Skip to content

Commit

Permalink
Merge pull request #2 from splunk-soar-connectors/next
Browse files Browse the repository at this point in the history 
Merging next to main for release 1.0.1
  • Loading branch information
@tonyc-phantom
tonyc-phantom committed Feb 9, 2023
2 parents e396268 + a7cab2b commit 0287380
Show file tree
Hide file tree
Showing 33 changed files with 1,742 additions and 8 deletions.
4 changes: 2 additions & 2 deletions .pre-commit-config.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
repos:
- repo: https://github.com/phantomcyber/dev-cicd-tools
rev: v1.13
rev: v1.16
hooks:
- id: org-hook
- id: package-app-dependencies
- repo: https://github.com/Yelp/detect-secrets
rev: v1.2.0
rev: v1.4.0
hooks:
- id: detect-secrets
args: ['--no-verify']
2 changes: 1 addition & 1 deletion LICENSE
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.

Copyright 2022 Splunk Inc.
Copyright (c) 2023 Splunk Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand Down
219 changes: 214 additions & 5 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,218 @@
# Splunk> Phantom
[comment]: # "Auto-generated SOAR connector documentation"
# Snowflake

Welcome to the open-source repository for Splunk> Phantom's snowflake App.
Publisher: Splunk
Connector Version: 1\.0\.1
Product Vendor: Snowflake
Product Name: Snowflake
Product Version Supported (regex): "\.\*"
Minimum Product Version: 5\.3\.5

Please have a look at our [Contributing Guide](https://github.com/Splunk-SOAR-Apps/.github/blob/main/.github/CONTRIBUTING.md) if you are interested in contributing, raising issues, or learning more about open-source Phantom apps.
This app supports investigative and data manipulation actions on Snowflake

## Legal and License

This Phantom App is licensed under the Apache 2.0 license. Please see our [Contributing Guide](https://github.com/Splunk-SOAR-Apps/.github/blob/main/.github/CONTRIBUTING.md#legal-notice) for further details.
## Port Details

The app uses HTTPS protocol for communicating with Snowflake. Below are the default ports used by
the Splunk SOAR Connector.

| SERVICE NAME | TRANSPORT PROTOCOL | PORT |
|--------------|--------------------|------|
| https | tcp | 443 |

## Roles

Roles are used by Snowflake to **control access to objects** within the organization and allow users
to perform actions against those objects. Users can have several roles granted to them, and can also
have a default role assigned. Since a user is allowed to switch roles during a session in order to
have the appropriate permissions to perform certain actions, the Snowflake app accomodates this by
having an optional 'role' parameter in each of the actions. If this parameter is left blank, the
default role assigned to the user will be used.


### Configuration Variables
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Snowflake asset in SOAR.

VARIABLE | REQUIRED | TYPE | DESCRIPTION
-------- | -------- | ---- | -----------
**account** | required | string | Account
**username** | required | string | Username
**password** | required | password | Password

### Supported Actions
[test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity using supplied configuration
[run query](#action-run-query) - Perform a SQL query
[disable user](#action-disable-user) - Disable a Snowflake user
[show network policies](#action-show-network-policies) - List available network policies
[describe network policy](#action-describe-network-policy) - List the details of a network policy
[update network policy](#action-update-network-policy) - Update an existing network policy
[remove grants](#action-remove-grants) - Remove a specified granted role from a Snowflake user

## action: 'test connectivity'
Validate the asset configuration for connectivity using supplied configuration

Type: **test**
Read only: **True**

#### Action Parameters
No parameters are required for this action

#### Action Output
No Output

## action: 'run query'
Perform a SQL query

Type: **investigate**
Read only: **False**

#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**query** | required | Query string | string | `sql query`
**role** | optional | Role to use to execute action | string |
**warehouse** | optional | Warehouse | string |
**database** | optional | Database | string |
**schema** | optional | Schema | string |

#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action\_result\.data | string | |
action\_result\.status | string | | success
action\_result\.message | string | | Total rows\: 4
action\_result\.summary\.total\_rows | numeric | | 4
action\_result\.parameter\.role | string | | accountadmin
action\_result\.parameter\.query | string | `sql query` | select \* from test\_table;
action\_result\.parameter\.schema | string | | testschema
action\_result\.parameter\.database | string | | test1db
action\_result\.parameter\.warehouse | string | | warehouse1
summary\.total\_objects | numeric | | 1
summary\.total\_objects\_successful | numeric | | 1

## action: 'disable user'
Disable a Snowflake user

Type: **investigate**
Read only: **False**

#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**username** | required | Snowflake user name | string | `user name`
**role** | optional | Role to use to execute action | string |

#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action\_result\.parameter\.username | string | `user name` | test1
action\_result\.data\.\*\.status | string | | Statement executed successfully\.
action\_result\.status | string | | success
action\_result\.message | string | | Status\: Statement executed successfully\.
action\_result\.summary\.status | string | | Statement executed successfully\.
action\_result\.parameter\.role | string | | accountadmin
summary\.total\_objects | numeric | | 1
summary\.total\_objects\_successful | numeric | | 1

## action: 'show network policies'
List available network policies

Type: **investigate**
Read only: **True**

#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**role** | optional | Role to use to execute action | string |

#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action\_result\.data\.\*\.name | string | | MYPOLICY1
action\_result\.parameter\.role | string | | accountadmin
action\_result\.data\.\*\.comment | string | | testing app
action\_result\.data\.\*\.created\_on | string | | 2022\-12\-19 14\:10\:12\.084000\-08\:00
action\_result\.data\.\*\.entries\_in\_allowed\_ip\_list | numeric | | 2
action\_result\.data\.\*\.entries\_in\_blocked\_ip\_list | numeric | | 1
action\_result\.status | string | | success
action\_result\.message | string | | Total policies\: 1
action\_result\.summary\.total\_policies | numeric | | 1
summary\.total\_objects | numeric | | 1
summary\.total\_objects\_successful | numeric | | 1

## action: 'describe network policy'
List the details of a network policy

Type: **investigate**
Read only: **True**

#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**policy\_name** | required | Name of policy to describe | string | `snowflake policy name`
**role** | optional | Role to use to execute action | string |

#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action\_result\.data\.\*\.name | string | | ALLOWED\_IP\_LIST
action\_result\.data\.\*\.value | string | `ip` | 192\.168\.1\.0/24,192\.168\.2\.0/24
action\_result\.status | string | | success
action\_result\.message | string | |
action\_result\.parameter\.policy\_name | string | `snowflake policy name` | mypolicy1
action\_result\.parameter\.role | string | | accountadmin
summary\.total\_objects | numeric | | 1
summary\.total\_objects\_successful | numeric | | 1

## action: 'update network policy'
Update an existing network policy

Type: **investigate**
Read only: **False**

#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**policy\_name** | required | Name of network policy to update | string | `snowflake policy name`
**role** | optional | Role to use to execute action | string |
**allowed\_ip\_list** | optional | Comma\-separated list of IPs to replace current allow list\. Add an empty list to clear all IPs from allow list\. | string |
**blocked\_ip\_list** | optional | Comma\-separated list of IPs to replace current block list\. Add an empty list to clear all IPs from block list\. | string |
**comment** | optional | Replace current comment on network policy | string |

#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action\_result\.data\.\*\.status | string | | Statement executed successfully\.
action\_result\.status | string | | success
action\_result\.message | string | | Network policy mypolicy1 was updated successfully
action\_result\.parameter\.comment | string | | updated policy a new update
action\_result\.parameter\.policy\_name | string | `snowflake policy name` | mypolicy1
action\_result\.parameter\.role | string | | accountadmin
action\_result\.parameter\.allowed\_ip\_list | string | | 192\.168\.1\.0/24, 192\.168\.2\.0/24 192\.168\.10\.0/24
action\_result\.parameter\.blocked\_ip\_list | string | | 192\.168\.1\.1, 192\.168\.2\.1 192\.168\.10\.1, 192\.168\.10\.5, 192\.168\.10\.6
summary\.total\_objects | numeric | | 1
summary\.total\_objects\_successful | numeric | | 1

## action: 'remove grants'
Remove a specified granted role from a Snowflake user

Type: **investigate**
Read only: **False**

#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**username** | required | Username | string | `user name`
**role\_to\_remove** | required | Role to remove from user | string |
**role** | optional | Role to use to execute action | string |

#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action\_result\.data\.\*\.status | string | | Statement executed successfully\.
action\_result\.status | string | | success
action\_result\.message | string | | Role accountadmin was successfully removed from user
action\_result\.parameter\.username | string | `user name` | test2
action\_result\.parameter\.role\_to\_remove | string | | accountadmin
summary\.total\_objects | numeric | | 1
summary\.total\_objects\_successful | numeric | | 1
14 changes: 14 additions & 0 deletions __init__.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# File: __init__.py
#
# Copyright (c) 2023 Splunk Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under
# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
# either express or implied. See the License for the specific language governing permissions
# and limitations under the License.
1 change: 1 addition & 0 deletions exclude_files.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
.git*
109 changes: 109 additions & 0 deletions query_results.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
{% extends 'widgets/widget_template.html' %}
{% load custom_template %}

{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%; background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
{% block title1 %}{{ title1 }}{% endblock %}
{% block title2 %}{{ title2 }}{% endblock %}
{% block custom_tools %}
{% endblock %}

{% block widget_content %} <!-- Main Start Block -->

<!-- File: query_results.html
Copyright (c) 2023 Splunk Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under
the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express or implied. See the License for the specific language governing permissions
and limitations under the License.
-->

<style>


.mysql a:hover {
text-decoration:underline;
}

.mysql .wf-h4-style {
font-size : 20px;
}

.mysql .dataTable th.widget-th {
border-bottom: 1px solid !important;
}

.mysql .dataTable td {
vertical-align: top;
}

.mysql .dataTable td.widget-td a{
font-size: 12px;
}

.mysql .dataTable {
font-size: 12px;
}

.mysql .dataTable .glyphicon.glyphicon-dot:before {
content: "\25cf"; font-size: 10px;
}

</style>
<div class="mysql" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px"> <!-- Main Div -->
{% for result in results %} <!-- loop for each result -->
{% if not result.data %}
<h4 class="wf-h4-style">No data found</h4>
<br>
{% else %}
<div class="mysql">
<!--Default View-->
<table class="phantom-table dataTable">
<thead>
<tr>
{% for header in result.headers%}
<th class="widget-th">{{ header }}</th>
{% endfor %}
</tr>
</thead>
<tbody>
{% for row in result.data %}
<tr>
{% for cell in row %}
<td class="widget-td">{{ cell.value }}</td>
{% endfor %}
</tr>
{% endfor %}
</tbody>
</table>
</div>
<br>
{% endif %}
{% endfor %}
</div> <!-- Main Div -->


<script>
$.extend(true, $.fn.dataTable.defaults, {
"searching": true,
"bLengthChange": false,
"language": {
"paginate": {
"previous": "<i class='fa fa-angle-left fa-lg'></i>",
"next": "<i class='fa fa-angle-right fa-lg'></i>"
},
"emptyTable": "No data available"
},
"dom": '<"top">rt<"bottom"p><"clear">',
drawCallback: function(settings) {
var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
pagination.toggle(this.api().page.info().pages > 1);
}
});
$('.dataTable').DataTable();

</script>
{% endblock %} <!-- Main Start Block -->
Loading

0 comments on commit 0287380

Please sign in to comment.