Ciac 5471 exabeam fetch users (#34900)

* add section to yml * add command fetch_notable_users * fix referenced before assignment * format * fix fetch_notable_users * fix set_integration_context * clear TODO * add reset-notable-users-cached and classifier * add Exabeam Notable User to IncidentFields * add incident layout mapper and type * add limit to context * pre commit * rename pack & integration * add incidentType to mapping * update layout * rename incident field * add UT * update dockerimage * update layout & release note * Merge branch 'master' of github.com:demisto/content into ciac-5471-exabeam-fetch-users * add checkbox fetch_user_duplicates * replace name parameter Fetch user duplicates * release notes * fix name of filed * fix incidentfield * ReleaseNotes * IncidentFields * peck metadata * ReleaseNotes * rename incident fide in mapper * return name incident fide * mapping * ReleaseNotes * add filed to mapping * add Multi Select type fetch * fix UT * save in last run instead of context * - dev * fix layout * try to fix GR103 * fix in ReleaseNotes * ReleaseNotes * document review * Bump pack from version CommonTypes to 3.5.7. * document review * remove command reset-notable-users-cached * update readme about the fetch * Fix from CR * Add validation for interval * update docker * Updated Docker image in ReleaseNotes * Bump pack from version CommonTypes to 3.5.8. * add test to test_module * Bump pack from version CommonTypes to 3.5.9. * fix time_period --------- Co-authored-by: Content Bot <[email protected]>
demisto · Jul 16, 2024 · 608cac8 · 608cac8
1 parent 6cd28a7
commit 608cac8
Show file tree

Hide file tree

Showing 37 changed files with 3,661 additions and 260 deletions.
diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-Department.json b/Packs/CommonTypes/IncidentFields/incidentfield-Department.json
@@ -1,41 +1,42 @@
-{
- "id": "incident_department",
- "version": -1,
- "modified": "2020-09-29T12:43:19.261344539Z",
- "name": "Department",
- "ownerOnly": false,
- "description": "Department",
- "cliName": "department",
- "type": "shortText",
- "closeForm": false,
- "editForm": true,
- "required": false,
- "neverSetAsRequired": false,
- "isReadOnly": false,
- "useAsKpi": false,
- "locked": false,
- "system": false,
- "content": true,
- "group": 0,
- "hidden": false,
- "associatedTypes": [
-  "SysAid Change",
-  "SysAid Incident",
-  "SysAid Problem",
-  "SysAid Request",
-  "IAM - Rehire User",
-  "IAM - New Hire",
-  "IAM - Terminate User",
-  "IAM - Update User",
-  "User Profile",
-  "IAM - Sync User",
-  "Vectra Account"
- ],
- "associatedToAll": false,
- "unmapped": false,
- "unsearchable": false,
- "caseInsensitive": true,
- "sla": 0,
- "threshold": 72,
- "fromVersion": "5.0.0"
+{
+ "id": "incident_department",
+ "version": -1,
+ "modified": "2020-09-29T12:43:19.261344539Z",
+ "name": "Department",
+ "ownerOnly": false,
+ "description": "Department",
+ "cliName": "department",
+ "type": "shortText",
+ "closeForm": false,
+ "editForm": true,
+ "required": false,
+ "neverSetAsRequired": false,
+ "isReadOnly": false,
+ "useAsKpi": false,
+ "locked": false,
+ "system": false,
+ "content": true,
+ "group": 0,
+ "hidden": false,
+ "associatedTypes": [
+  "SysAid Change",
+  "SysAid Incident",
+  "SysAid Problem",
+  "SysAid Request",
+  "IAM - Rehire User",
+  "IAM - New Hire",
+  "IAM - Terminate User",
+  "IAM - Update User",
+  "User Profile",
+  "IAM - Sync User",
+  "Vectra Account",
+  "Exabeam Notable User"
+ ],
+ "associatedToAll": false,
+ "unmapped": false,
+ "unsearchable": false,
+ "caseInsensitive": true,
+ "sla": 0,
+ "threshold": 72,
+ "fromVersion": "5.0.0"
 }
diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-Email.json b/Packs/CommonTypes/IncidentFields/incidentfield-Email.json
@@ -14,7 +14,8 @@
         "IAM - AD User Activation",
         "IAM - AD User Deactivation",
         "Vectra Account",
-        "CrowdStrike Falcon Mobile Detection"
+        "CrowdStrike Falcon Mobile Detection",
+        "Exabeam Notable User"
     ],
     "caseInsensitive": true,
     "cliName": "email",

diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-End_Time.json b/Packs/CommonTypes/IncidentFields/incidentfield-End_Time.json
@@ -3,7 +3,8 @@
     "associatedTypes": [
         "Guardicore Incident",
         "Graph Security Alert",
-        "CrowdStrike Falcon IDP Detection"
+        "CrowdStrike Falcon IDP Detection",
+        "Exabeam Notable User"
     ],
     "breachScript": "",
     "caseInsensitive": true,

diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-First_Seen.json b/Packs/CommonTypes/IncidentFields/incidentfield-First_Seen.json
@@ -7,11 +7,12 @@
         "AWS CloudTrail Misconfiguration",
         "AWS IAM Policy Misconfiguration",
         "AWS EC2 Instance Misconfiguration",
-        "Netwitness Incident",
+        "NetWitness Incident",
         "Symantec DLP Discover Incident",
         "Symantec DLP Endpoint Incident",
         "Symantec DLP Network Incident",
-		"Prisma Cloud - VM Alert Prioritization"
+		"Prisma Cloud - VM Alert Prioritization",
+        "Exabeam Notable User"
     ],
     "caseInsensitive": true,
     "cliName": "firstseen",

diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-Last_Seen.json b/Packs/CommonTypes/IncidentFields/incidentfield-Last_Seen.json
@@ -9,7 +9,8 @@
         "Nutanix Hypervisor Alert",
 		"OpsGenie Alert",
 		"Microsoft Sentinel Incident",
-		"Prisma Cloud - VM Alert Prioritization"
+		"Prisma Cloud - VM Alert Prioritization",
+        "Exabeam Notable User"
 	],
 	"breachScript": "",
 	"caseInsensitive": true,

diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-Location.json b/Packs/CommonTypes/IncidentFields/incidentfield-Location.json
@@ -1,41 +1,42 @@
-{
- "id": "incident_location",
- "version": -1,
- "modified": "2020-09-29T12:47:15.280457549Z",
- "name": "Location",
- "ownerOnly": false,
- "description": "Location",
- "cliName": "location",
- "type": "shortText",
- "closeForm": false,
- "editForm": true,
- "required": false,
- "neverSetAsRequired": false,
- "isReadOnly": false,
- "useAsKpi": false,
- "locked": false,
- "system": false,
- "content": true,
- "group": 0,
- "hidden": false,
- "associatedTypes": [
-  "SysAid Change",
-  "SysAid Incident",
-  "SysAid Problem",
-  "SysAid Request",
-  "IAM - New Hire",
-  "IAM - Terminate User",
-  "IAM - Update User",
-  "User Profile",
-  "IAM - Sync User",
-  "IAM - Rehire User",
-  "Azure Active Directory Identity and Access"
- ],
- "associatedToAll": false,
- "unmapped": false,
- "unsearchable": false,
- "caseInsensitive": true,
- "sla": 0,
- "threshold": 72,
- "fromVersion": "5.0.0"
+{
+ "id": "incident_location",
+ "version": -1,
+ "modified": "2020-09-29T12:47:15.280457549Z",
+ "name": "Location",
+ "ownerOnly": false,
+ "description": "Location",
+ "cliName": "location",
+ "type": "shortText",
+ "closeForm": false,
+ "editForm": true,
+ "required": false,
+ "neverSetAsRequired": false,
+ "isReadOnly": false,
+ "useAsKpi": false,
+ "locked": false,
+ "system": false,
+ "content": true,
+ "group": 0,
+ "hidden": false,
+ "associatedTypes": [
+  "SysAid Change",
+  "SysAid Incident",
+  "SysAid Problem",
+  "SysAid Request",
+  "IAM - New Hire",
+  "IAM - Terminate User",
+  "IAM - Update User",
+  "User Profile",
+  "IAM - Sync User",
+  "IAM - Rehire User",
+  "Azure Active Directory Identity and Access",
+  "Exabeam Notable User"
+ ],
+ "associatedToAll": false,
+ "unmapped": false,
+ "unsearchable": false,
+ "caseInsensitive": true,
+ "sla": 0,
+ "threshold": 72,
+ "fromVersion": "5.0.0"
 }
diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-Manager_Name.json b/Packs/CommonTypes/IncidentFields/incidentfield-Manager_Name.json
@@ -1,40 +1,41 @@
-{
- "id": "incident_managername",
- "version": -1,
- "modified": "2020-09-06T10:29:12.223513078Z",
- "name": "Manager Name",
- "ownerOnly": false,
- "description": "Manager Name",
- "cliName": "managername",
- "type": "shortText",
- "closeForm": false,
- "editForm": true,
- "required": false,
- "neverSetAsRequired": false,
- "isReadOnly": false,
- "useAsKpi": false,
- "locked": false,
- "system": false,
- "content": true,
- "group": 0,
- "hidden": false,
- "associatedTypes": [
-  "SysAid Change",
-  "SysAid Incident",
-  "SysAid Problem",
-  "SysAid Request",
-  "IAM - New Hire",
-  "IAM - Terminate User",
-  "IAM - Update User",
-  "User Profile",
-  "IAM - Sync User",
-  "IAM - Rehire User"
- ],
- "associatedToAll": false,
- "unmapped": false,
- "unsearchable": true,
- "caseInsensitive": true,
- "sla": 0,
- "threshold": 72,
- "fromVersion": "5.0.0"
+{
+ "id": "incident_managername",
+ "version": -1,
+ "modified": "2020-09-06T10:29:12.223513078Z",
+ "name": "Manager Name",
+ "ownerOnly": false,
+ "description": "Manager Name",
+ "cliName": "managername",
+ "type": "shortText",
+ "closeForm": false,
+ "editForm": true,
+ "required": false,
+ "neverSetAsRequired": false,
+ "isReadOnly": false,
+ "useAsKpi": false,
+ "locked": false,
+ "system": false,
+ "content": true,
+ "group": 0,
+ "hidden": false,
+ "associatedTypes": [
+  "SysAid Change",
+  "SysAid Incident",
+  "SysAid Problem",
+  "SysAid Request",
+  "IAM - New Hire",
+  "IAM - Terminate User",
+  "IAM - Update User",
+  "User Profile",
+  "IAM - Sync User",
+  "IAM - Rehire User",
+  "Exabeam Notable User"
+ ],
+ "associatedToAll": false,
+ "unmapped": false,
+ "unsearchable": true,
+ "caseInsensitive": true,
+ "sla": 0,
+ "threshold": 72,
+ "fromVersion": "5.0.0"
 }
diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-Mobile_Phone.json b/Packs/CommonTypes/IncidentFields/incidentfield-Mobile_Phone.json
@@ -1,34 +1,35 @@
-{
- "associatedToAll": false,
- "associatedTypes": [
-  "User Profile",
-  "IAM - New Hire",
-  "IAM - Update User",
-  "IAM - Terminate User",
-  "IAM - Sync User",
-  "IAM - Rehire User"
- ],
- "caseInsensitive": true,
- "cliName": "mobilephone",
- "closeForm": false,
- "content": true,
- "editForm": true,
- "group": 0,
- "hidden": false,
- "id": "incident_mobilephone",
- "isReadOnly": false,
- "locked": false,
- "name": "Mobile Phone",
- "neverSetAsRequired": false,
- "ownerOnly": false,
- "required": false,
- "sla": 0,
- "system": false,
- "threshold": 72,
- "type": "shortText",
- "unmapped": false,
- "unsearchable": false,
- "useAsKpi": false,
- "version": -1,
- "fromVersion": "5.0.0"
+{
+ "associatedToAll": false,
+ "associatedTypes": [
+  "User Profile",
+  "IAM - New Hire",
+  "IAM - Update User",
+  "IAM - Terminate User",
+  "IAM - Sync User",
+  "IAM - Rehire User",
+  "Exabeam Notable User"
+ ],
+ "caseInsensitive": true,
+ "cliName": "mobilephone",
+ "closeForm": false,
+ "content": true,
+ "editForm": true,
+ "group": 0,
+ "hidden": false,
+ "id": "incident_mobilephone",
+ "isReadOnly": false,
+ "locked": false,
+ "name": "Mobile Phone",
+ "neverSetAsRequired": false,
+ "ownerOnly": false,
+ "required": false,
+ "sla": 0,
+ "system": false,
+ "threshold": 72,
+ "type": "shortText",
+ "unmapped": false,
+ "unsearchable": false,
+ "useAsKpi": false,
+ "version": -1,
+ "fromVersion": "5.0.0"
 }
diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-Risk_Score.json b/Packs/CommonTypes/IncidentFields/incidentfield-Risk_Score.json
@@ -13,7 +13,8 @@
 		"Skyhigh Security Alert",
 		"Skyhigh Security Threat",
 		"AWS Security Hub Finding",
-		"Prisma Cloud - VM Alert Prioritization"
+		"Prisma Cloud - VM Alert Prioritization",
+        "Exabeam Notable User"
 	],
 	"breachScript": "",
 	"caseInsensitive": true,

diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-Start_Time.json b/Packs/CommonTypes/IncidentFields/incidentfield-Start_Time.json
@@ -13,7 +13,8 @@
         "Microsoft Sentinel Incident",
         "Graph Security Alert",
         "CrowdStrike Falcon IDP Detection",
-        "Stamus Networks DoC"
+        "Stamus Networks DoC",
+        "Exabeam Notable User"
     ],
     "breachScript": "",
     "caseInsensitive": true,