This simple python script allows you to update McAfee Web Gateway lists via the REST API.
Enable the McAfee WebGateway REST Interfaces under Configuration > User Interface. Create a new user and assing appropriated policies to the user (including the REST Interface accessibility).
Update line 8 to 12 and update the list variable in line 79.
python mwg.py <ip or domain>
e.g. python mwg.py 10.10.10.10
or
e.g. python mwg.py google.comThe script will perform the following actions:
- Login - Create a new API session (cookie)
- Get the ID to the List mentioned in line 79
- Insert new entry
- Commit changes
- Logout
To see the changes in the McAfee Web Gateway UI click on Reload Data from Backend
This script can also be used in combination with the McAfee ESM to create right click actions to Block IP's or Domains.
Adding a client block list to the global blacklist
<entry>
<id>com.scur.type.ip.316</id>
<title>Blocked Clients</title>
<type>com.scur.type.ip</type>
<listType>ip</listType>
<link href="https://mwg:4712/Konfigurator/REST/list/com.scur.type.ip.316" rel="self"/>
<content>
<list version="1.0.3.46" mwg-version="10.2.5-39162" name="Blocked Clients" id="com.scur.type.ip.316" typeId="com.scur.type.ip" classifier="Other" systemList="false" structuralList="false" defaultRights="2">
<description>List of blocked client IPs</description>
<content>
<listEntry>
<entry>8.8.8.8</entry>
<description></description>
</listEntry>
<listEntry>
<entry>4.4.4.4</entry>
<description></description>
</listEntry>
</content>
</list>
</content>
</entry>