Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changes related to the Rubrik release 1.3.1 #33371

Merged
merged 7 commits into from
Apr 4, 2024
Merged

Changes related to the Rubrik release 1.3.1 #33371

merged 7 commits into from
Apr 4, 2024

Conversation

crestdatasystems
Copy link
Contributor

@crestdatasystems crestdatasystems commented Mar 15, 2024
edited
Loading

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

  • In Progress
  • Ready
  • In Hold - (Reason for hold)

Related Issues

fixes: link to the issue

Description

Integrations: Rubrik Security Cloud

  • Updated the command rubrik-gps-snapshot-files-download with the added support for the Windows File Set, Linux File Set, and Volume Group object types.
  • Added the command rubrik-radar-suspicious-file-list.

New Playbook: Rubrik Retrieve Anomaly Result - Rubrik Security Cloud

  • This playbook retrieves the list of anomaly files for the provided snapshot ID (or activity series ID) and generates the downloadable links for the file path(s). (Available from Cortex XSOAR 6.5.0).

Must have

  • Tests
  • Documentation

@content-bot content-bot added Contribution Thank you! Contributions are always welcome! External PR Partner Support Level Indicates that the contribution is for Partner supported pack labels Mar 15, 2024
@content-bot content-bot changed the base branch from master to contrib/crestdatasystems_Rubrik-Release-131 March 15, 2024 12:54
@content-bot
Copy link
Collaborator

Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @moishce will know the proposed changes are ready to be reviewed.
For your convenience, here is a link to the contributions SLAs document.

@content-bot content-bot added Partner-Approved Contribution Form Filled Whether contribution form filled or not. Partner labels Mar 15, 2024
@crestdatasystems crestdatasystems marked this pull request as ready for review March 22, 2024 07:12
@melamedbn
Copy link
Contributor

melamedbn commented Mar 25, 2024
edited
Loading

Hi @crestdatasystems,

Playbooks

Rubrik Retrieve Anomaly Result - Rubrik Security Cloud

  1. Please consider checking if the mandatory input is provided before executing anything else. This could ensure smoother execution, making task '34' the first in order.
  2. In Task '34', could you kindly explain why 'trim' was used?
  3. Tasks '37' and '32' seem similar; merging them into one task where you only put the relevant keys in the delete context command could simplify the playbook.
  4. Could you please explain where the 'anomaly_snapshot_id' key used in task '38' and 'suspicious_file_paths' in task '39' are created?

Rubrik Poll Async Result - Rubrik Polaris

  1. It would be very helpful to see the modification made in action. Could you please provide a short recording or prepare it for our upcoming demo?

Mapper

Rubrik Polaris Radar - Mapping

  1. I noticed the 'ObjectID' field was changed to 'fid'. Could you kindly explain the reason behind this change?

Thank you for considering these suggestions. Let me know if you need further clarification or if there are additional details you'd like to include.

Best regards,
Ben

@crestdatasystems
Copy link
Contributor Author

Hi @crestdatasystems,

Playbooks

Rubrik Retrieve Anomaly Result - Rubrik Security Cloud

  1. Please consider checking if the mandatory input is provided before executing anything else. This could ensure smoother execution, making task '34' the first in order.
  2. In Task '34', could you kindly explain why 'trim' was used?
  3. Tasks '37' and '32' seem similar; merging them into one task where you only put the relevant keys in the delete context command could simplify the playbook.
  4. Could you please explain where the 'anomaly_snapshot_id' key used in task '38' and 'suspicious_file_paths' in task '39' are created?

Rubrik Poll Async Result - Rubrik Polaris

  1. It would be very helpful to see the modification made in action. Could you please provide a short recording or prepare it for our upcoming demo?

Mapper

Rubrik Polaris Radar - Mapping

  1. I noticed the 'ObjectID' field was changed to 'fid'. Could you kindly explain the reason behind this change?

Thank you for considering these suggestions. Let me know if you need further clarification or if there are additional details you'd like to include.

Best regards, Ben

Hello Ben, Thanks for the review!

Rubrik Retrieve Anomaly Result - Rubrik Security Cloud

  1. Before 'task 34' 2 tasks are generic, it's just deleting keys irrespective of the inputs.
  2. Just in case if someone is providing whitespace then it would be handled by trim
  3. In the Task 37, we are setting the comma separated custom keys in the context for which we have to run the Delete Context tasks. Task 32, we are spliting those keys, so that, Delete Context task will run for all those keys. Which we think more straight forward instead of writing a automation to combine this. OR you can suggest a better way to handle this.
  4. We are setting the 'anomaly_snapshot_id' key from the task 29. It may be possible that, user provided values don't have any outputs. So, to handle that, we are checking that, do we have received this key from the context or not. For the task '39' as well, we are checking that, we have received any suspicious file paths or not. If not, then we doesn't have run the susbsequent tasks which requires set of file paths.

Rubrik Poll Async Result - Rubrik Polaris

Yes sure, we can display those changes in the upcoming demo.
For brief, we have added one argument related to the IP address which we require for current use case. Previously, that playbook input was not available which can be use by the underlining command in this playbook. To not break the other playbooks, we have just made one branch for IP address if it is available from the playbook input.

Rubrik Polaris Radar - Mapping

Previously it was incorrectly mapped and Rubrik team suggest to map with fid.

Please let me know if you've any other points to discuss before jumping on to a quick demo.

@melamedbn
Copy link
Contributor

Hi @crestdatasystems,

Playbooks

Rubrik Retrieve Anomaly Result - Rubrik Security Cloud

  1. Please consider checking if the mandatory input is provided before executing anything else. This could ensure smoother execution, making task '34' the first in order.
  2. In Task '34', could you kindly explain why 'trim' was used?
  3. Tasks '37' and '32' seem similar; merging them into one task where you only put the relevant keys in the delete context command could simplify the playbook.
  4. Could you please explain where the 'anomaly_snapshot_id' key used in task '38' and 'suspicious_file_paths' in task '39' are created?

Rubrik Poll Async Result - Rubrik Polaris

  1. It would be very helpful to see the modification made in action. Could you please provide a short recording or prepare it for our upcoming demo?

Mapper

Rubrik Polaris Radar - Mapping

  1. I noticed the 'ObjectID' field was changed to 'fid'. Could you kindly explain the reason behind this change?

Thank you for considering these suggestions. Let me know if you need further clarification or if there are additional details you'd like to include.
Best regards, Ben

Hello Ben, Thanks for the review!

Rubrik Retrieve Anomaly Result - Rubrik Security Cloud

  1. Before 'task 34' 2 tasks are generic, it's just deleting keys irrespective of the inputs.
  2. Just in case if someone is providing whitespace then it would be handled by trim
  3. In the Task 37, we are setting the comma separated custom keys in the context for which we have to run the Delete Context tasks. Task 32, we are spliting those keys, so that, Delete Context task will run for all those keys. Which we think more straight forward instead of writing a automation to combine this. OR you can suggest a better way to handle this.
  4. We are setting the 'anomaly_snapshot_id' key from the task 29. It may be possible that, user provided values don't have any outputs. So, to handle that, we are checking that, do we have received this key from the context or not. For the task '39' as well, we are checking that, we have received any suspicious file paths or not. If not, then we doesn't have run the susbsequent tasks which requires set of file paths.

Rubrik Poll Async Result - Rubrik Polaris

Yes sure, we can display those changes in the upcoming demo. For brief, we have added one argument related to the IP address which we require for current use case. Previously, that playbook input was not available which can be use by the underlining command in this playbook. To not break the other playbooks, we have just made one branch for IP address if it is available from the playbook input.

Rubrik Polaris Radar - Mapping

Previously it was incorrectly mapped and Rubrik team suggest to map with fid.

Please let me know if you've any other points to discuss before jumping on to a quick demo.

3 - Can be split using the split transformer which will cause the command to iterate over each element. Want to give it a try? it will make the flow smoother.

@crestdatasystems
Copy link
Contributor Author

Hi @crestdatasystems,

Playbooks

Rubrik Retrieve Anomaly Result - Rubrik Security Cloud

  1. Please consider checking if the mandatory input is provided before executing anything else. This could ensure smoother execution, making task '34' the first in order.
  2. In Task '34', could you kindly explain why 'trim' was used?
  3. Tasks '37' and '32' seem similar; merging them into one task where you only put the relevant keys in the delete context command could simplify the playbook.
  4. Could you please explain where the 'anomaly_snapshot_id' key used in task '38' and 'suspicious_file_paths' in task '39' are created?

Rubrik Poll Async Result - Rubrik Polaris

  1. It would be very helpful to see the modification made in action. Could you please provide a short recording or prepare it for our upcoming demo?

Mapper

Rubrik Polaris Radar - Mapping

  1. I noticed the 'ObjectID' field was changed to 'fid'. Could you kindly explain the reason behind this change?

Thank you for considering these suggestions. Let me know if you need further clarification or if there are additional details you'd like to include.
Best regards, Ben

Hello Ben, Thanks for the review!

Rubrik Retrieve Anomaly Result - Rubrik Security Cloud

  1. Before 'task 34' 2 tasks are generic, it's just deleting keys irrespective of the inputs.
  2. Just in case if someone is providing whitespace then it would be handled by trim
  3. In the Task 37, we are setting the comma separated custom keys in the context for which we have to run the Delete Context tasks. Task 32, we are spliting those keys, so that, Delete Context task will run for all those keys. Which we think more straight forward instead of writing a automation to combine this. OR you can suggest a better way to handle this.
  4. We are setting the 'anomaly_snapshot_id' key from the task 29. It may be possible that, user provided values don't have any outputs. So, to handle that, we are checking that, do we have received this key from the context or not. For the task '39' as well, we are checking that, we have received any suspicious file paths or not. If not, then we doesn't have run the susbsequent tasks which requires set of file paths.

Rubrik Poll Async Result - Rubrik Polaris

Yes sure, we can display those changes in the upcoming demo. For brief, we have added one argument related to the IP address which we require for current use case. Previously, that playbook input was not available which can be use by the underlining command in this playbook. To not break the other playbooks, we have just made one branch for IP address if it is available from the playbook input.

Rubrik Polaris Radar - Mapping

Previously it was incorrectly mapped and Rubrik team suggest to map with fid.
Please let me know if you've any other points to discuss before jumping on to a quick demo.

3 - Can be split using the split transformer which will cause the command to iterate over each element. Want to give it a try? it will make the flow smoother.

The Delete Context Task requires the mandatory parameter 'key to delete' from the context. So, we are setting the comma separated keys in the task '37'. And after that, we can use 'Split' transformer to get the list of keys stored in the context. That's why we've splited these tasks, If you have solution for this, please provide us the SnapShots or the YML for this one.

image

@moishce moishce added the ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR. label Apr 1, 2024
@content-bot
Copy link
Collaborator

For the Reviewer: Trigger build request has been accepted for this contribution PR.

@content-bot
Copy link
Collaborator

For the Reviewer: Successfully created a pipeline in GitLab with url: https://gitlab.xdr.pan.local/xdr/cortex-content/content/-/pipelines/927857

@content-bot content-bot removed the ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR. label Apr 1, 2024
@moishce moishce added the ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR. label Apr 2, 2024
@content-bot
Copy link
Collaborator

For the Reviewer: Trigger build request has been accepted for this contribution PR.

@content-bot
Copy link
Collaborator

For the Reviewer: Successfully created a pipeline in GitLab with url: https://gitlab.xdr.pan.local/xdr/cortex-content/content/-/pipelines/928409

@content-bot content-bot removed the ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR. label Apr 2, 2024
@samuelFain samuelFain added the ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR. label Apr 2, 2024
@content-bot content-bot removed the ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR. label Apr 2, 2024
@demisto demisto deleted a comment from content-bot Apr 2, 2024
@demisto demisto deleted a comment from content-bot Apr 2, 2024
@samuelFain samuelFain added the ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR. label Apr 2, 2024
@content-bot
Copy link
Collaborator

For the Reviewer: Trigger build request has been accepted for this contribution PR.

@content-bot
Copy link
Collaborator

For the Reviewer: Successfully created a pipeline in GitLab with url: https://gitlab.xdr.pan.local/xdr/cortex-content/content/-/pipelines/929936

@content-bot content-bot removed the ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR. label Apr 2, 2024
@moishce moishce added the ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR. label Apr 4, 2024
@content-bot
Copy link
Collaborator

For the Reviewer: Trigger build request has been accepted for this contribution PR.

@content-bot
Copy link
Collaborator

For the Reviewer: Successfully created a pipeline in GitLab with url: https://gitlab.xdr.pan.local/xdr/cortex-content/content/-/pipelines/934579

@content-bot content-bot removed the ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR. label Apr 4, 2024
@moishce moishce merged commit eca20fd into demisto:contrib/crestdatasystems_Rubrik-Release-131 Apr 4, 2024
23 of 27 checks passed
@content-bot content-bot mentioned this pull request Apr 4, 2024
Merged
5 tasks
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 4, 2024

Thank you for your contribution. Your external PR has been merged and the changes are now included in an internal PR for further review. The internal PR will be merged to the master branch within 3 business days.

moishce added a commit that referenced this pull request Apr 6, 2024
@content-bot @crestdatasystems @moishce
Changes related to the Rubrik release 1.3.1 (#33766)
864f0d0 
* Changes related to the Rubrik release 1.3.1 (#33371)

Co-authored-by: crestdatasystems <[email protected]>
Co-authored-by: Moshe Galitzky <[email protected]>

* pre-commit fixes

---------

Co-authored-by: Crest Data Systems <[email protected]>
Co-authored-by: crestdatasystems <[email protected]>
Co-authored-by: Moshe Galitzky <[email protected]>
Co-authored-by: Moshe <[email protected]>
pal-xmco pushed a commit to pal-xmco/content that referenced this pull request Jun 19, 2024
@content-bot @crestdatasystems
@moishce @pal-xmco
Changes related to the Rubrik release 1.3.1 (demisto#33766)
a4e040c 
* Changes related to the Rubrik release 1.3.1 (demisto#33371)

Co-authored-by: crestdatasystems <[email protected]>
Co-authored-by: Moshe Galitzky <[email protected]>

* pre-commit fixes

---------

Co-authored-by: Crest Data Systems <[email protected]>
Co-authored-by: crestdatasystems <[email protected]>
Co-authored-by: Moshe Galitzky <[email protected]>
Co-authored-by: Moshe <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@melamedbn melamedbn melamedbn approved these changes

@moishce moishce Awaiting requested review from moishce

Assignees

@melamedbn melamedbn

@edik24 edik24

@moishce moishce

Labels
Contribution Form Filled Whether contribution form filled or not. Contribution Thank you! Contributions are always welcome! External PR Partner Support Level Indicates that the contribution is for Partner supported pack Partner Partner-Approved Security Review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@crestdatasystems @content-bot @melamedbn @samuelFain @edik24 @moishce