IBM Verify Privilege Vault api path changes (#1424)

opencybersecurityalliance · Apr 13, 2023 · 3e29f39 · 3e29f39
1 parent 6d0ab87
commit 3e29f39
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/stix_shifter_modules/secretserver/README.md b/stix_shifter_modules/secretserver/README.md
@@ -42,6 +42,9 @@ will return
 
 IBM Security Verify Privilege Vault data to STIX mapping is defined in `to_stix_map.json`
 
+Note: For on Prem IBM Privilege Vault Secret Server Instace "host":"<hostname/SecretServer>" 
+      example: "host":"X.XX.XX.XXX/SecretServer"
+
 This example IBM Security Verify Privilege Vault data:
 
 python3 main.py transmit secretserver '{"host":"<hostname>"}' '{"auth":{"username":"<username>","password":"<password>"}}' results "eyJxdWVyeSI6ICJTRUxFQ1QgKiBGUk9NIFNlY3JldEV2ZW50RGV0YWlsIFdIRVJFIEV2ZW50U3ViamVjdCBMSUtFICclJSUnIFNUQVJUIHQnMjAxOS0wMS0yOFQxMjoyNDowMS4wMDlaJyBTVE9QIHQnMjAyMS0wNy0xNFQxMjo1NDowMS4wMDlaJyIsICJ0YXJnZXQiIDogImh0dHA6Ly85LjQ2Ljg2LjEyMC9TZWNyZXRTZXJ2ZXIvb2F1dGgyL3Rva2VuIn0=" 1 2

diff --git a/stix_shifter_modules/secretserver/stix_transmission/api_client.py b/stix_shifter_modules/secretserver/stix_transmission/api_client.py
@@ -17,8 +17,8 @@ class APIClient():
 
     def __init__(self, connection, configuration):
         self.url = "https://" + connection["host"]
-        self.auth_token_url = "/SecretServer/oauth2/token"
-        self.secret_detail = "/SecretServer/api/v1/secrets"
+        self.auth_token_url = "/oauth2/token"
+        self.secret_detail = "/api/v1/secrets"
         self.connect_timeout = os.getenv('STIXSHIFTER_CONNECT_TIMEOUT', CONNECT_TIMEOUT_DEFAULT)
         self.connect_timeout = int(self.connect_timeout)
         self.server_cert_content = False
@@ -35,7 +35,8 @@ def __init__(self, connection, configuration):
             configuration["auth"]["username"], configuration["auth"]["password"])
         self.server_ip = connection["host"]
 
-        self.secret_server_userdetail_url = "SecretServer/api/v1/users/"
+        self.secret_server_userdetail_url = "/api/v1/users/"
+        self.report_endpoint = "api/v1/reports/execute"
 
     async def get_token(self):
         response = await RestApiClientAsync.call_api(self, self.auth_token_url, 'GET', headers=self.headers,
@@ -151,9 +152,8 @@ async def get_events(self):
             'Authorization': self.accessToken,
             'Content-Type': 'application/json'
         }
-        endpoint = "SecretServer/api/v1/reports/execute"
 
-        response = await RestApiClientAsync.call_api(self, endpoint, 'POST', headers=headers, data=payload, urldata=None,
+        response = await RestApiClientAsync.call_api(self, self.report_endpoint, 'POST', headers=headers, data=payload, urldata=None,
                                           timeout=None)
         return_obj = {}
         if response.code != 200: