Cymulate v3#43163
Cymulate v3#43163Benimanela wants to merge 16 commits intodemisto:contrib/qmasters-ltd_cymulate-v3from
Conversation
content-bot
added
Contribution
content-bot
added
Partner-Approved
Contribution Form Filled
…nore, updated API endpoints in tests and main code to use the correct base URL, and improved error handling in fetch_incidents function.
adi88d
added
ready-for-ai-review
|
For the Reviewer: Trigger build request has been accepted for this contribution PR. |
|
For the Reviewer: Successfully created a pipeline in GitLab with url: https://gitlab.xdr.pan.local/xdr/cortex-content/content/-/pipelines/7196507 |
content-bot
removed
ready-for-instance-test
|
🤖 Content AI Reviewer: Analysis started. Please wait for results... |
🤖 Content-bot Review DisclaimerThis review was generated by an AI-powered tool and may contain inaccuracies. Please be advised, and we extend our sincere apologies for any inconvenience this may cause. |
content-bot
left a comment
content-bot
left a comment
There was a problem hiding this comment.
Hi there! Thanks for contributing the Cymulate V3 integration. I've reviewed the submission and have a few points for you to address.
Most importantly, there are critical logic issues in the fetch command regarding sort order and deduplication that could result in data loss or incomplete processing. Additionally, please update the YAML configuration to ensure essential parameters are marked as required and that the parameter display order follows standard guidelines. Finally, the documentation needs to be re-generated using the SDK to include standard sections, and the pack metadata requires a few updates regarding keywords and GitHub users.
Great work so far, and let me know if you have any questions!
Additionally, please address the following file-level notes:
Packs/Cymulate/pack_metadata.json: - Thekeywordslist must include the vendor name 'Cymulate'.- For partner-supported packs, the
githubUserfield should contain a list of valid GitHub usernames.
@adi88d please review and approve the results generated by the AI Reviewer by responding 👍 on this comment.
- Added "Cymulate Assessment ID", "Cymulate Assessment Name", and "Cymulate Finding Name" fields to the incoming mapper. - Created new incident fields for "Cymulate Assessment ID", "Cymulate Assessment Name", and "Cymulate Finding Name". - Introduced a layout for Cymulate Assessment Findings incidents to enhance data organization and review.
- Added "Cymulate" as a keyword and updated the GitHub user to "benimanela" in the pack metadata. - Changed API token and Base URL parameters to required in the integration configuration. - Updated README and description files to reflect changes in parameter requirements. - Enhanced the release notes with new incident fields and layout for Cymulate Assessment Findings.
- Removed outdated test filtering logic from pytest. - Added new tests to ensure proper handling of boundary conditions and pagination in the fetch_incidents function. - Updated fetch_incidents to support a larger limit for assessments and changed sort order to ascending to prevent data loss. - Improved handling of pending state during assessments to ensure accurate incident fetching and processing.
- Changed section headers in the description and README files for clarity. - Order the configuration parameters for 'insecure' and 'proxy' settings in the integration YAML. - Enhanced the README to provide a more concise overview of the integration's functionality and configuration steps. - Removed outdated information to streamline the documentation.
- Introduced separate date formats for API query parameters and full precision requirements. - Updated the Client class constructor to pass headers directly in the superclass initialization. - Modified incident fetching to use the new date format for occurred timestamps.
Refactor test module aliasing in Cymulate integration tests - Changed the import of the test_module to an alias (cymulate_test_module) to prevent pytest from collecting it as a test. - Updated references in test cases to use the new alias for consistency.
Benimanela
added
the
Security Approved
|
Pre-commit checks fixed, review comments addressed, ready to review. |
- Updated the incoming mapper to include additional fields for better data mapping. - Changed extraction mode to "Specific" in incident type settings, allowing for targeted extraction of indicators such as md5, sha1, sha256, and urls. - Improved the configuration for extracting indicator types to streamline incident processing.
- Updated the logic to skip assessments at or before the last processed date, preventing re-processing of already handled assessments. - Modified test cases to reflect the new behavior, ensuring only newer assessments are fetched and processed correctly.
5 participants
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
Description
Added new integration for fetching Cymulate Assessment Findings as XSAOR incidents
Must have
relates: https://jira-dc.paloaltonetworks.com/browse/CIAC-15881