Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sumo Logic Cloud SIEM Pack upgrade #25818

Merged
merged 2 commits into from Apr 13, 2023
Merged

Sumo Logic Cloud SIEM Pack upgrade #25818

merged 2 commits into from Apr 13, 2023

Conversation

content-bot
Copy link
Collaborator

Original External PR

external pull request

Contributor

@duchatran

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

  • [] In Progress
  • Ready
  • In Hold - (Reason for hold)

Related Issues

N/A

Description

This is an upgrade of the current Sumo Logic Cloud SIEM Pack. This upgrade includes:

  • New incident type for Sumo Logic Signals (optional) and a corresponding new layout.
  • New incident fields for the new Sumo Logic Signal incident type
  • Enhanced mapper with more mapping to standard XSOAR fields
  • Upgraded layout for Sumo Logic Insight Incident type
  • Support for MIRROR IN and OUT between XSOAR and Sumo Logic Cloud SIEM
  • 2 new scripts: one to link Sumo Logic Signal incidents with the corresponding Insight Incident and one to close the linked Signal incidents when an Insight incident is closed.
  • One playbook to link Sumo Logic Signal Incidents with the corresponding Insight incident.

Screenshots

Paste here any images that will help the reviewer

Minimum version of Cortex XSOAR

  • 6.0.0
  • 6.1.0
  • 6.2.0
  • 6.5.0

Does it break backward compatibility?

  • Yes
    • Further details:
  • No

Must have

  • Tests
  • Documentation

@duchatran
Sumo Logic Cloud SIEM Pack upgrade (#25414)
7d57275 
* Fine tune the mirror in and out comments and close notes

* Fix pytest issues

* Fix lint issues

* Update Release Notes 1.1.9

* Redefine the panel Primary Entity Details for Sumo Insight/Insight Details layout

* Update Release Notes

* Add new UTs and update docker image

* Address some comments by @yucohen

* Fix python docker image in RN, add UT for update_remote_system_command

* Update docker image version and Integration's README

* Fix docker image in RN

* Change back the name and id of the classifier Sumo Logic Cloud SIEM and added a v2 classifier.

* Reduce cron frequency for Sumo Logic Cloud SIEM Link Signal task to 1 min

* Fix issue with RN by renaming classifier files

* Add UT for script SumoLogicCloseLinkSignalIncidents and SumoLogicLinkSignalIncidents

* Update docker image

* Update docker image, revert classifier name+id change, and rename new classifier

* Rename old classifier to classifier-SumoLogic_Insight.json

* Update description for new classifier

* Rename new classifier file

* Revert renaming classifier file
@content-bot content-bot added Contribution Thank you! Contributions are always welcome! Partner ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR. Contribution Form Filled Whether contribution form filled or not. labels Apr 13, 2023
@yucohen yucohen merged commit 6c5dce5 into master Apr 13, 2023
13 checks passed
@yucohen yucohen deleted the contrib/jasklabs_sumo-integration-mar-23 branch April 13, 2023 08:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yucohen yucohen yucohen approved these changes

Assignees

@kgal-pan kgal-pan

@yucohen yucohen

@efelmandar efelmandar

Labels
Contribution Form Filled Whether contribution form filled or not. Contribution Thank you! Contributions are always welcome! docs-approved Partner ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR.
Projects
None yet
Milestone
No milestone
5 participants
@content-bot @yucohen @kgal-pan @efelmandar @duchatran