Skip to content

Commit

Permalink
Delete the case of reopening
Browse files Browse the repository at this point in the history
  • Loading branch information
TOUFIKIzakarya committed Sep 2, 2024
1 parent a1c314f commit df53ef9
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 29 deletions.
21 changes: 0 additions & 21 deletions Packs/SekoiaXDR/Integrations/SekoiaXDR/SekoiaXDR.py
Original file line number Diff line number Diff line change
Expand Up @@ -638,7 +638,6 @@ def get_remote_data_command(
close_note: str,
mirror_events: bool,
mirror_kill_chain: bool,
reopen_incident: bool,
):
"""get-remote-data command: Returns an updated alert and error entry (if needed)
Expand All @@ -650,8 +649,6 @@ def get_remote_data_command(
close_note (str): Indicates the notes to be including when the incident gets closed by mirroring.
mirror_events (bool): If the events will be included in the mirroring of the alerts or not.
mirror_kill_chain: If the kill chain information from the alerts will be mirrored.
reopen_incident: Indicates whether to reopen the corresponding XSOAR incident if the alert
has been reopened on Sekoia's end.
Returns:
GetRemoteDataResponse: The Response containing the update alert to mirror and the entries
"""
Expand Down Expand Up @@ -740,23 +737,6 @@ def get_remote_data_command(
}
]

# Reopen the XSOAR incident using mirroring
if (
(reopen_incident)
and (alert_status not in ["Closed", "Rejected"])
and (investigation["status"] == 1)
):
demisto.debug(
f"Alert {alert_short_id} with status {alert_status} was reopened in Sekoia, reopening incident {incident_id} in XSOAR"
)
entries = [
{
"Type": EntryType.NOTE,
"Contents": {"dbotIncidentReopen": True},
"ContentsFormat": EntryFormat.JSON,
}
]

demisto.debug("#### Leaving MIRRORING IN - get_remote_data_command ####")

return GetRemoteDataResponse(mirrored_object=alert, entries=entries)
Expand Down Expand Up @@ -1515,7 +1495,6 @@ def main() -> None:
close_note=demisto.params().get("close_note"), # type: ignore
mirror_events=demisto.params().get("mirror_events"), # type: ignore
mirror_kill_chain=demisto.params().get("mirror_kill_chain"), # type: ignore
reopen_incident=demisto.params().get("reopen_incident"), # type: ignore
)
)
elif command == "get-modified-remote-data":
Expand Down
8 changes: 0 additions & 8 deletions Packs/SekoiaXDR/Integrations/SekoiaXDR/SekoiaXDR.yml
Original file line number Diff line number Diff line change
Expand Up @@ -226,14 +226,6 @@ configuration:
type: 8
required: false
additionalinfo: When selected, it includes the kill chain information of the alert in the mirrored alerts when an alert is updated in Sekoia.
- section: Collect
advanced: true
display: Reopen Mirrored Cortex XSOAR Incidents (Incoming Mirroring)
name: reopen_incident
defaultvalue: "false"
type: 8
required: false
additionalinfo: When selected, reopening the Sekoia XDR alert will reopen the Cortex XSOAR incident.
- section: Collect
advanced: true
display: Close Mirrored Cortex XSOAR Incidents (Incoming Mirroring)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@
- **Alerts status**: Pending, Acknowledge, Ongoing
- **Close notes**: Closed by Sekoia

### Important Note

For the case of reopening an incident from Sekoia to Cortex after it has been closed, it is not functional for now. However, the reverse is achievable.

### API Key Creation

Similar to other APIs, SEKOIA's API employs an authentication mechanism that involves the use of an API key. To obtain an API key and facilitate secure access to SEKOIA's services, follow these straightforward steps:
Expand Down

0 comments on commit df53ef9

Please sign in to comment.