From cdf33b50c5b52f502e8e193524a4ed819bcbde68 Mon Sep 17 00:00:00 2001 From: Tommy Harris Date: Tue, 28 Mar 2023 09:02:02 -0600 Subject: [PATCH 1/4] Resolve missing fields for global_task webhook --- iris_webhooks_module/IrisWebHooksInterface.py | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/iris_webhooks_module/IrisWebHooksInterface.py b/iris_webhooks_module/IrisWebHooksInterface.py index 3c484be..6ebb4e3 100644 --- a/iris_webhooks_module/IrisWebHooksInterface.py +++ b/iris_webhooks_module/IrisWebHooksInterface.py @@ -260,13 +260,20 @@ def _do_web_hook(self, hook_name, data, hook, server_url) -> InterfaceStatus.IIS case_id = data[0].case_id object_url = f"{server_url}/case/evidences?cid={case_id}&shared={data[0].id}" - elif hook_object == 'task' or hook_object == 'global_task': + elif hook_object == 'task': user_name = data[0].user_update.name object_name = data[0].task_title case_name = data[0].case.name case_id = data[0].task_case_id object_url = f"{server_url}/case/task?cid={case_id}&shared={data[0].id}" + elif hook_object == 'global_task': + user_name = data[0].user_update.name + object_name = data[0].task_title + case_name = 'Global' + case_id = None + object_url = f"{server_url}/dashboard?cid=1#gtasks_table_wrapper" + elif hook_object == 'report': object_name = 'a report' @@ -274,8 +281,11 @@ def _do_web_hook(self, hook_name, data, hook, server_url) -> InterfaceStatus.IIS object_name = self._render_url(object_url, object_name, request_rendering) if case_id: - case_info = "on case {rendered_url}".format(rendered_url=self._render_url(f"{server_url}/case?cid={case_id}", - f"#{case_id}", request_rendering)) + case_info = "on case {rendered_url}".format( + rendered_url=self._render_url(f"{server_url}/case?cid={case_id}", + f"#{case_id}", request_rendering)) + else: + case_info = None description = f"{user_name} {hook_type}d {hook_object} {object_name} {case_info}" title = f"[{case_name}] {hook_object.capitalize()} {hook_type}d" From 760e3c15eb5959e1113aa86fdab671bc83a00cc0 Mon Sep 17 00:00:00 2001 From: Tommy Harris Date: Tue, 28 Mar 2023 09:09:11 -0600 Subject: [PATCH 2/4] bump version to 1.0.3 --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 864cc92..b1e8ae8 100644 --- a/setup.py +++ b/setup.py @@ -28,7 +28,7 @@ setuptools.setup( name='iris_webhooks_module', - version='1.0.2', + version='1.0.3', packages=['iris_webhooks_module'], author="DFIR-IRIS", author_email="contact@dfir-iris.org", From f1171be216567c236465aab6f9ed493bfbf9a6b4 Mon Sep 17 00:00:00 2001 From: Tommy Harris Date: Tue, 28 Mar 2023 10:53:33 -0600 Subject: [PATCH 3/4] update webhook version info --- iris_webhooks_module/IrisWebHooksConfig.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iris_webhooks_module/IrisWebHooksConfig.py b/iris_webhooks_module/IrisWebHooksConfig.py index 4663814..e785d8b 100644 --- a/iris_webhooks_module/IrisWebHooksConfig.py +++ b/iris_webhooks_module/IrisWebHooksConfig.py @@ -21,7 +21,7 @@ module_name = "IrisWebHooks" module_description = "Provides webhooks for IRIS. See https://docs.dfir-iris.org/operations/modules/natives/IrisWebHooks/" interface_version = "1.2.0" -module_version = "1.0.2" +module_version = "1.0.3" pipeline_support = False pipeline_info = {} From bbdcb57b8cbde63f27420c97184bf372aa3f1ed6 Mon Sep 17 00:00:00 2001 From: Tommy Harris Date: Tue, 28 Mar 2023 11:06:27 -0600 Subject: [PATCH 4/4] remove case info string --- iris_webhooks_module/IrisWebHooksInterface.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iris_webhooks_module/IrisWebHooksInterface.py b/iris_webhooks_module/IrisWebHooksInterface.py index 6ebb4e3..bf32c46 100644 --- a/iris_webhooks_module/IrisWebHooksInterface.py +++ b/iris_webhooks_module/IrisWebHooksInterface.py @@ -285,7 +285,7 @@ def _do_web_hook(self, hook_name, data, hook, server_url) -> InterfaceStatus.IIS rendered_url=self._render_url(f"{server_url}/case?cid={case_id}", f"#{case_id}", request_rendering)) else: - case_info = None + case_info = "" description = f"{user_name} {hook_type}d {hook_object} {object_name} {case_info}" title = f"[{case_name}] {hook_object.capitalize()} {hook_type}d"