New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Pack: CTM360 #37743

Merged

MLainer1 merged 10 commits into demisto:contrib/CTM360-Integrations_ctm360-hackerview-1 from CTM360-Integrations:ctm360-hackerview-1

Jan 7, 2025

Contributor

edx-sayed-salem commented Dec 18, 2024

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

In Progress
Ready
In Hold - (Reason for hold)

Related Issues

None

Description

Update the integration docker image.
Add another integration module.

Must have

Tests
Documentation

edx-sayed-salem added 2 commits

December 18, 2024 11:50


          Modified pack-ignore

d54067f


          squash pack update commits

CLAassistant commented Dec 18, 2024 •

edited

Loading

All committers have signed the CLA.

content-bot added Contribution External PR Partner Support Level labels

content-bot changed the base branch from master to contrib/CTM360-Integrations_ctm360-hackerview-1

December 18, 2024 09:00

content-bot assigned MLainer1 and idovandijk

content-bot added the Security Review label

content-bot requested review from idovandijk and MLainer1

December 18, 2024 09:00

Collaborator

content-bot commented Dec 18, 2024

Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @MLainer1 will know the proposed changes are ready to be reviewed.
For your convenience, here is a link to the contributions SLAs document.

Collaborator

content-bot commented Dec 18, 2024

Hi @edx-sayed-salem, thanks for contributing to the XSOAR marketplace. To receive credit for your generous contribution please follow this link.

idovandijk requested review from karinafishman and removed request for idovandijk

December 18, 2024 09:50

edx-sayed-salem added 2 commits

December 18, 2024 13:55


          Ignore unsearchable

e41f75a


          Correct ID and remove unnecessary fields

1e1776d

content-bot assigned edik24

content-bot added Partner-Approved Contribution Form Filled Partner labels

Contributor

karinafishman commented Dec 24, 2024

Here are some comments regarding the PR:

Dashboard

Please notice that the dashboard is not on full screen, there is a space on the right side. You can see the difference with the default dashboards.

Release notes
Make sure you don't have unnecessary data like: </~XSIAM>.
IncidentFields
Using "unsearchable": false can negatively affect the performance. Please, change it to True.
Playbook
Please fix the general visualization of the playbook. The labels and the linking lines are not clear.
Task numbers: 25,26,27,28 are not linked to anything. Please link them to the end of the playbook or the relevant next task.
Assign Analyst section header is not needed. Usually, we will use section headers that combine multiple tasks under the section header. In this case, the section header and the task after are the same.
You have 2 same section headers: End of Playbook. Please use the same one. (In task 22)
General comments
Please fix all the errors in the build.
Check all the comments I added to the PR.

karinafishman requested changes

View reviewed changes

Packs/CTM360-CyberBlindspot/ReleaseNotes/2_0_0.md Outdated

+              ##### New: CTM360 HackerView Potential Impact
+              - New: Incident field for potential impact of incident on an asset.<~XSIAM> (Available from Cortex XSIAM 2.0).</~XSIAM>
+              <~XSOAR> (Available from Cortex XSOAR 6.10.0).</~XSOAR>

Contributor

karinafishman Dec 24, 2024

Make sure you don't have <~XSOAR> in your Release notes.

Contributor Author

edx-sayed-salem Dec 25, 2024

Change made

Packs/CTM360-CyberBlindspot/ReleaseNotes/2_0_0.md


		- New: Incident field for potential types of attacks that may follow such incident.<~XSIAM> (Available from Cortex XSIAM 2.0).</~XSIAM>
		<~XSOAR> (Available from Cortex XSOAR 6.10.0).</~XSOAR>

Contributor

karinafishman Dec 24, 2024

Same, make sure you don't have: </~XSOAR> or </~XSIAM>

Contributor Author

edx-sayed-salem Dec 25, 2024

Change made

Packs/CTM360-CyberBlindspot/IncidentFields/incidentfields-Asset_Type.json Outdated

+                  ],
+                  "associatedToAll": false,
+                  "unmapped": false,
+                  "unsearchable": false,

Contributor

karinafishman Dec 24, 2024

Should be "true" in all IncidentFields.

Contributor Author

edx-sayed-salem Dec 25, 2024

Change made

Packs/CTM360-CyberBlindspot/Playbooks/playbook-HackerView_Incident_Management.yml

+                          iscontext: true
+                        right:
+                          value:
+                            simple: In,Both

Contributor

karinafishman Dec 24, 2024

Please add ignore cases.

Contributor Author

edx-sayed-salem Dec 25, 2024

Change made

Packs/CTM360-CyberBlindspot/Playbooks/playbook-HackerView_Incident_Management.yml Outdated

+                  task:
+                    id: 63cb6508-eefb-4ff1-b157-de4f070e9dca
+                    version: -1
+                    name: End of Playbook

Contributor

karinafishman Dec 24, 2024

Duplicated header, you can use the same one.

Contributor Author

edx-sayed-salem Dec 25, 2024

Used one end section

Packs/CTM360-CyberBlindspot/Playbooks/playbook-HackerView_Incident_Management.yml Outdated

+                  task:
+                    id: 52edca00-4e6d-4739-86da-2a5401f3fd2d
+                    version: -1
+                    name: Is Incident Closed?

Contributor

karinafishman Dec 24, 2024

Is the incident closed

Contributor Author

edx-sayed-salem Dec 25, 2024

Correction made

Packs/CTM360-CyberBlindspot/Playbooks/playbook-HackerView_Incident_Management.yml

+                          iscontext: true
+                        right:
+                          value:
+                            simple: inactive

Contributor

karinafishman Dec 24, 2024

Please add ignore cases

Contributor Author

edx-sayed-salem Dec 25, 2024

Change made

Packs/CTM360-CyberBlindspot/Playbooks/playbook-HackerView_Incident_Management.yml Outdated

+                  task:
+                    id: bbecc79d-d8ea-4513-8571-c102e9bdf3ea
+                    version: -1
+                    name: Start Investgation

Contributor

karinafishman Dec 24, 2024

Should be *Investigation

Contributor Author

edx-sayed-salem Dec 25, 2024

Corrected

edx-sayed-salem added 2 commits

December 25, 2024 10:43


          Address requested changes

9ac36d3


          Address requested changes 2

9fcf2fe

Contributor Author

edx-sayed-salem commented Dec 25, 2024

I'm not sure I have control over why the CI pre-commit fails, can anyone take a look?

Contributor

karinafishman commented Dec 25, 2024

@edx-sayed-salem Did you executed "demisto-sdk pre-commit"?

MLainer1 requested changes

View reviewed changes

Contributor

MLainer1 left a comment

Hi, thank you for your contribution.
I'm publishing the first half of the review, the second part will be published later.
Let me know if you need anything.

Packs/CTM360-CyberBlindspot/Integrations/HackerView/HackerView.py Outdated Show resolved Hide resolved

Packs/CTM360-CyberBlindspot/Integrations/HackerView/HackerView.py Show resolved Hide resolved

Packs/CTM360-CyberBlindspot/Integrations/HackerView/HackerView.py Outdated Show resolved Hide resolved

Packs/CTM360-CyberBlindspot/Integrations/HackerView/HackerView.py Outdated Show resolved Hide resolved

Packs/CTM360-CyberBlindspot/Integrations/HackerView/HackerView.py Outdated Show resolved Hide resolved

Packs/CTM360-CyberBlindspot/Integrations/HackerView/HackerView.py Outdated Show resolved Hide resolved

Packs/CTM360-CyberBlindspot/Integrations/HackerView/HackerView.py Outdated Show resolved Hide resolved

Packs/CTM360-CyberBlindspot/Integrations/HackerView/HackerView.py Outdated Show resolved Hide resolved

Packs/CTM360-CyberBlindspot/Integrations/HackerView/HackerView.py Outdated Show resolved Hide resolved

Packs/CTM360-CyberBlindspot/Integrations/HackerView/HackerView.py Show resolved Hide resolved

Contributor Author

edx-sayed-salem commented Dec 25, 2024

@edx-sayed-salem Did you executed "demisto-sdk pre-commit"?

Yes, it looks like something related to pylint and python 3.12 issue (the docker image version is 3.12)

edx-sayed-salem requested a review from MLainer1

December 30, 2024 13:45

karinafishman approved these changes

View reviewed changes

MLainer1 requested changes

View reviewed changes

Contributor

MLainer1 left a comment

Nice work!
Let's schedule a demo to check your changes and your new pintegration/
I'll reach out over on DFIR to schedule it.

Packs/CTM360-CyberBlindspot/Integrations/HackerView/HackerView.py Outdated Show resolved Hide resolved

MLainer1 added the pending-demo label


          Address requested changes 4

899d703

Unnecessary decorator

Co-authored-by: MLainer1 <[email protected]>

MLainer1 added post-demo ready-for-instance-test and removed pending-demo labels

Collaborator

content-bot commented Jan 2, 2025

For the Reviewer: Trigger build request has been accepted for this contribution PR.

Collaborator

content-bot commented Jan 2, 2025

For the Reviewer: Successfully created a pipeline in GitLab with url: https://gitlab.xdr.pan.local/xdr/cortex-content/content/-/pipelines/1913531

content-bot removed the ready-for-instance-test label

MLainer1 added the Security Approved label

Contributor

MLainer1 commented Jan 5, 2025

Hi @edx-sayed-salem, looks like there are some pre-commit errors. can you have a look at them?

Contributor Author

edx-sayed-salem commented Jan 6, 2025

Hi @edx-sayed-salem, looks like there are some pre-commit errors. can you have a look at them?

Hi, yes it seems the same error from before about python 12 and ruff/pylint. There's another about too many requests when pulling from docker hub.

I think too many requests will solve itself, but ruff/pylint fix was said to be in the works.

Contributor

MLainer1 commented Jan 6, 2025

Hi @edx-sayed-salem, looks like there are some pre-commit errors. can you have a look at them?

Hi, yes it seems the same error from before about python 12 and ruff/pylint. There's another about too many requests when pulling from docker hub.

I think too many requests will solve itself, but ruff/pylint fix was said to be in the works.

Can you create another commit (can be empty) just to run the checks again? the fix should be deployed already


          Empty-Commit

e8e1a3a

Contributor Author

edx-sayed-salem commented Jan 6, 2025

ruff/pylint error remains

MLainer1 approved these changes

View reviewed changes

MLainer1 added the docs-approved label

Contributor

MLainer1 commented Jan 6, 2025

Hi @edx-sayed-salem

ruff/pylint error remains

After discussing with my team, we've decided it's best to hold off on updating the Docker image to Python 3.12. Instead, we should revert to the version prior to the latest one (demisto/python3:3.12.7.117934).

Contributor Author

edx-sayed-salem commented Jan 6, 2025

Hi @edx-sayed-salem

ruff/pylint error remains

After discussing with my team, we've decided it's best to hold off on updating the Docker image to Python 3.12. Instead, we should revert to the version prior to the latest one (demisto/python3:3.12.7.117934).

Do I need to do anything?

Contributor

MLainer1 commented Jan 6, 2025

Hi @edx-sayed-salem

ruff/pylint error remains

After discussing with my team, we've decided it's best to hold off on updating the Docker image to Python 3.12. Instead, we should revert to the version prior to the latest one (demisto/python3:3.12.7.117934).

Do I need to do anything?

Yes. reverse the dockerimage update you did in this PR


          Downgrade docker image to latest 3.11.x

79d2285

Contributor

MLainer1 commented Jan 7, 2025

Looks good! I'll merge the PR

MLainer1 merged commit 20981d2 into demisto:contrib/CTM360-Integrations_ctm360-hackerview-1

14 checks passed

content-bot mentioned this pull request

Update Pack: CTM360 #37967

Merged

5 tasks

github-actions bot commented Jan 7, 2025

Thank you for your contribution. Your external PR has been merged and the changes are now included in an internal PR for further review. The internal PR will be merged to the master branch within 3 business days.

MLainer1 added a commit that referenced this pull request


          Update Pack: CTM360 (#37743) (#37967)

d13a204

* Modified pack-ignore

* squash pack update commits

* Ignore `unsearchable`

* Correct ID and remove unnecessary fields

* Address requested changes

* Address requested changes 2

* Address requested changes 3

* Address requested changes 4

Unnecessary decorator



* Empty-Commit

* Downgrade docker image to latest 3.11.x

---------

Co-authored-by: S. AlQasim D. <[email protected]>
Co-authored-by: MLainer1 <[email protected]>

sdaniel6 pushed a commit that referenced this pull request


          Update Pack: CTM360 (#37743) (#37967)

ff2c0af

* Modified pack-ignore

* squash pack update commits

* Ignore `unsearchable`

* Correct ID and remove unnecessary fields

* Address requested changes

* Address requested changes 2

* Address requested changes 3

* Address requested changes 4

Unnecessary decorator



* Empty-Commit

* Downgrade docker image to latest 3.11.x

---------

Co-authored-by: S. AlQasim D. <[email protected]>
Co-authored-by: MLainer1 <[email protected]>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Contribution Form Filled Contribution docs-approved External PR Partner Support Level Partner Partner-Approved post-demo Security Approved Security Review