Zerofox/add cac data #35183

DNRRomero · 2024-07-02T12:30:35Z

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

[] In Progress
Ready
In Hold - (Reason for hold)

Related Issues

fixes: link to the issue

Description

Adds zerofox-get-compromised-credentials-command as a custom command for getting compromised credentials from the ZeroFox API as a file in the war room

Must have

Tests
Documentation

content-bot · 2024-07-02T12:32:12Z

Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @israelpoli will know the proposed changes are ready to be reviewed.
For your convenience, here is a link to the contributions SLAs document.

israelpoli

Hi @DNRRomero
thanks for your contribution
see comments below

Packs/ZeroFox/Integrations/ZeroFox/ZeroFox.py

Packs/ZeroFox/Integrations/ZeroFox/ZeroFox_test.py

Packs/ZeroFox/ReleaseNotes/1_3_4.md

- fix release notes comment - add unit test - format code

israelpoli · 2024-07-03T20:23:34Z

@DNRRomero Looks good, thanks

I want to take it to the next step
Could you send me a short demo of the command working (short video):
Running the command, and checking that the values in the context (File) return as expected

send me in slack (DFIR) or email

DNRRomero · 2024-07-03T20:28:15Z

@DNRRomero Looks good, thanks

I want to take it to the next step Could you send me a short demo of the command working (short video): Running the command, and checking that the values in the context (File) return as expected

send me in slack (DFIR) or email

Hi @israelpoli could you add me to slack (DFIR)? my email is dramirez@zerofox.com

I've tried accessing it but the link seems broken, or where can I find your email?

I included a video demo of the command in the contribution registration form, here's the link

israelpoli · 2024-07-03T20:56:10Z

@DNRRomero
The demo is perfect, I'm moving the PR to the next step hoping that tomorrow it will merge to the master

(For next time, I'm putting the DFIR login page here)

Thank you

israelpoli · 2024-07-03T21:03:14Z

@DNRRomero
There is a bug with check_changes due to a change made today in this github action
Tomorrow morning the bug will be fixed, and I will continue the process (it does not concern your PR)

DNRRomero · 2024-07-03T21:13:21Z

@DNRRomero There is a bug with check_changes due to a change made today in this github action Tomorrow morning the bug will be fixed, and I will continue the process (it does not concern your PR)

@israelpoli thank you!
by the way, this is wait I get when trying to get into the slack channel using the email I receive

israelpoli · 2024-07-03T21:26:16Z

@DNRRomero
I sent you an invitation, it should reach your email
It might be delayed a bit due to admin approval being required

github-actions · 2024-07-04T06:32:23Z

Thank you for your contribution. Your external PR has been merged and the changes are now included in an internal PR for further review. The internal PR will be merged to the master branch within 3 business days.

* Zerofox/add cac data (#35183) * add compromised credentials command (#138) * fix mypy check and tests * Fix yml file format * Add period to yaml description * Include PR comments - fix release notes comment - add unit test - format code * update docker * update RN --------- Co-authored-by: Diego Ramirez R <dramirez@zerofox.com> Co-authored-by: ipolishuk <ipolishuk@paloaltonetworks.com>

* Zerofox/add cac data (demisto#35183) * add compromised credentials command (#138) * fix mypy check and tests * Fix yml file format * Add period to yaml description * Include PR comments - fix release notes comment - add unit test - format code * update docker * update RN --------- Co-authored-by: Diego Ramirez R <dramirez@zerofox.com> Co-authored-by: ipolishuk <ipolishuk@paloaltonetworks.com>

* adding command * Ciac 10544 rasterize handle regression regarding integration option parameter (#34695) * Added external last updated time incident field to the commontypes (#35004) * Added external last updated time incident field to the commontypes * RN * fomated the incident field * RN modified * changed from verison * RN * commit * unsearchable true * HPE switch marketplace (#35201) * Updated the MP to support only the right one * Update rn * Revert "Revert "[Marketplace Contribution] FTP"" (#35200) * Revert "Revert "[Marketplace Contribution] FTP (#34659) (#35177)" (#35199)" This reverts commit c34a2a4. * added noqa --------- Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update PaloAltoNetworks_Cortex_XDR_Incident_Sync_README.md (#35181) * Update PaloAltoNetworks_Cortex_XDR_Incident_Sync_README.md * Update Packs/CortexXDR/Playbooks/PaloAltoNetworks_Cortex_XDR_Incident_Sync_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: Mai Morag <81917647+maimorag@users.noreply.github.com> * [SplunkPy] Update the README Troubleshooting (#35208) * [SplunkPy] Update the Troubleshooting * Update Packs/SplunkPy/Integrations/SplunkPy/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SplunkPy/Integrations/SplunkPy/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Align dbot output context path and IN124 problematic packs (#35136) * import problematic packs * update * changes * import problematic packs * update dockers * update dockers * added rns * reverts * update dockers * cr fixes * fix ComonServerPython docstring (#35197) * fix ComonServerPython docstring * RN * Prevent changing infra files (#35209) * demisto class for all (#35211) * New pack for CVE-2024-6387 (#35220) * New pack for CVE-2024-6387 * exclude-known-url * adjust the playbook and pack readme * adjust the playbook and pack readme --------- Co-authored-by: Chanan Welt <cwelt@paloaltonetworks.com> * Fix roles in common playbooks data collection task (#35133) * Fixed an issue with the data collection tasks to send emails to the corresponding roles in XSIAM (Investigator) and XSOAR (Analyst). * RN * Removed administrator role from the data collection tasks * udpated RN * Recorded Future Intelligence Cloud CIAC - 10390 (#35030) * Creating modeling rules * Updating schema * Removing url portal link * Adding release notes and test data * fixed test pb (#35221) * Switch netutils (#34874) * update image * bump image * Update Packs/ProofpointEmailSecurity/ReleaseNotes/1_0_2.md * Update Packs/ProofpointEmailSecurity/Integrations/ProofpointEmailSecurityEventCollector/ProofpointEmailSecurityEventCollector.yml * updated the classifier and layout of the qradar integration (#35222) * updated the classifier and layout of the qradar integration * added the release notes * commit * RN * improved implementation of IsIncidentPartOfCampaign (#33954) * improved implementation of IsIncidentPartOfCampaign * was found * docker update * skip none string * Zerofox/add cac data (#35227) * Zerofox/add cac data (#35183) * add compromised credentials command (#138) * fix mypy check and tests * Fix yml file format * Add period to yaml description * Include PR comments - fix release notes comment - add unit test - format code * update docker * update RN --------- Co-authored-by: Diego Ramirez R <dramirez@zerofox.com> Co-authored-by: ipolishuk <ipolishuk@paloaltonetworks.com> * Fixed CortexCoreIR http_request (#35206) * fixed xpanse * add RN * fixed * adding rn * fix test * fix test * fix testcommonserver pyton * fix unit tests and revert changes in demistomock * add xplanatory docstring * Bump pack from version Base to 1.34.24. * adding memory threshold to incident enrichment --------- Co-authored-by: sapirshuker <sshuker@paloaltonetworks.com> Co-authored-by: Content Bot <bot@demisto.com> * Azure SQL Management - Client Credentials (#35175) * added client credentials flow - working * updated readme and description * changed to default value for token_retrieval_url * created release notes and run pre commit * changed redme and description after code review * updated docker image * changed some mistakes in readme * changed some mistakes in discription --------- Co-authored-by: noy <nodavidi.paloaltonetworks.com> * Azure waf client credentials (#35182) * changed yml file * added client credentials to py * added client credentials to py * added release note * changed readme and description for client credentials * run pre commit * updated docker image * changed some mistakes in readme * changed some mistakes in discription --------- Co-authored-by: noy <nodavidi.paloaltonetworks.com> * Update integration logo (#35112) (#35225) updated integration logo to align with Prisma Cloud V2 Co-authored-by: epartington <epartington@users.noreply.github.com> Co-authored-by: Danny Fried <dfried@paloaltonetworks.com> * Azure devops client credentials (#35034) * changed the py file to match client credentials * changed the yml file to match client cre4dentials * changed the scope for client credentails * changed the scope * py * getting 203 error from api * made the final changes for client credentials * changed description * changed some description and added client credentials for README * ran precommit and created release nores * added global var for scope * fixed pre commit * made changes in readme and in description after doc review * removed in description and in readme 'using cortex xsoar azure app' * changed to default value for token_retrieval_url * changed condition for scope * changed test test_generate_login_urlplaybook to match the new scope * changes cope global name * updated docker image * deleted the word Demisto - not relevant * changed docker image and removed demisto word from description --------- Co-authored-by: noy <nodavidi.paloaltonetworks.com> * SplunkPy:get drilldown search in correct format (#35162) * fix + RN + test * RN * fix ruff * CR changes * fix pre commit * CR changes * [MicrosoftAzureStorageApiModule] fixed token to start with '?' (#35223) * fixed token to be with ? * RN * pre commit and docker * fixed test AzureStorageTable_test.py * fixed test AzureStorageQueue_test.py * fixed test AzureStorageFileShare_test.py * fixed test AzureStorageContainer_test.py --------- Co-authored-by: okarkkatz <okarkkatz@paloaltonetworks.com> * check * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix unit test * pre-commit * fix * removing arg * adding failed on status * adding RN and docs * unit test * unit tests * fix * fix * fix * fix * pre-commit * Update Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> * Update Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> * add unit tests * cr * fix * fix * fixes * fixes * fix unit tests * fix unit tests * fix * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fix * fix * fix --------- Co-authored-by: ilaredo <166304750+ilaredo@users.noreply.github.com> Co-authored-by: omerKarkKatz <95565843+omerKarkKatz@users.noreply.github.com> Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Menachem Weinfeld <90556466+mmhw@users.noreply.github.com> Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> Co-authored-by: Ben Melamed <bmelamed@paloaltonetworks.com> Co-authored-by: Chanan Welt <cwelt@paloaltonetworks.com> Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> Co-authored-by: ellopez777 <159898322+ellopez777@users.noreply.github.com> Co-authored-by: Judah Schwartz <JudahSchwartz@users.noreply.github.com> Co-authored-by: content-bot <55035720+content-bot@users.noreply.github.com> Co-authored-by: Diego Ramirez R <dramirez@zerofox.com> Co-authored-by: ipolishuk <ipolishuk@paloaltonetworks.com> Co-authored-by: sapirshuker <sshuker@paloaltonetworks.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: noydavidi <77931201+noydavidi@users.noreply.github.com> Co-authored-by: epartington <epartington@users.noreply.github.com> Co-authored-by: Danny Fried <dfried@paloaltonetworks.com> Co-authored-by: Israel Lappe <79846863+ilappe@users.noreply.github.com> Co-authored-by: Binat Ziser <89336697+bziser@users.noreply.github.com> Co-authored-by: okarkkatz <okarkkatz@paloaltonetworks.com> Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com>

content-bot added Contribution Thank you! Contributions are always welcome! External PR Partner Support Level Indicates that the contribution is for Partner supported pack labels Jul 2, 2024

content-bot changed the base branch from master to contrib/riskive_zerofox/add_cac_data July 2, 2024 12:32

content-bot assigned israelpoli Jul 2, 2024

content-bot added the TIM Review label Jul 2, 2024

content-bot requested review from israelpoli and MLainer1 July 2, 2024 12:32

content-bot added Contribution Form Filled Whether contribution form filled or not. Partner labels Jul 2, 2024

DNRRomero force-pushed the zerofox/add_cac_data branch 2 times, most recently from 7f8dc11 to 56917f0 Compare July 2, 2024 18:05

edik24 self-assigned this Jul 3, 2024

edik24 added the Partner-Approved label Jul 3, 2024

israelpoli reviewed Jul 3, 2024

View reviewed changes

DNRRomero added 5 commits July 3, 2024 12:33

add compromised credentials command (#138)

247d74f

fix mypy check and tests

347999a

Fix yml file format

afc00de

Add period to yaml description

13b9b4a

Include PR comments

875c066

- fix release notes comment - add unit test - format code

DNRRomero force-pushed the zerofox/add_cac_data branch from 8e9216f to 875c066 Compare July 3, 2024 16:33

DNRRomero requested a review from israelpoli July 3, 2024 17:07

israelpoli approved these changes Jul 3, 2024

View reviewed changes

israelpoli added the docs-approved label Jul 3, 2024

israelpoli merged commit 9859404 into demisto:contrib/riskive_zerofox/add_cac_data Jul 4, 2024
17 of 18 checks passed

content-bot mentioned this pull request Jul 4, 2024

Zerofox/add cac data #35227

Merged

4 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Zerofox/add cac data #35183

Zerofox/add cac data #35183

DNRRomero commented Jul 2, 2024 •

edited

Loading

content-bot commented Jul 2, 2024

israelpoli left a comment

israelpoli commented Jul 3, 2024

DNRRomero commented Jul 3, 2024 •

edited

Loading

israelpoli commented Jul 3, 2024

israelpoli commented Jul 3, 2024

DNRRomero commented Jul 3, 2024

israelpoli commented Jul 3, 2024

github-actions bot commented Jul 4, 2024

Zerofox/add cac data #35183

Zerofox/add cac data #35183

Conversation

DNRRomero commented Jul 2, 2024 • edited Loading

Contributing to Cortex XSOAR Content

Status

Related Issues

Description

Must have

content-bot commented Jul 2, 2024

israelpoli left a comment

Choose a reason for hiding this comment

israelpoli commented Jul 3, 2024

DNRRomero commented Jul 3, 2024 • edited Loading

israelpoli commented Jul 3, 2024

israelpoli commented Jul 3, 2024

DNRRomero commented Jul 3, 2024

israelpoli commented Jul 3, 2024

github-actions bot commented Jul 4, 2024

DNRRomero commented Jul 2, 2024 •

edited

Loading

DNRRomero commented Jul 3, 2024 •

edited

Loading