New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SentinelOne 2.1.0 #18609
SentinelOne 2.1.0 #18609
Conversation
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @yaakovi will know he can start review the proposed changes. |
The CircleCI check from your latest pushed commit was unsuccessful. @CraigWampler take a look at the build by clicking this link. Failed Build Steps
Try and address the listed CircleCI build step failures at your earliest convenience. This will greatly expedite the process of getting your proposed changes merged into master. Happy coding and may the force be with you. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good work, make sure to look at my suggestions.
Please add a test for each new command, and modify the pack-metadata for the new version.
Also make sure to add the new playbooks to the release notes and look at the checks fails in the pr and fix them.
Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml
Outdated
Show resolved
Hide resolved
Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml
Outdated
Show resolved
Hide resolved
Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py
Outdated
Show resolved
Hide resolved
Regarding the failing checks: Unit tests are failing (before I added any tests) due to the Validation is failing because of many different YAML validation errors. The YAML itself was generated by XSOAR.... so I'm assuming those are okay to ignore? |
@CraigWampler Make sure to address all of the validation errors, and I'll check about the line error. Make sure to merge from master |
I fixed what I think are all the issues I can fix. I also merged in master, but now it's saying that 253 files were changed, so I'm thinking maybe I did the merge wrong? Here's what I did:
Was I supposed to do something different? |
The CircleCI build failed again. @CraigWampler take a look at the build details here - and try and fix the issues so that we can merge your proposed changes as soon as possible. Failed Build Steps
|
The CircleCI build failed again. @CraigWampler take a look at the build details here - and try and fix the issues so that we can merge your proposed changes as soon as possible. Failed Build Steps
|
Cool, in the demo we can simply observe the updated PR in action, for me it would be sufficient if you have an incident that ran with the playbooks that you are contributiing. Messaged back in DFIR |
…dated success messages for adding/removing from blocklist
…er/content into CraigWampler_SentinelOne2_1_0
The CircleCI build failed again. @CraigWampler take a look at the build details here - and try and fix the issues so that we can merge your proposed changes as soon as possible. Failed Build Steps
|
Successfully created a pipeline in Gitlab with url: https://code.pan.run/xsoar/content/-/pipelines/3000863 |
The CircleCI build failed again. @CraigWampler take a look at the build details here - and try and fix the issues so that we can merge your proposed changes as soon as possible. Failed Build Steps
|
Successfully created a pipeline in Gitlab with url: https://code.pan.run/xsoar/content/-/pipelines/3004514 |
Successfully created a pipeline in Gitlab with url: https://code.pan.run/xsoar/content/-/pipelines/3014988 |
caac274
into
demisto:contrib/CraigWampler_CraigWampler_SentinelOne2_1_0
* SentinelOne 2.1.0 (#18609) * Updates to SentinelOne V2 * Renaming to match case for README.md files * Updates to fix merge issues * Modified package metadata and added unit tests for new actions * Fix Flak8 errors in SentinelOne-V2_test.py * Fix new Flake8 errors * Fixing validation errors. Specifically in yml files * Fixed validation issues on description field missing * Update 2_1_0.md * Updated ReleaseNotes * Updated docker image version * Removed commented out register_line callas * Try to fix not found commands in README * Try to fix not found commands in README * Update 2_1_0.md * Removed blank line at the end of the file * updated readme * Updating playbooks to address feedback * adding in examples.txt changes * Added command examples to README * Removing playbooks from submission * Revert playbooks to origin/master * Updated outputs in integration YAML for sentinelone-get-blocklist. Updated success messages for adding/removing from blocklist * Removing Playbooks added in by merge * Removed trailing white space * Update README with new context data output * Revert playbook to origin * Removed png files Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com> Co-authored-by: MLainer1 <maylainer96@gmail.com> * Update README.md Done. * Update SentinelOne-V2.yml Done. Co-authored-by: Craig Wampler <1719280+CraigWampler@users.noreply.github.com> Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com> Co-authored-by: MLainer1 <maylainer96@gmail.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
None
Description
Integrations
SentinelOne v2
Added the following commands:
sentinelone-get-blocklist - List out contents of a block list
sentinelone-add-hash-to-blocklist - Add a hash to a block list
sentinelone-remove-hash-from-blocklist - Remove a hash from a block list
sentinelone-fetch-file - Initiate a file fetch command against an endpoint
sentinelone-download-fetched-file - Download a file fetched with the sentinelone-fetch-file command.
Note: SentinelOne uses the term "blacklist" in their documentation/API. This was modified to use the term "blocklist" in the integration commands.
Screenshots
Paste here any images that will help the reviewer
Minimum version of Cortex XSOAR
Does it break backward compatibility?
I noticed that for the SentinelOne Integration, the name field is SentinelOne V2, but the display is SentinelOne v2. This change in upper/lower casing made it unintuitive to filter to see if the integration was enabled using modules.brand. I changed the case to match (went with lower case). Not sure if that will break code for someone who assumed it would be uppercase or not.
Must have
The only additional "test" I created are the three attached playbook that validate the file download capability