def run(self, params={}): # This action is supported in API v2.1 but not 2.0 if self.connection.api_version == "2.0": raise PluginException( cause="Endpoint not found.", assistance= "This action is not supported in SentinelOne API v2.0. Verify that your SentinelOne console supports " "SentinelOne API v2.1 and try again.", ) response = self.connection.agents_summary( Helper.join_or_empty(params.get(Input.SITE_IDS, [])), Helper.join_or_empty(params.get(Input.ACCOUNT_IDS, [])), ) data = response.get("data", {}) return { Output.DECOMMISSIONED: data.get("decommissioned", 0), Output.INFECTED: data.get("infected", 0), Output.OUT_OF_DATE: data.get("outOfDate", 0), Output.ONLINE: data.get("online", 0), Output.TOTAL: data.get("total", 0), Output.UP_TO_DATE: data.get("upToDate", 0), }
def run(self, params={}): response = self.connection.activities_list({ "groupIds": Helper.join_or_empty(params.get(Input.GROUP_IDS, [])), "includeHidden": params.get(Input.INCLUDE_HIDDEN, False), "skip": params.get(Input.SKIP, None), "siteIds": Helper.join_or_empty(params.get(Input.SITE_IDS, [])), "agentIds": Helper.join_or_empty(params.get(Input.AGENT_IDS, [])), "skipCount": params.get(Input.SKIP_COUNT, False), "ids": Helper.join_or_empty(params.get(Input.IDS, [])), "createdAt__lt": params.get(Input.CREATED_AT_LT, None), "createdAt__lte": params.get(Input.CREATED_AT_LTE, None), "cursor": params.get(Input.CURSOR, None), "countOnly": params.get(Input.COUNT_ONLY, False), "accountIds": Helper.join_or_empty(params.get(Input.ACCOUNT_IDS, [])), "limit": params.get(Input.LIMIT, 10), "sortBy": params.get(Input.SORT_BY, None), "createdAt__gt": params.get(Input.CREATED_AT_GT, None), "createdAt__between": params.get(Input.CREATED_AT_BETWEEN, None), "activityTypes": Helper.join_or_empty(params.get(Input.ACTIVITY_TYPES, [])), "threatIds": Helper.join_or_empty(params.get(Input.THREAT_IDS, [])), "sortOrder": params.get(Input.SORT_ORDER, None), "userEmails": Helper.join_or_empty(params.get(Input.USER_EMAILS, [])), "userIds": Helper.join_or_empty(params.get(Input.USER_IDS, [])), "createdAt__gte": params.get(Input.CREATED_AT_GTE, None), }) data = [] if Output.DATA in response: for i in response.get(Output.DATA): data.append(komand.helper.clean_dict(i)) return { Output.DATA: data, Output.PAGINATION: response.get(Output.PAGINATION), }
def run(self, params={}): response = self.connection.agents_summary( Helper.join_or_empty(params.get(Input.SITE_IDS, [])), Helper.join_or_empty(params.get(Input.ACCOUNT_IDS, [])), ) return { Output.DECOMMISSIONED: response.get("decommissioned", 0), Output.INFECTED: response.get("infected", 0), Output.OUT_OF_DATE: response.get("outOfDate", 0), Output.ONLINE: response.get("online", 0), Output.TOTAL: response.get("total", 0), Output.UP_TO_DATE: response.get("upToDate", 0), }
def run(self, params={}): response = self.connection.agents_processes( Helper.join_or_empty(params.get(Input.IDS, []))) data = [] if "data" in response: for i in response.get("data"): data.append(komand.helper.clean_dict(i)) return {Output.AGENTS_PROCESSES: data}
def run(self, params={}): response = self.connection.apps_by_agent_ids( Helper.join_or_empty(params.get(Input.IDS, []))) data = [] if Output.DATA in response: for i in response.get(Output.DATA): data.append(insightconnect_plugin_runtime.helper.clean_dict(i)) return {Output.DATA: data}
def get_existing_blacklist(self, blacklist_hash: str): ids = self.get_item_ids_by_hash(blacklist_hash) ids = Helper.join_or_empty(ids) if not ids: return False response = self._call_api("GET", "restrictions", params={ "type": "black_hash", "ids": ids, }) existing_os_types = [] for blacklist_entry in response.get("data", []): existing_os_types.append(blacklist_entry.get("osType")) return set(existing_os_types) == {"linux", "windows", "macos"}
def run(self, params={}): response = self.connection.activities_list({ "groupIds": Helper.join_or_empty(params.get(Input.GROUP_IDS, [])), "includeHidden": params.get(Input.INCLUDE_HIDDEN, False), "skip": params.get(Input.SKIP, None), "siteIds": Helper.join_or_empty(params.get(Input.SITE_IDS, [])), "agentIds": Helper.join_or_empty(params.get(Input.AGENT_IDS, [])), "skipCount": params.get(Input.SKIP_COUNT, False), "ids": Helper.join_or_empty(params.get(Input.IDS, [])), "createdAt__lt": params.get(Input.CREATED_AT_LT, None), "createdAt__lte": params.get(Input.CREATED_AT_LTE, None), "countOnly": params.get(Input.COUNT_ONLY, False), "accountIds": Helper.join_or_empty(params.get(Input.ACCOUNT_IDS, [])), "limit": params.get(Input.LIMIT, 1000), "sortBy": params.get(Input.SORT_BY, None), "createdAt__gt": params.get(Input.CREATED_AT_GT, None), "createdAt__between": params.get(Input.CREATED_AT_BETWEEN, None), "activityTypes": Helper.join_or_empty(params.get(Input.ACTIVITY_TYPES, [])), "threatIds": Helper.join_or_empty(params.get(Input.THREAT_IDS, [])), "sortOrder": params.get(Input.SORT_ORDER, None), "userEmails": Helper.join_or_empty(params.get(Input.USER_EMAILS, [])), "userIds": Helper.join_or_empty(params.get(Input.USER_IDS, [])), "createdAt__gte": params.get(Input.CREATED_AT_GTE, None), }) data = [] self.add_to_data(data, response) limit = params.get(Input.LIMIT, 1000) pagination = response.get("pagination") next_cursor = pagination.get("nextCursor") while next_cursor and not limit: response = self.connection.activities_list({ "cursor": next_cursor, }) data = self.add_to_data(data, response) pagination = response.get("pagination") next_cursor = pagination.get("nextCursor") return {Output.DATA: data}