DHS Feed v2 #19760
DHS Feed v2 #19760
Conversation
# Conflicts: # Packs/FeedTAXII/ReleaseNotes/1_1_9.md
# Conflicts: # Packs/ApiModules/ReleaseNotes/2_2_11.md # Packs/ApiModules/Scripts/TAXII2ApiModule/TAXII2ApiModule.py # Packs/ApiModules/Scripts/TAXII2ApiModule/TAXII2ApiModule_test.py # Packs/FeedTAXII/ReleaseNotes/1_1_16.md
| example, 1 minute, 12 hour, 24 days. Limited to 48 hours. | ||
| name: added_after | ||
| description: Allows you to test your feed and to make sure you can fetch indicators | ||
| successfully. Due to API limitations this command may take a long time to run, make sure 'execution-timeout' argument is increased. |
There was a problem hiding this comment.
we should direct to an explanation in the readme to how to configure "execution-timeout".
| - defaultValue: '10' | ||
| description: Maximum number of indicators to return. Default is 10. If you are increasing this value, make sure 'execution-timeout' argument is also increased. | ||
| name: limit | ||
| - defaultValue: '24 hours' |
There was a problem hiding this comment.
check that yo return in the command the same error of the test module:
- the value is not parsed correctly
- the value is more than 48 hours, and the error should explain it cannot be more than 48 hour due to DHS limitations.
| type: 19 | ||
| - additionalinfo: 'The time interval for the first fetch (retroactive) in the following format: <number> <time | ||
| unit> of type minute/hour/day. For example, 1 minute, 12 hour. Limited to 48 hours.' | ||
| defaultvalue: 24 hours |
There was a problem hiding this comment.
this value should be checked in the test module and should return areadeble rare in the cases:
- the value is not parsed correctly
- the value is more than 48 hours, and the error should explain it cannot be more than 48 hours due to DHS limitations.
| ''' COMMAND FUNCTIONS ''' | ||
|
|
||
|
|
||
| def command_test_module(client: Taxii2FeedClient): |
There was a problem hiding this comment.
checks we should have in they order:
- check the "added after" parameter(see my comment in thee yml.)
- get collections(already exist)
- fetch indicators with added after 6 hours OR the added after param, the shorter of the 2)
| @@ -93,43 +93,21 @@ configuration: | |||
| required: false | |||
| type: 19 | |||
| - additionalinfo: 'The time interval for the first fetch (retroactive) in the following format: <number> <time | |||
| unit> of type minute/hour/day/year. For example, 1 minute, 12 hour.' | |||
| unit> of type minute/hour/day. For example, 1 minute, 12 hour. Limited to 48 hours.' | |||
There was a problem hiding this comment.
If it is more than 1 (hour, minute, day) will it be hours/minutes/days? For example 3 minutes. 12 hours.
There was a problem hiding this comment.
Yes, both singular and plural are valid. If the value will be more than 48 hours (or 2 days), an error will be raised.
Done.
|
@yuvalbenshalom @DeanArbel @Ni-Knight Doc review completed. |
|
Link to the unit tests coverage report: |
* add v2
Status
Related Issues
fixes: https://jira-hq.paloaltonetworks.local/browse/CIAC-4405, https://jira-hq.paloaltonetworks.local/browse/CIAC-4465
Description
Enhancement to support TAXII v2 for DHS feed.
Currently we don't have an instance (requested one here), so it is not tested yet.
Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have