-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Velociraptor Legacy Plugin 1.0.0 #2101
base: develop
Are you sure you want to change the base?
Conversation
f14c28b
to
b3a85fd
Compare
try: | ||
# Fill in the SSL params from the api_client config file. You can get such a file: | ||
# velociraptor --config server.config.yaml config api_client > api_client.conf.yaml | ||
api_connection_string = self.parameters["api_connection_string"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
api_connection_string = self.parameters["api_connection_string"] | |
api_connection_string = params.get(Input.API_CONNECTION_STRING) |
root_certificates_decoded = base64.b64decode(self.parameters["ca_certificate"]["secretKey"]) | ||
private_key_decoded = base64.b64decode(self.parameters["client_private_key"]["secretKey"]) | ||
certificate_chain_decoded = base64.b64decode(self.parameters["client_cert"]["secretKey"]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
root_certificates_decoded = base64.b64decode(self.parameters["ca_certificate"]["secretKey"]) | |
private_key_decoded = base64.b64decode(self.parameters["client_private_key"]["secretKey"]) | |
certificate_chain_decoded = base64.b64decode(self.parameters["client_cert"]["secretKey"]) | |
root_certificates_decoded = base64.b64decode(params.get(Input.CA_CERTIFICATE).get('secretKey')) | |
private_key_decoded = base64.b64decode(params.get(Input.CLIENT_PRIVATE_KEY).get('secretKey')) | |
certificate_chain_decoded = base64.b64decode(params.get(Input.CLIENT_CERT).get('secretKey')) |
self.api_connection_string = self.parameters["api_connection_string"] | ||
self.root_certificates_decoded = base64.b64decode(self.parameters["ca_certificate"]["secretKey"]) | ||
self.private_key_decoded = base64.b64decode(self.parameters["client_private_key"]["secretKey"]) | ||
self.certificate_chain_decoded = base64.b64decode(self.parameters["client_cert"]["secretKey"]) | ||
self.username = self.parameters["username"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These could be declared at the start of the file and used as a single variable rather than repeating the code
self.api_connection_string = self.parameters["api_connection_string"] | ||
self.root_certificates_decoded = base64.b64decode(self.parameters["ca_certificate"]["secretKey"]) | ||
self.private_key_decoded = base64.b64decode(self.parameters["client_private_key"]["secretKey"]) | ||
self.certificate_chain_decoded = base64.b64decode(self.parameters["client_cert"]["secretKey"]) | ||
self.username = self.parameters["username"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here with repeated code
except grpc.RpcError as e: | ||
self.logger.info("Error: ", e) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Avoid use of single letter variables.
except grpc.RpcError as e: | |
self.logger.info("Error: ", e) | |
except grpc.RpcError as error: | |
self.logger.info("Error: ", error) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This unimplemented unit test is causing the unit test check to fail. Please write a unit test to cover the code in your action 😄
""" | ||
Runs a VQL query against the Velociraptor server. | ||
|
||
Args: | ||
config: A dictionary containing the configuration parameters for the Velociraptor server. | ||
query: The VQL query to run. | ||
|
||
Returns: | ||
A tuple containing the query, the response, and the query execution logs. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this docstring is relevant here, it is also causing one of the checks to fail. Kindly remove it 😃
* Updated docker file to include curl for adding attachment * Updated examples for help.md to include strings for ids * Updated output ids to strings for consistency * Updated attach incident example * Removed print statement * Updated formatting with black check --------- Co-authored-by: Dympna Laverty <[email protected]>
…h expected inputs (#1624) * Updated to output ids as integers to line up with expected inputs * Updated example fields * Updated example fields --------- Co-authored-by: Dympna Laverty <[email protected]>
* added get_sensor action * fixed checksum * sensor stats added acc * finished spec file, regenerated * generated archive sensor action * added example output for archive sensor * refactoring for lint * updated descriptions in spec file for validator * created and tested 2 new actions, need to add unit tests * update spec file * refactored quarantine action, added unit tests for most of the actions * added unit tests 95 percent coverage * fix for plugin validator * fix lint * prospector fix * unit test fix * dympna change * igor updates * lukasz changes * formatting help.md to use 2 spaces instead of 4 * updated version history note
* updated output * updated output for cybereaosn * regen * version bump * specific fake email * fixed schema issue * changing back to rapid7 vendor * version bump in helpmd
* [MC-1452] Update Okta plugin * [MC-1452] Fixed test * [MC-1452] Fix prospector * [MC-1452] Update help.md * [MC-1452] Update SDK image to latest version * [MC-1452] Update unit tests for task --------- Co-authored-by: Cyprian Dankowski <[email protected]>
* [MC-1452] Return status code in Monitor Logs task * [MC-1452] Update exceptions in api.py * [MC-1452] Fix prospector * [MC-1452] Use logger instance
* [MC-1452] Update pagination in Monitor Logs task in Okta plugin * [MC-1452] Update unit tests
* Initial commit for armorblox plugin * Fix validate errors * Timestamp changes * Updated armorblox-sdk 0.1.4 version in requirements.txt * Updated the suggestions for plugin.spec.yaml * Update plugins/armorblox/help.md * Update plugins/armorblox/help.md * Update plugins/armorblox/help.md * Update plugins/armorblox/help.md * Update plugins/armorblox/help.md * Update plugins/armorblox/help.md * Update plugins/armorblox/help.md * Updated review comments * Update plugins/armorblox/icon_armorblox/triggers/get_incidents/schema.py * Update plugins/armorblox/unit_test/payloads/get_remediation_action.json * Update plugins/armorblox/unit_test/payloads/get_remediation_action.json * Updated armorblox plugin with the required fixes * Updated plugin with latest fixes * Updated plugin with parameterized on test cases * "Fixed review comments" * Updated support field to community in plugin.spec.yaml --------- Co-authored-by: Ankita Sharma <[email protected]> Co-authored-by: Rajat Upadhyaya <[email protected]>
* updated status codes + black formatting * regen * added examples to plugin spec * Refresh * removed quotes from variables in spec * tidying up * changed imports to work with github validators * changed task unitest imports to work with github validators * fixed unit tests * Added example outputs to help.md * spec & help changes + status codes fix * checksum * period validation * revert description change * remove full stop in trigger schema
* Updated task cutofftime, removed cleaning of logs, added debug * Updated task cutofftime, removed cleaning of logs, added debug * Removed page index from state if resetting collection time to max lookback * Updated unit tests following task updates --------- Co-authored-by: Dympna Laverty <[email protected]>
* Updated task handling of query interval out of range * Updated unit test following task function update --------- Co-authored-by: Dympna Laverty <[email protected]>
…2033) * PLGN-362-Updating pager duty to use http rather than pypd * PLGN-362-Reducing complexity of get_on_calls method and send_request method * PLGN-362-Adding parameterized to requirements.txt to allow unit tests to now run on git * PLGN-362-Running black formatter on get_on_call and util/api * PLGN-362-Updating to use correct input and output objects, also removing redunant checks for required fields * PLGN-362-Updating to use newest version of error messages from insightconnect_plugin_runtime.exceptions * PLGN-362-Removing redunant required check * PLGN-362-Running black formatter on get_on_call and util/api * PLGN-362-Adding docstrings, using the input object in the connection class * PLGN-362-Running black formatter on get_on_call and util/api * PLGN-362-Updating docstrings to use sphinx format * PLGN-362-Updating examples to user real fake data * PLGN-362-Updating black format * PLGN-362-Making sure return for delete is of type string * PLGN-362-Making sure return for delete is of type string * PLGN-362-Fixing typos / tidying up code * PLGN-362-Adding back in get user by email action + tests * PLGN-362-using black format * PLGN-362-adding back in prefix to eah actions description
f935638
to
ec4c682
Compare
35a2c1d
to
c63d7dc
Compare
409b877
to
7e49c36
Compare
e7f10ec
to
2e967fc
Compare
ba715f2
to
9f862b4
Compare
c2f4dd7
to
6629741
Compare
1be0264
to
1b1b456
Compare
Proposed Changes
Description
Describe the proposed changes:
This plugin will send a command to a legacy Velociraptor Console (not Rapid7 Hosted)