Is not able to handle IPv6 IP addresses.

[livn46]

Whenever an IPv6 address is passed to the BHR app, it fails. SOAR containers that can be viewed as examples are 68923 or 68924.

Tasks

• [x] grab some IPV6 addresses to test with from SOAR events 68923 and 68924
• [ ] write some new tests using IPV6 addresses
• [x] add VCRpy to simplify testing - see https://github.com/techservicesillinois/splunk-soar-template for patterns
• [ ] analyze IPV6 handling and open new issues
• [ ] update tests to ensure a good error message is returned until other issues are resolved

[edthedev]

Re-opening this to add a regression test with an IPv6 address.

[tzturner]

We created a test SOAR playbook and hardcoded in the IPv6 address from event 68923 (2405:201:11:d046:adaa:55c5:dcfa:9b80). It ran successfully. We checked the BHR site for that IPv6 address and found the following.

Blocking of IPv6 addresses appears to be working.