splunk-soar-connectors · sodle-splunk · Sep 4, 2024 · Sep 4, 2024 · Sep 4, 2024
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+.vscode/
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,11 +1,11 @@
 repos:
--   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.13
+  - repo: https://github.com/phantomcyber/dev-cicd-tools
+    rev: v1.18
     hooks:
-    -   id: org-hook
-    -   id: package-app-dependencies
--   repo: https://github.com/Yelp/detect-secrets
-    rev: v1.2.0
+      - id: org-hook
+      - id: package-app-dependencies
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.5.0
     hooks:
-    -   id: detect-secrets
-        args: ['--no-verify']
+      - id: detect-secrets
+        args: ["--no-verify"]
diff --git a/README.md b/README.md
@@ -1,9 +1,111 @@
-# Splunk> Phantom
+[comment]: # "Auto-generated SOAR connector documentation"
+# Talos Intelligence
 
-Welcome to the open-source repository for Splunk> Phantom's talosintelligencev2 App.
+Publisher: Splunk Community  
+Connector Version: 1.0.0  
+Product Vendor: Cisco  
+Product Name: Talos Cloud Intelligence  
+Product Version Supported (regex): ".\*"  
+Minimum Product Version: 6.2.1.305  
 
-Please have a look at our [Contributing Guide](https://github.com/Splunk-SOAR-Apps/.github/blob/main/.github/CONTRIBUTING.md) if you are interested in contributing, raising issues, or learning more about open-source Phantom apps.
+This app provides investigative actions for Talos Intelligence
 
-## Legal and License
 
-This Phantom App is licensed under the Apache 2.0 license. Please see our [Contributing Guide](https://github.com/Splunk-SOAR-Apps/.github/blob/main/.github/CONTRIBUTING.md#legal-notice) for further details.
+Replace this text in the app's **readme.html** to contain more detailed information
+
+
+### Configuration Variables
+The below configuration variables are required for this Connector to operate.  These variables are specified when configuring a Talos Cloud Intelligence asset in SOAR.
+
+VARIABLE | REQUIRED | TYPE | DESCRIPTION
+-------- | -------- | ---- | -----------
+**base_url** |  required  | string | Base URL provided by Talos
+**certificate** |  optional  | password | Certificate contents to authenticate with Talos
+**key** |  optional  | password | Private key to authenticate with Talos
+
+### Supported Actions  
+[test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity using supplied configuration  
+[ip reputation](#action-ip-reputation) - Queries IP info  
+[domain reputation](#action-domain-reputation) - Queries domain info  
+[url reputation](#action-url-reputation) - Queries URL info  
+
+## action: 'test connectivity'
+Validate the asset configuration for connectivity using supplied configuration
+
+Type: **test**  
+Read only: **True**
+
+#### Action Parameters
+No parameters are required for this action
+
+#### Action Output
+No Output  
+
+## action: 'ip reputation'
+Queries IP info
+
+Type: **investigate**  
+Read only: **True**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**ip** |  required  | IP to query | string |  `ip` 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.parameter.ip | string |  `ip`  |  
+action_result.status | string |  |  
+action_result.message | string |  |  
+summary.total_objects | numeric |  |  
+summary.total_objects_successful | numeric |  |  
+action_result.data.0.Threat Level | string |  |  
+action_result.data.1.Threat Categories | string |  |  
+action_result.data.2.Acceptable Use Policy Categories | string |  |    
+
+## action: 'domain reputation'
+Queries domain info
+
+Type: **investigate**  
+Read only: **True**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**domain** |  required  | Domain to query | string |  `domain`  `url` 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.parameter.domain | string |  `domain`  `url`  |  
+action_result.status | string |  |  
+action_result.message | string |  |  
+summary.total_objects | numeric |  |  
+summary.total_objects_successful | numeric |  |  
+action_result.data.0.Threat Level | string |  |  
+action_result.data.1.Threat Categories | string |  |  
+action_result.data.2.Acceptable Use Policy Categories | string |  |    
+
+## action: 'url reputation'
+Queries URL info
+
+Type: **investigate**  
+Read only: **True**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**url** |  required  | URL to query | string |  `url` 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.parameter.url | string |  `url`  |  
+action_result.status | string |  |  
+action_result.message | string |  |  
+summary.total_objects | numeric |  |  
+summary.total_objects_successful | numeric |  |  
+action_result.data.0.Threat Level | string |  |  
+action_result.data.1.Threat Categories | string |  |  
+action_result.data.2.Acceptable Use Policy Categories | string |  |  
diff --git a/__init__.py b/__init__.py
diff --git a/exclude_files.txt b/exclude_files.txt
@@ -0,0 +1 @@
+.git*
diff --git a/readme.html b/readme.html
@@ -0,0 +1,4 @@
+<html>
+  <head></head>
+  <body>Replace this text in the app's <b>readme.html</b> to contain more detailed information</body>
+</html>
diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1,2 @@
+httpx[http2]==0.27.2
+pydantic==1.10.13