Skip to content

Commit

Permalink
Merge pull request #3 from splunk-soar-connectors/next
Browse files Browse the repository at this point in the history
Merging next to main for release 1.0.1
  • Loading branch information
ishans-crest authored Nov 28, 2023
2 parents 5128e9c + d96c007 commit 5457e29
Show file tree
Hide file tree
Showing 17 changed files with 1,324 additions and 9 deletions.
1 change: 1 addition & 0 deletions .github/workflows/generate-doc.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ on:
paths:
- '*.json'
- 'readme.html'
- 'manual_readme_content.md'
tags-ignore:
- '**'
branches-ignore:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/linting.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: Linting
on: [push, pull_request]
jobs:
lint:
lint:
# Run per push for internal contributers. This isn't possible for forked pull requests,
# so we'll need to run on PR events for external contributers.
# String comparison below is case insensitive.
Expand Down
4 changes: 2 additions & 2 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
repos:
- repo: https://github.com/phantomcyber/dev-cicd-tools
rev: v1.13
rev: v1.16
hooks:
- id: org-hook
- id: package-app-dependencies
- repo: https://github.com/Yelp/detect-secrets
rev: v1.2.0
rev: v1.4.0
hooks:
- id: detect-secrets
args: ['--no-verify']
2 changes: 1 addition & 1 deletion LICENSE
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.

Copyright 2023 Splunk Inc.
Copyright (c) 2023 SEKOIA.IO

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand Down
165 changes: 160 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,164 @@
# Splunk> Phantom
[comment]: # "Auto-generated SOAR connector documentation"
# Sekoia

Welcome to the open-source repository for Splunk> Phantom's sekoiaio App.
Publisher: SEKOIA.IO
Connector Version: 1.0.1
Product Vendor: SEKOIA.IO
Product Name: sekoia.io
Product Version Supported (regex): ".\*"
Minimum Product Version: 6.1.1.211

Please have a look at our [Contributing Guide](https://github.com/Splunk-SOAR-Apps/.github/blob/main/.github/CONTRIBUTING.md) if you are interested in contributing, raising issues, or learning more about open-source Phantom apps.
This app will interact with SEKOIA.IO

## Legal and License
[comment]: # "File: README.md"
[comment]: # "Copyright (c) 2023 SEKOIA.IO"
[comment]: # ""
[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');"
[comment]: # "you may not use this file except in compliance with the License."
[comment]: # "You may obtain a copy of the License at"
[comment]: # ""
[comment]: # " http://www.apache.org/licenses/LICENSE-2.0"
[comment]: # ""
[comment]: # "Unless required by applicable law or agreed to in writing, software distributed under"
[comment]: # "the License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,"
[comment]: # "either express or implied. See the License for the specific language governing permissions"
[comment]: # "and limitations under the License."
[comment]: # ""
# Sekoia.io actions
## Purpose

This Phantom App is licensed under the Apache 2.0 license. Please see our [Contributing Guide](https://github.com/Splunk-SOAR-Apps/.github/blob/main/.github/CONTRIBUTING.md#legal-notice) for further details.
Develop a Splunk SOAR App that interact with [SEKOIA.IO](http://SEKOIA.IO) CTI.

## Authentication

To interact with the [SEKOIA.IO](http://SEKOIA.IO) API, use an API key.

see [this documentation](https://docs.sekoia.io/cti/features/integrations/api/) for more information

## Actions

The App should implement the following actions

### Get indicator

This action allow the user to get an indicator according to some criteria

### Get indicator Context

Create an action that allow the user to get the context of an indicator

### Get Observable

Create an action that allow the user to get an observable according to some criteria

## Port Information

The app uses HTTP/ HTTPS protocol for communicating with the Sekoiaio api. Below are the default
ports used by Splunk SOAR.

|         Service Name | Transport Protocol | Port |
|----------------------|--------------------|------|
|         http | tcp | 80 |
|         https | tcp | 443 |


### Configuration Variables
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a sekoia.io asset in SOAR.

VARIABLE | REQUIRED | TYPE | DESCRIPTION
-------- | -------- | ---- | -----------
**base_url** | required | string | The SEKOIA API base url
**api_key** | required | password | The SEKOIA API key
**verify_server_cert** | optional | boolean | Verify server SSL (Default: true)

### Supported Actions
[test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity using supplied configuration
[get indicator](#action-get-indicator) - Get an indicator according to some criteria
[get indicator context](#action-get-indicator-context) - Get the context of an indicator
[get observable](#action-get-observable) - Get an observable according to some criteria

## action: 'test connectivity'
Validate the asset configuration for connectivity using supplied configuration

Type: **test**
Read only: **True**

#### Action Parameters
No parameters are required for this action

#### Action Output
No Output

## action: 'get indicator'
Get an indicator according to some criteria

Type: **investigate**
Read only: **True**

#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**value** | optional | Value of the indicator | string |
**type** | optional | Type of the indicator | string |

#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.parameter.value | string | |
action_result.parameter.type | string | |
action_result.status | string | |
action_result.message | string | |
summary.total_objects | numeric | |
summary.total_objects_successful | numeric | |
action_result.data | string | |
action_result.summary.num_data | numeric | |

## action: 'get indicator context'
Get the context of an indicator

Type: **investigate**
Read only: **True**

#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**value** | optional | Value of the indicator | string |
**type** | optional | Type of the indicator | string |

#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.parameter.value | string | |
action_result.parameter.type | string | |
action_result.status | string | |
action_result.message | string | |
summary.total_objects | numeric | |
summary.total_objects_successful | numeric | |
action_result.data | string | |
action_result.summary.num_data | numeric | |

## action: 'get observable'
Get an observable according to some criteria

Type: **investigate**
Read only: **True**

#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**value** | optional | Value of the indicator | string |
**type** | optional | Type of the indicator | string |
**limit** | optional | Set the limit of items (Default:20) | numeric |

#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.parameter.value | string | |
action_result.parameter.type | string | |
action_result.parameter.limit | numeric | |
action_result.status | string | |
action_result.message | string | |
summary.total_objects | numeric | |
summary.total_objects_successful | numeric | |
action_result.data | string | |
action_result.summary.num_data_get_observable | numeric | |
14 changes: 14 additions & 0 deletions __init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# File: __init__.py
#
# Copyright (c) 2023 SEKOIA.IO
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under
# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
# either express or implied. See the License for the specific language governing permissions
# and limitations under the License.
Loading

0 comments on commit 5457e29

Please sign in to comment.