Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Microsoft defender for cloud collector #23631

Merged
merged 74 commits into from
May 29, 2023
Merged

Microsoft defender for cloud collector #23631

merged 74 commits into from
May 29, 2023

Conversation

omerKarkKatz
Copy link
Contributor

@omerKarkKatz omerKarkKatz commented Jan 8, 2023
edited
Loading

Status

  • In Progress
  • Ready
  • In Hold - (Reason for hold)

Related Issues

fixes: link to the issue
fixes: link to the issue

Description

This is a new XSIAM collector for Microsoft defender for cloud

Minimum version of Cortex XSOAR

  • 6.0.0
  • 6.1.0
  • 6.2.0
  • 6.5.0

Does it break backward compatibility?

  • Yes
    • Further details:
  • No

Must have

  • Tests
  • Documentation

@omerKarkKatz
Added the base code
e407b9b
@omerKarkKatz
more structural changes
eb27e74
@omerKarkKatz
added yml and description
3a30295
@omerKarkKatz
added a test
6850443
@omerKarkKatz
commit
e35d279
@omerKarkKatz
Adding tests
92fa938
@omerKarkKatz
added tests and documentation
9f1d801
@omerKarkKatz
removed a duplicate yml conf
ac2adca
@omerKarkKatz
commit
af5f112
@omerKarkKatz
commit
4bf386c
@omerKarkKatz
commit
6ffcb2d
@omerKarkKatz
commit
6b50ee0
@omerKarkKatz
commit
d6b6ddb
@omerKarkKatz
commit
4eeba57
@omerKarkKatz
changed events typo
89e8dba
@omerKarkKatz
merge with master
c6a580a 
Merge remote-tracking branch 'origin/master' into Microsoft_Defender_For_Cloud_Collector
@omerKarkKatz
formating the code
67b52bf
@omerKarkKatz
merge with master
d6bcac4 
Merge remote-tracking branch 'origin/master' into Microsoft_Defender_For_Cloud_Collector
@omerKarkKatz
changes with nextLink
fe31c48
@omerKarkKatz
added support for the pagination
e4b90ad
@omerKarkKatz
commit
812d98a
@omerKarkKatz
commit
3094db5
@omerKarkKatz
commit
6c995a1
@omerKarkKatz
modified some tests
fad7396
@omerKarkKatz
Finished the tests and some fixes found by tests
633734c
@omerKarkKatz
added some test and removed the first fetch time param
8467b14
@omerKarkKatz
fixed a test and some bugs in the code
563fed6
@omerKarkKatz
fixed extra arg in test_module
3a1465e
@omerKarkKatz
commit
338fdc1
@omerKarkKatz
fixes
ed91ba6
@omerKarkKatz
changed the modeling rule of event.outcome_reason
0721b5a
@omerKarkKatz
Added the first_fetch time parameter
fa503fe
@omerKarkKatz
Empty-Commit
00f0949
@omerKarkKatz
merge with master
2340660 
Merge branch 'master' of github.com:demisto/content into Microsoft_Defender_For_Cloud_Collector
gal-forer
gal-forer suggested changes Apr 10, 2023
View reviewed changes
...egrations/MicrosoftDefenderForCloudEventCollector/MicrosoftDefenderForCloudEventCollector.py Outdated
Comment on lines 65 to 68
if check_events_were_filtered_out(curr_events, curr_filtered_events):
events.extend(curr_filtered_events)
break
events.extend(curr_filtered_events)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if check_events_were_filtered_out(curr_events, curr_filtered_events):
events.extend(curr_filtered_events)
break
events.extend(curr_filtered_events)
events.extend(curr_filtered_events)
if check_events_were_filtered_out(curr_events, curr_filtered_events):
break

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice suggestion done.

...egrations/MicrosoftDefenderForCloudEventCollector/MicrosoftDefenderForCloudEventCollector.py Show resolved Hide resolved
...egrations/MicrosoftDefenderForCloudEventCollector/MicrosoftDefenderForCloudEventCollector.py Show resolved Hide resolved
Packs/AzureSecurityCenter/Integrations/MicrosoftDefenderForCloudEventCollector/README.md Outdated
@@ -0,0 +1,50 @@
XSIAM collector for Microsoft Defender for Cloud alerts.
This integration was integrated and tested with version xx of Microsoft Defender for Cloud Event Collector
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replace the xx with a real version

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

deleted this line.

Packs/AzureSecurityCenter/Integrations/MicrosoftDefenderForCloudEventCollector/README.md Outdated
Comment on lines 12 to 20
| Microsoft Azure Management URL | | False |
| ID | | True |
| Token | | True |
| Key | | True |
| Certificate Thumbprint | Used for certificate authentication. As appears in the "Certificates & secrets" page of the app. | False |
| Private Key | Used for certificate authentication. The private key of the registered certificate. | False |
| Subscription ID to use | | True |
| Trust any certificate (not secure) | | False |
| Use system proxy settings | | False |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add missing description

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is auto-generated from the yml added description where it is not self-explanatory.

...urityCenter/Integrations/MicrosoftDefenderForCloudEventCollector/test_data/AlertsToSort.json Show resolved Hide resolved
...urityCenter/Integrations/MicrosoftDefenderForCloudEventCollector/test_data/AlertsToSort.json Show resolved Hide resolved
@omerKarkKatz
merge with master
9eee422 
Merge remote-tracking branch 'origin/master' into Microsoft_Defender_For_Cloud_Collector
@omerKarkKatz
added some known limitations
82382d3
@omerKarkKatz
changed the hyrarcy of the modeling rules
e3259a9
@omerKarkKatz
merge with master
8297483 
Merge branch 'Microsoft_Defender_For_Cloud_Collector' of github.com:demisto/content into Microsoft_Defender_For_Cloud_Collector
@omerKarkKatz
fixed xif
1bcdffc
@omerKarkKatz
modeling rules change names
062b2a0
@omerKarkKatz
Fixed the modeling rules
8c16108
@omerKarkKatz
updated docker image
ad67f37
@omerKarkKatz
merge with master
02fbd26 
Merge remote-tracking branch 'origin/master' into Microsoft_Defender_For_Cloud_Collector
@omerKarkKatz
removed the RN for the new pack
a27e576
@omerKarkKatz
minor readme changes
bc45ffe
DeanArbel
DeanArbel approved these changes May 24, 2023
View reviewed changes
Copy link
Contributor

@DeanArbel DeanArbel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Good job, I know it's been a bumpy road.
@ShirleyDenkberg Please review this PR, take special attention to the Known Limitation section.

ShirleyDenkberg
ShirleyDenkberg reviewed May 24, 2023
View reviewed changes
...crosoftDefenderForCloudEventCollector/MicrosoftDefenderForCloudEventCollector_description.md Outdated Show resolved Hide resolved
...crosoftDefenderForCloudEventCollector/MicrosoftDefenderForCloudEventCollector_description.md Outdated Show resolved Hide resolved
...crosoftDefenderForCloudEventCollector/MicrosoftDefenderForCloudEventCollector_description.md Outdated Show resolved Hide resolved
Packs/AzureSecurityCenter/Integrations/MicrosoftDefenderForCloudEventCollector/README.md Outdated Show resolved Hide resolved
Packs/AzureSecurityCenter/Integrations/MicrosoftDefenderForCloudEventCollector/README.md Outdated Show resolved Hide resolved
Packs/AzureSecurityCenter/Integrations/MicrosoftDefenderForCloudEventCollector/README.md Outdated Show resolved Hide resolved
@ShirleyDenkberg
Copy link
Contributor

@gal-forer @DeanArbel @yucohen @michal-dagan Doc review completed.

omerKarkKatz and others added 5 commits May 28, 2023 11:20
@omerKarkKatz @ShirleyDenkberg
Apply suggestions from code review
3446e38 
Docs review.

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
@omerKarkKatz
added RN and bumped version
48a361d
@omerKarkKatz
merge with master
0dd2a78 
Merge branch 'master' of github.com:demisto/content into Microsoft_Defender_For_Cloud_Collector
@omerKarkKatz
Merge branch 'master' into Microsoft_Defender_For_Cloud_Collector
78f96c4
@omerKarkKatz
Merge branch 'master' into Microsoft_Defender_For_Cloud_Collector
95cfe54
@omerKarkKatz omerKarkKatz merged commit ef3947a into master May 29, 2023
@omerKarkKatz omerKarkKatz deleted the Microsoft_Defender_For_Cloud_Collector branch May 29, 2023 11:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ShirleyDenkberg ShirleyDenkberg ShirleyDenkberg left review comments

@DeanArbel DeanArbel DeanArbel approved these changes

@gal-forer gal-forer gal-forer approved these changes

@yucohen yucohen Awaiting requested review from yucohen

@michal-dagan michal-dagan Awaiting requested review from michal-dagan

Assignees

@ShirleyDenkberg ShirleyDenkberg

Labels
docs-approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@omerKarkKatz @ShirleyDenkberg @gal-forer @DeanArbel