Removing key from schema. Keeping same naming convention (Uppercase)

rapid7 · Dec 17, 2024 · 736c041 · 736c041
1 parent 7a42b71
commit 736c041
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 128 deletions.
diff --git a/plugins/rapid7_insightidr/.CHECKSUM b/plugins/rapid7_insightidr/.CHECKSUM
@@ -1,5 +1,5 @@
 {
-	"spec": "1731102995c13b9e66eb3d167cc3b36e",
+	"spec": "fd4a1ba356fb9c3b51b5058cf8bee435",
 	"manifest": "bf5b8c1274de589f792fc43909fcb102",
 	"setup": "1964faaf291c2cbe3485c2bfd7ae7231",
 	"schemas": [
@@ -9,11 +9,11 @@
 		},
 		{
 			"identifier": "advanced_query_on_log/schema.py",
-			"hash": "1f0d2740af4d48b6d202f8fe82bac40e"
+			"hash": "c29d038d9e7020d8e1327a8c6ad4e3d5"
 		},
 		{
 			"identifier": "advanced_query_on_log_set/schema.py",
-			"hash": "b5b2c8b6a3b884b33241f87004815459"
+			"hash": "6ecdb6192aa5e8c99cafc712a6c9d6fb"
 		},
 		{
 			"identifier": "assign_user_to_investigation/schema.py",

diff --git a/plugins/rapid7_insightidr/help.md b/plugins/rapid7_insightidr/help.md
@@ -3091,11 +3091,10 @@ Example output:
 
 |Name|Type|Default|Required|Description|Example|
 | :--- | :--- | :--- | :--- | :--- | :--- |
-|leql|object|None|False|The LEQL 'WHERE' clause to match against|None|
-|logs|array|None|False|Holds the Log ID of the matching log entry|None|
-|search_stats|object|None|False|Holds data regarding the query execution|None|
-|statement|object|None|False|Query command/operation executed|None|
-|statistics|statistics|None|False|Holds the overall statistical results|None|
+|LEQL|object|None|False|The LEQL 'WHERE' clause to match against|None|
+|Logs|array|None|False|Holds the Log ID of the matching log entry|None|
+|Search Stats|object|None|False|Holds data regarding the query execution|None|
+|Statement|object|None|False|Query command/operation executed|None|
 
 **statistics**
 

diff --git a/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log/schema.py b/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log/schema.py
@@ -114,7 +114,7 @@ class AdvancedQueryOnLogOutput(insightconnect_plugin_runtime.Output):
     },
     "results_events": {
       "type": "array",
-      "title": "Query Results (Events)",
+      "title": "Results Events",
       "description": "Query Results",
       "items": {
         "$ref": "#/definitions/events"
@@ -123,7 +123,7 @@ class AdvancedQueryOnLogOutput(insightconnect_plugin_runtime.Output):
     },
     "results_statistical": {
       "$ref": "#/definitions/results_statistics",
-      "title": "Query Results (Statistical)",
+      "title": "Results Statistical",
       "description": "Query Results",
       "order": 2
     }
@@ -402,124 +402,28 @@ class AdvancedQueryOnLogOutput(insightconnect_plugin_runtime.Output):
       "type": "object",
       "title": "results_statistics",
       "properties": {
-        "statistics": {
-          "$ref": "#/definitions/statistics",
-          "title": "statistics",
-          "description": "Holds the overall statistical results",
-          "order": 1
-        },
         "leql": {
           "type": "object",
-          "title": "leql",
+          "title": "LEQL",
           "description": "The LEQL 'WHERE' clause to match against",
-          "order": 2
+          "order": 1
         },
         "logs": {
-          "title": "logs",
+          "title": "Logs",
           "description": "Holds the Log ID of the matching log entry",
-          "order": 3
+          "order": 2
         },
         "search_stats": {
           "type": "object",
-          "title": "search_stats",
+          "title": "Search Stats",
           "description": "Holds data regarding the query execution",
-          "order": 4
+          "order": 3
         },
         "statement": {
           "type": "object",
-          "title": "statement",
+          "title": "Statement",
           "description": "Query command/operation executed",
-          "order": 5
-        }
-      }
-    },
-    "statistics": {
-      "type": "object",
-      "title": "statistics",
-      "properties": {
-        "stats": {
-          "type": "object",
-          "title": "Stats",
-          "description": "Holds the overall result when query does not contain a 'groupby' clause",
-          "order": 1
-        },
-        "groups": {
-          "type": "array",
-          "title": "Groups",
-          "description": "Holds the overall result for each group in a 'groupby' query",
-          "items": {
-            "type": "object"
-          },
-          "order": 2
-        },
-        "granularity": {
-          "type": "integer",
-          "title": "Granularity",
-          "description": "The time window in milliseconds for each time slice in the time series",
-          "order": 3
-        },
-        "timeseries": {
-          "type": "object",
-          "title": "Time Series",
-          "description": "Holds the query results for each timeslice (each partition of the time_range), for non-'groupby' queries",
           "order": 4
-        },
-        "groups_timeseries": {
-          "type": "array",
-          "title": "Groups Time Series",
-          "description": "For 'groupby' queries, holds the timeseries object for each group",
-          "items": {
-            "type": "object"
-          },
-          "order": 5
-        },
-        "from": {
-          "type": "integer",
-          "title": "From",
-          "description": "The start of the time range for the query, as a UNIX timestamp in milliseconds",
-          "order": 6
-        },
-        "to": {
-          "type": "integer",
-          "title": "To",
-          "description": "The end of the time range for the query, as a UNIX timestamp in milliseconds",
-          "order": 7
-        },
-        "type": {
-          "type": "string",
-          "title": "Type",
-          "description": "The type of function performed, for example, \"count\", \"max\", \"average\", \"standarddeviation\"",
-          "order": 8
-        },
-        "key": {
-          "type": "string",
-          "title": "Key",
-          "description": "The key which the function of the 'calculate' clause is applied to",
-          "order": 9
-        },
-        "cardinality": {
-          "type": "integer",
-          "title": "Cardinality",
-          "description": "Always 0",
-          "order": 10
-        },
-        "others": {
-          "type": "object",
-          "title": "Others",
-          "description": "Not yet implemented",
-          "order": 11
-        },
-        "status": {
-          "type": "integer",
-          "title": "Status",
-          "description": "Holds a status code for the query, potentially different from the status code of the response",
-          "order": 12
-        },
-        "all_exact_results": {
-          "type": "boolean",
-          "title": "All Exact Results",
-          "description": "Boolean indicating whether groups are calculated approximately (approximated if a groupby query involves over 10,000 groups)",
-          "order": 13
         }
       }
     }

diff --git a/...ns/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log_set/schema.py b/...ns/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log_set/schema.py
@@ -132,7 +132,7 @@ class AdvancedQueryOnLogSetOutput(insightconnect_plugin_runtime.Output):
     },
     "results_events": {
       "type": "array",
-      "title": "Query Results (Events)",
+      "title": "Results Events",
       "description": "Query Results",
       "items": {
         "$ref": "#/definitions/events"
@@ -141,7 +141,7 @@ class AdvancedQueryOnLogSetOutput(insightconnect_plugin_runtime.Output):
     },
     "results_statistical": {
       "$ref": "#/definitions/statistics",
-      "title": "Query Results (Statistical)",
+      "title": "Results Statistical",
       "description": "Query Results",
       "order": 2
     }

diff --git a/plugins/rapid7_insightidr/plugin.spec.yaml b/plugins/rapid7_insightidr/plugin.spec.yaml
@@ -450,28 +450,23 @@ types:
       description: Links
       type: "[]link"
   results_statistics:
-    statistics:
-      title: statistics
-      description: Holds the overall statistical results
-      type: statistics
-      required: false
     leql:
-      title: leql
+      title: LEQL
       description: The LEQL 'WHERE' clause to match against
       type: object
       required: false
     logs:
-      title: logs
+      title: Logs
       description: Holds the Log ID of the matching log entry
       type: array
       required: false
     search_stats:
-      title: search_stats
+      title: Search Stats
       description: Holds data regarding the query execution
       type: object
       required: false
     statement:
-      title: statement
+      title: Statement
       description: Query command/operation executed
       type: object
       required: false
@@ -1998,13 +1993,13 @@ actions:
         order: 7
     output:
       results_events:
-        title: Query Results (Events)
+        title: Results Events
         description: Query Results
         type: "[]events"
         required: false
         example: '[{"labels": [],"timestamp": 1601598638768,"sequence_number": 123456789123456789,"log_id": "64z0f0p9-1a99-4501-xe36-a6d03687f313","message": {"timestamp": "2020-10-02T00:29:14.649Z","destination_asset": "iagent-win7","source_asset_address": "192.168.100.50","destination_asset_address": "example-host","destination_local_account": "user","logon_type": "NETWORK","result": "SUCCESS","new_authentication": "false","service": "ntlmssp ","source_json": {"sourceName": "Microsoft-Windows-Security-Auditing","insertionStrings": ["S-1-0-0","-","-","0x0","X-X-X-XXXXXXXXXXX","user@example.com","example-host","0x204f163c","3","NtLmSsp ","NTLM","","{00000000-0000-0000-0000-000000000000}","-","NTLM V2","128","0x0","-","192.168.50.1","59090"],"eventCode": 4624,"computerName": "example-host","sid": "","isDomainController": false,"eventData": null,"timeWritten": "2020-10-02T00:29:13.670722000Z"}},"links": [{"rel": "Context","href": "https://us.api.insight.rapid7.com/log_search/query/context/xxxx"}],"sequence_number_str": "123456789123456789"}]'
       results_statistical:
-        title: Query Results (Statistical)
+        title: Results Statistical
         description: Query Results
         type: results_statistics
         required: false
@@ -2100,13 +2095,13 @@ actions:
           - Web Proxy Activity
     output:
       results_events:
-        title: Query Results (Events)
+        title: Results Events
         description: Query Results
         type: "[]events"
         required: false
         example: '[{"labels": [],"timestamp": 1601598638768,"sequence_number": 123456789123456789,"log_id": "64z0f0p9-1a99-4501-xe36-a6d03687f313","message": {"timestamp": "2020-10-02T00:29:14.649Z","destination_asset": "iagent-win7","source_asset_address": "192.168.100.50","destination_asset_address": "example-host","destination_local_account": "user","logon_type": "NETWORK","result": "SUCCESS","new_authentication": "false","service": "ntlmssp ","source_json": {"sourceName": "Microsoft-Windows-Security-Auditing","insertionStrings": ["S-1-0-0","-","-","0x0","X-X-X-XXXXXXXXXXX","user@example.com","example-host","0x204f163c","3","NtLmSsp ","NTLM","","{00000000-0000-0000-0000-000000000000}","-","NTLM V2","128","0x0","-","192.168.50.1","59090"],"eventCode": 4624,"computerName": "example-host","sid": "","isDomainController": false,"eventData": null,"timeWritten": "2020-10-02T00:29:13.670722000Z"}},"links": [{"rel": "Context","href": "https://us.api.insight.rapid7.com/log_search/query/context/xxxx"}],"sequence_number_str": "123456789123456789"}]'
       results_statistical:
-        title: Query Results (Statistical)
+        title: Results Statistical
         description: Query Results
         type: statistics
         required: false