Skip to content

Commit

Permalink
PAPP-34631: refined actions, retry logic and error handling
Browse files Browse the repository at this point in the history
  • Loading branch information
@tapishj-splunk
tapishj-splunk committed Sep 4, 2024
1 parent 10cfa58 commit 4a62597
Show file tree
Hide file tree
Showing 3 changed files with 341 additions and 217 deletions.
178 changes: 107 additions & 71 deletions talosintelligence.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,22 @@
"product_version_regex": ".*",
"publisher": "Splunk Community",
"license": "Copyright (c) Splunk Community, 2024",
"app_version": "1.0.1",
"app_version": "1.0.0",
"utctime_updated": "2024-06-21T18:40:03.685771Z",
"package_name": "phantom_talosintelligence",
"main_module": "talosintelligence_connector.py",
"min_phantom_version": "6.2.1.305",
"app_wizard_version": "1.0.0",
"pip39_dependencies": {
"pypi": [
{
"module": "httpx[http2]"
},
{
"module": "pydantic==1.10.13"
}
]
},
"configuration": {
"base_url": {
"data_type": "string",
Expand Down Expand Up @@ -68,7 +78,7 @@
"required": true,
"primary": true,
"contains": [
"ip"
"ips"
],
"value_list": [],
"default": "",
Expand All @@ -82,9 +92,7 @@
"data_type": "string",
"contains": [
"ip"
],
"column_name": "ip",
"column_order": 0
]
},
{
"data_path": "action_result.status",
Expand All @@ -105,26 +113,40 @@
"data_type": "numeric"
},
{
"data_path": "action_result.data.0.Threat Level",
"data_path": "action_result.data.*.Observable",
"data_type": "string",
"column_name": "Observable",
"column_order": 0
},
{
"data_path": "action_result.data.*.Threat_Level",
"data_type": "string",
"column_name": "threat level",
"column_order": 2
},
{
"data_path": "action_result.data.1.Threat Categories",
"data_path": "action_result.data.*.Threat_Categories",
"data_type": "string",
"column_name": "threat categories",
"column_order": 3
},
{
"data_path": "action_result.data.2.Acceptable Use Policy Categories",
"data_path": "action_result.data.*.AUP",
"data_type": "string",
"column_name": "Acceptable Use Policy Categories",
"column_order": 4
},
{
"data_path": "action_result.summary.message",
"data_type": "string",
"example_values": [
"IP successfully queried"
]
}
],
"render": {
"type": "table"
"type": "table",
"title": "IP Reputation Results"
},
"versions": "EQ(*)"
},
Expand All @@ -149,6 +171,18 @@
"default": "",
"order": 0,
"name": "domain"
},
"ips": {
"description": "Corresponding IPs to the domain. A domain may have a different reputation based on the IP it resolves to. Passing an IP can improve the accuracy of the response",
"data_type": "string",
"primary": true,
"contains": [
"ips"
],
"value_list": [],
"default": "",
"order": 1,
"name": "ips"
}
},
"output": [
Expand All @@ -158,9 +192,14 @@
"contains": [
"domain",
"url"
],
"column_name": "domain",
"column_order": 0
]
},
{
"data_path": "action_result.parameter.ips",
"data_type": "string",
"contains": [
"ips"
]
},
{
"data_path": "action_result.status",
Expand All @@ -181,25 +220,39 @@
"data_type": "numeric"
},
{
"data_path": "action_result.data.0.Threat Level",
"data_path": "action_result.data.*.Observable",
"data_type": "string",
"column_name": "Observable",
"column_order": 0
},
{
"data_path": "action_result.data.*.Threat_Level",
"data_type": "string",
"column_name": "threat level",
"column_order": 2
},
{
"data_path": "action_result.data.1.Threat Categories",
"data_path": "action_result.data.*.Threat_Categories",
"data_type": "string",
"column_name": "threat categories",
"column_order": 3
},
{
"data_path": "action_result.data.2.Acceptable Use Policy Categories",
"data_path": "action_result.data.*.AUP",
"data_type": "string",
"column_name": "Acceptable Use Policy Categories",
"column_order": 4
},
{
"data_path": "action_result.summary.message",
"data_type": "string",
"example_values": [
"Domain successfully queried"
]
}
],
"render": {
"title": "Domain Reputation Results",
"type": "table"
},
"versions": "EQ(*)"
Expand All @@ -224,6 +277,18 @@
"default": "",
"order": 0,
"name": "url"
},
"ips": {
"description": "Corresponding IPs to the url. A domain may have a different reputation based on the IP it resolves to. Passing an IP can improve the accuracy of the response",
"data_type": "string",
"primary": true,
"contains": [
"ip"
],
"value_list": [],
"default": "",
"order": 1,
"name": "ips"
}
},
"output": [
Expand All @@ -232,9 +297,14 @@
"data_type": "string",
"contains": [
"url"
],
"column_name": "url",
"column_order": 0
]
},
{
"data_path": "action_result.parameter.ips",
"data_type": "string",
"contains": [
"ips"
]
},
{
"data_path": "action_result.status",
Expand All @@ -255,25 +325,39 @@
"data_type": "numeric"
},
{
"data_path": "action_result.data.0.Threat Level",
"data_path": "action_result.data.*.Observable",
"data_type": "string",
"column_name": "Observable",
"column_order": 0
},
{
"data_path": "action_result.data.*.Threat_Level",
"data_type": "string",
"column_name": "threat level",
"column_order": 2
},
{
"data_path": "action_result.data.1.Threat Categories",
"data_path": "action_result.data.*.Threat_Categories",
"data_type": "string",
"column_name": "threat categories",
"column_order": 3
},
{
"data_path": "action_result.data.2.Acceptable Use Policy Categories",
"data_path": "action_result.data.*.AUP",
"data_type": "string",
"column_name": "Acceptable Use Policy Categories",
"column_order": 4
},
{
"data_path": "action_result.summary.message",
"data_type": "string",
"example_values": [
"URL successfully queried"
]
}
],
"render": {
"title": "URL Reputation Results",
"type": "table"
},
"versions": "EQ(*)"
Expand All @@ -286,53 +370,5 @@
"appname": "-",
"executable": "spawn3",
"disabled": false,
"custom_made": true,
"pip39_dependencies": {
"wheel": [
{
"module": "anyio",
"input_file": "wheels/py3/anyio-4.4.0-py3-none-any.whl"
},
{
"module": "exceptiongroup",
"input_file": "wheels/py3/exceptiongroup-1.2.2-py3-none-any.whl"
},
{
"module": "h11",
"input_file": "wheels/py3/h11-0.14.0-py3-none-any.whl"
},
{
"module": "h2",
"input_file": "wheels/py3/h2-4.1.0-py3-none-any.whl"
},
{
"module": "hpack",
"input_file": "wheels/py3/hpack-4.0.0-py3-none-any.whl"
},
{
"module": "httpcore",
"input_file": "wheels/py3/httpcore-1.0.5-py3-none-any.whl"
},
{
"module": "httpx",
"input_file": "wheels/py3/httpx-0.27.2-py3-none-any.whl"
},
{
"module": "hyperframe",
"input_file": "wheels/py3/hyperframe-6.0.1-py3-none-any.whl"
},
{
"module": "pydantic",
"input_file": "wheels/py39/pydantic-1.10.13-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.whl"
},
{
"module": "sniffio",
"input_file": "wheels/py3/sniffio-1.3.1-py3-none-any.whl"
},
{
"module": "typing_extensions",
"input_file": "wheels/py3/typing_extensions-4.12.2-py3-none-any.whl"
}
]
}
}
"custom_made": true
}
Loading

0 comments on commit 4a62597

Please sign in to comment.