Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vectra UDI connector #1530

Merged
Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
ebba5b0
Vectra UDI connector
thangaraj-ramesh Jul 19, 2023
6dbb956
Merge branch 'develop' into vectra_v1
mdazam1942 Jul 19, 2023
6d6c604
Merge branch 'develop' into vectra_v1
thangaraj-ramesh Jul 20, 2023
83be221
Dummy check in - restarting code coverage
thangaraj-ramesh Jul 20, 2023
96cb380
Merge branch 'develop' into vectra_v1
thangaraj-ramesh Jul 25, 2023
a170e08
Updated code to correct the page number calculation
thangaraj-ramesh Jul 26, 2023
5dc7dba
Mapping validator errors resolved
thangaraj-ramesh Jul 26, 2023
c87c555
Merge branch 'develop' into vectra_v1
thangaraj-ramesh Jul 26, 2023
64c531e
Merge branch 'develop' into vectra_v1
mdazam1942 Jul 26, 2023
c12b95a
Dummy check in - restarting code coverage
thangaraj-ramesh Jul 27, 2023
4c5f185
Merge branch 'opencybersecurityalliance:develop' into vectra_v1
thangaraj-ramesh Jul 27, 2023
009546e
Merge branch 'develop' into vectra_v1
mdazam1942 Jul 27, 2023
f1710fb
Removed default result limit
thangaraj-ramesh Jul 28, 2023
723e83f
Merge branch 'develop' into vectra_v1
mdazam1942 Aug 3, 2023
33f95fe
Merge branch 'opencybersecurityalliance:develop' into vectra_v1
thangaraj-ramesh Aug 4, 2023
2ecbd71
Pagination handled using metadata and src_ip referred in network object
thangaraj-ramesh Aug 4, 2023
0eb027b
Merge branch 'develop' into vectra_v1
mdazam1942 Aug 9, 2023
4b2ca87
Merge branch 'opencybersecurityalliance:develop' into vectra_v1
thangaraj-ramesh Aug 10, 2023
e5bc27c
Merge branch 'develop' into vectra_v1
mdazam1942 Aug 17, 2023
f07b692
Merge branch 'opencybersecurityalliance:develop' into vectra_v1
thangaraj-ramesh Aug 22, 2023
76fffad
Update stix_shifter.py, pass the metadata argument in transmit
thangaraj-ramesh Aug 22, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
439 changes: 439 additions & 0 deletions stix_shifter_modules/vectra/README.md

Large diffs are not rendered by default.

Empty file.
30 changes: 30 additions & 0 deletions stix_shifter_modules/vectra/configuration/config.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"connection": {
"type": {
"displayName": "Vectra",
"group": "vectra"
},
"host": {
"type": "text",
"regex": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])$"
},
"help": {
"type": "link",
"default": "data-sources.html"
},
"options": {
"type": "fields",
"result_limit": {
"max": 10000
}
}
},
"configuration": {
"auth": {
"type" : "fields",
"api_token": {
"type": "password"
}
}
}
}
19 changes: 19 additions & 0 deletions stix_shifter_modules/vectra/configuration/lang_en.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"connection": {
"host": {
"label": "Management IP address or Hostname",
"description": "Specify the IP address or hostname of the data source"
},
"help": {
"label": "Need additional help?",
"description": "More details on the data source setting can be found in the specified link"
}
},
"configuration": {
"auth": {
"api_token": {
"type": "password"
}
}
}
}
12 changes: 12 additions & 0 deletions stix_shifter_modules/vectra/entry_point.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
from stix_shifter_utils.utils.base_entry_point import BaseEntryPoint

class EntryPoint(BaseEntryPoint):

# python main.py translate vectra query '{}' "[ipv4-addr:value = '127.0.0.1']"

def __init__(self, connection={}, configuration={}, options={}):
super().__init__(connection, configuration, options)
self.set_async(False)
if connection:
self.setup_transmission_basic(connection, configuration)
self.setup_translation_simple(dialect_default='default')
1 change: 1 addition & 0 deletions stix_shifter_modules/vectra/requirements.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
pyparsing==3.0.9
Empty file.
84 changes: 84 additions & 0 deletions stix_shifter_modules/vectra/stix_translation/json/config_map.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
{
"int_supported_fields": [
"detection.grouped_details.connection_events.dst_port",
"detection.grouped_details.num_events",
"detection.certainty",
"detection.grouped_details.events.target_summary.dst_port",
"detection.grouped_details.count",
"detection.grouped_details.sessions.bytes_sent",
"detection.grouped_details.events.count",
"detection.id",
"detection.grouped_details.events.dst_ports",
"detection.grouped_details.events.sessions.dst_port",
"detection.grouped_details.duration",
"detection.grouped_details.num_response_objects",
"detection.grouped_details.dst_ports",
"detection.grouped_details.events.num_response_objects",
"detection.grouped_details.connection_events.total_bytes_sent",
"detection.grouped_details.src_account.privilege_level",
"detection.grouped_details.anomalous_profiles.count",
"detection.grouped_details.events.bytes_sent",
"detection.grouped_details.src_host.privilege_level",
"detection.grouped_details.connection_events.total_bytes_rcvd",
"detection.grouped_details.num_services_high_privilege",
"detection.grouped_details.bytes_received",
"detection.grouped_details.targets.events.bytes_received",
"detection.grouped_details.events.sessions.duration",
"detection.grouped_details.dst_hosts.dst_port",
"detection.grouped_details.num_attempts",
"detection.grouped_details.num_services_requested",
"detection.grouped_details.bytes_sent",
"detection.grouped_details.events.bytes_received",
"detection.grouped_details.num_sessions",
"detection.grouped_details.sessions.dst_port",
"detection.grouped_details.service_accessed.privilege_level",
"detection.grouped_details.events.duration",
"detection.grouped_details.num_accounts",
"detection.grouped_details.origin_port",
"detection.grouped_details.sessions.bytes_received",
"detection.grouped_details.dst_geo_lat",
"detection.grouped_details.origin_geo_lat",
"detection.grouped_details.dst_geo_lon",
"detection.grouped_details.origin_geo_lon",
"detection.threat",
"detection.summary.num_sessions",
"detection.summary.num_attempts",
"detection.summary.num_successes",
"detection.summary.dst_ports",
"detection.summary.matches",
"detection.src_host.id",
"detection.src_host.threat",
"detection.src_host.certainty",
"detection.grouped_details.connection_events.duration_int"
],
"timestamp_supported_fields": [
"detection.first_timestamp",
"detection.grouped_details.first_timestamp",
"detection.grouped_details.sessions.first_timestamp",
"detection.grouped_details.events.first_timestamp",
"detection.grouped_details.events.sessions.first_timestamp",
"detection.grouped_details.events.target_summary.first_timestamp",
"detection.grouped_details.connection_events.first_timestamp",
"detection.last_timestamp",
"detection.grouped_details.last_timestamp",
"detection.grouped_details.dst_hosts.last_timestamp",
"detection.grouped_details.sessions.last_timestamp",
"detection.grouped_details.events.last_seen",
"detection.grouped_details.events.last_timestamp",
"detection.grouped_details.events.target_summary.last_timestamp",
"detection.grouped_details.connection_events.last_timestamp",
"detection.created_timestamp",
"detection.assigned_date",
"detection.grouped_details.first_seen",
"detection.grouped_details.last_seen",
"detection.grouped_details.targets.events.last_seen",
"detection.grouped_details.anomalous_profiles.first_timestamp",
"detection.grouped_details.anomalous_profiles.last_timestamp"
],
"boolean_supported_fields": [
"detection.is_triaged",
"detection.src_host.is_key_asset",
"detection.grouped_details.events.is_normally_accessed_by_rdp",
"detection.grouped_details.connection_events.is_external"
]
}
Loading