From 5f942e7ba1d612c16a3b7163bf7ebc7bbeb33509 Mon Sep 17 00:00:00 2001 From: conor-mcnally Date: Wed, 11 Oct 2023 11:55:55 +0100 Subject: [PATCH] All violations fixed --- plugins/rapid7_insightidr/help.md | 50 +++++++++++++++---------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/plugins/rapid7_insightidr/help.md b/plugins/rapid7_insightidr/help.md index a4c88339b8..fe7f5ba759 100644 --- a/plugins/rapid7_insightidr/help.md +++ b/plugins/rapid7_insightidr/help.md @@ -56,12 +56,12 @@ Add InsightIDR threat indicators to a threat with the given threat key |Name|Type|Default|Required|Description|Enum|Example| | :--- | :--- | :--- | :--- | :--- | :--- | :--- | -|domain_names|[]string|None|False|Domain names to add. e.g. ["rapid7.com","google.com"]|None|['rapid7.com', 'google.com']| -|hashes|[]string|None|False|Process hashes to add. e.g. ["A94A8FE5CCB19BA61C4C0873D391E987982FBBD3","C3499C2729730A7F807EFB8676A92DCB6F8A3F8F"]|None|['A94A8FE5CCB19BA61C4C0873D391E987982FBBD3', 'C3499C2729730A7F807EFB8676A92DCB6F8A3F8F']| -|ips|[]string|None|False|IP addresses to add. e.g. ["10.0.0.1","10.0.0.2"]|None|['10.0.0.1', '10.0.0.2']| +|domain_names|[]string|None|False|Domain names to add. e.g. ["rapid7.com","google.com"]|None|["rapid7.com", "google.com"]| +|hashes|[]string|None|False|Process hashes to add. e.g. ["A94A8FE5CCB19BA61C4C0873D391E987982FBBD3","C3499C2729730A7F807EFB8676A92DCB6F8A3F8F"]|None|["A94A8FE5CCB19BA61C4C0873D391E987982FBBD3", "C3499C2729730A7F807EFB8676A92DCB6F8A3F8F"]| +|ips|[]string|None|False|IP addresses to add. e.g. ["10.0.0.1","10.0.0.2"]|None|["10.0.0.1", "10.0.0.2"]| |key|string|None|True|The key of a threat for which the indicators are going to be added. e.g. c9404e11-b81a-429d-9400-05c531f229c3|None|c9404e11-b81a-429d-9400-05c531f229c3| -|urls|[]string|None|False|URLs to add. e.g. ["https://example.com","https://test.com"]|None|['https://example.com', 'https://test.com']| - +|urls|[]string|None|False|URLs to add. e.g. ["https://example.com","https://test.com"]|None|["https://example.com", "https://test.com"]| + Example input: ``` @@ -90,7 +90,7 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | -|rejected_indicators|[]string|False|The list of indicators that have been rejected during the update|['https://example.com', 'https://test.com']| +|rejected_indicators|[]string|False|The list of indicators that have been rejected during the update|["https://example.com", "https://test.com"]| |threat|threat|False|The information about the threat|{'name': 'Contributing Collaborative Threat: Flagged Malicious', 'published': False, 'indicator_count': 13}| Example output: @@ -141,8 +141,8 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | |count|integer|True|Number of log entries found|10| -|results|[]events|True|Query Results|[{'labels': [], 'timestamp': 1601598638768, 'sequence_number': 123456789123456789, 'log_id': '64z0f0p9-1a99-4501-xe36-a6d03687f313', 'message': {'timestamp': '2020-10-02T00:29:14.649Z', 'destination_asset': 'iagent-win7', 'source_asset_address': '192.168.100.50', 'destination_asset_address': 'example-host', 'destination_local_account': 'user', 'logon_type': 'NETWORK', 'result': 'SUCCESS', 'new_authentication': 'false', 'service': 'ntlmssp ', 'source_json': {'sourceName': 'Microsoft-Windows-Security-Auditing', 'insertionStrings': ['S-1-0-0', '-', '-', '0x0', 'X-X-X-XXXXXXXXXXX', 'user@example.com', 'example-host', '0x204f163c', '3', 'NtLmSsp ', 'NTLM', '', '{00000000-0000-0000-0000-000000000000}', '-', 'NTLM V2', '128', '0x0', '-', '192.168.50.1', '59090'], 'eventCode': 4624, 'computerName': 'example-host', 'sid': '', 'isDomainController': False, 'eventData': None, 'timeWritten': '2020-10-02T00:29:13.670722000Z'}}, 'links': [{'rel': 'Context', 'href': 'https://us.api.insight.rapid7.com/log_search/query/context/xxxx'}], 'sequence_number_str': '123456789123456789'}]| - +|results|[]events|True|Query Results|[{"labels": [], "timestamp": 1601598638768, "sequence_number": 123456789123456789, "log_id": "64z0f0p9-1a99-4501-xe36-a6d03687f313", "message": {"timestamp": "2020-10-02T00:29:14.649Z", "destination_asset": "iagent-win7", "source_asset_address": "192.168.100.50", "destination_asset_address": "example-host", "destination_local_account": "user", "logon_type": "NETWORK", "result": "SUCCESS", "new_authentication": "false", "service": "ntlmssp ", "source_json": {"sourceName": "Microsoft-Windows-Security-Auditing", "insertionStrings": ["S-1-0-0", "-", "-", "0x0", "X-X-X-XXXXXXXXXXX", "user@example.com", "example-host", "0x204f163c", "3", "NtLmSsp ", "NTLM", "", "{00000000-0000-0000-0000-000000000000}", "-", "NTLM V2", "128", "0x0", "-", "192.168.50.1", "59090"], "eventCode": 4624, "computerName": "example-host", "sid": "", "isDomainController": False, "eventData": None, "timeWritten": "2020-10-02T00:29:13.670722000Z"}}, "links": [{"rel": "Context", "href": "https://us.api.insight.rapid7.com/log_search/query/context/xxxx"}], "sequence_number_str": "123456789123456789"}]| + Example output: ``` @@ -239,8 +239,8 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | |count|integer|True|Number of log entries found|10| -|results|[]events|True|Query Results|[{'labels': [], 'timestamp': 1601598638768, 'sequence_number': 123456789123456789, 'log_id': '64z0f0p9-1a99-4501-xe36-a6d03687f313', 'message': {'timestamp': '2020-10-02T00:29:14.649Z', 'destination_asset': 'iagent-win7', 'source_asset_address': '192.168.100.50', 'destination_asset_address': 'example-host', 'destination_local_account': 'user', 'logon_type': 'NETWORK', 'result': 'SUCCESS', 'new_authentication': 'false', 'service': 'ntlmssp ', 'source_json': {'sourceName': 'Microsoft-Windows-Security-Auditing', 'insertionStrings': ['S-1-0-0', '-', '-', '0x0', 'X-X-X-XXXXXXXXXXX', 'user@example.com', 'example-host', '0x204f163c', '3', 'NtLmSsp ', 'NTLM', '', '{00000000-0000-0000-0000-000000000000}', '-', 'NTLM V2', '128', '0x0', '-', '192.168.50.1', '59090'], 'eventCode': 4624, 'computerName': 'example-host', 'sid': '', 'isDomainController': False, 'eventData': None, 'timeWritten': '2020-10-02T00:29:13.670722000Z'}}, 'links': [{'rel': 'Context', 'href': 'https://us.api.insight.rapid7.com/log_search/query/context/xxxx'}], 'sequence_number_str': '123456789123456789'}]| - +|results|[]events|True|Query Results|[{"labels": [], "timestamp": 1601598638768, "sequence_number": 123456789123456789, "log_id": "64z0f0p9-1a99-4501-xe36-a6d03687f313", "message": {"timestamp": "2020-10-02T00:29:14.649Z", "destination_asset": "iagent-win7", "source_asset_address": "192.168.100.50", "destination_asset_address": "example-host", "destination_local_account": "user", "logon_type": "NETWORK", "result": "SUCCESS", "new_authentication": "false", "service": "ntlmssp ", "source_json": {"sourceName": "Microsoft-Windows-Security-Auditing", "insertionStrings": ["S-1-0-0", "-", "-", "0x0", "X-X-X-XXXXXXXXXXX", "user@example.com", "example-host", "0x204f163c", "3", "NtLmSsp ", "NTLM", "", "{00000000-0000-0000-0000-000000000000}", "-", "NTLM V2", "128", "0x0", "-", "192.168.50.1", "59090"], "eventCode": 4624, "computerName": "example-host", "sid": "", "isDomainController": False, "eventData": None, "timeWritten": "2020-10-02T00:29:13.670722000Z"}}, "links": [{"rel": "Context", "href": "https://us.api.insight.rapid7.com/log_search/query/context/xxxx"}], "sequence_number_str": "123456789123456789"}]| + Example output: ``` @@ -386,7 +386,7 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | -|ids|[]string|True|The IDs of the investigations that were closed by the request|['6c7db8d1-abc5-b9da-dd71-1a3ffffe8a16']| +|ids|[]string|True|The IDs of the investigations that were closed by the request|["6c7db8d1-abc5-b9da-dd71-1a3ffffe8a16"]| |num_closed|integer|True|The number of investigations closed by the request|10| Example output: @@ -409,7 +409,7 @@ certain types of RRNs are permitted as targets, such as investigation RRNs |Name|Type|Default|Required|Description|Enum|Example| | :--- | :--- | :--- | :--- | :--- | :--- | :--- | -|attachments|[]string|None|False|An array of attachment RRNs to associate with the comment|None|['rrn:collaboration:us:01234567-89ab-cdef-0000-123123123123:attachment:ABCDEF543210']| +|attachments|[]string|None|False|An array of attachment RRNs to associate with the comment|None|["rrn:collaboration:us:01234567-89ab-cdef-0000-123123123123:attachment:ABCDEF543210"]| |body|string|None|False|The body of the comment|None|Example comment| |target|string|None|True|The target of the comment, which determines where it will appear within InsightIDR|None|rrn:investigation:us:01234567-89ab-cdef-0000-123123123123:investigation:ABCDEF543210| @@ -529,7 +529,7 @@ Create a private InsightIDR threat and add indicators to this threat |Name|Type|Default|Required|Description|Enum|Example| | :--- | :--- | :--- | :--- | :--- | :--- | :--- | -|indicators|[]string|None|True|Add indicators to new threat in InsightIDR. Accept IP addresses, process hashes (SHA1, MD5, SHA256), domain names, URLs|None|['example.com', '10.0.0.1']| +|indicators|[]string|None|True|Add indicators to new threat in InsightIDR. Accept IP addresses, process hashes (SHA1, MD5, SHA256), domain names, URLs|None|["example.com", "10.0.0.1"]| |note_text|string|Threat created via InsightConnect|False|Note text of created threat|None|Threat created via InsightConnect| |threat_name|string|None|True|Name of created threat|None|Threat created via InsightConnect| @@ -549,7 +549,7 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | -|rejected_indicators|[]string|True|Rejected indicators in new threat|['example.com', '10.0.0.1']| +|rejected_indicators|[]string|True|Rejected indicators in new threat|["example.com", "10.0.0.1"]| |threat|threat|True|The information about the new threat|{'name': 'Threat created via InsightConnect', 'note': 'Threat created via InsightConnect', 'published': False, 'indicator_count': 2}| Example output: @@ -852,8 +852,8 @@ Retrieve all saved InsightIDR LEQL queries |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | -|saved_queries|[]query|True|Saved LEQL queries|[{'id': '00000000-0000-9eec-0000-000000000000', 'leql': {'during': {'from': None, 'time_range': 'yesterday', 'to': None}, 'statement': 'where(931dde6c60>=800)'}, 'logs': ['31a4d56e-460e-460f-9542-c2bc8edd7c6b'], 'name': 'Large Values Yesterday'}]| - +|saved_queries|[]query|True|Saved LEQL queries|[{"id": "00000000-0000-9eec-0000-000000000000", "leql": {"during": {"from": None, "time_range": "yesterday", "to": None}, "statement": "where(931dde6c60>=800)"}, "logs": ["31a4d56e-460e-460f-9542-c2bc8edd7c6b"], "name": "Large Values Yesterday"}]| + Example output: ``` @@ -1072,7 +1072,7 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | -|alerts|[]alert|True|A list of alerts associated with the investigation|[{'alert_type': 'Example Type', 'alert_type_description': 'Example Description', 'created_time': '01-01-2020T00:00:00', 'detection_rule_rrn': 'rrn:example', 'first_event_time': '01-01-2020T00:00:00', 'id': '11111111-1111-1111-1111-111111111111', 'latest_event_time': '01-01-2020T00:00:00', 'title': 'Example Title'}]| +|alerts|[]alert|True|A list of alerts associated with the investigation|[{"alert_type": "Example Type", "alert_type_description": "Example Description", "created_time": "01-01-2020T00:00:00", "detection_rule_rrn": "rrn:example", "first_event_time": "01-01-2020T00:00:00", "id": "11111111-1111-1111-1111-111111111111", "latest_event_time": "01-01-2020T00:00:00", "title": "Example Title"}]| |metadata|investigation_metadata|True|The pagination parameters used to generate this page result|{'index': 0, 'size': 1, 'total_data': 1, 'total_pages': 1}| Example output: @@ -1124,7 +1124,7 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | -|attachments|[]attachment|False|List of attachments|[{'rrn': 'rrn:collaboration:us:44d88612-fea8-a8f3-6de8-2e1278abb02f:attachment:1234567890', 'creator': {'type': 'USER', 'name': 'Example User'}, 'created_time': '2022-08-19T13:00:58.645Z', 'file_name': 'test.txt', 'mime_type': 'text/plain', 'size': 4, 'scan_status': 'CLEAN'}]| +|attachments|[]attachment|False|List of attachments|[{"rrn": "rrn:collaboration:us:44d88612-fea8-a8f3-6de8-2e1278abb02f:attachment:1234567890", "creator": {"type": "USER", "name": "Example User"}, "created_time": "2022-08-19T13:00:58.645Z", "file_name": "test.txt", "mime_type": "text/plain", "size": 4, "scan_status": "CLEAN"}]| |success|boolean|True|Whether the action was successful or not|True| Example output: @@ -1173,7 +1173,7 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | -|comments|[]comment|False|List of comments|[{'created_time': '2022-08-18T12:53:26.676Z', 'rrn': 'rrn:collaboration:us:44d88612-fea8-a8f3-6de8-2e1278abb02f:comment:1234567890', 'target': 'rrn:investigation:us:44d88612-fea8-a8f3-6de8-2e1278abb02f:investigation:1234567890', 'creator': {'type': 'USER', 'name': 'Example User'}, 'body': 'test', 'visibility': 'PUBLIC'}]| +|comments|[]comment|False|List of comments|[{"created_time": "2022-08-18T12:53:26.676Z", "rrn": "rrn:collaboration:us:44d88612-fea8-a8f3-6de8-2e1278abb02f:comment:1234567890", "target": "rrn:investigation:us:44d88612-fea8-a8f3-6de8-2e1278abb02f:investigation:1234567890", "creator": {"type": "USER", "name": "Example User"}, "body": "test", "visibility": "PUBLIC"}]| |success|boolean|True|Whether the action was successful or not|True| Example output: @@ -1244,8 +1244,8 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | |investigations|[]investigation|True|A list of found investigations|[{'assignee': {'email': 'user@example.com','name': 'Ellen Example'},'created_time': '2018-06-06T16:56:42Z','disposition': 'BENIGN','first_alert_time': '2018-06-06T16:56:42Z','last_accessed': '2018-06-06T16:56:42Z','latest_alert_time': '2018-06-06T16:56:42Z','organization_id': '174e4f99-2ac7-4481-9301-4d24c34baf06','priority': 'CRITICAL','rrn': 'rrn:example','source': 'ALERT','status': 'OPEN','title': 'Example Title'}]| -|metadata|investigation_metadata|True|The pagination parameters used to generate this page result|{'index': 0, 'size': 1, 'total_data': 1, 'total_pages': 1}| - +|metadata|investigation_metadata|True|The pagination parameters used to generate this page result|{'index': 0,'size': 1,'total_data': 1,'total_pages': 1}| + Example output: ``` @@ -1300,8 +1300,8 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | -|events|[]events|True|Events from logs|[{'labels': [], 'timestamp': 1601598638768, 'sequence_number': 123456789123456789, 'log_id': '64z0f0p9-1a99-4501-xe36-a6d03687f313', 'message': {'timestamp': '2020-10-02T00:29:14.649Z', 'destination_asset': 'iagent-win7', 'source_asset_address': '192.168.100.50', 'destination_asset_address': 'example-host', 'destination_local_account': 'user', 'logon_type': 'NETWORK', 'result': 'SUCCESS', 'new_authentication': 'false', 'service': 'ntlmssp ', 'source_json': {'sourceName': 'Microsoft-Windows-Security-Auditing', 'insertionStrings': ['S-1-0-0', '-', '-', '0x0', 'X-X-X-XXXXXXXXXXX', 'user@example.com', 'example-host', '0x204f163c', '3', 'NtLmSsp ', 'NTLM', '', '{00000000-0000-0000-0000-000000000000}', '-', 'NTLM V2', '128', '0x0', '-', '192.168.50.1', '59090'], 'eventCode': 4624, 'computerName': 'example-host', 'sid': '', 'isDomainController': False, 'eventData': None, 'timeWritten': '2020-10-02T00:29:13.670722000Z'}}, 'links': [{'rel': 'Context', 'href': 'https://us.api.insight.rapid7.com/log_search/query/context/xxxx'}], 'sequence_number_str': '123456789123456789'}]| - +|events|[]events|True|Events from logs|[{"labels": [], "timestamp": 1601598638768, "sequence_number": 123456789123456789, "log_id": "64z0f0p9-1a99-4501-xe36-a6d03687f313", "message": {"timestamp": "2020-10-02T00:29:14.649Z", "destination_asset": "iagent-win7", "source_asset_address": "192.168.100.50", "destination_asset_address": "example-host", "destination_local_account": "user", "logon_type": "NETWORK", "result": "SUCCESS", "new_authentication": "false", "service": "ntlmssp ", "source_json": {"sourceName": "Microsoft-Windows-Security-Auditing", "insertionStrings": ["S-1-0-0", "-", "-", "0x0", "X-X-X-XXXXXXXXXXX", "user@example.com", "example-host", "0x204f163c", "3", "NtLmSsp ", "NTLM", "", "{00000000-0000-0000-0000-000000000000}", "-", "NTLM V2", "128", "0x0", "-", "192.168.50.1", "59090"], "eventCode": 4624, "computerName": "example-host", "sid": "", "isDomainController": False, "eventData": None, "timeWritten": "2020-10-02T00:29:13.670722000Z"}}, "links": [{"rel": "Context", "href": "https://us.api.insight.rapid7.com/log_search/query/context/xxxx"}], "sequence_number_str": "123456789123456789"}]| + Example output: ``` @@ -1462,7 +1462,7 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | -|investigations|[]investigation|True|A list of found investigations|[{'assignee': {'email': 'user@example.com', 'name': 'Ellen Example'}, 'created_time': '2018-06-06T16:56:42Z', 'disposition': 'BENIGN', 'first_alert_time': '2018-06-06T16:56:42Z', 'last_accessed': '2018-06-06T16:56:42Z', 'latest_alert_time': '2018-06-06T16:56:42Z', 'organization_id': '174e4f99-2ac7-4481-9301-4d24c34baf06', 'priority': 'CRITICAL', 'rrn': 'rrn:example', 'source': 'ALERT', 'status': 'OPEN', 'title': 'Example Title'}]| +|investigations|[]investigation|True|A list of found investigations|[{"assignee": {"email": "user@example.com", "name": "Ellen Example"}, "created_time": "2018-06-06T16:56:42Z", "disposition": "BENIGN", "first_alert_time": "2018-06-06T16:56:42Z", "last_accessed": "2018-06-06T16:56:42Z", "latest_alert_time": "2018-06-06T16:56:42Z", "organization_id": "174e4f99-2ac7-4481-9301-4d24c34baf06", "priority": "CRITICAL", "rrn": "rrn:example", "source": "ALERT", "status": "OPEN", "title": "Example Title"}]| |metadata|investigation_metadata|True|The pagination parameters used to generate this page result|{'index': 0, 'size': 1, 'total_data': 1, 'total_pages': 1}| Example output: @@ -1727,7 +1727,7 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | -|attachment|[]attachment|False|Attachment details|[{'rrn': 'rrn:collaboration:us:44d88612-fea8-a8f3-6de8-2e1278abb02f:attachment:1234567890', 'creator': {'type': 'USER', 'name': 'Example User'}, 'created_time': '2022-08-19T13:00:58.645Z', 'file_name': 'test.txt', 'mime_type': 'text/plain', 'size': 4, 'scan_status': 'CLEAN'}]| +|attachment|[]attachment|False|Attachment details|[{"rrn": "rrn:collaboration:us:44d88612-fea8-a8f3-6de8-2e1278abb02f:attachment:1234567890", "creator": {"type": "USER", "name": "Example User"}, "created_time": "2022-08-19T13:00:58.645Z", "file_name": "test.txt", "mime_type": "text/plain", "size": 4, "scan_status": "CLEAN"}]| |success|boolean|True|Whether the action was successful or not|True| Example output: