diff --git a/plugins/microsoft_atp/.CHECKSUM b/plugins/microsoft_atp/.CHECKSUM index 7960d38bd5..e08785a4df 100644 --- a/plugins/microsoft_atp/.CHECKSUM +++ b/plugins/microsoft_atp/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "934e6a0e86aaf3bfeaf24c22d52b2f4f", - "manifest": "4702833d54d4ebd07beee1e4ac146a61", - "setup": "b11db1dff4ae3bd168fabd3691c4fd78", + "spec": "b247f2cc2b894b70b8e6bc2d9f630077", + "manifest": "e15eee3183e32aca45667b79fbdca373", + "setup": "d291d680acf58e924d74b9baf70b537e", "schemas": [ { "identifier": "blacklist/schema.py", diff --git a/plugins/microsoft_atp/Dockerfile b/plugins/microsoft_atp/Dockerfile index 58dd84b2a0..739f8ff40d 100755 --- a/plugins/microsoft_atp/Dockerfile +++ b/plugins/microsoft_atp/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.1.2 +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.2.2 LABEL organization=rapid7 LABEL sdk=python diff --git a/plugins/microsoft_atp/bin/komand_microsoft_atp b/plugins/microsoft_atp/bin/komand_microsoft_atp index 97b3d6658c..ffd45bc423 100755 --- a/plugins/microsoft_atp/bin/komand_microsoft_atp +++ b/plugins/microsoft_atp/bin/komand_microsoft_atp @@ -6,7 +6,7 @@ from sys import argv Name = "Microsoft Windows Defender ATP" Vendor = "rapid7" -Version = "6.0.0" +Version = "6.0.1" Description = "The Windows Defender Advanced Threat Protection plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files" diff --git a/plugins/microsoft_atp/help.md b/plugins/microsoft_atp/help.md index 70de0cc911..4b55c70acd 100644 --- a/plugins/microsoft_atp/help.md +++ b/plugins/microsoft_atp/help.md @@ -1335,6 +1335,7 @@ Example output: # Version History +* 6.0.1 - Update to latest SDK (v6.2.2) | Address vulnerabilities * 6.0.0 - Updated SDK to the latest version | Initial updates for fedramp compliance * 5.2.0 - Add new action: Update Alert * 5.1.0 - Adding the following as new action types to `blacklist` action ['Warn', 'Block', 'Audit'] | Add a new flag in the `blacklist` action to toggle generateAlerts flag | Bump SDK to version 5.4.9 @@ -1369,4 +1370,4 @@ Example output: ## References * [Windows Defender ATP API Start Page](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/use-apis) -* [Windows Defender ATP API Endpoints](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/exposed-apis-list) +* [Windows Defender ATP API Endpoints](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/exposed-apis-list) \ No newline at end of file diff --git a/plugins/microsoft_atp/plugin.spec.yaml b/plugins/microsoft_atp/plugin.spec.yaml index c8504cb3e9..8326e3eda0 100644 --- a/plugins/microsoft_atp/plugin.spec.yaml +++ b/plugins/microsoft_atp/plugin.spec.yaml @@ -4,7 +4,7 @@ products: ["insightconnect"] name: microsoft_atp title: Microsoft Windows Defender ATP description: The Windows Defender Advanced Threat Protection plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files -version: 6.0.0 +version: 6.0.1 connection_version: 6 supported_versions: ["2024-05-21"] vendor: rapid7 @@ -27,7 +27,7 @@ hub_tags: features: [] sdk: type: full - version: 6.1.2 + version: 6.2.2 user: nobody links: - "[Windows Defender ATP](https://www.microsoft.com/en-us/windowsforbusiness/windows-atp)" @@ -35,6 +35,7 @@ references: - "[Windows Defender ATP API Start Page](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/use-apis)" - "[Windows Defender ATP API Endpoints](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/exposed-apis-list)" version_history: + - "6.0.1 - Update to latest SDK (v6.2.2) | Address vulnerabilities" - "6.0.0 - Updated SDK to the latest version | Initial updates for fedramp compliance" - "5.2.0 - Add new action: Update Alert" - "5.1.0 - Adding the following as new action types to `blacklist` action ['Warn', 'Block', 'Audit'] | Add a new flag in the `blacklist` action to toggle generateAlerts flag | Bump SDK to version 5.4.9" diff --git a/plugins/microsoft_atp/setup.py b/plugins/microsoft_atp/setup.py index c63aca2c22..f68a98263e 100644 --- a/plugins/microsoft_atp/setup.py +++ b/plugins/microsoft_atp/setup.py @@ -3,7 +3,7 @@ setup(name="microsoft_atp-rapid7-plugin", - version="6.0.0", + version="6.0.1", description="The Windows Defender Advanced Threat Protection plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files", author="rapid7", author_email="",