Skip to content

Commit

Permalink
Accidentally removed wrong key :/
Browse files Browse the repository at this point in the history
  • Loading branch information
@rmurray-r7
rmurray-r7 committed Dec 17, 2024
1 parent 736c041 commit b19111c
Show file tree
Hide file tree
Showing 5 changed files with 112 additions and 22 deletions.
6 changes: 3 additions & 3 deletions plugins/rapid7_insightidr/.CHECKSUM
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"spec": "fd4a1ba356fb9c3b51b5058cf8bee435",
"spec": "ed557ded0b51e5458aefc217bdfde130",
"manifest": "bf5b8c1274de589f792fc43909fcb102",
"setup": "1964faaf291c2cbe3485c2bfd7ae7231",
"schemas": [
Expand All @@ -9,11 +9,11 @@
},
{
"identifier": "advanced_query_on_log/schema.py",
"hash": "c29d038d9e7020d8e1327a8c6ad4e3d5"
"hash": "5095f41c5b730886b330614a79dc0551"
},
{
"identifier": "advanced_query_on_log_set/schema.py",
"hash": "6ecdb6192aa5e8c99cafc712a6c9d6fb"
"hash": "b5b2c8b6a3b884b33241f87004815459"
},
{
"identifier": "assign_user_to_investigation/schema.py",
Expand Down
2 changes: 1 addition & 1 deletion plugins/rapid7_insightidr/help.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3094,7 +3094,7 @@ Example output:
|LEQL|object|None|False|The LEQL 'WHERE' clause to match against|None|
|Logs|array|None|False|Holds the Log ID of the matching log entry|None|
|Search Stats|object|None|False|Holds data regarding the query execution|None|
|Statement|object|None|False|Query command/operation executed|None|
|statistics|statistics|None|False|Holds the overall statistical results|None|

**statistics**

Expand Down
104 changes: 97 additions & 7 deletions plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log/schema.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ class AdvancedQueryOnLogOutput(insightconnect_plugin_runtime.Output):
},
"results_events": {
"type": "array",
"title": "Results Events",
"title": "Query Results (Events)",
"description": "Query Results",
"items": {
"$ref": "#/definitions/events"
Expand All @@ -123,7 +123,7 @@ class AdvancedQueryOnLogOutput(insightconnect_plugin_runtime.Output):
},
"results_statistical": {
"$ref": "#/definitions/results_statistics",
"title": "Results Statistical",
"title": "Query Results (Statistical)",
"description": "Query Results",
"order": 2
}
Expand Down Expand Up @@ -402,28 +402,118 @@ class AdvancedQueryOnLogOutput(insightconnect_plugin_runtime.Output):
"type": "object",
"title": "results_statistics",
"properties": {
"statistics": {
"$ref": "#/definitions/statistics",
"title": "statistics",
"description": "Holds the overall statistical results",
"order": 1
},
"leql": {
"type": "object",
"title": "LEQL",
"description": "The LEQL 'WHERE' clause to match against",
"order": 1
"order": 2
},
"logs": {
"title": "Logs",
"description": "Holds the Log ID of the matching log entry",
"order": 2
"order": 3
},
"search_stats": {
"type": "object",
"title": "Search Stats",
"description": "Holds data regarding the query execution",
"order": 4
}
}
},
"statistics": {
"type": "object",
"title": "statistics",
"properties": {
"stats": {
"type": "object",
"title": "Stats",
"description": "Holds the overall result when query does not contain a 'groupby' clause",
"order": 1
},
"groups": {
"type": "array",
"title": "Groups",
"description": "Holds the overall result for each group in a 'groupby' query",
"items": {
"type": "object"
},
"order": 2
},
"granularity": {
"type": "integer",
"title": "Granularity",
"description": "The time window in milliseconds for each time slice in the time series",
"order": 3
},
"statement": {
"timeseries": {
"type": "object",
"title": "Statement",
"description": "Query command/operation executed",
"title": "Time Series",
"description": "Holds the query results for each timeslice (each partition of the time_range), for non-'groupby' queries",
"order": 4
},
"groups_timeseries": {
"type": "array",
"title": "Groups Time Series",
"description": "For 'groupby' queries, holds the timeseries object for each group",
"items": {
"type": "object"
},
"order": 5
},
"from": {
"type": "integer",
"title": "From",
"description": "The start of the time range for the query, as a UNIX timestamp in milliseconds",
"order": 6
},
"to": {
"type": "integer",
"title": "To",
"description": "The end of the time range for the query, as a UNIX timestamp in milliseconds",
"order": 7
},
"type": {
"type": "string",
"title": "Type",
"description": "The type of function performed, for example, \"count\", \"max\", \"average\", \"standarddeviation\"",
"order": 8
},
"key": {
"type": "string",
"title": "Key",
"description": "The key which the function of the 'calculate' clause is applied to",
"order": 9
},
"cardinality": {
"type": "integer",
"title": "Cardinality",
"description": "Always 0",
"order": 10
},
"others": {
"type": "object",
"title": "Others",
"description": "Not yet implemented",
"order": 11
},
"status": {
"type": "integer",
"title": "Status",
"description": "Holds a status code for the query, potentially different from the status code of the response",
"order": 12
},
"all_exact_results": {
"type": "boolean",
"title": "All Exact Results",
"description": "Boolean indicating whether groups are calculated approximately (approximated if a groupby query involves over 10,000 groups)",
"order": 13
}
}
}
Expand Down
4 changes: 2 additions & 2 deletions ...ns/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log_set/schema.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ class AdvancedQueryOnLogSetOutput(insightconnect_plugin_runtime.Output):
},
"results_events": {
"type": "array",
"title": "Results Events",
"title": "Query Results (Events)",
"description": "Query Results",
"items": {
"$ref": "#/definitions/events"
Expand All @@ -141,7 +141,7 @@ class AdvancedQueryOnLogSetOutput(insightconnect_plugin_runtime.Output):
},
"results_statistical": {
"$ref": "#/definitions/statistics",
"title": "Results Statistical",
"title": "Query Results (Statistical)",
"description": "Query Results",
"order": 2
}
Expand Down
18 changes: 9 additions & 9 deletions plugins/rapid7_insightidr/plugin.spec.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -450,6 +450,11 @@ types:
description: Links
type: "[]link"
results_statistics:
statistics:
title: statistics
description: Holds the overall statistical results
type: statistics
required: false
leql:
title: LEQL
description: The LEQL 'WHERE' clause to match against
Expand All @@ -465,11 +470,6 @@ types:
description: Holds data regarding the query execution
type: object
required: false
statement:
title: Statement
description: Query command/operation executed
type: object
required: false
statistics:
stats:
title: Stats
Expand Down Expand Up @@ -1993,13 +1993,13 @@ actions:
order: 7
output:
results_events:
title: Results Events
title: Query Results (Events)
description: Query Results
type: "[]events"
required: false
example: '[{"labels": [],"timestamp": 1601598638768,"sequence_number": 123456789123456789,"log_id": "64z0f0p9-1a99-4501-xe36-a6d03687f313","message": {"timestamp": "2020-10-02T00:29:14.649Z","destination_asset": "iagent-win7","source_asset_address": "192.168.100.50","destination_asset_address": "example-host","destination_local_account": "user","logon_type": "NETWORK","result": "SUCCESS","new_authentication": "false","service": "ntlmssp ","source_json": {"sourceName": "Microsoft-Windows-Security-Auditing","insertionStrings": ["S-1-0-0","-","-","0x0","X-X-X-XXXXXXXXXXX","user@example.com","example-host","0x204f163c","3","NtLmSsp ","NTLM","","{00000000-0000-0000-0000-000000000000}","-","NTLM V2","128","0x0","-","192.168.50.1","59090"],"eventCode": 4624,"computerName": "example-host","sid": "","isDomainController": false,"eventData": null,"timeWritten": "2020-10-02T00:29:13.670722000Z"}},"links": [{"rel": "Context","href": "https://us.api.insight.rapid7.com/log_search/query/context/xxxx"}],"sequence_number_str": "123456789123456789"}]'
results_statistical:
title: Results Statistical
title: Query Results (Statistical)
description: Query Results
type: results_statistics
required: false
Expand Down Expand Up @@ -2095,13 +2095,13 @@ actions:
- Web Proxy Activity
output:
results_events:
title: Results Events
title: Query Results (Events)
description: Query Results
type: "[]events"
required: false
example: '[{"labels": [],"timestamp": 1601598638768,"sequence_number": 123456789123456789,"log_id": "64z0f0p9-1a99-4501-xe36-a6d03687f313","message": {"timestamp": "2020-10-02T00:29:14.649Z","destination_asset": "iagent-win7","source_asset_address": "192.168.100.50","destination_asset_address": "example-host","destination_local_account": "user","logon_type": "NETWORK","result": "SUCCESS","new_authentication": "false","service": "ntlmssp ","source_json": {"sourceName": "Microsoft-Windows-Security-Auditing","insertionStrings": ["S-1-0-0","-","-","0x0","X-X-X-XXXXXXXXXXX","user@example.com","example-host","0x204f163c","3","NtLmSsp ","NTLM","","{00000000-0000-0000-0000-000000000000}","-","NTLM V2","128","0x0","-","192.168.50.1","59090"],"eventCode": 4624,"computerName": "example-host","sid": "","isDomainController": false,"eventData": null,"timeWritten": "2020-10-02T00:29:13.670722000Z"}},"links": [{"rel": "Context","href": "https://us.api.insight.rapid7.com/log_search/query/context/xxxx"}],"sequence_number_str": "123456789123456789"}]'
results_statistical:
title: Results Statistical
title: Query Results (Statistical)
description: Query Results
type: statistics
required: false
Expand Down

0 comments on commit b19111c

Please sign in to comment.