Improved get_logins

- Added Count field in output
- Added support for querying > 13 aids

bulk_strike.py

@@ -127,7 +127,7 @@ def get_logins(host: str, file: str, log: bool, clean: bool):
     hosts_logins = list()
     if len(hosts_info) > 0:
         req_hosts = list(hosts_info.keys())
-        resources = cs_methods.get_host_logins(req_hosts).get('resources', {})
+        resources = cs_methods.get_host_logins(req_hosts)
 
         for resource in resources:
             recent_logins = resource['recent_logins']
@@ -140,6 +140,7 @@ def get_logins(host: str, file: str, log: bool, clean: bool):
                               or 'NETWORK SERVICE' in username):
                     continue
                 if username in agg_logins:
+                    agg_logins[username]['count'] += 1
                     if recent_login['login_time'] > agg_logins[username]['last_seen']:
                         agg_logins[username]['last_seen'] = recent_login['login_time']
                     elif recent_login['login_time'] < agg_logins[username]['last_seen']:
@@ -148,6 +149,7 @@ def get_logins(host: str, file: str, log: bool, clean: bool):
                     agg_logins[username] = dict()
                     agg_logins[username]['first_seen'] = recent_login['login_time']
                     agg_logins[username]['last_seen'] = recent_login['login_time']
+                    agg_logins[username]['count'] = 1
             hosts_logins.append({"host_id": resource['device_id'], "hostname": hosts_info[resource['device_id']],
                                  "logins": agg_logins})
 
@@ -156,11 +158,11 @@ def get_logins(host: str, file: str, log: bool, clean: bool):
         timestamp = datetime.now().strftime("%Y-%m-%d@%H%M%S")
         filename = "hosts_logins_" + timestamp + ".tsv"
         with open(filename, 'w') as outfile:
-            outfile.write("Host ID\tHostname\tUsername\tLast Seen\tFirst Seen\n")
+            outfile.write("Host ID\tHostname\tUsername\tLast Seen\tFirst Seen\tCount\n")
             for host_login in hosts_logins:
                 for key, value in host_login['logins'].items():
                     outfile.write(host_login['host_id'] + '\t' + host_login['hostname'] + '\t' + key + '\t' +
-                                  value['last_seen'] + '\t' + value['first_seen'] + '\n')
+                                  value['last_seen'] + '\t' + value['first_seen'] + '\t' + str(value['count']) + '\n')
 
 
 def list_files(action: str):

cs_methods.py

@@ -167,16 +167,21 @@ def get_host_info(host_ids: list) -> dict:
     return http_request('GET', uri_path, params, get_token_flag=False)
 
 
-def get_host_logins(host_ids: list) -> dict:
+def get_host_logins(host_ids: list) -> list:
     """
         Get recent logs of one or more hosts
         :param host_ids: List of host id(s) to get recent logs
         :return: Recent logins that corresponds to the provided id(s)
     """
     uri_path = '/devices/combined/devices/login-history/v1'
     body = dict()
-    body['ids'] = host_ids
-    return http_request('POST', uri_path, data=body)
+    responses = list()
+    chunks = [host_ids[x:x+13] for x in range(0, len(host_ids), 13)]  # split into chunks of 13 host ids
+    for chunk in chunks:
+        body['ids'] = chunk
+        responses += http_request('POST', uri_path, data=body).get('resources', {})
+
+    return responses
 
 
 def upload_file(path: str, description: str) -> tuple:

helpers.py

@@ -89,12 +89,13 @@ def print_host_info(hosts_info: list):
 
 
 def print_host_logins(host_logins: list):
-    headers = ['Host ID', 'Hostname', 'Username', 'Last Seen', 'First Seen']
+    headers = ['Host ID', 'Hostname', 'Username', 'Last Seen', 'First Seen', 'Count']
     data = list()
 
     for host_login in host_logins:
         for key, value in host_login['logins'].items():
-            data.append([host_login['host_id'], host_login['hostname'], key, value['last_seen'], value['first_seen']])
+            data.append([host_login['host_id'], host_login['hostname'], key, value['last_seen'], value['first_seen'],
+                         value['count']])
 
     print(tabulate(data, headers, tablefmt='pretty'))