Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ciac 11100 playbook run in build #4658

Open
wants to merge 66 commits into
base: master
Choose a base branch
from
Open
Changes from 1 commit
Commits
Show all changes
66 commits
Select commit Hold shift + click to select a range
265b6e1
added alerts functionality
JasBeilin Nov 10, 2024
03a494e
wip
JasBeilin Nov 10, 2024
30b9120
wip
JasBeilin Nov 11, 2024
0df0342
Merge branch 'master' of github.com:demisto/demisto-sdk into CIAC-111…
JasBeilin Nov 11, 2024
c0a375c
remove not needed code
JasBeilin Nov 12, 2024
925ef3d
added sdk handling
JasBeilin Nov 18, 2024
41b5444
added running pytest with args
JasBeilin Nov 19, 2024
554ce44
WIP
JasBeilin Nov 19, 2024
06b02da
added template file
JasBeilin Nov 19, 2024
b0ee17a
wip
JasBeilin Nov 19, 2024
1319502
wip
JasBeilin Nov 19, 2024
c33ac6e
add changelog
JasBeilin Nov 21, 2024
e6e9db1
mypy
JasBeilin Nov 21, 2024
b83b9b7
Update and rename 6669.yml to 4650.yml
JasBeilin Nov 21, 2024
4726b59
wip
JasBeilin Nov 21, 2024
7b69bda
Merge branch 'CIAC-11868-adding-fixtures-and-abilities-to-flow-tests'…
JasBeilin Nov 21, 2024
1208413
test xdr client
eyalpalo Nov 26, 2024
e6e9eb6
test xdr client
eyalpalo Nov 26, 2024
8893847
test xdr client
eyalpalo Nov 26, 2024
45907d1
bug fix
eyalpalo Nov 26, 2024
7fbff0b
test
eyalpalo Nov 27, 2024
0e0e8e4
adding command logic
eyalpalo Nov 28, 2024
972981f
Merge branch 'CIAC-11868-adding-fixtures-and-abilities-to-flow-tests'…
eyalpalo Dec 2, 2024
1c94842
Merge branch 'master' of github.com:demisto/demisto-sdk into CIAC-111…
eyalpalo Dec 2, 2024
b14d562
added new version of the commands playbook flow according to new schema
eyalpalo Dec 2, 2024
d1d286c
order and removing modeling
eyalpalo Dec 4, 2024
3bbbb7d
fix
eyalpalo Dec 4, 2024
7eebf1a
fix
eyalpalo Dec 5, 2024
019abf9
fix
eyalpalo Dec 5, 2024
3a72475
Merge branch 'master' of github.com:demisto/demisto-sdk into CIAC-111…
eyalpalo Dec 5, 2024
b15dc52
added conftest
eyalpalo Dec 5, 2024
df6c50a
added content path
eyalpalo Dec 8, 2024
ada9961
fix
eyalpalo Dec 8, 2024
6dec80f
fix
eyalpalo Dec 8, 2024
f3cf78f
remoced v
eyalpalo Dec 8, 2024
79f27b5
test
eyalpalo Dec 10, 2024
be71a83
changed to use case
eyalpalo Dec 12, 2024
cc443f8
conftest
eyalpalo Dec 12, 2024
ba6d255
added fix
eyalpalo Dec 12, 2024
0d308cc
xsoar 8 support
eyalpalo Dec 18, 2024
0e4e193
fix
eyalpalo Dec 18, 2024
7328074
moved methods and renamed test file
eyalpalo Dec 23, 2024
e248a06
changed use test case
eyalpalo Dec 24, 2024
cc9544f
added search alert by name
eyalpalo Dec 29, 2024
cdef090
pre commit
eyalpalo Dec 29, 2024
0ce3da0
fix unit test
eyalpalo Dec 29, 2024
7a75515
added search by uuid
eyalpalo Dec 29, 2024
952ebaf
pre commit
eyalpalo Dec 29, 2024
aea4dce
Merge branch 'master' of github.com:demisto/demisto-sdk into CIAC-111…
eyalpalo Dec 30, 2024
5454083
changelog
eyalpalo Dec 30, 2024
b6cffea
changelog
eyalpalo Dec 30, 2024
8804d27
changelog
eyalpalo Dec 30, 2024
5e1d5be
Merge branch 'master' of github.com:demisto/demisto-sdk into CIAC-111…
eyalpalo Dec 30, 2024
7ded669
lcas_id
eyalpalo Dec 31, 2024
be0a042
pre-commit
eyalpalo Dec 31, 2024
6b47ee8
added sanitize
eyalpalo Jan 1, 2025
aa14934
added filename
eyalpalo Jan 1, 2025
3e852c8
poetry
eyalpalo Jan 2, 2025
c8d9fb8
poetry
eyalpalo Jan 5, 2025
8e364b4
poetry and installing the pyxdr
eyalpalo Jan 5, 2025
af45921
code review
eyalpalo Jan 6, 2025
22b4fa8
path
eyalpalo Jan 6, 2025
9d5daac
pyxdr
eyalpalo Jan 7, 2025
78eb356
Apply suggestions from code review
eyalpalo Jan 8, 2025
d6e9ec7
print gcloud auth
eyalpalo Jan 8, 2025
0038669
Merge branch 'CIAC-11100-playbook-run-in-build' of github.com:demisto…
eyalpalo Jan 8, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
mypy
  • Loading branch information
JasBeilin committed Nov 21, 2024
commit e6e9db174075466119f0979609cdc66cc9e08120
74 changes: 45 additions & 29 deletions demisto_sdk/commands/common/clients/xsiam/xsiam_api_client.py
Original file line number Diff line number Diff line change
@@ -53,21 +53,24 @@ def marketplace(self) -> MarketplaceVersions:
"""

def _process_response(self, response, status_code, expected_status=200):
"""Process the HTTP response coming from the XSOAR client.""" # noqa: E999
"""Process the HTTP response coming from the XSOAR client."""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"""Process the HTTP response coming from the XSOAR client."""
"""Process the HTTP response coming from the XSIAM client."""

if status_code == expected_status:
if response:
try:
return json.loads(response)
except json.JSONDecodeError:
api_response = response.replace("'", '"').replace(
"False", "false").replace("True", "true").replace("None", "null")
api_response = (
response.replace("'", '"')
.replace("False", "false")
.replace("True", "true")
.replace("None", "null")
)
return json.loads(api_response)
return {}
else:
error_message = f"Expected status {expected_status}, but got {status_code}. Response: {response}"
raise Exception(error_message)


"""
#############################
xsoar related methods
@@ -82,8 +85,7 @@ def delete_incidents(
response_type: str = "object",
):
# if in the future it will be possible to delete incidents in XSIAM, implement this method
raise NotImplementedError(
"it is not possible to delete incidents in XSIAM")
raise NotImplementedError("it is not possible to delete incidents in XSIAM")

"""
#############################
@@ -99,8 +101,7 @@ def push_to_dataset(
data_format: str = "json",
):
if self.server_config.token:
endpoint = urljoin(
self.server_config.base_api_url, "logs/v1/xsiam")
endpoint = urljoin(self.server_config.base_api_url, "logs/v1/xsiam")
additional_headers = {
"authorization": self.server_config.token,
"format": data_format,
@@ -110,8 +111,7 @@ def push_to_dataset(
}
token_type = "xsiam_token"
elif self.server_config.collector_token:
endpoint = urljoin(
self.server_config.base_api_url, "logs/v1/event")
endpoint = urljoin(self.server_config.base_api_url, "logs/v1/event")
additional_headers = {
"authorization": self.server_config.collector_token,
"content-type": "application/json"
@@ -191,8 +191,7 @@ def get_xql_query_result(self, execution_id: str, timeout: int = 300):
self.server_config.base_api_url, "public_api/v1/xql/get_query_results/"
)
logger.info(f"Getting xql query results: endpoint={endpoint}")
response = self._xdr_client.post(
endpoint, data=payload, timeout=timeout)
response = self._xdr_client.post(endpoint, data=payload, timeout=timeout)
logger.debug("Request completed to get xql query results")
data = response.json()
logger.debug(pformat(data))
@@ -213,7 +212,8 @@ def get_xql_query_result(self, execution_id: str, timeout: int = 300):
def get_ioc_rules(self):
# /ioc-rules is only an endpoint in XSIAM.
response, status_code, response_headers = self._xsoar_client.generic_request(
"/ioc-rules", "GET", response_type="object")
"/ioc-rules", "GET", response_type="object"
)
if (
"text/html" in response_headers.get("Content-Type")
or status_code != requests.codes.ok
@@ -232,43 +232,55 @@ def get_ioc_rules(self):

def create_alert_from_json(self, json_content: dict) -> int:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this going to be used since we have the push_alerts_into_xsiam script?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can leave it here as it offers another simple way to create alerts.

alert_payload = {"request_data": {"alert": json_content}}
res = requests.post(url=f'{self.base_url}/public_api/v1/alerts/create_alert',
headers=self._xdr_client.headers, json=alert_payload)
res = requests.post(
url=f"{self.base_url}/public_api/v1/alerts/create_alert",
headers=self._xdr_client.headers,
json=alert_payload,
)
alert_data = self._process_response(res.content, res.status_code, 200)
return alert_data['reply']
return alert_data["reply"]

def get_internal_alert_id(self, alert_external_id: str) -> int:
data = self.search_alerts(alert_external_id)
return data['alerts'][0]['alert_id']
return data["alerts"][0]["alert_id"]

def update_alert(self, alert_id: str | list[str], updated_data: dict):
def update_alert(self, alert_id: str | list[str], updated_data: dict) -> dict:
"""
Args:
alert_id (str | list[str]): alert ids to edit.
updated_data (dict): The data to update the alerts with. https://cortex-panw.stoplight.io/docs/cortex-xsiam-1/rpt3p1ne2bwfe-update-alerts
"""
alert_payload = {"request_data": {
"update_data": updated_data, "alert_id_list": alert_id}}
res = requests.post(url=f'{self.base_url}/public_api/v1/alerts/update_alerts',
headers=self._xdr_client.headers, json=alert_payload)
alert_payload = {
"request_data": {"update_data": updated_data, "alert_id_list": alert_id}
}
res = requests.post(
url=f"{self.base_url}/public_api/v1/alerts/update_alerts",
headers=self._xdr_client.headers,
json=alert_payload,
)
alert_data = self._process_response(res.content, res.status_code, 200)
return alert_data

def search_alerts(self, external_alert_id: str | list[str]):
def search_alerts(self, external_alert_id: str | list[str]) -> dict:
body = {
"request_data": {
"filters": [
{
"field": "external_id_list",
"operator": "in",
"value": external_alert_id if isinstance(external_alert_id, list) else [external_alert_id]
"value": external_alert_id
if isinstance(external_alert_id, list)
else [external_alert_id],
}
]
}
}
res = requests.post(url=f'{self.base_url}/public_api/v1/alerts/get_alerts/',
headers=self._xdr_client.headers, json=body)
return self._process_response(res.content, res.status_code, 200)['reply']
res = requests.post(
url=f"{self.base_url}/public_api/v1/alerts/get_alerts/",
headers=self._xdr_client.headers,
json=body,
)
return self._process_response(res.content, res.status_code, 200)["reply"]

"""
#############################
@@ -279,10 +291,14 @@ def search_alerts(self, external_alert_id: str | list[str]):
def get_playbook_data(self, playbook_id: int) -> dict:
playbook_endpoint = f"/playbook/{playbook_id}"

response, status_code, _ = self._xsoar_client.generic_request(playbook_endpoint, method='GET', accept='application/json')
response, status_code, _ = self._xsoar_client.generic_request(
playbook_endpoint, method="GET", accept="application/json"
)
return self._process_response(response, status_code, 200)

def update_playbook_input(self, playbook_id: str, new_inputs: dict):
saving_inputs_path = f"/playbook/inputs/{playbook_id}"
response, status_code, _ = self._xsoar_client.generic_request(saving_inputs_path, method='POST', body={"inputs":new_inputs})
response, status_code, _ = self._xsoar_client.generic_request(
saving_inputs_path, method="POST", body={"inputs": new_inputs}
)
return self._process_response(response, status_code, 200)
Loading