New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
new commands and playbook added #25253
Conversation
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @yucohen will know the proposed changes are ready to bereviewed. |
|
||
|
||
def post_quarantineResource(self,org_id,resource_id, resource_type, from_date, to_date): | ||
if org_id is not None: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are we expecting org_id
to be defined? What happens if org_id
is None
? Currently, we still send it in json_data
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In case of Backupset that is FS,NAS or VMware OrgId is mandatory and in other resource types we don't need to give orgid
org_id=int(org_id) | ||
json_data = {'orgID':org_id,'resourceType': resource_type, 'fromDate': from_date, 'toDate': to_date} | ||
|
||
url_suffix = '/realize/ransomwarerecovery/v1/quarantineranges/resource/' + str(resource_id) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can utilize format strings in this. Looks cleaner IMO.
url_suffix = '/realize/ransomwarerecovery/v1/quarantineranges/resource/' + str(resource_id) | |
url_suffix = f"/realize/ransomwarerecovery/v1/quarantineranges/resource/{resource_id}" |
Feel free to change in all other client method url_suffix
s.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
url_suffixs are now changed in all other client method
return (readable_output, outputs, raw_response) | ||
|
||
else: | ||
raise RuntimeError('Error: ' + str(response.status_code)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If there's an error in the request (statusCode != 200
), does the endpoint provide an error message back (usually in response.content
or response.json()
)?
I think that providing the user with Error: {statusCode}
doesn't contain enough information for the user to know what's wrong and how to fix their issue. Might be helpful to add the response content when you raise the RuntimeError
in all *_Command
methods.
|
||
if command == 'hi-command': |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove. Also, remove all other commented out code you have in the file, for example:
# return_outputs(*Druva_ListQuarantine_Snapshots_Command(clientObj, resource_id, range_id))
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Commented code is removed
Hi @pk-druva thank you very much for your contribution it is highly appreciated, I reviewed the playbook you added and everything looks great. just a couple of things to consider:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pk-druva Thanks for the contribution! great work!
Please see my comments :)
readable_output = tableToMarkdown('Found Druva users', responseJson['users']) | ||
outputs = {"Druva.User(val.userID == obj.userID)": responseJson['users']} | ||
raw_response = responseJson | ||
return (readable_output, outputs, raw_response) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets change this to a commandResults object. You can see this article. Relevant to all the new commands added
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
commandResults object is used in all commands.
@@ -282,12 +355,29 @@ def main(): | |||
search_string = demisto.args().get('search_string') | |||
return_outputs(*Druva_FindDevice_Command(clientObj, search_string)) | |||
|
|||
if command == 'druva-find-user': | |||
user_string=demisto.args().get('user_string') | |||
return_outputs(*Druva_FindUser_Command(clientObj,user_string)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After changing to ComandResults, lets also change the return outputs to return_results
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return_outputs is replaced with return_results
@@ -15,10 +15,67 @@ configuration: | |||
name: clientId | |||
type: 4 | |||
required: true | |||
defaultvalue: K7QYkjixOag7f2P0J/t2sgXq9NMsbzj/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this default value should work for some users? If not, lets remove it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
default value is removed
- display: Secret Key | ||
name: secretKey | ||
type: 4 | ||
required: true | ||
defaultvalue: 7AHzEWu9yYgjeB4GdWVs9QopoWRlIGc3 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same here
runonce: false | ||
subtype: python3 | ||
longRunningPort: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this a long running integration? if not, lets remove this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed long running integration.
#### Command Example | ||
```!druva-list-quarantine-ranges``` | ||
|
||
#### Context Example | ||
``` | ||
{ | ||
"Druva": { | ||
"activeQuarantineRanges": { | ||
"fromDate": "2020-07-13", | ||
"orgID": -1, | ||
"rangeID": 415, | ||
"recoveryStatus": "None", | ||
"resourceID": 4497505, | ||
"resourceName": "SahilG-MBP", | ||
"resourceParent": "Druva Integrations", | ||
"resourcePlatform": "darwin", | ||
"resourceType": "Endpoint", | ||
"toDate": "2020-07-15", | ||
"workload": "endpoints" | ||
} | ||
} | ||
} | ||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why did we remove this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added Command Example
Packs/Druva/ReleaseNotes/1_1_2.md
Outdated
|
||
##### Druva Ransomware Response | ||
|
||
- %%UPDATE_RN%% |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please update the relevant change
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated relevant change in 1_1_2.md
- display: Fetch indicators | ||
name: feed | ||
type: 8 | ||
required: false | ||
- display: Indicator Verdict | ||
name: feedReputation | ||
type: 18 | ||
required: false | ||
options: | ||
- Unknown | ||
- None | ||
- Benign | ||
- Good | ||
- Suspicious | ||
- Malicious | ||
- Bad | ||
additionalinfo: Indicators from this integration instance will be marked with this verdict | ||
- display: Source Reliability | ||
name: feedReliability | ||
defaultvalue: F - Reliability cannot be judged | ||
type: 15 | ||
required: true | ||
options: | ||
- A - Completely reliable | ||
- B - Usually reliable | ||
- C - Fairly reliable | ||
- D - Not usually reliable | ||
- E - Unreliable | ||
- F - Reliability cannot be judged | ||
additionalinfo: Reliability of the source providing the intelligence data | ||
- display: "" | ||
name: feedExpirationPolicy | ||
defaultvalue: indicatorType | ||
type: 17 | ||
required: false | ||
options: | ||
- never | ||
- interval | ||
- indicatorType | ||
- suddenDeath | ||
- display: "" | ||
name: feedExpirationInterval | ||
defaultvalue: "20160" | ||
type: 1 | ||
required: false | ||
- display: Feed Fetch Interval | ||
name: feedFetchInterval | ||
defaultvalue: "240" | ||
type: 19 | ||
required: false | ||
- display: Bypass exclusion list | ||
name: feedBypassExclusionList | ||
type: 8 | ||
required: false | ||
additionalinfo: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the integration feed? If not, those parameters can be remoed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed these parameters.
a2295ad
into
demisto:contrib/pk-druva_Druva
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
fixes: link to the issue
Description
A few sentences describing the overall goals of the pull request's commits.
Screenshots
Paste here any images that will help the reviewer
Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have