diff --git a/plugins/aws_workspaces/.CHECKSUM b/plugins/aws_workspaces/.CHECKSUM deleted file mode 100644 index 0f0c89996f..0000000000 --- a/plugins/aws_workspaces/.CHECKSUM +++ /dev/null @@ -1,15 +0,0 @@ -{ - "spec": "f6882889520d23957aa9349586c2678b", - "manifest": "8a2a347035eb1167767c00c2c46ece6a", - "setup": "e29d88d1703a1dc4919a6b5cf5e9548a", - "schemas": [ - { - "identifier": "create_workspace/schema.py", - "hash": "d640f34f6c0b4647311922855768becb" - }, - { - "identifier": "connection/schema.py", - "hash": "856e5a7d197dd71cdddcd2d6b6e88c87" - } - ] -} \ No newline at end of file diff --git a/plugins/aws_workspaces/.dockerignore b/plugins/aws_workspaces/.dockerignore deleted file mode 100644 index 93dc53fb01..0000000000 --- a/plugins/aws_workspaces/.dockerignore +++ /dev/null @@ -1,9 +0,0 @@ -unit_test/**/* -unit_test -examples/**/* -examples -tests -tests/**/* -**/*.json -**/*.tar -**/*.gz \ No newline at end of file diff --git a/plugins/aws_workspaces/Dockerfile b/plugins/aws_workspaces/Dockerfile deleted file mode 100755 index 336d1728fa..0000000000 --- a/plugins/aws_workspaces/Dockerfile +++ /dev/null @@ -1,26 +0,0 @@ -FROM komand/python-3-37-slim-plugin:3 -# Refer to the following documentation for available SDK parent images: https://docs.rapid7.com/insightconnect/sdk-guide/#sdk-guide - -LABEL organization=rapid7 -LABEL sdk=python - -# Add any custom package dependencies here -# NOTE: Add pip packages to requirements.txt - -# End package dependencies - -# Add source code -WORKDIR /python/src -ADD ./plugin.spec.yaml /plugin.spec.yaml -ADD . /python/src - -# Install pip dependencies -RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi - -# Install plugin -RUN python setup.py build && python setup.py install - -# User to run plugin code. The two supported users are: root, nobody -USER root - -ENTRYPOINT ["/usr/local/bin/icon_aws_workspaces"] diff --git a/plugins/aws_workspaces/Makefile b/plugins/aws_workspaces/Makefile deleted file mode 100755 index cb85f96b6c..0000000000 --- a/plugins/aws_workspaces/Makefile +++ /dev/null @@ -1,53 +0,0 @@ -# Include other Makefiles for improved functionality -INCLUDE_DIR = ../../tools/Makefiles -MAKEFILES := $(wildcard $(INCLUDE_DIR)/*.mk) -# We can't guarantee customers will have the include files -# - prefix to ignore Makefiles when not present -# https://www.gnu.org/software/make/manual/html_node/Include.html --include $(MAKEFILES) - -ifneq ($(MAKEFILES),) - $(info [$(YELLOW)*$(NORMAL)] Use ``make menu`` for available targets) - $(info [$(YELLOW)*$(NORMAL)] Including available Makefiles: $(MAKEFILES)) - $(info --) -else - $(warning Makefile includes directory not present: $(INCLUDE_DIR)) -endif - -VERSION?=$(shell grep '^version: ' plugin.spec.yaml | sed 's/version: //') -NAME?=$(shell grep '^name: ' plugin.spec.yaml | sed 's/name: //') -VENDOR?=$(shell grep '^vendor: ' plugin.spec.yaml | sed 's/vendor: //') -CWD?=$(shell basename $(PWD)) -_NAME?=$(shell echo $(NAME) | awk '{ print toupper(substr($$0,1,1)) tolower(substr($$0,2)) }') -PKG=$(VENDOR)-$(NAME)-$(VERSION).tar.gz - -# Set default target explicitly. Make's default behavior is the first target in the Makefile. -# We don't want that behavior due to includes which are read first -.DEFAULT_GOAL := default # Make >= v3.80 (make -version) - - -default: image tarball - -tarball: - $(info [$(YELLOW)*$(NORMAL)] Creating plugin tarball) - rm -rf build - rm -rf $(PKG) - tar -cvzf $(PKG) --exclude=$(PKG) --exclude=tests --exclude=run.sh * - -image: - $(info [$(YELLOW)*$(NORMAL)] Building plugin image) - docker build --pull -t $(VENDOR)/$(NAME):$(VERSION) . - docker tag $(VENDOR)/$(NAME):$(VERSION) $(VENDOR)/$(NAME):latest - -regenerate: - $(info [$(YELLOW)*$(NORMAL)] Regenerating schema from plugin.spec.yaml) - icon-plugin generate python --regenerate - -export: image - $(info [$(YELLOW)*$(NORMAL)] Exporting docker image) - @printf "\n ---> Exporting Docker image to ./$(VENDOR)_$(NAME)_$(VERSION).tar\n" - @docker save $(VENDOR)/$(NAME):$(VERSION) | gzip > $(VENDOR)_$(NAME)_$(VERSION).tar - -# Make will not run a target if a file of the same name exists unless setting phony targets -# https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html -.PHONY: default tarball image regenerate diff --git a/plugins/aws_workspaces/bin/icon_aws_workspaces b/plugins/aws_workspaces/bin/icon_aws_workspaces deleted file mode 100755 index 1f0e0ad96e..0000000000 --- a/plugins/aws_workspaces/bin/icon_aws_workspaces +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/env python -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand -from icon_aws_workspaces import connection, actions, triggers - - -Name = 'AWS WorkSpaces' -Vendor = 'rapid7' -Version = '1.0.1' -Description = 'Enables creation of workspaces on Amazons WorkSpace service' - - -class ICONAwsWorkspaces(komand.Plugin): - def __init__(self): - super(self.__class__, self).__init__( - name=Name, - vendor=Vendor, - version=Version, - description=Description, - connection=connection.Connection() - ) - self.add_action(actions.CreateWorkspace()) - - -def main(): - """Run plugin""" - cli = komand.CLI(ICONAwsWorkspaces()) - cli.run() - - -if __name__ == "__main__": - main() diff --git a/plugins/aws_workspaces/extension.png b/plugins/aws_workspaces/extension.png deleted file mode 100644 index c25b2968b2..0000000000 Binary files a/plugins/aws_workspaces/extension.png and /dev/null differ diff --git a/plugins/aws_workspaces/help.md b/plugins/aws_workspaces/help.md deleted file mode 100644 index bac74ca310..0000000000 --- a/plugins/aws_workspaces/help.md +++ /dev/null @@ -1,89 +0,0 @@ -# Description - -This plugin utilizes [AWS WorkSpaces](https://aws.amazon.com/workspaces/) to create workspaces. Amazon WorkSpaces is a fully managed - desktop computing service in the cloud that allows its customers to provide cloud-based desktops to their end-users. Can be utilized for bring your own device policies and product testing. - -# Key Features - -* Create workspace - -# Requirements - -* AWS account -* AWS access key ID for authentication -* AWS secret key for signing requests with the given AWS access key ID -* AWS region to use for requests - -# Documentation - -## Setup - -The connection configuration accepts the following parameters: - -|Name|Type|Default|Required|Description|Enum| -|----|----|-------|--------|-----------|----| -|aws_access_key_id|credential_secret_key|None|True|The ID of the AWS access key to use for authentication|None| -|aws_secret_access_key|credential_secret_key|None|True|The AWS secret access Key used for signing requests with the given AWS access key ID|None| -|region|string|None|True|The AWS region to use for requests. An example would be us-east-1|['us-east-2', 'us-east-1', 'us-west-1', 'us-west-2', 'ca-central-1', 'ap-south-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', 'ap-northeast-1', 'eu-central-1', 'eu-west-1', 'eu-west-2', 'sa-east-1']| - -## Technical Details - -### Actions - -#### Create Workspace - -This action is used to create a workspace. - -##### Input - -|Name|Type|Default|Required|Description|Enum| -|----|----|-------|--------|-----------|----| -|bundle_id|string|None|True|The identifier of the bundle for the workspace|None| -|directory_id|string|None|True|The identifier of the AWS Directory Service directory for the workspace|None| -|root_volume_encryption_enabled|boolean|None|False|Flag indicating whether the data stored on the root volume is encrypted|None| -|tags|[] tag|None|False|Tags|None| -|username|string|None|True|The username of the user for the workspace|None| -|user_volume_encryption_enabled|boolean|None|False|Flag indicating whether the data stored on the user volume is encrypted|None| -|volume_encryption_key|string|None|False|The KMS key used to encrypt data stored on your workspace|None| -|workspace_properties|workspace_properties|None|False|Workspace properties|None| - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|workspace_id_state|workspace_id_state|True|ID and state of a created workspace| - -Example output: - -``` -{ - "workspace_id_state": { - "id": "ws-9s7685j2s", - "state": "PENDING" - } -} -``` - -### Triggers - -_This plugin does not contain any triggers._ - -### Custom Output Types - -_This plugin does not contain any custom output types._ - -## Troubleshooting - -_This plugin does not contain any troubleshooting information._ - -# Version History - -* 1.0.1 - New spec and help.md format for the Extension Library -* 1.0.0 - Initial plugin - -# Links - -## References - -* [AWS WorkSpaces](https://aws.amazon.com/workspaces/) - diff --git a/plugins/aws_workspaces/icon.png b/plugins/aws_workspaces/icon.png deleted file mode 100644 index 3e5d3830ba..0000000000 Binary files a/plugins/aws_workspaces/icon.png and /dev/null differ diff --git a/plugins/aws_workspaces/icon_aws_workspaces/__init__.py b/plugins/aws_workspaces/icon_aws_workspaces/__init__.py deleted file mode 100755 index bace8db897..0000000000 --- a/plugins/aws_workspaces/icon_aws_workspaces/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT diff --git a/plugins/aws_workspaces/icon_aws_workspaces/actions/__init__.py b/plugins/aws_workspaces/icon_aws_workspaces/actions/__init__.py deleted file mode 100755 index a69ce25f10..0000000000 --- a/plugins/aws_workspaces/icon_aws_workspaces/actions/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .create_workspace.action import CreateWorkspace diff --git a/plugins/aws_workspaces/icon_aws_workspaces/actions/create_workspace/__init__.py b/plugins/aws_workspaces/icon_aws_workspaces/actions/create_workspace/__init__.py deleted file mode 100755 index a5cf38ffb6..0000000000 --- a/plugins/aws_workspaces/icon_aws_workspaces/actions/create_workspace/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .action import CreateWorkspace diff --git a/plugins/aws_workspaces/icon_aws_workspaces/actions/create_workspace/action.py b/plugins/aws_workspaces/icon_aws_workspaces/actions/create_workspace/action.py deleted file mode 100755 index ae06735e48..0000000000 --- a/plugins/aws_workspaces/icon_aws_workspaces/actions/create_workspace/action.py +++ /dev/null @@ -1,99 +0,0 @@ -import komand -from .schema import CreateWorkspaceInput, CreateWorkspaceOutput, Component, Input, Output - -# Custom imports below -from komand.exceptions import PluginException - - -class CreateWorkspace(komand.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="create_workspace", - description=Component.DESCRIPTION, - input=CreateWorkspaceInput(), - output=CreateWorkspaceOutput(), - ) - - def run(self, params={}): - directory_id = params.get(Input.DIRECTORY_ID) - username = params.get(Input.USERNAME) - bundle_id = params.get(Input.BUNDLE_ID) - volume_encryption_key = params.get(Input.VOLUME_ENCRYPTION_KEY) - user_volume_encryption_enabled = params.get(Input.USER_VOLUME_ENCRYPTION_ENABLED) - root_volume_encryption_enabled = params.get(Input.ROOT_VOLUME_ENCRYPTION_ENABLED) - workspace_properties = params.get(Input.WORKSPACE_PROPERTIES) - tags = params.get(Input.TAGS) - result = {} - - payload = { - "DirectoryId": directory_id, - "UserName": username, - "BundleId": bundle_id, - "Tags": tags, - "WorkspaceProperties": { - "ComputeTypeName": workspace_properties["compute_type_name"], - "RootVolumeSizeGib": workspace_properties["root_volume_size"], - "RunningMode": workspace_properties["running_mode"], - "RunningModeAutoStopTimeoutInMinutes": workspace_properties["running_mode_auto_stop_time_out"], - "UserVolumeSizeGib": workspace_properties["user_volume_size"], - }, - } - - if user_volume_encryption_enabled and root_volume_encryption_enabled: - raise PluginException( - cause="Both user and root volume encrypted flags are set.", - assistance="Only one of the encryption flags can be set.", - ) - - if user_volume_encryption_enabled: - payload["UserVolumeEncryptionEnabled"] = user_volume_encryption_enabled - if root_volume_encryption_enabled: - payload["RootVolumeEncryptionEnabled"] = root_volume_encryption_enabled - if user_volume_encryption_enabled or root_volume_encryption_enabled: - if volume_encryption_key: - payload["VolumeEncryptionKey"] = volume_encryption_key - else: - raise PluginException( - cause="Invalid value for Volume Encryption Key input.", - assistance="Please provide a valid value for the input.", - ) - - try: - result = self.connection.aws.client("workspaces").create_workspaces(Workspaces=[payload]) - except: - raise PluginException(cause="An unknown error occurred", data=result) - - try: - if result["FailedRequests"]: - raise PluginException( - cause=result["FailedRequests"][0].get("ErrorCode"), - assistance=result["FailedRequests"][0].get("ErrorMessage"), - data=result, - ) - except KeyError: - raise PluginException( - cause="The output did not contain expected keys.", - assistance="Contact support for help.", - data=result, - ) - - try: - if result["PendingRequests"][0].get("ErrorCode"): - raise PluginException( - cause=result["PendingRequests"][0].get("ErrorCode"), - assistance=result["PendingRequests"][0].get("ErrorMessage"), - data=result, - ) - else: - result = { - "id": result["PendingRequests"][0].get("WorkspaceId"), - "state": result["PendingRequests"][0].get("State"), - } - except (IndexError, KeyError): - raise PluginException( - cause="The output did not contain expected keys.", - assistance="Contact support for help.", - data=result, - ) - - return {Output.WORKSPACE_ID_STATE: result} diff --git a/plugins/aws_workspaces/icon_aws_workspaces/actions/create_workspace/schema.py b/plugins/aws_workspaces/icon_aws_workspaces/actions/create_workspace/schema.py deleted file mode 100755 index 278de6579f..0000000000 --- a/plugins/aws_workspaces/icon_aws_workspaces/actions/create_workspace/schema.py +++ /dev/null @@ -1,211 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand -import json - - -class Component: - DESCRIPTION = "Create a workspace" - - -class Input: - BUNDLE_ID = "bundle_id" - DIRECTORY_ID = "directory_id" - ROOT_VOLUME_ENCRYPTION_ENABLED = "root_volume_encryption_enabled" - TAGS = "tags" - USER_VOLUME_ENCRYPTION_ENABLED = "user_volume_encryption_enabled" - USERNAME = "username" - VOLUME_ENCRYPTION_KEY = "volume_encryption_key" - WORKSPACE_PROPERTIES = "workspace_properties" - - -class Output: - WORKSPACE_ID_STATE = "workspace_id_state" - - -class CreateWorkspaceInput(komand.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "bundle_id": { - "type": "string", - "title": "Bundle ID", - "description": "The identifier of the bundle for the workspace", - "order": 3 - }, - "directory_id": { - "type": "string", - "title": "Directory ID", - "description": "The identifier of the AWS Directory Service directory for the workspace", - "order": 1 - }, - "root_volume_encryption_enabled": { - "type": "boolean", - "title": "Root Volume Encryption Enabled", - "description": "Flag indicating whether the data stored on the root volume is encrypted", - "order": 6 - }, - "tags": { - "type": "array", - "title": "Tags", - "description": "Tags", - "items": { - "$ref": "#/definitions/tag" - }, - "order": 8 - }, - "user_volume_encryption_enabled": { - "type": "boolean", - "title": "User Volume Encryption Enabled", - "description": "Flag indicating whether the data stored on the user volume is encrypted", - "order": 5 - }, - "username": { - "type": "string", - "title": "Username", - "description": "The username of the user for the workspace", - "order": 2 - }, - "volume_encryption_key": { - "type": "string", - "title": "Volume Encryption Key", - "description": "The KMS key used to encrypt data stored on your workspace", - "order": 4 - }, - "workspace_properties": { - "$ref": "#/definitions/workspace_properties", - "title": "Workspace Properties", - "description": "Workspace properties", - "order": 7 - } - }, - "required": [ - "bundle_id", - "directory_id", - "username" - ], - "definitions": { - "tag": { - "type": "object", - "title": "tag", - "properties": { - "key": { - "type": "string", - "title": "Key", - "description": "The key in a key-value pair of a tag", - "order": 1 - }, - "value": { - "type": "string", - "title": "Value", - "description": "The value in a key-value pair of a tag", - "order": 2 - } - } - }, - "workspace_properties": { - "type": "object", - "title": "workspace_properties", - "properties": { - "compute_type_name": { - "type": "string", - "title": "Compute Type Name", - "description": "Compute type name", - "enum": [ - "VALUE", - "STANDARD", - "PERFORMANCE", - "POWER", - "GRAPHICS", - "POWERPRO", - "GRAPHICSPRO" - ], - "order": 5 - }, - "root_volume_size": { - "type": "integer", - "title": "Root Volume Size", - "description": "Root volume size in gigabytes", - "default": 80, - "order": 3 - }, - "running_mode": { - "type": "string", - "title": "Running Mode", - "description": "Running mode", - "enum": [ - "ALWAYS_ON", - "AUTO_STOP" - ], - "order": 1 - }, - "running_mode_auto_stop_time_out": { - "type": "integer", - "title": "Running Mode Auto Stop Time Out", - "description": "Running mode auto stop time out in minutes. It should be a multiple of 60", - "default": 60, - "order": 2 - }, - "user_volume_size": { - "type": "integer", - "title": "User Volume Size", - "description": "User volume size in gigabytes", - "default": 10, - "order": 4 - } - } - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class CreateWorkspaceOutput(komand.Output): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "workspace_id_state": { - "$ref": "#/definitions/workspace_id_state", - "title": "Workspace ID and State", - "description": "ID and state of a created workspace", - "order": 1 - } - }, - "required": [ - "workspace_id_state" - ], - "definitions": { - "workspace_id_state": { - "type": "object", - "title": "workspace_id_state", - "properties": { - "id": { - "type": "string", - "title": "ID", - "description": "ID of a created workspace", - "order": 1 - }, - "state": { - "type": "string", - "title": "State", - "description": "Current status of a created workspace", - "order": 2 - } - }, - "required": [ - "id", - "state" - ] - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/aws_workspaces/icon_aws_workspaces/connection/__init__.py b/plugins/aws_workspaces/icon_aws_workspaces/connection/__init__.py deleted file mode 100755 index a515dcf6b0..0000000000 --- a/plugins/aws_workspaces/icon_aws_workspaces/connection/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .connection import Connection diff --git a/plugins/aws_workspaces/icon_aws_workspaces/connection/connection.py b/plugins/aws_workspaces/icon_aws_workspaces/connection/connection.py deleted file mode 100755 index a5298be897..0000000000 --- a/plugins/aws_workspaces/icon_aws_workspaces/connection/connection.py +++ /dev/null @@ -1,35 +0,0 @@ -import komand -from komand.exceptions import ConnectionTestException - -from .schema import ConnectionSchema - -# Custom imports below -import boto3 - - -class Connection(komand.Connection): - def __init__(self): - super(self.__class__, self).__init__(input=ConnectionSchema()) - - def connect(self, params): - self.logger.info("Connecting") - - region = params.get("region", None) - kwargs = { - "aws_access_key_id": params.get("aws_access_key_id").get("secretKey"), - "aws_secret_access_key": params.get("aws_secret_access_key").get("secretKey"), - } - if region: - kwargs["region_name"] = region - - self.aws = boto3.Session(**kwargs) - - def test(self): - try: - self.aws.client("workspaces").describe_workspaces() - except: - raise ConnectionTestException( - cause="AWS Connection was not successful.", assistance="Please check your API key." - ) - - return {"connection": "successful"} diff --git a/plugins/aws_workspaces/icon_aws_workspaces/connection/schema.py b/plugins/aws_workspaces/icon_aws_workspaces/connection/schema.py deleted file mode 100755 index f6cdecebd1..0000000000 --- a/plugins/aws_workspaces/icon_aws_workspaces/connection/schema.py +++ /dev/null @@ -1,66 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand -import json - - -class Input: - AWS_ACCESS_KEY_ID = "aws_access_key_id" - AWS_SECRET_ACCESS_KEY = "aws_secret_access_key" - REGION = "region" - - -class ConnectionSchema(komand.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "aws_access_key_id": { - "$ref": "#/definitions/credential_secret_key", - "title": "AWS Access Key ID", - "description": "The ID of the AWS access key to use for authentication", - "order": 1 - }, - "aws_secret_access_key": { - "$ref": "#/definitions/credential_secret_key", - "title": "AWS Secret Access Key", - "description": "The AWS secret access key used for signing requests with the given AWS access key ID", - "order": 2 - }, - "region": { - "type": "string", - "title": "Region", - "description": "The AWS region to use for requests. An example would be us-east-1", - "order": 3 - } - }, - "required": [ - "aws_access_key_id", - "aws_secret_access_key", - "region" - ], - "definitions": { - "credential_secret_key": { - "id": "credential_secret_key", - "type": "object", - "title": "Credential: Secret Key", - "description": "A shared secret key", - "properties": { - "secretKey": { - "type": "string", - "title": "Secret Key", - "displayType": "password", - "description": "The shared secret key", - "format": "password" - } - }, - "required": [ - "secretKey" - ] - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/aws_workspaces/icon_aws_workspaces/triggers/__init__.py b/plugins/aws_workspaces/icon_aws_workspaces/triggers/__init__.py deleted file mode 100755 index bace8db897..0000000000 --- a/plugins/aws_workspaces/icon_aws_workspaces/triggers/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT diff --git a/plugins/aws_workspaces/icon_aws_workspaces/util/__init__.py b/plugins/aws_workspaces/icon_aws_workspaces/util/__init__.py deleted file mode 100755 index bace8db897..0000000000 --- a/plugins/aws_workspaces/icon_aws_workspaces/util/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT diff --git a/plugins/aws_workspaces/plugin.spec.yaml b/plugins/aws_workspaces/plugin.spec.yaml deleted file mode 100644 index 679a64fe59..0000000000 --- a/plugins/aws_workspaces/plugin.spec.yaml +++ /dev/null @@ -1,152 +0,0 @@ -plugin_spec_version: v2 -extension: plugin -products: [insightconnect] -name: aws_workspaces -title: AWS WorkSpaces -vendor: rapid7 -support: community -status: [] -resources: - source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/aws_workspaces - license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE - vendor_url: https://aws.amazon.com -description: Enables creation of workspaces on Amazons WorkSpace service -version: 1.0.1 -tags: -- aws -- workspaces -hub_tags: - use_cases: [application_management] - keywords: [aws, workspaces] - features: [] -types: - workspace_properties: - running_mode: - title: Running Mode - description: Running mode - type: string - required: false - enum: - - ALWAYS_ON - - AUTO_STOP - running_mode_auto_stop_time_out: - title: Running Mode Auto Stop Time Out - description: Running mode auto stop time out in minutes. It should be a multiple of 60 - type: integer - default: 60 - required: false - root_volume_size: - title: Root Volume Size - description: Root volume size in gigabytes - type: integer - default: 80 - required: false - user_volume_size: - title: User Volume Size - description: User volume size in gigabytes - type: integer - default: 10 - required: false - compute_type_name: - title: Compute Type Name - description: Compute type name - type: string - required: false - enum: - - VALUE - - STANDARD - - PERFORMANCE - - POWER - - GRAPHICS - - POWERPRO - - GRAPHICSPRO - tag: - key: - title: Key - description: The key in a key-value pair of a tag - type: string - required: false - value: - title: Value - description: The value in a key-value pair of a tag - type: string - required: false - workspace_id_state: - id: - title: ID - description: ID of a created workspace - type: string - required: true - state: - title: State - description: Current status of a created workspace - type: string - required: true -connection: - aws_access_key_id: - title: AWS Access Key ID - description: The ID of the AWS access key to use for authentication - type: credential_secret_key - required: true - aws_secret_access_key: - title: AWS Secret Access Key - description: The AWS secret access key used for signing requests with the given - AWS access key ID - type: credential_secret_key - required: true - region: - title: Region - description: The AWS region to use for requests. An example would be us-east-1 - type: string - required: true -actions: - create_workspace: - title: Create Workspace - description: Create a workspace - input: - directory_id: - title: Directory ID - description: The identifier of the AWS Directory Service directory for the workspace - type: string - required: true - username: - title: Username - description: The username of the user for the workspace - type: string - required: true - bundle_id: - title: Bundle ID - description: The identifier of the bundle for the workspace - type: string - required: true - volume_encryption_key: - title: Volume Encryption Key - description: The KMS key used to encrypt data stored on your workspace - type: string - required: false - user_volume_encryption_enabled: - title: User Volume Encryption Enabled - description: Flag indicating whether the data stored on the user volume is encrypted - type: boolean - required: false - root_volume_encryption_enabled: - title: Root Volume Encryption Enabled - description: Flag indicating whether the data stored on the root volume is encrypted - type: boolean - required: false - workspace_properties: - title: Workspace Properties - description: Workspace properties - type: workspace_properties - required: false - tags: - title: Tags - description: Tags - type: '[] tag' - required: false - output: - workspace_id_state: - title: Workspace ID and State - description: ID and state of a created workspace - type: workspace_id_state - required: true diff --git a/plugins/aws_workspaces/requirements.txt b/plugins/aws_workspaces/requirements.txt deleted file mode 100755 index 04203397e6..0000000000 --- a/plugins/aws_workspaces/requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -# List third-party dependencies here, separated by newlines. -# All dependencies must be version-pinned, eg. requests==1.2.0 -# See: https://pip.pypa.io/en/stable/user_guide/#requirements-files -boto3==1.10.4 \ No newline at end of file diff --git a/plugins/aws_workspaces/setup.py b/plugins/aws_workspaces/setup.py deleted file mode 100755 index 825349640e..0000000000 --- a/plugins/aws_workspaces/setup.py +++ /dev/null @@ -1,14 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from setuptools import setup, find_packages - - -setup(name='aws_workspaces-rapid7-plugin', - version='1.0.1', - description='Enables creation of workspaces on Amazons WorkSpace service', - author='rapid7', - author_email='', - url='', - packages=find_packages(), - install_requires=['komand'], # Add third-party dependencies to requirements.txt, not here! - scripts=['bin/icon_aws_workspaces'] - ) diff --git a/plugins/mcafee_atd/.CHECKSUM b/plugins/mcafee_atd/.CHECKSUM deleted file mode 100644 index 8725fbf078..0000000000 --- a/plugins/mcafee_atd/.CHECKSUM +++ /dev/null @@ -1,35 +0,0 @@ -{ - "spec": "e101be9ac73c82cfc016c7987aadd55c", - "manifest": "ac2b326ba7c1cd42773e0bf83ec4dd9e", - "setup": "395cf100fda41cf67dc7d26dbd719ee0", - "schemas": [ - { - "identifier": "check_analysis_status/schema.py", - "hash": "650a0762031f723ff138e5bfc88cc8ca" - }, - { - "identifier": "get_report/schema.py", - "hash": "04022591f52b0cb8207ce930d1780e5a" - }, - { - "identifier": "list_analyzer_profiles/schema.py", - "hash": "3808b26ee4db200c463dfa2fb8e926f8" - }, - { - "identifier": "submit_file/schema.py", - "hash": "ca13b66430aa659edfe162ca647aa67b" - }, - { - "identifier": "submit_hash/schema.py", - "hash": "4fd541cc8eace97d72b1024349b54310" - }, - { - "identifier": "submit_url/schema.py", - "hash": "99fab53d4df4790faaded4bc1a7ef5d5" - }, - { - "identifier": "connection/schema.py", - "hash": "cf3065c44937151471355195862f8271" - } - ] -} \ No newline at end of file diff --git a/plugins/mcafee_atd/.dockerignore b/plugins/mcafee_atd/.dockerignore deleted file mode 100644 index 93dc53fb01..0000000000 --- a/plugins/mcafee_atd/.dockerignore +++ /dev/null @@ -1,9 +0,0 @@ -unit_test/**/* -unit_test -examples/**/* -examples -tests -tests/**/* -**/*.json -**/*.tar -**/*.gz \ No newline at end of file diff --git a/plugins/mcafee_atd/Dockerfile b/plugins/mcafee_atd/Dockerfile deleted file mode 100644 index 3a3b08f7b8..0000000000 --- a/plugins/mcafee_atd/Dockerfile +++ /dev/null @@ -1,26 +0,0 @@ -FROM rapid7/insightconnect-python-3-38-plugin:4 -# Refer to the following documentation for available SDK parent images: https://docs.rapid7.com/insightconnect/sdk-guide/#sdk-guide - -LABEL organization=rapid7 -LABEL sdk=python - -# Add any custom package dependencies here -# NOTE: Add pip packages to requirements.txt - -# End package dependencies - -# Add source code -WORKDIR /python/src -ADD ./plugin.spec.yaml /plugin.spec.yaml -ADD . /python/src - -# Install pip dependencies -RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi - -# Install plugin -RUN python setup.py build && python setup.py install - -# User to run plugin code. The two supported users are: root, nobody -USER nobody - -ENTRYPOINT ["/usr/local/bin/icon_mcafee_atd"] diff --git a/plugins/mcafee_atd/Makefile b/plugins/mcafee_atd/Makefile deleted file mode 100644 index cb85f96b6c..0000000000 --- a/plugins/mcafee_atd/Makefile +++ /dev/null @@ -1,53 +0,0 @@ -# Include other Makefiles for improved functionality -INCLUDE_DIR = ../../tools/Makefiles -MAKEFILES := $(wildcard $(INCLUDE_DIR)/*.mk) -# We can't guarantee customers will have the include files -# - prefix to ignore Makefiles when not present -# https://www.gnu.org/software/make/manual/html_node/Include.html --include $(MAKEFILES) - -ifneq ($(MAKEFILES),) - $(info [$(YELLOW)*$(NORMAL)] Use ``make menu`` for available targets) - $(info [$(YELLOW)*$(NORMAL)] Including available Makefiles: $(MAKEFILES)) - $(info --) -else - $(warning Makefile includes directory not present: $(INCLUDE_DIR)) -endif - -VERSION?=$(shell grep '^version: ' plugin.spec.yaml | sed 's/version: //') -NAME?=$(shell grep '^name: ' plugin.spec.yaml | sed 's/name: //') -VENDOR?=$(shell grep '^vendor: ' plugin.spec.yaml | sed 's/vendor: //') -CWD?=$(shell basename $(PWD)) -_NAME?=$(shell echo $(NAME) | awk '{ print toupper(substr($$0,1,1)) tolower(substr($$0,2)) }') -PKG=$(VENDOR)-$(NAME)-$(VERSION).tar.gz - -# Set default target explicitly. Make's default behavior is the first target in the Makefile. -# We don't want that behavior due to includes which are read first -.DEFAULT_GOAL := default # Make >= v3.80 (make -version) - - -default: image tarball - -tarball: - $(info [$(YELLOW)*$(NORMAL)] Creating plugin tarball) - rm -rf build - rm -rf $(PKG) - tar -cvzf $(PKG) --exclude=$(PKG) --exclude=tests --exclude=run.sh * - -image: - $(info [$(YELLOW)*$(NORMAL)] Building plugin image) - docker build --pull -t $(VENDOR)/$(NAME):$(VERSION) . - docker tag $(VENDOR)/$(NAME):$(VERSION) $(VENDOR)/$(NAME):latest - -regenerate: - $(info [$(YELLOW)*$(NORMAL)] Regenerating schema from plugin.spec.yaml) - icon-plugin generate python --regenerate - -export: image - $(info [$(YELLOW)*$(NORMAL)] Exporting docker image) - @printf "\n ---> Exporting Docker image to ./$(VENDOR)_$(NAME)_$(VERSION).tar\n" - @docker save $(VENDOR)/$(NAME):$(VERSION) | gzip > $(VENDOR)_$(NAME)_$(VERSION).tar - -# Make will not run a target if a file of the same name exists unless setting phony targets -# https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html -.PHONY: default tarball image regenerate diff --git a/plugins/mcafee_atd/bin/icon_mcafee_atd b/plugins/mcafee_atd/bin/icon_mcafee_atd deleted file mode 100644 index eb2a7ccbf6..0000000000 --- a/plugins/mcafee_atd/bin/icon_mcafee_atd +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/env python -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -from icon_mcafee_atd import connection, actions, triggers - - -Name = "McAfee Advanced Threat Defense" -Vendor = "rapid7" -Version = "1.5.0" -Description = "McAfee Advanced Threat Defense provides an API framework for external applications to access core McAfeeATD functions through the REST protocol" - - -class ICONMcafeeAtd(insightconnect_plugin_runtime.Plugin): - def __init__(self): - super(self.__class__, self).__init__( - name=Name, - vendor=Vendor, - version=Version, - description=Description, - connection=connection.Connection() - ) - self.add_action(actions.CheckAnalysisStatus()) - - self.add_action(actions.GetReport()) - - self.add_action(actions.ListAnalyzerProfiles()) - - self.add_action(actions.SubmitFile()) - - self.add_action(actions.SubmitHash()) - - self.add_action(actions.SubmitUrl()) - - -def main(): - """Run plugin""" - cli = insightconnect_plugin_runtime.CLI(ICONMcafeeAtd()) - cli.run() - - -if __name__ == "__main__": - main() diff --git a/plugins/mcafee_atd/extension.png b/plugins/mcafee_atd/extension.png deleted file mode 100644 index 324c204fbb..0000000000 Binary files a/plugins/mcafee_atd/extension.png and /dev/null differ diff --git a/plugins/mcafee_atd/help.md b/plugins/mcafee_atd/help.md deleted file mode 100644 index ea5ef80d71..0000000000 --- a/plugins/mcafee_atd/help.md +++ /dev/null @@ -1,406 +0,0 @@ -# Description - -[McAfee Advanced Threat Defense](https://www.mcafee.com/enterprise/en-us/products/advanced-threat-defense.html) provides an API framework for external applications to access core McAfeeATD functions through the REST protocol. - -# Key Features - -* Check if a hash is blacklisted -* Check the analysis status -* Submit a URL for analysis -* Submit a file for analysis -* Display the analyzer profiles to which the user has access -* Download the analysis report files - -# Requirements - -* Username and password -* Base URL for McAfee ATD - -# Documentation - -## Setup - -The connection configuration accepts the following parameters: - -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|credentials|credential_username_password|None|True|Username and password|None|{"username":"user1", "password":"mypassword"}| -|port|integer|443|False|The port number for provided host|None|443| -|url|string|None|True|Base URL for the McAfee Advanced Threat Defense server|None|https://www.example.com| -|verify_ssl|boolean|True|False|Verify the server's TLS/SSL certificate|None|True| - -Example input: - -``` -{ - "credentials": { - "username":"user1", - "password":"mypassword" - }, - "port": 443, - "url": "https://www.example.com", - "verify_ssl": true -} -``` - -## Technical Details - -### Actions - -#### Get Report - -This action is used to download the report of an analysis. It will return the report in JSON along with a file version of -the report based on the specific file type specified in `report_type`. - -##### Input - -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|id|string|None|True|The Task ID, job ID, or MD5 value for the prepared analysis report|None|13| -|report_type|string|HTML|False|The file type of the report to return in the file output|['HTML', 'TXT', 'ZIP', 'XML', 'IOC', 'STIX', 'PDF', 'SAMPLE']|HTML| -|type_id|string|MD5|False|Type of given ID parameter, the type must match the value of the ID field. The default value is MD5|['MD5', 'TASK ID', 'JOB ID']|TASK ID| - -Example input: - -``` -{ - "id": 13, - "report_type": "HTML", - "type_id": "TASK ID" -} -``` - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|file|bytes|True|Prepared analysis report| -|report|object|False|Return report in JSON| - -Example output: - -``` -{ - "file": "PGh0bWw+CjxoZWFkPgo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD11dGYtOCI+Cjx0aXRsZT5NYWx3YXJlIFN1bW1hcnk8L3RpdGxlPgo8bGluayBocmVmPSIvaW1hZ2VzL3N0YW5kYXJkLmNzcyIgcmVsPSJzdHlsZXNoZWV0Ij4KPCEtLSA8bGluayBocmVmPSIvaW1hZ2VzL3N0YW5kYXJkMjAxNS5jc3MiIHJlbD0ic3R5bGVzaGVldCI+IC0tPgo8bGluayBocmVmPSIvaW1hZ2VzL2Jvb3RzdHJhcC5taW4uY3NzIiByZWw9InN0eWxlc2hlZXQiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgpkaXYuY2Zvb3RlciB7bWFyZ2luLXRvcDo0MHB4OyBwYWRkaW5nLXRvcDoyMHB4OyBib3JkZXItdG9wOjdweCBkb3VibGUgI2NhYjJkMjsgbWFyZ2luLXJpZ2h0OjE1JX0KPC9zdHlsZT4KPC9oZWFkPgo8Ym9keT4KPCEtLQo8ZGl2IGNsYXNzPSJtYWludGl0bGUiPlRocmVhdCBBbmFseXNpcyBSZXBvcnQ8L2Rpdj4KPGltZyBzcmM9Ii9pbWFnZXMvaW50X1NlY3VyaXR5LnBuZyIgc3R5bGU9ImZsb2F0OnJpZ2h0OyBtYXJnaW4tcmlnaHQ6MjAwcHg7ICI+CjxkaXYgc3R5bGU9ImNsZWFyOmJvdGg7Ij48L2Rpdj4KLS0+CjxkaXYgY2xhc3M9Im1haW50aXRsZSI+CjxpbWcgc3JjPSIvaW1hZ2VzL21jbG9nby1idy5qcGciIGhlaWdodD0iMjUiIHdpZHRoPSIxMjUiIGFsaWduPSJ0b3AiPiAmZW5zcDsgJmVuc3A7fCZlbnNwOyA8Zm9udCBzaXplPSI1IiBjb2xvcj0iIzQxNDQ0OCIgPiAgVGhyZWF0IEFuYWx5c2lzIFJlcG9ydDwvZm9udD48L2Rpdj4KPHAgYWxpZ249InJpZ2h0Ij48Zm9udCBzaXplPSIrMSI+TWNBZmVlIEFkdmFuY2VkIFRocmVhdCBEZWZlbnNlPC9mb250PjwvcD4KPGJyPjxicj4KPGgyPlN1bW1hcnk8L2gyPgo8cD5TYW1wbGUgTmFtZTogdGVzdC50eHQ8L3A+CjxwPk1ENSBIYXNoIElkZW50aWZpZXI6IDBCNDdGNjcxQkM2MzI4NjIzREZBMTA4NTFENDE4RTU1PC9wPgoKPHAgY2xhc3M9Im1hbGkiPlNldmVyaXR5OiAtMjwvcD4KPHAgY2xhc3M9Im1hbGkiPkRlc2NyaXB0aW9uOiBSZXBvcnQgbm90IGF2YWlsYWJsZSAtIEFuYWx5c2lzIGluY29tcGxldGU8L3A+Cgo8ZGl2IHN0eWxlPSJib3JkZXItdG9wOjFweCBzb2xpZCByZ2IoMjIzLDIyMywyMjMpOyBwYWRkaW5nLXRvcDoyNXB4OyBtYXJnaW4tdG9wOjUwcHg7ICI+Q29weXJpZ2h0IMKpIDIwMTkgTWNBZmVlLCBMTEMuIEFsbCByaWdodHMgcmVzZXJ2ZWQuPGJyPiA8YSBocmVmPSJodHRwOi8vd3d3Lm1jYWZlZS5jb20iPnd3dy5tY2FmZWUuY29tPC9hPgo8L2Rpdj4KPC9ib2R5Pgo8L2h0bWw+Cgo=", - "report": { - "Summary": { - "Subject": { - "Name": "test.txt", - "md5": "0B47F671BC6328623DFA10851D418E55" - }, - "Verdict": { - "Description": "Invalid file type, or invalid file size, or local heuristics determine the file to have a low probability of being malicious, or contain malicious intent.", - "Severity": "-2" - } - } - } -} -``` - -#### List Analyzer Profiles - -This action is used to display the analyzer profiles to which the user has access. - -##### Input - -_This action does not contain any inputs._ - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|profiler_results|[]profiler_results|True|Displays the analyzer profiles, which the user can access| -|success|boolean|True|Returns true if found information about analyzer profiles| - -Example output: - -``` -{ - "profiler_results": [ - { - "artimas": 0, - "asm": 0, - "aviraAV": 0, - "consoleLog": 0, - "createTime": "2020-06-25 17:33:30", - "customrules": 0, - "defaultVM": 0, - "dnnEnable": 0, - "dropZip": 0, - "dumpZip": 0, - "family": 0, - "flp": 0, - "gam": 1, - "gml": 0, - "gtiTS": 1, - "gtiURLRep": 0, - "heuristic": 0, - "imageid": 0, - "internet": 0, - "lastChange": "2020-06-25 17:33:30", - "locBlackList": 0, - "locWhiteList": 1, - "logZip": 0, - "maxExecTime": 0, - "memorydump": 0, - "mfeAV": 1, - "minExecTime": 0, - "name": "Test", - "netLog": 0, - "netdriveZip": 0, - "noPDF": 0, - "ntvLog": 0, - "openarchive": 1, - "overrideOS": 0, - "pe32": 0, - "reAnalysis": 1, - "recusiveAnalysis": 0, - "sandbox": 0, - "sophosAV": 0, - "ssAPIid": 0, - "ssKeyid": 0, - "ssLevelid": 0, - "summary": 1, - "userLog": 0, - "userid": 1, - "vmProfileid": 11, - "xMode": 0, - "yaraScan": 0, - "yararules": 0 - } - ], - "success": true -} -``` - -#### Submit File - -This action is used to upload a file for dynamic analysis. It accepts an option to also submit the URL from which the file is downloaded. In this case, a McAfee GTI URL look up is done on the submitted URL in addition to file analysis. - -##### Input - -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|file|file|None|True|File for analysis|None|{"filename": "setup.exe", "content": "UmFwaWQ3IEluc2lnaHRDb25uZWN0Cg=="}| -|url_for_file|string|None|False|You can also submit the URL from which the file is downloaded. In this case, a McAfee GTI URL look up is done on the submitted URL in addition to file analysis|None|https://www.example.com/download/latest| - -Example input: - -``` -{ - "file": { - "filename": "setup.exe", - "content": "UmFwaWQ3IEluc2lnaHRDb25uZWN0Cg==" - }, - "url_for_file": "https://www.example.com/download/latest" -} -``` - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|submit_file_info|submit_info|False|Information about submitted file| - -Example output: - -``` -{ - "submit_file_info": { - "estimatedTime": 0, - "fileId": "", - "filesWait": 0, - "mimeType": "text/plain", - "results": [ - { - "cache": 3, - "destIp": "", - "file": "amas_filename", - "md5": "EA4B93CD8A68F72ACB1FB63B0AB7543B", - "messageId": "", - "sha1": "FC1E325DFBB631B82B53648A570750E329380417", - "sha256": "0F84347E49EB9A2E8259A7EAABF190575BCCEDFA60B1AF11373D00BE442E2783", - "size": "48", - "srcIp": "", - "submitType": "0", - "taskId": 58, - "url": "" - } - ], - "subId": 58, - "success": true - } -} -``` - -#### Submit URL - -This action is used to submit a URL for dynamic analysis. The `submit_type` options allows you to choose between a URL to analyze (e.g. https://www.example.com) and a URL that points to a file to analyze (e.g. https://www.example.com/PDF/14274les19.pdf). - -##### Input - -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|submit_type|string|URL submission|False|URL to submit for analysis (https://www.example.com) or file to analyze from a URL (e.g. https://www.example.com/PDF/14274les19.pdf)|['URL submission', 'File from URL']|None| -|url|string|None|True|URL for analysis|None|https://www.example.com| - -Example input: - -``` -{ - "url": "https://www.example.com" -} -``` - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|submit_url_info|submit_info|False|Information about submitted URL| - -Example output: - -``` -{ - "submit_url_info": { - "estimatedTime": 0, - "fileId": "", - "filesWait": 0, - "mimeType": "application/url", - "results": [ - { - "cache": 0, - "destIp": "", - "file": "https://example.com", - "md5": "03C63305A49C1342D4FA9988B635973E", - "messageId": "", - "sha1": "", - "sha256": "", - "size": "18", - "srcIp": "", - "submitType": "1", - "taskId": 29, - "url": "https://example.com" - } - ], - "subId": 29, - "success": true - } -} -``` - -#### Check Analysis Status - -This action checks the analysis status. - -##### Input - -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|analysis_id|integer|None|True|Task ID or job ID value which is returned in submission step|None|13| -|type|string|task|False|Type of ID, default value is task|['task', 'job']|None| - -Example input: - -``` -{ - "analysis_id": 13 -} -``` - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|job_results|job|False|Return information about given Job ID| -|results|output|False|Return information about given Task ID| -|success|boolean|False|Success status of analysis ID| - -Example output: - -``` -{ - "results": { - "PEInfo": "0", - "asmListing": "0", - "family": "0", - "filename": "test.txt", - "istate": 1, - "jobid": 13, - "md5": "0B47F671BC6328623DFA10851D418E55", - "status": "Completed", - "submitTime": "2020-06-20 19: 11: 44", - "summaryFiles": "0", - "taskid": 13, - "useLogs": "0", - "userid": 1, - "vmDesc": "Only Down Selectors", - "vmName": "Analyzer Profile 1", - "vmProfile": "1" - }, - "success": true -} -``` - -#### Check Hash Status - -This action is used to check if a user submitted hash value is either blacklisted or whitelisted. - -##### Input - -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|hash|string|None|True|MD5 Hash to submit|None|9de5069c5afe602b2ea0a04b66beb2c0| - -Example input: - -``` -{ - "hash": "9de5069c5afe602b2ea0a04b66beb2c0" -} -``` - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|results|object|True|Return information about given MD5 Hash| -|success|boolean|True|Success status of submit Hash request| - -Example output: - -``` -{ - "results": { - "9de5069c5afe602b2ea0a04b66beb2c0": "Previously submitted" - }, - "success": true -} -``` - -### Triggers - -_This plugin does not contain any triggers._ - -### Custom Output Types - -_This plugin does not contain any custom output types._ - -## Troubleshooting - -_This plugin does not contain any troubleshooting information._ - -# Version History - -* 1.5.0 - New action Get Report -* 1.4.0 - New action List Analyzer Profiles -* 1.3.0 - New action Submit File -* 1.2.0 - New action Submit URL -* 1.1.0 - New action Check Analysis Status -* 1.0.0 - Initial plugin - -# Links - -## References - -* [McAfee Advanced Threat Defense](https://www.mcafee.com/enterprise/en-us/products/advanced-threat-defense.html) diff --git a/plugins/mcafee_atd/icon.png b/plugins/mcafee_atd/icon.png deleted file mode 100644 index 8aa5eed50a..0000000000 Binary files a/plugins/mcafee_atd/icon.png and /dev/null differ diff --git a/plugins/mcafee_atd/icon_mcafee_atd/__init__.py b/plugins/mcafee_atd/icon_mcafee_atd/__init__.py deleted file mode 100644 index bace8db897..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT diff --git a/plugins/mcafee_atd/icon_mcafee_atd/actions/__init__.py b/plugins/mcafee_atd/icon_mcafee_atd/actions/__init__.py deleted file mode 100644 index 45f5512e11..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/actions/__init__.py +++ /dev/null @@ -1,7 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .check_analysis_status.action import CheckAnalysisStatus -from .get_report.action import GetReport -from .list_analyzer_profiles.action import ListAnalyzerProfiles -from .submit_file.action import SubmitFile -from .submit_hash.action import SubmitHash -from .submit_url.action import SubmitUrl diff --git a/plugins/mcafee_atd/icon_mcafee_atd/actions/check_analysis_status/__init__.py b/plugins/mcafee_atd/icon_mcafee_atd/actions/check_analysis_status/__init__.py deleted file mode 100644 index a48615f8d3..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/actions/check_analysis_status/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .action import CheckAnalysisStatus diff --git a/plugins/mcafee_atd/icon_mcafee_atd/actions/check_analysis_status/action.py b/plugins/mcafee_atd/icon_mcafee_atd/actions/check_analysis_status/action.py deleted file mode 100644 index fa61100500..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/actions/check_analysis_status/action.py +++ /dev/null @@ -1,27 +0,0 @@ -import insightconnect_plugin_runtime -from .schema import CheckAnalysisStatusInput, CheckAnalysisStatusOutput, Input, Output, Component - - -# Custom imports below - - -class CheckAnalysisStatus(insightconnect_plugin_runtime.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="check_analysis_status", - description=Component.DESCRIPTION, - input=CheckAnalysisStatusInput(), - output=CheckAnalysisStatusOutput(), - ) - - def run(self, params={}): - status = self.connection.mcafee_atd_api.check_analysis_status( - params.get(Input.ANALYSIS_ID), params.get(Input.TYPE, "task") - ) - success = status.get("success", False) - - if "task" == params.get(Input.TYPE, "task"): - return {Output.SUCCESS: success, Output.RESULTS: status.get("results")} - - del status["success"] - return {Output.SUCCESS: success, Output.JOB_RESULTS: status} diff --git a/plugins/mcafee_atd/icon_mcafee_atd/actions/check_analysis_status/schema.py b/plugins/mcafee_atd/icon_mcafee_atd/actions/check_analysis_status/schema.py deleted file mode 100644 index 3441ef142e..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/actions/check_analysis_status/schema.py +++ /dev/null @@ -1,212 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Component: - DESCRIPTION = "Checks the analysis status" - - -class Input: - ANALYSIS_ID = "analysis_id" - TYPE = "type" - - -class Output: - JOB_RESULTS = "job_results" - RESULTS = "results" - SUCCESS = "success" - - -class CheckAnalysisStatusInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "analysis_id": { - "type": "integer", - "title": "Analysis ID", - "description": "Task ID or job ID value which is returned in submission step", - "order": 1 - }, - "type": { - "type": "string", - "title": "Type", - "description": "Type of ID, default value is task", - "default": "task", - "enum": [ - "task", - "job" - ], - "order": 2 - } - }, - "required": [ - "analysis_id" - ] -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class CheckAnalysisStatusOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "job_results": { - "$ref": "#/definitions/job", - "title": "Job Results", - "description": "Return information about given Job ID", - "order": 3 - }, - "results": { - "$ref": "#/definitions/output", - "title": "Results", - "description": "Return information about given Task ID", - "order": 2 - }, - "success": { - "type": "boolean", - "title": "Success", - "description": "Success status of analysis ID", - "order": 1 - } - }, - "definitions": { - "job": { - "type": "object", - "title": "job", - "properties": { - "allEngineState": { - "type": "integer", - "title": "All Engine State", - "description": "All engine state", - "order": 2 - }, - "severity": { - "type": "integer", - "title": "Severity", - "description": "Severity", - "order": 3 - }, - "status": { - "type": "integer", - "title": "Status", - "description": "Status", - "order": 1 - } - } - }, - "output": { - "type": "object", - "title": "output", - "properties": { - "PEInfo": { - "type": "string", - "title": "PE info", - "description": "PE info", - "order": 13 - }, - "asmListing": { - "type": "string", - "title": "Asm Listing", - "description": "Asm listing", - "order": 12 - }, - "family": { - "type": "string", - "title": "Family", - "description": "Family", - "order": 14 - }, - "filename": { - "type": "string", - "title": "Filename", - "description": "Filename", - "order": 5 - }, - "istate": { - "type": "integer", - "title": "Istate", - "description": "Istate", - "order": 3 - }, - "jobid": { - "type": "integer", - "title": "Job ID", - "description": "Job ID", - "order": 8 - }, - "md5": { - "type": "string", - "title": "MD5", - "description": "MD5", - "order": 6 - }, - "status": { - "type": "string", - "title": "Status", - "description": "Status", - "order": 4 - }, - "submitTime": { - "type": "string", - "title": "Submit Time", - "description": "Submit time", - "order": 9 - }, - "summaryFiles": { - "type": "string", - "title": "Summary Files", - "description": "Summary files", - "order": 10 - }, - "taskid": { - "type": "integer", - "title": "Task ID", - "description": "Task ID", - "order": 2 - }, - "useLogs": { - "type": "string", - "title": "Use Logs", - "description": "Use logs", - "order": 11 - }, - "userid": { - "type": "integer", - "title": "User ID", - "description": "User ID", - "order": 1 - }, - "vmDesc": { - "type": "string", - "title": "VM Desc", - "description": "VM desc", - "order": 16 - }, - "vmName": { - "type": "string", - "title": "VM Name", - "description": "VM name", - "order": 15 - }, - "vmProfile": { - "type": "string", - "title": "VM Profile", - "description": "VM profile", - "order": 7 - } - } - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/mcafee_atd/icon_mcafee_atd/actions/get_report/__init__.py b/plugins/mcafee_atd/icon_mcafee_atd/actions/get_report/__init__.py deleted file mode 100644 index 7dc323db1b..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/actions/get_report/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .action import GetReport diff --git a/plugins/mcafee_atd/icon_mcafee_atd/actions/get_report/action.py b/plugins/mcafee_atd/icon_mcafee_atd/actions/get_report/action.py deleted file mode 100644 index 84a94a9d66..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/actions/get_report/action.py +++ /dev/null @@ -1,33 +0,0 @@ -import insightconnect_plugin_runtime -from insightconnect_plugin_runtime.exceptions import PluginException -from .schema import GetReportInput, GetReportOutput, Input, Output, Component - -# Custom imports below -import base64 - - -class GetReport(insightconnect_plugin_runtime.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="get_report", - description=Component.DESCRIPTION, - input=GetReportInput(), - output=GetReportOutput(), - ) - - def run(self, params={}): - analyse_id = params.get(Input.ID) - return_type = params.get(Input.REPORT_TYPE, "html").lower() - type_id = params.get(Input.TYPE_ID, "MD5") - if return_type == "sample" and type_id != "TASK ID": - raise PluginException( - cause="Type report error.", - assistance="API allows use SAMPLE only when Type ID is TASK ID. " - "Please check to ensure all parameters are correct.", - ) - - response = self.connection.mcafee_atd_api.get_report(analyse_id, return_type, type_id) - return { - Output.FILE: base64.b64encode(response.content).decode("utf-8"), - Output.REPORT: self.connection.mcafee_atd_api.get_report(analyse_id, "json", type_id).json(), - } diff --git a/plugins/mcafee_atd/icon_mcafee_atd/actions/get_report/schema.py b/plugins/mcafee_atd/icon_mcafee_atd/actions/get_report/schema.py deleted file mode 100644 index a31032bdb2..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/actions/get_report/schema.py +++ /dev/null @@ -1,101 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Component: - DESCRIPTION = "Download the report of an analysis" - - -class Input: - ID = "id" - REPORT_TYPE = "report_type" - TYPE_ID = "type_id" - - -class Output: - FILE = "file" - REPORT = "report" - - -class GetReportInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "id": { - "type": "string", - "title": "ID", - "description": "The Task ID, job ID, or MD5 value for the prepared analysis report", - "order": 1 - }, - "report_type": { - "type": "string", - "title": "Report Type", - "description": "The file type of the report to return in the file output", - "default": "HTML", - "enum": [ - "HTML", - "TXT", - "ZIP", - "XML", - "IOC", - "STIX", - "PDF", - "SAMPLE" - ], - "order": 3 - }, - "type_id": { - "type": "string", - "title": "Type ID", - "description": "Type of given ID parameter, the type must match the value of the ID field. The default value is MD5", - "default": "MD5", - "enum": [ - "MD5", - "TASK ID", - "JOB ID" - ], - "order": 2 - } - }, - "required": [ - "id" - ] -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class GetReportOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "file": { - "type": "string", - "title": "File", - "displayType": "bytes", - "description": "Prepared analysis report", - "format": "bytes", - "order": 1 - }, - "report": { - "type": "object", - "title": "Report", - "description": "Return report in JSON", - "order": 2 - } - }, - "required": [ - "file" - ] -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/mcafee_atd/icon_mcafee_atd/actions/list_analyzer_profiles/__init__.py b/plugins/mcafee_atd/icon_mcafee_atd/actions/list_analyzer_profiles/__init__.py deleted file mode 100644 index 23449df3a9..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/actions/list_analyzer_profiles/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .action import ListAnalyzerProfiles diff --git a/plugins/mcafee_atd/icon_mcafee_atd/actions/list_analyzer_profiles/action.py b/plugins/mcafee_atd/icon_mcafee_atd/actions/list_analyzer_profiles/action.py deleted file mode 100644 index a864932e09..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/actions/list_analyzer_profiles/action.py +++ /dev/null @@ -1,22 +0,0 @@ -import insightconnect_plugin_runtime -from .schema import ListAnalyzerProfilesInput, ListAnalyzerProfilesOutput, Output, Component - -# Custom imports below -from insightconnect_plugin_runtime import helper - - -class ListAnalyzerProfiles(insightconnect_plugin_runtime.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="list_analyzer_profiles", - description=Component.DESCRIPTION, - input=ListAnalyzerProfilesInput(), - output=ListAnalyzerProfilesOutput(), - ) - - def run(self, params={}): - result = self.connection.mcafee_atd_api.list_analyzer_profiles() - return { - Output.PROFILER_RESULTS: helper.clean(result.get("results", [])), - Output.SUCCESS: result.get("success", False), - } diff --git a/plugins/mcafee_atd/icon_mcafee_atd/actions/list_analyzer_profiles/schema.py b/plugins/mcafee_atd/icon_mcafee_atd/actions/list_analyzer_profiles/schema.py deleted file mode 100644 index 06bdc277dd..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/actions/list_analyzer_profiles/schema.py +++ /dev/null @@ -1,401 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Component: - DESCRIPTION = "Display the analyzer profiles to which the user has access" - - -class Input: - pass - -class Output: - PROFILER_RESULTS = "profiler_results" - SUCCESS = "success" - - -class ListAnalyzerProfilesInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" - {} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class ListAnalyzerProfilesOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "profiler_results": { - "type": "array", - "title": "Profiler Results", - "description": "Displays the analyzer profiles, which the user can access", - "items": { - "$ref": "#/definitions/profiler_results" - }, - "order": 1 - }, - "success": { - "type": "boolean", - "title": "Success", - "description": "Returns true if found information about analyzer profiles", - "order": 2 - } - }, - "required": [ - "profiler_results", - "success" - ], - "definitions": { - "profiler_results": { - "type": "object", - "title": "profiler_results", - "properties": { - "artimas": { - "type": "integer", - "title": "Artimas", - "description": "Artimas", - "order": 1 - }, - "asm": { - "type": "integer", - "title": "Asm", - "description": "Asm", - "order": 2 - }, - "aviraAV": { - "type": "integer", - "title": "Avira AV", - "description": "Avira AV", - "order": 3 - }, - "consoleLog": { - "type": "integer", - "title": "Console Log", - "description": "Console log", - "order": 4 - }, - "createTime": { - "type": "string", - "title": "Create Time", - "description": "Create time", - "order": 5 - }, - "customrules": { - "type": "integer", - "title": "Customrules", - "description": "Customrules", - "order": 6 - }, - "default32OSName": { - "type": "string", - "title": "Default 32OS Name", - "description": "Default 32OS name", - "order": 7 - }, - "default64OSName": { - "type": "string", - "title": "Default 64OS Name", - "description": "Default 64OS name", - "order": 8 - }, - "defaultVM": { - "type": "integer", - "title": "Default VM", - "description": "Default VM", - "order": 9 - }, - "dnnEnable": { - "type": "integer", - "title": "DNN Enable", - "description": "DNN enable", - "order": 10 - }, - "dropZip": { - "type": "integer", - "title": "Drop ZIP", - "description": "Drop ZIP", - "order": 11 - }, - "dumpZip": { - "type": "integer", - "title": "Dump ZIP", - "description": "Dump ZIP", - "order": 12 - }, - "family": { - "type": "integer", - "title": "Family", - "description": "Family", - "order": 13 - }, - "filePassword": { - "type": "string", - "title": "File Password", - "description": "File password", - "order": 14 - }, - "filePassword1": { - "type": "string", - "title": "File Password 1", - "description": "File password 1", - "order": 15 - }, - "flp": { - "type": "integer", - "title": "FLP", - "description": "FLP", - "order": 16 - }, - "gam": { - "type": "integer", - "title": "GAM", - "description": "GAM", - "order": 17 - }, - "gml": { - "type": "integer", - "title": "GML", - "description": "GML", - "order": 18 - }, - "gtiTS": { - "type": "integer", - "title": "GTI TS", - "description": "GTI TS", - "order": 19 - }, - "gtiURLRep": { - "type": "integer", - "title": "GTI URL REP", - "description": "GTI URL REP", - "order": 20 - }, - "heuristic": { - "type": "integer", - "title": "Heuristic", - "description": "Heuristic", - "order": 21 - }, - "imageid": { - "type": "integer", - "title": "Image ID", - "description": "Image ID", - "order": 22 - }, - "internet": { - "type": "integer", - "title": "Internet", - "description": "Internet", - "order": 23 - }, - "lastChange": { - "type": "string", - "title": "Last Change", - "description": "Last change", - "order": 24 - }, - "locBlackList": { - "type": "integer", - "title": "Loc Blacklist", - "description": "Loc blacklist", - "order": 25 - }, - "locWhiteList": { - "type": "integer", - "title": "Loc Whitelist", - "description": "Loc whitelist", - "order": 26 - }, - "logZip": { - "type": "integer", - "title": "Log ZIP", - "description": "Log ZIP", - "order": 27 - }, - "maxExecTime": { - "type": "integer", - "title": "Max Exec Time", - "description": "Max exec time", - "order": 28 - }, - "memorydump": { - "type": "integer", - "title": "Memory Dump", - "description": "Memory dump", - "order": 29 - }, - "mfeAV": { - "type": "integer", - "title": "MFE AV", - "description": "MFE AV", - "order": 30 - }, - "minExecTime": { - "type": "integer", - "title": "Min Exec Time", - "description": "Min exec time", - "order": 31 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 32 - }, - "netLog": { - "type": "integer", - "title": "Net Log", - "description": "Net log", - "order": 33 - }, - "netdriveZip": { - "type": "integer", - "title": "Net Drive ZIP", - "description": "Net drive ZIP", - "order": 34 - }, - "noPDF": { - "type": "integer", - "title": "No PDF", - "description": "No PDF", - "order": 35 - }, - "ntvLog": { - "type": "integer", - "title": "Ntv Log", - "description": "Ntv log", - "order": 36 - }, - "openarchive": { - "type": "integer", - "title": "Openarchive", - "description": "Openarchive", - "order": 37 - }, - "overrideOS": { - "type": "integer", - "title": "Override OS", - "description": "Override OS", - "order": 38 - }, - "pe32": { - "type": "integer", - "title": "PE32", - "description": "PE32", - "order": 39 - }, - "reAnalysis": { - "type": "integer", - "title": "Re Analysis", - "description": "Re analysis", - "order": 40 - }, - "recusiveAnalysis": { - "type": "integer", - "title": "Recusive Analysis", - "description": "Recusive analysis", - "order": 41 - }, - "runtimeArgument": { - "type": "string", - "title": "Runtime Argument", - "description": "Runtime argument", - "order": 42 - }, - "sandbox": { - "type": "integer", - "title": "Sandbox", - "description": "Sandbox", - "order": 43 - }, - "selectedOSName": { - "type": "string", - "title": "Selected OS Name", - "description": "Selected OS name", - "order": 44 - }, - "sophosAV": { - "type": "integer", - "title": "Sophos AV", - "description": "Sophos AV", - "order": 45 - }, - "ssAPIid": { - "type": "integer", - "title": "SS API ID", - "description": "SS API ID", - "order": 46 - }, - "ssKeyid": { - "type": "integer", - "title": "SS Key ID", - "description": "SS key ID", - "order": 47 - }, - "ssLevelid": { - "type": "integer", - "title": "SS Level ID", - "description": "SS level ID", - "order": 48 - }, - "summary": { - "type": "integer", - "title": "Summary", - "description": "Summary", - "order": 49 - }, - "userLog": { - "type": "integer", - "title": "User Log", - "description": "User log", - "order": 50 - }, - "userid": { - "type": "integer", - "title": "User ID", - "description": "User ID", - "order": 51 - }, - "vmDesc": { - "type": "string", - "title": "VM Desc", - "description": "VM desc", - "order": 52 - }, - "vmProfileid": { - "type": "integer", - "title": "VM Profileid", - "description": "VM profileid", - "order": 53 - }, - "xMode": { - "type": "integer", - "title": "X Mode", - "description": "X mode", - "order": 54 - }, - "yaraScan": { - "type": "integer", - "title": "Yara Scan", - "description": "Yara scan", - "order": 55 - }, - "yararules": { - "type": "integer", - "title": "Yara Rules", - "description": "Yara rules", - "order": 56 - } - } - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_file/__init__.py b/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_file/__init__.py deleted file mode 100644 index e3b99e6f86..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_file/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .action import SubmitFile diff --git a/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_file/action.py b/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_file/action.py deleted file mode 100644 index a19530b799..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_file/action.py +++ /dev/null @@ -1,21 +0,0 @@ -import insightconnect_plugin_runtime -from .schema import SubmitFileInput, SubmitFileOutput, Input, Output, Component - -# Custom imports below - - -class SubmitFile(insightconnect_plugin_runtime.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="submit_file", - description=Component.DESCRIPTION, - input=SubmitFileInput(), - output=SubmitFileOutput(), - ) - - def run(self, params={}): - return { - Output.SUBMIT_FILE_INFO: self.connection.mcafee_atd_api.submit_file( - params.get(Input.FILE), params.get(Input.URL_FOR_FILE) - ) - } diff --git a/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_file/schema.py b/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_file/schema.py deleted file mode 100644 index ca35e8a399..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_file/schema.py +++ /dev/null @@ -1,297 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Component: - DESCRIPTION = "Upload file for dynamic analysis" - - -class Input: - FILE = "file" - URL_FOR_FILE = "url_for_file" - - -class Output: - SUBMIT_FILE_INFO = "submit_file_info" - - -class SubmitFileInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "file": { - "$ref": "#/definitions/file", - "title": "File", - "description": "File for analysis", - "order": 1 - }, - "url_for_file": { - "type": "string", - "title": "File URL", - "description": "You can also submit the URL from which the file is downloaded. In this case, a McAfee GTI URL look up is done on the submitted URL in addition to file analysis", - "order": 2 - } - }, - "required": [ - "file" - ], - "definitions": { - "file": { - "id": "file", - "type": "object", - "title": "File", - "description": "File Object", - "properties": { - "content": { - "type": "string", - "title": "Content", - "description": "File contents", - "format": "bytes" - }, - "filename": { - "type": "string", - "title": "Filename", - "description": "Name of file" - } - } - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class SubmitFileOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "submit_file_info": { - "$ref": "#/definitions/submit_info", - "title": "Submit File Info", - "description": "Information about submitted file", - "order": 1 - } - }, - "definitions": { - "results": { - "type": "object", - "title": "results", - "properties": { - "cache": { - "type": "integer", - "title": "Cache", - "description": "Cache", - "order": 1 - }, - "destIp": { - "type": "string", - "title": "Destination IP", - "description": "Destination IP", - "order": 2 - }, - "file": { - "type": "string", - "title": "File", - "description": "File", - "order": 3 - }, - "md5": { - "type": "string", - "title": "MD5", - "description": "MD5", - "order": 4 - }, - "messageId": { - "type": "string", - "title": "Message ID", - "description": "Message ID", - "order": 5 - }, - "sha1": { - "type": "string", - "title": "SHA1", - "description": "SHA1", - "order": 6 - }, - "sha256": { - "type": "string", - "title": "SHA256", - "description": "SHA256", - "order": 7 - }, - "size": { - "type": "string", - "title": "Size", - "description": "Size", - "order": 8 - }, - "srcIp": { - "type": "string", - "title": "Source IP", - "description": "Source IP", - "order": 9 - }, - "submitType": { - "type": "string", - "title": "Submit Type", - "description": "Submit type", - "order": 10 - }, - "taskId": { - "type": "integer", - "title": "Task ID", - "description": "Task ID", - "order": 11 - }, - "url": { - "type": "string", - "title": "URL", - "description": "URL", - "order": 12 - } - } - }, - "submit_info": { - "type": "object", - "title": "submit_info", - "properties": { - "estimatedTime": { - "type": "integer", - "title": "Estimated Time", - "description": "Estimated time", - "order": 1 - }, - "fileId": { - "type": "string", - "title": "File ID", - "description": "File ID", - "order": 2 - }, - "filesWait": { - "type": "integer", - "title": "Files Wait", - "description": "Files wait", - "order": 3 - }, - "mimeType": { - "type": "string", - "title": "MIME Type", - "description": "MIME type", - "order": 4 - }, - "results": { - "type": "array", - "title": "Results", - "description": "Results", - "items": { - "$ref": "#/definitions/results" - }, - "order": 5 - }, - "subId": { - "type": "integer", - "title": "Sub ID", - "description": "Sub ID", - "order": 6 - }, - "success": { - "type": "boolean", - "title": "Success", - "description": "Success", - "order": 7 - } - }, - "definitions": { - "results": { - "type": "object", - "title": "results", - "properties": { - "cache": { - "type": "integer", - "title": "Cache", - "description": "Cache", - "order": 1 - }, - "destIp": { - "type": "string", - "title": "Destination IP", - "description": "Destination IP", - "order": 2 - }, - "file": { - "type": "string", - "title": "File", - "description": "File", - "order": 3 - }, - "md5": { - "type": "string", - "title": "MD5", - "description": "MD5", - "order": 4 - }, - "messageId": { - "type": "string", - "title": "Message ID", - "description": "Message ID", - "order": 5 - }, - "sha1": { - "type": "string", - "title": "SHA1", - "description": "SHA1", - "order": 6 - }, - "sha256": { - "type": "string", - "title": "SHA256", - "description": "SHA256", - "order": 7 - }, - "size": { - "type": "string", - "title": "Size", - "description": "Size", - "order": 8 - }, - "srcIp": { - "type": "string", - "title": "Source IP", - "description": "Source IP", - "order": 9 - }, - "submitType": { - "type": "string", - "title": "Submit Type", - "description": "Submit type", - "order": 10 - }, - "taskId": { - "type": "integer", - "title": "Task ID", - "description": "Task ID", - "order": 11 - }, - "url": { - "type": "string", - "title": "URL", - "description": "URL", - "order": 12 - } - } - } - } - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_hash/__init__.py b/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_hash/__init__.py deleted file mode 100644 index 6b3785e59a..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_hash/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .action import SubmitHash diff --git a/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_hash/action.py b/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_hash/action.py deleted file mode 100644 index 10d8bf1c80..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_hash/action.py +++ /dev/null @@ -1,28 +0,0 @@ -import insightconnect_plugin_runtime -from insightconnect_plugin_runtime.exceptions import PluginException -from .schema import SubmitHashInput, SubmitHashOutput, Input, Output, Component - -# Custom imports below -import validators - - -class SubmitHash(insightconnect_plugin_runtime.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="submit_hash", - description=Component.DESCRIPTION, - input=SubmitHashInput(), - output=SubmitHashOutput(), - ) - - def run(self, params={}): - if validators.md5(params.get(Input.HASH)): - return { - Output.SUCCESS: True, - Output.RESULTS: self.connection.mcafee_atd_api.submit_hash(params.get(Input.HASH)), - } - - raise PluginException( - cause="The McAfee ATD API only supports MD5 Hash. ", - assistance="Please enter MD5 Hash and try again.", - ) diff --git a/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_hash/schema.py b/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_hash/schema.py deleted file mode 100644 index a437b78fd7..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_hash/schema.py +++ /dev/null @@ -1,69 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Component: - DESCRIPTION = "Check if a MD5 hash is blacklisted or whitelisted" - - -class Input: - HASH = "hash" - - -class Output: - RESULTS = "results" - SUCCESS = "success" - - -class SubmitHashInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "hash": { - "type": "string", - "title": "MD5 Hash", - "description": "MD5 Hash to submit", - "order": 1 - } - }, - "required": [ - "hash" - ] -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class SubmitHashOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "results": { - "type": "object", - "title": "Results", - "description": "Return information about given MD5 Hash", - "order": 2 - }, - "success": { - "type": "boolean", - "title": "Success", - "description": "Success status of submit Hash request", - "order": 1 - } - }, - "required": [ - "results", - "success" - ] -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_url/__init__.py b/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_url/__init__.py deleted file mode 100644 index 1c5ef172f0..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_url/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .action import SubmitUrl diff --git a/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_url/action.py b/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_url/action.py deleted file mode 100644 index 41784455b7..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_url/action.py +++ /dev/null @@ -1,21 +0,0 @@ -import insightconnect_plugin_runtime -from .schema import SubmitUrlInput, SubmitUrlOutput, Input, Output, Component - -# Custom imports below - - -class SubmitUrl(insightconnect_plugin_runtime.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="submit_url", - description=Component.DESCRIPTION, - input=SubmitUrlInput(), - output=SubmitUrlOutput(), - ) - - def run(self, params={}): - return { - Output.SUBMIT_URL_INFO: self.connection.mcafee_atd_api.submit_url( - params.get(Input.URL), params.get(Input.SUBMIT_TYPE) - ) - } diff --git a/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_url/schema.py b/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_url/schema.py deleted file mode 100644 index 5c645d42ed..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/actions/submit_url/schema.py +++ /dev/null @@ -1,281 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Component: - DESCRIPTION = "Upload URL for dynamic analysis" - - -class Input: - SUBMIT_TYPE = "submit_type" - URL = "url" - - -class Output: - SUBMIT_URL_INFO = "submit_url_info" - - -class SubmitUrlInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "submit_type": { - "type": "string", - "title": "Submit Type", - "description": "URL to submit for analysis (https://www.example.com) or file to analyze from a URL (e.g. https://www.example.com/PDF/14274les19.pdf)", - "default": "URL submission", - "enum": [ - "URL submission", - "File from URL" - ], - "order": 2 - }, - "url": { - "type": "string", - "title": "URL", - "description": "URL for analysis", - "order": 1 - } - }, - "required": [ - "url" - ] -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class SubmitUrlOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "submit_url_info": { - "$ref": "#/definitions/submit_info", - "title": "Submit URL Info", - "description": "Information about submitted URL", - "order": 1 - } - }, - "definitions": { - "results": { - "type": "object", - "title": "results", - "properties": { - "cache": { - "type": "integer", - "title": "Cache", - "description": "Cache", - "order": 1 - }, - "destIp": { - "type": "string", - "title": "Destination IP", - "description": "Destination IP", - "order": 2 - }, - "file": { - "type": "string", - "title": "File", - "description": "File", - "order": 3 - }, - "md5": { - "type": "string", - "title": "MD5", - "description": "MD5", - "order": 4 - }, - "messageId": { - "type": "string", - "title": "Message ID", - "description": "Message ID", - "order": 5 - }, - "sha1": { - "type": "string", - "title": "SHA1", - "description": "SHA1", - "order": 6 - }, - "sha256": { - "type": "string", - "title": "SHA256", - "description": "SHA256", - "order": 7 - }, - "size": { - "type": "string", - "title": "Size", - "description": "Size", - "order": 8 - }, - "srcIp": { - "type": "string", - "title": "Source IP", - "description": "Source IP", - "order": 9 - }, - "submitType": { - "type": "string", - "title": "Submit Type", - "description": "Submit type", - "order": 10 - }, - "taskId": { - "type": "integer", - "title": "Task ID", - "description": "Task ID", - "order": 11 - }, - "url": { - "type": "string", - "title": "URL", - "description": "URL", - "order": 12 - } - } - }, - "submit_info": { - "type": "object", - "title": "submit_info", - "properties": { - "estimatedTime": { - "type": "integer", - "title": "Estimated Time", - "description": "Estimated time", - "order": 1 - }, - "fileId": { - "type": "string", - "title": "File ID", - "description": "File ID", - "order": 2 - }, - "filesWait": { - "type": "integer", - "title": "Files Wait", - "description": "Files wait", - "order": 3 - }, - "mimeType": { - "type": "string", - "title": "MIME Type", - "description": "MIME type", - "order": 4 - }, - "results": { - "type": "array", - "title": "Results", - "description": "Results", - "items": { - "$ref": "#/definitions/results" - }, - "order": 5 - }, - "subId": { - "type": "integer", - "title": "Sub ID", - "description": "Sub ID", - "order": 6 - }, - "success": { - "type": "boolean", - "title": "Success", - "description": "Success", - "order": 7 - } - }, - "definitions": { - "results": { - "type": "object", - "title": "results", - "properties": { - "cache": { - "type": "integer", - "title": "Cache", - "description": "Cache", - "order": 1 - }, - "destIp": { - "type": "string", - "title": "Destination IP", - "description": "Destination IP", - "order": 2 - }, - "file": { - "type": "string", - "title": "File", - "description": "File", - "order": 3 - }, - "md5": { - "type": "string", - "title": "MD5", - "description": "MD5", - "order": 4 - }, - "messageId": { - "type": "string", - "title": "Message ID", - "description": "Message ID", - "order": 5 - }, - "sha1": { - "type": "string", - "title": "SHA1", - "description": "SHA1", - "order": 6 - }, - "sha256": { - "type": "string", - "title": "SHA256", - "description": "SHA256", - "order": 7 - }, - "size": { - "type": "string", - "title": "Size", - "description": "Size", - "order": 8 - }, - "srcIp": { - "type": "string", - "title": "Source IP", - "description": "Source IP", - "order": 9 - }, - "submitType": { - "type": "string", - "title": "Submit Type", - "description": "Submit type", - "order": 10 - }, - "taskId": { - "type": "integer", - "title": "Task ID", - "description": "Task ID", - "order": 11 - }, - "url": { - "type": "string", - "title": "URL", - "description": "URL", - "order": 12 - } - } - } - } - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/mcafee_atd/icon_mcafee_atd/connection/__init__.py b/plugins/mcafee_atd/icon_mcafee_atd/connection/__init__.py deleted file mode 100644 index a515dcf6b0..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/connection/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .connection import Connection diff --git a/plugins/mcafee_atd/icon_mcafee_atd/connection/connection.py b/plugins/mcafee_atd/icon_mcafee_atd/connection/connection.py deleted file mode 100644 index fa7bb63343..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/connection/connection.py +++ /dev/null @@ -1,32 +0,0 @@ -import insightconnect_plugin_runtime - -# Custom imports below -from .schema import ConnectionSchema, Input -from ..util.api import McAfeeATDAPI -from ..util.mcafee_request import McAfeeRequest - - -class Connection(insightconnect_plugin_runtime.Connection): - def __init__(self): - super(self.__class__, self).__init__(input=ConnectionSchema()) - self.authentication_header = None - self.mcafee_atd_api = None - - def connect(self, params={}): - self.logger.info("Connect: Connecting...") - credentials = params.get(Input.CREDENTIALS) - - self.mcafee_atd_api = McAfeeATDAPI( - McAfeeRequest( - params.get(Input.URL).rstrip("/"), - params.get(Input.PORT, 443), - params.get(Input.VERIFY_SSL, True), - self.logger, - ), - credentials.get("username"), - credentials.get("password"), - self.logger, - ) - - def test(self): - return {"success": self.mcafee_atd_api.get_login_headers().get("VE-SDK-API") is not None} diff --git a/plugins/mcafee_atd/icon_mcafee_atd/connection/schema.py b/plugins/mcafee_atd/icon_mcafee_atd/connection/schema.py deleted file mode 100644 index 246f85bbf9..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/connection/schema.py +++ /dev/null @@ -1,82 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Input: - CREDENTIALS = "credentials" - PORT = "port" - URL = "url" - VERIFY_SSL = "verify_ssl" - - -class ConnectionSchema(insightconnect_plugin_runtime.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "credentials": { - "$ref": "#/definitions/credential_username_password", - "title": "Credentials", - "description": "Username and password", - "order": 2 - }, - "port": { - "type": "integer", - "title": "Port", - "description": "The port number for provided host", - "default": 443, - "order": 4 - }, - "url": { - "type": "string", - "title": "URL", - "description": "Base URL for the McAfee Advanced Threat Defense server", - "order": 1 - }, - "verify_ssl": { - "type": "boolean", - "title": "Verify TLS/SSL", - "description": "Verify the server's TLS/SSL certificate", - "default": true, - "order": 3 - } - }, - "required": [ - "credentials", - "url" - ], - "definitions": { - "credential_username_password": { - "id": "credential_username_password", - "type": "object", - "title": "Credential: Username and Password", - "description": "A username and password combination", - "properties": { - "password": { - "type": "string", - "title": "Password", - "displayType": "password", - "description": "The password", - "format": "password", - "order": 2 - }, - "username": { - "type": "string", - "title": "Username", - "description": "The username to log in with", - "order": 1 - } - }, - "required": [ - "username", - "password" - ] - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/mcafee_atd/icon_mcafee_atd/triggers/__init__.py b/plugins/mcafee_atd/icon_mcafee_atd/triggers/__init__.py deleted file mode 100644 index bace8db897..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/triggers/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT diff --git a/plugins/mcafee_atd/icon_mcafee_atd/util/__init__.py b/plugins/mcafee_atd/icon_mcafee_atd/util/__init__.py deleted file mode 100644 index bace8db897..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/util/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT diff --git a/plugins/mcafee_atd/icon_mcafee_atd/util/api.py b/plugins/mcafee_atd/icon_mcafee_atd/util/api.py deleted file mode 100644 index f2191c152e..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/util/api.py +++ /dev/null @@ -1,125 +0,0 @@ -from insightconnect_plugin_runtime.exceptions import PluginException, ConnectionTestException -import json -import base64 -from .mcafee_request import McAfeeRequest - - -class McAfeeATDAPI: - def __init__(self, mc_afee_request: McAfeeRequest, username: str, password: str, logger: object): - self.mc_afee_request = mc_afee_request - self.username = username - self.password = password - self.logger = logger - self.STATUSES = { - "w": "Whitelisted", - "b": "Blacklisted", - "0": "Not found", - "j": "Previously submitted", - "Invalid input data": "Invalid hash value", - } - - def get_report(self, id: str, return_type: str, type_id: str): - param = "md5" - if type_id == "TASK ID": - param = "iTaskId" - elif type_id == "JOB ID": - param = "jobId" - - return self._make_login_request( - "GET", "showreport.php", params={param: id, "iType": return_type}, full_response=True - ) - - def list_analyzer_profiles(self): - return self._make_login_request("GET", "vmprofiles.php") - - def submit_file(self, file: dict, url_for_file: str) -> dict: - type_number = "0" - if url_for_file: - type_number = "2" - return self._make_login_request( - "POST", - "fileupload.php", - json_data={"data": json.dumps({"data": {"url": url_for_file, "submitType": type_number}})}, - files={"amas_filename": base64.decodebytes(file.get("content").encode("utf-8"))}, - ) - - def submit_url(self, url: str, submit_type: str) -> dict: - number_type = "1" - if submit_type == "File from URL": - number_type = "3" - return self._make_login_request( - "POST", - "fileupload.php", - {"data": json.dumps({"data": {"url": url, "submitType": number_type}})}, - ) - - def check_analysis_status(self, task_id: int, type: str): - param = "iTaskId" - if "job" == type: - param = "jobId" - - return self._make_login_request("GET", "samplestatus.php", params={param: task_id}) - - def submit_hash(self, md5_hash: str): - submit_hash = self._make_login_request("POST", "atdHashLookup.php", {"data": json.dumps({"md5": md5_hash})}) - - if not submit_hash.get("success", False): - raise PluginException( - cause="Unknown error occurred. ", - assistance="Please contact support or try again later.", - ) - - results = {} - statuses = submit_hash.get("results", {}) - for submitted_hash, status in statuses.items(): - results[submitted_hash.lower()] = self.STATUSES.get(status, status) - - return results - - def _get_login_headers(self): - session_response = self.mc_afee_request.make_json_request( - "POST", - "session.php", - headers={ - "Accept": "application/vnd.ve.v1.0+json", - "Content-Type": "application/json", - "VE-SDK-API": base64.encodebytes(f"{self.username}:{self.password}".encode()).decode("utf-8").rstrip(), - }, - ) - - if session_response.get("success", False): - session = session_response.get("results", {}).get("session") - user_id = session_response.get("results", {}).get("userId") - return { - "Accept": "application/vnd.ve.v1.0+json", - "VE-SDK-API": base64.encodebytes(f"{session}:{user_id}".encode()).decode("utf-8").rstrip(), - } - - raise ConnectionTestException(ConnectionTestException.Preset.USERNAME_PASSWORD) - - def _make_login_request( - self, - method: str, - path: str, - json_data: dict = None, - params: dict = None, - files: dict = None, - full_response: bool = False, - ): - headers = None - try: - headers = self._get_login_headers() - response = self.mc_afee_request.make_json_request( - method, - path, - params=params, - data=json_data, - files=files, - headers=headers, - full_response=full_response, - ) - return response - except ConnectionTestException as e: - raise PluginException(cause=e.cause, assistance=e.assistance, data=e.data) - finally: - self.mc_afee_request.make_json_request("DELETE", "session.php", headers=headers) diff --git a/plugins/mcafee_atd/icon_mcafee_atd/util/mcafee_request.py b/plugins/mcafee_atd/icon_mcafee_atd/util/mcafee_request.py deleted file mode 100644 index bc689a3381..0000000000 --- a/plugins/mcafee_atd/icon_mcafee_atd/util/mcafee_request.py +++ /dev/null @@ -1,51 +0,0 @@ -import requests -from insightconnect_plugin_runtime.exceptions import PluginException -import json - - -class McAfeeRequest: - def __init__(self, url: str, port: int, verify_ssl: bool, logger: object): - self.url = f"{url}:{str(port)}/php" - self.verify_ssl = verify_ssl - self.logger = logger - - def make_json_request( - self, - method, - path, - params=None, - data=None, - headers=None, - files=None, - full_response: bool = False, - ): - response = {"text": ""} - - try: - response = requests.request( - method, - f"{self.url}/{path}", - data=data, - params=params, - files=files, - headers=headers, - verify=self.verify_ssl, - ) - - if response.status_code == 403: - raise PluginException(preset=PluginException.Preset.API_KEY) - if response.status_code >= 400: - raise PluginException(preset=PluginException.Preset.UNKNOWN, data=response.text) - if 200 <= response.status_code < 300: - if full_response: - return response - - return response.json() - - raise PluginException(preset=PluginException.Preset.UNKNOWN, data=response.text) - except json.decoder.JSONDecodeError as e: - self.logger.info(f"Invalid JSON: {e}") - raise PluginException(preset=PluginException.Preset.INVALID_JSON, data=response.text) - except requests.exceptions.HTTPError as e: - self.logger.info(f"Call to McAfee ATD API failed: {e}") - raise PluginException(preset=PluginException.Preset.UNKNOWN, data=response.text) diff --git a/plugins/mcafee_atd/plugin.spec.yaml b/plugins/mcafee_atd/plugin.spec.yaml deleted file mode 100644 index 38a9fc6739..0000000000 --- a/plugins/mcafee_atd/plugin.spec.yaml +++ /dev/null @@ -1,693 +0,0 @@ -plugin_spec_version: v2 -extension: plugin -products: [insightconnect] -name: mcafee_atd -title: McAfee Advanced Threat Defense -description: McAfee Advanced Threat Defense provides an API framework for external applications to access core McAfeeATD functions through the REST protocol -version: 1.5.0 -vendor: rapid7 -support: rapid7 -status: [] -resources: - source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/mcafee_atd - license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE - vendor_url: https://www.mcafee.com -tags: - - mcafee - - atd - - advanced - - threat - - defense -hub_tags: - use_cases: [threat_detection_and_response, reporting_and_analytics] - keywords: [mcafee, atd, advanced, threat, defense] - features: [] -types: - output: - userid: - title: User ID - type: integer - description: User ID - required: false - taskid: - title: Task ID - type: integer - description: Task ID - required: false - istate: - title: Istate - type: integer - description: Istate - required: false - status: - title: Status - type: string - description: Status - required: false - filename: - title: Filename - type: string - description: Filename - required: false - md5: - title: MD5 - type: string - description: MD5 - required: false - vmProfile: - title: VM Profile - type: string - description: VM profile - required: false - jobid: - title: Job ID - type: integer - description: Job ID - required: false - submitTime: - title: Submit Time - type: string - description: Submit time - required: false - summaryFiles: - title: Summary Files - type: string - description: Summary files - required: false - useLogs: - title: Use Logs - type: string - description: Use logs - required: false - asmListing: - title: Asm Listing - type: string - description: Asm listing - required: false - PEInfo: - title: PE info - type: string - description: PE info - required: false - family: - title: Family - type: string - description: Family - required: false - vmName: - title: VM Name - type: string - description: VM name - required: false - vmDesc: - title: VM Desc - type: string - description: VM desc - required: false - job: - status: - title: Status - type: integer - description: Status - required: false - allEngineState: - title: All Engine State - type: integer - description: All engine state - required: false - severity: - title: Severity - type: integer - description: Severity - required: false - results: - cache: - title: Cache - type: integer - description: Cache - required: false - destIp: - title: Destination IP - type: string - description: Destination IP - required: false - file: - title: File - type: string - description: File - required: false - md5: - title: MD5 - type: string - description: MD5 - required: false - messageId: - title: Message ID - type: string - description: Message ID - required: false - sha1: - title: SHA1 - type: string - description: SHA1 - required: false - sha256: - title: SHA256 - type: string - description: SHA256 - required: false - size: - title: Size - type: string - description: Size - required: false - srcIp: - title: Source IP - type: string - description: Source IP - required: false - submitType: - title: Submit Type - type: string - description: Submit type - required: false - taskId: - title: Task ID - type: integer - description: Task ID - required: false - url: - title: URL - type: string - description: URL - required: false - submit_info: - estimatedTime: - title: Estimated Time - type: integer - description: Estimated time - required: false - fileId: - title: File ID - type: string - description: File ID - required: false - filesWait: - title: Files Wait - type: integer - description: Files wait - required: false - mimeType: - title: MIME Type - type: string - description: MIME type - required: false - results: - title: Results - type: "[]results" - description: Results - required: false - subId: - title: Sub ID - type: integer - description: Sub ID - required: false - success: - title: Success - type: boolean - description: Success - required: false - profiler_results: - artimas: - title: Artimas - type: integer - description: Artimas - required: false - asm: - title: Asm - type: integer - description: Asm - required: false - aviraAV: - title: Avira AV - type: integer - description: Avira AV - required: false - consoleLog: - title: Console Log - type: integer - description: Console log - required: false - createTime: - title: Create Time - type: string - description: Create time - required: false - customrules: - title: Customrules - type: integer - description: Customrules - required: false - default32OSName: - title: Default 32OS Name - type: string - description: Default 32OS name - required: false - default64OSName: - title: Default 64OS Name - type: string - description: Default 64OS name - required: false - defaultVM: - title: Default VM - type: integer - description: Default VM - required: false - dnnEnable: - title: DNN Enable - type: integer - description: DNN enable - required: false - dropZip: - title: Drop ZIP - type: integer - description: Drop ZIP - required: false - dumpZip: - title: Dump ZIP - type: integer - description: Dump ZIP - required: false - family: - title: Family - type: integer - description: Family - required: false - filePassword: - title: File Password - type: string - description: File password - required: false - filePassword1: - title: File Password 1 - type: string - description: File password 1 - required: false - flp: - title: FLP - type: integer - description: FLP - required: false - gam: - title: GAM - type: integer - description: GAM - required: false - gml: - title: GML - type: integer - description: GML - required: false - gtiTS: - title: GTI TS - type: integer - description: GTI TS - required: false - gtiURLRep: - title: GTI URL REP - type: integer - description: GTI URL REP - required: false - heuristic: - title: Heuristic - type: integer - description: Heuristic - required: false - imageid: - title: Image ID - type: integer - description: Image ID - required: false - internet: - title: Internet - type: integer - description: Internet - required: false - lastChange: - title: Last Change - type: string - description: Last change - required: false - locBlackList: - title: Loc Blacklist - type: integer - description: Loc blacklist - required: false - locWhiteList: - title: Loc Whitelist - type: integer - description: Loc whitelist - required: false - logZip: - title: Log ZIP - type: integer - description: Log ZIP - required: false - maxExecTime: - title: Max Exec Time - type: integer - description: Max exec time - required: false - memorydump: - title: Memory Dump - type: integer - description: Memory dump - required: false - mfeAV: - title: MFE AV - type: integer - description: MFE AV - required: false - minExecTime: - title: Min Exec Time - type: integer - description: Min exec time - required: false - name: - title: Name - type: string - description: Name - required: false - netLog: - title: Net Log - type: integer - description: Net log - required: false - netdriveZip: - title: Net Drive ZIP - type: integer - description: Net drive ZIP - required: false - noPDF: - title: No PDF - type: integer - description: No PDF - required: false - ntvLog: - title: Ntv Log - type: integer - description: Ntv log - required: false - openarchive: - title: Openarchive - type: integer - description: Openarchive - required: false - overrideOS: - title: Override OS - type: integer - description: Override OS - required: false - pe32: - title: PE32 - type: integer - description: PE32 - required: false - reAnalysis: - title: Re Analysis - type: integer - description: Re analysis - required: false - recusiveAnalysis: - title: Recusive Analysis - type: integer - description: Recusive analysis - required: false - runtimeArgument: - title: Runtime Argument - type: string - description: Runtime argument - required: false - sandbox: - title: Sandbox - type: integer - description: Sandbox - required: false - selectedOSName: - title: Selected OS Name - type: string - description: Selected OS name - required: false - sophosAV: - title: Sophos AV - type: integer - description: Sophos AV - required: false - ssAPIid: - title: SS API ID - type: integer - description: SS API ID - required: false - ssKeyid: - title: SS Key ID - type: integer - description: SS key ID - required: false - ssLevelid: - title: SS Level ID - type: integer - description: SS level ID - required: false - summary: - title: Summary - type: integer - description: Summary - required: false - userLog: - title: User Log - type: integer - description: User log - required: false - userid: - title: User ID - type: integer - description: User ID - required: false - vmDesc: - title: VM Desc - type: string - description: VM desc - required: false - vmProfileid: - title: VM Profileid - type: integer - description: VM profileid - required: false - xMode: - title: X Mode - type: integer - description: X mode - required: false - yaraScan: - title: Yara Scan - type: integer - description: Yara scan - required: false - yararules: - title: Yara Rules - type: integer - description: Yara rules - required: false -connection: - url: - title: URL - description: Base URL for the McAfee Advanced Threat Defense server - type: string - required: true - example: https://www.example.com - credentials: - title: Credentials - description: Username and password - type: credential_username_password - required: true - example: '{"username":"user1", "password":"mypassword"}' - verify_ssl: - title: Verify TLS/SSL - type: boolean - description: Verify the server's TLS/SSL certificate - default: true - required: false - example: true - port: - title: Port - description: The port number for provided host - type: integer - default: 443 - required: false - example: 443 -actions: - submit_hash: - title: Check Hash Status - description: Check if a MD5 hash is blacklisted or whitelisted - input: - hash: - title: MD5 Hash - description: MD5 Hash to submit - type: string - required: true - example: 9de5069c5afe602b2ea0a04b66beb2c0 - output: - success: - title: Success - description: Success status of submit Hash request - type: boolean - required: true - results: - title: Results - description: Return information about given MD5 Hash - type: object - required: true - check_analysis_status: - title: Check Analysis Status - description: Checks the analysis status - input: - analysis_id: - title: Analysis ID - description: Task ID or job ID value which is returned in submission step - type: integer - required: true - example: 13 - type: - title: Type - description: Type of ID, default value is task - type: string - required: false - default: task - enum: - - task - - job - output: - success: - title: Success - description: Success status of analysis ID - type: boolean - required: false - results: - title: Results - description: Return information about given Task ID - type: output - required: false - job_results: - title: Job Results - description: Return information about given Job ID - type: job - required: false - submit_url: - title: Submit URL - description: Upload URL for dynamic analysis - input: - url: - title: URL - description: URL for analysis - type: string - required: true - example: https://www.example.com - submit_type: - title: Submit Type - description: URL to submit for analysis (https://www.example.com) or file to analyze from a URL (e.g. https://www.example.com/PDF/14274les19.pdf) - type: string - required: false - default: URL submission - enum: - - URL submission - - File from URL - output: - submit_url_info: - title: Submit URL Info - description: Information about submitted URL - type: submit_info - required: false - submit_file: - title: Submit File - description: Upload file for dynamic analysis - input: - file: - title: File - description: File for analysis - type: file - required: true - example: '{"filename": "setup.exe", "content": "UmFwaWQ3IEluc2lnaHRDb25uZWN0Cg=="}' - url_for_file: - title: File URL - description: You can also submit the URL from which the file is downloaded. In this case, a McAfee GTI URL look up is done on the submitted URL in addition to file analysis - type: string - required: false - example: https://www.example.com/download/latest - output: - submit_file_info: - title: Submit File Info - description: Information about submitted file - type: submit_info - required: false - list_analyzer_profiles: - title: List Analyzer Profiles - description: Display the analyzer profiles to which the user has access - output: - profiler_results: - title: Profiler Results - description: Displays the analyzer profiles, which the user can access - type: "[]profiler_results" - required: true - success: - title: Success - description: Returns true if found information about analyzer profiles - type: boolean - required: true - get_report: - title: Get Report - description: Download the report of an analysis - input: - id: - title: ID - description: The Task ID, job ID, or MD5 value for the prepared analysis report - type: string - required: true - example: 13 - type_id: - title: Type ID - description: Type of given ID parameter, the type must match the value of the ID field. The default value is MD5 - type: string - required: false - default: MD5 - example: TASK ID - enum: - - MD5 - - TASK ID - - JOB ID - report_type: - title: Report Type - description: The file type of the report to return in the file output - type: string - required: false - default: HTML - example: HTML - enum: - - HTML - - TXT - - ZIP - - XML - - IOC - - STIX - - PDF - - SAMPLE - output: - file: - title: File - description: Prepared analysis report - type: bytes - required: true - report: - title: Report - description: Return report in JSON - type: object - required: false diff --git a/plugins/mcafee_atd/requirements.txt b/plugins/mcafee_atd/requirements.txt deleted file mode 100644 index 0aa2d806e0..0000000000 --- a/plugins/mcafee_atd/requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -# List third-party dependencies here, separated by newlines. -# All dependencies must be version-pinned, eg. requests==1.2.0 -# See: https://pip.pypa.io/en/stable/user_guide/#requirements-files -validators==0.15.0 \ No newline at end of file diff --git a/plugins/mcafee_atd/setup.py b/plugins/mcafee_atd/setup.py deleted file mode 100644 index 0a12456676..0000000000 --- a/plugins/mcafee_atd/setup.py +++ /dev/null @@ -1,14 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from setuptools import setup, find_packages - - -setup(name="mcafee_atd-rapid7-plugin", - version="1.5.0", - description="McAfee Advanced Threat Defense provides an API framework for external applications to access core McAfeeATD functions through the REST protocol", - author="rapid7", - author_email="", - url="", - packages=find_packages(), - install_requires=['insightconnect-plugin-runtime'], # Add third-party dependencies to requirements.txt, not here! - scripts=['bin/icon_mcafee_atd'] - ) diff --git a/plugins/sonicwall_capture_client/.CHECKSUM b/plugins/sonicwall_capture_client/.CHECKSUM deleted file mode 100644 index 0125d4bcb7..0000000000 --- a/plugins/sonicwall_capture_client/.CHECKSUM +++ /dev/null @@ -1,15 +0,0 @@ -{ - "spec": "a9acc2509e0e39df64c05035d14111b2", - "manifest": "5096b5a5be7203dc2983723837ffc8c3", - "setup": "9a27e7de615d6b9fc57d5593611ebac4", - "schemas": [ - { - "identifier": "get_agent_details/schema.py", - "hash": "a3014f4f47d3b31e4d6b20eedea4985f" - }, - { - "identifier": "connection/schema.py", - "hash": "efaf899d805cc6ca326a5b945276275b" - } - ] -} \ No newline at end of file diff --git a/plugins/sonicwall_capture_client/.dockerignore b/plugins/sonicwall_capture_client/.dockerignore deleted file mode 100644 index 93dc53fb01..0000000000 --- a/plugins/sonicwall_capture_client/.dockerignore +++ /dev/null @@ -1,9 +0,0 @@ -unit_test/**/* -unit_test -examples/**/* -examples -tests -tests/**/* -**/*.json -**/*.tar -**/*.gz \ No newline at end of file diff --git a/plugins/sonicwall_capture_client/Dockerfile b/plugins/sonicwall_capture_client/Dockerfile deleted file mode 100644 index 1e28bc3373..0000000000 --- a/plugins/sonicwall_capture_client/Dockerfile +++ /dev/null @@ -1,26 +0,0 @@ -FROM rapid7/insightconnect-python-3-38-plugin:4 -# Refer to the following documentation for available SDK parent images: https://docs.rapid7.com/insightconnect/sdk-guide/#sdk-guide - -LABEL organization=rapid7 -LABEL sdk=python - -# Add any custom package dependencies here -# NOTE: Add pip packages to requirements.txt - -# End package dependencies - -# Add source code -WORKDIR /python/src -ADD ./plugin.spec.yaml /plugin.spec.yaml -ADD . /python/src - -# Install pip dependencies -RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi - -# Install plugin -RUN python setup.py build && python setup.py install - -# User to run plugin code. The two supported users are: root, nobody -USER nobody - -ENTRYPOINT ["/usr/local/bin/icon_sonicwall_capture_client"] diff --git a/plugins/sonicwall_capture_client/Makefile b/plugins/sonicwall_capture_client/Makefile deleted file mode 100644 index cb85f96b6c..0000000000 --- a/plugins/sonicwall_capture_client/Makefile +++ /dev/null @@ -1,53 +0,0 @@ -# Include other Makefiles for improved functionality -INCLUDE_DIR = ../../tools/Makefiles -MAKEFILES := $(wildcard $(INCLUDE_DIR)/*.mk) -# We can't guarantee customers will have the include files -# - prefix to ignore Makefiles when not present -# https://www.gnu.org/software/make/manual/html_node/Include.html --include $(MAKEFILES) - -ifneq ($(MAKEFILES),) - $(info [$(YELLOW)*$(NORMAL)] Use ``make menu`` for available targets) - $(info [$(YELLOW)*$(NORMAL)] Including available Makefiles: $(MAKEFILES)) - $(info --) -else - $(warning Makefile includes directory not present: $(INCLUDE_DIR)) -endif - -VERSION?=$(shell grep '^version: ' plugin.spec.yaml | sed 's/version: //') -NAME?=$(shell grep '^name: ' plugin.spec.yaml | sed 's/name: //') -VENDOR?=$(shell grep '^vendor: ' plugin.spec.yaml | sed 's/vendor: //') -CWD?=$(shell basename $(PWD)) -_NAME?=$(shell echo $(NAME) | awk '{ print toupper(substr($$0,1,1)) tolower(substr($$0,2)) }') -PKG=$(VENDOR)-$(NAME)-$(VERSION).tar.gz - -# Set default target explicitly. Make's default behavior is the first target in the Makefile. -# We don't want that behavior due to includes which are read first -.DEFAULT_GOAL := default # Make >= v3.80 (make -version) - - -default: image tarball - -tarball: - $(info [$(YELLOW)*$(NORMAL)] Creating plugin tarball) - rm -rf build - rm -rf $(PKG) - tar -cvzf $(PKG) --exclude=$(PKG) --exclude=tests --exclude=run.sh * - -image: - $(info [$(YELLOW)*$(NORMAL)] Building plugin image) - docker build --pull -t $(VENDOR)/$(NAME):$(VERSION) . - docker tag $(VENDOR)/$(NAME):$(VERSION) $(VENDOR)/$(NAME):latest - -regenerate: - $(info [$(YELLOW)*$(NORMAL)] Regenerating schema from plugin.spec.yaml) - icon-plugin generate python --regenerate - -export: image - $(info [$(YELLOW)*$(NORMAL)] Exporting docker image) - @printf "\n ---> Exporting Docker image to ./$(VENDOR)_$(NAME)_$(VERSION).tar\n" - @docker save $(VENDOR)/$(NAME):$(VERSION) | gzip > $(VENDOR)_$(NAME)_$(VERSION).tar - -# Make will not run a target if a file of the same name exists unless setting phony targets -# https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html -.PHONY: default tarball image regenerate diff --git a/plugins/sonicwall_capture_client/bin/icon_sonicwall_capture_client b/plugins/sonicwall_capture_client/bin/icon_sonicwall_capture_client deleted file mode 100644 index 6e11f1ccdb..0000000000 --- a/plugins/sonicwall_capture_client/bin/icon_sonicwall_capture_client +++ /dev/null @@ -1,46 +0,0 @@ -#!/usr/bin/env python -# GENERATED BY KOMAND SDK - DO NOT EDIT -import os -import json -from sys import argv - -Name = "SonicWall Capture Client" -Vendor = "rapid7" -Version = "1.0.1" -Description = "SonicWall Capture Client is a unified client platform that delivers multiple endpoint protection capabilities, including next-generation malware protection and application vulnerability intelligence" - - -def main(): - if 'http' in argv: - if os.environ.get("GUNICORN_CONFIG_FILE"): - with open(os.environ.get("GUNICORN_CONFIG_FILE")) as gf: - gunicorn_cfg = json.load(gf) - if gunicorn_cfg.get("worker_class", "sync") == "gevent": - from gevent import monkey - monkey.patch_all() - elif 'gevent' in argv: - from gevent import monkey - monkey.patch_all() - - import insightconnect_plugin_runtime - from icon_sonicwall_capture_client import connection, actions, triggers - - class ICONSonicwallCaptureClient(insightconnect_plugin_runtime.Plugin): - def __init__(self): - super(self.__class__, self).__init__( - name=Name, - vendor=Vendor, - version=Version, - description=Description, - connection=connection.Connection() - ) - self.add_action(actions.GetAgentDetails()) - - - """Run plugin""" - cli = insightconnect_plugin_runtime.CLI(ICONSonicwallCaptureClient()) - cli.run() - - -if __name__ == "__main__": - main() diff --git a/plugins/sonicwall_capture_client/extension.png b/plugins/sonicwall_capture_client/extension.png deleted file mode 100644 index 12cb2a8d6a..0000000000 Binary files a/plugins/sonicwall_capture_client/extension.png and /dev/null differ diff --git a/plugins/sonicwall_capture_client/help.md b/plugins/sonicwall_capture_client/help.md deleted file mode 100644 index 035dd1bebc..0000000000 --- a/plugins/sonicwall_capture_client/help.md +++ /dev/null @@ -1,493 +0,0 @@ -# Description - -[SonicWall Capture Client](https://www.sonicwall.com/products/firewalls/security-services/capture-client/) is a unified client platform that delivers multiple endpoint protection capabilities, including next-generation malware protection and application vulnerability intelligence. - -# Key Features - -* Get agent details - -# Requirements - -* E-mail address and password for SonicWall Capture Client - -# Documentation - -## Setup - -The connection configuration accepts the following parameters: - -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|credentials|credential_username_password|None|True|Email address and password|None|{"username": "admin", "password": "mypassword"}| - -Example input: - -``` -{ - "credentials": { - "username": "user@example.com", - "password": "mypassword" - } -} -``` - -## Technical Details - -### Actions - -#### Get Agent Details - -This action is used to get details for an agent. - -##### Input - -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|agent|string|None|True|Agent to retrieve device information from. Accepts IP address, MAC address, hostname, or device ID|None|198.51.100.100| - -Example input: - -``` -{ - "agent": "198.51.100.100" -} -``` - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|agent|agent_information|True|Information about an agent| - -Example output: - -``` -{ - "agent": { - "activeDirectory": { - "computerMemberOf": [], - "lastUserMemberOf": [] - }, - "activeThreats": 0, - "agentVersion": "3.6.6.104", - "alerts": [], - "applications": [ - { - "installedDate": "2018-02-09T13:29:03.379000Z", - "name": "Microsoft Silverlight", - "publisher": "Microsoft Corporation", - "size": 255445, - "version": "5.1.50907.0" - } - ], - "clientState": "commissioned", - "clientStateTs": 1594401180, - "clientVersion": "3.0.11.311", - "createdAt": "2020-07-10T17:13:02.467Z", - "currentUser": "CAPCLIENT-W12\\Administrator", - "deviceId": "3459A567-123c-BFB2-456C-3451ACD36785", - "deviceSettingsTs": 0, - "deviceType": "server", - "domain": "WORKGROUP", - "encryptedApplications": false, - "enforcedPolicy": [ - { - "_id": "1236d676787f05678c57876b", - "policy": { - "agentPolicySettings": { - "_id": "52342e2340b565670567563f", - "addToKeychain": true, - "addToWindowsStore": true, - "certificates": [], - "firefoxStoreMac": "firefox", - "firefoxStoreWindows": "firefox", - "keepAfterUninstallClient": false - }, - "enforced": true, - "name": "Default Trusted Certificates Policy", - "policyId": "84123765-9543-4075-a543-567c65673345", - "policyTs": 1345345534, - "releaseGuid": "bb345567-1567-4567-a678-078992890a30", - "tenant": "1232e1239056b478901542b", - "type": "5", - "typeDescription": "Trusted Certificates", - "uninstall": false - }, - "policyTs": 1234304565, - "type": "agentPolicy" - } - ], - "externalIp": "198.51.100.100", - "firewallProtectionMode": "unprotected", - "geoLocation": { - "coordinates": [ - -105.2142, - 39.9469 - ], - "type": "Point" - }, - "groups": [], - "hwModel": "VMware Virtual Platform", - "infected": false, - "installToken": "CB123234-9345-4567-9678-19765B68763B", - "ip": "198.51.100.100", - "isActive": false, - "isMobile": false, - "isPendingUninstall": false, - "lastPolicyId": "1239f234-4357-4456-9456-456a87678765", - "lastPolicyUpdateTs": 1597440358, - "licenses": [ - { - "__v": 0, - "_id": "1234234550b5678900f15678", - "createdAt": "2020-07-09T14:51:41.222Z", - "expiration": 1628434375, - "level": "advanced", - "licenseId": "12352345-d432-7655-0987-123456701234", - "nbAvailable": 9, - "nbTotal": 10, - "startDate": 1594306280, - "tenant": "5678efd56786b4567f1234b", - "trial": true, - "type": "4", - "updatedAt": "2020-07-09T14:53:15.728Z", - "vendor": "SentinelOne" - } - ], - "localIp": "198.51.100.100", - "location": { - "city": "Louisville", - "country": "United States", - "countryCode": "US" - }, - "locationTs": 1597442155, - "macAddress": "00-50-56-94-28-B7", - "mitigationMode": "protect", - "mitigationModeSuspicious": "detect", - "name": "capclient-w12", - "network": { - "__v": 0, - "_id": "1234a23456add7890bf65476", - "device": "1234a23456add7890bf65476", - "interfaces": [ - { - "dnsServers": [ - "198.51.100.100" - ], - "ipV4Addresses": [ - "198.51.100.100" - ], - "ipV6Addresses": [ - "fe80::d4b3:dbae:60e5:5aa5" - ], - "macAddress": "00-50-56-94-28-B7", - "name": "Ethernet0" - } - ], - "routes": [ - { - "dst": "0.0.0.0", - "gateway": "198.51.100.1", - "interface": "198.51.100.100" - } - ] - }, - "networkStatus": "connected", - "onlineStatus": "SentinelOne Offline", - "os": "Windows Server 2012 R2 Standard", - "osVersion": "6.3.9600.19724", - "processTs": 1597440360, - "processes": [ - { - "executablePath": "C:\\Windows\\System32\\wininit.exe", - "memoryUsage": 4415488, - "pid": 396, - "processName": "wininit.exe", - "startTime": 1594401465, - "version": "6.3.9600.18577" - } - ], - "processorType": "x86_64", - "releaseGuids": [], - "s1AgentId": "49195437ae345123=1231b145647b45665", - "s1GroupId": "987685587675345543", - "s1Passphrase": "cmFwaWQ3IGluc2lnaHRjb25uZWN0Cg==", - "s1PassphraseTs": 1594401393, - "scanStatus": "none", - "scanStatusTs": 0, - "serverType": "default", - "telemetryTs": 159744555, - "tenant": { - "_id": "1234a23456add7890bf65476", - "s1Settings": "1234a23456add7890bf65476", - "tenantId": "cb123234-9345-4567-9678-19765b68763b", - "tenantName": "Rapid7 Products-CC999991B199" - }, - "timezoneName": "Pacific Daylight Time", - "timezoneOffset": "-700", - "uninstallPwd": "syu3AG1Z86YbG", - "updatedAt": "2020-08-14T22:03:50.847Z", - "userActionsNeeded": [], - "users": [ - { - "policies": [], - "tenant": { - "_id": "1234a23456add7890bf65476", - "tenantId": "cb123234-9345-4567-9678-19765b68763b", - "tenantName": "Rapid7 Products-CC000001B199" - }, - "userGroups": [], - "userId": "12323234-3456-7654-8765-197652347765", - "username": "CAPUSER-W12\\Administrator" - } - ] - } -} - -``` - -### Triggers - -_This plugin does not contain any triggers._ - -### Custom Output Types - -#### activeDirectory - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|Computer Member of|[]object|False|Computer member of| -|Last User Member of|[]object|False|Last user member of| - -#### agentPolicySettings - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|ID|string|False|ID| -|Add to Keychain|boolean|False|Add to keychain| -|Add to Windows Store|boolean|False|Add to windows store| -|Certificates|[]object|False|Certificates| -|Firefox Store MAC|string|False|Firefox store MAC| -|Firefox Store Windows|string|False|Firefox store windows| -|Keep After Uninstall Client|boolean|False|Keep after uninstall client| - -#### agent_information - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|Active Directory|activeDirectory|False|Active directory| -|Active Threats|integer|False|Active threats| -|Agent Version|string|False|Agent version| -|Alerts|[]object|False|Alerts| -|Applications|[]applications|False|Applications| -|Client State|string|False|Client state| -|Client State TS|integer|False|Clientstate TS| -|Client Version|string|False|Client version| -|Created At|string|False|Created at| -|Current Firewall SN|string|False|Current firewall SN| -|Current User|string|False|Current user| -|Device ID|string|False|Device ID| -|Device Settings TS|integer|False|Device settings TS| -|Device Type|string|False|Device type| -|Domain|string|False|Domain| -|Encrypted Applications|boolean|False|Encrypted applications| -|Enforced Policy|[]enforcedPolicy|False|Enforced policy| -|External IP|string|False|Externali IP| -|Firewall Protection Mode|string|False|Firewall protection mode| -|GEO Location|geoLocation|False|GEO Location| -|Groups|[]object|False|Groups| -|HW Model|string|False|HW model| -|Infected|boolean|False|Infected| -|Install Token|string|False|Install token| -|IP|string|False|IP| -|Is Active|boolean|False|Is active| -|Is Mobile|boolean|False|Is mobile| -|Is Pending Uninstall|boolean|False|Is pending uninstall| -|Last Policy ID|string|False|Last policy ID| -|Last Policy Update TS|integer|False|Last policy update TS| -|Licenses|[]licenses|False|Licenses| -|Local IP|string|False|Local IP| -|Location|location|False|Location| -|Location TS|integer|False|Location TS| -|MAC Address|string|False|MAC address| -|Mitigation Mode|string|False|Mitigation mode| -|Mitigation Mode Suspicious|string|False|Mitigation mode suspicious| -|Name|string|False|Name| -|Network|network|False|Network| -|Network Status|string|False|Network status| -|Online Status|string|False|Online status| -|OS|string|False|OS| -|OS Version|string|False|OS version| -|Process TS|integer|False|Process TS| -|Processes|[]processes|False|Processes| -|Processor Type|string|False|Processor type| -|Release GUIDS|[]object|False|Release GUIDS| -|S1 Agent ID|string|False|S1 agent ID| -|S1 Group ID|string|False|S1 group ID| -|S1 Passphrase|string|False|S1 passphrase| -|S1 Passphrase TS|integer|False|S1 passphrase TS| -|Scan Aborted At|string|False|Scan aborted at| -|Scan Finished At|string|False|Scan finished at| -|Scan Started At|string|False|Scan started at| -|Scan Status|string|False|Scan status| -|Scan Status TS|integer|False|Scan status TS| -|Server Type|string|False|Server type| -|Telemetry TS|integer|False|Telemetry TS| -|Tenant|tenant|False|Tenant| -|Timezone Name|string|False|Timezone name| -|Timezone Offset|string|False|Timezone offset| -|Uninstall PWD|string|False|Uninstall PWD| -|Updated At|string|False|Updated at| -|User Actions Needed|[]object|False|User actions needed| -|Users|[]users|False|Users| - -#### applications - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|Installed Date|string|False|Installed date| -|Name|string|False|Name| -|Publisher|string|False|Publisher| -|Size|integer|False|Size| -|Version|string|False|Version| - -#### enforcedPolicy - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|ID|string|False|ID| -|Policy|policy|False|Policy| -|Policy TS|integer|False|Policy TS| -|Type|string|False|Type| - -#### geoLocation - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|Coordinates|[]float|False|Coordinates| -|Type|string|False|Type| - -#### interfaces - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|DNS Servers|[]string|False|DNS Servers| -|IPv4 Addresses|[]string|False|IPv4 addresses| -|IPv6 Addresses|[]string|False|IPv6 addresses| -|MAC Address|string|False|MAC address| -|Name|string|False|Name| - -#### licenses - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|V|integer|False|V| -|ID|string|False|ID| -|Created At|string|False|Created at| -|Expiration|integer|False|Expiration| -|Level|string|False|Level| -|License ID|string|False|License ID| -|NB Available|integer|False|NB available| -|NB Total|integer|False|NB total| -|Start Date|integer|False|Start date| -|Tenant|string|False|Tenant| -|Trial|boolean|False|Trial| -|Type|string|False|Type| -|Updated At|string|False|Updated at| -|Vendor|string|False|Vendor| - -#### location - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|City|string|False|City| -|Country|string|False|Country| -|Countrycode|string|False|Countrycode| - -#### network - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|V|integer|False|v| -|ID|string|False|ID| -|Device|string|False|Device| -|Interfaces|[]interfaces|False|Interfaces| -|Routes|[]routes|False|Routes| - -#### policy - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|Agent Policy Settings|agentPolicySettings|False|Agent policy settings| -|Enforced|boolean|False|Enforced| -|Name|string|False|Name| -|Policy ID|string|False|Policy ID| -|Policy TS|integer|False|Policy TS| -|Release GUID|string|False|Release GUID| -|Tenant|string|False|Tenant| -|Type|string|False|Type| -|Type Description|string|False|Type description| -|Uninstall|boolean|False|Uninstall| - -#### processes - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|Description|string|False|Description| -|Executable Path|string|False|Executable path| -|Memory Usage|integer|False|Memory usage| -|PID|integer|False|PID| -|Process Name|string|False|Process name| -|Start Time|integer|False|Start time| -|Version|string|False|Version| - -#### routes - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|DST|string|False|DST| -|Gateway|string|False|Gateway| -|Interface|string|False|Interface| - -#### tenant - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|ID|string|False|ID| -|S1 Settings|string|False|S1 settings| -|Tenant ID|string|False|Tenant ID| -|Tenant Name|string|False|Tenant name| - -#### tenant_0 - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|ID|string|False|ID| -|Tenant ID|string|False|Tenant ID| -|Tenant Name|string|False|Tenant Name| - -#### users - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|Full Name|string|False|Full name| -|Policies|[]object|False|Policies| -|Tenant|tenant_0|False|Tenant| -|User Groups|[]object|False|User groups| -|User ID|string|False|User ID| -|Username|string|False|Username| - -## Troubleshooting - -_This plugin does not contain any troubleshooting information._ - -# Version History - -* 1.0.1 - Correct spelling in help.md -* 1.0.0 - Initial plugin - -# Links - -## References - -* [SonicWall Capture Client](https://www.sonicwall.com/products/firewalls/security-services/capture-client/) diff --git a/plugins/sonicwall_capture_client/icon.png b/plugins/sonicwall_capture_client/icon.png deleted file mode 100644 index da90d56be6..0000000000 Binary files a/plugins/sonicwall_capture_client/icon.png and /dev/null differ diff --git a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/__init__.py b/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/__init__.py deleted file mode 100644 index bace8db897..0000000000 --- a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT diff --git a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/actions/__init__.py b/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/actions/__init__.py deleted file mode 100644 index 2af779fac9..0000000000 --- a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/actions/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .get_agent_details.action import GetAgentDetails diff --git a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/actions/get_agent_details/__init__.py b/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/actions/get_agent_details/__init__.py deleted file mode 100644 index 5c8ec82e32..0000000000 --- a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/actions/get_agent_details/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .action import GetAgentDetails diff --git a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/actions/get_agent_details/action.py b/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/actions/get_agent_details/action.py deleted file mode 100644 index 0ccd2c241c..0000000000 --- a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/actions/get_agent_details/action.py +++ /dev/null @@ -1,64 +0,0 @@ -import insightconnect_plugin_runtime -from .schema import GetAgentDetailsInput, GetAgentDetailsOutput, Input, Output, Component - -# Custom imports below -from insightconnect_plugin_runtime.exceptions import PluginException - - -class GetAgentDetails(insightconnect_plugin_runtime.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="get_agent_details", - description=Component.DESCRIPTION, - input=GetAgentDetailsInput(), - output=GetAgentDetailsOutput(), - ) - - def run(self, params={}): - all_endpoints = self.connection.client.get_endpoints_list() - agent = params.get(Input.AGENT) - searched_agents = [] - - for e in all_endpoints: - if self._is_agent_found(agent, e): - searched_agents.append(e) - - if len(searched_agents) > 1: - self.logger.info( - f"Multiple agents found that matched the query: {searched_agents}." f"We will act upon the first match." - ) - - if len(searched_agents) > 0: - device_id = searched_agents[0].get("deviceId") - install_token = searched_agents[0].get("installToken") - - return { - Output.AGENT: insightconnect_plugin_runtime.helper.clean( - self.connection.client.get_endpoint(device_id, install_token) - ) - } - - raise PluginException( - cause="Unable to return information about provided agent.", - assistance="Please provide an existed agent information.", - ) - - @staticmethod - def _is_agent_found(agent, e): - return ( - e.get("deviceId") == agent - or e.get("name") == agent - or e.get("domain") == agent - or e.get("localIp") == agent - or e.get("ip") == agent - or GetAgentDetails._is_mac(agent, e) - ) - - @staticmethod - def _is_mac(agent, e): - if e.get("macAddress") == agent: - return True - - normalize_mac = e.get("macAddress").lower().replace("-", "").replace(":", "") - normalize_agent = agent.lower().replace("-", "").replace(":", "") - return normalize_mac == normalize_agent diff --git a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/actions/get_agent_details/schema.py b/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/actions/get_agent_details/schema.py deleted file mode 100644 index 91547f62d4..0000000000 --- a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/actions/get_agent_details/schema.py +++ /dev/null @@ -1,2338 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Component: - DESCRIPTION = "Get details for an agent" - - -class Input: - AGENT = "agent" - - -class Output: - AGENT = "agent" - - -class GetAgentDetailsInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "agent": { - "type": "string", - "title": "Agent", - "description": "Agent to retrieve device information from. Accepts IP address, MAC address, hostname, or device ID", - "order": 1 - } - }, - "required": [ - "agent" - ] -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class GetAgentDetailsOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "agent": { - "$ref": "#/definitions/agent_information", - "title": "Agent", - "description": "Information about an agent", - "order": 1 - } - }, - "required": [ - "agent" - ], - "definitions": { - "activeDirectory": { - "type": "object", - "title": "activeDirectory", - "properties": { - "computerMemberOf": { - "type": "array", - "title": "Computer Member of", - "description": "Computer member of", - "items": { - "type": "object" - }, - "order": 1 - }, - "lastUserMemberOf": { - "type": "array", - "title": "Last User Member of", - "description": "Last user member of", - "items": { - "type": "object" - }, - "order": 2 - } - } - }, - "agentPolicySettings": { - "type": "object", - "title": "agentPolicySettings", - "properties": { - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "addToKeychain": { - "type": "boolean", - "title": "Add to Keychain", - "description": "Add to keychain", - "order": 2 - }, - "addToWindowsStore": { - "type": "boolean", - "title": "Add to Windows Store", - "description": "Add to windows store", - "order": 3 - }, - "certificates": { - "type": "array", - "title": "Certificates", - "description": "Certificates", - "items": { - "type": "object" - }, - "order": 4 - }, - "firefoxStoreMac": { - "type": "string", - "title": "Firefox Store MAC", - "description": "Firefox store MAC", - "order": 5 - }, - "firefoxStoreWindows": { - "type": "string", - "title": "Firefox Store Windows", - "description": "Firefox store windows", - "order": 6 - }, - "keepAfterUninstallClient": { - "type": "boolean", - "title": "Keep After Uninstall Client", - "description": "Keep after uninstall client", - "order": 7 - } - } - }, - "agent_information": { - "type": "object", - "title": "agent_information", - "properties": { - "activeDirectory": { - "$ref": "#/definitions/activeDirectory", - "title": "Active Directory", - "description": "Active directory", - "order": 1 - }, - "activeThreats": { - "type": "integer", - "title": "Active Threats", - "description": "Active threats", - "order": 2 - }, - "agentVersion": { - "type": "string", - "title": "Agent Version", - "description": "Agent version", - "order": 3 - }, - "alerts": { - "type": "array", - "title": "Alerts", - "description": "Alerts", - "items": { - "type": "object" - }, - "order": 4 - }, - "applications": { - "type": "array", - "title": "Applications", - "description": "Applications", - "items": { - "$ref": "#/definitions/applications" - }, - "order": 5 - }, - "clientState": { - "type": "string", - "title": "Client State", - "description": "Client state", - "order": 6 - }, - "clientStateTs": { - "type": "integer", - "title": "Client State TS", - "description": "Clientstate TS", - "order": 7 - }, - "clientVersion": { - "type": "string", - "title": "Client Version", - "description": "Client version", - "order": 8 - }, - "createdAt": { - "type": "string", - "title": "Created At", - "description": "Created at", - "order": 9 - }, - "currentFirewallSn": { - "type": "string", - "title": "Current Firewall SN", - "description": "Current firewall SN", - "order": 10 - }, - "currentUser": { - "type": "string", - "title": "Current User", - "description": "Current user", - "order": 11 - }, - "deviceId": { - "type": "string", - "title": "Device ID", - "description": "Device ID", - "order": 12 - }, - "deviceSettingsTs": { - "type": "integer", - "title": "Device Settings TS", - "description": "Device settings TS", - "order": 13 - }, - "deviceType": { - "type": "string", - "title": "Device Type", - "description": "Device type", - "order": 14 - }, - "domain": { - "type": "string", - "title": "Domain", - "description": "Domain", - "order": 15 - }, - "encryptedApplications": { - "type": "boolean", - "title": "Encrypted Applications", - "description": "Encrypted applications", - "order": 16 - }, - "enforcedPolicy": { - "type": "array", - "title": "Enforced Policy", - "description": "Enforced policy", - "items": { - "$ref": "#/definitions/enforcedPolicy" - }, - "order": 17 - }, - "externalIp": { - "type": "string", - "title": "External IP", - "description": "Externali IP", - "order": 18 - }, - "firewallProtectionMode": { - "type": "string", - "title": "Firewall Protection Mode", - "description": "Firewall protection mode", - "order": 19 - }, - "geoLocation": { - "$ref": "#/definitions/geoLocation", - "title": "GEO Location", - "description": "GEO Location", - "order": 20 - }, - "groups": { - "type": "array", - "title": "Groups", - "description": "Groups", - "items": { - "type": "object" - }, - "order": 21 - }, - "hwModel": { - "type": "string", - "title": "HW Model", - "description": "HW model", - "order": 22 - }, - "infected": { - "type": "boolean", - "title": "Infected", - "description": "Infected", - "order": 23 - }, - "installToken": { - "type": "string", - "title": "Install Token", - "description": "Install token", - "order": 24 - }, - "ip": { - "type": "string", - "title": "IP", - "description": "IP", - "order": 25 - }, - "isActive": { - "type": "boolean", - "title": "Is Active", - "description": "Is active", - "order": 26 - }, - "isMobile": { - "type": "boolean", - "title": "Is Mobile", - "description": "Is mobile", - "order": 27 - }, - "isPendingUninstall": { - "type": "boolean", - "title": "Is Pending Uninstall", - "description": "Is pending uninstall", - "order": 28 - }, - "lastPolicyId": { - "type": "string", - "title": "Last Policy ID", - "description": "Last policy ID", - "order": 29 - }, - "lastPolicyUpdateTs": { - "type": "integer", - "title": "Last Policy Update TS", - "description": "Last policy update TS", - "order": 30 - }, - "licenses": { - "type": "array", - "title": "Licenses", - "description": "Licenses", - "items": { - "$ref": "#/definitions/licenses" - }, - "order": 31 - }, - "localIp": { - "type": "string", - "title": "Local IP", - "description": "Local IP", - "order": 32 - }, - "location": { - "$ref": "#/definitions/location", - "title": "Location", - "description": "Location", - "order": 33 - }, - "locationTs": { - "type": "integer", - "title": "Location TS", - "description": "Location TS", - "order": 34 - }, - "macAddress": { - "type": "string", - "title": "MAC Address", - "description": "MAC address", - "order": 35 - }, - "mitigationMode": { - "type": "string", - "title": "Mitigation Mode", - "description": "Mitigation mode", - "order": 36 - }, - "mitigationModeSuspicious": { - "type": "string", - "title": "Mitigation Mode Suspicious", - "description": "Mitigation mode suspicious", - "order": 37 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 38 - }, - "network": { - "$ref": "#/definitions/network", - "title": "Network", - "description": "Network", - "order": 39 - }, - "networkStatus": { - "type": "string", - "title": "Network Status", - "description": "Network status", - "order": 40 - }, - "onlineStatus": { - "type": "string", - "title": "Online Status", - "description": "Online status", - "order": 41 - }, - "os": { - "type": "string", - "title": "OS", - "description": "OS", - "order": 42 - }, - "osVersion": { - "type": "string", - "title": "OS Version", - "description": "OS version", - "order": 43 - }, - "processTs": { - "type": "integer", - "title": "Process TS", - "description": "Process TS", - "order": 44 - }, - "processes": { - "type": "array", - "title": "Processes", - "description": "Processes", - "items": { - "$ref": "#/definitions/processes" - }, - "order": 45 - }, - "processorType": { - "type": "string", - "title": "Processor Type", - "description": "Processor type", - "order": 46 - }, - "releaseGuids": { - "type": "array", - "title": "Release GUIDS", - "description": "Release GUIDS", - "items": { - "type": "object" - }, - "order": 47 - }, - "s1AgentId": { - "type": "string", - "title": "S1 Agent ID", - "description": "S1 agent ID", - "order": 48 - }, - "s1GroupId": { - "type": "string", - "title": "S1 Group ID", - "description": "S1 group ID", - "order": 49 - }, - "s1Passphrase": { - "type": "string", - "title": "S1 Passphrase", - "description": "S1 passphrase", - "order": 50 - }, - "s1PassphraseTs": { - "type": "integer", - "title": "S1 Passphrase TS", - "description": "S1 passphrase TS", - "order": 51 - }, - "scanAbortedAt": { - "type": "string", - "title": "Scan Aborted At", - "description": "Scan aborted at", - "order": 52 - }, - "scanFinishedAt": { - "type": "string", - "title": "Scan Finished At", - "description": "Scan finished at", - "order": 53 - }, - "scanStartedAt": { - "type": "string", - "title": "Scan Started At", - "description": "Scan started at", - "order": 54 - }, - "scanStatus": { - "type": "string", - "title": "Scan Status", - "description": "Scan status", - "order": 55 - }, - "scanStatusTs": { - "type": "integer", - "title": "Scan Status TS", - "description": "Scan status TS", - "order": 56 - }, - "serverType": { - "type": "string", - "title": "Server Type", - "description": "Server type", - "order": 57 - }, - "telemetryTs": { - "type": "integer", - "title": "Telemetry TS", - "description": "Telemetry TS", - "order": 58 - }, - "tenant": { - "$ref": "#/definitions/tenant", - "title": "Tenant", - "description": "Tenant", - "order": 59 - }, - "timezoneName": { - "type": "string", - "title": "Timezone Name", - "description": "Timezone name", - "order": 60 - }, - "timezoneOffset": { - "type": "string", - "title": "Timezone Offset", - "description": "Timezone offset", - "order": 61 - }, - "uninstallPwd": { - "type": "string", - "title": "Uninstall PWD", - "description": "Uninstall PWD", - "order": 62 - }, - "updatedAt": { - "type": "string", - "title": "Updated At", - "description": "Updated at", - "order": 63 - }, - "userActionsNeeded": { - "type": "array", - "title": "User ctions Needed", - "description": "User actions needed", - "items": { - "type": "object" - }, - "order": 64 - }, - "users": { - "type": "array", - "title": "Users", - "description": "Users", - "items": { - "$ref": "#/definitions/users" - }, - "order": 65 - } - }, - "definitions": { - "activeDirectory": { - "type": "object", - "title": "activeDirectory", - "properties": { - "computerMemberOf": { - "type": "array", - "title": "Computer Member of", - "description": "Computer member of", - "items": { - "type": "object" - }, - "order": 1 - }, - "lastUserMemberOf": { - "type": "array", - "title": "Last User Member of", - "description": "Last user member of", - "items": { - "type": "object" - }, - "order": 2 - } - } - }, - "agentPolicySettings": { - "type": "object", - "title": "agentPolicySettings", - "properties": { - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "addToKeychain": { - "type": "boolean", - "title": "Add to Keychain", - "description": "Add to keychain", - "order": 2 - }, - "addToWindowsStore": { - "type": "boolean", - "title": "Add to Windows Store", - "description": "Add to windows store", - "order": 3 - }, - "certificates": { - "type": "array", - "title": "Certificates", - "description": "Certificates", - "items": { - "type": "object" - }, - "order": 4 - }, - "firefoxStoreMac": { - "type": "string", - "title": "Firefox Store MAC", - "description": "Firefox store MAC", - "order": 5 - }, - "firefoxStoreWindows": { - "type": "string", - "title": "Firefox Store Windows", - "description": "Firefox store windows", - "order": 6 - }, - "keepAfterUninstallClient": { - "type": "boolean", - "title": "Keep After Uninstall Client", - "description": "Keep after uninstall client", - "order": 7 - } - } - }, - "applications": { - "type": "object", - "title": "applications", - "properties": { - "installedDate": { - "type": "string", - "title": "Installed Date", - "description": "Installed date", - "order": 1 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 2 - }, - "publisher": { - "type": "string", - "title": "Publisher", - "description": "Publisher", - "order": 3 - }, - "size": { - "type": "integer", - "title": "Size", - "description": "Size", - "order": 4 - }, - "version": { - "type": "string", - "title": "Version", - "description": "Version", - "order": 5 - } - } - }, - "enforcedPolicy": { - "type": "object", - "title": "enforcedPolicy", - "properties": { - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "policy": { - "$ref": "#/definitions/policy", - "title": "Policy", - "description": "Policy", - "order": 2 - }, - "policyTs": { - "type": "integer", - "title": "Policy TS", - "description": "Policy TS", - "order": 3 - }, - "type": { - "type": "string", - "title": "Type", - "description": "Type", - "order": 4 - } - }, - "definitions": { - "agentPolicySettings": { - "type": "object", - "title": "agentPolicySettings", - "properties": { - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "addToKeychain": { - "type": "boolean", - "title": "Add to Keychain", - "description": "Add to keychain", - "order": 2 - }, - "addToWindowsStore": { - "type": "boolean", - "title": "Add to Windows Store", - "description": "Add to windows store", - "order": 3 - }, - "certificates": { - "type": "array", - "title": "Certificates", - "description": "Certificates", - "items": { - "type": "object" - }, - "order": 4 - }, - "firefoxStoreMac": { - "type": "string", - "title": "Firefox Store MAC", - "description": "Firefox store MAC", - "order": 5 - }, - "firefoxStoreWindows": { - "type": "string", - "title": "Firefox Store Windows", - "description": "Firefox store windows", - "order": 6 - }, - "keepAfterUninstallClient": { - "type": "boolean", - "title": "Keep After Uninstall Client", - "description": "Keep after uninstall client", - "order": 7 - } - } - }, - "policy": { - "type": "object", - "title": "policy", - "properties": { - "agentPolicySettings": { - "$ref": "#/definitions/agentPolicySettings", - "title": "Agent Policy Settings", - "description": "Agent policy settings", - "order": 1 - }, - "enforced": { - "type": "boolean", - "title": "Enforced", - "description": "Enforced", - "order": 2 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 3 - }, - "policyId": { - "type": "string", - "title": "Policy ID", - "description": "Policy ID", - "order": 4 - }, - "policyTs": { - "type": "integer", - "title": "Policy TS", - "description": "Policy TS", - "order": 5 - }, - "releaseGuid": { - "type": "string", - "title": "Release GUID", - "description": "Release GUID", - "order": 6 - }, - "tenant": { - "type": "string", - "title": "Tenant", - "description": "Tenant", - "order": 7 - }, - "type": { - "type": "string", - "title": "Type", - "description": "Type", - "order": 8 - }, - "typeDescription": { - "type": "string", - "title": "Type Description", - "description": "Type description", - "order": 9 - }, - "uninstall": { - "type": "boolean", - "title": "Uninstall", - "description": "Uninstall", - "order": 10 - } - }, - "definitions": { - "agentPolicySettings": { - "type": "object", - "title": "agentPolicySettings", - "properties": { - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "addToKeychain": { - "type": "boolean", - "title": "Add to Keychain", - "description": "Add to keychain", - "order": 2 - }, - "addToWindowsStore": { - "type": "boolean", - "title": "Add to Windows Store", - "description": "Add to windows store", - "order": 3 - }, - "certificates": { - "type": "array", - "title": "Certificates", - "description": "Certificates", - "items": { - "type": "object" - }, - "order": 4 - }, - "firefoxStoreMac": { - "type": "string", - "title": "Firefox Store MAC", - "description": "Firefox store MAC", - "order": 5 - }, - "firefoxStoreWindows": { - "type": "string", - "title": "Firefox Store Windows", - "description": "Firefox store windows", - "order": 6 - }, - "keepAfterUninstallClient": { - "type": "boolean", - "title": "Keep After Uninstall Client", - "description": "Keep after uninstall client", - "order": 7 - } - } - } - } - } - } - }, - "geoLocation": { - "type": "object", - "title": "geoLocation", - "properties": { - "coordinates": { - "type": "array", - "title": "Coordinates", - "description": "Coordinates", - "items": { - "type": "number" - }, - "order": 1 - }, - "type": { - "type": "string", - "title": "Type", - "description": "Type", - "order": 2 - } - } - }, - "interfaces": { - "type": "object", - "title": "interfaces", - "properties": { - "dnsServers": { - "type": "array", - "title": "DNS Servers", - "description": "DNS Servers", - "items": { - "type": "string" - }, - "order": 1 - }, - "ipV4Addresses": { - "type": "array", - "title": "IPv4 Addresses", - "description": "IPv4 addresses", - "items": { - "type": "string" - }, - "order": 2 - }, - "ipV6Addresses": { - "type": "array", - "title": "IPv6 Addresses", - "description": "IPv6 addresses", - "items": { - "type": "string" - }, - "order": 3 - }, - "macAddress": { - "type": "string", - "title": "MAC Address", - "description": "MAC address", - "order": 4 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 5 - } - } - }, - "licenses": { - "type": "object", - "title": "licenses", - "properties": { - "__v": { - "type": "integer", - "title": "V", - "description": "V", - "order": 1 - }, - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 2 - }, - "createdAt": { - "type": "string", - "title": "Created At", - "description": "Created at", - "order": 3 - }, - "expiration": { - "type": "integer", - "title": "Expiration", - "description": "Expiration", - "order": 4 - }, - "level": { - "type": "string", - "title": "Level", - "description": "Level", - "order": 5 - }, - "licenseId": { - "type": "string", - "title": "License ID", - "description": "License ID", - "order": 6 - }, - "nbAvailable": { - "type": "integer", - "title": "NB Available", - "description": "NB available", - "order": 7 - }, - "nbTotal": { - "type": "integer", - "title": "NB Total", - "description": "NB total", - "order": 8 - }, - "startDate": { - "type": "integer", - "title": "Start Date", - "description": "Start date", - "order": 9 - }, - "tenant": { - "type": "string", - "title": "Tenant", - "description": "Tenant", - "order": 10 - }, - "trial": { - "type": "boolean", - "title": "Trial", - "description": "Trial", - "order": 11 - }, - "type": { - "type": "string", - "title": "Type", - "description": "Type", - "order": 12 - }, - "updatedAt": { - "type": "string", - "title": "Updated At", - "description": "Updated at", - "order": 13 - }, - "vendor": { - "type": "string", - "title": "Vendor", - "description": "Vendor", - "order": 14 - } - } - }, - "location": { - "type": "object", - "title": "location", - "properties": { - "city": { - "type": "string", - "title": "City", - "description": "City", - "order": 1 - }, - "country": { - "type": "string", - "title": "Country", - "description": "Country", - "order": 2 - }, - "countryCode": { - "type": "string", - "title": "Countrycode", - "description": "Countrycode", - "order": 3 - } - } - }, - "network": { - "type": "object", - "title": "network", - "properties": { - "__v": { - "type": "integer", - "title": "V", - "description": "v", - "order": 1 - }, - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 2 - }, - "device": { - "type": "string", - "title": "Device", - "description": "Device", - "order": 3 - }, - "interfaces": { - "type": "array", - "title": "Interfaces", - "description": "Interfaces", - "items": { - "$ref": "#/definitions/interfaces" - }, - "order": 4 - }, - "routes": { - "type": "array", - "title": "Routes", - "description": "Routes", - "items": { - "$ref": "#/definitions/routes" - }, - "order": 5 - } - }, - "definitions": { - "interfaces": { - "type": "object", - "title": "interfaces", - "properties": { - "dnsServers": { - "type": "array", - "title": "DNS Servers", - "description": "DNS Servers", - "items": { - "type": "string" - }, - "order": 1 - }, - "ipV4Addresses": { - "type": "array", - "title": "IPv4 Addresses", - "description": "IPv4 addresses", - "items": { - "type": "string" - }, - "order": 2 - }, - "ipV6Addresses": { - "type": "array", - "title": "IPv6 Addresses", - "description": "IPv6 addresses", - "items": { - "type": "string" - }, - "order": 3 - }, - "macAddress": { - "type": "string", - "title": "MAC Address", - "description": "MAC address", - "order": 4 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 5 - } - } - }, - "routes": { - "type": "object", - "title": "routes", - "properties": { - "dst": { - "type": "string", - "title": "DST", - "description": "DST", - "order": 1 - }, - "gateway": { - "type": "string", - "title": "Gateway", - "description": "Gateway", - "order": 2 - }, - "interface": { - "type": "string", - "title": "Interface", - "description": "Interface", - "order": 3 - } - } - } - } - }, - "policy": { - "type": "object", - "title": "policy", - "properties": { - "agentPolicySettings": { - "$ref": "#/definitions/agentPolicySettings", - "title": "Agent Policy Settings", - "description": "Agent policy settings", - "order": 1 - }, - "enforced": { - "type": "boolean", - "title": "Enforced", - "description": "Enforced", - "order": 2 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 3 - }, - "policyId": { - "type": "string", - "title": "Policy ID", - "description": "Policy ID", - "order": 4 - }, - "policyTs": { - "type": "integer", - "title": "Policy TS", - "description": "Policy TS", - "order": 5 - }, - "releaseGuid": { - "type": "string", - "title": "Release GUID", - "description": "Release GUID", - "order": 6 - }, - "tenant": { - "type": "string", - "title": "Tenant", - "description": "Tenant", - "order": 7 - }, - "type": { - "type": "string", - "title": "Type", - "description": "Type", - "order": 8 - }, - "typeDescription": { - "type": "string", - "title": "Type Description", - "description": "Type description", - "order": 9 - }, - "uninstall": { - "type": "boolean", - "title": "Uninstall", - "description": "Uninstall", - "order": 10 - } - }, - "definitions": { - "agentPolicySettings": { - "type": "object", - "title": "agentPolicySettings", - "properties": { - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "addToKeychain": { - "type": "boolean", - "title": "Add to Keychain", - "description": "Add to keychain", - "order": 2 - }, - "addToWindowsStore": { - "type": "boolean", - "title": "Add to Windows Store", - "description": "Add to windows store", - "order": 3 - }, - "certificates": { - "type": "array", - "title": "Certificates", - "description": "Certificates", - "items": { - "type": "object" - }, - "order": 4 - }, - "firefoxStoreMac": { - "type": "string", - "title": "Firefox Store MAC", - "description": "Firefox store MAC", - "order": 5 - }, - "firefoxStoreWindows": { - "type": "string", - "title": "Firefox Store Windows", - "description": "Firefox store windows", - "order": 6 - }, - "keepAfterUninstallClient": { - "type": "boolean", - "title": "Keep After Uninstall Client", - "description": "Keep after uninstall client", - "order": 7 - } - } - } - } - }, - "processes": { - "type": "object", - "title": "processes", - "properties": { - "description": { - "type": "string", - "title": "Description", - "description": "Description", - "order": 1 - }, - "executablePath": { - "type": "string", - "title": "Executable Path", - "description": "Executable path", - "order": 2 - }, - "memoryUsage": { - "type": "integer", - "title": "Memory Usage", - "description": "Memory usage", - "order": 3 - }, - "pid": { - "type": "integer", - "title": "PID", - "description": "PID", - "order": 4 - }, - "processName": { - "type": "string", - "title": "Process Name", - "description": "Process name", - "order": 5 - }, - "startTime": { - "type": "integer", - "title": "Start Time", - "description": "Start time", - "order": 6 - }, - "version": { - "type": "string", - "title": "Version", - "description": "Version", - "order": 7 - } - } - }, - "routes": { - "type": "object", - "title": "routes", - "properties": { - "dst": { - "type": "string", - "title": "DST", - "description": "DST", - "order": 1 - }, - "gateway": { - "type": "string", - "title": "Gateway", - "description": "Gateway", - "order": 2 - }, - "interface": { - "type": "string", - "title": "Interface", - "description": "Interface", - "order": 3 - } - } - }, - "tenant": { - "type": "object", - "title": "tenant", - "properties": { - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "s1Settings": { - "type": "string", - "title": "S1 Settings", - "description": "S1 settings", - "order": 2 - }, - "tenantId": { - "type": "string", - "title": "Tenant ID", - "description": "Tenant ID", - "order": 3 - }, - "tenantName": { - "type": "string", - "title": "Tenant Name", - "description": "Tenant name", - "order": 4 - } - } - }, - "tenant_0": { - "type": "object", - "title": "tenant_0", - "properties": { - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "tenantId": { - "type": "string", - "title": "Tenant ID", - "description": "Tenant ID", - "order": 2 - }, - "tenantName": { - "type": "string", - "title": "Tenant Name", - "description": "Tenant Name", - "order": 3 - } - } - }, - "users": { - "type": "object", - "title": "users", - "properties": { - "fullName": { - "type": "string", - "title": "Full Name", - "description": "Full name", - "order": 1 - }, - "policies": { - "type": "array", - "title": "Policies", - "description": "Policies", - "items": { - "type": "object" - }, - "order": 2 - }, - "tenant": { - "$ref": "#/definitions/tenant_0", - "title": "Tenant", - "description": "Tenant", - "order": 3 - }, - "userGroups": { - "type": "array", - "title": "User Groups", - "description": "User groups", - "items": { - "type": "object" - }, - "order": 4 - }, - "userId": { - "type": "string", - "title": "User ID", - "description": "User ID", - "order": 5 - }, - "username": { - "type": "string", - "title": "Username", - "description": "Username", - "order": 6 - } - }, - "definitions": { - "tenant_0": { - "type": "object", - "title": "tenant_0", - "properties": { - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "tenantId": { - "type": "string", - "title": "Tenant ID", - "description": "Tenant ID", - "order": 2 - }, - "tenantName": { - "type": "string", - "title": "Tenant Name", - "description": "Tenant Name", - "order": 3 - } - } - } - } - } - } - }, - "applications": { - "type": "object", - "title": "applications", - "properties": { - "installedDate": { - "type": "string", - "title": "Installed Date", - "description": "Installed date", - "order": 1 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 2 - }, - "publisher": { - "type": "string", - "title": "Publisher", - "description": "Publisher", - "order": 3 - }, - "size": { - "type": "integer", - "title": "Size", - "description": "Size", - "order": 4 - }, - "version": { - "type": "string", - "title": "Version", - "description": "Version", - "order": 5 - } - } - }, - "enforcedPolicy": { - "type": "object", - "title": "enforcedPolicy", - "properties": { - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "policy": { - "$ref": "#/definitions/policy", - "title": "Policy", - "description": "Policy", - "order": 2 - }, - "policyTs": { - "type": "integer", - "title": "Policy TS", - "description": "Policy TS", - "order": 3 - }, - "type": { - "type": "string", - "title": "Type", - "description": "Type", - "order": 4 - } - }, - "definitions": { - "agentPolicySettings": { - "type": "object", - "title": "agentPolicySettings", - "properties": { - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "addToKeychain": { - "type": "boolean", - "title": "Add to Keychain", - "description": "Add to keychain", - "order": 2 - }, - "addToWindowsStore": { - "type": "boolean", - "title": "Add to Windows Store", - "description": "Add to windows store", - "order": 3 - }, - "certificates": { - "type": "array", - "title": "Certificates", - "description": "Certificates", - "items": { - "type": "object" - }, - "order": 4 - }, - "firefoxStoreMac": { - "type": "string", - "title": "Firefox Store MAC", - "description": "Firefox store MAC", - "order": 5 - }, - "firefoxStoreWindows": { - "type": "string", - "title": "Firefox Store Windows", - "description": "Firefox store windows", - "order": 6 - }, - "keepAfterUninstallClient": { - "type": "boolean", - "title": "Keep After Uninstall Client", - "description": "Keep after uninstall client", - "order": 7 - } - } - }, - "policy": { - "type": "object", - "title": "policy", - "properties": { - "agentPolicySettings": { - "$ref": "#/definitions/agentPolicySettings", - "title": "Agent Policy Settings", - "description": "Agent policy settings", - "order": 1 - }, - "enforced": { - "type": "boolean", - "title": "Enforced", - "description": "Enforced", - "order": 2 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 3 - }, - "policyId": { - "type": "string", - "title": "Policy ID", - "description": "Policy ID", - "order": 4 - }, - "policyTs": { - "type": "integer", - "title": "Policy TS", - "description": "Policy TS", - "order": 5 - }, - "releaseGuid": { - "type": "string", - "title": "Release GUID", - "description": "Release GUID", - "order": 6 - }, - "tenant": { - "type": "string", - "title": "Tenant", - "description": "Tenant", - "order": 7 - }, - "type": { - "type": "string", - "title": "Type", - "description": "Type", - "order": 8 - }, - "typeDescription": { - "type": "string", - "title": "Type Description", - "description": "Type description", - "order": 9 - }, - "uninstall": { - "type": "boolean", - "title": "Uninstall", - "description": "Uninstall", - "order": 10 - } - }, - "definitions": { - "agentPolicySettings": { - "type": "object", - "title": "agentPolicySettings", - "properties": { - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "addToKeychain": { - "type": "boolean", - "title": "Add to Keychain", - "description": "Add to keychain", - "order": 2 - }, - "addToWindowsStore": { - "type": "boolean", - "title": "Add to Windows Store", - "description": "Add to windows store", - "order": 3 - }, - "certificates": { - "type": "array", - "title": "Certificates", - "description": "Certificates", - "items": { - "type": "object" - }, - "order": 4 - }, - "firefoxStoreMac": { - "type": "string", - "title": "Firefox Store MAC", - "description": "Firefox store MAC", - "order": 5 - }, - "firefoxStoreWindows": { - "type": "string", - "title": "Firefox Store Windows", - "description": "Firefox store windows", - "order": 6 - }, - "keepAfterUninstallClient": { - "type": "boolean", - "title": "Keep After Uninstall Client", - "description": "Keep after uninstall client", - "order": 7 - } - } - } - } - } - } - }, - "geoLocation": { - "type": "object", - "title": "geoLocation", - "properties": { - "coordinates": { - "type": "array", - "title": "Coordinates", - "description": "Coordinates", - "items": { - "type": "number" - }, - "order": 1 - }, - "type": { - "type": "string", - "title": "Type", - "description": "Type", - "order": 2 - } - } - }, - "interfaces": { - "type": "object", - "title": "interfaces", - "properties": { - "dnsServers": { - "type": "array", - "title": "DNS Servers", - "description": "DNS Servers", - "items": { - "type": "string" - }, - "order": 1 - }, - "ipV4Addresses": { - "type": "array", - "title": "IPv4 Addresses", - "description": "IPv4 addresses", - "items": { - "type": "string" - }, - "order": 2 - }, - "ipV6Addresses": { - "type": "array", - "title": "IPv6 Addresses", - "description": "IPv6 addresses", - "items": { - "type": "string" - }, - "order": 3 - }, - "macAddress": { - "type": "string", - "title": "MAC Address", - "description": "MAC address", - "order": 4 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 5 - } - } - }, - "licenses": { - "type": "object", - "title": "licenses", - "properties": { - "__v": { - "type": "integer", - "title": "V", - "description": "V", - "order": 1 - }, - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 2 - }, - "createdAt": { - "type": "string", - "title": "Created At", - "description": "Created at", - "order": 3 - }, - "expiration": { - "type": "integer", - "title": "Expiration", - "description": "Expiration", - "order": 4 - }, - "level": { - "type": "string", - "title": "Level", - "description": "Level", - "order": 5 - }, - "licenseId": { - "type": "string", - "title": "License ID", - "description": "License ID", - "order": 6 - }, - "nbAvailable": { - "type": "integer", - "title": "NB Available", - "description": "NB available", - "order": 7 - }, - "nbTotal": { - "type": "integer", - "title": "NB Total", - "description": "NB total", - "order": 8 - }, - "startDate": { - "type": "integer", - "title": "Start Date", - "description": "Start date", - "order": 9 - }, - "tenant": { - "type": "string", - "title": "Tenant", - "description": "Tenant", - "order": 10 - }, - "trial": { - "type": "boolean", - "title": "Trial", - "description": "Trial", - "order": 11 - }, - "type": { - "type": "string", - "title": "Type", - "description": "Type", - "order": 12 - }, - "updatedAt": { - "type": "string", - "title": "Updated At", - "description": "Updated at", - "order": 13 - }, - "vendor": { - "type": "string", - "title": "Vendor", - "description": "Vendor", - "order": 14 - } - } - }, - "location": { - "type": "object", - "title": "location", - "properties": { - "city": { - "type": "string", - "title": "City", - "description": "City", - "order": 1 - }, - "country": { - "type": "string", - "title": "Country", - "description": "Country", - "order": 2 - }, - "countryCode": { - "type": "string", - "title": "Countrycode", - "description": "Countrycode", - "order": 3 - } - } - }, - "network": { - "type": "object", - "title": "network", - "properties": { - "__v": { - "type": "integer", - "title": "V", - "description": "v", - "order": 1 - }, - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 2 - }, - "device": { - "type": "string", - "title": "Device", - "description": "Device", - "order": 3 - }, - "interfaces": { - "type": "array", - "title": "Interfaces", - "description": "Interfaces", - "items": { - "$ref": "#/definitions/interfaces" - }, - "order": 4 - }, - "routes": { - "type": "array", - "title": "Routes", - "description": "Routes", - "items": { - "$ref": "#/definitions/routes" - }, - "order": 5 - } - }, - "definitions": { - "interfaces": { - "type": "object", - "title": "interfaces", - "properties": { - "dnsServers": { - "type": "array", - "title": "DNS Servers", - "description": "DNS Servers", - "items": { - "type": "string" - }, - "order": 1 - }, - "ipV4Addresses": { - "type": "array", - "title": "IPv4 Addresses", - "description": "IPv4 addresses", - "items": { - "type": "string" - }, - "order": 2 - }, - "ipV6Addresses": { - "type": "array", - "title": "IPv6 Addresses", - "description": "IPv6 addresses", - "items": { - "type": "string" - }, - "order": 3 - }, - "macAddress": { - "type": "string", - "title": "MAC Address", - "description": "MAC address", - "order": 4 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 5 - } - } - }, - "routes": { - "type": "object", - "title": "routes", - "properties": { - "dst": { - "type": "string", - "title": "DST", - "description": "DST", - "order": 1 - }, - "gateway": { - "type": "string", - "title": "Gateway", - "description": "Gateway", - "order": 2 - }, - "interface": { - "type": "string", - "title": "Interface", - "description": "Interface", - "order": 3 - } - } - } - } - }, - "policy": { - "type": "object", - "title": "policy", - "properties": { - "agentPolicySettings": { - "$ref": "#/definitions/agentPolicySettings", - "title": "Agent Policy Settings", - "description": "Agent policy settings", - "order": 1 - }, - "enforced": { - "type": "boolean", - "title": "Enforced", - "description": "Enforced", - "order": 2 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Name", - "order": 3 - }, - "policyId": { - "type": "string", - "title": "Policy ID", - "description": "Policy ID", - "order": 4 - }, - "policyTs": { - "type": "integer", - "title": "Policy TS", - "description": "Policy TS", - "order": 5 - }, - "releaseGuid": { - "type": "string", - "title": "Release GUID", - "description": "Release GUID", - "order": 6 - }, - "tenant": { - "type": "string", - "title": "Tenant", - "description": "Tenant", - "order": 7 - }, - "type": { - "type": "string", - "title": "Type", - "description": "Type", - "order": 8 - }, - "typeDescription": { - "type": "string", - "title": "Type Description", - "description": "Type description", - "order": 9 - }, - "uninstall": { - "type": "boolean", - "title": "Uninstall", - "description": "Uninstall", - "order": 10 - } - }, - "definitions": { - "agentPolicySettings": { - "type": "object", - "title": "agentPolicySettings", - "properties": { - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "addToKeychain": { - "type": "boolean", - "title": "Add to Keychain", - "description": "Add to keychain", - "order": 2 - }, - "addToWindowsStore": { - "type": "boolean", - "title": "Add to Windows Store", - "description": "Add to windows store", - "order": 3 - }, - "certificates": { - "type": "array", - "title": "Certificates", - "description": "Certificates", - "items": { - "type": "object" - }, - "order": 4 - }, - "firefoxStoreMac": { - "type": "string", - "title": "Firefox Store MAC", - "description": "Firefox store MAC", - "order": 5 - }, - "firefoxStoreWindows": { - "type": "string", - "title": "Firefox Store Windows", - "description": "Firefox store windows", - "order": 6 - }, - "keepAfterUninstallClient": { - "type": "boolean", - "title": "Keep After Uninstall Client", - "description": "Keep after uninstall client", - "order": 7 - } - } - } - } - }, - "processes": { - "type": "object", - "title": "processes", - "properties": { - "description": { - "type": "string", - "title": "Description", - "description": "Description", - "order": 1 - }, - "executablePath": { - "type": "string", - "title": "Executable Path", - "description": "Executable path", - "order": 2 - }, - "memoryUsage": { - "type": "integer", - "title": "Memory Usage", - "description": "Memory usage", - "order": 3 - }, - "pid": { - "type": "integer", - "title": "PID", - "description": "PID", - "order": 4 - }, - "processName": { - "type": "string", - "title": "Process Name", - "description": "Process name", - "order": 5 - }, - "startTime": { - "type": "integer", - "title": "Start Time", - "description": "Start time", - "order": 6 - }, - "version": { - "type": "string", - "title": "Version", - "description": "Version", - "order": 7 - } - } - }, - "routes": { - "type": "object", - "title": "routes", - "properties": { - "dst": { - "type": "string", - "title": "DST", - "description": "DST", - "order": 1 - }, - "gateway": { - "type": "string", - "title": "Gateway", - "description": "Gateway", - "order": 2 - }, - "interface": { - "type": "string", - "title": "Interface", - "description": "Interface", - "order": 3 - } - } - }, - "tenant": { - "type": "object", - "title": "tenant", - "properties": { - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "s1Settings": { - "type": "string", - "title": "S1 Settings", - "description": "S1 settings", - "order": 2 - }, - "tenantId": { - "type": "string", - "title": "Tenant ID", - "description": "Tenant ID", - "order": 3 - }, - "tenantName": { - "type": "string", - "title": "Tenant Name", - "description": "Tenant name", - "order": 4 - } - } - }, - "tenant_0": { - "type": "object", - "title": "tenant_0", - "properties": { - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "tenantId": { - "type": "string", - "title": "Tenant ID", - "description": "Tenant ID", - "order": 2 - }, - "tenantName": { - "type": "string", - "title": "Tenant Name", - "description": "Tenant Name", - "order": 3 - } - } - }, - "users": { - "type": "object", - "title": "users", - "properties": { - "fullName": { - "type": "string", - "title": "Full Name", - "description": "Full name", - "order": 1 - }, - "policies": { - "type": "array", - "title": "Policies", - "description": "Policies", - "items": { - "type": "object" - }, - "order": 2 - }, - "tenant": { - "$ref": "#/definitions/tenant_0", - "title": "Tenant", - "description": "Tenant", - "order": 3 - }, - "userGroups": { - "type": "array", - "title": "User Groups", - "description": "User groups", - "items": { - "type": "object" - }, - "order": 4 - }, - "userId": { - "type": "string", - "title": "User ID", - "description": "User ID", - "order": 5 - }, - "username": { - "type": "string", - "title": "Username", - "description": "Username", - "order": 6 - } - }, - "definitions": { - "tenant_0": { - "type": "object", - "title": "tenant_0", - "properties": { - "_id": { - "type": "string", - "title": "ID", - "description": "ID", - "order": 1 - }, - "tenantId": { - "type": "string", - "title": "Tenant ID", - "description": "Tenant ID", - "order": 2 - }, - "tenantName": { - "type": "string", - "title": "Tenant Name", - "description": "Tenant Name", - "order": 3 - } - } - } - } - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/connection/__init__.py b/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/connection/__init__.py deleted file mode 100644 index a515dcf6b0..0000000000 --- a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/connection/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .connection import Connection diff --git a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/connection/connection.py b/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/connection/connection.py deleted file mode 100644 index 2351c02474..0000000000 --- a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/connection/connection.py +++ /dev/null @@ -1,26 +0,0 @@ -import insightconnect_plugin_runtime -from .schema import ConnectionSchema, Input - -# Custom imports below -from icon_sonicwall_capture_client.util.api import SonicWallAPI -from insightconnect_plugin_runtime.exceptions import PluginException, ConnectionTestException - - -class Connection(insightconnect_plugin_runtime.Connection): - def __init__(self): - super(self.__class__, self).__init__(input=ConnectionSchema()) - self.client = None - - def connect(self, params={}): - self.logger.info("Connect: Connecting...") - self.client = SonicWallAPI( - params.get(Input.CREDENTIALS).get("username"), - params.get(Input.CREDENTIALS).get("password"), - self.logger, - ) - - def test(self): - try: - return {"success": len(self.client.get_access_token()) > 0} - except PluginException as e: - raise ConnectionTestException(cause=e.cause, assistance=e.assistance, data=e.data) diff --git a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/connection/schema.py b/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/connection/schema.py deleted file mode 100644 index 8397fe35da..0000000000 --- a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/connection/schema.py +++ /dev/null @@ -1,58 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Input: - CREDENTIALS = "credentials" - - -class ConnectionSchema(insightconnect_plugin_runtime.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "credentials": { - "$ref": "#/definitions/credential_username_password", - "title": "Credentials", - "description": "Email address and password", - "order": 1 - } - }, - "required": [ - "credentials" - ], - "definitions": { - "credential_username_password": { - "id": "credential_username_password", - "type": "object", - "title": "Credential: Username and Password", - "description": "A username and password combination", - "properties": { - "password": { - "type": "string", - "title": "Password", - "displayType": "password", - "description": "The password", - "format": "password", - "order": 2 - }, - "username": { - "type": "string", - "title": "Username", - "description": "The username to log in with", - "order": 1 - } - }, - "required": [ - "username", - "password" - ] - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/triggers/__init__.py b/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/triggers/__init__.py deleted file mode 100644 index bace8db897..0000000000 --- a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/triggers/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT diff --git a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/util/__init__.py b/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/util/__init__.py deleted file mode 100644 index bace8db897..0000000000 --- a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/util/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT diff --git a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/util/api.py b/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/util/api.py deleted file mode 100644 index d3dcdaa427..0000000000 --- a/plugins/sonicwall_capture_client/icon_sonicwall_capture_client/util/api.py +++ /dev/null @@ -1,91 +0,0 @@ -import json -import requests -from collections import OrderedDict -from insightconnect_plugin_runtime.exceptions import PluginException - - -class SonicWallAPI: - def __init__(self, username, password, logger): - self.url = "https://captureclient.sonicwall.com/api/" - self.verify_ssl = True - self.logger = logger - self.username = username - self.password = password - self.token = None - - def get_endpoint(self, device_id: str, install_token: str): - return self._make_request("GET", f"endpoints/{device_id}/{install_token}") - - def get_endpoints_list(self): - return self._run_with_pages_endpoints("endpoints/list") - - def get_access_token(self): - if self.token: - return self.token - - self.token = self._call_api("POST", "login", json_data={"email": self.username, "password": self.password}).get( - "token" - ) - - return self.token - - def logout(self, token): - self._call_api("DELETE", "login", token=token) - - def _run_with_pages_endpoints(self, path: str, value: str = None): - objects = [] - limit = 100 - for page in range(0, 9999): - response = self._make_request("GET", path, params={"limit": limit, "skip": page * limit}) - objects.extend(response.get("devices", [])) - - if value and response.get("value") == value: - return response.get("devices", []) - - if (page + 1) * limit > response.get("pagination", {}).get("totalItems", 0): - break - - return objects - - def _make_request(self, method: str, path: str, json_data: dict = None, params: dict = None): - token = self.get_access_token() - try: - response = self._call_api(method, path, token=token, json_data=json_data, params=params) - except PluginException as e: - raise PluginException(cause=e.cause, assistance=e.assistance, data=e.data) - - return response - - def _call_api(self, method: str, path: str, token: str = None, json_data: dict = None, params: dict = None): - response = {"text": ""} - headers_list = [("Accept", "application/json")] - if token: - headers_list.append(("Authorization", token)) - - try: - response = requests.request( - method, - self.url + path, - json=json_data, - params=params, - headers=OrderedDict(headers_list), - verify=self.verify_ssl, - ) - - if response.status_code == 401: - raise PluginException(preset=PluginException.Preset.USERNAME_PASSWORD) - if response.status_code == 403: - raise PluginException(preset=PluginException.Preset.UNAUTHORIZED) - if response.status_code >= 400: - response_data = response.text - raise PluginException(preset=PluginException.Preset.UNKNOWN, data=response_data) - if 200 <= response.status_code < 300: - return response.json() - - raise PluginException(preset=PluginException.Preset.UNKNOWN, data=response.text) - except json.decoder.JSONDecodeError as e: - self.logger.info(f"Invalid JSON: {e}") - raise PluginException(preset=PluginException.Preset.INVALID_JSON, data=response.text) - except requests.exceptions.HTTPError as e: - self.logger.info(f"Call to SonicWall Capture Client API failed: {e}") - raise PluginException(preset=PluginException.Preset.UNKNOWN, data=response.text) diff --git a/plugins/sonicwall_capture_client/plugin.spec.yaml b/plugins/sonicwall_capture_client/plugin.spec.yaml deleted file mode 100644 index 286b1486ee..0000000000 --- a/plugins/sonicwall_capture_client/plugin.spec.yaml +++ /dev/null @@ -1,790 +0,0 @@ -plugin_spec_version: v2 -extension: plugin -products: [insightconnect] -name: sonicwall_capture_client -title: SonicWall Capture Client -description: SonicWall Capture Client is a unified client platform that delivers multiple endpoint protection capabilities, including next-generation malware protection and application vulnerability intelligence -version: 1.0.1 -vendor: rapid7 -support: community -status: [] -tags: -- sonicwall -- capture_client -hub_tags: - use_cases: [threat_detection_and_response] - keywords: [sonicwall, capture client] - features: [] -resources: - source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/sonicwall_capture_client - license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE - vendor_url: https://www.sonicwall.com/ -enable_cache: false - -types: - activeDirectory: - computerMemberOf: - title: Computer Member of - type: "[]object" - description: Computer member of - required: false - lastUserMemberOf: - title: Last User Member of - type: "[]object" - description: Last user member of - required: false - applications: - installedDate: - title: Installed Date - type: string - description: Installed date - required: false - name: - title: Name - type: string - description: Name - required: false - publisher: - title: Publisher - type: string - description: Publisher - required: false - size: - title: Size - type: integer - description: Size - required: false - version: - title: Version - type: string - description: Version - required: false - agentPolicySettings: - _id: - title: ID - type: string - description: ID - required: false - addToKeychain: - title: Add to Keychain - type: boolean - description: Add to keychain - required: false - addToWindowsStore: - title: Add to Windows Store - type: boolean - description: Add to windows store - required: false - certificates: - title: Certificates - type: "[]object" - description: Certificates - required: false - firefoxStoreMac: - title: Firefox Store MAC - type: string - description: Firefox store MAC - required: false - firefoxStoreWindows: - title: Firefox Store Windows - type: string - description: Firefox store windows - required: false - keepAfterUninstallClient: - title: Keep After Uninstall Client - type: boolean - description: Keep after uninstall client - required: false - policy: - agentPolicySettings: - title: Agent Policy Settings - type: agentPolicySettings - description: Agent policy settings - required: false - enforced: - title: Enforced - type: boolean - description: Enforced - required: false - name: - title: Name - type: string - description: Name - required: false - policyId: - title: Policy ID - type: string - description: Policy ID - required: false - policyTs: - title: Policy TS - type: integer - description: Policy TS - required: false - releaseGuid: - title: Release GUID - type: string - description: Release GUID - required: false - tenant: - title: Tenant - type: string - description: Tenant - required: false - type: - title: Type - type: string - description: Type - required: false - typeDescription: - title: Type Description - type: string - description: Type description - required: false - uninstall: - title: Uninstall - type: boolean - description: Uninstall - required: false - enforcedPolicy: - _id: - title: ID - type: string - description: ID - required: false - policy: - title: Policy - type: policy - description: Policy - required: false - policyTs: - title: Policy TS - type: integer - description: Policy TS - required: false - type: - title: Type - type: string - description: Type - required: false - geoLocation: - coordinates: - title: Coordinates - type: "[]float" - description: Coordinates - required: false - type: - title: Type - type: string - description: Type - required: false - licenses: - __v: - title: V - type: integer - description: V - required: false - _id: - title: ID - type: string - description: ID - required: false - createdAt: - title: Created At - type: string - description: Created at - required: false - expiration: - title: Expiration - type: integer - description: Expiration - required: false - level: - title: Level - type: string - description: Level - required: false - licenseId: - title: License ID - type: string - description: License ID - required: false - nbAvailable: - title: NB Available - type: integer - description: NB available - required: false - nbTotal: - title: NB Total - type: integer - description: NB total - required: false - startDate: - title: Start Date - type: integer - description: Start date - required: false - tenant: - title: Tenant - type: string - description: Tenant - required: false - trial: - title: Trial - type: boolean - description: Trial - required: false - type: - title: Type - type: string - description: Type - required: false - updatedAt: - title: Updated At - type: string - description: Updated at - required: false - vendor: - title: Vendor - type: string - description: Vendor - required: false - location: - city: - title: City - type: string - description: City - required: false - country: - title: Country - type: string - description: Country - required: false - countryCode: - title: Countrycode - type: string - description: Countrycode - required: false - interfaces: - dnsServers: - title: DNS Servers - type: "[]string" - description: DNS Servers - required: false - ipV4Addresses: - title: IPv4 Addresses - type: "[]string" - description: IPv4 addresses - required: false - ipV6Addresses: - title: IPv6 Addresses - type: "[]string" - description: IPv6 addresses - required: false - macAddress: - title: MAC Address - type: string - description: MAC address - required: false - name: - title: Name - type: string - description: Name - required: false - routes: - dst: - title: DST - type: string - description: DST - required: false - gateway: - title: Gateway - type: string - description: Gateway - required: false - interface: - title: Interface - type: string - description: Interface - required: false - network: - __v: - title: V - type: integer - description: v - required: false - _id: - title: ID - type: string - description: ID - required: false - device: - title: Device - type: string - description: Device - required: false - interfaces: - title: Interfaces - type: "[]interfaces" - description: Interfaces - required: false - routes: - title: Routes - type: "[]routes" - description: Routes - required: false - processes: - description: - title: Description - type: string - description: Description - required: false - executablePath: - title: Executable Path - type: string - description: Executable path - required: false - memoryUsage: - title: Memory Usage - type: integer - description: Memory usage - required: false - pid: - title: PID - type: integer - description: PID - required: false - processName: - title: Process Name - type: string - description: Process name - required: false - startTime: - title: Start Time - type: integer - description: Start time - required: false - version: - title: Version - type: string - description: Version - required: false - tenant: - _id: - title: ID - type: string - description: ID - required: false - s1Settings: - title: S1 Settings - type: string - description: S1 settings - required: false - tenantId: - title: Tenant ID - type: string - description: Tenant ID - required: false - tenantName: - title: Tenant Name - type: string - description: Tenant name - required: false - tenant_0: - _id: - title: ID - type: string - description: ID - required: false - tenantId: - title: Tenant ID - type: string - description: Tenant ID - required: false - tenantName: - title: Tenant Name - type: string - description: Tenant Name - required: false - users: - fullName: - title: Full Name - type: string - description: Full name - required: false - policies: - title: Policies - type: "[]object" - description: Policies - required: false - tenant: - title: Tenant - type: tenant_0 - description: Tenant - required: false - userGroups: - title: User Groups - type: "[]object" - description: User groups - required: false - userId: - title: User ID - type: string - description: User ID - required: false - username: - title: Username - type: string - description: Username - required: false - agent_information: - activeDirectory: - title: Active Directory - type: activeDirectory - description: Active directory - required: false - activeThreats: - title: Active Threats - type: integer - description: Active threats - required: false - agentVersion: - title: Agent Version - type: string - description: Agent version - required: false - alerts: - title: Alerts - type: "[]object" - description: Alerts - required: false - applications: - title: Applications - type: "[]applications" - description: Applications - required: false - clientState: - title: Client State - type: string - description: Client state - required: false - clientStateTs: - title: Client State TS - type: integer - description: Clientstate TS - required: false - clientVersion: - title: Client Version - type: string - description: Client version - required: false - createdAt: - title: Created At - type: string - description: Created at - required: false - currentFirewallSn: - title: Current Firewall SN - type: string - description: Current firewall SN - required: false - currentUser: - title: Current User - type: string - description: Current user - required: false - deviceId: - title: Device ID - type: string - description: Device ID - required: false - deviceSettingsTs: - title: Device Settings TS - type: integer - description: Device settings TS - required: false - deviceType: - title: Device Type - type: string - description: Device type - required: false - domain: - title: Domain - type: string - description: Domain - required: false - encryptedApplications: - title: Encrypted Applications - type: boolean - description: Encrypted applications - required: false - enforcedPolicy: - title: Enforced Policy - type: "[]enforcedPolicy" - description: Enforced policy - required: false - externalIp: - title: External IP - type: string - description: Externali IP - required: false - firewallProtectionMode: - title: Firewall Protection Mode - type: string - description: Firewall protection mode - required: false - geoLocation: - title: GEO Location - type: geoLocation - description: GEO Location - required: false - groups: - title: Groups - type: "[]object" - description: Groups - required: false - hwModel: - title: HW Model - type: string - description: HW model - required: false - infected: - title: Infected - type: boolean - description: Infected - required: false - installToken: - title: Install Token - type: string - description: Install token - required: false - ip: - title: IP - type: string - description: IP - required: false - isActive: - title: Is Active - type: boolean - description: Is active - required: false - isMobile: - title: Is Mobile - type: boolean - description: Is mobile - required: false - isPendingUninstall: - title: Is Pending Uninstall - type: boolean - description: Is pending uninstall - required: false - lastPolicyId: - title: Last Policy ID - type: string - description: Last policy ID - required: false - lastPolicyUpdateTs: - title: Last Policy Update TS - type: integer - description: Last policy update TS - required: false - licenses: - title: Licenses - type: "[]licenses" - description: Licenses - required: false - localIp: - title: Local IP - type: string - description: Local IP - required: false - location: - title: Location - type: location - description: Location - required: false - locationTs: - title: Location TS - type: integer - description: Location TS - required: false - macAddress: - title: MAC Address - type: string - description: MAC address - required: false - mitigationMode: - title: Mitigation Mode - type: string - description: Mitigation mode - required: false - mitigationModeSuspicious: - title: Mitigation Mode Suspicious - type: string - description: Mitigation mode suspicious - required: false - name: - title: Name - type: string - description: Name - required: false - network: - title: Network - type: network - description: Network - required: false - networkStatus: - title: Network Status - type: string - description: Network status - required: false - onlineStatus: - title: Online Status - type: string - description: Online status - required: false - os: - title: OS - type: string - description: OS - required: false - osVersion: - title: OS Version - type: string - description: OS version - required: false - processTs: - title: Process TS - type: integer - description: Process TS - required: false - processes: - title: Processes - type: "[]processes" - description: Processes - required: false - processorType: - title: Processor Type - type: string - description: Processor type - required: false - releaseGuids: - title: Release GUIDS - type: "[]object" - description: Release GUIDS - required: false - s1AgentId: - title: S1 Agent ID - type: string - description: S1 agent ID - required: false - s1GroupId: - title: S1 Group ID - type: string - description: S1 group ID - required: false - s1Passphrase: - title: S1 Passphrase - type: string - description: S1 passphrase - required: false - s1PassphraseTs: - title: S1 Passphrase TS - type: integer - description: S1 passphrase TS - required: false - scanAbortedAt: - title: Scan Aborted At - type: string - description: Scan aborted at - required: false - scanFinishedAt: - title: Scan Finished At - type: string - description: Scan finished at - required: false - scanStartedAt: - title: Scan Started At - type: string - description: Scan started at - required: false - scanStatus: - title: Scan Status - type: string - description: Scan status - required: false - scanStatusTs: - title: Scan Status TS - type: integer - description: Scan status TS - required: false - serverType: - title: Server Type - type: string - description: Server type - required: false - telemetryTs: - title: Telemetry TS - type: integer - description: Telemetry TS - required: false - tenant: - title: Tenant - type: tenant - description: Tenant - required: false - timezoneName: - title: Timezone Name - type: string - description: Timezone name - required: false - timezoneOffset: - title: Timezone Offset - type: string - description: Timezone offset - required: false - uninstallPwd: - title: Uninstall PWD - type: string - description: Uninstall PWD - required: false - updatedAt: - title: Updated At - type: string - description: Updated at - required: false - userActionsNeeded: - title: User ctions Needed - type: "[]object" - description: User actions needed - required: false - users: - title: Users - type: "[]users" - description: Users - required: false - -connection: - credentials: - title: Credentials - description: Email address and password - type: credential_username_password - required: true - example: '{"username": "admin", "password": "mypassword"}' -actions: - get_agent_details: - title: Get Agent Details - description: Get details for an agent - input: - agent: - title: Agent - description: Agent to retrieve device information from. Accepts IP address, MAC address, hostname, or device ID - type: string - required: true - example: 198.51.100.100 - output: - agent: - title: Agent - description: Information about an agent - type: agent_information - required: true \ No newline at end of file diff --git a/plugins/sonicwall_capture_client/requirements.txt b/plugins/sonicwall_capture_client/requirements.txt deleted file mode 100644 index 519a7752a6..0000000000 --- a/plugins/sonicwall_capture_client/requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -# List third-party dependencies here, separated by newlines. -# All dependencies must be version-pinned, eg. requests==1.2.0 -# See: https://pip.pypa.io/en/stable/user_guide/#requirements-files -validators==0.17.0 \ No newline at end of file diff --git a/plugins/sonicwall_capture_client/setup.py b/plugins/sonicwall_capture_client/setup.py deleted file mode 100644 index 630429b831..0000000000 --- a/plugins/sonicwall_capture_client/setup.py +++ /dev/null @@ -1,14 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from setuptools import setup, find_packages - - -setup(name="sonicwall_capture_client-rapid7-plugin", - version="1.0.1", - description="SonicWall Capture Client is a unified client platform that delivers multiple endpoint protection capabilities, including next-generation malware protection and application vulnerability intelligence", - author="rapid7", - author_email="", - url="", - packages=find_packages(), - install_requires=['insightconnect-plugin-runtime'], # Add third-party dependencies to requirements.txt, not here! - scripts=['bin/icon_sonicwall_capture_client'] - ) diff --git a/plugins/threat_connect/.CHECKSUM b/plugins/threat_connect/.CHECKSUM deleted file mode 100644 index ead67c72b1..0000000000 --- a/plugins/threat_connect/.CHECKSUM +++ /dev/null @@ -1,47 +0,0 @@ -{ - "spec": "7fbf426815a5ba11ebccbc65bbb7f479", - "manifest": "a1d9865bb9c222c8b83b5facae75c57a", - "setup": "2b884ad66c40ce580027697b691cf7f7", - "schemas": [ - { - "identifier": "bulk_indicator_download/schema.py", - "hash": "b641b830fc009d3d73d0b0aebb9ad7be" - }, - { - "identifier": "create_adversary/schema.py", - "hash": "1e4d8797c291b2aca70d1f0688112c44" - }, - { - "identifier": "create_task/schema.py", - "hash": "8d9fdbbb2a6810ffb0c362901c2ad9d5" - }, - { - "identifier": "delete_adversary/schema.py", - "hash": "ac7505fee559abd3f0a582556c001d1b" - }, - { - "identifier": "emails_retrieve/schema.py", - "hash": "4baed3af37351ea6f8d282f3d6a9ec64" - }, - { - "identifier": "incidents_retrieve/schema.py", - "hash": "0332daa2662ea3d0dec67e7ef6064a19" - }, - { - "identifier": "signatures_retrieve/schema.py", - "hash": "0d943827a5937a194cf272119e94048a" - }, - { - "identifier": "threats_retrieve/schema.py", - "hash": "c0489d3a30c30d37052bb3126a47ff02" - }, - { - "identifier": "victims_retrieve/schema.py", - "hash": "de1a76738e85a07ce01a154119a65228" - }, - { - "identifier": "connection/schema.py", - "hash": "71caa5c726f332c5f6e1c346b87e83ad" - } - ] -} \ No newline at end of file diff --git a/plugins/threat_connect/.dockerignore b/plugins/threat_connect/.dockerignore deleted file mode 100644 index 93dc53fb01..0000000000 --- a/plugins/threat_connect/.dockerignore +++ /dev/null @@ -1,9 +0,0 @@ -unit_test/**/* -unit_test -examples/**/* -examples -tests -tests/**/* -**/*.json -**/*.tar -**/*.gz \ No newline at end of file diff --git a/plugins/threat_connect/Dockerfile b/plugins/threat_connect/Dockerfile deleted file mode 100755 index f1425cbc5f..0000000000 --- a/plugins/threat_connect/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -FROM rapid7/insightconnect-python-3-38-plugin:5 - -LABEL organization=rapid7 -LABEL sdk=python - -WORKDIR /python/src -ADD ./plugin.spec.yaml /plugin.spec.yaml -ADD . /python/src - -RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi - -RUN python setup.py build && python setup.py install - -# User to run plugin code. The two supported users are: root, nobody -USER nobody - -ENTRYPOINT ["/usr/local/bin/komand_threat_connect"] \ No newline at end of file diff --git a/plugins/threat_connect/Makefile b/plugins/threat_connect/Makefile deleted file mode 100755 index cb85f96b6c..0000000000 --- a/plugins/threat_connect/Makefile +++ /dev/null @@ -1,53 +0,0 @@ -# Include other Makefiles for improved functionality -INCLUDE_DIR = ../../tools/Makefiles -MAKEFILES := $(wildcard $(INCLUDE_DIR)/*.mk) -# We can't guarantee customers will have the include files -# - prefix to ignore Makefiles when not present -# https://www.gnu.org/software/make/manual/html_node/Include.html --include $(MAKEFILES) - -ifneq ($(MAKEFILES),) - $(info [$(YELLOW)*$(NORMAL)] Use ``make menu`` for available targets) - $(info [$(YELLOW)*$(NORMAL)] Including available Makefiles: $(MAKEFILES)) - $(info --) -else - $(warning Makefile includes directory not present: $(INCLUDE_DIR)) -endif - -VERSION?=$(shell grep '^version: ' plugin.spec.yaml | sed 's/version: //') -NAME?=$(shell grep '^name: ' plugin.spec.yaml | sed 's/name: //') -VENDOR?=$(shell grep '^vendor: ' plugin.spec.yaml | sed 's/vendor: //') -CWD?=$(shell basename $(PWD)) -_NAME?=$(shell echo $(NAME) | awk '{ print toupper(substr($$0,1,1)) tolower(substr($$0,2)) }') -PKG=$(VENDOR)-$(NAME)-$(VERSION).tar.gz - -# Set default target explicitly. Make's default behavior is the first target in the Makefile. -# We don't want that behavior due to includes which are read first -.DEFAULT_GOAL := default # Make >= v3.80 (make -version) - - -default: image tarball - -tarball: - $(info [$(YELLOW)*$(NORMAL)] Creating plugin tarball) - rm -rf build - rm -rf $(PKG) - tar -cvzf $(PKG) --exclude=$(PKG) --exclude=tests --exclude=run.sh * - -image: - $(info [$(YELLOW)*$(NORMAL)] Building plugin image) - docker build --pull -t $(VENDOR)/$(NAME):$(VERSION) . - docker tag $(VENDOR)/$(NAME):$(VERSION) $(VENDOR)/$(NAME):latest - -regenerate: - $(info [$(YELLOW)*$(NORMAL)] Regenerating schema from plugin.spec.yaml) - icon-plugin generate python --regenerate - -export: image - $(info [$(YELLOW)*$(NORMAL)] Exporting docker image) - @printf "\n ---> Exporting Docker image to ./$(VENDOR)_$(NAME)_$(VERSION).tar\n" - @docker save $(VENDOR)/$(NAME):$(VERSION) | gzip > $(VENDOR)_$(NAME)_$(VERSION).tar - -# Make will not run a target if a file of the same name exists unless setting phony targets -# https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html -.PHONY: default tarball image regenerate diff --git a/plugins/threat_connect/bin/komand_threat_connect b/plugins/threat_connect/bin/komand_threat_connect deleted file mode 100755 index edcbc021fb..0000000000 --- a/plugins/threat_connect/bin/komand_threat_connect +++ /dev/null @@ -1,62 +0,0 @@ -#!/usr/bin/env python -# GENERATED BY KOMAND SDK - DO NOT EDIT -import os -import json -from sys import argv - -Name = "ThreatConnect" -Vendor = "rapid7" -Version = "1.0.2" -Description = "ThreatConnect is a Threat Intelligence Platform (TIP) that empowers large organizations to aggregate, analyze and act on their threat intelligence. The ThreatConnect plugin for Rapid7 InsightConnect allows users to view incidents, emails, threats, victims, and more" - - -def main(): - if 'http' in argv: - if os.environ.get("GUNICORN_CONFIG_FILE"): - with open(os.environ.get("GUNICORN_CONFIG_FILE")) as gf: - gunicorn_cfg = json.load(gf) - if gunicorn_cfg.get("worker_class", "sync") == "gevent": - from gevent import monkey - monkey.patch_all() - elif 'gevent' in argv: - from gevent import monkey - monkey.patch_all() - - import insightconnect_plugin_runtime - from komand_threat_connect import connection, actions, triggers - - class ICONThreatConnect(insightconnect_plugin_runtime.Plugin): - def __init__(self): - super(self.__class__, self).__init__( - name=Name, - vendor=Vendor, - version=Version, - description=Description, - connection=connection.Connection() - ) - self.add_action(actions.BulkIndicatorDownload()) - - self.add_action(actions.CreateAdversary()) - - self.add_action(actions.CreateTask()) - - self.add_action(actions.DeleteAdversary()) - - self.add_action(actions.EmailsRetrieve()) - - self.add_action(actions.IncidentsRetrieve()) - - self.add_action(actions.SignaturesRetrieve()) - - self.add_action(actions.ThreatsRetrieve()) - - self.add_action(actions.VictimsRetrieve()) - - - """Run plugin""" - cli = insightconnect_plugin_runtime.CLI(ICONThreatConnect()) - cli.run() - - -if __name__ == "__main__": - main() diff --git a/plugins/threat_connect/extension.png b/plugins/threat_connect/extension.png deleted file mode 100644 index c4765a4cb4..0000000000 Binary files a/plugins/threat_connect/extension.png and /dev/null differ diff --git a/plugins/threat_connect/help.md b/plugins/threat_connect/help.md deleted file mode 100644 index 5e9cefd899..0000000000 --- a/plugins/threat_connect/help.md +++ /dev/null @@ -1,247 +0,0 @@ -# Description - -[ThreatConnect](https://threatconnect.com) is a Threat Intelligence Platform (TIP) that empowers large - organizations to aggregate, analyze and act on their threat intelligence. The ThreatConnect plugin for Rapid7 -InsightConnect allows users to view incidents, emails, threats, victims, and more. - -ThreatConnect can aid in phishing analysis and general threat intelligence collection through its platform. - -# Key Features - -* View incidents -* View ThreatConnect emails -* Creat tasks - -# Requirements - -* API access ID -* API secret key -* API base URL - -# Documentation - -## Setup - -The connection configuration accepts the following parameters: -|Name|Type|Default|Required|Description|Enum| -|----|----|-------|--------|-----------|----| -|api_default_org|string|None|False|Enter API Default Org|None| -|api_access_id|string|None|False|Enter API Access ID|None| -|api_secret_key|string|None|False|Enter API Secret Key|None| -|api_base_url|string|None|False|Enter API Base URL|None| - -## Technical Details - -### Actions - -#### Delete Adversary - -This action is used to delete an adversary in the ThreatConnect platform. - -##### Input - -|Name|Type|Default|Required|Description|Enum| -|----|----|-------|--------|-----------|----| -|owner|string|None|True|Owner/Organization|None| -|id|integer|None|True|Adversary To Delete|None| - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|status|boolean|False|None| - -#### Create Task - -This action is used to create a task resource in the ThreatConnect platform. - -##### Input - -|Name|Type|Default|Required|Description|Enum| -|----|----|-------|--------|-----------|----| -|status|string|None|False|Task status|['In Progress', 'Completed', 'Waiting on Someone', 'Deferred']| -|due_date|date|None|False|Task due date|None| -|name|string|None|True|Task Name|None| -|tags|string|None|False|Task tags comma delimited|None| -|reminder_date|date|None|False|Task reminder date|None| -|reminded|boolean|None|False|Use task Reminder|None| -|escalatee|string|None|False|Task escalatee|None| -|escalated|boolean|None|False|Use task escalation|None| -|security_label|string|None|False|Task security label|None| -|assignee|string|None|False|Task Assignee|None| -|escalation_date|date|None|False|Task escalation date|None| -|attributes|[]object|None|False|Task Attributes|None| -|overdue|boolean|None|False|Is task overdue|None| - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|id|integer|False|None| - -#### Victims Retrieve - -This action is used to retrieve ThreatConnect victims. - -##### Input - -|Name|Type|Default|Required|Description|Enum| -|----|----|-------|--------|-----------|----| -|filter|filter|None|False|ThreatConnect filters|None| -|owner|string|None|True|Owner/Organization|None| - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|victims|[]victim_output|False|None| - -#### Threats Retrieve - -This action is used to retrieve ThreatConnect threats. - -##### Input - -|Name|Type|Default|Required|Description|Enum| -|----|----|-------|--------|-----------|----| -|filter|filter|None|False|ThreatConnect filters|None| -|owner|string|None|True|Owner/Organization|None| - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|threats|[]signatures_output|False|None| - -#### Create Adversary - -This action is used to create a ThreatConnect adversary. - -##### Input - -|Name|Type|Default|Required|Description|Enum| -|----|----|-------|--------|-----------|----| -|owner|string|None|True|Owner/Organization|None| -|attributes|[]object|None|False|Adversary Attributes|None| -|tags|string|None|False|Adversary Tags|None| -|name|string|None|True|Adversary Name|None| -|security_label|string|None|False|Adversary Security Label|None| - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|id|integer|False|None| - -#### Bulk Indicator Download - -This action is used to retrieve ThreatConnect bulk indicator download. - -##### Input - -|Name|Type|Default|Required|Description|Enum| -|----|----|-------|--------|-----------|----| -|rating|string|None|False|Indicator rating|None| -|confidence|integer|None|False|Confidence value|None| -|threat_assess_confidence|integer|None|False|Threat Assess Confidence filter|None| -|attribute|string|None|False|Attribute type|None| -|tag|string|None|False|Single tag filter|None| -|last_modified|date|None|False|Last modified date|None| -|owner|string|None|True|Owner/Organization|None| -|date_added|date|None|False|Date indicator added|None| -|type|string|None|False|Indicator type|None| -|threat_assess_rating|string|None|False|Threat Assess Rating filter|None| - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|bulk_indicators|[]bulk_indicator_output|False|None| - -#### Incidents Retrieve - -This action is used to retrieve ThreatConnect incidents. - -##### Input - -|Name|Type|Default|Required|Description|Enum| -|----|----|-------|--------|-----------|----| -|filter|filter|None|False|ThreatConnect filters|None| -|owner|string|None|True|Owner/Organization|None| - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|incidents|[]incidents_output|False|None| - -#### Email Retrieve - -This action is used to retrieve ThreatConnect e-mails. - -##### Input - -|Name|Type|Default|Required|Description|Enum| -|----|----|-------|--------|-----------|----| -|incident_id|integer|None|False|Filter Groups on associated Incident ID|None| -|indicator|string|None|False|Filter Groups on associated Indicator|None| -|threat_id|integer|None|False|Filter Groups on associated Threat ID|None| -|email_id|integer|None|False|Filter Groups on associated Email ID.|None| -|security_label|string|None|False|Filter Groups on associated Security Label|None| -|tag|string|None|False|Filter Groups on applied Tag|None| -|owner|string|None|True|Owner/Organization|None| -|signature_id|integer|None|False|Filter Groups on applied Security Label|None| -|id|integer|None|False|Filter Groups on associated ID|None| -|document_id|integer|None|False|Filter Groups on associated Document ID|None| -|adversary_id|integer|None|False|Filter Groups on associated Adversary ID|None| - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|emails|[]email_output|False|None| - -#### Signatures Retrieve - -This action is used to retrieve ThreatConnect signatures. - -##### Input - -|Name|Type|Default|Required|Description|Enum| -|----|----|-------|--------|-----------|----| -|filter|filter|None|False|ThreatConnect filters|None| -|owner|string|None|True|Owner/Organization|None| - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|signatures|[]signatures_output|False|None| - -### Triggers - -This plugin does not contain any triggers. - -### Custom Output Types - -_This plugin does not contain any custom output types._ - -## Troubleshooting - -This plugin does not contain any troubleshooting information. - -# Version History - -* 1.0.2 - Updated version of insightconnect-plugin-runtime used and version of requests module -* 1.0.1 - New spec and help.md format for the Extension Library -* 1.0.0 - Update to Python v2 architecture | Support web server mode | Use new credential types | Rename "Threat Connect" plugin title to "ThreatConnect" | Rename "Email's Retrieve" to "Email Retrieve" -* 0.1.1 - SSL bug fix in SDK -* 0.1.0 - Initial plugin - -# Links - -## References - -* [ThreatConnect](https://threatconnect.com) -* [ThreatConnect Python SDK](https://docs.threatconnect.com/en/latest/python/python_sdk.html) - diff --git a/plugins/threat_connect/icon.png b/plugins/threat_connect/icon.png deleted file mode 100644 index c837331ff7..0000000000 Binary files a/plugins/threat_connect/icon.png and /dev/null differ diff --git a/plugins/threat_connect/komand_threat_connect/__init__.py b/plugins/threat_connect/komand_threat_connect/__init__.py deleted file mode 100755 index bace8db897..0000000000 --- a/plugins/threat_connect/komand_threat_connect/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT diff --git a/plugins/threat_connect/komand_threat_connect/actions/__init__.py b/plugins/threat_connect/komand_threat_connect/actions/__init__.py deleted file mode 100755 index 2e621d1201..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/__init__.py +++ /dev/null @@ -1,10 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .bulk_indicator_download.action import BulkIndicatorDownload -from .create_adversary.action import CreateAdversary -from .create_task.action import CreateTask -from .delete_adversary.action import DeleteAdversary -from .emails_retrieve.action import EmailsRetrieve -from .incidents_retrieve.action import IncidentsRetrieve -from .signatures_retrieve.action import SignaturesRetrieve -from .threats_retrieve.action import ThreatsRetrieve -from .victims_retrieve.action import VictimsRetrieve diff --git a/plugins/threat_connect/komand_threat_connect/actions/bulk_indicator_download/__init__.py b/plugins/threat_connect/komand_threat_connect/actions/bulk_indicator_download/__init__.py deleted file mode 100755 index 46ea39230a..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/bulk_indicator_download/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .action import BulkIndicatorDownload diff --git a/plugins/threat_connect/komand_threat_connect/actions/bulk_indicator_download/action.py b/plugins/threat_connect/komand_threat_connect/actions/bulk_indicator_download/action.py deleted file mode 100755 index c5e212b3a9..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/bulk_indicator_download/action.py +++ /dev/null @@ -1,90 +0,0 @@ -import insightconnect_plugin_runtime -from .schema import BulkIndicatorDownloadInput, BulkIndicatorDownloadOutput - -# Custom imports below -import datetime - - -class BulkIndicatorDownload(insightconnect_plugin_runtime.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="bulk_indicator_download", - description="Retrieve ThreatConnect Bulk Indicator Download", - input=BulkIndicatorDownloadInput(), - output=BulkIndicatorDownloadOutput(), - ) - - def run(self, params={}): - indicators = self.connection.threat_connect.bulk_indicators() - indicator_obj_list = [] - - filter1 = indicators.add_filter() - filter1.add_owner(params.get("owner")) - - if params.get("confidence"): - filter1.add_pf_confidence(params.get("confidence")) - - if params.get("attribute"): - filter1.add_pf_attribute(params.get("attribute")) - - if params.get("date_added"): - filter1.add_pf_date_added(params.get("date_added")) - - if params.get("last_modified"): - filter1.add_pf_last_modified(params.get("last_modified")) - - if params.get("rating"): - filter1.add_pf_rating(params.get("rating")) - - if params.get("tag"): - filter1.add_pf_tag(params.get("tag")) - - if params.get("threat_assess_confidence"): - filter1.add_pf_threat_assess_confidence(params.get("threat_assess_confidence")) - - if params.get("threat_assess_rating"): - filter1.add_pf_threat_assess_rating(params.get("threat_assess_rating")) - - if params.get("type"): - filter1.aadd_pf_type(params.get("type")) - - # Retrieve Indicators and Apply Filters - try: - indicators.retrieve() - except Exception as e: - raise e - - # Iterate Through Results - for indicator in indicators: - indicator_obj = { - "id": indicator.id, - "owner_name": (indicator.owner_name or ""), - "date_added": ( - datetime.datetime.strptime(indicator.date_added, "%Y-%d-%mT%H:%M:%SZ").isoformat() or "" - ), - "last_modified": ( - datetime.datetime.strptime(indicator.last_modified, "%Y-%d-%mT%H:%M:%SZ").isoformat() or "" - ), - "rating": (indicator.rating or ""), - "threat_assess_rating": (str(indicator.threat_assess_rating) or ""), - "confidence": (indicator.confidence or ""), - "threat_assess_confidence": (str(indicator.threat_assess_confidence) or ""), - "type": (indicator.type or ""), - "weblink": indicator.weblink, - } - - indicator_obj_list.append(indicator_obj) - - return {"bulk_indicators": indicator_obj_list} - - def test(self): - owners = self.connection.threat_connect.owners() - owner = "" - try: - owners.retrieve() - except Exception as e: - raise e - - for owner in owners: - owner = owner.name - return {"Owner Name": owner} diff --git a/plugins/threat_connect/komand_threat_connect/actions/bulk_indicator_download/schema.py b/plugins/threat_connect/komand_threat_connect/actions/bulk_indicator_download/schema.py deleted file mode 100755 index 37df6213f4..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/bulk_indicator_download/schema.py +++ /dev/null @@ -1,190 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Component: - DESCRIPTION = "Retrieve ThreatConnect Bulk Indicator Download" - - -class Input: - ATTRIBUTE = "attribute" - CONFIDENCE = "confidence" - DATE_ADDED = "date_added" - LAST_MODIFIED = "last_modified" - OWNER = "owner" - RATING = "rating" - TAG = "tag" - THREAT_ASSESS_CONFIDENCE = "threat_assess_confidence" - THREAT_ASSESS_RATING = "threat_assess_rating" - TYPE = "type" - - -class Output: - BULK_INDICATORS = "bulk_indicators" - - -class BulkIndicatorDownloadInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "attribute": { - "type": "string", - "title": "Attribute", - "description": "Attribute type", - "order": 2 - }, - "confidence": { - "type": "integer", - "title": "Confidence", - "description": "Confidence value", - "order": 3 - }, - "date_added": { - "type": "string", - "title": "Date Added", - "displayType": "date", - "description": "Date indicator added", - "format": "date-time", - "order": 4 - }, - "last_modified": { - "type": "string", - "title": "Last Modified", - "displayType": "date", - "description": "Last modified date", - "format": "date-time", - "order": 5 - }, - "owner": { - "type": "string", - "title": "Owner", - "description": "Owner/Organization", - "order": 1 - }, - "rating": { - "type": "string", - "title": "Rating", - "description": "Indicator rating", - "order": 6 - }, - "tag": { - "type": "string", - "title": "Tag", - "description": "Single tag filter", - "order": 7 - }, - "threat_assess_confidence": { - "type": "integer", - "title": "Threat Assess Confidence", - "description": "Threat Assess Confidence filter", - "order": 8 - }, - "threat_assess_rating": { - "type": "string", - "title": "Threat Assess Rating", - "description": "Threat Assess Rating filter", - "order": 9 - }, - "type": { - "type": "string", - "title": "Type", - "description": "Indicator type", - "order": 10 - } - }, - "required": [ - "owner" - ] -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class BulkIndicatorDownloadOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "bulk_indicators": { - "type": "array", - "title": "Bulk Indicators", - "description": "Bulk indicators", - "items": { - "$ref": "#/definitions/bulk_indicator_output" - }, - "order": 1 - } - }, - "definitions": { - "bulk_indicator_output": { - "type": "object", - "title": "bulk_indicator_output", - "properties": { - "confidence": { - "type": "string", - "title": "Confidence", - "order": 7 - }, - "date_added": { - "type": "string", - "title": "Date Added", - "displayType": "date", - "format": "date-time", - "order": 3 - }, - "id": { - "type": "integer", - "title": "ID", - "order": 1 - }, - "last_modified": { - "type": "string", - "title": "Last Modified", - "displayType": "date", - "format": "date-time", - "order": 4 - }, - "owner_name": { - "type": "string", - "title": "Owner Name", - "order": 2 - }, - "rating": { - "type": "string", - "title": "Rating", - "order": 5 - }, - "threat_assess_confidence": { - "type": "string", - "title": "Threat Assess Confidence", - "order": 8 - }, - "threat_assess_rating": { - "type": "string", - "title": "Threat Assess Rating", - "order": 6 - }, - "type": { - "type": "string", - "title": "Type", - "order": 9 - }, - "weblink": { - "type": "string", - "title": "Weblink", - "order": 10 - } - } - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/threat_connect/komand_threat_connect/actions/create_adversary/__init__.py b/plugins/threat_connect/komand_threat_connect/actions/create_adversary/__init__.py deleted file mode 100755 index 31c65ea9b1..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/create_adversary/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .action import CreateAdversary diff --git a/plugins/threat_connect/komand_threat_connect/actions/create_adversary/action.py b/plugins/threat_connect/komand_threat_connect/actions/create_adversary/action.py deleted file mode 100755 index 5b32a0a1c1..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/create_adversary/action.py +++ /dev/null @@ -1,53 +0,0 @@ -import insightconnect_plugin_runtime -from .schema import CreateAdversaryInput, CreateAdversaryOutput - -# Custom imports below - - -class CreateAdversary(insightconnect_plugin_runtime.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="create_adversary", - description="Create Threatconnect Adversary", - input=CreateAdversaryInput(), - output=CreateAdversaryOutput(), - ) - - def run(self, params={}): - adversaries = self.connection.threat_connect.adversaries() - - # name, owner required - adversary = adversaries.add(params.get("name"), params.get("owner")) - - if params.get("attributes"): - a_vals = [list(v.values())[0] for v in params.get("attributes")] - a_keys = [list(k.keys())[0] for k in params.get("attributes")] - for i in range(len(a_keys)): - adversary.add_attribute(a_keys[i], a_vals[i]) - - if params.get("tags"): - result_tags = [tag.strip() for tag in params.get("tags").split(",")] - for r_tag in result_tags: - adversary.add_tag(r_tag) - - if params.get("security_label"): - adversary.set_security_label(params.get("security_label")) - - try: - a = adversary.commit() - return {"id": a.id} - except RuntimeError as e: - self.logger.error("Error: {0}".format(e)) - raise e - - def test(self): - owners = self.connection.threat_connect.owners() - owner = "" - try: - owners.retrieve() - except RuntimeError as e: - raise e - - for owner in owners: - owner = owner.name - return {"Owner Name": owner} diff --git a/plugins/threat_connect/komand_threat_connect/actions/create_adversary/schema.py b/plugins/threat_connect/komand_threat_connect/actions/create_adversary/schema.py deleted file mode 100755 index a1c23c50ed..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/create_adversary/schema.py +++ /dev/null @@ -1,90 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Component: - DESCRIPTION = "Create ThreatConnect Adversary" - - -class Input: - ATTRIBUTES = "attributes" - NAME = "name" - OWNER = "owner" - SECURITY_LABEL = "security_label" - TAGS = "tags" - - -class Output: - ID = "id" - - -class CreateAdversaryInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "attributes": { - "type": "array", - "title": "Attributes", - "description": "Adversary Attributes", - "items": { - "type": "object" - }, - "order": 5 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Adversary Name", - "order": 3 - }, - "owner": { - "type": "string", - "title": "Owner", - "description": "Owner/Organization", - "order": 4 - }, - "security_label": { - "type": "string", - "title": "Security Label", - "description": "Adversary Security Label", - "order": 2 - }, - "tags": { - "type": "string", - "title": "Tags", - "description": "Adversary Tags", - "order": 1 - } - }, - "required": [ - "name", - "owner" - ] -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class CreateAdversaryOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "id": { - "type": "integer", - "title": "Adversary ID", - "description": "Adversary ID", - "order": 1 - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/threat_connect/komand_threat_connect/actions/create_task/__init__.py b/plugins/threat_connect/komand_threat_connect/actions/create_task/__init__.py deleted file mode 100755 index bee5ed4199..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/create_task/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .action import CreateTask diff --git a/plugins/threat_connect/komand_threat_connect/actions/create_task/action.py b/plugins/threat_connect/komand_threat_connect/actions/create_task/action.py deleted file mode 100755 index 9cf2e5bd0e..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/create_task/action.py +++ /dev/null @@ -1,81 +0,0 @@ -import insightconnect_plugin_runtime -from .schema import CreateTaskInput, CreateTaskOutput - -# Custom imports below - - -class CreateTask(insightconnect_plugin_runtime.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="create_task", - description="Create a Task Resource in the ThreatConnect platform", - input=CreateTaskInput(), - output=CreateTaskOutput(), - ) - - def run(self, params={}): # noqa: MC0001 - tasks = self.connection.threat_connect.tasks() - - # name, owner required - task = tasks.add(params.get("name"), params.get("owner")) - - if params.get("attributes"): - a_vals = [list(v.values())[0] for v in params.get("attributes")] - a_keys = [list(k.keys())[0] for k in params.get("attributes")] - for i in range(len(a_keys)): - task.add_attribute(a_keys[i], a_vals[i]) - - if params.get("tags"): - result_tags = [tag.strip() for tag in params.get("tags").split(",")] - for r_tag in result_tags: - task.add_tag(r_tag) - - if params.get("security_label"): - task.set_security_label(params.get("security_label")) - - if params.get("due_date"): - # date - task.set_due_date(params.get("due_date")) - if params.get("escalation_date"): - # date - task.set_escalation_date(params.get("escalation_date")) - if params.get("reminder_date"): - # date - task.set_reminder_date(params.get("reminder_date")) - if params.get("escalated"): - # boolean - task.set_escalated(params.get("escalated")) - if params.get("overdue"): - # boolean - task.set_overdue(params.get("overdue")) - if params.get("reminded"): - # boolean - task.set_reminded(params.get("reminded")) - if params.get("status"): - # In Progress, Completed, Waiting on Someone, Deferred - task.set_status(params.get("status")) - if params.get("assignee"): - # email - task.add_assignee(params.get("assignee")) - if params.get("escalatee"): - # email - task.add_escalatee(params.get("escalatee")) - - try: - a = task.commit() - return {"id": a.id} - except RuntimeError as e: - self.logger.error("Error: {0}".format(e)) - raise e - - def test(self): - owners = self.connection.threat_connect.owners() - owner = "" - try: - owners.retrieve() - except RuntimeError as e: - raise e - - for owner in owners: - owner = owner.name - return {"Owner Name": owner} diff --git a/plugins/threat_connect/komand_threat_connect/actions/create_task/schema.py b/plugins/threat_connect/komand_threat_connect/actions/create_task/schema.py deleted file mode 100755 index ca4e32a7a5..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/create_task/schema.py +++ /dev/null @@ -1,157 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Component: - DESCRIPTION = "Create a Task Resource in the ThreatConnect platform" - - -class Input: - ASSIGNEE = "assignee" - ATTRIBUTES = "attributes" - DUE_DATE = "due_date" - ESCALATED = "escalated" - ESCALATEE = "escalatee" - ESCALATION_DATE = "escalation_date" - NAME = "name" - OVERDUE = "overdue" - REMINDED = "reminded" - REMINDER_DATE = "reminder_date" - SECURITY_LABEL = "security_label" - STATUS = "status" - TAGS = "tags" - - -class Output: - ID = "id" - - -class CreateTaskInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "assignee": { - "type": "string", - "title": "Assignee", - "description": "Task Assignee", - "order": 11 - }, - "attributes": { - "type": "array", - "title": "Attributes", - "description": "Task Attributes", - "items": { - "type": "object" - }, - "order": 2 - }, - "due_date": { - "type": "string", - "title": "Due Date", - "displayType": "date", - "description": "Task due date", - "format": "date-time", - "order": 4 - }, - "escalated": { - "type": "boolean", - "title": "Escalated", - "description": "Use task escalation", - "order": 7 - }, - "escalatee": { - "type": "string", - "title": "Escalatee", - "description": "Task escalatee", - "order": 12 - }, - "escalation_date": { - "type": "string", - "title": "Escalation Date", - "displayType": "date", - "description": "Task escalation date", - "format": "date-time", - "order": 5 - }, - "name": { - "type": "string", - "title": "Name", - "description": "Task Name", - "order": 1 - }, - "overdue": { - "type": "boolean", - "title": "Overdue", - "description": "Is task overdue", - "order": 8 - }, - "reminded": { - "type": "boolean", - "title": "Reminded", - "description": "Use task Reminder", - "order": 9 - }, - "reminder_date": { - "type": "string", - "title": "Reminder Date", - "displayType": "date", - "description": "Task reminder date", - "format": "date-time", - "order": 6 - }, - "security_label": { - "type": "string", - "title": "Security Label", - "description": "Task security label", - "order": 13 - }, - "status": { - "type": "string", - "title": "Status", - "description": "Task status", - "enum": [ - "In Progress", - "Completed", - "Waiting on Someone", - "Deferred" - ], - "order": 10 - }, - "tags": { - "type": "string", - "title": "Tags", - "description": "Task tags comma delimited", - "order": 3 - } - }, - "required": [ - "name" - ] -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class CreateTaskOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "id": { - "type": "integer", - "title": "Task ID", - "description": "Task ID", - "order": 1 - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/threat_connect/komand_threat_connect/actions/delete_adversary/__init__.py b/plugins/threat_connect/komand_threat_connect/actions/delete_adversary/__init__.py deleted file mode 100755 index 2ca8543ddb..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/delete_adversary/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .action import DeleteAdversary diff --git a/plugins/threat_connect/komand_threat_connect/actions/delete_adversary/action.py b/plugins/threat_connect/komand_threat_connect/actions/delete_adversary/action.py deleted file mode 100755 index 4b1225eaee..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/delete_adversary/action.py +++ /dev/null @@ -1,37 +0,0 @@ -import insightconnect_plugin_runtime -from .schema import DeleteAdversaryInput, DeleteAdversaryOutput - -# Custom imports below - - -class DeleteAdversary(insightconnect_plugin_runtime.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="delete_adversary", - description="Delete an Adversary in the ThreatConnect platform", - input=DeleteAdversaryInput(), - output=DeleteAdversaryOutput(), - ) - - def run(self, params={}): - adversaries = self.connection.threat_connect.adversaries() - adversary = adversaries.add("", params.get("owner")) - adversary.set_id(params.get("id")) - - try: - adversary.delete() - return {"status": True} - except RuntimeError: - return {"status": False} - - def test(self): - owners = self.connection.threat_connect.owners() - owner = "" - try: - owners.retrieve() - except RuntimeError as e: - raise e - - for owner in owners: - owner = owner.name - return {"Owner Name": owner} diff --git a/plugins/threat_connect/komand_threat_connect/actions/delete_adversary/schema.py b/plugins/threat_connect/komand_threat_connect/actions/delete_adversary/schema.py deleted file mode 100755 index 8cbeef0469..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/delete_adversary/schema.py +++ /dev/null @@ -1,66 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Component: - DESCRIPTION = "Delete an Adversary in the ThreatConnect platform" - - -class Input: - ID = "id" - OWNER = "owner" - - -class Output: - STATUS = "status" - - -class DeleteAdversaryInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "id": { - "type": "integer", - "title": "ID", - "description": "Adversary To Delete", - "order": 2 - }, - "owner": { - "type": "string", - "title": "Owner", - "description": "Owner/Organization", - "order": 1 - } - }, - "required": [ - "id", - "owner" - ] -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class DeleteAdversaryOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "status": { - "type": "boolean", - "title": "Status", - "description": "Status", - "order": 1 - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/threat_connect/komand_threat_connect/actions/emails_retrieve/__init__.py b/plugins/threat_connect/komand_threat_connect/actions/emails_retrieve/__init__.py deleted file mode 100755 index fe6f997206..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/emails_retrieve/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .action import EmailsRetrieve diff --git a/plugins/threat_connect/komand_threat_connect/actions/emails_retrieve/action.py b/plugins/threat_connect/komand_threat_connect/actions/emails_retrieve/action.py deleted file mode 100755 index aa1f056de9..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/emails_retrieve/action.py +++ /dev/null @@ -1,85 +0,0 @@ -import insightconnect_plugin_runtime -from .schema import EmailsRetrieveInput, EmailsRetrieveOutput - -# Custom imports below - - -class EmailsRetrieve(insightconnect_plugin_runtime.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="emails_retrieve", - description="Retrieve ThreatConnect E-mails", - input=EmailsRetrieveInput(), - output=EmailsRetrieveOutput(), - ) - - def run(self, params={}): - email_obj_list = [] - emails = self.connection.threat_connect.emails() - - filter1 = emails.add_filter() - filter1.add_owner(params.get("owner")) - - if params.get("adversary_id"): - filter1.add_adversary_id(params.get("adversary_id")) - - if params.get("email_id"): - filter1.add_email_id(params.get("email_id")) - - if params.get("document_id"): - filter1.add_document_id(params.get("document_id")) - - if params.get("id"): - filter1.add_id(params.get("id")) - - if params.get("incident_id"): - filter1.add_incident_id(params.get("incident_id")) - - if params.get("indicator"): - filter1.add_indicator(params.get("indicator")) - - if params.get("security_label"): - filter1.add_security_label(params.get("security_label")) - - if params.get("signature_id"): - filter1.add_signature_id(params.get("signature_id")) - - if params.get("threat_id"): - filter1.add_threat_id(params.get("threat_id")) - - if params.get("tag"): - filter1.add_tag(params.get("tag")) - - try: - emails.retrieve() - except RuntimeError as e: - raise e - - for email in emails: - email_obj = { - "id": (email.id or ""), - "name": (email.name or ""), - "date_added": (email.date_added or ""), - "weblink": (email.weblink or ""), - "header": (email.header or ""), - "subject": (email.subject or ""), - "from_address": (email.from_address or ""), - "to": (email.to or ""), - "body": (email.body or ""), - "score": (email.score or ""), - } - email_obj_list.append(email_obj) - - return {"emails": email_obj_list} - - def test(self): - owners = self.connection.threat_connect.owners() - owner = "" - try: - owners.retrieve() - except RuntimeError as e: - raise e - - for owner in owners: - owner = owner.name - return {"Owner Name": owner} diff --git a/plugins/threat_connect/komand_threat_connect/actions/emails_retrieve/schema.py b/plugins/threat_connect/komand_threat_connect/actions/emails_retrieve/schema.py deleted file mode 100755 index 28bc17d081..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/emails_retrieve/schema.py +++ /dev/null @@ -1,191 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Component: - DESCRIPTION = "Retrieve ThreatConnect emails" - - -class Input: - ADVERSARY_ID = "adversary_id" - DOCUMENT_ID = "document_id" - EMAIL_ID = "email_id" - ID = "id" - INCIDENT_ID = "incident_id" - INDICATOR = "indicator" - OWNER = "owner" - SECURITY_LABEL = "security_label" - SIGNATURE_ID = "signature_id" - TAG = "tag" - THREAT_ID = "threat_id" - - -class Output: - EMAILS = "emails" - - -class EmailsRetrieveInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "adversary_id": { - "type": "integer", - "title": "Adversary ID", - "description": "Filter Groups on associated Adversary ID", - "order": 1 - }, - "document_id": { - "type": "integer", - "title": "Document ID", - "description": "Filter Groups on associated Document ID", - "order": 4 - }, - "email_id": { - "type": "integer", - "title": "Email ID", - "description": "Filter Groups on associated Email ID", - "order": 2 - }, - "id": { - "type": "integer", - "title": "ID", - "description": "Filter Groups on associated ID", - "order": 3 - }, - "incident_id": { - "type": "integer", - "title": "Incident ID", - "description": "Filter Groups on associated Incident ID", - "order": 5 - }, - "indicator": { - "type": "string", - "title": "Indicator", - "description": "Filter Groups on associated Indicator", - "order": 6 - }, - "owner": { - "type": "string", - "title": "Owner", - "description": "Owner/Organization", - "order": 11 - }, - "security_label": { - "type": "string", - "title": "Security Label", - "description": "Filter Groups on associated Security Label", - "order": 7 - }, - "signature_id": { - "type": "integer", - "title": "Signature ID", - "description": "Filter Groups on applied Security Label", - "order": 8 - }, - "tag": { - "type": "string", - "title": "Tag", - "description": "Filter Groups on applied Tag", - "order": 10 - }, - "threat_id": { - "type": "integer", - "title": "Threat ID", - "description": "Filter Groups on associated Threat ID", - "order": 9 - } - }, - "required": [ - "owner" - ] -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class EmailsRetrieveOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "emails": { - "type": "array", - "title": "Emails", - "description": "Emails", - "items": { - "$ref": "#/definitions/email_output" - }, - "order": 1 - } - }, - "definitions": { - "email_output": { - "type": "object", - "title": "email_output", - "properties": { - "body": { - "type": "string", - "title": "Body", - "order": 9 - }, - "date_added": { - "type": "string", - "title": "Date Added", - "displayType": "date", - "format": "date-time", - "order": 3 - }, - "from_address": { - "type": "string", - "title": "From Address", - "order": 7 - }, - "header": { - "type": "string", - "title": "Header", - "order": 5 - }, - "id": { - "type": "integer", - "title": "ID", - "order": 1 - }, - "name": { - "type": "string", - "title": "Name", - "order": 2 - }, - "score": { - "type": "string", - "title": "Score", - "order": 10 - }, - "subject": { - "type": "string", - "title": "Subject", - "order": 6 - }, - "to": { - "type": "string", - "title": "To", - "order": 8 - }, - "weblink": { - "type": "string", - "title": "Weblink", - "order": 4 - } - } - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/threat_connect/komand_threat_connect/actions/incidents_retrieve/__init__.py b/plugins/threat_connect/komand_threat_connect/actions/incidents_retrieve/__init__.py deleted file mode 100755 index ed6dec32a4..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/incidents_retrieve/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .action import IncidentsRetrieve diff --git a/plugins/threat_connect/komand_threat_connect/actions/incidents_retrieve/action.py b/plugins/threat_connect/komand_threat_connect/actions/incidents_retrieve/action.py deleted file mode 100755 index b2639e6fc4..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/incidents_retrieve/action.py +++ /dev/null @@ -1,85 +0,0 @@ -import insightconnect_plugin_runtime -from .schema import IncidentsRetrieveInput, IncidentsRetrieveOutput - -# Custom imports below -import datetime - - -class IncidentsRetrieve(insightconnect_plugin_runtime.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="incidents_retrieve", - description="Retrieve ThreatConnect Incidents", - input=IncidentsRetrieveInput(), - output=IncidentsRetrieveOutput(), - ) - - def run(self, params={}): - incidents = self.connection.threat_connect.incidents() - incident_obj_list = [] - - filter1 = incidents.add_filter() - - filter1.add_owner(params.get("owner")) - - if params.get("adversary_id"): - filter1.add_adversary_id(params.get("adversary_id")) - - if params.get("email_id"): - filter1.add_email_id(params.get("email_id")) - - if params.get("document_id"): - filter1.add_document_id(params.get("document_id")) - - if params.get("id"): - filter1.add_id(params.get("id")) - - if params.get("incident_id"): - filter1.add_incident_id(params.get("incident_id")) - - if params.get("indicator"): - filter1.add_indicator(params.get("indicator")) - - if params.get("security_label"): - filter1.add_security_label(params.get("security_label")) - - if params.get("signature_id"): - filter1.add_signature_id(params.get("signature_id")) - - if params.get("threat_id"): - filter1.add_threat_id(params.get("threat_id")) - - if params.get("tag"): - filter1.add_tag(params.get("tag")) - - if params.get("victim_id"): - filter1.add_victim_id(params.get("victim_id")) - - try: - incidents.retrieve() - except RuntimeError as e: - raise e - - for incident in incidents: - incident_obj = { - "id": incident.id, - "name": incident.name, - "date_added": (datetime.datetime.strptime(incident.date_added, "%Y-%d-%mT%H:%M:%SZ").isoformat() or ""), - "event_date": (datetime.datetime.strptime(incident.event_date, "%Y-%d-%mT%H:%M:%SZ").isoformat() or ""), - "weblink": incident.weblink, - } - incident_obj_list.append(incident_obj) - - return {"incidents": incident_obj_list} - - def test(self): - owners = self.connection.threat_connect.owners() - owner = "" - try: - owners.retrieve() - except RuntimeError as e: - raise e - - for owner in owners: - owner = owner.name - return {"Owner Name": owner} diff --git a/plugins/threat_connect/komand_threat_connect/actions/incidents_retrieve/schema.py b/plugins/threat_connect/komand_threat_connect/actions/incidents_retrieve/schema.py deleted file mode 100755 index 79978d1f84..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/incidents_retrieve/schema.py +++ /dev/null @@ -1,179 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Component: - DESCRIPTION = "Retrieve ThreatConnect Incidents" - - -class Input: - FILTER = "filter" - OWNER = "owner" - - -class Output: - INCIDENTS = "incidents" - - -class IncidentsRetrieveInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "filter": { - "$ref": "#/definitions/filter", - "title": "Filter", - "description": "ThreatConnect filters", - "order": 1 - }, - "owner": { - "type": "string", - "title": "Owner", - "description": "Owner/Organization", - "order": 2 - } - }, - "required": [ - "owner" - ], - "definitions": { - "filter": { - "type": "object", - "title": "filter", - "properties": { - "adversary_id": { - "type": "integer", - "title": "Adversary ID", - "description": "Filter Groups on associated Adversary ID", - "order": 1 - }, - "document_id": { - "type": "integer", - "title": "Document ID", - "description": "Filter Groups on associated Document ID", - "order": 4 - }, - "email_id": { - "type": "integer", - "title": "Email ID", - "description": "Filter Groups on associated Email ID", - "order": 2 - }, - "id": { - "type": "integer", - "title": "ID", - "description": "Filter Groups on associated ID", - "order": 3 - }, - "incident_id": { - "type": "integer", - "title": "Incident ID", - "description": "Filter Groups on associated Incident ID", - "order": 5 - }, - "indicator": { - "type": "string", - "title": "Indicator", - "description": "Filter Groups on associated Indicator", - "order": 6 - }, - "security_label": { - "type": "string", - "title": "Security Label", - "description": "Filter Groups on associated Security Label", - "order": 7 - }, - "signature_id": { - "type": "integer", - "title": "Signature ID", - "description": "Filter Groups on applied Security Label", - "order": 8 - }, - "tag": { - "type": "string", - "title": "Tag", - "description": "Filter Groups on applied Tag", - "order": 10 - }, - "threat_id": { - "type": "integer", - "title": "Threat ID", - "description": "Filter Groups on associated Threat ID", - "order": 9 - }, - "victim_id": { - "type": "integer", - "title": "Victim ID", - "description": "Filter Groups on associated Victim ID", - "order": 11 - } - } - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class IncidentsRetrieveOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "incidents": { - "type": "array", - "title": "Incidents", - "description": "Incidents", - "items": { - "$ref": "#/definitions/incidents_output" - }, - "order": 1 - } - }, - "definitions": { - "incidents_output": { - "type": "object", - "title": "incidents_output", - "properties": { - "date_added": { - "type": "string", - "title": "Date Added", - "displayType": "date", - "format": "date-time", - "order": 3 - }, - "event_date": { - "type": "string", - "title": "Event Date", - "displayType": "date", - "format": "date-time", - "order": 4 - }, - "id": { - "type": "integer", - "title": "ID", - "order": 1 - }, - "name": { - "type": "string", - "title": "Name", - "order": 2 - }, - "weblink": { - "type": "string", - "title": "Weblink", - "order": 5 - } - } - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/threat_connect/komand_threat_connect/actions/signatures_retrieve/__init__.py b/plugins/threat_connect/komand_threat_connect/actions/signatures_retrieve/__init__.py deleted file mode 100755 index 0a150a01cf..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/signatures_retrieve/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .action import SignaturesRetrieve diff --git a/plugins/threat_connect/komand_threat_connect/actions/signatures_retrieve/action.py b/plugins/threat_connect/komand_threat_connect/actions/signatures_retrieve/action.py deleted file mode 100755 index a0c0aa1dc7..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/signatures_retrieve/action.py +++ /dev/null @@ -1,92 +0,0 @@ -import insightconnect_plugin_runtime -from .schema import SignaturesRetrieveInput, SignaturesRetrieveOutput - -# Custom imports below -import datetime - - -class SignaturesRetrieve(insightconnect_plugin_runtime.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="signatures_retrieve", - description="Retrieve ThreatConnect Signatures", - input=SignaturesRetrieveInput(), - output=SignaturesRetrieveOutput(), - ) - - def run(self, params={}): # noqa: MC0001 - sig_obj_list = [] - signatures = self.connection.threat_connect.signatures() - - filter1 = signatures.add_filter() - - filter1.add_owner(params.get("owner")) - - if params.get("adversary_id"): - filter1.add_adversary_id(params.get("adversary_id")) - - if params.get("email_id"): - filter1.add_email_id(params.get("email_id")) - - if params.get("document_id"): - filter1.add_document_id(params.get("document_id")) - - if params.get("id"): - filter1.add_id(params.get("id")) - - if params.get("incident_id"): - filter1.add_incident_id(params.get("incident_id")) - - if params.get("indicator"): - filter1.add_indicator(params.get("indicator")) - - if params.get("security_label"): - filter1.add_security_label(params.get("security_label")) - - if params.get("signature_id"): - filter1.add_signature_id(params.get("signature_id")) - - if params.get("threat_id"): - filter1.add_threat_id(params.get("threat_id")) - - if params.get("tag"): - filter1.add_tag(params.get("tag")) - - if params.get("victim_id"): - filter1.add_victim_id(params.get("victim_id")) - - try: - filter1 = signatures.add_filter() - # filter1.add_id(params.get('id')) - except AttributeError as e: - raise e - - try: - signatures.retrieve() - except RuntimeError as e: - raise e - - for signature in signatures: - sig_obj = { - "id": signature.id, - "name": signature.name, - "date_added": ( - datetime.datetime.strptime(signature.date_added, "%Y-%d-%mT%H:%M:%SZ").isoformat() or "" - ), - "weblink": signature.weblink, - } - sig_obj_list.append(sig_obj) - - return {"signatures": sig_obj_list} - - def test(self): - owners = self.connection.threat_connect.owners() - owner = "" - try: - owners.retrieve() - except RuntimeError as e: - raise e - - for owner in owners: - owner = owner.name - return {"Owner Name": owner} diff --git a/plugins/threat_connect/komand_threat_connect/actions/signatures_retrieve/schema.py b/plugins/threat_connect/komand_threat_connect/actions/signatures_retrieve/schema.py deleted file mode 100755 index 608ca90f53..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/signatures_retrieve/schema.py +++ /dev/null @@ -1,172 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Component: - DESCRIPTION = "Retrieve ThreatConnect Signatures" - - -class Input: - FILTER = "filter" - OWNER = "owner" - - -class Output: - SIGNATURES = "signatures" - - -class SignaturesRetrieveInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "filter": { - "$ref": "#/definitions/filter", - "title": "Filter", - "description": "ThreatConnect filters", - "order": 1 - }, - "owner": { - "type": "string", - "title": "Owner", - "description": "Owner/Organization", - "order": 2 - } - }, - "required": [ - "owner" - ], - "definitions": { - "filter": { - "type": "object", - "title": "filter", - "properties": { - "adversary_id": { - "type": "integer", - "title": "Adversary ID", - "description": "Filter Groups on associated Adversary ID", - "order": 1 - }, - "document_id": { - "type": "integer", - "title": "Document ID", - "description": "Filter Groups on associated Document ID", - "order": 4 - }, - "email_id": { - "type": "integer", - "title": "Email ID", - "description": "Filter Groups on associated Email ID", - "order": 2 - }, - "id": { - "type": "integer", - "title": "ID", - "description": "Filter Groups on associated ID", - "order": 3 - }, - "incident_id": { - "type": "integer", - "title": "Incident ID", - "description": "Filter Groups on associated Incident ID", - "order": 5 - }, - "indicator": { - "type": "string", - "title": "Indicator", - "description": "Filter Groups on associated Indicator", - "order": 6 - }, - "security_label": { - "type": "string", - "title": "Security Label", - "description": "Filter Groups on associated Security Label", - "order": 7 - }, - "signature_id": { - "type": "integer", - "title": "Signature ID", - "description": "Filter Groups on applied Security Label", - "order": 8 - }, - "tag": { - "type": "string", - "title": "Tag", - "description": "Filter Groups on applied Tag", - "order": 10 - }, - "threat_id": { - "type": "integer", - "title": "Threat ID", - "description": "Filter Groups on associated Threat ID", - "order": 9 - }, - "victim_id": { - "type": "integer", - "title": "Victim ID", - "description": "Filter Groups on associated Victim ID", - "order": 11 - } - } - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class SignaturesRetrieveOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "signatures": { - "type": "array", - "title": "Signatures", - "description": "Signatures", - "items": { - "$ref": "#/definitions/signatures_output" - }, - "order": 1 - } - }, - "definitions": { - "signatures_output": { - "type": "object", - "title": "signatures_output", - "properties": { - "date_added": { - "type": "string", - "title": "Date Added", - "displayType": "date", - "format": "date-time", - "order": 3 - }, - "id": { - "type": "integer", - "title": "ID", - "order": 1 - }, - "name": { - "type": "string", - "title": "Name", - "order": 2 - }, - "weblink": { - "type": "string", - "title": "Weblink", - "order": 4 - } - } - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/threat_connect/komand_threat_connect/actions/threats_retrieve/__init__.py b/plugins/threat_connect/komand_threat_connect/actions/threats_retrieve/__init__.py deleted file mode 100755 index 4e28d7c470..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/threats_retrieve/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .action import ThreatsRetrieve diff --git a/plugins/threat_connect/komand_threat_connect/actions/threats_retrieve/action.py b/plugins/threat_connect/komand_threat_connect/actions/threats_retrieve/action.py deleted file mode 100755 index 864006f8b1..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/threats_retrieve/action.py +++ /dev/null @@ -1,90 +0,0 @@ -import insightconnect_plugin_runtime -from .schema import ThreatsRetrieveInput, ThreatsRetrieveOutput - -# Custom imports below -import datetime - - -class ThreatsRetrieve(insightconnect_plugin_runtime.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="threats_retrieve", - description="Retrieve ThreatConnect Threats", - input=ThreatsRetrieveInput(), - output=ThreatsRetrieveOutput(), - ) - - def run(self, params={}): # noqa: MC0001 - threat_obj_list = [] - threats = self.connection.threat_connect.threats() - - filter1 = threats.add_filter() - - filter1.add_owner(params.get("owner")) - - if params.get("adversary_id"): - filter1.add_adversary_id(params.get("adversary_id")) - - if params.get("email_id"): - filter1.add_email_id(params.get("email_id")) - - if params.get("document_id"): - filter1.add_document_id(params.get("document_id")) - - if params.get("id"): - filter1.add_id(params.get("id")) - - if params.get("incident_id"): - filter1.add_incident_id(params.get("incident_id")) - - if params.get("indicator"): - filter1.add_indicator(params.get("indicator")) - - if params.get("security_label"): - filter1.add_security_label(params.get("security_label")) - - if params.get("signature_id"): - filter1.add_signature_id(params.get("signature_id")) - - if params.get("threat_id"): - filter1.add_threat_id(params.get("threat_id")) - - if params.get("tag"): - filter1.add_tag(params.get("tag")) - - if params.get("victim_id"): - filter1.add_victim_id(params.get("victim_id")) - - try: - filter1 = threats.add_filter() - # filter1.add_id(params.get('id')) - except AttributeError as e: - raise e - - try: - threats.retrieve() - except RuntimeError as e: - raise e - - for threat in threats: - threat_obj = { - "id": (threat.id or -1), - "name": (threat.name or ""), - "date_added": (datetime.datetime.strptime(threat.date_added, "%Y-%d-%mT%H:%M:%SZ").isoformat() or ""), - "weblink": (threat.weblink or ""), - } - threat_obj_list.append(threat_obj) - - return {"threats": threat_obj_list} - - def test(self): - owners = self.connection.threat_connect.owners() - owner = "" - try: - owners.retrieve() - except RuntimeError as e: - raise e - - for owner in owners: - owner = owner.name - return {"Owner Name": owner} diff --git a/plugins/threat_connect/komand_threat_connect/actions/threats_retrieve/schema.py b/plugins/threat_connect/komand_threat_connect/actions/threats_retrieve/schema.py deleted file mode 100755 index d13c6c1d54..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/threats_retrieve/schema.py +++ /dev/null @@ -1,172 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Component: - DESCRIPTION = "Retrieve ThreatConnect Threats" - - -class Input: - FILTER = "filter" - OWNER = "owner" - - -class Output: - THREATS = "threats" - - -class ThreatsRetrieveInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "filter": { - "$ref": "#/definitions/filter", - "title": "Filter", - "description": "ThreatConnect filters", - "order": 1 - }, - "owner": { - "type": "string", - "title": "Owner", - "description": "Owner/Organization", - "order": 2 - } - }, - "required": [ - "owner" - ], - "definitions": { - "filter": { - "type": "object", - "title": "filter", - "properties": { - "adversary_id": { - "type": "integer", - "title": "Adversary ID", - "description": "Filter Groups on associated Adversary ID", - "order": 1 - }, - "document_id": { - "type": "integer", - "title": "Document ID", - "description": "Filter Groups on associated Document ID", - "order": 4 - }, - "email_id": { - "type": "integer", - "title": "Email ID", - "description": "Filter Groups on associated Email ID", - "order": 2 - }, - "id": { - "type": "integer", - "title": "ID", - "description": "Filter Groups on associated ID", - "order": 3 - }, - "incident_id": { - "type": "integer", - "title": "Incident ID", - "description": "Filter Groups on associated Incident ID", - "order": 5 - }, - "indicator": { - "type": "string", - "title": "Indicator", - "description": "Filter Groups on associated Indicator", - "order": 6 - }, - "security_label": { - "type": "string", - "title": "Security Label", - "description": "Filter Groups on associated Security Label", - "order": 7 - }, - "signature_id": { - "type": "integer", - "title": "Signature ID", - "description": "Filter Groups on applied Security Label", - "order": 8 - }, - "tag": { - "type": "string", - "title": "Tag", - "description": "Filter Groups on applied Tag", - "order": 10 - }, - "threat_id": { - "type": "integer", - "title": "Threat ID", - "description": "Filter Groups on associated Threat ID", - "order": 9 - }, - "victim_id": { - "type": "integer", - "title": "Victim ID", - "description": "Filter Groups on associated Victim ID", - "order": 11 - } - } - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class ThreatsRetrieveOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "threats": { - "type": "array", - "title": "Threats", - "description": "Threats", - "items": { - "$ref": "#/definitions/signatures_output" - }, - "order": 1 - } - }, - "definitions": { - "signatures_output": { - "type": "object", - "title": "signatures_output", - "properties": { - "date_added": { - "type": "string", - "title": "Date Added", - "displayType": "date", - "format": "date-time", - "order": 3 - }, - "id": { - "type": "integer", - "title": "ID", - "order": 1 - }, - "name": { - "type": "string", - "title": "Name", - "order": 2 - }, - "weblink": { - "type": "string", - "title": "Weblink", - "order": 4 - } - } - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/threat_connect/komand_threat_connect/actions/victims_retrieve/__init__.py b/plugins/threat_connect/komand_threat_connect/actions/victims_retrieve/__init__.py deleted file mode 100755 index f3131c9575..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/victims_retrieve/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .action import VictimsRetrieve diff --git a/plugins/threat_connect/komand_threat_connect/actions/victims_retrieve/action.py b/plugins/threat_connect/komand_threat_connect/actions/victims_retrieve/action.py deleted file mode 100755 index 7c687cf0cb..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/victims_retrieve/action.py +++ /dev/null @@ -1,86 +0,0 @@ -import insightconnect_plugin_runtime -from .schema import VictimsRetrieveInput, VictimsRetrieveOutput - -# Custom imports below - - -class VictimsRetrieve(insightconnect_plugin_runtime.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="victims_retrieve", - description="Retrieve ThreatConnect Victims", - input=VictimsRetrieveInput(), - output=VictimsRetrieveOutput(), - ) - - def run(self, params={}): - victims = self.connection.threat_connect.victims() - victim_obj_list = [] - - filter1 = victims.add_filter() - - filter1.add_owner(params.get("owner")) - - if params.get("adversary_id"): - filter1.add_adversary_id(params.get("adversary_id")) - - if params.get("email_id"): - filter1.add_email_id(params.get("email_id")) - - if params.get("document_id"): - filter1.add_document_id(params.get("document_id")) - - if params.get("id"): - filter1.add_id(params.get("id")) - - if params.get("incident_id"): - filter1.add_incident_id(params.get("incident_id")) - - if params.get("indicator"): - filter1.add_indicator(params.get("indicator")) - - if params.get("security_label"): - filter1.add_security_label(params.get("security_label")) - - if params.get("signature_id"): - filter1.add_signature_id(params.get("signature_id")) - - if params.get("threat_id"): - filter1.add_threat_id(params.get("threat_id")) - - if params.get("tag"): - filter1.add_tag(params.get("tag")) - - if params.get("victim_id"): - filter1.add_victim_id(params.get("victim_id")) - - try: - victims.retrieve() - except RuntimeError as e: - raise e - - for victim in victims: - victim_obj = { - "id": victim.id, - "name": victim.name, - "nationality": (victim.nationality or ""), - "org": (victim.org or ""), - "suborg": (victim.suborg or ""), - "work_location": (victim.work_location or ""), - "weblink": victim.weblink, - } - victim_obj_list.append(victim_obj) - - return {"victims": victim_obj_list} - - def test(self): - owners = self.connection.threat_connect.owners() - owner = "" - try: - owners.retrieve() - except RuntimeError as e: - raise e - - for owner in owners: - owner = owner.name - return {"Owner Name": owner} diff --git a/plugins/threat_connect/komand_threat_connect/actions/victims_retrieve/schema.py b/plugins/threat_connect/komand_threat_connect/actions/victims_retrieve/schema.py deleted file mode 100755 index 0d2628e711..0000000000 --- a/plugins/threat_connect/komand_threat_connect/actions/victims_retrieve/schema.py +++ /dev/null @@ -1,185 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Component: - DESCRIPTION = "Retrieve ThreatConnect Victims" - - -class Input: - FILTER = "filter" - OWNER = "owner" - - -class Output: - VICTIMS = "victims" - - -class VictimsRetrieveInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "filter": { - "$ref": "#/definitions/filter", - "title": "Filter", - "description": "ThreatConnect filters", - "order": 1 - }, - "owner": { - "type": "string", - "title": "Owner", - "description": "Owner/Organization", - "order": 2 - } - }, - "required": [ - "owner" - ], - "definitions": { - "filter": { - "type": "object", - "title": "filter", - "properties": { - "adversary_id": { - "type": "integer", - "title": "Adversary ID", - "description": "Filter Groups on associated Adversary ID", - "order": 1 - }, - "document_id": { - "type": "integer", - "title": "Document ID", - "description": "Filter Groups on associated Document ID", - "order": 4 - }, - "email_id": { - "type": "integer", - "title": "Email ID", - "description": "Filter Groups on associated Email ID", - "order": 2 - }, - "id": { - "type": "integer", - "title": "ID", - "description": "Filter Groups on associated ID", - "order": 3 - }, - "incident_id": { - "type": "integer", - "title": "Incident ID", - "description": "Filter Groups on associated Incident ID", - "order": 5 - }, - "indicator": { - "type": "string", - "title": "Indicator", - "description": "Filter Groups on associated Indicator", - "order": 6 - }, - "security_label": { - "type": "string", - "title": "Security Label", - "description": "Filter Groups on associated Security Label", - "order": 7 - }, - "signature_id": { - "type": "integer", - "title": "Signature ID", - "description": "Filter Groups on applied Security Label", - "order": 8 - }, - "tag": { - "type": "string", - "title": "Tag", - "description": "Filter Groups on applied Tag", - "order": 10 - }, - "threat_id": { - "type": "integer", - "title": "Threat ID", - "description": "Filter Groups on associated Threat ID", - "order": 9 - }, - "victim_id": { - "type": "integer", - "title": "Victim ID", - "description": "Filter Groups on associated Victim ID", - "order": 11 - } - } - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class VictimsRetrieveOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "victims": { - "type": "array", - "title": "Victims", - "description": "Victims", - "items": { - "$ref": "#/definitions/victim_output" - }, - "order": 1 - } - }, - "definitions": { - "victim_output": { - "type": "object", - "title": "victim_output", - "properties": { - "id": { - "type": "integer", - "title": "ID", - "order": 1 - }, - "name": { - "type": "string", - "title": "Name", - "order": 2 - }, - "nationality": { - "type": "string", - "title": "Nationality", - "order": 4 - }, - "org": { - "type": "string", - "title": "Org", - "order": 5 - }, - "suborg": { - "type": "string", - "title": "Suborg", - "order": 6 - }, - "weblink": { - "type": "string", - "title": "Weblink", - "order": 3 - }, - "work_location": { - "type": "string", - "title": "Work Location", - "order": 7 - } - } - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/threat_connect/komand_threat_connect/connection/__init__.py b/plugins/threat_connect/komand_threat_connect/connection/__init__.py deleted file mode 100755 index a515dcf6b0..0000000000 --- a/plugins/threat_connect/komand_threat_connect/connection/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .connection import Connection diff --git a/plugins/threat_connect/komand_threat_connect/connection/connection.py b/plugins/threat_connect/komand_threat_connect/connection/connection.py deleted file mode 100755 index eff6db472b..0000000000 --- a/plugins/threat_connect/komand_threat_connect/connection/connection.py +++ /dev/null @@ -1,27 +0,0 @@ -import insightconnect_plugin_runtime -from .schema import ConnectionSchema - -# Custom imports below -import sys -import threatconnect - - -class Connection(insightconnect_plugin_runtime.Connection): - def __init__(self): - super(self.__class__, self).__init__(input=ConnectionSchema()) - self.threat_connect = None - - def connect(self, params): - self.logger.info("Connect: Connecting..") - - try: - api_access_id = int(params.get("api_access_id")) - api_default_org = params.get("api_default_org") - api_secret_key = params.get("api_secret_key").get("secretKey") - api_base_url = params.get("api_base_url") - except Exception: - self.logger.info("Connect: Connection Failed") - sys.exit(1) - - self.threat_connect = threatconnect.ThreatConnect(api_access_id, api_secret_key, api_default_org, api_base_url) - self.threat_connect.set_tcl_console_level("debug") diff --git a/plugins/threat_connect/komand_threat_connect/connection/schema.py b/plugins/threat_connect/komand_threat_connect/connection/schema.py deleted file mode 100755 index 73cdb14b87..0000000000 --- a/plugins/threat_connect/komand_threat_connect/connection/schema.py +++ /dev/null @@ -1,74 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Input: - API_ACCESS_ID = "api_access_id" - API_BASE_URL = "api_base_url" - API_DEFAULT_ORG = "api_default_org" - API_SECRET_KEY = "api_secret_key" - - -class ConnectionSchema(insightconnect_plugin_runtime.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "api_access_id": { - "type": "string", - "title": "Api Access Id", - "description": "Enter API Access ID", - "order": 1 - }, - "api_base_url": { - "type": "string", - "title": "Api Base Url", - "description": "Enter API Base URL", - "order": 4 - }, - "api_default_org": { - "type": "string", - "title": "Api Default Org", - "description": "Enter API Default Org", - "order": 2 - }, - "api_secret_key": { - "$ref": "#/definitions/credential_secret_key", - "title": "Api Secret Key", - "description": "Enter API Secret Key", - "order": 3 - } - }, - "required": [ - "api_access_id", - "api_base_url", - "api_default_org", - "api_secret_key" - ], - "definitions": { - "credential_secret_key": { - "id": "credential_secret_key", - "type": "object", - "title": "Credential: Secret Key", - "description": "A shared secret key", - "properties": { - "secretKey": { - "type": "string", - "title": "Secret Key", - "displayType": "password", - "description": "The shared secret key", - "format": "password" - } - }, - "required": [ - "secretKey" - ] - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/threat_connect/komand_threat_connect/triggers/__init__.py b/plugins/threat_connect/komand_threat_connect/triggers/__init__.py deleted file mode 100755 index bace8db897..0000000000 --- a/plugins/threat_connect/komand_threat_connect/triggers/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT diff --git a/plugins/threat_connect/komand_threat_connect/util/__init__.py b/plugins/threat_connect/komand_threat_connect/util/__init__.py deleted file mode 100755 index bace8db897..0000000000 --- a/plugins/threat_connect/komand_threat_connect/util/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT diff --git a/plugins/threat_connect/plugin.spec.yaml b/plugins/threat_connect/plugin.spec.yaml deleted file mode 100644 index dcbbb70bc8..0000000000 --- a/plugins/threat_connect/plugin.spec.yaml +++ /dev/null @@ -1,576 +0,0 @@ -plugin_spec_version: v2 -extension: plugin -products: [insightconnect] -name: threat_connect -title: ThreatConnect -description: "ThreatConnect is a Threat Intelligence Platform (TIP) that empowers large - organizations to aggregate, analyze and act on their threat intelligence. The ThreatConnect plugin for Rapid7 -InsightConnect allows users to view incidents, emails, threats, victims, and more" -version: 1.0.2 -vendor: rapid7 -support: community -status: [] -resources: - source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/threat_connect - license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE - vendor_url: https://threatconnect.com/ -tags: -- threat -- malicious -- analyze -- manage -- identify -- threatconnect -hub_tags: - use_cases: [threat_detection_and_response] - keywords: [threat, malicious, analyze, manage, identify, threatconnect] - features: [] -types: - filter: - adversary_id: - title: Adversary ID - type: integer - description: Filter Groups on associated Adversary ID - required: false - email_id: - title: Email ID - type: integer - description: Filter Groups on associated Email ID - required: false - id: - title: ID - type: integer - description: Filter Groups on associated ID - required: false - document_id: - title: Document ID - type: integer - description: Filter Groups on associated Document ID - required: false - incident_id: - title: Incident ID - type: integer - description: Filter Groups on associated Incident ID - required: false - indicator: - title: Indicator - type: string - description: Filter Groups on associated Indicator - required: false - security_label: - title: Security Label - type: string - description: Filter Groups on associated Security Label - required: false - signature_id: - title: Signature ID - type: integer - description: Filter Groups on applied Security Label - required: false - threat_id: - title: Threat ID - type: integer - description: Filter Groups on associated Threat ID - required: false - tag: - title: Tag - type: string - description: Filter Groups on applied Tag - required: false - victim_id: - title: Victim ID - type: integer - description: Filter Groups on associated Victim ID - required: false - email_output: - id: - title: ID - type: integer - name: - title: Name - type: string - date_added: - title: Date Added - type: date - weblink: - title: Weblink - type: string - header: - title: Header - type: string - subject: - title: Subject - type: string - from_address: - title: From Address - type: string - to: - title: To - type: string - body: - title: Body - type: string - score: - title: Score - type: string - incidents_output: - id: - title: ID - type: integer - name: - title: Name - type: string - date_added: - title: Date Added - type: date - event_date: - title: Event Date - type: date - weblink: - title: Weblink - type: string - bulk_indicator_output: - id: - title: ID - type: integer - required: false - owner_name: - title: Owner Name - type: string - required: false - date_added: - title: Date Added - type: date - required: false - last_modified: - title: Last Modified - type: date - required: false - rating: - title: Rating - type: string - required: false - threat_assess_rating: - title: Threat Assess Rating - type: string - required: false - confidence: - title: Confidence - type: string - required: false - threat_assess_confidence: - title: Threat Assess Confidence - type: string - required: false - type: - title: Type - type: string - required: false - weblink: - title: Weblink - type: string - required: false - signatures_output: - id: - title: ID - type: integer - required: false - name: - title: Name - type: string - required: false - date_added: - title: Date Added - type: date - required: false - weblink: - title: Weblink - type: string - required: false - victim_output: - id: - title: ID - type: integer - required: false - name: - title: Name - type: string - required: false - weblink: - title: Weblink - type: string - required: false - nationality: - title: Nationality - type: string - required: false - org: - title: Org - type: string - required: false - suborg: - title: Suborg - type: string - required: false - work_location: - title: Work Location - type: string - required: false -connection: - api_access_id: - type: string - description: Enter API Access ID - required: true - api_default_org: - type: string - description: Enter API Default Org - required: true - api_secret_key: - type: credential_secret_key - description: Enter API Secret Key - required: true - api_base_url: - type: string - description: Enter API Base URL - required: true -actions: - emails_retrieve: - title: Email Retrieve - description: Retrieve ThreatConnect emails - input: - adversary_id: - title: Adversary ID - type: integer - description: Filter Groups on associated Adversary ID - required: false - email_id: - title: Email ID - type: integer - description: Filter Groups on associated Email ID - required: false - id: - title: ID - type: integer - description: Filter Groups on associated ID - required: false - document_id: - title: Document ID - type: integer - description: Filter Groups on associated Document ID - required: false - incident_id: - title: Incident ID - type: integer - description: Filter Groups on associated Incident ID - required: false - indicator: - title: Indicator - type: string - description: Filter Groups on associated Indicator - required: false - security_label: - title: Security Label - type: string - description: Filter Groups on associated Security Label - required: false - signature_id: - title: Signature ID - type: integer - description: Filter Groups on applied Security Label - required: false - threat_id: - title: Threat ID - type: integer - description: Filter Groups on associated Threat ID - required: false - tag: - title: Tag - type: string - description: Filter Groups on applied Tag - required: false - owner: - title: Owner - type: string - description: Owner/Organization - required: true - output: - emails: - title: Emails - type: '[]email_output' - required: false - description: Emails - incidents_retrieve: - title: Incidents Retrieve - description: Retrieve ThreatConnect Incidents - input: - filter: - title: Filter - type: filter - description: ThreatConnect filters - required: false - owner: - title: Owner - type: string - description: Owner/Organization - required: true - output: - incidents: - title: Incidents - type: '[]incidents_output' - required: false - description: Incidents - bulk_indicator_download: - title: Bulk Indicator Download - description: Retrieve ThreatConnect Bulk Indicator Download - input: - owner: - title: Owner - type: string - description: Owner/Organization - required: true - attribute: - title: Attribute - type: string - description: Attribute type - required: false - confidence: - title: Confidence - type: integer - description: Confidence value - required: false - date_added: - title: Date Added - type: date - description: Date indicator added - required: false - last_modified: - title: Last Modified - type: date - description: Last modified date - required: false - rating: - title: Rating - type: string - description: Indicator rating - required: false - tag: - title: Tag - type: string - description: Single tag filter - required: false - threat_assess_confidence: - title: Threat Assess Confidence - type: integer - description: Threat Assess Confidence filter - required: false - threat_assess_rating: - title: Threat Assess Rating - type: string - description: Threat Assess Rating filter - required: false - type: - title: Type - type: string - description: Indicator type - required: false - output: - bulk_indicators: - title: Bulk Indicators - type: '[]bulk_indicator_output' - required: false - description: Bulk indicators - signatures_retrieve: - title: Signatures Retrieve - description: Retrieve ThreatConnect Signatures - input: - filter: - title: Filter - type: filter - description: ThreatConnect filters - required: false - owner: - title: Owner - type: string - description: Owner/Organization - required: true - output: - signatures: - title: Signatures - type: '[]signatures_output' - required: false - description: Signatures - threats_retrieve: - title: Threats Retrieve - description: Retrieve ThreatConnect Threats - input: - filter: - title: Filter - type: filter - description: ThreatConnect filters - required: false - owner: - title: Owner - type: string - description: Owner/Organization - required: true - output: - threats: - title: Threats - type: '[]signatures_output' - required: false - description: Threats - victims_retrieve: - title: Victims Retrieve - description: Retrieve ThreatConnect Victims - input: - filter: - title: Filter - type: filter - description: ThreatConnect filters - required: false - owner: - title: Owner - type: string - description: Owner/Organization - required: true - output: - victims: - title: Victims - type: '[]victim_output' - required: false - description: Victims - create_adversary: - title: Create Adversary - description: Create ThreatConnect Adversary - input: - tags: - title: Tags - type: string - description: Adversary Tags - required: false - security_label: - title: Security Label - type: string - description: Adversary Security Label - required: false - name: - title: Name - type: string - description: Adversary Name - required: true - owner: - title: Owner - type: string - description: Owner/Organization - required: true - attributes: - title: Attributes - type: '[]object' - description: Adversary Attributes - required: false - output: - id: - title: Adversary ID - type: integer - required: false - description: Adversary ID - delete_adversary: - title: Delete Adversary - description: Delete an Adversary in the ThreatConnect platform - input: - owner: - title: Owner - type: string - description: Owner/Organization - required: true - id: - title: ID - type: integer - description: Adversary To Delete - required: true - output: - status: - title: Status - type: boolean - required: false - description: Status - create_task: - title: Create Task - description: Create a Task Resource in the ThreatConnect platform - input: - name: - title: Name - type: string - description: Task Name - required: true - attributes: - title: Attributes - type: '[]object' - description: Task Attributes - required: false - tags: - title: Tags - type: string - description: Task tags comma delimited - required: false - due_date: - title: Due Date - type: date - description: Task due date - required: false - escalation_date: - title: Escalation Date - type: date - description: Task escalation date - required: false - reminder_date: - title: Reminder Date - type: date - description: Task reminder date - required: false - escalated: - title: Escalated - type: boolean - description: Use task escalation - required: false - overdue: - title: Overdue - type: boolean - description: Is task overdue - required: false - reminded: - title: Reminded - type: boolean - description: Use task Reminder - required: false - status: - title: Status - type: string - description: Task status - enum: - - In Progress - - Completed - - Waiting on Someone - - Deferred - required: false - assignee: - title: Assignee - type: string - description: Task Assignee - required: false - escalatee: - title: Escalatee - type: string - description: Task escalatee - required: false - security_label: - title: Security Label - type: string - description: Task security label - required: false - output: - id: - title: Task ID - type: integer - required: false - description: Task ID diff --git a/plugins/threat_connect/requirements.txt b/plugins/threat_connect/requirements.txt deleted file mode 100755 index 106e93ccab..0000000000 --- a/plugins/threat_connect/requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -# List third-party dependencies here, separated by newlines. -# All dependencies must be version-pinned, eg. requests==1.2.0 -# See: https://pip.pypa.io/en/stable/user_guide/#requirements-files -threatconnect==2.4.18 -requests==2.31.0 \ No newline at end of file diff --git a/plugins/threat_connect/setup.py b/plugins/threat_connect/setup.py deleted file mode 100755 index 7e2e0fd86a..0000000000 --- a/plugins/threat_connect/setup.py +++ /dev/null @@ -1,14 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from setuptools import setup, find_packages - - -setup(name="threat_connect-rapid7-plugin", - version="1.0.2", - description="ThreatConnect is a Threat Intelligence Platform (TIP) that empowers large organizations to aggregate, analyze and act on their threat intelligence. The ThreatConnect plugin for Rapid7 InsightConnect allows users to view incidents, emails, threats, victims, and more", - author="rapid7", - author_email="", - url="", - packages=find_packages(), - install_requires=['insightconnect-plugin-runtime'], # Add third-party dependencies to requirements.txt, not here! - scripts=['bin/komand_threat_connect'] - )