Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XSIAM - New Phishing layout + playbook fixes #30590

Merged
merged 34 commits into from Nov 12, 2023
Merged

XSIAM - New Phishing layout + playbook fixes #30590

merged 34 commits into from Nov 12, 2023

Conversation

idovandijk
Copy link
Contributor

@idovandijk idovandijk commented Oct 31, 2023
edited

Status

Blocked - SDK issue with layout rule

Related Issues

fixes: https://jira-dc.paloaltonetworks.com/browse/CIAC-8729
fixes: https://jira-dc.paloaltonetworks.com/browse/CIAC-8752
fixes: https://jira-dc.paloaltonetworks.com/browse/CIAC-8753
fixes: https://jira-dc.paloaltonetworks.com/browse/CIAC-8826

Description

  • Created a new layout for phishing in XSIAM
  • Fixed attachment upload flow in Process Email - Generic v2
  • Fixed an issue where the lack of a default input tag to the Block Indicators - Generic v2 playbook resulted in the absence of blocked indicators in the layout.
  • Added playbook trigger recommendation which will run the Phishing - Generic v3 playbook on Phishing alerts.

@altmannyarden
Copy link
Contributor

I don't know if you wanted me to review all files but the layout rule looks great :)

@idovandijk
Copy link
Contributor Author

idovandijk commented Nov 1, 2023
edited

I don't know if you wanted me to review all files but the layout rule looks great :)

Only the rule. Still need to fix a few things in other places. Thanks!

@idovandijk
Copy link
Contributor Author

@altmannyarden Can you please review the newly added playbook trigger?
@ShirleyDenkberg Can you please review RN and descriptions?

ShirleyDenkberg
ShirleyDenkberg reviewed Nov 7, 2023
View reviewed changes
Packs/CommonPlaybooks/ReleaseNotes/2_4_14.md Outdated Show resolved Hide resolved
Packs/Phishing/Playbooks/Process_Email_-_Generic_v2_README.md Show resolved Hide resolved
Packs/Phishing/ReleaseNotes/3_6_0.md Outdated Show resolved Hide resolved
Packs/Phishing/ReleaseNotes/3_6_0.md Outdated Show resolved Hide resolved
Packs/Phishing/ReleaseNotes/3_6_0.md Outdated Show resolved Hide resolved
Packs/Phishing/ReleaseNotes/3_6_0.md Outdated Show resolved Hide resolved
Packs/Phishing/ReleaseNotes/3_6_0.md Outdated Show resolved Hide resolved
@ShirleyDenkberg
Copy link
Contributor

@AdiPeret @michal-dagan @michalgold @altmannyarden Doc review completed.

idovandijk and others added 9 commits November 7, 2023 10:18
@idovandijk
Implemented feedback - added a warning to the html rendering section.
8e6f8f3
@idovandijk @ShirleyDenkberg
Update Packs/Phishing/ReleaseNotes/3_6_0.md
88ebbb1 
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
@idovandijk @ShirleyDenkberg
Update Packs/Phishing/ReleaseNotes/3_6_0.md
1569e11 
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
@idovandijk @ShirleyDenkberg
Update Packs/Phishing/ReleaseNotes/3_6_0.md
a209e91 
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
@idovandijk @ShirleyDenkberg
Update Packs/CommonPlaybooks/ReleaseNotes/2_4_14.md
99a0fc0 
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
@idovandijk @ShirleyDenkberg
Update Packs/Phishing/ReleaseNotes/3_6_0.md
1f3b492 
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
@idovandijk @ShirleyDenkberg
Update Packs/Phishing/ReleaseNotes/3_6_0.md
463a0ac 
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
@idovandijk
Merge branch 'master' of github.com:demisto/content into xsiam-phishi…
8e08c1a 
…ng-layout
@idovandijk
Merge branch 'xsiam-phishing-layout' of github.com:demisto/content in…
d58b9f7 
…to xsiam-phishing-layout
@guardrails GuardRails
Copy link

guardrails bot commented Nov 8, 2023
edited

All previously detected findings have been fixed. Good job! 👍🎉

We will keep this comment up-to-date as you go along and notify you of any security issues that we identify.

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

@content-bot
Copy link
Collaborator

This PR was automatically updated by a GitHub Action

  • CommonPlaybooks pack version was bumped to 2.4.15.

To stop automatic version bumps, add the ignore-auto-bump-version label to the github PR.

@idovandijk idovandijk merged commit a1f817d into master Nov 12, 2023
18 of 19 checks passed
@idovandijk idovandijk deleted the xsiam-phishing-layout branch November 12, 2023 17:36
sapirshuker pushed a commit that referenced this pull request Dec 21, 2023
@idovandijk @ShirleyDenkberg
XSIAM - New Phishing layout + playbook fixes (#30590)
c2578b7 
* Updated the field's description.

* Added layout, fixed playbook, playbook image, new playbook readme, and release notes.

* Added improvements for layout - added email origin and descriptions for attachment sections

* formatted

* Added fromversion to layout to satisfy validator

* Updated phishing pack RN to reflect the change in Process Email - Generic v2

* Updated the Block Indicators - Generic v3 playbook to have a default tag input, so that the blocked indicators would properly show in the phishing alert layout.

* RNs and new readme for Block Indicators pb

* Added speculative layout rule

* Re-exported playbook from XSOAR

* validation stuff

* Added layout rule RN

* Added tooltip as known word + speculative RN fix

* Added phishing trigger

* Updated RN with trigger recommendation

* Implemented feedback - added a warning to the html rendering section.

* Update Packs/Phishing/ReleaseNotes/3_6_0.md

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/Phishing/ReleaseNotes/3_6_0.md

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/Phishing/ReleaseNotes/3_6_0.md

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/CommonPlaybooks/ReleaseNotes/2_4_14.md

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/Phishing/ReleaseNotes/3_6_0.md

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/Phishing/ReleaseNotes/3_6_0.md

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Removed emailimage and attachmentitem fields that don't exist

* Updated poetry to use Dan's SDK

* Fixed RN manually because SDK is terrible

* Reverting poetry after verified the SDK fix. Now waiting for new SDK release and will then need to commit something again to get the fix in the build

* Bump pack from version CommonPlaybooks to 2.4.15.

---------

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Co-authored-by: Content Bot <bot@demisto.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ShirleyDenkberg ShirleyDenkberg ShirleyDenkberg left review comments

@altmannyarden altmannyarden altmannyarden approved these changes

@AdiPeret AdiPeret AdiPeret approved these changes

@michalgold michalgold Awaiting requested review from michalgold

@michal-dagan michal-dagan Awaiting requested review from michal-dagan

@ilaner ilaner Awaiting requested review from ilaner ilaner is a code owner

@dorschw dorschw Awaiting requested review from dorschw dorschw is a code owner

Assignees

@ShirleyDenkberg ShirleyDenkberg

Labels
docs-approved
Projects
None yet
Milestone
No milestone
5 participants
@idovandijk @altmannyarden @ShirleyDenkberg @content-bot @AdiPeret