splunk-soar-connectors · tapishj-splunk · Oct 10, 2024 · Sep 6, 2024 · Sep 6, 2024 · Sep 6, 2024
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,11 +1,11 @@
 repos:
-  - repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.18
+-   repo: https://github.com/phantomcyber/dev-cicd-tools
+    rev: v1.17
     hooks:
-      - id: org-hook
-      - id: package-app-dependencies
-  - repo: https://github.com/Yelp/detect-secrets
-    rev: v1.5.0
+    -   id: org-hook
+    -   id: package-app-dependencies
+-   repo: https://github.com/Yelp/detect-secrets
+    rev: v1.4.0
     hooks:
-      - id: detect-secrets
-        args: ["--no-verify"]
+    -   id: detect-secrets
+        args: ['--no-verify', '--exclude-files', '^gsgmail.json$']
diff --git a/LICENSE b/LICENSE
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright (c) Splunk Community, 2024
+   Copyright (c) 2024 Splunk Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 [comment]: # "Auto-generated SOAR connector documentation"
-# Talos Intelligence
+# Talos Intelligence V2
 
-Publisher: Splunk Community  
+Publisher: Splunk  
 Connector Version: 1.0.1  
 Product Vendor: Cisco  
 Product Name: Talos Cloud Intelligence  
@@ -10,8 +10,28 @@ Minimum Product Version: 6.2.1.305
 
 This app provides investigative actions for Talos Intelligence
 
+[comment]: # " File: README.md"
+[comment]: # "Copyright (c) 2024 Splunk Inc."
+[comment]: # ""
+[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');"
+[comment]: # "you may not use this file except in compliance with the License."
+[comment]: # "You may obtain a copy of the License at"
+[comment]: # ""
+[comment]: # "    http://www.apache.org/licenses/LICENSE-2.0"
+[comment]: # ""
+[comment]: # "Unless required by applicable law or agreed to in writing, software distributed under"
+[comment]: # "the License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,"
+[comment]: # "either express or implied. See the License for the specific language governing permissions"
+[comment]: # "and limitations under the License."
+[comment]: # ""
+## Getting a Talos license 
 
-Replace this text in the app's **readme.html** to contain more detailed information
+A request needs to be made to the Talos team. In the configuration window please insert the certificate contents and
+private key separatley.  
+
+## Talos
+
+This app makes use of Ciscos Talos API that specializes in identifying, analyzing, and mitigating cybersecurity threats
 
 
 ### Configuration Variables
@@ -22,31 +42,36 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION
 **base_url** |  required  | string | Base URL provided by Talos
 **certificate** |  optional  | password | Certificate contents to authenticate with Talos
 **key** |  optional  | password | Private key to authenticate with Talos
+**verify_server_cert** |  optional  | boolean | Verify server certificate
 
 ### Supported Actions  
 [test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity using supplied configuration  
-[ip reputation](#action-ip-reputation) - Queries IP info  
-[domain reputation](#action-domain-reputation) - Queries domain info  
-[url reputation](#action-url-reputation) - Queries URL info  
+[ip reputation](#action-ip-reputation) - Query IP info  
+[domain reputation](#action-domain-reputation) - Query domain info  
+[url reputation](#action-url-reputation) - Query URL info  
 
 ## action: 'test connectivity'
 Validate the asset configuration for connectivity using supplied configuration
 
 Type: **test**  
 Read only: **True**
 
+Action uses the URS API to get a list of the AUP categories used to classify website content.
+
 #### Action Parameters
 No parameters are required for this action
 
 #### Action Output
 No Output  
 
 ## action: 'ip reputation'
-Queries IP info
+Query IP info
 
 Type: **investigate**  
 Read only: **True**
 
+Provide information on an IP address's reputation, enabling you to take proper action against untrusted, and unwanted resources.
+
 #### Action Parameters
 PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 --------- | -------- | ----------- | ---- | --------
@@ -65,11 +90,13 @@ action_result.data.1.Threat Categories | string |  |
 action_result.data.2.Acceptable Use Policy Categories | string |  |    
 
 ## action: 'domain reputation'
-Queries domain info
+Query domain info
 
 Type: **investigate**  
 Read only: **True**
 
+Provide information on a domain's reputation, enabling you to take proper action against untrusted, and unwanted resources.
+
 #### Action Parameters
 PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 --------- | -------- | ----------- | ---- | --------
@@ -88,11 +115,13 @@ action_result.data.1.Threat Categories | string |  |
 action_result.data.2.Acceptable Use Policy Categories | string |  |    
 
 ## action: 'url reputation'
-Queries URL info
+Query URL info
 
 Type: **investigate**  
 Read only: **True**
 
+Provide information on an URL's reputation, enabling you to take proper action against untrusted, and unwanted resources.
+
 #### Action Parameters
 PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 --------- | -------- | ----------- | ---- | --------

diff --git a/__init__.py b/__init__.py
@@ -0,0 +1,14 @@
+# File: __init__.py
+#
+# Copyright (c) 2024 Splunk Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed under
+# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+# either express or implied. See the License for the specific language governing permissions
+# and limitations under the License.
diff --git a/manual_readme_content.md b/manual_readme_content.md
@@ -0,0 +1,22 @@
+[comment]: # " File: README.md"
+[comment]: # "Copyright (c) 2024 Splunk Inc."
+[comment]: # ""
+[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');"
+[comment]: # "you may not use this file except in compliance with the License."
+[comment]: # "You may obtain a copy of the License at"
+[comment]: # ""
+[comment]: # "    http://www.apache.org/licenses/LICENSE-2.0"
+[comment]: # ""
+[comment]: # "Unless required by applicable law or agreed to in writing, software distributed under"
+[comment]: # "the License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,"
+[comment]: # "either express or implied. See the License for the specific language governing permissions"
+[comment]: # "and limitations under the License."
+[comment]: # ""
+## Getting a Talos license 
+
+A request needs to be made to the Talos team. In the configuration window please insert the certificate contents and
+private key separatley.  
+
+## Talos
+
+This app makes use of Ciscos Talos API that specializes in identifying, analyzing, and mitigating cybersecurity threats
diff --git a/readme.html b/readme.html
diff --git a/requirements.txt b/requirements.txt
@@ -1,2 +1,3 @@
+beautifulsoup4==4.9.1
 httpx[http2]==0.27.2
 pydantic==1.10.13
diff --git a/talosintelligence.json b/talosintelligence.json
@@ -1,19 +1,23 @@
 {
     "appid": "7c653487-22c8-4ec1-bca0-16a8b1513c86",
-    "name": "Talos Intelligence",
+    "name": "Talos Intelligence V2",
     "description": "This app provides investigative actions for Talos Intelligence",
     "type": "information",
     "product_vendor": "Cisco",
     "logo": "talosintelligence.svg",
     "logo_dark": "talosintelligence_dark.svg",
     "product_name": "Talos Cloud Intelligence",
     "python_version": "3",
+    "latest_tested_versions": [
+        "Cloud, Sept 9, 2024"
+    ],
     "product_version_regex": ".*",
-    "publisher": "Splunk Community",
-    "license": "Copyright (c) Splunk Community, 2024",
+    "publisher": "Splunk",
+    "license": "Copyright (c) 2024 Splunk Inc.",
     "app_version": "1.0.1",
     "utctime_updated": "2024-06-21T18:40:03.685771Z",
-    "package_name": "phantom_talosintelligence",
+    "package_name": "phantom_talosintelligencev2",
+    "fips_compliant": false,
     "main_module": "talosintelligence_connector.py",
     "min_phantom_version": "6.2.1.305",
     "app_wizard_version": "1.0.0",
@@ -40,14 +44,20 @@
             "description": "Private key to authenticate with Talos",
             "name": "key",
             "id": 2
+        },
+        "verify_server_cert": {
+            "description": "Verify server certificate",
+            "data_type": "boolean",
+            "default": false,
+            "order": 3
         }
     },
     "actions": [
         {
             "action": "test connectivity",
             "identifier": "test_connectivity",
             "description": "Validate the asset configuration for connectivity using supplied configuration",
-            "verbose": "",
+            "verbose": "Action uses the URS API to get a list of the AUP categories used to classify website content.",
             "type": "test",
             "read_only": true,
             "parameters": {},
@@ -57,8 +67,8 @@
         {
             "action": "ip reputation",
             "identifier": "ip_reputation",
-            "description": "Queries IP info",
-            "verbose": "",
+            "description": "Query IP info",
+            "verbose": "Provide information on an IP address's reputation, enabling you to take proper action against untrusted, and unwanted resources.",
             "type": "investigate",
             "read_only": true,
             "parameters": {
@@ -131,8 +141,8 @@
         {
             "action": "domain reputation",
             "identifier": "domain_reputation",
-            "description": "Queries domain info",
-            "verbose": "",
+            "description": "Query domain info",
+            "verbose": "Provide information on a domain's reputation, enabling you to take proper action against untrusted, and unwanted resources.",
             "type": "investigate",
             "read_only": true,
             "parameters": {
@@ -207,8 +217,8 @@
         {
             "action": "url reputation",
             "identifier": "url_reputation",
-            "description": "Queries URL info",
-            "verbose": "",
+            "description": "Query URL info",
+            "verbose": "Provide information on an URL's reputation, enabling you to take proper action against untrusted, and unwanted resources.",
             "type": "investigate",
             "read_only": true,
             "parameters": {

diff --git a/talosintelligence_connector.py b/talosintelligence_connector.py
@@ -1,12 +1,20 @@
-#!/usr/bin/python
-# -*- coding: utf-8 -*-
-# -----------------------------------------
-# Phantom sample App Connector python file
-# -----------------------------------------
-
-# Python 3 Compatibility imports
-from __future__ import print_function, unicode_literals
-
+# File: talosintelligence_connector.py
+#
+# Copyright (c) 2024 Splunk Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed under
+# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+# either express or implied. See the License for the specific language governing permissions
+# and limitations under the License.
+#
+#
+# Phantom App imports
 import ipaddress
 import json
 import os

diff --git a/talosintelligence_consts.py b/talosintelligence_consts.py
@@ -1,6 +1,20 @@
+# File: talosintelligence_consts.py
+#
+# Copyright (c) 2024 Splunk Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed under
+# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+# either express or implied. See the License for the specific language governing permissions
+# and limitations under the License.
+#
+#
 # Define your constants here
-
-
 ENDPOINT_QUERY_REPUTATION_V3 = "/Talos.Service.URS/QueryReputationV3"
 ENDPOINT_QUERY_AUP_CAT_MAP = "/Talos.Service.URS/QueryAUPCatMap"
 ENDPOINT_QUERY_TAXONOMIES = "/Talos.Service.TTS/QueryTaxonomyCatalogs"