Merge pull request #65 from abaasandorj/add-ibm-plugin

Add IBM x-force plugin

Plugins/Community Based Plugins/IBM/IBM_OpenAPI.yaml

@@ -0,0 +1,156 @@
+openapi: 3.0.0
+info:
+  title: IBM X-Force Exchange API
+  version: 2.0
+servers:
+  - url: https://api.xforce.ibmcloud.com/api
+paths:
+  /reports/:
+    get:
+      operationId: Get Threat Intelligence Reports IBM
+      summary: Get premium threat intelligence reports based on a given report type
+      description: |
+        This endpoint allows you to view the get Threat Intelligence reports by report type. 
+        Possible report types are threatanalysis, osintadvisory, malware, industry, and threatgroup.
+        #ExamplePrompts Tell me about recent IBM threat intelligence reports
+        #ExamplePrompts Show me IBM threat intelligence reports
+        #ExamplePrompts What are the recent X-Force threat intelligence reports?
+        #ExamplePrompts Show me X-Force threat intelligence reports
+      parameters:
+        - name: reportType
+          in: path
+          description: The type of Threat Intelligence report. Possible report types are threatanalysis, osintadvisory, malware, industry, and threatgroup. 
+          required: true
+          schema:
+            type: string
+          example: "threatanalysis"
+        - name: added_after
+          in: query
+          description: To get reports created after specified date, For example, 2022-10-12. If not specified, the query will return the newest IPs.
+          required: false
+          schema:
+            type: string
+          example: "2022-10-12"
+        - name: added_before
+          in: query
+          description: To get reports created before specified date, For example, 2022-10-12. If not specified, the query will return the newest IPs.
+          required: false
+          schema:
+            type: string
+          example: "2022-10-12"
+        - name: limit
+          in: query
+          description: The number of returned Malware Analysis Reports, default value is 200. The limit must not be larger than 200.
+          required: false
+          schema:
+            type: integer
+          example: 201
+        - name: skip
+          in: query
+          description: The startingpoint to retrieve entries, default value is 0
+          required: false
+          schema:
+            type: integer
+          example: 0
+      responses:
+        "200":
+          description: Successful response
+          content:
+            application/json
+        "403":
+          description: Access denied
+        "404":
+          description: Not found
+
+  /threat_groups:
+    get:
+      operationId: Get Threat Group Profiles IBM
+      summary: Get a List of Threat Group Profiles.
+      description: |
+        Return a list of Threat Group Profiles based on an integer value of how many profiles you wish to see.
+        #ExamplePrompts Show me the most recent IBM Threat Group Profiles
+        #ExamplePrompts Show me the most recent X-Force threat group profiles
+        #ExamplePrompts What are the most recent X-Force threat group profiles?
+        #ExamplePrompts What are the IBM threat group profiles?
+        #ExamplePrompts Show me the top 20 IBM threat group profiles.
+      parameters:
+        - name: limit
+          in: query
+          description: The number of returned Threat Group Profiles, default value is 200. The limit must not be larger than 200.
+          required: true
+          schema:
+            type: integer
+          example: 20
+        - name: skip
+          in: query
+          description: The startingpoint to retrieve entries, default value is 0
+          required: false
+          schema:
+            type: integer
+          example: 0
+      responses:
+        "200":
+          description: Successful response
+          content:
+            application/json
+        "403":
+          description: Access denied
+        "404":
+          description: Not found
+
+  /resolve/{input}:
+    get:
+      operationId: Get Dns Records IBM
+      summary: Verify a domain name, IP address, or URL against IBM X-Force DNS records
+      description: |
+        This endpoint allows you to view the DNS information for a domain name, IP address, or URL.
+        #ExamplePrompts Show me the IBM DNS records for www.bing.com
+        #ExamplePrompts What are the IBM X-Force DNS records for https://www.bing.com/search?q=microsoft&form=QBLH&sp=-1&lq=0&pq=microsof&sc=11-8&qs=n&sk=&cvid=166E76706804404BAA7390129EE88004&ghsh=0&ghacc=0&ghpl=?
+        #ExamplePrompts What is the IBM DNS record for www.https://www.microsoft.com/?
+        #ExamplePrompts Are there IBM DNS records for www.https://www.google.com?
+      parameters:
+        - name: input
+          in: path
+          description: The domain name, IP Address, or URL to check for DNS information.
+          required: true
+          schema:
+            type: string
+          example: "www.bing.com"
+      responses:
+        "200":
+          description: Successful response
+          content:
+            application/json
+        "403":
+          description: Access denied
+        "404":
+          description: Not found
+
+
+  /whois/{host}:
+    get:
+      operationId: Get WHOIS IBM
+      summary: Returns the WHOIS information for an IP, URL, or domain.
+      description: |
+        This endpoint allows you to view WHOIS for a domain name, IP address, or URL.
+        #ExamplePrompts Show me the IBM whois records for www.bing.com
+        #ExamplePrompts What is the IBM WHOIS for https://www.bing.com/search?q=microsoft&form=QBLH&sp=-1&lq=0&pq=microsof&sc=11-8&qs=n&sk=&cvid=166E76706804404BAA7390129EE88004&ghsh=0&ghacc=0&ghpl=?
+        #ExamplePrompts IBM WHOIS www.https://www.microsoft.com/?
+        #ExamplePrompts Is there a WHOIS for www.https://www.google.com?
+      parameters:
+        - name: host
+          in: path
+          description: The domain name,IP Address, or URL to check for WHOIS information.
+          required: true
+          schema:
+            type: string
+          example: "www.bing.com"
+      responses:
+        "200":
+          description: Successful response
+          content:
+            application/json
+        "403":
+          description: Access denied
+        "404":
+          description: Not found

Plugins/Community Based Plugins/IBM/manifest.yaml

@@ -0,0 +1,22 @@
+Descriptor:
+  Name: IBM
+  DisplayName: IBM X-Force Exchange (Preview)
+  DescriptionDisplay: Threat Intelligence Profiles, Threat Group Profiles, and DNS Profiles
+  Description: |
+    Use this skillset to call the IBM X-Force Exchange API:
+    - What it does: Retrieves Threat Intelligence Profiles, Threat Group Profiles, and DNS Profiles from the IBM X-Force Exchange platform. 
+    - To what categories does it belong: DNS Profile, Threat Intelligence, Threat Groups.
+    IBM X-Force's API presents the below functions:
+    - Get Threat Intelligence Reports IBM: Get premium threat intelligence reports based on a given report type.
+    - Get Threat Group Profiles IBM: Get a List of Threat Group Profiles.
+    - Get Dns Records IBM: Verify a domain name, IP address, or URL against IBM X-Force DNS records
+    - Get WHOIS IBM: Returns the WHOIS information for an IP, URL, or domain.
+  SupportedAuthTypes:
+    - Basic
+  Category: other
+  Icon: https://www.ibm.com/brand/experience-guides/developer/b1db1ae501d522a1a4b49613fe07c9f1/01_8-bar-positive.svg #TODO: Use IBM X-Force Exchange icon
+
+SkillGroups:
+  - Format: API
+    Settings:
+      OpenApiSpecUrl: https://medeinaplugins.blob.core.windows.net/gpt-plugins/ibm-xforce-web-api.yaml

Plugins/Community Based Plugins/IBM/pluginVersion.json

@@ -0,0 +1,22 @@
+{
+    "Name": "IBM",
+    "Skills":[
+        {
+            "Name": "Get Threat Intelligence Reports IBM",
+            "Path": "/reports"
+        },
+        {
+            "Name": "Get Threat Group Profiles IBM",
+            "Path": "/threat_groups"
+        },
+        {
+            "Name": "Get Dns Records IBM",
+            "Path": "/resolve/{input}"
+        },
+        {
+            "Name": "Get WHOIS IBM",
+            "Path": "/whois/{host}"
+        }
+    ],
+    "Version" :"1.0.0"
+}

Plugins/Community Based Plugins/IBM/readme.md

@@ -0,0 +1,99 @@
+# # IBM X-Force Thread Intelligence
+**Publisher: Microsoft**
+
+Product Information:
+https://www.ibm.com/products/xforce-threat-intelligence
+
+## Overview  
+IBM X-Force is an online platform designed to help you understand and respond to security threats. It's a cloud service that lets you access, distribute, and take action on information about potential security risks. With this platform, you can quickly find out about new security threats around the world, gather information that you can use to protect yourself, talk to experts for advice, and work with other people who are also trying to stay safe. IBM X-Force Exchange is powered by both human expertise and automated processes, and it uses IBM X-Force's extensive resources to help users get ahead of threats that are just starting to appear. 
+
+## Invoking the Plugin and Skills
+
+1. A window entitled, Manage plugins, will open. Scroll down, until you see the IBM X-Force plugin.
+<img src="images/ibm_settings.png" alt="settings" width="500"/>
+
+
+2. Click on the Setup button for the IBM X-Force plugin highlighted in the image above, a new model will appear.
+<img src="images/ibm_select.png" alt="settings" width="500"/>
+
+
+3. Enter the IBM X-Force API key and password in the Value input box and click on the Save button. Once saved, you would see an acknowledgement.
+<img src="images/ibm_insert.png" alt="settings" width="500"/>
+
+
+4. Use the IBM X-Force Skillset
+   1. Make sure the IBM X-Force Plugin is enabled, verify by navigating to the Manage plugins tab and making sure the toggle is active.
+   2. Run a sample prompt such as `how me the IBM whois for www.bing.com.`
+
+
+
+## Skills & Prompts
+
+1. Get Threat Intelligence Reports IBM: Get premium threat intelligence reports based on a given report type
+   - Example Prompt(s): 
+     - Tell me about recent IBM threat intelligence report
+     - Show me IBM X-Force threat intelligence reports
+   - Inputs: 
+     - reportType
+       - Description: The type of Threat Intelligence report. Possible report types are threatanalysis, osintadvisory, malware, industry, and threatgroup. 
+       - Required: true
+       - Type: string
+       - Example: "threatanalysis"
+     - added_after
+       - Description: To get reports created after specified date, For example, 2022-10-12. If not specified, the query will return the newest IPs.
+       - Required: false
+       - Type: string
+       - Example: "2022-10-12"
+     - added_before
+       - Description: To get reports created before specified date, For example, 2022-10-12. If not specified, the query will return the newest IPs.
+       - Required: false
+       - Type: string
+       - Example: "2022-10-12"
+     - limit
+       - Description: The number of returned Malware Analysis Reports, default value is 200. The limit must not be larger than 200.
+       - Required: false
+       - Type: integer
+       - Example: 201
+     - skip
+       - Description: The startingpoint to retrieve entries, default value is 0
+       - Required: false
+       - Type: integer
+       - Example: 10
+2. Get Threat Group Profiles IBM: Get a List of Threat Group Profiles.
+   - Example Prompt(s): 
+     - What are the most recent X-Force threat group profiles?
+     - What are the IBM threat group profiles?
+     - Show me the top 20 IBM threat group profiles.
+   - Inputs: 
+     - limit
+       - Description: The number of returned Malware Analysis Reports, default value is 200. The limit must not be larger than 200.
+       - Required: false
+       - Type: integer
+       - Example: 201
+     - skip
+       - Description: The startingpoint to retrieve entries, default value is 0
+       - Required: false
+       - Type: integer
+       - Example: 10
+3. Get Dns Records IBM: Verify a domain name, IP address, or URL against IBM X-Force DNS records.
+   - Example Prompt(s): 
+     - Show me the IBM DNS records for www.bing.com
+     - What are the IBM X-Force DNS records for https://www.bing.com/search?q=microsoft&form=QBLH&sp=-1&lq=0&pq=microsof&sc=11-8&qs=n&sk=&cvid=166E76706804404BAA7390129EE88004&ghsh=0&ghacc=0&ghpl=?
+     - What is the IBM DNS record for www.https://www.microsoft.com/?
+   - Inputs: 
+     - input
+       - Description: The domain name, IP Address, or URL to check for DNS information.
+       - Required: true
+       - Type: string
+       - Example: "www.bing.com"
+4. Get WHOIS IBM: Returns the WHOIS information for an IP, URL, or domain.
+   - Example Prompt(s): 
+     - Show me the IBM whois records for www.bing.com
+     - What is the IBM WHOIS for https://www.bing.com/search?q=microsoft&form=QBLH&sp=-1&lq=0&pq=microsof&sc=11-8&qs=n&sk=&cvid=166E76706804404BAA7390129EE88004&ghsh=0&ghacc=0&ghpl=?
+     - IBM WHOIS www.https://www.microsoft.com/?
+   - Inputs: 
+     - host
+       - Description: The domain name,IP Address, or URL to check for WHOIS information.
+       - Required: true
+       - Rype: string
+       - Example: "www.bing.com"