Enhancements to Traceable Integration #29129
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
content-bot
added
Contribution
|
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @ostolero will know the proposed changes are ready to be reviewed. |
content-bot
added
Contribution Form Filled
MichaelYochpaz
requested review from
MichaelYochpaz
and removed request for
ostolero
- Adding ignore status codes - Field to mark the affected api internal or external - field to mark the actor ip address internal or external
- Incident Field Selection - Unit Tests
- Additional unit tests
MichaelYochpaz
added
the
pending-contributor
MichaelYochpaz
added
the
ready-for-instance-test
|
For the Reviewer: Successfully created a pipeline in Gitlab with url: https://code.pan.run/xsoar/content/-/pipelines/6189790 |
|
@mtraceable Our internal build fails for: Please fix. |
MichaelYochpaz
added
ready-for-instance-test
|
Hey @mtraceable, PR seems to be good :) Please see this page, and message me in Slack (DFIR) when you're available for a demo so that I'll schedule a meeting. |
MichaelYochpaz
added
pending-demo
MichaelYochpaz
approved these changes
Aug 29, 2023
- Corrected log statements - Added a unit test for eventUrl
| required: false | ||
| - display: Incident optional field list | ||
| name: optionalDomainEventFieldList | ||
| defaultvalue: actorDevice,actorEntityId,actorId,actorScoreCategory,actorSession,anomalousAttribute,apiName,apiUri,category,ipAbuseVelocity,ipReputationLevel,securityEventType,securityScore,serviceId,serviceName,actorScore,threatCategory,type |
There was a problem hiding this comment.
Do you need this (defaultvalue) if you have the list of options?
There was a problem hiding this comment.
Hi @ShirleyDenkberg the idea was to have it fetch as many fields to start with, and the customer can take a conscious decision to remove or retain the ones that they wish.
| required: false | ||
| - display: Additional API Attributes | ||
| name: optionalAPIAttributes | ||
| defaultvalue: isExternal,isAuthenticated,riskScore,riskScoreCategory,isLearnt |
There was a problem hiding this comment.
Do you need this (defaultvalue) if you have the list of options?
There was a problem hiding this comment.
@ShirleyDenkberg same case here - the idea was to have it fetch as many fields to start with, and the customer can take a conscious decision to remove or retain the ones that they wish.
|
@MichaelYochpaz Doc review completed. |
5 tasks
MichaelYochpaz
added a commit
that referenced
this pull request
Aug 30, 2023
* Enhancements to Traceable Integration (#29129) * Added new fields to the Incidents - ipAddressType and apiType * - Adding Event url in the incident - Adding ignore status codes - Field to mark the affected api internal or external - field to mark the actor ip address internal or external * - Status code filtering - Incident Field Selection - Unit Tests * - Changes for api attribute selections - Additional unit tests * Updated Release Notes. * Removing unused Integration configurations. * Readme changes. * Logs causing failed Test * - Fixed timestamps to include milliseconds. Else it misses capturing some spans. * Fixing datetime strings and unit tests. * removing unused imports * Making logs less noisy. * Logging changes. * Safe value checking. * Changes to Release Notes as per the findings from the pre-check * Review comments for the Release Notes. * Review Comments * Review Comments - changing demisto.log to demisto.info. * Pre-commit - changing the version of the docker image. * Pre-commit - changing docker version in the release notes. * Removing redundant point from the release notes. * - Fixed a index out of bound error - Corrected log statements - Added a unit test for eventUrl * Review comments for the README and ReleaseNotes. * Add testing IP to secrets-ignore --------- Co-authored-by: Mayuresh Kshirsagar <[email protected]> Co-authored-by: Michael Yochpaz <[email protected]>
xsoar-bot
pushed a commit
to xsoar-contrib/content
that referenced
this pull request
Oct 5, 2023
* Enhancements to Traceable Integration (demisto#29129) * Added new fields to the Incidents - ipAddressType and apiType * - Adding Event url in the incident - Adding ignore status codes - Field to mark the affected api internal or external - field to mark the actor ip address internal or external * - Status code filtering - Incident Field Selection - Unit Tests * - Changes for api attribute selections - Additional unit tests * Updated Release Notes. * Removing unused Integration configurations. * Readme changes. * Logs causing failed Test * - Fixed timestamps to include milliseconds. Else it misses capturing some spans. * Fixing datetime strings and unit tests. * removing unused imports * Making logs less noisy. * Logging changes. * Safe value checking. * Changes to Release Notes as per the findings from the pre-check * Review comments for the Release Notes. * Review Comments * Review Comments - changing demisto.log to demisto.info. * Pre-commit - changing the version of the docker image. * Pre-commit - changing docker version in the release notes. * Removing redundant point from the release notes. * - Fixed a index out of bound error - Corrected log statements - Added a unit test for eventUrl * Review comments for the README and ReleaseNotes. * Add testing IP to secrets-ignore --------- Co-authored-by: Mayuresh Kshirsagar <[email protected]> Co-authored-by: Michael Yochpaz <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
fixes: link to the issue
Description
Introduced new fields in the Incident to specify type of IP Address (ipAddressType) with values Internal or External
Introduced new fields in the Incident to specify type of API (apiType) with values Internal or External
Added new Incident field eventUrl containing the link to open the Incident Event in the Traceable Platform.
Ability to select the optional fields for the Incidents.
Ability to pull optional attributes of the affected APIs of the reported incidents:
Incidents for the selected HTTP Status Codes can now be ignored and not created in XSOAR.
Added additional input configuration for the Integration to provide the base url of the Traceable Platform UI endpoint.
Added additional input configuration to configure the HTTP Status Codes for which the Incidents should be ignored.
Updated the Docker image to: demisto/python3:3.10.12.68714.
Must have