Secretserver develop

stix_shifter_modules/secretserver/stix_translation/json/event_from_stix_map.json

@@ -14,28 +14,21 @@
     }
   },
 
-  "user-account": {
-    "fields": {
-      "user_id": [
-        "UserId"
-      ]
-    }
-  },
   "x-secret": {
     "fields": {
       "secret_name": ["SecretName"],
-      "user_name": ["username"],
+      "username": ["EmailAddress"],
       "secret_id": ["ItemId"],
-      "user_id": ["UserId"]
+      "user_id": ["UserId"],
+      "server_user_name" : ["Username"]
     }
   },
   "x-ibm-finding": {
     "fields": {
-      "name": ["EventSubject"],
+      "event_name": ["EventSubject"],
       "description": ["EventNote"],
       "finding_type": ["EventDetails"],
       "time_observed": ["EventTime"]
     }
   }
 }
-

stix_shifter_modules/secretserver/stix_translation/json/stix_2_1/event_from_stix_map.json

@@ -0,0 +1,35 @@
+{
+  "ipv4-addr": {
+    "fields": {
+      "value": ["IpAddress", "Server"],
+       "src_ip": ["IpAddress"],
+        "dst_ip": ["Server"]
+    }
+  },
+  "url": {
+    "fields": {
+      "value": [
+        "url"
+      ]
+    }
+  },
+
+  "x-secret": {
+    "fields": {
+      "secret_name": ["SecretName"],
+      "username": ["EmailAddress"],
+      "secret_id": ["ItemId"],
+      "user_id": ["UserId"],
+      "server_user_name" : ["Username"]
+    }
+  },
+  "x-ibm-finding": {
+    "fields": {
+      "event_name": ["EventSubject"],
+      "description": ["EventNote"],
+      "finding_type": ["EventDetails"],
+      "time_observed": ["EventTime"]
+    }
+  }
+}
+

stix_shifter_modules/secretserver/stix_translation/json/stix_2_1/to_stix_map.json

@@ -0,0 +1,83 @@
+{
+  "IpAddress": [
+    {
+      "key": "ipv4-addr.value",
+      "object": "src_ip"
+    },
+    {
+      "key": "x-ibm-finding.src_ip_ref",
+      "object": "finding",
+      "references": "src_ip"
+    }
+  ],
+   "Server": [
+    {
+      "key": "ipv4-addr.value",
+      "object": "dst_ip"
+    },
+     {
+      "key": "x-ibm-finding.dst_ip_ref",
+      "object": "finding",
+      "references": "dst_ip"
+    }
+   ],
+
+  "StartTime": [
+    {
+      "key": "first_observed",
+      "transformer": "EpochToTimestamp",
+      "cybox": false
+    },
+    {
+      "key": "last_observed",
+      "transformer": "EpochToTimestamp",
+      "cybox": false
+    }
+  ],
+  "Url": {
+    "key": "url.value"
+  },
+
+  "EventSubject" :
+    {
+      "key": "x-ibm-finding.event_name",
+      "object": "finding"
+    },
+  "EventNote":
+  {
+     "key": "x-ibm-finding.description",
+      "object": "finding"
+  },
+  "EventDetails":
+  {
+     "key": "x-ibm-finding.finding_type",
+      "object": "finding"
+  },
+  "EventTime":
+  {
+     "key": "x-ibm-finding.time_observed",
+      "object": "finding"
+  },
+
+  "SecretName":
+   {
+      "key": "x-secret.secret_name",
+       "object": "secret"
+   },
+  "ItemId": {
+      "key": "x-secret.secret_id",
+       "object": "secret"
+   },
+  "UserId": {
+      "key": "x-secret.user_id",
+       "object": "secret"
+   },
+   "EmailAddress": {
+      "key": "x-secret.username",
+       "object": "secret"
+   },
+   "Username": {
+      "key": "x-secret.server_user_name",
+       "object": "secret"
+   }
+}

stix_shifter_modules/secretserver/stix_translation/json/to_stix_map.json

@@ -1,10 +1,4 @@
 {
-  "username": [
-    {
-    "key": "user-account.user_name"
-  }
-  ],
-
   "IpAddress": [
     {
       "key": "ipv4-addr.value",
@@ -46,7 +40,7 @@
 
   "EventSubject" :
     {
-      "key": "x-ibm-finding.name",
+      "key": "x-ibm-finding.event_name",
       "object": "finding"
     },
   "EventNote":
@@ -77,5 +71,13 @@
   "UserId": {
       "key": "x-secret.user_id",
        "object": "secret"
+   },
+   "EmailAddress": {
+      "key": "x-secret.username",
+       "object": "secret"
+   },
+   "Username": {
+      "key": "x-secret.server_user_name",
+       "object": "secret"
    }
-}
+}

stix_shifter_modules/secretserver/stix_transmission/api_client.py

@@ -14,26 +14,28 @@
 
 
 class APIClient():
-    
+
     def __init__(self, connection, configuration):
-         self.url = "https://"+connection["host"]
-         self.auth_token_url = "/SecretServer/oauth2/token"
-         self.secret_detail = "/SecretServer/api/v1/secrets"
-         self.connect_timeout = os.getenv('STIXSHIFTER_CONNECT_TIMEOUT', CONNECT_TIMEOUT_DEFAULT)
-         self.connect_timeout = int(self.connect_timeout)
-         self.server_cert_content = False
-         self.auth = None
-         self.sni = None
-         self.retry_max = 1
-         self.logger = logger.set_logger(__name__)
-         self.server_cert_file_content_exists = False
-         self.url_modifier_function = None
-         self.headers = {
-             'Content-Type': 'application/x-www-form-urlencoded'
-         }
-         self.payload = 'username=%s&password=%s&grant_type=password' % (
-             configuration["auth"]["username"], configuration["auth"]["password"])
-         self.server_ip = connection["host"]
+        self.url = "https://" + connection["host"]
+        self.auth_token_url = "/SecretServer/oauth2/token"
+        self.secret_detail = "/SecretServer/api/v1/secrets"
+        self.connect_timeout = os.getenv('STIXSHIFTER_CONNECT_TIMEOUT', CONNECT_TIMEOUT_DEFAULT)
+        self.connect_timeout = int(self.connect_timeout)
+        self.server_cert_content = False
+        self.auth = None
+        self.sni = None
+        self.retry_max = 1
+        self.logger = logger.set_logger(__name__)
+        self.server_cert_file_content_exists = False
+        self.url_modifier_function = None
+        self.headers = {
+            'Content-Type': 'application/x-www-form-urlencoded'
+        }
+        self.payload = 'username=%s&password=%s&grant_type=password' % (
+            configuration["auth"]["username"], configuration["auth"]["password"])
+        self.server_ip = connection["host"]
+
+        self.secret_server_userdetail_url = "SecretServer/api/v1/users/"
 
     def get_token(self):
         response = RestApiClient.call_api(self, self.auth_token_url, 'GET', headers=self.headers,
@@ -70,8 +72,8 @@ def create_search(self, query_expression):
                 respObj.error_type = ""
                 respObj.status_code = 200
                 content = '{"search_id": "' + \
-                              str(response) + \
-                              '", "data": {"message":  "Search id generated."}}'
+                          str(response) + \
+                          '", "data": {"message":  "Search id generated."}}'
                 respObj._content = bytes(content, 'utf-8')
             else:
                 respObj.code = "404"
@@ -111,10 +113,12 @@ def get_search_results(self, search_id, index_from, fetch_size):
                 self.endDate = timestamp[1]
             else:
                 self.startDate = date.today()
-                self.endDate = self.startDate - timedelta(days = 1)
-            response = self.get_response()
-            return response
-
+                self.endDate = self.startDate - timedelta(days=1)
+            resp = self.get_response()
+            page_size = 100
+            resp = resp[(index_from * page_size):(fetch_size * page_size)]
+            return resp
+
     def decode_searchId(self):
         # These value (date, self.query) must be present.
         try:
@@ -160,6 +164,19 @@ def get_events(self):
         for obj in eventData['rows']:
             obj = dict(zip(col, obj))
             collection.append(obj)
+        for item in collection:
+            if "[Check Out]" in item["EventSubject"]:
+                item["EventSubject"] = "Check Out"
+            elif "[Check In]" in item["EventSubject"]:
+                item["EventSubject"] = "Check In"
+        # {key: ("Check Out" if  "[Check Out]" in val["EventSubject"] else "chec in")   for col in collection for(key,val) in col.items()}
+
+        # {item["EventSubject"]: ("[Check Out]" if "[Check Out]" in item["EventSubject"]
+        #                         "[Check In]"  if "[Check In]" in item["EventSubject"])
+        # for item in collection
+        # "[Check Out]" in [val = item["EventSubject"]] for item in collection]:
+        #     print('true')
+
         return collection
 
     def get_Secret(self):
@@ -197,13 +214,16 @@ def get_response(self):
             updateSecret.append(next)
         for item in eventDetail:
             for getId in updateSecret:
-                if (item['ItemId'] == getId['id']):
-                    data = getId['items']
-                    for secret in data:
-                        if (secret['fieldName'] == 'Server'):
-                            secretCollection[str(secret['fieldName'])] = str(secret['itemValue'])
-                            item.update(secretCollection)
+                if type(getId) is dict:
+                    if 'id' in getId:
+                        if (item['ItemId'] == getId['id']):
+                            data = getId['items']
+                            for secret in data:
+                                if (secret['fieldName'] == 'Server') or (secret['fieldName'] == 'Username'):
+                                    secretCollection[str(secret['fieldName'])] = str(secret['itemValue'])
+                                    item.update(secretCollection)
                             updateCollection.append(item)
+
         return updateCollection
 
     def delete_search(self, search_id):

stix_shifter_modules/secretserver/tests/stix_translation/test_secretserver_stix_to_query.py

@@ -47,7 +47,7 @@ def test_LIKE_operator(self):
         _test_query_assertions(query, selections, from_statement, where_statement)
 
     def test_x_ibm_search(self):
-        stix_pattern = "[x-ibm-finding:name = 'abcd']"
+        stix_pattern = "[x-ibm-finding:event_name = 'abcd']"
         query = _translate_query(stix_pattern)
         where_statement = "WHERE EventSubject = 'abcd'"
         _test_query_assertions(query, selections, from_statement, where_statement)
@@ -58,4 +58,3 @@ def test_x_secret_search(self):
         where_statement = "WHERE SecretName = 'xyz'"
         _test_query_assertions(query, selections, from_statement, where_statement)
 
-