From 0193585f55c9806064a7cf7e4df552e18415c4cb Mon Sep 17 00:00:00 2001 From: Pramod Nawale Date: Thu, 20 Jan 2022 18:21:49 +0530 Subject: [PATCH 1/5] Placeholder for datadog certificate changed --- stix_shifter_modules/datadog/configuration/config.json | 2 +- stix_shifter_modules/datadog/configuration/lang_en.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stix_shifter_modules/datadog/configuration/config.json b/stix_shifter_modules/datadog/configuration/config.json index 9bccb1b62..474f7b6dd 100644 --- a/stix_shifter_modules/datadog/configuration/config.json +++ b/stix_shifter_modules/datadog/configuration/config.json @@ -9,7 +9,7 @@ }, "selfSignedCert": { "type": "password", - "optional": true + "optional": false }, "help": { "type": "link", diff --git a/stix_shifter_modules/datadog/configuration/lang_en.json b/stix_shifter_modules/datadog/configuration/lang_en.json index a90fd0079..c113a6af5 100644 --- a/stix_shifter_modules/datadog/configuration/lang_en.json +++ b/stix_shifter_modules/datadog/configuration/lang_en.json @@ -7,7 +7,7 @@ }, "selfSignedCert": { "label": "Datadog Certificate", - "placeholder": "Paste your certificate" + "placeholder": "Paste your certificate else put 'false'" }, "help": { "label": "Need additional help?", From 75787f0fd0e3e7de8a546310fafb8b23e04ede81 Mon Sep 17 00:00:00 2001 From: Pramod Nawale Date: Thu, 20 Jan 2022 18:33:31 +0530 Subject: [PATCH 2/5] updated False to false text --- stix_shifter_modules/datadog/README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/stix_shifter_modules/datadog/README.md b/stix_shifter_modules/datadog/README.md index 3c70eb3aa..3e363c1fd 100644 --- a/stix_shifter_modules/datadog/README.md +++ b/stix_shifter_modules/datadog/README.md @@ -192,7 +192,7 @@ Uses the data source API to ping the connection CLI command example: ``` -python3 main.py transmit datadog '{"site_url": , "selfSignedCert": False}' '{ "auth": { "api_key": , "application_key": }}' ping +python3 main.py transmit datadog '{"site_url": , "selfSignedCert": false}' '{ "auth": { "api_key": , "application_key": }}' ping ``` If connection establish returns the following response: ``` @@ -207,7 +207,7 @@ Queries the data source API with the translated query and returns the search id CLI command example: ``` -python3 main.py transmit datadog '{"site_url": , "selfSignedCert": False}' '{ "auth": { "api_key": , "application_key": }}' query "{\"query\": {\"tags\": \"account\", \"start\": 1627207221, \"end\": 1629972021}, \"source\": \"events\"}" +python3 main.py transmit datadog '{"site_url": , "selfSignedCert": false}' '{ "auth": { "api_key": , "application_key": }}' query "{\"query\": {\"tags\": \"account\", \"start\": 1627207221, \"end\": 1629972021}, \"source\": \"events\"}" ``` If successful, will return the following response: @@ -224,7 +224,7 @@ Uses the data source API to fetch the query results based on the search ID, offs CLI Command example for events dialect: ``` -python3 main.py transmit datadog '{"site_url": , "selfSignedCert": False}' '{ "auth": { "api_key": , "application_key": }}' results "{\"query\": {\"tags\": \"account\", \"start\": 1627207221, \"end\": 1629972021}, \"source\": \"events\"}" +python3 main.py transmit datadog '{"site_url": , "selfSignedCert": false}' '{ "auth": { "api_key": , "application_key": }}' results "{\"query\": {\"tags\": \"account\", \"start\": 1627207221, \"end\": 1629972021}, \"source\": \"events\"}" ``` Returns following result ```json @@ -252,7 +252,7 @@ Returns following result CLI Command example for processes dialect: ``` -python3 main.py transmit datadog '{"site_url": , "selfSignedCert": False}' '{ "auth": { "api_key": , "application_key": }}' results "{\"query\": {\"pid\": 92, \"start\": 1627207221, \"end\": 1629972021}, \"source\": \"processes\"}" +python3 main.py transmit datadog '{"site_url": , "selfSignedCert": false}' '{ "auth": { "api_key": , "application_key": }}' results "{\"query\": {\"pid\": 92, \"start\": 1627207221, \"end\": 1629972021}, \"source\": \"processes\"}" ``` Returns following result ```json @@ -285,7 +285,7 @@ defined in the `to_stix_map.json` file. CLI Command example for events dialect: ``` -python3 main.py execute datadog:events datadog:events '{"type": "identity","id": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff","name": "datadog","identity_class": "events"}' {"site_url": , "selfSignedCert": False}' '{ "auth": { "api_key": , "application_key": }}' "[x-datadog-event:tags = 'account'] START t'2021-09-19T00:00:00.000Z' STOP t'2021-09-24T00:00:00.000Z'" +python3 main.py execute datadog:events datadog:events '{"type": "identity","id": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff","name": "datadog","identity_class": "events"}' {"site_url": , "selfSignedCert": false}' '{ "auth": { "api_key": , "application_key": }}' "[x-datadog-event:tags = 'account'] START t'2021-09-19T00:00:00.000Z' STOP t'2021-09-24T00:00:00.000Z'" ``` If successful, will return the following response @@ -347,7 +347,7 @@ STIX Results: CLI Command example for processes dialect: ``` -python3 main.py execute datadog:processes datadog:processes '{"type": "identity","id": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff","name": "datadog","identity_class": "events"}' {"site_url": , "selfSignedCert": False}' '{ "auth": { "api_key": , "application_key": }}' "[domain-name:value = 'win10vm4'] START t'2021-09-19T00:00:00.000Z' STOP t'2021-09-24T00:00:00.000Z'" +python3 main.py execute datadog:processes datadog:processes '{"type": "identity","id": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff","name": "datadog","identity_class": "events"}' {"site_url": , "selfSignedCert": false}' '{ "auth": { "api_key": , "application_key": }}' "[domain-name:value = 'win10vm4'] START t'2021-09-19T00:00:00.000Z' STOP t'2021-09-24T00:00:00.000Z'" ``` If successful, will return the following response From e1be5ccf1f1d4b246b24a99b7a13901bb4cfa99f Mon Sep 17 00:00:00 2001 From: Pramod Nawale Date: Fri, 21 Jan 2022 11:15:11 +0530 Subject: [PATCH 3/5] made changes in selfsignedcert --- stix_shifter_modules/datadog/configuration/config.json | 2 +- stix_shifter_modules/datadog/configuration/lang_en.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stix_shifter_modules/datadog/configuration/config.json b/stix_shifter_modules/datadog/configuration/config.json index 474f7b6dd..9bccb1b62 100644 --- a/stix_shifter_modules/datadog/configuration/config.json +++ b/stix_shifter_modules/datadog/configuration/config.json @@ -9,7 +9,7 @@ }, "selfSignedCert": { "type": "password", - "optional": false + "optional": true }, "help": { "type": "link", diff --git a/stix_shifter_modules/datadog/configuration/lang_en.json b/stix_shifter_modules/datadog/configuration/lang_en.json index c113a6af5..a90fd0079 100644 --- a/stix_shifter_modules/datadog/configuration/lang_en.json +++ b/stix_shifter_modules/datadog/configuration/lang_en.json @@ -7,7 +7,7 @@ }, "selfSignedCert": { "label": "Datadog Certificate", - "placeholder": "Paste your certificate else put 'false'" + "placeholder": "Paste your certificate" }, "help": { "label": "Need additional help?", From d8adc7bddfb04b58f3e8c75e211c1323021caeae Mon Sep 17 00:00:00 2001 From: Pramod Nawale Date: Fri, 21 Jan 2022 11:24:52 +0530 Subject: [PATCH 4/5] Made changes - use ssl certificate or verify ssl false --- .../datadog/stix_transmission/api_client.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/stix_shifter_modules/datadog/stix_transmission/api_client.py b/stix_shifter_modules/datadog/stix_transmission/api_client.py index 9f34a82c0..ddff458f2 100644 --- a/stix_shifter_modules/datadog/stix_transmission/api_client.py +++ b/stix_shifter_modules/datadog/stix_transmission/api_client.py @@ -14,10 +14,10 @@ def __init__(self, connection, configuration): self.configuration = datadog_api_client.v1.Configuration(host=connection["site_url"]) self.configuration.api_key["apiKeyAuth"] = self.auth["api_key"] self.configuration.api_key["appKeyAuth"] = self.auth["application_key"] - if connection["selfSignedCert"]: + if "selfSignedCert" in connection: self.configuration.ssl_ca_cert = connection["selfSignedCert"] else: - self.configuration.verify_ssl = connection["selfSignedCert"] + self.configuration.verify_ssl = False urllib3.disable_warnings() def ping_data_source(self): @@ -62,10 +62,10 @@ def get_processes_results(self): configuration = datadog_api_client.v2.Configuration(host=self.connection["site_url"]) configuration.api_key["apiKeyAuth"] = self.auth["api_key"] configuration.api_key["appKeyAuth"] = self.auth["application_key"] - if self.connection["selfSignedCert"]: + if "selfSignedCert" in connection: configuration.ssl_ca_cert = self.connection["selfSignedCert"] else: - configuration.verify_ssl = self.connection["selfSignedCert"] + configuration.verify_ssl = False with datadog_api_client.v2.ApiClient(configuration) as api_client: api_instance = processes_api.ProcessesApi(api_client) try: From 89cc95aaca8ab2c12bfd0e552fcd44119b3e8a13 Mon Sep 17 00:00:00 2001 From: Pramod Nawale Date: Fri, 21 Jan 2022 11:27:48 +0530 Subject: [PATCH 5/5] Resolved undefined error --- stix_shifter_modules/datadog/stix_transmission/api_client.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stix_shifter_modules/datadog/stix_transmission/api_client.py b/stix_shifter_modules/datadog/stix_transmission/api_client.py index ddff458f2..1f07dc4d1 100644 --- a/stix_shifter_modules/datadog/stix_transmission/api_client.py +++ b/stix_shifter_modules/datadog/stix_transmission/api_client.py @@ -62,7 +62,7 @@ def get_processes_results(self): configuration = datadog_api_client.v2.Configuration(host=self.connection["site_url"]) configuration.api_key["apiKeyAuth"] = self.auth["api_key"] configuration.api_key["appKeyAuth"] = self.auth["application_key"] - if "selfSignedCert" in connection: + if "selfSignedCert" in self.connection: configuration.ssl_ca_cert = self.connection["selfSignedCert"] else: configuration.verify_ssl = False