Updated RHACS connector to support self signed certificate authentica…

…tion (#1174)
opencybersecurityalliance · Nov 29, 2022 · 664d46e · 664d46e
1 parent 0898bb8
commit 664d46e
Show file tree

Hide file tree

Showing 5 changed files with 59 additions and 33 deletions.
diff --git a/stix_shifter_modules/rhacs/README.md b/stix_shifter_modules/rhacs/README.md
@@ -9,6 +9,7 @@
 - [Limitations](#limitations)
 - [References](#references)
 
+
 ### RHACS API Endpoints
 
    |Connector Method|RHACS API Endpoint| Method
@@ -17,6 +18,10 @@
    |Alert by id Endpoint|https://<{fqdn}>v1/alerts/alertid|GET
    |Ping Endpoint|https://<{fqdn}>v1/ping|GET
 
+### Note
+- RHACS(StackRox) supports both ca and self-signed certificates. Below given transmit and execute examples are based on self-signed. In case of trusted ca issued server certificate, it is not required to pass sni and self-signed parameter as they are optional.  
+
+
 ### Format for calling stix-shifter from the command line
 ```
 python main.py `<translate or transmit>` `<translator_module>` `<query or result>` `<STIX identity object>` `<data>`
@@ -40,10 +45,10 @@ translate rhacs query '{}' "[x-rhacs-cluster:name = 'xxxx'] START t'2022-07-07T1
 #### STIX Transmit ping 
 
 ```shell
-transmit
-rhacs
-"{\"host\":\"xxxxx"}"
-"{\"auth\":{\"token\": "xxxxxx"}}"
+transmit 
+rhacs 
+"{\"host\":\"xxxxxx\", \"sni\":\"central.stackrox\",\"selfSignedCert\":\"-----BEGIN CERTIFICATE-----xxxxx-----END CERTIFICATE-----\"}"
+"{\"auth\":{\"token\": \"xxxxx\"}}" 
 ping
 ```
 
@@ -58,8 +63,8 @@ ping
 ```shell
 transmit
 rhacs
-"{\"host\":\"xxxxx"}"
-"{\"auth\":{\"token\": "xxxxxx"}}"
+"{\"host\":\"xxxxxx\", \"sni\":\"central.stackrox\",\"selfSignedCert\":\"-----BEGIN CERTIFICATE-----xxxxx-----END CERTIFICATE-----\"}"
+"{\"auth\":{\"token\": \"xxxxx\"}}"
 results
 "Cluster:"xxxx"+Violation Time:>=07/07/2022"
 0
@@ -277,17 +282,17 @@ query
 ```shell
 transmit
 rhacs
-"{\"host\":\"xxxxx"}"
-"{\"auth\":{\"token\": "xxxxxx"}}"
+"{\"host\":\"xxxxxx\", \"sni\":\"central.stackrox\",\"selfSignedCert\":\"-----BEGIN CERTIFICATE-----xxxxx-----END CERTIFICATE-----\"}"
+"{\"auth\":{\"token\": \"xxxxx\"}}"
 results
 "Cluster:"xxxx"+Violation Time:>=07/07/2022"
 0
 1
 
 transmit
 rhacs
-"{\"host\":\"xxxxx"}"
-"{\"auth\":{\"token\": "xxxxxx"}}"
+"{\"host\":\"xxxxxx\", \"sni\":\"central.stackrox\",\"selfSignedCert\":\"-----BEGIN CERTIFICATE-----xxxxx-----END CERTIFICATE-----\"}"
+"{\"auth\":{\"token\": \"xxxxx\"}}"
 results
 "Lifecycle Stage:"xxxx"+Violation Time:>=07/07/2022"
 0
@@ -547,8 +552,8 @@ execute
 rhacs
 rhacs
 "{\"type\":\"identity\",\"id\":\"identity--f431f809-377b-45e0-aa1c-6a4751cae5ff\",\"name\":\"rhacs\",\"identity_class \":\"events\"}"
-"{\"host\":\"xxxxx"}"
-"{\"auth\":{\"token\": "xxxxxx"}}"
+"{\"host\":\"xxxxxx\", \"sni\":\"central.stackrox\",\"selfSignedCert\":\"-----BEGIN CERTIFICATE-----xxxxx-----END CERTIFICATE-----\"}"
+"{\"auth\":{\"token\": \"xxxxx\"}}"
 "[x-rhacs-cluster:name = 'xxxx'] START t'2022-07-07T08:43:10.003Z' STOP t'2022-07-08T05:35:10.003Z'"
 ```
 

diff --git a/stix_shifter_modules/rhacs/configuration/config.json b/stix_shifter_modules/rhacs/configuration/config.json
@@ -17,6 +17,14 @@
         "help": {
             "type": "link",
             "default": "data-sources.html"
+        },
+        "sni": {
+            "type": "text",
+            "optional": true
+        },
+        "selfSignedCert": {
+            "type": "password",
+            "optional": true
         }
     },
     "configuration": {

diff --git a/stix_shifter_modules/rhacs/configuration/lang_en.json b/stix_shifter_modules/rhacs/configuration/lang_en.json
@@ -1,24 +1,32 @@
 {
-    "connection": {
-        "host": {
-            "label": "Management IP address or Hostname",
-            "description": "Specify the IP address or  hostname of the data source so that IBM Cloud Pak for Security can communicate with it"
-        },
-        "port": {
-            "label": "Host Port",
-            "description": "Set the port number that is associated with the Host name or IP"
-        },
-        "help": {
-            "label": "Need additional help?",
-            "description": "More details on the data source setting can be found in the specified link"
-        }
+  "connection": {
+    "host": {
+      "label": "Management IP address or Hostname",
+      "description": "Specify the IP address or hostname of the data source"
     },
-    "configuration": {
-        "auth": {
-            "token": {
-                "label": "API Token",
-                "description": "Token with readonly access to the alert API"
-            }
-        }
+    "port": {
+      "label": "Host Port",
+      "description": "Set the port number that is associated with the Host name or IP"
+    },
+    "help": {
+      "label": "Need additional help?",
+      "description": "More details on the data source setting can be found in the specified link"
+    },
+    "sni": {
+      "label": "Server Name Indicator",
+      "description": "The Server Name Indicator (SNI) enables a separate hostname to be provided for SSL authentication"
+    },
+    "selfSignedCert": {
+      "label": "RHACS Connection Certificate",
+      "description": "Use self-signed SSL certificate or CA content(root and intermediate) of data source"
+    }
+  },
+  "configuration": {
+    "auth": {
+      "token": {
+        "label": "API Token",
+        "description": "Token with readonly access to the alert API"
+      }
     }
+  }
 }
diff --git a/stix_shifter_modules/rhacs/stix_transmission/api_client.py b/stix_shifter_modules/rhacs/stix_transmission/api_client.py
@@ -13,10 +13,13 @@ def __init__(self, connection, configuration):
         if 'token' in self.auth:
             headers['Authorization'] = "Bearer " + self.auth.get('token')
         url_modifier_function = None
+        # Added self-signed certificate parameter for verification
         self.client = RestApiClient(connection.get('host'),
                                     connection.get('port', None),
                                     headers,
-                                    url_modifier_function=url_modifier_function
+                                    url_modifier_function=url_modifier_function,
+                                    sni=connection.get('sni', None),
+                                    cert_verify=connection.get('selfSignedCert', True)
                                     )
         self.timeout = connection['options'].get('timeout')
 

diff --git a/stix_shifter_modules/rhacs/tests/stix_transmission/test_rhacs.py b/stix_shifter_modules/rhacs/tests/stix_transmission/test_rhacs.py
@@ -54,6 +54,8 @@ def connection():
         """format for connection"""
         return {
             "host": "testhost",
+            "sni":"testsni",
+            "selfSignedCert":"-----BEGIN CERTIFICATE-----XXXX123-----END CERTIFICATE-----",
             "port": 443,
             "options": {"result_limit": 10}
         }