content icon indicating copy to clipboard operation
content copied to clipboard
verified publisher icon demisto

feat: Add support for incident mirroring in Trend Micro Vision One Integration V3

Open tpi-aigc opened this issue 2 months ago • 11 comments

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

  • [x] In Progress
  • [x] Ready
  • [ ] In Hold - (Reason for hold)

Related Issues

No

Description

  • Introduced new parameter for incident mirroring direction in README and integration YAML.
  • Implemented functions for handling incoming and outgoing mirroring of incidents.
  • Added commands for fetching modified remote data and getting remote data from Vision One.
  • Updated the integration to map XSOAR incident statuses to Vision One alert statuses and vice versa.
  • Enhanced unit tests to cover new mirroring functionalities and ensure correct behavior.
  • Updated version to 4.4.0 and added release notes for mirroring support.

Must have

  • [x] Tests
  • [x] Documentation

tpi-aigc avatar Oct 30 '25 07:10 tpi-aigc

Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @merit-maita will know the proposed changes are ready to be reviewed. For your convenience, here is a link to the contributions SLAs document.

content-bot avatar Oct 30 '25 07:10 content-bot

Hi @tpi-aigc, thanks for contributing to the XSOAR marketplace. To receive credit for your generous contribution please follow this link.

content-bot avatar Oct 30 '25 07:10 content-bot

Hi @merit-maita @Benimanela , is there any work need me to do? i already filling the contribution registration form when i PR. could you help to review this? thanks.

tpi-aigc avatar Nov 03 '25 02:11 tpi-aigc

thanks @merit-maita reviews, i have address it, if any other issue, feel free to let me know.

tpi-aigc avatar Nov 04 '25 03:11 tpi-aigc

Hi @Benimanela @merit-maita , I have made the address as per your suggestions, and the mirror function have been validated in my test environment. please help to next steps, thanks.

tpi-aigc avatar Nov 05 '25 09:11 tpi-aigc

@tpi-aigc thanks for the update! it looks good on my side, @Benimanela please take a look. @tpi-aigc let's set a demo call to go over it, feel free to contact via slack DFIR (merit maayta) or email: [email protected]

merit-maita avatar Nov 09 '25 12:11 merit-maita

@tpi-aigc thanks for the update! it looks good on my side, @Benimanela please take a look. @tpi-aigc let's set a demo call to go over it, feel free to contact via slack DFIR (merit maayta) or email: [email protected]

i already contact you from my email, Subject: "Re: [demisto/content] feat: Add support for incident mirroring in Trend Micro Vision One Integration V3 (PR https://github.com/demisto/content/pull/41720)".

tpi-aigc avatar Nov 12 '25 02:11 tpi-aigc

feat: Add support for incident mirroring in Trend

i just replied back in the email, you can also reply through the pr itself, im available this week Tuesday - Thursday 10:30 - 15:30 GMT+2.

merit-maita avatar Nov 17 '25 08:11 merit-maita

feat: Add support for incident mirroring in Trend

i just replied back in the email, you can also reply through the pr itself, im available this week Tuesday - Thursday 10:30 - 15:30 GMT+2.

thanks, your time zone of Wednesday 10:30 GMT+2 is work for me, more details we talk in mail.

tpi-aigc avatar Nov 18 '25 03:11 tpi-aigc

Hi @merit-maita , i send you the demo video, could you help to review it, thanks for your helps.

tpi-aigc avatar Nov 28 '25 03:11 tpi-aigc

@tpi-aigc please take a look at the failing validations in the pre-commit step, specially this one: Packs/TrendMicroVisionOne/Classifiers/classifier-Trend_Micro_Vision_One_V3_XDR_-_Outgoing_Mapper.json: [GR103] - Content item 'Trend Micro Vision One V3 XDR - Outgoing Mapper' is using content items: 'status' which cannot be found in the repository.

regarding all the RN errors, i recommend you to delete your RN file and the return the pack version to the previous version in pack_metadata, then run demisto-sdk update-release-notes -g, and let it generate the correct template, then add your notes to it. most importantly handle the above issue, and the integration display name issue.

merit-maita avatar Dec 01 '25 13:12 merit-maita

Hi @merit-maita, I had fix the RN errors by re-generate one (run demisto-sdk update-release-notes), and i want to use .pack-ignore to suppress false positive GR103 error, i confirm the 'status' we need to extract values into data when execute update_remote_system.

tpi-aigc avatar Dec 02 '25 09:12 tpi-aigc

Hi @merit-maita, I had fix the RN errors by re-generate one (run demisto-sdk update-release-notes), and i want to use .pack-ignore to suppress false positive GR103 error, i confirm the 'status' we need to extract values into data when execute update_remote_system.

seeing the errors in the pre-commit check, seems like the rn still has issues, please revert changing the id value of the integration, then delete your rn file and downgrade the pack version, then run demisto-sdk update-release-notes -g -bc -bc to add breaking changes about changing the integration name. it supposed to generate a template to all your changes, just fill in your changes in the file itself

merit-maita avatar Dec 07 '25 16:12 merit-maita

i already run your command, could you help to review this change?

tpi-aigc avatar Dec 08 '25 09:12 tpi-aigc

Thank you for your contribution. Your external PR has been merged and the changes are now included in an internal PR for further review. The internal PR will be merged to the master branch within 3 business days.

github-actions[bot] avatar Dec 14 '25 09:12 github-actions[bot]