[ASM] - Expander - Remediation Confirmation Scan #27780
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Add command for starting scan. Add function and error handling for call the new scan endpoint. Add function for new command to scan. * Update rcs get or create endpoint * Refactor client code to fixture * Update status code check and error handling Move error handling and status code checking to RCS start scan to command function Update start_remediation_confirmation_scan to retrun full response object * Refactor Cortex ASM tests & Add success tests for RCS Reducing imports should speed up tests Add test cases for RCS start scan Add results and responses for RCS scan * Update Cortex ASM intgration tests - Add failure scenario test for starting RCS scan - Add general 500 waitress error - Update test data * Update Cortex ASM integration - Add error_handler to all request - Add new function to handle api errors, "get_api_error" * Update Cortex ASM integration custom exceptions * Update tests for Cortex ASM integration - Add test for getting RCS 200 response scan status for IN_PROGRESS|SUCCESS|FAILED_ERROR|FAILED_TIMEOUT statuses. - Add test for getting RCS 500 response scan status. - Add response and results test data. - Update existing response and results test data names. - Move test_general_500_error. - Add missing docstrings. * Add asm-get-remediation-confirmation-scan-status command to Cortex ASM integration * Update incorrect raw_responses in Cortex ASM integration * Update get_remediation_confirmation_scan_status_command context outputs * Update get_api_error in ASM integration * Update tests and get_error_api - Update test_get_remediation_confirmation_scan_status_failure exception and error message. - Update test_start_remediation_confirmation_failure_codes error message. - Update get_api_error to check for 'message' in response error json. * Add ASM RCS playbook and update Detect Service playbook …Add ASM RCS playbook and update Detect Service playbook - Replaced all logic, including NMAP scan from Cortex_ASM_-_Detect_Service with Cortex_ASM_-_Remediation_Confirmation_Scan - Cteaded new Cortex_ASM_-_Remediation_Confirmation_Scan playbook that starts a scan and polls for scan status - New PNG files - Updated ReadMe files * Update docker image for ASM integration * Update Pack README - Add section for Cortex ASM - Remediation Confirmation Scan - Fix minor grammar * Update ASM integration (Remove comments) * Format and Update CortexAttackSurfaceManagement - Format with Flake8 and Black - Update output status key for get_remediation_confirmation_scan_status_command - Update request for start_remediation_confirmation_scan * Output keys for retrieving status * Update ASM integration README * Update functions for scanning and errors Update get_remediation_confirmation_scan_status_command to use polling. Update yml with polling and hide_polling_output. Update get_api_error with 400 and new err_extra, reduced logic to make it simpler. * Update ASM Alert Playbook - Remove Detect Service initialize step - Re-format playbook * Update Detect Service playbook and remove inputs * Update ASM RCS playbook * Update ASM Detect Service playbook * Add S3 to AWS Enrichment * Update Cortex ASM integration - Rename command asm-start-remediation-confirmation-scan from remediation_confirmation_scan - Add default polling and polling related parameters * Update Cortex ASM integration Remove prints and stale comments * Update unit tests and get_api_error function - Update expected and raw results test data - Update unit tests to reflect updated integration - Remove status code logic from get_api_error function * Add tests and update get_error_api - Increase code coverage - Update doc strings - Update logic of get_error_api function * Address linting and formatting * Deprecate Cortex ASM - SNMP Check * Add release notes * Update Cortex ASM integration docker version * Fix validation errors * Update Cortex ASM - ASM Alert playbook * Update get_api_error Remove Value Error from second exception Change message of NotFoundError exception * Update brands on Cortex ASM - RCS playbook * Address validations and deprecate SNMPDetection - Update readme - Update release notes - Deprecate SNMPDetection - Remove fromversion from SeviceOwnership.yml (Validation code BC106) * Update Cortex ASM - ASM Alert with latest * Update Cortex ASM - ASM Alert png * Address PR comments. - Update Cortex ASM - AWS Enrichment readme. - Fix Cortex ASM - AWS Enrichment typos from versions ago. - Move Cortex Attack Surface Management down a fromversion * Update Cortex ASM - ASM Alert - Update 21 to "What to do if RCS is inconclusive?" - Update "Service exposure still observable?" conditional * Address doc review comments and validation * Update RCS PNG to PR link * Update release notes * Undo non-essential file changes * Fix validation errors.
content-bot
added
Contribution
…tegration-polling
RotemAmit
approved these changes
Jun 28, 2023
RotemAmit
deleted the
contrib/BigEasyJ_expander-3175-3350-rcs-integration-polling
branch
MosheEichler
pushed a commit
that referenced
this pull request
Jul 2, 2023
* Add command for starting scan. Add function and error handling for call the new scan endpoint. Add function for new command to scan. * Update rcs get or create endpoint * Refactor client code to fixture * Update status code check and error handling Move error handling and status code checking to RCS start scan to command function Update start_remediation_confirmation_scan to retrun full response object * Refactor Cortex ASM tests & Add success tests for RCS Reducing imports should speed up tests Add test cases for RCS start scan Add results and responses for RCS scan * Update Cortex ASM intgration tests - Add failure scenario test for starting RCS scan - Add general 500 waitress error - Update test data * Update Cortex ASM integration - Add error_handler to all request - Add new function to handle api errors, "get_api_error" * Update Cortex ASM integration custom exceptions * Update tests for Cortex ASM integration - Add test for getting RCS 200 response scan status for IN_PROGRESS|SUCCESS|FAILED_ERROR|FAILED_TIMEOUT statuses. - Add test for getting RCS 500 response scan status. - Add response and results test data. - Update existing response and results test data names. - Move test_general_500_error. - Add missing docstrings. * Add asm-get-remediation-confirmation-scan-status command to Cortex ASM integration * Update incorrect raw_responses in Cortex ASM integration * Update get_remediation_confirmation_scan_status_command context outputs * Update get_api_error in ASM integration * Update tests and get_error_api - Update test_get_remediation_confirmation_scan_status_failure exception and error message. - Update test_start_remediation_confirmation_failure_codes error message. - Update get_api_error to check for 'message' in response error json. * Add ASM RCS playbook and update Detect Service playbook …Add ASM RCS playbook and update Detect Service playbook - Replaced all logic, including NMAP scan from Cortex_ASM_-_Detect_Service with Cortex_ASM_-_Remediation_Confirmation_Scan - Cteaded new Cortex_ASM_-_Remediation_Confirmation_Scan playbook that starts a scan and polls for scan status - New PNG files - Updated ReadMe files * Update docker image for ASM integration * Update Pack README - Add section for Cortex ASM - Remediation Confirmation Scan - Fix minor grammar * Update ASM integration (Remove comments) * Format and Update CortexAttackSurfaceManagement - Format with Flake8 and Black - Update output status key for get_remediation_confirmation_scan_status_command - Update request for start_remediation_confirmation_scan * Output keys for retrieving status * Update ASM integration README * Update functions for scanning and errors Update get_remediation_confirmation_scan_status_command to use polling. Update yml with polling and hide_polling_output. Update get_api_error with 400 and new err_extra, reduced logic to make it simpler. * Update ASM Alert Playbook - Remove Detect Service initialize step - Re-format playbook * Update Detect Service playbook and remove inputs * Update ASM RCS playbook * Update ASM Detect Service playbook * Add S3 to AWS Enrichment * Update Cortex ASM integration - Rename command asm-start-remediation-confirmation-scan from remediation_confirmation_scan - Add default polling and polling related parameters * Update Cortex ASM integration Remove prints and stale comments * Update unit tests and get_api_error function - Update expected and raw results test data - Update unit tests to reflect updated integration - Remove status code logic from get_api_error function * Add tests and update get_error_api - Increase code coverage - Update doc strings - Update logic of get_error_api function * Address linting and formatting * Deprecate Cortex ASM - SNMP Check * Add release notes * Update Cortex ASM integration docker version * Fix validation errors * Update Cortex ASM - ASM Alert playbook * Update get_api_error Remove Value Error from second exception Change message of NotFoundError exception * Update brands on Cortex ASM - RCS playbook * Address validations and deprecate SNMPDetection - Update readme - Update release notes - Deprecate SNMPDetection - Remove fromversion from SeviceOwnership.yml (Validation code BC106) * Update Cortex ASM - ASM Alert with latest * Update Cortex ASM - ASM Alert png * Address PR comments. - Update Cortex ASM - AWS Enrichment readme. - Fix Cortex ASM - AWS Enrichment typos from versions ago. - Move Cortex Attack Surface Management down a fromversion * Update Cortex ASM - ASM Alert - Update 21 to "What to do if RCS is inconclusive?" - Update "Service exposure still observable?" conditional * Address doc review comments and validation * Update RCS PNG to PR link * Update release notes * Undo non-essential file changes * Fix validation errors. Co-authored-by: John <[email protected]> Co-authored-by: RotemAmit <[email protected]>
xsoar-bot
pushed a commit
to xsoar-contrib/content
that referenced
this pull request
Jul 26, 2023
…isto#27780) * Add command for starting scan. Add function and error handling for call the new scan endpoint. Add function for new command to scan. * Update rcs get or create endpoint * Refactor client code to fixture * Update status code check and error handling Move error handling and status code checking to RCS start scan to command function Update start_remediation_confirmation_scan to retrun full response object * Refactor Cortex ASM tests & Add success tests for RCS Reducing imports should speed up tests Add test cases for RCS start scan Add results and responses for RCS scan * Update Cortex ASM intgration tests - Add failure scenario test for starting RCS scan - Add general 500 waitress error - Update test data * Update Cortex ASM integration - Add error_handler to all request - Add new function to handle api errors, "get_api_error" * Update Cortex ASM integration custom exceptions * Update tests for Cortex ASM integration - Add test for getting RCS 200 response scan status for IN_PROGRESS|SUCCESS|FAILED_ERROR|FAILED_TIMEOUT statuses. - Add test for getting RCS 500 response scan status. - Add response and results test data. - Update existing response and results test data names. - Move test_general_500_error. - Add missing docstrings. * Add asm-get-remediation-confirmation-scan-status command to Cortex ASM integration * Update incorrect raw_responses in Cortex ASM integration * Update get_remediation_confirmation_scan_status_command context outputs * Update get_api_error in ASM integration * Update tests and get_error_api - Update test_get_remediation_confirmation_scan_status_failure exception and error message. - Update test_start_remediation_confirmation_failure_codes error message. - Update get_api_error to check for 'message' in response error json. * Add ASM RCS playbook and update Detect Service playbook …Add ASM RCS playbook and update Detect Service playbook - Replaced all logic, including NMAP scan from Cortex_ASM_-_Detect_Service with Cortex_ASM_-_Remediation_Confirmation_Scan - Cteaded new Cortex_ASM_-_Remediation_Confirmation_Scan playbook that starts a scan and polls for scan status - New PNG files - Updated ReadMe files * Update docker image for ASM integration * Update Pack README - Add section for Cortex ASM - Remediation Confirmation Scan - Fix minor grammar * Update ASM integration (Remove comments) * Format and Update CortexAttackSurfaceManagement - Format with Flake8 and Black - Update output status key for get_remediation_confirmation_scan_status_command - Update request for start_remediation_confirmation_scan * Output keys for retrieving status * Update ASM integration README * Update functions for scanning and errors Update get_remediation_confirmation_scan_status_command to use polling. Update yml with polling and hide_polling_output. Update get_api_error with 400 and new err_extra, reduced logic to make it simpler. * Update ASM Alert Playbook - Remove Detect Service initialize step - Re-format playbook * Update Detect Service playbook and remove inputs * Update ASM RCS playbook * Update ASM Detect Service playbook * Add S3 to AWS Enrichment * Update Cortex ASM integration - Rename command asm-start-remediation-confirmation-scan from remediation_confirmation_scan - Add default polling and polling related parameters * Update Cortex ASM integration Remove prints and stale comments * Update unit tests and get_api_error function - Update expected and raw results test data - Update unit tests to reflect updated integration - Remove status code logic from get_api_error function * Add tests and update get_error_api - Increase code coverage - Update doc strings - Update logic of get_error_api function * Address linting and formatting * Deprecate Cortex ASM - SNMP Check * Add release notes * Update Cortex ASM integration docker version * Fix validation errors * Update Cortex ASM - ASM Alert playbook * Update get_api_error Remove Value Error from second exception Change message of NotFoundError exception * Update brands on Cortex ASM - RCS playbook * Address validations and deprecate SNMPDetection - Update readme - Update release notes - Deprecate SNMPDetection - Remove fromversion from SeviceOwnership.yml (Validation code BC106) * Update Cortex ASM - ASM Alert with latest * Update Cortex ASM - ASM Alert png * Address PR comments. - Update Cortex ASM - AWS Enrichment readme. - Fix Cortex ASM - AWS Enrichment typos from versions ago. - Move Cortex Attack Surface Management down a fromversion * Update Cortex ASM - ASM Alert - Update 21 to "What to do if RCS is inconclusive?" - Update "Service exposure still observable?" conditional * Address doc review comments and validation * Update RCS PNG to PR link * Update release notes * Undo non-essential file changes * Fix validation errors. Co-authored-by: John <[email protected]> Co-authored-by: RotemAmit <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Original External PR
external pull request
Contributor
@BigEasyJ
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
EXPANDR-3175
EXPANDR-3350
Description
Cortex ASM - ASM Alertplaybook and theCortex ASMIntegrationCortex ASM - Detect ServiceplaybookCortex ASM - SNMP CheckplaybookScreenshots
Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have