Merge pull request #9 from splunk-soar-connectors/next

Merging next to main for release 2.1.7

Author: cpangam

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2018-2022 Splunk Inc.
+   Copyright (c) 2018-2022 Splunk Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
@@ -198,4 +198,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.

README.md

@@ -2,15 +2,15 @@
 # Symantec Data Loss Prevention
 
 Publisher: Splunk  
-Connector Version: 2\.1\.2  
+Connector Version: 2\.1\.7  
 Product Vendor: Symantec  
 Product Name: Symantec DLP  
 Product Version Supported (regex): "\.\*"  
 Minimum Product Version: 5\.0\.0  
 
 This app supports incident update and incident ingestion from Symantec Data Loss Prevention installation
 
-[comment]: # " File: readme.md"
+[comment]: # " File: README.md"
 [comment]: # "  Copyright (c) 2018-2022 Splunk Inc."
 [comment]: # ""
 [comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');"

release_notes/2.1.7.md

@@ -0,0 +1,6 @@
+**Symantec Data Loss Prevention Release Notes - Published by Splunk January 19, 2022**
+
+
+**Version 2.1.7 - Released January 19, 2022**
+
+* Changed the hashing algorithm to SHA256 when running in FIPS mode [PAPP-20325]

release_notes/release_notes.html

@@ -1,5 +1,9 @@
-<b>Symantec Data Loss Prevention Release Notes - Published by Splunk January 11, 2022</b>
+<b>Symantec Data Loss Prevention Release Notes - Published by Splunk January 19, 2022</b>
 <br><br>
+<b>Version 2.1.7 - Released January 19, 2022</b>
+<ul>
+<li>Changed the hashing algorithm to SHA256 when running in FIPS mode [PAPP-20325]</li>
+</ul>
 <b>Version 2.1.5 - Released January 11, 2022</b>
 <ul>
 <li>Added 'get incident' and 'list incidents' actions [PAPP-7011]</li>

symantecdlp.json

@@ -5,8 +5,8 @@
     "publisher": "Splunk",
     "type": "endpoint",
     "main_module": "symantecdlp_connector.py",
-    "app_version": "2.1.5",
-    "utctime_updated": "2022-01-11T06:11:56.000000Z",
+    "app_version": "2.1.7",
+    "utctime_updated": "2022-01-19T22:24:40.000000Z",
     "package_name": "phantom_symantecdlp",
     "product_vendor": "Symantec",
     "product_name": "Symantec DLP",

symantecdlp_connector.py

@@ -629,6 +629,19 @@ def _set_sdi(self, default_id, input_dict):
 
         return phantom.APP_SUCCESS
 
+    def _get_fips_enabled(self):
+        try:
+            from phantom_common.install_info import is_fips_enabled
+        except ImportError:
+            return False
+
+        fips_enabled = is_fips_enabled()
+        if fips_enabled:
+            self.debug_print('FIPS is enabled')
+        else:
+            self.debug_print('FIPS is not enabled')
+        return fips_enabled
+
     def _create_dict_hash(self, input_dict):
 
         input_dict_str = None
@@ -645,7 +658,14 @@ def _create_dict_hash(self, input_dict):
         if isinstance(input_dict_str, str):
             input_dict_str = input_dict_str.encode('utf-8')
 
-        return hashlib.sha256(input_dict_str).hexdigest()
+        fips_enabled = self._get_fips_enabled()
+        # if fips is not enabled, we should continue with our existing md5 usage for generating hashes
+        # to not impact existing customers
+        if not fips_enabled:
+            dict_hash = hashlib.md5(input_dict_str)
+        else:
+            dict_hash = hashlib.sha256(input_dict_str)
+        return dict_hash.hexdigest()
 
     def _parse_results(self, action_result, param, results):