demisto
MDR by mnemonic V1.2.0
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
- [x] In Progress
- [x] Ready
- [ ] In Hold - (Reason for hold)
Description
We are changing the name of the pack to conform with marketplace standards, updating the docker image used, and adding some functionality to the integration with supporting layouts, fields, etc.
Must have
- [x] Tests
- [x] Documentation
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @mmhw will know the proposed changes are ready to be reviewed. For your convenience, here is a link to the contributions SLAs document.
Hi @konraduh, thanks for contributing to the XSOAR marketplace. To receive credit for your generous contribution please follow this link.
Hi @konraduh , some general notes:
-
you can't change "unsearchable": true to this amount of fields - it can be 2-4 fields with unsearchable equals to true. when you change it to true, you can't do "associatedToAll": true - you need to associate to your incident type.
-
for any field changed to "unsearchable": true - please explain why, including new fields you added.
-
for each playbook you need to add readme.
-
why did you remove the "platform" marketplace and supported modules in metadata?
hi @edik24, thank you for the feedback.
- We are unsure where this change "unsearchable": true comes from. There have been several contributors "behind the scenes." Will fix.
- We'll add readmes to the playbooks!
- No idea why this was removed, will fix, possible something missed in a merge
We've struggled a little with demisto-sdk format/lint/validate, so I apologise for the state of the PR. Our hope was that the pipeline will identify changes needed, so bear with us. Thanks again.
Hi, @Benimanela
Thank you for the feedback. We're working on the playbooks. I do have a couple of questions:
- Your colleage edik24 asked me to set "unsearchable: false", but now you request true. Please clarify. I set unsearchable to a couple of fields that don't need to be searchable, but why not be able to search for e.g all Argus Case Service of a certain type?
- Created a Status V2 for maintain backwards compatability. Is this suitable?
- On that note, keeping Argus Case Last Updated and Argus Case Priority as they are in use by certain customers to trigger automations already. Hope this is ok? Will keep it in mind in the future.
We removed the playbooks, since the "pull case metadata" is no longer in use by any incident type. We also removed the new generic one since, as you say, it is incomplete. It's on the roadmap, but we need to get this update out to fix an issue with the integration not working with the latest docker image. This update will fix this.
Let me know you require any further changes to the PR 😊
I see that the deleted file validation does not accept removing the playbook. Please suggest what to do regarding this, it is no longer in use.
Hi @Benimanela and @edik24 ,
Please advice, your CI is throwing an exception, and I am unsure how to deal with it. I suspect it's the old mapper classifier-Argus_Case_5_9_9.json, can we delete this mapper?
ValueError: Mapper:b8bcb3b6-2c60-4f0d-8e2b-2d90eb700445: Unknown type "None" - expected "mapping-outgoing" or "mapping-incoming".
Hi @konraduh,
It looks like the type field is missing in classifier-Argus_Case_5_9_9.json.
Please add "type": "classification" and rerun the CI.
Thanks!
Hi @konraduh Thanks a lot of your effort! it's look like still there is some validation issues
please feel free to reach me in case of any help you need.
Hi @ilappe
Could you tell us how to resolve: 1)
Packs/mnemonicMDR/Playbooks/playbook-Pull_Case_Metadata_-_Argus_Managed_Defence.yml: [PB106] - Playbook should not use specific instance for tasks: e2520f2a-c325-484c-8e7b-64bf4de6900d, 31bf5c1b-bd61-4530-8901-932040888160, f233ba19-69a2-4cad-841a-4f242701b7a5, d8659f9b-f13a-4f70-8858-572c3adba880.
It seems those references are references to tasks in the playbook? Not integration instances. In general, this playbook is obsolete, and is there a way to delete it?
All the release note errors are still there even after re-running update-release-notes
Packs/mnemonicMDR/ReleaseNotes/1_2_0.md: [RN107] - No release note entry was found for the incidentfield "Argus Case Type" in the mnemonicMDR pack. Please rerun the update-release-notes command without -u to generate an updated template. If you are trying to exclude an item from the release notes, please refer to the documentation found here - https://xsoar.pan.dev/docs/integrations/changelog#excluding-items
I'll work on the rest.
Thank you
Also, @ilappe , could you explain how these validations work and how to fix them, please?
argus-list-case-comments:
The following outputs are missing from yml: **Argument Name**
argus-advanced-case-search:
The following outputs are missing from yml: comment, case_id
argus-close-case:
The following outputs are missing from yml: type, status, tags
[...]
@ilappe , also, may we delete the file Packs/mnemonicMDR/Classifiers/classifier-Argus_Case_5_9_9.json due to the error:
[BA106] - The Classifier from version field is either missing or insufficient, need at least 6.0.0, current is 5.5.0.
regarding this it's mean the README are not aligned with the yml and there is some context path defined in the README but not in the YML please be sure the README is correct for example line 534 in the README looks wrong thanks!
@ilappe ,
I ran update-release-notes once more, but still get errors. I tried looking at https://xsoar.pan.dev/docs/documentation/release-notes but that made it worse.
Please let me know how the headers should look.
I also still need to understand how to resolve this error, or if we can delete the playbook:
Packs/mnemonicMDR/Playbooks/playbook-Pull_Case_Metadata_-_Argus_Managed_Defence.yml: [PB106] - Playbook should not use specific instance for tasks: e2520f2a-c325-484c-8e7b-64bf4de6900d, 31bf5c1b-bd61-4530-8901-932040888160, f233ba19-69a2-4cad-841a-4f242701b7a5, d8659f9b-f13a-4f70-8858-572c3adba880.
thank you!
HI @ilappe and @Benimanela ,
this seems to be a lot of work for a playbook that is not in use, and obsolete. Can we rather delete the entire thing?
Hi @konraduh, we haven’t heard from you in a while. Do you need any help with the pull request?
Please feel free to reach out to me here or on Slack. Thanks again for contributing to our repo, hope to hear from you soon.
Hi @ilappe ,
Since the scope of this PR exceeded our expected scope a bit due to new validations failing existing code, this was not the quick update we hoped. Hope to find the time to resume work asap. Thanks for the help so far.
In the meantime, could you help us with deleting the old playbook playbook-Pull_Case_Metadata_-_Argus_Managed_Defence.yml without failing the "cannot delete files" validation?
Hi @ilappe ,
Since the scope of this PR exceeded our expected scope a bit due to new validations failing existing code, this was not the quick update we hoped. Hope to find the time to resume work asap. Thanks for the help so far.
In the meantime, could you help us with deleting the old playbook
playbook-Pull_Case_Metadata_-_Argus_Managed_Defence.ymlwithout failing the "cannot delete files" validation?
Hi @konraduh Thank you very much for your efforts!!
regarding the deletion of the playbook try to deprecate it instead
Hello @konraduh i will continue working with you on this pr, what's the status on your side? there're some changes required by @ilappe and the pre-commit step is failing. If you need any help with the pr feel free to contact me over slack (Merit Maayta) or here.
@konraduh I'm sorry to update you that i'll close the contribution pr for the lack of update, if you decide to proceed with the contribution make the requested changes and open the pr again.