Skip to content

Commit

Permalink
SOAR-17247-Better error handling and general improvemtns (#2722)
Browse files Browse the repository at this point in the history
  • Loading branch information
rbowden-r7 authored Aug 22, 2024
1 parent 3dd7e41 commit 7166d31
Show file tree
Hide file tree
Showing 20 changed files with 404 additions and 198 deletions.
10 changes: 5 additions & 5 deletions plugins/misp/.CHECKSUM
Original file line number Diff line number Diff line change
@@ -1,23 +1,23 @@
{
"spec": "64663a8f9fe19d0f29fd908d7b6bd034",
"manifest": "8d92c16a70e8b47b382bc077da15fd77",
"spec": "e90642333e6e48fdb16b3714e3d945b1",
"manifest": "0d42acfd273e2f89d12d8ed6f16d7a14",
"setup": "f68f1e492d96f14765c3b21a31d1bfea",
"schemas": [
{
"identifier": "add_attribute/schema.py",
"hash": "9e0383954822db2543b956b597db4176"
},
{
"identifier": "add_sightings/schema.py",
"hash": "ecd8484bba0bd97f9fee95b05f5b9b0e"
"identifier": "add_sighting/schema.py",
"hash": "3b0f3a56cdcb2afd5e12ee8089485dcc"
},
{
"identifier": "add_tag/schema.py",
"hash": "5139a2c6185eec5dcd818bb0ed72a4e2"
},
{
"identifier": "create_an_event/schema.py",
"hash": "ee32c9ab23690be1cafc0a352aecca73"
"hash": "a4003f754c17d3aba58d6c33b35bae6b"
},
{
"identifier": "export_attributes/schema.py",
Expand Down
2 changes: 1 addition & 1 deletion plugins/misp/bin/komand_misp
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ def main():

self.add_action(actions.CreateAnEvent())

self.add_action(actions.AddSightings())
self.add_action(actions.AddSighting())

self.add_action(actions.AddTag())

Expand Down
24 changes: 14 additions & 10 deletions plugins/misp/help.md
Original file line number Diff line number Diff line change
Expand Up @@ -99,37 +99,43 @@ Example output:
}
```

#### Add Sightings
#### Add Sighting

This action is used to add sightings to organization
This action is used to add a sighting to attribute

##### Input

|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip|
| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
|sightings|[]string|None|True|Event sighting|None|["sighting"]|None|None|
|Time|string|None|False|The time of the sighting to be added to the attribute (if none is provided it will default to now)|None|15:00:00|None|None|
|attribute|integer|None|True|The ID of the attribute to add the sighting to|None|10|None|None|
|date|string|None|False|The date of the sighting to be added to the attribute (if none is provided it will default to now)|None|2024-08-20|None|None|
|source|string|None|False|The source of the sighting to be added to the attribute|None|honeypot|None|None|
|type|string|None|True|The type of sighting to be added to the attribute|["Sighting", "False-positive", "Expiration"]|Sighting|None|None|

Example input:

```
{
"sightings": [
"sighting"
]
"Time": "15:00:00",
"attribute": 10,
"date": "2024-08-20",
"source": "honeypot",
"type": "Sighting"
}
```

##### Output

|Name|Type|Required|Description|Example|
| :--- | :--- | :--- | :--- | :--- |
|status|boolean|False|Whether any of the sightings provided were added|True|
|sighting|object|False|Whether any of the sightings provided were added|True|

Example output:

```
{
"status": true
"sighting": true
}
```

Expand Down Expand Up @@ -180,7 +186,6 @@ This action is used to create a MISP event
|info|string|None|True|Extra event information|None|Example information|None|None|
|org_id|string|None|False|Organization ID|None|12345|None|None|
|orgc_id|string|None|False|Organization C ID|None|12345|None|None|
|published|boolean|True|True|Published event?|None|True|None|None|
|sharing_group_id|string|None|False|Sharing group ID|None|1|None|None|
|threat_level_id|string|1|True|Importance of the threat|["4", "3", "2", "1"]|1|None|None|

Expand All @@ -193,7 +198,6 @@ Example input:
"info": "Example information",
"org_id": 12345,
"orgc_id": 12345,
"published": true,
"sharing_group_id": 1,
"threat_level_id": 1
}
Expand Down
2 changes: 1 addition & 1 deletion plugins/misp/komand_misp/actions/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

from .create_an_event.action import CreateAnEvent

from .add_sightings.action import AddSightings
from .add_sighting.action import AddSighting

from .add_tag.action import AddTag

Expand Down
4 changes: 4 additions & 0 deletions plugins/misp/komand_misp/actions/add_attribute/action.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,10 @@ def run(self, params={}):

client = self.connection.client
in_event = client.get_event(event)

if in_event.get("errors"):
raise PluginException(preset=PluginException.Preset.NOT_FOUND, data=in_event.get("errors"))

item = client.add_attribute(
event=in_event, attribute={"category": category, "type": type_value, "value": value, "comment": comment}
)
Expand Down
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT
from .action import AddSightings
from .action import AddSighting
39 changes: 39 additions & 0 deletions plugins/misp/komand_misp/actions/add_sighting/action.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
import insightconnect_plugin_runtime
from insightconnect_plugin_runtime.exceptions import PluginException

from .schema import AddSightingInput, AddSightingOutput, Input, Output, Component

# Custom imports below


class AddSighting(insightconnect_plugin_runtime.Action):
def __init__(self):
super(self.__class__, self).__init__(
name="add_sighting",
description=Component.DESCRIPTION,
input=AddSightingInput(),
output=AddSightingOutput(),
)

def run(self, params={}):

mappings = {"Sighting": 0, "False-positive": 1, "Expiration": 2}

sighting = {
"source": params.get(Input.SOURCE, ""),
"type": mappings.get(params.get(Input.TYPE)),
"date": params.get(Input.DATE, ""),
"time": params.get(Input.TIME, ""),
}

client = self.connection.client
try:
item = client.add_sighting(sighting=sighting, attribute=int(params.get(Input.ATTRIBUTE)))
if item.get("Sighting"):
return {Output.SIGHTING: item.get("Sighting")}
else:
self.logger.error(item)
raise PluginException(preset=PluginException.Preset.UNKNOWN)
except Exception as error:
self.logger.error(error)
raise PluginException(preset=PluginException.Preset.UNKNOWN, data=error)
94 changes: 94 additions & 0 deletions plugins/misp/komand_misp/actions/add_sighting/schema.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT
import insightconnect_plugin_runtime
import json


class Component:
DESCRIPTION = "Add a sighting to attribute"


class Input:
ATTRIBUTE = "attribute"
DATE = "date"
SOURCE = "source"
TIME = "Time"
TYPE = "type"


class Output:
SIGHTING = "sighting"


class AddSightingInput(insightconnect_plugin_runtime.Input):
schema = json.loads(r"""
{
"type": "object",
"title": "Variables",
"properties": {
"Time": {
"type": "string",
"title": "Time",
"description": "The time of the sighting to be added to the attribute (if none is provided it will default to now)",
"order": 5
},
"attribute": {
"type": "integer",
"title": "Attribute",
"description": "The ID of the attribute to add the sighting to",
"order": 1
},
"date": {
"type": "string",
"title": "Date",
"description": "The date of the sighting to be added to the attribute (if none is provided it will default to now)",
"order": 4
},
"source": {
"type": "string",
"title": "Source",
"description": "The source of the sighting to be added to the attribute",
"order": 3
},
"type": {
"type": "string",
"title": "Type",
"description": "The type of sighting to be added to the attribute",
"enum": [
"Sighting",
"False-positive",
"Expiration"
],
"order": 2
}
},
"required": [
"attribute",
"type"
],
"definitions": {}
}
""")

def __init__(self):
super(self.__class__, self).__init__(self.schema)


class AddSightingOutput(insightconnect_plugin_runtime.Output):
schema = json.loads(r"""
{
"type": "object",
"title": "Variables",
"properties": {
"sighting": {
"type": "object",
"title": "Sighting",
"description": "Whether any of the sightings provided were added",
"order": 1
}
},
"definitions": {}
}
""")

def __init__(self):
super(self.__class__, self).__init__(self.schema)
29 changes: 0 additions & 29 deletions plugins/misp/komand_misp/actions/add_sightings/action.py

This file was deleted.

63 changes: 0 additions & 63 deletions plugins/misp/komand_misp/actions/add_sightings/schema.py

This file was deleted.

10 changes: 7 additions & 3 deletions plugins/misp/komand_misp/actions/add_tag/action.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,17 @@ def __init__(self):
def run(self, params={}):
client = self.connection.client
in_event = client.get_event(params.get(Input.EVENT))

if in_event.get("errors"):
raise PluginException(preset=PluginException.Preset.NOT_FOUND, data=in_event.get("errors"))

try:
item = client.tag(in_event["Event"]["uuid"], tag=params.get(Input.EVENT))
if "successfully" in item["name"]:
item = client.tag(in_event["Event"]["uuid"], tag=params.get(Input.TAG))
if "successfully" in item.get("name", ""):
return {Output.STATUS: True}
else:
self.logger.info(item)
return {Output.STATUS: False}
raise PluginException(preset=PluginException.Preset.UNKNOWN, data=item.get("errors"))
except Exception as error:
self.logger.error(error)
raise PluginException(preset=PluginException.Preset.UNKNOWN, data=error)
5 changes: 4 additions & 1 deletion plugins/misp/komand_misp/actions/create_an_event/action.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,13 +32,16 @@ def run(self, params={}):
"analysis": params.get(Input.ANALYSIS) or None,
"info": params.get(Input.INFO),
"date": None,
"published": params.get(Input.PUBLISHED),
"orgc_id": params.get(Input.ORGC_ID) or None,
"org_id": params.get(Input.ORG_ID) or None,
"sharing_group_id": params.get(Input.SHARING_GROUP_ID) or None,
}
)
output = json.loads(json.dumps(event))

if output.get("errors"):
raise PluginException(preset=PluginException.Preset.UNKNOWN, data=output.get("errors"))

except Exception as error:
self.logger.error(error)
raise PluginException(preset=PluginException.Preset.UNKNOWN, data=error)
Expand Down
Loading

0 comments on commit 7166d31

Please sign in to comment.