From f5dcc3a6766be0008334487226b49e2f9ca3bd5d Mon Sep 17 00:00:00 2001 From: conor-mcnally Date: Wed, 11 Oct 2023 12:04:44 +0100 Subject: [PATCH] Update LQL to LEQL --- plugins/rapid7_insightidr/.CHECKSUM | 6 +++--- plugins/rapid7_insightidr/help.md | 4 ++-- .../actions/advanced_query_on_log/schema.py | 2 +- .../actions/advanced_query_on_log_set/schema.py | 2 +- plugins/rapid7_insightidr/plugin.spec.yaml | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/plugins/rapid7_insightidr/.CHECKSUM b/plugins/rapid7_insightidr/.CHECKSUM index 903c7b1e8e..9f364364a2 100644 --- a/plugins/rapid7_insightidr/.CHECKSUM +++ b/plugins/rapid7_insightidr/.CHECKSUM @@ -1,5 +1,5 @@ { - "spec": "fd1e8649dc24a0cce31879a7721ad6a0", + "spec": "dfe4ce59e40a49cdc6a72fbfa12efb82", "manifest": "b552bbd85165215cb8ca8febaeca721a", "setup": "3abc4ed8b408538efeee0e32e2ff2a5f", "schemas": [ @@ -9,11 +9,11 @@ }, { "identifier": "advanced_query_on_log/schema.py", - "hash": "f1d32e056457d19771171df670c3d57e" + "hash": "218cf52cbd4460b58be9610d7cc34556" }, { "identifier": "advanced_query_on_log_set/schema.py", - "hash": "158fc26ccfcd79e2b2f5a265b92934e9" + "hash": "b24ca76d99515523d4a9ded71a4dd275" }, { "identifier": "assign_user_to_investigation/schema.py", diff --git a/plugins/rapid7_insightidr/help.md b/plugins/rapid7_insightidr/help.md index fe7f5ba759..570a7f6901 100644 --- a/plugins/rapid7_insightidr/help.md +++ b/plugins/rapid7_insightidr/help.md @@ -117,7 +117,7 @@ Realtime query an InsightIDR log. This will query individual logs for results |Name|Type|Default|Required|Description|Enum|Example| | :--- | :--- | :--- | :--- | :--- | :--- | :--- | |log|string|None|True|Log to search|None|Firewall Activity| -|query|string|None|True|LQL Query|None|where(user=adagentadmin, loose)| +|query|string|None|True|LEQL Query|None|where(user=adagentadmin, loose)| |relative_time|string|Last 5 Minutes|True|A relative time in the past to look for alerts|['Last 5 Minutes', 'Last 10 Minutes', 'Last 20 Minutes', 'Last 30 Minutes', 'Last 45 Minutes', 'Last 1 Hour', 'Last 2 Hours', 'Last 3 Hours', 'Last 6 Hours', 'Last 12 Hours', 'Use Time From Value']|Last 5 Minutes| |time_from|string|None|False|Beginning date and time for the query. This will be ignored unless Relative Time input is set to 'Use Time From Value'. The format is flexible and will work with simple dates (e.g. 01-01-2020) to full ISO time (e.g. 01-01-2020T00:00:00)|None|01-01-2020T00:00:00| |time_to|string|None|False|Date and time for the end of the query. If left blank, the current time will be used. The format is flexible and will work with simple dates (e.g. 01-01-2020) to full ISO time (e.g. 01-01-2020T00:00:00)|None|12-31-2020T00:00:00| @@ -215,7 +215,7 @@ Realtime query an InsightIDR log set. This will query entire log sets for result |Name|Type|Default|Required|Description|Enum|Example| | :--- | :--- | :--- | :--- | :--- | :--- | :--- | |log_set|string|None|True|Log Set to search|['Advanced Malware Alert', 'Active Directory Admin Activity', 'Asset Authentication', 'Cloud Service Admin Activity', 'Cloud Service Activity', 'DNS Query', 'Endpoint Activity', 'Endpoint Agent', 'Exploit Mitigation Alert', 'File Access Activity', 'File Modification Activity', 'Firewall Activity', 'Network Flow', 'Host To IP Observations', 'IDS Alert', 'Ingress Authentication', 'Raw Log', 'SSO Authentication', 'Unparsed Data', 'Third Party Alert', 'Virus Alert', 'Web Proxy Activity']|Firewall Activity| -|query|string|None|True|LQL Query|None|where(user=adagentadmin, loose)| +|query|string|None|True|LEQL Query|None|where(user=adagentadmin, loose)| |relative_time|string|Last 5 Minutes|True|A relative time in the past to look for alerts|['Last 5 Minutes', 'Last 10 Minutes', 'Last 20 Minutes', 'Last 30 Minutes', 'Last 45 Minutes', 'Last 1 Hour', 'Last 2 Hours', 'Last 3 Hours', 'Last 6 Hours', 'Last 12 Hours', 'Use Time From Value']|Last 5 Minutes| |time_from|string|None|False|Beginning date and time for the query. This will be ignored unless Relative Time input is set to 'Use Time From Value'. The format is flexible and will work with simple dates (e.g. 01-01-2020) to full ISO time (e.g. 01-01-2020T00:00:00)|None|01-01-2020T00:00:00| |time_to|string|None|False|Date and time for the end of the query. If left blank, the current time will be used. The format is flexible and will work with simple dates (e.g. 01-01-2020) to full ISO time (e.g. 01-01-2020T00:00:00)|None|12-31-2020T00:00:00| diff --git a/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log/schema.py b/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log/schema.py index 23ddcd165a..87fc0dc4f9 100755 --- a/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log/schema.py +++ b/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log/schema.py @@ -36,7 +36,7 @@ class AdvancedQueryOnLogInput(insightconnect_plugin_runtime.Input): "query": { "type": "string", "title": "Query", - "description": "LQL Query", + "description": "LEQL Query", "order": 1 }, "relative_time": { diff --git a/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log_set/schema.py b/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log_set/schema.py index 36ea7a4aaf..ec978dcc62 100755 --- a/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log_set/schema.py +++ b/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log_set/schema.py @@ -60,7 +60,7 @@ class AdvancedQueryOnLogSetInput(insightconnect_plugin_runtime.Input): "query": { "type": "string", "title": "Query", - "description": "LQL Query", + "description": "LEQL Query", "order": 1 }, "relative_time": { diff --git a/plugins/rapid7_insightidr/plugin.spec.yaml b/plugins/rapid7_insightidr/plugin.spec.yaml index 30638d2404..1d69851956 100644 --- a/plugins/rapid7_insightidr/plugin.spec.yaml +++ b/plugins/rapid7_insightidr/plugin.spec.yaml @@ -1180,7 +1180,7 @@ actions: input: query: title: Query - description: LQL Query + description: LEQL Query type: string example: "where(user=adagentadmin, loose)" required: true @@ -1253,7 +1253,7 @@ actions: input: query: title: Query - description: LQL Query + description: LEQL Query type: string example: "where(user=adagentadmin, loose)" required: true