New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update incident occurred time #31404
Update incident occurred time #31404
Conversation
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @adi88d will know the proposed changes are ready to be reviewed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great Job!
Thanks a lot for this contribution, It is highly appreciated.
- Please update the currentVersion value in
pack_metadata.json
- update the docker image by running:
demisto-sdk format -ud -i Packs/AbnormalSecurity/Integrations/AbnormalSecurity/AbnormalSecurity.yml
- fix the tests that failed in
AbnormalSecurity_test.py
- update lines 752 and 762 inside
AbnormalSecurity.py
- Line is too long
incidents = [] | ||
for threat in threats: | ||
threat_details = client.get_details_of_a_threat_request(threat["threatId"]) | ||
incident = { | ||
"dbotMirrorId": str(threat["threatId"]), | ||
"name": "Threat", | ||
"occurred": current_iso_format_time, | ||
"occurred": threat_details["messages"][0]["receivedTime"], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"occurred": threat_details["messages"][0]["receivedTime"], | |
"occurred": threat_details["messages"][0].get("receivedTime"), |
incidents = [] | ||
for campaign in campaigns: | ||
campaign_details = client.get_details_of_an_abuse_mailbox_campaign_request(campaign["campaignId"]) | ||
incident = {"dbotMirrorId": str(campaign["campaignId"]), "name": "Abuse Campaign", "occurred": current_iso_format_time, | ||
incident = {"dbotMirrorId": str(campaign["campaignId"]), "name": "Abuse Campaign", "occurred": campaign_details["firstReported"], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
incident = {"dbotMirrorId": str(campaign["campaignId"]), "name": "Abuse Campaign", "occurred": campaign_details["firstReported"], | |
incident = {"dbotMirrorId": str(campaign["campaignId"]), "name": "Abuse Campaign", "occurred": campaign_details.get("firstReported"), |
incidents = [] | ||
for case in cases: | ||
case_details = client.get_details_of_an_abnormal_case_request(case["caseId"]) | ||
incident = {"dbotMirrorId": str(case["caseId"]), "name": "Account Takeover Case", "occurred": current_iso_format_time, | ||
incident = {"dbotMirrorId": str(case["caseId"]), "name": "Account Takeover Case", "occurred": case_details["firstObserved"], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
incident = {"dbotMirrorId": str(case["caseId"]), "name": "Account Takeover Case", "occurred": case_details["firstObserved"], | |
incident = {"dbotMirrorId": str(case["caseId"]), "name": "Account Takeover Case", "occurred": case_details.get("firstObserved"), |
…update-incident-occurred-time
9a3d1a2
to
7b13be4
Compare
…update-incident-occurred-time
…update-incident-occurred-time
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice!
353ed1d
into
demisto:contrib/wolyslager_update-incident-occurred-time
* Update incident occurred time (#31404) * updating occurred time for incidents * release notes * validation fixes * nit * fix formatting * update RN --------- Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> Co-authored-by: adi88d <adaud@paloaltonetworks.com> * add new line * update RN * remove whitespace from blank line --------- Co-authored-by: William Olyslager <wolyslager@abnormalsecurity.com> Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> Co-authored-by: adi88d <adaud@paloaltonetworks.com>
* Update incident occurred time (#31404) * updating occurred time for incidents * release notes * validation fixes * nit * fix formatting * update RN --------- Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> Co-authored-by: adi88d <adaud@paloaltonetworks.com> * add new line * update RN * remove whitespace from blank line --------- Co-authored-by: William Olyslager <wolyslager@abnormalsecurity.com> Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> Co-authored-by: adi88d <adaud@paloaltonetworks.com>
* Update incident occurred time (#31404) * updating occurred time for incidents * release notes * validation fixes * nit * fix formatting * update RN --------- Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> Co-authored-by: adi88d <adaud@paloaltonetworks.com> * add new line * update RN * remove whitespace from blank line --------- Co-authored-by: William Olyslager <wolyslager@abnormalsecurity.com> Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> Co-authored-by: adi88d <adaud@paloaltonetworks.com>
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
fixes: link to the issue
Description
Updating the "occurred time" field for incidents created. Previously this was just using the fetch time for the incident - but now we have incident details available (added in a previous pr) so we can accurately display the correct occurred time.
Must have