Sapi siem integration (#149)

* Fix integration name with spaces and add SAP SIEM integration and auth keys * Add SAP SIEM integration router * Refactor auth key extraction for Mimecast and SAP SIEM integrations * Refactor SAP SIEM route and collect SAP SIEM request * Refactor SAP SIEM integration code to support multiple API keys * Add SAP SIEM schema and services for collecting and checking suspicious logins * Add event_timestamp and case_created fields to Result model and SapSiemSource model * Update index name in find_suscpicious_logins function * Refactor fetch_and_validate_data function to accept keyword arguments * Add asset schema and update case with asset information * Remove temporary code for testing * Add customer_code field to SapSiemSource and SuspiciousLogin models * Add errDetails field to SapSiemSource and SuspiciousLogin models * Add SAP SIEM suspicious logins analysis route * Add scroll functionality for retrieving search results * Add event_analyzed flag to Elasticsearch document * Add SAP SIEM multiple logins analysis route * Convert loginID to lowercase before adding to ip_to_login_ids * Add event_analyzed_multiple_logins field to Result class * Add SapSiemMultipleLogins model and update sap_siem_multiple_logins_same_ip function * Refactor code to improve performance and readability * Add function to update event_analyzed_multiple_logins flag in Elasticsearch document * Add update_event_analyzed_multiple_logins_flag function call * Update customer code and handle exception in sap_siem_multiple_logins.py * docs * precommit fixes * Update SAP SIEM integration and scheduler*** * Add new columns to existing tables * Add optional extra_data parameter to update_job function * Add optional threshold parameter to run_sap_siem_suspicious_logins_analysis and run_sap_siem_multiple_logins_same_ip_analysis * Refactor invoke_sap_siem_integration_suspicious_logins_analysis() to use a default threshold value * Add scheduler jobs for SAP SIEM integration * Fix scroll clearing in SAP SIEM services * grafana sap siem user dashboard * Add SapSiemDashboard and provision_sap_siem function * Update SapSiemDashboard enum and provision function * Grafana dashboard change * Remove alert creation provisiong from connectors table * Update docker-compose.yml to version v0.0.3
socfortress · Feb 14, 2024 · 094753d · 094753d
1 parent 180a767
commit 094753d
Show file tree

Hide file tree

Showing 32 changed files with 4,531 additions and 42 deletions.
diff --git a/README.md b/README.md
@@ -63,7 +63,7 @@ systemctl restart docker
 
 ```bash
 #  Clone the CoPilot repository
-wget https://raw.githubusercontent.com/socfortress/CoPilot/v0.0.2/docker-compose.yml
+wget https://raw.githubusercontent.com/socfortress/CoPilot/v0.0.3/docker-compose.yml
 
 # Edit the docker-compose.yml file to set the server name and/or the services you want to use
 

diff --git a/backend/app/connectors/dfir_iris/utils/universal.py b/backend/app/connectors/dfir_iris/utils/universal.py
@@ -109,6 +109,7 @@ async def fetch_and_parse_data(
     session: ClientSession,
     action: Callable,
     *args,
+    **kwargs: Optional[Any],
 ) -> Dict[str, Union[bool, Optional[Dict]]]:
     """
     Fetches and parses data from DFIR-IRIS using a specified action.
@@ -122,8 +123,8 @@ async def fetch_and_parse_data(
         dict: A dictionary containing the success status and either the fetched data or None if the operation was unsuccessful.
     """
     try:
-        logger.info(f"Executing {action.__name__}... on args: {args}")
-        status = action(*args)
+        logger.info(f"Executing {action.__name__}... on args: {args} and kwargs: {kwargs}")
+        status = action(*args, **kwargs)
         assert_api_resp(status, soft_fail=False)
         data = get_data_from_resp(status)
         logger.info(f"Successfully executed {action.__name__}")
@@ -223,7 +224,7 @@ def handle_error(error_message: str, status_code: int = 500):
     raise HTTPException(status_code=status_code, detail=error_message)
 
 
-async def fetch_and_validate_data(client: Any, func: Callable, *args: Any) -> Dict:
+async def fetch_and_validate_data(client: Any, func: Callable, *args: Any, **kwargs: Optional[Any]) -> Dict:
     """
     Fetches and validates data using the provided client, function, and arguments.
 
@@ -238,7 +239,7 @@ async def fetch_and_validate_data(client: Any, func: Callable, *args: Any) -> Di
     Raises:
         Exception: If the data fetching fails.
     """
-    result = await fetch_and_parse_data(client, func, *args)
+    result = await fetch_and_parse_data(client, func, *args, **kwargs)
     if not result["success"]:
         handle_error(f"Failed to fetch data: {result['message']}")
     return result