[Zerofox] Key Incidents Integration#39506
[Zerofox] Key Incidents Integration#39506MosheEichler merged 16 commits intocontrib/riskive_zerofox_key_incidents_appfrom unknown repository
Conversation
|
|
|
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @MosheEichler will know the proposed changes are ready to be reviewed. |
|
Hi @DNRRomero, thanks for contributing to the XSOAR marketplace. To receive credit for your generous contribution please follow this link. |
|
Thank you very much for your contribution! Unfortunately, your PR review will be slightly delayed because of an Israeli holiday in the upcoming week (the 12th of April - the 19th of April). Thank you in advance for your patience and understanding. |
|
Hey @MosheEichler changes are ready for review |
|
Hey @DNRRomero Don't worry about the release notes I'll take care of it I just started the review will keep you updated with the next steps Thank you for the contribution |
There was a problem hiding this comment.
Hi @DNRRomero,
Thank you for your contribution!
Good work :)
Please see my comments
Feel free to reach out to me with any questions - I'm available here or on slack :)
Thanks again
Benimanela
left a comment
There was a problem hiding this comment.
Hi @DNRRomero, Thanks for contributing!
Please find below some feedback to help align with content standards and best practices.
General:
- Run the
demisto-sdk formatcommand on all files to ensure they follow the correct structure.
Mapper:
- Update the
idfield to use the integrationname(this should be handled automatically by theformatcommand).
Incident Fields:
- Prefix all incident field names with
ZeroFox, e.g.,Analysis→ZeroFox Analysis. - Replace
headlinewith the standardtitlecommon field, if applicable.
Incident Type:
- Update the associated layout reference from
layout IDtolayout name.
Layout:
- Update both
layout idandlayout namefields to reflect the actual layout name (should be handled by theformatcommand). - Ensure
headlineandtagsfields are properly mapped in the layout.
Let me know once the fixes are in place so I can take another look.
|
Hi @MosheEichler , @Benimanela Thank you so much for your help |
* Move key incidents integration to zerofox pack * correct pack readme to include zerofox ki integration
|
Hi @DNRRomero, I saw your changes. What about these points? Incident Fields: Prefix all incident field names with ZeroFox, e.g., Analysis → ZeroFox Analysis. Ensure headline and tags fields are properly mapped in the layout. |
Hey @Benimanela I already did those changes, pre -commit is failing due to something else |
Benimanela
left a comment
There was a problem hiding this comment.
Hi @DNRRomero, Thank you for your updates.
Please ensure you're using the demisto-sdk format for the incident fields, and update the IDs as I mentioned above.
There was a problem hiding this comment.
Change the id to incident_zerofoxkeyincidentanalysis
There was a problem hiding this comment.
Change the id to incident_zerofoxkeyincidentheadline
|
hey @Benimanela demisto-sdk format did not throw any corrections. I did add your comments though, thank you! |
|
Hi @DNRRomero, the code looks good! We're ready for a demo. Please check this page, and let me know when you're available for one over DFIR. |
ca124f4
into
demisto:contrib/riskive_zerofox_key_incidents_app
|
Thank you for your contribution. Your external PR has been merged and the changes are now included in an internal PR for further review. The internal PR will be merged to the master branch within 3 business days. |
* [Zerofox] Key Incidents Integration (#39506) * Add new base application (#142) * Format applications (#144) * add key incident client (#145) * add key incident attachment method (#146) * Add simple key mapper (#147) * add incident type, incident type field and layout to ZeroFox Key Incident Pack (#149) * Add Fetch Incidents (#148) * add key incident attachment command (#150) * fix classifier, layout and incident type formats (#152) * update release notes * move key incidents package to zerofox pack (#153) * Move key incidents integration to zerofox pack * correct pack readme to include zerofox ki integration * improve unit tests in ki integration (#154) * rename integration to ZeroFoxKeyIncidents * update release notes * correct incident field names * format ZeroFox pack files --------- Co-authored-by: Leonardo de Requeséns <[email protected]> * post demo fixes * fix incident name * ignore * fix incident name --------- Co-authored-by: Diego Ramirez R <[email protected]> Co-authored-by: Leonardo de Requeséns <[email protected]> Co-authored-by: meichler <[email protected]>
* [Zerofox] Key Incidents Integration (demisto#39506) * Add new base application (demisto#142) * Format applications (demisto#144) * add key incident client (demisto#145) * add key incident attachment method (demisto#146) * Add simple key mapper (demisto#147) * add incident type, incident type field and layout to ZeroFox Key Incident Pack (demisto#149) * Add Fetch Incidents (demisto#148) * add key incident attachment command (demisto#150) * fix classifier, layout and incident type formats (demisto#152) * update release notes * move key incidents package to zerofox pack (demisto#153) * Move key incidents integration to zerofox pack * correct pack readme to include zerofox ki integration * improve unit tests in ki integration (demisto#154) * rename integration to ZeroFoxKeyIncidents * update release notes * correct incident field names * format ZeroFox pack files --------- Co-authored-by: Leonardo de Requeséns <[email protected]> * post demo fixes * fix incident name * ignore * fix incident name --------- Co-authored-by: Diego Ramirez R <[email protected]> Co-authored-by: Leonardo de Requeséns <[email protected]> Co-authored-by: meichler <[email protected]>
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Description
Creates a new Pack for ingesting ZeroFox Key Incidents as Incident data
Must have