Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SOAR-15940] InsightIDR - advanced_query_on_log_set statistical result bug fix #2108

Merged
merged 7 commits into from
Nov 10, 2023
Merged

[SOAR-15940] InsightIDR - advanced_query_on_log_set statistical result bug fix #2108

merged 7 commits into from
Nov 10, 2023

Conversation

rbowden-r7
Copy link
Collaborator

Proposed Changes

Description

Describe the proposed changes:

  • to take the id that comes back from calling the /query/logs endpoint, then this ID can be used to the /query/ endpoint to get back the correct values for the statistics, as the will not return the results we need

PR Requirements

Developers, verify you have completed the following items by checking them off:

Testing

Unit Tests

Review our documentation on generating and writing plugin unit tests

  • Unit tests written for any new or updated code

new unit test have been added and all of the old tests are passing

Ran 82 tests in 0.038s

OK

In-Product Tests

If you are an InsightConnect customer or have access to an InsightConnect instance, the following in-product tests should be done:

  • Screenshot of job output with the plugin changes
  • Screenshot of the changed connection, actions, or triggers input within the InsightConnect workflow builder

testing via postman using a local docker container and showing the counts line up as expected

image

image
cd

Style

Review the style guide

  • For dependencies, pin OS package and Python package versions
  • For security, set least privileged account with USER nobody in the Dockerfile when possible
  • For size, use the slim SDK images when possible: rapid7/insightconnect-python-3-38-slim-plugin:{sdk-version-num} and rapid7/insightconnect-python-3-38-plugin:{sdk-version-num}
  • For error handling, use of PluginException and ConnectionTestException
  • For logging, use self.logger
  • For docs, use changelog style
  • For docs, validate markdown with insight-plugin validate which calls icon_validate to lint help.md

Functional Checklist

  • Work fully completed
  • Functional
    • Any new actions/triggers include JSON test files in the tests/ directory created with insight-plugin samples
    • Tests should all pass unless it's a negative test. Negative tests have a naming convention of tests/$action_bad.json
    • Unsuccessful tests should fail by raising an exception causing the plugin to die and an object should be returned on successful test
    • Add functioning test results to PR, sanitize any output if necessary
      • Single action/trigger insight-plugin run -T tests/example.json --debug --jq
      • All actions/triggers shortcut insight-plugin run -T all --debug --jq (use PR format at end)
    • Add functioning run results to PR, sanitize any output if necessary
      • Single action/trigger insight-plugin run -R tests/example.json --debug --jq
      • All actions/triggers shortcut insight-plugin run --debug --jq (use PR format at end)

Assessment

You must validate your work to reviewers:

  1. Run insight-plugin validate and make sure everything passes
  2. Run the assessment tool: insight-plugin run -A. For single action validation: insight-plugin run tests/{file}.json -A
  3. Copy (insight-plugin ... | pbcopy) and paste the output in a new post on this PR
  4. Add required screenshots from the In-Product Tests section

@rbowden-r7 rbowden-r7 self-assigned this Nov 10, 2023
igorski-r7
igorski-r7 approved these changes Nov 10, 2023
View reviewed changes
plugins/rapid7_insightidr/unit_test/test_advanced_query_on_log_set_unit.py Outdated
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please add schema validation to those tests? 😄

cmcnally-r7
cmcnally-r7 requested changes Nov 10, 2023
View reviewed changes
plugins/rapid7_insightidr/help.md Outdated
@@ -2024,7 +2024,8 @@ Example output:

# Version History

* 6.0.1 - Action: `Advanced Query On Log Set` - Up the maximium events returned from 50 to 500
* 6.0.2 - Action: `Advanced Query On Log set` - Fixed error where statistical queries would always return 0.0
* 6.0.1 - Action: `Advanced Query On Log` - Up the maximium events returned from 50 to 500
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just some grammar and spelling check 😄

Suggested change
* 6.0.1 - Action: `Advanced Query On Log` - Up the maximium events returned from 50 to 500
* 6.0.1 - Action: `Advanced Query On Log` - Increase the maximum results returned from 50 to 500

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this has been updated

plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log_set/action.py Outdated
stats_response = self.connection.session.get(stats_endpoint, params=params)
try:
stats_response.raise_for_status()
except Exception:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Exception is very broad here. Maybe narrow it down.

Suggested change
except Exception:
except HTTPError as error:

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A more specific exception has been added here

plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log_set/action.py Outdated
raise PluginException(
cause="Failed to get log sets from InsightIDR\n",
assistance=f"Could not get statistical info from: {stats_endpoint}\n",
data=stats_response.text,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
data=stats_response.text,
data=f"{stats_response.text}, {error},

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error message will also be raised here

@cmcnally-r7 cmcnally-r7 changed the title SOAR-15940-Fixing issue where statistical calls to advanced_query_on_log_set was always coming back as 0.0 [SOAR-15940] InsightIDR - advanced_query_on_log_set statistical result bug fix Nov 10, 2023
@cmcnally-r7 cmcnally-r7 merged commit 34642e7 into develop Nov 10, 2023
6 checks passed
@cmcnally-r7 cmcnally-r7 deleted the SOAR-15940 branch November 10, 2023 15:11
@rbowden-r7 rbowden-r7 mentioned this pull request Nov 10, 2023
Merged
17 tasks
rbowden-r7 added a commit that referenced this pull request Nov 13, 2023
@rbowden-r7
[SOAR-15940] InsightIDR - advanced_query_on_log_set statistical resul…
bfeb7d3 
…t bug fix (#2108)

* SOAR-15940-Fixing issue where statistical calls to advanced_query_on_log_set was always coming back as 0.0

* SOAR-15940-updated unit tests for advanced_query_on_log_set to include schema validation

* SOAR-15940-updated unit tests for advanced_query_on_log_set to include schema validation

* SOAR-15940-updating count to better reflect the total items matched

* SOAR-15940-updating count to better reflect the total items matched

* SOAR-15940-updating unit test to reflect change to count

* SOAR-15940-adding more specific error handling
@rbowden-r7 rbowden-r7 mentioned this pull request Nov 13, 2023
Merged
17 tasks
igorski-r7 pushed a commit that referenced this pull request Nov 14, 2023
@rbowden-r7 @igorski-r7
[SOAR-15940] InsightIDR - advanced_query_on_log_set statistical resul…
d23943c 
…t bug fix (#2108)

* SOAR-15940-Fixing issue where statistical calls to advanced_query_on_log_set was always coming back as 0.0

* SOAR-15940-updated unit tests for advanced_query_on_log_set to include schema validation

* SOAR-15940-updated unit tests for advanced_query_on_log_set to include schema validation

* SOAR-15940-updating count to better reflect the total items matched

* SOAR-15940-updating count to better reflect the total items matched

* SOAR-15940-updating unit test to reflect change to count

* SOAR-15940-adding more specific error handling
rbowden-r7 added a commit that referenced this pull request Nov 14, 2023
@rbowden-r7
[SOAR-15940] InsightIDR - advanced_query_on_log_set statistical resul…
0110c68 
…t bug fix (#2108)

* SOAR-15940-Fixing issue where statistical calls to advanced_query_on_log_set was always coming back as 0.0

* SOAR-15940-updated unit tests for advanced_query_on_log_set to include schema validation

* SOAR-15940-updated unit tests for advanced_query_on_log_set to include schema validation

* SOAR-15940-updating count to better reflect the total items matched

* SOAR-15940-updating count to better reflect the total items matched

* SOAR-15940-updating unit test to reflect change to count

* SOAR-15940-adding more specific error handling
cmcnally-r7 pushed a commit that referenced this pull request Nov 15, 2023
@rbowden-r7 @dependabot
Rapid7_Insightidr 7.0.0 release (#2112)
b30d584 
* [SOAR-15940] InsightIDR - advanced_query_on_log_set statistical result bug fix (#2108)

* SOAR-15940-Fixing issue where statistical calls to advanced_query_on_log_set was always coming back as 0.0

* SOAR-15940-updated unit tests for advanced_query_on_log_set to include schema validation

* SOAR-15940-updated unit tests for advanced_query_on_log_set to include schema validation

* SOAR-15940-updating count to better reflect the total items matched

* SOAR-15940-updating count to better reflect the total items matched

* SOAR-15940-updating unit test to reflect change to count

* SOAR-15940-adding more specific error handling

* [PLGN-614] InsightIDR - Adding parity between advanced_query_on_log_set and advanced_query_on_log (#2110)

* PLGN-614-Adding parity between advanced_query_on_log_set and advanced_query_on_log

* PLGN-614-Updating the help md to use cpatial letter

* PLGN-614-Updating the help md to match style format

* [PLGN-651] insightidr - Fixing schema error with required fields and adding in unit tests for checking schemas (#2116)

* PLGN-615-Fixing schema error with required fields and adding in unit test coverage for schema

* PLGN-615-Updating help doc with new chnages

* Bump aiohttp from 3.8.5 to 3.8.6 in /plugins/rapid7_insightidr (#2118)

Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.8.5 to 3.8.6.
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](aio-libs/aiohttp@v3.8.5...v3.8.6)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@igorski-r7 igorski-r7 igorski-r7 approved these changes

@cmcnally-r7 cmcnally-r7 cmcnally-r7 approved these changes

@ablakley-r7 ablakley-r7 Awaiting requested review from ablakley-r7

@jerichardson-r7 jerichardson-r7 Awaiting requested review from jerichardson-r7

@llaszuk-r7 llaszuk-r7 Awaiting requested review from llaszuk-r7

@dlaverty-r7 dlaverty-r7 Awaiting requested review from dlaverty-r7

@abmccann-r7 abmccann-r7 Awaiting requested review from abmccann-r7

@joneill-r7 joneill-r7 Awaiting requested review from joneill-r7

Assignees

@rbowden-r7 rbowden-r7

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rbowden-r7 @cmcnally-r7 @igorski-r7