admingit
/
Deployement_Server_OLD_V
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add_app

Browse Source
master
Jocelyn Pamphile 3 years ago
parent 7eff0efb61
commit 91ddebf03f
26 changed files with 7977 additions and 0 deletions
Show Stats Download Patch File Download Diff File

2
deployment-apps/msadgraph/CONTRIBUTING.md
Unescape View File

@ -0,0 +1,2 @@
# Contributing
For more information about contributing to Splunk SOAR Apps please take a look at our app [Contribution Guide](https://github.com/splunk-soar-connectors/.github/blob/main/.github/CONTRIBUTING.md)!

201
deployment-apps/msadgraph/LICENSE
Unescape View File

@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright (c) 2022-2023 Splunk Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

26
deployment-apps/msadgraph/NOTICE
Unescape View File

@ -0,0 +1,26 @@
Splunk SOAR MS Graph for Active Directory
Copyright (c) 2022-2023 Splunk Inc.
Third-party Software Attributions:
Library: Django
Version: 3.2.13
License: BSD 3
0.9.0 thru 1.2 1991-1995 CWI yes
1.3 thru 1.5.2 1.2 1995-1999 CNRI yes
2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Python Software Foundation;
Copyright 1991-1995 Stichting Mathematisch Centrum Amsterdam
Copyright 2001 Python Software Foundation; All Rights Reserved
Copyright Django Software Foundation and individual contributors
Library: beautifulsoup4
Version: 4.9.1
License: MIT
Copyright 2004-2017 Leonard Richardson
Copyright 2004-2019 Leonard Richardson
Copyright 2018 Isaac Muse
Library: requests
Version: 2.25.0
License: Apache 2.0
Kenneth Reitz

999
deployment-apps/msadgraph/README.md
Unescape View File

@ -0,0 +1,999 @@
[comment]: # "Auto-generated SOAR connector documentation"
# MS Graph for Active Directory
Publisher: Splunk
Connector Version: 1.3.0
Product Vendor: Microsoft
Product Name: MS Graph for Active Directory
Product Version Supported (regex): ".\*"
Minimum Product Version: 6.0.2
Connects to Microsoft Active Directory using MS Graph REST API services to support various generic and investigative actions
[comment]: # " File: README.md"
[comment]: # " Copyright (c) 2022-2023 Splunk Inc."
[comment]: # ""
[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');"
[comment]: # "you may not use this file except in compliance with the License."
[comment]: # "You may obtain a copy of the License at"
[comment]: # ""
[comment]: # " http://www.apache.org/licenses/LICENSE-2.0"
[comment]: # ""
[comment]: # "Unless required by applicable law or agreed to in writing, software distributed under"
[comment]: # "the License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,"
[comment]: # "either express or implied. See the License for the specific language governing permissions"
[comment]: # "and limitations under the License."
[comment]: # ""
## Authentication
### Microsoft Azure Application creation
This app requires creating a Microsoft Azure Application. To do so, navigate to
<https://portal.azure.com> in a browser and log in with a Microsoft account, then select **Azure
Active Directory** .
1. Go to **App Registrations** and click on **+ New registration** .
2. Give the app an appropriate name.
3. Select a supported account type (configure the application to be multitenant).
4. Click on the **Register** .
- Under **Certificates & secrets** , add **New client secret** . Note this key somewhere
secure, as it cannot be retrieved after closing the window.
- Under **Redirect URIs** we will be updating the entry of https://phantom.local to reflect
the actual redirect URI. We will get this from the SOAR asset we create below in the section
titled "Configure the MS Graph for Active Directory SOAR app Asset"
### Delegated Permissions configuration
Use this procedure to provide non-admin permissions to the app. To do so, navigate to
<https://portal.azure.com> in a browser and log in with a Microsoft account, then navigate to the
previously created app configuration.
1. Under **API Permissions** , click on **Add a permission** .
2. Go to **Microsoft Graph Permissions** , the following **Delegated Permissions** need to be
added:
- User.ReadWrite.All
- Directory.ReadWrite.All
- Directory.AccessAsUser.All
- User.ManageIdentities.All
- Group.ReadWrite.All
- GroupMember.ReadWrite.All
- RoleManagement.ReadWrite.Directory
- offline_access
3. Click on the **Add permissions** .
4. After making these changes, click on **Grant admin consent** .
### Application Permissions configuration
Use this procedure to provide admin permissions to the app. To do so, navigate to
<https://portal.azure.com> in a browser and log in with a Microsoft account, then navigate to the
previously created app configuration.
1. Under **API Permissions** , click on **Add a permission** .
2. Go to **Microsoft Graph Permissions** , the following **Application Permissions** need to be
added:
- User.ReadWrite.All
- Directory.ReadWrite.All
- User.ManageIdentities.All
- Group.ReadWrite.All
- GroupMember.ReadWrite.All
- RoleManagement.ReadWrite.Directory
3. Click on the **Add permissions** .
4. After making these changes, click on **Grant admin consent** .
#### Note: **reset password** action is not supported with Application permissions
## Configure the MS Graph for Active Directory SOAR app Asset
When creating an asset for the **MS Graph for Active Directory** app, place the **Application ID**
of the app created during the previous step in the **Client ID** field and place the password
generated during the app creation process in the **Client Secret** field. Then, after filling out
the **Tenant** field, click **SAVE** .
After saving, a new field will appear in the **Asset Settings** tab. Take the URL found in the
**POST incoming for MS Graph to this location** field and place it in the **Redirect URIs** field of
the Azure Application configuration page. To this URL, add **/result** . After doing so the URL
should look something like:
https://\<phantom_host>/rest/handler/msgraphforactivedirectory_f2a239df-acb2-47d6-861c-726a435cfe76/\<asset_name>/result
Once again, click on Save.
## Enable Application Permissions
If you have received admin consent to use application permissions, make sure to check the **Admin
Access Required** and **Admin Consent Already Provided** checkboxes on the asset.
## User Permissions
To complete the authorization process, this app needs permission to view assets, which is not
granted by default. First, under **asset settings** , check which user is listed under **Select a
user on behalf of which automated actions can be executed** . By default, the user will be
**automation** , but this user can be changed by clicking **EDIT** at the bottom of the window. To
give this user permission to view assets, follow these steps:
- In the main drop-down menu, select **Administration** , then select the **User Management** ,
and under that tab, select **Roles** . Finally, click **+ ROLE** .
- In the **Add Role** wizard, give the role a name (e.g **Asset Viewer** ), and provide a
description. Subsequently, under **Available Users** , add the user assigned to the asset viewed
earlier. Then click the **Permissions** tab.
- On the permission tab, under **Available Privileges** , give the role the **View Assets**
privilege. Then click **SAVE** .
## Method to Run Test Connectivity (for delegated permissions)
After setting up the asset and user, click the **TEST CONNECTIVITY** button. A window should pop up
and display a URL. Navigate to this URL in a separate browser tab. This new tab will redirect to a
Microsoft login page. Log in to a Microsoft account with administrator privileges to the Microsoft
AD environment. After logging in, review the requested permissions listed, then click **Accept** .
Finally, close that tab. The test connectivity window should show success.
The app should now be ready to use.
## State File Permissions
Please check the permissions for the state file as mentioned below.
#### State Filepath
- For Root Install Instance:
/opt/phantom/local_data/app_states/f2a239df-acb2-47d6-861c-726a435cfe76/{asset_id}\_state.json
- For Non-Root Install Instance:
/\<PHANTOM_HOME_DIRECTORY>/local_data/app_states/f2a239df-acb2-47d6-861c-726a435cfe76/{asset_id}\_state.json
#### State File Permissions
- File Rights: rw-rw-r-- (664) (The SOAR user should have read and write access for the state
file)
- File Owner: appropriate SOAR user
## Port Details
The app uses HTTP/ HTTPS protocol for communicating with the Microsoft Graph server. Below are the
default ports used by the Splunk SOAR Connector.
| Service Name | Transport Protocol | Port |
|--------------|--------------------|------|
| https | tcp | 443 |
### Configuration Variables
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a MS Graph for Active Directory asset in SOAR.
VARIABLE | REQUIRED | TYPE | DESCRIPTION
-------- | -------- | ---- | -----------
**tenant_id** | required | string | Tenant (Tenant ID or Tenant Name)
**client_id** | required | string | Application ID
**client_secret** | required | password | Client Secret
**region** | optional | string | Microsoft AD Region
**admin_access_required** | optional | boolean | Admin Access Required
**admin_access_granted** | optional | boolean | Admin Consent Already Provided
### Supported Actions
[test connectivity](#action-test-connectivity) - Use supplied credentials to generate a token with MS Graph
[list users](#action-list-users) - Get a list of users
[reset password](#action-reset-password) - Reset or set a user's password in a Microsoft AD environment
[disable tokens](#action-disable-tokens) - Invalidate all active refresh tokens for a user in a Microsoft AD environment
[enable user](#action-enable-user) - Enable a user
[disable user](#action-disable-user) - Disable a user
[list user devices](#action-list-user-devices) - List devices for a specified user
[list user attributes](#action-list-user-attributes) - List attributes for all or a specified user
[set user attribute](#action-set-user-attribute) - Set an attribute for a user
[remove user](#action-remove-user) - Remove a user from a specified group
[add user](#action-add-user) - Add a user to a specified group
[list groups](#action-list-groups) - List groups in the organization
[get group](#action-get-group) - Get information about a group
[list group members](#action-list-group-members) - List the members in a group
[validate group](#action-validate-group) - Returns true if a user is in a group; otherwise, false
[list directory roles](#action-list-directory-roles) - List the directory roles that are activated in the tenant
[generate token](#action-generate-token) - Generate a token
## action: 'test connectivity'
Use supplied credentials to generate a token with MS Graph
Type: **test**
Read only: **True**
#### Action Parameters
No parameters are required for this action
#### Action Output
No Output
## action: 'list users'
Get a list of users
Type: **investigate**
Read only: **True**
For more information on using the filter_string, select_string and expand_string parameters, refer to https://docs.microsoft.com/en-us/graph/query-parameters. By default, only a limited set of properties are returned, to return an alternative property set use $select query parameter.
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**filter_string** | optional | Filter string to apply to user listing | string |
**select_string** | optional | Select string to get additional user properties. Separate multiple values with commas | string |
**expand_string** | optional | Expand string to get a resource or collection referenced by a single relationship | string |
**use_advanced_query** | optional | Use advanced query capabilities | boolean |
#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.expand_string | string | | manager
action_result.parameter.filter_string | string | | startswith(displayName,'User')
action_result.parameter.select_string | string | | displayName
action_result.parameter.use_advanced_query | boolean | | True False
action_result.data.\*.accountEnabled | boolean | | True False
action_result.data.\*.ageGroup | string | |
action_result.data.\*.assignedLicenses.\*.skuId | string | | 189a915c-fe4f-4ffa-bde4-85b9628d07a0
action_result.data.\*.assignedPlans.\*.assignedTimestamp | string | | 2017-08-29T02:31:40Z
action_result.data.\*.assignedPlans.\*.capabilityStatus | string | | Enabled
action_result.data.\*.assignedPlans.\*.service | string | | OfficeForms
action_result.data.\*.assignedPlans.\*.servicePlanId | string | | e212cbc7-0961-4c40-9825-01117710dcb1
action_result.data.\*.city | string | | Palo Alto
action_result.data.\*.companyName | string | |
action_result.data.\*.consentProvidedForMinor | string | |
action_result.data.\*.country | string | | US
action_result.data.\*.createdDateTime | string | | 2019-05-21T22:27:20Z
action_result.data.\*.creationType | string | |
action_result.data.\*.deletionTimestamp | string | |
action_result.data.\*.department | string | | Sales
action_result.data.\*.dirSyncEnabled | string | |
action_result.data.\*.displayName | string | | User
action_result.data.\*.employeeId | string | |
action_result.data.\*.facsimileTelephoneNumber | string | |
action_result.data.\*.givenName | string | | testuser
action_result.data.\*.id | string | `user id` | e4c722ac-3b83-478d-8f52-c388885dc30f
action_result.data.\*.immutableId | string | |
action_result.data.\*.isCompromised | string | |
action_result.data.\*.jobTitle | string | | Sales Manager
action_result.data.\*.lastDirSyncTime | string | |
action_result.data.\*.legalAgeGroupClassification | string | |
action_result.data.\*.mail | string | `email` | user@test.com
action_result.data.\*.mailNickname | string | | testmail
action_result.data.\*.mobile | string | | +1 5556378688
action_result.data.\*.mobilePhone | string | |
action_result.data.\*.objectType | string | | User
action_result.data.\*.odata.type | string | | test.DirectoryServices.User
action_result.data.\*.officeLocation | string | |
action_result.data.\*.onPremisesDistinguishedName | string | |
action_result.data.\*.onPremisesSecurityIdentifier | string | |
action_result.data.\*.otherMails | string | `email` | user.test@outlook.com
action_result.data.\*.passwordPolicies | string | | None
action_result.data.\*.passwordProfile | string | |
action_result.data.\*.passwordProfile.enforceChangePasswordPolicy | boolean | | True False
action_result.data.\*.passwordProfile.forceChangePasswordNextLogin | boolean | | True False
action_result.data.\*.passwordProfile.password | string | |
action_result.data.\*.physicalDeliveryOfficeName | string | |
action_result.data.\*.postalCode | string | | 94303
action_result.data.\*.preferredLanguage | string | | en-US
action_result.data.\*.provisionedPlans.\*.capabilityStatus | string | | Enabled
action_result.data.\*.provisionedPlans.\*.provisioningStatus | string | | Success
action_result.data.\*.provisionedPlans.\*.service | string | | exchange
action_result.data.\*.proxyAddresses | string | | SMTP:user1@test.com
action_result.data.\*.refreshTokensValidFromDateTime | string | | 2017-09-27T22:54:59Z
action_result.data.\*.showInAddressList | string | |
action_result.data.\*.sipProxyAddress | string | `email` | user@test.com
action_result.data.\*.state | string | | CA
action_result.data.\*.streetAddress | string | | 2479 E. Bayshore Rd.
action_result.data.\*.surname | string | | Test_surname
action_result.data.\*.telephoneNumber | string | |
action_result.data.\*.thumbnailPhoto@odata.mediaEditLink | string | | directoryObjects/6132ca31-7a09-434f-a269-abe836d0c01e/test.DirectoryServices.User/thumbnailPhoto
action_result.data.\*.usageLocation | string | | US
action_result.data.\*.userPrincipalName | string | `user id` | user@test.com
action_result.data.\*.userState | string | |
action_result.data.\*.userStateChangedOn | string | |
action_result.data.\*.userType | string | | Member
action_result.summary.num_users | numeric | | 8
action_result.summary.result_found | boolean | | True False
action_result.summary.total_results | numeric | | 7
action_result.message | string | | Successfully listed users
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
## action: 'reset password'
Reset or set a user's password in a Microsoft AD environment
Type: **contain**
Read only: **False**
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**user_id** | required | User ID to change password - can be user principal name or object ID | string | `user id`
**force_change** | optional | Force user to change password on next login | boolean |
**temp_password** | required | Temporary password for user | string |
#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.force_change | boolean | | True False
action_result.parameter.temp_password | string | | Temp_PA$$w0rd
action_result.parameter.user_id | string | `user id` | ee3dc4f2-70f9-446f-a19e-6b4e95ba030d user@test.com
action_result.data | string | |
action_result.summary.status | string | | Successfully reset user password
action_result.message | string | | Status: Successfully reset user password
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
## action: 'disable tokens'
Invalidate all active refresh tokens for a user in a Microsoft AD environment
Type: **contain**
Read only: **False**
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**user_id** | required | User ID to disable tokens of - can be user principal name or object ID | string | `user id`
#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.user_id | string | `user id` | ee3dc4f2-70f9-446f-a19e-6b4e95ba030d user@test.com
action_result.data | string | |
action_result.data.\*.@odata.context | string | | https://graph.test.com/v1.0/$metadata#Edm.Boolean
action_result.data.\*.odata.metadata | string | `url` | https://graph.windows.net/1t309est-db6c-4tes-t1d2-12bf3456d78d/$metadata#Edm.Null
action_result.data.\*.odata.null | boolean | | True False
action_result.data.\*.value | boolean | | True False
action_result.summary.status | string | | Successfully disabled tokens
action_result.message | string | | Successfully invalidated tokens Status: Successfully disabled tokens
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
## action: 'enable user'
Enable a user
Type: **generic**
Read only: **False**
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**user_id** | required | User ID to enable - can be user principal name or object ID | string | `user id`
#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.user_id | string | `user id` | user@test.com
action_result.data | string | |
action_result.summary.status | string | | Successfully enabled user user@test.com
action_result.message | string | | Status: Successfully enabled user user@test.com
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
## action: 'disable user'
Disable a user
Type: **generic**
Read only: **False**
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**user_id** | required | User ID to disable - can be user principal name or object ID | string | `user id`
#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.user_id | string | `user id` | user@test.com
action_result.data | string | |
action_result.summary.status | string | | Successfully disabled user user@test.com
action_result.message | string | | Status: Successfully disabled user user@test.com
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
## action: 'list user devices'
List devices for a specified user
Type: **investigate**
Read only: **True**
By default, only a limited set of properties are returned, to return an alternative property set use $select query parameter. For more information on using the select_string parameter, refer to <a href='https://docs.microsoft.com/en-us/graph/query-parameters#select-parameter' target='_blank'>this</a> documentation.
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**user_id** | required | User ID - can be user principal name or object ID | string | `user id`
**select_string** | optional | Select string to get additional user properties. Separate multiple values with commas | string |
#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.select_string | string | | displayName
action_result.parameter.user_id | string | `user id` | user@test.com
action_result.data.\*.@odata.type | string | | #test.graph.device
action_result.data.\*.accountEnabled | boolean | | True False
action_result.data.\*.alternativeSecurityIds.\*.identityProvider | string | |
action_result.data.\*.alternativeSecurityIds.\*.key | string | | WAA1ADAAOQA6ADwAUwBIAEEAMQAtAFQAUAAtAFAAVQBCAEsARQBZAD4AOQA5AEEARQAwADgAOABDAEUANAA1ADgAMABCADcAQgBGAEEARQA2ADEAQQBCADYANAA3ADYANgA5ADUAOAAzAEQANABFAEYARQA5ADYAOAAyAHkAcQBSAEIANwBrAGEAMQA4AEoATAByACsAegB4AE8AYwB6AE8AYgBNAFEANQBZAEgAbgB0AFQAdgBOAG0AbgA5AEQAZQA2AFgAVQBUAGgAcwBFAD0A
action_result.data.\*.alternativeSecurityIds.\*.type | numeric | | 2
action_result.data.\*.approximateLastSignInDateTime | string | | 2019-09-26T03:42:15Z
action_result.data.\*.complianceExpirationDateTime | string | |
action_result.data.\*.createdDateTime | string | | 2019-09-26T03:42:15Z
action_result.data.\*.deletedDateTime | string | |
action_result.data.\*.deviceCategory | string | |
action_result.data.\*.deviceId | string | |
action_result.data.\*.deviceMetadata | string | |
action_result.data.\*.deviceOwnership | string | |
action_result.data.\*.deviceVersion | numeric | |
action_result.data.\*.displayName | string | |
action_result.data.\*.domainName | string | |
action_result.data.\*.enrollmentProfileName | string | |
action_result.data.\*.enrollmentType | string | |
action_result.data.\*.extensionAttributes.extensionAttribute1 | string | |
action_result.data.\*.extensionAttributes.extensionAttribute10 | string | |
action_result.data.\*.extensionAttributes.extensionAttribute11 | string | |
action_result.data.\*.extensionAttributes.extensionAttribute12 | string | |
action_result.data.\*.extensionAttributes.extensionAttribute13 | string | |
action_result.data.\*.extensionAttributes.extensionAttribute14 | string | |
action_result.data.\*.extensionAttributes.extensionAttribute15 | string | |
action_result.data.\*.extensionAttributes.extensionAttribute2 | string | |
action_result.data.\*.extensionAttributes.extensionAttribute3 | string | |
action_result.data.\*.extensionAttributes.extensionAttribute4 | string | |
action_result.data.\*.extensionAttributes.extensionAttribute5 | string | |
action_result.data.\*.extensionAttributes.extensionAttribute6 | string | |
action_result.data.\*.extensionAttributes.extensionAttribute7 | string | |
action_result.data.\*.extensionAttributes.extensionAttribute8 | string | |
action_result.data.\*.extensionAttributes.extensionAttribute9 | string | |
action_result.data.\*.externalSourceName | string | |
action_result.data.\*.id | string | |
action_result.data.\*.isCompliant | boolean | |
action_result.data.\*.isManaged | boolean | |
action_result.data.\*.isRooted | string | |
action_result.data.\*.managementType | string | |
action_result.data.\*.manufacturer | string | |
action_result.data.\*.mdmAppId | string | |
action_result.data.\*.model | string | |
action_result.data.\*.onPremisesLastSyncDateTime | string | |
action_result.data.\*.onPremisesSyncEnabled | boolean | |
action_result.data.\*.operatingSystem | string | | Windows
action_result.data.\*.operatingSystemVersion | string | | 10.0.18362.0
action_result.data.\*.profileType | string | | RegisteredDevice
action_result.data.\*.registrationDateTime | string | | 2019-09-26T03:42:15Z
action_result.data.\*.sourceType | string | |
action_result.data.\*.trustType | string | | Workplace
action_result.summary | string | |
action_result.summary.status | string | | Successfully retrieved owned devices for user test@user.test.com
action_result.message | string | | Status: Successfully retrieved owned devices for user test@user.test.com
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
## action: 'list user attributes'
List attributes for all or a specified user
Type: **investigate**
Read only: **True**
By default, only a limited set of properties are returned, to return an alternative property set use $select query parameter. For more information on using the select_string and expand_string parameters, refer to https://docs.microsoft.com/en-us/graph/query-parameters.
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**user_id** | optional | User ID - can be user principal name or object ID | string | `user id`
**select_string** | optional | Select string to get additional user properties. Separate multiple values with commas | string |
**expand_string** | optional | Expand string to get a resource or collection referenced by a single relationship | string |
**use_advanced_query** | optional | Use advanced query capabilities | boolean |
#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.expand_string | string | | manager
action_result.parameter.select_string | string | | displayName
action_result.parameter.use_advanced_query | boolean | | True False
action_result.parameter.user_id | string | `user id` | user@test.com
action_result.data.\*.@odata.context | string | | https://graph.test.com/v1.0/$metadata#users/$entity
action_result.data.\*.accountEnabled | boolean | | True False
action_result.data.\*.ageGroup | string | |
action_result.data.\*.assignedLicenses.\*.skuId | string | | f30db892-07e9-47e9-837c-80727f46fd3d
action_result.data.\*.assignedPlans.\*.assignedTimestamp | string | | 2019-04-26T07:21:18Z
action_result.data.\*.assignedPlans.\*.capabilityStatus | string | | Enabled
action_result.data.\*.assignedPlans.\*.service | string | | exchange
action_result.data.\*.assignedPlans.\*.servicePlanId | string | | 33c4f319-9bdd-48d6-9c4d-410b750a4a5a
action_result.data.\*.city | string | |
action_result.data.\*.companyName | string | |
action_result.data.\*.consentProvidedForMinor | string | |
action_result.data.\*.country | string | |
action_result.data.\*.createdDateTime | string | | 2019-05-02T20:27:59Z
action_result.data.\*.creationType | string | |
action_result.data.\*.deletionTimestamp | string | |
action_result.data.\*.department | string | | Sales
action_result.data.\*.dirSyncEnabled | string | |
action_result.data.\*.displayName | string | | Test User
action_result.data.\*.employeeId | string | |
action_result.data.\*.facsimileTelephoneNumber | string | |
action_result.data.\*.givenName | string | |
action_result.data.\*.id | string | `user id` | 7d55d7e6-cf5a-4dd2-a176-57a3c33b7fa9
action_result.data.\*.identities.\*.issuer | string | | test.com
action_result.data.\*.identities.\*.issuerAssignedId | string | | test2@user.test.com
action_result.data.\*.identities.\*.signInType | string | | userPrincipalName
action_result.data.\*.immutableId | string | |
action_result.data.\*.isCompromised | string | |
action_result.data.\*.jobTitle | string | |
action_result.data.\*.lastDirSyncTime | string | |
action_result.data.\*.legalAgeGroupClassification | string | |
action_result.data.\*.mail | string | `email` |
action_result.data.\*.mailNickname | string | | test
action_result.data.\*.mobile | string | |
action_result.data.\*.mobilePhone | string | |
action_result.data.\*.objectId | string | | 59f51194-1998-4932-a8ac-468e59374edc
action_result.data.\*.objectType | string | | User
action_result.data.\*.odata.metadata | string | | https://graph.windows.net/1t309est-db6c-4tes-t1d2-12bf3456d78d/$metadata#directoryObjects/@Element
action_result.data.\*.odata.type | string | | test.DirectoryServices.User
action_result.data.\*.officeLocation | string | |
action_result.data.\*.onPremisesDistinguishedName | string | |
action_result.data.\*.onPremisesSecurityIdentifier | string | |
action_result.data.\*.otherMails | string | `email` | user@test.com
action_result.data.\*.passwordPolicies | string | |
action_result.data.\*.passwordProfile | string | |
action_result.data.\*.passwordProfile.enforceChangePasswordPolicy | boolean | | True False
action_result.data.\*.passwordProfile.forceChangePasswordNextLogin | boolean | | True False
action_result.data.\*.passwordProfile.password | string | |
action_result.data.\*.physicalDeliveryOfficeName | string | |
action_result.data.\*.postalCode | string | |
action_result.data.\*.preferredLanguage | string | |
action_result.data.\*.provisionedPlans.\*.capabilityStatus | string | | Enabled
action_result.data.\*.provisionedPlans.\*.provisioningStatus | string | | Success
action_result.data.\*.provisionedPlans.\*.service | string | | exchange
action_result.data.\*.proxyAddresses | string | | SMTP:test_shared_mailbox@test.com
action_result.data.\*.refreshTokensValidFromDateTime | string | | 2019-05-16T19:54:18Z
action_result.data.\*.showInAddressList | string | |
action_result.data.\*.sipProxyAddress | string | `email` |
action_result.data.\*.state | string | |
action_result.data.\*.streetAddress | string | |
action_result.data.\*.surname | string | |
action_result.data.\*.telephoneNumber | string | |
action_result.data.\*.thumbnailPhoto@odata.mediaEditLink | string | | directoryObjects/59f12345-1998-4932-a8ac-468e59374edc/test.DirectoryServices.User/thumbnailPhoto
action_result.data.\*.usageLocation | string | | US
action_result.data.\*.userPrincipalName | string | `user id` | user@test.com
action_result.data.\*.userState | string | |
action_result.data.\*.userStateChangedOn | string | |
action_result.data.\*.userType | string | | Member
action_result.summary.status | string | | Successfully retrieved user attributes Successfully retrieved attributes for user user@test.com
action_result.message | string | | Status: Successfully retrieved user attributes Status: Successfully retrieved attributes for user user@test.com, User enabled: False
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
## action: 'set user attribute'
Set an attribute for a user
Type: **generic**
Read only: **False**
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**user_id** | required | User ID - can be user principal name or object ID | string | `user id`
**attribute** | required | Attribute to set | string |
**attribute_value** | required | Value of attribute to set | string |
#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.attribute | string | | department
action_result.parameter.attribute_value | string | | Sales
action_result.parameter.user_id | string | `user id` | user@test.com
action_result.data | string | |
action_result.data.\*.classification | string | |
action_result.data.\*.createdDateTime | string | | 2021-03-25T18:40:53Z
action_result.data.\*.deletedDateTime | string | |
action_result.data.\*.deletionTimestamp | string | |
action_result.data.\*.description | string | | This is for testing purpose
action_result.data.\*.dirSyncEnabled | string | |
action_result.data.\*.displayName | string | | Test-site
action_result.data.\*.expirationDateTime | string | |
action_result.data.\*.id | string | `user id` | 2a201c95-101b-42d9-a7af-9a2fdf8193f1
action_result.data.\*.isAssignableToRole | string | |
action_result.data.\*.lastDirSyncTime | string | |
action_result.data.\*.mail | string | `email` | Test-site@test.com
action_result.data.\*.mailEnabled | boolean | | True False
action_result.data.\*.mailNickname | string | | Test-site
action_result.data.\*.membershipRule | string | |
action_result.data.\*.membershipRuleProcessingState | string | |
action_result.data.\*.objectType | string | | Group
action_result.data.\*.odata.type | string | | test.DirectoryServices.Group
action_result.data.\*.onPremisesDomainName | string | `domain` |
action_result.data.\*.onPremisesLastSyncDateTime | string | |
action_result.data.\*.onPremisesNetBiosName | string | |
action_result.data.\*.onPremisesSamAccountName | string | |
action_result.data.\*.onPremisesSecurityIdentifier | string | |
action_result.data.\*.onPremisesSyncEnabled | string | |
action_result.data.\*.preferredDataLocation | string | |
action_result.data.\*.preferredLanguage | string | |
action_result.data.\*.proxyAddresses | string | | SMTP:test-h@test.com
action_result.data.\*.renewedDateTime | string | | 2021-03-25T18:40:53Z
action_result.data.\*.securityEnabled | boolean | | True False
action_result.data.\*.securityIdentifier | string | | S-1-12-1-294681889-1319597617-672379543-28952017
action_result.data.\*.theme | string | |
action_result.data.\*.visibility | string | | Private
action_result.summary.status | string | | Successfully enabled user user@test.com
action_result.message | string | | Status: Successfully enabled user user@test.com
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
## action: 'remove user'
Remove a user from a specified group
Type: **generic**
Read only: **False**
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**group_object_id** | required | Object ID of group | string | `group object id`
**user_id** | required | User ID to remove from group | string | `user id`
#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.group_object_id | string | `group object id` | ddb876b3-603a-437b-9814-2d46a2219a1e
action_result.parameter.user_id | string | `user id` | 17be76d0-35ed-4881-ab62-d2eb73c2ebe3
action_result.data | string | |
action_result.summary.status | string | | Successfully removed user from group User not in group
action_result.message | string | | Status: Successfully removed user from group Status: User not in group
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
## action: 'add user'
Add a user to a specified group
Type: **generic**
Read only: **False**
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**group_object_id** | required | Object ID of group | string | `group object id`
**user_id** | required | User ID to add to group | string | `user id`
#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.group_object_id | string | `group object id` | ddb876b3-603a-437b-9814-2d46a2219a1e
action_result.parameter.user_id | string | `user id` | 17be76d0-35ed-4881-ab62-d2eb73c2ebe3
action_result.data | string | |
action_result.summary.status | string | | Successfully added user to group User already in group
action_result.message | string | | Status: Successfully added user to group Status: User already in group
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
## action: 'list groups'
List groups in the organization
Type: **investigate**
Read only: **True**
By default, only a limited set of properties are returned, to return an alternative property set use $select query parameter. For more information on using the select_string and expand_string parameters, refer to https://docs.microsoft.com/en-us/graph/query-parameters.
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**filter_string** | optional | Filter string to apply to group listing | string |
**select_string** | optional | Select string to get additional group properties. Separate multiple values with commas | string |
**expand_string** | optional | Expand string to get a resource or collection referenced by a single relationship | string |
**use_advanced_query** | optional | Use advanced query capabilities | boolean |
#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.expand_string | string | | members
action_result.parameter.filter_string | string | | createdDateTime ge '2014-01-01T00:00:00Z'
action_result.parameter.select_string | string | | displayName
action_result.parameter.use_advanced_query | boolean | | True False
action_result.data.\*.classification | string | |
action_result.data.\*.createdDateTime | string | | 2021-03-25T18:40:53Z
action_result.data.\*.deletedDateTime | string | |
action_result.data.\*.deletionTimestamp | string | |
action_result.data.\*.description | string | | This is for testing purpose
action_result.data.\*.dirSyncEnabled | string | |
action_result.data.\*.displayName | string | | Test-site
action_result.data.\*.expirationDateTime | string | |
action_result.data.\*.id | string | `group object id` | 2a201c95-101b-42d9-a7af-9a2fdf8193f1
action_result.data.\*.isAssignableToRole | string | |
action_result.data.\*.lastDirSyncTime | string | |
action_result.data.\*.mail | string | `email` | Test-site@test.com
action_result.data.\*.mailEnabled | boolean | | True False
action_result.data.\*.mailNickname | string | | Test-site
action_result.data.\*.membershipRule | string | |
action_result.data.\*.membershipRuleProcessingState | string | |
action_result.data.\*.objectType | string | | Group
action_result.data.\*.odata.type | string | | test.DirectoryServices.Group
action_result.data.\*.onPremisesDomainName | string | `domain` |
action_result.data.\*.onPremisesLastSyncDateTime | string | |
action_result.data.\*.onPremisesNetBiosName | string | |
action_result.data.\*.onPremisesSamAccountName | string | |
action_result.data.\*.onPremisesSecurityIdentifier | string | |
action_result.data.\*.onPremisesSyncEnabled | string | |
action_result.data.\*.preferredDataLocation | string | |
action_result.data.\*.preferredLanguage | string | |
action_result.data.\*.proxyAddresses | string | | SMTP:test-h@test.com
action_result.data.\*.renewedDateTime | string | | 2021-03-25T18:40:53Z
action_result.data.\*.securityEnabled | boolean | | True False
action_result.data.\*.securityIdentifier | string | | S-1-12-1-294681889-1319597617-672379543-28952017
action_result.data.\*.theme | string | |
action_result.data.\*.visibility | string | | Private
action_result.summary.num_groups | numeric | | 7
action_result.message | string | | Num groups: 7
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
## action: 'get group'
Get information about a group
Type: **investigate**
Read only: **True**
By default, only a limited set of properties are returned, to return an alternative property set use $select query parameter. For more information on using the select_string and expand_string parameters, refer to https://docs.microsoft.com/en-us/graph/query-parameters.
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**object_id** | required | Object ID of group | string | `group object id`
**select_string** | optional | Select string to get additional group properties. Separate multiple values with commas | string |
**expand_string** | optional | Expand string to get a resource or collection referenced by a single relationship | string |
**use_advanced_query** | optional | Use advanced query capabilities | boolean |
#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.expand_string | string | | members
action_result.parameter.object_id | string | `group object id` | ddb876b3-603a-437b-9814-2d46a2219a1e
action_result.parameter.select_string | string | | displayName
action_result.parameter.use_advanced_query | boolean | | True False
action_result.data.\*.@odata.context | string | | https://graph.test.com/v1.0/$metadata#groups(id,displayName)/$entity
action_result.data.\*.classification | string | |
action_result.data.\*.createdDateTime | string | | 2020-08-05T11:59:49Z
action_result.data.\*.deletedDateTime | string | |
action_result.data.\*.deletionTimestamp | string | |
action_result.data.\*.description | string | | This is the office 365 group
action_result.data.\*.dirSyncEnabled | string | |
action_result.data.\*.displayName | string | | o365group
action_result.data.\*.expirationDateTime | string | |
action_result.data.\*.id | string | `group object id` | ddb876b3-603a-437b-9814-2d46a2219a1e
action_result.data.\*.isAssignableToRole | string | |
action_result.data.\*.lastDirSyncTime | string | |
action_result.data.\*.mail | string | `email` | bc7f9cabe@test.com
action_result.data.\*.mailEnabled | boolean | | True False
action_result.data.\*.mailNickname | string | | bc7f9cabe
action_result.data.\*.membershipRule | string | |
action_result.data.\*.membershipRuleProcessingState | string | |
action_result.data.\*.objectType | string | | Group
action_result.data.\*.odata.metadata | string | | https://graph.windows.net/1t309est-db6c-4tes-t1d2-12bf3456d78d/$metadata#directoryObjects/@Element
action_result.data.\*.odata.type | string | | test.DirectoryServices.Group
action_result.data.\*.onPremisesDomainName | string | `domain` |
action_result.data.\*.onPremisesLastSyncDateTime | string | |
action_result.data.\*.onPremisesNetBiosName | string | |
action_result.data.\*.onPremisesSamAccountName | string | |
action_result.data.\*.onPremisesSecurityIdentifier | string | |
action_result.data.\*.onPremisesSyncEnabled | string | |
action_result.data.\*.preferredDataLocation | string | |
action_result.data.\*.preferredLanguage | string | |
action_result.data.\*.proxyAddresses | string | | SMTP:bc7f9cabe@test.com
action_result.data.\*.renewedDateTime | string | | 2020-08-05T11:59:49Z
action_result.data.\*.securityEnabled | boolean | | True False
action_result.data.\*.securityIdentifier | string | | S-1-12-1-909260723-1083662375-1952945031-2402852259
action_result.data.\*.theme | string | |
action_result.data.\*.visibility | string | |
action_result.summary.display_name | string | | o365group
action_result.summary.status | string | | Successfully retrieved group 104d4576-1544-48b5-bb7e-9f8f871aa824
action_result.message | string | | Display name: o365group
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
## action: 'list group members'
List the members in a group
Type: **investigate**
Read only: **True**
By default, only a limited set of properties are returned, to return an alternative property set use $select query parameter. For more information on using the select_string and expand_string parameters, refer to https://docs.microsoft.com/en-us/graph/query-parameters.
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**group_object_id** | required | Object ID of group | string | `group object id`
**select_string** | optional | Select string to get additional properties. Separate multiple values with commas | string |
**expand_string** | optional | Expand string to get a resource or collection referenced by a single relationship | string |
**use_advanced_query** | optional | Use advanced query capabilities | boolean |
#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.expand_string | string | | manager
action_result.parameter.group_object_id | string | `group object id` | ebcd3130-55a1-4cbf-81b2-86408ff21203
action_result.parameter.select_string | string | | displayName
action_result.parameter.use_advanced_query | boolean | | True False
action_result.data.\*.@odata.type | string | | #test.graph.user
action_result.data.\*.accountEnabled | boolean | | True
action_result.data.\*.ageGroup | string | |
action_result.data.\*.assignedLicenses.\*.skuId | string | | 189a915c-fe4f-4ffa-bde4-85b9628d07a0
action_result.data.\*.assignedPlans.\*.assignedDateTime | string | | 2022-11-03T15:12:28Z
action_result.data.\*.assignedPlans.\*.capabilityStatus | string | | Deleted
action_result.data.\*.assignedPlans.\*.service | string | | AADPremiumService
action_result.data.\*.assignedPlans.\*.servicePlanId | string | | eec0eb4f-6444-4f95-aba0-50c24d67f998
action_result.data.\*.city | string | | Palo Alto
action_result.data.\*.companyName | string | |
action_result.data.\*.consentProvidedForMinor | string | |
action_result.data.\*.country | string | | US
action_result.data.\*.createdDateTime | string | | 2016-06-09T18:33:27Z
action_result.data.\*.creationType | string | |
action_result.data.\*.deletedDateTime | string | |
action_result.data.\*.department | string | |
action_result.data.\*.displayName | string | | Firstname Lastname
action_result.data.\*.employeeHireDate | string | |
action_result.data.\*.employeeId | string | |
action_result.data.\*.employeeOrgData | string | |
action_result.data.\*.employeeType | string | |
action_result.data.\*.externalUserState | string | |
action_result.data.\*.externalUserStateChangeDateTime | string | |
action_result.data.\*.faxNumber | string | |
action_result.data.\*.givenName | string | |
action_result.data.\*.id | string | `user id` | 17be76d0-35ed-4881-ab62-d2eb73c2ebe3
action_result.data.\*.identities.\*.issuer | string | | test.com
action_result.data.\*.identities.\*.issuerAssignedId | string | | test@user.test.com
action_result.data.\*.identities.\*.signInType | string | | userPrincipalName
action_result.data.\*.isResourceAccount | string | |
action_result.data.\*.jobTitle | string | |
action_result.data.\*.legalAgeGroupClassification | string | |
action_result.data.\*.mail | string | |
action_result.data.\*.mailNickname | string | | User
action_result.data.\*.mobilePhone | string | |
action_result.data.\*.officeLocation | string | |
action_result.data.\*.onPremisesDistinguishedName | string | |
action_result.data.\*.onPremisesDomainName | string | |
action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute1 | string | |
action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute10 | string | |
action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute11 | string | |
action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute12 | string | |
action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute13 | string | |
action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute14 | string | |
action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute15 | string | |
action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute2 | string | |
action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute3 | string | |
action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute4 | string | |
action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute5 | string | |
action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute6 | string | |
action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute7 | string | |
action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute8 | string | |
action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute9 | string | |
action_result.data.\*.onPremisesImmutableId | string | |
action_result.data.\*.onPremisesLastSyncDateTime | string | |
action_result.data.\*.onPremisesSamAccountName | string | |
action_result.data.\*.onPremisesSecurityIdentifier | string | |
action_result.data.\*.onPremisesSyncEnabled | string | |
action_result.data.\*.onPremisesUserPrincipalName | string | |
action_result.data.\*.passwordPolicies | string | |
action_result.data.\*.passwordProfile | string | |
action_result.data.\*.postalCode | string | | 94303
action_result.data.\*.preferredDataLocation | string | |
action_result.data.\*.preferredLanguage | string | |
action_result.data.\*.provisionedPlans.\*.capabilityStatus | string | | Enabled
action_result.data.\*.provisionedPlans.\*.provisioningStatus | string | | Success
action_result.data.\*.provisionedPlans.\*.service | string | | testCommunicationsOnline
action_result.data.\*.refreshTokensValidFromDateTime | string | | 2022-08-08T13:00:58Z
action_result.data.\*.showInAddressList | string | |
action_result.data.\*.signInSessionsValidFromDateTime | string | | 2022-08-08T13:00:58Z
action_result.data.\*.state | string | | CA
action_result.data.\*.streetAddress | string | | 2479 E. Bayshore Rd.
action_result.data.\*.surname | string | |
action_result.data.\*.usageLocation | string | | US
action_result.data.\*.userPrincipalName | string | | ews_retest@test.com
action_result.data.\*.userType | string | | Member
action_result.summary.num_members | numeric | `user id` | 3
action_result.summary.num_users | numeric | | 3
action_result.message | string | | Num members: 3
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
## action: 'validate group'
Returns true if a user is in a group; otherwise, false
Type: **investigate**
Read only: **True**
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**group_object_id** | required | Object ID of group | string | `group object id`
**user_id** | required | User ID to validate | string | `user id`
#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.group_object_id | string | `group object id` | ebcd3130-55a1-4cbf-81b2-86408ff21203
action_result.parameter.user_id | string | `user id` | user@test.com
action_result.data.\*.@odata.context | string | | https://graph.test.com/v1.0/$metadata#directoryObjects
action_result.data.\*.user_in_group | string | |
action_result.data.\*.value.\*.@odata.type | string | | #test.graph.group
action_result.data.\*.value.\*.classification | string | |
action_result.data.\*.value.\*.createdDateTime | string | | 2022-02-25T12:05:22Z
action_result.data.\*.value.\*.deletedDateTime | string | |
action_result.data.\*.value.\*.description | string | | Test group for MSGraph
action_result.data.\*.value.\*.displayName | string | | Test group for MSGraph
action_result.data.\*.value.\*.expirationDateTime | string | |
action_result.data.\*.value.\*.id | string | `user id` | 49233413-24c6-4516-a9e1-4d5f87fe34fd
action_result.data.\*.value.\*.isAssignableToRole | string | |
action_result.data.\*.value.\*.mail | string | | test@user.test.com
action_result.data.\*.value.\*.mailEnabled | boolean | | True
action_result.data.\*.value.\*.mailNickname | string | | TestgroupforMSGraph
action_result.data.\*.value.\*.membershipRule | string | |
action_result.data.\*.value.\*.membershipRuleProcessingState | string | |
action_result.data.\*.value.\*.onPremisesDomainName | string | |
action_result.data.\*.value.\*.onPremisesLastSyncDateTime | string | |
action_result.data.\*.value.\*.onPremisesNetBiosName | string | |
action_result.data.\*.value.\*.onPremisesSamAccountName | string | |
action_result.data.\*.value.\*.onPremisesSecurityIdentifier | string | |
action_result.data.\*.value.\*.onPremisesSyncEnabled | string | |
action_result.data.\*.value.\*.preferredDataLocation | string | |
action_result.data.\*.value.\*.preferredLanguage | string | |
action_result.data.\*.value.\*.renewedDateTime | string | | 2022-02-25T12:05:22Z
action_result.data.\*.value.\*.securityEnabled | boolean | | True
action_result.data.\*.value.\*.securityIdentifier | string | | S-1-12-1-1227043859-1159079110-1598939561-4248108679
action_result.data.\*.value.\*.theme | string | |
action_result.data.\*.value.\*.visibility | string | | Private
action_result.summary.message | string | | User is member of group
action_result.summary.user_in_group | string | |
action_result.message | string | | User in group: True
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
## action: 'list directory roles'
List the directory roles that are activated in the tenant
Type: **investigate**
Read only: **True**
<p>Pagination is not implemented for this action as this endpoint does not support pagination. Here is the <b><a href='https://docs.microsoft.com/en-us/graph/paging' target='_blank'>Documentation</a></b> for the same.</p>
#### Action Parameters
No parameters are required for this action
#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.data.\*.deletedDateTime | string | |
action_result.data.\*.deletionTimestamp | string | |
action_result.data.\*.description | string | | Can read basic directory information. For granting access to applications, not intended for users.
action_result.data.\*.displayName | string | | Directory Readers
action_result.data.\*.id | string | `directory object id` | 02b238cb-0d15-454b-aae6-0e94993a3207
action_result.data.\*.isSystem | boolean | | True False
action_result.data.\*.objectType | string | | Role
action_result.data.\*.odata.type | string | | test.DirectoryServices.DirectoryRole
action_result.data.\*.roleTemplateId | string | `role template id` | 88d8e3e3-8f55-4a1e-953a-9b9898b8876b
action_result.summary.num_directory_roles | numeric | | 9
action_result.message | string | | Num directory roles: 9
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
## action: 'generate token'
Generate a token
Type: **generic**
Read only: **False**
#### Action Parameters
No parameters are required for this action
#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.data | string | |
action_result.summary | string | |
action_result.message | string | | Token generated
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1

14
deployment-apps/msadgraph/__init__.py
Unescape View File

@ -0,0 +1,14 @@
# File: __init__.py
#
# Copyright (c) 2022-2023 Splunk Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under
# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
# either express or implied. See the License for the specific language governing permissions
# and limitations under the License.

1
deployment-apps/msadgraph/logo_msadgraph.svg
Unescape View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 609 130" width="609px" height="130px" enable-background="new 0 0 609 130"><title>Microsoft Logo</title><g><g fill="#737373"><path d="M213.2 74.3l-3.6 10.2h-.3c-.6-2.3-1.7-5.8-3.5-10l-19.3-48.5h-18.9v77.3h12.5v-47.7c0-3 0-6.4-.1-10.6-.1-2.1-.3-3.7-.4-4.9h.3c.6 3 1.3 5.2 1.8 6.6l23.2 56.4h8.8l23-56.9c.5-1.3 1-3.9 1.5-6.1h.3c-.3 5.7-.5 10.8-.6 13.9v49h13.3v-77.2h-18.2l-19.8 48.5zM263.8 47.6h13v55.4h-13zM270.4 24.2c-2.2 0-4 .8-5.5 2.2-1.5 1.4-2.3 3.2-2.3 5.4 0 2.1.8 3.9 2.3 5.3 1.5 1.4 3.3 2.1 5.5 2.1s4.1-.8 5.5-2.1c1.5-1.4 2.3-3.2 2.3-5.3s-.8-3.9-2.3-5.4c-1.3-1.4-3.2-2.2-5.5-2.2M322.9 47.1c-2.4-.5-4.9-.8-7.3-.8-5.9 0-11.3 1.3-15.8 3.9-4.5 2.6-8.1 6.2-10.4 10.7-2.4 4.6-3.6 9.9-3.6 16 0 5.3 1.2 10 3.5 14.3 2.3 4.2 5.5 7.6 9.8 9.9 4.1 2.3 8.9 3.5 14.3 3.5 6.2 0 11.5-1.3 15.7-3.7l.1-.1v-12l-.5.4c-1.9 1.4-4.1 2.6-6.3 3.3-2.3.8-4.4 1.2-6.2 1.2-5.2 0-9.3-1.5-12.2-4.8-3-3.2-4.5-7.6-4.5-13.1 0-5.7 1.5-10.2 4.6-13.5 3.1-3.3 7.2-5 12.2-5 4.2 0 8.5 1.4 12.4 4.2l.5.4v-12.7l-.1-.1c-1.7-.7-3.6-1.5-6.2-2M365.8 46.7c-3.2 0-6.2 1-8.8 3.1-2.2 1.8-3.7 4.4-5 7.5h-.1v-9.7h-13v55.4h13v-28.3c0-4.8 1-8.8 3.2-11.7 2.2-3 5-4.5 8.4-4.5 1.2 0 2.4.3 3.9.5 1.4.4 2.4.8 3.1 1.3l.5.4v-13l-.3-.1c-.9-.6-2.7-.9-4.9-.9M401.2 46.4c-9.1 0-16.4 2.7-21.5 8-5.2 5.3-7.7 12.6-7.7 21.8 0 8.6 2.6 15.6 7.6 20.7 5 5 11.8 7.6 20.3 7.6 8.9 0 16-2.7 21.1-8.1 5.2-5.4 7.7-12.6 7.7-21.5 0-8.8-2.4-15.8-7.3-20.9-4.7-5.1-11.6-7.6-20.2-7.6m10.4 42.6c-2.4 3.1-6.2 4.6-10.9 4.6s-8.5-1.5-11.2-4.8c-2.7-3.1-4-7.6-4-13.3 0-5.9 1.4-10.4 4-13.6 2.7-3.2 6.4-4.8 11.1-4.8 4.6 0 8.2 1.5 10.8 4.6 2.6 3.1 4 7.6 4 13.5-.2 6-1.3 10.7-3.8 13.8M457.7 70.6c-4.1-1.7-6.7-3-7.9-4.1-1-1-1.5-2.4-1.5-4.2 0-1.5.6-3 2.1-4s3.2-1.5 5.7-1.5c2.2 0 4.5.4 6.7 1s4.2 1.5 5.8 2.7l.5.4v-12.2l-.3-.1c-1.5-.6-3.5-1.2-5.9-1.7-2.4-.4-4.6-.6-6.4-.6-6.2 0-11.3 1.5-15.3 4.8-4 3.1-5.9 7.3-5.9 12.2 0 2.6.4 4.9 1.3 6.8.9 1.9 2.2 3.7 4 5.2 1.8 1.4 4.4 3 8 4.5 3 1.3 5.3 2.3 6.7 3.1 1.4.8 2.3 1.7 3 2.4.5.8.8 1.8.8 3.1 0 3.7-2.8 5.5-8.5 5.5-2.2 0-4.5-.4-7.2-1.3s-5.2-2.2-7.3-3.7l-.5-.4v12.7l.3.1c1.9.9 4.2 1.5 7 2.2 2.8.5 5.3.9 7.5.9 6.7 0 12.2-1.5 16.1-4.8 4-3.2 6.1-7.3 6.1-12.6 0-3.7-1-7-3.2-9.5-2.9-2.4-6.5-4.9-11.7-6.9M506.9 46.4c-9.1 0-16.4 2.7-21.5 8s-7.7 12.6-7.7 21.8c0 8.6 2.6 15.6 7.6 20.7 5 5 11.8 7.6 20.3 7.6 8.9 0 16-2.7 21.1-8.1 5.2-5.4 7.7-12.6 7.7-21.5 0-8.8-2.4-15.8-7.3-20.9-4.7-5.1-11.6-7.6-20.2-7.6m10.3 42.6c-2.4 3.1-6.2 4.6-10.9 4.6-4.8 0-8.5-1.5-11.2-4.8-2.7-3.1-4-7.6-4-13.3 0-5.9 1.4-10.4 4-13.6 2.7-3.2 6.4-4.8 11.1-4.8 4.5 0 8.2 1.5 10.8 4.6 2.6 3.1 4 7.6 4 13.5 0 6-1.3 10.7-3.8 13.8"/><path d="M603.9 58.3v-10.7h-13.1v-16.4l-.4.1-12.4 3.7-.3.1v12.5h-19.6v-7c0-3.2.8-5.7 2.2-7.3s3.5-2.4 6.1-2.4c1.8 0 3.7.4 5.8 1.3l.5.3v-11.3l-.3-.1c-1.8-.6-4.2-1-7.3-1-3.9 0-7.3.9-10.4 2.4-3.1 1.7-5.4 4-7.1 7.1-1.7 3-2.6 6.4-2.6 10.3v7.7h-9.1v10.6h9.1v44.8h13.1v-44.7h19.6v28.5c0 11.7 5.5 17.6 16.5 17.6 1.8 0 3.7-.3 5.5-.6 1.9-.4 3.3-.9 4.1-1.3l.1-.1v-10.7l-.5.4c-.8.5-1.5.9-2.7 1.2-1 .3-1.9.4-2.6.4-2.6 0-4.4-.6-5.7-2.1-1.2-1.4-1.8-3.7-1.8-7.1v-26.2h13.3z"/></g><path fill="#F25022" d="M0 0h61.3v61.3h-61.3z"/><path fill="#7FBA00" d="M67.7 0h61.3v61.3h-61.3z"/><path fill="#00A4EF" d="M0 67.7h61.3v61.3h-61.3z"/><path fill="#FFB900" d="M67.7 67.7h61.3v61.3h-61.3z"/></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 3.2 KiB

1
deployment-apps/msadgraph/logo_msadgraph_dark.svg
Unescape View File

@ -0,0 +1 @@
<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 609 130" width="609px" height="130px"><defs><style>.cls-1{fill:#fff;}</style></defs><title>Artboard 1</title><path class="cls-1" d="M213.2,74.3l-3.6,10.2h-.3a72.42,72.42,0,0,0-3.5-10L186.5,26H167.6v77.3h12.5V55.6c0-3,0-6.4-.1-10.6-.1-2.1-.3-3.7-.4-4.9h.3a46.71,46.71,0,0,0,1.8,6.6l23.2,56.4h8.8l23-56.9a60.58,60.58,0,0,0,1.5-6.1h.3c-.3,5.7-.5,10.8-.6,13.9v49h13.3V25.8H233Zm50.6-26.7h13V103h-13Zm6.6-23.4a7.79,7.79,0,0,0-5.5,2.2,7.37,7.37,0,0,0,0,10.7,7.71,7.71,0,0,0,5.5,2.1,8,8,0,0,0,5.5-2.1,7,7,0,0,0,2.3-5.3,7.41,7.41,0,0,0-2.3-5.4,7.29,7.29,0,0,0-5.5-2.2m52.5,22.9a36.26,36.26,0,0,0-7.3-.8,31.37,31.37,0,0,0-15.8,3.9,26.12,26.12,0,0,0-10.4,10.7,34,34,0,0,0-3.6,16,29.68,29.68,0,0,0,3.5,14.3,24,24,0,0,0,9.8,9.9,28.85,28.85,0,0,0,14.3,3.5,31.43,31.43,0,0,0,15.7-3.7l.1-.1v-12l-.5.4a22.35,22.35,0,0,1-6.3,3.3,19.27,19.27,0,0,1-6.2,1.2c-5.2,0-9.3-1.5-12.2-4.8s-4.5-7.6-4.5-13.1c0-5.7,1.5-10.2,4.6-13.5a16.05,16.05,0,0,1,12.2-5,21.28,21.28,0,0,1,12.4,4.2l.5.4V49.2l-.1-.1a30.15,30.15,0,0,0-6.2-2m42.9-.4a13.72,13.72,0,0,0-8.8,3.1c-2.2,1.8-3.7,4.4-5,7.5h-.1V47.6h-13V103h13V74.7c0-4.8,1-8.8,3.2-11.7a10,10,0,0,1,8.4-4.5,32.07,32.07,0,0,1,3.9.5,10.26,10.26,0,0,1,3.1,1.3l.5.4v-13l-.3-.1a9.88,9.88,0,0,0-4.9-.9m35.4-.3c-9.1,0-16.4,2.7-21.5,8S372,67,372,76.2c0,8.6,2.6,15.6,7.6,20.7s11.8,7.6,20.3,7.6c8.9,0,16-2.7,21.1-8.1s7.7-12.6,7.7-21.5-2.4-15.8-7.3-20.9c-4.7-5.1-11.6-7.6-20.2-7.6M411.6,89c-2.4,3.1-6.2,4.6-10.9,4.6s-8.5-1.5-11.2-4.8c-2.7-3.1-4-7.6-4-13.3,0-5.9,1.4-10.4,4-13.6s6.4-4.8,11.1-4.8,8.2,1.5,10.8,4.6,4,7.6,4,13.5c-.2,6-1.3,10.7-3.8,13.8m46.1-18.4c-4.1-1.7-6.7-3-7.9-4.1a5.68,5.68,0,0,1-1.5-4.2,4.65,4.65,0,0,1,2.1-4,9.63,9.63,0,0,1,5.7-1.5,25.89,25.89,0,0,1,6.7,1,17.24,17.24,0,0,1,5.8,2.7l.5.4V48.7l-.3-.1a36.08,36.08,0,0,0-5.9-1.7,40.09,40.09,0,0,0-6.4-.6c-6.2,0-11.3,1.5-15.3,4.8a14.78,14.78,0,0,0-5.9,12.2,15.88,15.88,0,0,0,1.3,6.8,15.16,15.16,0,0,0,4,5.2,34.85,34.85,0,0,0,8,4.5c3,1.3,5.3,2.3,6.7,3.1a13.57,13.57,0,0,1,3,2.4,5.69,5.69,0,0,1,.8,3.1c0,3.7-2.8,5.5-8.5,5.5a22.44,22.44,0,0,1-7.2-1.3,27.82,27.82,0,0,1-7.3-3.7l-.5-.4v12.7l.3.1a38.79,38.79,0,0,0,7,2.2,44.65,44.65,0,0,0,7.5.9c6.7,0,12.2-1.5,16.1-4.8A15.31,15.31,0,0,0,472.6,87a14,14,0,0,0-3.2-9.5,40.55,40.55,0,0,0-11.7-6.9m49.2-24.2c-9.1,0-16.4,2.7-21.5,8s-7.7,12.6-7.7,21.8c0,8.6,2.6,15.6,7.6,20.7s11.8,7.6,20.3,7.6c8.9,0,16-2.7,21.1-8.1s7.7-12.6,7.7-21.5S532,59.1,527.1,54c-4.7-5.1-11.6-7.6-20.2-7.6M517.2,89c-2.4,3.1-6.2,4.6-10.9,4.6s-8.5-1.5-11.2-4.8c-2.7-3.1-4-7.6-4-13.3,0-5.9,1.4-10.4,4-13.6s6.4-4.8,11.1-4.8c4.5,0,8.2,1.5,10.8,4.6s4,7.6,4,13.5-1.3,10.7-3.8,13.8"/><path class="cls-1" d="M603.9,58.3V47.6H590.8V31.2l-.4.1L578,35l-.3.1V47.6H558.1v-7c0-3.2.8-5.7,2.2-7.3a7.76,7.76,0,0,1,6.1-2.4,14.59,14.59,0,0,1,5.8,1.3l.5.3V21.2l-.3-.1a25,25,0,0,0-17.7,1.4,17.34,17.34,0,0,0-7.1,7.1A20.46,20.46,0,0,0,545,39.9v7.7h-9.1V58.2H545V103h13.1V58.3h19.6V86.8c0,11.7,5.5,17.6,16.5,17.6a34.27,34.27,0,0,0,5.5-.6,18,18,0,0,0,4.1-1.3l.1-.1V91.7l-.5.4a8.45,8.45,0,0,1-2.7,1.2,9.15,9.15,0,0,1-2.6.4c-2.6,0-4.4-.6-5.7-2.1s-1.8-3.7-1.8-7.1V58.3h13.3Z"/><path class="cls-1" d="M0,0H61.3V61.3H0Z"/><path class="cls-1" d="M67.7,0H129V61.3H67.7Z"/><path class="cls-1" d="M0,67.7H61.3V129H0Z"/><path class="cls-1" d="M67.7,67.7H129V129H67.7Z"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 3.2 KiB

3871
deployment-apps/msadgraph/msadgraph.json
View File

File diff suppressed because it is too large Load Diff

1540
deployment-apps/msadgraph/msadgraph_connector.py
View File

File diff suppressed because it is too large Load Diff

94
deployment-apps/msadgraph/msadgraph_consts.py
Unescape View File

@ -0,0 +1,94 @@
# File: msadgraph_consts.py
#
# Copyright (c) 2022-2023 Splunk Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under
# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
# either express or implied. See the License for the specific language governing permissions
# and limitations under the License.
PHANTOM_SYS_INFO_URL = "{base_url}rest/system_info"
PHANTOM_ASSET_INFO_URL = "{base_url}rest/asset/{asset_id}"
MSADGRAPH_API_URLS = {
"Global": "https://graph.microsoft.com/v1.0",
"US Gov L4": "https://graph.microsoft.us",
"US Gov L5 (DOD)": "https://dod-graph.microsoft.us",
"Germany": "https://graph.microsoft.de",
"China (21Vianet)": "https://microsoftgraph.chinacloudapi.cn"
}
MSADGRAPH_API_REGION = {
"Global": "graph.microsoft.com/v1.0",
"US Gov L4": "graph.microsoft.us",
"US Gov L5 (DOD)": "dod-graph.microsoft.us",
"Germany": "graph.microsoft.de",
"China (21Vianet)": "microsoftgraph.chinacloudapi.cn"
}
MS_AZURE_CONFIG_TENANT = 'tenant_id'
MS_AZURE_CONFIG_SUBSCRIPTION = 'subscription_id'
MS_AZURE_CONFIG_CLIENT_ID = 'client_id'
MS_AZURE_CONFIG_CLIENT_SECRET = 'client_secret' # pragma: allowlist secret
MS_AZURE_CONFIG_ADMIN_ACCESS_REQUIRED = 'admin_access_required'
MS_AZURE_CONFIG_ADMIN_ACCESS_GRANTED = 'admin_access_granted'
MS_AZURE_URL = "region"
MS_AZURE_CONFIG_ADMIN_ACCESS = 'admin_access'
MS_AZURE_TOKEN_STRING = 'token'
MS_AZURE_ACCESS_TOKEN_STRING = 'access_token'
MS_AZURE_REFRESH_TOKEN_STRING = 'refresh_token'
MS_AZURE_PHANTOM_BASE_URL = '{phantom_base_url}rest'
MS_AZURE_PHANTOM_SYS_INFO_URL = '/system_info'
MS_AZURE_PHANTOM_ASSET_INFO_URL = '/asset/{asset_id}'
MS_AZURE_BASE_URL_NOT_FOUND_MESSAGE = 'SOAR Base URL not found in System Settings. ' \
'Please specify this value in System Settings.'
MS_AZURE_HTML_ERROR = 'Bad Request Bad Request - Invalid URL HTTP Error 400. The request URL is invalid.'
MS_AZURE_NEXT_LINK_STRING = 'odata.nextLink'
MS_AZURE_PAGE_SIZE = 999
MS_AZURE_ERROR_MESSAGE_UNKNOWN = "Unknown error occurred. Please check the asset configuration and|or action parameters."
# status codes
MS_AZURE_BAD_REQUEST_CODE = 400
MS_AZURE_NOT_FOUND_CODE = 404
# For authorization code
SERVER_TOKEN_URL = "https://login.microsoftonline.com/{0}/oauth2/v2.0/token"
MS_AZURE_ADMIN_CONSENT_URL = "https://login.microsoftonline.com/{tenant_id}/adminconsent"
MS_AZURE_AUTHORIZE_URL = "https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize"
AUTH_FAILURE_MESSAGES = (
"token is invalid",
"token has expired",
"ExpiredAuthenticationToken",
"AuthenticationFailed",
"TokenExpired",
"InvalidAuthenticationToken"
)
MS_REST_URL_NOT_AVAILABLE_MESSAGE = 'Rest URL not available. Error: {error}'
MS_OAUTH_URL_MESSAGE = 'Using OAuth URL:\n'
MS_AUTHORIZE_USER_MESSAGE = 'Please authorize user in a separate tab using URL:'
MS_GENERATING_ACCESS_TOKEN_MESSAGE = 'Generating access token'
MS_TC_STATUS_SLEEP = 3
MS_AZURE_WAIT_FOR_URL_SLEEP = 5
MS_AZURE_CODE_GENERATION_SCOPE = 'offline_access Group.ReadWrite.All User.Read.All User.ReadWrite.All Directory.ReadWrite.All \
Directory.AccessAsUser.All User.ManageIdentities.All GroupMember.ReadWrite.All RoleManagement.ReadWrite.Directory'
MS_AZURE_AUTHORIZE_TROUBLESHOOT_MESSAGE = 'If authorization URL fails to communicate with your SOAR instance, check whether you have: '\
' 1. Specified the Web Redirect URL of your App -- The Redirect URL should be <POST URL>/result . '\
' 2. Configured the base URL of your SOAR Instance at Administration -> Company Settings -> Info'
MS_AZURE_TEST_CONNECTIVITY_FAILURE_MESSAGE = "Test Connectivity Failed"
MS_AZURE_TEST_CONNECTIVITY_PASSED = "Test Connectivity Passed"
MS_AZURE_ENCRYPTION_ERROR = "Error occurred while encrypting the state file"
MS_AZURE_DECRYPTION_ERROR = "Error occurred while decrypting the state file"
MS_AZURE_STATE_FILE_CORRUPT_ERROR = "Error occurred while loading the state file due to it's unexpected format. " \
"Resetting the state file with the default format. Please test the connectivity."
MS_AZURE_RESPONSE_ERROR_MESSAGE = "Error from server. Status Code: {status_code}. Data from server: \n{error_text}\n"
MS_AZURE_PROCESS_RESPONSE_ERROR_MESSAGE = "Can't process response from server. Status Code: {status_code} Data from server: {content}"
MS_ADMIN_CONSENT_ERROR_MESSAGE = "Admin consent not received"
MS_AUTHORIZATION_ERROR_MESSAGE = "Authorization code not received or not given"
MS_STATE_FILE_ERROR_MESSAGE = "Unable to load state file"
DEFAULT_TIMEOUT = 30

170
deployment-apps/msadgraph/msadgraph_get_group.html
Unescape View File

@ -0,0 +1,170 @@
{% extends 'widgets/widget_template.html' %}
{% load custom_template %}
{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%;
background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
{% block title1 %}{{ title1 }}{% endblock %}
{% block title2 %}{{ title2 }}{% endblock %}
{% block custom_tools %}
{% endblock %}
{% block widget_content %}
<!-- Main Start Block -->
<!-- File: msadgraph_get_group.html
Copyright (c) 2022-2023 Splunk Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under
the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express or implied. See the License for the specific language governing permissions
and limitations under the License.
-->
<style>
.msadgraph-app a:hover {
text-decoration: underline;
}
.msadgraph-app .wf-table-vertical {
width: initial;
font-size: 12px;
}
.msadgraph-app .wf-table-vertical td {
padding: 5px;
border: 1px solid;
}
.msadgraph-app .wf-table-horizontal {
margin-right: 10px;
width: initial;
border: 1px solid;
font-size: 12px;
}
.msadgraph-app .wf-table-horizontal th {
text-align: center;
border: 1px solid;
text-transform: uppercase;
font-weight: normal;
padding: 5px;
}
.msadgraph-app .wf-table-horizontal td {
border: 1px solid;
padding: 5px;
padding-left: 4px;
}
.msadgraph-app .wf-h3-style {
font-size: 20px
}
.msadgraph-app .wf-h4-style {
font-size: 16px
}
.msadgraph-app .wf-h5-style {
font-size: 14px
}
.msadgraph-app .wf-subheader-style {
font-size: 12px
}
</style>
<div class="msadgraph-app" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px">
<!-- Main Div -->
{% for result in results %}
<!-- loop for each result -->
<!------------------- For each Result ---------------------->
{% if not result.data %}
<h4 class="wf-h4-style">No data found</h4>
{% else %}
{% if result.param.select_string %}
<h3 class="wf-h3-style">Group Details</h3>
{% for curr_data in result.data %}
<table class="wf-table-horizontal">
<tr>
<thead>
{% for key, value in curr_data.items %}
<th> {{ key }} </th>
{% endfor %}
</thead>
</tr>
<tr>
{% for key, value in curr_data.items %}
<td>{{ value }}</td>
{% endfor %}
</tr>
</table>
<br>
{% endfor %}
<br>
<!------------------- For each Result END ---------------------->
{% else %}
<h3 class="wf-h3-style">Group Details</h3>
<table class="phantom-table dataTable">
<thead>
<th class="widget-th">Display Name</th>
<th class="widget-th">Group Object Id</th>
<th class="widget-th">Description</th>
</thead>
<tbody>
{% for curr_data in result.data %}
<tr>
<td class="widget-td" >
{{ curr_data.displayName }}
</td>
<td class="widget-td" >
<a href="javascript:;" onclick="context_menu(this, [{'contains': ['group object id'],
'value':'{{ curr_data.id }}' }], 0, {{ container.id }}, null, false);">
{{ curr_data.id }}
&nbsp;
<span class="fa fa-caret-down" style="font-size: smaller;"></span>
</a>
</td>
<td class="widget-td" >
{{ curr_data.description }}
</td>
</tr>
{% endfor %}
</tbody>
</table>
<br>
{% endif %}
{% endif %}
<br>
{% endfor %}
<!-- loop for each result end -->
</div> <!-- Main Div -->
<script>
$.extend(true, $.fn.dataTable.defaults, {
"searching": true,
"bLengthChange": false,
"language": {
"paginate": {
"previous": "<i class='fa fa-angle-left fa-lg'></i>",
"next": "<i class='fa fa-angle-right fa-lg'></i>"
},
"emptyTable": "No data available"
},
"dom": '<"top">rt<"bottom"p><"clear">',
drawCallback: function(settings) {
var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
pagination.toggle(this.api().page.info().pages > 1);
}
});
$('.dataTable').DataTable();
</script>
{% endblock %}
<!-- Main Start Block -->

174
deployment-apps/msadgraph/msadgraph_list_group_members.html
Unescape View File

@ -0,0 +1,174 @@
{% extends 'widgets/widget_template.html' %}
{% load custom_template %}
{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%;
background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
{% block title1 %}{{ title1 }}{% endblock %}
{% block title2 %}{{ title2 }}{% endblock %}
{% block custom_tools %}
{% endblock %}
{% block widget_content %}
<!-- Main Start Block -->
<!-- File: msadgraph_list_group_members.html
Copyright (c) 2022-2023 Splunk Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under
the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express or implied. See the License for the specific language governing permissions
and limitations under the License.
-->
<style>
.msadgraph-app a:hover {
text-decoration: underline;
}
.msadgraph-app .wf-table-vertical {
width: initial;
font-size: 12px;
}
.msadgraph-app .wf-table-vertical td {
padding: 5px;
border: 1px solid;
}
.msadgraph-app .wf-table-horizontal {
margin-right: 10px;
width: initial;
border: 1px solid;
font-size: 12px;
}
.msadgraph-app .wf-table-horizontal th {
text-align: center;
border: 1px solid;
text-transform: uppercase;
font-weight: normal;
padding: 5px;
}
.msadgraph-app .wf-table-horizontal td {
border: 1px solid;
padding: 5px;
padding-left: 4px;
}
.msadgraph-app .wf-h3-style {
font-size: 20px
}
.msadgraph-app .wf-h4-style {
font-size: 16px
}
.msadgraph-app .wf-h5-style {
font-size: 14px
}
.msadgraph-app .wf-subheader-style {
font-size: 12px
}
</style>
<div class="msadgraph-app" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px">
<!-- Main Div -->
{% for result in results %}
<!-- loop for each result -->
<!------------------- For each Result ---------------------->
{% if not result.data %}
<h4 class="wf-h4-style">No data found</h4>
{% else %}
{% if result.param.select_string %}
<h3 class="wf-h3-style">List of Group Members</h3>
{% for curr_data in result.data %}
<table class="wf-table-horizontal">
<tr>
<thead>
{% for key, value in curr_data.items %}
<th> {{ key }} </th>
{% endfor %}
</thead>
</tr>
<tr>
{% for key, value in curr_data.items %}
<td>{{ value }}</td>
{% endfor %}
</tr>
</table>
<br>
{% endfor %}
<br>
<!------------------- For each Result END ---------------------->
{% else %}
<h3 class="wf-h3-style">List of Group Members</h3>
<table class="phantom-table dataTable">
<thead>
<th class="widget-th">Display Name</th>
<th class="widget-th">User Object Id</th>
<th class="widget-th">User Princicple Name</th>
</thead>
<tbody>
{% for curr_data in result.data %}
<tr>
<td class="widget-td" >
{{ curr_data.displayName }}
</td>
<td class="widget-td" >
<a href="javascript:;" onclick="context_menu(this, [{'contains': ['user id'],
'value':'{{ curr_data.id }}' }], 0, {{ container.id }}, null, false);">
{{ curr_data.id }}
&nbsp;
<span class="fa fa-caret-down" style="font-size: smaller;"></span>
</a>
</td>
<td class="widget-td" >
<a href="javascript:;" onclick="context_menu(this, [{'contains': ['user id'],
'value':'{{ curr_data.userPrincipalName }}' }], 0, {{ container.id }}, null, false);">
{{ curr_data.userPrincipalName }}
&nbsp;
<span class="fa fa-caret-down" style="font-size: smaller;"></span>
</a>
</td>
</tr>
{% endfor %}
</tbody>
</table>
<br>
{% endif %}
{% endif %}
<br>
{% endfor %}
<!-- loop for each result end -->
</div> <!-- Main Div -->
<script>
$.extend(true, $.fn.dataTable.defaults, {
"searching": true,
"bLengthChange": false,
"language": {
"paginate": {
"previous": "<i class='fa fa-angle-left fa-lg'></i>",
"next": "<i class='fa fa-angle-right fa-lg'></i>"
},
"emptyTable": "No data available"
},
"dom": '<"top">rt<"bottom"p><"clear">',
drawCallback: function(settings) {
var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
pagination.toggle(this.api().page.info().pages > 1);
}
});
$('.dataTable').DataTable();
</script>
{% endblock %}
<!-- Main Start Block -->

174
deployment-apps/msadgraph/msadgraph_list_groups.html
Unescape View File

@ -0,0 +1,174 @@
{% extends 'widgets/widget_template.html' %}
{% load custom_template %}
{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%;
background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
{% block title1 %}{{ title1 }}{% endblock %}
{% block title2 %}{{ title2 }}{% endblock %}
{% block custom_tools %}
{% endblock %}
{% block widget_content %}
<!-- Main Start Block -->
<!-- File: msadgraph_list_groups.html
Copyright (c) 2022-2023 Splunk Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under
the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express or implied. See the License for the specific language governing permissions
and limitations under the License.
-->
<style>
.msadgraph-app a:hover {
text-decoration: underline;
}
.msadgraph-app .wf-table-vertical {
width: initial;
font-size: 12px;
}
.msadgraph-app .wf-table-vertical td {
padding: 5px;
border: 1px solid;
}
.msadgraph-app .wf-table-horizontal {
margin-right: 10px;
width: initial;
border: 1px solid;
font-size: 12px;
}
.msadgraph-app .wf-table-horizontal th {
text-align: center;
border: 1px solid;
text-transform: uppercase;
font-weight: normal;
padding: 5px;
}
.msadgraph-app .wf-table-horizontal td {
border: 1px solid;
padding: 5px;
padding-left: 4px;
}
.msadgraph-app .wf-h3-style {
font-size: 20px
}
.msadgraph-app .wf-h4-style {
font-size: 16px
}
.msadgraph-app .wf-h5-style {
font-size: 14px
}
.msadgraph-app .wf-subheader-style {
font-size: 12px
}
</style>
<div class="msadgraph-app" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px">
<!-- Main Div -->
{% for result in results %}
<!-- loop for each result -->
<!------------------- For each Result ---------------------->
{% if not result.data %}
<h4 class="wf-h4-style">No data found</h4>
{% else %}
{% if result.param.select_string %}
{% for curr_data in result.data %}
{% if curr_data == 'Empty response' %}
<h3 class="wf-h3-style">Empty response. Please add valid property name</h3>
{% else %}
<h3 class="wf-h3-style">Group</h3>
<table class="wf-table-horizontal">
<tr>
<thead>
{% for key, value in curr_data.items %}
<th> {{ key }} </th>
{% endfor %}
</thead>
</tr>
<tr>
{% for key, value in curr_data.items %}
<td>{{ value }}</td>
{% endfor %}
</tr>
<br>
</table>
{% endif %}
{% endfor %}
<br>
<!------------------- For each Result END ---------------------->
{% else %}
<h3 class="wf-h3-style">List of Groups</h3>
<table class="phantom-table dataTable">
<thead>
<th class="widget-th">Group Object Id</th>
<th class="widget-th">Display Name</th>
<th class="widget-th">Description</th>
</thead>
<tbody>
{% for curr_data in result.data %}
<tr>
<td class="widget-td" >
<a href="javascript:;" onclick="context_menu(this, [{'contains': ['group object id'],
'value':'{{ curr_data.id }}' }], 0, {{ container.id }}, null, false);">
{{ curr_data.id }}
&nbsp;
<span class="fa fa-caret-down" style="font-size: smaller;"></span>
</a>
</td>
<td class="widget-td" >
{{ curr_data.displayName }}
</td>
<td class="widget-td" >
{{ curr_data.description }}
</td>
</tr>
{% endfor %}
</tbody>
</table>
<br>
{% endif %}
{% endif %}
<br>
{% endfor %}
<!-- loop for each result end -->
</div> <!-- Main Div -->
<script>
$.extend(true, $.fn.dataTable.defaults, {
"searching": true,
"bLengthChange": false,
"language": {
"paginate": {
"previous": "<i class='fa fa-angle-left fa-lg'></i>",
"next": "<i class='fa fa-angle-right fa-lg'></i>"
},
"emptyTable": "No data available"
},
"dom": '<"top">rt<"bottom"p><"clear">',
drawCallback: function(settings) {
var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
pagination.toggle(this.api().page.info().pages > 1);
}
});
$('.dataTable').DataTable();
</script>
{% endblock %}
<!-- Main Start Block -->

175
deployment-apps/msadgraph/msadgraph_list_user_attributes.html
Unescape View File

@ -0,0 +1,175 @@
{% extends 'widgets/widget_template.html' %}
{% load custom_template %}
{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%;
background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
{% block title1 %}{{ title1 }}{% endblock %}
{% block title2 %}{{ title2 }}{% endblock %}
{% block custom_tools %}
{% endblock %}
{% block widget_content %}
<!-- Main Start Block -->
<!-- File: msadgraph_list_user_attributes.html
Copyright (c) 2022-2023 Splunk Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under
the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express or implied. See the License for the specific language governing permissions
and limitations under the License.
-->
<style>
.msadgraph-app a:hover {
text-decoration: underline;
}
.msadgraph-app .wf-table-vertical {
width: initial;
font-size: 12px;
}
.msadgraph-app .wf-table-vertical td {
padding: 5px;
border: 1px solid;
}
.msadgraph-app .wf-table-horizontal {
margin-right: 10px;
width: initial;
border: 1px solid;
font-size: 12px;
}
.msadgraph-app .wf-table-horizontal th {
text-align: center;
border: 1px solid;
text-transform: uppercase;
font-weight: normal;
padding: 5px;
}
.msadgraph-app .wf-table-horizontal td {
border: 1px solid;
padding: 5px;
padding-left: 4px;
}
.msadgraph-app .wf-h3-style {
font-size: 20px
}
.msadgraph-app .wf-h4-style {
font-size: 16px
}
.msadgraph-app .wf-h5-style {
font-size: 14px
}
.msadgraph-app .wf-subheader-style {
font-size: 12px
}
</style>
<div class="msadgraph-app" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px">
<!-- Main Div -->
{% for result in results %}
<!-- loop for each result -->
<!------------------- For each Result ---------------------->
{% if not result.data %}
<h4 class="wf-h4-style">No data found</h4>
{% else %}
{% if result.param.select_string %}
<h3 class="wf-h3-style">User Attributes</h3>
{% for curr_data in result.data %}
<table class="wf-table-horizontal">
<tr>
<thead>
{% for key, value in curr_data.items %}
<th> {{ key }} </th>
{% endfor %}
</thead>
</tr>
<tr>
{% for key, value in curr_data.items %}
<td>{{ value }}</td>
{% endfor %}
</tr>
</table>
<br>
{% endfor %}
<br>
<!------------------- For each Result END ---------------------->
{% else %}
<h3 class="wf-h3-style">User Attributes</h3>
<table class="phantom-table dataTable">
<thead>
<th class="widget-th">Display Name</th>
<th class="widget-th">User Object Id</th>
<th class="widget-th">User Princicple Name</th>
</thead>
<tbody>
{% for curr_data in result.data %}
<tr>
<td class="widget-td" >
{{ curr_data.displayName }}
</td>
<td class="widget-td" >
<a href="javascript:;" onclick="context_menu(this, [{'contains': ['user id'],
'value':'{{ curr_data.id }}' }], 0, {{ container.id }}, null, false);">
{{ curr_data.id }}
&nbsp;
<span class="fa fa-caret-down" style="font-size: smaller;"></span>
</a>
</td>
<td class="widget-td" >
<a href="javascript:;" onclick="context_menu(this, [{'contains': ['user id'],
'value':'{{ curr_data.userPrincipalName }}' }], 0, {{ container.id }}, null, false);">
{{ curr_data.userPrincipalName }}
&nbsp;
<span class="fa fa-caret-down" style="font-size: smaller;"></span>
</a>
</td>
</tr>
{% endfor %}
</tbody>
</table>
<br>
{% endif %}
{% endif %}
<br>
{% endfor %}
<!-- loop for each result end -->
</div> <!-- Main Div -->
<script>
$.extend(true, $.fn.dataTable.defaults, {
"searching": true,
"bLengthChange": false,
"language": {
"paginate": {
"previous": "<i class='fa fa-angle-left fa-lg'></i>",
"next": "<i class='fa fa-angle-right fa-lg'></i>"
},
"emptyTable": "No data available"
},
"dom": '<"top">rt<"bottom"p><"clear">',
drawCallback: function(settings) {
var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
pagination.toggle(this.api().page.info().pages > 1);
}
});
$('.dataTable').DataTable();
</script>
{% endblock %}
<!-- Main Start Block -->

163
deployment-apps/msadgraph/msadgraph_list_user_devices.html
Unescape View File

@ -0,0 +1,163 @@
{% extends 'widgets/widget_template.html' %}
{% load custom_template %}
{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%;
background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
{% block title1 %}{{ title1 }}{% endblock %}
{% block title2 %}{{ title2 }}{% endblock %}
{% block custom_tools %}
{% endblock %}
{% block widget_content %}
<!-- Main Start Block -->
<!-- File: msadgraph_list_user_devices.html
Copyright (c) 2022-2023 Splunk Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under
the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express or implied. See the License for the specific language governing permissions
and limitations under the License.
-->
<style>
.msadgraph-app a:hover {
text-decoration: underline;
}
.msadgraph-app .wf-table-vertical {
width: initial;
font-size: 12px;
}
.msadgraph-app .wf-table-vertical td {
padding: 5px;
border: 1px solid;
}
.msadgraph-app .wf-table-horizontal {
margin-right: 10px;
width: initial;
border: 1px solid;
font-size: 12px;
}
.msadgraph-app .wf-table-horizontal th {
text-align: center;
border: 1px solid;
text-transform: uppercase;
font-weight: normal;
padding: 5px;
}
.msadgraph-app .wf-table-horizontal td {
border: 1px solid;
padding: 5px;
padding-left: 4px;
}
.msadgraph-app .wf-h3-style {
font-size: 20px
}
.msadgraph-app .wf-h4-style {
font-size: 16px
}
.msadgraph-app .wf-h5-style {
font-size: 14px
}
.msadgraph-app .wf-subheader-style {
font-size: 12px
}
</style>
<div class="msadgraph-app" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px">
<!-- Main Div -->
{% for result in results %}
<!-- loop for each result -->
<!------------------- For each Result ---------------------->
{% if not result.data %}
<h4 class="wf-h4-style">No data found</h4>
{% else %}
{% if result.param.select_string %}
{% for curr_data in result.data %}
{% if curr_data == 'Empty response' %}
<h3 class="wf-h3-style">Empty response. Please add valid property name</h3>
{% else %}
<h3 class="wf-h3-style">Device</h3>
<table class="wf-table-horizontal">
<tr>
<thead>
{% for key, value in curr_data.items %}
<th> {{ key }} </th>
{% endfor %}
</thead>
</tr>
<tr>
{% for key, value in curr_data.items %}
<td>{{ value }}</td>
{% endfor %}
</tr>
<br>
</table>
{% endif %}
{% endfor %}
<br>
<!------------------- For each Result END ---------------------->
{% else %}
<h3 class="wf-h3-style">List of User Devices</h3>
<table class="phantom-table dataTable">
<thead>
<th class="widget-th">Display Name</th>
<th class="widget-th">Device ID</th>
</thead>
<tbody>
{% for curr_data in result.data %}
<tr>
<td class="widget-td" >
{{ curr_data.displayName }}
</td>
<td class="widget-td" >
{{ curr_data.deviceId }}
</td>
</tr>
{% endfor %}
</tbody>
</table>
<br>
{% endif %}
{% endif %}
<br>
{% endfor %}
<!-- loop for each result end -->
</div> <!-- Main Div -->
<script>
$.extend(true, $.fn.dataTable.defaults, {
"searching": true,
"bLengthChange": false,
"language": {
"paginate": {
"previous": "<i class='fa fa-angle-left fa-lg'></i>",
"next": "<i class='fa fa-angle-right fa-lg'></i>"
},
"emptyTable": "No data available"
},
"dom": '<"top">rt<"bottom"p><"clear">',
drawCallback: function(settings) {
var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
pagination.toggle(this.api().page.info().pages > 1);
}
});
$('.dataTable').DataTable();
</script>
{% endblock %}
<!-- Main Start Block -->

177
deployment-apps/msadgraph/msadgraph_list_users.html
Unescape View File

@ -0,0 +1,177 @@
{% extends 'widgets/widget_template.html' %}
{% load custom_template %}
{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%;
background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
{% block title1 %}{{ title1 }}{% endblock %}
{% block title2 %}{{ title2 }}{% endblock %}
{% block custom_tools %}
{% endblock %}
{% block widget_content %}
<!-- Main Start Block -->
<!-- File: msadgraph_list_users.html
Copyright (c) 2022-2023 Splunk Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under
the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express or implied. See the License for the specific language governing permissions
and limitations under the License.
-->
<style>
.msadgraph-app a:hover {
text-decoration: underline;
}
.msadgraph-app .wf-table-vertical {
width: initial;
font-size: 12px;
}
.msadgraph-app .wf-table-vertical td {
padding: 5px;
border: 1px solid;
}
.msadgraph-app .wf-table-horizontal {
margin-right: 10px;
width: initial;
border: 1px solid;
font-size: 12px;
}
.msadgraph-app .wf-table-horizontal th {
text-align: center;
border: 1px solid;
text-transform: uppercase;
font-weight: normal;
padding: 5px;
}
.msadgraph-app .wf-table-horizontal td {
border: 1px solid;
padding: 5px;
padding-left: 4px;
}
.msadgraph-app .wf-h3-style {
font-size: 20px
}
.msadgraph-app .wf-h4-style {
font-size: 16px
}
.msadgraph-app .wf-h5-style {
font-size: 14px
}
.msadgraph-app .wf-subheader-style {
font-size: 12px
}
</style>
<div class="msadgraph-app" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px">
<!-- Main Div -->
{% for result in results %}
<!-- loop for each result -->
<!------------------- For each Result ---------------------->
{% if not result.data %}
<h4 class="wf-h4-style">No data found</h4>
{% else %}
{% if result.param.select_string %}
{% for curr_data in result.data %}
{% if curr_data == 'Empty response' %}
<h3 class="wf-h3-style">Empty response. Please add valid property name</h3>
{% else %}
<h3 class="wf-h3-style">User</h3>
<table class="wf-table-horizontal">
<tr>
<thead>
{% for key, value in curr_data.items %}
<th> {{ key }} </th>
{% endfor %}
</thead>
</tr>
<tr>
{% for key, value in curr_data.items %}
<td>{{ value }}</td>
{% endfor %}
</tr>
<br>
</table>
{% endif %}
{% endfor %}
<br>
<!------------------- For each Result END ---------------------->
{% else %}
<h3 class="wf-h3-style">List of Users</h3>
<table class="phantom-table dataTable">
<thead>
<th class="widget-th">Display Name</th>
<th class="widget-th">User Object Id</th>
<th class="widget-th">User Princicple Name</th>
</thead>
<tbody>
{% for curr_data in result.data %}
<tr>
<td class="widget-td" >
{{ curr_data.displayName }}
</td>
<td class="widget-td" >
<a href="javascript:;" onclick="context_menu(this, [{'contains': ['user id'],
'value':'{{ curr_data.id }}' }], 0, {{ container.id }}, null, false);">
{{ curr_data.id }}
&nbsp;
<span class="fa fa-caret-down" style="font-size: smaller;"></span>
</a>
</td>
<td class="widget-td" >
<a href="javascript:;" onclick="context_menu(this, [{'contains': ['user id'],
'value':'{{ curr_data.userPrincipalName }}' }], 0, {{ container.id }}, null, false);">
{{ curr_data.userPrincipalName }}
&nbsp;
<span class="fa fa-caret-down" style="font-size: smaller;"></span>
</a>
</td>
</tr>
{% endfor %}
</tbody>
</table>
<br>
{% endif %}
{% endif %}
<br>
{% endfor %}
<!-- loop for each result end -->
</div> <!-- Main Div -->
<script>
$.extend(true, $.fn.dataTable.defaults, {
"searching": true,
"bLengthChange": false,
"language": {
"paginate": {
"previous": "<i class='fa fa-angle-left fa-lg'></i>",
"next": "<i class='fa fa-angle-right fa-lg'></i>"
},
"emptyTable": "No data available"
},
"dom": '<"top">rt<"bottom"p><"clear">',
drawCallback: function(settings) {
var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
pagination.toggle(this.api().page.info().pages > 1);
}
});
$('.dataTable').DataTable();
</script>
{% endblock %}
<!-- Main Start Block -->

58
deployment-apps/msadgraph/msadgraph_view.py
Unescape View File

@ -0,0 +1,58 @@
# File: msadgraph_view.py
#
# Copyright (c) 2022-2023 Splunk Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under
# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
# either express or implied. See the License for the specific language governing permissions
# and limitations under the License.
def get_ctx_result(provides, result):
ctx_result = {}
param = result.get_param()
summary = result.get_summary()
data = result.get_data()
ctx_result['param'] = param
ctx_result['action'] = provides
if data:
ctx_result['data'] = data
if summary:
ctx_result['summary'] = summary
return ctx_result
def display_view(provides, all_app_runs, context):
context['results'] = results = []
for summary, action_results in all_app_runs:
for result in action_results:
ctx_result = get_ctx_result(provides, result)
if (not ctx_result):
continue
results.append(ctx_result)
if provides == "list users":
return_page = "msadgraph_list_users.html"
if provides == "list user attributes":
return_page = "msadgraph_list_user_attributes.html"
if provides == "list groups":
return_page = "msadgraph_list_groups.html"
if provides == "get group":
return_page = "msadgraph_get_group.html"
if provides == "list group members":
return_page = "msadgraph_list_group_members.html"
if provides == "list user devices":
return_page = "msadgraph_list_user_devices.html"
return return_page

123
deployment-apps/msadgraph/readme.html
Unescape View File

@ -0,0 +1,123 @@
<!-- File: readme.html
Copyright (c) 2022-2023 Splunk Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under
the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express or implied. See the License for the specific language governing permissions
and limitations under the License.
-->
<html>
<head></head>
<body>
<h2>Authentication</h2>
<h3>Microsoft Azure Application creation</h3>
<p>This app requires creating a Microsoft Azure Application. To do so, navigate to <a href="https://portal.azure.com" target="_blank">https://portal.azure.com</a> in a browser and log in with a Microsoft account, then select <b>Azure Active Directory</b>.</p>
<ol>
<li>Go to <b>App Registrations</b> and click on <b>+ New registration</b>.</li>
<li>Give the app an appropriate name.</li>
<li>Select a supported account type (configure the application to be multitenant).</li>
<li>Click on the <b>Register</b>.</li>
<ul>
<li>Under <b>Certificates & secrets</b>, add <b>New client secret</b>. Note this key somewhere secure, as it cannot be retrieved after closing the window.</li>
<li>Under <b>Redirect URIs</b> we will be updating the entry of https://phantom.local to reflect the actual redirect URI. We will get this from the SOAR asset we create below in the section titled "Configure the MS Graph for Active Directory SOAR app Asset"
</ul>
</ol>
<h3>Delegated Permissions configuration</h3>
<p>Use this procedure to provide non-admin permissions to the app. To do so, navigate to <a href="https://portal.azure.com" target="_blank">https://portal.azure.com</a> in a browser and log in with a Microsoft account, then navigate to the previously created app configuration.</p>
<ol>
<li>Under <b>API Permissions</b>, click on <b>Add a permission</b>.</li>
<li>Go to <b>Microsoft Graph Permissions</b>, the following <b>Delegated Permissions</b> need to be added:
<ul>
<li>User.ReadWrite.All</li>
<li>Directory.ReadWrite.All</li>
<li>Directory.AccessAsUser.All</li>
<li>User.ManageIdentities.All</li>
<li>Group.ReadWrite.All</li>
<li>GroupMember.ReadWrite.All</li>
<li>RoleManagement.ReadWrite.Directory</li>
<li>offline_access</li>
</ul>
</li>
<li> Click on the <b>Add permissions</b>.</li>
<li>After making these changes, click on <b>Grant admin consent</b>.</li>
</ol>
<h3>Application Permissions configuration</h3>
<p>Use this procedure to provide admin permissions to the app. To do so, navigate to <a href="https://portal.azure.com" target="_blank">https://portal.azure.com</a> in a browser and log in with a Microsoft account, then navigate to the previously created app configuration.</p>
<ol>
<li>Under <b>API Permissions</b>, click on <b>Add a permission</b>.</li>
<li>Go to <b>Microsoft Graph Permissions</b>, the following <b>Application Permissions</b> need to be added:
<ul>
<li>User.ReadWrite.All</li>
<li>Directory.ReadWrite.All</li>
<li>User.ManageIdentities.All</li>
<li>Group.ReadWrite.All</li>
<li>GroupMember.ReadWrite.All</li>
<li>RoleManagement.ReadWrite.Directory</li>
</ul>
</li>
<li> Click on the <b>Add permissions</b>.</li>
<li>After making these changes, click on <b>Grant admin consent</b>.</li>
</ol>
<h4>Note: <b>reset password</b> action is not supported with Application permissions </h4>
<h2>Configure the MS Graph for Active Directory SOAR app Asset</h2>
<p>When creating an asset for the <b>MS Graph for Active Directory</b> app, place the <b>Application ID</b> of the app created during the previous step in the <b>Client ID</b> field and place the password generated during the app creation process in the <b>Client Secret</b> field. Then, after filling out the <b>Tenant</b> field, click <b>SAVE</b>.</p>
<p>After saving, a new field will appear in the <b>Asset Settings</b> tab. Take the URL found in the <b>POST incoming for MS Graph to this location</b> field and place it in the <b>Redirect URIs</b> field of the Azure Application configuration page. To this URL, add <b>/result</b>. After doing so the URL should look something like:</p>
<p>https://&lt;phantom_host&gt;/rest/handler/msgraphforactivedirectory_f2a239df-acb2-47d6-861c-726a435cfe76/&lt;asset_name&gt;/result</p>
<br>
Once again, click on Save.
<h2>Enable Application Permissions</h2>
<p>If you have received admin consent to use application permissions, make sure to check the <b>Admin Access Required</b> and <b>Admin Consent Already Provided</b> checkboxes on the asset.</p>
<h2>User Permissions</h2>
To complete the authorization process, this app needs permission to view assets, which is not granted by default. First, under <b>asset settings</b>, check which user is listed under <b>Select a user on behalf of which automated actions can be executed</b>. By default, the user will be <b>automation</b>, but this user can be changed by clicking <b>EDIT</b> at the bottom of the window. To give this user permission to view assets, follow these steps:
<ul>
<li>In the main drop-down menu, select <b>Administration</b>, then select the <b>User Management</b>, and under that tab, select <b>Roles</b>. Finally, click <b>+ ROLE</b>.</li>
<li>In the <b>Add Role</b> wizard, give the role a name (e.g <b>Asset Viewer</b>), and provide a description. Subsequently, under <b>Available Users</b>, add the user assigned to the asset viewed earlier. Then click the <b>Permissions</b> tab.</li>
<li>On the permission tab, under <b>Available Privileges</b>, give the role the <b>View Assets</b> privilege. Then click <b>SAVE</b>.</li>
</ul>
<h2>Method to Run Test Connectivity (for delegated permissions)</h2>
<p>After setting up the asset and user, click the <b>TEST CONNECTIVITY</b> button. A window should pop up and display a URL. Navigate to this URL in a separate browser tab. This new tab will redirect to a Microsoft login page. Log in to a Microsoft account with administrator privileges to the Microsoft AD environment. After logging in, review the requested permissions listed, then click <b>Accept</b>. Finally, close that tab. The test connectivity window should show success.</p>
<p>The app should now be ready to use.</p>
<h2>State File Permissions</h2>
Please check the permissions for the state file as mentioned below.
<h4>State Filepath</h4>
<ul>
<li>For Root Install Instance: /opt/phantom/local_data/app_states/f2a239df-acb2-47d6-861c-726a435cfe76/{asset_id}_state.json</li>
<li>For Non-Root Install Instance: /&lt;PHANTOM_HOME_DIRECTORY&gt;/local_data/app_states/f2a239df-acb2-47d6-861c-726a435cfe76/{asset_id}_state.json</li>
</ul>
<h4>State File Permissions</h4>
<ul>
<li>File Rights: rw-rw-r-- (664) (The SOAR user should have read and write access for the state file)</li>
<li>File Owner: appropriate SOAR user</li>
</ul>
<h2>Port Details</h2>
<p>
The app uses HTTP/ HTTPS protocol for communicating with the Microsoft Graph server. Below are the default ports used by the Splunk SOAR Connector.
<table>
<tr>
<th>Service Name</th>
<th>Transport Protocol</th>
<th>Port</th>
</tr>
<tr>
<td>https</td>
<td>tcp</td>
<td>443</td>
</tr>
</table>
</p>
</body>
</html>

2
deployment-apps/msadgraph/release_notes/1.0.5.md
Unescape View File

@ -0,0 +1,2 @@
* Initial release with Python3 support
* Note - This app is a replacement for the Azure AD app with Microsoft Graph API as Azure AD API is going to deprecate in near future

1
deployment-apps/msadgraph/release_notes/1.1.0.md
Unescape View File

@ -0,0 +1 @@
* Added 'list user devices' action

8
deployment-apps/msadgraph/release_notes/1.2.0.md
Unescape View File

@ -0,0 +1,8 @@
* Added option to use admin granted permissions
* Updated the 'test connectivity' action to allow non-interactive tests when admin consent is already provided
* Added 'expand string' and 'use advanced query' parameters in below five actions
* list users
* list groups
* list user attributes
* get group
* list group members

2
deployment-apps/msadgraph/release_notes/1.3.0.md
Unescape View File

@ -0,0 +1,2 @@
* Fixed the state file reseting logic [PAPP-30760]
* Removed django and requests dependencies in order to use platform packages [PAPP-31087, PAPP-31082, PAPP-31096, PAPP-30822]

1
deployment-apps/msadgraph/release_notes/unreleased.md
Unescape View File

@ -0,0 +1 @@
**Unreleased**

BIN
deployment-apps/msadgraph/wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl
View File

Binary file not shown.

BIN
deployment-apps/msadgraph/wheels/py3/soupsieve-2.3.2.post1-py3-none-any.whl
View File

Binary file not shown.

BIN
deployment-apps/msadgraph/wheels/py3/soupsieve-2.4.1-py3-none-any.whl
View File

Binary file not shown.
Write Preview
Loading…
Cancel
Save