Skip to content

FeedIntel471 - new API backend, configurable backend selection#44105

Merged
DeanArbel merged 8 commits into
masterfrom
contrib/siedleckimichal_intel471_new_backend
May 12, 2026
Merged

FeedIntel471 - new API backend, configurable backend selection#44105
DeanArbel merged 8 commits into
masterfrom
contrib/siedleckimichal_intel471_new_backend

Conversation

@content-bot
Copy link
Copy Markdown
Contributor

@content-bot content-bot commented Apr 30, 2026

Original External PR

external pull request

Contributor

@siedleckimichal

FeedIntel471 - new API backend, configurable backend selection

  • Add support for a new backend API Verity471 alongside the existing integration surface
  • Expose backend selection in the feed/integration configuration so deployments can choose which API to use
  • Extend the legacy (Titan) path to handle data leak post alert types within the existing fetch and processing logic
  • Removal of threat_type configuration parameter from the Malware Indicator integration
  • Removal of severity configuration parameter from the Watcher Alerts integration
  • Rename of incident custom fields titanurl to intel471url, titanwatcher to watcher and titanwatchergroup to watchergroup
  • Add request caching for Watcher and Watcher group information

fixes: https://jira-dc.paloaltonetworks.com/browse/CIAC-16570

@siedleckimichal @MosheEichler
FeedIntel471 - new API backend, configurable backend selection (#43928)
2bb7e7c 
* FeedIntel471 - new API backend, configurable backend selection

Add support for a new backend API Verity471  alongside the existing integration surface.

Expose backend selection in the feed/integration configuration so deployments can
choose which API to use.

Extend the legacy (Titan) path to handle data leak post alert types within the
existing fetch and processing logic.

* FeedIntel471 - new API backend, configurable backend selection

- Add support for a new backend API Verity471 alongside the existing integration surface
- Expose backend selection in the feed/integration configuration so deployments can choose which API to use
- Extend the legacy (Titan) path to handle data leak post alert types within the existing fetch and processing logic
- Removal of `threat_type` configuration parameter from the Malware Indicator integration
- Removal of `severity` configuration parameter from the Watcher Alerts integration
- Rename of incident custom fields `titanurl` to `intel471url`, `titanwatcher` to `watcher` and `titanwatchergroup` to `watchergroup`

* add request caching and layout fields

---------

Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com>
@content-bot content-bot added Contribution Thank you! Contributions are always welcome! docs-approved Partner pending-demo Demo pending Contribution Form Filled Whether contribution form filled or not. Partner Support Level Indicates that the contribution is for Partner supported pack Internal PR Partner-Approved TIM Review ready-for-pipeline-running Whether the pr is ready for running the whole pipeline, including testing on SAAS machines labels Apr 30, 2026
@content-bot
Copy link
Copy Markdown
Contributor Author

content-bot commented Apr 30, 2026

🤖 AI-Powered Code Review Available

Hi @MosheEichler, you can leverage AI-powered code review to assist with this PR!

Available Commands:

  • @marketplace-ai-reviewer start review - Initiate a full AI code review
  • @marketplace-ai-reviewer re-review - Incremental review for new commits

@content-bot
Copy link
Copy Markdown
Contributor Author

content-bot commented Apr 30, 2026

🤖 AI-Powered Code Review Available

You can leverage AI-powered code review to assist with this PR!

Available Commands:

  • @marketplace-ai-reviewer start review - Initiate a full AI code review
  • @marketplace-ai-reviewer re-review - Incremental review for new commits

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 30, 2026
edited
Loading

Coverage

Coverage Report
FileStmtsMissCoverMissing
Packs/FeedIntel471/Integrations/Intel471MalwareIndicator
   Intel471MalwareIndicator.py32920338%84, 86, 88–90, 92–95, 103–105, 107–108, 110, 112–113, 115, 117–119, 122–124, 127–131, 133, 152, 154, 156, 158, 169, 191, 201–202, 208–210, 213–215, 218–223, 226–227, 239, 241–242, 244–255, 257–259, 261–264, 266, 268–270, 272–273, 281–283, 285–286, 288, 290–291, 293–296, 298–299, 301–303, 305–307, 310–312, 315–320, 322–324, 326, 336–337, 339, 341, 400–403, 435–437, 439–442, 444–453, 456–466, 468–469, 471, 473–478, 480, 488, 503, 510, 528–529, 531–533, 542, 545, 560–561, 568–582, 584, 586–587, 589–590, 604–611, 613, 615–617
Packs/FeedIntel471/Integrations/Intel471WatcherAlerts
   Intel471WatcherAlerts.py112683226%83–84, 91, 125, 127–129, 131–132, 134–135, 137–138, 140, 159–160, 178–179, 185, 202–203, 207, 257–262, 266–269, 294–295, 297–303, 305, 308–312, 315, 318, 321–322, 324–325, 327, 330–332, 335–336, 338, 340–343, 345–349, 351–353, 356–357, 360, 363, 386–389, 391, 393, 395, 397, 399, 401, 403, 410, 420–425, 428–431, 433, 442–444, 446, 448, 450, 452, 454, 456, 458, 460, 465–466, 469–479, 481, 509–513, 515–517, 525–529, 531–537, 539–543, 546–548, 550–552, 554–559, 562, 565, 568–570, 572–574, 576–584, 586–596, 605–619, 624–637, 639–640, 651, 655, 660–665, 677–694, 698–701, 705–710, 713–715, 717–718, 722–727, 729–730, 734–737, 742–748, 759, 763, 769, 776, 780–784, 788–792, 799, 803, 807–827, 834, 838, 842–856, 863, 867, 871–888, 895, 899, 903–908, 915, 919, 923–950, 957, 961–962, 966–971, 978, 982, 986–1009, 1011–1017, 1024, 1028, 1032–1064, 1066–1072, 1079, 1082, 1086, 1090–1103, 1110, 1114–1115, 1119–1135, 1142, 1146–1147, 1151–1165, 1172, 1176, 1180–1206, 1213, 1217, 1221–1255, 1262, 1266, 1270–1295, 1302, 1306, 1310–1342, 1349, 1353, 1357–1365, 1370, 1374, 1378–1385, 1387–1390, 1415–1418, 1421, 1423–1426, 1428–1432, 1434–1438, 1440–1442, 1444–1445, 1447–1451, 1453, 1472–1474, 1478–1489, 1491–1492, 1511–1514, 1516–1518, 1520, 1523, 1525, 1527–1530, 1537, 1543–1544, 1546, 1548–1550, 1552–1553, 1570, 1637–1638, 1640, 1642, 1645–1646, 1649, 1651, 1655–1657, 1661, 1663–1671, 1673–1674, 1676–1679, 1681–1688, 1690, 1705, 1708–1710, 1712, 1717, 1724, 1726–1727, 1729–1731, 1734, 1737, 1739, 1741–1743, 1745–1746, 1748, 1750, 1752–1754, 1756, 1759–1761, 1763, 1765–1766, 1774, 1784–1785, 1788, 1791, 1794–1796
TOTAL1455103528% 

Tests Skipped Failures Errors Time
4 0 💤 0 ❌ 0 🔥 2.874s ⏱️

@content-bot

This comment has been minimized.

Sign in to view
@MosheEichler MosheEichler enabled auto-merge (squash) April 30, 2026 12:13
@content-bot

This comment has been minimized.

Sign in to view
@content-bot

This comment has been minimized.

Sign in to view
@content-bot

This comment has been minimized.

Sign in to view
@content-bot
Copy link
Copy Markdown
Contributor Author

content-bot commented May 12, 2026

Validate summary
The following errors were reported as warnings: BC117.
BC117 validation requires PM review due to changes to supportedModules.
The following errors were thrown as a part of this pr: BC112.
The following errors cannot be ignored: BC112.
If the AG100 validation in the pre-commit GitHub Action fails, the pull request cannot be force-merged.
The following errors don't run as part of the nightly flow and therefore can be force merged: BC112.

Verdict: PR can be force merged from validate perspective? ✅

@MosheEichler MosheEichler added the ForceMerge Forcing the merge of the PR despite the build status label May 12, 2026
@content-bot
Copy link
Copy Markdown
Contributor Author

content-bot commented May 12, 2026

🔍 AI Triage Report Available

An automated triage report has been generated for this pipeline.

Status: partial
Report ID: 74c876ad9ba25c8c

📋 Triage Report
💡 Resolutions are available in the full report.

⚠️ AI-generated triage. Validate before acting.

@MosheEichler
Copy link
Copy Markdown
Contributor

MosheEichler commented May 12, 2026

The PR needs a force merge it fails on

Packs/FeedIntel471/Integrations/Intel471WatcherAlerts/Intel471WatcherAlerts.yml: [BC112] - Parameters have been removed from the integration, the removed parameters are: 'severity'.
Packs/FeedIntel471/Integrations/Intel471MalwareIndicator/Intel471MalwareIndicator.yml: [BC112] - Parameters have been removed from the integration, the removed parameters are: 'threat_type'.

Which is by intentional as mentioned in the BC release notes

@DeanArbel DeanArbel disabled auto-merge May 12, 2026 12:33
@DeanArbel DeanArbel merged commit d889bb7 into master May 12, 2026
28 of 29 checks passed
@DeanArbel DeanArbel deleted the contrib/siedleckimichal_intel471_new_backend branch May 12, 2026 12:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MosheEichler MosheEichler MosheEichler approved these changes

Assignees

@DeanArbel DeanArbel

@kamalq97 kamalq97

Labels

Contribution Form Filled Whether contribution form filled or not. Contribution Thank you! Contributions are always welcome! docs-approved ForceMerge Forcing the merge of the PR despite the build status Internal PR Partner Support Level Indicates that the contribution is for Partner supported pack Partner Partner-Approved pending-demo Demo pending ready-for-pipeline-running Whether the pr is ready for running the whole pipeline, including testing on SAAS machines skip-ai-review TIM Review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@content-bot @MosheEichler @DeanArbel @kamalq97 @siedleckimichal