pangeacyber · ihmdevcont · Feb 6, 2023 · Feb 6, 2023 · Feb 7, 2023 · Feb 7, 2023
@@ -0,0 +1,3 @@
+## Version 0.0.1
+
+Initial release of the Pangea Domain Intel extension.
@@ -0,0 +1,39 @@
+### See it in action
+
+You can test out this extension right away!
+
+1.  Go to your [Cloud Firestore Dashboard](https://console.firebase.google.com/project/${param:PROJECT_ID}/firestore/data) in the Firebase console.
+
+2.  If it doesn't exist already, create a collection called `${param:COLLECTION_PATH}`.
+
+3.  Create a document with a field named `${param:INPUT_FIELD_NAME}`, then make its value a message you want to log.
+
+4.  In a few seconds, you'll see a new field called `${param:OUTPUT_FIELD_NAME}` pop up in the same document you just created. It will contain the Domain Intel Service response.
+
+5.  Then, from the Pangea Console [Secure Audit Log Viewer](https://console.pangea.cloud/service/audit/logs) view the tamperproof log entry.
+
+### Using the extension
+
+This extension scans domain names written to the `${param:INPUT_FIELD_NAME}` field of a document in the `${param:COLLECTION_PATH}` path using the Pangea Domain Intel service. If the `${param:INPUT_FIELD_NAME}` field of the document is updated, then the updated string will be automatically scanned.
+
+
+#### Input field as a string
+
+Writing the string "google.com" to the field `${param:INPUT_FIELD_NAME}` in `${param:COLLECTION_PATH}` will result in field `${param:OUTPUT_FIELD_NAME}` being populated with something like:
+
+```js
+{
+  ${param:OUTPUT_FIELD_NAME}: {
+    data: {
+      category: [],
+      score: 0,
+      verdict: 'benign'
+    }
+  },
+}
+```
+
+
+### Monitoring
+
+As a best practice, you can [monitor the activity](https://firebase.google.com/docs/extensions/manage-installed-extensions#monitor) of your installed extension, including checks on its health, usage, and logs.
@@ -0,0 +1,24 @@
+Use this extension to scan domain names using Pangea Domain Intel service by writing domain names to a Cloud Firestore collection.
+
+This extension:
+
+- Listens to your specified Cloud Firestore collection. If you add a string to a specified field in any document within that collection, this extension scans the new value of the field using [Pangea Domain Intel Service](https://pangea.cloud/services/domain-intel/).  
+- Listens to Firebase Authentication user creation events and scans the new user's email domain using Pangea's Domain Intel service and stores the results in the Firestore collection which was specified during extension setup.
+
+If the original input field of the document is updated, the new value will be scanned using Pangea Domain Intel service also.
+
+#### Additional setup
+
+Before installing this extension, make sure that you have signed up for a free [Pangea](https://pangea.cloud/signup?utm_medium=google-marketplace&utm_source=marketplace&utm_campaign=firestore-domain-intel) account and have [set up a Cloud Firestore database](https://firebase.google.com/docs/firestore/quickstart) in your Firebase project.
+
+#### Billing
+To install an extension, your project must be on the [Blaze (pay as you go) plan](https://firebase.google.com/pricing)
+
+- You will be charged a small amount (typically around $0.01/month) for the Firebase resources required by this extension (even if it is not used).
+- This extension uses other Firebase and Google Cloud Platform services, which have associated charges if you exceed the service’s no-cost tier:
+  - Pangea Domain Intel
+  - Cloud Firestore
+  - Cloud Functions (Node.js 10+ runtime. [See FAQs](https://firebase.google.com/support/faq#extensions-pricing))
+
+Usage of this extension also requires you to have a [Pangea](https://pangea.cloud/signup?utm_medium=google-marketplace&utm_source=marketplace&utm_campaign=firestore-domain-intel) account. You are responsible for any associated costs with your usage of Pangea.
+
@@ -0,0 +1,68 @@
+# Pangea Domain Intel Lookup
+
+**Author**: Pangea Cyber (**[https://pangea.cloud](https://pangea.cloud)**)
+
+**Description**: Scans domains names using industry leading threat intelligence from top security research organizations. 
+
+**Details**: Use this extension to scan domain names using Pangea Domain Intel service. Access up-to-date domain intelligence, so you always know if you're dealing with a suspicious domain.
+
+This extension:
+
+- Listens to your specified Cloud Firestore collection. If you add a string to a specified field in any document within that collection, this extension scans the new value of the field using [Pangea Domain Intel Service](https://pangea.cloud/services/domain-intel/).  
+- Listens to Firebase Authentication user creation events and scans the new user's email domain using Pangea's Domain Intel service and stores the results in the Firestore collection which was specified during extension setup.
+
+#### Additional setup
+
+Before installing this extension, make sure that you have signed up for a free [Pangea](https://pangea.cloud/signup?utm_medium=google-marketplace&utm_source=marketplace&utm_campaign=firestore-domain-intel) account and have [set up a Cloud Firestore database](https://firebase.google.com/docs/firestore/quickstart) in your Firebase project.
+
+#### Billing
+To install an extension, your project must be on the [Blaze (pay as you go) plan](https://firebase.google.com/pricing)
+
+- You will be charged a small amount (typically around $0.01/month) for the Firebase resources required by this extension (even if it is not used).
+- This extension uses other Firebase and Google Cloud Platform services, which have associated charges if you exceed the service’s no-cost tier:
+  - Pangea Domain Intel
+  - Cloud Firestore
+  - Cloud Functions (Node.js 10+ runtime. [See FAQs](https://firebase.google.com/support/faq#extensions-pricing))
+
+Usage of this extension also requires you to have a [Pangea](https://pangea.cloud/signup?utm_medium=google-marketplace&utm_source=marketplace&utm_campaign=firestore-domain-intel) account. You are responsible for any associated costs with your usage of Pangea.
+
+
+**Configuration Parameters:**
+
+* Cloud Functions location: Where do you want to deploy the functions created for this extension? You usually want a location close to your database. For help selecting a location, refer to the [location selection guide](https://firebase.google.com/docs/functions/locations).
+
+* Pangea service base domain: The base domain of where your Pangea Service is deployed. The **Domain** value can be copied from the main dashboard of the [Pangea Console](https://console.pangea.cloud).
+
+
+* Pangea Auth Token with access to the Pangea Domain Intel service: The Pangea Token to use to authenticate access to the Pangea Domain Intel service
+
+
+* Domain Intel Provider: A provider must be selected from the following list: DomainTools, Crowdstrike
+
+
+* Collection path: What is the path to the collection that contains the domain name string that you want to scan?
+
+
+* Input field name: What is the name of the field that contains the domain name string that you want to scan?
+
+
+* Response output field name: What is the name of the field where you want to store response from the Pangea service?
+
+
+**Cloud Functions:**
+
+* **pangea_firestore_domain_intel:** Listens for writes of new strings to your specified Cloud Firestore collection, scans them using the Domain Intel service and stores the scan results in the same document under a different field
+
+
+**Other Resources**:
+
+* onusercreated
+* onuserdeleted
+
+
+**Access Required**:
+
+
+This extension will operate with the following project IAM roles:
+
+* datastore.user (Reason: Allows the extension to write Secure Audit Log response to Cloud Firestore.)
@@ -0,0 +1,211 @@
+# Pangea Cyber 2023 Pange Cyber Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: firestore-domain-intel
+version: 0.0.1
+specVersion: v1beta
+
+displayName: Pangea Domain Intel
+description: Scans specified urls using Pangea Domain Intel service and writes the results to the specified Firestore field, and optionally publishes the events to Pangea Audit Log if enabled.
+
+license: Apache-2.0
+
+sourceUrl: https://github.com/pangeacyber/pangea-extensions-firebase/tree/main/firestore-domain-intel
+releaseNotesUrl: https://github.com/pangeacyber/pangea-extensions-firebase/blob/main/firestore-domain-intel/CHANGELOG.md
+
+author:
+  authorName: Pangea Cyber
+  url: https://pangea.cloud
+
+contributors:
+  - authorName: Nicolas Vautier
+    email: [email protected]
+    url: https://github.com/pangea-nv
+
+billingRequired: true
+
+externalServices:
+  - name: Pangea
+    PricingUri: https://pangea.cloud/pricing
+
+apis:
+  - apiName: eventarc.googleapis.com
+    reason: Powers all events and triggers
+  - apiName: run.googleapis.com
+    reason: Powers v2 functions
+
+roles:
+  - role: datastore.user
+    reason: Allows the extension to read/write to Cloud Firestore.
+
+resources:
+  - name: pangea_firestore_domain_intel
+    type: firebaseextensions.v1beta.function
+    description:
+      Listens for writes of new strings to your specified Cloud Firestore collection, scans the spefied value using Pangea Domain Intel service
+    properties:
+      location: ${param:LOCATION}
+      runtime: nodejs14
+      eventTrigger:
+        eventType: providers/cloud.firestore/eventTypes/document.write
+        resource: projects/${param:PROJECT_ID}/databases/(default)/documents/${param:COLLECTION_PATH}/{messageId}
+
+# Firebase Auth events
+  - name: onusercreated
+    type: firebaseextensions.v1beta.function
+    description:
+      Detects and automatically records a Secure Audit Log entry when a new user is created.
+    properties:
+      location: ${LOCATION}
+      runtime: nodejs14
+      eventTrigger:
+        eventType: providers/firebase.auth/eventTypes/user.create
+        resource: projects/${PROJECT_ID}
+
+  - name: onuserdeleted
+    type: firebaseextensions.v1beta.function
+    description:
+      Detects and automatically records a Secure Audit Log entry when a user is deleted.
+    properties:
+      location: ${LOCATION}
+      runtime: nodejs14
+      eventTrigger:
+        eventType: providers/firebase.auth/eventTypes/user.delete
+        resource: projects/${PROJECT_ID}
+
+params:
+  - param: LOCATION
+    label: Cloud Functions location
+    description: >-
+      Where do you want to deploy the functions created for this extension?
+      You usually want a location close to your database. For help selecting a
+      location, refer to the [location selection
+      guide](https://firebase.google.com/docs/functions/locations).
+    type: select
+    options:
+      - label: Iowa (us-central1)
+        value: us-central1
+      - label: South Carolina (us-east1)
+        value: us-east1
+      - label: Northern Virginia (us-east4)
+        value: us-east4
+      - label: Los Angeles (us-west2)
+        value: us-west2
+      - label: Salt Lake City (us-west3)
+        value: us-west3
+      - label: Las Vegas (us-west4)
+        value: us-west4
+      - label: Warsaw (europe-central2)
+        value: europe-central2
+      - label: Belgium (europe-west1)
+        value: europe-west1
+      - label: London (europe-west2)
+        value: europe-west2
+      - label: Frankfurt (europe-west3)
+        value: europe-west3
+      - label: Zurich (europe-west6)
+        value: europe-west6
+      - label: Taiwan (asia-east1)
+        value: asia-east1
+      - label: Hong Kong (asia-east2)
+        value: asia-east2
+      - label: Tokyo (asia-northeast1)
+        value: asia-northeast1
+      - label: Osaka (asia-northeast2)
+        value: asia-northeast2
+      - label: Seoul (asia-northeast3)
+        value: asia-northeast3
+      - label: Mumbai (asia-south1)
+        value: asia-south1
+      - label: Singapore (asia-southeast1)
+        value: asia-southeast1
+      - label: Jakarta (asia-southeast2)
+        value: asia-southeast2
+      - label: Montreal (northamerica-northeast1)
+        value: northamerica-northeast1
+      - label: Sao Paulo (southamerica-east1)
+        value: southamerica-east1
+      - label: Sydney (australia-southeast1)
+        value: australia-southeast1
+    default: us-central1
+    required: true
+    immutable: true
+
+  - param: PANGEA_DOMAIN
+    label: Pangea service base domain
+    description: >
+      The base domain of where your Pangea Service is deployed. The **Domain** value can be copied from the main dashboard of the [Pangea Console](https://console.pangea.cloud).
+    type: select
+    options:
+      - label: gcp.us.pangea.cloud
+        value: gcp.us.pangea.cloud
+      - label: gcp.eu.pangea.cloud
+        value: gcp.eu.pangea.cloud
+      - label: aws.us.pangea.cloud
+        value: aws.us.pangea.cloud
+      - label: aws.eu.pangea.cloud
+        value: aws.eu.pangea.cloud
+    default: gcp.us.pangea.cloud
+    required: true
+    immutable: true
+
+  - param: PANGEA_DOMAIN_INTEL_TOKEN
+    label: Pangea Auth Token with access to the Domain Intel service
+    description: >
+      The Pangea Token to use to authenticate access to the Domain Intel service. The **Token** value can be copied from the [Domain Intel Dashboard](https://console.pangea.cloud/service/domain-intel) of the Pangea Console.
+    type: secret
+    example: pts_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+    validationRegex: "^pts_[a-z2-7]{32}$"
+    validationErrorMessage: Must be a valid Pangea Auth Token
+    required: true
+
+  - param: DOMAIN_INTEL_PROVIDER
+    label: Pangea service provider
+    description: >
+      The service provider for the Pangea Domain Intel service. Please pick either `domaintools` or `crowdstrike`
+    type: select
+    options:
+      - label: domaintools
+        value: domaintools
+      - label: crowdstrike
+        value: crowdstrike
+    default: domaintools
+    required: true
+    immutable: true
+
+  - param: COLLECTION_PATH
+    label: Collection path
+    description: >
+      What is the path to the collection that contains the domain url to be scanned?
+    example: lookup
+    validationRegex: "^[^/]+(/[^/]+/[^/]+)*$"
+    validationErrorMessage: Must be a valid Cloud Firestore Collection
+    default: lookup
+    required: true
+
+  - param: INPUT_FIELD_NAME
+    label: Input field name
+    description: >
+      What is the name of the field that contains the domain url?
+    example: domain
+    default: domain
+    required: true
+
+  - param: OUTPUT_FIELD_NAME
+    label: Response output field name
+    description: >
+      What is the name of the field where you want to store response from the Pangea Domain Intel service?
+    example: response
+    default: response
+    required: true
@@ -0,0 +1,31 @@
+module.exports = {
+  root: true,
+  env: {
+    es6: true,
+    node: true,
+  },
+  extends: [
+    "eslint:recommended",
+    "plugin:import/errors",
+    "plugin:import/warnings",
+    "plugin:import/typescript",
+    "google",
+    "plugin:@typescript-eslint/recommended",
+  ],
+  parser: "@typescript-eslint/parser",
+  parserOptions: {
+    project: ["tsconfig.json", "tsconfig.dev.json"],
+    sourceType: "module",
+  },
+  ignorePatterns: [
+    "/lib/**/*", // Ignore built files.
+  ],
+  plugins: [
+    "@typescript-eslint",
+    "import",
+  ],
+  rules: {
+    "quotes": ["error", "double"],
+    "import/no-unresolved": 0,
+  },
+};
@@ -0,0 +1,15 @@
+const packageJson = require("./package.json");
+
+module.exports = {
+  name: packageJson.name,
+  displayName: packageJson.name,
+  rootDir: "./",
+  globals: {
+    "ts-jest": {
+      tsConfig: "<rootDir>/__tests__/tsconfig.json",
+    },
+  },
+  preset: "ts-jest",
+  setupFiles: ["<rootDir>/__tests__/jest.setup.ts"],
+  testMatch: ["**/__tests__/*.test.ts"],
+};