diff --git a/.github/workflows/generate-doc.yml b/.github/workflows/generate-doc.yml
new file mode 100644
index 0000000..9284f9d
--- /dev/null
+++ b/.github/workflows/generate-doc.yml
@@ -0,0 +1,20 @@
+name: Generate Readme Doc
+on:
+ workflow_dispatch:
+ push:
+ paths:
+ - '*.json'
+ - 'readme.html'
+ - 'manual_readme_content.md'
+ tags-ignore:
+ - '**'
+ branches-ignore:
+ - next
+ - main
+jobs:
+ generate-doc:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: 'phantomcyber/dev-cicd-tools/github-actions/generate-doc@main'
+ with:
+ GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
index 6f15b22..131c639 100644
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -1,7 +1,7 @@
name: Linting
on: [push, pull_request]
jobs:
- lint:
+ lint:
# Run per push for internal contributers. This isn't possible for forked pull requests,
# so we'll need to run on PR events for external contributers.
# String comparison below is case insensitive.
diff --git a/.github/workflows/review-release.yml b/.github/workflows/review-release.yml
new file mode 100644
index 0000000..6f3bf31
--- /dev/null
+++ b/.github/workflows/review-release.yml
@@ -0,0 +1,22 @@
+name: Review Release
+concurrency:
+ group: app-release
+ cancel-in-progress: true
+permissions:
+ contents: read
+ id-token: write
+ statuses: write
+on:
+ workflow_dispatch:
+ inputs:
+ task_token:
+ description: 'StepFunction task token'
+ required: true
+
+jobs:
+ review:
+ uses: 'phantomcyber/dev-cicd-tools/.github/workflows/review-release.yml@main'
+ with:
+ task_token: ${{ inputs.task_token }}
+ secrets:
+ resume_release_role_arn: ${{ secrets.RESUME_RELEASE_ROLE_ARN }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index c9ae108..863bf5d 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,11 +1,11 @@
repos:
- repo: https://github.com/phantomcyber/dev-cicd-tools
- rev: v1.11
+ rev: v1.17
hooks:
- id: org-hook
- id: package-app-dependencies
- repo: https://github.com/Yelp/detect-secrets
- rev: v1.2.0
+ rev: v1.4.0
hooks:
- id: detect-secrets
- args: ['--no-verify', '--exclude-files', '^malwarebytescloud.json$']
+ args: ['--no-verify', '--exclude-files', '^threatdownnebula.json$']
diff --git a/LICENSE b/LICENSE
index 4b69499..be245e0 100644
--- a/LICENSE
+++ b/LICENSE
@@ -186,7 +186,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.
- Copyright (c) Malwarebytes, 2019-2022
+ Copyright (c) ThreatDown, 2019-2024
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
diff --git a/NOTICE b/NOTICE
index 9b66547..0c6baa2 100644
--- a/NOTICE
+++ b/NOTICE
@@ -1,5 +1,5 @@
-Splunk SOAR Malwarebytes Cloud
-Copyright (c) Malwarebytes, 2019-2022
+Splunk SOAR ThreatDown Nebula
+Copyright (c) ThreatDown Nebula, 2019-2024
Third-party Software Attributions:
diff --git a/README.md b/README.md
index e10400e..2167f24 100644
--- a/README.md
+++ b/README.md
@@ -1,17 +1,17 @@
[comment]: # "Auto-generated SOAR connector documentation"
-# Malwarebytes Cloud
+# ThreatDown Nebula
-Publisher: Malwarebytes
-Connector Version: 2\.0\.0
-Product Vendor: Malwarebytes
+Publisher: ThreatDown
+Connector Version: 2.1.0
+Product Vendor: ThreatDown
Product Name: Malwarebytes Endpoint Protection
-Product Version Supported (regex): "\.\*"
-Minimum Product Version: 5\.1\.0
+Product Version Supported (regex): ".\*"
+Minimum Product Version: 6.1.1
-This app integrates with the Malwarebytes Cloud platform to perform prevention, detection, remediation, and forensics endpoint management tasks
+This app integrates with the ThreatDown (powered by Malwarebytes) Nebula platform to perform prevention, detection, remediation, and forensics endpoint management tasks
[comment]: # " File: README.md"
-[comment]: # " Copyright (c) Malwarebytes, 2019-2022"
+[comment]: # " Copyright (c) ThreatDown, 2019-2024"
[comment]: # ""
[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');"
[comment]: # "you may not use this file except in compliance with the License."
@@ -26,10 +26,10 @@ This app integrates with the Malwarebytes Cloud platform to perform prevention,
[comment]: # ""
## Authentication
-The Malwarebytes App uses the same Cloud console credential to authenticate and issue RESTful API
+The ThreatDown App uses the same Cloud console credential to authenticate and issue RESTful API
commands.
-[](img/malwarebytes_login.png)
+[](img/threatdown_login.png)
### Configuration Variables
@@ -37,9 +37,9 @@ The below configuration variables are required for this Connector to operate. T
VARIABLE | REQUIRED | TYPE | DESCRIPTION
-------- | -------- | ---- | -----------
-**accountid** | required | string | Malwarebytes Cloud Account ID
-**clientid** | required | string | Malwarebytes Cloud Client ID
-**clientsecret** | required | password | Malwarebytes Cloud Client Secret
+**accountid** | required | string | ThreatDown Nebula Account ID
+**clientid** | required | string | ThreatDown Nebula Client ID
+**clientsecret** | required | password | ThreatDown Nebula Client Secret
### Supported Actions
[test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity using supplied configuration
@@ -78,15 +78,15 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**hostname** | required | Hostname of endpoint to scan and remediate | string | `host name`
#### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string |
-action\_result\.parameter\.hostname | string | `host name`
-action\_result\.data | string |
-action\_result\.summary | string |
-action\_result\.message | string |
-summary\.total\_objects | numeric |
-summary\.total\_objects\_successful | numeric |
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string | | success failed
+action_result.parameter.hostname | string | `host name` |
+action_result.data | string | |
+action_result.summary | string | |
+action_result.message | string | |
+summary.total_objects | numeric | |
+summary.total_objects_successful | numeric | |
## action: 'scan and report'
Scan an endpoint and report threats found
@@ -100,15 +100,15 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**hostname** | required | Hostname of endpoint to scan and report | string | `host name`
#### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string |
-action\_result\.parameter\.hostname | string | `host name`
-action\_result\.data | string |
-action\_result\.summary | string |
-action\_result\.message | string |
-summary\.total\_objects | numeric |
-summary\.total\_objects\_successful | numeric |
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string | | success failed
+action_result.parameter.hostname | string | `host name` |
+action_result.data | string | |
+action_result.summary | string | |
+action_result.message | string | |
+summary.total_objects | numeric | |
+summary.total_objects_successful | numeric | |
## action: 'isolate endpoint'
When threats are found, isolate a network, process, or desktop endpoint
@@ -122,15 +122,15 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**hostname** | required | Hostname of endpoint to isolate | string | `host name`
#### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string |
-action\_result\.parameter\.hostname | string | `host name`
-action\_result\.data | string |
-action\_result\.summary | string |
-action\_result\.message | string |
-summary\.total\_objects | numeric |
-summary\.total\_objects\_successful | numeric |
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string | | success failed
+action_result.parameter.hostname | string | `host name` |
+action_result.data | string | |
+action_result.summary | string | |
+action_result.message | string | |
+summary.total_objects | numeric | |
+summary.total_objects_successful | numeric | |
## action: 'isolate process'
When threats are found, isolate a process endpoint
@@ -144,15 +144,15 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**hostname** | required | Hostname of endpoint to isolate | string | `host name`
#### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string |
-action\_result\.parameter\.hostname | string | `host name`
-action\_result\.data | string |
-action\_result\.summary | string |
-action\_result\.message | string |
-summary\.total\_objects | numeric |
-summary\.total\_objects\_successful | numeric |
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string | | success failed
+action_result.parameter.hostname | string | `host name` |
+action_result.data | string | |
+action_result.summary | string | |
+action_result.message | string | |
+summary.total_objects | numeric | |
+summary.total_objects_successful | numeric | |
## action: 'isolate network'
Network Isolation on an endpoint when threats are found
@@ -166,15 +166,15 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**hostname** | required | Hostname of endpoint to isolate | string | `host name`
#### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string |
-action\_result\.parameter\.hostname | string | `host name`
-action\_result\.data | string |
-action\_result\.summary | string |
-action\_result\.message | string |
-summary\.total\_objects | numeric |
-summary\.total\_objects\_successful | numeric |
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string | | success failed
+action_result.parameter.hostname | string | `host name` |
+action_result.data | string | |
+action_result.summary | string | |
+action_result.message | string | |
+summary.total_objects | numeric | |
+summary.total_objects_successful | numeric | |
## action: 'isolate desktop'
Desktop Isolation an endpoint when threats are found
@@ -188,15 +188,15 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**hostname** | required | Hostname of endpoint to isolate | string | `host name`
#### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string |
-action\_result\.parameter\.hostname | string | `host name`
-action\_result\.data | string |
-action\_result\.summary | string |
-action\_result\.message | string |
-summary\.total\_objects | numeric |
-summary\.total\_objects\_successful | numeric |
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string | | success failed
+action_result.parameter.hostname | string | `host name` |
+action_result.data | string | |
+action_result.summary | string | |
+action_result.message | string | |
+summary.total_objects | numeric | |
+summary.total_objects_successful | numeric | |
## action: 'deisolate endpoint'
Deisolate endpoint after threats are removed
@@ -210,15 +210,15 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**hostname** | required | Hostname of endpoint to deisolate | string | `host name`
#### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string |
-action\_result\.parameter\.hostname | string | `host name`
-action\_result\.data | string |
-action\_result\.summary | string |
-action\_result\.message | string |
-summary\.total\_objects | numeric |
-summary\.total\_objects\_successful | numeric |
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string | | success failed
+action_result.parameter.hostname | string | `host name` |
+action_result.data | string | |
+action_result.summary | string | |
+action_result.message | string | |
+summary.total_objects | numeric | |
+summary.total_objects_successful | numeric | |
## action: 'list endpoints'
List all the endpoints/sensors configured on the device
@@ -230,22 +230,22 @@ Read only: **True**
No parameters are required for this action
#### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string |
-action\_result\.data\.\*\.machines\.\*\.created\_at | string |
-action\_result\.data\.\*\.machines\.\*\.id | string |
-action\_result\.data\.\*\.machines\.\*\.last\_seen\_at | string |
-action\_result\.data\.\*\.machines\.\*\.name | string |
-action\_result\.data\.\*\.machines\.\*\.online | boolean |
-action\_result\.data\.\*\.machines\.\*\.os\_architecture | string |
-action\_result\.data\.\*\.machines\.\*\.os\_platform | string |
-action\_result\.data\.\*\.machines\.\*\.os\_release\_name | string |
-action\_result\.data\.\*\.total\_count | numeric |
-action\_result\.summary | string |
-action\_result\.message | string |
-summary\.total\_objects | numeric |
-summary\.total\_objects\_successful | numeric |
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string | | success failed
+action_result.data.\*.machines.\*.created_at | string | | 2018-10-19T17:59:32.877626Z
+action_result.data.\*.machines.\*.id | string | | 9c3999cb-bdd0-4b01-b7f3-42a2f17ec429
+action_result.data.\*.machines.\*.last_seen_at | string | | 2018-11-05T05:23:18.615218Z
+action_result.data.\*.machines.\*.name | string | | test
+action_result.data.\*.machines.\*.online | boolean | | True False
+action_result.data.\*.machines.\*.os_architecture | string | | AMD64
+action_result.data.\*.machines.\*.os_platform | string | | WINDOWS
+action_result.data.\*.machines.\*.os_release_name | string | | Microsoft Windows 10 Pro
+action_result.data.\*.total_count | numeric | | 7
+action_result.summary | string | |
+action_result.message | string | |
+summary.total_objects | numeric | | 2
+summary.total_objects_successful | numeric | | 0
## action: 'get endpoint info'
Get information about an endpoint
@@ -259,22 +259,22 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**hostname** | required | Hostname of the endpoint to get information | string | `host name`
#### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string |
-action\_result\.parameter\.hostname | string | `host name`
-action\_result\.data\.\*\.created\_at | string |
-action\_result\.data\.\*\.id | string |
-action\_result\.data\.\*\.last\_seen\_at | string |
-action\_result\.data\.\*\.name | string |
-action\_result\.data\.\*\.online | boolean |
-action\_result\.data\.\*\.os\_architecture | string |
-action\_result\.data\.\*\.os\_platform | string |
-action\_result\.data\.\*\.os\_release\_name | string |
-action\_result\.summary | string |
-action\_result\.message | string |
-summary\.total\_objects | numeric |
-summary\.total\_objects\_successful | numeric |
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string | | success failed
+action_result.parameter.hostname | string | `host name` | test
+action_result.data.\*.created_at | string | | 2019-05-01T22:03:31.019437Z
+action_result.data.\*.id | string | | 6013e073d5a384b4bc1b494f9258a43a6af11a50
+action_result.data.\*.last_seen_at | string | | 2019-05-04T17:28:00.211005Z
+action_result.data.\*.name | string | | WIN-V9TNRP1M0G4
+action_result.data.\*.online | boolean | | True False
+action_result.data.\*.os_architecture | string | | AMD64
+action_result.data.\*.os_platform | string | | WINDOWS
+action_result.data.\*.os_release_name | string | | Microsoft Windows 10 Pro
+action_result.summary | string | |
+action_result.message | string | | Message from action
+summary.total_objects | numeric | | 1
+summary.total_objects_successful | numeric | | 1
## action: 'get scan info'
Get information about a scan job
@@ -285,29 +285,29 @@ Read only: **True**
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
-**scan\_id** | required | Scan ID for the job | string | `scan id`
+**scan_id** | required | Scan ID for the job | string | `scan id`
#### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string |
-action\_result\.parameter\.scan\_id | string | `scan id`
-action\_result\.data\.\*\.deleted\_count | numeric |
-action\_result\.data\.\*\.duration\_seconds | numeric |
-action\_result\.data\.\*\.found\_count | numeric |
-action\_result\.data\.\*\.from\_cloud | boolean |
-action\_result\.data\.\*\.id | string |
-action\_result\.data\.\*\.machine\_id | string |
-action\_result\.data\.\*\.machine\_name | string |
-action\_result\.data\.\*\.ondemand | boolean |
-action\_result\.data\.\*\.os\_platform | string |
-action\_result\.data\.\*\.quarantined\_count | numeric |
-action\_result\.data\.\*\.reported\_at | string |
-action\_result\.data\.\*\.scan\_type | string |
-action\_result\.data\.\*\.started\_at | string |
-action\_result\.data\.\*\.started\_at\_local | string |
-action\_result\.data\.\*\.total\_count | numeric |
-action\_result\.summary | string |
-action\_result\.message | string |
-summary\.total\_objects | numeric |
-summary\.total\_objects\_successful | numeric |
\ No newline at end of file
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string | | success failed
+action_result.parameter.scan_id | string | `scan id` | 0f03a753-553e-4dbd-a3d6-94b18a96799b
+action_result.data.\*.deleted_count | numeric | | 0
+action_result.data.\*.duration_seconds | numeric | | 90
+action_result.data.\*.found_count | numeric | | 2
+action_result.data.\*.from_cloud | boolean | | True False
+action_result.data.\*.id | string | | fd47c2e9-83a3-4675-bac4-0133ab3a4f65
+action_result.data.\*.machine_id | string | | ebc10d20-7a2e-4f69-8313-97a472bc712b
+action_result.data.\*.machine_name | string | | test.domain.com
+action_result.data.\*.ondemand | boolean | | True False
+action_result.data.\*.os_platform | string | | WINDOWS
+action_result.data.\*.quarantined_count | numeric | | 2
+action_result.data.\*.reported_at | string | | 2019-04-25T16:01:39.093722Z
+action_result.data.\*.scan_type | string | | ThreatScan
+action_result.data.\*.started_at | string | | 2019-04-25T16:01:01Z
+action_result.data.\*.started_at_local | string | | 2019-04-25T09:01:01-07:00
+action_result.data.\*.total_count | numeric | | 2
+action_result.summary | string | |
+action_result.message | string | | Message from action
+summary.total_objects | numeric | | 1
+summary.total_objects_successful | numeric | | 1
\ No newline at end of file
diff --git a/__init__.py b/__init__.py
index 2a8b53c..f1e6710 100644
--- a/__init__.py
+++ b/__init__.py
@@ -1,6 +1,6 @@
# File: __init__.py
#
-# Copyright (c) Malwarebytes, 2019-2022
+# Copyright (c) ThreatDown, 2019-2024
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/img/malwarebytes_login.png b/img/malwarebytes_login.png
index 156041b..45c2b3e 100644
Binary files a/img/malwarebytes_login.png and b/img/malwarebytes_login.png differ
diff --git a/logo_malwarebytescloud.svg b/logo_malwarebytescloud.svg
deleted file mode 100644
index 719a946..0000000
--- a/logo_malwarebytescloud.svg
+++ /dev/null
@@ -1,88 +0,0 @@
-
-
-
diff --git a/logo_malwarebytescloud_dark.svg b/logo_malwarebytescloud_dark.svg
deleted file mode 100644
index 1a22253..0000000
--- a/logo_malwarebytescloud_dark.svg
+++ /dev/null
@@ -1,114 +0,0 @@
-
-
-
diff --git a/logo_threatdownnebula.svg b/logo_threatdownnebula.svg
new file mode 100644
index 0000000..d893f73
--- /dev/null
+++ b/logo_threatdownnebula.svg
@@ -0,0 +1,14 @@
+
diff --git a/logo_threatdownnebula_dark.svg b/logo_threatdownnebula_dark.svg
new file mode 100644
index 0000000..9c5203d
--- /dev/null
+++ b/logo_threatdownnebula_dark.svg
@@ -0,0 +1,14 @@
+
diff --git a/manual_readme_content.md b/manual_readme_content.md
new file mode 100644
index 0000000..fbd3dab
--- /dev/null
+++ b/manual_readme_content.md
@@ -0,0 +1,20 @@
+[comment]: # " File: README.md"
+[comment]: # " Copyright (c) ThreatDown, 2019-2024"
+[comment]: # ""
+[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');"
+[comment]: # "you may not use this file except in compliance with the License."
+[comment]: # "You may obtain a copy of the License at"
+[comment]: # ""
+[comment]: # " http://www.apache.org/licenses/LICENSE-2.0"
+[comment]: # ""
+[comment]: # "Unless required by applicable law or agreed to in writing, software distributed under"
+[comment]: # "the License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,"
+[comment]: # "either express or implied. See the License for the specific language governing permissions"
+[comment]: # "and limitations under the License."
+[comment]: # ""
+## Authentication
+
+The ThreatDown App uses the same Cloud console credential to authenticate and issue RESTful API
+commands.
+
+[](img/threatdown_login.png)
diff --git a/readme.html b/readme.html
deleted file mode 100644
index 647f229..0000000
--- a/readme.html
+++ /dev/null
@@ -1,24 +0,0 @@
-
-
-Authentication
-
-The Malwarebytes App uses the same Cloud console credential to authenticate and issue RESTful API commands.
-
-
-
- 
-
-
diff --git a/release_notes/2.1.0.md b/release_notes/2.1.0.md
new file mode 100644
index 0000000..88e43ca
--- /dev/null
+++ b/release_notes/2.1.0.md
@@ -0,0 +1 @@
+* Changed App name from 'Malwarebytes Cloud' to 'ThreatDown'
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index ed95ead..b217881 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,2 @@
oauthlib==3.1.0
-requests==2.25.0
requests-oauthlib==1.3.0
diff --git a/malwarebytescloud.json b/threatdownnebula.json
similarity index 95%
rename from malwarebytescloud.json
rename to threatdownnebula.json
index 2ca661b..d45fdc8 100644
--- a/malwarebytescloud.json
+++ b/threatdownnebula.json
@@ -1,70 +1,50 @@
{
"appid": "5c742a84-46e6-4e28-8475-f26d9873216d",
- "name": "Malwarebytes Cloud",
- "description": "This app integrates with the Malwarebytes Cloud platform to perform prevention, detection, remediation, and forensics endpoint management tasks",
+ "name": "ThreatDown Nebula",
+ "description": "This app integrates with the ThreatDown (powered by Malwarebytes) Nebula platform to perform prevention, detection, remediation, and forensics endpoint management tasks",
"type": "endpoint",
- "product_vendor": "Malwarebytes",
- "logo": "logo_malwarebytescloud.svg",
- "logo_dark": "logo_malwarebytescloud_dark.svg",
+ "product_vendor": "ThreatDown",
+ "logo": "logo_threatdownnebula.svg",
+ "logo_dark": "logo_threatdownnebula_dark.svg",
"product_name": "Malwarebytes Endpoint Protection",
"python_version": "3",
"product_version_regex": ".*",
- "publisher": "Malwarebytes",
- "license": "Copyright (c) Malwarebytes, 2019-2022",
- "app_version": "2.0.0",
+ "publisher": "ThreatDown",
+ "license": "Copyright (c) ThreatDown, 2019-2024",
+ "app_version": "2.1.0",
"utctime_updated": "2022-01-07T20:37:48.000000Z",
- "package_name": "phantom_malwarebytescloud",
- "main_module": "malwarebytescloud_connector.py",
- "min_phantom_version": "5.1.0",
+ "package_name": "phantom_threatdownnebula",
+ "main_module": "threatdownnebula_connector.py",
+ "min_phantom_version": "6.1.1",
"app_wizard_version": "1.0.0",
"fips_compliant": false,
"pip_dependencies": {
"wheel": [
- {
- "module": "certifi",
- "input_file": "wheels/shared/certifi-2021.10.8-py2.py3-none-any.whl"
- },
- {
- "module": "chardet",
- "input_file": "wheels/shared/chardet-3.0.4-py2.py3-none-any.whl"
- },
- {
- "module": "idna",
- "input_file": "wheels/shared/idna-2.10-py2.py3-none-any.whl"
- },
{
"module": "oauthlib",
"input_file": "wheels/shared/oauthlib-3.1.0-py2.py3-none-any.whl"
},
- {
- "module": "requests",
- "input_file": "wheels/shared/requests-2.25.0-py2.py3-none-any.whl"
- },
{
"module": "requests_oauthlib",
"input_file": "wheels/shared/requests_oauthlib-1.3.0-py2.py3-none-any.whl"
- },
- {
- "module": "urllib3",
- "input_file": "wheels/shared/urllib3-1.26.8-py2.py3-none-any.whl"
}
]
},
"configuration": {
"accountid": {
- "description": "Malwarebytes Cloud Account ID",
+ "description": "ThreatDown Nebula Account ID",
"data_type": "string",
"required": true,
"order": 0
},
"clientid": {
- "description": "Malwarebytes Cloud Client ID",
+ "description": "ThreatDown Nebula Client ID",
"data_type": "string",
"required": true,
"order": 2
},
"clientsecret": {
- "description": "Malwarebytes Cloud Client Secret",
+ "description": "ThreatDown Nebula Client Secret",
"data_type": "password",
"required": true,
"order": 1
@@ -991,5 +971,17 @@
},
"versions": "EQ(*)"
}
- ]
+ ],
+ "pip39_dependencies": {
+ "wheel": [
+ {
+ "module": "oauthlib",
+ "input_file": "wheels/shared/oauthlib-3.1.0-py2.py3-none-any.whl"
+ },
+ {
+ "module": "requests_oauthlib",
+ "input_file": "wheels/shared/requests_oauthlib-1.3.0-py2.py3-none-any.whl"
+ }
+ ]
+ }
}
diff --git a/malwarebytescloud_connector.py b/threatdownnebula_connector.py
similarity index 96%
rename from malwarebytescloud_connector.py
rename to threatdownnebula_connector.py
index d3c6f6c..96e4c8b 100644
--- a/malwarebytescloud_connector.py
+++ b/threatdownnebula_connector.py
@@ -1,6 +1,6 @@
-# File: malwarebytescloud_connector.py
+# File: threatdownnebula_connector.py
#
-# Copyright (c) Malwarebytes, 2019-2022
+# Copyright (c) ThreatDown, 2019-2024
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -16,7 +16,7 @@
# Phantom App imports
# Usage of the consts file is recommended
-# from malwarebytescloud_consts import *
+# from threatdownnebula_consts import *
import json
import time
from datetime import datetime
@@ -29,10 +29,10 @@
from requests_oauthlib import OAuth2Session
__author__ = "Rohin Sambath Kumar"
-__copyright__ = "Copyright 2022, Malwarebytes"
+__copyright__ = "Copyright 2019-2024, ThreatDown"
__credits__ = ["Rohin Sambath Kumar"]
__license__ = "GPL"
-__version__ = "2.0.0"
+__version__ = "2.0.1"
__maintainer__ = "Rohin Sambath Kumar"
__email__ = "rskumar@malwarebytes.com"
__status__ = "Production"
@@ -43,12 +43,12 @@ def __new__(cls, val1, val2=None):
return tuple.__new__(RetVal, (val1, val2))
-class MalwarebytesCloudConnector(BaseConnector):
+class ThreatDownNebulaConnector(BaseConnector):
def __init__(self):
# Call the BaseConnectors init first
- super(MalwarebytesCloudConnector, self).__init__()
+ super(ThreatDownNebulaConnector, self).__init__()
self._state = None
self._base_url = None
@@ -67,7 +67,7 @@ def _handle_test_connectivity(self, param):
# Also typically it does not add any data into an action_result either.
# The status and progress messages are more important.
- self.save_progress("Connecting to Malwarebytes Cloud")
+ self.save_progress("Connecting to ThreatDown Nebula")
try:
self.save_progress("Account ID: {}".format(self.account_id))
@@ -76,13 +76,13 @@ def _handle_test_connectivity(self, param):
nebula = OAuth2Session(client=client, scope=self.client_scope)
nebula.headers.update(self.HEADER)
nebula.fetch_token(token_url="{}/oauth2/token".format(self._base_url), client_secret=self.client_secret, scope=self.client_scope)
- self.save_progress("Login to Malwarebytes Cloud is successful")
+ self.save_progress("Login to ThreatDown Nebula is successful")
except Exception as err:
if "'ascii' codec can't decode" in str(err):
return action_result.set_status(phantom.APP_ERROR,
- "Error Connecting to Malwarebytes Cloud. Please provide valid asset configuration parameters.")
+ "Error Connecting to ThreatDown Nebula. Please provide valid asset configuration parameters.")
return action_result.set_status(phantom.APP_ERROR,
- "Error Connecting to Malwarebytes Cloud. Details: {0}".format(str(err)))
+ "Error Connecting to ThreatDown Nebula. Details: {0}".format(str(err)))
# Return success
return action_result.set_status(phantom.APP_SUCCESS)
@@ -505,7 +505,7 @@ def _get_nebula_client(self, action_result):
nebula = OAuth2Session(client=client, scope=self.client_scope)
nebula.headers.update(self.HEADER)
nebula.fetch_token(token_url=self._base_url + '/oauth2/token', client_secret=self.client_secret, scope=self.client_scope)
- # Malwarebytes Telemerty Code.
+ # ThreatDown Telemerty Code.
try:
TELEMETRY_LINK = "https://api-msp-telemetry.malwarebytes.com/data"
APP_VERSION = "2.0.0"
@@ -514,7 +514,7 @@ def _get_nebula_client(self, action_result):
"timestamp": str(telemetry_ts),
"integration_code": "TA-PH",
"integration_name": "Splunk Phantom",
- "integration_app": "Malwarebytes Cloud",
+ "integration_app": "ThreatDown Nebula",
"integration_app_version": APP_VERSION,
"nebula_account_id": self.account_id.decode("utf8"),
"ov_account_id": "",
@@ -537,7 +537,7 @@ def _get_nebula_client(self, action_result):
return(phantom.APP_SUCCESS, nebula)
except Exception as err:
return RetVal(action_result.set_status(phantom.APP_ERROR,
- "Error Connecting to Malwarebytes Cloud. Details: {0}".format(str(err))), None)
+ "Error Connecting to ThreatDown Nebula. Details: {0}".format(str(err))), None)
def handle_action(self, param):
@@ -667,7 +667,7 @@ def finalize(self):
in_json = json.loads(in_json)
print(json.dumps(in_json, indent=4))
- connector = MalwarebytesCloudConnector()
+ connector = ThreatDownNebulaConnector()
connector.print_progress_message = True
if session_id is not None:
diff --git a/tox.ini b/tox.ini
index 127a08b..c4644ad 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,7 +1,7 @@
[flake8]
max-line-length = 145
max-complexity = 28
-ignore = F403,E128,E126,E111,E121,E127,E731,E201,E202,F405,E722,D,W292
+extend-ignore = F403,E128,E126,E111,E121,E127,E731,E201,E202,F405,E722,D,W292
[isort]
line_length = 145
diff --git a/wheels/certifi-2021.10.8-py2.py3-none-any.whl b/wheels/certifi-2021.10.8-py2.py3-none-any.whl
deleted file mode 100644
index fbcb86b..0000000
Binary files a/wheels/certifi-2021.10.8-py2.py3-none-any.whl and /dev/null differ
diff --git a/wheels/chardet-3.0.4-py2.py3-none-any.whl b/wheels/chardet-3.0.4-py2.py3-none-any.whl
deleted file mode 100644
index d276977..0000000
Binary files a/wheels/chardet-3.0.4-py2.py3-none-any.whl and /dev/null differ
diff --git a/wheels/idna-2.10-py2.py3-none-any.whl b/wheels/idna-2.10-py2.py3-none-any.whl
deleted file mode 100644
index 41225cb..0000000
Binary files a/wheels/idna-2.10-py2.py3-none-any.whl and /dev/null differ
diff --git a/wheels/py39/charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl b/wheels/py39/charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
new file mode 100644
index 0000000..4ddb772
Binary files /dev/null and b/wheels/py39/charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl differ
diff --git a/wheels/requests-2.25.0-py2.py3-none-any.whl b/wheels/requests-2.25.0-py2.py3-none-any.whl
deleted file mode 100644
index c3f28e5..0000000
Binary files a/wheels/requests-2.25.0-py2.py3-none-any.whl and /dev/null differ
diff --git a/wheels/shared/certifi-2021.10.8-py2.py3-none-any.whl b/wheels/shared/certifi-2021.10.8-py2.py3-none-any.whl
deleted file mode 100644
index fbcb86b..0000000
Binary files a/wheels/shared/certifi-2021.10.8-py2.py3-none-any.whl and /dev/null differ
diff --git a/wheels/shared/chardet-3.0.4-py2.py3-none-any.whl b/wheels/shared/chardet-3.0.4-py2.py3-none-any.whl
deleted file mode 100644
index d276977..0000000
Binary files a/wheels/shared/chardet-3.0.4-py2.py3-none-any.whl and /dev/null differ
diff --git a/wheels/shared/idna-2.10-py2.py3-none-any.whl b/wheels/shared/idna-2.10-py2.py3-none-any.whl
deleted file mode 100644
index 41225cb..0000000
Binary files a/wheels/shared/idna-2.10-py2.py3-none-any.whl and /dev/null differ
diff --git a/wheels/shared/requests-2.25.0-py2.py3-none-any.whl b/wheels/shared/requests-2.25.0-py2.py3-none-any.whl
deleted file mode 100644
index c3f28e5..0000000
Binary files a/wheels/shared/requests-2.25.0-py2.py3-none-any.whl and /dev/null differ
diff --git a/wheels/shared/urllib3-1.26.8-py2.py3-none-any.whl b/wheels/shared/urllib3-1.26.8-py2.py3-none-any.whl
deleted file mode 100644
index bad52ab..0000000
Binary files a/wheels/shared/urllib3-1.26.8-py2.py3-none-any.whl and /dev/null differ
diff --git a/wheels/urllib3-1.26.7-py2.py3-none-any.whl b/wheels/urllib3-1.26.7-py2.py3-none-any.whl
deleted file mode 100644
index 62189e6..0000000
Binary files a/wheels/urllib3-1.26.7-py2.py3-none-any.whl and /dev/null differ