-
Notifications
You must be signed in to change notification settings - Fork 55
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Updated armorblox plugin with the review comments. (#1721)
* Initial commit for armorblox plugin * Fix validate errors * Timestamp changes * Updated armorblox-sdk 0.1.4 version in requirements.txt * Updated the suggestions for plugin.spec.yaml * Update plugins/armorblox/help.md * Update plugins/armorblox/help.md * Update plugins/armorblox/help.md * Update plugins/armorblox/help.md * Update plugins/armorblox/help.md * Update plugins/armorblox/help.md * Update plugins/armorblox/help.md * Updated review comments * Update plugins/armorblox/icon_armorblox/triggers/get_incidents/schema.py * Update plugins/armorblox/unit_test/payloads/get_remediation_action.json * Update plugins/armorblox/unit_test/payloads/get_remediation_action.json * Updated armorblox plugin with the required fixes * Updated plugin with latest fixes * Updated plugin with parameterized on test cases * "Fixed review comments" * Updated support field to community in plugin.spec.yaml --------- Co-authored-by: Ankita Sharma <[email protected]> Co-authored-by: Rajat Upadhyaya <[email protected]>
- Loading branch information
1 parent
6fb9df6
commit d53b0b0
Showing
31 changed files
with
1,281 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
{ | ||
"spec": "406fd799fb05d81464ed8cb863ea1f56", | ||
"manifest": "433b5ba19020a0a518c333be03af4eab", | ||
"setup": "67d906e679bb88b8e56aa98bc008d58b", | ||
"schemas": [ | ||
{ | ||
"identifier": "get_remediation_action/schema.py", | ||
"hash": "6ac6405d0147b2df173e4e2fd5df44b5" | ||
}, | ||
{ | ||
"identifier": "connection/schema.py", | ||
"hash": "96db429999d91d2e040fc52f6e02fec7" | ||
}, | ||
{ | ||
"identifier": "get_incidents/schema.py", | ||
"hash": "cc8737d06f9995ac1c317d6e0093cef6" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
unit_test/**/* | ||
unit_test | ||
examples/**/* | ||
examples | ||
tests | ||
tests/**/* | ||
**/*.json | ||
**/*.tar | ||
**/*.gz |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
FROM rapid7/insightconnect-python-3-38-plugin:4 | ||
# Refer to the following documentation for available SDK parent images: https://komand.github.io/python/sdk.html#version | ||
|
||
LABEL organization=rapid7 | ||
LABEL sdk=python | ||
|
||
# Add any custom package dependencies here | ||
# NOTE: Add pip packages to requirements.txt | ||
|
||
# End package dependencies | ||
|
||
# Add source code | ||
WORKDIR /python/src | ||
ADD ./plugin.spec.yaml /plugin.spec.yaml | ||
ADD . /python/src | ||
|
||
RUN apt-get update && apt-get install -y git | ||
|
||
# Install pip dependencies | ||
RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | ||
|
||
# Install plugin | ||
RUN python setup.py build && python setup.py install | ||
|
||
# User to run plugin code. The two supported users are: root, nobody | ||
USER nobody | ||
|
||
ENTRYPOINT ["/usr/local/bin/icon_armorblox"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
# Include other Makefiles for improved functionality | ||
INCLUDE_DIR = ../../tools/Makefiles | ||
MAKEFILES := $(wildcard $(INCLUDE_DIR)/*.mk) | ||
# We can't guarantee customers will have the include files | ||
# - prefix to ignore Makefiles when not present | ||
# https://www.gnu.org/software/make/manual/html_node/Include.html | ||
-include $(MAKEFILES) | ||
|
||
ifneq ($(MAKEFILES),) | ||
$(info [$(YELLOW)*$(NORMAL)] Use ``make menu`` for available targets) | ||
$(info [$(YELLOW)*$(NORMAL)] Including available Makefiles: $(MAKEFILES)) | ||
$(info --) | ||
else | ||
$(warning Makefile includes directory not present: $(INCLUDE_DIR)) | ||
endif | ||
|
||
VERSION?=$(shell grep '^version: ' plugin.spec.yaml | sed 's/version: //') | ||
NAME?=$(shell grep '^name: ' plugin.spec.yaml | sed 's/name: //') | ||
VENDOR?=$(shell grep '^vendor: ' plugin.spec.yaml | sed 's/vendor: //') | ||
CWD?=$(shell basename $(PWD)) | ||
_NAME?=$(shell echo $(NAME) | awk '{ print toupper(substr($$0,1,1)) tolower(substr($$0,2)) }') | ||
PKG=$(VENDOR)-$(NAME)-$(VERSION).tar.gz | ||
|
||
# Set default target explicitly. Make's default behavior is the first target in the Makefile. | ||
# We don't want that behavior due to includes which are read first | ||
.DEFAULT_GOAL := default # Make >= v3.80 (make -version) | ||
|
||
|
||
default: image tarball | ||
|
||
tarball: | ||
$(info [$(YELLOW)*$(NORMAL)] Creating plugin tarball) | ||
rm -rf build | ||
rm -rf $(PKG) | ||
tar -cvzf $(PKG) --exclude=$(PKG) --exclude=tests --exclude=run.sh * | ||
|
||
image: | ||
$(info [$(YELLOW)*$(NORMAL)] Building plugin image) | ||
docker build --pull -t $(VENDOR)/$(NAME):$(VERSION) . | ||
docker tag $(VENDOR)/$(NAME):$(VERSION) $(VENDOR)/$(NAME):latest | ||
|
||
regenerate: | ||
$(info [$(YELLOW)*$(NORMAL)] Regenerating schema from plugin.spec.yaml) | ||
icon-plugin generate python --regenerate | ||
|
||
export: image | ||
$(info [$(YELLOW)*$(NORMAL)] Exporting docker image) | ||
@printf "\n ---> Exporting Docker image to ./$(VENDOR)_$(NAME)_$(VERSION).tar\n" | ||
@docker save $(VENDOR)/$(NAME):$(VERSION) | gzip > $(VENDOR)_$(NAME)_$(VERSION).tar | ||
|
||
# Make will not run a target if a file of the same name exists unless setting phony targets | ||
# https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html | ||
.PHONY: default tarball image regenerate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
#!/usr/bin/env python | ||
# GENERATED BY KOMAND SDK - DO NOT EDIT | ||
import os | ||
import json | ||
from sys import argv | ||
|
||
Name = "Armorblox" | ||
Vendor = "armorblox" | ||
Version = "1.0.0" | ||
Description = "Armorblox is an API-based platform that stops targeted email attacks, protects sensitive data, and automates incident response" | ||
|
||
|
||
def main(): | ||
if 'http' in argv: | ||
if os.environ.get("GUNICORN_CONFIG_FILE"): | ||
with open(os.environ.get("GUNICORN_CONFIG_FILE")) as gf: | ||
gunicorn_cfg = json.load(gf) | ||
if gunicorn_cfg.get("worker_class", "sync") == "gevent": | ||
from gevent import monkey | ||
monkey.patch_all() | ||
elif 'gevent' in argv: | ||
from gevent import monkey | ||
monkey.patch_all() | ||
|
||
import insightconnect_plugin_runtime | ||
from icon_armorblox import connection, actions, triggers | ||
|
||
class ICONArmorblox(insightconnect_plugin_runtime.Plugin): | ||
def __init__(self): | ||
super(self.__class__, self).__init__( | ||
name=Name, | ||
vendor=Vendor, | ||
version=Version, | ||
description=Description, | ||
connection=connection.Connection() | ||
) | ||
self.add_trigger(triggers.GetIncidents()) | ||
|
||
self.add_action(actions.GetRemediationAction()) | ||
|
||
|
||
"""Run plugin""" | ||
cli = insightconnect_plugin_runtime.CLI(ICONArmorblox()) | ||
cli.run() | ||
|
||
|
||
if __name__ == "__main__": | ||
main() |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,165 @@ | ||
# Description | ||
|
||
Armorblox is an API-based platform that stops targeted email attacks, protects sensitive data, and automates incident response | ||
|
||
# Key Features | ||
|
||
* Fetches incidents detected by Armorblox for the given tenant. | ||
* Retrieves the remediation action for a given incident. | ||
|
||
# Requirements | ||
|
||
* Requires an API key from the product. | ||
|
||
# Supported Product Versions | ||
|
||
* 1.0.0 | ||
|
||
# Documentation | ||
|
||
## Setup | ||
|
||
The connection configuration accepts the following parameters: | ||
|
||
|Name|Type|Default|Required|Description|Enum|Example| | ||
|----|----|-------|--------|-----------|----|-------| | ||
|api_key|credential_secret_key|None|True|Armorblox API Key|None|9de5069c5afe602b2ea0a04b66beb2c0| | ||
|tenant_name|string|None|True|Armorblox Tenant Name|None|my-tenant-name| | ||
|
||
Example input: | ||
|
||
``` | ||
{ | ||
"api_key": "9de5069c5afe602b2ea0a04b66beb2c0", | ||
"tenant_name": "my-tenant-name" | ||
} | ||
``` | ||
## Technical Details | ||
|
||
### Actions | ||
|
||
#### Get Remediation Action | ||
|
||
This action is used to fetch remediation action of an incident identified by Armorblox. | ||
|
||
##### Input | ||
|
||
|Name|Type|Default|Required|Description|Enum|Example| | ||
|----|----|-------|--------|-----------|----|-------| | ||
|incident_id|string|None|True|An integer number identifying the incident|None|3490| | ||
|
||
Example input: | ||
|
||
``` | ||
{ | ||
"incident_id": 3490 | ||
} | ||
``` | ||
|
||
##### Output | ||
|
||
|Name|Type|Required|Description| | ||
|----|----|--------|-----------| | ||
|remediation_details|string|True|Remediation action of the requested incident identified by Armorblox| | ||
|
||
Example output: | ||
``` | ||
{ | ||
"remediation_details": "ALERT" | ||
} | ||
``` | ||
|
||
### Triggers | ||
|
||
#### Get Incidents | ||
|
||
This trigger is used to get a list of incidents identified by Armorblox. By default, it starts querying for all the incidents since the previous day. | ||
|
||
##### Input | ||
|
||
|Name|Type|Default|Required|Description|Enum|Example| | ||
|----|----|-------|--------|-----------|----|-------| | ||
|interval|integer|600|False|Polling interval in seconds|None|600| | ||
|
||
Example input: | ||
|
||
``` | ||
{ | ||
"interval": 600 | ||
} | ||
``` | ||
|
||
##### Output | ||
|
||
|Name|Type|Required|Description| | ||
|----|----|--------|-----------| | ||
|incidents|[]incident|True|A list of incidents identified by Armorblox| | ||
|
||
Example output: | ||
|
||
``` | ||
{ | ||
"incidents": "some incidents" | ||
} | ||
``` | ||
|
||
### Custom Output Types | ||
|
||
#### engagement | ||
|
||
|Name|Type|Required|Description| | ||
|----|----|--------|-----------| | ||
|Forwarded Mail Count|string|False|Forwarded Mail Count| | ||
|Reply Mail Count|string|False|Reply Mail Count| | ||
|
||
#### final_detection_tag | ||
|
||
|Name|Type|Required|Description| | ||
|----|----|--------|-----------| | ||
|Detection tag ID|string|False|Detection tag ID| | ||
|Detection tag name|string|False|Detection tag name| | ||
|
||
#### incident | ||
|
||
|Name|Type|Required|Description| | ||
|----|----|--------|-----------| | ||
|App Name|string|False|App Name| | ||
|Incident Date|date|False|None| | ||
|Engagements|engagement|False|Engagements| | ||
|External senders|[]string|False|List of external senders| | ||
|External users|[]user|False|List of external users| | ||
|Detection tags|[]final_detection_tag|False|Detection tags| | ||
|Folder categories|[]string|False|Folder categories| | ||
|Incident ID|string|False|Incident ID| | ||
|Incident Type|string|False|Incident Type| | ||
|Object Type|string|False|Object Type| | ||
|policy_names|[]string|False|List of policies| | ||
|Priority|string|False|Priority of the incident| | ||
|Remediation Action|[]string|False|Remediation Action| | ||
|resolution_state|string|False|Resolution State| | ||
|SCL Score|integer|False|None| | ||
|Is email tagged|boolean|False|Is email tagged| | ||
|Subject|string|False|Subject| | ||
|users|[]user|False|List of users| | ||
|
||
#### user | ||
|
||
|Name|Type|Required|Description| | ||
|----|----|--------|-----------| | ||
|User email|string|False|User email| | ||
|Is User VIP|boolean|False|Is User VIP| | ||
|user name|string|False|User name| | ||
|
||
|
||
## Troubleshooting | ||
|
||
_This plugin does not contain any troubleshooting information._ | ||
|
||
# Version History | ||
|
||
* 1.0.0 - Initial plugin | ||
|
||
# Links | ||
|
||
* [Armorblox](https://www.armorblox.com/) | ||
## References |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
# GENERATED BY KOMAND SDK - DO NOT EDIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
# GENERATED BY KOMAND SDK - DO NOT EDIT | ||
from .get_remediation_action.action import GetRemediationAction |
2 changes: 2 additions & 0 deletions
2
plugins/armorblox/icon_armorblox/actions/get_remediation_action/__init__.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
# GENERATED BY KOMAND SDK - DO NOT EDIT | ||
from .action import GetRemediationAction |
18 changes: 18 additions & 0 deletions
18
plugins/armorblox/icon_armorblox/actions/get_remediation_action/action.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
import insightconnect_plugin_runtime | ||
from .schema import GetRemediationActionInput, GetRemediationActionOutput, Input, Output, Component | ||
# Custom imports below | ||
|
||
|
||
class GetRemediationAction(insightconnect_plugin_runtime.Action): | ||
|
||
def __init__(self): | ||
super(self.__class__, self).__init__( | ||
name='get_remediation_action', | ||
description=Component.DESCRIPTION, | ||
input=GetRemediationActionInput(), | ||
output=GetRemediationActionOutput()) | ||
|
||
def run(self, params={}): | ||
remediation_details = self.connection.api.get_remediation_action(params.get(Input.INCIDENT_ID)) | ||
return {Output.REMEDIATION_DETAILS: remediation_details} | ||
|
Oops, something went wrong.