Skip to content

Commit

Permalink
Updated armorblox plugin with the review comments. (#1721)
Browse files Browse the repository at this point in the history
* Initial commit for armorblox plugin

* Fix validate errors

* Timestamp changes

* Updated armorblox-sdk 0.1.4 version in requirements.txt

* Updated the suggestions for plugin.spec.yaml

* Update plugins/armorblox/help.md

* Update plugins/armorblox/help.md

* Update plugins/armorblox/help.md

* Update plugins/armorblox/help.md

* Update plugins/armorblox/help.md

* Update plugins/armorblox/help.md

* Update plugins/armorblox/help.md

* Updated review comments

* Update plugins/armorblox/icon_armorblox/triggers/get_incidents/schema.py

* Update plugins/armorblox/unit_test/payloads/get_remediation_action.json

* Update plugins/armorblox/unit_test/payloads/get_remediation_action.json

* Updated armorblox plugin with the required fixes

* Updated plugin with latest fixes

* Updated plugin with parameterized on test cases

* "Fixed review comments"

* Updated support field to community in plugin.spec.yaml

---------

Co-authored-by: Ankita Sharma <[email protected]>
Co-authored-by: Rajat Upadhyaya <[email protected]>
  • Loading branch information
3 people authored and joneill-r7 committed Nov 14, 2024
1 parent 6fb9df6 commit d53b0b0
Show file tree
Hide file tree
Showing 31 changed files with 1,281 additions and 0 deletions.
19 changes: 19 additions & 0 deletions plugins/armorblox/.CHECKSUM
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"spec": "406fd799fb05d81464ed8cb863ea1f56",
"manifest": "433b5ba19020a0a518c333be03af4eab",
"setup": "67d906e679bb88b8e56aa98bc008d58b",
"schemas": [
{
"identifier": "get_remediation_action/schema.py",
"hash": "6ac6405d0147b2df173e4e2fd5df44b5"
},
{
"identifier": "connection/schema.py",
"hash": "96db429999d91d2e040fc52f6e02fec7"
},
{
"identifier": "get_incidents/schema.py",
"hash": "cc8737d06f9995ac1c317d6e0093cef6"
}
]
}
9 changes: 9 additions & 0 deletions plugins/armorblox/.dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
unit_test/**/*
unit_test
examples/**/*
examples
tests
tests/**/*
**/*.json
**/*.tar
**/*.gz
28 changes: 28 additions & 0 deletions plugins/armorblox/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
FROM rapid7/insightconnect-python-3-38-plugin:4
# Refer to the following documentation for available SDK parent images: https://komand.github.io/python/sdk.html#version

LABEL organization=rapid7
LABEL sdk=python

# Add any custom package dependencies here
# NOTE: Add pip packages to requirements.txt

# End package dependencies

# Add source code
WORKDIR /python/src
ADD ./plugin.spec.yaml /plugin.spec.yaml
ADD . /python/src

RUN apt-get update && apt-get install -y git

# Install pip dependencies
RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi

# Install plugin
RUN python setup.py build && python setup.py install

# User to run plugin code. The two supported users are: root, nobody
USER nobody

ENTRYPOINT ["/usr/local/bin/icon_armorblox"]
53 changes: 53 additions & 0 deletions plugins/armorblox/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# Include other Makefiles for improved functionality
INCLUDE_DIR = ../../tools/Makefiles
MAKEFILES := $(wildcard $(INCLUDE_DIR)/*.mk)
# We can't guarantee customers will have the include files
# - prefix to ignore Makefiles when not present
# https://www.gnu.org/software/make/manual/html_node/Include.html
-include $(MAKEFILES)

ifneq ($(MAKEFILES),)
$(info [$(YELLOW)*$(NORMAL)] Use ``make menu`` for available targets)
$(info [$(YELLOW)*$(NORMAL)] Including available Makefiles: $(MAKEFILES))
$(info --)
else
$(warning Makefile includes directory not present: $(INCLUDE_DIR))
endif

VERSION?=$(shell grep '^version: ' plugin.spec.yaml | sed 's/version: //')
NAME?=$(shell grep '^name: ' plugin.spec.yaml | sed 's/name: //')
VENDOR?=$(shell grep '^vendor: ' plugin.spec.yaml | sed 's/vendor: //')
CWD?=$(shell basename $(PWD))
_NAME?=$(shell echo $(NAME) | awk '{ print toupper(substr($$0,1,1)) tolower(substr($$0,2)) }')
PKG=$(VENDOR)-$(NAME)-$(VERSION).tar.gz

# Set default target explicitly. Make's default behavior is the first target in the Makefile.
# We don't want that behavior due to includes which are read first
.DEFAULT_GOAL := default # Make >= v3.80 (make -version)


default: image tarball

tarball:
$(info [$(YELLOW)*$(NORMAL)] Creating plugin tarball)
rm -rf build
rm -rf $(PKG)
tar -cvzf $(PKG) --exclude=$(PKG) --exclude=tests --exclude=run.sh *

image:
$(info [$(YELLOW)*$(NORMAL)] Building plugin image)
docker build --pull -t $(VENDOR)/$(NAME):$(VERSION) .
docker tag $(VENDOR)/$(NAME):$(VERSION) $(VENDOR)/$(NAME):latest

regenerate:
$(info [$(YELLOW)*$(NORMAL)] Regenerating schema from plugin.spec.yaml)
icon-plugin generate python --regenerate

export: image
$(info [$(YELLOW)*$(NORMAL)] Exporting docker image)
@printf "\n ---> Exporting Docker image to ./$(VENDOR)_$(NAME)_$(VERSION).tar\n"
@docker save $(VENDOR)/$(NAME):$(VERSION) | gzip > $(VENDOR)_$(NAME)_$(VERSION).tar

# Make will not run a target if a file of the same name exists unless setting phony targets
# https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html
.PHONY: default tarball image regenerate
48 changes: 48 additions & 0 deletions plugins/armorblox/bin/icon_armorblox
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
#!/usr/bin/env python
# GENERATED BY KOMAND SDK - DO NOT EDIT
import os
import json
from sys import argv

Name = "Armorblox"
Vendor = "armorblox"
Version = "1.0.0"
Description = "Armorblox is an API-based platform that stops targeted email attacks, protects sensitive data, and automates incident response"


def main():
if 'http' in argv:
if os.environ.get("GUNICORN_CONFIG_FILE"):
with open(os.environ.get("GUNICORN_CONFIG_FILE")) as gf:
gunicorn_cfg = json.load(gf)
if gunicorn_cfg.get("worker_class", "sync") == "gevent":
from gevent import monkey
monkey.patch_all()
elif 'gevent' in argv:
from gevent import monkey
monkey.patch_all()

import insightconnect_plugin_runtime
from icon_armorblox import connection, actions, triggers

class ICONArmorblox(insightconnect_plugin_runtime.Plugin):
def __init__(self):
super(self.__class__, self).__init__(
name=Name,
vendor=Vendor,
version=Version,
description=Description,
connection=connection.Connection()
)
self.add_trigger(triggers.GetIncidents())

self.add_action(actions.GetRemediationAction())


"""Run plugin"""
cli = insightconnect_plugin_runtime.CLI(ICONArmorblox())
cli.run()


if __name__ == "__main__":
main()
Binary file added plugins/armorblox/extension.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
165 changes: 165 additions & 0 deletions plugins/armorblox/help.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,165 @@
# Description

Armorblox is an API-based platform that stops targeted email attacks, protects sensitive data, and automates incident response

# Key Features

* Fetches incidents detected by Armorblox for the given tenant.
* Retrieves the remediation action for a given incident.

# Requirements

* Requires an API key from the product.

# Supported Product Versions

* 1.0.0

# Documentation

## Setup

The connection configuration accepts the following parameters:

|Name|Type|Default|Required|Description|Enum|Example|
|----|----|-------|--------|-----------|----|-------|
|api_key|credential_secret_key|None|True|Armorblox API Key|None|9de5069c5afe602b2ea0a04b66beb2c0|
|tenant_name|string|None|True|Armorblox Tenant Name|None|my-tenant-name|

Example input:

```
{
"api_key": "9de5069c5afe602b2ea0a04b66beb2c0",
"tenant_name": "my-tenant-name"
}
```
## Technical Details

### Actions

#### Get Remediation Action

This action is used to fetch remediation action of an incident identified by Armorblox.

##### Input

|Name|Type|Default|Required|Description|Enum|Example|
|----|----|-------|--------|-----------|----|-------|
|incident_id|string|None|True|An integer number identifying the incident|None|3490|

Example input:

```
{
"incident_id": 3490
}
```

##### Output

|Name|Type|Required|Description|
|----|----|--------|-----------|
|remediation_details|string|True|Remediation action of the requested incident identified by Armorblox|

Example output:
```
{
"remediation_details": "ALERT"
}
```

### Triggers

#### Get Incidents

This trigger is used to get a list of incidents identified by Armorblox. By default, it starts querying for all the incidents since the previous day.

##### Input

|Name|Type|Default|Required|Description|Enum|Example|
|----|----|-------|--------|-----------|----|-------|
|interval|integer|600|False|Polling interval in seconds|None|600|

Example input:

```
{
"interval": 600
}
```

##### Output

|Name|Type|Required|Description|
|----|----|--------|-----------|
|incidents|[]incident|True|A list of incidents identified by Armorblox|

Example output:

```
{
"incidents": "some incidents"
}
```

### Custom Output Types

#### engagement

|Name|Type|Required|Description|
|----|----|--------|-----------|
|Forwarded Mail Count|string|False|Forwarded Mail Count|
|Reply Mail Count|string|False|Reply Mail Count|

#### final_detection_tag

|Name|Type|Required|Description|
|----|----|--------|-----------|
|Detection tag ID|string|False|Detection tag ID|
|Detection tag name|string|False|Detection tag name|

#### incident

|Name|Type|Required|Description|
|----|----|--------|-----------|
|App Name|string|False|App Name|
|Incident Date|date|False|None|
|Engagements|engagement|False|Engagements|
|External senders|[]string|False|List of external senders|
|External users|[]user|False|List of external users|
|Detection tags|[]final_detection_tag|False|Detection tags|
|Folder categories|[]string|False|Folder categories|
|Incident ID|string|False|Incident ID|
|Incident Type|string|False|Incident Type|
|Object Type|string|False|Object Type|
|policy_names|[]string|False|List of policies|
|Priority|string|False|Priority of the incident|
|Remediation Action|[]string|False|Remediation Action|
|resolution_state|string|False|Resolution State|
|SCL Score|integer|False|None|
|Is email tagged|boolean|False|Is email tagged|
|Subject|string|False|Subject|
|users|[]user|False|List of users|

#### user

|Name|Type|Required|Description|
|----|----|--------|-----------|
|User email|string|False|User email|
|Is User VIP|boolean|False|Is User VIP|
|user name|string|False|User name|


## Troubleshooting

_This plugin does not contain any troubleshooting information._

# Version History

* 1.0.0 - Initial plugin

# Links

* [Armorblox](https://www.armorblox.com/)
## References
Binary file added plugins/armorblox/icon.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
1 change: 1 addition & 0 deletions plugins/armorblox/icon_armorblox/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# GENERATED BY KOMAND SDK - DO NOT EDIT
2 changes: 2 additions & 0 deletions plugins/armorblox/icon_armorblox/actions/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# GENERATED BY KOMAND SDK - DO NOT EDIT
from .get_remediation_action.action import GetRemediationAction
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# GENERATED BY KOMAND SDK - DO NOT EDIT
from .action import GetRemediationAction
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
import insightconnect_plugin_runtime
from .schema import GetRemediationActionInput, GetRemediationActionOutput, Input, Output, Component
# Custom imports below


class GetRemediationAction(insightconnect_plugin_runtime.Action):

def __init__(self):
super(self.__class__, self).__init__(
name='get_remediation_action',
description=Component.DESCRIPTION,
input=GetRemediationActionInput(),
output=GetRemediationActionOutput())

def run(self, params={}):
remediation_details = self.connection.api.get_remediation_action(params.get(Input.INCIDENT_ID))
return {Output.REMEDIATION_DETAILS: remediation_details}

Loading

0 comments on commit d53b0b0

Please sign in to comment.