diff --git a/plugins/proofpoint_tap/.CHECKSUM b/plugins/proofpoint_tap/.CHECKSUM index 377c764cbe..3af82fcf0c 100644 --- a/plugins/proofpoint_tap/.CHECKSUM +++ b/plugins/proofpoint_tap/.CHECKSUM @@ -1,5 +1,5 @@ { - "spec": "2059286423eb5a73fa04ba04c788e570", + "spec": "e3b6dd712f77e68c4db2906763ea4984", "manifest": "14b35211c0ebf40e6fad3e569f26aeae", "setup": "97182fc26a28ec7fc9c4cd98d2ce7d83", "schemas": [ diff --git a/plugins/proofpoint_tap/Dockerfile b/plugins/proofpoint_tap/Dockerfile index 23e5d61a79..cbe61f233c 100755 --- a/plugins/proofpoint_tap/Dockerfile +++ b/plugins/proofpoint_tap/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.2 +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.3 LABEL organization=rapid7 LABEL sdk=python diff --git a/plugins/proofpoint_tap/help.md b/plugins/proofpoint_tap/help.md index 7a2e4d3c9f..5f59737b64 100644 --- a/plugins/proofpoint_tap/help.md +++ b/plugins/proofpoint_tap/help.md @@ -1175,7 +1175,7 @@ Example output: # Version History -* 4.1.11 - SDK Bump to 6.2.2 | `Monitor Events` task updated to handle requests outside of Proofpoint TAP API limits +* 4.1.11 - SDK Bump to 6.2.3 | `Monitor Events` task updated to handle requests outside of Proofpoint TAP API limits * 4.1.10 - SDK Bump to 6.1.0 | Task Connection test added Update `Parse Tap Alert` to utilise BeautifulSoup resolving vulnerabilities * 4.1.9 - Update connection fields to be required. * 4.1.8 - Include SDK 5.4.9 | Task - Use cutoff of 7 days for first query, use cutoff of 1 hours for subsequent queries diff --git a/plugins/proofpoint_tap/komand_proofpoint_tap/tasks/monitor_events/task.py b/plugins/proofpoint_tap/komand_proofpoint_tap/tasks/monitor_events/task.py index 029a68cd18..ba9d79d466 100755 --- a/plugins/proofpoint_tap/komand_proofpoint_tap/tasks/monitor_events/task.py +++ b/plugins/proofpoint_tap/komand_proofpoint_tap/tasks/monitor_events/task.py @@ -1,7 +1,6 @@ from datetime import datetime, timedelta, timezone from hashlib import sha1 from typing import Dict -from requests import Response import insightconnect_plugin_runtime from insightconnect_plugin_runtime.exceptions import PluginException @@ -45,7 +44,7 @@ def run(self, params={}, state={}, custom_config={}): previous_logs_hashes = state.get(self.PREVIOUS_LOGS_HASHES, []) first_run = not state - is_paginating = True if (not first_run) and next_page_index else False + is_paginating = ((not first_run) and next_page_index) api_limit = self._get_api_limit_date_time(is_paginating, API_MAX_LOOKBACK, now) start_time = self._determine_start_time(now, first_run, is_paginating, last_collection_date) @@ -63,7 +62,7 @@ def run(self, params={}, state={}, custom_config={}): query_params = {"format": "JSON"} parameters = SiemUtils.prepare_time_range(start_time, end_time, query_params) self.logger.info(f"Using following parameters in query: {parameters}") - """GET AND DEDUPE""" + try: parsed_logs = self.parse_logs( self.connection.client.siem_action(Endpoint.get_all_threats(), parameters) @@ -105,7 +104,6 @@ def run(self, params={}, state={}, custom_config={}): state[self.PREVIOUS_LOGS_HASHES] = [] return [], existing_state, False, error.status_code, error except Exception as error: - raise error self.logger.info(f"Exception occurred in monitor events task: {error}", exc_info=True) return ( [], @@ -173,7 +171,7 @@ def prepare_log(self, log: dict, value: str) -> dict: @staticmethod def sha1(log: dict) -> str: - hash_ = sha1() # nosec B303 + hash_ = sha1(usedforsecurity=False) # nosec B303 for key, value in log.items(): hash_.update(f"{key}{value}".encode("utf-8")) return hash_.hexdigest() @@ -193,8 +191,7 @@ def compare_hashes(self, previous_logs_hashes: list, new_logs: list): return logs_to_return, new_logs_hashes def _check_end_time(self, end_time, now): - if end_time > now: - end_time = now + end_time = min(end_time, now) return end_time def _get_api_limit_date_time(self, is_paginating, limit_delta_hours, now): diff --git a/plugins/proofpoint_tap/plugin.spec.yaml b/plugins/proofpoint_tap/plugin.spec.yaml index f848657e2d..519ab69ed1 100644 --- a/plugins/proofpoint_tap/plugin.spec.yaml +++ b/plugins/proofpoint_tap/plugin.spec.yaml @@ -11,7 +11,7 @@ connection_version: 4 supported_versions: ["Proofpoint TAP API v2", "Tested on 2024-06-04"] sdk: type: slim - version: 6.2.2 + version: 6.2.3 user: nobody vendor: rapid7 support: community @@ -46,7 +46,7 @@ links: references: - "[Proofpoint TAP](https://www.proofpoint.com/us/products/ransomware-and-targeted-attack-protection)" version_history: - - "4.1.11 - SDK Bump to 6.2.2 | `Monitor Events` task updated to handle requests outside of Proofpoint TAP API limits" + - "4.1.11 - SDK Bump to 6.2.3 | `Monitor Events` task updated to handle requests outside of Proofpoint TAP API limits" - "4.1.10 - SDK Bump to 6.1.0 | Task Connection test added Update `Parse Tap Alert` to utilise BeautifulSoup resolving vulnerabilities" - "4.1.9 - Update connection fields to be required." - "4.1.8 - Include SDK 5.4.9 | Task - Use cutoff of 7 days for first query, use cutoff of 1 hours for subsequent queries" diff --git a/plugins/proofpoint_tap/unit_test/test_monitor_events.py b/plugins/proofpoint_tap/unit_test/test_monitor_events.py index 71175c94ee..526dda83f7 100644 --- a/plugins/proofpoint_tap/unit_test/test_monitor_events.py +++ b/plugins/proofpoint_tap/unit_test/test_monitor_events.py @@ -7,7 +7,7 @@ from unittest.mock import patch from komand_proofpoint_tap.tasks import MonitorEvents -from unit_test.test_util import Util +from test_util import Util from unittest import TestCase from parameterized import parameterized from datetime import datetime, timezone, timedelta