SOAR-6687 Fix Metasploit plugin (#1008)

* tried to implement fix- pending new library upload to test properly:

* initial fix commit. Lots in here, sorry about that

* fixed up trigger to make it functional

* black formatting

* ready to merge except for help.md

* added comments, supported versions, manually fixed up help.md

* regen with supported versions

* fixing some validation issues

* fixed prospector errors, down to regen issues now

* fixed param issue in search for exploit

* fixed prospector msg

* removed another entry from checksum

* added type hints

* ran black formatting

* reformatting pt 2

Co-authored-by: Mike Rinehart <[email protected]>

[SOAR-7005] Update Teams Plugin with Troubleshooting from Discuss (#1021)

* add troubleshoot message about teams to help.md

* attempt fixing input violations in help.md

* Update plugins/microsoft_teams/help.md with correct troubleshooting message

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/microsoft_teams/help.md taking out unnec brackets

Co-authored-by: Mike Rinehart <[email protected]>

* revert help.md dictionaries

* fix plugins/microsoft_teams/help.md dictionary

Co-authored-by: Mike Rinehart <[email protected]>

Co-authored-by: Mike Rinehart <[email protected]>

Jira: Fix bug in "Get Comments", failing normalize_user in Jira Cloud (#991)

* Add pass-thru is_cloud for normalize_user

The action for Get Comments never relays the state of the endpoint as
on-premise or cloud, but requires this state to return successfully.

By using the same process as is present in other actions, passing of
the client is_cloud boolean through the normalize_comment function
and on to the normalize_user function with a default value of False.

* Fix bug normalize_comment not receiving connection.is_cloud

With the action Get Comments, normalize_comment calls upon the function
normalize_user. This dependent function requires knowledge of the state
of is_cloud from the client connection.

This change passes the connection.is_cloud state into normalize_comment.

* bump version

* Updated version minor as previous Get Comments action only worked with Jira Server. Now works with both Server and Cloud.

* updated checksum with icon-plugin tool

* Update help.md

* Regenerate checksum.

* Add missing newline to help.md. Passing local validation.

Co-authored-by: Max Berezin <[email protected]>
Co-authored-by: Mike Rinehart <[email protected]>
Co-authored-by: pmara-r7 <[email protected]>
Co-authored-by: Maxim Berezin <[email protected]>

SOAR-7007: Fix Get Alerts Trigger in Microsoft ATP (#1017)

* Regen

* Add changelog

* fix missed fixes

* Fix Prospector warnings

* Add timeout-decorator

* Comment out test placeholders

* Blacken

* Lint jira

Co-authored-by: Elijah Martin-Merrill <[email protected]>
Co-authored-by: Maxim Berezin <[email protected]>
Co-authored-by: PJ Mara <[email protected]>

[MC-615][MC-664][MC-665] Add new actions in Google Drive plugin (#993)

* [MC-615][MC-664][MC-665] Add new actions in Google Drive plugin

* [MC-615][MC-664][MC-665] Reformat test_move_file.py

* Update plugins/google_drive/plugin.spec.yaml

Change Move File action description

Co-authored-by: jrose-r7 <[email protected]>

* Update help.md.

* Update checksum

* [MC-615][MC-664][MC-665] Update Create File in Folder action

* Update input examples for connection in help.md

* [MC-708][MC-731][MC-732] Update Python version and code refactoring in Google Drive plugin

* [MC-708][MC-731][MC-732] Update requirements.txt and help.md

Co-authored-by: Max Berezin <[email protected]>
Co-authored-by: jrose-r7 <[email protected]>
Co-authored-by: Maxim Berezin <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: pmara-r7 <[email protected]>
Co-authored-by: Mike Rinehart <[email protected]>

MC-380 - PaloAlto Wildfire - Connection Test (#1019)

* [MC-380] Added connection test

* [MC-380] Make regenerate

* [MC-380] Added `supported_versions` and removed unsupported keyworks.

* [MC-380] Resolve the issue with importing plugin + make regenerate.

* Version pin in requirements.txt

* [MC-380] Updated the existing unit test to use mock response

* black validation failure fix

Co-authored-by: Mike Rinehart <[email protected]>

[MC-690][MC-728][MC-729][MC-730][MC-749] Code refactor and add new action in Subnet plugin (#1016)

* [MC-690][MC-728][MC-729][MC-730][MC-749] Code refactor and add new action in Subnet plugin

* [MC-690][MC-728][MC-729][MC-730][MC-749] Remove unnecessary f-string

* Test

* Remove init.py

* [MC-690][MC-728][MC-729][MC-730][MC-749] Update help.md and requirements.txt

* [MC-690][MC-728][MC-729][MC-730][MC-749] Remove trailing space

* [MC-690][MC-728][MC-729][MC-730][MC-749] Update plugin spec

Co-authored-by: Mike Rinehart <[email protected]>
Co-authored-by: Mike Rinehart <[email protected]>
Co-authored-by: Max Berezin <[email protected]>

MC-742 - ElasticSearch - Bugfix - Routing Issue (#1014)

* [MC-724] Corrected the `index_document` action.

* [MC-724] Minor code improvements.

* [MC-724] Search document routing fix.

* [MC-724] Corrected `update_document` action + black formatting.

* Added unit additional unit test for search_document with route

* [MC-724] Make regenerate

* [MC-724] Added `supported_versions`  + make regenerate

* [MC-742] Remove unused variables and add unit test with no routing.

* [MC-742] Applied black formatting.

Co-authored-by: PJ Mara <[email protected]>
Co-authored-by: Mike Rinehart <[email protected]>

Update README.md (#1023)

* Update README.md

* Update README.md

Co-authored-by: PJ Mara <[email protected]>

Co-authored-by: PJ Mara <[email protected]>

[SOAR-7134] update troubleshooting and requirements messaging for RBAC permissions (#1024)

* update troubleshooting and requirements messaging for RBAC permissions

* update get notifications troubleshooting info link

* Update plugins/carbon_black_defense/help.md

Co-authored-by: Mike Rinehart <[email protected]>

* consolidate api key requirements info

* punctuation in troubleshooting section

Co-authored-by: Mike Rinehart <[email protected]>

Update Python 3 Script documentation & install g++ (#1025)

* Update documentation

* Update help.md

Co-authored-by: PJ Mara <[email protected]>

SOAR-5837: Scrub Anomali API key from logger (#943)

* Add a util to scrub API keys from URLs using regex.

* Import logging to get_observables action, add formatter to logger
Black format
Update help.md and bump version number

* Regenerate plugin.

* Black format

* Generate unit tests

* Fix formatter import

* caught exception

* Only suppress ConnectionErrors, wrap censored original error in PluginException
Replace logging formatter with simple util function

* Black format

* Regenerate plugin.

* Add examples to plugin spec to satisfy validator, regenerate plugin

* Abstract send request to Connection class for all actions, delete utils

* Change example user to match example style guide

* Update plugins/anomali_threatstream/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/anomali_threatstream/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/anomali_threatstream/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/anomali_threatstream/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/anomali_threatstream/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/anomali_threatstream/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* help.md validates with plugin spec

* Raise plugin exception from None instead of additional Connection error

* Change send() parameters signature and add plugin root init

* Add connection test and API key suppression check

* Black format

* Add get observables unit test

Co-authored-by: Mike Rinehart <[email protected]>
Co-authored-by: Joey McAdams <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: pmara-r7 <[email protected]>

SQL plugin change example in PORT input and update util.py file with Python3 (#1003)

* [MC-706] SQL plugin change example in PORT input and update util.py file with Python3

* Implement Pylint fixes for dict.get() and catch Exception

* Add version numbers to supported DB software

* Regenerate checksum

Co-authored-by: pmara-r7 <[email protected]>
Co-authored-by: Mike Rinehart <[email protected]>
Co-authored-by: Max Berezin <[email protected]>
Co-authored-by: Maxim Berezin <[email protected]>

Xdr monitor incident events bug fix (#1026)

* Add monitor alert task to palo alto xdr plugin

* style

* remove unused import

* changed to minor version bumo since there arent any non-backward compatible changes

* changed to get incidents endpoint, added inputs to the tasks

* delete old get alerts task

* remove unecessary code

* remove alert sources parameter since the XDR api behaves very inconsistently when it is present

* update checksum

* Update help.md

* Update help.md

* simplify conditions as per code review comments, fix json list representation in plugin spec and docs file

* incident bug fix

* fix bug where None value fields could be returned in incidents

* fix help.md, requirements section can only accept bullet points, move non-bullet points to setup section

* Comment out unused tests

* Add supported product versions

Co-authored-by: jrose-r7 <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Mike Rinehart <[email protected]>
Co-authored-by: Mike Rinehart <[email protected]>

[MC-676][MC-727] Update Domain Extractor in Extractit plugin (#1015)

* [MC-676][MC-727] Update Domain Extractor in Extractit plugin

* [MC-676][MC-727] Update requirements.txt

* [MC-676][MC-727] Add comments in extractor.py

* [MC-676][MC-727] Reformat

* [MC-676][MC-727] Add comments in extractor.py and fix unit tests

Co-authored-by: PJ Mara <[email protected]>
Co-authored-by: Mike Rinehart <[email protected]>
Co-authored-by: jrose-r7 <[email protected]>
Co-authored-by: Max Berezin <[email protected]>

Fix error messaging around invalid credentials (#1022)

Co-authored-by: PJ Mara <[email protected]>
Co-authored-by: Max Berezin <[email protected]>

[MC-492][MC-694][MC-491][MC-726] Add Get Blocked Hosts and Block Host actions to Cisco ASA (#994)

* [MC-492][MC-694] Add Get Blocked Hosts action to Cisco ASA

* [MC-492][MC-694] Add section for supported version

* Scrub test example input

* [MC-491][MC-726] Add Block Host action to Cisco ASA

* [MC-492][MC-694][MC-491][MC-726] Update requirements.txt

* [MC-492][MC-694][MC-491][MC-726] Add ignore comments

* [MC-492][MC-694][MC-491][MC-726] Reformat

Co-authored-by: Max Berezin <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Maxim Berezin <[email protected]>
Co-authored-by: Mike Rinehart <[email protected]>
Co-authored-by: PJ Mara <[email protected]>

IntSights plugin (#1009)

* [MC-683] Init plugin | Add action Get Indicator by Value

* IntSights new actions and trigger draft

* [MC-717] Add action Get Indicator By Value

* [MC-683][MC-673][MC-681][MC-682][MC-684][MC-686][MC-688][MC-687] Add new Plugin IntSights

* [MC-717][MC-718][MC-719][MC-720][MC-721][MC-722][MC-723][MC-725] Update help.md

* Revert: Add microsoft ATP
Black reformat

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/icon_intsights/actions/takedown_request/action.py

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/icon_intsights/connection/connection.py

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/icon_intsights/util/api.py

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* [MC-683] Fix help

* [MC-683] Fix help

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* [MC-683] Change plugin name to rapid7_intsights

* [MC-683] Change plugin name to rapid7_intsights

* [MC-683] Fix unit tests

* [MC-683] Fix unit tests

* [MC-683] Add clean to enrich_indicator output

* [MC-683] Add clean to enrich_indicator output

* Add icon

* New graphics

* Fix unit_test path while getting payload

* Add cutom type

* Regenerate plugin and Black format

* Update help.md for validator

* Update plugins/rapid7_intsights/help.md

* [MC-683] Set some output to required false

Co-authored-by: r7-kszczepanskagorna <[email protected]>
Co-authored-by: Mike Rinehart <[email protected]>
Co-authored-by: Mike Rinehart <[email protected]>
Co-authored-by: Maxim Berezin <[email protected]>

[MC-740] Fix threatscore KeyError (#1031)

* [MC-740] Fix threatscore KeyError

* Update plugins/hybrid_analysis/help.md

* used refactor to change hash to hash_ in 2 files

Co-authored-by: Mike Rinehart <[email protected]>
Co-authored-by: PJ Mara <[email protected]>
Co-authored-by: PJ Mara <[email protected]>

Remove ISOLATE_MACHINE remediate option from Cybereason documentation (#1035)

* Update docs to remove ISOLATE_MACHINE remediate option

* Update changelog

MC-301 & MC-809 - Cybereason - New Action - Delete Registry Key (#1028)

* Make regenerate

* Added delete registry key action.

* Using example email address.

* Action + black formatting.

* Removed user email address and using an example one.

* Added tests and example payloads.

* Added example output and corrected the inputs

* [MC-301] Added comment to get_machine_targets.

* Update .CHECKSUM

* Update checksum

Co-authored-by: PJ Mara <[email protected]>
Co-authored-by: Mike Rinehart <[email protected]>
Co-authored-by: Mike Rinehart <[email protected]>

[MC-709][MC-810] Support extraction from binary files for all actions in Extractit plugin (#1030)

* [MC-709] Support extraction from binary files for all actions

* [MC-709][MC-810] Update extractor.py and unit tests

* Replace manual file open/close with "with" context for Prospector validation

* [MC-709][MC-810] Remove manual closing of file

Co-authored-by: PJ Mara <[email protected]>
Co-authored-by: Max Berezin <[email protected]>

Elasticsearch fix search action (#988)

* MC-677 Fix search example input in help.md | Add exception message in search action

* Regen and fix docs

* Fix syntax in action.py

* [MC-677] Fix search example input in help.md | Add exception message in search action

* [MC-677] Fix search example input in help.md | Add exception message in search action

* Black reformat

* [MC-677] Fix help | Fix unit test | Add unit test to check wrong query input

* [MC-677] Fix help | Fix unit test | Add unit test to check wrong query input

* Update plugins/elasticsearch/komand_elasticsearch/actions/search_documents/action.py

* Update plugins/elasticsearch/unit_test/test_search_documents.py

* Update expected error string

* Black format.

Co-authored-by: Jon Schipp <[email protected]>
Co-authored-by: Jon Schipp <[email protected]>
Co-authored-by: Maxim Berezin <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Mike Rinehart <[email protected]>
Co-authored-by: Max Berezin <[email protected]>
Co-authored-by: PJ Mara <[email protected]>

[SOAR-7434] ipstack schema update (#1040)

* updated komand to icon runtime

* added time_zone fix

* passing individual unit tests

* fixed unit test bug

* black reformat

* fixed api url

* added ignore pylint unused args because implementation is blank

* increased version from 2->3 and reformat

* fixing prospector

Add support of ! character to the URL extraction (#1041)

1. Update Regex to support ! character to the URL extractor
2. Update plugin minor version
3. Add a test string to the Unit test set
4. Update help.md to include release details
5. Regenerate the plugin files

JIRA: SOAR-7356

[MC-754][MC-838][MC-839][MC-840] PDF Reader plugin - Fix Extract Text action (#1038)

* [MC-754] Fix Extract Text action

* [MC-754] Update plugin spec

* [MC-754][MC-838][MC-839][MC-840] Update Dockerfile and Extract Text action

* [MC-754] Update Extract Text action

* [MC-754][MC-838][MC-839][MC-840] Update error messaging in Extract Text action

* Update plugins/pdf_reader/help.md

Co-authored-by: Max Berezin <[email protected]>
Co-authored-by: Mike Rinehart <[email protected]>

Add new trigger in Rapid7 IntSights plugin (#1033)

* [MC-683] Init plugin | Add action Get Indicator by Value

* IntSights new actions and trigger draft

* [MC-717] Add action Get Indicator By Value

* [MC-683][MC-673][MC-681][MC-682][MC-684][MC-686][MC-688][MC-687] Add new Plugin IntSights

* [MC-717][MC-718][MC-719][MC-720][MC-721][MC-722][MC-723][MC-725] Update help.md

* Revert: Add microsoft ATP
Black reformat

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/icon_intsights/actions/takedown_request/action.py

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/icon_intsights/connection/connection.py

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/icon_intsights/util/api.py

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* [MC-683] Fix help

* [MC-683] Fix help

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* [MC-683] Change plugin name to rapid7_intsights

* [MC-683] Change plugin name to rapid7_intsights

* [MC-683] Fix unit tests

* [MC-683] Fix unit tests

* [MC-683] Add clean to enrich_indicator output

* [MC-683] Add clean to enrich_indicator output

* Add icon

* New graphics

* Fix unit_test path while getting payload

* [MC-771][MC-808] plugin.spec and action code

* Add cutom type

* [MC-771][MC-808] Add unit tests

* [MC-771][MC-808] Add unit tests

* [MC-771][MC-808] Fix description

* [MC-771][MC-808] Fix f-string in API

* [MC-771][MC-808] Fix unit_test expecteds files

* [MC-685][MC-724] Add new trigger New Alert with unittest

* [MC-685][MC-724] Add new trigger New Alert with unittest

* [MC-685][MC-724] Add new trigger New Alert with unittest

* [MC-685][MC-724] Add new trigger New Alert with unittest

* [MC-685][MC-724] black

* [MC-685][MC-724] Add module to requirements

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: jrose-r7 <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: PJ Mara <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: PJ Mara <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: jrose-r7 <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: jrose-r7 <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: jrose-r7 <[email protected]>

* [MC-771][MC-808] Add pagination to action get_cve_by_id

* [MC-771][MC-808] Add pagination to action get_cve_by_id

* [MC-771][MC-808] Black format

* [MC-685] Add new case to unit tests, Change descriptions in plugin.spec

* [MC-685] Black format

* [MC-685] Add new case to unit tests, Change descriptions in plugin.spec

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: jrose-r7 <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: jrose-r7 <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: jrose-r7 <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* [MC-685] Fix query in get_cve

* [MC-685] Fix query in get_cve

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* [MC-685] Fix validator issues

* [MC-717] Fix score from integer to float

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/rapid7_intsights/help.md

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* Update plugins/rapid7_intsights/plugin.spec.yaml

Co-authored-by: Mike Rinehart <[email protected]>

* [MC-685] Fix input enum errors

Co-authored-by: r7-kszczepanskagorna <[email protected]>
Co-authored-by: Mike Rinehart <[email protected]>
Co-authored-by: Mike Rinehart <[email protected]>
Co-authored-by: jrose-r7 <[email protected]>
Co-authored-by: PJ Mara <[email protected]>
Co-authored-by: Max Berezin <[email protected]>

Fix plugin validator GH Action

[MC-800] Improve error messaging in Palo Alto MineMeld plugin (#1046) (#1051)

[MC-800] Update PaloAltoMineMeld to 1.0.1 with below:
1. Update unit tests
2. Update requirements. txt

[MC-801] Fix Set Address Object action in Palo Alto PAN-OS plugin (#1047) (#1055)

Co-authored-by: dsliwinski-r7 <[email protected]>

Microsoftteams_3.1.5 (#1058)

* [MC-772] Add `microsoft_teams` keyword

* [MC-772] Fix unit tests

* Update plugins/microsoft_teams/help.md

[SOAR-7961] Configurable interval for devo  (#1059) (#1065)

* configurable interval
* set interval default to 10 seconds

[MC-751] - ServiceNow Get Attachments (#1054)

Automox Plugin: Initial release of plugin with base management functionality (#1042)

Cisco Umbrella Destinations Lists
The below actions have been added:
dGet
dAdd
dDelete
dlGet
dlGetAll
dlPatch
dlDelete
dlCreate

Updated acronyms in spec file

Update plugins/cisco_umbrella_destinations/plugin.spec.yaml

text fix to capitalize acronyms

Co-authored-by: jrose-r7 <[email protected]>

Update plugins/cisco_umbrella_destinations/plugin.spec.yaml

text fix to capitalize acronyms

Co-authored-by: jrose-r7 <[email protected]>

Update plugins/cisco_umbrella_destinations/plugin.spec.yaml

text fix to capitalize acronyms

Co-authored-by: jrose-r7 <[email protected]>

Updated spec

Changing org_id & dl_id to input

Added basic PluginException error handling

removed unitTests & greeting yaml

Updated examples in spec file

Added PluginException to api.py & removed from actions

Removed unused imports

Final api.py

Updated api.py

Fixed broken logger

..

Commented out connection bug for now

Change return to pass

Fix prospector issue #1

Fix prospector issue #2

Validators fix attempt#1

Fix validators #2

Fix validators #3

Fix validators #4

Fix validators #5

Fix validators #6

Fix validators #7

Added black formatting

Test black #1

Black formatting complete

Moved orgID to connection input

Black formatting #2

Fix prospector issue #3

--

Cisco Umbrella Destinations Lists
The below actions have been added:
dGet
dAdd
dDelete
dlGet
dlGetAll
dlPatch
dlDelete
dlCreate

Changing org_id & dl_id to input

Added basic PluginException error handling

removed unitTests & greeting yaml

Updated examples in spec file

Added PluginException to api.py & removed from actions

Final api.py

Updated api.py

Fixed broken logger

Commented out connection bug for now

Change return to pass

Validators fix attempt#1

Fix validators #2

Fix validators #3

Fix validators #4

Fix validators #5

Fix validators #6

Fix validators #7

Added black formatting

Black formatting complete

Moved orgID to connection input

Cisco Umbrella Destinations Lists
The below actions have been added:
dGet
dAdd
dDelete
dlGet
dlGetAll
dlPatch
dlDelete
dlCreate

Changing org_id & dl_id to input

Added basic PluginException error handling

removed unitTests & greeting yaml

Updated examples in spec file

Added PluginException to api.py & removed from actions

Final api.py

Updated api.py

Fixed broken logger

Commented out connection bug for now

Change return to pass

Validators fix attempt#1

Fix validators #2

Fix validators #3

Fix validators #4

Fix validators #5

Fix validators #6

Fix validators #7

Added black formatting

Black formatting complete

Moved orgID to connection input

Test Commit #1

Updated help.md & plugin spec

Black formatting #3

.github/workflows/main.yml

@@ -17,7 +17,7 @@ jobs:
       env: 
         PACKAGE_CLOUD_TOKEN: ${{ secrets.CI_PACKAGECLOUD_TOKEN }}
       run: |
-        python -m pip install --upgrade pip setuptools
+        python -m pip install --upgrade pip setuptools wheel
         curl -s "https://${PACKAGE_CLOUD_TOKEN}@packagecloud.io/install/repositories/rapid7/insightconnect_internal_python_tooling/script.python.sh" | bash
         python -m pip install --user icon-integrations-ci --no-warn-script-location
         export ICON_INTEGRATIONS_RELEASES_SLACK_WEBHOOK=${{ secrets.ICON_INTEGRATIONS_RELEASES_SLACK_WEBHOOK }}

README.md

@@ -2,164 +2,10 @@
 
 [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
 
-We made a large number of our plugins open-source in order to benefit our customers, partners, and the greater community.
+Welcome to the open source plugins repository for Rapid7 InsightConnect. 
 
-The integrations here include some new, some old, and many that are community supported. These are automatically released to the product marketplace from this repository for convenient orchestration.
-The full list of integrations is available on our [Marketplace](https://www.rapid7.com/marketplace/).
+Plugin development documentation can be found at [https://docs.rapid7.com/insightconnect/getting-started](https://docs.rapid7.com/insightconnect/getting-started) and a full list of all plugins available for InsightConnect can be found at the [Rapid7 Extension Library](https://extensions.rapid7.com).
 
-For general questions, issues with plugins, assistance with building or enhancing plugins, or any other discussions, check out our [Rapid7 Discussion Community](https://discuss.rapid7.com/). The team is active on Discuss along with other members of the community that are able to provide assistance. If you have a direct inquiry for the team maintaining InsightConnect plugins, we can also be reached at `[email protected]`.
-Please note that GitHub Issues are unmonitored by Rapid7 developers and are disabled for this repository.
+## Contributing
 
-### Table of Contents
-
-1. [Getting Started](#getting-started)
-2. [Example](#example)
-3. [Plugin Support](#plugin-support)
-4. [Contributing](#contributing)
-
-### Getting Started
-
-You can run and develop plugins from the command-line and then orchestrate them via [InsightConnect](https://www.rapid7.com/products/insightconnect/) or legacy Komand.
-
-Plugins are stand-alone REST services that run within Docker containers. You can interact with them over HTTP via the REST service endpoints or stdin/stdout of the running container's process.
-
-See our [developer documentation](https://docs.rapid7.com/insightconnect/getting-started/) to learn how to build a plugin using our Python SDK. To learn more about a specific plugin, see the documentation in every plugin's `help.md` file.
-
-Dependencies:
-
-* [Python 3](https://www.python.org/download/releases/3.0/)
-* [Make](https://www.gnu.org/software/make/)
-* [Docker Engine](https://www.docker.com)
-* [InsightConnect plugin tooling](https://docs.rapid7.com/insightconnect/getting-started/)
-* [InsightConnect validators](https://pypi.org/project/insightconnect-integrations-validators/), [pyyaml](https://pyyaml.org/), [js-yaml](https://github.com/nodeca/js-yaml), [jq](https://stedolan.github.io/jq/), [flake8](https://pypi.org/project/flake8/), [mdl](https://github.com/markdownlint/markdownlint) for the helper scripts in `tools/`.
-* [Pre-commit](https://pre-commit.com/) and [Black](https://github.com/psf/black)
-
-For a quick & easy way to install tooling dependencies, run `update-tools.sh` from the `tools/` directory in this repository!
-
-### Example
-
-![Make Menu](./.github/make_menu_example.png)
-
-Let's build and run a plugin from this repository.
-
-We'll use the Dig plugin as an example. Dig is a command-line network utility for DNS.
-
-```
-$ cd dig
-$ make
-[*] Use ``make menu`` for available targets
-[*] Including available Makefiles: ../tools/Makefiles/Colors.mk ../tools/Makefiles/Helpers.mk
---
-[*] Building plugin image
-docker build --pull -t rapid7/dig:1.0.1 .
-Sending build context to Docker daemon  208.9kB
-Step 1/14 : FROM komand/python-3-37-slim-plugin:3
-2: Pulling from komand/python-3-37-slim-plugin
-Digest: sha256:74c67981efc06a27c0e650bc0bc3a681c87bc193869a3316945480c26371f7f4
-Status: Image is up to date for komand/python-3-37-slim-plugin:3
-...
-```
-
-Now, let's create the runner script and then run the plugin:
-
-```
-$ make runner
-[*] Use ``make menu`` for available targets
-[*] Including available Makefiles: ../tools/Makefiles/Colors.mk ../tools/Makefiles/Helpers.mk
---
-[*] Creating link to run.sh |
-
-$ ./run.sh -R tests/search_by_domain.json -j
-
-Running: cat tests/forward.json | docker run --rm   -i rapid7/dig:1.0.1  run | grep -- ^\{ | jq -r '.body | try(.log | split("\n") | .[]),.output'
-rapid7/Dig:1.0.1. Step name: forward
-Executing command /usr/bin/dig google.com A
-
-{
-  "status": "NOERROR",
-  "fulloutput": "\n; <<>> DiG 9.12.3 <<>> google.com A\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52959\n;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0\n\n;; QUESTION SECTION:\n;google.com.\t\t\tIN\tA\n\n;; ANSWER SECTION:\ngoogle.com.\t\t162\tIN\tA\t172.217.12.174\n\n;; Query time: 62 msec\n;; SERVER: 192.168.65.1#53(192.168.65.1)\n;; WHEN: Thu Apr 18 17:06:37 UTC 2019\n;; MSG SIZE  rcvd: 44\n\n",
-  "question": "google.com",
-  "all_answers": [
-    "172.217.12.174"
-  ],
-  "last_answer": "172.217.12.174",
-  "answer": "172.217.12.174",
-  "nameserver": "192.168.65.1"
-}
-```
-
-You can also run the plugin container in the background as a REST server:
-
-```
-$ ./run.sh -c http
-Forwarding to port 10001
-Running:  docker run --rm  -d  -p 10001:10001 -i rapid7/dig:1.0.1  http
-d719d45e9238d407010e656209f11b30674c2a3dd39225e232685737b111cc2d
-```
-
-Let's run the equivalent of the previous example but with a web request:
-
-```
-$ curl -d @tests/forward.json http://127.0.0.1:10001/actions/forward
-{
-  "body": {
-    "log": "rapid7/Dig:1.0.1. Step name: forward\nExecuting command /usr/bin/dig google.com A\n",
-    "meta": {},
-    "output": {
-      "all_answers": [
-        "172.217.9.78"
-      ],
-      "answer": "172.217.9.78",
-      "fulloutput": "\n; <<>> DiG 9.12.3-P4 <<>> google.com A\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59113\n;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0\n\n;; QUESTION SECTION:\n;google.com.\t\t\tIN\tA\n\n;; ANSWER SECTION:\ngoogle.com.\t\t162\tIN\tA\t172.217.9.78\n\n;; Query time: 46 msec\n;; SERVER: 192.168.65.1#53(192.168.65.1)\n;; WHEN: Fri Apr 19 16:45:20 UTC 2019\n;; MSG SIZE  rcvd: 44\n\n",
-      "last_answer": "172.217.9.78",
-      "nameserver": "192.168.65.1",
-      "question": "google.com",
-      "status": "NOERROR"
-    },
-    "status": "ok"
-  },
-  "type": "action_event",
-  "version": "v1"
-}
-```
-
-You can generate sample JSON to use to test your plugin with the runner `run.sh`:
-
-```
-$ ./run.sh -c sample
-Actions: [forward reverse]
-Triggers: []
-Sample requires sample name e.g. ``./run.sh -c sample <name>''
-
-$ ./run.sh -c sample forward
-Running:  docker run --rm   -i rapid7/dig:1.0.1  sample forward | jq '.'
-{
-  "body": {
-    "action": "forward",
-    "input": {
-      "query": "A",
-      "domain": "",
-      "resolver": ""
-    },
-    "connection": null,
-    "meta": {}
-  },
-  "version": "v1",
-  "type": "action_start"
-}
-```
-
-You can also generate all samples for a plugin with this shorthand: `./run.sh -c samples`
-
-### Plugin Support
-
-The `status` key in a plugin's `plugin.spec.yaml` file indicates which plugins are officially supported by Rapid7 developers (rapid7) and which ones are supported by our ecosystem of external developers or by Rapid7 as best-effort (community).
-
-```
-$ grep '^support:' microsoft_teams/plugin.spec.yaml
-support: community
-```
-
-### Contributing
-
-See our [contributing guide](./CONTRIBUTING.md).
+Please see our [contribution guide](./CONTRIBUTING.md) for contributing changes back to this repository.

plugins/anomali_threatstream/.CHECKSUM

@@ -1,7 +1,7 @@
 {
-	"spec": "36ff822fde417e00264411dd9dc4ae80",
-	"manifest": "05004c1105ffdb9e223b6e7c8c8fdb18",
-	"setup": "c8000858b5533c60c5495e2c8952031c",
+	"spec": "1576739342ccf11c8fea91e78be37924",
+	"manifest": "0e904005f4356f628a2176a91670175b",
+	"setup": "d4d20857c97229ce3780357bcd6dc398",
 	"schemas": [
 		{
 			"identifier": "get_observables/schema.py",
@@ -29,15 +29,15 @@
 		},
 		{
 			"identifier": "submit_file/schema.py",
-			"hash": "537ca82c6dccadf7a42dc5c72061eebd"
+			"hash": "68083bab2cdf099153389d44800b3525"
 		},
 		{
 			"identifier": "submit_url/schema.py",
-			"hash": "fa26db80c3600ffe64b9177b83480ff1"
+			"hash": "a74664cf1f65efdca020813ff1a7ac5c"
 		},
 		{
 			"identifier": "connection/schema.py",
-			"hash": "fae4f1ff734ca4b0f9bbd1cd00524e8a"
+			"hash": "fe5e5d18cff1a94ab63863ef795fbf92"
 		}
 	]
 }

plugins/anomali_threatstream/bin/komand_anomali_threatstream

@@ -1,42 +1,56 @@
 #!/usr/bin/env python
 # GENERATED BY KOMAND SDK - DO NOT EDIT
-import komand
-from komand_anomali_threatstream import connection, actions, triggers
-
+import os
+import json
+from sys import argv
 
 Name = "Anomali ThreatStream"
 Vendor = "rapid7"
-Version = "3.1.0"
+Version = "3.1.1"
 Description = "Anomali ThreatStream operationalizes threat intelligence, automating collection and integration that enables security teams to analyze and respond to threats"
 
 
-class ICONAnomaliThreatstream(komand.Plugin):
-    def __init__(self):
-        super(self.__class__, self).__init__(
+def main():
+    if 'http' in argv:
+        if os.environ.get("GUNICORN_CONFIG_FILE"):
+            with open(os.environ.get("GUNICORN_CONFIG_FILE")) as gf:
+                gunicorn_cfg = json.load(gf)
+                if gunicorn_cfg.get("worker_class", "sync") == "gevent":
+                    from gevent import monkey
+                    monkey.patch_all()
+        elif 'gevent' in argv:
+            from gevent import monkey
+            monkey.patch_all()
+
+    import komand
+    from komand_anomali_threatstream import connection, actions, triggers
+
+    class ICONAnomaliThreatstream(komand.Plugin):
+        def __init__(self):
+            super(self.__class__, self).__init__(
                 name=Name,
                 vendor=Vendor,
                 version=Version,
                 description=Description,
                 connection=connection.Connection()
-                )
-        self.add_action(actions.GetObservables())
+            )
+            self.add_action(actions.GetObservables())
 
-        self.add_action(actions.GetSandboxReport())
+            self.add_action(actions.GetSandboxReport())
 
-        self.add_action(actions.ImportObservable())
+            self.add_action(actions.ImportObservable())
 
-        self.add_action(actions.LookupHash())
+            self.add_action(actions.LookupHash())
 
-        self.add_action(actions.LookupIp())
+            self.add_action(actions.LookupIp())
 
-        self.add_action(actions.LookupUrl())
+            self.add_action(actions.LookupUrl())
 
-        self.add_action(actions.SubmitFile())
+            self.add_action(actions.SubmitFile())
 
-        self.add_action(actions.SubmitUrl())
+            self.add_action(actions.SubmitUrl())
 
 
-def main():
     """Run plugin"""
     cli = komand.CLI(ICONAnomaliThreatstream())
     cli.run()