Skip to content

[Marketplace Contribution] EWS - Content Pack Update #24563

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Feb 16, 2023
Merged

[Marketplace Contribution] EWS - Content Pack Update #24563

merged 11 commits into from
Feb 16, 2023

Conversation

content-bot
Copy link
Collaborator

Original External PR

external pull request

Status

  • In Progress
  • Ready
  • In Hold - (Reason for hold)

Contributor

@alujones

Notes

This allows us to use this integration to fetch incidents as mail is moved into a folder, without missing messages that are moved in a different order from that in which they were received. An example use-case is a folder for managing reports of phishing emails - users don't send those reports strictly in the order our mail servers received them, and our SOC handlers don't move them into the phish folder in received order either. So, we were missing incidents. With this change, we are not.
This is the second time we've submitted changes to an integration to accommodate "modified" date processing - the other is to a Jira integration (so that as an item is modified and matches a query, it becomes available for incidents).
I've tried to make this so that the default mode of operation matches exactly what is currently in-place in EWS O365, so that nothing existing will break.
We've tested this functionality for the last several weeks, and the one complaint we've had is that tagging an item counts as changing its "last modified time". This doesn't seem significant, and our handlers simply tag emails before dragging them into the phish folder.
Changes were made to the parameters, to the fetch_emails_as_incidents function and the fetch_last_emails function.
I have not submitted a video, as this would quickly include email contents and addresses that are private

Video Link

Short demo video of the Pack usage. Speeds up the review. Optional but recommended. Use a video sharing service such as Google Drive or YouTube.

@content-bot content-bot added Contribution Thank you! Contributions are always welcome! docs-approved ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR. pending-contributor The PR is pending the response of its creator labels Feb 12, 2023
@content-bot content-bot requested a review from ilaner February 12, 2023 15:12
@xsoar-bot
Copy link
Contributor

Link to the unit tests coverage report:
https://output.circle-artifacts.com/output/job/4e60d503-bb16-4a5c-a04a-4c53f50aaf37/artifacts/0/artifacts/coverage_report/html/index.html

@ilaner ilaner merged commit b27895a into master Feb 16, 2023
@ilaner ilaner deleted the contrib/xsoar-contrib_alujones-contrib-EWS branch February 16, 2023 15:22
ayman-m pushed a commit to my-soar/content that referenced this pull request Feb 24, 2023
@content-bot @ayman-m
[Marketplace Contribution] EWS - Content Pack Update (demisto#24563)
4c92b3e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ilaner ilaner ilaner approved these changes

Assignees

@ShirleyDenkberg ShirleyDenkberg

@ilaner ilaner

Labels
Contribution Thank you! Contributions are always welcome! docs-approved pending-contributor The PR is pending the response of its creator ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@content-bot @xsoar-bot @ilaner @ShirleyDenkberg