Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ASM] EXPANDR-5997 #30209

Merged
merged 15 commits into from
Oct 18, 2023
Merged

[ASM] EXPANDR-5997 #30209

merged 15 commits into from
Oct 18, 2023

Conversation

johnnywilkes
Copy link
Contributor

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

  • In Progress
  • Ready
  • In Hold - (Reason for hold)

Related Issues

https://jira-dc.paloaltonetworks.com/browse/EXPANDR-5997

Description

Adding Panorama support

Must have

  • Tests
  • Documentation

@johnnywilkes johnnywilkes marked this pull request as draft October 16, 2023 20:03
@johnnywilkes
Copy link
Contributor Author

@capanw / @BigEasyJ , please review

@johnnywilkes
Copy link
Contributor Author

@ShirleyDenkberg , can you please review?

@capanw
Copy link
Contributor

capanw commented Oct 17, 2023

@johnnywilkes, Not able to comment on a specific line. In this file, Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_On_Prem_Enrichment.yml, line 117, I see source ip added as 1.1.1.1. Is that expected?

@johnnywilkes johnnywilkes reopened this Oct 17, 2023
@johnnywilkes
Copy link
Contributor Author

@johnnywilkes, Not able to comment on a specific line. In this file, Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_On_Prem_Enrichment.yml, line 117, I see source ip added as 1.1.1.1. Is that expected?

@capanw ,Yes, I had to test source and destination traffic with the destination being the service and source being an internet address. I decided 1.1.1.1 as a random internet address, but now going to try with 0.0.0.0

johnnywilkes
johnnywilkes commented Oct 17, 2023
View reviewed changes
Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_On_Prem_Enrichment.yml
@@ -111,7 +114,7 @@ tasks:
priority: {}
wildcards: {}
source:
simple: 1.1.1.1
simple: 0.0.0.0
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@capanw , changed to 0.0.0.0 because more representative to internet address/traffic

BigEasyJ
BigEasyJ approved these changes Oct 17, 2023
View reviewed changes
Copy link
Contributor

@BigEasyJ BigEasyJ left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pushed up some formatting changes. Looks good after 0.0.0.0 change.

Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_On_Prem_Enrichment.png Outdated
Copy link
Contributor

@BigEasyJ BigEasyJ Oct 17, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the future this should be a PAN-OS sub-playbook in the On-Prem playbook.

@johnnywilkes johnnywilkes marked this pull request as ready for review October 17, 2023 17:35
ShirleyDenkberg
ShirleyDenkberg reviewed Oct 18, 2023
View reviewed changes
Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_On_Prem_Enrichment.yml Outdated Show resolved Hide resolved
Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_On_Prem_Enrichment.yml Outdated Show resolved Hide resolved
Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_On_Prem_Enrichment.yml Outdated Show resolved Hide resolved
Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_On_Prem_Enrichment.yml Outdated Show resolved Hide resolved
Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_On_Prem_Enrichment.yml Outdated Show resolved Hide resolved
Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_On_Prem_Remediation_README.md Outdated Show resolved Hide resolved
Packs/CortexAttackSurfaceManagement/README.md Outdated Show resolved Hide resolved
Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_5.md Outdated Show resolved Hide resolved
Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_5.md Outdated Show resolved Hide resolved
Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_5.md Outdated Show resolved Hide resolved
@ShirleyDenkberg ShirleyDenkberg self-assigned this Oct 18, 2023
@ShirleyDenkberg
Copy link
Contributor

@BigEasyJ @capanw @melamedbn @MosheEichler Doc review completed.

@johnnywilkes @ShirleyDenkberg
Apply suggestions from code review
1c8e84a 
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
@johnnywilkes
Copy link
Contributor Author

@melamedbn / @MosheEichler , this has been approved by Xpanse team. Please merge when possible.

@MosheEichler MosheEichler merged commit f564df0 into demisto:contrib/PaloAltoNetworks_ASM-EXPANDR-5997 Oct 18, 2023
18 of 19 checks passed
MosheEichler pushed a commit that referenced this pull request Oct 19, 2023
@johnnywilkes @BigEasyJ @ShirleyDenkberg
[ASM] EXPANDR-5997 (#30209) (#30302)
0057627 
* init

* update

* init

* RN

* bump

* add conditon statements

* update wording

* Unescape JSON views

* Unscape JSON continued

* change inet address for pan-os-security-policy-match command

* Apply suggestions from code review



---------

Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com>
Co-authored-by: bigeasyj <janny@paloaltonetworks.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
sapirshuker pushed a commit that referenced this pull request Dec 21, 2023
@johnnywilkes @BigEasyJ @ShirleyDenkberg
[ASM] EXPANDR-5997 (#30209) (#30302)
6096a0f 
* init

* update

* init

* RN

* bump

* add conditon statements

* update wording

* Unescape JSON views

* Unscape JSON continued

* change inet address for pan-os-security-policy-match command

* Apply suggestions from code review



---------

Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com>
Co-authored-by: bigeasyj <janny@paloaltonetworks.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ShirleyDenkberg ShirleyDenkberg ShirleyDenkberg left review comments

@capanw capanw capanw approved these changes

@MosheEichler MosheEichler MosheEichler approved these changes

@BigEasyJ BigEasyJ BigEasyJ approved these changes

@melamedbn melamedbn Awaiting requested review from melamedbn

Assignees

@melamedbn melamedbn

@ShirleyDenkberg ShirleyDenkberg

@MosheEichler MosheEichler

Labels
Community Contribution Form Filled Whether contribution form filled or not. Contribution Thank you! Contributions are always welcome! docs-approved External PR Security Review Xsoar Support Level Indicates that the contribution is for XSOAR supported pack
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@johnnywilkes @capanw @ShirleyDenkberg @BigEasyJ @MosheEichler @melamedbn