Skip to content

Farsight DNSDB - Added handling for 404 and 400 responses #1675

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Jun 28, 2018
Merged

Farsight DNSDB - Added handling for 404 and 400 responses #1675

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
a1c3c12
Added handling for 404 and 400 responses
saharsabban Jun 13, 2018
34d4724
fix commonfields
saharsabban Jun 13, 2018
15ea714
Merge branch 'master' into DNSDB404Fix
saharsabban Jun 13, 2018
97800ac
Added test plybook for DNSDB
saharsabban Jun 17, 2018
c4dbefd
Merge branch 'master' into DNSDB404Fix
saharsabban Jun 19, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 12 additions & 2 deletions Integrations/integration-DNSDB.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,8 @@ script:
head+=key+'|';
line+='-|';
}
var md=head+'\n'+line+'\n';
var md = '### Farsight DNSDB\n';
md+=head+'\n'+line+'\n';
for (var i = 0; i<data.length; i++) {
md += '|';
for (key in keys) {
Expand Down Expand Up @@ -144,6 +145,10 @@ script:
params.useproxy

);
if (res.StatusCode == 404 || res.StatusCode == 400) {
//null is returned while 404 returns error that stops playbook
return null;
}
if (res.StatusCode < 200 || res.StatusCode>299) {
throw 'Error ' + res.StatusCode + '. ' + res.Status;
}
Expand Down Expand Up @@ -181,6 +186,10 @@ script:
parameters.time_last_after = args.time_last_after*-1;
}
var res= sendRequest(requestUrl,parameters);
if (res === null) {
md = '### Farsight DNSDB: No information found on ' + args.value;
return { ContentsFormat: formats.markdown, Type: entryTypes.note, Contents: md } ;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

return { ContentsFormat: formats.markdown, Type: entryTypes.note, Contents: md } ; =>

return { 
    ContentsFormat: formats.markdown, 
    Type: entryTypes.note, 
    Contents: md 
} ;

}
var md = dataToMd(api,res.entries);
return {Type: entryTypes.note, Contents: res, ContentsFormat: formats.json, HumanReadable: md};
}
Expand Down Expand Up @@ -255,4 +264,5 @@ script:
- name: time_last_after
description: Filter results for entries seen for last time after (seconds)
description: Lookup rrser records
hidden: false
runonce: false
releaseNotes: "Added error handling of 404/400 response and improved human readable output."
138 changes: 138 additions & 0 deletions TestPlaybooks/playbook-DNSDB-Test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
id: DNSDBTest
version: -1
name: DNSDBTest
starttaskid: "0"
tasks:
"0":
id: "0"
taskid: f50ccca6-eb90-4d74-8299-c128a80ccba9
type: start
task:
id: f50ccca6-eb90-4d74-8299-c128a80ccba9
version: -1
name: ""
iscommand: false
brand: ""
nexttasks:
'#none#':
- "1"
reputationcalc: 0
separatecontext: false
view: |-
{
"position": {
"x": 265,
"y": 50
}
}
"1":
id: "1"
taskid: 5e24c48c-eb4e-44d4-8d41-21dacb7caa99
type: regular
task:
id: 5e24c48c-eb4e-44d4-8d41-21dacb7caa99
version: -1
name: DeleteContext
description: Delete field from context
scriptName: DeleteContext
type: regular
iscommand: false
brand: ""
nexttasks:
'#none#':
- "2"
- "5"
scriptarguments:
all:
simple: "yes"
key: {}
reputationcalc: 0
separatecontext: false
view: |-
{
"position": {
"x": 265,
"y": 195
}
}
"2":
id: "2"
taskid: f459f09b-4032-4b43-89c7-c104653fc831
type: regular
task:
id: f459f09b-4032-4b43-89c7-c104653fc831
version: -1
name: dnsdb-rrset
description: Check IP reputation (when information is available, returns a JSON
with details). Uses all configured Threat Intelligence feeds
script: Farsight DNSDB_copy|||dnsdb-rrset
type: regular
iscommand: true
brand: Farsight DNSDB_copy
scriptarguments:
bailiwick: {}
limit:
simple: "10"
owner:
simple: google.*
rrtype: {}
time_first_after: {}
time_first_before: {}
time_last_after: {}
time_last_before: {}
reputationcalc: 0
separatecontext: false
view: |-
{
"position": {
"x": -196,
"y": 446
}
}
"5":
id: "5"
taskid: edcdf841-173b-4e52-87ce-6a13b3920b05
type: regular
task:
id: edcdf841-173b-4e52-87ce-6a13b3920b05
version: -1
name: dnsdb-rdata
script: Farsight DNSDB_copy|||dnsdb-rdata
type: regular
iscommand: true
brand: Farsight DNSDB_copy
scriptarguments:
limit:
simple: "10"
rrtype: {}
time_first_after: {}
time_first_before: {}
time_last_after: {}
time_last_before: {}
type:
simple: name
value:
simple: youtube.com
reputationcalc: 0
separatecontext: false
view: |-
{
"position": {
"x": 740,
"y": 432
}
}
view: |-
{
"linkLabelsPosition": {},
"paper": {
"dimensions": {
"height": 491,
"width": 1316,
"x": -196,
"y": 50
}
}
}
inputs: []
outputs: []
5 changes: 5 additions & 0 deletions Tests/conf.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -345,6 +345,11 @@
}
],
"skipped": [
{

"integrations": "Farsight DNSDB",
"playbookID": "DNSDBTest"
},
{
"integrations": "Cybereason",
"playbookID": "Cybereason Test"
Expand Down