diff --git a/plugins/sentinelone/.CHECKSUM b/plugins/sentinelone/.CHECKSUM index 3896d26d2a..ccc38e80b7 100644 --- a/plugins/sentinelone/.CHECKSUM +++ b/plugins/sentinelone/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "175814e9d6bf3496067ab005bc81ab74", - "manifest": "bf2f37bb010ec31daf0a4aee3ae45b89", - "setup": "1e8d3387ed4d46dc2171d7ee9c3c4a2c", + "spec": "3c5580352019ace6c6b4a0bbb5fad9d9", + "manifest": "38aff416d59c85b3fc4b18618290accf", + "setup": "adc2b69e7c46068b1d13fe8ae3dc01bd", "schemas": [ { "identifier": "activities_list/schema.py", diff --git a/plugins/sentinelone/bin/komand_sentinelone b/plugins/sentinelone/bin/komand_sentinelone index 752ccb6e9d..04b1f34f2f 100755 --- a/plugins/sentinelone/bin/komand_sentinelone +++ b/plugins/sentinelone/bin/komand_sentinelone @@ -6,7 +6,7 @@ from sys import argv Name = "SentinelOne" Vendor = "rapid7" -Version = "11.1.3" +Version = "11.1.4" Description = "The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne" diff --git a/plugins/sentinelone/help.md b/plugins/sentinelone/help.md index d5895f8533..8ff4ccf005 100644 --- a/plugins/sentinelone/help.md +++ b/plugins/sentinelone/help.md @@ -2351,6 +2351,7 @@ Example output: # Version History +* 11.1.4 - Fix issue with URL input validation * 11.1.3 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities * 11.1.2 - Resolve issue where unexpected timestamps returned from SentinelOne were not parsed in task `Monitor Logs` | Update plugin to be FedRAMP compliant * 11.1.1 - Updated Plugin connection to improve `instance` input usability diff --git a/plugins/sentinelone/komand_sentinelone/util/helper.py b/plugins/sentinelone/komand_sentinelone/util/helper.py index a62f93257e..eea4c802a5 100755 --- a/plugins/sentinelone/komand_sentinelone/util/helper.py +++ b/plugins/sentinelone/komand_sentinelone/util/helper.py @@ -83,10 +83,21 @@ def _wrapper(self, *args, **kwargs): def format_subdomain(instance: str) -> str: """ - If an input subdomain contains a scheme or the Sentinelone secondlevel domain, strip these values + If an input subdomain contains a scheme or the SentinelOne second-level domain, strip these values """ - instance = instance.replace(".sentinelone.net", "") - return instance.replace("https://", "").replace("http://", "") + + # Remove the scheme if it exists + if instance.startswith("http://"): + instance = instance[len("http://"):] + elif instance.startswith("https://"): + instance = instance[len("https://"):] + + # Remove the SentinelOne domain suffix + if ".sentinelone.net" in instance: + instance = instance.replace(".sentinelone.net", "") + + # Remove any trailing slashes + return instance.rstrip("/") class Helper: diff --git a/plugins/sentinelone/plugin.spec.yaml b/plugins/sentinelone/plugin.spec.yaml index 0b81271221..523bd781a3 100644 --- a/plugins/sentinelone/plugin.spec.yaml +++ b/plugins/sentinelone/plugin.spec.yaml @@ -3,7 +3,7 @@ extension: plugin products: [insightconnect] name: sentinelone title: SentinelOne -version: 11.1.3 +version: 11.1.4 connection_version: 10 cloud_ready: true fedramp_ready: true @@ -58,6 +58,7 @@ hub_tags: keywords: [sentinelone, endpoint, detection, cloud_enabled] features: [] version_history: + - "11.1.4 - Fix issue with URL input validation" - "11.1.3 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities" - "11.1.2 - Resolve issue where unexpected timestamps returned from SentinelOne were not parsed in task `Monitor Logs` | Update plugin to be FedRAMP compliant" - "11.1.1 - Updated Plugin connection to improve `instance` input usability" diff --git a/plugins/sentinelone/setup.py b/plugins/sentinelone/setup.py index 4372ef72db..7087fce7b9 100644 --- a/plugins/sentinelone/setup.py +++ b/plugins/sentinelone/setup.py @@ -3,7 +3,7 @@ setup(name="sentinelone-rapid7-plugin", - version="11.1.3", + version="11.1.4", description="The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne", author="rapid7", author_email="",