cyberhaven-incidents 0.4.0 → 0.4.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/README.md +6 -6
  4. data/lib/cyberhaven/incidents/user.rb +202 -301
  5. data/lib/cyberhaven/incidents/version.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e1852bcc7cbcbb90acce8ad0a6958b9987b5dc77c81def0f2a3acf9704f5b759
4
- data.tar.gz: 3fc25b31c33f5acd2cfc9977779fadf5df4ccb213680ea971ebfda52edf05602
3
+ metadata.gz: 117a00860ffb6bcb9995a8cd5873f19fc79e59a4ce145c1dccf388f37d4148ab
4
+ data.tar.gz: 0ba9dcedfa1bd2b20eeb23c46ff1c6951ebd06b0c9796ee54ccc531bfe405ded
5
5
  SHA512:
6
- metadata.gz: e44d80eaab68028327e398fa3d88ce749d94c9a83876fbb34f6120f9e1f84f6ed8d58e483e17333272beb2f00e495bb315ab49eda46b3b882f0d9fe3f9389004
7
- data.tar.gz: 90c4298aadf9d12d5e81eb35d611c6b0e6a8cef73d260f046664d1e1ddbc72f52241771ccb3ac6b545aaf12679848620b55ac42c8764f1198b80953494066da5
6
+ metadata.gz: 14708bcbd39f466f0d5de88bb13a29163abec446df9b69de2b585a9d60d07b62e8596db33966ac8919c0eb3b9354aa54d09fb65d7b45ec5ee9558984c016cad0
7
+ data.tar.gz: 684d1cef9121a450e57fdfc9e9f3bdb09101145d0a79cb768be38e4ac30ec6fd5f3ad4d77f8db6b3112550de90517617e88b494b0500c5eaffbd72d944d004ad
data/CHANGELOG.md CHANGED
@@ -1,4 +1,8 @@
1
1
 
2
+ ## 0.4.1
3
+ Add: add user civ
4
+ Fixed: pagination on user events
5
+
2
6
  ## 0.4.0
3
7
  Add: add user incidenetss for status and number of events
4
8
 
data/README.md CHANGED
@@ -39,14 +39,14 @@ Cyberhaven::Incidents::totalInProgressIncidents
39
39
  Cyberhaven::Incidents::totalResolvedIncidents
40
40
 
41
41
  ## Detailed Incident details by ID
42
- Cyberhaven::Incidents::Id::DetailedJson("#{incidentID}")
43
- Cyberhaven::Incidents::Id::DetailedYaml("#{incidentID}")
44
- Cyberhaven::Incidents::Id::DetailedReport("#{incidentID}")
42
+ Cyberhaven::Incidents::Id::DetailedJson("incidentID")
43
+ Cyberhaven::Incidents::Id::DetailedYaml("incidentID")
44
+ Cyberhaven::Incidents::Id::DetailedReport("incidentID")
45
45
 
46
46
  ## Summaried Incidents details by ID
47
- Cyberhaven::Incidents::Id::SummaryJson("#{incidentID}")
48
- Cyberhaven::Incidents::Id::SummaryYaml("#{incidentID}")
49
- Cyberhaven::Incidents::Id::SummaryReport("#{incidentID}")
47
+ Cyberhaven::Incidents::Id::SummaryJson("incidentID")
48
+ Cyberhaven::Incidents::Id::SummaryYaml("incidentID")
49
+ Cyberhaven::Incidents::Id::SummaryReport("incidentID")
50
50
 
51
51
  ## Incident details by user
52
52
  puts Cyberhaven::Incidents::User::DetailedRaw("username", "status", numberOfEvents)
data/lib/cyberhaven/incidents/user.rb CHANGED
@@ -1,11 +1,15 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
 
4
+ require 'etc'
5
+ require 'csv'
6
+ require "set"
7
+
8
+
4
9
  module Cyberhaven
5
10
  module Incidents
6
11
  module User
7
- ## DETAILED VERBOSE ----------------------------------------------------
8
- def self.DetailedRaw(username, status, numberOfEvents)
12
+ def self.TotalIncidents(username)
9
13
 
10
14
  $pageToken = "1"
11
15
  loop do
@@ -17,15 +21,15 @@ module Cyberhaven
17
21
 
18
22
  $query ={
19
23
  "filters":{
20
- "resolution_statuses": [
21
- "#{status}"
22
- ],
24
+ # "resolution_statuses": [
25
+ # "#{status}"
26
+ # ],
23
27
  "users": [
24
28
  "#{username}"
25
29
  ],
26
30
  },
27
31
  "sort_by": "event_time",
28
- "page_size": numberOfEvents,
32
+ "page_id": "#{$pageToken}",
29
33
  "sort_desc": true
30
34
  }.to_json
31
35
 
@@ -40,317 +44,214 @@ module Cyberhaven
40
44
  status = response.code
41
45
  results = JSON.parse(response.read_body)
42
46
 
43
- pageToken = results["next_page_id"]
44
- $data = results["incidents"]
45
- return $data
47
+ puts results["total"]
46
48
  else
47
49
  break
48
50
  end
49
51
  end
50
52
  end
51
-
52
- def self.DetailedJson(username, status, numberOfEvents)
53
- DetailedRaw("#{username}", "#{status}", numberOfEvents)
54
- return $data.to_json
55
- end
56
-
57
- # def self.DetailedYaml(incidentID)
58
- # DetailedRaw("#{incidentID}")
59
- # puts $data.to_yaml
60
- # end
61
-
62
- # def self.DetailedReport(incidentID)
63
- # $query ={
64
- # "filters":{
65
- # "incident_ids": [
66
- # "#{incidentID}"
67
- # ],
68
- # },
69
- # "sort_by": "event_time",
70
- # "page_size": 1,
71
- # "sort_desc": true
72
- # }.to_json
73
53
 
74
- # url = URI("https://#{$deployment}/api/rest/v1/incidents/list")
75
- # https = Net::HTTP.new(url.host, url.port)
76
- # https.use_ssl = true
77
- # request = Net::HTTP::Get.new(url)
78
- # request["Content-Type"] = "application/json"
79
- # request["Authorization"] = "Bearer #{$bearerToken}"
80
- # request.body = $query
81
- # response = https.request(request)
82
- # status = response.code
83
- # results = JSON.parse(response.read_body)
54
+ def self.AllIncidentsResults(username)
55
+
56
+ $incidentArray = []
84
57
 
85
- # results["incidents"].each do |item|
86
- # puts "INCIDENT ID: #{item["id"]}"
87
- # puts " EVENT TIME: #{item["event_time"]}"
88
- # puts " TRIGGER TIME: #{item["trigger_time"]}"
89
- # puts " POLICY NAME: #{item["category"]["name"]}"
90
- # puts " POLICY SEVERITY: #{item["category"]["severity"]}"
91
- # puts " USER: #{item["user"]}"
92
- # puts " STATUS: #{item["resolution_status"]}"
93
- # puts " OUTDATED POLICY: #{item["outdated_policy"]}"
94
- # puts " FILE: #{item["file"]}"
95
- # puts " FILE PATH: #{item["data"]["path"]}"
96
- # puts " SOURCE DATA: #{item["source_data"]["path"]}"
97
- # puts " PERSONAL INFO:"
98
- # if ! item["personal_info"].nil?
99
- # item["personal_info"].each do |personalItem|
100
- # puts " #{personalItem}"
101
- # end
102
- # end
103
- # puts " ASSIGNEE: #{item["assignee"]}"
104
- # puts " CONTENT TAGS: #{item["content_tags"]}"
105
- # puts " RESPONSE: #{item["incident_response"]}"
106
- # puts " REACTION: #{item["incident_reactions"]}"
107
- # puts " ADMIN HISTORY: #{item["admin_history"]}"
108
- # puts " CATEGOERY MODIFIED: #{item["category_last_modified"]}"
109
- # puts " DATASET MODIFIED: #{item["dataset_last_modified"]}"
110
- # puts " ALERT ID: #{item["alert_id"]}"
111
- # puts " SCREENSHOT GUID: #{item["screenshot_guid"]}"
112
- # puts ""
58
+ $pageToken = "1"
59
+ loop do
60
+ unless $pageToken.empty?
113
61
 
114
- # puts " DATASET:"
115
- # puts " ID: #{item["dataset"]["id"]}"
116
- # puts " NAME: #{item["dataset"]["name"]}"
117
- # puts " SENSITIVITY: #{item["dataset"]["sensitivity"]}"
118
- # puts " LAST MODIFIED: #{item["dataset"]["last_modified"]}"
119
- # puts ""
62
+ if $pageToken == "1"
63
+ $pageToken = ""
64
+ end
120
65
 
121
- # puts " POLICY:"
122
- # puts " ID: #{item["category"]["id"]}"
123
- # puts " NAME: #{item["category"]["name"]}"
124
- # puts " SEVERITY: #{item["category"]["severity"]}"
125
- # puts " DATASET IDS: #{item["category"]["dataset_ids"]}"
126
- # puts " EXCLUDE ORIGIN: #{item["category"]["exclude_origin"]}"
127
- # puts " LAST MODIFIED: #{item["category"]["last_modified"]}"
128
- # puts " SELECTION TYPE: #{item["category"]["selection_type"]}"
129
- # puts " RULE:"
130
- # puts " ID: #{item["category"]["rule"]["id"]}"
131
- # puts " STATUS: #{item["category"]["rule"]["status"]}"
132
- # puts " CREATE INCIDENT: #{item["category"]["rule"]["create_incident"]}"
133
- # puts " RECORD SCREENSHOT: #{item["category"]["rule"]["record_screenshots"]}"
134
- # puts " NOTIFY ENABLED: #{item["category"]["rule"]["notify_enabled"]}"
135
- # puts " NOTIFY STATUS: #{item["category"]["rule"]["notify_status"]}"
136
- # puts " NOTIFY EMAIL: #{item["category"]["rule"]["notify_email"]}"
137
- # puts " SHOW TITLE: #{item["category"]["rule"]["show_title"]}"
138
- # puts " SHOW LOGO: #{item["category"]["rule"]["show_logo"]}"
139
- # puts " REQUIRE JUSTIFICATION: #{item["category"]["rule"]["require_justification"]}"
140
- # puts " REQUIRE ACKNOWLEDGEMENT: #{item["category"]["rule"]["should_ack_warning"]}"
141
- # puts " ALLOW REVIEW: #{item["category"]["rule"]["allow_request_review"]}"
142
- # puts " OVERRIDE ENABLED: #{item["category"]["rule"]["override_enabled"]}"
143
- # puts " BLOCKING ACTION: #{item["category"]["rule"]["blocking_action"]}"
144
- # puts " INCIDENT ACTION: #{item["category"]["rule"]["incident_action"]}"
145
- # puts " WARNING MESSAGE:"
146
- # puts " TITLE: #{item["category"]["rule"]["warning_dialog"]["title"]}"
147
- # puts " EXPLANATION: #{item["category"]["rule"]["warning_dialog"]["explanation"]}"
148
- # puts " PLACEHOLDER: #{item["category"]["rule"]["warning_dialog"]["placeholder"]}"
149
- # puts " CHECK TEXT: #{item["category"]["rule"]["warning_dialog"]["check_text"]}"
150
- # puts " REVIEW CHECK TEXT: #{item["category"]["rule"]["warning_dialog"]["review_check_text"]}"
151
- # puts " SUBMIT LABEL: #{item["category"]["rule"]["warning_dialog"]["submit_label"]}"
152
- # puts " ALLOW LABEL: #{item["category"]["rule"]["warning_dialog"]["allow_label"]}"
153
- # puts " BLOCKING MESSAGE:"
154
- # puts " TITLE: #{item["category"]["rule"]["blocking_dialog"]["title"]}"
155
- # puts " EXPLANATION: #{item["category"]["rule"]["blocking_dialog"]["explanation"]}"
156
- # puts " PLACEHOLDER: #{item["category"]["rule"]["blocking_dialog"]["placeholder"]}"
157
- # puts " CHECK TEXT: #{item["category"]["rule"]["blocking_dialog"]["check_text"]}"
158
- # puts " REVIEW CHECK TEXT: #{item["category"]["rule"]["blocking_dialog"]["review_check_text"]}"
159
- # puts " SUBMIT LABEL: #{item["category"]["rule"]["blocking_dialog"]["submit_label"]}"
160
- # puts " ALLOW LABEL: #{item["category"]["rule"]["blocking_dialog"]["allow_label"]}"
161
- # puts ""
162
-
163
- # puts " SOURCE INFORMATION:"
164
- # puts " PATH: #{item["edge"]["source"]["path"]}"
165
- # puts " EXTENSION: #{item["edge"]["source"]["extension"]}"
166
- # puts " URL: #{item["edge"]["source"]["url"]}"
167
- # puts " BROWSER URL: #{item["edge"]["source"]["browser_page_url"]}"
168
- # puts " BROWSER DOMAIN: #{item["edge"]["source"]["browser_page_domain"]}"
169
- # puts " BROWSER TITLE: #{item["edge"]["source"]["browser_page_title"]}"
170
- # puts " HOSTNAME: #{item["edge"]["source"]["hostname"]}"
171
- # puts " URI: #{item["edge"]["source"]["content_uri"]}"
172
- # puts " LOCATION: #{item["edge"]["source"]["location"]}"
173
- # puts " LOCATION OUTLINE: #{item["edge"]["source"]["location_outline"]}"
174
- # puts " CATEGORY: #{item["edge"]["source"]["category"]}"
175
- # puts " LINKS: #{item["edge"]["source"]["links"]}"
176
- # puts " ID: #{item["edge"]["source"]["raw_id"]}"
177
- # puts " TAGS: #{item["edge"]["source"]["tags_applied"]}"
178
- # puts " UPLOAD URI: #{item["edge"]["source"]["content_upload_uri"]}"
179
- # puts " REPORT URI: #{item["edge"]["source"]["content_report_uri"]}"
180
- # puts " TAGS: #{item["edge"]["source"]["tags_applied"]}"
181
- # puts " EVENT TYPE: #{item["edge"]["source"]["event_type"]}"
182
- # puts " SENSOR: #{item["edge"]["source"]["sensor_name"]}"
183
- # puts " USERNAME: #{item["edge"]["source"]["local_user_name"]}"
184
- # puts " USER ID: #{item["edge"]["source"]["local_user_sid"]}"
185
- # puts " LOCAL TIME: #{item["edge"]["source"]["local_time"]}"
186
- # puts " MACHINE NAME: #{item["edge"]["source"]["local_machine_name"]}"
187
- # puts " ENDPIONT ID: #{item["edge"]["source"]["endpoint_id"]}"
188
- # puts " GROUP NAME: #{item["edge"]["source"]["group_name"]}"
189
- # puts " LOCAL ID: #{item["edge"]["source"]["local_id"]}"
190
- # puts " BLOCKED: #{item["edge"]["source"]["blocked"]}"
191
- # puts " DATA SIZE: #{item["edge"]["source"]["data_size"]}"
192
- # puts ""
66
+ $query ={
67
+ "filters":{
68
+ "resolution_statuses":[
69
+ "unresolved", "ignored", "in_progress", "resolved"
70
+ ],
71
+ "users": [
72
+ "#{username}"
73
+ ],
74
+ },
75
+ "sort_by": "event_time",
76
+ "page_id": "#{$pageToken}",
77
+ "page_size": 1000,
78
+ "sort_desc": true
79
+ }.to_json
80
+
81
+ url = URI("https://#{$deployment}/api/rest/v1/incidents/list")
82
+ https = Net::HTTP.new(url.host, url.port)
83
+ https.use_ssl = true
84
+ request = Net::HTTP::Get.new(url)
85
+ request["Content-Type"] = "application/json"
86
+ request["Authorization"] = "Bearer #{$bearerToken}"
87
+ request.body = $query
88
+ response = https.request(request)
89
+ status = response.code
90
+ results = JSON.parse(response.read_body)
91
+
92
+ $pageToken = results["next_page_id"]
93
+ results["incidents"].each do |item|
94
+ $incidentArray.push(item)
95
+ end
96
+ else
97
+ break
98
+ end
99
+ end
100
+ end
193
101
 
194
- # puts " DESTINATION INFORMATION:"
195
- # puts " PATH: #{item["edge"]["destination"]["path"]}"
196
- # puts " EXTENSION: #{item["edge"]["destination"]["extension"]}"
197
- # puts " UPLOAD FILE ID: #{item["edge"]["destination"]["upload_file_id"]}"
198
- # puts " URL: #{item["edge"]["destination"]["url"]}"
199
- # puts " BROWSER TITLE: #{item["edge"]["destination"]["browser_page_title"]}"
200
- # puts " HOSTNAME: #{item["edge"]["destination"]["hostname"]}"
201
- # puts " MD5: #{item["edge"]["destination"]["md5_hash"]}"
202
- # puts " FILE SIZE: #{item["edge"]["destination"]["file_size"]}"
203
- # puts " PATH COMPONENTS: #{item["edge"]["destination"]["path_components"]}"
204
- # puts " BASENAME: #{item["edge"]["destination"]["path_basename"]}"
205
- # puts " DOMAIN COMPONENTS: #{item["edge"]["destination"]["domain_components"]}"
206
- # puts " DOMAIN: #{item["edge"]["destination"]["domain"]}"
207
- # puts " URI: #{item["edge"]["destination"]["content_uri"]}"
208
- # puts " LOCATION: #{item["edge"]["destination"]["location"]}"
209
- # puts " LOCATION OUTLINE: #{item["edge"]["destination"]["location_outline"]}"
210
- # puts " CATEGORY: #{item["edge"]["destination"]["category"]}"
211
- # puts " LINKS: #{item["edge"]["destination"]["links"]}"
212
- # puts " RAW ID: #{item["edge"]["destination"]["raw_id"]}"
213
- # puts " TAGS: #{item["edge"]["destination"]["tags_applied"]}"
214
- # puts " CONTENT UPLOAD URI: #{item["edge"]["destination"]["content_upload_uri"]}"
215
- # puts " CONTENT REPORT URI: #{item["edge"]["destination"]["content_report_uri"]}"
216
- # puts " EVENT TYPE: #{item["edge"]["destination"]["event_type"]}"
217
- # puts " SENSOR: #{item["edge"]["destination"]["sensor_name"]}"
218
- # puts " LOCAL USERNAME: #{item["edge"]["destination"]["local_user_name"]}"
219
- # puts " LOCAL USERID: #{item["edge"]["destination"]["local_user_sid"]}"
220
- # puts " LOCAL TIME: #{item["edge"]["destination"]["local_time"]}"
221
- # puts " LOCAL MACHINE NAME: #{item["edge"]["destination"]["local_machine_name"]}"
222
- # puts " ENDPOINT ID: #{item["edge"]["destination"]["endpoint_id"]}"
223
- # puts " GROUP NAMES: #{item["edge"]["destination"]["group_name"]}"
224
- # puts " BLOCKED: #{item["edge"]["destination"]["blocked"]}"
225
- # puts " DATA SIZE: #{item["edge"]["destination"]["data_size"]}"
226
- # puts " LOCAL ID: #{item["edge"]["destination"]["local_id"]}"
227
- # puts " GDRIVE FILE ID: #{item["edge"]["destination"]["gdrive_file_id"]}"
228
- # puts " CLOUD PROVIDER: #{item["edge"]["destination"]["cloud_provider"]}"
229
- # puts " CLOUD APP: #{item["edge"]["destination"]["cloud_app"]}"
230
- # puts " CLOUD ACCOUNT: #{item["edge"]["destination"]["cloud_app_account"]}"
231
- # puts " DLP SCAN ID: #{item["edge"]["destination"][" dlp_scan_linking_id"]}"
232
- # puts ""
233
- # end
234
- # end
102
+ def self.AllIncidents(username)
103
+ AllIncidentsResults("#{username}")
104
+ return $incidentArray
105
+ end
235
106
 
107
+ def self.AllIncidentsCSV(username)
108
+ now_date = DateTime.now
109
+ datetime = now_date.strftime('%Y%m%d')
110
+ $currentUser = ENV['USER']
111
+ $reportPath="/Users/#{$currentUser}/Desktop/#{datetime}_#{username}_report.csv"
236
112
 
237
- # ## SUMMARIES -----------------------------------------------------------
238
- # def self.SummaryRaw(incidentID)
239
- # $query ={
240
- # "filters":{
241
- # "incident_ids": [
242
- # "#{incidentID}"
243
- # ],
244
- # },
245
- # "sort_by": "event_time",
246
- # "page_size": 1,
247
- # "sort_desc": true
248
- # }.to_json
113
+ $pageToken = "1"
114
+ $incidentArray = []
115
+
116
+ loop do
117
+ unless $pageToken.empty?
249
118
 
250
- # url = URI("https://#{$deployment}/api/rest/v1/incidents/list")
251
- # https = Net::HTTP.new(url.host, url.port)
252
- # https.use_ssl = true
253
- # request = Net::HTTP::Get.new(url)
254
- # request["Content-Type"] = "application/json"
255
- # request["Authorization"] = "Bearer #{$bearerToken}"
256
- # request.body = $query
257
- # response = https.request(request)
258
- # status = response.code
259
- # results = JSON.parse(response.read_body)
260
-
261
- # results["incidents"].each do |item|
262
- # $data = {
263
- # values: {
264
- # "incident_id": " #{item["id"]}".to_s,
265
- # "event_time": " #{item["event_time"]}".to_s,
266
- # "policy_name": "#{item["category"]["name"]}".to_s,
267
- # "policy_severity": " #{item["category"]["severity"]}".to_s,
268
- # "user": "#{item["user"]}".to_s,
269
- # "status": "#{item["resolution_status"]}".to_s,
270
- # "dataset": "#{item["dataset"]["name"]}".to_s,
271
- # "dataset_sensitivity": "#{item["dataset"]["sensitivity"]}".to_i,
272
- # "ploiicy_severity": "#{item["category"]["severity"]}".to_i,
273
- # "create_incident": " #{item["category"]["rule"]["create_incident"]}".to_s,
274
- # "incident_action": "#{item["category"]["rule"]["incident_action"]}".to_s,
275
- # "src_url": "#{item["edge"]["source"]["url"]}".to_s,
276
- # "src_browser_url": "#{item["edge"]["source"]["browser_page_url"]}".to_s,
277
- # "src_browser_domain": " #{item["edge"]["source"]["browser_page_domain"]}".to_s,
278
- # "src_browser_title": "#{item["edge"]["source"]["browser_page_title"]}".to_s,
279
- # "src_location": "#{item["edge"]["destination"]["location"]}".to_s,
280
- # "src_location_outline": "#{item["edge"]["source"]["location_outline"]}".to_s,
281
- # "src_category": "#{item["edge"]["source"]["category"]}".to_s,
282
- # "dst_browser_title": "#{item["edge"]["destination"]["browser_page_title"]}".to_s,
283
- # "dst_basename": "#{item["edge"]["destination"]["path_basename"]}".to_s,
284
- # "dst_domain": "#{item["edge"]["destination"]["domain"]}".to_s,
285
- # "dest_location": "#{item["edge"]["destination"]["location"]}".to_s,
286
- # "dst_location_outline": "#{item["edge"]["destination"]["location_outline"]}".to_s,
287
- # "dst_category": "#{item["edge"]["destination"]["category"]}".to_s,
288
- # "dst_event_type": "#{item["edge"]["destination"]["event_type"]}".to_s,
289
- # "dst_sensor": "#{item["edge"]["destination"]["sensor_name"]}".to_s,
290
- # "dst_local_username": "#{item["edge"]["destination"]["local_user_name"]}".to_s,
291
- # "dst_local_machine_name": "#{item["edge"]["destination"]["local_machine_name"]}".to_s,
292
- # "dst_blocked": "#{item["edge"]["destination"]["blocked"]}".to_s,
293
- # "dst_data_size": "#{item["edge"]["destination"]["data_size"]}".to_s,
294
- # "dst_gdrive_file_id": "#{item["edge"]["destination"]["gdrive_file_id"]}".to_s,
295
- # "dst_cloud_provider": "#{item["edge"]["destination"]["cloud_provider"]}".to_s,
296
- # "dst_cloud_app": "#{item["edge"]["destination"]["cloud_app"]}".to_s,
297
- # "dst_cloud_account": "#{item["edge"]["destination"]["cloud_app_account"]}".to_s,
298
- # }}
299
- # return $data
300
- # end
301
- # end
302
-
303
- # def self.SummaryJson(incidentID)
304
- # SummaryRaw("#{incidentID}")
305
- # puts $data.to_json
306
- # end
119
+ if $pageToken == "1"
120
+ $pageToken = ""
121
+ end
122
+
123
+ $query ={
124
+ "filters":{
125
+ "resolution_statuses":[
126
+ "unresolved", "ignored", "in_progress", "resolved"
127
+ ],
128
+ "users": [
129
+ "#{username}"
130
+ ],
131
+ },
132
+ "page_id": "#{$pageToken}",
133
+ "sort_by": "event_time",
134
+ "page_size": 1000,
135
+ "sort_desc": true
136
+ }.to_json
137
+
138
+ url = URI("https://dailypay.cyberhaven.io/api/rest/v1/incidents/list")
139
+ https = Net::HTTP.new(url.host, url.port)
140
+ https.use_ssl = true
141
+ request = Net::HTTP::Get.new(url)
142
+ request["Content-Type"] = "application/json"
143
+ request["Authorization"] = "Bearer #{$bearerToken}"
144
+ request.body = $query
145
+ response = https.request(request)
146
+ status = response.code
147
+ results = JSON.parse(response.read_body)
148
+
149
+ $pageToken = results["next_page_id"]
150
+ # puts results["total"]
151
+ # puts results["next_page_id"]
307
152
 
308
- # def self.SummaryYaml(incidentID)
309
- # SummaryRaw("#{incidentID}")
310
- # puts $data.to_yaml
311
- # end
153
+ array = []
154
+ results["incidents"].each do |item|
155
+ $incident_hash = {
156
+ "Event Time" => "#{item["event_time"]}",
157
+ "Trigger Time" => "#{item["trigger_time"]}",
158
+ "ID" => "#{item["id"]}",
159
+ "Policy Name" => "#{item["category"]["name"]}",
160
+ "Policy Severity" => "#{item["category"]["severity"]}",
161
+ "User" => "#{item["user"]}",
162
+ "Assignee" => "#{item["assignee"]}",
163
+ "Status" => "#{item["resolution_status"]}",
164
+ "Severity" => "#{item["severity"]}",
165
+ "Dataset Name" => "#{item["dataset"]["name"]}",
166
+ "Category Severity" => "#{item["category"]["severity"]}",
167
+ "File" => "#{item["file"]}",
168
+ "Data Path" => "#{item["data"]["path"]}",
169
+ "Source Path" => "#{item["source_data"]["path"]}",
170
+ "Content Tags" => "#{item["content_tags"]}",
171
+ "Source Path " => "#{item["edge"]["source"]["path"]}",
172
+ "Source Extension" => "#{item["edge"]["source"]["extension"]}",
173
+ "Source Url" => "#{item["edge"]["source"]["url"]}",
174
+ "Source Browser Url" => "#{item["edge"]["source"]["browser_page_url"]}",
175
+ "Source Domain" => "#{item["edge"]["source"]["browser_page_domain"]}",
176
+ "Source Browser Title" => "#{item["edge"]["source"]["browser_page_title"]}",
177
+ "Source Hostname" => "#{item["edge"]["source"]["hostname"]}",
178
+ "Source URI" => "#{item["edge"]["source"]["content_uri"]}",
179
+ "Source Location" => "#{item["edge"]["source"]["location"]}",
180
+ "Source Location Outline" => "#{item["edge"]["source"]["location_outline"]}",
181
+ "Source Category" => "#{item["edge"]["source"]["category"]}",
182
+ "Source Links" => "#{item["edge"]["source"]["links"]}",
183
+ "Source ID" => "#{item["edge"]["source"]["links"]}",
184
+ "Tags Applied" => "#{item["edge"]["source"]["tags_applied"]}",
185
+ "Source Upload URI" => "#{item["edge"]["source"]["content_upload_uri"]}",
186
+ "Source Report URI" => "#{item["edge"]["source"]["content_report_uri"]}",
187
+ "Source Event Type" => "#{item["edge"]["source"]["event_type"]}",
188
+ "Source Sensor Name" => "#{item["edge"]["source"]["sensor_name"]}",
189
+ "Source Local User" => "#{item["edge"]["source"]["local_user_name"]}",
190
+ "Source Local User ID" => "#{item["edge"]["source"]["local_user_sid"]}",
191
+ "Source Local Time" => "#{item["edge"]["source"]["local_time"]}",
192
+ "Source Local Machine" => "#{item["edge"]["source"]["local_machine_name"]}",
193
+ "Source Endpoint ID" => "#{item["edge"]["source"]["endpoint_id"]}",
194
+ "Source Local ID" => "#{item["edge"]["source"]["local_id"]}",
195
+ "Destination Path" => "#{item["edge"]["destination"]["path"]}",
196
+ "Destination Extension" => "#{item["edge"]["destination"]["extension"]}",
197
+ "Destination Upload File ID" => "#{item["edge"]["destination"]["upload_file_id"]}",
198
+ "Destination Browser Page Title" => "#{item["edge"]["destination"]["browser_page_title"]}",
199
+ "Destination Hostname" => "#{item["edge"]["destination"]["hostname"]}",
200
+ "Destination MD5" => "#{item["edge"]["destination"]["md5_hash"]}",
201
+ "Destination File Size" => "#{item["edge"]["destination"]["file_size"]}",
202
+ "Destination Path Components" => "#{item["edge"]["destination"]["path_components"]}",
203
+ "Destination Path Basename" => "#{item["edge"]["destination"]["path_basename"]}",
204
+ "Destination Domain" => "#{item["edge"]["destination"]["domain"]}",
205
+ "Destination URI" => "#{item["edge"]["destination"]["content_uri"]}",
206
+ "Destination Location" => "#{item["edge"]["destination"]["location"]}",
207
+ "Destination Location Outline" => "#{item["edge"]["destination"]["location_outline"]}",
208
+ "Destination Category" => "#{item["edge"]["destination"]["category"]}",
209
+ "Destination Links" => "#{item["edge"]["destination"]["links"]}",
210
+ "Destination Event Type" => "#{item["edge"]["destination"]["event_type"]}",
211
+ "Destination Sensor Name" => "#{item["edge"]["destination"]["sensor_name"]}",
212
+ "Destination Local User" => "#{item["edge"]["destination"]["local_user_name"]}",
213
+ "Destination Local User ID" => "#{item["edge"]["destination"]["local_user_sid"]}",
214
+ "Destination Local Time" => "#{item["edge"]["destination"]["local_time"]}",
215
+ "Destination Local Machine" => "#{item["edge"]["destination"]["local_machine_name"]}",
216
+ "Destination Endpoint ID" => "#{item["edge"]["destination"]["endpoint_id"]}",
217
+ "Destination Local ID" => "#{item["edge"]["destination"]["local_id"]}",
218
+ "Destination Blocked" => "#{item["edge"]["destination"]["blocked"]}",
219
+ "Destination Data Size" => "#{item["edge"]["destination"]["data_size"]}",
220
+ "Destination Google Drive ID" => "#{item["edge"]["destination"]["gdrive_file_id"]}",
221
+ "Destination Cloud Provider" => "#{item["edge"]["destination"]["cloud_provider"]}",
222
+ "Destination Cloud App" => "#{item["edge"]["destination"]["cloud_app"]}",
223
+ "Destination Cloud Account" => "#{item["edge"]["destination"]["cloud_app_account"]}",
224
+ "Destination Scan ID" => "#{item["edge"]["destination"]["dlp_scan_linking_id"]}"
225
+ }
226
+ $incidentArray.push($incident_hash)
227
+ end
228
+ else
229
+ break
230
+ end
231
+ end
232
+
233
+ CSV.open("#{$reportPath}", 'w') do |csv|
234
+ # Write the header based on the keys of the first hash
235
+ csv << $incidentArray.first.keys
236
+
237
+ # Write each hash as a row in the CSV file
238
+ $incidentArray.each do |hash|
239
+ csv << hash.values
240
+ end
241
+ end
242
+ puts "Finished writting report: #{$reportPath}"
243
+ end
244
+
245
+ def self.AllIncidentsJson(username)
246
+ AllIncidentsResults("#{username}")
247
+ return $incidentArray.to_json
248
+ end
312
249
 
313
- # def self.SummaryReport(incidentID)
314
- # SummaryRaw("#{incidentID}")
250
+ def self.AllIncidentsYaml(incidentID)
251
+ AllIncidentsResults("#{incidentID}")
252
+ return $incidentArray.to_yaml
253
+ end
315
254
 
316
- # puts "INCIDENT ID: #{$data[:values][:incident_id]}"
317
- # puts " EVENT TIME: #{$data[:values][:event_time]}"
318
- # puts " POLICY NAME: #{$data[:values][:policy_name]}"
319
- # puts " POLICY SEVERITY: #{$data[:values][:policy_severity]}"
320
- # puts " USER: #{$data[:values][:user]}"
321
- # puts " STATUS: #{$data[:values][:status]}"
322
- # puts " DATASET NAME: #{$data[:values][:dataset]}"
323
- # puts " DATASET SENSITIVITY: #{$data[:values][:dataset_sensitivity]}"
324
- # puts " POLICY SEVERITY: #{$data[:values][:ploiicy_severity]}"
325
- # puts " CREATE INCIDENT: #{$data[:values][:create_incident]}"
326
- # puts " INCIDENT ACTION: #{$data[:values][:incident_action]}"
327
- # puts " SOURCE INFORMATION:"
328
- # puts " URL: #{$data[:values][:src_url]}"
329
- # puts " BROWSER URL: #{$data[:values][:src_browser_url]}"
330
- # puts " BROWSER DOMAIN: #{$data[:values][:src_browser_domain]}"
331
- # puts " BROWSER TITLE: #{$data[:values][:src_browser_title]}"
332
- # puts " LOCATION: #{$data[:values][:src_location]}"
333
- # puts " LOCATION OUTLINE: #{$data[:values][:src_location_outline]}"
334
- # puts " CATEGORY: #{$data[:values][:src_category]}"
335
- # puts " DESTINATION INFORMATION:"
336
- # puts " BROWSER TITLE: #{$data[:values][:dst_browser_title]}"
337
- # puts " BASENAME: #{$data[:values][:dst_basename]}"
338
- # puts " DOMAIN: #{$data[:values][:dst_domain]}"
339
- # puts " LOCATION: #{$data[:values][:dest_location]}"
340
- # puts " LOCATION OUTLINE: #{$data[:values][:dst_location_outline]}"
341
- # puts " CATEGORY: #{$data[:values][:dst_category]}"
342
- # puts " EVENT TYPE: #{$data[:values][:dst_event_type]}"
343
- # puts " SENSOR: #{$data[:values][:dst_sensor]}"
344
- # puts " LOCAL USERNAME: #{$data[:values][:dst_local_username]}"
345
- # puts " LOCAL MACHINE NAME: #{$data[:values][:dst_local_machine_name]}"
346
- # puts " BLOCKED: #{$data[:values][:dst_blocked]}"
347
- # puts " DATA SIZE: #{$data[:values][:dst_data_size]}"
348
- # puts " GDRIVE FILE ID: #{$data[:values][:dst_gdrive_file_id]}"
349
- # puts " CLOUD PROVIDER: #{$data[:values][:dst_cloud_provider]}"
350
- # puts " CLOUD APP: #{$data[:values][:dst_cloud_app]}"
351
- # puts " CLOUD ACCOUNT: #{$data[:values][:dst_cloud_account]}"
352
- # end
353
-
354
255
  end
355
256
  end
356
257
  end
data/lib/cyberhaven/incidents/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Cyberhaven
4
4
  module Incidents
5
- VERSION = "0.4.0"
5
+ VERSION = "0.4.1"
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cyberhaven-incidents
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - nic scott
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-01-05 00:00:00.000000000 Z
11
+ date: 2024-01-07 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description:
14
14
  email: