Skip to content

Commit

Permalink
[SOAR-18015] Devo - Snyk and SDK Bump (#2900) (#2908)
Browse files Browse the repository at this point in the history
* snyk and sdk

* deleting integration unit tests
  • Loading branch information
rmurray-r7 authored Oct 28, 2024
1 parent bd1755b commit 702f67a
Show file tree
Hide file tree
Showing 21 changed files with 207 additions and 373 deletions.
12 changes: 6 additions & 6 deletions plugins/devo/.CHECKSUM
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
{
"spec": "11b617b531bfc5aa4395fc40f9c24598",
"manifest": "121802ce2e24e49184094fdbddd2b537",
"setup": "ef8ba4d12d80802047c2e33e7c689107",
"spec": "c7a928351e3670d2789ff5686df578f2",
"manifest": "c5cc69f9176f8a28249422dc6fc117fc",
"setup": "3ffc33bcc1dbe33b2b361c065bcee82e",
"schemas": [
{
"identifier": "query_logs/schema.py",
"hash": "6e6c90f3c1e227e3c3fb2353ef0f48ec"
"hash": "5ef5d84285557cbcaf782f8a5c2f64f3"
},
{
"identifier": "connection/schema.py",
"hash": "51ac06217173a78117fe71cd4a0db13f"
"hash": "31c15e384dddc9a35213ffda480488d2"
},
{
"identifier": "get_new_alerts/schema.py",
"hash": "775f70e25e8039041d5ee4917bea11bc"
"hash": "5c67e720a20619e182bd2af68a3146fc"
}
]
}
18 changes: 6 additions & 12 deletions plugins/devo/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,26 +1,20 @@
FROM rapid7/insightconnect-python-3-38-plugin:4
# Refer to the following documentation for available SDK parent images: https://komand.github.io/python/sdk.html#version
FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.1.4

LABEL organization=rapid7
LABEL sdk=python

# Add any custom package dependencies here
# NOTE: Add pip packages to requirements.txt

# End package dependencies

# Add source code
WORKDIR /python/src

ADD ./plugin.spec.yaml /plugin.spec.yaml
ADD . /python/src
ADD ./requirements.txt /python/src/requirements.txt

# Install pip dependencies
RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi

# Install plugin
ADD . /python/src

RUN python setup.py build && python setup.py install

# User to run plugin code. The two supported users are: root, nobody
USER root
USER nobody

ENTRYPOINT ["/usr/local/bin/icon_devo"]
10 changes: 5 additions & 5 deletions plugins/devo/bin/icon_devo
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
#!/usr/bin/env python
# GENERATED BY KOMAND SDK - DO NOT EDIT
# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT
import os
import json
from sys import argv

Name = "Devo"
Vendor = "rapid7"
Version = "3.0.1"
Version = "3.0.2"
Description = "Devo is the cloud-native logging and security analytics solution that delivers real-time visibility for security and operations teams"


Expand All @@ -23,7 +23,7 @@ def main():
monkey.patch_all()

import insightconnect_plugin_runtime
from icon_devo import connection, actions, triggers
from icon_devo import connection, actions, triggers, tasks

class ICONDevo(insightconnect_plugin_runtime.Plugin):
def __init__(self):
Expand All @@ -35,9 +35,9 @@ def main():
connection=connection.Connection()
)
self.add_trigger(triggers.GetNewAlerts())

self.add_action(actions.QueryLogs())


"""Run plugin"""
cli = insightconnect_plugin_runtime.CLI(ICONDevo())
Expand Down
113 changes: 85 additions & 28 deletions plugins/devo/help.md
100755 → 100644
Original file line number Diff line number Diff line change
Expand Up @@ -34,10 +34,10 @@ For testing purposes, to give access to all tables, use `*.*.**`. This is not re

The connection configuration accepts the following parameters:

|Name|Type|Default|Required|Description|Enum|Example|
|----|----|-------|--------|-----------|----|-------|
|authentication_token|credential_secret_key|None|True|Devo authentication token|None|9de5069c5afe602b2ea0a04b66beb2c0|
|region|string|None|True|Region|['USA', 'EU', 'VDC (Spain)']|USA|
|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip|
| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
|authentication_token|credential_secret_key|None|True|Devo authentication token|None|9de5069c5afe602b2ea0a04b66beb2c0|None|None|
|region|string|None|True|Region|["USA", "EU", "VDC (Spain)"]|USA|None|None|

Example input:

Expand All @@ -52,18 +52,19 @@ Example input:

### Actions


#### Query Logs

This action is used to run a LINQ query against the logs.

##### Input

|Name|Type|Default|Required|Description|Enum|Example|
|----|----|-------|--------|-----------|----|-------|
|from_date|string|None|True|Earliest date to query events from, will accept relative or absolute times, e.g. 1/1/2020, 2 hours ago, 1/1/2020T12:00:00, Now|None|5 minutes ago|
|query|string|None|True|A query. The response is limited to 200MB of raw data or 1000 entries, whichever is hit first|None|from demo.ecommerce.data select *|
|to_date|string|Now|True|Latest date to query events from, will accept relative or absolute times, e.g. 1/1/2020, 2 hours ago, 1/1/2020T12:00:00, Now|None|Now|

|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip|
| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
|from_date|string|None|True|Earliest date to query events from, will accept relative or absolute times, e.g. 1/1/2020, 2 hours ago, 1/1/2020T12:00:00, Now|None|5 minutes ago|None|None|
|query|string|None|True|A query. The response is limited to 200MB of raw data or 1000 entries, whichever is hit first|None|from demo.ecommerce.data select *|None|None|
|to_date|string|Now|True|Latest date to query events from, will accept relative or absolute times, e.g. 1/1/2020, 2 hours ago, 1/1/2020T12:00:00, Now|None|Now|None|None|
Example input:

```
Expand All @@ -76,10 +77,10 @@ Example input:

##### Output

|Name|Type|Required|Description|
|----|----|--------|-----------|
|results|query_result|True|An object containing information and results about the query that was run|

|Name|Type|Required|Description|Example|
| :--- | :--- | :--- | :--- | :--- |
|results|query_result|True|An object containing information and results about the query that was run|None|
Example output:

```
Expand Down Expand Up @@ -107,19 +108,19 @@ Example output:
}
}
```

### Triggers


#### Get New Alerts

This trigger is used to get new alerts.
This trigger is used to get new alerts

##### Input

|Name|Type|Default|Required|Description|Enum|Example|
|----|----|-------|--------|-----------|----|-------|
|interval|integer|10|False|Interval time in seconds|None|5|

|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip|
| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
|interval|integer|10|False|Interval time in seconds|None|5|None|None|
Example input:

```
Expand All @@ -130,10 +131,10 @@ Example input:

##### Output

|Name|Type|Required|Description|
|----|----|--------|-----------|
|alerts|[]object|True|An object containing information and results about the alerts from interval time|

|Name|Type|Required|Description|Example|
| :--- | :--- | :--- | :--- | :--- |
|alerts|[]object|True|An object containing information and results about the alerts from interval time|None|
Example output:

```
Expand Down Expand Up @@ -168,10 +169,63 @@ Example output:
]
}
```
### Tasks

*This plugin does not contain any tasks.*

### Custom Types

**alert**

|Name|Type|Default|Required|Description|Example|
| :--- | :--- | :--- | :--- | :--- | :--- |
|Alert Host|string|None|False|Alert host|None|
|Alert ID|string|None|False|Alert ID|None|
|Application|string|None|False|Application|None|
|Category|string|None|False|Category|None|
|Context|string|None|False|Context|None|
|Domain|string|None|False|Domain|None|
|Destination Host|string|None|False|Destination host|None|
|Destination IP|string|None|False|Destination IP|None|
|Destination Port|string|None|False|Destination port|None|
|Engine|string|None|False|Engine|None|
|Event Date|integer|None|False|Event date|None|
|Extra Data|string|None|False|Extra data|None|
|Priority|float|None|False|Priority|None|
|Protocol|string|None|False|Protocol|None|
|Source Host|string|None|False|Source host|None|
|Source IP|string|None|False|Source IP|None|
|Source Port|string|None|False|Source port|None|
|Status|integer|None|False|Status|None|
|Username|string|None|False|Username|None|

**log_entry**

|Name|Type|Default|Required|Description|Example|
| :--- | :--- | :--- | :--- | :--- | :--- |
|Bytes Transferred|integer|None|False|Bytes transferred|None|
|Client IP Address|string|None|False|Client IP address|None|
|Cookie|string|None|False|Cookie|None|
|Event Date|integer|None|False|Event date|None|
|Method|string|None|False|Method|None|
|Protocol|string|None|False|Protocol|None|
|Referral URI|string|None|False|Referral URI|None|
|Status Code|integer|None|False|Status code|None|
|Time Taken|integer|None|False|Time taken|None|
|Timestamp|string|None|False|Timestamp|None|
|URI|string|None|False|URI|None|
|User Agent|string|None|False|User agent|None|

**query_result**

|Name|Type|Default|Required|Description|Example|
| :--- | :--- | :--- | :--- | :--- | :--- |
|CID|string|None|False|CID|None|
|Message|string|None|False|Message|None|
|Log Entries|[]log_entry|None|False|Log entries|None|
|Status|integer|None|False|Status|None|
|Timestamp|integer|None|False|Timestamp|None|

### Custom Output Types

_This plugin does not contain any custom output types._

## Troubleshooting

Expand All @@ -183,14 +237,17 @@ _This plugin does not contain any custom output types._

# Version History

* 3.0.2 - Bumping requirements.txt | SDK Bump to 6.1.4
* 3.0.1 - Fix an issue in Get New Alerts trigger to catch missing alerts
* 3.0.0 - Fix an issue in Get New Alerts trigger to filter duplicate alerts. Output contains list of new alerts
* 2.0.0 - Configuration for interval input parameter
* 1.0.0 - Initial plugin

# Links

* [Devo](https://www.devo.com/)

## References

* [Devo](https://www.devo.com/)
* [Authentication Token Documentation](https://docs.devo.com/confluence/ndt/latest/domain-administration/security-credentials/authentication-tokens)
* [Authentication Token Documentation](https://docs.devo.com/confluence/ndt/latest/domain-administration/security-credentials/authentication-tokens)
4 changes: 3 additions & 1 deletion plugins/devo/icon_devo/actions/__init__.py
Original file line number Diff line number Diff line change
@@ -1,2 +1,4 @@
# GENERATED BY KOMAND SDK - DO NOT EDIT
# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT

from .query_logs.action import QueryLogs

2 changes: 1 addition & 1 deletion plugins/devo/icon_devo/actions/query_logs/__init__.py
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
# GENERATED BY KOMAND SDK - DO NOT EDIT
# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT
from .action import QueryLogs
Loading

0 comments on commit 702f67a

Please sign in to comment.