Scripts for threat lookup source supported lookup types

Two types of script includes--an integration script and a processor script--are used to define a threat lookup source supported lookup types. These script includes are built using scripts entered on the Supported lookup type screen.

When you are defining a new supported lookup type, two scripts are used to build the integration and processor implementations:
  • Integration factory script
  • Processor factory script

Integration factory script

The integration factory script is used to construct a script include that extends the sn_sec_cmn.ScannerIntegrationBase script include. The script include is responsible for defining the logic that sends a request to the threat lookup source and retrieves the results of previously submitted lookups. The script include, at a minimum, defines the following methods:
sendData: function(scanGr) {
// Logic to make request to send data to a lookup source goes here.
// Additionally, this should update the lookup request with state information 
// depending on whether send was successful.
}
retrieveData: function(scanGr) {
// Logic to get report data from a lookup source goes here. 
// This should return the report information that will be passed to the processor script
}

After the script include that extends sn_sec_cmn.ScannerIntegrationBase is written and implements the sendData and retrieveData methods, add the instantiation logic to the Integration factory script field of the supported lookup type record. Although you can have any logic you want in the field, the last line must be the instantiated integration object.

For example, if you create an integration script include in the global scope with a name of "MyIPScannerIntegration" that does not expect any constructor arguments, the last line of the Integration factory script field would be:
new global.MyIPScannerIntegration();

Processor factory script

The Processor factory script is used to construct a script include that extends the sn_sec_cmn.ScannerProcessorBase script include. The script include is responsible for defining the logic to handle the value returned by the integration retrieveData call. The script include, at a minimum, defines the following method:
process: function(data, scanGR) {
// Logic to process report data provided by "data". 
// This should create lookup result records if problems were found by the vendor.
// Additionally, the state of the Lookup record should be updated if the lookup is complete,
// or encounters an error that is not cleared by subsequent calls to the server.
}

After the script include that extends sn_sec_cmn.ScannerProcessorBase is written and implements the process method, you would then add the instantiation logic to the Processor factory script field of the supported lookup type record. As with the Integration factory script, you can have any logic you want in the field, but the last line must be the instantiated processor object.

For example, if you created a processor script include in the global scope with the name of "MyIPReportProcessor" that does not expect any constructor arguments, the last line of the Processor factory script field would be:
new global.MyIPReportProcessor();