Stamus integration v1.0.0 #29426
Merged
Stamus integration v1.0.0 #29426
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* packs: add stamus pack to xsoar content Implement a new set of commands to interact with Stamus Security Platform. * Stamus: remove dummy test * Stamus: use StamusIntegration prefix * Stamus: fix some descriptions * Stamus: update result to return markdown * Stamus: rename commands * Stamus: update pack metadata * Stamus: homogeneize message * Stamus: really basic README * Stamus: fix some linters warning * Stamus: import playbook and mapper * Stamus: more import Import Stamus' IncidentFields, IncidentFields and Layouts * Stamus: add playbook documentation * Stamus: more documentation * Stamus: add generated docs * Stamus: remove template comment * Stamus: use f-string * Stamus: simply test connection * Stamus: remove commented code * Stamus: docstring on escape function * Stamus: fix to have one context for each command * Stamus: refactoring * Stamus: remove useless code * Stamus: get default value in results if no results * Stamus: run demisto format on yaml files * Stamus: update README * Stamus: fix missing description and format * Stamus: fix following validation * Stamus: add missing playbook image * Stamus: remove marketplacev2 support * Stamus: fix info extraction in get DoC command * Stamus: use getter function Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Stamus: command should be lower case * Stamus: avoid double read of event * Stamus: little optimization * Stamus: add docstring * Stamus: remove not needed files * Stamus: add basic integration doc * Stamus: fix JSON format * Stamus: fix some name in playbook * Stamus: rename IOC params * Stamus: fix demisto sdk validation validation: demisto-sdk validate -i Packs/Stamus/IncidentTypes/incidenttype-Stamus_Networks.json validation: fix: demisto-sdk format -i /home/snuser/cortex/Packs/Stamus/IncidentTypes/incidenttype-Stamus_Networks.json * Stamus: fix params name gotten from conf * Stamus: fix stamus extra data playbook following new naming * Stamus: fix playbook ID * Stamus: Add descriptions * Stamus: move constants with other constants * Stamus: use getter function + fix linter * Stamus: use fstring * Stamus: unit tests impl * Stamus: remove template doc Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Stamus: add test data to secret-ignore * Stamus: fix event type * Stamus: update demisto docker image * Stamus: fix reference in classifier * Stamus: update README.md Runned demisto-sdk generate-docs -i Packs/Stamus/Integrations/Stamus/Stamus.yml and fixed the version string. * Stamus: fix linter error * Stamus: fix linter warning * Stamus: fix a playbook param * Stamus: fix key value * Stamus: set default value for incident * Stamus: update from version * Stamus: set default incoming mapper * Stamus: improve layout * Stamus: some more layout work * Stamus: use already defined fields * Stamus: don't extract indicators Most fields are information and we should not extract indicators. * Stamus: display threat info in layout * Stamus: don't try to display removed field * Stamus: add host first seen * Stamus: add host insight info in incident layout This is the first pass, we need to add the role. * Stamus: display major host insight information * Stamus: retry policy and fix a field Host insight info can be available after some time if ever the host has not be seen before. * Stamus: update to fix validation * Stamus: add description to mapper * Stamus: add integration as 'start time' user --------- Co-authored-by: Nicolas Frisoni <nfrisoni@stamus-networks.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Peter <pmanev@stamus-networks.com>
content-bot
added
Contribution
This PR was automatically updated by a GitHub Action
To stop automatic version bumps, add the |
…usNetworks_stamus-integration-v1.0.0
…usNetworks_stamus-integration-v1.0.0
…usNetworks_stamus-integration-v1.0.0
…usNetworks_stamus-integration-v1.0.0
…usNetworks_stamus-integration-v1.0.0
…usNetworks_stamus-integration-v1.0.0
GuyAfik
approved these changes
Sep 7, 2023
moishce
pushed a commit
that referenced
this pull request
Sep 14, 2023
* Stamus integration v1.0.0 (#26286) * packs: add stamus pack to xsoar content Implement a new set of commands to interact with Stamus Security Platform. * Stamus: remove dummy test * Stamus: use StamusIntegration prefix * Stamus: fix some descriptions * Stamus: update result to return markdown * Stamus: rename commands * Stamus: update pack metadata * Stamus: homogeneize message * Stamus: really basic README * Stamus: fix some linters warning * Stamus: import playbook and mapper * Stamus: more import Import Stamus' IncidentFields, IncidentFields and Layouts * Stamus: add playbook documentation * Stamus: more documentation * Stamus: add generated docs * Stamus: remove template comment * Stamus: use f-string * Stamus: simply test connection * Stamus: remove commented code * Stamus: docstring on escape function * Stamus: fix to have one context for each command * Stamus: refactoring * Stamus: remove useless code * Stamus: get default value in results if no results * Stamus: run demisto format on yaml files * Stamus: update README * Stamus: fix missing description and format * Stamus: fix following validation * Stamus: add missing playbook image * Stamus: remove marketplacev2 support * Stamus: fix info extraction in get DoC command * Stamus: use getter function Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Stamus: command should be lower case * Stamus: avoid double read of event * Stamus: little optimization * Stamus: add docstring * Stamus: remove not needed files * Stamus: add basic integration doc * Stamus: fix JSON format * Stamus: fix some name in playbook * Stamus: rename IOC params * Stamus: fix demisto sdk validation validation: demisto-sdk validate -i Packs/Stamus/IncidentTypes/incidenttype-Stamus_Networks.json validation: fix: demisto-sdk format -i /home/snuser/cortex/Packs/Stamus/IncidentTypes/incidenttype-Stamus_Networks.json * Stamus: fix params name gotten from conf * Stamus: fix stamus extra data playbook following new naming * Stamus: fix playbook ID * Stamus: Add descriptions * Stamus: move constants with other constants * Stamus: use getter function + fix linter * Stamus: use fstring * Stamus: unit tests impl * Stamus: remove template doc Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Stamus: add test data to secret-ignore * Stamus: fix event type * Stamus: update demisto docker image * Stamus: fix reference in classifier * Stamus: update README.md Runned demisto-sdk generate-docs -i Packs/Stamus/Integrations/Stamus/Stamus.yml and fixed the version string. * Stamus: fix linter error * Stamus: fix linter warning * Stamus: fix a playbook param * Stamus: fix key value * Stamus: set default value for incident * Stamus: update from version * Stamus: set default incoming mapper * Stamus: improve layout * Stamus: some more layout work * Stamus: use already defined fields * Stamus: don't extract indicators Most fields are information and we should not extract indicators. * Stamus: display threat info in layout * Stamus: don't try to display removed field * Stamus: add host first seen * Stamus: add host insight info in incident layout This is the first pass, we need to add the role. * Stamus: display major host insight information * Stamus: retry policy and fix a field Host insight info can be available after some time if ever the host has not be seen before. * Stamus: update to fix validation * Stamus: add description to mapper * Stamus: add integration as 'start time' user --------- Co-authored-by: Nicolas Frisoni <nfrisoni@stamus-networks.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Peter <pmanev@stamus-networks.com> * bump rn * rn * pre-commit * Bump pack from version CommonTypes to 3.3.85. * update mapper * bump rn * update rn * Empty-Commit * bump rn * ds108 validation fixes * fix validation * ds108 --------- Co-authored-by: Eric Leblond <eric@regit.org> Co-authored-by: Nicolas Frisoni <nfrisoni@stamus-networks.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Peter <pmanev@stamus-networks.com> Co-authored-by: GuyAfik <guyafik11@gmail.com> Co-authored-by: Content Bot <bot@demisto.com>
xsoar-bot
pushed a commit
to xsoar-contrib/content
that referenced
this pull request
Oct 5, 2023
* Stamus integration v1.0.0 (demisto#26286) * packs: add stamus pack to xsoar content Implement a new set of commands to interact with Stamus Security Platform. * Stamus: remove dummy test * Stamus: use StamusIntegration prefix * Stamus: fix some descriptions * Stamus: update result to return markdown * Stamus: rename commands * Stamus: update pack metadata * Stamus: homogeneize message * Stamus: really basic README * Stamus: fix some linters warning * Stamus: import playbook and mapper * Stamus: more import Import Stamus' IncidentFields, IncidentFields and Layouts * Stamus: add playbook documentation * Stamus: more documentation * Stamus: add generated docs * Stamus: remove template comment * Stamus: use f-string * Stamus: simply test connection * Stamus: remove commented code * Stamus: docstring on escape function * Stamus: fix to have one context for each command * Stamus: refactoring * Stamus: remove useless code * Stamus: get default value in results if no results * Stamus: run demisto format on yaml files * Stamus: update README * Stamus: fix missing description and format * Stamus: fix following validation * Stamus: add missing playbook image * Stamus: remove marketplacev2 support * Stamus: fix info extraction in get DoC command * Stamus: use getter function Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Stamus: command should be lower case * Stamus: avoid double read of event * Stamus: little optimization * Stamus: add docstring * Stamus: remove not needed files * Stamus: add basic integration doc * Stamus: fix JSON format * Stamus: fix some name in playbook * Stamus: rename IOC params * Stamus: fix demisto sdk validation validation: demisto-sdk validate -i Packs/Stamus/IncidentTypes/incidenttype-Stamus_Networks.json validation: fix: demisto-sdk format -i /home/snuser/cortex/Packs/Stamus/IncidentTypes/incidenttype-Stamus_Networks.json * Stamus: fix params name gotten from conf * Stamus: fix stamus extra data playbook following new naming * Stamus: fix playbook ID * Stamus: Add descriptions * Stamus: move constants with other constants * Stamus: use getter function + fix linter * Stamus: use fstring * Stamus: unit tests impl * Stamus: remove template doc Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Stamus: add test data to secret-ignore * Stamus: fix event type * Stamus: update demisto docker image * Stamus: fix reference in classifier * Stamus: update README.md Runned demisto-sdk generate-docs -i Packs/Stamus/Integrations/Stamus/Stamus.yml and fixed the version string. * Stamus: fix linter error * Stamus: fix linter warning * Stamus: fix a playbook param * Stamus: fix key value * Stamus: set default value for incident * Stamus: update from version * Stamus: set default incoming mapper * Stamus: improve layout * Stamus: some more layout work * Stamus: use already defined fields * Stamus: don't extract indicators Most fields are information and we should not extract indicators. * Stamus: display threat info in layout * Stamus: don't try to display removed field * Stamus: add host first seen * Stamus: add host insight info in incident layout This is the first pass, we need to add the role. * Stamus: display major host insight information * Stamus: retry policy and fix a field Host insight info can be available after some time if ever the host has not be seen before. * Stamus: update to fix validation * Stamus: add description to mapper * Stamus: add integration as 'start time' user --------- Co-authored-by: Nicolas Frisoni <nfrisoni@stamus-networks.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Peter <pmanev@stamus-networks.com> * bump rn * rn * pre-commit * Bump pack from version CommonTypes to 3.3.85. * update mapper * bump rn * update rn * Empty-Commit * bump rn * ds108 validation fixes * fix validation * ds108 --------- Co-authored-by: Eric Leblond <eric@regit.org> Co-authored-by: Nicolas Frisoni <nfrisoni@stamus-networks.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Peter <pmanev@stamus-networks.com> Co-authored-by: GuyAfik <guyafik11@gmail.com> Co-authored-by: Content Bot <bot@demisto.com>
tkatzir
pushed a commit
that referenced
this pull request
Dec 20, 2023
* Stamus integration v1.0.0 (#26286) * packs: add stamus pack to xsoar content Implement a new set of commands to interact with Stamus Security Platform. * Stamus: remove dummy test * Stamus: use StamusIntegration prefix * Stamus: fix some descriptions * Stamus: update result to return markdown * Stamus: rename commands * Stamus: update pack metadata * Stamus: homogeneize message * Stamus: really basic README * Stamus: fix some linters warning * Stamus: import playbook and mapper * Stamus: more import Import Stamus' IncidentFields, IncidentFields and Layouts * Stamus: add playbook documentation * Stamus: more documentation * Stamus: add generated docs * Stamus: remove template comment * Stamus: use f-string * Stamus: simply test connection * Stamus: remove commented code * Stamus: docstring on escape function * Stamus: fix to have one context for each command * Stamus: refactoring * Stamus: remove useless code * Stamus: get default value in results if no results * Stamus: run demisto format on yaml files * Stamus: update README * Stamus: fix missing description and format * Stamus: fix following validation * Stamus: add missing playbook image * Stamus: remove marketplacev2 support * Stamus: fix info extraction in get DoC command * Stamus: use getter function Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Stamus: command should be lower case * Stamus: avoid double read of event * Stamus: little optimization * Stamus: add docstring * Stamus: remove not needed files * Stamus: add basic integration doc * Stamus: fix JSON format * Stamus: fix some name in playbook * Stamus: rename IOC params * Stamus: fix demisto sdk validation validation: demisto-sdk validate -i Packs/Stamus/IncidentTypes/incidenttype-Stamus_Networks.json validation: fix: demisto-sdk format -i /home/snuser/cortex/Packs/Stamus/IncidentTypes/incidenttype-Stamus_Networks.json * Stamus: fix params name gotten from conf * Stamus: fix stamus extra data playbook following new naming * Stamus: fix playbook ID * Stamus: Add descriptions * Stamus: move constants with other constants * Stamus: use getter function + fix linter * Stamus: use fstring * Stamus: unit tests impl * Stamus: remove template doc Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Stamus: add test data to secret-ignore * Stamus: fix event type * Stamus: update demisto docker image * Stamus: fix reference in classifier * Stamus: update README.md Runned demisto-sdk generate-docs -i Packs/Stamus/Integrations/Stamus/Stamus.yml and fixed the version string. * Stamus: fix linter error * Stamus: fix linter warning * Stamus: fix a playbook param * Stamus: fix key value * Stamus: set default value for incident * Stamus: update from version * Stamus: set default incoming mapper * Stamus: improve layout * Stamus: some more layout work * Stamus: use already defined fields * Stamus: don't extract indicators Most fields are information and we should not extract indicators. * Stamus: display threat info in layout * Stamus: don't try to display removed field * Stamus: add host first seen * Stamus: add host insight info in incident layout This is the first pass, we need to add the role. * Stamus: display major host insight information * Stamus: retry policy and fix a field Host insight info can be available after some time if ever the host has not be seen before. * Stamus: update to fix validation * Stamus: add description to mapper * Stamus: add integration as 'start time' user --------- Co-authored-by: Nicolas Frisoni <nfrisoni@stamus-networks.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Peter <pmanev@stamus-networks.com> * bump rn * rn * pre-commit * Bump pack from version CommonTypes to 3.3.85. * update mapper * bump rn * update rn * Empty-Commit * bump rn * ds108 validation fixes * fix validation * ds108 --------- Co-authored-by: Eric Leblond <eric@regit.org> Co-authored-by: Nicolas Frisoni <nfrisoni@stamus-networks.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Peter <pmanev@stamus-networks.com> Co-authored-by: GuyAfik <guyafik11@gmail.com> Co-authored-by: Content Bot <bot@demisto.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Original External PR
external pull request
Contributor
@regit
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
Linked issue: https://github.com/demisto/content/issues/26285
Description
This integration provides interaction with Stamus Security Platform. It provides a way to fetch detection from the solution and
also getting information and context from the Stamus Security Platform.
Screenshots
Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have