Traceable AI API Security Platform Integration (demisto#27840)

* Traceable AI API Security Platform Integration (demisto#27626) * Initial Commit for Traceable Pack * Update .devcontainer.json name * Remove unnecessary fields from the integration. * Some final changes * - Changed support type for Integration - Added pack documentation * Doc Changes * Flake8 changes and formatting changes. * Use mocks for tests. * Changing test data to more dummy like data as circle ci validations are failing * Updating according to validation changes * Changes based on validations * Added Pack README.md contents. * Adding README.md in the proper format * Linter changes * Removing dead code * Added unused code and added tests and other cleanups. * Unused import cleanup * More tests and code restructuring * Including Review comments * Flake8, Lint and Validate corrections. * Review comments * More review changes and added unit tests * Changes based on more review comments. Added more unit tests. * Review comments and recommendations from running: demisto-sdk pre-commit -g --unit-test --validate --no-secrets \ --show-diff-on-failure --verbose * Mypy errors fix * README changes * Corrections from the output of: demisto-sdk pre-commit -g --unit-test --validate --no-secrets --show-diff-on-failure --verbose /Users/mayuresh/Documents/tmpworkspace/xsoar/content/Packs/Traceable * - Changing the author image - reverting devcontainer.json --------- Co-authored-by: mtraceable <mtraceable@users.noreply.github.com> Co-authored-by: ilaner <88267954+ilaner@users.noreply.github.com> * updated test_module --------- Co-authored-by: Mayuresh Kshirsagar <101903400+mtraceable@users.noreply.github.com> Co-authored-by: mtraceable <mtraceable@users.noreply.github.com> Co-authored-by: ilaner <88267954+ilaner@users.noreply.github.com> Co-authored-by: michal-dagan <mdagan@paloaltonetworks.com>
xsoar-contrib · Jul 26, 2023 · e1a0984 · e1a0984
1 parent e1b0e4a
commit e1a0984
Show file tree

Hide file tree

Showing 12 changed files with 1,446 additions and 0 deletions.
diff --git a/Packs/Traceable/.pack-ignore b/Packs/Traceable/.pack-ignore
diff --git a/Packs/Traceable/.secrets-ignore b/Packs/Traceable/.secrets-ignore
@@ -0,0 +1,3 @@
+e::De
+xxx@outlook.zz
+https://mock.url
diff --git a/Packs/Traceable/Author_image.png b/Packs/Traceable/Author_image.png
diff --git a/Packs/Traceable/Integrations/Traceable/README.md b/Packs/Traceable/Integrations/Traceable/README.md
@@ -0,0 +1,39 @@
+# Traceable AI API Security Platform Integration
+## Overview
+Traceable Platform monitors Application APIs and detects Threat Activities. These Threat Events consist of the details about the Threat Activity, the Actor performing the threat activity and the Request/Response Payloads.
+
+With this integration, an Incident can be raised in Cortex Xsoar when an Event is detected by Traceable Platform. This enables the Security Teams to orchestrate actions through Cortex Xsoar with meaningful information about the detected Threat Activities.
+
+## Setup
+To use the integration the following mandatory parameters need to be set:
+|Parameter Name|Default Value|Description|
+|------|------|------|
+|Traceable Platform URL|https://api.traceable.ai|URL of Traceable Platform API Endpoint.|
+|API Token|-|API Token. Used for Authenticating against the Traceable Platform|
+|Trust any certificate (not secure)|false|Trust any SSL certificate while connecting to Platform API Endpoint|
+|Use system proxy settings|false|Use the system proxy setup using the environment variables `http_proxy`/`https_proxy`|
+
+The API Token can be generated as described in the [Traceable Documentation](https://docs.traceable.ai/docs/public-apis#step-1-%E2%80%93-copy-the-platform-api-token)
+
+## Customize Event/Activity Collection
+The following parameters can be used to customize what Events should be exported from the Traceable Platform and brought over into Xsoar as Security Incidents.
+
+|Parameter name|Type|Required (Yes/No)|Default Value|Description|
+|------|------|------|------|------|
+|First fetch timestamp|Short Text|No|1 days|Duration in the past to query the Events when querying for the first time.|
+|max_fetch|Short Text|No|100|Number of records to return from Platform per query|
+|span_fetch_threadpool|Short Text|No|10|Number of threads to use for querying `spans` in parallel|
+|Comma Separated Environment List To Process|Long Text|No|-|Comma separated list of environments to query.|
+|Security Score Category|Multi Select|No|CRITICAL, HIGH, MEDIUM|Security Score Category to query|
+|Threat Category|Multi Select|No|Malicious Activities, API Abuse, Malicious Sources|Threat Categories to query|
+|IP Reputation Level|Multi Select|No|CRITICAL, HIGH, MEDIUM|IP Reputations to query|
+|IP Abuse Velocity|Multi Select|No|CRITICAL, HIGH, MEDIUM|IP Abuse Velocity to query|
+
+## Incident Types
+The integration generates _Exploit_ type of Inidents.
+
+## Official Traceable Documentation
+https://docs.traceable.ai/
+
+## Issues?
+Reach out to support@traceable.ai