diff --git a/LICENSE b/LICENSE index 12c3721..03acf95 100644 --- a/LICENSE +++ b/LICENSE @@ -198,4 +198,4 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and - limitations under the License. + limitations under the License. \ No newline at end of file diff --git a/README.md b/README.md index 6d788d2..19e148a 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,15 @@ +[comment]: # "Auto-generated SOAR connector documentation" +# Sekoia + +Publisher: SEKOIA.IO +Connector Version: 1.0.1 +Product Vendor: SEKOIA.IO +Product Name: sekoia.io +Product Version Supported (regex): ".\*" +Minimum Product Version: 6.1.1.211 + +This app will interact with SEKOIA.IO + # Splunk> Phantom Welcome to the open-source repository for Splunk> Phantom's sekoiaio App. @@ -7,3 +19,105 @@ Please have a look at our [Contributing Guide](https://github.com/Splunk-SOAR-Ap ## Legal and License This Phantom App is licensed under the Apache 2.0 license. Please see our [Contributing Guide](https://github.com/Splunk-SOAR-Apps/.github/blob/main/.github/CONTRIBUTING.md#legal-notice) for further details. + + +### Configuration Variables +The below configuration variables are required for this Connector to operate. These variables are specified when configuring a sekoia.io asset in SOAR. + +VARIABLE | REQUIRED | TYPE | DESCRIPTION +-------- | -------- | ---- | ----------- +**base_url** | required | string | The SEKOIA API base url +**api_key** | required | password | The SEKOIA API key +**verify_server_cert** | optional | boolean | Verify server SSL (Default: true) + +### Supported Actions +[test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity using supplied configuration +[get indicator](#action-get-indicator) - Get an indicator according to some criteria +[get indicator context](#action-get-indicator-context) - Get the context of an indicator +[get observable](#action-get-observable) - Get an observable according to some criteria + +## action: 'test connectivity' +Validate the asset configuration for connectivity using supplied configuration + +Type: **test** +Read only: **True** + +#### Action Parameters +No parameters are required for this action + +#### Action Output +No Output + +## action: 'get indicator' +Get an indicator according to some criteria + +Type: **investigate** +Read only: **True** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**value** | optional | Value of the indicator | string | +**type** | optional | Type of the indicator | string | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.value | string | | +action_result.parameter.type | string | | +action_result.status | string | | +action_result.message | string | | +summary.total_objects | numeric | | +summary.total_objects_successful | numeric | | +action_result.data | string | | +action_result.summary.num_data | numeric | | + +## action: 'get indicator context' +Get the context of an indicator + +Type: **investigate** +Read only: **True** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**value** | optional | Value of the indicator | string | +**type** | optional | Type of the indicator | string | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.value | string | | +action_result.parameter.type | string | | +action_result.status | string | | +action_result.message | string | | +summary.total_objects | numeric | | +summary.total_objects_successful | numeric | | +action_result.data | string | | +action_result.summary.num_data | numeric | | + +## action: 'get observable' +Get an observable according to some criteria + +Type: **investigate** +Read only: **True** + +#### Action Parameters +PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS +--------- | -------- | ----------- | ---- | -------- +**value** | optional | Value of the indicator | string | +**type** | optional | Type of the indicator | string | +**limit** | optional | Set the limit of items (Default:20) | numeric | + +#### Action Output +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.value | string | | +action_result.parameter.type | string | | +action_result.parameter.limit | numeric | | +action_result.status | string | | +action_result.message | string | | +summary.total_objects | numeric | | +summary.total_objects_successful | numeric | | +action_result.data | string | | +action_result.summary.num_data_get_observable | numeric | | \ No newline at end of file diff --git a/release_notes/1.0.1.md b/release_notes/1.0.1.md new file mode 100644 index 0000000..34d1a29 --- /dev/null +++ b/release_notes/1.0.1.md @@ -0,0 +1 @@ +* Initial release with Python 3 support \ No newline at end of file diff --git a/release_notes/unreleased.md b/release_notes/unreleased.md index 91ef90d..fbcb2fd 100644 --- a/release_notes/unreleased.md +++ b/release_notes/unreleased.md @@ -1,2 +1 @@ **Unreleased** -* Initial release with Python 3 support diff --git a/sekoiaio.json b/sekoiaio.json index e440819..dad5513 100644 --- a/sekoiaio.json +++ b/sekoiaio.json @@ -11,7 +11,7 @@ "product_version_regex": ".*", "publisher": "SEKOIA.IO", "license": "Copyright (c) 2023 SEKOIA.IO", - "app_version": "1.0.0", + "app_version": "1.0.1", "utctime_updated": "2023-10-09T08:07:31.780040Z", "package_name": "phantom_sekoiaio", "fips_compliant": false, @@ -277,4 +277,4 @@ } ] } -} +} \ No newline at end of file