xsoar: initial commit

README.md

@@ -49,7 +49,7 @@ Github issues and feature requests welcomed.
 | Logging         | sentryio                                                    |
 | MacOS           | airport<br/>macchanger<br/>wdutil                           |
 | Python          | logging<br/>requests                                        |
-| SOAR            | swimlane<br/>splunk soar                                    |
+| SOAR            | swimlane<br/>splunk soar<br/>xsoar                          |
 | Recon           | nmap                                                        |
 | Test Automation | selenium                                                    |
 

automon/integrations/xsoar/__init__.py

@@ -0,0 +1,2 @@
+from .client import XSOARClient
+from .config import XSOARConfig

automon/integrations/xsoar/client.py

@@ -0,0 +1,16 @@
+from .config import XSOARConfig
+
+
+class XSOARClient(object):
+    """XSOAR REST API client
+
+    referenc: https://cortex-panw.stoplight.io/docs/cortex-xsoar-8/kjn2q21a7yrbm-get-started-with-cortex-xsoar-8-ap-is
+    """
+
+    def __init__(self, host: str = None, token: str = None, config: XSOARConfig = None):
+        self.config = config or XSOARConfig(host=host, token=token)
+
+    def is_ready(self):
+        if self.config.is_ready():
+            return True
+        return False

automon/integrations/xsoar/config.py

@@ -0,0 +1,21 @@
+from automon import environ
+
+
+class XSOARConfig(object):
+    """XSOAR REST API client config"""
+
+    def __init__(self, host: str = None, api_key: str = None, api_key_id: str = None):
+        self.host = host or environ('XSOAR_FQDN')
+        self.api_key = api_key or environ('XSOAR_API_KEY')
+        self.api_key_id = api_key_id or environ('XSOAR_API_KEY_ID')
+
+    def is_ready(self) -> bool:
+        if self.host and self.api_key and self.api_key_id:
+            return True
+        return False
+
+    def headers(self):
+        return {
+            '': f'Authorization:{self.api_key}',
+            '': f'x-xdr-auth-id:{self.api_key_id}'
+        }

automon/integrations/xsoar/tests/test_client_auth.py

@@ -0,0 +1,15 @@
+import unittest
+
+from automon.integrations.xsoar import XSOARClient
+
+
+class MyTestCase(unittest.TestCase):
+    test = XSOARClient()
+
+    if test.is_ready():
+        def test_auth(self):
+            self.assertTrue(self.test.is_ready())
+
+
+if __name__ == '__main__':
+    unittest.main()

automon/integrations/xsoar/tests/test_config.py

@@ -0,0 +1,15 @@
+import unittest
+
+from automon.integrations.xsoar import XSOARConfig
+
+
+class MyTestCase(unittest.TestCase):
+    test = XSOARConfig()
+
+    if test.is_ready():
+        def test_config(self):
+            self.assertTrue(self.test.is_ready())
+
+
+if __name__ == '__main__':
+    unittest.main()

env-example.sh

@@ -147,3 +147,8 @@ VDS_PASSWORD=
 
 # Wdutil
 WDUTIL_PASSWORD=
+
+# XSOAR
+XSOAR_FQDN=
+XSOAR_API_KEY=
+XSOAR_API_KEY_ID=