Fix help.md

rapid7 · Jan 8, 2025 · 217a4e7 · 217a4e7
1 parent e8daee1
commit 217a4e7
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 9 deletions.
diff --git a/plugins/sentinelone/.CHECKSUM b/plugins/sentinelone/.CHECKSUM
@@ -1,7 +1,7 @@
 {
-	"spec": "48ac05b73973308fdc9ec8bc325a1372",
-	"manifest": "bf2f37bb010ec31daf0a4aee3ae45b89",
-	"setup": "1e8d3387ed4d46dc2171d7ee9c3c4a2c",
+	"spec": "c6927728c4f69ccd4bfba73202f850ec",
+	"manifest": "3c7c9830c5936c4ffed6adbaaf12722e",
+	"setup": "98419c249e2910502c36eb5144487ce4",
 	"schemas": [
 		{
 			"identifier": "activities_list/schema.py",

diff --git a/plugins/sentinelone/bin/komand_sentinelone b/plugins/sentinelone/bin/komand_sentinelone
@@ -7,7 +7,7 @@ from sys import argv
 Name = "SentinelOne"
 Vendor = "rapid7"
 Version = "11.1.3"
-Description = "The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne"
+Description = "[SentinelOne](https://www.sentinelone.com/) is a next-gen cybersecurity company focused on protecting the enterprise through the endpoint. The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne.This plugin utilizes the SentinelOne API, the documentation is located in the SentinelOne console"
 
 
 def main():

diff --git a/plugins/sentinelone/help.md b/plugins/sentinelone/help.md
@@ -2,7 +2,7 @@
 
 [SentinelOne](https://www.sentinelone.com/) is a next-gen cybersecurity company focused on protecting the enterprise through the endpoint. The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne.
 
-This plugin utilizes the SentinelOne API, the documentation is located in the SentinelOne console.
+This plugin utilizes the SentinelOne API, the documentation is located in the SentinelOne console
 
 # Key Features
 
@@ -885,6 +885,7 @@ Example input:
 | :--- | :--- | :--- | :--- | :--- |
 |errors|[]object|False|Errors|[]|
 |events|[]eventData|False|Response events data|[{"accountId": "1000000000000000000", "agentDomain": "WORKGROUP", "agentGroupId": "1000000000000000000", "agentId": "1000000000000000000", "agentInfected": True, "agentIp": "198.51.100.1", "agentIsActive": True, "agentIsDecommissioned": False, "agentMachineType": "laptop", "agentName": "Example Name", "agentNetworkStatus": "connected", "agentOs": "windows", "agentTimestamp": "2023-10-23T00:00:00.000Z", "agentUuid": "9de5069c5afe602b2ea0a04b66beb2c0", "createdAt": "2023-10-23T00:00:00.000Z", "endpointMachineType": "desktop", "endpointName": "Example Name", "endpointOs": "windows", "eventTime": "2023-10-23T00:00:00.000Z", "eventType": "Task Update", "id": "1000000000000000000", "isAgentVersionFullySupportedForPg": False, "isAgentVersionFullySupportedForPgMessage": "Example message", "lastActivatedAt": "2023-10-23T00:00:00.000Z", "objectType": "scheduled_task", "parentProcessUniqueKey": "ABCD1234", "pid": "1234", "processGroupId": "ABCD1234", "processIntegrityLevel": "INTEGRITY_LEVEL_UNKNOWN", "processStartTime": "2023-10-23T00:00:00.000Z", "processUniqueKey": "ABCD1234", "relatedToThreat": "False", "siteId": "1000000000000000000", "storyline": "ABCD1234", "taskName": "Example Name", "trueContext": "ABCD1234"}, {"accountId": "1000000000000000001", "agentDomain": "WORKGROUP", "agentGroupId": "1000000000000000001", "agentId": "1000000000000000001", "agentInfected": True, "agentIp": "198.51.100.1", "agentIsActive": True, "agentIsDecommissioned": False, "agentMachineType": "laptop", "agentName": "Example Name", "agentNetworkStatus": "connected", "agentOs": "windows", "agentTimestamp": "2023-10-23T00:00:00.000Z", "agentUuid": "9de5069c5afe602b2ea0a04b66beb2c0", "createdAt": "2023-10-23T00:00:00.000Z", "endpointMachineType": "desktop", "endpointName": "Example Name", "endpointOs": "windows", "eventTime": "2023-10-23T00:00:00.000Z", "eventType": "Task Update", "id": "1000000000000000001", "isAgentVersionFullySupportedForPg": False, "isAgentVersionFullySupportedForPgMessage": "Example message", "lastActivatedAt": "2023-10-23T00:00:00.000Z", "objectType": "scheduled_task", "parentProcessUniqueKey": "ABCD1234", "pid": "1234", "processGroupId": "ABCD1234", "processIntegrityLevel": "INTEGRITY_LEVEL_UNKNOWN", "processStartTime": "2023-10-23T00:00:00.000Z", "processUniqueKey": "ABCD1234", "relatedToThreat": "False", "siteId": "1000000000000000001", "storyline": "ABCD1234", "taskName": "Example Name", "trueContext": "ABCD1234"}]|  
+
 Example output:
 
 ```
@@ -1023,7 +1024,7 @@ This action is used to gets summary of all threats
 |Name|Type|Required|Description|Example|
 | :--- | :--- | :--- | :--- | :--- |
 |data|[]threatData|False|Data|[{"agentOsType": "windows", "automaticallyResolved": False, "cloudVerdict": "black", "id": "1000000000000000000", "engines": ["reputation"], "fileContentHash": "3395856ce81f2b7382dee72602f798b642f14140", "fromCloud": False, "mitigationMode": "protect", "mitigationReport": {"quarantine": {"status": "success"}, "kill": {"status": "success"}}, "rank": 7, "siteName": "Example Site", "whiteningOptions": ["hash"], "agentComputerName": "vagrant-pc", "collectionId": "1000000000000000000", "createdAt": "2019-02-21T16:05:49.251201Z", "mitigationStatus": "active", "classificationSource": "Static", "resolved": True, "accountName": "Example Account", "fileVerificationType": "NotSigned", "siteId": "1000000000000000000", "fileIsExecutable": False, "fromScan": False, "agentNetworkStatus": "disconnecting", "createdDate": "2019-02-21T16:05:49.175000Z", "accountId": "1000000000000000000", "initiatedBy": "agentPolicy", "initiatedByDescription": "Agent Policy", "threatAgentVersion": "3.0.1.3", "username": "vagrant-pc\\vagrant", "agentVersion": "3.0.1.3", "classifierName": "STATIC", "fileExtensionType": "Executable", "agentDomain": "WORKGROUP", "fileIsSystem": False, "agentInfected": False, "isCertValid": False, "isInteractiveSession": False, "isPartialStory": False, "updatedAt": "2020-05-28T21:53:36.064425Z", "agentId": "1000000000000000000", "agentMachineType": "desktop", "classification": "Malware", "markedAsBenign": False, "threatName": "EICAR.com", "agentIsDecommissioned": True, "description": "malware detected - not mitigated yet (static engin...", "fileDisplayName": "EICAR.com", "agentIp": "198.51.100.1", "agentIsActive": False, "fileObjectId": "1234567890", "filePath": "\\Device\\HarddiskVolume2\\Users\\vagrant\\Desktop\\EICA...", "maliciousGroupId": "1234567890"}]|
-|errors|[]object|False|Errors|[]|', '|data|[]threatData|False|Data|[{"agentOsType": "windows", "automaticallyResolved": False, "cloudVerdict": "black", "id": "1000000000000000000", "engines": ["reputation"], "fileContentHash": "3395856ce81f2b7382dee72602f798b642f14140", "fromCloud": False, "mitigationMode": "protect", "mitigationReport": {"quarantine": {"status": "success"}, "kill": {"status": "success"}}, "rank": 7, "siteName": "Example Site", "whiteningOptions": ["hash"], "agentComputerName": "vagrant-pc", "collectionId": "1000000000000000000", "createdAt": "2019-02-21T16:05:49.251201Z", "mitigationStatus": "active", "classificationSource": "Static", "resolved": True, "accountName": "Example Account", "fileVerificationType": "NotSigned", "siteId": "1000000000000000000", "fileIsExecutable": False, "fromScan": False, "agentNetworkStatus": "disconnecting", "createdDate": "2019-02-21T16:05:49.175000Z", "accountId": "1000000000000000000", "initiatedBy": "agentPolicy", "initiatedByDescription": "Agent Policy", "threatAgentVersion": "3.0.1.3", "username": "vagrant-pc\\\\vagrant", "agentVersion": "3.0.1.3", "classifierName": "STATIC", "fileExtensionType": "Executable", "agentDomain": "WORKGROUP", "fileIsSystem": False, "agentInfected": False, "isCertValid": False, "isInteractiveSession": False, "isPartialStory": False, "updatedAt": "2020-05-28T21:53:36.064425Z", "agentId": "1000000000000000000", "agentMachineType": "desktop", "classification": "Malware", "markedAsBenign": False, "threatName": "EICAR.com", "agentIsDecommissioned": True, "description": "malware detected - not mitigated yet (static engin...", "fileDisplayName": "EICAR.com", "agentIp": "198.51.100.1", "agentIsActive": False, "fileObjectId": "1234567890", "filePath": "\\\\Device\\\\HarddiskVolume2\\\\Users\\\\vagrant\\\\Desktop\\\\EICA...", "maliciousGroupId": "1234567890"}]|
+|errors|[]object|False|Errors|[]|
 |pagination|pagination|False|Pagination|{'totalItems': 1}|
 
 Example output:

diff --git a/plugins/sentinelone/plugin.spec.yaml b/plugins/sentinelone/plugin.spec.yaml
@@ -3,6 +3,7 @@ extension: plugin
 products: [insightconnect]
 name: sentinelone
 title: SentinelOne
+description: "[SentinelOne](https://www.sentinelone.com/) is a next-gen cybersecurity company focused on protecting the enterprise through the endpoint. The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne.\n\nThis plugin utilizes the SentinelOne API, the documentation is located in the SentinelOne console"
 version: 11.1.3
 connection_version: 10
 cloud_ready: true
@@ -12,7 +13,6 @@ sdk:
   version: 6.2.2
   user: nobody
 supported_versions: ["2.1.0"]
-description: The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne
 vendor: rapid7
 support: rapid7
 status: []
@@ -43,7 +43,11 @@ references:
   - "[SentinelOne Product Page](https://www.sentinelone.com/)"
 requirements:
   - "SentinelOne API key"
-troubleshooting: "* To generate an API key, create a new Service User or select an existing one with adequate permissions from the SentinelOne console\n* To convert `threat` into an array use Type Converter Plugin\n* For the Trigger settings, only set the Resolved field to False if solely resolved threats should be retrieved (i.e. setting to False will not include unresolved threats)\n* The Run Remote Script action may require starting a protected actions session to function properly. To do this, in the `code` input field, enter the passcode from a third-party app, such as Duo Mobile or Google Authenticator, set up in two-factor authentication. Entering the code is not required each time you run the action, because the session is valid for 30 minutes"
+troubleshooting:
+- "To generate an API key, create a new Service User or select an existing one with adequate permissions from the SentinelOne console"
+- "To convert `threat` into an array use Type Converter Plugin"
+- "For the Trigger settings, only set the Resolved field to False if solely resolved threats should be retrieved (i.e. setting to False will not include unresolved threats)"
+- "The Run Remote Script action may require starting a protected actions session to function properly. To do this, in the `code` input field, enter the passcode from a third-party app, such as Duo Mobile or Google Authenticator, set up in two-factor authentication. Entering the code is not required each time you run the action, because the session is valid for 30 minutes"
 resources:
   source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/sentinelone
   license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE

diff --git a/plugins/sentinelone/setup.py b/plugins/sentinelone/setup.py
@@ -4,7 +4,7 @@
 
 setup(name="sentinelone-rapid7-plugin",
       version="11.1.3",
-      description="The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne",
+      description="[SentinelOne](https://www.sentinelone.com/) is a next-gen cybersecurity company focused on protecting the enterprise through the endpoint. The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne.This plugin utilizes the SentinelOne API, the documentation is located in the SentinelOne console.",
       author="rapid7",
       author_email="",
       url="",