Updated documentation

.pre-commit-config.yaml

@@ -1,14 +1,14 @@
 repos:
 - repo: https://github.com/phantomcyber/dev-cicd-tools
-  rev: v1.22
+  rev: v1.24
   hooks:
   - id: org-hook
   - id: package-app-dependencies
     args:
     - -d
     - ./Dockerfile.wheels
 - repo: https://github.com/Yelp/detect-secrets
-  rev: v1.4.0
+  rev: v1.5.0
   hooks:
   - id: detect-secrets
     args:

LICENSE

@@ -198,4 +198,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.

NOTICE

@@ -3,13 +3,6 @@ Copyright (c) 2018-2024 Splunk Inc.
 
 Third-party Software Attributions:
 
-Library: beautifulsoup4
-Version: 4.9.1
-License: MIT
-Copyright 2004-2017 Leonard Richardson
-Copyright 2004-2019 Leonard Richardson
-Copyright 2018 Isaac Muse
-
 Library: pycparser
 Version: 2.21
 License: BSD 3

README.md

@@ -2,11 +2,11 @@
 # Windows Remote Management
 
 Publisher: Splunk  
-Connector Version: 2.3.2  
+Connector Version: 2.3.3  
 Product Vendor: Microsoft  
 Product Name: Windows Remote Management  
 Product Version Supported (regex): ".\*"  
-Minimum Product Version: 6.2.1  
+Minimum Product Version: 6.3.0  
 
 This app integrates with the Windows Remote Management service to execute various actions
 
@@ -132,15 +132,24 @@ which you can optionally use to retrieve the output of that command at a later t
 
 ### Certificate Authentication
 
-To authenticate using SSL certificates, select `certificate` authentication in asset configuration method and pass following configuration parameters.
+To authenticate using SSL certificates, select `certificate` as the authentication method in the asset configuration and provide the following configuration parameters:
 
-* cert_pem_path - A path to signed certificate file that is trusted by the Windows instance, in PEM format
+- **Path to SSL certificate PEM file** - A path to signed certificate file that is trusted by the Windows instance, in PEM format
 
-* cert_key_pem_path - A filepath to key used to generate cert_pem file
+- **Path to SSL key file** - A filepath to key used to generate cert_pem file
 
-* ca_trust_path - The certificate of the certificate authority that signed cert_file. It's needed only when you set up your own certificate authority.
+- **Path to trusted CRT file** - The certificate of the certificate authority that signed cert_file. It's needed only when you set up your own certificate authority.
 
-It is recommended that these files be placed under the <PHANTOM_HOME>/etc/ssl/ directory. These files must be readable by the phantom-worker user.
+It is recommended to place these files under the <PHANTOM_HOME>/etc/ssl/ directory. Ensure that these files are readable by the phantom-worker user.
+
+Steps to Enable [Certificate Authentication](https://learn.microsoft.com/en-us/troubleshoot/windows-client/system-management-components/configure-winrm-for-https) in WinRM:
+- Check if Certificate Authentication is enabled: `winrm get winrm/config/service/auth`
+- Enable Certificate Authentication if not already enabled: `winrm set winrm/config/service/auth '@{Certificate="true"}'`
+
+[Import the Certificate](https://learn.microsoft.com/en-us/powershell/module/pki/import-certificate?view=windowsserver2025-ps) to Trusted [Certificate Stores](https://learn.microsoft.com/en-us/windows-hardware/drivers/install/certificate-stores).
+
+Link certificate to user account, enabling secure authentication using the certificate :\
+`New-Item -Path WSMan:\localhost\ClientCertificate -Subject '<subject>' -URI * -Issuer <Thumbprint> -Credential (Get-Credential) -Force`
 
 ### Kerberos Authentication
 

manual_readme_content.md

@@ -120,15 +120,24 @@ which you can optionally use to retrieve the output of that command at a later t
 
 ### Certificate Authentication
 
-To authenticate using SSL certificates, select `certificate` authentication in asset configuration method and pass following configuration parameters.
+To authenticate using SSL certificates, select `certificate` as the authentication method in the asset configuration and provide the following configuration parameters:
 
-* cert_pem_path - A path to signed certificate file that is trusted by the Windows instance, in PEM format
+- **Path to SSL certificate PEM file** - A path to signed certificate file that is trusted by the Windows instance, in PEM format
 
-* cert_key_pem_path - A filepath to key used to generate cert_pem file
+- **Path to SSL key file** - A filepath to key used to generate cert_pem file
 
-* ca_trust_path - The certificate of the certificate authority that signed cert_file. It's needed only when you set up your own certificate authority.
+- **Path to trusted CRT file** - The certificate of the certificate authority that signed cert_file. It's needed only when you set up your own certificate authority.
 
-It is recommended that these files be placed under the <PHANTOM_HOME>/etc/ssl/ directory. These files must be readable by the phantom-worker user.
+It is recommended to place these files under the <PHANTOM_HOME>/etc/ssl/ directory. Ensure that these files are readable by the phantom-worker user.
+
+Steps to Enable [Certificate Authentication](https://learn.microsoft.com/en-us/troubleshoot/windows-client/system-management-components/configure-winrm-for-https) in WinRM:
+- Check if Certificate Authentication is enabled: `winrm get winrm/config/service/auth`
+- Enable Certificate Authentication if not already enabled: `winrm set winrm/config/service/auth '@{Certificate="true"}'`
+
+[Import the Certificate](https://learn.microsoft.com/en-us/powershell/module/pki/import-certificate?view=windowsserver2025-ps) to Trusted [Certificate Stores](https://learn.microsoft.com/en-us/windows-hardware/drivers/install/certificate-stores).
+
+Link certificate to user account, enabling secure authentication using the certificate :\
+`New-Item -Path WSMan:\localhost\ClientCertificate -Subject '<subject>' -URI * -Issuer <Thumbprint> -Credential (Get-Credential) -Force`
 
 ### Kerberos Authentication
 

pyproject.toml

@@ -5,3 +5,4 @@ verbose = true
 
 [tool.isort]
 line_length = 145
+profile = "black"

tox.ini

@@ -1,7 +1,4 @@
 [flake8]
 max-line-length = 145
 max-complexity = 28
-extend-ignore = F403,E128,E126,E121,E127,E731,E201,E202,E203,E701,F405,E722,D
-
-[isort]
-line_length = 145
+extend-ignore = F403,E128,E126,E121,E127,E731,E201,E202,E203,E701,F405,E722,D,W503

winrm.json

@@ -10,11 +10,11 @@
     "product_version_regex": ".*",
     "publisher": "Splunk",
     "license": "Copyright (c) 2018-2024 Splunk Inc.",
-    "app_version": "2.3.2",
+    "app_version": "2.3.3",
     "utctime_updated": "2024-09-30T10:14:41.000000Z",
     "package_name": "phantom_winrm",
     "main_module": "winrm_connector.py",
-    "min_phantom_version": "6.2.1",
+    "min_phantom_version": "6.3.0",
     "fips_compliant": true,
     "python_version": "3",
     "latest_tested_versions": [
@@ -82,19 +82,16 @@
         "cert_pem_path": {
             "description": "Path to SSL certificate PEM file",
             "data_type": "string",
-            "required": false,
             "order": 8
         },
         "cert_key_pem_path": {
             "description": "Path to SSL key file",
             "data_type": "string",
-            "required": false,
             "order": 9
         },
         "ca_trust_path": {
             "description": "Path to trusted CRT file",
             "data_type": "string",
-            "required": false,
             "order": 10
         }
     },
@@ -611,7 +608,7 @@
                     "contains": [
                         "pid"
                     ],
-                    "column_name": "PID",
+                    "column_name": "Pid",
                     "column_order": 1
                 },
                 {
@@ -620,7 +617,7 @@
                     "example_values": [
                         0.02
                     ],
-                    "column_name": "Processor Time (s)",
+                    "column_name": "Processor Time (S)",
                     "column_order": 5
                 },
                 {
@@ -891,7 +888,7 @@
                     "contains": [
                         "pid"
                     ],
-                    "column_name": "PID",
+                    "column_name": "Pid",
                     "column_order": 5
                 },
                 {
@@ -2538,7 +2535,7 @@
                     "example_values": [
                         "S-1-1-0"
                     ],
-                    "column_name": "User Or Group SID",
+                    "column_name": "User Or Group Sid",
                     "column_order": 5
                 },
                 {
@@ -2899,7 +2896,7 @@
                         "ip",
                         "host name"
                     ],
-                    "column_name": "IP/Hostname",
+                    "column_name": "Ip/Hostname",
                     "column_order": 2
                 },
                 {
@@ -3020,7 +3017,7 @@
                         "ip",
                         "host name"
                     ],
-                    "column_name": "IP/Hostname",
+                    "column_name": "Ip/Hostname",
                     "column_order": 3
                 },
                 {
@@ -3143,7 +3140,7 @@
                         "ip",
                         "host name"
                     ],
-                    "column_name": "IP/Hostname",
+                    "column_name": "Ip/Hostname",
                     "column_order": 3
                 },
                 {
@@ -3272,7 +3269,7 @@
                         "ip",
                         "host name"
                     ],
-                    "column_name": "IP/HOSTNAME",
+                    "column_name": "Ip/Hostname",
                     "column_order": 3
                 },
                 {
@@ -3325,7 +3322,7 @@
         "wheel": [
             {
                 "module": "cffi",
-                "input_file": "wheels/py36/cffi-1.15.1-cp36-cp36m-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.manylinux_2_28_x86_64.whl"
+                "input_file": "wheels/py36/cffi-1.15.1-cp36-cp36m-manylinux1_x86_64.manylinux_2_5_x86_64.manylinux_2_28_x86_64.whl"
             },
             {
                 "module": "cryptography",
@@ -3341,7 +3338,7 @@
             },
             {
                 "module": "pykerberos",
-                "input_file": "wheels/py36/pykerberos-1.2.4-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
+                "input_file": "wheels/py36/pykerberos-1.2.4-cp36-cp36m-manylinux_2_28_x86_64.whl"
             },
             {
                 "module": "pywinrm",
@@ -3361,19 +3358,19 @@
             },
             {
                 "module": "cryptography",
-                "input_file": "wheels/py39/cryptography-43.0.1-cp39-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl"
+                "input_file": "wheels/py39/cryptography-44.0.0-cp39-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl"
             },
             {
                 "module": "pycparser",
                 "input_file": "wheels/py3/pycparser-2.22-py3-none-any.whl"
             },
             {
                 "module": "pykerberos",
-                "input_file": "wheels/py39/pykerberos-1.2.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
+                "input_file": "wheels/py39/pykerberos-1.2.4-cp39-cp39-manylinux_2_28_x86_64.whl"
             },
             {
                 "module": "pyspnego",
-                "input_file": "wheels/py3/pyspnego-0.11.1-py3-none-any.whl"
+                "input_file": "wheels/py3/pyspnego-0.11.2-py3-none-any.whl"
             },
             {
                 "module": "pywinrm",
@@ -3385,4 +3382,4 @@
             }
         ]
     }
-}
+}