Release notes for version 1.0.1

LICENSE

@@ -198,4 +198,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.

README.md

@@ -1,3 +1,15 @@
+[comment]: # "Auto-generated SOAR connector documentation"
+# ZeroFox
+
+Publisher: ZeroFox  
+Connector Version: 1.0.1  
+Product Vendor: ZeroFox  
+Product Name: ZeroFox  
+Product Version Supported (regex): ".\*"  
+Minimum Product Version: 5.5.0  
+
+ZeroFox Alerts for Splunk SOAR
+
 # Splunk> Phantom
 
 Welcome to the open-source repository for Splunk> Phantom's zerofoxalerts App.
@@ -7,3 +19,166 @@ Please have a look at our [Contributing Guide](https://github.com/Splunk-SOAR-Ap
 ## Legal and License
 
 This Phantom App is licensed under the Apache 2.0 license. Please see our [Contributing Guide](https://github.com/Splunk-SOAR-Apps/.github/blob/main/.github/CONTRIBUTING.md#legal-notice) for further details.
+
+
+### Configuration Variables
+The below configuration variables are required for this Connector to operate.  These variables are specified when configuring a ZeroFox asset in SOAR.
+
+VARIABLE | REQUIRED | TYPE | DESCRIPTION
+-------- | -------- | ---- | -----------
+**zerofox_api_token** |  required  | password | ZeroFox API Token
+**username** |  required  | string | Your ZeroFOX platform username or email address
+**reviewed** |  optional  | boolean | Only poll reviewed alerts
+**history_days_interval** |  required  | string | Initial historical alert poll interval (in days)
+**verify_server_cert** |  optional  | boolean | Verify Sever Certificate
+
+### Supported Actions  
+[test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity using supplied configuration  
+[on poll](#action-on-poll) - Callback action for the on_poll ingest functionality  
+[take action](#action-take-action) - Take action on a ZeroFox an alert  
+[tag alert](#action-tag-alert) - Add or remove a tag to a ZeroFox alert  
+[threat submission](#action-threat-submission) - Add a manual threat to ZeroFox  
+[lookup alert](#action-lookup-alert) - Retrieve a single alert and it's details, identified by its unique integer identifier  
+
+## action: 'test connectivity'
+Validate the asset configuration for connectivity using supplied configuration
+
+Type: **test**  
+Read only: **True**
+
+#### Action Parameters
+No parameters are required for this action
+
+#### Action Output
+No Output  
+
+## action: 'on poll'
+Callback action for the on_poll ingest functionality
+
+Type: **ingest**  
+Read only: **True**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**container_id** |  optional  | Container IDs to limit the ingestion to | string | 
+**start_time** |  optional  | Start of time range, in epoch time (milliseconds) | numeric | 
+**end_time** |  optional  | End of time range, in epoch time (milliseconds) | numeric | 
+**container_count** |  optional  | Maximum number of container records to query for | numeric | 
+**artifact_count** |  optional  | Maximum number of artifact records to query for | numeric | 
+
+#### Action Output
+No Output  
+
+## action: 'take action'
+Take action on a ZeroFox an alert
+
+Type: **generic**  
+Read only: ****
+
+Take action on a ZeroFox an alert.
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**alert_id** |  required  | ZeroFox Alert ID | numeric | 
+**alert_action** |  required  | The action to take | string | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.alert_action | string |  |  
+action_result.parameter.alert_id | numeric |  |  
+action_result.data | string |  |  
+action_result.summary | string |  |  
+action_result.message | string |  |  
+summary.total_objects | numeric |  |  
+summary.total_objects_successful | numeric |  |    
+
+## action: 'tag alert'
+Add or remove a tag to a ZeroFox alert
+
+Type: **generic**  
+Read only: ****
+
+Add or remove a tag to a ZeroFox alert.
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**alert_id** |  required  | ZeroFox Alert ID | numeric | 
+**alert_tag** |  required  | Tag | string | 
+**tag_action** |  required  | Tag action: add or remove | string | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.alert_id | numeric |  |  
+action_result.parameter.alert_tag | string |  |  
+action_result.parameter.tag_action | string |  |  
+action_result.data | string |  |  
+action_result.summary | string |  |  
+action_result.message | string |  |  
+summary.total_objects | numeric |  |  
+summary.total_objects_successful | numeric |  |    
+
+## action: 'threat submission'
+Add a manual threat to ZeroFox
+
+Type: **generic**  
+Read only: ****
+
+Add a manual threat to ZeroFox.
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**source** |  required  | Source URL | string | 
+**alert_type** |  required  | Alert Type | string | 
+**violation** |  required  | Violation | string | 
+**asset_id** |  required  | The ZeroFox Asset ID to associate the threat | numeric | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.alert_type | string |  |  
+action_result.parameter.asset_id | numeric |  |  
+action_result.parameter.source | string |  |  
+action_result.parameter.violation | string |  |  
+action_result.data.\*.alert_id | numeric |  |  
+action_result.summary | string |  |  
+action_result.message | string |  |  
+summary.total_objects | numeric |  |  
+summary.total_objects_successful | numeric |  |    
+
+## action: 'lookup alert'
+Retrieve a single alert and it's details, identified by its unique integer identifier
+
+Type: **investigate**  
+Read only: **True**
+
+Retrieve a single alert and it's details, identified by its unique integer identifier.
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**alert_id** |  required  | ZeroFox Alert ID | numeric | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.alert_id | numeric |  |  
+action_result.data.\*.alert.alert_type | string |  |  
+action_result.data.\*.alert.network | string |  |  
+action_result.data.\*.alert.offending_content_url | string |  |  
+action_result.data.\*.alert.rule_name | string |  |  
+action_result.data.\*.alert.status | string |  |  
+action_result.data.\*.alert.timestamp | string |  |  
+action_result.summary | string |  |  
+action_result.message | string |  |  
+summary.total_objects | numeric |  |  
+summary.total_objects_successful | numeric |  |  

release_notes/1.0.1.md

@@ -0,0 +1 @@
+* Initial Release

release_notes/unreleased.md

@@ -1,2 +1 @@
 **Unreleased**
-* Initial Release

zerofox.json

@@ -19,7 +19,7 @@
         }
     ],
     "license": "Copyright (c) ZeroFox, 2024",
-    "app_version": "1.0.0",
+    "app_version": "1.0.1",
     "utctime_updated": "2023-07-26T17:04:21.523369Z",
     "package_name": "phantom_zerofox",
     "main_module": "zerofox_connector.py",
@@ -494,4 +494,4 @@
         }
     ],
     "version": "EQ(*)"
-}
+}