splunk-soar-connectors · ishans-crest · Sep 10, 2024 · Aug 15, 2024 · Aug 15, 2024 · Aug 16, 2024
diff --git a/README.md b/README.md
@@ -2,11 +2,11 @@
 # Metadefender Sandbox
 
 Publisher: OPSWAT  
-Connector Version: 1.2.0  
+Connector Version: 1.2.1  
 Product Vendor: OPSWAT  
 Product Name: MetaDefender Sandbox  
 Product Version Supported (regex): ".\*"  
-Minimum Product Version: 6.1.1  
+Minimum Product Version: 6.2.1  
 
 MetaDefender Sandbox (previously known as OPSWAT Filescan Sandbox) is a unique adaptive threat analysis technology, enabling zero-day malware detection and comprehensive Indicator of Compromise (IOC) extraction
 
@@ -125,7 +125,7 @@ action_result.data.\*.allSignalGroups.\*.signals.\*.signalReadable | string |  |
 action_result.data.\*.allSignalGroups.\*.signals.\*.strength | numeric |  |   0.25 
 action_result.data.\*.allSignalGroups.\*.verdict.confidence | numeric |  |   1 
 action_result.data.\*.allSignalGroups.\*.verdict.threatLevel | numeric |  |   0.2 
-action_result.data.\*.allSignalGroups.\*.verdict.verdict | string |  |   INFORMATIONAL 
+action_result.data.\*.allSignalGroups.\*.verdict.verdict | string |  |   NO_THREAT 
 action_result.data.\*.allTags.\*.isRootTag | boolean |  |   True  False 
 action_result.data.\*.allTags.\*.source | string |  |   MEDIA_TYPE 
 action_result.data.\*.allTags.\*.sourceIdentifier | string |  |   0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqr 
@@ -210,13 +210,13 @@ action_result.data.\*.taskReference.state | string |  |   SUCCESS
 action_result.summary.flow_id | string |  |   0123456789abcdefghijklmn 
 action_result.summary.rejected_reasons.\* | string |  |   ARCHIVE_ENCRYPTED 
 action_result.summary.total_benign | numeric |  |   3 
-action_result.summary.total_informational | numeric |  |   3 
+action_result.summary.total_no_threat | numeric |  |   3 
 action_result.summary.total_likely_malicious | numeric |  |   3 
 action_result.summary.total_malicious | numeric |  |   3 
 action_result.summary.total_rejected | numeric |  |   1 
 action_result.summary.total_suspicious | numeric |  |   3 
 action_result.summary.total_unknown | numeric |  |   3 
-action_result.message | string |  |   Total benign: 1, Total unknown: 0, Total informational: 0, Total suspicious: 0, Total likely malicious: 0, Total malicious: 0, Total rejected: 0, Rejected reasons: [], Flow id: 1234 
+action_result.message | string |  |   Total benign: 1, Total unknown: 0, Total no threat: 0, Total suspicious: 0, Total likely malicious: 0, Total malicious: 0, Total rejected: 0, Rejected reasons: [], Flow id: 1234 
 summary.total_objects | numeric |  |   2 
 summary.total_objects_successful | numeric |  |   2   
 
@@ -257,7 +257,7 @@ action_result.data.\*.allSignalGroups.\*.signals.\*.signalReadable | string |  |
 action_result.data.\*.allSignalGroups.\*.signals.\*.strength | numeric |  |   0.25 
 action_result.data.\*.allSignalGroups.\*.verdict.confidence | numeric |  |   1 
 action_result.data.\*.allSignalGroups.\*.verdict.threatLevel | numeric |  |   0.2 
-action_result.data.\*.allSignalGroups.\*.verdict.verdict | string |  |   INFORMATIONAL 
+action_result.data.\*.allSignalGroups.\*.verdict.verdict | string |  |   NO_THREAT 
 action_result.data.\*.allTags.\*.isRootTag | boolean |  |   True  False 
 action_result.data.\*.allTags.\*.source | string |  |   MEDIA_TYPE 
 action_result.data.\*.allTags.\*.sourceIdentifier | string |  |   0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqr 
@@ -342,13 +342,13 @@ action_result.data.\*.taskReference.state | string |  |   SUCCESS
 action_result.summary.flow_id | string |  |   0123456789abcdefghijklmn 
 action_result.summary.rejected_reasons.\* | string |  |   ARCHIVE_ENCRYPTED 
 action_result.summary.total_benign | numeric |  |   3 
-action_result.summary.total_informational | numeric |  |   3 
+action_result.summary.total_no_threat | numeric |  |   3 
 action_result.summary.total_likely_malicious | numeric |  |   3 
 action_result.summary.total_malicious | numeric |  |   3 
 action_result.summary.total_rejected | numeric |  |   1 
 action_result.summary.total_suspicious | numeric |  |   3 
 action_result.summary.total_unknown | numeric |  |   3 
-action_result.message | string |  |   Total benign: 1, Total unknown: 0, Total informational: 0, Total suspicious: 0, Total likely malicious: 0, Total malicious: 0, Total rejected: 0, Rejected reasons: [], Flow id: 1234 
+action_result.message | string |  |   Total benign: 1, Total unknown: 0, Total no threat: 0, Total suspicious: 0, Total likely malicious: 0, Total malicious: 0, Total rejected: 0, Rejected reasons: [], Flow id: 1234 
 summary.total_objects | numeric |  |   2 
 summary.total_objects_successful | numeric |  |   2   
 
@@ -400,15 +400,15 @@ action_result.data.\*.tags.\*.tag.verdict.confidence | numeric |  |   1
 action_result.data.\*.tags.\*.tag.verdict.threatLevel | numeric |  |   0.75 
 action_result.data.\*.tags.\*.tag.verdict.verdict | string |  |   BENIGN 
 action_result.data.\*.updated_date | string |  |   02/14/2023, 02:34:51 
-action_result.data.\*.verdict | string |  |   informational 
+action_result.data.\*.verdict | string |  |   no_threat 
 action_result.summary.available_report_count | numeric |  |   3 
 action_result.summary.total_benign | numeric |  |   3 
-action_result.summary.total_informational | numeric |  |   3 
+action_result.summary.total_no_threat | numeric |  |   3 
 action_result.summary.total_likely_malicious | numeric |  |   3 
 action_result.summary.total_malicious | numeric |  |   3 
 action_result.summary.total_suspicious | numeric |  |   3 
 action_result.summary.total_unknown | numeric |  |   3 
-action_result.message | string |  |   Total benign: 0, Total unknown: 0, Total informational: 0, Total suspicious: 2, Total likely malicious: 0, Total malicious: 0, Available report count: 5 
+action_result.message | string |  |   Total benign: 0, Total unknown: 0, Total no threat: 0, Total suspicious: 2, Total likely malicious: 0, Total malicious: 0, Available report count: 5 
 summary.total_objects | numeric |  |   2 
 summary.total_objects_successful | numeric |  |   2   
 
@@ -434,7 +434,7 @@ action_result.data.\*.filescan_reports.\*.report_date | string |  |   2023-05-25
 action_result.data.\*.filescan_reports.\*.report_id | string |  |   00000000-aaaa-aaaa-aaaa-aaaaaaaaaaaa 
 action_result.data.\*.filescan_reports.\*.verdict | string |  |   malicious 
 action_result.data.\*.fuzzyhash.hash | string |  |   0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqr 
-action_result.data.\*.fuzzyhash.verdict | string |  |   informational 
+action_result.data.\*.fuzzyhash.verdict | string |  |   no_threat 
 action_result.data.\*.mdcloud.detected_av_engines | numeric |  |   30 
 action_result.data.\*.mdcloud.scan_time | string |  |   2023-05-25T01:15:45.789000 
 action_result.data.\*.mdcloud.total_av_engines | numeric |  |   30 

diff --git a/metadefender_sandbox_connector.py b/metadefender_sandbox_connector.py
@@ -207,7 +207,7 @@ def _poll_result(self, action_result, flow_id):
                     summary = {
                         "total_benign": 0,
                         "total_unknown": 0,
-                        "total_informational": 0,
+                        "total_no_threat": 0,
                         "total_suspicious": 0,
                         "total_likely_malicious": 0,
                         "total_malicious": 0,
@@ -223,6 +223,8 @@ def _poll_result(self, action_result, flow_id):
                             .get("verdict", "unknown")
                             .lower()
                         )
+                        if verdict == "informational":
+                            verdict = "no_threat"
                         summary[f"total_{verdict}"] += 1
 
                     rejected = response_data.get("rejected_files", None)
@@ -464,7 +466,7 @@ def _handle_search_terms(self, param):
             summary = {
                 "total_benign": 0,
                 "total_unknown": 0,
-                "total_informational": 0,
+                "total_no_threat": 0,
                 "total_suspicious": 0,
                 "total_likely_malicious": 0,
                 "total_malicious": 0,
@@ -474,6 +476,9 @@ def _handle_search_terms(self, param):
                 for item in items:
                     action_result.add_data(item)
                     verdict = item.get("verdict", "unknown").lower()
+                    if verdict == "informational":
+                        verdict = "no_threat"
+
                     summary[f"total_{verdict}"] += 1
                 summary_data.update(summary)
                 self.save_progress(f"{len(items)} results were found!")
@@ -662,20 +667,24 @@ def finalize(self):
 
 def main():
     import argparse
+    import sys
 
     argparser = argparse.ArgumentParser()
 
     argparser.add_argument("input_test_json", help="Input Test JSON file")
     argparser.add_argument("-u", "--username", help="username", required=False)
     argparser.add_argument("-p", "--password", help="password", required=False)
+    argparser.add_argument("-v", "--verify", action="store_true", help="verify", required=False, default=False)
 
     args = argparser.parse_args()
     session_id = None
 
     username = args.username
     password = args.password
+    verify = args.verify
 
     if username is not None and password is None:
+
         # User specified a username but not a password, so ask
         import getpass
 
@@ -686,7 +695,7 @@ def main():
             login_url = MetaDefenderSandboxConnector._get_phantom_base_url() + "/login"
 
             print("Accessing the Login page")
-            r = requests.get(login_url, verify=False)
+            r = requests.get(login_url, verify=verify)
             csrftoken = r.cookies["csrftoken"]
 
             data = dict()
@@ -699,11 +708,11 @@ def main():
             headers["Referer"] = login_url
 
             print("Logging into Platform to get the session id")
-            r2 = requests.post(login_url, verify=False, data=data, headers=headers)
+            r2 = requests.post(login_url, verify=verify, data=data, headers=headers)
             session_id = r2.cookies["sessionid"]
         except Exception as e:
             print("Unable to get session id from the platform. Error: " + str(e))
-            exit(1)
+            sys.exit(1)
 
     with open(args.input_test_json) as f:
         in_json = f.read()
@@ -720,7 +729,7 @@ def main():
         ret_val = connector._handle_action(json.dumps(in_json), None)
         print(json.dumps(json.loads(ret_val), indent=4))
 
-    exit(0)
+    sys.exit(0)
 
 
 if __name__ == "__main__":

diff --git a/metadefendersandbox.json b/metadefendersandbox.json
@@ -19,11 +19,11 @@
         }
     ],
     "license": "Copyright (c) OPSWAT, 2024",
-    "app_version": "1.2.0",
+    "app_version": "1.2.1",
     "utctime_updated": "2023-05-12T18:00:17.655821Z",
     "package_name": "phantom_metadefendersandbox",
     "main_module": "metadefender_sandbox_connector.py",
-    "min_phantom_version": "6.1.1",
+    "min_phantom_version": "6.2.1",
     "app_wizard_version": "1.0.0",
     "fips_compliant": true,
     "latest_tested_versions": [
@@ -248,7 +248,7 @@
                     "data_path": "action_result.data.*.allSignalGroups.*.verdict.verdict",
                     "data_type": "string",
                     "example_values": [
-                        "INFORMATIONAL"
+                        "NO_THREAT"
                     ]
                 },
                 {
@@ -844,7 +844,7 @@
                     ]
                 },
                 {
-                    "data_path": "action_result.summary.total_informational",
+                    "data_path": "action_result.summary.total_no_threat",
                     "data_type": "numeric",
                     "example_values": [
                         3
@@ -889,7 +889,7 @@
                     "data_path": "action_result.message",
                     "data_type": "string",
                     "example_values": [
-                        "Total benign: 1, Total unknown: 0, Total informational: 0, Total suspicious: 0, Total likely malicious: 0, Total malicious: 0, Total rejected: 0, Rejected reasons: [], Flow id: 1234"
+                        "Total benign: 1, Total unknown: 0, Total no threat: 0, Total suspicious: 0, Total likely malicious: 0, Total malicious: 0, Total rejected: 0, Rejected reasons: [], Flow id: 1234"
                     ]
                 },
                 {
@@ -1086,7 +1086,7 @@
                     "data_path": "action_result.data.*.allSignalGroups.*.verdict.verdict",
                     "data_type": "string",
                     "example_values": [
-                        "INFORMATIONAL"
+                        "NO_THREAT"
                     ]
                 },
                 {
@@ -1682,7 +1682,7 @@
                     ]
                 },
                 {
-                    "data_path": "action_result.summary.total_informational",
+                    "data_path": "action_result.summary.total_no_threat",
                     "data_type": "numeric",
                     "example_values": [
                         3
@@ -1727,7 +1727,7 @@
                     "data_path": "action_result.message",
                     "data_type": "string",
                     "example_values": [
-                        "Total benign: 1, Total unknown: 0, Total informational: 0, Total suspicious: 0, Total likely malicious: 0, Total malicious: 0, Total rejected: 0, Rejected reasons: [], Flow id: 1234"
+                        "Total benign: 1, Total unknown: 0, Total no threat: 0, Total suspicious: 0, Total likely malicious: 0, Total malicious: 0, Total rejected: 0, Rejected reasons: [], Flow id: 1234"
                     ]
                 },
                 {
@@ -2006,7 +2006,7 @@
                     "data_path": "action_result.data.*.verdict",
                     "data_type": "string",
                     "example_values": [
-                        "informational"
+                        "no_threat"
                     ]
                 },
                 {
@@ -2024,7 +2024,7 @@
                     ]
                 },
                 {
-                    "data_path": "action_result.summary.total_informational",
+                    "data_path": "action_result.summary.total_no_threat",
                     "data_type": "numeric",
                     "example_values": [
                         3
@@ -2062,7 +2062,7 @@
                     "data_path": "action_result.message",
                     "data_type": "string",
                     "example_values": [
-                        "Total benign: 0, Total unknown: 0, Total informational: 0, Total suspicious: 2, Total likely malicious: 0, Total malicious: 0, Available report count: 5"
+                        "Total benign: 0, Total unknown: 0, Total no threat: 0, Total suspicious: 2, Total likely malicious: 0, Total malicious: 0, Available report count: 5"
                     ]
                 },
                 {
@@ -2158,7 +2158,7 @@
                     "data_path": "action_result.data.*.fuzzyhash.verdict",
                     "data_type": "string",
                     "example_values": [
-                        "informational"
+                        "no_threat"
                     ]
                 },
                 {

diff --git a/release_notes/1.2.1.md b/release_notes/1.2.1.md
@@ -0,0 +1 @@
+* Changed the verdict from 'INFORMATIONAL' to 'NO_THREAT'.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		* Changed the verdict from 'INFORMATIONAL' to 'NO_THREAT'.