USER-ID agnet get API by VBscript

mikealanni — Thu, 20 Oct 2016 21:01:12 GMT

I have an idea hit my head today

I'm thinking to schedule a task (let say each half hour) to run a vbscript in user machines to send IP and username to the userid agent.

Is it possible and can someone help me with code as I'm not that good in coding

Re: USER-ID agnet get API by VBscript

Sjoerd — Mon, 02 Jan 2017 13:05:25 GMT

How about a powershell script?

To schedule this script as a task you should configure the action properties as follow:

Program/Script: powershell

Add Argument: ./UserID.ps1

Start in: <path where you placed the script>

##################################################################################
#
#  Script name: UserID.ps1
#
##################################################################################

[string]$global:strFirewallIP = "FirewallsIP"
[string]$global:strFirewallAPI = "FirewallsAPI"
[string]$global:strDomain = "DOMAINNAME"
[string]$global:strVsys = "vsys1"
[string]$global:strTimeout = "120"
[string]$global:strLogLevel = "1" # 0: Errors only, 1: Normal Logging, 2: Verbose logging
[string]$global:strLogPath = "UserID.log"

Function AddLog 
{
	param([string]$strMessage, [string]$strLevel = 0)
	If ([int]$global:strLogLevel -gt $strLevel -1)
		{
			$ct = Get-Date -Format "yyyy-MM-dd HH:mm:ss.fff"
			$logmessage = [string]$ct + " - " + $strMessage
			add-content -Path $global:strLogPath -Value $logmessage -Force
		}
}

Try
{
	$message = "Script Launched"
	AddLog $message 2
	[string]$global:UserName = [Environment]::UserName
	[string]$global:ipaddress = $(ipconfig | where {$_ -match 'IPv4.+\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' } | out-null; $Matches[1])
	$message = "Found username " + $global:UserName + " with ip address " + $global:ipaddress
	AddLog $message 2

	[string]$strXMLLine = "<uid-message><version>1.0</version><type>update</type><payload><login><entry name=""" + $global:strDomain + "\" + $global:UserName + """ ip=""" + $global:ipaddress+ """ timeout=""" + $global:strTimeout + """/></login></payload></uid-message>"
	[string]$strEncodedXMLLine = [uri]::EscapeDataString($strXMLLine)

	$message = "Posting mapping to firewall " + $global:strFirewallIP + ": " + $strXMLLine
	AddLog $message 2
	[string]$url = "https://" + $global:strFirewallIP + "/api/?key=" + $global:strFirewallAPI + "&type=user-id&vsys=" + $global:strVsys + "&cmd=" + $strEncodedXMLLine
	[System.Net.HttpWebRequest]$request = [System.Net.HttpWebRequest] [System.Net.WebRequest]::Create($url)
	$request.Method = "POST"
	$request.ContentType = "text/xml"
	[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
	$message = "Finished Post."
	AddLog $message 2
	try
	{
		[System.Net.HttpWebResponse]$response = [System.Net.HttpWebResponse]$request.GetResponse()     
		$sr = New-Object System.IO.StreamReader($response.GetResponseStream())       
		[Xml]$xmlResponse = $sr.ReadToEnd()
		if ([string]$xmlResponse.FirstChild.status -eq "error") 
		{
			$message = "Error mapping " + $global:ipaddress + " to user '" + $global:strDomain + "\" + $global:UserName + "' on firewall " + $global:strFirewallIP + ": " + $XmlDocument.FirstChild.result.msg
			AddLog $message
		}
		else
		{
			$message = "Sucessfully mapped " + $global:ipaddress + " to user '" + $global:strDomain + "\" + $global:UserName + "' on firewall " + $global:strFirewallIP
			AddLog $message 1
		}
	}			
	catch [Net.WebException] 
	{
		[System.Net.HttpWebResponse] $resp = [System.Net.HttpWebResponse] $_.Exception.Response  
		$message = "Error:" + [string]$resp
		AddLog $message
	}				
	
}
Catch
{
    $ErrorMessage = $_.Exception.Message
    $FailedItem = $_.Exception.ItemName
	[string]$message = $FailedItem + " failed with message " + $ErrorMessage
	AddLog $message
    Break
}

Keep in mind! The script should run under the logged in users credentials (otherwise it would detect the computers login name or a scheduled login name).

Furthermore: The user should be able to access the script, which is a potential risk, cause this alse reveals the API key to the firewall.

Anyway: this script should get you started.

You can check or the XML request was successful in the log file and on the firewall (run “show user ip-user-mapping ip [ip]”)

Re: USER-ID agnet get API by VBscript

mikealanni — Fri, 17 Feb 2017 22:18:36 GMT

Thanks for the code, but as you know not all windows have the powershell

Also I need to use API on userID windows agents not the firewall itself

I got vbscript that can get the info I want and save it in a test file, now I might use the powershell in the userid agent machine and get that text file from the users (or maybe I will let the script in the user machine send it to userid agent machine.

it is very simple and I'm still modifying it

strMsg = ""
strComputer = "."

Set objNetwork = CreateObject("Wscript.Network")
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery("Select IPAddress from Win32_NetworkAdapterConfiguration WHERE IPEnabled = 'True'")

For Each IPConfig in IPConfigSet
 If Not IsNull(IPConfig.IPAddress) Then
 For i = LBound(IPConfig.IPAddress) to UBound(IPConfig.IPAddress)
  If Not Instr(IPConfig.IPAddress(i), ":") > 0 and ( Instr(IPConfig.IPAddress(i), "X.X") >0 or Instr(IPConfig.IPAddress(i), "X.Y") >0) Then
  strMsg = strMsg & IPConfig.IPAddress(i) & " " & objNetwork.UserName & vbcrlf
  End If
 Next
 End If
Next
WScript.Echo strMsg

topic Re: USER-ID agnet get API by VBscript in Automation/API Discussions

USER-ID agnet get API by VBscript

Re: USER-ID agnet get API by VBscript

Re: USER-ID agnet get API by VBscript