Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EXPANDR-3176 Prisma Cloud pack - Updating prisma cloud v2 playbooks #25747

Merged
merged 14 commits into from Apr 20, 2023
Merged

EXPANDR-3176 Prisma Cloud pack - Updating prisma cloud v2 playbooks #25747

merged 14 commits into from Apr 20, 2023

Conversation

capanw
Copy link
Contributor

@capanw capanw commented Apr 6, 2023

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

  • In Progress
  • Ready
  • In Hold - (Reason for hold)

Related Issues

https://jira-hq.paloaltonetworks.local/browse/EXPANDR-3176

Description

Updating V2 playbook outputs for AWS, GCP and Azure. Also adding v2 playbook for cloud resource find by ip playbook.

Screenshots

Paste here any images that will help the reviewer

Minimum version of Cortex XSOAR

  • 6.0.0
  • 6.1.0
  • 6.2.0
  • 6.5.0

Does it break backward compatibility?

  • Yes
    • Further details:
  • No

Must have

  • Tests
  • Documentation

@content-bot content-bot added the Contribution Thank you! Contributions are always welcome! label Apr 6, 2023
@content-bot content-bot changed the base branch from master to contrib/capanw_prisma-cloud-one April 6, 2023 07:40
@content-bot
Copy link
Collaborator

Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @samuelFain will know the proposed changes are ready to be reviewed.

@github-advanced-security
Copy link

You have successfully added a new CodeQL configuration /language:javascript. As part of the setup process, we have scanned this repository and found no existing alerts. In the future, you will see all code scanning alerts on the repository Security tab.

@github-advanced-security
Copy link

You have successfully added a new CodeQL configuration /language:python. As part of the setup process, we have scanned this repository and found no existing alerts. In the future, you will see all code scanning alerts on the repository Security tab.

@capanw
Copy link
Contributor Author

capanw commented Apr 6, 2023

Redlock deprecating PR: #25156

@content-bot content-bot added Community Contribution Form Filled Whether contribution form filled or not. labels Apr 10, 2023
@samuelFain
Copy link
Contributor

Hi @capanw,
Thank you for contributing!
Due to holidays in the past week, your PR review has ben slightly delayed, I apologize for that.
Since your PR mostly contains changes in playbooks, it will be reviewed by a member of our security team ASAP.
I’m available for any of your questions here or on slack.
Thank you for your patience!

efelmandar
efelmandar reviewed Apr 13, 2023
View reviewed changes
Copy link
Contributor

@efelmandar efelmandar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @capanw Thank you for your contribution, I finished reviewing the PR and the content looks great! Just one question about the GCP playbook, I noticed that the tasks for searching the resource are using the redlock-search-config command which I think is deprecated, while in the other playbooks these tasks use the prisma-cloud-config-search command, please make sure the task is using the correct command and let me know

@samuelFain samuelFain added the pending-contributor The PR is pending the response of its creator label Apr 13, 2023
@capanw
Copy link
Contributor Author

capanw commented Apr 17, 2023

Hello @efelmandar, Thanks for reviewing the content. There seems to be a bug/issue regarding that playbook and we are tracking it here.

The repo already has updated commands but its not being reflected in the marketplace pack and they are working on fixing it.

Thanks

@capanw
Copy link
Contributor Author

capanw commented Apr 17, 2023

Hello @efelmandar, Made changes to the GCP playbook. Should have updated commands. Let me know if you have any further questions. Thanks.

BEAdi added a commit that referenced this pull request Apr 18, 2023
@BEAdi
update regarding #25747
8e50fe8
BEAdi
BEAdi reviewed Apr 18, 2023
View reviewed changes
Copy link
Contributor

@BEAdi BEAdi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,
Thank you for your contribution! I am deprecating RedLock now and did some changes there in order to be compliant with your contribution.
Please make sure to change the places in the repository where Prisma Cloud - Find Public Cloud Resource by Public IP playbook is used by default, to use Prisma Cloud - Find Public Cloud Resource by Public IP v2. I saw it only once in Expanse Enrich Cloud Assets playbook.

...PrismaCloud/Playbooks/playbook-Prisma_Cloud_-_Find_Public_Cloud_Resource_by_Public_IP_v2.yml Outdated
task:
id: ca4523b4-7f64-4c09-8c6e-a68a4b73094f
version: -1
name: Prisma Cloud - Find GCP Resource by Public IP v2
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
name: Prisma Cloud - Find GCP Resource by Public IP v2
name: Prisma Cloud - Find GCP Resource by Public IP

No need to also change the name

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @BEAdi, are we just changing the name key? But leave the playbookName key as is?

Also, I see, you suggested changes for AWS/GCP. We are also using Azure as well. Should I update that too?

Thanks

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

...PrismaCloud/Playbooks/playbook-Prisma_Cloud_-_Find_Public_Cloud_Resource_by_Public_IP_v2.yml Outdated Show resolved Hide resolved
...PrismaCloud/Playbooks/playbook-Prisma_Cloud_-_Find_Public_Cloud_Resource_by_Public_IP_v2.yml Outdated Show resolved Hide resolved
@samuelFain
Copy link
Contributor

Hi @capanw,
@efelmandar has reviewed the changes you made and everything look good.
Also, please see @BEAdi's comments.

BEAdi added a commit that referenced this pull request Apr 18, 2023
@BEAdi
Deprecate RedLock (#25156)
65e1a73 
* deprecate v1

* deprecate playbooks

* update RN

* update regarding #25747

* fix validate

* update versions

* revert removal of incident fields

* remove hidden: true
@capanw
Copy link
Contributor Author

capanw commented Apr 19, 2023

@BEAdi @efelmandar, Updated with recommended suggestions.

@samuelFain samuelFain added ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR. docs-approved and removed pending-contributor The PR is pending the response of its creator labels Apr 19, 2023
@content-bot
Copy link
Collaborator

content-bot commented Apr 19, 2023
edited

For the Reviewer: Successfully created a pipeline in Gitlab with url: https://code.pan.run/xsoar/content/-/pipelines/5075834

@samuelFain samuelFain added ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR. and removed ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR. labels Apr 19, 2023
@samuelFain samuelFain added ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR. and removed ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR. labels Apr 19, 2023
@samuelFain samuelFain merged commit da8c691 into demisto:contrib/capanw_prisma-cloud-one Apr 20, 2023
20 of 21 checks passed
@content-bot content-bot mentioned this pull request Apr 20, 2023
Merged
11 tasks
samuelFain added a commit that referenced this pull request Apr 20, 2023
@content-bot @capanw @samuelFain
EXPANDR-3176 Prisma Cloud pack - Updating prisma cloud v2 playbooks (#…
615a404 
…25747) (#25994)

* Updating prisma cloud v2 playbooks

* Updated release notes

* Delete 3_0_3.md

* Update GCP playbooks with new commands

* Updating release notes

* Delete outdated release notes file

* Updated Names

* Rename 3_0_7.md to 4_0_1.md

---------

Co-authored-by: Chait A <112722030+capanw@users.noreply.github.com>
Co-authored-by: samuelFain <65926551+samuelFain@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BEAdi BEAdi BEAdi left review comments

@efelmandar efelmandar efelmandar left review comments

@samuelFain samuelFain samuelFain approved these changes

Assignees

@samuelFain samuelFain

Labels
Community Contribution Form Filled Whether contribution form filled or not. Contribution Thank you! Contributions are always welcome! docs-approved ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR.
Projects
None yet
Milestone
No milestone
5 participants
@capanw @content-bot @samuelFain @BEAdi @efelmandar