diff --git a/velociraptor_legacy/Dockerfile b/velociraptor_legacy/Dockerfile deleted file mode 100644 index 5a5e31731f..0000000000 --- a/velociraptor_legacy/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -FROM rapid7/insightconnect-python-3-38-plugin:5 - -LABEL organization=jbauvinet -LABEL sdk=python - -WORKDIR /python/src - -ADD ./plugin.spec.yaml /plugin.spec.yaml -ADD ./requirements.txt /python/src/requirements.txt - -RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi - -ADD . /python/src - -RUN python setup.py build && python setup.py install - -# User to run plugin code. The two supported users are: root, nobody -USER nobody - -ENTRYPOINT ["/usr/local/bin/icon_velociraptor_legacy"] diff --git a/velociraptor_legacy/Makefile b/velociraptor_legacy/Makefile deleted file mode 100644 index cdbcdb1721..0000000000 --- a/velociraptor_legacy/Makefile +++ /dev/null @@ -1,53 +0,0 @@ -# Include other Makefiles for improved functionality -INCLUDE_DIR = ../../tools/Makefiles -MAKEFILES := $(wildcard $(INCLUDE_DIR)/*.mk) -# We can't guarantee customers will have the include files -# - prefix to ignore Makefiles when not present -# https://www.gnu.org/software/make/manual/html_node/Include.html --include $(MAKEFILES) - -ifneq ($(MAKEFILES),) - $(info [$(YELLOW)*$(NORMAL)] Use ``make menu`` for available targets) - $(info [$(YELLOW)*$(NORMAL)] Including available Makefiles: $(MAKEFILES)) - $(info --) -else - $(warning Makefile includes directory not present: $(INCLUDE_DIR)) -endif - -VERSION?=$(shell grep '^version: ' plugin.spec.yaml | sed 's/version: //') -NAME?=$(shell grep '^name: ' plugin.spec.yaml | sed 's/name: //') -VENDOR?=$(shell grep '^vendor: ' plugin.spec.yaml | sed 's/vendor: //') -CWD?=$(shell basename $(PWD)) -_NAME?=$(shell echo $(NAME) | awk '{ print toupper(substr($$0,1,1)) tolower(substr($$0,2)) }') -PKG=$(VENDOR)-$(NAME)-$(VERSION).tar.gz - -# Set default target explicitly. Make's default behavior is the first target in the Makefile. -# We don't want that behavior due to includes which are read first -.DEFAULT_GOAL := default # Make >= v3.80 (make -version) - - -default: image tarball - -tarball: - $(info [$(YELLOW)*$(NORMAL)] Creating plugin tarball) - rm -rf build - rm -rf $(PKG) - tar -cvzf $(PKG) --exclude=$(PKG) --exclude=tests --exclude=run.sh * - -image: - $(info [$(YELLOW)*$(NORMAL)] Building plugin image) - docker build --pull -t $(VENDOR)/$(NAME):$(VERSION) . - docker tag $(VENDOR)/$(NAME):$(VERSION) $(VENDOR)/$(NAME):latest - -regenerate: - $(info [$(YELLOW)*$(NORMAL)] Refreshing schema from plugin.spec.yaml) - insight-plugin refresh - -export: image - $(info [$(YELLOW)*$(NORMAL)] Exporting docker image) - @printf "\n ---> Exporting Docker image to ./$(VENDOR)_$(NAME)_$(VERSION).tar\n" - @docker save $(VENDOR)/$(NAME):$(VERSION) | gzip > $(VENDOR)_$(NAME)_$(VERSION).tar - -# Make will not run a target if a file of the same name exists unless setting phony targets -# https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html -.PHONY: default tarball image regenerate diff --git a/velociraptor_legacy/bin/icon_velociraptor_legacy b/velociraptor_legacy/bin/icon_velociraptor_legacy deleted file mode 100644 index 99664fa289..0000000000 --- a/velociraptor_legacy/bin/icon_velociraptor_legacy +++ /dev/null @@ -1,46 +0,0 @@ -#!/usr/bin/env python -# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT -import os -import json -from sys import argv - -Name = "Velociraptor Legacy" -Vendor = "jbauvinet" -Version = "1.0.0" -Description = "Velociraptor is a unique, advanced open-source endpoint monitoring, digital forensic and cyber response platform. It provides you with the ability to more effectively respond to a wide range of digital forensic and cyber incident response investigations and data breaches" - - -def main(): - if 'http' in argv: - if os.environ.get("GUNICORN_CONFIG_FILE"): - with open(os.environ.get("GUNICORN_CONFIG_FILE")) as gf: - gunicorn_cfg = json.load(gf) - if gunicorn_cfg.get("worker_class", "sync") == "gevent": - from gevent import monkey - monkey.patch_all() - elif 'gevent' in argv: - from gevent import monkey - monkey.patch_all() - - import insightconnect_plugin_runtime - from icon_velociraptor_legacy import connection, actions, triggers, tasks - - class ICONVelociraptorLegacy(insightconnect_plugin_runtime.Plugin): - def __init__(self): - super(self.__class__, self).__init__( - name=Name, - vendor=Vendor, - version=Version, - description=Description, - connection=connection.Connection() - ) - self.add_action(actions.Run()) - - - """Run plugin""" - cli = insightconnect_plugin_runtime.CLI(ICONVelociraptorLegacy()) - cli.run() - - -if __name__ == "__main__": - main() diff --git a/velociraptor_legacy/extension.png b/velociraptor_legacy/extension.png deleted file mode 100644 index 84bb0cdb98..0000000000 Binary files a/velociraptor_legacy/extension.png and /dev/null differ diff --git a/velociraptor_legacy/help.md b/velociraptor_legacy/help.md deleted file mode 100644 index 6a54f7a287..0000000000 --- a/velociraptor_legacy/help.md +++ /dev/null @@ -1,122 +0,0 @@ -# Description - -Velociraptor is a unique, advanced open-source endpoint monitoring, digital forensic and cyber response platform. It provides you with the ability to more effectively respond to a wide range of digital forensic and cyber incident response investigations and data breaches - -# Key Features - -* dfir - -# Requirements - -* Velociraptor API Conf(velociraptor --config velociraptor.config.yaml config api_client --name rapid7 --role -administrator api.config.yaml) - -# Supported Product Versions - -* 1.0.0 - -# Documentation - -## Setup - -The connection configuration accepts the following parameters: - -|Name|Type|Default|Required|Description|Enum|Example| -| :--- | :--- | :--- | :--- | :--- | :--- | :--- | -|api_connection_string|string|None|True|Velociraptor API Connection Address|None|x.x.x.x:8001| -|ca_certificate|credential_secret_key|None|True|A base64 encoded CA_Certificate Key|None|{'privateKey': 'LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBakdub1V0ZlBIcXZYM1BJVTZOOUZLbXdRM1psK05vYVdiNHlNTGh1ZGtkRUJKM0F1CitJOFFkbHFES0JtNjU2VWVPQ2gzci9pOWUwVUxLeGtYREZmS21jM3AyV3YrMGxWT1lHdnhaRktVd0tIMHJpQUwKQTRpbXlZdUwvZndlT1NHU25RbGdZS3I5OUhjaVRCSWRMMTVTWjMyVGpZYitQRFpCbCs2elFzdzJIWU5KY3FNagppY2lDN0NBajZnQjlTTzh4MXZNc1JrVStycUt1YzJyOFVrK3FoRUN3OHpSNEs2NndGdVlNMTdzR1VNWFVxL3BICldkaUV2TzNxL21kSzQ3TnJ4NWkyYmFDN281UlhzcEtIWXk2WGVyNFZibmlwbDREZ0FLa2FOT0wwMmErWnYzOFEKbCt4eTl3ZG1XcVVJYk1pcVNiai9rNnh4RGlQUWtUUisvMDMyZVFJREFRQUJBb0lCQUVrUHpwQlV0UFFickozTgo1UzFyQjcxVUw4NXUwT3FrUzJETnZCODl4VmFiYjBOTEwxV3NjMzl5QjI3MVBIak9SUlFwa21XaFEwOENGUmFlCjNveFFuaDQ3cytPck94UE15WlNJZGptaWNyNXRSempYZVlPa05rMEc3SmdDK09MM1lpZU9PblR5WkdReEhVcUIKM21mSVo0NXNIRHYzTXhDM2xwZnMzNS94VEhNOEUvZ1cvZ1RmdlUzUWJvUWFMMXEvdGFSUVlFSHZnaXV0d2RaMApzRUZ0SjhlQXdPQkFCWGlWM1FQeG5BUWdJcHdZcGJpY2wzQUsxNWdzNUVOSzRSbmdpMmJJN2hkbU13RFdhNnQvCmcwQ1AwVGl0eUZxMDVKVW1uYXo0d2VrWHhENUVCbTc3NkVZTlNveFRDYVN6VE1Zd1pDSVRycVhsNlk0L29nZVQKdVZTbTlaRUNnWUVBN0c4Q3l5REtEVEJZb0l5RWtuSlZLU3d1ZWxPQTJlZHhtVnlLTDhoTG9QaXExUW9TSC9OMQozMG5OL0dWY3ZEN1FFRDRwL3UwWGFNdVBtMkhWaHVYd3h1L3Q5ajExRFZsS1A3UXNIOXU0cEpLeml3Nk5tVjVOCi85K21jamRXQUg1QnFhSnRtcEYwdW9ac1drNDFKVmUwZkE3YTNGQ3JYcDFVL0dEOUJLU0FEMDBDZ1lFQW1BaW8KQ2hFaDcrcEQ3dnV0Rjg1dStGcWJkalkrS215RmVUUGQyNzE3UDZpNVY2QzZsVnBjbk03dm9abEd5MGZqb2FsZAplOW50bTBWVThGWmtVSWloS1B6VzkvTFNBVjhCZ08rdlNRck4vSU1FbURxb2w5NTlJeHhJLzZ5emtZNUp3WVJQCm1sd29OelUwZWtjSHpnMGV1N0RBMXV6UmZ2NEYxTlVXK1F5bFJkMENnWUVBenIwN09oZFAxanlDSXREOFUzbjYKRVdoNnM2ZzBzVlY1dGRwL1VzelhwTWdMeVFGblc5enRJdlJNVS9qbUlBemtybTlORllhSHc3REx2OWpLZDR5MAovNTlvK3JvK2tnK1RweVNLdU1qT0tjbkZpVUNPZko5RG9Rd1ZaU1lSNDVpREhpdlRueWExWlN5SnJtVllmM0N6CmR3OGVQU3VremJUUlRXWVptR2VuT3JrQ2dZRUFob082TWRZQXdlWHpIMEo4WHNEZVBFem1tY3ZhYXV6RGwzNUYKZ0lPQXhjMUIxMzgxTnFuUm9VZ1NpMWN6Wk82QlArcTY5TGJYM1BhVjlXTnF0RHArNU9YNFNUOEZnZ01PTUlkZwovbTVaM0Y0THRhakl2RDQxVjloUjJpMXlYNG1XUm1zTGgxYWNtbVF2dnpTVGVrTHZlejhqRDhaT2dWNjl5QmFWCmtkc1hhOTBDZ1lFQWsrNmdocFhOa3UxMlVBTmY5TUg4bG9OKzM1L2lQZWVvcWYwTVk1Rk1WUll4MTBaQTkxTGgKaWVBY3pWaGlxenhDdEhXaExBNFN4RTk2MmVnK2ppL2F3a1M0a1hMQ011WklFU0UrakZjN3B0VW1KamxzT1dqdgo4L2RxVUg1eWpSS3MycXhrQldHNEhtVDNOeDZBOHNZSXJVWXh5cVZMQnBHOHlLbmdibmFZUFY0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ=='}| -|client_cert|credential_secret_key|None|True|A base64 encoded Client_Cert Key|None|{'privateKey': 'LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBakdub1V0ZlBIcXZYM1BJVTZOOUZLbXdRM1psK05vYVdiNHlNTGh1ZGtkRUJKM0F1CitJOFFkbHFES0JtNjU2VWVPQ2gzci9pOWUwVUxLeGtYREZmS21jM3AyV3YrMGxWT1lHdnhaRktVd0tIMHJpQUwKQTRpbXlZdUwvZndlT1NHU25RbGdZS3I5OUhjaVRCSWRMMTVTWjMyVGpZYitQRFpCbCs2elFzdzJIWU5KY3FNagppY2lDN0NBajZnQjlTTzh4MXZNc1JrVStycUt1YzJyOFVrK3FoRUN3OHpSNEs2NndGdVlNMTdzR1VNWFVxL3BICldkaUV2TzNxL21kSzQ3TnJ4NWkyYmFDN281UlhzcEtIWXk2WGVyNFZibmlwbDREZ0FLa2FOT0wwMmErWnYzOFEKbCt4eTl3ZG1XcVVJYk1pcVNiai9rNnh4RGlQUWtUUisvMDMyZVFJREFRQUJBb0lCQUVrUHpwQlV0UFFickozTgo1UzFyQjcxVUw4NXUwT3FrUzJETnZCODl4VmFiYjBOTEwxV3NjMzl5QjI3MVBIak9SUlFwa21XaFEwOENGUmFlCjNveFFuaDQ3cytPck94UE15WlNJZGptaWNyNXRSempYZVlPa05rMEc3SmdDK09MM1lpZU9PblR5WkdReEhVcUIKM21mSVo0NXNIRHYzTXhDM2xwZnMzNS94VEhNOEUvZ1cvZ1RmdlUzUWJvUWFMMXEvdGFSUVlFSHZnaXV0d2RaMApzRUZ0SjhlQXdPQkFCWGlWM1FQeG5BUWdJcHdZcGJpY2wzQUsxNWdzNUVOSzRSbmdpMmJJN2hkbU13RFdhNnQvCmcwQ1AwVGl0eUZxMDVKVW1uYXo0d2VrWHhENUVCbTc3NkVZTlNveFRDYVN6VE1Zd1pDSVRycVhsNlk0L29nZVQKdVZTbTlaRUNnWUVBN0c4Q3l5REtEVEJZb0l5RWtuSlZLU3d1ZWxPQTJlZHhtVnlLTDhoTG9QaXExUW9TSC9OMQozMG5OL0dWY3ZEN1FFRDRwL3UwWGFNdVBtMkhWaHVYd3h1L3Q5ajExRFZsS1A3UXNIOXU0cEpLeml3Nk5tVjVOCi85K21jamRXQUg1QnFhSnRtcEYwdW9ac1drNDFKVmUwZkE3YTNGQ3JYcDFVL0dEOUJLU0FEMDBDZ1lFQW1BaW8KQ2hFaDcrcEQ3dnV0Rjg1dStGcWJkalkrS215RmVUUGQyNzE3UDZpNVY2QzZsVnBjbk03dm9abEd5MGZqb2FsZAplOW50bTBWVThGWmtVSWloS1B6VzkvTFNBVjhCZ08rdlNRck4vSU1FbURxb2w5NTlJeHhJLzZ5emtZNUp3WVJQCm1sd29OelUwZWtjSHpnMGV1N0RBMXV6UmZ2NEYxTlVXK1F5bFJkMENnWUVBenIwN09oZFAxanlDSXREOFUzbjYKRVdoNnM2ZzBzVlY1dGRwL1VzelhwTWdMeVFGblc5enRJdlJNVS9qbUlBemtybTlORllhSHc3REx2OWpLZDR5MAovNTlvK3JvK2tnK1RweVNLdU1qT0tjbkZpVUNPZko5RG9Rd1ZaU1lSNDVpREhpdlRueWExWlN5SnJtVllmM0N6CmR3OGVQU3VremJUUlRXWVptR2VuT3JrQ2dZRUFob082TWRZQXdlWHpIMEo4WHNEZVBFem1tY3ZhYXV6RGwzNUYKZ0lPQXhjMUIxMzgxTnFuUm9VZ1NpMWN6Wk82QlArcTY5TGJYM1BhVjlXTnF0RHArNU9YNFNUOEZnZ01PTUlkZwovbTVaM0Y0THRhakl2RDQxVjloUjJpMXlYNG1XUm1zTGgxYWNtbVF2dnpTVGVrTHZlejhqRDhaT2dWNjl5QmFWCmtkc1hhOTBDZ1lFQWsrNmdocFhOa3UxMlVBTmY5TUg4bG9OKzM1L2lQZWVvcWYwTVk1Rk1WUll4MTBaQTkxTGgKaWVBY3pWaGlxenhDdEhXaExBNFN4RTk2MmVnK2ppL2F3a1M0a1hMQ011WklFU0UrakZjN3B0VW1KamxzT1dqdgo4L2RxVUg1eWpSS3MycXhrQldHNEhtVDNOeDZBOHNZSXJVWXh5cVZMQnBHOHlLbmdibmFZUFY0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ=='}| -|client_private_key|credential_secret_key|None|True|A base64 encoded Client_Private Key|None|{'privateKey': 'LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBakdub1V0ZlBIcXZYM1BJVTZOOUZLbXdRM1psK05vYVdiNHlNTGh1ZGtkRUJKM0F1CitJOFFkbHFES0JtNjU2VWVPQ2gzci9pOWUwVUxLeGtYREZmS21jM3AyV3YrMGxWT1lHdnhaRktVd0tIMHJpQUwKQTRpbXlZdUwvZndlT1NHU25RbGdZS3I5OUhjaVRCSWRMMTVTWjMyVGpZYitQRFpCbCs2elFzdzJIWU5KY3FNagppY2lDN0NBajZnQjlTTzh4MXZNc1JrVStycUt1YzJyOFVrK3FoRUN3OHpSNEs2NndGdVlNMTdzR1VNWFVxL3BICldkaUV2TzNxL21kSzQ3TnJ4NWkyYmFDN281UlhzcEtIWXk2WGVyNFZibmlwbDREZ0FLa2FOT0wwMmErWnYzOFEKbCt4eTl3ZG1XcVVJYk1pcVNiai9rNnh4RGlQUWtUUisvMDMyZVFJREFRQUJBb0lCQUVrUHpwQlV0UFFickozTgo1UzFyQjcxVUw4NXUwT3FrUzJETnZCODl4VmFiYjBOTEwxV3NjMzl5QjI3MVBIak9SUlFwa21XaFEwOENGUmFlCjNveFFuaDQ3cytPck94UE15WlNJZGptaWNyNXRSempYZVlPa05rMEc3SmdDK09MM1lpZU9PblR5WkdReEhVcUIKM21mSVo0NXNIRHYzTXhDM2xwZnMzNS94VEhNOEUvZ1cvZ1RmdlUzUWJvUWFMMXEvdGFSUVlFSHZnaXV0d2RaMApzRUZ0SjhlQXdPQkFCWGlWM1FQeG5BUWdJcHdZcGJpY2wzQUsxNWdzNUVOSzRSbmdpMmJJN2hkbU13RFdhNnQvCmcwQ1AwVGl0eUZxMDVKVW1uYXo0d2VrWHhENUVCbTc3NkVZTlNveFRDYVN6VE1Zd1pDSVRycVhsNlk0L29nZVQKdVZTbTlaRUNnWUVBN0c4Q3l5REtEVEJZb0l5RWtuSlZLU3d1ZWxPQTJlZHhtVnlLTDhoTG9QaXExUW9TSC9OMQozMG5OL0dWY3ZEN1FFRDRwL3UwWGFNdVBtMkhWaHVYd3h1L3Q5ajExRFZsS1A3UXNIOXU0cEpLeml3Nk5tVjVOCi85K21jamRXQUg1QnFhSnRtcEYwdW9ac1drNDFKVmUwZkE3YTNGQ3JYcDFVL0dEOUJLU0FEMDBDZ1lFQW1BaW8KQ2hFaDcrcEQ3dnV0Rjg1dStGcWJkalkrS215RmVUUGQyNzE3UDZpNVY2QzZsVnBjbk03dm9abEd5MGZqb2FsZAplOW50bTBWVThGWmtVSWloS1B6VzkvTFNBVjhCZ08rdlNRck4vSU1FbURxb2w5NTlJeHhJLzZ5emtZNUp3WVJQCm1sd29OelUwZWtjSHpnMGV1N0RBMXV6UmZ2NEYxTlVXK1F5bFJkMENnWUVBenIwN09oZFAxanlDSXREOFUzbjYKRVdoNnM2ZzBzVlY1dGRwL1VzelhwTWdMeVFGblc5enRJdlJNVS9qbUlBemtybTlORllhSHc3REx2OWpLZDR5MAovNTlvK3JvK2tnK1RweVNLdU1qT0tjbkZpVUNPZko5RG9Rd1ZaU1lSNDVpREhpdlRueWExWlN5SnJtVllmM0N6CmR3OGVQU3VremJUUlRXWVptR2VuT3JrQ2dZRUFob082TWRZQXdlWHpIMEo4WHNEZVBFem1tY3ZhYXV6RGwzNUYKZ0lPQXhjMUIxMzgxTnFuUm9VZ1NpMWN6Wk82QlArcTY5TGJYM1BhVjlXTnF0RHArNU9YNFNUOEZnZ01PTUlkZwovbTVaM0Y0THRhakl2RDQxVjloUjJpMXlYNG1XUm1zTGgxYWNtbVF2dnpTVGVrTHZlejhqRDhaT2dWNjl5QmFWCmtkc1hhOTBDZ1lFQWsrNmdocFhOa3UxMlVBTmY5TUg4bG9OKzM1L2lQZWVvcWYwTVk1Rk1WUll4MTBaQTkxTGgKaWVBY3pWaGlxenhDdEhXaExBNFN4RTk2MmVnK2ppL2F3a1M0a1hMQ011WklFU0UrakZjN3B0VW1KamxzT1dqdgo4L2RxVUg1eWpSS3MycXhrQldHNEhtVDNOeDZBOHNZSXJVWXh5cVZMQnBHOHlLbmdibmFZUFY0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ=='}| -|username|string|None|True|User to run command as|None|rapid7| - -Example input: - -``` -{ - "api_connection_string": "x.x.x.x:8001", - "ca_certificate": { - "privateKey": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBakdub1V0ZlBIcXZYM1BJVTZOOUZLbXdRM1psK05vYVdiNHlNTGh1ZGtkRUJKM0F1CitJOFFkbHFES0JtNjU2VWVPQ2gzci9pOWUwVUxLeGtYREZmS21jM3AyV3YrMGxWT1lHdnhaRktVd0tIMHJpQUwKQTRpbXlZdUwvZndlT1NHU25RbGdZS3I5OUhjaVRCSWRMMTVTWjMyVGpZYitQRFpCbCs2elFzdzJIWU5KY3FNagppY2lDN0NBajZnQjlTTzh4MXZNc1JrVStycUt1YzJyOFVrK3FoRUN3OHpSNEs2NndGdVlNMTdzR1VNWFVxL3BICldkaUV2TzNxL21kSzQ3TnJ4NWkyYmFDN281UlhzcEtIWXk2WGVyNFZibmlwbDREZ0FLa2FOT0wwMmErWnYzOFEKbCt4eTl3ZG1XcVVJYk1pcVNiai9rNnh4RGlQUWtUUisvMDMyZVFJREFRQUJBb0lCQUVrUHpwQlV0UFFickozTgo1UzFyQjcxVUw4NXUwT3FrUzJETnZCODl4VmFiYjBOTEwxV3NjMzl5QjI3MVBIak9SUlFwa21XaFEwOENGUmFlCjNveFFuaDQ3cytPck94UE15WlNJZGptaWNyNXRSempYZVlPa05rMEc3SmdDK09MM1lpZU9PblR5WkdReEhVcUIKM21mSVo0NXNIRHYzTXhDM2xwZnMzNS94VEhNOEUvZ1cvZ1RmdlUzUWJvUWFMMXEvdGFSUVlFSHZnaXV0d2RaMApzRUZ0SjhlQXdPQkFCWGlWM1FQeG5BUWdJcHdZcGJpY2wzQUsxNWdzNUVOSzRSbmdpMmJJN2hkbU13RFdhNnQvCmcwQ1AwVGl0eUZxMDVKVW1uYXo0d2VrWHhENUVCbTc3NkVZTlNveFRDYVN6VE1Zd1pDSVRycVhsNlk0L29nZVQKdVZTbTlaRUNnWUVBN0c4Q3l5REtEVEJZb0l5RWtuSlZLU3d1ZWxPQTJlZHhtVnlLTDhoTG9QaXExUW9TSC9OMQozMG5OL0dWY3ZEN1FFRDRwL3UwWGFNdVBtMkhWaHVYd3h1L3Q5ajExRFZsS1A3UXNIOXU0cEpLeml3Nk5tVjVOCi85K21jamRXQUg1QnFhSnRtcEYwdW9ac1drNDFKVmUwZkE3YTNGQ3JYcDFVL0dEOUJLU0FEMDBDZ1lFQW1BaW8KQ2hFaDcrcEQ3dnV0Rjg1dStGcWJkalkrS215RmVUUGQyNzE3UDZpNVY2QzZsVnBjbk03dm9abEd5MGZqb2FsZAplOW50bTBWVThGWmtVSWloS1B6VzkvTFNBVjhCZ08rdlNRck4vSU1FbURxb2w5NTlJeHhJLzZ5emtZNUp3WVJQCm1sd29OelUwZWtjSHpnMGV1N0RBMXV6UmZ2NEYxTlVXK1F5bFJkMENnWUVBenIwN09oZFAxanlDSXREOFUzbjYKRVdoNnM2ZzBzVlY1dGRwL1VzelhwTWdMeVFGblc5enRJdlJNVS9qbUlBemtybTlORllhSHc3REx2OWpLZDR5MAovNTlvK3JvK2tnK1RweVNLdU1qT0tjbkZpVUNPZko5RG9Rd1ZaU1lSNDVpREhpdlRueWExWlN5SnJtVllmM0N6CmR3OGVQU3VremJUUlRXWVptR2VuT3JrQ2dZRUFob082TWRZQXdlWHpIMEo4WHNEZVBFem1tY3ZhYXV6RGwzNUYKZ0lPQXhjMUIxMzgxTnFuUm9VZ1NpMWN6Wk82QlArcTY5TGJYM1BhVjlXTnF0RHArNU9YNFNUOEZnZ01PTUlkZwovbTVaM0Y0THRhakl2RDQxVjloUjJpMXlYNG1XUm1zTGgxYWNtbVF2dnpTVGVrTHZlejhqRDhaT2dWNjl5QmFWCmtkc1hhOTBDZ1lFQWsrNmdocFhOa3UxMlVBTmY5TUg4bG9OKzM1L2lQZWVvcWYwTVk1Rk1WUll4MTBaQTkxTGgKaWVBY3pWaGlxenhDdEhXaExBNFN4RTk2MmVnK2ppL2F3a1M0a1hMQ011WklFU0UrakZjN3B0VW1KamxzT1dqdgo4L2RxVUg1eWpSS3MycXhrQldHNEhtVDNOeDZBOHNZSXJVWXh5cVZMQnBHOHlLbmdibmFZUFY0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==" - }, - "client_cert": { - "privateKey": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBakdub1V0ZlBIcXZYM1BJVTZOOUZLbXdRM1psK05vYVdiNHlNTGh1ZGtkRUJKM0F1CitJOFFkbHFES0JtNjU2VWVPQ2gzci9pOWUwVUxLeGtYREZmS21jM3AyV3YrMGxWT1lHdnhaRktVd0tIMHJpQUwKQTRpbXlZdUwvZndlT1NHU25RbGdZS3I5OUhjaVRCSWRMMTVTWjMyVGpZYitQRFpCbCs2elFzdzJIWU5KY3FNagppY2lDN0NBajZnQjlTTzh4MXZNc1JrVStycUt1YzJyOFVrK3FoRUN3OHpSNEs2NndGdVlNMTdzR1VNWFVxL3BICldkaUV2TzNxL21kSzQ3TnJ4NWkyYmFDN281UlhzcEtIWXk2WGVyNFZibmlwbDREZ0FLa2FOT0wwMmErWnYzOFEKbCt4eTl3ZG1XcVVJYk1pcVNiai9rNnh4RGlQUWtUUisvMDMyZVFJREFRQUJBb0lCQUVrUHpwQlV0UFFickozTgo1UzFyQjcxVUw4NXUwT3FrUzJETnZCODl4VmFiYjBOTEwxV3NjMzl5QjI3MVBIak9SUlFwa21XaFEwOENGUmFlCjNveFFuaDQ3cytPck94UE15WlNJZGptaWNyNXRSempYZVlPa05rMEc3SmdDK09MM1lpZU9PblR5WkdReEhVcUIKM21mSVo0NXNIRHYzTXhDM2xwZnMzNS94VEhNOEUvZ1cvZ1RmdlUzUWJvUWFMMXEvdGFSUVlFSHZnaXV0d2RaMApzRUZ0SjhlQXdPQkFCWGlWM1FQeG5BUWdJcHdZcGJpY2wzQUsxNWdzNUVOSzRSbmdpMmJJN2hkbU13RFdhNnQvCmcwQ1AwVGl0eUZxMDVKVW1uYXo0d2VrWHhENUVCbTc3NkVZTlNveFRDYVN6VE1Zd1pDSVRycVhsNlk0L29nZVQKdVZTbTlaRUNnWUVBN0c4Q3l5REtEVEJZb0l5RWtuSlZLU3d1ZWxPQTJlZHhtVnlLTDhoTG9QaXExUW9TSC9OMQozMG5OL0dWY3ZEN1FFRDRwL3UwWGFNdVBtMkhWaHVYd3h1L3Q5ajExRFZsS1A3UXNIOXU0cEpLeml3Nk5tVjVOCi85K21jamRXQUg1QnFhSnRtcEYwdW9ac1drNDFKVmUwZkE3YTNGQ3JYcDFVL0dEOUJLU0FEMDBDZ1lFQW1BaW8KQ2hFaDcrcEQ3dnV0Rjg1dStGcWJkalkrS215RmVUUGQyNzE3UDZpNVY2QzZsVnBjbk03dm9abEd5MGZqb2FsZAplOW50bTBWVThGWmtVSWloS1B6VzkvTFNBVjhCZ08rdlNRck4vSU1FbURxb2w5NTlJeHhJLzZ5emtZNUp3WVJQCm1sd29OelUwZWtjSHpnMGV1N0RBMXV6UmZ2NEYxTlVXK1F5bFJkMENnWUVBenIwN09oZFAxanlDSXREOFUzbjYKRVdoNnM2ZzBzVlY1dGRwL1VzelhwTWdMeVFGblc5enRJdlJNVS9qbUlBemtybTlORllhSHc3REx2OWpLZDR5MAovNTlvK3JvK2tnK1RweVNLdU1qT0tjbkZpVUNPZko5RG9Rd1ZaU1lSNDVpREhpdlRueWExWlN5SnJtVllmM0N6CmR3OGVQU3VremJUUlRXWVptR2VuT3JrQ2dZRUFob082TWRZQXdlWHpIMEo4WHNEZVBFem1tY3ZhYXV6RGwzNUYKZ0lPQXhjMUIxMzgxTnFuUm9VZ1NpMWN6Wk82QlArcTY5TGJYM1BhVjlXTnF0RHArNU9YNFNUOEZnZ01PTUlkZwovbTVaM0Y0THRhakl2RDQxVjloUjJpMXlYNG1XUm1zTGgxYWNtbVF2dnpTVGVrTHZlejhqRDhaT2dWNjl5QmFWCmtkc1hhOTBDZ1lFQWsrNmdocFhOa3UxMlVBTmY5TUg4bG9OKzM1L2lQZWVvcWYwTVk1Rk1WUll4MTBaQTkxTGgKaWVBY3pWaGlxenhDdEhXaExBNFN4RTk2MmVnK2ppL2F3a1M0a1hMQ011WklFU0UrakZjN3B0VW1KamxzT1dqdgo4L2RxVUg1eWpSS3MycXhrQldHNEhtVDNOeDZBOHNZSXJVWXh5cVZMQnBHOHlLbmdibmFZUFY0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==" - }, - "client_private_key": { - "privateKey": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBakdub1V0ZlBIcXZYM1BJVTZOOUZLbXdRM1psK05vYVdiNHlNTGh1ZGtkRUJKM0F1CitJOFFkbHFES0JtNjU2VWVPQ2gzci9pOWUwVUxLeGtYREZmS21jM3AyV3YrMGxWT1lHdnhaRktVd0tIMHJpQUwKQTRpbXlZdUwvZndlT1NHU25RbGdZS3I5OUhjaVRCSWRMMTVTWjMyVGpZYitQRFpCbCs2elFzdzJIWU5KY3FNagppY2lDN0NBajZnQjlTTzh4MXZNc1JrVStycUt1YzJyOFVrK3FoRUN3OHpSNEs2NndGdVlNMTdzR1VNWFVxL3BICldkaUV2TzNxL21kSzQ3TnJ4NWkyYmFDN281UlhzcEtIWXk2WGVyNFZibmlwbDREZ0FLa2FOT0wwMmErWnYzOFEKbCt4eTl3ZG1XcVVJYk1pcVNiai9rNnh4RGlQUWtUUisvMDMyZVFJREFRQUJBb0lCQUVrUHpwQlV0UFFickozTgo1UzFyQjcxVUw4NXUwT3FrUzJETnZCODl4VmFiYjBOTEwxV3NjMzl5QjI3MVBIak9SUlFwa21XaFEwOENGUmFlCjNveFFuaDQ3cytPck94UE15WlNJZGptaWNyNXRSempYZVlPa05rMEc3SmdDK09MM1lpZU9PblR5WkdReEhVcUIKM21mSVo0NXNIRHYzTXhDM2xwZnMzNS94VEhNOEUvZ1cvZ1RmdlUzUWJvUWFMMXEvdGFSUVlFSHZnaXV0d2RaMApzRUZ0SjhlQXdPQkFCWGlWM1FQeG5BUWdJcHdZcGJpY2wzQUsxNWdzNUVOSzRSbmdpMmJJN2hkbU13RFdhNnQvCmcwQ1AwVGl0eUZxMDVKVW1uYXo0d2VrWHhENUVCbTc3NkVZTlNveFRDYVN6VE1Zd1pDSVRycVhsNlk0L29nZVQKdVZTbTlaRUNnWUVBN0c4Q3l5REtEVEJZb0l5RWtuSlZLU3d1ZWxPQTJlZHhtVnlLTDhoTG9QaXExUW9TSC9OMQozMG5OL0dWY3ZEN1FFRDRwL3UwWGFNdVBtMkhWaHVYd3h1L3Q5ajExRFZsS1A3UXNIOXU0cEpLeml3Nk5tVjVOCi85K21jamRXQUg1QnFhSnRtcEYwdW9ac1drNDFKVmUwZkE3YTNGQ3JYcDFVL0dEOUJLU0FEMDBDZ1lFQW1BaW8KQ2hFaDcrcEQ3dnV0Rjg1dStGcWJkalkrS215RmVUUGQyNzE3UDZpNVY2QzZsVnBjbk03dm9abEd5MGZqb2FsZAplOW50bTBWVThGWmtVSWloS1B6VzkvTFNBVjhCZ08rdlNRck4vSU1FbURxb2w5NTlJeHhJLzZ5emtZNUp3WVJQCm1sd29OelUwZWtjSHpnMGV1N0RBMXV6UmZ2NEYxTlVXK1F5bFJkMENnWUVBenIwN09oZFAxanlDSXREOFUzbjYKRVdoNnM2ZzBzVlY1dGRwL1VzelhwTWdMeVFGblc5enRJdlJNVS9qbUlBemtybTlORllhSHc3REx2OWpLZDR5MAovNTlvK3JvK2tnK1RweVNLdU1qT0tjbkZpVUNPZko5RG9Rd1ZaU1lSNDVpREhpdlRueWExWlN5SnJtVllmM0N6CmR3OGVQU3VremJUUlRXWVptR2VuT3JrQ2dZRUFob082TWRZQXdlWHpIMEo4WHNEZVBFem1tY3ZhYXV6RGwzNUYKZ0lPQXhjMUIxMzgxTnFuUm9VZ1NpMWN6Wk82QlArcTY5TGJYM1BhVjlXTnF0RHArNU9YNFNUOEZnZ01PTUlkZwovbTVaM0Y0THRhakl2RDQxVjloUjJpMXlYNG1XUm1zTGgxYWNtbVF2dnpTVGVrTHZlejhqRDhaT2dWNjl5QmFWCmtkc1hhOTBDZ1lFQWsrNmdocFhOa3UxMlVBTmY5TUg4bG9OKzM1L2lQZWVvcWYwTVk1Rk1WUll4MTBaQTkxTGgKaWVBY3pWaGlxenhDdEhXaExBNFN4RTk2MmVnK2ppL2F3a1M0a1hMQ011WklFU0UrakZjN3B0VW1KamxzT1dqdgo4L2RxVUg1eWpSS3MycXhrQldHNEhtVDNOeDZBOHNZSXJVWXh5cVZMQnBHOHlLbmdibmFZUFY0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==" - }, - "username": "rapid7" -} -``` - -## Technical Details - -### Actions - - -#### Run Velociraptor Command - -Run Velociraptor command - -##### Input - -|Name|Type|Default|Required|Description|Enum|Example| -| :--- | :--- | :--- | :--- | :--- | :--- | :--- | -|command|string|None|True|Command to execute on Velociraptor host|None|SELECT * FROM host()| - -Example input: - -``` -{ - "command": "SELECT * FROM host()" -} -``` - -##### Output - -|Name|Type|Required|Description|Example| -| :--- | :--- | :--- | :--- | :--- | -|results|results|True|Results|None| - -Example output: - -``` -{ - "results": { - "LOGS_LIST": [ - {} - ] - } -} -``` -### Triggers - -*This plugin does not contain any triggers.* -### Tasks - -*This plugin does not contain any tasks.* - -### Custom Types - -**results** - -|Name|Type|Default|Required|Description|Example| -| :--- | :--- | :--- | :--- | :--- | :--- | -|LOGS_LIST|[]object|None|None|Logs List|None| - - -## Troubleshooting - -*There is no troubleshooting for this plugin.* - -# Version History - -* 1.0.0 - Initial plugin - -# Links - -* [Velociraptor Product Page](https://docs.velociraptor.app) -* [Base64 Encode/Decode Page](https://www.base64encode.org/) - -## References - -* [Velociraptor Product Page](https://docs.velociraptor.app) -* [Base64 Encode/Decode Page](https://www.base64encode.org/) diff --git a/velociraptor_legacy/icon.png b/velociraptor_legacy/icon.png deleted file mode 100644 index e248fbaf59..0000000000 Binary files a/velociraptor_legacy/icon.png and /dev/null differ diff --git a/velociraptor_legacy/icon_velociraptor_legacy/__init__.py b/velociraptor_legacy/icon_velociraptor_legacy/__init__.py deleted file mode 100644 index 797e426edf..0000000000 --- a/velociraptor_legacy/icon_velociraptor_legacy/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT diff --git a/velociraptor_legacy/icon_velociraptor_legacy/actions/__init__.py b/velociraptor_legacy/icon_velociraptor_legacy/actions/__init__.py deleted file mode 100644 index 8eb64d5f65..0000000000 --- a/velociraptor_legacy/icon_velociraptor_legacy/actions/__init__.py +++ /dev/null @@ -1,3 +0,0 @@ -# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT - -from .run.action import Run diff --git a/velociraptor_legacy/icon_velociraptor_legacy/actions/run/__init__.py b/velociraptor_legacy/icon_velociraptor_legacy/actions/run/__init__.py deleted file mode 100644 index 598a34c70c..0000000000 --- a/velociraptor_legacy/icon_velociraptor_legacy/actions/run/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT -from .action import Run diff --git a/velociraptor_legacy/icon_velociraptor_legacy/actions/run/action.py b/velociraptor_legacy/icon_velociraptor_legacy/actions/run/action.py deleted file mode 100644 index dcf22d453a..0000000000 --- a/velociraptor_legacy/icon_velociraptor_legacy/actions/run/action.py +++ /dev/null @@ -1,92 +0,0 @@ -import json -import paramiko -import base64 -import grpc -import io -import time -from pyvelociraptor import api_pb2 -from pyvelociraptor import api_pb2_grpc -import insightconnect_plugin_runtime -from .schema import RunInput, RunOutput, Input, Output, Component - -# Custom imports below - - -class Run(insightconnect_plugin_runtime.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="run", - description=Component.DESCRIPTION, - input=RunInput(), - output=RunOutput(), - ) - - def run(self, params={}): - # START INPUT BINDING - DO NOT REMOVE - ANY INPUTS BELOW WILL UPDATE WITH YOUR PLUGIN SPEC AFTER REGENERATION - # END INPUT BINDING - DO NOT REMOVE - # TODO - If input bindings for connection can be done check to same if it you can do the same here - """Runs a VQL query against the Velociraptor server. - - Args: - config: A dictionary containing the configuration parameters for the Velociraptor server. - query: The VQL query to run. - - Returns: - A tuple containing the query, the response, and the query execution logs. - """ - results = {} - try: - # Fill in the SSL params from the api_client config file. You can get such a file: - # velociraptor --config server.config.yaml config api_client > api_client.conf.yaml - api_connection_string = self.connection.api_connection_string - root_certificates_decoded = self.connection.root_certificates_decoded - private_key_decoded = self.connection.private_key_decoded - certificate_chain_decoded = self.connection.certificate_chain_decoded - query = params.get(Input.COMMAND) - creds = grpc.ssl_channel_credentials( - root_certificates=root_certificates_decoded, - private_key=private_key_decoded, - certificate_chain=certificate_chain_decoded, - ) - # This option is required to connect to the grpc server by IP - we - # use self signed certs. - options = ( - ( - "grpc.ssl_target_name_override", - "VelociraptorServer", - ), - ) - # The first step is to open a gRPC channel to the server.. - with grpc.secure_channel(api_connection_string, creds, options) as channel: - stub = api_pb2_grpc.APIStub(channel) - # The request consists of one or more VQL queries. Note that you can collect artifacts by simply naming them using the - # "Artifact" plugin. - request = api_pb2.VQLCollectorArgs( - max_wait=1, - max_row=100, - Query=[ - api_pb2.VQLRequest( - Name="ICON Plugin Request", - VQL=query, - ) - ], - ) - # This will block as responses are streamed from the - # server. If the query is an event query we will run this loop - # forever. - logs_list = [] - for response in stub.Query(request): - if response.Response: - package = json.loads(response.Response) - logs_list.append(package) - - elif response.log: - # Query execution logs are sent in their own messages. - package = time.ctime(response.timestamp / 1000000), response.log - self.logger.info("Command Sent") - results["logs_list"] = logs_list[0] - return {Output.RESULTS: results} - except grpc.RpcError as e: - self.logger.info("Error: ", e) - results["logs_list"] = e - return {Output.RESULTS: results} diff --git a/velociraptor_legacy/icon_velociraptor_legacy/actions/run/schema.py b/velociraptor_legacy/icon_velociraptor_legacy/actions/run/schema.py deleted file mode 100644 index b9ea81d746..0000000000 --- a/velociraptor_legacy/icon_velociraptor_legacy/actions/run/schema.py +++ /dev/null @@ -1,82 +0,0 @@ -# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Component: - DESCRIPTION = "Run Velociraptor command" - - -class Input: - COMMAND = "command" - - -class Output: - RESULTS = "results" - - -class RunInput(insightconnect_plugin_runtime.Input): - schema = json.loads( - r""" - { - "type": "object", - "title": "Variables", - "properties": { - "command": { - "type": "string", - "description": "Command to execute on Velociraptor host", - "order": 1 - } - }, - "required": [ - "command" - ], - "definitions": {} -} - """ - ) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class RunOutput(insightconnect_plugin_runtime.Output): - schema = json.loads( - r""" - { - "type": "object", - "title": "Variables", - "properties": { - "results": { - "$ref": "#/definitions/results", - "title": "Results", - "description": "Results", - "order": 1 - } - }, - "required": [ - "results" - ], - "definitions": { - "results": { - "type": "object", - "title": "results", - "properties": { - "logs_list": { - "type": "array", - "title": "LOGS_LIST", - "description": "Logs List", - "items": { - "type": "object" - }, - "order": 1 - } - } - } - } -} - """ - ) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/velociraptor_legacy/icon_velociraptor_legacy/connection/__init__.py b/velociraptor_legacy/icon_velociraptor_legacy/connection/__init__.py deleted file mode 100644 index c78d3356be..0000000000 --- a/velociraptor_legacy/icon_velociraptor_legacy/connection/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT -from .connection import Connection diff --git a/velociraptor_legacy/icon_velociraptor_legacy/connection/connection.py b/velociraptor_legacy/icon_velociraptor_legacy/connection/connection.py deleted file mode 100644 index 993aac3d4e..0000000000 --- a/velociraptor_legacy/icon_velociraptor_legacy/connection/connection.py +++ /dev/null @@ -1,115 +0,0 @@ -import json -import paramiko -import base64 -import grpc -import io -import time -from pyvelociraptor import api_pb2 -from pyvelociraptor import api_pb2_grpc -import insightconnect_plugin_runtime -from .schema import ConnectionSchema, Input - -# Custom imports below - - -class Connection(insightconnect_plugin_runtime.Connection): - def __init__(self): - super(self.__class__, self).__init__(input=ConnectionSchema()) - - def connect(self, parameters): - # START INPUT BINDING - DO NOT REMOVE - ANY INPUTS BELOW WILL UPDATE WITH YOUR PLUGIN SPEC AFTER REGENERATION - # TODO: generate bound input variables for the user, to help handhold the user - # TODO: ex. self.api_key = params.get(Input.API_KEY) - # END INPUT BINDING - DO NOT REMOVE - self.logger.info("Connect: Connecting...") - """Runs a VQL query against the Velociraptor server. - - Args: - config: A dictionary containing the configuration parameters for the Velociraptor server. - query: The VQL query to run. - - Returns: - A tuple containing the query, the response, and the query execution logs. - """ - - try: - # Fill in the SSL params from the api_client config file. You can get such a file: - # velociraptor --config server.config.yaml config api_client > api_client.conf.yaml - api_connection_string = self.parameters["api_connection_string"] - root_certificates_decoded = base64.b64decode( - self.parameters["ca_certificate"]["secretKey"] - ) - private_key_decoded = base64.b64decode( - self.parameters["client_private_key"]["secretKey"] - ) - certificate_chain_decoded = base64.b64decode( - self.parameters["client_cert"]["secretKey"] - ) - query = "SELECT * FROM info()" - creds = grpc.ssl_channel_credentials( - root_certificates=root_certificates_decoded, - private_key=private_key_decoded, - certificate_chain=certificate_chain_decoded, - ) - # This option is required to connect to the grpc server by IP - we - # use self signed certs. - options = ( - ( - "grpc.ssl_target_name_override", - "VelociraptorServer", - ), - ) - # The first step is to open a gRPC channel to the server.. - with grpc.secure_channel(api_connection_string, creds, options) as channel: - stub = api_pb2_grpc.APIStub(channel) - - # The request consists of one or more VQL queries. Note that - # you can collect artifacts by simply naming them using the - # "Artifact" plugin. - request = api_pb2.VQLCollectorArgs( - max_wait=1, - max_row=100, - Query=[ - api_pb2.VQLRequest( - Name="ICON Plugin Request", - VQL=query, - ) - ], - ) - # This will block as responses are streamed from the - # server. If the query is an event query we will run this loop - # forever. - logs_list = [] - for response in stub.Query(request): - if response.Response: - package = json.loads(response.Response) - logs_list.append(package) - - elif response.log: - # Query execution logs are sent in their own messages. - package = time.ctime(response.timestamp / 1000000), response.log - self.logger.info("Connection Successful") - self.api_connection_string = self.parameters["api_connection_string"] - self.root_certificates_decoded = base64.b64decode( - self.parameters["ca_certificate"]["secretKey"] - ) - self.private_key_decoded = base64.b64decode( - self.parameters["client_private_key"]["secretKey"] - ) - self.certificate_chain_decoded = base64.b64decode( - self.parameters["client_cert"]["secretKey"] - ) - self.username = self.parameters["username"] - except grpc.RpcError as e: - self.logger.info("Error: ", e) - self.api_connection_string = self.parameters["api_connection_string"] - self.root_certificates_decoded = base64.b64decode( - self.parameters["ca_certificate"]["secretKey"] - ) - self.private_key_decoded = base64.b64decode( - self.parameters["client_private_key"]["secretKey"] - ) - self.certificate_chain_decoded = base64.b64decode( - self.parameters["client_cert"]["secretKey"] - ) - self.username = self.parameters["username"] diff --git a/velociraptor_legacy/icon_velociraptor_legacy/connection/schema.py b/velociraptor_legacy/icon_velociraptor_legacy/connection/schema.py deleted file mode 100644 index 08b9696283..0000000000 --- a/velociraptor_legacy/icon_velociraptor_legacy/connection/schema.py +++ /dev/null @@ -1,79 +0,0 @@ -# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT -import insightconnect_plugin_runtime -import json - - -class Input: - API_CONNECTION_STRING = "api_connection_string" - CA_CERTIFICATE = "ca_certificate" - CLIENT_CERT = "client_cert" - CLIENT_PRIVATE_KEY = "client_private_key" - USERNAME = "username" - - -class ConnectionSchema(insightconnect_plugin_runtime.Input): - schema = json.loads( - r""" - { - "type": "object", - "title": "Variables", - "properties": { - "api_connection_string": { - "type": "string", - "description": "Velociraptor API Connection Address", - "order": 2 - }, - "ca_certificate": { - "$ref": "#/definitions/credential_secret_key", - "description": "A base64 encoded CA_Certificate Key", - "order": 3 - }, - "client_cert": { - "$ref": "#/definitions/credential_secret_key", - "description": "A base64 encoded Client_Cert Key", - "order": 4 - }, - "client_private_key": { - "$ref": "#/definitions/credential_secret_key", - "description": "A base64 encoded Client_Private Key", - "order": 5 - }, - "username": { - "type": "string", - "description": "User to run command as", - "order": 1 - } - }, - "required": [ - "api_connection_string", - "ca_certificate", - "client_cert", - "client_private_key", - "username" - ], - "definitions": { - "credential_secret_key": { - "id": "credential_secret_key", - "type": "object", - "title": "Credential: Secret Key", - "description": "A shared secret key", - "required": [ - "secretKey" - ], - "properties": { - "secretKey": { - "type": "string", - "title": "Secret Key", - "description": "The shared secret key", - "format": "password", - "displayType": "password" - } - } - } - } -} - """ - ) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/velociraptor_legacy/icon_velociraptor_legacy/tasks/__init__.py b/velociraptor_legacy/icon_velociraptor_legacy/tasks/__init__.py deleted file mode 100644 index 797e426edf..0000000000 --- a/velociraptor_legacy/icon_velociraptor_legacy/tasks/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT diff --git a/velociraptor_legacy/icon_velociraptor_legacy/triggers/__init__.py b/velociraptor_legacy/icon_velociraptor_legacy/triggers/__init__.py deleted file mode 100644 index 797e426edf..0000000000 --- a/velociraptor_legacy/icon_velociraptor_legacy/triggers/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT diff --git a/velociraptor_legacy/icon_velociraptor_legacy/util/__init__.py b/velociraptor_legacy/icon_velociraptor_legacy/util/__init__.py deleted file mode 100644 index 797e426edf..0000000000 --- a/velociraptor_legacy/icon_velociraptor_legacy/util/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT diff --git a/velociraptor_legacy/plugin.spec.yaml b/velociraptor_legacy/plugin.spec.yaml deleted file mode 100644 index 52bfac3fc1..0000000000 --- a/velociraptor_legacy/plugin.spec.yaml +++ /dev/null @@ -1,84 +0,0 @@ -plugin_spec_version: v2 -extension: plugin -products: [insightconnect] -name: velociraptor_legacy -title: Velociraptor Legacy -description: Velociraptor is a unique, advanced open-source endpoint monitoring, digital - forensic and cyber response platform. It provides you with the ability to more effectively - respond to a wide range of digital forensic and cyber incident response investigations - and data breaches -version: 1.0.0 -version_history: ['1.0.0 - Initial plugin'] -requirements: ['Velociraptor API Conf(velociraptor --config velociraptor.config.yaml - config api_client --name rapid7 --role administrator api.config.yaml)'] -key_features: ['dfir'] -supported_versions: ['1.0.0'] -references: ['[Velociraptor Product Page](https://docs.velociraptor.app)', '[Base64 - Encode/Decode Page](https://www.base64encode.org/)'] -Links: ['#https://docs.velociraptor.app'] -vendor: jbauvinet -support: community -status: [] -enable_cache: true -resources: - vendor_url: https://docs.velociraptor.app/ - license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE -tags: -- dfir -- velociraptor -hub_tags: - use_cases: ['threat_detection_and_response'] - keywords: ['dfir'] - features: [] -sdk: - type: full - version: 5 - user: nobody -types: - results: - logs_list: - title: LOGS_LIST - description: Logs List - type: '[]object' -connection: - username: - type: string - description: User to run command as - required: true - example: rapid7 - api_connection_string: - type: string - description: Velociraptor API Connection Address - required: true - example: x.x.x.x:8001 - ca_certificate: - type: credential_secret_key - description: A base64 encoded CA_Certificate Key - required: true - example: {privateKey: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBakdub1V0ZlBIcXZYM1BJVTZOOUZLbXdRM1psK05vYVdiNHlNTGh1ZGtkRUJKM0F1CitJOFFkbHFES0JtNjU2VWVPQ2gzci9pOWUwVUxLeGtYREZmS21jM3AyV3YrMGxWT1lHdnhaRktVd0tIMHJpQUwKQTRpbXlZdUwvZndlT1NHU25RbGdZS3I5OUhjaVRCSWRMMTVTWjMyVGpZYitQRFpCbCs2elFzdzJIWU5KY3FNagppY2lDN0NBajZnQjlTTzh4MXZNc1JrVStycUt1YzJyOFVrK3FoRUN3OHpSNEs2NndGdVlNMTdzR1VNWFVxL3BICldkaUV2TzNxL21kSzQ3TnJ4NWkyYmFDN281UlhzcEtIWXk2WGVyNFZibmlwbDREZ0FLa2FOT0wwMmErWnYzOFEKbCt4eTl3ZG1XcVVJYk1pcVNiai9rNnh4RGlQUWtUUisvMDMyZVFJREFRQUJBb0lCQUVrUHpwQlV0UFFickozTgo1UzFyQjcxVUw4NXUwT3FrUzJETnZCODl4VmFiYjBOTEwxV3NjMzl5QjI3MVBIak9SUlFwa21XaFEwOENGUmFlCjNveFFuaDQ3cytPck94UE15WlNJZGptaWNyNXRSempYZVlPa05rMEc3SmdDK09MM1lpZU9PblR5WkdReEhVcUIKM21mSVo0NXNIRHYzTXhDM2xwZnMzNS94VEhNOEUvZ1cvZ1RmdlUzUWJvUWFMMXEvdGFSUVlFSHZnaXV0d2RaMApzRUZ0SjhlQXdPQkFCWGlWM1FQeG5BUWdJcHdZcGJpY2wzQUsxNWdzNUVOSzRSbmdpMmJJN2hkbU13RFdhNnQvCmcwQ1AwVGl0eUZxMDVKVW1uYXo0d2VrWHhENUVCbTc3NkVZTlNveFRDYVN6VE1Zd1pDSVRycVhsNlk0L29nZVQKdVZTbTlaRUNnWUVBN0c4Q3l5REtEVEJZb0l5RWtuSlZLU3d1ZWxPQTJlZHhtVnlLTDhoTG9QaXExUW9TSC9OMQozMG5OL0dWY3ZEN1FFRDRwL3UwWGFNdVBtMkhWaHVYd3h1L3Q5ajExRFZsS1A3UXNIOXU0cEpLeml3Nk5tVjVOCi85K21jamRXQUg1QnFhSnRtcEYwdW9ac1drNDFKVmUwZkE3YTNGQ3JYcDFVL0dEOUJLU0FEMDBDZ1lFQW1BaW8KQ2hFaDcrcEQ3dnV0Rjg1dStGcWJkalkrS215RmVUUGQyNzE3UDZpNVY2QzZsVnBjbk03dm9abEd5MGZqb2FsZAplOW50bTBWVThGWmtVSWloS1B6VzkvTFNBVjhCZ08rdlNRck4vSU1FbURxb2w5NTlJeHhJLzZ5emtZNUp3WVJQCm1sd29OelUwZWtjSHpnMGV1N0RBMXV6UmZ2NEYxTlVXK1F5bFJkMENnWUVBenIwN09oZFAxanlDSXREOFUzbjYKRVdoNnM2ZzBzVlY1dGRwL1VzelhwTWdMeVFGblc5enRJdlJNVS9qbUlBemtybTlORllhSHc3REx2OWpLZDR5MAovNTlvK3JvK2tnK1RweVNLdU1qT0tjbkZpVUNPZko5RG9Rd1ZaU1lSNDVpREhpdlRueWExWlN5SnJtVllmM0N6CmR3OGVQU3VremJUUlRXWVptR2VuT3JrQ2dZRUFob082TWRZQXdlWHpIMEo4WHNEZVBFem1tY3ZhYXV6RGwzNUYKZ0lPQXhjMUIxMzgxTnFuUm9VZ1NpMWN6Wk82QlArcTY5TGJYM1BhVjlXTnF0RHArNU9YNFNUOEZnZ01PTUlkZwovbTVaM0Y0THRhakl2RDQxVjloUjJpMXlYNG1XUm1zTGgxYWNtbVF2dnpTVGVrTHZlejhqRDhaT2dWNjl5QmFWCmtkc1hhOTBDZ1lFQWsrNmdocFhOa3UxMlVBTmY5TUg4bG9OKzM1L2lQZWVvcWYwTVk1Rk1WUll4MTBaQTkxTGgKaWVBY3pWaGlxenhDdEhXaExBNFN4RTk2MmVnK2ppL2F3a1M0a1hMQ011WklFU0UrakZjN3B0VW1KamxzT1dqdgo4L2RxVUg1eWpSS3MycXhrQldHNEhtVDNOeDZBOHNZSXJVWXh5cVZMQnBHOHlLbmdibmFZUFY0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==} - client_cert: - type: credential_secret_key - description: A base64 encoded Client_Cert Key - required: true - example: {privateKey: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBakdub1V0ZlBIcXZYM1BJVTZOOUZLbXdRM1psK05vYVdiNHlNTGh1ZGtkRUJKM0F1CitJOFFkbHFES0JtNjU2VWVPQ2gzci9pOWUwVUxLeGtYREZmS21jM3AyV3YrMGxWT1lHdnhaRktVd0tIMHJpQUwKQTRpbXlZdUwvZndlT1NHU25RbGdZS3I5OUhjaVRCSWRMMTVTWjMyVGpZYitQRFpCbCs2elFzdzJIWU5KY3FNagppY2lDN0NBajZnQjlTTzh4MXZNc1JrVStycUt1YzJyOFVrK3FoRUN3OHpSNEs2NndGdVlNMTdzR1VNWFVxL3BICldkaUV2TzNxL21kSzQ3TnJ4NWkyYmFDN281UlhzcEtIWXk2WGVyNFZibmlwbDREZ0FLa2FOT0wwMmErWnYzOFEKbCt4eTl3ZG1XcVVJYk1pcVNiai9rNnh4RGlQUWtUUisvMDMyZVFJREFRQUJBb0lCQUVrUHpwQlV0UFFickozTgo1UzFyQjcxVUw4NXUwT3FrUzJETnZCODl4VmFiYjBOTEwxV3NjMzl5QjI3MVBIak9SUlFwa21XaFEwOENGUmFlCjNveFFuaDQ3cytPck94UE15WlNJZGptaWNyNXRSempYZVlPa05rMEc3SmdDK09MM1lpZU9PblR5WkdReEhVcUIKM21mSVo0NXNIRHYzTXhDM2xwZnMzNS94VEhNOEUvZ1cvZ1RmdlUzUWJvUWFMMXEvdGFSUVlFSHZnaXV0d2RaMApzRUZ0SjhlQXdPQkFCWGlWM1FQeG5BUWdJcHdZcGJpY2wzQUsxNWdzNUVOSzRSbmdpMmJJN2hkbU13RFdhNnQvCmcwQ1AwVGl0eUZxMDVKVW1uYXo0d2VrWHhENUVCbTc3NkVZTlNveFRDYVN6VE1Zd1pDSVRycVhsNlk0L29nZVQKdVZTbTlaRUNnWUVBN0c4Q3l5REtEVEJZb0l5RWtuSlZLU3d1ZWxPQTJlZHhtVnlLTDhoTG9QaXExUW9TSC9OMQozMG5OL0dWY3ZEN1FFRDRwL3UwWGFNdVBtMkhWaHVYd3h1L3Q5ajExRFZsS1A3UXNIOXU0cEpLeml3Nk5tVjVOCi85K21jamRXQUg1QnFhSnRtcEYwdW9ac1drNDFKVmUwZkE3YTNGQ3JYcDFVL0dEOUJLU0FEMDBDZ1lFQW1BaW8KQ2hFaDcrcEQ3dnV0Rjg1dStGcWJkalkrS215RmVUUGQyNzE3UDZpNVY2QzZsVnBjbk03dm9abEd5MGZqb2FsZAplOW50bTBWVThGWmtVSWloS1B6VzkvTFNBVjhCZ08rdlNRck4vSU1FbURxb2w5NTlJeHhJLzZ5emtZNUp3WVJQCm1sd29OelUwZWtjSHpnMGV1N0RBMXV6UmZ2NEYxTlVXK1F5bFJkMENnWUVBenIwN09oZFAxanlDSXREOFUzbjYKRVdoNnM2ZzBzVlY1dGRwL1VzelhwTWdMeVFGblc5enRJdlJNVS9qbUlBemtybTlORllhSHc3REx2OWpLZDR5MAovNTlvK3JvK2tnK1RweVNLdU1qT0tjbkZpVUNPZko5RG9Rd1ZaU1lSNDVpREhpdlRueWExWlN5SnJtVllmM0N6CmR3OGVQU3VremJUUlRXWVptR2VuT3JrQ2dZRUFob082TWRZQXdlWHpIMEo4WHNEZVBFem1tY3ZhYXV6RGwzNUYKZ0lPQXhjMUIxMzgxTnFuUm9VZ1NpMWN6Wk82QlArcTY5TGJYM1BhVjlXTnF0RHArNU9YNFNUOEZnZ01PTUlkZwovbTVaM0Y0THRhakl2RDQxVjloUjJpMXlYNG1XUm1zTGgxYWNtbVF2dnpTVGVrTHZlejhqRDhaT2dWNjl5QmFWCmtkc1hhOTBDZ1lFQWsrNmdocFhOa3UxMlVBTmY5TUg4bG9OKzM1L2lQZWVvcWYwTVk1Rk1WUll4MTBaQTkxTGgKaWVBY3pWaGlxenhDdEhXaExBNFN4RTk2MmVnK2ppL2F3a1M0a1hMQ011WklFU0UrakZjN3B0VW1KamxzT1dqdgo4L2RxVUg1eWpSS3MycXhrQldHNEhtVDNOeDZBOHNZSXJVWXh5cVZMQnBHOHlLbmdibmFZUFY0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==} - client_private_key: - type: credential_secret_key - description: A base64 encoded Client_Private Key - required: true - example: {privateKey: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBakdub1V0ZlBIcXZYM1BJVTZOOUZLbXdRM1psK05vYVdiNHlNTGh1ZGtkRUJKM0F1CitJOFFkbHFES0JtNjU2VWVPQ2gzci9pOWUwVUxLeGtYREZmS21jM3AyV3YrMGxWT1lHdnhaRktVd0tIMHJpQUwKQTRpbXlZdUwvZndlT1NHU25RbGdZS3I5OUhjaVRCSWRMMTVTWjMyVGpZYitQRFpCbCs2elFzdzJIWU5KY3FNagppY2lDN0NBajZnQjlTTzh4MXZNc1JrVStycUt1YzJyOFVrK3FoRUN3OHpSNEs2NndGdVlNMTdzR1VNWFVxL3BICldkaUV2TzNxL21kSzQ3TnJ4NWkyYmFDN281UlhzcEtIWXk2WGVyNFZibmlwbDREZ0FLa2FOT0wwMmErWnYzOFEKbCt4eTl3ZG1XcVVJYk1pcVNiai9rNnh4RGlQUWtUUisvMDMyZVFJREFRQUJBb0lCQUVrUHpwQlV0UFFickozTgo1UzFyQjcxVUw4NXUwT3FrUzJETnZCODl4VmFiYjBOTEwxV3NjMzl5QjI3MVBIak9SUlFwa21XaFEwOENGUmFlCjNveFFuaDQ3cytPck94UE15WlNJZGptaWNyNXRSempYZVlPa05rMEc3SmdDK09MM1lpZU9PblR5WkdReEhVcUIKM21mSVo0NXNIRHYzTXhDM2xwZnMzNS94VEhNOEUvZ1cvZ1RmdlUzUWJvUWFMMXEvdGFSUVlFSHZnaXV0d2RaMApzRUZ0SjhlQXdPQkFCWGlWM1FQeG5BUWdJcHdZcGJpY2wzQUsxNWdzNUVOSzRSbmdpMmJJN2hkbU13RFdhNnQvCmcwQ1AwVGl0eUZxMDVKVW1uYXo0d2VrWHhENUVCbTc3NkVZTlNveFRDYVN6VE1Zd1pDSVRycVhsNlk0L29nZVQKdVZTbTlaRUNnWUVBN0c4Q3l5REtEVEJZb0l5RWtuSlZLU3d1ZWxPQTJlZHhtVnlLTDhoTG9QaXExUW9TSC9OMQozMG5OL0dWY3ZEN1FFRDRwL3UwWGFNdVBtMkhWaHVYd3h1L3Q5ajExRFZsS1A3UXNIOXU0cEpLeml3Nk5tVjVOCi85K21jamRXQUg1QnFhSnRtcEYwdW9ac1drNDFKVmUwZkE3YTNGQ3JYcDFVL0dEOUJLU0FEMDBDZ1lFQW1BaW8KQ2hFaDcrcEQ3dnV0Rjg1dStGcWJkalkrS215RmVUUGQyNzE3UDZpNVY2QzZsVnBjbk03dm9abEd5MGZqb2FsZAplOW50bTBWVThGWmtVSWloS1B6VzkvTFNBVjhCZ08rdlNRck4vSU1FbURxb2w5NTlJeHhJLzZ5emtZNUp3WVJQCm1sd29OelUwZWtjSHpnMGV1N0RBMXV6UmZ2NEYxTlVXK1F5bFJkMENnWUVBenIwN09oZFAxanlDSXREOFUzbjYKRVdoNnM2ZzBzVlY1dGRwL1VzelhwTWdMeVFGblc5enRJdlJNVS9qbUlBemtybTlORllhSHc3REx2OWpLZDR5MAovNTlvK3JvK2tnK1RweVNLdU1qT0tjbkZpVUNPZko5RG9Rd1ZaU1lSNDVpREhpdlRueWExWlN5SnJtVllmM0N6CmR3OGVQU3VremJUUlRXWVptR2VuT3JrQ2dZRUFob082TWRZQXdlWHpIMEo4WHNEZVBFem1tY3ZhYXV6RGwzNUYKZ0lPQXhjMUIxMzgxTnFuUm9VZ1NpMWN6Wk82QlArcTY5TGJYM1BhVjlXTnF0RHArNU9YNFNUOEZnZ01PTUlkZwovbTVaM0Y0THRhakl2RDQxVjloUjJpMXlYNG1XUm1zTGgxYWNtbVF2dnpTVGVrTHZlejhqRDhaT2dWNjl5QmFWCmtkc1hhOTBDZ1lFQWsrNmdocFhOa3UxMlVBTmY5TUg4bG9OKzM1L2lQZWVvcWYwTVk1Rk1WUll4MTBaQTkxTGgKaWVBY3pWaGlxenhDdEhXaExBNFN4RTk2MmVnK2ppL2F3a1M0a1hMQ011WklFU0UrakZjN3B0VW1KamxzT1dqdgo4L2RxVUg1eWpSS3MycXhrQldHNEhtVDNOeDZBOHNZSXJVWXh5cVZMQnBHOHlLbmdibmFZUFY0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==} -actions: - run: - title: Run Velociraptor Command - description: Run Velociraptor command - input: - command: - description: Command to execute on Velociraptor host - type: string - required: true - example: SELECT * FROM host() - output: - results: - title: Results - description: Results - type: results - required: true diff --git a/velociraptor_legacy/requirements.txt b/velociraptor_legacy/requirements.txt deleted file mode 100644 index 5c7104eb96..0000000000 --- a/velociraptor_legacy/requirements.txt +++ /dev/null @@ -1,7 +0,0 @@ -# List third-party dependencies here, separated by newlines. -# All dependencies must be version-pinned, eg. requests==1.2.0 -# See: https://pip.pypa.io/en/stable/user_guide/#requirements-files -paramiko==3.3.1 -grpcio==1.59.2 -grpcio.tools==1.59.2 -pyvelociraptor==0.1.8 diff --git a/velociraptor_legacy/setup.py b/velociraptor_legacy/setup.py deleted file mode 100644 index 615864ec53..0000000000 --- a/velociraptor_legacy/setup.py +++ /dev/null @@ -1,17 +0,0 @@ -# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT -from setuptools import setup, find_packages - - -setup( - name="velociraptor_legacy-jbauvinet-plugin", - version="1.0.0", - description="Velociraptor is a unique, advanced open-source endpoint monitoring, digital forensic and cyber response platform. It provides you with the ability to more effectively respond to a wide range of digital forensic and cyber incident response investigations and data breaches", - author="jbauvinet", - author_email="", - url="", - packages=find_packages(), - install_requires=[ - "insightconnect-plugin-runtime" - ], # Add third-party dependencies to requirements.txt, not here! - scripts=["bin/icon_velociraptor_legacy"], -) diff --git a/velociraptor_legacy/tests/run.json b/velociraptor_legacy/tests/run.json deleted file mode 100644 index 54b666b489..0000000000 --- a/velociraptor_legacy/tests/run.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "body": { - "action": "run", - "connection": { - "username": "rapid7", - "api_connection_string": "3.133.74.247:8001", - "ca_certificate": { - "secretKey": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURURENDQWpTZ0F3SUJBZ0lSQU9TVWVvOHRmTXp5czBodFFiZWhZRUV3RFFZSktvWklodmNOQVFFTEJRQXdHakVZTUJZR0ExVUVDaE1QVm1Wc2IyTnBjbUZ3ZEc5eUlFTkJNQjRYRFRJek1UQXlOekl6TVRjd01sb1hEVE16TVRBeU5ESXpNVGN3TWxvd0dqRVlNQllHQTFVRUNoTVBWbVZzYjJOcGNtRndkRzl5SUVOQk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdWFBUTNuNng1UjFxL1NWTUhOc2RXYUVLN2g1aVVFNTVKSUIwalNQYXl4UnR4NEoxb1lUbW1FcXppdDd4cGszZzlXSlhzQmlRRGJDTDRJODZrR2phYXk4aGVWbFhiNkU3MkN4blV1YzFOSVNlb0RPZmtDYmNkTXlJMENoUlNDa2lvdlpMTlhHcVRsNVREVXlkUEtVR2hJWlptd0RhR0FJbkw1K0JWTUIrTDN1Y3NRM3VFSzd6L3YvSTh6ajhRSm9XSFNYcVVTdDdpV05YWDFvcEtIY0szaG5GOGZWaHN1eCszUEpUT0ZOem5EZjhSV1VRcm92QXBheWEzckZaTU45dVpEZzRHODlWOHRqT0J5NnRjcitTY0pVL2Zvc2JLbU5BV3JtdFVzeGhqOW80Q2o4a1NSQ0R1amxRYnBIU2lHbGdkQ0U3MzBQZUdHYXVNbHZ6dUZJYkZ3SURBUUFCbzRHTU1JR0pNQTRHQTFVZER3RUIvd1FFQXdJQ3BEQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVbWRuTmd1ZnZDOGlubmJlUmNtSlBzSHpsRWpRd0tBWURWUjBSQkNFd0g0SWRWbVZzYjJOcGNtRndkRzl5WDJOaExuWmxiRzlqYVdSbGVDNWpiMjB3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUNRNEprTC9OMmo2YTJWdkwxN09OZnJ3VjlWYWZHVDRoT1Bra1Noc3hONXZwN2xLOUQ0OVJoRVFWMDIyMEJ6Rno2TGR4Z010QzFCZWRINWpUdjFsaU1QdHhhWSt0eHlCMlRPYll3dXBJOUFjZ0hZdmoydk5ZMHYzaGdheENGWWJkK2RQSHgvckRSVDJRTlpmUUpkOWlaZTM2YmFEUEwyTGl6U3NNQ3MvNWZTV05CU2VKQlhLMWVvYTVxSU5nUFB6MlFBbDIrRHQ2VHJJeFFRdWxOVjVqcFBoS3JlTFJQa0lsL0pnbVpMdUllYXhQM2Z6Z0tnMXpINWk4U2ZjMEJOSHY4anRhWEdDa3VRNGc4RkprM1FXcko1TmorZkRhc3dpMWx2bVJWaHh0Njl1WDZ5SkFyL0x4NTk4REsxaHI0TUtPa0kxbWNXZDdFT2Z5NDFMaElGSW16UT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" - }, - "client_cert": { - "secretKey": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURRRENDQWlpZ0F3SUJBZ0lSQVBaTEU0UFpkNzRmaGVKakNOYnIrQVF3RFFZSktvWklodmNOQVFFTEJRQXdHakVZTUJZR0ExVUVDaE1QVm1Wc2IyTnBjbUZ3ZEc5eUlFTkJNQjRYRFRJek1URXdNakl4TXpjd01Gb1hEVEkwTVRFd01USXhNemN3TUZvd0tERVZNQk1HQTFVRUNoTU1WbVZzYjJOcGNtRndkRzl5TVE4d0RRWURWUVFERXdaeVlYQnBaRGN3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3poOWViaXRGWlRSREpFdHI1bEdmVFJySklxelVGbHF1dmROdnBXWGczVzBKZXcxZE5OOXBFSW4wRE1HZVlEbC9UZUZVYkRpdlNIMUM0QjNINHBpNy9zSXNZTFhSdGw3ZlVLWEFpMmhRczRVMi80NXRieG9oRHhOYzJudFpXaUtTaFprS3BJZEN6UEQ2LzVjbGVyaXhZZFhXNldwZTMxYW5TQWRPRUVzekt4QU4vZGJiTExNQTlIWllYT0N3Rk5kNEJ2c21HbVIvWXROTUE3d3JFMUkyS0lYQVBzWGlKbW5yS0g3WVhWSEtpb0svbDlFNExVVElKY2xodVpjNWhwdDdXK3FITnRhRllwN0ZFVnJpc01ZaVdGeVA0cHdGSHMybi9lbWE2OUxFZWNIV1BiOUN6ZUVwYm53YlJxcDVsSGoxb2t4ekl4SjhvUm5jRXhUU1RQdGdEQWdNQkFBR2pjekJ4TUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JTWjJjMkM1KzhMeUtlZHQ1RnlZayt3Zk9VU05EQVJCZ05WSFJFRUNqQUlnZ1p5WVhCcFpEY3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRWNaczd2TmNyOFB4NDlTZkVJM1kwSWlYTEo3Q0Q0MU0yWEZZZ2dzOFZORU1BZFNsNVB6YzZoaHB1WEw0LzZoWFE5QW1YWVBtM3ozbWg0cFNRYkxGa2JoREk1TEIxWHRsV3V2ZXdQSzRXd2ZCZkhocTFqZ1FJR3VCZUJZc3JxcW1xbVNxaENCa3NzbHNDUmRmWXdiVzc4RUR1QW5PMExYYVdhUmdoaE85eFl5dE5vNmdxdm5VSHNJbWRPVC9lLzBZSnJzZ2hrUSt3SDRLSC9uazgzUkpkeHBqWTIwZWlZeDBtdWRTM0REU2VQMXRWMERBVEM5TTh4R05IVEpUekxwbDZzaUJpK2RwaEw3TmlSU0xBV2FWMitFMzZKTUZuQ09xM1lGVlY0VkN0TmNYMVNiWkp5c3lpY2JHOGR5VDFibm5qRFNuT0cxUmVGYWdHd1V0YlhwWWdRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t" - }, - "client_private_key": { - "secretKey": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBczRmWG00clJXVTBReVJMYStaUm4wMGF5U0tzMUJaYXJyM1RiNlZsNE4xdENYc05YVFRmYVJDSjlBekJubUE1ZjAzaFZHdzRyMGg5UXVBZHgrS1l1LzdDTEdDMTBiWmUzMUNsd0l0b1VMT0ZOditPYlc4YUlROFRYTnA3V1ZvaWtvV1pDcVNIUXN6dyt2K1hKWHE0c1dIVjF1bHFYdDlXcDBnSFRoQkxNeXNRRGYzVzJ5eXpBUFIyV0Z6Z3NCVFhlQWI3Smhwa2YyTFRUQU84S3hOU05paUZ3RDdGNGlacDZ5aCsyRjFSeW9xQ3Y1ZlJPQzFFeUNYSllibVhPWWFiZTF2cWh6YldoV0tleFJGYTRyREdJbGhjaitLY0JSN05wLzNwbXV2U3hIbkIxajIvUXMzaEtXNThHMGFxZVpSNDlhSk1jeU1TZktFWjNCTVUwa3o3WUF3SURBUUFCQW9JQkFGZ1VTR0tHVzZsZFZ1UGZmVkUvVHlUbnBXWmpvTkxLRmhjeDFRYUtINkhCQXpIczBuTU8rT1crcWVpYm9lZUcvZHFKU2UvSkp4U2l5bjVQSU1wbDlkNzZKWFBLTVRubldvZ2JnR21JNXFjU0xvdjdSZWhqNGN5bDBSUjZIeHc3VTlIZmtzclp6VU55UmpMdHNMcmo1dHZMWE9QOXVEdTM5dVlTZ1V4bDBOV1ZQTStHRUlsWWxVMVp3L3RDMm1PemJ1L2NBQ1lLaGMzSTdFbzJoZGwvVEtiM0h1RUh2N29SeGtPbk80Y296Q0J1T2hrWS9wU0ptZzJPY1BnMTU2UVZPQnA0bTRuNXlTbkU0eFhYYUhhc2J2dllZY3dLSS9sQ1NaamxwQ2ovcDF4SXNpOWlVc1JmbXhHTlBaWUY3Znh5UVRRRUR2RGx6UTNzcmMySTdFaW43OEVDZ1lFQXo3emFIaWpMK1ZlVHNMYkNRbXlLUkpXeEVEYitQM0tqZWIzUTQ3MURlYnNkSlNpYTdjVjYzQTZ1NVlnWTJsRUdCRFZ2YWZkSzBpV0p6WGYxR0dyRTNzeENzcm9IK2x4bmw3Q2o1NzJnVWdEc1FuQnF1ZjRSbjdGN3E0QzVaeHBwc2FhTXhBQ24yamkzRjM3b05hK0hVellWK1l6NW1IbVVkRno5S2xGeFNXTUNnWUVBM1QxaHZJUDBYTE52QlpjdkxHcWNxRnM0K3lIRlVKeVo2VUNzeWp1ckhKaTEwaTdEcXhHeFVCS20xOGtyVDRGTkloYTkybWgvNG9kRWNYYWUwOVp3WmRoNUdTYXFPa0MyOHVacFBNeXNrcmxSMlhxelgza0pCcHRiOXhKOHM1VmUvTnBTQzdLY3VNV1U3RE01M3FtUXFOZnhrc0cyL29nVkJPZ3I5cmpJeU9FQ2dZQnloSWs1VndRYTBFeDZma1ZZbUwwZ1VlVHFLMmE5VTFVTEo3aWYweFgvWlVjTDFQYVRYT245cFpxRXJpSUZOK1U1TEx2ZWpwU1FoR0VUQTYzNVorSmZiL3JVeS9qWjYxYXdLSkF5a0Rady9sRS96dmtHenlpb0FBOU0zQWxZN1JhVytGbGhNM3RVc1M4OXBKZ2VBRVY1ZWJkamVuT2R1bWc4UFliU2JWTW1RUUtCZ1FDTEZoakl2Q2cyMHpON3owVC81bkpnUVNFOGVFbWsyUjdGamp4UzAxcEtteExMZFV6YjBqNm51V0ljak1MbXM4STdLUkxvS1FRazlLY3BzY28rSVRUK1FpNDNpcUJBQ1FrN0FYR3RvSHJwcndudThIMnVDdGlLeDhiME9ESWZjRXVNS1BDbG0vOTlCZklPNEZHRVV4TzNvaktqOFpiS3crQjYrajhSVjdBYTRRS0JnUUNpWHhPZDUwaElNVUt1dmlDK3Zkd284aFNackxaeU13aW5FTU1xOE5pM2FCNlBYOGo0OVVNYTd1OFBjMWFUZmFzQ0tSSGdmVjg2dm13ai9wamlsT2tpbStJbHo3cTVOaE42NzA4ekNqUmRZeEk4YktTYTAwd3N0UmhnbDZ4bkp5UzBCcUx0SnlVVlFhdTFwR00yZEFDVGZ3c2pqQmRJcW5BZCtLVmMxLytod2c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==" - } - }, - "input": { - "command": "SELECT * FROM clients()" - }, - "meta": {} - }, - "type": "action_start", - "version": "v1" -} diff --git a/velociraptor_legacy/unit_test/__init__.py b/velociraptor_legacy/unit_test/__init__.py deleted file mode 100644 index 797e426edf..0000000000 --- a/velociraptor_legacy/unit_test/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT diff --git a/velociraptor_legacy/unit_test/test_run.py b/velociraptor_legacy/unit_test/test_run.py deleted file mode 100644 index 1a9a7be445..0000000000 --- a/velociraptor_legacy/unit_test/test_run.py +++ /dev/null @@ -1,21 +0,0 @@ -import sys -import os - -sys.path.append(os.path.abspath("../")) - -from unittest import TestCase -from icon_velociraptor_legacy.connection.connection import Connection -from icon_velociraptor_legacy.actions.run import Run -import json -import logging - - -class TestRun(TestCase): - def test_run(self): - """ - DO NOT USE PRODUCTION/SENSITIVE DATA FOR UNIT TESTS - - TODO: Implement test cases here - """ - - self.fail("Unimplemented Test Case")