Merge pull request #16 from splunk-soar-connectors/next

Merging next to main for release 2.2.6
splunk-soar-connectors · Feb 5, 2024 · 1c126c0 · 1c126c0
2 parents 236274a + db64c96
commit 1c126c0
Show file tree

Hide file tree

Showing 31 changed files with 215 additions and 196 deletions.
diff --git a/.github/workflows/generate-doc.yml b/.github/workflows/generate-doc.yml
@@ -0,0 +1,20 @@
+name: Generate Readme Doc
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - '*.json'
+      - 'readme.html'
+      - 'manual_readme_content.md'
+    tags-ignore:
+      - '**'
+    branches-ignore:
+      - next
+      - main
+jobs:
+  generate-doc:
+    runs-on: ubuntu-latest
+    steps:
+     - uses: 'phantomcyber/dev-cicd-tools/github-actions/generate-doc@main'
+       with:
+         GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}
diff --git a/.github/workflows/review-release.yml b/.github/workflows/review-release.yml
@@ -0,0 +1,22 @@
+name: Review Release
+concurrency:
+  group: app-release
+  cancel-in-progress: true
+permissions:
+  contents: read
+  id-token: write
+  statuses: write
+on:
+  workflow_dispatch:
+    inputs:
+      task_token:
+        description: 'StepFunction task token'
+        required: true
+
+jobs:
+  review:
+    uses: 'phantomcyber/dev-cicd-tools/.github/workflows/review-release.yml@main'
+    with:
+      task_token: ${{ inputs.task_token }}
+    secrets:
+      resume_release_role_arn: ${{ secrets.RESUME_RELEASE_ROLE_ARN }}
diff --git a/.github/workflows/start-release.yml b/.github/workflows/start-release.yml
@@ -1,5 +1,9 @@
 name: Start Release
-on: workflow_dispatch
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - '*-beta*'
 jobs:
   start-release:
     runs-on: ubuntu-latest

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,11 +1,11 @@
 repos:
 -   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.6
+    rev: v1.17
     hooks:
     -   id: org-hook
     -   id: package-app-dependencies
 -   repo: https://github.com/Yelp/detect-secrets
-    rev: v1.1.0
+    rev: v1.4.0
     hooks:
     -   id: detect-secrets
         args: ['--no-verify', '--exclude-files', '^maxmind.json$']
diff --git a/LICENSE b/LICENSE
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2021 Splunk Inc.
+   Copyright (c) 2016-2024 Splunk Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
@@ -198,4 +198,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.
diff --git a/NOTICE b/NOTICE
@@ -1,30 +1,25 @@
 Splunk SOAR MaxMind
-Copyright (c) 2016-2020 Splunk Inc.
+Copyright (c) 2016-2024 Splunk Inc.
 
 Third-party Software Attributions:
 
-Library: certifi
-Version: 2019.11.28
-License: Mozilla 2.0
-PyPA
-
 Library: geoip2
 Version: 2.9.0
 License: Apache 2.0
 MaxMind
 
+Library: maxminddb
+Version: 1.5.1
+License: Apache 2.0
+MaxMind
+
 Library: idna
 Version: 2.8
 License: BSD 3
 Copyright 1991-2014 Unicode, Inc
 Copyright 2001-2014 Python Software Foundation; All Rights Reserved
 Copyright 2013-2018 Kim Davies
 
-Library: maxminddb
-Version: 1.5.1
-License: Apache 2.0
-MaxMind
-
 Library: python-dateutil
 Version: 2.8.1
 License: Apache 2.0
@@ -37,11 +32,6 @@ Copyright 2015 - dateutil contributors (see AUTHORS file)
 Copyright 2017 Paul Ganssle <[email protected]>
 Copyright 2017 dateutil contributors (see AUTHORS file)
 
-Library: requests
-Version: 2.26.0
-License: Apache 2.0
-Kenneth Reitz
-
 Library: urllib3
 Version: 1.26.6
 License: MIT

diff --git a/README.md b/README.md
@@ -2,16 +2,16 @@
 # MaxMind
 
 Publisher: Splunk  
-Connector Version: 2\.2\.5  
+Connector Version: 2.2.6  
 Product Vendor: MaxMind  
 Product Name: GeoIP2  
-Product Version Supported (regex): "\.\*"  
-Minimum Product Version: 5\.0\.0  
+Product Version Supported (regex): ".\*"  
+Minimum Product Version: 5.2.0  
 
 This app provides IP geolocation with the included MaxMind database
 
 [comment]: # " File: README.md"
-[comment]: # "Copyright (c) 2016-2020 Splunk Inc."
+[comment]: # "Copyright (c) 2016-2024 Splunk Inc."
 [comment]: # ""
 [comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');"
 [comment]: # "you may not use this file except in compliance with the License."
@@ -74,17 +74,17 @@ The below configuration variables are required for this Connector to operate.  T
 
 VARIABLE | REQUIRED | TYPE | DESCRIPTION
 -------- | -------- | ---- | -----------
-**ip\_address** |  optional  | string | IP Address for testing connectivity \(default\: 8\.8\.8\.8\)
-**license\_key** |  optional  | password | MaxMind License key to download new databases
+**ip_address** |  optional  | string | IP Address for testing connectivity (default: 8.8.8.8)
+**license_key** |  optional  | password | MaxMind License key to download new databases
 
 ### Supported Actions  
-[test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity\. This action queries the MaxMind DB for the IP mentioned in the configuration parameters  
+[test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity. This action queries the MaxMind DB for the IP mentioned in the configuration parameters  
 [geolocate ip](#action-geolocate-ip) - Queries MaxMind for IP location info  
 [update data](#action-update-data) - Update database used to locate an ip  
 [on poll](#action-on-poll) - Update the database if there is a newer one on the server  
 
 ## action: 'test connectivity'
-Validate the asset configuration for connectivity\. This action queries the MaxMind DB for the IP mentioned in the configuration parameters
+Validate the asset configuration for connectivity. This action queries the MaxMind DB for the IP mentioned in the configuration parameters
 
 Type: **test**  
 Read only: **True**
@@ -107,64 +107,64 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 **ip** |  required  | IP to geolocate | string |  `ip` 
 
 #### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string | 
-action\_result\.data\.\*\.continent\_name | string | 
-action\_result\.data\.\*\.country\_iso\_code | string | 
-action\_result\.data\.\*\.country\_name | string | 
-action\_result\.data\.\*\.latitude | numeric | 
-action\_result\.data\.\*\.longitude | numeric | 
-action\_result\.parameter\.ip | string |  `ip` 
-action\_result\.parameter\.ip | string |  `ip` 
-action\_result\.data\.\*\.city\_name | string | 
-action\_result\.data\.\*\.postal\_code | string | 
-action\_result\.data\.\*\.as\_org | string | 
-action\_result\.data\.\*\.state\_iso\_code | string | 
-action\_result\.data\.\*\.state\_name | string | 
-action\_result\.data\.\*\.time\_zone | string | 
-action\_result\.summary\.city | string | 
-action\_result\.summary\.state | string | 
-action\_result\.summary\.country | string | 
-action\_result\.message | string | 
-summary\.total\_objects | numeric | 
-summary\.total\_objects\_successful | numeric |   
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.data.\*.continent_name | string |  |   Asia 
+action_result.data.\*.country_iso_code | string |  |   IN 
+action_result.data.\*.country_name | string |  |   India 
+action_result.data.\*.latitude | numeric |  |   23.0333 
+action_result.data.\*.longitude | numeric |  |   72.6167 
+action_result.parameter.ip | string |  `ip`  |   203.88.139.34 
+action_result.parameter.ip | string |  `ip`  |   203.88.139.34 
+action_result.data.\*.city_name | string |  |   Ahmedabad 
+action_result.data.\*.postal_code | string |  |   380007 
+action_result.data.\*.as_org | string |  |  
+action_result.data.\*.state_iso_code | string |  |   GJ 
+action_result.data.\*.state_name | string |  |   Gujarat 
+action_result.data.\*.time_zone | string |  |   Asia/Kolkata 
+action_result.summary.city | string |  |   Ahmedabad 
+action_result.summary.state | string |  |   GJ 
+action_result.summary.country | string |  |   India 
+action_result.message | string |  |   City: Ahmedabad, State: GJ, Country: India 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
 
 ## action: 'update data'
 Update database used to locate an ip
 
 Type: **generic**  
 Read only: **False**
 
-This app uses the MaxMind GeoLite2 City database\.
+This app uses the MaxMind GeoLite2 City database.
 
 #### Action Parameters
 No parameters are required for this action
 
 #### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string | 
-action\_result\.data\.\*\.Date | string | 
-action\_result\.data\.\*\.ETag | string | 
-action\_result\.data\.\*\.Vary | string | 
-action\_result\.data\.\*\.CF\-Ray | string | 
-action\_result\.data\.\*\.Server | string | 
-action\_result\.data\.\*\.Expires | string | 
-action\_result\.data\.\*\.expect\-ct | string | 
-action\_result\.data\.\*\.Connection | string | 
-action\_result\.data\.\*\.Content\-Type | string | 
-action\_result\.data\.\*\.Accept\-Ranges | string | 
-action\_result\.data\.\*\.Cache\-Control | string | 
-action\_result\.data\.\*\.Last\-Modified | string | 
-action\_result\.data\.\*\.Content\-Length | string | 
-action\_result\.data\.\*\.CF\-Cache\-Status | string | 
-action\_result\.data\.\*\.X\-MaxMind\-Worker | string | 
-action\_result\.data\.\*\.Content\-Disposition | string | 
-action\_result\.message | string | 
-action\_result\.summary | string | 
-summary\.total\_objects | numeric | 
-summary\.total\_objects\_successful | numeric |   
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.data.\*.Date | string |  |   Mon, 03 Jan 2022 19:37:02 GMT 
+action_result.data.\*.ETag | string |  |   a3fd54f5dae1d3760e32ee743e21ffbc 
+action_result.data.\*.Vary | string |  |   Accept-Encoding 
+action_result.data.\*.CF-Ray | string |  |   6c7eadeaee340899-SEA 
+action_result.data.\*.Server | string |  |   cloudflare 
+action_result.data.\*.Expires | string |  |   Mon, 03 Jan 2022 19:37:02 GMT 
+action_result.data.\*.expect-ct | string |  |   max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" 
+action_result.data.\*.Connection | string |  |   keep-alive 
+action_result.data.\*.Content-Type | string |  |   application/gzip 
+action_result.data.\*.Accept-Ranges | string |  |   bytes 
+action_result.data.\*.Cache-Control | string |  |   private, max-age=0 
+action_result.data.\*.Last-Modified | string |  |   Tue, 28 Dec 2021 17:52:24 GMT 
+action_result.data.\*.Content-Length | string |  |   35748628 
+action_result.data.\*.CF-Cache-Status | string |  |   DYNAMIC 
+action_result.data.\*.X-MaxMind-Worker | string |  |   enabled 
+action_result.data.\*.Content-Disposition | string |  |   attachment; filename=GeoLite2-City_20211228.tar.gz 
+action_result.message | string |  |   Successfully updated database. 
+action_result.summary | string |  |  
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
 
 ## action: 'on poll'
 Update the database if there is a newer one on the server
@@ -175,11 +175,11 @@ Read only: **True**
 #### Action Parameters
 PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 --------- | -------- | ----------- | ---- | --------
-**container\_id** |  optional  | Container IDs to limit the ingestion to | string | 
-**start\_time** |  optional  | Start of time range, in epoch time \(milliseconds\) | numeric | 
-**end\_time** |  optional  | End of time range, in epoch time \(milliseconds\) | numeric | 
-**container\_count** |  optional  | Maximum number of container records to query for | numeric | 
-**artifact\_count** |  optional  | Maximum number of artifact records to query for | numeric | 
+**container_id** |  optional  | Container IDs to limit the ingestion to | string | 
+**start_time** |  optional  | Start of time range, in epoch time (milliseconds) | numeric | 
+**end_time** |  optional  | End of time range, in epoch time (milliseconds) | numeric | 
+**container_count** |  optional  | Maximum number of container records to query for | numeric | 
+**artifact_count** |  optional  | Maximum number of artifact records to query for | numeric | 
 
 #### Action Output
 No Output
diff --git a/__init__.py b/__init__.py
@@ -1,6 +1,6 @@
 # File: __init__.py
 #
-# Copyright (c) 2016-2020 Splunk Inc.
+# Copyright (c) 2016-2024 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

diff --git a/manual_readme_content.md b/manual_readme_content.md
@@ -0,0 +1,57 @@
+[comment]: # " File: README.md"
+[comment]: # "Copyright (c) 2016-2024 Splunk Inc."
+[comment]: # ""
+[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');"
+[comment]: # "you may not use this file except in compliance with the License."
+[comment]: # "You may obtain a copy of the License at"
+[comment]: # ""
+[comment]: # "    http://www.apache.org/licenses/LICENSE-2.0"
+[comment]: # ""
+[comment]: # "Unless required by applicable law or agreed to in writing, software distributed under"
+[comment]: # "the License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,"
+[comment]: # "either express or implied. See the License for the specific language governing permissions"
+[comment]: # "and limitations under the License."
+[comment]: # ""
+## Getting a MaxMind license key
+
+Navigate to [MaxMind site](https://www.maxmind.com/) \> Manage License Keys \> Create OR Get a
+license key here
+
+NOTE: You need to be logged in to see the option **Manage License Keys**
+
+## Inputting Google API Key (OPTIONAL)
+
+Navigate to Administration \> Administration Settings \> Google Maps. From there, insert the API
+key.
+
+This will be used to display a map widget.
+
+## geoip2
+
+This app makes use of the Python geoip2 module, which is licensed under the Apache 2.0 License,
+Copyright (c) 2018
+
+## POLL NOW
+
+POLL NOW can be used to investigate what gets run on each poll during ingestion.
+
+IMPORTANT: LicenseKey is required to be specified in your asset. It's used to fetch the latest
+MaxMind database.
+
+For more info on what gets run on each poll, see "Scheduled Polling" below.
+
+## Scheduled Polling
+
+This mode is used to schedule a polling action on the asset at regular intervals, which is
+configured via the INGEST SETTINGS tab of the asset.
+
+In the case of Scheduled Polling, on every poll, the app compares the timestamp of the current
+database with the one on MaxMind server. The app will download the database from the server only if
+the server has a newer database. With this check, the app can avoid downloading a duplicate database
+and stay within the daily MaxMind download limit. As of September 14, 2021, each account can perform
+up to 2,000 total downloads in each 24 hour period. For more info, visit
+[here](https://support.maxmind.com/geoip-faq/databases-and-database-updates/is-there-a-limit-to-how-often-i-can-download-a-database-from-my-maxmind-account/)
+
+It's recommended to run the database update every 30 days. The schedule of the database update can
+be found
+[here](https://support.maxmind.com/geoip-faq/databases-and-database-updates/how-often-should-i-purchase-geoip2-or-geoip-legacy-database-updates/)