Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update ExtraHop Integration #4852

Merged
merged 44 commits into from
Nov 11, 2019
Merged

Update ExtraHop Integration #4852

merged 44 commits into from
Nov 11, 2019

Conversation

content-bot
Copy link
Collaborator

Original External PR

external pull request

Status

Ready

Related Issues

Description

New version of the ExtraHop integration (full featured). Complete content package with new powerful commands, real-time incident creation via REST, associated playbooks, enhanced system playbook, end-to-end ticket tracking through a playbook and a field trigger script. This is an ExtraHop supported integration that has been in the works as a partnership since last year, most recently we've been working with:

  • Tyler R
  • Matt C
  • Prasen S
  • Marketing team

Screenshots

image

Related PRs

Required version of Demisto

4.5

Does it break backward compatibility?

  • No
    • This is a complete rewrite of the integration which consumes all existing command functionality, but renamed commands, inputs, and outputs. Renamed to be ExtraHop v2.

Deprecate old ExtraHop integration?

  • Yes

Must have

Dependencies

Additional changes

Technical writer review

Mention and link to the files that require a technical writer review.

Dan-at-Extrahop and others added 30 commits September 24, 2019 23:24
@Dan-at-Extrahop
New version of the ExtraHop integration
30d0e01 
 - full featured integration includes new and improved commands
@Dan-at-Extrahop
New playbooks to compliment the new ExtraHop integration
7dd844b 
 - playbook framework for ExtraHop Detection incident type
 - updated test playbook
 - enhanced Endpoint Enrichment playbook to include ExtraHop
@Dan-at-Extrahop
New automation script to handle updating ticket status on field-trigg…
93bd0be 
…er changes
@Dan-at-Extrahop
Fix build issues
0bcef26 
 - unquoted = in playbook yml
 - detaileddescription in integration yml
@Dan-at-Extrahop
Fix more build issues
6875119 
 - add 'secrets' to whitelist
 - move script to folder
 - add tests to playbooks and scripts
 - add descriptions to all playbook tasks
 - update integration argument display names
@Dan-at-Extrahop
Fix script build issues
5f74f9f 
 - lint issue
 - add script key to yml
 - only failure should be known/expected backwards compatibility breakage
@Dan-at-Extrahop
Lint script
2a6d466
@Dan-at-Extrahop
Update BlueKeep playbook to use new Block IP - Generic v2
53b68e4
@Dan-at-Extrahop
Fixed missing description on Block IP v2
6c8c4ed
@Dan-at-Extrahop
Renamed integration to ExtraHop v2
fca402e 
	- updated references in playbooks and script
	- need to deprecate old ExtraHop integration
@Dan-at-Extrahop
Renamed TestPlaybook to ExtraHop v2
a14a146
@Dan-at-Extrahop
Add ExtraHop v2 to test conf
0066bd3
@Dan-at-Extrahop
Code review fixes
affad07
@Dan-at-Extrahop
More code review fixes
1d792d0
@Dan-at-Extrahop
Add changelog back to existing endpoint playbook
a47c697
@Dan-at-Extrahop
Update all playbook tasks names and improve test playbook
4b35ddf
@Dan-at-Extrahop
Add custom incident fields
94bd305
@Dan-at-Extrahop
Add incident type layouts
3d81374
@Dan-at-Extrahop
Minor update to command short descriptions
77da867
@yaakovi
Update incidentfield-ExtraHop_Appliance_ID.json
96cdd17
@yaakovi
Update incidentfield-ExtraHop_Detection_End_Time.json
18fc65e
@yaakovi
Update incidentfield-ExtraHop_Detection_ID.json
028a18d
@yaakovi
Update incidentfield-ExtraHop_Detection_Participants.json
877b5b8
@yaakovi
Update incidentfield-ExtraHop_Detection_Raw_Participants.json
aa7dc49
@yaakovi
Update incidentfield-ExtraHop_Detection_Risk_Score.json
8f027cd
@yaakovi
Update incidentfield-ExtraHop_Detection_Ticketed.json
445dfe0
@yaakovi
Update incidentfield-ExtraHop_Detection_URL.json
8cb58fb
@yaakovi
Update incidentfield-ExtraHop_Detection_Update_Time.json
063cb4c
@yaakovi
Update incidentfield-ExtraHop_Hostname.json
11d3c9d
@yaakovi
Update layout-quickView-ExtraHop_Detection.json
c527d3f
@content-bot content-bot requested a review from yaakovi November 11, 2019 13:00
yaakovi
yaakovi approved these changes Nov 11, 2019
View reviewed changes
Copy link
Contributor

@yaakovi yaakovi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

force merge (failed on new incident field name)

@yaakovi yaakovi merged commit 18874f9 into master Nov 11, 2019
@yaakovi yaakovi deleted the Dan-at-Extrahop_master_base branch November 11, 2019 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yaakovi yaakovi yaakovi approved these changes

Assignees
No one assigned
Labels
docs-approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@content-bot @yaakovi @Dan-at-Extrahop @yaron-libman