New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User Investigation - Generic - added usage of XSIAM subplaybook to get entity alerts by MITRE tactics #30874
Conversation
@OmriItzhak asked for your review since you last worked on this playbook |
This PR was automatically updated by a GitHub Action
To stop automatic version bumps, add the |
This PR was automatically updated by a GitHub Action
To stop automatic version bumps, add the |
This PR was automatically updated by a GitHub Action
To stop automatic version bumps, add the |
This PR was automatically updated by a GitHub Action
To stop automatic version bumps, add the |
@OmriItzhak @AdiPeret @michalgold Doc review completed. |
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
This PR was automatically updated by a GitHub Action
To stop automatic version bumps, add the |
This PR was automatically updated by a GitHub Action
To stop automatic version bumps, add the |
Packs/CommonPlaybooks/Playbooks/playbook-User_Investigation_-_Generic.yml
Outdated
Show resolved
Hide resolved
Packs/CommonPlaybooks/Playbooks/playbook-User_Investigation_-_Generic.yml
Show resolved
Hide resolved
Also fixing 2 bugs - one with the username when getting entity alerts, and one with PAN-OS not doing polling |
@ShirleyDenkberg I've added 2 more lines to the RN, can you please review it again? Thanks |
@idovandijk I a reviewed the RN again. See my comments. |
This PR was automatically updated by a GitHub Action
To stop automatic version bumps, add the |
This PR was automatically updated by a GitHub Action
To stop automatic version bumps, add the |
This PR was automatically updated by a GitHub Action
To stop automatic version bumps, add the |
…t entity alerts by MITRE tactics (#30874) * Added playbook, new pb readme and new pb image * RN * Bump pack from version CommonPlaybooks to 2.4.18. * Bump pack from version CommonPlaybooks to 2.4.19. * Bump pack from version CommonPlaybooks to 2.4.20. * Bump pack from version CommonPlaybooks to 2.4.21. * Update Packs/CommonPlaybooks/ReleaseNotes/2_4_21.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Bump pack from version CommonPlaybooks to 2.4.22. * Bump pack from version CommonPlaybooks to 2.4.23. * Bump pack from version CommonPlaybooks to 2.4.24. * Bump pack from version CommonPlaybooks to 2.4.25. * Bump pack from version CommonPlaybooks to 2.4.26. * Fixed issue in get entity alerts playbook and in firewall search. Updated RN. * Fixed version * Updated playbook with fixes from review * Updated playbook with fixes from review * Bump pack from version CommonPlaybooks to 2.4.27. * Updated playbook with fixes from review * Bump pack from version CommonPlaybooks to 2.4.28. * Bump pack from version CommonPlaybooks to 2.4.29. --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Status
Ready
Related Issues
Related to: https://jira-dc.paloaltonetworks.com/browse/CIAC-8220
Description
Fixed an issue where the
User Investigation - Generic
playbook which is also present in XSIAM, was using Cortex XDR and not Cortex Core. Solved the issue by uploading the XSIAM sub-playbook to XSOAR, and then adding it and fixing the condition in the User Investigation playbook.