def run(self, params={}):
comment = params.get(Input.COMMENT)
if not comment:
comment = None
domain = params.get(Input.DOMAIN)
try:
self.logger.info(f"Looking up domain: {domain}")
return {
Output.DATA:
insightconnect_plugin_runtime.helper.clean(
self.connection.client.make_request(
Endpoint.lookup_domain(self.get_domain(domain)),
{
"fields": AvailableInputs.DomainFields,
"comment": comment
},
).get("data"))
}
except AttributeError as e:
raise PluginException(
cause="Recorded Future returned an unexpected response.",
assistance=
"Please check that the provided inputs are correct and try again.",
data=e,
)
def run(self, params={}):
try:
return {
Output.RISK_RULES: self.connection.client.make_request(Endpoint.list_hash_risk_rules())
.get("data", {})
.get("results")
}
except AttributeError as e:
raise PluginException(preset=PluginException.Preset.UNKNOWN, data=e)
def run(self, params={}):
query_params = {"format": "xml/stix/1.2", "gzip": "false"}
risk_list = AvailableInputs.HashRiskRuleMap.get(params.get(Input.LIST))
if risk_list:
query_params[Input.LIST] = risk_list
return {
Output.RISK_LIST:
self.connection.client.make_request(
Endpoint.download_hash_risk_list(), query_params)
}
def run(self, params={}):
try:
return {
Output.ALERT: insightconnect_plugin_runtime.helper.clean(
self.connection.client.make_request(Endpoint.lookup_alert(params.get(Input.ALERT_ID))).get("data")
)
}
except AttributeError as e:
raise PluginException(
cause="Recorded Future returned unexpected response.",
assistance="Please check that the provided input is correct and try again.",
data=e,
)
def run(self, params={}):
try:
return {
Output.ENTITIES: insightconnect_plugin_runtime.helper.clean(
self.connection.client.make_request(Endpoint.search_entity_lists(), params)
.get("data", {})
.get("results")
)
}
except AttributeError as e:
raise PluginException(
cause="Recorded Future returned unexpected response.",
assistance="Please check that the provided inputs are correct and try again.",
data=e,
)
def run(self, params={}):
try:
return {
Output.DATA:
insightconnect_plugin_runtime.helper.clean(
self.connection.client.make_request(
Endpoint.lookup_malware(params.get(Input.MALWARE_ID)),
{
"fields": AvailableInputs.MalwareFields
}).get("data"))
}
except AttributeError as e:
raise PluginException(
cause="Recorded Future returned unexpected response.",
assistance=
"Please check that the provided input is correct and try again.",
data=e,
)
def run(self, params={}):
vulnerability_id = params.get(Input.ID)
if vulnerability_id.lower().startswith("cve-"):
vulnerability_id = vulnerability_id.upper()
try:
return {
Output.DATA:
insightconnect_plugin_runtime.helper.clean(
self.connection.client.make_request(
Endpoint.lookup_vulnerability(vulnerability_id), {
"fields": AvailableInputs.VulnerabilityFields
}).get("data"))
}
except AttributeError as e:
raise PluginException(
cause="Recorded Future returned unexpected response.",
assistance=
"Please check that the provided input is correct and try again.",
data=e,
)
def run(self, params={}):
params["fields"] = AvailableInputs.VulnerabilityFields
risk_rule = AvailableInputs.VulnerabilityRiskRuleMap.get(params.get(Input.RISKRULE))
if risk_rule:
params[Input.RISKRULE] = risk_rule
else:
params[Input.RISKRULE] = None
try:
return {
Output.DATA: insightconnect_plugin_runtime.helper.clean(
self.connection.client.make_request(Endpoint.search_vulnerabilities(), params)
.get("data", {})
.get("results")
)
}
except AttributeError as e:
raise PluginException(
cause="Recorded Future returned unexpected response.",
assistance="Please check that the provided inputs are correct and try again.",
data=e,
)
def run(self, params={}):
interval = params.get(Input.FREQUENCY)
now = datetime.now()
while True:
then = now
now = datetime.now()
# triggered = [2017 - 07 - 30,)
# // same as 7 / 30 / 2017 <= triggered
params = {"triggered": f"[{then.isoformat()},]"}
alerts = insightconnect_plugin_runtime.helper.clean(
self.connection.client.make_request(Endpoint.search_alerts(), params).get("data").get("results")
)
for alert in alerts:
self.send({Output.ALERT: alert})
else:
self.logger.info("No new alerts found.")
self.logger.info(f"Sleeping for {interval}")
time.sleep(interval)
def run(self, params={}):
comment = params.get(Input.COMMENT)
if not comment:
comment = None
try:
return {
Output.DATA:
insightconnect_plugin_runtime.helper.clean(
self.connection.client.make_request(
Endpoint.lookup_hash(params.get(Input.HASH)),
{
"fields": AvailableInputs.HashFields,
"comment": comment
},
).get("data"))
}
except AttributeError as e:
raise PluginException(
cause="Recorded Future returned unexpected response.",
assistance=
"Please check that the provided inputs are correct and try again.",
data=e,
)