Duo Account Bypass Mode (Correction)

responders/Duo_Security/DuoBypassUserAccount.json

@@ -0,0 +1,34 @@
+{
+  "name": "DuoBypassUserAccount",
+  "version": "1.0",
+  "author": "jahamilto",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "description": "Put User Account into Bypass mode in Duo Security via AdminAPI (The user will not be prompted when logging in.)",
+  "dataTypeList": ["thehive:case_artifact"],
+  "command": "Duo_Security/duoBypassUserAccount.py",
+  "baseConfig": "Duo_Security_main",
+  "configurationItems": [
+    {
+      "name": "API_hostname",
+      "description": "Duo Admin API hostname, api-XXXXXXXX.duosecurity.com",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+   {
+      "name": "Integration_Key",
+      "description": "Integration Key",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "Secret_Key",
+      "description": "Secret Key",
+      "type": "string",
+      "multi": false,
+      "required": true
+    }
+  ]
+}

responders/Duo_Security/duoBypassUserAccount.py

@@ -0,0 +1,48 @@
+#!/usr/bin/env python3
+# encoding: utf-8
+
+from cortexutils.responder import Responder
+import requests
+import duo_client
+from datetime import datetime
+
+class DuoBypassUserAccount(Responder):
+    def __init__(self):
+        Responder.__init__(self)
+        self.API_hostname = self.get_param('config.API_hostname', None, "API hostname is missing")
+        self.iKey = self.get_param('config.Integration_Key', None, "Integration Key is missing")
+        self.sKey = self.get_param('config.Secret_Key', None, "Secret Key is  missing")
+
+    def run(self):
+        Responder.run(self)
+
+        if self.get_param('data.dataType') == 'username':
+
+            str_username = self.get_param('data.data', None, 'No artifacts available')
+
+            admin_api = duo_client.Admin(self.iKey, self.sKey, self.API_hostname)
+
+            response = admin_api.get_users_by_name(username=str_username)
+
+#            print(response)
+
+            user_id=response[0]["user_id"]
+
+#            print("user_id:",user_id)
+
+            r = admin_api.update_user(user_id=user_id,status='bypass')
+
+#            print("response:",r)
+
+            if r.get('status') == 'bypass':
+                self.report({'message': 'User is in bypass mode in Duo Security.'})
+            else:
+                self.error('Failed to put User Account in bypass mode in Duo.')
+        else:
+            self.error('Incorrect dataType. "username" expected.')
+
+    def operations(self, raw):
+        return [self.build_operation('AddTagToArtifact', tag='Duo User: bypass')]
+
+if __name__ == '__main__':
+        DuoBypassUserAccount().run()