Release MS ATP 6.0.2 (#3025)

* SOAR-18473: Bump MS ATP to latest SDK image (#3016) * SOAR-18525: rename to defender for endpoint (#3043) * SOAR-18525 - missed links in rename (#3049) * SOAR-18525 - missed links in rename * SOAR-18525 - use latest SDK
rapid7 · Jan 21, 2025 · 6473284 · 6473284
1 parent ab87f91
commit 6473284
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 26 deletions.
diff --git a/plugins/microsoft_atp/.CHECKSUM b/plugins/microsoft_atp/.CHECKSUM
@@ -1,7 +1,7 @@
 {
-	"spec": "934e6a0e86aaf3bfeaf24c22d52b2f4f",
-	"manifest": "4702833d54d4ebd07beee1e4ac146a61",
-	"setup": "b11db1dff4ae3bd168fabd3691c4fd78",
+	"spec": "a042dbc96e9aab3886c0463b573a4654",
+	"manifest": "8f26bd28e949cfda8dfce9f0036777a3",
+	"setup": "9ceeb89f2b17b0f547706b3639287496",
 	"schemas": [
 		{
 			"identifier": "blacklist/schema.py",

diff --git a/plugins/microsoft_atp/Dockerfile b/plugins/microsoft_atp/Dockerfile
@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.1.2
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.2.3
 
 LABEL organization=rapid7
 LABEL sdk=python

diff --git a/plugins/microsoft_atp/bin/komand_microsoft_atp b/plugins/microsoft_atp/bin/komand_microsoft_atp
@@ -4,10 +4,10 @@ import os
 import json
 from sys import argv
 
-Name = "Microsoft Windows Defender ATP"
+Name = "Microsoft Defender for Endpoint"
 Vendor = "rapid7"
-Version = "6.0.0"
-Description = "The Windows Defender Advanced Threat Protection plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files"
+Version = "6.0.1"
+Description = "The Microsoft Defender for Endpoint plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files"
 
 
 def main():

diff --git a/plugins/microsoft_atp/help.md b/plugins/microsoft_atp/help.md
@@ -1,6 +1,6 @@
 # Description
 
-The Windows Defender Advanced Threat Protection plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files
+The Microsoft Defender for Endpoint plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files
 
 # Key Features
 
@@ -21,10 +21,6 @@ The Windows Defender Advanced Threat Protection plugin allows Rapid7 InsightConn
 
 ## Setup
 
-This plugin uses the Windows Defender ATP API. It will use an Azure application to connect to the API and run actions from InsightConnect.
-
-For information on how to setup your application and assign permissions go here:
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp
 The connection configuration accepts the following parameters:  
 
 |Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip|
@@ -1330,11 +1326,12 @@ Example output:
 
 
 ## Troubleshooting
-  
-*This plugin does not contain a troubleshooting.*
+
+* For information on how to setup your Azure application and assign permissions go [here](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp)
 
 # Version History
 
+* 6.0.1 - Update to latest SDK (v6.2.2) | Address vulnerabilities | Rebrand to `Microsoft Defender for Endpoint`
 * 6.0.0 - Updated SDK to the latest version | Initial updates for fedramp compliance
 * 5.2.0 - Add new action: Update Alert
 * 5.1.0 - Adding the following as new action types to `blacklist` action ['Warn', 'Block', 'Audit'] | Add a new flag in the `blacklist` action to toggle generateAlerts flag | Bump SDK to version 5.4.9
@@ -1364,9 +1361,9 @@ Example output:
 
 # Links
 
-* [Windows Defender ATP](https://www.microsoft.com/en-us/windowsforbusiness/windows-atp)
+* [Windows Defender for Endpoint](https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-endpoint)
 
 ## References
 
-* [Windows Defender ATP API Start Page](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/use-apis)
-* [Windows Defender ATP API Endpoints](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/exposed-apis-list)
+* [Windows Defender for Endpoint API Start Page](https://learn.microsoft.com/en-us/defender-endpoint/api/apis-intro)
+* [Windows Defender for Endpoint API Endpoints](https://learn.microsoft.com/en-us/defender-endpoint/api/exposed-apis-list)
diff --git a/plugins/microsoft_atp/plugin.spec.yaml b/plugins/microsoft_atp/plugin.spec.yaml
@@ -2,9 +2,9 @@ plugin_spec_version: v2
 extension: plugin
 products: ["insightconnect"]
 name: microsoft_atp
-title: Microsoft Windows Defender ATP
-description: The Windows Defender Advanced Threat Protection plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files
-version: 6.0.0
+title: Microsoft Defender for Endpoint
+description: The Microsoft Defender for Endpoint plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files
+version: 6.0.1
 connection_version: 6
 supported_versions: ["2024-05-21"]
 vendor: rapid7
@@ -27,14 +27,17 @@ hub_tags:
   features: []
 sdk: 
   type: full 
-  version: 6.1.2
+  version: 6.2.3
   user: nobody
+troubleshooting:
+  - "For information on how to setup your Azure application and assign permissions go [here](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp)"
 links:
- - "[Windows Defender ATP](https://www.microsoft.com/en-us/windowsforbusiness/windows-atp)"
+ - "[Windows Defender for Endpoint](https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-endpoint)"
 references:
- - "[Windows Defender ATP API Start Page](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/use-apis)"
- - "[Windows Defender ATP API Endpoints](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/exposed-apis-list)"
+ - "[Windows Defender for Endpoint API Start Page](https://learn.microsoft.com/en-us/defender-endpoint/api/apis-intro)"
+ - "[Windows Defender for Endpoint API Endpoints](https://learn.microsoft.com/en-us/defender-endpoint/api/exposed-apis-list)"
 version_history:
+ - "6.0.1 - Update to latest SDK (v6.2.2) | Address vulnerabilities | Rebrand to `Microsoft Defender for Endpoint`"
  - "6.0.0 - Updated SDK to the latest version | Initial updates for fedramp compliance"
  - "5.2.0 - Add new action: Update Alert"
  - "5.1.0 - Adding the following as new action types to `blacklist` action ['Warn', 'Block', 'Audit'] | Add a new flag in the `blacklist` action to toggle generateAlerts flag | Bump SDK to version 5.4.9"

diff --git a/plugins/microsoft_atp/setup.py b/plugins/microsoft_atp/setup.py
@@ -3,8 +3,8 @@
 
 
 setup(name="microsoft_atp-rapid7-plugin",
-      version="6.0.0",
-      description="The Windows Defender Advanced Threat Protection plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files",
+      version="6.0.1",
+      description="The Microsoft Defender for Endpoint plugin allows Rapid7 InsightConnect users to quickly take remediation actions across their organization. This plugin can isolate machines, run virus scans, and quarantine files",
       author="rapid7",
       author_email="",
       url="",