New style of phishing playbook with email parsing and single response #116
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@slavikm |
slavikm
commented
Nov 29, 2016
| if 'email' in demisto.args(): | ||
| email = demisto.args()['email'] | ||
| else: | ||
| sender = re.search(r".*From\w*:.*\b([A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,})\b", demisto.incidents()[0]['details'], re.I) |
There was a problem hiding this comment.
I'm not liking it. I think we should just receive a parameter of where to look and then pass the relevant context parameter.Let's not hard-code the demisto.incidents()[0]['details'] here. So, 2 parameters - email and body which you'll regex the email from.
…ad of incident details
figarrido
added a commit
to figarrido/int-demisto-content
that referenced
this pull request
Jan 12, 2024
MosheEichler
pushed a commit
that referenced
this pull request
Jan 14, 2024
* Add ids to storage (#111) * Fix create modified alerts (#100) * Add fetch for uncreated modified alerts * Fix python format issues * Add release notes * Change Last modified fetch string at fetch incidents action (#101) Co-authored-by: Diego Ramirez <dramirez@zerofox.com> * Change fetch of alerts timestamp to consider when no alerts are fetched (#104) Co-authored-by: Diego Ramirez <dramirez@zerofox.com> * Change fetch of alerts timestamp to consider when no alerts are fetched (#103) Co-authored-by: Diego Ramirez <dramirez@zerofox.com> * Fix lookup of the latest timestamp of create/update of an alerts (#106) * Fix lookup of the latest timestamp of create/update of an alerts * Fix linter issues * Add a test to check next_run changes with modified alerts * Add field to fetch alerts that has been updated * Update docker image version * Fix create modified alerts (#100) * Add fetch for uncreated modified alerts * Fix python format issues * Add release notes * Change fetch of alerts timestamp to consider when no alerts are fetched (#103) Co-authored-by: Diego Ramirez <dramirez@zerofox.com> * Fix lookup of the latest timestamp of create/update of an alerts (#106) * Fix lookup of the latest timestamp of create/update of an alerts * Fix linter issues * Add a test to check next_run changes with modified alerts * Fix missing alerts (#110) * Add field to fetch alerts that has been updated * Update docker image version * Update merge issues * Update docker image version and release notes * Fix merge issue * Update merge issue --------- Co-authored-by: Diego Ramirez R <dnrr2808@gmail.com> Co-authored-by: Diego Ramirez <dramirez@zerofox.com> * Update lint issues (#112) * Update ruff issues (#113) * Change dates to strings when fetching alerts (#116) * Add source header (#117) * Add source header in requests * Update release notes --------- Co-authored-by: Diego Ramirez R <dnrr2808@gmail.com> Co-authored-by: Diego Ramirez <dramirez@zerofox.com>
MosheEichler
pushed a commit
that referenced
this pull request
Jan 14, 2024
* Add ids to storage (#111) * Fix create modified alerts (#100) * Add fetch for uncreated modified alerts * Fix python format issues * Add release notes * Change Last modified fetch string at fetch incidents action (#101) * Change fetch of alerts timestamp to consider when no alerts are fetched (#104) * Change fetch of alerts timestamp to consider when no alerts are fetched (#103) * Fix lookup of the latest timestamp of create/update of an alerts (#106) * Fix lookup of the latest timestamp of create/update of an alerts * Fix linter issues * Add a test to check next_run changes with modified alerts * Add field to fetch alerts that has been updated * Update docker image version * Fix create modified alerts (#100) * Add fetch for uncreated modified alerts * Fix python format issues * Add release notes * Change fetch of alerts timestamp to consider when no alerts are fetched (#103) * Fix lookup of the latest timestamp of create/update of an alerts (#106) * Fix lookup of the latest timestamp of create/update of an alerts * Fix linter issues * Add a test to check next_run changes with modified alerts * Fix missing alerts (#110) * Add field to fetch alerts that has been updated * Update docker image version * Update merge issues * Update docker image version and release notes * Fix merge issue * Update merge issue --------- * Update lint issues (#112) * Update ruff issues (#113) * Change dates to strings when fetching alerts (#116) * Add source header (#117) * Add source header in requests * Update release notes --------- Co-authored-by: Felipe Garrido <fgarridob.95+github@gmail.com> Co-authored-by: Diego Ramirez R <dnrr2808@gmail.com> Co-authored-by: Diego Ramirez <dramirez@zerofox.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Lior, please make sure it works and add additional response steps with other integrations. Also, make sure to use the right sandbox as available.