From 2c22d512f35083c05b15ef00e285f6a5756e8518 Mon Sep 17 00:00:00 2001 From: Scott Odle Date: Fri, 10 Jan 2025 15:33:57 -0700 Subject: [PATCH 1/8] Add documentation indicating that this app is only supported for SOAR Cloud --- ciscotalosintelligence.json | 4 ++-- release_notes/unreleased.md | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ciscotalosintelligence.json b/ciscotalosintelligence.json index 0de42ac..449bb0e 100644 --- a/ciscotalosintelligence.json +++ b/ciscotalosintelligence.json @@ -1,7 +1,7 @@ { "appid": "7c653487-22c8-4ec1-bca0-16a8b1513c86", - "name": "Cisco Talos Intelligence", - "description": "This app provides investigative actions for Cisco Talos Intelligence", + "name": "Cisco Talos Intelligence (SOAR Cloud only)", + "description": "This app provides investigative actions for Cisco Talos Intelligence. It is only supported on Splunk SOAR Cloud.", "type": "information", "product_vendor": "Cisco", "logo": "ciscotalosintelligence.svg", diff --git a/release_notes/unreleased.md b/release_notes/unreleased.md index fbcb2fd..587a908 100644 --- a/release_notes/unreleased.md +++ b/release_notes/unreleased.md @@ -1 +1,3 @@ **Unreleased** + +* Add documentation indicating that this app is only supported for SOAR Cloud. From f54dd06255580bc1c1519d3b9966436e28d60563 Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Fri, 10 Jan 2025 22:35:31 +0000 Subject: [PATCH 2/8] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1cf1ebb..e0a7768 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ [comment]: # "Auto-generated SOAR connector documentation" -# Cisco Talos Intelligence +# Cisco Talos Intelligence (SOAR Cloud only) Publisher: Splunk Connector Version: 1.0.1 @@ -8,7 +8,7 @@ Product Name: Talos Intelligence Product Version Supported (regex): ".\*" Minimum Product Version: 6.3.0 -This app provides investigative actions for Cisco Talos Intelligence +This app provides investigative actions for Cisco Talos Intelligence. It is only supported on Splunk SOAR Cloud. [comment]: # " File: README.md" [comment]: # "Copyright (c) 2024 Splunk Inc." From 10413a4c2c00adff17b3c7fad51456ad72b1ccd4 Mon Sep 17 00:00:00 2001 From: Scott Odle Date: Fri, 10 Jan 2025 15:36:34 -0700 Subject: [PATCH 3/8] fix lint --- ciscotalosintelligence.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ciscotalosintelligence.json b/ciscotalosintelligence.json index 449bb0e..0554363 100644 --- a/ciscotalosintelligence.json +++ b/ciscotalosintelligence.json @@ -1,7 +1,7 @@ { "appid": "7c653487-22c8-4ec1-bca0-16a8b1513c86", - "name": "Cisco Talos Intelligence (SOAR Cloud only)", - "description": "This app provides investigative actions for Cisco Talos Intelligence. It is only supported on Splunk SOAR Cloud.", + "name": "Cisco Talos Intelligence", + "description": "This app provides investigative actions for Cisco Talos Intelligence. It is only supported on Splunk SOAR Cloud", "type": "information", "product_vendor": "Cisco", "logo": "ciscotalosintelligence.svg", From 80317fab75c8da38607254184c26db48d39cd038 Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Fri, 10 Jan 2025 22:38:22 +0000 Subject: [PATCH 4/8] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e0a7768..efe9114 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ [comment]: # "Auto-generated SOAR connector documentation" -# Cisco Talos Intelligence (SOAR Cloud only) +# Cisco Talos Intelligence Publisher: Splunk Connector Version: 1.0.1 @@ -8,7 +8,7 @@ Product Name: Talos Intelligence Product Version Supported (regex): ".\*" Minimum Product Version: 6.3.0 -This app provides investigative actions for Cisco Talos Intelligence. It is only supported on Splunk SOAR Cloud. +This app provides investigative actions for Cisco Talos Intelligence. It is only supported on Splunk SOAR Cloud [comment]: # " File: README.md" [comment]: # "Copyright (c) 2024 Splunk Inc." From a80b45e7ed91a022eb7563092b81931ad182651b Mon Sep 17 00:00:00 2001 From: Scott Odle Date: Fri, 10 Jan 2025 15:45:33 -0700 Subject: [PATCH 5/8] copyright --- LICENSE | 4 +- README.md | 2 +- __init__.py | 2 +- ciscotalosintelligence.json | 2 +- ciscotalosintelligence_connector.py | 68 ++++++++++++++++++++++------- ciscotalosintelligence_consts.py | 2 +- manual_readme_content.md | 2 +- 7 files changed, 60 insertions(+), 22 deletions(-) diff --git a/LICENSE b/LICENSE index ec0af9e..821417d 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright (c) 2024 Splunk Inc. + Copyright (c) 2025 Splunk Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -198,4 +198,4 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and - limitations under the License. \ No newline at end of file + limitations under the License. diff --git a/README.md b/README.md index efe9114..a3f02cb 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ Minimum Product Version: 6.3.0 This app provides investigative actions for Cisco Talos Intelligence. It is only supported on Splunk SOAR Cloud [comment]: # " File: README.md" -[comment]: # "Copyright (c) 2024 Splunk Inc." +[comment]: # "Copyright (c) 2025 Splunk Inc." [comment]: # "" [comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');" [comment]: # "you may not use this file except in compliance with the License." diff --git a/__init__.py b/__init__.py index 300a6cd..7a1b023 100644 --- a/__init__.py +++ b/__init__.py @@ -1,6 +1,6 @@ # File: __init__.py # -# Copyright (c) 2024 Splunk Inc. +# Copyright (c) 5 Splunk Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/ciscotalosintelligence.json b/ciscotalosintelligence.json index 0554363..5eecd72 100644 --- a/ciscotalosintelligence.json +++ b/ciscotalosintelligence.json @@ -13,7 +13,7 @@ ], "product_version_regex": ".*", "publisher": "Splunk", - "license": "Copyright (c) 2024 Splunk Inc.", + "license": "Copyright (c) 2025 Splunk Inc.", "app_version": "1.0.1", "utctime_updated": "2024-06-21T18:40:03.685771Z", "package_name": "phantom_ciscotalosintelligence", diff --git a/ciscotalosintelligence_connector.py b/ciscotalosintelligence_connector.py index 669b4c1..b5876e6 100644 --- a/ciscotalosintelligence_connector.py +++ b/ciscotalosintelligence_connector.py @@ -1,6 +1,6 @@ # File: ciscotalosintelligence_connector.py # -# Copyright (c) 2024 Splunk Inc. +# Copyright (c) 2025 Splunk Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -47,7 +47,6 @@ def __new__(cls, val1, val2=None): class TalosIntelligenceConnector(BaseConnector): - def __init__(self): super(TalosIntelligenceConnector, self).__init__() @@ -64,7 +63,10 @@ def _process_empty_response(self, response, action_result): if response.status_code == 200: return RetVal(phantom.APP_SUCCESS, {}) - return RetVal(action_result.set_status(phantom.APP_ERROR, "Empty response and no information in the header"), None) + return RetVal( + action_result.set_status(phantom.APP_ERROR, "Empty response and no information in the header"), + None, + ) def _process_html_response(self, response, action_result): # An html response, treat it like an error @@ -89,7 +91,13 @@ def _process_json_response(self, r, action_result): try: resp_json = r.json() except Exception as e: - return RetVal(action_result.set_status(phantom.APP_ERROR, "Unable to parse JSON response. Error: {0}".format(str(e))), None) + return RetVal( + action_result.set_status( + phantom.APP_ERROR, + "Unable to parse JSON response. Error: {0}".format(str(e)), + ), + None, + ) # Please specify the status codes here if 200 <= r.status_code < 399: @@ -114,13 +122,20 @@ def _process_response(self, r, action_result, retry=3): err_msg = r.headers.get("grpc-message", "Error") return ( action_result.set_status( - phantom.APP_ERROR, f"Got retryable grpc-status of {r.headers['grpc-status']} with message {err_msg}" + phantom.APP_ERROR, + f"Got retryable grpc-status of {r.headers['grpc-status']} with message {err_msg}", ), r, ) if r.status_code == 503: - return action_result.set_status(phantom.APP_ERROR, "Got retryable http status code {0}".format(r.status_code)), r + return ( + action_result.set_status( + phantom.APP_ERROR, + "Got retryable http status code {0}".format(r.status_code), + ), + r, + ) # Process each 'Content-Type' of response separately @@ -171,12 +186,20 @@ def _make_rest_call(self, retry, endpoint, action_result, method="get", **kwargs with tempfile.NamedTemporaryFile(mode="w+", delete=False, suffix="test") as temp_file: cert_string = f"-----BEGIN CERTIFICATE-----\n{self._cert}\n-----END CERTIFICATE-----" - cert = f"{cert_string}\n-----BEGIN RSA PRIVATE KEY-----\n{self._key}\n-----END RSA PRIVATE KEY-----\n" + cert = ( + f"{cert_string}\n" + "-----BEGIN RSA PRIVATE KEY-----\n" # pragma: allowlist secret + f"{self._key}\n" + "-----END RSA PRIVATE KEY-----\n" # pragma: allowlist secret + ) temp_file.write(cert) temp_file.seek(0) # Move the file pointer to the beginning for reading temp_file_path = temp_file.name # Get the name of the temporary file self.client = httpx.Client( - http2=True, verify=config.get("verify_server_cert", False), cert=temp_file_path, timeout=MAX_REQUEST_TIMEOUT + http2=True, + verify=config.get("verify_server_cert", False), + cert=temp_file_path, + timeout=MAX_REQUEST_TIMEOUT, ) if os.path.exists(temp_file_path): @@ -184,7 +207,11 @@ def _make_rest_call(self, retry, endpoint, action_result, method="get", **kwargs if i == MAX_CONNECTION_RETIRIES - 1: return RetVal( - action_result.set_status(phantom.APP_ERROR, "Error Connecting to server. Details: {0}".format(str(e))), resp_json + action_result.set_status( + phantom.APP_ERROR, + "Error Connecting to server. Details: {0}".format(str(e)), + ), + resp_json, ) return self._process_response(r, action_result, retry) @@ -195,7 +222,13 @@ def _make_rest_call_helper(self, *args, **kwargs): for i in range(MAX_REQUEST_RETRIES + 1): if time.time() > max_processing_time: action_result = args[1] - return action_result.set_status(phantom.APP_ERROR, f"Max request timeout of {MAX_REQUEST_TIMEOUT}s exceeded"), None + return ( + action_result.set_status( + phantom.APP_ERROR, + f"Max request timeout of {MAX_REQUEST_TIMEOUT}s exceeded", + ), + None, + ) ret_val, response = self._make_rest_call(i, *args, **kwargs) if phantom.is_fail(ret_val) and response: @@ -313,7 +346,6 @@ def _handle_url_reputation(self, param): return action_result.set_status(phantom.APP_SUCCESS) def _query_reputation(self, action_result, payload, observable=None): - taxonomy_ret_val, taxonomy = self._fetch_taxonomy(action_result) if phantom.is_fail(taxonomy_ret_val): @@ -368,7 +400,6 @@ def _query_reputation(self, action_result, payload, observable=None): return phantom.APP_SUCCESS def _fetch_taxonomy(self, action_result, allow_cache=True): - payload = {"app_info": self._appinfo} if "taxonomy" in self._state and allow_cache: @@ -473,7 +504,12 @@ def insert_newlines(string, every=64): self._appinfo["perf_testing"] = True with tempfile.NamedTemporaryFile(mode="w+", delete=False, suffix="test") as temp_file: - cert = f"{cert_string}\n-----BEGIN RSA PRIVATE KEY-----\n{textwrap.fill(self._key, 64)}\n-----END RSA PRIVATE KEY-----\n" + cert = ( + f"{cert_string}\n" + "-----BEGIN RSA PRIVATE KEY-----\n" # pragma: allowlist secret + f"{textwrap.fill(self._key, 64)}\n" + "-----END RSA PRIVATE KEY-----\n" # pragma: allowlist secret + ) temp_file.write(cert) temp_file.seek(0) # Move the file pointer to the beginning for reading @@ -482,7 +518,10 @@ def insert_newlines(string, every=64): # exceptions shouldn't really be thrown here because most network related disconnections will happen when a request is sent try: self.client = httpx.Client( - http2=True, verify=config.get("verify_server_cert", False), cert=temp_file_path, timeout=MAX_REQUEST_TIMEOUT + http2=True, + verify=config.get("verify_server_cert", False), + cert=temp_file_path, + timeout=MAX_REQUEST_TIMEOUT, ) except Exception as e: self.debug_print(f"Could not connect to server because of {e}") @@ -515,7 +554,6 @@ def main(): password = args.password if username is not None and password is None: - # User specified a username but not a password, so ask import getpass diff --git a/ciscotalosintelligence_consts.py b/ciscotalosintelligence_consts.py index 6288cea..0b81079 100644 --- a/ciscotalosintelligence_consts.py +++ b/ciscotalosintelligence_consts.py @@ -1,6 +1,6 @@ # File: ciscotalosintelligence_consts.py # -# Copyright (c) 2024 Splunk Inc. +# Copyright (c) 2025 Splunk Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/manual_readme_content.md b/manual_readme_content.md index da744f0..338927d 100644 --- a/manual_readme_content.md +++ b/manual_readme_content.md @@ -1,5 +1,5 @@ [comment]: # " File: README.md" -[comment]: # "Copyright (c) 2024 Splunk Inc." +[comment]: # "Copyright (c) 2025 Splunk Inc." [comment]: # "" [comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');" [comment]: # "you may not use this file except in compliance with the License." From b5cf2699ecafd01d2bbcede5237333b928c9d4e4 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 10 Jan 2025 16:12:31 -0800 Subject: [PATCH 6/8] Bumped up the version of ciscotalosintelligence from 1.0.1 to 1.0.2 --- ciscotalosintelligence.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ciscotalosintelligence.json b/ciscotalosintelligence.json index 5eecd72..ec16126 100644 --- a/ciscotalosintelligence.json +++ b/ciscotalosintelligence.json @@ -14,8 +14,8 @@ "product_version_regex": ".*", "publisher": "Splunk", "license": "Copyright (c) 2025 Splunk Inc.", - "app_version": "1.0.1", - "utctime_updated": "2024-06-21T18:40:03.685771Z", + "app_version": "1.0.2", + "utctime_updated": "2025-01-11T00:12:29.000000Z", "package_name": "phantom_ciscotalosintelligence", "fips_compliant": false, "main_module": "ciscotalosintelligence_connector.py", @@ -403,4 +403,4 @@ "executable": "spawn3", "disabled": false, "custom_made": true -} +} \ No newline at end of file From 4bef37ebd298817bfc211e70ae8dd3faff9f7cc4 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 10 Jan 2025 16:13:17 -0800 Subject: [PATCH 7/8] Release notes for version 1.0.2 --- LICENSE | 2 +- README.md | 2 +- __init__.py | 2 +- release_notes/1.0.2.md | 1 + release_notes/unreleased.md | 2 -- 5 files changed, 4 insertions(+), 5 deletions(-) create mode 100644 release_notes/1.0.2.md diff --git a/LICENSE b/LICENSE index 821417d..73634ce 100644 --- a/LICENSE +++ b/LICENSE @@ -198,4 +198,4 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and - limitations under the License. + limitations under the License. \ No newline at end of file diff --git a/README.md b/README.md index a3f02cb..c88392f 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ # Cisco Talos Intelligence Publisher: Splunk -Connector Version: 1.0.1 +Connector Version: 1.0.2 Product Vendor: Cisco Product Name: Talos Intelligence Product Version Supported (regex): ".\*" diff --git a/__init__.py b/__init__.py index 7a1b023..e7c29da 100644 --- a/__init__.py +++ b/__init__.py @@ -1,6 +1,6 @@ # File: __init__.py # -# Copyright (c) 5 Splunk Inc. +# Copyright (c) 2025 Splunk Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/release_notes/1.0.2.md b/release_notes/1.0.2.md new file mode 100644 index 0000000..34f9526 --- /dev/null +++ b/release_notes/1.0.2.md @@ -0,0 +1 @@ +* Add documentation indicating that this app is only supported for SOAR Cloud. \ No newline at end of file diff --git a/release_notes/unreleased.md b/release_notes/unreleased.md index 587a908..fbcb2fd 100644 --- a/release_notes/unreleased.md +++ b/release_notes/unreleased.md @@ -1,3 +1 @@ **Unreleased** - -* Add documentation indicating that this app is only supported for SOAR Cloud. From b20ce8829e5bc0dc0ead2a01000113963d59da64 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 10 Jan 2025 16:13:47 -0800 Subject: [PATCH 8/8] Release notes for version 1.0.2