New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trend micro vision one #30157
Trend micro vision one #30157
Conversation
Potentially harmful
…release notes and TrendMicroVisionOne.yml
… get result of file entry analysis status
…ubmission-polling
Added hints for command execution order
Updated Notes for better readability.
Updated README.md for better readability.
…ndbox and sandbox submission polling command
Added link to supported file types in submit file to sandbox and submit file entry to sandbox.
…st_data folder with mock responses
I have completed the aforementioned tasks. |
@shaqnawe |
For the Reviewer: Successfully created a pipeline in Gitlab with url: https://code.pan.run/xsoar/content/-/pipelines/6960728 |
For the Reviewer: Successfully created a pipeline in Gitlab with url: https://code.pan.run/xsoar/content/-/pipelines/6960727 |
I'm available today and tomorrow. Can you send me a link to your calendar invite for available times? |
@ilappe I'm available today (10/27) from 1PM-8PM CST and tomorrow (10/28) 9AM-6PM CST. |
@ilappe Thank you for the call today, I'm finishing updating the yml file and I should be done. The README.md preview extension I'm using is called Markdown Preview Enhanced, hope that helps. |
…ded isArray for context inputs and also updated README.md accordingly.
@shaqnawe - thank you for the demo! Great! |
I will go ahead and make the change then. Thank you. |
@ilappe I have made the suggested change. |
For the Reviewer: Successfully created a pipeline in Gitlab with url: https://code.pan.run/xsoar/content/-/pipelines/7094412 |
…te was not being set correctly.
Hey @ilappe I made a change to fix a bug where incidents were duplicated because the end date time was not being set correctly. Additionally I updated incidentSeverity parameter to incident_severity. |
057f8ea
into
demisto:contrib/shaqnawe_TrendMicroVisionOne
* Trend micro vision one (#30157) * removed microsocks Potentially harmful * imported urllib3 and removed reference to requests.packages. Updated release notes and TrendMicroVisionOne.yml * added action to add file entry from incident to sandbox and action to get result of file entry analysis status * removed redundant action to check sandbox submission status * added polling command for sandbox submissions * added unit tests for file entry to sandbox and polling for sandbox submissions * added unit tests for submit file entry and sandbox polling command * updated yml to include submit-file-entry-to-sandbox and run-sandbox-submission-polling * Update README.md Added hints for command execution order * Update README.md Updated Notes for better readability. * Update README.md Updated README.md for better readability. * updated release notes to indicate addition of submit file entry to sandbox and sandbox submission polling command * formatted files per XSOAR standards * Added command examples for V2 actions * added test_data folder containing example responses * Update README.md Added link to supported file types in submit file to sandbox and submit file entry to sandbox. * removed unused mock test case for submit file entry to sandbox and test_data folder with mock responses * Added submit file entry to sandbox and run sandbox submission polling and their respective unit tests and command_examples * added demosti.patch.object to get custom data for demisto.getFilePath in submit file entry to sandbox * updated polling comamnd per XSOAR standards and updated YAML to include polling in sandbox submissing polling command root * TrendMicroVisionOne_description * updated sandbox submission command example to include polling arg * updated yml to include polling in root of sandbox submission polling * removed unused variable declarations * updated doc string for sandbox submission polling * updated min server version to 6.2.0 in sandbox polling unit test * updated if check to differentiate between cmd instead of args * added dbotscore for sandbox submissions status and sandbox polling commands * added doc string for dbot severity helper function * Updated Vendor Name to match integration pack * updated risk to look for obj instead of str and updated release notes and updated docker image version * added dbotscore to VisionOne context data and updated YML and README.md accordingly * small context output fix * Update 1_3_0.md * updated description in YML for V3. * added pagination for suspicious/exception list as well as endpoint info and fetch incidents * updated unit test for endpoint info * updated README.md to reflect name change for 3 context outputs in get endpoint info * reverted change for get endpoint info to ensure backwards compatibility * updated docker python image in release notes * Update docker image. * Update RN. * Remove main function from unit test coverage. * corrected delete from suspicious list endpoint * updated docker image to latest per circleci test * fixed precommit error of implicitly concatenated string in regex for macaddress validation * fixed precommit error of implicitly concatenated string in regex for ipv6 validation * updated Release Notes * Add pytmv1 devdemisto image for testing * updated all actions to use pytmv1 library * added 2 new actions (get alert details and submit urls to sandbox) * updated to declare pytmv1 directly in actions instead of passing in action calls * removed commented code for pytmv1 initialization. * updated actions using pytmv1 library * added variable names for replace args and updated isolate and restore endpoint table vars * updated yml for all actions and added return_error condition for all actions * removed unused message vars * updated unit tests and added test_data folder with mock responses. * updated check_task_status unit test with correct params * updated base url for unit tests * updated var declarations to compatible union type * ran format command to format yml file * updated release notes * validated yml file * added missing default value for polling * removed commented code and wrapped digest values * added endpoint and email activity data actions and their fetch count helper functions respectively. * added unit tests for endpoint and email activity data * updated yml to include context outputs for endpoint and email activity data, added respective command examples and updated README.md * updated get_activity_data_count param for respective actions * updated README.md * added severity filter to fetch incidents * added dbotMirrorId and details to incident, added 'any' option for incident severity types and updated yml file for incidentSeverity. * added any string literal with var * updated README.md to indicate addition of 2 new actions. * updated docstrings and added comments * added comments for workbench histories and updated status check to include task class type to fetch the final task response. * removed unused vars * formatted and validated yml and README.md * updated yml for exception and suspicious list actions to correct the context outputs and updated README.md to match * updated docker image to match demsito-docker image and updated relase notes per demisto XSOAR standards. * added tmv1 url and various IPs to secrets-ignore. * updated return type for get_task_type * updated test connectivity and updated self.app reference to APP_NAME variable. * updated yml and generated new README.md * updated file path default value * updated command_examples and updated args to reference collect_files variable in collect_file action * updated yml and generated new readme, also ran command to update release notes with -bc flag * fixed submit file to sandbox unit test * Update docker image in TrendMicroVisionOneV3.yml * added breaking changes details to ReleaseNotes->4_0_0.json * Update 4_0_0.md * corrected breaking changes json file * enabled network for docker unit tests and added type:ignore for poll_time_sec * updated docker image tag to 0.6.2.79742 * updated context output for sandbox submission polling to remove report_id duplicate and replace with type. * updated 32 unit tests and added email and endpoint activity actions * corrected submit_file_to_sandbox unit test * updated yml and README.md * removed commented out code for test get endpoint information * updated endpoint and email activity data count command names and updated yml and README * added missing white space for table heading * fixed import for endpoint and email activity data * updated secretes-ignore list * updated unit test for get_endpoint_info and update dockerimage to newest. * removed top var from endpoint and email activity data count actions and updated yml and README.md accordingly. * fixed docker image tag in release notes * corrected remaining Ruff errors * added if check for str to use json loads and added input examples. Added isArray for context inputs and also updated README.md accordingly. * Added query op detailed description and examples. * replaced str if check and replaced with in-built safe_load_json method. * updated docker image to latest * Update 4_0_0.md * fixed fetch incident bug where duplicates were fetched because end date was not being set correctly. --------- Co-authored-by: yaakovpraisler <ypreisler@paloaltonetworks.com> Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> Co-authored-by: Kobbi Gal <85439776+kgal-pan@users.noreply.github.com> Co-authored-by: Israel Lappe <79846863+ilappe@users.noreply.github.com> * remove pass * update docker --------- Co-authored-by: shaqnawe <shaktishah40@gmail.com> Co-authored-by: yaakovpraisler <ypreisler@paloaltonetworks.com> Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> Co-authored-by: Kobbi Gal <85439776+kgal-pan@users.noreply.github.com> Co-authored-by: Israel Lappe <79846863+ilappe@users.noreply.github.com> Co-authored-by: ilappe <ilappe@paloaltonetworks.com>
* Trend micro vision one (#30157) * removed microsocks Potentially harmful * imported urllib3 and removed reference to requests.packages. Updated release notes and TrendMicroVisionOne.yml * added action to add file entry from incident to sandbox and action to get result of file entry analysis status * removed redundant action to check sandbox submission status * added polling command for sandbox submissions * added unit tests for file entry to sandbox and polling for sandbox submissions * added unit tests for submit file entry and sandbox polling command * updated yml to include submit-file-entry-to-sandbox and run-sandbox-submission-polling * Update README.md Added hints for command execution order * Update README.md Updated Notes for better readability. * Update README.md Updated README.md for better readability. * updated release notes to indicate addition of submit file entry to sandbox and sandbox submission polling command * formatted files per XSOAR standards * Added command examples for V2 actions * added test_data folder containing example responses * Update README.md Added link to supported file types in submit file to sandbox and submit file entry to sandbox. * removed unused mock test case for submit file entry to sandbox and test_data folder with mock responses * Added submit file entry to sandbox and run sandbox submission polling and their respective unit tests and command_examples * added demosti.patch.object to get custom data for demisto.getFilePath in submit file entry to sandbox * updated polling comamnd per XSOAR standards and updated YAML to include polling in sandbox submissing polling command root * TrendMicroVisionOne_description * updated sandbox submission command example to include polling arg * updated yml to include polling in root of sandbox submission polling * removed unused variable declarations * updated doc string for sandbox submission polling * updated min server version to 6.2.0 in sandbox polling unit test * updated if check to differentiate between cmd instead of args * added dbotscore for sandbox submissions status and sandbox polling commands * added doc string for dbot severity helper function * Updated Vendor Name to match integration pack * updated risk to look for obj instead of str and updated release notes and updated docker image version * added dbotscore to VisionOne context data and updated YML and README.md accordingly * small context output fix * Update 1_3_0.md * updated description in YML for V3. * added pagination for suspicious/exception list as well as endpoint info and fetch incidents * updated unit test for endpoint info * updated README.md to reflect name change for 3 context outputs in get endpoint info * reverted change for get endpoint info to ensure backwards compatibility * updated docker python image in release notes * Update docker image. * Update RN. * Remove main function from unit test coverage. * corrected delete from suspicious list endpoint * updated docker image to latest per circleci test * fixed precommit error of implicitly concatenated string in regex for macaddress validation * fixed precommit error of implicitly concatenated string in regex for ipv6 validation * updated Release Notes * Add pytmv1 devdemisto image for testing * updated all actions to use pytmv1 library * added 2 new actions (get alert details and submit urls to sandbox) * updated to declare pytmv1 directly in actions instead of passing in action calls * removed commented code for pytmv1 initialization. * updated actions using pytmv1 library * added variable names for replace args and updated isolate and restore endpoint table vars * updated yml for all actions and added return_error condition for all actions * removed unused message vars * updated unit tests and added test_data folder with mock responses. * updated check_task_status unit test with correct params * updated base url for unit tests * updated var declarations to compatible union type * ran format command to format yml file * updated release notes * validated yml file * added missing default value for polling * removed commented code and wrapped digest values * added endpoint and email activity data actions and their fetch count helper functions respectively. * added unit tests for endpoint and email activity data * updated yml to include context outputs for endpoint and email activity data, added respective command examples and updated README.md * updated get_activity_data_count param for respective actions * updated README.md * added severity filter to fetch incidents * added dbotMirrorId and details to incident, added 'any' option for incident severity types and updated yml file for incidentSeverity. * added any string literal with var * updated README.md to indicate addition of 2 new actions. * updated docstrings and added comments * added comments for workbench histories and updated status check to include task class type to fetch the final task response. * removed unused vars * formatted and validated yml and README.md * updated yml for exception and suspicious list actions to correct the context outputs and updated README.md to match * updated docker image to match demsito-docker image and updated relase notes per demisto XSOAR standards. * added tmv1 url and various IPs to secrets-ignore. * updated return type for get_task_type * updated test connectivity and updated self.app reference to APP_NAME variable. * updated yml and generated new README.md * updated file path default value * updated command_examples and updated args to reference collect_files variable in collect_file action * updated yml and generated new readme, also ran command to update release notes with -bc flag * fixed submit file to sandbox unit test * Update docker image in TrendMicroVisionOneV3.yml * added breaking changes details to ReleaseNotes->4_0_0.json * Update 4_0_0.md * corrected breaking changes json file * enabled network for docker unit tests and added type:ignore for poll_time_sec * updated docker image tag to 0.6.2.79742 * updated context output for sandbox submission polling to remove report_id duplicate and replace with type. * updated 32 unit tests and added email and endpoint activity actions * corrected submit_file_to_sandbox unit test * updated yml and README.md * removed commented out code for test get endpoint information * updated endpoint and email activity data count command names and updated yml and README * added missing white space for table heading * fixed import for endpoint and email activity data * updated secretes-ignore list * updated unit test for get_endpoint_info and update dockerimage to newest. * removed top var from endpoint and email activity data count actions and updated yml and README.md accordingly. * fixed docker image tag in release notes * corrected remaining Ruff errors * added if check for str to use json loads and added input examples. Added isArray for context inputs and also updated README.md accordingly. * Added query op detailed description and examples. * replaced str if check and replaced with in-built safe_load_json method. * updated docker image to latest * Update 4_0_0.md * fixed fetch incident bug where duplicates were fetched because end date was not being set correctly. --------- Co-authored-by: yaakovpraisler <ypreisler@paloaltonetworks.com> Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> Co-authored-by: Kobbi Gal <85439776+kgal-pan@users.noreply.github.com> Co-authored-by: Israel Lappe <79846863+ilappe@users.noreply.github.com> * remove pass * update docker --------- Co-authored-by: shaqnawe <shaktishah40@gmail.com> Co-authored-by: yaakovpraisler <ypreisler@paloaltonetworks.com> Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> Co-authored-by: Kobbi Gal <85439776+kgal-pan@users.noreply.github.com> Co-authored-by: Israel Lappe <79846863+ilappe@users.noreply.github.com> Co-authored-by: ilappe <ilappe@paloaltonetworks.com>
* Trend micro vision one (#30157) * removed microsocks Potentially harmful * imported urllib3 and removed reference to requests.packages. Updated release notes and TrendMicroVisionOne.yml * added action to add file entry from incident to sandbox and action to get result of file entry analysis status * removed redundant action to check sandbox submission status * added polling command for sandbox submissions * added unit tests for file entry to sandbox and polling for sandbox submissions * added unit tests for submit file entry and sandbox polling command * updated yml to include submit-file-entry-to-sandbox and run-sandbox-submission-polling * Update README.md Added hints for command execution order * Update README.md Updated Notes for better readability. * Update README.md Updated README.md for better readability. * updated release notes to indicate addition of submit file entry to sandbox and sandbox submission polling command * formatted files per XSOAR standards * Added command examples for V2 actions * added test_data folder containing example responses * Update README.md Added link to supported file types in submit file to sandbox and submit file entry to sandbox. * removed unused mock test case for submit file entry to sandbox and test_data folder with mock responses * Added submit file entry to sandbox and run sandbox submission polling and their respective unit tests and command_examples * added demosti.patch.object to get custom data for demisto.getFilePath in submit file entry to sandbox * updated polling comamnd per XSOAR standards and updated YAML to include polling in sandbox submissing polling command root * TrendMicroVisionOne_description * updated sandbox submission command example to include polling arg * updated yml to include polling in root of sandbox submission polling * removed unused variable declarations * updated doc string for sandbox submission polling * updated min server version to 6.2.0 in sandbox polling unit test * updated if check to differentiate between cmd instead of args * added dbotscore for sandbox submissions status and sandbox polling commands * added doc string for dbot severity helper function * Updated Vendor Name to match integration pack * updated risk to look for obj instead of str and updated release notes and updated docker image version * added dbotscore to VisionOne context data and updated YML and README.md accordingly * small context output fix * Update 1_3_0.md * updated description in YML for V3. * added pagination for suspicious/exception list as well as endpoint info and fetch incidents * updated unit test for endpoint info * updated README.md to reflect name change for 3 context outputs in get endpoint info * reverted change for get endpoint info to ensure backwards compatibility * updated docker python image in release notes * Update docker image. * Update RN. * Remove main function from unit test coverage. * corrected delete from suspicious list endpoint * updated docker image to latest per circleci test * fixed precommit error of implicitly concatenated string in regex for macaddress validation * fixed precommit error of implicitly concatenated string in regex for ipv6 validation * updated Release Notes * Add pytmv1 devdemisto image for testing * updated all actions to use pytmv1 library * added 2 new actions (get alert details and submit urls to sandbox) * updated to declare pytmv1 directly in actions instead of passing in action calls * removed commented code for pytmv1 initialization. * updated actions using pytmv1 library * added variable names for replace args and updated isolate and restore endpoint table vars * updated yml for all actions and added return_error condition for all actions * removed unused message vars * updated unit tests and added test_data folder with mock responses. * updated check_task_status unit test with correct params * updated base url for unit tests * updated var declarations to compatible union type * ran format command to format yml file * updated release notes * validated yml file * added missing default value for polling * removed commented code and wrapped digest values * added endpoint and email activity data actions and their fetch count helper functions respectively. * added unit tests for endpoint and email activity data * updated yml to include context outputs for endpoint and email activity data, added respective command examples and updated README.md * updated get_activity_data_count param for respective actions * updated README.md * added severity filter to fetch incidents * added dbotMirrorId and details to incident, added 'any' option for incident severity types and updated yml file for incidentSeverity. * added any string literal with var * updated README.md to indicate addition of 2 new actions. * updated docstrings and added comments * added comments for workbench histories and updated status check to include task class type to fetch the final task response. * removed unused vars * formatted and validated yml and README.md * updated yml for exception and suspicious list actions to correct the context outputs and updated README.md to match * updated docker image to match demsito-docker image and updated relase notes per demisto XSOAR standards. * added tmv1 url and various IPs to secrets-ignore. * updated return type for get_task_type * updated test connectivity and updated self.app reference to APP_NAME variable. * updated yml and generated new README.md * updated file path default value * updated command_examples and updated args to reference collect_files variable in collect_file action * updated yml and generated new readme, also ran command to update release notes with -bc flag * fixed submit file to sandbox unit test * Update docker image in TrendMicroVisionOneV3.yml * added breaking changes details to ReleaseNotes->4_0_0.json * Update 4_0_0.md * corrected breaking changes json file * enabled network for docker unit tests and added type:ignore for poll_time_sec * updated docker image tag to 0.6.2.79742 * updated context output for sandbox submission polling to remove report_id duplicate and replace with type. * updated 32 unit tests and added email and endpoint activity actions * corrected submit_file_to_sandbox unit test * updated yml and README.md * removed commented out code for test get endpoint information * updated endpoint and email activity data count command names and updated yml and README * added missing white space for table heading * fixed import for endpoint and email activity data * updated secretes-ignore list * updated unit test for get_endpoint_info and update dockerimage to newest. * removed top var from endpoint and email activity data count actions and updated yml and README.md accordingly. * fixed docker image tag in release notes * corrected remaining Ruff errors * added if check for str to use json loads and added input examples. Added isArray for context inputs and also updated README.md accordingly. * Added query op detailed description and examples. * replaced str if check and replaced with in-built safe_load_json method. * updated docker image to latest * Update 4_0_0.md * fixed fetch incident bug where duplicates were fetched because end date was not being set correctly. --------- Co-authored-by: yaakovpraisler <ypreisler@paloaltonetworks.com> Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> Co-authored-by: Kobbi Gal <85439776+kgal-pan@users.noreply.github.com> Co-authored-by: Israel Lappe <79846863+ilappe@users.noreply.github.com> * remove pass * update docker --------- Co-authored-by: shaqnawe <shaktishah40@gmail.com> Co-authored-by: yaakovpraisler <ypreisler@paloaltonetworks.com> Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> Co-authored-by: Kobbi Gal <85439776+kgal-pan@users.noreply.github.com> Co-authored-by: Israel Lappe <79846863+ilappe@users.noreply.github.com> Co-authored-by: ilappe <ilappe@paloaltonetworks.com>
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
fixes: link to the issue
Description
Updated the V3 integration to accept multiple requests in one call and added 2 new actions (get email activity data and get endpoint activity data.)
Must have