Merge pull request #1 from OpenCTI-Platform/dev-1.0.1

Dev 1.0.1

Author: romain-filigran

.github/img/addon_settings.png

@@ -9,19 +9,19 @@ The OpenCTI Add-on for Splunk allows users to interconnect Splunk with OpenCTI p
 
 ## Installation
 
-### Installation from Splunkbase (not ready, waiting for App publication)
+### Installation from Splunkbase
 
 1. Log in to the Splunk Web UI and navigate to "Apps" and click on "Find more Apps"
-2. Search for OpenCTI
+2. Search for "OpenCTI Add-on for Splunk"
 3. Click Install
 The app is installed
 
 ### Installing from file
 
-1. Download latest version of the Splunk App: [TA-opencti-add-on-1.0.0.spl](https://github.com/OpenCTI-Platform/splunk-add-on/releases/download/1.0.0/TA-opencti-add-on-1.0.0.spl)
+1. Download latest version of the Splunk App: [TA-opencti-add-on-1.0.1.spl](https://github.com/OpenCTI-Platform/splunk-add-on/releases/download/1.0.1/TA-opencti-add-on-1.0.1.spl)
 2. Log in to the Splunk Web UI and navigate to "Apps" and click on "Manage Apps"
 3. Click "Install app from file"
-4. Choose file and select the "TA-opencti-add-on-1.0.0.spl" file
+4. Choose file and select the "TA-opencti-add-on-1.0.1.spl" file
 5. Click on Upload
 The app is installed
 
@@ -46,11 +46,10 @@ Proceed as follows to enable the "stateless mode" option:
 1. Navigate to Splunk Web UI home page, open the "OpenCTI add-on for Splunk" and navigate to "Configuration" page.
 2. Click on "Add-on settings" tab and complete the form with the required settings:
 
-| Parameter                  | Description                                  |
-|----------------------------|----------------------------------------------|
-| `OpenCTI URL`              | The URL of the OpenCTI platform              |
-| `OpenCTI API Key`          | The API Token of the previously created user |
-| `Disable SSL verification` | Enable or disable SSL verification           |
+| Parameter                  | Description                                                     |
+|----------------------------|-----------------------------------------------------------------|
+| `OpenCTI URL`              | The URL of the OpenCTI platform (A HTTPS connection is required |
+| `OpenCTI API Key`          | The API Token of the previously created user                    |
 
 ![](./.github/img/addon_settings.png "Add-on settings")
 

README.md

@@ -13,4 +13,3 @@ loglevel =
 [additional_parameters]
 opencti_url = 
 opencti_api_key =
-disable_ssl_verification =

TA-opencti-add-on/README/ta_opencti_add_on_settings.conf.spec

@@ -181,11 +181,6 @@
                                     "errorMsg": "Max length of password is 8192"
                                 }
                             ]
-                        },
-                        {
-                            "field": "disable_ssl_verification",
-                            "label": "Disable SSL verification",
-                            "type": "checkbox"
                         }
                     ]
                 }

TA-opencti-add-on/appserver/static/js/build/globalConfig.json

@@ -127,9 +127,6 @@
                     "opencti_api_key": {
                         "type": "string",
                         "format": "password"
-                    },
-                    "disable_ssl_verification": {
-                        "type": "string"
                     }
                 }
             },
@@ -142,9 +139,6 @@
                     "opencti_api_key": {
                         "type": "string",
                         "format": "password"
-                    },
-                    "disable_ssl_verification": {
-                        "type": "string"
                     }
                 }
             },

TA-opencti-add-on/appserver/static/openapi.json

@@ -97,9 +97,8 @@
         required=True,
         encrypted=False,
         default=None,
-        validator=validator.String(
-            min_len=0, 
-            max_len=8192, 
+        validator=validator.Pattern(
+            regex=r"""^https://[0-9a-zA-Z\-\.]+(?:\:\d+)?""",
         )
     ), 
     field.RestField(
@@ -111,14 +110,7 @@
             min_len=0, 
             max_len=8192, 
         )
-    ),
-    field.RestField(
-        'disable_ssl_verification',
-        required=False,
-        encrypted=False,
-        default=None,
-        validator=None
-    ),
+    )
 ]
 model_additional_parameters = RestModel(fields_additional_parameters, name='additional_parameters')
 

TA-opencti-add-on/bin/TA_opencti_add_on_rh_settings.py

@@ -258,11 +258,6 @@ def collect_events(helper, ew):
     # get connection configuration
     opencti_url = helper.get_global_setting("opencti_url")
     opencti_api_key = helper.get_global_setting("opencti_api_key")
-    disable_ssl_verification = helper.get_global_setting("disable_ssl_verification")
-    verif_ssl = True
-    if disable_ssl_verification == "1":
-        verif_ssl = False
-    helper.log_debug(f"Verify SSL: {verif_ssl}")
 
     stream_id = helper.get_arg('stream_id')
     helper.log_info(f"going to fetch data of OpenCTI stream.id: {stream_id}")

TA-opencti-add-on/bin/input_module_opencti_indicators.py

@@ -1,7 +1,7 @@
 import requests
 
 from utils import get_proxy_config
-
+from constants import VERIFY_SSL
 
 class SplunkAppConnectorHelper:
     def __init__(
@@ -22,13 +22,9 @@ def __init__(
         self.api_url = self.opencti_url + "/graphql"
 
         # manage SSL verification
-        disable_ssl_verification = splunk_helper.get_global_setting("disable_ssl_verification")
-        verif_ssl = True
-        if disable_ssl_verification == "1":
-            verif_ssl = False
-        splunk_helper.log_debug(f"verify SSL: {verif_ssl}")
-        self.verify_ssl = verif_ssl
+        splunk_helper.log_debug(f"verify SSL: {VERIFY_SSL}")
 
+        # manage proxies configuration
         self.proxies = get_proxy_config(splunk_helper)
 
     def register(self):
@@ -77,7 +73,7 @@ def register(self):
             url=self.api_url,
             json={"query": query, "variables": input},
             headers=self.headers,
-            verify=self.verify_ssl,
+            verify=VERIFY_SSL,
             proxies=self.proxies
         )
 
@@ -105,7 +101,7 @@ def send_stix_bundle(self, bundle):
             url=self.api_url,
             json={"query": query, "variables": variables},
             headers=self.headers,
-            verify=self.verify_ssl,
+            verify=VERIFY_SSL,
             proxies=self.proxies
         )
         if r.status_code != 200:

TA-opencti-add-on/bin/ta_opencti_add_on/app_connector_helper.py

@@ -1,3 +1,3 @@
-
-CONNECTOR_ID = "a6edc906-2f9f-5fb2-a373-efac406f0ef2"
-CONNECTOR_NAME = "Splunk App"
+CONNECTOR_ID = "a6edc906-2f9f-5fb2-a373-efac406f0ef2" # hard-coded opencti connector Identifier
+CONNECTOR_NAME = "Splunk App"  # hard-coded opencti connector name
+VERIFY_SSL = True # SSL verification by default

TA-opencti-add-on/bin/ta_opencti_add_on/constants.py

@@ -7,7 +7,7 @@ build = 1
 
 [launcher]
 author = Filigran
-version = 1.0.0
+version = 1.0.1
 description = Add-on for OpenCTI
 
 [ui]