splunk-soar-connectors
diff --git a/‎.github/workflows/generate-doc.yml‎
Lines changed: 19 additions & 0 deletions b/‎.github/workflows/generate-doc.yml‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.pre-commit-config.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 213 additions & 33 deletions b/‎README.md‎
Lines changed: 213 additions & 33 deletions
diff --git a/‎readme.html‎
Lines changed: 22 additions & 1 deletion b/‎readme.html‎
Lines changed: 22 additions & 1 deletion
diff --git a/‎release_notes/1.2.0.md‎
Lines changed: 8 additions & 0 deletions b/‎release_notes/1.2.0.md‎
Lines changed: 8 additions & 0 deletions
@@ -0,0 +1,19 @@
+name: Generate Readme Doc
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - '*.json'
+      - 'readme.html'
+    tags-ignore:
+      - '**'
+    branches-ignore:
+      - next
+      - main
+jobs:
+  generate-doc:
+    runs-on: ubuntu-latest
+    steps:
+     - uses: 'phantomcyber/dev-cicd-tools/github-actions/generate-doc@main'
+       with:
+         GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}
@@ -1,6 +1,6 @@
 repos:
 -   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.15
+    rev: v1.16
     hooks:
     -   id: org-hook
     -   id: package-app-dependencies
 
@@ -1,16 +1,36 @@
 [comment]: # "Auto-generated SOAR connector documentation"
 # Sandfly Security
 
-Publisher: Sandfly Security, Ltd\.  
-Connector Version: 1\.0\.1  
+Publisher: Sandfly Security, Ltd.  
+Connector Version: 1.2.0  
 Product Vendor: Sandfly Security  
 Product Name: Sandfly Security Agentless Linux Security  
-Product Version Supported (regex): "\.\*"  
-Minimum Product Version: 5\.4\.0  
-
-Sandfly Security app to trigger system scans and other actions on the Sandfly Server
+Product Version Supported (regex): ".\*"  
+Minimum Product Version: 5.5.0  
 
+Sandfly Security app to gather information, initiate system scans and other actions on the Sandfly Server
 
+[comment]: # " File: README.md"
+[comment]: # ""
+[comment]: # "Copyright (c) Sandfly Security, Ltd., 2023"
+[comment]: # ""
+[comment]: # "This unpublished material is proprietary to Recorded Future. All"
+[comment]: # "rights reserved. The methods and techniques described herein are"
+[comment]: # "considered trade secrets and/or confidential. Reproduction or"
+[comment]: # "distribution, in whole or in part, is forbidden except by express"
+[comment]: # "written permission of Sandfly Security."
+[comment]: # ""
+[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');"
+[comment]: # "you may not use this file except in compliance with the License."
+[comment]: # "You may obtain a copy of the License at"
+[comment]: # ""
+[comment]: # "    http://www.apache.org/licenses/LICENSE-2.0"
+[comment]: # ""
+[comment]: # "Unless required by applicable law or agreed to in writing, software distributed under"
+[comment]: # "the License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,"
+[comment]: # "either express or implied. See the License for the specific language governing permissions"
+[comment]: # "and limitations under the License."
+[comment]: # ""
 ## Authentication
 
 You must have an active Sandfly Security account in order to trigger actions. The account must also
@@ -20,7 +40,7 @@ actions or retrieve the information.
 
 ## Port Information
 
-The app uses HTTP/ HTTPS protocol for communicating with the Cisco Umbrella server. Below are the
+The app uses HTTP/ HTTPS protocol for communicating with the Sandfly Security server. Below are the
 default ports used by Splunk SOAR.
 
 |         Service Name | Transport Protocol | Port |
@@ -40,7 +60,14 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION
 
 ### Supported Actions  
 [test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity using supplied configuration  
-[scan host](#action-scan-host) - Trigger a scan of the specified host  
+[scan host](#action-scan-host) - Run a Sandfly investigation  
+[sandfly full investigation](#action-sandfly-full-investigation) - Run a full Sandfly investigation  
+[sandfly process investigation](#action-sandfly-process-investigation) - Run a Sandfly process investigation  
+[sandfly file investigation](#action-sandfly-file-investigation) - Run a Sandfly file investigation  
+[sandfly directory investigation](#action-sandfly-directory-investigation) - Run a Sandfly directory investigation  
+[sandfly log tamper investigation](#action-sandfly-log-tamper-investigation) - Run a Sandfly log tamper investigation  
+[sandfly user investigation](#action-sandfly-user-investigation) - Run a Sandfly user investigation  
+[sandfly recon investigation](#action-sandfly-recon-investigation) - Run a Sandfly recon investigation  
 
 ## action: 'test connectivity'
 Validate the asset configuration for connectivity using supplied configuration
@@ -55,40 +82,193 @@ No parameters are required for this action
 No Output  
 
 ## action: 'scan host'
-Trigger a scan of the specified host
+Run a Sandfly investigation
+
+Type: **investigate**  
+Read only: **False**
+
+Run a Sandfly investigation against the target host for the selected types.
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**ip_hostname** |  required  | IP or name of the host | string | 
+**directory** |  optional  | Sandfly Type - directory | boolean | 
+**file** |  optional  | Sandfly Type - file | boolean | 
+**incident** |  optional  | Sandfly Type - incident | boolean | 
+**log** |  optional  | Sandfly Type - log | boolean | 
+**policy** |  optional  | Sandfly Type - policy | boolean | 
+**process** |  optional  | Sandfly Type - process | boolean | 
+**recon** |  optional  | Sandfly Type - recon | boolean | 
+**user** |  optional  | Sandfly Type - user | boolean | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.parameter.ip_hostname | string |  |  
+action_result.parameter.directory | boolean |  |  
+action_result.parameter.file | boolean |  |  
+action_result.parameter.incident | boolean |  |  
+action_result.parameter.log | boolean |  |  
+action_result.parameter.policy | boolean |  |  
+action_result.parameter.process | boolean |  |  
+action_result.parameter.recon | boolean |  |  
+action_result.parameter.user | boolean |  |  
+action_result.status | string |  |   success  failed 
+action_result.message | string |  |  
+summary.total_objects | numeric |  |  
+summary.total_objects_successful | numeric |  |    
+
+## action: 'sandfly full investigation'
+Run a full Sandfly investigation
+
+Type: **investigate**  
+Read only: **False**
+
+Run a full Sandfly investigation for all process, file, directory, log, user, incident, policy and recon types.
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**ip_hostname** |  required  | IP or Hostname | string | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.parameter.ip_hostname | string |  |  
+action_result.status | string |  |   success  failed 
+action_result.message | string |  |  
+summary.total_objects | numeric |  |  
+summary.total_objects_successful | numeric |  |    
+
+## action: 'sandfly process investigation'
+Run a Sandfly process investigation
+
+Type: **investigate**  
+Read only: **False**
+
+Run a Sandfly investigation against the target system for the process type.
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**ip_hostname** |  required  | IP or Hostname of the target system | string | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.parameter.ip_hostname | string |  |  
+action_result.status | string |  |   success  failed 
+action_result.message | string |  |  
+summary.total_objects | numeric |  |  
+summary.total_objects_successful | numeric |  |    
+
+## action: 'sandfly file investigation'
+Run a Sandfly file investigation
+
+Type: **investigate**  
+Read only: **False**
+
+Run a Sandfly investigation against the target system for the file type.
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**ip_hostname** |  required  | IP or Hostname of the target system | string | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.parameter.ip_hostname | string |  |  
+action_result.status | string |  |   success  failed 
+action_result.message | string |  |  
+summary.total_objects | numeric |  |  
+summary.total_objects_successful | numeric |  |    
+
+## action: 'sandfly directory investigation'
+Run a Sandfly directory investigation
+
+Type: **investigate**  
+Read only: **False**
+
+Run a Sandfly investigation against the target system for the directory type.
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**ip_hostname** |  required  | IP or Hostname of the target system | string | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.parameter.ip_hostname | string |  |  
+action_result.status | string |  |   success  failed 
+action_result.message | string |  |  
+summary.total_objects | numeric |  |  
+summary.total_objects_successful | numeric |  |    
+
+## action: 'sandfly log tamper investigation'
+Run a Sandfly log tamper investigation
+
+Type: **investigate**  
+Read only: **False**
+
+Run a Sandfly investigation against the target system for the log type.
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**ip_hostname** |  required  | IP or Hostname of the target system | string | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.parameter.ip_hostname | string |  |  
+action_result.status | string |  |   success  failed 
+action_result.message | string |  |  
+summary.total_objects | numeric |  |  
+summary.total_objects_successful | numeric |  |    
+
+## action: 'sandfly user investigation'
+Run a Sandfly user investigation
+
+Type: **investigate**  
+Read only: **False**
+
+Run a Sandfly investigation against the target system for the user type.
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**ip_hostname** |  required  | IP or Hostname of the target system | string | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.parameter.ip_hostname | string |  |  
+action_result.status | string |  |   success  failed 
+action_result.message | string |  |  
+summary.total_objects | numeric |  |  
+summary.total_objects_successful | numeric |  |    
+
+## action: 'sandfly recon investigation'
+Run a Sandfly recon investigation
 
 Type: **investigate**  
 Read only: **False**
 
-Send a request to the Sandfly Server to trigger a scan of the specified host\.
+Run a Sandfly investigation against the target system for the recon type.
 
 #### Action Parameters
 PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 --------- | -------- | ----------- | ---- | --------
-**ip\_hostname** |  required  | IP or name of the host | string | 
-**directory** |  optional  | Sandfly Type \- directory | boolean | 
-**file** |  optional  | Sandfly Type \- file | boolean | 
-**incident** |  optional  | Sandfly Type \- incident | boolean | 
-**log** |  optional  | Sandfly Type \- log | boolean | 
-**policy** |  optional  | Sandfly Type \- policy | boolean | 
-**process** |  optional  | Sandfly Type \- process | boolean | 
-**recon** |  optional  | Sandfly Type \- recon | boolean | 
-**user** |  optional  | Sandfly Type \- user | boolean | 
+**ip_hostname** |  required  | IP or Hostname of the target system | string | 
 
 #### Action Output
 DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
 --------- | ---- | -------- | --------------
-action\_result\.parameter\.ip\_hostname | string |  |  
-action\_result\.parameter\.directory | boolean |  |  
-action\_result\.parameter\.file | boolean |  |  
-action\_result\.parameter\.incident | boolean |  |  
-action\_result\.parameter\.log | boolean |  |  
-action\_result\.parameter\.policy | boolean |  |  
-action\_result\.parameter\.process | boolean |  |  
-action\_result\.parameter\.recon | boolean |  |  
-action\_result\.parameter\.user | boolean |  |  
-action\_result\.data | string |  |  
-action\_result\.status | string |  |   success  failed 
-action\_result\.message | string |  |  
-summary\.total\_objects | numeric |  |  
-summary\.total\_objects\_successful | numeric |  |  
+action_result.parameter.ip_hostname | string |  |  
+action_result.status | string |  |   success  failed 
+action_result.message | string |  |  
+summary.total_objects | numeric |  |  
+summary.total_objects_successful | numeric |  |  
@@ -1,3 +1,24 @@
+<!-- File: readme.html
+
+Copyright (c) Sandfly Security, Ltd., 2023
+
+This unpublished material is proprietary to Recorded Future. All
+rights reserved. The methods and techniques described herein are
+considered trade secrets and/or confidential. Reproduction or
+distribution, in whole or in part, is forbidden except by express
+written permission of Sandfly Security.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed under
+the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+either express or implied. See the License for the specific language governing permissions
+and limitations under the License.
+-->
 <html>
   <head></head>
   <body>
@@ -7,7 +28,7 @@ <h2>Authentication</h2>
     The configuration below will require your Sandfly Security Server portal URL and a username and password that can trigger the actions or retrieve the information.
     <h2>Port Information</h2>
       <p>
-          The app uses HTTP/ HTTPS protocol for communicating with the Cisco Umbrella server. Below are the default ports used by Splunk SOAR.
+          The app uses HTTP/ HTTPS protocol for communicating with the Sandfly Security server. Below are the default ports used by Splunk SOAR.
           <table>
               <tr class=plain>
                   <th>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Service Name</th>
 
@@ -0,0 +1,8 @@
+* Added several new actions to run a specific subset of Sandfly types:
+    * sandfly full investigation - run a full Sandfly investigation scan for all process, file, directory, log, user, incident, policy and recon types.
+    * sandfly process investigation - run an investigation scan for the Sandfly process type.
+    * sandfly file investigation - run an investigation scan for the Sandfly file type.
+    * sandfly directory investigation - run an investigation scan for the Sandfly directory type.
+    * sandfly log tamper investigation - run an investigation scan for the Sandfly log type.
+    * sandfly user investigation - run an investigation scan for the Sandfly user type.
+    * sandfly recon investigation - run an invesgitation scan for the Sandfly recon type.