-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3 from splunk-soar-connectors/next
Merging next to main for release 1.0.1
- Loading branch information
Showing
17 changed files
with
1,324 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,11 @@ | ||
repos: | ||
- repo: https://github.com/phantomcyber/dev-cicd-tools | ||
rev: v1.13 | ||
rev: v1.16 | ||
hooks: | ||
- id: org-hook | ||
- id: package-app-dependencies | ||
- repo: https://github.com/Yelp/detect-secrets | ||
rev: v1.2.0 | ||
rev: v1.4.0 | ||
hooks: | ||
- id: detect-secrets | ||
args: ['--no-verify'] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,164 @@ | ||
# Splunk> Phantom | ||
[comment]: # "Auto-generated SOAR connector documentation" | ||
# Sekoia | ||
|
||
Welcome to the open-source repository for Splunk> Phantom's sekoiaio App. | ||
Publisher: SEKOIA.IO | ||
Connector Version: 1.0.1 | ||
Product Vendor: SEKOIA.IO | ||
Product Name: sekoia.io | ||
Product Version Supported (regex): ".\*" | ||
Minimum Product Version: 6.1.1.211 | ||
|
||
Please have a look at our [Contributing Guide](https://github.com/Splunk-SOAR-Apps/.github/blob/main/.github/CONTRIBUTING.md) if you are interested in contributing, raising issues, or learning more about open-source Phantom apps. | ||
This app will interact with SEKOIA.IO | ||
|
||
## Legal and License | ||
[comment]: # "File: README.md" | ||
[comment]: # "Copyright (c) 2023 SEKOIA.IO" | ||
[comment]: # "" | ||
[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');" | ||
[comment]: # "you may not use this file except in compliance with the License." | ||
[comment]: # "You may obtain a copy of the License at" | ||
[comment]: # "" | ||
[comment]: # " http://www.apache.org/licenses/LICENSE-2.0" | ||
[comment]: # "" | ||
[comment]: # "Unless required by applicable law or agreed to in writing, software distributed under" | ||
[comment]: # "the License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND," | ||
[comment]: # "either express or implied. See the License for the specific language governing permissions" | ||
[comment]: # "and limitations under the License." | ||
[comment]: # "" | ||
# Sekoia.io actions | ||
## Purpose | ||
|
||
This Phantom App is licensed under the Apache 2.0 license. Please see our [Contributing Guide](https://github.com/Splunk-SOAR-Apps/.github/blob/main/.github/CONTRIBUTING.md#legal-notice) for further details. | ||
Develop a Splunk SOAR App that interact with [SEKOIA.IO](http://SEKOIA.IO) CTI. | ||
|
||
## Authentication | ||
|
||
To interact with the [SEKOIA.IO](http://SEKOIA.IO) API, use an API key. | ||
|
||
see [this documentation](https://docs.sekoia.io/cti/features/integrations/api/) for more information | ||
|
||
## Actions | ||
|
||
The App should implement the following actions | ||
|
||
### Get indicator | ||
|
||
This action allow the user to get an indicator according to some criteria | ||
|
||
### Get indicator Context | ||
|
||
Create an action that allow the user to get the context of an indicator | ||
|
||
### Get Observable | ||
|
||
Create an action that allow the user to get an observable according to some criteria | ||
|
||
## Port Information | ||
|
||
The app uses HTTP/ HTTPS protocol for communicating with the Sekoiaio api. Below are the default | ||
ports used by Splunk SOAR. | ||
|
||
| Service Name | Transport Protocol | Port | | ||
|----------------------|--------------------|------| | ||
| http | tcp | 80 | | ||
| https | tcp | 443 | | ||
|
||
|
||
### Configuration Variables | ||
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a sekoia.io asset in SOAR. | ||
|
||
VARIABLE | REQUIRED | TYPE | DESCRIPTION | ||
-------- | -------- | ---- | ----------- | ||
**base_url** | required | string | The SEKOIA API base url | ||
**api_key** | required | password | The SEKOIA API key | ||
**verify_server_cert** | optional | boolean | Verify server SSL (Default: true) | ||
|
||
### Supported Actions | ||
[test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity using supplied configuration | ||
[get indicator](#action-get-indicator) - Get an indicator according to some criteria | ||
[get indicator context](#action-get-indicator-context) - Get the context of an indicator | ||
[get observable](#action-get-observable) - Get an observable according to some criteria | ||
|
||
## action: 'test connectivity' | ||
Validate the asset configuration for connectivity using supplied configuration | ||
|
||
Type: **test** | ||
Read only: **True** | ||
|
||
#### Action Parameters | ||
No parameters are required for this action | ||
|
||
#### Action Output | ||
No Output | ||
|
||
## action: 'get indicator' | ||
Get an indicator according to some criteria | ||
|
||
Type: **investigate** | ||
Read only: **True** | ||
|
||
#### Action Parameters | ||
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS | ||
--------- | -------- | ----------- | ---- | -------- | ||
**value** | optional | Value of the indicator | string | | ||
**type** | optional | Type of the indicator | string | | ||
|
||
#### Action Output | ||
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES | ||
--------- | ---- | -------- | -------------- | ||
action_result.parameter.value | string | | | ||
action_result.parameter.type | string | | | ||
action_result.status | string | | | ||
action_result.message | string | | | ||
summary.total_objects | numeric | | | ||
summary.total_objects_successful | numeric | | | ||
action_result.data | string | | | ||
action_result.summary.num_data | numeric | | | ||
|
||
## action: 'get indicator context' | ||
Get the context of an indicator | ||
|
||
Type: **investigate** | ||
Read only: **True** | ||
|
||
#### Action Parameters | ||
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS | ||
--------- | -------- | ----------- | ---- | -------- | ||
**value** | optional | Value of the indicator | string | | ||
**type** | optional | Type of the indicator | string | | ||
|
||
#### Action Output | ||
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES | ||
--------- | ---- | -------- | -------------- | ||
action_result.parameter.value | string | | | ||
action_result.parameter.type | string | | | ||
action_result.status | string | | | ||
action_result.message | string | | | ||
summary.total_objects | numeric | | | ||
summary.total_objects_successful | numeric | | | ||
action_result.data | string | | | ||
action_result.summary.num_data | numeric | | | ||
|
||
## action: 'get observable' | ||
Get an observable according to some criteria | ||
|
||
Type: **investigate** | ||
Read only: **True** | ||
|
||
#### Action Parameters | ||
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS | ||
--------- | -------- | ----------- | ---- | -------- | ||
**value** | optional | Value of the indicator | string | | ||
**type** | optional | Type of the indicator | string | | ||
**limit** | optional | Set the limit of items (Default:20) | numeric | | ||
|
||
#### Action Output | ||
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES | ||
--------- | ---- | -------- | -------------- | ||
action_result.parameter.value | string | | | ||
action_result.parameter.type | string | | | ||
action_result.parameter.limit | numeric | | | ||
action_result.status | string | | | ||
action_result.message | string | | | ||
summary.total_objects | numeric | | | ||
summary.total_objects_successful | numeric | | | ||
action_result.data | string | | | ||
action_result.summary.num_data_get_observable | numeric | | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# File: __init__.py | ||
# | ||
# Copyright (c) 2023 SEKOIA.IO | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software distributed under | ||
# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, | ||
# either express or implied. See the License for the specific language governing permissions | ||
# and limitations under the License. |
Oops, something went wrong.