New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mandiant Threat Intelligence - Use Local Filtering #29724
Mandiant Threat Intelligence - Use Local Filtering #29724
Conversation
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @MichaelYochpaz will know the proposed changes are ready to be reviewed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey, thank you for the contribution.
Looks pretty good overall. Left a few minor notes.
...ence/Integrations/MandiantAdvantageThreatIntelligence/MandiantAdvantageThreatIntelligence.py
Outdated
Show resolved
Hide resolved
...ence/Integrations/MandiantAdvantageThreatIntelligence/MandiantAdvantageThreatIntelligence.py
Outdated
Show resolved
Hide resolved
...ence/Integrations/MandiantAdvantageThreatIntelligence/MandiantAdvantageThreatIntelligence.py
Outdated
Show resolved
Hide resolved
...ence/Integrations/MandiantAdvantageThreatIntelligence/MandiantAdvantageThreatIntelligence.py
Outdated
Show resolved
Hide resolved
...ence/Integrations/MandiantAdvantageThreatIntelligence/MandiantAdvantageThreatIntelligence.py
Outdated
Show resolved
Hide resolved
Thanks for the feedback! It's all been addressed, please let me know if you've got any other comments or concerns. |
For the Reviewer: Successfully created a pipeline in Gitlab with url: https://code.pan.run/xsoar/content/-/pipelines/6425096 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, good job :)
49925c9
into
demisto:contrib/chrishultin_mati_local_filter
* Mandiant Threat Intelligence - Use Local Filtering (#29724) * Using local filtering to ensure that data doesn't become orphaned * Bump docker version * add missing periods * release notes * Addressing feedback * Missing space --------- Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com> * Update Docker version --------- Co-authored-by: Christopher Hultin <chrishultin@google.com> Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
* Mandiant Threat Intelligence - Use Local Filtering (demisto#29724) * Using local filtering to ensure that data doesn't become orphaned * Bump docker version * add missing periods * release notes * Addressing feedback * Missing space --------- Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com> * Update Docker version --------- Co-authored-by: Christopher Hultin <chrishultin@google.com> Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
* Mandiant Threat Intelligence - Use Local Filtering (demisto#29724) * Using local filtering to ensure that data doesn't become orphaned * Bump docker version * add missing periods * release notes * Addressing feedback * Missing space --------- Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com> * Update Docker version --------- Co-authored-by: Christopher Hultin <chrishultin@google.com> Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
* Mandiant Threat Intelligence - Use Local Filtering (demisto#29724) * Using local filtering to ensure that data doesn't become orphaned * Bump docker version * add missing periods * release notes * Addressing feedback * Missing space --------- Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com> * Update Docker version --------- Co-authored-by: Christopher Hultin <chrishultin@google.com> Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
* Mandiant Threat Intelligence - Use Local Filtering (demisto#29724) * Using local filtering to ensure that data doesn't become orphaned * Bump docker version * add missing periods * release notes * Addressing feedback * Missing space --------- Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com> * Update Docker version --------- Co-authored-by: Christopher Hultin <chrishultin@google.com> Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
* Mandiant Threat Intelligence - Use Local Filtering (#29724) * Using local filtering to ensure that data doesn't become orphaned * Bump docker version * add missing periods * release notes * Addressing feedback * Missing space --------- Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com> * Update Docker version --------- Co-authored-by: Christopher Hultin <chrishultin@google.com> Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
* Mandiant Threat Intelligence - Use Local Filtering (#29724) * Using local filtering to ensure that data doesn't become orphaned * Bump docker version * add missing periods * release notes * Addressing feedback * Missing space --------- Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com> * Update Docker version --------- Co-authored-by: Christopher Hultin <chrishultin@google.com> Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
fixes: link to the issue
Description
Use local filtering in MATI integration in order to ensure that updates to indicator information are retrieved, even if they no longer fit the "search" criteria in use. (e.g. an indicator is created as "malicious", but is later marked as "benign". Previous versions would ignore the "benign" update)
Must have