diff --git a/README.md b/README.md index 9d75f5a..df10b07 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Connector Version: 1.0.1 Product Vendor: Varonis Product Name: Varonis SaaS Product Version Supported (regex): ".\*" -Minimum Product Version: 5.3.0 +Minimum Product Version: 6.2.1 Varonis SaaS for Splunk SOAR diff --git a/test_data/get_alerted_events_query.json b/test_data/get_varonissaas_alerted_events_query.json similarity index 100% rename from test_data/get_alerted_events_query.json rename to test_data/get_varonissaas_alerted_events_query.json diff --git a/test_data/get_alerted_events_response.json b/test_data/get_varonissaas_alerted_events_response.json similarity index 100% rename from test_data/get_alerted_events_response.json rename to test_data/get_varonissaas_alerted_events_response.json diff --git a/test_data/get_alerted_events_result.json b/test_data/get_varonissaas_alerted_events_result.json similarity index 100% rename from test_data/get_alerted_events_result.json rename to test_data/get_varonissaas_alerted_events_result.json diff --git a/test_data/get_alerts_empty_param_query.json b/test_data/get_varonissaas_alerts_empty_param_query.json similarity index 100% rename from test_data/get_alerts_empty_param_query.json rename to test_data/get_varonissaas_alerts_empty_param_query.json diff --git a/test_data/get_alerts_empty_param_response.json b/test_data/get_varonissaas_alerts_empty_param_response.json similarity index 100% rename from test_data/get_alerts_empty_param_response.json rename to test_data/get_varonissaas_alerts_empty_param_response.json diff --git a/test_data/get_alerts_empty_param_result.json b/test_data/get_varonissaas_alerts_empty_param_result.json similarity index 100% rename from test_data/get_alerts_empty_param_result.json rename to test_data/get_varonissaas_alerts_empty_param_result.json diff --git a/test_data/get_alerts_query.json b/test_data/get_varonissaas_alerts_query.json similarity index 100% rename from test_data/get_alerts_query.json rename to test_data/get_varonissaas_alerts_query.json diff --git a/test_data/get_alerts_response.json b/test_data/get_varonissaas_alerts_response.json similarity index 100% rename from test_data/get_alerts_response.json rename to test_data/get_varonissaas_alerts_response.json diff --git a/test_data/get_alerts_result.json b/test_data/get_varonissaas_alerts_result.json similarity index 100% rename from test_data/get_alerts_result.json rename to test_data/get_varonissaas_alerts_result.json diff --git a/varonissaas.json b/varonissaas.json index a1330cb..dc7177a 100644 --- a/varonissaas.json +++ b/varonissaas.json @@ -16,33 +16,33 @@ "package_name": "phantom_varonissaas", "main_module": "varonissaas_connector.py", "fips_complaint": false, - "min_phantom_version": "5.3.0", + "min_phantom_version": "6.2.1", "app_wizard_version": "1.0.0", "configuration": { "base_url": { "description": "Varonis FQDN/IP the integration should connect to", "data_type": "string", "required": true, - "order": 1 + "order": 0 }, "ingest_artifacts": { "description": "Should artifacts be ingested?", "data_type": "boolean", "required": true, - "order": 2 + "order": 1 }, "api_key": { "description": "Varonis API Key", "data_type": "password", "required": true, - "order": 3 + "order": 2 }, "ingest_period": { "description": "Alert Retrieval Start (Days Ago)", "data_type": "string", "required": true, "default": "7", - "order": 4 + "order": 3 }, "severity": { "description": "Alert Severity", @@ -53,12 +53,12 @@ "High" ], "default": "Low", - "order": 5 + "order": 4 }, "threat_model": { "description": "Threat Detection Policies", "data_type": "string", - "order": 6 + "order": 5 }, "alert_status": { "description": "Alert Status", @@ -69,7 +69,7 @@ "Closed", "Auto-Resolved" ], - "order": 7 + "order": 6 } }, "actions": [ @@ -155,61 +155,76 @@ }, "output": [ { - "data_path": "action_result.status", + "data_path": "action_result.data.*.ID", "data_type": "string", - "column_name": "Status", - "column_order": 25, - "example_values": [ - "success", - "failed" + "column_name": "Alert ID", + "column_order": 0, + "contains": [ + "varonis alert id" ] }, { - "data_path": "action_result.parameter.alert_severity", - "data_type": "string" - }, - { - "data_path": "action_result.parameter.alert_status", - "data_type": "string" - }, - { - "data_path": "action_result.parameter.descending_order", - "data_type": "boolean" + "data_path": "action_result.data.*.Name", + "data_type": "string", + "column_name": "Name", + "column_order": 1 }, { - "data_path": "action_result.parameter.device_name", - "data_type": "string" + "data_path": "action_result.data.*.Time", + "data_type": "string", + "column_name": "Time", + "column_order": 2, + "example_values": [ + "2022-11-11T19:35:00" + ] }, { - "data_path": "action_result.parameter.end_time", - "data_type": "string" + "data_path": "action_result.data.*.Severity", + "data_type": "string", + "column_name": "Severity", + "column_order": 3, + "example_values": [ + "High" + ] }, { - "data_path": "action_result.parameter.last_days", - "data_type": "numeric" + "data_path": "action_result.data.*.Category", + "data_type": "string", + "column_name": "Category", + "column_order": 4 }, { - "data_path": "action_result.parameter.max_results", - "data_type": "numeric" + "data_path": "action_result.data.*.Country", + "data_type": "string", + "column_name": "Country", + "column_order": 5 }, { - "data_path": "action_result.parameter.page", - "data_type": "numeric" + "data_path": "action_result.data.*.State", + "data_type": "string", + "column_name": "State", + "column_order": 6 }, { - "data_path": "action_result.parameter.start_time", - "data_type": "string" + "data_path": "action_result.data.*.Status", + "data_type": "string", + "column_name": "Status", + "column_order": 7, + "example_values": [ + "Open" + ] }, { - "data_path": "action_result.parameter.threat_model_name", - "data_type": "string" + "data_path": "action_result.data.*.CloseReason", + "data_type": "string", + "column_name": "Close Reason", + "column_order": 8 }, { - "data_path": "action_result.parameter.user_name", - "contains": [ - "user name" - ], - "data_type": "string" + "data_path": "action_result.data.*.BlacklistLocation", + "data_type": "boolean", + "column_name": "Blacklist Location", + "column_order": 9 }, { "data_path": "action_result.data.*.AbnormalLocation", @@ -218,16 +233,25 @@ "column_order": 10 }, { - "data_path": "action_result.data.*.BlacklistLocation", - "data_type": "boolean", - "column_name": "Blacklist Location", - "column_order": 9 + "data_path": "action_result.data.*.NumOfAlertedEvents", + "data_type": "numeric", + "column_name": "Num Of Alerted Events", + "column_order": 11 }, { - "data_path": "action_result.data.*.PrivilegedAccountType", + "data_path": "action_result.data.*.UserName", "data_type": "string", - "column_name": "Privileged Account Type", - "column_order": 15 + "contains": [ + "user name" + ], + "column_name": "User Name", + "column_order": 12 + }, + { + "data_path": "action_result.data.*.EventUTC", + "data_type": "string", + "column_name": "Event UTC", + "column_order": 13 }, { "data_path": "action_result.data.*.SamAccountName", @@ -236,22 +260,25 @@ "column_order": 14 }, { - "data_path": "action_result.data.*.Category", + "data_path": "action_result.data.*.PrivilegedAccountType", "data_type": "string", - "column_name": "Category", - "column_order": 4 + "column_name": "Privileged Account Type", + "column_order": 15 }, { - "data_path": "action_result.data.*.CloseReason", + "data_path": "action_result.data.*.EventUTC", "data_type": "string", - "column_name": "Close Reason", - "column_order": 8 + "column_name": "EventUTC", + "column_order": 16, + "example_values": [ + "2022-11-11T19:35:00" + ] }, { - "data_path": "action_result.data.*.Country", + "data_path": "action_result.data.*.DeviceName", "data_type": "string", - "column_name": "Country", - "column_order": 5 + "column_name": "Device Name", + "column_order": 17 }, { "data_path": "action_result.data.*.ContainMaliciousExternalIP", @@ -266,38 +293,26 @@ "column_order": 19 }, { - "data_path": "action_result.data.*.DeviceName", + "data_path": "action_result.data.*.AssetContainsFlaggedData", "data_type": "string", - "column_name": "Device Name", - "column_order": 17 + "column_name": "Contains Flagged Data", + "column_order": 20 }, { - "data_path": "action_result.data.*.EventUTC", + "data_path": "action_result.data.*.AssetContainsSensitiveData", "data_type": "string", - "column_name": "Event UTC", - "column_order": 13 + "column_name": "Contains Sensitive Data", + "column_order": 21 }, { - "data_path": "action_result.data.*.ID", + "data_path": "action_result.data.*.Platform", "data_type": "string", - "column_name": "Alert ID", - "column_order": 0, - "contains": [ - "varonis alert id" + "column_name": "Platform", + "column_order": 22, + "example_values": [ + "DNS" ] }, - { - "data_path": "action_result.data.*.Name", - "data_type": "string", - "column_name": "Name", - "column_order": 1 - }, - { - "data_path": "action_result.data.*.NumOfAlertedEvents", - "data_type": "numeric", - "column_name": "Num Of Alerted Events", - "column_order": 11 - }, { "data_path": "action_result.data.*.Asset", "data_type": "string", @@ -307,18 +322,6 @@ "DNS" ] }, - { - "data_path": "action_result.data.*.AssetContainsFlaggedData", - "data_type": "string", - "column_name": "Contains Flagged Data", - "column_order": 20 - }, - { - "data_path": "action_result.data.*.AssetContainsSensitiveData", - "data_type": "string", - "column_name": "Contains Sensitive Data", - "column_order": 21 - }, { "data_path": "action_result.data.*.FileServerOrDomain", "data_type": "string", @@ -329,80 +332,92 @@ ] }, { - "data_path": "action_result.data.*.Platform", + "data_path": "action_result.status", "data_type": "string", - "column_name": "Platform", - "column_order": 22, + "column_name": "Status", + "column_order": 25, "example_values": [ - "DNS" + "success", + "failed" ] }, { - "data_path": "action_result.data.*.Severity", + "data_path": "action_result.parameter.alert_severity", "data_type": "string", - "column_name": "Severity", - "column_order": 3, - "example_values": [ - "High" - ] + "column_order": 26 }, { - "data_path": "action_result.data.*.State", + "data_path": "action_result.parameter.alert_status", "data_type": "string", - "column_name": "State", - "column_order": 6 + "column_order": 27 }, { - "data_path": "action_result.data.*.Status", + "data_path": "action_result.parameter.descending_order", + "data_type": "boolean", + "column_order": 28 + }, + { + "data_path": "action_result.parameter.device_name", "data_type": "string", - "column_name": "Status", - "column_order": 7, - "example_values": [ - "Open" - ] + "column_order": 29 }, { - "data_path": "action_result.data.*.Time", + "data_path": "action_result.parameter.end_time", "data_type": "string", - "column_name": "Time", - "column_order": 2, - "example_values": [ - "2022-11-11T19:35:00" - ] + "column_order": 30 }, { - "data_path": "action_result.data.*.EventUTC", + "data_path": "action_result.parameter.last_days", + "data_type": "numeric", + "column_order": 31 + }, + { + "data_path": "action_result.parameter.max_results", + "data_type": "numeric", + "column_order": 32 + }, + { + "data_path": "action_result.parameter.page", + "data_type": "numeric", + "column_order": 33 + }, + { + "data_path": "action_result.parameter.start_time", "data_type": "string", - "column_name": "EventUTC", - "column_order": 16, - "example_values": [ - "2022-11-11T19:35:00" - ] + "column_order": 34 }, { - "data_path": "action_result.data.*.UserName", + "data_path": "action_result.parameter.threat_model_name", "data_type": "string", + "column_order": 35 + }, + { + "data_path": "action_result.parameter.user_name", "contains": [ "user name" ], - "column_name": "User Name", - "column_order": 12 + "data_type": "string", + "column_order": 36 }, { "data_path": "action_result.summary", - "data_type": "string" + "data_type": "string", + "column_order": 37 }, { "data_path": "action_result.message", - "data_type": "string" + "data_type": "string", + "column_order": 38 }, { "data_path": "summary.total_objects", - "data_type": "numeric" + "data_type": "numeric", + "column_order": 39 }, { "data_path": "summary.total_objects_successful", - "data_type": "numeric" + "data_type": "numeric", + "column_order": 40 } ], "render": { diff --git a/varonissaas_test.py b/varonissaas_test.py index bf319eb..7167546 100644 --- a/varonissaas_test.py +++ b/varonissaas_test.py @@ -16,11 +16,11 @@ def setUp(self) -> None: def test_handle_get_alerts_empty_param(self): # Arrange - with open("test_data/get_alerts_empty_param_query.json", "r") as file: + with open("test_data/get_varonissaas_alerts_empty_param_query.json", "r") as file: expected_search_query = json.load(file) - with open("test_data/get_alerts_empty_param_response.json", "r") as file: + with open("test_data/get_varonissaas_alerts_empty_param_response.json", "r") as file: search_response = json.load(file) - with open("test_data/get_alerts_empty_param_result.json", "r") as file: + with open("test_data/get_varonissaas_alerts_empty_param_result.json", "r") as file: expected_result = json.load(file) self.connector._make_search_call = MagicMock(return_value=(True, search_response)) @@ -43,11 +43,11 @@ def test_handle_get_alerts_empty_param(self): def test_handle_get_alerts(self): # Arrange - with open("test_data/get_alerts_query.json", "r") as file: + with open("test_data/get_varonissaas_alerts_query.json", "r") as file: expected_search_query = json.load(file) - with open("test_data/get_alerts_response.json", "r") as file: + with open("test_data/get_varonissaas_alerts_response.json", "r") as file: search_response = json.load(file) - with open("test_data/get_alerts_result.json", "r") as file: + with open("test_data/get_varonissaas_alerts_result.json", "r") as file: expected_result = json.load(file) self.connector._make_search_call = MagicMock(return_value=(True, search_response)) @@ -83,11 +83,11 @@ def test_handle_get_alerts(self): self.connector.add_action_result = MagicMock(return_value=action_result) def test_handle_get_alerted_events(self): - with open("test_data/get_alerted_events_query.json", "r") as file: + with open("test_data/get_varonissaas_alerted_events_query.json", "r") as file: expected_search_query = json.load(file) - with open("test_data/get_alerted_events_response.json", "r") as file: + with open("test_data/get_varonissaas_alerted_events_response.json", "r") as file: search_response = json.load(file) - with open("test_data/get_alerted_events_result.json", "r") as file: + with open("test_data/get_varonissaas_alerted_events_result.json", "r") as file: expected_result = json.load(file) self.connector._make_search_call = MagicMock(return_value=(True, search_response))