[ASM] - Expandr 4735 #27951
Merged
[ASM] - Expandr 4735 #27951
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Update ranking algorithm for Service Ownership
Currently, we score and return all owners in ${alert.asmserviceowner} in sorted owners; instead, we want ${alert.asmserviceowner} to contain a smaller, high-confidence set of owners that we would be comfortable notifying via email.
Test plan: pytest + manual testing in tenant
* Add release notes
* Verify hyperparameters and update docs
* Add unit test for value-checking in _get_k
* Update release notes
* Manually apply diff in output of pre-commit check: use built-ins for type hints, set generators
---------
Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com>
content-bot
added
Contribution
michal-dagan
approved these changes
Jul 6, 2023
xsoar-bot
pushed a commit
to xsoar-contrib/content
that referenced
this pull request
Jul 26, 2023
* Update ranking algorithm for Service Ownership
Currently, we score and return all owners in ${alert.asmserviceowner} in sorted owners; instead, we want ${alert.asmserviceowner} to contain a smaller, high-confidence set of owners that we would be comfortable notifying via email.
Test plan: pytest + manual testing in tenant
* Add release notes
* Verify hyperparameters and update docs
* Add unit test for value-checking in _get_k
* Update release notes
* Manually apply diff in output of pre-commit check: use built-ins for type hints, set generators
---------
Co-authored-by: kball-pa <131012047+kball-pa@users.noreply.github.com>
Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com>
xsoar-bot
pushed a commit
to xsoar-contrib/content
that referenced
this pull request
Aug 2, 2023
* Update ranking algorithm for Service Ownership
Currently, we score and return all owners in ${alert.asmserviceowner} in sorted owners; instead, we want ${alert.asmserviceowner} to contain a smaller, high-confidence set of owners that we would be comfortable notifying via email.
Test plan: pytest + manual testing in tenant
* Add release notes
* Verify hyperparameters and update docs
* Add unit test for value-checking in _get_k
* Update release notes
* Manually apply diff in output of pre-commit check: use built-ins for type hints, set generators
---------
Co-authored-by: kball-pa <131012047+kball-pa@users.noreply.github.com>
Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com>
xsoar-bot
pushed a commit
to xsoar-contrib/content
that referenced
this pull request
Aug 2, 2023
* Update ranking algorithm for Service Ownership
Currently, we score and return all owners in ${alert.asmserviceowner} in sorted owners; instead, we want ${alert.asmserviceowner} to contain a smaller, high-confidence set of owners that we would be comfortable notifying via email.
Test plan: pytest + manual testing in tenant
* Add release notes
* Verify hyperparameters and update docs
* Add unit test for value-checking in _get_k
* Update release notes
* Manually apply diff in output of pre-commit check: use built-ins for type hints, set generators
---------
Co-authored-by: kball-pa <131012047+kball-pa@users.noreply.github.com>
Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Original External PR
external pull request
Contributor
@kball-pa
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
https://jira-hq.paloaltonetworks.local/browse/EXPANDR-4735
Description
Currently, we score and return all owners in ${alert.asmserviceowner} in sorted order. Some of these may be service accounts or other low-confidence users/owners that we don't want to notify.
This PR implements a ranking algorithm for Service Ownership that tries to find a smaller (targeting roughly ~5), high-confidence set of owners that we would be comfortable notifying via email. After the Service Ownership playbook runs, ${alert.asmserviceowner} will contain this smaller, high-confidence set, while ${alert.asmserviceownerunrankedraw} will contain the full set of (deduplicated) owners pulled during enrichment.
See unit tests for detailed specification for how the ranking algorithm works.
Test plan: pytest + manual testing in tenant (see JIRA ticket)
Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have