Skip to content

Commit 73e13d3

Browse files
authored
agent sdk prep (#3233) (#3259)
1 parent cfb8a42 commit 73e13d3

File tree

6 files changed

+111
-75
lines changed

6 files changed

+111
-75
lines changed

plugins/rapid7_insight_agent/.CHECKSUM

+3-3
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
2-
"spec": "40959d25471f8645178e8e15095f7a3b",
3-
"manifest": "fbc1b04c51c6c8816dac6cee216341c2",
4-
"setup": "7f65232e4808ae89ad79c06f1b2dc5a2",
2+
"spec": "8ea726495c71b035509b37b51623e5b3",
3+
"manifest": "3ff7c0c28e6a8f75b31a32e4e7b6bafb",
4+
"setup": "b58badeb16edc58de914d9827f8a12a8",
55
"schemas": [
66
{
77
"identifier": "check_agent_status/schema.py",

plugins/rapid7_insight_agent/Dockerfile

+2-2
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.2
1+
FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.5
22

33
LABEL organization=rapid7
44
LABEL sdk=python
@@ -12,7 +12,7 @@ RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
1212

1313
ADD . /python/src
1414

15-
RUN python setup.py build && python setup.py install
15+
RUN pip install .
1616

1717
# User to run plugin code. The two supported users are: root, nobody
1818
USER nobody

plugins/rapid7_insight_agent/bin/icon_rapid7_insight_agent

+1-1
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ from sys import argv
66

77
Name = "Rapid7 Insight Agent"
88
Vendor = "rapid7"
9-
Version = "3.0.2"
9+
Version = "3.0.3"
1010
Description = "Using the Insight Agent plugin from InsightConnect, you can quarantine, unquarantine and monitor potentially malicious IPs, addresses, hostnames, and devices across your organization"
1111

1212

plugins/rapid7_insight_agent/help.md

+1
Original file line numberDiff line numberDiff line change
@@ -461,6 +461,7 @@ Example output:
461461

462462
# Version History
463463

464+
* 3.0.3 - Updated SDK to the latest version (6.2.5)
464465
* 3.0.2 - Updated to use latest buildpack to address vulnerabilities | Update `Get Agent Details`: extended output to include `agent` field when no assets are found
465466
* 3.0.1 - Update 'Get Agent Details' to allow no assets to be returned | SDK bump to latest version
466467
* 3.0.0 - Update `Get Agent Details` and `Get All Agents by IP` to return the next page token if more pages are available to search | Update `Get Agent Details` to return agent location details | Initial updates for fedramp compliance | Updated SDK to the latest version

plugins/rapid7_insight_agent/plugin.spec.yaml

+103-68
Original file line numberDiff line numberDiff line change
@@ -3,77 +3,98 @@ extension: plugin
33
products: [insightconnect]
44
name: rapid7_insight_agent
55
title: Rapid7 Insight Agent
6-
description: Using the Insight Agent plugin from InsightConnect, you can quarantine, unquarantine and monitor potentially malicious IPs, addresses, hostnames, and devices across your organization
7-
version: 3.0.2
6+
description: Using the Insight Agent plugin from InsightConnect, you can quarantine,
7+
unquarantine and monitor potentially malicious IPs, addresses, hostnames, and devices
8+
across your organization
9+
version: 3.0.3
810
connection_version: 2
9-
supported_versions: ["Rapid7 Insight Agent 2024-08-23"]
11+
supported_versions: [Rapid7 Insight Agent 2024-08-23]
1012
vendor: rapid7
1113
support: rapid7
1214
status: []
1315
cloud_ready: true
1416
fedramp_ready: true
1517
sdk:
1618
type: slim
17-
version: 6.2.2
19+
version: 6.2.5
1820
user: nobody
1921
key_features:
20-
- "The agent is used by [Rapid7 InsightIDR](https://www.rapid7.com/products/insightidr/) and [InsightVM](https://www.rapid7.com/products/insightvm/) customers to monitor endpoints."
22+
- The agent is used by [Rapid7 InsightIDR](https://www.rapid7.com/products/insightidr/)
23+
and [InsightVM](https://www.rapid7.com/products/insightvm/) customers to monitor
24+
endpoints.
2125
requirements:
22-
- "[Platform API Key](https://docs.rapid7.com/insight/managing-platform-api-keys/)"
23-
- "Administrator access to InsightIDR"
26+
- '[Platform API Key](https://docs.rapid7.com/insight/managing-platform-api-keys/)'
27+
- Administrator access to InsightIDR
2428
troubleshooting:
25-
- "If the actions `Get Agent Details` and `Get All Agents by IP` return a `next cursor` value, it is an indication that more pages of data are available to be reviewed. In this instance, it is recommended to run the action multiple times and pass the `next cursor` value, recording all agents found."
29+
- If the actions `Get Agent Details` and `Get All Agents by IP` return a `next cursor`
30+
value, it is an indication that more pages of data are available to be reviewed.
31+
In this instance, it is recommended to run the action multiple times and pass the
32+
`next cursor` value, recording all agents found.
2633
links:
27-
- "[Rapid7 Insight Agent](https://docs.rapid7.com/insight-agent/overview/)"
34+
- '[Rapid7 Insight Agent](https://docs.rapid7.com/insight-agent/overview/)'
2835
references:
29-
- "[Manage Platform API Keys](https://docs.rapid7.com/insight/managing-platform-api-keys/)"
36+
- '[Manage Platform API Keys](https://docs.rapid7.com/insight/managing-platform-api-keys/)'
3037
version_history:
31-
- "3.0.2 - Updated to use latest buildpack to address vulnerabilities | Update `Get Agent Details`: extended output to include `agent` field when no assets are found"
32-
- "3.0.1 - Update 'Get Agent Details' to allow no assets to be returned | SDK bump to latest version"
33-
- "3.0.0 - Update `Get Agent Details` and `Get All Agents by IP` to return the next page token if more pages are available to search | Update `Get Agent Details` to return agent location details | Initial updates for fedramp compliance | Updated SDK to the latest version"
34-
- "2.1.2 - Improve logging | Update SDK"
35-
- "2.1.1 - `Get All Agents by IP Address`: Fixed issue where action failed when agent did not have a primary address, and extended output to include agent location details | `Get Agent Details`: Extended output to include agent's public IP address and location"
36-
- "2.1.0 - Updated SDK to the latest version | New action added `Get All Agents by IP Address`"
37-
- "2.0.1 - Update `Connection Test` to identify if `Region` is incorrect | Update Plugin runtime to version 5"
38-
- "2.0.0 - Update action `Quarantine Multiple` outputs to Completed and Failed, removed All Operations Successful, replaced output Agent IDs with Hostname"
39-
- "1.2.0 - New action: `Quarantine Multiple`"
40-
- "1.1.1 - Quarantine: Fix incorrect behavior for unquarantine when the agent ID is wrong"
41-
- "1.1.0 - Cloud enabled"
42-
- "1.0.4 - Add new supported regions for API | Create unit tests for actions Check Agent Status, Quarantine, Get Agent Details"
43-
- "1.0.3 - Documentation update"
44-
- "1.0.2 - Fix for a case-sensitive agent hostname"
45-
- "1.0.1 - Documentation update"
46-
- "1.0.0 - Initial plugin"
38+
- 3.0.3 - Updated SDK to the latest version (6.2.5)
39+
- '3.0.2 - Updated to use latest buildpack to address vulnerabilities | Update `Get
40+
Agent Details`: extended output to include `agent` field when no assets are found'
41+
- 3.0.1 - Update 'Get Agent Details' to allow no assets to be returned | SDK bump
42+
to latest version
43+
- 3.0.0 - Update `Get Agent Details` and `Get All Agents by IP` to return the next
44+
page token if more pages are available to search | Update `Get Agent Details` to
45+
return agent location details | Initial updates for fedramp compliance | Updated
46+
SDK to the latest version
47+
- 2.1.2 - Improve logging | Update SDK
48+
- "2.1.1 - `Get All Agents by IP Address`: Fixed issue where action failed when agent\
49+
\ did not have a primary address, and extended output to include agent location\
50+
\ details | `Get Agent Details`: Extended output to include agent's public IP address\
51+
\ and location"
52+
- 2.1.0 - Updated SDK to the latest version | New action added `Get All Agents by
53+
IP Address`
54+
- 2.0.1 - Update `Connection Test` to identify if `Region` is incorrect | Update
55+
Plugin runtime to version 5
56+
- 2.0.0 - Update action `Quarantine Multiple` outputs to Completed and Failed, removed
57+
All Operations Successful, replaced output Agent IDs with Hostname
58+
- '1.2.0 - New action: `Quarantine Multiple`'
59+
- '1.1.1 - Quarantine: Fix incorrect behavior for unquarantine when the agent ID is
60+
wrong'
61+
- 1.1.0 - Cloud enabled
62+
- 1.0.4 - Add new supported regions for API | Create unit tests for actions Check
63+
Agent Status, Quarantine, Get Agent Details
64+
- 1.0.3 - Documentation update
65+
- 1.0.2 - Fix for a case-sensitive agent hostname
66+
- 1.0.1 - Documentation update
67+
- 1.0.0 - Initial plugin
4768
resources:
4869
source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/rapid7_insight_agent
4970
license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE
5071
vendor_url: https://www.rapid7.com
5172
docs_url: https://docs.rapid7.com/insightconnect/insight-agent
5273
tags:
53-
- rapid7
54-
- agent
55-
- insight
56-
- edr
57-
- endpoint
58-
- detection
59-
- response
60-
- idr
61-
- ivm
74+
- rapid7
75+
- agent
76+
- insight
77+
- edr
78+
- endpoint
79+
- detection
80+
- response
81+
- idr
82+
- ivm
6283
hub_tags:
6384
use_cases: [threat_detection_and_response]
64-
keywords: [rapid7, endpoint, incident_response, detection, insightidr, cloud_enabled]
85+
keywords: [rapid7, endpoint, incident_response, detection, insightidr, cloud_enabled]
6586
features: []
6687
types:
6788
attribute:
6889
key:
69-
title: "Key"
90+
title: Key
7091
type: string
71-
description: "Key"
92+
description: Key
7293
required: false
7394
value:
74-
title: "Value"
95+
title: Value
7596
type: string
76-
description: "Value"
97+
description: Value
7798
required: false
7899
quarantineState_object:
79100
currentState:
@@ -128,7 +149,7 @@ types:
128149
host:
129150
attributes:
130151
title: Attributes
131-
type: "[]attribute"
152+
type: '[]attribute'
132153
description: Attributes
133154
required: false
134155
description:
@@ -138,7 +159,7 @@ types:
138159
required: false
139160
hostNames:
140161
title: Hostnames
141-
type: "[]hostName"
162+
type: '[]hostName'
142163
description: Hostnames
143164
required: false
144165
primaryAddress:
@@ -148,7 +169,7 @@ types:
148169
required: false
149170
uniqueIdentity:
150171
title: Unique Identity
151-
type: "[]uniqueIdentity_object"
172+
type: '[]uniqueIdentity_object'
152173
description: Unique identity
153174
required: false
154175
vendor:
@@ -244,13 +265,13 @@ connection:
244265
example: United States
245266
required: true
246267
enum:
247-
- United States
248-
- United States 2
249-
- United States 3
250-
- Europe
251-
- Canada
252-
- Australia
253-
- Japan
268+
- United States
269+
- United States 2
270+
- United States 3
271+
- Europe
272+
- Canada
273+
- Australia
274+
- Japan
254275
actions:
255276
quarantine_multiple:
256277
title: Quarantine Multiple
@@ -259,12 +280,13 @@ actions:
259280
agent_array:
260281
title: Agent Array
261282
description: Agent hostnames to quarantine or unquarantine
262-
type: "[]string"
283+
type: '[]string'
263284
required: true
264-
example: ["abcdef123", "abcdef123"]
285+
example: [abcdef123, abcdef123]
265286
interval:
266287
title: Interval
267-
description: Length of time in seconds to try to take action on a device. This is also called Advertisement Period
288+
description: Length of time in seconds to try to take action on a device.
289+
This is also called Advertisement Period
268290
type: int
269291
default: 604800
270292
example: 604800
@@ -280,28 +302,32 @@ actions:
280302
failed:
281303
title: Failed
282304
description: List of unsuccessfully quarantined hosts
283-
type: "[]quarantine_multiple_error"
284-
example: [{"hostname": "abcdef123", "error": "Hostname could not be found"}]
305+
type: '[]quarantine_multiple_error'
306+
example: [{hostname: abcdef123, error: Hostname could not be found}]
285307
required: false
286308
completed:
287309
title: Completed
288310
description: List of successfully quarantined hosts
289-
type: "[]string"
290-
example: ["abcdef123"]
311+
type: '[]string'
312+
example: [abcdef123]
291313
required: false
292314
get_agent_details:
293315
title: Get Agent Details
294-
description: Find and display detailed information about a device. If additional pages of agents are available, the action should be run again with the returned next cursor
316+
description: Find and display detailed information about a device. If additional
317+
pages of agents are available, the action should be run again with the returned
318+
next cursor
295319
input:
296320
agent:
297321
title: Agent
298-
description: IP address, MAC address, or hostname of the device to get information from
322+
description: IP address, MAC address, or hostname of the device to get information
323+
from
299324
type: string
300325
required: true
301326
example: Example-Hostname
302327
next_cursor:
303328
title: Next Cursor
304-
description: The next page cursor to continue an existing query and search additional pages of agents
329+
description: The next page cursor to continue an existing query and search
330+
additional pages of agents
305331
type: string
306332
required: false
307333
example: 9de5069c5afe602b2ea0a04b66beb2c0
@@ -314,36 +340,43 @@ actions:
314340
required: false
315341
next_cursor:
316342
title: Next Cursor
317-
description: The next page cursor, if available, to continue the query and search additional pages of agents
343+
description: The next page cursor, if available, to continue the query and
344+
search additional pages of agents
318345
type: string
319346
required: false
320347
example: 9de5069c5afe602b2ea0a04b66beb2c0
321348
get_all_agents_by_ip:
322349
title: Get All Agents by IP Address
323-
description: This action is used to find all agents that share the same public or private IP address and display details about them. If additional pages of agents are available, the action should be run again with the returned next cursor
350+
description: This action is used to find all agents that share the same public
351+
or private IP address and display details about them. If additional pages of
352+
agents are available, the action should be run again with the returned next
353+
cursor
324354
input:
325355
ip_address:
326356
title: IP Address
327-
description: The public or private IP address for all the agents to be searched for
357+
description: The public or private IP address for all the agents to be searched
358+
for
328359
type: string
329360
required: true
330361
example: 192.168.0.1
331362
next_cursor:
332363
title: Next Cursor
333-
description: The next page cursor to continue an existing query and search additional pages of agents
364+
description: The next page cursor to continue an existing query and search
365+
additional pages of agents
334366
type: string
335367
required: false
336368
example: 9de5069c5afe602b2ea0a04b66beb2c0
337369
output:
338370
agents:
339371
title: Agents
340372
description: The list of all found agents
341-
type: "[]agent"
373+
type: '[]agent'
342374
example: '[[{"id":"ExampleID1","platform":"linux","publicIpAddress":"192.168.0.2","host":{"vendor":"Ubuntu","version":"20.04","description":"ExampleDescription1","hostNames":[{"name":"ExampleHostname1"}],"primaryAddress":{"ip":"10.20.30.40","mac":"00:11:22:33:44:55"},"uniqueIdentity":["1234567890"],"attributes":["attribute1","attribute2"]},"agent_info":{"agentSemanticVersion":"ExampleVersion1","agentStatus":"ACTIVE","quarantineState":{"currentState":"QUARANTINED"}}},{"id":"ExampleID2","platform":"mac","publicIpAddress":"192.168.0.3","host":{"vendor":"Apple","version":"11","description":"ExampleDescription2","hostNames":[{"name":"ExampleHostname2"}],"primaryAddress":{"ip":"50.60.70.80","mac":"AA:BB:CC:DD:EE:FF"},"uniqueIdentity":["0987654321"],"attributes":["attribute3","attribute4"]},"agent_info":{"agentSemanticVersion":"ExampleVersion2","agentStatus":"INACTIVE","quarantineState":{"currentState":"QUARANTINED"}}},{"id":"ExampleID3","platform":"windows","publicIpAddress":"192.168.0.4","host":{"vendor":"Microsoft","version":"11","description":"ExampleDescription3","hostNames":[{"name":"ExampleHostname3"}],"primaryAddress":{"ip":"90.80.70.60","mac":"11:22:33:44:55:66"},"uniqueIdentity":["2468135790"],"attributes":["attribute5","attribute6"]},"agent_info":{"agentSemanticVersion":"ExampleVersion3","agentStatus":"STALE","quarantineState":{"currentState":"QUARANTINED"}}}]]'
343375
required: false
344376
next_cursor:
345377
title: Next Cursor
346-
description: The next page cursor, if available, to continue the query and search additional pages of agents
378+
description: The next page cursor, if available, to continue the query and
379+
search additional pages of agents
347380
type: string
348381
required: false
349382
example: 9de5069c5afe602b2ea0a04b66beb2c0
@@ -368,7 +401,8 @@ actions:
368401
order: 2
369402
interval:
370403
title: Interval
371-
description: Length of time in seconds to try to take action on a device. This is also called Advertisement Period
404+
description: Length of time in seconds to try to take action on a device.
405+
This is also called Advertisement Period
372406
type: int
373407
default: 604800
374408
example: 604800
@@ -411,7 +445,8 @@ actions:
411445
required: true
412446
is_asset_online:
413447
title: Is Asset Online
414-
description: Indicates that the agent is connected to the Insight platform. This means the device is powered on and is connected to Rapid7
448+
description: Indicates that the agent is connected to the Insight platform.
449+
This means the device is powered on and is connected to Rapid7
415450
type: boolean
416451
example: true
417452
required: true

plugins/rapid7_insight_agent/setup.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33

44

55
setup(name="rapid7_insight_agent-rapid7-plugin",
6-
version="3.0.2",
6+
version="3.0.3",
77
description="Using the Insight Agent plugin from InsightConnect, you can quarantine, unquarantine and monitor potentially malicious IPs, addresses, hostnames, and devices across your organization",
88
author="rapid7",
99
author_email="",

0 commit comments

Comments
 (0)