diff --git a/.github/workflows/generate-doc.yml b/.github/workflows/generate-doc.yml new file mode 100644 index 0000000..9284f9d --- /dev/null +++ b/.github/workflows/generate-doc.yml @@ -0,0 +1,20 @@ +name: Generate Readme Doc +on: + workflow_dispatch: + push: + paths: + - '*.json' + - 'readme.html' + - 'manual_readme_content.md' + tags-ignore: + - '**' + branches-ignore: + - next + - main +jobs: + generate-doc: + runs-on: ubuntu-latest + steps: + - uses: 'phantomcyber/dev-cicd-tools/github-actions/generate-doc@main' + with: + GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }} diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 6f15b22..131c639 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -1,7 +1,7 @@ name: Linting on: [push, pull_request] jobs: - lint: + lint: # Run per push for internal contributers. This isn't possible for forked pull requests, # so we'll need to run on PR events for external contributers. # String comparison below is case insensitive. diff --git a/.github/workflows/review-release.yml b/.github/workflows/review-release.yml new file mode 100644 index 0000000..6f3bf31 --- /dev/null +++ b/.github/workflows/review-release.yml @@ -0,0 +1,22 @@ +name: Review Release +concurrency: + group: app-release + cancel-in-progress: true +permissions: + contents: read + id-token: write + statuses: write +on: + workflow_dispatch: + inputs: + task_token: + description: 'StepFunction task token' + required: true + +jobs: + review: + uses: 'phantomcyber/dev-cicd-tools/.github/workflows/review-release.yml@main' + with: + task_token: ${{ inputs.task_token }} + secrets: + resume_release_role_arn: ${{ secrets.RESUME_RELEASE_ROLE_ARN }} diff --git a/.github/workflows/start-release.yml b/.github/workflows/start-release.yml index d5fb354..7bbce79 100644 --- a/.github/workflows/start-release.yml +++ b/.github/workflows/start-release.yml @@ -1,9 +1,13 @@ name: Start Release -on: workflow_dispatch +on: + workflow_dispatch: + push: + tags: + - '*-beta*' jobs: start-release: runs-on: ubuntu-latest steps: - uses: 'phantomcyber/dev-cicd-tools/github-actions/start-release@main' with: - GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }} \ No newline at end of file + GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a1dbd0d..c420ced 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,11 +1,11 @@ repos: - repo: https://github.com/phantomcyber/dev-cicd-tools - rev: v1.4 + rev: v1.16 hooks: - id: org-hook - id: package-app-dependencies - repo: https://github.com/Yelp/detect-secrets - rev: v1.1.0 + rev: v1.4.0 hooks: - id: detect-secrets args: ['--no-verify', '--exclude-files', '^awscloudtrail.json$'] diff --git a/LICENSE b/LICENSE index f003b93..94b040f 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright 2021 Splunk Inc. + Copyright (c) 2019-2023 Splunk Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/NOTICE b/NOTICE index 611dfc8..4a92245 100644 --- a/NOTICE +++ b/NOTICE @@ -1,5 +1,5 @@ Splunk SOAR AWS CloudTrail -Copyright (c) 2019-2021 Splunk Inc. +Copyright (c) 2019-2023 Splunk Inc. Third-party Software Attributions: @@ -25,11 +25,6 @@ License: Python 2.0 Copyright 2004-2007 Chad Miller Copyright 2011 Günter Milde, -Library: requests -Version: 2.25.0 -License: Apache 2.0 -Kenneth Reitz - Library: six Version: 1.15.0 License: MIT diff --git a/README.md b/README.md new file mode 100644 index 0000000..9d9c1cd --- /dev/null +++ b/README.md @@ -0,0 +1,251 @@ +[comment]: # "Auto-generated SOAR connector documentation" +# AWS CloudTrail + +Publisher: Splunk +Connector Version: 2.2.7 +Product Vendor: AWS +Product Name: CloudTrail +Product Version Supported (regex): ".\*" +Minimum Product Version: 4.9.39220 + +This app integrates with AWS CloudTrail to perform various investigative actions + +[comment]: # " File: README.md" +[comment]: # " Copyright (c) 2018-2021 Splunk Inc." +[comment]: # "" +[comment]: # " SPLUNK CONFIDENTIAL - Use or disclosure of this material in whole or in part" +[comment]: # " without a valid written license from Splunk Inc. is PROHIBITED." +[comment]: # "" +## Asset Configuration + +There are two ways to configure an AWS CloudTrail asset. The first is to configure the +**access_key** , **secret_key** and **region** variables. If it is preferred to use a role and +Phantom is running as an EC2 instance, the **use_role** checkbox can be checked instead. This will +allow the role that is attached to the instance to be used. Please see the [AWS EC2 and IAM +documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html) +for more information. + +## Assumed Role Credentials + +The optional **credentials** action parameter consists of temporary **assumed role** credentials +that will be used to perform the action instead of those that are configured in the **asset** . The +parameter is not designed to be configured manually, but should instead be used in conjunction with +the Phantom AWS Security Token Service app. The output of the **assume_role** action of the STS app +with data path **assume_role\_\:action_result.data.\*.Credentials** consists of a dictionary +containing the **AccessKeyId** , **SecretAccessKey** , **SessionToken** and **Expiration** key/value +pairs. This dictionary can be passed directly into the credentials parameter in any of the following +actions within a playbook. For more information, please see the [AWS Identity and Access Management +documentation](https://docs.aws.amazon.com/iam/index.html) . + + +### Configuration Variables +The below configuration variables are required for this Connector to operate. These variables are specified when configuring a CloudTrail asset in SOAR. + +VARIABLE | REQUIRED | TYPE | DESCRIPTION +-------- | -------- | ---- | ----------- +**Access Key** | optional | password | Access Key +**Secret Key** | optional | password | Secret Key +**Region** | required | string | Default Region +**use_role** | optional | boolean | Use attached role when running Phantom in EC2 + +### Supported Actions +[test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity using the supplied configuration +[describe trails](#action-describe-trails) - Retrieve settings for trails associated with the current region and the multi-region trails +[run query](#action-run-query) - Lookup the management events captured by CloudTrail + +## action: 'test connectivity' +Validate the asset configuration for connectivity using the supplied configuration + +Type: **test** +Read only: **True** + +#### Action Parameters +No parameters are required for this action + +#### Action Output +No Output + +## action: 'describe trails' +Retrieve settings for trails associated with the current region and the multi-region trails + +Type: **investigate** +Read only: **True** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**include_shadow_trails** | optional | Inform command to include shadow trails | boolean | +**credentials** | optional | Assumed role credentials | string | `aws credentials` + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.include_shadow_trails | boolean | | True False +action_result.data.\*.HasCustomEventSelectors | boolean | | True False +action_result.data.\*.HomeRegion | string | | us-east-1 +action_result.data.\*.IncludeGlobalServiceEvents | boolean | | True False +action_result.data.\*.IsMultiRegionTrail | boolean | | True False +action_result.data.\*.IsOrganizationTrail | boolean | | True False +action_result.data.\*.LogFileValidationEnabled | boolean | | True False +action_result.data.\*.Name | string | | test-cloudtrail +action_result.data.\*.S3BucketName | string | | test-bucket +action_result.data.\*.SnsTopicARN | string | `aws arn` | arn:aws:sns:us-west-2:123456789012:test-splunk-aws-addon-sns-notifications +action_result.data.\*.SnsTopicName | string | `aws arn` | arn:aws:sns:us-west-2:123456789012:test-addon-sns +action_result.data.\*.TrailARN | string | `aws arn` | arn:aws:cloudtrail:us-east-1:123456789012:trail/test-cloudtrail +action_result.summary.message | string | | Received 3 trails +action_result.message | string | | Message: Received 3 trails +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 +action_result.parameter.credentials | string | `aws credentials` | {'AccessKeyId': 'ASIASJL6ZZZZZ3M7QC2J', 'Expiration': '2021-06-07 22:28:04', 'SecretAccessKey': 'ZZZZZAmvLPictcVBPvjJx0d7MRezOuxiLCMZZZZZ', 'SessionToken': 'ZZZZZXIvYXdzEN///////////wEaDFRU0s4AVrw0k0oYICK4ATAzOqzAkg9bHY29lYmP59UvVOHjLufOy4s7SnAzOxGqGIXnukLis4TWNhrJl5R5nYyimrm6K/9d0Cw2SW9gO0ZRjEJHWJ+yY5Qk2QpWctS2BGn4n+G8cD6zEweCCMj+ScI5p8n7YI4wOdvXvOsVMmjV6F09Ujqr1w+NwoKXlglznXGs/7Q1kNZOMiioEhGUyoiHbQb37GCKslDK+oqe0KNaUKQ96YCepaLgMbMquDgdAM8I0TTxUO0o5ILF/gUyLT04R7QlOfktkdh6Qt0atTS+xeKi1hirKRizpJ8jjnxGQIikPRToL2v3ZZZZZZ=='} + +## action: 'run query' +Lookup the management events captured by CloudTrail + +Type: **investigate** +Read only: **True** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**attribute_key** | optional | Select an Attribute to query by (or leave blank to retrieve all records) | string | +**attribute_value** | optional | Specify the Value by which to search. Note that true/false values must be lower-case | string | +**start_date** | optional | Start date in the format of yyyy-mm-dd (e.g. 2019-12-25) | string | +**end_date** | optional | End date in the format of yyyy-mm-dd (e.g. 2019-12-25) | string | +**max_results** | optional | Max results to return | numeric | +**credentials** | optional | Assumed role credentials | string | `aws credentials` + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.attribute_key | string | | EventName Username +action_result.parameter.attribute_value | string | | DescribeTable false true +action_result.parameter.end_date | string | | 2021-02-10 1980-08-12 +action_result.parameter.max_results | numeric | | 123 +action_result.parameter.start_date | string | | 2021-02-10 1980-08-12 +action_result.data.\*.AccessKeyId | string | | ABCDEFGHI1234567890 +action_result.data.\*.EventId | string | | 1234abcd-12ab-ab12-ab12-123456abcdef +action_result.data.\*.EventName | string | | testEvents +action_result.data.\*.EventSource | string | | cloudtrail.amazonaws.com +action_result.data.\*.EventTime | string | | 2019-07-30 10:48:04 +action_result.data.\*.ExtractedCloudTrailEvent.apiVersion | string | | 2015-02-01 +action_result.data.\*.ExtractedCloudTrailEvent.awsRegion | string | | us-east-1 +action_result.data.\*.ExtractedCloudTrailEvent.errorCode | string | | AccessDenied +action_result.data.\*.ExtractedCloudTrailEvent.errorMessage | string | | User: arn:aws:sts::123456789012:assumed-role/test-role/parseRegistrationEmailBase64 is not authorized to perform: logs:CreateLogStream on resource: arn:aws:logs:us-east-1:123456789012:log-group:/aws/lambda/parseRegistrationEmailBase64:log-stream:2019/07/30/[$LATEST]1234abcd12abab12ab12123456abcdef +action_result.data.\*.ExtractedCloudTrailEvent.eventID | string | | 1234abcd-12ab-ab12-ab12-123456abcdef +action_result.data.\*.ExtractedCloudTrailEvent.eventName | string | | testEvents +action_result.data.\*.ExtractedCloudTrailEvent.eventSource | string | | cloudtrail.amazonaws.com +action_result.data.\*.ExtractedCloudTrailEvent.eventTime | string | | 2019-07-30T10:48:04Z +action_result.data.\*.ExtractedCloudTrailEvent.eventType | string | | AwsApiCall +action_result.data.\*.ExtractedCloudTrailEvent.eventVersion | string | | 1.05 +action_result.data.\*.ExtractedCloudTrailEvent.readOnly | boolean | | True False +action_result.data.\*.ExtractedCloudTrailEvent.recipientAccountId | string | | 123456789012 +action_result.data.\*.ExtractedCloudTrailEvent.requestID | string | | 1234abcd-12ab-ab12-ab12-123456abcdef +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters | string | | +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.Filters.UpdatedAt.\*.End | string | | 2019-07-30T10:47:25.908919Z +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.Filters.UpdatedAt.\*.Start | string | | 2019-07-30T10:46:25.888382Z +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.MaxResults | numeric | | 100 +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.accountId | string | | 123456789012 +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.agentName | string | | test-ssm-agent +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.agentStatus | string | | Active +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.agentVersion | string | | 2.3.542.0 +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.computerName | string | | ip-123-12-12-123.ec2.internal +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.defaultOnly | boolean | | True False +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.encryptionContext.aws:lambda:FunctionArn | string | `aws arn` | arn:aws:lambda:us-east-1:123456789012:function:test--LambdaAssets-ABCDE1234567 +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.endTime | string | | Jul 30, 2019 10:32:45 AM +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.environmentId | string | | e-abcde12345 +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.externalId | string | | abcdEFGhi +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.fileSystemId | string | | fs-1234abcd +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.iPAddress | string | `ip` | 122.122.122.122 +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.instanceId | string | | i-abcdefg123456 +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.limit | string | | 1000 +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.lookupAttributes.\*.attributeKey | string | | ReadOnly +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.lookupAttributes.\*.attributeValue | string | | false +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.marker | string | | lslTXFcbLQKkbaabbccddh8Iuhhi7cd/c3sgqk3eiDRabcdfergtskS7Bo66iQPTMpVOHZkGsDz1LI7e+TWIc3wm1hIW/abcdefg12345/jpTjHbLNqsrBsgR/ee2eXoJp0e6ORRUuOVOaR5nxZmGTGQADFACSslcabxXl3/jDI4rfFnIsUVdzTLBgPF1hzwrE1f3lcdkBvUp+QgY+Pn3w5Qvo3bzKGVTASYpusBX+bSTmSHOiGxLITL+mvpL/sXfkK+8MMwtRyKS4b64do4cE7mPFzUUluuj8W69Cm74OK1NgiKGIYu3Bw7lSNrLd+q3+wBGNLTnq7RWa21Xjxe5me9SyEscOWAwjnLEf9QpeMhWcWzbQhxtGas3WJ8MmCebU1auV7TUkBvPVomaBnFP+5l4rh7OjJMy7bcV+dw0TAkgzMHloQ5dXhvm751bUYR7A85kKM4EcBK3HokqBzefLfgRU99q0jOYJVftlPhUGWp+T8EoO4fBXNHqRXmq4aLpzPpQMzMc5vGlkrP7x7GF9emA= +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.maxItems | numeric | | 100 +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.maxRecords | numeric | | 1000 +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.maxResults | numeric | | 1000 +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.mountTargetId | string | | fsmt-1234abcd +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.networkInterfaceId | string | | eni-abcdefg1234567 +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.platformName | string | | Amazon Linux +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.platformType | string | | Linux +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.platformVersion | string | | 2 +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.policyArn | string | `aws arn` | arn:aws:iam::123456789012:policy/testPolicy +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.requestContext.awsAccountId | string | | 123456789012 +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.resource | string | `aws arn` | arn:aws:lambda:us-east-1:123456789012:function:test +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.resourceArn | string | `aws arn` | arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/test-target/testtarget-env +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.resourceId | string | | ws-abcdef1234 +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.roleArn | string | `aws arn` | arn:aws:iam::123456789012:role/test-role +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.roleName | string | | test-role +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.roleSessionName | string | | test +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.stackName | string | | awseb-e-1234abcde-stack +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.startTime | string | | Jul 30, 2019 10:24:27 AM +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.topicArn | string | `aws arn` | arn:aws:sns:us-east-1:123456789012:test-code-SNSTopic-ABCDEFGH123 +action_result.data.\*.ExtractedCloudTrailEvent.requestParameters.versionId | string | | v1 +action_result.data.\*.ExtractedCloudTrailEvent.resources.\*.ARN | string | `aws arn` | arn:aws:iam::123456789012:role/test-role +action_result.data.\*.ExtractedCloudTrailEvent.resources.\*.accountId | string | | 123456789012 +action_result.data.\*.ExtractedCloudTrailEvent.resources.\*.type | string | | AWS::IAM::Role +action_result.data.\*.ExtractedCloudTrailEvent.responseElements | string | | +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.Message | string | | User: arn:aws:sts::123456789012:assumed-role/test-role/test is not authorized to perform: eks:ListClusters on resource: arn:aws:eks:us-east-1:123456789012:cluster/\* +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.assumedRoleUser.arn | string | `aws arn` | arn:aws:sts::123456789012:assumed-role/test-role/test +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.assumedRoleUser.assumedRoleId | string | | ABCDEFGHI123456789:test +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.credentials.accessKeyId | string | | ABCDEFGHI123456789 +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.credentials.expiration | string | | Jul 30, 2019 11:47:45 AM +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.credentials.sessionToken | string | | AgoJb3JpZ2luX2Vabcdefghi123456789EQCIGmmjSmuKp8Dk8AmEx1yuMYYFSpD7h8tuqJDX0BdawM1AiBOV74zA4lnwD6uo5aj50a6pTmrDDFxsI9Gz7B+wg+96iqXAgiM//////////abcdefghijklmn1234567890/uI5w04fo9r5LKusB05HceTN5TJRBkLrVOK+yGMXURedACeF1kXJ0rID3FC18eDZg16wFAVWVy4cQ/l77qDKR7HIjFrhaCGMzWWIDZXdv8uDjgq+TDfWOuS02BnnSq6sZ89PFLn32tXnshrEHKomzqqhW+7ObRY+z3OxoMIWw4vCIkJauWmygzXYTn4Evskv8lpf4sTQ6q2FySLQm+U8afbVSJ4wyztmYphwcfHDHNRTz04Q8hr6L4Fk6+xg+gqC9h5cNKqrUV+PW9SZQ+yePFRe7w5viJimsl9C5A6Av5YUMul0gfVtd8/s6JudVLf/GQ0EI72pIDTDRwIDqBTq1AXJX4J9YqaODMiUjBePvsGZdwpvUh0jK/QuSJtj2314Mieo61MxDBzCRnkpGglhRoGyQsBsU39GVowbmyGuh9Ptn5rd5/qWXnjKTfWUXsxoxl2r7tc/j8gIbcmiHFtAM05KUaehB4d5u1m+Yz1jxItWpEi9rBxs4OFxQqPoXrLwGKY8nqunAsTjKF/bgMoj7PBeaLq2b8yhaAiTUUUDrb70Isl0RGE7EQSdSn7fu33OgK+j/Ak8= +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.directories.\*.alias | string | | d-12345abcdefg +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.directories.\*.customerUserName | string | `user name` | testUser +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.directories.\*.directoryId | string | | d-12345abcdefg +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.directories.\*.directoryName | string | | corp.amazonworkspaces.com +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.directories.\*.directoryType | string | | SIMPLE_AD +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.directories.\*.dnsIpAddresses | string | `ip` | 123.12.1.123 +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.directories.\*.iamRoleId | string | `aws arn` | arn:aws:iam::123456789012:role/test-role +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.directories.\*.registrationCode | string | | ABC123+EFG456 +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.directories.\*.state | string | | REGISTERED +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.directories.\*.subnetIds | string | | subnet-1234567890abcdefge +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.directories.\*.workspaceCreationProperties.enableInternetAccess | boolean | | True False +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.directories.\*.workspaceCreationProperties.enableWorkDocs | boolean | | True False +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.directories.\*.workspaceCreationProperties.userEnabledAsLocalAdministrator | boolean | | True False +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.directories.\*.workspaceSecurityGroupId | string | | sg-1234abcde1234 +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.tags.aws:cloudformation:logical-id | string | | LambdaAssets +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.tags.aws:cloudformation:stack-id | string | `aws arn` | arn:aws:cloudformation:us-east-1:123456789012:stack/test/1234abcd-12ab-ab12-ab12-123456abcdef +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.tags.aws:cloudformation:stack-name | string | | test +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.workspaces.\*.bundleId | string | | wsb-abc123abc +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.workspaces.\*.computerName | string | | IP-ABCD123AB +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.workspaces.\*.directoryId | string | | d-12345abcdefg +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.workspaces.\*.ipAddress | string | `ip` | 123.12.1.123 +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.workspaces.\*.state | string | | STOPPED +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.workspaces.\*.subnetId | string | | subnet-1234567890abcdefge +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.workspaces.\*.userName | string | `user name` | testUser +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.workspaces.\*.workspaceId | string | | ws-abcde12345 +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.workspaces.\*.workspaceProperties.computeTypeName | string | | STANDARD +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.workspaces.\*.workspaceProperties.rootVolumeSizeGib | numeric | | 80 +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.workspaces.\*.workspaceProperties.runningMode | string | | AUTO_STOP +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.workspaces.\*.workspaceProperties.runningModeAutoStopTimeoutInMinutes | numeric | | 60 +action_result.data.\*.ExtractedCloudTrailEvent.responseElements.workspaces.\*.workspaceProperties.userVolumeSizeGib | numeric | | 50 +action_result.data.\*.ExtractedCloudTrailEvent.sharedEventID | string | | 1234abcd-12ab-ab12-ab12-123456abcdef +action_result.data.\*.ExtractedCloudTrailEvent.sourceIPAddress | string | `ip` | 12.123.12.123 +action_result.data.\*.ExtractedCloudTrailEvent.userAgent | string | | aws-sdk-java/1.11.569 Linux/4.14.128-87.105.amzn1.x86_64 test_HotSpot(TM)_64-Bit_Server_VM/25.202-b08 test/1.8.0_202 test1/2.4.15 vendor/test_Corporation +action_result.data.\*.ExtractedCloudTrailEvent.userIdentity.accessKeyId | string | | ABCDEFGHI123456789 +action_result.data.\*.ExtractedCloudTrailEvent.userIdentity.accountId | string | | 123456789012 +action_result.data.\*.ExtractedCloudTrailEvent.userIdentity.arn | string | `aws arn` | arn:aws:sts::123456789012:assumed-role/test-role/test +action_result.data.\*.ExtractedCloudTrailEvent.userIdentity.invokedBy | string | | lambda.amazonaws.com +action_result.data.\*.ExtractedCloudTrailEvent.userIdentity.principalId | string | | ABCDEFGHI1234567890:test +action_result.data.\*.ExtractedCloudTrailEvent.userIdentity.sessionContext.attributes.creationDate | string | | 2019-07-30T10:47:45Z +action_result.data.\*.ExtractedCloudTrailEvent.userIdentity.sessionContext.attributes.mfaAuthenticated | string | | false +action_result.data.\*.ExtractedCloudTrailEvent.userIdentity.sessionContext.sessionIssuer.accountId | string | | 123456789012 +action_result.data.\*.ExtractedCloudTrailEvent.userIdentity.sessionContext.sessionIssuer.arn | string | `aws arn` | arn:aws:iam::123456789012:role/test-role +action_result.data.\*.ExtractedCloudTrailEvent.userIdentity.sessionContext.sessionIssuer.principalId | string | | ABCDEFGHI1234567890 +action_result.data.\*.ExtractedCloudTrailEvent.userIdentity.sessionContext.sessionIssuer.type | string | | Role +action_result.data.\*.ExtractedCloudTrailEvent.userIdentity.sessionContext.sessionIssuer.userName | string | `user name` | testUser +action_result.data.\*.ExtractedCloudTrailEvent.userIdentity.type | string | | AssumedRole +action_result.data.\*.ExtractedCloudTrailEvent.userIdentity.userName | string | `email` `user name` | test@example.us +action_result.data.\*.ReadOnly | string | | true +action_result.data.\*.Resources.\*.ResourceName | string | | ABCDEFGHI123456789 +action_result.data.\*.Resources.\*.ResourceType | string | | AWS::IAM::AccessKey +action_result.data.\*.Username | string | `email` `user name` | testUser +action_result.summary.total_lookup_events | numeric | | 123 +action_result.message | string | | Total lookup events: 123 +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 +action_result.parameter.credentials | string | `aws credentials` | {'AccessKeyId': 'ASIASJL6ZZZZZ3M7QC2J', 'Expiration': '2021-06-07 22:28:04', 'SecretAccessKey': 'ZZZZZAmvLPictcVBPvjJx0d7MRezOuxiLCMZZZZZ', 'SessionToken': 'ZZZZZXIvYXdzEN///////////wEaDFRU0s4AVrw0k0oYICK4ATAzOqzAkg9bHY29lYmP59UvVOHjLufOy4s7SnAzOxGqGIXnukLis4TWNhrJl5R5nYyimrm6K/9d0Cw2SW9gO0ZRjEJHWJ+yY5Qk2QpWctS2BGn4n+G8cD6zEweCCMj+ScI5p8n7YI4wOdvXvOsVMmjV6F09Ujqr1w+NwoKXlglznXGs/7Q1kNZOMiioEhGUyoiHbQb37GCKslDK+oqe0KNaUKQ96YCepaLgMbMquDgdAM8I0TTxUO0o5ILF/gUyLT04R7QlOfktkdh6Qt0atTS+xeKi1hirKRizpJ8jjnxGQIikPRToL2v3ZZZZZZ=='} \ No newline at end of file diff --git a/__init__.py b/__init__.py index d0522b6..44bae34 100644 --- a/__init__.py +++ b/__init__.py @@ -1,6 +1,6 @@ # File: __init__.py # -# Copyright (c) 2019-2021 Splunk Inc. +# Copyright (c) 2019-2023 Splunk Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/awscloudtrail.json b/awscloudtrail.json index 6abe5cf..4c2f7df 100644 --- a/awscloudtrail.json +++ b/awscloudtrail.json @@ -10,9 +10,9 @@ "product_version_regex": ".*", "python_version": "3", "publisher": "Splunk", - "license": "Copyright (c) 2019-2021 Splunk Inc.", - "app_version": "2.2.5", - "utctime_updated": "2021-12-21T01:10:04.000000Z", + "license": "Copyright (c) 2019-2023 Splunk Inc.", + "app_version": "2.2.7", + "utctime_updated": "2022-01-07T20:23:12.000000Z", "package_name": "phantom_awscloudtrail", "main_module": "awscloudtrail_connector.py", "min_phantom_version": "4.9.39220", @@ -77,51 +77,35 @@ "wheel": [ { "module": "boto3", - "input_file": "wheels/boto3-1.17.6-py2.py3-none-any.whl" + "input_file": "wheels/shared/boto3-1.17.6-py2.py3-none-any.whl" }, { "module": "botocore", - "input_file": "wheels/botocore-1.20.30-py2.py3-none-any.whl" - }, - { - "module": "certifi", - "input_file": "wheels/certifi-2021.10.8-py2.py3-none-any.whl" - }, - { - "module": "chardet", - "input_file": "wheels/chardet-3.0.4-py2.py3-none-any.whl" + "input_file": "wheels/shared/botocore-1.20.30-py2.py3-none-any.whl" }, { "module": "docutils", - "input_file": "wheels/docutils-0.18-py2.py3-none-any.whl" - }, - { - "module": "idna", - "input_file": "wheels/idna-2.10-py2.py3-none-any.whl" + "input_file": "wheels/shared/docutils-0.18-py2.py3-none-any.whl" }, { "module": "jmespath", - "input_file": "wheels/jmespath-0.10.0-py2.py3-none-any.whl" + "input_file": "wheels/shared/jmespath-0.10.0-py2.py3-none-any.whl" }, { "module": "python_dateutil", - "input_file": "wheels/python_dateutil-2.8.2-py2.py3-none-any.whl" - }, - { - "module": "requests", - "input_file": "wheels/requests-2.25.0-py2.py3-none-any.whl" + "input_file": "wheels/shared/python_dateutil-2.8.2-py2.py3-none-any.whl" }, { "module": "s3transfer", - "input_file": "wheels/s3transfer-0.3.7-py2.py3-none-any.whl" + "input_file": "wheels/shared/s3transfer-0.3.7-py2.py3-none-any.whl" }, { "module": "six", - "input_file": "wheels/six-1.15.0-py2.py3-none-any.whl" + "input_file": "wheels/shared/six-1.15.0-py2.py3-none-any.whl" }, { "module": "urllib3", - "input_file": "wheels/urllib3-1.26.7-py2.py3-none-any.whl" + "input_file": "wheels/shared/urllib3-1.26.18-py2.py3-none-any.whl" } ] }, @@ -1380,4 +1364,4 @@ "versions": "EQ(*)" } ] -} \ No newline at end of file +} diff --git a/awscloudtrail_connector.py b/awscloudtrail_connector.py index 9128a57..6e13f2a 100644 --- a/awscloudtrail_connector.py +++ b/awscloudtrail_connector.py @@ -1,6 +1,6 @@ # File: awscloudtrail_connector.py # -# Copyright (c) 2019-2021 Splunk Inc. +# Copyright (c) 2019-2023 Splunk Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/awscloudtrail_consts.py b/awscloudtrail_consts.py index 660113a..633dd63 100644 --- a/awscloudtrail_consts.py +++ b/awscloudtrail_consts.py @@ -1,6 +1,6 @@ # File: awscloudtrail_consts.py # -# Copyright (c) 2019-2021 Splunk Inc. +# Copyright (c) 2019-2023 Splunk Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/exclude_files.txt b/exclude_files.txt deleted file mode 100644 index fc8ac12..0000000 --- a/exclude_files.txt +++ /dev/null @@ -1,4 +0,0 @@ -docker-compose.yml -.gitlab-ci.yml -Makefile -.git* diff --git a/manual_readme_content.md b/manual_readme_content.md new file mode 100644 index 0000000..8c3321a --- /dev/null +++ b/manual_readme_content.md @@ -0,0 +1,26 @@ +[comment]: # " File: README.md" +[comment]: # " Copyright (c) 2018-2021 Splunk Inc." +[comment]: # "" +[comment]: # " SPLUNK CONFIDENTIAL - Use or disclosure of this material in whole or in part" +[comment]: # " without a valid written license from Splunk Inc. is PROHIBITED." +[comment]: # "" +## Asset Configuration + +There are two ways to configure an AWS CloudTrail asset. The first is to configure the +**access_key** , **secret_key** and **region** variables. If it is preferred to use a role and +Phantom is running as an EC2 instance, the **use_role** checkbox can be checked instead. This will +allow the role that is attached to the instance to be used. Please see the [AWS EC2 and IAM +documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html) +for more information. + +## Assumed Role Credentials + +The optional **credentials** action parameter consists of temporary **assumed role** credentials +that will be used to perform the action instead of those that are configured in the **asset** . The +parameter is not designed to be configured manually, but should instead be used in conjunction with +the Phantom AWS Security Token Service app. The output of the **assume_role** action of the STS app +with data path **assume_role\_\:action_result.data.\*.Credentials** consists of a dictionary +containing the **AccessKeyId** , **SecretAccessKey** , **SessionToken** and **Expiration** key/value +pairs. This dictionary can be passed directly into the credentials parameter in any of the following +actions within a playbook. For more information, please see the [AWS Identity and Access Management +documentation](https://docs.aws.amazon.com/iam/index.html) . diff --git a/readme.html b/readme.html deleted file mode 100644 index 3d651c6..0000000 --- a/readme.html +++ /dev/null @@ -1,15 +0,0 @@ - - - -

Asset Configuration

-There are two ways to configure an AWS CloudTrail asset. The first is to configure the access_key, secret_key and region variables. If it is preferred to use a role and Phantom is running as an EC2 instance, the use_role checkbox can be checked instead. This will allow the role that is attached to the instance to be used. Please see the AWS EC2 and IAM documentation for more information. - -

Assumed Role Credentials

-The optional credentials action parameter consists of temporary assumed role credentials that will be used to perform the action instead of those that are configured in the asset. The parameter is not designed to be configured manually, but should instead be used in conjunction with the Phantom AWS Security Token Service app. The output of the assume_role action of the STS app with data path assume_role_<number>:action_result.data.*.Credentials consists of a dictionary containing the AccessKeyId, SecretAccessKey, SessionToken and Expiration key/value pairs. This dictionary can be passed directly into the credentials parameter in any of the following actions within a playbook. For more information, please see the AWS Identity and Access Management documentation. - - diff --git a/readme.md b/readme.md deleted file mode 100644 index 6a7bdbb..0000000 --- a/readme.md +++ /dev/null @@ -1,251 +0,0 @@ -[comment]: # "Auto-generated SOAR connector documentation" -# AWS CloudTrail - -Publisher: Splunk -Connector Version: 2\.2\.5 -Product Vendor: AWS -Product Name: CloudTrail -Product Version Supported (regex): "\.\*" -Minimum Product Version: 4\.9\.39220 - -This app integrates with AWS CloudTrail to perform various investigative actions - -[comment]: # " File: readme.md" -[comment]: # " Copyright (c) 2018-2021 Splunk Inc." -[comment]: # "" -[comment]: # " SPLUNK CONFIDENTIAL - Use or disclosure of this material in whole or in part" -[comment]: # " without a valid written license from Splunk Inc. is PROHIBITED." -[comment]: # "" -## Asset Configuration - -There are two ways to configure an AWS CloudTrail asset. The first is to configure the -**access_key** , **secret_key** and **region** variables. If it is preferred to use a role and -Phantom is running as an EC2 instance, the **use_role** checkbox can be checked instead. This will -allow the role that is attached to the instance to be used. Please see the [AWS EC2 and IAM -documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html) -for more information. - -## Assumed Role Credentials - -The optional **credentials** action parameter consists of temporary **assumed role** credentials -that will be used to perform the action instead of those that are configured in the **asset** . The -parameter is not designed to be configured manually, but should instead be used in conjunction with -the Phantom AWS Security Token Service app. The output of the **assume_role** action of the STS app -with data path **assume_role\_\:action_result.data.\*.Credentials** consists of a dictionary -containing the **AccessKeyId** , **SecretAccessKey** , **SessionToken** and **Expiration** key/value -pairs. This dictionary can be passed directly into the credentials parameter in any of the following -actions within a playbook. For more information, please see the [AWS Identity and Access Management -documentation](https://docs.aws.amazon.com/iam/index.html) . - - -### Configuration Variables -The below configuration variables are required for this Connector to operate. These variables are specified when configuring a CloudTrail asset in SOAR. - -VARIABLE | REQUIRED | TYPE | DESCRIPTION --------- | -------- | ---- | ----------- -**Access Key** | optional | password | Access Key -**Secret Key** | optional | password | Secret Key -**Region** | required | string | Default Region -**use\_role** | optional | boolean | Use attached role when running Phantom in EC2 - -### Supported Actions -[test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity using the supplied configuration -[describe trails](#action-describe-trails) - Retrieve settings for trails associated with the current region and the multi\-region trails -[run query](#action-run-query) - Lookup the management events captured by CloudTrail - -## action: 'test connectivity' -Validate the asset configuration for connectivity using the supplied configuration - -Type: **test** -Read only: **True** - -#### Action Parameters -No parameters are required for this action - -#### Action Output -No Output - -## action: 'describe trails' -Retrieve settings for trails associated with the current region and the multi\-region trails - -Type: **investigate** -Read only: **True** - -#### Action Parameters -PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS ---------- | -------- | ----------- | ---- | -------- -**include\_shadow\_trails** | optional | Inform command to include shadow trails | boolean | -**credentials** | optional | Assumed role credentials | string | `aws credentials` - -#### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.status | string | -action\_result\.parameter\.include\_shadow\_trails | boolean | -action\_result\.data\.\*\.HasCustomEventSelectors | boolean | -action\_result\.data\.\*\.HomeRegion | string | -action\_result\.data\.\*\.IncludeGlobalServiceEvents | boolean | -action\_result\.data\.\*\.IsMultiRegionTrail | boolean | -action\_result\.data\.\*\.IsOrganizationTrail | boolean | -action\_result\.data\.\*\.LogFileValidationEnabled | boolean | -action\_result\.data\.\*\.Name | string | -action\_result\.data\.\*\.S3BucketName | string | -action\_result\.data\.\*\.SnsTopicARN | string | `aws arn` -action\_result\.data\.\*\.SnsTopicName | string | `aws arn` -action\_result\.data\.\*\.TrailARN | string | `aws arn` -action\_result\.summary\.message | string | -action\_result\.message | string | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | -action\_result\.parameter\.credentials | string | `aws credentials` - -## action: 'run query' -Lookup the management events captured by CloudTrail - -Type: **investigate** -Read only: **True** - -#### Action Parameters -PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS ---------- | -------- | ----------- | ---- | -------- -**attribute\_key** | optional | Select an Attribute to query by \(or leave blank to retrieve all records\) | string | -**attribute\_value** | optional | Specify the Value by which to search\. Note that true/false values must be lower\-case | string | -**start\_date** | optional | Start date in the format of yyyy\-mm\-dd \(e\.g\. 2019\-12\-25\) | string | -**end\_date** | optional | End date in the format of yyyy\-mm\-dd \(e\.g\. 2019\-12\-25\) | string | -**max\_results** | optional | Max results to return | numeric | -**credentials** | optional | Assumed role credentials | string | `aws credentials` - -#### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.status | string | -action\_result\.parameter\.attribute\_key | string | -action\_result\.parameter\.attribute\_value | string | -action\_result\.parameter\.end\_date | string | -action\_result\.parameter\.max\_results | numeric | -action\_result\.parameter\.start\_date | string | -action\_result\.data\.\*\.AccessKeyId | string | -action\_result\.data\.\*\.EventId | string | -action\_result\.data\.\*\.EventName | string | -action\_result\.data\.\*\.EventSource | string | -action\_result\.data\.\*\.EventTime | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.apiVersion | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.awsRegion | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.errorCode | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.errorMessage | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.eventID | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.eventName | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.eventSource | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.eventTime | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.eventType | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.eventVersion | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.readOnly | boolean | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.recipientAccountId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestID | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.Filters\.UpdatedAt\.\*\.End | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.Filters\.UpdatedAt\.\*\.Start | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.MaxResults | numeric | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.accountId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.agentName | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.agentStatus | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.agentVersion | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.computerName | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.defaultOnly | boolean | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.encryptionContext\.aws\:lambda\:FunctionArn | string | `aws arn` -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.endTime | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.environmentId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.externalId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.fileSystemId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.iPAddress | string | `ip` -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.instanceId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.limit | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.lookupAttributes\.\*\.attributeKey | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.lookupAttributes\.\*\.attributeValue | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.marker | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.maxItems | numeric | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.maxRecords | numeric | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.maxResults | numeric | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.mountTargetId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.networkInterfaceId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.platformName | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.platformType | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.platformVersion | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.policyArn | string | `aws arn` -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.requestContext\.awsAccountId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.resource | string | `aws arn` -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.resourceArn | string | `aws arn` -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.resourceId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.roleArn | string | `aws arn` -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.roleName | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.roleSessionName | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.stackName | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.startTime | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.topicArn | string | `aws arn` -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.requestParameters\.versionId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.resources\.\*\.ARN | string | `aws arn` -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.resources\.\*\.accountId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.resources\.\*\.type | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.Message | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.assumedRoleUser\.arn | string | `aws arn` -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.assumedRoleUser\.assumedRoleId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.credentials\.accessKeyId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.credentials\.expiration | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.credentials\.sessionToken | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.directories\.\*\.alias | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.directories\.\*\.customerUserName | string | `user name` -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.directories\.\*\.directoryId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.directories\.\*\.directoryName | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.directories\.\*\.directoryType | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.directories\.\*\.dnsIpAddresses | string | `ip` -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.directories\.\*\.iamRoleId | string | `aws arn` -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.directories\.\*\.registrationCode | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.directories\.\*\.state | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.directories\.\*\.subnetIds | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.directories\.\*\.workspaceCreationProperties\.enableInternetAccess | boolean | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.directories\.\*\.workspaceCreationProperties\.enableWorkDocs | boolean | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.directories\.\*\.workspaceCreationProperties\.userEnabledAsLocalAdministrator | boolean | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.directories\.\*\.workspaceSecurityGroupId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.tags\.aws\:cloudformation\:logical\-id | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.tags\.aws\:cloudformation\:stack\-id | string | `aws arn` -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.tags\.aws\:cloudformation\:stack\-name | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.workspaces\.\*\.bundleId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.workspaces\.\*\.computerName | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.workspaces\.\*\.directoryId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.workspaces\.\*\.ipAddress | string | `ip` -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.workspaces\.\*\.state | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.workspaces\.\*\.subnetId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.workspaces\.\*\.userName | string | `user name` -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.workspaces\.\*\.workspaceId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.workspaces\.\*\.workspaceProperties\.computeTypeName | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.workspaces\.\*\.workspaceProperties\.rootVolumeSizeGib | numeric | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.workspaces\.\*\.workspaceProperties\.runningMode | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.workspaces\.\*\.workspaceProperties\.runningModeAutoStopTimeoutInMinutes | numeric | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.responseElements\.workspaces\.\*\.workspaceProperties\.userVolumeSizeGib | numeric | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.sharedEventID | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.sourceIPAddress | string | `ip` -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.userAgent | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.userIdentity\.accessKeyId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.userIdentity\.accountId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.userIdentity\.arn | string | `aws arn` -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.userIdentity\.invokedBy | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.userIdentity\.principalId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.userIdentity\.sessionContext\.attributes\.creationDate | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.userIdentity\.sessionContext\.attributes\.mfaAuthenticated | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.userIdentity\.sessionContext\.sessionIssuer\.accountId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.userIdentity\.sessionContext\.sessionIssuer\.arn | string | `aws arn` -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.userIdentity\.sessionContext\.sessionIssuer\.principalId | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.userIdentity\.sessionContext\.sessionIssuer\.type | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.userIdentity\.sessionContext\.sessionIssuer\.userName | string | `user name` -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.userIdentity\.type | string | -action\_result\.data\.\*\.ExtractedCloudTrailEvent\.userIdentity\.userName | string | `email` `user name` -action\_result\.data\.\*\.ReadOnly | string | -action\_result\.data\.\*\.Resources\.\*\.ResourceName | string | -action\_result\.data\.\*\.Resources\.\*\.ResourceType | string | -action\_result\.data\.\*\.Username | string | `email` `user name` -action\_result\.summary\.total\_lookup\_events | numeric | -action\_result\.message | string | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | -action\_result\.parameter\.credentials | string | `aws credentials` \ No newline at end of file diff --git a/release_notes/2.2.7.md b/release_notes/2.2.7.md new file mode 100644 index 0000000..a48bad3 --- /dev/null +++ b/release_notes/2.2.7.md @@ -0,0 +1 @@ +* Updated requests and certifi dependencies in order to use platform packages [PAPP-30822, PAPP-31096] \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index db5641c..c4ba192 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,4 @@ boto3==1.17.6 botocore==1.20.30 docutils==0.18 -requests==2.25.0 six==1.15.0 diff --git a/tox.ini b/tox.ini new file mode 100644 index 0000000..c4644ad --- /dev/null +++ b/tox.ini @@ -0,0 +1,7 @@ +[flake8] +max-line-length = 145 +max-complexity = 28 +extend-ignore = F403,E128,E126,E111,E121,E127,E731,E201,E202,F405,E722,D,W292 + +[isort] +line_length = 145 diff --git a/wheels/certifi-2021.10.8-py2.py3-none-any.whl b/wheels/certifi-2021.10.8-py2.py3-none-any.whl deleted file mode 100644 index fbcb86b..0000000 Binary files a/wheels/certifi-2021.10.8-py2.py3-none-any.whl and /dev/null differ diff --git a/wheels/chardet-3.0.4-py2.py3-none-any.whl b/wheels/chardet-3.0.4-py2.py3-none-any.whl deleted file mode 100644 index d276977..0000000 Binary files a/wheels/chardet-3.0.4-py2.py3-none-any.whl and /dev/null differ diff --git a/wheels/idna-2.10-py2.py3-none-any.whl b/wheels/idna-2.10-py2.py3-none-any.whl deleted file mode 100644 index 41225cb..0000000 Binary files a/wheels/idna-2.10-py2.py3-none-any.whl and /dev/null differ diff --git a/wheels/requests-2.25.0-py2.py3-none-any.whl b/wheels/requests-2.25.0-py2.py3-none-any.whl deleted file mode 100644 index c3f28e5..0000000 Binary files a/wheels/requests-2.25.0-py2.py3-none-any.whl and /dev/null differ diff --git a/wheels/boto3-1.17.6-py2.py3-none-any.whl b/wheels/shared/boto3-1.17.6-py2.py3-none-any.whl similarity index 100% rename from wheels/boto3-1.17.6-py2.py3-none-any.whl rename to wheels/shared/boto3-1.17.6-py2.py3-none-any.whl diff --git a/wheels/botocore-1.20.30-py2.py3-none-any.whl b/wheels/shared/botocore-1.20.30-py2.py3-none-any.whl similarity index 100% rename from wheels/botocore-1.20.30-py2.py3-none-any.whl rename to wheels/shared/botocore-1.20.30-py2.py3-none-any.whl diff --git a/wheels/docutils-0.18-py2.py3-none-any.whl b/wheels/shared/docutils-0.18-py2.py3-none-any.whl similarity index 100% rename from wheels/docutils-0.18-py2.py3-none-any.whl rename to wheels/shared/docutils-0.18-py2.py3-none-any.whl diff --git a/wheels/jmespath-0.10.0-py2.py3-none-any.whl b/wheels/shared/jmespath-0.10.0-py2.py3-none-any.whl similarity index 100% rename from wheels/jmespath-0.10.0-py2.py3-none-any.whl rename to wheels/shared/jmespath-0.10.0-py2.py3-none-any.whl diff --git a/wheels/python_dateutil-2.8.2-py2.py3-none-any.whl b/wheels/shared/python_dateutil-2.8.2-py2.py3-none-any.whl similarity index 100% rename from wheels/python_dateutil-2.8.2-py2.py3-none-any.whl rename to wheels/shared/python_dateutil-2.8.2-py2.py3-none-any.whl diff --git a/wheels/s3transfer-0.3.7-py2.py3-none-any.whl b/wheels/shared/s3transfer-0.3.7-py2.py3-none-any.whl similarity index 100% rename from wheels/s3transfer-0.3.7-py2.py3-none-any.whl rename to wheels/shared/s3transfer-0.3.7-py2.py3-none-any.whl diff --git a/wheels/six-1.15.0-py2.py3-none-any.whl b/wheels/shared/six-1.15.0-py2.py3-none-any.whl similarity index 100% rename from wheels/six-1.15.0-py2.py3-none-any.whl rename to wheels/shared/six-1.15.0-py2.py3-none-any.whl diff --git a/wheels/shared/urllib3-1.26.18-py2.py3-none-any.whl b/wheels/shared/urllib3-1.26.18-py2.py3-none-any.whl new file mode 100644 index 0000000..c7337c7 Binary files /dev/null and b/wheels/shared/urllib3-1.26.18-py2.py3-none-any.whl differ diff --git a/wheels/urllib3-1.26.7-py2.py3-none-any.whl b/wheels/urllib3-1.26.7-py2.py3-none-any.whl deleted file mode 100644 index 62189e6..0000000 Binary files a/wheels/urllib3-1.26.7-py2.py3-none-any.whl and /dev/null differ