Jwilkes new aws pack #21729
Jwilkes new aws pack #21729
Conversation
…s/content-JW-Fork into jwilkes-new-aws-pack
…s/content-JW-Fork into jwilkes-new-aws-pack
|
|
|
Hello, we are seeing the following error
We think this is what the final file path should be. Any suggestions? Thanks |
There was a problem hiding this comment.
Thanks for your contribution. I reviewed the playbooks. Listing my comments with numbers below so you can reference them if you have any question:
AWS - Enrichment
- The IP is mandatory for this playbook, so let's change the input to mandatory:
Additionally it would be good to verify the input exists before continuing with the playbook. You can do it in the same condition that checks if the integration is enabled. - Question - will an Owner ID always be returned? If not sure please also add a validation for it before we query using the Owner ID:
- It's best practice to add the sub-keys of the outputs to the playbook outputs as well:
For exampleAWS.IAM.Userswill work just fine, but tasks that want to grab the outputs of the playbook and use them will not know that there's aAWS.IAM.Users.UserName. So let's define all of them :)
AWS - Security Group Remediation
- The VPC ID is also mandatory here, please change the input to mandatory. Also add a verification for the input.
- Are you sure that's a good filter?
Name=group-name,Values=Remediation-Security-Group. What if there is already a security group with a different name? - Please add the security group name (AKA
Remediation-Security-Group) as a playbook input, and use the input in the tasks.
General
- Please use the Demisto SDK to calculate the pack dependencies for this pack. Since this pack has a mandatory dependency on other AWS packs we need to make sure that the dependency is defined as mandatory in the
pack_metadata.jsonfile.
Finally - after making adjustments, please provide possible time slots for a short demo of 15-20 minutes. Just to see the playbooks running in an incident. Let me know if you have any issues or concerns!
|
@idovandijk , thanks for you review. for Question 7: is there a demisto-sdk command for this? |
|
I am going to wait for my coworker @capanw to be back from FTO Monday to start addressing these concerns. Thank you for the feedback @idovandijk |
Use a relative path ( |
Hello, we tried to use the relative path and got the following error message:
|
|
Hello @idovandijk, For questions 1 and 4 we understand the importance of input validation. However, when a subplaybook input is mandatory, this means it will fail if the supplied input isn’t available. Therefore, it would seem you would have to do something like a SetIfEmpty to make sure this doesn’t happen. Instead it might be better to do a check in the parent that references the subplaybook. What do you think? Let me know if you would prefer to setup a quick meeting to discuss.
|
Hello @idovandijk, For question 3: We had a discussion on this and for the automation that we are using, it has about 40 of those sub-keys for the output and felt like its an overwhelming number of sub-keys. Hence, we have added just the one's that are using them. what do you think? Thank you |
Hello, for question 2, there should always be an owner ID returned as every security group will have the owner id information. We have not come across a situation where there is no owner associated to a SG. Thanks |
|
@capanw if there is an overwhelming amount of subkeys for the outputs then you can keep just the ones you believe may possibly be used outside of the playbook, that's OK. |
|
@rshunim can you please help them with the pack README file error? |
Hello @idovandijk, thanks for your review. We are working on the suggested changes for Question 1 and 4. |
Hello @idovandijk, Thank you for all the suggestions. Here are the updates on the questions: Question 1: We made changes to Mandatory field and updated our sub-Playbook to include the input checks. Please let me know if you have any further questions. Thanks |
rshunim
added
the
pending-contributor
idovandijk
added
docs-approved
and removed
pending-contributor
* initial upload * format/validate * Adding remediation files * initial upload * format/validate * Adding remediation files * Validate and format * Updated Security group name. * Changes to input values no remediation playbook * Set mandatory for input fields * Added pack dependencies * removed absolute links from pack README * changed files and updated pack README * fix image path Co-authored-by: Johnathan Wilkes <jwilkes@paloaltonetworks.com> Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: rshunim <102469772+rshunim@users.noreply.github.com> Co-authored-by: Chait A <112722030+capanw@users.noreply.github.com> Co-authored-by: Johnathan Wilkes <jwilkes@paloaltonetworks.com> Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: rshunim <102469772+rshunim@users.noreply.github.com>
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
fixes: link to the issue
Description
We spoke with @michalgold, @altmannyarden about a new pack for AWS Enrichment and Remediation playbooks. This needs to be a new pack, because it includes multiple integration commands from multiple AWS packs including EC2 and IAM. In the future, we will add support for other AWS packs. This is my first submission. Please, let me know if you have any questions.
Screenshots
Paste here any images that will help the reviewer
Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have