Skip to content

Commit

Permalink
Align credentials stores - part 32 (#27756)
Browse files Browse the repository at this point in the history
* Align credentials stores - part 32

* adding Recorded Future Feed

* fix test

* Bump pack from version FeedCrowdstrikeFalconIntel to 2.1.9.

* revert change

* adding ignore

* removing from conf.json

* fix

* fix test

* cred invalid

---------

Co-authored-by: Content Bot <bot@demisto.com>
  • Loading branch information
maimorag and Content Bot authored Jun 29, 2023
1 parent 9d12058 commit 25bf006
Show file tree
Hide file tree
Showing 18 changed files with 205 additions and 228 deletions.
2 changes: 1 addition & 1 deletion Packs/FeedCrowdstrikeFalconIntel/.pack-ignore
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
[file:FeedCrowdstrikeFalconIntel.yml]
ignore=IN135,IN122,IN145
ignore=IN135,IN122

[file:CrowdStrikeIndicatorFeed.yml]
ignore=IN122
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,12 @@
class Client(BaseClient):

def __init__(self, params):
self._client_id = params.get('client_id')
self._client_secret = params.get('client_secret')
self._client_id = params.get('credentials_client', {}).get('identifier') or params.get('client_id')
self._client_secret = params.get('credentials_client', {}).get('password') or params.get('client_secret')
self._verify_certificate = not demisto.params().get('insecure', False)
self._server_url = params.get('server_url', "https://api.crowdstrike.com/")
if not(self._client_id and self._client_secret):
raise DemistoException('API client ID and API client secret must be provided.')
super().__init__(base_url=self._server_url, verify=self._verify_certificate,
ok_codes=tuple(), proxy=params.get('proxy', False))
self._token = self._get_access_token()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,9 @@ configuration:
type: 8
- display: CrowdStrike API client ID
name: client_id
required: true
required: false
type: 4
hidden : true
- additionalinfo: Indicators from this integration instance will be marked with this reputation.
display: Indicator Reputation
name: feedReputation
Expand Down Expand Up @@ -103,8 +104,15 @@ configuration:
type: 0
- display: CrowdStrike API client secret
name: client_secret
required: true
required: false
type: 4
hidden: true
- display: CrowdStrike API client ID
name: credentials_client
required: false
type: 9
displaypassword: CrowdStrike API client secret
section: Connect
- additionalinfo: "A comma-separated list of the threat actor's target industries. For example: Aerospace,Academic."
display: Filter by the threat actor's target industries.
name: target_industries
Expand Down Expand Up @@ -160,7 +168,7 @@ script:
description: Gets indicators from CrowdStrike Falcon Intel Feed.
execution: false
name: crowdstrike-falcon-intel-get-indicators
dockerimage: demisto/python3:3.10.11.56082
dockerimage: demisto/python3:3.10.12.63474
feed: true
isfetch: false
longRunning: false
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,8 @@ def test_fetch_indicators_with_limit(mocker, requests_mock):
from FeedCrowdstrikeFalconIntel import main
mocker.patch.object(Client, '_get_access_token', return_value='test_token')
mocker.patch.object(demisto, 'command', return_value='fetch-indicators')
mocker.patch.object(demisto, 'params', return_value={'limit': '2'})
mocker.patch.object(demisto, 'params', return_value={'limit': '2', 'credentials_client': {
'identifier': 'test_identifier', 'password': 'test_password'}})
mocker.patch.object(demisto, 'setLastRun')
requests_mock.get(re.compile('.*api.crowdstrike.com.*'),
json=indicators['list_data_cs'])
Expand Down
6 changes: 6 additions & 0 deletions Packs/FeedCrowdstrikeFalconIntel/ReleaseNotes/2_1_9.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@

#### Integrations

##### CrowdStrike Falcon Intel Feed Actors
- Added the *CrowdStrike API client ID* and *CrowdStrike API client secret* integration parameters to support credentials fetching object.
- Updated the Docker image to: *demisto/python3:3.10.12.63474*.
2 changes: 1 addition & 1 deletion Packs/FeedCrowdstrikeFalconIntel/pack_metadata.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "Crowdstrike Falcon Intel Feed",
"description": "Tracks the activities of threat actor groups and advanced persistent threats (APTs) to understand as much as possible about their known aliases, targets, methods, and more.",
"support": "xsoar",
"currentVersion": "2.1.8",
"currentVersion": "2.1.9",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down
3 changes: 0 additions & 3 deletions Packs/FeedRecordedFuture/.pack-ignore
Original file line number Diff line number Diff line change
@@ -1,5 +1,2 @@
[file:FeedRecordedFuture.yml]
ignore=IN145

[known_words]
RiskList
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ def build_iterator(self, service, indicator_type, risk_rule: Optional[str] = Non
)
rkwargs['stream'] = True
rkwargs['verify'] = self._verify
rkwargs['timeout'] = self.polling_timeout
rkwargs['timeout'] = self.polling_timeout # type:ignore[typeddict-item]

try:
response = _session.send(prepared_request, **rkwargs)
Expand Down Expand Up @@ -500,7 +500,10 @@ def get_risk_rules_command(client: Client, args) -> Tuple[str, dict, dict]:

def main(): # pragma: no cover
params = demisto.params()
client = Client(RF_INDICATOR_TYPES[params.get('indicator_type')], params.get('api_token'), params.get('services'),
api_token = params.get('credentials_api_token', {}).get('password') or params.get('api_token')
if not api_token:
raise DemistoException('API Token must be provided.')
client = Client(RF_INDICATOR_TYPES[params.get('indicator_type')], api_token, params.get('services'),
params.get('risk_rule'), params.get('fusion_file_path'), params.get('insecure'),
params.get('polling_timeout'), params.get('proxy'), params.get('threshold'),
params.get('risk_score_threshold'), argToList(params.get('feedTags')), params.get('tlp_color'))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -89,8 +89,14 @@ configuration:
type: 15
- display: API token
name: api_token
required: true
required: false
type: 4
hidden: true
- displaypassword: API Token
name: credentials_api_token
required: false
hiddenusername: true
type: 9
- defaultvalue: connectApi
display: Services
name: services
Expand Down Expand Up @@ -202,7 +208,7 @@ script:
- contextPath: RecordedFutureFeed.RiskRule.Criticality
description: The risk rule criticality.
type: String
dockerimage: demisto/python3:3.10.4.31492
dockerimage: demisto/python3:3.10.12.63474
feed: true
isfetch: false
longRunning: false
Expand Down
6 changes: 6 additions & 0 deletions Packs/FeedRecordedFuture/ReleaseNotes/1_0_28.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@

#### Integrations

##### Recorded Future RiskList Feed
- Added the *API Token* integration parameters to support credentials fetching object.
- Updated the Docker image to: *demisto/python3:3.10.12.63474*.
2 changes: 1 addition & 1 deletion Packs/FeedRecordedFuture/pack_metadata.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "Recorded Future Feed",
"description": "Ingests indicators from Recorded Future feeds into Demisto.",
"support": "xsoar",
"currentVersion": "1.0.27",
"currentVersion": "1.0.28",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down
2 changes: 1 addition & 1 deletion Packs/ProtectWise/.pack-ignore
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
[file:ProtectWise.yml]
ignore=IN126,IN145
ignore=IN126

[file:ProtectWise_image.png]
ignore=IM111
Expand Down
13 changes: 6 additions & 7 deletions Packs/ProtectWise/Integrations/ProtectWise/ProtectWise.js
Original file line number Diff line number Diff line change
Expand Up @@ -7,20 +7,19 @@ var TIME_FIELDS = ['startedAt', 'occurredAt', 'endedAt', 'observedAt'];
var serverUrl = params.url.replace(/[\/]+$/, '') + '/';

var getToken = function() {
var token = '';
if ((params.token) && (params.token.length > 0)) {
token = params.token;
}
if (token.length === 0) {
if (params.email.length === 0 || params.password.length === 0){
let token = params.credentials_api_token ? params.credentials_api_token.password : params.token;
let email = params.credentials_login ? params.credentials_login.identifier : params.email;
let password = params.credentials_login ? params.credentials_login.password : params.password;
if (token && token.length === 0) {
if ((email&&email.length === 0) || (password&&password.length === 0)){
throw 'If token configuration is empty , you must provide email+password configuration params for auth';
}
var tokResult = http(
serverUrl + 'token',
{
Headers: {'Content-Type': ['application/json']},
Method: 'POST',
Body: JSON.stringify({'email': params.email, 'password': params.password}),
Body: JSON.stringify({'email': email, 'password': password}),
},
params.insecure,
params.proxy
Expand Down
14 changes: 14 additions & 0 deletions Packs/ProtectWise/Integrations/ProtectWise/ProtectWise.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,15 +16,29 @@ configuration:
defaultvalue: ""
type: 0
required: false
hidden: true
- display: Password
name: password
defaultvalue: ""
type: 4
required: false
hidden: true
- display: Email
name: credentials_login
required: false
type: 9
displaypassword: Password
section: Connect
- display: API Token
name: token
type: 4
required: false
hidden: true
- displaypassword: API Token
name: credentials_api_token
required: false
hiddenusername: true
type: 9
- display: Trust any certificate (not secure)
name: insecure
type: 8
Expand Down
5 changes: 5 additions & 0 deletions Packs/ProtectWise/ReleaseNotes/1_0_8.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@

#### Integrations

##### ProtectWise
Added the *Email*, *Password* and *API Token* integration parameters to support credentials fetching object.
Loading

0 comments on commit 25bf006

Please sign in to comment.