Ataya integration (demisto#30511) (demisto#30775)

* first commit of ataya integration * update README file * add unit test for integration script * fix secret error * fix validation errors * update pack according to comments from reviewers * update integration cmd on playbook * update the Ataya Pack based on comments from reviewer * fix validation error * enhance the playbook * add ELSE path on playbook --------- Co-authored-by: Tony Wu <[email protected]> Co-authored-by: Israel Lappe <[email protected]>
CheckPointSW · Nov 9, 2023 · 445b6cf · 445b6cf
1 parent 56a61ff
commit 445b6cf
Show file tree

Hide file tree

Showing 21 changed files with 1,532 additions and 0 deletions.
diff --git a/Packs/Ataya/.pack-ignore b/Packs/Ataya/.pack-ignore
diff --git a/Packs/Ataya/.secrets-ignore b/Packs/Ataya/.secrets-ignore
@@ -0,0 +1,2 @@
+https://www.ataya.io
+https://ataya-harmony.com
diff --git a/Packs/Ataya/Author_image.png b/Packs/Ataya/Author_image.png
diff --git a/Packs/Ataya/Classifiers/classifier-Ataya_-_Incoming_Mapper.json b/Packs/Ataya/Classifiers/classifier-Ataya_-_Incoming_Mapper.json
@@ -0,0 +1,97 @@
+{
+    "description": "Ataya Harmony fields for use in Integration Playbooks about 5G UE registration.",
+    "feed": false,
+    "id": "Ataya - Incoming Mapper",
+    "mapping": {
+        "Ataya": {
+            "dontMapEventToLabels": false,
+            "internalMapping": {
+                "Ataya_ID": {
+                    "simple": "sessioninfo.id"
+                },
+                "Ataya_IMEI": {
+                    "complex": {
+                        "accessor": "imei",
+                        "filters": [],
+                        "root": "sessionInfo.info",
+                        "transformers": []
+                    }
+                },
+                "Ataya_IMSI": {
+                    "complex": {
+                        "accessor": "imsi",
+                        "filters": [],
+                        "root": "sessionInfo.clientID",
+                        "transformers": []
+                    }
+                },
+                "Event Type": {
+                    "complex": {
+                        "filters": [],
+                        "root": "eventType",
+                        "transformers": []
+                    }
+                },
+				"Source IP": {
+					"complex": {
+						"accessor": "ip",
+						"filters": [],
+						"root": "sessionInfo",
+						"transformers": []
+					}
+				}
+            }
+        },
+        "dbot_classification_incident_type_all": {
+            "dontMapEventToLabels": false,
+            "internalMapping": {
+                "Ataya_ID": {
+                    "complex": {
+                        "accessor": "id",
+                        "filters": [],
+                        "root": "sessionInfo",
+                        "transformers": []
+                    }
+                },
+                "Ataya_IMEI": {
+                    "complex": {
+                        "accessor": "imei",
+                        "filters": [],
+                        "root": "sessionInfo.info",
+                        "transformers": []
+                    }
+                },
+                "Ataya_IMSI": {
+                    "complex": {
+                        "accessor": "imsi",
+                        "filters": [],
+                        "root": "sessionInfo.clientID",
+                        "transformers": []
+                    }
+                },
+                "Event Type": {
+                    "complex": {
+                        "filters": [],
+                        "root": "eventType",
+                        "transformers": []
+                    }
+                },
+				"Source IP": {
+					"complex": {
+						"accessor": "ip",
+						"filters": [],
+						"root": "sessionInfo",
+						"transformers": []
+					}
+				},
+                "name": {
+                    "simple": "Ataya ${eventType} Incident ${sessionInfo.clientName} ${sessionInfo.info.imei}"
+                }
+            }
+        }
+    },
+    "name": "Ataya - Incoming Mapper",
+    "type": "mapping-incoming",
+    "version": -1,
+    "fromVersion": "6.9.0"
+}
diff --git a/Packs/Ataya/IncidentFields/incidentfield-Ataya_ID.json b/Packs/Ataya/IncidentFields/incidentfield-Ataya_ID.json
@@ -0,0 +1,27 @@
+{
+    "associatedToAll": true,
+    "caseInsensitive": true,
+    "cliName": "atayaid",
+    "closeForm": false,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_atayaid",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "Ataya_ID",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "shortText",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.9.0"
+}
diff --git a/Packs/Ataya/IncidentFields/incidentfield-Ataya_IMEI.json b/Packs/Ataya/IncidentFields/incidentfield-Ataya_IMEI.json
@@ -0,0 +1,27 @@
+{
+    "associatedToAll": true,
+    "caseInsensitive": true,
+    "cliName": "atayaimei",
+    "closeForm": false,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_atayaimei",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "Ataya_IMEI",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "shortText",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.9.0"
+}
diff --git a/Packs/Ataya/IncidentFields/incidentfield-Ataya_IMSI.json b/Packs/Ataya/IncidentFields/incidentfield-Ataya_IMSI.json
@@ -0,0 +1,27 @@
+{
+    "associatedToAll": true,
+    "caseInsensitive": true,
+    "cliName": "atayaimsi",
+    "closeForm": false,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_atayaimsi",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "Ataya_IMSI",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "shortText",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.9.0"
+}
diff --git a/Packs/Ataya/IncidentTypes/incidenttype-Ataya.json b/Packs/Ataya/IncidentTypes/incidenttype-Ataya.json
@@ -0,0 +1,54 @@
+{
+    "autorun": true,
+    "color": "#F8E7A5",
+    "days": 0,
+    "daysR": 0,
+    "default": false,
+    "detached": false,
+    "disabled": false,
+    "extractSettings": {
+        "fieldCliNameToExtractSettings": {
+            "atayaeventtype": {
+                "extractAsIsIndicatorTypeId": "",
+                "extractIndicatorTypesIDs": [],
+                "isExtractingAllIndicatorTypes": false
+            },
+            "atayaimei": {
+                "extractAsIsIndicatorTypeId": "",
+                "extractIndicatorTypesIDs": [],
+                "isExtractingAllIndicatorTypes": false
+            },
+            "atayaimsi": {
+                "extractAsIsIndicatorTypeId": "",
+                "extractIndicatorTypesIDs": [],
+                "isExtractingAllIndicatorTypes": false
+            },
+            "atayaip": {
+                "extractAsIsIndicatorTypeId": "",
+                "extractIndicatorTypesIDs": [],
+                "isExtractingAllIndicatorTypes": false
+            },
+            "eventtype": {
+                "extractAsIsIndicatorTypeId": "",
+                "extractIndicatorTypesIDs": [],
+                "isExtractingAllIndicatorTypes": false
+            }
+        },
+        "mode": "All"
+    },
+    "hours": 0,
+    "hoursR": 0,
+    "id": "Ataya",
+    "layout": "Ataya Incident Layout",
+    "locked": false,
+    "name": "Ataya",
+    "onChangeRepAlg": 0,
+    "playbookId": "Ataya - Securely logging device access to network",
+    "readonly": false,
+    "reputationCalc": 0,
+    "system": false,
+    "version": -1,
+    "weeks": 0,
+    "weeksR": 0,
+    "fromVersion": "6.9.0"
+}
diff --git a/Packs/Ataya/Integrations/Ataya/Ataya.py b/Packs/Ataya/Integrations/Ataya/Ataya.py
@@ -0,0 +1,110 @@
+import demistomock as demisto  # noqa: F401
+from CommonServerPython import *  # noqa: F401
+import urllib3
+
+# Disable insecure warnings
+urllib3.disable_warnings()
+
+''' CONSTANTS '''
+
+''' CLIENT CLASS '''
+
+
+class Client(BaseClient):
+    def __init__(self, api_key: str, base_url: str, proxy: bool, verify: bool):
+        super().__init__(base_url=base_url, proxy=proxy, verify=verify)
+        self.api_key = api_key
+
+        self._headers = {
+            'Content-Type': 'application/json',
+            'x-api-key': self.api_key
+        }
+
+    def getNode(self):
+        return self._http_request(method='GET', url_suffix='api/v1/mgmt/5gc/networks/default/nodes')
+
+    def assignUser(self, imsi):
+        return self._http_request(method='PUT', url_suffix='api/v1/mgmt/5gc/clientAction/setstatus',
+                                  json_data={"status": "assigned", "resources": [imsi]})
+
+
+''' HELPER FUNCTIONS '''
+
+
+def test_module(client: Client) -> str:
+    """
+    Tests API connectivity and authentication'
+    Returning 'ok' indicates that connection to the service is successful.
+    Raises exceptions if something goes wrong.
+    """
+
+    try:
+        response = client.getNode()
+
+        success = demisto.get(response, 'count')  # Safe access to response['count']
+        if success < 1:
+            return f'Unexpected result from the service: success={success} (expected success > 1)'
+
+        return 'ok'
+
+    except Exception as e:
+        exception_text = str(e).lower()
+        if 'forbidden' in exception_text or 'authorization' in exception_text:
+            return 'Authorization Error: make sure API Key is correctly set'
+        else:
+            raise e
+
+
+''' COMMAND FUNCTIONS '''
+
+
+def assign_command(client: Client, imsi=""):
+    if imsi == "":
+        raise DemistoException('the imsi argument cannot be empty.')
+
+    response = client.assignUser(imsi=imsi)
+    userStatus = demisto.get(response, 'status')
+
+    if userStatus == 'unassigned':
+        raise DemistoException('Assign User Fail', res=response)
+
+    return f'User {imsi} {userStatus}'
+
+
+''' MAIN FUNCTION '''
+
+
+def main() -> None:  # pragma: no cover
+    params = demisto.params()
+    args = demisto.args()
+    command = demisto.command()
+
+    base_url = params.get('url')
+    api_key = params.get('apiToken', {}).get('password')
+    verify = not params.get('insecure', False)
+    proxy = params.get('proxy', False)
+
+    try:
+        client = Client(api_key=api_key, base_url=base_url,
+                        verify=verify, proxy=proxy)
+        if command == 'test-module':
+            # This is the call made when clicking the integration Test button.
+            return_results(test_module(client))
+
+        elif command == 'ataya-assign-user':
+            return_results(assign_command(client, **args))
+
+        else:
+            raise NotImplementedError(f"command {command} is not implemented.")
+
+    except Exception as e:
+        demisto.error(traceback.format_exc())  # print the traceback
+        return_error("\n".join(("Failed to execute {command} command.",
+                                "Error:",
+                                str(e))))
+
+
+''' ENTRY POINT '''
+
+if __name__ in ('__main__', '__builtin__', 'builtins'):
+    main()
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		https://www.ataya.io
		https://ataya-harmony.com