SentinelOne v 3 2 12 #30626

munna-metron · 2023-11-02T04:40:09Z

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

In Progress
Ready
In Hold - (Reason for hold)

Related Issues

fixes: link to the issue

Description

A few sentences describing the overall goals of the pull request's commits.

Must have

Tests
Documentation

SentinelOne XSOAR Bugfixes

content-bot · 2023-11-02T04:41:56Z

Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @MosheEichler will know the proposed changes are ready to be reviewed.
For your convenience, here is a link to the contributions SLAs document.

MosheEichler

Hi @munna-metron,
Thank you for your contribution!
Good work :)

Plesae see my comments,
@melamedbn Please take a look on the Classifier changes.

Please feel free to reach out to me with any questions - I'm available here or on slack :)
Thanks again

Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py

melamedbn · 2023-11-06T10:05:20Z

Hi @munna-metron,

I couldn't understand how the changes you've made to the classifier effect the issue with using incident type with the phrase 'incident' in its name.
Please explain why you mapped both SentinelOne Incident and Incident, it doesn't seem like the right implementation.

We can schedule a short call if necessary.

Best regards,
Ben

munna-metron · 2023-11-06T10:54:44Z

Hi @melamedbn ,
I will try to explain the issue, what happened is when we created the mirroring feature for Sentinelone. some how we mapped some of the incidents to incident incident type, but our classifier only classifies the events which had the SentineloOne Incident as incident type. And we fixed this issue in code in V3.2.10 and corrected it with SentinelOne Incident so that our classifier identifies the incident. But some of the customers are still seeing some unclassified incidents in their Xsoar, the reason is they had some incident which pulled before 3.2.10 version. So in-order to this backward compatible we mapped this "incident" to our classifier. I hope this make sense.
if you think we need a call we can have it
Regards

melamedbn · 2023-11-06T11:34:38Z

Hi @melamedbn , I will try to explain the issue, what happened is when we created the mirroring feature for Sentinelone. some how we mapped some of the incidents to incident incident type, but our classifier only classifies the events which had the SentineloOne Incident as incident type. And we fixed this issue in code in V3.2.10 and corrected it with SentinelOne Incident so that our classifier identifies the incident. But some of the customers are still seeing some unclassified incidents in their Xsoar, the reason is they had some incident which pulled before 3.2.10 version. So in-order to this backward compatible we mapped this "incident" to our classifier. I hope this make sense. if you think we need a call we can have it Regards

Thanks for explaining the flow.
I would still appreciate a call to see it live.

Ben

* SentinelOne v 3 2 12 (#30626) * Bug Fixes * updated the docker image * updated the release notes * making chages in threat request call * review comment fix * fixed release notes * docker --------- Co-authored-by: munna-metron <[email protected]> Co-authored-by: MosheEichler <[email protected]>

…perators in filter (#30513) * [Microsoft Defender for Endpoint]: Fix bug be able to use different operators in filter (#30481) * Fix: add filter arg to be able to filter on the date * update realase note after rebase * applying changes after review * SysAid add get file (#30718) * SysAid add get file (#30583) * SysAid add get file * Fixed error SysAid add get file * docker * Add file output * Update Packs/SysAid/ReleaseNotes/1_0_13.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/SysAid/Integrations/SysAid/SysAid.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/SysAid/Integrations/SysAid/SysAid.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/SysAid/Integrations/SysAid/README.md Co-authored-by: ShirleyDenkberg <[email protected]> * fixed UT --------- Co-authored-by: Giorgio <[email protected]> Co-authored-by: MosheEichler <[email protected]> Co-authored-by: Moshe Eichler <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> * update conf file (#30743) * remove/change values (#30728) * SentinelOne v 3 2 12 (#30740) * SentinelOne v 3 2 12 (#30626) * Bug Fixes * updated the docker image * updated the release notes * making chages in threat request call * review comment fix * fixed release notes * docker --------- Co-authored-by: munna-metron <[email protected]> Co-authored-by: MosheEichler <[email protected]> * Netcraft Revamp (#29527) * init * started fetch * finished fetch * name changes * fixed output in yml * added command names * mirroring part 1 * added incident type * fixed incident type * fethcing logic works! * cmnd: netcraft-attack-report * cmnd: netcraft-attack-report complete * reference new pack in old * cmnd: netcraft-attack-report complete * session changes * added classifier * added commands * commands continued * commands continued * order change * test-module * examples init * session changes * pre update * finished code * added TPB * unit-tests init * test_data TO BE DELETED * test_data TO BE DELETED * test_data complete * test_data.py complete * unit-tests continued * unit-tests complete * fixed KeyError bug * fixed SubmissionNextToken bug * fixed pagination bug * remove unused test data * improved UI * silence secret ignore * silence line-too-long * silence secret ignore * added readme; fixed png * tests/format complete * default args * session changes * session changes * CR changes * finished docs * fix docs * fix docs * added layout * clearer description * add error for no file * add error for no file * demo changes part 1 * demo changes part 2 * demo changes part 3 * demo changes part 4 * demo changes part 5 * fixed unit-tests * update escalate docs * authorise => authorize * match case => if-elif * CR changes * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * fixed unit-tests * remove trailing whitespace * try running build * fixed upload bug * name change to avoid conflict * pack readme part 1 * release notes * add image * removed unnecessary files * cleaned build problems * pack readme part 2 * readme complete * readme complete * added layout, mapper, type; not formatted * capitalize 'service' * get_file_path * trial fix for unittests * fixed unit-tests * update docker * small changes * doc review changes * update TPB * silence secret detections * classifier fixed * demo changes * demo changes * small change * UI works * fix tests and docs * update docker * added types to yaml * fixed file submit bug * layout for xsoar only * build wars: round 1 * build wars: round 2 * build wars: round 3 * build wars: round 4 * build wars: round 5 * build wars: round 6 * build wars: round 7 * Update conf.json * remove email address * fix TPB * incease retry-interval * raised timeout threshold * update docker * raised from_version --------- Co-authored-by: ShirleyDenkberg <[email protected]> * docker * conflicts --------- Co-authored-by: pl-brault <[email protected]> Co-authored-by: MosheEichler <[email protected]> Co-authored-by: Moshe Eichler <[email protected]> Co-authored-by: Giorgio <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: Israel Lappe <[email protected]> Co-authored-by: Adi Bamberger Edri <[email protected]> Co-authored-by: munna-metron <[email protected]> Co-authored-by: Jacob Levy <[email protected]>

* fix added warning IP list too large (#30217) * fix added warning * Added fqdn parameter to qualys-schedule-scan-create command * flake8 * pre commit * RN * Update Packs/qualys/ReleaseNotes/2_0_6.md Co-authored-by: ShirleyDenkberg <[email protected]> * fix description * docker * RN * SysAid add get file (#30718) * SysAid add get file (#30583) * SysAid add get file * Fixed error SysAid add get file * docker * Add file output * Update Packs/SysAid/ReleaseNotes/1_0_13.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/SysAid/Integrations/SysAid/SysAid.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/SysAid/Integrations/SysAid/SysAid.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/SysAid/Integrations/SysAid/README.md Co-authored-by: ShirleyDenkberg <[email protected]> * fixed UT --------- Co-authored-by: Giorgio <[email protected]> Co-authored-by: MosheEichler <[email protected]> Co-authored-by: Moshe Eichler <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> * update conf file (#30743) * remove/change values (#30728) * SentinelOne v 3 2 12 (#30740) * SentinelOne v 3 2 12 (#30626) * Bug Fixes * updated the docker image * updated the release notes * making chages in threat request call * review comment fix * fixed release notes * docker --------- Co-authored-by: munna-metron <[email protected]> Co-authored-by: MosheEichler <[email protected]> * Netcraft Revamp (#29527) * init * started fetch * finished fetch * name changes * fixed output in yml * added command names * mirroring part 1 * added incident type * fixed incident type * fethcing logic works! * cmnd: netcraft-attack-report * cmnd: netcraft-attack-report complete * reference new pack in old * cmnd: netcraft-attack-report complete * session changes * added classifier * added commands * commands continued * commands continued * order change * test-module * examples init * session changes * pre update * finished code * added TPB * unit-tests init * test_data TO BE DELETED * test_data TO BE DELETED * test_data complete * test_data.py complete * unit-tests continued * unit-tests complete * fixed KeyError bug * fixed SubmissionNextToken bug * fixed pagination bug * remove unused test data * improved UI * silence secret ignore * silence line-too-long * silence secret ignore * added readme; fixed png * tests/format complete * default args * session changes * session changes * CR changes * finished docs * fix docs * fix docs * added layout * clearer description * add error for no file * add error for no file * demo changes part 1 * demo changes part 2 * demo changes part 3 * demo changes part 4 * demo changes part 5 * fixed unit-tests * update escalate docs * authorise => authorize * match case => if-elif * CR changes * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * fixed unit-tests * remove trailing whitespace * try running build * fixed upload bug * name change to avoid conflict * pack readme part 1 * release notes * add image * removed unnecessary files * cleaned build problems * pack readme part 2 * readme complete * readme complete * added layout, mapper, type; not formatted * capitalize 'service' * get_file_path * trial fix for unittests * fixed unit-tests * update docker * small changes * doc review changes * update TPB * silence secret detections * classifier fixed * demo changes * demo changes * small change * UI works * fix tests and docs * update docker * added types to yaml * fixed file submit bug * layout for xsoar only * build wars: round 1 * build wars: round 2 * build wars: round 3 * build wars: round 4 * build wars: round 5 * build wars: round 6 * build wars: round 7 * Update conf.json * remove email address * fix TPB * incease retry-interval * raised timeout threshold * update docker * raised from_version --------- Co-authored-by: ShirleyDenkberg <[email protected]> * docker * change map * change scan * revert --------- Co-authored-by: franciscojoseabellan <[email protected]> Co-authored-by: MosheEichler <[email protected]> Co-authored-by: Moshe Eichler <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: Giorgio <[email protected]> Co-authored-by: Israel Lappe <[email protected]> Co-authored-by: Adi Bamberger Edri <[email protected]> Co-authored-by: munna-metron <[email protected]> Co-authored-by: Jacob Levy <[email protected]>

* SentinelOne v 3 2 12 (#30626) * Bug Fixes * updated the docker image * updated the release notes * making chages in threat request call * review comment fix * fixed release notes * docker --------- Co-authored-by: munna-metron <[email protected]> Co-authored-by: MosheEichler <[email protected]>

…perators in filter (#30513) * [Microsoft Defender for Endpoint]: Fix bug be able to use different operators in filter (#30481) * Fix: add filter arg to be able to filter on the date * update realase note after rebase * applying changes after review * SysAid add get file (#30718) * SysAid add get file (#30583) * SysAid add get file * Fixed error SysAid add get file * docker * Add file output * Update Packs/SysAid/ReleaseNotes/1_0_13.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/SysAid/Integrations/SysAid/SysAid.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/SysAid/Integrations/SysAid/SysAid.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/SysAid/Integrations/SysAid/README.md Co-authored-by: ShirleyDenkberg <[email protected]> * fixed UT --------- Co-authored-by: Giorgio <[email protected]> Co-authored-by: MosheEichler <[email protected]> Co-authored-by: Moshe Eichler <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> * update conf file (#30743) * remove/change values (#30728) * SentinelOne v 3 2 12 (#30740) * SentinelOne v 3 2 12 (#30626) * Bug Fixes * updated the docker image * updated the release notes * making chages in threat request call * review comment fix * fixed release notes * docker --------- Co-authored-by: munna-metron <[email protected]> Co-authored-by: MosheEichler <[email protected]> * Netcraft Revamp (#29527) * init * started fetch * finished fetch * name changes * fixed output in yml * added command names * mirroring part 1 * added incident type * fixed incident type * fethcing logic works! * cmnd: netcraft-attack-report * cmnd: netcraft-attack-report complete * reference new pack in old * cmnd: netcraft-attack-report complete * session changes * added classifier * added commands * commands continued * commands continued * order change * test-module * examples init * session changes * pre update * finished code * added TPB * unit-tests init * test_data TO BE DELETED * test_data TO BE DELETED * test_data complete * test_data.py complete * unit-tests continued * unit-tests complete * fixed KeyError bug * fixed SubmissionNextToken bug * fixed pagination bug * remove unused test data * improved UI * silence secret ignore * silence line-too-long * silence secret ignore * added readme; fixed png * tests/format complete * default args * session changes * session changes * CR changes * finished docs * fix docs * fix docs * added layout * clearer description * add error for no file * add error for no file * demo changes part 1 * demo changes part 2 * demo changes part 3 * demo changes part 4 * demo changes part 5 * fixed unit-tests * update escalate docs * authorise => authorize * match case => if-elif * CR changes * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * fixed unit-tests * remove trailing whitespace * try running build * fixed upload bug * name change to avoid conflict * pack readme part 1 * release notes * add image * removed unnecessary files * cleaned build problems * pack readme part 2 * readme complete * readme complete * added layout, mapper, type; not formatted * capitalize 'service' * get_file_path * trial fix for unittests * fixed unit-tests * update docker * small changes * doc review changes * update TPB * silence secret detections * classifier fixed * demo changes * demo changes * small change * UI works * fix tests and docs * update docker * added types to yaml * fixed file submit bug * layout for xsoar only * build wars: round 1 * build wars: round 2 * build wars: round 3 * build wars: round 4 * build wars: round 5 * build wars: round 6 * build wars: round 7 * Update conf.json * remove email address * fix TPB * incease retry-interval * raised timeout threshold * update docker * raised from_version --------- Co-authored-by: ShirleyDenkberg <[email protected]> * docker * conflicts --------- Co-authored-by: pl-brault <[email protected]> Co-authored-by: MosheEichler <[email protected]> Co-authored-by: Moshe Eichler <[email protected]> Co-authored-by: Giorgio <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: Israel Lappe <[email protected]> Co-authored-by: Adi Bamberger Edri <[email protected]> Co-authored-by: munna-metron <[email protected]> Co-authored-by: Jacob Levy <[email protected]>

* fix added warning IP list too large (#30217) * fix added warning * Added fqdn parameter to qualys-schedule-scan-create command * flake8 * pre commit * RN * Update Packs/qualys/ReleaseNotes/2_0_6.md Co-authored-by: ShirleyDenkberg <[email protected]> * fix description * docker * RN * SysAid add get file (#30718) * SysAid add get file (#30583) * SysAid add get file * Fixed error SysAid add get file * docker * Add file output * Update Packs/SysAid/ReleaseNotes/1_0_13.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/SysAid/Integrations/SysAid/SysAid.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/SysAid/Integrations/SysAid/SysAid.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/SysAid/Integrations/SysAid/README.md Co-authored-by: ShirleyDenkberg <[email protected]> * fixed UT --------- Co-authored-by: Giorgio <[email protected]> Co-authored-by: MosheEichler <[email protected]> Co-authored-by: Moshe Eichler <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> * update conf file (#30743) * remove/change values (#30728) * SentinelOne v 3 2 12 (#30740) * SentinelOne v 3 2 12 (#30626) * Bug Fixes * updated the docker image * updated the release notes * making chages in threat request call * review comment fix * fixed release notes * docker --------- Co-authored-by: munna-metron <[email protected]> Co-authored-by: MosheEichler <[email protected]> * Netcraft Revamp (#29527) * init * started fetch * finished fetch * name changes * fixed output in yml * added command names * mirroring part 1 * added incident type * fixed incident type * fethcing logic works! * cmnd: netcraft-attack-report * cmnd: netcraft-attack-report complete * reference new pack in old * cmnd: netcraft-attack-report complete * session changes * added classifier * added commands * commands continued * commands continued * order change * test-module * examples init * session changes * pre update * finished code * added TPB * unit-tests init * test_data TO BE DELETED * test_data TO BE DELETED * test_data complete * test_data.py complete * unit-tests continued * unit-tests complete * fixed KeyError bug * fixed SubmissionNextToken bug * fixed pagination bug * remove unused test data * improved UI * silence secret ignore * silence line-too-long * silence secret ignore * added readme; fixed png * tests/format complete * default args * session changes * session changes * CR changes * finished docs * fix docs * fix docs * added layout * clearer description * add error for no file * add error for no file * demo changes part 1 * demo changes part 2 * demo changes part 3 * demo changes part 4 * demo changes part 5 * fixed unit-tests * update escalate docs * authorise => authorize * match case => if-elif * CR changes * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * fixed unit-tests * remove trailing whitespace * try running build * fixed upload bug * name change to avoid conflict * pack readme part 1 * release notes * add image * removed unnecessary files * cleaned build problems * pack readme part 2 * readme complete * readme complete * added layout, mapper, type; not formatted * capitalize 'service' * get_file_path * trial fix for unittests * fixed unit-tests * update docker * small changes * doc review changes * update TPB * silence secret detections * classifier fixed * demo changes * demo changes * small change * UI works * fix tests and docs * update docker * added types to yaml * fixed file submit bug * layout for xsoar only * build wars: round 1 * build wars: round 2 * build wars: round 3 * build wars: round 4 * build wars: round 5 * build wars: round 6 * build wars: round 7 * Update conf.json * remove email address * fix TPB * incease retry-interval * raised timeout threshold * update docker * raised from_version --------- Co-authored-by: ShirleyDenkberg <[email protected]> * docker * change map * change scan * revert --------- Co-authored-by: franciscojoseabellan <[email protected]> Co-authored-by: MosheEichler <[email protected]> Co-authored-by: Moshe Eichler <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: Giorgio <[email protected]> Co-authored-by: Israel Lappe <[email protected]> Co-authored-by: Adi Bamberger Edri <[email protected]> Co-authored-by: munna-metron <[email protected]> Co-authored-by: Jacob Levy <[email protected]>

munna-metron and others added 7 commits October 27, 2023 10:53

Bug Fixes

9445e20

updated the docker image

7f635f2

updated the release notes

706ea29

making chages in threat request call

9085413

review comment fix

c687e81

Merge pull request #624 from metron-labs/Dev_Sentinelone_V3_2_12

c956e80

SentinelOne XSOAR Bugfixes

Merge branch 'master' into Sentinelone_V3_2_12

32e3f23

content-bot added Contribution Thank you! Contributions are always welcome! External PR Partner Support Level Indicates that the contribution is for Partner supported pack labels Nov 2, 2023

content-bot changed the base branch from master to contrib/metron-labs_Sentinelone_V3_2_12 November 2, 2023 04:41

content-bot assigned MosheEichler and melamedbn Nov 2, 2023

content-bot added the Security Review label Nov 2, 2023

content-bot requested review from melamedbn and MosheEichler November 2, 2023 04:41

content-bot assigned kgal-pan Nov 2, 2023

content-bot added Partner-Approved Contribution Form Filled Whether contribution form filled or not. Partner labels Nov 2, 2023

fixed release notes

9b00abf

MosheEichler reviewed Nov 2, 2023

View reviewed changes

Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py Show resolved Hide resolved

Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py Show resolved Hide resolved

This comment was marked as off-topic.

Sign in to view

MosheEichler merged commit ab99d39 into demisto:contrib/metron-labs_Sentinelone_V3_2_12 Nov 8, 2023
11 of 12 checks passed

content-bot mentioned this pull request Nov 8, 2023

SentinelOne v 3 2 12 #30740

Merged

5 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SentinelOne v 3 2 12 #30626

SentinelOne v 3 2 12 #30626

munna-metron commented Nov 2, 2023

content-bot commented Nov 2, 2023

MosheEichler left a comment •

edited

Loading

This comment was marked as off-topic.

melamedbn commented Nov 6, 2023

munna-metron commented Nov 6, 2023

melamedbn commented Nov 6, 2023

SentinelOne v 3 2 12 #30626

SentinelOne v 3 2 12 #30626

Conversation

munna-metron commented Nov 2, 2023

Contributing to Cortex XSOAR Content

Status

Related Issues

Description

Must have

content-bot commented Nov 2, 2023

MosheEichler left a comment • edited Loading

Choose a reason for hiding this comment

This comment was marked as off-topic.

melamedbn commented Nov 6, 2023

munna-metron commented Nov 6, 2023

melamedbn commented Nov 6, 2023

MosheEichler left a comment •

edited

Loading