From a014af848db195b92601f64b58b0033ee0668109 Mon Sep 17 00:00:00 2001 From: Tapish Jain Date: Fri, 6 Sep 2024 12:23:55 -0700 Subject: [PATCH 01/16] PAPP-34667: static test fixes --- requirements.txt | 1 + talosintelligence.json | 14 +++++++------- talosintelligence_connector.py | 24 ++++++++++++++++-------- talosintelligence_consts.py | 16 ++++++++++++++++ 4 files changed, 40 insertions(+), 15 deletions(-) diff --git a/requirements.txt b/requirements.txt index 901eb69..b6b6659 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,3 @@ httpx[http2]==0.27.2 pydantic==1.10.13 +beautifulsoup4==4.9.1 diff --git a/talosintelligence.json b/talosintelligence.json index 2e317e2..a59999d 100644 --- a/talosintelligence.json +++ b/talosintelligence.json @@ -1,6 +1,6 @@ { "appid": "7c653487-22c8-4ec1-bca0-16a8b1513c86", - "name": "Talos Intelligence", + "name": "Talos Intelligence V2", "description": "This app provides investigative actions for Talos Intelligence", "type": "information", "product_vendor": "Cisco", @@ -9,11 +9,11 @@ "product_name": "Talos Cloud Intelligence", "python_version": "3", "product_version_regex": ".*", - "publisher": "Splunk Community", + "publisher": "Splunk", "license": "Copyright (c) Splunk Community, 2024", "app_version": "1.0.1", "utctime_updated": "2024-06-21T18:40:03.685771Z", - "package_name": "phantom_talosintelligence", + "package_name": "phantom_talosintelligencev2", "main_module": "talosintelligence_connector.py", "min_phantom_version": "6.2.1.305", "app_wizard_version": "1.0.0", @@ -47,7 +47,7 @@ "action": "test connectivity", "identifier": "test_connectivity", "description": "Validate the asset configuration for connectivity using supplied configuration", - "verbose": "", + "verbose": "Action used the URS API to get a list of the AUP categories used to classify website content.", "type": "test", "read_only": true, "parameters": {}, @@ -58,7 +58,7 @@ "action": "ip reputation", "identifier": "ip_reputation", "description": "Queries IP info", - "verbose": "", + "verbose": "Provides informations on an IP addresses reputation, enabling you to take proper action against untrusted, and unwated resources.", "type": "investigate", "read_only": true, "parameters": { @@ -132,7 +132,7 @@ "action": "domain reputation", "identifier": "domain_reputation", "description": "Queries domain info", - "verbose": "", + "verbose": "Provides informations on a domains reputation, enabling you to take proper action against untrusted, and unwated resources.", "type": "investigate", "read_only": true, "parameters": { @@ -208,7 +208,7 @@ "action": "url reputation", "identifier": "url_reputation", "description": "Queries URL info", - "verbose": "", + "verbose": "Provides informations on an urls reputation, enabling you to take proper action against untrusted, and unwated resources.", "type": "investigate", "read_only": true, "parameters": { diff --git a/talosintelligence_connector.py b/talosintelligence_connector.py index f31a918..a04ef70 100644 --- a/talosintelligence_connector.py +++ b/talosintelligence_connector.py @@ -1,11 +1,19 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# ----------------------------------------- -# Phantom sample App Connector python file -# ----------------------------------------- - -# Python 3 Compatibility imports -from __future__ import print_function, unicode_literals +# File: talosintelligence_connector.py +# +# Copyright (c) 2017-2024 Splunk Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed under +# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, +# either express or implied. See the License for the specific language governing permissions +# and limitations under the License. +# +# import ipaddress import json diff --git a/talosintelligence_consts.py b/talosintelligence_consts.py index ffc19d2..5446e0b 100644 --- a/talosintelligence_consts.py +++ b/talosintelligence_consts.py @@ -1,3 +1,19 @@ +# File: talosintelligence_consts.py +# +# Copyright (c) 2017-2024 Splunk Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed under +# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, +# either express or implied. See the License for the specific language governing permissions +# and limitations under the License. +# +# # Define your constants here From cee631acebcd1ffd41ccf6e9d5ed3d4fa0de04e9 Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Fri, 6 Sep 2024 19:24:38 +0000 Subject: [PATCH 02/16] Update README.md --- README.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1c7f591..32be6bf 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ [comment]: # "Auto-generated SOAR connector documentation" -# Talos Intelligence +# Talos Intelligence V2 -Publisher: Splunk Community +Publisher: Splunk Connector Version: 1.0.1 Product Vendor: Cisco Product Name: Talos Cloud Intelligence @@ -35,6 +35,8 @@ Validate the asset configuration for connectivity using supplied configuration Type: **test** Read only: **True** +Action used the URS API to get a list of the AUP categories used to classify website content. + #### Action Parameters No parameters are required for this action @@ -47,6 +49,8 @@ Queries IP info Type: **investigate** Read only: **True** +Provides informations on an IP addresses reputation, enabling you to take proper action against untrusted, and unwated resources. + #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- @@ -70,6 +74,8 @@ Queries domain info Type: **investigate** Read only: **True** +Provides informations on a domains reputation, enabling you to take proper action against untrusted, and unwated resources. + #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- @@ -93,6 +99,8 @@ Queries URL info Type: **investigate** Read only: **True** +Provides informations on an urls reputation, enabling you to take proper action against untrusted, and unwated resources. + #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- From 646e16927bde4c91100e28f734075ad5513f2d1a Mon Sep 17 00:00:00 2001 From: Tapish Jain Date: Fri, 6 Sep 2024 12:27:26 -0700 Subject: [PATCH 03/16] PAPP-34667: adding fips compliant key --- talosintelligence.json | 1 + 1 file changed, 1 insertion(+) diff --git a/talosintelligence.json b/talosintelligence.json index a59999d..3f673bd 100644 --- a/talosintelligence.json +++ b/talosintelligence.json @@ -14,6 +14,7 @@ "app_version": "1.0.1", "utctime_updated": "2024-06-21T18:40:03.685771Z", "package_name": "phantom_talosintelligencev2", + "fips_compliant": false, "main_module": "talosintelligence_connector.py", "min_phantom_version": "6.2.1.305", "app_wizard_version": "1.0.0", From b01c75da34d6568f6f88a8f777ddafbe4b9d06ea Mon Sep 17 00:00:00 2001 From: Tapish Jain Date: Fri, 6 Sep 2024 14:56:05 -0700 Subject: [PATCH 04/16] PAPP-34667: reording stuff in requiremnts --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index b6b6659..f80364f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,3 @@ +beautifulsoup4==4.9.1 httpx[http2]==0.27.2 pydantic==1.10.13 -beautifulsoup4==4.9.1 From add0eab7bc2fce89147d647cef5504e2b2f7e5c9 Mon Sep 17 00:00:00 2001 From: Tapish Jain Date: Mon, 9 Sep 2024 09:12:36 -0700 Subject: [PATCH 05/16] PAPP-34667: fixing more static test errors --- .pre-commit-config.yaml | 16 ++++++++-------- LICENSE | 2 +- __init__.py | 14 ++++++++++++++ readme.html | 4 ---- talosintelligence.json | 8 +++++++- talosintelligence_connector.py | 2 +- talosintelligence_consts.py | 2 -- 7 files changed, 31 insertions(+), 17 deletions(-) delete mode 100644 readme.html diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b662498..5e8fb83 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,11 +1,11 @@ repos: - - repo: https://github.com/phantomcyber/dev-cicd-tools - rev: v1.18 +- repo: https://github.com/phantomcyber/dev-cicd-tools + rev: v1.17 hooks: - - id: org-hook - - id: package-app-dependencies - - repo: https://github.com/Yelp/detect-secrets - rev: v1.5.0 + - id: org-hook + - id: package-app-dependencies +- repo: https://github.com/Yelp/detect-secrets + rev: v1.4.0 hooks: - - id: detect-secrets - args: ["--no-verify"] + - id: detect-secrets + args: ['--no-verify', '--exclude-files', '^gsgmail.json$'] diff --git a/LICENSE b/LICENSE index 7aa5186..b7b3c69 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright (c) Splunk Community, 2024 + Copyright (c) 2016-2024 Splunk Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/__init__.py b/__init__.py index e69de29..04fd24e 100644 --- a/__init__.py +++ b/__init__.py @@ -0,0 +1,14 @@ +# File: __init__.py +# +# Copyright (c) 2017-2024 Splunk Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed under +# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, +# either express or implied. See the License for the specific language governing permissions +# and limitations under the License. diff --git a/readme.html b/readme.html deleted file mode 100644 index 58ee2ec..0000000 --- a/readme.html +++ /dev/null @@ -1,4 +0,0 @@ - - - Replace this text in the app's readme.html to contain more detailed information - diff --git a/talosintelligence.json b/talosintelligence.json index 3f673bd..4270aed 100644 --- a/talosintelligence.json +++ b/talosintelligence.json @@ -10,7 +10,7 @@ "python_version": "3", "product_version_regex": ".*", "publisher": "Splunk", - "license": "Copyright (c) Splunk Community, 2024", + "license": "Copyright (c) 2017-2024 Splunk Inc.", "app_version": "1.0.1", "utctime_updated": "2024-06-21T18:40:03.685771Z", "package_name": "phantom_talosintelligencev2", @@ -41,6 +41,12 @@ "description": "Private key to authenticate with Talos", "name": "key", "id": 2 + }, + "verify_server_cert": { + "description": "Verify server certificate", + "data_type": "boolean", + "default": false, + "order": 3 } }, "actions": [ diff --git a/talosintelligence_connector.py b/talosintelligence_connector.py index a04ef70..b249676 100644 --- a/talosintelligence_connector.py +++ b/talosintelligence_connector.py @@ -14,7 +14,7 @@ # and limitations under the License. # # - +# Phantom App imports import ipaddress import json import os diff --git a/talosintelligence_consts.py b/talosintelligence_consts.py index 5446e0b..c7de9c6 100644 --- a/talosintelligence_consts.py +++ b/talosintelligence_consts.py @@ -15,8 +15,6 @@ # # # Define your constants here - - ENDPOINT_QUERY_REPUTATION_V3 = "/Talos.Service.URS/QueryReputationV3" ENDPOINT_QUERY_AUP_CAT_MAP = "/Talos.Service.URS/QueryAUPCatMap" ENDPOINT_QUERY_TAXONOMIES = "/Talos.Service.TTS/QueryTaxonomyCatalogs" From 8f5b38ce8ffe697f604b504d33c751a1485d0960 Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Mon, 9 Sep 2024 16:13:19 +0000 Subject: [PATCH 06/16] Update README.md --- README.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/README.md b/README.md index 32be6bf..eb7e7be 100644 --- a/README.md +++ b/README.md @@ -10,10 +10,6 @@ Minimum Product Version: 6.2.1.305 This app provides investigative actions for Talos Intelligence - -Replace this text in the app's **readme.html** to contain more detailed information - - ### Configuration Variables The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Talos Cloud Intelligence asset in SOAR. @@ -22,6 +18,7 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION **base_url** | required | string | Base URL provided by Talos **certificate** | optional | password | Certificate contents to authenticate with Talos **key** | optional | password | Private key to authenticate with Talos +**verify_server_cert** | optional | boolean | Verify server certificate ### Supported Actions [test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity using supplied configuration From 2152a88ce229ef9ce401cd30493b3c6b496edff0 Mon Sep 17 00:00:00 2001 From: Tapish Jain Date: Mon, 9 Sep 2024 10:22:05 -0700 Subject: [PATCH 07/16] PAPP-34667: fixing more static test errors --- LICENSE | 2 +- manual_readme_content.md | 22 ++++++++++++++++++++++ talosintelligence.json | 3 +++ 3 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 manual_readme_content.md diff --git a/LICENSE b/LICENSE index b7b3c69..d0f6848 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright (c) 2016-2024 Splunk Inc. + Copyright (c) 2017-2024 Splunk Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/manual_readme_content.md b/manual_readme_content.md new file mode 100644 index 0000000..581def3 --- /dev/null +++ b/manual_readme_content.md @@ -0,0 +1,22 @@ +[comment]: # " File: README.md" +[comment]: # "Copyright (c) 2017-2024 Splunk Inc." +[comment]: # "" +[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');" +[comment]: # "you may not use this file except in compliance with the License." +[comment]: # "You may obtain a copy of the License at" +[comment]: # "" +[comment]: # " http://www.apache.org/licenses/LICENSE-2.0" +[comment]: # "" +[comment]: # "Unless required by applicable law or agreed to in writing, software distributed under" +[comment]: # "the License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND," +[comment]: # "either express or implied. See the License for the specific language governing permissions" +[comment]: # "and limitations under the License." +[comment]: # "" +## Getting a Talos license + +A request needs to be made to the Talos team. In the configuration window please insert the certificate contents and +private key separatley. + +## Talos + +This app makes use of Ciscos Talos API that specializes in identifying, analyzing, and mitigating cybersecurity threats diff --git a/talosintelligence.json b/talosintelligence.json index 4270aed..30ce182 100644 --- a/talosintelligence.json +++ b/talosintelligence.json @@ -8,6 +8,9 @@ "logo_dark": "talosintelligence_dark.svg", "product_name": "Talos Cloud Intelligence", "python_version": "3", + "latest_tested_versions": [ + "Cloud, Sept 9, 2024" + ], "product_version_regex": ".*", "publisher": "Splunk", "license": "Copyright (c) 2017-2024 Splunk Inc.", From 30a093c658f0b939d803e55ce72f13ffd825a43c Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Mon, 9 Sep 2024 17:22:57 +0000 Subject: [PATCH 08/16] Update README.md --- README.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/README.md b/README.md index eb7e7be..90a96d7 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,30 @@ Minimum Product Version: 6.2.1.305 This app provides investigative actions for Talos Intelligence +[comment]: # " File: README.md" +[comment]: # "Copyright (c) 2017-2024 Splunk Inc." +[comment]: # "" +[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');" +[comment]: # "you may not use this file except in compliance with the License." +[comment]: # "You may obtain a copy of the License at" +[comment]: # "" +[comment]: # " http://www.apache.org/licenses/LICENSE-2.0" +[comment]: # "" +[comment]: # "Unless required by applicable law or agreed to in writing, software distributed under" +[comment]: # "the License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND," +[comment]: # "either express or implied. See the License for the specific language governing permissions" +[comment]: # "and limitations under the License." +[comment]: # "" +## Getting a Talos license + +A request needs to be made to the Talos team. In the configuration window please insert the certificate contents and +private key separatley. + +## Talos + +This app makes use of Ciscos Talos API that specializes in identifying, analyzing, and mitigating cybersecurity threats + + ### Configuration Variables The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Talos Cloud Intelligence asset in SOAR. From 1c57de5beb93a4b12846f2068c089cc3bc015fe0 Mon Sep 17 00:00:00 2001 From: tapishj-splunk Date: Mon, 9 Sep 2024 10:44:35 -0700 Subject: [PATCH 09/16] Update talosintelligence.json Co-authored-by: alexa-phantom <37676589+alexa-phantom@users.noreply.github.com> --- talosintelligence.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/talosintelligence.json b/talosintelligence.json index 30ce182..6325539 100644 --- a/talosintelligence.json +++ b/talosintelligence.json @@ -68,7 +68,7 @@ "action": "ip reputation", "identifier": "ip_reputation", "description": "Queries IP info", - "verbose": "Provides informations on an IP addresses reputation, enabling you to take proper action against untrusted, and unwated resources.", + "verbose": "Provides information on an IP address's reputation, enabling you to take proper action against untrusted, and unwanted resources.", "type": "investigate", "read_only": true, "parameters": { From 71cb9db39c0eb8fc8dcb9d8fe45df39119d0d1f9 Mon Sep 17 00:00:00 2001 From: tapishj-splunk Date: Mon, 9 Sep 2024 10:44:43 -0700 Subject: [PATCH 10/16] Update talosintelligence.json Co-authored-by: alexa-phantom <37676589+alexa-phantom@users.noreply.github.com> --- talosintelligence.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/talosintelligence.json b/talosintelligence.json index 6325539..e3bd85c 100644 --- a/talosintelligence.json +++ b/talosintelligence.json @@ -218,7 +218,7 @@ "action": "url reputation", "identifier": "url_reputation", "description": "Queries URL info", - "verbose": "Provides informations on an urls reputation, enabling you to take proper action against untrusted, and unwated resources.", + "verbose": "Provides information on an url's reputation, enabling you to take proper action against untrusted, and unwanted resources.", "type": "investigate", "read_only": true, "parameters": { From 1b6475b32d16533a6445428043d03bc24f3fade5 Mon Sep 17 00:00:00 2001 From: tapishj-splunk Date: Mon, 9 Sep 2024 10:44:48 -0700 Subject: [PATCH 11/16] Update talosintelligence.json Co-authored-by: alexa-phantom <37676589+alexa-phantom@users.noreply.github.com> --- talosintelligence.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/talosintelligence.json b/talosintelligence.json index e3bd85c..37cff45 100644 --- a/talosintelligence.json +++ b/talosintelligence.json @@ -142,7 +142,7 @@ "action": "domain reputation", "identifier": "domain_reputation", "description": "Queries domain info", - "verbose": "Provides informations on a domains reputation, enabling you to take proper action against untrusted, and unwated resources.", + "verbose": "Provides information on a domain's reputation, enabling you to take proper action against untrusted, and unwanted resources.", "type": "investigate", "read_only": true, "parameters": { From 1720641c2cae604079cbd6f48f5d0cf7a0693813 Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Mon, 9 Sep 2024 17:45:11 +0000 Subject: [PATCH 12/16] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 90a96d7..9631317 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ Queries IP info Type: **investigate** Read only: **True** -Provides informations on an IP addresses reputation, enabling you to take proper action against untrusted, and unwated resources. +Provides information on an IP address's reputation, enabling you to take proper action against untrusted, and unwanted resources. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS @@ -95,7 +95,7 @@ Queries domain info Type: **investigate** Read only: **True** -Provides informations on a domains reputation, enabling you to take proper action against untrusted, and unwated resources. +Provides information on a domain's reputation, enabling you to take proper action against untrusted, and unwanted resources. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS @@ -120,7 +120,7 @@ Queries URL info Type: **investigate** Read only: **True** -Provides informations on an urls reputation, enabling you to take proper action against untrusted, and unwated resources. +Provides information on an url's reputation, enabling you to take proper action against untrusted, and unwanted resources. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS From 03593135fbac76e7f82d0bd291fd8979653b9a99 Mon Sep 17 00:00:00 2001 From: Tapish Jain Date: Mon, 9 Sep 2024 10:46:07 -0700 Subject: [PATCH 13/16] PAPP-34667: changing copyright dates --- LICENSE | 2 +- __init__.py | 2 +- manual_readme_content.md | 2 +- talosintelligence.json | 2 +- talosintelligence_connector.py | 2 +- talosintelligence_consts.py | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/LICENSE b/LICENSE index d0f6848..ec0af9e 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright (c) 2017-2024 Splunk Inc. + Copyright (c) 2024 Splunk Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/__init__.py b/__init__.py index 04fd24e..300a6cd 100644 --- a/__init__.py +++ b/__init__.py @@ -1,6 +1,6 @@ # File: __init__.py # -# Copyright (c) 2017-2024 Splunk Inc. +# Copyright (c) 2024 Splunk Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/manual_readme_content.md b/manual_readme_content.md index 581def3..822e254 100644 --- a/manual_readme_content.md +++ b/manual_readme_content.md @@ -1,5 +1,5 @@ [comment]: # " File: README.md" -[comment]: # "Copyright (c) 2017-2024 Splunk Inc." +[comment]: # "Copyright (c) 2024 Splunk Inc." [comment]: # "" [comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');" [comment]: # "you may not use this file except in compliance with the License." diff --git a/talosintelligence.json b/talosintelligence.json index 37cff45..e632f4c 100644 --- a/talosintelligence.json +++ b/talosintelligence.json @@ -13,7 +13,7 @@ ], "product_version_regex": ".*", "publisher": "Splunk", - "license": "Copyright (c) 2017-2024 Splunk Inc.", + "license": "Copyright (c) 2024 Splunk Inc.", "app_version": "1.0.1", "utctime_updated": "2024-06-21T18:40:03.685771Z", "package_name": "phantom_talosintelligencev2", diff --git a/talosintelligence_connector.py b/talosintelligence_connector.py index b249676..e079600 100644 --- a/talosintelligence_connector.py +++ b/talosintelligence_connector.py @@ -1,6 +1,6 @@ # File: talosintelligence_connector.py # -# Copyright (c) 2017-2024 Splunk Inc. +# Copyright (c) 2024 Splunk Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/talosintelligence_consts.py b/talosintelligence_consts.py index c7de9c6..0cdf464 100644 --- a/talosintelligence_consts.py +++ b/talosintelligence_consts.py @@ -1,6 +1,6 @@ # File: talosintelligence_consts.py # -# Copyright (c) 2017-2024 Splunk Inc. +# Copyright (c) 2024 Splunk Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. From 5b04d8bccfb8c681c3d908e64ad95a348e9e2f83 Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Mon, 9 Sep 2024 17:46:46 +0000 Subject: [PATCH 14/16] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9631317..c634f2e 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ Minimum Product Version: 6.2.1.305 This app provides investigative actions for Talos Intelligence [comment]: # " File: README.md" -[comment]: # "Copyright (c) 2017-2024 Splunk Inc." +[comment]: # "Copyright (c) 2024 Splunk Inc." [comment]: # "" [comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');" [comment]: # "you may not use this file except in compliance with the License." From c36fafc77a79c78699a64f6aee635a598112ff36 Mon Sep 17 00:00:00 2001 From: Tapish Jain Date: Thu, 10 Oct 2024 15:58:00 -0700 Subject: [PATCH 15/16] PAPP-34667: small changes --- talosintelligence.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/talosintelligence.json b/talosintelligence.json index e632f4c..2074a3e 100644 --- a/talosintelligence.json +++ b/talosintelligence.json @@ -57,7 +57,7 @@ "action": "test connectivity", "identifier": "test_connectivity", "description": "Validate the asset configuration for connectivity using supplied configuration", - "verbose": "Action used the URS API to get a list of the AUP categories used to classify website content.", + "verbose": "Action uses the URS API to get a list of the AUP categories used to classify website content.", "type": "test", "read_only": true, "parameters": {}, @@ -67,8 +67,8 @@ { "action": "ip reputation", "identifier": "ip_reputation", - "description": "Queries IP info", - "verbose": "Provides information on an IP address's reputation, enabling you to take proper action against untrusted, and unwanted resources.", + "description": "Query IP info", + "verbose": "Provide information on an IP address's reputation, enabling you to take proper action against untrusted, and unwanted resources.", "type": "investigate", "read_only": true, "parameters": { @@ -141,8 +141,8 @@ { "action": "domain reputation", "identifier": "domain_reputation", - "description": "Queries domain info", - "verbose": "Provides information on a domain's reputation, enabling you to take proper action against untrusted, and unwanted resources.", + "description": "Query domain info", + "verbose": "Provide information on a domain's reputation, enabling you to take proper action against untrusted, and unwanted resources.", "type": "investigate", "read_only": true, "parameters": { @@ -217,8 +217,8 @@ { "action": "url reputation", "identifier": "url_reputation", - "description": "Queries URL info", - "verbose": "Provides information on an url's reputation, enabling you to take proper action against untrusted, and unwanted resources.", + "description": "Query URL info", + "verbose": "Provide information on an URL's reputation, enabling you to take proper action against untrusted, and unwanted resources.", "type": "investigate", "read_only": true, "parameters": { From 4d8e74e734610bbd8b4185abedd02f80ff168eee Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Thu, 10 Oct 2024 22:58:44 +0000 Subject: [PATCH 16/16] Update README.md --- README.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index c634f2e..e4b29cc 100644 --- a/README.md +++ b/README.md @@ -46,9 +46,9 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION ### Supported Actions [test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity using supplied configuration -[ip reputation](#action-ip-reputation) - Queries IP info -[domain reputation](#action-domain-reputation) - Queries domain info -[url reputation](#action-url-reputation) - Queries URL info +[ip reputation](#action-ip-reputation) - Query IP info +[domain reputation](#action-domain-reputation) - Query domain info +[url reputation](#action-url-reputation) - Query URL info ## action: 'test connectivity' Validate the asset configuration for connectivity using supplied configuration @@ -56,7 +56,7 @@ Validate the asset configuration for connectivity using supplied configuration Type: **test** Read only: **True** -Action used the URS API to get a list of the AUP categories used to classify website content. +Action uses the URS API to get a list of the AUP categories used to classify website content. #### Action Parameters No parameters are required for this action @@ -65,12 +65,12 @@ No parameters are required for this action No Output ## action: 'ip reputation' -Queries IP info +Query IP info Type: **investigate** Read only: **True** -Provides information on an IP address's reputation, enabling you to take proper action against untrusted, and unwanted resources. +Provide information on an IP address's reputation, enabling you to take proper action against untrusted, and unwanted resources. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS @@ -90,12 +90,12 @@ action_result.data.1.Threat Categories | string | | action_result.data.2.Acceptable Use Policy Categories | string | | ## action: 'domain reputation' -Queries domain info +Query domain info Type: **investigate** Read only: **True** -Provides information on a domain's reputation, enabling you to take proper action against untrusted, and unwanted resources. +Provide information on a domain's reputation, enabling you to take proper action against untrusted, and unwanted resources. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS @@ -115,12 +115,12 @@ action_result.data.1.Threat Categories | string | | action_result.data.2.Acceptable Use Policy Categories | string | | ## action: 'url reputation' -Queries URL info +Query URL info Type: **investigate** Read only: **True** -Provides information on an url's reputation, enabling you to take proper action against untrusted, and unwanted resources. +Provide information on an URL's reputation, enabling you to take proper action against untrusted, and unwanted resources. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS