New 1Password XSIAM Integration #37730

kamalq97 · 2024-12-17T13:31:02Z

Related Issues

Description

Create a new '1Password' pack, including an XSIAM integration that can fetch three types of events:

Audit events
Item usage actions
Sign in attempts

github-actions · 2024-12-18T10:24:20Z

Coverage Report

File	Stmts	Miss	Cover	Missing
Packs/OnePassword/Integrations/OnePassword
OnePassword.py	105	9	91%	160, 184–185, 267–268, 303–304, 307, 309
TOTAL	105	9	91%

Tests	Skipped	Failures	Errors	Time
13	0 💤	0 ❌	0 🔥	2.133s ⏱️

Packs/1Password/Integrations/OnePasswordEventCollector/OnePasswordEventCollector.py

Packs/1Password/Integrations/OnePasswordEventCollector/OnePasswordEventCollector_test.py

Packs/1Password/pack_metadata.json

Packs/1Password/Integrations/OnePasswordEventCollector/OnePasswordEventCollector.yml

Packs/1Password/Integrations/OnePasswordEventCollector/OnePasswordEventCollector_description.md

Packs/1Password/Integrations/OnePasswordEventCollector/README.md

Packs/1Password/README.md

* Added event 'timestamp_ms' field to match `DATE_FILTER_FORMAT` (in ms precision) * Use 'timestamp_ms' to create `next_run_ids_to_skip` (list of already fetched IDs to skip) * Update test data and unit tests accordingly

JasBeilin

Great work!

* changed memberof with members * release notes * Delete invalid file (#38111) * Fix MISPV3 that returned indicator with DBot score unknown (#38106) * commit * commit * update RN * remove all debug * Update Packs/MISP/ReleaseNotes/2_1_50.md Co-authored-by: ShirleyDenkberg <[email protected]> --------- Co-authored-by: ShirleyDenkberg <[email protected]> * Change all paths in Readme and Description file-part6 (#38099) * fix * Fix Pylint errors in AWS (#38042) * aws pylint * apimodule * aws secret manager * apimodule_test * fix unit test * pylint fix * response * update dynamo test playbook * fromversion: 5.0.0 * Fix Pylint errors in C packs (#38048) * c packs pylint * fix rn * pack version * Fix Pylint errors in S part 1 packs (#38082) * pylint S1 packs * rn * docker image update * Fix Pylint errors in S part 2 packs (#38084) * pylint S2 packs * docker image update * AlibabaActionTrail Event Collector - Fixed a parsing error related to the First fetch time interval parameter (#38074) * Fixed the first fetch param parsing error * pre-commit fixes * Ignored the specific my py error * Updated the docker image tag to the latest * Updated the RN file * XSUP 45126 Cyberark Identity Update (#38071) * Updated ModelingRules ParsingRules * Updated pack_metadata * Updated README * Updated README * Updated README * Update Packs/CyberArkIdentity/README.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update pack_metadata.json * Updated ReleaseNotes * Updated ReleaseNotes --------- Co-authored-by: ShirleyDenkberg <[email protected]> * Nozomi make result per run configurble (#37531) (#38057) * NNPANXSOAR-6 * use record_created_at to paginate * fix tests * NNPANXSOAR-6 * use requests as http client to fix verify SSL issues * make code more stable * NNPANXSOAR-6 * updated documentation * NNPANXSOAR-6 * make linter happy * * add form Incidents per run * add logic to return every run the incidents size passed * * add form Incidents per run * add logic to return every run the incidents size passed * * add release notes * bump version * * add release notes * bump version * * update release notes * make linter happy * * make linter happy again * * make linter happy again * * use bearer token to auth every http call * add sign_in * fallback to basic auth * * fix default error response * * make app more robust * add more case * * fix proxy issue * add tests * * bumpversion * update readme * update release notes * * wip new pagination * * refactoring * make linter happy * remove dev logs * * refactoring * make linter happy * remove dev logs * * fix yml * * fix yml * * remove secrets * * remove secrets * * executed demisto-sdk split command on yml * fix linter issues * * fix release notes format * * bump docker image version Co-authored-by: Nicolò <[email protected]> * part 7 - fixing relative files (#38083) * part 7 - fixing relative files * fix * Fix Pylint errors in O packs (#38067) * remove o * skip CRTX-116483 * [EWS v2] Fix issue with files not opening (#37963) * [EWS v2] Fix issue with files not opening * Fix in fetch_attachments_for_message * CRTX-146122-ProofPoint-Email-Security (#37954) * added support for audit log type * added release notes * added release notes * added release notes * fix * fix * fix * fix * fix * added parsing * fix yml * fix notes * added tags * New Playbook - Suspicious Local Administrator Login (#37933) * new playbook * added trigger and RN * c * added error to pack ignore * trigger fixed * namefix * fix * fix for the trigger * Bump pack from version CortexResponseAndRemediation to 1.0.2. * fix RN * fix * fixx * fix for disable command * Update Packs/CortexResponseAndRemediation/Playbooks/playbook-Suspicious_Local_Administrator_Login.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CortexResponseAndRemediation/Playbooks/playbook-Suspicious_Local_Administrator_Login.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CortexResponseAndRemediation/Playbooks/playbook-Suspicious_Local_Administrator_Login_README.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CortexResponseAndRemediation/ReleaseNotes/1_0_2.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CortexResponseAndRemediation/Playbooks/playbook-Suspicious_Local_Administrator_Login_README.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CortexResponseAndRemediation/ReleaseNotes/1_0_2.md Co-authored-by: ShirleyDenkberg <[email protected]> * fix for read me * fix * fix for command * new image * Adi's review changes * Bump pack from version CortexResponseAndRemediation to 1.0.3. * fixes * Bump pack from version CortexResponseAndRemediation to 1.0.4. * fix * last version * added description * white image of the playbook * read me fix --------- Co-authored-by: Content Bot <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> * remove native (#38098) * fix * fix * fix * fix * Bump pack from version ThreatIntelReports to 1.0.21. * Bump pack from version Whois to 1.5.21. * cr * cr --------- Co-authored-by: RotemAmit <[email protected]> Co-authored-by: Shachar Kidor <[email protected]> Co-authored-by: eepstain <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: content-bot <[email protected]> Co-authored-by: Nicolò <[email protected]> Co-authored-by: Menachem Weinfeld <[email protected]> Co-authored-by: sdaniel6 <[email protected]> Co-authored-by: Karina Fishman <[email protected]> Co-authored-by: Content Bot <[email protected]> * fix (#38104) * change all paths in readme and description - part 8 (#38107) * change all paths in readme and description - part 8 * fix * Fix remote-access documentation (#38081) * init * Shirley Co-authored-by: ShirleyDenkberg <[email protected]> --------- Co-authored-by: ShirleyDenkberg <[email protected]> * a pylint (#38093) * pylint n packs (#38064) * [Panorama] MyPy In Docker (#37932) * mypy * rn * pylint * [McAfeeNSMv2] MyPy In Docker (#37995) * fix * fix * RN * E501 Line too long * autopep8 * Change all paths in Readme and Description file-part9 (#38108) * fix * fix * CIAC-12287/Add-Extract-Indicators-to-Suspicious-msiexec-execution-PB (#38047) * Add extract indicators for the playbook * Update release notes * Update release notes * Bump pack from version CortexResponseAndRemediation to 1.0.4. * Bump pack from version CortexResponseAndRemediation to 1.0.5. * Fix review comments --------- Co-authored-by: Content Bot <[email protected]> * Add logs to xql query (#38097) * add logs * add rn * fix log * [EWSO365] MyPy In Docker (#37990) * fix * RN * autopep8 * add retry (#38105) * add retry * RN * update RN * Aud demisto/auto update docker staging branch 89 (#37977) * Updated docker image to demisto/sklearn:1.0.0.1858294. PR batch #1/1 (#37961) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/netutils:1.0.0.118055. PR batch #1/1 (#37959) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/chromium:131.0.6778.117810. PR batch #1/1 (#37957) Co-authored-by: root <root@1e2de18e0cc3> * Add RN * . * Bump pack from version CommonScripts to 1.19.5. * Bump pack from version Mattermost to 2.0.7. * Bump pack from version CommonScripts to 1.19.6. * Bump pack from version CommonScripts to 1.19.7. * Bump pack from version CommonScripts to 1.19.8. * Bump pack from version CommonScripts to 1.19.9. * . * . * . --------- Co-authored-by: content-bot <[email protected]> Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: Content Bot <[email protected]> * Enhancement for Exchange forwarding rule (#38063) * new * fix * Added RN * Update Packs/CortexResponseAndRemediation/ReleaseNotes/1_0_4.md Co-authored-by: ShirleyDenkberg <[email protected]> * Bump pack from version CortexResponseAndRemediation to 1.0.5. * fix * Bump pack from version CortexResponseAndRemediation to 1.0.6. * Tomer's review fix * fix * skip if added * fix * RN * RN update * fixed rn * fixed rn * fixed rn --------- Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: Content Bot <[email protected]> * Change all paths in Readme and Description file-part10 (#38122) * Ciac 10837/content path (#37898) * InvalidMarkdownFileName - CIAC-10840 * InvalidDepthOneFolder - CIAC-10839 * InvalidIntegrationScriptFileName - CIAC-10841 * test * test * test * test * InvalidIntegrationScriptFileName - CIAC-10841 * fix paths and readme * fix paths * ignore validation * remove change * remove change added rn * added test * removed * pre-commit * pre-commit * remove rn * integration in skip * commit * XSUP-45578 (#38109) * fix bug * fix pre-commit * fix pre-commit * Update Packs/CommonScripts/ReleaseNotes/1_19_9.md Co-authored-by: ShirleyDenkberg <[email protected]> * Bump pack from version CommonScripts to 1.19.10. --------- Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: Content Bot <[email protected]> * A small fix in CSP, FireEye, O365 for supporting python 3.12 (#38051) * make the docstring a raw str * RN * add some more fixes * rn * rn --------- Co-authored-by: RotemAmit <[email protected]> * Fix Pylint errors in R packs (#38077) * pylint R packs * remove native from pytest-in-docker * update docker image * update test playbook Rundeck_test * update Rundeck_test to run only in xsoar saas * convert to relative - fm (#38056) * convert to relative * fix * fix * Fix remote-access documentation (#38081) * init * Shirley Co-authored-by: ShirleyDenkberg <[email protected]> --------- Co-authored-by: ShirleyDenkberg <[email protected]> * a pylint (#38093) * pylint n packs (#38064) * [Panorama] MyPy In Docker (#37932) * mypy * rn * pylint * [McAfeeNSMv2] MyPy In Docker (#37995) * fix * fix * RN * E501 Line too long * autopep8 * Change all paths in Readme and Description file-part9 (#38108) * fix * fix * CIAC-12287/Add-Extract-Indicators-to-Suspicious-msiexec-execution-PB (#38047) * Add extract indicators for the playbook * Update release notes * Update release notes * Bump pack from version CortexResponseAndRemediation to 1.0.4. * Bump pack from version CortexResponseAndRemediation to 1.0.5. * Fix review comments --------- Co-authored-by: Content Bot <[email protected]> * Add logs to xql query (#38097) * add logs * add rn * fix log * revert * Bump pack from version Phishing to 3.6.31. --------- Co-authored-by: Yehuda Rosenberg <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: RotemAmit <[email protected]> Co-authored-by: Shmuel Kroizer <[email protected]> Co-authored-by: Erez FelmanDar <[email protected]> Co-authored-by: Content Bot <[email protected]> Co-authored-by: Tal Carmeli <[email protected]> * AUD-demisto/auto_update_docker_staging_branch_88 (#38052) * Updated docker image to demisto/xsoar-tools:1.0.0.1902141. PR batch #1/1 (#37927) Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: azonenfeld <[email protected]> * Add RN * Bump pack from version CommonScripts to 1.19.7. * Bump pack from version CommonScripts to 1.19.8. * Bump pack from version Base to 1.39.13. * Bump pack from version CommonScripts to 1.19.9. * . * . * Bump pack from version Base to 1.39.14. * Bump pack from version Base to 1.39.15. --------- Co-authored-by: content-bot <[email protected]> Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: Content Bot <[email protected]> * Update ruff version to 0.8.0 (#37930) * update ruff * [tool.ruff] * [BoxV2] MyPy In Docker (#38133) * fix * update docker * RN * [SymantecEmailSecurity] MyPy In Docker (#38137) * fix * docker * RN * Add ErrorReasons to 'core-action-status-get' Command (#37483) * add errorReasons * add error_description to HR * add outputs * add RN * add polling output * change to No Tests * change output path * UT * readme * precommit * doc review * fix build fail (#38146) * fix * fix * Revert "Update ruff version to 0.8.0 (#37930)" (#38138) This reverts commit cb44cac. * Fix-cs-t1059-playbook (#38148) * Fixed playbook conditional task for creating new incident + added additional endpoint fields to the layout * RN * Update Packs/CrowdStrikeFalcon/ReleaseNotes/2_1_6.md Co-authored-by: ShirleyDenkberg <[email protected]> --------- Co-authored-by: ShirleyDenkberg <[email protected]> * Create new 1Password pack for Cortex XSIAM (#37730) * Fix additional ruff errors (#38144) * E721 * rn * update rn * 10611 finshes part 3 1 (#38150) * convert to relative * fix * fix * [MongoDBAtlasEventCollector] MyPy In Docker (#38139) * fix * docker * RN * [FindEmailCampaign] MyPy In Docker (#38140) * fix * RN * [Alibaba] MyPy In Docker (#38136) * Alibaba * docker * RN * unfreeze autoupdate flow cyberark (#38154) * unfreeze * rn * undo rn * 10611 finshes part 3_3 (#38161) * 10611 finshes part 3_3 * 10611 finshes part 3_3 * Fix protectwise uploaded file README image (#38157) * Fix Microsoft Defender incoming mapper / XSUP-45575 (#38155) * init * rn * rn * Fix CS Falcon outgoing mapper (#38087) * fix * rn * improves * Bump pack from version CrowdStrikeFalcon to 2.1.6. * works * rn * add test * add test * pre commit * Bump pack from version CrowdStrikeFalcon to 2.1.7. --------- Co-authored-by: Content Bot <[email protected]> * [ASM] - UVEM-790 - RankServiceOwners Update (#38091) (#38164) * Update RankSO Script and Release Notes * Update alertsource to ownerrelatedfield * Refactor output logic to write_output_to_context_key function * Refactor variables and update ReadMe * add error for wrong tenant * predefined/stringify * Apply suggestions from code review * changed wording --------- Co-authored-by: John <[email protected]> Co-authored-by: johnnywilkes <[email protected]> Co-authored-by: jwilkes <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> * ReversingLabs A1000 v2.4.4 (#38112) (#38170) * Update version to 2.4.4 * Update readme * Fix minor bugs in classification commands. * Add the contributors file * Add release notes Co-authored-by: Mislav Sever <[email protected]> * Fix Pylint errors in P packs (#38069) * pylint p packs * docker image updates * rn * Bump pack from version ProofpointThreatResponse to 2.0.21. * Bump pack from version PrismaCloudCompute to 1.7.11. * fix error * pylint error * revert some changes * added memory_threshold to PAN-OS - Block IP - Custom Block Rule Test * added memory_threshold to PAN-OS - Block IP - Static Address Group Test * added memory_threshold PAN-OS - Block URL - Custom URL Category Test * added memroty_treshold to all panorama test playbooks --------- Co-authored-by: Content Bot <[email protected]> * 10611 finshes part 3_4 (#38162) * 10611 finshes part 3_4 * 10611 finshes part 3_4 * 10611 finshes part 3_4 * reverrt change * 10611 finshes part 3_2 (#38160) * 10611 finshes part 3_2 * wop * poetry files (#38171) Co-authored-by: Content Bot <[email protected]> * fix ruff warnings (#38143) * Update content before upgrading pylint (#37732) * pylint errors * more pylint and rn * Bump pack from version EmailCommunication to 2.0.37. * more pylint and rn * pylint errors and rn * Bump pack from version Base to 1.39.3. * pylint errors and rn * pylint errors and rn * Bump pack from version Zoom to 1.6.20. * Bump pack from version CommonScripts to 1.18.4. * pylint errors and rn * pylint errors and rn * pylint errors and rn * run on the my sdk branch * remove changes from autofocus * ruff pre-commit fixes * delete some changes * Bump pack from version Base to 1.39.4. * fix validations * pylint and mypy errors * Bump pack from version CheckpointFirewall to 2.3.25. * fixes * pycln updates * rn and updates * autopop8 and fixes * Bump pack from version cisco-ise to 1.0.24. * Bump pack from version Netskope to 4.0.4. * Bump pack from version Base to 1.39.5. * fixes * Bump pack from version SuspiciousDomainHunting to 1.0.10. * Bump pack from version PrismaCloudCompute to 1.7.10. * Bump pack from version PAN-OS to 2.3.2. * Bump pack from version Palo_Alto_Networks_Enterprise_DLP to 2.0.15. * fixed missing pylint and errors * fixes * validations * autopop8 reco and poly * fix * docker image PolySwarm * fix line too long * pre-commit updates * Bump pack from version PaloAltoNetworks_SecurityAdvisories to 1.0.9. * use INFRA_BRANCH * docker images * fixed rn * Bump pack from version Base to 1.39.6. * base version update * docker images * Bump pack from version CommunityCommonScripts to 1.3.10. * Bump pack from version ctf01 to 1.0.36. * Bump pack from version ApiModules to 2.2.36. * Bump pack from version CrowdStrikeFalcon to 2.1.2. * updating version and release notes for apimodules * Bump pack from version TrendMicroVisionOne to 4.2.1. * updated the version of base * updated the docker image to 3.11 * pre-commit updates * removed code duplications * remove no longer needed pylint fix * remove duplications * fix rn * fix uptycs * pack version * Bump pack from version CrowdStrikeFalcon to 2.1.3. * Bump pack from version AWS-SecurityHub to 1.3.41. * remove aws * awsapimodule+secret manager * remove base * remove commonscripts + common community scripts + cs falcon * remove mattermost * pre-commit updates * remove c packs * remove e packs * remove f * remove * remove i + j * remove m * remove n * remove o * remove p * remove r * remove s1 * remove s2 * remove vmware * remove t * remove a * remove native from pylint-in-docker * Bump pack from version Whois to 1.5.21. * Bump pack from version Whois to 1.5.22. * update the test playbook Whois A new layout implemented with python-whois service * add Whois A new layout implemented with python-whois service to the tests of the integration * Bump pack from version ctf01 to 1.0.37. --------- Co-authored-by: Content Bot <[email protected]> * revert docker (#38169) * revert docker * revert docker * Update Packs/RTIR/ReleaseNotes/1_0_22.md Co-authored-by: Dan Tavori <[email protected]> * empty * empty * added section to the .yml * removed unrelated changes * update the docker image --------- Co-authored-by: Menachem Weinfeld <[email protected]> Co-authored-by: israelpoli <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: Mai Morag <[email protected]> Co-authored-by: RotemAmit <[email protected]> Co-authored-by: Shachar Kidor <[email protected]> Co-authored-by: eepstain <[email protected]> Co-authored-by: content-bot <[email protected]> Co-authored-by: Nicolò <[email protected]> Co-authored-by: sdaniel6 <[email protected]> Co-authored-by: Karina Fishman <[email protected]> Co-authored-by: Content Bot <[email protected]> Co-authored-by: Yehuda Rosenberg <[email protected]> Co-authored-by: Shmuel Kroizer <[email protected]> Co-authored-by: Erez FelmanDar <[email protected]> Co-authored-by: Tal Carmeli <[email protected]> Co-authored-by: barryyosi-panw <[email protected]> Co-authored-by: azonenfeld <[email protected]> Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: Yuval Cohen <[email protected]> Co-authored-by: rshunim <[email protected]> Co-authored-by: Adi Bamberger Edri <[email protected]> Co-authored-by: Sasha Sokolovich <[email protected]> Co-authored-by: Kamal Qarain <[email protected]> Co-authored-by: Judah Schwartz <[email protected]> Co-authored-by: Moshe Eichler <[email protected]> Co-authored-by: John <[email protected]> Co-authored-by: johnnywilkes <[email protected]> Co-authored-by: jwilkes <[email protected]> Co-authored-by: Mislav Sever <[email protected]> Co-authored-by: Sapir Shuker <[email protected]> Co-authored-by: Dan Tavori <[email protected]>

1Password shell pack and integration (dummy code)

af74b48

kamalq97 added inprogress It means the PR is still on progress, and should not be merged even if the build is green or approve python Pull requests that update Python code labels Dec 17, 2024

kamalq97 self-assigned this Dec 17, 2024

Fix default values in YML

769f84d

kamalq97 added 12 commits December 18, 2024 13:53

Rename from 1Password to OnePassword to avoid import issues

2352d4b

Rename integration

d1d1f05

Rename pack

30ad60b

Implement Client.get_events and improve docs

28c4167

Implement get_events_command

7fa5ae5

Write majority of event collector logic

60e476a

Add param in YML and write unit tests

6b6fc33

Add a unit test for fetch_events

572cabf

Add more unit tests and test data

fa9c8d0

Merge branch 'master' into CIAC-12024-1password-xsiam-collector-v1

2d8941b

Improve docs and fix next run logic

77c46f5

Merge branch 'master' into CIAC-12024-1password-xsiam-collector-v1

367b2bb

kamalq97 requested review from JasBeilin and ShirleyDenkberg and removed request for JasBeilin December 23, 2024 14:58

kamalq97 removed the inprogress It means the PR is still on progress, and should not be merged even if the build is green or approve label Dec 23, 2024

kamalq97 marked this pull request as ready for review December 23, 2024 14:59

kamalq97 changed the title ~~1Password Event Collector [DRAFT]~~ New 1Password XSIAM Event Collector Dec 23, 2024

kamalq97 added 4 commits December 23, 2024 17:11

Define DEFAULT_MAX_EVENTS_PER_FETCH constant

8091605

Merge branch 'master' into CIAC-12024-1password-xsiam-collector-v1

c473a04

Fix get_events_command doc string

19d8c3e

Use CaseInsensitiveDict

4fb20a3

dorschw reviewed Dec 23, 2024

View reviewed changes

ShirleyDenkberg reviewed Dec 23, 2024

View reviewed changes

kamalq97 added 3 commits January 1, 2025 10:08

Merge branch 'master' into CIAC-12024-1password-xsiam-collector-v1

7d41ee5

Fix minor bugs

fd5fde0

Update OnePasswordEventCollector_test.py

bd83a79

kamalq97 requested a review from JasBeilin January 1, 2025 14:49

kamalq97 and others added 7 commits January 2, 2025 11:00

Separate two helper functions

e8fba16

Merge branch 'master' into CIAC-12024-1password-xsiam-collector-v1

3af0e8f

Remove section about deleted config param

dd55ed3

Merge branch 'master' into CIAC-12024-1password-xsiam-collector-v1

3068c2b

Rename integration

3546cb2

Post demo update

04f3c16

Update docker_native_image_config.json

acfa172

kamalq97 changed the title ~~New 1Password XSIAM Event Collector~~ New 1Password XSIAM Integration Jan 7, 2025

kamalq97 added 6 commits January 7, 2025 15:59

Rename (Again)

ecea73c

Rename pack

e099ef2

Update docker_native_image_config.json

46af80c

Merge branch 'master' into CIAC-12024-1password-xsiam-collector-v1

b333c44

Update README.md

5f0058c

Improve handling of fetch run edge case

2ddaed7

* Added event 'timestamp_ms' field to match `DATE_FILTER_FORMAT` (in ms precision) * Use 'timestamp_ms' to create `next_run_ids_to_skip` (list of already fetched IDs to skip) * Update test data and unit tests accordingly

JasBeilin approved these changes Jan 9, 2025

View reviewed changes

kamalq97 and others added 7 commits January 12, 2025 11:23

Add another test case and more events

98a08a6

Merge branch 'master' into CIAC-12024-1password-xsiam-collector-v1

fed1ddd

Merge branch 'master' into CIAC-12024-1password-xsiam-collector-v1

da63f46

Merge branch 'master' into CIAC-12024-1password-xsiam-collector-v1

ce6ffdc

Merge branch 'master' into CIAC-12024-1password-xsiam-collector-v1

dd402ad

Merge branch 'master' into CIAC-12024-1password-xsiam-collector-v1

eb74cb8

Merge branch 'master' into CIAC-12024-1password-xsiam-collector-v1

6be340e

kamalq97 merged commit bb17dcb into master Jan 15, 2025
17 checks passed

kamalq97 deleted the CIAC-12024-1password-xsiam-collector-v1 branch January 15, 2025 07:27

omerKarkKatz pushed a commit that referenced this pull request Jan 15, 2025

Create new 1Password pack for Cortex XSIAM (#37730)

9203970

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

New 1Password XSIAM Integration #37730

New 1Password XSIAM Integration #37730

kamalq97 commented Dec 17, 2024 •

edited

Loading

github-actions bot commented Dec 18, 2024 •

edited

Loading

JasBeilin left a comment

New 1Password XSIAM Integration #37730

New 1Password XSIAM Integration #37730

Conversation

kamalq97 commented Dec 17, 2024 • edited Loading

Related Issues

Description

github-actions bot commented Dec 18, 2024 • edited Loading

JasBeilin left a comment

Choose a reason for hiding this comment

kamalq97 commented Dec 17, 2024 •

edited

Loading

github-actions bot commented Dec 18, 2024 •

edited

Loading