XSOAR EDL Checker - Add support for XSOAR 8.x - Oct 2023

Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md

@@ -1,5 +1,5 @@
-Checks an XSOAR EDL to make sure it's returning a valid response.
-This integration was integrated and tested with version 6.8+ of Cortex XSOAR.
+Checks an XSOAR hosted EDL to make sure it's returning a valid response.   Supports PAN-OS (text), CSV, or JSON EDLs.
+This integration was integrated and tested with version xx of XSOAR EDL Checker.
 
 ## Configure XSOAR EDL Checker on Cortex XSOAR
 
@@ -12,18 +12,21 @@
     | EDL Name | The name of the edl from the generic indicator export service | True |
     | Username |  | False |
     | Password |  | False |
+    | Trust any certificate (not secure) |  | False |
+    | XSOAR Version | The version of XSOAR you are using 6.x or 8.x  | False |
 
 4. Click **Test** to validate the URLs, token, and connection.
 
 ## Commands
+
 You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
 After you successfully execute a command, a DBot message appears in the War Room with the command details.
 
 ### xsoaredlchecker-get-edl
+
 ***
 Checks the EDL and returns the response. 
 
-
 #### Base Command
 
 `xsoaredlchecker-get-edl`
@@ -33,7 +36,6 @@
 | **Argument Name** | **Description** | **Required** |
 | --- | --- | --- |
 
-
 #### Context Output
 
 | **Path** | **Type** | **Description** |
@@ -42,3 +44,33 @@
 | EDLChecker.Status | unknown | The HTTP Status Code returned by the EDL | 
 | EDLChecker.Response | unknown | The Response or Error from the check. | 
 | EDLChecker.ItemsOnList | unknown | The number of indicators on the list, assuming a successful response\! | 
+
+#### Command example
+```!xsoaredlchecker-get-edl```
+#### Context Example
+```json
+{
+    "EDLChecker": [
+        {
+            "ItemsOnList": 2,
+            "Name": "domains",
+            "Response": "domains returned a 200 response, all should be well",
+            "Status": 200
+        },
+        {
+            "ItemsOnList": 0,
+            "Name": "ips",
+            "Response": "Instance 'ips' is disabled (922)",
+            "Status": 400
+        }
+    ]
+}
+```
+
+#### Human Readable Output
+
+>### EDL Response for domains
+>|Name|Status|Response|ItemsOnList|
+>|---|---|---|---|
+>| domains | 200 | domains returned a 200 response, all should be well | 2 |
+

Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.py

@@ -2,7 +2,6 @@
 import requests
 import urllib3
 from CommonServerPython import *  # noqa: F401
-from typing import Union
 
 # Disable insecure warnings
 urllib3.disable_warnings()
@@ -11,12 +10,26 @@
 ''' HELPER FUNCTIONS '''
 
 
+def get_base_url(xsoar_version):
+    """
+    Returns the url to be used to check the EDL, depends on the XSOAR version.
+    """
+    url = demisto.demistoUrls().get('server')
+    if xsoar_version == "6.x":
+        # return the server url for xsoar 6
+        return url
+    else:
+        # construct the url for xsoar 8
+        url = f"{url[:8]}ext-{url[8:]}/xsoar"
+        return url
+
+
 def edl_http_request(base_url, edl_name, verify, creds):
     """
     HTTP Request to check EDL, using basic auth if creds are provided
     Returns the full response.
     """
-    response: Union[Dict, requests.Response]
+    response: Dict | requests.Response
     try:
         if creds:
             username = creds.get('username')
@@ -104,7 +117,7 @@ def get_edl_command(base_url, edl_name, verify, creds=None):
 
 
 def main():
-    base_url = demisto.demistoUrls().get('server')
+    base_url = get_base_url(demisto.params().get('xsoarversion'))
     edl_name = demisto.params().get('edl_name')
     verify = not demisto.params().get('insecure', False)
     credentials = demisto.params().get('credentials', None)

Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.yml

@@ -1,4 +1,4 @@
 category: Utilities
 commonfields:
   id: XSOAR EDL Checker
   version: -1
@@ -17,6 +17,15 @@
   name: insecure
   type: 8
   required: false
+- display: XSOAR Version
+  name: xsoarversion
+  defaultvalue: 6.x
+  type: 15
+  required: false
+  options:
+  - 6.x
+  - 8.x
+  additionalinfo: 'The version of XSOAR you are using 6.x or 8.x '
 description: Checks an XSOAR hosted EDL to make sure it's returning a valid response.   Supports PAN-OS (text), CSV, or JSON EDLs.
 display: XSOAR EDL Checker
 name: XSOAR EDL Checker

Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker_description.md

@@ -2,10 +2,14 @@
 
 This integration checks an external dynamic list provided by the [XSOAR Generic Indicators Export Service](https://xsoar.pan.dev/docs/reference/integrations/edl), to validate it is responding as required.
 
+XSOAR 6.x:
 Only supports lists hosted off the XSOAR server, and requires the following server configuration be set from Settings -> About -> Troubleshooting
 
 instance.execute.external = true 
 
+XSOAR 8.X: 
+Make sure to configre the credentials for Long Running Integrations (Settings -> Settings & Info -> Instances -> Long Running Integrations)
+
 ## Setup
 
 Configure an instance and provide the name of the instance name from the XSOAR Generic Indicators Export Service.

Packs/XSOAR_EDL_Checker/Playbooks/JOB_-_XSOAR_EDL_Checker.yml

@@ -6,10 +6,10 @@ starttaskid: "0"
 tasks:
   "0":
     id: "0"
-    taskid: 1213a315-08db-4555-8f5a-1176629ef518
+    taskid: fa6ee827-92a4-4776-83b6-79b7441fae37
     type: start
     task:
-      id: 1213a315-08db-4555-8f5a-1176629ef518
+      id: fa6ee827-92a4-4776-83b6-79b7441fae37
       version: -1
       name: ""
       iscommand: false
@@ -20,13 +20,7 @@ tasks:
       - "3"
     separatecontext: false
     continueonerrortype: ""
-    view: |-
-      {
-        "position": {
-          "x": 50,
-          "y": 50
-        }
-      }
+    view: "{\n  \"position\": {\n    \"x\": 275,\n    \"y\": 50\n  }\n}"
     note: false
     timertriggers: []
     ignoreworker: false
@@ -36,10 +30,10 @@ tasks:
     isautoswitchedtoquietmode: false
   "2":
     id: "2"
-    taskid: 5e1ce334-7a94-4046-8b6e-c2637ea836c1
+    taskid: 2dd36113-a90b-4fb5-8833-e6564215240c
     type: title
     task:
-      id: 5e1ce334-7a94-4046-8b6e-c2637ea836c1
+      id: 2dd36113-a90b-4fb5-8833-e6564215240c
       version: -1
       name: Done
       type: title
@@ -48,13 +42,7 @@ tasks:
       description: ''
     separatecontext: false
     continueonerrortype: ""
-    view: |-
-      {
-        "position": {
-          "x": 50,
-          "y": 895
-        }
-      }
+    view: "{\n  \"position\": {\n    \"x\": 275,\n    \"y\": 1070\n  }\n}"
     note: false
     timertriggers: []
     ignoreworker: false
@@ -64,30 +52,24 @@ tasks:
     isautoswitchedtoquietmode: false
   "3":
     id: "3"
-    taskid: 25ac2d3d-f1cf-4ffa-872f-ce23fbedf978
+    taskid: 5db5364b-6935-4ef9-838d-965d4a8e16a5
     type: regular
     task:
-      id: 25ac2d3d-f1cf-4ffa-872f-ce23fbedf978
+      id: 5db5364b-6935-4ef9-838d-965d4a8e16a5
       version: -1
       name: Check the EDLs
       description: Runs the xsoaredlchecker-get-edl command for all configured instances, and returns a consolidated output.
-      scriptName: XSOARAllEDLCheckerAutomation
       type: regular
       iscommand: false
       brand: ""
+      script: XSOARAllEDLCheckerAutomation
     nexttasks:
       '#none#':
       - "4"
     reputationcalc: 1
     separatecontext: false
     continueonerrortype: ""
-    view: |-
-      {
-        "position": {
-          "x": 50,
-          "y": 195
-        }
-      }
+    view: "{\n  \"position\": {\n    \"x\": 275,\n    \"y\": 195\n  }\n}"
     note: false
     timertriggers: []
     ignoreworker: false
@@ -97,10 +79,10 @@ tasks:
     isautoswitchedtoquietmode: false
   "4":
     id: "4"
-    taskid: 077bee0d-ab6f-420a-81ec-93664e1dac29
+    taskid: 5b72b7e7-1ea9-4cb9-85d8-12de534b353a
     type: condition
     task:
-      id: 077bee0d-ab6f-420a-81ec-93664e1dac29
+      id: 5b72b7e7-1ea9-4cb9-85d8-12de534b353a
       version: -1
       name: Are there failing EDLs?
       description: 'Check if there are EDLs which are not returning a 200 OK response. '
@@ -109,7 +91,7 @@ tasks:
       brand: ""
     nexttasks:
       '#default#':
-      - "2"
+      - '7'
       "yes":
       - "5"
     separatecontext: false
@@ -119,19 +101,13 @@ tasks:
       - - operator: isNotEqualString
           left:
             value:
-              simple: EDLChecker.Response
+              simple: EDLChecker.Status
             iscontext: true
           right:
             value:
               simple: "200"
     continueonerrortype: ""
-    view: |-
-      {
-        "position": {
-          "x": 50,
-          "y": 370
-        }
-      }
+    view: "{\n  \"position\": {\n    \"x\": 275,\n    \"y\": 370\n  }\n}"
     note: false
     timertriggers: []
     ignoreworker: false
@@ -141,10 +117,10 @@ tasks:
     isautoswitchedtoquietmode: false
   "5":
     id: "5"
-    taskid: 5371b62e-0d16-4259-819b-e0bc0a5d3840
+    taskid: 0393f17d-09a2-4cae-8626-90f838e14cec
     type: condition
     task:
-      id: 5371b62e-0d16-4259-819b-e0bc0a5d3840
+      id: 0393f17d-09a2-4cae-8626-90f838e14cec
       version: -1
       name: Should we send notifications?
       description: 'Check whether the input for SendNotification has a list of emails to send notification to. '
@@ -153,7 +129,7 @@ tasks:
       brand: ""
     nexttasks:
       '#default#':
-      - "2"
+      - '7'
       "yes":
       - "6"
     separatecontext: false
@@ -185,10 +161,10 @@ tasks:
     isautoswitchedtoquietmode: false
   "6":
     id: "6"
-    taskid: 1375fc79-f1da-4391-852e-221063faaa0a
+    taskid: 9860a8d2-fe4e-454a-8363-3796e5dc6914
     type: regular
     task:
-      id: 1375fc79-f1da-4391-852e-221063faaa0a
+      id: 9860a8d2-fe4e-454a-8363-3796e5dc6914
       version: -1
       name: Send Notification
       description: Send an email
@@ -198,7 +174,7 @@ tasks:
       brand: ""
     nexttasks:
       '#none#':
-      - "2"
+      - '7'
     scriptarguments:
       body:
         simple: |-
@@ -215,32 +191,46 @@ tasks:
           root: inputs.SendNotification
     separatecontext: false
     continueonerrortype: ""
-    view: |-
-      {
-        "position": {
-          "x": 275,
-          "y": 720
-        }
-      }
+    view: "{\n  \"position\": {\n    \"x\": 50,\n    \"y\": 720\n  }\n}"
     note: false
     timertriggers: []
     ignoreworker: false
     skipunavailable: false
     quietmode: 0
     isoversize: false
     isautoswitchedtoquietmode: false
-view: |-
-  {
-    "linkLabelsPosition": {},
-    "paper": {
-      "dimensions": {
-        "height": 910,
-        "width": 605,
-        "x": 50,
-        "y": 50
-      }
-    }
-  }
+  '7':
+    id: '7'
+    taskid: 267cc391-387c-450c-8427-d4d51a34c37b
+    type: regular
+    task:
+      id: 267cc391-387c-450c-8427-d4d51a34c37b
+      version: -1
+      name: Close
+      description: commands.local.cmd.close.inv
+      script: Builtin|||closeInvestigation
+      type: regular
+      iscommand: true
+      brand: Builtin
+    nexttasks:
+      '#none#':
+      - '2'
+    scriptarguments:
+      closeNotes:
+        simple: Job's done.
+      closeReason:
+        simple: Other
+    separatecontext: false
+    continueonerrortype: ''
+    view: "{\n  \"position\": {\n    \"x\": 275,\n    \"y\": 895\n  }\n}"
+    note: false
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: false
+    quietmode: 0
+    isoversize: false
+    isautoswitchedtoquietmode: false
+view: "{\n  \"linkLabelsPosition\": {},\n  \"paper\": {\n    \"dimensions\": {\n      \"height\": 1085,\n      \"width\": 605,\n      \"x\": 50,\n      \"y\": 50\n    }\n  }\n}"
 inputs:
 - key: SendNotification
   value: {}