New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CrowdStrike Falcon Horizon CSPM Enhancement #29716
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dorschw
reviewed
Sep 19, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Impressive!
Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py
Outdated
Show resolved
Hide resolved
Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py
Outdated
Show resolved
Hide resolved
Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py
Outdated
Show resolved
Hide resolved
Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py
Outdated
Show resolved
Hide resolved
Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py
Outdated
Show resolved
Hide resolved
Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml
Outdated
Show resolved
Hide resolved
Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon_test.py
Outdated
Show resolved
Hide resolved
Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon_test.py
Outdated
Show resolved
Hide resolved
Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon_test.py
Show resolved
Hide resolved
Packs/CrowdStrikeFalcon/Scripts/ConvertEnrichmentsToTable/ConvertEnrichmentsToTable.py
Outdated
Show resolved
Hide resolved
…rowdstrike-falzon-horizon
…rowdstrike-falzon-horizon
Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml
Outdated
Show resolved
Hide resolved
Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml
Outdated
Show resolved
Hide resolved
Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml
Outdated
Show resolved
Hide resolved
Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml
Outdated
Show resolved
Hide resolved
Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml
Outdated
Show resolved
Hide resolved
Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml
Show resolved
Hide resolved
Why there is no lookback support for the new incidents? |
…rowdstrike-falzon-horizon
…rowdstrike-falzon-horizon
…rowdstrike-falzon-horizon
…misto/content into ay-crowdstrike-falzon-horizon
…rowdstrike-falzon-horizon
…rowdstrike-falzon-horizon
dorschw
approved these changes
Oct 1, 2023
Force merging, accepting the change in the mapper |
wolyslager
pushed a commit
to wolyslager/content
that referenced
this pull request
Oct 2, 2023
* Fixing fetch unit tests * Added unit tests, need to add documentation * Added docstrings to unit tests * Removed trace-id * Removed Test from yml * Added context data to commands * Updated fromVerion in incident fields * Fixed format errors * Added README to scripts * Added commands to README * Added RNs * Restore pack README * Restore pack README * Update pack-ignore * Added docstrings to .py file * Updated TPB, Layout * Revert TPB * Added fetch incidents to README.md * Added more documentation * Update Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Almost done with CR * Increased timeout of TPB, added commands to TPB * Added docs comments * Fixed pre-commit errors * Updated docker image in RNs * Removed unecessary package * Added to secrets ignore * Fixed desriptions * Fixed indentation * Removed unnecessary tests * Fixed conflcts * Fixed incident fields names * Increased timeout * Increased timeout of task in test playbook * Added Service Type to incident fields and mappers * Added unit tests to scripts * Improved documentation of unit tests * Fixed unit tests imports * Added named parameters to unit tests * Added new lines to scripts unit tests * Added handling if last fetch filter is empty * Remove unnecessary import * Removed incorrect incident field from mapper * Reverted old RNs changes * Update 1_11_11.md * Reverted old RNs changes * Removed updated docker image from RN * Update 1_11_11.md * Refactored lots of code, unit tests passed :) * Updated docs wording * Fixed pre-commit error * Removed unnecessary extend to previous fetched ids * Changed pack version to minor * Deleted unnecessary arguments * Kept mechansim of extned * Fixed pre-commit * Updated docker images * Fixed argument position * Passed is_paginating bool to check whether we are doing pagination or not * Added is_paginating to if statement --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
xsoar-bot
pushed a commit
to xsoar-contrib/content
that referenced
this pull request
Oct 5, 2023
* Fixing fetch unit tests * Added unit tests, need to add documentation * Added docstrings to unit tests * Removed trace-id * Removed Test from yml * Added context data to commands * Updated fromVerion in incident fields * Fixed format errors * Added README to scripts * Added commands to README * Added RNs * Restore pack README * Restore pack README * Update pack-ignore * Added docstrings to .py file * Updated TPB, Layout * Revert TPB * Added fetch incidents to README.md * Added more documentation * Update Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Almost done with CR * Increased timeout of TPB, added commands to TPB * Added docs comments * Fixed pre-commit errors * Updated docker image in RNs * Removed unecessary package * Added to secrets ignore * Fixed desriptions * Fixed indentation * Removed unnecessary tests * Fixed conflcts * Fixed incident fields names * Increased timeout * Increased timeout of task in test playbook * Added Service Type to incident fields and mappers * Added unit tests to scripts * Improved documentation of unit tests * Fixed unit tests imports * Added named parameters to unit tests * Added new lines to scripts unit tests * Added handling if last fetch filter is empty * Remove unnecessary import * Removed incorrect incident field from mapper * Reverted old RNs changes * Update 1_11_11.md * Reverted old RNs changes * Removed updated docker image from RN * Update 1_11_11.md * Refactored lots of code, unit tests passed :) * Updated docs wording * Fixed pre-commit error * Removed unnecessary extend to previous fetched ids * Changed pack version to minor * Deleted unnecessary arguments * Kept mechansim of extned * Fixed pre-commit * Updated docker images * Fixed argument position * Passed is_paginating bool to check whether we are doing pagination or not * Added is_paginating to if statement --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
sapirshuker
pushed a commit
that referenced
this pull request
Dec 21, 2023
* Fixing fetch unit tests * Added unit tests, need to add documentation * Added docstrings to unit tests * Removed trace-id * Removed Test from yml * Added context data to commands * Updated fromVerion in incident fields * Fixed format errors * Added README to scripts * Added commands to README * Added RNs * Restore pack README * Restore pack README * Update pack-ignore * Added docstrings to .py file * Updated TPB, Layout * Revert TPB * Added fetch incidents to README.md * Added more documentation * Update Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Almost done with CR * Increased timeout of TPB, added commands to TPB * Added docs comments * Fixed pre-commit errors * Updated docker image in RNs * Removed unecessary package * Added to secrets ignore * Fixed desriptions * Fixed indentation * Removed unnecessary tests * Fixed conflcts * Fixed incident fields names * Increased timeout * Increased timeout of task in test playbook * Added Service Type to incident fields and mappers * Added unit tests to scripts * Improved documentation of unit tests * Fixed unit tests imports * Added named parameters to unit tests * Added new lines to scripts unit tests * Added handling if last fetch filter is empty * Remove unnecessary import * Removed incorrect incident field from mapper * Reverted old RNs changes * Update 1_11_11.md * Reverted old RNs changes * Removed updated docker image from RN * Update 1_11_11.md * Refactored lots of code, unit tests passed :) * Updated docs wording * Fixed pre-commit error * Removed unnecessary extend to previous fetched ids * Changed pack version to minor * Deleted unnecessary arguments * Kept mechansim of extned * Fixed pre-commit * Updated docker images * Fixed argument position * Passed is_paginating bool to check whether we are doing pagination or not * Added is_paginating to if statement --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
Related Issues
fixes: https://jira-hq.paloaltonetworks.local/browse/CIAC-3855
Description
Added 4 new commands, and new incident types, with fetching mechanism for them.
This PR will have to be force merged, explanation
Must have