Merge pull request #179 from intelowlproject/develop

4.3.0

Author: mlodic

.github/CHANGELOG.md

@@ -1,5 +1,8 @@
 # Changelog
 
+## [4.3.0](https://github.com/intelowlproject/pyintelowl/releases/tag/4.3.0)
+- this version supports the new Playbooks feature released with IntelOwl v4.1.0
+
 ## [4.2.0](https://github.com/intelowlproject/pyintelowl/releases/tag/4.2.0)
 
 - this version is fully compatible with IntelOwl v4 (#165)

.github/release_template.md

@@ -1,7 +1,7 @@
 # Checklist for creating a new release
 
 - [ ] Update `CHANGELOG.md` for the new version
-- [ ] Change version number in `docs.config.py`, `pyintelowl/version.py`
+- [ ] Change version number in `docs/conf.py`, `pyintelowl/version.py`
 - [ ] Verify CI Tests
 - [ ] Merge the PR to the `master` branch. **Note:** Only use "Merge and commit" as the merge strategy and not "Squash and merge". Using "Squash and merge" makes history between branches misaligned.
 

docs/conf.py

@@ -13,7 +13,7 @@
 import os
 import sys
 
-VERSION = "4.2.0"
+VERSION = "4.3.0"
 GITHUB_URL = "https://github.com/intelowlproject/pyintelowl"
 
 sys.path.append(os.path.abspath("../"))

docs/index.rst

@@ -34,6 +34,7 @@ On successful installation, The ``pyintelowl`` entryscript should be directly in
    connector-healthcheck  Send healthcheck request for a connector
    get-analyzer-config    Get current state of `analyzer_config.json` from...
    get-connector-config   Get current state of `connector_config.json` from...
+   get-playbook-config    Get current state of `playbook_config.json` from...
    jobs                   Manage Jobs
    tags                   Manage tags
 

docs/requirements.txt

@@ -1,4 +1,4 @@
-Sphinx==5.0.1
+Sphinx==5.1.1
 sphinx-rtd-theme
 sphinxcontrib.asciinema
 sphinxcontrib-napoleon

pyintelowl/cli/__init__.py

@@ -4,6 +4,7 @@
     connector_healthcheck,
     get_analyzer_config,
     get_connector_config,
+    get_playbook_config,
 )
 from .config import config
 from .jobs import jobs
@@ -20,6 +21,7 @@
 cmds = [
     get_analyzer_config,
     get_connector_config,
+    get_playbook_config,
     analyzer_healthcheck,
     connector_healthcheck,
 ]

pyintelowl/cli/_jobs_utils.py

@@ -103,6 +103,9 @@ def _display_all_jobs(logger, rows):
     table.add_column(
         header="Connectors\nCalled", justify="center", header_style=header_style
     )
+    table.add_column(
+        header="Playbooks\nCalled", justify="center", header_style=header_style
+    )
     table.add_column(
         header="Process\nTime(s)", justify="center", header_style=header_style
     )
@@ -118,6 +121,7 @@ def _display_all_jobs(logger, rows):
                 ", ".join([t["label"] for t in el["tags"]]),
                 ", ".join(el["analyzers_to_execute"]),
                 ", ".join(el["connectors_to_execute"]),
+                ", ".join(el["playbooks_to_execute"]),
                 str(el["process_time"]),
                 get_status_text(el["status"]),
             )

pyintelowl/cli/analyse.py

@@ -74,6 +74,24 @@
     ),
 ]
 
+__playbook_analyse_options = __analyse_options.copy()
+# doing it twice to remove --analyzers-list and --connectors-list
+__playbook_analyse_options.pop(0)
+__playbook_analyse_options.pop(0)
+
+__playbook_analyse_options.append(
+    click.option(
+        "-pl",
+        "--playbooks-list",
+        type=str,
+        default="",
+        help="""
+        Comma separated list of playbook names to invoke.
+        Defaults to all configured playbooks.
+        """,
+    ),
+)
+
 
 @click.group("analyse")
 def analyse():
@@ -162,6 +180,80 @@ def file(
         ctx.obj.logger.fatal(str(e))
 
 
+@analyse.command(help="Send playbook analysis request for an observable")
+@click.argument("value")
+@add_options(__playbook_analyse_options)
+@click.pass_context
+def playbook_observable(
+    ctx: ClickContext,
+    value: str,
+    playbooks_list: str,
+    tags_list: str,
+    tlp: str,
+    check,
+    check_minutes_ago: int,
+    runtime_config,
+    should_poll: bool,
+):
+    playbooks_list = playbooks_list.split(",") if len(playbooks_list) else []
+    tags_labels = tags_list.split(",") if len(tags_list) else []
+    if runtime_config:
+        runtime_config = get_json_data(runtime_config)
+    else:
+        runtime_config = {}
+    try:
+        ctx.obj._new_analysis_playbook_cli(
+            value,
+            "observable",
+            check,
+            tlp,
+            playbooks_list,
+            runtime_config,
+            tags_labels,
+            should_poll,
+            check_minutes_ago,
+        )
+    except IntelOwlClientException as e:
+        ctx.obj.logger.fatal(str(e))
+
+
+@analyse.command(help="Send playbook analysis request for an observable")
+@click.argument("filepath", type=click.Path(exists=True, resolve_path=True))
+@add_options(__playbook_analyse_options)
+@click.pass_context
+def playbook_file(
+    ctx: ClickContext,
+    filepath: str,
+    playbooks_list: str,
+    tags_list: str,
+    tlp: str,
+    check,
+    check_minutes_ago: int,
+    runtime_config,
+    should_poll: bool,
+):
+    playbooks_list = playbooks_list.split(",") if len(playbooks_list) else []
+    tags_labels = tags_list.split(",") if len(tags_list) else []
+    if runtime_config:
+        runtime_config = get_json_data(runtime_config)
+    else:
+        runtime_config = {}
+    try:
+        ctx.obj._new_analysis_playbook_cli(
+            filepath,
+            "file",
+            check,
+            tlp,
+            playbooks_list,
+            runtime_config,
+            tags_labels,
+            should_poll,
+            check_minutes_ago,
+        )
+    except IntelOwlClientException as e:
+        ctx.obj.logger.fatal(str(e))
+
+
 @analyse.command(
     help="Send multiple analysis requests. Reads file (csv or json) for inputs."
 )

pyintelowl/cli/commands.py

@@ -157,6 +157,68 @@ def get_connector_config(
             console.print(table)
 
 
+@click.command(
+    help="Get current state of `playbook_config.json` from the IntelOwl instance",
+)
+@click.option(
+    "-m",
+    "--re-match",
+    help="RegEx Pattern to filter analyzer names against",
+)
+@add_options(json_flag_option)
+@click.option(
+    "-t", "--text", "as_text", is_flag=True, help="Print playbook names as CSV"
+)
+@click.pass_context
+def get_playbook_config(ctx: ClickContext, re_match: str, as_json: bool, as_text: bool):
+    console = Console()
+    ctx.obj.logger.info("Requesting [italic blue]playbook_config.json[/]..")
+    try:
+        res = ctx.obj.get_playbook_configs()
+        # filter resulset if a regex pattern was provided
+        if re_match:
+            pat = re.compile(re_match)
+            res = {k: v for k, v in res.items() if pat.match(k) is not None}
+    except IntelOwlClientException as e:
+        ctx.obj.logger.fatal(str(e))
+        ctx.exit(0)
+    if as_json:
+        with console.pager(styles=True):
+            console.print(json.dumps(res, indent=4))
+    elif as_text:
+        click.echo(", ".join(res.keys()))
+    else:
+        # otherwise, print full table
+        headers = [
+            "Name",
+            "Analyzers",
+            "Connectors",
+            "Description",
+            "Supports",
+            "Disabled",
+        ]
+        header_style = "bold blue"
+        table = Table(
+            show_header=True,
+            title="Playbook Configurations",
+            box=box.DOUBLE_EDGE,
+            show_lines=True,
+        )
+        for h in headers:
+            table.add_column(h, header_style=header_style, justify="center")
+        for name, obj in res.items():
+            table.add_row(
+                name,
+                get_json_syntax(obj.get("analyzers", {})),
+                get_json_syntax(obj.get("connectors", {})),
+                obj.get("description", ""),
+                get_json_syntax(obj.get("supports", [])),
+                get_success_text(obj.get("disabled", False)),
+            )
+        with console.pager(styles=True):
+            console.print(table)
+
+
 @click.command(help="Send healthcheck request for an analyzer (docker-based)")
 @click.argument("analyzer_name", type=str)
 @click.pass_context