Fantastic! Nice work.
Beyond that, this community is a great place to get answers to any specific questions you might have. Good luck!
Original Message:
Sent: Wed May 22, 2024 11:46 AM
From: ken ching
Subject: Integration requires HMAC and BASE64 modules which are not available for SOAR Scripts
Yes, the plan is to perform the enrichment using the REST API app as a workaround from the vendor's busted app however I would appreciate the assistance with resources to explore implementing as an app.
In the meantime I've done exactly what you suggest which is to create my own HMAC function to use within the script which is working! Here is the snippet in case others need to go down this route:
def xor(x, y):
return bytes(x[i] ^ y[i] for i in range(min(len(x), len(y))))
def hmac_sha1(key_K, data):
if len(key_K) > 64:
raise ValueError('The key must be <= 64 bytes in length')
padded_K = key_K + b'\x00' * (64 - len(key_K))
ipad = b'\x36' * 64
opad = b'\x5c' * 64
h_inner = hashlib.sha1(xor(padded_K, ipad))
h_inner.update(data)
h_outer = hashlib.sha1(xor(padded_K, opad))
h_outer.update(h_inner.digest())
return h_outer.digest()
Thanks Bo!
------------------------------
ken ching
Original Message:
Sent: Tue May 21, 2024 10:18 AM
From: Bo Bleckel
Subject: Integration requires HMAC and BASE64 modules which are not available for SOAR Scripts
Hi Ken -
If you do indeed require a non-standard import like the HMAC module, yes, the answer is that you'll need to implement this as an app which will run apart from the scripts on the platform. If you want to go down that path, I can provide you with resources for that.
If you think you could achieve what you need from the HMAC library with your own code, then you might be able to do this through scripts...
Are you eventually intending on using the REST API app to execute the API request?
Bo
------------------------------
Bo Bleckel
Original Message:
Sent: Mon May 20, 2024 06:26 PM
From: ken ching
Subject: Integration requires HMAC and BASE64 modules which are not available for SOAR Scripts
Apologies, my issue is only with the HMAC module. BASE64 is available.
------------------------------
ken ching
Original Message:
Sent: Mon May 20, 2024 06:07 PM
From: ken ching
Subject: Integration requires HMAC and BASE64 modules which are not available for SOAR Scripts
I need to build playbooks to pull data from a widely used email security vendors' API. This vendor has an App on the App Exchange that was last updated on 2019 but we are experiencing the same issues as others who have commented on the app: "Error The provided app file is invalid. Configuration export data is required."
This vendor's API requires a base64 encode of an HMAC-SHA1 hash to be included in the request headers for authentication. I have code that works in standalone python editors (sublime, visual studio). However the dependency on python HMAC and BASE64 modules is preventing me from implementing on SOAR using the Call REST API function because these modules are not available for SOAR scripts (Python 2 and Python 3 differences). I also reviewed apps on the Exchange to see if there are any that provide this functionality and while I did see encryption and hash functions in the Utility Functions for SOAR app, these are only for attachments.
If helpful here are the specific statements involving these modules:
# Create the HMAC SHA1 of the Base64 decoded secret key for the Authorization header
hmac_sha1 = hmac.new(base64.b64decode(secret_key), dataToSign.encode(), digestmod=hashlib.sha1).digest()
# Use the HMAC SHA1 value to sign the hdrDate + ":" requestId + ":" + URI + ":" + appkey
sig = base64.b64encode(hmac_sha1).rstrip()
It feels to me like I am headed towards creating a private app to handle this integration. Any thoughts?
Thanks in advance,
Ken
------------------------------
ken ching
------------------------------