Add MITRE Att&ck tecnique #29366
Merged
Add MITRE Att&ck tecnique #29366
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
add the Technique output for function alert_data_to_xsoar_format
add default value if the key doesn't exist
|
|
content-bot
added
Community
Contribution Form Filled
|
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @RosenbergYehuda will know the proposed changes are ready to be reviewed. |
There was a problem hiding this comment.
Nice and neat work @baldo04!
I just would like to point out two points:
- As you can see in the github actions, some steps are failing. The reason for that is that there are unit tests that are based on the previous version and fail with your version.
Can you fix those tests please?
- Please add the release notes and update the pack metadata to the new version.
If anything in these comments is not clear enough, or you need help with them, please let me know.
Have a nice one:)
RosenbergYehuda
added
the
pending-contributor
the dictionary additionalData was inserted in the variable MOCKED_INCIDENT_ALERTS, where the techniques of the MITRE of the alarm is present
delete the wrong line
deleted of unused parameters
add the release notes
change currentVersion in 1.5.21
the file 1_5_21.md already exists
Added MITRE Att&ck information to output in **azure-sentinel-list-incident-alerts** command.
modify currentVersion in 1.5.22
add the contextPath: AzureSentinel.IncidentAlert.Tecniques
change the output of the dictonary "AdditionalData"
insert the Mitre info in test alert
insert the "Technique" key in the outputs
RosenbergYehuda
approved these changes
Sep 7, 2023
There was a problem hiding this comment.
Hello @baldo04,
Sorry for the delay in my response.
You did a great job, and the last validations that are failing are not related to your code so you can ignore it, and I will handle it.
I approved your contribution, and now it's time to move on and set up a live Demo, in which we will see the changes you made in live.
I will be happy to hear from you when is the best time for you, or if you would rather send me a recorded video of you running this command that you modified and see what it does, outputs, why we need it, etc.
Please let me know, and if you have questions, don't hesitate to contact me.
I wish you a wonderful weekend!
|
Hi @RosenbergYehuda, if you send me availability slots we can schedule so we can do the live demo. Thanks, Edoardo. |
RosenbergYehuda
approved these changes
Sep 14, 2023
There was a problem hiding this comment.
Hi Edoardo,
I previously sent you an email but didn't receive a response, so I'll communicate here instead. I have availability throughout most of the day next week. Could you please share your time zone with me? You can reach me via email at yrosenberg@paloaltonetworks.com or on Slack.
Thank you!
|
hi Yehuda,
Forgive me for not replying earlier.
My timezone is CEST, the only free slot I have this week is Friday at 9:00
CEST, if you are also free we can schedule the live demo.
Thanks, Edoardo.
Il giorno gio 14 set 2023 alle ore 14:27 Yehuda Rosenberg <
***@***.***> ha scritto:
… ***@***.**** approved this pull request.
Hi Edoardo,
I previously sent you an email but didn't receive a response, so I'll
communicate here instead. I have availability throughout most of the day
next week. Could you please share your time zone with me? You can reach me
via email at ***@***.*** or on Slack.
Thank you!
—
Reply to this email directly, view it on GitHub
<#29366 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGNIIUHMIX5RINX6ZJWOE7TX2LZ3LANCNFSM6AAAAAA4GBJ3MA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Hello Edoardo, Regrettably, we do not work on Fridays. Are you available during the upcoming week? Alternatively, if you prefer, you can record a session explaining how the integration worked without your involvement, what it lacked, and how it now functions with your contributions. |
|
I have a new free slot this week, thursday at 15:00 CEST.
Can this slot be okay?
Thanks, Edoardo.
Il giorno lun 18 set 2023 alle ore 12:00 Yehuda Rosenberg <
***@***.***> ha scritto:
… Hello Edoardo,
Regrettably, we do not work on Fridays. Are you available during the
upcoming week? Alternatively, if you prefer, you can record a session
explaining how the integration worked without your involvement, what it
lacked, and how it now functions with your contributions.
—
Reply to this email directly, view it on GitHub
<#29366 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGNIIUEEJPGHQ6MUXWOD53LX3ALVPANCNFSM6AAAAAA4GBJ3MA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
I sent you an invitation. |
Output documentation updated.
RosenbergYehuda
approved these changes
Sep 21, 2023
RosenbergYehuda
approved these changes
Sep 21, 2023
RosenbergYehuda
merged commit f675502
into
demisto:contrib/baldo04_master
20 of 23 checks passed
5 tasks
RosenbergYehuda
added a commit
that referenced
this pull request
Sep 21, 2023
* Add MITRE Att&ck tecnique (#29366) * Update AzureSentinel.py add the Technique output for function alert_data_to_xsoar_format * Update AzureSentinel.py add default value if the key doesn't exist * Update AzureSentinel_test.py the dictionary additionalData was inserted in the variable MOCKED_INCIDENT_ALERTS, where the techniques of the MITRE of the alarm is present * Update AzureSentinel_test.py delete the wrong line * Update AzureSentinel_test.py deleted of unused parameters * Create 1_5_21.md add the release notes * Update pack_metadata.json change currentVersion in 1.5.21 * Delete Packs/AzureSentinel/ReleaseNotes/1_5_21.md the file 1_5_21.md already exists * Modify output of **azure-sentinel-list-incident-alerts** command. Added MITRE Att&ck information to output in **azure-sentinel-list-incident-alerts** command. * Update pack_metadata.json modify currentVersion in 1.5.22 * Update AzureSentinel.yml add the contextPath: AzureSentinel.IncidentAlert.Tecniques * Update AzureSentinel_test.py change the output of the dictonary "AdditionalData" * Update expected_alerts.json insert the Mitre info in test alert * Update expected_alerts.json insert the "Technique" key in the outputs * Update README.md Output documentation updated. * Rename 1_5_22.md to 1_5_23.md * Update pack_metadata.json --------- Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com> * release notes * RN * pre commit * typo * RN --------- Co-authored-by: _eb <edoardobalducci@gmail.com> Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com>
wolyslager
pushed a commit
to wolyslager/content
that referenced
this pull request
Oct 2, 2023
* Add MITRE Att&ck tecnique (demisto#29366) * Update AzureSentinel.py add the Technique output for function alert_data_to_xsoar_format * Update AzureSentinel.py add default value if the key doesn't exist * Update AzureSentinel_test.py the dictionary additionalData was inserted in the variable MOCKED_INCIDENT_ALERTS, where the techniques of the MITRE of the alarm is present * Update AzureSentinel_test.py delete the wrong line * Update AzureSentinel_test.py deleted of unused parameters * Create 1_5_21.md add the release notes * Update pack_metadata.json change currentVersion in 1.5.21 * Delete Packs/AzureSentinel/ReleaseNotes/1_5_21.md the file 1_5_21.md already exists * Modify output of **azure-sentinel-list-incident-alerts** command. Added MITRE Att&ck information to output in **azure-sentinel-list-incident-alerts** command. * Update pack_metadata.json modify currentVersion in 1.5.22 * Update AzureSentinel.yml add the contextPath: AzureSentinel.IncidentAlert.Tecniques * Update AzureSentinel_test.py change the output of the dictonary "AdditionalData" * Update expected_alerts.json insert the Mitre info in test alert * Update expected_alerts.json insert the "Technique" key in the outputs * Update README.md Output documentation updated. * Rename 1_5_22.md to 1_5_23.md * Update pack_metadata.json --------- Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com> * release notes * RN * pre commit * typo * RN --------- Co-authored-by: _eb <edoardobalducci@gmail.com> Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com>
xsoar-bot
pushed a commit
to xsoar-contrib/content
that referenced
this pull request
Oct 5, 2023
* Add MITRE Att&ck tecnique (demisto#29366) * Update AzureSentinel.py add the Technique output for function alert_data_to_xsoar_format * Update AzureSentinel.py add default value if the key doesn't exist * Update AzureSentinel_test.py the dictionary additionalData was inserted in the variable MOCKED_INCIDENT_ALERTS, where the techniques of the MITRE of the alarm is present * Update AzureSentinel_test.py delete the wrong line * Update AzureSentinel_test.py deleted of unused parameters * Create 1_5_21.md add the release notes * Update pack_metadata.json change currentVersion in 1.5.21 * Delete Packs/AzureSentinel/ReleaseNotes/1_5_21.md the file 1_5_21.md already exists * Modify output of **azure-sentinel-list-incident-alerts** command. Added MITRE Att&ck information to output in **azure-sentinel-list-incident-alerts** command. * Update pack_metadata.json modify currentVersion in 1.5.22 * Update AzureSentinel.yml add the contextPath: AzureSentinel.IncidentAlert.Tecniques * Update AzureSentinel_test.py change the output of the dictonary "AdditionalData" * Update expected_alerts.json insert the Mitre info in test alert * Update expected_alerts.json insert the "Technique" key in the outputs * Update README.md Output documentation updated. * Rename 1_5_22.md to 1_5_23.md * Update pack_metadata.json --------- Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com> * release notes * RN * pre commit * typo * RN --------- Co-authored-by: _eb <edoardobalducci@gmail.com> Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
Related Issues
fixes: link to the issue
Description
Add MITRE Att&ck tecnique to the data returned by the command
azure-sentinel-list-incident-alertsMust have