Skip to content

Commit

Permalink
ReversingLabs - Add proxy support (#29280)
Browse files Browse the repository at this point in the history
* ReversingLabs - Add proxy support (#28993)

* Working on A1000 URL Report command

* Finish URL report and domain report commands

* Add the IP report command

* Add the commands for get_files_from_ip, get_ip_domain_resolutions and get_urls_from_ip

* Update pack version to 2.1.0

* Update release notes

* Add default values

* Add yara ruleset command
Add yara matches feed command

* Add yara retro actions command

* Add yara retro matches feed command

* Add reanalyze sample command

* Add imphash similarity command

* Add url downloaded files command

* Edit the url_downloaded_files_command method

* Add the latest url analyses feed

* Add the url analyses feed from date command

* Return url analyses feed results also as files

* Update the version

* Add release notes for v2.1.0

* Update command examples

* Update readme

* Update readme
Add command examples
Remove image files

* Implement sys.exit()

* Update docker image

* Update ignored secrets

* Refactor markdown

* Update secrets to ignore

* Update the A1000 version in the readme

* Update the readme

* Update the readme

* Remove trailing whitespaces

* Reorded human readable output

* Fix line too long issue

* Update Docker image

* Change camel case to snake case

* Change camel case to snake case

* Change camel case to snake case

* Change camel case to snake case

* Reduce max_results

* Reduce max_results

* Update command examples

* Update the readme

* Update the readme

* Update the readme

* Add dbot score object

* Update release notes

* Update release notes

* Update the YML file

* Update the docker image

* Add tests

* Add test data

* Update the docker image

* Add test data

* Add tests

* Remove io import

* Renamed TestData to test_data

* Renamed TestData to test_data

* Update ignored secrets

* Update 'TestData' paths to 'test_data'

* Update the dockerimage

* Add new tests

* Add test files

* Separate output formatting functions

* Correct typo

* Move output building into separate functions

* Add more tests

* Add test data

* Set predefined boolean

* Set predefined boolean

* Set predefined for classifications

* Add human readable to readme

* Add more tests

* Remove typo

* Add secrets to ignore

* Update the user agent to 2.1.0

* Update the user agent to 2.1.0

* Add the URL Reputation playbook

* Add v2.2.0 release notes

* Update version to 2.2.0

* Add File Analysis playbook

* Update version to 2.2.0

* Add v2.2.0 release notes

* Correct typo

* Update the release notes

* Update the release notes

* Update the release notes

* Update the release notes

* Add the image

* Add the image

* Modify the playbooks according to the CI rules

* Update the user agent version to 2.2.0

* Update the docker image

* Update the release notes

* Update the playbook id

* Update the release notes

* Update the playbook id

* Update the docker image

* Add proxy support to A1000 app

* Add proxy support to TitaniumCloud app

* Update the release notes

* Update the docker image

* Remove empty line

* Update the docker image

* Update the release notes

* Update the release notes

* Update the pack version

* Update the readme

* Add proxy support into the code

* Add proxy support into te YML configuration

* Remove unused imports

* Add newline at EoF

* Update unit tests

* Update unit tests

* Update unit tests

* Update unit tests

* Rename TestData to test_data

* Use type 9 fields for credentials

* Update the readme

* Add the displaypassword field to type 9 fields

* Change the type 4 fields for type 9

* Update the readme

* Update the readme

* Replace type 4 fields with type 9

* docker image

* RN

* fix RN

* pack ignore

* space in RN

* add a period for validations to pass

* remove extra period

* add description

---------

Co-authored-by: Mislav Sever <46045160+MislavReversingLabs@users.noreply.github.com>
Co-authored-by: Yehuda Rosenberg <90599084+RosenbergYehuda@users.noreply.github.com>
Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com>
  • Loading branch information
4 people authored and moishce committed Sep 14, 2023
1 parent a3c9ca3 commit 4418433
Show file tree
Hide file tree
Showing 25 changed files with 553 additions and 191 deletions.
2 changes: 2 additions & 0 deletions Packs/ReversingLabs_A1000/.pack-ignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
[known_words]
https
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,13 @@ ReversingLabs A1000 advanced Malware Analysis Platform.
| Reliability | False |
| Wait time between report fetching retries (seconds). Deafult is 2 seconds. | False |
| Number of report fetching retries. Default is 30. | False |
| HTTP proxy address with the protocol and port number. | False |
| HTTP proxy username | False |
| HTTP proxy password | False |
| HTTPS proxy address with the protocol and port number. | False |
| HTTPS proxy username | False |
| HTTPS proxy password | False |


4. Click **Test** to validate the URLs, token, and connection.

Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
from CommonServerPython import *
from ReversingLabs.SDK.a1000 import A1000

VERSION = "v2.2.0"

VERSION = "v2.3.0"
USER_AGENT = f"ReversingLabs XSOAR A1000 {VERSION}"
HOST = demisto.getParam('host')
TOKEN = demisto.getParam('token')
Expand All @@ -10,6 +11,62 @@
WAIT_TIME_SECONDS = demisto.params().get('wait_time_seconds')
NUM_OF_RETRIES = demisto.params().get('num_of_retries')

HTTP_PROXY = demisto.params().get("http_proxy", None)
HTTP_PROXY_USERNAME = demisto.params().get("http_credentials", {}).get("identifier", None)
HTTP_PROXY_PASSWORD = demisto.params().get("http_credentials", {}).get("password", None)

HTTPS_PROXY = demisto.params().get("https_proxy", None)
HTTPS_PROXY_USERNAME = demisto.params().get("https_credentials", {}).get("identifier", None)
HTTPS_PROXY_PASSWORD = demisto.params().get("https_credentials", {}).get("password", None)


def format_proxy(addr, username=None, password=None):
if addr.startswith("http://"):
protocol = addr[:7]
proxy_name = addr[7:]
elif addr.startswith("https://"):
protocol = addr[:8]
proxy_name = addr[8:]
else:
return_error("Proxy address needs to start with either 'http://' or 'https://'")

if username:
if password:
proxy = f"{protocol}{username}:{password}@{proxy_name}"
else:
proxy = f"{protocol}{username}@{proxy_name}"
else:
proxy = f"{protocol}{proxy_name}"

return proxy


def return_proxies():
proxies = {}

if HTTP_PROXY:
http_proxy = format_proxy(
addr=HTTP_PROXY,
username=HTTP_PROXY_USERNAME,
password=HTTP_PROXY_PASSWORD
)

proxies["http"] = http_proxy

if HTTPS_PROXY:
https_proxy = format_proxy(
addr=HTTPS_PROXY,
username=HTTPS_PROXY_USERNAME,
password=HTTPS_PROXY_PASSWORD
)

proxies["https"] = https_proxy

if proxies:
return proxies
else:
return None


def classification_to_score(classification):
score_dict = {
Expand Down Expand Up @@ -805,7 +862,6 @@ def urls_from_ip_output(ip, response):


def main():

try:
wait_time_seconds = int(WAIT_TIME_SECONDS)
except ValueError:
Expand All @@ -816,13 +872,16 @@ def main():
except ValueError:
return_error("Integration parameter <Number of retries> has to be of type integer.")

proxies = return_proxies()

a1000 = A1000(
host=HOST,
token=TOKEN,
verify=VERIFY_CERT,
user_agent=USER_AGENT,
wait_time_seconds=wait_time_seconds,
retries=num_of_retries
retries=num_of_retries,
proxies=proxies
)

demisto.info(f'Command being called is {demisto.command()}')
Expand Down
Loading

0 comments on commit 4418433

Please sign in to comment.