step is to make sure you have the necessary API credentials. Start by creating a new API Client ID and use it through the built-in Swagger UI to fetch back the authentication bearer token to use in your scripted requests. For more information, see Creating Public API Clients.

The following sections cover the metrics extraction for:

All examples are available in a git repository at the following address: https://github.com/delvelabs/awesome-public-api-examples.

Health Score

The following is a basic Python script to retrieve the current score and score variation. Make sure to replace the <YOUR_TOKEN> and <YOUR_INSTANCE> variables. You may also update or remove the query parameters available for the metrics endpoints.

from datetime import datetime, timedelta
import os
import requests


ACCESS_TOKEN = os.getenv("ACCESS_TOKEN", "<YOUR_TOKEN>")
API_BASE_URL = os.getenv("API_BASE_URL", "<YOUR_INSTANCE>")

now = datetime.now()
start_date = (now - timedelta(days=30)).strftime("%s")
end_date = now.strftime("%s")
params = dict(team="1", tag="12", start_date=start_date, end_date=end_date)

response = requests.get(
    f"{API_BASE_URL}/metrics/health-score",
    params=params,
    headers=headers,
    verify=False)

response.raise_for_status()

series = response.json().get("health").get("series")
timestamp = next(entry.get("data") for entry in series if entry.get("label") == "timestamp")
values = next(entry.get("data") for entry in series if entry.get("label") == "health")

print(f"Current Health Score: {values[-1]}")
print(f"Current Health Score Variation: {values[-1] - values[0]}")

Vulnerability Variation

Use the following script to retrieve the current vulnerability variation.

from datetime import date, timedelta
from enum import Enum
import json
import os
import requests


class Precision(Enum):
    day = "Day"
    week = "Week"
    month = "Month"


ACCESS_TOKEN = os.getenv("ACCESS_TOKEN", "")
API_BASE_URL = os.getenv("API_BASE_URL", "")

TEAM_ID = 1
TAG_ID = 12
START_DATE = date.today() - timedelta(days=30)
END_DATE = date.today()
PRECISION = Precision.day.value

headers = {
    "authorization": f"Bearer {ACCESS_TOKEN}",
    "accept": "application/json",
    "accept-language": "fr"
}
query = {
    "bool": {
         "must": [
             {"team": {"id": f"{TEAM_ID}"}},
             {"tag": {"id": f"{TAG_ID}"}},
         ],
         "should": [
             {"first_discovery_date": {"gte": START_DATE.isoformat()}},
             {"last_seen_date": {"lte": END_DATE.isoformat()}},
         ]
     }
}
params = dict(q=json.dumps(query), limit=0, offset=0)
response = requests.get(f"{API_BASE_URL}/vulnerability-groups/distribution",
    params=params,
    headers=headers,
    verify=False)
response.raise_for_status()

series = dict(
    first=response.json().get(f"firstDiscoveryDate{PRECISION}").get("series"),
    last=response.json().get(f"lastSeenDate{PRECISION}").get("series"),
)
values = dict(
    first=next(x.get("data") for x in series.get("first") if x.get("label") == "count"),
    last=next(x.get("data") for x in series.get("last") if x.get("label") == "count")
)
vulnerability_variation = sum(values["first"]) - sum(values["last"])

print(f"Current Vulnerability Variation: {vulnerability_variation}")

Contextual Vulnerability Prioritization Distribution

from datetime import date, timedelta
import json
import os
import requests


ACCESS_TOKEN = os.getenv("ACCESS_TOKEN", "")
API_BASE_URL = os.getenv("API_BASE_URL", "")

TEAM_ID = 1
TAG_ID = 12
START_DATE = date.today() - timedelta(days=30)
END_DATE = date.today()

headers = {
    "authorization": f"Bearer {ACCESS_TOKEN}",
    "accept": "application/json",
    "accept-language": "fr"
}
query = {
    "bool": {
    "must": [
        {"team": {"id": f"{TEAM_ID}"}},
        {"tag": {"id": f"{TAG_ID}"}},
    ],
        "should": [
            {"first_discovery_date": {"gte": START_DATE.isoformat()}},
            {"last_seen_date": {"lte": END_DATE.isoformat()}},
        ]
    }
}
params = dict(q=json.dumps(query), limit=0, offset=0)
response = requests.get(f"{API_BASE_URL}/vulnerability-groups/distribution",
    params=params,
    headers=headers,
    verify=False)
    response.raise_for_status()

series = dict(
    base=response.json().get("scoreStepBase").get("series"),
    final=response.json().get("scoreStepFinal").get("series"),
)
values = dict(
    base=next(x.get("data") for x in series.get("base") if x.get("label") == "count"),
    final=next(x.get("data") for x in series.get("final") if x.get("label") == "count")
)

print("Score Distribution Base:")
print([(k, v) for k, v in enumerate(values.get("base"))])

print("\nScore Distribution Final:")
print([(k, v) for k, v in enumerate(values.get("final"))])

 

On this page: