def _get_html_text(self, param):
self.debug_print('_get_html_text() called.')
# Add an action result to the App Run
action_result = ActionResult(dict(param))
self.add_action_result(action_result)
# Get the data from the params to parse
data = param[BS4_SOURCE_STRING]
if not data:
action_result.set_status(phantom.APP_ERROR, '', e)
return action_result.get_status()
try:
parsed_html = BeautifulSoup(data, 'html.parser')
plain_text = parsed_html.get_text()
# .encode('ascii', 'ignore')
# self.debug_print('soup text - {}'.format(plain_text))
action_result.add_data(plain_text)
action_result.set_status(phantom.APP_SUCCESS)
except Exception as e:
action_result.set_status(phantom.APP_ERROR, '', e)
return action_result.get_status()
return action_result.get_status()
def _handle_getIndicators(self, param):
self.debug_print("param", param)
# Add an action result to the App Run
action_result = ActionResult(dict(param))
self.add_action_result(action_result)
try:
# Attempt to log into server
self.save_progress("Logging in...")
msg, client = self.login()
cybereason_data = client.getIndicators()
except:
action_result.set_status(phantom.APP_ERROR, "Error")
return action_result.get_status()
# The data is returned in a list format, so
# this extracts the data from the list, and formats it into a
# dictionary object where it can be added to the "action_result" object
for i in cybereason_data:
i = json.dumps(i, default=_json_fallback)
i = json.loads(i)
action_result.add_data(i)
# set_status updates the current status and outputs to "message"
action_result.set_status(phantom.APP_SUCCESS, "Successfully grabbed data.")
return action_result.get_status()
def _get_html_urls(self, param):
self.debug_print('_get_urls() called.')
# Add an action result to the App Run
action_result = ActionResult(dict(param))
self.add_action_result(action_result)
# Get the data from the params to parse
data = param[BS4_SOURCE_STRING]
urls = []
if not data:
action_result.set_status(phantom.APP_ERROR, '', e)
return action_result.get_status()
try:
parsed_html = BeautifulSoup(data, "html.parser")
for link in parsed_html.find_all('a'):
urls.append(link.get('href'))
action_result.add_data(urls)
action_result.set_status(phantom.APP_SUCCESS)
except Exception as e:
action_result.set_status(phantom.APP_ERROR, '', e)
return action_result.get_status()
return action_result.get_status()
def _list_policies(self, param):
action_result = ActionResult(dict(param))
self.add_action_result(action_result)
# gets the full information for the Nessus policies
ret_val, list_policies = self._make_rest_call('policies/',
action_result)
if (phantom.is_fail(ret_val)):
return action_result.get_status()
policies = list_policies.get('policies', [])
if (type(policies) != list):
policies = [policies]
policy_counter = 0
for curr_item in policies:
action_result.add_data(curr_item)
if curr_item.get("id"):
policy_counter = policy_counter + 1
# creates an empty list to add the summary elements to
summary = action_result.update_summary({})
summary['policy_count'] = policy_counter
action_result.set_status(phantom.APP_SUCCESS)
return action_result.get_status()
def _find_strings(self, param):
self.debug_print('_find_string() called.')
# Add an action result to the App Run
action_result = ActionResult(dict(param))
self.add_action_result(action_result)
# Get the data from the params to parse
data = param[BS4_SOURCE_STRING]
search_string = param[BS4_SEARCH_STRING]
strings = []
if not data:
action_result.set_status(phantom.APP_ERROR, '', e)
return action_result.get_status()
try:
parsed_html = BeautifulSoup(data, "html.parser")
for link in parsed_html.find_all():
self.debug_print('link -- {}'.format(link.find(search_string)))
if link.find(search_string) != -1:
strings.append(link)
self.debug_print('data raw - {}'.format(
parsed_html.find_all(search_string)))
self.debug_print('strings - {}'.format(strings))
action_result.add_data(strings)
action_result.set_status(phantom.APP_SUCCESS)
except Exception as e:
action_result.set_status(phantom.APP_ERROR, '', e)
return action_result.get_status()
return action_result.get_status()
def get_intel_incident_ioc_by_id(self, param):
action_result = ActionResult(dict(param))
self._connector.add_action_result(action_result)
param_types = None if 'types' not in param else param.get(
'types').split(',')
try:
intelligence_incident_service = IntelligenceIncidentService(
self._ds_api_key, self._ds_api_secret_key)
intelligence_incident_view = IntelligenceIncidentService.intelligence_incident_ioc_view(
types=param_types)
except Exception as e:
error_message = self._handle_exception_object.get_error_message_from_exception(
e)
return action_result.set_status(
phantom.APP_ERROR, "{0} {1}".format(SERVICE_ERR_MSG,
error_message))
intel_incident_id = param['intel_incident_id']
# validate 'intel_incident_id' action parameter
ret_val, intel_incident_id = self._handle_exception_object.validate_integer(
action_result, intel_incident_id, INTEL_INCIDENT_ID_KEY)
if phantom.is_fail(ret_val):
return action_result.get_status()
try:
intelligence_incident_ioc_pages = intelligence_incident_service.find_intel_incident_ioc_by_id(
intel_incident_id=intel_incident_id,
view=intelligence_incident_view)
intelligence_incident_ioc_total = len(
intelligence_incident_ioc_pages)
self._connector.save_progress(
"II IoC Total: {}".format(intelligence_incident_ioc_total))
except StopIteration:
error_message = 'No Incident review objects retrieved from the Digital Shadows API'
return action_result.set_status(
phantom.APP_ERROR, "Error Details: {0}".format(error_message))
except Exception as e:
error_message = self._handle_exception_object.get_error_message_from_exception(
e)
return action_result.set_status(
phantom.APP_ERROR,
"Error Connecting to server. {}".format(error_message))
if intelligence_incident_ioc_total > 0:
summary = {
'intelligence_incident_ioc_count':
intelligence_incident_ioc_total,
'intelligence_incident_ioc_found': True
}
action_result.update_summary(summary)
for intelligence_incident_ioc_page in intelligence_incident_ioc_pages:
for intelligence_incident_ioc in intelligence_incident_ioc_page:
self._connector.save_progress("loop id: {}".format(
intelligence_incident_ioc.payload))
action_result.add_data(intelligence_incident_ioc.payload)
action_result.set_status(phantom.APP_SUCCESS,
DS_GET_INTELLIGENCE_INCIDENT_SUCCESS)
return action_result.get_status()
def _find_string(self, param):
self.debug_print('{}'.format(inspect.stack()[0][3]))
# Add an action result to the App Run
action_result = ActionResult(dict(param))
self.add_action_result(action_result)
try:
searchString = param[PYTHONUTILITIES_SEARCH_STRING]
sourceString = param[PYTHONUTILITIES_SOURCE_STRING]
start = 0
end = len(sourceString)
if PYTHONUTILITIES_SOURCE_STRING_START in param:
start = int(param[PYTHONUTILITIES_SOURCE_STRING_START])
if PYTHONUTILITIES_SOURCE_STRING_END in param:
end = int(param[PYTHONUTILITIES_SOURCE_STRING_END])
results_dict = {}
result_index = sourceString.find(searchString, start, end)
results_dict.update({'search_string_index': result_index})
action_result.add_data(results_dict)
action_result.set_status(phantom.APP_SUCCESS)
except Exception as e:
action_result.set_status(phantom.APP_ERROR, '', e)
return action_result.get_status()
return action_result.get_status()
def _get_substring(self, param):
self.debug_print('{}'.format(inspect.stack()[0][3]))
# Add an action result to the App Run
action_result = ActionResult(dict(param))
self.add_action_result(action_result)
try:
# Find a better way to validate the inputs. Especially if they are left blank.
sourceString = param[PYTHONUTILITIES_SOURCE_STRING]
start = 0
end = len(sourceString) - 1
step = 1
if PYTHONUTILITIES_SOURCE_STRING_START in param:
start = int(param[PYTHONUTILITIES_SOURCE_STRING_START])
if PYTHONUTILITIES_SOURCE_STRING_END in param:
end = int(param[PYTHONUTILITIES_SOURCE_STRING_END])
if PYTHONUTILITIES_SOURCE_STRING_STEP in param:
step = int(param[PYTHONUTILITIES_SOURCE_STRING_STEP])
self.debug_print('string {}, start {}, end {}'.format(
sourceString, start, end))
sub_dict = {'substring': sourceString[start:end:step]}
self.debug_print('substring {}'.format(sub_dict))
action_result.add_data(sub_dict)
action_result.set_status(phantom.APP_SUCCESS)
except Exception as e:
action_result.set_status(phantom.APP_ERROR, '', e)
return action_result.get_status()
return action_result.get_status()
def post_incident_review(self, param):
action_result = ActionResult(dict(param))
self._connector.add_action_result(action_result)
try:
incident_service = IncidentService(self._ds_api_key,
self._ds_api_secret_key)
except Exception as e:
error_message = self._handle_exception_object.get_error_message_from_exception(
e)
return action_result.set_status(
phantom.APP_ERROR, "{0} {1}".format(SERVICE_ERR_MSG,
error_message))
incident_id = param.get('incident_id')
# validate 'incident_id' action parameter
ret_val, incident_id = self._handle_exception_object.validate_integer(
action_result, incident_id, INCIDENT_ID_KEY)
if phantom.is_fail(ret_val):
return action_result.get_status()
post_data = {
'note': param.get('review_note'),
'status': param.get('review_status')
}
self._connector.save_progress("post_data: {}".format(post_data))
try:
response = incident_service.post_incident_review(
post_data, incident_id=incident_id)
except Exception as e:
error_message = self._handle_exception_object.get_error_message_from_exception(
e)
return action_result.set_status(
phantom.APP_ERROR,
"Error Connecting to server. {0}".format(error_message))
self._connector.save_progress("response: {}".format(response))
try:
summary = {
'incident_reviews_status_code': response['status'],
'incident_reviews_message': response['message']
}
action_result.update_summary(summary)
action_result.add_data(response['content'][0])
if response['message'] == "SUCCESS":
action_result.set_status(
phantom.APP_SUCCESS,
"Digital Shadows Incident review posted successfully")
else:
action_result.set_status(
phantom.APP_SUCCESS,
"Error in incident review post request")
except Exception as e:
error_message = self._handle_exception_object.get_error_message_from_exception(
e)
return action_result.set_status(
phantom.APP_ERROR,
"Error occurred while fetching data from response. {}".format(
error_message))
return action_result.get_status()
def get_data_breach_record_by_id(self, param):
action_result = ActionResult(dict(param))
self._connector.add_action_result(action_result)
try:
breach_record_service = DataBreachRecordService(
self._ds_api_key, self._ds_api_secret_key)
except Exception as e:
error_message = self._handle_exception_object.get_error_message_from_exception(
e)
return action_result.set_status(
phantom.APP_ERROR, "{0} {1}".format(SERVICE_ERR_MSG,
error_message))
breach_id = param['breach_id']
# validate 'breach_id' action parameter
ret_val, breach_id = self._handle_exception_object.validate_integer(
action_result, breach_id, BREACH_ID_KEY)
if phantom.is_fail(ret_val):
return action_result.get_status()
try:
breach_record_pages = breach_record_service.find_all_pages(
breach_id)
breach_record_total = len(breach_record_pages)
except StopIteration:
error_message = 'No data breach record retrieved from the Digital Shadows API in page groups'
return action_result.set_status(
phantom.APP_ERROR, "Error Details: {0}".format(error_message))
except Exception as e:
error_message = self._handle_exception_object.get_error_message_from_exception(
e)
return action_result.set_status(
phantom.APP_ERROR,
"Error Connecting to server. {}".format(error_message))
if breach_record_total > 0:
summary = {
'data_breach_record_count': breach_record_total,
'data_breach_record_found': True
}
action_result.update_summary(summary)
for breach_record_page in breach_record_pages:
for breach_record in breach_record_page:
action_result.add_data(breach_record.payload)
action_result.set_status(
phantom.APP_SUCCESS,
"Digital Shadows data breach records fetched")
else:
summary = {
'data_breach_record_count': 0,
'data_breach_record_found': False
}
action_result.update_summary(summary)
action_result.set_status(
phantom.APP_SUCCESS,
"Data breach record not found in Digital Shadows")
return action_result.get_status()
def _split_string(self, param):
self.debug_print('{}'.format(inspect.stack()[0][3]))
# Add an action result to the App Run
action_result = ActionResult(dict(param))
self.add_action_result(action_result)
try:
source_string = param[PYTHONUTILITIES_SOURCE_STRING]
result = source_string.split(PYTHONUTILITIES_SPLIT_VALUE)
action_result.add_data({'list': result})
action_result.set_status(phantom.APP_SUCCESS)
except Exception as e:
action_result.set_status(phantom.APP_ERROR, '', e)
return action_result.get_status()
return action_result.get_status()
def _dictionary_to_list(self, param):
self.debug_print('{}'.format(inspect.stack()[0][3]))
# Add an action result to the App Run
action_result = ActionResult(dict(param))
self.add_action_result(action_result)
try:
dictionary = param[PYTHONUTILITIES_ITEM]
result = dictionary.items()
action_result.add_data({'result': result})
action_result.set_status(phantom.APP_SUCCESS)
except Exception as e:
action_result.set_status(phantom.APP_ERROR, '', e)
return action_result.get_status()
return action_result.get_status()
def _item_length(self, param):
self.debug_print('{}'.format(inspect.stack()[0][3]))
# Add an action result to the App Run
action_result = ActionResult(dict(param))
self.add_action_result(action_result)
try:
user_item = param[PYTHONUTILITIES_ITEM]
result = len(user_item)
action_result.add_data({'length': result})
action_result.set_status(phantom.APP_SUCCESS)
except Exception as e:
action_result.set_status(phantom.APP_ERROR, '', e)
return action_result.get_status()
return action_result.get_status()
def get_data_breach(self, param):
action_result = ActionResult(dict(param))
self._connector.add_action_result(action_result)
date_range = param['date_range']
param_reposted_credentials = None if 'reposted_credentials' not in param else param[
'reposted_credentials'].split(',')
param_severities = None if 'severities' not in param else param.get(
'severities').split(',')
param_statuses = None if 'statuses' not in param else param.get(
'statuses').split(',')
param_user_name = None if 'user_name' not in param else param.get(
'user_name').split(',')
try:
breach_service = DataBreachService(self._ds_api_key,
self._ds_api_secret_key)
breach_view = DataBreachService.data_breach_view(
published=date_range,
reposted_credentials=param_reposted_credentials,
severities=param_severities,
statuses=param_statuses,
username=param_user_name)
except Exception as e:
error_message = self._handle_exception_object.get_error_message_from_exception(
e)
return action_result.set_status(
phantom.APP_ERROR, "{0} {1}".format(SERVICE_ERR_MSG,
error_message))
try:
breach_pages = breach_service.find_all_pages(view=breach_view)
breach_total = len(breach_pages)
except StopIteration:
error_message = 'No DataBreach objects retrieved from the Digital Shadows API in page groups'
return action_result.set_status(
phantom.APP_ERROR, "Error Details: {0}".format(error_message))
except Exception as e:
error_message = self._handle_exception_object.get_error_message_from_exception(
e)
return action_result.set_status(
phantom.APP_ERROR,
"Error Connecting to server. {}".format(error_message))
if breach_total > 0:
summary = {
'data_breach_count': breach_total,
'data_breach_found': True
}
action_result.update_summary(summary)
for breach_page in breach_pages:
for breach in breach_page:
action_result.add_data(breach.payload)
action_result.set_status(phantom.APP_SUCCESS,
DS_GET_BREACH_SUCCESS)
else:
summary = {'data_breach_count': 0, 'data_breach_found': False}
action_result.update_summary(summary)
action_result.set_status(phantom.APP_SUCCESS,
DS_GET_BREACH_NOT_FOUND)
return action_result.get_status()
def lookup_username(self, param):
action_result = ActionResult(dict(param))
self._connector.add_action_result(action_result)
username_to_lookup = param.get('username')
username_service = DataBreachUsernameService(self._ds_api_key,
self._ds_api_secret_key)
view = username_service.data_breach_username_view(
username=username_to_lookup)
found_username = next(
(data_breach_username
for data_breach_username in username_service.find_all(view=view)
if data_breach_username.username == username_to_lookup), None)
if found_username is not None:
summary, data = self._lookup_success(username_to_lookup,
found_username)
action_result.update_summary(summary)
action_result.add_data(data)
action_result.set_status(phantom.APP_SUCCESS,
DS_LOOKUP_USERNAME_SUCCESS)
else:
summary, data = self._lookup_failure(username_to_lookup)
action_result.update_summary(summary)
action_result.add_data(data)
action_result.set_status(phantom.APP_SUCCESS,
DS_LOOKUP_USERNAME_NOT_FOUND)
return action_result.get_status()
def _test_connectivity(self, param):
action_result = ActionResult(dict(param))
self.add_action_result(action_result)
params = dict()
params['url'] = "https://www.screenshotmachine.com"
self.save_progress("Checking to see if Screenshotmachine.com is online...")
params['key'] = self._api_key
# Check if we have a Secret Phrase
if self._api_phrase is None:
params['hash'] = ""
else:
params['hash'] = str(hashlib.md5((params['url'] + self._api_phrase).encode('utf-8')).hexdigest())
params['cacheLimit'] = '0'
ret_val, resp_data = self._make_rest_call('', action_result, params, method='post', stream=True)
if phantom.is_fail(ret_val):
action_result.append_to_message('Test connectivity failed')
return action_result.get_status()
self.save_progress("Test Connectivity Passed")
return action_result.set_status(ret_val, "Test Connectivity Passed")
def _test_asset_connectivity(self, param):
action_result = ActionResult()
self.save_progress(PHISHME_CONNECTION_TEST_MSG)
params = {'threatType': 'malware'}
return_value, json_resp = self._make_rest_call(PHISHME_ENDPOINT, action_result, params=params)
if phantom.is_fail(return_value):
self.save_progress(action_result.get_message())
self.set_status(phantom.APP_ERROR, PHISHME_CONNECTION_TEST_ERR_MSG)
return action_result.get_status()
self.set_status_save_progress(phantom.APP_SUCCESS, PHISHME_CONNECTION_TEST_SUCC_MSG)
return action_result.get_status()
def _test_connectivity(self, param):
action_result = ActionResult()
self.save_progress(DEEPSIGHT_TEST_ENDPOINT)
return_val, json_resp = self._make_rest_call(
DEEPSIGHT_ENDPOINT_USAGE_LIMIT, action_result)
if (phantom.is_fail(return_val)):
self.save_progress(action_result.get_message())
self.set_status(phantom.APP_ERROR,
DEEPSIGHT_TEST_CONNECTIVITY_FAIL)
return action_result.get_status()
self.set_status_save_progress(phantom.APP_SUCCESS,
DEEPSIGHT_TEST_CONNECTIVITY_PASS)
return action_result.get_status()
def _handle_lookup_url(self, param):
action_result = ActionResult(dict(param))
self.add_action_result(action_result)
# check for required input param
url = param["url"]
# build full REST endpoint with Auth signature
# make GET request to CTIX OpenAPI
try:
endpoint = "/search/?Expires={}&AccessID={}&Signature={}&url={}".format(
self._expires, self._access_id,
self._generate_signature(self._access_id, self._secret_key,
self._expires), url)
status_code, response = self._make_request(
"GET", "{}{}".format(self._baseurl, endpoint), self._verify,
action_result)
except Exception as e:
err_msg = self._get_error_message_from_exception(e)
self.save_progress(CYWARE_GET_REQ_FAILED.format(err_msg))
return action_result.set_status(
phantom.APP_ERROR, "URL Lookup failed. {}".format(err_msg))
if phantom.is_fail(status_code):
return action_result.get_status()
# check response status_code
if status_code == 200:
try:
if isinstance(response, list):
response = response[0]
if not isinstance(response, dict):
return action_result.set_status(
phantom.APP_ERROR, CYWARE_RESP_FROM_SERVER_NOT_JSON)
# commit action_result
action_result.set_summary({"message": response['message']})
action_result.add_data(response)
self.save_progress(phantom.APP_SUCCESS,
"URL Lookup Successful")
return action_result.set_status(phantom.APP_SUCCESS,
"URL Lookup Successful")
except Exception as e:
err_msg = self._get_error_message_from_exception(e)
self.save_progress(
CYWARE_ADDING_RESP_DATA_TO_ACTION_RESULT_FAILED.format(
err_msg))
return action_result.set_status(
phantom.APP_ERROR,
CYWARE_ADDING_RESP_DATA_TO_ACTION_RESULT_FAILED.format(
err_msg))
else:
self.save_progress(
CYWARE_GET_REQ_FAILED_WITH_NON_200_STATUS.format(status_code))
return action_result.set_status(
phantom.APP_ERROR,
CYWARE_GET_REQ_FAILED_WITH_NON_200_STATUS.format(status_code))
def _test_connectivity(self, param):
action_result = ActionResult()
self.save_progress(DNSDB_TEST_CONNECTIVITY_MSG)
ret_val, json_resp = self._make_rest_call(
(DNSDB_ENDPOINT_DOMAIN).format(domain=DNSDB_TEST_CONN_DOMAIN),
action_result)
# Forcefully set the status of the BaseConnector to failure, since
# action_result is not added to the BaseConnector.
if (phantom.is_fail(ret_val)):
self.save_progress(action_result.get_message())
self.set_status(phantom.APP_ERROR, DNSDB_TEST_CONN_FAIL)
return action_result.get_status()
self.set_status_save_progress(phantom.APP_SUCCESS,
DNSDB_TEST_CONN_SUCC)
return action_result.get_status()
def _handle_updateIndicators(self, param, choice):
key = str(param['key'])
reputation = str(param['reputation'])
prevention = str(param['prevention'])
comment = "null"
action_result = ActionResult(dict(param))
self.add_action_result(action_result)
try:
# Attempt to log into server
msg, client = self.login()
except:
action_result.set_status(phantom.APP_ERROR, "Unable to login.")
# Formatting the data
if choice:
# REMOVING
remove = 'true'
else:
# ADDING
remove = 'false'
prevention = prevention.lower()
remove = remove.lower()
# Setting up to add the the table widget, must in a list, and must contain dictionary
tempObj = [{'key': key, 'reputation': reputation, 'prevention': prevention, 'comment': comment}]
# Adding to object to action result so it can be read into the table
for i in tempObj:
i = json.dumps(i, default=_json_fallback)
i = json.loads(i)
action_result.add_data(i)
try:
# Updating the cybereason client
client.updateIndicators(key, reputation, prevention, remove)
action_result.set_status(phantom.APP_SUCCESS, "Successful")
except:
action_result.set_status(phantom.APP_ERROR, "Error with updateIndicator function")
return action_result.get_status()
return action_result.get_status()
def get_incident_review_by_id(self, param):
action_result = ActionResult(dict(param))
self._connector.add_action_result(action_result)
incident_id = param['incident_id']
# validate 'incident_id' action parameter
ret_val, incident_id = self._handle_exception_object.validate_integer(
action_result, incident_id, INCIDENT_ID_KEY)
if phantom.is_fail(ret_val):
return action_result.get_status()
try:
incident_service = IncidentService(self._ds_api_key,
self._ds_api_secret_key)
except Exception as e:
error_message = self._handle_exception_object.get_error_message_from_exception(
e)
return action_result.set_status(
phantom.APP_ERROR, "{0} {1}".format(SERVICE_ERR_MSG,
error_message))
try:
incident_reviews = incident_service.find_all_reviews(incident_id)
incident_reviews_total = len(incident_reviews)
except Exception as e:
error_message = self._handle_exception_object.get_error_message_from_exception(
e)
return action_result.set_status(
phantom.APP_ERROR,
"Error Connecting to server. {0}".format(error_message))
if incident_reviews_total > 0:
summary = {
'incident_reviews_count': incident_reviews_total,
'incident_reviews_found': True
}
action_result.update_summary(summary)
for incident_review in incident_reviews:
action_result.add_data(incident_review)
action_result.set_status(
phantom.APP_SUCCESS,
"Digital Shadows incident reviews fetched for the Incident ID: {}"
.format(incident_id))
return action_result.get_status()
def get_data_breach_record_reviews(self, param):
action_result = ActionResult(dict(param))
self._connector.add_action_result(action_result)
try:
breach_record_service = DataBreachRecordService(
self._ds_api_key, self._ds_api_secret_key)
except Exception as e:
error_message = self._handle_exception_object.get_error_message_from_exception(
e)
return action_result.set_status(
phantom.APP_ERROR, "{0} {1}".format(SERVICE_ERR_MSG,
error_message))
breach_record_id = param['breach_record_id']
# validate 'breach_record_id' action parameter
ret_val, breach_record_id = self._handle_exception_object.validate_integer(
action_result, breach_record_id, BREACH_RECORD_ID_KEY)
if phantom.is_fail(ret_val):
return action_result.get_status()
try:
breach_record_reviews = breach_record_service.find_data_breach_record_reviews(
breach_record_id)
breach_record_reviews_total = len(breach_record_reviews)
except Exception as e:
error_message = self._handle_exception_object.get_error_message_from_exception(
e)
return action_result.set_status(
phantom.APP_ERROR,
"Error Connecting to server. {0}".format(error_message))
if breach_record_reviews_total > 0:
summary = {
'breach_record_reviews_count': breach_record_reviews_total,
'breach_record_reviews_found': True
}
action_result.update_summary(summary)
for breach_record_review in breach_record_reviews:
action_result.add_data(breach_record_review)
action_result.set_status(
phantom.APP_SUCCESS,
"Digital Shadows breach record reviews fetched for the Breach Record ID: {}"
.format(breach_record_id))
return action_result.get_status()
def _test_asset_connectivity(self, param):
""" This function tests the connectivity of an asset with given credentials.
:param param: dictionary of input parameters
:return: status phantom.APP_SUCCESS/phantom.APP_ERROR (along with appropriate message)
"""
action_result = ActionResult()
self.save_progress(consts.BMCREMEDY_TEST_CONNECTIVITY_MSG)
self.save_progress("Configured URL: {}".format(self._base_url))
response_status = self._generate_api_token(action_result)
if phantom.is_fail(response_status):
self.save_progress(action_result.get_message())
self.set_status(phantom.APP_ERROR, consts.BMCREMEDY_TEST_CONNECTIVITY_FAIL)
return action_result.get_status()
self.set_status_save_progress(phantom.APP_SUCCESS, consts.BMCREMEDY_TEST_CONNECTIVITY_PASS)
return action_result.get_status()
def _handle_unblock_ip(self, param):
config = self.get_config()
self.debug_print("param", param)
action_result = ActionResult(dict(param))
self.add_action_result(action_result)
url = config[PFSENSE_URL]
ip = param[PFSENSE_INCIDENT_IP]
try:
self.save_progress("Unblock IP {} on pfSense asset at {}".format(
ip, url))
self.pf.unblock_ip(ip)
except Exception as e:
action_result.set_status(phantom.APP_ERROR, PFSENSE_ERR_UNBLOCK, e)
return action_result.get_status()
action_result.set_status(phantom.APP_SUCCESS, PFSENSE_SUCC_UNBLOCK)
return action_result.get_status()
def _test_connectivity(self, param):
action_result = ActionResult()
self.save_progress(SYMANTEC_CONNECTION_TEST_MSG)
response_status = self._generate_api_token(action_result)
if phantom.is_fail(response_status):
self.save_progress(
SYMANTEC_CONNECTION_TEST_INVALID_URL_MSG.format(
url=self._base_url))
self.save_progress(action_result.get_message())
self.set_status(phantom.APP_ERROR,
SYMANTEC_CONNECTION_TEST_ERR_MSG)
return action_result.get_status()
self.set_status_save_progress(phantom.APP_SUCCESS,
SYMANTEC_CONNECTION_TEST_SUCC_MSG)
return action_result.get_status()
def _get_date(self, param):
self.debug_print('{}'.format(inspect.stack()[0][3]))
# Add an action result to the App Run
action_result = ActionResult(dict(param))
self.add_action_result(action_result)
format_string = param.get('format_string', "%A, %d %B %Y %I:%M%p")
# List of local time items
local_dt = datetime.now()
local_iso = local_dt.isocalendar()
local_tt = local_dt.timetuple()
local_time = {
"local_year": local_tt[0],
"local_month": local_tt[1],
"local_day": local_tt[2],
"local_hour": local_tt[3],
"local_minute": local_tt[4],
"local_second": local_tt[5],
"local_weekday": local_tt[6],
"local_day_number": local_tt[7],
"local_tz": local_tt[8],
"local_iso_week": local_iso[1],
"local_iso_weekday": local_iso[2],
"local_custom": local_dt.strftime(format_string)
}
# List of UTC time items
utc_dt = datetime.utcnow()
utc_iso = utc_dt.isocalendar()
utc_tt = utc_dt.timetuple()
utc_time = {
"utc_year": utc_tt[0],
"utc_month": utc_tt[1],
"utc_day": utc_tt[2],
"utc_hour": utc_tt[3],
"utc_minute": utc_tt[4],
"utc_second": utc_tt[5],
"utc_weekday": utc_tt[6],
"utc_day_number": utc_tt[7],
"utc_tz": utc_tt[8],
"utc_iso_week": utc_iso[1],
"utc_iso_weekday": utc_iso[2],
"utc_custom": utc_dt.strftime(format_string)
}
# Add time values to results
action_result.add_data(local_time)
action_result.add_data(utc_time)
action_result.set_status(phantom.APP_SUCCESS)
return action_result.get_status()
def get_data_breach_by_id(self, param):
action_result = ActionResult(dict(param))
self._connector.add_action_result(action_result)
try:
breach_service = DataBreachService(self._ds_api_key,
self._ds_api_secret_key)
except Exception as e:
error_message = self._handle_exception_object.get_error_message_from_exception(
e)
return action_result.set_status(
phantom.APP_ERROR, "{0} {1}".format(SERVICE_ERR_MSG,
error_message))
breach_id = param['breach_id']
# validate 'breach_id' action parameter
ret_val, breach_id = self._handle_exception_object.validate_integer(
action_result, breach_id, BREACH_ID_KEY)
if phantom.is_fail(ret_val):
return action_result.get_status()
try:
breach = breach_service.find_data_breach_by_id(breach_id)
except Exception as e:
error_message = self._handle_exception_object.get_error_message_from_exception(
e)
return action_result.set_status(
phantom.APP_ERROR,
"Error Connecting to server. {0}".format(error_message))
if 'id' in breach:
summary = {'data_breach_count': 1, 'data_breach_found': True}
action_result.update_summary(summary)
action_result.add_data(breach)
action_result.set_status(phantom.APP_SUCCESS,
DS_GET_BREACH_SUCCESS)
else:
summary = {'data_breach_count': 0, 'data_breach_found': False}
action_result.update_summary(summary)
action_result.set_status(phantom.APP_SUCCESS,
DS_GET_BREACH_NOT_FOUND)
return action_result.get_status()
def _test_connectivity(self, param):
"""
Called when the user depresses the test connectivity button on the Phantom UI.
Use a basic query to determine if the device IP/hostname, username and password is correct
"""
action_result = ActionResult()
self.save_progress(FORTIGATE_TEST_CONNECTIVITY_MSG)
self.save_progress("Configured URL: {}".format(self._device))
ret_val = self._login(action_result)
if phantom.is_fail(ret_val):
# self.save_progress("Test Connectivity Failed")
self.save_progress(action_result.get_message())
# return action_result.get_status()
# If SSL is enabled and URL configuration has IP address
if self._verify_server_cert and (phantom.is_ip(self._device)
or self._is_ipv6(self._device)):
# The failure could be due to IP provided in URL instead of hostname
self.save_progress(FORTIGATE_TEST_WARN_MSG)
self.set_status(phantom.APP_ERROR, FORTIGATE_TEST_CONN_FAIL)
return action_result.get_status()
self.save_progress(FORTIGATE_TEST_ENDPOINT_MSG)
# Querying endpoint to check connection to device
status, _ = self._make_rest_call(FORTIGATE_BLOCKED_IPS, action_result)
if phantom.is_fail(status):
self.save_progress(action_result.get_message())
self.set_status(phantom.APP_ERROR, FORTIGATE_TEST_CONN_FAIL)
return action_result.get_status()
self.set_status_save_progress(phantom.APP_SUCCESS,
FORTIGATE_TEST_CONN_SUCC)
return action_result.get_status()
def locate_device(self, param):
"""
Locating client devices means walking a tree based on the API Key. The key is associated with one or more organizations,
an organization can have one or more networks, each network can have multiple devices, and each device can have one or
more client machines. Depending on the timespan specified, you may see differing results. Larger timespans may show the same
client connected to multiple devices. Small timespans, may not return any results.
"""
self.debug_print("%s LOCATE_DEVICE parameters:\n%s" %
(Meraki_Connector.BANNER, param))
action_result = ActionResult(
dict(param)) # Add an action result to the App Run
self.add_action_result(action_result)
try:
param["search_string"] # User left search_string empty
except KeyError:
param["search_string"] = "*"
org_id_list = self.get_org_ids()
for organization in org_id_list:
networks_list = self.get_networks(organization["id"])
for network in networks_list:
device_list = self.get_devices(network["id"])
for device in device_list:
client_list = self.get_clients(device["serial"],
param["timespan"])
for client in client_list:
response = self.build_output_record(
param["search_string"], organization, network,
device, client)
if response:
action_result.add_data(response)
if action_result.get_data_size() > 0:
action_result.set_status(phantom.APP_SUCCESS)
self.set_status_save_progress(
phantom.APP_SUCCESS,
"Returned: %s clients" % action_result.get_data_size())
else:
action_result.set_status(phantom.APP_ERROR)
self.set_status_save_progress(
phantom.APP_ERROR,
"Returned: %s clients" % action_result.get_data_size())
self.debug_print(
"%s Data size: %s" %
(Meraki_Connector.BANNER, action_result.get_data_size()))
return action_result.get_status()
def locate_device(self, param):
"""
Locating client devices means walking a tree based on the API Key. The key is associated with one or more organizations,
an organization can have one or more networks, each network can have multiple devices, and each device can have one or
more client machines. Depending on the timespan specified, you may see differing results. Larger timespans may show the same
client connected to multiple devices. Small timespans, may not return any results.
"""
self.debug_print("%s LOCATE_DEVICE parameters:\n%s" % (Meraki_Connector.BANNER, param))
action_result = ActionResult(dict(param)) # Add an action result to the App Run
self.add_action_result(action_result)
try:
param["search_string"] # User left search_string empty
except KeyError:
param["search_string"] = "*"
org_id_list = self.get_org_ids()
for organization in org_id_list:
networks_list = self.get_networks(organization["id"])
for network in networks_list:
device_list = self.get_devices(network["id"])
for device in device_list:
client_list = self.get_clients(device["serial"], param["timespan"])
for client in client_list:
response = self.build_output_record(param["search_string"], organization, network, device, client)
if response:
action_result.add_data(response)
if action_result.get_data_size() > 0:
action_result.set_status(phantom.APP_SUCCESS)
self.set_status_save_progress(phantom.APP_SUCCESS, "Returned: %s clients" % action_result.get_data_size())
else:
action_result.set_status(phantom.APP_ERROR)
self.set_status_save_progress(phantom.APP_ERROR, "Returned: %s clients" % action_result.get_data_size())
self.debug_print("%s Data size: %s" % (Meraki_Connector.BANNER, action_result.get_data_size()))
return action_result.get_status()
