Skip to content

Commit

Permalink
All violations fixed
Browse files Browse the repository at this point in the history
  • Loading branch information
@cmcnally-r7
cmcnally-r7 committed Oct 11, 2023
1 parent c30312d commit 5f942e7
Showing 1 changed file with 25 additions and 25 deletions.
50 changes: 25 additions & 25 deletions plugins/rapid7_insightidr/help.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,12 +56,12 @@ Add InsightIDR threat indicators to a threat with the given threat key

|Name|Type|Default|Required|Description|Enum|Example|
| :--- | :--- | :--- | :--- | :--- | :--- | :--- |
|domain_names|[]string|None|False|Domain names to add. e.g. ["rapid7.com","google.com"]|None|['rapid7.com', 'google.com']|
|hashes|[]string|None|False|Process hashes to add. e.g. ["A94A8FE5CCB19BA61C4C0873D391E987982FBBD3","C3499C2729730A7F807EFB8676A92DCB6F8A3F8F"]|None|['A94A8FE5CCB19BA61C4C0873D391E987982FBBD3', 'C3499C2729730A7F807EFB8676A92DCB6F8A3F8F']|
|ips|[]string|None|False|IP addresses to add. e.g. ["10.0.0.1","10.0.0.2"]|None|['10.0.0.1', '10.0.0.2']|
|domain_names|[]string|None|False|Domain names to add. e.g. ["rapid7.com","google.com"]|None|["rapid7.com", "google.com"]|
|hashes|[]string|None|False|Process hashes to add. e.g. ["A94A8FE5CCB19BA61C4C0873D391E987982FBBD3","C3499C2729730A7F807EFB8676A92DCB6F8A3F8F"]|None|["A94A8FE5CCB19BA61C4C0873D391E987982FBBD3", "C3499C2729730A7F807EFB8676A92DCB6F8A3F8F"]|
|ips|[]string|None|False|IP addresses to add. e.g. ["10.0.0.1","10.0.0.2"]|None|["10.0.0.1", "10.0.0.2"]|
|key|string|None|True|The key of a threat for which the indicators are going to be added. e.g. c9404e11-b81a-429d-9400-05c531f229c3|None|c9404e11-b81a-429d-9400-05c531f229c3|
|urls|[]string|None|False|URLs to add. e.g. ["https://example.com","https://test.com"]|None|['https://example.com', 'https://test.com']|
|urls|[]string|None|False|URLs to add. e.g. ["https://example.com","https://test.com"]|None|["https://example.com", "https://test.com"]|

Example input:

```
Expand Down Expand Up @@ -90,7 +90,7 @@ Example input:

|Name|Type|Required|Description|Example|
| :--- | :--- | :--- | :--- | :--- |
|rejected_indicators|[]string|False|The list of indicators that have been rejected during the update|['https://example.com', 'https://test.com']|
|rejected_indicators|[]string|False|The list of indicators that have been rejected during the update|["https://example.com", "https://test.com"]|
|threat|threat|False|The information about the threat|{'name': 'Contributing Collaborative Threat: Flagged Malicious', 'published': False, 'indicator_count': 13}|

Example output:
Expand Down Expand Up @@ -141,8 +141,8 @@ Example input:
|Name|Type|Required|Description|Example|
| :--- | :--- | :--- | :--- | :--- |
|count|integer|True|Number of log entries found|10|
|results|[]events|True|Query Results|[{'labels': [], 'timestamp': 1601598638768, 'sequence_number': 123456789123456789, 'log_id': '64z0f0p9-1a99-4501-xe36-a6d03687f313', 'message': {'timestamp': '2020-10-02T00:29:14.649Z', 'destination_asset': 'iagent-win7', 'source_asset_address': '192.168.100.50', 'destination_asset_address': 'example-host', 'destination_local_account': 'user', 'logon_type': 'NETWORK', 'result': 'SUCCESS', 'new_authentication': 'false', 'service': 'ntlmssp ', 'source_json': {'sourceName': 'Microsoft-Windows-Security-Auditing', 'insertionStrings': ['S-1-0-0', '-', '-', '0x0', 'X-X-X-XXXXXXXXXXX', 'user@example.com', 'example-host', '0x204f163c', '3', 'NtLmSsp ', 'NTLM', '', '{00000000-0000-0000-0000-000000000000}', '-', 'NTLM V2', '128', '0x0', '-', '192.168.50.1', '59090'], 'eventCode': 4624, 'computerName': 'example-host', 'sid': '', 'isDomainController': False, 'eventData': None, 'timeWritten': '2020-10-02T00:29:13.670722000Z'}}, 'links': [{'rel': 'Context', 'href': 'https://us.api.insight.rapid7.com/log_search/query/context/xxxx'}], 'sequence_number_str': '123456789123456789'}]|
|results|[]events|True|Query Results|[{"labels": [], "timestamp": 1601598638768, "sequence_number": 123456789123456789, "log_id": "64z0f0p9-1a99-4501-xe36-a6d03687f313", "message": {"timestamp": "2020-10-02T00:29:14.649Z", "destination_asset": "iagent-win7", "source_asset_address": "192.168.100.50", "destination_asset_address": "example-host", "destination_local_account": "user", "logon_type": "NETWORK", "result": "SUCCESS", "new_authentication": "false", "service": "ntlmssp ", "source_json": {"sourceName": "Microsoft-Windows-Security-Auditing", "insertionStrings": ["S-1-0-0", "-", "-", "0x0", "X-X-X-XXXXXXXXXXX", "user@example.com", "example-host", "0x204f163c", "3", "NtLmSsp ", "NTLM", "", "{00000000-0000-0000-0000-000000000000}", "-", "NTLM V2", "128", "0x0", "-", "192.168.50.1", "59090"], "eventCode": 4624, "computerName": "example-host", "sid": "", "isDomainController": False, "eventData": None, "timeWritten": "2020-10-02T00:29:13.670722000Z"}}, "links": [{"rel": "Context", "href": "https://us.api.insight.rapid7.com/log_search/query/context/xxxx"}], "sequence_number_str": "123456789123456789"}]|

Example output:

```
Expand Down Expand Up @@ -239,8 +239,8 @@ Example input:
|Name|Type|Required|Description|Example|
| :--- | :--- | :--- | :--- | :--- |
|count|integer|True|Number of log entries found|10|
|results|[]events|True|Query Results|[{'labels': [], 'timestamp': 1601598638768, 'sequence_number': 123456789123456789, 'log_id': '64z0f0p9-1a99-4501-xe36-a6d03687f313', 'message': {'timestamp': '2020-10-02T00:29:14.649Z', 'destination_asset': 'iagent-win7', 'source_asset_address': '192.168.100.50', 'destination_asset_address': 'example-host', 'destination_local_account': 'user', 'logon_type': 'NETWORK', 'result': 'SUCCESS', 'new_authentication': 'false', 'service': 'ntlmssp ', 'source_json': {'sourceName': 'Microsoft-Windows-Security-Auditing', 'insertionStrings': ['S-1-0-0', '-', '-', '0x0', 'X-X-X-XXXXXXXXXXX', 'user@example.com', 'example-host', '0x204f163c', '3', 'NtLmSsp ', 'NTLM', '', '{00000000-0000-0000-0000-000000000000}', '-', 'NTLM V2', '128', '0x0', '-', '192.168.50.1', '59090'], 'eventCode': 4624, 'computerName': 'example-host', 'sid': '', 'isDomainController': False, 'eventData': None, 'timeWritten': '2020-10-02T00:29:13.670722000Z'}}, 'links': [{'rel': 'Context', 'href': 'https://us.api.insight.rapid7.com/log_search/query/context/xxxx'}], 'sequence_number_str': '123456789123456789'}]|
|results|[]events|True|Query Results|[{"labels": [], "timestamp": 1601598638768, "sequence_number": 123456789123456789, "log_id": "64z0f0p9-1a99-4501-xe36-a6d03687f313", "message": {"timestamp": "2020-10-02T00:29:14.649Z", "destination_asset": "iagent-win7", "source_asset_address": "192.168.100.50", "destination_asset_address": "example-host", "destination_local_account": "user", "logon_type": "NETWORK", "result": "SUCCESS", "new_authentication": "false", "service": "ntlmssp ", "source_json": {"sourceName": "Microsoft-Windows-Security-Auditing", "insertionStrings": ["S-1-0-0", "-", "-", "0x0", "X-X-X-XXXXXXXXXXX", "user@example.com", "example-host", "0x204f163c", "3", "NtLmSsp ", "NTLM", "", "{00000000-0000-0000-0000-000000000000}", "-", "NTLM V2", "128", "0x0", "-", "192.168.50.1", "59090"], "eventCode": 4624, "computerName": "example-host", "sid": "", "isDomainController": False, "eventData": None, "timeWritten": "2020-10-02T00:29:13.670722000Z"}}, "links": [{"rel": "Context", "href": "https://us.api.insight.rapid7.com/log_search/query/context/xxxx"}], "sequence_number_str": "123456789123456789"}]|

Example output:

```
Expand Down Expand Up @@ -386,7 +386,7 @@ Example input:

|Name|Type|Required|Description|Example|
| :--- | :--- | :--- | :--- | :--- |
|ids|[]string|True|The IDs of the investigations that were closed by the request|['6c7db8d1-abc5-b9da-dd71-1a3ffffe8a16']|
|ids|[]string|True|The IDs of the investigations that were closed by the request|["6c7db8d1-abc5-b9da-dd71-1a3ffffe8a16"]|
|num_closed|integer|True|The number of investigations closed by the request|10|

Example output:
Expand All @@ -409,7 +409,7 @@ certain types of RRNs are permitted as targets, such as investigation RRNs

|Name|Type|Default|Required|Description|Enum|Example|
| :--- | :--- | :--- | :--- | :--- | :--- | :--- |
|attachments|[]string|None|False|An array of attachment RRNs to associate with the comment|None|['rrn:collaboration:us:01234567-89ab-cdef-0000-123123123123:attachment:ABCDEF543210']|
|attachments|[]string|None|False|An array of attachment RRNs to associate with the comment|None|["rrn:collaboration:us:01234567-89ab-cdef-0000-123123123123:attachment:ABCDEF543210"]|
|body|string|None|False|The body of the comment|None|Example comment|
|target|string|None|True|The target of the comment, which determines where it will appear within InsightIDR|None|rrn:investigation:us:01234567-89ab-cdef-0000-123123123123:investigation:ABCDEF543210|

Expand Down Expand Up @@ -529,7 +529,7 @@ Create a private InsightIDR threat and add indicators to this threat

|Name|Type|Default|Required|Description|Enum|Example|
| :--- | :--- | :--- | :--- | :--- | :--- | :--- |
|indicators|[]string|None|True|Add indicators to new threat in InsightIDR. Accept IP addresses, process hashes (SHA1, MD5, SHA256), domain names, URLs|None|['example.com', '10.0.0.1']|
|indicators|[]string|None|True|Add indicators to new threat in InsightIDR. Accept IP addresses, process hashes (SHA1, MD5, SHA256), domain names, URLs|None|["example.com", "10.0.0.1"]|
|note_text|string|Threat created via InsightConnect|False|Note text of created threat|None|Threat created via InsightConnect|
|threat_name|string|None|True|Name of created threat|None|Threat created via InsightConnect|

Expand All @@ -549,7 +549,7 @@ Example input:

|Name|Type|Required|Description|Example|
| :--- | :--- | :--- | :--- | :--- |
|rejected_indicators|[]string|True|Rejected indicators in new threat|['example.com', '10.0.0.1']|
|rejected_indicators|[]string|True|Rejected indicators in new threat|["example.com", "10.0.0.1"]|
|threat|threat|True|The information about the new threat|{'name': 'Threat created via InsightConnect', 'note': 'Threat created via InsightConnect', 'published': False, 'indicator_count': 2}|

Example output:
Expand Down Expand Up @@ -852,8 +852,8 @@ Retrieve all saved InsightIDR LEQL queries

|Name|Type|Required|Description|Example|
| :--- | :--- | :--- | :--- | :--- |
|saved_queries|[]query|True|Saved LEQL queries|[{'id': '00000000-0000-9eec-0000-000000000000', 'leql': {'during': {'from': None, 'time_range': 'yesterday', 'to': None}, 'statement': 'where(931dde6c60>=800)'}, 'logs': ['31a4d56e-460e-460f-9542-c2bc8edd7c6b'], 'name': 'Large Values Yesterday'}]|
|saved_queries|[]query|True|Saved LEQL queries|[{"id": "00000000-0000-9eec-0000-000000000000", "leql": {"during": {"from": None, "time_range": "yesterday", "to": None}, "statement": "where(931dde6c60>=800)"}, "logs": ["31a4d56e-460e-460f-9542-c2bc8edd7c6b"], "name": "Large Values Yesterday"}]|

Example output:

```
Expand Down Expand Up @@ -1072,7 +1072,7 @@ Example input:

|Name|Type|Required|Description|Example|
| :--- | :--- | :--- | :--- | :--- |
|alerts|[]alert|True|A list of alerts associated with the investigation|[{'alert_type': 'Example Type', 'alert_type_description': 'Example Description', 'created_time': '01-01-2020T00:00:00', 'detection_rule_rrn': 'rrn:example', 'first_event_time': '01-01-2020T00:00:00', 'id': '11111111-1111-1111-1111-111111111111', 'latest_event_time': '01-01-2020T00:00:00', 'title': 'Example Title'}]|
|alerts|[]alert|True|A list of alerts associated with the investigation|[{"alert_type": "Example Type", "alert_type_description": "Example Description", "created_time": "01-01-2020T00:00:00", "detection_rule_rrn": "rrn:example", "first_event_time": "01-01-2020T00:00:00", "id": "11111111-1111-1111-1111-111111111111", "latest_event_time": "01-01-2020T00:00:00", "title": "Example Title"}]|
|metadata|investigation_metadata|True|The pagination parameters used to generate this page result|{'index': 0, 'size': 1, 'total_data': 1, 'total_pages': 1}|

Example output:
Expand Down Expand Up @@ -1124,7 +1124,7 @@ Example input:

|Name|Type|Required|Description|Example|
| :--- | :--- | :--- | :--- | :--- |
|attachments|[]attachment|False|List of attachments|[{'rrn': 'rrn:collaboration:us:44d88612-fea8-a8f3-6de8-2e1278abb02f:attachment:1234567890', 'creator': {'type': 'USER', 'name': 'Example User'}, 'created_time': '2022-08-19T13:00:58.645Z', 'file_name': 'test.txt', 'mime_type': 'text/plain', 'size': 4, 'scan_status': 'CLEAN'}]|
|attachments|[]attachment|False|List of attachments|[{"rrn": "rrn:collaboration:us:44d88612-fea8-a8f3-6de8-2e1278abb02f:attachment:1234567890", "creator": {"type": "USER", "name": "Example User"}, "created_time": "2022-08-19T13:00:58.645Z", "file_name": "test.txt", "mime_type": "text/plain", "size": 4, "scan_status": "CLEAN"}]|
|success|boolean|True|Whether the action was successful or not|True|

Example output:
Expand Down Expand Up @@ -1173,7 +1173,7 @@ Example input:

|Name|Type|Required|Description|Example|
| :--- | :--- | :--- | :--- | :--- |
|comments|[]comment|False|List of comments|[{'created_time': '2022-08-18T12:53:26.676Z', 'rrn': 'rrn:collaboration:us:44d88612-fea8-a8f3-6de8-2e1278abb02f:comment:1234567890', 'target': 'rrn:investigation:us:44d88612-fea8-a8f3-6de8-2e1278abb02f:investigation:1234567890', 'creator': {'type': 'USER', 'name': 'Example User'}, 'body': 'test', 'visibility': 'PUBLIC'}]|
|comments|[]comment|False|List of comments|[{"created_time": "2022-08-18T12:53:26.676Z", "rrn": "rrn:collaboration:us:44d88612-fea8-a8f3-6de8-2e1278abb02f:comment:1234567890", "target": "rrn:investigation:us:44d88612-fea8-a8f3-6de8-2e1278abb02f:investigation:1234567890", "creator": {"type": "USER", "name": "Example User"}, "body": "test", "visibility": "PUBLIC"}]|
|success|boolean|True|Whether the action was successful or not|True|

Example output:
Expand Down Expand Up @@ -1244,8 +1244,8 @@ Example input:
|Name|Type|Required|Description|Example|
| :--- | :--- | :--- | :--- | :--- |
|investigations|[]investigation|True|A list of found investigations|[{'assignee': {'email': 'user@example.com','name': 'Ellen Example'},'created_time': '2018-06-06T16:56:42Z','disposition': 'BENIGN','first_alert_time': '2018-06-06T16:56:42Z','last_accessed': '2018-06-06T16:56:42Z','latest_alert_time': '2018-06-06T16:56:42Z','organization_id': '174e4f99-2ac7-4481-9301-4d24c34baf06','priority': 'CRITICAL','rrn': 'rrn:example','source': 'ALERT','status': 'OPEN','title': 'Example Title'}]|
|metadata|investigation_metadata|True|The pagination parameters used to generate this page result|{'index': 0, 'size': 1, 'total_data': 1, 'total_pages': 1}|
|metadata|investigation_metadata|True|The pagination parameters used to generate this page result|{'index': 0,'size': 1,'total_data': 1,'total_pages': 1}|

Example output:

```
Expand Down Expand Up @@ -1300,8 +1300,8 @@ Example input:

|Name|Type|Required|Description|Example|
| :--- | :--- | :--- | :--- | :--- |
|events|[]events|True|Events from logs|[{'labels': [], 'timestamp': 1601598638768, 'sequence_number': 123456789123456789, 'log_id': '64z0f0p9-1a99-4501-xe36-a6d03687f313', 'message': {'timestamp': '2020-10-02T00:29:14.649Z', 'destination_asset': 'iagent-win7', 'source_asset_address': '192.168.100.50', 'destination_asset_address': 'example-host', 'destination_local_account': 'user', 'logon_type': 'NETWORK', 'result': 'SUCCESS', 'new_authentication': 'false', 'service': 'ntlmssp ', 'source_json': {'sourceName': 'Microsoft-Windows-Security-Auditing', 'insertionStrings': ['S-1-0-0', '-', '-', '0x0', 'X-X-X-XXXXXXXXXXX', 'user@example.com', 'example-host', '0x204f163c', '3', 'NtLmSsp ', 'NTLM', '', '{00000000-0000-0000-0000-000000000000}', '-', 'NTLM V2', '128', '0x0', '-', '192.168.50.1', '59090'], 'eventCode': 4624, 'computerName': 'example-host', 'sid': '', 'isDomainController': False, 'eventData': None, 'timeWritten': '2020-10-02T00:29:13.670722000Z'}}, 'links': [{'rel': 'Context', 'href': 'https://us.api.insight.rapid7.com/log_search/query/context/xxxx'}], 'sequence_number_str': '123456789123456789'}]|
|events|[]events|True|Events from logs|[{"labels": [], "timestamp": 1601598638768, "sequence_number": 123456789123456789, "log_id": "64z0f0p9-1a99-4501-xe36-a6d03687f313", "message": {"timestamp": "2020-10-02T00:29:14.649Z", "destination_asset": "iagent-win7", "source_asset_address": "192.168.100.50", "destination_asset_address": "example-host", "destination_local_account": "user", "logon_type": "NETWORK", "result": "SUCCESS", "new_authentication": "false", "service": "ntlmssp ", "source_json": {"sourceName": "Microsoft-Windows-Security-Auditing", "insertionStrings": ["S-1-0-0", "-", "-", "0x0", "X-X-X-XXXXXXXXXXX", "user@example.com", "example-host", "0x204f163c", "3", "NtLmSsp ", "NTLM", "", "{00000000-0000-0000-0000-000000000000}", "-", "NTLM V2", "128", "0x0", "-", "192.168.50.1", "59090"], "eventCode": 4624, "computerName": "example-host", "sid": "", "isDomainController": False, "eventData": None, "timeWritten": "2020-10-02T00:29:13.670722000Z"}}, "links": [{"rel": "Context", "href": "https://us.api.insight.rapid7.com/log_search/query/context/xxxx"}], "sequence_number_str": "123456789123456789"}]|

Example output:

```
Expand Down Expand Up @@ -1462,7 +1462,7 @@ Example input:

|Name|Type|Required|Description|Example|
| :--- | :--- | :--- | :--- | :--- |
|investigations|[]investigation|True|A list of found investigations|[{'assignee': {'email': 'user@example.com', 'name': 'Ellen Example'}, 'created_time': '2018-06-06T16:56:42Z', 'disposition': 'BENIGN', 'first_alert_time': '2018-06-06T16:56:42Z', 'last_accessed': '2018-06-06T16:56:42Z', 'latest_alert_time': '2018-06-06T16:56:42Z', 'organization_id': '174e4f99-2ac7-4481-9301-4d24c34baf06', 'priority': 'CRITICAL', 'rrn': 'rrn:example', 'source': 'ALERT', 'status': 'OPEN', 'title': 'Example Title'}]|
|investigations|[]investigation|True|A list of found investigations|[{"assignee": {"email": "user@example.com", "name": "Ellen Example"}, "created_time": "2018-06-06T16:56:42Z", "disposition": "BENIGN", "first_alert_time": "2018-06-06T16:56:42Z", "last_accessed": "2018-06-06T16:56:42Z", "latest_alert_time": "2018-06-06T16:56:42Z", "organization_id": "174e4f99-2ac7-4481-9301-4d24c34baf06", "priority": "CRITICAL", "rrn": "rrn:example", "source": "ALERT", "status": "OPEN", "title": "Example Title"}]|
|metadata|investigation_metadata|True|The pagination parameters used to generate this page result|{'index': 0, 'size': 1, 'total_data': 1, 'total_pages': 1}|

Example output:
Expand Down Expand Up @@ -1727,7 +1727,7 @@ Example input:

|Name|Type|Required|Description|Example|
| :--- | :--- | :--- | :--- | :--- |
|attachment|[]attachment|False|Attachment details|[{'rrn': 'rrn:collaboration:us:44d88612-fea8-a8f3-6de8-2e1278abb02f:attachment:1234567890', 'creator': {'type': 'USER', 'name': 'Example User'}, 'created_time': '2022-08-19T13:00:58.645Z', 'file_name': 'test.txt', 'mime_type': 'text/plain', 'size': 4, 'scan_status': 'CLEAN'}]|
|attachment|[]attachment|False|Attachment details|[{"rrn": "rrn:collaboration:us:44d88612-fea8-a8f3-6de8-2e1278abb02f:attachment:1234567890", "creator": {"type": "USER", "name": "Example User"}, "created_time": "2022-08-19T13:00:58.645Z", "file_name": "test.txt", "mime_type": "text/plain", "size": 4, "scan_status": "CLEAN"}]|
|success|boolean|True|Whether the action was successful or not|True|

Example output:
Expand Down

0 comments on commit 5f942e7

Please sign in to comment.