Phantom: Feature - Add option to toggle "determine contains" on add a…

…rtifact action (#24) * add ability to disable the ability for SOAR to determine contains when adding an artifact * added release_notes and output datapaths * pre-commit changes * changes done for json file --------- Co-authored-by: Casey Boyd <[email protected]> Co-authored-by: gdelavadiya-crest <[email protected]>
splunk-soar-connectors · Oct 14, 2024 · b6a6c58 · b6a6c58
1 parent a64debe
commit b6a6c58
Show file tree

Hide file tree

Showing 8 changed files with 36 additions and 28 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
 -   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.19
+    rev: v1.23
     hooks:
     -   id: org-hook
     -   id: package-app-dependencies

diff --git a/LICENSE b/LICENSE
@@ -198,4 +198,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.
diff --git a/README.md b/README.md
@@ -404,6 +404,7 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 **cef_dictionary** |  optional  | CEF JSON | string | 
 **contains** |  optional  | Data type for each CEF field | string | 
 **run_automation** |  optional  | Run automation on newly created artifact(s) (default: false) | boolean | 
+**determine_contains** |  optional  | Determine contains for any CEF fields without a provided contains value. (default: true) | boolean |
 
 #### Action Output
 DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES

diff --git a/phantom.json b/phantom.json
@@ -6,7 +6,7 @@
     "publisher": "Splunk",
     "type": "information",
     "main_module": "phantom_connector.py",
-    "app_version": "3.7.0",
+    "app_version": "3.7.1",
     "latest_tested_versions": [
         "Splunk Phantom PlatformAPI v5.3.1",
         "SOAR On-prem v5.3.1.84890",
@@ -401,8 +401,7 @@
                     "data_path": "action_result.parameter.title",
                     "data_type": "string",
                     "example_values": [
-                        "Note test",
-                        "Testing note"
+                        "Note test"
                     ]
                 },
                 {
@@ -1234,8 +1233,12 @@
                 "run_automation": {
                     "description": "Run automation on newly created artifact(s) (default: false)",
                     "data_type": "boolean",
-                    "default": false,
                     "order": 8
+                },
+                "determine_contains": {
+                    "description": "Determine contains for any CEF fields without a provided contains value (default: true)",
+                    "data_type": "boolean",
+                    "order": 9
                 }
             },
             "render": {
@@ -1315,6 +1318,10 @@
                     "data_path": "action_result.parameter.source_data_identifier",
                     "data_type": "string"
                 },
+                {
+                    "data_path": "action_result.parameter.determine_contains",
+                    "data_type": "boolean"
+                },
                 {
                     "data_path": "action_result.data.*.existing_artifact_id",
                     "data_type": "numeric"
@@ -1957,16 +1964,14 @@
                     "data_path": "action_result.summary.artifact_count",
                     "data_type": "numeric",
                     "example_values": [
-                        3,
-                        5
+                        3
                     ]
                 },
                 {
                     "data_path": "action_result.summary.container_id",
                     "data_type": "numeric",
-                    "example_values": [
-                        82,
-                        77
+                    "exampsle_values": [
+                        82
                     ],
                     "contains": [
                         "phantom container id"

diff --git a/phantom_connector.py b/phantom_connector.py
@@ -682,15 +682,17 @@ def _add_artifact(self, param):
 
         name = param.get("name")
         container_id = param.get("container_id", self.get_container_id())
-        sdi = param.get("source_data_identifier")
+        sdi = param["source_data_identifier"]
         label = param.get("label", "event")
         contains = param.get("contains")
         cef_name = param.get("cef_name")
         cef_value = param.get("cef_value")
         cef_dict = param.get("cef_dictionary")
         run_automation = param.get("run_automation", False)
+        should_determine_contains = param.get("determine_contains", True)
 
         ret_val, container_id = self._validate_integer(action_result, container_id, "container_id")
+
         if phantom.is_fail(ret_val):
             return action_result.get_status()
 
@@ -737,20 +739,21 @@ def _add_artifact(self, param):
         artifact["source_data_identifier"] = sdi
         artifact["run_automation"] = run_automation
 
-        for cef_name in loaded_cef:
+        if should_determine_contains:
+            for cef_name in loaded_cef:
 
-            if loaded_contains.get(cef_name):
-                continue
+                if loaded_contains.get(cef_name):
+                    continue
 
-            if cef_name not in CEF_NAME_MAPPING:
-                determined_contains = determine_contains(loaded_cef[cef_name]) if loaded_cef[cef_name] else None
-                if determined_contains:
-                    artifact["cef_types"][cef_name] = determined_contains
-            else:
-                try:
-                    artifact["cef_types"][cef_name] = CEF_JSON[cef_name]["contains"]
-                except Exception:
-                    pass
+                if cef_name not in CEF_NAME_MAPPING:
+                    determined_contains = determine_contains(loaded_cef[cef_name]) if loaded_cef[cef_name] else None
+                    if determined_contains:
+                        artifact["cef_types"][cef_name] = determined_contains
+                else:
+                    try:
+                        artifact["cef_types"][cef_name] = CEF_JSON[cef_name]["contains"]
+                    except Exception:
+                        pass
 
         success, response, resp_data = self._make_rest_call("/rest/artifact", action_result, method="post", data=artifact)
 

diff --git a/pyproject.toml b/pyproject.toml
@@ -5,3 +5,4 @@ verbose = true
 
 [tool.isort]
 line_length = 145
+profile = "black"
diff --git a/release_notes/unreleased.md b/release_notes/unreleased.md
@@ -1 +1,2 @@
 **Unreleased**
+* Added addtional 'determine_contains' parameter to disable the ability for SOAR to determine contains when adding an artifact.[PAPP-34715]
diff --git a/tox.ini b/tox.ini
@@ -1,7 +1,4 @@
 [flake8]
 max-line-length = 145
 max-complexity = 28
-extend-ignore = F403,E128,E126,E121,E127,E731,E201,E202,F405,E722,D
-
-[isort]
-line_length = 145
+extend-ignore = F403,E128,E126,E121,E127,E731,E201,E202,E203,E701,F405,E722,D,W503
Original file line number	Diff line number	Diff line change
Expand Up		@@ -5,3 +5,4 @@ verbose = true

		[tool.isort]
		line_length = 145
		profile = "black"
Original file line number	Diff line number	Diff line change
		@@ -1 +1,2 @@
		Unreleased
		* Added addtional 'determine_contains' parameter to disable the ability for SOAR to determine contains when adding an artifact.[PAPP-34715]