New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add MITRE Att&ck tecnique #29366
Add MITRE Att&ck tecnique #29366
Conversation
add the Technique output for function alert_data_to_xsoar_format
add default value if the key doesn't exist
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @RosenbergYehuda will know the proposed changes are ready to be reviewed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice and neat work @baldo04!
I just would like to point out two points:
- As you can see in the github actions, some steps are failing. The reason for that is that there are unit tests that are based on the previous version and fail with your version.
Can you fix those tests please?
- Please add the release notes and update the pack metadata to the new version.
If anything in these comments is not clear enough, or you need help with them, please let me know.
Have a nice one:)
the dictionary additionalData was inserted in the variable MOCKED_INCIDENT_ALERTS, where the techniques of the MITRE of the alarm is present
delete the wrong line
deleted of unused parameters
add the release notes
change currentVersion in 1.5.21
the file 1_5_21.md already exists
Added MITRE Att&ck information to output in **azure-sentinel-list-incident-alerts** command.
modify currentVersion in 1.5.22
add the contextPath: AzureSentinel.IncidentAlert.Tecniques
change the output of the dictonary "AdditionalData"
insert the Mitre info in test alert
insert the "Technique" key in the outputs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello @baldo04,
Sorry for the delay in my response.
You did a great job, and the last validations that are failing are not related to your code so you can ignore it, and I will handle it.
I approved your contribution, and now it's time to move on and set up a live Demo, in which we will see the changes you made in live.
I will be happy to hear from you when is the best time for you, or if you would rather send me a recorded video of you running this command that you modified and see what it does, outputs, why we need it, etc.
Please let me know, and if you have questions, don't hesitate to contact me.
I wish you a wonderful weekend!
Hi @RosenbergYehuda, if you send me availability slots we can schedule so we can do the live demo. Thanks, Edoardo. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi Edoardo,
I previously sent you an email but didn't receive a response, so I'll communicate here instead. I have availability throughout most of the day next week. Could you please share your time zone with me? You can reach me via email at yrosenberg@paloaltonetworks.com or on Slack.
Thank you!
hi Yehuda,
Forgive me for not replying earlier.
My timezone is CEST, the only free slot I have this week is Friday at 9:00
CEST, if you are also free we can schedule the live demo.
Thanks, Edoardo.
Il giorno gio 14 set 2023 alle ore 14:27 Yehuda Rosenberg <
***@***.***> ha scritto:
… ***@***.**** approved this pull request.
Hi Edoardo,
I previously sent you an email but didn't receive a response, so I'll
communicate here instead. I have availability throughout most of the day
next week. Could you please share your time zone with me? You can reach me
via email at ***@***.*** or on Slack.
Thank you!
—
Reply to this email directly, view it on GitHub
<#29366 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGNIIUHMIX5RINX6ZJWOE7TX2LZ3LANCNFSM6AAAAAA4GBJ3MA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Hello Edoardo, Regrettably, we do not work on Fridays. Are you available during the upcoming week? Alternatively, if you prefer, you can record a session explaining how the integration worked without your involvement, what it lacked, and how it now functions with your contributions. |
I have a new free slot this week, thursday at 15:00 CEST.
Can this slot be okay?
Thanks, Edoardo.
Il giorno lun 18 set 2023 alle ore 12:00 Yehuda Rosenberg <
***@***.***> ha scritto:
… Hello Edoardo,
Regrettably, we do not work on Fridays. Are you available during the
upcoming week? Alternatively, if you prefer, you can record a session
explaining how the integration worked without your involvement, what it
lacked, and how it now functions with your contributions.
—
Reply to this email directly, view it on GitHub
<#29366 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGNIIUEEJPGHQ6MUXWOD53LX3ALVPANCNFSM6AAAAAA4GBJ3MA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
I sent you an invitation. |
Output documentation updated.
f675502
into
demisto:contrib/baldo04_master
* Add MITRE Att&ck tecnique (#29366) * Update AzureSentinel.py add the Technique output for function alert_data_to_xsoar_format * Update AzureSentinel.py add default value if the key doesn't exist * Update AzureSentinel_test.py the dictionary additionalData was inserted in the variable MOCKED_INCIDENT_ALERTS, where the techniques of the MITRE of the alarm is present * Update AzureSentinel_test.py delete the wrong line * Update AzureSentinel_test.py deleted of unused parameters * Create 1_5_21.md add the release notes * Update pack_metadata.json change currentVersion in 1.5.21 * Delete Packs/AzureSentinel/ReleaseNotes/1_5_21.md the file 1_5_21.md already exists * Modify output of **azure-sentinel-list-incident-alerts** command. Added MITRE Att&ck information to output in **azure-sentinel-list-incident-alerts** command. * Update pack_metadata.json modify currentVersion in 1.5.22 * Update AzureSentinel.yml add the contextPath: AzureSentinel.IncidentAlert.Tecniques * Update AzureSentinel_test.py change the output of the dictonary "AdditionalData" * Update expected_alerts.json insert the Mitre info in test alert * Update expected_alerts.json insert the "Technique" key in the outputs * Update README.md Output documentation updated. * Rename 1_5_22.md to 1_5_23.md * Update pack_metadata.json --------- Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com> * release notes * RN * pre commit * typo * RN --------- Co-authored-by: _eb <edoardobalducci@gmail.com> Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com>
* Add MITRE Att&ck tecnique (demisto#29366) * Update AzureSentinel.py add the Technique output for function alert_data_to_xsoar_format * Update AzureSentinel.py add default value if the key doesn't exist * Update AzureSentinel_test.py the dictionary additionalData was inserted in the variable MOCKED_INCIDENT_ALERTS, where the techniques of the MITRE of the alarm is present * Update AzureSentinel_test.py delete the wrong line * Update AzureSentinel_test.py deleted of unused parameters * Create 1_5_21.md add the release notes * Update pack_metadata.json change currentVersion in 1.5.21 * Delete Packs/AzureSentinel/ReleaseNotes/1_5_21.md the file 1_5_21.md already exists * Modify output of **azure-sentinel-list-incident-alerts** command. Added MITRE Att&ck information to output in **azure-sentinel-list-incident-alerts** command. * Update pack_metadata.json modify currentVersion in 1.5.22 * Update AzureSentinel.yml add the contextPath: AzureSentinel.IncidentAlert.Tecniques * Update AzureSentinel_test.py change the output of the dictonary "AdditionalData" * Update expected_alerts.json insert the Mitre info in test alert * Update expected_alerts.json insert the "Technique" key in the outputs * Update README.md Output documentation updated. * Rename 1_5_22.md to 1_5_23.md * Update pack_metadata.json --------- Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com> * release notes * RN * pre commit * typo * RN --------- Co-authored-by: _eb <edoardobalducci@gmail.com> Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com>
* Add MITRE Att&ck tecnique (demisto#29366) * Update AzureSentinel.py add the Technique output for function alert_data_to_xsoar_format * Update AzureSentinel.py add default value if the key doesn't exist * Update AzureSentinel_test.py the dictionary additionalData was inserted in the variable MOCKED_INCIDENT_ALERTS, where the techniques of the MITRE of the alarm is present * Update AzureSentinel_test.py delete the wrong line * Update AzureSentinel_test.py deleted of unused parameters * Create 1_5_21.md add the release notes * Update pack_metadata.json change currentVersion in 1.5.21 * Delete Packs/AzureSentinel/ReleaseNotes/1_5_21.md the file 1_5_21.md already exists * Modify output of **azure-sentinel-list-incident-alerts** command. Added MITRE Att&ck information to output in **azure-sentinel-list-incident-alerts** command. * Update pack_metadata.json modify currentVersion in 1.5.22 * Update AzureSentinel.yml add the contextPath: AzureSentinel.IncidentAlert.Tecniques * Update AzureSentinel_test.py change the output of the dictonary "AdditionalData" * Update expected_alerts.json insert the Mitre info in test alert * Update expected_alerts.json insert the "Technique" key in the outputs * Update README.md Output documentation updated. * Rename 1_5_22.md to 1_5_23.md * Update pack_metadata.json --------- Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com> * release notes * RN * pre commit * typo * RN --------- Co-authored-by: _eb <edoardobalducci@gmail.com> Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com>
Status
Related Issues
fixes: link to the issue
Description
Add MITRE Att&ck tecnique to the data returned by the command
azure-sentinel-list-incident-alerts
Must have