Validators | Bump SDK

plugins/proofpoint_tap/.CHECKSUM

@@ -1,5 +1,5 @@
 {
-	"spec": "2059286423eb5a73fa04ba04c788e570",
+	"spec": "e3b6dd712f77e68c4db2906763ea4984",
 	"manifest": "14b35211c0ebf40e6fad3e569f26aeae",
 	"setup": "97182fc26a28ec7fc9c4cd98d2ce7d83",
 	"schemas": [

plugins/proofpoint_tap/Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.2
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.3
 
 LABEL organization=rapid7
 LABEL sdk=python

plugins/proofpoint_tap/help.md

@@ -1175,7 +1175,7 @@ Example output:
 
 # Version History
 
-* 4.1.11 - SDK Bump to 6.2.2 | `Monitor Events` task updated to handle requests outside of Proofpoint TAP API limits
+* 4.1.11 - SDK Bump to 6.2.3 | `Monitor Events` task updated to handle requests outside of Proofpoint TAP API limits
 * 4.1.10 - SDK Bump to 6.1.0 | Task Connection test added Update `Parse Tap Alert` to utilise BeautifulSoup resolving vulnerabilities
 * 4.1.9 - Update connection fields to be required.
 * 4.1.8 - Include SDK 5.4.9 | Task - Use cutoff of 7 days for first query, use cutoff of 1 hours for subsequent queries

plugins/proofpoint_tap/komand_proofpoint_tap/tasks/monitor_events/task.py

@@ -1,7 +1,6 @@
 from datetime import datetime, timedelta, timezone
 from hashlib import sha1
 from typing import Dict
-from requests import Response
 
 import insightconnect_plugin_runtime
 from insightconnect_plugin_runtime.exceptions import PluginException
@@ -45,7 +44,7 @@ def run(self, params={}, state={}, custom_config={}):
             previous_logs_hashes = state.get(self.PREVIOUS_LOGS_HASHES, [])
 
             first_run = not state
-            is_paginating = True if (not first_run) and next_page_index else False
+            is_paginating = ((not first_run) and next_page_index)
 
             api_limit = self._get_api_limit_date_time(is_paginating, API_MAX_LOOKBACK, now)
             start_time = self._determine_start_time(now, first_run, is_paginating, last_collection_date)
@@ -63,7 +62,7 @@ def run(self, params={}, state={}, custom_config={}):
             query_params = {"format": "JSON"}
             parameters = SiemUtils.prepare_time_range(start_time, end_time, query_params)
             self.logger.info(f"Using following parameters in query: {parameters}")
-            """GET AND DEDUPE"""
+
             try:
                 parsed_logs = self.parse_logs(
                     self.connection.client.siem_action(Endpoint.get_all_threats(), parameters)
@@ -105,7 +104,6 @@ def run(self, params={}, state={}, custom_config={}):
                 state[self.PREVIOUS_LOGS_HASHES] = []
                 return [], existing_state, False, error.status_code, error
         except Exception as error:
-            raise error
             self.logger.info(f"Exception occurred in monitor events task: {error}", exc_info=True)
             return (
                 [],
@@ -173,7 +171,7 @@ def prepare_log(self, log: dict, value: str) -> dict:
 
     @staticmethod
     def sha1(log: dict) -> str:
-        hash_ = sha1()  # nosec B303
+        hash_ = sha1(usedforsecurity=False)  # nosec B303
         for key, value in log.items():
             hash_.update(f"{key}{value}".encode("utf-8"))
         return hash_.hexdigest()
@@ -193,8 +191,7 @@ def compare_hashes(self, previous_logs_hashes: list, new_logs: list):
         return logs_to_return, new_logs_hashes
 
     def _check_end_time(self, end_time, now):
-        if end_time > now:
-            end_time = now
+        end_time = min(end_time, now)
         return end_time
 
     def _get_api_limit_date_time(self, is_paginating, limit_delta_hours, now):

plugins/proofpoint_tap/plugin.spec.yaml

@@ -11,7 +11,7 @@ connection_version: 4
 supported_versions: ["Proofpoint TAP API v2", "Tested on 2024-06-04"]
 sdk:
   type: slim
-  version: 6.2.2
+  version: 6.2.3
   user: nobody
 vendor: rapid7
 support: community
@@ -46,7 +46,7 @@ links:
 references:
   - "[Proofpoint TAP](https://www.proofpoint.com/us/products/ransomware-and-targeted-attack-protection)"
 version_history:
-  - "4.1.11 - SDK Bump to 6.2.2 | `Monitor Events` task updated to handle requests outside of Proofpoint TAP API limits"
+  - "4.1.11 - SDK Bump to 6.2.3 | `Monitor Events` task updated to handle requests outside of Proofpoint TAP API limits"
   - "4.1.10 - SDK Bump to 6.1.0 | Task Connection test added Update `Parse Tap Alert` to utilise BeautifulSoup resolving vulnerabilities"
   - "4.1.9 - Update connection fields to be required."
   - "4.1.8 - Include SDK 5.4.9 | Task - Use cutoff of 7 days for first query, use cutoff of 1 hours for subsequent queries"

plugins/proofpoint_tap/unit_test/test_monitor_events.py

@@ -7,7 +7,7 @@
 from unittest.mock import patch
 
 from komand_proofpoint_tap.tasks import MonitorEvents
-from unit_test.test_util import Util
+from test_util import Util
 from unittest import TestCase
 from parameterized import parameterized
 from datetime import datetime, timezone, timedelta