IBM Security SOAR

Expand all | Collapse all

Adding a function to an existing package

  • 1.  Adding a function to an existing package

    Posted Thu November 07, 2019 03:03 PM
    Edited by Liam Mahoney Thu November 07, 2019 03:04 PM

    I downloaded the newest version of resilient-circuits yesterday from pip (34.0.195). I added a new function to an existing package and noticed that it generated new function files (funct_function_name) for functions that already existed within the package, as well as generating the function file for the new function I was working on. 

    So now I have two files representing the same function. If I try to remove one of the files resilient-circuits fails to load saying it can't find the file I removed. Does anyone have any ideas how to either 1) remove the file so I can start resilient-circuits or 2) prevent resilient-circuits codegen from generating these funct_* files for existing functions?

    Here's an example:

    In the example above I'm trying to add the function clear_data_table to the already existing package fn_osk_workday. The package fn_osk_workday already has the function workday_data_pull in it. I used the command resilient-circuits codegen -f clear_data_table -m clear_data_table_md --reload fn_osk_workday and that generated two files, and

    So now the function Workday Data Pull has two files, which both are listening when I run resilient-circuits (I think). If I delete one of the files, resilient-circuits fails when I attempt to start it.

    Any ideas would be appreciated!


    Liam Mahoney

  • 2.  RE: Adding a function to an existing package

    Posted Fri November 08, 2019 04:57 PM
    Yes, and I agree this change was confusing and not well documented. See here on the "funct_" append change.

    Your options, to my knowledge, are:
    1. Delete the created "funct_" files and rename the old ones by appending the new "funct_" naming convention.
    2. Delete the created files and do not rename the old ones (nothing actually references those file names anymore, used to).

    Note that option #2 above may cause an issue if you have the 'old-school' file.
    Here is what they used to look like, and here is a newer one for reference.

    Modify the package's (recommended) to include:
    from setuptools import setup, find_packages
    import glob
    import ntpath

    def get_module_name(module_path):
    Return the module name of the module path
    return ntpath.split(module_path)[1].split(".")[0]

    def snake_to_camel(word):
    Convert a word from snake_case to CamelCase
    return ''.join(x.capitalize() or '_' for x in word.split('_'))

    # ... Then, inside the setup object change the entry_points's resilient.circuits.components key , removing the hard-coded function component names, like:

    "resilient.circuits.components": [
    # When is executed, loop through the .py files in the components directory and create the entry points.
    "{}FunctionComponent = tenable_sc.components.{}:FunctionComponent".format(snake_to_camel(get_module_name(filename)), get_module_name(filename)) for filename in glob.glob("./tenable_sc/components/[a-zA-Z]*.py")

    Additionally, instead of doing --reload with codegen, consider doing this:
    cd /home/path-to-resilient-function-packages-directory-here/
    resilient-circuits codegen --package package_name --function new_function_api_name
    sudo python -m pip install --editable /home/path-to-resilient-function-packages-directory-here/package_name

    The --reload method you used must be new(er), and to be honest I don't understand its purpose, since you don't need it to add to packages.

    Jared Fagel
    Cyber Security Analyst Intern
    Public Utility

  • 3.  RE: Adding a function to an existing package

    Posted Fri November 08, 2019 05:25 PM
    Interesting! Thanks for all the info Jared, I appreciate it!

    Liam Mahoney