Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Devo integration v2 Improvement #25817

Merged
merged 3 commits into from Apr 13, 2023
Merged

Devo integration v2 Improvement #25817

merged 3 commits into from Apr 13, 2023

Conversation

content-bot
Copy link
Collaborator

Original External PR

external pull request

Contributor

@j-lopezal

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

  • In Progress
  • Ready
  • In Hold - (Reason for hold)

Related Issues

Description

This Devo XSOAR v2 Integration carries over everything from version 2 and adds two new features:

  • Items per page: helps manage number of Devo items (incidents i.e. alerts, query responses) to be processed by XSOAR to avoid overwhelming XSOAR

  • Custom alert table: allows XSOAR to query/process Devo data stored in my.app.alert.info table

Use Cases

  • Ingest all user-defined alerts from Devo into Cortex XSOAR

  • Query any data source available in Devo

  • Manage alert processing speed of XSOAR

  • Run needle-in-haystack multi-table queries for threat-hunting incidents

  • Write results back to Devo as searchable records or alerts

  • Write new entries into lookup tables to be used in synthesis tables (ALPHA)

Screenshots

Minimum version of Cortex XSOAR

  • 6.0.0
  • 6.1.0
  • 6.2.0
  • 6.5.0

Does it break backward compatibility?

  • Yes
    • Further details:
  • No

Must have

  • Tests
  • Documentation

@j-lopezal @rohan-metron
Devo integration v2 Improvement (#24747)
4d54172 
* Update .devcontainer.json name

* [Devo] Updated .pack-ignore for v3

* [Devo] Added Devo_v3 python file

* [Devo] Added Devo_v3 yaml file

* [Devo] Added Devo_v3 description file

* [Devo] Added Devo_v3 README file

* [Devo] Inherited Devo_v3 test file

* [Devo] Inherited Devo_v3 python file

* [Devo] Deprecated Devo_v2

* [Devo] Added release notes for v3 (1.2.0 version)

* [Devo] Updated pack_metadata.json

* [Devo] Simplified exception handling

* [Devo] Specified some pip package versions to avoid conflicts

* [Devo] Fixed problematic dependency versions

* [Devo] Missing default value for INCIDENTS_FETCH_INTERVAL in python file

* [Devo] Updated missing entry in 1.2.0 release notes

* [Devo] Python file is now Flake8 compliant

* [Devo] Updated Devo_v2.py

* [Devo] Updated Devo_v2.yml

* [Devo] Updated Devo_v2 README.md

* [Devo] Updated Release notes

* [Devo] Remove wrong version (Devo_v3)

* [Devo] Added minimum version of devo-sdk pip package

* [Devo] Changed required field in Devo_v2.yml

* Fixed MyPy lint errors

* Minor changes to meet lint standards

* Removed package version in Devo v2

* [Devo] Reverting devcontainer.json change

* [Devo] Fixed README.md "Devo_v3" occurrence

* [Devo] Changed "items_per_page" from required to optional

* [Devo] Fixed "items_per_page" requirement and added default value

* [Devo] Added default value to "items_per_page" in .py

* [Devo] Refactorized query strings

* [Devo] Removed unnecesarry Devo_v3 section from .pack-ignore

* [Devo] Updated docker image version

* test new devo docker image

* update new devo docker image

* update docker image

* modify unit test

* modify unit test

---------

Co-authored-by: j-lopezal <j-lopezal@users.noreply.github.com>
Co-authored-by: rohan-metron <rohan@metronlabs.com>
@content-bot content-bot added Contribution Thank you! Contributions are always welcome! Partner Contribution Form Filled Whether contribution form filled or not. pending-contributor The PR is pending the response of its creator labels Apr 13, 2023
@dansterenson dansterenson merged commit f016f21 into master Apr 13, 2023
13 checks passed
@dansterenson dansterenson deleted the contrib/j-lopezal_devo_integration_v3 branch April 13, 2023 09:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dansterenson dansterenson dansterenson approved these changes

Assignees

@dansterenson dansterenson

@edik24 edik24

Labels
Contribution Form Filled Whether contribution form filled or not. Contribution Thank you! Contributions are always welcome! docs-approved Partner pending-contributor The PR is pending the response of its creator
Projects
None yet
Milestone
No milestone
4 participants
@content-bot @dansterenson @edik24 @j-lopezal