def test_clean_no_exceptions(): helper.clean({ "one": [1, None, "", { "two": None }, { "three": 3 }], "four": 4 })
def search_threats(self, identifiers): threats = self._call_api( "GET", f"{self.url}/threats/v2?page=1&page_size=100", "threat:list").get("page_items") matching_threats = [] for identifier in identifiers: if match('^[a-fA-F\d]{32}$', identifier): for threat in threats: if identifier.upper() == threat.get('md5'): matching_threats.append(threat) elif match('^[A-Fa-f0-9]{64}$', identifier): for threat in threats: if identifier.upper() == threat.get('sha256'): matching_threats.append(threat) else: for threat in threats: if identifier.upper() == threat.get('name').upper(): matching_threats.append(threat) if len(matching_threats) == 0: raise PluginException( cause="Threat not found.", assistance= f"Unable to find any threats using identifier provided: {identifier}." ) return clean(matching_threats)
def send_request(self, method: str, path: str, params: dict = None, payload: dict = None) -> dict: try: response = self.session.request( method.upper(), "https://api.pagerduty.com" + path, params=params, json=payload, headers=self.headers, ) if response.status_code == 401: raise PluginException(preset=PluginException.Preset.USERNAME_PASSWORD, data=response.text) if response.status_code == 403: raise PluginException(preset=PluginException.Preset.API_KEY, data=response.text) if response.status_code == 404: raise PluginException(preset=PluginException.Preset.NOT_FOUND, data=response.text) if 400 <= response.status_code < 500: raise PluginException( preset=PluginException.Preset.UNKNOWN, data=response.text, ) if response.status_code >= 500: raise PluginException(preset=PluginException.Preset.SERVER_ERROR, data=response.text) if 200 <= response.status_code < 300: return clean(json.loads(response.content)) raise PluginException(preset=PluginException.Preset.UNKNOWN, data=response.text) except json.decoder.JSONDecodeError as e: raise PluginException(preset=PluginException.Preset.INVALID_JSON, data=e) except requests.exceptions.HTTPError as e: raise PluginException(preset=PluginException.Preset.UNKNOWN, data=e)
def get_agent_details(self, agent): devices = [{}] if len(agent) == 36 and match( r"((?:[[\da-fA-F]{8}-([\da-fA-F]{4}-){3}[\da-fA-F]{12}))", agent): devices = [ self._call_api("GET", f"{self.url}/devices/v2/{agent}", "device:read") ] elif match(r"((?:[\da-fA-F]{2}[:\-]){5}[\da-fA-F]{2})", agent): ret = self._call_api("GET", f"{self.url}/devices/v2/macaddress/{agent}", "device:read") if len(ret) > 0: devices = ret else: ret = self._call_api("GET", f"{self.url}/devices/v2/hostname/{agent}", "device:read") if len(ret) > 0: devices = ret if len(devices) > 1: self.logger.info( f"Multiple agents found that matched the query: {devices}. We will act upon the first match." ) return clean(devices[0])
def run(self, params={}): alert_id = params.get(Input.ALERT_ID) try: alert = clean(self.connection.client.alerts.get(alert_id)) except (ThreatStackAPIError, ThreatStackClientError, APIRateLimitError) as e: raise PluginException(cause="An error occurred!", assistance=e) return {Output.ALERT: alert}
def test_clean_not_equal_list_successful(): sample = ["one", {"two": "", "three": None}, {"four": 4}, None] assert sample != helper.clean( ["one", { "two": "", "three": None }, { "four": 4 }, None])
def run(self, params={}): alert_id = params.get(Input.ALERT_ID) try: events = self.connection.client.alerts.events(alert_id=alert_id).get("events", []) except (ThreatStackAPIError, ThreatStackClientError, APIRateLimitError) as e: raise PluginException(cause="An error occurred!", assistance=e) events = clean([self._add_miscellaneous_values(event=event) for event in events]) return {Output.EVENTS: events, Output.COUNT: len(events)}
def test_clean_not_equal_dict_successful(): sample = {"one": [1, None, "", {"two": None}, {"three": 3}], "four": 4} assert sample != helper.clean({ "one": [1, None, "", { "two": None }, { "three": 3 }], "four": 4 })
def run(self, params={}): start = params.get(Input.START) end = params.get(Input.END) try: alerts = clean([alert for alert in self.connection.client.alerts.list(start=start, end=end)]) except (ThreatStackAPIError, ThreatStackClientError, APIRateLimitError) as e: raise PluginException(cause="An error occurred!", assistance=e) return {Output.ALERTS: alerts, Output.COUNT: len(alerts)}
def run(self, params={}): start, end = params.get(Input.START), params.get(Input.END) try: agents = self.connection.client.agents.list(start=start, end=end) except (ThreatStackAPIError, ThreatStackClientError, APIRateLimitError) as e: raise PluginException(cause="An error occurred!", assistance=e) # Consume the generator agents = [clean(agent) for agent in agents] return {Output.AGENTS: agents, Output.COUNT: len(agents)}
def send_request(self, method: str, path: str, params: dict = None, payload: dict = None) -> dict: if payload: payload["apiKey"] = self.api_key try: response = requests.request( method.upper(), urljoin(self.url, path), params=params, json=payload, headers=self.headers, ) if response.status_code == 401: raise PluginException( preset=PluginException.Preset.USERNAME_PASSWORD, data=response.text) if response.status_code == 403: raise PluginException(preset=PluginException.Preset.API_KEY, data=response.text) if response.status_code == 404: raise PluginException(preset=PluginException.Preset.NOT_FOUND, data=response.text) if 400 <= response.status_code < 500: raise PluginException( preset=PluginException.Preset.UNKNOWN, data=response.text, ) if response.status_code >= 500: raise PluginException( preset=PluginException.Preset.SERVER_ERROR, data=response.text) if 200 <= response.status_code < 300: error_message = response.json().get("errorMessage") if error_message: raise PluginException( cause="CheckPhish API Returned as error message.", assistance=f"The error message is: {error_message}", ) return clean(json.loads(response.content)) raise PluginException(preset=PluginException.Preset.UNKNOWN, data=response.text) except json.decoder.JSONDecodeError as e: raise PluginException(preset=PluginException.Preset.INVALID_JSON, data=e) except requests.exceptions.HTTPError as e: raise PluginException(preset=PluginException.Preset.UNKNOWN, data=e)
def run(self, params={}): rule_id, ruleset_id = params.get(Input.RULE_ID), params.get( Input.RULESET_ID) try: rule = clean( self.connection.client.rulesets.rules(ruleset_id=ruleset_id, rule_id=rule_id)) except (ThreatStackAPIError, ThreatStackClientError, APIRateLimitError) as e: raise PluginException(cause="An error occurred!", assistance=e) return {Output.RULE: rule}
def run(self, params={}): query = params.get(Input.AGENT) is_mac = self._is_search_mac_address(query=query) try: if is_mac: match: Optional[Agent] = self.connection.api_client.get_computer(mac_address=query) else: # hostname match: Optional[Agent] = self.connection.api_client.get_computer(computer_name=query) if not match: return {} return {Output.AGENT: clean(match)} except APIException as e: raise PluginException(cause="An error occurred while attempting to get agent details!", assistance=e.message)
def test_clean_equal_list_successful(): sample = ["one", {"two": "", "three": None}, {"four": 4}, None] assert ["one", {}, {"four": 4}] == helper.clean(sample)
def post_service_request(self, payload: dict) -> dict: return clean( self._call_api("POST", "odata/businessobject/servicereqs", json_data=payload))
def model_breaches(self, params): return self._call_api("GET", "modelbreaches", params=clean(params))
def run(self, params={}): result = self.connection.mcafee_atd_api.list_analyzer_profiles() return { Output.PROFILER_RESULTS: helper.clean(result.get("results", [])), Output.SUCCESS: result.get("success", False), }
def post_incident(self, payload: dict) -> dict: return clean( self._call_api("POST", "odata/businessobject/incidents", json_data=payload))
def post_journal_note(self, payload: dict) -> dict: return clean( self._call_api("POST", "odata/businessobject/journal__Notess", json_data=payload))
def update_incident(self, incident_number: str, payload: dict) -> dict: return clean( self._call_api( "PUT", f"odata/businessobject/incidents('{incident_number}')", json_data=payload))