[SOAR-18529] Duo Admin 5.0.2 Release (fedRAMP) (#3021)

* duo sdk and vuln (#3017)

* Duo Admin plugin.spec sync (#3037)

* Plugin.spec sync

* plugin.spec sync

plugins/duo_admin/.CHECKSUM

@@ -1,7 +1,7 @@
 {
-	"spec": "f47b7b4bc59db3b5f839955535a59660",
-	"manifest": "087aa32ede6b854cd63bda601038017a",
-	"setup": "6628c0c3a6eb2e3828cdcc104e0c08d2",
+	"spec": "4a94a77c37f17820e8768bb2850f6ee5",
+	"manifest": "672f0da4df4edb87ab669d69e435c5c7",
+	"setup": "8a8919e13bd1afe4849427d3dae6dbf4",
 	"schemas": [
 		{
 			"identifier": "add_user/schema.py",
@@ -17,7 +17,7 @@
 		},
 		{
 			"identifier": "get_logs/schema.py",
-			"hash": "ee359e5ea79a88b4597a5afaa739b793"
+			"hash": "3502cb177351d18ff8a31266a49db228"
 		},
 		{
 			"identifier": "get_phones_by_user_id/schema.py",
@@ -49,7 +49,7 @@
 		},
 		{
 			"identifier": "monitor_logs/schema.py",
-			"hash": "4119a8c82613406e16d830d7b48e0c86"
+			"hash": "26f03015b329bc573a7e6f3a688fb861"
 		}
 	]
 }

plugins/duo_admin/Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.1.2
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.2.2
 
 LABEL organization=rapid7
 LABEL sdk=python

plugins/duo_admin/bin/komand_duo_admin

@@ -6,7 +6,7 @@ from sys import argv
 
 Name = "Duo Admin API"
 Vendor = "rapid7"
-Version = "5.0.1"
+Version = "5.0.2"
 Description = "[Duo](https://duo.com/)'s Trusted Access platform verifies the identity of your users with two-factor authentication and security health of their devices before they connect to the apps they use. Using the Duo plugin for InsightConnect will allow Duo user management within automation workflows"
 
 

plugins/duo_admin/help.md

@@ -175,73 +175,13 @@ Example output:
 ```
 
 #### Get Authentication Logs
-
+  
 This action is used to get auth logs, limited to past 180 days.
-[Currentmillis.com](https://currentmillis.com/) is useful for finding a usable UNIX timestamp.
-
-Available inputs for parameters:
-
-* `factors` - a comma-separated list of factors, if left empty, the action returns the authentication logs for all factors used for an authentication attempt
-    * bypass_code
-    * digipass_go_7_token
-    * duo_mobile_passcode
-    * duo_push
-    * hardware_token
-    * not_available
-    * passcode
-    * phone_call
-    * remembered_device
-    * sms_passcode
-    * sms_refresh
-    * trusted_network
-    * u2f_token
-    * yubikey_code
-* `reasons` - a comma-separated list of reasons, if left empty, the action returns the authentication logs for all reasons associated with an authentication attempt
-    * allow_unenrolled_user
-    * allow_unenrolled_user_on_trusted_network
-    * allowed_by_policy
-    * anomalous_push
-    * anonymous_ip
-    * bypass_user
-    * call_timed_out
-    * could_not_determine_if_endpoint_was_trusted
-    * denied_by_policy
-    * deny_unenrolled_user
-    * endpoint_failed_google_verification
-    * endpoint_is_not_in_management_system
-    * endpoint_is_not_trusted
-    * error
-    * factor_restricted
-    * invalid_device
-    * invalid_management_certificate_collection_state
-    * invalid_passcode
-    * invalid_referring_hostname_provided
-    * location_restricted
-    * locked_out
-    * no_activated_duo_mobile_account
-    * no_disk_encryption
-    * no_duo_certificate_present
-    * no_keys_pressed
-    * no_referring_hostname_provided
-    * no_response
-    * no_screen_lock
-    * no_web_referer_match
-    * out_of_date
-    * platform_restricted
-    * remembered_device
-    * rooted_device
-    * software_restricted
-    * touch_id_disabled
-    * trusted_location
-    * trusted_network
-    * user_approved
-    * user_cancelled
-    * user_disabled
-    * user_marked_fraud
-    * user_not_in_permitted_group
-    * user_provided_invalid_certificate
-    * valid_passcode
-    * version_restricted
+[Currentmillis.com](https://currentmillis.com/) is 
+useful for finding a usable UNIX timestamp.
+
+Available inputs for parameters can be found in [Duo Admin API 
+docs](https://duo.com/docs/adminapi#logs:~:text=The%20factor%20or%20method%20used%20for%20an%20authentication%20attempt.%20One%20of%3A)
 
 ##### Input
 
@@ -1006,10 +946,11 @@ Example output:
 
 ## Troubleshooting
 
-Many actions in this plugin take a User ID as input. A User ID is not the username - instead it's a unique identifier e.g. DU9I6T0F7R2S1J4XZHHA. A User ID can be obtained by passing a username to the Get User Status action.
+* Many actions in this plugin take a User ID as input. A User ID is not the username - instead it's a unique identifier e.g. DU9I6T0F7R2S1J4XZHHA. A User ID can be obtained by passing a username to the Get User Status action.
 
 # Version History
 
+* 5.0.2 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities
 * 5.0.1 - Update to enable Plugin as FedRAMP ready | Update SDK (`6.1.2`)
 * 5.0.0 - Updated to include latest SDK v5.5.5 | Removing Unused fields from User Object
 * 4.4.2 - Updated to include latest SDK v5.4.9 | Task `Monitor Logs` updated to increase max lookback cutoff to 7 days

plugins/duo_admin/komand_duo_admin/actions/get_logs/schema.py

@@ -4,7 +4,7 @@
 
 
 class Component:
-    DESCRIPTION = "Get auth logs, limited to past 180 days"
+    DESCRIPTION = "This action is used to get auth logs, limited to past 180 days.[Currentmillis.com](https://currentmillis.com/) is useful for finding a usable UNIX timestamp.Available inputs for parameters can be found in [Duo Admin API docs](https://duo.com/docs/adminapi#logs:~:text=The%20factor%20or%20method%20used%20for%20an%20authentication%20attempt.%20One%20of%3A)"
 
 
 class Input:

plugins/duo_admin/komand_duo_admin/tasks/monitor_logs/schema.py

@@ -64,9 +64,7 @@ class MonitorLogsOutput(insightconnect_plugin_runtime.Output):
   "type": "array",
   "title": "Logs",
   "description": "List of administrator, authentication and trust monitor event logs within the specified time range",
-  "items": {
-    "type": "object"
-  },
+  "items": {},
   "required": [
     "logs"
   ],

plugins/duo_admin/plugin.spec.yaml

@@ -11,7 +11,7 @@ status: []
 supported_versions: ["Duo Admin API 2024-09-17"]
 sdk:
   type: full
-  version: 6.1.2
+  version: 6.2.2
   user: nobody
 description: "[Duo](https://duo.com/)'s Trusted Access platform verifies the identity of your users with two-factor authentication and
 security health of their devices before they connect to the apps they use. Using the Duo plugin for InsightConnect will allow Duo user management within automation workflows"
@@ -29,7 +29,7 @@ key_features:
 requirements:
 - "Two secret keys - `integration key` and `secret key`"
 - "`API hostname`"
-version: 5.0.1
+version: 5.0.2
 connection_version: 4
 resources:
   source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/duo_admin
@@ -47,9 +47,10 @@ links:
 - "[Duo Security](https://duo.com/)"
 references:
 - "[Duo Admin API](https://duo.com/docs/adminapi)"
-troubleshooting: "Many actions in this plugin take a User ID as input. A User ID is not the username - instead it's a unique identifier e.g. DU9I6T0F7R2S1J4XZHHA. A User ID can be obtained by passing a username to the Get User Status action."
-
+troubleshooting:
+  - "Many actions in this plugin take a User ID as input. A User ID is not the username - instead it's a unique identifier e.g. DU9I6T0F7R2S1J4XZHHA. A User ID can be obtained by passing a username to the Get User Status action."
 version_history:
+- "5.0.2 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities"
 - "5.0.1 - Update to enable Plugin as FedRAMP ready | Update SDK (`6.1.2`)"
 - "5.0.0 - Updated to include latest SDK v5.5.5 | Removing Unused fields from User Object"
 - "4.4.2 - Updated to include latest SDK v5.4.9 | Task `Monitor Logs` updated to increase max lookback cutoff to 7 days"
@@ -1074,7 +1075,7 @@ actions:
         example: { "alias1": "alias1", "alias2": "alias2", "alias3": "alias3", "alias4": "alias4", "aliases": { "alias1": "alias1", "alias2": "alias2", "alias3": "alias3", "alias4": "alias4" }, "created": 1684765611, "email": "[email protected]", "isEnrolled": false, "notes": "Example", "realname": "Example", "status": "active", "userId": "DUCUULF6HBMZ43IG9MBH", "username": "Example" }
   get_logs:
     title: Get Authentication Logs
-    description: Get auth logs, limited to past 180 days
+    description: "This action is used to get auth logs, limited to past 180 days.\n[Currentmillis.com](https://currentmillis.com/) is useful for finding a usable UNIX timestamp.\n\nAvailable inputs for parameters can be found in [Duo Admin API docs](https://duo.com/docs/adminapi#logs:~:text=The%20factor%20or%20method%20used%20for%20an%20authentication%20attempt.%20One%20of%3A)"
     input:
       mintime:
         title: Mintime

plugins/duo_admin/setup.py

@@ -3,7 +3,7 @@
 
 
 setup(name="duo_admin-rapid7-plugin",
-      version="5.0.1",
+      version="5.0.2",
       description="[Duo](https://duo.com/)'s Trusted Access platform verifies the identity of your users with two-factor authentication and security health of their devices before they connect to the apps they use. Using the Duo plugin for InsightConnect will allow Duo user management within automation workflows",
       author="rapid7",
       author_email="",