-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EWS - Adding O365 Tenant Allow/Block List Management #19103
EWS - Adding O365 Tenant Allow/Block List Management #19103
Conversation
…al working version.
…for new commands.
…ntegration version number.
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @ShacharKidor will know he can start review the proposed changes. |
The CircleCI check from your latest pushed commit was unsuccessful. @mikejrizzo take a look at the build by clicking this link. Failed Build Steps
Try and address the listed CircleCI build step failures at your earliest convenience. This will greatly expedite the process of getting your proposed changes merged into master. Happy coding and may the force be with you. |
The CircleCI build failed again. @mikejrizzo take a look at the build details here - and try and fix the issues so that we can merge your proposed changes as soon as possible. Failed Build Steps
|
|
||
|
||
--- | ||
[View Integration Documentation](https://xsoar.pan.dev/docs/reference/integrations/ews-extension-online-powershell-v2) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove (This is added automatically when publishing to the marketplace)
--- | |
[View Integration Documentation](https://xsoar.pan.dev/docs/reference/integrations/ews-extension-online-powershell-v2) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this was added by one of the demisto-sdk commands I ran to format and validate files, but I've manually removed it.
Done.
arguments: | ||
- name: entries | ||
required: true | ||
description: Entries to add to the list. Separate multiple entries with a comma (e.g. "Item1,Item2"). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
description: Entries to add to the list. Separate multiple entries with a comma (e.g. "Item1,Item2"). | |
description: A comma-separated list of entries to add to the list (e.g. "Item1,Item2"). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
predefined: | ||
- Tenant | ||
- AdvancedDelivery | ||
description: 'List subtype to add items to. ' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
description: 'List subtype to add items to. ' | |
description: List subtype to add items to. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
- name: notes | ||
description: Notes to include on new list entries | ||
- name: expiration_date | ||
description: Enter a specific date and time for the new entries to expire using format "YYYY-MM-DD HH:MM:SSz" for UTC time. Alternately, a PowerShell **GetDate** statement can be used. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we use the ISO format (YYYY-MM-DDTHH:MM:SSZ
) instead? We are using it across the product.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The time format I used came from the Microsoft documentation for this Powershell cmdlet, however I tested the command with ISO formatting and that works as well. I'm updating the field description to specify to use ISO format.
Done.
- Allow | ||
description: Action to filter entries by. | ||
- name: expiration_date | ||
description: Enter a specific date and time to filter entries by using format "YYYY-MM-DD HH:MM:SSz" for UTC time. Alternately, a PowerShell **GetDate** statement can be used. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
$ids = $kwargs.ids | ||
$list_type = $kwargs.list_type | ||
$list_subtype = $kwargs.list_subtype | ||
if ($entries -and $ids) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if not are passed?
if ($kwargs.set_context -eq "yes") | ||
{ | ||
$entry_context = @{ "$script:INTEGRATION_ENTRY_CONTEXT.RemovedTenantBlocks" = $raw_response } | ||
Write-Output $human_readable, $entry_context, $raw_response | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No need to write to context on "delete" commands
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is intended to allow storing a list of deleted items for later confirmation in playbooks/scripts that deletion was successful. I would suggest keeping this here unless it cannot be included.
$entries, $list_type, $list_subtype, $action, $notes, $no_expiration, $expiration_date | ||
) | ||
$human_readable = TableToMarkdown $raw_response "Results of $command" | ||
if ($kwargs.set_context -eq "yes") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The command should always set the context.
$entry, $list_type, $list_subtype, $action, $no_expiration, $expiration_date | ||
) | ||
$human_readable = TableToMarkdown $raw_response "Results of $command" | ||
if ($kwargs.set_context -eq "yes") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The command should always set the context.
@yaakovi I've pushed the various changes we discussed in our meeting on Tuesday. Please let me know if you have any further questions or items I need to look at. Thanks! |
* Added new commands to retrieve/modify Tenant Allow/Block Lists. Initial working version. * Restoring Readme content deleted accidentally * Tweaked description on command ews-get-tenant-allow-block-list-items * Updated pack documentation with new release notes and readme content for new commands. * Added command output definitions for added commands and incremented integration version number. * Added contributors.md file to pack. * Fixed issues found by YAML validation. * Fixed validation issue in release notes md file. * Added mention of Tenant Allow/Block List management features. * Removing set-context arguments and related code * Removed references to set_context argument. * Removed duplicated contributor section. * Removed duplicated contributor section. Co-authored-by: Mike Rizzo <mjrizzo@gmail.com> Co-authored-by: yaakovi <syaakovi@paloaltonetworks.com>
…emisto#19554) * Added new commands to retrieve/modify Tenant Allow/Block Lists. Initial working version. * Restoring Readme content deleted accidentally * Tweaked description on command ews-get-tenant-allow-block-list-items * Updated pack documentation with new release notes and readme content for new commands. * Added command output definitions for added commands and incremented integration version number. * Added contributors.md file to pack. * Fixed issues found by YAML validation. * Fixed validation issue in release notes md file. * Added mention of Tenant Allow/Block List management features. * Removing set-context arguments and related code * Removed references to set_context argument. * Removed duplicated contributor section. * Removed duplicated contributor section. Co-authored-by: Mike Rizzo <mjrizzo@gmail.com> Co-authored-by: yaakovi <syaakovi@paloaltonetworks.com>
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
No related issues.
Description
This pull request adds additional commands to the "EWS Extension Online Powershell v2" to allow management of O365 Tenant Allow/Block Lists. This O365 feature allows for simple tenant-wide blocking or allowing of things such as email senders, file hashes, and URLs. This feature is managed using the same PowerShell module already incorporated into the integration.
Existing functionality of this integration is not changed. This contribution only adds new functionality.
Official documentation of this O365 feature can be found here: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-worldwide
Screenshots
Paste here any images that will help the reviewer
Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have