We are looking for a solution to a way where we can bulk discover servers which are not centralized/managed by Active Directory. In our environment where AIX/Linux is decentralized and not managed by Active Directory. Currently, as per understanding this is a one by one onboarding of such devices.
Condition: Server SL1 user id password to be managed by CyberARK.
Cons: Too many individual credential for each discovery.
Solved
Bulk discovery of decentralized Servers
Best answer by jamesramsden
I think you are best trying to utilise the API.
Put all your creds in a csv, use python to post each one, and then you can get all the cred ids, and then do the same but for discovery posting.
I find it easier to great 1 cred first, then do a get on that to get the json, and then just change the fields with the ones from csv..
for example:
##POWERSHELL NEW USERS
import sys
print("User Current Version:-", sys.version)
import requests
import json
import csv
#GET cred DETAILS
url = 'https://<SERVER>/api/credential/powershell/233'
header = {"Authorization" : "<TOKEN>"}
response = requests.get(url, headers=header, verify=False)
data = response.json()
print(data)
with open('newcreds.csv') as csv_file:
csv_reader = csv.reader(csv_file, delimiter=',')
line_count = 0
for row in csv_reader:
if line_count == 0:
print(f'Column names are {", ".join(row)}')
line_count += 1
else:
DeviceName = row[0]
Username = row[1]
Password = row[2]
k1= "cred_name"
k2= "cred_user"
k3= "cred_pwd"
for key, val in data.items():
if key == k1:
data[key] = row[0]
for key, val in data.items():
if key == k2:
data[key] = row[1]
for key, val in data.items():
if key == k3:
data[key] = row[2]
newdata = data
#print(newdata)
# POST NEW USER
url2 = "https://<SERVER>/api/credential/powershell"
response2 = requests.post(url2, headers=header, json=newdata, verify=False)
print("Status Code", response.status_code)
print("JSON Response ", response.json())
#print(f'\t{row[0]} {row[1]} {row[2]} {row[3]}.')
line_count += 1
print(f'Processed {line_count} lines.')
I think you are best trying to utilise the API.
Put all your creds in a csv, use python to post each one, and then you can get all the cred ids, and then do the same but for discovery posting.
I find it easier to great 1 cred first, then do a get on that to get the json, and then just change the fields with the ones from csv..
for example:
##POWERSHELL NEW USERS
import sys
print("User Current Version:-", sys.version)
import requests
import json
import csv
#GET cred DETAILS
url = 'https://<SERVER>/api/credential/powershell/233'
header = {"Authorization" : "<TOKEN>"}
response = requests.get(url, headers=header, verify=False)
data = response.json()
print(data)
with open('newcreds.csv') as csv_file:
csv_reader = csv.reader(csv_file, delimiter=',')
line_count = 0
for row in csv_reader:
if line_count == 0:
print(f'Column names are {", ".join(row)}')
line_count += 1
else:
DeviceName = row[0]
Username = row[1]
Password = row[2]
k1= "cred_name"
k2= "cred_user"
k3= "cred_pwd"
for key, val in data.items():
if key == k1:
data[key] = row[0]
for key, val in data.items():
if key == k2:
data[key] = row[1]
for key, val in data.items():
if key == k3:
data[key] = row[2]
newdata = data
#print(newdata)
# POST NEW USER
url2 = "https://<SERVER>/api/credential/powershell"
response2 = requests.post(url2, headers=header, json=newdata, verify=False)
print("Status Code", response.status_code)
print("JSON Response ", response.json())
#print(f'\t{row[0]} {row[1]} {row[2]} {row[3]}.')
line_count += 1
print(f'Processed {line_count} lines.')
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.