Publisher: Mhike
Connector Version: 1.0.1
Product Vendor: Mhike
Product Name: Exodus
Product Version Supported (regex): ".*"
Minimum Product Version: 4.9.0
The Exodus app manages various operations used in migrating content from dev to prod
Exodus migrates playbooks, custom functions, and assets via Phantom's rest API and uses containers under an exodus label to specify content that is being reviewed for migration. Several things are requires to effectively make this process flow work. You can run exodus from either your dev or your prod instance. The chosen host is where you will configure Exodus assets and "ingestion". Exodus does not technically ingest anything but the ingestion scheduling is used to define the interval time between checks for now content to be migrated
You will need a Phantom API token for both your dev and your production environment
Dev Permissions: Playbooks: R, Custom Code: RW, Apps: R, Assets: R, Containers: RW
Prod Permissions: Playbooks: RW, Custom Code: RW, Apps: R, Assets: RW, Containers: None
The above permissions reflect Exodus running on dev and promoting content to prod.
The inverse is also possible with roughly the same permissions but the asset migration capability will break password fields when pulling to prod.
During migration, playbook and custom function tarballs are temporarily written to /tmp on the filesystem
This app creates containers under the label exodus . This label should be created in your Phantom host that will run exodus. Permissions for this label should be restricted to roles that are authorized to review and approve content for production
Exodus identifies "new" content for migration based on 2 things: object ID and tags. Any playbook that has a new ID (because it has been changed) and a prod tag will be considered a candidate for migration. The prod tag should be created in your dev phantom environment for this purpose.
Exodus identifies candidate playbooks and custom functions and creates exodus containers. Once these containers are created, the only requirement left to signal Exodus to move the content to prod is to run the Exodus action add approval . The methodology for how that action is invoked and what the process looks like is defined by the organization. It can be as simple as requiring leads on the dev team to review all new exodus containers and manually run the add approval action if they approve or close the container if they don't approve. It is recommended that an active playbook be created for the exodus containers that builds and sends an approval request via prompts, slack, email, etc in order to make your process smoother and more auditable. It would be wise to store these playbooks in an "admin" repo to prevent unauthorized users from adversly modifying the approval process playbook.
If assets are to be migrated, exodus must be executed on the source host that the assets are
initially created on in order to stay intact.
If assets are "pulled" from their host instead of "pushed" pasword fields will be broken.
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Exodus asset in SOAR.
| VARIABLE | REQUIRED | TYPE | DESCRIPTION |
|---|---|---|---|
| source_base_url | required | string | URL for source SOAR host |
| source_api_token | required | password | API token for source SOAR host |
| source_dev_repo_id | required | string | Dev Repository ID for source SOAR host |
| source_prod_repo_id | optional | string | Prod repository ID on source SOAR host |
| source_tenant_id | optional | string | Tenant ID on source SOAR host |
| target_base_url | required | string | URL for target SOAR host |
| target_api_token | required | password | API token for target SOAR host |
| target_repo_id | required | string | Prod repository ID on target SOAR host |
| debug | optional | boolean | Print debugging statements to log |
test connectivity - Validate the asset configuration for connectivity using supplied credentials
add approval - Add approval artifact to container
on poll - Execute migration options
Validate the asset configuration for connectivity using supplied credentials
Type: test
Read only: True
No parameters are required for this action
No Output
Add approval artifact to container
Type: generic
Read only: False
Add a specifically formatted artifact that is required for the approval process for exodus containers.
No parameters are required for this action
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.status | string | |
| action_result.data | string | |
| action_result.summary | string | |
| action_result.message | string | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |
Execute migration options
Type: ingest
Read only: False
Create required exodus containers and migrate approved content to production system.
No parameters are required for this action
No Output