Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@jupiterone/graph-cbdefense

Package Overview
Dependencies
Maintainers
10
Versions
29
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@jupiterone/graph-cbdefense - npm Package Compare versions

Comparing version 0.8.1 to 1.0.0

CHANGELOG.md

140

dist/CbDefenseClient.d.ts

@@ -0,127 +1,23 @@

import { Opaque } from "type-fest";
import { IntegrationLogger } from "@jupiterone/jupiter-managed-integration-sdk";
import { CbDefenseIntegrationConfig } from "./types";
export interface CbDefenseAccount {
site: string;
organizationName: string;
organizationId: number;
domains?: string[];
}
export interface CbDefenseSensor {
adGroupId: number | null;
policyOverride: boolean | null;
currentSensorPolicyName: string | null;
deviceMetaDataItemList: string[] | null;
lastDevicePolicyRequestedTime: number | null;
lastDevicePolicyChangedTime: number | null;
lastPolicyUpdatedTime: number | null;
loginUserName: string | null;
activationCode: string | null;
firstName: string | null;
lastName: string | null;
email: string | null;
middleName: string | null;
deviceId: number | null;
deviceType: string | null;
deviceOwnerId: number | null;
deviceGuid: number | null;
deviceSessionId: number | null;
assignedToId: number | null;
assignedToName: string | null;
targetPriorityType: string | null;
organizationName: string;
organizationId: number;
uninstallCode: number | null;
createTime: number | null;
lastReportedTime: number | null;
osVersion: string | null;
activationCodeExpiryTime: number | null;
sensorVersion: string | null;
registeredTime: number | null;
lastContact: number | null;
windowsPlatform: string | null;
vdiBaseDevice: string | null;
avStatus: string | null;
deregisteredTime: number | null;
sensorStates: string[] | null;
messages: string[] | null;
rootedBySensor: boolean | null;
rootedBySensorTime: number | null;
quarantined: boolean | null;
lastInternalIpAddress: string | null;
macAddress: string | null;
lastExternalIpAddress: string | null;
lastLocation: string | null;
sensorOutOfDate: boolean | null;
avUpdateServers: string[] | null;
passiveMode: boolean | null;
lastResetTime: number | null;
lastShutdownTime: number | null;
scanStatus: string | null;
scanLastActionTime: number | null;
scanLastCompleteTime: number | null;
linuxKernelVersion: number | null;
avEngine: string | null;
avProductVersion: string | null;
avAveVersion: string | null;
avPackVersion: string | null;
avVdfVersion: string | null;
avLastScanTime: number | null;
virtualMachine: boolean | null;
virtualizationProvider: string | null;
firstVirusActivityTime: number | null;
lastVirusActivityTime: number | null;
rootedByAnalytics: boolean | null;
rootedByAnalyticsTime: number | null;
testId: number | null;
avMaster: boolean | null;
encodedActivationCode: number | null;
originEventHash: number | null;
uninstalledTime: number | null;
name: string | null;
status: string | null;
policyId: number | null;
policyName: string | null;
}
export interface CbDefensePolicy extends CbDefensePolicyProperties {
policy: CbDefensePolicySettings;
}
export interface CbDefensePolicyProperties {
id: number;
version: number;
latestRevision: number;
priorityLevel: string;
systemPolicy: boolean;
name: string;
description: string | null;
}
export interface CbDefensePolicySettings {
id: number;
avSettings: any;
sensorSettings: any;
knownBadHashAutoDeleteDelayMs: any;
directoryActionRules: any;
rules: CbDefensePolicyRule[];
}
export interface CbDefensePolicyRule {
id: number;
application: {
type: string;
value: string;
};
required: boolean;
operation: string;
action: string;
}
import { CarbonBlackIntegrationConfig } from "./types";
export declare type CarbonBlackAccount = Opaque<any, "CarbonBlackAccount">;
export declare type CarbonBlackDeviceSensor = Opaque<any, "CarbonBlackDeviceSensor">;
export declare type CarbonBlackAlert = Opaque<any, "CarbonBlackAlert">;
export default class CbDefenseClient {
/**
* The Carbon Black cloud site, `eap01` in `https://defense-eap01.conferdeploy.net`.
*/
private site;
/**
* @see https://developer.carbonblack.com/reference/carbon-black-cloud/authentication/#explaining-the-url-parts
*/
private platformBaseUrl;
private axiosInstance;
private BASE_API_URL;
private logger;
private site;
constructor(config: CbDefenseIntegrationConfig, logger: IntegrationLogger);
getAccountDetails(): Promise<CbDefenseAccount>;
getSensorAgents(): Promise<CbDefenseSensor[]>;
getPolicies(): Promise<CbDefensePolicy[]>;
private forEachPage;
private collectAllPages;
private collectOnePage;
constructor(config: CarbonBlackIntegrationConfig, logger: IntegrationLogger);
getAccountDetails(): Promise<CarbonBlackAccount>;
iterateDevices(callback: (agent: CarbonBlackDeviceSensor) => void): Promise<void>;
iterateAlerts(callback: (alert: CarbonBlackAlert) => void, alertsSince: Date): Promise<void>;
private iterateResults;
}

127

dist/CbDefenseClient.js

@@ -12,21 +12,29 @@ "use strict";

function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } else { var newObj = {}; if (obj != null) { for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) { var desc = Object.defineProperty && Object.getOwnPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : {}; if (desc.get || desc.set) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } } newObj.default = obj; return newObj; } }
function _getRequireWildcardCache() { if (typeof WeakMap !== "function") return null; var cache = new WeakMap(); _getRequireWildcardCache = function () { return cache; }; return cache; }
function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
function _defineProperty(obj, key, value) { if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
class CbDefenseClient {
/**
* The Carbon Black cloud site, `eap01` in `https://defense-eap01.conferdeploy.net`.
*/
/**
* @see https://developer.carbonblack.com/reference/carbon-black-cloud/authentication/#explaining-the-url-parts
*/
constructor(config, logger) {
_defineProperty(this, "site", void 0);
_defineProperty(this, "platformBaseUrl", void 0);
_defineProperty(this, "axiosInstance", void 0);
_defineProperty(this, "BASE_API_URL", void 0);
_defineProperty(this, "logger", void 0);
_defineProperty(this, "site", void 0);
this.site = config.site;
this.BASE_API_URL = `https://api-${this.site}.conferdeploy.net/integrationServices/v3`;
this.platformBaseUrl = `https://defense-${this.site}.conferdeploy.net/appservices/v6/orgs/${config.orgKey}`;
this.logger = logger;
this.axiosInstance = axiosUtil.createInstance({
baseURL: this.BASE_API_URL,
headers: {

@@ -39,7 +47,8 @@ "X-Auth-Token": `${config.apiKey}/${config.connectorId}`

async getAccountDetails() {
this.logger.trace("Fetching a single Cb Defense device sensor agent...");
try {
const devices = await this.collectOnePage("device", "start=1&rows=1");
this.logger.trace({}, "Fetched one device sensor agent");
const response = await this.axiosInstance.post(`${this.platformBaseUrl}/devices/_search`, {
rows: 1,
start: 0
});
const devices = response.data.results;

@@ -49,7 +58,7 @@ if (devices && devices.length > 0) {

site: this.site,
organizationName: devices[0].organizationName,
organizationId: devices[0].organizationId
organization_name: devices[0].organization_name,
organization_id: devices[0].organization_id
};
} else {
throw new _jupiterManagedIntegrationSdk.IntegrationError("Unable to retrieve Cb Defense account details, no device sensor found");
throw new _jupiterManagedIntegrationSdk.IntegrationError("Unable to retrieve account details, no device sensor found");
}

@@ -62,3 +71,3 @@ } catch (err) {

cause: err,
message: "Unable to retrieve Cb Defense account details"
message: "Unable to retrieve account details"
});

@@ -69,55 +78,57 @@ }

async getSensorAgents() {
this.logger.trace("Fetching Cb Defense device sensor agents...");
const result = await this.collectAllPages("device");
this.logger.trace({}, "Fetched device sensor agents");
return result;
async iterateDevices(callback) {
return this.iterateResults({
platformPath: "/devices/_search",
callback
});
}
async getPolicies() {
this.logger.trace("Fetching Cb Defense policies...");
const result = await this.collectAllPages("policy");
this.logger.trace({}, "Fetched policies");
return result;
async iterateAlerts(callback, alertsSince) {
return this.iterateResults({
platformPath: "/alerts/_search",
criteria: {
create_time: {
start: alertsSince.toISOString(),
end: new Date().toISOString()
}
},
callback
});
}
async forEachPage(firstUri, eachFn) {
let nextPageUrl = `${this.BASE_API_URL}/${firstUri}`;
async iterateResults({
platformPath,
criteria,
callback
}) {
const platformUrl = `${this.platformBaseUrl}${platformPath}`;
const rows = 200;
let pagesProcessed = 0;
let rowsProcessed = 0;
let finished = false;
while (nextPageUrl) {
const response = await this.axiosInstance.get(nextPageUrl);
const page = response.data;
eachFn(page);
if (page.start && page.rows) {
if (page.totalResults < page.start + page.rows) {
nextPageUrl = `${this.BASE_API_URL}/${firstUri}?start=${page.start + page.rows + 1}&rows=${page.rows}`;
} else {
nextPageUrl = null;
}
} else {
nextPageUrl = null;
}
while (!finished) {
const start = rowsProcessed;
const response = await this.axiosInstance.post(platformUrl, {
rows,
start,
criteria
});
const results = response.data.results;
pagesProcessed++;
rowsProcessed += results.length;
finished = response.data.num_found <= rowsProcessed;
this.logger.info({
found: response.data.num_found,
rowsProcessed,
rowsTotal: rowsProcessed,
pagesProcessed,
finished
}, `Fetched page for ${platformUrl}`);
results.forEach(callback);
}
}
async collectAllPages(firstUri) {
const results = [];
await this.forEachPage(firstUri, page => {
for (const item of page.results) {
results.push(item);
}
});
return results;
}
async collectOnePage(uri, params) {
const url = `${this.BASE_API_URL}/${uri}?${params}`;
const response = await this.axiosInstance.get(url);
const page = response.data;
return page.results;
}
}
exports.default = CbDefenseClient;

65

dist/converters.d.ts

@@ -1,24 +0,41 @@

import { EntityFromIntegration, RelationshipFromIntegration } from "@jupiterone/jupiter-managed-integration-sdk";
import { CbDefenseAccount, CbDefensePolicy, CbDefenseSensor } from "./CbDefenseClient";
import { AgentDeviceRelationship, CbDefenseAccountEntity, CbDefensePolicyEntity, CbDefenseSensorEntity, CbDefenseServiceEntity } from "./types";
export declare function createAccountEntity(data: CbDefenseAccount): CbDefenseAccountEntity;
export declare function createServiceEntity(accountId: number): CbDefenseServiceEntity;
export declare function createSensorEntities(data: CbDefenseSensor[]): CbDefenseSensorEntity[];
export declare function createPolicyEntities(data: CbDefensePolicy[]): CbDefensePolicyEntity[];
export declare function createAccountRelationships(account: CbDefenseAccountEntity, entities: EntityFromIntegration[], type: string): RelationshipFromIntegration[];
export declare function createAccountRelationship(account: CbDefenseAccountEntity, entity: EntityFromIntegration, type: string): RelationshipFromIntegration;
export declare function createServicePolicyRelationships(service: CbDefenseServiceEntity, policies: CbDefensePolicyEntity[]): {
_class: string;
_fromEntityKey: string;
_key: string;
_toEntityKey: string;
_type: string;
}[];
export declare function createSensorPolicyRelationships(sensors: CbDefenseSensorEntity[]): {
_class: string;
_fromEntityKey: string;
_key: string;
_toEntityKey: string;
_type: string;
}[];
export declare function mapSensorToDeviceRelationship(agent: CbDefenseSensorEntity): AgentDeviceRelationship;
import { EntityFromIntegration, IntegrationRelationship, MappedRelationshipFromIntegration } from "@jupiterone/jupiter-managed-integration-sdk";
import { CarbonBlackAccount, CarbonBlackAlert, CarbonBlackDeviceSensor } from "./CbDefenseClient";
import { FindingSeverityNormal, FindingSeverityNormalName } from "./types";
/**
* An extension of `EntityFromIntegration` used to build mapped relationships to
* the actual user endpoint device entities.
*/
declare type DeviceSensorEntity = EntityFromIntegration & {
hostname: string;
macAddress?: string;
email: string;
lastExternalIpAddress: string;
lastInternalIpAddress: string;
os: string;
osVersion: string;
};
/**
* An extensions of `EntityFromIntegration` used to build a relationship between
* the sensor of a device and the alerts associated with the device.
*/
declare type AlertFindingEntity = EntityFromIntegration & {
deviceId: number;
};
export declare function createAccountEntity(data: CarbonBlackAccount): EntityFromIntegration;
export declare function createServiceEntity(site: string, organizationId: number): EntityFromIntegration;
export declare function createDeviceSensorEntity(data: CarbonBlackDeviceSensor): DeviceSensorEntity;
export declare function createAlertFindingEntity(data: CarbonBlackAlert): AlertFindingEntity;
/**
* Converts a Carbon Black alert numeric severity to J1 normalized
* numeric values.
*
* @see
* https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vmware-cb-defense-integration-confgiurtion-guide-v2.pdf
* @param numericSeverity the alert severity numeric value
*/
export declare function normalizeSeverity(numericSeverity: number): [FindingSeverityNormal, FindingSeverityNormalName];
export declare function createAccountServiceRelationship(account: EntityFromIntegration, service: EntityFromIntegration): IntegrationRelationship;
export declare function createAccountDeviceSensorRelationship(account: EntityFromIntegration, device: EntityFromIntegration): IntegrationRelationship;
export declare function mapSensorToDeviceRelationship(sensor: DeviceSensorEntity): MappedRelationshipFromIntegration;
export declare function createDeviceSensorAlertFindingRelationship(alertFinding: AlertFindingEntity): IntegrationRelationship;
export {};

308

dist/converters.js

@@ -8,10 +8,12 @@ "use strict";

exports.createServiceEntity = createServiceEntity;
exports.createSensorEntities = createSensorEntities;
exports.createPolicyEntities = createPolicyEntities;
exports.createAccountRelationships = createAccountRelationships;
exports.createAccountRelationship = createAccountRelationship;
exports.createServicePolicyRelationships = createServicePolicyRelationships;
exports.createSensorPolicyRelationships = createSensorPolicyRelationships;
exports.createDeviceSensorEntity = createDeviceSensorEntity;
exports.createAlertFindingEntity = createAlertFindingEntity;
exports.normalizeSeverity = normalizeSeverity;
exports.createAccountServiceRelationship = createAccountServiceRelationship;
exports.createAccountDeviceSensorRelationship = createAccountDeviceSensorRelationship;
exports.mapSensorToDeviceRelationship = mapSensorToDeviceRelationship;
exports.createDeviceSensorAlertFindingRelationship = createDeviceSensorAlertFindingRelationship;
var _camelCase = _interopRequireDefault(require("lodash/camelCase"));
var _jupiterManagedIntegrationSdk = require("@jupiterone/jupiter-managed-integration-sdk");

@@ -23,130 +25,190 @@

function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i] != null ? arguments[i] : {}; var ownKeys = Object.keys(source); if (typeof Object.getOwnPropertySymbols === 'function') { ownKeys = ownKeys.concat(Object.getOwnPropertySymbols(source).filter(function (sym) { return Object.getOwnPropertyDescriptor(source, sym).enumerable; })); } ownKeys.forEach(function (key) { _defineProperty(target, key, source[key]); }); } return target; }
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
function ownKeys(object, enumerableOnly) { var keys = Object.keys(object); if (Object.getOwnPropertySymbols) { var symbols = Object.getOwnPropertySymbols(object); if (enumerableOnly) symbols = symbols.filter(function (sym) { return Object.getOwnPropertyDescriptor(object, sym).enumerable; }); keys.push.apply(keys, symbols); } return keys; }
function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i] != null ? arguments[i] : {}; if (i % 2) { ownKeys(Object(source), true).forEach(function (key) { _defineProperty(target, key, source[key]); }); } else if (Object.getOwnPropertyDescriptors) { Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)); } else { ownKeys(Object(source)).forEach(function (key) { Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key)); }); } } return target; }
function _defineProperty(obj, key, value) { if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
function createAccountEntity(data) {
return {
_class: _types.ACCOUNT_ENTITY_CLASS,
_key: `carbonblack-account-${data.organizationId}`,
_type: _types.ACCOUNT_ENTITY_TYPE,
accountId: data.organizationId,
displayName: data.organizationName,
name: data.organizationName,
organization: data.organizationName.replace(/\.[a-z]{2,3}$/, ""),
webLink: `https://defense-${data.site}.conferdeploy.net`
};
function siteWeblink(site) {
return `https://defense-${site}.conferdeploy.net`;
}
function createServiceEntity(accountId) {
return {
_class: _types.SERVICE_ENTITY_CLASS,
_key: `${_types.SERVICE_ENTITY_TYPE}-${accountId}`,
_type: _types.SERVICE_ENTITY_TYPE,
displayName: "CB Endpoint Protection Service"
};
function createAccountEntity(data) {
return (0, _jupiterManagedIntegrationSdk.createIntegrationEntity)({
entityData: {
source: data,
assign: {
_key: `carbonblack-account-${data.organization_id}`,
_class: _types.ACCOUNT_ENTITY_CLASS,
_type: _types.ACCOUNT_ENTITY_TYPE,
accountId: data.organization_id,
name: data.organization_name,
organization: data.organization_name.replace(/\.[a-z]{2,3}$/, ""),
webLink: siteWeblink(data.site)
}
}
});
}
function createSensorEntities(data) {
return data.map(d => _objectSpread({}, d, {
_class: _types.SENSOR_ENTITY_CLASS,
_key: `cbdefense-sensor-${d.deviceId}`,
_type: _types.SENSOR_ENTITY_TYPE,
_rawData: [{
name: "default",
rawData: d
}],
displayName: d.name || "cbdefense-sensor",
hostname: (0, _normalizeHostname.normalizeHostname)(d.name),
active: d.status !== "INACTIVE" && d.sensorStates !== null && d.sensorStates.indexOf("ACTIVE") >= 0,
function: ["anti-malware", "activity-monitor"],
macAddress: d.macAddress && formatMacAddress(d.macAddress),
avLastScanTime: d.avLastScanTime ? d.avLastScanTime : null,
firstVirusActivityTime: d.firstVirusActivityTime ? d.firstVirusActivityTime : null,
lastVirusActivityTime: d.lastVirusActivityTime ? d.lastVirusActivityTime : null,
lastResetTime: d.lastResetTime ? d.lastResetTime : null,
lastSeenOn: d.lastContact ? d.lastContact : null
}));
function createServiceEntity(site, organizationId) {
return (0, _jupiterManagedIntegrationSdk.createIntegrationEntity)({
entityData: {
source: {},
assign: {
_key: `${_types.SERVICE_ENTITY_TYPE}-${organizationId}`,
_class: _types.SERVICE_ENTITY_CLASS,
_type: _types.SERVICE_ENTITY_TYPE,
name: "CB Endpoint Protection Service",
category: ["software", "other"],
endpoints: [siteWeblink(site)]
}
}
});
}
function createPolicyEntities(data) {
return data.map(d => ({
_class: _types.POLICY_ENTITY_CLASS,
_key: getPolicyKey(d.id),
_type: _types.POLICY_ENTITY_TYPE,
_rawData: [{
name: "default",
rawData: d
}],
displayName: d.name,
name: d.name,
description: d.description,
id: d.id,
version: d.version,
priorityLevel: d.priorityLevel,
systemPolicy: d.systemPolicy,
latestRevision: d.latestRevision
}));
}
const TIME_PROPERTY_NAME_REGEX = /^\w+_time$/;
function createAccountRelationships(account, entities, type) {
const relationships = [];
function convertTimeProperties(data) {
const timeProperties = {};
for (const entity of entities) {
relationships.push(createAccountRelationship(account, entity, type));
for (const key in data) {
if (TIME_PROPERTY_NAME_REGEX.test(key)) {
timeProperties[(0, _camelCase.default)(key)] = (0, _jupiterManagedIntegrationSdk.getTime)(data[key]);
}
}
return relationships;
return timeProperties;
}
function createAccountRelationship(account, entity, type) {
return {
_class: "HAS",
_fromEntityKey: account._key,
_key: `${account._key}_has_${entity._key}`,
_toEntityKey: entity._key,
_type: type
};
function createDeviceSensorEntity(data) {
return (0, _jupiterManagedIntegrationSdk.createIntegrationEntity)({
entityData: {
source: data,
assign: _objectSpread(_objectSpread(_objectSpread({}, (0, _jupiterManagedIntegrationSdk.convertProperties)(data)), convertTimeProperties(data)), {}, {
_key: deviceSensorKey(data.id),
_class: _types.DEVICE_SENSOR_ENTITY_CLASS,
_type: _types.DEVICE_SENSOR_ENTITY_TYPE,
id: String(data.id),
name: data.name || "cbdefense-sensor",
hostname: (0, _normalizeHostname.normalizeHostname)(data.name),
active: data.status !== "INACTIVE" && data.sensor_states != null && data.sensor_states.indexOf("ACTIVE") >= 0,
function: ["anti-malware", "activity-monitor"],
macAddress: formatMacAddress(data.mac_address),
lastSeenOn: (0, _jupiterManagedIntegrationSdk.getTime)(data.last_contact_time)
})
}
});
}
function createServicePolicyRelationships(service, policies) {
const relationships = [];
function deviceSensorKey(deviceId) {
return `cbdefense-sensor-${deviceId}`;
}
for (const p of policies) {
relationships.push({
_class: "ENFORCES",
_fromEntityKey: p._key,
_key: `${p._key}_enforces_${service._key}`,
_toEntityKey: service._key,
_type: _types.SENSOR_POLICY_RELATIONSHIP_TYPE
});
function createAlertFindingEntity(data) {
return (0, _jupiterManagedIntegrationSdk.createIntegrationEntity)({
entityData: {
source: data,
assign: _objectSpread(_objectSpread(_objectSpread({}, (0, _jupiterManagedIntegrationSdk.convertProperties)(data)), convertTimeProperties(data)), {}, {
_key: `cb-alert-${data.id}`,
_type: _types.ALERT_ENTITY_TYPE,
_class: _types.ALERT_ENTITY_CLASS,
name: data.threat_id.slice(0, 7),
createdOn: (0, _jupiterManagedIntegrationSdk.getTime)(data.create_time),
updatedOn: (0, _jupiterManagedIntegrationSdk.getTime)(data.last_update_time),
severity: normalizeSeverity(data.severity)[1],
numericSeverity: data.severity,
alertSeverity: severityString(data.severity),
// When the alert exists, it is considered open
open: true,
// TODO update integration SDK to latest data-model, which removes these
// as required properties
production: true,
public: true
})
}
});
}
/**
* Converts an Carbon Black alert numeric severity to a Carbon Black severity string. This is
* not a normalized value, but one described in their product guide. Providing
* this value allows users to search for terms documented by Carbon Black.
*
* @see
* https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vmware-cb-defense-integration-confgiurtion-guide-v2.pdf
* @param numericSeverity the alert severity numeric value
*/
function severityString(numericSeverity) {
if (numericSeverity < 4) {
return "Minor";
} else if (numericSeverity < 8) {
return "Severe";
} else if (numericSeverity < 11) {
return "Critical";
} else {
return "Unknown";
}
return relationships;
}
/**
* Converts a Carbon Black alert numeric severity to J1 normalized
* numeric values.
*
* @see
* https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vmware-cb-defense-integration-confgiurtion-guide-v2.pdf
* @param numericSeverity the alert severity numeric value
*/
function createSensorPolicyRelationships(sensors) {
const relationships = [];
for (const s of sensors) {
if (!!s.policyId) {
const policyKey = getPolicyKey(s.policyId);
relationships.push({
_class: "ASSIGNED",
_fromEntityKey: s._key,
_key: `${s._key}_assigned_${policyKey}`,
_toEntityKey: policyKey,
_type: _types.SENSOR_POLICY_RELATIONSHIP_TYPE
});
}
function normalizeSeverity(numericSeverity) {
const n = severity => {
return [severity, _types.FindingSeverityNormalNames[severity]];
};
if (numericSeverity === 0) {
return n(_types.FindingSeverityNormal.Informational);
} else if (numericSeverity < 4) {
return n(_types.FindingSeverityNormal.Low);
} else if (numericSeverity < 6) {
return n(_types.FindingSeverityNormal.Medium);
} else if (numericSeverity < 8) {
return n(_types.FindingSeverityNormal.High);
} else if (numericSeverity <= 10) {
return n(_types.FindingSeverityNormal.Critical);
} else {
return n(_types.FindingSeverityNormal.Unknown);
}
}
return relationships;
function createAccountServiceRelationship(account, service) {
return (0, _jupiterManagedIntegrationSdk.createIntegrationRelationship)({
_class: "HAS",
from: account,
to: service,
properties: {
_key: `${account._key}_has_${service._key}`,
_type: _types.ACCOUNT_SERVICE_RELATIONSHIP_TYPE
}
});
}
function mapSensorToDeviceRelationship(agent) {
const hostname = agent.hostname;
const targetFilterKeys = agent.macAddress ? [["_type", "macAddress"]] : [["_type", "hostname", "owner"]];
const platform = agent.deviceType && (agent.deviceType.match(/mac/i) ? "darwin" : agent.deviceType.toLowerCase());
const osDetails = agent.osVersion;
function createAccountDeviceSensorRelationship(account, device) {
return (0, _jupiterManagedIntegrationSdk.createIntegrationRelationship)({
_class: "HAS",
from: account,
to: device,
properties: {
_key: `${account._key}_has_${device._key}`,
_type: _types.ACCOUNT_DEVICE_SENSOR_RELATIONSHIP_TYPE
}
});
}
function mapSensorToDeviceRelationship(sensor) {
const hostname = sensor.hostname;
const targetFilterKeys = sensor.macAddress ? [["_type", "macAddress"]] : [["_type", "hostname", "owner"]];
const platform = sensor.os && sensor.os.match(/mac/i) ? "darwin" : sensor.os.toLowerCase();
const osDetails = sensor.osVersion;
const osPatternRegex = /^(mac os x|\w+)\s([0-9.]+)\s?(\w+)?$/i;

@@ -159,3 +221,3 @@ const osPatternMatch = osDetails && osDetails.match(osPatternRegex);

relationshipDirection: _jupiterManagedIntegrationSdk.RelationshipDirection.FORWARD,
sourceEntityKey: agent._key,
sourceEntityKey: sensor._key,
targetFilterKeys,

@@ -165,10 +227,10 @@ targetEntity: {

_class: _types.DEVICE_ENTITY_CLASS,
owner: agent.email,
owner: sensor.email,
displayName: hostname,
hostname,
macAddress: agent.macAddress,
publicIp: agent.lastExternalIpAddress,
publicIpAddress: agent.lastExternalIpAddress,
privateIp: agent.lastInternalIpAddress,
privateIpAddress: agent.lastInternalIpAddress,
macAddress: sensor.macAddress,
publicIp: sensor.lastExternalIpAddress,
publicIpAddress: sensor.lastExternalIpAddress,
privateIp: sensor.lastInternalIpAddress,
privateIpAddress: sensor.lastInternalIpAddress,
platform,

@@ -181,3 +243,3 @@ osDetails,

return {
_key: `${agent._key}|protects|device-${hostname}`,
_key: `${sensor._key}|protects|device-${hostname}`,
_type: _types.SENSOR_DEVICE_RELATIONSHIP_TYPE,

@@ -189,8 +251,16 @@ _class: "PROTECTS",

function getPolicyKey(policyId) {
return `cb-sensor-policy-${policyId}`;
function createDeviceSensorAlertFindingRelationship(alertFinding) {
return (0, _jupiterManagedIntegrationSdk.createIntegrationRelationship)({
_class: "IDENTIFIED",
fromKey: deviceSensorKey(alertFinding.deviceId),
fromType: _types.DEVICE_SENSOR_ENTITY_TYPE,
toKey: alertFinding._key,
toType: alertFinding._type
});
}
function formatMacAddress(macAddress) {
return macAddress.includes(":") ? macAddress.toLowerCase() : macAddress.toLowerCase().replace(/(.{2})(?!$)/g, "$1:");
if (macAddress) {
return macAddress.includes(":") ? macAddress.toLowerCase() : macAddress.toLowerCase().replace(/(.{2})(?!$)/g, "$1:");
}
}

47

dist/docs/graph-cbdefense.md

@@ -5,28 +5,30 @@ # Carbon Black PSC

JupiterOne provides a managed integration with Carbon Black (Cb) Predictive
Security Cloud (PSC). The integration connects directly to Carbon Black PSC APIs
to obtain configuration about its device sensors/agents, starting with Cb
Defense sensors. Customers authorize access by creating a Connector and an API
Key in their target PSC account and providing that credential to JupiterOne.
JupiterOne provides a managed integration for Carbon Black Cloud Platform
(formerly the Predictive Security Cloud, or PSC). The integration connects
directly to Carbon Black APIs to obtain details about device sensors/agents and
active alerts. Customers authorize access by creating a Connector and an API Key
in their target PSC account and providing that credential to JupiterOne.
## Integration Instance Configuration
The integration is triggered by an event containing the information for a
specific integration instance.
You must [set up an Access Level and API Key][1] in the Carbon Black Cloud
Console to allow access to the Devices and Alerts APIs.
The integration instance configuration requires the following three parameters
for API authentication:
1. **Settings > API Access > Access Levels: Add Access Level**: Name "JupiterOne
Read Only" (or match your naming patterns), permissions `device: READ`,
`org.alerts: READ`, `org.retention: READ`,
1. **Settings > API Access > API Keys: Add API Key**: Name "JupiterOne" (or
match your naming patterns), Access Level Type "Custom", "JupiterOne Read
Only". Capture the _API Secret Key_ and _API ID_.
- **Site** (`site`): The part immediately follows `defense-` in your Carbon
Black PSC / CbDefense account URL. For example, if you access your account at
`https://defense-prod05.conferdeploy.net/`, the `site` is `prod05`
With the Access Level and API Key now configured, you'll need to provide these
parameters to the integration instance configuration:
- **API Key** (`apiKey`): Go to **Settings > Connectors** from the web console
of your Carbon Black account, then click on **Add Connector** button, give it
a _Name_, select **API** for the _Connector Type_ to create a connector. The
**API Key** is displayed to you on screen.
- **Site/Environment** (`site`): The part immediately following `defense-` in
your Carbon Black Cloud account URL. For example, if you access your account
at `https://defense-prod05.conferdeploy.net/`, the `site` is `prod05`.
- **Org Key** (`orgKey`): From **Settings > API Access**, capture the _Org Key_.
- **API ID** (`connectorId`): Captured during API Key creation.
- **API Key** (`apiKey`): Captured during API Key creation.
- **Connector ID** (`connectorId`): Once a _Connector_ is created, you will see
the **Connector ID** on the list.
## Entities

@@ -41,3 +43,3 @@

| Device Sensor Agent | `cbdefense_sensor` : `HostAgent` |
| Sensor Policy | `cb_sensor_policy` : `ControlPolicy` |
| Alert | `cbdefense_alert` : `Finding` |

@@ -52,3 +54,6 @@ ## Relationships

| `carbonblack_psc_account` **HAS** `cb_endpoint_protection` |
| `cb_sensor_policy` **ENFORCES** `cb_endpoint_protection` |
| `cbdefense_sensor` **ASSIGNED** `cb_sensor_policy` |
| `cbdefense_sensor` **IDENTIFIED** `cbdefense_alert` |
[1]:
https://developer.carbonblack.com/reference/carbon-black-cloud/authentication/

2

dist/docs/metadata.json
{
"version": "0.8.1"
"version": "1.0.0"
}

112

dist/executionHandler.js

@@ -8,2 +8,4 @@ "use strict";

var _jupiterManagedIntegrationSdk = require("@jupiterone/jupiter-managed-integration-sdk");
var _converters = require("./converters");

@@ -18,37 +20,97 @@

async function executionHandler(context) {
const cbContext = (0, _initializeContext.default)(context);
const {
graph,
persister,
provider
} = (0, _initializeContext.default)(context);
const [oldAccountEntities, oldSensorEntities, oldServiceEntities, oldPolicyEntities, oldAccountSensorRelationships, oldAccountServiceRelationships, oldServicePolicyRelationships, oldSensorPolicyRelationships, oldMappedDeviceRelationships] = await Promise.all([graph.findAllEntitiesByType(_types.ACCOUNT_ENTITY_TYPE), graph.findEntitiesByType(_types.SENSOR_ENTITY_TYPE), graph.findEntitiesByType(_types.SERVICE_ENTITY_TYPE), graph.findEntitiesByType(_types.POLICY_ENTITY_TYPE), graph.findRelationshipsByType(_types.ACCOUNT_SENSOR_RELATIONSHIP_TYPE), graph.findRelationshipsByType(_types.ACCOUNT_SERVICE_RELATIONSHIP_TYPE), graph.findRelationshipsByType(_types.SERVICE_POLICY_RELATIONSHIP_TYPE), graph.findRelationshipsByType(_types.SENSOR_POLICY_RELATIONSHIP_TYPE), graph.findRelationshipsByType(_types.SENSOR_DEVICE_RELATIONSHIP_TYPE)]);
const [newAccountEntities, newSensorEntities, newPolicyEntities] = await Promise.all([fetchAccountEntitiesFromProvider(provider), fetchSensorEntitiesFromProvider(provider), fetchPolicyEntitiesFromProvider(provider)]);
const [accountEntity] = newAccountEntities;
const serviceEntity = (0, _converters.createServiceEntity)(accountEntity.accountId);
const newServiceEntities = [serviceEntity];
const newAccountServiceRelationships = (0, _converters.createAccountRelationships)(accountEntity, newServiceEntities, _types.ACCOUNT_SENSOR_RELATIONSHIP_TYPE);
const newAccountSensorRelationships = (0, _converters.createAccountRelationships)(accountEntity, newSensorEntities, _types.ACCOUNT_SERVICE_RELATIONSHIP_TYPE);
const newMappedDeviceRelationships = [];
for (const e of newSensorEntities) {
newMappedDeviceRelationships.push((0, _converters.mapSensorToDeviceRelationship)(e));
}
const newServicePolicyRelationships = (0, _converters.createServicePolicyRelationships)(serviceEntity, newPolicyEntities);
const newSensorPolicyRelationships = (0, _converters.createSensorPolicyRelationships)(newSensorEntities);
} = cbContext;
const results = [];
const accountData = await provider.getAccountDetails();
const newAccountEntity = (0, _converters.createAccountEntity)(accountData);
const newServiceEntity = (0, _converters.createServiceEntity)(accountData.site, accountData.organization_id);
results.push(await syncAccountAndService(cbContext, newAccountEntity, newServiceEntity));
results.push(await syncDeviceSensors(cbContext, newAccountEntity));
results.push(await syncAlertFindings(cbContext));
return {
operations: await persister.publishPersisterOperations([[...persister.processEntities(oldAccountEntities, newAccountEntities), ...persister.processEntities(oldSensorEntities, newSensorEntities), ...persister.processEntities(oldServiceEntities, newServiceEntities), ...persister.processEntities(oldPolicyEntities, newPolicyEntities)], [...persister.processRelationships(oldAccountServiceRelationships, newAccountServiceRelationships), ...persister.processRelationships(oldAccountSensorRelationships, newAccountSensorRelationships), ...persister.processRelationships(oldSensorPolicyRelationships, newSensorPolicyRelationships), ...persister.processRelationships(oldServicePolicyRelationships, newServicePolicyRelationships), ...persister.processRelationships(oldMappedDeviceRelationships, newMappedDeviceRelationships)]])
operations: (0, _jupiterManagedIntegrationSdk.summarizePersisterOperationsResults)(...results)
};
}
async function fetchAccountEntitiesFromProvider(provider) {
return [(0, _converters.createAccountEntity)((await provider.getAccountDetails()))];
async function syncDeviceSensors(context, newAccountEntity) {
const {
provider,
graph,
persister
} = context;
const newDeviceSensorEntities = [];
const newAccountDeviceSensorRelationships = [];
const newMappedDeviceRelationships = [];
await provider.iterateDevices(device => {
const newDeviceSensorEntity = (0, _converters.createDeviceSensorEntity)(device);
newDeviceSensorEntities.push(newDeviceSensorEntity);
newAccountDeviceSensorRelationships.push((0, _converters.createAccountDeviceSensorRelationship)(newAccountEntity, newDeviceSensorEntity));
newMappedDeviceRelationships.push((0, _converters.mapSensorToDeviceRelationship)(newDeviceSensorEntity));
});
const oldDeviceSensorEntities = await graph.findEntitiesByType(_types.DEVICE_SENSOR_ENTITY_TYPE);
const [oldAccountDeviceSensorRelationships, oldMappedDeviceRelationships] = await Promise.all([graph.findRelationshipsByType(_types.ACCOUNT_DEVICE_SENSOR_RELATIONSHIP_TYPE), graph.findRelationshipsByType(_types.SENSOR_DEVICE_RELATIONSHIP_TYPE)]);
return persister.publishPersisterOperations([persister.processEntities({
oldEntities: oldDeviceSensorEntities,
newEntities: newDeviceSensorEntities
}), [...persister.processRelationships({
oldRelationships: oldAccountDeviceSensorRelationships,
newRelationships: newAccountDeviceSensorRelationships
}), ...persister.processRelationships({
oldRelationships: oldMappedDeviceRelationships,
newRelationships: newMappedDeviceRelationships
})]]);
}
async function fetchSensorEntitiesFromProvider(provider) {
return (0, _converters.createSensorEntities)((await provider.getSensorAgents()));
async function syncAccountAndService(context, newAccountEntity, newServiceEntity) {
const {
graph,
persister
} = context;
const [oldAccountEntities, oldServiceEntities] = await Promise.all([graph.findAllEntitiesByType(_types.ACCOUNT_ENTITY_TYPE), graph.findEntitiesByType(_types.SERVICE_ENTITY_TYPE)]);
const oldAccountServiceRelationships = await graph.findRelationshipsByType(_types.ACCOUNT_SERVICE_RELATIONSHIP_TYPE);
return persister.publishPersisterOperations([[...persister.processEntities({
oldEntities: oldAccountEntities,
newEntities: [newAccountEntity]
}), ...persister.processEntities({
oldEntities: oldServiceEntities,
newEntities: [newServiceEntity]
})], persister.processRelationships({
oldRelationships: oldAccountServiceRelationships,
newRelationships: [(0, _converters.createAccountServiceRelationship)(newAccountEntity, newServiceEntity)]
})]);
}
async function fetchPolicyEntitiesFromProvider(provider) {
return (0, _converters.createPolicyEntities)((await provider.getPolicies()));
async function syncAlertFindings(context) {
const {
provider,
persister
} = context;
const alertsSinceDate = await determineAlertsSinceDate(context.clients.getClients().integrationService);
const recentAlertFindingEntities = [];
const deviceSensorAlertFindingRelationships = [];
await provider.iterateAlerts(alert => {
const newFindingEntity = (0, _converters.createAlertFindingEntity)(alert);
recentAlertFindingEntities.push(newFindingEntity);
deviceSensorAlertFindingRelationships.push((0, _converters.createDeviceSensorAlertFindingRelationship)(newFindingEntity));
}, alertsSinceDate);
return persister.publishPersisterOperations([persister.processEntities({
oldEntities: [],
newEntities: recentAlertFindingEntities
}), persister.processRelationships({
oldRelationships: [],
newRelationships: deviceSensorAlertFindingRelationships
})]);
}
async function determineAlertsSinceDate(integrationService) {
const lastSuccessStartTime = await integrationService.lastSuccessfulSynchronizationTime();
if (lastSuccessStartTime) {
return new Date(lastSuccessStartTime);
} else {
const fiveDaysMs = 1000 * 60 * 60 * 24 * 5;
return new Date(Date.now() - fiveDaysMs);
}
}

18

dist/index.js

@@ -15,2 +15,20 @@ "use strict";

const invocationConfig = {
instanceConfigFields: {
site: {
type: "string",
mask: false
},
orgKey: {
type: "string",
mask: false
},
connectorId: {
type: "string",
mask: false
},
apiKey: {
type: "string",
mask: true
}
},
executionHandler: _executionHandler.default,

@@ -17,0 +35,0 @@ invocationValidator: _invocationValidator.default

6

dist/initializeContext.js

@@ -12,10 +12,12 @@ "use strict";

function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i] != null ? arguments[i] : {}; var ownKeys = Object.keys(source); if (typeof Object.getOwnPropertySymbols === 'function') { ownKeys = ownKeys.concat(Object.getOwnPropertySymbols(source).filter(function (sym) { return Object.getOwnPropertyDescriptor(source, sym).enumerable; })); } ownKeys.forEach(function (key) { _defineProperty(target, key, source[key]); }); } return target; }
function ownKeys(object, enumerableOnly) { var keys = Object.keys(object); if (Object.getOwnPropertySymbols) { var symbols = Object.getOwnPropertySymbols(object); if (enumerableOnly) symbols = symbols.filter(function (sym) { return Object.getOwnPropertyDescriptor(object, sym).enumerable; }); keys.push.apply(keys, symbols); } return keys; }
function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i] != null ? arguments[i] : {}; if (i % 2) { ownKeys(Object(source), true).forEach(function (key) { _defineProperty(target, key, source[key]); }); } else if (Object.getOwnPropertyDescriptors) { Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)); } else { ownKeys(Object(source)).forEach(function (key) { Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key)); }); } } return target; }
function _defineProperty(obj, key, value) { if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
function initializeContext(context) {
return _objectSpread({}, context, context.clients.getClients(), {
return _objectSpread(_objectSpread(_objectSpread({}, context), context.clients.getClients()), {}, {
provider: new _CbDefenseClient.default(context.instance.config, context.logger)
});
}

7

dist/invocationValidator.js

@@ -41,2 +41,3 @@ "use strict";

site,
orgKey,
connectorId,

@@ -46,8 +47,8 @@ apiKey

if (!(site && connectorId && apiKey)) {
throw new _jupiterManagedIntegrationSdk.IntegrationInstanceConfigError("Configuration requires site, connectorId, and apiKey");
if (!(site && orgKey && connectorId && apiKey)) {
throw new _jupiterManagedIntegrationSdk.IntegrationInstanceConfigError("Configuration requires site, orgKey, connectorId, and apiKey");
}
if (site.match("conferdeploy")) {
throw new _jupiterManagedIntegrationSdk.IntegrationInstanceConfigError("Site is invalid, should be for example `prod05` in `https://defense-prod05.conferdeploy.net/`");
throw new _jupiterManagedIntegrationSdk.IntegrationInstanceConfigError("Site is invalid; should be the environment only, not the full dashboard URL. For example, `prod05` in `https://defense-prod05.conferdeploy.net/`");
}

@@ -54,0 +55,0 @@

55

dist/types.d.ts

@@ -1,9 +0,9 @@

import { EntityFromIntegration, GraphClient, IntegrationExecutionContext, MappedRelationshipFromIntegration, PersisterClient } from "@jupiterone/jupiter-managed-integration-sdk";
import CbDefenseClient, { CbDefensePolicyProperties, CbDefenseSensor } from "./CbDefenseClient";
import { GraphClient, IntegrationExecutionContext, PersisterClient } from "@jupiterone/jupiter-managed-integration-sdk";
import CbDefenseClient from "./CbDefenseClient";
export declare const PROVIDER_NAME = "carbonblack_psc";
export declare const ACCOUNT_ENTITY_TYPE: string;
export declare const ACCOUNT_ENTITY_CLASS = "Account";
export declare const SENSOR_ENTITY_TYPE = "cbdefense_sensor";
export declare const SENSOR_ENTITY_CLASS = "HostAgent";
export declare const ACCOUNT_SENSOR_RELATIONSHIP_TYPE: string;
export declare const DEVICE_SENSOR_ENTITY_TYPE = "cbdefense_sensor";
export declare const DEVICE_SENSOR_ENTITY_CLASS = "HostAgent";
export declare const ACCOUNT_DEVICE_SENSOR_RELATIONSHIP_TYPE: string;
export declare const DEVICE_ENTITY_TYPE = "user_endpoint";

@@ -15,8 +15,7 @@ export declare const DEVICE_ENTITY_CLASS: string[];

export declare const ACCOUNT_SERVICE_RELATIONSHIP_TYPE: string;
export declare const POLICY_ENTITY_TYPE = "cb_sensor_policy";
export declare const POLICY_ENTITY_CLASS: string[];
export declare const SERVICE_POLICY_RELATIONSHIP_TYPE: string;
export declare const SENSOR_POLICY_RELATIONSHIP_TYPE: string;
export interface CbDefenseIntegrationConfig {
export declare const ALERT_ENTITY_TYPE = "cbdefense_alert";
export declare const ALERT_ENTITY_CLASS: string[];
export interface CarbonBlackIntegrationConfig {
site: string;
orgKey: string;
connectorId: string;

@@ -30,17 +29,25 @@ apiKey: string;

}
export interface CbDefenseAccountEntity extends EntityFromIntegration {
accountId: number;
name: string;
organization: string;
export declare enum FindingSeverityNormal {
Unknown = -1,
Informational = 0,
Low = 1,
Medium = 2,
High = 3,
Critical = 4
}
export interface CbDefenseServiceEntity extends EntityFromIntegration {
displayName: string;
export declare enum FindingSeverityNormalName {
Unknown = "Unknown",
Informational = "Informational",
Low = "Low",
Medium = "Medium",
High = "High",
Critical = "Critical"
}
export interface CbDefenseSensorEntity extends EntityFromIntegration, CbDefenseSensor {
hostname: string | undefined;
active: boolean;
function: string[];
}
export interface CbDefensePolicyEntity extends EntityFromIntegration, CbDefensePolicyProperties {
}
export declare type AgentDeviceRelationship = MappedRelationshipFromIntegration;
export declare const FindingSeverityNormalNames: {
[-1]: FindingSeverityNormalName;
0: FindingSeverityNormalName;
1: FindingSeverityNormalName;
2: FindingSeverityNormalName;
3: FindingSeverityNormalName;
4: FindingSeverityNormalName;
};

61

dist/types.js

@@ -6,3 +6,3 @@ "use strict";

});
exports.SENSOR_POLICY_RELATIONSHIP_TYPE = exports.SERVICE_POLICY_RELATIONSHIP_TYPE = exports.POLICY_ENTITY_CLASS = exports.POLICY_ENTITY_TYPE = exports.ACCOUNT_SERVICE_RELATIONSHIP_TYPE = exports.SERVICE_ENTITY_CLASS = exports.SERVICE_ENTITY_TYPE = exports.SENSOR_DEVICE_RELATIONSHIP_TYPE = exports.DEVICE_ENTITY_CLASS = exports.DEVICE_ENTITY_TYPE = exports.ACCOUNT_SENSOR_RELATIONSHIP_TYPE = exports.SENSOR_ENTITY_CLASS = exports.SENSOR_ENTITY_TYPE = exports.ACCOUNT_ENTITY_CLASS = exports.ACCOUNT_ENTITY_TYPE = exports.PROVIDER_NAME = void 0;
exports.FindingSeverityNormalNames = exports.FindingSeverityNormalName = exports.FindingSeverityNormal = exports.ALERT_ENTITY_CLASS = exports.ALERT_ENTITY_TYPE = exports.ACCOUNT_SERVICE_RELATIONSHIP_TYPE = exports.SERVICE_ENTITY_CLASS = exports.SERVICE_ENTITY_TYPE = exports.SENSOR_DEVICE_RELATIONSHIP_TYPE = exports.DEVICE_ENTITY_CLASS = exports.DEVICE_ENTITY_TYPE = exports.ACCOUNT_DEVICE_SENSOR_RELATIONSHIP_TYPE = exports.DEVICE_SENSOR_ENTITY_CLASS = exports.DEVICE_SENSOR_ENTITY_TYPE = exports.ACCOUNT_ENTITY_CLASS = exports.ACCOUNT_ENTITY_TYPE = exports.PROVIDER_NAME = void 0;
const PROVIDER_NAME = "carbonblack_psc";

@@ -14,8 +14,8 @@ exports.PROVIDER_NAME = PROVIDER_NAME;

exports.ACCOUNT_ENTITY_CLASS = ACCOUNT_ENTITY_CLASS;
const SENSOR_ENTITY_TYPE = "cbdefense_sensor";
exports.SENSOR_ENTITY_TYPE = SENSOR_ENTITY_TYPE;
const SENSOR_ENTITY_CLASS = "HostAgent";
exports.SENSOR_ENTITY_CLASS = SENSOR_ENTITY_CLASS;
const ACCOUNT_SENSOR_RELATIONSHIP_TYPE = ACCOUNT_ENTITY_TYPE + "_has_sensor";
exports.ACCOUNT_SENSOR_RELATIONSHIP_TYPE = ACCOUNT_SENSOR_RELATIONSHIP_TYPE;
const DEVICE_SENSOR_ENTITY_TYPE = "cbdefense_sensor";
exports.DEVICE_SENSOR_ENTITY_TYPE = DEVICE_SENSOR_ENTITY_TYPE;
const DEVICE_SENSOR_ENTITY_CLASS = "HostAgent";
exports.DEVICE_SENSOR_ENTITY_CLASS = DEVICE_SENSOR_ENTITY_CLASS;
const ACCOUNT_DEVICE_SENSOR_RELATIONSHIP_TYPE = ACCOUNT_ENTITY_TYPE + "_has_sensor";
exports.ACCOUNT_DEVICE_SENSOR_RELATIONSHIP_TYPE = ACCOUNT_DEVICE_SENSOR_RELATIONSHIP_TYPE;
const DEVICE_ENTITY_TYPE = "user_endpoint";

@@ -25,3 +25,3 @@ exports.DEVICE_ENTITY_TYPE = DEVICE_ENTITY_TYPE;

exports.DEVICE_ENTITY_CLASS = DEVICE_ENTITY_CLASS;
const SENSOR_DEVICE_RELATIONSHIP_TYPE = SENSOR_ENTITY_TYPE + "_protects_device";
const SENSOR_DEVICE_RELATIONSHIP_TYPE = DEVICE_SENSOR_ENTITY_TYPE + "_protects_device";
exports.SENSOR_DEVICE_RELATIONSHIP_TYPE = SENSOR_DEVICE_RELATIONSHIP_TYPE;

@@ -34,9 +34,38 @@ const SERVICE_ENTITY_TYPE = "cb_endpoint_protection";

exports.ACCOUNT_SERVICE_RELATIONSHIP_TYPE = ACCOUNT_SERVICE_RELATIONSHIP_TYPE;
const POLICY_ENTITY_TYPE = "cb_sensor_policy";
exports.POLICY_ENTITY_TYPE = POLICY_ENTITY_TYPE;
const POLICY_ENTITY_CLASS = ["ControlPolicy", "Ruleset"];
exports.POLICY_ENTITY_CLASS = POLICY_ENTITY_CLASS;
const SERVICE_POLICY_RELATIONSHIP_TYPE = POLICY_ENTITY_TYPE + "_enforces_endpoint_protection_service";
exports.SERVICE_POLICY_RELATIONSHIP_TYPE = SERVICE_POLICY_RELATIONSHIP_TYPE;
const SENSOR_POLICY_RELATIONSHIP_TYPE = SENSOR_ENTITY_TYPE + "_assigned_policy";
exports.SENSOR_POLICY_RELATIONSHIP_TYPE = SENSOR_POLICY_RELATIONSHIP_TYPE;
const ALERT_ENTITY_TYPE = "cbdefense_alert";
exports.ALERT_ENTITY_TYPE = ALERT_ENTITY_TYPE;
const ALERT_ENTITY_CLASS = ["Finding"];
exports.ALERT_ENTITY_CLASS = ALERT_ENTITY_CLASS;
let FindingSeverityNormal;
exports.FindingSeverityNormal = FindingSeverityNormal;
(function (FindingSeverityNormal) {
FindingSeverityNormal[FindingSeverityNormal["Unknown"] = -1] = "Unknown";
FindingSeverityNormal[FindingSeverityNormal["Informational"] = 0] = "Informational";
FindingSeverityNormal[FindingSeverityNormal["Low"] = 1] = "Low";
FindingSeverityNormal[FindingSeverityNormal["Medium"] = 2] = "Medium";
FindingSeverityNormal[FindingSeverityNormal["High"] = 3] = "High";
FindingSeverityNormal[FindingSeverityNormal["Critical"] = 4] = "Critical";
})(FindingSeverityNormal || (exports.FindingSeverityNormal = FindingSeverityNormal = {}));
let FindingSeverityNormalName;
exports.FindingSeverityNormalName = FindingSeverityNormalName;
(function (FindingSeverityNormalName) {
FindingSeverityNormalName["Unknown"] = "Unknown";
FindingSeverityNormalName["Informational"] = "Informational";
FindingSeverityNormalName["Low"] = "Low";
FindingSeverityNormalName["Medium"] = "Medium";
FindingSeverityNormalName["High"] = "High";
FindingSeverityNormalName["Critical"] = "Critical";
})(FindingSeverityNormalName || (exports.FindingSeverityNormalName = FindingSeverityNormalName = {}));
const FindingSeverityNormalNames = {
[FindingSeverityNormal.Unknown]: FindingSeverityNormalName.Unknown,
[FindingSeverityNormal.Informational]: FindingSeverityNormalName.Informational,
[FindingSeverityNormal.Low]: FindingSeverityNormalName.Low,
[FindingSeverityNormal.Medium]: FindingSeverityNormalName.Medium,
[FindingSeverityNormal.High]: FindingSeverityNormalName.High,
[FindingSeverityNormal.Critical]: FindingSeverityNormalName.Critical
};
exports.FindingSeverityNormalNames = FindingSeverityNormalNames;

25

package.json
{
"name": "@jupiterone/graph-cbdefense",
"version": "0.8.1",
"version": "1.0.0",
"description": "JupiterOne managed integration for Carbon Black Defense.",

@@ -17,4 +17,4 @@ "main": "dist/index.js",

"start": "ts-node --require dotenv/config tools/execute.ts | bunyan",
"start:graph": "docker run -d --rm --name jupiterone-local-graph -p 8182:8182 tinkerpop/gremlin-server:3.3",
"stop:graph": "docker stop jupiterone-local-graph",
"start:containers": "docker-compose up -d",
"stop:containers": "docker-compose down",
"prebuild": "yarn test",

@@ -25,2 +25,3 @@ "build": "rm -rf dist/* && yarn build:types && yarn build:src && yarn build:docs",

"build:types": "tsc --project tsconfig.dist.json --declaration --emitDeclarationOnly",
"prepack": "yarn build",
"lint": "yarn lint:ts && yarn lint:md",

@@ -33,4 +34,5 @@ "lint:md": "remark .",

"dependencies": {
"@jupiterone/jupiter-managed-integration-sdk": "^33.7.5",
"axios": "^0.18.0"
"@jupiterone/jupiter-managed-integration-sdk": "^34.0.0",
"axios": "^0.18.0",
"lodash": "^4.17.15"
},

@@ -48,4 +50,6 @@ "devDependencies": {

"@types/jest": "^24.0.0",
"@types/lodash": "^4.14.155",
"@types/node": "~8.10.0",
"@types/uuid": "^3.4.4",
"aws-sdk": "^2.696.0",
"bunyan": "^1.8.12",

@@ -60,7 +64,7 @@ "dotenv": "^8.0.0",

"prettier": "1.17.1",
"remark-cli": "^6.0.1",
"remark-lint": "^6.0.4",
"remark-preset-lint-consistent": "^2.0.2",
"remark-preset-lint-markdown-style-guide": "^2.1.2",
"remark-preset-lint-recommended": "^3.0.2",
"remark-cli": "^8.0.0",
"remark-lint": "^7.0.0",
"remark-preset-lint-consistent": "^3.0.0",
"remark-preset-lint-markdown-style-guide": "^3.0.0",
"remark-preset-lint-recommended": "^4.0.0",
"ts-jest": "^24.0.0",

@@ -70,2 +74,3 @@ "ts-node": "^8.1.0",

"tslint-config-prettier": "^1.18.0",
"type-fest": "^0.15.1",
"typescript": "^3.4.5"

@@ -72,0 +77,0 @@ },

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc