From 95e613f15dfe7367b27daf5795b55b6b0f566288 Mon Sep 17 00:00:00 2001 From: rshunim <102469772+rshunim@users.noreply.github.com> Date: Thu, 2 Jan 2025 17:17:32 +0200 Subject: [PATCH] GetUserData - adding an 'attributes' parameter (#37908) * add AD attributes to the GetUserData.py script when running 'ad-get-user' command * RN * add UT * Update Packs/CommonScripts/Scripts/GetUserData/GetUserData.yml Co-authored-by: JudithB <132264628+jbabazadeh@users.noreply.github.com> * Update Packs/CommonScripts/ReleaseNotes/1_19_1.md Co-authored-by: JudithB <132264628+jbabazadeh@users.noreply.github.com> * CR --------- Co-authored-by: JudithB <132264628+jbabazadeh@users.noreply.github.com> --- Packs/CommonScripts/ReleaseNotes/1_19_1.md | 6 +++ .../Scripts/GetUserData/GetUserData.py | 3 +- .../Scripts/GetUserData/GetUserData.yml | 2 + .../Scripts/GetUserData/GetUserData_test.py | 54 +++++++++++++++++++ Packs/CommonScripts/pack_metadata.json | 2 +- 5 files changed, 65 insertions(+), 2 deletions(-) create mode 100644 Packs/CommonScripts/ReleaseNotes/1_19_1.md diff --git a/Packs/CommonScripts/ReleaseNotes/1_19_1.md b/Packs/CommonScripts/ReleaseNotes/1_19_1.md new file mode 100644 index 000000000000..d712a04a7e3e --- /dev/null +++ b/Packs/CommonScripts/ReleaseNotes/1_19_1.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### get-user-data + +- Added the **attributes** parameter to the ***ad-get-user*** command in this script to retrieve additional user information. \ No newline at end of file diff --git a/Packs/CommonScripts/Scripts/GetUserData/GetUserData.py b/Packs/CommonScripts/Scripts/GetUserData/GetUserData.py index 80d193e3034d..72625aa6df41 100644 --- a/Packs/CommonScripts/Scripts/GetUserData/GetUserData.py +++ b/Packs/CommonScripts/Scripts/GetUserData/GetUserData.py @@ -722,6 +722,7 @@ def main(): users_ids = argToList(args.get("user_id", [])) users_names = argToList(args.get("user_name", [])) users_emails = argToList(args.get("user_email", [])) + attributes = args.get("attributes") domain = args.get("domain", "") verbose = argToBoolean(args.get("verbose", False)) brands_to_run = argToList(args.get("brands", [])) @@ -771,7 +772,7 @@ def main(): ad_get_user_command = Command( brand="Active Directory Query v2", name="ad-get-user", - args={"username": user_name, "email": user_email}, + args={"username": user_name, "email": user_email, "attributes": attributes}, ) if modules.is_brand_available(ad_get_user_command) and is_valid_args( ad_get_user_command diff --git a/Packs/CommonScripts/Scripts/GetUserData/GetUserData.yml b/Packs/CommonScripts/Scripts/GetUserData/GetUserData.yml index 03888dbcd099..263f891cb28a 100644 --- a/Packs/CommonScripts/Scripts/GetUserData/GetUserData.yml +++ b/Packs/CommonScripts/Scripts/GetUserData/GetUserData.yml @@ -8,6 +8,8 @@ args: - description: List of emails of the users to retrieve. name: user_email isArray: true +- description: list of AD user's attributes to retrieve, separated by comma. + name: attributes - description: The domain to retrieve users from. Available only for the iam-get-user command. name: domain - description: |- diff --git a/Packs/CommonScripts/Scripts/GetUserData/GetUserData_test.py b/Packs/CommonScripts/Scripts/GetUserData/GetUserData_test.py index b137a371f2cb..b86e497ee80a 100644 --- a/Packs/CommonScripts/Scripts/GetUserData/GetUserData_test.py +++ b/Packs/CommonScripts/Scripts/GetUserData/GetUserData_test.py @@ -1104,6 +1104,60 @@ def test_ad_get_user(self, mocker: MockerFixture): assert result[1] == expected_account assert result[2] == "CN=Manager,OU=Users,DC=example,DC=com" + def test_ad_get_user_attributes(self, mocker: MockerFixture): + """ + Given: + A Command object for ad_get_user. + When: + The function is called with the Command object and attributes. + Then: + It returns the expected tuple of readable outputs, account output, and manager DN. + """ + command = Command( + "Active Directory Query v2", "ad-get-user", {"username": "ad_user", "attributes": "whenCreated"} + ) + mock_outputs = { + "sAMAccountName": "ad_user", + "displayName": "AD User", + "mail": "ad_user@example.com", + "memberOf": ["Group1"], + "userAccountControlFields": {"ACCOUNTDISABLE": False}, + "manager": ["CN=Manager,OU=Users,DC=example,DC=com"], + "whenCreated": ["2024-11-05 09:11:18+00:00"] + } + expected_account = { + "username": {"Value": "ad_user", "Source": "Active Directory Query v2"}, + "display_name": {"Value": "AD User", "Source": "Active Directory Query v2"}, + "email_address": { + "Value": "ad_user@example.com", + "Source": "Active Directory Query v2", + }, + "groups": {"Value": "Group1", "Source": "Active Directory Query v2"}, + "is_enabled": {"Value": True, "Source": "Active Directory Query v2"}, + "whenCreated": {'Source': 'Active Directory Query v2', + 'Value': '2024-11-05 09:11:18+00:00'} + } + + mocker.patch( + "GetUserData.run_execute_command", + return_value=([mock_outputs], "Human readable output", []), + ) + mocker.patch("GetUserData.get_output_key", return_value="ActiveDirectory.Users") + mocker.patch("GetUserData.get_outputs", return_value=mock_outputs) + mocker.patch("GetUserData.prepare_human_readable", return_value=[]) + + result = ad_get_user(command) + + assert isinstance(result, tuple) + assert len(result) == 3 + assert isinstance(result[0], list) + assert isinstance(result[1], dict) + assert isinstance(result[2], str) + assert result[1] == expected_account + assert result[2] == "CN=Manager,OU=Users,DC=example,DC=com" + assert len(result[1]) + assert "whenCreated" in result[1] + def test_ad_get_user_manager(self, mocker: MockerFixture): """ Given: diff --git a/Packs/CommonScripts/pack_metadata.json b/Packs/CommonScripts/pack_metadata.json index c8ccac258432..6880cef19a90 100644 --- a/Packs/CommonScripts/pack_metadata.json +++ b/Packs/CommonScripts/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Common Scripts", "description": "Frequently used scripts pack.", "support": "xsoar", - "currentVersion": "1.19.0", + "currentVersion": "1.19.1", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",