Add Sekoia XDR pack #34466
Add Sekoia XDR pack #34466
Conversation
|
|
content-bot
added
Contribution
content-bot
changed the base branch from
master
to
contrib/SEKOIA-IO_Add/SekoiaXDR
|
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @RotemAmit will know the proposed changes are ready to be reviewed. |
|
Hi @TOUFIKIzakarya, |
|
Hi @RotemAmit, |
Hi @TOUFIKIzakarya, |
content-bot
added
Partner-Approved
Contribution Form Filled
|
Hi @RotemAmit, ok thank you. Done |
|
@TOUFIKIzakarya Thank you! |
|
@RotemAmit sorry for that, I think it should be ok now ? |
Yes, thank you! |
There was a problem hiding this comment.
Thank you very much for your contribution! Nice work!
Since this is a very big pack with a lot of commands, fetch_incidents and mirroring mechanism I reviewed all of the regular commands and I will publish the rest of the review for the fetch and mirroring in the next few days.
Some general comments:
- Remove the directory "Lists", most of the information there is already in the integration README. The Sekoia_XDR_Contact.txt can be added to the pack README, and if there is more information that isn't in either README, please add it as well.
- Update the command names to sekoia-xdr-dosomething. For example: sekoia-xdr-list-alerts.
- After you apply all the updates in the YML file, please regenerate the README. You can use the command demisto-sdk generate-docs (link).
- Remove the
str()from thestr(args.get("earliest_time"))and the rest of the relevant statements. - Please use f strings instead of '+' in all of the relevant places.
There was a problem hiding this comment.
The mirroring mechanism looks great!
Some general notes:
- Merge from content master. You can do that with the script
./.circleci/git_pull_master_into_fork.sh. - Update docker image as written in here.
- In the unit tests our convention is to not make API calls, just to mock the results. Please delete the relevant tests (the tests that should be skipped if there's no SEKOIA.IO API_KEY).
I finished the current review of the PR, please let me know once you finished applying the requested changes and I will take a look at them.
|
Hi @TOUFIKIzakarya, I haven’t heard from you in a while. Please feel free to reach out to me here or on Slack. |
Packs/SekoiaXDR/Classifiers/classifier-Sekoia_XDR_-_Incoming_Mapper.json
Outdated
Show resolved
Hide resolved
Packs/SekoiaXDR/Scripts/SekoiaXDRChangeStatus/SekoiaXDRChangeStatus.py
Outdated
Show resolved
Hide resolved
Packs/SekoiaXDR/Classifiers/classifier-Sekoia_XDR_-_Incoming_Mapper.json
Outdated
Show resolved
Hide resolved
Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_mirrorout_field.json
Outdated
Show resolved
Hide resolved
RotemAmit
added
the
ready-for-instance-test
|
For the Reviewer: Trigger build request has been accepted for this contribution PR. |
|
For the Reviewer: Successfully created a pipeline in GitLab with url: https://gitlab.xdr.pan.local/xdr/cortex-content/content/-/pipelines/1665523 |
content-bot
removed
the
ready-for-instance-test
RotemAmit
merged commit 91ffdca
into
demisto:contrib/SEKOIA-IO_Add/SekoiaXDR
|
Thank you for your contribution. Your external PR has been merged and the changes are now included in an internal PR for further review. The internal PR will be merged to the master branch within 3 business days. |
* Add Sekoia XDR pack (#34466) * Add for the first time the extension * Add some tests for code cov * Update Mail and author image * Add some modifications and best practices * Add some modification on docker version and descritions * Delete description * Ignore secrets * Add urls to ignore secrets * Add update remote test * Add polling mechanism * Some changes in yml file * Fix polling, data table and query param * Add description to job uuid * Modify descriptions * Add descriptio to hidden param * Add classifier and mappers * Add layouts * Add incident types * Add incident fields * Fix: date format, Showed tables * Changed: Descriptions and some params * Fix: Some json problems * Fix: format all files * Add scripts * Fix: Format files for CI * Modify: Script part * Fix: Layout CI problems * Fix: Incident types CI problems * Modify: Regenerate the main documentation * Modify: fetch function * Fix CI: Incoming mappers * Fix CI: Format yml main file * Add default mappers and classifier to configuration * Add some default fields to inc mapper * Associate fields to sekoia type * Fix the layout positions * Fix some CI problems * CI : Change the name of fields * Add some extra tests for code cov * Fix the way to update status * Update the api key section for sekoia * Update some sections on integrations readme * Update the main readme * Change the main name in the description readme * Change the description on the pack_metadata * Ignore mypy import problems and use black * Update Change status script * Add dafault value and delete duplication in the description * Mappers: Change id to investigation id * Delete custom fields from layout * Update incident type file * Add incident alert reject * Update fields name in automation scripts * Update main integration script * Update layout * Delete xsoar_id * Update unsearchable field in alertreject * Update layout with more indicators and disable autorun * Update layout * Update close script for the case sekoia to cortex * Update documentation and yml * Delete the case of reopening * Update the outgoing mapper * Add some tests for code cov * Add some modifications and best practices * Ignore secrets * Add urls to ignore secrets * Add update remote test * Add polling mechanism * Some changes in yml file * Fix polling, data table and query param * Modify descriptions * Add descriptio to hidden param * Add classifier and mappers * Add incident fields * Fix: Some json problems * Fix: format all files * Associate fields to sekoia type * Update Change status script * Mappers: Change id to investigation id * Update main integration script * Update layout * Delete xsoar_id * Update layout * Delete the case of reopening * Update the outgoing mapper * Rebase the branche * Update integration script * Delete outgoing mapper and get_mapping_field function * Update incomming mapper * Change Scripts * Add release notes * Add some changes to integrations script and release notes * Some changes to test mirroring & aplly pre-commit * Integration: Fix mirroring problem * Scripts: Fix mirroring problem * Mappers : Add mirrour out field * Fields: add mirror out field * Apply format to all the folder * Scripts: Fix some tests * Scripts: Fix tests * Delete some extra fields * Add field missing * Scripts: Add some tests to sekoia change status * Add no cov to script * Scripts: Add some more tests to close script * Apply black to close alert folder * Add no cover to close alert func * Add some more no cov * Delete changed field * Add default mapper in * Refactor the condition * Add the fourth point in readme * Delete default mapperIn * Update integration readme * Change field name * delete useless (') * updated the RN * removed unnecesary line from the RN * added default values in the code for mirror_direction and close_notes and updated close_notes * updated the default values in the code for alerts_status, alerts_type --------- Co-authored-by: TOUFIKI Zakarya <57439240+TOUFIKIzakarya@users.noreply.github.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com>
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Description
This PR is mainly to add an extension about sekoia xdr part, to interact with our plateform.
Must have