Rapid7 Threat Command - Updated plugin title | Updated SDK to the lat…

…est version

plugins/rapid7_intsights/.CHECKSUM

@@ -1,7 +1,7 @@
 {
-	"spec": "63bb9e1c5603228258adaf80b9d60092",
-	"manifest": "c3bb4f3dedae0e4981e665aaca08cd3a",
-	"setup": "4eaf77e407dde5e40eea2fc57d79cab8",
+	"spec": "3439bf518a03d349b4a235086485805a",
+	"manifest": "5b458f27f8a0e2b6553982e235e28072",
+	"setup": "0dab9d2379f52b107984b5b26a67424c",
 	"schemas": [
 		{
 			"identifier": "add_cve/schema.py",

plugins/rapid7_intsights/Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:5.4.8
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.4
 
 LABEL organization=rapid7
 LABEL sdk=python
@@ -12,7 +12,7 @@ RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
 
 ADD . /python/src
 
-RUN python setup.py build && python setup.py install
+RUN pip install .
 
 # User to run plugin code. The two supported users are: root, nobody
 USER nobody

plugins/rapid7_intsights/bin/icon_rapid7_intsights

@@ -4,10 +4,10 @@ import os
 import json
 from sys import argv
 
-Name = "Threat Command"
+Name = "Rapid7 Threat Command"
 Vendor = "rapid7"
-Version = "5.2.0"
-Description = "Threat Command by Rapid7 is disrupting external threat intelligence with a combination of human and automated collection, intelligent analysis, and strategic threat hunting that turns the clear, deep, and dark webs into an intelligence resource that any company can deploy"
+Version = "5.2.1"
+Description = "[Threat Command](https://intsights.com/) by Rapid7 is disrupting external threat intelligence with a combination of human and automated collection, intelligent analysis, and strategic threat hunting that turns the clear, deep, and dark webs into an intelligence resource that any company can deploy"
 
 
 def main():

plugins/rapid7_intsights/help.md

@@ -1427,10 +1427,11 @@ Example output:
 
 ## Troubleshooting
 
-*There is no troubleshooting for this plugin.*
+*This plugin does not contain a troubleshooting.*
 
 # Version History
 
+* 5.2.1 - Updated plugin title | Updated SDK to the latest version
 * 5.2.0 - Update exception presets in API and unit tests | New `subtype` output to `get_indicator_by_value` action
 * 5.1.1 - Better handling of response from the threat connect API when using the `takedown_request` action | Bumped to use the newest version of the SDK | Updated old unit tests / added new unit tests
 * 5.1.0 - Add actions -> `Get Cyber Terms by Filter`, `Get IOCs for Cyber Term`, `Get CVEs for Cyber Term`, `Close Alert`. Add new input for `Get IOCs By Filter` action
@@ -1449,4 +1450,4 @@ Example output:
 
 ## References
 
-* [Threat Command](https://www.rapid7.com/products/threat-command)
+* [Threat Command](https://www.rapid7.com/products/threat-command)

plugins/rapid7_intsights/plugin.spec.yaml

@@ -2,42 +2,47 @@ plugin_spec_version: v2
 extension: plugin
 products: [insightconnect]
 name: rapid7_intsights
-title: Threat Command
-description: Threat Command by Rapid7 is disrupting external threat intelligence with a combination of human and automated collection, intelligent analysis, and strategic threat hunting that turns the clear, deep, and dark webs into an intelligence resource that any company can deploy
-version: 5.2.0
+title: Rapid7 Threat Command
+description: "[Threat Command](https://intsights.com/) by Rapid7 is disrupting external threat intelligence with a combination of human and automated collection, intelligent analysis, and strategic threat hunting that turns the clear, deep, and dark webs into an intelligence resource that any company can deploy"
+version: 5.2.1
 connection_version: 5
 supported_versions: ["2.4.0"]
 vendor: rapid7
 support: rapid7
 status: []
-version_history:
-    - 5.2.0 - Update exception presets in API and unit tests | New `subtype` output to `get_indicator_by_value` action
-    - 5.1.1 - Better handling of response from the threat connect API when using the `takedown_request` action | Bumped to use the newest version of the SDK | Updated old unit tests / added new unit tests
-    - 5.1.0 - Add actions -> `Get Cyber Terms by Filter`, `Get IOCs for Cyber Term`, `Get CVEs for Cyber Term`, `Close Alert`. Add new input for `Get IOCs By Filter` action
-    - 5.0.0 - Add action Get IOCs By Filter which returns a list of paginated IOC data based on input filters applied against IOC properties | Fix Bug relating to mismatched property names of output types geolocation, sources, and reported feeds for Get Indicator by Value action
-    - 4.0.0 - Rename Plugin to Threat Command | Update descriptions to Threat Command | Update Get Indicator By Value to use API V3 | Remove Rescan Indicator and Get Indicator Scan Status | Update Get CVE List to request one page of results only
-    - 3.2.0 - Fix is_closed bug in trigger | Add new input `source_date_from_enum` in trigger which allows user to specifiy Source Date From using ENUM rather than timestamp/string
-    - 3.1.0 - Add new actions Add CVEs, Delete CVEs and Get CVE List
-    - 3.0.1 - Fix issue where New Alert trigger sends empty list when there are no new alerts
-    - 3.0.0 - Add `assets` custom output type in Add Manual Alert action | Fix missing URL bug in DarkWeb Webmail alerts in Add Manual Alert action
-    - 2.0.0 - Add new trigger New Alert | Add new action Get CVE by ID
-    - 1.0.0 - Initial plugin
+tags:
+  - rapid7
+  - darkweb
+  - threatintelligence
+hub_tags:
+  use_cases: [data_utility, threat_detection_and_response]
+  keywords: [threat_intelligence, phishing, remediation, block, malware_analysis]
+  features: []
 resources:
   source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/rapid7_intsights
   license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE
   vendor_url: https://www.rapid7.com/products/threat-command
+sdk:
+  type: slim
+  version: 6.2.4
+  user: nobody
 key_features: ["Get Indicator by Value", "Enrich Indicator", "Get Alerts", "Get Complete Alert by ID", "Takedown Request", "Add Manual Alert", "Get CVE by ID", "Get CVE List", "Delete CVE", "Add CVE", "Get IOCs by Filter", "Get Cyber Terms by Filter", "Get IOCs for Cyber Term", "Get CVEs for Cyber Term", "Close Alert"]
 requirements: ["Requires an Account ID for Threat Command", "Requires API key for Threat Command"]
-references: ["[Threat Command](https://www.rapid7.com/products/threat-command)"]
+version_history:
+  - "5.2.1 - Updated plugin title | Updated SDK to the latest version"
+  - "5.2.0 - Update exception presets in API and unit tests | New `subtype` output to `get_indicator_by_value` action"
+  - "5.1.1 - Better handling of response from the threat connect API when using the `takedown_request` action | Bumped to use the newest version of the SDK | Updated old unit tests / added new unit tests"
+  - "5.1.0 - Add actions -> `Get Cyber Terms by Filter`, `Get IOCs for Cyber Term`, `Get CVEs for Cyber Term`, `Close Alert`. Add new input for `Get IOCs By Filter` action"
+  - "5.0.0 - Add action Get IOCs By Filter which returns a list of paginated IOC data based on input filters applied against IOC properties | Fix Bug relating to mismatched property names of output types geolocation, sources, and reported feeds for Get Indicator by Value action"
+  - "4.0.0 - Rename Plugin to Threat Command | Update descriptions to Threat Command | Update Get Indicator By Value to use API V3 | Remove Rescan Indicator and Get Indicator Scan Status | Update Get CVE List to request one page of results only"
+  - "3.2.0 - Fix is_closed bug in trigger | Add new input `source_date_from_enum` in trigger which allows user to specifiy Source Date From using ENUM rather than timestamp/string"
+  - "3.1.0 - Add new actions Add CVEs, Delete CVEs and Get CVE List"
+  - "3.0.1 - Fix issue where New Alert trigger sends empty list when there are no new alerts"
+  - "3.0.0 - Add `assets` custom output type in Add Manual Alert action | Fix missing URL bug in DarkWeb Webmail alerts in Add Manual Alert action"
+  - "2.0.0 - Add new trigger New Alert | Add new action Get CVE by ID"
+  - "1.0.0 - Initial plugin"
 links: ["[Threat Command](https://intsights.com/)"]
-tags:
-- rapid7
-- darkweb
-- threatintelligence
-hub_tags:
-  use_cases: [data_utility, threat_detection_and_response]
-  keywords: [threat_intelligence, phishing, remediation, block, malware_analysis]
-  features: []
+references: ["[Threat Command](https://www.rapid7.com/products/threat-command)"]
 types:
   source:
     name:

plugins/rapid7_intsights/requirements.txt

@@ -2,4 +2,4 @@
 # All dependencies must be version-pinned, eg. requests==1.2.0
 # See: https://pip.pypa.io/en/stable/user_guide/#requirements-files
 timeout-decorator==0.5.0
-parameterized==0.8.1
+parameterized==0.8.1

plugins/rapid7_intsights/setup.py

@@ -3,8 +3,8 @@
 
 
 setup(name="rapid7_intsights-rapid7-plugin",
-      version="5.2.0",
-      description="Threat Command by Rapid7 is disrupting external threat intelligence with a combination of human and automated collection, intelligent analysis, and strategic threat hunting that turns the clear, deep, and dark webs into an intelligence resource that any company can deploy",
+      version="5.2.1",
+      description="[Threat Command](https://intsights.com/) by Rapid7 is disrupting external threat intelligence with a combination of human and automated collection, intelligent analysis, and strategic threat hunting that turns the clear, deep, and dark webs into an intelligence resource that any company can deploy",
       author="rapid7",
       author_email="",
       url="",