Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Phishing - deduplication of HTML fields to improve performance #26517

Merged
merged 36 commits into from
May 29, 2023
Merged

Phishing - deduplication of HTML fields to improve performance #26517

merged 36 commits into from
May 29, 2023

Conversation

idovandijk
Copy link
Contributor

@idovandijk idovandijk commented May 15, 2023
edited
Loading

Status

In Progress

Related Issues

fixes: https://jira-hq.paloaltonetworks.local/browse/CRTX-81822

Description

  • Adds a playbook input to the Process Email - Generic v2 playbook. The input is a flag that dictates whether to setIncident for the Email Body HTML and Rendered HTML fields.
    The flag should be set to False if the user experiences errors due to incident object size. Setting the flag to False will break backward compatibility if the user depends on the Email Body HTML or Rendered HTML fields in their playbooks.
    The field Email HTML should be used instead, and the Email Body field should be used for plan-text email bodies.
  • Fixed the domain-squatting phishing test

Minimum version of Cortex XSOAR

6.5.0

Does it break backward compatibility?

No / Yes (depending on what we will decide about the flag's default value.)

@idovandijk idovandijk requested review from ArikDay and AdiPeret May 15, 2023 16:23
AdiPeret
AdiPeret approved these changes May 16, 2023
View reviewed changes
Copy link
Contributor

@AdiPeret AdiPeret left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

@idovandijk idovandijk requested a review from tomer-pan May 16, 2023 09:03
idovandijk and others added 9 commits May 16, 2023 16:41
@content-bot
Copy link
Collaborator

This PR was automatically updated by a GitHub Action

  • Phishing pack version was bumped to 3.5.18.

To stop automatic version bumps, add the ignore-auto-bump-version label to the github PR.

@ShirleyDenkberg
Copy link
Contributor

@ArikDay @AdiPeret @tomer-pan Doc review completed.

idovandijk and others added 11 commits May 18, 2023 14:10
@idovandijk @ShirleyDenkberg
Apply suggestions from code review
d50c565 
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
@idovandijk
Fixed invalid reference to dynamic section script
fe3a7b3
@idovandijk @ShirleyDenkberg
Update Packs/Campaign/Playbooks/Detect_&_Manage_Phishing_Campaigns.yml
cacd128 
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
@idovandijk @ShirleyDenkberg
Update Packs/Phishing/ReleaseNotes/3_5_18.md
711f35c 
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
@idovandijk @ShirleyDenkberg
Update Packs/Campaign/Playbooks/Detect_&_Manage_Phishing_Campaigns.yml
752fae3 
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
@idovandijk @ShirleyDenkberg
Update Packs/Campaign/Playbooks/Detect_&_Manage_Phishing_Campaigns.yml
cab09e0 
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
@idovandijk
Merge branch 'master' of github.com:demisto/content into phishing-ded…
832d0d2 
…up-html-fields
@idovandijk
Merge branch 'phishing-dedup-html-fields' of github.com:demisto/conte…
b7a0ff0 
…nt into phishing-dedup-html-fields
@idovandijk
Merge branch 'master' of github.com:demisto/content into phishing-ded…
307b5b5 
…up-html-fields
@idovandijk
Changed layout to use the new script name "DisplayHTMLWithImages".
21df462
@idovandijk
Changed the playbook to not break by default
1a3e3d7
@content-bot
Copy link
Collaborator

This PR was automatically updated by a GitHub Action

  • Phishing pack version was bumped to 3.5.19.

To stop automatic version bumps, add the ignore-auto-bump-version label to the github PR.

@idovandijk
Copy link
Contributor Author

idovandijk commented May 23, 2023
edited
Loading

@ShirleyDenkberg can you please review the RN again? I modified the RN to emphasize that while we do recommend to change the value of the input - it can break backward compatibility for the users if they're using custom content.
I also updated the other RN.

ShirleyDenkberg
ShirleyDenkberg reviewed May 23, 2023
View reviewed changes
Packs/Campaign/ReleaseNotes/3_2_23.md

##### Detect & Manage Phishing Campaigns

Changed the playbook to use the *Email HTML* field instead of the *Email Body HTML* by default. We recommend that users change to the value locally as well. This change should not affect the functionality of the playbook.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Changed the playbook to use the *Email HTML* field instead of the *Email Body HTML* by default. We recommend that users change to the value locally as well. This change should not affect the functionality of the playbook.
Changed the playbook to use the *Email HTML* field instead of the *Email Body HTML* by default. We recommend that users change the value locally as well. This change should not affect the functionality of the playbook.

Packs/Phishing/ReleaseNotes/3_5_19.md Outdated Show resolved Hide resolved
@idovandijk idovandijk merged commit 67a42bc into master May 29, 2023
@idovandijk idovandijk deleted the phishing-dedup-html-fields branch May 29, 2023 07:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomer-pan tomer-pan tomer-pan left review comments

@ShirleyDenkberg ShirleyDenkberg ShirleyDenkberg left review comments

@AdiPeret AdiPeret AdiPeret approved these changes

@ArikDay ArikDay Awaiting requested review from ArikDay

Assignees

@ShirleyDenkberg ShirleyDenkberg

Labels
docs-approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@idovandijk @content-bot @ShirleyDenkberg @tomer-pan @AdiPeret