Merge pull request #14 from splunk-soar-connectors/next

Merging next to main for release 2.2.1

.github/workflows/generate-doc.yml

@@ -0,0 +1,20 @@
+name: Generate Readme Doc
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - '*.json'
+      - 'readme.html'
+      - 'manual_readme_content.md'
+    tags-ignore:
+      - '**'
+    branches-ignore:
+      - next
+      - main
+jobs:
+  generate-doc:
+    runs-on: ubuntu-latest
+    steps:
+     - uses: 'phantomcyber/dev-cicd-tools/github-actions/generate-doc@main'
+       with:
+         GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
 -   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.13
+    rev: v1.16
     hooks:
     -   id: org-hook
     -   id: package-app-dependencies

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright (c) 2021-2022 Splunk Inc.
+   Copyright (c) 2021-2023 Splunk Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

NOTICE

@@ -1,5 +1,5 @@
 Splunk SOAR AD LDAP
-Copyright (c) 2021-2022 Splunk Inc.
+Copyright (c) 2021-2023 Splunk Inc.
 
 Third-party Software Attributions:
 
@@ -12,8 +12,3 @@ Library: pyasn1
 Version: 0.4.7
 License: BSD 2
 Copyright 2005-2019 Ilya Etingof <[email protected]>
-
-Library: requests
-Version: 2.25.0
-License: Apache 2.0
-Kenneth Reitz

__init__.py

@@ -1,6 +1,6 @@
 # File: __init__.py
 #
-# Copyright (c) 2021-2022 Splunk Inc.
+# Copyright (c) 2021-2023 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

adldap.json

@@ -9,8 +9,8 @@
     "product_name": "Active Directory LDAP",
     "product_version_regex": ".*",
     "publisher": "Splunk",
-    "license": "Copyright (c) 2021-2022 Splunk Inc.",
-    "app_version": "2.2.0",
+    "license": "Copyright (c) 2021-2023 Splunk Inc.",
+    "app_version": "2.2.1",
     "utctime_updated": "2022-01-20T22:27:39.000000Z",
     "package_name": "phantom_adldap",
     "main_module": "adldap_connector.py",
@@ -23,33 +23,13 @@
     ],
     "pip_dependencies": {
         "wheel": [
-            {
-                "module": "certifi",
-                "input_file": "wheels/py3/certifi-2022.9.24-py3-none-any.whl"
-            },
-            {
-                "module": "chardet",
-                "input_file": "wheels/shared/chardet-3.0.4-py2.py3-none-any.whl"
-            },
-            {
-                "module": "idna",
-                "input_file": "wheels/shared/idna-2.10-py2.py3-none-any.whl"
-            },
             {
                 "module": "ldap3",
                 "input_file": "wheels/shared/ldap3-2.6.1-py2.py3-none-any.whl"
             },
             {
                 "module": "pyasn1",
                 "input_file": "wheels/shared/pyasn1-0.4.7-py2.py3-none-any.whl"
-            },
-            {
-                "module": "requests",
-                "input_file": "wheels/shared/requests-2.25.0-py2.py3-none-any.whl"
-            },
-            {
-                "module": "urllib3",
-                "input_file": "wheels/shared/urllib3-1.26.12-py2.py3-none-any.whl"
             }
         ]
     },

adldap_connector.py

@@ -1,6 +1,6 @@
 # File: adldap_connector.py
 #
-# Copyright (c) 2021-2022 Splunk Inc.
+# Copyright (c) 2021-2023 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

adldap_consts.py

@@ -1,6 +1,6 @@
 # File: adldap_consts.py
 #
-# Copyright (c) 2021-2022 Splunk Inc.
+# Copyright (c) 2021-2023 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

adldap_view.py

@@ -1,6 +1,6 @@
 # File: adldap_view.py
 #
-# Copyright (c) 2021-2022 Splunk Inc.
+# Copyright (c) 2021-2023 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

display_attributes.html

@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: display_attributes.html
-     Copyright (c) 2021-2022 Splunk Inc.
+     Copyright (c) 2021-2023 Splunk Inc.
      Licensed under the Apache License, Version 2.0 (the "License");
      you may not use this file except in compliance with the License.
      You may obtain a copy of the License at

manual_readme_content.md

@@ -0,0 +1,90 @@
+[comment]: # " File: README.md"
+[comment]: # "     Copyright (c) 2021-2023 Splunk Inc."
+[comment]: # "     Licensed under the Apache License, Version 2.0 (the 'License');"
+[comment]: # "     you may not use this file except in compliance with the License."
+[comment]: # "     You may obtain a copy of the License at"
+[comment]: # ""
+[comment]: # "       http://www.apache.org/licenses/LICENSE-2.0"
+[comment]: # ""
+[comment]: # "     Unless required by applicable law or agreed to in writing, software distributed under"
+[comment]: # "     the License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,"
+[comment]: # "     either express or implied. See the License for the specific language governing permissions"
+[comment]: # "     and limitations under the License."
+[comment]: # ""
+## App Information
+
+-   This LDAP application utilizes the LDAP3 library for Python. This was chosen, in part, due to
+    the pythonic design of the library and the quality of the documentation. Both SSL and TLS are
+    supported.
+-   Please make sure to view additional documentation for this app on our [GitHub Open Source
+    Repo!](https://github.com/phantomcyber/phantom-apps/tree/next/Apps/phadldap#readme)
+
+## LDAP Ports Requirements (Based on Standard Guidelines of [IANA ORG](https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml) )
+
+-   LDAP(service) TCP(transport protocol) - 389
+-   LDAP(service) UDP(transport protocol) - 389
+-   LDAP(service) TCP(transport protocol) over TLS/SSL (was sldap) - 636
+-   LDAP(service) UDP(transport protocol) over TLS/SSL (was sldap) - 636
+
+## Asset Configuration
+
+The asset for this app requires an account with which to Bind and perform actions. If you are only
+ever going to perform information gathering tasks (e.g. getting account attributes) then a standard
+user account would be fine. However, if you plan on doing things like Unlocking, Resetting
+Passwords, Moving objects, etc. - then you will need an account with permissions to actually perform
+these actions. It is best practice to NOT use a "Domain Administrator" (or higher) account. Instead,
+delegate the appropriate least-privilege access to a service account with a very strong password.
+Lastly, it is strongly recommended to use SSL and disallow insecure (plain text and unsigned binds)
+if at all possible.
+
+## To add a custom certificate to the certificate store, follow the below steps:
+
+-   Need to install the certificate on the server
+
+      
+
+    -   Upload the SSL certificate on the server
+    -   Go to /opt/phantom/bin and execute the import_cert.py script using command:  
+        **phenv python3 import_cert.py -i "path_of_certificate_on_server"**
+
+-   Go to etc/hosts using the root user. Assign the domain to IP to use the SSL certificate
+
+**Note:** For reference: [Splunk
+Docs](https://docs.splunk.com/Documentation/SOARonprem/latest/Admin/AddOrRemoveCertificates)
+
+## Run Query Action
+
+This action provides the user the ability to run generic queries with the LDAP syntax. The action
+takes a filter (in LDAP syntax), an optional search base to search within, and specific attributes
+that you would like to return.
+
+-   Common AD LDAP Run Query Examples
+
+      
+
+    -   Get Users belonging to a specific OU, Container, or Group
+
+          
+
+        -   filter = (samaccountname=\*)
+        -   attributes = samaccountname;mail
+        -   search_base = distinguishedNameOfOU/Container/Group
+
+    -   List Group Names that a User belongs to
+
+          
+
+        -   filter = (&(member=distinguishedNameOfUserHERE)(objectClass=group))
+        -   attributes = name
+
+    -   Return results if mail attribute is present OR sAMAccountName matches '\*admin\*'
+
+          
+
+        -   filter = (|(mail=\*)(samaccountname=\*admin\*))
+        -   attributes = samaccountname;mail;userprincipalname;distinguishedname
+
+    -   If you would like to learn more about LDAP Filter Syntax, check out this [Microsoft
+        Wiki](https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx)
+
+

release_notes/2.2.1.md

@@ -0,0 +1 @@
+* Updated requests and certifi dependencies in order to use platform packages [PAPP-30822,PAPP-31096]

requirements.txt

@@ -1,3 +1,2 @@
 ldap3==2.6.1
 pyasn1==0.4.7
-requests==2.25.0