Skip to content

Commit

Permalink
Sapi siem integration (#149)
Browse files Browse the repository at this point in the history
* Fix integration name with spaces and add SAP SIEM integration and auth keys

* Add SAP SIEM integration router

* Refactor auth key extraction for Mimecast and SAP SIEM integrations

* Refactor SAP SIEM route and collect SAP SIEM request

* Refactor SAP SIEM integration code to support multiple API keys

* Add SAP SIEM schema and services for collecting and checking suspicious logins

* Add event_timestamp and case_created fields to Result model and SapSiemSource model

* Update index name in find_suscpicious_logins function

* Refactor fetch_and_validate_data function to accept keyword arguments

* Add asset schema and update case with asset information

* Remove temporary code for testing

* Add customer_code field to SapSiemSource and SuspiciousLogin models

* Add errDetails field to SapSiemSource and SuspiciousLogin models

* Add SAP SIEM suspicious logins analysis route

* Add scroll functionality for retrieving search results

* Add event_analyzed flag to Elasticsearch document

* Add SAP SIEM multiple logins analysis route

* Convert loginID to lowercase before adding to ip_to_login_ids

* Add event_analyzed_multiple_logins field to Result class

* Add SapSiemMultipleLogins model and update sap_siem_multiple_logins_same_ip function

* Refactor code to improve performance and readability

* Add function to update event_analyzed_multiple_logins flag in Elasticsearch document

* Add update_event_analyzed_multiple_logins_flag function call

* Update customer code and handle exception in sap_siem_multiple_logins.py

* docs

* precommit fixes

* Update SAP SIEM integration and scheduler***

* Add new columns to existing tables

* Add optional extra_data parameter to update_job function

* Add optional threshold parameter to run_sap_siem_suspicious_logins_analysis and run_sap_siem_multiple_logins_same_ip_analysis

* Refactor invoke_sap_siem_integration_suspicious_logins_analysis() to use a default threshold value

* Add scheduler jobs for SAP SIEM integration

* Fix scroll clearing in SAP SIEM services

* grafana sap siem user dashboard

* Add SapSiemDashboard and provision_sap_siem function

* Update SapSiemDashboard enum and provision function

* Grafana dashboard change

* Remove alert creation provisiong from connectors table

* Update docker-compose.yml to version v0.0.3
  • Loading branch information
taylorwalton authored Feb 14, 2024
1 parent 180a767 commit 094753d
Show file tree
Hide file tree
Showing 32 changed files with 4,531 additions and 42 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ systemctl restart docker

```bash
# Clone the CoPilot repository
wget https://raw.githubusercontent.com/socfortress/CoPilot/v0.0.2/docker-compose.yml
wget https://raw.githubusercontent.com/socfortress/CoPilot/v0.0.3/docker-compose.yml

# Edit the docker-compose.yml file to set the server name and/or the services you want to use

Expand Down
9 changes: 5 additions & 4 deletions backend/app/connectors/dfir_iris/utils/universal.py
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,7 @@ async def fetch_and_parse_data(
session: ClientSession,
action: Callable,
*args,
**kwargs: Optional[Any],
) -> Dict[str, Union[bool, Optional[Dict]]]:
"""
Fetches and parses data from DFIR-IRIS using a specified action.
Expand All @@ -122,8 +123,8 @@ async def fetch_and_parse_data(
dict: A dictionary containing the success status and either the fetched data or None if the operation was unsuccessful.
"""
try:
logger.info(f"Executing {action.__name__}... on args: {args}")
status = action(*args)
logger.info(f"Executing {action.__name__}... on args: {args} and kwargs: {kwargs}")
status = action(*args, **kwargs)
assert_api_resp(status, soft_fail=False)
data = get_data_from_resp(status)
logger.info(f"Successfully executed {action.__name__}")
Expand Down Expand Up @@ -223,7 +224,7 @@ def handle_error(error_message: str, status_code: int = 500):
raise HTTPException(status_code=status_code, detail=error_message)


async def fetch_and_validate_data(client: Any, func: Callable, *args: Any) -> Dict:
async def fetch_and_validate_data(client: Any, func: Callable, *args: Any, **kwargs: Optional[Any]) -> Dict:
"""
Fetches and validates data using the provided client, function, and arguments.
Expand All @@ -238,7 +239,7 @@ async def fetch_and_validate_data(client: Any, func: Callable, *args: Any) -> Di
Raises:
Exception: If the data fetching fails.
"""
result = await fetch_and_parse_data(client, func, *args)
result = await fetch_and_parse_data(client, func, *args, **kwargs)
if not result["success"]:
handle_error(f"Failed to fetch data: {result['message']}")
return result
Expand Down
Loading

0 comments on commit 094753d

Please sign in to comment.