Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DomainTools Iris Investigate: Other - Fix failing CI checks for 1.5.2 release #38

Merged
merged 3 commits into from
Dec 27, 2024
Merged

DomainTools Iris Investigate: Other - Fix failing CI checks for 1.5.2 release #38

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
093d77b
Fix failing checks for 1.5.2 release.
jbabac Dec 27, 2024
4d0a8ff
Fix action output parameters column order
jbabac Dec 27, 2024
fed4d2f
Update README.md
Dec 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 13 additions & 9 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ Connector Version: 1.5.2
Product Vendor: DomainTools
Product Name: DomainTools Iris Investigate
Product Version Supported (regex): ".\*"
Minimum Product Version: 6.1.1
Minimum Product Version: 6.3.0

This app supports investigative actions to profile domain names, get risk scores, and find connected domains that share the same Whois details, web hosting profiles, SSL certificates, and more on DomainTools Iris Investigate

Expand Down Expand Up @@ -105,8 +105,8 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION
[enrich domain](#action-enrich-domain) - Get all Iris Investigate data for a domain except counts using the high volume Iris Enrich API endpoint (if provisioned)
[configure scheduled playbooks](#action-configure-scheduled-playbooks) - Run on initial setup to configure the optional monitoring playbooks. This action creates a custom list to manage the playbook scheduling and run status
[on poll](#action-on-poll) - Execute scheduled playbooks based on the set interval(mins) in 'domaintools_scheduled_playbooks' custom list. Smaller intervals will result in more accurate schedules
[nod feed](#action-nod-feed) - Apex-level domains (e.g. example.com but not www.example.com) observed for the first time by the DomainTools sensor network, and which are not present in our DNSDB historical database.
[nad feed](#action-nad-feed) - Apex-level domains (e.g. example.com but not www.example.com) DomainTools has newly observed in our DNS sensor network. This includes domains observed in DNS for the first time as well as domains observed in DNS again after not being observed for at least 10 days.
[nod feed](#action-nod-feed) - Apex-level domains (e.g. example.com but not www.example.com) observed for the first time by the DomainTools sensor network, and which are not present in our DNSDB historical database
[nad feed](#action-nad-feed) - Apex-level domains (e.g. example.com but not www.example.com) DomainTools has newly observed in our DNS sensor network. This includes domains observed in DNS for the first time as well as domains observed in DNS again after not being observed for at least 10 days

## action: 'test connectivity'
Validate the asset configuration for connectivity
Expand Down Expand Up @@ -640,7 +640,7 @@ No parameters are required for this action
No Output

## action: 'nod feed'
Apex-level domains (e.g. example.com but not www.example.com) observed for the first time by the DomainTools sensor network, and which are not present in our DNSDB historical database.
Apex-level domains (e.g. example.com but not www.example.com) observed for the first time by the DomainTools sensor network, and which are not present in our DNSDB historical database

Type: **investigate**
Read only: **True**
Expand All @@ -662,13 +662,15 @@ action_result.data.\*.timestamp | string | |
action_result.status | string | | success failed
action_result.summary | string | |
action_result.message | string | |
action_result.parameter.domain | string | |
action_result.parameter.after | string | |
action_result.parameter.domain | string | |
action_result.parameter.session_id | string | |
action_result.parameter.top | string | |
action_result.parameter.top | string | |
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1

## action: 'nad feed'
Apex-level domains (e.g. example.com but not www.example.com) DomainTools has newly observed in our DNS sensor network. This includes domains observed in DNS for the first time as well as domains observed in DNS again after not being observed for at least 10 days.
Apex-level domains (e.g. example.com but not www.example.com) DomainTools has newly observed in our DNS sensor network. This includes domains observed in DNS for the first time as well as domains observed in DNS again after not being observed for at least 10 days

Type: **investigate**
Read only: **True**
Expand All @@ -690,7 +692,9 @@ action_result.data.\*.timestamp | string | |
action_result.status | string | | success failed
action_result.summary | string | |
action_result.message | string | |
action_result.parameter.domain | string | |
action_result.parameter.after | string | |
action_result.parameter.domain | string | |
action_result.parameter.session_id | string | |
action_result.parameter.top | string | |
action_result.parameter.top | string | |
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
50 changes: 39 additions & 11 deletions domaintools_iris.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
"product_vendor": "DomainTools",
"product_name": "DomainTools Iris Investigate",
"product_version_regex": ".*",
"min_phantom_version": "6.1.1",
"min_phantom_version": "6.3.0",
"python_version": "3",
"logo": "logo_domaintools_iris.svg",
"logo_dark": "logo_domaintools_iris_dark.svg",
Expand Down Expand Up @@ -2105,7 +2105,7 @@
},
{
"action": "nod feed",
"description": "Apex-level domains (e.g. example.com but not www.example.com) observed for the first time by the DomainTools sensor network, and which are not present in our DNSDB historical database.",
"description": "Apex-level domains (e.g. example.com but not www.example.com) observed for the first time by the DomainTools sensor network, and which are not present in our DNSDB historical database",
"type": "investigate",
"identifier": "nod_feed",
"read_only": true,
Expand Down Expand Up @@ -2146,7 +2146,7 @@
"data_path": "action_result.data.*.domain",
"data_type": "string",
"column_name": "Domain Names",
"column_order": 1,
"column_order": 0,
"contains": [
"domain"
]
Expand All @@ -2155,7 +2155,7 @@
"data_path": "action_result.data.*.timestamp",
"data_type": "string",
"column_name": "Time Stamp",
"column_order": 2
"column_order": 1
},
{
"data_path": "action_result.status",
Expand All @@ -2174,11 +2174,11 @@
"data_type": "string"
},
{
"data_path": "action_result.parameter.domain",
"data_path": "action_result.parameter.after",
"data_type": "string"
},
{
"data_path": "action_result.parameter.after",
"data_path": "action_result.parameter.domain",
"data_type": "string"
},
{
Expand All @@ -2188,13 +2188,27 @@
{
"data_path": "action_result.parameter.top",
"data_type": "string"
},
{
"data_path": "summary.total_objects",
"data_type": "numeric",
"example_values": [
1
]
},
{
"data_path": "summary.total_objects_successful",
"data_type": "numeric",
"example_values": [
1
]
}
],
"versions": "EQ(*)"
},
{
"action": "nad feed",
"description": "Apex-level domains (e.g. example.com but not www.example.com) DomainTools has newly observed in our DNS sensor network. This includes domains observed in DNS for the first time as well as domains observed in DNS again after not being observed for at least 10 days.",
"description": "Apex-level domains (e.g. example.com but not www.example.com) DomainTools has newly observed in our DNS sensor network. This includes domains observed in DNS for the first time as well as domains observed in DNS again after not being observed for at least 10 days",
"type": "investigate",
"identifier": "nad_feed",
"read_only": true,
Expand Down Expand Up @@ -2235,7 +2249,7 @@
"data_path": "action_result.data.*.domain",
"data_type": "string",
"column_name": "Domain Names",
"column_order": 1,
"column_order": 0,
"contains": [
"domain"
]
Expand All @@ -2244,7 +2258,7 @@
"data_path": "action_result.data.*.timestamp",
"data_type": "string",
"column_name": "Time Stamp",
"column_order": 2
"column_order": 1
},
{
"data_path": "action_result.status",
Expand All @@ -2263,11 +2277,11 @@
"data_type": "string"
},
{
"data_path": "action_result.parameter.domain",
"data_path": "action_result.parameter.after",
"data_type": "string"
},
{
"data_path": "action_result.parameter.after",
"data_path": "action_result.parameter.domain",
"data_type": "string"
},
{
Expand All @@ -2277,6 +2291,20 @@
{
"data_path": "action_result.parameter.top",
"data_type": "string"
},
{
"data_path": "summary.total_objects",
"data_type": "numeric",
"example_values": [
1
]
},
{
"data_path": "summary.total_objects_successful",
"data_type": "numeric",
"example_values": [
1
]
}
],
"versions": "EQ(*)"
Expand Down
1 change: 1 addition & 0 deletions release_notes/unreleased.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
**Unreleased**
* Added `nod_feed` action to support for NOD Feeds.
* Added `nad_feed` action to support for NAD Feeds.