Update Integration: CTM360 #38199
Update Integration: CTM360 #38199
Conversation
content-bot
added
Contribution
content-bot
changed the base branch from
master
to
contrib/CTM360-Integrations_ctm360-cbs-1
|
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @talzich will know the proposed changes are ready to be reviewed. |
|
Hi @edx-sayed-salem, thanks for contributing to the XSOAR marketplace. To receive credit for your generous contribution please follow this link. |
content-bot
added
Partner-Approved
Contribution Form Filled
|
I think pre-commit failed due to docker image error. But locally I passed all. |
| response = self._http_request( | ||
| method='GET', | ||
| retries=MAX_RETRIES, | ||
| backoff_factor=10, | ||
| status_list_to_retry=[400, 429, 500], | ||
| url_suffix=f'{CBS_API_ENDPOINT}/xsoar', | ||
| url_suffix=CBS_API_ENDPOINT + API['FETCH'], |
There was a problem hiding this comment.
| url_suffix=CBS_API_ENDPOINT + API['FETCH'], | |
| url_suffix=CBS_API_ENDPOINT + API.get('FETCH'), |
There was a problem hiding this comment.
Made required change
| :type last_run_incident_identifiers: List[str] | ||
|
|
||
| :return: Returns updated list of event hashes and unique incidents that should be created. | ||
| :return: Returns updated list of event ids and unique incidents that should be created. | ||
| :rtype: ``tuple[list,list]`` | ||
| """ | ||
| log(DEBUG, "at Dedup function") |
There was a problem hiding this comment.
Please avoid using log(), you can use demisto.debug(), demisto.info(), demisto.error(), etc.
There was a problem hiding this comment.
log() is a helper function that eventually calls demisto.debug(), demisto.error(), demisto.info() but adds something to the log message before doing so, is it necessary to remove it?
There was a problem hiding this comment.
After double-checking with @edik24, it was made clear to me that it is okay to use the log function in this integration.
| except Exception as e: | ||
| log(ERROR, f'Skipping insertion of current incident. Error while calculating hash for {incident=}. Error: {str(e)}') | ||
| log(ERROR, f'Skipping insertion of current incident. Error while fetching ID from {incident=}. Error: {str(e)}') |
There was a problem hiding this comment.
Please avoid using log(), you can use demisto.debug(), demisto.info(), demisto.error(), etc.
| conditions: | ||
| - label: "yes" | ||
| condition: | ||
| - - operator: in |
There was a problem hiding this comment.
Why do you use "in" operator? If the status is just "closed" you can use equals + Ignore case flag.
There was a problem hiding this comment.
I believe this is an artifact, the task may have started with a list comparison. Will make the adjustment.
There was a problem hiding this comment.
Corrected operator
| - "3" | ||
| scriptarguments: | ||
| id: | ||
| simple: ${incident.dbotMirrorId} |
There was a problem hiding this comment.
Is it returns only 1 id or is it possible to receive multiple?
In both cases, we will prefer to use input as "complex" and not simple.
There was a problem hiding this comment.
It's 1 id only.
For the "complex" input, is it set by adding transformations? Because there is no "simple/complex" option to choose from. It was set when using the transformation menu.
There was a problem hiding this comment.
You need to click on the {} sign and then to put the value in the "get", like this:
No need to add transformers. sometimes we are adding "unique" transformer to avoid duplicate content. (but it is not mandatory)
There was a problem hiding this comment.
Complex version will look like this:
There was a problem hiding this comment.
Adjusted to complex
| section: Collect | ||
| - defaultvalue: Incidents | ||
| display: Module To Use | ||
| additionalinfo: "Choose the module you want to use: Incidents, or Leaks." |
There was a problem hiding this comment.
The additional information you listed only 2 modules, but it looks like there are several modules according to the options.
Packs/CTM360-CyberBlindspot/Integrations/CyberBlindspot/CyberBlindspot.yml
Outdated
Show resolved
Hide resolved
| | **Parameter** | **Description** | **Required** | | ||
| | --- | --- | --- | | ||
| | Incident Mirroring Direction | Choose the direction to mirror the incident: Incoming \(from CyberBlindspot to Cortex XSOAR\), Outgoing \(from Cortex XSOAR to CyberBlindspot\), or Incoming and Outgoing \(from/to Cortex XSOAR and CyberBlindspot\). | False | | ||
| | Module To Use | Choose the module you want to use: Incidents, or Leaks. | False | |
There was a problem hiding this comment.
According to line 30-35 in the yml file, there are several modules, not just Incidents or Leaks
There was a problem hiding this comment.
Also Updated
Packs/CTM360-CyberBlindspot/Integrations/CyberBlindspot/README.md
Outdated
Show resolved
Hide resolved
Packs/CTM360-CyberBlindspot/Playbooks/playbook-CyberBlindspot_Incident_Management_V2.yml
Outdated
Show resolved
Hide resolved
Packs/CTM360-CyberBlindspot/Playbooks/playbook-CyberBlindspot_Incident_Management_V2_README.md
Outdated
Show resolved
Hide resolved
|
@ilaredo @karinafishman Doc review completed. |
…lindspot.yml Co-authored-by: ShirleyDenkberg <[email protected]>
Co-authored-by: ShirleyDenkberg <[email protected]>
Co-authored-by: ShirleyDenkberg <[email protected]>
Co-authored-by: ShirleyDenkberg <[email protected]>
Co-authored-by: ShirleyDenkberg <[email protected]>
Co-authored-by: ShirleyDenkberg <[email protected]>
…Incident_Management_V2_README.md Co-authored-by: ShirleyDenkberg <[email protected]>
…Incident_Management_V2.yml Co-authored-by: ShirleyDenkberg <[email protected]>
…Incident_Management_V2.yml Co-authored-by: ShirleyDenkberg <[email protected]>
…Incident_Management_V2.yml Co-authored-by: ShirleyDenkberg <[email protected]>
…Incident_Management_V2.yml Co-authored-by: ShirleyDenkberg <[email protected]>
…Incident_Management_V2.yml Co-authored-by: ShirleyDenkberg <[email protected]>
…Incident_Management_V2.yml Co-authored-by: ShirleyDenkberg <[email protected]>
|
@edx-sayed-salem can you commit an empty commit to trigger the build process again? It looks like there is an issue with GitHub |
|
@edx-sayed-salem Just one last check before merging it, I would like you to create a short video demo showcasing the changes you made and confirming that they work correctly. Please also demonstrate that the test module passes successfully. |
|
Hope this covers it GDrive |
ilaredo
merged commit 3b32cbd
into
demisto:contrib/CTM360-Integrations_ctm360-cbs-1
|
Thank you for your contribution. Your external PR has been merged and the changes are now included in an internal PR for further review. The internal PR will be merged to the master branch within 3 business days. |
* Update CyberBlindspot integration * Empty-Commit to trigger CI * Fix pre-commit error * Ran format command to correct file(s) * Revert version and add configuration sections * use `.get()` for safe dictionary access. * Add contributors * Extend dashboard to cover whole page * Remove comments * Add default value for key * Use `equals` instead of `in` operator * Use complex field value * Add `IsIntegrationAvailable()` check * ran `demisto-sdk format` * Ran `demisto-sdk format` * Update Packs/CTM360-CyberBlindspot/Integrations/CyberBlindspot/CyberBlindspot.yml * Update Packs/CTM360-CyberBlindspot/Integrations/CyberBlindspot/README.md * Update Packs/CTM360-CyberBlindspot/ReleaseNotes/2_1_0.md * Update Packs/CTM360-CyberBlindspot/ReleaseNotes/2_1_0.md * Update Packs/CTM360-CyberBlindspot/README.md * Update Packs/CTM360-CyberBlindspot/README.md * Update Packs/CTM360-CyberBlindspot/Playbooks/playbook-CyberBlindspot_Incident_Management_V2_README.md * Update Packs/CTM360-CyberBlindspot/Playbooks/playbook-CyberBlindspot_Incident_Management_V2.yml * Update Packs/CTM360-CyberBlindspot/Playbooks/playbook-CyberBlindspot_Incident_Management_V2.yml * Update Packs/CTM360-CyberBlindspot/Playbooks/playbook-CyberBlindspot_Incident_Management_V2.yml * Update Packs/CTM360-CyberBlindspot/Playbooks/playbook-CyberBlindspot_Incident_Management_V2.yml * Update Packs/CTM360-CyberBlindspot/Playbooks/playbook-CyberBlindspot_Incident_Management_V2.yml * Update Packs/CTM360-CyberBlindspot/Playbooks/playbook-CyberBlindspot_Incident_Management_V2.yml * Update `Module To Use` additional info * Empty-Commit --------- Co-authored-by: S. AlQasim D. <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]>
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Description
An update to the integration to make use of changes to endpoint to pull incidents from different modules:
Must have