snyk and sdk - thehive 5.0.2 (#2935)

Author: rmurray-r7

plugins/thehive/.CHECKSUM

@@ -1,7 +1,7 @@
 {
-	"spec": "2d883aeb1845e3c4fce681107d7fdd2c",
-	"manifest": "b004976d0de9ad7230f2d1613f70fbcf",
-	"setup": "5c11e585dc121982d6e27614a40b1958",
+	"spec": "280d98e34d32fcbac373bbb57c593988",
+	"manifest": "a18dcfc142958b4ad36ede24ee57dcd8",
+	"setup": "f1bc5d835ef85034c6d38144e348ad89",
 	"schemas": [
 		{
 			"identifier": "close_case/schema.py",

plugins/thehive/Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:5
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.0
 
 LABEL organization=rapid7
 LABEL sdk=python
@@ -12,7 +12,7 @@ RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
 
 ADD . /python/src
 
-RUN	python setup.py build && python setup.py install
+RUN python setup.py build && python setup.py install
 
 # User to run plugin code. The two supported users are: root, nobody
 USER nobody

plugins/thehive/bin/komand_thehive

@@ -6,7 +6,7 @@ from sys import argv
 
 Name = "TheHive"
 Vendor = "rapid7"
-Version = "5.0.1"
+Version = "5.0.2"
 Description = "TheHive is a scalable, open source security incident response solution designed for SOCs & CERTs to collaborate, elaborate, analyze and get their job done"
 
 

plugins/thehive/help.md

@@ -1,7 +1,6 @@
 # Description
 
-TheHive is a scalable, open source security incident response solution designed for SOCs & CERTs to collaborate, 
-elaborate, analyze and get their job done
+TheHive is a scalable, open source security incident response solution designed for SOCs & CERTs to collaborate, elaborate, analyze and get their job done
 
 # Key Features
 
@@ -17,25 +16,25 @@ elaborate, analyze and get their job done
 * TheHive username and password
 
 # Supported Product Versions
-  
+
 * 2023-05-17
 
 # Documentation
 
 ## Setup
-  
+
 The connection configuration accepts the following parameters:  
 
-|Name|Type|Default|Required|Description|Enum|Example|
-| :--- | :--- | :--- | :--- | :--- | :--- | :--- |
-|api_key|credential_secret_key|None|False|An optional API key for authentication via bearer token|None|9de5069c5afe602b2ea0a04b66beb2c0|
-|credentials|credential_username_password|None|False|Username and password|None|{}|
-|host|string|None|True|TheHive host|None|thehive.company.com or 10.3.4.50|
-|port|string|9000|True|TheHive API port|None|9000|
-|protocol|string|None|True|HTTP Protocol|['http', 'https']|http|
-|proxy|object|None|False|An optional dictionary containing proxy data, with HTTP or HTTPS as the key, and the proxy URL as the value|None|{}|
-|verify|boolean|True|True|Verify the certificate|None|True|
-  
+|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip|
+| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
+|api_key|credential_secret_key|None|False|An optional API key for authentication via bearer token|None|9de5069c5afe602b2ea0a04b66beb2c0|None|None|
+|credentials|credential_username_password|None|False|Username and password|None|{}|None|None|
+|host|string|None|True|TheHive host|None|thehive.company.com or 10.3.4.50|None|None|
+|port|string|9000|True|TheHive API port|None|9000|None|None|
+|protocol|string|None|True|HTTP Protocol|["http", "https"]|http|None|None|
+|proxy|object|None|False|An optional dictionary containing proxy data, with HTTP or HTTPS as the key, and the proxy URL as the value|None|{}|None|None|
+|verify|boolean|True|True|Verify the certificate|None|True|None|None|
+
 Example input:
 
 ```
@@ -61,10 +60,10 @@ Close a case by ID
 
 ##### Input
 
-|Name|Type|Default|Required|Description|Enum|Example|
-| :--- | :--- | :--- | :--- | :--- | :--- | :--- |
-|force|boolean|False|False|True to physically delete the case, False to mark the case as delete|None|False|
-|id|string|None|True|ID for the case|None|50|
+|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip|
+| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
+|force|boolean|False|False|True to physically delete the case, False to mark the case as delete|None|False|None|None|
+|id|string|None|True|ID for the case|None|50|None|None|
 
 Example input:
 
@@ -95,21 +94,21 @@ Create a new case
 
 ##### Input
 
-|Name|Type|Default|Required|Description|Enum|Example|
-| :--- | :--- | :--- | :--- | :--- | :--- | :--- |
-|customFields|object|None|False|Case custom fields|None|{}|
-|description|string|None|False|Description of the case, supports markdown|None|Case description|
-|flag|boolean|False|False|Case's flag, True to mark case as important|None|True|
-|jsonData|object|None|False|If the field is not equal to None, the case is instantiated using the JSON value instead of the arguements|None|{}|
-|metrics|object|None|False|Case metrics collection. A JSON object where keys are defining metric name, and values are defining metric value|None|{}|
-|owner|string|None|False|Case's assignee|None|admin|
-|pap|integer|2|False|Password Authentication Protocol|[0, 1, 2, 3]|2|
-|severity|integer|2|False|Case severity|[1, 2, 3, 4]|2|
-|startDate|integer|None|False|Case start date (datetime in ms) (will default to now if left blank)|None|1684170163000|
-|tags|[]string|None|False|List of case tags|None|["case_tag_1", "case_tag_2"]|
-|template|string|None|False|Case template's name. If specified then the case is created using the given template|None|Case template name|
-|title|string|None|True|Name of the case|None|Case title|
-|tlp|integer|2|False|Traffic Light Protocol level|[0, 1, 2, 3]|2|
+|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip|
+| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
+|customFields|object|None|False|Case custom fields|None|{}|None|None|
+|description|string|None|False|Description of the case, supports markdown|None|Case description|None|None|
+|flag|boolean|False|False|Case's flag, True to mark case as important|None|True|None|None|
+|jsonData|object|None|False|If the field is not equal to None, the case is instantiated using the JSON value instead of the arguements|None|{}|None|None|
+|metrics|object|None|False|Case metrics collection. A JSON object where keys are defining metric name, and values are defining metric value|None|{}|None|None|
+|owner|string|None|False|Case's assignee|None|admin|None|None|
+|pap|integer|2|False|Password Authentication Protocol|[0, 1, 2, 3]|2|None|None|
+|severity|integer|2|False|Case severity|[1, 2, 3, 4]|2|None|None|
+|startDate|integer|None|False|Case start date (datetime in ms) (will default to now if left blank)|None|1684170163000|None|None|
+|tags|[]string|None|False|List of case tags|None|["case_tag_1", "case_tag_2"]|None|None|
+|template|string|None|False|Case template's name. If specified then the case is created using the given template|None|Case template name|None|None|
+|title|string|None|True|Name of the case|None|Case title|None|None|
+|tlp|integer|2|False|Traffic Light Protocol level|[0, 1, 2, 3]|2|None|None|
 
 Example input:
 
@@ -177,20 +176,20 @@ Create a new case observable
 
 ##### Input
 
-|Name|Type|Default|Required|Description|Enum|Example|
-| :--- | :--- | :--- | :--- | :--- | :--- | :--- |
-|data|string|None|False|Observable's data|None|Test data for observable|
-|datatype|string|None|False|Observables Data Type|None|domain, ip, url, fqdn, uri_path, user-agent, hash, email, mail, mail_subject, registry, regexp, other|
-|id|string|None|False|ID for the case|None|AYgQXmjbfMffAh_St-fk|
-|ignoreSimilarity|boolean|False|False|Observable's similarity ignore flag. True to ignore the observable during similarity computing|None|False|
-|ioc|boolean|False|False|Observable's IOC, True to mark an observable as IOC|None|False|
-|jsonData|object|None|False|All fields included in one JSON object. If using this, all other fields will be ignored|None|json object containing all necessary fields|
-|message|string|None|False|Observable's description. If tags is empty, this is required|None|Observable message|
-|pap|integer|2|False|Case's PAP|[0, 1, 2, 3]|2|
-|sighted|boolean|False|False|Observable's sighted flag, True to mark the observable as sighted|None|False|
-|startDate|integer|None|False|Observable start date (datetime in ms) (will default to now if left blank)|None|1640000000000|
-|tags|[]string|None|False|List of observable tags, required if message is None|None|["tag_one", "tag_two"]|
-|tlp|integer|2|False|Case's TLP|[0, 1, 2, 3]|2|
+|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip|
+| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
+|data|string|None|False|Observable's data|None|Test data for observable|None|None|
+|datatype|string|None|False|Observables Data Type|None|domain, ip, url, fqdn, uri_path, user-agent, hash, email, mail, mail_subject, registry, regexp, other|None|None|
+|id|string|None|False|ID for the case|None|AYgQXmjbfMffAh_St-fk|None|None|
+|ignoreSimilarity|boolean|False|False|Observable's similarity ignore flag. True to ignore the observable during similarity computing|None|False|None|None|
+|ioc|boolean|False|False|Observable's IOC, True to mark an observable as IOC|None|False|None|None|
+|jsonData|object|None|False|All fields included in one JSON object. If using this, all other fields will be ignored|None|json object containing all necessary fields|None|None|
+|message|string|None|False|Observable's description. If tags is empty, this is required|None|Observable message|None|None|
+|pap|integer|2|False|Case's PAP|[0, 1, 2, 3]|2|None|None|
+|sighted|boolean|False|False|Observable's sighted flag, True to mark the observable as sighted|None|False|None|None|
+|startDate|integer|None|False|Observable start date (datetime in ms) (will default to now if left blank)|None|1640000000000|None|None|
+|tags|[]string|None|False|List of observable tags, required if message is None|None|["tag_one", "tag_two"]|None|None|
+|tlp|integer|2|False|Case's TLP|[0, 1, 2, 3]|2|None|None|
 
 Example input:
 
@@ -244,16 +243,16 @@ Create a new case task
 
 ##### Input
 
-|Name|Type|Default|Required|Description|Enum|Example|
-| :--- | :--- | :--- | :--- | :--- | :--- | :--- |
-|description|string|None|False|Task's description|None|Task description|
-|flag|boolean|False|False|Task's flag, 'True' to mark the task as important|None|False|
-|id|string|None|False|ID for the case|None|AYgQXmjbfMffAh_St-fk|
-|jsonData|object|None|False|If the field is not equal to None, the Task is instantiated using the JSON value instead of the arguements|None|json object containing all necessary fields|
-|owner|string|None|False|Task's assignee|None|admin|
-|startDate|integer|None|False|Task's start date (datetime in ms) (will default to now if left blank)|None|1684170163000|
-|status|string|Waiting|False|Task's status|['Waiting', 'InProgress', 'Cancel', 'Completed']|Waiting|
-|title|string|None|False|Task's title|None|Task title|
+|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip|
+| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
+|description|string|None|False|Task's description|None|Task description|None|None|
+|flag|boolean|False|False|Task's flag, 'True' to mark the task as important|None|False|None|None|
+|id|string|None|False|ID for the case|None|AYgQXmjbfMffAh_St-fk|None|None|
+|jsonData|object|None|False|If the field is not equal to None, the Task is instantiated using the JSON value instead of the arguements|None|json object containing all necessary fields|None|None|
+|owner|string|None|False|Task's assignee|None|admin|None|None|
+|startDate|integer|None|False|Task's start date (datetime in ms) (will default to now if left blank)|None|1684170163000|None|None|
+|status|string|Waiting|False|Task's status|["Waiting", "InProgress", "Cancel", "Completed"]|Waiting|None|None|
+|title|string|None|False|Task's title|None|Task title|None|None|
 
 Example input:
 
@@ -303,9 +302,9 @@ Retrieve a case by ID
 
 ##### Input
 
-|Name|Type|Default|Required|Description|Enum|Example|
-| :--- | :--- | :--- | :--- | :--- | :--- | :--- |
-|id|string|None|True|ID for the case|None|50|
+|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip|
+| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
+|id|string|None|True|ID for the case|None|50|None|None|
 
 Example input:
 
@@ -434,8 +433,8 @@ Example output:
 ```
 
 #### Get Current User
-  
-Get information about the current user
+
+This action is used to get information about the current user
 
 ##### Input
 
@@ -461,9 +460,9 @@ Get information about a specific user
 
 ##### Input
 
-|Name|Type|Default|Required|Description|Enum|Example|
-| :--- | :--- | :--- | :--- | :--- | :--- | :--- |
-|id|string|None|True|The ID of the user|None|50|
+|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip|
+| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
+|id|string|None|True|The ID of the user|None|50|None|None|
 
 Example input:
 
@@ -486,11 +485,9 @@ Example output:
   "success": {}
 }
 ```
-
 ### Triggers
 
 *This plugin does not contain any triggers.*
-
 ### Tasks
 
 *This plugin does not contain any tasks.*
@@ -594,12 +591,14 @@ Example output:
 |TLP|integer|None|None|Traffic Light Protocol level|None|
 |user|string|None|None|Observable user|None|
 
+
 ## Troubleshooting
 
-*There is no troubleshooting for this plugin.*
+*This plugin does not contain a troubleshooting.*
 
 # Version History
 
+* 5.0.2 - Updating requirements.txt | SDK bump to 6.2.0
 * 5.0.1 - Update requests module to version 2.31.0
 * 5.0.0 - Refactor: Fixed issues in previous refactor that caused connection issues and made the schemas for actions more compatible with outputs.
 * 4.0.0 - Added additional error handling for issues that occur outside the expected status codes | Action: `create_case` remade to not include task input
@@ -612,7 +611,7 @@ Example output:
 * 2.0.0 - Update to new credential types
 * 1.0.0 - Custom Field support added to Create Case action | Support web server mode
 * 0.2.0 - Bug fix, add more input variables for Close Case action
-* 0.1.2 - Bug fix for constant "waiting" in Status field | Updated to v2 architecture
+* 0.1.2 - Bug fix for constant 'waiting' in Status field | Updated to v2 architecture
 * 0.1.1 - SSL bug fix in SDK
 * 0.1.0 - Initial plugin
 
@@ -622,4 +621,4 @@ Example output:
 
 ## References
 
-* [thehive4py docs](https://github.com/TheHive-Project/TheHive4py/blob/master/thehive4py/api.py)
+* [thehive4py docs](https://github.com/TheHive-Project/TheHive4py/blob/master/thehive4py/api.py)

plugins/thehive/plugin.spec.yaml

@@ -4,7 +4,8 @@ products: [insightconnect]
 name: thehive
 title: TheHive
 description: "TheHive is a scalable, open source security incident response solution designed for SOCs & CERTs to collaborate, elaborate, analyze and get their job done"
-version: 5.0.1
+version: 5.0.2
+connection_version: 5
 supported_versions: ["2023-05-17"]
 vendor: rapid7
 support: community
@@ -14,8 +15,8 @@ resources:
   license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE
   vendor_url: https://thehive-project.org
 sdk:
-  type: full
-  version: 5
+  type: slim
+  version: 6.2.0
   user: nobody
 tags:
   - thehive
@@ -24,6 +25,36 @@ hub_tags:
   use_cases: [remediation_management]
   keywords: [thehive, intel]
   features: []
+requirements:
+  - "TheHive instance hostname, usually an IP address"
+  - "TheHive username and password"
+key_features:
+  - "Retrieve a list of cases or a specific case by ID"
+  - "Create a new case and close an existing case"
+  - "Create new tasks within a case"
+  - "Create new observables within a case"
+  - "Get user information"
+links:
+  - "[TheHive](https://thehive-project.org/)"
+references:
+  - "[thehive4py docs](https://github.com/TheHive-Project/TheHive4py/blob/master/thehive4py/api.py)"
+version_history:
+    - "5.0.2 - Updating requirements.txt | SDK bump to 6.2.0"
+    - "5.0.1 - Update requests module to version 2.31.0"
+    - "5.0.0 - Refactor: Fixed issues in previous refactor that caused connection issues and made the schemas for actions more compatible with outputs."
+    - "4.0.0 - Added additional error handling for issues that occur outside the expected status codes | Action: `create_case` remade to not include task input"
+    - "3.0.0 - Refactored plugin | Removed `thehive4py` dependency | Action: Split `get_user` into two new actions, `get_user_by_id` & `get_current_user`"
+    - "2.0.5 - New spec and help.md format for the Extension Library. Update help key features and fix description capitalisation"
+    - "2.0.4 - Update to use the `komand/python-2-27-slim-plugin` Docker image to reduce plugin size and to support SSL Verify"
+    - "2.0.3 - Fix issue where SSL Verify was not used in actions that utilize requests | Updated test method and moved it to connection"
+    - "2.0.2 - Fix issue where SSL Verify was not used in the connection"
+    - "2.0.1 - Update descriptions"
+    - "2.0.0 - Update to new credential types"
+    - "1.0.0 - Custom Field support added to Create Case action | Support web server mode"
+    - "0.2.0 - Bug fix, add more input variables for Close Case action"
+    - "0.1.2 - Bug fix for constant 'waiting' in Status field | Updated to v2 architecture"
+    - "0.1.1 - SSL bug fix in SDK"
+    - "0.1.0 - Initial plugin"
 enable_cache: true
 language: python
 connection:

plugins/thehive/requirements.txt

@@ -2,5 +2,4 @@
 # All dependencies must be version-pinned, eg. requests==1.2.0
 # See: https://pip.pypa.io/en/stable/user_guide/#requirements-files
 python-magic==0.4.15
-requests==2.31.0
-parameterized==0.8.1
+parameterized==0.8.1

plugins/thehive/setup.py

@@ -3,7 +3,7 @@
 
 
 setup(name="thehive-rapid7-plugin",
-      version="5.0.1",
+      version="5.0.2",
       description="TheHive is a scalable, open source security incident response solution designed for SOCs & CERTs to collaborate, elaborate, analyze and get their job done",
       author="rapid7",
       author_email="",

plugins/thehive/unit_test/__init__.py

@@ -0,0 +1,4 @@
+# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT
+import sys
+
+sys.path.append("../")