diff --git a/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.py b/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.py index 5d2b5b9a00f8..b4999f984149 100644 --- a/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.py +++ b/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.py @@ -17,10 +17,11 @@ class DomainToolsClient(BaseClient): APP_PARTNER = "cortex_xsoar_feed" APP_NAME = "feed-plugin" - APP_VERSION = "1.0.0" + APP_VERSION = "1.0.2" NOD_FEED = "nod" NAD_FEED = "nad" + NOH_FEED = "noh" DOMAINRDAP = "domainrdap" DOMAINDISCOVERY = "domaindiscovery" @@ -315,6 +316,7 @@ def fetch_indicators_command(client: DomainToolsClient, params: dict[str, Any] = FEEDS_TO_PROCESS = [ client.NOD_FEED, client.NAD_FEED, + client.NOH_FEED, client.DOMAINRDAP, client.DOMAINDISCOVERY ] diff --git a/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.yml b/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.yml index 5be539730d19..a44b715d7b09 100644 --- a/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.yml +++ b/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.yml @@ -44,6 +44,7 @@ configuration: - ALL - nod - nad + - noh - domainrdap - domaindiscovery additionalinfo: The DomainTools feed type fo fetch. Defaults to 'ALL'. @@ -152,6 +153,7 @@ script: predefined: - "nod" - "nad" + - "noh" - "domainrdap" - "domaindiscovery" defaultValue: "nod" diff --git a/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools_test.py b/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools_test.py index 11a8c6a6fdc3..b923c0617d73 100644 --- a/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools_test.py +++ b/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools_test.py @@ -119,6 +119,7 @@ def test_conversion_feed_to_indicato_obj(mocker, dt_feeds_client): [ "nod", "nad", + "noh", "domaindiscovery", "domainrdap" ], @@ -137,6 +138,7 @@ def test_get_indicators_command(mocker, dt_feeds_client, feed_type): mock_feed_response = { "nod": feed_mock_response.NOD_FEED_RESPONSE, "nad": feed_mock_response.NAD_FEED_RESPONSE, + "noh": feed_mock_response.NOH_FEED_RESPONSE, "domaindiscovery": feed_mock_response.DOMAINDISCOVERY_RESPONSE, "domainrdap": feed_mock_response.DOMAINRDAP_RESPONSE, } @@ -153,6 +155,7 @@ def test_get_indicators_command(mocker, dt_feeds_client, feed_type): expected_indicator_results = { "nod": feed_mock_response.NOD_PARSED_INDICATOR_RESPONSE, "nad": feed_mock_response.NAD_PARSED_INDICATOR_RESPONSE, + "noh": feed_mock_response.NOH_PARSED_INDICATOR_RESPONSE, "domaindiscovery": feed_mock_response.DOMAINDISCOVERY_PARSED_INDICATOR_RESPONSE, "domainrdap": feed_mock_response.DOMAINRDAP_PARSED_INDICATOR_RESPONSE } @@ -190,7 +193,7 @@ def test_fetch_indicators_command(mocker, dt_feeds_client): ) results = fetch_indicators_command(dt_feeds_client, params={"top": "2"}) - assert len(results) == 8 + assert len(results) == 10 def test_calling_command_using_main(mocker, dt_feeds_client): diff --git a/Packs/FeedDomainTools/Integrations/FeedDomainTools/test_data/feed_mock_response.py b/Packs/FeedDomainTools/Integrations/FeedDomainTools/test_data/feed_mock_response.py index 804de26a046e..8ea9fd71ca8a 100644 --- a/Packs/FeedDomainTools/Integrations/FeedDomainTools/test_data/feed_mock_response.py +++ b/Packs/FeedDomainTools/Integrations/FeedDomainTools/test_data/feed_mock_response.py @@ -24,6 +24,19 @@ '{"timestamp":"2025-01-13T13:37:00Z","domain":"vontresesworldofhair.ws"}', ] +NOH_FEED_RESPONSE = [ + '{"timestamp":"2025-04-23T15:08:43Z","domain":"70-182-75-162_s-104-93-21-49_ts-1745420863-clienttons-s.akamaihd.net"}', + '{"timestamp":"2025-04-23T15:08:43Z","domain":"0436e3e5.metrics-bunny.net"}', + '{"timestamp":"2025-04-23T15:08:43Z","domain":"mailrelay.salon-gossip.com"}', + '{"timestamp":"2025-04-23T15:08:43Z","domain":"jdpf23tilukrq2ajaiya-pzoxrc-94dbdaf6b-clientnsv4-s.akamaihd.net"}', + '{"timestamp":"2025-04-23T15:08:43Z","domain":"wdkaurv71m355nb9jupvbr2l.security-notification.co.in"}', + '{"timestamp":"2025-04-23T15:08:43Z","domain":"eabqbsyxfgmqakqce3yboaadqnuasart-f-cfbdb0fbf-clienttons-s.akamaihd.net"}', + '{"timestamp":"2025-04-23T15:08:43Z","domain":"mk5z4atilukrq2ajajba-pxwook-1e57a800d-clientnsv4-s.akamaihd.net"}', + '{"timestamp":"2025-04-23T15:08:43Z","domain":"eabqbua7ausackqce3yloaaaanuasast-f-62424322b-clienttons-s.akamaihd.net"}', + '{"timestamp":"2025-04-23T15:08:43Z","domain":"peste.bi.wealthsimple.co"}', + '{"timestamp":"2025-04-23T15:08:43Z","domain":"jdagdhdilukte2ajaiya-pqb6kc-b9a8d2c13-clientnsv4-s.akamaihd.net"}', +] + DOMAINDISCOVERY_RESPONSE = [ '{"timestamp":"2025-03-07T17:27:11Z","domain":"yashh.xin"}', '{"timestamp":"2025-03-07T17:27:11Z","domain":"joinoramaenergy.com"}', @@ -348,6 +361,159 @@ }, ] +NOH_PARSED_INDICATOR_RESPONSE = [ + { + "value": "70-182-75-162_s-104-93-21-49_ts-1745420863-clienttons-s.akamaihd.net", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,noh", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-04-23T15:08:43Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "70-182-75-162_s-104-93-21-49_ts-1745420863-clienttons-s.akamaihd.net", + "type": "Domain", + "timestamp": "2025-04-23T15:08:43Z", + }, + }, + { + "value": "0436e3e5.metrics-bunny.net", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,noh", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-04-23T15:08:43Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "0436e3e5.metrics-bunny.net", + "type": "Domain", + "timestamp": "2025-04-23T15:08:43Z", + }, + }, + { + "value": "mailrelay.salon-gossip.com", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,noh", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-04-23T15:08:43Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "mailrelay.salon-gossip.com", + "type": "Domain", + "timestamp": "2025-04-23T15:08:43Z", + }, + }, + { + "value": "jdpf23tilukrq2ajaiya-pzoxrc-94dbdaf6b-clientnsv4-s.akamaihd.net", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,noh", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-04-23T15:08:43Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "jdpf23tilukrq2ajaiya-pzoxrc-94dbdaf6b-clientnsv4-s.akamaihd.net", + "type": "Domain", + "timestamp": "2025-04-23T15:08:43Z", + }, + }, + { + "value": "wdkaurv71m355nb9jupvbr2l.security-notification.co.in", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,noh", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-04-23T15:08:43Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "wdkaurv71m355nb9jupvbr2l.security-notification.co.in", + "type": "Domain", + "timestamp": "2025-04-23T15:08:43Z", + }, + }, + { + "value": "eabqbsyxfgmqakqce3yboaadqnuasart-f-cfbdb0fbf-clienttons-s.akamaihd.net", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,noh", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-04-23T15:08:43Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "eabqbsyxfgmqakqce3yboaadqnuasart-f-cfbdb0fbf-clienttons-s.akamaihd.net", + "type": "Domain", + "timestamp": "2025-04-23T15:08:43Z", + }, + }, + { + "value": "mk5z4atilukrq2ajajba-pxwook-1e57a800d-clientnsv4-s.akamaihd.net", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,noh", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-04-23T15:08:43Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "mk5z4atilukrq2ajajba-pxwook-1e57a800d-clientnsv4-s.akamaihd.net", + "type": "Domain", + "timestamp": "2025-04-23T15:08:43Z", + }, + }, + { + "value": "eabqbua7ausackqce3yloaaaanuasast-f-62424322b-clienttons-s.akamaihd.net", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,noh", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-04-23T15:08:43Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "eabqbua7ausackqce3yloaaaanuasast-f-62424322b-clienttons-s.akamaihd.net", + "type": "Domain", + "timestamp": "2025-04-23T15:08:43Z", + }, + }, + { + "value": "peste.bi.wealthsimple.co", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,noh", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-04-23T15:08:43Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "peste.bi.wealthsimple.co", + "type": "Domain", + "timestamp": "2025-04-23T15:08:43Z", + }, + }, + { + "value": "jdagdhdilukte2ajaiya-pqb6kc-b9a8d2c13-clientnsv4-s.akamaihd.net", + "type": "Domain", + "fields": { + "tags": "DomainToolsFeeds,noh", + "service": "DomainTools Feeds", + "firstseenbysource": "2025-04-23T15:08:43Z", + "sourcebrands": "FeedDomainTools", + }, + "rawJSON": { + "value": "jdagdhdilukte2ajaiya-pqb6kc-b9a8d2c13-clientnsv4-s.akamaihd.net", + "type": "Domain", + "timestamp": "2025-04-23T15:08:43Z", + }, + }, +] + DOMAINDISCOVERY_PARSED_INDICATOR_RESPONSE = [ { @@ -362,7 +528,7 @@ "rawJSON": { "value": "yashh.xin", "type": "Domain", - "timestamp": "2025-03-07T17:27:11Z" + "timestamp": "2025-03-07T17:27:11Z", }, }, {