Skip to content

Filter type param #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 31 commits into from
Jul 9, 2020
Merged

Filter type param #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
10983c1
Add search alert command
Jun 23, 2020
7000efb
Save progress
Jun 23, 2020
4affd1b
Rename
Jun 23, 2020
f54c3b6
Rename
Jun 23, 2020
4aa3791
Test alert search command
Jun 23, 2020
3d50bd0
Handle getting only top x number
Jun 23, 2020
515e438
ignore 0
Jun 23, 2020
c7dca90
Fix cl
Jun 23, 2020
d38b5e9
Fix cl
Jun 23, 2020
b84049f
Remove whitespace in yml
Jun 23, 2020
6f7ebc5
Gen yml
Jun 23, 2020
7528838
Main
Jun 23, 2020
4af651b
Tags
Jun 24, 2020
cff5ae4
Merge
Jul 2, 2020
7da6aac
Save
Jul 8, 2020
75c0eb6
Merge branch 'download-file' into de-widget
Jul 9, 2020
6f17942
hr last 30 days
Jul 9, 2020
cc5ff95
Save
Jul 9, 2020
0c1ad74
Merge branch 'download-file' into de-widget
Jul 9, 2020
4b46489
Remove paid content
Jul 9, 2020
c68202b
Update search alerts
Jul 9, 2020
b8f7dd5
Test
Jul 9, 2020
dfd4fd3
Filter type param to de get all
Jul 9, 2020
8e79753
Remove alert search from pr
Jul 9, 2020
27a2f13
Remove readme changes
Jul 9, 2020
c39dcb6
Remove unused import
Jul 9, 2020
ee28be3
Merge branch 'master' into de-widget
Jul 9, 2020
cfded62
Add leaving today option
Jul 9, 2020
8ad02ca
Default value enforcements
Jul 9, 2020
9b27bd7
Merge branch 'master' into de-widget
Jul 9, 2020
8fc1388
Put back?
Jul 9, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 14 additions & 10 deletions Packs/Code42/Integrations/Code42/Code42.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -193,10 +193,11 @@ def remove_user_from_departing_employee(self, username):
self._get_sdk().detectionlists.departing_employee.remove(user_id)
return user_id

def get_all_departing_employees(self, results):
def get_all_departing_employees(self, results, filter_type):
res = []
results = int(results) if results else None
pages = self._get_sdk().detectionlists.departing_employee.get_all()
results = int(results) if results else 50
filter_type = filter_type if filter_type else "OPEN"
pages = self._get_sdk().detectionlists.departing_employee.get_all(filter_type=filter_type)
for page in pages:
# Note: page is a `Py42Response` and has no `get()` method.
employees = page["items"]
Expand Down Expand Up @@ -230,11 +231,12 @@ def remove_user_risk_tags(self, username, risk_tags):
self._get_sdk().detectionlists.remove_user_risk_tags(user_id, risk_tags)
return user_id

def get_all_high_risk_employees(self, risk_tags, results):
def get_all_high_risk_employees(self, risk_tags, results, filter_type):
risk_tags = _try_convert_str_list_to_list(risk_tags)
results = int(results) if results else None
results = int(results) if results else 50
filter_type = filter_type if filter_type else "OPEN"
res = []
pages = self._get_sdk().detectionlists.high_risk_employee.get_all()
pages = self._get_sdk().detectionlists.high_risk_employee.get_all(filter_type=filter_type)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will cause None to be sent as the filter type if one isn't passed in, which would override the default value of "OPEN". We should set filter_type to "OPEN" if it is falsy before calling this.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the default value for the command is OPEN, but it is good to be double-y sure

for page in pages:
employees = _get_all_high_risk_employees_from_page(page, risk_tags)
for employee in employees:
Expand Down Expand Up @@ -759,8 +761,9 @@ def departingemployee_remove_command(client, args):

@logger
def departingemployee_get_all_command(client, args):
results = args.get("results") or 50
employees = client.get_all_departing_employees(results)
results = args.get("results", 50)
filter_type = args.get("filtertype", "OPEN")
employees = client.get_all_departing_employees(results, filter_type)
if not employees:
return CommandResults(
readable_output="No results found",
Expand Down Expand Up @@ -823,8 +826,9 @@ def highriskemployee_remove_command(client, args):
@logger
def highriskemployee_get_all_command(client, args):
tags = args.get("risktags")
results = args.get("results") or 50
employees = client.get_all_high_risk_employees(tags, results)
results = args.get("results", 50)
filter_type = args.get("filtertype", "OPEN")
employees = client.get_all_high_risk_employees(tags, results, filter_type)
if not employees:
return CommandResults(
readable_output="No results found",
Expand Down
25 changes: 25 additions & 0 deletions Packs/Code42/Integrations/Code42/Code42.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -356,6 +356,19 @@ script:
name: results
required: false
secret: false
- auto: PREDEFINED
default: true
defaultValue: OPEN
description: Filters the results based on specific filters.
isArray: false
name: filtertype
predefined:
- EXFILTRATION_30_DAYS
- EXFILTRATION_24_HOURS
- OPEN
- LEAVING_TODAY
required: false
secret: false
deprecated: false
description: Get all employees on the Departing Employee List.
execution: false
Expand Down Expand Up @@ -441,6 +454,18 @@ script:
name: results
required: false
secret: false
- auto: PREDEFINED
default: true
defaultValue: OPEN
description: Filters the results based on specific filters.
isArray: false
name: filtertype
predefined:
- EXFILTRATION_30_DAYS
- EXFILTRATION_24_HOURS
- OPEN
required: false
secret: false
deprecated: false
description: Get all employees on the High Risk Employee List.
execution: false
Expand Down
34 changes: 16 additions & 18 deletions Packs/Code42/Integrations/Code42/Code42_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -361,45 +361,43 @@
"type$": "ALERT_SUMMARY",
"tenantId": "1d700000-af5b-4231-9d8e-df6434d00000",
"type": "FED_ENDPOINT_EXFILTRATION",
"name": "Exposure on an endpoint",
"description": "This default rule alerts you when departing employees move data from an endpoint.",
"actor": "test.testerson@example.com",
"name": "Departing Employee Alert",
"description": "Cortex XSOAR is cool.",
"actor": "user1@example.com",
"target": "N/A",
"severity": "HIGH",
"ruleId": "9befe477-3487-40b7-89a6-bbcced4cf1fe",
"ruleSource": "Departing Employee",
"id": "fbeaabc1-9205-4620-ad53-95d0633429a3",
"createdAt": "2020-05-04T20:46:45.8106280Z",
"id": "36fb8ca5-0533-4d25-9763-e09d35d60610",
"createdAt": "2019-10-02T17:02:23.5867670Z",
"state": "OPEN"
},
{
"type$": "ALERT_SUMMARY",
"tenantId": "1d700000-af5b-4231-9d8e-df6434d00000",
"type": "FED_ENDPOINT_EXFILTRATION",
"name": "Exposure on an endpoint",
"description": "This default rule alerts you when departing employees move data from an endpoint.",
"actor": "[email protected]",
"type": "FED_CLOUD_SHARE_PERMISSIONS",
"name": "High-Risk Employee Alert",
"actor": "[email protected]",
"target": "N/A",
"severity": "LOW",
"severity": "MEDIUM",
"ruleId": "9befe477-3487-40b7-89a6-bbcced4cf1fe",
"ruleSource": "Departing Employee",
"id": "6bb7ca1e-c8cf-447d-a732-9652869e42d0",
"createdAt": "2020-05-04T20:35:54.2400240Z",
"id": "18ac641d-7d9c-4d37-a48f-c89396c07d03",
"createdAt": "2019-10-02T17:02:24.2071980Z",
"state": "OPEN"
},
{
"type$": "ALERT_SUMMARY",
"tenantId": "1d700000-af5b-4231-9d8e-df6434d00000",
"type": "FED_ENDPOINT_EXFILTRATION",
"name": "Exposure on an endpoint",
"description": "This default rule alerts you when departing employees move data from an endpoint.",
"actor": "[email protected]",
"name": "Custom Alert 1",
"actor": "[email protected]",
"target": "N/A",
"severity": "HIGH",
"severity": "LOW",
"ruleId": "9befe477-3487-40b7-89a6-bbcced4cf1fe",
"ruleSource": "Departing Employee",
"id": "c2c3aef3-8fd9-4e7a-a04e-16bec9e27625",
"createdAt": "2020-05-04T20:19:34.7121300Z",
"id": "3137ff1b-b824-42e4-a476-22bccdd8ddb8",
"createdAt": "2019-10-02T17:03:28.2885720Z",
"state": "OPEN"
}
],
Expand Down