[SOAR-18473] Rapid7 Insight Agent 3.0.2 Release (fedRAMP) (#3013)

* [SOAR-18473] Rapid7 Insight Agent - fedRAMP (#3007) * agent - sdk and vuln * Update changelog msg * Plugin.spec reflecting help.md (Rapid7 Insight Agent) (#3029) * Reflecting spec to help.md * troubleshooting header * Update plugin.spec * [SOAR-18559] insightagent (#3034) * Update Get Agent Detail output * Updating unit test to reflect action change
rapid7 · Jan 8, 2025 · 5651bf6 · 5651bf6
1 parent 9097ab6
commit 5651bf6
Show file tree

Hide file tree

Showing 8 changed files with 21 additions and 16 deletions.
diff --git a/plugins/rapid7_insight_agent/.CHECKSUM b/plugins/rapid7_insight_agent/.CHECKSUM
@@ -1,7 +1,7 @@
 {
-	"spec": "84beb2a66c2d69fe169e28ef52286a6b",
-	"manifest": "7128ea302016efb7c4e1b205f30ddc63",
-	"setup": "9342d20648410079f107ce3d1bcd8d17",
+	"spec": "40959d25471f8645178e8e15095f7a3b",
+	"manifest": "fbc1b04c51c6c8816dac6cee216341c2",
+	"setup": "7f65232e4808ae89ad79c06f1b2dc5a2",
 	"schemas": [
 		{
 			"identifier": "check_agent_status/schema.py",
@@ -13,7 +13,7 @@
 		},
 		{
 			"identifier": "get_all_agents_by_ip/schema.py",
-			"hash": "02cda219f562d328ac60a9540c79d3a5"
+			"hash": "8c5c177cfaf437d557a9af2b9eaa97d7"
 		},
 		{
 			"identifier": "quarantine/schema.py",

diff --git a/plugins/rapid7_insight_agent/bin/icon_rapid7_insight_agent b/plugins/rapid7_insight_agent/bin/icon_rapid7_insight_agent
@@ -6,7 +6,7 @@ from sys import argv
 
 Name = "Rapid7 Insight Agent"
 Vendor = "rapid7"
-Version = "3.0.1"
+Version = "3.0.2"
 Description = "Using the Insight Agent plugin from InsightConnect, you can quarantine, unquarantine and monitor potentially malicious IPs, addresses, hostnames, and devices across your organization"
 
 

diff --git a/plugins/rapid7_insight_agent/help.md b/plugins/rapid7_insight_agent/help.md
@@ -80,7 +80,8 @@ Example output:
 
 #### Get Agent Details
 
-This action is used to find and display detailed information about a device. If additional pages of agents are available, the action should be run again with the returned next cursor
+This action is used to find and display detailed information about a device. If additional pages of agents are 
+available, the action should be run again with the returned next cursor
 
 ##### Input
 
@@ -142,8 +143,9 @@ Example output:
 ```
 
 #### Get All Agents by IP Address
-
-This action is used to find all agents that share the same public or private IP address and display details about them. If additional pages of agents are available, the action should be run again with the returned next cursor
+
+This action is used to find all agents that share the same public or private IP address and display details about them. 
+If additional pages of agents are available, the action should be run again with the returned next cursor
 
 ##### Input
 
@@ -455,10 +457,11 @@ Example output:
 
 ## Troubleshooting
 
-If the actions `Get Agent Details` and `Get All Agents by IP` return a `next cursor` value, it is an indication that more pages of data are available to be reviewed. In this instance, it is recommended to run the action multiple times and pass the `next cursor` value, recording all agents found.
+* If the actions `Get Agent Details` and `Get All Agents by IP` return a `next cursor` value, it is an indication that more pages of data are available to be reviewed. In this instance, it is recommended to run the action multiple times and pass the `next cursor` value, recording all agents found.
 
 # Version History
 
+* 3.0.2 - Updated to use latest buildpack to address vulnerabilities | Update `Get Agent Details`:  extended output to include `agent` field when no assets are found
 * 3.0.1 - Update 'Get Agent Details' to allow no assets to be returned | SDK bump to latest version
 * 3.0.0 - Update `Get Agent Details` and `Get All Agents by IP` to return the next page token if more pages are available to search | Update `Get Agent Details` to return agent location details | Initial updates for fedramp compliance | Updated SDK to the latest version
 * 2.1.2 - Improve logging | Update SDK

diff --git a/...ins/rapid7_insight_agent/icon_rapid7_insight_agent/actions/get_all_agents_by_ip/schema.py b/...ins/rapid7_insight_agent/icon_rapid7_insight_agent/actions/get_all_agents_by_ip/schema.py
@@ -4,7 +4,7 @@
 
 
 class Component:
-    DESCRIPTION = "Find all agents that share the same public or private IP address and display details about them. If additional pages of agents are available, the action should be run again with the returned next cursor"
+    DESCRIPTION = "This action is used to find all agents that share the same public or private IP address and display details about them. If additional pages of agents are available, the action should be run again with the returned next cursor"
 
 
 class Input:

diff --git a/plugins/rapid7_insight_agent/icon_rapid7_insight_agent/util/graphql_api/api_connection.py b/plugins/rapid7_insight_agent/icon_rapid7_insight_agent/util/graphql_api/api_connection.py
@@ -383,7 +383,7 @@ def _get_agent(self, agent_input: str, agent_type: str, next_cursor: str = None)
             return agent, None
         else:
             self.logger.info("No assets were found")
-            return None, None
+            return {}, None
 
     def _get_agents(self, agents_input: List[str]) -> [Tuple[str, dict]]:
         """

diff --git a/plugins/rapid7_insight_agent/plugin.spec.yaml b/plugins/rapid7_insight_agent/plugin.spec.yaml
@@ -4,7 +4,7 @@ products: [insightconnect]
 name: rapid7_insight_agent
 title: Rapid7 Insight Agent
 description: Using the Insight Agent plugin from InsightConnect, you can quarantine, unquarantine and monitor potentially malicious IPs, addresses, hostnames, and devices across your organization
-version: 3.0.1
+version: 3.0.2
 connection_version: 2
 supported_versions: ["Rapid7 Insight Agent 2024-08-23"]
 vendor: rapid7
@@ -21,12 +21,14 @@ key_features:
 requirements:
   - "[Platform API Key](https://docs.rapid7.com/insight/managing-platform-api-keys/)"
   - "Administrator access to InsightIDR"
-troubleshooting: "If the actions `Get Agent Details` and `Get All Agents by IP` return a `next cursor` value, it is an indication that more pages of data are available to be reviewed. In this instance, it is recommended to run the action multiple times and pass the `next cursor` value, recording all agents found."
+troubleshooting:
+  - "If the actions `Get Agent Details` and `Get All Agents by IP` return a `next cursor` value, it is an indication that more pages of data are available to be reviewed. In this instance, it is recommended to run the action multiple times and pass the `next cursor` value, recording all agents found."
 links:
   - "[Rapid7 Insight Agent](https://docs.rapid7.com/insight-agent/overview/)"
 references:
   - "[Manage Platform API Keys](https://docs.rapid7.com/insight/managing-platform-api-keys/)"
 version_history:
+  - "3.0.2 - Updated to use latest buildpack to address vulnerabilities | Update `Get Agent Details`:  extended output to include `agent` field when no assets are found"
   - "3.0.1 - Update 'Get Agent Details' to allow no assets to be returned | SDK bump to latest version"
   - "3.0.0 - Update `Get Agent Details` and `Get All Agents by IP` to return the next page token if more pages are available to search | Update `Get Agent Details` to return agent location details | Initial updates for fedramp compliance | Updated SDK to the latest version"
   - "2.1.2 - Improve logging | Update SDK"
@@ -318,7 +320,7 @@ actions:
         example: 9de5069c5afe602b2ea0a04b66beb2c0
   get_all_agents_by_ip:
     title: Get All Agents by IP Address
-    description: Find all agents that share the same public or private IP address and display details about them. If additional pages of agents are available, the action should be run again with the returned next cursor
+    description: This action is used to find all agents that share the same public or private IP address and display details about them. If additional pages of agents are available, the action should be run again with the returned next cursor
     input:
       ip_address:
         title: IP Address

diff --git a/plugins/rapid7_insight_agent/setup.py b/plugins/rapid7_insight_agent/setup.py
@@ -3,7 +3,7 @@
 
 
 setup(name="rapid7_insight_agent-rapid7-plugin",
-      version="3.0.1",
+      version="3.0.2",
       description="Using the Insight Agent plugin from InsightConnect, you can quarantine, unquarantine and monitor potentially malicious IPs, addresses, hostnames, and devices across your organization",
       author="rapid7",
       author_email="",

diff --git a/plugins/rapid7_insight_agent/unit_test/test_get_agent_details.py b/plugins/rapid7_insight_agent/unit_test/test_get_agent_details.py
@@ -29,5 +29,5 @@ def test_get_agent_details(self, mock_request: MagicMock, name: str, agent: str,
     def test_get_agent_by_hostname_bad(self, mock_request: MagicMock) -> None:
         action = Util.default_connector(GetAgentDetails())
         actual = action.run({Input.AGENT: "badID"})
-        expected = {}
+        expected = {"agent": {}}
         self.assertEqual(actual, expected)