From a0c5c2ca251952a36d459d5935d43444b928b955 Mon Sep 17 00:00:00 2001 From: joneill-r7 Date: Mon, 13 Jan 2025 15:10:59 +0000 Subject: [PATCH] SOAR-18525: rename to defender for endpoint --- plugins/microsoft_atp/bin/komand_microsoft_atp | 4 ++-- plugins/microsoft_atp/help.md | 12 ++++-------- plugins/microsoft_atp/plugin.spec.yaml | 8 +++++--- plugins/microsoft_atp/setup.py | 2 +- 4 files changed, 12 insertions(+), 14 deletions(-) diff --git a/plugins/microsoft_atp/bin/komand_microsoft_atp b/plugins/microsoft_atp/bin/komand_microsoft_atp index ffd45bc423..a465bb1648 100755 --- a/plugins/microsoft_atp/bin/komand_microsoft_atp +++ b/plugins/microsoft_atp/bin/komand_microsoft_atp @@ -4,10 +4,10 @@ import os import json from sys import argv -Name = "Microsoft Windows Defender ATP" +Name = "Microsoft Defender for Endpoint" Vendor = "rapid7" Version = "6.0.1" -Description = "The Windows Defender Advanced Threat Protection plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files" +Description = "The Microsoft Defender for Endpoint plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files" def main(): diff --git a/plugins/microsoft_atp/help.md b/plugins/microsoft_atp/help.md index 4b55c70acd..ad1c520454 100644 --- a/plugins/microsoft_atp/help.md +++ b/plugins/microsoft_atp/help.md @@ -1,6 +1,6 @@ # Description -The Windows Defender Advanced Threat Protection plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files +The Microsoft Defender for Endpoint plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files # Key Features @@ -21,10 +21,6 @@ The Windows Defender Advanced Threat Protection plugin allows Rapid7 InsightConn ## Setup -This plugin uses the Windows Defender ATP API. It will use an Azure application to connect to the API and run actions from InsightConnect. - -For information on how to setup your application and assign permissions go here: -https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp The connection configuration accepts the following parameters: |Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| @@ -1330,12 +1326,12 @@ Example output: ## Troubleshooting - -*This plugin does not contain a troubleshooting.* + +* For information on how to setup your Azure application and assign permissions go [here](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp) # Version History -* 6.0.1 - Update to latest SDK (v6.2.2) | Address vulnerabilities +* 6.0.1 - Update to latest SDK (v6.2.2) | Address vulnerabilities | Rebrand to `Microsoft Defender for Endpoint` * 6.0.0 - Updated SDK to the latest version | Initial updates for fedramp compliance * 5.2.0 - Add new action: Update Alert * 5.1.0 - Adding the following as new action types to `blacklist` action ['Warn', 'Block', 'Audit'] | Add a new flag in the `blacklist` action to toggle generateAlerts flag | Bump SDK to version 5.4.9 diff --git a/plugins/microsoft_atp/plugin.spec.yaml b/plugins/microsoft_atp/plugin.spec.yaml index 8326e3eda0..80943b9bc1 100644 --- a/plugins/microsoft_atp/plugin.spec.yaml +++ b/plugins/microsoft_atp/plugin.spec.yaml @@ -2,8 +2,8 @@ plugin_spec_version: v2 extension: plugin products: ["insightconnect"] name: microsoft_atp -title: Microsoft Windows Defender ATP -description: The Windows Defender Advanced Threat Protection plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files +title: Microsoft Defender for Endpoint +description: The Microsoft Defender for Endpoint plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files version: 6.0.1 connection_version: 6 supported_versions: ["2024-05-21"] @@ -29,13 +29,15 @@ sdk: type: full version: 6.2.2 user: nobody +troubleshooting: + - "For information on how to setup your Azure application and assign permissions go [here](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp)" links: - "[Windows Defender ATP](https://www.microsoft.com/en-us/windowsforbusiness/windows-atp)" references: - "[Windows Defender ATP API Start Page](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/use-apis)" - "[Windows Defender ATP API Endpoints](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/exposed-apis-list)" version_history: - - "6.0.1 - Update to latest SDK (v6.2.2) | Address vulnerabilities" + - "6.0.1 - Update to latest SDK (v6.2.2) | Address vulnerabilities | Rebrand to `Microsoft Defender for Endpoint`" - "6.0.0 - Updated SDK to the latest version | Initial updates for fedramp compliance" - "5.2.0 - Add new action: Update Alert" - "5.1.0 - Adding the following as new action types to `blacklist` action ['Warn', 'Block', 'Audit'] | Add a new flag in the `blacklist` action to toggle generateAlerts flag | Bump SDK to version 5.4.9" diff --git a/plugins/microsoft_atp/setup.py b/plugins/microsoft_atp/setup.py index f68a98263e..a8fe8250b0 100644 --- a/plugins/microsoft_atp/setup.py +++ b/plugins/microsoft_atp/setup.py @@ -4,7 +4,7 @@ setup(name="microsoft_atp-rapid7-plugin", version="6.0.1", - description="The Windows Defender Advanced Threat Protection plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files", + description="The Microsoft Defender for Endpoint plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files", author="rapid7", author_email="", url="",