Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User Investigation - Generic - added usage of XSIAM subplaybook to get entity alerts by MITRE tactics #30874

Merged
merged 35 commits into from Nov 21, 2023
Merged

User Investigation - Generic - added usage of XSIAM subplaybook to get entity alerts by MITRE tactics #30874

merged 35 commits into from Nov 21, 2023

Conversation

idovandijk
Copy link
Contributor

Status

Ready

Related Issues

Related to: https://jira-dc.paloaltonetworks.com/browse/CIAC-8220

Description

Fixed an issue where the User Investigation - Generic playbook which is also present in XSIAM, was using Cortex XDR and not Cortex Core. Solved the issue by uploading the XSIAM sub-playbook to XSOAR, and then adding it and fixing the condition in the User Investigation playbook.

@idovandijk
Copy link
Contributor Author

@OmriItzhak asked for your review since you last worked on this playbook

@content-bot
Copy link
Collaborator

This PR was automatically updated by a GitHub Action

  • CommonPlaybooks pack version was bumped to 2.4.18.

To stop automatic version bumps, add the ignore-auto-bump-version label to the github PR.

@content-bot
Copy link
Collaborator

This PR was automatically updated by a GitHub Action

  • CommonPlaybooks pack version was bumped to 2.4.19.

To stop automatic version bumps, add the ignore-auto-bump-version label to the github PR.

@content-bot
Copy link
Collaborator

This PR was automatically updated by a GitHub Action

  • CommonPlaybooks pack version was bumped to 2.4.20.

To stop automatic version bumps, add the ignore-auto-bump-version label to the github PR.

@content-bot
Copy link
Collaborator

This PR was automatically updated by a GitHub Action

  • CommonPlaybooks pack version was bumped to 2.4.21.

To stop automatic version bumps, add the ignore-auto-bump-version label to the github PR.

@idovandijk idovandijk added the release-notes-only Indicates that this pull request has ONLY release notes to review for documentation process label Nov 16, 2023
@ShirleyDenkberg
Copy link
Contributor

@OmriItzhak @AdiPeret @michalgold Doc review completed.

@content-bot
Copy link
Collaborator

This PR was automatically updated by a GitHub Action

  • CommonPlaybooks pack version was bumped to 2.4.22.

To stop automatic version bumps, add the ignore-auto-bump-version label to the github PR.

@content-bot
Copy link
Collaborator

This PR was automatically updated by a GitHub Action

  • CommonPlaybooks pack version was bumped to 2.4.26.

To stop automatic version bumps, add the ignore-auto-bump-version label to the github PR.

@idovandijk
Copy link
Contributor Author

Also fixing 2 bugs - one with the username when getting entity alerts, and one with PAN-OS not doing polling

@idovandijk
Copy link
Contributor Author

@ShirleyDenkberg I've added 2 more lines to the RN, can you please review it again? Thanks

@ShirleyDenkberg
Copy link
Contributor

@idovandijk I a reviewed the RN again. See my comments.

@content-bot
Copy link
Collaborator

This PR was automatically updated by a GitHub Action

  • CommonPlaybooks pack version was bumped to 2.4.27.

To stop automatic version bumps, add the ignore-auto-bump-version label to the github PR.

@content-bot
Copy link
Collaborator

This PR was automatically updated by a GitHub Action

  • CommonPlaybooks pack version was bumped to 2.4.28.

To stop automatic version bumps, add the ignore-auto-bump-version label to the github PR.

@content-bot
Copy link
Collaborator

This PR was automatically updated by a GitHub Action

  • CommonPlaybooks pack version was bumped to 2.4.29.

To stop automatic version bumps, add the ignore-auto-bump-version label to the github PR.

@idovandijk idovandijk merged commit 94a6e00 into master Nov 21, 2023
17 checks passed
@idovandijk idovandijk deleted the user-investigation-generic-review-fixes branch November 21, 2023 14:37
sapirshuker pushed a commit that referenced this pull request Dec 21, 2023
@idovandijk @ShirleyDenkberg
User Investigation - Generic - added usage of XSIAM subplaybook to ge…
c2015f8 
…t entity alerts by MITRE tactics (#30874)

* Added playbook, new pb readme and new pb image

* RN

* Bump pack from version CommonPlaybooks to 2.4.18.

* Bump pack from version CommonPlaybooks to 2.4.19.

* Bump pack from version CommonPlaybooks to 2.4.20.

* Bump pack from version CommonPlaybooks to 2.4.21.

* Update Packs/CommonPlaybooks/ReleaseNotes/2_4_21.md

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Bump pack from version CommonPlaybooks to 2.4.22.

* Bump pack from version CommonPlaybooks to 2.4.23.

* Bump pack from version CommonPlaybooks to 2.4.24.

* Bump pack from version CommonPlaybooks to 2.4.25.

* Bump pack from version CommonPlaybooks to 2.4.26.

* Fixed issue in get entity alerts playbook and in firewall search. Updated RN.

* Fixed version

* Updated playbook with fixes from review

* Updated playbook with fixes from review

* Bump pack from version CommonPlaybooks to 2.4.27.

* Updated playbook with fixes from review

* Bump pack from version CommonPlaybooks to 2.4.28.

* Bump pack from version CommonPlaybooks to 2.4.29.

---------

Co-authored-by: Content Bot <bot@demisto.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ShirleyDenkberg ShirleyDenkberg ShirleyDenkberg left review comments

@OmriItzhak OmriItzhak OmriItzhak approved these changes

@AdiPeret AdiPeret Awaiting requested review from AdiPeret

@michalgold michalgold Awaiting requested review from michalgold

Assignees

@ShirleyDenkberg ShirleyDenkberg

Labels
docs-approved release-notes-only Indicates that this pull request has ONLY release notes to review for documentation process
Projects
None yet
Milestone
No milestone
4 participants
@idovandijk @content-bot @ShirleyDenkberg @OmriItzhak