[Marketplace Contribution] ThreatGrid #21611

xsoar-bot · 2022-10-04T18:32:31Z

Status

In Progress
Ready
In Hold - (Reason for hold)

Contributor

@amkoppad

Notes

Added the two commands to the integration.

!threat-grid-advanced-search
!threat-grid-submit-urls
Adding these two commands to the integration make the implementation with XSOAR more efficient.
Without the !threat-grid-submit-urls command urls first have to be converted to files and then uploaded to ThreatGrid as samples.
!threat-grid-advanced-search command enables XSOAR to run the ThreatGrid query search.

Video Link

Short demo video of the Pack usage. Speeds up the review. Optional but recommended. Use a video sharing service such as Google Drive or YouTube.

content-bot · 2022-10-04T18:33:59Z

Thank you for your contribution. Your generosity and caring are unrivaled! Rest assured - our content wizard @rshunim will very shortly look over your proposed changes.

amkoppad · 2022-10-12T19:01:50Z

Usage example:

!threat-grid-advanced-search query="{
\"query\": \"query get_sample($q_json:
String) {sample(, q_json: $q_json,limit: 20) {submitted_at id submitted_file_type status threat_score state login url}}\",\"variables\": {\"q_json\": \"{\\\"op\\\": \\\"and\\\",\\\"clauses\\\": [{\\\"op\\\": \\\"attr\\\",\\\"attr\\\": \\\"submitted_at\\\",\\\"comp_op\\\": \\\"gte\\\",\\\"value\\\": \\\"2022-09-30T21:09:02Z\\\"}]}\"}}"

!threat-grid-submit-urls url="www.xyz.com"

JasBeilin · 2022-11-15T13:49:01Z

Hi, @amkoppad, thank you for contributing!
I have one question before I start the review- I see that you added a new pack with Dev in the name, and very few changes in the code itself from the production current version.
I believe it is a mistake, If I am wrong please let me know so I will start to review. otherwise please re-submit this PR with the relevant changes in the actual production pack and I will review it.

JasBeilin · 2022-11-23T09:16:05Z

Hi @amkoppad , any updates here?

amkoppad · 2022-11-23T13:38:10Z

@JasBeilin I have added 2 commands as mentioned. You can find the functions in the code. def submit_urls() and def advanced_search() are the definitions you can check for in the integration. I just saw that the integration had some updates. I made the changes to the updated integration and have uploaded the .yml file again. Please let me know if you have any other questions. I am happy to answer or give you a demo of what exactly has been added.

JasBeilin · 2022-11-28T07:19:51Z

Hi @amkoppad, I have changed the code in the original integration. Please go through it and make sure I have added all the changes so I can actually review.
Also, please note that the yml file you provided python file instead of yml file. Please restore the file to be a valid yml.

amkoppad · 2022-12-01T13:24:13Z

Hi @JasBeilin, I have checked your changes. You have added all the things. I don't see anything being missed. I have also made changes to the .yml file as you suggested. Please let me know what you might need next. Thank you.

JasBeilin

Looks good.
I added some comment that I would appreciate if you can address.
In addition, please add unit tests (you can check https://xsoar.pan.dev/docs/integrations/unit-testing for instructions) feel free to let me know if you need any assistance with it.

JasBeilin · 2022-12-05T07:52:21Z

Packs/ThreatGrid/Integrations/ThreatGrid/ThreatGrid.py

+    return_results({
+        'Type': entryTypes['note'],
+        'EntryContext': {'ThreatGrid.URLs': res},
+        'HumanReadable': tableToMarkdown('ThreatGrid - URL Submission', res),
+        'ContentsFormat': formats['json'],
+        'Contents': res


Please change to ComandResult Object instead of the json.

Packs/ThreatGrid/Integrations/ThreatGrid/ThreatGrid.py

… amkoppad-contrib-ThreatGrid

Co-authored-by: Jasmine Beilin <71636766+JasBeilin@users.noreply.github.com>

Packs/ThreatGrid/Integrations/ThreatGrid/ThreatGrid.py

JasBeilin · 2022-12-08T13:30:29Z

Hi, Please notice this comment you have not addressed yet- https://github.com/demisto/content/pull/21611/files#r1039259785
Also, I added a suggestion that should fix the validation check.
Another error I see is this:
Missing the field "description" in Path: 'script'-> 'commands'-> 'threat-grid-advanced-search'-> 'outputs'-> 'Threatgrid.SearchResult'
Please add the field "description" to the path: 'script'-> 'commands'-> 'threat-grid-advanced-search'-> 'outputs'-> 'Threatgrid.SearchResult' in the yml.

If you need my help in any of these fixes, let me know.

Co-authored-by: Jasmine Beilin <71636766+JasBeilin@users.noreply.github.com>

Fixed the README issues.

JasBeilin

Great work!

JasBeilin · 2023-01-03T16:16:59Z

Commenting here for documentation-
We are merging this PR in order to have a fix for customer, the design of this addition is taken into consideration in a V2 version that should be available soon.

* "contribution update to pack "Cisco Secure Malware Analytics"" * Update ThreatGridDev.yml * added commands in original integration * Update ThreatGridDev.yml * fixed RN * Update Packs/ThreatGrid/Integrations/ThreatGrid/ThreatGrid.py Co-authored-by: Jasmine Beilin <71636766+JasBeilin@users.noreply.github.com> * Update Packs/ThreatGrid/Integrations/ThreatGrid/ThreatGrid.py Co-authored-by: Jasmine Beilin <71636766+JasBeilin@users.noreply.github.com> * Update Packs/ThreatGrid/Integrations/ThreatGrid/ThreatGrid.py Co-authored-by: Jasmine Beilin <71636766+JasBeilin@users.noreply.github.com> * Made the suggested changes to the advanced_search function and added the desciption for outputs in .yml file * Added a test function and addressed the previous build errors * Modified the test function * Modified the test function * Modified the test function v3 * Fixed the type errors * Fixed the submit_urls test function * Adding the test function for advanced search function * Fixed mocking the requests object * Fixed test_data path * Test function fix 2 * Test function fix 3 * Test function fix 4 * Test function fix 5 * Modified the yml file to exclude image tag * Modified python function for test function * Modified the mock_response object * Fixed the request typeerror * Modified the mock_data * TypeError fix 2 * Changed the mocker object * This should fix all the test functions * Fixed the image version issue * Fixed Readme * Fixed the lint errors * Update README.md Fixed the README issues. Co-authored-by: amkoppad <82898085+amkoppad@users.noreply.github.com> Co-authored-by: Jas Beilin <jgranot@paloaltonetworks.com> Co-authored-by: Jasmine Beilin <71636766+JasBeilin@users.noreply.github.com> Co-authored-by: amkoppad <amit.koppad@paloaltonetworks.com> Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: amkoppad <82898085+amkoppad@users.noreply.github.com> Co-authored-by: Jas Beilin <jgranot@paloaltonetworks.com> Co-authored-by: Jasmine Beilin <71636766+JasBeilin@users.noreply.github.com> Co-authored-by: amkoppad <amit.koppad@paloaltonetworks.com>

"contribution update to pack "Cisco Secure Malware Analytics""

10d55be

content-bot added the Contribution Thank you! Contributions are always welcome! label Oct 4, 2022

content-bot changed the base branch from master to contrib/xsoar-contrib_amkoppad-contrib-ThreatGrid October 4, 2022 18:33

content-bot assigned rshunim Oct 4, 2022

content-bot requested a review from rshunim October 4, 2022 18:33

rshunim requested a review from JasBeilin November 15, 2022 08:09

rshunim assigned JasBeilin Nov 15, 2022

JasBeilin added the pending-contributor The PR is pending the response of its creator label Nov 15, 2022

JasBeilin removed the request for review from rshunim November 20, 2022 11:53

JasBeilin unassigned rshunim Nov 20, 2022

Update ThreatGridDev.yml

6281377

added commands in original integration

f85e54d

Update ThreatGridDev.yml

3d2fcee

fixed RN

03c8730

JasBeilin requested changes Dec 5, 2022

View reviewed changes

JasBeilin and others added 3 commits December 5, 2022 10:19

Merge branch 'contrib/xsoar-contrib_amkoppad-contrib-ThreatGrid' into…

995ca8a

… amkoppad-contrib-ThreatGrid

Update Packs/ThreatGrid/Integrations/ThreatGrid/ThreatGrid.py

451aac8

Co-authored-by: Jasmine Beilin <71636766+JasBeilin@users.noreply.github.com>

Update Packs/ThreatGrid/Integrations/ThreatGrid/ThreatGrid.py

8f3400d

Co-authored-by: Jasmine Beilin <71636766+JasBeilin@users.noreply.github.com>

dorschw changed the title ~~[Marketplace Contribution] Cisco Secure Malware Analytics - Content Pack Update~~ [Marketplace Contribution] ThreatGrid Dec 7, 2022

JasBeilin reviewed Dec 8, 2022

View reviewed changes

Packs/ThreatGrid/Integrations/ThreatGrid/ThreatGrid.py Outdated Show resolved Hide resolved

amkoppad and others added 2 commits December 12, 2022 12:08

Update Packs/ThreatGrid/Integrations/ThreatGrid/ThreatGrid.py

a6bff38

Co-authored-by: Jasmine Beilin <71636766+JasBeilin@users.noreply.github.com>

Merge branch 'demisto:master' into amkoppad-contrib-ThreatGrid

2a0fc22

amkoppad and others added 20 commits December 19, 2022 08:15

Fixed the submit_urls test function

6677de4

Adding the test function for advanced search function

95f2082

Fixed mocking the requests object

e5f0c30

Fixed test_data path

0470682

Test function fix 2

698b7cd

Test function fix 3

19e3b1b

Test function fix 4

762c1c4

Test function fix 5

02db69b

Modified the yml file to exclude image tag

9d1e598

Modified python function for test function

b37804b

Modified the mock_response object

2709be2

Fixed the request typeerror

741e647

Modified the mock_data

bb4a154

TypeError fix 2

630c68c

Changed the mocker object

6241c7e

This should fix all the test functions

945e27a

Fixed the image version issue

285a625

Fixed Readme

72b2362

Fixed the lint errors

8602052

Update README.md

46c3b39

Fixed the README issues.

Fixed the image version issue

285a625

Fixed Readme

72b2362

Fixed the lint errors

8602052

Update README.md

46c3b39

Fixed the README issues.

JasBeilin approved these changes Jan 3, 2023

View reviewed changes

JasBeilin added the docs-approved label Jan 3, 2023

JasBeilin merged commit 32667ff into demisto:contrib/xsoar-contrib_amkoppad-contrib-ThreatGrid Jan 3, 2023

content-bot mentioned this pull request Jan 3, 2023

[Marketplace Contribution] ThreatGrid #23525

Merged

3 tasks

xsoar-bot deleted the amkoppad-contrib-ThreatGrid branch November 23, 2023 15:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Marketplace Contribution] ThreatGrid #21611

[Marketplace Contribution] ThreatGrid #21611

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

[Marketplace Contribution] ThreatGrid #21611

[Marketplace Contribution] ThreatGrid #21611

Uh oh!

Conversation

Status

Contributor

Notes

Video Link

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!