Symantec CWP PowerShell script samples for automating deployment of CWP agent on Azure Virtual machines using Azure VmExtension
For More information go to: https://help.symantec.com/cs/SCWP/SCWP/v123139765_v111037498/Installing-Cloud-Workload-Protection-agents-by-using-PowerShell-commands?locale=EN_US
See
Refer to Symantec CWP API documentation at: https://apidocs.symantec.com/home/scwp
Before you get started you need a Symantec Cloud Workload Protection Account. If you do not have one sign up for a trial account using this link, select the 'Cloud Workload Protection' check box: https://securitycloud.symantec.com/cc/?CID=70138000001QHo5&pr_id=F979E61C-A412-4A58-8879-B83E25B7327F#/onboard
You can also buy Cloud Workload protection from Amazon AWS Market Place that also includes free usage. Click this link: https://aws.amazon.com/marketplace/pp/B0722D4QRN
After you have activated your account, completed AWS, Azure or Google Cloud Connection; deployed CWP agent on our cloud instances, you are ready to start using these samples
First step is to Create API access keys. After login to CWP console, go to 'Settings' page and click on 'API Keys' tab
Update the CWPAuth.ini to contain your keys.
CustomerID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
DomainID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ClientID=xxxx.xxxxxxxxxxxxxx-xxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxx
ClientSecret=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Code Files
This Powershell script helps in automating deployment of Symantec CWP VM Extension 'Symantec.CloudWorkloadProtection.SCWPAgentForWindows' or 'Symantec.CloudWorkloadProtection.SCWPAgentForLinux' Execution Usage :
Sample 1 :
.\InstallVMExtension.ps1 -customerId xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -domainId xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -secretKey xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -clientId O2ID.xxxxxxxxxxxxxxxxxxx.e3EAztazTs6iWwYEBoZ-NQ.xxxxxxxxxxxxxxxxxxxxxxxxxxxxx -clientSecretKey xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -filePath .\config.txt
If Config file option is specified as in above usage, config.txt files should contains below parameters
subscriptionId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
vmNames=AppServer, DBServer, WebServer, WindowsSQLIIS
Sample 2 :
.\InstallVMExtension.ps1 -customerId xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -domainId xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -secretKey xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -forceReboot yes -vmNameList AppServer, DBServer, WebServer, WindowsSQLIIS -subscriptionId xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -clientId O2ID.xxxxxxxxxxxxxxxxxxx.e3EAztazTs6iWwYEBoZ-NQ.xxxxxxxxxxxxxxxxxxxxxxxxxxxxx -clientSecretKey xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
See README_Assets.md for more info.
Script to get CWP asset agent installation status. CWP REST API keys are passed as commamnd line parameters
Refer to CWP REST API at: https://apidocs.symantec.com/home/scwp#_fetch_assets_service
Customer has to pass Customer ID, Domain ID, Client ID and Client Secret Key as arguments. The keys are available in CWP portal's Settings->API Key tab
Usage:
cwpasset_agent_status.ps1 -customerID ?? -DomainID ?? -ClientID ?? -ClientSecret ?? –InstanceID ??
E.g:
cwpasset_agent_status.ps1 -customerID SEJ*CxAg -DomainID Dq*2w -ClientID O2ID.SE*xAg.Dq*B2w.t5*muo -ClientSecret qa*lud8 –InstanceID i-096ff50b85
Script to get available agent version for all/particular OS on CWP portal under download section
Usage:
Get-AgentVersion -ServerUrl ?? -Platform ??
E.g:
Get-AgentVersion -ServerUrl "https://scwp.securitycloud.symantec.com" -Platform "all"
There are a couple of helper functions you can use in other scripts.
Include them in your other scripts:
. "$PSScriptRoot\cwp_token.ps1"
. "$PSScriptRoot\logging.ps1"
Get a CWP Auth Token
Usage:
Get-CWPToken -CustomerId ?? -DomainID ?? -ClientID ?? -ClientSecret ??
E.g:
Get-CWPToken -customerID SEJ*CxAg -DomainID Dq*2w -ClientID O2ID.SE*xAg.Dq*B2w.t5*muo -ClientSecret qa*lud8 –InstanceID i-096ff50b85
Log a message to a file.
Usage:
Log-Message -message ?? -authority ??
E.g:
Log-Message -message "Hello" -authority Debug