Agentix | Actions | CortexGetEmailInvestigationSummary#43081
Agentix | Actions | CortexGetEmailInvestigationSummary#43081mayyagoldman wants to merge 7 commits intomasterfrom
Conversation
mayyagoldman
added
ready-for-pipeline-running
🤖 AI-Powered Code Review AvailableYou can leverage AI-powered code review to assist with this PR! Available Commands:
|
content-bot
removed
the
ready-for-ai-review
|
🤖 Content AI Reviewer: Analysis started. Please wait for results... |
🤖 Content-bot Review DisclaimerThis review was generated by an AI-powered tool and may contain inaccuracies. Please be advised, and we extend our sincere apologies for any inconvenience this may cause. |
content-bot
left a comment
content-bot
left a comment
There was a problem hiding this comment.
Thanks for the update to the Cortex Core integration! I've reviewed the changes and have a few suggestions to improve robustness and consistency.
Please update the Python code to use arg_to_number for safer type conversions and ensure the new command is properly registered in the YAML and covered by a test playbook. Also, take a look at the release notes formatting and verify if the new command is intended to be hidden.
Great work so far!
Additionally, please address the following file-level notes:
Packs/Core/Integrations/CortexPlatformCore/CortexPlatformCore.yml: Please ensure a test playbook is added or updated to test the new commandcore-get-email-investigation-summary. Thetestssection currently indicatesNo tests.
@JudahSchwartz please review and approve the results generated by the AI Reviewer by responding 👍 on this comment.
| verify_platform_version() | ||
| return_results(xql_query_platform_command(client, args)) | ||
|
|
||
| elif command == "core-get-email-investigation-summary": |
There was a problem hiding this comment.
The command core-get-email-investigation-summary is registered here, but the integration YAML file (CortexPlatformCore.yml) does not appear to be modified in this PR. Please ensure the command is added to the YAML definition so it is exposed to Cortex XSOAR.
| params: dict[str, Any] = {} | ||
|
|
||
| if days_timeframe := args.get("days_timeframe"): | ||
| params["days_timeframe"] = int(days_timeframe) |
There was a problem hiding this comment.
Use arg_to_number for robust integer conversion and error handling.
| if detection_method := args.get("detection_method"): | ||
| params["detection_method"] = detection_method | ||
| if min_severity := args.get("min_severity"): | ||
| params["min_severity"] = severity_mapping.get(min_severity, min_severity) |
There was a problem hiding this comment.
Consider using .lower() to handle case-insensitive input for severity mapping.
| if min_severity := args.get("min_severity"): | ||
| params["min_severity"] = severity_mapping.get(min_severity, min_severity) | ||
| if min_severity_phishing := args.get("min_severity_phishing"): | ||
| params["min_severity_phishing"] = severity_mapping.get(min_severity_phishing, min_severity_phishing) |
There was a problem hiding this comment.
Consider using .lower() to handle case-insensitive input for severity mapping.
| if min_severity_phishing := args.get("min_severity_phishing"): | ||
| params["min_severity_phishing"] = severity_mapping.get(min_severity_phishing, min_severity_phishing) | ||
| if page_size := args.get("page_size"): | ||
| params["page_size"] = int(page_size) |
There was a problem hiding this comment.
- Use
arg_to_numberfor robust integer conversion. - Use
arg_to_numberfor robust type conversion.
| if page_size := args.get("page_size"): | ||
| params["page_size"] = int(page_size) | ||
| if page_number := args.get("page_number"): | ||
| params["page_number"] = int(page_number) |
There was a problem hiding this comment.
Use arg_to_number for robust integer conversion.
| params["min_severity_phishing"] = severity_mapping.get(min_severity_phishing, min_severity_phishing) | ||
| if page_size := args.get("page_size"): | ||
| params["page_size"] = int(page_size) | ||
| if page_number := args.get("page_number"): |
There was a problem hiding this comment.
Handle 0 correctly when using arg_to_number.
| defaultValue: "1" | ||
| name: core-get-email-investigation-summary | ||
| description: Retrieves a summary of phishing email investigation campaigns from Cortex, grouping individual alerts by email message ID to help prioritize investigations based on impact and scale. | ||
| hidden: true |
There was a problem hiding this comment.
Is there a specific reason for hiding this command? Generally, commands like core-get-cases or core-get-issues are exposed. If this is intended only for Agentix/AI use, please confirm.
| type: Unknown | ||
| - arguments: | ||
| - description: Number of days to look back for issues. | ||
| name: days_timeframe |
There was a problem hiding this comment.
The argument days_timeframe is used as an integer in the code (int(days_timeframe)). Consider using arg_to_number for safer conversion or clarifying the expected input format in the description.
| @@ -0,0 +1,12 @@ | |||
|
|
|||
There was a problem hiding this comment.
Please remove the leading empty line and the extra empty lines between the headers and content to adhere to the standard release notes format.
Recommended format:
<~PLATFORM>
#### Integrations
##### Cortex Core - Platform
- Documentation and metadata improvements.
<!-- Added the core-get-email-investigation-summary command for retrieving phishing email investigation campaign summaries (hidden command for internal use). -->
</~PLATFORM>
|
Validate summary Verdict: PR can be force merged from validate perspective? ✅ |
2 participants
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
https://jira-dc.paloaltonetworks.com/browse/CRTX-223087
Description
Must have