diff --git a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md index 46b83184280a..250f6d909a23 100644 --- a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md +++ b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md @@ -1,5 +1,6 @@ -Checks an XSOAR EDL to make sure it's returning a valid response. -This integration was integrated and tested with version 6.8+ of Cortex XSOAR. +Checks an XSOAR hosted EDL to make sure it's returning a valid response. Supports PAN-OS (text), CSV, or JSON EDLs. + +This integration was integrated and tested with version 6.12 and 8.4 of Cortex XSOAR, and version 3.2.12 of the Generic Export Indicator Service. ## Configure XSOAR EDL Checker on Cortex XSOAR @@ -12,18 +13,21 @@ This integration was integrated and tested with version 6.8+ of Cortex XSOAR. | EDL Name | The name of the edl from the generic indicator export service | True | | Username | | False | | Password | | False | + | Trust any certificate (not secure) | | False | + | XSOAR Version | The version of XSOAR you are using 6.x or 8.x | False | 4. Click **Test** to validate the URLs, token, and connection. ## Commands + You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details. ### xsoaredlchecker-get-edl + *** Checks the EDL and returns the response. - #### Base Command `xsoaredlchecker-get-edl` @@ -33,7 +37,6 @@ Checks the EDL and returns the response. | **Argument Name** | **Description** | **Required** | | --- | --- | --- | - #### Context Output | **Path** | **Type** | **Description** | @@ -42,3 +45,33 @@ Checks the EDL and returns the response. | EDLChecker.Status | unknown | The HTTP Status Code returned by the EDL | | EDLChecker.Response | unknown | The Response or Error from the check. | | EDLChecker.ItemsOnList | unknown | The number of indicators on the list, assuming a successful response\! | + +#### Command example +```!xsoaredlchecker-get-edl``` +#### Context Example +```json +{ + "EDLChecker": [ + { + "ItemsOnList": 2, + "Name": "domains", + "Response": "domains returned a 200 response, all should be well", + "Status": 200 + }, + { + "ItemsOnList": 0, + "Name": "ips", + "Response": "Instance 'ips' is disabled (922)", + "Status": 400 + } + ] +} +``` + +#### Human Readable Output + +>### EDL Response for domains +>|Name|Status|Response|ItemsOnList| +>|---|---|---|---| +>| domains | 200 | domains returned a 200 response, all should be well | 2 | + diff --git a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.py b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.py index 2ee0575491db..8072c8461d79 100644 --- a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.py +++ b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.py @@ -2,7 +2,6 @@ import requests import urllib3 from CommonServerPython import * # noqa: F401 -from typing import Union # Disable insecure warnings urllib3.disable_warnings() @@ -11,12 +10,26 @@ ''' HELPER FUNCTIONS ''' +def get_base_url(xsoar_version): + """ + Returns the url to be used to check the EDL, depends on the XSOAR version. + """ + url = demisto.demistoUrls().get('server') + if xsoar_version == "6.x": + # return the server url for xsoar 6 + return url + else: + # construct the url for xsoar 8 + url = f"{url[:8]}ext-{url[8:]}/xsoar" + return url + + def edl_http_request(base_url, edl_name, verify, creds): """ HTTP Request to check EDL, using basic auth if creds are provided Returns the full response. """ - response: Union[Dict, requests.Response] + response: Dict | requests.Response try: if creds: username = creds.get('username') @@ -104,7 +117,7 @@ def get_edl_command(base_url, edl_name, verify, creds=None): def main(): - base_url = demisto.demistoUrls().get('server') + base_url = get_base_url(demisto.params().get('xsoarversion')) edl_name = demisto.params().get('edl_name') verify = not demisto.params().get('insecure', False) credentials = demisto.params().get('credentials', None) diff --git a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.yml b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.yml index 55f4463f64ee..a045ac74ef8b 100644 --- a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.yml +++ b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.yml @@ -17,6 +17,15 @@ configuration: name: insecure type: 8 required: false +- display: XSOAR Version + name: xsoarversion + defaultvalue: 6.x + type: 15 + required: false + options: + - 6.x + - 8.x + additionalinfo: 'The version of XSOAR you are using 6.x or 8.x ' description: Checks an XSOAR hosted EDL to make sure it's returning a valid response. Supports PAN-OS (text), CSV, or JSON EDLs. display: XSOAR EDL Checker name: XSOAR EDL Checker @@ -27,14 +36,14 @@ script: name: xsoaredlchecker-get-edl outputs: - contextPath: EDLChecker.Name - description: The Name of the EDL from the Generic Indicators Export Service instance + description: The Name of the EDL from the Generic Indicators Export Service instance. - contextPath: EDLChecker.Status - description: The HTTP Status Code returned by the EDL + description: The HTTP Status Code returned by the EDL. - contextPath: EDLChecker.Response description: The Response or Error from the check. - contextPath: EDLChecker.ItemsOnList description: The number of indicators on the list, assuming a successful response! - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.80014 runonce: false script: '' subtype: python3 diff --git a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker_description.md b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker_description.md index 47b1a487fc05..268961cb54df 100644 --- a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker_description.md +++ b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker_description.md @@ -2,10 +2,14 @@ This integration checks an external dynamic list provided by the [XSOAR Generic Indicators Export Service](https://xsoar.pan.dev/docs/reference/integrations/edl), to validate it is responding as required. +XSOAR 6.x: Only supports lists hosted off the XSOAR server, and requires the following server configuration be set from Settings -> About -> Troubleshooting instance.execute.external = true +XSOAR 8.X: +Make sure to configre the credentials for Long Running Integrations (Settings -> Settings & Info -> Instances -> Long Running Integrations) + ## Setup Configure an instance and provide the name of the instance name from the XSOAR Generic Indicators Export Service. diff --git a/Packs/XSOAR_EDL_Checker/Playbooks/JOB_-_XSOAR_EDL_Checker.yml b/Packs/XSOAR_EDL_Checker/Playbooks/JOB_-_XSOAR_EDL_Checker.yml index cd8023875aa1..960654bb7668 100644 --- a/Packs/XSOAR_EDL_Checker/Playbooks/JOB_-_XSOAR_EDL_Checker.yml +++ b/Packs/XSOAR_EDL_Checker/Playbooks/JOB_-_XSOAR_EDL_Checker.yml @@ -1,15 +1,15 @@ id: JOB - XSOAR EDL Checker version: -1 name: JOB - XSOAR EDL Checker -description: "This playbook executes the XSOAR EDL Checker automation and will send email notification when an EDL is not functioning. \n\nRun this playbook as a job (hourly?) to monitor your EDLs." +description: "This playbook executes the XSOAR EDL Checker automation and will send email notification when an EDL is not functioning. \n\nRun this playbook as a job to monitor your EDLs." starttaskid: "0" tasks: "0": id: "0" - taskid: 1213a315-08db-4555-8f5a-1176629ef518 + taskid: fa6ee827-92a4-4776-83b6-79b7441fae37 type: start task: - id: 1213a315-08db-4555-8f5a-1176629ef518 + id: fa6ee827-92a4-4776-83b6-79b7441fae37 version: -1 name: "" iscommand: false @@ -20,13 +20,7 @@ tasks: - "3" separatecontext: false continueonerrortype: "" - view: |- - { - "position": { - "x": 50, - "y": 50 - } - } + view: "{\n \"position\": {\n \"x\": 275,\n \"y\": 50\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -36,10 +30,10 @@ tasks: isautoswitchedtoquietmode: false "2": id: "2" - taskid: 5e1ce334-7a94-4046-8b6e-c2637ea836c1 + taskid: 2dd36113-a90b-4fb5-8833-e6564215240c type: title task: - id: 5e1ce334-7a94-4046-8b6e-c2637ea836c1 + id: 2dd36113-a90b-4fb5-8833-e6564215240c version: -1 name: Done type: title @@ -48,13 +42,7 @@ tasks: description: '' separatecontext: false continueonerrortype: "" - view: |- - { - "position": { - "x": 50, - "y": 895 - } - } + view: "{\n \"position\": {\n \"x\": 275,\n \"y\": 1070\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -64,30 +52,24 @@ tasks: isautoswitchedtoquietmode: false "3": id: "3" - taskid: 25ac2d3d-f1cf-4ffa-872f-ce23fbedf978 + taskid: 5db5364b-6935-4ef9-838d-965d4a8e16a5 type: regular task: - id: 25ac2d3d-f1cf-4ffa-872f-ce23fbedf978 + id: 5db5364b-6935-4ef9-838d-965d4a8e16a5 version: -1 name: Check the EDLs description: Runs the xsoaredlchecker-get-edl command for all configured instances, and returns a consolidated output. - scriptName: XSOARAllEDLCheckerAutomation type: regular iscommand: false brand: "" + script: XSOARAllEDLCheckerAutomation nexttasks: '#none#': - "4" reputationcalc: 1 separatecontext: false continueonerrortype: "" - view: |- - { - "position": { - "x": 50, - "y": 195 - } - } + view: "{\n \"position\": {\n \"x\": 275,\n \"y\": 195\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -97,10 +79,10 @@ tasks: isautoswitchedtoquietmode: false "4": id: "4" - taskid: 077bee0d-ab6f-420a-81ec-93664e1dac29 + taskid: 5b72b7e7-1ea9-4cb9-85d8-12de534b353a type: condition task: - id: 077bee0d-ab6f-420a-81ec-93664e1dac29 + id: 5b72b7e7-1ea9-4cb9-85d8-12de534b353a version: -1 name: Are there failing EDLs? description: 'Check if there are EDLs which are not returning a 200 OK response. ' @@ -109,7 +91,7 @@ tasks: brand: "" nexttasks: '#default#': - - "2" + - '7' "yes": - "5" separatecontext: false @@ -119,19 +101,13 @@ tasks: - - operator: isNotEqualString left: value: - simple: EDLChecker.Response + simple: EDLChecker.Status iscontext: true right: value: simple: "200" continueonerrortype: "" - view: |- - { - "position": { - "x": 50, - "y": 370 - } - } + view: "{\n \"position\": {\n \"x\": 275,\n \"y\": 370\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -141,10 +117,10 @@ tasks: isautoswitchedtoquietmode: false "5": id: "5" - taskid: 5371b62e-0d16-4259-819b-e0bc0a5d3840 + taskid: 0393f17d-09a2-4cae-8626-90f838e14cec type: condition task: - id: 5371b62e-0d16-4259-819b-e0bc0a5d3840 + id: 0393f17d-09a2-4cae-8626-90f838e14cec version: -1 name: Should we send notifications? description: 'Check whether the input for SendNotification has a list of emails to send notification to. ' @@ -153,7 +129,7 @@ tasks: brand: "" nexttasks: '#default#': - - "2" + - '7' "yes": - "6" separatecontext: false @@ -185,10 +161,10 @@ tasks: isautoswitchedtoquietmode: false "6": id: "6" - taskid: 1375fc79-f1da-4391-852e-221063faaa0a + taskid: 9860a8d2-fe4e-454a-8363-3796e5dc6914 type: regular task: - id: 1375fc79-f1da-4391-852e-221063faaa0a + id: 9860a8d2-fe4e-454a-8363-3796e5dc6914 version: -1 name: Send Notification description: Send an email @@ -198,7 +174,7 @@ tasks: brand: "" nexttasks: '#none#': - - "2" + - '7' scriptarguments: body: simple: |- @@ -215,13 +191,7 @@ tasks: root: inputs.SendNotification separatecontext: false continueonerrortype: "" - view: |- - { - "position": { - "x": 275, - "y": 720 - } - } + view: "{\n \"position\": {\n \"x\": 50,\n \"y\": 720\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -229,18 +199,38 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false -view: |- - { - "linkLabelsPosition": {}, - "paper": { - "dimensions": { - "height": 910, - "width": 605, - "x": 50, - "y": 50 - } - } - } + '7': + id: '7' + taskid: 267cc391-387c-450c-8427-d4d51a34c37b + type: regular + task: + id: 267cc391-387c-450c-8427-d4d51a34c37b + version: -1 + name: Close + description: commands.local.cmd.close.inv + script: Builtin|||closeInvestigation + type: regular + iscommand: true + brand: Builtin + nexttasks: + '#none#': + - '2' + scriptarguments: + closeNotes: + simple: Job's done. + closeReason: + simple: Other + separatecontext: false + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": 275,\n \"y\": 895\n }\n}" + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: false + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false +view: "{\n \"linkLabelsPosition\": {},\n \"paper\": {\n \"dimensions\": {\n \"height\": 1085,\n \"width\": 605,\n \"x\": 50,\n \"y\": 50\n }\n }\n}" inputs: - key: SendNotification value: {} diff --git a/Packs/XSOAR_EDL_Checker/Playbooks/JOB_-_XSOAR_EDL_Checker_README.md b/Packs/XSOAR_EDL_Checker/Playbooks/JOB_-_XSOAR_EDL_Checker_README.md index 854b4c496e6f..a969bf0afee2 100644 --- a/Packs/XSOAR_EDL_Checker/Playbooks/JOB_-_XSOAR_EDL_Checker_README.md +++ b/Packs/XSOAR_EDL_Checker/Playbooks/JOB_-_XSOAR_EDL_Checker_README.md @@ -1,6 +1,6 @@ This playbook executes the XSOAR EDL Checker automation and will send email notification when an EDL is not functioning. -Run this playbook as a job (hourly?) to monitor your EDLs. +Run this playbook as a job to monitor your EDLs. ## Dependencies This playbook uses the following sub-playbooks, integrations, and scripts. @@ -15,6 +15,8 @@ This playbook does not use any integrations. * XSOARAllEDLCheckerAutomation ### Commands + +* closeInvestigation * send-mail ## Playbook Inputs @@ -27,3 +29,7 @@ This playbook does not use any integrations. ## Playbook Outputs --- There are no outputs for this playbook. + +## Playbook Image +--- +![JOB - XSOAR EDL Checker](../doc_files/JOB_-_XSOAR_EDL_Checker.png) diff --git a/Packs/XSOAR_EDL_Checker/ReleaseNotes/1_1_0.md b/Packs/XSOAR_EDL_Checker/ReleaseNotes/1_1_0.md new file mode 100644 index 000000000000..08569d015cc3 --- /dev/null +++ b/Packs/XSOAR_EDL_Checker/ReleaseNotes/1_1_0.md @@ -0,0 +1,13 @@ + +#### Integrations + +##### XSOAR EDL Checker +- Updated the Docker image to: *demisto/python3:3.10.13.80014*. +- Added support for both XSOAR 6.x and 8.x. +- Added the XSOAR Version parameter (6.x or 8.x) to support EDLs on both XSOAR platforms. + +#### Playbooks + +##### JOB - XSOAR EDL Checker + +- Fixed an issue with the conditional to check whether any EDLs were failing. diff --git a/Packs/XSOAR_EDL_Checker/doc_files/JOB_-_XSOAR_EDL_Checker.png b/Packs/XSOAR_EDL_Checker/doc_files/JOB_-_XSOAR_EDL_Checker.png new file mode 100644 index 000000000000..9099f360f809 Binary files /dev/null and b/Packs/XSOAR_EDL_Checker/doc_files/JOB_-_XSOAR_EDL_Checker.png differ diff --git a/Packs/XSOAR_EDL_Checker/pack_metadata.json b/Packs/XSOAR_EDL_Checker/pack_metadata.json index ee453eacade7..cdfd028159fd 100644 --- a/Packs/XSOAR_EDL_Checker/pack_metadata.json +++ b/Packs/XSOAR_EDL_Checker/pack_metadata.json @@ -2,8 +2,8 @@ "name": "XSOAR EDL Checker", "description": "Checks EDLs hosted by the XSOAR server to ensure they are functioning.", "support": "community", - "currentVersion": "1.0.2", - "author": "beauchompers", + "currentVersion": "1.1.0", + "author": "Mike Beauchamp", "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions", "email": "", "categories": [ @@ -16,7 +16,9 @@ "xsoar" ], "devEmail": [ - "beauchompers@gmail.com" + "mbeauchamp@paloaltonetworks.com" ], - "githubUser": [] + "githubUser": [ + "beauchompers" + ] } \ No newline at end of file