Code42 new playbooks #25702
Code42 new playbooks #25702
Conversation
content-bot
added
Contribution Form Filled
content-bot
changed the base branch from
master
to
contrib/code42_feature/code42_new_playbooks
|
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @samuelFain will know the proposed changes are ready to be reviewed. |
|
You have successfully added a new CodeQL configuration |
|
You have successfully added a new CodeQL configuration |
dantavori
requested review from
merit-maita and
efelmandar
and removed request for
samuelFain
|
Hi @timabrmsn , |
There was a problem hiding this comment.
Thank you so much for your contribution
please go over my comments, and make sure to pass the failing validation check.
@efelmandar will review your PR.
thanks again!
| @@ -1021,9 +1018,6 @@ def securitydata_search_command(client, args): | |||
|
|
|||
| @logger | |||
| def file_events_search_command(client, args): | |||
| file_events_version = demisto.incident()["CustomFields"].get("code42fileeventsversion", "1") | |||
| if file_events_version != "2": | |||
There was a problem hiding this comment.
why did you remove thee two conditions in the code?
There was a problem hiding this comment.
I had initially added those error conditions to prevent users from mixing the different event formats within the same incident (e.g. an incident fetched with V1 events shouldn't be able to make a V2 event search and add them to the V1 incident), but I realized after the release that this prevents running these commands from scheduled job playbooks (or testing in playbooks) without first manually setting the incident context value to the correct file event version.
| @@ -2511,24 +2511,6 @@ def test_security_data_search_command_searches_exposure_exists_when_no_exposure_ | |||
| assert len(filter_groups) == 3 | |||
|
|
|||
|
|
|||
| def test_file_events_search_command_returns_error_when_v2_events_not_configured( | |||
There was a problem hiding this comment.
why did you remove the test as well, is the version not relevant anymore?
There was a problem hiding this comment.
In deciding to remove the error condition altogether above, this test is no longer necessary.
| ## Playbook Image | ||
|
|
||
| --- |
There was a problem hiding this comment.
| ## Playbook Image | |
| --- |
if the section is empty, it should be removed
There was a problem hiding this comment.
It's not empty, as there's the image link right below this.
Packs/Code42/Playbooks/playbook-Code42_Check_Incydr_Status_And_Close_XSOAR_Incident_README.md
Show resolved
Hide resolved
Packs/Code42/Playbooks/playbook-Code42_Add_Employees_To_Departing_Employee_Watchlist_README.md
Show resolved
Hide resolved
Packs/Code42/Playbooks/playbook-Code42_Add_Employees_To_New_Hire_Watchlist_README.md
Show resolved
Hide resolved
merit-maita
added
the
ready-for-instance-test
|
@timabrmsn can you pull from master and push again please? |
There was a problem hiding this comment.
@timabrmsn @merit-maita Thanks for making the changes, I went over them and everything looks good!
…re/code42_new_playbooks
…to feature/code42_new_playbooks
…re/code42_new_playbooks
merit-maita
added
ready-for-instance-test
…to feature/code42_new_playbooks
|
|
merit-maita
added
ready-for-instance-test
merit-maita
merged commit b72beab
into
demisto:contrib/code42_feature/code42_new_playbooks
* Code42 new playbooks (#25702) * add mapping update to release notes * add new playbooks * layout update * linting and Security Alert playbook file rename * update Security Alert description * update version/release notes * Remove error handling around v1/v2 commands * add integration fix note in release notes * bump py42 docker image * remove test for file-events-search returning error * update playbooks to use code42-file-events-search instead of code42-securitydata-search * bump container version * remove 3_1_5.md change * update docker images * playbook PR feedback * bump to 3.1.7 * add departing employee playbook update * add new hire playbook update * departing employee auto add playbook update * departing employee cleanup playbook update * new hire auto add playbook update * new hire cleanup playbook update * remove departing employees playbook update * remove new hire playbook update * fix incident query * bump version * add `code42-get-user-risk-profile` command * update release notes * fix get user risk profile name and add test * playbook updates with new code42-user-get-risk-profile command * validation * validation * correct release notes docker image * add unit test for Code42FileEventsToMarkdownTable script * update docker image * updated docker image --------- Co-authored-by: Tim Abramson <tim.abramson@code42.com> Co-authored-by: merit <meretmaayta@gmail.com>
Status
Description
Adds 12 new Playbooks to the Code42 Integration and makes a small update to the Code42 Security Alert Layout.
Screenshots
Updated layout:
Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have