Open edthedev opened 3 months ago
Blocked by needing test API credentials to the (about to be deployed) test copy of SCRAM
https://github.com/esnet-security/SCRAM/blob/main/config/api_router.py
Null Router BHR has 'blocks'
SCRAM has 'entries' which are 'actions' applied to 'routes'
Entries have the following values:
route = models.ForeignKey("Route", on_delete=models.PROTECT) actiontype = models.ForeignKey("ActionType", on_delete=models.PROTECT) comment = models.TextField(blank=True, null=True) is_active = models.BooleanField(default=True)
history = HistoricalRecords()
when = models.DateTimeField(auto_now_add=True)
who = models.CharField("Username", default="Unknown", max_length=30)
expiration = models.DateTimeField(default="9999-12-31 00:00")
expiration_reason = models.CharField(
help_text="Optional reason for the expiration",
max_length=200,
null=True,
blank=True,
)
Simplest thing is probably to copy/paste code from
https://github.com/esnet-security/scram-client/blob/main/src/scram_client/cli.py
directly into app.py in our SOAR app.py.
I would have liked to use scram_client
directly, but it has built-in dependencies on prometheus
which is likely to be a challenge to get working in the SOAR cloud Python environment.
Context
Cybersecurity Operations need to migrate our null router to SCRAM, and will need a SOAR integration built around the new client library.
https://github.com/esnet-security/scram-client/blob/c7b60c11488a04e0c0c2883c1f03c877c339ff04/README.md
Tasks