Merge pull request #39 from JupiterOne/APP-15547

[APP-15547] update to use new createIntegrationHelpers
JupiterOne · Jul 24, 2024 · bae172a · bae172a
2 parents 4b8b5ef + 44bf279
commit bae172a
Show file tree

Hide file tree

Showing 16 changed files with 335 additions and 289 deletions.
diff --git a/.github/workflows/peril.yml b/.github/workflows/peril.yml
diff --git a/package.json b/package.json
@@ -45,13 +45,10 @@
     "@microsoft/microsoft-graph-types": "^2.24.0",
     "node-fetch": "2"
   },
-  "peerDependencies": {
-    "@jupiterone/integration-sdk-core": "^12.2.5"
-  },
   "devDependencies": {
-    "@jupiterone/integration-sdk-core": "^12.2.5",
-    "@jupiterone/integration-sdk-dev-tools": "^12.2.5",
-    "@jupiterone/integration-sdk-testing": "^12.2.5",
+    "@jupiterone/integration-sdk-core": "^13.2.0",
+    "@jupiterone/integration-sdk-dev-tools": "^13.2.0",
+    "@jupiterone/integration-sdk-testing": "^13.2.0",
     "@types/node": "^20.11.30",
     "auto": "^10.36.5",
     "@types/node-fetch": "^2.6.2"

diff --git a/src/constants.ts b/src/constants.ts
@@ -5,6 +5,14 @@ import {
   StepMappedRelationshipMetadata,
   StepRelationshipMetadata,
 } from '@jupiterone/integration-sdk-core';
+import {
+  ACCOUNT_ENTITY,
+  ENDPOINT_ENTITY,
+  LOGON_USER_ENTITY,
+  MACHINE_ENTITY,
+  USER_ENTITY,
+  VULNERABILITY_ENTITY,
+} from './entities';
 
 export const Steps: Record<
   | 'FETCH_ACCOUNT'
@@ -38,36 +46,12 @@ export const Entities: Record<
   'ACCOUNT' | 'MACHINE' | 'LOGON_USER' | 'USER' | 'VULNERABILITY' | 'ENDPOINT',
   StepEntityMetadata
 > = {
-  ACCOUNT: {
-    resourceName: 'Account',
-    _type: 'microsoft_defender_account',
-    _class: ['Account'],
-  },
-  MACHINE: {
-    resourceName: 'Machine',
-    _type: 'microsoft_defender_machine',
-    _class: ['HostAgent'],
-  },
-  LOGON_USER: {
-    resourceName: 'Logon User',
-    _type: 'microsoft_defender_logon_user',
-    _class: ['User'],
-  },
-  USER: {
-    resourceName: 'User',
-    _type: 'microsoft_defender_user',
-    _class: ['User'],
-  },
-  VULNERABILITY: {
-    resourceName: 'Vulnerability',
-    _type: 'microsoft_defender_vulnerability',
-    _class: ['Finding'],
-  },
-  ENDPOINT: {
-    resourceName: 'Device/Machine/Host',
-    _type: 'user_endpoint',
-    _class: ['Device'],
-  },
+  ACCOUNT: ACCOUNT_ENTITY,
+  MACHINE: MACHINE_ENTITY,
+  LOGON_USER: LOGON_USER_ENTITY,
+  USER: USER_ENTITY,
+  VULNERABILITY: VULNERABILITY_ENTITY,
+  ENDPOINT: ENDPOINT_ENTITY,
 };
 
 export const Relationships: Record<

diff --git a/src/entities.ts b/src/entities.ts
@@ -0,0 +1,125 @@
+import { SchemaType } from '@jupiterone/integration-sdk-core';
+import { createEntityType, createEntityMetadata } from './helpers';
+
+const StringNullUndefined = SchemaType.Optional(
+  SchemaType.Union([SchemaType.String(), SchemaType.Null()]),
+);
+
+export const [ACCOUNT_ENTITY, assignAccount] = createEntityMetadata({
+  resourceName: 'Account',
+  _class: ['Account'],
+  _type: createEntityType('account'),
+  description: 'A Microsoft Defender Endpoint account',
+  schema: SchemaType.Object({
+    organizationName: StringNullUndefined,
+    defaultDomain: SchemaType.Optional(SchemaType.String()),
+    verifiedDomains: SchemaType.Optional(SchemaType.Array(SchemaType.String())),
+  }),
+});
+
+export const [MACHINE_ENTITY, assignMachine] = createEntityMetadata({
+  resourceName: 'Machine',
+  _class: ['HostAgent'],
+  _type: createEntityType('machine'),
+  description: 'A Microsoft Defender Endpoint machine',
+  schema: SchemaType.Object({
+    firstSeenOn: SchemaType.Optional(SchemaType.Number()),
+    agentVersion: SchemaType.String(),
+    defenderAvStatus: SchemaType.String(),
+    riskScore: SchemaType.String(),
+    computerDnsName: SchemaType.String(),
+    rbacGroupId: SchemaType.Number(),
+    rbacGroupName: SchemaType.Union([SchemaType.String(), SchemaType.Null()]),
+    machineTags: SchemaType.Array(SchemaType.String()),
+    onboardingStatus: SchemaType.String(),
+    managedBy: SchemaType.String(),
+    managedByStatus: SchemaType.String(),
+    ipAddress: SchemaType.Array(SchemaType.String()),
+    macAddress: SchemaType.Array(SchemaType.String()),
+    aadDeviceId: SchemaType.Union([SchemaType.String(), SchemaType.Null()]),
+  }),
+});
+
+export const [LOGON_USER_ENTITY, assignLogonUser] = createEntityMetadata({
+  resourceName: 'Logon User',
+  _class: ['User'],
+  _type: createEntityType('logon_user'),
+  description: 'A Microsoft Defender Endpoint Logon User',
+  schema: SchemaType.Object({
+    domain: StringNullUndefined,
+    firstSeenOn: SchemaType.Optional(SchemaType.Number()),
+    lastSeenOn: SchemaType.Optional(SchemaType.Number()),
+    logonTypes: SchemaType.String(),
+  }),
+});
+
+export const [USER_ENTITY, assignUser] = createEntityMetadata({
+  resourceName: 'User',
+  _class: ['User'],
+  _type: createEntityType('user'),
+  description: 'A Microsoft Defender Endpoint user',
+  schema: SchemaType.Object({
+    businessPhones: SchemaType.Optional(SchemaType.Array(SchemaType.String())),
+    givenName: StringNullUndefined,
+    jobTitle: StringNullUndefined,
+    mail: StringNullUndefined,
+    mobilePhone: StringNullUndefined,
+    officeLocation: StringNullUndefined,
+    preferredLanguage: StringNullUndefined,
+    surname: StringNullUndefined,
+    userPrincipalName: StringNullUndefined,
+  }),
+});
+
+export const [VULNERABILITY_ENTITY, assignVulnerability] = createEntityMetadata(
+  {
+    resourceName: 'Vulnerability',
+    _class: ['Finding'],
+    _type: createEntityType('vulnerability'),
+    description: 'A Microsoft Defender Endpoint vulnerability',
+    schema: SchemaType.Object({
+      id: SchemaType.String(),
+      publishedOn: SchemaType.Optional(SchemaType.Number()),
+      exposedMachines: SchemaType.Number(),
+      blocking: SchemaType.Boolean(),
+    }),
+  },
+);
+
+export const [ENDPOINT_ENTITY, assignEndpoint] = createEntityMetadata({
+  resourceName: 'Device/Machine/Host',
+  _class: ['Device'],
+  _type: 'user_endpoint',
+  description: 'A Microsoft Defender Endpoint entity',
+  schema: SchemaType.Object({
+    computerDnsName: SchemaType.String(),
+    firstSeenOn: SchemaType.Optional(SchemaType.Number()),
+    osPlatform: SchemaType.String(),
+    osProcessor: SchemaType.Optional(SchemaType.String()),
+    lastIpAddress: SchemaType.String(),
+    lastExternalIpAddress: SchemaType.String(),
+    agentVersion: SchemaType.String(),
+    osBuild: SchemaType.Union([SchemaType.Number(), SchemaType.Null()]),
+    healthStatus: SchemaType.String(),
+    deviceValue: SchemaType.String(),
+    rbacGroupId: SchemaType.Number(),
+    rbacGroupName: SchemaType.Union([SchemaType.String(), SchemaType.Null()]),
+    riskScore: SchemaType.String(),
+    exposureLevel: SchemaType.String(),
+    isAadJoined: SchemaType.Union([SchemaType.Boolean(), SchemaType.Null()]),
+    aadDeviceId: SchemaType.Union([SchemaType.String(), SchemaType.Null()]),
+    machineTags: SchemaType.Array(SchemaType.String()),
+    defenderAvStatus: SchemaType.String(),
+    onboardingStatus: SchemaType.String(),
+    osArchitecture: SchemaType.String(),
+    managedBy: SchemaType.String(),
+    managedByStatus: SchemaType.String(),
+    vmId: SchemaType.Optional(SchemaType.String()),
+    cloudProvider: SchemaType.Optional(SchemaType.String()),
+    resourceId: SchemaType.Optional(SchemaType.String()),
+    subscriptionId: SchemaType.Optional(SchemaType.String()),
+    ipAddresses: SchemaType.Array(SchemaType.String()),
+    ipAddress: SchemaType.Array(SchemaType.String()),
+    macAddress: SchemaType.Array(SchemaType.String()),
+  }),
+});
diff --git a/src/helpers.ts b/src/helpers.ts
@@ -0,0 +1,8 @@
+import { createIntegrationHelpers } from '@jupiterone/integration-sdk-core';
+import { typeboxClassSchemaMap } from '@jupiterone/data-model';
+
+export const { createEntityType, createEntityMetadata } =
+  createIntegrationHelpers({
+    integrationName: 'microsoft_defender',
+    classSchemaMap: typeboxClassSchemaMap,
+  });
diff --git a/src/steps/active-directory/__snapshots__/index.test.ts.snap b/src/steps/active-directory/__snapshots__/index.test.ts.snap
@@ -75,6 +75,7 @@ exports[`#fetchAccount 1`] = `
       "id": "19ae0f99-6fc6-444b-bd54-97504efc66ad",
       "name": "JupiterOne Azure Integration Development",
       "organizationName": "JupiterOne Azure Integration Development",
+      "vendor": "Microsoft Defender",
       "verifiedDomains": [
         "j1AzureIntegrationDev.onmicrosoft.com",
       ],
@@ -153,6 +154,7 @@ exports[`#fetchAccount 1`] = `
       "id": "19ae0f99-6fc6-444b-bd54-97504efc66ad",
       "name": "JupiterOne Azure Integration Development",
       "organizationName": "JupiterOne Azure Integration Development",
+      "vendor": "Microsoft Defender",
       "verifiedDomains": [
         "j1AzureIntegrationDev.onmicrosoft.com",
       ],

diff --git a/src/steps/active-directory/converters.test.ts b/src/steps/active-directory/converters.test.ts
@@ -7,38 +7,17 @@ import {
   getMockOrganization,
   getMockUser,
 } from '../../../test/mocks';
+import { ACCOUNT_ENTITY, USER_ENTITY } from '../../entities';
 
 test('#createAccountEntityWithOrganization', () => {
   expect(
     createAccountEntityWithOrganization(
       getMockInstance(),
       getMockOrganization(),
     ),
-  ).toMatchGraphObjectSchema({
-    _class: ['Account'],
-    schema: {
-      properties: {
-        _type: { const: 'microsoft_defender_account' },
-        _rawData: {
-          type: 'array',
-          items: { type: 'object' },
-        },
-      },
-    },
-  });
+  ).toMatchGraphObjectSchema(ACCOUNT_ENTITY);
 });
 
 test('#createUserEntity', () => {
-  expect(createUserEntity(getMockUser())).toMatchGraphObjectSchema({
-    _class: ['User'],
-    schema: {
-      properties: {
-        _type: { const: 'microsoft_defender_user' },
-        _rawData: {
-          type: 'array',
-          items: { type: 'object' },
-        },
-      },
-    },
-  });
+  expect(createUserEntity(getMockUser())).toMatchGraphObjectSchema(USER_ENTITY);
 });