New SOAR app for the SCRAM null router

[edthedev]

Context

Cybersecurity Operations need to migrate our null router to SCRAM, and will need a SOAR integration built around the new client library.

https://github.com/esnet-security/scram-client/blob/c7b60c11488a04e0c0c2883c1f03c877c339ff04/README.md

Tasks

• [ ] get API credentials to the new SCRAM server
• [ ] update for create a bhr-client Python library compatible with the new SCRAM software
• [ ] update/replace our SOAR brh app

[edthedev]

Blocked by needing test API credentials to the (about to be deployed) test copy of SCRAM

[edthedev]

https://github.com/esnet-security/SCRAM/blob/main/config/api_router.py

Null Router BHR has 'blocks'

SCRAM has 'entries' which are 'actions' applied to 'routes'

About Entries

Entries have the following values:

route = models.ForeignKey("Route", on_delete=models.PROTECT) actiontype = models.ForeignKey("ActionType", on_delete=models.PROTECT) comment = models.TextField(blank=True, null=True) is_active = models.BooleanField(default=True)

TODO: fix name if this works

history = HistoricalRecords()
when = models.DateTimeField(auto_now_add=True)
who = models.CharField("Username", default="Unknown", max_length=30)
expiration = models.DateTimeField(default="9999-12-31 00:00")
expiration_reason = models.CharField(
    help_text="Optional reason for the expiration",
    max_length=200,
    null=True,
    blank=True,
)

Proposed approach

Simplest thing is probably to copy/paste code from

https://github.com/esnet-security/scram-client/blob/main/src/scram_client/cli.py

directly into app.py in our SOAR app.py.

I would have liked to use scram_client directly, but it has built-in dependencies on prometheus which is likely to be a challenge to get working in the SOAR cloud Python environment.