chronicle · FrankGasparovic · Jan 14, 2026
@@ -0,0 +1 @@
+3.11
@@ -0,0 +1,27 @@
+"""Actions for Silverfort integration."""
+
+from . import (
+    change_policy_state,
+    get_entity_risk,
+    get_policy,
+    get_service_account,
+    list_policies,
+    list_service_accounts,
+    ping,
+    update_entity_risk,
+    update_policy,
+    update_sa_policy,
+)
+
+__all__ = [
+    "change_policy_state",
+    "get_entity_risk",
+    "get_policy",
+    "get_service_account",
+    "list_policies",
+    "list_service_accounts",
+    "ping",
+    "update_entity_risk",
+    "update_policy",
+    "update_sa_policy",
+]
@@ -0,0 +1,74 @@
+"""Change Policy State action for Silverfort integration."""
+
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+from TIPCommon.extraction import extract_action_param
+
+from ..core.base_action import SilverfortAction
+from ..core.constants import CHANGE_POLICY_STATE_SCRIPT_NAME
+
+if TYPE_CHECKING:
+    from typing import NoReturn
+
+
+SUCCESS_MESSAGE: str = "Successfully {action} policy: {policy_id}"
+ERROR_MESSAGE: str = "Failed to change policy state!"
+
+
+class ChangePolicyState(SilverfortAction):
+    """Action to enable or disable a policy in Silverfort."""
+
+    def __init__(self) -> None:
+        """Initialize the Change Policy State action."""
+        super().__init__(CHANGE_POLICY_STATE_SCRIPT_NAME)
+        self.output_message: str = ""
+        self.error_output_message: str = ERROR_MESSAGE
+
+    def _extract_action_parameters(self) -> None:
+        """Extract action parameters."""
+        self.params.policy_id = extract_action_param(
+            self.soar_action,
+            param_name="Policy ID",
+            is_mandatory=True,
+            print_value=True,
+        )
+        self.params.enabled = extract_action_param(
+            self.soar_action,
+            param_name="Enable Policy",
+            is_mandatory=True,
+            input_type=bool,
+            print_value=True,
+        )
+
+    def _perform_action(self, _=None) -> None:
+        """Perform the change policy state action."""
+        client = self._get_policy_client()
+
+        client.change_policy_state(
+            policy_id=self.params.policy_id,
+            state=self.params.enabled,
+        )
+
+        action = "enabled" if self.params.enabled else "disabled"
+
+        self.json_results = {
+            "policy_id": self.params.policy_id,
+            "enabled": self.params.enabled,
+            "status": action,
+        }
+
+        self.output_message = SUCCESS_MESSAGE.format(
+            action=action,
+            policy_id=self.params.policy_id,
+        )
+
+
+def main() -> NoReturn:
+    """Main entry point for the Change Policy State action."""
+    ChangePolicyState().run()
+
+
+if __name__ == "__main__":
+    main()
@@ -0,0 +1,21 @@
+creator: admin
+description: Enable or disable an authentication policy in Silverfort. This is a
+    quick way to toggle a policy's active state without modifying its configuration.
+dynamic_results_metadata:
+-   result_example_path: resources/change_policy_state_JsonResult_example.json
+    result_name: JsonResult
+    show_result: true
+integration_identifier: Silverfort
+name: Change Policy State
+parameters:
+-   default_value: ''
+    description: The ID of the policy to enable or disable.
+    is_mandatory: true
+    name: Policy ID
+    type: string
+-   default_value: true
+    description: Set to true to enable the policy, false to disable it.
+    is_mandatory: true
+    name: Enable Policy
+    type: boolean
+script_result_name: is_success
@@ -0,0 +1,73 @@
+"""Get Entity Risk action for Silverfort integration."""
+
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+from TIPCommon.extraction import extract_action_param
+
+from ..core.base_action import SilverfortAction
+from ..core.constants import GET_ENTITY_RISK_SCRIPT_NAME
+from ..core.exceptions import SilverfortInvalidParameterError
+
+if TYPE_CHECKING:
+    from typing import NoReturn
+
+
+SUCCESS_MESSAGE: str = "Successfully retrieved risk information for: {entity}"
+ERROR_MESSAGE: str = "Failed to get entity risk information!"
+
+
+class GetEntityRisk(SilverfortAction):
+    """Action to get risk information for a user or resource."""
+
+    def __init__(self) -> None:
+        """Initialize the Get Entity Risk action."""
+        super().__init__(GET_ENTITY_RISK_SCRIPT_NAME)
+        self.output_message: str = ""
+        self.error_output_message: str = ERROR_MESSAGE
+
+    def _extract_action_parameters(self) -> None:
+        """Extract action parameters."""
+        self.params.user_principal_name = extract_action_param(
+            self.soar_action,
+            param_name="User Principal Name",
+            print_value=True,
+        )
+        self.params.resource_name = extract_action_param(
+            self.soar_action,
+            param_name="Resource Name",
+            print_value=True,
+        )
+
+    def _validate_params(self) -> None:
+        """Validate action parameters."""
+        if not self.params.user_principal_name and not self.params.resource_name:
+            raise SilverfortInvalidParameterError(
+                "Either 'User Principal Name' or 'Resource Name' must be provided."
+            )
+
+    def _perform_action(self, _=None) -> None:
+        """Perform the get entity risk action."""
+        client = self._get_risk_client()
+
+        entity_risk = client.get_entity_risk(
+            user_principal_name=self.params.user_principal_name,
+            resource_name=self.params.resource_name,
+        )
+
+        # Set JSON result
+        self.json_results = entity_risk.to_json()
+
+        # Determine entity identifier for message
+        entity = self.params.user_principal_name or self.params.resource_name
+        self.output_message = SUCCESS_MESSAGE.format(entity=entity)
+
+
+def main() -> NoReturn:
+    """Main entry point for the Get Entity Risk action."""
+    GetEntityRisk().run()
+
+
+if __name__ == "__main__":
+    main()
@@ -0,0 +1,24 @@
+creator: admin
+description: Get risk information for a user or resource from Silverfort. Returns
+    the current risk score, severity, and risk factors. You must provide either the
+    User Principal Name (for users) or Resource Name (for resources).
+dynamic_results_metadata:
+-   result_example_path: resources/get_entity_risk_JsonResult_example.json
+    result_name: JsonResult
+    show_result: true
+integration_identifier: Silverfort
+name: Get Entity Risk
+parameters:
+-   default_value: ''
+    description: The user principal name (e.g., [email protected]). Either this or Resource
+        Name must be provided.
+    is_mandatory: false
+    name: User Principal Name
+    type: string
+-   default_value: ''
+    description: The resource name for non-user entities. Either this or User Principal
+        Name must be provided.
+    is_mandatory: false
+    name: Resource Name
+    type: string
+script_result_name: is_success
@@ -0,0 +1,60 @@
+"""Get Policy action for Silverfort integration."""
+
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+from TIPCommon.extraction import extract_action_param
+
+from ..core.base_action import SilverfortAction
+from ..core.constants import GET_POLICY_SCRIPT_NAME
+
+if TYPE_CHECKING:
+    from typing import NoReturn
+
+
+SUCCESS_MESSAGE: str = "Successfully retrieved policy: {policy_name} (ID: {policy_id})"
+ERROR_MESSAGE: str = "Failed to get policy information!"
+
+
+class GetPolicy(SilverfortAction):
+    """Action to get policy details from Silverfort."""
+
+    def __init__(self) -> None:
+        """Initialize the Get Policy action."""
+        super().__init__(GET_POLICY_SCRIPT_NAME)
+        self.output_message: str = ""
+        self.error_output_message: str = ERROR_MESSAGE
+
+    def _extract_action_parameters(self) -> None:
+        """Extract action parameters."""
+        self.params.policy_id = extract_action_param(
+            self.soar_action,
+            param_name="Policy ID",
+            is_mandatory=True,
+            print_value=True,
+        )
+
+    def _perform_action(self, _=None) -> None:
+        """Perform the get policy action."""
+        client = self._get_policy_client()
+
+        policy = client.get_policy(self.params.policy_id)
+
+        # Set JSON result
+        self.json_results = policy.to_json()
+
+        policy_name = policy.policy_name or f"Policy {self.params.policy_id}"
+        self.output_message = SUCCESS_MESSAGE.format(
+            policy_name=policy_name,
+            policy_id=self.params.policy_id,
+        )
+
+
+def main() -> NoReturn:
+    """Main entry point for the Get Policy action."""
+    GetPolicy().run()
+
+
+if __name__ == "__main__":
+    main()
@@ -0,0 +1,17 @@
+creator: admin
+description: Get detailed information about a specific authentication policy from
+    Silverfort by its ID. Returns the policy configuration including users, groups,
+    sources, destinations, and action settings.
+dynamic_results_metadata:
+-   result_example_path: resources/get_policy_JsonResult_example.json
+    result_name: JsonResult
+    show_result: true
+integration_identifier: Silverfort
+name: Get Policy
+parameters:
+-   default_value: ''
+    description: The ID of the policy to retrieve.
+    is_mandatory: true
+    name: Policy ID
+    type: string
+script_result_name: is_success
@@ -0,0 +1,60 @@
+"""Get Service Account action for Silverfort integration."""
+
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+from TIPCommon.extraction import extract_action_param
+
+from ..core.base_action import SilverfortAction
+from ..core.constants import GET_SERVICE_ACCOUNT_SCRIPT_NAME
+
+if TYPE_CHECKING:
+    from typing import NoReturn
+
+
+SUCCESS_MESSAGE: str = "Successfully retrieved service account: {display_name} ({guid})"
+ERROR_MESSAGE: str = "Failed to get service account information!"
+
+
+class GetServiceAccount(SilverfortAction):
+    """Action to get service account details from Silverfort."""
+
+    def __init__(self) -> None:
+        """Initialize the Get Service Account action."""
+        super().__init__(GET_SERVICE_ACCOUNT_SCRIPT_NAME)
+        self.output_message: str = ""
+        self.error_output_message: str = ERROR_MESSAGE
+
+    def _extract_action_parameters(self) -> None:
+        """Extract action parameters."""
+        self.params.guid = extract_action_param(
+            self.soar_action,
+            param_name="Service Account GUID",
+            is_mandatory=True,
+            print_value=True,
+        )
+
+    def _perform_action(self, _=None) -> None:
+        """Perform the get service account action."""
+        client = self._get_service_account_client()
+
+        service_account = client.get_service_account(self.params.guid)
+
+        # Set JSON result
+        self.json_results = service_account.to_json()
+
+        display_name = service_account.display_name or service_account.upn or self.params.guid
+        self.output_message = SUCCESS_MESSAGE.format(
+            display_name=display_name,
+            guid=self.params.guid,
+        )
+
+
+def main() -> NoReturn:
+    """Main entry point for the Get Service Account action."""
+    GetServiceAccount().run()
+
+
+if __name__ == "__main__":
+    main()
@@ -0,0 +1,17 @@
+creator: admin
+description: Get detailed information about a specific service account from Silverfort
+    by its GUID. Returns the service account's attributes including risk, predictability,
+    protection status, and more.
+dynamic_results_metadata:
+-   result_example_path: resources/get_service_account_JsonResult_example.json
+    result_name: JsonResult
+    show_result: true
+integration_identifier: Silverfort
+name: Get Service Account
+parameters:
+-   default_value: ''
+    description: The GUID of the service account to retrieve.
+    is_mandatory: true
+    name: Service Account GUID
+    type: string
+script_result_name: is_success