Skip to content

Commit

Permalink
Merge pull request #22 from splunk-soar-connectors/next
Browse files Browse the repository at this point in the history 
Merging next to main for release 3.6.0
  • Loading branch information
@spopat-crest
spopat-crest authored Apr 21, 2022
2 parents 1bc7f3b + 19f49e4 commit 008d0db
Show file tree
Hide file tree
Showing 12 changed files with 618 additions and 110 deletions.
4 changes: 2 additions & 2 deletions .pre-commit-config.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
repos:
- repo: https://github.com/phantomcyber/dev-cicd-tools
rev: v1.10
rev: v1.12
hooks:
- id: org-hook
- id: package-app-dependencies
- repo: https://github.com/Yelp/detect-secrets
rev: v1.1.0
rev: v1.2.0
hooks:
- id: detect-secrets
args: ['--no-verify', '--exclude-files', '^crowdstrikeoauthapi.json$']
49 changes: 46 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@
# CrowdStrike OAuth API

Publisher: Splunk
Connector Version: 3\.5\.9
Connector Version: 3\.6\.0
Product Vendor: CrowdStrike
Product Name: CrowdStrike
Product Version Supported (regex): "\.\*"
Minimum Product Version: 5\.1\.0
Minimum Product Version: 5\.2\.0

This app integrates with CrowdStrike OAuth2 authentication standard to implement querying of endpoint security data

Expand Down Expand Up @@ -364,6 +364,7 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION
[detonate url](#action-detonate-url) - Upload an url to CrowdStrike and retrieve the analysis results
[check status](#action-check-status) - To check detonation status of the provided resource id
[get device scroll](#action-get-device-scroll) - Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability \(based on offset pointer which expires after 2 minutes with no maximum limit\)
[get zta data](#action-get-zta-data) - Get Zero Trust Assessment data for one or more hosts by providing agent IDs \(AID\)

## action: 'test connectivity'
Validate the asset configuration for connectivity\. This action logs into the site to check the connection and credentials
Expand Down Expand Up @@ -2811,4 +2812,46 @@ summary\.total\_objects\_successful | numeric |
action\_result\.parameter\.filter | string |
action\_result\.parameter\.limit | numeric |
action\_result\.parameter\.sort | string |
action\_result\.parameter\.offset | string |
action\_result\.parameter\.offset | string |

## action: 'get zta data'
Get Zero Trust Assessment data for one or more hosts by providing agent IDs \(AID\)

Type: **investigate**
Read only: **True**

#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**agent\_id** | required | Agent ID to get zero trust assessment data about\. Comma\-separated list allowed | string | `crowdstrike device id`

#### Action Output
DATA PATH | TYPE | CONTAINS
--------- | ---- | --------
action\_result\.parameter\.agent\_id | string | `crowdstrike device id`
action\_result\.data\.\*\.aid | string | `crowdstrike device id`
action\_result\.data\.\*\.cid | string | `crowdstrike customer id`
action\_result\.data\.\*\.assessment\.os | numeric |
action\_result\.data\.\*\.assessment\.overall | numeric |
action\_result\.data\.\*\.assessment\.version | string |
action\_result\.data\.\*\.assessment\.sensor\_config | numeric |
action\_result\.data\.\*\.modified\_time | string |
action\_result\.data\.\*\.event\_platform | string |
action\_result\.data\.\*\.assessment\_items\.os\_signals\.\*\.criteria | string |
action\_result\.data\.\*\.assessment\_items\.os\_signals\.\*\.signal\_id | string |
action\_result\.data\.\*\.assessment\_items\.os\_signals\.\*\.group\_name | string |
action\_result\.data\.\*\.assessment\_items\.os\_signals\.\*\.signal\_name | string |
action\_result\.data\.\*\.assessment\_items\.os\_signals\.\*\.meets\_criteria | string |
action\_result\.data\.\*\.assessment\_items\.sensor\_signals\.\*\.criteria | string |
action\_result\.data\.\*\.assessment\_items\.sensor\_signals\.\*\.signal\_id | string |
action\_result\.data\.\*\.assessment\_items\.sensor\_signals\.\*\.group\_name | string |
action\_result\.data\.\*\.assessment\_items\.sensor\_signals\.\*\.signal\_name | string |
action\_result\.data\.\*\.assessment\_items\.sensor\_signals\.\*\.meets\_criteria | string |
action\_result\.data\.\*\.product\_type\_desc | string |
action\_result\.data\.\*\.sensor\_file\_status | string |
action\_result\.data\.\*\.system\_serial\_number | string |
action\_result\.status | string |
action\_result\.message | string |
action\_result\.summary | string |
summary\.total\_objects | numeric |
summary\.total\_objects\_successful | numeric |
175 changes: 175 additions & 0 deletions crowdstrike_get_zta_data.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,175 @@
{% extends 'widgets/widget_template.html' %}
{% load custom_template %}

{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%; background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
{% block title1 %}{{ title1 }}{% endblock %}
{% block title2 %}{{ title2 }}{% endblock %}
{% block custom_tools %}
{% endblock %}

{% block widget_content %} <!-- Main Start Block -->

<!-- File: crowdstrike_get_zta_data.html
Copyright (c) 2019-2022 Splunk Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under
the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express or implied. See the License for the specific language governing permissions
and limitations under the License.
-->

<style>


.crowdstrike a:hover {
text-decoration:underline;
}


.crowdstrike .wf-table-vertical {
width: initial;
font-size: 12px;
}

.crowdstrike .wf-table-vertical td{
padding: 8px 10px;
border: 1px solid;
}

.crowdstrike .wf-table-vertical tr td:first-child {
font-weight: bold;
}

.crowdstrike .wf-table-horizontal {
border: 1px solid;
font-size: 12px;
}

.crowdstrike .wf-table-horizontal th {
text-align: center;
border: 1px solid;
text-transform: uppercase;
font-weight: normal;
padding: 5px;
}

.crowdstrike .wf-table-horizontal td {
border: 1px solid;
padding: 5px;
padding-left: 4px;
}

.crowdstrike .wf-h3-style {
font-size : 20px
}

.crowdstrike .wf-h4-style {
font-size : 16px
}

.crowdstrike .collapse.in {
display: block !important;
}

.crowdstrike .panel-collapse {
overflow-x: auto;
}

.crowdstrike .glyphicon.glyphicon-dot:before {
content: "\25cf"; font-size: 10px;
}

.crowdstrike a.nowrap {
white-space:nowrap;
}

</style>
<div class="crowdstrike" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px"> <!-- Main Div -->
{% for result in results %} <!-- loop for each result -->
<br>

<!------------------- For each Result ---------------------->
{% if not result.data %}
<h4 class="wf-h4-style">No data found</h4>

{% else %}
<h3 class="wf-h3-style">Zero Trust Assessment Info</h3>
<div class="metadata_div">
<!--Default View-->
<div class="panel-group" id="server-information">
<div class="panel">
<div id="default-view-table" class="panel-collapse collapse in">
<table class="wf-table-horizontal datatable">
<thead>
<tr>
<th>Agent ID</th>
<th>Customer ID</th>
<th>Event Platform</th>
<th>Sensor File Status</th>
</tr>
</thead>
<tbody>
{% for item in result.data %}
<!-- {{ item }} -->
<tr>
<td>
<a href="javascript:;"
onclick="context_menu(this, [{'contains': ['crowdstrike device id'], 'value': '{{ item.aid }}' }], 0, {{ container.id }}, null, false);">
{{ item.aid }}
&nbsp;
<span class="fa fa-caret-down" style="font-size: smaller;"></span>
</a>
</td>
<td>
<a href="javascript:;"
onclick="context_menu(this, [{'contains': ['crowdstrike customer id'], 'value': '{{ item.cid }}' }], 0, {{ container.id }}, null, false);">
{{ item.cid }}
&nbsp;
<span class="fa fa-caret-down" style="font-size: smaller;"></span>
</a>
</td>
<td>{{ item.event_platform }}</td>
<td>{{ item.sensor_file_status }}</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
</div>
<br>
{% endif %}
{% endfor %} <!-- loop for each result end -->
</div> <!-- Main Div -->


<script>
$.extend(true, $.fn.dataTable.defaults, {
"searching": false,
"bLengthChange": false,
"ordering": true,
"language": {
"paginate": {
"previous": "<i class='fa fa-angle-left fa-lg'></i>",
"next": "<i class='fa fa-angle-right fa-lg'></i>"
}
},
"dom": '<"top">rt<"bottom"p><"clear">',
drawCallback: function(settings) {
var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
pagination.toggle(this.api().page.info().pages > 1);
}
});
$.fn.DataTable.ext.pager.numbers_length = 5;
$('.datatable').DataTable({
order: []
});
</script>
{% endblock %} <!-- Main Start Block -->
3 changes: 3 additions & 0 deletions crowdstrike_view.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -259,6 +259,9 @@ def display_view(provides, all_app_runs, context):
if provides == 'detonate url':
return 'crowdstrike_detonate_url.html'

if provides == 'get zta data':
return 'crowdstrike_get_zta_data.html'


def hunt_view(provides, all_app_runs, context):

Expand Down
Loading

0 comments on commit 008d0db

Please sign in to comment.