content icon indicating copy to clipboard operation
content copied to clipboard
verified publisher icon demisto

Dataminr Release 2.0.0

Open crestdatasystems opened this issue 1 month ago • 3 comments

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

  • [ ] In Progress
  • [x] Ready
  • [ ] In Hold - (Reason for hold)

Description

Added new integration: Dataminr Pulse - ReGenAI

  • This integration leverages Dataminr Pulse's AI-powered, real-time intelligence to integrate into Cortex XSOAR workflows for faster detection and response.
  • Added the following commands:
    • dataminrpulse-watchlists-get
    • dataminrpulse-alerts-get
    • dataminrpulse-vulnerability-enrich
    • dataminrpulse-malware-enrich
    • dataminrpulse-threat-actor-enrich

Added following Playbooks:

Enrich Custom IOCs - Dataminr Pulse
  • This playbook will enrich the Dataminr Pulse ReGenAI Incident's IOCs using custom reputation commands.
Update Live Briefs - Dataminr Pulse
  • This playbook will update the previously fetched Dataminr Pulse ReGenAI incidents with the latest briefs.

Must have

  • [x] Tests
  • [x] Documentation

crestdatasystems avatar Nov 21 '25 11:11 crestdatasystems

Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @merit-maita will know the proposed changes are ready to be reviewed. For your convenience, here is a link to the contributions SLAs document.

content-bot avatar Nov 21 '25 11:11 content-bot

Hi @crestdatasystems, thanks for contributing to the XSOAR marketplace. To receive credit for your generous contribution please follow this link.

content-bot avatar Nov 21 '25 11:11 content-bot

Hi @Benimanela,

Thanks for reviewing the PR! Providing the replies for your comments.

General

  • We have run the demisto-sdk format command as recommended.
  • The default incident type has already been defined in the integration YML file.
Default Incident Type

Incident Fields / Indicator Fields

  • We have reviewed the fields and set unsearchable: true for those that do not require search functionality.

Layout

  • Since the automation output is rendered with theme-based background colors, we added the section headers directly within the script, following the proposed approach by Dataminr.

Alert with live brief data:

With Data

Alert without live brief data:

Without Data

Incoming Mapper

  • We have kept the complex format for all individual field mappings to maintain consistency. As a result, updates related to filters and transformers will show noticeable changes, which would be difficult to interpret using a simplified format.

We have also shared the recorded demo via DFIR.

crestdatasystems avatar Nov 28 '25 06:11 crestdatasystems