WatchGuard - add connector

[lvoloshyn-sekoia]

No description provided.

[github-actions]

Test Results

17 tests  +7   16 ✅ +6   0s ⏱️ ±0s
 1 suites ±0    1 💤 +1 
 1 files   ±0    0 ❌ ±0 

Results for commit 10447b8. ± Comparison against base commit abca275.

This pull request removes 10 and adds 17 tests. Note that renamed tests count towards both.

tests.test_helpers ‑ test_get_upper_second
tests.test_mimecast_siem_logs ‑ test_authentication_failed
tests.test_mimecast_siem_logs ‑ test_fetch_batches
tests.test_mimecast_siem_logs ‑ test_most_recent_datetime_seen
tests.test_mimecast_siem_logs ‑ test_permission_denied
tests.test_mimecast_siem_logs ‑ test_start_consumers
tests.test_mimecast_siem_logs ‑ test_stop_consumers
tests.test_mimecast_siem_logs ‑ test_supervise_consumers
tests.test_retry ‑ test_get_retry_after
tests.test_retry ‑ test_parse_ratelimit_retry_after

tests.test_authorization ‑ test_authorization
tests.test_connector_security_events ‑ test_fetch_events
tests.test_connector_security_events ‑ test_fetch_next_events_with_empty_list
tests.test_connector_security_events ‑ test_fetch_next_events_with_no_response
tests.test_connector_security_events ‑ test_fetch_next_exploits
tests.test_connector_security_events ‑ test_fetch_next_intrusion_attempts
tests.test_connector_security_events ‑ test_fetch_next_malware_urls
tests.test_connector_security_events ‑ test_filter_security_events
tests.test_connector_security_events ‑ test_get_authorization_request_new_token_only_when_needed
tests.test_trigger_security_events ‑ test_fetch_events
…

♻️ This comment has been updated with latest results.

[codecov]

Codecov Report

Attention: Patch coverage is 82.42424% with 29 lines in your changes missing coverage. Please review.

Project coverage is 88.85%. Comparing base (abca275) to head (10447b8).
Report is 97 commits behind head on main.

Files with missing lines	Patch %	Lines
...her_endpoint_security_api/security_events_mixin.py	77.96%	13 Missing ⚠️
...endpoint_security_api/connector_security_events.py	73.33%	12 Missing ⚠️
...curity/aether_endpoint_security_api/client/auth.py	91.83%	4 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #1166       +/-   ##
===========================================
+ Coverage   75.53%   88.85%   +13.31%     
===========================================
  Files          26      259      +233     
  Lines         605     9440     +8835     
  Branches        0      554      +554     
===========================================
+ Hits          457     8388     +7931     
- Misses        148      981      +833     
- Partials        0       71       +71     

Flag	Coverage Δ
PandaSecurity	80.63% <82.42%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[squioc]

Thanks for the work.
I pushed a suggestion and made some comments

[squioc]

I suggest using from posixpath import join as urljoin instead (see SEKOIA-IO/sekoia-automation-sdk#139)

[squioc]

Why do you not keep the metrics here?

[lvoloshyn-sekoia]

Metrics, without intake_key, are hardly exploitable. And, as this trigger is a trigger (and not connector), we don't have this information.

We did the same for Vade M365

[squioc]

Same as above