diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 47da14c..6c54162 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,11 +1,11 @@
repos:
- repo: https://github.com/phantomcyber/dev-cicd-tools
- rev: v1.10
+ rev: v1.12
hooks:
- id: org-hook
- id: package-app-dependencies
- repo: https://github.com/Yelp/detect-secrets
- rev: v1.1.0
+ rev: v1.2.0
hooks:
- id: detect-secrets
args: ['--no-verify', '--exclude-files', '^misp.json$']
diff --git a/README.md b/README.md
index 830c901..33788a4 100644
--- a/README.md
+++ b/README.md
@@ -2,11 +2,11 @@
# MISP
Publisher: Splunk
-Connector Version: 2\.1\.6
+Connector Version: 2\.2\.0
Product Vendor: MISP
Product Name: MISP
Product Version Supported (regex): "\.\*"
-Minimum Product Version: 5\.1\.0
+Minimum Product Version: 5\.2\.0
Take action with Malware Information Sharing Platform
@@ -94,6 +94,16 @@ For **analysis** :
"tag1, tag11" will be considered a single tag.
+## Port Information
+
+The app uses HTTP/HTTPS protocol for communicating with the Misp Server. Below are the default ports
+used by Splunk SOAR.
+
+| Service Name | Transport Protocol | Port |
+|--------------|--------------------|------|
+| http | tcp | 80 |
+| https | tcp | 443 |
+
### Configuration Variables
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a MISP asset in SOAR.
@@ -101,7 +111,7 @@ The below configuration variables are required for this Connector to operate. T
VARIABLE | REQUIRED | TYPE | DESCRIPTION
-------- | -------- | ---- | -----------
**base\_url** | required | string | MISP instance URL \(http\://misp\_instance\.company\.com/\)
-**verify\_server\_cert** | required | boolean | Verify server certificate
+**verify\_server\_cert** | optional | boolean | Verify server certificate
**api\_key** | required | password | API Key found under Event Actions\: Automation
### Supported Actions
@@ -268,7 +278,7 @@ Run a query to find events or attributes
Type: **investigate**
Read only: **True**
-By setting max\_results to 0, you can get every result\. It is recommended you do not do this, as MISP can return a lot of data\. The default is 10, and this will be the oldest 10 results\.
The other field expects a json string, which can have the key value pairs of any field which the search API supports\.
The MISP API doesn't support paging, but it is possible to work around this\. By giving max results as a negative number, n, it will take the last n results from the query\. From there, you can take the timestamp from the first object in the resulting list, then pass it in the other field like so\: \{"timestamp"\: <timestamp \+ 1>\}\. All the results will now be after that specified timestamp\.
Also note that when searching for events, events with no attributes will not be returned\.
+By setting max\_results to 0, you can get every result\. It is recommended you do not do this, as MISP can return a lot of data\. The default is 10, and this will be the oldest 10 results\.
The other field expects a json string, which can have the key value pairs of any field which the search API supports\.
By giving max results as a negative number, n, it will take the last n results from the query\. From there, you can take the timestamp from the first object in the resulting list, then pass it in the other field like so\: \{"timestamp"\: <timestamp \+ 1>\}\. All the results will now be after that specified timestamp\.
Also note that when searching for events, events with no attributes will not be returned\.
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
@@ -288,6 +298,109 @@ action\_result\.parameter\.event\_id | string | `misp event id`
action\_result\.parameter\.max\_results | numeric |
action\_result\.parameter\.other | string |
action\_result\.parameter\.tags | string |
+action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.category | string |
+action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.comment | string |
+action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.deleted | numeric |
+action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.disable\_correlation | numeric |
+action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.distribution | string |
+action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.event\_id | string |
+action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.first\_seen | string |
+action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.id | string |
+action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.last\_seen | string |
+action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.object\_id | string |
+action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.object\_relation | string |
+action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.sharing\_group\_id | string |
+action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.timestamp | string |
+action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.to\_ids | numeric |
+action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.type | string | `url`
+action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.uuid | string |
+action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.value | string | `url` `domain` `ip` `email` `hash` `md5` `sha256` `md1`
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.category | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.comment | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.deleted | numeric |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.disable\_correlation | numeric |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.distribution | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.event\_id | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.first\_seen | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.id | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.last\_seen | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.object\_id | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.object\_relation | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.sharing\_group\_id | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.timestamp | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.to\_ids | numeric |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.type | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.uuid | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.value | string | `url` `domain` `ip` `email` `hash` `md5` `sha256` `md1`
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.comment | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.deleted | numeric |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.description | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.distribution | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.event\_id | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.first\_seen | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.id | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.last\_seen | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.meta\-category | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.name | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.sharing\_group\_id | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.template\_uuid | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.template\_version | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.timestamp | string |
+action\_result\.data\.\*\.\*\.Event\.Object\.\*\.uuid | string |
+action\_result\.data\.\*\.\*\.Event\.Org\.id | string |
+action\_result\.data\.\*\.\*\.Event\.Org\.local | numeric |
+action\_result\.data\.\*\.\*\.Event\.Org\.name | string |
+action\_result\.data\.\*\.\*\.Event\.Org\.uuid | string |
+action\_result\.data\.\*\.\*\.Event\.Orgc\.id | string |
+action\_result\.data\.\*\.\*\.Event\.Orgc\.local | numeric |
+action\_result\.data\.\*\.\*\.Event\.Orgc\.name | string |
+action\_result\.data\.\*\.\*\.Event\.Orgc\.uuid | string |
+action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.Org\.id | string |
+action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.Org\.name | string |
+action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.Org\.uuid | string |
+action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.Orgc\.id | string |
+action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.Orgc\.name | string |
+action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.Orgc\.uuid | string |
+action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.analysis | string |
+action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.date | string |
+action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.distribution | string |
+action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.id | string |
+action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.info | string |
+action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.org\_id | string |
+action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.orgc\_id | string |
+action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.published | numeric |
+action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.threat\_level\_id | string |
+action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.timestamp | string |
+action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.uuid | string |
+action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.colour | string |
+action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.exportable | numeric |
+action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.hide\_tag | numeric |
+action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.id | string |
+action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.is\_custom\_galaxy | numeric |
+action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.is\_galaxy | numeric |
+action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.local | numeric |
+action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.name | string |
+action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.numerical\_value | string |
+action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.user\_id | string |
+action\_result\.data\.\*\.\*\.Event\.analysis | string |
+action\_result\.data\.\*\.\*\.Event\.attribute\_count | string |
+action\_result\.data\.\*\.\*\.Event\.date | string |
+action\_result\.data\.\*\.\*\.Event\.disable\_correlation | numeric |
+action\_result\.data\.\*\.\*\.Event\.distribution | string |
+action\_result\.data\.\*\.\*\.Event\.event\_creator\_email | string | `email`
+action\_result\.data\.\*\.\*\.Event\.extends\_uuid | string |
+action\_result\.data\.\*\.\*\.Event\.id | string |
+action\_result\.data\.\*\.\*\.Event\.info | string |
+action\_result\.data\.\*\.\*\.Event\.locked | numeric |
+action\_result\.data\.\*\.\*\.Event\.org\_id | string |
+action\_result\.data\.\*\.\*\.Event\.orgc\_id | string |
+action\_result\.data\.\*\.\*\.Event\.proposal\_email\_lock | numeric |
+action\_result\.data\.\*\.\*\.Event\.publish\_timestamp | string |
+action\_result\.data\.\*\.\*\.Event\.published | numeric |
+action\_result\.data\.\*\.\*\.Event\.sharing\_group\_id | string |
+action\_result\.data\.\*\.\*\.Event\.threat\_level\_id | string |
+action\_result\.data\.\*\.\*\.Event\.timestamp | string |
+action\_result\.data\.\*\.\*\.Event\.uuid | string |
action\_result\.data\.\*\.Attribute\.\*\.Event\.distribution | string |
action\_result\.data\.\*\.Attribute\.\*\.Event\.id | string |
action\_result\.data\.\*\.Attribute\.\*\.Event\.info | string |
@@ -314,109 +427,6 @@ action\_result\.data\.\*\.Attribute\.\*\.to\_ids | boolean |
action\_result\.data\.\*\.Attribute\.\*\.type | string |
action\_result\.data\.\*\.Attribute\.\*\.uuid | string |
action\_result\.data\.\*\.Attribute\.\*\.value | string | `url` `domain` `ip` `email` `hash` `md5` `sha256` `md1`
-action\_result\.data\.\*\.\*\.Event\.id | string |
-action\_result\.data\.\*\.\*\.Event\.Org\.id | string |
-action\_result\.data\.\*\.\*\.Event\.Org\.name | string |
-action\_result\.data\.\*\.\*\.Event\.Org\.uuid | string |
-action\_result\.data\.\*\.\*\.Event\.Org\.local | numeric |
-action\_result\.data\.\*\.\*\.Event\.Orgc\.id | string |
-action\_result\.data\.\*\.\*\.Event\.Orgc\.name | string |
-action\_result\.data\.\*\.\*\.Event\.Orgc\.uuid | string |
-action\_result\.data\.\*\.\*\.Event\.Orgc\.local | numeric |
-action\_result\.data\.\*\.\*\.Event\.date | string |
-action\_result\.data\.\*\.\*\.Event\.info | string |
-action\_result\.data\.\*\.\*\.Event\.uuid | string |
-action\_result\.data\.\*\.\*\.Event\.locked | numeric |
-action\_result\.data\.\*\.\*\.Event\.org\_id | string |
-action\_result\.data\.\*\.\*\.Event\.orgc\_id | string |
-action\_result\.data\.\*\.\*\.Event\.analysis | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.id | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.type | string | `url`
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.uuid | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.value | string | `url` `domain` `ip` `email` `hash` `md5` `sha256` `md1`
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.to\_ids | numeric |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.comment | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.deleted | numeric |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.category | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.event\_id | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.last\_seen | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.object\_id | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.timestamp | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.first\_seen | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.distribution | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.object\_relation | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.sharing\_group\_id | string |
-action\_result\.data\.\*\.\*\.Event\.Attribute\.\*\.disable\_correlation | numeric |
-action\_result\.data\.\*\.\*\.Event\.published | numeric |
-action\_result\.data\.\*\.\*\.Event\.timestamp | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.id | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.Org\.id | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.Org\.name | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.Org\.uuid | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.Orgc\.id | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.Orgc\.name | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.Orgc\.uuid | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.date | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.info | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.uuid | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.org\_id | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.orgc\_id | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.analysis | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.published | numeric |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.timestamp | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.distribution | string |
-action\_result\.data\.\*\.\*\.Event\.RelatedEvent\.\*\.Event\.threat\_level\_id | string |
-action\_result\.data\.\*\.\*\.Event\.distribution | string |
-action\_result\.data\.\*\.\*\.Event\.extends\_uuid | string |
-action\_result\.data\.\*\.\*\.Event\.attribute\_count | string |
-action\_result\.data\.\*\.\*\.Event\.threat\_level\_id | string |
-action\_result\.data\.\*\.\*\.Event\.sharing\_group\_id | string |
-action\_result\.data\.\*\.\*\.Event\.publish\_timestamp | string |
-action\_result\.data\.\*\.\*\.Event\.disable\_correlation | numeric |
-action\_result\.data\.\*\.\*\.Event\.event\_creator\_email | string | `email`
-action\_result\.data\.\*\.\*\.Event\.proposal\_email\_lock | numeric |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.id | string |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.name | string |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.local | numeric |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.colour | string |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.user\_id | string |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.hide\_tag | numeric |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.is\_galaxy | numeric |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.exportable | numeric |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.numerical\_value | string |
-action\_result\.data\.\*\.\*\.Event\.Tag\.\*\.is\_custom\_galaxy | numeric |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.id | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.name | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.uuid | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.comment | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.deleted | numeric |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.event\_id | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.id | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.type | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.uuid | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.value | string | `url` `domain` `ip` `email` `hash` `md5` `sha256` `md1`
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.to\_ids | numeric |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.comment | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.deleted | numeric |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.category | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.event\_id | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.last\_seen | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.object\_id | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.timestamp | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.first\_seen | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.distribution | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.object\_relation | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.sharing\_group\_id | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.Attribute\.\*\.disable\_correlation | numeric |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.last\_seen | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.timestamp | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.first\_seen | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.description | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.distribution | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.meta\-category | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.template\_uuid | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.sharing\_group\_id | string |
-action\_result\.data\.\*\.\*\.Event\.Object\.\*\.template\_version | string |
action\_result\.data\.\*\.attribute\_count | string |
action\_result\.summary | string |
action\_result\.message | string |
diff --git a/misp.json b/misp.json
index eadd1dd..0e44549 100644
--- a/misp.json
+++ b/misp.json
@@ -7,12 +7,12 @@
"type": "threat intel",
"license": "Copyright (c) 2017-2022 Splunk Inc.",
"main_module": "misp_connector.py",
- "app_version": "2.1.7",
+ "app_version": "2.2.0",
"utctime_updated": "2022-02-03T21:33:46.000000Z",
"product_vendor": "MISP",
"product_name": "MISP",
"product_version_regex": ".*",
- "min_phantom_version": "5.1.0",
+ "min_phantom_version": "5.2.0",
"fips_compliant": true,
"python_version": "3",
"latest_tested_versions": [
@@ -84,19 +84,19 @@
},
{
"module": "soupsieve",
- "input_file": "wheels/py3/soupsieve-2.3.1-py3-none-any.whl"
+ "input_file": "wheels/py3/soupsieve-2.3.2-py3-none-any.whl"
},
{
"module": "typing_extensions",
- "input_file": "wheels/py3/typing_extensions-4.0.1-py3-none-any.whl"
+ "input_file": "wheels/py3/typing_extensions-4.1.1-py3-none-any.whl"
},
{
"module": "urllib3",
- "input_file": "wheels/shared/urllib3-1.26.8-py2.py3-none-any.whl"
+ "input_file": "wheels/shared/urllib3-1.26.9-py2.py3-none-any.whl"
},
{
"module": "wrapt",
- "input_file": "wheels/py36/wrapt-1.13.3-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
+ "input_file": "wheels/py36/wrapt-1.14.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
},
{
"module": "zipp",
@@ -114,7 +114,6 @@
"verify_server_cert": {
"data_type": "boolean",
"description": "Verify server certificate",
- "required": true,
"order": 1,
"default": false
},
@@ -1042,7 +1041,7 @@
{
"action": "run query",
"description": "Run a query to find events or attributes",
- "verbose": "By setting max_results to 0, you can get every result. It is recommended you do not do this, as MISP can return a lot of data. The default is 10, and this will be the oldest 10 results.
The other field expects a json string, which can have the key value pairs of any field which the search API supports.
The MISP API doesn't support paging, but it is possible to work around this. By giving max results as a negative number, n, it will take the last n results from the query. From there, you can take the timestamp from the first object in the resulting list, then pass it in the other field like so: {\"timestamp\": <timestamp + 1>}. All the results will now be after that specified timestamp.
Also note that when searching for events, events with no attributes will not be returned.",
+ "verbose": "By setting max_results to 0, you can get every result. It is recommended you do not do this, as MISP can return a lot of data. The default is 10, and this will be the oldest 10 results.
The other field expects a json string, which can have the key value pairs of any field which the search API supports.
By giving max results as a negative number, n, it will take the last n results from the query. From there, you can take the timestamp from the first object in the resulting list, then pass it in the other field like so: {\"timestamp\": <timestamp + 1>}. All the results will now be after that specified timestamp.
Also note that when searching for events, events with no attributes will not be returned.",
"type": "investigate",
"identifier": "run_query",
"read_only": true,
@@ -1133,82 +1132,141 @@
]
},
{
- "data_path": "action_result.data.*.Attribute.*.Event.distribution",
+ "data_path": "action_result.data.*.*.Event.Attribute.*.category",
"data_type": "string",
"example_values": [
- "1"
+ "Network activity"
]
},
{
- "data_path": "action_result.data.*.Attribute.*.Event.id",
- "data_type": "string",
+ "data_path": "action_result.data.*.*.Event.Attribute.*.comment",
+ "data_type": "string"
+ },
+ {
+ "data_path": "action_result.data.*.*.Event.Attribute.*.deleted",
+ "data_type": "numeric",
"example_values": [
- "2020"
+ true,
+ false
]
},
{
- "data_path": "action_result.data.*.Attribute.*.Event.info",
+ "data_path": "action_result.data.*.*.Event.Attribute.*.disable_correlation",
+ "data_type": "numeric",
+ "example_values": [
+ true,
+ false
+ ]
+ },
+ {
+ "data_path": "action_result.data.*.*.Event.Attribute.*.distribution",
"data_type": "string",
"example_values": [
- "Event created by test"
+ "5"
]
},
{
- "data_path": "action_result.data.*.Attribute.*.Event.org_id",
+ "data_path": "action_result.data.*.*.Event.Attribute.*.event_id",
"data_type": "string",
"example_values": [
"1"
]
},
{
- "data_path": "action_result.data.*.Attribute.*.Event.orgc_id",
+ "data_path": "action_result.data.*.*.Event.Attribute.*.first_seen",
+ "data_type": "string"
+ },
+ {
+ "data_path": "action_result.data.*.*.Event.Attribute.*.id",
"data_type": "string",
"example_values": [
- "1"
+ "4265"
]
},
{
- "data_path": "action_result.data.*.Attribute.*.Event.uuid",
+ "data_path": "action_result.data.*.*.Event.Attribute.*.last_seen",
+ "data_type": "string"
+ },
+ {
+ "data_path": "action_result.data.*.*.Event.Attribute.*.object_id",
"data_type": "string",
"example_values": [
- "342c12ab-32ad-41d0-aea2-1c3dccc6ce09"
+ "0"
]
},
{
- "data_path": "action_result.data.*.Attribute.*.Object.distribution",
+ "data_path": "action_result.data.*.*.Event.Attribute.*.object_relation",
+ "data_type": "string"
+ },
+ {
+ "data_path": "action_result.data.*.*.Event.Attribute.*.sharing_group_id",
"data_type": "string",
"example_values": [
- "5"
+ "0"
]
},
{
- "data_path": "action_result.data.*.Attribute.*.Object.id",
+ "data_path": "action_result.data.*.*.Event.Attribute.*.timestamp",
"data_type": "string",
"example_values": [
- "10"
+ "1622191169"
]
},
{
- "data_path": "action_result.data.*.Attribute.*.Object.sharing_group_id",
+ "data_path": "action_result.data.*.*.Event.Attribute.*.to_ids",
+ "data_type": "numeric",
+ "example_values": [
+ true,
+ false
+ ]
+ },
+ {
+ "data_path": "action_result.data.*.*.Event.Attribute.*.type",
"data_type": "string",
"example_values": [
- "0"
+ "email-dst"
+ ],
+ "contains": [
+ "url"
]
},
{
- "data_path": "action_result.data.*.Attribute.*.category",
+ "data_path": "action_result.data.*.*.Event.Attribute.*.uuid",
+ "data_type": "string",
+ "example_values": [
+ "03fa856e-b6f9-4e34-82ac-1e50dd058f37"
+ ]
+ },
+ {
+ "data_path": "action_result.data.*.*.Event.Attribute.*.value",
+ "data_type": "string",
+ "example_values": [
+ "abc@abc.com"
+ ],
+ "contains": [
+ "url",
+ "domain",
+ "ip",
+ "email",
+ "hash",
+ "md5",
+ "sha256",
+ "md1"
+ ]
+ },
+ {
+ "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.category",
"data_type": "string",
"example_values": [
- "Other",
"Payload delivery"
]
},
{
- "data_path": "action_result.data.*.Attribute.*.comment",
+ "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.comment",
"data_type": "string"
},
{
- "data_path": "action_result.data.*.Attribute.*.deleted",
+ "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.deleted",
"data_type": "numeric",
"example_values": [
true,
@@ -1216,103 +1274,98 @@
]
},
{
- "data_path": "action_result.data.*.Attribute.*.disable_correlation",
+ "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.disable_correlation",
"data_type": "numeric",
"example_values": [
- false,
- true
+ true,
+ false
]
},
{
- "data_path": "action_result.data.*.Attribute.*.distribution",
+ "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.distribution",
"data_type": "string",
"example_values": [
"5"
]
},
{
- "data_path": "action_result.data.*.Attribute.*.event_id",
+ "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.event_id",
"data_type": "string",
"example_values": [
- "1"
- ],
- "contains": [
- "misp event id"
+ "2020"
]
},
{
- "data_path": "action_result.data.*.Attribute.*.first_seen",
+ "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.first_seen",
"data_type": "string"
},
{
- "data_path": "action_result.data.*.Attribute.*.id",
+ "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.id",
"data_type": "string",
"example_values": [
- "164201"
- ],
- "contains": [
- "misp attribute id"
+ "4953"
]
},
{
- "data_path": "action_result.data.*.Attribute.*.last_seen",
+ "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.last_seen",
"data_type": "string"
},
{
- "data_path": "action_result.data.*.Attribute.*.object_id",
+ "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.object_id",
"data_type": "string",
"example_values": [
- "0",
"10"
]
},
{
- "data_path": "action_result.data.*.Attribute.*.object_relation",
+ "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.object_relation",
"data_type": "string",
"example_values": [
"filename"
]
},
{
- "data_path": "action_result.data.*.Attribute.*.sharing_group_id",
+ "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.sharing_group_id",
"data_type": "string",
"example_values": [
"0"
]
},
{
- "data_path": "action_result.data.*.Attribute.*.timestamp",
+ "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.timestamp",
"data_type": "string",
"example_values": [
- "1498505296"
+ "1623078296"
]
},
{
- "data_path": "action_result.data.*.Attribute.*.to_ids",
- "data_type": "boolean",
+ "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.to_ids",
+ "data_type": "numeric",
"example_values": [
true,
false
]
},
{
- "data_path": "action_result.data.*.Attribute.*.type",
+ "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.type",
"data_type": "string",
"example_values": [
- "comment",
"filename"
]
},
{
- "data_path": "action_result.data.*.Attribute.*.uuid",
+ "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.uuid",
"data_type": "string",
"example_values": [
- "56e96919-ad18-4f68-8aa1-539002de0b81"
+ "2fd53a9b-44fd-4ebc-af93-0e1605cf3b64"
]
},
{
- "data_path": "action_result.data.*.Attribute.*.value",
+ "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.value",
"data_type": "string",
+ "example_values": [
+ "6.43.3.2"
+ ],
"contains": [
"url",
"domain",
@@ -1322,99 +1375,114 @@
"md5",
"sha256",
"md1"
- ],
+ ]
+ },
+ {
+ "data_path": "action_result.data.*.*.Event.Object.*.comment",
+ "data_type": "string"
+ },
+ {
+ "data_path": "action_result.data.*.*.Event.Object.*.deleted",
+ "data_type": "numeric",
"example_values": [
- "email1@gmail.com"
+ true,
+ false
]
},
{
- "data_path": "action_result.data.*.*.Event.id",
+ "data_path": "action_result.data.*.*.Event.Object.*.description",
"data_type": "string",
"example_values": [
- "1"
+ "File object describing a file with meta-information"
]
},
{
- "data_path": "action_result.data.*.*.Event.Org.id",
+ "data_path": "action_result.data.*.*.Event.Object.*.distribution",
"data_type": "string",
"example_values": [
- "1"
+ "5"
]
},
{
- "data_path": "action_result.data.*.*.Event.Org.name",
+ "data_path": "action_result.data.*.*.Event.Object.*.event_id",
"data_type": "string",
"example_values": [
- "ORGNAME"
+ "2020"
]
},
{
- "data_path": "action_result.data.*.*.Event.Org.uuid",
+ "data_path": "action_result.data.*.*.Event.Object.*.first_seen",
+ "data_type": "string"
+ },
+ {
+ "data_path": "action_result.data.*.*.Event.Object.*.id",
"data_type": "string",
"example_values": [
- "2af87aa3-a713-4ca5-83f7-03ae949c8459"
+ "10"
]
},
{
- "data_path": "action_result.data.*.*.Event.Org.local",
- "data_type": "numeric",
+ "data_path": "action_result.data.*.*.Event.Object.*.last_seen",
+ "data_type": "string"
+ },
+ {
+ "data_path": "action_result.data.*.*.Event.Object.*.meta-category",
+ "data_type": "string",
"example_values": [
- true,
- false
+ "file"
]
},
{
- "data_path": "action_result.data.*.*.Event.Orgc.id",
+ "data_path": "action_result.data.*.*.Event.Object.*.name",
"data_type": "string",
"example_values": [
- "1"
+ "file"
]
},
{
- "data_path": "action_result.data.*.*.Event.Orgc.name",
+ "data_path": "action_result.data.*.*.Event.Object.*.sharing_group_id",
"data_type": "string",
"example_values": [
- "ORGNAME"
+ "0"
]
},
{
- "data_path": "action_result.data.*.*.Event.Orgc.uuid",
+ "data_path": "action_result.data.*.*.Event.Object.*.template_uuid",
"data_type": "string",
"example_values": [
- "2af87aa3-a713-4ca5-83f7-03ae949c8459"
+ "688c46fb-5edb-40a3-8273-1af7923e2215"
]
},
{
- "data_path": "action_result.data.*.*.Event.Orgc.local",
- "data_type": "numeric",
+ "data_path": "action_result.data.*.*.Event.Object.*.template_version",
+ "data_type": "string",
"example_values": [
- true,
- false
+ "24"
]
},
{
- "data_path": "action_result.data.*.*.Event.date",
+ "data_path": "action_result.data.*.*.Event.Object.*.timestamp",
"data_type": "string",
"example_values": [
- "2021-03-17"
+ "1623078296"
]
},
{
- "data_path": "action_result.data.*.*.Event.info",
+ "data_path": "action_result.data.*.*.Event.Object.*.uuid",
"data_type": "string",
"example_values": [
- "Event created by test"
+ "4b5cb238-9e55-40eb-b60e-b30f71cab6f6"
]
},
{
- "data_path": "action_result.data.*.*.Event.uuid",
+ "data_path": "action_result.data.*.*.Event.Org.id",
"data_type": "string",
"example_values": [
- "15483d56-fc32-4e54-a8b4-e9f56e7818bd"
+ "1"
]
},
{
- "data_path": "action_result.data.*.*.Event.locked",
+ "data_path": "action_result.data.*.*.Event.Org.local",
"data_type": "numeric",
"example_values": [
true,
@@ -1422,162 +1490,109 @@
]
},
{
- "data_path": "action_result.data.*.*.Event.org_id",
+ "data_path": "action_result.data.*.*.Event.Org.name",
"data_type": "string",
"example_values": [
- "1"
+ "ORGNAME"
]
},
{
- "data_path": "action_result.data.*.*.Event.orgc_id",
+ "data_path": "action_result.data.*.*.Event.Org.uuid",
"data_type": "string",
"example_values": [
- "1"
+ "2af87aa3-a713-4ca5-83f7-03ae949c8459"
]
},
{
- "data_path": "action_result.data.*.*.Event.analysis",
+ "data_path": "action_result.data.*.*.Event.Orgc.id",
"data_type": "string",
"example_values": [
- "0"
+ "1"
]
},
{
- "data_path": "action_result.data.*.*.Event.Attribute.*.id",
- "data_type": "string",
+ "data_path": "action_result.data.*.*.Event.Orgc.local",
+ "data_type": "numeric",
"example_values": [
- "4265"
+ true,
+ false
]
},
{
- "data_path": "action_result.data.*.*.Event.Attribute.*.type",
+ "data_path": "action_result.data.*.*.Event.Orgc.name",
"data_type": "string",
"example_values": [
- "email-dst"
- ],
- "contains": [
- "url"
+ "ORGNAME"
]
},
{
- "data_path": "action_result.data.*.*.Event.Attribute.*.uuid",
+ "data_path": "action_result.data.*.*.Event.Orgc.uuid",
"data_type": "string",
"example_values": [
- "03fa856e-b6f9-4e34-82ac-1e50dd058f37"
+ "2af87aa3-a713-4ca5-83f7-03ae949c8459"
]
},
{
- "data_path": "action_result.data.*.*.Event.Attribute.*.value",
+ "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.Org.id",
"data_type": "string",
"example_values": [
- "abc@abc.com"
- ],
- "contains": [
- "url",
- "domain",
- "ip",
- "email",
- "hash",
- "md5",
- "sha256",
- "md1"
- ]
- },
- {
- "data_path": "action_result.data.*.*.Event.Attribute.*.to_ids",
- "data_type": "numeric",
- "example_values": [
- true,
- false
- ]
- },
- {
- "data_path": "action_result.data.*.*.Event.Attribute.*.comment",
- "data_type": "string"
- },
- {
- "data_path": "action_result.data.*.*.Event.Attribute.*.deleted",
- "data_type": "numeric",
- "example_values": [
- true,
- false
+ "1"
]
},
{
- "data_path": "action_result.data.*.*.Event.Attribute.*.category",
+ "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.Org.name",
"data_type": "string",
"example_values": [
- "Network activity"
+ "ORGNAME"
]
},
{
- "data_path": "action_result.data.*.*.Event.Attribute.*.event_id",
+ "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.Org.uuid",
"data_type": "string",
"example_values": [
- "1"
+ "2af87aa3-a713-4ca5-83f7-03ae949c8459"
]
},
{
- "data_path": "action_result.data.*.*.Event.Attribute.*.last_seen",
- "data_type": "string"
- },
- {
- "data_path": "action_result.data.*.*.Event.Attribute.*.object_id",
+ "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.Orgc.id",
"data_type": "string",
"example_values": [
- "0"
+ "1"
]
},
{
- "data_path": "action_result.data.*.*.Event.Attribute.*.timestamp",
+ "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.Orgc.name",
"data_type": "string",
"example_values": [
- "1622191169"
+ "ORGNAME"
]
},
{
- "data_path": "action_result.data.*.*.Event.Attribute.*.first_seen",
- "data_type": "string"
- },
- {
- "data_path": "action_result.data.*.*.Event.Attribute.*.distribution",
+ "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.Orgc.uuid",
"data_type": "string",
"example_values": [
- "5"
+ "2af87aa3-a713-4ca5-83f7-03ae949c8459"
]
},
{
- "data_path": "action_result.data.*.*.Event.Attribute.*.object_relation",
- "data_type": "string"
- },
- {
- "data_path": "action_result.data.*.*.Event.Attribute.*.sharing_group_id",
+ "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.analysis",
"data_type": "string",
"example_values": [
"0"
]
},
{
- "data_path": "action_result.data.*.*.Event.Attribute.*.disable_correlation",
- "data_type": "numeric",
- "example_values": [
- true,
- false
- ]
- },
- {
- "data_path": "action_result.data.*.*.Event.published",
- "data_type": "numeric",
+ "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.date",
+ "data_type": "string",
"example_values": [
- true,
- false
+ "2021-06-14"
]
},
{
- "data_path": "action_result.data.*.*.Event.timestamp",
+ "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.distribution",
"data_type": "string",
"example_values": [
- "1623657727"
+ "1"
]
},
{
@@ -1588,91 +1603,87 @@
]
},
{
- "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.Org.id",
- "data_type": "string",
- "example_values": [
- "1"
- ]
- },
- {
- "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.Org.name",
+ "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.info",
"data_type": "string",
"example_values": [
- "ORGNAME"
+ "Event created by test"
]
},
{
- "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.Org.uuid",
+ "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.org_id",
"data_type": "string",
"example_values": [
- "2af87aa3-a713-4ca5-83f7-03ae949c8459"
+ "1"
]
},
{
- "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.Orgc.id",
+ "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.orgc_id",
"data_type": "string",
"example_values": [
"1"
]
},
{
- "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.Orgc.name",
- "data_type": "string",
+ "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.published",
+ "data_type": "numeric",
"example_values": [
- "ORGNAME"
+ true,
+ false
]
},
{
- "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.Orgc.uuid",
+ "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.threat_level_id",
"data_type": "string",
"example_values": [
- "2af87aa3-a713-4ca5-83f7-03ae949c8459"
+ "4"
]
},
{
- "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.date",
+ "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.timestamp",
"data_type": "string",
"example_values": [
- "2021-06-14"
+ "1623645286"
]
},
{
- "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.info",
+ "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.uuid",
"data_type": "string",
"example_values": [
- "Event created by test"
+ "f346cd43-ef47-4401-b725-a5f4f45a4ed3"
]
},
{
- "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.uuid",
+ "data_path": "action_result.data.*.*.Event.Tag.*.colour",
"data_type": "string",
"example_values": [
- "f346cd43-ef47-4401-b725-a5f4f45a4ed3"
+ "#7ab870"
]
},
{
- "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.org_id",
- "data_type": "string",
+ "data_path": "action_result.data.*.*.Event.Tag.*.exportable",
+ "data_type": "numeric",
"example_values": [
- "1"
+ true,
+ false
]
},
{
- "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.orgc_id",
- "data_type": "string",
+ "data_path": "action_result.data.*.*.Event.Tag.*.hide_tag",
+ "data_type": "numeric",
"example_values": [
- "1"
+ true,
+ false
]
},
{
- "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.analysis",
+ "data_path": "action_result.data.*.*.Event.Tag.*.id",
"data_type": "string",
"example_values": [
- "0"
+ "8"
]
},
{
- "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.published",
+ "data_path": "action_result.data.*.*.Event.Tag.*.is_custom_galaxy",
"data_type": "numeric",
"example_values": [
true,
@@ -1680,63 +1691,57 @@
]
},
{
- "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.timestamp",
- "data_type": "string",
- "example_values": [
- "1623645286"
- ]
- },
- {
- "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.distribution",
- "data_type": "string",
+ "data_path": "action_result.data.*.*.Event.Tag.*.is_galaxy",
+ "data_type": "numeric",
"example_values": [
- "1"
+ true,
+ false
]
},
{
- "data_path": "action_result.data.*.*.Event.RelatedEvent.*.Event.threat_level_id",
- "data_type": "string",
+ "data_path": "action_result.data.*.*.Event.Tag.*.local",
+ "data_type": "numeric",
"example_values": [
- "4"
+ 1
]
},
{
- "data_path": "action_result.data.*.*.Event.distribution",
+ "data_path": "action_result.data.*.*.Event.Tag.*.name",
"data_type": "string",
"example_values": [
- "1"
+ "test_1"
]
},
{
- "data_path": "action_result.data.*.*.Event.extends_uuid",
+ "data_path": "action_result.data.*.*.Event.Tag.*.numerical_value",
"data_type": "string"
},
{
- "data_path": "action_result.data.*.*.Event.attribute_count",
+ "data_path": "action_result.data.*.*.Event.Tag.*.user_id",
"data_type": "string",
"example_values": [
- "7"
+ "1"
]
},
{
- "data_path": "action_result.data.*.*.Event.threat_level_id",
+ "data_path": "action_result.data.*.*.Event.analysis",
"data_type": "string",
"example_values": [
- "4"
+ "0"
]
},
{
- "data_path": "action_result.data.*.*.Event.sharing_group_id",
+ "data_path": "action_result.data.*.*.Event.attribute_count",
"data_type": "string",
"example_values": [
- "0"
+ "7"
]
},
{
- "data_path": "action_result.data.*.*.Event.publish_timestamp",
+ "data_path": "action_result.data.*.*.Event.date",
"data_type": "string",
"example_values": [
- "0"
+ "2021-03-17"
]
},
{
@@ -1747,6 +1752,13 @@
false
]
},
+ {
+ "data_path": "action_result.data.*.*.Event.distribution",
+ "data_type": "string",
+ "example_values": [
+ "1"
+ ]
+ },
{
"data_path": "action_result.data.*.*.Event.event_creator_email",
"data_type": "string",
@@ -1758,50 +1770,47 @@
]
},
{
- "data_path": "action_result.data.*.*.Event.proposal_email_lock",
- "data_type": "numeric",
- "example_values": [
- true,
- false
- ]
+ "data_path": "action_result.data.*.*.Event.extends_uuid",
+ "data_type": "string"
},
{
- "data_path": "action_result.data.*.*.Event.Tag.*.id",
+ "data_path": "action_result.data.*.*.Event.id",
"data_type": "string",
"example_values": [
- "8"
+ "1"
]
},
{
- "data_path": "action_result.data.*.*.Event.Tag.*.name",
+ "data_path": "action_result.data.*.*.Event.info",
"data_type": "string",
"example_values": [
- "test_1"
+ "Event created by test"
]
},
{
- "data_path": "action_result.data.*.*.Event.Tag.*.local",
+ "data_path": "action_result.data.*.*.Event.locked",
"data_type": "numeric",
"example_values": [
- 1
+ true,
+ false
]
},
{
- "data_path": "action_result.data.*.*.Event.Tag.*.colour",
+ "data_path": "action_result.data.*.*.Event.org_id",
"data_type": "string",
"example_values": [
- "#7ab870"
+ "1"
]
},
{
- "data_path": "action_result.data.*.*.Event.Tag.*.user_id",
+ "data_path": "action_result.data.*.*.Event.orgc_id",
"data_type": "string",
"example_values": [
"1"
]
},
{
- "data_path": "action_result.data.*.*.Event.Tag.*.hide_tag",
+ "data_path": "action_result.data.*.*.Event.proposal_email_lock",
"data_type": "numeric",
"example_values": [
true,
@@ -1809,15 +1818,14 @@
]
},
{
- "data_path": "action_result.data.*.*.Event.Tag.*.is_galaxy",
- "data_type": "numeric",
+ "data_path": "action_result.data.*.*.Event.publish_timestamp",
+ "data_type": "string",
"example_values": [
- true,
- false
+ "0"
]
},
{
- "data_path": "action_result.data.*.*.Event.Tag.*.exportable",
+ "data_path": "action_result.data.*.*.Event.published",
"data_type": "numeric",
"example_values": [
true,
@@ -1825,235 +1833,226 @@
]
},
{
- "data_path": "action_result.data.*.*.Event.Tag.*.numerical_value",
- "data_type": "string"
- },
- {
- "data_path": "action_result.data.*.*.Event.Tag.*.is_custom_galaxy",
- "data_type": "numeric",
+ "data_path": "action_result.data.*.*.Event.sharing_group_id",
+ "data_type": "string",
"example_values": [
- true,
- false
+ "0"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.id",
+ "data_path": "action_result.data.*.*.Event.threat_level_id",
"data_type": "string",
"example_values": [
- "10"
+ "4"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.name",
+ "data_path": "action_result.data.*.*.Event.timestamp",
"data_type": "string",
"example_values": [
- "file"
+ "1623657727"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.uuid",
+ "data_path": "action_result.data.*.*.Event.uuid",
"data_type": "string",
"example_values": [
- "4b5cb238-9e55-40eb-b60e-b30f71cab6f6"
+ "15483d56-fc32-4e54-a8b4-e9f56e7818bd"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.comment",
- "data_type": "string"
- },
- {
- "data_path": "action_result.data.*.*.Event.Object.*.deleted",
- "data_type": "numeric",
+ "data_path": "action_result.data.*.Attribute.*.Event.distribution",
+ "data_type": "string",
"example_values": [
- true,
- false
+ "1"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.event_id",
+ "data_path": "action_result.data.*.Attribute.*.Event.id",
"data_type": "string",
"example_values": [
"2020"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.id",
+ "data_path": "action_result.data.*.Attribute.*.Event.info",
"data_type": "string",
"example_values": [
- "4953"
+ "Event created by test"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.type",
+ "data_path": "action_result.data.*.Attribute.*.Event.org_id",
"data_type": "string",
"example_values": [
- "filename"
+ "1"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.uuid",
+ "data_path": "action_result.data.*.Attribute.*.Event.orgc_id",
"data_type": "string",
"example_values": [
- "2fd53a9b-44fd-4ebc-af93-0e1605cf3b64"
+ "1"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.value",
+ "data_path": "action_result.data.*.Attribute.*.Event.uuid",
"data_type": "string",
"example_values": [
- "6.43.3.2"
- ],
- "contains": [
- "url",
- "domain",
- "ip",
- "email",
- "hash",
- "md5",
- "sha256",
- "md1"
+ "342c12ab-32ad-41d0-aea2-1c3dccc6ce09"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.to_ids",
- "data_type": "numeric",
+ "data_path": "action_result.data.*.Attribute.*.Object.distribution",
+ "data_type": "string",
"example_values": [
- true,
- false
+ "5"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.comment",
- "data_type": "string"
- },
- {
- "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.deleted",
- "data_type": "numeric",
+ "data_path": "action_result.data.*.Attribute.*.Object.id",
+ "data_type": "string",
"example_values": [
- true,
- false
+ "10"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.category",
+ "data_path": "action_result.data.*.Attribute.*.Object.sharing_group_id",
"data_type": "string",
"example_values": [
- "Payload delivery"
+ "0"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.event_id",
+ "data_path": "action_result.data.*.Attribute.*.category",
"data_type": "string",
"example_values": [
- "2020"
+ "Other",
+ "Payload delivery"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.last_seen",
+ "data_path": "action_result.data.*.Attribute.*.comment",
"data_type": "string"
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.object_id",
- "data_type": "string",
+ "data_path": "action_result.data.*.Attribute.*.deleted",
+ "data_type": "numeric",
"example_values": [
- "10"
+ true,
+ false
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.timestamp",
- "data_type": "string",
+ "data_path": "action_result.data.*.Attribute.*.disable_correlation",
+ "data_type": "numeric",
"example_values": [
- "1623078296"
+ false,
+ true
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.first_seen",
- "data_type": "string"
- },
- {
- "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.distribution",
+ "data_path": "action_result.data.*.Attribute.*.distribution",
"data_type": "string",
"example_values": [
"5"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.object_relation",
+ "data_path": "action_result.data.*.Attribute.*.event_id",
"data_type": "string",
"example_values": [
- "filename"
+ "1"
+ ],
+ "contains": [
+ "misp event id"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.sharing_group_id",
- "data_type": "string",
- "example_values": [
- "0"
- ]
+ "data_path": "action_result.data.*.Attribute.*.first_seen",
+ "data_type": "string"
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.Attribute.*.disable_correlation",
- "data_type": "numeric",
+ "data_path": "action_result.data.*.Attribute.*.id",
+ "data_type": "string",
"example_values": [
- true,
- false
+ "164201"
+ ],
+ "contains": [
+ "misp attribute id"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.last_seen",
+ "data_path": "action_result.data.*.Attribute.*.last_seen",
"data_type": "string"
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.timestamp",
+ "data_path": "action_result.data.*.Attribute.*.object_id",
"data_type": "string",
"example_values": [
- "1623078296"
+ "0",
+ "10"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.first_seen",
- "data_type": "string"
+ "data_path": "action_result.data.*.Attribute.*.object_relation",
+ "data_type": "string",
+ "example_values": [
+ "filename"
+ ]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.description",
+ "data_path": "action_result.data.*.Attribute.*.sharing_group_id",
"data_type": "string",
"example_values": [
- "File object describing a file with meta-information"
+ "0"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.distribution",
+ "data_path": "action_result.data.*.Attribute.*.timestamp",
"data_type": "string",
"example_values": [
- "5"
+ "1498505296"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.meta-category",
- "data_type": "string",
+ "data_path": "action_result.data.*.Attribute.*.to_ids",
+ "data_type": "boolean",
"example_values": [
- "file"
+ true,
+ false
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.template_uuid",
+ "data_path": "action_result.data.*.Attribute.*.type",
"data_type": "string",
"example_values": [
- "688c46fb-5edb-40a3-8273-1af7923e2215"
+ "comment",
+ "filename"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.sharing_group_id",
+ "data_path": "action_result.data.*.Attribute.*.uuid",
"data_type": "string",
"example_values": [
- "0"
+ "56e96919-ad18-4f68-8aa1-539002de0b81"
]
},
{
- "data_path": "action_result.data.*.*.Event.Object.*.template_version",
+ "data_path": "action_result.data.*.Attribute.*.value",
"data_type": "string",
+ "contains": [
+ "url",
+ "domain",
+ "ip",
+ "email",
+ "hash",
+ "md5",
+ "sha256",
+ "md1"
+ ],
"example_values": [
- "24"
+ "email1@gmail.com"
]
},
{
@@ -2435,7 +2434,7 @@
},
{
"module": "setuptools",
- "input_file": "wheels/py3/setuptools-60.7.0-py3-none-any.whl"
+ "input_file": "wheels/py3/setuptools-62.1.0-py3-none-any.whl"
},
{
"module": "six",
@@ -2443,16 +2442,16 @@
},
{
"module": "soupsieve",
- "input_file": "wheels/py3/soupsieve-2.3.1-py3-none-any.whl"
+ "input_file": "wheels/py3/soupsieve-2.3.2-py3-none-any.whl"
},
{
"module": "urllib3",
- "input_file": "wheels/shared/urllib3-1.26.8-py2.py3-none-any.whl"
+ "input_file": "wheels/shared/urllib3-1.26.9-py2.py3-none-any.whl"
},
{
"module": "wrapt",
- "input_file": "wheels/py39/wrapt-1.13.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
+ "input_file": "wheels/py39/wrapt-1.14.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
}
]
}
-}
\ No newline at end of file
+}
diff --git a/misp_connector.py b/misp_connector.py
index 068724a..9a62314 100644
--- a/misp_connector.py
+++ b/misp_connector.py
@@ -59,13 +59,6 @@ def post(self, *args, **kwargs):
requests.Session.post = post
-def slice_list(lst, max_results):
- if max_results > 0:
- return lst[:max_results]
- else:
- return lst[max_results:]
-
-
class RetVal(tuple):
def __new__(cls, val1, val2):
return tuple.__new__(RetVal, (val1, val2))
@@ -108,10 +101,11 @@ def _get_error_message_from_exception(self, e):
:param e: Exception object
:return: error message
"""
- error_msg = MISP_ERR_MESSAGE
- error_code = MISP_ERR_CODE_MESSAGE
+ error_code = None
+ error_msg = MISP_ERR_MSG_UNAVAILABLE
+
try:
- if e.args:
+ if hasattr(e, "args"):
if len(e.args) > 1:
error_code = e.args[0]
error_msg = e.args[1]
@@ -120,7 +114,12 @@ def _get_error_message_from_exception(self, e):
except Exception:
pass
- return "Error Code: {0}. Error Message: {1}".format(error_code, error_msg)
+ if not error_code:
+ error_text = "Error Message: {}".format(error_msg)
+ else:
+ error_text = "Error Code: {}. Error Message: {}".format(error_code, error_msg)
+
+ return error_text
def _validate_ip(self, input_data):
ips = []
@@ -206,7 +205,7 @@ def initialize(self):
patch_requests()
config = self.get_config()
self._verify = config.get("verify_server_cert", False)
- self._misp_url = config.get("base_url")
+ self._misp_url = config.get("base_url").rstrip("/")
api_key = config.get("api_key")
self.save_progress("Creating MISP API session...")
@@ -226,15 +225,16 @@ def initialize(self):
def _test_connectivity(self):
action_result = self.add_action_result(ActionResult())
self.save_progress("Checking connectivity to your MISP instance...")
+ self.debug_print("Checking connectivity to your MISP instance...")
config = self.get_config()
auth = {"Authorization": config.get("api_key")}
ret_val, resp_json = self._make_rest_call('/servers/getPyMISPVersion.json', action_result, headers=auth)
if phantom.is_fail(ret_val):
- self.append_to_message('Test connectivity failed')
- return self.get_status()
+ action_result.append_to_message('Test connectivity failed')
+ return action_result.get_status()
else:
self.save_progress("Test Connectivity Passed")
- return self.set_status(phantom.APP_SUCCESS)
+ return action_result.set_status(phantom.APP_SUCCESS)
def _create_event(self, param):
@@ -504,6 +504,8 @@ def _do_search(self, action_result, **kwargs):
return RetVal(phantom.APP_SUCCESS, resp)
def _run_query(self, param):
+
+ self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
action_result = self.add_action_result(ActionResult(param))
query_dict = {}
controller = param['controller']
@@ -541,7 +543,6 @@ def _run_query(self, param):
query_dict.update(other)
max_results = param.get('max_results', 10)
-
try:
if not float(max_results).is_integer():
return action_result.set_status(phantom.APP_ERROR, MISP_INVALID_INT_ERR.format(msg='', param=MISP_INVALID_MAX_RESULT))
@@ -550,20 +551,44 @@ def _run_query(self, param):
except Exception:
return action_result.set_status(phantom.APP_ERROR, MISP_INVALID_INT_ERR.format(msg='', param=MISP_INVALID_MAX_RESULT))
- ret_val, response = self._do_search(action_result, **query_dict)
-
- if phantom.is_fail(ret_val):
- return action_result.get_status()
-
- if max_results:
- if controller == 'events':
- if response:
- response = slice_list(response, max_results)
- else:
- if response:
- response['Attribute'] = slice_list(response['Attribute'], max_results)
-
- action_result.add_data(response)
+ # pagination
+ response_list = []
+ page = 1
+ records_remaining = max_results
+ query_dict['limit'] = 1000
+ if 0 < max_results < 1000:
+ query_dict['limit'] = max_results
+ while True:
+ query_dict['page'] = page
+ ret_val, response = self._do_search(action_result, **query_dict)
+ if phantom.is_fail(ret_val):
+ return action_result.get_status()
+ page = page + 1
+ if response and controller == 'attributes':
+ response = response.get('Attribute')
+ response_size = len(response)
+ if response_size == 0:
+ break
+ # slice the response in case response size is larger than remaining records (for positive max_results)
+ if max_results > 0 and records_remaining < response_size:
+ response = response[:records_remaining]
+ response_list.extend(response)
+
+ # update the remaining records (for positive max_results)
+ if max_results > 0:
+ records_remaining = records_remaining - response_size
+ if records_remaining <= 0:
+ break
+
+ # slice the result in case of negative max_results value
+ if max_results < 0:
+ response_list = response_list[max_results:]
+
+ if controller == 'attributes':
+ action_result.add_data({"Attribute": response_list})
+ else:
+ action_result.add_data(response_list)
+ self.debug_print("Successfully ran query")
return action_result.set_status(phantom.APP_SUCCESS, "Successfully ran query")
def _download_malware_samples(self, action_result):
@@ -587,7 +612,9 @@ def _download_malware_samples(self, action_result):
return phantom.APP_SUCCESS
- def _get_attachments(self, param):
+ def _get_event(self, param):
+
+ self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
action_result = self.add_action_result(ActionResult(dict(param)))
ret_val, event_id = self._validate_integer(action_result, param.get("event_id"), MISP_INVALID_EVENT_ID)
if phantom.is_fail(ret_val):
@@ -625,6 +652,7 @@ def _get_attachments(self, param):
return action_result.get_status()
action_result.add_data(attachments)
+ self.debug_print("Successfully retrieved attributes")
return action_result.set_status(phantom.APP_SUCCESS, "Successfully retrieved attributes")
def _process_html_response(self, response, action_result):
@@ -732,7 +760,7 @@ def handle_action(self, param):
elif action_id == self.ACTION_ID_RUN_QUERY:
ret_val = self._run_query(param)
elif action_id == self.ACTION_ID_GET_EVENT:
- ret_val = self._get_attachments(param)
+ ret_val = self._get_event(param)
elif action_id == self.ACTION_ID_TEST_ASSET_CONNECTIVITY:
ret_val = self._test_connectivity()
diff --git a/misp_consts.py b/misp_consts.py
index f21388a..409d312 100644
--- a/misp_consts.py
+++ b/misp_consts.py
@@ -15,5 +15,4 @@
MISP_INVALID_INT_ERR = "Please provide a valid {msg} integer value in the {param}"
MISP_INVALID_EVENT_ID = "'event_id' action parameter"
MISP_INVALID_MAX_RESULT = "'max_result' action parameter"
-MISP_ERR_CODE_MESSAGE = "Error code unavailable"
-MISP_ERR_MESSAGE = "Unknown error occurred. Please check the asset configuration and|or action parameters."
+MISP_ERR_MSG_UNAVAILABLE = "Error message unavailable. Please check the asset configuration and|or action parameters"
diff --git a/readme.html b/readme.html
index d046b22..ee4fff9 100644
--- a/readme.html
+++ b/readme.html
@@ -92,3 +92,24 @@ cachetools-4.2.2
+Port Information
+
+ The app uses HTTP/HTTPS protocol for communicating with the Misp Server. Below are the default ports used by Splunk SOAR.
+
+
+ | Service Name |
+ Transport Protocol |
+ Port |
+
+
+ | http |
+ tcp |
+ 80 |
+
+
+ | https |
+ tcp |
+ 443 |
+
+
+
diff --git a/release_notes/2.2.0.md b/release_notes/2.2.0.md
new file mode 100644
index 0000000..6c1ee2f
--- /dev/null
+++ b/release_notes/2.2.0.md
@@ -0,0 +1 @@
+* Modified the 'run query' action to fetch limited records [PAPP-25294]
\ No newline at end of file
diff --git a/release_notes/release_notes.html b/release_notes/release_notes.html
index b85ae5f..434c832 100644
--- a/release_notes/release_notes.html
+++ b/release_notes/release_notes.html
@@ -1,5 +1,9 @@
-MISP Release Notes - Published by Splunk February 03, 2022
+MISP Release Notes - Published by Splunk April 27, 2022
+Version 2.2.0 - Released April 27, 2022
+
+- Modified the 'run query' action to fetch limited records [PAPP-25294]
+
Version 2.1.7 - Released February 03, 2022
- Added support for Python 3.9
diff --git a/tox.ini b/tox.ini
index 127a08b..c4644ad 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,7 +1,7 @@
[flake8]
max-line-length = 145
max-complexity = 28
-ignore = F403,E128,E126,E111,E121,E127,E731,E201,E202,F405,E722,D,W292
+extend-ignore = F403,E128,E126,E111,E121,E127,E731,E201,E202,F405,E722,D,W292
[isort]
line_length = 145
diff --git a/wheels/py3/setuptools-60.7.0-py3-none-any.whl b/wheels/py3/setuptools-62.1.0-py3-none-any.whl
similarity index 66%
rename from wheels/py3/setuptools-60.7.0-py3-none-any.whl
rename to wheels/py3/setuptools-62.1.0-py3-none-any.whl
index 1344f6d..0a56be0 100644
Binary files a/wheels/py3/setuptools-60.7.0-py3-none-any.whl and b/wheels/py3/setuptools-62.1.0-py3-none-any.whl differ
diff --git a/wheels/py3/soupsieve-2.3.1-py3-none-any.whl b/wheels/py3/soupsieve-2.3.1-py3-none-any.whl
deleted file mode 100644
index 85d33de..0000000
Binary files a/wheels/py3/soupsieve-2.3.1-py3-none-any.whl and /dev/null differ
diff --git a/wheels/py3/soupsieve-2.3.2-py3-none-any.whl b/wheels/py3/soupsieve-2.3.2-py3-none-any.whl
new file mode 100644
index 0000000..0eefa9e
Binary files /dev/null and b/wheels/py3/soupsieve-2.3.2-py3-none-any.whl differ
diff --git a/wheels/py3/typing_extensions-4.0.1-py3-none-any.whl b/wheels/py3/typing_extensions-4.0.1-py3-none-any.whl
deleted file mode 100644
index 65500a1..0000000
Binary files a/wheels/py3/typing_extensions-4.0.1-py3-none-any.whl and /dev/null differ
diff --git a/wheels/py3/typing_extensions-4.1.1-py3-none-any.whl b/wheels/py3/typing_extensions-4.1.1-py3-none-any.whl
new file mode 100644
index 0000000..73c3dce
Binary files /dev/null and b/wheels/py3/typing_extensions-4.1.1-py3-none-any.whl differ
diff --git a/wheels/py36/wrapt-1.13.3-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl b/wheels/py36/wrapt-1.13.3-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl
deleted file mode 100644
index afc3e02..0000000
Binary files a/wheels/py36/wrapt-1.13.3-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl and /dev/null differ
diff --git a/wheels/py36/wrapt-1.14.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl b/wheels/py36/wrapt-1.14.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl
new file mode 100644
index 0000000..e0df030
Binary files /dev/null and b/wheels/py36/wrapt-1.14.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl differ
diff --git a/wheels/py39/wrapt-1.13.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl b/wheels/py39/wrapt-1.13.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl
deleted file mode 100644
index 0dec361..0000000
Binary files a/wheels/py39/wrapt-1.13.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl and /dev/null differ
diff --git a/wheels/py39/wrapt-1.14.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl b/wheels/py39/wrapt-1.14.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl
new file mode 100644
index 0000000..6a6e04f
Binary files /dev/null and b/wheels/py39/wrapt-1.14.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl differ
diff --git a/wheels/shared/urllib3-1.26.8-py2.py3-none-any.whl b/wheels/shared/urllib3-1.26.9-py2.py3-none-any.whl
similarity index 68%
rename from wheels/shared/urllib3-1.26.8-py2.py3-none-any.whl
rename to wheels/shared/urllib3-1.26.9-py2.py3-none-any.whl
index bad52ab..5019453 100644
Binary files a/wheels/shared/urllib3-1.26.8-py2.py3-none-any.whl and b/wheels/shared/urllib3-1.26.9-py2.py3-none-any.whl differ