diff --git a/plugins/duo_admin/.CHECKSUM b/plugins/duo_admin/.CHECKSUM index 68eca0be81..67ebe691da 100644 --- a/plugins/duo_admin/.CHECKSUM +++ b/plugins/duo_admin/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "f47b7b4bc59db3b5f839955535a59660", - "manifest": "087aa32ede6b854cd63bda601038017a", - "setup": "6628c0c3a6eb2e3828cdcc104e0c08d2", + "spec": "4a94a77c37f17820e8768bb2850f6ee5", + "manifest": "672f0da4df4edb87ab669d69e435c5c7", + "setup": "8a8919e13bd1afe4849427d3dae6dbf4", "schemas": [ { "identifier": "add_user/schema.py", @@ -17,7 +17,7 @@ }, { "identifier": "get_logs/schema.py", - "hash": "ee359e5ea79a88b4597a5afaa739b793" + "hash": "3502cb177351d18ff8a31266a49db228" }, { "identifier": "get_phones_by_user_id/schema.py", @@ -49,7 +49,7 @@ }, { "identifier": "monitor_logs/schema.py", - "hash": "4119a8c82613406e16d830d7b48e0c86" + "hash": "26f03015b329bc573a7e6f3a688fb861" } ] } \ No newline at end of file diff --git a/plugins/duo_admin/Dockerfile b/plugins/duo_admin/Dockerfile index ec2b1d2937..12be6872d5 100644 --- a/plugins/duo_admin/Dockerfile +++ b/plugins/duo_admin/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.1.2 +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.2.2 LABEL organization=rapid7 LABEL sdk=python diff --git a/plugins/duo_admin/bin/komand_duo_admin b/plugins/duo_admin/bin/komand_duo_admin index bc35783421..884065b098 100755 --- a/plugins/duo_admin/bin/komand_duo_admin +++ b/plugins/duo_admin/bin/komand_duo_admin @@ -6,7 +6,7 @@ from sys import argv Name = "Duo Admin API" Vendor = "rapid7" -Version = "5.0.1" +Version = "5.0.2" Description = "[Duo](https://duo.com/)'s Trusted Access platform verifies the identity of your users with two-factor authentication and security health of their devices before they connect to the apps they use. Using the Duo plugin for InsightConnect will allow Duo user management within automation workflows" diff --git a/plugins/duo_admin/help.md b/plugins/duo_admin/help.md index eeb8315cdd..b665dc020a 100644 --- a/plugins/duo_admin/help.md +++ b/plugins/duo_admin/help.md @@ -175,73 +175,13 @@ Example output: ``` #### Get Authentication Logs - + This action is used to get auth logs, limited to past 180 days. -[Currentmillis.com](https://currentmillis.com/) is useful for finding a usable UNIX timestamp. - -Available inputs for parameters: - -* `factors` - a comma-separated list of factors, if left empty, the action returns the authentication logs for all factors used for an authentication attempt - * bypass_code - * digipass_go_7_token - * duo_mobile_passcode - * duo_push - * hardware_token - * not_available - * passcode - * phone_call - * remembered_device - * sms_passcode - * sms_refresh - * trusted_network - * u2f_token - * yubikey_code -* `reasons` - a comma-separated list of reasons, if left empty, the action returns the authentication logs for all reasons associated with an authentication attempt - * allow_unenrolled_user - * allow_unenrolled_user_on_trusted_network - * allowed_by_policy - * anomalous_push - * anonymous_ip - * bypass_user - * call_timed_out - * could_not_determine_if_endpoint_was_trusted - * denied_by_policy - * deny_unenrolled_user - * endpoint_failed_google_verification - * endpoint_is_not_in_management_system - * endpoint_is_not_trusted - * error - * factor_restricted - * invalid_device - * invalid_management_certificate_collection_state - * invalid_passcode - * invalid_referring_hostname_provided - * location_restricted - * locked_out - * no_activated_duo_mobile_account - * no_disk_encryption - * no_duo_certificate_present - * no_keys_pressed - * no_referring_hostname_provided - * no_response - * no_screen_lock - * no_web_referer_match - * out_of_date - * platform_restricted - * remembered_device - * rooted_device - * software_restricted - * touch_id_disabled - * trusted_location - * trusted_network - * user_approved - * user_cancelled - * user_disabled - * user_marked_fraud - * user_not_in_permitted_group - * user_provided_invalid_certificate - * valid_passcode - * version_restricted +[Currentmillis.com](https://currentmillis.com/) is +useful for finding a usable UNIX timestamp. + +Available inputs for parameters can be found in [Duo Admin API +docs](https://duo.com/docs/adminapi#logs:~:text=The%20factor%20or%20method%20used%20for%20an%20authentication%20attempt.%20One%20of%3A) ##### Input @@ -1006,10 +946,11 @@ Example output: ## Troubleshooting -Many actions in this plugin take a User ID as input. A User ID is not the username - instead it's a unique identifier e.g. DU9I6T0F7R2S1J4XZHHA. A User ID can be obtained by passing a username to the Get User Status action. +* Many actions in this plugin take a User ID as input. A User ID is not the username - instead it's a unique identifier e.g. DU9I6T0F7R2S1J4XZHHA. A User ID can be obtained by passing a username to the Get User Status action. # Version History +* 5.0.2 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities * 5.0.1 - Update to enable Plugin as FedRAMP ready | Update SDK (`6.1.2`) * 5.0.0 - Updated to include latest SDK v5.5.5 | Removing Unused fields from User Object * 4.4.2 - Updated to include latest SDK v5.4.9 | Task `Monitor Logs` updated to increase max lookback cutoff to 7 days diff --git a/plugins/duo_admin/komand_duo_admin/actions/get_logs/schema.py b/plugins/duo_admin/komand_duo_admin/actions/get_logs/schema.py index fc0983f6c7..1e93938303 100755 --- a/plugins/duo_admin/komand_duo_admin/actions/get_logs/schema.py +++ b/plugins/duo_admin/komand_duo_admin/actions/get_logs/schema.py @@ -4,7 +4,7 @@ class Component: - DESCRIPTION = "Get auth logs, limited to past 180 days" + DESCRIPTION = "This action is used to get auth logs, limited to past 180 days.[Currentmillis.com](https://currentmillis.com/) is useful for finding a usable UNIX timestamp.Available inputs for parameters can be found in [Duo Admin API docs](https://duo.com/docs/adminapi#logs:~:text=The%20factor%20or%20method%20used%20for%20an%20authentication%20attempt.%20One%20of%3A)" class Input: diff --git a/plugins/duo_admin/komand_duo_admin/tasks/monitor_logs/schema.py b/plugins/duo_admin/komand_duo_admin/tasks/monitor_logs/schema.py index a508e9878b..fc0dd65573 100755 --- a/plugins/duo_admin/komand_duo_admin/tasks/monitor_logs/schema.py +++ b/plugins/duo_admin/komand_duo_admin/tasks/monitor_logs/schema.py @@ -64,9 +64,7 @@ class MonitorLogsOutput(insightconnect_plugin_runtime.Output): "type": "array", "title": "Logs", "description": "List of administrator, authentication and trust monitor event logs within the specified time range", - "items": { - "type": "object" - }, + "items": {}, "required": [ "logs" ], diff --git a/plugins/duo_admin/plugin.spec.yaml b/plugins/duo_admin/plugin.spec.yaml index fbb05ea2ed..b63e28d6eb 100644 --- a/plugins/duo_admin/plugin.spec.yaml +++ b/plugins/duo_admin/plugin.spec.yaml @@ -11,7 +11,7 @@ status: [] supported_versions: ["Duo Admin API 2024-09-17"] sdk: type: full - version: 6.1.2 + version: 6.2.2 user: nobody description: "[Duo](https://duo.com/)'s Trusted Access platform verifies the identity of your users with two-factor authentication and security health of their devices before they connect to the apps they use. Using the Duo plugin for InsightConnect will allow Duo user management within automation workflows" @@ -29,7 +29,7 @@ key_features: requirements: - "Two secret keys - `integration key` and `secret key`" - "`API hostname`" -version: 5.0.1 +version: 5.0.2 connection_version: 4 resources: source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/duo_admin @@ -47,9 +47,10 @@ links: - "[Duo Security](https://duo.com/)" references: - "[Duo Admin API](https://duo.com/docs/adminapi)" -troubleshooting: "Many actions in this plugin take a User ID as input. A User ID is not the username - instead it's a unique identifier e.g. DU9I6T0F7R2S1J4XZHHA. A User ID can be obtained by passing a username to the Get User Status action." - +troubleshooting: + - "Many actions in this plugin take a User ID as input. A User ID is not the username - instead it's a unique identifier e.g. DU9I6T0F7R2S1J4XZHHA. A User ID can be obtained by passing a username to the Get User Status action." version_history: +- "5.0.2 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities" - "5.0.1 - Update to enable Plugin as FedRAMP ready | Update SDK (`6.1.2`)" - "5.0.0 - Updated to include latest SDK v5.5.5 | Removing Unused fields from User Object" - "4.4.2 - Updated to include latest SDK v5.4.9 | Task `Monitor Logs` updated to increase max lookback cutoff to 7 days" @@ -1074,7 +1075,7 @@ actions: example: { "alias1": "alias1", "alias2": "alias2", "alias3": "alias3", "alias4": "alias4", "aliases": { "alias1": "alias1", "alias2": "alias2", "alias3": "alias3", "alias4": "alias4" }, "created": 1684765611, "email": "user@example.com", "isEnrolled": false, "notes": "Example", "realname": "Example", "status": "active", "userId": "DUCUULF6HBMZ43IG9MBH", "username": "Example" } get_logs: title: Get Authentication Logs - description: Get auth logs, limited to past 180 days + description: "This action is used to get auth logs, limited to past 180 days.\n[Currentmillis.com](https://currentmillis.com/) is useful for finding a usable UNIX timestamp.\n\nAvailable inputs for parameters can be found in [Duo Admin API docs](https://duo.com/docs/adminapi#logs:~:text=The%20factor%20or%20method%20used%20for%20an%20authentication%20attempt.%20One%20of%3A)" input: mintime: title: Mintime diff --git a/plugins/duo_admin/setup.py b/plugins/duo_admin/setup.py index a964d66928..e89795d678 100644 --- a/plugins/duo_admin/setup.py +++ b/plugins/duo_admin/setup.py @@ -3,7 +3,7 @@ setup(name="duo_admin-rapid7-plugin", - version="5.0.1", + version="5.0.2", description="[Duo](https://duo.com/)'s Trusted Access platform verifies the identity of your users with two-factor authentication and security health of their devices before they connect to the apps they use. Using the Duo plugin for InsightConnect will allow Duo user management within automation workflows", author="rapid7", author_email="",