Sales Enablement Webinar 2 of 4. In this webinar we will be covering the Sucuri API. A lot can be done with our API to make your life easier and more automated. Here are just a few things we will show you can do with our API: - Create your own dashboard - Share data with your customers - Change firewall settings - Clear the cache - Add developers ...plus a sneak peek at things to come in the next version of the API!

1. Leveraging Sucuri's API
SUCURI WEBINAR
Sales Enablement Team - Webinar Part 2
Sucuri Sales Enablement Team
Victor Santoyo and Josh Hammer

2. Housekeeping Items
•
•
•
•
•
•
•

3. SUCURI SALES ENABLEMENT TEAM
@v_santoyo
Victor Santoyo
Account Executive

4. SUCURI SALES ENABLEMENT TEAM
A little about me

5. SUCURI SALES ENABLEMENT TEAM
@sucuri_josh
Joshua Hammer
Sales Operations Manager

6. SUCURI SALES ENABLEMENT TEAM
A little about me
•
•
•
•

7. In this webinar you
will learn how to:
•
•
•
•

8. Leveraging the Sucuri's API

9. Benefits of
Using APIs
Automation:
With APIs, computers rather than people manage the work.
Agencies can also update workflows to make them quicker
and more productive.
Updates:
An API allows new information generated from multiple
properties to distribute across different vendors’ systems.
Customization:
Through APIs, customizing the data or content and services
used the most, makes it even more invaluable.
Adaptation:
Needs change over time and APIs help make this easier.
Migrations are conducted more smoothly allowing for better
flexibility in transitioning to other technologies your CMS
might depend on.

10. When to
Exercise Our
APIs
New remote developer joins team
New trusted IP to grant access to systems.
Notice of unusual behavior
Plugin alerts to an IP attempt brute force breaches.
Content changes to the site
Ensure existing caching layers are purged in order.
Add/Remove Sites
Speed up/automate inventory churn of your web assets.

11. Leveraging the Sucuri's API
SINGLE STEP

12. Here is the script:
# Adding a single site to Sucuri Portal
curl -q
"https://monitor00.sucuri.net/api.php?k=1a2bc34d5e6f7g&a=add&host=www.google.com"
.. OK: Added: http://google.com
This will add new sites to
the Sucuri Monitoring Portal…

13. This will add new sites in bulk
to the Sucuri Monitoring Portal…
Here is the script:
# Adding new sites to Sucuri Portal
for i in $(cat INVENTORY.txt);
do curl 'https://monitor00.sucuri.net/api.php?k=12345678901234567890 &a=add&host=‘$i;
echo; done
.. OK: Added: http://friskymangocentral.com
.. OK: Added: http://example.com
.. OK: Added: http://google.com
From a set inventory found in a TXT file named INVENTORY.

14. This will add new sites in bulk
to the Sucuri Firewall Portal…
without enabling Emergency DDOS, Admin Access Control, and opting out of using our
Sucuri DNS from a set inventory found in a TXT file named INVENTORY.
Here is the script:
# Adding new sites to Sucuri Portal
for i in $(cat INVENTORY.txt); do curl
'https://waf.sucuri.net/api?v2' --data
'k=12345678901234567890 --data
'under_ddos_attack=0' --data
'restrict_admin_access=0' --data
'use_sucuri_dns=0' --data 'a=add_site' --data
'domains='$i; echo; done

15. This option can be used to clear
the Sucuri Website Firewall cache
after any website changes have been made. This will reflect live in a few
minutes time after you call it.
Here is the script:
# Clear Sucuri Cache
curl "https://waf.sucuri.net/api?v2" --data "k=12345678901234567890" --data
"s=12345678901234567890" --data "a=clear_cache";
{"status":1,"action":"clear_cache","messages":["The cache for the domain "google.com" is being
cleared. Note that it may take up to two minutes for it to be fully
flushed."],"request_time":1541808867,"output":[],"verbose":1}
https://waf.sucuri.net/api?k=0123456789001234567890&s=0123456789001234567890&a=clearcache

16. You can whitelist your current IP address
(or another defined IP address) so it won’t be blocked by some of our security rules. It will also
allow access to your admin panels if you have it restricted to only trusted IP addresses in your
settings. See that option below:
Here is the script:
# Whitelist APIs
curl "https://waf.sucuri.net/api?v2" --data
"k=12345678901234567890" --data
"s=12345678901234567890" --data
"a=whitelist_ip" --data "ip=123.45.67.890";
{"status":1,"action":"whitelist_ip","messages":
["IP address 123.45.67.890 whitelisted for 1
domain(s)."],"request_time":1541809185,"output"
:["123.45.67.890"],"verbose":1}
https://waf.sucuri.net/api?k=123456789012345678
90&s=12345678901234567890&a=whitelist

17. Leveraging the Sucuri's API
MULTILAYERED

18. For demonstration only, let’s use
command `netstat | grep https | wc -l`
This counts the number of https requests on the server and
triggers the API if that value reaches 500.
Using Bash, here is the script:
#!/bin/bash
# Trigger Emergency DDoS if number of https requests reaches 500
if [[ "$(netstat | grep https | wc -l)" = "500" ]]; then
curl https://waf.sucuri.net/api?v2 -d
"k=API_KEY&s=API_SECRET&a=update_setting&http_flood_protection=js_filter"
fi
Update “API_KEY” and “API_SECRET” with your credentials (available at WAF dashboard -> API).

19. This command will clear Sucuri
cache based on file changes
For this example, we’ll be checking against the timestamp from last modified on the filesystem.
Here is the script:
#!/bin/bash
function execute() {
clear
echo "$@”
eval "$@" }
execute "$@”
inotifywait --quiet --recursive --monitor --event modify --format "%w%f" .
| while read change;
do curl
"https://waf.sucuri.net/api?k=012345678900123456789&s=012345678900123456789&a=clearcache";
done

20. This command will pull Sucuri data
from the Monitoring dashboard
Here is the script:
$ curl -q
"https://monitor00.sucuri.net/api.php?k=1234567890123
4567890&a=query&host=www.friskymangocentral.com.com"

21. SCAN: SITE: http://friskymangocentral.com
SCAN: DOMAIN: friskymangocentral.com
SCAN: IP: 123.45.67.890
SCAN: CMS: WordPress
SYSTEM: NOTICE: Running on: Sucuri/Firewall
WEBAPP: INFO: Application: WordPress (http://www.wordpress.org)
WEBAPP: VERSION: WordPress version: 4.9.8
WEBAPP: NOTICE: WordPress theme: http://friskymangocentral.com/wp-content/themes/lyrical/
LINKS: JSLOCAL: /wp-includes/js/jquery/jquery.js?ver=1.12.4
LINKS: JSLOCAL: /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
LINKS: JSEXTERNAL: https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js
LINKS: URL: /
LINKS: URL: /about/
LINKS: URL: /services/
LINKS: URL: /blog/
BLACKLIST: INFO: Domain clean by Google Safe Browsing: friskymangocentral.com
(http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=friskymangocentral.com)
BLACKLIST: INFO: Domain clean by Norton Safe Web: friskymangocentral.com
(http://safeweb.norton.com/report/show?url=friskymangocentral.com)
BLACKLIST: INFO: Domain clean on PhishTank: friskymangocentral.com (http://www.phishtank.com/)
BLACKLIST: INFO: Domain clean on the Opera browser: friskymangocentral.com (http://opera.com/)
BLACKLIST: INFO: Domain clean by SiteAdvisor: friskymangocentral.com
(http://www.siteadvisor.com/sites/friskymangocentral.com)
BLACKLIST: INFO: Domain clean by the Sucuri Malware Labs: friskymangocentral.com
(http://labs.sucuri.net/?blacklist=friskymangocentral.com)

22. SCAN: SITE: http://johnhackedsite.com
SCAN: DOMAIN: johnhackedsite.com
SYSTEM: NOTICE: Running on: nginx
SYSTEM: NOTICE: Running on: Sucuri/CloudProxy
WEBAPP: INFO: Application: WordPress 4.8.2 (http://www.wordpress.org)
LINKS: JSLOCAL: /wp-content/themes/twentythirteen/js/html5.js
LINKS: JSLOCAL: /wp-includes/js/jquery/jquery.js?ver=1.12.4
LINKS: JSLOCAL: /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
LINKS: URL: /2017/08/11/spend-money-on-investigate-reports-online-and-get/
LINKS: URL: /category/writers-tips/
LINKS: URL: /2017/08/02/looking-to-find-imaginative-simply-writing/
LINKS: URL: /page/2/
MALWARE: WARN: Security warning in the URL: http://johnhackedsite.com/ (*Known Spam detected.
Details: http://sucuri.net/malware/entry/MW:SPAM:SEO?spam-seo.spammy_keywords.19.16 </script>
<a href="http://atlantic-drugs.net/products/viagra.htm"; target="_blank">viagra</a> </center> )
MALWARE: WARN: Blacklisted javascript included on: http://johnhackedsite.com (*Javascript
included from a blacklisted domain. Details: http://sucuri.net/malware/entry/MW:BLK:2
Javascript: welcometotheglobalisnet.com)
BLACKLIST: INFO: Domain clean by Google Safe Browsing: johnhackedsite.com
(http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=johnhackedsite.com)
BLACKLIST: INFO: Domain clean by the Sucuri Malware Labs blacklist: johnhackedsite.com
(http://labs.sucuri.net/?blacklist=johnhackedsite.com)
BLACKLIST: WARN: Domain blacklisted By Yandex (via Sophos): johnhackedsite.com
(http://www.yandex.com/infected?url=johnhackedsite.com&l10n=en)

23. Q & A
Sucuri Sales Enablement Team
Victor Santoyo
victor@sucuri.net
Joshua Hammer
joshua@sucuri.net