Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CSP - Added Rank class (new grid field) and rank to the Domain class (new grid field) #27352

Merged
merged 5 commits into from
Jun 12, 2023
Merged

CSP - Added Rank class (new grid field) and rank to the Domain class (new grid field) #27352

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
42ca1ff
Added rank to domain
Ni-Knight Jun 11, 2023
f05deb7
RN
Ni-Knight Jun 11, 2023
c4cbb2c
Update CommonServerPython.py
Ni-Knight Jun 11, 2023
d99866b
Merge branch 'master' into dra-CSP-rank-domain
Ni-Knight Jun 12, 2023
cfcf873
RN
Ni-Knight Jun 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions Packs/Base/ReleaseNotes/1_32_12.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@

#### Scripts

##### CommonServerPython

- Added "rank" as a domain grid field (source, rank).
41 changes: 33 additions & 8 deletions Packs/Base/Scripts/CommonServerPython/CommonServerPython.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,10 +119,10 @@ def fix_traceback_line_numbers(trace_str):
"""
def is_adjusted_block(start, end, adjusted_lines):
return any(
block_start < start < end < block_end
block_start < start < end < block_end
for block_start, block_end in adjusted_lines.items()
)

for number in re.findall(r'line (\d+)', trace_str):
line_num = int(number)
module = _find_relevant_module(line_num)
Expand Down Expand Up @@ -3340,6 +3340,27 @@ def to_context(self):
'description': self.description
}

class Rank:
"""
Single row in a rank grid field

:type rank: float / int
:param rank: A numerical rank value

:type source: ``str``
:param source: The name of the source from which the rank was taken
"""

def __init__(self, rank=None, source=None):
self.rank = rank
self.source = source

def to_context(self):
return {
'source': self.source,
'rank': self.rank
}

class ExternalReference(object):
"""
ExternalReference class
Expand Down Expand Up @@ -4382,7 +4403,7 @@ def __init__(self, domain, dbot_score, dns=None, detection_engines=None, positiv
community_notes=None, publications=None, geo_location=None, geo_country=None, geo_description=None,
tech_country=None, tech_name=None, tech_email=None, tech_organization=None, billing=None,
whois_records=None, relationships=None, description=None, stix_id=None, blocked=None,
certificates=None, dns_records=None,):
certificates=None, dns_records=None, rank=None):

# Main indicator value
self.domain = domain
Expand All @@ -4408,6 +4429,7 @@ def __init__(self, domain, dbot_score, dns=None, detection_engines=None, positiv
self.organization = organization
self.sub_domains = sub_domains
self.updated_date = updated_date
self.rank = rank

# Whois related records - Registrar
self.registrar_name = registrar_name
Expand Down Expand Up @@ -4614,6 +4636,9 @@ def to_context(self):
if self.certificates:
domain_context['Certificates'] = self.create_context_table(self.certificates)

if self.rank:
domain_context['Rank'] = self.create_context_table(self.rank)

return ret_value

class Endpoint(Indicator):
Expand Down Expand Up @@ -7821,7 +7846,7 @@ def response_to_context(reponse_obj, user_predefiend_keys=None):
:type reponse_obj: ``Any``
:param reponse_obj: The response object to update.
:type reponse_obj: ``dict``
:user_predefiend_keys: An optional argument,
:user_predefiend_keys: An optional argument,
a dict with predefined keys where the key is the key in the response and value is the key we want to turn the key into.

:return: A response with all keys (if there're any) starts with a capital letter.
Expand Down Expand Up @@ -10573,7 +10598,7 @@ def filter_incidents_by_duplicates_and_limit(incidents_res, last_run, fetch_limi
found_incidents = last_run.get('found_incident_ids', {})

incidents = []

demisto.debug('lb: Number of incidents before filtering: {}, their ids: {}'.format(len(incidents_res),
[incident_res[id_field] for incident_res in incidents_res]))
for incident in incidents_res:
Expand Down Expand Up @@ -10737,12 +10762,12 @@ def create_updated_last_run_object(last_run, incidents, fetch_limit, look_back,
new_last_run = {
'time': start_fetch_time,
}

if look_back > 0:
new_last_run['limit'] = len(last_run.get('found_incident_ids', [])) + len(incidents) + fetch_limit
else:
new_last_run['limit'] = fetch_limit

demisto.debug("lb: The new_last_run is: {}, the remove_incident_ids is: {}".format(new_last_run,
remove_incident_ids))

Expand Down Expand Up @@ -10967,7 +10992,7 @@ def xsiam_api_call_with_retries(

:type headers: ``dict``
:param headers: headers for the request

:type error_msg: ``str``
:param error_msg: The error message prefix in case of an error.

Expand Down
2 changes: 1 addition & 1 deletion Packs/Base/pack_metadata.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "Base",
"description": "The base pack for Cortex XSOAR.",
"support": "xsoar",
"currentVersion": "1.32.11",
"currentVersion": "1.32.12",
"author": "Cortex XSOAR",
"serverMinVersion": "6.0.0",
"url": "https://www.paloaltonetworks.com/cortex",
Expand Down