Merge pull request #19 from JQvickWester/splunk_soar_4_3_2

Recorded Future for Splunk SOAR: Bug-fix - Release of app version 4.3.2

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright (c) Recorded Future, Inc, 2019-2023
+   Copyright (c) Recorded Future, Inc, 2019-2024
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
@@ -198,4 +198,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.

NOTICE

@@ -1,5 +1,5 @@
 Splunk SOAR Recorded Future
-Copyright (c) Recorded Future, Inc, 2019-2023
+Copyright (c) Recorded Future, Inc, 2019-2024
 
 Third-party Software Attributions:
 
@@ -14,8 +14,3 @@ Library: pudb
 Version: 2019.2
 License: MIT
 Copyright 2009 Andreas Kloeckner and contributors
-
-Library: requests
-Version: 2.25.0
-License: Apache 2.0
-Kenneth Reitz

README.md

@@ -2,17 +2,17 @@
 # Recorded Future For Splunk SOAR
 
 Publisher: Recorded Future, Inc  
-Connector Version: 4.3.1  
+Connector Version: 4.3.2  
 Product Vendor: Recorded Future, Inc  
 Product Name: Recorded Future App for Phantom  
 Product Version Supported (regex): ".\*"  
-Minimum Product Version: 5.5.0  
+Minimum Product Version: 6.1.1
 
 This app implements investigative actions to perform lookups for quick reputation information, contextual threat intelligence and external threat alerts
 
 [comment]: # " File: README.md"
 [comment]: # ""
-[comment]: # "Copyright (c) Recorded Future, Inc, 2019-2023"
+[comment]: # "Copyright (c) Recorded Future, Inc, 2019-2024"
 [comment]: # ""
 [comment]: # "This unpublished material is proprietary to Recorded Future. All"
 [comment]: # "rights reserved. The methods and techniques described herein are"
@@ -383,6 +383,7 @@ action_result.data.\*.evidence.\*.rule | string |  `recordedfuture evidence rule
 action_result.data.\*.evidence.\*.timestamp | string |  `recordedfuture evidence timestamp`  |  
 action_result.summary.alert_title | string |  |  
 action_result.summary.triggered | string |  |  
+action_result.summary.ai_insights | string | `recorded future AI Insights` |  
 action_result.message | string |  `recordedfuture result message`  |  
 summary.total_objects | numeric |  `recordedfuture total objects`  |   1 
 summary.total_objects_successful | numeric |  `recordedfuture total objects successful`  |   1   
@@ -465,7 +466,7 @@ action_result.data.\*.risk.rules | numeric |  `recordedfuture risk rules`  |
 action_result.data.\*.risk.score | numeric |  `recordedfuture risk score`  |  
 action_result.data.\*.timestamps.firstSeen | string |  `recordedfuture evidence firstseen`  |  
 action_result.data.\*.timestamps.lastSeen | string |  `recordedfuture evidence lastseen`  |  
-action_result.data.\*.ai_insights | string |  `recorded future AI Insights`  |   Here is some AI generated text related to this entity 
+action_result.data.\*.ai_insights | string | `recorded future AI Insights` |  
 action_result.summary.criticalityLabel | string |  `recordedfuture risk criticality label`  |   Very Malicious  Malicious  Suspicious  Unusual 
 action_result.summary.lastSeen | string |  `recordedfuture evidence lastseen`  |  
 action_result.summary.riskSummary | string |  `recordedfuture risk summary`  |  
@@ -579,7 +580,7 @@ action_result.data.\*.risk.rules | numeric |  `recordedfuture risk rules`  |
 action_result.data.\*.risk.score | numeric |  `recordedfuture risk score`  |  
 action_result.data.\*.timestamps.firstSeen | string |  `recordedfuture evidence firstseen`  |  
 action_result.data.\*.timestamps.lastSeen | string |  `recordedfuture evidence lastseen`  |  
-action_result.data.\*.ai_insights | string |  `recorded future AI Insights`  |   Here is some AI generated text related to this entity 
+action_result.data.\*.ai_insights | string | `recorded future AI Insights` |  
 action_result.summary.criticalityLabel | string |  `recordedfuture risk criticality label`  |  
 action_result.summary.lastSeen | string |  `recordedfuture evidence lastseen`  |  
 action_result.summary.riskSummary | string |  `recordedfuture risk summary`  |  
@@ -684,7 +685,7 @@ action_result.data.\*.risk.rules | numeric |  `recordedfuture risk rules`  |
 action_result.data.\*.risk.score | numeric |  `recordedfuture risk score`  |  
 action_result.data.\*.timestamps.firstSeen | string |  `recordedfuture evidence firstseen`  |  
 action_result.data.\*.timestamps.lastSeen | string |  `recordedfuture evidence lastseen`  |  
-action_result.data.\*.ai_insights | string |  `recorded future AI Insights`  |   Here is some AI generated text related to this entity 
+action_result.data.\*.ai_insights | string | `recorded future AI Insights` |  
 action_result.summary.criticalityLabel | string |  `recordedfuture risk criticality label`  |   Malicious 
 action_result.summary.lastSeen | string |  `recordedfuture evidence lastseen`  |  
 action_result.summary.riskSummary | string |  `recordedfuture risk summary`  |  
@@ -790,7 +791,7 @@ action_result.data.\*.threatLists.\*.name | string |  `recordedfuture threatlist
 action_result.data.\*.threatLists.\*.type | string |  `recordedfuture threatlist type`  |  
 action_result.data.\*.timestamps.firstSeen | string |  `recordedfuture evidence firstseen`  |  
 action_result.data.\*.timestamps.lastSeen | string |  `recordedfuture evidence lastseen`  |  
-action_result.data.\*.ai_insights | string |  `recorded future AI Insights`  |   Here is some AI generated text related to this entity 
+action_result.data.\*.ai_insights | string | `recorded future AI Insights` |  
 action_result.summary.criticalityLabel | string |  `recordedfuture risk criticality label`  |   Very Malicious 
 action_result.summary.lastSeen | string |  `recordedfuture evidence lastseen`  |  
 action_result.summary.riskSummary | string |  `recordedfuture risk summary`  |  
@@ -901,7 +902,7 @@ action_result.data.\*.risk.rules | numeric |  `recordedfuture risk rules`  |
 action_result.data.\*.risk.score | numeric |  `recordedfuture risk score`  |  
 action_result.data.\*.timestamps.firstSeen | string |  `recordedfuture evidence firstseen`  |  
 action_result.data.\*.timestamps.lastSeen | string |  `recordedfuture evidence lastseen`  |  
-action_result.data.\*.ai_insights | string |  `recorded future AI Insights`  |   Here is some AI generated text related to this entity 
+action_result.data.\*.ai_insights | string | `recorded future AI Insights` |  
 action_result.summary.criticalityLabel | string |  `recordedfuture risk criticality label`  |   Very Malicious 
 action_result.summary.lastSeen | string |  `recordedfuture evidence lastseen`  |  
 action_result.summary.riskSummary | string |  `recordedfuture risk summary`  |  
@@ -1732,7 +1733,6 @@ action_result.data.\*.links.Username.\*.risk_level | numeric |  `recordedfuture
 action_result.data.\*.links.Username.\*.risk_score | numeric |  `recordedfuture link risk score`  |   75 
 action_result.data.\*.links.Username.\*.criticality | string |  `recordedfuture link criticality`  |   Unusual 
 action_result.data.\*.location.country | string |  `country location for the threat actor`  |   Ukraine 
-action_result.data.\*.ai_insights | string |  `recorded future AI Insights`  |   Here is some AI generated text related to this entity 
 action_result.summary | string |  |  
 action_result.message | string |  `recordedfuture result message`  |  
 summary.total_objects | numeric |  `recordedfuture total objects`  |   1 
@@ -1821,4 +1821,4 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 **artifact_count** |  optional  | Parameter ignored in this app | numeric | 
 
 #### Action Output
-No Output
+No Output

__init__.py

@@ -1,7 +1,7 @@
 # --
 # File: __init__.py
 #
-# Copyright (c) Recorded Future, Inc, 2019-2023
+# Copyright (c) Recorded Future, Inc, 2019-2024
 #
 # This unpublished material is proprietary to Recorded Future. All
 # rights reserved. The methods and techniques described herein are

alert_lookup_results.html

@@ -11,7 +11,7 @@
 
 <!-- File: alert_search_results.html
 
-Copyright (c) Recorded Future, Inc, 2019-2023
+Copyright (c) Recorded Future, Inc, 2019-2024
 
 This unpublished material is proprietary to Recorded Future. All
 rights reserved. The methods and techniques described herein are
@@ -35,6 +35,164 @@
 Style elements are defined in a separate file, named below,
 and will be merged during compilation:
        recordedfuture_style.css          -->
+<style>
+
+  /*  ||  RECORDED FUTURE COLOR */
+
+  :root{
+    --RecordedFutureBlue: #2673B3;
+    --CriticalityHigh: #cf0a2c;
+    --CriticalityModerate: #FFCE00;
+    --CriticalityLow: #e1e6eb;
+  }
+
+  a:hover {
+    text-decoration: underline;
+  }
+
+  .rf-widget {
+    overflow: auto;
+    width: 100%;
+    height: 100%;
+    padding-left:10px;
+    padding-right:10px;
+  }
+
+  .rf-box {
+    width: 750px;
+    padding: 5px;
+    margin: 0 5px;
+    font-size: 12px;
+  }
+
+  .highlighted {
+    font-weight: 700;
+  }
+
+  .non-highlighted {
+    font-size: x-small;
+  }
+
+  .rf-box th {
+    text-align: left;
+  }
+
+  .rf-table {
+    width: 98%;
+    border-collapse: collapse;
+    margin: 5px 5px 5px 0;
+    padding: 10px;
+    font-size: 12px;
+  }
+
+  td.rf-criticality-level-3, td.rf-criticality-level-4,
+  td.rf-criticality-level-5 {
+    background: var(--CriticalityHigh);
+    width: 0 !important;
+    padding: 0 2px 0 3px !important;
+  }
+  td.rf-criticality-level-2 {
+    background: var(--CriticalityModerate);
+    width: 0 !important;
+    padding: 0 2px 0 3px !important;
+  }
+  td.rf-criticality-level-1 {
+    background: var(--CriticalityLow);
+    width: 0 !important;
+    padding: 0 2px 0 3px !important;
+  }
+
+  .rf-table td {
+    vertical-align: text-top;
+    padding: 10px;
+  }
+
+  td.rf-timestamp {
+    min-width: 13ex !important;
+  }
+
+  .rf-hover-info {
+    font-weight: normal;
+  }
+
+  .rf-hover-info:hover {
+    font-weight: bold;
+  }
+  .rf-full-width-box {
+    width: 100%;
+    border-bottom: 1px solid #3c444d;
+    padding: 5px;
+    margin: 0 5px;
+    font-size: 12px;
+  }
+  .rf-circle {
+    height: 10px;
+    width: 10px;
+    border-radius: 50%;
+  }
+  .rf-alert-panel {
+    width: 96%;
+    margin-left: 2%;
+    border: 1px solid #3c444d;
+    padding: 10px;
+  }
+  .rf-chip-box {
+    border-radius: 10px;
+    background-color: darkred;
+    padding: 3px;
+    text-align: center;
+  }
+  .rf-priority-level-High {
+    background: var(--CriticalityHigh);
+  }
+  .rf-priority-level-Moderate {
+    background: var(--CriticalityModerate);
+  }
+  .rf-priority-level-Informational {
+    background: var(--CriticalityLow);
+  }
+  .rf-criticality-level-High {
+    background: var(--CriticalityHigh);
+  }
+  .rf-criticality-level-Medium {
+    background: var(--CriticalityModerate);
+  }
+  .rf-criticality-level-Low {
+    background: var(--CriticalityLow);
+  }
+  .rf-playbook-alert-screenshot {
+    margin-bottom: 20px;
+    width: 100%;
+    height: 720px;
+  }
+  .rf-playbook-alert-data-row {
+    display: flex;
+    align-items: center;
+    margin: 0;
+    gap: 20px;
+    margin-bottom: 5px;
+  }
+  .rf-playbook-alert-dns-data-row {
+    display: flex;
+    align-items: center;
+    margin: 0;
+    gap: 5px;
+  }
+  .rf-playbook-alert-panel-title {
+    margin-left: 2%;
+  }
+  .rf-playbook-alert-whois-data-row {
+    display: flex;
+    align-items: center;
+    gap: 20px;
+  }
+  .rf-playbook-alert-data-row-title {
+    width: 10%;
+  }
+  .rf-playbook-alert-evidence-data-row-title {
+    width: 20%;
+  }
+</style>
 
 <div class="rf-widget"> <!-- Main Div -->
   <!------------------- For each Result ---------------------->

alert_rule_search_results.html

@@ -11,7 +11,7 @@
 
 <!-- File: alert_rule_search_results.html
 
-Copyright (c) Recorded Future, Inc, 2019-2023
+Copyright (c) Recorded Future, Inc, 2019-2024
 
 This unpublished material is proprietary to Recorded Future. All
 rights reserved. The methods and techniques described herein are

alert_search_results.html

@@ -11,7 +11,7 @@
 
 <!-- File: alert_search_results.html
 
-Copyright (c) Recorded Future, Inc, 2019-2023
+Copyright (c) Recorded Future, Inc, 2019-2024
 
 This unpublished material is proprietary to Recorded Future. All
 rights reserved. The methods and techniques described herein are

alert_update_results.html

@@ -11,7 +11,7 @@
 
 <!-- File: alert_lookup_results.html
 
-Copyright (c) Recorded Future, Inc, 2019-2023
+Copyright (c) Recorded Future, Inc, 2019-2024
 
 This unpublished material is proprietary to Recorded Future. All
 rights reserved. The methods and techniques described herein are