diff --git a/Packs/FeedCyjax/Author_image.png b/Packs/FeedCyjax/Author_image.png index 245a94fd7eff..5d2b877ddab4 100644 Binary files a/Packs/FeedCyjax/Author_image.png and b/Packs/FeedCyjax/Author_image.png differ diff --git a/Packs/FeedCyjax/CONTRIBUTORS.json b/Packs/FeedCyjax/CONTRIBUTORS.json new file mode 100644 index 000000000000..f2953c8fe220 --- /dev/null +++ b/Packs/FeedCyjax/CONTRIBUTORS.json @@ -0,0 +1,3 @@ +[ + "Jakub Orzol" +] \ No newline at end of file diff --git a/Packs/FeedCyjax/Integrations/FeedCyjax/FeedCyjax.py b/Packs/FeedCyjax/Integrations/FeedCyjax/FeedCyjax.py index f06ef846500b..c187d80daaab 100644 --- a/Packs/FeedCyjax/Integrations/FeedCyjax/FeedCyjax.py +++ b/Packs/FeedCyjax/Integrations/FeedCyjax/FeedCyjax.py @@ -89,7 +89,7 @@ def fetch_indicators(self, since=None, until=None, indicator_type=None, source_t :param indicator_type: The indicator type. If not specified all indicators are returned :type source_type: ``str`` - :param source_type: The indicators source type. Allowed values are incidnet-report, my-report + :param source_type: The indicators source type. Allowed values are incident-report, my-report :type source_id: ``int`` :param source_id: The indicators source ID @@ -349,10 +349,10 @@ def fetch_indicators_command( # Add one second from last_fetch_timestamp to avoid fetching the same indicators since = last_fetch_date + timedelta(seconds=1) - indicators = [] # type:List - cyjax_indicators = client.fetch_indicators(since=since.isoformat()) # type:List + indicators: list[dict[str, Any]] = [] + cyjax_indicators: list[Any] = client.fetch_indicators(since=since.isoformat()) - indicators_score = map_reputation_to_score(reputation) # type: int + indicators_score: int = map_reputation_to_score(reputation) for cyjax_indicator in cyjax_indicators: indicator_date = dateparser.parse(cyjax_indicator.get("discovered_at")) @@ -402,7 +402,7 @@ def get_indicators_command(client: Client, args: dict[str, Any]) -> dict[str, An since=since, until=until, indicator_type=indicator_type, source_type=source_type, source_id=source_id, limit=limit ) - indicators = [convert_cyjax_indicator(indicator) for indicator in cyjax_indicators] # type:List + indicators: list[dict[str, Any]] = [convert_cyjax_indicator(indicator) for indicator in cyjax_indicators] # Format indicators for human readable table output human_readable_indicators = [] @@ -523,7 +523,7 @@ def main() -> None: return_results(test_module(client)) elif demisto.command() == "fetch-indicators": - last_fetch_date = get_indicators_last_fetch_date() # type:datetime + last_fetch_date: datetime = get_indicators_last_fetch_date() next_run, indicators = fetch_indicators_command(client, last_fetch_date, reputation, tlp_to_use, tags) if indicators: diff --git a/Packs/FeedCyjax/Integrations/FeedCyjax/FeedCyjax.yml b/Packs/FeedCyjax/Integrations/FeedCyjax/FeedCyjax.yml index 6e1324de7115..e193181ab951 100644 --- a/Packs/FeedCyjax/Integrations/FeedCyjax/FeedCyjax.yml +++ b/Packs/FeedCyjax/Integrations/FeedCyjax/FeedCyjax.yml @@ -1,5 +1,5 @@ category: Data Enrichment & Threat Intelligence -provider: Cyjax +provider: CYJAX display: Cyjax Feed name: Cyjax Feed description: 'The feed allows customers to pull indicators of compromise from cyber incidents (IP addresses, URLs, domains, CVE and file hashes).' @@ -7,14 +7,14 @@ commonfields: id: Cyjax Feed version: -1 configuration: -- defaultvalue: https://api.cyberportal.co - additionalinfo: Url to Cyjax API. +- defaultvalue: https://api.cymon.co/v2 + additionalinfo: Url to CYJAX API. display: Cyjax API URL name: url required: true type: 0 - display: API Key - additionalinfo: Cyjax API key obtained from Cyjax portal. + additionalinfo: CYJAX API key obtained from CYJAX portal. name: apikey required: true type: 4 @@ -68,7 +68,7 @@ configuration: required: false - name: use_cyjax_tlp display: Use Cyjax feed TLP - additionalinfo: Whether to use TLP set by Cyjax. Will override TLP set above. + additionalinfo: Whether to use TLP set by CYJAX. Will override TLP set above. defaultvalue: 'true' type: 8 required: false @@ -125,7 +125,7 @@ script: - name: type description: 'The indicator type. If not specified all indicators are returned. Allowed values are IPv4, IPv6, Domain, Hostname, Email, FileHash-SHA1, FileHash-SHA256, FileHash-MD5, FileHash-SSDEEP.' - name: source_type - description: The indicators source type. Allowed values are incidnet-report, my-report. + description: The indicators source type. Allowed values are incident-report, my-report. - name: source_id description: The indicators source ID. - name: limit @@ -140,7 +140,7 @@ script: name: cyjax-indicator-sighting description: Get sighting of a indicator. - name: cyjax-unset-indicators-last-fetch-date - description: 'Unset the indicators feed last fetch date. Should only be used if user needs to use `re-fetch` button and wants to fetch old indicators from Cyjax. Next feed will use date set in first_fetch (default is last 3 days).' + description: 'Unset the indicators feed last fetch date. Should only be used if user needs to use `re-fetch` button and wants to fetch old indicators from CYJAX. Next feed will use date set in first_fetch (default is last 3 days).' feed: true script: '-' type: python diff --git a/Packs/FeedCyjax/Integrations/FeedCyjax/FeedCyjax_description.md b/Packs/FeedCyjax/Integrations/FeedCyjax/FeedCyjax_description.md index 058bd3c67494..e9d5b702a89a 100644 --- a/Packs/FeedCyjax/Integrations/FeedCyjax/FeedCyjax_description.md +++ b/Packs/FeedCyjax/Integrations/FeedCyjax/FeedCyjax_description.md @@ -1,15 +1,15 @@ -## Cyjax Feed Help +## CYJAX Feed Help The feed allows customers to pull indicators of compromise from cyber incidents (IP addresses, URLs, domains, CVE and file hashes). ## Configuration -1. Enter feed name eg. `Cyjax Feed` -2. API URL `https://api.cyberportal.co` -3. Enter Cyjax API token +1. Enter feed name eg. `CYJAX Feed` +2. API URL `https://api.cymon.co/v2` +3. Enter CYJAX API token 4. Set proxy if required by your installation 5. Indicator reputation (the reputation set to the indicators fetched from this feed, default is Suspicious) 6. Source reliability: A - Completely reliable 7. Traffic Light Protocol Color - The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. -8. Use Cyjax feed TLP (selected by default) - Whether to use TLP set by Cyjax. Will override TLP set above. +8. Use CYJAX feed TLP (selected by default) - Whether to use TLP set by CYJAX. Will override TLP set above. 9. Set feed tags. (optional, comma delimited, eg. MyTag, YourTag) 10. Set Indicator Expiration Method (default is never) 11. Set fetch interval (default is to fetch every 1 hour) diff --git a/Packs/FeedCyjax/Integrations/FeedCyjax/FeedCyjax_image.png b/Packs/FeedCyjax/Integrations/FeedCyjax/FeedCyjax_image.png index 245a94fd7eff..5d2b877ddab4 100644 Binary files a/Packs/FeedCyjax/Integrations/FeedCyjax/FeedCyjax_image.png and b/Packs/FeedCyjax/Integrations/FeedCyjax/FeedCyjax_image.png differ diff --git a/Packs/FeedCyjax/Integrations/FeedCyjax/README.md b/Packs/FeedCyjax/Integrations/FeedCyjax/README.md index 66adc1086dda..19d59fa157d7 100644 --- a/Packs/FeedCyjax/Integrations/FeedCyjax/README.md +++ b/Packs/FeedCyjax/Integrations/FeedCyjax/README.md @@ -1,11 +1,11 @@ -The feed allows customers to pull indicators of compromise from cyber incidents (IP addresses, URLs, domains, CVE, and file hashes). +The feed allows customers to pull indicators of compromise from cyber incidents (IP addresses, URLs, domains, CVEs, and file hashes). -## Cyjax API token +## CYJAX API token -1. Log in to [Cyjax threat intelligence portal](https://cymon.co). -2. On the top navigation bar, hover the cursor over your user icon and go to **Developer settings**. -3. Open the personal access token tab. -4. Generate a new token +1. Log in to [CYJAX threat intelligence portal](https://cymon.co). +2. On the top navigation bar, hover the cursor over your user icon and go to **Profile Settings**. +3. Open the API tokens tab. +4. Generate a new token and enable the Indicators API scope. 5. Record the API token, as it will not be accessible after the window is closed. ## Feed installation @@ -16,17 +16,17 @@ The feed allows customers to pull indicators of compromise from cyber incidents ## Configuration -1. Enter feed name eg. `Cyjax Feed` -2. API URL `https://api.cyberportal.co` -3. Enter Cyjax API token -4. Set proxy if required by your installation -5. Indicator reputation (the reputation set to the indicators fetched from this feed, default is Suspicious) -6. Source reliability: A - Completely reliable +1. Enter feed name, e.g., `CYJAX Feed`. +2. API URL: `https://api.cymon.co/v2`. +3. Enter CYJAX API token. +4. Set proxy if required by your installation. +5. Indicator reputation (the reputation assigned to the indicators fetched from this feed; the default is Suspicious). +6. Source reliability: A - Completely reliable. 7. Traffic Light Protocol Color - The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. -8. Use Cyjax feed TLP (selected by default) - Whether to use TLP set by Cyjax. Will override TLP set above. -9. Set feed tags. (optional, comma delimited, eg. MyTag, YourTag) -10. Set Indicator Expiration Method (default is never) -11. Set fetch interval (default is to fetch every 1 hour) +8. Use CYJAX feed TLP (selected by default) - Whether to use the TLP set by CYJAX. This will override the TLP set above. +9. Set feed tags (optional, comma-delimited, e.g., MyTag, YourTag). +10. Set Indicator Expiration Method (default is never). +11. Set fetch interval (default is to fetch every 1 hour). 12. First fetch time. The time interval for the first fetch (retroactive). The default is 3 days. 13. Test connection. 14. Click done to save. @@ -39,32 +39,32 @@ After you successfully execute a command, a DBot message appears in the War Room ### !cyjax-get-indicators *** -Get indicators from Cyjax API +Get indicators from the CYJAX API. | **Argument** | **Description** | **Required** | | --- | --- | --- | | since | The start date time in ISO 8601 format | Optional | | until | The end date time in ISO 8601 format | Optional | | type | The indicator type. If not specified all indicators are returned. Allowed values are IPv4, IPv6, Domain, Hostname, Email, FileHash-SHA1, FileHash-SHA256, FileHash-MD5, FileHash-SSDEEP | Optional | -| source_type | The indicators source type. Allowed values are incidnet-report, my-report | Optional | -| source_id | The indicators source ID | Optional | +| source_type | The indicator source type. Allowed values are incident-report, my-report | Optional | +| source_id | The indicator source ID | Optional | | limit | The maximum number of indicators to get. The default value is 50. | Optional | -example: `!cyjax-get-indicators since=2020-10-23T00:00:00 type=IPv4` +Example: `!cyjax-get-indicators since=2020-10-23T00:00:00 type=IPv4` -### !cyjax-cyjax-indicator-sighting +### !cyjax-indicator-sighting *** -Get Cyjax sighting of a indicator +Get the CYJAX sighting of an indicator. | **Argument** | **Description** | **Required** | | --- | --- | --- | | value | The indicator value | Required | -example: `!cyjax-indicator-sighting value=176.117.5.126` +Example: `!cyjax-indicator-sighting value=176.117.5.126` ### !cyjax-unset-indicators-last-fetch-date *** -Unset the indicators feed last fetch date. Should only be used if user needs to use `re-fetch` button -and wants to fetch old indicators from Cyjax. Next feed will use date set in first_fetch (default is last 3 days) +Unset the indicators feed last fetch date. Should only be used if a user needs to use the `re-fetch` button +and wants to fetch old indicators from CYJAX. The next feed will use the date set in first_fetch (default is the last 3 days). diff --git a/Packs/FeedCyjax/ReleaseNotes/1_1_0.md b/Packs/FeedCyjax/ReleaseNotes/1_1_0.md new file mode 100644 index 000000000000..ccf966b7f5dd --- /dev/null +++ b/Packs/FeedCyjax/ReleaseNotes/1_1_0.md @@ -0,0 +1,5 @@ +#### Integrations +##### Cyjax Feed +- Updated README file +- Updated CYJAX logo +- Removed deprecated type comments diff --git a/Packs/FeedCyjax/pack_metadata.json b/Packs/FeedCyjax/pack_metadata.json index a44facc62919..9943fafb5544 100644 --- a/Packs/FeedCyjax/pack_metadata.json +++ b/Packs/FeedCyjax/pack_metadata.json @@ -1,9 +1,9 @@ { "name": "Cyjax Feed", - "description": "This pack is used to pull indicators of compromise from the Cyjax Threat Intelligence Platform.", + "description": "This pack enables the retrieval of indicators of compromise from the CYJAX Threat Intelligence Platform.", "support": "partner", - "currentVersion": "1.0.32", - "author": "Cyjax", + "currentVersion": "1.1.0", + "author": "CYJAX", "url": "https://cyjax.com", "email": "devs@cyjax.com", "created": "2021-01-06T15:46:16Z",