Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(integration): Sublime Security #101

Merged
merged 4 commits into from Apr 28, 2024
Merged

feat(integration): Sublime Security #101

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
be25b48
feat: Implement sublime actions
topher-lo Apr 27, 2024
e850f0a
Rename trash function
topher-lo Apr 27, 2024
19cd8e1
feat: Add types and icons
topher-lo Apr 27, 2024
4916b75
build: Remove unused env vars
daryllimyt Apr 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
5 changes: 0 additions & 5 deletions .env.example
View file
Open in desktop
Expand Up @@ -47,8 +47,3 @@ NEXT_PUBLIC_CLERK_SIGN_UP_URL=/sign-up
# Integrations env vars (optional)
OPENAI_API_KEY=your-openai-api-key
RESEND_API_KEY=your-resend-api-key
DD_API_KEY=your-datadog-api-key
DD_APP_KEY=your-datadog-app-key
VT_API_KEY=your-virustotal-api-key
URLSCAN_API_KEY=your-urlscan-api-key
EMAILREP_API_KEY=your-emailrep-api-key
19 changes: 19 additions & 0 deletions frontend/src/components/icons.tsx
View file
Open in desktop
Expand Up @@ -209,6 +209,25 @@ export const Integrations: Record<
height="100"
viewBox="0 0 34 23"
fill="none"
{...props}
>
<path
fill-rule="evenodd"
clip-rule="evenodd"
d="M0.0997772 11.5L8.34994 19.6435C12.8838 24.1188 20.3157 24.1188 24.8496 19.6435L29.436 15.1163L28.5201 14.2122L27.6043 13.3082L25.7724 11.5L23.0397 8.80266L21.186 6.97293C18.6742 4.49361 14.5253 4.49361 12.0136 6.97293L11.0908 7.88375L12.9227 9.69178L13.8454 8.78111C15.3458 7.29999 17.8537 7.29999 19.3541 8.78111L19.5341 8.95872L21.2078 10.6108L22.1087 11.5L23.9405 13.3082L25.7724 15.1163L23.0179 17.8353C19.4949 21.3126 13.7045 21.3126 10.1816 17.8353L5.59527 13.3082L3.76341 11.5L1.93167 9.69178L0.0997772 11.5ZM7.42719 7.88375L9.25906 9.69178L11.0908 11.5L11.5522 11.9553L13.3839 13.7635L13.8454 14.2189C15.3458 15.7001 17.8537 15.7001 19.3541 14.2189L20.2769 13.3082L22.1087 15.1163L21.186 16.0271C18.6742 18.5064 14.5253 18.5064 12.0136 16.0271L9.72027 13.7635L7.42719 11.5L5.59527 9.69178L4.23987 8.35405L3.76341 7.88375L8.34994 3.35648C12.8838 -1.11883 20.3157 -1.11883 24.8496 3.35648L33.0998 11.5L31.2679 13.3082L29.436 11.5L27.7385 9.82443L23.0179 5.16469C19.4949 1.68739 13.7045 1.68739 10.1816 5.16469L7.42719 7.88375ZM14.7546 11.5L15.6772 12.4108C16.1666 12.8938 17.0329 12.8938 17.5224 12.4108L18.445 11.5L17.5224 10.5892C17.0329 10.1062 16.1666 10.1062 15.6772 10.5892L14.7546 11.5Z"
fill="#00C292"
fill-opacity="0.8"
/>
</svg>
),
sublime: (props: IconProps) => (
<svg
xmlns="http://www.w3.org/2000/svg"
width="150"
height="100"
viewBox="0 0 34 23"
fill="none"
{...props}
>
<path
fill-rule="evenodd"
Expand Down
13 changes: 13 additions & 0 deletions frontend/src/types/schemas.ts
View file
Open in desktop
Expand Up @@ -32,6 +32,7 @@ const integrationPlatforms = [
"aws_cloudtrail",
"datadog",
"emailrep",
"sublime",
"urlscan",
"virustotal"
] as const
Expand All @@ -51,6 +52,18 @@ const integrationTypes = [
"integrations.datadog.list_security_signals",
"integrations.datadog.update_security_signal_state",
"integrations.emailrep.check_email_reputation",
"integrations.sublime.explode_binary",
"integrations.sublime.hunt_messages",
"integrations.sublime.classify_messages",
"integrations.sublime.dismiss_messages",
"integrations.sublime.quarantine_messages",
"integrations.sublime.trash_messages",
"integrations.sublime.create_message",
"integrations.sublime.analyze_message",
"integrations.sublime.score_message",
"integrations.sublime.restore_message",
"integrations.sublime.trash_message",
"integrations.sublime.list_user_reports",
"integrations.urlscan.analyze_url",
"integrations.virustotal.get_domain_report",
"integrations.virustotal.get_file_report",
Expand Down
44 changes: 44 additions & 0 deletions tests/data/log_samples/sublime/webhook.json
View file
Open in desktop
@@ -0,0 +1,44 @@
{
"id": "5e02026c-55c1-4cbb-8a18-76eb2f3e06d3",
"api_version": "0",
"created_at": "2021-06-30T16:17:22.937642Z",
"type": "message.flagged",
"data": {
"message": {
"id": "dff3be1d-b348-4dab-bb60-582842909a88",
"canonical_id": "767f6519458092af9994a79ae73ca055e1365618",
"external_id": "17a5db5ea7fa760d",
"message_source_id": "a5843e7d-4ba5-40df-954e-73cb2f1e3e7e",
"mailbox": {
"id": "f0654b68-2686-491e-8fcb-e4ad61c61ad8",
"external_id": "109412126579921477721"
}
},
"flagged_rules": [
{
"id": "756b841c-4560-49b3-a8c0-dbacb2900aa5",
"name": "Brand impersonation: Chase Bank",
"severity": "high",
"tags": ["brand-impersonation", "suspicious-sender"]
},
{
"id": "67cfc6d8-3cbb-4338-ae8e-fffb0adccd12",
"name": "Firebase storage link",
"severity": "medium",
"tags": ["suspicious-content"]
}
],
"triggered_actions": [
{
"id": "6f45c807-a9c7-47a8-8c3e-5391e4f477ca",
"name": "Auto-trash",
"type": "trash_message"
},
{
"id": "8edd8b97-7b85-40d2-9045-a619ae9b4e52",
"name": "Notify SIEM",
"type": "webhook"
}
]
}
}
2 changes: 2 additions & 0 deletions tracecat/integrations/__init__.py
View file
Open in desktop
Expand Up @@ -5,6 +5,7 @@
aws_cloudtrail,
datadog,
emailrep,
sublime,
urlscan,
virustotal,
)
Expand All @@ -18,6 +19,7 @@
"aws_cloudtrail",
"datadog",
"emailrep",
"sublime",
"urlscan",
"virustotal",
]