Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix QRadar TPB #33003

Merged
merged 5 commits into from
Feb 25, 2024
Merged

Fix QRadar TPB #33003

merged 5 commits into from
Feb 25, 2024

Conversation

jlevypaloalto
Copy link
Contributor

@jlevypaloalto jlevypaloalto commented Feb 19, 2024
edited
Loading

Status

  • In Progress
  • Ready
  • In Hold - (Reason for hold)

Related Issues

fixes: link to the issue

Description

QRadar's TPB has been failing nightly due to the hard-coded offense ID used for two of it's jobs. Since Qradar offenses expire, the TPB needed to be updated every time it did. This PR focuses on using a dynamic offense ID retrieved in the TPB's runtime.

Changes:

1. Removed hard-coded offense_id from the playbook's inputs:

Screenshot 2024-02-25 at 9 07 19

2. Changed the query in the Get events with polling custom query job from using the offense_id to a generic query.

Before:

Screenshot 2024-02-25 at 9 05 37

After:

Screenshot 2024-02-25 at 9 46 57

3. Changed the offense_id field in the Get offense with polling job from the hard-coded input to a dynamic ID taken from the output of the !qradar-offenses-list command.

Before:

Screenshot 2024-02-25 at 9 05 15

After:

Screenshot 2024-02-25 at 9 00 27

Must have

  • Tests
  • Documentation

@jlevypaloalto jlevypaloalto requested review from JudahSchwartz and sapirshuker and removed request for JudahSchwartz February 19, 2024 21:02
@jlevypaloalto jlevypaloalto requested a review from ilaner February 20, 2024 14:18
@JudahSchwartz
Copy link
Contributor

please include before and after screenshots of the change with a bit more of a description what got changed

@jlevypaloalto jlevypaloalto merged commit 41e6cd7 into master Feb 25, 2024
17 checks passed
@jlevypaloalto jlevypaloalto deleted the jl-QRadar-tpb-test branch February 25, 2024 12:59
maimorag pushed a commit that referenced this pull request Feb 26, 2024
@jlevypaloalto @maimorag
Fix QRadar TPB (#33003)
2679841 
* init

* remove hard-coded test

* change test order
rundssoar pushed a commit to rundssoar/content that referenced this pull request Feb 28, 2024
@jlevypaloalto @rundssoar
Fix QRadar TPB (demisto#33003)
24d863a 
* init

* remove hard-coded test

* change test order
maimorag pushed a commit that referenced this pull request Feb 28, 2024
@jlevypaloalto @maimorag
Fix QRadar TPB (#33003)
fe815d8 
* init

* remove hard-coded test

* change test order
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JudahSchwartz JudahSchwartz JudahSchwartz approved these changes

@sapirshuker sapirshuker Awaiting requested review from sapirshuker

@ilaner ilaner Awaiting requested review from ilaner

Assignees
No one assigned
Labels
docs-approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jlevypaloalto @JudahSchwartz