Skip to content

Commit

Permalink
Merge pull request #2739 from splunk/TR-2953
Browse files Browse the repository at this point in the history 
[TR-2953] Azure AD Account Unlocking
  • Loading branch information
@patel-bhavin
patel-bhavin committed Aug 18, 2023
2 parents 8f7f913 + c025008 commit 0d8ce6c
Show file tree
Hide file tree
Showing 4 changed files with 466 additions and 0 deletions.
275 changes: 275 additions & 0 deletions playbooks/Azure_AD_Account_Unlocking.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,275 @@
{
"blockly": false,
"blockly_xml": "<xml></xml>",
"category": "Account Unlocking",
"coa": {
"data": {
"description": "Accepts user name that needs to be enabled in Azure Active Directory. Generates an observable output based on the status of account unlocking or enabling.",
"edges": [
{
"id": "port_0_to_port_2",
"sourceNode": "0",
"sourcePort": "0_out",
"targetNode": "2",
"targetPort": "2_in"
},
{
"conditions": [
{
"index": 0
}
],
"id": "port_2_to_port_3",
"sourceNode": "2",
"sourcePort": "2_out",
"targetNode": "3",
"targetPort": "3_in"
},
{
"id": "port_4_to_port_1",
"sourceNode": "4",
"sourcePort": "4_out",
"targetNode": "1",
"targetPort": "1_in"
},
{
"id": "port_3_to_port_5",
"sourceNode": "3",
"sourcePort": "3_out",
"targetNode": "5",
"targetPort": "5_in"
},
{
"conditions": [
{
"index": 0
}
],
"id": "port_5_to_port_4",
"sourceNode": "5",
"sourcePort": "5_out",
"targetNode": "4",
"targetPort": "4_in"
}
],
"hash": "28807b4b67e7fd29b25e171fedb8e0b3461b08f4",
"nodes": {
"0": {
"data": {
"advanced": {
"join": []
},
"functionName": "on_start",
"id": "0",
"type": "start"
},
"errors": {},
"id": "0",
"type": "start",
"warnings": {},
"x": 19.999999999999986,
"y": -5.115907697472721e-13
},
"1": {
"data": {
"advanced": {
"join": []
},
"functionName": "on_finish",
"id": "1",
"type": "end"
},
"errors": {},
"id": "1",
"type": "end",
"warnings": {},
"x": 19.999999999999986,
"y": 860
},
"2": {
"data": {
"advanced": {
"customName": "user name filter",
"customNameId": 0,
"delimiter": ",",
"delimiter_enabled": true,
"description": "Filter user name inputs to route inputs to appropriate actions.",
"join": [],
"note": "Filter user name inputs to route inputs to appropriate actions."
},
"conditions": [
{
"comparisons": [
{
"conditionIndex": 0,
"op": "!=",
"param": "playbook_input:user",
"value": ""
}
],
"conditionIndex": 0,
"customName": "user_name_check",
"logic": "and"
}
],
"functionId": 1,
"functionName": "user_name_filter",
"id": "2",
"type": "filter"
},
"errors": {},
"id": "2",
"type": "filter",
"warnings": {},
"x": 60,
"y": 140
},
"3": {
"data": {
"action": "enable user",
"actionType": "generic",
"advanced": {
"customName": "enable user account",
"customNameId": 0,
"description": "Enables the user accounts provided by the filtered playbook inputs",
"join": [],
"note": "Enables the user accounts provided by the filtered playbook inputs"
},
"connector": "Azure AD Graph",
"connectorConfigs": [
"azure_ad_graph"
],
"connectorId": "c6d3b801-5c26-4abd-9e89-6d8007e2778f",
"connectorVersion": "v1",
"functionId": 1,
"functionName": "enable_user_account",
"id": "3",
"parameters": {
"user_id": "filtered-data:user_name_filter:condition_1:playbook_input:user"
},
"requiredParameters": [
{
"data_type": "string",
"field": "user_id"
}
],
"type": "action"
},
"errors": {},
"id": "3",
"type": "action",
"warnings": {},
"x": 0,
"y": 320
},
"4": {
"data": {
"advanced": {
"customName": "username observables",
"customNameId": 0,
"description": "Format a normalized output for each user.",
"join": [],
"note": "Format a normalized output for each user."
},
"functionId": 1,
"functionName": "username_observables",
"id": "4",
"inputParameters": [
"filtered-data:filter_enable_result:condition_1:enable_user_account:action_result.parameter.user_id",
"filtered-data:filter_enable_result:condition_1:enable_user_account:action_result.status",
"filtered-data:filter_enable_result:condition_1:enable_user_account:action_result.message"
],
"outputVariables": [
"observable_array"
],
"type": "code"
},
"errors": {},
"id": "4",
"type": "code",
"userCode": "\n # Write your custom code here...\n username_observables__observable_array = []\n \n for user_id, status, msg in zip(filtered_result_0_parameter_user_id, filtered_result_0_status, filtered_result_0_message):\n user_acc_status = {\n \"type\": \"Azure AD Account\",\n \"value\": user_id,\n \"message\": msg,\n \"status\": status\n }\n username_observables__observable_array.append(user_acc_status)\n #phantom.debug(username_observables__observable_array)\n",
"warnings": {},
"x": 0,
"y": 680
},
"5": {
"data": {
"advanced": {
"customName": "filter enable result",
"customNameId": 0,
"delimiter": ",",
"delimiter_enabled": true,
"description": "filter check if the user is enabled successfully.",
"join": [],
"note": "filter check if the user is enabled successfully."
},
"conditions": [
{
"comparisons": [
{
"conditionIndex": 0,
"op": "==",
"param": "enable_user_account:action_result.status",
"value": "success"
}
],
"conditionIndex": 0,
"customName": "enabled_success",
"logic": "and"
}
],
"functionId": 2,
"functionName": "filter_enable_result",
"id": "5",
"type": "filter"
},
"errors": {},
"id": "5",
"type": "filter",
"warnings": {},
"x": 60,
"y": 500
}
},
"notes": "Inputs: users\nInteractions: Azure AD Graph\nActions: enable user\nOutputs: observables"
},
"input_spec": [
{
"contains": [
"user name",
"azure user principal name"
],
"description": "A user name provided to be enabled - Azure AD",
"name": "user"
}
],
"output_spec": [
{
"contains": [],
"datapaths": [
"username_observables:custom_function:observable_array"
],
"deduplicate": false,
"description": "An array of observable dictionaries ",
"metadata": {},
"name": "observable"
}
],
"playbook_type": "data",
"python_version": "3",
"schema": "5.0.10",
"version": "6.0.1.123902"
},
"create_time": "2023-08-14T15:28:43.647352+00:00",
"draft_mode": false,
"labels": [
"*"
],
"tags": [
"user",
"azure_ad_graph",
"enable_account",
"D3-RUAA",
"active_directory"
]
}
Binary file added playbooks/Azure_AD_Account_Unlocking.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading

0 comments on commit 0d8ce6c

Please sign in to comment.