chronicle · haggit-eliyahu · Apr 20, 2026 · Apr 20, 2026 · Apr 21, 2026 · Apr 21, 2026
@@ -0,0 +1 @@
+3.11
@@ -0,0 +1,114 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import annotations
+from soar_sdk.SiemplifyUtils import output_handler
+from soar_sdk.SiemplifyAction import SiemplifyAction
+from ..core.IllusiveNetworksManager import IllusiveNetworksManager
+from TIPCommon import extract_configuration_param, extract_action_param
+from soar_sdk.ScriptResult import EXECUTION_STATE_COMPLETED, EXECUTION_STATE_FAILED
+from ..core.Utils import string_to_multi_value
+from ..core.IllusiveNetworksExceptions import ManagerAlreadyExistException
+from ..core.constants import INTEGRATION_NAME, PRODUCT_NAME, ADD_DECEPTIVE_SERVER_SCRIPT_NAME
+
+
+@output_handler
+def main():
+    siemplify = SiemplifyAction()
+    siemplify.script_name = ADD_DECEPTIVE_SERVER_SCRIPT_NAME
+
+    siemplify.LOGGER.info("----------------- Main - Param Init -----------------")
+
+    api_root = extract_configuration_param(
+        siemplify,
+        provider_name=INTEGRATION_NAME,
+        param_name="API Root",
+        is_mandatory=True,
+        print_value=True,
+    )
+    api_key = extract_configuration_param(
+        siemplify,
+        provider_name=INTEGRATION_NAME,
+        param_name="API Key",
+        is_mandatory=True,
+        print_value=False,
+    )
+    ca_certificate = extract_configuration_param(
+        siemplify, provider_name=INTEGRATION_NAME, param_name="CA Certificate File"
+    )
+    verify_ssl = extract_configuration_param(
+        siemplify,
+        provider_name=INTEGRATION_NAME,
+        param_name="Verify SSL",
+        default_value=False,
+        input_type=bool,
+        is_mandatory=True,
+    )
+
+    server_name = extract_action_param(
+        siemplify, param_name="Server Name", is_mandatory=True, print_value=True
+    )
+    server_types = string_to_multi_value(
+        extract_action_param(
+            siemplify, param_name="Service Types", is_mandatory=True, print_value=True
+        )
+    )
+    policy_names = string_to_multi_value(
+        extract_action_param(siemplify, param_name="Policy Names", print_value=True)
+    )
+
+    siemplify.LOGGER.info("----------------- Main - Started -----------------")
+
+    status = EXECUTION_STATE_COMPLETED
+    result_value = True
+
+    try:
+        manager = IllusiveNetworksManager(
+            api_root=api_root,
+            api_key=api_key,
+            ca_certificate=ca_certificate,
+            verify_ssl=verify_ssl,
+            siemplify_logger=siemplify.LOGGER,
+        )
+
+        if manager.get_deceptive_server(server_name) is not None:
+            raise ManagerAlreadyExistException(
+                f'Deceptive server "{server_name}" already exists.'
+            )
+
+        manager.add_deceptive_server(
+            host=server_name, server_types=server_types, policy_names=policy_names
+        )
+
+        output_message = f"Successfully added deceptive server in {PRODUCT_NAME}."
+    except Exception as e:
+        output_message = (
+            f"Error executing action '{ADD_DECEPTIVE_SERVER_SCRIPT_NAME}'. Reason: {e}"
+        )
+        siemplify.LOGGER.error(output_message)
+        siemplify.LOGGER.exception(e)
+        status = EXECUTION_STATE_FAILED
+        result_value = False
+
+    siemplify.LOGGER.info("----------------- Main - Finished -----------------")
+    siemplify.LOGGER.info(
+        f"\n  status: {status}\n  "
+        f"result_value: {result_value}\n  "
+        f"output_message: {output_message}"
+    )
+    siemplify.end(output_message, result_value, status)
+
+
+if __name__ == "__main__":
+    main()
@@ -0,0 +1,39 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Add Deceptive Server
+description: Add deceptive servers in Illusive Networks.
+documentation_link: https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/illusive-networks#add_deceptive_server
+integration_identifier: IllusiveNetworks
+parameters:
+-   name: Server Name
+    default_value: ''
+    type: string
+    description: Specify what kind of deceptive items should be returned.
+    is_mandatory: true
+-   name: Service Types
+    default_value: DB
+    type: string
+    description: Specify a comma-separated list of service types for new deceptive
+        server.
+    is_mandatory: true
+-   name: Policy Names
+    default_value: ''
+    type: string
+    description: Specify a comma-separated list of policies that need to be applied
+        to the new deceptive server. If nothing is provided action will use by default
+        all policies.
+    is_mandatory: false
+dynamic_results_metadata: []
+creator: admin
@@ -0,0 +1,115 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import annotations
+from soar_sdk.SiemplifyUtils import output_handler
+from soar_sdk.SiemplifyAction import SiemplifyAction
+from ..core.IllusiveNetworksManager import IllusiveNetworksManager
+from TIPCommon import extract_configuration_param, extract_action_param
+from soar_sdk.ScriptResult import EXECUTION_STATE_COMPLETED, EXECUTION_STATE_FAILED
+from ..core.Utils import string_to_multi_value
+from ..core.IllusiveNetworksExceptions import ManagerAlreadyExistException
+from ..core.constants import INTEGRATION_NAME, ADD_DECEPTIVE_USER_SCRIPT_NAME, PRODUCT_NAME
+
+
+@output_handler
+def main():
+    siemplify = SiemplifyAction()
+    siemplify.script_name = ADD_DECEPTIVE_USER_SCRIPT_NAME
+
+    siemplify.LOGGER.info("----------------- Main - Param Init -----------------")
+
+    api_root = extract_configuration_param(
+        siemplify,
+        provider_name=INTEGRATION_NAME,
+        param_name="API Root",
+        is_mandatory=True,
+        print_value=True,
+    )
+    api_key = extract_configuration_param(
+        siemplify,
+        provider_name=INTEGRATION_NAME,
+        param_name="API Key",
+        is_mandatory=True,
+        print_value=False,
+    )
+    ca_certificate = extract_configuration_param(
+        siemplify, provider_name=INTEGRATION_NAME, param_name="CA Certificate File"
+    )
+    verify_ssl = extract_configuration_param(
+        siemplify,
+        provider_name=INTEGRATION_NAME,
+        param_name="Verify SSL",
+        default_value=False,
+        input_type=bool,
+        is_mandatory=True,
+    )
+
+    username = extract_action_param(
+        siemplify, param_name="Username", is_mandatory=True, print_value=True
+    )
+    password = extract_action_param(siemplify, param_name="Password", is_mandatory=True)
+    dns_domain = extract_action_param(
+        siemplify, param_name="DNS Domain", print_value=True
+    )
+    policy_names = string_to_multi_value(
+        extract_action_param(siemplify, param_name="Policy Names", print_value=True)
+    )
+
+    siemplify.LOGGER.info("----------------- Main - Started -----------------")
+
+    status = EXECUTION_STATE_COMPLETED
+    result_value = True
+
+    try:
+        manager = IllusiveNetworksManager(
+            api_root=api_root,
+            api_key=api_key,
+            ca_certificate=ca_certificate,
+            verify_ssl=verify_ssl,
+            siemplify_logger=siemplify.LOGGER,
+        )
+        if manager.get_deceptive_user(username) is not None:
+            raise ManagerAlreadyExistException(
+                f'Deceptive user "{username}" already exists.'
+            )
+
+        manager.add_deceptive_user(
+            dns_domain=dns_domain,
+            username=username,
+            password=password,
+            policy_names=policy_names,
+        )
+
+        output_message = f"Successfully added deceptive user in {PRODUCT_NAME}."
+    except Exception as e:
+        output_message = (
+            f"Error executing action '{ADD_DECEPTIVE_USER_SCRIPT_NAME}'. Reason: {e}"
+        )
+        siemplify.LOGGER.error(output_message)
+        siemplify.LOGGER.exception(e)
+        status = EXECUTION_STATE_FAILED
+        result_value = False
+
+    siemplify.LOGGER.info("----------------- Main - Finished -----------------")
+    siemplify.LOGGER.info(
+        f"\n  status: {status}\n  "
+        f"result_value: {result_value}\n  "
+        f"output_message: {output_message}"
+    )
+    siemplify.end(output_message, result_value, status)
+
+
+if __name__ == "__main__":
+    main()
@@ -0,0 +1,43 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Add Deceptive User
+description: Add deceptive users in Illusive Networks.
+documentation_link: https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/illusive-networks#add_deceptive_user
+integration_identifier: IllusiveNetworks
+parameters:
+-   name: Username
+    default_value: ''
+    type: string
+    description: Specify the username for the new deceptive user.
+    is_mandatory: true
+-   name: Password
+    default_value: ''
+    type: password
+    description: Specify the password for the new deceptive user.
+    is_mandatory: true
+-   name: DNS Domain
+    default_value: ''
+    type: string
+    description: Specify the domain name for the new deceptive user.
+    is_mandatory: false
+-   name: Policy Names
+    default_value: ''
+    type: string
+    description: Specify a comma-separated list of policies that need to be applied
+        to the new deceptive user. If nothing is provided action will use by default
+        all policies.
+    is_mandatory: false
+dynamic_results_metadata: []
+creator: admin