Update CortexXDRIR.yml

[ShirleyDenkberg]

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

• In Progress
• Ready
• In Hold - (Reason for hold)

Related Issues

fixes: link to the issue

Description

A few sentences describing the overall goals of the pull request's commits.

Must have

• Tests
• Documentation

[ShirleyDenkberg]

@JasBeilin
Following are several questions for the yml file:

• Line 48 - What integration doc are you referring to? Perhaps there should be a link here.

• Line 642 - Is the only valid value True? What about False?

• Line 1831 - what is the format of the date?

• Line 2228 - Is this still true? Will this soon be deprecated?

• Line 2277 -is this description correct

  PaloAltoNetworksXDR.ScriptResult.results.endpoint_name
  description: Number of successfully retrieved files.
  

• Line 2412 - is this description correct

  PaloAltoNetworksXDR.ScriptResult.results.endpoint_name
  description: Number of successfully retrieved files.
  

• Line 2851 - emitted or omitted?

  contextPath: PaloAltoNetworksXDR.OriginalAlert.event.resource_type
  description: The normalized type of the service that emitted the log row.
  

• Line 2854 - emitted or omitted?

  contextPath: PaloAltoNetworksXDR.OriginalAlert.event.resource_type_orig
  description: The type of the service that omitted the log as provided by the cloud provider.
  

• Line 2862 - emitted or omitted?

  contextPath: PaloAltoNetworksXDR.OriginalAlert.event.region
  description: The cloud region of the resource that emitted the log.
  type: String
  contextPath: PaloAltoNetworksXDR.OriginalAlert.event.zone
  description: The availability zone of the resource that emitted the log.
  

• Line 3419 - is there a period or underscore missing from the context path?

  contextPath: PaloAltoNetworksXDR.RiskyHost.reasons.date created
  description: Date when the incident was created.
  

[github-actions]

Coverage Report

File	Stmts	Miss	Cover	Missing
Packs/CortexXDR/Integrations/CortexXDRIR
CortexXDRIR.py	644	87	86%	59, 67, 71–73, 144–145, 206–210, 212, 215, 218, 222, 248–252, 254, 261–264, 275, 278, 281, 287, 290, 316, 321, 329, 331, 334–338, 340, 423–428, 477, 515, 530–531, 548, 558, 618, 621, 648, 655, 657, 734–735, 737, 790, 972–974, 977, 980, 985, 1020, 1028, 1051, 1079–1080, 1131, 1140, 1142–1144, 1147, 1150–1151, 1188–1191, 1223, 1240
TOTAL	644	87	86%

Tests	Skipped	Failures	Errors	Time
243	0 💤	0 ❌	0 🔥	14.393s ⏱️

[ShirleyDenkberg]

@JasBeilin
Comments on the Description File:
After Step 3 - Need to add a step to select a role. How do they know what role to select?
Do they need to do anything in the Components section?
Step 4 - Copy and paste the key - Where should I copy the key to?

[ShirleyDenkberg]

@JasBeilin
Regarding the Pack Readme - At one time we were told to include a screenshot of one of the playbooks in the pack. Then that decision was reversed. I am not sure if we should have the playbook screenshot in the pack readme. Who makes this final decision?

[maimorag]

Hey @ShirleyDenkberg

line 48- the reference is to the README file line 132
line 648- added false
line 1832 - ISO 8601, added to doc.
line 2228- not sure, will ask tpm( Natalya Dalid)/
line 2277- fixed description
line 2407 - fixed
line 2851, 2854, 2854- emitted
line 3419- underscore, fixed

[maimorag]

Description File -
step 3- role according to your permissions.
step 4- after generating the key a window is opened with the key (I sent an example via Slack)

README- I asked TPM, and post here as soon as I'll get an answer.

Thanks!

[maimorag]

Update:

1. regarding the "Soon to be deprecated command" - TPM will open a ticket to deprecate it, thanks.
   https://jira-dc.paloaltonetworks.com/browse/CIAC-11109
2. screen shot- it ok it's there