Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

USER-ID agnet get API by VBscript

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

USER-ID agnet get API by VBscript

L2 Linker

I have an idea hit my head today

 

I'm thinking to schedule a task (let say each half hour) to run a vbscript in user machines to send IP and username to the userid agent.

 

Is it possible and can someone help me with code as I'm not that good in coding 

2 REPLIES 2

L2 Linker

How about a powershell script?

 

To schedule this script as a task you should configure the action properties as follow:

Program/Script: powershell

Add Argument: ./UserID.ps1

Start in: <path where you placed the script>

 

##################################################################################
#
#  Script name: UserID.ps1
#
##################################################################################

[string]$global:strFirewallIP = "FirewallsIP"
[string]$global:strFirewallAPI = "FirewallsAPI"
[string]$global:strDomain = "DOMAINNAME"
[string]$global:strVsys = "vsys1"
[string]$global:strTimeout = "120"
[string]$global:strLogLevel = "1" # 0: Errors only, 1: Normal Logging, 2: Verbose logging
[string]$global:strLogPath = "UserID.log"

Function AddLog 
{
	param([string]$strMessage, [string]$strLevel = 0)
	If ([int]$global:strLogLevel -gt $strLevel -1)
		{
			$ct = Get-Date -Format "yyyy-MM-dd HH:mm:ss.fff"
			$logmessage = [string]$ct + " - " + $strMessage
			add-content -Path $global:strLogPath -Value $logmessage -Force
		}
}

Try
{
	$message = "Script Launched"
	AddLog $message 2
	[string]$global:UserName = [Environment]::UserName
	[string]$global:ipaddress = $(ipconfig | where {$_ -match 'IPv4.+\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' } | out-null; $Matches[1])
	$message = "Found username " + $global:UserName + " with ip address " + $global:ipaddress
	AddLog $message 2

	[string]$strXMLLine = "<uid-message><version>1.0</version><type>update</type><payload><login><entry name=""" + $global:strDomain + "\" + $global:UserName + """ ip=""" + $global:ipaddress+ """ timeout=""" + $global:strTimeout + """/></login></payload></uid-message>"
	[string]$strEncodedXMLLine = [uri]::EscapeDataString($strXMLLine)

	$message = "Posting mapping to firewall " + $global:strFirewallIP + ": " + $strXMLLine
	AddLog $message 2
	[string]$url = "https://" + $global:strFirewallIP + "/api/?key=" + $global:strFirewallAPI + "&type=user-id&vsys=" + $global:strVsys + "&cmd=" + $strEncodedXMLLine
	[System.Net.HttpWebRequest]$request = [System.Net.HttpWebRequest] [System.Net.WebRequest]::Create($url)
	$request.Method = "POST"
	$request.ContentType = "text/xml"
	[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
	$message = "Finished Post."
	AddLog $message 2
	try
	{
		[System.Net.HttpWebResponse]$response = [System.Net.HttpWebResponse]$request.GetResponse()     
		$sr = New-Object System.IO.StreamReader($response.GetResponseStream())       
		[Xml]$xmlResponse = $sr.ReadToEnd()
		if ([string]$xmlResponse.FirstChild.status -eq "error") 
		{
			$message = "Error mapping " + $global:ipaddress + " to user '" + $global:strDomain + "\" + $global:UserName + "' on firewall " + $global:strFirewallIP + ": " + $XmlDocument.FirstChild.result.msg
			AddLog $message
		}
		else
		{
			$message = "Sucessfully mapped " + $global:ipaddress + " to user '" + $global:strDomain + "\" + $global:UserName + "' on firewall " + $global:strFirewallIP
			AddLog $message 1
		}
	}			
	catch [Net.WebException] 
	{
		[System.Net.HttpWebResponse] $resp = [System.Net.HttpWebResponse] $_.Exception.Response  
		$message = "Error:" + [string]$resp
		AddLog $message
	}				
	
}
Catch
{
    $ErrorMessage = $_.Exception.Message
    $FailedItem = $_.Exception.ItemName
	[string]$message = $FailedItem + " failed with message " + $ErrorMessage
	AddLog $message
    Break
}

 

Keep in mind! The script should run under the logged in users credentials (otherwise it would detect the computers login name or a scheduled login name).

 

Furthermore: The user should be able to access the script, which is a potential risk, cause this alse reveals the API key to the firewall.

 

Anyway: this script should get you started.

 

You can check or the XML request was successful in the log file and on the firewall (run “show user ip-user-mapping ip [ip]”)

Thanks for the code, but as you know not all windows have the powershell

 

 Also I need to use API on userID windows agents not the firewall itself

 

I got vbscript that can get the info I want and save it in a test file, now I might use the powershell in the userid agent machine and get that text file from the users (or maybe I will let the script in the user machine send it to userid agent machine.

 

it is very simple and I'm still modifying it 

 

strMsg = ""
strComputer = "."

Set objNetwork = CreateObject("Wscript.Network")
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery("Select IPAddress from Win32_NetworkAdapterConfiguration WHERE IPEnabled = 'True'")

For Each IPConfig in IPConfigSet
 If Not IsNull(IPConfig.IPAddress) Then
 For i = LBound(IPConfig.IPAddress) to UBound(IPConfig.IPAddress)
  If Not Instr(IPConfig.IPAddress(i), ":") > 0 and ( Instr(IPConfig.IPAddress(i), "X.X") >0 or Instr(IPConfig.IPAddress(i), "X.Y") >0) Then
  strMsg = strMsg & IPConfig.IPAddress(i) & " " & objNetwork.UserName & vbcrlf
  End If
 Next
 End If
Next
WScript.Echo strMsg

 

 

  • 3486 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!