Merge pull request #11 from splunk-soar-connectors/next

Merging next to main for release 2.1.5

.github/workflows/start-release.yml

@@ -1,9 +1,13 @@
 name: Start Release
-on: workflow_dispatch
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - '*-beta*'
 jobs:
   start-release:
     runs-on: ubuntu-latest
     steps:
      - uses: 'phantomcyber/dev-cicd-tools/github-actions/start-release@main'
        with:
-         GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}
+         GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}

.pre-commit-config.yaml

@@ -1,11 +1,11 @@
 repos:
 -   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.6
+    rev: v1.11
     hooks:
     -   id: org-hook
     -   id: package-app-dependencies
 -   repo: https://github.com/Yelp/detect-secrets
-    rev: v1.1.0
+    rev: v1.2.0
     hooks:
     -   id: detect-secrets
         args: ['--no-verify', '--exclude-files', '^taniumrest.json$']

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2021 Splunk Inc.
+   Copyright (c) 2019-2022 Splunk Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

NOTICE

@@ -1,5 +1,5 @@
 Splunk SOAR Tanium REST
-Copyright (c) 2019-2021 Splunk Inc.
+Copyright (c) 2019-2022 Splunk Inc.
 
 Third-party Software Attributions:
 

readme.md → README.md

@@ -2,16 +2,16 @@
 # Tanium REST
 
 Publisher: Splunk  
-Connector Version: 2\.1\.4  
+Connector Version: 2\.1\.5  
 Product Vendor: Tanium  
 Product Name: Tanium REST  
 Product Version Supported (regex): "\.\*"  
-Minimum Product Version: 5\.0\.0  
+Minimum Product Version: 5\.1\.0  
 
 This app supports investigative and generic actions on Tanium
 
-[comment]: # " File: readme.md"
-[comment]: # "  Copyright (c) 2019-2021 Splunk Inc."
+[comment]: # " File: README.md"
+[comment]: # "  Copyright (c) 2019-2022 Splunk Inc."
 [comment]: # "  Licensed under the Apache License, Version 2.0 (the 'License');"
 [comment]: # "  you may not use this file except in compliance with the License."
 [comment]: # "  You may obtain a copy of the License at"
@@ -23,6 +23,7 @@ This app supports investigative and generic actions on Tanium
 [comment]: # "  either express or implied. See the License for the specific language governing permissions"
 [comment]: # "  and limitations under the License."
 [comment]: # ""
+[comment]: # " pragma: allowlist secret "
 ## Playbook Backward Compatibility
 
 -   The existing action parameters have been modified for the action given below. Hence, it is
@@ -86,6 +87,10 @@ ports used by Splunk SOAR.
     process to generate a new token before the current token expires. Failure to do so will cause
     integration to break as your token will no longer be valid after such date.**
 
+-   **The end user will need to add the SOAR source IP address as a "Trusted IP Address" when
+    creating a Tanium API Token. They will also need to note the expiration time and create a new
+    token accordingly.**
+
 -   **The following information regarding API calls using curl commands and additional notes have
     been taken from the "Tanium Server REST API Reference" documentation. More information can be
     gathered by contacting Tanium Support.**
@@ -108,16 +113,15 @@ ports used by Splunk SOAR.
 
 -   To generate an API token using this method, a session string or token string will need to be
     acquired first through the Login API endpoint. Then, the session or token string will be passed
-    in the header to get the API token. In the examples below, either an empty data set or optional
-    fields can be passed in the API token request; the latter allows one to specify the trusted ips
-    at the token level and also set a name and any notes about the token. This can be useful in
-    identifying the token after it is created, since the token string is not visible in the UI using
-    this method.
+    in the header to get the API token. In the examples below, fields need to be passed in the API
+    token request. **You MUST include the SOAR IP address as a trusted IP address.** It is also
+    useful to include the **notes** field, as this can be useful in identifying the token after it
+    is created since the token string is not visible in the UI using this method.
 
 -   #### Login API Endpoint
 
       
-    `       /api/v2/login      `
+    `       /api/v2/session/login      `
 
     #### Example Request
 
@@ -127,7 +131,7 @@ ports used by Splunk SOAR.
               # {
               #   "username": "jane.doe",
               #   "domain": "dev",
-              #   "password": "JanesPassword"
+              #   "password": "JanesPassword" 
               # }
               
 
@@ -147,7 +151,7 @@ ports used by Splunk SOAR.
 
     #### Example Request (session string):
 
-    `       $ curl -s -X POST -H "session:{string}" --data "{ }" https://localhost/api/v2/api_tokens      `
+    `       $ curl -s -X POST -H "session:{string}" --data "{json object}" https://localhost/api/v2/api_tokens      `
 
     #### Header Parameters
 
@@ -157,18 +161,17 @@ ports used by Splunk SOAR.
 
     #### Body Parameters
 
-    | Field  | Type             | Description                                                                                                                                           |
-    |--------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|
-    | object | application/json | (Required) An empty data set. You can also pass the data set on the header as `          --data "{ }"         ` or `          --data null         ` . |
+    | Field  | Type             | Description                                                                                                                                                                         |
+    |--------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+    | object | application/json | (Required) A json object containing fields "expire_in_days", "notes", and "trusted_ip_addresses". Be sure that the SOAR IP address is included in the "trusted_ip_addresses" field. |
 
     #### Example Request (with fields):
 
-    `       $ curl -s -X POST -H "session:{string}" --data-binary @new_token.json https://localhost/api/v2/tokens      `
+    `       $ curl -s -X POST -H "session:{string}" --data-binary @new_token.json https://localhost/api/v2/api_tokens      `
 
               # where new_token.json contains:
               # {
               #   "expire_in_days": 365,
-              #   "name": "my_token",
               #   "notes": "My module token.",
               #   "trusted_ip_addresses": "10.10.10.15,192.168.3.0/24"
               # }

__init__.py

@@ -1,6 +1,6 @@
 # File: __init__.py
 #
-# Copyright (c) 2019-2021 Splunk Inc.
+# Copyright (c) 2019-2022 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

readme.html

@@ -1,5 +1,5 @@
 <!-- File: readme.html
-  Copyright (c) 2019-2021 Splunk Inc.
+  Copyright (c) 2019-2022 Splunk Inc.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
@@ -64,16 +64,18 @@ <h2>API Token Generation</h2>
 </li>
 <li><b>IMPORTANT: The default expiration of a generated token is 7 days. To reduce maintenance, we recommend setting the default expiration to 365 days. Note that you will have to repeat this process to generate a new token before the current token expires. Failure to do so will cause integration to break as your token will no longer be valid after such date.</b>
 </li>
+<li><b>The end user will need to add the SOAR source IP address as a "Trusted IP Address" when creating a Tanium API Token. They will also need to note the expiration time and create a new token accordingly.</b>
+</li>
 <li><b>The following information regarding API calls using curl commands and additional notes have been taken from the "Tanium Server REST API Reference" documentation. More information can be gathered by contacting Tanium Support.</b>
 </li>
 
   <h3>UI</h3>
     <li>To generate an API token in the UI and to configure the system to use it, please follow the steps mentioned in this <a href="https://docs.tanium.com/platform_user/platform_user/console_api_tokens.html" target="_blank">documentation</a>. On Tanium 7.5.2.3503, new API tokens can be generated by selecting Administration > Permissions > API Tokens > New API Token. Depending on the version of Tanium, the UI may not contain the token creation button on the page and will only display a list of the existing API tokens. If this is the case, you will need to use the curl command method.</li>
 
   <h3>Curl</h3>
-    <li>To generate an API token using this method, a session string or token string will need to be acquired first through the Login API endpoint. Then, the session or token string will be passed in the header to get the API token. In the examples below, either an empty data set or optional fields can be passed in the API token request; the latter allows one to specify the trusted ips at the token level and also set a name and any notes about the token. This can be useful in identifying the token after it is created, since the token string is not visible in the UI using this method.</li>
+    <li>To generate an API token using this method, a session string or token string will need to be acquired first through the Login API endpoint. Then, the session or token string will be passed in the header to get the API token. In the examples below, fields need to be passed in the API token request. <b>You MUST include the SOAR IP address as a trusted IP address.</b> It is also useful to include the <b>notes</b> field, as this can be useful in identifying the token after it is created since the token string is not visible in the UI using this method.</li>
     <li><h4>Login API Endpoint</h4></li>
-    <code>/api/v2/login</code>
+    <code>/api/v2/session/login</code>
     <h4>Example Request</h4>
     <code>
     $ curl -s -X POST --data-binary @sample_login.json https://localhost/api/v2/session/login
@@ -82,7 +84,7 @@ <h4>Example Request</h4>
       # {
       #   "username": "jane.doe",
       #   "domain": "dev",
-      #   "password": "JanesPassword"
+      #   "password": "JanesPassword" <!-- pragma: allowlist secret -->
       # }
       </pre>
     </code>
@@ -100,7 +102,7 @@ <h4>Example Response</h4>
       <code>/api/v2/api_tokens</code>
       <h4>Example Request (session string):</h4>
       <code>
-      $ curl -s -X POST -H "session:{string}" --data "{  }" https://localhost/api/v2/api_tokens
+      $ curl -s -X POST -H "session:{string}" --data "{json object}" https://localhost/api/v2/api_tokens
       </code>
       <h4>Header Parameters</h4>
       <table>
@@ -110,17 +112,16 @@ <h4>Header Parameters</h4>
       <h4>Body Parameters</h4>
       <table>
       <tr><th>Field</th><th>Type</th><th>Description</th></tr>
-      <tr><td>object</td><td>application/json</td><td>(Required) An empty data set. You can also pass the data set on the header as <code>--data "{  }"</code> or <code>--data null</code>.</td></tr>
+      <tr><td>object</td><td>application/json</td><td>(Required) A json object containing fields "expire_in_days", "notes", and "trusted_ip_addresses". Be sure that the SOAR IP address is included in the "trusted_ip_addresses" field. </td></tr>
       </table>
 
       <h4>Example Request (with fields):</h4>
       <code>
-      $ curl -s -X POST -H "session:{string}" --data-binary @new_token.json https://localhost/api/v2/tokens
+      $ curl -s -X POST -H "session:{string}" --data-binary @new_token.json https://localhost/api/v2/api_tokens
         <pre>
       # where new_token.json contains:
       # {
       #   "expire_in_days": 365,
-      #   "name": "my_token",
       #   "notes": "My module token.",
       #   "trusted_ip_addresses": "10.10.10.15,192.168.3.0/24"
       # }
@@ -187,7 +188,7 @@ <h2>How to use Run Query Action</h2>
             <li><b>wait_for_results_processing:</b> Some long-running sensors return intermediate results with the contents "results currently unavailable", and then <a href="https://docs.tanium.com/interact/interact/results.html#:~:text=Results%20Currently%20Unavailable">later the sensor fills in the results</a>. This option instructs the App to wait until the results are returned to Tanium and only after that return the final results. The waiting is still time bounded by the <b>timeout_seconds</b> setting. </li>
             <li><b>return_when_n_results_available:</b> When set, the Tanium REST App will return results to the playbook as soon as `N` results are returned, even if the <b>Consider question results complete at (% out of 100)</b> percentage has not been met. This is useful in scenarios where the playbook expects to get at most `N` results, and wants to return as soon as this occurs.</li>
             <li><b>wait_for_n_results_available:</b> When set, the Tanium REST App will wait (up to the <b>timeout_seconds</b> timeout) until at least `N` results are returned. This is helpful in situations where the Tanium server is under high utilization. Sometimes the App will estimate that 100% of hosts have reported results, even when there are a few stragglers left. If the playbook author knows that it should be getting `N` results, this will wait past the <b>Consider question results complete at (% out of 100)</b> percentage.</li>
-        </ul>   
+        </ul>
     </li>
     <li>Two modes of operation are supported for the run query action:</li>
     <br>

release_notes/2.1.5.md

@@ -0,0 +1 @@
+* Updated API token generation documentation [PAPP-23910]

release_notes/release_notes.html

@@ -1,5 +1,9 @@
-<b>Tanium REST Release Notes - Published by Splunk December 21, 2021</b>
+<b>Tanium REST Release Notes - Published by Splunk March 11, 2022</b>
 <br><br>
+<b>Version 2.1.5 - Released March 11, 2022</b>
+<ul>
+<li>Updated API token generation documentation [PAPP-23910]</li>
+</ul>
 <b>Version 2.1.4 - Released December 21, 2021</b>
 <ul>
 <li>Added configuration parameter for the token-based authentication [PAPP-21244]</li>

taniumrest.json

@@ -11,15 +11,15 @@
     "publisher": "Splunk",
     "python_version": "3",
     "fips_compliant": true,
-    "license": "Copyright (c) 2019-2021 Splunk Inc.",
+    "license": "Copyright (c) 2019-2022 Splunk Inc.",
     "latest_tested_versions": [
         "Build (Windows): 7.5.2.3503 | Console: 3.0.64"
     ],
-    "app_version": "2.1.4",
-    "utctime_updated": "2021-12-21T06:29:11.000000Z",
+    "app_version": "2.1.5",
+    "utctime_updated": "2022-01-07T20:22:22.000000Z",
     "package_name": "phantom_taniumrest",
     "main_module": "taniumrest_connector.py",
-    "min_phantom_version": "5.0.0",
+    "min_phantom_version": "5.1.0",
     "app_wizard_version": "1.0.0",
     "configuration": {
         "base_url": {
@@ -2692,4 +2692,4 @@
             }
         ]
     }
-}
+}

taniumrest_connector.py

@@ -1,6 +1,6 @@
 # File: taniumrest_connector.py
 #
-# Copyright (c) 2019-2021 Splunk Inc.
+# Copyright (c) 2019-2022 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

taniumrest_consts.py

@@ -1,6 +1,6 @@
 # File: taniumrest_consts.py
 #
-# Copyright (c) 2019-2021 Splunk Inc.
+# Copyright (c) 2019-2022 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

taniumrest_run_query.html

@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: taniumrest_run_query.html
-  Copyright (c) 2019-2021 Splunk Inc.
+  Copyright (c) 2019-2022 Splunk Inc.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

taniumrest_view.py

@@ -1,6 +1,6 @@
 # File: taniumrest_view.py
 #
-# Copyright (c) 2019-2021 Splunk Inc.
+# Copyright (c) 2019-2022 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

tox.ini

@@ -0,0 +1,7 @@
+[flake8]
+max-line-length = 145
+max-complexity = 28
+ignore = F403,E128,E126,E111,E121,E127,E731,E201,E202,F405,E722,D,W292
+
+[isort]
+line_length = 145