Etd xsoar connector#45019
Conversation
|
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @kamalq97 will know the proposed changes are ready to be reviewed. |
|
Hi @ashwinidoddamani, thanks for contributing to the XSOAR marketplace. To receive credit for your generous contribution please follow this link. |
🤖 AI-Powered Code Review AvailableHi @kamalq97, @Benimanela, you can leverage AI-powered code review to assist with this PR! Available Commands:
|
|
🤖 Analysis started. Please wait for results... |
|
For the Reviewer: Trigger build request has been accepted for this contribution PR. |
|
For the Reviewer: Successfully created a pipeline in GitLab with url: https://gitlab.xdr.pan.local/xdr/cortex-content/content/-/pipelines/10934008 |
🤖 AI Review DisclaimerThis review was generated by an AI-powered tool and may contain inaccuracies. Please be advised, and we extend our sincere apologies for any inconvenience this may cause. |
marketplace-ai-reviewer
left a comment
There was a problem hiding this comment.
Hi there! Thanks for your contribution with the ETDXsoarConnector pack. The integration looks solid, but there are a few areas that need refinement regarding standard practices, error handling, and documentation before we can merge.
Here are the main areas to focus on:
- Code & Tests: Please add unit tests for the fetch and move commands, ensure proxy and timeout settings are properly handled in your API requests, and add missing docstrings.
- Configuration: Standardize the YAML parameter order, remove the duplicate
proxyparameter, and rename the main command to follow the standardvendor-entity-actionformat. - Documentation: Update the pack metadata to be a concise summary without mentioning internal files, replace placeholder texts, and ensure Cortex branding guidelines are followed across all READMEs.
Great work so far! Let me know if you have any questions.
Additionally, please address the following file-level notes:
Additionally, please address the following file-level notes:
Packs/ETDXsoarConnector/Playbooks/playbook-ETD_Email_Reclassification_And_Remediation.yml: Please consider adding a test playbook to validate theetd-move-messagecommand and the incident lifecycle.Packs/ETDXsoarConnector/Integrations/ETDXsoarConnector/ETDXsoarConnector_test.py: Missing unit tests forfetch_incidentsandetd_move_message_command.
@kamalq97, @Benimanela please review and approve the results generated by the AI Reviewer by responding 👍 on this comment.
| "unmapped": false, | ||
| "unsearchable": false, | ||
| "caseInsensitive": true, | ||
| "sla": 0, |
There was a problem hiding this comment.
Please set unsearchable to true unless there is a specific requirement for this field to be searchable.
|
|
||
| ### Integrations | ||
|
|
||
| * EtdXsoarConnector |
There was a problem hiding this comment.
The integration name should be ETDXsoarConnector instead of EtdXsoarConnector to match the brand name and pack name.
| def download_logs(self, links: list) -> list: | ||
| events = [] | ||
| for link in links: | ||
| response = requests.get(link, timeout=120) |
There was a problem hiding this comment.
- Wrap
requests.getin a timeout exception block and pass proxy/verify settings. - Ensure proxy and SSL verification settings are respected.
| ) | ||
| # Determine Fetch window | ||
| if not last_fetch: | ||
| start_dt = now - timedelta(hours=1) |
There was a problem hiding this comment.
Use a user-configured first_fetch parameter for the initial fetch window.
| "name": (f"[ETD] " f"{verdict.upper()} "f"Email - {sender}"), | ||
| "occurred": timestamp, | ||
| "rawJSON": json.dumps(event), | ||
| "severity": 3, |
There was a problem hiding this comment.
- Use
IncidentSeverityenum instead of hardcoded numeric values. - Consider making the incident severity configurable or mapping it dynamically.
| # ETD XSOAR Connector | ||
|
|
||
|
|
||
| ## Overview |
There was a problem hiding this comment.
Consider adding a short paragraph linking real-world scenarios to the pack's use cases to provide real-life context.
| ## Overview | ||
|
|
||
|
|
||
| The ETD XSOAR Connector integrates Cisco Email Threat Defense (ETD) with Cortex XSOAR. The integration fetches ETD message events, creates incidents for malicious and suspicious emails, and provides remediation and reclassification capabilities through Cisco ETD APIs. |
There was a problem hiding this comment.
Please confirm if this integration is also applicable to Cortex XSIAM or Cortex Platform. If it is product-agnostic, consider replacing Cortex XSOAR with the generic Cortex reference. If it is product-specific, consider adding conditional text to clarify applicability.
|
|
||
| #### ETDXsoarConnector | ||
|
|
||
| Fetches Cisco ETD message events and creates incidents in Cortex XSOAR. |
There was a problem hiding this comment.
This sentence is redundant with the description on line 30. Consider removing it or providing additional, unique details about the integration.
|
|
||
|
|
||
|
|
||
| ### Playbook |
There was a problem hiding this comment.
Please include a reference to the Cortex XSOAR Developer Docs for the main playbook. For example:
For more information, visit the Cortex XSOAR Developer Docs
|
|
||
|
|
||
|
|
||
| #### ETD Email Reclassification and Remediation** |
There was a problem hiding this comment.
There is a trailing ** at the end of this header. Please remove it for correct Markdown formatting.
| #### ETD Email Reclassification and Remediation** | |
| #### ETD Email Reclassification and Remediation |
|
I will review all the comments and will fix them ASAP |
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
Must have
relates: https://jira-dc.paloaltonetworks.com/browse/CIAC-17277