Merge pull request #758 from imm007/datadog_ssl_cert_fix

Datadog ssl cert fix
opencybersecurityalliance · Jan 5, 2022 · 860ac44 · 860ac44
2 parents f0cfc05 + 3f36c94
commit 860ac44
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 7 deletions.
diff --git a/stix_shifter_modules/datadog/README.md b/stix_shifter_modules/datadog/README.md
@@ -192,7 +192,7 @@ Uses the data source API to ping the connection
 
 CLI command example:
 ```
-python3 main.py transmit datadog '{"site_url": <site_url>}' '{ "auth": { "api_key": <api_key>, "application_key": <application_key>}}' ping
+python3 main.py transmit datadog '{"site_url": <site_url>, "selfSignedCert": False}' '{ "auth": { "api_key": <api_key>, "application_key": <application_key>}}' ping
 ```
 If connection establish returns the following response:
 ```
@@ -207,7 +207,7 @@ Queries the data source API with the translated query and returns the search id
 
 CLI command example:
 ```
-python3 main.py transmit datadog '{"site_url": <site_url>}' '{ "auth": { "api_key": <api_key>, "application_key": <application_key>}}' query "{\"query\": {\"tags\": \"account\", \"start\": 1627207221, \"end\": 1629972021}, \"source\": \"events\"}"
+python3 main.py transmit datadog '{"site_url": <site_url>, "selfSignedCert": False}' '{ "auth": { "api_key": <api_key>, "application_key": <application_key>}}' query "{\"query\": {\"tags\": \"account\", \"start\": 1627207221, \"end\": 1629972021}, \"source\": \"events\"}"
 ```
 
 If successful, will return the following response:
@@ -224,7 +224,7 @@ Uses the data source API to fetch the query results based on the search ID, offs
 
 CLI Command example for events dialect:
 ```
-python3 main.py transmit datadog '{"site_url": <site_url>}' '{ "auth": { "api_key": <api_key>, "application_key": <application_key>}}' results "{\"query\": {\"tags\": \"account\", \"start\": 1627207221, \"end\": 1629972021}, \"source\": \"events\"}" <OFFSET> <LENGTH>
+python3 main.py transmit datadog '{"site_url": <site_url>, "selfSignedCert": False}' '{ "auth": { "api_key": <api_key>, "application_key": <application_key>}}' results "{\"query\": {\"tags\": \"account\", \"start\": 1627207221, \"end\": 1629972021}, \"source\": \"events\"}" <OFFSET> <LENGTH>
 ```
 Returns following result
 ```json
@@ -252,7 +252,7 @@ Returns following result
 
 CLI Command example for processes dialect:
 ```
-python3 main.py transmit datadog '{"site_url": <site_url>}' '{ "auth": { "api_key": <api_key>, "application_key": <application_key>}}' results "{\"query\": {\"pid\": 92, \"start\": 1627207221, \"end\": 1629972021}, \"source\": \"processes\"}" <OFFSET> <LENGTH>
+python3 main.py transmit datadog '{"site_url": <site_url>, "selfSignedCert": False}' '{ "auth": { "api_key": <api_key>, "application_key": <application_key>}}' results "{\"query\": {\"pid\": 92, \"start\": 1627207221, \"end\": 1629972021}, \"source\": \"processes\"}" <OFFSET> <LENGTH>
 ```
 Returns following result
 ```json
@@ -285,7 +285,7 @@ defined in the `to_stix_map.json` file.
 
 CLI Command example for events dialect:
 ```
-python3 main.py execute datadog:events datadog:events '{"type": "identity","id": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff","name": "datadog","identity_class": "events"}' {"site_url": <site_url>}' '{ "auth": { "api_key": <api_key>, "application_key": <application_key>}}' "[x-datadog-event:tags = 'account'] START t'2021-09-19T00:00:00.000Z' STOP t'2021-09-24T00:00:00.000Z'"
+python3 main.py execute datadog:events datadog:events '{"type": "identity","id": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff","name": "datadog","identity_class": "events"}' {"site_url": <site_url>,  "selfSignedCert": False}' '{ "auth": { "api_key": <api_key>, "application_key": <application_key>}}' "[x-datadog-event:tags = 'account'] START t'2021-09-19T00:00:00.000Z' STOP t'2021-09-24T00:00:00.000Z'"
 ```
 
 If successful, will return the following response
@@ -347,7 +347,7 @@ STIX Results:
 
 CLI Command example for processes dialect:
 ```
-python3 main.py execute datadog:processes datadog:processes '{"type": "identity","id": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff","name": "datadog","identity_class": "events"}' {"site_url": <site_url>}' '{ "auth": { "api_key": <api_key>, "application_key": <application_key>}}' "[domain-name:value = 'win10vm4'] START t'2021-09-19T00:00:00.000Z' STOP t'2021-09-24T00:00:00.000Z'"
+python3 main.py execute datadog:processes datadog:processes '{"type": "identity","id": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff","name": "datadog","identity_class": "events"}' {"site_url": <site_url>,  "selfSignedCert": False}' '{ "auth": { "api_key": <api_key>, "application_key": <application_key>}}' "[domain-name:value = 'win10vm4'] START t'2021-09-19T00:00:00.000Z' STOP t'2021-09-24T00:00:00.000Z'"
 ```
 
 If successful, will return the following response

diff --git a/stix_shifter_modules/datadog/configuration/config.json b/stix_shifter_modules/datadog/configuration/config.json
@@ -7,6 +7,10 @@
             "type": "text",
             "regex": "https?:\\/\\/((app|us3|us5)\\.)[a-z0-9-]+\\.[a-z]{2,3}$"
         },
+        "selfSignedCert": {
+            "type": "password",
+            "optional": true
+        },
         "help": {
             "type": "link",
             "default": "data-sources.html"

diff --git a/stix_shifter_modules/datadog/configuration/lang_en.json b/stix_shifter_modules/datadog/configuration/lang_en.json
@@ -5,6 +5,10 @@
             "placeholder": "https://app.datadoghq.com",
             "description": "Specify the Site URL of the Datadog so that IBM Cloud Pak for Security can communicate with it"
         },
+        "selfSignedCert": {
+            "label": "Datadog Certificate",
+            "placeholder": "Paste your certificate"
+        },
         "help": {
             "label": "Need additional help?",
             "description": "More details on the data source setting can be found in the specified link"

diff --git a/stix_shifter_modules/datadog/stix_transmission/api_client.py b/stix_shifter_modules/datadog/stix_transmission/api_client.py
@@ -4,6 +4,7 @@
 from datadog_api_client.v1.api import events_api
 from datadog_api_client.v2.api import processes_api
 from urllib3.exceptions import MaxRetryError
+import urllib3
 
 class APIClient:
 
@@ -13,6 +14,11 @@ def __init__(self, connection, configuration):
         self.configuration = datadog_api_client.v1.Configuration(host=connection["site_url"])
         self.configuration.api_key["apiKeyAuth"] = self.auth["api_key"]
         self.configuration.api_key["appKeyAuth"] = self.auth["application_key"]
+        if connection["selfSignedCert"]:
+            self.configuration.ssl_ca_cert = connection["selfSignedCert"]
+        else:
+            self.configuration.verify_ssl = connection["selfSignedCert"]
+        urllib3.disable_warnings()
 
     def ping_data_source(self):
         """To Validate API key"""
@@ -56,6 +62,10 @@ def get_processes_results(self):
         configuration = datadog_api_client.v2.Configuration(host=self.connection["site_url"])
         configuration.api_key["apiKeyAuth"] = self.auth["api_key"]
         configuration.api_key["appKeyAuth"] = self.auth["application_key"]
+        if self.connection["selfSignedCert"]:
+            configuration.ssl_ca_cert = self.connection["selfSignedCert"]
+        else:
+            configuration.verify_ssl = self.connection["selfSignedCert"]
         with datadog_api_client.v2.ApiClient(configuration) as api_client:
             api_instance = processes_api.ProcessesApi(api_client)
             try:

diff --git a/stix_shifter_modules/datadog/test/stix_transmission/test_datadog.py b/stix_shifter_modules/datadog/test/stix_transmission/test_datadog.py
@@ -13,7 +13,8 @@ class TestDatadogConnection(unittest.TestCase, object):
 
     def connection(self):
         return {
-            "site_url": "https://app.datadoghq.eu"
+            "site_url": "https://app.datadoghq.eu",
+            "selfSignedCert": False
         }
 
     def configuration(self):