Skip to content

Commit

Permalink
Get trail status (demisto#33277)
Browse files Browse the repository at this point in the history
* Get trail status (demisto#32960)

* "contribution update to pack "AWS - CloudTrail""

* made requested changes

* Update Packs/AWS-CloudTrail/ReleaseNotes/1_1_0.md

Co-authored-by: Yuval Hayun <[email protected]>

* Update Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.yml

Co-authored-by: Yuval Hayun <[email protected]>

* Update Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.yml

Co-authored-by: Yuval Hayun <[email protected]>

* Update Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.py

Co-authored-by: Yuval Hayun <[email protected]>

* removed try & except under get_trail_status function

* fixed indent

* fixed typo

* fixed typo

* made requested changes

* updated docker version

* updated docker

* fixed typos

* reverted change on package-lock.json

* reverted changes as requested

* revert package-lock.json

* update dockerimage

* Update 1_1_0.md

* Update AWS-CloudTrail.py

* Update AWS-CloudTrail.yml

* Update 1_1_0.md

* Update AWS-CloudTrail.py

* Update AWS-CloudTrail.py

* Update AWS-CloudTrail.py

* Update AWS-CloudTrail.py

* Update Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.py

Co-authored-by: Yuval Hayun <[email protected]>

* Update AWS-CloudTrail_test.py

* Update 1_1_0.md

* Update AWS-CloudTrail.yml

---------

Co-authored-by: xsoar-bot <[email protected]>
Co-authored-by: Yuval Hayun <[email protected]>

* revert package-lcok

* remove docker line

---------

Co-authored-by: kcelovic <[email protected]>
Co-authored-by: xsoar-bot <[email protected]>
Co-authored-by: Yuval Hayun <[email protected]>
Co-authored-by: YuvHayun <[email protected]>
  • Loading branch information
5 people authored and pal-xmco committed Jun 19, 2024
1 parent 4d5f0d1 commit fd2d10c
Show file tree
Hide file tree
Showing 7 changed files with 411 additions and 753 deletions.
47 changes: 42 additions & 5 deletions Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import demistomock as demisto
from CommonServerPython import *
from CommonServerUserPython import *
import demistomock as demisto # noqa: F401
from CommonServerPython import * # noqa: F401


import boto3
from botocore.config import Config
from botocore.parsers import ResponseParserError
Expand Down Expand Up @@ -104,8 +105,8 @@ def aws_session(service='cloudtrail', region=None, roleArn=None, roleSessionName

def handle_returning_date_to_string(date_obj: datetime | str) -> str:
"""Gets date object to string"""
# if the returning date is a string leave it as is.
if isinstance(date_obj, str):
# if the returning date is a string or None, leave it as is.
if date_obj is None or isinstance(date_obj, str):
return date_obj

# if event time is datetime object - convert it to string.
Expand Down Expand Up @@ -238,6 +239,40 @@ def describe_trails(args: dict) -> CommandResults:
)


def get_trail_status(args: dict) -> CommandResults:
client = aws_session(
region=args.get('region'),
roleArn=args.get('roleArn'),
roleSessionName=args.get('roleSessionName'),
roleSessionDuration=args.get('roleSessionDuration'),
)

kwargs = {'Name': args.get('name')}

response = client.get_trail_status(**kwargs)

data = {
'IsLogging': response.get('IsLogging'),
'LatestDeliveryTime': handle_returning_date_to_string(response.get('LatestDeliveryTime')),
'LatestCloudWatchLogsDeliveryError': response.get('LatestCloudWatchLogsDeliveryError'),
'LatestDeliveryErrorDetails': response.get('LatestDeliveryErrorDetails'),
'LatestNotificationError': response.get('LatestNotificationError'),
'LatestNotificationTime': handle_returning_date_to_string(response.get('LatestNotificationTime')),
'StartLoggingTime': handle_returning_date_to_string(response.get('StartLoggingTime')),
'StopLoggingTime': handle_returning_date_to_string(response.get('StopLoggingTime')),
'LatestCloudWatchLogsDeliveryTime': handle_returning_date_to_string(response.get('LatestCloudWatchLogsDeliveryTime')),
'LatestDigestDeliveryTime': handle_returning_date_to_string(response.get('LatestDigestDeliveryTime')),
'LatestDigestDeliveryError': response.get('LatestDigestDeliveryError')
}

return CommandResults(
outputs_prefix="AWS.CloudTrail.TrailStatus",
outputs_key_field="Name",
outputs=data,
readable_output=tableToMarkdown('AWS CloudTrail TrailStatus', data),
)


def update_trail(args: dict) -> CommandResults:
client = aws_session(
region=args.get('region'),
Expand Down Expand Up @@ -409,6 +444,8 @@ def main():
return_results(stop_logging(args))
if command == 'aws-cloudtrail-lookup-events':
return_results(lookup_events(args))
if command == 'aws-cloudtrail-get-trail-status':
return_results(get_trail_status(args))

except Exception as e:
err = "Error has occurred in the AWS CloudTrail Integration."
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -371,9 +371,60 @@ script:
- contextPath: AWS.CloudTrail.Events.CloudTrailEvent
description: A JSON string that contains a representation of the event returned.
type: string
- arguments:
- description: Specifies the names of multiple trails.
name: trailNameList
- description: Specifies the region of the trail.
name: region
required: true
- description: The The Amazon Resource Name (ARN) of the role to assume.
name: roleArn
- description: An identifier for the assumed role session.
name: roleSessionName
- description: The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.
name: roleSessionDuration
- description: Specifies the name of the trail.
name: name
required: true
description: Returns a JSON-formatted list of information about the specified trail. Fields include information on delivery errors, Amazon SNS and Amazon S3 errors, and start and stop logging times for each trail.
name: aws-cloudtrail-get-trail-status
outputs:
- contextPath: AWS.CloudTrail.TrailStatus.IsLogging
description: Whether the CloudTrail trail is currently logging Amazon Web Services API calls.
type: boolean
- contextPath: AWS.CloudTrail.TrailStatus.LatestDeliveryError
description: Displays any Amazon S3 error that CloudTrail encountered when attempting to deliver log files to the designated bucket.
type: string
- contextPath: AWS.CloudTrail.TrailStatus.LatestNotificationError
description: Displays any Amazon SNS error that CloudTrail encountered when attempting to send a notification.
type: string
- contextPath: AWS.CloudTrail.TrailStatus.LatestDeliveryTime
description: Specifies the date and time that CloudTrail last delivered log files to an account’s Amazon S3 bucket.
type: date
- contextPath: AWS.CloudTrail.TrailStatus.LatestNotificationTime
description: Specifies the date and time of the most recent Amazon SNS notification that CloudTrail has written a new log file to an account’s Amazon S3 bucket.
type: date
- contextPath: AWS.CloudTrail.TrailStatus.StartLoggingTime
description: Specifies the most recent date and time when CloudTrail started recording API calls for an Amazon Web Services account.
type: date
- contextPath: AWS.CloudTrail.TrailStatus.StopLoggingTime
description: Specifies the most recent date and time when CloudTrail stopped recording API calls for an Amazon Web Services account.
type: date
- contextPath: AWS.CloudTrail.TrailStatus.LatestCloudWatchLogsDeliveryError
description: Displays any CloudWatch Logs error that CloudTrail encountered when attempting to deliver logs to CloudWatch Logs.
type: string
- contextPath: AWS.CloudTrail.TrailStatus.LatestCloudWatchLogsDeliveryTime
description: Displays the most recent date and time when CloudTrail delivered logs to CloudWatch Logs.
type: date
- contextPath: AWS.CloudTrail.TrailStatus.LatestDigestDeliveryTime
description: Specifies the date and time that CloudTrail last delivered a digest file to an account’s Amazon S3 bucket.
type: date
- contextPath: AWS.CloudTrail.TrailStatus.LatestDigestDeliveryError
description: Displays any Amazon S3 error that CloudTrail encountered when attempting to deliver a digest file to the designated bucket.
type: string
dockerimage: demisto/boto3py3:1.0.0.89556
runonce: false
script: '-'
script: ''
subtype: python3
type: python
tests:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,4 @@ on your AWS environment.
- Attach a Role to the Instance Profile.
- Configure the Necessary IAM Roles that the AWS Integration Can Assume.

For detailed instructions, see the [AWS Integrations - Authentication](https://xsoar.pan.dev/docs/reference/articles/aws-integrations---authentication).
For detailed instructions, see the [AWS Integrations - Authentication](https://xsoar.pan.dev/docs/reference/articles/aws-integrations---authentication).
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,9 @@ def stop_logging(self, **kwargs):
def lookup_events(self, **kwargs):
return None

def get_trail_status(self, **kwargs):
return {"IsLogging": True}

def get_paginator(self, _):
class Paginator:
def paginate(self, **kwargs):
Expand Down Expand Up @@ -297,3 +300,20 @@ def test_cloudtrail_lookup_events(mocker, aws_cloudtrail, return_results_func):
command_result: CommandResults = return_results_func.call_args[0][0]
outputs: list[dict] = command_result.outputs
assert outputs[0]["Username"] == "user"


def test_cloudtrail_get_trail_status(mocker, aws_cloudtrail, return_results_func):
"""
Given
- demisto args
When
- running aws-cloudtrail-get-trail-status command
Then
- Ensure the command result is returned as expected
"""
args = {"name": "name"}
mock_command(mocker, aws_cloudtrail, "aws-cloudtrail-get-trail-status", args)
aws_cloudtrail.main()
command_result: CommandResults = return_results_func.call_args[0][0]
outputs: dict = command_result.outputs
assert "IsLogging" in outputs
Loading

0 comments on commit fd2d10c

Please sign in to comment.