Merge pull request #16 from splunk-soar-connectors/next

Merging next to main for release 3.0.1

.github/workflows/generate-doc.yml

@@ -0,0 +1,20 @@
+name: Generate Readme Doc
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - '*.json'
+      - 'readme.html'
+      - 'manual_readme_content.md'
+    tags-ignore:
+      - '**'
+    branches-ignore:
+      - next
+      - main
+jobs:
+  generate-doc:
+    runs-on: ubuntu-latest
+    steps:
+     - uses: 'phantomcyber/dev-cicd-tools/github-actions/generate-doc@main'
+       with:
+         GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}

.github/workflows/review-release.yml

@@ -0,0 +1,22 @@
+name: Review Release
+concurrency:
+  group: app-release
+  cancel-in-progress: true
+permissions:
+  contents: read
+  id-token: write
+  statuses: write
+on:
+  workflow_dispatch:
+    inputs:
+      task_token:
+        description: 'StepFunction task token'
+        required: true
+
+jobs:
+  review:
+    uses: 'phantomcyber/dev-cicd-tools/.github/workflows/review-release.yml@main'
+    with:
+      task_token: ${{ inputs.task_token }}
+    secrets:
+      resume_release_role_arn: ${{ secrets.RESUME_RELEASE_ROLE_ARN }}

.pre-commit-config.yaml

@@ -1,11 +1,11 @@
 repos:
 -   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.12
+    rev: v1.24
     hooks:
     -   id: org-hook
     -   id: package-app-dependencies
 -   repo: https://github.com/Yelp/detect-secrets
-    rev: v1.2.0
+    rev: v1.5.0
     hooks:
     -   id: detect-secrets
         args: ['--no-verify', '--exclude-files', '^wildfire.json$']

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright (c) 2016-2022 Splunk Inc.
+   Copyright (c) 2016-2025 Splunk Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

__init__.py

@@ -1,6 +1,6 @@
 # File: __init__.py
 #
-# Copyright (c) 2016-2022 Splunk Inc.
+# Copyright (c) 2016-2025 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

display_report.html

@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: display_report.html
-  Copyright (c) 2016-2022 Splunk Inc.
+  Copyright (c) 2016-2025 Splunk Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

json_dump.html

@@ -9,7 +9,7 @@
 {% block widget_content %}
 
 <!-- File: json_dump.html
-  Copyright (c) 2016-2022 Splunk Inc.
+  Copyright (c) 2016-2025 Splunk Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

manual_readme_content.md

@@ -0,0 +1,68 @@
+[comment]: # " File: README.md"
+[comment]: # "  Copyright (c) 2016-2022 Splunk Inc."
+[comment]: # ""
+[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');"
+[comment]: # "you may not use this file except in compliance with the License."
+[comment]: # "You may obtain a copy of the License at"
+[comment]: # ""
+[comment]: # "    http://www.apache.org/licenses/LICENSE-2.0"
+[comment]: # ""
+[comment]: # "Unless required by applicable law or agreed to in writing, software distributed under"
+[comment]: # "the License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,"
+[comment]: # "either express or implied. See the License for the specific language governing permissions"
+[comment]: # "and limitations under the License."
+[comment]: # ""
+To enable the access for fetching files from the Wildfire instance, please enable the Licensing API
+key by [clicking here](https://support.paloaltonetworks.com/License/LicensingApi/34470) . If the
+redirect link is not working, please follow the below mentioned steps for activating the licensing
+API key.
+
+1.  Navigate to [Palo Alto Networks Support](https://support.paloaltonetworks.com)
+2.  Expand the Assets tab in the left navigation panel
+3.  Select Licensing API option in the left navigation panel and activate the licensing API key
+
+**Playbook Backward Compatibility**
+
+-   The list of supported Platforms in **platform** parameter of **Get Pcap** action has been
+    updated as mentioned below. Hence, it is requested to the end-user to please update their
+    existing playbooks and provide updated values to this action parameter to ensure the correct
+    functioning of the playbooks created on the earlier versions of the app.
+
+      
+
+    -   Below mentioned old values are updated to new values:
+
+          
+
+        -   **Win XP, Adobe 9.3.3, Office 2003** -> **Windows XP, Adobe Reader 9.3.3, Office 2003**
+        -   **Win XP, Adobe 9.4.0, Flash 10, Office 2007** -> **Windows XP, Adobe Reader 9.4.0,
+            Flash 10, Office 2007**
+        -   **Win XP, Adobe 11, Flash 11, Office 2010** -> **Windows XP, Adobe Reader 11, Flash 11,
+            Office 2010**
+        -   **Win 7 32-bit, Adobe 11, Flash11, Office 2010** -> **Windows 7 32-bit, Adobe Reader 11,
+            Flash11, Office 20103**
+        -   **Win 7 64 bit, Adobe 11, Flash 11, Office 201** -> **Windows 7 64-bit, Adobe Reader 11,
+            Flash 11, Office 2010**
+
+    -   **27** new values have been added.
+
+**Detonate File: Filename Parameter**
+
+-   According to the Wildfire documentation: "When submitting supported script files, you must
+    specify an accurate filename using the context parameter, otherwise WildFire is unable to parse
+    the file and returns a 418 Unsupported File Type response."
+-   Please see the following link for more information: [Wildfire API
+    Documentation](https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-api/submit-files-and-links-through-the-wildfire-api/submit-a-remote-file-to-wildfire-api.html)
+
+The **timeout** parameter is only useful for fetching the report in detonate actions and 'get
+report' action
+
+## Port Information
+
+The app uses HTTP/ HTTPS protocol for communicating with the Wildfire server. Below are the default
+ports used by Splunk SOAR.
+
+|         Service Name | Transport Protocol | Port |
+|----------------------|--------------------|------|
+|         http         | tcp                | 80   |
+|         https        | tcp                | 443  |

pyproject.toml

@@ -0,0 +1,8 @@
+[tool.black]
+line-length = 145
+target-version = ['py39']
+verbose = true
+
+[tool.isort]
+line_length = 145
+profile = "black"

release_notes/3.0.1.md

@@ -0,0 +1 @@
+* PAPP-34426 convert WildFire app to Splunk Supported app

requirements.txt

@@ -1,4 +1 @@
-beautifulsoup4==4.9.1
-python-magic==0.4.18
-requests==2.25.0
-xmltodict==0.12.0
+python-magic==0.4.27

tox.ini

@@ -1,7 +1,4 @@
 [flake8]
 max-line-length = 145
 max-complexity = 28
-extend-ignore = F403,E128,E126,E111,E121,E127,E731,E201,E202,F405,E722,D,W292
-
-[isort]
-line_length = 145
+extend-ignore = F403,E128,E126,E121,E127,E731,E201,E202,E203,E701,F405,E722,D,W503

wildfire.json

@@ -4,20 +4,20 @@
     "description": "This app supports file detonation for forensic file analysis on the Palo Alto Networks WildFire sandbox",
     "type": "sandbox",
     "main_module": "wildfire_connector.py",
-    "app_version": "3.0.0",
+    "app_version": "3.0.1",
     "utctime_updated": "2022-02-04T17:52:04.000000Z",
     "package_name": "phantom_wildfire",
     "product_vendor": "Palo Alto Networks",
     "product_name": "WildFire",
     "product_version_regex": ".*",
-    "min_phantom_version": "5.2.0",
+    "min_phantom_version": "6.3.0",
     "python_version": "3",
     "fips_compliant": true,
-    "publisher": "Splunk Community",
+    "publisher": "Splunk",
     "consolidate_widgets": true,
     "logo": "logo_paloaltonetworks.svg",
     "logo_dark": "logo_paloaltonetworks_dark.svg",
-    "license": "Copyright (c) 2016-2022 Splunk Inc.",
+    "license": "Copyright (c) 2016-2025 Splunk Inc.",
     "configuration": {
         "base_url": {
             "data_type": "string",
@@ -10595,41 +10595,9 @@
     ],
     "pip_dependencies": {
         "wheel": [
-            {
-                "module": "beautifulsoup4",
-                "input_file": "wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl"
-            },
-            {
-                "module": "certifi",
-                "input_file": "wheels/shared/certifi-2021.10.8-py2.py3-none-any.whl"
-            },
-            {
-                "module": "chardet",
-                "input_file": "wheels/shared/chardet-3.0.4-py2.py3-none-any.whl"
-            },
-            {
-                "module": "idna",
-                "input_file": "wheels/shared/idna-2.10-py2.py3-none-any.whl"
-            },
             {
                 "module": "python_magic",
-                "input_file": "wheels/shared/python_magic-0.4.18-py2.py3-none-any.whl"
-            },
-            {
-                "module": "requests",
-                "input_file": "wheels/shared/requests-2.25.0-py2.py3-none-any.whl"
-            },
-            {
-                "module": "soupsieve",
-                "input_file": "wheels/py3/soupsieve-2.3.1-py3-none-any.whl"
-            },
-            {
-                "module": "urllib3",
-                "input_file": "wheels/shared/urllib3-1.26.8-py2.py3-none-any.whl"
-            },
-            {
-                "module": "xmltodict",
-                "input_file": "wheels/shared/xmltodict-0.12.0-py2.py3-none-any.whl"
+                "input_file": "wheels/shared/python_magic-0.4.27-py2.py3-none-any.whl"
             }
         ]
     }