Mimecast v2 - 19380 - Modified status code returned by task when receiving 'Unauthorized Request' and 'token_verification_failed' fail codes | Updated SDK to the latest version (6.3.3)

Author: igorski-r7

plugins/mimecast_v2/.CHECKSUM

@@ -1,15 +1,15 @@
 {
-	"spec": "6ad9b422f8b11c9ac980823a3bd7178d",
-	"manifest": "bab588e5111280f4869a5c26f6219e18",
-	"setup": "8ee045ac750aaf41d76efff6e7a71c3e",
+	"spec": "57b07496f05cbb9742aadc8103112ecd",
+	"manifest": "4f1c067e5fecba324ac5fab389574e83",
+	"setup": "0799e3efcff6bbc45933d0de2038d03c",
 	"schemas": [
 		{
 			"identifier": "connection/schema.py",
-			"hash": "3253f4b76caee91ee0f0cdc596b64a98"
+			"hash": "2cf8e41c56e1270adc8e930562bbefff"
 		},
 		{
 			"identifier": "monitor_siem_logs/schema.py",
-			"hash": "0a566c7d94e6689de4d0528d24470b94"
+			"hash": "88ad3235753c61b1afc346aea3e7caef"
 		}
 	]
 }

plugins/mimecast_v2/Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.6 AS builder
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.3.3 AS builder
 
 WORKDIR /python/src
 
@@ -11,14 +11,15 @@ ADD . /python/src
 RUN pip install .
 RUN pip uninstall -y setuptools
 
-FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.6
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.3.3
 
 LABEL organization=rapid7
 LABEL sdk=python
 
 WORKDIR /python/src
 
 COPY --from=builder /python/src /python/src
+COPY --from=builder /plugin.spec.yaml /plugin.spec.yaml
 
 
 RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
@@ -30,4 +31,4 @@ RUN rm -rf /root/.cache;
 # User to run plugin code. The two supported users are: root, nobody
 USER nobody
 
-ENTRYPOINT ["python", "/python/src/bin/icon_mimecast_v2"]
+ENTRYPOINT ["python", "/python/src/bin/icon_mimecast_v2"]

plugins/mimecast_v2/bin/icon_mimecast_v2

@@ -6,7 +6,7 @@ from sys import argv
 
 Name = "Mimecast V2"
 Vendor = "rapid7"
-Version = "1.0.4"
+Version = "1.0.5"
 Description = "[Mimecast](https://www.mimecast.com) is a set of cloud services designed to provide next generation protection against advanced email-borne threats such as malicious URLs, malware, impersonation attacks, as well as internally generated threats, with a focus on email security. This plugin utilizes the [Mimecast API](https://www.mimecast.com/developer/documentation)"
 
 

plugins/mimecast_v2/help.md

@@ -60,7 +60,7 @@ This task is used to monitor and retrieve the latest logs
 |Name|Type|Required|Description|Example|
 | :--- | :--- | :--- | :--- | :--- |
 |data|[]object|True|List of logs|[{"processingId": "processingId", "aggregateId": "aggregateId", "spamProcessingDetail": "Spam Processing Detail", "numberAttachments": "1", "subject": "siem_recipient - email subject line", "tlsVersion": "TLSv1.2", "senderEnvelope": "[email protected]", "messageId": "messageId", "senderHeader": "[email protected]", "rejectionType": "rejectionType", "eventType": "receipt", "accountId": "C0A0", "recipients": "[email protected]", "tlsCipher": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "action": "Allow", "subType": "Allow", "spamInfo": None, "senderIp": "123.123.123.123", "timestamp": 1689685338597, "direction": "Inbound", "spamScore": "0", "spamDetectionLevel": "0"}]|
-
+  
 Example output:
 
 ```
@@ -103,6 +103,7 @@ Example output:
 
 # Version History
 
+* 1.0.5 - `Monitor SIEM Logs` Modified status code returned by task when receiving 'Unauthorized Request' and 'token_verification_failed' fail codes | Updated SDK to the latest version (6.3.3)
 * 1.0.4 - `Monitor SIEM Logs` Fix issue where duplicate batches in a page are processed | SDK update to 6.2.6
 * 1.0.3 - `Monitor SIEM Logs` Fix issue retrieving logs from larger log files
 * 1.0.2 - `Monitor SIEM Logs` Limit the amount of logs used to deduplicate logs in subsequent runs

plugins/mimecast_v2/icon_mimecast_v2/actions/__init__.py

@@ -1,2 +1 @@
 # GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT
-

plugins/mimecast_v2/icon_mimecast_v2/connection/schema.py

@@ -9,7 +9,8 @@ class Input:
 
 
 class ConnectionSchema(insightconnect_plugin_runtime.Input):
-    schema = json.loads(r"""
+    schema = json.loads(
+        r"""
    {
   "type": "object",
   "title": "Variables",
@@ -56,7 +57,8 @@ class ConnectionSchema(insightconnect_plugin_runtime.Input):
     }
   }
 }
-    """)
+    """
+    )
 
     def __init__(self):
         super(self.__class__, self).__init__(self.schema)

plugins/mimecast_v2/icon_mimecast_v2/tasks/__init__.py

@@ -1,4 +1,3 @@
 # GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT
 
 from .monitor_siem_logs.task import MonitorSiemLogs
-

plugins/mimecast_v2/icon_mimecast_v2/tasks/monitor_siem_logs/schema.py

@@ -20,25 +20,30 @@ class Output:
 
 
 class MonitorSiemLogsInput(insightconnect_plugin_runtime.Input):
-    schema = json.loads(r"""
+    schema = json.loads(
+        r"""
    {}
-    """)
+    """
+    )
 
     def __init__(self):
         super(self.__class__, self).__init__(self.schema)
 
 
 class MonitorSiemLogsState(insightconnect_plugin_runtime.State):
-    schema = json.loads(r"""
+    schema = json.loads(
+        r"""
    {}
-    """)
+    """
+    )
 
     def __init__(self):
         super(self.__class__, self).__init__(self.schema)
 
 
 class MonitorSiemLogsOutput(insightconnect_plugin_runtime.Output):
-    schema = json.loads(r"""
+    schema = json.loads(
+        r"""
    {
   "type": "array",
   "title": "Data",
@@ -49,7 +54,8 @@ class MonitorSiemLogsOutput(insightconnect_plugin_runtime.Output):
   ],
   "definitions": {}
 }
-    """)
+    """
+    )
 
     def __init__(self):
         super(self.__class__, self).__init__(self.schema)

plugins/mimecast_v2/icon_mimecast_v2/triggers/__init__.py

@@ -1,2 +1 @@
 # GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT
-

plugins/mimecast_v2/icon_mimecast_v2/util/api.py

@@ -253,17 +253,35 @@ def make_api_request(
                     status_code=exception.data.status_code,
                 )
             raise exception
-        if response.status_code == HTTPStatusCodes.UNAUTHORIZED:
+
+        status_code = response.status_code
+        if status_code != 200:
+            request_id = response.headers.get("x-request-id")
+            self.logger.info(
+                f"API: The status code was different than 200 (status_code = {status_code}). Mimecast API request ID: {request_id}"
+            )
+
+        if status_code == HTTPStatusCodes.UNAUTHORIZED:
             json_data = extract_json(response)
-            if json_data.get("fail", [{}])[0].get("code") == "token_expired":
-                self.authenticate()
+            failure_code = json_data.get("fail", [{}])[0].get("code")
+
+            # Check if we are dealing with `token_expired` code in error message
+            if failure_code == "token_expired":
                 self.logger.info("API: Token has expired, attempting re-authentication...")
+                self.authenticate()
                 return self.make_api_request(url, method, headers, json, data, params, return_json, auth)
-        if response.status_code == HTTPStatusCodes.UNAUTHORIZED:
+
+            # Check if we're dealing with `Unauthorized Request` or `token_verification_failed` code in error message
+            elif failure_code in ("Unauthorized Request", "token_verification_failed"):
+                self.logger.info(
+                    f"API: Received 'Unauthorized Request' or 'token_verification_failed', setting status code to 500..."
+                )
+                status_code = HTTPStatusCodes.INTERNAL_SERVER_ERROR
+
             raise APIException(
                 preset=PluginException.Preset.API_KEY,
                 data=response.text,
-                status_code=response.status_code,
+                status_code=status_code,
             )
         if return_json:
             json_data = extract_json(response)

plugins/mimecast_v2/plugin.spec.yaml

@@ -15,15 +15,15 @@ links:
  - "[Mimecast](http://mimecast.com)"
 references:
  - "[Mimecast API](https://www.mimecast.com/developer/documentation)"
-version: 1.0.4
+version: 1.0.5
 connection_version: 1
 supported_versions: ["Mimecast 2.0 API 2025-01-23"]
 vendor: rapid7
 support: rapid7
 cloud_ready: true
 sdk:
   type: slim
-  version: 6.2.6
+  version: 6.3.3
   user: nobody
 status: []
 resources:
@@ -38,11 +38,12 @@ hub_tags:
   keywords: [mimecast, email, cloud_enabled]
   features: []
 version_history:
-- "1.0.4 - `Monitor SIEM Logs` Fix issue where duplicate batches in a page are processed | SDK update to 6.2.6"
-- "1.0.3 - `Monitor SIEM Logs` Fix issue retrieving logs from larger log files"
-- "1.0.2 - `Monitor SIEM Logs` Limit the amount of logs used to deduplicate logs in subsequent runs"
-- "1.0.1 - Update SDK | Improve output for a successful connection test"
-- "1.0.0 - Initial plugin"
+  - "1.0.5 - `Monitor SIEM Logs` Modified status code returned by task when receiving 'Unauthorized Request' and 'token_verification_failed' fail codes | Updated SDK to the latest version (6.3.3)"
+  - "1.0.4 - `Monitor SIEM Logs` Fix issue where duplicate batches in a page are processed | SDK update to 6.2.6"
+  - "1.0.3 - `Monitor SIEM Logs` Fix issue retrieving logs from larger log files"
+  - "1.0.2 - `Monitor SIEM Logs` Limit the amount of logs used to deduplicate logs in subsequent runs"
+  - "1.0.1 - Update SDK | Improve output for a successful connection test"
+  - "1.0.0 - Initial plugin"
 connection:
   client_id:
     title: Client ID

plugins/mimecast_v2/setup.py

@@ -4,7 +4,7 @@
 
 setup(
     name="mimecast_v2-rapid7-plugin",
-    version="1.0.4",
+    version="1.0.5",
     description="[Mimecast](https://www.mimecast.com) is a set of cloud services designed to provide next generation protection against advanced email-borne threats such as malicious URLs, malware, impersonation attacks, as well as internally generated threats, with a focus on email security. This plugin utilizes the [Mimecast API](https://www.mimecast.com/developer/documentation)",
     author="rapid7",
     author_email="",

plugins/mimecast_v2/unit_test/__init__.py

@@ -1,4 +1,4 @@
 # GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT
 import sys
 
-sys.path.append("../")
+sys.path.append("../")