Flashpoint Release 200 #35268
Flashpoint Release 200 #35268
Conversation
content-bot
added
Contribution Form Filled
content-bot
changed the base branch from
master
to
contrib/crestdatasystems_Flashpoint-Release-200
|
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @MosheEichler will know the proposed changes are ready to be reviewed. |
…lashpoint-Release-200
…tween ports and services.
There was a problem hiding this comment.
Hey @crestdatasystems,
Thanks for contributing this content. The PR looks good! 🎉
Adding a couple of notes/comments from my side:
- Please check again the known_words / secrets lists as they contain too much data. Assuming we can reduce those lists a bit.
- Please re-check your newly added fields - some of them might already be available in OOTB (from a quick review -like
Flashpoint Resource Typeand OOTB fieldResource Type). - If the previous integration is deprecated - should we deprecate the old content items such as the flashpoint mapper/classifier? Or even other items? just a thought...
- Don't forget to add the default incident type and mapper values to the Ignite yml config, so new instances will have those values by default
Let me know if you have any questions.
Cheers!
| "name": "Flashpoint Resource URL", | ||
| "ownerOnly": false, | ||
| "description": "URL of Flashpoint Alert.", | ||
| "cliName": "flashpointresourceurl", |
There was a problem hiding this comment.
You can use the OOTB field Resource URL instead of creating new one...
There was a problem hiding this comment.
OOTB is short text and client requirement was to be clickable url. That's why we've created new one.
There was a problem hiding this comment.
so maybe the External Link field?
There was a problem hiding this comment.
Your suggestion is good, but user can easily understand that it is going to redirect to the particular resource.
Packs/Flashpoint/.pack-ignore
Outdated
There was a problem hiding this comment.
can we reduce the size of the known_words list here? seems like there are some letters that we added accidentally like 'G'
There was a problem hiding this comment.
The reason for too much data in known_words or in secret list is due to the, README and test data of deprecated integration.
There was a problem hiding this comment.
@thefrieddan1 - R we good with this? anything we can do to avoid such an issue? seems odd to me that we can control that when it comes to hashes.
thefrieddan1
requested review from
thefrieddan1
and removed request for
MosheEichler
Packs/Flashpoint/Playbooks/playbook-Compromised_Credentials_Match_-_Flashpoint.yml
Outdated
Show resolved
Hide resolved
Packs/Flashpoint/Playbooks/playbook-Compromised_Credentials_Match_-_Flashpoint_README.md
Outdated
Show resolved
Hide resolved
|
@@ssokolovich @MLainer1 @thefrieddan1 Doc review completed. |
|
|
@crestdatasystems lets please schedule a demo |
…. of incident fields, Added default incident type and incoming mapper
…lashpoint-Release-200
| subtype: python3 | ||
| tests: | ||
| - Ignite-Test | ||
| defaultmapperin: "Flashpoint Compromised Credentials - Incoming Mapper" |
There was a problem hiding this comment.
| defaultmapperin: "Flashpoint Compromised Credentials - Incoming Mapper" | |
| defaultmapperin: "Ignite Alert - Incoming Mapper" |
thefrieddan1
merged commit 24f254f
into
demisto:contrib/crestdatasystems_Flashpoint-Release-200
|
Thank you for your contribution. Your external PR has been merged and the changes are now included in an internal PR for further review. The internal PR will be merged to the master branch within 3 business days. |
* Flashpoint Release 200 (#35268) * Added new integration: Flashpoint Ignite * Added latest context paths for the IP command * refactor: Updated the Ignite Alert incoming mapper for added space between ports and services. * Removed unwated description for the new incident fields in release notes * Updated the indicator extraction settings for the new incident type * docs: Updated the YML and README for the suggested changes * docs: Updated the release notes and help guide as per the requested changes * refactor: Updated the indicator extraction settings to the limited no. of incident fields, Added default incident type and incoming mapper --------- Co-authored-by: crestdatasystems <crestdatasystems@users.noreply.github.com> * bump docker image --------- Co-authored-by: Crest Data <60967033+crestdatasystems@users.noreply.github.com> Co-authored-by: crestdatasystems <crestdatasystems@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com>
* Flashpoint Release 200 (demisto#35268) * Added new integration: Flashpoint Ignite * Added latest context paths for the IP command * refactor: Updated the Ignite Alert incoming mapper for added space between ports and services. * Removed unwated description for the new incident fields in release notes * Updated the indicator extraction settings for the new incident type * docs: Updated the YML and README for the suggested changes * docs: Updated the release notes and help guide as per the requested changes * refactor: Updated the indicator extraction settings to the limited no. of incident fields, Added default incident type and incoming mapper --------- Co-authored-by: crestdatasystems <crestdatasystems@users.noreply.github.com> * bump docker image --------- Co-authored-by: Crest Data <60967033+crestdatasystems@users.noreply.github.com> Co-authored-by: crestdatasystems <crestdatasystems@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com>
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
fixes: link to the issue
Description
Added new integration Flashpoint Ignite
Must have