Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Palo Alto Cortex XDR | Get Incidents trigger patch #2906

Open
wants to merge 41 commits into
base: develop
Choose a base branch
from

Conversation

cmcnally-r7
Copy link
Collaborator

Proposed Changes

Description

Describe the proposed changes:

  • In the output for get incidents, split up the host output and put into an object with key hostname. If two values found after : split then make first value hostname, and the second value endpoint_id

PR Requirements

Developers, verify you have completed the following items by checking them off:

Testing

Unit Tests

Review our documentation on generating and writing plugin unit tests

  • Unit tests written for any new or updated code

In-Product Tests

If you are an InsightConnect customer or have access to an InsightConnect instance, the following in-product tests should be done:

  • Screenshot of job output with the plugin changes
  • Screenshot of the changed connection, actions, or triggers input within the InsightConnect workflow builder

Style

Review the style guide

  • For dependencies, pin OS package and Python package versions
  • For security, set least privileged account with USER nobody in the Dockerfile when possible
  • For size, use the slim SDK images when possible: rapid7/insightconnect-python-3-38-slim-plugin:{sdk-version-num} and rapid7/insightconnect-python-3-38-plugin:{sdk-version-num}
  • For error handling, use of PluginException and ConnectionTestException
  • For logging, use self.logger
  • For docs, use changelog style
  • For docs, validate markdown with insight-plugin validate which calls icon_validate to lint help.md

Functional Checklist

  • Work fully completed
  • Functional
    • Any new actions/triggers include JSON test files in the tests/ directory created with insight-plugin samples
    • Tests should all pass unless it's a negative test. Negative tests have a naming convention of tests/$action_bad.json
    • Unsuccessful tests should fail by raising an exception causing the plugin to die and an object should be returned on successful test
    • Add functioning test results to PR, sanitize any output if necessary
      • Single action/trigger insight-plugin run -T tests/example.json --debug --jq
      • All actions/triggers shortcut insight-plugin run -T all --debug --jq (use PR format at end)
    • Add functioning run results to PR, sanitize any output if necessary
      • Single action/trigger insight-plugin run -R tests/example.json --debug --jq
      • All actions/triggers shortcut insight-plugin run --debug --jq (use PR format at end)

Assessment

You must validate your work to reviewers:

  1. Run insight-plugin validate and make sure everything passes
  2. Run the assessment tool: insight-plugin run -A. For single action validation: insight-plugin run tests/{file}.json -A
  3. Copy (insight-plugin ... | pbcopy) and paste the output in a new post on this PR
  4. Add required screenshots from the In-Product Tests section

SamhithaTatipalli and others added 30 commits October 7, 2024 10:09
* Initial commit for armorblox plugin

* Fix validate errors

* Timestamp changes

* Updated armorblox-sdk 0.1.4 version in requirements.txt

* Updated the suggestions for plugin.spec.yaml

* Update plugins/armorblox/help.md

* Update plugins/armorblox/help.md

* Update plugins/armorblox/help.md

* Update plugins/armorblox/help.md

* Update plugins/armorblox/help.md

* Update plugins/armorblox/help.md

* Update plugins/armorblox/help.md

* Updated review comments

* Update plugins/armorblox/icon_armorblox/triggers/get_incidents/schema.py

* Update plugins/armorblox/unit_test/payloads/get_remediation_action.json

* Update plugins/armorblox/unit_test/payloads/get_remediation_action.json

* Updated armorblox plugin with the required fixes

* Updated plugin with latest fixes

* Updated plugin with parameterized on test cases

* "Fixed review comments"

* Updated support field to community in plugin.spec.yaml

---------

Co-authored-by: Ankita Sharma <[email protected]>
Co-authored-by: Rajat Upadhyaya <[email protected]>
* SOAR-17026-Bumping requirements of requests

* SOAR-17026-Bumping requirements cryptography and idna
* SOAR-17409-Adding fedramp ready flag to plugin

* SOAR-17409-Adding timeouts to the requests

* SOAR-17409-Addnf deafult to endpoint
* Possible solution to caseId

* changes

* Fixing get_case_details action. SDK Bump and Plugin refresh

* Keeping conor happy

* changing references in help.md
* Updated SDK to the latest version

* Adjusting unit test imports

* Fixing Docker Issue. Changed Plugin Spec and altered bin file

* Adding new line at the end of the file

* Removing unnecessary package from requirements

* Additional dependencies after refreshing the plugin

* Reverting the defaults and aligning with the examples

* Missing default in the plugin's spec

* Removing the defaults apart of the Enum type of the fields

* Adjusting the defaults for the timeout fields

---------

Co-authored-by: rjmurray <[email protected]>
* Addressing snyk vulns. SDK Bump

* Cleaning up help.md / plugin.spec

* Fixing validator
* Unit tests added

* Change data values in samples

* Refactor intial run unit test

* Add more for intial success unit test

* Working on test 2&3

* One test for now

* Full test for successful run and pagination

* Refactor pagination test, add task Util

* Some basic error tests

* More errors added, todo list added

* Add dedupe test and fix response to return null on the no results found response

* Tidy dedupe test

* Update version and changelog

* Delete more excess response files

* Restore original util and update checksum

* New line in response files, test for custom_config

* All failure tests passing

* All failure tests passing

* 100% coverage

* Remove redundant line in taskutil

* Update SDK

* Update changelog and pretty print response files
…2878)

* Add specific 500 return code for 'retry your request' error

* Update version to 2.1.11 & bump sdk to 6.1.4

* Fix SCA

* .. And fix checksum

* Unit tests added

* Add newline at end of response file

* Add extra error logging on 2 failed retry attempts

* Remove logger in get error, log full decoded response
* Restrain observability Window

* feedback
igorski-r7 and others added 11 commits October 23, 2024 16:27
…ia logical operator | Updated action to return more than 500 results (#2885)
* Snyk and SDK

* help.md

* Updating search help.md

* Fix help.md
* snyk and SDK bump

* set up help.md
* Add custom config exceptions and update unit tests for errors

* Fix bug in get incidents trigger, update version

* Update checksum for task schema

* Util update, no unit tests for testing

* Broken unit test fix 2

* Fix unit tests
…igger (#2903)

* Undo change to list split for get incidents trigger

* Black formatting

* Remove self.maxdiff in unit test

* Update spec file
* snyk and sdk - hybrid_analysis

* Fixing unit tests

* possible path fix?

* help.md and space in requirements.txt

* json format
* snyk and sdk

* deleting integration unit tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants