Skip to content

Commit

Permalink
CSP - Added Rank class (new grid field) and rank to the Domain cl…
Browse files Browse the repository at this point in the history
…ass (new grid field) (#27352)

* Added rank to domain

* RN

* Update CommonServerPython.py

* RN
  • Loading branch information
Ni-Knight authored and ostolero committed Jun 14, 2023
1 parent a49239f commit e3d2485
Show file tree
Hide file tree
Showing 3 changed files with 40 additions and 9 deletions.
6 changes: 6 additions & 0 deletions Packs/Base/ReleaseNotes/1_32_13.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@

#### Scripts

##### CommonServerPython

- Added "rank" as a domain grid field (source, rank).
41 changes: 33 additions & 8 deletions Packs/Base/Scripts/CommonServerPython/CommonServerPython.py
Original file line number Diff line number Diff line change
Expand Up @@ -119,10 +119,10 @@ def fix_traceback_line_numbers(trace_str):
"""
def is_adjusted_block(start, end, adjusted_lines):
return any(
block_start < start < end < block_end
block_start < start < end < block_end
for block_start, block_end in adjusted_lines.items()
)

for number in re.findall(r'line (\d+)', trace_str):
line_num = int(number)
module = _find_relevant_module(line_num)
Expand Down Expand Up @@ -3340,6 +3340,27 @@ def to_context(self):
'description': self.description
}

class Rank:
"""
Single row in a rank grid field
:type rank: float / int
:param rank: A numerical rank value
:type source: ``str``
:param source: The name of the source from which the rank was taken
"""

def __init__(self, rank=None, source=None):
self.rank = rank
self.source = source

def to_context(self):
return {
'source': self.source,
'rank': self.rank
}

class ExternalReference(object):
"""
ExternalReference class
Expand Down Expand Up @@ -4382,7 +4403,7 @@ def __init__(self, domain, dbot_score, dns=None, detection_engines=None, positiv
community_notes=None, publications=None, geo_location=None, geo_country=None, geo_description=None,
tech_country=None, tech_name=None, tech_email=None, tech_organization=None, billing=None,
whois_records=None, relationships=None, description=None, stix_id=None, blocked=None,
certificates=None, dns_records=None,):
certificates=None, dns_records=None, rank=None):

# Main indicator value
self.domain = domain
Expand All @@ -4408,6 +4429,7 @@ def __init__(self, domain, dbot_score, dns=None, detection_engines=None, positiv
self.organization = organization
self.sub_domains = sub_domains
self.updated_date = updated_date
self.rank = rank

# Whois related records - Registrar
self.registrar_name = registrar_name
Expand Down Expand Up @@ -4614,6 +4636,9 @@ def to_context(self):
if self.certificates:
domain_context['Certificates'] = self.create_context_table(self.certificates)

if self.rank:
domain_context['Rank'] = self.create_context_table(self.rank)

return ret_value

class Endpoint(Indicator):
Expand Down Expand Up @@ -7821,7 +7846,7 @@ def response_to_context(reponse_obj, user_predefiend_keys=None):
:type reponse_obj: ``Any``
:param reponse_obj: The response object to update.
:type reponse_obj: ``dict``
:user_predefiend_keys: An optional argument,
:user_predefiend_keys: An optional argument,
a dict with predefined keys where the key is the key in the response and value is the key we want to turn the key into.
:return: A response with all keys (if there're any) starts with a capital letter.
Expand Down Expand Up @@ -10573,7 +10598,7 @@ def filter_incidents_by_duplicates_and_limit(incidents_res, last_run, fetch_limi
found_incidents = last_run.get('found_incident_ids', {})

incidents = []

demisto.debug('lb: Number of incidents before filtering: {}, their ids: {}'.format(len(incidents_res),
[incident_res[id_field] for incident_res in incidents_res]))
for incident in incidents_res:
Expand Down Expand Up @@ -10737,12 +10762,12 @@ def create_updated_last_run_object(last_run, incidents, fetch_limit, look_back,
new_last_run = {
'time': start_fetch_time,
}

if look_back > 0:
new_last_run['limit'] = len(last_run.get('found_incident_ids', [])) + len(incidents) + fetch_limit
else:
new_last_run['limit'] = fetch_limit

demisto.debug("lb: The new_last_run is: {}, the remove_incident_ids is: {}".format(new_last_run,
remove_incident_ids))

Expand Down Expand Up @@ -10967,7 +10992,7 @@ def xsiam_api_call_with_retries(
:type headers: ``dict``
:param headers: headers for the request
:type error_msg: ``str``
:param error_msg: The error message prefix in case of an error.
Expand Down
2 changes: 1 addition & 1 deletion Packs/Base/pack_metadata.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "Base",
"description": "The base pack for Cortex XSOAR.",
"support": "xsoar",
"currentVersion": "1.32.12",
"currentVersion": "1.32.13",
"author": "Cortex XSOAR",
"serverMinVersion": "6.0.0",
"url": "https://www.paloaltonetworks.com/cortex",
Expand Down

0 comments on commit e3d2485

Please sign in to comment.