opencybersecurityalliance · mdazam1942 · May 12, 2022 · Apr 12, 2022 · Apr 13, 2022 · Apr 13, 2022
diff --git a/stix_shifter_modules/darktrace/README.md b/stix_shifter_modules/darktrace/README.md
diff --git a/stix_shifter_modules/darktrace/__init__.py b/stix_shifter_modules/darktrace/__init__.py
diff --git a/stix_shifter_modules/darktrace/configuration/config.json b/stix_shifter_modules/darktrace/configuration/config.json
@@ -0,0 +1,32 @@
+{
+    "connection": {
+        "type": {
+            "displayName": "Darktrace"
+        },
+        "host": {
+            "type": "text",
+            "regex": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])$"
+        },
+        "help": {
+            "type": "link",
+            "default": "data-sources.html"
+        },
+        "options": {
+            "type": "fields",
+            "result_limit": {
+                "max": 10000
+            }
+        }
+    },
+    "configuration": {
+        "auth": {
+            "type" : "fields",
+            "private_token": {
+                "type": "password"
+            },
+            "public_token": {
+                "type": "password"
+            }
+        }
+    }
+}
diff --git a/stix_shifter_modules/darktrace/configuration/lang_en.json b/stix_shifter_modules/darktrace/configuration/lang_en.json
@@ -0,0 +1,24 @@
+{
+    "connection": {
+        "host": {
+            "label": "Management IP address or Hostname",
+            "description": "Specify the IP address or hostname of the data source so that IBM Cloud Pak for Security can communicate with it"
+        },
+        "help": {
+            "label": "Need additional help?",
+            "description": "More details on the data source setting can be found in the specified link"
+        }
+    },
+    "configuration": {
+        "auth": {
+            "private_token": {
+                "label": "Private Token",
+                "description": "Private tokens are used in token-based authentication to access an API."
+            },
+            "public_token": {
+                "label": "Public Token",
+                "description": "Public tokens are used in token-based authentication to access an API."
+            }
+        }
+    }
+}
diff --git a/stix_shifter_modules/darktrace/entry_point.py b/stix_shifter_modules/darktrace/entry_point.py
@@ -0,0 +1,13 @@
+from stix_shifter_utils.utils.base_entry_point import BaseEntryPoint
+
+
+class EntryPoint(BaseEntryPoint):
+
+    # python main.py translate darktrace query '{}' "[ipv4-addr:value = '127.0.0.1']"
+
+    def __init__(self, connection={}, configuration={}, options={}):
+        super().__init__(connection, configuration, options)
+        self.set_async(False)
+        if connection:
+            self.setup_transmission_basic(connection, configuration)
+        self.setup_translation_simple(dialect_default='default')
diff --git a/stix_shifter_modules/darktrace/stix_translation/__init__.py b/stix_shifter_modules/darktrace/stix_translation/__init__.py
diff --git a/stix_shifter_modules/darktrace/stix_translation/json/config_map.json b/stix_shifter_modules/darktrace/stix_translation/json/config_map.json
@@ -0,0 +1,21 @@
+{
+  "DT_Protocols": ["conn", "ssl", "ssh", "http", "ftp", "dns", "smtp", "ldap", "dhcp", "rdp", "pop3", "x509", "files_identified", "software", "device_details"],
+  "DT_NetworkTraffic": ["epochdate", "uid", "id_hUUID", "source_ip", "dest_ip", "source_port", "dest_port", "proto"],
+  "int_supported_fields": [
+      "source_port","src_p","dest_port","dst_p","pkts_recv","orig_pkts",
+    "pkts_dropped","resp_pkts","orig_bytes","orig_ip_bytes","megabytes_recv","resp_bytes",
+    "resp_ip_bytes","total_bytes","file_msg", "read_size", "write_size","dcc_file_size","certificate_version",
+    "auth_attempts","status_code","data_channel_resp_p","epochdate","certificate_exponent","response_body_len",
+    "reply_code","data_channel_resp_p","TTLs","unprocessed_TTLs","encryption_level","certificate_not_valid_before","certificate_not_valid_after",
+    "certificate_key_length","certificate_exponent","total_client_ciphers","orig_ttl","resp_ttl","trans_depth",
+    "request_body_len","cert_count","seen_bytes","basic_constraints_path_len","start_ts","oss_start_ts", "trans_id","a_load",
+    "unprocessed_payload_size","file_ident_ports","duration","missed_bytes_orig", "missed_bytes_resp",
+    "orig_percent_invalid_checksum","resp_percent_invalid_checksum", "info_code","oss_ts","flash_version",
+    "version_major","version_minor","version_minor3","lease_time","orig_fuids", "resp_fuids"
+    ],
+  "mac_supported_fields": [
+      "mac"
+    ],
+  "boolean_supported_fields": ["rejected","tls","password_seen","local_orig","local_resp","resumed",
+    "established","client_hello_seen","basic_constraints_ca"]
+}