[urlscan-enrichment]: set to manager supported (#5434)

Co-authored-by: Romain GUIGNARD <romain.guignard@filigran.io>

Author: mariot

internal-enrichment/urlscan-enrichment/__metadata__/CONNECTOR_CONFIG_DOC.md

@@ -8,12 +8,12 @@ Below is an exhaustive enumeration of all configurable parameters available, eac
 | -------- | ---- | -------- | --------------- | ------- | ----------- |
 | OPENCTI_URL | `string` | ✅ | Format: [`uri`](https://json-schema.org/understanding-json-schema/reference/string#built-in-formats) |  | The base URL of the OpenCTI instance. |
 | OPENCTI_TOKEN | `string` | ✅ | string |  | The API token to connect to OpenCTI. |
+| URLSCAN_ENRICHMENT_API_KEY | `string` | ✅ | Format: [`password`](https://json-schema.org/understanding-json-schema/reference/string#built-in-formats) |  | URLScan API Key |
 | CONNECTOR_NAME | `string` |  | string | `"Urlscan Enrichment"` | The name of the connector. |
 | CONNECTOR_SCOPE | `array` |  | string | `["url", "ipv4-addr", "ipv6-addr"]` | The scope of the connector. Availables: `url or hostname or domain-name` (scope-submission), `ipv4-addr` and `ipv6-addr` (scope-search) |
 | CONNECTOR_LOG_LEVEL | `string` |  | `debug` `info` `warn` `warning` `error` | `"error"` | The minimum level of logs to display. |
 | CONNECTOR_TYPE | `const` |  | `INTERNAL_ENRICHMENT` | `"INTERNAL_ENRICHMENT"` |  |
 | CONNECTOR_AUTO | `boolean` |  | boolean | `false` | Whether the connector should run automatically when an entity is created or updated. |
-| URLSCAN_ENRICHMENT_API_KEY | `string` |  | Format: [`password`](https://json-schema.org/understanding-json-schema/reference/string#built-in-formats) | `null` | URLScan API Key |
 | URLSCAN_ENRICHMENT_IMPORT_SCREENSHOT | `boolean` |  | boolean | `true` | Allows or not the import of the screenshot of the scan submitted in URLScan to OpenCTI. |
 | URLSCAN_ENRICHMENT_VISIBILITY | `string` |  | `public` `unlisted` `private` | `"public"` | URLScan offers several levels of visibility for submitted scans: `public`, `unlisted`, `private` |
 | URLSCAN_ENRICHMENT_SEARCH_FILTERED_BY_DATE | `string` |  | string | `">now-1y"` | Allows you to filter by date available: `>now-1h`, `>now-1d`, `>now-1y`, `[2022 TO 2023]`, `[2022/01/01 TO 2023/12/01]` |

internal-enrichment/urlscan-enrichment/__metadata__/connector_config_schema.json

@@ -54,7 +54,6 @@
       "type": "boolean"
     },
     "URLSCAN_ENRICHMENT_API_KEY": {
-      "default": null,
       "description": "URLScan API Key",
       "format": "password",
       "type": "string",
@@ -101,7 +100,8 @@
   },
   "required": [
     "OPENCTI_URL",
-    "OPENCTI_TOKEN"
+    "OPENCTI_TOKEN",
+    "URLSCAN_ENRICHMENT_API_KEY"
   ],
   "additionalProperties": true
 }

internal-enrichment/urlscan-enrichment/__metadata__/connector_manifest.json

@@ -1,7 +1,7 @@
 {
   "title": "URLScan Enrichment",
   "slug": "urlscan-enrichment",
-  "description": "FIRST's Exploit Prediction Scoring System (EPSS) is an open model designed to predict the likelihood of a vulnerability being exploited in the wild. By providing a score for each vulnerability, EPSS helps organizations prioritize vulnerability management efforts based on the potential risk and impact. \n\nThe integration of FIRST EPSS with OpenCTI enables the automatic enrichment of vulnerabilities with EPSS information provided by FIRST (the global Forum of Incident Response and Security Teams). The integration enriches vulnerabilities with EPSS score and percentile.",
+  "description": "URLScan is an online service that allows you to scan URLs to analyze and detect potential security threats. It provides a platform where users can submit links to be scanned to obtain information about the page's content, loaded external resources, potential threats, and other relevant security details.\n\nThe integration of URLScan with OpenCTI enables the automatic enrichment and analysis of IP addresses and URLs.",
   "short_description": "URLScan is an online service that allows you to scan URLs to analyze and detect potential security threats. It provides a platform where users can submit links to be scanned to obtain information about the page's content, loaded external resources, potential threats, and other relevant security details.\n\nThe integration of URLScan with OpenCTI enables the automatic enrichment and analysis of IP addresses and URLs.",
   "logo": "internal-enrichment/urlscan-enrichment/__metadata__/logo.png",
   "use_cases": [
@@ -14,7 +14,7 @@
   "support_version": ">= 6.0.7",
   "subscription_link": "https://urlscan.io",
   "source_code": "https://github.com/OpenCTI-Platform/connectors/tree/oob/connector_manager/internal-enrichment/urlscan-enrichment",
-  "manager_supported": false,
+  "manager_supported": true,
   "container_version": "rolling",
   "container_image": "opencti/connector-urlscan-enrichment",
   "container_type": "INTERNAL_ENRICHMENT"

internal-enrichment/urlscan-enrichment/docker-compose.yml

@@ -1,19 +1,18 @@
-version: '3'
 services:
   connector-urlscan-enrichment:
     image: opencti/connector-urlscan-enrichment:latest
     environment:
       - OPENCTI_URL=http://localhost
       - OPENCTI_TOKEN=ChangeMe
-      - CONNECTOR_ID=496df155-c2f0-43b3-ab46-4352e68989d8 # Optional (default: '496df155-c2f0-43b3-ab46-4352e68989d8')
-      - CONNECTOR_NAME=UrlScan # Optional (default: 'Urlscan Enrichment')
-      - CONNECTOR_SCOPE=url,ipv4-addr,ipv6-addr # Optional (default: 'url,ipv4-addr,ipv6-addr')
-      - CONNECTOR_AUTO=false # Optional (default: false)
-      - CONNECTOR_LOG_LEVEL=error # Optional (default: 'error')
-      - URLSCAN_ENRICHMENT_API_KEY= # Optional (default: empty)
-      - URLSCAN_ENRICHMENT_IMPORT_SCREENSHOT=false # Optional (default: true)
-      - URLSCAN_ENRICHMENT_VISIBILITY=public # Optional (default: 'public')
-      - URLSCAN_ENRICHMENT_SEARCH_FILTERED_BY_DATE=>now-2d # Optional (default: '>now-1d')
-      - URLSCAN_ENRICHMENT_MAX_TLP=TLP:AMBER # Optional (default: 'TLP:AMBER')
-      - URLSCAN_ENRICHMENT_CREATE_INDICATOR=true # Optional (default: true)
+      #- CONNECTOR_ID=496df155-c2f0-43b3-ab46-4352e68989d8 # Optional (default: '496df155-c2f0-43b3-ab46-4352e68989d8')
+      #- CONNECTOR_NAME=UrlScan # Optional (default: 'Urlscan Enrichment')
+      #- CONNECTOR_SCOPE=url,ipv4-addr,ipv6-addr # Optional (default: 'url,ipv4-addr,ipv6-addr')
+      #- CONNECTOR_AUTO=false # Optional (default: false)
+      #- CONNECTOR_LOG_LEVEL=error # Optional (default: 'error')
+      #- URLSCAN_ENRICHMENT_API_KEY= # Optional (default: empty)
+      #- URLSCAN_ENRICHMENT_IMPORT_SCREENSHOT=false # Optional (default: true)
+      #- URLSCAN_ENRICHMENT_VISIBILITY=public # Optional (default: 'public')
+      #- URLSCAN_ENRICHMENT_SEARCH_FILTERED_BY_DATE=>now-2d # Optional (default: '>now-1d')
+      #- URLSCAN_ENRICHMENT_MAX_TLP=TLP:AMBER # Optional (default: 'TLP:AMBER')
+      #- URLSCAN_ENRICHMENT_CREATE_INDICATOR=true # Optional (default: true)
     restart: always

internal-enrichment/urlscan-enrichment/src/config.yml.sample

@@ -3,16 +3,16 @@ opencti:
   token: "ChangeMe"
 
 connector:
-  id: "496df155-c2f0-43b3-ab46-4352e68989d8" # Optional (default: '496df155-c2f0-43b3-ab46-4352e68989d8')
-  name: "UrlScan" # Optional (default: 'Urlscan Enrichment')
-  scope: "url,ipv4-addr,ipv6-addr" # Optional (default: 'url,ipv4-addr,ipv6-addr')
-  auto: false # Optional (default: false)
-  log_level: "error" # Optional (default: 'error')
+  #id: "496df155-c2f0-43b3-ab46-4352e68989d8" # Optional (default: '496df155-c2f0-43b3-ab46-4352e68989d8')
+  #name: "UrlScan" # Optional (default: 'Urlscan Enrichment')
+  #scope: "url,ipv4-addr,ipv6-addr" # Optional (default: 'url,ipv4-addr,ipv6-addr')
+  #auto: false # Optional (default: false)
+  #log_level: "error" # Optional (default: 'error')
 
 urlscan_enrichment:
-  api_key: null # Optional (default: null)
-  import_screenshot: false # Optional (default: true)
-  visibility: "public" # Optional (default: 'public')
-  search_filtered_by_date: ">now-2d" # Optional (default: '>now-1d')
-  max_tlp: "TLP:AMBER" # Optional (default: 'TLP:AMBER')
-  create_indicator: true # Optional (default: true)
+  #api_key: null # Optional (default: null)
+  #import_screenshot: false # Optional (default: true)
+  #visibility: "public" # Optional (default: 'public')
+  #search_filtered_by_date: ">now-2d" # Optional (default: '>now-1d')
+  #max_tlp: "TLP:AMBER" # Optional (default: 'TLP:AMBER')
+  #create_indicator: true # Optional (default: true)

internal-enrichment/urlscan-enrichment/src/urlscan_enrichment_services/connector.py

@@ -19,11 +19,7 @@ def __init__(self, config: ConnectorSettings, helper: OpenCTIConnectorHelper):
 
         self.client = UrlscanClient(
             self.helper,
-            api_key=(
-                self.config.urlscan_enrichment.api_key.get_secret_value()
-                if self.config.urlscan_enrichment.api_key
-                else None
-            ),
+            api_key=self.config.urlscan_enrichment.api_key.get_secret_value(),
             default_scan_visibility=self.config.urlscan_enrichment.visibility,
         )
         self.converter = UrlscanConverter(

internal-enrichment/urlscan-enrichment/src/urlscan_enrichment_services/settings.py

@@ -35,9 +35,8 @@ class UrlscanEnrichmentConfig(BaseConfigModel):
     Define parameters and/or defaults for the configuration specific to the `UrlscanEnrichmentConnector`.
     """
 
-    api_key: SecretStr | None = Field(
+    api_key: SecretStr = Field(
         description="URLScan API Key",
-        default=None,
     )
     import_screenshot: bool = Field(
         description="Allows or not the import of the screenshot of the scan submitted in URLScan to OpenCTI.",

internal-enrichment/urlscan-enrichment/tests/tests_connector/test_settings.py

@@ -39,7 +39,9 @@
                     "token": "test-token",
                 },
                 "connector": {},
-                "urlscan_enrichment": {},
+                "urlscan_enrichment": {
+                    "api_key": "test-api-key",
+                },
             },
             id="minimal_valid_settings_dict",
         ),