Merge pull request #7 from splunk-soar-connectors/next

Merging next to main for release 2.3.0

.github/workflows/linting.yml

@@ -1,7 +1,7 @@
 name: Linting
 on: [push, pull_request]
 jobs:
-  lint: 
+  lint:
     # Run per push for internal contributers. This isn't possible for forked pull requests,
     # so we'll need to run on PR events for external contributers.
     # String comparison below is case insensitive.

.github/workflows/semgrep.yml

@@ -1,5 +1,5 @@
 name: Semgrep
-on: 
+on:
   pull_request_target:
     branches:
       - next
@@ -21,8 +21,8 @@ jobs:
         echo "REPOSITORY=${{ github.event.pull_request.head.repo.full_name }}" >> $GITHUB_ENV
         echo "REF=${{ github.event.pull_request.head.ref }}" >> $GITHUB_ENV
      - uses: 'phantomcyber/dev-cicd-tools/github-actions/semgrep@main'
-       with: 
+       with:
         SEMGREP_DEPLOYMENT_ID: ${{ secrets.SEMGREP_DEPLOYMENT_ID }}
         SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
-        REPOSITORY: ${{ github.repository }} 
+        REPOSITORY: ${{ github.repository }}
         REF: ${{ github.ref }}

.github/workflows/start-release.yml

@@ -1,9 +1,13 @@
 name: Start Release
-on: workflow_dispatch
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - '*-beta*'
 jobs:
   start-release:
     runs-on: ubuntu-latest
     steps:
      - uses: 'phantomcyber/dev-cicd-tools/github-actions/start-release@main'
        with:
-         GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}
+         GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}

.pre-commit-config.yaml

@@ -1,11 +1,11 @@
 repos:
 -   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.6
+    rev: v1.11
     hooks:
     -   id: org-hook
     -   id: package-app-dependencies
 -   repo: https://github.com/Yelp/detect-secrets
-    rev: v1.1.0
+    rev: v1.2.0
     hooks:
     -   id: detect-secrets
         args: ['--no-verify', '--exclude-files', '^zscaler.json$']

README.md

@@ -2,11 +2,11 @@
 # Zscaler
 
 Publisher: Splunk  
-Connector Version: 2\.2\.2  
+Connector Version: 2\.3\.0  
 Product Vendor: Zscaler  
 Product Name: Zscaler  
 Product Version Supported (regex): "\.\*"  
-Minimum Product Version: 5\.0\.0  
+Minimum Product Version: 5\.1\.0  
 
 This app implements containment and investigative actions on Zscaler
 
@@ -61,7 +61,7 @@ The above steps would help run the Lookup URL action as expected.
 The Sandbox Submission API requires a separate API key and uses a different host
 (csbapi.\[zscaler-cloud-name\]). For the **submit_file** action, the **sandbox_base_url** and
 **sandbox_api_token** asset configuration parameters should be configured. These two asset
-parameters, wont affect test_connectivity. Follow the below steps to fetch these credentials for the
+parameters won't affect test_connectivity. Follow the below steps to fetch these credentials for the
 **submit_file** action
 
 -   Log in to the ZIA Admin Portal using your **admin** credentials.
@@ -115,6 +115,7 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION
 [lookup ip](#action-lookup-ip) - Lookup the categories related to an IP  
 [lookup url](#action-lookup-url) - Lookup the categories related to a URL  
 [submit file](#action-submit-file) - Submit a file to Zscaler Sandbox  
+[get admin users](#action-get-admin-users) - Get a list of admin users  
 
 ## action: 'test connectivity'
 Validate the asset configuration for connectivity using supplied configuration
@@ -540,14 +541,47 @@ DATA PATH | TYPE | CONTAINS
 action\_result\.status | string | 
 action\_result\.parameter\.vault\_id | string |  `vault id`  `sha1` 
 action\_result\.parameter\.force | boolean | 
-action\_result\.summary | string | 
-action\_result\.message | string | 
-summary\.total\_objects | numeric | 
-summary\.total\_objects\_successful | numeric | 
 action\_result\.data\.\*\.md5 | string |  `md5` 
 action\_result\.data\.\*\.code | numeric | 
 action\_result\.data\.\*\.message | string | 
 action\_result\.data\.\*\.fileType | string | 
 action\_result\.data\.\*\.virusName | string | 
 action\_result\.data\.\*\.virusType | string | 
-action\_result\.data\.\*\.sandboxSubmission | string | 
+action\_result\.data\.\*\.sandboxSubmission | string | 
+action\_result\.summary | string | 
+action\_result\.message | string | 
+summary\.total\_objects | numeric | 
+summary\.total\_objects\_successful | numeric |   
+
+## action: 'get admin users'
+Get a list of admin users
+
+Type: **investigate**  
+Read only: **True**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**limit** |  optional  | Maximum number of records to fetch | numeric | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS
+--------- | ---- | --------
+action\_result\.status | string | 
+action\_result\.parameter\.limit | numeric | 
+action\_result\.data\.\*\.id | string | 
+action\_result\.data\.\*\.loginName | string | 
+action\_result\.data\.\*\.userName | string | 
+action\_result\.data\.\*\.email | string | 
+action\_result\.data\.\*\.role\.id | string | 
+action\_result\.data\.\*\.role\.name | string | 
+action\_result\.data\.\*\.role\.extensions\.adminRank | string | 
+action\_result\.data\.\*\.role\.extensions\.roleType | string | 
+action\_result\.data\.\*\.adminScopeType | string | 
+action\_result\.data\.\*\.isNonEditable | boolean | 
+action\_result\.data\.\*\.isPasswordLoginAllowed | boolean | 
+action\_result\.data\.\*\.pwdLastModifiedTime | numeric | 
+action\_result\.summary\.total\_admin\_users | numeric | 
+action\_result\.message | string | 
+summary\.total\_objects | numeric | 
+summary\.total\_objects\_successful | numeric | 

exclude_files.txt

@@ -3,4 +3,4 @@ docker-compose.yml
 Makefile
 .git*
 whitesource*
-gl-*.csv
+gl-*.csv