[ProofPoint TAP] implement application #3343
Conversation
external-import/proofpoint-tap/proofpoint_tap/domain/models/octi/common.py
Outdated
Show resolved
Hide resolved
external-import/proofpoint-tap/proofpoint_tap/client_api/v2/threat.py
Outdated
Show resolved
Hide resolved
external-import/proofpoint-tap/proofpoint_tap/client_api/v2/campaign.py
Outdated
Show resolved
Hide resolved
external-import/proofpoint-tap/proofpoint_tap/client_api/common.py
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Core of the PR
external-import/proofpoint-tap/tests/test_client_api/test_common.py
Outdated
Show resolved
Hide resolved
external-import/proofpoint-tap/tests/test_client_api/test_v2/test_campaign.py
Outdated
Show resolved
Hide resolved
external-import/proofpoint-tap/tests/test_client_api/test_v2/test_forensics.py
Outdated
Show resolved
Hide resolved
external-import/proofpoint-tap/tests/test_client_api/test_v2/test_threat.py
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Some typos and missing decorators prevent the connector to launch (see comments).
I fixed these issues locally and was able to:
- make the tests pass
⚠️ (some counters need to be incremented by one since the TLP markings have been added to the bundle) - run connector locally with a
.config.ymlfile ✅ - run connector locally with a
.envfile ✅ - build the docker image with a
.envfile ✅ - see no errors during ingestion ✅
Despite the complexity of the product, the code is pretty straightforward and each file's responsibility well defined 👏👏👏
| @abstractmethod | ||
| def _name(self) -> str: ... | ||
|
|
||
| @_make_error_handler("Unable to retrieve connector name in config") |
| @abstractmethod | ||
| def _scope(self) -> str: ... | ||
|
|
||
| @_make_error_handler("Unable to retrieve connector scope in config") |
|
|
||
| @property | ||
| @_make_error_handler("Unable to retrieve OpenCTI Token in config") | ||
| def token(self) -> SecretStr: |
There was a problem hiding this comment.
I couldn't manage to launch the connector with SecretStr type here
I had to change it for str:
There was a problem hiding this comment.
Thank for yu remark !
In my opinion SecretStr is used to remind the developper he/she is manipulating a secret and not a simple string and I should keep it this way here.
To fix the issue you highlighted, I've altered the to_dict method to handle this case if it is ok for you :)
| == 1 | ||
| ) | ||
| ## Total 8 entities | ||
| assert len(entities) == 8 # noqa: S101 |
There was a problem hiding this comment.
need to add +1 for the TLP marking entity
| == 1 | ||
| ) | ||
| ## Total 22 entities | ||
| assert len(entities) == 22 # noqa: S101 |
There was a problem hiding this comment.
need to add +1 for the TLP marking entity
| CONNECTOR_NAME=ProofPointTAP | ||
| CONNECTOR_SCOPE=report | ||
| CONNECTOR_DURATION_PERIOD=PT12H | ||
| CONNECTOR_LOG_LEVEL=warning |
There was a problem hiding this comment.
Should be replaced by warn, otherwise a ValueError is raised.
| TAP_MARKING_DEFINITION=white | ||
| TAP_EXPORT_CAMPAIGNS=True | ||
| TAP_EXPORT_EVENTS=True | ||
| TAP_EVENTS_TYPES=issues |
There was a problem hiding this comment.
typo: in config adapter, the expected variable is TAP_EVENTS_TYPES (plural)
| self._logger.warning( | ||
| "[CONNECTOR] Connector acquisition SINCE parameter overwritten", | ||
| { | ||
| # "previous": str(self.config.tap.export_since), |
| self._log_error(f"Data retrieval error: {str(e)}") | ||
| return False | ||
|
|
||
| def work(self) -> None: |
There was a problem hiding this comment.
It's a good idea to call it work instead of process 👍
There was a problem hiding this comment.
Thank you !
I still call _process the ETL steps though 🤔
There was a problem hiding this comment.
That's true 😅 maybe _send or _import/_export could do the trick... but the most important IMHO is to not use process_message method's name anymore, because the method wasn't processing any messages ^^
| score=self.score, | ||
| created_by_ref=self.author.id if self.author else None, | ||
| ), | ||
| custom_properties=self.custom_properties_to_stix(), | ||
| ) | ||
|
|
||
| def to_indicator( |
There was a problem hiding this comment.
I don't remember if I mentioned it in the previous PR but these are very convenient methods 👍
There was a problem hiding this comment.
Thanks for your remarks and tips @Powlinett !
I think I've fixed the issues you highlighted. Could you have a glance please ?
flavienSindou
merged commit a002ffd
into
feat/1538-proofpoint-tap-connector
flavienSindou
deleted the
feat/1538-proofpoint-tap-connector-application
branch
Proposed changes
Related issues
Checklist
Further comments
N/A