new commands and playbook added #25253
Conversation
|
|
|
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @yucohen will know the proposed changes are ready to bereviewed. |
content-bot
added
Contribution Form Filled
|
|
||
|
|
||
| def post_quarantineResource(self,org_id,resource_id, resource_type, from_date, to_date): | ||
| if org_id is not None: |
There was a problem hiding this comment.
Are we expecting org_id to be defined? What happens if org_id is None? Currently, we still send it in json_data.
There was a problem hiding this comment.
In case of Backupset that is FS,NAS or VMware OrgId is mandatory and in other resource types we don't need to give orgid
| org_id=int(org_id) | ||
| json_data = {'orgID':org_id,'resourceType': resource_type, 'fromDate': from_date, 'toDate': to_date} | ||
|
|
||
| url_suffix = '/realize/ransomwarerecovery/v1/quarantineranges/resource/' + str(resource_id) |
There was a problem hiding this comment.
We can utilize format strings in this. Looks cleaner IMO.
| url_suffix = '/realize/ransomwarerecovery/v1/quarantineranges/resource/' + str(resource_id) | |
| url_suffix = f"/realize/ransomwarerecovery/v1/quarantineranges/resource/{resource_id}" |
Feel free to change in all other client method url_suffixs.
There was a problem hiding this comment.
url_suffixs are now changed in all other client method
| return (readable_output, outputs, raw_response) | ||
|
|
||
| else: | ||
| raise RuntimeError('Error: ' + str(response.status_code)) |
There was a problem hiding this comment.
If there's an error in the request (statusCode != 200), does the endpoint provide an error message back (usually in response.content or response.json())?
I think that providing the user with Error: {statusCode} doesn't contain enough information for the user to know what's wrong and how to fix their issue. Might be helpful to add the response content when you raise the RuntimeError in all *_Command methods.
|
|
||
| if command == 'hi-command': |
There was a problem hiding this comment.
Remove. Also, remove all other commented out code you have in the file, for example:
# return_outputs(*Druva_ListQuarantine_Snapshots_Command(clientObj, resource_id, range_id))There was a problem hiding this comment.
Commented code is removed
|
Hi @pk-druva thank you very much for your contribution it is highly appreciated, I reviewed the playbook you added and everything looks great. just a couple of things to consider:
|
| readable_output = tableToMarkdown('Found Druva users', responseJson['users']) | ||
| outputs = {"Druva.User(val.userID == obj.userID)": responseJson['users']} | ||
| raw_response = responseJson | ||
| return (readable_output, outputs, raw_response) |
There was a problem hiding this comment.
Lets change this to a commandResults object. You can see this article. Relevant to all the new commands added
There was a problem hiding this comment.
commandResults object is used in all commands.
| @@ -282,12 +355,29 @@ def main(): | |||
| search_string = demisto.args().get('search_string') | |||
| return_outputs(*Druva_FindDevice_Command(clientObj, search_string)) | |||
|
|
|||
| if command == 'druva-find-user': | |||
| user_string=demisto.args().get('user_string') | |||
| return_outputs(*Druva_FindUser_Command(clientObj,user_string)) | |||
There was a problem hiding this comment.
After changing to ComandResults, lets also change the return outputs to return_results
There was a problem hiding this comment.
return_outputs is replaced with return_results
| @@ -15,10 +15,67 @@ configuration: | |||
| name: clientId | |||
| type: 4 | |||
| required: true | |||
| defaultvalue: K7QYkjixOag7f2P0J/t2sgXq9NMsbzj/ | |||
There was a problem hiding this comment.
Is this default value should work for some users? If not, lets remove it
There was a problem hiding this comment.
default value is removed
| - display: Secret Key | ||
| name: secretKey | ||
| type: 4 | ||
| required: true | ||
| defaultvalue: 7AHzEWu9yYgjeB4GdWVs9QopoWRlIGc3 |
| runonce: false | ||
| subtype: python3 | ||
| longRunningPort: true |
There was a problem hiding this comment.
is this a long running integration? if not, lets remove this
There was a problem hiding this comment.
Removed long running integration.
| #### Command Example | ||
| ```!druva-list-quarantine-ranges``` | ||
|
|
||
| #### Context Example | ||
| ``` | ||
| { | ||
| "Druva": { | ||
| "activeQuarantineRanges": { | ||
| "fromDate": "2020-07-13", | ||
| "orgID": -1, | ||
| "rangeID": 415, | ||
| "recoveryStatus": "None", | ||
| "resourceID": 4497505, | ||
| "resourceName": "SahilG-MBP", | ||
| "resourceParent": "Druva Integrations", | ||
| "resourcePlatform": "darwin", | ||
| "resourceType": "Endpoint", | ||
| "toDate": "2020-07-15", | ||
| "workload": "endpoints" | ||
| } | ||
| } | ||
| } | ||
| ``` |
There was a problem hiding this comment.
Added Command Example
Packs/Druva/ReleaseNotes/1_1_2.md
Outdated
|
|
||
| ##### Druva Ransomware Response | ||
|
|
||
| - %%UPDATE_RN%% |
There was a problem hiding this comment.
please update the relevant change
There was a problem hiding this comment.
Updated relevant change in 1_1_2.md
pk-druva
requested review from
kgal-pan and
yucohen
and removed request for
efelmandar,
kgal-pan and
yucohen
| - display: Fetch indicators | ||
| name: feed | ||
| type: 8 | ||
| required: false | ||
| - display: Indicator Verdict | ||
| name: feedReputation | ||
| type: 18 | ||
| required: false | ||
| options: | ||
| - Unknown | ||
| - None | ||
| - Benign | ||
| - Good | ||
| - Suspicious | ||
| - Malicious | ||
| - Bad | ||
| additionalinfo: Indicators from this integration instance will be marked with this verdict | ||
| - display: Source Reliability | ||
| name: feedReliability | ||
| defaultvalue: F - Reliability cannot be judged | ||
| type: 15 | ||
| required: true | ||
| options: | ||
| - A - Completely reliable | ||
| - B - Usually reliable | ||
| - C - Fairly reliable | ||
| - D - Not usually reliable | ||
| - E - Unreliable | ||
| - F - Reliability cannot be judged | ||
| additionalinfo: Reliability of the source providing the intelligence data | ||
| - display: "" | ||
| name: feedExpirationPolicy | ||
| defaultvalue: indicatorType | ||
| type: 17 | ||
| required: false | ||
| options: | ||
| - never | ||
| - interval | ||
| - indicatorType | ||
| - suddenDeath | ||
| - display: "" | ||
| name: feedExpirationInterval | ||
| defaultvalue: "20160" | ||
| type: 1 | ||
| required: false | ||
| - display: Feed Fetch Interval | ||
| name: feedFetchInterval | ||
| defaultvalue: "240" | ||
| type: 19 | ||
| required: false | ||
| - display: Bypass exclusion list | ||
| name: feedBypassExclusionList | ||
| type: 8 | ||
| required: false | ||
| additionalinfo: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system. |
There was a problem hiding this comment.
Is the integration feed? If not, those parameters can be remoed
There was a problem hiding this comment.
Removed these parameters.
yucohen
merged commit a2295ad
into
demisto:contrib/pk-druva_Druva
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
fixes: link to the issue
Description
A few sentences describing the overall goals of the pull request's commits.
Screenshots
Paste here any images that will help the reviewer
Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have