diff --git a/manual_readme_content.md b/manual_readme_content.md index 3973d65..b4b6bb7 100644 --- a/manual_readme_content.md +++ b/manual_readme_content.md @@ -12,3 +12,253 @@ [comment]: # " either express or implied. See the License for the specific language governing permissions" [comment]: # " and limitations under the License. " + + +### Configuration Variables +The below configuration variables are required for this Connector to operate. These variables are specified when configuring a TitaniumScale asset in SOAR. + +| VARIABLE | REQUIRED | TYPE | DESCRIPTION | +|---------------|----------|----------|---------------------| +| **url** | required | string | TitaniumScale URL | +| **token** | required | password | TitaniumScale token | +| **wait_time** | optional | numeric | Wait time (seconds) | +| **retries** | optional | numeric | Number of retries | + +### Supported Actions +[test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity using supplied configuration +[detonate file and get report](#action-detonate-file-and-get-report) - Detonate file and return report +[get report](#action-get-report) - Query for results of an already completed detonation +[get report by id](#action-get-report-by-id) - Query for results of an already completed detonation +[detonate file](#action-detonate-file) - Detonate file +[get tasks list](#action-get-tasks-list) - List processing tasks generated by file submission requests +[delete processing task](#action-delete-processing-task) - Delete a single processing task record from the system +[delete processing tasks](#action-delete-processing-tasks) - Delete task records from the system based on the time when they were submitted +[get yara id](#action-get-yara-id) - Retrieve an identifier for the current set of YARA rules on the Worker instance + +## action: 'test connectivity' +Validate the asset configuration for connectivity using supplied configuration + +Type: **test** +Read only: **True** + +Validate the asset configuration for connectivity using supplied configuration. + +#### Action Parameters +No parameters are required for this action + +#### Action Output +No Output + +## action: 'detonate file and get report' +Detonate file and return report + +Type: **generic** +Read only: **False** + +Detonates file and returns report. + +#### Action Parameters +| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS | +|-----------------|----------|------------------------------|---------|--------------------------------------------------------------| +| **vault_id** | required | Vault ID of file to detonate | string | `pe file` `pdf` `flash` `apk` `jar` `doc` `xls` `ppt` | +| **full_report** | optional | Return full report | boolean | | + +#### Action Output +| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES | +|-------------------------------------|---------|--------------------------------------------------------------|-----------------| +| action_result.parameter.vault_id | string | `pe file` `pdf` `flash` `apk` `jar` `doc` `xls` `ppt` | | +| action_result.parameter.full_report | boolean | | | +| action_result.status | string | | success failed | +| action_result.data | string | | | +| action_result.message | string | | | +| summary.total_objects | numeric | | | +| summary.total_objects_successful | numeric | | | +| action_result.summary | string | | | + +## action: 'get report' +Query for results of an already completed detonation + +Type: **investigate** +Read only: **True** + +Queries for results of an already completed detonation. + +#### Action Parameters +| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS | +|-----------------|----------|-------------------------------|---------|----------| +| **task_url** | required | Task URL to get the report of | string | | +| **full_report** | optional | Get full report | boolean | | + +#### Action Output +| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES | +|-------------------------------------|---------|----------|-----------------| +| action_result.parameter.task_url | string | | | +| action_result.parameter.full_report | boolean | | | +| action_result.status | string | | success failed | +| action_result.data | string | | | +| action_result.message | string | | | +| summary.total_objects | numeric | | | +| summary.total_objects_successful | numeric | | | +| action_result.summary | string | | | + +## action: 'get report by id' +Query for results of an already completed detonation + +Type: **generic** +Read only: **True** + +Queries for results of an already completed detonation. + +#### Action Parameters +| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS | +|-------------|----------|-----------------------------------------------------------------------------------------------|---------|-----------| +| **task_id** | required | Unique ID assigned to each processing task | numeric | `task id` | +| **full** | optional | Specify if the full (true), or summary (false) report should be returned | boolean | | +| **v13** | optional | Specifies whether the report should be returned in TiScale 1.3 version (true), or not (false) | boolean | | +| **view** | optional | Applied report transformation, see Customizing Analysis Report | string | | + + +#### Action Output +| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES | +|----------------------------------|---------|-----------|-----------------| +| action_result.parameter.task_id | numeric | `task id` | | +| action_result.parameter.full | boolean | | | +| action_result.parameter.v13 | boolean | | | +| action_result.parameter.view | string | | | +| action_result.status | string | | success failed | +| action_result.data | string | | | +| action_result.message | string | | | +| summary.total_objects | numeric | | | +| summary.total_objects_successful | numeric | | | +| action_result.summary | string | | | + + + +## action: 'detonate file' +Detonate file + +Type: **generic** +Read only: **False** + +Detonates file and returns task ID (URL to get the report from). + +#### Action Parameters +| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS | +|------------------|----------|-------------------------------------------------------------------------------------------------------------------------------------------|--------|------------| +| **vault_id** | required | Vault ID of the file | string | `vault id` | +| **custom_token** | optional | Custom string to filter processing tasks, if there are any files that were uploaded with that custom string in the X-TiScale-Token header | string | | +| **user_data** | optional | Additional JSON encoded payload. Used in parts of the processing pipeline. | string | | +| **custom_data** | optional | Any user defined JSON encoded payload. This data will be included in the analysis report. | string | | + +#### Action Output +| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES | +|--------------------------------------|---------|------------|-----------------| +| action_result.parameter.vault_id | string | `vault id` | | +| action_result.parameter.custom_token | string | | | +| action_result.parameter.user_data | string | | | +| action_result.parameter.custom_data | string | | | +| action_result.status | string | | success failed | +| action_result.data | string | | | +| action_result.message | string | | | +| summary.total_objects | numeric | | | +| summary.total_objects_successful | numeric | | | +| action_result.summary | string | | | + +## action: 'get tasks list' +List processing tasks generated by file submission requests + +Type: **generic** +Read only: **True** + +When a file is submitted for analysis a processing task is created and queued on the TiScale Worker server. All processing results are retained until deleted by the user, or when the time configured using the conf_cleanup_task_age_limit expires (whichever comes first). + +#### Action Parameters +| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS | +|------------------|----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|------------| +| **age** | optional | Number of seconds to filter processing tasks based on their age. When provided the API returns only those tasks that are older than the specified number of seconds. | numeric | `task age` | +| **custom_token** | optional | Custom string to filter processing tasks, if there are any files that were uploaded with that custom string in the X-TiScale-Token header | string | | + +#### Action Output +| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES | +|--------------------------------------|---------|------------|-----------------| +| action_result.parameter.age | numeric | `task age` | | +| action_result.parameter.custom_token | string | | | +| action_result.status | string | | success failed | +| action_result.data | string | | | +| action_result.message | string | | | +| summary.total_objects | numeric | | | +| summary.total_objects_successful | numeric | | | +| action_result.summary | string | | | + + +## action: 'delete processing task' +Deletes a single processing task record from the system + +Type: **generic** +Read only: **False** + +Users can manually delete task records from the system at any time. + +#### Action Parameters +| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS | +|-------------|----------|--------------------------|---------|-----------| +| **task_id** | required | ID of the task to delete | numeric | `task id` | + +#### Action Output +| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES | +|----------------------------------|---------|-----------|-----------------| +| action_result.parameter.task_id | numeric | `task id` | | +| action_result.status | string | | success failed | +| action_result.data | string | | | +| action_result.message | string | | | +| summary.total_objects | numeric | | | +| summary.total_objects_successful | numeric | | | +| action_result.summary | string | | | + + +## action: 'delete processing tasks' +Delete task records from the system based on the time when they were submitted + +Type: **generic** +Read only: **False** + +All file processing results are automatically removed from the platform 30 minutes after processing is completed. However, users can manually delete task records from the system at any time. Task age is calculated as being the difference between the current system timestamp and the timestamp of the task submission. + +#### Action Parameters +| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS | +|-----------|----------|-----------------------------------------------------------------|---------|------------| +| **age** | required | Number of seconds to delete processing tasks based on their age | numeric | `task age` | + +#### Action Output +| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES | +|----------------------------------|---------|------------|-----------------| +| action_result.parameter.age | numeric | `task age` | | +| action_result.status | string | | success failed | +| action_result.data | string | | | +| action_result.message | string | | | +| summary.total_objects | numeric | | | +| summary.total_objects_successful | numeric | | | +| action_result.summary | string | | | + + +## action: 'get yara id' +Retrieve an identifier for the current set of YARA rules on the Worker instance + +Type: **generic** +Read only: **True** + +If there are any changes to the set of YARA rules, the identifier will change. Therefore, this endpoint can be used to monitor changes to YARA rules by comparing the responses retrieved over multiple time intervals. + +#### Action Parameters +No parameters are required for this action + +#### Action Output +| DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES | +|----------------------------------|---------|----------|-----------------| +| action_result.data.*.id | string | | | +| action_result.status | string | | success failed | +| action_result.data | string | | | +| action_result.message | string | | | +| summary.total_objects | numeric | | | +| summary.total_objects_successful | numeric | | | +| action_result.summary | string | | | diff --git a/release_notes/unreleased.md b/release_notes/unreleased.md index fbcb2fd..eb4ba6c 100644 --- a/release_notes/unreleased.md +++ b/release_notes/unreleased.md @@ -1 +1,13 @@ **Unreleased** +* Added new actions: + * Get Report By Id + * Get Tasks List + * Delete Processing Task + * Delete Processing Tasks + * Get YARA Id +* Bug fixes: + * Rearranged action output definitions to match order +* Enhancements: + * ReversingLabsSDK dependency updated to 2.5.6 + * Fixed typos + * Added optional parameters for detonate file action diff --git a/requirements.txt b/requirements.txt index 10af50f..d1e87d9 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1 @@ -reversinglabs-sdk-py3==2.1.1 +reversinglabs-sdk-py3==2.5.6 diff --git a/reversinglabs_tiscalev2.json b/reversinglabs_tiscalev2.json index 04ad77b..d4a612b 100644 --- a/reversinglabs_tiscalev2.json +++ b/reversinglabs_tiscalev2.json @@ -12,15 +12,21 @@ "publisher": "ReversingLabs", "contributors": [ { - "name": "ivukovicRL" + "name": "RLakukolja" + }, + { + "name": "DinkoReversingLabs" + }, + { + "name": "MislavReversingLabs" } ], "license": "Copyright (c) ReversingLabs, 2023", - "app_version": "1.0.1", + "app_version": "1.1.0", "utctime_updated": "2023-04-13T12:48:58.213954Z", "package_name": "phantom_reversinglabs_tiscalev2", "main_module": "reversinglabs_tiscalev2_connector.py", - "min_phantom_version": "5.5.0", + "min_phantom_version": "6.2.1", "app_wizard_version": "1.0.0", "fips_compliant": false, "configuration": { @@ -115,10 +121,6 @@ "column_name": "Full Report", "column_order": 1 }, - { - "data_path": "action_result.data", - "data_type": "string" - }, { "data_path": "action_result.status", "data_type": "string", @@ -129,6 +131,10 @@ "failed" ] }, + { + "data_path": "action_result.data", + "data_type": "string" + }, { "data_path": "action_result.message", "data_type": "string" @@ -159,7 +165,7 @@ "action": "get report", "identifier": "get_report", "description": "Query for results of an already completed detonation", - "verbose": "Querys for results of an already completed detonation.", + "verbose": "Queries for results of an already completed detonation.", "type": "investigate", "read_only": true, "parameters": { @@ -188,20 +194,123 @@ "column_name": "Full Report", "column_order": 1 }, + { + "data_path": "action_result.status", + "data_type": "string", + "column_name": "Status", + "column_order": 2, + "example_values": [ + "success", + "failed" + ] + }, { "data_path": "action_result.data", "data_type": "string" }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, + { + "data_path": "action_result.summary", + "data_type": "string" + } + ], + "render": { + "type": "custom", + "width": 10, + "height": 5, + "view": "reversinglabs_tiscalev2_views.get_report", + "title": "TitaniumScale Get Report" + }, + "versions": "EQ(*)" + }, + { + "action": "get report by id", + "identifier": "get_report_by_id", + "description": "Query for results of an already completed detonation", + "verbose": "Queries for results of an already completed detonation.", + "type": "investigate", + "read_only": true, + "parameters": { + "task_id": { + "description": "Unique ID assigned to each processing task", + "data_type": "numeric", + "order": 0, + "required": true, + "primary": true, + "contains": ["task id"] + }, + "full": { + "description": "Specify if the full (true), or summary (false) report should be returned", + "data_type": "boolean", + "order": 1, + "required": false, + "default": true + }, + "v13": { + "description": "Specifies whether the report should be returned in TiScale 1.3 version (true), or not (false)", + "data_type": "boolean", + "order": 2, + "required": false, + "default": false + }, + "view": { + "description": "Applied report transformation, see Customizing Analysis Report", + "data_type": "string", + "order": 3, + "required": false + } + }, + "output": [ + { + "data_path": "action_result.parameter.task_id", + "data_type": "numeric", + "column_name": "Task ID", + "column_order": 0, + "contains": ["task id"] + }, + { + "data_path": "action_result.parameter.full", + "data_type": "boolean", + "column_name": "Full", + "column_order": 1 + }, + { + "data_path": "action_result.parameter.v13", + "data_type": "boolean", + "column_name": "v13", + "column_order": 2 + }, + { + "data_path": "action_result.parameter.view", + "data_type": "string", + "column_name": "View", + "column_order": 3 + }, { "data_path": "action_result.status", "data_type": "string", "column_name": "Status", - "column_order": 2, + "column_order": 4, "example_values": [ "success", "failed" ] }, + { + "data_path": "action_result.data", + "data_type": "string" + }, { "data_path": "action_result.message", "data_type": "string" @@ -240,7 +349,28 @@ "description": "Vault ID of the file", "data_type": "string", "required": true, + "primary": true, + "contains": ["vault id"], "order": 0 + }, + "custom_token": { + "description": "Custom string to filter processing tasks, if there are any files that were uploaded with that custom string in the X-TiScale-Token header", + "data_type": "string", + "order": 1, + "required": false, + "primary": false + }, + "user_data": { + "description": "Additional JSON encoded payload. Used in parts of the processing pipeline.", + "data_type": "string", + "order": 2, + "required": false + }, + "custom_data": { + "description": "Any user defined JSON encoded payload. This data will be included in the analysis report.", + "data_type": "string", + "order": 3, + "required": false } }, "output": [ @@ -248,22 +378,41 @@ "data_path": "action_result.parameter.vault_id", "data_type": "string", "column_name": "Vault ID", + "contains": ["vault id"], "column_order": 0 }, { - "data_path": "action_result.data", - "data_type": "string" + "data_path": "action_result.parameter.custom_token", + "data_type": "string", + "column_name": "Custom token", + "column_order": 1 + }, + { + "data_path": "action_result.parameter.user_data", + "data_type": "string", + "column_name": "User data", + "column_order": 2 + }, + { + "data_path": "action_result.parameter.custom_data", + "data_type": "string", + "column_name": "Custom data", + "column_order": 3 }, { "data_path": "action_result.status", "data_type": "string", "column_name": "Status", - "column_order": 1, + "column_order": 4, "example_values": [ "success", "failed" ] }, + { + "data_path": "action_result.data", + "data_type": "string" + }, { "data_path": "action_result.message", "data_type": "string" @@ -289,33 +438,284 @@ "title": "TitaniumScale Detonate File And Get Report" }, "versions": "EQ(*)" + }, + { + "action": "get task list", + "identifier": "get_task_list", + "description": "List processing tasks generated by file submission requests", + "verbose": "When a file is submitted for analysis a processing task is created and queued on the TiScale Worker server. All processing results are retained until deleted by the user, or when the time configured using the conf_cleanup_task_age_limit expires (whichever comes first).", + "type": "generic", + "read_only": true, + "parameters": { + "age": { + "description": "Number of seconds to filter processing tasks based on their age. When provided the API returns only those tasks that are older than the specified number of seconds.", + "data_type": "numeric", + "order": 0, + "required": false, + "primary": false, + "contains": ["task age"] + }, + "custom_token": { + "description": "Custom string to filter processing tasks, if there are any files that were uploaded with that custom string in the X-TiScale-Token header", + "data_type": "string", + "order": 1, + "required": false, + "primary": false + } + }, + "output": [ + { + "data_path": "action_result.parameter.age", + "data_type": "numeric", + "column_name": "age", + "contains": ["task age"], + "column_order": 0 + }, + { + "data_path": "action_result.parameter.custom_token", + "data_type": "string", + "column_name": "custom_token", + "column_order": 1 + }, + { + "data_path": "action_result.status", + "data_type": "string", + "column_name": "Status", + "column_order": 2, + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.data", + "data_type": "string" + }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, + { + "data_path": "action_result.summary", + "data_type": "string" + } + ], + "render": { + "type": "custom", + "width": 10, + "height": 5, + "view": "reversinglabs_tiscalev2_views.get_task_list", + "title": "TitaniumScale Delete Processing Tasks" + }, + "versions": "EQ(*)" + }, + { + "action": "delete processing task", + "identifier": "delete_processing_task", + "description": "Deletes a single processing task record from the system", + "verbose": "Users can manually delete task records from the system at any time.", + "type": "generic", + "read_only": false, + "parameters": { + "task_id": { + "description": "ID of the task to delete", + "data_type": "numeric", + "order": 0, + "required": true, + "primary": true, + "contains": ["task id"] + } + }, + "output": [ + { + "data_path": "action_result.parameter.task_id", + "data_type": "numeric", + "column_name": "task_id", + "column_order": 0, + "contains": ["task id"] + }, + { + "data_path": "action_result.status", + "data_type": "string", + "column_name": "Status", + "column_order": 1, + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.data", + "data_type": "string" + }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, + { + "data_path": "action_result.summary", + "data_type": "string" + } + ], + "render": { + "type": "table" + }, + "versions": "EQ(*)" + }, + { + "action": "delete processing tasks", + "identifier": "delete_processing_tasks", + "description": "Delete task records from the system based on the time when they were submitted", + "verbose": "All file processing results are automatically removed from the platform 30 minutes after processing is completed. However, users can manually delete task records from the system at any time. Task age is calculated as being the difference between the current system timestamp and the timestamp of the task submission.", + "type": "generic", + "read_only": false, + "parameters": { + "age": { + "description": "Number of seconds to delete processing tasks based on their age", + "data_type": "numeric", + "order": 0, + "required": true, + "primary": true, + "contains": ["task age"] + } + }, + "output": [ + { + "data_path": "action_result.parameter.age", + "data_type": "numeric", + "column_name": "age", + "contains": ["task age"], + "column_order": 0 + }, + { + "data_path": "action_result.status", + "data_type": "string", + "column_name": "Status", + "column_order": 1, + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.data", + "data_type": "string" + }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, + { + "data_path": "action_result.summary", + "data_type": "string" + } + ], + "render": { + "type": "table" + }, + "versions": "EQ(*)" + }, + { + "action": "get yara id", + "identifier": "get_yara_id", + "description": "Retrieve an identifier for the current set of YARA rules on the Worker instance", + "verbose": "If there are any changes to the set of YARA rules, the identifier will change. Therefore, this endpoint can be used to monitor changes to YARA rules by comparing the responses retrieved over multiple time intervals.", + "type": "generic", + "read_only": true, + "parameters": {}, + "output": [ + { + "data_path": "action_result.data.*.id", + "data_type": "string", + "column_name": "id", + "column_order": 0 + }, + { + "data_path": "action_result.status", + "data_type": "string", + "column_name": "Status", + "column_order": 1, + "example_values": [ + "success", + "failed" + ] + }, + { + "data_path": "action_result.data", + "data_type": "string" + }, + { + "data_path": "action_result.message", + "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric" + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric" + }, + { + "data_path": "action_result.summary", + "data_type": "string" + } + ], + "render": { + "type": "table" + }, + "versions": "EQ(*)" } ], "pip39_dependencies": { "wheel": [ { "module": "certifi", - "input_file": "wheels/py3/certifi-2022.12.7-py3-none-any.whl" + "input_file": "wheels/py3/certifi-2024.6.2-py3-none-any.whl" }, { "module": "charset_normalizer", - "input_file": "wheels/py3/charset_normalizer-2.1.1-py3-none-any.whl" + "input_file": "wheels/py3/charset_normalizer-3.3.2-py3-none-any.whl" }, { "module": "idna", - "input_file": "wheels/py3/idna-3.4-py3-none-any.whl" + "input_file": "wheels/py3/idna-3.7-py3-none-any.whl" }, { "module": "requests", - "input_file": "wheels/py3/requests-2.28.1-py3-none-any.whl" + "input_file": "wheels/py3/requests-2.32.3-py3-none-any.whl" }, { "module": "reversinglabs_sdk_py3", - "input_file": "wheels/py3/reversinglabs_sdk_py3-2.1.1-py3-none-any.whl" + "input_file": "wheels/py3/reversinglabs_sdk_py3-2.5.6-py3-none-any.whl" }, { "module": "urllib3", - "input_file": "wheels/shared/urllib3-1.26.13-py2.py3-none-any.whl" + "input_file": "wheels/py3/urllib3-2.2.1-py3-none-any.whl" } ] } diff --git a/reversinglabs_tiscalev2_connector.py b/reversinglabs_tiscalev2_connector.py index 577eff5..99154fd 100644 --- a/reversinglabs_tiscalev2_connector.py +++ b/reversinglabs_tiscalev2_connector.py @@ -54,13 +54,18 @@ def new_delete(url, **kwargs): class ReversinglabsTitaniumScaleConnector(BaseConnector): - USER_AGENT = "ReversingLabs Splunk SOAR TitaniumScale v1.0.0" + USER_AGENT = "ReversingLabs Splunk SOAR TitaniumScale v1.1.0" # The actions supported by this connector ACTION_ID_TEST_CONNECTIVITY = "test_connectivity" ACTION_ID_DETONATE_FILE = "detonate_file" ACTION_ID_DETONATE_FILE_AND_GET_REPORT = "detonate_file_and_get_report" ACTION_ID_GET_REPORT = "get_report" + ACTION_ID_GET_REPORT_BY_ID = "get_report_by_id" + ACTION_ID_GET_TASK_LIST = "get_task_list" + ACTION_ID_DELETE_PROCESSING_TASK = "delete_processing_task" + ACTION_ID_DELETE_PROCESSING_TASKS = "delete_processing_tasks" + ACTION_ID_GET_YARA_ID = "get_yara_id" def __init__(self): # Call the BaseConnectors init first @@ -71,6 +76,11 @@ def __init__(self): self.ACTION_ID_DETONATE_FILE: self._handle_detonate_file, self.ACTION_ID_DETONATE_FILE_AND_GET_REPORT: self._handle_detonate_file_and_get_report, self.ACTION_ID_GET_REPORT: self._handle_get_report, + self.ACTION_ID_GET_REPORT_BY_ID: self._handle_get_report_by_id, + self.ACTION_ID_GET_TASK_LIST: self._handle_get_task_list, + self.ACTION_ID_DELETE_PROCESSING_TASK: self._handle_delete_processing_task, + self.ACTION_ID_DELETE_PROCESSING_TASKS: self._handle_delete_processing_tasks, + self.ACTION_ID_GET_YARA_ID: self._handle_get_yara_id, } self._state = None @@ -144,7 +154,12 @@ def _handle_detonate_file(self, action_result, param): if not file: raise Exception('Unable to get Vault item details. Error details: {0}'.format(msg)) - response = self.tiscale.upload_sample_from_path(file_path=file["path"]) + response = self.tiscale.upload_sample_from_path( + file_path=file["path"], + custom_token=param.get("custom_token"), + user_data=param.get("user_data"), + custom_data=param.get("custom_data"), + ) print(response.json()) @@ -157,19 +172,58 @@ def _handle_get_report(self, action_result, param): response = self.tiscale.get_results(task_url=param.get("task_url"), full_report=param.get("full_report", False)) - print(response.json()) - self.debug_print("Executed", self.get_action_identifier()) action_result.add_data(response.json()) + def _handle_get_report_by_id(self, action_result, param): + self.debug_print("Action handler", self.get_action_identifier()) + response = self.tiscale.get_processing_task_info( + task_id=param.get("task_id"), + full=param.get("full", True), + v13=param.get("v13", False), + view=param.get("view"), + ) + self.debug_print("Executed", self.get_action_identifier()) + action_result.add_data(response.json()) + def _handle_test_connectivity(self, action_result, param): self.debug_print("Action handler", self.get_action_identifier()) self.tiscale.test_connection() + self.debug_print("Executed", self.get_action_identifier()) self.save_progress("Test Connectivity Passed") + def _handle_get_task_list(self, action_result, param): + self.debug_print("Action handler", self.get_action_identifier()) + response = self.tiscale.list_processing_tasks( + age=param.get("age"), + custom_token=param.get("custom_token"), + ) + self.debug_print("Executed", self.get_action_identifier()) + action_result.add_data(response.json()) + + def _handle_delete_processing_task(self, action_result, param): + self.debug_print("Action handler", self.get_action_identifier()) + self.tiscale.delete_processing_task( + task_id=param.get("task_id"), + ) + self.debug_print("Executed", self.get_action_identifier()) + + def _handle_delete_processing_tasks(self, action_result, param): + self.debug_print("Action handler", self.get_action_identifier()) + self.tiscale.delete_multiple_tasks( + age=param.get("age"), + ) + self.debug_print("Executed", self.get_action_identifier()) + + def _handle_get_yara_id(self, action_result, param): + self.debug_print("Action handler", self.get_action_identifier()) + response = self.tiscale.get_yara_id() + action_result.add_data(response.json()) + self.debug_print("Executed", self.get_action_identifier()) + def main(): import argparse diff --git a/reversinglabs_tiscalev2_views.py b/reversinglabs_tiscalev2_views.py index 91e4eee..5cfc92f 100644 --- a/reversinglabs_tiscalev2_views.py +++ b/reversinglabs_tiscalev2_views.py @@ -45,6 +45,18 @@ def get_report(provides, all_app_runs, context): return 'views/reversinglabs_tiscalev2_report.html' +def get_task_list(provides, all_app_runs, context): + for summary, action_results in all_app_runs: + for result in action_results: + if len(result.get_data()) == 0: + context['data'] = [] + else: + context['data'] = result.get_data()[0] + context['param'] = result.get_param() + + return 'views/reversinglabs_tiscalev2_get_task_list.html' + + def color_code_classification(classification): color = "" classification = classification.upper() diff --git a/views/reversinglabs_tiscalev2_detonate_file.html b/views/reversinglabs_tiscalev2_detonate_file.html index 7a191c8..75ce4c2 100644 --- a/views/reversinglabs_tiscalev2_detonate_file.html +++ b/views/reversinglabs_tiscalev2_detonate_file.html @@ -78,7 +78,7 @@ ReversingLabs TitaniumScale Detonate File -
{{param.vault_id}}
+
{{param.vault_id}}{% if param.custom_token %} token={{param.custom_token}}{% endif %}
diff --git a/views/reversinglabs_tiscalev2_get_task_list.html b/views/reversinglabs_tiscalev2_get_task_list.html new file mode 100644 index 0000000..dde50f9 --- /dev/null +++ b/views/reversinglabs_tiscalev2_get_task_list.html @@ -0,0 +1,151 @@ +{% extends 'widgets/widget_template.html' %} +{% load custom_template %} +{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%; +background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %} +{% block widget_content %} + + + + +
+ {% if data == None or data|length == 0 %} + There are no tasks present on the worker which satisfy the filter. + {% else %} + + + + + + + + + + + + + + + + +
ReversingLabs TitaniumScale Task list
Age{{param.age}}
Custom token{{param.custom_token}}
+ + + {% for task in data %} + + + + + + + + + + + + + + + + + + + + + + + + + {% for x in task.worker_ip %} + + + + + {% endfor %} + + {% for x in task.forwarded_for %} + + + + + {% endfor %} + + {% for x in task.worker_address %} + + + + + {% endfor %} + +
Task {{task.task_id}}
Processed{{task.processed}}
Submitted{{task.submitted}}
Direct sender{{task.direct_sender}}
Worker hostname{{task.worker_hostname}}
Worker IP{{x}}
Forwarded for{{x}}
Worker address{{x}}
+ {% endfor %} + + {% endif %} +
+{% endblock %} diff --git a/wheels/py3/certifi-2022.12.7-py3-none-any.whl b/wheels/py3/certifi-2022.12.7-py3-none-any.whl deleted file mode 100644 index a083056..0000000 Binary files a/wheels/py3/certifi-2022.12.7-py3-none-any.whl and /dev/null differ diff --git a/wheels/py3/certifi-2024.6.2-py3-none-any.whl b/wheels/py3/certifi-2024.6.2-py3-none-any.whl new file mode 100644 index 0000000..df4ec17 Binary files /dev/null and b/wheels/py3/certifi-2024.6.2-py3-none-any.whl differ diff --git a/wheels/py3/charset_normalizer-2.1.1-py3-none-any.whl b/wheels/py3/charset_normalizer-2.1.1-py3-none-any.whl deleted file mode 100644 index cf36f15..0000000 Binary files a/wheels/py3/charset_normalizer-2.1.1-py3-none-any.whl and /dev/null differ diff --git a/wheels/py3/charset_normalizer-3.3.2-py3-none-any.whl b/wheels/py3/charset_normalizer-3.3.2-py3-none-any.whl new file mode 100644 index 0000000..c2609a2 Binary files /dev/null and b/wheels/py3/charset_normalizer-3.3.2-py3-none-any.whl differ diff --git a/wheels/py3/idna-3.4-py3-none-any.whl b/wheels/py3/idna-3.4-py3-none-any.whl deleted file mode 100644 index 7343c68..0000000 Binary files a/wheels/py3/idna-3.4-py3-none-any.whl and /dev/null differ diff --git a/wheels/py3/idna-3.7-py3-none-any.whl b/wheels/py3/idna-3.7-py3-none-any.whl new file mode 100644 index 0000000..fa4c95b Binary files /dev/null and b/wheels/py3/idna-3.7-py3-none-any.whl differ diff --git a/wheels/py3/requests-2.28.1-py3-none-any.whl b/wheels/py3/requests-2.28.1-py3-none-any.whl deleted file mode 100644 index 08649f5..0000000 Binary files a/wheels/py3/requests-2.28.1-py3-none-any.whl and /dev/null differ diff --git a/wheels/py3/requests-2.32.3-py3-none-any.whl b/wheels/py3/requests-2.32.3-py3-none-any.whl new file mode 100644 index 0000000..23662ce Binary files /dev/null and b/wheels/py3/requests-2.32.3-py3-none-any.whl differ diff --git a/wheels/py3/reversinglabs_sdk_py3-2.1.1-py3-none-any.whl b/wheels/py3/reversinglabs_sdk_py3-2.1.1-py3-none-any.whl deleted file mode 100644 index b3e327f..0000000 Binary files a/wheels/py3/reversinglabs_sdk_py3-2.1.1-py3-none-any.whl and /dev/null differ diff --git a/wheels/py3/reversinglabs_sdk_py3-2.5.6-py3-none-any.whl b/wheels/py3/reversinglabs_sdk_py3-2.5.6-py3-none-any.whl new file mode 100644 index 0000000..1a7dea3 Binary files /dev/null and b/wheels/py3/reversinglabs_sdk_py3-2.5.6-py3-none-any.whl differ diff --git a/wheels/py3/urllib3-2.2.1-py3-none-any.whl b/wheels/py3/urllib3-2.2.1-py3-none-any.whl new file mode 100644 index 0000000..d7cca6a Binary files /dev/null and b/wheels/py3/urllib3-2.2.1-py3-none-any.whl differ diff --git a/wheels/shared/urllib3-1.26.13-py2.py3-none-any.whl b/wheels/shared/urllib3-1.26.13-py2.py3-none-any.whl deleted file mode 100644 index 887f782..0000000 Binary files a/wheels/shared/urllib3-1.26.13-py2.py3-none-any.whl and /dev/null differ