Skip to content

Commit

Permalink
Merge branch 'contrib/SEKOIA-IO_Add/SekoiaXDR' into Add/SekoiaXDR
Browse files Browse the repository at this point in the history
  • Loading branch information
TOUFIKIzakarya authored Sep 2, 2024
2 parents 8466326 + 0eed556 commit 65895da
Show file tree
Hide file tree
Showing 13 changed files with 61 additions and 19 deletions.
16 changes: 8 additions & 8 deletions Packs/FortiGate/ModelingRules/FortiGate_1_3/FortiGate_1_3.xif
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,8 @@ alter // format, validate & regroup relevant raw data
risks_formatted = concat("{", arraystring(arrayfilter(split(rtrim(ltrim(to_string(alert_risk_artifacts), "{"), "}"), ","), "@element" !~= "null"), ","), "}"),

// validate & divide ip addresses according to the version ipv4/6
dst_ipv4_addresses = arrayfilter(dst_ip_address, "@element" ~= "(?:\d{1,3}\.){3}\d{1,3}"),
dst_ipv6_addresses = arrayfilter(dst_ip_address, "@element" ~= "(?:[a-fA-F\d]{0,4}\:){1,7}[a-fA-F\d]{0,4}"),
dst_ipv4_addresses = if(array_length(dst_ip_address) > 0, arrayfilter(dst_ip_address, "@element" ~= "(?:\d{1,3}\.){3}\d{1,3}")),
dst_ipv6_addresses = if(array_length(dst_ip_address) > 0, arrayfilter(dst_ip_address, "@element" ~= "(?:[a-fA-F\d]{0,4}\:){1,7}[a-fA-F\d]{0,4}")),
src_ipv4_addresses = if(array_length(xff_ipv4_addresses) > 0,
arraydistinct(arrayconcat(arrayfilter(src_ip_addresses, "@element" ~= "(?:\d{1,3}\.){3}\d{1,3}"), xff_ipv4_addresses)),
arrayfilter(src_ip_addresses, "@element" ~= "(?:\d{1,3}\.){3}\d{1,3}")),
Expand Down Expand Up @@ -166,8 +166,8 @@ alter // format, validate & regroup relevant raw data
xdm.source.host.os = FTNTFGTosname,
xdm.source.host.os_family = if(src_os contains "windows", XDM_CONST.OS_FAMILY_WINDOWS, src_os contains "mac", XDM_CONST.OS_FAMILY_MACOS, src_os contains "linux", XDM_CONST.OS_FAMILY_LINUX, src_os contains "android", XDM_CONST.OS_FAMILY_ANDROID, src_os contains "ios", XDM_CONST.OS_FAMILY_IOS, src_os contains "ubuntu", XDM_CONST.OS_FAMILY_UBUNTU, src_os contains "debian", XDM_CONST.OS_FAMILY_DEBIAN, src_os contains "fedora", XDM_CONST.OS_FAMILY_FEDORA, src_os contains "centos", XDM_CONST.OS_FAMILY_CENTOS, src_os contains "chrome", XDM_CONST.OS_FAMILY_CHROMEOS, src_os contains "solaris", XDM_CONST.OS_FAMILY_SOLARIS, src_os contains "scada", XDM_CONST.OS_FAMILY_SCADA),
xdm.source.interface = deviceInboundInterface,
xdm.source.host.ipv4_addresses = src_ipv4_addresses,
xdm.source.host.ipv4_public_addresses = src_ipv4_public_addresses,
xdm.source.host.ipv4_addresses = if(array_length(src_ipv4_addresses) > 0, src_ipv4_addresses),
xdm.source.host.ipv4_public_addresses = if(array_length(src_ipv4_public_addresses) > 0, src_ipv4_public_addresses),
xdm.source.host.ipv6_addresses = if(array_length(src_ipv6_addresses) > 0, src_ipv6_addresses),
xdm.source.ipv4 = arrayindex(src_ipv4_addresses, 0),
xdm.source.ipv6 = if(array_length(src_ipv6_addresses) > 0, arrayindex(src_ipv6_addresses, 0)),
Expand Down Expand Up @@ -200,10 +200,10 @@ alter // format, validate & regroup relevant raw data
xdm.target.host.os = FTNTFGTdstosname,
xdm.target.host.os_family = if(dst_os contains "windows", XDM_CONST.OS_FAMILY_WINDOWS, dst_os contains "mac", XDM_CONST.OS_FAMILY_MACOS, dst_os contains "linux", XDM_CONST.OS_FAMILY_LINUX, dst_os contains "android", XDM_CONST.OS_FAMILY_ANDROID, dst_os contains "ios", XDM_CONST.OS_FAMILY_IOS, dst_os contains "ubuntu", XDM_CONST.OS_FAMILY_UBUNTU, dst_os contains "debian", XDM_CONST.OS_FAMILY_DEBIAN, dst_os contains "fedora", XDM_CONST.OS_FAMILY_FEDORA, dst_os contains "centos", XDM_CONST.OS_FAMILY_CENTOS, dst_os contains "chrome", XDM_CONST.OS_FAMILY_CHROMEOS, dst_os contains "solaris", XDM_CONST.OS_FAMILY_SOLARIS, dst_os contains "scada", XDM_CONST.OS_FAMILY_SCADA),
xdm.target.interface = coalesce(deviceOutboundInterface, FTNTFGTdevintfname),
xdm.target.host.ipv4_addresses = dst_ipv4_addresses,
xdm.target.host.ipv4_public_addresses = dst_ipv4_public_addresses,
xdm.target.host.ipv6_addresses = dst_ipv6_addresses,
xdm.target.ipv4 = arrayindex(dst_ipv4_addresses, 0),
xdm.target.host.ipv4_addresses = if(array_length(dst_ipv4_addresses) > 0, dst_ipv4_addresses),
xdm.target.host.ipv4_public_addresses = if(array_length(dst_ipv4_public_addresses) > 0, dst_ipv4_public_addresses),
xdm.target.host.ipv6_addresses = if(array_length(dst_ipv6_addresses) > 0, dst_ipv6_addresses),
xdm.target.ipv4 = arrayindex(dst_ipv4_addresses, 0),
xdm.target.ipv6 = arrayindex(dst_ipv6_addresses, 0),
xdm.target.location.city = FTNTFGTdstcity,
xdm.target.location.country = if(FTNTFGTdstcountry != "Reserved", FTNTFGTdstcountry),
Expand Down
11 changes: 11 additions & 0 deletions Packs/FortiGate/ReleaseNotes/2_0_5.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@

#### Modeling Rules

##### Fortinet FortiGate Modeling Rule

Fixed an issue which caused the following fields to be populated with an empty string instead of a null value in cases where there was no target value to be mapped to them:
- *`xdm.source.host.ipv4_addresses`*.
- *`xdm.source.host.ipv4_public_addresses`*.
- *`xdm.target.host.ipv4_addresses`*.
- *`xdm.target.host.ipv4_public_addresses`*.
- *`xdm.target.host.ipv6_addresses`*.
2 changes: 1 addition & 1 deletion Packs/FortiGate/pack_metadata.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "FortiGate",
"description": "Manage FortiGate Firewall",
"support": "xsoar",
"currentVersion": "2.0.4",
"currentVersion": "2.0.5",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2484,6 +2484,12 @@ def message_handler(integration_context: dict, request_body: dict, channel_data:
return


@APP.route('/health', methods=['GET'])
def health_check():
demisto.debug("Microsoft Teams Integration received a local health check")
return Response('Microsoft Teams long running integration server is up.', status=200, mimetype='text/plain')


@APP.route('/', methods=['POST'])
def messages() -> Response:
"""
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ configuration:
- Critical
required: false
hidden:
- marketplacev2
- marketplacev2
- display: Disable Automatic Notifications
name: auto_notifications
type: 8
Expand Down Expand Up @@ -711,7 +711,7 @@ script:
- description: Run this command if you need to rerun the authentication process.
name: microsoft-teams-auth-reset
arguments: []
dockerimage: demisto/teams:1.0.0.99724
dockerimage: demisto/teams:1.0.0.108119
longRunning: true
longRunningPort: true
script: ''
Expand Down
7 changes: 7 additions & 0 deletions Packs/MicrosoftTeams/ReleaseNotes/1_4_67.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@

#### Integrations

##### Microsoft Teams

- Added support for health endpoint. Enables checking if the Microsoft Teams Long Running integration is operational.
- Updated the Docker image to: *demisto/teams:1.0.0.108119*.
2 changes: 1 addition & 1 deletion Packs/MicrosoftTeams/pack_metadata.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "Microsoft Teams",
"description": "Send messages and notifications to your team members.",
"support": "xsoar",
"currentVersion": "1.4.66",
"currentVersion": "1.4.67",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down
4 changes: 2 additions & 2 deletions Packs/SSLLabs/pack_metadata.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "SSL Labs",
"description": "This pack integrations with Qualys SSL Labs. A free online service performs a deep analysis of the configuration of any SSL web server on the public Internet",
"description": "This pack integrates with Qualys SSL Labs. A free online service performs a deep analysis of the configuration of any SSL web server on the public Internet",
"support": "community",
"currentVersion": "1.0.0",
"author": "Rich Fontaine",
Expand All @@ -20,4 +20,4 @@
"githubUser": [
"edibleShell"
]
}
}
2 changes: 1 addition & 1 deletion Packs/Vertica/Integrations/Vertica/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<p>This integration was integrated and tested with Vertica v4.1.</p>
</div>
<div class="cl-preview-section">
<h2 id="configure-vertica-on-demisto">Configure Vertica on Cortex XSOAR</h2>
<h2 id="configure-vertica-on-xsoar">Configure Vertica on Cortex XSOAR</h2>
</div>
<div class="cl-preview-section">
<ol>
Expand Down
11 changes: 11 additions & 0 deletions Packs/Vertica/Integrations/Vertica/Vertica.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,22 +8,33 @@


class FixGetPass():
"""Class to override the getuser function such that it returns a default value on error."""

def __init__(self):
# Obtain the original getuser function address.
self.getpass_getuser_org = getpass.getuser

# Define new getuser function that does not fail.
def getuser_no_fail():
"""Safe getuser function that returns a default value on error."""
# getuser() fails on some systems. Provide a sane default.
user = 'vertica'
try:
# Check if the getpass_getuser_org function exists and was not overriden after init.
if self.getpass_getuser_org:
# If so, obtain the user by calling it.
user = self.getpass_getuser_org()
except (NameError, KeyError):
# If getpass_getuser_org() returns an error use the default user value.
pass
return user
# Override the getpass.getuser function with our safe function.
getpass.getuser = getuser_no_fail

def __del__(self):
# If the getpass_getuser_org and getpass objects are still intact
if self.getpass_getuser_org and getpass:
# return the state to as it was before the override.
getpass.getuser = self.getpass_getuser_org


Expand Down
6 changes: 3 additions & 3 deletions Packs/Vertica/Integrations/Vertica/Vertica.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ commonfields:
name: Vertica
display: Vertica
category: Database
description: Analytic database management software
description: Analytic database management software.
configuration:
- display: Host (myhost.example.com)
name: url
Expand Down Expand Up @@ -36,7 +36,7 @@ script:
required: true
description: A SQL query to perform on the Vertica database.
- name: limit
description: The maximum number of results to be returned from the query. (Use 0 for all results)
description: The maximum number of results to be returned from the query. (Use 0 for all results).
defaultValue: "50"
outputs:
- contextPath: Vertica.Query
Expand All @@ -46,7 +46,7 @@ script:
description: The content of rows.
type: string
description: Executes a query on the Vertica database.
dockerimage: demisto/py3-tools:1.0.0.91504
dockerimage: demisto/py3-tools:1.0.0.108682
subtype: python3
tests:
- Vertica Test
Expand Down
7 changes: 7 additions & 0 deletions Packs/Vertica/ReleaseNotes/1_0_5.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@

#### Integrations

##### Vertica

- Added comments to clarify implementation of getting the username from the environment.
- Updated the Docker image to: *demisto/py3-tools:1.0.0.108682*.
2 changes: 1 addition & 1 deletion Packs/Vertica/pack_metadata.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "Vertica",
"description": "Analytic database management software",
"support": "xsoar",
"currentVersion": "1.0.4",
"currentVersion": "1.0.5",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down

0 comments on commit 65895da

Please sign in to comment.