Stamus integration v1.0.0 #26286
Stamus integration v1.0.0 #26286
Conversation
|
|
content-bot
changed the base branch from
master
to
contrib/StamusNetworks_stamus-integration-v1.0.0
|
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @GuyAfik will know the proposed changes are ready to be reviewed. |
content-bot
added
Contribution Form Filled
@sonicold @regit can you please sign the CLA so we can move forward with the review? |
Hello, I did do it as a partner and both @sonicold and myself are working for Stamus Networks. Is it enough ? |
OK, just saw that there is 2 different things. |
the CLA looks good now, thank you |
There was a problem hiding this comment.
@regit incredible work! a few notes:
- each command should have a different context output, it seems like you implemented that each command will use the same context output which is not a good convention.
- I see you approach to
dictkeys without thegetmethod of thedictobject, make sure to usegetmethod to avoid un-necessaryKeyErrorexceptions. - please see if you are able to fix the build issues, most of them are validations.
please let me know if you need any help with anything, you can always reach me out in slack in DFIR.
GuyAfik
added
the
pending-contributor
|
OK, push is not a success. I will try to address the issues later today. |
There was a problem hiding this comment.
Hi @regit Thank you for your contribution. I have reviewed the content in your PR and I appreciate the effort you have put into it. However, I noticed a few areas that require attention. Please see my detailed comments below:
- Incident Field Configuration:
I noticed that the incident fieldStamus Threatis currently configured to apply to "All Incident types", whereas all the other incident fields are configured specifically for theStamus Networksincident type. Could you please clarify if this change was intentional? If it was, I kindly request you provide some insights into the reasoning behind this modification in the PR description or a comment. However, if this was unintentional, please update the configuration to be specific to theStamus Networksincident type.
-
Missing Playbook Description:
The playbook "Stamus Networks - Get Extra Data" appears to be missing a description. Including a descriptive explanation of the playbook's purpose and functionality is crucial for users to understand and effectively utilize the content. please add a meaningful description to the playbook. -
Non-Existing Command Usage:
I noticed that the playbook is utilizing non-existing commands. While I understand that these commands may be implemented in the integration source code, it is important to declare them properly in the YAML file with inputs, outputs, and other relevant details. I kindly request you to either add the missing command declaration, including the required specifications, or alternatively, modify the playbook to utilize existing commands that are already declared.
I appreciate your attention to these matters. Please make the necessary updates to address the mentioned issues.
If you have any questions or need further clarification on any of the points mentioned above, please don't hesitate to reach out here or on Slack.
Packs/Stamus/Integrations/Stamus/test_data/baseintegration-dummy.json
Outdated
Show resolved
Hide resolved
|
@regit let me know when i can re-review? for any help feel free to reach me out |
|
@regit nice work! can you please refer to the old comments i gave you please?
in addition, can you please merge from demisto master to re-trigger the build? for any help you can speak to me. |
regit
force-pushed
the
stamus-integration-v1.0.0
branch
from
90f673c to
80adc68
Compare
regit
requested review from
dorschw,
daryakoval,
yucohen,
amshamah419 and
thefrieddan1
as code owners
Updated the MR by addressing comments, adding unittests and rebasing on master. |
Most fields are information and we should not extract indicators.
This is the first pass, we need to add the role.
Host insight info can be available after some time if ever the host has not be seen before.
regit
force-pushed
the
stamus-integration-v1.0.0
branch
from
23c4acb to
34d88f9
Compare
|
@GuyAfik I'm struggling with this one, I don't know what I am missing https://app.circleci.com/pipelines/github/demisto/content/298224/workflows/27794974-779e-42a7-ae37-c266f05a0377/jobs/717860?invite=true#step-119-11335_250 |
@regit thanks for all the massive effort that you did on this PR, Ill merge it and we will handle the issues internally. |
Thanks a lot for all the help from the Palo Alto team on this. |
GuyAfik
merged commit 3987e11
into
demisto:contrib/StamusNetworks_stamus-integration-v1.0.0
* Stamus integration v1.0.0 (#26286) * packs: add stamus pack to xsoar content Implement a new set of commands to interact with Stamus Security Platform. * Stamus: remove dummy test * Stamus: use StamusIntegration prefix * Stamus: fix some descriptions * Stamus: update result to return markdown * Stamus: rename commands * Stamus: update pack metadata * Stamus: homogeneize message * Stamus: really basic README * Stamus: fix some linters warning * Stamus: import playbook and mapper * Stamus: more import Import Stamus' IncidentFields, IncidentFields and Layouts * Stamus: add playbook documentation * Stamus: more documentation * Stamus: add generated docs * Stamus: remove template comment * Stamus: use f-string * Stamus: simply test connection * Stamus: remove commented code * Stamus: docstring on escape function * Stamus: fix to have one context for each command * Stamus: refactoring * Stamus: remove useless code * Stamus: get default value in results if no results * Stamus: run demisto format on yaml files * Stamus: update README * Stamus: fix missing description and format * Stamus: fix following validation * Stamus: add missing playbook image * Stamus: remove marketplacev2 support * Stamus: fix info extraction in get DoC command * Stamus: use getter function Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Stamus: command should be lower case * Stamus: avoid double read of event * Stamus: little optimization * Stamus: add docstring * Stamus: remove not needed files * Stamus: add basic integration doc * Stamus: fix JSON format * Stamus: fix some name in playbook * Stamus: rename IOC params * Stamus: fix demisto sdk validation validation: demisto-sdk validate -i Packs/Stamus/IncidentTypes/incidenttype-Stamus_Networks.json validation: fix: demisto-sdk format -i /home/snuser/cortex/Packs/Stamus/IncidentTypes/incidenttype-Stamus_Networks.json * Stamus: fix params name gotten from conf * Stamus: fix stamus extra data playbook following new naming * Stamus: fix playbook ID * Stamus: Add descriptions * Stamus: move constants with other constants * Stamus: use getter function + fix linter * Stamus: use fstring * Stamus: unit tests impl * Stamus: remove template doc Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Stamus: add test data to secret-ignore * Stamus: fix event type * Stamus: update demisto docker image * Stamus: fix reference in classifier * Stamus: update README.md Runned demisto-sdk generate-docs -i Packs/Stamus/Integrations/Stamus/Stamus.yml and fixed the version string. * Stamus: fix linter error * Stamus: fix linter warning * Stamus: fix a playbook param * Stamus: fix key value * Stamus: set default value for incident * Stamus: update from version * Stamus: set default incoming mapper * Stamus: improve layout * Stamus: some more layout work * Stamus: use already defined fields * Stamus: don't extract indicators Most fields are information and we should not extract indicators. * Stamus: display threat info in layout * Stamus: don't try to display removed field * Stamus: add host first seen * Stamus: add host insight info in incident layout This is the first pass, we need to add the role. * Stamus: display major host insight information * Stamus: retry policy and fix a field Host insight info can be available after some time if ever the host has not be seen before. * Stamus: update to fix validation * Stamus: add description to mapper * Stamus: add integration as 'start time' user --------- Co-authored-by: Nicolas Frisoni <nfrisoni@stamus-networks.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Peter <pmanev@stamus-networks.com> * bump rn * rn * pre-commit * Bump pack from version CommonTypes to 3.3.85. * update mapper * bump rn * update rn * Empty-Commit * bump rn * ds108 validation fixes * fix validation * ds108 --------- Co-authored-by: Eric Leblond <eric@regit.org> Co-authored-by: Nicolas Frisoni <nfrisoni@stamus-networks.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Peter <pmanev@stamus-networks.com> Co-authored-by: GuyAfik <guyafik11@gmail.com> Co-authored-by: Content Bot <bot@demisto.com>
* Stamus integration v1.0.0 (#26286) * packs: add stamus pack to xsoar content Implement a new set of commands to interact with Stamus Security Platform. * Stamus: remove dummy test * Stamus: use StamusIntegration prefix * Stamus: fix some descriptions * Stamus: update result to return markdown * Stamus: rename commands * Stamus: update pack metadata * Stamus: homogeneize message * Stamus: really basic README * Stamus: fix some linters warning * Stamus: import playbook and mapper * Stamus: more import Import Stamus' IncidentFields, IncidentFields and Layouts * Stamus: add playbook documentation * Stamus: more documentation * Stamus: add generated docs * Stamus: remove template comment * Stamus: use f-string * Stamus: simply test connection * Stamus: remove commented code * Stamus: docstring on escape function * Stamus: fix to have one context for each command * Stamus: refactoring * Stamus: remove useless code * Stamus: get default value in results if no results * Stamus: run demisto format on yaml files * Stamus: update README * Stamus: fix missing description and format * Stamus: fix following validation * Stamus: add missing playbook image * Stamus: remove marketplacev2 support * Stamus: fix info extraction in get DoC command * Stamus: use getter function Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Stamus: command should be lower case * Stamus: avoid double read of event * Stamus: little optimization * Stamus: add docstring * Stamus: remove not needed files * Stamus: add basic integration doc * Stamus: fix JSON format * Stamus: fix some name in playbook * Stamus: rename IOC params * Stamus: fix demisto sdk validation validation: demisto-sdk validate -i Packs/Stamus/IncidentTypes/incidenttype-Stamus_Networks.json validation: fix: demisto-sdk format -i /home/snuser/cortex/Packs/Stamus/IncidentTypes/incidenttype-Stamus_Networks.json * Stamus: fix params name gotten from conf * Stamus: fix stamus extra data playbook following new naming * Stamus: fix playbook ID * Stamus: Add descriptions * Stamus: move constants with other constants * Stamus: use getter function + fix linter * Stamus: use fstring * Stamus: unit tests impl * Stamus: remove template doc Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Stamus: add test data to secret-ignore * Stamus: fix event type * Stamus: update demisto docker image * Stamus: fix reference in classifier * Stamus: update README.md Runned demisto-sdk generate-docs -i Packs/Stamus/Integrations/Stamus/Stamus.yml and fixed the version string. * Stamus: fix linter error * Stamus: fix linter warning * Stamus: fix a playbook param * Stamus: fix key value * Stamus: set default value for incident * Stamus: update from version * Stamus: set default incoming mapper * Stamus: improve layout * Stamus: some more layout work * Stamus: use already defined fields * Stamus: don't extract indicators Most fields are information and we should not extract indicators. * Stamus: display threat info in layout * Stamus: don't try to display removed field * Stamus: add host first seen * Stamus: add host insight info in incident layout This is the first pass, we need to add the role. * Stamus: display major host insight information * Stamus: retry policy and fix a field Host insight info can be available after some time if ever the host has not be seen before. * Stamus: update to fix validation * Stamus: add description to mapper * Stamus: add integration as 'start time' user --------- Co-authored-by: Nicolas Frisoni <nfrisoni@stamus-networks.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Peter <pmanev@stamus-networks.com> * bump rn * rn * pre-commit * Bump pack from version CommonTypes to 3.3.85. * update mapper * bump rn * update rn * Empty-Commit * bump rn * ds108 validation fixes * fix validation * ds108 --------- Co-authored-by: Eric Leblond <eric@regit.org> Co-authored-by: Nicolas Frisoni <nfrisoni@stamus-networks.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Peter <pmanev@stamus-networks.com> Co-authored-by: GuyAfik <guyafik11@gmail.com> Co-authored-by: Content Bot <bot@demisto.com>
* Stamus integration v1.0.0 (demisto#26286) * packs: add stamus pack to xsoar content Implement a new set of commands to interact with Stamus Security Platform. * Stamus: remove dummy test * Stamus: use StamusIntegration prefix * Stamus: fix some descriptions * Stamus: update result to return markdown * Stamus: rename commands * Stamus: update pack metadata * Stamus: homogeneize message * Stamus: really basic README * Stamus: fix some linters warning * Stamus: import playbook and mapper * Stamus: more import Import Stamus' IncidentFields, IncidentFields and Layouts * Stamus: add playbook documentation * Stamus: more documentation * Stamus: add generated docs * Stamus: remove template comment * Stamus: use f-string * Stamus: simply test connection * Stamus: remove commented code * Stamus: docstring on escape function * Stamus: fix to have one context for each command * Stamus: refactoring * Stamus: remove useless code * Stamus: get default value in results if no results * Stamus: run demisto format on yaml files * Stamus: update README * Stamus: fix missing description and format * Stamus: fix following validation * Stamus: add missing playbook image * Stamus: remove marketplacev2 support * Stamus: fix info extraction in get DoC command * Stamus: use getter function Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Stamus: command should be lower case * Stamus: avoid double read of event * Stamus: little optimization * Stamus: add docstring * Stamus: remove not needed files * Stamus: add basic integration doc * Stamus: fix JSON format * Stamus: fix some name in playbook * Stamus: rename IOC params * Stamus: fix demisto sdk validation validation: demisto-sdk validate -i Packs/Stamus/IncidentTypes/incidenttype-Stamus_Networks.json validation: fix: demisto-sdk format -i /home/snuser/cortex/Packs/Stamus/IncidentTypes/incidenttype-Stamus_Networks.json * Stamus: fix params name gotten from conf * Stamus: fix stamus extra data playbook following new naming * Stamus: fix playbook ID * Stamus: Add descriptions * Stamus: move constants with other constants * Stamus: use getter function + fix linter * Stamus: use fstring * Stamus: unit tests impl * Stamus: remove template doc Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Stamus: add test data to secret-ignore * Stamus: fix event type * Stamus: update demisto docker image * Stamus: fix reference in classifier * Stamus: update README.md Runned demisto-sdk generate-docs -i Packs/Stamus/Integrations/Stamus/Stamus.yml and fixed the version string. * Stamus: fix linter error * Stamus: fix linter warning * Stamus: fix a playbook param * Stamus: fix key value * Stamus: set default value for incident * Stamus: update from version * Stamus: set default incoming mapper * Stamus: improve layout * Stamus: some more layout work * Stamus: use already defined fields * Stamus: don't extract indicators Most fields are information and we should not extract indicators. * Stamus: display threat info in layout * Stamus: don't try to display removed field * Stamus: add host first seen * Stamus: add host insight info in incident layout This is the first pass, we need to add the role. * Stamus: display major host insight information * Stamus: retry policy and fix a field Host insight info can be available after some time if ever the host has not be seen before. * Stamus: update to fix validation * Stamus: add description to mapper * Stamus: add integration as 'start time' user --------- Co-authored-by: Nicolas Frisoni <nfrisoni@stamus-networks.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Peter <pmanev@stamus-networks.com> * bump rn * rn * pre-commit * Bump pack from version CommonTypes to 3.3.85. * update mapper * bump rn * update rn * Empty-Commit * bump rn * ds108 validation fixes * fix validation * ds108 --------- Co-authored-by: Eric Leblond <eric@regit.org> Co-authored-by: Nicolas Frisoni <nfrisoni@stamus-networks.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Peter <pmanev@stamus-networks.com> Co-authored-by: GuyAfik <guyafik11@gmail.com> Co-authored-by: Content Bot <bot@demisto.com>
* Stamus integration v1.0.0 (#26286) * packs: add stamus pack to xsoar content Implement a new set of commands to interact with Stamus Security Platform. * Stamus: remove dummy test * Stamus: use StamusIntegration prefix * Stamus: fix some descriptions * Stamus: update result to return markdown * Stamus: rename commands * Stamus: update pack metadata * Stamus: homogeneize message * Stamus: really basic README * Stamus: fix some linters warning * Stamus: import playbook and mapper * Stamus: more import Import Stamus' IncidentFields, IncidentFields and Layouts * Stamus: add playbook documentation * Stamus: more documentation * Stamus: add generated docs * Stamus: remove template comment * Stamus: use f-string * Stamus: simply test connection * Stamus: remove commented code * Stamus: docstring on escape function * Stamus: fix to have one context for each command * Stamus: refactoring * Stamus: remove useless code * Stamus: get default value in results if no results * Stamus: run demisto format on yaml files * Stamus: update README * Stamus: fix missing description and format * Stamus: fix following validation * Stamus: add missing playbook image * Stamus: remove marketplacev2 support * Stamus: fix info extraction in get DoC command * Stamus: use getter function Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Stamus: command should be lower case * Stamus: avoid double read of event * Stamus: little optimization * Stamus: add docstring * Stamus: remove not needed files * Stamus: add basic integration doc * Stamus: fix JSON format * Stamus: fix some name in playbook * Stamus: rename IOC params * Stamus: fix demisto sdk validation validation: demisto-sdk validate -i Packs/Stamus/IncidentTypes/incidenttype-Stamus_Networks.json validation: fix: demisto-sdk format -i /home/snuser/cortex/Packs/Stamus/IncidentTypes/incidenttype-Stamus_Networks.json * Stamus: fix params name gotten from conf * Stamus: fix stamus extra data playbook following new naming * Stamus: fix playbook ID * Stamus: Add descriptions * Stamus: move constants with other constants * Stamus: use getter function + fix linter * Stamus: use fstring * Stamus: unit tests impl * Stamus: remove template doc Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Stamus: add test data to secret-ignore * Stamus: fix event type * Stamus: update demisto docker image * Stamus: fix reference in classifier * Stamus: update README.md Runned demisto-sdk generate-docs -i Packs/Stamus/Integrations/Stamus/Stamus.yml and fixed the version string. * Stamus: fix linter error * Stamus: fix linter warning * Stamus: fix a playbook param * Stamus: fix key value * Stamus: set default value for incident * Stamus: update from version * Stamus: set default incoming mapper * Stamus: improve layout * Stamus: some more layout work * Stamus: use already defined fields * Stamus: don't extract indicators Most fields are information and we should not extract indicators. * Stamus: display threat info in layout * Stamus: don't try to display removed field * Stamus: add host first seen * Stamus: add host insight info in incident layout This is the first pass, we need to add the role. * Stamus: display major host insight information * Stamus: retry policy and fix a field Host insight info can be available after some time if ever the host has not be seen before. * Stamus: update to fix validation * Stamus: add description to mapper * Stamus: add integration as 'start time' user --------- Co-authored-by: Nicolas Frisoni <nfrisoni@stamus-networks.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Peter <pmanev@stamus-networks.com> * bump rn * rn * pre-commit * Bump pack from version CommonTypes to 3.3.85. * update mapper * bump rn * update rn * Empty-Commit * bump rn * ds108 validation fixes * fix validation * ds108 --------- Co-authored-by: Eric Leblond <eric@regit.org> Co-authored-by: Nicolas Frisoni <nfrisoni@stamus-networks.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Peter <pmanev@stamus-networks.com> Co-authored-by: GuyAfik <guyafik11@gmail.com> Co-authored-by: Content Bot <bot@demisto.com>
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
Linked issue: https://github.com/demisto/content/issues/26285
Description
This integration provides interaction with Stamus Security Platform. It provides a way to fetch detection from the solution and
also getting information and context from the Stamus Security Platform.
Screenshots
Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have