From c71aa1847e915b02a174eae53d10490572f0cf04 Mon Sep 17 00:00:00 2001 From: beauchompers Date: Mon, 30 Oct 2023 15:11:50 -0600 Subject: [PATCH 1/4] after format --- .../Integrations/XSOAREDLChecker/README.md | 3 +- .../XSOAREDLChecker/XSOAREDLChecker.py | 19 ++- .../XSOAREDLChecker/XSOAREDLChecker.yml | 9 ++ .../Playbooks/JOB_-_XSOAR_EDL_Checker.yml | 118 ++++++++---------- 4 files changed, 81 insertions(+), 68 deletions(-) diff --git a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md index 46b83184280a..a441ed09b542 100644 --- a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md +++ b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md @@ -1,5 +1,5 @@ Checks an XSOAR EDL to make sure it's returning a valid response. -This integration was integrated and tested with version 6.8+ of Cortex XSOAR. +This integration was integrated and tested with version 6.12 and 8.4 of Cortex XSOAR. ## Configure XSOAR EDL Checker on Cortex XSOAR @@ -12,6 +12,7 @@ This integration was integrated and tested with version 6.8+ of Cortex XSOAR. | EDL Name | The name of the edl from the generic indicator export service | True | | Username | | False | | Password | | False | + | XSOAR Version | The version of XSOAR you are using, either 6.x or 8.x | False | 4. Click **Test** to validate the URLs, token, and connection. diff --git a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.py b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.py index 2ee0575491db..8072c8461d79 100644 --- a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.py +++ b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.py @@ -2,7 +2,6 @@ import requests import urllib3 from CommonServerPython import * # noqa: F401 -from typing import Union # Disable insecure warnings urllib3.disable_warnings() @@ -11,12 +10,26 @@ ''' HELPER FUNCTIONS ''' +def get_base_url(xsoar_version): + """ + Returns the url to be used to check the EDL, depends on the XSOAR version. + """ + url = demisto.demistoUrls().get('server') + if xsoar_version == "6.x": + # return the server url for xsoar 6 + return url + else: + # construct the url for xsoar 8 + url = f"{url[:8]}ext-{url[8:]}/xsoar" + return url + + def edl_http_request(base_url, edl_name, verify, creds): """ HTTP Request to check EDL, using basic auth if creds are provided Returns the full response. """ - response: Union[Dict, requests.Response] + response: Dict | requests.Response try: if creds: username = creds.get('username') @@ -104,7 +117,7 @@ def get_edl_command(base_url, edl_name, verify, creds=None): def main(): - base_url = demisto.demistoUrls().get('server') + base_url = get_base_url(demisto.params().get('xsoarversion')) edl_name = demisto.params().get('edl_name') verify = not demisto.params().get('insecure', False) credentials = demisto.params().get('credentials', None) diff --git a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.yml b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.yml index 55f4463f64ee..de282e5eb83e 100644 --- a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.yml +++ b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.yml @@ -17,6 +17,15 @@ configuration: name: insecure type: 8 required: false +- display: XSOAR Version + name: xsoarversion + defaultvalue: 6.x + type: 15 + required: false + options: + - 6.x + - 8.x + additionalinfo: 'The version of XSOAR you are using 6.x or 8.x ' description: Checks an XSOAR hosted EDL to make sure it's returning a valid response. Supports PAN-OS (text), CSV, or JSON EDLs. display: XSOAR EDL Checker name: XSOAR EDL Checker diff --git a/Packs/XSOAR_EDL_Checker/Playbooks/JOB_-_XSOAR_EDL_Checker.yml b/Packs/XSOAR_EDL_Checker/Playbooks/JOB_-_XSOAR_EDL_Checker.yml index cd8023875aa1..655d0be31f50 100644 --- a/Packs/XSOAR_EDL_Checker/Playbooks/JOB_-_XSOAR_EDL_Checker.yml +++ b/Packs/XSOAR_EDL_Checker/Playbooks/JOB_-_XSOAR_EDL_Checker.yml @@ -6,10 +6,10 @@ starttaskid: "0" tasks: "0": id: "0" - taskid: 1213a315-08db-4555-8f5a-1176629ef518 + taskid: fa6ee827-92a4-4776-83b6-79b7441fae37 type: start task: - id: 1213a315-08db-4555-8f5a-1176629ef518 + id: fa6ee827-92a4-4776-83b6-79b7441fae37 version: -1 name: "" iscommand: false @@ -20,13 +20,7 @@ tasks: - "3" separatecontext: false continueonerrortype: "" - view: |- - { - "position": { - "x": 50, - "y": 50 - } - } + view: "{\n \"position\": {\n \"x\": 275,\n \"y\": 50\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -36,10 +30,10 @@ tasks: isautoswitchedtoquietmode: false "2": id: "2" - taskid: 5e1ce334-7a94-4046-8b6e-c2637ea836c1 + taskid: 2dd36113-a90b-4fb5-8833-e6564215240c type: title task: - id: 5e1ce334-7a94-4046-8b6e-c2637ea836c1 + id: 2dd36113-a90b-4fb5-8833-e6564215240c version: -1 name: Done type: title @@ -48,13 +42,7 @@ tasks: description: '' separatecontext: false continueonerrortype: "" - view: |- - { - "position": { - "x": 50, - "y": 895 - } - } + view: "{\n \"position\": {\n \"x\": 275,\n \"y\": 1070\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -64,30 +52,24 @@ tasks: isautoswitchedtoquietmode: false "3": id: "3" - taskid: 25ac2d3d-f1cf-4ffa-872f-ce23fbedf978 + taskid: 5db5364b-6935-4ef9-838d-965d4a8e16a5 type: regular task: - id: 25ac2d3d-f1cf-4ffa-872f-ce23fbedf978 + id: 5db5364b-6935-4ef9-838d-965d4a8e16a5 version: -1 name: Check the EDLs description: Runs the xsoaredlchecker-get-edl command for all configured instances, and returns a consolidated output. - scriptName: XSOARAllEDLCheckerAutomation type: regular iscommand: false brand: "" + script: XSOARAllEDLCheckerAutomation nexttasks: '#none#': - "4" reputationcalc: 1 separatecontext: false continueonerrortype: "" - view: |- - { - "position": { - "x": 50, - "y": 195 - } - } + view: "{\n \"position\": {\n \"x\": 275,\n \"y\": 195\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -97,10 +79,10 @@ tasks: isautoswitchedtoquietmode: false "4": id: "4" - taskid: 077bee0d-ab6f-420a-81ec-93664e1dac29 + taskid: 5b72b7e7-1ea9-4cb9-85d8-12de534b353a type: condition task: - id: 077bee0d-ab6f-420a-81ec-93664e1dac29 + id: 5b72b7e7-1ea9-4cb9-85d8-12de534b353a version: -1 name: Are there failing EDLs? description: 'Check if there are EDLs which are not returning a 200 OK response. ' @@ -109,7 +91,7 @@ tasks: brand: "" nexttasks: '#default#': - - "2" + - '7' "yes": - "5" separatecontext: false @@ -119,19 +101,13 @@ tasks: - - operator: isNotEqualString left: value: - simple: EDLChecker.Response + simple: EDLChecker.Status iscontext: true right: value: simple: "200" continueonerrortype: "" - view: |- - { - "position": { - "x": 50, - "y": 370 - } - } + view: "{\n \"position\": {\n \"x\": 275,\n \"y\": 370\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -141,10 +117,10 @@ tasks: isautoswitchedtoquietmode: false "5": id: "5" - taskid: 5371b62e-0d16-4259-819b-e0bc0a5d3840 + taskid: 0393f17d-09a2-4cae-8626-90f838e14cec type: condition task: - id: 5371b62e-0d16-4259-819b-e0bc0a5d3840 + id: 0393f17d-09a2-4cae-8626-90f838e14cec version: -1 name: Should we send notifications? description: 'Check whether the input for SendNotification has a list of emails to send notification to. ' @@ -153,7 +129,7 @@ tasks: brand: "" nexttasks: '#default#': - - "2" + - '7' "yes": - "6" separatecontext: false @@ -185,10 +161,10 @@ tasks: isautoswitchedtoquietmode: false "6": id: "6" - taskid: 1375fc79-f1da-4391-852e-221063faaa0a + taskid: 9860a8d2-fe4e-454a-8363-3796e5dc6914 type: regular task: - id: 1375fc79-f1da-4391-852e-221063faaa0a + id: 9860a8d2-fe4e-454a-8363-3796e5dc6914 version: -1 name: Send Notification description: Send an email @@ -198,7 +174,7 @@ tasks: brand: "" nexttasks: '#none#': - - "2" + - '7' scriptarguments: body: simple: |- @@ -215,13 +191,7 @@ tasks: root: inputs.SendNotification separatecontext: false continueonerrortype: "" - view: |- - { - "position": { - "x": 275, - "y": 720 - } - } + view: "{\n \"position\": {\n \"x\": 50,\n \"y\": 720\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -229,18 +199,38 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false -view: |- - { - "linkLabelsPosition": {}, - "paper": { - "dimensions": { - "height": 910, - "width": 605, - "x": 50, - "y": 50 - } - } - } + '7': + id: '7' + taskid: 267cc391-387c-450c-8427-d4d51a34c37b + type: regular + task: + id: 267cc391-387c-450c-8427-d4d51a34c37b + version: -1 + name: Close + description: commands.local.cmd.close.inv + script: Builtin|||closeInvestigation + type: regular + iscommand: true + brand: Builtin + nexttasks: + '#none#': + - '2' + scriptarguments: + closeNotes: + simple: Job's done. + closeReason: + simple: Other + separatecontext: false + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": 275,\n \"y\": 895\n }\n}" + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: false + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false +view: "{\n \"linkLabelsPosition\": {},\n \"paper\": {\n \"dimensions\": {\n \"height\": 1085,\n \"width\": 605,\n \"x\": 50,\n \"y\": 50\n }\n }\n}" inputs: - key: SendNotification value: {} From 78853c06ad96106f207b4943c53bfbcebffc2ed2 Mon Sep 17 00:00:00 2001 From: beauchompers Date: Mon, 30 Oct 2023 15:18:28 -0600 Subject: [PATCH 2/4] updated description, integration readme, and increased pack version --- .../Integrations/XSOAREDLChecker/README.md | 41 ++++++++++++++++--- .../XSOAREDLChecker_description.md | 4 ++ Packs/XSOAR_EDL_Checker/ReleaseNotes/1_1_0.md | 13 ++++++ Packs/XSOAR_EDL_Checker/pack_metadata.json | 2 +- 4 files changed, 54 insertions(+), 6 deletions(-) create mode 100644 Packs/XSOAR_EDL_Checker/ReleaseNotes/1_1_0.md diff --git a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md index a441ed09b542..efa1e51ad263 100644 --- a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md +++ b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md @@ -1,5 +1,5 @@ -Checks an XSOAR EDL to make sure it's returning a valid response. -This integration was integrated and tested with version 6.12 and 8.4 of Cortex XSOAR. +Checks an XSOAR hosted EDL to make sure it's returning a valid response. Supports PAN-OS (text), CSV, or JSON EDLs. +This integration was integrated and tested with version xx of XSOAR EDL Checker. ## Configure XSOAR EDL Checker on Cortex XSOAR @@ -12,19 +12,21 @@ This integration was integrated and tested with version 6.12 and 8.4 of Cortex X | EDL Name | The name of the edl from the generic indicator export service | True | | Username | | False | | Password | | False | - | XSOAR Version | The version of XSOAR you are using, either 6.x or 8.x | False | + | Trust any certificate (not secure) | | False | + | XSOAR Version | The version of XSOAR you are using 6.x or 8.x | False | 4. Click **Test** to validate the URLs, token, and connection. ## Commands + You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details. ### xsoaredlchecker-get-edl + *** Checks the EDL and returns the response. - #### Base Command `xsoaredlchecker-get-edl` @@ -34,7 +36,6 @@ Checks the EDL and returns the response. | **Argument Name** | **Description** | **Required** | | --- | --- | --- | - #### Context Output | **Path** | **Type** | **Description** | @@ -43,3 +44,33 @@ Checks the EDL and returns the response. | EDLChecker.Status | unknown | The HTTP Status Code returned by the EDL | | EDLChecker.Response | unknown | The Response or Error from the check. | | EDLChecker.ItemsOnList | unknown | The number of indicators on the list, assuming a successful response\! | + +#### Command example +```!xsoaredlchecker-get-edl``` +#### Context Example +```json +{ + "EDLChecker": [ + { + "ItemsOnList": 2, + "Name": "domains", + "Response": "domains returned a 200 response, all should be well", + "Status": 200 + }, + { + "ItemsOnList": 0, + "Name": "ips", + "Response": "Instance 'ips' is disabled (922)", + "Status": 400 + } + ] +} +``` + +#### Human Readable Output + +>### EDL Response for domains +>|Name|Status|Response|ItemsOnList| +>|---|---|---|---| +>| domains | 200 | domains returned a 200 response, all should be well | 2 | + diff --git a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker_description.md b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker_description.md index 47b1a487fc05..268961cb54df 100644 --- a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker_description.md +++ b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker_description.md @@ -2,10 +2,14 @@ This integration checks an external dynamic list provided by the [XSOAR Generic Indicators Export Service](https://xsoar.pan.dev/docs/reference/integrations/edl), to validate it is responding as required. +XSOAR 6.x: Only supports lists hosted off the XSOAR server, and requires the following server configuration be set from Settings -> About -> Troubleshooting instance.execute.external = true +XSOAR 8.X: +Make sure to configre the credentials for Long Running Integrations (Settings -> Settings & Info -> Instances -> Long Running Integrations) + ## Setup Configure an instance and provide the name of the instance name from the XSOAR Generic Indicators Export Service. diff --git a/Packs/XSOAR_EDL_Checker/ReleaseNotes/1_1_0.md b/Packs/XSOAR_EDL_Checker/ReleaseNotes/1_1_0.md new file mode 100644 index 000000000000..990d98f0ebbf --- /dev/null +++ b/Packs/XSOAR_EDL_Checker/ReleaseNotes/1_1_0.md @@ -0,0 +1,13 @@ + +#### Integrations + +##### XSOAR EDL Checker + +- Added support for both XSOAR 6.x and 8.x +- Add XSOAR Version parameter (6.x or 8.x) to support EDLs on both XSOAR platforms. + +#### Playbooks + +##### JOB - XSOAR EDL Checker + +- Fixed issue with the conditional to check whether any EDLs were failing. diff --git a/Packs/XSOAR_EDL_Checker/pack_metadata.json b/Packs/XSOAR_EDL_Checker/pack_metadata.json index ee453eacade7..8e9897b79ea9 100644 --- a/Packs/XSOAR_EDL_Checker/pack_metadata.json +++ b/Packs/XSOAR_EDL_Checker/pack_metadata.json @@ -2,7 +2,7 @@ "name": "XSOAR EDL Checker", "description": "Checks EDLs hosted by the XSOAR server to ensure they are functioning.", "support": "community", - "currentVersion": "1.0.2", + "currentVersion": "1.1.0", "author": "beauchompers", "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions", "email": "", From b993986d5edc9fe55816c95ab600d8abaf3c5f0f Mon Sep 17 00:00:00 2001 From: beauchompers Date: Mon, 30 Oct 2023 15:23:53 -0600 Subject: [PATCH 3/4] updating pack metadata to use my Palo Alto information --- Packs/XSOAR_EDL_Checker/pack_metadata.json | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Packs/XSOAR_EDL_Checker/pack_metadata.json b/Packs/XSOAR_EDL_Checker/pack_metadata.json index 8e9897b79ea9..cdfd028159fd 100644 --- a/Packs/XSOAR_EDL_Checker/pack_metadata.json +++ b/Packs/XSOAR_EDL_Checker/pack_metadata.json @@ -3,7 +3,7 @@ "description": "Checks EDLs hosted by the XSOAR server to ensure they are functioning.", "support": "community", "currentVersion": "1.1.0", - "author": "beauchompers", + "author": "Mike Beauchamp", "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions", "email": "", "categories": [ @@ -16,7 +16,9 @@ "xsoar" ], "devEmail": [ - "beauchompers@gmail.com" + "mbeauchamp@paloaltonetworks.com" ], - "githubUser": [] + "githubUser": [ + "beauchompers" + ] } \ No newline at end of file From d7c9b7fffca477f7582de9f6c8c71e92529586d2 Mon Sep 17 00:00:00 2001 From: beauchompers Date: Wed, 1 Nov 2023 08:28:42 -0600 Subject: [PATCH 4/4] updated readme for integration --- .../XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md index efa1e51ad263..250f6d909a23 100644 --- a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md +++ b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md @@ -1,5 +1,6 @@ -Checks an XSOAR hosted EDL to make sure it's returning a valid response. Supports PAN-OS (text), CSV, or JSON EDLs. -This integration was integrated and tested with version xx of XSOAR EDL Checker. +Checks an XSOAR hosted EDL to make sure it's returning a valid response. Supports PAN-OS (text), CSV, or JSON EDLs. + +This integration was integrated and tested with version 6.12 and 8.4 of Cortex XSOAR, and version 3.2.12 of the Generic Export Indicator Service. ## Configure XSOAR EDL Checker on Cortex XSOAR