Merge pull request #9 from splunk-soar-connectors/next

Merging next to main for release 2.2.7
splunk-soar-connectors · Dec 26, 2023 · 74037f1 · 74037f1
2 parents 54a3d29 + cff6c05
commit 74037f1
Show file tree

Hide file tree

Showing 32 changed files with 353 additions and 314 deletions.
diff --git a/.github/workflows/generate-doc.yml b/.github/workflows/generate-doc.yml
@@ -0,0 +1,20 @@
+name: Generate Readme Doc
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - '*.json'
+      - 'readme.html'
+      - 'manual_readme_content.md'
+    tags-ignore:
+      - '**'
+    branches-ignore:
+      - next
+      - main
+jobs:
+  generate-doc:
+    runs-on: ubuntu-latest
+    steps:
+     - uses: 'phantomcyber/dev-cicd-tools/github-actions/generate-doc@main'
+       with:
+         GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
@@ -1,7 +1,7 @@
 name: Linting
 on: [push, pull_request]
 jobs:
-  lint: 
+  lint:
     # Run per push for internal contributers. This isn't possible for forked pull requests,
     # so we'll need to run on PR events for external contributers.
     # String comparison below is case insensitive.

diff --git a/.github/workflows/review-release.yml b/.github/workflows/review-release.yml
@@ -0,0 +1,22 @@
+name: Review Release
+concurrency:
+  group: app-release
+  cancel-in-progress: true
+permissions:
+  contents: read
+  id-token: write
+  statuses: write
+on:
+  workflow_dispatch:
+    inputs:
+      task_token:
+        description: 'StepFunction task token'
+        required: true
+
+jobs:
+  review:
+    uses: 'phantomcyber/dev-cicd-tools/.github/workflows/review-release.yml@main'
+    with:
+      task_token: ${{ inputs.task_token }}
+    secrets:
+      resume_release_role_arn: ${{ secrets.RESUME_RELEASE_ROLE_ARN }}
diff --git a/.github/workflows/start-release.yml b/.github/workflows/start-release.yml
@@ -1,9 +1,13 @@
 name: Start Release
-on: workflow_dispatch
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - '*-beta*'
 jobs:
   start-release:
     runs-on: ubuntu-latest
     steps:
      - uses: 'phantomcyber/dev-cicd-tools/github-actions/start-release@main'
        with:
-         GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}
+         GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,11 +1,11 @@
 repos:
 -   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.4
+    rev: v1.16
     hooks:
     -   id: org-hook
     -   id: package-app-dependencies
 -   repo: https://github.com/Yelp/detect-secrets
-    rev: v1.1.0
+    rev: v1.4.0
     hooks:
     -   id: detect-secrets
         args: ['--no-verify', '--exclude-files', '^awscloudtrail.json$']
diff --git a/LICENSE b/LICENSE
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2021 Splunk Inc.
+   Copyright (c) 2019-2023 Splunk Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

diff --git a/NOTICE b/NOTICE
@@ -1,5 +1,5 @@
 Splunk SOAR AWS CloudTrail
-Copyright (c) 2019-2021 Splunk Inc.
+Copyright (c) 2019-2023 Splunk Inc.
 
 Third-party Software Attributions:
 
@@ -25,11 +25,6 @@ License: Python 2.0
 Copyright 2004-2007 Chad Miller
 Copyright 2011 Günter Milde,
 
-Library: requests
-Version: 2.25.0
-License: Apache 2.0
-Kenneth Reitz
-
 Library: six
 Version: 1.15.0
 License: MIT

diff --git a/README.md b/README.md
diff --git a/__init__.py b/__init__.py
@@ -1,6 +1,6 @@
 # File: __init__.py
 #
-# Copyright (c) 2019-2021 Splunk Inc.
+# Copyright (c) 2019-2023 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

diff --git a/awscloudtrail.json b/awscloudtrail.json
@@ -10,9 +10,9 @@
     "product_version_regex": ".*",
     "python_version": "3",
     "publisher": "Splunk",
-    "license": "Copyright (c) 2019-2021 Splunk Inc.",
-    "app_version": "2.2.5",
-    "utctime_updated": "2021-12-21T01:10:04.000000Z",
+    "license": "Copyright (c) 2019-2023 Splunk Inc.",
+    "app_version": "2.2.7",
+    "utctime_updated": "2022-01-07T20:23:12.000000Z",
     "package_name": "phantom_awscloudtrail",
     "main_module": "awscloudtrail_connector.py",
     "min_phantom_version": "4.9.39220",
@@ -77,51 +77,35 @@
         "wheel": [
             {
                 "module": "boto3",
-                "input_file": "wheels/boto3-1.17.6-py2.py3-none-any.whl"
+                "input_file": "wheels/shared/boto3-1.17.6-py2.py3-none-any.whl"
             },
             {
                 "module": "botocore",
-                "input_file": "wheels/botocore-1.20.30-py2.py3-none-any.whl"
-            },
-            {
-                "module": "certifi",
-                "input_file": "wheels/certifi-2021.10.8-py2.py3-none-any.whl"
-            },
-            {
-                "module": "chardet",
-                "input_file": "wheels/chardet-3.0.4-py2.py3-none-any.whl"
+                "input_file": "wheels/shared/botocore-1.20.30-py2.py3-none-any.whl"
             },
             {
                 "module": "docutils",
-                "input_file": "wheels/docutils-0.18-py2.py3-none-any.whl"
-            },
-            {
-                "module": "idna",
-                "input_file": "wheels/idna-2.10-py2.py3-none-any.whl"
+                "input_file": "wheels/shared/docutils-0.18-py2.py3-none-any.whl"
             },
             {
                 "module": "jmespath",
-                "input_file": "wheels/jmespath-0.10.0-py2.py3-none-any.whl"
+                "input_file": "wheels/shared/jmespath-0.10.0-py2.py3-none-any.whl"
             },
             {
                 "module": "python_dateutil",
-                "input_file": "wheels/python_dateutil-2.8.2-py2.py3-none-any.whl"
-            },
-            {
-                "module": "requests",
-                "input_file": "wheels/requests-2.25.0-py2.py3-none-any.whl"
+                "input_file": "wheels/shared/python_dateutil-2.8.2-py2.py3-none-any.whl"
             },
             {
                 "module": "s3transfer",
-                "input_file": "wheels/s3transfer-0.3.7-py2.py3-none-any.whl"
+                "input_file": "wheels/shared/s3transfer-0.3.7-py2.py3-none-any.whl"
             },
             {
                 "module": "six",
-                "input_file": "wheels/six-1.15.0-py2.py3-none-any.whl"
+                "input_file": "wheels/shared/six-1.15.0-py2.py3-none-any.whl"
             },
             {
                 "module": "urllib3",
-                "input_file": "wheels/urllib3-1.26.7-py2.py3-none-any.whl"
+                "input_file": "wheels/shared/urllib3-1.26.18-py2.py3-none-any.whl"
             }
         ]
     },
@@ -1380,4 +1364,4 @@
             "versions": "EQ(*)"
         }
     ]
-}
+}
diff --git a/awscloudtrail_connector.py b/awscloudtrail_connector.py
@@ -1,6 +1,6 @@
 # File: awscloudtrail_connector.py
 #
-# Copyright (c) 2019-2021 Splunk Inc.
+# Copyright (c) 2019-2023 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

diff --git a/awscloudtrail_consts.py b/awscloudtrail_consts.py
@@ -1,6 +1,6 @@
 # File: awscloudtrail_consts.py
 #
-# Copyright (c) 2019-2021 Splunk Inc.
+# Copyright (c) 2019-2023 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

diff --git a/exclude_files.txt b/exclude_files.txt
diff --git a/manual_readme_content.md b/manual_readme_content.md
@@ -0,0 +1,26 @@
+[comment]: # " File: README.md"
+[comment]: # "  Copyright (c) 2018-2021 Splunk Inc."
+[comment]: # ""
+[comment]: # "  SPLUNK CONFIDENTIAL - Use or disclosure of this material in whole or in part"
+[comment]: # "  without a valid written license from Splunk Inc. is PROHIBITED."
+[comment]: # ""
+## Asset Configuration
+
+There are two ways to configure an AWS CloudTrail asset. The first is to configure the
+**access_key** , **secret_key** and **region** variables. If it is preferred to use a role and
+Phantom is running as an EC2 instance, the **use_role** checkbox can be checked instead. This will
+allow the role that is attached to the instance to be used. Please see the [AWS EC2 and IAM
+documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html)
+for more information.
+
+## Assumed Role Credentials
+
+The optional **credentials** action parameter consists of temporary **assumed role** credentials
+that will be used to perform the action instead of those that are configured in the **asset** . The
+parameter is not designed to be configured manually, but should instead be used in conjunction with
+the Phantom AWS Security Token Service app. The output of the **assume_role** action of the STS app
+with data path **assume_role\_\<number>:action_result.data.\*.Credentials** consists of a dictionary
+containing the **AccessKeyId** , **SecretAccessKey** , **SessionToken** and **Expiration** key/value
+pairs. This dictionary can be passed directly into the credentials parameter in any of the following
+actions within a playbook. For more information, please see the [AWS Identity and Access Management
+documentation](https://docs.aws.amazon.com/iam/index.html) .
diff --git a/readme.html b/readme.html