Skip to content

Commit

Permalink
Network connectors (#207)
Browse files Browse the repository at this point in the history
* Refactor customer network connector processing in routes.py

* provision fortinet network connector things

* Fix client ID comparison in delete_agent function

* added network connectors api/types

* added external services pages

* add fortinet dashboards

* Add Fortinet dashboard schema and provisioning logic

* Add FortinetDashboard to provision_dashboards function

* Create fortinet dashboards during provisioning

* Refactor code to collect content pack ID by name in Graylog services

* Refactor content pack input ID retrieval in Graylog services

* decomission of network connector

* Update Docker workflow to notify Discord after successful image build and push

* Update Discord webhook version in Docker workflow

* Update branch name in Docker workflow from network-connectors to main

* Update Docker workflow messages for backend and frontend image updates

* Refactor database name format in create_grafana_datasource function

* crowdstrike content pack templates

* crowdstrike integration markdown

* Add Crowdstrike integration and authentication keys

* crowdstrike provisioning things

* provision and decom crowdstrike

* falconhose

* Update branch name in Docker workflow from network-connectors to main

* Add directory creation for customer docker compose and falconhose cfg

* Replace spaces with underscores in customer names

* Replace spaces with underscores in customer names

* Update Docker Compose volume path for CrowdStrike integration

* update o365 dashboards

* Update branch name in Docker workflow from network-connectors to main

* Add get_customer_default_settings_attribute function to provision.py

* build to fix grafana url in office365

* Update branch name in Docker workflow from network-connectors to main

* lower customer code in office365 index creation and grafana datasource creation

* add validator to customer code

* add grafana orgid to provision request for insert to DB

* Fix typo in create_office365_utc_rule function

* updated dependencies

* updated networkConnectors api

* added services components

* updated networkConnectors page

* updated customer integration components

* Update branch name in Docker workflow from network-connectors to main

* updated networkConnectors api/types

* added customer network connectors components

* updated dependencies

* added fortinet form

* move sap siem to modules

* Update branch name in Docker workflow from network-connectors to main

* Update URLs in SAP SIEM integration to use copilot-sap-module instead of localhost

* updated url check

* chore: Update available content packs overview in Graylog provision route

* chore: Refactor decommission network connector route and service

* refactor: Update Elasticsearch index retrieval to include open indices only

* chore: Update IndicesStats model with optional fields for docs_count and store_size

* added decommissionNetworkConnector feature

* chore: Refactor decommission network connector route and service

* precommit fixes

* chore: Update branch name in Docker workflow

---------

Co-authored-by: Davide Di Modica <[email protected]>
  • Loading branch information
taylorwalton and Linko91 authored May 9, 2024
1 parent d8c53b2 commit 0bdc3b6
Show file tree
Hide file tree
Showing 109 changed files with 34,782 additions and 1,904 deletions.
26 changes: 13 additions & 13 deletions .env.example
Original file line number Diff line number Diff line change
Expand Up @@ -13,31 +13,31 @@ ALERT_FORWARDING_IP=0.0.0.0

# Connector Credentials
# ! SETTING UP YOUR CONNECTORS DEMOs https://www.youtube.com/@taylorwalton_socfortress/videos! #
WAZUH_INDEXER_URL=https://1.1.1.1:9200
WAZUH_INDEXER_URL=https://127.1.1.1:9200
WAZUH_INDEXER_USERNAME=admin
WAZUH_INDEXER_PASSWORD=admin

WAZUH_MANAGER_URL=https://1.1.1.1
WAZUH_MANAGER_URL=https://127.1.1.1
WAZUH_MANAGER_USERNAME=dummy
WAZUH_MANAGER_PASSWORD=dummy

GRAYLOG_URL=http://1.1.1.1
GRAYLOG_URL=http://127.1.1.1
GRAYLOG_USERNAME=dummy
GRAYLOG_PASSWORD=dummy

SHUFFLE_URL=https://1.1.1.1
SHUFFLE_URL=https://127.1.1.1
SHUFFLER_API_KEY=dummy

DFIR_IRIS_URL=https://1.1.1.1
DFIR_IRIS_URL=https://127.1.1.1
DFIR_IRIS_API_KEY=dummy

VELOCIRAPTOR_URL=https://1.1.1.1
VELOCIRAPTOR_URL=https://127.1.1.1
VELOCIRAPTOR_API_KEY_PATH=dummy

SUBLIME_URL=http://1.1.1.1
SUBLIME_URL=http://127.1.1.1
SUBLIME_API_KEY=dummy

INFLUXDB_URL=http://1.1.1.1
INFLUXDB_URL=http://127.1.1.1
INFLUXDB_API_KEY=dummy
INFLUXDB_ORG_AND_BUCKET=dummy,dummy

Expand All @@ -47,18 +47,18 @@ ASKSOCFORTRESS_API_KEY=dummy
SOCFORTRESSTHREATINTEL_URL=https://intel.socfortress.co/search
SOCFORTRESSTHREATINTEL_API_KEY=dummy

CORTEX_URL=http://1.1.1.1
CORTEX_URL=http://127.1.1.1
CORTEX_API_KEY=dummy

GRAFANA_URL=http://1.1.1.1
GRAFANA_URL=http://127.1.1.1
GRAFANA_USERNAME=dummy
GRAFANA_PASSWORD=dummy

WAZUH_WORKER_PROVISIONING_URL=http://1.1.1.1
WAZUH_WORKER_PROVISIONING_URL=http://127.1.1.1

EVENT_SHIPPER_URL=graylog_host
GELF_INPUT_PORT=gelf_port

ALERT_CREATION_PROVISIONING_URL=http://1.1.1.1
ALERT_CREATION_PROVISIONING_URL=http://127.1.1.1

HAPROXY_PROVISIONING_URL=http://1.1.1.1
HAPROXY_PROVISIONING_URL=http://127.1.1.1
14 changes: 14 additions & 0 deletions .github/workflows/docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,13 @@ jobs:
build-args: |
COPILOT_API_KEY=${{ secrets.COPILOT_API_KEY }}
- name: Notify Discord
uses: appleboy/[email protected]
with:
webhook_id: ${{ secrets.DISCORD_WEBHOOK_ID }}
webhook_token: ${{ secrets.DISCORD_WEBHOOK_TOKEN }}
message: "Docker image for backend has been updated."

build-frontend:
runs-on: ubuntu-latest

Expand All @@ -54,3 +61,10 @@ jobs:
context: ./frontend
push: true
tags: ghcr.io/socfortress/copilot-frontend:latest

- name: Notify Discord
uses: appleboy/[email protected]
with:
webhook_id: ${{ secrets.DISCORD_WEBHOOK_ID }}
webhook_token: ${{ secrets.DISCORD_WEBHOOK_TOKEN }}
message: "Docker image for frontend has been updated."
4 changes: 0 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -154,10 +154,6 @@ docker compose up -d

Copilot is designed to be a single pane of glass for your security operations. Think of it as a hub for all your security tools. Copilot Connectors are the glue that binds your security tools to Copilot. We take advantage of the APIs and webhooks provided by your security tools to provide a seamless integration.

## Related repositories

- Provision Wazuh Worker Application: [https://github.com/socfortress/Customer-Provisioning-Worker](https://github.com/socfortress/Customer-Provisioning-Worker)

## Help

You can reach us on [Discord](https://discord.gg/UN3pNBzaEQ) or by [📧](mailto:[email protected]) if you have any question, issue or idea!
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
"""Modify network connectors meta table
Revision ID: 16855d538921
Revises: 74a095d63af4
Create Date: 2024-04-28 10:47:04.006263
"""
from typing import Sequence
from typing import Union

import sqlalchemy as sa

from alembic import op

# revision identifiers, used by Alembic.
revision: str = "16855d538921"
down_revision: Union[str, None] = "74a095d63af4"
branch_labels: Union[str, Sequence[str], None] = None
depends_on: Union[str, Sequence[str], None] = None


def upgrade() -> None:
# ### commands auto generated by Alembic - please adjust! ###
op.add_column("customer_network_connectors_meta", sa.Column("graylog_pipeline_id", sa.String(length=1024), nullable=False))
# ### end Alembic commands ###


def downgrade() -> None:
# ### commands auto generated by Alembic - please adjust! ###
op.drop_column("customer_network_connectors_meta", "graylog_pipeline_id")
# ### end Alembic commands ###
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
"""Add content pack ids network connectors meta table
Revision ID: d05281d02b0f
Revises: 16855d538921
Create Date: 2024-05-01 09:35:17.751914
"""
from typing import Sequence
from typing import Union

import sqlalchemy as sa

from alembic import op

# revision identifiers, used by Alembic.
revision: str = "d05281d02b0f"
down_revision: Union[str, None] = "16855d538921"
branch_labels: Union[str, Sequence[str], None] = None
depends_on: Union[str, Sequence[str], None] = None


def upgrade() -> None:
# ### commands auto generated by Alembic - please adjust! ###
op.add_column("customer_network_connectors_meta", sa.Column("graylog_content_pack_input_id", sa.String(length=1024), nullable=False))
op.add_column("customer_network_connectors_meta", sa.Column("graylog_content_pack_stream_id", sa.String(length=1024), nullable=False))
# ### end Alembic commands ###


def downgrade() -> None:
# ### commands auto generated by Alembic - please adjust! ###
op.drop_column("customer_network_connectors_meta", "graylog_content_pack_stream_id")
op.drop_column("customer_network_connectors_meta", "graylog_content_pack_input_id")
# ### end Alembic commands ###
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
"""Add grafana datasource uid to network connectors meta table
Revision ID: ec63589cc24d
Revises: d05281d02b0f
Create Date: 2024-05-01 11:05:15.935826
"""
from typing import Sequence
from typing import Union

import sqlalchemy as sa

from alembic import op

# revision identifiers, used by Alembic.
revision: str = "ec63589cc24d"
down_revision: Union[str, None] = "d05281d02b0f"
branch_labels: Union[str, Sequence[str], None] = None
depends_on: Union[str, Sequence[str], None] = None


def upgrade() -> None:
# ### commands auto generated by Alembic - please adjust! ###
op.add_column("customer_network_connectors_meta", sa.Column("grafana_datasource_uid", sa.String(length=1024), nullable=False))
# ### end Alembic commands ###


def downgrade() -> None:
# ### commands auto generated by Alembic - please adjust! ###
op.drop_column("customer_network_connectors_meta", "grafana_datasource_uid")
# ### end Alembic commands ###
2 changes: 1 addition & 1 deletion backend/app/agents/routes/agents.py
Original file line number Diff line number Diff line change
Expand Up @@ -455,7 +455,7 @@ async def delete_agent(
await delete_agent_wazuh(agent_id)
client_id = await fetch_velociraptor_id(db=session, agent_id=agent_id)
logger.info(f"Client ID: {client_id}")
if client_id != "n/a":
if client_id != "Unknown":
await delete_agent_velociraptor(client_id)
await delete_agent_from_database(db=session, agent_id=agent_id)
return AgentModifyResponse(
Expand Down
Loading

0 comments on commit 0bdc3b6

Please sign in to comment.