Merge pull request #7 from splunk-soar-connectors/tapishj/PAPP-35152

PAPP-35152: Documentation Changes

README.md

@@ -4,11 +4,11 @@
 Publisher: Splunk  
 Connector Version: 1.0.1  
 Product Vendor: Cisco  
-Product Name: Talos Cloud Intelligence  
+Product Name: Talos Intelligence  
 Product Version Supported (regex): ".\*"  
-Minimum Product Version: 6.2.2  
+Minimum Product Version: 6.3.0  
 
-This app provides investigative actions for Cisco Talos Cloud Intelligence
+This app provides investigative actions for Cisco Talos Intelligence
 
 [comment]: # " File: README.md"
 [comment]: # "Copyright (c) 2024 Splunk Inc."
@@ -24,31 +24,23 @@ This app provides investigative actions for Cisco Talos Cloud Intelligence
 [comment]: # "either express or implied. See the License for the specific language governing permissions"
 [comment]: # "and limitations under the License."
 [comment]: # ""
-## Getting a Talos license 
+## Cisco Talos Intelligence license for Splunk SOAR (Cloud)
 
-A request needs to be made to the Talos team. In the configuration window please insert the certificate contents and
-private key separatley.  
+The Cisco Talos Intelligence license is included with your Splunk SOAR (Cloud) license.
 
-## Talos
+## Overview
 
-This app makes use of Ciscos Talos API that specializes in identifying, analyzing, and mitigating cybersecurity threats
+This app uses the Cisco Talos API that specializes in identifying, analyzing, and mitigating cybersecurity threats.
 
+For additional details, see the [Cisco Talos Intelligence article](https://docs.splunk.com/Documentation/SOAR/current/Playbook/Talos) in the Splunk SOAR documentation.
 
-### Configuration Variables
-The below configuration variables are required for this Connector to operate.  These variables are specified when configuring a Talos Cloud Intelligence asset in SOAR.
-
-VARIABLE | REQUIRED | TYPE | DESCRIPTION
--------- | -------- | ---- | -----------
-**base_url** |  required  | string | Base URL provided by Talos
-**certificate** |  required  | password | Certificate contents to authenticate with Talos
-**key** |  required  | password | Private key to authenticate with Talos
-**verify_server_cert** |  optional  | boolean | Verify server certificate
+**Note:** The Cisco Talos Intelligence asset is already configured in your Splunk SOAR (Cloud) deployment. 
 
 ### Supported Actions  
 [test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity using supplied configuration  
-[ip reputation](#action-ip-reputation) - Query IP info  
-[domain reputation](#action-domain-reputation) - Query domain info  
-[url reputation](#action-url-reputation) - Query URL info  
+[ip reputation](#action-ip-reputation) - Look up Cisco Talos threat intelligence for a given IP address  
+[domain reputation](#action-domain-reputation) - Look up Cisco Talos threat intelligence for a given domain  
+[url reputation](#action-url-reputation) - Look up Cisco Talos threat intelligence for a given URL  
 
 ## action: 'test connectivity'
 Validate the asset configuration for connectivity using supplied configuration
@@ -65,12 +57,12 @@ No parameters are required for this action
 No Output  
 
 ## action: 'ip reputation'
-Query IP info
+Look up Cisco Talos threat intelligence for a given IP address
 
 Type: **investigate**  
 Read only: **True**
 
-Provide information on an IP address's reputation, enabling you to take proper action against untrusted, and unwanted resources.
+Provides information on an IP address's reputation, so you can take appropriate action against untrusted or unwanted resources.
 
 #### Action Parameters
 PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
@@ -92,22 +84,22 @@ action_result.data.\*.AUP | string |  |
 action_result.summary.message | string |  |   72.163.4.185 has a Favorable threat level   
 
 ## action: 'domain reputation'
-Query domain info
+Look up Cisco Talos threat intelligence for a given domain
 
 Type: **investigate**  
 Read only: **True**
 
-Provide information on a domain's reputation, enabling you to take proper action against untrusted, and unwanted resources.
+Provides information on a domain's reputation, so you can take appropriate action against untrusted or unwanted resources.
 
 #### Action Parameters
 PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 --------- | -------- | ----------- | ---- | --------
-**domain** |  required  | Domain to query | string |  `domain`  `url` 
+**domain** |  required  | Domain to query | string |  `domain` 
 
 #### Action Output
 DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
 --------- | ---- | -------- | --------------
-action_result.parameter.domain | string |  `domain`  `url`  |  
+action_result.parameter.domain | string |  `domain`  |  
 action_result.status | string |  |  
 action_result.message | string |  |  
 summary.total_objects | numeric |  |  
@@ -119,12 +111,12 @@ action_result.data.\*.AUP | string |  |
 action_result.summary.message | string |  |   splunk.com has a Favorable threat level   
 
 ## action: 'url reputation'
-Query URL info
+Look up Cisco Talos threat intelligence for a given URL
 
 Type: **investigate**  
 Read only: **True**
 
-Provide information on an URL's reputation, enabling you to take proper action against untrusted, and unwanted resources.
+Provides information on a URL's reputation, so you can take appropriate action against untrusted or unwanted resources.
 
 #### Action Parameters
 PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS

ciscotalosintelligence.json

@@ -1,12 +1,12 @@
 {
     "appid": "7c653487-22c8-4ec1-bca0-16a8b1513c86",
     "name": "Cisco Talos Intelligence",
-    "description": "This app provides investigative actions for Cisco Talos Cloud Intelligence",
+    "description": "This app provides investigative actions for Cisco Talos Intelligence",
     "type": "information",
     "product_vendor": "Cisco",
     "logo": "ciscotalosintelligence.svg",
     "logo_dark": "ciscotalosintelligence_dark.svg",
-    "product_name": "Talos Cloud Intelligence",
+    "product_name": "Talos Intelligence",
     "python_version": "3",
     "latest_tested_versions": [
         "Cloud, October 30, 2024"
@@ -19,7 +19,7 @@
     "package_name": "phantom_ciscotalosintelligence",
     "fips_compliant": false,
     "main_module": "ciscotalosintelligence_connector.py",
-    "min_phantom_version": "6.2.2",
+    "min_phantom_version": "6.3.0",
     "app_wizard_version": "1.0.0",
     "pip39_dependencies": {
         "wheel": [
@@ -89,33 +89,37 @@
         "base_url": {
             "data_type": "string",
             "order": 0,
-            "description": "Base URL provided by Talos",
+            "description": "Base URL provided by Talos.",
             "default": "https://soar-api.talos.cisco.com",
             "required": true,
             "name": "base_url",
-            "id": 0
+            "id": 0,
+            "visibility": []
         },
         "certificate": {
             "data_type": "password",
             "order": 1,
-            "description": "Certificate contents to authenticate with Talos",
+            "description": "Certificate contents to authenticate with Talos.",
             "required": true,
             "name": "certificate",
-            "id": 1
+            "id": 1,
+            "visibility": []
         },
         "key": {
             "data_type": "password",
             "order": 2,
-            "description": "Private key to authenticate with Talos",
+            "description": "Private key to authenticate with Talos.",
             "required": true,
             "name": "key",
-            "id": 2
+            "id": 2,
+            "visibility": []
         },
         "verify_server_cert": {
-            "description": "Verify server certificate",
+            "description": "Verify server certificate.",
             "data_type": "boolean",
             "default": false,
-            "order": 3
+            "order": 3,
+            "visibility": []
         }
     },
     "actions": [
@@ -133,8 +137,8 @@
         {
             "action": "ip reputation",
             "identifier": "ip_reputation",
-            "description": "Query IP info",
-            "verbose": "Provide information on an IP address's reputation, enabling you to take proper action against untrusted, and unwanted resources.",
+            "description": "Look up Cisco Talos threat intelligence for a given IP address",
+            "verbose": "Provides information on an IP address's reputation, so you can take appropriate action against untrusted or unwanted resources.",
             "type": "investigate",
             "read_only": true,
             "parameters": {
@@ -221,8 +225,8 @@
         {
             "action": "domain reputation",
             "identifier": "domain_reputation",
-            "description": "Query domain info",
-            "verbose": "Provide information on a domain's reputation, enabling you to take proper action against untrusted, and unwanted resources.",
+            "description": "Look up Cisco Talos threat intelligence for a given domain",
+            "verbose": "Provides information on a domain's reputation, so you can take appropriate action against untrusted or unwanted resources.",
             "type": "investigate",
             "read_only": true,
             "parameters": {
@@ -232,8 +236,7 @@
                     "required": true,
                     "primary": true,
                     "contains": [
-                        "domain",
-                        "url"
+                        "domain"
                     ],
                     "value_list": [],
                     "default": "",
@@ -246,8 +249,7 @@
                     "data_path": "action_result.parameter.domain",
                     "data_type": "string",
                     "contains": [
-                        "domain",
-                        "url"
+                        "domain"
                     ]
                 },
                 {
@@ -309,8 +311,8 @@
         {
             "action": "url reputation",
             "identifier": "url_reputation",
-            "description": "Query URL info",
-            "verbose": "Provide information on an URL's reputation, enabling you to take proper action against untrusted, and unwanted resources.",
+            "description": "Look up Cisco Talos threat intelligence for a given URL",
+            "verbose": "Provides information on a URL's reputation, so you can take appropriate action against untrusted or unwanted resources.",
             "type": "investigate",
             "read_only": true,
             "parameters": {

ciscotalosintelligence_connector.py

@@ -165,7 +165,6 @@ def _make_rest_call(self, retry, endpoint, action_result, method="get", **kwargs
                 break
             except Exception as e:
                 self.debug_print(f"Retrying to establish connection to the server for the {i + 1} time")
-                self.debug_print(e)
                 jittered_delay = random.uniform(delay * 0.9, delay * 1.1)
                 time.sleep(jittered_delay)
                 delay = min(delay * 2, 256)

manual_readme_content.md

@@ -12,11 +12,14 @@
 [comment]: # "either express or implied. See the License for the specific language governing permissions"
 [comment]: # "and limitations under the License."
 [comment]: # ""
-## Getting a Talos license 
+## Cisco Talos Intelligence license for Splunk SOAR (Cloud)
 
-A request needs to be made to the Talos team. In the configuration window please insert the certificate contents and
-private key separatley.  
+The Cisco Talos Intelligence license is included with your Splunk SOAR (Cloud) license.
 
-## Talos
+## Overview
 
-This app makes use of Ciscos Talos API that specializes in identifying, analyzing, and mitigating cybersecurity threats
+This app uses the Cisco Talos API that specializes in identifying, analyzing, and mitigating cybersecurity threats.
+
+For additional details, see the [Cisco Talos Intelligence article](https://docs.splunk.com/Documentation/SOAR/current/Playbook/Talos) in the Splunk SOAR documentation.
+
+**Note:** The Cisco Talos Intelligence asset is already configured in your Splunk SOAR (Cloud) deployment.