New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Code42 new playbooks #25702
Code42 new playbooks #25702
Conversation
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @samuelFain will know the proposed changes are ready to be reviewed. |
You have successfully added a new CodeQL configuration |
You have successfully added a new CodeQL configuration |
Hi @timabrmsn , |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you so much for your contribution
please go over my comments, and make sure to pass the failing validation check.
@efelmandar will review your PR.
thanks again!
@@ -1021,9 +1018,6 @@ def securitydata_search_command(client, args): | |||
|
|||
@logger | |||
def file_events_search_command(client, args): | |||
file_events_version = demisto.incident()["CustomFields"].get("code42fileeventsversion", "1") | |||
if file_events_version != "2": |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why did you remove thee two conditions in the code?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had initially added those error conditions to prevent users from mixing the different event formats within the same incident (e.g. an incident fetched with V1 events shouldn't be able to make a V2 event search and add them to the V1 incident), but I realized after the release that this prevents running these commands from scheduled job playbooks (or testing in playbooks) without first manually setting the incident context value to the correct file event version.
@@ -2511,24 +2511,6 @@ def test_security_data_search_command_searches_exposure_exists_when_no_exposure_ | |||
assert len(filter_groups) == 3 | |||
|
|||
|
|||
def test_file_events_search_command_returns_error_when_v2_events_not_configured( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why did you remove the test as well, is the version not relevant anymore?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In deciding to remove the error condition altogether above, this test is no longer necessary.
## Playbook Image | ||
|
||
--- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
## Playbook Image | |
--- |
if the section is empty, it should be removed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not empty, as there's the image link right below this.
Packs/Code42/Playbooks/playbook-Code42_Check_Incydr_Status_And_Close_XSOAR_Incident_README.md
Show resolved
Hide resolved
Packs/Code42/Playbooks/playbook-Code42_Add_Employees_To_Departing_Employee_Watchlist_README.md
Show resolved
Hide resolved
Packs/Code42/Playbooks/playbook-Code42_Add_Employees_To_New_Hire_Watchlist_README.md
Show resolved
Hide resolved
@timabrmsn can you pull from master and push again please? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@timabrmsn @merit-maita Thanks for making the changes, I went over them and everything looks good!
…re/code42_new_playbooks
…to feature/code42_new_playbooks
…re/code42_new_playbooks
…to feature/code42_new_playbooks
b72beab
into
demisto:contrib/code42_feature/code42_new_playbooks
* Code42 new playbooks (#25702) * add mapping update to release notes * add new playbooks * layout update * linting and Security Alert playbook file rename * update Security Alert description * update version/release notes * Remove error handling around v1/v2 commands * add integration fix note in release notes * bump py42 docker image * remove test for file-events-search returning error * update playbooks to use code42-file-events-search instead of code42-securitydata-search * bump container version * remove 3_1_5.md change * update docker images * playbook PR feedback * bump to 3.1.7 * add departing employee playbook update * add new hire playbook update * departing employee auto add playbook update * departing employee cleanup playbook update * new hire auto add playbook update * new hire cleanup playbook update * remove departing employees playbook update * remove new hire playbook update * fix incident query * bump version * add `code42-get-user-risk-profile` command * update release notes * fix get user risk profile name and add test * playbook updates with new code42-user-get-risk-profile command * validation * validation * correct release notes docker image * add unit test for Code42FileEventsToMarkdownTable script * update docker image * updated docker image --------- Co-authored-by: Tim Abramson <tim.abramson@code42.com> Co-authored-by: merit <meretmaayta@gmail.com>
Status
Description
Adds 12 new Playbooks to the Code42 Integration and makes a small update to the Code42 Security Alert Layout.
Screenshots
Updated layout:
Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have