Reliaquest takedown integration

[rq-vsarode]

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

• [x] In Progress
• [ ] Ready
• [ ] In Hold - (Reason for hold)

Related Issues

fixes: link to the issue

Description

A few sentences describing the overall goals of the pull request's commits.

Must have

• [x] Tests
• [ ] Documentation

[CLAassistant]

All committers have signed the CLA.

[content-bot]

Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @itssapir will know the proposed changes are ready to be reviewed. For your convenience, here is a link to the contributions SLAs document.

[content-bot]

Hi @rq-vsarode, thanks for contributing to the XSOAR marketplace. To receive credit for your generous contribution please follow this link.

[itssapir]

Hi @rq-vsarode, Thank you very much for your contribution! Unfortunately, the PR review will be slightly delayed because of an Israeli holiday in the upcoming week (1st - 2nd of June). Thank you in advance for your patience and understanding.

In the meantime, please ensure you sign the CLA and fill in the contribution form.

Thanks again.

[edik24]

@rq-vsarode are you from Digital shadows? You are missing pack metadata file, release notes and other things, check the pre_commit.

[rq-vsarode]

@rq-vsarode are you from Digital shadows? You are missing pack metadata file, release notes and other things, check the pre_commit.

sure i will check that. thanks

[edik24]

@rq-vsarode also fill in the contribution registration form - you are from the partner, but in the form you filled that you are an individual contributor

[rq-vsarode]

@rq-vsarode also fill in the contribution registration form - you are from the partner, but in the form you filled that you are an individual contributor

i dont have partner id request for it

[edik24]

@rq-vsarode also fill in the contribution registration form - you are from the partner, but in the form you filled that you are an individual contributor

i dont have partner id request for it

you entered the correct one.

[itssapir]

Hi @rq-vsarode, Thank you for your contribution!

I am working on a full review of your changes. In the meantime, there are a lot of errors in the pre-commit check that need to be fixed. you can run demisto-sdk pre-commit -g locally while fixing these to see if the fixes work. There are some empty files in the commit (test.txt, file-sample.pdf) The RN file for 2.0.4 has been deleted, and the contributors file should be placed in the main Pack folder (Packs/DigitalShadows)

Please feel free to reach out to me with any questions - I'm available here or on slack :) Thanks

[rq-vsarode]

Hi @edik24 @itssapir pre-commit failing for some issues which i think if I incorporate resources will not work. Eg. Packs/DigitalShadows/Layouts/layoutscontainer-Reliaquest_Takedown_Layout.json: [LO107] - The following invalid types were found in the layout: linkedIncidents, childInv, evidence, team, evidenceBoard, relatedIncidents. Those types are not supported in XSIAM, remove them or change the layout to be XSOAR only.

if I remove above types then my layout will not work. What should I do in this case ?

[rq-vsarode]

Hi @rq-vsarode, Thank you for the work on this contribution. The implementation looks good overall. I have a few comments from a security perspective at this stage:

General

• Please run demisto-sdk format on all new files to ensure proper formatting and standard compliance.

Incident Type

• Rename the incident type from Reliaquest Takedown Type to Reliaquest Takedown incident for consistency with naming conventions.

Incident Fields

• Avoid using "associatedToAll": true; instead, use associatedTypes and explicitly specify the Reliaquest Takedown incident type.
• If DS Targets is used specifically for Takedown incidents, rename the field to DS Takedown Targets to reflect its specific usage and improve clarity.

Mapper

• All current mappings are under Common Mapping. These should be moved and mapped under the Reliaquest Takedown incident type instead.

Layout

• Some fields (e.g., DS Targets, Source Brand) appear to be mapped multiple times. Please review and eliminate duplicates to avoid redundancy.

ReliaquestTakedown_description.md

• Fix the support URL. It currently appears to be broken.

Let me know once the fixes are in place so I can take another look.

Hi @Benimanela thanks for feedback. I have incorporated the same can you please check

[rq-vsarode]

Hi @rq-vsarode, Here is my initial review.

A couple extra notes:

• Most of the comments are to change the demisto.info calls to demisto.debug as they all seem like debug messages. If you feel anything specific should stay as info lets discuss it.
• See my comment in get-modified-remote-data. It looks like the mirroring wouldn't work as expected as is. let me know if something is unclear.

Let me know if you have any questions or need any assistance. Thanks.

Hi @rq-vsarode, Here is my initial review.

A couple extra notes:

• Most of the comments are to change the demisto.info calls to demisto.debug as they all seem like debug messages. If you feel anything specific should stay as info lets discuss it.
• See my comment in get-modified-remote-data. It looks like the mirroring wouldn't work as expected as is. let me know if something is unclear.

Let me know if you have any questions or need any assistance. Thanks.

Hi @itssapir thanks for feedback i have incorporated the feedback and commented for your questions. Can you please go through it once and let me know if anything missing

[itssapir]

Hi @rq-vsarode, Here is my initial review. A couple extra notes:

• Most of the comments are to change the demisto.info calls to demisto.debug as they all seem like debug messages. If you feel anything specific should stay as info lets discuss it.
• See my comment in get-modified-remote-data. It looks like the mirroring wouldn't work as expected as is. let me know if something is unclear.

Let me know if you have any questions or need any assistance. Thanks.

Hi @rq-vsarode, Here is my initial review. A couple extra notes:

• Most of the comments are to change the demisto.info calls to demisto.debug as they all seem like debug messages. If you feel anything specific should stay as info lets discuss it.
• See my comment in get-modified-remote-data. It looks like the mirroring wouldn't work as expected as is. let me know if something is unclear.

Let me know if you have any questions or need any assistance. Thanks.

Hi @itssapir thanks for feedback i have incorporated the feedback and commented for your questions. Can you please go through it once and let me know if anything missing

Great, thanks! I marked most of the comments as resolved. I added replies to 3 of the comments, please take a look.

[content-bot]

For the Reviewer: Trigger build request has been accepted for this contribution PR.

[content-bot]

For the Reviewer: Successfully created a pipeline in GitLab with url: https://gitlab.xdr.pan.local/xdr/cortex-content/content/-/pipelines/3852973

[content-bot]

For the Reviewer: Trigger build request has been accepted for this contribution PR.

[content-bot]

For the Reviewer: Successfully created a pipeline in GitLab with url: https://gitlab.xdr.pan.local/xdr/cortex-content/content/-/pipelines/3868436

[rq-vsarode]

Good work!

Thank you so much for you support :)

[github-actions[bot]]

Thank you for your contribution. Your external PR has been merged and the changes are now included in an internal PR for further review. The internal PR will be merged to the master branch within 3 business days.