Merged
Conversation
pmara-r7
changed the title
…ightconnect-plugins into SOAR-6687-Fix-Metasploit-Cons
…ightconnect-plugins into SOAR-6687-Fix-Metasploit-Cons
mrinehart-r7
suggested changes
Sep 27, 2021
| raise | ||
| return {"success": True} | ||
|
|
||
| def do_section(self, client, search_term, results, list_in: list, list_name: str, dictionary_key: str): |
Contributor
There was a problem hiding this comment.
Can you typehint client, search_term, and results?
Contributor
|
@pmara-r7 can you post screenshots of in-product testing? |
…ightconnect-plugins into SOAR-6687-Fix-Metasploit-Cons
…ightconnect-plugins into SOAR-6687-Fix-Metasploit-Cons
mrinehart-r7
added
Needs Testing
Contributor
Author
AssessmentRunDetailsdocker run --rm -i pj-test/rapid7_metasploit:3.0.0 run < tests/execute_exploit.jsonDetailsdocker run --rm -i pj-test/rapid7_metasploit:3.0.0 run < tests/search_for_exploit.json |
Contributor
Author
|
The output for new_modules works, but the first time it runs it gets every single module and sends it (since everything appears to be new at this point). Posting a snippet of one of the items that it sends from the "test" module. Detailsdocker run --rm -i pj-test/rapid7_metasploit:3.0.0 --debug test < tests/new_modules.json |
Contributor
Author
|
Here is an example of one of the new modules that output when tested: |
Contributor
Author
|
@mrinehart-r7 Is testing above sufficient? Or are there some other specific tests you would like to see? |
Contributor
Should be good! |
mrinehart-r7
approved these changes
Sep 29, 2021
mberezin-r7
approved these changes
Sep 29, 2021
mberezin-r7
added
Ready to Merge ✅
cmcnally-r7
pushed a commit
that referenced
this pull request
Jan 21, 2022
* tried to implement fix- pending new library upload to test properly: * initial fix commit. Lots in here, sorry about that * fixed up trigger to make it functional * black formatting * ready to merge except for help.md * added comments, supported versions, manually fixed up help.md * regen with supported versions * fixing some validation issues * fixed prospector errors, down to regen issues now * fixed param issue in search for exploit * fixed prospector msg * removed another entry from checksum * added type hints * ran black formatting * reformatting pt 2 Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> [SOAR-7005] Update Teams Plugin with Troubleshooting from Discuss (#1021) * add troubleshoot message about teams to help.md * attempt fixing input violations in help.md * Update plugins/microsoft_teams/help.md with correct troubleshooting message Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/microsoft_teams/help.md taking out unnec brackets Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * revert help.md dictionaries * fix plugins/microsoft_teams/help.md dictionary Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Jira: Fix bug in "Get Comments", failing normalize_user in Jira Cloud (#991) * Add pass-thru is_cloud for normalize_user The action for Get Comments never relays the state of the endpoint as on-premise or cloud, but requires this state to return successfully. By using the same process as is present in other actions, passing of the client is_cloud boolean through the normalize_comment function and on to the normalize_user function with a default value of False. * Fix bug normalize_comment not receiving connection.is_cloud With the action Get Comments, normalize_comment calls upon the function normalize_user. This dependent function requires knowledge of the state of is_cloud from the client connection. This change passes the connection.is_cloud state into normalize_comment. * bump version * Updated version minor as previous Get Comments action only worked with Jira Server. Now works with both Server and Cloud. * updated checksum with icon-plugin tool * Update help.md * Regenerate checksum. * Add missing newline to help.md. Passing local validation. Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: pmara-r7 <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: Maxim Berezin <maxim_berezin@rapid7.com> SOAR-7007: Fix Get Alerts Trigger in Microsoft ATP (#1017) * Regen * Add changelog * fix missed fixes * Fix Prospector warnings * Add timeout-decorator * Comment out test placeholders * Blacken * Lint jira Co-authored-by: Elijah Martin-Merrill <elijah_martin-merrill@rapid7.com> Co-authored-by: Maxim Berezin <maxim_berezin@rapid7.com> Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> [MC-615][MC-664][MC-665] Add new actions in Google Drive plugin (#993) * [MC-615][MC-664][MC-665] Add new actions in Google Drive plugin * [MC-615][MC-664][MC-665] Reformat test_move_file.py * Update plugins/google_drive/plugin.spec.yaml Change Move File action description Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> * Update help.md. * Update checksum * [MC-615][MC-664][MC-665] Update Create File in Folder action * Update input examples for connection in help.md * [MC-708][MC-731][MC-732] Update Python version and code refactoring in Google Drive plugin * [MC-708][MC-731][MC-732] Update requirements.txt and help.md Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> Co-authored-by: Maxim Berezin <maxim_berezin@rapid7.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: pmara-r7 <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> MC-380 - PaloAlto Wildfire - Connection Test (#1019) * [MC-380] Added connection test * [MC-380] Make regenerate * [MC-380] Added `supported_versions` and removed unsupported keyworks. * [MC-380] Resolve the issue with importing plugin + make regenerate. * Version pin in requirements.txt * [MC-380] Updated the existing unit test to use mock response * black validation failure fix Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> [MC-690][MC-728][MC-729][MC-730][MC-749] Code refactor and add new action in Subnet plugin (#1016) * [MC-690][MC-728][MC-729][MC-730][MC-749] Code refactor and add new action in Subnet plugin * [MC-690][MC-728][MC-729][MC-730][MC-749] Remove unnecessary f-string * Test * Remove init.py * [MC-690][MC-728][MC-729][MC-730][MC-749] Update help.md and requirements.txt * [MC-690][MC-728][MC-729][MC-730][MC-749] Remove trailing space * [MC-690][MC-728][MC-729][MC-730][MC-749] Update plugin spec Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <mike_rinehart@rapid7.com> Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> MC-742 - ElasticSearch - Bugfix - Routing Issue (#1014) * [MC-724] Corrected the `index_document` action. * [MC-724] Minor code improvements. * [MC-724] Search document routing fix. * [MC-724] Corrected `update_document` action + black formatting. * Added unit additional unit test for search_document with route * [MC-724] Make regenerate * [MC-724] Added `supported_versions` + make regenerate * [MC-742] Remove unused variables and add unit test with no routing. * [MC-742] Applied black formatting. Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Update README.md (#1023) * Update README.md * Update README.md Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> [SOAR-7134] update troubleshooting and requirements messaging for RBAC permissions (#1024) * update troubleshooting and requirements messaging for RBAC permissions * update get notifications troubleshooting info link * Update plugins/carbon_black_defense/help.md Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * consolidate api key requirements info * punctuation in troubleshooting section Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Update Python 3 Script documentation & install g++ (#1025) * Update documentation * Update help.md Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> SOAR-5837: Scrub Anomali API key from logger (#943) * Add a util to scrub API keys from URLs using regex. * Import logging to get_observables action, add formatter to logger Black format Update help.md and bump version number * Regenerate plugin. * Black format * Generate unit tests * Fix formatter import * caught exception * Only suppress ConnectionErrors, wrap censored original error in PluginException Replace logging formatter with simple util function * Black format * Regenerate plugin. * Add examples to plugin spec to satisfy validator, regenerate plugin * Abstract send request to Connection class for all actions, delete utils * Change example user to match example style guide * Update plugins/anomali_threatstream/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/anomali_threatstream/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/anomali_threatstream/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/anomali_threatstream/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/anomali_threatstream/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/anomali_threatstream/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * help.md validates with plugin spec * Raise plugin exception from None instead of additional Connection error * Change send() parameters signature and add plugin root init * Add connection test and API key suppression check * Black format * Add get observables unit test Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: Joey McAdams <jmcadams@rapid7.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: pmara-r7 <87435279+pmara-r7@users.noreply.github.com> SQL plugin change example in PORT input and update util.py file with Python3 (#1003) * [MC-706] SQL plugin change example in PORT input and update util.py file with Python3 * Implement Pylint fixes for dict.get() and catch Exception * Add version numbers to supported DB software * Regenerate checksum Co-authored-by: pmara-r7 <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> Co-authored-by: Maxim Berezin <maxim_berezin@rapid7.com> Xdr monitor incident events bug fix (#1026) * Add monitor alert task to palo alto xdr plugin * style * remove unused import * changed to minor version bumo since there arent any non-backward compatible changes * changed to get incidents endpoint, added inputs to the tasks * delete old get alerts task * remove unecessary code * remove alert sources parameter since the XDR api behaves very inconsistently when it is present * update checksum * Update help.md * Update help.md * simplify conditions as per code review comments, fix json list representation in plugin spec and docs file * incident bug fix * fix bug where None value fields could be returned in incidents * fix help.md, requirements section can only accept bullet points, move non-bullet points to setup section * Comment out unused tests * Add supported product versions Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <mike_rinehart@rapid7.com> [MC-676][MC-727] Update Domain Extractor in Extractit plugin (#1015) * [MC-676][MC-727] Update Domain Extractor in Extractit plugin * [MC-676][MC-727] Update requirements.txt * [MC-676][MC-727] Add comments in extractor.py * [MC-676][MC-727] Reformat * [MC-676][MC-727] Add comments in extractor.py and fix unit tests Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> Fix error messaging around invalid credentials (#1022) Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> [MC-492][MC-694][MC-491][MC-726] Add Get Blocked Hosts and Block Host actions to Cisco ASA (#994) * [MC-492][MC-694] Add Get Blocked Hosts action to Cisco ASA * [MC-492][MC-694] Add section for supported version * Scrub test example input * [MC-491][MC-726] Add Block Host action to Cisco ASA * [MC-492][MC-694][MC-491][MC-726] Update requirements.txt * [MC-492][MC-694][MC-491][MC-726] Add ignore comments * [MC-492][MC-694][MC-491][MC-726] Reformat Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Maxim Berezin <maxim_berezin@rapid7.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> IntSights plugin (#1009) * [MC-683] Init plugin | Add action Get Indicator by Value * IntSights new actions and trigger draft * [MC-717] Add action Get Indicator By Value * [MC-683][MC-673][MC-681][MC-682][MC-684][MC-686][MC-688][MC-687] Add new Plugin IntSights * [MC-717][MC-718][MC-719][MC-720][MC-721][MC-722][MC-723][MC-725] Update help.md * Revert: Add microsoft ATP Black reformat * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/icon_intsights/actions/takedown_request/action.py Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/icon_intsights/connection/connection.py Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/icon_intsights/util/api.py Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * [MC-683] Fix help * [MC-683] Fix help * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * [MC-683] Change plugin name to rapid7_intsights * [MC-683] Change plugin name to rapid7_intsights * [MC-683] Fix unit tests * [MC-683] Fix unit tests * [MC-683] Add clean to enrich_indicator output * [MC-683] Add clean to enrich_indicator output * Add icon * New graphics * Fix unit_test path while getting payload * Add cutom type * Regenerate plugin and Black format * Update help.md for validator * Update plugins/rapid7_intsights/help.md * [MC-683] Set some output to required false Co-authored-by: r7-kszczepanskagorna <kamila_szczepanska-gorna@rapid7.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <mike_rinehart@rapid7.com> Co-authored-by: Maxim Berezin <maxim_berezin@rapid7.com> [MC-740] Fix threatscore KeyError (#1031) * [MC-740] Fix threatscore KeyError * Update plugins/hybrid_analysis/help.md * used refactor to change hash to hash_ in 2 files Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: PJ Mara <pj_mara@rapid7.com> Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> Remove ISOLATE_MACHINE remediate option from Cybereason documentation (#1035) * Update docs to remove ISOLATE_MACHINE remediate option * Update changelog MC-301 & MC-809 - Cybereason - New Action - Delete Registry Key (#1028) * Make regenerate * Added delete registry key action. * Using example email address. * Action + black formatting. * Removed user email address and using an example one. * Added tests and example payloads. * Added example output and corrected the inputs * [MC-301] Added comment to get_machine_targets. * Update .CHECKSUM * Update checksum Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <mike_rinehart@rapid7.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> [MC-709][MC-810] Support extraction from binary files for all actions in Extractit plugin (#1030) * [MC-709] Support extraction from binary files for all actions * [MC-709][MC-810] Update extractor.py and unit tests * Replace manual file open/close with "with" context for Prospector validation * [MC-709][MC-810] Remove manual closing of file Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> Elasticsearch fix search action (#988) * MC-677 Fix search example input in help.md | Add exception message in search action * Regen and fix docs * Fix syntax in action.py * [MC-677] Fix search example input in help.md | Add exception message in search action * [MC-677] Fix search example input in help.md | Add exception message in search action * Black reformat * [MC-677] Fix help | Fix unit test | Add unit test to check wrong query input * [MC-677] Fix help | Fix unit test | Add unit test to check wrong query input * Update plugins/elasticsearch/komand_elasticsearch/actions/search_documents/action.py * Update plugins/elasticsearch/unit_test/test_search_documents.py * Update expected error string * Black format. Co-authored-by: Jon Schipp <30870727+jschipp-r7@users.noreply.github.com> Co-authored-by: Jon Schipp <jonschipp@gmail.com> Co-authored-by: Maxim Berezin <maxim_berezin@rapid7.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> [SOAR-7434] ipstack schema update (#1040) * updated komand to icon runtime * added time_zone fix * passing individual unit tests * fixed unit test bug * black reformat * fixed api url * added ignore pylint unused args because implementation is blank * increased version from 2->3 and reformat * fixing prospector Add support of ! character to the URL extraction (#1041) 1. Update Regex to support ! character to the URL extractor 2. Update plugin minor version 3. Add a test string to the Unit test set 4. Update help.md to include release details 5. Regenerate the plugin files JIRA: SOAR-7356 [MC-754][MC-838][MC-839][MC-840] PDF Reader plugin - Fix Extract Text action (#1038) * [MC-754] Fix Extract Text action * [MC-754] Update plugin spec * [MC-754][MC-838][MC-839][MC-840] Update Dockerfile and Extract Text action * [MC-754] Update Extract Text action * [MC-754][MC-838][MC-839][MC-840] Update error messaging in Extract Text action * Update plugins/pdf_reader/help.md Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Add new trigger in Rapid7 IntSights plugin (#1033) * [MC-683] Init plugin | Add action Get Indicator by Value * IntSights new actions and trigger draft * [MC-717] Add action Get Indicator By Value * [MC-683][MC-673][MC-681][MC-682][MC-684][MC-686][MC-688][MC-687] Add new Plugin IntSights * [MC-717][MC-718][MC-719][MC-720][MC-721][MC-722][MC-723][MC-725] Update help.md * Revert: Add microsoft ATP Black reformat * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/icon_intsights/actions/takedown_request/action.py Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/icon_intsights/connection/connection.py Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/icon_intsights/util/api.py Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * [MC-683] Fix help * [MC-683] Fix help * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * [MC-683] Change plugin name to rapid7_intsights * [MC-683] Change plugin name to rapid7_intsights * [MC-683] Fix unit tests * [MC-683] Fix unit tests * [MC-683] Add clean to enrich_indicator output * [MC-683] Add clean to enrich_indicator output * Add icon * New graphics * Fix unit_test path while getting payload * [MC-771][MC-808] plugin.spec and action code * Add cutom type * [MC-771][MC-808] Add unit tests * [MC-771][MC-808] Add unit tests * [MC-771][MC-808] Fix description * [MC-771][MC-808] Fix f-string in API * [MC-771][MC-808] Fix unit_test expecteds files * [MC-685][MC-724] Add new trigger New Alert with unittest * [MC-685][MC-724] Add new trigger New Alert with unittest * [MC-685][MC-724] Add new trigger New Alert with unittest * [MC-685][MC-724] Add new trigger New Alert with unittest * [MC-685][MC-724] black * [MC-685][MC-724] Add module to requirements * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> * [MC-771][MC-808] Add pagination to action get_cve_by_id * [MC-771][MC-808] Add pagination to action get_cve_by_id * [MC-771][MC-808] Black format * [MC-685] Add new case to unit tests, Change descriptions in plugin.spec * [MC-685] Black format * [MC-685] Add new case to unit tests, Change descriptions in plugin.spec * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * [MC-685] Fix query in get_cve * [MC-685] Fix query in get_cve * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * [MC-685] Fix validator issues * [MC-717] Fix score from integer to float * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/help.md Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * [MC-685] Fix input enum errors Co-authored-by: r7-kszczepanskagorna <kamila_szczepanska-gorna@rapid7.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <mike_rinehart@rapid7.com> Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> Fix plugin validator GH Action [MC-800] Improve error messaging in Palo Alto MineMeld plugin (#1046) (#1051) [MC-800] Update PaloAltoMineMeld to 1.0.1 with below: 1. Update unit tests 2. Update requirements. txt [MC-801] Fix Set Address Object action in Palo Alto PAN-OS plugin (#1047) (#1055) Co-authored-by: dsliwinski-r7 <73613193+dsliwinski-r7@users.noreply.github.com> Microsoftteams_3.1.5 (#1058) * [MC-772] Add `microsoft_teams` keyword * [MC-772] Fix unit tests * Update plugins/microsoft_teams/help.md [SOAR-7961] Configurable interval for devo (#1059) (#1065) * configurable interval * set interval default to 10 seconds [MC-751] - ServiceNow Get Attachments (#1054) Automox Plugin: Initial release of plugin with base management functionality (#1042) Cisco Umbrella Destinations Lists The below actions have been added: dGet dAdd dDelete dlGet dlGetAll dlPatch dlDelete dlCreate Updated acronyms in spec file Update plugins/cisco_umbrella_destinations/plugin.spec.yaml text fix to capitalize acronyms Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> Update plugins/cisco_umbrella_destinations/plugin.spec.yaml text fix to capitalize acronyms Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> Update plugins/cisco_umbrella_destinations/plugin.spec.yaml text fix to capitalize acronyms Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> Updated spec Changing org_id & dl_id to input Added basic PluginException error handling removed unitTests & greeting yaml Updated examples in spec file Added PluginException to api.py & removed from actions Removed unused imports Final api.py Updated api.py Fixed broken logger .. Commented out connection bug for now Change return to pass Fix prospector issue #1 Fix prospector issue #2 Validators fix attempt#1 Fix validators #2 Fix validators #3 Fix validators #4 Fix validators #5 Fix validators #6 Fix validators #7 Added black formatting Test black #1 Black formatting complete Moved orgID to connection input Black formatting #2 Fix prospector issue #3 -- Cisco Umbrella Destinations Lists The below actions have been added: dGet dAdd dDelete dlGet dlGetAll dlPatch dlDelete dlCreate Changing org_id & dl_id to input Added basic PluginException error handling removed unitTests & greeting yaml Updated examples in spec file Added PluginException to api.py & removed from actions Final api.py Updated api.py Fixed broken logger Commented out connection bug for now Change return to pass Validators fix attempt#1 Fix validators #2 Fix validators #3 Fix validators #4 Fix validators #5 Fix validators #6 Fix validators #7 Added black formatting Black formatting complete Moved orgID to connection input Cisco Umbrella Destinations Lists The below actions have been added: dGet dAdd dDelete dlGet dlGetAll dlPatch dlDelete dlCreate Changing org_id & dl_id to input Added basic PluginException error handling removed unitTests & greeting yaml Updated examples in spec file Added PluginException to api.py & removed from actions Final api.py Updated api.py Fixed broken logger Commented out connection bug for now Change return to pass Validators fix attempt#1 Fix validators #2 Fix validators #3 Fix validators #4 Fix validators #5 Fix validators #6 Fix validators #7 Added black formatting Black formatting complete Moved orgID to connection input Test Commit #1 Updated help.md & plugin spec Black formatting #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed Changes
Fix Argument passing for the login method for the API
Add try/catch in case of bad server response in search for exploit
Fixed JSON field references in trigger as the name had changed
Add integration test files for the future
[TODO] Updated plugin spec and help to be up to date
Description
Describe the proposed changes:
PR Requirements
Developers, verify you have completed the following items by checking them off:
Testing
Ran integration tests, output below in comments.
Unit Tests
Review our documentation on generating and writing plugin unit tests
In-Product Tests
If you are an InsightConnect customer or have access to an InsightConnect instance, the following in-product tests should be done:
Style
Review the style guide
USER nobodyin theDockerfilewhen possiblekomand/python-3-37-slim-pluginandkomand/python-3-37-pluginmake validatewhich callsmdlto linthelp.mdFunctional Checklist
tests/directory created withicon-plugin run -c sample $action > tests/$action.jsontests/$action_bad.jsonicon-plugin run -T tests/example.json --debug --jqicon-plugin run -T all --debug --jq(use PR format at end)icon-plugin run -R tests/example.json --debug --jqicon-plugin run -R all --debug --jq(use PR format at end)Assessment
You must validate your work to reviewers:
make validateand make sure everything passesicon-plugin run -A -R all -T all. For single action validation:icon-plugin run -A -R tests/my_action.json -T tests/my_action.jsonicon-plugin ... | pbcopy) and paste the output in a new post on this PR