Skip to content

Commit

Permalink
[ASM] - Expander - Update Service Ownership (#27140) (#27522)
Browse files Browse the repository at this point in the history 
* Update Cortex ASM - Service Ownership

- Updated Cortex ASM - GCP Enrichment playbook to retrieve the service account on the instance and writes it to incident field **asmserviceownerunrankedraw** for use by the **Cortex ASM - Service Ownership** playbook.
- Updated the Service Ownership playbook to run for all cloud service providers and added support for retrieving GCP project owners from user-managed, cross-project service accounts.
- Add script GetProjectOwners which prses a GCP service account email for the project ID, then looks up the project owners and adds them to a list of potential service owners for ranking.
- Updated script RankServiceOwners to no longer limit to the top-5 service owners

Test plan: pytest + tested in callu tenant on AWS and GCP alerts, verified the expected owners were written to `asmserviceowner`

* Mark GetProjectOwners task as skip unavailable since it depends on GCP-IAM integration

* Revert change to fromversion in RankServiceOwners

* Bump pack version

* Use regex to validate user-managed service account

* Raise/catch exceptions rather than using nested if statements

* Update docker image.

* exclude GCP-IAM core-pack dependency

* Update GCP Enrichment playbook with service account

* Update pack README with new script

* Update release notes

* Add unit tests for error handling in GetProjectOwners

- Validate error message on existing tests
- Add unit test for get_iam_policy

* Add tests to verify exception handling in main

* Revert to ' | ' delimiter for Source field

* Move up check for Cortex ASM integration

* Update docker images

* Update release notes

* Update Packs/CortexAttackSurfaceManagement/README.md



* Update docker image and release notes

---------

Co-authored-by: kball-pa <[email protected]>
Co-authored-by: Danny_Fried <[email protected]>
Co-authored-by: John <[email protected]>
  • Loading branch information
@content-bot @kball-pa
@thefrieddan1 @BigEasyJ
4 people authored Jun 18, 2023
1 parent 26f56f9 commit a7f084f
Show file tree
Hide file tree
Showing 17 changed files with 882 additions and 372 deletions.
2 changes: 1 addition & 1 deletion ...ceManagement/Integrations/CortexAttackSurfaceManagement/CortexAttackSurfaceManagement.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -370,7 +370,7 @@ script:
- contextPath: ASM.RemediationRule.created_at
description: Date the rule was created.
type: Date
dockerimage: demisto/python3:3.10.11.54132
dockerimage: demisto/python3:3.10.12.63474
runonce: false
script: ''
subtype: python3
Expand Down
Loading

0 comments on commit a7f084f

Please sign in to comment.