[GreyNoise] Updates + New Actions + New Trigger (#2916)

* update spec * updates * validation fixes * updates * updates * formatting * clean up * add vuln action * add timeline lookup * add similar_lookup * help sum * add trigger * trigger fixes * trigger fixes * linting * updates * updates * unit tests and fixes * fix trigger output * fix trigger * review feedback * update all action outputs * fix typos * update examples * example updates
rapid7 · Nov 26, 2024 · eb3aa73 · eb3aa73
1 parent 05cc99b
commit eb3aa73
Show file tree

Hide file tree

Showing 65 changed files with 4,187 additions and 696 deletions.
diff --git a/plugins/greynoise/.CHECKSUM b/plugins/greynoise/.CHECKSUM
@@ -1,35 +1,51 @@
 {
-	"spec": "21e4aba5536e29ebde5b6b0d33c7d1f1",
-	"manifest": "0fbfe5119cf508fcbf30641105ae188d",
-	"setup": "71be7f1ce465bc3700098c8ea7a8bb13",
+	"spec": "e8f3a3060f1800fcad0ffc216c09d193",
+	"manifest": "9d3f4a959fda3eb80588c86648597b40",
+	"setup": "7d0148b4efc7745f17003a77e9e73c55",
 	"schemas": [
 		{
 			"identifier": "community_lookup/schema.py",
-			"hash": "c11ee6039e822efc804b17753c6fbbe1"
+			"hash": "37abd579045b68430ce584170968a270"
 		},
 		{
 			"identifier": "context_lookup/schema.py",
-			"hash": "27aed1cfd2a85f49bc317dce7d19aae4"
+			"hash": "df5822cc975eef45019e516ddb00d1e7"
 		},
 		{
 			"identifier": "get_tag_details/schema.py",
-			"hash": "9823f81c29046f34aa441ed58db094fb"
+			"hash": "805cc2db6612fc9b0ee438bbb58b231c"
 		},
 		{
 			"identifier": "gnql_query/schema.py",
-			"hash": "65c08f73e888728d2f812254efd3c15d"
+			"hash": "4c9874ce15384fdfafab25591d39d900"
 		},
 		{
 			"identifier": "quick_lookup/schema.py",
-			"hash": "0e7fc3a38329b5137a280b87982619b8"
+			"hash": "a0b8045428133eca9d2ac6cc2ffe4a7a"
 		},
 		{
 			"identifier": "riot_lookup/schema.py",
-			"hash": "9e8d337328f1cc2c1900d25932e8ffa5"
+			"hash": "0ee1bf7d6db7ee88dfd7f105bfb50ea6"
+		},
+		{
+			"identifier": "similar_lookup/schema.py",
+			"hash": "f8c96c19c59fd30ef806bf36c47bad7b"
+		},
+		{
+			"identifier": "timeline_lookup/schema.py",
+			"hash": "71963f3bf33ac17d5a46c2b017f8e9a8"
+		},
+		{
+			"identifier": "vulnerability_lookup/schema.py",
+			"hash": "d2e8b45236448f806ce8aa4eadeec367"
 		},
 		{
 			"identifier": "connection/schema.py",
-			"hash": "f7e83e2e638bbb1f4a198c8ee93a7e05"
+			"hash": "f7a3e43e3b17d8e2059b6499b67e7e5a"
+		},
+		{
+			"identifier": "monitor_ips_in_greynoise/schema.py",
+			"hash": "bb05b2a9d9ef8add550c7149ddf7c2d2"
 		}
 	]
 }
diff --git a/plugins/greynoise/Dockerfile b/plugins/greynoise/Dockerfile
@@ -1,26 +1,20 @@
-FROM rapid7/insightconnect-python-3-38-slim-plugin:4
-# Refer to the following documentation for available SDK parent images: https://komand.github.io/python/sdk.html#version
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.0
 
-LABEL organization=rapid7
+LABEL organization=greynoise
 LABEL sdk=python
 
-# Add any custom package dependencies here
-# NOTE: Add pip packages to requirements.txt
-
-# End package dependencies
-
-# Add source code
 WORKDIR /python/src
+
 ADD ./plugin.spec.yaml /plugin.spec.yaml
-ADD . /python/src
+ADD ./requirements.txt /python/src/requirements.txt
 
-# Install pip dependencies
 RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
 
-# Install plugin
+ADD . /python/src
+
 RUN python setup.py build && python setup.py install
 
 # User to run plugin code. The two supported users are: root, nobody
 USER nobody
 
-ENTRYPOINT ["/usr/local/bin/icon_greynoise"]
+ENTRYPOINT ["/usr/local/bin/icon_greynoise"]
diff --git a/plugins/greynoise/bin/icon_greynoise b/plugins/greynoise/bin/icon_greynoise
@@ -1,12 +1,12 @@
 #!/usr/bin/env python
-# GENERATED BY KOMAND SDK - DO NOT EDIT
+# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT
 import os
 import json
 from sys import argv
 
 Name = "GreyNoise"
 Vendor = "greynoise"
-Version = "1.0.0"
+Version = "2.0.0"
 Description = "GreyNoise helps analysts recognize events not worth their attention. Indicators in GreyNoise are likely associated with opportunistic internet scanning or common business services, not targeted threats. This context helps analysts focus on what matters most"
 
 
@@ -23,7 +23,7 @@ def main():
             monkey.patch_all()
 
     import insightconnect_plugin_runtime
-    from icon_greynoise import connection, actions, triggers
+    from icon_greynoise import connection, actions, triggers, tasks
 
     class ICONGreynoise(insightconnect_plugin_runtime.Plugin):
         def __init__(self):
@@ -34,18 +34,26 @@ def main():
                 description=Description,
                 connection=connection.Connection()
             )
-            self.add_action(actions.CommunityLookup())
-
+            self.add_trigger(triggers.MonitorIpsInGreynoise())
+        
             self.add_action(actions.ContextLookup())
-
+
+            self.add_action(actions.RiotLookup())
+
+            self.add_action(actions.QuickLookup())
+
             self.add_action(actions.GetTagDetails())
-
+        
             self.add_action(actions.GnqlQuery())
-
-            self.add_action(actions.QuickLookup())
-
-            self.add_action(actions.RiotLookup())
-
+
+            self.add_action(actions.CommunityLookup())
+
+            self.add_action(actions.VulnerabilityLookup())
+
+            self.add_action(actions.TimelineLookup())
+
+            self.add_action(actions.SimilarLookup())
+
 
     """Run plugin"""
     cli = insightconnect_plugin_runtime.CLI(ICONGreynoise())