From fe858a6dc3437cbde98d0c1c241d540f263ee1a3 Mon Sep 17 00:00:00 2001 From: rmurray-r7 Date: Thu, 7 Nov 2024 10:20:51 +0000 Subject: [PATCH] [SOAR-18130] Orca Security - Snyk Vulnerability & SDK Bump (#2934) * Snyk vuln and sdk bumo - orca 2.0.1 * fixing help.md * space in requirements.txt --- plugins/orca_security/.CHECKSUM | 32 +- plugins/orca_security/Dockerfile | 18 +- plugins/orca_security/bin/icon_orca_security | 46 +- plugins/orca_security/help.md | 1598 +++++++++-------- .../icon_orca_security/actions/__init__.py | 30 +- .../actions/add_user/__init__.py | 2 +- .../actions/add_user/schema.py | 16 +- .../actions/delete_user/__init__.py | 2 +- .../actions/delete_user/schema.py | 16 +- .../download_malicious_file/__init__.py | 2 +- .../actions/download_malicious_file/schema.py | 20 +- .../actions/get_alert_by_id/__init__.py | 2 +- .../actions/get_alert_by_id/schema.py | 543 ++---- .../actions/get_alerts/__init__.py | 2 +- .../actions/get_alerts/schema.py | 543 ++---- .../actions/get_asset_by_id/__init__.py | 2 +- .../actions/get_asset_by_id/schema.py | 13 +- .../actions/get_assets/__init__.py | 2 +- .../actions/get_assets/schema.py | 13 +- .../actions/get_users/__init__.py | 2 +- .../actions/get_users/schema.py | 197 +- .../actions/update_alert_severity/__init__.py | 2 +- .../actions/update_alert_severity/schema.py | 79 +- .../actions/update_alert_status/__init__.py | 2 +- .../actions/update_alert_status/schema.py | 115 +- .../actions/verify_alert/__init__.py | 2 +- .../actions/verify_alert/schema.py | 16 +- .../icon_orca_security/connection/__init__.py | 2 +- .../icon_orca_security/connection/schema.py | 18 +- .../icon_orca_security/tasks/__init__.py | 2 + .../icon_orca_security/triggers/__init__.py | 4 +- .../triggers/new_alert/__init__.py | 2 +- .../triggers/new_alert/schema.py | 545 ++---- plugins/orca_security/plugin.spec.yaml | 36 +- plugins/orca_security/requirements.txt | 2 +- plugins/orca_security/setup.py | 4 +- .../orca_security/unit_test/test_add_user.py | 2 +- .../unit_test/test_delete_user.py | 2 +- .../unit_test/test_download_malicious_file.py | 2 +- .../unit_test/test_get_alert_by_id.py | 2 +- .../unit_test/test_get_alerts.py | 2 +- .../unit_test/test_get_asset_by_id.py | 2 +- .../unit_test/test_get_assets.py | 2 +- .../orca_security/unit_test/test_get_users.py | 2 +- .../orca_security/unit_test/test_new_alert.py | 3 +- .../unit_test/test_update_alert_severity.py | 2 +- .../unit_test/test_update_alert_status.py | 2 +- .../unit_test/test_verify_alert.py | 2 +- 48 files changed, 1574 insertions(+), 2383 deletions(-) mode change 100755 => 100644 plugins/orca_security/help.md create mode 100644 plugins/orca_security/icon_orca_security/tasks/__init__.py diff --git a/plugins/orca_security/.CHECKSUM b/plugins/orca_security/.CHECKSUM index 5fd2b06322..ad69426284 100644 --- a/plugins/orca_security/.CHECKSUM +++ b/plugins/orca_security/.CHECKSUM @@ -1,59 +1,59 @@ { - "spec": "46782aef3931f9a4eeaa1fce1208b4a9", - "manifest": "ad4b63850e02839049b4834728a8caf1", - "setup": "9408af5acf99548e6d4bb51ad4545466", + "spec": "2cb7c009cabb0300d82818f3621a0be9", + "manifest": "c40717b2a3b5277bdfc9e042cb445d2f", + "setup": "93400303ff4ab568b8fd6b5893288ba3", "schemas": [ { "identifier": "add_user/schema.py", - "hash": "783074a007783a348cdf7196168dfc00" + "hash": "a3b7cd2c53f712b71acad88f4bfb8b79" }, { "identifier": "delete_user/schema.py", - "hash": "a113969d6725459fecea5554c666102c" + "hash": "938cd66c33f2e6d4a71c836210f95f1e" }, { "identifier": "download_malicious_file/schema.py", - "hash": "ba87eee4b5b45d1ac2d46ec6e9907178" + "hash": "218b6c8165afbf6e2321480e43b5e5ed" }, { "identifier": "get_alert_by_id/schema.py", - "hash": "51bfec7d1278f653891c3d8f47b1ce7e" + "hash": "e45dd7f83136d80734503ae5c9367e05" }, { "identifier": "get_alerts/schema.py", - "hash": "db8f9a0edb29485200bddfeba5da5118" + "hash": "1d9bb15fee6eee037cb3ae222881c328" }, { "identifier": "get_asset_by_id/schema.py", - "hash": "0e36c4a950d6eae4b21067af6ae8afb6" + "hash": "b2b4337fa371ba8961366487c05033ce" }, { "identifier": "get_assets/schema.py", - "hash": "08450bce738e43db2a9194d964876930" + "hash": "7686f6b12accfd33fb31249ac452931c" }, { "identifier": "get_users/schema.py", - "hash": "afca518b43bdb2eb00ddde297db2903e" + "hash": "b8626de87d4e3f95ce793a0880ddd05e" }, { "identifier": "update_alert_severity/schema.py", - "hash": "f75f1d20d1c788172cdcce28f7bb3aa8" + "hash": "e5329a7ce2f892ecde67b3e135f16499" }, { "identifier": "update_alert_status/schema.py", - "hash": "2f784295607abfaad7608b5e5a63329f" + "hash": "079e2b0d030c61af2235a2ababd628e8" }, { "identifier": "verify_alert/schema.py", - "hash": "cdc5ac95e01f007ca96b51bdbb05e58e" + "hash": "ebff2295a8fa26d0780acce4968f3d99" }, { "identifier": "connection/schema.py", - "hash": "4aefb21370fa6ed0e2df9f45ce601657" + "hash": "3c3944c113d0016e2f7ac667ce07bf7d" }, { "identifier": "new_alert/schema.py", - "hash": "29920f00d7831cd3aa4d71a45c8efb5a" + "hash": "b9d92b05b3a5a317e3f2c1ac00875d0f" } ] } \ No newline at end of file diff --git a/plugins/orca_security/Dockerfile b/plugins/orca_security/Dockerfile index ae3faa0039..ea0a132d4f 100755 --- a/plugins/orca_security/Dockerfile +++ b/plugins/orca_security/Dockerfile @@ -1,26 +1,20 @@ -FROM rapid7/insightconnect-python-3-38-plugin:4 -# Refer to the following documentation for available SDK parent images: https://komand.github.io/python/sdk.html#version +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.2.0 LABEL organization=rapid7 LABEL sdk=python -# Add any custom package dependencies here -# NOTE: Add pip packages to requirements.txt - -# End package dependencies - -# Add source code WORKDIR /python/src + ADD ./plugin.spec.yaml /plugin.spec.yaml -ADD . /python/src +ADD ./requirements.txt /python/src/requirements.txt -# Install pip dependencies RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi -# Install plugin +ADD . /python/src + RUN python setup.py build && python setup.py install # User to run plugin code. The two supported users are: root, nobody USER nobody -ENTRYPOINT ["/usr/local/bin/icon_orca_security"] \ No newline at end of file +ENTRYPOINT ["/usr/local/bin/icon_orca_security"] diff --git a/plugins/orca_security/bin/icon_orca_security b/plugins/orca_security/bin/icon_orca_security index d7d1544df5..3032018b18 100755 --- a/plugins/orca_security/bin/icon_orca_security +++ b/plugins/orca_security/bin/icon_orca_security @@ -1,12 +1,12 @@ #!/usr/bin/env python -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import os import json from sys import argv Name = "Orca Security" Vendor = "rapid7" -Version = "2.0.0" +Version = "2.0.1" Description = "Orca's agentless, cloud-native security and compliance platform detects, monitors, and prioritizes the most critical cloud security risks for AWS, Azure, and Google Cloud estates" @@ -23,7 +23,7 @@ def main(): monkey.patch_all() import insightconnect_plugin_runtime - from icon_orca_security import connection, actions, triggers + from icon_orca_security import connection, actions, triggers, tasks class ICONOrcaSecurity(insightconnect_plugin_runtime.Plugin): def __init__(self): @@ -35,29 +35,29 @@ def main(): connection=connection.Connection() ) self.add_trigger(triggers.NewAlert()) - - self.add_action(actions.AddUser()) - - self.add_action(actions.DeleteUser()) - - self.add_action(actions.DownloadMaliciousFile()) - - self.add_action(actions.GetAlertById()) - - self.add_action(actions.GetAlerts()) - - self.add_action(actions.GetAssetById()) - + self.add_action(actions.GetAssets()) - - self.add_action(actions.GetUsers()) - - self.add_action(actions.UpdateAlertSeverity()) - + + self.add_action(actions.GetAssetById()) + + self.add_action(actions.GetAlerts()) + + self.add_action(actions.GetAlertById()) + self.add_action(actions.UpdateAlertStatus()) - + + self.add_action(actions.UpdateAlertSeverity()) + + self.add_action(actions.DownloadMaliciousFile()) + self.add_action(actions.VerifyAlert()) - + + self.add_action(actions.GetUsers()) + + self.add_action(actions.AddUser()) + + self.add_action(actions.DeleteUser()) + """Run plugin""" cli = insightconnect_plugin_runtime.CLI(ICONOrcaSecurity()) diff --git a/plugins/orca_security/help.md b/plugins/orca_security/help.md old mode 100755 new mode 100644 index 17e7635d0c..17a33c7cd0 --- a/plugins/orca_security/help.md +++ b/plugins/orca_security/help.md @@ -8,7 +8,7 @@ Orca's agentless, cloud-native security and compliance platform detects, monitor * Get alerts * Update alert status and severity * Initiate alert verification -* Get, add and delete users +* Get, add and delete users # Requirements @@ -23,12 +23,12 @@ Orca's agentless, cloud-native security and compliance platform detects, monitor ## Setup -The connection configuration accepts the following parameters: +The connection configuration accepts the following parameters: -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|api_token|credential_secret_key|None|True|Orca Security API Token|None|9de5069c5afe602b2ea0a04b66beb2c0| -|region|string|US|True|The region for Orca Security|['US', 'EU', 'AU']|US| +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|api_token|credential_secret_key|None|True|Orca Security API Token|None|44d88612fea8a8f36de82e1278abb02f|None|None| +|region|string|US|True|The region for Orca Security|["US", "EU", "AU"]|US|None|None| Example input: @@ -43,16 +43,61 @@ Example input: ### Actions -#### Delete User -This action is used to delete an invitation to the organization for the specified user. Administrator privileges are required to perform this action. +#### Add User + +This action is used to create an invitation to the organization for the specified user. Administrator privileges are +required to perform this action ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|delete_invite_email|string|None|True|Email address of the user for whom the invitation will be deleted|None|user@example.com| +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|all_cloud_accounts|boolean|None|True|Whether the user will have access to all cloud accounts|None|False|None|None| +|cloud_accounts|[]string|None|False|A list of cloud accounts to which the user will have access|None|["test-account"]|None|None| +|invite_user_email|string|None|True|Email address of the user for whom the invitation will be created|None|user@example.com|None|None| +|role|string|None|True|Role name or ID|None|44d88612-fea8-a8f3-6de8-2e1278abb02f|None|None| +|should_send_email|boolean|None|True|Whether the email should be sent|None|True|None|None| + +Example input: +``` +{ + "all_cloud_accounts": false, + "cloud_accounts": [ + "test-account" + ], + "invite_user_email": "user@example.com", + "role": "44d88612-fea8-a8f3-6de8-2e1278abb02f", + "should_send_email": true +} +``` + +##### Output + +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|status|string|True|Status of the action performed|success| + +Example output: + +``` +{ + "status": "success" +} +``` + +#### Delete User + +This action is used to delete an invitation to the organization for the specified user. Administrator privileges are +required to perform this action + +##### Input + +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|delete_invite_email|string|None|True|Email address of the user for whom the invitation will be deleted|None|user@example.com|None|None| + Example input: ``` @@ -63,10 +108,10 @@ Example input: ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|status|string|True|Status of the action performed| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|status|string|True|Status of the action performed|success| + Example output: ``` @@ -75,67 +120,458 @@ Example output: } ``` -#### Add User +#### Download Malicious File -This action is used to create an invitation to the organization for the specified user. Administrator privileges are required to perform this action. +This action is used to download the malicious file for the given alert ID ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|all_cloud_accounts|boolean|None|True|Whether the user will have access to all cloud accounts|None|False| -|cloud_accounts|[]string|None|False|A list of cloud accounts to which the user will have access|None|["test-account"]| -|invite_user_email|string|None|True|Email address of the user for whom the invitation will be created|None|user@example.com| -|role|string|None|True|Role name or ID|None|44d88612-fea8-a8f3-6de8-2e1278abb02f| -|should_send_email|boolean|None|True|Whether the email should be sent|None|True| +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|alert_id|string|None|True|ID of the alert for which the file will be downloaded|None|orca-111|None|None| + +Example input: + +``` +{ + "alert_id": "orca-111" +} +``` + +##### Output + +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|content|bytes|False|Content of the file|UEsDBBQAAQAIAEOc4VDdLFoEwgAAADQBAAANAAAAZWljYXJjb20yLnppcHh/TfxnimPnPKhgQN2dbxgmser+vfLMNzzE1xAxvrcMW29TW94War8gHCOQ3uAHD+InNly2Rm9lZcSEwSRaDbMgc4Er6/yC7KWSO7g4Kkb7dcHoYWfSDZt6Wjkvoc1hUy6jm2AZKg4FExQN/wS7n03sWy7VhU0CYVmsp1pmkVGqb4czd3OaAC07HmC/K9E3LO9yi9OejcZ+MJpA6zCLnUvZMr2KYjdl0s+9ENEspL/oTLErcDboDQ2DBJkKQpUsK0fRUEsBAgAAFAABAAgAQ5zhUN0sWgTCAAAANAEAAA0AAAAAAAAAAAAAAAAAAAAAAGVpY2FyY29tMi56aXBQSwUGAAAAAAEAAQA7AAAA7QAAAAAA| +|success|boolean|True|Whether the action was successful|True| + +Example output: + +``` +{ + "content": "UEsDBBQAAQAIAEOc4VDdLFoEwgAAADQBAAANAAAAZWljYXJjb20yLnppcHh/TfxnimPnPKhgQN2dbxgmser+vfLMNzzE1xAxvrcMW29TW94War8gHCOQ3uAHD+InNly2Rm9lZcSEwSRaDbMgc4Er6/yC7KWSO7g4Kkb7dcHoYWfSDZt6Wjkvoc1hUy6jm2AZKg4FExQN/wS7n03sWy7VhU0CYVmsp1pmkVGqb4czd3OaAC07HmC/K9E3LO9yi9OejcZ+MJpA6zCLnUvZMr2KYjdl0s+9ENEspL/oTLErcDboDQ2DBJkKQpUsK0fRUEsBAgAAFAABAAgAQ5zhUN0sWgTCAAAANAEAAA0AAAAAAAAAAAAAAAAAAAAAAGVpY2FyY29tMi56aXBQSwUGAAAAAAEAAQA7AAAA7QAAAAAA", + "success": true +} +``` + +#### Get Alert by ID + +This action is used to get alert information for given alert ID + +##### Input +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|alert_id|string|None|True|ID of the alert for which information will be obtained|None|orca-111|None|None| + Example input: ``` { - "all_cloud_accounts": false, - "cloud_accounts": [ - "test-account" - ], - "invite_user_email": "user@example.com", - "role": "44d88612-fea8-a8f3-6de8-2e1278abb02f", - "should_send_email": true + "alert_id": "orca-111" } ``` ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|status|string|True|Status of the action performed| +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|alert|alert|True|Information about the alert with the given ID|None| + +Example output: + +``` +{ + "alert": { + "data": { + "recommendation": "It is recommended to associate {AwsEc2Elb} Classic Load Balancer with security groups that allow inbound traffic only from authorized IP addresses, for more details follow the link https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html.", + "details": "Classic Load Balancer (ELB) provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. The load balancer {AwsEc2Elb} was discovered to be associated with a security group {AwsEc2Elb.SecurityGroups} that allows public ingress access without IP filtering (0.0.0.0/0). Load balancer configured with public access opens the application hosted behind the load balancer to attacks from malicious entities on the Internet.", + "title": "Classic Load Balancer (ELB) with public access", + "remediation_console": [ + ">1. Sign in to the AWS Management Console and open the **[EC2 console](https://console.aws.amazon.com/ec2)**.", + ">2. In the navigation pane, under **Load Balancing**, choose **Load Balancers**.", + ">3. Select the desired load balancer.", + ">4. Under **Actions** choose **Edit security groups**.", + ">5. Uncheck the boxes of the inbound permissive security groups.", + ">6. Check the boxes of a more explicit inbound security groups.", + ">7. Choose **Save**." + ] + }, + "alert_labels": [ + "mitre: discovery" + ], + "configuration": { + "user_status": "open", + "user_score": 3 + }, + "is_compliance": false, + "description": "Classic Load Balancer (ELB) with public access", + "recommendation": "It is recommended to associate 44d88612fea8a8f36de82e1278abb02f Classic Load Balancer with security groups that allow inbound traffic only from authorized IP addresses, for more details follow the link https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html.", + "type": "aws_elb_with_public_access", + "type_string": "Classic Load Balancer (ELB) with public access", + "details": "Classic Load Balancer (ELB) provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. The load balancer a51a26a188ddb415d87d7f96b3c4a128 was discovered to be associated with a security group k8s-elb-a51a26a188ddb415d87d7f96b3c4a128 that allows public ingress access without IP filtering (0.0.0.0/0). Load balancer configured with public access opens the application hosted behind the load balancer to attacks from malicious entities on the Internet.", + "state": { + "severity": "hazardous", + "last_updated": "2022-08-10T16:28:51+00:00", + "last_seen": "2022-08-07T21:06:47+00:00", + "in_verification": true, + "created_at": "2022-03-19T16:55:08+00:00", + "verification_status": "scan_initiated", + "score": 3, + "orca_score": 3, + "alert_id": "orca-111", + "high_since": "2022-08-10T16:28:51+00:00", + "status_time": "2022-08-10T16:17:43+00:00", + "status": "open" + }, + "rule_query": "AwsEc2Elb with (Scheme = 'internet-facing') and SecurityGroups with SgIpPermissions with (IpRanges containing '0.0.0.0/0' or IpRanges containing '::/0') and not egress", + "subject_type": "AwsEc2Elb", + "tags_info_list": [ + "kubernetes.io/service-name|istio-system/istio-ingressgateway", + "kubernetes.io/cluster/Omikron|owned" + ], + "is_rule": true, + "type_key": "44d88612fea8a8f36de82e1278abb02f", + "rule_id": "r27471a255e", + "asset_state": "enabled", + "asset_tags_info_list": [ + "kubernetes.io/service-name|istio-system/istio-ingressgateway", + "kubernetes.io/cluster/Omikron|owned" + ], + "category": "Network misconfigurations" + } +} +``` + +#### Get Alerts + +This action is used to get alerts that match the specified filter criteria. If no filters are given, all alerts will be + returned + +##### Input + +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|filters|object|None|False|The object containing the fields against which the alerts will be filtered|None|{"state.severity": "hazardous"}|None|None| +|limit|integer|20|False|Maximum number of alerts returned (max value: 1000)|None|20|None|None| + +Example input: + +``` +{ + "filters": { + "state.severity": "hazardous" + }, + "limit": 20 +} +``` + +##### Output +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|alerts|[]alert|False|Results containing information about alerts|None| + Example output: ``` { - "status": "success" + "alerts": [ + { + "data": { + "recommendation": "It is recommended to associate {AwsEc2Elb} Classic Load Balancer with security groups that allow inbound traffic only from authorized IP addresses, for more details follow the link https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html.", + "details": "Classic Load Balancer (ELB) provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. The load balancer {AwsEc2Elb} was discovered to be associated with a security group {AwsEc2Elb.SecurityGroups} that allows public ingress access without IP filtering (0.0.0.0/0). Load balancer configured with public access opens the application hosted behind the load balancer to attacks from malicious entities on the Internet.", + "title": "Classic Load Balancer (ELB) with public access", + "remediation_console": [ + ">1. Sign in to the AWS Management Console and open the **[EC2 console](https://console.aws.amazon.com/ec2)**.", + ">2. In the navigation pane, under **Load Balancing**, choose **Load Balancers**.", + ">3. Select the desired load balancer.", + ">4. Under **Actions** choose **Edit security groups**.", + ">5. Uncheck the boxes of the inbound permissive security groups.", + ">6. Check the boxes of a more explicit inbound security groups.", + ">7. Choose **Save**." + ] + }, + "alert_labels": [ + "mitre: discovery" + ], + "configuration": { + "user_status": "open", + "user_score": 3 + }, + "is_compliance": false, + "description": "Classic Load Balancer (ELB) with public access", + "recommendation": "It is recommended to associate 44d88612fea8a8f36de82e1278abb02f Classic Load Balancer with security groups that allow inbound traffic only from authorized IP addresses, for more details follow the link https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html.", + "type": "aws_elb_with_public_access", + "type_string": "Classic Load Balancer (ELB) with public access", + "details": "Classic Load Balancer (ELB) provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. The load balancer a51a26a188ddb415d87d7f96b3c4a128 was discovered to be associated with a security group k8s-elb-a51a26a188ddb415d87d7f96b3c4a128 that allows public ingress access without IP filtering (0.0.0.0/0). Load balancer configured with public access opens the application hosted behind the load balancer to attacks from malicious entities on the Internet.", + "state": { + "severity": "hazardous", + "last_updated": "2022-08-10T16:28:51+00:00", + "last_seen": "2022-08-07T21:06:47+00:00", + "in_verification": true, + "created_at": "2022-03-19T16:55:08+00:00", + "verification_status": "scan_initiated", + "score": 3, + "orca_score": 3, + "alert_id": "orca-001", + "high_since": "2022-08-10T16:28:51+00:00", + "status_time": "2022-08-10T16:17:43+00:00", + "status": "open" + }, + "rule_query": "AwsEc2Elb with (Scheme = 'internet-facing') and SecurityGroups with SgIpPermissions with (IpRanges containing '0.0.0.0/0' or IpRanges containing '::/0') and not egress", + "subject_type": "AwsEc2Elb", + "tags_info_list": [ + "kubernetes.io/service-name|istio-system/istio-ingressgateway", + "kubernetes.io/cluster/Omikron|owned" + ], + "is_rule": true, + "type_key": "44d88612fea8a8f36de82e1278abb02f", + "rule_id": "r27471a255e", + "asset_state": "enabled", + "asset_tags_info_list": [ + "kubernetes.io/service-name|istio-system/istio-ingressgateway", + "kubernetes.io/cluster/Omikron|owned" + ], + "category": "Network misconfigurations" + } + ] +} +``` + +#### Get Asset by ID + +This action is used to get asset information by providing asset unique ID + +##### Input + +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|asset_unique_id|string|None|True|Unique ID of the asset for which information will be obtained|None|example-asset|None|None| + +Example input: + +``` +{ + "asset_unique_id": "example-asset" +} +``` + +##### Output + +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|asset|asset|True|Information about the asset with the given unique ID|None| + +Example output: + +``` +{ + "asset": { + "group_val": "group", + "asset_type_string": "VM", + "configuration": {}, + "group_type_string": "VM", + "group_type": "asg", + "cluster_type": "asg", + "type": "vm", + "group_unique_id": "group-12345", + "tags_value_list": [ + "ECSAutoScalingGroup" + ], + "vm_asset_unique_ids": [ + "vm_12345" + ], + "cloud_account_id": "44d88612-fea8-a8f3-6de8-2e1278abb02f", + "compute": { + "distribution_name": "Amazon", + "num_cpus": 10, + "memory": 7891, + "num_vcpus_api": 2, + "regions": [ + "us-east-1" + ], + "disks": [ + { + "size": "7.87 GB", + "used": "1.35 GB" + } + ], + "private_dnss": [ + "ip-198-51-100-100.ec2.internal" + ], + "hardware_info_from_disk": 7, + "roles": [ + { + "name": "ssh", + "is_public": false, + "type": "ssh" + } + ], + "memory_api": 8192, + "regions_names": [ + "N. Virginia" + ], + "data_frameworks": [ + "cis_os_dist_indep" + ], + "cpu_type": "Intel(R) Xeon(R) Platinum 8252C CPU", + "os_bit_mode_api": 64, + "public_dnss": [ + "ec2-198-51-100-100.compute-1.amazonaws.com" + ], + "subnets": [ + "subnet-059fa51de12f0855c", + "subnet-02ad498d5134c5499" + ], + "vpcs": [ + "vpc-013b79fa8fe9a81b6" + ], + "os_bit_mode": 64, + "mac_addresses": [ + "10:DD:32:45:00:11" + ], + "public_ips": [ + "198.51.100.100" + ], + "auto_updates": "off", + "availability_zones": [ + "us-east-1a", + "us-east-1b" + ], + "iam_role": "arn:aws:iam::123:instance-profile/TestInstanceProfile-123", + "num_vcpus": 2, + "distribution_major_version": "1", + "uptime": "2022-07-24T09:55:41+00:00", + "security_groups": [ + "TestHostSecurityGroup-123" + ], + "last_update_time": "2022-05-26", + "kernel_version": "4.14.281-144.502.amzn1.x86_64 (mockbuild@koji-pdx-corp-builder-64001) (gcc version 7.2.1 20170915 (Red Hat 7.2.1-2) (GCC)) #1 SMP Thu May 26 10:34:22 UTC 2022", + "distribution_version": "2018.03 (2022.06.13)", + "private_ips": [ + "198.51.100.100" + ], + "cpu_frequency": 3800, + "cpu_frequency_api": 4500, + "total_disks_bytes": 42265006080 + }, + "internet_facing_new": false, + "asset_name": "example-asset", + "tags_key_list": [ + "aws:autoscaling:groupName" + ], + "account_name": "test-account", + "context": "data", + "asset_type": "asg", + "children_unique_ids": [ + "vm_12345" + ], + "model": { + "data": { + "AwsEc2Instance": { + "AutoScalingGroup": { + "model": { + "name": "TestAutoScalingGroup-123", + "asset_unique_id": "AwsAsg_542760197740_44d88612-fea8-a8f3-6de8-2e1278abb02f", + "id": "44d88612-fea8-a8f3-6de8-2e1278abb02f", + "type": "AwsAsg" + } + } + }, + "Vm": { + "ImageName": "amzn-ami-2018.03.20220627-amazon-ecs-optimized", + "ImageOwnerId": "591542846629", + "ImageIsPublic": "True", + "ImageId": "ami-061c737b1691cb15f", + "ImageDescription": "Amazon Linux AMI amzn-ami-2018.03.20220627 x86_64 ECS HVM GP2", + "InstanceType": "m5zn.large", + "Name": "i-041e727ac105d8bd5" + }, + "Inventory": { + "NewSubCategory": "Virtual Instances", + "DetectedCrownJewelReason": "Access: Host compromise", + "Category": "VM", + "UiUniqueField": "i-041e727ac105d8bd5", + "IsInternetFacing": false, + "NewCategory": "Compute Services", + "Name": "i-041e727ac105d8bd5", + "DetectedCrownJewelScore": 10, + "SubCategory": "VM", + "ModelTags": "{\"Category\": \"Compute\"}" + } + }, + "name": "i-041e727ac105d8bd5", + "asset_unique_id": "example-asset", + "id": "44d88612-fea8-a8f3-6de8-2e1278abb02f", + "type": "AwsEc2Instance" + }, + "state": { + "severity": "informational", + "score": 4, + "safe_since": "2022-07-31T14:03:04+00:00", + "last_seen": "2022-08-13T01:22:08+00:00", + "created_at": "2022-07-31T14:03:04+00:00", + "status_time": "2022-07-31T14:03:04+00:00", + "status": "exists" + }, + "cluster_unique_id": "12345", + "cluster_name": "test-cluster", + "create_time": "2022-07-24T09:55:31+00:00", + "tags_list": [ + { + "value": "ECSAutoScalingGroup", + "key": "aws:cloudformation:logical-id" + } + ], + "group_name": "TestAutoScalingGroup-123", + "level": 0, + "tags_info_list": [ + "aws:cloudformation:logical-id|ECSAutoScalingGroup" + ], + "cloud_provider": "aws", + "internet_facing": false, + "organization_name": "Test", + "asset_subcategory": "VM", + "cloud_vendor_id": "1234567890", + "asset_category": "VM", + "asset_state": "running", + "organization_id": "44d88612-fea8-a8f3-6de8-2e1278abb02f", + "vm": { + "image_name": "amzn-ami-2018.03.20220627-amazon-ecs-optimized", + "image_description": "Amazon Linux AMI amzn-ami-2018.03.20220627 x86_64 ECS HVM GP2", + "image_is_public": true, + "image_id": "ami-061c737b1691cb15f", + "instance_type": "m5zn.large", + "image_owner_id": "591542846629" + }, + "cloud_provider_id": "9876543210", + "asset_unique_id": "example-asset", + "num_children_unique_ids": 1 + } } ``` #### Get Assets -This action is used to get assets that match the specified filter criteria. If no inputs are given, all assets will be returned. +This action is used to get assets that match the specified filter criteria. If no inputs are given, all assets will be +returned ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|asset_labels|string|None|False|The label of the asset|None|internet_facing| -|asset_state|string|None|False|The state of the asset|None|running| -|asset_type|string|None|False|The type of the asset|None|container| -|asset_unique_id|string|None|False|Unique ID of the asset for which information will be obtained|None|example-asset-123| -|cloud_provider_id|string|None|False|ID of the cloud provider for which the assets will be returned|None|123456789| -|compute_regions|string|None|False|The region for which the assets will be returned|None|us-east-1| -|compute_vpcs|string|None|False|The virtual private cloud|None|vpc-1234567890| -|internet_facing|string|None|False|Whether asset is accessible from the internet|None|True| -|state_score|string|None|False|The score of the asset|None|4| -|state_severity|string|None|False|The severity of the asset|None|informational| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|asset_labels|string|None|False|The label of the asset|None|internet_facing|None|None| +|asset_state|string|None|False|The state of the asset|None|running|None|None| +|asset_type|string|None|False|The type of the asset|None|container|None|None| +|asset_unique_id|string|None|False|Unique ID of the asset for which information will be obtained|None|example-asset-123|None|None| +|cloud_provider_id|string|None|False|ID of the cloud provider for which the assets will be returned|None|123456789|None|None| +|compute_regions|string|None|False|The region for which the assets will be returned|None|us-east-1|None|None| +|compute_vpcs|string|None|False|The virtual private cloud|None|vpc-1234567890|None|None| +|internet_facing|string|None|False|Whether asset is accessible from the internet|None|True|None|None| +|state_score|string|None|False|The score of the asset|None|4|None|None| +|state_severity|string|None|False|The severity of the asset|None|informational|None|None| + Example input: ``` @@ -155,13 +591,13 @@ Example input: ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|assets|[]asset|False|Results containing information about assets| -|total_items|integer|True|Total number of assets| -|total_supported_items|integer|False|Total number of supported assets| -|total_ungrouped_items|integer|False|Total number of ungrouped assets| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|assets|[]asset|False|Results containing information about assets|None| +|total_items|integer|True|Total number of assets|1| +|total_supported_items|integer|False|Total number of supported assets|1000| +|total_ungrouped_items|integer|False|Total number of ungrouped assets|10| + Example output: ``` @@ -360,336 +796,58 @@ Example output: } ``` -#### Download Malicious File - -This action is used to download the malicious file for the given alert ID. - -##### Input - -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|alert_id|string|None|True|ID of the alert for which the file will be downloaded|None|orca-111| - -Example input: - -``` -{ - "alert_id": "orca-111" -} -``` - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|content|bytes|False|Content of the file| -|success|boolean|True|Whether the action was successful| - -Example output: - -``` -{ - "success": true, - "content": "UEsDBBQAAQAIAEOc4VDdLFoEwgAAADQBAAANAAAAZWljYXJjb20yLnppcHh/TfxnimPnPKhgQN2dbxgmser+vfLMNzzE1xAxvrcMW29TW94War8gHCOQ3uAHD+InNly2Rm9lZcSEwSRaDbMgc4Er6/yC7KWSO7g4Kkb7dcHoYWfSDZt6Wjkvoc1hUy6jm2AZKg4FExQN/wS7n03sWy7VhU0CYVmsp1pmkVGqb4czd3OaAC07HmC/K9E3LO9yi9OejcZ+MJpA6zCLnUvZMr2KYjdl0s+9ENEspL/oTLErcDboDQ2DBJkKQpUsK0fRUEsBAgAAFAABAAgAQ5zhUN0sWgTCAAAANAEAAA0AAAAAAAAAAAAAAAAAAAAAAGVpY2FyY29tMi56aXBQSwUGAAAAAAEAAQA7AAAA7QAAAAAA" -} -``` - #### Get Users -This action is used to get organization users information. Administrator privileges are required to perform this action. - -##### Input - -_This action does not contain any inputs._ - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|users|[]get_users_response|True|A response containing information about users| - -Example output: - -``` -{ - "users": [ - { - "id": "1111111-1111-1111-1111-11111111111", - "all_cloud_accounts": true, - "cloud_accounts": [], - "role": { - "id": "1111111-1111-1111-1111-11111111111", - "name": "Test" - }, - "user": { - "id": "1111111-1111-1111-1111-11111111111", - "email": "user@example.com", - "first_name": "User", - "last_name": "Test", - "type": "normal" - }, - "user_filters": [], - "shiftleft_projects": [] - } - ] -} -``` - -#### Verify Alert - -This action is used to initiate verification for a given alert ID to check if it is resolved. - -##### Input - -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|alert_id|string|None|True|ID of the alert that will be verified|None|orca-111| - -Example input: - -``` -``` - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|status|string|False|Current verification status| -|success|boolean|True|Whether the action was successful| - -Example output: - -``` -{ - "status": "scanning", - "success": true -} -``` - -#### Get Asset by ID - -This action is used to get asset information by providing asset unique ID. - -##### Input - -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|asset_unique_id|string|None|True|Unique ID of the asset for which information will be obtained|None|example-asset| - -Example input: - -``` -{ - "asset_unique_id": "example-asset" -} -``` - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|asset|asset|True|Information about the asset with the given unique ID| - -Example output: - -``` -{ - "asset": { - "group_val": "group", - "asset_type_string": "VM", - "configuration": {}, - "group_type_string": "VM", - "group_type": "asg", - "cluster_type": "asg", - "type": "vm", - "group_unique_id": "group-12345", - "tags_value_list": [ - "ECSAutoScalingGroup" - ], - "vm_asset_unique_ids": [ - "vm_12345" - ], - "cloud_account_id": "44d88612-fea8-a8f3-6de8-2e1278abb02f", - "compute": { - "distribution_name": "Amazon", - "num_cpus": 10, - "memory": 7891, - "num_vcpus_api": 2, - "regions": [ - "us-east-1" - ], - "disks": [ - { - "size": "7.87 GB", - "used": "1.35 GB" - } - ], - "private_dnss": [ - "ip-198-51-100-100.ec2.internal" - ], - "hardware_info_from_disk": 7, - "roles": [ - { - "name": "ssh", - "is_public": false, - "type": "ssh" - } - ], - "memory_api": 8192, - "regions_names": [ - "N. Virginia" - ], - "data_frameworks": [ - "cis_os_dist_indep" - ], - "cpu_type": "Intel(R) Xeon(R) Platinum 8252C CPU", - "os_bit_mode_api": 64, - "public_dnss": [ - "ec2-198-51-100-100.compute-1.amazonaws.com" - ], - "subnets": [ - "subnet-059fa51de12f0855c", - "subnet-02ad498d5134c5499" - ], - "vpcs": [ - "vpc-013b79fa8fe9a81b6" - ], - "os_bit_mode": 64, - "mac_addresses": [ - "10:DD:32:45:00:11" - ], - "public_ips": [ - "198.51.100.100" - ], - "auto_updates": "off", - "availability_zones": [ - "us-east-1a", - "us-east-1b" - ], - "iam_role": "arn:aws:iam::123:instance-profile/TestInstanceProfile-123", - "num_vcpus": 2, - "distribution_major_version": "1", - "uptime": "2022-07-24T09:55:41+00:00", - "security_groups": [ - "TestHostSecurityGroup-123" - ], - "last_update_time": "2022-05-26", - "kernel_version": "4.14.281-144.502.amzn1.x86_64 (mockbuild@koji-pdx-corp-builder-64001) (gcc version 7.2.1 20170915 (Red Hat 7.2.1-2) (GCC)) #1 SMP Thu May 26 10:34:22 UTC 2022", - "distribution_version": "2018.03 (2022.06.13)", - "private_ips": [ - "198.51.100.100" - ], - "cpu_frequency": 3800, - "cpu_frequency_api": 4500, - "total_disks_bytes": 42265006080 - }, - "internet_facing_new": false, - "asset_name": "example-asset", - "tags_key_list": [ - "aws:autoscaling:groupName" - ], - "account_name": "test-account", - "context": "data", - "asset_type": "asg", - "children_unique_ids": [ - "vm_12345" - ], - "model": { - "data": { - "AwsEc2Instance": { - "AutoScalingGroup": { - "model": { - "name": "TestAutoScalingGroup-123", - "asset_unique_id": "AwsAsg_542760197740_44d88612-fea8-a8f3-6de8-2e1278abb02f", - "id": "44d88612-fea8-a8f3-6de8-2e1278abb02f", - "type": "AwsAsg" - } - } - }, - "Vm": { - "ImageName": "amzn-ami-2018.03.20220627-amazon-ecs-optimized", - "ImageOwnerId": "591542846629", - "ImageIsPublic": "True", - "ImageId": "ami-061c737b1691cb15f", - "ImageDescription": "Amazon Linux AMI amzn-ami-2018.03.20220627 x86_64 ECS HVM GP2", - "InstanceType": "m5zn.large", - "Name": "i-041e727ac105d8bd5" - }, - "Inventory": { - "NewSubCategory": "Virtual Instances", - "DetectedCrownJewelReason": "Access: Host compromise", - "Category": "VM", - "UiUniqueField": "i-041e727ac105d8bd5", - "IsInternetFacing": false, - "NewCategory": "Compute Services", - "Name": "i-041e727ac105d8bd5", - "DetectedCrownJewelScore": 10, - "SubCategory": "VM", - "ModelTags": "{\"Category\": \"Compute\"}" - } +This action is used to get organization users information. Administrator privileges are required to perform this action + +##### Input + +*This action does not contain any inputs.* + +##### Output + +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|users|[]get_users_response|True|A response containing information about users|None| + +Example output: + +``` +{ + "users": [ + { + "id": "1111111-1111-1111-1111-11111111111", + "all_cloud_accounts": true, + "cloud_accounts": [], + "role": { + "id": "1111111-1111-1111-1111-11111111111", + "name": "Test" }, - "name": "i-041e727ac105d8bd5", - "asset_unique_id": "example-asset", - "id": "44d88612-fea8-a8f3-6de8-2e1278abb02f", - "type": "AwsEc2Instance" - }, - "state": { - "severity": "informational", - "score": 4, - "safe_since": "2022-07-31T14:03:04+00:00", - "last_seen": "2022-08-13T01:22:08+00:00", - "created_at": "2022-07-31T14:03:04+00:00", - "status_time": "2022-07-31T14:03:04+00:00", - "status": "exists" - }, - "cluster_unique_id": "12345", - "cluster_name": "test-cluster", - "create_time": "2022-07-24T09:55:31+00:00", - "tags_list": [ - { - "value": "ECSAutoScalingGroup", - "key": "aws:cloudformation:logical-id" - } - ], - "group_name": "TestAutoScalingGroup-123", - "level": 0, - "tags_info_list": [ - "aws:cloudformation:logical-id|ECSAutoScalingGroup" - ], - "cloud_provider": "aws", - "internet_facing": false, - "organization_name": "Test", - "asset_subcategory": "VM", - "cloud_vendor_id": "1234567890", - "asset_category": "VM", - "asset_state": "running", - "organization_id": "44d88612-fea8-a8f3-6de8-2e1278abb02f", - "vm": { - "image_name": "amzn-ami-2018.03.20220627-amazon-ecs-optimized", - "image_description": "Amazon Linux AMI amzn-ami-2018.03.20220627 x86_64 ECS HVM GP2", - "image_is_public": true, - "image_id": "ami-061c737b1691cb15f", - "instance_type": "m5zn.large", - "image_owner_id": "591542846629" - }, - "cloud_provider_id": "9876543210", - "asset_unique_id": "example-asset", - "num_children_unique_ids": 1 - } + "user": { + "id": "1111111-1111-1111-1111-11111111111", + "email": "user@example.com", + "first_name": "User", + "last_name": "Test", + "type": "normal" + }, + "user_filters": [], + "shiftleft_projects": [] + } + ] } ``` #### Update Alert Severity -This action is used to update the severity for the given alert ID. +This action is used to update the severity for the given alert ID ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|alert_id|string|None|True|ID of the alert for which the severity will be updated|None|orca-111| -|severity|string|None|True|The severity of the alert to which it will be changed|None|hazardous| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|alert_id|string|None|True|ID of the alert for which the severity will be updated|None|orca-111|None|None| +|severity|string|None|True|The severity of the alert to which it will be changed|None|hazardous|None|None| + Example input: ``` @@ -701,10 +859,10 @@ Example input: ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|response|update_alert_severity_response|False|A response with information about the update| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|response|update_alert_severity_response|False|A response with information about the update|None| + Example output: ``` @@ -726,15 +884,15 @@ Example output: #### Update Alert Status -This action is used to update the status for the given alert ID. +This action is used to update the status for the given alert ID ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|alert_id|string|None|True|ID of the alert for which the status will be updated|None|orca-111| -|status|string|None|True|The status of the alert to which it will be changed|['in_progress', 'open', 'close', 'dismiss']|close| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|alert_id|string|None|True|ID of the alert for which the status will be updated|None|orca-111|None|None| +|status|string|None|True|The status of the alert to which it will be changed|["in_progress", "open", "close", "dismiss"]|close|None|None| + Example input: ``` @@ -746,10 +904,10 @@ Example input: ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|response|update_alert_status_response|False|A response with information about the update| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|response|update_alert_status_response|False|A response with information about the update|None| + Example output: ``` @@ -772,131 +930,16 @@ Example output: } ``` -#### Get Alerts - -This action is used to get alerts that match the specified filter criteria. If no filters are given, all alerts will be returned. - -##### Input - -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|filters|object|None|False|The object containing the fields against which the alerts will be filtered|None|{"state.severity": "hazardous"}| -|limit|integer|20|False|Maximum number of alerts returned (max value: 1000)|None|20| - -Example input: - -``` -{ - "filters": { - "state.severity": "hazardous" - }, - "limit": 20 -} -``` - -``` -{ - "filters": { - "state.status": "open", - "alert_labels": "mitre: discovery" - }, - "limit": 20 -} -``` - -``` -{ - "filters": { - "data.title": "Classic Load Balancer (ELB) with public access", - "type": "aws_elb_with_public_access" - }, - "limit": 20 -} -``` - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|alerts|[]alert|False|Results containing information about alerts| - -Example output: - -``` -{ - "alerts": [ - { - "data": { - "recommendation": "It is recommended to associate {AwsEc2Elb} Classic Load Balancer with security groups that allow inbound traffic only from authorized IP addresses, for more details follow the link https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html.", - "details": "Classic Load Balancer (ELB) provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. The load balancer {AwsEc2Elb} was discovered to be associated with a security group {AwsEc2Elb.SecurityGroups} that allows public ingress access without IP filtering (0.0.0.0/0). Load balancer configured with public access opens the application hosted behind the load balancer to attacks from malicious entities on the Internet.", - "title": "Classic Load Balancer (ELB) with public access", - "remediation_console": [ - ">1. Sign in to the AWS Management Console and open the **[EC2 console](https://console.aws.amazon.com/ec2)**.", - ">2. In the navigation pane, under **Load Balancing**, choose **Load Balancers**.", - ">3. Select the desired load balancer.", - ">4. Under **Actions** choose **Edit security groups**.", - ">5. Uncheck the boxes of the inbound permissive security groups.", - ">6. Check the boxes of a more explicit inbound security groups.", - ">7. Choose **Save**." - ] - }, - "alert_labels": [ - "mitre: discovery" - ], - "configuration": { - "user_status": "open", - "user_score": 3 - }, - "is_compliance": false, - "description": "Classic Load Balancer (ELB) with public access", - "recommendation": "It is recommended to associate 44d88612fea8a8f36de82e1278abb02f Classic Load Balancer with security groups that allow inbound traffic only from authorized IP addresses, for more details follow the link https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html.", - "type": "aws_elb_with_public_access", - "type_string": "Classic Load Balancer (ELB) with public access", - "details": "Classic Load Balancer (ELB) provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. The load balancer a51a26a188ddb415d87d7f96b3c4a128 was discovered to be associated with a security group k8s-elb-a51a26a188ddb415d87d7f96b3c4a128 that allows public ingress access without IP filtering (0.0.0.0/0). Load balancer configured with public access opens the application hosted behind the load balancer to attacks from malicious entities on the Internet.", - "state": { - "severity": "hazardous", - "last_updated": "2022-08-10T16:28:51+00:00", - "last_seen": "2022-08-07T21:06:47+00:00", - "in_verification": true, - "created_at": "2022-03-19T16:55:08+00:00", - "verification_status": "scan_initiated", - "score": 3, - "orca_score": 3, - "alert_id": "orca-001", - "high_since": "2022-08-10T16:28:51+00:00", - "status_time": "2022-08-10T16:17:43+00:00", - "status": "open" - }, - "rule_query": "AwsEc2Elb with (Scheme = 'internet-facing') and SecurityGroups with SgIpPermissions with (IpRanges containing '0.0.0.0/0' or IpRanges containing '::/0') and not egress", - "subject_type": "AwsEc2Elb", - "tags_info_list": [ - "kubernetes.io/service-name|istio-system/istio-ingressgateway", - "kubernetes.io/cluster/Omikron|owned" - ], - "is_rule": true, - "type_key": "44d88612fea8a8f36de82e1278abb02f", - "rule_id": "r27471a255e", - "asset_state": "enabled", - "asset_tags_info_list": [ - "kubernetes.io/service-name|istio-system/istio-ingressgateway", - "kubernetes.io/cluster/Omikron|owned" - ], - "category": "Network misconfigurations" - } - ] -} -``` - -#### Get Alert by ID +#### Verify Alert -This action is used to get alert information for given alert ID. +This action is used to initiate verification for a given alert ID to check if it is resolved ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|alert_id|string|None|True|ID of the alert for which information will be obtained|None|orca-111| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|alert_id|string|None|True|ID of the alert that will be verified|None|orca-111|None|None| + Example input: ``` @@ -907,88 +950,33 @@ Example input: ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|alert|alert|True|Information about the alert with the given ID| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|status|string|False|Current verification status|scanning| +|success|boolean|True|Whether the action was successful|True| + Example output: ``` { - "alert": { - "data": { - "recommendation": "It is recommended to associate {AwsEc2Elb} Classic Load Balancer with security groups that allow inbound traffic only from authorized IP addresses, for more details follow the link https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html.", - "details": "Classic Load Balancer (ELB) provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. The load balancer {AwsEc2Elb} was discovered to be associated with a security group {AwsEc2Elb.SecurityGroups} that allows public ingress access without IP filtering (0.0.0.0/0). Load balancer configured with public access opens the application hosted behind the load balancer to attacks from malicious entities on the Internet.", - "title": "Classic Load Balancer (ELB) with public access", - "remediation_console": [ - ">1. Sign in to the AWS Management Console and open the **[EC2 console](https://console.aws.amazon.com/ec2)**.", - ">2. In the navigation pane, under **Load Balancing**, choose **Load Balancers**.", - ">3. Select the desired load balancer.", - ">4. Under **Actions** choose **Edit security groups**.", - ">5. Uncheck the boxes of the inbound permissive security groups.", - ">6. Check the boxes of a more explicit inbound security groups.", - ">7. Choose **Save**." - ] - }, - "alert_labels": [ - "mitre: discovery" - ], - "configuration": { - "user_status": "open", - "user_score": 3 - }, - "is_compliance": false, - "description": "Classic Load Balancer (ELB) with public access", - "recommendation": "It is recommended to associate 44d88612fea8a8f36de82e1278abb02f Classic Load Balancer with security groups that allow inbound traffic only from authorized IP addresses, for more details follow the link https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html.", - "type": "aws_elb_with_public_access", - "type_string": "Classic Load Balancer (ELB) with public access", - "details": "Classic Load Balancer (ELB) provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. The load balancer a51a26a188ddb415d87d7f96b3c4a128 was discovered to be associated with a security group k8s-elb-a51a26a188ddb415d87d7f96b3c4a128 that allows public ingress access without IP filtering (0.0.0.0/0). Load balancer configured with public access opens the application hosted behind the load balancer to attacks from malicious entities on the Internet.", - "state": { - "severity": "hazardous", - "last_updated": "2022-08-10T16:28:51+00:00", - "last_seen": "2022-08-07T21:06:47+00:00", - "in_verification": true, - "created_at": "2022-03-19T16:55:08+00:00", - "verification_status": "scan_initiated", - "score": 3, - "orca_score": 3, - "alert_id": "orca-111", - "high_since": "2022-08-10T16:28:51+00:00", - "status_time": "2022-08-10T16:17:43+00:00", - "status": "open" - }, - "rule_query": "AwsEc2Elb with (Scheme = 'internet-facing') and SecurityGroups with SgIpPermissions with (IpRanges containing '0.0.0.0/0' or IpRanges containing '::/0') and not egress", - "subject_type": "AwsEc2Elb", - "tags_info_list": [ - "kubernetes.io/service-name|istio-system/istio-ingressgateway", - "kubernetes.io/cluster/Omikron|owned" - ], - "is_rule": true, - "type_key": "44d88612fea8a8f36de82e1278abb02f", - "rule_id": "r27471a255e", - "asset_state": "enabled", - "asset_tags_info_list": [ - "kubernetes.io/service-name|istio-system/istio-ingressgateway", - "kubernetes.io/cluster/Omikron|owned" - ], - "category": "Network misconfigurations" - } + "status": "scanning", + "success": true } ``` - ### Triggers + #### New Alert -This trigger is used to indicate that a new alert has occurred. +This trigger is used to indicate that a new alert has occurred ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|filters|[]object|None|False|The list of objects containing fields against which new alerts will be filtered|None|[{"field": "state.severity", "includes": ["hazardous"]}]| -|interval|integer|60|True|Interval between next poll in seconds, default value set to 60 seconds|None|60| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|filters|[]object|None|False|The list of objects containing fields against which new alerts will be filtered|None|[{"field": "state.severity", "includes": ["hazardous"]}]|None|None| +|interval|integer|60|True|Interval between next poll in seconds, default value set to 60 seconds|None|60|None|None| + Example input: ``` @@ -1007,10 +995,10 @@ Example input: ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|alert|alert|False|Information about a new alert| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|alert|alert|False|Information about a new alert|None| + Example output: ``` @@ -1075,231 +1063,245 @@ Example output: } } ``` +### Tasks + +*This plugin does not contain any tasks.* + +### Custom Types + +**alert_data** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Details|string|None|False|Details|None| +|Headline|string|None|False|Headline|None| +|Mitre Category|string|None|False|Mitre category|None| +|More Details|[]string|None|False|More details|None| +|Recommendation|string|None|False|Recommendation|None| +|Remediation Actions|[]string|None|False|Remediation actions|None| +|Remediation CLI|[]string|None|False|Remediation CLI|None| +|Remediation Console|[]string|None|False|Remediation console|None| +|Time Series Field|string|None|False|Time series field|None| +|Title|string|None|False|Title|None| + +**configuration** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Comments Count|integer|None|False|Comments count|None| +|Jira Issue|string|None|False|Jira issue|None| +|Jira Issue Link|string|None|False|Jira issue link|None| +|Last Verified Event|string|None|False|Last verified event|None| +|Snooze Until|string|None|False|Snooze until|None| +|User Score|integer|None|False|User score|None| +|User Status|string|None|False|User status|None| + +**priv** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Alert ID|string|None|False|Alert ID|None| +|Full Scan Time|string|None|False|Full scan time|None| +|Key|string|None|False|Key|None| +|Original Score|integer|None|False|Original score|None| +|Score|integer|None|False|Score|None| + +**state** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Alert ID|string|None|False|Alert ID|None| +|Closed Reason|string|None|False|Closed reason|None| +|Created At|string|None|False|Created at|None| +|High Since|string|None|False|High since|None| +|In Verification|boolean|None|False|In verification|None| +|Last Seen|string|None|False|Last seen|None| +|Last Updated|string|None|False|Last updated|None| +|Low Since|string|None|False|Low since|None| +|Score|integer|None|False|Score|None| +|Severity|string|None|False|Severity|None| +|Status|string|None|False|Status|None| +|Status Time|string|None|False|Status time|None| +|Verification Status|string|None|False|Verification status|None| + +**alert** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Alert Labels|[]string|None|False|Alert labels|None| +|Asset Auto Updates|string|None|False|Asset auto updates|None| +|Asset Availability Zones|[]string|None|False|Asset availability zones|None| +|Asset Distribution Major Version|string|None|False|Asset distribution major version|None| +|Asset Distribution Name|string|None|False|Asset distribution name|None| +|Asset Distribution Version|string|None|False|Asset distribution version|None| +|Asset Extra Data|object|None|False|Asset extra data|None| +|Asset First Private DNSs|[]string|None|False|Asset first private DNSs|None| +|Asset First Private IPs|[]string|None|False|Asset first private IPs|None| +|Asset First Public DNSs|[]string|None|False|Asset first public DNSs|None| +|Asset First Public IPs|[]string|None|False|Asset first public IPs|None| +|Asset Image ID|string|None|False|Asset image ID|None| +|Asset Info|object|None|False|Asset info|None| +|Asset Ingress Ports|[]string|None|False|Asset ingress ports|None| +|Asset Num Private DNSs|integer|None|False|Asset num private DNSs|None| +|Asset Num Private IPs|integer|None|False|Asset num private IPs|None| +|Asset Num Public DNSs|integer|None|False|Asset num public DNSs|None| +|Asset Num Public IPs|integer|None|False|Asset Num public IPs|None| +|Asset Regions|[]string|None|False|Asset regions|None| +|Asset Regions Names|[]string|None|False|Asset regions names|None| +|Asset Role Names|[]string|None|False|Asset role names|None| +|Asset State|string|None|False|Asset state|None| +|Asset Stopped|boolean|None|False|Asset stopped|None| +|Asset Tags Info List|[]string|None|False|Asset tags info list|None| +|Asset VPCs|[]string|None|False|Asset VPCs|None| +|Category|string|None|False|Category|None| +|Configuration|configuration|None|False|Configuration|None| +|Container Image Name|string|None|False|Container image name|None| +|Container K8s Pod Namespace|string|None|False|Container K8s pod namespace|None| +|Container Service Name|string|None|False|Container service name|None| +|CVE List|[]string|None|False|CVE list|None| +|Data|alert_data|None|False|Data|None| +|Description|string|None|False|Description|None| +|Details|string|None|False|Details|None| +|Finding Schema|object|None|False|Finding schema|None| +|Git Repo Sensitive Data Rules|[]string|None|False|Git repo sensitive data rules|None| +|Git Repo Sensitive Data Tags|[]string|None|False|Git repo sensitive data tags|None| +|Is Compliance|boolean|None|False|Is compliance|None| +|Is Rule|boolean|None|False|Is rule|None| +|Num Children Unique IDs|integer|None|False|Num children unique IDs|None| +|Priv|priv|None|False|Priv|None| +|Recommendation|string|None|False|Recommendation|None| +|Rule ID|string|None|False|Rule ID|None| +|Rule Query|string|None|False|Rule query|None| +|Severity Contributing Factors|[]string|None|False|Severity contributing factors|None| +|Severity Reducing Factors|[]string|None|False|Severity reducing factors|None| +|State|state|None|False|State|None| +|Subject Type|string|None|False|Subject type|None| +|Tags Info List|[]string|None|False|Tags info list|None| +|Type|string|None|False|Type|None| +|Type Key|string|None|False|Type key|None| +|Type String|string|None|False|Type string|None| +|User Defined|boolean|None|False|User defined|None| + +**asset** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Account Name|string|None|False|Account name|None| +|Asset Category|string|None|False|Asset category|None| +|Asset Name|string|None|False|Asset name|None| +|Asset State|string|None|False|Asset state|None| +|Asset Subcategory|string|None|False|Asset subcategory|None| +|Asset Type String|string|None|False|Asset type string|None| +|Asset Unique ID|string|None|False|Asset unique ID|None| +|Asset Vendor ID|string|None|False|Asset vendor ID|None| +|Cloud Account ID|string|None|False|Cloud account ID|None| +|Cloud Provider|string|None|False|Cloud provider|None| +|Cloud Provider ID|string|None|False|Cloud provider ID|None| +|Cloud Vendor ID|string|None|False|Cloud vendor ID|None| +|Cluster Name|string|None|False|Cluster name|None| +|Configuration|object|None|False|Configuration|None| +|Group Name|string|None|False|Group name|None| +|Group Unique ID|string|None|False|Group unique ID|None| +|Group Value|string|None|False|Group value|None| +|Model|object|None|False|Model|None| +|Organization ID|string|None|False|Organization ID|None| +|Organization Name|string|None|False|Organization name|None| +|State|object|None|False|State|None| +|Type|string|None|False|Type|None| + +**update_alert_details** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Description|string|None|False|Description|None| +|From|string|None|False|From|None| +|To|string|None|False|To|None| + +**update_alert_status_response** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Alert ID|string|None|False|Alert ID|None| +|Asset Unique ID|string|None|False|Asset Unique ID|None| +|Create Time|string|None|False|Create time|None| +|Details|update_alert_details|None|False|Details|None| +|Subtype|string|None|False|Subtype|None| +|Type|string|None|False|Type|None| +|Unique ID|string|None|False|Unique ID|None| +|User Email|string|None|False|User email|None| +|User Name|string|None|False|User name|None| + +**update_severity_details** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Description|string|None|False|Description|None| +|Severity|string|None|False|Severity|None| + +**update_alert_severity_response** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Alert ID|string|None|False|Alert ID|None| +|Asset Unique ID|string|None|False|Asset unique ID|None| +|Create Time|string|None|False|Create time|None| +|Details|update_severity_details|None|False|Details|None| +|Type|string|None|False|Type|None| +|Unique ID|string|None|False|Unique ID|None| +|User Email|string|None|False|User email|None| +|User Name|string|None|False|User name|None| + +**user** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Email|string|None|False|Email|None| +|First Name|string|None|False|First name|None| +|User ID|string|None|False|User ID|None| +|Last Name|string|None|False|Last name|None| +|Type|string|None|False|User's account type|None| + +**role** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|User Role ID|string|None|False|ID of the user role|None| +|Name|string|None|False|User role name|None| + +**cloud_accounts** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|Cloud Account ID|string|None|False|ID of cloud account|None| +|Name|string|None|False|The cloud account display name|None| + +**get_users_response** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|All Cloud Accounts|boolean|None|False|All cloud accounts|None| +|Cloud Accounts|[]cloud_accounts|None|False|List of cloud accounts|None| +|User Access Role ID|string|None|False|ID of user access role|None| +|User Role Details|role|None|False|Details of the role assigned to the user|None| +|Shift left projects|[]string|None|False|List of user shift left projects|None| +|User Details|user|None|False|User object containing the details|None| +|User Filters|[]string|None|False|List of user filter IDs|None| -### Custom Output Types - -#### alert - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|Alert Labels|[]string|False|Alert labels| -|Asset Auto Updates|string|False|Asset auto updates| -|Asset Availability Zones|[]string|False|Asset availability zones| -|Asset Distribution Major Version|string|False|Asset distribution major version| -|Asset Distribution Name|string|False|Asset distribution name| -|Asset Distribution Version|string|False|Asset distribution version| -|Asset Extra Data|object|False|Asset extra data| -|Asset First Private DNSs|[]string|False|Asset first private DNSs| -|Asset First Private IPs|[]string|False|Asset first private IPs| -|Asset First Public DNSs|[]string|False|Asset first public DNSs| -|Asset First Public IPs|[]string|False|Asset first public IPs| -|Asset Image ID|string|False|Asset image ID| -|Asset Info|object|False|Asset info| -|Asset Ingress Ports|[]string|False|Asset ingress ports| -|Asset Num Private DNSs|integer|False|Asset num private DNSs| -|Asset Num Private IPs|integer|False|Asset num private IPs| -|Asset Num Public DNSs|integer|False|Asset num public DNSs| -|Asset Num Public IPs|integer|False|Asset Num public IPs| -|Asset Regions|[]string|False|Asset regions| -|Asset Regions Names|[]string|False|Asset regions names| -|Asset Role Names|[]string|False|Asset role names| -|Asset State|string|False|Asset state| -|Asset Stopped|boolean|False|Asset stopped| -|Asset Tags Info List|[]string|False|Asset tags info list| -|Asset VPCs|[]string|False|Asset VPCs| -|Category|string|False|Category| -|Configuration|configuration|False|Configuration| -|Container Image Name|string|False|Container image name| -|Container K8s Pod Namespace|string|False|Container K8s pod namespace| -|Container Service Name|string|False|Container service name| -|CVE List|[]string|False|CVE list| -|Data|alert_data|False|Data| -|Description|string|False|Description| -|Details|string|False|Details| -|Finding Schema|object|False|Finding schema| -|Git Repo Sensitive Data Rules|[]string|False|Git repo sensitive data rules| -|Git Repo Sensitive Data Tags|[]string|False|Git repo sensitive data tags| -|Is Compliance|boolean|False|Is compliance| -|Is Rule|boolean|False|Is rule| -|Num Children Unique IDs|integer|False|Num children unique IDs| -|Priv|priv|False|Priv| -|Recommendation|string|False|Recommendation| -|Rule ID|string|False|Rule ID| -|Rule Query|string|False|Rule query| -|Severity Contributing Factors|[]string|False|Severity contributing factors| -|Severity Reducing Factors|[]string|False|Severity reducing factors| -|State|state|False|State| -|Subject Type|string|False|Subject type| -|Tags Info List|[]string|False|Tags info list| -|Type|string|False|Type| -|Type Key|string|False|Type key| -|Type String|string|False|Type string| -|User Defined|boolean|False|User defined| - -#### alert_data - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|Details|string|False|Details| -|Headline|string|False|Headline| -|Mitre Category|string|False|Mitre category| -|More Details|[]string|False|More details| -|Recommendation|string|False|Recommendation| -|Remediation Actions|[]string|False|Remediation actions| -|Remediation CLI|[]string|False|Remediation CLI| -|Remediation Console|[]string|False|Remediation console| -|Time Series Field|string|False|Time series field| -|Title|string|False|Title| - -#### asset - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|Account Name|string|False|Account name| -|Asset Category|string|False|Asset category| -|Asset Name|string|False|Asset name| -|Asset State|string|False|Asset state| -|Asset Subcategory|string|False|Asset subcategory| -|Asset Type String|string|False|Asset type string| -|Asset Unique ID|string|False|Asset unique ID| -|Asset Vendor ID|string|False|Asset vendor ID| -|Cloud Account ID|string|False|Cloud account ID| -|Cloud Provider|string|False|Cloud provider| -|Cloud Provider ID|string|False|Cloud provider ID| -|Cloud Vendor ID|string|False|Cloud vendor ID| -|Cluster Name|string|False|Cluster name| -|Configuration|object|False|Configuration| -|Group Name|string|False|Group name| -|Group Unique ID|string|False|Group unique ID| -|Group Value|string|False|Group value| -|Model|object|False|Model| -|Organization ID|string|False|Organization ID| -|Organization Name|string|False|Organization name| -|State|object|False|State| -|Type|string|False|Type| - -#### configuration - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|Comments Count|integer|False|Comments count| -|Jira Issue|string|False|Jira issue| -|Jira Issue Link|string|False|Jira issue link| -|Last Verified Event|string|False|Last verified event| -|Snooze Until|string|False|Snooze until| -|User Score|integer|False|User score| -|User Status|string|False|User status| - -#### get_users_response - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|Organization Name|string|False|Organization name| -|Pending Invites|[]invitation|False|Pending invites| -|Users|[]user|False|Users| - -#### invitation - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|All Cloud Account|boolean|False|All cloud account| -|Cloud Accounts|[]string|False|Cloud accounts| -|Email|string|False|Email| -|ID|string|False|ID| -|Invite Email Sent At|string|False|Invite email sent at| -|Role|string|False|Role| - -#### priv - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|Alert ID|string|False|Alert ID| -|Full Scan Time|string|False|Full scan time| -|Key|string|False|Key| -|Original Score|integer|False|Original score| -|Score|integer|False|Score| - -#### state - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|Alert ID|string|False|Alert ID| -|Closed Reason|string|False|Closed reason| -|Created At|string|False|Created at| -|High Since|string|False|High since| -|In Verification|boolean|False|In verification| -|Last Seen|string|False|Last seen| -|Last Updated|string|False|Last updated| -|Low Since|string|False|Low since| -|Score|integer|False|Score| -|Severity|string|False|Severity| -|Status|string|False|Status| -|Status Time|string|False|Status time| -|Verification Status|string|False|Verification status| - -#### update_alert_details - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|Description|string|False|Description| -|From|string|False|From| -|To|string|False|To| - -#### update_alert_severity_response - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|Alert ID|string|False|Alert ID| -|Asset Unique ID|string|False|Asset unique ID| -|Create Time|string|False|Create time| -|Details|update_severity_details|False|Details| -|Type|string|False|Type| -|Unique ID|string|False|Unique ID| -|User Email|string|False|User email| -|User Name|string|False|User name| - -#### update_alert_status_response - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|Alert ID|string|False|Alert ID| -|Asset Unique ID|string|False|Asset Unique ID| -|Create Time|string|False|Create time| -|Details|update_alert_details|False|Details| -|Subtype|string|False|Subtype| -|Type|string|False|Type| -|Unique ID|string|False|Unique ID| -|User Email|string|False|User email| -|User Name|string|False|User name| - -#### update_severity_details - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|Description|string|False|Description| -|Severity|string|False|Severity| - -#### user - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|Email|string|False|Email| -|First Name|string|False|First name| -|Last Name|string|False|Last name| -|User ID|string|False|User ID| ## Troubleshooting - -_This plugin does not contain any troubleshooting information._ + +*This plugin does not contain a troubleshooting.* # Version History +* 2.0.1 - Bumping requirements.txt | SDK bump to 6.2.0 * 2.0.0 - Get Users: Updated the API endpoint to return an array of users * 1.0.0 - Initial plugin | Add Get Assets, Get Asset by ID, Get Alerts, Get Alert by ID, Update Alert Severity, Update Alert Status, Verify Alert, Download Malicious File, Get Users, Add User and Delete User actions | Add New Alert trigger # Links -## References - * [Orca Security](https://orca.security/) +## References + +* [Orca Security](https://orca.security/) \ No newline at end of file diff --git a/plugins/orca_security/icon_orca_security/actions/__init__.py b/plugins/orca_security/icon_orca_security/actions/__init__.py index ba7388f877..86a734c7e9 100755 --- a/plugins/orca_security/icon_orca_security/actions/__init__.py +++ b/plugins/orca_security/icon_orca_security/actions/__init__.py @@ -1,12 +1,24 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .add_user.action import AddUser -from .delete_user.action import DeleteUser -from .download_malicious_file.action import DownloadMaliciousFile -from .get_alert_by_id.action import GetAlertById -from .get_alerts.action import GetAlerts -from .get_asset_by_id.action import GetAssetById +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT + from .get_assets.action import GetAssets -from .get_users.action import GetUsers -from .update_alert_severity.action import UpdateAlertSeverity + +from .get_asset_by_id.action import GetAssetById + +from .get_alerts.action import GetAlerts + +from .get_alert_by_id.action import GetAlertById + from .update_alert_status.action import UpdateAlertStatus + +from .update_alert_severity.action import UpdateAlertSeverity + +from .download_malicious_file.action import DownloadMaliciousFile + from .verify_alert.action import VerifyAlert + +from .get_users.action import GetUsers + +from .add_user.action import AddUser + +from .delete_user.action import DeleteUser + diff --git a/plugins/orca_security/icon_orca_security/actions/add_user/__init__.py b/plugins/orca_security/icon_orca_security/actions/add_user/__init__.py index 6f4a96041f..d39dbf4dc0 100755 --- a/plugins/orca_security/icon_orca_security/actions/add_user/__init__.py +++ b/plugins/orca_security/icon_orca_security/actions/add_user/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import AddUser diff --git a/plugins/orca_security/icon_orca_security/actions/add_user/schema.py b/plugins/orca_security/icon_orca_security/actions/add_user/schema.py index 76869ff4a8..83cf2ba8f2 100755 --- a/plugins/orca_security/icon_orca_security/actions/add_user/schema.py +++ b/plugins/orca_security/icon_orca_security/actions/add_user/schema.py @@ -1,4 +1,4 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import insightconnect_plugin_runtime import json @@ -13,14 +13,14 @@ class Input: INVITE_USER_EMAIL = "invite_user_email" ROLE = "role" SHOULD_SEND_EMAIL = "should_send_email" - + class Output: STATUS = "status" - + class AddUserInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -64,7 +64,8 @@ class AddUserInput(insightconnect_plugin_runtime.Input): "invite_user_email", "role", "should_send_email" - ] + ], + "definitions": {} } """) @@ -73,7 +74,7 @@ def __init__(self): class AddUserOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -87,7 +88,8 @@ class AddUserOutput(insightconnect_plugin_runtime.Output): }, "required": [ "status" - ] + ], + "definitions": {} } """) diff --git a/plugins/orca_security/icon_orca_security/actions/delete_user/__init__.py b/plugins/orca_security/icon_orca_security/actions/delete_user/__init__.py index 4ceee31b9a..db51ffe197 100755 --- a/plugins/orca_security/icon_orca_security/actions/delete_user/__init__.py +++ b/plugins/orca_security/icon_orca_security/actions/delete_user/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import DeleteUser diff --git a/plugins/orca_security/icon_orca_security/actions/delete_user/schema.py b/plugins/orca_security/icon_orca_security/actions/delete_user/schema.py index 98a4146b81..09f5cbb81b 100755 --- a/plugins/orca_security/icon_orca_security/actions/delete_user/schema.py +++ b/plugins/orca_security/icon_orca_security/actions/delete_user/schema.py @@ -1,4 +1,4 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import insightconnect_plugin_runtime import json @@ -9,14 +9,14 @@ class Component: class Input: DELETE_INVITE_EMAIL = "delete_invite_email" - + class Output: STATUS = "status" - + class DeleteUserInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -30,7 +30,8 @@ class DeleteUserInput(insightconnect_plugin_runtime.Input): }, "required": [ "delete_invite_email" - ] + ], + "definitions": {} } """) @@ -39,7 +40,7 @@ def __init__(self): class DeleteUserOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -53,7 +54,8 @@ class DeleteUserOutput(insightconnect_plugin_runtime.Output): }, "required": [ "status" - ] + ], + "definitions": {} } """) diff --git a/plugins/orca_security/icon_orca_security/actions/download_malicious_file/__init__.py b/plugins/orca_security/icon_orca_security/actions/download_malicious_file/__init__.py index 81abe4cf07..dd88aec612 100755 --- a/plugins/orca_security/icon_orca_security/actions/download_malicious_file/__init__.py +++ b/plugins/orca_security/icon_orca_security/actions/download_malicious_file/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import DownloadMaliciousFile diff --git a/plugins/orca_security/icon_orca_security/actions/download_malicious_file/schema.py b/plugins/orca_security/icon_orca_security/actions/download_malicious_file/schema.py index 058abf73f4..1062522268 100755 --- a/plugins/orca_security/icon_orca_security/actions/download_malicious_file/schema.py +++ b/plugins/orca_security/icon_orca_security/actions/download_malicious_file/schema.py @@ -1,4 +1,4 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import insightconnect_plugin_runtime import json @@ -9,15 +9,15 @@ class Component: class Input: ALERT_ID = "alert_id" - + class Output: CONTENT = "content" SUCCESS = "success" - + class DownloadMaliciousFileInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -31,7 +31,8 @@ class DownloadMaliciousFileInput(insightconnect_plugin_runtime.Input): }, "required": [ "alert_id" - ] + ], + "definitions": {} } """) @@ -40,17 +41,17 @@ def __init__(self): class DownloadMaliciousFileOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", "properties": { "content": { "type": "string", - "title": "Content", + "format": "bytes", "displayType": "bytes", + "title": "Content", "description": "Content of the file", - "format": "bytes", "order": 2 }, "success": { @@ -62,7 +63,8 @@ class DownloadMaliciousFileOutput(insightconnect_plugin_runtime.Output): }, "required": [ "success" - ] + ], + "definitions": {} } """) diff --git a/plugins/orca_security/icon_orca_security/actions/get_alert_by_id/__init__.py b/plugins/orca_security/icon_orca_security/actions/get_alert_by_id/__init__.py index 0fb7072c5c..fc2f1093e5 100755 --- a/plugins/orca_security/icon_orca_security/actions/get_alert_by_id/__init__.py +++ b/plugins/orca_security/icon_orca_security/actions/get_alert_by_id/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import GetAlertById diff --git a/plugins/orca_security/icon_orca_security/actions/get_alert_by_id/schema.py b/plugins/orca_security/icon_orca_security/actions/get_alert_by_id/schema.py index 1a2a296e8c..c14a7d6416 100755 --- a/plugins/orca_security/icon_orca_security/actions/get_alert_by_id/schema.py +++ b/plugins/orca_security/icon_orca_security/actions/get_alert_by_id/schema.py @@ -1,4 +1,4 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import insightconnect_plugin_runtime import json @@ -9,14 +9,14 @@ class Component: class Input: ALERT_ID = "alert_id" - + class Output: ALERT = "alert" - + class GetAlertByIdInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -30,7 +30,8 @@ class GetAlertByIdInput(insightconnect_plugin_runtime.Input): }, "required": [ "alert_id" - ] + ], + "definitions": {} } """) @@ -39,7 +40,7 @@ def __init__(self): class GetAlertByIdOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -143,18 +144,18 @@ class GetAlertByIdOutput(insightconnect_plugin_runtime.Output): }, "order": 11 }, - "asset_image_id": { - "type": "string", - "title": "Asset Image ID", - "description": "Asset image ID", - "order": 13 - }, "asset_info": { "type": "object", "title": "Asset Info", "description": "Asset info", "order": 12 }, + "asset_image_id": { + "type": "string", + "title": "Asset Image ID", + "description": "Asset image ID", + "order": 13 + }, "asset_ingress_ports": { "type": "array", "title": "Asset Ingress Ports", @@ -257,18 +258,18 @@ class GetAlertByIdOutput(insightconnect_plugin_runtime.Output): "description": "Configuration", "order": 27 }, - "container_image_name": { - "type": "string", - "title": "Container Image Name", - "description": "Container image name", - "order": 29 - }, "container_k8s_pod_namespace": { "type": "string", "title": "Container K8s Pod Namespace", "description": "Container K8s pod namespace", "order": 28 }, + "container_image_name": { + "type": "string", + "title": "Container Image Name", + "description": "Container image name", + "order": 29 + }, "container_service_name": { "type": "string", "title": "Container Service Name", @@ -431,253 +432,53 @@ class GetAlertByIdOutput(insightconnect_plugin_runtime.Output): "description": "User defined", "order": 53 } - }, - "definitions": { - "alert_data": { - "type": "object", - "title": "alert_data", - "properties": { - "details": { - "type": "string", - "title": "Details", - "description": "Details", - "order": 4 - }, - "headline": { - "type": "string", - "title": "Headline", - "description": "Headline", - "order": 1 - }, - "mitre_category": { - "type": "string", - "title": "Mitre Category", - "description": "Mitre category", - "order": 3 - }, - "more_details": { - "type": "array", - "title": "More Details", - "description": "More details", - "items": { - "type": "string" - }, - "order": 2 - }, - "recommendation": { - "type": "string", - "title": "Recommendation", - "description": "Recommendation", - "order": 5 - }, - "remediation_actions": { - "type": "array", - "title": "Remediation Actions", - "description": "Remediation actions", - "items": { - "type": "string" - }, - "order": 7 - }, - "remediation_cli": { - "type": "array", - "title": "Remediation CLI", - "description": "Remediation CLI", - "items": { - "type": "string" - }, - "order": 9 - }, - "remediation_console": { - "type": "array", - "title": "Remediation Console", - "description": "Remediation console", - "items": { - "type": "string" - }, - "order": 8 - }, - "time_series_field": { - "type": "string", - "title": "Time Series Field", - "description": "Time series field", - "order": 10 - }, - "title": { - "type": "string", - "title": "Title", - "description": "Title", - "order": 6 - } - } + } + }, + "configuration": { + "type": "object", + "title": "configuration", + "properties": { + "user_status": { + "type": "string", + "title": "User Status", + "description": "User status", + "order": 1 }, - "configuration": { - "type": "object", - "title": "configuration", - "properties": { - "comments_count": { - "type": "integer", - "title": "Comments Count", - "description": "Comments count", - "order": 6 - }, - "jira_issue": { - "type": "string", - "title": "Jira Issue", - "description": "Jira issue", - "order": 4 - }, - "jira_issue_link": { - "type": "string", - "title": "Jira Issue Link", - "description": "Jira issue link", - "order": 5 - }, - "last_verified_event": { - "type": "string", - "title": "Last Verified Event", - "description": "Last verified event", - "order": 7 - }, - "snooze_until": { - "type": "string", - "title": "Snooze Until", - "description": "Snooze until", - "order": 2 - }, - "user_score": { - "type": "integer", - "title": "User Score", - "description": "User score", - "order": 3 - }, - "user_status": { - "type": "string", - "title": "User Status", - "description": "User status", - "order": 1 - } - } + "snooze_until": { + "type": "string", + "title": "Snooze Until", + "description": "Snooze until", + "order": 2 }, - "priv": { - "type": "object", - "title": "priv", - "properties": { - "alert_id": { - "type": "string", - "title": "Alert ID", - "description": "Alert ID", - "order": 5 - }, - "full_scan_time": { - "type": "string", - "title": "Full Scan Time", - "description": "Full scan time", - "order": 4 - }, - "key": { - "type": "string", - "title": "Key", - "description": "Key", - "order": 1 - }, - "orig_score": { - "type": "integer", - "title": "Original Score", - "description": "Original score", - "order": 3 - }, - "score": { - "type": "integer", - "title": "Score", - "description": "Score", - "order": 2 - } - } + "user_score": { + "type": "integer", + "title": "User Score", + "description": "User score", + "order": 3 }, - "state": { - "type": "object", - "title": "state", - "properties": { - "alert_id": { - "type": "string", - "title": "Alert ID", - "description": "Alert ID", - "order": 1 - }, - "closed_reason": { - "type": "string", - "title": "Closed Reason", - "description": "Closed reason", - "order": 12 - }, - "created_at": { - "type": "string", - "title": "Created At", - "description": "Created at", - "order": 6 - }, - "high_since": { - "type": "string", - "title": "High Since", - "description": "High since", - "order": 9 - }, - "in_verification": { - "type": "boolean", - "title": "In Verification", - "description": "In verification", - "order": 10 - }, - "last_seen": { - "type": "string", - "title": "Last Seen", - "description": "Last seen", - "order": 7 - }, - "last_updated": { - "type": "string", - "title": "Last Updated", - "description": "Last updated", - "order": 13 - }, - "low_since": { - "type": "string", - "title": "Low Since", - "description": "Low since", - "order": 8 - }, - "score": { - "type": "integer", - "title": "Score", - "description": "Score", - "order": 4 - }, - "severity": { - "type": "string", - "title": "Severity", - "description": "Severity", - "order": 5 - }, - "status": { - "type": "string", - "title": "Status", - "description": "Status", - "order": 2 - }, - "status_time": { - "type": "string", - "title": "Status Time", - "description": "Status time", - "order": 3 - }, - "verification_status": { - "type": "string", - "title": "Verification Status", - "description": "Verification status", - "order": 11 - } - } + "jira_issue": { + "type": "string", + "title": "Jira Issue", + "description": "Jira issue", + "order": 4 + }, + "jira_issue_link": { + "type": "string", + "title": "Jira Issue Link", + "description": "Jira issue link", + "order": 5 + }, + "comments_count": { + "type": "integer", + "title": "Comments Count", + "description": "Comments count", + "order": 6 + }, + "last_verified_event": { + "type": "string", + "title": "Last Verified Event", + "description": "Last verified event", + "order": 7 } } }, @@ -685,24 +486,12 @@ class GetAlertByIdOutput(insightconnect_plugin_runtime.Output): "type": "object", "title": "alert_data", "properties": { - "details": { - "type": "string", - "title": "Details", - "description": "Details", - "order": 4 - }, "headline": { "type": "string", "title": "Headline", "description": "Headline", "order": 1 }, - "mitre_category": { - "type": "string", - "title": "Mitre Category", - "description": "Mitre category", - "order": 3 - }, "more_details": { "type": "array", "title": "More Details", @@ -712,12 +501,30 @@ class GetAlertByIdOutput(insightconnect_plugin_runtime.Output): }, "order": 2 }, + "mitre_category": { + "type": "string", + "title": "Mitre Category", + "description": "Mitre category", + "order": 3 + }, + "details": { + "type": "string", + "title": "Details", + "description": "Details", + "order": 4 + }, "recommendation": { "type": "string", "title": "Recommendation", "description": "Recommendation", "order": 5 }, + "title": { + "type": "string", + "title": "Title", + "description": "Title", + "order": 6 + }, "remediation_actions": { "type": "array", "title": "Remediation Actions", @@ -727,137 +534,101 @@ class GetAlertByIdOutput(insightconnect_plugin_runtime.Output): }, "order": 7 }, - "remediation_cli": { + "remediation_console": { "type": "array", - "title": "Remediation CLI", - "description": "Remediation CLI", + "title": "Remediation Console", + "description": "Remediation console", "items": { "type": "string" }, - "order": 9 + "order": 8 }, - "remediation_console": { + "remediation_cli": { "type": "array", - "title": "Remediation Console", - "description": "Remediation console", + "title": "Remediation CLI", + "description": "Remediation CLI", "items": { "type": "string" }, - "order": 8 + "order": 9 }, "time_series_field": { "type": "string", "title": "Time Series Field", "description": "Time series field", "order": 10 - }, - "title": { - "type": "string", - "title": "Title", - "description": "Title", - "order": 6 } } }, - "configuration": { + "priv": { "type": "object", - "title": "configuration", + "title": "priv", "properties": { - "comments_count": { - "type": "integer", - "title": "Comments Count", - "description": "Comments count", - "order": 6 - }, - "jira_issue": { - "type": "string", - "title": "Jira Issue", - "description": "Jira issue", - "order": 4 - }, - "jira_issue_link": { - "type": "string", - "title": "Jira Issue Link", - "description": "Jira issue link", - "order": 5 - }, - "last_verified_event": { + "key": { "type": "string", - "title": "Last Verified Event", - "description": "Last verified event", - "order": 7 + "title": "Key", + "description": "Key", + "order": 1 }, - "snooze_until": { - "type": "string", - "title": "Snooze Until", - "description": "Snooze until", + "score": { + "type": "integer", + "title": "Score", + "description": "Score", "order": 2 }, - "user_score": { + "orig_score": { "type": "integer", - "title": "User Score", - "description": "User score", + "title": "Original Score", + "description": "Original score", "order": 3 }, - "user_status": { + "full_scan_time": { "type": "string", - "title": "User Status", - "description": "User status", - "order": 1 + "title": "Full Scan Time", + "description": "Full scan time", + "order": 4 + }, + "alert_id": { + "type": "string", + "title": "Alert ID", + "description": "Alert ID", + "order": 5 } } }, - "priv": { + "state": { "type": "object", - "title": "priv", + "title": "state", "properties": { "alert_id": { "type": "string", "title": "Alert ID", "description": "Alert ID", - "order": 5 + "order": 1 }, - "full_scan_time": { + "status": { "type": "string", - "title": "Full Scan Time", - "description": "Full scan time", - "order": 4 + "title": "Status", + "description": "Status", + "order": 2 }, - "key": { + "status_time": { "type": "string", - "title": "Key", - "description": "Key", - "order": 1 - }, - "orig_score": { - "type": "integer", - "title": "Original Score", - "description": "Original score", + "title": "Status Time", + "description": "Status time", "order": 3 }, "score": { "type": "integer", "title": "Score", "description": "Score", - "order": 2 - } - } - }, - "state": { - "type": "object", - "title": "state", - "properties": { - "alert_id": { - "type": "string", - "title": "Alert ID", - "description": "Alert ID", - "order": 1 + "order": 4 }, - "closed_reason": { + "severity": { "type": "string", - "title": "Closed Reason", - "description": "Closed reason", - "order": 12 + "title": "Severity", + "description": "Severity", + "order": 5 }, "created_at": { "type": "string", @@ -865,65 +636,47 @@ class GetAlertByIdOutput(insightconnect_plugin_runtime.Output): "description": "Created at", "order": 6 }, - "high_since": { - "type": "string", - "title": "High Since", - "description": "High since", - "order": 9 - }, - "in_verification": { - "type": "boolean", - "title": "In Verification", - "description": "In verification", - "order": 10 - }, "last_seen": { "type": "string", "title": "Last Seen", "description": "Last seen", "order": 7 }, - "last_updated": { - "type": "string", - "title": "Last Updated", - "description": "Last updated", - "order": 13 - }, "low_since": { "type": "string", "title": "Low Since", "description": "Low since", "order": 8 }, - "score": { - "type": "integer", - "title": "Score", - "description": "Score", - "order": 4 - }, - "severity": { - "type": "string", - "title": "Severity", - "description": "Severity", - "order": 5 - }, - "status": { + "high_since": { "type": "string", - "title": "Status", - "description": "Status", - "order": 2 + "title": "High Since", + "description": "High since", + "order": 9 }, - "status_time": { - "type": "string", - "title": "Status Time", - "description": "Status time", - "order": 3 + "in_verification": { + "type": "boolean", + "title": "In Verification", + "description": "In verification", + "order": 10 }, "verification_status": { "type": "string", "title": "Verification Status", "description": "Verification status", "order": 11 + }, + "closed_reason": { + "type": "string", + "title": "Closed Reason", + "description": "Closed reason", + "order": 12 + }, + "last_updated": { + "type": "string", + "title": "Last Updated", + "description": "Last updated", + "order": 13 } } } diff --git a/plugins/orca_security/icon_orca_security/actions/get_alerts/__init__.py b/plugins/orca_security/icon_orca_security/actions/get_alerts/__init__.py index 368493f6b5..bed38e8d86 100755 --- a/plugins/orca_security/icon_orca_security/actions/get_alerts/__init__.py +++ b/plugins/orca_security/icon_orca_security/actions/get_alerts/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import GetAlerts diff --git a/plugins/orca_security/icon_orca_security/actions/get_alerts/schema.py b/plugins/orca_security/icon_orca_security/actions/get_alerts/schema.py index 24e4fc34c0..ff2fcd966f 100755 --- a/plugins/orca_security/icon_orca_security/actions/get_alerts/schema.py +++ b/plugins/orca_security/icon_orca_security/actions/get_alerts/schema.py @@ -1,4 +1,4 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import insightconnect_plugin_runtime import json @@ -10,14 +10,14 @@ class Component: class Input: FILTERS = "filters" LIMIT = "limit" - + class Output: ALERTS = "alerts" - + class GetAlertsInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -35,7 +35,8 @@ class GetAlertsInput(insightconnect_plugin_runtime.Input): "default": 20, "order": 2 } - } + }, + "definitions": {} } """) @@ -44,7 +45,7 @@ def __init__(self): class GetAlertsOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -148,18 +149,18 @@ class GetAlertsOutput(insightconnect_plugin_runtime.Output): }, "order": 11 }, - "asset_image_id": { - "type": "string", - "title": "Asset Image ID", - "description": "Asset image ID", - "order": 13 - }, "asset_info": { "type": "object", "title": "Asset Info", "description": "Asset info", "order": 12 }, + "asset_image_id": { + "type": "string", + "title": "Asset Image ID", + "description": "Asset image ID", + "order": 13 + }, "asset_ingress_ports": { "type": "array", "title": "Asset Ingress Ports", @@ -262,18 +263,18 @@ class GetAlertsOutput(insightconnect_plugin_runtime.Output): "description": "Configuration", "order": 27 }, - "container_image_name": { - "type": "string", - "title": "Container Image Name", - "description": "Container image name", - "order": 29 - }, "container_k8s_pod_namespace": { "type": "string", "title": "Container K8s Pod Namespace", "description": "Container K8s pod namespace", "order": 28 }, + "container_image_name": { + "type": "string", + "title": "Container Image Name", + "description": "Container image name", + "order": 29 + }, "container_service_name": { "type": "string", "title": "Container Service Name", @@ -436,253 +437,53 @@ class GetAlertsOutput(insightconnect_plugin_runtime.Output): "description": "User defined", "order": 53 } - }, - "definitions": { - "alert_data": { - "type": "object", - "title": "alert_data", - "properties": { - "details": { - "type": "string", - "title": "Details", - "description": "Details", - "order": 4 - }, - "headline": { - "type": "string", - "title": "Headline", - "description": "Headline", - "order": 1 - }, - "mitre_category": { - "type": "string", - "title": "Mitre Category", - "description": "Mitre category", - "order": 3 - }, - "more_details": { - "type": "array", - "title": "More Details", - "description": "More details", - "items": { - "type": "string" - }, - "order": 2 - }, - "recommendation": { - "type": "string", - "title": "Recommendation", - "description": "Recommendation", - "order": 5 - }, - "remediation_actions": { - "type": "array", - "title": "Remediation Actions", - "description": "Remediation actions", - "items": { - "type": "string" - }, - "order": 7 - }, - "remediation_cli": { - "type": "array", - "title": "Remediation CLI", - "description": "Remediation CLI", - "items": { - "type": "string" - }, - "order": 9 - }, - "remediation_console": { - "type": "array", - "title": "Remediation Console", - "description": "Remediation console", - "items": { - "type": "string" - }, - "order": 8 - }, - "time_series_field": { - "type": "string", - "title": "Time Series Field", - "description": "Time series field", - "order": 10 - }, - "title": { - "type": "string", - "title": "Title", - "description": "Title", - "order": 6 - } - } + } + }, + "configuration": { + "type": "object", + "title": "configuration", + "properties": { + "user_status": { + "type": "string", + "title": "User Status", + "description": "User status", + "order": 1 }, - "configuration": { - "type": "object", - "title": "configuration", - "properties": { - "comments_count": { - "type": "integer", - "title": "Comments Count", - "description": "Comments count", - "order": 6 - }, - "jira_issue": { - "type": "string", - "title": "Jira Issue", - "description": "Jira issue", - "order": 4 - }, - "jira_issue_link": { - "type": "string", - "title": "Jira Issue Link", - "description": "Jira issue link", - "order": 5 - }, - "last_verified_event": { - "type": "string", - "title": "Last Verified Event", - "description": "Last verified event", - "order": 7 - }, - "snooze_until": { - "type": "string", - "title": "Snooze Until", - "description": "Snooze until", - "order": 2 - }, - "user_score": { - "type": "integer", - "title": "User Score", - "description": "User score", - "order": 3 - }, - "user_status": { - "type": "string", - "title": "User Status", - "description": "User status", - "order": 1 - } - } + "snooze_until": { + "type": "string", + "title": "Snooze Until", + "description": "Snooze until", + "order": 2 }, - "priv": { - "type": "object", - "title": "priv", - "properties": { - "alert_id": { - "type": "string", - "title": "Alert ID", - "description": "Alert ID", - "order": 5 - }, - "full_scan_time": { - "type": "string", - "title": "Full Scan Time", - "description": "Full scan time", - "order": 4 - }, - "key": { - "type": "string", - "title": "Key", - "description": "Key", - "order": 1 - }, - "orig_score": { - "type": "integer", - "title": "Original Score", - "description": "Original score", - "order": 3 - }, - "score": { - "type": "integer", - "title": "Score", - "description": "Score", - "order": 2 - } - } + "user_score": { + "type": "integer", + "title": "User Score", + "description": "User score", + "order": 3 }, - "state": { - "type": "object", - "title": "state", - "properties": { - "alert_id": { - "type": "string", - "title": "Alert ID", - "description": "Alert ID", - "order": 1 - }, - "closed_reason": { - "type": "string", - "title": "Closed Reason", - "description": "Closed reason", - "order": 12 - }, - "created_at": { - "type": "string", - "title": "Created At", - "description": "Created at", - "order": 6 - }, - "high_since": { - "type": "string", - "title": "High Since", - "description": "High since", - "order": 9 - }, - "in_verification": { - "type": "boolean", - "title": "In Verification", - "description": "In verification", - "order": 10 - }, - "last_seen": { - "type": "string", - "title": "Last Seen", - "description": "Last seen", - "order": 7 - }, - "last_updated": { - "type": "string", - "title": "Last Updated", - "description": "Last updated", - "order": 13 - }, - "low_since": { - "type": "string", - "title": "Low Since", - "description": "Low since", - "order": 8 - }, - "score": { - "type": "integer", - "title": "Score", - "description": "Score", - "order": 4 - }, - "severity": { - "type": "string", - "title": "Severity", - "description": "Severity", - "order": 5 - }, - "status": { - "type": "string", - "title": "Status", - "description": "Status", - "order": 2 - }, - "status_time": { - "type": "string", - "title": "Status Time", - "description": "Status time", - "order": 3 - }, - "verification_status": { - "type": "string", - "title": "Verification Status", - "description": "Verification status", - "order": 11 - } - } + "jira_issue": { + "type": "string", + "title": "Jira Issue", + "description": "Jira issue", + "order": 4 + }, + "jira_issue_link": { + "type": "string", + "title": "Jira Issue Link", + "description": "Jira issue link", + "order": 5 + }, + "comments_count": { + "type": "integer", + "title": "Comments Count", + "description": "Comments count", + "order": 6 + }, + "last_verified_event": { + "type": "string", + "title": "Last Verified Event", + "description": "Last verified event", + "order": 7 } } }, @@ -690,24 +491,12 @@ class GetAlertsOutput(insightconnect_plugin_runtime.Output): "type": "object", "title": "alert_data", "properties": { - "details": { - "type": "string", - "title": "Details", - "description": "Details", - "order": 4 - }, "headline": { "type": "string", "title": "Headline", "description": "Headline", "order": 1 }, - "mitre_category": { - "type": "string", - "title": "Mitre Category", - "description": "Mitre category", - "order": 3 - }, "more_details": { "type": "array", "title": "More Details", @@ -717,12 +506,30 @@ class GetAlertsOutput(insightconnect_plugin_runtime.Output): }, "order": 2 }, + "mitre_category": { + "type": "string", + "title": "Mitre Category", + "description": "Mitre category", + "order": 3 + }, + "details": { + "type": "string", + "title": "Details", + "description": "Details", + "order": 4 + }, "recommendation": { "type": "string", "title": "Recommendation", "description": "Recommendation", "order": 5 }, + "title": { + "type": "string", + "title": "Title", + "description": "Title", + "order": 6 + }, "remediation_actions": { "type": "array", "title": "Remediation Actions", @@ -732,137 +539,101 @@ class GetAlertsOutput(insightconnect_plugin_runtime.Output): }, "order": 7 }, - "remediation_cli": { + "remediation_console": { "type": "array", - "title": "Remediation CLI", - "description": "Remediation CLI", + "title": "Remediation Console", + "description": "Remediation console", "items": { "type": "string" }, - "order": 9 + "order": 8 }, - "remediation_console": { + "remediation_cli": { "type": "array", - "title": "Remediation Console", - "description": "Remediation console", + "title": "Remediation CLI", + "description": "Remediation CLI", "items": { "type": "string" }, - "order": 8 + "order": 9 }, "time_series_field": { "type": "string", "title": "Time Series Field", "description": "Time series field", "order": 10 - }, - "title": { - "type": "string", - "title": "Title", - "description": "Title", - "order": 6 } } }, - "configuration": { + "priv": { "type": "object", - "title": "configuration", + "title": "priv", "properties": { - "comments_count": { - "type": "integer", - "title": "Comments Count", - "description": "Comments count", - "order": 6 - }, - "jira_issue": { - "type": "string", - "title": "Jira Issue", - "description": "Jira issue", - "order": 4 - }, - "jira_issue_link": { - "type": "string", - "title": "Jira Issue Link", - "description": "Jira issue link", - "order": 5 - }, - "last_verified_event": { + "key": { "type": "string", - "title": "Last Verified Event", - "description": "Last verified event", - "order": 7 + "title": "Key", + "description": "Key", + "order": 1 }, - "snooze_until": { - "type": "string", - "title": "Snooze Until", - "description": "Snooze until", + "score": { + "type": "integer", + "title": "Score", + "description": "Score", "order": 2 }, - "user_score": { + "orig_score": { "type": "integer", - "title": "User Score", - "description": "User score", + "title": "Original Score", + "description": "Original score", "order": 3 }, - "user_status": { + "full_scan_time": { "type": "string", - "title": "User Status", - "description": "User status", - "order": 1 + "title": "Full Scan Time", + "description": "Full scan time", + "order": 4 + }, + "alert_id": { + "type": "string", + "title": "Alert ID", + "description": "Alert ID", + "order": 5 } } }, - "priv": { + "state": { "type": "object", - "title": "priv", + "title": "state", "properties": { "alert_id": { "type": "string", "title": "Alert ID", "description": "Alert ID", - "order": 5 + "order": 1 }, - "full_scan_time": { + "status": { "type": "string", - "title": "Full Scan Time", - "description": "Full scan time", - "order": 4 + "title": "Status", + "description": "Status", + "order": 2 }, - "key": { + "status_time": { "type": "string", - "title": "Key", - "description": "Key", - "order": 1 - }, - "orig_score": { - "type": "integer", - "title": "Original Score", - "description": "Original score", + "title": "Status Time", + "description": "Status time", "order": 3 }, "score": { "type": "integer", "title": "Score", "description": "Score", - "order": 2 - } - } - }, - "state": { - "type": "object", - "title": "state", - "properties": { - "alert_id": { - "type": "string", - "title": "Alert ID", - "description": "Alert ID", - "order": 1 + "order": 4 }, - "closed_reason": { + "severity": { "type": "string", - "title": "Closed Reason", - "description": "Closed reason", - "order": 12 + "title": "Severity", + "description": "Severity", + "order": 5 }, "created_at": { "type": "string", @@ -870,65 +641,47 @@ class GetAlertsOutput(insightconnect_plugin_runtime.Output): "description": "Created at", "order": 6 }, - "high_since": { - "type": "string", - "title": "High Since", - "description": "High since", - "order": 9 - }, - "in_verification": { - "type": "boolean", - "title": "In Verification", - "description": "In verification", - "order": 10 - }, "last_seen": { "type": "string", "title": "Last Seen", "description": "Last seen", "order": 7 }, - "last_updated": { - "type": "string", - "title": "Last Updated", - "description": "Last updated", - "order": 13 - }, "low_since": { "type": "string", "title": "Low Since", "description": "Low since", "order": 8 }, - "score": { - "type": "integer", - "title": "Score", - "description": "Score", - "order": 4 - }, - "severity": { - "type": "string", - "title": "Severity", - "description": "Severity", - "order": 5 - }, - "status": { + "high_since": { "type": "string", - "title": "Status", - "description": "Status", - "order": 2 + "title": "High Since", + "description": "High since", + "order": 9 }, - "status_time": { - "type": "string", - "title": "Status Time", - "description": "Status time", - "order": 3 + "in_verification": { + "type": "boolean", + "title": "In Verification", + "description": "In verification", + "order": 10 }, "verification_status": { "type": "string", "title": "Verification Status", "description": "Verification status", "order": 11 + }, + "closed_reason": { + "type": "string", + "title": "Closed Reason", + "description": "Closed reason", + "order": 12 + }, + "last_updated": { + "type": "string", + "title": "Last Updated", + "description": "Last updated", + "order": 13 } } } diff --git a/plugins/orca_security/icon_orca_security/actions/get_asset_by_id/__init__.py b/plugins/orca_security/icon_orca_security/actions/get_asset_by_id/__init__.py index 19fde6acce..a612a3ac4e 100755 --- a/plugins/orca_security/icon_orca_security/actions/get_asset_by_id/__init__.py +++ b/plugins/orca_security/icon_orca_security/actions/get_asset_by_id/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import GetAssetById diff --git a/plugins/orca_security/icon_orca_security/actions/get_asset_by_id/schema.py b/plugins/orca_security/icon_orca_security/actions/get_asset_by_id/schema.py index 1fb562675f..b2537d8c6c 100755 --- a/plugins/orca_security/icon_orca_security/actions/get_asset_by_id/schema.py +++ b/plugins/orca_security/icon_orca_security/actions/get_asset_by_id/schema.py @@ -1,4 +1,4 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import insightconnect_plugin_runtime import json @@ -9,14 +9,14 @@ class Component: class Input: ASSET_UNIQUE_ID = "asset_unique_id" - + class Output: ASSET = "asset" - + class GetAssetByIdInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -30,7 +30,8 @@ class GetAssetByIdInput(insightconnect_plugin_runtime.Input): }, "required": [ "asset_unique_id" - ] + ], + "definitions": {} } """) @@ -39,7 +40,7 @@ def __init__(self): class GetAssetByIdOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", diff --git a/plugins/orca_security/icon_orca_security/actions/get_assets/__init__.py b/plugins/orca_security/icon_orca_security/actions/get_assets/__init__.py index 8b5c5e344d..4010410ac7 100755 --- a/plugins/orca_security/icon_orca_security/actions/get_assets/__init__.py +++ b/plugins/orca_security/icon_orca_security/actions/get_assets/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import GetAssets diff --git a/plugins/orca_security/icon_orca_security/actions/get_assets/schema.py b/plugins/orca_security/icon_orca_security/actions/get_assets/schema.py index bb6b7e4131..a3d4f7b686 100755 --- a/plugins/orca_security/icon_orca_security/actions/get_assets/schema.py +++ b/plugins/orca_security/icon_orca_security/actions/get_assets/schema.py @@ -1,4 +1,4 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import insightconnect_plugin_runtime import json @@ -18,17 +18,17 @@ class Input: INTERNET_FACING = "internet_facing" STATE_SCORE = "state_score" STATE_SEVERITY = "state_severity" - + class Output: ASSETS = "assets" TOTAL_ITEMS = "total_items" TOTAL_SUPPORTED_ITEMS = "total_supported_items" TOTAL_UNGROUPED_ITEMS = "total_ungrouped_items" - + class GetAssetsInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -93,7 +93,8 @@ class GetAssetsInput(insightconnect_plugin_runtime.Input): "description": "The severity of the asset", "order": 10 } - } + }, + "definitions": {} } """) @@ -102,7 +103,7 @@ def __init__(self): class GetAssetsOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", diff --git a/plugins/orca_security/icon_orca_security/actions/get_users/__init__.py b/plugins/orca_security/icon_orca_security/actions/get_users/__init__.py index 6b7bc16ead..979bdfa684 100755 --- a/plugins/orca_security/icon_orca_security/actions/get_users/__init__.py +++ b/plugins/orca_security/icon_orca_security/actions/get_users/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import GetUsers diff --git a/plugins/orca_security/icon_orca_security/actions/get_users/schema.py b/plugins/orca_security/icon_orca_security/actions/get_users/schema.py index 74a7f0551e..c2934f299f 100755 --- a/plugins/orca_security/icon_orca_security/actions/get_users/schema.py +++ b/plugins/orca_security/icon_orca_security/actions/get_users/schema.py @@ -1,4 +1,4 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import insightconnect_plugin_runtime import json @@ -10,12 +10,13 @@ class Component: class Input: pass + class Output: USERS = "users" - + class GetUsersInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" + schema = json.loads(r""" {} """) @@ -24,7 +25,7 @@ def __init__(self): class GetUsersOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -43,28 +44,22 @@ class GetUsersOutput(insightconnect_plugin_runtime.Output): "users" ], "definitions": { - "cloud_accounts": { + "get_users_response": { "type": "object", - "title": "cloud_accounts", + "title": "get_users_response", "properties": { "id": { "type": "string", - "title": "Cloud Account ID", - "description": "ID of cloud account", + "title": "User Access Role ID", + "description": "ID of user access role", "order": 1 }, - "name": { - "type": "string", - "title": "Name", - "description": "The cloud account display name", + "user": { + "$ref": "#/definitions/user", + "title": "User Details", + "description": "User object containing the details", "order": 2 - } - } - }, - "get_users_response": { - "type": "object", - "title": "get_users_response", - "properties": { + }, "all_cloud_accounts": { "type": "boolean", "title": "All Cloud Accounts", @@ -80,33 +75,12 @@ class GetUsersOutput(insightconnect_plugin_runtime.Output): }, "order": 4 }, - "id": { - "type": "string", - "title": "User Access Role ID", - "description": "ID of user access role", - "order": 1 - }, "role": { "$ref": "#/definitions/role", "title": "User Role Details", "description": "Details of the role assigned to the user", "order": 5 }, - "shiftleft_projects": { - "type": "array", - "title": "Shift left projects", - "description": "List of user shift left projects", - "items": { - "type": "string" - }, - "order": 7 - }, - "user": { - "$ref": "#/definitions/user", - "title": "User Details", - "description": "User object containing the details", - "order": 2 - }, "user_filters": { "type": "array", "title": "User Filters", @@ -115,105 +89,28 @@ class GetUsersOutput(insightconnect_plugin_runtime.Output): "type": "string" }, "order": 6 - } - }, - "definitions": { - "cloud_accounts": { - "type": "object", - "title": "cloud_accounts", - "properties": { - "id": { - "type": "string", - "title": "Cloud Account ID", - "description": "ID of cloud account", - "order": 1 - }, - "name": { - "type": "string", - "title": "Name", - "description": "The cloud account display name", - "order": 2 - } - } - }, - "role": { - "type": "object", - "title": "role", - "properties": { - "id": { - "type": "string", - "title": "User Role ID", - "description": "ID of the user role", - "order": 1 - }, - "name": { - "type": "string", - "title": "Name", - "description": "User role name", - "order": 2 - } - } }, - "user": { - "type": "object", - "title": "user", - "properties": { - "email": { - "type": "string", - "title": "Email", - "description": "Email", - "order": 2 - }, - "first_name": { - "type": "string", - "title": "First Name", - "description": "First name", - "order": 3 - }, - "id": { - "type": "string", - "title": "User ID", - "description": "User ID", - "order": 1 - }, - "last_name": { - "type": "string", - "title": "Last Name", - "description": "Last name", - "order": 4 - }, - "type": { - "type": "string", - "title": "Type", - "description": "User's account type", - "order": 5 - } - } + "shiftleft_projects": { + "type": "array", + "title": "Shift left projects", + "description": "List of user shift left projects", + "items": { + "type": "string" + }, + "order": 7 } } }, - "role": { + "user": { "type": "object", - "title": "role", + "title": "user", "properties": { "id": { "type": "string", - "title": "User Role ID", - "description": "ID of the user role", + "title": "User ID", + "description": "User ID", "order": 1 }, - "name": { - "type": "string", - "title": "Name", - "description": "User role name", - "order": 2 - } - } - }, - "user": { - "type": "object", - "title": "user", - "properties": { "email": { "type": "string", "title": "Email", @@ -226,12 +123,6 @@ class GetUsersOutput(insightconnect_plugin_runtime.Output): "description": "First name", "order": 3 }, - "id": { - "type": "string", - "title": "User ID", - "description": "User ID", - "order": 1 - }, "last_name": { "type": "string", "title": "Last Name", @@ -245,6 +136,42 @@ class GetUsersOutput(insightconnect_plugin_runtime.Output): "order": 5 } } + }, + "cloud_accounts": { + "type": "object", + "title": "cloud_accounts", + "properties": { + "id": { + "type": "string", + "title": "Cloud Account ID", + "description": "ID of cloud account", + "order": 1 + }, + "name": { + "type": "string", + "title": "Name", + "description": "The cloud account display name", + "order": 2 + } + } + }, + "role": { + "type": "object", + "title": "role", + "properties": { + "id": { + "type": "string", + "title": "User Role ID", + "description": "ID of the user role", + "order": 1 + }, + "name": { + "type": "string", + "title": "Name", + "description": "User role name", + "order": 2 + } + } } } } diff --git a/plugins/orca_security/icon_orca_security/actions/update_alert_severity/__init__.py b/plugins/orca_security/icon_orca_security/actions/update_alert_severity/__init__.py index 35ef373156..d053f61f15 100755 --- a/plugins/orca_security/icon_orca_security/actions/update_alert_severity/__init__.py +++ b/plugins/orca_security/icon_orca_security/actions/update_alert_severity/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import UpdateAlertSeverity diff --git a/plugins/orca_security/icon_orca_security/actions/update_alert_severity/schema.py b/plugins/orca_security/icon_orca_security/actions/update_alert_severity/schema.py index 1df168921d..07c1ff0dd7 100755 --- a/plugins/orca_security/icon_orca_security/actions/update_alert_severity/schema.py +++ b/plugins/orca_security/icon_orca_security/actions/update_alert_severity/schema.py @@ -1,4 +1,4 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import insightconnect_plugin_runtime import json @@ -10,14 +10,14 @@ class Component: class Input: ALERT_ID = "alert_id" SEVERITY = "severity" - + class Output: RESPONSE = "response" - + class UpdateAlertSeverityInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -38,7 +38,8 @@ class UpdateAlertSeverityInput(insightconnect_plugin_runtime.Input): "required": [ "alert_id", "severity" - ] + ], + "definitions": {} } """) @@ -47,7 +48,7 @@ def __init__(self): class UpdateAlertSeverityOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -64,6 +65,24 @@ class UpdateAlertSeverityOutput(insightconnect_plugin_runtime.Output): "type": "object", "title": "update_alert_severity_response", "properties": { + "unique_id": { + "type": "string", + "title": "Unique ID", + "description": "Unique ID", + "order": 1 + }, + "user_email": { + "type": "string", + "title": "User Email", + "description": "User email", + "order": 2 + }, + "user_name": { + "type": "string", + "title": "User Name", + "description": "User name", + "order": 3 + }, "alert_id": { "type": "string", "title": "Alert ID", @@ -82,55 +101,17 @@ class UpdateAlertSeverityOutput(insightconnect_plugin_runtime.Output): "description": "Create time", "order": 6 }, - "details": { - "$ref": "#/definitions/update_severity_details", - "title": "Details", - "description": "Details", - "order": 8 - }, "type": { "type": "string", "title": "Type", "description": "Type", "order": 7 }, - "unique_id": { - "type": "string", - "title": "Unique ID", - "description": "Unique ID", - "order": 1 - }, - "user_email": { - "type": "string", - "title": "User Email", - "description": "User email", - "order": 2 - }, - "user_name": { - "type": "string", - "title": "User Name", - "description": "User name", - "order": 3 - } - }, - "definitions": { - "update_severity_details": { - "type": "object", - "title": "update_severity_details", - "properties": { - "description": { - "type": "string", - "title": "Description", - "description": "Description", - "order": 1 - }, - "severity": { - "type": "string", - "title": "Severity", - "description": "Severity", - "order": 2 - } - } + "details": { + "$ref": "#/definitions/update_severity_details", + "title": "Details", + "description": "Details", + "order": 8 } } }, diff --git a/plugins/orca_security/icon_orca_security/actions/update_alert_status/__init__.py b/plugins/orca_security/icon_orca_security/actions/update_alert_status/__init__.py index 741f2c4c5c..8daea92f09 100755 --- a/plugins/orca_security/icon_orca_security/actions/update_alert_status/__init__.py +++ b/plugins/orca_security/icon_orca_security/actions/update_alert_status/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import UpdateAlertStatus diff --git a/plugins/orca_security/icon_orca_security/actions/update_alert_status/schema.py b/plugins/orca_security/icon_orca_security/actions/update_alert_status/schema.py index 65240458db..b9c01c1db1 100755 --- a/plugins/orca_security/icon_orca_security/actions/update_alert_status/schema.py +++ b/plugins/orca_security/icon_orca_security/actions/update_alert_status/schema.py @@ -1,4 +1,4 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import insightconnect_plugin_runtime import json @@ -10,14 +10,14 @@ class Component: class Input: ALERT_ID = "alert_id" STATUS = "status" - + class Output: RESPONSE = "response" - + class UpdateAlertStatusInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -44,7 +44,8 @@ class UpdateAlertStatusInput(insightconnect_plugin_runtime.Input): "required": [ "alert_id", "status" - ] + ], + "definitions": {} } """) @@ -53,7 +54,7 @@ def __init__(self): class UpdateAlertStatusOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -66,34 +67,28 @@ class UpdateAlertStatusOutput(insightconnect_plugin_runtime.Output): } }, "definitions": { - "update_alert_details": { + "update_alert_status_response": { "type": "object", - "title": "update_alert_details", + "title": "update_alert_status_response", "properties": { - "description": { + "unique_id": { "type": "string", - "title": "Description", - "description": "Description", + "title": "Unique ID", + "description": "Unique ID", "order": 1 }, - "from": { + "user_email": { "type": "string", - "title": "From", - "description": "From", + "title": "User Email", + "description": "User email", "order": 2 }, - "to": { + "user_name": { "type": "string", - "title": "To", - "description": "To", + "title": "User Name", + "description": "User name", "order": 3 - } - } - }, - "update_alert_status_response": { - "type": "object", - "title": "update_alert_status_response", - "properties": { + }, "alert_id": { "type": "string", "title": "Alert ID", @@ -112,11 +107,11 @@ class UpdateAlertStatusOutput(insightconnect_plugin_runtime.Output): "description": "Create time", "order": 6 }, - "details": { - "$ref": "#/definitions/update_alert_details", - "title": "Details", - "description": "Details", - "order": 9 + "type": { + "type": "string", + "title": "Type", + "description": "Type", + "order": 7 }, "sub_type": { "type": "string", @@ -124,56 +119,36 @@ class UpdateAlertStatusOutput(insightconnect_plugin_runtime.Output): "description": "Subtype", "order": 8 }, - "type": { - "type": "string", - "title": "Type", - "description": "Type", - "order": 7 - }, - "unique_id": { + "details": { + "$ref": "#/definitions/update_alert_details", + "title": "Details", + "description": "Details", + "order": 9 + } + } + }, + "update_alert_details": { + "type": "object", + "title": "update_alert_details", + "properties": { + "description": { "type": "string", - "title": "Unique ID", - "description": "Unique ID", + "title": "Description", + "description": "Description", "order": 1 }, - "user_email": { + "from": { "type": "string", - "title": "User Email", - "description": "User email", + "title": "From", + "description": "From", "order": 2 }, - "user_name": { + "to": { "type": "string", - "title": "User Name", - "description": "User name", + "title": "To", + "description": "To", "order": 3 } - }, - "definitions": { - "update_alert_details": { - "type": "object", - "title": "update_alert_details", - "properties": { - "description": { - "type": "string", - "title": "Description", - "description": "Description", - "order": 1 - }, - "from": { - "type": "string", - "title": "From", - "description": "From", - "order": 2 - }, - "to": { - "type": "string", - "title": "To", - "description": "To", - "order": 3 - } - } - } } } } diff --git a/plugins/orca_security/icon_orca_security/actions/verify_alert/__init__.py b/plugins/orca_security/icon_orca_security/actions/verify_alert/__init__.py index 660899d78d..2d28696dc1 100755 --- a/plugins/orca_security/icon_orca_security/actions/verify_alert/__init__.py +++ b/plugins/orca_security/icon_orca_security/actions/verify_alert/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import VerifyAlert diff --git a/plugins/orca_security/icon_orca_security/actions/verify_alert/schema.py b/plugins/orca_security/icon_orca_security/actions/verify_alert/schema.py index c02cd040cd..f25f629838 100755 --- a/plugins/orca_security/icon_orca_security/actions/verify_alert/schema.py +++ b/plugins/orca_security/icon_orca_security/actions/verify_alert/schema.py @@ -1,4 +1,4 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import insightconnect_plugin_runtime import json @@ -9,15 +9,15 @@ class Component: class Input: ALERT_ID = "alert_id" - + class Output: STATUS = "status" SUCCESS = "success" - + class VerifyAlertInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -31,7 +31,8 @@ class VerifyAlertInput(insightconnect_plugin_runtime.Input): }, "required": [ "alert_id" - ] + ], + "definitions": {} } """) @@ -40,7 +41,7 @@ def __init__(self): class VerifyAlertOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -60,7 +61,8 @@ class VerifyAlertOutput(insightconnect_plugin_runtime.Output): }, "required": [ "success" - ] + ], + "definitions": {} } """) diff --git a/plugins/orca_security/icon_orca_security/connection/__init__.py b/plugins/orca_security/icon_orca_security/connection/__init__.py index a515dcf6b0..c78d3356be 100755 --- a/plugins/orca_security/icon_orca_security/connection/__init__.py +++ b/plugins/orca_security/icon_orca_security/connection/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .connection import Connection diff --git a/plugins/orca_security/icon_orca_security/connection/schema.py b/plugins/orca_security/icon_orca_security/connection/schema.py index 4b3024bf46..bbc1bc30fa 100755 --- a/plugins/orca_security/icon_orca_security/connection/schema.py +++ b/plugins/orca_security/icon_orca_security/connection/schema.py @@ -1,4 +1,4 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import insightconnect_plugin_runtime import json @@ -6,10 +6,10 @@ class Input: API_TOKEN = "api_token" REGION = "region" - + class ConnectionSchema(insightconnect_plugin_runtime.Input): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -43,18 +43,18 @@ class ConnectionSchema(insightconnect_plugin_runtime.Input): "type": "object", "title": "Credential: Secret Key", "description": "A shared secret key", + "required": [ + "secretKey" + ], "properties": { "secretKey": { "type": "string", "title": "Secret Key", - "displayType": "password", "description": "The shared secret key", - "format": "password" + "format": "password", + "displayType": "password" } - }, - "required": [ - "secretKey" - ] + } } } } diff --git a/plugins/orca_security/icon_orca_security/tasks/__init__.py b/plugins/orca_security/icon_orca_security/tasks/__init__.py new file mode 100644 index 0000000000..7020c9a4ad --- /dev/null +++ b/plugins/orca_security/icon_orca_security/tasks/__init__.py @@ -0,0 +1,2 @@ +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT + diff --git a/plugins/orca_security/icon_orca_security/triggers/__init__.py b/plugins/orca_security/icon_orca_security/triggers/__init__.py index 9fb0d5a464..ff8715769e 100755 --- a/plugins/orca_security/icon_orca_security/triggers/__init__.py +++ b/plugins/orca_security/icon_orca_security/triggers/__init__.py @@ -1,2 +1,4 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT + from .new_alert.trigger import NewAlert + diff --git a/plugins/orca_security/icon_orca_security/triggers/new_alert/__init__.py b/plugins/orca_security/icon_orca_security/triggers/new_alert/__init__.py index 8d0f48bfdb..11039ee746 100755 --- a/plugins/orca_security/icon_orca_security/triggers/new_alert/__init__.py +++ b/plugins/orca_security/icon_orca_security/triggers/new_alert/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .trigger import NewAlert diff --git a/plugins/orca_security/icon_orca_security/triggers/new_alert/schema.py b/plugins/orca_security/icon_orca_security/triggers/new_alert/schema.py index 6715dd0dc7..c0fa993f19 100755 --- a/plugins/orca_security/icon_orca_security/triggers/new_alert/schema.py +++ b/plugins/orca_security/icon_orca_security/triggers/new_alert/schema.py @@ -1,4 +1,4 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import insightconnect_plugin_runtime import json @@ -8,18 +8,16 @@ class Component: class Input: - FILTERS = "filters" INTERVAL = "interval" - + class Output: - ALERT = "alert" - + class NewAlertInput(insightconnect_plugin_runtime.Input): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -43,7 +41,8 @@ class NewAlertInput(insightconnect_plugin_runtime.Input): }, "required": [ "interval" - ] + ], + "definitions": {} } """) @@ -52,7 +51,7 @@ def __init__(self): class NewAlertOutput(insightconnect_plugin_runtime.Output): - schema = json.loads(""" + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -153,18 +152,18 @@ class NewAlertOutput(insightconnect_plugin_runtime.Output): }, "order": 11 }, - "asset_image_id": { - "type": "string", - "title": "Asset Image ID", - "description": "Asset image ID", - "order": 13 - }, "asset_info": { "type": "object", "title": "Asset Info", "description": "Asset info", "order": 12 }, + "asset_image_id": { + "type": "string", + "title": "Asset Image ID", + "description": "Asset image ID", + "order": 13 + }, "asset_ingress_ports": { "type": "array", "title": "Asset Ingress Ports", @@ -267,18 +266,18 @@ class NewAlertOutput(insightconnect_plugin_runtime.Output): "description": "Configuration", "order": 27 }, - "container_image_name": { - "type": "string", - "title": "Container Image Name", - "description": "Container image name", - "order": 29 - }, "container_k8s_pod_namespace": { "type": "string", "title": "Container K8s Pod Namespace", "description": "Container K8s pod namespace", "order": 28 }, + "container_image_name": { + "type": "string", + "title": "Container Image Name", + "description": "Container image name", + "order": 29 + }, "container_service_name": { "type": "string", "title": "Container Service Name", @@ -441,253 +440,53 @@ class NewAlertOutput(insightconnect_plugin_runtime.Output): "description": "User defined", "order": 53 } - }, - "definitions": { - "alert_data": { - "type": "object", - "title": "alert_data", - "properties": { - "details": { - "type": "string", - "title": "Details", - "description": "Details", - "order": 4 - }, - "headline": { - "type": "string", - "title": "Headline", - "description": "Headline", - "order": 1 - }, - "mitre_category": { - "type": "string", - "title": "Mitre Category", - "description": "Mitre category", - "order": 3 - }, - "more_details": { - "type": "array", - "title": "More Details", - "description": "More details", - "items": { - "type": "string" - }, - "order": 2 - }, - "recommendation": { - "type": "string", - "title": "Recommendation", - "description": "Recommendation", - "order": 5 - }, - "remediation_actions": { - "type": "array", - "title": "Remediation Actions", - "description": "Remediation actions", - "items": { - "type": "string" - }, - "order": 7 - }, - "remediation_cli": { - "type": "array", - "title": "Remediation CLI", - "description": "Remediation CLI", - "items": { - "type": "string" - }, - "order": 9 - }, - "remediation_console": { - "type": "array", - "title": "Remediation Console", - "description": "Remediation console", - "items": { - "type": "string" - }, - "order": 8 - }, - "time_series_field": { - "type": "string", - "title": "Time Series Field", - "description": "Time series field", - "order": 10 - }, - "title": { - "type": "string", - "title": "Title", - "description": "Title", - "order": 6 - } - } + } + }, + "configuration": { + "type": "object", + "title": "configuration", + "properties": { + "user_status": { + "type": "string", + "title": "User Status", + "description": "User status", + "order": 1 }, - "configuration": { - "type": "object", - "title": "configuration", - "properties": { - "comments_count": { - "type": "integer", - "title": "Comments Count", - "description": "Comments count", - "order": 6 - }, - "jira_issue": { - "type": "string", - "title": "Jira Issue", - "description": "Jira issue", - "order": 4 - }, - "jira_issue_link": { - "type": "string", - "title": "Jira Issue Link", - "description": "Jira issue link", - "order": 5 - }, - "last_verified_event": { - "type": "string", - "title": "Last Verified Event", - "description": "Last verified event", - "order": 7 - }, - "snooze_until": { - "type": "string", - "title": "Snooze Until", - "description": "Snooze until", - "order": 2 - }, - "user_score": { - "type": "integer", - "title": "User Score", - "description": "User score", - "order": 3 - }, - "user_status": { - "type": "string", - "title": "User Status", - "description": "User status", - "order": 1 - } - } + "snooze_until": { + "type": "string", + "title": "Snooze Until", + "description": "Snooze until", + "order": 2 }, - "priv": { - "type": "object", - "title": "priv", - "properties": { - "alert_id": { - "type": "string", - "title": "Alert ID", - "description": "Alert ID", - "order": 5 - }, - "full_scan_time": { - "type": "string", - "title": "Full Scan Time", - "description": "Full scan time", - "order": 4 - }, - "key": { - "type": "string", - "title": "Key", - "description": "Key", - "order": 1 - }, - "orig_score": { - "type": "integer", - "title": "Original Score", - "description": "Original score", - "order": 3 - }, - "score": { - "type": "integer", - "title": "Score", - "description": "Score", - "order": 2 - } - } + "user_score": { + "type": "integer", + "title": "User Score", + "description": "User score", + "order": 3 }, - "state": { - "type": "object", - "title": "state", - "properties": { - "alert_id": { - "type": "string", - "title": "Alert ID", - "description": "Alert ID", - "order": 1 - }, - "closed_reason": { - "type": "string", - "title": "Closed Reason", - "description": "Closed reason", - "order": 12 - }, - "created_at": { - "type": "string", - "title": "Created At", - "description": "Created at", - "order": 6 - }, - "high_since": { - "type": "string", - "title": "High Since", - "description": "High since", - "order": 9 - }, - "in_verification": { - "type": "boolean", - "title": "In Verification", - "description": "In verification", - "order": 10 - }, - "last_seen": { - "type": "string", - "title": "Last Seen", - "description": "Last seen", - "order": 7 - }, - "last_updated": { - "type": "string", - "title": "Last Updated", - "description": "Last updated", - "order": 13 - }, - "low_since": { - "type": "string", - "title": "Low Since", - "description": "Low since", - "order": 8 - }, - "score": { - "type": "integer", - "title": "Score", - "description": "Score", - "order": 4 - }, - "severity": { - "type": "string", - "title": "Severity", - "description": "Severity", - "order": 5 - }, - "status": { - "type": "string", - "title": "Status", - "description": "Status", - "order": 2 - }, - "status_time": { - "type": "string", - "title": "Status Time", - "description": "Status time", - "order": 3 - }, - "verification_status": { - "type": "string", - "title": "Verification Status", - "description": "Verification status", - "order": 11 - } - } + "jira_issue": { + "type": "string", + "title": "Jira Issue", + "description": "Jira issue", + "order": 4 + }, + "jira_issue_link": { + "type": "string", + "title": "Jira Issue Link", + "description": "Jira issue link", + "order": 5 + }, + "comments_count": { + "type": "integer", + "title": "Comments Count", + "description": "Comments count", + "order": 6 + }, + "last_verified_event": { + "type": "string", + "title": "Last Verified Event", + "description": "Last verified event", + "order": 7 } } }, @@ -695,24 +494,12 @@ class NewAlertOutput(insightconnect_plugin_runtime.Output): "type": "object", "title": "alert_data", "properties": { - "details": { - "type": "string", - "title": "Details", - "description": "Details", - "order": 4 - }, "headline": { "type": "string", "title": "Headline", "description": "Headline", "order": 1 }, - "mitre_category": { - "type": "string", - "title": "Mitre Category", - "description": "Mitre category", - "order": 3 - }, "more_details": { "type": "array", "title": "More Details", @@ -722,12 +509,30 @@ class NewAlertOutput(insightconnect_plugin_runtime.Output): }, "order": 2 }, + "mitre_category": { + "type": "string", + "title": "Mitre Category", + "description": "Mitre category", + "order": 3 + }, + "details": { + "type": "string", + "title": "Details", + "description": "Details", + "order": 4 + }, "recommendation": { "type": "string", "title": "Recommendation", "description": "Recommendation", "order": 5 }, + "title": { + "type": "string", + "title": "Title", + "description": "Title", + "order": 6 + }, "remediation_actions": { "type": "array", "title": "Remediation Actions", @@ -737,137 +542,101 @@ class NewAlertOutput(insightconnect_plugin_runtime.Output): }, "order": 7 }, - "remediation_cli": { + "remediation_console": { "type": "array", - "title": "Remediation CLI", - "description": "Remediation CLI", + "title": "Remediation Console", + "description": "Remediation console", "items": { "type": "string" }, - "order": 9 + "order": 8 }, - "remediation_console": { + "remediation_cli": { "type": "array", - "title": "Remediation Console", - "description": "Remediation console", + "title": "Remediation CLI", + "description": "Remediation CLI", "items": { "type": "string" }, - "order": 8 + "order": 9 }, "time_series_field": { "type": "string", "title": "Time Series Field", "description": "Time series field", "order": 10 - }, - "title": { - "type": "string", - "title": "Title", - "description": "Title", - "order": 6 } } }, - "configuration": { + "priv": { "type": "object", - "title": "configuration", + "title": "priv", "properties": { - "comments_count": { - "type": "integer", - "title": "Comments Count", - "description": "Comments count", - "order": 6 - }, - "jira_issue": { - "type": "string", - "title": "Jira Issue", - "description": "Jira issue", - "order": 4 - }, - "jira_issue_link": { - "type": "string", - "title": "Jira Issue Link", - "description": "Jira issue link", - "order": 5 - }, - "last_verified_event": { + "key": { "type": "string", - "title": "Last Verified Event", - "description": "Last verified event", - "order": 7 + "title": "Key", + "description": "Key", + "order": 1 }, - "snooze_until": { - "type": "string", - "title": "Snooze Until", - "description": "Snooze until", + "score": { + "type": "integer", + "title": "Score", + "description": "Score", "order": 2 }, - "user_score": { + "orig_score": { "type": "integer", - "title": "User Score", - "description": "User score", + "title": "Original Score", + "description": "Original score", "order": 3 }, - "user_status": { + "full_scan_time": { "type": "string", - "title": "User Status", - "description": "User status", - "order": 1 + "title": "Full Scan Time", + "description": "Full scan time", + "order": 4 + }, + "alert_id": { + "type": "string", + "title": "Alert ID", + "description": "Alert ID", + "order": 5 } } }, - "priv": { + "state": { "type": "object", - "title": "priv", + "title": "state", "properties": { "alert_id": { "type": "string", "title": "Alert ID", "description": "Alert ID", - "order": 5 + "order": 1 }, - "full_scan_time": { + "status": { "type": "string", - "title": "Full Scan Time", - "description": "Full scan time", - "order": 4 + "title": "Status", + "description": "Status", + "order": 2 }, - "key": { + "status_time": { "type": "string", - "title": "Key", - "description": "Key", - "order": 1 - }, - "orig_score": { - "type": "integer", - "title": "Original Score", - "description": "Original score", + "title": "Status Time", + "description": "Status time", "order": 3 }, "score": { "type": "integer", "title": "Score", "description": "Score", - "order": 2 - } - } - }, - "state": { - "type": "object", - "title": "state", - "properties": { - "alert_id": { - "type": "string", - "title": "Alert ID", - "description": "Alert ID", - "order": 1 + "order": 4 }, - "closed_reason": { + "severity": { "type": "string", - "title": "Closed Reason", - "description": "Closed reason", - "order": 12 + "title": "Severity", + "description": "Severity", + "order": 5 }, "created_at": { "type": "string", @@ -875,65 +644,47 @@ class NewAlertOutput(insightconnect_plugin_runtime.Output): "description": "Created at", "order": 6 }, - "high_since": { - "type": "string", - "title": "High Since", - "description": "High since", - "order": 9 - }, - "in_verification": { - "type": "boolean", - "title": "In Verification", - "description": "In verification", - "order": 10 - }, "last_seen": { "type": "string", "title": "Last Seen", "description": "Last seen", "order": 7 }, - "last_updated": { - "type": "string", - "title": "Last Updated", - "description": "Last updated", - "order": 13 - }, "low_since": { "type": "string", "title": "Low Since", "description": "Low since", "order": 8 }, - "score": { - "type": "integer", - "title": "Score", - "description": "Score", - "order": 4 - }, - "severity": { - "type": "string", - "title": "Severity", - "description": "Severity", - "order": 5 - }, - "status": { + "high_since": { "type": "string", - "title": "Status", - "description": "Status", - "order": 2 + "title": "High Since", + "description": "High since", + "order": 9 }, - "status_time": { - "type": "string", - "title": "Status Time", - "description": "Status time", - "order": 3 + "in_verification": { + "type": "boolean", + "title": "In Verification", + "description": "In verification", + "order": 10 }, "verification_status": { "type": "string", "title": "Verification Status", "description": "Verification status", "order": 11 + }, + "closed_reason": { + "type": "string", + "title": "Closed Reason", + "description": "Closed reason", + "order": 12 + }, + "last_updated": { + "type": "string", + "title": "Last Updated", + "description": "Last updated", + "order": 13 } } } diff --git a/plugins/orca_security/plugin.spec.yaml b/plugins/orca_security/plugin.spec.yaml index 5c58560573..584ef877fd 100644 --- a/plugins/orca_security/plugin.spec.yaml +++ b/plugins/orca_security/plugin.spec.yaml @@ -4,22 +4,43 @@ products: [insightconnect] name: orca_security title: "Orca Security" description: Orca's agentless, cloud-native security and compliance platform detects, monitors, and prioritizes the most critical cloud security risks for AWS, Azure, and Google Cloud estates -version: 2.0.0 +version: 2.0.1 +connection_version: 2 supported_versions: ["Orca Security API 2022-08-15"] vendor: rapid7 support: rapid7 status: [] cloud_ready: true +sdk: + type: full + version: 6.2.0 + user: nobody resources: source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/orca_security license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE vendor_url: https://orca.security tags: ["orca", "security"] -hub_tags: +hub_tags: use_cases: [threat_detection_and_response, alerting_and_notifications] keywords: [orca, security, cloud_enabled] features: [] - +links: + - "[Orca Security](https://orca.security/)" +references: + - "[Orca Security](https://orca.security/)" +requirements: + - "Orca Security API Token generated using [this instruction](https://docs.orcasecurity.io/docs/create-a-token-for-api-usage)" + - "Administrator privileges to use Get Users, Add User and Delete User actions" +key_features: + - "Get assets" + - "Get alerts" + - "Update alert status and severity" + - "Initiate alert verification" + - "Get, add and delete users" +version_history: + - "2.0.1 - Bumping requirements.txt | SDK bump to 6.2.0" + - "2.0.0 - Get Users: Updated the API endpoint to return an array of users" + - "1.0.0 - Initial plugin | Add Get Assets, Get Asset by ID, Get Alerts, Get Alert by ID, Update Alert Severity, Update Alert Status, Verify Alert, Download Malicious File, Get Users, Add User and Delete User actions | Add New Alert trigger" types: alert_data: headline: @@ -895,16 +916,19 @@ actions: description: Total number of assets type: integer required: true + example: 1 total_ungrouped_items: title: Total Ungrouped Items description: Total number of ungrouped assets type: integer required: false + example: 10 total_supported_items: title: Total Supported Items description: Total number of supported assets type: integer required: false + example: 1000 get_asset_by_id: title: Get Asset by ID description: Get asset information by providing asset unique ID @@ -1025,11 +1049,13 @@ actions: description: Whether the action was successful type: boolean required: true + example: true content: title: Content description: Content of the file type: bytes required: false + example: UEsDBBQAAQAIAEOc4VDdLFoEwgAAADQBAAANAAAAZWljYXJjb20yLnppcHh/TfxnimPnPKhgQN2dbxgmser+vfLMNzzE1xAxvrcMW29TW94War8gHCOQ3uAHD+InNly2Rm9lZcSEwSRaDbMgc4Er6/yC7KWSO7g4Kkb7dcHoYWfSDZt6Wjkvoc1hUy6jm2AZKg4FExQN/wS7n03sWy7VhU0CYVmsp1pmkVGqb4czd3OaAC07HmC/K9E3LO9yi9OejcZ+MJpA6zCLnUvZMr2KYjdl0s+9ENEspL/oTLErcDboDQ2DBJkKQpUsK0fRUEsBAgAAFAABAAgAQ5zhUN0sWgTCAAAANAEAAA0AAAAAAAAAAAAAAAAAAAAAAGVpY2FyY29tMi56aXBQSwUGAAAAAAEAAQA7AAAA7QAAAAAA verify_alert: title: Verify Alert description: Initiate verification for a given alert ID to check if it is resolved @@ -1046,11 +1072,13 @@ actions: description: Whether the action was successful type: boolean required: true + example: true status: title: Status description: Current verification status type: string required: false + example: scanning get_users: title: Get Users description: Get organization users information. Administrator privileges are required to perform this action @@ -1100,6 +1128,7 @@ actions: description: Status of the action performed type: string required: true + example: success delete_user: title: Delete User description: Delete an invitation to the organization for the specified user. Administrator privileges are required to perform this action @@ -1116,3 +1145,4 @@ actions: description: Status of the action performed type: string required: true + example: success diff --git a/plugins/orca_security/requirements.txt b/plugins/orca_security/requirements.txt index 44c5e9a3c6..fae4c99d05 100755 --- a/plugins/orca_security/requirements.txt +++ b/plugins/orca_security/requirements.txt @@ -3,4 +3,4 @@ # See: https://pip.pypa.io/en/stable/user_guide/#requirements-files parameterized==0.8.1 timeout-decorator==0.5.0 -validators==0.20.0 \ No newline at end of file +validators==0.34.0 diff --git a/plugins/orca_security/setup.py b/plugins/orca_security/setup.py index fc27a15293..fdcdc88686 100755 --- a/plugins/orca_security/setup.py +++ b/plugins/orca_security/setup.py @@ -1,9 +1,9 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from setuptools import setup, find_packages setup(name="orca_security-rapid7-plugin", - version="2.0.0", + version="2.0.1", description="Orca's agentless, cloud-native security and compliance platform detects, monitors, and prioritizes the most critical cloud security risks for AWS, Azure, and Google Cloud estates", author="rapid7", author_email="", diff --git a/plugins/orca_security/unit_test/test_add_user.py b/plugins/orca_security/unit_test/test_add_user.py index 997665e18d..81ecab28c2 100644 --- a/plugins/orca_security/unit_test/test_add_user.py +++ b/plugins/orca_security/unit_test/test_add_user.py @@ -6,7 +6,7 @@ from unittest import TestCase from icon_orca_security.actions.add_user import AddUser from icon_orca_security.actions.add_user.schema import Input -from unit_test.util import Util +from util import Util from unittest.mock import patch from parameterized import parameterized from insightconnect_plugin_runtime.exceptions import PluginException diff --git a/plugins/orca_security/unit_test/test_delete_user.py b/plugins/orca_security/unit_test/test_delete_user.py index 9602ff9fe5..b62d1e70d9 100644 --- a/plugins/orca_security/unit_test/test_delete_user.py +++ b/plugins/orca_security/unit_test/test_delete_user.py @@ -6,7 +6,7 @@ from unittest import TestCase from icon_orca_security.actions.delete_user import DeleteUser from icon_orca_security.actions.delete_user.schema import Input -from unit_test.util import Util +from util import Util from unittest.mock import patch from parameterized import parameterized from insightconnect_plugin_runtime.exceptions import PluginException diff --git a/plugins/orca_security/unit_test/test_download_malicious_file.py b/plugins/orca_security/unit_test/test_download_malicious_file.py index f5c5d1ee20..f163348966 100644 --- a/plugins/orca_security/unit_test/test_download_malicious_file.py +++ b/plugins/orca_security/unit_test/test_download_malicious_file.py @@ -6,7 +6,7 @@ from unittest import TestCase from icon_orca_security.actions.download_malicious_file import DownloadMaliciousFile from icon_orca_security.actions.download_malicious_file.schema import Input -from unit_test.util import Util +from util import Util from unittest.mock import patch from parameterized import parameterized from insightconnect_plugin_runtime.exceptions import PluginException diff --git a/plugins/orca_security/unit_test/test_get_alert_by_id.py b/plugins/orca_security/unit_test/test_get_alert_by_id.py index 46b82285f1..6becc053e1 100644 --- a/plugins/orca_security/unit_test/test_get_alert_by_id.py +++ b/plugins/orca_security/unit_test/test_get_alert_by_id.py @@ -6,7 +6,7 @@ from unittest import TestCase from icon_orca_security.actions.get_alert_by_id import GetAlertById from icon_orca_security.actions.get_alert_by_id.schema import Input -from unit_test.util import Util +from util import Util from unittest.mock import patch from parameterized import parameterized from insightconnect_plugin_runtime.exceptions import PluginException diff --git a/plugins/orca_security/unit_test/test_get_alerts.py b/plugins/orca_security/unit_test/test_get_alerts.py index f042d4a9be..3ddfd25f9e 100644 --- a/plugins/orca_security/unit_test/test_get_alerts.py +++ b/plugins/orca_security/unit_test/test_get_alerts.py @@ -6,7 +6,7 @@ from unittest import TestCase from icon_orca_security.actions.get_alerts import GetAlerts from icon_orca_security.actions.get_alerts.schema import Input -from unit_test.util import Util +from util import Util from unittest.mock import patch from parameterized import parameterized from insightconnect_plugin_runtime.exceptions import PluginException diff --git a/plugins/orca_security/unit_test/test_get_asset_by_id.py b/plugins/orca_security/unit_test/test_get_asset_by_id.py index ca60001c24..12d13594c8 100644 --- a/plugins/orca_security/unit_test/test_get_asset_by_id.py +++ b/plugins/orca_security/unit_test/test_get_asset_by_id.py @@ -6,7 +6,7 @@ from unittest import TestCase from icon_orca_security.actions.get_asset_by_id import GetAssetById from icon_orca_security.actions.get_asset_by_id.schema import Input -from unit_test.util import Util +from util import Util from unittest.mock import patch from parameterized import parameterized from insightconnect_plugin_runtime.exceptions import PluginException diff --git a/plugins/orca_security/unit_test/test_get_assets.py b/plugins/orca_security/unit_test/test_get_assets.py index 9ba7600a93..c36dbbce07 100644 --- a/plugins/orca_security/unit_test/test_get_assets.py +++ b/plugins/orca_security/unit_test/test_get_assets.py @@ -6,7 +6,7 @@ from unittest import TestCase from icon_orca_security.actions.get_assets import GetAssets from icon_orca_security.actions.get_assets.schema import Input -from unit_test.util import Util +from util import Util from unittest.mock import patch from parameterized import parameterized from insightconnect_plugin_runtime.exceptions import PluginException diff --git a/plugins/orca_security/unit_test/test_get_users.py b/plugins/orca_security/unit_test/test_get_users.py index 87932db95a..5228f74a9c 100644 --- a/plugins/orca_security/unit_test/test_get_users.py +++ b/plugins/orca_security/unit_test/test_get_users.py @@ -5,7 +5,7 @@ from unittest import TestCase from icon_orca_security.actions.get_users import GetUsers -from unit_test.util import Util +from util import Util from unittest.mock import patch from parameterized import parameterized diff --git a/plugins/orca_security/unit_test/test_new_alert.py b/plugins/orca_security/unit_test/test_new_alert.py index d6b1094f27..8f36a3ed14 100644 --- a/plugins/orca_security/unit_test/test_new_alert.py +++ b/plugins/orca_security/unit_test/test_new_alert.py @@ -7,9 +7,8 @@ from unittest import TestCase from icon_orca_security.triggers.new_alert import NewAlert from icon_orca_security.triggers.new_alert.schema import Input -from unit_test.util import Util +from util import Util from unittest.mock import patch -from parameterized import parameterized from insightconnect_plugin_runtime.exceptions import PluginException from typing import Callable, Optional diff --git a/plugins/orca_security/unit_test/test_update_alert_severity.py b/plugins/orca_security/unit_test/test_update_alert_severity.py index 78d6497108..3c83339cc7 100644 --- a/plugins/orca_security/unit_test/test_update_alert_severity.py +++ b/plugins/orca_security/unit_test/test_update_alert_severity.py @@ -6,7 +6,7 @@ from unittest import TestCase from icon_orca_security.actions.update_alert_severity import UpdateAlertSeverity from icon_orca_security.actions.update_alert_severity.schema import Input -from unit_test.util import Util +from util import Util from unittest.mock import patch from parameterized import parameterized from insightconnect_plugin_runtime.exceptions import PluginException diff --git a/plugins/orca_security/unit_test/test_update_alert_status.py b/plugins/orca_security/unit_test/test_update_alert_status.py index 66a3b85b57..07d9081733 100644 --- a/plugins/orca_security/unit_test/test_update_alert_status.py +++ b/plugins/orca_security/unit_test/test_update_alert_status.py @@ -6,7 +6,7 @@ from unittest import TestCase from icon_orca_security.actions.update_alert_status import UpdateAlertStatus from icon_orca_security.actions.update_alert_status.schema import Input -from unit_test.util import Util +from util import Util from unittest.mock import patch from parameterized import parameterized from insightconnect_plugin_runtime.exceptions import PluginException diff --git a/plugins/orca_security/unit_test/test_verify_alert.py b/plugins/orca_security/unit_test/test_verify_alert.py index b93475317d..032b1d74fc 100644 --- a/plugins/orca_security/unit_test/test_verify_alert.py +++ b/plugins/orca_security/unit_test/test_verify_alert.py @@ -6,7 +6,7 @@ from unittest import TestCase from icon_orca_security.actions.verify_alert import VerifyAlert from icon_orca_security.actions.verify_alert.schema import Input -from unit_test.util import Util +from util import Util from unittest.mock import patch from parameterized import parameterized from insightconnect_plugin_runtime.exceptions import PluginException