Merge pull request #14 from splunk-soar-connectors/next

Merging next to main for release 1.3.0

README.md

@@ -2,11 +2,11 @@
 # MS Graph for SharePoint
 
 Publisher: Splunk  
-Connector Version: 1.2.1  
+Connector Version: 1.3.0  
 Product Vendor: Microsoft  
 Product Name: SharePoint  
 Product Version Supported (regex): ".\*"  
-Minimum Product Version: 5.3.5  
+Minimum Product Version: 6.1.0  
 
 This app connects to SharePoint using the MS Graph API to support investigate and generic actions
 

manual_readme_content.md

@@ -0,0 +1,130 @@
+[comment]: # "File: README.md"
+[comment]: # "Copyright (c) 2022-2023 Splunk Inc."
+[comment]: # ""
+[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');"
+[comment]: # "you may not use this file except in compliance with the License."
+[comment]: # "You may obtain a copy of the License at"
+[comment]: # ""
+[comment]: # "    http://www.apache.org/licenses/LICENSE-2.0"
+[comment]: # ""
+[comment]: # "Unless required by applicable law or agreed to in writing, software distributed under"
+[comment]: # "the License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,"
+[comment]: # "either express or implied. See the License for the specific language governing permissions"
+[comment]: # "and limitations under the License."
+[comment]: # ""
+## Authentication
+
+You will first need to create an application on the Azure AD Admin Portal. Follow the steps outlined
+below to do this:
+
+-   Navigate to <https://portal.azure.com> in a browser and log in with a Microsoft account
+
+-   Select **Azure Active Directory** from the left side menu
+
+-   From the left panel, select **App Registrations**
+
+-   At the top of the middle section, select **New registration**
+
+-   On the next page, give your application a name and click **Register**
+
+-   Once the app is created, the below steps need to be taken on the next page:
+
+      
+
+    -   Under **Certificates & secrets** select **New client secret** . Note down this key somewhere
+        secure, as it cannot be retrieved after closing the window.
+
+    -   Under **Authentication** , select **Add a platform** . In the **Add a platform** window,
+        select **Web** . The **Redirect URLs** should be filled right here. We will get **Redirect
+        URLs** from the Phantom asset we create below in the section titled **Phantom Asset for
+        SharePoint** . This step is required only if you are a non-admin user.
+
+    -   Under **API Permissions** Click on **Add a permission** .
+
+    -   Under the **Microsoft API** section, select **Microsoft Graph** .
+
+    -   There are two ways to gives the Application and Delegated permissions to the app.
+
+          
+
+        1.  Permissive mode
+            -   Sites.Read.All
+            -   Files.Read.All
+            -   Files.ReadWrite.All
+            -   Sites.ReadWrite.All
+        2.  Restrictive mode
+            -   Sites.Selected (only Application permission)
+
+            The user will have to configure permissions for each of the sites that they are working
+            with. You can find more information
+            [here](https://devblogs.microsoft.com/microsoft365dev/controlling-app-access-on-specific-sharepoint-site-collections/)
+            . Also, while using this mode 'list sites' action will return the empty list.  
+            **Note:** You need **Sites.FullControl.All** Application permission while using the site
+            permission endpoint.
+
+    -   After making these changes, click **Add permissions** at the bottom of the screen.
+
+-   If you are an admin user, then click **Grant admin consent for Phantom** and provide admin
+    consent. And configure asset configuration parameter **Admin Consent Already Provided** with
+    value **True** .
+
+-   If you are a non-admin user, then follow the steps listed below to grant admin consent:
+
+      
+
+    -   Configure an asset configuration parameter **Admin Consent Already Provided** with value
+        **False** .
+    -   You must have configured the **Redirect URLs** mentioned in the above steps.To configure
+        **Redirect URLs** , checkout the section titled **Phantom Asset for SharePoint** below.
+    -   Run the **Test Connectivity** .
+    -   You will be asked to open a link in a new tab. Open the link in the same browser so that you
+        are logged into Splunk Phantom for the redirect. If you wish to use a different browser, log
+        in to the Splunk Phantom first, and then open the provided link.
+    -   Proceed to log in to the Microsoft site with the admin user.
+    -   You will be prompted to agree to the permissions requested by the App.
+    -   If all goes well the browser should instruct you to close the tab.
+    -   Now go back and check the message on the Test Connectivity dialog box, it should say **Test
+        Connectivity Passed** .
+
+## Phantom Asset for SharePoint
+
+When creating an asset for the **MS Graph for SharePoint** app, place the **Application ID** and
+**Client secret** of the app created during the previous step in the **Client/Application ID** and
+**Client Secret** fields respectively. You can also find **Tenant ID** on the application overview
+page. After filling in all the required values, click **SAVE** .  
+
+After saving, a new field will appear in the **Asset Settings** tab. Take the URL found in the
+**POST incoming for MS Graph for SharePoint to this location** field and place it in the **Redirect
+URLs** field mentioned in a previous step. After doing so the URL should look something like:  
+
+https://\<phantom_host>/rest/handler/msgraphforsharepoint_7963f3ef-b527-40e5-a704-392c56f0a88d/\<asset_name>
+
+
+Additionally, updating the Base URL in the Company Settings is also required. Navigate to
+**Administration \> Company Settings \> Info** to configure the **Base URL For Splunk SOAR** . Then,
+select **Save Changes** .  
+
+For the asset configuration parameter **SharePoint Site ID** , it should be in the format
+**{Hostname},{SPSite-id},{SPWeb-id}** . You can get the **SharePoint Site ID** by running the
+**'list site'** action. For more information check out the [Microsoft
+documentation](https://docs.microsoft.com/en-us/graph/api/resources/sharepoint?view=graph-rest-1.0#note-for-existing-sharepoint-developers)
+.
+
+## Restrictions and Limitations
+
+Some special characters aren't allowed as a SharePoint **list name** and **file/folder name** . If
+you have created the list/files with these special characters, SharePoint API will not allow us to
+retrieve the list information. For more information about limitations check out the [Microsoft
+documentation](https://support.microsoft.com/en-us/kb/905231) .  
+As a workaround for lists, we can use the list_id instead of the list_name. Run the 'list lists'
+action to get the list_id.
+
+## Port Information
+
+The app uses HTTP/ HTTPS protocol for communicating with the Microsoft servers. Below are the
+default ports used by Splunk SOAR.
+
+|         Service Name | Transport Protocol | Port |
+|----------------------|--------------------|------|
+|         http         | tcp                | 80   |
+|         https        | tcp                | 443  |

msgraphforsharepoint.json

@@ -11,20 +11,20 @@
     "product_version_regex": ".*",
     "publisher": "Splunk",
     "license": "Copyright (c) 2022-2023 Splunk Inc.",
-    "app_version": "1.2.1",
+    "app_version": "1.3.0",
     "utctime_updated": "2022-02-11T08:37:12.891220Z",
     "package_name": "phantom_msgraphforsharepoint",
     "main_module": "msgraphforsharepoint_connector.py",
     "rest_handler": "msgraphforsharepoint_connector.handle_request",
     "fips_compliant": true,
-    "min_phantom_version": "5.3.5",
+    "min_phantom_version": "6.1.0",
     "contributors": [
         {
             "name": "import-au"
         }
     ],
     "latest_tested_versions": [
-        "SharePoint Cloud: 15 November, 2022"
+        "SharePoint Cloud: 20 September, 2023"
     ],
     "app_wizard_version": "1.0.0",
     "configuration": {

msgraphforsharepoint_connector.py

@@ -510,8 +510,9 @@ def _make_rest_call_helper(
         ret_val, resp_json = self._make_rest_call(url, action_result, verify, headers, params, data, json, method, download)
 
         # If token is expired, generate a new token
-        msg = action_result.get_message()
-        if msg and any(failure_message in msg for failure_message in MS_AUTH_FAILURE_MSGS):
+        message = action_result.get_message()
+        self.debug_print(f'message: {message}')
+        if message and ('token' in message and 'expired' in message):
             self.save_progress("Bad token, generating a new one")
             ret_val = self._get_token(action_result)
             if phantom.is_fail(ret_val):

msgraphforsharepoint_consts.py

@@ -37,7 +37,6 @@
 MS_GET_LIST_ENDPOINT = '/sites/{0}/lists/{1}'
 MS_GET_FILE_METADATA_ENDPOINT = '/sites/{0}/drive/root:/{1}/{2}'
 MS_GET_FILE_CONTENT_ENDPOINT = '{0}:/content'
-MS_AUTH_FAILURE_MSGS = ['token is invalid', 'token has expired', 'ExpiredAuthenticationToken', 'AuthenticationFailed']
 
 # Splunk SOAR Endpoints
 SOAR_SYS_INFO_URL = "{url}rest/system_info"

release_notes/1.3.0.md

@@ -0,0 +1 @@
+* Fixed the token expiration issue [PAPP-31399]