diff --git a/.gitignore b/.gitignore index 496ee2c..1929595 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,4 @@ -.DS_Store \ No newline at end of file +.DS_Store +__pycache__/ +*.pyc +output/ \ No newline at end of file diff --git a/TA-microsoft-graph-security-score/README/inputs.conf.spec b/TA-microsoft-graph-security-score/README/inputs.conf.spec index 212b3eb..6d57800 100644 --- a/TA-microsoft-graph-security-score/README/inputs.conf.spec +++ b/TA-microsoft-graph-security-score/README/inputs.conf.spec @@ -1,4 +1,6 @@ [graph_security_score_input://] +interval = +index = azure_ad_tenant_id = Azure Tenant ID application_id = Application ID client_secret = Client Secret diff --git a/TA-microsoft-graph-security-score/README/ta_microsoft_graph_security_score_settings.conf.spec b/TA-microsoft-graph-security-score/README/ta_microsoft_graph_security_score_settings.conf.spec index d8a2e33..6a7ab97 100644 --- a/TA-microsoft-graph-security-score/README/ta_microsoft_graph_security_score_settings.conf.spec +++ b/TA-microsoft-graph-security-score/README/ta_microsoft_graph_security_score_settings.conf.spec @@ -1,2 +1,11 @@ +[proxy] +proxy_enabled = +proxy_type = +proxy_url = +proxy_port = +proxy_username = +proxy_password = +proxy_rdns = + [logging] -loglevel = DEBUG|INFO|WARNING|ERROR|CRITICAL +loglevel = \ No newline at end of file diff --git a/TA-microsoft-graph-security-score/VERSION b/TA-microsoft-graph-security-score/VERSION new file mode 100644 index 0000000..c9454e9 --- /dev/null +++ b/TA-microsoft-graph-security-score/VERSION @@ -0,0 +1,2 @@ +1.2.0 +1.2.0 \ No newline at end of file diff --git a/TA-microsoft-graph-security-score/app.manifest b/TA-microsoft-graph-security-score/app.manifest index eeb793a..24bd470 100644 --- a/TA-microsoft-graph-security-score/app.manifest +++ b/TA-microsoft-graph-security-score/app.manifest @@ -1,62 +1,59 @@ { - "schemaVersion": "2.0.0", - "info": { - "title": "Microsoft Graph Security Score Add-on", - "id": { - "group": null, - "name": "TA-microsoft-graph-security-score", - "version": "1.1.1" + "dependencies": {}, + "incompatibleApps": {}, + "info": { + "author": [ + { + "company": null, + "email": null, + "name": "CrossRealms International" + } + ], + "classification": { + "categories": [], + "developmentStatus": null, + "intendedAudience": null + }, + "commonInformationModels": null, + "description": "This Add-on pulls secure score from Microsoft Graph Security API.", + "id": { + "group": null, + "name": "TA-microsoft-graph-security-score", + "version": "1.2.0" + }, + "license": { + "name": null, + "text": null, + "uri": null + }, + "privacyPolicy": { + "name": null, + "text": null, + "uri": null + }, + "releaseDate": null, + "releaseNotes": { + "name": null, + "text": null, + "uri": null + }, + "title": "Microsoft Graph Security Score Add-on" }, - "author": [ - { - "name": "CrossRealms International", - "email": null, - "company": null - } - ], - "releaseDate": null, - "description": "This Add-on pulls secure score from Microsoft Graph Security API.", - "classification": { - "intendedAudience": null, - "categories": [], - "developmentStatus": null - }, - "commonInformationModels": null, - "license": { - "name": null, - "text": null, - "uri": null - }, - "privacyPolicy": { - "name": null, - "text": null, - "uri": null + "inputGroups": {}, + "platformRequirements": { + "splunk": { + "Enterprise": "*" + } }, - "releaseNotes": { - "name": null, - "text": null, - "uri": null - } - }, - "dependencies": { - }, - "tasks": [], - "inputGroups": { - }, - "incompatibleApps": { - }, - "supportedDeployments": [ - "_standalone", - "_distributed", - "_search_head_clustering" - ], - "platformRequirements": { - "splunk": { - "Enterprise": "*" - } - }, - "targetWorkloads": [ - "_search_heads", - "_forwarders" - ] + "schemaVersion": "2.0.0", + "supportedDeployments": [ + "_standalone", + "_distributed", + "_search_head_clustering" + ], + "targetWorkloads": [ + "_search_heads", + "_forwarders" + ], + "tasks": [] } \ No newline at end of file diff --git a/TA-microsoft-graph-security-score/appserver/static/js/build/globalConfig.json b/TA-microsoft-graph-security-score/appserver/static/js/build/globalConfig.json index 9e5d4d8..291b1ff 100644 --- a/TA-microsoft-graph-security-score/appserver/static/js/build/globalConfig.json +++ b/TA-microsoft-graph-security-score/appserver/static/js/build/globalConfig.json @@ -2,7 +2,7 @@ "meta": { "name": "TA-microsoft-graph-security-score", "displayName": "Microsoft Graph Security Score Add-on", - "version": "1.1.1R6797276", + "version": "1.2.0", "apiVersion": "5.28.1", "restRoot": "TA_microsoft_graph_security_score", "schemaVersion": "2.0.0", diff --git a/TA-microsoft-graph-security-score/appserver/static/openapi.json b/TA-microsoft-graph-security-score/appserver/static/openapi.json index 4e8789f..d3ab395 100644 --- a/TA-microsoft-graph-security-score/appserver/static/openapi.json +++ b/TA-microsoft-graph-security-score/appserver/static/openapi.json @@ -2,7 +2,7 @@ "openapi": "3.0.0", "info": { "title": "TA-microsoft-graph-security-score", - "version": "1.1.1R6797276", + "version": "1.2.0", "description": "Microsoft Graph Security Score Add-on", "contact": { "name": "CrossRealms International" diff --git a/TA-microsoft-graph-security-score/bin/TA_microsoft_graph_security_score_rh_graph_security_score_input.py b/TA-microsoft-graph-security-score/bin/TA_microsoft_graph_security_score_rh_graph_security_score_input.py old mode 100755 new mode 100644 index d80e332..7f49961 --- a/TA-microsoft-graph-security-score/bin/TA_microsoft_graph_security_score_rh_graph_security_score_input.py +++ b/TA-microsoft-graph-security-score/bin/TA_microsoft_graph_security_score_rh_graph_security_score_input.py @@ -1,5 +1,5 @@ -import ta_microsoft_graph_security_score_declare +import import_declare_test from splunktaucclib.rest_handler.endpoint import ( field, @@ -8,7 +8,8 @@ DataInputModel, ) from splunktaucclib.rest_handler import admin_external, util -from splunk_aoblib.rest_migration import ConfigMigrationHandler +from splunktaucclib.rest_handler.admin_external import AdminExternalHandler +import logging util.remove_http_proxy_env_vars() @@ -29,8 +30,8 @@ encrypted=False, default='default', validator=validator.String( - min_len=1, max_len=80, + min_len=1, ) ), field.RestField( @@ -39,8 +40,8 @@ encrypted=False, default=None, validator=validator.String( - min_len=0, max_len=8192, + min_len=0, ) ), field.RestField( @@ -49,8 +50,8 @@ encrypted=False, default=None, validator=validator.String( - min_len=0, max_len=8192, + min_len=0, ) ), field.RestField( @@ -59,8 +60,8 @@ encrypted=True, default=None, validator=validator.String( - min_len=0, max_len=8192, + min_len=0, ) ), @@ -82,7 +83,8 @@ if __name__ == '__main__': + logging.getLogger().addHandler(logging.NullHandler()) admin_external.handle( endpoint, - handler=ConfigMigrationHandler, + handler=AdminExternalHandler, ) diff --git a/TA-microsoft-graph-security-score/bin/TA_microsoft_graph_security_score_rh_settings.py b/TA-microsoft-graph-security-score/bin/TA_microsoft_graph_security_score_rh_settings.py old mode 100755 new mode 100644 index 5ec959b..ba5ca86 --- a/TA-microsoft-graph-security-score/bin/TA_microsoft_graph_security_score_rh_settings.py +++ b/TA-microsoft-graph-security-score/bin/TA_microsoft_graph_security_score_rh_settings.py @@ -1,5 +1,5 @@ -import ta_microsoft_graph_security_score_declare +import import_declare_test from splunktaucclib.rest_handler.endpoint import ( field, @@ -8,11 +8,78 @@ MultipleModel, ) from splunktaucclib.rest_handler import admin_external, util -from splunk_aoblib.rest_migration import ConfigMigrationHandler +from splunktaucclib.rest_handler.admin_external import AdminExternalHandler +import logging util.remove_http_proxy_env_vars() +fields_proxy = [ + field.RestField( + 'proxy_enabled', + required=False, + encrypted=False, + default=None, + validator=None + ), + field.RestField( + 'proxy_type', + required=False, + encrypted=False, + default='http', + validator=None + ), + field.RestField( + 'proxy_url', + required=False, + encrypted=False, + default=None, + validator=validator.String( + max_len=4096, + min_len=0, + ) + ), + field.RestField( + 'proxy_port', + required=False, + encrypted=False, + default=None, + validator=validator.Number( + max_val=65535, + min_val=1, + ) + ), + field.RestField( + 'proxy_username', + required=False, + encrypted=False, + default=None, + validator=validator.String( + max_len=50, + min_len=0, + ) + ), + field.RestField( + 'proxy_password', + required=False, + encrypted=True, + default=None, + validator=validator.String( + max_len=8192, + min_len=0, + ) + ), + field.RestField( + 'proxy_rdns', + required=False, + encrypted=False, + default=None, + validator=None + ) +] +model_proxy = RestModel(fields_proxy, name='proxy') + + fields_logging = [ field.RestField( 'loglevel', @@ -28,13 +95,15 @@ endpoint = MultipleModel( 'ta_microsoft_graph_security_score_settings', models=[ + model_proxy, model_logging ], ) if __name__ == '__main__': + logging.getLogger().addHandler(logging.NullHandler()) admin_external.handle( endpoint, - handler=ConfigMigrationHandler, + handler=AdminExternalHandler, ) diff --git a/TA-microsoft-graph-security-score/bin/graph_security_score_input.py b/TA-microsoft-graph-security-score/bin/graph_security_score_input.py old mode 100755 new mode 100644 index 7547d79..7c3ce5d --- a/TA-microsoft-graph-security-score/bin/graph_security_score_input.py +++ b/TA-microsoft-graph-security-score/bin/graph_security_score_input.py @@ -1,98 +1,64 @@ -import ta_microsoft_graph_security_score_declare +import import_declare_test -import os import sys -import time -import datetime import json -import modinput_wrapper.base_modinput from splunklib import modularinput as smi - - import input_module_graph_security_score_input as input_module -bin_dir = os.path.basename(__file__) -''' - Do not edit this file!!! - This file is generated by Add-on builder automatically. - Add your modular input logic to file input_module_graph_security_score_input.py -''' -class ModInputgraph_security_score_input(modinput_wrapper.base_modinput.BaseModInput): +class GRAPH_SECURITY_SCORE_INPUT(smi.Script): def __init__(self): - if 'use_single_instance_mode' in dir(input_module): - use_single_instance = input_module.use_single_instance_mode() - else: - use_single_instance = False - super(ModInputgraph_security_score_input, self).__init__("ta_microsoft_graph_security_score", "graph_security_score_input", use_single_instance) - self.global_checkbox_fields = None + super(GRAPH_SECURITY_SCORE_INPUT, self).__init__() def get_scheme(self): - """overloaded splunklib modularinput method""" - scheme = super(ModInputgraph_security_score_input, self).get_scheme() - scheme.title = ("Graph Security Score Input") - scheme.description = ("Go to the add-on\'s configuration UI and configure modular inputs under the Inputs menu.") + scheme = smi.Scheme('graph_security_score_input') + scheme.description = 'Graph Security Score Input' scheme.use_external_validation = True scheme.streaming_mode_xml = True - - scheme.add_argument(smi.Argument("name", title="Name", - description="", - required_on_create=True)) - - """ - For customized inputs, hard code the arguments here to hide argument detail from users. - For other input types, arguments should be get from input_module. Defining new input types could be easier. - """ - scheme.add_argument(smi.Argument("azure_ad_tenant_id", title="Azure AD Tenant ID", - description="", - required_on_create=True, - required_on_edit=False)) - scheme.add_argument(smi.Argument("application_id", title="Application Id", - description="", - required_on_create=True, - required_on_edit=False)) - scheme.add_argument(smi.Argument("client_secret", title="Client Secret", - description="", - required_on_create=True, - required_on_edit=False)) + scheme.use_single_instance = False + + scheme.add_argument( + smi.Argument( + 'name', + title='Name', + description='Name', + required_on_create=True + ) + ) + + scheme.add_argument( + smi.Argument( + 'azure_ad_tenant_id', + required_on_create=True, + ) + ) + + scheme.add_argument( + smi.Argument( + 'application_id', + required_on_create=True, + ) + ) + + scheme.add_argument( + smi.Argument( + 'client_secret', + required_on_create=True, + ) + ) + return scheme - def get_app_name(self): - return "TA-microsoft-graph-security-score" - def validate_input(self, definition): - """validate the input stanza""" input_module.validate_input(self, definition) - def collect_events(self, ew): - """write out the events""" + def stream_events(self, inputs, ew): input_module.collect_events(self, ew) - def get_account_fields(self): - account_fields = [] - return account_fields - - def get_checkbox_fields(self): - checkbox_fields = [] - return checkbox_fields - - def get_global_checkbox_fields(self): - if self.global_checkbox_fields is None: - checkbox_name_file = os.path.join(bin_dir, 'global_checkbox_param.json') - try: - if os.path.isfile(checkbox_name_file): - with open(checkbox_name_file, 'r') as fp: - self.global_checkbox_fields = json.load(fp) - else: - self.global_checkbox_fields = [] - except Exception as e: - self.log_error('Get exception when loading global checkbox parameter names. ' + str(e)) - self.global_checkbox_fields = [] - return self.global_checkbox_fields -if __name__ == "__main__": - exitcode = ModInputgraph_security_score_input().run(sys.argv) - sys.exit(exitcode) +if __name__ == '__main__': + exit_code = GRAPH_SECURITY_SCORE_INPUT().run(sys.argv) + sys.exit(exit_code) \ No newline at end of file diff --git a/TA-microsoft-graph-security-score/bin/import_declare_test.py b/TA-microsoft-graph-security-score/bin/import_declare_test.py new file mode 100644 index 0000000..f0adf93 --- /dev/null +++ b/TA-microsoft-graph-security-score/bin/import_declare_test.py @@ -0,0 +1,12 @@ + +import os +import sys +import re +from os.path import dirname + +ta_name = 'TA-microsoft-graph-security-score' +pattern = re.compile(r'[\\/]etc[\\/]apps[\\/][^\\/]+[\\/]bin[\\/]?$') +new_paths = [path for path in sys.path if not pattern.search(path) or ta_name in path] +new_paths.insert(0, os.path.join(dirname(dirname(__file__)), "lib")) +new_paths.insert(0, os.path.sep.join([os.path.dirname(__file__), ta_name])) +sys.path = new_paths diff --git a/TA-microsoft-graph-security-score/bin/ta_microsoft_graph_security_score_declare.py b/TA-microsoft-graph-security-score/bin/ta_microsoft_graph_security_score_declare.py deleted file mode 100755 index 9c919f7..0000000 --- a/TA-microsoft-graph-security-score/bin/ta_microsoft_graph_security_score_declare.py +++ /dev/null @@ -1,23 +0,0 @@ -# encode = utf-8 - -""" -This module is used to filter and reload PATH. -This file is genrated by Splunk add-on builder -""" - -import os -import sys -import re - -if sys.version_info[0] < 3: - py_version = "aob_py2" -else: - py_version = "aob_py3" - -ta_name = 'TA-microsoft-graph-security-score' -ta_lib_name = 'ta_microsoft_graph_security_score' -pattern = re.compile(r"[\\/]etc[\\/]apps[\\/][^\\/]+[\\/]bin[\\/]?$") -new_paths = [path for path in sys.path if not pattern.search(path) or ta_name in path] -new_paths.insert(0, os.path.sep.join([os.path.dirname(__file__), ta_lib_name])) -new_paths.insert(0, os.path.sep.join([os.path.dirname(__file__), ta_lib_name, py_version])) -sys.path = new_paths \ No newline at end of file diff --git a/TA-microsoft-graph-security-score/default/app.conf b/TA-microsoft-graph-security-score/default/app.conf index 88dc6f2..42ad901 100644 --- a/TA-microsoft-graph-security-score/default/app.conf +++ b/TA-microsoft-graph-security-score/default/app.conf @@ -1,27 +1,25 @@ -# this add-on is powered by splunk Add-on builder -[install] -state_change_requires_restart = false -is_configured = 0 -state = enabled -build = 1 - [launcher] -author = CrossRealms International -version = 1.1.1 +version = 1.2.0 description = This Add-on pulls secure score from Microsoft Graph Security API. +author = CrossRealms International -[ui] -is_visible = 1 -label = Microsoft Graph Security Score Add-on -docs_section_override = AddOns:released +[id] +version = 1.2.0 +name = TA-microsoft-graph-security-score + +[install] +build = 1722514962 +is_configured = false +state = enabled [package] id = TA-microsoft-graph-security-score -check_for_updates = 1 +check_for_updates = true + +[ui] +label = Microsoft Graph Security Score Add-on +is_visible = true [triggers] -reload.addon_builder = simple -reload.ta_microsoft_graph_security_score_account = simple reload.ta_microsoft_graph_security_score_settings = simple -reload.passwords = simple diff --git a/TA-microsoft-graph-security-score/default/data/ui/views/configuration.xml b/TA-microsoft-graph-security-score/default/data/ui/views/configuration.xml index 85e42a6..0645fa8 100644 --- a/TA-microsoft-graph-security-score/default/data/ui/views/configuration.xml +++ b/TA-microsoft-graph-security-score/default/data/ui/views/configuration.xml @@ -1,4 +1,4 @@ - - + + diff --git a/TA-microsoft-graph-security-score/default/data/ui/views/inputs.xml b/TA-microsoft-graph-security-score/default/data/ui/views/inputs.xml index cf37642..9916014 100644 --- a/TA-microsoft-graph-security-score/default/data/ui/views/inputs.xml +++ b/TA-microsoft-graph-security-score/default/data/ui/views/inputs.xml @@ -1,4 +1,4 @@ - - + + diff --git a/TA-microsoft-graph-security-score/default/inputs.conf b/TA-microsoft-graph-security-score/default/inputs.conf index 80c6b1a..532f7cf 100644 --- a/TA-microsoft-graph-security-score/default/inputs.conf +++ b/TA-microsoft-graph-security-score/default/inputs.conf @@ -1,7 +1,5 @@ [graph_security_score_input] -start_by_shell = false python.version = python3 sourcetype = GraphSecurity:Score interval = 7200 -disabled = 0 diff --git a/TA-microsoft-graph-security-score/default/server.conf b/TA-microsoft-graph-security-score/default/server.conf new file mode 100644 index 0000000..c70f97e --- /dev/null +++ b/TA-microsoft-graph-security-score/default/server.conf @@ -0,0 +1,3 @@ +[shclustering] +conf_replication_include.ta_microsoft_graph_security_score_settings = true + diff --git a/TA-microsoft-graph-security-score/default/ta_microsoft_graph_security_score_settings.conf b/TA-microsoft-graph-security-score/default/ta_microsoft_graph_security_score_settings.conf index 7cef69e..994d290 100644 --- a/TA-microsoft-graph-security-score/default/ta_microsoft_graph_security_score_settings.conf +++ b/TA-microsoft-graph-security-score/default/ta_microsoft_graph_security_score_settings.conf @@ -1,2 +1,11 @@ -[logging] +[proxy] +proxy_enabled = +proxy_type = http +proxy_url = +proxy_port = +proxy_username = +proxy_password = +proxy_rdns = +[logging] +loglevel = INFO \ No newline at end of file diff --git a/TA-microsoft-graph-security-score/default/web.conf b/TA-microsoft-graph-security-score/default/web.conf index f177790..a56bb0c 100644 --- a/TA-microsoft-graph-security-score/default/web.conf +++ b/TA-microsoft-graph-security-score/default/web.conf @@ -14,7 +14,3 @@ methods = POST, GET [expose:TA_microsoft_graph_security_score_graph_security_score_input_specified] pattern = TA_microsoft_graph_security_score_graph_security_score_input/* methods = POST, GET, DELETE - -[expose:_splunkd_data] -pattern = data/* -methods = GET