Merge pull request #43 from splunk-soar-connectors/next

Merging next to main for release 3.0.1

.pre-commit-config.yaml

@@ -1,11 +1,11 @@
 repos:
 -   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.17
+    rev: v1.23
     hooks:
     -   id: org-hook
     -   id: package-app-dependencies
 -   repo: https://github.com/Yelp/detect-secrets
-    rev: v1.4.0
+    rev: v1.5.0
     hooks:
     -   id: detect-secrets
         args: ['--no-verify', '--exclude-files', '^office365.json$']

README.md

@@ -2,11 +2,11 @@
 # MS Graph for Office 365
 
 Publisher: Splunk  
-Connector Version: 3.0.0  
+Connector Version: 3.0.1  
 Product Vendor: Microsoft  
 Product Name: Office 365 (MS Graph)  
 Product Version Supported (regex): ".\*"  
-Minimum Product Version: 6.1.1  
+Minimum Product Version: 6.2.2  
 
 This app connects to Office 365 using the MS Graph API to support investigate and generic actions related to the email messages and calendar events
 
@@ -350,6 +350,10 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION
 [get folder id](#action-get-folder-id) - Get the API ID of the folder  
 [send email](#action-send-email) - Sends an email with optional text rendering. Attachments are allowed a Content-ID tag for reference within the html  
 [on poll](#action-on-poll) - Ingest emails from Office 365 using Graph API  
+[update email](#action-update-email) - Update an email on the server  
+[block sender](#action-block-sender) - Add the sender email into the block list  
+[unblock sender](#action-unblock-sender) - Remove the sender email from the block list  
+[resolve name](#action-resolve-name) - Verify aliases and resolve display names to the appropriate user  
 
 ## action: 'test connectivity'
 Use supplied credentials to generate a token with MS Graph
@@ -1523,4 +1527,162 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 **artifact_count** |  optional  | Parameter Ignored in this app | numeric | 
 
 #### Action Output
-No Output
+No Output  
+
+## action: 'update email'
+Update an email on the server
+
+Type: **generic**  
+Read only: **False**
+
+Currently, this action only updates the categories and subject of an email. To set multiple categories, please pass a comma-separated list to the <b>category</b> parameter.<br>NOTE: If the user tries to update the categories, then the existing categories of the email will be replaced with the new categories provided as input.
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**id** |  required  | Message ID to delete | string |  `msgoffice365 message id` 
+**email_address** |  required  | Email address of the mailbox owner | string |  `email` 
+**subject** |  optional  | Subject to set | string | 
+**categories** |  optional  | Categories to set | string | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.categories | string |  |   Yellow, Blue, Purple, red 
+action_result.parameter.email_address | string |  `email`  |   [email protected] 
+action_result.parameter.id | string |  `msgoffice365 message id`  |   AAMkAGIyMTUxYTkzLWRjYjctNDFjMi04NTAxLTQzMDFkNDhlZmI5MQBGAAAAAACxQSnX8n2GS4cunBIQ2sV7BwCQhMsoV7EYSJF42ChR9SCxAAAAYCbsAACQhMsoV7EYSJF42ChR9SCxAAAAjh8bAAA= 
+action_result.parameter.subject | string |  |   Both value are modified 
+action_result.data.\*[email protected] | string |  `url`  |   https://test.abc.com/v1.0/$metadata#users('user%40.abc.com')/messages(internetMessageHeaders,body,uniqueBody,sender,subject)/$entity 
+action_result.data.\*[email protected] | string |  |   W/"CQAAABYAAABBKXVvwEWISZupmqX4mJS3AAO8DBJl" 
+action_result.data.\*.body.content | string |  |   `Have a good time with these.\\r\\n` 
+action_result.data.\*.body.contentType | string |  |   html 
+action_result.data.\*.bodyPreview | string |  |   Have a good time with these. 
+action_result.data.\*.changeKey | string |  |   CQAAABYAAADTteE6Q2eCQKSqg19j6T+NAAYzSv5R 
+action_result.data.\*.conversationId | string |  |   AAQkAGYxNGJmOWQyLTlhMjctNGRiOS1iODU0LTA1ZWE3ZmQ3NDU3MQAQAORC3aOpHnZMsHD4-7L40sY= 
+action_result.data.\*.conversationIndex | string |  |   AQHZopYz5ELdo6kedkywcPj/svjSxg== 
+action_result.data.\*.createdDateTime | string |  |   2023-06-19T10:09:58Z 
+action_result.data.\*.flag.flagStatus | string |  |   notFlagged 
+action_result.data.\*.from.emailAddress.address | string |  `email`  |   [email protected] 
+action_result.data.\*.from.emailAddress.name | string |  |   Ryan Edwards 
+action_result.data.\*.hasAttachments | boolean |  |   True  False 
+action_result.data.\*.id | string |  `msgoffice365 message id`  |   AQMkADU3NDk3MzJlLTY3MDQtNDE2Ny1iZDk1LTc4YjEwYzhmZDc5YQBGAAADyW3X5P7Hb0_MMHKonvdoWQcAQSl1b8BFiEmbqZql_JiUtwAAAgEMAAAAQSl1b8BFiEmbqZql_JiUtwADu9Tv8QAAAA== 
+action_result.data.\*.importance | string |  |   normal 
+action_result.data.\*.inferenceClassification | string |  |   focused 
+action_result.data.\*.internetMessageId | string |  `msgoffice365 internet message id`  |   <PH7PR11MB690810916B33B92C7EF5E558D95FA@PH7PR11MB6908.namprd11.prod.test.com> 
+action_result.data.\*.isDeliveryReceiptRequested | boolean |  |   True  False 
+action_result.data.\*.isDraft | boolean |  |   True  False 
+action_result.data.\*.isRead | boolean |  |   True  False 
+action_result.data.\*.isReadReceiptRequested | boolean |  |   True  False 
+action_result.data.\*.lastModifiedDateTime | string |  |   2023-06-19T10:09:58Z 
+action_result.data.\*.parentFolderId | string |  `msgoffice365 folder id`  |   AQMkAGYxNGJmOWQyLTlhMjctNGRiOS1iODU0LTA1ZWE3ZmQ3NDU3MQAuAAADeDDJKaEf4EihMWU6SZgKbAEA07XhOkNngkCkqoNfY_k-jQAAAgEPAAAA 
+action_result.data.\*.receivedDateTime | string |  |   2020-06-18T09:11:31Z 
+action_result.data.\*.sender.emailAddress.address | string |  `email`  |   [email protected] 
+action_result.data.\*.sender.emailAddress.name | string |  `email`  |   [email protected] 
+action_result.data.\*.sentDateTime | string |  |   2023-06-19T10:09:58Z 
+action_result.data.\*.subject | string |  |   test html 
+action_result.data.\*.toRecipients.\*.emailAddress.address | string |  `email`  |   [email protected] 
+action_result.data.\*.toRecipients.\*.emailAddress.name | string |  |   Ryan Edwards 
+action_result.data.\*.webLink | string |  |   https://outlook.office365.com/owa/?ItemID=AAkALgAAAAAAHYQDEapmEc2byACqAC%2FEWg0A07XhOkNngkCkqoNfY%2Bk%2FjQAGNNQOowAA&exvsurl=1&viewmodel=ReadMessageItem 
+action_result.summary | string |  |  
+action_result.message | string |  |   Create time: 2017-10-05T20:19:58Z
+Subject: Both value are modified
+Sent time: 2017-10-03T21:31:20Z 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'block sender'
+Add the sender email into the block list
+
+Type: **contain**  
+Read only: **False**
+
+This action takes as input an email whose sender will be added to the Block Senders List. The message ID changes after the execution and is a required parameter for request hence undo action would require unique ID. Note that a message from the email address must exist in the user's mailbox before you can add the email address to or remove it from the Blocked Senders List.<ul><li>If the <b>move_to_junk_folder</b> parameter is set to True, the sender of the target email message is added to the blocked sender list and the email message is moved to the Junk Email folder.</li><li>If the <b>move_to_junk_folder</b> attribute is set to False, the sender of the target email message is added to the blocked sender list and the email message is not moved from the folder.</li></ul>To view the current Block Senders list, please read the following Powershell articles: <ul><li>https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/connect-to-exchange-online-powershell?view=exchange-ps</li><li>https://docs.microsoft.com/en-us/powershell/module/exchange/antispam-antimalware/Get-MailboxJunkEmailConfiguration?view=exchange-ps.</li></ul>
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**message_id** |  required  | Message ID to pick the sender of | string | 
+**user_id** |  required  | User ID to base the action of | string | 
+**move_to_junk_folder** |  optional  | Should the email be moved to the junk folder | boolean | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.parameter.message_id | string |  |  
+action_result.parameter.move_to_junk_folder | boolean |  |  
+action_result.parameter.user_id | boolean |  |  
+action_result.status | string |  |  
+action_result.summary | string |  |  
+action_result.status | string |  |   success  failed 
+action_result.message | string |  |  
+summary.total_objects | numeric |  |  
+summary.total_objects_successful | numeric |  |    
+
+## action: 'unblock sender'
+Remove the sender email from the block list
+
+Type: **contain**  
+Read only: **False**
+
+This action takes as input an email whose sender will be removed from the Block Senders List. The message ID changes after the execution and is a required parameter for request hence undo action would require unique ID. Note that a message from the email address must exist in the user's mailbox before you can add the email address to or remove it from the Blocked Senders List.<ul><li>If the <b>move_to_inbox</b> parameter is set to True, the sender of the target email message is removed from the blocked sender list and the email message is moved from the Junk Email folder.</li><li>If the <b>move_to_inbox</b> attribute is set to False, the sender of the target email message is removed from the blocked sender list and the email message is not moved from the folder.</li></ul>To view the current Block Senders list, please read the following Powershell articles: <ul><li>https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/connect-to-exchange-online-powershell?view=exchange-ps</li><li>https://docs.microsoft.com/en-us/powershell/module/exchange/antispam-antimalware/Get-MailboxJunkEmailConfiguration?view=exchange-ps.</li></ul>
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**message_id** |  required  | Message ID to pick the sender of | string | 
+**user_id** |  required  | User ID to base the action of | string | 
+**move_to_inbox** |  optional  | Should the email be moved to the inbox folder | boolean | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.parameter.message_id | string |  |  
+action_result.parameter.move_to_inbox | boolean |  |  
+action_result.parameter.user_id | boolean |  |  
+action_result.status | string |  |  
+action_result.summary | string |  |  
+action_result.status | string |  |   success  failed 
+action_result.message | string |  |  
+summary.total_objects | numeric |  |  
+summary.total_objects_successful | numeric |  |    
+
+## action: 'resolve name'
+Verify aliases and resolve display names to the appropriate user
+
+Type: **investigate**  
+Read only: **True**
+
+Resolve an Alias name or email address, gathering complex data about the user.
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**email** |  required  | Name to resolve | string |  `email`  `string` 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.parameter.email | string |  `email`  `string`  |  
+action_result.data.\*.id | string |  `msgoffice365 id`  |  
+action_result.data.\*.userPrincipalName | string |  `msgoffice365 user principal name`  |  
+action_result.data.\*.givenName | string |  `msgoffice365 given name`  |  
+action_result.data.\*.surname | string |  `msgoffice365 surname`  |  
+action_result.data.\*.displayName | string |  `msgoffice365 display name`  |  
+action_result.data.\*.mailNickname | string |  `msgoffice365 mail nickname`  |  
+action_result.data.\*.mail | string |  `email`  |  
+action_result.data.\*.otherMails | string |  `email list`  |  
+action_result.data.\*.proxyAddresses | string |  `email list`  |  
+action_result.data.\*.jobTitle | string |  `msgoffice365 job title`  |  
+action_result.data.\*.officeLocation | string |  `msgoffice365 office location`  |  
+action_result.data.\*.value | string |  `msgoffice365 user purpose`  |  
+action_result.data.\*.mobilePhone | string |  `msgoffice365 mobile phone`  |  
+action_result.data.\*.businessPhones | string |  `msgoffice365 buisness phones`  |  
+action_result.data.\*.preferredLanguage | string |  `msgoffice365 preferred language`  |  
+action_result.data.\*.state | string |  `msgoffice365 state`  |  
+action_result.data.\*.postalCode | string |  `msgoffice365 postal code`  |  
+action_result.summary | string |  |  
+action_result.status | string |  |   success  failed 
+action_result.message | string |  |  
+summary.total_objects | numeric |  |  
+summary.total_objects_successful | numeric |  |