[SOAR-18442] Rapid7 InsightIDR Snyk Vulnerability and SDK Bump (#2989)

* snyk and sdk | v10.3.4

* updating checksum

* updating list investigation description

* further description updates

plugins/rapid7_insightidr/.CHECKSUM

@@ -1,7 +1,7 @@
 {
-	"spec": "9078712b26639af9a1088755d4d0314b",
-	"manifest": "0c4bdaf85d40ddac33afeffcecdd8fda",
-	"setup": "fe63b2dcde42de314858ed48326a19f5",
+	"spec": "ef55d0eaab88354037eb0e7a0c1d5ca0",
+	"manifest": "a9dc8b0c15952a931013e92670cdf86b",
+	"setup": "8b4da6c79f36dd56dfc82e26d0009a8b",
 	"schemas": [
 		{
 			"identifier": "add_indicators_to_a_threat/schema.py",
@@ -109,7 +109,7 @@
 		},
 		{
 			"identifier": "list_investigations/schema.py",
-			"hash": "9b2cd9c5194b580b8de5221588c5bb49"
+			"hash": "cde4df172845f8378c8fa7243e60fe23"
 		},
 		{
 			"identifier": "query/schema.py",

plugins/rapid7_insightidr/Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.2.0
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.2.2
 
 LABEL organization=rapid7
 LABEL sdk=python

plugins/rapid7_insightidr/bin/komand_rapid7_insightidr

@@ -6,7 +6,7 @@ from sys import argv
 
 Name = "Rapid7 InsightIDR"
 Vendor = "rapid7"
-Version = "10.3.3"
+Version = "10.3.4"
 Description = "This plugin allows you to add indicators to a threat and see the status of investigations"
 
 

plugins/rapid7_insightidr/help.md

@@ -3,8 +3,15 @@
 This plugin allows you to add indicators to a threat and see the status of investigations
 
 # Key Features
-
-*This plugin does not contain any key features.*
+
+* System Information and Event Management
+* Endpoint Detection and Response
+* Network Traffic Analysis
+* User and Entity Behaviour Analytics
+* Cloud and Integrations
+* Embedded Threat Intelligence
+* Deception Technology
+* Incident Response and Investigations
 
 # Requirements
 
@@ -1844,20 +1851,22 @@ Example output:
 
 #### List Investigations
 
-This action is used to retrieve a page of investigations matching the given request parameters
+This action is used to retrieve a page of investigations matching the given request parameters. If there is no 
+'start_time' and 'end_time' provided, 'start_time' will  default to 28 days prior, and 'end_time' will default to the 
+current time
 
 ##### Input
 
 |Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip|
 | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
 |email|string|None|False|A user's email address, where only investigations assigned to that user will be included|None|user@example.com|None|None|
-|end_time|date|None|False|An optional-ISO formatted timestamp, where only investigations whose createTime is before this date will be returned|None|2020-06-01T12:11:13+05:30|None|None|
+|end_time|date|None|False|An optional-ISO formatted timestamp, where only investigations whose createTime is before this date will be returned. If there is no value provided, this will default to the current time|None|2020-06-01T12:11:13+05:30|None|None|
 |index|integer|0|True|Zero-based index of the page to retrieve, where value must be greater than or equal to 0|None|1|None|None|
 |priorities|[]string|None|False|A comma-separated list of investigation priorities to include in the result, where possible values are LOW, MEDIUM, HIGH, CRITICAL|None|["LOW", "MEDIUM", "HIGH", "CRITICAL"]|None|None|
 |size|integer|100|True|Amount of data for a page to retrieve, where its value must be greater than 0 and less than or equal to 100|None|100|None|None|
 |sort|string|None|False|A field for investigations to be sorted|["", "Created time Ascending", "Created time Descending", "Priority Ascending", "Priority Descending", "RRN Ascending", "RRN Descending", "Alerts most recent created time Ascending", "Alerts most recent created time Descending", "Alerts most recent detection created time Ascending", "Alerts most recent detection created time Descending", "Responsibility Ascending", "Responsibility Descending"]|Created time Ascending|None|None|
 |sources|[]string|None|False|A comma-separated list of investigation sources to include in the result, where possible values are USER, ALERT, HUNT, AUTOMATION|None|["USER","ALERT"]|None|None|
-|start_time|date|None|False|An optional ISO-formatted timestamp, where only investigations whose createTime is after this date will be returned|None|2020-06-01T12:11:13+05:30|None|None|
+|start_time|date|None|False|An optional ISO-formatted timestamp, where only investigations whose createTime is after this date will be returned. If there is no value provided this will default to 28 days prior|None|2020-06-01T12:11:13+05:30|None|None|
 |statuses|[]string|None|False|Comma-separated list of investigation statuses to include in the result. Possible values are OPEN, CLOSED, INVESTIGATING, WAITING|None|["CLOSED"]|None|None|
 
 Example input:
@@ -3392,6 +3401,7 @@ Example output:
 
 # Version History
 
+* 10.3.4 - Bumping requirements.txt | SDK bump to 6.2.2
 * 10.3.3 - Bumping requirements.txt | SDK bump to 6.2.0
 * 10.3.2 - Initial updates for fedramp compliance | Updated SDK to the latest version
 * 10.3.1 - `Advanced Query On Log / Log Set` - Fixed issue where results >500 returned none | Update SDK

plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/list_investigations/schema.py

@@ -4,7 +4,7 @@
 
 
 class Component:
-    DESCRIPTION = "Retrieve a page of investigations matching the given request parameters"
+    DESCRIPTION = "Retrieve a page of investigations matching the given request parameters. If there is no 'start_time' and 'end_time' provided, 'start_time' will  default to 28 days prior, and 'end_time' will default to the current time"
 
 
 class Input:
@@ -41,7 +41,7 @@ class ListInvestigationsInput(insightconnect_plugin_runtime.Input):
       "format": "date-time",
       "displayType": "date",
       "title": "End Time",
-      "description": "An optional-ISO formatted timestamp, where only investigations whose createTime is before this date will be returned",
+      "description": "An optional-ISO formatted timestamp, where only investigations whose createTime is before this date will be returned. If there is no value provided, this will default to the current time",
       "order": 3
     },
     "index": {
@@ -102,7 +102,7 @@ class ListInvestigationsInput(insightconnect_plugin_runtime.Input):
       "format": "date-time",
       "displayType": "date",
       "title": "Start Time",
-      "description": "An optional ISO-formatted timestamp, where only investigations whose createTime is after this date will be returned",
+      "description": "An optional ISO-formatted timestamp, where only investigations whose createTime is after this date will be returned. If there is no value provided this will default to 28 days prior",
       "order": 2
     },
     "statuses": {

plugins/rapid7_insightidr/plugin.spec.yaml

@@ -4,7 +4,7 @@ products: [insightconnect]
 name: rapid7_insightidr
 title: "Rapid7 InsightIDR"
 description: "This plugin allows you to add indicators to a threat and see the status of investigations"
-version: 10.3.3
+version: 10.3.4
 connection_version: 5
 supported_versions: ["Latest release successfully tested on 2024-09-10."]
 vendor: rapid7
@@ -22,11 +22,21 @@ hub_tags:
   use_cases: [threat_detection_and_response]
   keywords: [siem, rapid7, cloud_enabled]
   features: []
+key_features:
+  - "System Information and Event Management"
+  - "Endpoint Detection and Response"
+  - "Network Traffic Analysis"
+  - "User and Entity Behaviour Analytics"
+  - "Cloud and Integrations"
+  - "Embedded Threat Intelligence"
+  - "Deception Technology"
+  - "Incident Response and Investigations"
 sdk:
   type: full
-  version: 6.2.0
+  version: 6.2.2
   user: nobody
 version_history:
+  - "10.3.4 - Bumping requirements.txt | SDK bump to 6.2.2"
   - "10.3.3 - Bumping requirements.txt | SDK bump to 6.2.0"
   - "10.3.2 - Initial updates for fedramp compliance | Updated SDK to the latest version"
   - "10.3.1 - `Advanced Query On Log / Log Set` - Fixed issue where results >500 returned none | Update SDK"
@@ -1369,7 +1379,7 @@ actions:
         example: {"name": "bad-virus","note": "test","published": False,"indicator_count": 2}
   list_investigations:
     title: List Investigations
-    description: Retrieve a page of investigations matching the given request parameters
+    description: Retrieve a page of investigations matching the given request parameters. If there is no 'start_time' and 'end_time' provided, 'start_time' will  default to 28 days prior, and 'end_time' will default to the current time
     input:
       statuses:
         title: Statuses
@@ -1379,13 +1389,13 @@ actions:
         example: ["CLOSED"]
       start_time:
         title: Start Time
-        description: An optional ISO-formatted timestamp, where only investigations whose createTime is after this date will be returned
+        description: An optional ISO-formatted timestamp, where only investigations whose createTime is after this date will be returned. If there is no value provided this will default to 28 days prior
         type: date
         required: false
         example: "2020-06-01T12:11:13+05:30"
       end_time:
         title: End Time
-        description: An optional-ISO formatted timestamp, where only investigations whose createTime is before this date will be returned
+        description: An optional-ISO formatted timestamp, where only investigations whose createTime is before this date will be returned. If there is no value provided, this will default to the current time
         type: date
         required: false
         example: "2020-06-01T12:11:13+05:30"

plugins/rapid7_insightidr/requirements.txt

@@ -3,5 +3,5 @@
 # See: https://pip.pypa.io/en/stable/user_guide/#requirements-files
 python-dateutil==2.9.0
 validators==0.34.0
-aiohttp==3.11.6
+aiohttp==3.11.10
 parameterized==0.8.1

plugins/rapid7_insightidr/setup.py

@@ -3,7 +3,7 @@
 
 
 setup(name="rapid7_insightidr-rapid7-plugin",
-      version="10.3.3",
+      version="10.3.4",
       description="This plugin allows you to add indicators to a threat and see the status of investigations",
       author="rapid7",
       author_email="",