Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make Credential File Optional #125

Merged
merged 17 commits into from
Jul 25, 2023
Merged

Make Credential File Optional #125

merged 17 commits into from
Jul 25, 2023

Conversation

TreWilkinsRC
Copy link
Contributor

@TreWilkinsRC TreWilkinsRC commented Jul 18, 2023
edited
Loading

Changes

  • Removed credential file requirement.
  • Replaced click output message with print in S1 product.
  • Added structural code for raw results return (inactive until future update).

closes #121
closes #128

rc-csmith

This comment was marked as outdated.

Sign in to view

rc-csmith
rc-csmith reviewed Jul 19, 2023
View reviewed changes
surveyor.py Outdated Show resolved Hide resolved
rc-csmith
rc-csmith reviewed Jul 19, 2023
View reviewed changes
surveyor.py Outdated Show resolved Hide resolved
@redcanaryco redcanaryco deleted a comment from rc-csmith Jul 19, 2023
rc-csmith
rc-csmith reviewed Jul 19, 2023
View reviewed changes
surveyor.py Outdated Show resolved Hide resolved
@TreWilkinsRC TreWilkinsRC requested a review from rc-csmith July 20, 2023 13:08
rc-csmith
rc-csmith suggested changes Jul 20, 2023
View reviewed changes
Copy link
Contributor

@rc-csmith rc-csmith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks really good! There's a couple tests in SentinelOne that are failing that I can help troubleshoot and figure out what has changed but wanted to go ahead and get this review out the door.

products/microsoft_defender_for_endpoints.py Outdated Show resolved Hide resolved
products/cortex_xdr.py Outdated Show resolved Hide resolved
products/cortex_xdr.py Outdated Show resolved Hide resolved
products/microsoft_defender_for_endpoints.py Outdated Show resolved Hide resolved
products/microsoft_defender_for_endpoints.py Outdated Show resolved Hide resolved
products/vmware_cb_enterprise_edr.py Show resolved Hide resolved
products/vmware_cb_enterprise_edr.py Outdated Show resolved Hide resolved
products/vmware_cb_response.py Show resolved Hide resolved
products/vmware_cb_response.py Outdated Show resolved Hide resolved
products/vmware_cb_response.py Outdated Show resolved Hide resolved
@TreWilkinsRC TreWilkinsRC mentioned this pull request Jul 21, 2023
Closed
@TreWilkinsRC
Copy link
Contributor Author

TreWilkinsRC commented Jul 21, 2023
edited
Loading

Explaining S1 changes/updates:

@xC0uNt3r7hr34t Noted in #129 that there were unnecessary changes made to the pagination within S1, which should never have been altered. To address this bug and maintain limits in accordance with the S1 console and documentation, the pagination limit has been reset to 1000, which was the setting prior to the limit feature being introduced into Surveyor. The limits for Deep Visibility and Power Query have been maintained at 20000 and 1000, respectively. These values are updated in the request parameters, which is the only value that should have been changed.

Testing passed for in and out of bounds ranges for each mode.

@TreWilkinsRC TreWilkinsRC requested a review from rc-csmith July 21, 2023 13:10
rc-csmith
rc-csmith suggested changes Jul 21, 2023
View reviewed changes
products/sentinel_one.py Outdated
self.creds_file = kwargs['creds_file'] if 'creds_file' in kwargs else None
self._raw = kwargs['raw'] if 'raw' in kwargs else self._raw
limit = (kwargs['limit']) if 'limit' in kwargs else 0
self._pq = pq # This supports command-line options, will default to Deep Visibility
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could be considered a breaking change making DV the default instead of PQ

In PR #94 , there was the design decision to make PQ the default due to accuracy and performance

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PQ should remain the default as DV will be sunsetting in the next 6 months to a year.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That comment has since been corrected. Thanks! @xC0uNt3r7hr34t

rc-csmith
rc-csmith approved these changes Jul 21, 2023
View reviewed changes
Copy link
Contributor

@rc-csmith rc-csmith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉 LGTM!

@TreWilkinsRC TreWilkinsRC requested review from rc-abodkins and removed request for jholtmann and rcZachDiehl July 24, 2023 15:28
@TreWilkinsRC TreWilkinsRC merged commit fe9d2cd into redcanaryco:master Jul 25, 2023
@TreWilkinsRC TreWilkinsRC deleted the fr_121 branch July 25, 2023 20:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rc-csmith rc-csmith rc-csmith approved these changes

@rc-abodkins rc-abodkins rc-abodkins approved these changes

@xC0uNt3r7hr34t xC0uNt3r7hr34t Awaiting requested review from xC0uNt3r7hr34t

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG] Limit is too large causing 400 errors on SentinelOne requests [FR] Make Credential File Optional
4 participants
@TreWilkinsRC @xC0uNt3r7hr34t @rc-abodkins @rc-csmith