def run(self, params={}): comment = params.get(Input.COMMENT) if not comment: comment = None domain = params.get(Input.DOMAIN) try: self.logger.info(f"Looking up domain: {domain}") return { Output.DATA: insightconnect_plugin_runtime.helper.clean( self.connection.client.make_request( Endpoint.lookup_domain(self.get_domain(domain)), { "fields": AvailableInputs.DomainFields, "comment": comment }, ).get("data")) } except AttributeError as e: raise PluginException( cause="Recorded Future returned an unexpected response.", assistance= "Please check that the provided inputs are correct and try again.", data=e, )
def run(self, params={}): try: return { Output.RISK_RULES: self.connection.client.make_request(Endpoint.list_hash_risk_rules()) .get("data", {}) .get("results") } except AttributeError as e: raise PluginException(preset=PluginException.Preset.UNKNOWN, data=e)
def run(self, params={}): query_params = {"format": "xml/stix/1.2", "gzip": "false"} risk_list = AvailableInputs.HashRiskRuleMap.get(params.get(Input.LIST)) if risk_list: query_params[Input.LIST] = risk_list return { Output.RISK_LIST: self.connection.client.make_request( Endpoint.download_hash_risk_list(), query_params) }
def run(self, params={}): try: return { Output.ALERT: insightconnect_plugin_runtime.helper.clean( self.connection.client.make_request(Endpoint.lookup_alert(params.get(Input.ALERT_ID))).get("data") ) } except AttributeError as e: raise PluginException( cause="Recorded Future returned unexpected response.", assistance="Please check that the provided input is correct and try again.", data=e, )
def run(self, params={}): try: return { Output.ENTITIES: insightconnect_plugin_runtime.helper.clean( self.connection.client.make_request(Endpoint.search_entity_lists(), params) .get("data", {}) .get("results") ) } except AttributeError as e: raise PluginException( cause="Recorded Future returned unexpected response.", assistance="Please check that the provided inputs are correct and try again.", data=e, )
def run(self, params={}): try: return { Output.DATA: insightconnect_plugin_runtime.helper.clean( self.connection.client.make_request( Endpoint.lookup_malware(params.get(Input.MALWARE_ID)), { "fields": AvailableInputs.MalwareFields }).get("data")) } except AttributeError as e: raise PluginException( cause="Recorded Future returned unexpected response.", assistance= "Please check that the provided input is correct and try again.", data=e, )
def run(self, params={}): vulnerability_id = params.get(Input.ID) if vulnerability_id.lower().startswith("cve-"): vulnerability_id = vulnerability_id.upper() try: return { Output.DATA: insightconnect_plugin_runtime.helper.clean( self.connection.client.make_request( Endpoint.lookup_vulnerability(vulnerability_id), { "fields": AvailableInputs.VulnerabilityFields }).get("data")) } except AttributeError as e: raise PluginException( cause="Recorded Future returned unexpected response.", assistance= "Please check that the provided input is correct and try again.", data=e, )
def run(self, params={}): params["fields"] = AvailableInputs.VulnerabilityFields risk_rule = AvailableInputs.VulnerabilityRiskRuleMap.get(params.get(Input.RISKRULE)) if risk_rule: params[Input.RISKRULE] = risk_rule else: params[Input.RISKRULE] = None try: return { Output.DATA: insightconnect_plugin_runtime.helper.clean( self.connection.client.make_request(Endpoint.search_vulnerabilities(), params) .get("data", {}) .get("results") ) } except AttributeError as e: raise PluginException( cause="Recorded Future returned unexpected response.", assistance="Please check that the provided inputs are correct and try again.", data=e, )
def run(self, params={}): interval = params.get(Input.FREQUENCY) now = datetime.now() while True: then = now now = datetime.now() # triggered = [2017 - 07 - 30,) # // same as 7 / 30 / 2017 <= triggered params = {"triggered": f"[{then.isoformat()},]"} alerts = insightconnect_plugin_runtime.helper.clean( self.connection.client.make_request(Endpoint.search_alerts(), params).get("data").get("results") ) for alert in alerts: self.send({Output.ALERT: alert}) else: self.logger.info("No new alerts found.") self.logger.info(f"Sleeping for {interval}") time.sleep(interval)
def run(self, params={}): comment = params.get(Input.COMMENT) if not comment: comment = None try: return { Output.DATA: insightconnect_plugin_runtime.helper.clean( self.connection.client.make_request( Endpoint.lookup_hash(params.get(Input.HASH)), { "fields": AvailableInputs.HashFields, "comment": comment }, ).get("data")) } except AttributeError as e: raise PluginException( cause="Recorded Future returned unexpected response.", assistance= "Please check that the provided inputs are correct and try again.", data=e, )