[SOAR-19385] insightIDR added security test disposition for alerts (#3408) (#3410)

lcwiklinski-r7 · web-flow · commit aac087cab21c · 2025-05-15T16:40:00.000+02:00
* Added security test disposition for alerts

* Update resource_helper.py

* Update resource_helper.py

* Update resource_helper.py

* Update resource_helper.py

* Reverting resource helper

* Preset update

* Skipping static code check

* Update resource_helper.py

* Update resource_helper.py

* Update resource_helper.py

* Update resource_helper.py

* Update resource_helper.py

* Update resource_helper.py

* Update resource_helper.py
diff --git a/plugins/rapid7_insightidr/.CHECKSUM b/plugins/rapid7_insightidr/.CHECKSUM
@@ -1,7 +1,7 @@
 {
-	"spec": "35390e12c9a9d68087549cf36658a6f0",
-	"manifest": "a0cf72014580730896e5a28b0f59422b",
-	"setup": "bdbb3b2cfa44c9d352098a861a20e065",
+	"spec": "d6ce5b02ac6ab11cd4aa9380908a6d58",
+	"manifest": "d2efd7366f383bf6e5ab40ffc9514347",
+	"setup": "63fb00e8d7801ea60db7f292c46581f5",
 	"schemas": [
 		{
 			"identifier": "add_indicators_to_a_threat/schema.py",
@@ -69,7 +69,7 @@
 		},
 		{
 			"identifier": "get_alert_information/schema.py",
-			"hash": "5f31d60e24cf93bacd6eebdd18966f98"
+			"hash": "48461d148def77b3d963ff81bb14866a"
 		},
 		{
 			"identifier": "get_all_logs/schema.py",
@@ -125,7 +125,7 @@
 		},
 		{
 			"identifier": "search_alerts/schema.py",
-			"hash": "4f2479395d303d9c8d91358f86353405"
+			"hash": "e557bb0c7ca5ffc74bb4c18155e7a20e"
 		},
 		{
 			"identifier": "search_investigations/schema.py",
@@ -145,7 +145,7 @@
 		},
 		{
 			"identifier": "update_alert/schema.py",
-			"hash": "61fa055d9ef7fe9bfc4bac196d6ace22"
+			"hash": "71cbe6b5ef3a9901f4cf821da9343575"
 		},
 		{
 			"identifier": "update_investigation/schema.py",
@@ -161,7 +161,7 @@
 		},
 		{
 			"identifier": "get_new_alerts/schema.py",
-			"hash": "b7310f06a168de278ef266d769d3881a"
+			"hash": "2efa90f87eb6b301a972f56f1a554375"
 		},
 		{
 			"identifier": "get_new_investigations/schema.py",
diff --git a/plugins/rapid7_insightidr/bin/komand_rapid7_insightidr b/plugins/rapid7_insightidr/bin/komand_rapid7_insightidr
@@ -6,7 +6,7 @@ from sys import argv
 
 Name = "Rapid7 InsightIDR"
 Vendor = "rapid7"
-Version = "11.0.4"
+Version = "11.0.5"
 Description = "This plugin allows you to add indicators to a threat and see the status of investigations"
 
 
diff --git a/plugins/rapid7_insightidr/help.md b/plugins/rapid7_insightidr/help.md
@@ -3428,6 +3428,7 @@ Example output:
 
 # Version History
 
+* 11.0.5 - Added new disposition of the alert
 * 11.0.4 - Added support for parsing improperly formatted JSON-like strings | SDK bump to 6.3.3
 * 11.0.3 - Added log entry validation using regular expressions | SDK bump to 6.2.6
 * 11.0.2 - Updating descriptions for 'set_priority_of_investigation' & 'set_disposition_of_investigation'
diff --git a/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/get_alert_information/schema.py b/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/get_alert_information/schema.py
@@ -228,7 +228,8 @@ class GetAlertInformationOutput(insightconnect_plugin_runtime.Output):
             "MALICIOUS",
             "BENIGN",
             "UNKNOWN",
-            "NOT_APPLICABLE"
+            "NOT_APPLICABLE",
+            "SECURITY_TEST"
           ],
           "order": 21
         },
diff --git a/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/search_alerts/schema.py b/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/search_alerts/schema.py
@@ -486,7 +486,8 @@ class SearchAlertsOutput(insightconnect_plugin_runtime.Output):
             "MALICIOUS",
             "BENIGN",
             "UNKNOWN",
-            "NOT_APPLICABLE"
+            "NOT_APPLICABLE",
+            "SECURITY_TEST"
           ],
           "order": 21
         },
diff --git a/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/update_alert/schema.py b/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/update_alert/schema.py
@@ -284,7 +284,8 @@ class UpdateAlertOutput(insightconnect_plugin_runtime.Output):
             "MALICIOUS",
             "BENIGN",
             "UNKNOWN",
-            "NOT_APPLICABLE"
+            "NOT_APPLICABLE",
+            "SECURITY_TEST"
           ],
           "order": 21
         },
diff --git a/plugins/rapid7_insightidr/komand_rapid7_insightidr/triggers/get_new_alerts/schema.py b/plugins/rapid7_insightidr/komand_rapid7_insightidr/triggers/get_new_alerts/schema.py
@@ -371,7 +371,8 @@ class GetNewAlertsOutput(insightconnect_plugin_runtime.Output):
             "MALICIOUS",
             "BENIGN",
             "UNKNOWN",
-            "NOT_APPLICABLE"
+            "NOT_APPLICABLE",
+            "SECURITY_TEST"
           ],
           "order": 21
         },
diff --git a/plugins/rapid7_insightidr/komand_rapid7_insightidr/util/resource_helper.py b/plugins/rapid7_insightidr/komand_rapid7_insightidr/util/resource_helper.py
@@ -129,9 +129,26 @@ def resource_request(self, endpoint: str, method: str = "get", params: dict = No
             )
             raise PluginException(f"InsightIDR returned a status code of {response.status_code}: {status_code_message}")
 
-    def make_request(  # noqa: C901
+    def _handle_response_status(self, response: requests.Response) -> None:
+        """
+        Handles the response status code and raises appropriate exceptions
+        :param response: Response object from the request
+        :return: None
+        """
+        if response.status_code == 400:
+            raise PluginException(preset=PluginException.Preset.BAD_REQUEST, data=response.text)
+        if response.status_code in [401, 403]:
+            raise PluginException(preset=PluginException.Preset.API_KEY, data=response.text)
+        if response.status_code == 404:
+            raise PluginException(preset=PluginException.Preset.NOT_FOUND, data=response.text)
+        if 400 < response.status_code < 500:
+            raise PluginException(preset=PluginException.Preset.UNKNOWN, data=response.text)
+        if response.status_code >= 500:
+            raise PluginException(preset=PluginException.Preset.SERVER_ERROR, data=response.text)
+
+    def make_request(
         self, path: str, method: str = "GET", params: dict = None, json_data: dict = None, files: dict = None
-    ):
+    ):  # noqa: MC0001
         try:
             response = self.session.request(
                 method=method.upper(),
diff --git a/plugins/rapid7_insightidr/plugin.spec.yaml b/plugins/rapid7_insightidr/plugin.spec.yaml
@@ -4,7 +4,7 @@ products: [insightconnect]
 name: rapid7_insightidr
 title: "Rapid7 InsightIDR"
 description: "This plugin allows you to add indicators to a threat and see the status of investigations"
-version: 11.0.4
+version: 11.0.5
 connection_version: 5
 supported_versions: ["Latest release successfully tested on 2024-09-10."]
 vendor: rapid7
@@ -35,6 +35,7 @@ sdk:
   version: 6.3.3
   user: nobody
 version_history:
+  - "11.0.5 - Added new disposition of the alert"
   - "11.0.4 - Added support for parsing improperly formatted JSON-like strings | SDK bump to 6.3.3"
   - "11.0.3 - Added log entry validation using regular expressions | SDK bump to 6.2.6"
   - "11.0.2 - Updating descriptions for 'set_priority_of_investigation' & 'set_disposition_of_investigation'"
@@ -959,6 +960,7 @@ types:
         - BENIGN
         - UNKNOWN
         - NOT_APPLICABLE
+        - SECURITY_TEST
     investigation_rrn:
       title: Investigation RRN
       description: The RRN of the investigation that the alert is part of.
diff --git a/plugins/rapid7_insightidr/setup.py b/plugins/rapid7_insightidr/setup.py
@@ -4,7 +4,7 @@
 
 setup(
     name="rapid7_insightidr-rapid7-plugin",
-    version="11.0.4",
+    version="11.0.5",
     description="This plugin allows you to add indicators to a threat and see the status of investigations",
     author="rapid7",
     author_email="",

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`		`- "spec": "35390e12c9a9d68087549cf36658a6f0",`
`3`		`- "manifest": "a0cf72014580730896e5a28b0f59422b",`
`4`		`- "setup": "bdbb3b2cfa44c9d352098a861a20e065",`
	`2`	`+ "spec": "d6ce5b02ac6ab11cd4aa9380908a6d58",`
	`3`	`+ "manifest": "d2efd7366f383bf6e5ab40ffc9514347",`
	`4`	`+ "setup": "63fb00e8d7801ea60db7f292c46581f5",`
`5`	`5`	`"schemas": [`
`6`	`6`	`{`
`7`	`7`	`"identifier": "add_indicators_to_a_threat/schema.py",`
`@@ -69,7 +69,7 @@`
`69`	`69`	`},`
`70`	`70`	`{`
`71`	`71`	`"identifier": "get_alert_information/schema.py",`
`72`		`- "hash": "5f31d60e24cf93bacd6eebdd18966f98"`
	`72`	`+ "hash": "48461d148def77b3d963ff81bb14866a"`
`73`	`73`	`},`
`74`	`74`	`{`
`75`	`75`	`"identifier": "get_all_logs/schema.py",`
`@@ -125,7 +125,7 @@`
`125`	`125`	`},`
`126`	`126`	`{`
`127`	`127`	`"identifier": "search_alerts/schema.py",`
`128`		`- "hash": "4f2479395d303d9c8d91358f86353405"`
	`128`	`+ "hash": "e557bb0c7ca5ffc74bb4c18155e7a20e"`
`129`	`129`	`},`
`130`	`130`	`{`
`131`	`131`	`"identifier": "search_investigations/schema.py",`
`@@ -145,7 +145,7 @@`
`145`	`145`	`},`
`146`	`146`	`{`
`147`	`147`	`"identifier": "update_alert/schema.py",`
`148`		`- "hash": "61fa055d9ef7fe9bfc4bac196d6ace22"`
	`148`	`+ "hash": "71cbe6b5ef3a9901f4cf821da9343575"`
`149`	`149`	`},`
`150`	`150`	`{`
`151`	`151`	`"identifier": "update_investigation/schema.py",`
`@@ -161,7 +161,7 @@`
`161`	`161`	`},`
`162`	`162`	`{`
`163`	`163`	`"identifier": "get_new_alerts/schema.py",`
`164`		`- "hash": "b7310f06a168de278ef266d769d3881a"`
	`164`	`+ "hash": "2efa90f87eb6b301a972f56f1a554375"`
`165`	`165`	`},`
`166`	`166`	`{`
`167`	`167`	`"identifier": "get_new_investigations/schema.py",`