Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Marketplace Contribution] Abnormal Security - Content Pack Update #33462

Merged
merged 5 commits into from Mar 25, 2024
Merged

[Marketplace Contribution] Abnormal Security - Content Pack Update #33462

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
f96448e
[Marketplace Contribution] Abnormal Security - Content Pack Update (#…
xsoar-bot Mar 21, 2024
a514638
Merge branch 'master' into contrib/xsoar-contrib_vipulkaneriya-contri…
jbabazadeh Mar 24, 2024
38c1d4f
pre commit
jbabazadeh Mar 24, 2024
7b7c23c
pre commit
jbabazadeh Mar 24, 2024
2c7d182
Merge branch 'master' into contrib/xsoar-contrib_vipulkaneriya-contri…
jbabazadeh Mar 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
48 changes: 35 additions & 13 deletions Packs/AbnormalSecurity/Integrations/AbnormalSecurity/AbnormalSecurity.py
View file
Open in desktop
@@ -1,5 +1,8 @@
from CommonServerPython import *
from typing import Dict, Any
import demistomock as demisto # noqa: F401
from CommonServerPython import * # noqa: F401


from typing import Any
import logging
from datetime import datetime

Expand Down Expand Up @@ -27,7 +30,6 @@

class FetchIncidentsError(Exception):
"""Raised when there's an error in fetching incidents."""
pass


class Client(BaseClient):
Expand Down Expand Up @@ -69,17 +71,23 @@ def get_a_list_of_abnormal_cases_identified_by_abnormal_security_request(self, f
return response

def get_a_list_of_campaigns_submitted_to_abuse_mailbox_request(self, filter_='', page_size=None, page_number=None,
subtenant=None):
params = assign_params(filter=filter_, pageSize=page_size, pageNumber=page_number, subtenant=subtenant)
subtenant=None, subject=None, sender=None, recipient=None,
reporter=None, attackType=None, threatType=None):
params = assign_params(filter=filter_, pageSize=page_size, pageNumber=page_number, subtenant=subtenant, subject=subject,
sender=sender, recipient=recipient, reporter=reporter, attackType=attackType,
threatType=threatType)

headers = self._headers

response = self._http_request('get', 'abusecampaigns', params=params, headers=headers)

return response

def get_a_list_of_threats_request(self, filter_='', page_size=None, page_number=None, source=None, subtenant=None):
params = assign_params(filter=filter_, pageSize=page_size, pageNumber=page_number, source=source, subtenant=subtenant)
def get_a_list_of_threats_request(self, filter_='', page_size=None, page_number=None, source=None, subtenant=None,
subject=None, sender=None, recipient=None, topic=None, attackType=None, attackVector=None):
params = assign_params(filter=filter_, pageSize=page_size, pageNumber=page_number, source=source, subtenant=subtenant,
subject=subject, sender=sender, recipient=recipient, topic=topic, attackType=attackType,
attackVector=attackVector)

headers = self._headers

Expand Down Expand Up @@ -335,8 +343,15 @@ def get_a_list_of_campaigns_submitted_to_abuse_mailbox_command(client, args):
page_size = args.get('page_size', None)
page_number = args.get('page_number', None)
subtenant = args.get('subtenant', None)

response = client.get_a_list_of_campaigns_submitted_to_abuse_mailbox_request(filter_, page_size, page_number, subtenant)
subject = args.get('subject', None)
sender = args.get('sender', None)
recipient = args.get('recipient', None)
reporter = args.get('reporter', None)
attackType = args.get('attackType', None)
threatType = args.get('threatType', None)

response = client.get_a_list_of_campaigns_submitted_to_abuse_mailbox_request(
filter_, page_size, page_number, subtenant, subject, sender, recipient, reporter, attackType, threatType)
markdown = tableToMarkdown('Campaign IDs', response.get('campaigns', []), headers=['campaignId'], removeNull=True)

command_results = CommandResults(
Expand All @@ -356,8 +371,15 @@ def get_a_list_of_threats_command(client, args):
page_number = args.get('page_number', None)
source = str(args.get('source', ''))
subtenant = args.get('subtenant', None)

response = client.get_a_list_of_threats_request(filter_, page_size, page_number, source, subtenant)
subject = args.get('subject', None)
sender = args.get('sender', None)
recipient = args.get('recipient', None)
topic = args.get('topic', None)
attackType = args.get('attackType', None)
attackVector = args.get('attackVector', None)

response = client.get_a_list_of_threats_request(
filter_, page_size, page_number, source, subtenant, subject, sender, recipient, topic, attackType, attackVector)
markdown = tableToMarkdown('Threat IDs', response.get('threats'), headers=['threatId'], removeNull=True)
command_results = CommandResults(
readable_output=markdown,
Expand Down Expand Up @@ -455,7 +477,7 @@ def get_details_of_an_abuse_mailbox_campaign_command(client, args):

response = client.get_details_of_an_abuse_mailbox_campaign_request(campaign_id, subtenant)
command_results = CommandResults(
outputs_prefix='AbnormalSecurity.AbuseCampaign.campaigns',
outputs_prefix='AbnormalSecurity.AbuseCampaign',
outputs_key_field='campaignId',
outputs=response,
raw_response=response
Expand Down Expand Up @@ -769,7 +791,7 @@ def generate_account_takeover_cases_incidents(client, cases):

def fetch_incidents(
client: Client,
last_run: Dict[str, Any],
last_run: dict[str, Any],
first_fetch_time: str,
fetch_threats: bool,
fetch_abuse_campaigns: bool,
Expand Down