[MC-492][MC-694][MC-491][MC-726] Add Get Blocked Hosts and Block Host actions to Cisco ASA by dsliwinski-r7 · Pull Request #994 · rapid7/insightconnect-plugins

dsliwinski-r7 · 2021-08-29T16:59:13Z

Proposed Changes

Description

Describe the proposed changes:

Add Get Blocked Hosts action to Cisco ASA
Add Block Host action to Cisco ASA
Add unit test for Get Blocked Hosts and Block Host actions

PR Requirements

Developers, verify you have completed the following items by checking them off:

Testing

Unit Tests

Review our documentation on generating and writing plugin unit tests

Unit tests written for any new or updated code

In-Product Tests

If you are an InsightConnect customer or have access to an InsightConnect instance, the following in-product tests should be done:

Screenshot of job output with the plugin changes
Screenshot of the changed connection, actions, or triggers input within the InsightConnect workflow builder

Style

Review the style guide

For dependencies, pin OS package and Python package versions
For security, set least privileged account with USER nobody in the Dockerfile when possible
For size, use the slim SDK images when possible: komand/python-3-37-slim-plugin and komand/python-3-37-plugin
For error handling, use of PluginException and ConnectionTestException
For logging, use self.logger
For docs, use changelog style
For docs, validate markdown with make validate which calls mdl to lint help.md

Functional Checklist

Work fully completed
Functional
- Any new actions/triggers include JSON test files in the tests/ directory created with icon-plugin run -c sample $action > tests/$action.json
- Tests should all pass unless it's a negative test. Negative tests have a naming convention of tests/$action_bad.json
- Unsuccessful tests should fail by raising an exception causing the plugin to die and an object should be returned on successful test
- Add functioning test results to PR, sanitize any output if necessary
  - Single action/trigger icon-plugin run -T tests/example.json --debug --jq
  - All actions/triggers shortcut icon-plugin run -T all --debug --jq (use PR format at end)
- Add functioning run results to PR, sanitize any output if necessary
  - Single action/trigger icon-plugin run -R tests/example.json --debug --jq
  - All actions/triggers shortcut icon-plugin run -R all --debug --jq (use PR format at end)

Assessment

Run

Details

{
  "body": {
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\n",
    "meta": {},
    "output": {
      "success": true
    },
    "status": "ok"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/block_host.json

Details

{
  "body": {
    "error": "An error occurred during plugin execution!\n\nSomething unexpected occurred. Check the logs and if the issue persists please contact support. Response was: {\"response\":[\"\\nshun 198.51.100.100 198.51.100.1010 443 443 tcp\\n                    ^\\nERROR: %!I(MISSING)nvalid Hostname\\n\"]}",
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\nAn error occurred during plugin execution!\n\nSomething unexpected occurred. Check the logs and if the issue persists please contact support. Response was: {\"response\":[\"\\nshun 198.51.100.100 198.51.100.1010 443 443 tcp\\n                    ^\\nERROR: %!I(MISSING)nvalid Hostname\\n\"]}\nTraceback (most recent call last):\n  File \"/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.2.0-py3.8.egg/insightconnect_plugin_runtime/plugin.py\", line 326, in handle_step\n    output = self.start_step(\n  File \"/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.2.0-py3.8.egg/insightconnect_plugin_runtime/plugin.py\", line 476, in start_step\n    output = func(params)\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/actions/block_host/action.py\", line 15, in run\n    Output.SUCCESS: self.connection.cisco_asa_api.block_host(\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/util/api.py\", line 99, in block_host\n    self.cli([f\"shun {source_ip} {destination_ip} {source_port} {destination_port} {protocol}\"])\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/util/api.py\", line 79, in cli\n    return self._call_api(\"POST\", \"cli\", json_data={\"commands\": commands})\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/util/api.py\", line 162, in _call_api\n    raise PluginException(preset=PluginException.Preset.UNKNOWN, data=response_data)\ninsightconnect_plugin_runtime.exceptions.PluginException: An error occurred during plugin execution!\n\nSomething unexpected occurred. Check the logs and if the issue persists please contact support. Response was: {\"response\":[\"\\nshun 198.51.100.100 198.51.100.1010 443 443 tcp\\n                    ^\\nERROR: %!I(MISSING)nvalid Hostname\\n\"]}\n",
    "meta": {},
    "status": "error"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/block_host_invalid_dest_ip_bad.json

Details

{
  "body": {
    "error": "An error occurred during plugin execution!\n\nSomething unexpected occurred. Check the logs and if the issue persists please contact support. Response was: {\"response\":[\"\\nshun 198.51.100.1000 198.51.100.101 443 443 tcp\\n     ^\\nERROR: %!I(MISSING)nvalid Hostname\\n\"]}",
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\nAn error occurred during plugin execution!\n\nSomething unexpected occurred. Check the logs and if the issue persists please contact support. Response was: {\"response\":[\"\\nshun 198.51.100.1000 198.51.100.101 443 443 tcp\\n     ^\\nERROR: %!I(MISSING)nvalid Hostname\\n\"]}\nTraceback (most recent call last):\n  File \"/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.2.0-py3.8.egg/insightconnect_plugin_runtime/plugin.py\", line 326, in handle_step\n    output = self.start_step(\n  File \"/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.2.0-py3.8.egg/insightconnect_plugin_runtime/plugin.py\", line 476, in start_step\n    output = func(params)\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/actions/block_host/action.py\", line 15, in run\n    Output.SUCCESS: self.connection.cisco_asa_api.block_host(\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/util/api.py\", line 99, in block_host\n    self.cli([f\"shun {source_ip} {destination_ip} {source_port} {destination_port} {protocol}\"])\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/util/api.py\", line 79, in cli\n    return self._call_api(\"POST\", \"cli\", json_data={\"commands\": commands})\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/util/api.py\", line 162, in _call_api\n    raise PluginException(preset=PluginException.Preset.UNKNOWN, data=response_data)\ninsightconnect_plugin_runtime.exceptions.PluginException: An error occurred during plugin execution!\n\nSomething unexpected occurred. Check the logs and if the issue persists please contact support. Response was: {\"response\":[\"\\nshun 198.51.100.1000 198.51.100.101 443 443 tcp\\n     ^\\nERROR: %!I(MISSING)nvalid Hostname\\n\"]}\n",
    "meta": {},
    "status": "error"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/block_host_invalid_ip_bad.json

Details

{
  "body": {
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\n",
    "meta": {},
    "output": {
      "success": true
    },
    "status": "ok"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/block_host_only_source_ip.json

Details

{
  "body": {
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\n",
    "meta": {},
    "output": {
      "success": true
    },
    "status": "ok"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/block_host_without_dest_ip.json

Details

{
  "body": {
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\n",
    "meta": {},
    "output": {
      "success": true
    },
    "status": "ok"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/block_host_without_ports.json

Details

{
  "body": {
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\n",
    "meta": {},
    "output": {
      "success": true
    },
    "status": "ok"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/block_host_without_protocol.json

Details

{
  "body": {
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: get_blocked_hosts\n",
    "meta": {},
    "output": {
      "hosts": [
        {
          "dest_ip": "198.51.100.101",
          "dest_port": "443",
          "protocol": "0",
          "source_ip": "198.51.100.100",
          "source_port": "443"
        }
      ]
    },
    "status": "ok"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/get_blocked_hosts.json

Details

{
  "body": {
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\n",
    "meta": {},
    "output": {
      "success": true
    },
    "status": "ok"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/unblock_host.json

Details

{
  "body": {
    "error": "An error occurred during plugin execution!\n\nSomething unexpected occurred. Check the logs and if the issue persists please contact support. Response was: {\"response\":[\"\\nno shun 198.51.100.1001\\n        ^\\nERROR: %!I(MISSING)nvalid Hostname\\n\"]}",
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\nAn error occurred during plugin execution!\n\nSomething unexpected occurred. Check the logs and if the issue persists please contact support. Response was: {\"response\":[\"\\nno shun 198.51.100.1001\\n        ^\\nERROR: %!I(MISSING)nvalid Hostname\\n\"]}\nTraceback (most recent call last):\n  File \"/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.2.0-py3.8.egg/insightconnect_plugin_runtime/plugin.py\", line 326, in handle_step\n    output = self.start_step(\n  File \"/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.2.0-py3.8.egg/insightconnect_plugin_runtime/plugin.py\", line 476, in start_step\n    output = func(params)\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/actions/block_host/action.py\", line 15, in run\n    Output.SUCCESS: self.connection.cisco_asa_api.block_host(\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/util/api.py\", line 101, in block_host\n    self.cli([f\"no shun {source_ip}\"])\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/util/api.py\", line 79, in cli\n    return self._call_api(\"POST\", \"cli\", json_data={\"commands\": commands})\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/util/api.py\", line 162, in _call_api\n    raise PluginException(preset=PluginException.Preset.UNKNOWN, data=response_data)\ninsightconnect_plugin_runtime.exceptions.PluginException: An error occurred during plugin execution!\n\nSomething unexpected occurred. Check the logs and if the issue persists please contact support. Response was: {\"response\":[\"\\nno shun 198.51.100.1001\\n        ^\\nERROR: %!I(MISSING)nvalid Hostname\\n\"]}\n",
    "meta": {},
    "status": "error"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/unblock_host_invalid_ip_bad.json

Details

[*] Validating plugin with all validators at .

[*] Running Integration Validators...
[*] Executing validator HelpValidator
[*] Executing validator ChangelogValidator
[*] Executing validator CloudReadyConnectionCredentialTokenValidator
[*] Executing validator RequiredKeysValidator
[*] Executing validator UseCaseValidator
[*] Executing validator SpecPropertiesValidator
[*] Executing validator SpecVersionValidator
[*] Executing validator FilesValidator
[*] Executing validator TagValidator
[*] Executing validator DescriptionValidator
[*] Executing validator TitleValidator
[*] Executing validator VendorValidator
[*] Executing validator DefaultValueValidator
[*] Executing validator IconValidator
[*] Executing validator RequiredValidator
[*] Executing validator VersionValidator
[*] Executing validator DockerfileParentValidator
[*] Executing validator ProfanityValidator
[*] Executing validator AcronymValidator
[*] Executing validator JSONValidator
[*] Executing validator OutputValidator
[*] Executing validator RegenerationValidator
[*] Executing validator HelpInputOutputValidator
[*] Executing validator SupportValidator
[*] Executing validator RuntimeValidator
[*] Executing validator VersionPinValidator
[*] Executing validator EncodingValidator
[*] Executing validator ExampleInputValidator
[*] Executing validator CloudReadyValidator
[*] Executing validator SupportedVersionValidator
[*] Executing validator UnapprovedKeywordsValidator
[*] Executing validator HelpExampleValidator
[*] Executing validator ExceptionValidator
[*] Executing validator CredentialsValidator
[*] Executing validator PasswordValidator
[*] Executing validator PrintValidator
[*] Executing validator ConfidentialValidator
[*] Executing validator DockerValidator
[*] Executing validator URLValidator
WARNING: URLs found that return a 4xx code. Verify they are publicly accessible and if not, update with a working URL.
violation: help.md[316]: https://example.com:443/api/objects/networkobjects/ASA_Demo_NObj_00
[*] Plugin failed validation! The following validation errors occurred:

Validator "TitleValidator" failed! 
	Cause: ("actions key 'check_if_address_object_in_group' error.", ValidationException('English articles and conjunctions should be lowercase when in the middle of the sentence: "a", "an", "as", "also", "and", "of", "the", "but", "from", "when", "in", "out", "if", "than", "where", "when", "while", "that", "by", "with", "to", "so", "for", "or", "nor", "by", "then", "after", "before", "is", "on", "at"'))


----
[*] Total time elapsed: 31616.931999999997ms

icon-validate --all .

Details

[*] Use ``make menu`` for available targets
[*] Including available Makefiles: ../../tools/Makefiles/Helpers.mk ../../tools/Makefiles/Colors.mk
--
[*] Running validators
[*] Validating plugin at .

[*] Running Integration Validators...
[*] Executing validator HelpValidator
[*] Executing validator ChangelogValidator
[*] Executing validator CloudReadyConnectionCredentialTokenValidator
[*] Executing validator RequiredKeysValidator
[*] Executing validator UseCaseValidator
[*] Executing validator SpecPropertiesValidator
[*] Executing validator SpecVersionValidator
[*] Executing validator FilesValidator
[*] Executing validator TagValidator
[*] Executing validator DescriptionValidator
[*] Executing validator TitleValidator
[*] Executing validator VendorValidator
[*] Executing validator DefaultValueValidator
[*] Executing validator IconValidator
[*] Executing validator RequiredValidator
[*] Executing validator VersionValidator
[*] Executing validator DockerfileParentValidator
[*] Executing validator ProfanityValidator
[*] Executing validator AcronymValidator
[*] Executing validator JSONValidator
[*] Executing validator OutputValidator
[*] Executing validator RegenerationValidator
[*] Executing validator HelpInputOutputValidator
[*] Executing validator SupportValidator
[*] Executing validator RuntimeValidator
[*] Executing validator VersionPinValidator
[*] Executing validator EncodingValidator
[*] Executing validator ExampleInputValidator
[*] Executing validator CloudReadyValidator
[*] Executing validator SupportedVersionValidator
[*] Executing validator UnapprovedKeywordsValidator
[*] Executing validator HelpExampleValidator
[*] Plugin failed validation! The following validation errors occurred:

Validator "TitleValidator" failed! 
	Cause: ("actions key 'check_if_address_object_in_group' error.", ValidationException('English articles and conjunctions should be lowercase when in the middle of the sentence: "a", "an", "as", "also", "and", "of", "the", "but", "from", "when", "in", "out", "if", "than", "where", "when", "while", "that", "by", "with", "to", "so", "for", "or", "nor", "by", "then", "after", "before", "is", "on", "at"'))


----
[*] Total time elapsed: 3482.163ms

make validate

Test

Autogenerate with:

Details

{
  "body": {
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\n",
    "meta": {},
    "output": {
      "success": true
    },
    "status": "ok"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug test < tests/block_host.json

plugins/cisco_asa/icon_cisco_asa/util/api.py

plugins/cisco_asa/plugin.spec.yaml

…gins into MC-492_MC-694_Add_Get_Blocked_Hosts_action_to_Cisco_ASA

…_to_Cisco_ASA

…gins into MC-492_MC-694_Add_Get_Blocked_Hosts_action_to_Cisco_ASA

dsliwinski-r7 · 2021-09-28T13:56:59Z

@mrinehart-r7 @mberezin-r7 @jrose-r7 Hi! I added a new action Block Host to this PR.

Assessment

Run

Details

{
  "body": {
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\n",
    "meta": {},
    "output": {
      "success": true
    },
    "status": "ok"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/block_host.json

Details

{
  "body": {
    "error": "An error occurred during plugin execution!\n\nSomething unexpected occurred. Check the logs and if the issue persists please contact support. Response was: {\"response\":[\"\\nshun 198.51.100.100 198.51.100.1010 443 443 tcp\\n                    ^\\nERROR: %!I(MISSING)nvalid Hostname\\n\"]}",
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\nAn error occurred during plugin execution!\n\nSomething unexpected occurred. Check the logs and if the issue persists please contact support. Response was: {\"response\":[\"\\nshun 198.51.100.100 198.51.100.1010 443 443 tcp\\n                    ^\\nERROR: %!I(MISSING)nvalid Hostname\\n\"]}\nTraceback (most recent call last):\n  File \"/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.2.0-py3.8.egg/insightconnect_plugin_runtime/plugin.py\", line 326, in handle_step\n    output = self.start_step(\n  File \"/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.2.0-py3.8.egg/insightconnect_plugin_runtime/plugin.py\", line 476, in start_step\n    output = func(params)\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/actions/block_host/action.py\", line 15, in run\n    Output.SUCCESS: self.connection.cisco_asa_api.block_host(\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/util/api.py\", line 99, in block_host\n    self.cli([f\"shun {source_ip} {destination_ip} {source_port} {destination_port} {protocol}\"])\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/util/api.py\", line 79, in cli\n    return self._call_api(\"POST\", \"cli\", json_data={\"commands\": commands})\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/util/api.py\", line 162, in _call_api\n    raise PluginException(preset=PluginException.Preset.UNKNOWN, data=response_data)\ninsightconnect_plugin_runtime.exceptions.PluginException: An error occurred during plugin execution!\n\nSomething unexpected occurred. Check the logs and if the issue persists please contact support. Response was: {\"response\":[\"\\nshun 198.51.100.100 198.51.100.1010 443 443 tcp\\n                    ^\\nERROR: %!I(MISSING)nvalid Hostname\\n\"]}\n",
    "meta": {},
    "status": "error"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/block_host_invalid_dest_ip_bad.json

Details

{
  "body": {
    "error": "An error occurred during plugin execution!\n\nSomething unexpected occurred. Check the logs and if the issue persists please contact support. Response was: {\"response\":[\"\\nshun 198.51.100.1000 198.51.100.101 443 443 tcp\\n     ^\\nERROR: %!I(MISSING)nvalid Hostname\\n\"]}",
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\nAn error occurred during plugin execution!\n\nSomething unexpected occurred. Check the logs and if the issue persists please contact support. Response was: {\"response\":[\"\\nshun 198.51.100.1000 198.51.100.101 443 443 tcp\\n     ^\\nERROR: %!I(MISSING)nvalid Hostname\\n\"]}\nTraceback (most recent call last):\n  File \"/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.2.0-py3.8.egg/insightconnect_plugin_runtime/plugin.py\", line 326, in handle_step\n    output = self.start_step(\n  File \"/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.2.0-py3.8.egg/insightconnect_plugin_runtime/plugin.py\", line 476, in start_step\n    output = func(params)\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/actions/block_host/action.py\", line 15, in run\n    Output.SUCCESS: self.connection.cisco_asa_api.block_host(\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/util/api.py\", line 99, in block_host\n    self.cli([f\"shun {source_ip} {destination_ip} {source_port} {destination_port} {protocol}\"])\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/util/api.py\", line 79, in cli\n    return self._call_api(\"POST\", \"cli\", json_data={\"commands\": commands})\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/util/api.py\", line 162, in _call_api\n    raise PluginException(preset=PluginException.Preset.UNKNOWN, data=response_data)\ninsightconnect_plugin_runtime.exceptions.PluginException: An error occurred during plugin execution!\n\nSomething unexpected occurred. Check the logs and if the issue persists please contact support. Response was: {\"response\":[\"\\nshun 198.51.100.1000 198.51.100.101 443 443 tcp\\n     ^\\nERROR: %!I(MISSING)nvalid Hostname\\n\"]}\n",
    "meta": {},
    "status": "error"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/block_host_invalid_ip_bad.json

Details

{
  "body": {
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\n",
    "meta": {},
    "output": {
      "success": true
    },
    "status": "ok"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/block_host_only_source_ip.json

Details

{
  "body": {
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\n",
    "meta": {},
    "output": {
      "success": true
    },
    "status": "ok"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/block_host_without_dest_ip.json

Details

{
  "body": {
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\n",
    "meta": {},
    "output": {
      "success": true
    },
    "status": "ok"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/block_host_without_ports.json

Details

{
  "body": {
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\n",
    "meta": {},
    "output": {
      "success": true
    },
    "status": "ok"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/block_host_without_protocol.json

Details

{
  "body": {
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: get_blocked_hosts\n",
    "meta": {},
    "output": {
      "hosts": [
        {
          "dest_ip": "198.51.100.101",
          "dest_port": "443",
          "protocol": "0",
          "source_ip": "198.51.100.100",
          "source_port": "443"
        }
      ]
    },
    "status": "ok"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/get_blocked_hosts.json

Details

{
  "body": {
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\n",
    "meta": {},
    "output": {
      "success": true
    },
    "status": "ok"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/unblock_host.json

Details

{
  "body": {
    "error": "An error occurred during plugin execution!\n\nSomething unexpected occurred. Check the logs and if the issue persists please contact support. Response was: {\"response\":[\"\\nno shun 198.51.100.1001\\n        ^\\nERROR: %!I(MISSING)nvalid Hostname\\n\"]}",
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\nAn error occurred during plugin execution!\n\nSomething unexpected occurred. Check the logs and if the issue persists please contact support. Response was: {\"response\":[\"\\nno shun 198.51.100.1001\\n        ^\\nERROR: %!I(MISSING)nvalid Hostname\\n\"]}\nTraceback (most recent call last):\n  File \"/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.2.0-py3.8.egg/insightconnect_plugin_runtime/plugin.py\", line 326, in handle_step\n    output = self.start_step(\n  File \"/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.2.0-py3.8.egg/insightconnect_plugin_runtime/plugin.py\", line 476, in start_step\n    output = func(params)\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/actions/block_host/action.py\", line 15, in run\n    Output.SUCCESS: self.connection.cisco_asa_api.block_host(\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/util/api.py\", line 101, in block_host\n    self.cli([f\"no shun {source_ip}\"])\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/util/api.py\", line 79, in cli\n    return self._call_api(\"POST\", \"cli\", json_data={\"commands\": commands})\n  File \"/usr/local/lib/python3.8/site-packages/cisco_asa_rapid7_plugin-1.5.0-py3.8.egg/icon_cisco_asa/util/api.py\", line 162, in _call_api\n    raise PluginException(preset=PluginException.Preset.UNKNOWN, data=response_data)\ninsightconnect_plugin_runtime.exceptions.PluginException: An error occurred during plugin execution!\n\nSomething unexpected occurred. Check the logs and if the issue persists please contact support. Response was: {\"response\":[\"\\nno shun 198.51.100.1001\\n        ^\\nERROR: %!I(MISSING)nvalid Hostname\\n\"]}\n",
    "meta": {},
    "status": "error"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug run < tests/unblock_host_invalid_ip_bad.json

Details

[*] Validating plugin with all validators at .

[*] Running Integration Validators...
[*] Executing validator HelpValidator
[*] Executing validator ChangelogValidator
[*] Executing validator CloudReadyConnectionCredentialTokenValidator
[*] Executing validator RequiredKeysValidator
[*] Executing validator UseCaseValidator
[*] Executing validator SpecPropertiesValidator
[*] Executing validator SpecVersionValidator
[*] Executing validator FilesValidator
[*] Executing validator TagValidator
[*] Executing validator DescriptionValidator
[*] Executing validator TitleValidator
[*] Executing validator VendorValidator
[*] Executing validator DefaultValueValidator
[*] Executing validator IconValidator
[*] Executing validator RequiredValidator
[*] Executing validator VersionValidator
[*] Executing validator DockerfileParentValidator
[*] Executing validator ProfanityValidator
[*] Executing validator AcronymValidator
[*] Executing validator JSONValidator
[*] Executing validator OutputValidator
[*] Executing validator RegenerationValidator
[*] Executing validator HelpInputOutputValidator
[*] Executing validator SupportValidator
[*] Executing validator RuntimeValidator
[*] Executing validator VersionPinValidator
[*] Executing validator EncodingValidator
[*] Executing validator ExampleInputValidator
[*] Executing validator CloudReadyValidator
[*] Executing validator SupportedVersionValidator
[*] Executing validator UnapprovedKeywordsValidator
[*] Executing validator HelpExampleValidator
[*] Executing validator ExceptionValidator
[*] Executing validator CredentialsValidator
[*] Executing validator PasswordValidator
[*] Executing validator PrintValidator
[*] Executing validator ConfidentialValidator
[*] Executing validator DockerValidator
[*] Executing validator URLValidator
WARNING: URLs found that return a 4xx code. Verify they are publicly accessible and if not, update with a working URL.
violation: help.md[316]: https://example.com:443/api/objects/networkobjects/ASA_Demo_NObj_00
[*] Plugin failed validation! The following validation errors occurred:

Validator "TitleValidator" failed! 
	Cause: ("actions key 'check_if_address_object_in_group' error.", ValidationException('English articles and conjunctions should be lowercase when in the middle of the sentence: "a", "an", "as", "also", "and", "of", "the", "but", "from", "when", "in", "out", "if", "than", "where", "when", "while", "that", "by", "with", "to", "so", "for", "or", "nor", "by", "then", "after", "before", "is", "on", "at"'))


----
[*] Total time elapsed: 31616.931999999997ms

icon-validate --all .

Details

[*] Use ``make menu`` for available targets
[*] Including available Makefiles: ../../tools/Makefiles/Helpers.mk ../../tools/Makefiles/Colors.mk
--
[*] Running validators
[*] Validating plugin at .

[*] Running Integration Validators...
[*] Executing validator HelpValidator
[*] Executing validator ChangelogValidator
[*] Executing validator CloudReadyConnectionCredentialTokenValidator
[*] Executing validator RequiredKeysValidator
[*] Executing validator UseCaseValidator
[*] Executing validator SpecPropertiesValidator
[*] Executing validator SpecVersionValidator
[*] Executing validator FilesValidator
[*] Executing validator TagValidator
[*] Executing validator DescriptionValidator
[*] Executing validator TitleValidator
[*] Executing validator VendorValidator
[*] Executing validator DefaultValueValidator
[*] Executing validator IconValidator
[*] Executing validator RequiredValidator
[*] Executing validator VersionValidator
[*] Executing validator DockerfileParentValidator
[*] Executing validator ProfanityValidator
[*] Executing validator AcronymValidator
[*] Executing validator JSONValidator
[*] Executing validator OutputValidator
[*] Executing validator RegenerationValidator
[*] Executing validator HelpInputOutputValidator
[*] Executing validator SupportValidator
[*] Executing validator RuntimeValidator
[*] Executing validator VersionPinValidator
[*] Executing validator EncodingValidator
[*] Executing validator ExampleInputValidator
[*] Executing validator CloudReadyValidator
[*] Executing validator SupportedVersionValidator
[*] Executing validator UnapprovedKeywordsValidator
[*] Executing validator HelpExampleValidator
[*] Plugin failed validation! The following validation errors occurred:

Validator "TitleValidator" failed! 
	Cause: ("actions key 'check_if_address_object_in_group' error.", ValidationException('English articles and conjunctions should be lowercase when in the middle of the sentence: "a", "an", "as", "also", "and", "of", "the", "but", "from", "when", "in", "out", "if", "than", "where", "when", "while", "that", "by", "with", "to", "so", "for", "or", "nor", "by", "then", "after", "before", "is", "on", "at"'))


----
[*] Total time elapsed: 3482.163ms

make validate

Test

Autogenerate with:

Details

{
  "body": {
    "log": "Connect: Connecting...\nrapid7/Cisco Adaptive Security Appliance:1.5.0. Step name: block_host\n",
    "meta": {},
    "output": {
      "success": true
    },
    "status": "ok"
  },
  "type": "action_event",
  "version": "v1"
}

docker run --rm -i rapid7/cisco_asa:1.5.0 --debug test < tests/block_host.json

…_to_Cisco_ASA

pmara-r7 · 2021-10-12T18:13:50Z

Just read through the validation issues.
For the title validation issue, its an easy fix but would require increasing a major version instead of a minor version (not fun for customers).
A bunch of the prospector ones are annoying as well, to summarize:

a boolean 'if' expression has 6 predicates (if a and b and c and d ... with 6 letters)
unhappy with the constant '0.0.0.0', but afaict, we want to use that here...?
we don't use the params arg in the 'get_blocked_hosts' action because the only thing needed for that is connections, not further input.
doesn't like if response.status_code == 201 ... and would prefer if 201 in response.status_code

pmara-r7 · 2021-10-12T18:14:46Z

@mrinehart-r7 which of the above need fixing?

mrinehart-r7 · 2021-10-14T19:07:28Z

Just read through the validation issues. For the title validation issue, its an easy fix but would require increasing a major version instead of a minor version (not fun for customers). A bunch of the prospector ones are annoying as well, to summarize:

a boolean 'if' expression has 6 predicates (if a and b and c and d ... with 6 letters) ignore

unhappy with the constant '0.0.0.0', but afaict, we want to use that here...? ignore

we don't use the params arg in the 'get_blocked_hosts' action because the only thing needed for that is connections, not further input. ignore

doesn't like if response.status_code == 201 ... and would prefer if 201 in response.status_code ignore

We can ignore all of those - @dsliwinski-r7 can you add ignore comments to those lines to tell prospector to ignore those issues?

…_to_Cisco_ASA

…gins into MC-492_MC-694_Add_Get_Blocked_Hosts_action_to_Cisco_ASA

…_to_Cisco_ASA

pmara-r7

Fixing the validator would require a increasing the major version, something that would cause more headache for the end user than what it is worth

* tried to implement fix- pending new library upload to test properly: * initial fix commit. Lots in here, sorry about that * fixed up trigger to make it functional * black formatting * ready to merge except for help.md * added comments, supported versions, manually fixed up help.md * regen with supported versions * fixing some validation issues * fixed prospector errors, down to regen issues now * fixed param issue in search for exploit * fixed prospector msg * removed another entry from checksum * added type hints * ran black formatting * reformatting pt 2 Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> [SOAR-7005] Update Teams Plugin with Troubleshooting from Discuss (#1021) * add troubleshoot message about teams to help.md * attempt fixing input violations in help.md * Update plugins/microsoft_teams/help.md with correct troubleshooting message Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/microsoft_teams/help.md taking out unnec brackets Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * revert help.md dictionaries * fix plugins/microsoft_teams/help.md dictionary Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Jira: Fix bug in "Get Comments", failing normalize_user in Jira Cloud (#991) * Add pass-thru is_cloud for normalize_user The action for Get Comments never relays the state of the endpoint as on-premise or cloud, but requires this state to return successfully. By using the same process as is present in other actions, passing of the client is_cloud boolean through the normalize_comment function and on to the normalize_user function with a default value of False. * Fix bug normalize_comment not receiving connection.is_cloud With the action Get Comments, normalize_comment calls upon the function normalize_user. This dependent function requires knowledge of the state of is_cloud from the client connection. This change passes the connection.is_cloud state into normalize_comment. * bump version * Updated version minor as previous Get Comments action only worked with Jira Server. Now works with both Server and Cloud. * updated checksum with icon-plugin tool * Update help.md * Regenerate checksum. * Add missing newline to help.md. Passing local validation. Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: pmara-r7 <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: Maxim Berezin <maxim_berezin@rapid7.com> SOAR-7007: Fix Get Alerts Trigger in Microsoft ATP (#1017) * Regen * Add changelog * fix missed fixes * Fix Prospector warnings * Add timeout-decorator * Comment out test placeholders * Blacken * Lint jira Co-authored-by: Elijah Martin-Merrill <elijah_martin-merrill@rapid7.com> Co-authored-by: Maxim Berezin <maxim_berezin@rapid7.com> Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> [MC-615][MC-664][MC-665] Add new actions in Google Drive plugin (#993) * [MC-615][MC-664][MC-665] Add new actions in Google Drive plugin * [MC-615][MC-664][MC-665] Reformat test_move_file.py * Update plugins/google_drive/plugin.spec.yaml Change Move File action description Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> * Update help.md. * Update checksum * [MC-615][MC-664][MC-665] Update Create File in Folder action * Update input examples for connection in help.md * [MC-708][MC-731][MC-732] Update Python version and code refactoring in Google Drive plugin * [MC-708][MC-731][MC-732] Update requirements.txt and help.md Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> Co-authored-by: Maxim Berezin <maxim_berezin@rapid7.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: pmara-r7 <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> MC-380 - PaloAlto Wildfire - Connection Test (#1019) * [MC-380] Added connection test * [MC-380] Make regenerate * [MC-380] Added `supported_versions` and removed unsupported keyworks. * [MC-380] Resolve the issue with importing plugin + make regenerate. * Version pin in requirements.txt * [MC-380] Updated the existing unit test to use mock response * black validation failure fix Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> [MC-690][MC-728][MC-729][MC-730][MC-749] Code refactor and add new action in Subnet plugin (#1016) * [MC-690][MC-728][MC-729][MC-730][MC-749] Code refactor and add new action in Subnet plugin * [MC-690][MC-728][MC-729][MC-730][MC-749] Remove unnecessary f-string * Test * Remove init.py * [MC-690][MC-728][MC-729][MC-730][MC-749] Update help.md and requirements.txt * [MC-690][MC-728][MC-729][MC-730][MC-749] Remove trailing space * [MC-690][MC-728][MC-729][MC-730][MC-749] Update plugin spec Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <mike_rinehart@rapid7.com> Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> MC-742 - ElasticSearch - Bugfix - Routing Issue (#1014) * [MC-724] Corrected the `index_document` action. * [MC-724] Minor code improvements. * [MC-724] Search document routing fix. * [MC-724] Corrected `update_document` action + black formatting. * Added unit additional unit test for search_document with route * [MC-724] Make regenerate * [MC-724] Added `supported_versions` + make regenerate * [MC-742] Remove unused variables and add unit test with no routing. * [MC-742] Applied black formatting. Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Update README.md (#1023) * Update README.md * Update README.md Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> [SOAR-7134] update troubleshooting and requirements messaging for RBAC permissions (#1024) * update troubleshooting and requirements messaging for RBAC permissions * update get notifications troubleshooting info link * Update plugins/carbon_black_defense/help.md Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * consolidate api key requirements info * punctuation in troubleshooting section Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Update Python 3 Script documentation & install g++ (#1025) * Update documentation * Update help.md Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> SOAR-5837: Scrub Anomali API key from logger (#943) * Add a util to scrub API keys from URLs using regex. * Import logging to get_observables action, add formatter to logger Black format Update help.md and bump version number * Regenerate plugin. * Black format * Generate unit tests * Fix formatter import * caught exception * Only suppress ConnectionErrors, wrap censored original error in PluginException Replace logging formatter with simple util function * Black format * Regenerate plugin. * Add examples to plugin spec to satisfy validator, regenerate plugin * Abstract send request to Connection class for all actions, delete utils * Change example user to match example style guide * Update plugins/anomali_threatstream/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/anomali_threatstream/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/anomali_threatstream/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/anomali_threatstream/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/anomali_threatstream/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/anomali_threatstream/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * help.md validates with plugin spec * Raise plugin exception from None instead of additional Connection error * Change send() parameters signature and add plugin root init * Add connection test and API key suppression check * Black format * Add get observables unit test Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: Joey McAdams <jmcadams@rapid7.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: pmara-r7 <87435279+pmara-r7@users.noreply.github.com> SQL plugin change example in PORT input and update util.py file with Python3 (#1003) * [MC-706] SQL plugin change example in PORT input and update util.py file with Python3 * Implement Pylint fixes for dict.get() and catch Exception * Add version numbers to supported DB software * Regenerate checksum Co-authored-by: pmara-r7 <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> Co-authored-by: Maxim Berezin <maxim_berezin@rapid7.com> Xdr monitor incident events bug fix (#1026) * Add monitor alert task to palo alto xdr plugin * style * remove unused import * changed to minor version bumo since there arent any non-backward compatible changes * changed to get incidents endpoint, added inputs to the tasks * delete old get alerts task * remove unecessary code * remove alert sources parameter since the XDR api behaves very inconsistently when it is present * update checksum * Update help.md * Update help.md * simplify conditions as per code review comments, fix json list representation in plugin spec and docs file * incident bug fix * fix bug where None value fields could be returned in incidents * fix help.md, requirements section can only accept bullet points, move non-bullet points to setup section * Comment out unused tests * Add supported product versions Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <mike_rinehart@rapid7.com> [MC-676][MC-727] Update Domain Extractor in Extractit plugin (#1015) * [MC-676][MC-727] Update Domain Extractor in Extractit plugin * [MC-676][MC-727] Update requirements.txt * [MC-676][MC-727] Add comments in extractor.py * [MC-676][MC-727] Reformat * [MC-676][MC-727] Add comments in extractor.py and fix unit tests Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> Fix error messaging around invalid credentials (#1022) Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> [MC-492][MC-694][MC-491][MC-726] Add Get Blocked Hosts and Block Host actions to Cisco ASA (#994) * [MC-492][MC-694] Add Get Blocked Hosts action to Cisco ASA * [MC-492][MC-694] Add section for supported version * Scrub test example input * [MC-491][MC-726] Add Block Host action to Cisco ASA * [MC-492][MC-694][MC-491][MC-726] Update requirements.txt * [MC-492][MC-694][MC-491][MC-726] Add ignore comments * [MC-492][MC-694][MC-491][MC-726] Reformat Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Maxim Berezin <maxim_berezin@rapid7.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> IntSights plugin (#1009) * [MC-683] Init plugin | Add action Get Indicator by Value * IntSights new actions and trigger draft * [MC-717] Add action Get Indicator By Value * [MC-683][MC-673][MC-681][MC-682][MC-684][MC-686][MC-688][MC-687] Add new Plugin IntSights * [MC-717][MC-718][MC-719][MC-720][MC-721][MC-722][MC-723][MC-725] Update help.md * Revert: Add microsoft ATP Black reformat * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/icon_intsights/actions/takedown_request/action.py Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/icon_intsights/connection/connection.py Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/icon_intsights/util/api.py Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * [MC-683] Fix help * [MC-683] Fix help * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * [MC-683] Change plugin name to rapid7_intsights * [MC-683] Change plugin name to rapid7_intsights * [MC-683] Fix unit tests * [MC-683] Fix unit tests * [MC-683] Add clean to enrich_indicator output * [MC-683] Add clean to enrich_indicator output * Add icon * New graphics * Fix unit_test path while getting payload * Add cutom type * Regenerate plugin and Black format * Update help.md for validator * Update plugins/rapid7_intsights/help.md * [MC-683] Set some output to required false Co-authored-by: r7-kszczepanskagorna <kamila_szczepanska-gorna@rapid7.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <mike_rinehart@rapid7.com> Co-authored-by: Maxim Berezin <maxim_berezin@rapid7.com> [MC-740] Fix threatscore KeyError (#1031) * [MC-740] Fix threatscore KeyError * Update plugins/hybrid_analysis/help.md * used refactor to change hash to hash_ in 2 files Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: PJ Mara <pj_mara@rapid7.com> Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> Remove ISOLATE_MACHINE remediate option from Cybereason documentation (#1035) * Update docs to remove ISOLATE_MACHINE remediate option * Update changelog MC-301 & MC-809 - Cybereason - New Action - Delete Registry Key (#1028) * Make regenerate * Added delete registry key action. * Using example email address. * Action + black formatting. * Removed user email address and using an example one. * Added tests and example payloads. * Added example output and corrected the inputs * [MC-301] Added comment to get_machine_targets. * Update .CHECKSUM * Update checksum Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <mike_rinehart@rapid7.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> [MC-709][MC-810] Support extraction from binary files for all actions in Extractit plugin (#1030) * [MC-709] Support extraction from binary files for all actions * [MC-709][MC-810] Update extractor.py and unit tests * Replace manual file open/close with "with" context for Prospector validation * [MC-709][MC-810] Remove manual closing of file Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> Elasticsearch fix search action (#988) * MC-677 Fix search example input in help.md | Add exception message in search action * Regen and fix docs * Fix syntax in action.py * [MC-677] Fix search example input in help.md | Add exception message in search action * [MC-677] Fix search example input in help.md | Add exception message in search action * Black reformat * [MC-677] Fix help | Fix unit test | Add unit test to check wrong query input * [MC-677] Fix help | Fix unit test | Add unit test to check wrong query input * Update plugins/elasticsearch/komand_elasticsearch/actions/search_documents/action.py * Update plugins/elasticsearch/unit_test/test_search_documents.py * Update expected error string * Black format. Co-authored-by: Jon Schipp <30870727+jschipp-r7@users.noreply.github.com> Co-authored-by: Jon Schipp <jonschipp@gmail.com> Co-authored-by: Maxim Berezin <maxim_berezin@rapid7.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> [SOAR-7434] ipstack schema update (#1040) * updated komand to icon runtime * added time_zone fix * passing individual unit tests * fixed unit test bug * black reformat * fixed api url * added ignore pylint unused args because implementation is blank * increased version from 2->3 and reformat * fixing prospector Add support of ! character to the URL extraction (#1041) 1. Update Regex to support ! character to the URL extractor 2. Update plugin minor version 3. Add a test string to the Unit test set 4. Update help.md to include release details 5. Regenerate the plugin files JIRA: SOAR-7356 [MC-754][MC-838][MC-839][MC-840] PDF Reader plugin - Fix Extract Text action (#1038) * [MC-754] Fix Extract Text action * [MC-754] Update plugin spec * [MC-754][MC-838][MC-839][MC-840] Update Dockerfile and Extract Text action * [MC-754] Update Extract Text action * [MC-754][MC-838][MC-839][MC-840] Update error messaging in Extract Text action * Update plugins/pdf_reader/help.md Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Add new trigger in Rapid7 IntSights plugin (#1033) * [MC-683] Init plugin | Add action Get Indicator by Value * IntSights new actions and trigger draft * [MC-717] Add action Get Indicator By Value * [MC-683][MC-673][MC-681][MC-682][MC-684][MC-686][MC-688][MC-687] Add new Plugin IntSights * [MC-717][MC-718][MC-719][MC-720][MC-721][MC-722][MC-723][MC-725] Update help.md * Revert: Add microsoft ATP Black reformat * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/icon_intsights/actions/takedown_request/action.py Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/icon_intsights/connection/connection.py Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/icon_intsights/util/api.py Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * [MC-683] Fix help * [MC-683] Fix help * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * [MC-683] Change plugin name to rapid7_intsights * [MC-683] Change plugin name to rapid7_intsights * [MC-683] Fix unit tests * [MC-683] Fix unit tests * [MC-683] Add clean to enrich_indicator output * [MC-683] Add clean to enrich_indicator output * Add icon * New graphics * Fix unit_test path while getting payload * [MC-771][MC-808] plugin.spec and action code * Add cutom type * [MC-771][MC-808] Add unit tests * [MC-771][MC-808] Add unit tests * [MC-771][MC-808] Fix description * [MC-771][MC-808] Fix f-string in API * [MC-771][MC-808] Fix unit_test expecteds files * [MC-685][MC-724] Add new trigger New Alert with unittest * [MC-685][MC-724] Add new trigger New Alert with unittest * [MC-685][MC-724] Add new trigger New Alert with unittest * [MC-685][MC-724] Add new trigger New Alert with unittest * [MC-685][MC-724] black * [MC-685][MC-724] Add module to requirements * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> * [MC-771][MC-808] Add pagination to action get_cve_by_id * [MC-771][MC-808] Add pagination to action get_cve_by_id * [MC-771][MC-808] Black format * [MC-685] Add new case to unit tests, Change descriptions in plugin.spec * [MC-685] Black format * [MC-685] Add new case to unit tests, Change descriptions in plugin.spec * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * [MC-685] Fix query in get_cve * [MC-685] Fix query in get_cve * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * [MC-685] Fix validator issues * [MC-717] Fix score from integer to float * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/help.md Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * Update plugins/rapid7_intsights/plugin.spec.yaml Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> * [MC-685] Fix input enum errors Co-authored-by: r7-kszczepanskagorna <kamila_szczepanska-gorna@rapid7.com> Co-authored-by: Mike Rinehart <32079048+mrinehart-r7@users.noreply.github.com> Co-authored-by: Mike Rinehart <mike_rinehart@rapid7.com> Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> Co-authored-by: PJ Mara <87435279+pmara-r7@users.noreply.github.com> Co-authored-by: Max Berezin <52976633+mberezin-r7@users.noreply.github.com> Fix plugin validator GH Action [MC-800] Improve error messaging in Palo Alto MineMeld plugin (#1046) (#1051) [MC-800] Update PaloAltoMineMeld to 1.0.1 with below: 1. Update unit tests 2. Update requirements. txt [MC-801] Fix Set Address Object action in Palo Alto PAN-OS plugin (#1047) (#1055) Co-authored-by: dsliwinski-r7 <73613193+dsliwinski-r7@users.noreply.github.com> Microsoftteams_3.1.5 (#1058) * [MC-772] Add `microsoft_teams` keyword * [MC-772] Fix unit tests * Update plugins/microsoft_teams/help.md [SOAR-7961] Configurable interval for devo (#1059) (#1065) * configurable interval * set interval default to 10 seconds [MC-751] - ServiceNow Get Attachments (#1054) Automox Plugin: Initial release of plugin with base management functionality (#1042) Cisco Umbrella Destinations Lists The below actions have been added: dGet dAdd dDelete dlGet dlGetAll dlPatch dlDelete dlCreate Updated acronyms in spec file Update plugins/cisco_umbrella_destinations/plugin.spec.yaml text fix to capitalize acronyms Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> Update plugins/cisco_umbrella_destinations/plugin.spec.yaml text fix to capitalize acronyms Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> Update plugins/cisco_umbrella_destinations/plugin.spec.yaml text fix to capitalize acronyms Co-authored-by: jrose-r7 <87443773+jrose-r7@users.noreply.github.com> Updated spec Changing org_id & dl_id to input Added basic PluginException error handling removed unitTests & greeting yaml Updated examples in spec file Added PluginException to api.py & removed from actions Removed unused imports Final api.py Updated api.py Fixed broken logger .. Commented out connection bug for now Change return to pass Fix prospector issue #1 Fix prospector issue #2 Validators fix attempt#1 Fix validators #2 Fix validators #3 Fix validators #4 Fix validators #5 Fix validators #6 Fix validators #7 Added black formatting Test black #1 Black formatting complete Moved orgID to connection input Black formatting #2 Fix prospector issue #3 -- Cisco Umbrella Destinations Lists The below actions have been added: dGet dAdd dDelete dlGet dlGetAll dlPatch dlDelete dlCreate Changing org_id & dl_id to input Added basic PluginException error handling removed unitTests & greeting yaml Updated examples in spec file Added PluginException to api.py & removed from actions Final api.py Updated api.py Fixed broken logger Commented out connection bug for now Change return to pass Validators fix attempt#1 Fix validators #2 Fix validators #3 Fix validators #4 Fix validators #5 Fix validators #6 Fix validators #7 Added black formatting Black formatting complete Moved orgID to connection input Cisco Umbrella Destinations Lists The below actions have been added: dGet dAdd dDelete dlGet dlGetAll dlPatch dlDelete dlCreate Changing org_id & dl_id to input Added basic PluginException error handling removed unitTests & greeting yaml Updated examples in spec file Added PluginException to api.py & removed from actions Final api.py Updated api.py Fixed broken logger Commented out connection bug for now Change return to pass Validators fix attempt#1 Fix validators #2 Fix validators #3 Fix validators #4 Fix validators #5 Fix validators #6 Fix validators #7 Added black formatting Black formatting complete Moved orgID to connection input Test Commit #1 Updated help.md & plugin spec Black formatting #3

[MC-492][MC-694] Add Get Blocked Hosts action to Cisco ASA

db1c8bf

jrose-r7 suggested changes Sep 2, 2021

View reviewed changes

dsliwinski-r7 and others added 3 commits September 3, 2021 13:44

Merge branch 'master' of https://github.com/rapid7/insightconnect-plu…

04a317a

…gins into MC-492_MC-694_Add_Get_Blocked_Hosts_action_to_Cisco_ASA

[MC-492][MC-694] Add section for supported version

1449317

Merge branch 'master' into MC-492_MC-694_Add_Get_Blocked_Hosts_action…

4d1135a

…_to_Cisco_ASA

mberezin-r7 added the Validation Failure PR has a validation failure label Sep 3, 2021

mrinehart-r7 previously approved these changes Sep 7, 2021

View reviewed changes

mrinehart-r7 added the Needs 2nd Reviewer PR needs a second reviewer label Sep 7, 2021

github-actions bot added 2 commits September 8, 2021 21:00

Branch was auto-updated from base branch!

99efa48

Branch was auto-updated from base branch!

b70bf4d

mberezin-r7 previously approved these changes Sep 9, 2021

View reviewed changes

jrose-r7 removed the Needs 2nd Reviewer PR needs a second reviewer label Sep 9, 2021

Scrub test example input

e9ff275

mberezin-r7 dismissed stale reviews from mrinehart-r7 and themself via e9ff275 September 9, 2021 15:06

github-actions bot and others added 4 commits September 9, 2021 15:47

Branch was auto-updated from base branch!

2bb3e95

Merge branch 'master' of https://github.com/rapid7/insightconnect-plu…

d778668

…gins into MC-492_MC-694_Add_Get_Blocked_Hosts_action_to_Cisco_ASA

[MC-491][MC-726] Add Block Host action to Cisco ASA

f4909ce

Merge branch 'master' of https://github.com/rapid7/insightconnect-plu…

57806fa

…gins into MC-492_MC-694_Add_Get_Blocked_Hosts_action_to_Cisco_ASA

dsliwinski-r7 changed the title ~~[MC-492][MC-694] Add Get Blocked Hosts action to Cisco ASA~~ [MC-492][MC-694][MC-491][MC-726] Add Get Blocked Hosts and Block Host actions to Cisco ASA Sep 28, 2021

dsliwinski-r7 and others added 3 commits September 29, 2021 13:38

[MC-492][MC-694][MC-491][MC-726] Update requirements.txt

d4b6bc6

Merge branch 'master' into MC-492_MC-694_Add_Get_Blocked_Hosts_action…

58008a5

…_to_Cisco_ASA

Merge branch 'master' into MC-492_MC-694_Add_Get_Blocked_Hosts_action…

33eac3a

…_to_Cisco_ASA

mrinehart-r7 and others added 3 commits October 14, 2021 14:07

Merge branch 'master' into MC-492_MC-694_Add_Get_Blocked_Hosts_action…

abd5dc0

…_to_Cisco_ASA

[MC-492][MC-694][MC-491][MC-726] Add ignore comments

2621e54

Merge branch 'master' of https://github.com/rapid7/insightconnect-plu…

136811a

…gins into MC-492_MC-694_Add_Get_Blocked_Hosts_action_to_Cisco_ASA

dsliwinski-r7 and others added 2 commits October 15, 2021 15:36

[MC-492][MC-694][MC-491][MC-726] Reformat

9bd1dc4

Merge branch 'master' into MC-492_MC-694_Add_Get_Blocked_Hosts_action…

8f3981c

…_to_Cisco_ASA

pmara-r7 added the Needs 2nd Reviewer PR needs a second reviewer label Oct 28, 2021

pmara-r7 approved these changes Oct 28, 2021

View reviewed changes

pmara-r7 removed the Validation Failure PR has a validation failure label Oct 28, 2021

mberezin-r7 approved these changes Oct 28, 2021

View reviewed changes

mberezin-r7 added Ready to Merge ✅ PR is ready to merge to develop and removed Needs 2nd Reviewer PR needs a second reviewer labels Oct 28, 2021

mrinehart-r7 merged commit a044d6d into master Nov 2, 2021

mrinehart-r7 deleted the MC-492_MC-694_Add_Get_Blocked_Hosts_action_to_Cisco_ASA branch November 2, 2021 20:47

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[MC-492][MC-694][MC-491][MC-726] Add Get Blocked Hosts and Block Host actions to Cisco ASA#994

[MC-492][MC-694][MC-491][MC-726] Add Get Blocked Hosts and Block Host actions to Cisco ASA#994
mrinehart-r7 merged 19 commits intomasterfrom
MC-492_MC-694_Add_Get_Blocked_Hosts_action_to_Cisco_ASA

dsliwinski-r7 commented Aug 29, 2021 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

dsliwinski-r7 commented Sep 28, 2021

Uh oh!

pmara-r7 commented Oct 12, 2021

Uh oh!

pmara-r7 commented Oct 12, 2021

Uh oh!

mrinehart-r7 commented Oct 14, 2021

Uh oh!

pmara-r7 left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Conversation

dsliwinski-r7 commented Aug 29, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Proposed Changes

Description

PR Requirements

Testing

Unit Tests

In-Product Tests

Style

Functional Checklist

Assessment

Run

Test

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

dsliwinski-r7 commented Sep 28, 2021

Assessment

Run

Test

Uh oh!

pmara-r7 commented Oct 12, 2021

Uh oh!

pmara-r7 commented Oct 12, 2021

Uh oh!

mrinehart-r7 commented Oct 14, 2021

Uh oh!

pmara-r7 left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

dsliwinski-r7 commented Aug 29, 2021 •

edited

Loading