From 7a57855c9122c15d7fbb9e902ae9d1a959070417 Mon Sep 17 00:00:00 2001 From: Jon Penwood Date: Wed, 28 Apr 2021 15:00:24 -0500 Subject: [PATCH 1/3] Updated to support the community api if no api key is provided --- README.md | 2 +- config/config.js | 3 +- integration.js | 189 +++++++-- templates/gn-block.hbs | 893 ++++++++++++++++++++------------------- templates/gn-summary.hbs | 12 + 5 files changed, 638 insertions(+), 461 deletions(-) diff --git a/README.md b/README.md index 83bedf7..7b152fb 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ To learn more about GreyNoise, please visit the [official website](https://greyn URL for Api access to Greynoise ### GreyNoise Api Key -Accounts api key used to access GreyNoise Api. +Accounts api key used to access GreyNoise Api. If no API Key is entered, we will default to using the GreyNoise Community API to search. ### Ignore IPs that have not been seen If set to true, IPs that have not been seen by Greynoise will not be displayed in the Polarity Overlay window. diff --git a/config/config.js b/config/config.js index ffd877b..4d6c402 100644 --- a/config/config.js +++ b/config/config.js @@ -102,7 +102,8 @@ module.exports = { { key: 'apiKey', name: 'API Key', - description: 'GreyNoise API Key', + description: + 'Accounts api key used to access GreyNoise Api. If no API Key is entered, we will default to using the GreyNoise Community API to search.', default: '', type: 'password', userCanEdit: true, diff --git a/integration.js b/integration.js index e97834e..88eccdd 100644 --- a/integration.js +++ b/integration.js @@ -43,35 +43,56 @@ function startup(logger) { } function doLookup(entities, options, cb) { + Logger.trace({ entities }); + + if(!options.apiKey) { + useGreynoiseCommunityApi(entities, options, cb); + } else { + useGreynoiseStandardApi(entities, options, cb); + } +} + +const useGreynoiseCommunityApi = (entities, options, cb) => { let lookupResults = []; let tasks = []; - Logger.trace({ entities }); - entities.forEach((entity) => { - Logger.trace({ uri: options }, 'Request URI'); - - tasks.push(function(done) { - if(entity.isIP) { - getIpData(entity, options, done); - - } else if (entity.type === 'cve') { - getCveData(entity, options, done) - } else { - done({err: 'Unsupported entity type'}) - } + let requestOptions = { + method: 'GET', + uri: 'https://api.greynoise.io/v3/community/' + entity.value, + headers: { + 'User-Agent': `greynoise-community-polarity-integration-v${packageVersion}` + }, + json: true + }; + + Logger.trace({ requestOptions }, 'Request Options'); + + tasks.push(function (done) { + requestWithDefaults(requestOptions, function (error, res, body) { + let processedResult = handleRestError(error, entity, res, body); + + if (processedResult.error) { + done(processedResult); + return; + } + + done(null, processedResult); + }); }); }); async.parallelLimit(tasks, MAX_PARALLEL_LOOKUPS, (err, results) => { - if (err) return cb(err); + if (err) { + Logger.error({ err: err }, 'Error'); + cb(err); + return; + } results.forEach((result) => { - if ( - (result.body === null || (Array.isArray(result.body) && result.body.length === 0)) && - !(result.riotBody && result.riotBody.riot) && - !(result.statBody && result.statBody.count > 0) - ) { + if (options.maliciousOnly === true && getIsMalicious(result) === false) return; + + if (result.body === null || result.body.length === 0) { lookupResults.push({ entity: result.entity, data: null @@ -81,16 +102,122 @@ function doLookup(entities, options, cb) { entity: result.entity, data: { summary: [], - details: { ...result.body, ...result.riotBody, ...result.statBody } + details: result.body } }); } }); + Logger.debug({ lookupResults }, 'Results'); cb(null, lookupResults); }); +}; + +function handleRestError(error, entity, res, body) { + let result; + + if (error) { + return { + error: error, + detail: 'HTTP Request Error' + }; + } + + if (res.statusCode === 200) { + // we got data! + result = { + entity: entity, + body: body + }; + } else if (res.statusCode === 400) { + if (body.message.includes('Request is not a valid routable IPv4 address')) { + result = { + entity: entity, + body: null + }; + } else { + result = { + error: 'Bad Request', + detail: body.message + }; + } + } else if (res.statusCode === 404) { + // "IP not observed scanning the internet or contained in RIOT data set." + result = { + entity: entity, + body: null + }; + } else if (res.statusCode === 429) { + result = { + error: 'Too Many Requests', + detail: body.message + }; + } else { + result = { + error: 'Unexpected Error', + statusCode: res ? res.statusCode : 'Unknown', + detail: 'An unexpected error occurred', + body + }; + } + + return result; } +function getIsMalicious(result) { + if (result.body && result.body.classification && result.body.classification === 'malicious') { + return true; + } else { + return false; + } +} + +const useGreynoiseStandardApi = (entities, options, cb) => { +let lookupResults = []; +let tasks = []; + +entities.forEach((entity) => { + Logger.trace({ uri: options }, 'Request URI'); + + tasks.push(function (done) { + if (entity.isIP) { + getIpData(entity, options, done); + } else if (entity.type === 'cve') { + getCveData(entity, options, done); + } else { + done({ err: 'Unsupported entity type' }); + } + }); +}); + +async.parallelLimit(tasks, MAX_PARALLEL_LOOKUPS, (err, results) => { + if (err) return cb(err); + + results.forEach((result) => { + if ( + (result.body === null || (Array.isArray(result.body) && result.body.length === 0)) && + !(result.riotBody && result.riotBody.riot) && + !(result.statBody && result.statBody.count > 0) + ) { + lookupResults.push({ + entity: result.entity, + data: null + }); + } else { + lookupResults.push({ + entity: result.entity, + data: { + summary: [], + details: { ...result.body, ...result.riotBody, ...result.statBody } + } + }); + } + }); + + cb(null, lookupResults); +}); +}; + const getIpData = (entity, options, done) => { let noiseContextRequestOptions = { method: 'GET', @@ -312,21 +439,15 @@ const processGnqlStatsRequestResults = (options, res, statBody, gnqlResult, done }; function validateOptions(userOptions, cb) { - let errors = []; - if ( - typeof userOptions.apiKey.value !== 'string' || - (typeof userOptions.apiKey.value === 'string' && userOptions.apiKey.value.length === 0) - ) { - errors.push({ - key: 'apiKey', - message: 'You must provide a valid API key' - }); - } - cb(null, errors); + const urlError = userOptions.url.value && userOptions.url.value.endsWith('/') + ? [{ key: 'url', message: 'Your Url must not end with "/".' }] + : []; + + cb(null, urlError); } module.exports = { - doLookup: doLookup, - startup: startup, - validateOptions: validateOptions + doLookup, + startup, + validateOptions }; diff --git a/templates/gn-block.hbs b/templates/gn-block.hbs index 77b0484..040cfc0 100644 --- a/templates/gn-block.hbs +++ b/templates/gn-block.hbs @@ -1,450 +1,199 @@ -
- {{#if (and details.seen details.ip)}} -
- (Pivot To GreyNoise Visualizer) -
- {{/if}} - {{#unless (or details.seen details.riot details.data)}} - {{#if (eq block.entity.type "cve")}} - No IP Addresses have been associated with this CVE - {{else}} - IP Address has not been seen - {{/if}} - {{/unless}} - {{#if details.seen}} -

- {{fa-icon "eye" fixedWidth=true}} Context Information -

- {{/if}} - {{#if details.seen}} -
- Seen: - {{details.seen}} -
- {{/if}} - {{#if (and details.classification (not (eq details.classification "unknown")))}} -
- Classification: - {{details.classification}} -
- {{/if}} - {{#if details.first_seen}} -
- First Seen: - {{details.first_seen}} -
- {{/if}} - {{#if details.last_seen}} -
- Last Seen: - {{details.last_seen}} -
- {{/if}} - {{#if (and details.actor (not (eq details.actor "unknown")))}} -
- Actor: - {{details.actor}} -
- {{/if}} - {{#if (and details.cve details.cve.length)}} -
- CVEs: - - {{#each details.cve as |cve index|}} - {{cve}}{{#if (not (eq (sub details.cve.length 1) index))}}, {{/if}} - {{/each}} - -
- {{/if}} - - {{#if details.riot}} -
- {{fa-icon "asterisk" fixedWidth=true}} RIOT Information (Pivot To GreyNoise RIOT) -
- {{#if details.name}} +{{#if (and details block.userOptions.apiKey)}} +
+ {{#if (and details.seen details.ip)}}
- Name: - {{details.name}} + (Pivot To GreyNoise Visualizer)
{{/if}} - {{#if details.category}} + {{#unless (or details.seen details.riot details.data)}} + {{#if (eq block.entity.type "cve")}} + No IP Addresses have been associated with this CVE + {{else}} + IP Address has not been seen + {{/if}} + {{/unless}} + {{#if details.seen}} +

+ {{fa-icon "eye" fixedWidth=true}} Context Information +

+ {{/if}} + {{#if details.seen}}
- Category: - {{details.category}} + Seen: + {{details.seen}}
{{/if}} - {{#if details.description}} + {{#if (and details.classification (not (eq details.classification "unknown")))}}
- Description: -
{{details.description}}
+ Classification: + {{details.classification}}
{{/if}} - {{#if details.explanation}} + {{#if details.first_seen}}
- Explanation: -
{{details.explanation}}
+ First Seen: + {{details.first_seen}}
{{/if}} - {{#if details.last_updated}} + {{#if details.last_seen}}
- Last Updated: - {{details.last_updated}} + Last Seen: + {{details.last_seen}}
{{/if}} - {{#if details.reference}} + {{#if (and details.actor (not (eq details.actor "unknown")))}}
- Reference: - {{details.reference}} + Actor: + {{details.actor}}
{{/if}} - {{/if}} - {{#if details.tags}} -
- {{fa-icon "tag" fixedWidth=true}} Tags -
-
- {{#each showTags as |tag|}} - {{tag}} - {{/each}} - {{#if (gte tags.length 3)}} - {{#if showAllTags}} - - {{else}} - - {{/if}} - {{/if}} -
- {{/if}} - - {{#if details.metadata}} -

- {{fa-icon "table" fixedWidth=true}} Metadata -

- {{/if}} - - {{#if details.metadata.country}} -
- Country: - {{details.metadata.country}} -
- {{/if}} - {{#if details.metadata.country_code}} -
- Country Code: - {{details.metadata.country_code}} -
- {{/if}} - {{#if details.metadata.city}} -
- City: - {{details.metadata.city}} -
- {{/if}} - {{#if details.metadata.organization}} -
- Organization: - {{details.metadata.organization}} -
- {{/if}} - {{#if details.metadata.rdns}} -
- RDNS: - {{details.metadata.rdns}} -
- {{/if}} - {{#if details.metadata.asn}} -
- ASN: - {{details.metadata.asn}} -
- {{/if}} - {{#if details.metadata.tor}} -
- TOR Node?: - {{details.metadata.tor}} -
- {{/if}} - {{#if details.metadata.os}} -
- Operating System: - {{details.metadata.os}} -
- {{/if}} - {{#if details.metadata.category}} -
- Category: - {{details.metadata.category}} -
- {{/if}} - - {{#if details.raw_data}} -

- {{fa-icon "info" fixedWidth=true}} Raw Data ({{rawDataLength}}) - {{#if rawDataOpen}} - {{fa-icon "chevron-up" size="sm" fixedWidth=true}} - {{else}} - {{fa-icon "chevron-down" size="sm" fixedWidth=true}} - {{/if}} -

- {{#if rawDataOpen}} - {{#if details.raw_data.scan}} - {{#each details.raw_data.scan as |scan|}} - {{#if (and scan.port scan.protocol)}} -
- Port / Protocol: - {{scan.port}} / {{scan.protocol}} -
- {{/if}} - {{/each}} - {{/if}} - {{#if details.raw_data.web}} - {{#each details.raw_data.web.paths as |path|}} -
- Path: - {{path}} -
- {{/each}} - {{/if}} - {{#if details.raw_data.web.useragents}} - {{#each details.raw_data.web.useragents as |ua|}} -
- User Agent: - {{ua}} -
- {{/each}} - {{/if}} - {{#if details.raw_data.ja3}} - {{#each details.raw_data.ja3 as |ja3|}} - {{#if (and ja3.fingerprint ja3.port)}} -
- Fingerprint / Port: - {{ja3.fingerprint}} / {{ja3.port}} -
- {{/if}} - {{/each}} - {{/if}} - {{/if}} - {{/if}} - - - {{#if details.stats}} - {{#if (and details.data.length (eq block.entity.type "cve"))}} + {{#if (and details.cve details.cve.length)}}
- - (Pivot To GreyNoise Visualizer) - + CVEs: + + {{#each details.cve as |cve index|}} + {{cve}}{{#if (not (eq (sub details.cve.length 1) index))}}, {{/if}} + {{/each}} +
{{/if}} - - {{#if (and details.stats.countries details.stats.countries.length)}} -

- {{fa-icon "globe" fixedWidth=true}} Countries -

- {{#each details.stats.countries as |country|}} -
- {{country.country}}: - {{country.count}} -
- {{/each}} - {{/if}} - - {{#if (and details.stats.classifications details.stats.classifications.length)}} -

- {{fa-icon "puzzle-piece" fixedWidth=true}} Classifications -

- {{#each details.stats.classifications as |classification|}} -
- {{capitalize classification.classification}}: - {{classification.count}} -
- {{/each}} - {{/if}} - - {{#if (and details.stats.spoofable details.stats.spoofable.length)}} -

- {{fa-icon "user-secret" fixedWidth=true}} Spoofable -

- {{#each details.stats.spoofable as |spoofable|}} -
- {{if spoofable.spoofable "True" "False"}}: - {{spoofable.count}} -
- {{/each}} - {{/if}} - - {{#if (and details.stats.tags details.stats.tags.length)}} -

- {{fa-icon "tag" fixedWidth=true}} Tags -

- {{#each details.stats.tags as |tag|}} -
- {{tag.tag}}: - {{tag.count}} -
- {{/each}} - {{/if}} - {{#if (and details.stats.operating_systems details.stats.operating_systems.length)}} -

- {{fa-icon "cog" fixedWidth=true}} Operating Systems -

- {{#each details.stats.operating_systems as |operating_system|}} -
- {{operating_system.operating_system}}: - {{operating_system.count}} -
- {{/each}} - {{/if}} - {{/if}} - - {{#if (and details.data details.data.length)}} -

- {{fa-icon "eye" fixedWidth=true}} IPs -

- {{/if}} - {{#each details.data as |detail index|}} - {{#if (get expandableTitleStates index)}} - - IP: {{detail.ip}} {{fa-icon "angle-up"}} - - - {{#if (and detail.seen detail.ip)}} -
- (Pivot To GreyNoise Visualizer) -
- {{/if}} - {{#if detail.seen}} -

- {{fa-icon "eye" fixedWidth=true}} Context Information -

- {{/if}} - {{#if detail.seen}} + {{#if details.riot}} +
+ {{fa-icon "asterisk" fixedWidth=true}} RIOT Information (Pivot To GreyNoise RIOT) +
+ {{#if details.name}}
- Seen: - {{detail.seen}} + Name: + {{details.name}}
{{/if}} - {{#if (and detail.classification (not (eq detail.classification "unknown")))}} + {{#if details.category}}
- Classification: - {{detail.classification}} + Category: + {{details.category}}
{{/if}} - {{#if detail.first_seen}} + {{#if details.description}}
- First Seen: - {{detail.first_seen}} + Description: +
{{details.description}}
{{/if}} - {{#if detail.last_seen}} + {{#if details.explanation}}
- Last Seen: - {{detail.last_seen}} + Explanation: +
{{details.explanation}}
{{/if}} - {{#if (and detail.actor (not (eq detail.actor "unknown")))}} + {{#if details.last_updated}}
- Actor: - {{detail.actor}} + Last Updated: + {{details.last_updated}}
{{/if}} - {{#if (and detail.cve detail.cve.length)}} + {{#if details.reference}}
- CVEs: - - {{#each detail.cve as |cve index|}} - {{cve}}{{#if (not (eq (sub detail.cve.length 1) index))}}, {{/if}} - {{/each}} - -
- {{/if}} - - {{#if detail.tags}} -
- {{fa-icon "tag" fixedWidth=true}} Tags -
-
- {{#each detail.tags as |tag|}} - {{tag}} - {{/each}} + Reference: + {{details.reference}}
{{/if}} + {{/if}} + {{#if details.tags}} +
+ {{fa-icon "tag" fixedWidth=true}} Tags +
+
+ {{#each showTags as |tag|}} + {{tag}} + {{/each}} + {{#if (gte tags.length 3)}} + {{#if showAllTags}} + + {{else}} + + {{/if}} + {{/if}} +
+ {{/if}} - {{#if detail.metadata}} -

- {{fa-icon "table" fixedWidth=true}} Metadata -

- {{/if}} + {{#if details.metadata}} +

+ {{fa-icon "table" fixedWidth=true}} Metadata +

+ {{/if}} - {{#if detail.metadata.country}} -
- Country: - {{detail.metadata.country}} -
- {{/if}} - {{#if detail.metadata.country_code}} -
- Country Code: - {{detail.metadata.country_code}} -
- {{/if}} - {{#if detail.metadata.city}} -
- City: - {{detail.metadata.city}} -
- {{/if}} - {{#if detail.metadata.organization}} -
- Organization: - {{detail.metadata.organization}} -
- {{/if}} - {{#if detail.metadata.rdns}} -
- RDNS: - {{detail.metadata.rdns}} -
- {{/if}} - {{#if detail.metadata.asn}} -
- ASN: - {{detail.metadata.asn}} -
- {{/if}} - {{#if detail.metadata.tor}} -
- TOR Node?: - {{detail.metadata.tor}} -
- {{/if}} - {{#if detail.metadata.os}} -
- Operating System: - {{detail.metadata.os}} -
- {{/if}} - {{#if detail.metadata.category}} -
- Category: - {{detail.metadata.category}} -
- {{/if}} + {{#if details.metadata.country}} +
+ Country: + {{details.metadata.country}} +
+ {{/if}} + {{#if details.metadata.country_code}} +
+ Country Code: + {{details.metadata.country_code}} +
+ {{/if}} + {{#if details.metadata.city}} +
+ City: + {{details.metadata.city}} +
+ {{/if}} + {{#if details.metadata.organization}} +
+ Organization: + {{details.metadata.organization}} +
+ {{/if}} + {{#if details.metadata.rdns}} +
+ RDNS: + {{details.metadata.rdns}} +
+ {{/if}} + {{#if details.metadata.asn}} +
+ ASN: + {{details.metadata.asn}} +
+ {{/if}} + {{#if details.metadata.tor}} +
+ TOR Node?: + {{details.metadata.tor}} +
+ {{/if}} + {{#if details.metadata.os}} +
+ Operating System: + {{details.metadata.os}} +
+ {{/if}} + {{#if details.metadata.category}} +
+ Category: + {{details.metadata.category}} +
+ {{/if}} - {{#if detail.raw_data}} -

- {{fa-icon "info" fixedWidth=true}} Raw Data -

- {{#if detail.raw_data.scan}} - {{#each detail.raw_data.scan as |scan|}} + {{#if details.raw_data}} +

+ {{fa-icon "info" fixedWidth=true}} Raw Data ({{rawDataLength}}) + {{#if rawDataOpen}} + {{fa-icon "chevron-up" size="sm" fixedWidth=true}} + {{else}} + {{fa-icon "chevron-down" size="sm" fixedWidth=true}} + {{/if}} +

+ {{#if rawDataOpen}} + {{#if details.raw_data.scan}} + {{#each details.raw_data.scan as |scan|}} {{#if (and scan.port scan.protocol)}}
Port / Protocol: @@ -453,24 +202,24 @@ {{/if}} {{/each}} {{/if}} - {{#if detail.raw_data.web}} - {{#each detail.raw_data.web.paths as |path|}} + {{#if details.raw_data.web}} + {{#each details.raw_data.web.paths as |path|}}
Path: {{path}}
{{/each}} {{/if}} - {{#if detail.raw_data.web.useragents}} - {{#each detail.raw_data.web.useragents as |ua|}} + {{#if details.raw_data.web.useragents}} + {{#each details.raw_data.web.useragents as |ua|}}
User Agent: {{ua}}
{{/each}} {{/if}} - {{#if detail.raw_data.ja3}} - {{#each detail.raw_data.ja3 as |ja3|}} + {{#if details.raw_data.ja3}} + {{#each details.raw_data.ja3 as |ja3|}} {{#if (and ja3.fingerprint ja3.port)}}
Fingerprint / Port: @@ -480,19 +229,313 @@ {{/each}} {{/if}} {{/if}} - {{else}} - - {{detail.ip}} {{fa-icon "angle-down"}} - {{/if}} - {{/each}} - {{#if (eq details.data.length 10)}} - - {{/if}} -
+ + + {{#if details.stats}} + {{#if (and details.data.length (eq block.entity.type "cve"))}} +
+ + (Pivot To GreyNoise Visualizer) + +
+ {{/if}} + + {{#if (and details.stats.countries details.stats.countries.length)}} +

+ {{fa-icon "globe" fixedWidth=true}} Countries +

+ {{#each details.stats.countries as |country|}} +
+ {{country.country}}: + {{country.count}} +
+ {{/each}} + {{/if}} + + {{#if (and details.stats.classifications details.stats.classifications.length)}} +

+ {{fa-icon "puzzle-piece" fixedWidth=true}} Classifications +

+ {{#each details.stats.classifications as |classification|}} +
+ {{capitalize classification.classification}}: + {{classification.count}} +
+ {{/each}} + {{/if}} + + {{#if (and details.stats.spoofable details.stats.spoofable.length)}} +

+ {{fa-icon "user-secret" fixedWidth=true}} Spoofable +

+ {{#each details.stats.spoofable as |spoofable|}} +
+ {{if spoofable.spoofable "True" "False"}}: + {{spoofable.count}} +
+ {{/each}} + {{/if}} + + {{#if (and details.stats.tags details.stats.tags.length)}} +

+ {{fa-icon "tag" fixedWidth=true}} Tags +

+ {{#each details.stats.tags as |tag|}} +
+ {{tag.tag}}: + {{tag.count}} +
+ {{/each}} + {{/if}} + + {{#if (and details.stats.operating_systems details.stats.operating_systems.length)}} +

+ {{fa-icon "cog" fixedWidth=true}} Operating Systems +

+ {{#each details.stats.operating_systems as |operating_system|}} +
+ {{operating_system.operating_system}}: + {{operating_system.count}} +
+ {{/each}} + {{/if}} + {{/if}} + + {{#if (and details.data details.data.length)}} +

+ {{fa-icon "eye" fixedWidth=true}} IPs +

+ {{/if}} + {{#each details.data as |detail index|}} + {{#if (get expandableTitleStates index)}} + + IP: {{detail.ip}} {{fa-icon "angle-up"}} + + + {{#if (and detail.seen detail.ip)}} +
+ (Pivot To GreyNoise Visualizer) +
+ {{/if}} + {{#if detail.seen}} +

+ {{fa-icon "eye" fixedWidth=true}} Context Information +

+ {{/if}} + {{#if detail.seen}} +
+ Seen: + {{detail.seen}} +
+ {{/if}} + {{#if (and detail.classification (not (eq detail.classification "unknown")))}} +
+ Classification: + {{detail.classification}} +
+ {{/if}} + {{#if detail.first_seen}} +
+ First Seen: + {{detail.first_seen}} +
+ {{/if}} + {{#if detail.last_seen}} +
+ Last Seen: + {{detail.last_seen}} +
+ {{/if}} + {{#if (and detail.actor (not (eq detail.actor "unknown")))}} +
+ Actor: + {{detail.actor}} +
+ {{/if}} + {{#if (and detail.cve detail.cve.length)}} +
+ CVEs: + + {{#each detail.cve as |cve index|}} + {{cve}}{{#if (not (eq (sub detail.cve.length 1) index))}}, {{/if}} + {{/each}} + +
+ {{/if}} + + {{#if detail.tags}} +
+ {{fa-icon "tag" fixedWidth=true}} Tags +
+
+ {{#each detail.tags as |tag|}} + {{tag}} + {{/each}} +
+ {{/if}} + + {{#if detail.metadata}} +

+ {{fa-icon "table" fixedWidth=true}} Metadata +

+ {{/if}} + + {{#if detail.metadata.country}} +
+ Country: + {{detail.metadata.country}} +
+ {{/if}} + {{#if detail.metadata.country_code}} +
+ Country Code: + {{detail.metadata.country_code}} +
+ {{/if}} + {{#if detail.metadata.city}} +
+ City: + {{detail.metadata.city}} +
+ {{/if}} + {{#if detail.metadata.organization}} +
+ Organization: + {{detail.metadata.organization}} +
+ {{/if}} + {{#if detail.metadata.rdns}} +
+ RDNS: + {{detail.metadata.rdns}} +
+ {{/if}} + {{#if detail.metadata.asn}} +
+ ASN: + {{detail.metadata.asn}} +
+ {{/if}} + {{#if detail.metadata.tor}} +
+ TOR Node?: + {{detail.metadata.tor}} +
+ {{/if}} + {{#if detail.metadata.os}} +
+ Operating System: + {{detail.metadata.os}} +
+ {{/if}} + {{#if detail.metadata.category}} +
+ Category: + {{detail.metadata.category}} +
+ {{/if}} + + {{#if detail.raw_data}} +

+ {{fa-icon "info" fixedWidth=true}} Raw Data +

+ {{#if detail.raw_data.scan}} + {{#each detail.raw_data.scan as |scan|}} + {{#if (and scan.port scan.protocol)}} +
+ Port / Protocol: + {{scan.port}} / {{scan.protocol}} +
+ {{/if}} + {{/each}} + {{/if}} + {{#if detail.raw_data.web}} + {{#each detail.raw_data.web.paths as |path|}} +
+ Path: + {{path}} +
+ {{/each}} + {{/if}} + {{#if detail.raw_data.web.useragents}} + {{#each detail.raw_data.web.useragents as |ua|}} +
+ User Agent: + {{ua}} +
+ {{/each}} + {{/if}} + {{#if detail.raw_data.ja3}} + {{#each detail.raw_data.ja3 as |ja3|}} + {{#if (and ja3.fingerprint ja3.port)}} +
+ Fingerprint / Port: + {{ja3.fingerprint}} / {{ja3.port}} +
+ {{/if}} + {{/each}} + {{/if}} + {{/if}} + {{else}} + + {{detail.ip}} {{fa-icon "angle-down"}} + + {{/if}} + {{/each}} + {{#if (eq details.data.length 10)}} +
+ ... See Remainder in GreyNoise +
+ {{/if}} +
+{{/if}} + +{{#if (and details (not block.userOptions.apiKey))}} + {{fa-icon "info" fixedWidth=true}} GreyNoise Community Results + {{#if details.ip}} +
+ IP: + {{details.ip}} {{fa-icon "external-link-square" class="external-link-icon"}} | VT {{fa-icon "external-link-square" class="external-link-icon"}}
+
+ {{/if}} + {{#if details.noise}} +
+ Noise: + {{details.noise}} +
+ {{/if}} + {{#if details.riot}} +
+ RIOT: + {{details.riot}} +
+ {{/if}} + {{#if details.classification}} +
+ Classification: + {{details.classification}} +
+ {{/if}} + {{#if details.name}} +
+ Name: + {{details.name}} +
+ {{/if}} + {{#if details.last_seen}} +
+ Last Seen: + {{details.last_seen}} +
+ {{/if}} + Get Started with GreyNoise Enterprise Here {{fa-icon "external-link-square" class="external-link-icon"}}
+{{/if}} \ No newline at end of file diff --git a/templates/gn-summary.hbs b/templates/gn-summary.hbs index 7ea8d9a..5cbda23 100644 --- a/templates/gn-summary.hbs +++ b/templates/gn-summary.hbs @@ -4,6 +4,18 @@ Classification: {{details.classification}} {{/if}} +{{#if (eq details.noise true)}} + + {{block.acronym}} + NOISE + +{{/if}} +{{#if (eq details.riot true)}} + + {{block.acronym}} + RIOT + +{{/if}} {{#if details.category}} {{block.acronym}} From e986d81c7ce0b6368c5fa89bff28ee294ebd9c9a Mon Sep 17 00:00:00 2001 From: Jon Penwood Date: Wed, 28 Apr 2021 15:01:46 -0500 Subject: [PATCH 2/3] Bumped package.json version property --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 2d7db71..d5e0716 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "main": "./integration.js", "name": "GreyNoise", - "version": "3.1.1-beta", + "version": "3.2.0-beta", "private": true, "dependencies": { "request": "^2.88.2", From 7b69bbcce4e181d3e38dd5ef07dafdc984086a0e Mon Sep 17 00:00:00 2001 From: Jon Penwood Date: Wed, 28 Apr 2021 17:07:26 -0500 Subject: [PATCH 3/3] Improved readme, and added community api limit message to link out to enterpise pricing link --- README.md | 6 +++--- config/config.js | 4 ++-- integration.js | 4 ++-- templates/gn-block.hbs | 9 +++++++-- templates/gn-summary.hbs | 6 ++++++ 5 files changed, 20 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 7b152fb..9189c15 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # Polarity GreyNoise Integration -The Polarity - GreyNoise integration searches IPs in GreyNoise for internet scan and attack activity related to indicators on your screen. The scan and attack activity is then displayed via the Polarity Overlay Window. +The Polarity - GreyNoise integration searches IPs in GreyNoise for internet scan and attack activity related to indicators on your screen. The scan and attack activity is then displayed via the Polarity Overlay Window, and we support the GreyNoise Community API out of the box if you do not already have an Enterpise API Key. ## IP Address Resuts
@@ -17,8 +17,8 @@ To learn more about GreyNoise, please visit the [official website](https://greyn ## GreyNoise Integration Options -### GreyNoise Url -URL for Api access to Greynoise +### GreyNoise Enterprise Url +The URL path to the Enterprise GreyNoise API you wish to use ### GreyNoise Api Key Accounts api key used to access GreyNoise Api. If no API Key is entered, we will default to using the GreyNoise Community API to search. diff --git a/config/config.js b/config/config.js index 4d6c402..397cfbc 100644 --- a/config/config.js +++ b/config/config.js @@ -92,8 +92,8 @@ module.exports = { options: [ { key: 'url', - name: 'GreyNoise URL', - description: 'The URL path to the GreyNoise API', + name: 'GreyNoise Enterprise URL', + description: 'The URL path to the Enterprise GreyNoise API you wish to use.', default: 'https://enterprise.api.greynoise.io/v2', type: 'text', userCanEdit: false, diff --git a/integration.js b/integration.js index 88eccdd..a4d0a25 100644 --- a/integration.js +++ b/integration.js @@ -149,8 +149,8 @@ function handleRestError(error, entity, res, body) { }; } else if (res.statusCode === 429) { result = { - error: 'Too Many Requests', - detail: body.message + entity: entity, + body: { limitHit: true } }; } else { result = { diff --git a/templates/gn-block.hbs b/templates/gn-block.hbs index 040cfc0..6db24e7 100644 --- a/templates/gn-block.hbs +++ b/templates/gn-block.hbs @@ -501,6 +501,12 @@ {{#if (and details (not block.userOptions.apiKey))}} {{fa-icon "info" fixedWidth=true}} GreyNoise Community Results + {{#if details.limitHit}} + Community API Limit Hit: + + {{/if}} {{#if details.ip}}
IP: @@ -536,6 +542,5 @@ Last Seen: {{details.last_seen}}
- {{/if}} - Get Started with GreyNoise Enterprise Here {{fa-icon "external-link-square" class="external-link-icon"}}
+ {{/if}} {{/if}} \ No newline at end of file diff --git a/templates/gn-summary.hbs b/templates/gn-summary.hbs index 5cbda23..587ee1b 100644 --- a/templates/gn-summary.hbs +++ b/templates/gn-summary.hbs @@ -10,6 +10,12 @@ NOISE {{/if}} +{{#if details.limitHit}} + + {{block.acronym}} + Community API Limit Hit + +{{/if}} {{#if (eq details.riot true)}} {{block.acronym}}