@itentialopensource/adapter-checkpoint_reputation_service 0.1.1

package/report/checkpoint.yaml

@@ -0,0 +1,333 @@
+openapi: 3.0.1
+info:
+  title: Check Point Reputation Service API
+  description: |
+    ## Introduction
+    Leverage the Check Point’s threat intelligence to enrich your SIEM and SOAR solutions and to secure your business applications and websites by using simple RESTful APIs.  
+
+    | **Input** | **Output** |
+    |-------|--------|
+    | **URL, IP, File digest (md5/sha1/sha256)**   | classification and risk     |
+
+    ## Getting Started with the Reputation Service API  
+    ### 1. Get your API Key 
+    [Contact us](mailto:TCAPI_SUPPORT@checkpoint.com) to get an API key
+    ### 2. Request a session token
+    The session token is valid for 30min.  
+    
+    Request example:  
+    ```linux
+    curl -X GET "https://rep.checkpoint.com/rep-auth/service/v1.0/request" -H "Client-Key: XXXXXXXXXXXXX"
+    ```
+
+    Response example:
+    ```
+    exp=XXXXXXX~acl=XXXX/*~hmac=XXXXXXXXX
+    ```
+    ### 3. Use your API Key and your session token for a Reputation Service Query
+    Note: you have to provide the resource to be queried both in the **message body** and in the **URL request**.  
+
+    Request example:  
+    ```linux
+    curl -X POST "https://rep.checkpoint.com/url-rep/service/v2.0/query?resource=ynet.co.il" -H "accept: application/json" -H "Client-Key: XXXXXXX" -H "token: exp=XXXXX~acl=XXXXX" -H "Content-Type: application/json" -d "{\"request\":[{\"resource\":\"ynet.co.il\"}]}"
+    ```
+
+    Response example:
+    ```json
+    {
+      "response": [
+        {
+          "status": {
+            "code": 2001,
+            "label": "SUCCESS",
+            "message": "Succeeded to generate reputation"
+          },
+          "resource": "ynet.co.il",
+          "reputation": {
+            "classification": "Benign",
+            "severity": "N/A",
+            "confidence": "High"
+          },
+          "risk": 0,
+          "context": {
+            "categories": [
+              {
+                "id": 24,
+                "name": "News / Media"
+              }
+            ],
+            "indications": [
+              "The domain is popular among websites with good reputation",
+              "The domain has good reputation",
+              "The domain is popular in the world",
+              "Check Point's URL Filtering category is News / Media",
+              "VirusTotal vendors detected benign URLs of the domain",
+              "The IP address is involved with benign activity"
+            ],
+            "vt_positives": 0,
+            "safe": true,
+            "creation_date": "2001:01:07 00:00:00",
+            "related_ips": [
+              {
+                "ip": "104.123.201.212",
+                "classification": "Benign",
+                "confidence": "Low"
+              }
+            ]
+          }
+        }
+      ]
+    }
+    ```
+  version: 1.0.0
+servers:
+  - url: 'https://rep.checkpoint.com'
+paths:
+  /rep-auth/service/v1.0/request:
+    get:
+      operationId: getSessionToken
+      summary: Request a session token
+      tags:
+        - Authentication
+      parameters:
+        - name: Client-Key
+          in: header
+          required: true
+          schema:
+            type: string
+            format: uuid
+      responses:
+        '200':
+          description: The token to use in reputation
+        '401':
+          $ref: '#/components/responses/Unauthorized'
+  '/{service}-rep/service/v2.0/query':
+    post:
+      operationId: postQueryResource
+      summary: Query your resource
+      tags:
+        - Query
+      parameters:
+        - name: Client-Key
+          in: header
+          required: true
+          schema:
+            type: string
+            format: uuid
+        - name: token
+          in: header
+          required: true
+          schema:
+            type: string
+        - name: service
+          in: path
+          description: The service you want to query
+          required: true
+          schema:
+            type: string
+            enum:
+              - url
+              - ip
+              - file
+        - name: resource
+          in: query
+          description: The resource you want to query
+          required: true
+          schema:
+            type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ReputationRequest'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ReputationResponse'
+        '400':
+          $ref: '#/components/responses/BadRequest'
+        '401':
+          $ref: '#/components/responses/Unauthorized'
+        '403':
+          $ref: '#/components/responses/Forbidden'
+        '429':
+          $ref: '#/components/responses/TooManyRequests'
+components:
+  responses:
+    Unauthorized:
+      description: Invalid Client-Key header
+    BadRequest:
+      description: Bad Request - Check your resource
+    Forbidden:
+      description: Invalid token header
+    TooManyRequests:
+      description: Quota exceeded
+  schemas:
+    ReputationSingleRequest:
+      properties:
+        resource:
+          type: string
+    ReputationRequest:
+      properties:
+        request:
+          type: array
+          items:
+            $ref: '#/components/schemas/ReputationSingleRequest'
+      required:
+        - request
+    ReputationResponse:
+      properties:
+        risk:
+          type: number
+          example: 0
+        resource:
+          type: string
+          example: 'http://google.com'
+        reputation:
+          $ref: '#/components/schemas/ReputationClassification'
+        status:
+          $ref: '#/components/schemas/ReputationStatus'
+        context:
+          $ref: '#/components/schemas/ReputationResponseContext'
+    ReputationClassification:
+      properties:
+        classification:
+          type: string
+          example: Benign
+        severity:
+          type: string
+          enum:
+            - N/A
+            - Low
+            - Medium
+            - High
+            - Critical
+        Confidence:
+          type: string
+          enum:
+            - Low
+            - Medium
+            - High
+    ReputationStatus:
+      properties:
+        code:
+          type: integer
+          enum:
+            - 2001
+            - 2002
+            - 2003
+        label:
+          type: string
+          enum:
+            - SUCCESS
+            - PARTIAL_SUCCESS
+            - FAILED
+        message:
+          type: string
+          enum:
+            - Succeeded to generate reputation
+            - Some vendors are unavailable
+            - Failed to process
+    ReputationResponseContext:
+      description: 'In parentheses, the service returning the field'
+      type: object
+      properties:
+        asn:
+          type: number
+          description: ASN of the IP (IP)
+        as_owner:
+          type: string
+          description: ASN owner of the IP (IP)
+        safe:
+          type: boolean
+          description: exists and true if certified safe (URL)
+        malware_family:
+          type: string
+          description: the malware family associated with the resource  (URL/FILE/IP)
+        protection_name:
+          type: string
+          description: >-
+            The protection name returned from Malware Service / AntiVirus
+            (URL/FILE)
+        redirections:
+          type: array
+          description: The redirections of the resource (URL)
+          items:
+            type: string
+        malware_types:
+          type: array
+          description: The malware types based on VT scans (FILE)
+          items:
+            type: string
+        categories:
+          type: array
+          description: URLF categories (URL)
+          items:
+            type: string
+        google_safe_browsing_categories:
+          type: array
+          description: Google safe browsing categories (URL)
+          items:
+            type: string
+        location:
+          type: object
+          description: geo location information  (IP)
+          properties:
+            region:
+              type: string
+            city:
+              type: string
+            postalCode:
+              type: string
+            latitude:
+              type: number
+            longitude:
+              type: number
+            dma_code:
+              type: integer
+            area_code:
+              type: integer
+            metro_code:
+              type: integer
+        related_resources:
+          type: object
+          description: (FILE)
+          properties:
+            similar_files_found:
+              description: How many similar files found
+              type: number
+            similar_files_details:
+              description: Information about the similar file
+              type: object
+              properties:
+                md5:
+                  type: string
+                ssdeep:
+                  type: string
+                ssdeep_similarity:
+                  type: string
+                file_type:
+                  type: string
+                classification:
+                  type: string
+                malware_family:
+                  type: string
+                confidence:
+                  type: string
+        phishing:
+          type: object
+          description: (URL)
+          properties:
+            brand:
+              description: brand of the phishing resource
+              type: string
+            type:
+              description: type of brand
+              type: string
+            domain:
+              description: the primary domain
+              type: string

package/report/creationReport.json

@@ -0,0 +1,235 @@
+{
+  "errors": [],
+  "statistics": [
+    {
+      "owner": "errorJson",
+      "description": "Standard adapter errors available for use",
+      "value": 31
+    },
+    {
+      "owner": "packageJson",
+      "description": "Number of production dependencies",
+      "value": 16
+    },
+    {
+      "owner": "packageJson",
+      "description": "Number of development dependencies",
+      "value": 6
+    },
+    {
+      "owner": "packageJson",
+      "description": "Number of npm scripts",
+      "value": 21
+    },
+    {
+      "owner": "packageJson",
+      "description": "Runtime Library dependency",
+      "value": "^5.9.4"
+    },
+    {
+      "owner": "propertiesSchemaJson",
+      "description": "Adapter properties defined in the propertiesSchema file",
+      "value": 78
+    },
+    {
+      "owner": "adapterJS",
+      "description": "Lines of code generated in adapter.js",
+      "value": 922
+    },
+    {
+      "owner": "adapterJS",
+      "description": "Number of Functions added to adapter.js",
+      "value": 2
+    },
+    {
+      "owner": "pronghornJson",
+      "description": "Number of Methods added to pronghorn.json",
+      "value": 2
+    },
+    {
+      "owner": "markdown",
+      "description": "Number of lines in the README.md",
+      "value": 344
+    },
+    {
+      "owner": "markdown",
+      "description": "Number of lines in the SUMMARY.md",
+      "value": 9
+    },
+    {
+      "owner": "markdown",
+      "description": "Number of lines in the PROPERTIES.md",
+      "value": 647
+    },
+    {
+      "owner": "markdown",
+      "description": "Number of lines in the TROUBLESHOOT.md",
+      "value": 48
+    },
+    {
+      "owner": "markdown",
+      "description": "Number of lines in the ENHANCE.md",
+      "value": 70
+    },
+    {
+      "owner": "markdown",
+      "description": "Number of lines in the BROKER.md",
+      "value": 212
+    },
+    {
+      "owner": "markdown",
+      "description": "Number of lines in the CALLS.md",
+      "value": 208
+    },
+    {
+      "owner": "markdown",
+      "description": "Number of lines in the AUTH.md",
+      "value": 40
+    },
+    {
+      "owner": "markdown",
+      "description": "Number of lines in the SYSTEMINFO.md",
+      "value": 14
+    },
+    {
+      "owner": "unitTestJS",
+      "description": "Number of lines of code in unit tests",
+      "value": 1580
+    },
+    {
+      "owner": "unitTestJS",
+      "description": "Number of unit tests",
+      "value": 73
+    },
+    {
+      "owner": "integrationTestJS",
+      "description": "Number of lines of code in integration tests",
+      "value": 534
+    },
+    {
+      "owner": "integrationTestJS",
+      "description": "Number of integration tests",
+      "value": 11
+    },
+    {
+      "owner": "actionJson",
+      "description": "Number of actions for Authentication entity",
+      "value": 1
+    },
+    {
+      "owner": "actionJson",
+      "description": "Number of actions for Query entity",
+      "value": 1
+    },
+    {
+      "owner": "actionJson",
+      "description": "Total number of actions",
+      "value": 2
+    },
+    {
+      "owner": "actionJson",
+      "description": "Total number of entities",
+      "value": 2
+    },
+    {
+      "owner": "schemaJson",
+      "description": "Number of schemas for Authentication entity",
+      "value": 1
+    },
+    {
+      "owner": "schemaJson",
+      "description": "Number of schemas for Query entity",
+      "value": 1
+    },
+    {
+      "owner": "schemaJson",
+      "description": "Total number of schemas",
+      "value": 2
+    },
+    {
+      "owner": "mockdata",
+      "description": "Number of mock data files for Authentication entity",
+      "value": 0
+    },
+    {
+      "owner": "mockdata",
+      "description": "Number of mock data files for Query entity",
+      "value": 0
+    },
+    {
+      "owner": "mockdata",
+      "description": "Total number of mock data files",
+      "value": 0
+    },
+    {
+      "owner": "actionJson",
+      "description": "Number of actions for .system entity",
+      "value": 2
+    },
+    {
+      "owner": "schemaJson",
+      "description": "Number of schemas for .system entity",
+      "value": 3
+    },
+    {
+      "owner": "mockdata",
+      "description": "Number of mock data files for .system entity",
+      "value": 2
+    },
+    {
+      "owner": "System",
+      "description": "System entity files",
+      "value": 6
+    },
+    {
+      "owner": "usecases",
+      "description": "Number of workflows",
+      "value": 0
+    },
+    {
+      "owner": "staticFile",
+      "description": "Number of lines of code in adapterBase.js",
+      "value": 1453
+    },
+    {
+      "owner": "staticFile",
+      "description": "Number of static files added",
+      "value": 37
+    },
+    {
+      "owner": "Overall",
+      "description": "Total lines of Code",
+      "value": 4489
+    },
+    {
+      "owner": "Overall",
+      "description": "Total Tests",
+      "value": 84
+    },
+    {
+      "owner": "Overall",
+      "description": "Total Files",
+      "value": 56
+    }
+  ],
+  "warnings": [],
+  "apiParsingReport": {
+    "no_mockdata": [
+      {
+        "fnName": "getSessionToken",
+        "method": "get",
+        "path": "/rep-auth/service/v1.0/request"
+      },
+      {
+        "fnName": "postQueryResource",
+        "method": "post",
+        "path": "/{service}-rep/service/v2.0/query"
+      }
+    ],
+    "errors": [],
+    "warnings": [],
+    "callsTotal": 2,
+    "callsConverted": 2,
+    "no_mockdata_num": 2
+  }
+}