Application manifest

Application Manifest¶

A manifest is a JSON file that describes the application. Every imperum application should have a manifest file in the root directory. Manifest file should be named as manifest.json. Imperum uses this file to understand the application and utilizes it in the system accordingly.

Field	Description
`name`	Name of the application
`description`	Description of the application
`vendor`	Name of the vendor. This field is optional
`app_logo`	Logo of the application. See Logo Definition
`file_name`	Designates the entry point of the application. This field is required.
`category`	Category of the application. See Application Categories
`actions`	List of actions that application can perform. See Action Definition
`configurations`	List of configurations that application needs. See Configuration Definition
`draft`	If this field is true, application will not be visible in the application list. This field is boolean
`is_pinned`	If this field is true, the application will be pinned on the Playbook page. This field is boolean. If this field is false, the application can be pinned from the application configuration drawer later

Logo Definition ¶

An app logo definition should have 2 fields. Logos can be in svg or png format. You can point to same file for both light and dark backgrounds.

Field	Description
`app_logo_light`	Logo of the application for light backgrounds
`app_logo_dark`	Logo of the application for dark backgrounds

Action Definition ¶

An action definition should have 4 fields.

Field	Description
`name`	Name of the action
`display_name`	Human readable name of the action
`input_params`	List of input parameters that action needs. See Input Parameter
`output_params`	List of output parameters that action returns. See Output Parameter

Configuration Definition ¶

Imperum uses configuration definitions to render a form in the application configuration drawer.

Configuration can not be used by other applications, you can store sensitive data in configurations by setting type field to password.

Definition of a configuration is the extends of Input Parameter with 1 additional field.

Field	Description
`default`	Default value of the configuration.

Input Parameter ¶

Field	Description
`name`	Name of the input parameter
`description`	Description of the input parameter
`placeholder`	Placeholder of the input.
`type`	Type of the input parameter in HTML input type format.
`order`	Order of the input in the form. This field is number. Starts from 0.
`required`	If this field is true, user has to fill this input.

Output Parameter ¶

This outputs are rendered in nested selectors in Imperum Playbook to guide user to select the correct output.

Field	Description
`name`	Name of the output parameter. This field will be used to extract the value from the response and should be in JSON path format.
`type`	Type of the output parameter. Can be `string` or `object`.

Connectors Definition ¶

Imperum uses connectors definition to create connector meta objects in database. The item of the connectors list field is following.

Field	Description
`name`	Name of connector meta
`input_params`	The input of the connector function. Its type is Input
`raw_event_fields`	Raw event fields name. This is particularly needed for mapping Fields are json path as some third party may send event as nested structure.
`artifact_entity_fields_mapping`	The default mapping, event fields mapping objects are created based on this field when a event comes from an connector for the first time.
`event_types_mapping`	The default mapping for each event type of a connector.
`settings`	Currently settings contain type mapping in order to build full mapping object.

Sample Manifest¶

{
  "name": "Sample App",
  "description": "This is a sample app",
  "vendor": "Imperum",
  "app_logo": {
    "app_logo_light": "logo_light.svg",
    "app_logo_dark": "logo_dark.svg"
  },
  "file_name": "sample_app.py",
  "category": "SANDBOX",
  "actions": [
    {
      "name": "sample_action",
      "display_name": "Sample Action",
      "input_params": [
        {
          "name": "sample_input",
          "description": "This is a sample input",
          "placeholder": "Sample Input",
          "type": "text",
          "order": 0,
          "required": true
        }
      ],
      "output_params": [
        {
          "name": "sample_output.string",
          "type": "string"
        },
        {
          "name": "sample_output.object",
          "type": "object"
        }
      ]
    }
  ],
  "configurations": [
    {
      "name": "sample_config",
      "description": "This is a sample config",
      "placeholder": "Sample Config",
      "type": "text",
      "order": 0,
      "required": true,
      "default": "sample"
    }
  ],
  "draft": false
}

Application Categories ¶

You can use one of the following categories for your application.

DEVOPS = "Devops"
DIRECTORY_SERVICE = "Directory Service"
EMAIL = "Email"
ENDPOINT = "Endpoint"
FIREWALL = "Firewall"
GENERIC = "Generic"
IDENTITY_MANAGEMENT = "Identity Management"
INFORMATION = "Information"
NETWORK_ACCESS_CONTROL = "Network Access Aontrol"
NETWORK_DEVICE = "Network Device"
NETWORK_SECURITY = "Network Security"
SANDBOX = "Sandbox"
SIEM = "SIEM"
THREAT_INTELLINGENCE = "Threat Intelligence"
TICKETING = "Ticketing"
VIRTUALIZATION = "Virtualization"
PAM = "PAM"
XDR = "XDR"
EDR = "EDR"
NDR = "NDR"
NGFW = "NGFW"
CLOUD = "Cloud"
IAM = "IAM"
OPENSOURCE = "Open Source"
FREE = "Free"
ITSM = "ITSM"
LOGMANAGEMENT = "Log Management"
DATABASE = "Database"
WAF = "WAF"
PROXY = "Proxy"
VULNERABILITYMANAGEMENT = "Vulnerability Management"
DEVELOPMENTTOOLS = "Development Tools"
COMMUNICATION = "Communication"
DNSSECURITY = "DNS Security"
MFA = "MFA"
IOT = "OT/IOT"
RISKMANAGEMENT = "Risk Management"
ATTACKSIMULATION = "Attack Simulation"