diff --git a/plugins/trendmicro_deepsecurity/.CHECKSUM b/plugins/trendmicro_deepsecurity/.CHECKSUM index b6504cf3fb..f2b75586b8 100644 --- a/plugins/trendmicro_deepsecurity/.CHECKSUM +++ b/plugins/trendmicro_deepsecurity/.CHECKSUM @@ -1,31 +1,31 @@ { - "spec": "87df02f543c20dbd826f7b2f50c1a40a", - "manifest": "a2b7ef210c31ec64898d6dbeba7c56fe", - "setup": "f8c03ed81b7496550e9ac4b44ca81bbc", + "spec": "c24b11137bc6c86ba10296dd19d2a409", + "manifest": "a87fb2d79f552a29d4b6d6e698fa52eb", + "setup": "139cf33ec232a2888bb62b92b08ed651", "schemas": [ { "identifier": "deploy_rules/schema.py", - "hash": "8674123f170310085c72627eb16cb103" + "hash": "ac52aeab22921a006441d8cd14819b7b" }, { "identifier": "get_rule_details/schema.py", - "hash": "0eb15d3e0354f05e7d24fa53a5c48888" + "hash": "12022e88fc85aa2aa0ba67c553ba3728" }, { "identifier": "list_rules/schema.py", - "hash": "234d239b2226033398e195fe476e255b" + "hash": "ec8407791e5814ec61d60b2e3129b7d3" }, { "identifier": "search_computers/schema.py", - "hash": "dbbbb50f7f5c3fe3fb2a5ad1bff0558b" + "hash": "1c12b4aac599e5d8cb1f3382a17e5282" }, { "identifier": "search_rules/schema.py", - "hash": "cadb6a7fecb480b49bab55a55f48382f" + "hash": "701bc13aee0460e1579ee0dba473f94f" }, { "identifier": "connection/schema.py", - "hash": "39722fd7c5ae424e3941b7a534a713df" + "hash": "c9dca0c588f6c8129395f5db3f96fa28" } ] } \ No newline at end of file diff --git a/plugins/trendmicro_deepsecurity/Dockerfile b/plugins/trendmicro_deepsecurity/Dockerfile index e7bd7d8cb4..f9aaea9b6a 100755 --- a/plugins/trendmicro_deepsecurity/Dockerfile +++ b/plugins/trendmicro_deepsecurity/Dockerfile @@ -1,23 +1,17 @@ -FROM komand/python-3-37-slim-plugin -# Refer to the following documentation for available SDK parent images: https://docs.rapid7.com/insightconnect/sdk-guide/#sdk-guide +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.1.4 LABEL organization=rapid7 LABEL sdk=python -# Add any custom package dependencies here -# NOTE: Add pip packages to requirements.txt - -# End package dependencies - -# Add source code WORKDIR /python/src + ADD ./plugin.spec.yaml /plugin.spec.yaml -ADD . /python/src +ADD ./requirements.txt /python/src/requirements.txt -# Install pip dependencies RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi -# Install plugin +ADD . /python/src + RUN python setup.py build && python setup.py install # User to run plugin code. The two supported users are: root, nobody diff --git a/plugins/trendmicro_deepsecurity/bin/icon_trendmicro_deepsecurity b/plugins/trendmicro_deepsecurity/bin/icon_trendmicro_deepsecurity index a7ca2112f0..22f9bd034d 100755 --- a/plugins/trendmicro_deepsecurity/bin/icon_trendmicro_deepsecurity +++ b/plugins/trendmicro_deepsecurity/bin/icon_trendmicro_deepsecurity @@ -1,12 +1,12 @@ #!/usr/bin/env python -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import os import json from sys import argv Name = "Trend Micro Deep Security" Vendor = "rapid7" -Version = "2.2.2" +Version = "2.2.3" Description = "Utilize the Deep Security IPS engine to protect against vulnerabilities without installing a patch (virtual patching)" @@ -22,10 +22,10 @@ def main(): from gevent import monkey monkey.patch_all() - import komand - from icon_trendmicro_deepsecurity import connection, actions, triggers + import insightconnect_plugin_runtime + from icon_trendmicro_deepsecurity import connection, actions, triggers, tasks - class ICONTrendmicroDeepsecurity(komand.Plugin): + class ICONTrendmicroDeepsecurity(insightconnect_plugin_runtime.Plugin): def __init__(self): super(self.__class__, self).__init__( name=Name, @@ -34,19 +34,19 @@ def main(): description=Description, connection=connection.Connection() ) + self.add_action(actions.SearchRules()) + self.add_action(actions.DeployRules()) - - self.add_action(actions.GetRuleDetails()) - + self.add_action(actions.ListRules()) - + + self.add_action(actions.GetRuleDetails()) + self.add_action(actions.SearchComputers()) - - self.add_action(actions.SearchRules()) - + """Run plugin""" - cli = komand.CLI(ICONTrendmicroDeepsecurity()) + cli = insightconnect_plugin_runtime.CLI(ICONTrendmicroDeepsecurity()) cli.run() diff --git a/plugins/trendmicro_deepsecurity/help.md b/plugins/trendmicro_deepsecurity/help.md index e446fde228..48aba76d5f 100644 --- a/plugins/trendmicro_deepsecurity/help.md +++ b/plugins/trendmicro_deepsecurity/help.md @@ -10,6 +10,10 @@ * Trend Micro Deep Security +# Supported Product Versions + +* 2024-11-1 + # Documentation ## Setup @@ -19,11 +23,11 @@ The connection configuration accepts the following parameters: -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|dsm_api_key|credential_secret_key|None|True|API key of the Deep Security Manager|None|12345678-ABCD-1234-ABCD-123456789012:ABCDEFGH-1234-ABCD-1234-ABCDEFGHIJKL:02699626f388ed830012e5b787640e71c56d42d81234| -|dsm_url|string|https://app.deepsecurity.trendmicro.com|True|URL of the Deep Security Manager|None|https://example.com| -|dsm_verify_ssl|boolean|True|True|Check the certificate of the Deep Security Manager|None|True| +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|dsm_api_key|credential_secret_key|None|True|API key of the Deep Security Manager|None|12345678-ABCD-1234-ABCD-123456789012:ABCDEFGH-1234-ABCD-1234-ABCDEFGHIJKL:12345678901234567890123456789012345678901234|None|None| +|dsm_url|string|https://app.deepsecurity.trendmicro.com|True|URL of the Deep Security Manager|None|https://192.51.100.100:4119|None|None| +|dsm_verify_ssl|boolean|True|True|Check the certificate of the Deep Security Manager|None|True|None|None| Example input: @@ -39,81 +43,79 @@ Example input: ### Actions -#### Search Computers -This action is used to search computers. +#### Deploy -##### Input +This action is used to deploy IPS rules -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|field_name|string|hostName|False|Name of the field to be tested|None|hostName| -|information|string|none|True|Determines the computer information to include in the response|['none', 'all', 'computerStatus', 'tasks', 'securityUpdates', 'computerSettings', 'allSecurityModules', 'antiMalware', 'webReputation', 'activityMonitoring', 'firewall', 'intrusionPrevention', 'integrityMonitoring', 'logInspection', 'applicationControl', 'SAP', 'interfaces', 'ESXSummary', 'allVirtualMachineSummaries', 'azureARMVirtualMachineSummary', 'azureVMVirtualMachineSummary', 'ec2VirtualMachineSummary', 'noConnectorVirtualMachineSummary', 'vmwareVMVirtualMachineSummary', 'vcloudVMVirtualMachineSummary', 'workspaceVirtualMachineSummary', 'gcpVirtualMachineSummary']|none| -|max_items|integer|5000|True|Limits the number of objects returned|None|5000| -|number_value|integer|0|False|Number to search for|None|42| -|search_type|string|string|False|Select the search type|['string', 'integer']|string| -|string_value|string||False|String to search for|None|MS-AD-SRV-%| +##### Input +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|computer_or_policy|string|None|True|Target for rule assignment|["computer", "policy"]|policy|None|None| +|id|integer|None|True|ID of the target computer or policy|None|23|None|None| +|rules|[]integer|None|True|IPS rules to assign|None|[108, 6745, 2874, 2875, 2876, 3317, 3318]|None|None| + Example input: ``` { - "field_name": "hostName", - "information": "none", - "max_items": 5000, - "number_value": "42", - "search_type": "string", - "string_value": "MS-AD-SRV-%" + "computer_or_policy": "policy", + "id": 23, + "rules": [ + 108, + 6745, + 2874, + 2875, + 2876, + 3317, + 3318 + ] } ``` ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|computer_ids|[]integer|False|IDs of matching computers| -|response_json|object|False|Full response in JSON format| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|rules_assigned|[]integer|False|All IPS rules currently assigned|None| +|rules_not_assigned|[]integer|False|Unassigned IPS rules|None| + Example output: ``` { - "computer_ids": [ - 34 + "rules_assigned": [ + 108, + 2874, + 2875, + 2876, + 3118, + 3124, + 3125, + 3126, + 3317, + 3318, + 4593, + 5177, + 5892, + 6348, + 6745 ], - "response_json": { - "computers": [ - { - "agentVersion": "11.3.0.292", - "displayName": "", - "hostName": "MS-AD-SRV-01", - "policyID": 45, - "agentFingerPrint": "14:F3:B3:76:1F:8A:2F:8B:D6:D9:DC:A4:3D:A0:F1:D4:A4...", - "groupID": 0, - "hostGUID": "14483D21-D921-32E0-19D7-FA36D91BC46E", - "relayListID": 0, - "biosUUID": "175bd693-216e-1e42-a489-2b56f1saf392", - "description": "", - "lastIPUsed": "192.0.2.10", - "platform": "", - "ID": 34, - "lastAgentCommunication": 1585228384309 - } - ] - } + "rules_not_assigned": [] } ``` #### Get Details -This action is used to get detailed information of an IPS rule. +This action is used to get detailed information of an IPS rule ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|id|integer|None|True|IPS rule|None|2874| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|id|integer|None|True|IPS rule|None|2874|None|None| + Example input: ``` @@ -124,16 +126,16 @@ Example input: ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|cves|[]string|False|List of related CVEs| -|cvss_score|string|False|CVSS score| -|description|string|False|Description of the rule| -|name|string|False|Name of the rule| -|response_json|object|False|Full response in JSON format| -|severity|string|False|Severity level of the IPS rule| -|type|string|False|Rule type| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|cves|[]string|False|List of related CVEs|None| +|cvss_score|string|False|CVSS score|5.0| +|description|string|False|Description of the rule|The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allow remote attackers to obtain sensitive information from process memory via crafted packets. This is a heuristic based rule to identify such suspicious Heartbeat requests.| +|name|string|False|Name of the rule|Identified Suspicious OpenSSL TLS/DTLS Heartbeat Request (ATT\u0026CK T1032)| +|response_json|object|False|Full response in JSON format|None| +|severity|string|False|Severity level of the IPS rule|medium| +|type|string|False|Rule type|smart| + Example output: ``` @@ -174,15 +176,15 @@ Example output: #### List -This action is used to list IPS rules. +This action is used to list IPS rules ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|id|integer|None|True|ID of the computer or policy|None|23| -|scope|string|None|True|Set the scope|['computer', 'policy']|policy| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|id|integer|None|True|ID of the computer or policy|None|23|None|None| +|scope|string|None|True|Set the scope|["computer", "policy"]|policy|None|None| + Example input: ``` @@ -194,12 +196,12 @@ Example input: ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|covered_cves|[]string|False|CVEs covered by the assigned rules| -|response_json|object|False|Full response in JSON format| -|rules_assigned|[]integer|False|All IPS rules currently assigned| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|covered_cves|[]string|False|CVEs covered by the assigned rules|None| +|response_json|object|False|Full response in JSON format|None| +|rules_assigned|[]integer|False|All IPS rules currently assigned|None| + Example output: ``` @@ -218,137 +220,143 @@ Example output: } ``` -#### Search +#### Search Computers -Search for matching IPS rules in Deep Security by CVE ID +This action is used to search computers ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|vulnerabilities|[]string|None|True|CVEs to protect against|None|["CVE-2005-0045", "CVE-2014-0160", "CVE-2017-0144", "CVE-1337-1337"]| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|field_name|string|hostName|False|Name of the field to be tested|None|hostName|None|None| +|information|string|none|True|Determines the computer information to include in the response|["none", "all", "computerStatus", "tasks", "securityUpdates", "computerSettings", "allSecurityModules", "antiMalware", "webReputation", "activityMonitoring", "firewall", "intrusionPrevention", "integrityMonitoring", "logInspection", "applicationControl", "SAP", "interfaces", "ESXSummary", "allVirtualMachineSummaries", "azureARMVirtualMachineSummary", "azureVMVirtualMachineSummary", "ec2VirtualMachineSummary", "noConnectorVirtualMachineSummary", "vmwareVMVirtualMachineSummary", "vcloudVMVirtualMachineSummary", "workspaceVirtualMachineSummary", "gcpVirtualMachineSummary"]|none|None|None| +|max_items|integer|5000|True|Limits the number of objects returned|None|5000|None|None| +|number_value|integer|0|False|Number to search for|None|42|None|None| +|search_type|string|string|False|Select the search type|["string", "integer"]|string|None|None| +|string_value|string||False|String to search for|None|MS-AD-SRV-%|None|None| + Example input: ``` { - "vulnerabilities": [ - "CVE-2005-0045", - "CVE-2014-0160", - "CVE-2017-0144", - "CVE-1337-1337" - ] + "field_name": "hostName", + "information": "none", + "max_items": 5000, + "number_value": "42", + "search_type": "string", + "string_value": "MS-AD-SRV-%" } ``` ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|ips_rules|[]integer|False|IPS rules matching the given CVEs| -|matched_cves|[]string|False|CVEs with at least one matching IPS rule| -|missed_cves|[]string|False|CVEs without matching IPS rules| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|computer_ids|[]integer|False|IDs of matching computers|None| +|response_json|object|False|Full response in JSON format|None| + Example output: ``` { - "ips_rules": [ - 108, - 6348, - 3317, - 3318, - 2874, - 2875, - 2876 - ], - "matched_cves": [ - "CVE-2005-0045", - "CVE-2017-0144", - "CVE-2014-0160" + "computer_ids": [ + 34 ], - "missed_cves": [ - "CVE-1337-1337" - ] + "response_json": { + "computers": [ + { + "agentVersion": "11.3.0.292", + "displayName": "", + "hostName": "MS-AD-SRV-01", + "policyID": 45, + "agentFingerPrint": "14:F3:B3:76:1F:8A:2F:8B:D6:D9:DC:A4:3D:A0:F1:D4:A4...", + "groupID": 0, + "hostGUID": "14483D21-D921-32E0-19D7-FA36D91BC46E", + "relayListID": 0, + "biosUUID": "175bd693-216e-1e42-a489-2b56f1saf392", + "description": "", + "lastIPUsed": "192.0.2.10", + "platform": "", + "ID": 34, + "lastAgentCommunication": 1585228384309 + } + ] + } } ``` -#### Deploy +#### Search -Deploy the given Deep Security IPS rules to a computer or policy +Search for matching IPS rules in Deep Security by CVE ID ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|computer_or_policy|string|None|True|Target for rule assignment|['computer', 'policy']|policy| -|id|integer|None|True|ID of the target computer or policy|None|23| -|rules|[]integer|None|True|IPS rules to assign|None|[108, 6745, 2874, 2875, 2876, 3317, 3318]| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|vulnerabilities|[]string|None|True|CVEs to protect against|None|["CVE-2005-0045", "CVE-2014-0160", "CVE-2017-0144", "CVE-1337-1337"]|None|None| + Example input: ``` { - "computer_or_policy": "policy", - "id": 23, - "rules": [ - 108, - 6745, - 2874, - 2875, - 2876, - 3317, - 3318 + "vulnerabilities": [ + "CVE-2005-0045", + "CVE-2014-0160", + "CVE-2017-0144", + "CVE-1337-1337" ] } ``` ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|rules_assigned|[]integer|False|All IPS rules currently assigned| -|rules_not_assigned|[]integer|False|Unassigned IPS rules| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|ips_rules|[]integer|False|IPS rules matching the given CVEs|None| +|matched_cves|[]string|False|CVEs with at least one matching IPS rule|None| +|missed_cves|[]string|False|CVEs without matching IPS rules|None| + Example output: ``` { - "rules_assigned": [ + "ips_rules": [ 108, - 2874, - 2875, - 2876, - 3118, - 3124, - 3125, - 3126, + 6348, 3317, 3318, - 4593, - 5177, - 5892, - 6348, - 6745 + 2874, + 2875, + 2876 ], - "rules_not_assigned": [] + "matched_cves": [ + "CVE-2005-0045", + "CVE-2017-0144", + "CVE-2014-0160" + ], + "missed_cves": [ + "CVE-1337-1337" + ] } ``` - ### Triggers + +*This plugin does not contain any triggers.* +### Tasks + +*This plugin does not contain any tasks.* -_This plugin does not contain any triggers._ - -### Custom Output Types - -_This plugin does not contain any custom output types._ +### Custom Types + +*This plugin does not contain any custom output types.* ## Troubleshooting - -_This plugin does not contain any troubleshooting information._ + +*This plugin does not contain a troubleshooting.* # Version History +* 2.2.3 - Bumping requirements.txt | SDK bump to 6.1.4 * 2.2.2 - Fixed memory leak * 2.2.1 - Improve the search for IPS rules * 2.2.0 - Add new action Search Computers to receive a list and details of computers matching the search criteria @@ -358,6 +366,8 @@ _This plugin does not contain any troubleshooting information._ # Links +* [Trend Micro Deep Security](https://www.trendmicro.com/en_gb/business/products/hybrid-cloud/deep-security.html) + ## References -* [Trend Micro Deep Security](https://www.trendmicro.com/en_us/business/products/hybrid-cloud/deep-security.html) +* [Trend Micro Deep Security](https://help.deepsecurity.trendmicro.com/10/0/rest-api.html) \ No newline at end of file diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/__init__.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/__init__.py index 3d5477387c..2bc62cc952 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/__init__.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/__init__.py @@ -1,6 +1,12 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT + +from .search_rules.action import SearchRules + from .deploy_rules.action import DeployRules -from .get_rule_details.action import GetRuleDetails + from .list_rules.action import ListRules + +from .get_rule_details.action import GetRuleDetails + from .search_computers.action import SearchComputers -from .search_rules.action import SearchRules + diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/deploy_rules/__init__.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/deploy_rules/__init__.py index add0660711..da59f4a3ae 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/deploy_rules/__init__.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/deploy_rules/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import DeployRules diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/deploy_rules/action.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/deploy_rules/action.py index de4e7a5873..5148403f28 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/deploy_rules/action.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/deploy_rules/action.py @@ -1,4 +1,4 @@ -import komand +import insightconnect_plugin_runtime from .schema import DeployRulesInput, DeployRulesOutput, Input, Output, Component # Custom imports below @@ -9,7 +9,7 @@ from icon_trendmicro_deepsecurity.util.shared import checkResponse -class DeployRules(komand.Action): +class DeployRules(insightconnect_plugin_runtime.Action): def __init__(self): super(self.__class__, self).__init__( name="deploy_rules", @@ -42,7 +42,11 @@ def run(self, params={}): # Set rules response = requests.post( - url, data=json.dumps(data), verify=self.connection.dsm_verify_ssl, headers=self.connection.headers + url, + data=json.dumps(data), + verify=self.connection.dsm_verify_ssl, + headers=self.connection.headers, + timeout=60, ) self.logger.info(f"url: {response.url}") diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/deploy_rules/schema.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/deploy_rules/schema.py index 94ab56ce98..5260680ba7 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/deploy_rules/schema.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/deploy_rules/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -11,15 +11,15 @@ class Input: COMPUTER_OR_POLICY = "computer_or_policy" ID = "id" RULES = "rules" - + class Output: RULES_ASSIGNED = "rules_assigned" RULES_NOT_ASSIGNED = "rules_not_assigned" - -class DeployRulesInput(komand.Input): - schema = json.loads(""" + +class DeployRulesInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -54,7 +54,8 @@ class DeployRulesInput(komand.Input): "computer_or_policy", "id", "rules" - ] + ], + "definitions": {} } """) @@ -62,8 +63,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class DeployRulesOutput(komand.Output): - schema = json.loads(""" +class DeployRulesOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -86,7 +87,8 @@ class DeployRulesOutput(komand.Output): }, "order": 2 } - } + }, + "definitions": {} } """) diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/get_rule_details/__init__.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/get_rule_details/__init__.py index 75707e8b64..6f0af3260e 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/get_rule_details/__init__.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/get_rule_details/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import GetRuleDetails diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/get_rule_details/action.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/get_rule_details/action.py index 154f16c08f..b3260a626a 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/get_rule_details/action.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/get_rule_details/action.py @@ -1,4 +1,4 @@ -import komand +import insightconnect_plugin_runtime from .schema import GetRuleDetailsInput, GetRuleDetailsOutput, Input, Output, Component # Custom imports below @@ -8,7 +8,7 @@ import requests -class GetRuleDetails(komand.Action): +class GetRuleDetails(insightconnect_plugin_runtime.Action): def __init__(self): super(self.__class__, self).__init__( name="get_rule_details", @@ -31,7 +31,7 @@ def run(self, params={}): url = f"{self.connection.dsm_url}/api/intrusionpreventionrules/{self.id}" # Send request - response = requests.get(url, verify=self.connection.dsm_verify_ssl, headers=self.connection.headers) + response = requests.get(url, verify=self.connection.dsm_verify_ssl, headers=self.connection.headers, timeout=60) self.logger.info(f"url: {response.url}") self.logger.info(f"status: {response.status_code}") diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/get_rule_details/schema.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/get_rule_details/schema.py index 1d1e5c085a..274cc95b8a 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/get_rule_details/schema.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/get_rule_details/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -9,7 +9,7 @@ class Component: class Input: ID = "id" - + class Output: CVES = "cves" @@ -19,10 +19,10 @@ class Output: RESPONSE_JSON = "response_json" SEVERITY = "severity" TYPE = "type" - -class GetRuleDetailsInput(komand.Input): - schema = json.loads(""" + +class GetRuleDetailsInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -36,7 +36,8 @@ class GetRuleDetailsInput(komand.Input): }, "required": [ "id" - ] + ], + "definitions": {} } """) @@ -44,8 +45,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class GetRuleDetailsOutput(komand.Output): - schema = json.loads(""" +class GetRuleDetailsOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -95,7 +96,8 @@ class GetRuleDetailsOutput(komand.Output): "description": "Rule type", "order": 4 } - } + }, + "definitions": {} } """) diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/list_rules/__init__.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/list_rules/__init__.py index 2d57544383..0de80d3eda 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/list_rules/__init__.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/list_rules/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import ListRules diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/list_rules/action.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/list_rules/action.py index 53e3ffd4ac..b4e28baa4c 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/list_rules/action.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/list_rules/action.py @@ -1,4 +1,4 @@ -import komand +import insightconnect_plugin_runtime from .schema import ListRulesInput, ListRulesOutput, Input, Output, Component # Custom imports below @@ -8,7 +8,7 @@ import requests -class ListRules(komand.Action): +class ListRules(insightconnect_plugin_runtime.Action): def __init__(self): super(self.__class__, self).__init__( name="list_rules", @@ -40,7 +40,7 @@ def run(self, params={}): url = f"{self.connection.dsm_url}/api/policies/{self.id}/intrusionprevention/rules" # Send request - response = requests.get(url, verify=self.connection.dsm_verify_ssl, headers=self.connection.headers) + response = requests.get(url, verify=self.connection.dsm_verify_ssl, headers=self.connection.headers, timeout=60) self.logger.info(f"url: {response.url}") self.logger.info(f"status: {response.status_code}") diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/list_rules/schema.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/list_rules/schema.py index 1a4767e67c..d7b435d4c0 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/list_rules/schema.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/list_rules/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -10,16 +10,16 @@ class Component: class Input: ID = "id" SCOPE = "scope" - + class Output: COVERED_CVES = "covered_cves" RESPONSE_JSON = "response_json" RULES_ASSIGNED = "rules_assigned" - -class ListRulesInput(komand.Input): - schema = json.loads(""" + +class ListRulesInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -44,7 +44,8 @@ class ListRulesInput(komand.Input): "required": [ "id", "scope" - ] + ], + "definitions": {} } """) @@ -52,8 +53,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class ListRulesOutput(komand.Output): - schema = json.loads(""" +class ListRulesOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -82,7 +83,8 @@ class ListRulesOutput(komand.Output): }, "order": 1 } - } + }, + "definitions": {} } """) diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_computers/__init__.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_computers/__init__.py index 13de2a51c3..eac8b7a68a 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_computers/__init__.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_computers/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import SearchComputers diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_computers/action.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_computers/action.py index 9b7c4476a3..6de9959b4a 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_computers/action.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_computers/action.py @@ -1,16 +1,16 @@ -import komand +import insightconnect_plugin_runtime from .schema import SearchComputersInput, SearchComputersOutput, Input, Output, Component # Custom imports below import json import requests -from komand.exceptions import PluginException +from insightconnect_plugin_runtime.exceptions import PluginException from icon_trendmicro_deepsecurity.util.shared import tryJSON from icon_trendmicro_deepsecurity.util.shared import checkResponse -class SearchComputers(komand.Action): +class SearchComputers(insightconnect_plugin_runtime.Action): def __init__(self): super(self.__class__, self).__init__( name="search_computers", @@ -73,7 +73,11 @@ def run(self, params={}): # Send request response = requests.post( - url, data=json.dumps(data), verify=self.connection.dsm_verify_ssl, headers=self.connection.headers + url, + data=json.dumps(data), + verify=self.connection.dsm_verify_ssl, + headers=self.connection.headers, + timeout=60, ) self.logger.info(f"url: {response.url}") diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_computers/schema.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_computers/schema.py index 6f92667bd5..1c0c87989f 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_computers/schema.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_computers/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -14,15 +14,15 @@ class Input: NUMBER_VALUE = "number_value" SEARCH_TYPE = "search_type" STRING_VALUE = "string_value" - + class Output: COMPUTER_IDS = "computer_ids" RESPONSE_JSON = "response_json" - -class SearchComputersInput(komand.Input): - schema = json.loads(""" + +class SearchComputersInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -106,7 +106,8 @@ class SearchComputersInput(komand.Input): "required": [ "information", "max_items" - ] + ], + "definitions": {} } """) @@ -114,8 +115,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class SearchComputersOutput(komand.Output): - schema = json.loads(""" +class SearchComputersOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -135,7 +136,8 @@ class SearchComputersOutput(komand.Output): "description": "Full response in JSON format", "order": 2 } - } + }, + "definitions": {} } """) diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_rules/__init__.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_rules/__init__.py index 12b1f15414..dda61769ac 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_rules/__init__.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_rules/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import SearchRules diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_rules/action.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_rules/action.py index 6ae46472ba..13519c0c67 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_rules/action.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_rules/action.py @@ -1,5 +1,5 @@ from typing import Tuple -import komand +import insightconnect_plugin_runtime import requests from .schema import SearchRulesInput, SearchRulesOutput, Input, Output, Component @@ -10,7 +10,7 @@ from icon_trendmicro_deepsecurity.util.shared import checkResponse -class SearchRules(komand.Action): +class SearchRules(insightconnect_plugin_runtime.Action): def __init__(self): super(self.__class__, self).__init__( name="search_rules", @@ -39,7 +39,11 @@ def search_rule_by_cve(self, cve: str) -> Tuple[set, set, set]: # Search for IPS rules response = requests.post( - url, data=json.dumps(data), verify=self.connection.dsm_verify_ssl, headers=self.connection.headers + url, + data=json.dumps(data), + verify=self.connection.dsm_verify_ssl, + headers=self.connection.headers, + timeout=60, ) # Check response errors @@ -80,7 +84,11 @@ def collect_all_ips_rules(self) -> list: # Send Request url = f"{self.connection.dsm_url}/api/intrusionpreventionrules/search" response = requests.post( - url, data=json.dumps(data), verify=self.connection.dsm_verify_ssl, headers=self.connection.headers + url, + data=json.dumps(data), + verify=self.connection.dsm_verify_ssl, + headers=self.connection.headers, + timeout=60, ) # Check response errors diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_rules/schema.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_rules/schema.py index 10661a8b28..e69aa3fa35 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_rules/schema.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/actions/search_rules/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -9,16 +9,16 @@ class Component: class Input: VULNERABILITIES = "vulnerabilities" - + class Output: IPS_RULES = "ips_rules" MATCHED_CVES = "matched_cves" MISSED_CVES = "missed_cves" - -class SearchRulesInput(komand.Input): - schema = json.loads(""" + +class SearchRulesInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -35,7 +35,8 @@ class SearchRulesInput(komand.Input): }, "required": [ "vulnerabilities" - ] + ], + "definitions": {} } """) @@ -43,8 +44,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class SearchRulesOutput(komand.Output): - schema = json.loads(""" +class SearchRulesOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -76,7 +77,8 @@ class SearchRulesOutput(komand.Output): }, "order": 3 } - } + }, + "definitions": {} } """) diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/connection/__init__.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/connection/__init__.py index a515dcf6b0..c78d3356be 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/connection/__init__.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/connection/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .connection import Connection diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/connection/connection.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/connection/connection.py index 4c559520d4..e3d3b03ad8 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/connection/connection.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/connection/connection.py @@ -1,5 +1,5 @@ -import komand from .schema import ConnectionSchema, Input +import insightconnect_plugin_runtime # Custom imports below @@ -8,7 +8,7 @@ from icon_trendmicro_deepsecurity.util.shared import checkResponse -class Connection(komand.Connection): +class Connection(insightconnect_plugin_runtime.Connection): def __init__(self): super(self.__class__, self).__init__(input=ConnectionSchema()) @@ -35,7 +35,7 @@ def test(self): url = f"{self.dsm_url}/api/policies" # Get list of policies - response = requests.get(url, verify=self.dsm_verify_ssl, headers=self.headers) + response = requests.get(url, verify=self.dsm_verify_ssl, headers=self.headers, timeout=60) # Try to convert the response data to JSON response_data = tryJSON(response) diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/connection/schema.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/connection/schema.py index e47ba04fcf..44a36fed22 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/connection/schema.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/connection/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -7,10 +7,10 @@ class Input: DSM_API_KEY = "dsm_api_key" DSM_URL = "dsm_url" DSM_VERIFY_SSL = "dsm_verify_ssl" - -class ConnectionSchema(komand.Input): - schema = json.loads(""" + +class ConnectionSchema(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -47,18 +47,18 @@ class ConnectionSchema(komand.Input): "type": "object", "title": "Credential: Secret Key", "description": "A shared secret key", + "required": [ + "secretKey" + ], "properties": { "secretKey": { "type": "string", "title": "Secret Key", - "displayType": "password", "description": "The shared secret key", - "format": "password" + "format": "password", + "displayType": "password" } - }, - "required": [ - "secretKey" - ] + } } } } diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/tasks/__init__.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/tasks/__init__.py new file mode 100644 index 0000000000..7020c9a4ad --- /dev/null +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/tasks/__init__.py @@ -0,0 +1,2 @@ +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT + diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/triggers/__init__.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/triggers/__init__.py index bace8db897..7020c9a4ad 100755 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/triggers/__init__.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/triggers/__init__.py @@ -1 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT + diff --git a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/util/shared.py b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/util/shared.py index 0afc7ef675..3ec9562abc 100644 --- a/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/util/shared.py +++ b/plugins/trendmicro_deepsecurity/icon_trendmicro_deepsecurity/util/shared.py @@ -1,4 +1,4 @@ -from komand.exceptions import PluginException +from insightconnect_plugin_runtime.exceptions import PluginException from requests.models import Response import json @@ -33,7 +33,7 @@ def checkResponse(response: Response) -> None: message = f"{response.status_code}, {response.text}" raise PluginException( - cause="Received HTTP %d status code. The request was not successful." % response.status_code, + cause=f"Received HTTP {response.status_code} status code. The request was not successful.", assistance=f"[{response.url}]", data=message, ) diff --git a/plugins/trendmicro_deepsecurity/plugin.spec.yaml b/plugins/trendmicro_deepsecurity/plugin.spec.yaml index 87614cebae..d85894887a 100644 --- a/plugins/trendmicro_deepsecurity/plugin.spec.yaml +++ b/plugins/trendmicro_deepsecurity/plugin.spec.yaml @@ -4,9 +4,19 @@ products: [insightconnect] name: trendmicro_deepsecurity title: Trend Micro Deep Security description: Utilize the Deep Security IPS engine to protect against vulnerabilities without installing a patch (virtual patching) -version: 2.2.2 +version: 2.2.3 +connection_version: 2 vendor: rapid7 +supported_versions: ["2024-11-1"] support: community +sdk: + type: slim + version: 6.1.4 + user: nobody +key_features: + - "Utilize the Deep Security IPS engine to protect against vulnerabilities without installing a patch (virtual patching)" +requirements: + - "Trend Micro Deep Security" status: [] enable_cache: false resources: @@ -22,6 +32,18 @@ tags: - remediation - trend_micro - deep_security +references: + - "[Trend Micro Deep Security](https://help.deepsecurity.trendmicro.com/10/0/rest-api.html)" +links: + - "[Trend Micro Deep Security](https://www.trendmicro.com/en_gb/business/products/hybrid-cloud/deep-security.html)" +version_history: + - "2.2.3 - Bumping requirements.txt | SDK bump to 6.1.4" + - "2.2.2 - Fixed memory leak" + - "2.2.1 - Improve the search for IPS rules" + - "2.2.0 - Add new action Search Computers to receive a list and details of computers matching the search criteria" + - "2.1.0 - Add new actions Get Details and List to receive assigned IPS rules from computers and policies" + - "2.0.0 - Add an option to toggle DSM certificate verification in the connection" + - "1.0.0 - Initial plugin" hub_tags: use_cases: [vulnerability_management, cloud_security, remediation_management, threat_detection_and_response ] keywords: [vulnerability scanning, vulnerability management, remediation, virtual patching, intrusion, detection, prevention, response, trend micro, deep security, trendmicro, deepsecurity] @@ -161,26 +183,31 @@ actions: description: Name of the rule type: string required: false + example: Identified Suspicious OpenSSL TLS/DTLS Heartbeat Request (ATT\u0026CK T1032) description: title: Description description: Description of the rule type: string required: false + example: The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allow remote attackers to obtain sensitive information from process memory via crafted packets. This is a heuristic based rule to identify such suspicious Heartbeat requests. severity: title: Severity description: Severity level of the IPS rule type: string required: false + example: medium type: title: Type description: Rule type type: string required: false + example: smart cvss_score: title: CVSS Score description: CVSS score type: string required: false + example: 5.00 cves: title: CVEs description: List of related CVEs diff --git a/plugins/trendmicro_deepsecurity/requirements.txt b/plugins/trendmicro_deepsecurity/requirements.txt index 703c8a1b3d..02e60b7720 100755 --- a/plugins/trendmicro_deepsecurity/requirements.txt +++ b/plugins/trendmicro_deepsecurity/requirements.txt @@ -1,4 +1,3 @@ # List third-party dependencies here, separated by newlines. # All dependencies must be version-pinned, eg. requests==1.2.0 # See: https://pip.pypa.io/en/stable/user_guide/#requirements-files -requests==2.26.0 \ No newline at end of file diff --git a/plugins/trendmicro_deepsecurity/setup.py b/plugins/trendmicro_deepsecurity/setup.py index 51dff68c8d..d78e63ca83 100755 --- a/plugins/trendmicro_deepsecurity/setup.py +++ b/plugins/trendmicro_deepsecurity/setup.py @@ -1,14 +1,14 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from setuptools import setup, find_packages setup(name="trendmicro_deepsecurity-rapid7-plugin", - version="2.2.2", + version="2.2.3", description="Utilize the Deep Security IPS engine to protect against vulnerabilities without installing a patch (virtual patching)", author="rapid7", author_email="", url="", packages=find_packages(), - install_requires=['komand'], # Add third-party dependencies to requirements.txt, not here! + install_requires=['insightconnect-plugin-runtime'], # Add third-party dependencies to requirements.txt, not here! scripts=['bin/icon_trendmicro_deepsecurity'] ) diff --git a/plugins/trendmicro_deepsecurity/unit_test/__init__.py b/plugins/trendmicro_deepsecurity/unit_test/__init__.py new file mode 100644 index 0000000000..d9ae09fc16 --- /dev/null +++ b/plugins/trendmicro_deepsecurity/unit_test/__init__.py @@ -0,0 +1,4 @@ +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import sys + +sys.path.append("../") \ No newline at end of file