[ASM] - Expander - Update Cortex ASM - Service Ownership playbook #26334
Conversation
- Fixed an issue where GCP project is not found. - Updated the Cortex ASM - Service Ownership playbook to check for GCP as an external service before completing GCP related tasks for ranking users.
BigEasyJ
changed the title
content-bot
changed the base branch from
master
to
contrib/BigEasyJ_EXPANDR-3830_service_owner_playbook
|
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @GuyAfik will know the proposed changes are ready to be reviewed. |
content-bot
added
Community
Contribution Form Filled
- Local validate did not catch input that was not defined, but CI/CD validate did - Removing unused conditional check in "What provider is this service?" task demisto#14
- Remove Service Account lookup and source updates from Cortex_ASM_-_GCP_Enrichment playbook. - Remove retrieval of owners assocaited to a service account until more testing is completed.
…nto EXPANDR-3830_service_owner_playbook
| @@ -0,0 +1,11 @@ | |||
|
|
|||
There was a problem hiding this comment.
Please change filename to 1_6_11 because of conflict with #26355
There was a problem hiding this comment.
I believe the bug fix should go in first but we can discuss.
| @@ -2,7 +2,7 @@ | |||
| "name": "Cortex Attack Surface Management", | |||
| "description": "Content for working with Attack Surface Management (ASM).", | |||
| "support": "xsoar", | |||
| "currentVersion": "1.6.9", | |||
| "currentVersion": "1.6.10", | |||
There was a problem hiding this comment.
Please change filename to 1_6_11 because of conflict with #26355
There was a problem hiding this comment.
I believe the bug fix should go in first but we can discuss.
| version: -1 | ||
| name: Get external service information | ||
| description: Get service details according to the service ID. | ||
| script: Cortex Attack Surface Management|||asm-get-external-service |
There was a problem hiding this comment.
This command is already run in "Cortex ASM - Enrichment". So we can do one of the following:
- Pass full results of ${ASM.ExternalService.externally_detected_providers} into this playbook as an input (preferred)
- Add a conditional to make sure CASM integration is enabled (similar to "Is Cortex ASM enabled?" task in "Cortex ASM - Enrichment".
There was a problem hiding this comment.
I was thinking about this repetition as well. The first option should be a later change, just to keep the main playbook out of scope. I'll go with the second option.
| @@ -6,10 +6,10 @@ starttaskid: "0" | |||
| tasks: | |||
There was a problem hiding this comment.
Please make sure to update this README after all changes are done: https://github.com/demisto/content/blob/master/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Service_Ownership_README.md
|
@BigEasyJ please merge from master to retrieve the latest changes of the pack. |
…nto EXPANDR-3830_service_owner_playbook
…nto EXPANDR-3830_service_owner_playbook
GuyAfik
added
the
ready-for-instance-test
|
For the Reviewer: Successfully created a pipeline in Gitlab with url: https://code.pan.run/xsoar/content/-/pipelines/5234853 |
GuyAfik
merged commit fed319d
into
demisto:contrib/BigEasyJ_EXPANDR-3830_service_owner_playbook
…6334) (#26442) * Update Cortex ASM - Service Ownership playbook - Fixed an issue where GCP project is not found. - Updated the Cortex ASM - Service Ownership playbook to check for GCP as an external service before completing GCP related tasks for ranking users. * Remove unneccessary condition from playbook - Local validate did not catch input that was not defined, but CI/CD validate did - Removing unused conditional check in "What provider is this service?" task #14 * Update Service Ownership and GCP Enrichment playbooks - Remove Service Account lookup and source updates from Cortex_ASM_-_GCP_Enrichment playbook. - Remove retrieval of owners assocaited to a service account until more testing is completed. * Update release notes * Updates from code review * Update PNG Co-authored-by: John <[email protected]> Co-authored-by: GuyAfik <[email protected]>
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
fixes: EXPANDR-3830 to address #25927
Description
Screenshots
Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have