Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Crowdstrike Falcon] Mirroring incidents - severity #28708

Merged
merged 26 commits into from
Nov 6, 2023
Merged

[Crowdstrike Falcon] Mirroring incidents - severity #28708

merged 26 commits into from
Nov 6, 2023

Conversation

jlevypaloalto
Copy link
Contributor

@jlevypaloalto jlevypaloalto commented Aug 2, 2023
edited
Loading

Status

  • In Progress
  • Ready
  • In Hold - (Reason for hold)

Related Issues

fixes: link to the issue

Description

Fixes:

  1. The issue where the severity field for CrowdStrike Incidents in XSOAR was not mirrored. This was fixed by adding the severity field (fine_score in the API response) to the constant CS_FALCON_INCIDENT_INCOMING_ARGS, which is used to extract XSOAR fields from the API.
  2. The issue where mirroring would crash for instances that did not have access to all CrowdStrike incident types as the API endpoints of all types were used in mirroring regardless of the configuration. This was fixed by changing the integration so that only the API endpoints of the types configured are used.

Must have

  • Tests

@jlevypaloalto jlevypaloalto marked this pull request as ready for review October 24, 2023 11:30
JudahSchwartz
JudahSchwartz approved these changes Nov 2, 2023
View reviewed changes
Copy link
Contributor

@JudahSchwartz JudahSchwartz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice pr!

@jlevypaloalto jlevypaloalto merged commit 4ac55a9 into master Nov 6, 2023
14 checks passed
@jlevypaloalto jlevypaloalto deleted the jl-add-severity-to-mirroring branch November 6, 2023 10:18
sapirshuker pushed a commit that referenced this pull request Dec 21, 2023
@jlevypaloalto
[Crowdstrike Falcon] Mirroring incidents - severity (#28708)
e6d990f 
* init

* init

* changed fine_score to severity in classifier

* unit-tests

* aligned with design

* cosmetic changes

* removed severity from incident_context

* candidate

* undid cosmetci changes

* fix flake8 line-too-long

* possible fix: mirror only with types specified

* fixed unit-tests

* update release notes, docker

* name change

* conflict fix

* removed update docker from RN

* resolve conflicts

* update docker

* fix TPB
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JudahSchwartz JudahSchwartz JudahSchwartz approved these changes

Assignees
No one assigned
Labels
docs-approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jlevypaloalto @JudahSchwartz