diff --git a/plugins/dig/.CHECKSUM b/plugins/dig/.CHECKSUM index 9f24cc103f..f372029a23 100644 --- a/plugins/dig/.CHECKSUM +++ b/plugins/dig/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "d8d50c9db39ba033e610719769fd8ca1", - "manifest": "268c1317febaf06659794c9325f8141b", - "setup": "449d4e32ca0d63cb46e14c20f625e0bc", + "spec": "8ff0f3308351b1a44cf24084dbf42ce8", + "manifest": "2e3c5a1e4029c779bf99991d18b47a67", + "setup": "b5a0e6ff2254c0ce4138185e153bfe5c", "schemas": [ { "identifier": "forward/schema.py", diff --git a/plugins/dig/Dockerfile b/plugins/dig/Dockerfile index 8846bd9466..fb7d7104aa 100755 --- a/plugins/dig/Dockerfile +++ b/plugins/dig/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.1.2 +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.2.2 LABEL organization=rapid7 LABEL sdk=python diff --git a/plugins/dig/bin/komand_dig b/plugins/dig/bin/komand_dig index de38148e3d..1ff6caf809 100755 --- a/plugins/dig/bin/komand_dig +++ b/plugins/dig/bin/komand_dig @@ -6,7 +6,7 @@ from sys import argv Name = "DNS" Vendor = "rapid7" -Version = "2.0.3" +Version = "2.0.4" Description = "The DNS plugin is used for forward and reverse DNS lookups. This plugin uses [Dig](https://linux.die.net/man/1/dig), or Domain Information Groper, which is a network administration command-line tool for querying Domain Name System (DNS) name servers" diff --git a/plugins/dig/help.md b/plugins/dig/help.md index 2af63e4c3c..47abe53dbf 100644 --- a/plugins/dig/help.md +++ b/plugins/dig/help.md @@ -186,6 +186,7 @@ Common examples: # Version History +* 2.0.4 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities * 2.0.3 - Initial updates for fedramp compliance | Updated SDK to the latest * 2.0.2 - Updated SDK to the latest version | Added validation for input parameters * 2.0.1 - Added `__init__.py` file to `unit_test` folder | Refreshed with new Tooling diff --git a/plugins/dig/plugin.spec.yaml b/plugins/dig/plugin.spec.yaml index f451231291..e91a2d5689 100644 --- a/plugins/dig/plugin.spec.yaml +++ b/plugins/dig/plugin.spec.yaml @@ -4,7 +4,7 @@ products: [insightconnect] name: dig title: DNS description: The DNS plugin is used for forward and reverse DNS lookups. This plugin uses [Dig](https://linux.die.net/man/1/dig), or Domain Information Groper, which is a network administration command-line tool for querying Domain Name System (DNS) name servers -version: 2.0.3 +version: 2.0.4 connection_version: 2 vendor: rapid7 support: community @@ -12,7 +12,7 @@ supported_versions: ["2024-09-10"] status: [] sdk: type: full - version: 6.1.2 + version: 6.2.2 user: nobody packages: - bind-tools @@ -63,6 +63,7 @@ references: - "[Dig](https://linux.die.net/man/1/dig)" - "[DNS Status Code](https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml)" version_history: + - "2.0.4 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities" - "2.0.3 - Initial updates for fedramp compliance | Updated SDK to the latest" - "2.0.2 - Updated SDK to the latest version | Added validation for input parameters" - "2.0.1 - Added `__init__.py` file to `unit_test` folder | Refreshed with new Tooling" diff --git a/plugins/dig/setup.py b/plugins/dig/setup.py index 3cd29330a1..5ef6dc7a4d 100755 --- a/plugins/dig/setup.py +++ b/plugins/dig/setup.py @@ -3,7 +3,7 @@ setup(name="dig-rapid7-plugin", - version="2.0.3", + version="2.0.4", description="The DNS plugin is used for forward and reverse DNS lookups. This plugin uses [Dig](https://linux.die.net/man/1/dig), or Domain Information Groper, which is a network administration command-line tool for querying Domain Name System (DNS) name servers", author="rapid7", author_email="", diff --git a/plugins/duo_admin/.CHECKSUM b/plugins/duo_admin/.CHECKSUM index 68eca0be81..a13791cdb4 100644 --- a/plugins/duo_admin/.CHECKSUM +++ b/plugins/duo_admin/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "f47b7b4bc59db3b5f839955535a59660", - "manifest": "087aa32ede6b854cd63bda601038017a", - "setup": "6628c0c3a6eb2e3828cdcc104e0c08d2", + "spec": "73c2331db15a7ec15ca36e7e166746d4", + "manifest": "672f0da4df4edb87ab669d69e435c5c7", + "setup": "8a8919e13bd1afe4849427d3dae6dbf4", "schemas": [ { "identifier": "add_user/schema.py", diff --git a/plugins/duo_admin/Dockerfile b/plugins/duo_admin/Dockerfile index ec2b1d2937..12be6872d5 100644 --- a/plugins/duo_admin/Dockerfile +++ b/plugins/duo_admin/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.1.2 +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.2.2 LABEL organization=rapid7 LABEL sdk=python diff --git a/plugins/duo_admin/bin/komand_duo_admin b/plugins/duo_admin/bin/komand_duo_admin index bc35783421..884065b098 100755 --- a/plugins/duo_admin/bin/komand_duo_admin +++ b/plugins/duo_admin/bin/komand_duo_admin @@ -6,7 +6,7 @@ from sys import argv Name = "Duo Admin API" Vendor = "rapid7" -Version = "5.0.1" +Version = "5.0.2" Description = "[Duo](https://duo.com/)'s Trusted Access platform verifies the identity of your users with two-factor authentication and security health of their devices before they connect to the apps they use. Using the Duo plugin for InsightConnect will allow Duo user management within automation workflows" diff --git a/plugins/duo_admin/help.md b/plugins/duo_admin/help.md index eeb8315cdd..710d67a9d2 100644 --- a/plugins/duo_admin/help.md +++ b/plugins/duo_admin/help.md @@ -1010,6 +1010,7 @@ Many actions in this plugin take a User ID as input. A User ID is not the userna # Version History +* 5.0.2 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities * 5.0.1 - Update to enable Plugin as FedRAMP ready | Update SDK (`6.1.2`) * 5.0.0 - Updated to include latest SDK v5.5.5 | Removing Unused fields from User Object * 4.4.2 - Updated to include latest SDK v5.4.9 | Task `Monitor Logs` updated to increase max lookback cutoff to 7 days diff --git a/plugins/duo_admin/plugin.spec.yaml b/plugins/duo_admin/plugin.spec.yaml index fbb05ea2ed..dcf6087613 100644 --- a/plugins/duo_admin/plugin.spec.yaml +++ b/plugins/duo_admin/plugin.spec.yaml @@ -11,7 +11,7 @@ status: [] supported_versions: ["Duo Admin API 2024-09-17"] sdk: type: full - version: 6.1.2 + version: 6.2.2 user: nobody description: "[Duo](https://duo.com/)'s Trusted Access platform verifies the identity of your users with two-factor authentication and security health of their devices before they connect to the apps they use. Using the Duo plugin for InsightConnect will allow Duo user management within automation workflows" @@ -29,7 +29,7 @@ key_features: requirements: - "Two secret keys - `integration key` and `secret key`" - "`API hostname`" -version: 5.0.1 +version: 5.0.2 connection_version: 4 resources: source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/duo_admin @@ -50,6 +50,7 @@ references: troubleshooting: "Many actions in this plugin take a User ID as input. A User ID is not the username - instead it's a unique identifier e.g. DU9I6T0F7R2S1J4XZHHA. A User ID can be obtained by passing a username to the Get User Status action." version_history: +- "5.0.2 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities" - "5.0.1 - Update to enable Plugin as FedRAMP ready | Update SDK (`6.1.2`)" - "5.0.0 - Updated to include latest SDK v5.5.5 | Removing Unused fields from User Object" - "4.4.2 - Updated to include latest SDK v5.4.9 | Task `Monitor Logs` updated to increase max lookback cutoff to 7 days" diff --git a/plugins/duo_admin/setup.py b/plugins/duo_admin/setup.py index a964d66928..e89795d678 100644 --- a/plugins/duo_admin/setup.py +++ b/plugins/duo_admin/setup.py @@ -3,7 +3,7 @@ setup(name="duo_admin-rapid7-plugin", - version="5.0.1", + version="5.0.2", description="[Duo](https://duo.com/)'s Trusted Access platform verifies the identity of your users with two-factor authentication and security health of their devices before they connect to the apps they use. Using the Duo plugin for InsightConnect will allow Duo user management within automation workflows", author="rapid7", author_email="", diff --git a/plugins/microsoft_atp/.CHECKSUM b/plugins/microsoft_atp/.CHECKSUM index 7960d38bd5..e08785a4df 100644 --- a/plugins/microsoft_atp/.CHECKSUM +++ b/plugins/microsoft_atp/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "934e6a0e86aaf3bfeaf24c22d52b2f4f", - "manifest": "4702833d54d4ebd07beee1e4ac146a61", - "setup": "b11db1dff4ae3bd168fabd3691c4fd78", + "spec": "b247f2cc2b894b70b8e6bc2d9f630077", + "manifest": "e15eee3183e32aca45667b79fbdca373", + "setup": "d291d680acf58e924d74b9baf70b537e", "schemas": [ { "identifier": "blacklist/schema.py", diff --git a/plugins/microsoft_atp/Dockerfile b/plugins/microsoft_atp/Dockerfile index 58dd84b2a0..739f8ff40d 100755 --- a/plugins/microsoft_atp/Dockerfile +++ b/plugins/microsoft_atp/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.1.2 +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.2.2 LABEL organization=rapid7 LABEL sdk=python diff --git a/plugins/microsoft_atp/bin/komand_microsoft_atp b/plugins/microsoft_atp/bin/komand_microsoft_atp index 97b3d6658c..ffd45bc423 100755 --- a/plugins/microsoft_atp/bin/komand_microsoft_atp +++ b/plugins/microsoft_atp/bin/komand_microsoft_atp @@ -6,7 +6,7 @@ from sys import argv Name = "Microsoft Windows Defender ATP" Vendor = "rapid7" -Version = "6.0.0" +Version = "6.0.1" Description = "The Windows Defender Advanced Threat Protection plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files" diff --git a/plugins/microsoft_atp/help.md b/plugins/microsoft_atp/help.md index 70de0cc911..4b55c70acd 100644 --- a/plugins/microsoft_atp/help.md +++ b/plugins/microsoft_atp/help.md @@ -1335,6 +1335,7 @@ Example output: # Version History +* 6.0.1 - Update to latest SDK (v6.2.2) | Address vulnerabilities * 6.0.0 - Updated SDK to the latest version | Initial updates for fedramp compliance * 5.2.0 - Add new action: Update Alert * 5.1.0 - Adding the following as new action types to `blacklist` action ['Warn', 'Block', 'Audit'] | Add a new flag in the `blacklist` action to toggle generateAlerts flag | Bump SDK to version 5.4.9 @@ -1369,4 +1370,4 @@ Example output: ## References * [Windows Defender ATP API Start Page](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/use-apis) -* [Windows Defender ATP API Endpoints](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/exposed-apis-list) +* [Windows Defender ATP API Endpoints](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/exposed-apis-list) \ No newline at end of file diff --git a/plugins/microsoft_atp/plugin.spec.yaml b/plugins/microsoft_atp/plugin.spec.yaml index c8504cb3e9..8326e3eda0 100644 --- a/plugins/microsoft_atp/plugin.spec.yaml +++ b/plugins/microsoft_atp/plugin.spec.yaml @@ -4,7 +4,7 @@ products: ["insightconnect"] name: microsoft_atp title: Microsoft Windows Defender ATP description: The Windows Defender Advanced Threat Protection plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files -version: 6.0.0 +version: 6.0.1 connection_version: 6 supported_versions: ["2024-05-21"] vendor: rapid7 @@ -27,7 +27,7 @@ hub_tags: features: [] sdk: type: full - version: 6.1.2 + version: 6.2.2 user: nobody links: - "[Windows Defender ATP](https://www.microsoft.com/en-us/windowsforbusiness/windows-atp)" @@ -35,6 +35,7 @@ references: - "[Windows Defender ATP API Start Page](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/use-apis)" - "[Windows Defender ATP API Endpoints](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/exposed-apis-list)" version_history: + - "6.0.1 - Update to latest SDK (v6.2.2) | Address vulnerabilities" - "6.0.0 - Updated SDK to the latest version | Initial updates for fedramp compliance" - "5.2.0 - Add new action: Update Alert" - "5.1.0 - Adding the following as new action types to `blacklist` action ['Warn', 'Block', 'Audit'] | Add a new flag in the `blacklist` action to toggle generateAlerts flag | Bump SDK to version 5.4.9" diff --git a/plugins/microsoft_atp/setup.py b/plugins/microsoft_atp/setup.py index c63aca2c22..f68a98263e 100644 --- a/plugins/microsoft_atp/setup.py +++ b/plugins/microsoft_atp/setup.py @@ -3,7 +3,7 @@ setup(name="microsoft_atp-rapid7-plugin", - version="6.0.0", + version="6.0.1", description="The Windows Defender Advanced Threat Protection plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files", author="rapid7", author_email="", diff --git a/plugins/okta/.CHECKSUM b/plugins/okta/.CHECKSUM index 295eb4e59a..f3b068ebd4 100644 --- a/plugins/okta/.CHECKSUM +++ b/plugins/okta/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "55804de5fdc62b247108b9ffdf49c6f3", - "manifest": "c9a21195f087872d65be963dde53e9e9", - "setup": "b8e8d2517e6d742553d5d4767b1face8", + "spec": "c52fa69769d8388de102d29fa011df8e", + "manifest": "2db4eb90f95f2a5eec67e4e28f1a736d", + "setup": "2913648b2ac528d2c75f3b1032a57d60", "schemas": [ { "identifier": "add_user_to_group/schema.py", @@ -73,7 +73,7 @@ }, { "identifier": "monitor_logs/schema.py", - "hash": "6716ca24c5d2004903afd259a49fe66e" + "hash": "c7846002b9cb1c3069e098b40868f0d2" }, { "identifier": "users_added_removed_from_group/schema.py", diff --git a/plugins/okta/Dockerfile b/plugins/okta/Dockerfile index d8a96f15f5..640e8feb95 100644 --- a/plugins/okta/Dockerfile +++ b/plugins/okta/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.1.3 +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.2 LABEL organization=rapid7 LABEL sdk=python diff --git a/plugins/okta/bin/komand_okta b/plugins/okta/bin/komand_okta index eb8a1e2dad..4d9ea0ac46 100755 --- a/plugins/okta/bin/komand_okta +++ b/plugins/okta/bin/komand_okta @@ -6,7 +6,7 @@ from sys import argv Name = "Okta" Vendor = "rapid7" -Version = "4.2.11" +Version = "4.2.12" Description = "[Okta](https://www.okta.com/) is a SSO and account lifecycle management provider that allows companies to integrate their central user account system with a wide variety of other applications and services" diff --git a/plugins/okta/help.md b/plugins/okta/help.md index 79a8c157ed..4215c86a29 100644 --- a/plugins/okta/help.md +++ b/plugins/okta/help.md @@ -1598,6 +1598,7 @@ Actions may fail depending on the state of the resource you attempt to operate o # Version History +* 4.2.12 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities * 4.2.11 - Initial updates for fedramp compliance | Updated SDK to the latest version * 4.2.10 - Monitor Logs Task: Add exception handling if invalid subdomain provided * 4.2.9 - SDK Bump to 6.1.0 | Task Connection test added diff --git a/plugins/okta/plugin.spec.yaml b/plugins/okta/plugin.spec.yaml index a38921186c..36ad34146b 100644 --- a/plugins/okta/plugin.spec.yaml +++ b/plugins/okta/plugin.spec.yaml @@ -11,11 +11,11 @@ status: [] supported_versions: ["Okta API 22-05-2023"] sdk: type: slim - version: 6.1.3 + version: 6.2.2 user: nobody description: "[Okta](https://www.okta.com/) is a SSO and account lifecycle management provider that allows companies to integrate their central user account system with a wide variety of other applications and services" -version: 4.2.11 +version: 4.2.12 connection_version: 4 resources: source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/okta @@ -32,6 +32,7 @@ hub_tags: features: [] troubleshooting: "Actions may fail depending on the state of the resource you attempt to operate over. They will return a best-effort message indicating why the Okta API responded the way it did when possible. Depending on the API endpoint, this message is either provided by Okta themselves, or constructed by the plugin based on the information it has at hand." version_history: + - "4.2.12 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities" - "4.2.11 - Initial updates for fedramp compliance | Updated SDK to the latest version" - "4.2.10 - Monitor Logs Task: Add exception handling if invalid subdomain provided" - "4.2.9 - SDK Bump to 6.1.0 | Task Connection test added" diff --git a/plugins/okta/setup.py b/plugins/okta/setup.py index 1df4f2b8bc..7a09c0d7f5 100644 --- a/plugins/okta/setup.py +++ b/plugins/okta/setup.py @@ -3,7 +3,7 @@ setup(name="okta-rapid7-plugin", - version="4.2.11", + version="4.2.12", description="[Okta](https://www.okta.com/) is a SSO and account lifecycle management provider that allows companies to integrate their central user account system with a wide variety of other applications and services", author="rapid7", author_email="", diff --git a/plugins/rapid7_insight_agent/.CHECKSUM b/plugins/rapid7_insight_agent/.CHECKSUM index 39fbe0b70a..1b644da355 100644 --- a/plugins/rapid7_insight_agent/.CHECKSUM +++ b/plugins/rapid7_insight_agent/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "84beb2a66c2d69fe169e28ef52286a6b", - "manifest": "7128ea302016efb7c4e1b205f30ddc63", - "setup": "9342d20648410079f107ce3d1bcd8d17", + "spec": "b8b7370c8f21f0adcc0684545a186a56", + "manifest": "fbc1b04c51c6c8816dac6cee216341c2", + "setup": "7f65232e4808ae89ad79c06f1b2dc5a2", "schemas": [ { "identifier": "check_agent_status/schema.py", diff --git a/plugins/rapid7_insight_agent/bin/icon_rapid7_insight_agent b/plugins/rapid7_insight_agent/bin/icon_rapid7_insight_agent index 951bc009ee..d5d5d56f56 100755 --- a/plugins/rapid7_insight_agent/bin/icon_rapid7_insight_agent +++ b/plugins/rapid7_insight_agent/bin/icon_rapid7_insight_agent @@ -6,7 +6,7 @@ from sys import argv Name = "Rapid7 Insight Agent" Vendor = "rapid7" -Version = "3.0.1" +Version = "3.0.2" Description = "Using the Insight Agent plugin from InsightConnect, you can quarantine, unquarantine and monitor potentially malicious IPs, addresses, hostnames, and devices across your organization" diff --git a/plugins/rapid7_insight_agent/help.md b/plugins/rapid7_insight_agent/help.md index 9e832c8ad4..f77e801bd9 100644 --- a/plugins/rapid7_insight_agent/help.md +++ b/plugins/rapid7_insight_agent/help.md @@ -459,6 +459,7 @@ If the actions `Get Agent Details` and `Get All Agents by IP` return a `next cur # Version History +* 3.0.2 - Updated to use latest buildpack to address vulnerabilities * 3.0.1 - Update 'Get Agent Details' to allow no assets to be returned | SDK bump to latest version * 3.0.0 - Update `Get Agent Details` and `Get All Agents by IP` to return the next page token if more pages are available to search | Update `Get Agent Details` to return agent location details | Initial updates for fedramp compliance | Updated SDK to the latest version * 2.1.2 - Improve logging | Update SDK diff --git a/plugins/rapid7_insight_agent/plugin.spec.yaml b/plugins/rapid7_insight_agent/plugin.spec.yaml index 3d446267f9..5a206220db 100644 --- a/plugins/rapid7_insight_agent/plugin.spec.yaml +++ b/plugins/rapid7_insight_agent/plugin.spec.yaml @@ -4,7 +4,7 @@ products: [insightconnect] name: rapid7_insight_agent title: Rapid7 Insight Agent description: Using the Insight Agent plugin from InsightConnect, you can quarantine, unquarantine and monitor potentially malicious IPs, addresses, hostnames, and devices across your organization -version: 3.0.1 +version: 3.0.2 connection_version: 2 supported_versions: ["Rapid7 Insight Agent 2024-08-23"] vendor: rapid7 @@ -27,6 +27,7 @@ links: references: - "[Manage Platform API Keys](https://docs.rapid7.com/insight/managing-platform-api-keys/)" version_history: + - "3.0.2 - Updated to use latest buildpack to address vulnerabilities" - "3.0.1 - Update 'Get Agent Details' to allow no assets to be returned | SDK bump to latest version" - "3.0.0 - Update `Get Agent Details` and `Get All Agents by IP` to return the next page token if more pages are available to search | Update `Get Agent Details` to return agent location details | Initial updates for fedramp compliance | Updated SDK to the latest version" - "2.1.2 - Improve logging | Update SDK" diff --git a/plugins/rapid7_insight_agent/setup.py b/plugins/rapid7_insight_agent/setup.py index fd8a650415..6cfabe3a3a 100755 --- a/plugins/rapid7_insight_agent/setup.py +++ b/plugins/rapid7_insight_agent/setup.py @@ -3,7 +3,7 @@ setup(name="rapid7_insight_agent-rapid7-plugin", - version="3.0.1", + version="3.0.2", description="Using the Insight Agent plugin from InsightConnect, you can quarantine, unquarantine and monitor potentially malicious IPs, addresses, hostnames, and devices across your organization", author="rapid7", author_email="", diff --git a/plugins/rapid7_insightcloudsec/.CHECKSUM b/plugins/rapid7_insightcloudsec/.CHECKSUM index 080ccf319e..92bc904bdf 100644 --- a/plugins/rapid7_insightcloudsec/.CHECKSUM +++ b/plugins/rapid7_insightcloudsec/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "b9c8c812633bd9bd84b2ee5507f8f45c", - "manifest": "6d8a32bc07e7bba543fc6414c5d1b4e1", - "setup": "71ad12e7c7d1db068e83d1f3b3b2506d", + "spec": "bcd37d5fb21cbb2966fa4008c7707e4f", + "manifest": "abe1c1678a97e7a903e4b2f0c66b5da1", + "setup": "15ed7d67c7b8ce5b766d8a537bd87a74", "schemas": [ { "identifier": "create_exemption/schema.py", diff --git a/plugins/rapid7_insightcloudsec/Dockerfile b/plugins/rapid7_insightcloudsec/Dockerfile index f4217330ec..9d1ac23b91 100755 --- a/plugins/rapid7_insightcloudsec/Dockerfile +++ b/plugins/rapid7_insightcloudsec/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.1.3 +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.2 LABEL organization=rapid7 LABEL sdk=python diff --git a/plugins/rapid7_insightcloudsec/bin/icon_rapid7_insightcloudsec b/plugins/rapid7_insightcloudsec/bin/icon_rapid7_insightcloudsec index 7bd361573e..17497c4598 100755 --- a/plugins/rapid7_insightcloudsec/bin/icon_rapid7_insightcloudsec +++ b/plugins/rapid7_insightcloudsec/bin/icon_rapid7_insightcloudsec @@ -6,7 +6,7 @@ from sys import argv Name = "Rapid7 InsightCloudSec" Vendor = "rapid7" -Version = "2.1.0" +Version = "2.1.1" Description = "InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment" diff --git a/plugins/rapid7_insightcloudsec/help.md b/plugins/rapid7_insightcloudsec/help.md index 085898c1eb..b1712a5903 100644 --- a/plugins/rapid7_insightcloudsec/help.md +++ b/plugins/rapid7_insightcloudsec/help.md @@ -494,6 +494,7 @@ _This plugin does not contain any troubleshooting information._ # Version History +* 2.1.1 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities * 2.1.0 - Updated SDK to the latest version | Adding a get resource id functionality * 2.0.0 - Enable plugin to run in cloud | Remove actions using defective API endpoints * 1.0.0 - Initial plugin | Add Get Account Details, Get Resource Details, List Resource Tags, Create Exemption, Remove Exemption, Detach Policy, Run Bot on Demand and Switch Organization actions diff --git a/plugins/rapid7_insightcloudsec/plugin.spec.yaml b/plugins/rapid7_insightcloudsec/plugin.spec.yaml index cb3ecdf2be..1289a4c87c 100644 --- a/plugins/rapid7_insightcloudsec/plugin.spec.yaml +++ b/plugins/rapid7_insightcloudsec/plugin.spec.yaml @@ -4,7 +4,7 @@ products: [insightconnect] name: rapid7_insightcloudsec title: Rapid7 InsightCloudSec description: InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment -version: 2.1.0 +version: 2.1.1 connection_version: 2 supported_versions: ["22.10.19"] cloud_ready: true @@ -15,7 +15,7 @@ resources: vendor_url: https://www.rapid7.com sdk: type: "slim" - version: "6.1.3" + version: 6.2.2 user: nobody key_features: - "Create and remove an exemption" @@ -30,6 +30,7 @@ requirements: - "InsightCloudSec API key" troubleshooting: "_This plugin does not contain any troubleshooting information._" version_history: + - "2.1.1 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities" - "2.1.0 - Updated SDK to the latest version | Adding a get resource id functionality" - "2.0.0 - Enable plugin to run in cloud | Remove actions using defective API endpoints" - "1.0.0 - Initial plugin | Add Get Account Details, Get Resource Details, List Resource Tags, Create Exemption, Remove Exemption, Detach Policy, Run Bot on Demand and Switch Organization actions" diff --git a/plugins/rapid7_insightcloudsec/setup.py b/plugins/rapid7_insightcloudsec/setup.py index 245dd67d45..40292b8237 100755 --- a/plugins/rapid7_insightcloudsec/setup.py +++ b/plugins/rapid7_insightcloudsec/setup.py @@ -3,7 +3,7 @@ setup(name="rapid7_insightcloudsec-rapid7-plugin", - version="2.1.0", + version="2.1.1", description="InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment", author="rapid7", author_email="", diff --git a/plugins/rapid7_insightvm/.CHECKSUM b/plugins/rapid7_insightvm/.CHECKSUM index 647b65802a..db6d034080 100644 --- a/plugins/rapid7_insightvm/.CHECKSUM +++ b/plugins/rapid7_insightvm/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "6099ff1718aec952d1591cda08e21497", - "manifest": "f2a7c7fc917326def786ef96670f98d5", - "setup": "f07635c7bdffcd4737a2ff58f82232ab", + "spec": "56723b3b629afb9f25004fc228cc4270", + "manifest": "21c5769aa39fc81c6b1539f6a274836c", + "setup": "acf3a983a67ab01ab4061df14bb7c0b6", "schemas": [ { "identifier": "add_scan_engine_pool_engine/schema.py", diff --git a/plugins/rapid7_insightvm/bin/komand_rapid7_insightvm b/plugins/rapid7_insightvm/bin/komand_rapid7_insightvm index ada40bde52..406c38b93f 100755 --- a/plugins/rapid7_insightvm/bin/komand_rapid7_insightvm +++ b/plugins/rapid7_insightvm/bin/komand_rapid7_insightvm @@ -6,7 +6,7 @@ from sys import argv Name = "Rapid7 InsightVM Console" Vendor = "rapid7" -Version = "8.0.8" +Version = "8.0.9" Description = "InsightVM is a powerful vulnerability management tool which finds, prioritizes, and remediates vulnerabilities. This plugin uses an orchestrator to get top remediations, scan results and start scans" diff --git a/plugins/rapid7_insightvm/help.md b/plugins/rapid7_insightvm/help.md index a809611ee9..756cf642bf 100644 --- a/plugins/rapid7_insightvm/help.md +++ b/plugins/rapid7_insightvm/help.md @@ -4012,6 +4012,7 @@ Example output: # Version History +* 8.0.9 - Address vulnerabilities in buildpack * 8.0.8 - Bumping requirements.txt | SDK bump to 6.2.2 * 8.0.7 - Bumping requirements.txt | SDK bump to 6.2.0 * 8.0.6 - Trigger `New Exception Request`: Updated the trigger with retry mechanism diff --git a/plugins/rapid7_insightvm/plugin.spec.yaml b/plugins/rapid7_insightvm/plugin.spec.yaml index e49b321d41..755502fb82 100644 --- a/plugins/rapid7_insightvm/plugin.spec.yaml +++ b/plugins/rapid7_insightvm/plugin.spec.yaml @@ -4,7 +4,7 @@ products: [insightconnect] name: rapid7_insightvm title: Rapid7 InsightVM Console description: InsightVM is a powerful vulnerability management tool which finds, prioritizes, and remediates vulnerabilities. This plugin uses an orchestrator to get top remediations, scan results and start scans -version: 8.0.8 +version: 8.0.9 connection_version: 8 supported_versions: ["Rapid7 InsightVM API v3 2022-05-25"] fedramp_ready: true @@ -26,6 +26,7 @@ links: references: - "[InsightVM API 3](https://help.rapid7.com/insightvm/en-us/api/index.html)" version_history: + - "8.0.9 - Address vulnerabilities in buildpack" - "8.0.8 - Bumping requirements.txt | SDK bump to 6.2.2" - "8.0.7 - Bumping requirements.txt | SDK bump to 6.2.0" - "8.0.6 - Trigger `New Exception Request`: Updated the trigger with retry mechanism" diff --git a/plugins/rapid7_insightvm/setup.py b/plugins/rapid7_insightvm/setup.py index 8852255939..f8caab3ee6 100755 --- a/plugins/rapid7_insightvm/setup.py +++ b/plugins/rapid7_insightvm/setup.py @@ -3,7 +3,7 @@ setup(name="rapid7_insightvm-rapid7-plugin", - version="8.0.8", + version="8.0.9", description="InsightVM is a powerful vulnerability management tool which finds, prioritizes, and remediates vulnerabilities. This plugin uses an orchestrator to get top remediations, scan results and start scans", author="rapid7", author_email="", diff --git a/plugins/rapid7_insightvm_cloud/.CHECKSUM b/plugins/rapid7_insightvm_cloud/.CHECKSUM index 10bf2b5809..7752db2a54 100644 --- a/plugins/rapid7_insightvm_cloud/.CHECKSUM +++ b/plugins/rapid7_insightvm_cloud/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "7f1fcd452a00968b4db4499701b0927c", - "manifest": "46c573508c6f9244eaf54d485ec8d14f", - "setup": "7636fcd09663aced0fa6da252ad9d556", + "spec": "ca85ebaefd522fed5379bfc9ecb90f8c", + "manifest": "84952bfaefb3b4aef7e4dfa0c2a00e15", + "setup": "6f4d657efd24c2fdbd7461242cee2088", "schemas": [ { "identifier": "asset_search/schema.py", diff --git a/plugins/rapid7_insightvm_cloud/Dockerfile b/plugins/rapid7_insightvm_cloud/Dockerfile index a1d4dd4716..4eb2f2a197 100755 --- a/plugins/rapid7_insightvm_cloud/Dockerfile +++ b/plugins/rapid7_insightvm_cloud/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.1.4 +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.2 LABEL organization=rapid7 LABEL sdk=python diff --git a/plugins/rapid7_insightvm_cloud/bin/icon_rapid7_insightvm_cloud b/plugins/rapid7_insightvm_cloud/bin/icon_rapid7_insightvm_cloud index 2447718434..b5987c77c2 100755 --- a/plugins/rapid7_insightvm_cloud/bin/icon_rapid7_insightvm_cloud +++ b/plugins/rapid7_insightvm_cloud/bin/icon_rapid7_insightvm_cloud @@ -6,7 +6,7 @@ from sys import argv Name = "Rapid7 InsightVM Cloud" Vendor = "rapid7" -Version = "8.1.0" +Version = "8.1.1" Description = "InsightVM is a powerful vulnerability management tool which finds, prioritizes, and remediates vulnerabilities. This plugin uses the InsightVM Cloud Integrations API to view assets and start scans" diff --git a/plugins/rapid7_insightvm_cloud/help.md b/plugins/rapid7_insightvm_cloud/help.md index 494bd33f9b..6ac0ee2420 100644 --- a/plugins/rapid7_insightvm_cloud/help.md +++ b/plugins/rapid7_insightvm_cloud/help.md @@ -892,6 +892,7 @@ Example output: # Version History +* 8.1.1 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities * 8.1.0 - Action `Asset Search`: Added optional asset and vulnerability criteria logical operator | Updated action to return more than 500 results * 8.0.0 - Output for `Asset Search` and `Get Asset` to label fields `ID` and `Solution Type` as un-required * 7.0.0 - `Asset Search` and `Get Asset` actions output field `remediated` updated to type array of object diff --git a/plugins/rapid7_insightvm_cloud/plugin.spec.yaml b/plugins/rapid7_insightvm_cloud/plugin.spec.yaml index 8a7d604382..4f42d01dc8 100644 --- a/plugins/rapid7_insightvm_cloud/plugin.spec.yaml +++ b/plugins/rapid7_insightvm_cloud/plugin.spec.yaml @@ -4,7 +4,7 @@ products: [insightconnect] name: rapid7_insightvm_cloud title: Rapid7 InsightVM Cloud description: InsightVM is a powerful vulnerability management tool which finds, prioritizes, and remediates vulnerabilities. This plugin uses the InsightVM Cloud Integrations API to view assets and start scans -version: 8.1.0 +version: 8.1.1 connection_version: 6 key_features: - "Perform scan management functionality including starting and checking the status of scans" @@ -14,6 +14,7 @@ requirements: - "Requires an InsightVM API Key" - "InsightVM Scan Engine(s) paired to the Insight Platform" version_history: + - "8.1.1 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities" - "8.1.0 - Action `Asset Search`: Added optional asset and vulnerability criteria logical operator | Updated action to return more than 500 results" - "8.0.0 - Output for `Asset Search` and `Get Asset` to label fields `ID` and `Solution Type` as un-required" - "7.0.0 - `Asset Search` and `Get Asset` actions output field `remediated` updated to type array of object" @@ -42,7 +43,7 @@ status: [] cloud_ready: true sdk: type: slim - version: 6.1.4 + version: 6.2.2 user: nobody resources: source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/rapid7_insightvm_cloud diff --git a/plugins/rapid7_insightvm_cloud/setup.py b/plugins/rapid7_insightvm_cloud/setup.py index 2fe0240737..82650755b3 100755 --- a/plugins/rapid7_insightvm_cloud/setup.py +++ b/plugins/rapid7_insightvm_cloud/setup.py @@ -3,7 +3,7 @@ setup(name="rapid7_insightvm_cloud-rapid7-plugin", - version="8.1.0", + version="8.1.1", description="InsightVM is a powerful vulnerability management tool which finds, prioritizes, and remediates vulnerabilities. This plugin uses the InsightVM Cloud Integrations API to view assets and start scans", author="rapid7", author_email="", diff --git a/plugins/rapid7_vulndb/.CHECKSUM b/plugins/rapid7_vulndb/.CHECKSUM index 46b49e8331..e0a8d308a8 100644 --- a/plugins/rapid7_vulndb/.CHECKSUM +++ b/plugins/rapid7_vulndb/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "b390ea080bc722e8d781da7c20a19e23", - "manifest": "0a91cc770b72a1dc2a8078ea8c33e9e0", - "setup": "2034965f898d952d0b9d8164f21dc9f0", + "spec": "3ec8a4c1d3189df340ebf9cbc525a1e8", + "manifest": "fbd69371f16a4a7ff788752e791bd78f", + "setup": "a1fb87cd1c433dee538af89cba6a8e13", "schemas": [ { "identifier": "get_content/schema.py", diff --git a/plugins/rapid7_vulndb/Dockerfile b/plugins/rapid7_vulndb/Dockerfile index b130c243e8..a9b2a70990 100755 --- a/plugins/rapid7_vulndb/Dockerfile +++ b/plugins/rapid7_vulndb/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.1.0 +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.2 LABEL organization=rapid7 LABEL sdk=python diff --git a/plugins/rapid7_vulndb/bin/komand_rapid7_vulndb b/plugins/rapid7_vulndb/bin/komand_rapid7_vulndb index d7437ae31e..20ec5929ec 100755 --- a/plugins/rapid7_vulndb/bin/komand_rapid7_vulndb +++ b/plugins/rapid7_vulndb/bin/komand_rapid7_vulndb @@ -6,7 +6,7 @@ from sys import argv Name = "Rapid7 Vulnerability & Exploit Database" Vendor = "rapid7" -Version = "2.1.4" +Version = "2.1.5" Description = "Make searching the Rapid7 vulnerability and exploit data fast, easy and efficient with the InsightConnect plugin. Leverage this curated repository of vetted computer software exploits and exploitable vulnerabilities to ensure your security operations are always aware of the latest threats that could be used against your environment vulnerabilities" diff --git a/plugins/rapid7_vulndb/help.md b/plugins/rapid7_vulndb/help.md index dcc0dd7dff..d5176bbcf6 100644 --- a/plugins/rapid7_vulndb/help.md +++ b/plugins/rapid7_vulndb/help.md @@ -150,6 +150,7 @@ _This plugin does not contain any troubleshooting information._ # Version History +* 2.1.5 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities * 2.1.4 - Initial updates for fedramp compliance | Updated SDK to the latest version * 2.1.3 - Fix critical Snyk vulnerability | Update SDK * 2.1.2 - Bumping SDK version to 5.6.1 diff --git a/plugins/rapid7_vulndb/plugin.spec.yaml b/plugins/rapid7_vulndb/plugin.spec.yaml index ea8069a2b5..47ca181adc 100644 --- a/plugins/rapid7_vulndb/plugin.spec.yaml +++ b/plugins/rapid7_vulndb/plugin.spec.yaml @@ -4,7 +4,7 @@ products: [insightconnect] name: rapid7_vulndb title: Rapid7 Vulnerability & Exploit Database description: Make searching the Rapid7 vulnerability and exploit data fast, easy and efficient with the InsightConnect plugin. Leverage this curated repository of vetted computer software exploits and exploitable vulnerabilities to ensure your security operations are always aware of the latest threats that could be used against your environment vulnerabilities -version: 2.1.4 +version: 2.1.5 connection_version: 2 supported_versions: ["v1"] vendor: rapid7 @@ -13,7 +13,7 @@ cloud_ready: true fedramp_ready: true sdk: type: slim - version: 6.1.0 + version: 6.2.2 user: nobody key_features: - Search Database for vulnerabilities @@ -36,6 +36,7 @@ references: links: - "[Rapid7 Vulnerability & Exploit Database API Specification](https://vdb.rapid7.com/swagger_doc)" version_history: +- "2.1.5 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities" - "2.1.4 - Initial updates for fedramp compliance | Updated SDK to the latest version" - "2.1.3 - Fix critical Snyk vulnerability | Update SDK" - "2.1.2 - Bumping SDK version to 5.6.1" diff --git a/plugins/rapid7_vulndb/setup.py b/plugins/rapid7_vulndb/setup.py index d5a9568cfe..af99cdf030 100755 --- a/plugins/rapid7_vulndb/setup.py +++ b/plugins/rapid7_vulndb/setup.py @@ -3,7 +3,7 @@ setup(name="rapid7_vulndb-rapid7-plugin", - version="2.1.4", + version="2.1.5", description="Make searching the Rapid7 vulnerability and exploit data fast, easy and efficient with the InsightConnect plugin. Leverage this curated repository of vetted computer software exploits and exploitable vulnerabilities to ensure your security operations are always aware of the latest threats that could be used against your environment vulnerabilities", author="rapid7", author_email="", diff --git a/plugins/sentinelone/.CHECKSUM b/plugins/sentinelone/.CHECKSUM index 1c6b28e0c2..3896d26d2a 100644 --- a/plugins/sentinelone/.CHECKSUM +++ b/plugins/sentinelone/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "dac00ac144819c2b6ce56c06dcb348b6", - "manifest": "2f573b690ac68f509865a057c164c217", - "setup": "5188937ffa1bab0ae8d41c9584a192e2", + "spec": "175814e9d6bf3496067ab005bc81ab74", + "manifest": "bf2f37bb010ec31daf0a4aee3ae45b89", + "setup": "1e8d3387ed4d46dc2171d7ee9c3c4a2c", "schemas": [ { "identifier": "activities_list/schema.py", diff --git a/plugins/sentinelone/Dockerfile b/plugins/sentinelone/Dockerfile index a8b07648cd..131a50764e 100755 --- a/plugins/sentinelone/Dockerfile +++ b/plugins/sentinelone/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.1.0 +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.2 LABEL organization=rapid7 LABEL sdk=python diff --git a/plugins/sentinelone/bin/komand_sentinelone b/plugins/sentinelone/bin/komand_sentinelone index 8a09964571..752ccb6e9d 100755 --- a/plugins/sentinelone/bin/komand_sentinelone +++ b/plugins/sentinelone/bin/komand_sentinelone @@ -6,7 +6,7 @@ from sys import argv Name = "SentinelOne" Vendor = "rapid7" -Version = "11.1.2" +Version = "11.1.3" Description = "The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne" diff --git a/plugins/sentinelone/help.md b/plugins/sentinelone/help.md index 2443f55ebc..d5895f8533 100644 --- a/plugins/sentinelone/help.md +++ b/plugins/sentinelone/help.md @@ -767,7 +767,7 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | |errors|[]object|False|Errors|[]| -|events|[]eventData|False|Response events data|[{"accountId": "1000000000000000000", "agentDomain": "WORKGROUP", "agentGroupId": "1000000000000000000", "agentId": "1000000000000000000", "agentInfected": True, "agentIp": "198.51.100.1", "agentIsActive": True, "agentIsDecommissioned": False, "agentMachineType": "laptop", "agentName": "Example Name", "agentNetworkStatus": "connected", "agentOs": "windows", "agentTimestamp": "2023-10-23T00:00:00.000Z", "agentUuid": "9de5069c5afe602b2ea0a04b66beb2c0", "createdAt": "2023-10-23T00:00:00.000Z", "endpointMachineType": "desktop", "endpointName": "Example Name", "endpointOs": "windows", "eventTime": "2023-10-23T00:00:00.000Z", "eventType": "Task Update", "id": "1000000000000000000", "isAgentVersionFullySupportedForPg": False, "isAgentVersionFullySupportedForPgMessage": "Example message", "lastActivatedAt": "2023-10-23T00:00:00.000Z", "objectType": "scheduled_task", "parentProcessUniqueKey": "ABCD1234", "pid": "1234", "processGroupId": "ABCD1234", "processIntegrityLevel": "INTEGRITY_LEVEL_UNKNOWN", "processStartTime": "2023-10-23T00:00:00.000Z", "processUniqueKey": "ABCD1234", "relatedToThreat": "False", "siteId": "1000000000000000000", "storyline": "ABCD1234", "taskName": "Example Name", "trueContext": "ABCD1234"}, {"accountId": "1000000000000000001", "agentDomain": "WORKGROUP", "agentGroupId": "1000000000000000001", "agentId": "1000000000000000001", "agentInfected": True, "agentIp": "198.51.100.1", "agentIsActive": True, "agentIsDecommissioned": False, "agentMachineType": "laptop", "agentName": "Example Name", "agentNetworkStatus": "connected", "agentOs": "windows", "agentTimestamp": "2023-10-23T00:00:00.000Z", "agentUuid": "9de5069c5afe602b2ea0a04b66beb2c0", "createdAt": "2023-10-23T00:00:00.000Z", "endpointMachineType": "desktop", "endpointName": "Example Name", "endpointOs": "windows", "eventTime": "2023-10-23T00:00:00.000Z", "eventType": "Task Update", "id": "1000000000000000001", "isAgentVersionFullySupportedForPg": False, "isAgentVersionFullySupportedForPgMessage": "Example message", "lastActivatedAt": "2023-10-23T00:00:00.000Z", "objectType": "scheduled_task", "parentProcessUniqueKey": "ABCD1234", "pid": "1234", "processGroupId": "ABCD1234", "processIntegrityLevel": "INTEGRITY_LEVEL_UNKNOWN", "processStartTime": "2023-10-23T00:00:00.000Z", "processUniqueKey": "ABCD1234", "relatedToThreat": "False", "siteId": "1000000000000000001", "storyline": "ABCD1234", "taskName": "Example Name", "trueContext": "ABCD1234"}]| +|events|[]eventData|False|Response events data|[{"accountId": "1000000000000000000", "agentDomain": "WORKGROUP", "agentGroupId": "1000000000000000000", "agentId": "1000000000000000000", "agentInfected": True, "agentIp": "198.51.100.1", "agentIsActive": True, "agentIsDecommissioned": False, "agentMachineType": "laptop", "agentName": "Example Name", "agentNetworkStatus": "connected", "agentOs": "windows", "agentTimestamp": "2023-10-23T00:00:00.000Z", "agentUuid": "9de5069c5afe602b2ea0a04b66beb2c0", "createdAt": "2023-10-23T00:00:00.000Z", "endpointMachineType": "desktop", "endpointName": "Example Name", "endpointOs": "windows", "eventTime": "2023-10-23T00:00:00.000Z", "eventType": "Task Update", "id": "1000000000000000000", "isAgentVersionFullySupportedForPg": False, "isAgentVersionFullySupportedForPgMessage": "Example message", "lastActivatedAt": "2023-10-23T00:00:00.000Z", "objectType": "scheduled_task", "parentProcessUniqueKey": "ABCD1234", "pid": "1234", "processGroupId": "ABCD1234", "processIntegrityLevel": "INTEGRITY_LEVEL_UNKNOWN", "processStartTime": "2023-10-23T00:00:00.000Z", "processUniqueKey": "ABCD1234", "relatedToThreat": "False", "siteId": "1000000000000000000", "storyline": "ABCD1234", "taskName": "Example Name", "trueContext": "ABCD1234"}, {"accountId": "1000000000000000001", "agentDomain": "WORKGROUP", "agentGroupId": "1000000000000000001", "agentId": "1000000000000000001", "agentInfected": True, "agentIp": "198.51.100.1", "agentIsActive": True, "agentIsDecommissioned": False, "agentMachineType": "laptop", "agentName": "Example Name", "agentNetworkStatus": "connected", "agentOs": "windows", "agentTimestamp": "2023-10-23T00:00:00.000Z", "agentUuid": "9de5069c5afe602b2ea0a04b66beb2c0", "createdAt": "2023-10-23T00:00:00.000Z", "endpointMachineType": "desktop", "endpointName": "Example Name", "endpointOs": "windows", "eventTime": "2023-10-23T00:00:00.000Z", "eventType": "Task Update", "id": "1000000000000000001", "isAgentVersionFullySupportedForPg": False, "isAgentVersionFullySupportedForPgMessage": "Example message", "lastActivatedAt": "2023-10-23T00:00:00.000Z", "objectType": "scheduled_task", "parentProcessUniqueKey": "ABCD1234", "pid": "1234", "processGroupId": "ABCD1234", "processIntegrityLevel": "INTEGRITY_LEVEL_UNKNOWN", "processStartTime": "2023-10-23T00:00:00.000Z", "processUniqueKey": "ABCD1234", "relatedToThreat": "False", "siteId": "1000000000000000001", "storyline": "ABCD1234", "taskName": "Example Name", "trueContext": "ABCD1234"}]| Example output: @@ -884,8 +884,7 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | |errors|[]object|False|Errors|[]| -|events|[]eventData|False|Response events data|[{"accountId": "1000000000000000000", "agentDomain": "WORKGROUP", "agentGroupId": "1000000000000000000", "agentId": "1000000000000000000", "agentInfected": true, "agentIp": "198.51.100.1", "agentIsActive": true, "agentIsDecommissioned": false, "agentMachineType": "laptop", "agentName": "Example Name", "agentNetworkStatus": "connected", "agentOs": "windows", "agentTimestamp": "2023-10-23T00:00:00.000Z", "agentUuid": "9de5069c5afe602b2ea0a04b66beb2c0", "createdAt": "2023-10-23T00:00:00.000Z", "endpointMachineType": "desktop", "endpointName": "Example Name", "endpointOs": "windows", "eventTime": "2023-10-23T00:00:00.000Z", "eventType": "Task Update", "id": "1000000000000000000", "isAgentVersionFullySupportedForPg": false, "isAgentVersionFullySupportedForPgMessage": "Example message", "lastActivatedAt": "2023-10-23T00:00:00.000Z", "objectType": "scheduled_task", "parentProcessUniqueKey": "ABCD1234", "pid": "1234", "processGroupId": "ABCD1234", "processIntegrityLevel": "INTEGRITY_LEVEL_UNKNOWN", "processStartTime": "2023-10-23T00:00:00.000Z", "processUniqueKey": "ABCD1234", "relatedToThreat": "False", "siteId": "1000000000000000000", "storyline": "ABCD1234", "taskName": "Example Name", "trueContext": "ABCD1234"}, {"accountId": "1000000000000000001", "agentDomain": "WORKGROUP", "agentGroupId": "1000000000000000001", "agentId": "1000000000000000001", "agentInfected": true, "agentIp": "198.51.100.1", "agentIsActive": true, "agentIsDecommissioned": false, "agentMachineType": "laptop", "agentName": "Example Name", "agentNetworkStatus": "connected", "agentOs": "windows", "agentTimestamp": "2023-10-23T00:00:00.000Z", "agentUuid": "9de5069c5afe602b2ea0a04b66beb2c0", "createdAt": "2023-10-23T00:00:00.000Z", "endpointMachineType": "desktop", "endpointName": "Example Name", "endpointOs": "windows", "eventTime": "2023-10-23T00:00:00.000Z", "eventType": "Task Update", "id": "1000000000000000001", "isAgentVersionFullySupportedForPg": false, "isAgentVersionFullySupportedForPgMessage": "Example message", "lastActivatedAt": "2023-10-23T00:00:00.000Z", "objectType": "scheduled_task", "parentProcessUniqueKey": "ABCD1234", "pid": "1234", "processGroupId": "ABCD1234", "processIntegrityLevel": "INTEGRITY_LEVEL_UNKNOWN", "processStartTime": "2023-10-23T00:00:00.000Z", "processUniqueKey": "ABCD1234", "relatedToThreat": "False", "siteId": "1000000000000000001", "storyline": "ABCD1234", "taskName": "Example Name", "trueContext": "ABCD1234"}]| - +|events|[]eventData|False|Response events data|[{"accountId": "1000000000000000000", "agentDomain": "WORKGROUP", "agentGroupId": "1000000000000000000", "agentId": "1000000000000000000", "agentInfected": True, "agentIp": "198.51.100.1", "agentIsActive": True, "agentIsDecommissioned": False, "agentMachineType": "laptop", "agentName": "Example Name", "agentNetworkStatus": "connected", "agentOs": "windows", "agentTimestamp": "2023-10-23T00:00:00.000Z", "agentUuid": "9de5069c5afe602b2ea0a04b66beb2c0", "createdAt": "2023-10-23T00:00:00.000Z", "endpointMachineType": "desktop", "endpointName": "Example Name", "endpointOs": "windows", "eventTime": "2023-10-23T00:00:00.000Z", "eventType": "Task Update", "id": "1000000000000000000", "isAgentVersionFullySupportedForPg": False, "isAgentVersionFullySupportedForPgMessage": "Example message", "lastActivatedAt": "2023-10-23T00:00:00.000Z", "objectType": "scheduled_task", "parentProcessUniqueKey": "ABCD1234", "pid": "1234", "processGroupId": "ABCD1234", "processIntegrityLevel": "INTEGRITY_LEVEL_UNKNOWN", "processStartTime": "2023-10-23T00:00:00.000Z", "processUniqueKey": "ABCD1234", "relatedToThreat": "False", "siteId": "1000000000000000000", "storyline": "ABCD1234", "taskName": "Example Name", "trueContext": "ABCD1234"}, {"accountId": "1000000000000000001", "agentDomain": "WORKGROUP", "agentGroupId": "1000000000000000001", "agentId": "1000000000000000001", "agentInfected": True, "agentIp": "198.51.100.1", "agentIsActive": True, "agentIsDecommissioned": False, "agentMachineType": "laptop", "agentName": "Example Name", "agentNetworkStatus": "connected", "agentOs": "windows", "agentTimestamp": "2023-10-23T00:00:00.000Z", "agentUuid": "9de5069c5afe602b2ea0a04b66beb2c0", "createdAt": "2023-10-23T00:00:00.000Z", "endpointMachineType": "desktop", "endpointName": "Example Name", "endpointOs": "windows", "eventTime": "2023-10-23T00:00:00.000Z", "eventType": "Task Update", "id": "1000000000000000001", "isAgentVersionFullySupportedForPg": False, "isAgentVersionFullySupportedForPgMessage": "Example message", "lastActivatedAt": "2023-10-23T00:00:00.000Z", "objectType": "scheduled_task", "parentProcessUniqueKey": "ABCD1234", "pid": "1234", "processGroupId": "ABCD1234", "processIntegrityLevel": "INTEGRITY_LEVEL_UNKNOWN", "processStartTime": "2023-10-23T00:00:00.000Z", "processUniqueKey": "ABCD1234", "relatedToThreat": "False", "siteId": "1000000000000000001", "storyline": "ABCD1234", "taskName": "Example Name", "trueContext": "ABCD1234"}]| Example output: ``` @@ -1023,8 +1022,8 @@ This action is used to gets summary of all threats |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | -|data|[]threatData|False|Data|[{"agentOsType": "windows", "automaticallyResolved": False, "cloudVerdict": "black", "id": "1000000000000000000", "engines": ["reputation"], "fileContentHash": "3395856ce81f2b7382dee72602f798b642f14140", "fromCloud": False, "mitigationMode": "protect", "mitigationReport": {"quarantine": {"status": "success"}, "kill": {"status": "success"}}, "rank": 7, "siteName": "Example Site", "whiteningOptions": ["hash"], "agentComputerName": "vagrant-pc", "collectionId": "1000000000000000000", "createdAt": "2019-02-21T16:05:49.251201Z", "mitigationStatus": "active", "classificationSource": "Static", "resolved": True, "accountName": "Example Account", "fileVerificationType": "NotSigned", "siteId": "1000000000000000000", "fileIsExecutable": False, "fromScan": False, "agentNetworkStatus": "disconnecting", "createdDate": "2019-02-21T16:05:49.175000Z", "accountId": "1000000000000000000", "initiatedBy": "agentPolicy", "initiatedByDescription": "Agent Policy", "threatAgentVersion": "3.0.1.3", "username": "vagrant-pc\\\\vagrant", "agentVersion": "3.0.1.3", "classifierName": "STATIC", "fileExtensionType": "Executable", "agentDomain": "WORKGROUP", "fileIsSystem": False, "agentInfected": False, "isCertValid": False, "isInteractiveSession": False, "isPartialStory": False, "updatedAt": "2020-05-28T21:53:36.064425Z", "agentId": "1000000000000000000", "agentMachineType": "desktop", "classification": "Malware", "markedAsBenign": False, "threatName": "EICAR.com", "agentIsDecommissioned": True, "description": "malware detected - not mitigated yet (static engin...", "fileDisplayName": "EICAR.com", "agentIp": "198.51.100.1", "agentIsActive": False, "fileObjectId": "1234567890", "filePath": "\\\\Device\\\\HarddiskVolume2\\\\Users\\\\vagrant\\\\Desktop\\\\EICA...", "maliciousGroupId": "1234567890"}]| -|errors|[]object|False|Errors|[]| +|data|[]threatData|False|Data|[{"agentOsType": "windows", "automaticallyResolved": False, "cloudVerdict": "black", "id": "1000000000000000000", "engines": ["reputation"], "fileContentHash": "3395856ce81f2b7382dee72602f798b642f14140", "fromCloud": False, "mitigationMode": "protect", "mitigationReport": {"quarantine": {"status": "success"}, "kill": {"status": "success"}}, "rank": 7, "siteName": "Example Site", "whiteningOptions": ["hash"], "agentComputerName": "vagrant-pc", "collectionId": "1000000000000000000", "createdAt": "2019-02-21T16:05:49.251201Z", "mitigationStatus": "active", "classificationSource": "Static", "resolved": True, "accountName": "Example Account", "fileVerificationType": "NotSigned", "siteId": "1000000000000000000", "fileIsExecutable": False, "fromScan": False, "agentNetworkStatus": "disconnecting", "createdDate": "2019-02-21T16:05:49.175000Z", "accountId": "1000000000000000000", "initiatedBy": "agentPolicy", "initiatedByDescription": "Agent Policy", "threatAgentVersion": "3.0.1.3", "username": "vagrant-pc\\vagrant", "agentVersion": "3.0.1.3", "classifierName": "STATIC", "fileExtensionType": "Executable", "agentDomain": "WORKGROUP", "fileIsSystem": False, "agentInfected": False, "isCertValid": False, "isInteractiveSession": False, "isPartialStory": False, "updatedAt": "2020-05-28T21:53:36.064425Z", "agentId": "1000000000000000000", "agentMachineType": "desktop", "classification": "Malware", "markedAsBenign": False, "threatName": "EICAR.com", "agentIsDecommissioned": True, "description": "malware detected - not mitigated yet (static engin...", "fileDisplayName": "EICAR.com", "agentIp": "198.51.100.1", "agentIsActive": False, "fileObjectId": "1234567890", "filePath": "\\Device\\HarddiskVolume2\\Users\\vagrant\\Desktop\\EICA...", "maliciousGroupId": "1234567890"}]| +|errors|[]object|False|Errors|[]|', '|data|[]threatData|False|Data|[{"agentOsType": "windows", "automaticallyResolved": False, "cloudVerdict": "black", "id": "1000000000000000000", "engines": ["reputation"], "fileContentHash": "3395856ce81f2b7382dee72602f798b642f14140", "fromCloud": False, "mitigationMode": "protect", "mitigationReport": {"quarantine": {"status": "success"}, "kill": {"status": "success"}}, "rank": 7, "siteName": "Example Site", "whiteningOptions": ["hash"], "agentComputerName": "vagrant-pc", "collectionId": "1000000000000000000", "createdAt": "2019-02-21T16:05:49.251201Z", "mitigationStatus": "active", "classificationSource": "Static", "resolved": True, "accountName": "Example Account", "fileVerificationType": "NotSigned", "siteId": "1000000000000000000", "fileIsExecutable": False, "fromScan": False, "agentNetworkStatus": "disconnecting", "createdDate": "2019-02-21T16:05:49.175000Z", "accountId": "1000000000000000000", "initiatedBy": "agentPolicy", "initiatedByDescription": "Agent Policy", "threatAgentVersion": "3.0.1.3", "username": "vagrant-pc\\\\vagrant", "agentVersion": "3.0.1.3", "classifierName": "STATIC", "fileExtensionType": "Executable", "agentDomain": "WORKGROUP", "fileIsSystem": False, "agentInfected": False, "isCertValid": False, "isInteractiveSession": False, "isPartialStory": False, "updatedAt": "2020-05-28T21:53:36.064425Z", "agentId": "1000000000000000000", "agentMachineType": "desktop", "classification": "Malware", "markedAsBenign": False, "threatName": "EICAR.com", "agentIsDecommissioned": True, "description": "malware detected - not mitigated yet (static engin...", "fileDisplayName": "EICAR.com", "agentIp": "198.51.100.1", "agentIsActive": False, "fileObjectId": "1234567890", "filePath": "\\\\Device\\\\HarddiskVolume2\\\\Users\\\\vagrant\\\\Desktop\\\\EICA...", "maliciousGroupId": "1234567890"}]| |pagination|pagination|False|Pagination|{'totalItems': 1}| Example output: @@ -1400,7 +1399,7 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | -|agents|[]agentData|False|Detailed information about agents found|[{"accountId": "100000000000000000", "accountName": "Example Name", "activeThreats": 0, "agentVersion": "1.0.2.3", "allowRemoteShell": False, "appsVulnerabilityStatus": "up_to_date", "computerName": "hostname123", "consoleMigrationStatus": "N/A", "coreCount": 1, "cpuCount": 1, "cpuId": "CPU A0 v1 @ 3.00GHz", "createdAt": "2023-01-01T00:00:00.000000Z", "domain": "WORKGROUP", "encryptedApplications": False, "externalIp": "198.51.100.1", "firewallEnabled": True, "groupId": "100000000000000000", "groupIp": "1.2.3.x", "groupName": "Example Group", "id": "100000000000000000", "inRemoteShellSession": False, "infected": False, "installerType": ".exe", "isActive": True, "isDecommissioned": False, "isPendingUninstall": False, "isUninstalled": False, "isUpToDate": True, "lastActiveDate": "2023-01-01T00:00:00.000000Z", "lastIpToMgmt": "198.51.100.1", "locationEnabled": True, "locationType": "fallback", "locations": [{"id": "100000000000000000", "name": "Fallback", "scope": "global"}], "machineType": "server", "mitigationMode": "protect", "mitigationModeSuspicious": "detect", "modelName": "Example Model", "networkInterfaces": [{"id": "100000000000000000", "inet": ["198.51.100.1"], "inet6": ["2001:db8:1:1:1:1:1:1"], "name": "Ethernet", "physical": "12-34-56-67-89-12"}], "networkQuarantineEnabled": False, "networkStatus": "disconnected", "operationalState": "na", "operationalStateExpiration": "None", "osArch": "64 bit", "osName": "System Name", "osRevision": "9200", "osStartTime": "2023-01-01T00:00:00Z", "osType": "windows", "osUsername": "None", "rangerStatus": "NotApplicable", "rangerVersion": "None", "registeredAt": "2023-01-01T00:00:00.000000Z", "remoteProfilingState": "disabled", "remoteProfilingStateExpiration": "None", "scanAbortedAt": "None", "scanFinishedAt": "2023-01-01T00:00:00.000000Z", "scanStartedAt": "2023-01-01T00:00:00.000000Z", "scanStatus": "finished", "siteId": "100000000000000000", "siteName": "Example Site", "threatRebootRequired": False, "totalMemory": 1023, "updatedAt": "2023-01-01T00:00:00.000000Z", "uuid": "9de5069c5afe602b2ea0a04b66beb2c0"}]| +|agents|[]agentData|False|Detailed information about agents found|[{"accountId": "100000000000000000", "accountName": "Example Name", "activeThreats": 0, "agentVersion": "1.0.2.3", "allowRemoteShell": False, "appsVulnerabilityStatus": "up_to_date", "computerName": "hostname123", "consoleMigrationStatus": "N/A", "coreCount": 1, "cpuCount": 1, "cpuId": "CPU A0 v1 @ 3.00GHz", "createdAt": "2023-01-01T00:00:00.000000Z", "domain": "WORKGROUP", "encryptedApplications": False, "externalIp": "198.51.100.1", "firewallEnabled": True, "groupId": "100000000000000000", "groupIp": "1.2.3.x", "groupName": "Example Group", "id": "100000000000000000", "inRemoteShellSession": False, "infected": False, "installerType": ".exe", "isActive": True, "isDecommissioned": False, "isPendingUninstall": False, "isUninstalled": False, "isUpToDate": True, "lastActiveDate": "2023-01-01T00:00:00.000000Z", "lastIpToMgmt": "198.51.100.1", "locationEnabled": True, "locationType": "fallback", "locations": [{"id": "100000000000000000", "name": "Fallback", "scope": "global"}], "machineType": "server", "mitigationMode": "protect", "mitigationModeSuspicious": "detect", "modelName": "Example Model", "networkInterfaces": [{"id": "100000000000000000", "inet": ["198.51.100.1"], "inet6": ["2001:db8:1:1:1:1:1:1"], "name": "Ethernet", "physical": "12-34-56-67-89-12"}], "networkQuarantineEnabled": False, "networkStatus": "disconnected", "operationalState": "na", "operationalStateExpiration": "None", "osArch": "64 bit", "osName": "System Name", "osRevision": "9200", "osStartTime": "2023-01-01T00:00:00Z", "osType": "windows", "osUsername": "None", "rangerStatus": "NotApplicable", "rangerVersion": "None", "registeredAt": "2023-01-01T00:00:00.000000Z", "remoteProfilingState": "disabled", "remoteProfilingStateExpiration": "None", "scanAbortedAt": "None", "scanFinishedAt": "2023-01-01T00:00:00.000000Z", "scanStartedAt": "2023-01-01T00:00:00.000000Z", "scanStatus": "finished", "siteId": "100000000000000000", "siteName": "Example Site", "threatRebootRequired": False, "totalMemory": 1023, "updatedAt": "2023-01-01T00:00:00.000000Z", "uuid": "9de5069c5afe602b2ea0a04b66beb2c0"}]| Example output: @@ -1729,7 +1728,7 @@ This task is used to monitor for new activities, device control events, and thre |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | -|logs|[]object|False|List of activity, device control event, and threat logs within the specified time range|[{"id": "225494730938493804", "userId": "225494730938493804", "data": {"computer_name": "COMP_1234", "username": "my_user"}, "secondaryDescription": "string", "threatId": "225494730938493804", "siteName": "string", "accountName": "string", "accountId": "225494730938493804", "updatedAt": "2018-02-27T04:49:26.257525Z", "agentUpdatedVersion": "2.5.1.1320", "groupId": "225494730938493804", "hash": "string", "description": "string", "activityUuid": "string", "comments": "string", "activityType": 0, "agentId": "225494730938493804", "osFamily": "windows", "siteId": "225494730938493804", "primaryDescription": "string", "groupName": "string", "createdAt": "2018-02-27T04:49:26.257525Z"}, {"eventType": "string", "accessPermission": "Read-Only", "deviceClass": "02h", "deviceName": "string", "id": "225494730938493804", "updatedAt": "2018-02-27T04:49:26.257525Z", "ruleId": "225494730938493804", "computerName": "JOHN-WIN-4125", "profileUuids": "string", "lastLoggedInUserName": "janedoe3", "deviceId": "02", "eventTime": "2018-02-27T04:49:26.257525Z", "serviceClass": "02", "interface": "USB", "agentId": "225494730938493804", "vendorId": "02", "uId": "02", "lmpVersion": "string", "eventId": "string", "createdAt": "2018-02-27T04:49:26.257525Z", "productId": "02", "minorClass": "string"}, {"mitigationStatus": [{"groupNotFound": False, "latestReport": "string", "mitigationStartedAt": "2018-02-27T04:49:26.257525Z", "action": "kill", "mitigationEndedAt": "2018-02-27T04:49:26.257525Z", "actionsCounters": {"total": 0, "success": 0, "notFound": 0, "failed": 0, "pendingReboot": 0}, "status": "success", "agentSupportsReport": False, "lastUpdate": "2018-02-27T04:49:26.257525Z", "reportId": "225494730938493804"}], "ecsInfo": {"taskAvailabilityZone": "string", "serviceArn": "string", "taskDefinitionArn": "string", "clusterName": "string", "taskDefinitionFamily": "string", "serviceName": "string", "version": "string", "taskDefinitionRevision": "string", "type": "string", "taskArn": "string"}, "agentDetectionInfo": {"agentIpV6": "string", "agentMitigationMode": "detect", "agentOsRevision": "string", "agentIpV4": "string", "agentLastLoggedInUpn": "string", "agentRegisteredAt": "2018-02-27T04:49:26.257525Z", "agentLastLoggedInUserName": "janedoe3", "accountId": "225494730938493804", "siteId": "225494730938493804", "agentLastLoggedInUserMail": "string", "groupName": "string", "agentOsName": "string", "siteName": "string", "agentVersion": "3.6.1.14", "agentDetectionState": "string", "groupId": "225494730938493804", "agentUuid": "string", "externalIp": "string", "accountName": "string", "cloudProviders": {}, "agentDomain": "mybusiness.net"}, "id": "225494730938493804", "agentRealtimeInfo": {"agentOsRevision": "string", "agentVersion": "3.6.1.14", "agentId": "225494730938493804", "agentMitigationMode": "detect", "siteName": "string", "accountName": "string", "accountId": "225494730938493804", "agentInfected": False, "agentDomain": "string", "agentNetworkStatus": "connected", "networkInterfaces": [{"name": "string", "id": "225494730938493804", "physical": "00:25:96:FF:FE:12:34:56", "inet": [{"type": "string"}], "inet6": [{"type": "string"}]}], "groupId": "225494730938493804", "agentComputerName": "string", "scanStartedAt": "2018-02-27T04:49:26.257525Z", "scanStatus": "none", "agentUuid": "string", "operationalState": "string", "scanFinishedAt": "2018-02-27T04:49:26.257525Z", "activeThreats": 0, "scanAbortedAt": "2018-02-27T04:49:26.257525Z", "agentDecommissionedAt": False, "agentOsName": "string", "rebootRequired": False, "agentIsActive": False, "siteId": "225494730938493804", "groupName": "string", "agentIsDecommissioned": False, "storageName": "string", "storageType": "string", "agentMachineType": "unknown", "userActionsNeeded": [{"type": "string", "example": "none", "enum": ["none", "user_action_needed", "reboot_needed", "upgrade_needed", "incompatible_os", "unprotected", "rebootless_without_dynamic_detection", "extended_exclusions_partially_accepted", "reboot_required", "pending_deprecation", "ne_not_running", "ne_cf_not_active"]}], "agentOsType": "windows"}, "containerInfo": {"image": "string", "name": "string", "id": "string", "labels": [{"type": "string"}], "isContainerQuarantine": False}, "threatInfo": {"mitigationStatus": "not_mitigated", "maliciousProcessArguments": "string", "initiatedByDescription": {"readOnly": True, "description": "Initiated by description"}, "analystVerdictDescription": {"readOnly": True, "description": "Analyst verdict description"}, "storyline": "a00637fa-e18d-9b80-e803-f370524f8085", "pendingActions": False, "engines": ["reputation", "pre_execution"], "threatId": "225494730938493804", "state": "running", "pendingActionsCounter": 0, "mitigationMode": "prevent", "automaticDetection": True, "storylineParentId": "225494730938493804", "threatLevel": "0", "targetOfDetection": "process", "evidenceUuid": "225494730938493804", "hidden": False, "siteName": "string", "initiatedBy": "string", "analystVerdict": "string", "organizationId": "225494730938493804", "evidenceId": "225494730938493804", "tags": ["string"], "detectorId": "225494730938493804", "pendingActionsType": "none", "threatName": "string", "fileInfo": {"fileMaliciousContent": "string", "fileType": "string", "fileCreatedAt": "2018-02-27T04:49:26.257525Z", "filePath": "string", "fileMd5": "string", "fileSize": "0", "fileSha1": "string", "fileSha256": "string", "fileMagic": "string", "fileIsExecutable": False, "fileExtension": "string", "fileMaliciousClassification": "string"}, "resolvedBy": "string", "organizationName": "string", "processInfo": {"parentCommandLine": "string", "parentPid": "0", "commandLine": "string", "parentProcessGroup": "string", "username": "string", "pid": "0", "command": "string", "processGroup": "string", "md5": "string", "sha1": "string", "sha256": "string"}, "reportedAt": "2018-02-27T04:49:26.257525Z", "secondaryDescription": "string", "siteId": "225494730938493804", "primaryDescription": "string"}}]| +|logs|[]object|False|List of activity, device control event, and threat logs within the specified time range|[{"id": "225494730938493804", "userId": "225494730938493804", "data": {"computer_name": "COMP_1234", "username": "my_user"}, "secondaryDescription": "string", "threatId": "225494730938493804", "siteName": "string", "accountName": "string", "accountId": "225494730938493804", "updatedAt": "2018-02-27T04:49:26.257525Z", "agentUpdatedVersion": "2.5.1.1320", "groupId": "225494730938493804", "hash": "string", "description": "string", "activityUuid": "string", "comments": "string", "activityType": 0, "agentId": "225494730938493804", "osFamily": "windows", "siteId": "225494730938493804", "primaryDescription": "string", "groupName": "string", "createdAt": "2018-02-27T04:49:26.257525Z"}, {"eventType": "string", "accessPermission": "Read-Only", "deviceClass": "02h", "deviceName": "string", "id": "225494730938493804", "updatedAt": "2018-02-27T04:49:26.257525Z", "ruleId": "225494730938493804", "computerName": "JOHN-WIN-4125", "profileUuids": "string", "lastLoggedInUserName": "janedoe3", "deviceId": "02", "eventTime": "2018-02-27T04:49:26.257525Z", "serviceClass": "02", "interface": "USB", "agentId": "225494730938493804", "vendorId": "02", "uId": "02", "lmpVersion": "string", "eventId": "string", "createdAt": "2018-02-27T04:49:26.257525Z", "productId": "02", "minorClass": "string"}, {"mitigationStatus": [{"groupNotFound": False, "latestReport": "string", "mitigationStartedAt": "2018-02-27T04:49:26.257525Z", "action": "kill", "mitigationEndedAt": "2018-02-27T04:49:26.257525Z", "actionsCounters": {"total": 0, "success": 0, "notFound": 0, "failed": 0, "pendingReboot": 0}, "status": "success", "agentSupportsReport": False, "lastUpdate": "2018-02-27T04:49:26.257525Z", "reportId": "225494730938493804"}], "ecsInfo": {"taskAvailabilityZone": "string", "serviceArn": "string", "taskDefinitionArn": "string", "clusterName": "string", "taskDefinitionFamily": "string", "serviceName": "string", "version": "string", "taskDefinitionRevision": "string", "type": "string", "taskArn": "string"}, "agentDetectionInfo": {"agentIpV6": "string", "agentMitigationMode": "detect", "agentOsRevision": "string", "agentIpV4": "string", "agentLastLoggedInUpn": "string", "agentRegisteredAt": "2018-02-27T04:49:26.257525Z", "agentLastLoggedInUserName": "janedoe3", "accountId": "225494730938493804", "siteId": "225494730938493804", "agentLastLoggedInUserMail": "string", "groupName": "string", "agentOsName": "string", "siteName": "string", "agentVersion": "3.6.1.14", "agentDetectionState": "string", "groupId": "225494730938493804", "agentUuid": "string", "externalIp": "string", "accountName": "string", "cloudProviders": {}, "agentDomain": "mybusiness.net"}, "id": "225494730938493804", "agentRealtimeInfo": {"agentOsRevision": "string", "agentVersion": "3.6.1.14", "agentId": "225494730938493804", "agentMitigationMode": "detect", "siteName": "string", "accountName": "string", "accountId": "225494730938493804", "agentInfected": False, "agentDomain": "string", "agentNetworkStatus": "connected", "networkInterfaces": [{"name": "string", "id": "225494730938493804", "physical": "00:25:96:FF:FE:12:34:56", "inet": [{"type": "string"}], "inet6": [{"type": "string"}]}], "groupId": "225494730938493804", "agentComputerName": "string", "scanStartedAt": "2018-02-27T04:49:26.257525Z", "scanStatus": "none", "agentUuid": "string", "operationalState": "string", "scanFinishedAt": "2018-02-27T04:49:26.257525Z", "activeThreats": 0, "scanAbortedAt": "2018-02-27T04:49:26.257525Z", "agentDecommissionedAt": False, "agentOsName": "string", "rebootRequired": False, "agentIsActive": False, "siteId": "225494730938493804", "groupName": "string", "agentIsDecommissioned": False, "storageName": "string", "storageType": "string", "agentMachineType": "unknown", "userActionsNeeded": [{"type": "string", "example": "none", "enum": ["none", "user_action_needed", "reboot_needed", "upgrade_needed", "incompatible_os", "unprotected", "rebootless_without_dynamic_detection", "extended_exclusions_partially_accepted", "reboot_required", "pending_deprecation", "ne_not_running", "ne_cf_not_active"]}], "agentOsType": "windows"}, "containerInfo": {"image": "string", "name": "string", "id": "string", "labels": [{"type": "string"}], "isContainerQuarantine": False}, "threatInfo": {"mitigationStatus": "not_mitigated", "maliciousProcessArguments": "string", "initiatedByDescription": {"readOnly": True, "description": "Initiated by description"}, "analystVerdictDescription": {"readOnly": True, "description": "Analyst verdict description"}, "storyline": "a00637fa-e18d-9b80-e803-f370524f8085", "pendingActions": False, "engines": ["reputation", "pre_execution"], "threatId": "225494730938493804", "state": "running", "pendingActionsCounter": 0, "mitigationMode": "prevent", "automaticDetection": True, "storylineParentId": "225494730938493804", "threatLevel": "0", "targetOfDetection": "process", "evidenceUuid": "225494730938493804", "hidden": False, "siteName": "string", "initiatedBy": "string", "analystVerdict": "string", "organizationId": "225494730938493804", "evidenceId": "225494730938493804", "tags": ["string"], "detectorId": "225494730938493804", "pendingActionsType": "none", "threatName": "string", "fileInfo": {"fileMaliciousContent": "string", "fileType": "string", "fileCreatedAt": "2018-02-27T04:49:26.257525Z", "filePath": "string", "fileMd5": "string", "fileSize": "0", "fileSha1": "string", "fileSha256": "string", "fileMagic": "string", "fileIsExecutable": False, "fileExtension": "string", "fileMaliciousClassification": "string"}, "resolvedBy": "string", "organizationName": "string", "processInfo": {"parentCommandLine": "string", "parentPid": "0", "commandLine": "string", "parentProcessGroup": "string", "username": "string", "pid": "0", "command": "string", "processGroup": "string", "md5": "string", "sha1": "string", "sha256": "string"}, "reportedAt": "2018-02-27T04:49:26.257525Z", "secondaryDescription": "string", "siteId": "225494730938493804", "primaryDescription": "string"}}]| Example output: @@ -2352,6 +2351,7 @@ Example output: # Version History +* 11.1.3 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities * 11.1.2 - Resolve issue where unexpected timestamps returned from SentinelOne were not parsed in task `Monitor Logs` | Update plugin to be FedRAMP compliant * 11.1.1 - Updated Plugin connection to improve `instance` input usability * 11.1.0 - Added connection test for task `Monitor Logs` | Update SDK @@ -2364,7 +2364,7 @@ Example output: * 8.1.0 - Added New actions: Fetch file for agent ID and Run remote script. Updated description for Trigger resolved field * 8.0.1 - Search Agents: Remove duplicate results when Case Sensitive is false * 8.0.0 - Connection: Added Service user (API only user type) authentication | Removed Basic Authentication -* 7.1.0 - Update for Blacklist action: Fix for unblocked action | Update for Quarantine action: unification of the output data when action fails | Add troubleshooting information about use Type Converter | Mark as Benign action: update description +* 7.1.0 - Update for Blacklist action: Fix for unblocked action | Update for Quarantine action: unification of the output data when action fails | Add troubleshooting information about use Type Converter | Mark as Benign action: update description * 7.0.0 - Add new actions Update Analyst Verdict and Update Incident Status | Fix Get Agent Details and Search Agents actions to handle more response scenarios | Add option to authentication with API key * 6.2.0 - New actions Create Query, Get Query Status, Cancel Running Query, Get Events, Get Events By Type * 6.1.0 - Add new actions Disable Agent and Enable Agent diff --git a/plugins/sentinelone/plugin.spec.yaml b/plugins/sentinelone/plugin.spec.yaml index e6d85cd4d9..0b81271221 100644 --- a/plugins/sentinelone/plugin.spec.yaml +++ b/plugins/sentinelone/plugin.spec.yaml @@ -3,19 +3,47 @@ extension: plugin products: [insightconnect] name: sentinelone title: SentinelOne -version: 11.1.2 +version: 11.1.3 connection_version: 10 cloud_ready: true fedramp_ready: true sdk: type: slim - version: 6.1.0 + version: 6.2.2 user: nobody supported_versions: ["2.1.0"] description: The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne vendor: rapid7 support: rapid7 status: [] +key_features: + - "Get activities" + - "Get activity types" + - "Blacklist hashes" + - "Run agent actions" + - "Reload agent modules" + - "Get information about agents" + - "Search agents" + - "Get information about agent applications" + - "Create, get and cancel query" + - "Create IOC threat" + - "Enable and disable agent" + - "Fetch files" + - "Get events" + - "Get information about threats" + - "Manage threats" + - "Quarantine endpoints" + - "Run remote scripts" + - "Check account name availability" + - "Execute scans" + - "Trigger workflows on security alerts" +links: + - "[SentinelOne Product Page](https://www.sentinelone.com/)" +references: + - "[SentinelOne Product Page](https://www.sentinelone.com/)" +requirements: + - "SentinelOne API key" +troubleshooting: "* To generate an API key, create a new Service User or select an existing one with adequate permissions from the SentinelOne console\n* To convert `threat` into an array use Type Converter Plugin\n* For the Trigger settings, only set the Resolved field to False if solely resolved threats should be retrieved (i.e. setting to False will not include unresolved threats)\n* The Run Remote Script action may require starting a protected actions session to function properly. To do this, in the `code` input field, enter the passcode from a third-party app, such as Duo Mobile or Google Authenticator, set up in two-factor authentication. Entering the code is not required each time you run the action, because the session is valid for 30 minutes" resources: source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/sentinelone license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE @@ -29,6 +57,44 @@ hub_tags: use_cases: [threat_detection_and_response] keywords: [sentinelone, endpoint, detection, cloud_enabled] features: [] +version_history: + - "11.1.3 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities" + - "11.1.2 - Resolve issue where unexpected timestamps returned from SentinelOne were not parsed in task `Monitor Logs` | Update plugin to be FedRAMP compliant" + - "11.1.1 - Updated Plugin connection to improve `instance` input usability" + - "11.1.0 - Added connection test for task `Monitor Logs` | Update SDK" + - "11.0.0 - Removed `Monitor Logs` task input options | Update SDK" + - "10.0.0 - Added `Monitor Logs` task | Removed `User Type` from connection | A Service User API Key must now be provided to provide enhanced security" + - "9.1.2 - Retry functionality added to requests to SenintelOne that result in a 429 (too many requests) or 503 (service unavailable) error." + - "9.1.1 - `Threats Fetch File`: Updated action to prevent possible movement through file system" + - "9.1.0 - `Move Agent to Another Site`: Action added" + - "9.0.0 - Update plugin to allow cloud connections to be configured | Rename URL input to Instance in connection | Code refactor" + - "8.1.0 - Added New actions: Fetch file for agent ID and Run remote script. Updated description for Trigger resolved field" + - "8.0.1 - Search Agents: Remove duplicate results when Case Sensitive is false" + - "8.0.0 - Connection: Added Service user (API only user type) authentication | Removed Basic Authentication" + - "7.1.0 - Update for Blacklist action: Fix for unblocked action | Update for Quarantine action: unification of the output data when action fails | Add troubleshooting information about use Type Converter | Mark as Benign action: update description" + - "7.0.0 - Add new actions Update Analyst Verdict and Update Incident Status | Fix Get Agent Details and Search Agents actions to handle more response scenarios | Add option to authentication with API key" + - "6.2.0 - New actions Create Query, Get Query Status, Cancel Running Query, Get Events, Get Events By Type" + - "6.1.0 - Add new actions Disable Agent and Enable Agent" + - "6.0.0 - Add `operational_state` field to input of Get Agent Details and Search Agent actions | Update schema to return new outputs such as Active Directory, firewall, location, and quarantine information for Get Agent Details and Search Agent actions | Use API version 2.1 | Update capitalization according to style in Activities List action for Created Than Date and Less Than Dates inputs to Greater than Date and Less than Date" + - "5.0.1 - Correct spelling in help.md" + - "5.0.0 - Consolidate various Agent actions | Use API version 2.1 where possible | Delete obsolete Blacklist by IOC Hash and Agent Processes" + - "4.1.1 - Update the Get Threat Summary action to return all threat summaries instead of 10" + - "4.1.0 - Add case sensitivity option for Agent lookups" + - "4.0.1 - Fix Agent Active parameter in Get Agent Details action | Update Quarantine action whitelist for IP addresses" + - "4.0.0 - Update ID input for Fetch Threats File action to a string" + - "3.1.0 - Add new action Fetch Threats File" + - "3.0.0 - Update help.md for the Extension Library | Update title in action Blacklist by IOC Hash, Get Activities, Count Summary and Connect to Network" + - "2.1.1 - Upgrade trigger Get Threats to only return threats since trigger start" + - "2.1.0 - Add `agent_active` field to input in action Search Agents" + - "2.0.0 - Upgrade trigger input Agent is Active to default true" + - "1.4.0 - New actions Quarantine, Get Agent Details, Search Agents" + - "1.3.0 - Add new action Blacklist" + - "1.2.2 - Update error message in Connection" + - "1.2.1 - Update to use the `komand/python-3-37-slim-plugin` Docker image to reduce plugin size" + - "1.2.0 - New spec and help.md format for the Extension Library | New actions activities_list, activities_types, agents_abort_scan, agents_connect, agents_decommission, agents_disconnect, agents_fetch_logs, agents_initiate, agents_processes, agents_reload, agents_restart, agents_shutdown, agents_summary, agents_uninstall, apps_by_agent_ids, name_available" + - "1.1.0 - New trigger Get Threats | New actions Mitigate Threat, Mark as Benign, Mark as Threat and Create IOC Threat" + - "1.0.1 - Update to add Blacklist by IOC Hash and Blacklist by Content Hash" + - "1.0.0 - Initial plugin" types: activityTypes: id: diff --git a/plugins/sentinelone/setup.py b/plugins/sentinelone/setup.py index 320ee14799..4372ef72db 100644 --- a/plugins/sentinelone/setup.py +++ b/plugins/sentinelone/setup.py @@ -3,7 +3,7 @@ setup(name="sentinelone-rapid7-plugin", - version="11.1.2", + version="11.1.3", description="The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne", author="rapid7", author_email="", diff --git a/plugins/servicenow/.CHECKSUM b/plugins/servicenow/.CHECKSUM index 2850fb3bb5..c33cb26823 100644 --- a/plugins/servicenow/.CHECKSUM +++ b/plugins/servicenow/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "3bab886667ceb9dba39181f6a441fa10", - "manifest": "d7118569399e88fcb3953984c8f4f2ad", - "setup": "40aeb0a629c0d9382edab6c3ca043b97", + "spec": "54c8e0e0f797b20ec3522fb05155a98c", + "manifest": "73376d98e2bff91d1b395a79752520cf", + "setup": "5d17346bc99fad6e68e73382c791703e", "schemas": [ { "identifier": "create_change_request/schema.py", diff --git a/plugins/servicenow/Dockerfile b/plugins/servicenow/Dockerfile index 586b581f12..70c2ff693f 100644 --- a/plugins/servicenow/Dockerfile +++ b/plugins/servicenow/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.1.3 +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.2 LABEL organization=rapid7 LABEL sdk=python diff --git a/plugins/servicenow/bin/icon_servicenow b/plugins/servicenow/bin/icon_servicenow index 82c7fb0774..b34c3ada49 100755 --- a/plugins/servicenow/bin/icon_servicenow +++ b/plugins/servicenow/bin/icon_servicenow @@ -6,7 +6,7 @@ from sys import argv Name = "ServiceNow" Vendor = "rapid7" -Version = "8.0.3" +Version = "8.0.4" Description = "ServiceNow is a tool for managing incidents and configuration management. Using the ServiceNow plugin for Rapid7 InsightConnect, users can manage all aspects of incidents including creation, search, updates, as well as monitor them for changes" diff --git a/plugins/servicenow/help.md b/plugins/servicenow/help.md index e8e54dbcba..2c33beebae 100644 --- a/plugins/servicenow/help.md +++ b/plugins/servicenow/help.md @@ -1680,12 +1680,13 @@ Example output: |Work Notes List|string|None|False|Users interested in work notes|None| -## Troubleshooting +# Troubleshooting *This plugin does not contain a troubleshooting.* # Version History +* 8.0.4 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities * 8.0.3 - Update to resolve issue parsing response from ServiceNow if XML is received * 8.0.2 - Initial updates for fedramp compliance | Updated SDK to the latest version * 8.0.1 - Update Setuptool to version 70.0.0 | Update SDK to version 6.0.0 diff --git a/plugins/servicenow/plugin.spec.yaml b/plugins/servicenow/plugin.spec.yaml index e5c32bffe7..b1636d26b7 100644 --- a/plugins/servicenow/plugin.spec.yaml +++ b/plugins/servicenow/plugin.spec.yaml @@ -4,7 +4,7 @@ products: ["insightconnect"] name: servicenow title: ServiceNow description: ServiceNow is a tool for managing incidents and configuration management. Using the ServiceNow plugin for Rapid7 InsightConnect, users can manage all aspects of incidents including creation, search, updates, as well as monitor them for changes -version: 8.0.3 +version: 8.0.4 connection_version: 8 supported_versions: ["2023-10-28 Tokyo"] vendor: rapid7 @@ -26,7 +26,7 @@ hub_tags: features: [] sdk: type: slim - version: 6.1.3 + version: 6.2.2 user: nobody key_features: - "Search, Read, Create, Delete, and Update incidents to accelerate ticketing operations" @@ -46,6 +46,7 @@ references: - "[ServiceNow Operators](https://docs.servicenow.com/bundle/quebec-platform-user-interface/page/use/common-ui-elements/reference/r_OpAvailableFiltersQueries.html)" - "[ServiceNow Plugin Setup Guide](https://docs.rapid7.com/insightconnect/servicenow)" version_history: + - "8.0.4 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities" - "8.0.3 - Update to resolve issue parsing response from ServiceNow if XML is received" - "8.0.2 - Initial updates for fedramp compliance | Updated SDK to the latest version" - "8.0.1 - Update Setuptool to version 70.0.0 | Update SDK to version 6.0.0" diff --git a/plugins/servicenow/setup.py b/plugins/servicenow/setup.py index fc1229fb08..1ecab8ca45 100644 --- a/plugins/servicenow/setup.py +++ b/plugins/servicenow/setup.py @@ -3,7 +3,7 @@ setup(name="servicenow-rapid7-plugin", - version="8.0.3", + version="8.0.4", description="ServiceNow is a tool for managing incidents and configuration management. Using the ServiceNow plugin for Rapid7 InsightConnect, users can manage all aspects of incidents including creation, search, updates, as well as monitor them for changes", author="rapid7", author_email="", diff --git a/plugins/string/.CHECKSUM b/plugins/string/.CHECKSUM index f482dcb19d..3aadcd55be 100644 --- a/plugins/string/.CHECKSUM +++ b/plugins/string/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "2d872dd50b19daa898791255146106af", - "manifest": "922ea555f44944378c4f1b096747bd0c", - "setup": "c44b119f9f8f9981c367bc04a6dc9234", + "spec": "66e9ce90ef486ea29f7113995ed701ab", + "manifest": "1ec5f5cb6f45039155f589eb516e4e2b", + "setup": "9db7a8efac3085fd9937946ee94a5cec", "schemas": [ { "identifier": "length/schema.py", diff --git a/plugins/string/Dockerfile b/plugins/string/Dockerfile index a9094f6b81..c398da6653 100755 --- a/plugins/string/Dockerfile +++ b/plugins/string/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.1.0 +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.2 LABEL organization=rapid7 LABEL sdk=python diff --git a/plugins/string/bin/komand_string b/plugins/string/bin/komand_string index b9f0777c7a..cfe15232cb 100755 --- a/plugins/string/bin/komand_string +++ b/plugins/string/bin/komand_string @@ -6,7 +6,7 @@ from sys import argv Name = "String Operations" Vendor = "rapid7" -Version = "1.4.1" +Version = "1.4.2" Description = "The String plugin provides common programmatic string operations" diff --git a/plugins/string/help.md b/plugins/string/help.md index 0488b090b0..7aeec01ba8 100644 --- a/plugins/string/help.md +++ b/plugins/string/help.md @@ -168,7 +168,7 @@ Example output: #### Split String to List -This action is used to convert a string to a list of strings. +This action is used to converts a string to a list of strings ##### Input @@ -352,6 +352,7 @@ There may be complex string manipulation needs that are likely outside the scope # Version History +* 1.4.2 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities * 1.4.1 - Initial updates for fedramp compliance | Updated SDK to the latest version * 1.4.0 - New action Replace * 1.3.1 - Update to v4 Python plugin runtime diff --git a/plugins/string/plugin.spec.yaml b/plugins/string/plugin.spec.yaml index 1961ae7140..42fcae1683 100644 --- a/plugins/string/plugin.spec.yaml +++ b/plugins/string/plugin.spec.yaml @@ -4,7 +4,7 @@ products: [insightconnect] name: string title: String Operations description: The String plugin provides common programmatic string operations -version: 1.4.1 +version: 1.4.2 connection_version: 1 vendor: rapid7 support: community @@ -25,7 +25,7 @@ hub_tags: features: [] sdk: type: slim - version: 6.1.0 + version: 6.2.2 user: nobody key_features: - "Split a string to a list of elements" @@ -33,6 +33,7 @@ key_features: - "Upper case, lower case, and trim a string" - "Replace parts of a string" version_history: + - "1.4.2 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities" - "1.4.1 - Initial updates for fedramp compliance | Updated SDK to the latest version" - "1.4.0 - New action Replace" - "1.3.1 - Update to v4 Python plugin runtime" diff --git a/plugins/string/setup.py b/plugins/string/setup.py index b38c31c243..1ab1abb37a 100755 --- a/plugins/string/setup.py +++ b/plugins/string/setup.py @@ -3,7 +3,7 @@ setup(name="string-rapid7-plugin", - version="1.4.1", + version="1.4.2", description="The String plugin provides common programmatic string operations", author="rapid7", author_email="", diff --git a/plugins/whois/.CHECKSUM b/plugins/whois/.CHECKSUM index 0b0f6283b5..ca631eb2ff 100644 --- a/plugins/whois/.CHECKSUM +++ b/plugins/whois/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "c321daf69a3679e488625f8dbd077985", - "manifest": "c35b3c929b1fa09020196cc79f5b701a", - "setup": "8ad9bdf0d891eb2e9bc3a2535f273e9d", + "spec": "4d67f7597ca0c9b43ff85bc3d161836e", + "manifest": "1588546a33ea7ad727ddb4da7cccf361", + "setup": "d096809ce9406aab15b8953507d6afe0", "schemas": [ { "identifier": "address/schema.py", diff --git a/plugins/whois/Dockerfile b/plugins/whois/Dockerfile index 5e98cfa001..59922bdfae 100755 --- a/plugins/whois/Dockerfile +++ b/plugins/whois/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.0 +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.2 LABEL organization=rapid7 LABEL sdk=python diff --git a/plugins/whois/bin/komand_whois b/plugins/whois/bin/komand_whois index 806077bad0..5d86e8e1dc 100755 --- a/plugins/whois/bin/komand_whois +++ b/plugins/whois/bin/komand_whois @@ -6,7 +6,7 @@ from sys import argv Name = "WHOIS" Vendor = "rapid7" -Version = "3.1.6" +Version = "3.1.7" Description = "[WHOIS](https://en.wikipedia.org/wiki/WHOIS) is a query and response protocol that is widely used for querying databases that store the registered users or assignee's of an Internet resource, such as a domain name, an IP address block, or an autonomous system" diff --git a/plugins/whois/help.md b/plugins/whois/help.md index c0a8dfd9d1..0f78bd8dc7 100644 --- a/plugins/whois/help.md +++ b/plugins/whois/help.md @@ -181,6 +181,7 @@ Multiple records can be returned by the server, this plugin currently only retur # Version History +* 3.1.7 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities * 3.1.6 - Fix mapping issue (RIPE) for address action. Adding 'description' output field for RIPE (address action) | SDK bump to 6.2.0 * 3.1.5 - Action `Address`: Fixed issue with result parsing * 3.1.4 - Initial updates for fedramp compliance | Updated SDK to the latest version diff --git a/plugins/whois/plugin.spec.yaml b/plugins/whois/plugin.spec.yaml index 91bf3a8c8e..1ee62ed2ce 100644 --- a/plugins/whois/plugin.spec.yaml +++ b/plugins/whois/plugin.spec.yaml @@ -4,7 +4,7 @@ products: [insightconnect] name: whois title: WHOIS description: "[WHOIS](https://en.wikipedia.org/wiki/WHOIS) is a query and response protocol that is widely used for querying databases that store the registered users or assignee's of an Internet resource, such as a domain name, an IP address block, or an autonomous system" -version: 3.1.6 +version: 3.1.7 connection_version: 3 vendor: rapid7 support: community @@ -12,7 +12,7 @@ supported_versions: ["2024-09-09"] status: [] sdk: type: slim - version: 6.2.0 + version: 6.2.2 user: nobody packages: - whois @@ -34,6 +34,7 @@ references: ["[WHOIS](https://en.wikipedia.org/wiki/WHOIS)"] links: ["[WHOIS](https://en.wikipedia.org/wiki/WHOIS)"] troubleshooting: "Multiple records can be returned by the server, this plugin currently only returns the first unique records found." version_history: + - "3.1.7 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities" - "3.1.6 - Fix mapping issue (RIPE) for address action. Adding 'description' output field for RIPE (address action) | SDK bump to 6.2.0" - "3.1.5 - Action `Address`: Fixed issue with result parsing" - "3.1.4 - Initial updates for fedramp compliance | Updated SDK to the latest version" diff --git a/plugins/whois/setup.py b/plugins/whois/setup.py index c641c450a4..8cb298eaf8 100755 --- a/plugins/whois/setup.py +++ b/plugins/whois/setup.py @@ -3,7 +3,7 @@ setup(name="whois-rapid7-plugin", - version="3.1.6", + version="3.1.7", description="[WHOIS](https://en.wikipedia.org/wiki/WHOIS) is a query and response protocol that is widely used for querying databases that store the registered users or assignee's of an Internet resource, such as a domain name, an IP address block, or an autonomous system", author="rapid7", author_email="",