def _handle_test_connectivity(self, param):
# Add an action result object to self (BaseConnector) to represent the action for this param
action_result = self.add_action_result(ActionResult(dict(param)))
# NOTE: test connectivity does _NOT_ take any parameters
# i.e. the param dictionary passed to this handler will be empty.
# Also typically it does not add any data into an action_result either.
# The status and progress messages are more important.
# This code is similar to on_poll() with overriding logtypes with cloudsummary and all the data descarded
# HACK Skip the actual API call to poll by setting APP_SUCCESS if needed
ret_val, response = RetVal(action_result.set_status(phantom.APP_ERROR),
{})
if phantom.is_fail(ret_val):
# Multiple rest requests below, each one containing multiple log events
status = bgapi(self).PollLogs(conf, [u'cloudsummary'])
ret_val, response = RetVal(
action_result.set_status(phantom.APP_SUCCESS if status['last'].
ok() else phantom.APP_ERROR),
status['last'].lastRes.json() if status['last'].ok() else None)
if phantom.is_fail(ret_val):
self.save_progress("Test Connectivity Failed.")
return action_result.get_status()
# Return success
self.save_progress("Test Connectivity Passed")
return action_result.set_status(phantom.APP_SUCCESS)
def _handle_on_poll(self, param):
""" NOTE The action name 'on_poll' is magic and makes the 'Ingest Settings' tab appear in the asset settings
"""
# self._print_debug('_handle_on_poll')
# Add an action result object to self (BaseConnector) to represent the action for this param
action_result = self.add_action_result(ActionResult(dict(param)))
# No usable params defined, they are supplied by asset
# param['xyz']
# HACK Skip the actual API call to poll by setting APP_SUCCESS if needed
ret_val, response = RetVal(action_result.set_status(phantom.APP_ERROR),
{})
if phantom.is_fail(ret_val):
# Multiple rest requests below, each one containing multiple log events
status = bgapi(self).PollLogs(conf)
ret_val, response = RetVal(
action_result.set_status(phantom.APP_SUCCESS if status['last'].
ok() else phantom.APP_ERROR),
# NOTE An empty data set is returned (drained). Also see comments below
status['last'].lastRes.json() if status['last'].ok() else None)
# Even if an error returned, treat it as successful as long as at least one rest call was successful
# (as would be reflected in lastlog.json) to avoid losing any data
res, msg, cid = self._save_new_container(action_result,
self.newMatches)
self.save_progress(
"S4ve_container (with artifacts) returns, value: {0}, reason: {1}, id: {2}"
.format(res, msg, cid))
if phantom.is_fail(ret_val):
if cid == 0:
return action_result.get_status()
else:
# Some (one or more requests) data was recieved but it failed in a subsequent request
# Return success for consistency. The data failed being retrieved will be retrieved later
return action_result.set_status(phantom.APP_SUCCESS)
# This would contain empty data (the last empty request) as a side effect of logeventdaemon implementation
# and BG API not having 'data done' hint so ending up with empty data set in the last successful request
# Fortunately, we don't care as it doesn't look like using this under polling is needed
# action_result.add_data(response)
# It seems the following (?? why multiple objects) are set automatically, no need to add:
# summary.total_objects
# summary.total_objects_successful
# Return summary? - Not for polling ingestion!
# summary = action_result.update_summary(msg)
# Return success, no need to set the message, only the status
return action_result.set_status(phantom.APP_SUCCESS)
def _make_rest_call(self,
url,
endpoint,
action_result,
method="get",
**kwargs):
# **kwargs can be any additional parameters that requests.request accepts
resp_json = None
try:
resp_json, r = bgapi().RestCall(endpoint, kwargs['params'])
except Exception as ex:
return RetVal(
action_result.set_status(
phantom.APP_ERROR,
"Error Connecting to server. Details: {0}".format(
str(ex))), None)
return self._process_response(r, action_result)
def _callBitglassApi(self, _type, action, param, params):
# Add an action result object to self (BaseConnector) to represent the action for this param
action_result = self.add_action_result(ActionResult(dict(param)))
if params:
# Make rest call
url, endpoint = bgapi().RestParamsConfig(None, '1', _type, action)
ret_val, response = self._make_rest_call(url,
endpoint,
action_result,
params=params,
headers=None)
if phantom.is_fail(ret_val):
return action_result.get_status()
# Add JSON data
action_result.add_data(response)
# Return success, no need to set the message, only the status
# BaseConnector will create a textual message based off of the summary dictionary
return action_result.set_status(phantom.APP_SUCCESS)
def initialize(self):
global conf
# Load the state in initialize, use it to store data
# that needs to be accessed across actions
self._state = self.load_state()
# TODO self.datapath would be None as the rule is executed separately! So default for
# the same (well-defined, without uuids) path for now.. The uuid is available in bitglass.json as appid
# Do not parse command line params on a real Phantom instance as it has custom Python runtime (missing sys.argv)
conf = bgapi(self).Initialize(self.datapath, skipArgs=True)
"""
# Access values in asset config by the name
# Required values can be accessed directly
required_config_name = config['required_config_name']
# Optional values should use the .get() function
optional_config_name = config.get('optional_config_name')
"""
return phantom.APP_SUCCESS