Malop management v2 api addition #38613
Conversation
Xsoar cybereason mirroring
…r_cybereason_staging
|
Hi @shabina-metron, |
content-bot
added
Partner-Approved
Contribution Form Filled
fetchfile-progress malop-processes command date filter changes Test file changes Integration script changes integration test file changes removing demisto.log from the integration script mapping changes pre-commit resolution precommit resolution test file update cybereason_test file fix malop to incident test case update adding test cases to complete the checks adding test case coverage adding more test coverage fixing error in test file adding test cases Test Case for pre commit hooks More Test Cases for pre commit test criteria error fix in for the test cases test case improvement Increasing test case to complete the pre-commit check autopep8 error resolution readme file metadata file Add save_jsession function Added jsession header fix bug Added logs add mmng/v2 api add detection/details add detection/details added pagination logic fix-error update logs update time saved query data in context data mmng/v2 api update add required field in command bump app version fix line too long error update unit test coverage
suraj-metron
force-pushed
the
malop-management-v2-api-addition
branch
from
9cbf037 to
aa1d1f5
Compare
|
Hi ilaredo We are working on squashing commits, meanwhile could you please review the PR as we have customers eagerly waiting for this version. Thanks! |
| @@ -1477,13 +1499,78 @@ def malop_to_incident(malop: str) -> dict: | |||
| if not isinstance(malop, dict): | |||
There was a problem hiding this comment.
in the signature of the function malop declared str
There was a problem hiding this comment.
Changed from str to dict.
| malopCreationTime = malop.get('simpleValues', {}).get('creationTime', {}).get('values', ['2010-01-01'])[0] | ||
| malopUpdateTime = malop.get('simpleValues', {}).get('malopLastUpdateTime', {}).get('values', ['2010-01-01'])[0] | ||
| else: | ||
| malopCreationTime = str(malop.get('creationTime', '2010-01-01')) |
There was a problem hiding this comment.
what type creationTime and lastUpdateTime? it could parse to str?
There was a problem hiding this comment.
Yes, it is an epoch and it can be parsed to str.
|
|
||
| if malop.get('elementValues'): | ||
| if malop.get('elementValues', {}).get('rootCauseElements', {}).get('elementValues', ''): | ||
| rootCauseElementName = (malop.get('elementValues', {}).get('rootCauseElements', {}).get('elementValues', |
There was a problem hiding this comment.
according the api, elementValues. rootCauseElements. elementValues is array?
also, it contain dictionaries?
There was a problem hiding this comment.
Yes, you are correct. The dictionary key was incorrect, I have updated it.
| ) | ||
|
|
||
| edr_guid_list, non_edr_guid_list = [], [] | ||
| total_malops_available = malop_management_response["data"]["totalHits"] |
There was a problem hiding this comment.
please use safe access by using .get() instead of []
|
|
||
| edr_guid_list, non_edr_guid_list = [], [] | ||
| total_malops_available = malop_management_response["data"]["totalHits"] | ||
| malop_management_response = malop_management_response["data"]["data"] |
| @@ -0,0 +1,12 @@ | |||
|
|
|||
There was a problem hiding this comment.
why 2 release note is needed?
There was a problem hiding this comment.
Deleted the unnecessary one.
| 'getIncidents', | ||
| {'query': f'name:"Cybereason Malop {malop_guid}"'} | ||
| ) | ||
| malop_incident = response['data'] |
There was a problem hiding this comment.
please use .get() instead of []
| entries.append({'Type': EntryType.NOTE, 'ContentsFormat': 'json', 'Contents': json.dumps(inc)}) | ||
| entries_str = json.dumps(entries) | ||
| execute_command('addEntries', {'id': malop_incident['id'], 'entries': entries_str}) | ||
| malop_incident_id = malop_incident['id'] |
There was a problem hiding this comment.
please use .get() instead of []
| entries_str = json.dumps(entries) | ||
| execute_command('addEntries', {'id': malop_incident['id'], 'entries': entries_str}) | ||
| malop_incident_id = malop_incident['id'] | ||
| malop_incident_status = inc['status'] |
There was a problem hiding this comment.
please use .get() instead of []
Packs/Cybereason/pack_metadata.json
Outdated
| @@ -2,7 +2,7 @@ | |||
| "name": "Cybereason", | |||
| "description": "Endpoint detection and response to manage and query malops, connections and processes.", | |||
| "support": "partner", | |||
| "currentVersion": "2.1.17", | |||
| "currentVersion": "2.1.21", | |||
There was a problem hiding this comment.
maybe it should be 2.1.18?
There was a problem hiding this comment.
We have checked the latest version from the XSOAR marketplace:https://cortex.marketplace.pan.dev/marketplace/details/Cybereason
|
Hi @shabina-metron , |
|
Hi ilaredo, |
…/metron-labs/content into malop-management-v2-api-addition
|
No worries, I will take a look at it! |
|
Hi ilaredo, Thanks!! |
ilaredo
added
the
ready-for-instance-test
|
Hi @shabina-metron, |
|
For the Reviewer: Trigger build request has been accepted for this contribution PR. |
|
For the Reviewer: Successfully created a pipeline in GitLab with url: https://gitlab.xdr.pan.local/xdr/cortex-content/content/-/pipelines/2604517 |
content-bot
removed
the
ready-for-instance-test
|
Hi @shabina-metron, it has been a while since we last communicated. I suggest that you open a new pull request with the changes. Please copy the code to a new branch where @sudhanshu-metron and @shabina-metron commits are not signed on them. This will help us avoid any issues with the CLA, and it will be the quickest way to proceed with the review. |
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
fixes: link to the issue
Description
A few sentences describing the overall goals of the pull request's commits.
Must have