Release Azure Sentinel v2.2.0

Author: igorski-r7

plugins/azure_sentinel/.CHECKSUM

@@ -1,119 +1,119 @@
 {
-	"spec": "61796eba0eef46715c75209cf3c59cbf",
-	"manifest": "a2e22e50bfa844984d49930df2de33e9",
-	"setup": "34a5efae9b9fd921e3fc8aff1bc4d3bf",
+	"spec": "dc5247aac271abe6eecfbd86465997b4",
+	"manifest": "5b79854be3da439bc608ec426d283425",
+	"setup": "f8ae8fc360f2dc3a836170ac95a16d07",
 	"schemas": [
 		{
 			"identifier": "append_tags/schema.py",
-			"hash": "970578dff23d82b552ce67b6dc2e15c0"
+			"hash": "efd164be3c768ac9e84ab2b84f2e56a6"
 		},
 		{
 			"identifier": "create_indicator/schema.py",
-			"hash": "5d7c50b4689e4207e097a477d131c501"
+			"hash": "4e8662a883709703041293c729475075"
 		},
 		{
 			"identifier": "create_update_comment/schema.py",
-			"hash": "1a701623c6c0d2260f88ff2d08ad8169"
+			"hash": "2e4e0c2a696fc3e38fbafe93cb3d52a7"
 		},
 		{
 			"identifier": "create_update_incident/schema.py",
-			"hash": "5acab9650a8ab5e803a762d524e528e7"
+			"hash": "35f7d5c31f469061630a39619c6f009d"
 		},
 		{
 			"identifier": "create_update_watchlist/schema.py",
-			"hash": "ca112a8375a83a85e00b072ccee9c67f"
+			"hash": "6c95b82712e1d497173e7570cf323211"
 		},
 		{
 			"identifier": "create_update_watchlist_items/schema.py",
-			"hash": "d67d3e75ae1eef09ae872a789c523f44"
+			"hash": "57377c97afe10622f8f782a633c0e790"
 		},
 		{
 			"identifier": "delete_comment/schema.py",
-			"hash": "88792508d72442af971d56020124c814"
+			"hash": "17cbaac23cd3103376e533d094d1e0ac"
 		},
 		{
 			"identifier": "delete_incident/schema.py",
-			"hash": "4263c94749a3cd045cdbaf8b9547eda3"
+			"hash": "f473510d55fcd24d4f4f8fb7eca0dc57"
 		},
 		{
 			"identifier": "delete_indicator/schema.py",
-			"hash": "04d174f293c3ca26a6a016a96c9c24cc"
+			"hash": "b3d8ed6c698f51b3c24d28c2801b8307"
 		},
 		{
 			"identifier": "delete_watchlist/schema.py",
-			"hash": "46a56ffb221502147f1bf8eed845b625"
+			"hash": "3a3b1e729f68c051f95194c6957c072c"
 		},
 		{
 			"identifier": "delete_watchlist_item/schema.py",
-			"hash": "3e2b8434adf15e6aa0941bf6f8389355"
+			"hash": "094faf48901618bb2642e95ab79d5689"
 		},
 		{
 			"identifier": "get_comment/schema.py",
-			"hash": "39a4ecabb8caca7e0549661a91a05da5"
+			"hash": "c07729ed21355a7a164aa38080fdeca7"
 		},
 		{
 			"identifier": "get_incident/schema.py",
-			"hash": "909331a25929336afeca47df9144d33f"
+			"hash": "a5236ae187595f9e35e7610bcb501ff6"
 		},
 		{
 			"identifier": "get_indicator/schema.py",
-			"hash": "dd5d981b29fe62a6a69126a333696d68"
+			"hash": "bcba352ccdc7cab32d6ad6c8e2ad0c4d"
 		},
 		{
 			"identifier": "get_watchlist/schema.py",
-			"hash": "4ddf655742f1b1be1d49b28785dbda5f"
+			"hash": "1dc9a60e4a279815adaef80f8d77daa8"
 		},
 		{
 			"identifier": "get_watchlist_item/schema.py",
-			"hash": "0e2688ae61f9d286357ef084fe847396"
+			"hash": "b0a528163894c231eae31d8e98dcc856"
 		},
 		{
 			"identifier": "list_alerts/schema.py",
-			"hash": "fee3475d8322137671135108c5a64600"
+			"hash": "bd5e7ebaad62b74be4e0cc152cdd12a5"
 		},
 		{
 			"identifier": "list_bookmarks/schema.py",
-			"hash": "a6221781ab44ec6a17dbf32be832a024"
+			"hash": "164166e862cf50794109f11b3853e910"
 		},
 		{
 			"identifier": "list_comments/schema.py",
-			"hash": "bbf2b1877d145a2ad9bfcb242e2c91b5"
+			"hash": "a8365805f3eaa4ea7a018443bf8c2a91"
 		},
 		{
 			"identifier": "list_entities/schema.py",
-			"hash": "a276bdf76aee319c04a31525895152e8"
+			"hash": "2af2a68a6bb31c2713d46870c6370811"
 		},
 		{
 			"identifier": "list_incidents/schema.py",
-			"hash": "cb10867e59672f46073dabe4e22c8c4c"
+			"hash": "c98e8c322da214bef25b72644432ae85"
 		},
 		{
 			"identifier": "list_watchlist_items/schema.py",
-			"hash": "70e11c60286f1c199cc499b8a475b21b"
+			"hash": "0e2badd3cf3d5c28b1d7c1f06fc1a4c6"
 		},
 		{
 			"identifier": "list_watchlists/schema.py",
-			"hash": "5befd89a6fcb3fe7f15158c02eb38426"
+			"hash": "3c931cb46a7ab31848dcaf3761328e72"
 		},
 		{
 			"identifier": "query_indicator/schema.py",
-			"hash": "94dc763a0f8e337bfa6013d10bf388e1"
+			"hash": "36e1ee3df41d9dfafcb94284c5b112ba"
 		},
 		{
 			"identifier": "replace_tags/schema.py",
-			"hash": "d71ab962502cc5876da3a39aab97141e"
+			"hash": "87e632f675a6547b8a889eefd64de0da"
 		},
 		{
 			"identifier": "update_indicator/schema.py",
-			"hash": "7a8595b6f4c3c9c16610e6baea6e3d0e"
+			"hash": "72cfdd2add2431a60dd9b64add846268"
 		},
 		{
 			"identifier": "connection/schema.py",
-			"hash": "03dee8861337c1d34a0339a6d04d9a96"
+			"hash": "e35e373e67e10939cde33b6ea1dc7baa"
 		},
 		{
 			"identifier": "get_new_incidents/schema.py",
-			"hash": "d0af28fdaf4f85e9b12074c9e3f57b90"
+			"hash": "3495168fcfb530e08d5b65174c2193ed"
 		}
 	]
 }

plugins/azure_sentinel/Dockerfile

@@ -1,26 +1,34 @@
-FROM rapid7/insightconnect-python-3-38-plugin:4
-# Refer to the following documentation for available SDK parent images: https://komand.github.io/python/sdk.html#version
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.4.3 AS builder
+
+WORKDIR /python/src
+
+ADD ./plugin.spec.yaml /plugin.spec.yaml
+ADD ./requirements.txt /python/src/requirements.txt
+ADD . /python/src
+
+
+
+RUN pip install .
+RUN pip uninstall -y setuptools
+
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.4.3
 
 LABEL organization=rapid7
 LABEL sdk=python
 
-# Add any custom package dependencies here
-# NOTE: Add pip packages to requirements.txt
+WORKDIR /python/src
 
-# End package dependencies
+COPY --from=builder /python/src /python/src
+COPY --from=builder /plugin.spec.yaml /plugin.spec.yaml
 
-# Add source code
-WORKDIR /python/src
-ADD ./plugin.spec.yaml /plugin.spec.yaml
-ADD . /python/src
 
-# Install pip dependencies
 RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
 
-# Install plugin
-RUN python setup.py build && python setup.py install
+ENV PYTHONPATH="/python/src:${PYTHONPATH}"
+
+RUN rm -rf /root/.cache;
 
 # User to run plugin code. The two supported users are: root, nobody
 USER nobody
 
-ENTRYPOINT ["/usr/local/bin/icon_azure_sentinel"]
+ENTRYPOINT ["python", "/python/src/bin/icon_azure_sentinel"]

plugins/azure_sentinel/bin/icon_azure_sentinel

@@ -1,12 +1,12 @@
 #!/usr/bin/env python
-# GENERATED BY KOMAND SDK - DO NOT EDIT
+# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT
 import os
 import json
 from sys import argv
 
 Name = "Azure Sentinel Plugin"
 Vendor = "rapid7"
-Version = "2.1.0"
+Version = "2.2.0"
 Description = "Microsoft Azure Sentinel is a cloud-native SIEM that provides intelligent security analytics for your entire enterprise, powered by AI"
 
 
@@ -23,7 +23,7 @@ def main():
             monkey.patch_all()
 
     import insightconnect_plugin_runtime
-    from icon_azure_sentinel import connection, actions, triggers
+    from icon_azure_sentinel import connection, actions, triggers, tasks
 
     class ICONAzureSentinel(insightconnect_plugin_runtime.Plugin):
         def __init__(self):
@@ -35,59 +35,59 @@ def main():
                 connection=connection.Connection()
             )
             self.add_trigger(triggers.GetNewIncidents())
-
-            self.add_action(actions.AppendTags())
-
-            self.add_action(actions.CreateIndicator())
-
+        
+            self.add_action(actions.GetComment())
+        
+            self.add_action(actions.ListComments())
+        
             self.add_action(actions.CreateUpdateComment())
-
-            self.add_action(actions.CreateUpdateIncident())
-
-            self.add_action(actions.CreateUpdateWatchlist())
-
-            self.add_action(actions.CreateUpdateWatchlistItems())
-
+        
             self.add_action(actions.DeleteComment())
-
-            self.add_action(actions.DeleteIncident())
-
-            self.add_action(actions.DeleteIndicator())
-
-            self.add_action(actions.DeleteWatchlist())
-
-            self.add_action(actions.DeleteWatchlistItem())
-
-            self.add_action(actions.GetComment())
-
+        
+            self.add_action(actions.CreateUpdateIncident())
+        
+            self.add_action(actions.ListIncidents())
+        
             self.add_action(actions.GetIncident())
-
-            self.add_action(actions.GetIndicator())
-
-            self.add_action(actions.GetWatchlist())
-
-            self.add_action(actions.GetWatchlistItem())
-
+        
+            self.add_action(actions.DeleteIncident())
+        
             self.add_action(actions.ListAlerts())
-
+        
             self.add_action(actions.ListBookmarks())
-
-            self.add_action(actions.ListComments())
-
+        
             self.add_action(actions.ListEntities())
-
-            self.add_action(actions.ListIncidents())
-
-            self.add_action(actions.ListWatchlistItems())
-
-            self.add_action(actions.ListWatchlists())
-
+        
+            self.add_action(actions.CreateIndicator())
+        
+            self.add_action(actions.GetIndicator())
+        
+            self.add_action(actions.UpdateIndicator())
+        
+            self.add_action(actions.DeleteIndicator())
+        
             self.add_action(actions.QueryIndicator())
-
+        
+            self.add_action(actions.AppendTags())
+        
             self.add_action(actions.ReplaceTags())
-
-            self.add_action(actions.UpdateIndicator())
-
+        
+            self.add_action(actions.CreateUpdateWatchlist())
+        
+            self.add_action(actions.GetWatchlist())
+        
+            self.add_action(actions.DeleteWatchlist())
+        
+            self.add_action(actions.ListWatchlists())
+        
+            self.add_action(actions.CreateUpdateWatchlistItems())
+        
+            self.add_action(actions.GetWatchlistItem())
+        
+            self.add_action(actions.DeleteWatchlistItem())
+        
+            self.add_action(actions.ListWatchlistItems())
+        
 
     """Run plugin"""
     cli = insightconnect_plugin_runtime.CLI(ICONAzureSentinel())