diff --git a/collectors/carbonblack/collector.js b/collectors/carbonblack/collector.js index ec7e440e..4924042d 100644 --- a/collectors/carbonblack/collector.js +++ b/collectors/carbonblack/collector.js @@ -119,7 +119,9 @@ class CarbonblackCollector extends PawsCollector { return callback(error.response.data); } else { - error.errorCode = error.response.status; + if (error.response) { + error.errorCode = error.response.status + } return callback(error); } }); diff --git a/collectors/carbonblack/package.json b/collectors/carbonblack/package.json index 4cf8d42c..94a9b0dc 100644 --- a/collectors/carbonblack/package.json +++ b/collectors/carbonblack/package.json @@ -1,6 +1,6 @@ { "name": "carbonblack-collector", - "version": "1.0.52", + "version": "1.0.53", "description": "Alert Logic AWS based Carbonblack Log Collector", "repository": {}, "private": true, diff --git a/collectors/carbonblack/test/utils_test.js b/collectors/carbonblack/test/utils_test.js index e3c81727..cee42449 100644 --- a/collectors/carbonblack/test/utils_test.js +++ b/collectors/carbonblack/test/utils_test.js @@ -12,7 +12,7 @@ describe('Unit Tests', function () { alserviceStub.post = sinon.stub(RestServiceClient.prototype, 'post').callsFake( function fakeFn(path, extraOptions) { return new Promise(function (resolve, reject) { - return resolve({ results: [carbonblackMock.LOG_EVENT] }); + return resolve({ results: [carbonblackMock.LOG_EVENT],num_found : 2500 }); }); }); alserviceStub.get = sinon.stub(RestServiceClient.prototype, 'get').callsFake( @@ -70,17 +70,20 @@ describe('Unit Tests', function () { url: "url", method: "POST", requestBody:{ - "criteria": { - "create_time": { - "end": state.until, - "start": state.since - }, + "time_range": { + "start": state.since, + "end": state.until }, - "rows": 0, - "start": 0 + "start": "0", + "rows": "0", + "exclusions": { + "type": [ + "CB_ANALYTICS","WATCHLIST" + ] + } }, typeIdPaths: [{ path: ["id"] }], - tsPaths: [{ path: ["last_update_time"] }] + tsPaths: [{ path: ["backend_update_timestamp"] }] }; let accumulator = []; const apiEndpoint = process.env.paws_endpoint; diff --git a/collectors/carbonblack/themis-template/carbonblackevents.json b/collectors/carbonblack/themis-template/carbonblackevents.json index 99d17015..a82e9a1c 100644 --- a/collectors/carbonblack/themis-template/carbonblackevents.json +++ b/collectors/carbonblack/themis-template/carbonblackevents.json @@ -1,6 +1,6 @@ { "method": "GET", - "url": "{{endpoint}}/appservices/v6/orgs/{{collector_param_string2}}/alerts/search_suggestions?suggest.q=", + "url": "{{endpoint}}/api/alerts/v7/orgs/{{collector_param_string2}}/alerts/search_suggestions?query=n/a", "headers": { "X-Auth-Token": "{{secret}}/{{client_id}}" }, diff --git a/collectors/carbonblack/utils.js b/collectors/carbonblack/utils.js index fd347e14..8160d959 100644 --- a/collectors/carbonblack/utils.js +++ b/collectors/carbonblack/utils.js @@ -43,14 +43,14 @@ function getAPILogs(apiDetails, accumulator, apiEndpoint, state, clientSecret, c }, data: apiDetails.requestBody }).then(response => { - if (response.results.length === 0) { - return resolve({ accumulator, nextPage }); - } accumulator.push(...response.results); offset = offset + limit; - apiDetails.requestBody.start = offset; - pageCount++; - return getCarbonBlackData(); + if (response.results.length > 0 && response.num_found >= offset) { + apiDetails.requestBody.start = offset; + pageCount++; + return getCarbonBlackData(); + } + return resolve({ accumulator, nextPage }); }).catch(err => { return reject(err); }); @@ -78,51 +78,60 @@ function getAPIDetails(state, orgKey) { tsPaths = [{ path: ["eventTime"] }]; break; case Search_Alerts: - url = `/appservices/v6/orgs/${orgKey}/alerts/_search`; + url = `/api/alerts/v7/orgs/${orgKey}/alerts/_search`; typeIdPaths = [{ path: ["id"] }]; - tsPaths = [{ path: ["last_update_time"] }]; + tsPaths = [{ path: ["backend_update_timestamp"] }]; method = "POST"; requestBody = { - "criteria": { - "create_time": { - "end": state.until, - "start": state.since - }, + "time_range": { + "start": state.since, + "end": state.until }, - "rows": 0, - "start": 0 + "start": "0", + "rows": "0", + "exclusions": { + "type": [ + "CB_ANALYTICS", "WATCHLIST" + ] + } }; break; case Search_Alerts_CB_Analytics: - url = `/appservices/v6/orgs/${orgKey}/alerts/cbanalytics/_search`; + url = `/api/alerts/v7/orgs/${orgKey}/alerts/_search`; typeIdPaths = [{ path: ["id"] }]; - tsPaths = [{ path: ["last_update_time"] }]; + tsPaths = [{ path: ["backend_update_timestamp"] }]; method = "POST"; requestBody = { + "time_range": { + "start": state.since, + "end": state.until + }, "criteria": { - "create_time": { - "end": state.until, - "start": state.since - }, + "type": [ + "CB_ANALYTICS" + ] }, - "rows": 0, - "start": 0 + "start": "0", + "rows": "0" }; break; case Search_Alerts_Watchlist: - url = `/appservices/v6/orgs/${orgKey}/alerts/watchlist/_search`; + url = `/api/alerts/v7/orgs/${orgKey}/alerts/_search`; typeIdPaths = [{ path: ["id"] }]; - tsPaths = [{ path: ["last_update_time"] }]; + tsPaths = [{ path: ["backend_update_timestamp"] }]; method = "POST"; requestBody = { + "time_range": { + "start": state.since, + "end": state.until + }, "criteria": { - "create_time": { - "end": state.until, - "start": state.since - }, + "type": [ + "WATCHLIST" + ] }, - "rows": 0, - "start": 0 + "start": "0", + "rows": "0" }; break; default: