New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New style of phishing playbook with email parsing and single response #116
Conversation
@slavikm |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good - just asked for a minor fix.
if 'email' in demisto.args(): | ||
email = demisto.args()['email'] | ||
else: | ||
sender = re.search(r".*From\w*:.*\b([A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,})\b", demisto.incidents()[0]['details'], re.I) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not liking it. I think we should just receive a parameter of where to look and then pass the relevant context parameter.Let's not hard-code the demisto.incidents()[0]['details'] here. So, 2 parameters - email and body which you'll regex the email from.
…ad of incident details
* Add ids to storage (#111) * Fix create modified alerts (#100) * Add fetch for uncreated modified alerts * Fix python format issues * Add release notes * Change Last modified fetch string at fetch incidents action (#101) Co-authored-by: Diego Ramirez <dramirez@zerofox.com> * Change fetch of alerts timestamp to consider when no alerts are fetched (#104) Co-authored-by: Diego Ramirez <dramirez@zerofox.com> * Change fetch of alerts timestamp to consider when no alerts are fetched (#103) Co-authored-by: Diego Ramirez <dramirez@zerofox.com> * Fix lookup of the latest timestamp of create/update of an alerts (#106) * Fix lookup of the latest timestamp of create/update of an alerts * Fix linter issues * Add a test to check next_run changes with modified alerts * Add field to fetch alerts that has been updated * Update docker image version * Fix create modified alerts (#100) * Add fetch for uncreated modified alerts * Fix python format issues * Add release notes * Change fetch of alerts timestamp to consider when no alerts are fetched (#103) Co-authored-by: Diego Ramirez <dramirez@zerofox.com> * Fix lookup of the latest timestamp of create/update of an alerts (#106) * Fix lookup of the latest timestamp of create/update of an alerts * Fix linter issues * Add a test to check next_run changes with modified alerts * Fix missing alerts (#110) * Add field to fetch alerts that has been updated * Update docker image version * Update merge issues * Update docker image version and release notes * Fix merge issue * Update merge issue --------- Co-authored-by: Diego Ramirez R <dnrr2808@gmail.com> Co-authored-by: Diego Ramirez <dramirez@zerofox.com> * Update lint issues (#112) * Update ruff issues (#113) * Change dates to strings when fetching alerts (#116) * Add source header (#117) * Add source header in requests * Update release notes --------- Co-authored-by: Diego Ramirez R <dnrr2808@gmail.com> Co-authored-by: Diego Ramirez <dramirez@zerofox.com>
* Add ids to storage (#111) * Fix create modified alerts (#100) * Add fetch for uncreated modified alerts * Fix python format issues * Add release notes * Change Last modified fetch string at fetch incidents action (#101) * Change fetch of alerts timestamp to consider when no alerts are fetched (#104) * Change fetch of alerts timestamp to consider when no alerts are fetched (#103) * Fix lookup of the latest timestamp of create/update of an alerts (#106) * Fix lookup of the latest timestamp of create/update of an alerts * Fix linter issues * Add a test to check next_run changes with modified alerts * Add field to fetch alerts that has been updated * Update docker image version * Fix create modified alerts (#100) * Add fetch for uncreated modified alerts * Fix python format issues * Add release notes * Change fetch of alerts timestamp to consider when no alerts are fetched (#103) * Fix lookup of the latest timestamp of create/update of an alerts (#106) * Fix lookup of the latest timestamp of create/update of an alerts * Fix linter issues * Add a test to check next_run changes with modified alerts * Fix missing alerts (#110) * Add field to fetch alerts that has been updated * Update docker image version * Update merge issues * Update docker image version and release notes * Fix merge issue * Update merge issue --------- * Update lint issues (#112) * Update ruff issues (#113) * Change dates to strings when fetching alerts (#116) * Add source header (#117) * Add source header in requests * Update release notes --------- Co-authored-by: Felipe Garrido <fgarridob.95+github@gmail.com> Co-authored-by: Diego Ramirez R <dnrr2808@gmail.com> Co-authored-by: Diego Ramirez <dramirez@zerofox.com>
Lior, please make sure it works and add additional response steps with other integrations. Also, make sure to use the right sandbox as available.