Cspm network exposure playbooks#44266
Conversation
🤖 AI-Powered Code Review AvailableYou can leverage AI-powered code review to assist with this PR! Available Commands:
|
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
richardbluestone
requested review from
julieschwartz18
and removed request for
richardbluestone
This comment has been minimized.
This comment has been minimized.
aneeshamore
force-pushed
the
cspm-network-exposure-playbooks
branch
from
c25a08c to
dccc9bf
Compare
This comment has been minimized.
This comment has been minimized.
julieschwartz18
left a comment
julieschwartz18
left a comment
There was a problem hiding this comment.
@mikejrizzo @aneeshamore Doc review complete. Please check the comments and regenerate README files from the yaml files (if relevant). Please note, there are links to XSOAR documentation. OPP version should be set to 8.12 (I think I caught them all, but please confirm). There are no links to XSIAM documentation. Let me know if you want to include that. In the meantime, adding the label docs-approved
| id: 7ce15ff3-2f9e-47c4-8198-314a20199f91 | ||
| version: -1 | ||
| name: Identify Affected EC2 Interface and Security Groups | ||
| description: Determines which interface on an EC2 instance has a specific public IP and identify its associated security groups. |
There was a problem hiding this comment.
| description: Determines which interface on an EC2 instance has a specific public IP and identify its associated security groups. | |
| description: Determines which interface on an EC2 instance has a specific public IP and identifies its associated security groups. |
| id: b44e79cd-68e8-411d-8ba1-2d56479f69b2 | ||
| version: -1 | ||
| name: Update Security Groups on EC2 Network Interface | ||
| description: Modifies a specified network interface attribute. You can specify only one attribute at a time. You can use this script to attach and detach security groups from an existing EC2 instance. |
There was a problem hiding this comment.
| description: Modifies a specified network interface attribute. You can specify only one attribute at a time. You can use this script to attach and detach security groups from an existing EC2 instance. | |
| description: Modifies a specified network interface attribute. You can specify only one attribute at a time. Use this script to attach and detach security groups from an existing EC2 instance. |
| id: e88cf9ea-1952-4cdd-8076-2d019cf23078 | ||
| version: -1 | ||
| name: Is AWS Integration Enabled? | ||
| description: Verify the required AWS integration is configured and enabled. |
There was a problem hiding this comment.
| description: Verify the required AWS integration is configured and enabled. | |
| description: Verifies the required AWS integration is configured and enabled. |
| id: 6b703256-0ef4-49a5-817c-7ed41c4d72be | ||
| version: -1 | ||
| name: Is there a list of replacement SGs to apply to the VM? | ||
| description: Check that new security group(s) have been created and are ready to be assigned to the EC2 instance. |
There was a problem hiding this comment.
| description: Check that new security group(s) have been created and are ready to be assigned to the EC2 instance. | |
| description: Checks that new security groups have been created and are ready to be assigned to the EC2 instance. |
| id: 0f66fec7-135d-401d-82d4-125d4c4880ec | ||
| version: -1 | ||
| name: Set remediatedFlag to false | ||
| description: Set a value in context under the key you entered. |
There was a problem hiding this comment.
| description: Set a value in context under the key you entered. | |
| description: Sets a value in context under the key you entered. |
| skipunavailable: false | ||
| task: | ||
| brand: "" | ||
| description: Checks if remediation was completed from the previous playbook. |
There was a problem hiding this comment.
| description: Checks if remediation was completed from the previous playbook. | |
| description: Checks whether remediation was completed from the previous playbook. |
| skipunavailable: false | ||
| task: | ||
| brand: Cortex Core - Platform | ||
| description: Gets asset information. |
There was a problem hiding this comment.
| description: Gets asset information. | |
| description: Retrieves asset information. |
| skipunavailable: false | ||
| task: | ||
| brand: "" | ||
| description: Checks if an asset was returned from the last command. |
There was a problem hiding this comment.
| description: Checks if an asset was returned from the last command. | |
| description: Checks whether an asset was returned from the last command. |
| skipunavailable: false | ||
| task: | ||
| brand: Cortex Core - Platform | ||
| description: Gets asset information. |
There was a problem hiding this comment.
| description: Gets asset information. | |
| description: Retrieves asset information. |
|
|
||
| ##### Cortex Exposure Management GCP Virtual Machine Remediation | ||
|
|
||
| - Updated the ***triggers recommendation - Cortex Exposure Management GCP Virtual Machine Remediation*** automation rule to remediate Cortex Exposure Management issues for VMs in GCP. This replaces an issue filter that previously handled only RDP server exposures. |
There was a problem hiding this comment.
| - Updated the ***triggers recommendation - Cortex Exposure Management GCP Virtual Machine Remediation*** automation rule to remediate Cortex Exposure Management issues for VMs in GCP. This replaces an issue filter that previously handled only RDP server exposures. | |
| Updated the ***triggers recommendation - Cortex Exposure Management GCP Virtual Machine Remediation*** automation rule to remediate Cortex Exposure Management issues for VMs in GCP. This replaces an issue filter that previously handled only RDP server exposures. |
julieschwartz18
left a comment
julieschwartz18
left a comment
There was a problem hiding this comment.
@mikejrizzo @aneeshamore Doc review complete. Please check the comments and regenerate README files from the yaml files (if relevant). Please note, there are links to XSOAR documentation. OPP version should be set to 8.12 (I think I caught them all, but please confirm). There are no links to XSIAM documentation. Let me know if you want to include that. In the meantime, adding the label docs-approved
aneeshamore
force-pushed
the
cspm-network-exposure-playbooks
branch
from
dccc9bf to
6b97808
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
aneeshamore
added
the
ready-for-pipeline-running
|
@marketplace-ai-reviewer skip playbooks |
|
@marketplace-ai-reviewer start review and skip playbooks |
|
@marketplace-ai-reviewer start review |
aneeshamore
added
the
ready-for-ai-review
aneeshamore
added
the
ready-for-ai-review
|
@marketplace-ai-reviewer start review |
marketplace-ai-reviewer
removed
the
ready-for-ai-review
|
🤖 Analysis started. Please wait for results... |
🤖 AI Review DisclaimerThis review was generated by an AI-powered tool and may contain inaccuracies. Please be advised, and we extend our sincere apologies for any inconvenience this may cause. |
marketplace-ai-reviewer
left a comment
marketplace-ai-reviewer
left a comment
There was a problem hiding this comment.
Hi there, thanks for contributing these new CSPM auto-remediation playbooks!
I've reviewed the PR and left a few notes, primarily regarding minor inconsistencies across the AWS, Azure, and GCP playbooks, such as mismatched README defaults, quiet mode settings, and case-sensitivity in conditions. Please also review the Notify_Stakeholders playbook to fix routing logic that could cause duplicate or empty notifications, and ensure the release notes and pack metadata follow standard formatting guidelines.
Great work overall, let me know if you need any help resolving these!
Additionally, please address the following file-level notes:
Packs/CloudSecurityPostureManagement/Playbooks/Notify_Stakeholders.yml: The playbook README should be updated to reflect the new inputs and functionality.Packs/CloudSecurityPostureManagement/pack_metadata.json: - The mandatory keycreatedis missing from the pack metadata.- The vendor name is missing from the
keywordsarray.
@mikejrizzo, @julieschwartz18, @aneeshamore, @marketplace-ai-reviewer please review and approve the results generated by the AI Reviewer by responding 👍 on this comment.
|
@marketplace-ai-reviewer re-review |
|
🤖 Analysis started. Please wait for results... |
🤖 AI Review DisclaimerThis review was generated by an AI-powered tool and may contain inaccuracies. Please be advised, and we extend our sincere apologies for any inconvenience this may cause. |
marketplace-ai-reviewer
left a comment
marketplace-ai-reviewer
left a comment
There was a problem hiding this comment.
🔄 Re-reviewing updates...
Important
To maintain review integrity, threads marked as Resolved without accompanying changes or explanations will be automatically unresolved for further verification.
Thank you for your contribution! Re-reviewed your PR, No new issues found. Great work! 👍
Please check the previous comments to ensure all feedback has been resolved.
@julieschwartz18, @aneeshamore, @mikejrizzo, @marketplace-ai-reviewer please review and approve the results generated by the AI Reviewer by responding 👍 on this comment.
|
Validate summary Verdict: PR can be force merged from validate perspective? ✅ |
🔍 AI Triage Report AvailableAn automated triage report has been generated for this pipeline. Status:
|
4 participants
3 new playbooks to automatically remediate public network exposure of AWS, Azure and GCP vm instances detected in Cortex XSIAM and Cortex Cloud.