[domaintools]: fix connector problems

Author: mariot

internal-enrichment/domaintools/__metadata__/connector_config_schema.json

@@ -20,7 +20,10 @@
       "type": "string"
     },
     "CONNECTOR_SCOPE": {
-      "description": "The scope of the connector, e.g. 'flashpoint'.",
+      "default": [
+        "Domain-Name,Ipv4-Addr"
+      ],
+      "description": "The scope of the connector.",
       "items": {
         "type": "string"
       },
@@ -49,12 +52,10 @@
       "type": "boolean"
     },
     "DOMAINTOOLS_API_USERNAME": {
-      "default": "ChangeMe",
       "description": "The username required for the authentication on DomainTools API.",
       "type": "string"
     },
     "DOMAINTOOLS_API_KEY": {
-      "default": "ChangeMe",
       "description": "The password required for the authentication on DomainTools API.",
       "format": "password",
       "type": "string",
@@ -69,7 +70,8 @@
   "required": [
     "OPENCTI_URL",
     "OPENCTI_TOKEN",
-    "CONNECTOR_SCOPE"
+    "DOMAINTOOLS_API_USERNAME",
+    "DOMAINTOOLS_API_KEY"
   ],
   "additionalProperties": true
 }

internal-enrichment/domaintools/docker-compose.yml

@@ -1,15 +1,15 @@
-version: '3'
 services:
   connector-domaintools:
     image: opencti/connector-domaintools:latest
     environment:
       - OPENCTI_URL=http://localhost
       - OPENCTI_TOKEN=ChangeMe
       - CONNECTOR_ID=ChangeMe
-      - CONNECTOR_NAME=DomainTools
-      - CONNECTOR_SCOPE=Domain-Name,Ipv4-Addr
-      - CONNECTOR_AUTO=false # Enable/disable auto-enrichment of observables
+      #- CONNECTOR_LOG_LEVEL=info
+      #- CONNECTOR_NAME=DomainTools
+      #- CONNECTOR_SCOPE=Domain-Name,Ipv4-Addr
+      #- CONNECTOR_AUTO=false # Enable/disable auto-enrichment of observables
       - DOMAINTOOLS_API_USERNAME=ChangeMe
       - DOMAINTOOLS_API_KEY=ChangeMe
-      - DOMAINTOOLS_MAX_TLP=TLP:AMBER
+      #- DOMAINTOOLS_MAX_TLP=TLP:AMBER
     restart: always

internal-enrichment/domaintools/src/config.yml.sample

@@ -4,14 +4,12 @@ opencti:
 
 connector:
   id: 'ChangeMe'
-  type: 'INTERNAL_ENRICHMENT'
-  name: 'DomainTools'
-  scope: 'Domain-Name,Ipv4-Addr'
-  auto: false # Enable/disable auto-enrichment of observables
-  confidence_level: 80 # From 0 (Unknown) to 100 (Fully trusted)
-  log_level: 'info'
+  #name: 'DomainTools'
+  #scope: 'Domain-Name,Ipv4-Addr'
+  #auto: false # Enable/disable auto-enrichment of observables
+  #log_level: 'info'
 
 domaintools:
   api_username: 'ChangeMe'
   api_key: 'ChangeMe'
-  max_tlp: 'TLP:AMBER'
+  #max_tlp: 'TLP:AMBER'

internal-enrichment/domaintools/src/connector/__init__.py

@@ -1,6 +1,6 @@
 """DomainTools connector module."""
 
-from connector.connector import DomainToolsConnector
-from connector.settings import ConnectorSettings
+from .connector import DomainToolsConnector
+from .settings import ConnectorSettings
 
 __all__ = ["DomainToolsConnector", "ConnectorSettings"]

internal-enrichment/domaintools/src/connector/builder.py

@@ -6,6 +6,7 @@
 
 import stix2
 import validators
+from connectors_sdk.models import OrganizationAuthor
 from pycti import STIX_EXT_OCTI_SCO, OpenCTIConnectorHelper, StixCoreRelationship
 
 from .constants import EntityType
@@ -18,16 +19,16 @@ class DtBuilder:
     """
 
     def __init__(
-        self, helper: OpenCTIConnectorHelper, author: stix2.Identity, stix_objects: []
+        self, helper: OpenCTIConnectorHelper, author: OrganizationAuthor, stix_objects
     ):
         """Initialize DtBuilder."""
         self.helper = helper
         self.author = author
 
         # Use custom properties to set the author and the confidence level of the object.
         self.extensions = {}
-        self.extensions[STIX_EXT_OCTI_SCO] = {"created_by_ref": author["id"]}
-        self.bundle = stix_objects + [self.author]
+        self.extensions[STIX_EXT_OCTI_SCO] = {"created_by_ref": author.id}
+        self.bundle = stix_objects + [self.author.to_stix2_object()]
 
     def reset_score(self):
         """Reset the score used."""
@@ -263,8 +264,7 @@ def create_relationship(
             Created relationship.
         """
         kwargs = {
-            "created_by_ref": self.author,
-            "confidence": self.helper.connect_confidence_level,
+            "created_by_ref": self.author.id,
         }
         if description is not None:
             kwargs["description"] = description

internal-enrichment/domaintools/src/connector/connector.py

@@ -4,10 +4,9 @@
 from typing import Dict
 
 import domaintools
-import stix2
 import validators
-from connector.settings import ConnectorSettings
-from pycti import Identity, OpenCTIConnectorHelper
+from connectors_sdk.models import OrganizationAuthor
+from pycti import OpenCTIConnectorHelper
 
 from .builder import DtBuilder
 from .constants import DEFAULT_RISK_SCORE, DOMAIN_FIELDS, EMAIL_FIELDS, EntityType
@@ -19,19 +18,19 @@ class DomainToolsConnector:
     _DEFAULT_AUTHOR = "DomainTools"
     _CONNECTOR_RUN_INTERVAL_SEC = 60 * 60
 
-    def __init__(self, config: ConnectorSettings, helper: OpenCTIConnectorHelper):
+    def __init__(self, config, helper: OpenCTIConnectorHelper):
         self.config = config
         self.helper = helper
-        self.api = domaintools.API(
-            self.config.domaintools.api_username, self.config.domaintools.api_key
+        self.api = domaintools.api.API(
+            self.config.domaintools.api_username,
+            self.config.domaintools.api_key.get_secret_value(),
         )
         self.max_tlp = self.config.domaintools.max_tlp
-        self.author = stix2.Identity(
-            id=Identity.generate_id(self._DEFAULT_AUTHOR, "organization"),
+        self.author = OrganizationAuthor(
             name=self._DEFAULT_AUTHOR,
-            identity_class="organization",
-            description=" DomainTools is a leading provider of Whois and other DNS profile data for threat intelligence enrichment. It is a part of the Datacenter Group (DCL Group SA). DomainTools data helps security analysts investigate malicious activity on their networks.",
-            confidence=self.helper.connect_confidence_level,
+            description="DomainTools is a leading provider of Whois and other DNS profile data for "
+            "threat intelligence enrichment. It is a part of the Datacenter Group (DCL Group SA). "
+            "DomainTools data helps security analysts investigate malicious activity on their networks.",
         )
         self.helper.metric.state("idle")
 

internal-enrichment/domaintools/src/connector/settings.py

@@ -2,6 +2,7 @@
     BaseConfigModel,
     BaseConnectorSettings,
     BaseInternalEnrichmentConnectorConfig,
+    ListFromString,
 )
 from pydantic import Field, SecretStr
 
@@ -16,6 +17,10 @@ class InternalEnrichmentConnectorConfig(BaseInternalEnrichmentConnectorConfig):
         description="The name of the connector.",
         default="Domaintools",
     )
+    scope: ListFromString = Field(
+        description="The scope of the connector.",
+        default=["Domain-Name,Ipv4-Addr"],
+    )
 
 
 class DomaintoolsConfig(BaseConfigModel):
@@ -25,11 +30,9 @@ class DomaintoolsConfig(BaseConfigModel):
 
     api_username: str = Field(
         description="The username required for the authentication on DomainTools API.",
-        default="ChangeMe",
     )
     api_key: SecretStr = Field(
         description="The password required for the authentication on DomainTools API.",
-        default="ChangeMe",
     )
     max_tlp: str = Field(
         description="The maximal TLP of the observable being enriched.",

internal-enrichment/domaintools/src/main.py

@@ -1,6 +1,7 @@
 import traceback
 
-from connector import ConnectorSettings, DomainToolsConnector
+from connector.connector import DomainToolsConnector
+from connector.settings import ConnectorSettings
 from pycti import OpenCTIConnectorHelper
 
 if __name__ == "__main__":