Merge pull request #15 from metron-labs/Updated-Mirroring

Updated the Doppel Package with Additional Requirements

Packs/Doppel/Integrations/Doppel/Doppel.py

@@ -80,6 +80,7 @@ def update_alert(
                 entity_state: str,
                 alert_id: Optional[str] = None,
                 entity: Optional[str] = None,
+                comment: Optional[str] = None,
             ) -> Dict[str, Any]:
         """
         Updates an existing alert using either the alert ID or the entity.
@@ -98,7 +99,7 @@ def update_alert(
         api_name = "alert"
         api_url = f"{self._base_url}/{api_name}"
         params = {"id": alert_id} if alert_id else {"entity": entity}
-        payload = {"queue_state": queue_state, "entity_state": entity_state}
+        payload = {"queue_state": queue_state, "entity_state": entity_state, "comment" :comment}
 
         response_content = self._http_request(
             method="PUT",  # Changed to PUT as per reference
@@ -295,13 +296,14 @@ def doppel_update_alert_command(client: Client, args: Dict[str, Any]) -> Command
     entity = args.get('entity')
     queue_state = args.get('queue_state')
     entity_state = args.get('entity_state')
+    comment = args.get('comment')
 
     if alert_id and entity:
         raise ValueError("Only one of 'alert_id' or 'entity' can be specified.")
     if not queue_state or not entity_state:
         raise ValueError("Both 'queue_state' and 'entity_state' must be specified.")
 
-    result = client.update_alert(queue_state=queue_state, entity_state=entity_state, alert_id=alert_id, entity=entity)
+    result = client.update_alert(queue_state=queue_state, entity_state=entity_state, alert_id=alert_id, entity=entity , comment=comment)
 
     return CommandResults(
         outputs_prefix='Doppel.UpdatedAlert',
@@ -551,4 +553,4 @@ def main() -> None:
 
 
 if __name__ in ('__main__', '__builtin__', 'builtins'):
-    main()
+    main()

Packs/Doppel/Integrations/Doppel/Doppel.yml

@@ -128,6 +128,8 @@ script:
       - down
       - parked
       type: textArea
+    - name: comment
+      type: textArea
     description: Updates an alert in the Doppel platform.
     name: doppel-update-alert
     outputs:

Packs/Doppel/Integrations/Doppel/Doppel_test.py

@@ -108,4 +108,4 @@ def test_command_exception(mocker, requests_mock, command, args, api_path, statu
     # Notice that the API was not called, but the app itself has raised an exception before making the API call
     assert adapter.call_count == 0
     assert results_checker.call_args.args[0].get('Contents') == exception_message
-
+

Packs/Doppel/classifier/classifier-Doppel_Incident_Classifier.json

@@ -0,0 +1,42 @@
+{
+	"brands": null,
+	"cacheVersn": 0,
+	"defaultIncidentType": "",
+	"definitionId": "",
+	"description": "Doppel-XSOAR integration classifier to classify the fetched incidents to Doppel_Incident_Test.",
+	"feed": false,
+	"fromServerVersion": "",
+	"id": "607dc952-f37f-44d9-899f-16b0946230dd",
+	"incidentSamples": null,
+	"indicatorSamples": null,
+	"instanceIds": null,
+	"itemVersion": "",
+	"keyTypeMap": {
+		"crypto": "Doppel Alert Crypto",
+		"domains": "Doppel Alert Domains",
+		"ecommerce": "Doppel Alert Ecommerce",
+		"email": "Doppel Alert Email",
+		"mobile_apps": "Doppel Alert Mobile_Apps",
+		"paid_ads": "Doppel Alert Paid_Ads",
+		"social_media": "Doppel Alert Social_Media"
+	},
+	"locked": false,
+	"logicalVersion": 6,
+	"mapping": null,
+	"name": "Doppel_Incident_Classifier",
+	"nameRaw": "Doppel_Incident_Classifier",
+	"packID": "",
+	"packName": "",
+	"propagationLabels": [
+		"all"
+	],
+	"sourceClassifierId": "",
+	"system": false,
+	"toServerVersion": "",
+	"transformer": {
+		"simple": "product"
+	},
+	"type": "classification",
+	"unclassifiedCases": null,
+	"version": -1
+}