EWS - Adding O365 Tenant Allow/Block List Management #19103
Conversation
…al working version.
…for new commands.
…ntegration version number.
content-bot
changed the base branch from
master
to
contrib/mikejrizzo_contrib/mikerizzo_ews
|
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @ShacharKidor will know he can start review the proposed changes. |
content-bot
added
Community
Contribution Form Filled
|
The CircleCI check from your latest pushed commit was unsuccessful. @mikejrizzo take a look at the build by clicking this link. Failed Build Steps
Try and address the listed CircleCI build step failures at your earliest convenience. This will greatly expedite the process of getting your proposed changes merged into master. Happy coding and may the force be with you. |
|
The CircleCI build failed again. @mikejrizzo take a look at the build details here - and try and fix the issues so that we can merge your proposed changes as soon as possible. Failed Build Steps
|
|
|
||
|
|
||
| --- | ||
| [View Integration Documentation](https://xsoar.pan.dev/docs/reference/integrations/ews-extension-online-powershell-v2) |
There was a problem hiding this comment.
Remove (This is added automatically when publishing to the marketplace)
| --- | |
| [View Integration Documentation](https://xsoar.pan.dev/docs/reference/integrations/ews-extension-online-powershell-v2) |
There was a problem hiding this comment.
I think this was added by one of the demisto-sdk commands I ran to format and validate files, but I've manually removed it.
Done.
| arguments: | ||
| - name: entries | ||
| required: true | ||
| description: Entries to add to the list. Separate multiple entries with a comma (e.g. "Item1,Item2"). |
There was a problem hiding this comment.
| description: Entries to add to the list. Separate multiple entries with a comma (e.g. "Item1,Item2"). | |
| description: A comma-separated list of entries to add to the list (e.g. "Item1,Item2"). |
| predefined: | ||
| - Tenant | ||
| - AdvancedDelivery | ||
| description: 'List subtype to add items to. ' |
There was a problem hiding this comment.
| description: 'List subtype to add items to. ' | |
| description: List subtype to add items to. |
| - name: notes | ||
| description: Notes to include on new list entries | ||
| - name: expiration_date | ||
| description: Enter a specific date and time for the new entries to expire using format "YYYY-MM-DD HH:MM:SSz" for UTC time. Alternately, a PowerShell **GetDate** statement can be used. |
There was a problem hiding this comment.
Can we use the ISO format (YYYY-MM-DDTHH:MM:SSZ) instead? We are using it across the product.
There was a problem hiding this comment.
The time format I used came from the Microsoft documentation for this Powershell cmdlet, however I tested the command with ISO formatting and that works as well. I'm updating the field description to specify to use ISO format.
Done.
| - Allow | ||
| description: Action to filter entries by. | ||
| - name: expiration_date | ||
| description: Enter a specific date and time to filter entries by using format "YYYY-MM-DD HH:MM:SSz" for UTC time. Alternately, a PowerShell **GetDate** statement can be used. |
| $ids = $kwargs.ids | ||
| $list_type = $kwargs.list_type | ||
| $list_subtype = $kwargs.list_subtype | ||
| if ($entries -and $ids) |
| if ($kwargs.set_context -eq "yes") | ||
| { | ||
| $entry_context = @{ "$script:INTEGRATION_ENTRY_CONTEXT.RemovedTenantBlocks" = $raw_response } | ||
| Write-Output $human_readable, $entry_context, $raw_response | ||
| } |
There was a problem hiding this comment.
No need to write to context on "delete" commands
There was a problem hiding this comment.
This is intended to allow storing a list of deleted items for later confirmation in playbooks/scripts that deletion was successful. I would suggest keeping this here unless it cannot be included.
| $entries, $list_type, $list_subtype, $action, $notes, $no_expiration, $expiration_date | ||
| ) | ||
| $human_readable = TableToMarkdown $raw_response "Results of $command" | ||
| if ($kwargs.set_context -eq "yes") |
There was a problem hiding this comment.
The command should always set the context.
| $entry, $list_type, $list_subtype, $action, $no_expiration, $expiration_date | ||
| ) | ||
| $human_readable = TableToMarkdown $raw_response "Results of $command" | ||
| if ($kwargs.set_context -eq "yes") |
There was a problem hiding this comment.
The command should always set the context.
|
|
|
@yaakovi I've pushed the various changes we discussed in our meeting on Tuesday. Please let me know if you have any further questions or items I need to look at. Thanks! |
* Added new commands to retrieve/modify Tenant Allow/Block Lists. Initial working version. * Restoring Readme content deleted accidentally * Tweaked description on command ews-get-tenant-allow-block-list-items * Updated pack documentation with new release notes and readme content for new commands. * Added command output definitions for added commands and incremented integration version number. * Added contributors.md file to pack. * Fixed issues found by YAML validation. * Fixed validation issue in release notes md file. * Added mention of Tenant Allow/Block List management features. * Removing set-context arguments and related code * Removed references to set_context argument. * Removed duplicated contributor section. * Removed duplicated contributor section. Co-authored-by: Mike Rizzo <mjrizzo@gmail.com> Co-authored-by: yaakovi <syaakovi@paloaltonetworks.com>
…emisto#19554) * Added new commands to retrieve/modify Tenant Allow/Block Lists. Initial working version. * Restoring Readme content deleted accidentally * Tweaked description on command ews-get-tenant-allow-block-list-items * Updated pack documentation with new release notes and readme content for new commands. * Added command output definitions for added commands and incremented integration version number. * Added contributors.md file to pack. * Fixed issues found by YAML validation. * Fixed validation issue in release notes md file. * Added mention of Tenant Allow/Block List management features. * Removing set-context arguments and related code * Removed references to set_context argument. * Removed duplicated contributor section. * Removed duplicated contributor section. Co-authored-by: Mike Rizzo <mjrizzo@gmail.com> Co-authored-by: yaakovi <syaakovi@paloaltonetworks.com>
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
No related issues.
Description
This pull request adds additional commands to the "EWS Extension Online Powershell v2" to allow management of O365 Tenant Allow/Block Lists. This O365 feature allows for simple tenant-wide blocking or allowing of things such as email senders, file hashes, and URLs. This feature is managed using the same PowerShell module already incorporated into the integration.
Existing functionality of this integration is not changed. This contribution only adds new functionality.
Official documentation of this O365 feature can be found here: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-worldwide
Screenshots
Paste here any images that will help the reviewer
Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have