Merge pull request #5 from polarityio/develop

v5 server compatibility update
polarityio · Jan 29, 2023 · c0d7a96 · c0d7a96
2 parents 4b0953f + 45c7604
commit c0d7a96
Show file tree

Hide file tree

Showing 20 changed files with 802 additions and 916 deletions.
diff --git a/.github/workflows/release-current-version.yml b/.github/workflows/release-current-version.yml
@@ -1,58 +1,11 @@
-# This workflow will run on merge of a PR or push to master
-# It will run the integration developement checklist and if that passes
-# creates a new release with the Release and Tag name both being the 
-# package.json version and will with a created tgz file and the SHA256 has in the release body
-
-
 name: Release Current Version
 
 on:
   push:
-    branches: [ master ]
+    branches: [ master, main ]
 
 jobs:
-  release-current-version:
-    runs-on: ubuntu-latest
-    container: 'centos:7'
-
-    steps:
-    - uses: actions/checkout@v2
-    - uses: actions/setup-node@v1
-    - name: Get NPM Version
-      id: package-version
-      uses: martinbeentjes/npm-get-version-action@95bc31c6dd3145896c110e382f840bb1e750d09c
-    - name: Create Build
-      id: create_build
-      run: |
-        npm install &&
-        cd .. && 
-        tar --exclude="./${{ github.event.repository.name }}/.git" --exclude="./${{ github.event.repository.name }}/.gitignore" --exclude="./${{ github.event.repository.name }}/package-lock.json" --exclude="./${{ github.event.repository.name }}/.github" -czvf "${{ github.event.repository.name }}-${{ steps.package-version.outputs.current-version }}.tgz" "./${{ github.event.repository.name }}" &&  
-        echo "::set-output name=build_hash::$(sha256sum '${{ github.event.repository.name }}-${{ steps.package-version.outputs.current-version }}.tgz' | grep -oE '^[^ ]*' )" &&
-        cd ${{ github.event.repository.name }}
-    - name: Polarity Integration Development Checklist
-      id: int-dev-checklist
-      uses: polarityio/polarity-integration-development-checklist@v1.0.0
-      with:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    - name: Create Versioned Release
-      id: create_versioned_release
-      uses: actions/create-release@v1
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        tag_name: ${{ steps.package-version.outputs.current-version}}
-        release_name: ${{ steps.package-version.outputs.current-version}}
-        body: |
-          SHA256: ${{ steps.create_build.outputs.build_hash }}
-        draft: false
-        prerelease: false
-    - name: Upload Release Asset
-      id: upload-release-asset 
-      uses: actions/upload-release-asset@v1
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ steps.create_versioned_release.outputs.upload_url }} 
-        asset_path: ../${{ github.event.repository.name }}-${{ steps.package-version.outputs.current-version}}.tgz
-        asset_name: ${{ github.event.repository.name }}-${{ steps.package-version.outputs.current-version}}.tgz
-        asset_content_type: application/gzip
+  Run:
+    uses: polarityio/polarity-github-actions/.github/workflows/release-server-versions-for-int-store.yml@master
+    # with: 
+      # use-integration-development-checklist: false
diff --git a/.github/workflows/run-int-dev-checklist.yml b/.github/workflows/run-int-dev-checklist.yml
@@ -1,12 +1,8 @@
-# This workflow will run on a Pull Request is created on both master develop
-# It run as series of checks from the Integration Developement Checklist
-
-
 name: Run Integration Development Checklist
 
 on:
   pull_request:
-    branches: [ master, develop ]
+    branches: [ master, main, develop ]
 
 jobs:
   run-integration-development-checklist:
@@ -19,9 +15,9 @@ jobs:
     - name: Test NPM Install
       id: test-npm-install
       run: |
-        npm install
+        npm ci
     - name: Polarity Integration Development Checklist
       id: int-dev-checklist
-      uses: polarityio/polarity-integration-development-checklist@v1.0.0
+      uses: polarityio/polarity-integration-development-checklist@main
       with:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 The MIT License
 
-Copyright (c) 2018 Breach Intelligence, Inc.
+Copyright (c) 2020 Polarity.IO, Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -18,4 +18,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+SOFTWARE.
diff --git a/README.md b/README.md
@@ -1,28 +1,26 @@
 # Polarity Palo Alto AutoFocus Integration
 
-Polarity's AutoFocus integration gives users information on hashes that have been detected in Palo Alto's AutoFocus.
+Polarity's AutoFocus integration retrieves the indicator summary contained in an AutoFocus Threat Intelligence Card.
 
 ![AutoFocus](https://user-images.githubusercontent.com/22529325/41662872-0e4ba0dc-7470-11e8-9cfa-2cfd5dc81e62.png)
 
-Please see [AutoFocus](https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/autofocus) for more information.
+Please see [AutoFocus](https://www.paloaltonetworks.com/cortex/autofocus) for more information.
 
 ## AutoFocus Integration Options
 
-### AutoFocus API Key
-
-Your AutoFocus API Key. To obtain a AutoFocus API key, you need to login to your Palo Alto account and navigate to site licenses to view your AutoFocus account. There you can find the API Key needed for AutoFocus.
-
 ### AutoFocus URL
+Base AutoFocus API URL. Defaults to https://autofocus.paloaltonetworks.com
 
-Your AutoFocus URL. The URL you use to access Palo Alto's AutoFocus.
+### AutoFocus API Key
+Your AutoFocus API Key. To obtain a AutoFocus API key, you need to login to your Palo Alto account and navigate to site licenses to view your AutoFocus account. There you can find the API Key needed for AutoFocus.
 
+### View Malware Indicators Only
+When checked, the integration will only return indicators classified by AutoFocus as "malware" to the Polarity overlay window.
 
 ## Installation Instructions
-
 Installation instructions for integrations are provided on the [PolarityIO GitHub Page](https://polarityio.github.io/).
 
 ## Polarity
-
 Polarity is a memory-augmentation platform that improves and accelerates analyst decision making.  For more information about the Polarity platform please see:
 
 https://polarity.io/
diff --git a/components/auto-block.js b/components/auto-block.js
diff --git a/components/auto-summary.js b/components/auto-summary.js
diff --git a/components/block.js b/components/block.js
@@ -0,0 +1,3 @@
+polarity.export = PolarityComponent.extend({
+    details: Ember.computed.alias('block.data.details')
+});
diff --git a/components/summary.js b/components/summary.js
@@ -0,0 +1,3 @@
+polarity.export = PolarityComponent.extend({
+    details: Ember.computed.alias('block.data.details')
+});
diff --git a/config/config.js b/config/config.js
@@ -5,7 +5,7 @@ module.exports = {
    * @type String
    * @required
    */
-  name: 'Palo Alto - AutoFocus',
+  name: 'Palo Alto AutoFocus',
   /**
    * The acronym that appears in the notification window when information from this integration
    * is displayed.  Note that the acronym is included as part of each "tag" in the summary information
@@ -15,23 +15,18 @@ module.exports = {
    * @type String
    * @required
    */
-  acronym: 'PAAF',
+  acronym: 'AUTO',
   /**
    * Description for this integration which is displayed in the Polarity integrations user interface
    *
    * @type String
    * @optional
    */
-  description: 'Hash Lookups on data that has been analyzed in AutoFocus ',
-  entityTypes: ['hash'],
-  /**
-   * An array of style files (css or less) that will be included for your integration. Any styles specified in
-   * the below files can be used in your custom template.
-   *
-   * @type Array
-   * @optional
-   */
-  styles: ['./styles/auto.less', './styles/exfoliate.less'],
+  description:
+    'AutoFocus provides instant access to the massive repository of Palo Alto Networks threat intelligence crowdsourced from the largest footprint of network, endpoint and cloud intel sources.',
+  entityTypes: ['ipv4', 'domain', 'hash'],
+  styles: ['./styles/style.less'],
+  defaultColor: 'light-pink',
   /**
    * Provide custom component logic and template for rendering the integration details block.  If you do not
    * provide a custom template and/or component then the integration will display data as a table of key value
@@ -42,36 +37,37 @@ module.exports = {
    */
   block: {
     component: {
-      file: './components/auto-block.js'
+      file: './components/block.js'
     },
     template: {
-      file: './templates/auto-block.hbs'
+      file: './templates/block.hbs'
     }
   },
   summary: {
     component: {
-      file: './components/auto-summary.js'
+      file: './components/summary.js'
     },
     template: {
-      file: './templates/auto-summary.hbs'
+      file: './templates/summary.hbs'
     }
   },
   request: {
     // Provide the path to your certFile. Leave an empty string to ignore this option.
-    // Relative paths are relative to the PAAF integration's root directory
+    // Relative paths are relative to the integration's root directory
     cert: '',
     // Provide the path to your private key. Leave an empty string to ignore this option.
-    // Relative paths are relative to the PAAF integration's root directory
+    // Relative paths are relative to the integration's root directory
     key: '',
     // Provide the key passphrase if required.  Leave an empty string to ignore this option.
-    // Relative paths are relative to the PAAF integration's root directory
+    // Relative paths are relative to the integration's root directory
     passphrase: '',
     // Provide the Certificate Authority. Leave an empty string to ignore this option.
-    // Relative paths are relative to the PAAF integration's root directory
+    // Relative paths are relative to the integration's root directory
     ca: '',
     // An HTTP proxy to be used. Supports proxy Auth with Basic Auth, identical to support for
     // the url parameter (by embedding the auth info in the uri)
     proxy: '',
+
     rejectUnauthorized: true
   },
   logging: {
@@ -86,22 +82,31 @@ module.exports = {
    */
   options: [
     {
-      key: 'apiKey',
-      name: 'API Key',
-      description: 'AutoFocus API Key.',
-      default: '',
+      key: 'url',
+      name: 'AutoFocus URL',
+      description: 'The base URL for the AutoFocus API including the schema.',
       type: 'text',
-      userCanEdit: true,
-      adminOnly: false
+      default: 'https://autofocus.paloaltonetworks.com',
+      userCanEdit: false,
+      adminOnly: true
     },
     {
-      key: 'url',
-      name: 'Palo Alto URL',
-      description: 'AutoFocus url',
+      key: 'apiKey',
+      name: 'Valid AutoFocus API Key',
+      description: 'Valid AutoFocus API Key',
       default: '',
-      type: 'text',
-      userCanEdit: true,
-      adminOnly: false
+      type: 'password',
+      userCanEdit: false,
+      adminOnly: true
+    },
+    {
+      key: 'malwareOnly',
+      name: 'View Malware Indicators Only',
+      description: 'If checked, only indicators flagged as malware will be returned',
+      default: false,
+      type: 'boolean',
+      userCanEdit: false,
+      adminOnly: true
     }
   ]
 };
diff --git a/config/config.json b/config/config.json
@@ -0,0 +1,69 @@
+{
+  "name": "Palo Alto AutoFocus",
+  "acronym": "AUTO",
+  "description": "AutoFocus provides instant access to the massive repository of Palo Alto Networks threat intelligence crowdsourced from the largest footprint of network, endpoint and cloud intel sources.",
+  "entityTypes": [
+    "ipv4",
+    "domain",
+    "hash"
+  ],
+  "styles": [
+    "./styles/style.less"
+  ],
+  "defaultColor": "light-pink",
+  "block": {
+    "component": {
+      "file": "./components/block.js"
+    },
+    "template": {
+      "file": "./templates/block.hbs"
+    }
+  },
+  "summary": {
+    "component": {
+      "file": "./components/summary.js"
+    },
+    "template": {
+      "file": "./templates/summary.hbs"
+    }
+  },
+  "request": {
+    "cert": "",
+    "key": "",
+    "passphrase": "",
+    "ca": "",
+    "proxy": ""
+  },
+  "logging": {
+    "level": "info"
+  },
+  "options": [
+    {
+      "key": "url",
+      "name": "AutoFocus URL",
+      "description": "The base URL for the AutoFocus API including the schema.",
+      "type": "text",
+      "default": "https://autofocus.paloaltonetworks.com",
+      "userCanEdit": false,
+      "adminOnly": true
+    },
+    {
+      "key": "apiKey",
+      "name": "Valid AutoFocus API Key",
+      "description": "Valid AutoFocus API Key",
+      "default": "",
+      "type": "password",
+      "userCanEdit": false,
+      "adminOnly": true
+    },
+    {
+      "key": "malwareOnly",
+      "name": "View Malware Indicators Only",
+      "description": "If checked, only indicators flagged as malware will be returned",
+      "default": false,
+      "type": "boolean",
+      "userCanEdit": false,
+      "adminOnly": true
+    }
+  ]
+}