@itentialopensource/adapter-checkpoint_reputation_service 0.1.1

package/report/adapter-openapi.yaml

@@ -0,0 +1,333 @@
+openapi: 3.0.1
+info:
+  title: Check Point Reputation Service API
+  description: |
+    ## Introduction
+    Leverage the Check Point’s threat intelligence to enrich your SIEM and SOAR solutions and to secure your business applications and websites by using simple RESTful APIs.  
+
+    | **Input** | **Output** |
+    |-------|--------|
+    | **URL, IP, File digest (md5/sha1/sha256)**   | classification and risk     |
+
+    ## Getting Started with the Reputation Service API  
+    ### 1. Get your API Key 
+    [Contact us](mailto:TCAPI_SUPPORT@checkpoint.com) to get an API key
+    ### 2. Request a session token
+    The session token is valid for 30min.  
+    
+    Request example:  
+    ```linux
+    curl -X GET "https://rep.checkpoint.com/rep-auth/service/v1.0/request" -H "Client-Key: XXXXXXXXXXXXX"
+    ```
+
+    Response example:
+    ```
+    exp=XXXXXXX~acl=XXXX/*~hmac=XXXXXXXXX
+    ```
+    ### 3. Use your API Key and your session token for a Reputation Service Query
+    Note: you have to provide the resource to be queried both in the **message body** and in the **URL request**.  
+
+    Request example:  
+    ```linux
+    curl -X POST "https://rep.checkpoint.com/url-rep/service/v2.0/query?resource=ynet.co.il" -H "accept: application/json" -H "Client-Key: XXXXXXX" -H "token: exp=XXXXX~acl=XXXXX" -H "Content-Type: application/json" -d "{\"request\":[{\"resource\":\"ynet.co.il\"}]}"
+    ```
+
+    Response example:
+    ```json
+    {
+      "response": [
+        {
+          "status": {
+            "code": 2001,
+            "label": "SUCCESS",
+            "message": "Succeeded to generate reputation"
+          },
+          "resource": "ynet.co.il",
+          "reputation": {
+            "classification": "Benign",
+            "severity": "N/A",
+            "confidence": "High"
+          },
+          "risk": 0,
+          "context": {
+            "categories": [
+              {
+                "id": 24,
+                "name": "News / Media"
+              }
+            ],
+            "indications": [
+              "The domain is popular among websites with good reputation",
+              "The domain has good reputation",
+              "The domain is popular in the world",
+              "Check Point's URL Filtering category is News / Media",
+              "VirusTotal vendors detected benign URLs of the domain",
+              "The IP address is involved with benign activity"
+            ],
+            "vt_positives": 0,
+            "safe": true,
+            "creation_date": "2001:01:07 00:00:00",
+            "related_ips": [
+              {
+                "ip": "104.123.201.212",
+                "classification": "Benign",
+                "confidence": "Low"
+              }
+            ]
+          }
+        }
+      ]
+    }
+    ```
+  version: 1.0.0
+servers:
+  - url: 'https://rep.checkpoint.com'
+paths:
+  /rep-auth/service/v1.0/request:
+    get:
+      operationId: getSessionToken
+      summary: Request a session token
+      tags:
+        - Authentication
+      parameters:
+        - name: Client-Key
+          in: header
+          required: true
+          schema:
+            type: string
+            format: uuid
+      responses:
+        '200':
+          description: The token to use in reputation
+        '401':
+          $ref: '#/components/responses/Unauthorized'
+  '/{service}-rep/service/v2.0/query':
+    post:
+      operationId: postQueryResource
+      summary: Query your resource
+      tags:
+        - Query
+      parameters:
+        - name: Client-Key
+          in: header
+          required: true
+          schema:
+            type: string
+            format: uuid
+        - name: token
+          in: header
+          required: true
+          schema:
+            type: string
+        - name: service
+          in: path
+          description: The service you want to query
+          required: true
+          schema:
+            type: string
+            enum:
+              - url
+              - ip
+              - file
+        - name: resource
+          in: query
+          description: The resource you want to query
+          required: true
+          schema:
+            type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ReputationRequest'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ReputationResponse'
+        '400':
+          $ref: '#/components/responses/BadRequest'
+        '401':
+          $ref: '#/components/responses/Unauthorized'
+        '403':
+          $ref: '#/components/responses/Forbidden'
+        '429':
+          $ref: '#/components/responses/TooManyRequests'
+components:
+  responses:
+    Unauthorized:
+      description: Invalid Client-Key header
+    BadRequest:
+      description: Bad Request - Check your resource
+    Forbidden:
+      description: Invalid token header
+    TooManyRequests:
+      description: Quota exceeded
+  schemas:
+    ReputationSingleRequest:
+      properties:
+        resource:
+          type: string
+    ReputationRequest:
+      properties:
+        request:
+          type: array
+          items:
+            $ref: '#/components/schemas/ReputationSingleRequest'
+      required:
+        - request
+    ReputationResponse:
+      properties:
+        risk:
+          type: number
+          example: 0
+        resource:
+          type: string
+          example: 'http://google.com'
+        reputation:
+          $ref: '#/components/schemas/ReputationClassification'
+        status:
+          $ref: '#/components/schemas/ReputationStatus'
+        context:
+          $ref: '#/components/schemas/ReputationResponseContext'
+    ReputationClassification:
+      properties:
+        classification:
+          type: string
+          example: Benign
+        severity:
+          type: string
+          enum:
+            - N/A
+            - Low
+            - Medium
+            - High
+            - Critical
+        Confidence:
+          type: string
+          enum:
+            - Low
+            - Medium
+            - High
+    ReputationStatus:
+      properties:
+        code:
+          type: integer
+          enum:
+            - 2001
+            - 2002
+            - 2003
+        label:
+          type: string
+          enum:
+            - SUCCESS
+            - PARTIAL_SUCCESS
+            - FAILED
+        message:
+          type: string
+          enum:
+            - Succeeded to generate reputation
+            - Some vendors are unavailable
+            - Failed to process
+    ReputationResponseContext:
+      description: 'In parentheses, the service returning the field'
+      type: object
+      properties:
+        asn:
+          type: number
+          description: ASN of the IP (IP)
+        as_owner:
+          type: string
+          description: ASN owner of the IP (IP)
+        safe:
+          type: boolean
+          description: exists and true if certified safe (URL)
+        malware_family:
+          type: string
+          description: the malware family associated with the resource  (URL/FILE/IP)
+        protection_name:
+          type: string
+          description: >-
+            The protection name returned from Malware Service / AntiVirus
+            (URL/FILE)
+        redirections:
+          type: array
+          description: The redirections of the resource (URL)
+          items:
+            type: string
+        malware_types:
+          type: array
+          description: The malware types based on VT scans (FILE)
+          items:
+            type: string
+        categories:
+          type: array
+          description: URLF categories (URL)
+          items:
+            type: string
+        google_safe_browsing_categories:
+          type: array
+          description: Google safe browsing categories (URL)
+          items:
+            type: string
+        location:
+          type: object
+          description: geo location information  (IP)
+          properties:
+            region:
+              type: string
+            city:
+              type: string
+            postalCode:
+              type: string
+            latitude:
+              type: number
+            longitude:
+              type: number
+            dma_code:
+              type: integer
+            area_code:
+              type: integer
+            metro_code:
+              type: integer
+        related_resources:
+          type: object
+          description: (FILE)
+          properties:
+            similar_files_found:
+              description: How many similar files found
+              type: number
+            similar_files_details:
+              description: Information about the similar file
+              type: object
+              properties:
+                md5:
+                  type: string
+                ssdeep:
+                  type: string
+                ssdeep_similarity:
+                  type: string
+                file_type:
+                  type: string
+                classification:
+                  type: string
+                malware_family:
+                  type: string
+                confidence:
+                  type: string
+        phishing:
+          type: object
+          description: (URL)
+          properties:
+            brand:
+              description: brand of the phishing resource
+              type: string
+            type:
+              description: type of brand
+              type: string
+            domain:
+              description: the primary domain
+              type: string

package/report/auto-adapter-openapi.json

@@ -0,0 +1,95 @@
+{
+  "openapi": "3.1.0",
+  "info": {
+    "title": "",
+    "version": "1.0.0"
+  },
+  "paths": {
+    "/rep-auth/service/v1.0/request": {
+      "get": {
+        "tags": [
+          "Authentication"
+        ],
+        "operationId": "getSessionToken",
+        "description": "The parameters and request body are for method: getSessionToken. Same endpoint also used in methods:",
+        "responses": {
+          "200": {
+            "description": "Successful operation",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "title": "result",
+                  "type": "object"
+                }
+              }
+            }
+          }
+        },
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "type": "object"
+              },
+              "example": {}
+            }
+          }
+        }
+      }
+    },
+    "/{service}-rep/service/v2.0/query": {
+      "post": {
+        "tags": [
+          "Query"
+        ],
+        "operationId": "postQueryResource",
+        "description": "The parameters and request body are for method: postQueryResource. Same endpoint also used in methods:",
+        "responses": {
+          "200": {
+            "description": "Successful operation",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "title": "result",
+                  "type": "object"
+                }
+              }
+            }
+          }
+        },
+        "parameters": [
+          {
+            "name": "service",
+            "in": "path",
+            "required": true,
+            "schema": {
+              "title": "service",
+              "type": "string"
+            }
+          },
+          {
+            "name": "resource",
+            "in": "query",
+            "required": true,
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "requestBody": {
+          "description": "indeterminate body object",
+          "content": {
+            "application/json": {
+              "schema": {
+                "type": "object"
+              }
+            }
+          }
+        }
+      }
+    }
+  },
+  "components": {
+    "schemas": {}
+  }
+}