Update dependent mod versions and echo to transform step for `ip_prof…

…iler` mod (#41)
turbot · Dec 1, 2023 · b4318e9 · b4318e9
1 parent 163326a
commit b4318e9
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 22 deletions.
diff --git a/ip_profiler/ip_profiler.fp b/ip_profiler/ip_profiler.fp
@@ -1,6 +1,6 @@
 pipeline "ip_profiler" {
   title       = "IP Profiler"
-  description = "A composite Flowpipe mod that aggregates data from VirusTotal, AbuseIPDB, and ReallyFreeGeoIP, offering in-depth and actionable intelligence on IP addresses."
+  description = "Get valuable information about an IP address by combining data from AbuseIPDB, ReallyFreeGeoIP and VirusTotal."
 
   param "abuseipdb_api_key" {
     type        = string
@@ -37,41 +37,40 @@ pipeline "ip_profiler" {
     description = "The number of reports per page. Defaults to 25 reports per page."
   }
 
-  # Really Free Geo IP
-  step "pipeline" "reallyfreegeoip_check_ip" {
+  # ReallyFreeGeoIP - Get IP Geolocation
+  step "pipeline" "reallyfreegeoip_ip_geolocation" {
     for_each = { for ip in param.ip_addresses : ip => ip }
-    pipeline = reallyfreegeoip.pipeline.check_ip
+    pipeline = reallyfreegeoip.pipeline.get_ip_geolocation
     args = {
       ip_address = each.value
     }
   }
 
-  # AbuseIPDB
-  step "pipeline" "abuseipdb_ip_info" {
+  # AbuseIPDB - Check IP Address
+  step "pipeline" "abuseipdb_ip_report" {
     for_each = { for ip in param.ip_addresses : ip => ip }
-    pipeline = abuseipdb.pipeline.check_ip
+    pipeline = abuseipdb.pipeline.check_ip_address
     args = {
       api_key         = param.abuseipdb_api_key
       ip_address      = each.value
       max_age_in_days = param.max_age_in_days
     }
   }
 
-  step "pipeline" "abuseipdb_reports" {
+  # AbuseIPDB - List IP Address Reports
+  step "pipeline" "abuseipdb_ip_abuse_reports" {
     for_each = { for ip in param.ip_addresses : ip => ip }
-    pipeline = abuseipdb.pipeline.list_reports
+    pipeline = abuseipdb.pipeline.list_ip_address_reports
     args = {
       api_key         = param.abuseipdb_api_key
       ip_address      = each.value
       max_age_in_days = param.max_age_in_days
-      page            = param.page
-      per_page        = param.per_page
     }
   }
 
-  # VirusTotal
+  # VirusTotal - Get IP Address Report
   step "pipeline" "virustotal_get_ip_address_report" {
-    # virustotal works only for ipv4
+    # Virustotal works only for IPv4
     for_each = { for ip in param.ip_addresses : ip => ip }
     if       = can(regex("^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$", each.value)) == true
     pipeline = virustotal.pipeline.get_ip_address_report
@@ -81,18 +80,18 @@ pipeline "ip_profiler" {
     }
   }
 
-  step "echo" "ip_profile" {
+  step "transform" "ip_profile" {
     for_each = { for ip in param.ip_addresses : ip => ip }
-    json = {
-      reallyfreegeoip_ip_location : step.pipeline.reallyfreegeoip_check_ip[each.value].output.report,
-      abuseipdb_ip_info : step.pipeline.abuseipdb_ip_info[each.value].output.report.data,
-      abuseipdb_abuse_reports : step.pipeline.abuseipdb_reports[each.value].output.reports.data.results,
+    value = {
+      reallyfreegeoip_ip_geolocation : step.pipeline.reallyfreegeoip_ip_geolocation[each.value].output.geolocation,
+      abuseipdb_ip_report : step.pipeline.abuseipdb_ip_report[each.value].output.ip_report,
+      abuseipdb_ip_abuse_reports : step.pipeline.abuseipdb_ip_abuse_reports[each.value].output.reports,
       virustotal_ip_scan : try(step.pipeline.virustotal_get_ip_address_report[each.value].output.ip_report.data, "Must be a valid IPv4 for VirusTotal scan.")
     }
   }
 
   output "ip_profile" {
     description = "IP Profile"
-    value       = { for ip, details in step.echo.ip_profile : ip => details.json }
+    value       = { for ip, details in step.transform.ip_profile : ip => details.value }
   }
 }
diff --git a/ip_profiler/mod.fp b/ip_profiler/mod.fp
@@ -4,16 +4,16 @@ mod "ip_profiler" {
 
   require {
     mod "github.com/turbot/flowpipe-mod-abuseipdb" {
-      version = "v0.0.1-rc.1"
+      version = "v0.0.1-rc.3"
       args = {
         api_key = var.abuseipdb_api_key
       }
     }
     mod "github.com/turbot/flowpipe-mod-reallyfreegeoip" {
-      version = "v0.0.1-rc.1"
+      version = "v0.0.1-rc.3"
     }
     mod "github.com/turbot/flowpipe-mod-virustotal" {
-      version = "v0.0.1-rc.3"
+      version = "v0.0.1-rc.5"
       args = {
         api_key = var.virustotal_api_key
       }