Added new commands

metron-labs · Mar 8, 2024 · 7f1e6f5 · 7f1e6f5
1 parent a10ddb1
commit 7f1e6f5
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 39 deletions.
diff --git a/Packs/Cybereason/Integrations/Cybereason/Cybereason.py b/Packs/Cybereason/Integrations/Cybereason/Cybereason.py
@@ -1944,68 +1944,73 @@ def get_machine_details_command(client: Client, args: dict):
             outputs_key_field='MachineID',
             outputs=outputs)
 
-def query_malop_management_command(client:Client, args:dict):
+
+def query_malop_management_command(client: Client, args: dict):
     malop_guid = args.get('malopGuid')
     json_body = {
-        "search":{
-            "malop":{
-                "guid":f'{malop_guid}'
+        "search": {
+            "malop": {
+                "guid": f'{malop_guid}'
             }
         },
-        "pagination":{
-            "offset":0
+        "pagination": {
+            "offset": 0
         }
     }
     demisto.info(f"json_body in query_malop_management_command: {json_body}")
     response = client.cybereason_api_call('POST', '/rest/mmng/v2/malops', json_body=json_body)
     data = response["data"]
     demisto.info(f"api response in query_malop_management_command : {data}")
-    if dict_safe_get(response, ['data','data']) == []:
-        raise DemistoException("Could not find details for the provided MalopGuid" + malop_guid)
+    if dict_safe_get(response, ['data', 'data']) == []:
+        raise DemistoException(f"Could not find details for the provided MalopGuid {malop_guid}")
     else:
         for single_malop in response["data"]["data"]:
-            guid = single_malop.get("guid","")
-            creation_time = single_malop.get("creationTime","")
-            malop_last_update_time = single_malop.get("lastUpdateTime","")
-            management_status = single_malop.get("investigationStatus","")
-            involved_hashes = single_malop.get("rootCauseElementHashes",[])
+            guid = single_malop.get("guid", "")
+            creation_time = single_malop.get("creationTime", "")
+            malop_last_update_time = single_malop.get("lastUpdateTime", "")
+            management_status = single_malop.get("investigationStatus", "")
+            involved_hashes = single_malop.get("rootCauseElementHashes", [])
             if single_malop["isEdr"]:
-                link =  SERVER + '/#/malop/' + guid
+                link = SERVER + '/#/malop/' + guid
             else:
-                link = SERVER +'/#/detection-malop/' + guid
-                
+                link = SERVER + '/#/detection-malop/' + guid
+
         outputs = []
         malop_output = {
-                'GUID': guid,
-                'Link': link,
-                'CreationTime': creation_time,
-                'LastUpdateTime': malop_last_update_time,
-                'Status': management_status,
-                'InvolvedHash': involved_hashes
-            }
+            'GUID': guid,
+            'Link': link,
+            'CreationTime': creation_time,
+            'LastUpdateTime': malop_last_update_time,
+            'Status': management_status,
+            'InvolvedHash': involved_hashes
+        }
         outputs.append(malop_output)
         return CommandResults(
-        readable_output=tableToMarkdown('Cybereason Malop', outputs, headers=SINGLE_MALOP_HEADERS) if outputs else 'No malop found',
-        outputs_prefix='Cybereason.Malops',
-        outputs_key_field='GUID',
-        outputs=outputs)
+            readable_output=tableToMarkdown('Cybereason Malop', outputs, headers=SINGLE_MALOP_HEADERS)
+            if outputs else 'No malop found',
+            outputs_prefix='Cybereason.Malops',
+            outputs_key_field='GUID',
+            outputs=outputs)
+
 
-def cybereason_process_attack_tree_command(client:Client, args:dict):
+def cybereason_process_attack_tree_command(client: Client, args: dict):
     process_guid_list = argToList(args.get('processGuid'))
     outputs = []
     for guid in process_guid_list:
         url = SERVER + "/#/processTree?guid=" + guid + "&viewedGuids=" + guid + "&rootType=Process"
         process_output = {
-                'ProcessID': guid,
-                'URL': url,
-            }
+            'ProcessID': guid,
+            'URL': url,
+        }
         outputs.append(process_output)
+    empty_output_message = 'No Process Details found for the given ProcessID'
     return CommandResults(
-            readable_output=tableToMarkdown(
-                'Process Attack Tree URL', outputs, headers=PROCESS_URL_HEADERS) if outputs else empty_output_message,
-            outputs_prefix='Cybereason.Process',
-            outputs_key_field='ProcessID',
-            outputs=outputs)
+        readable_output=tableToMarkdown('Process Attack Tree URL', outputs, headers=PROCESS_URL_HEADERS)
+        if outputs else empty_output_message,
+        outputs_prefix='Cybereason.Process',
+        outputs_key_field='ProcessID',
+        outputs=outputs)
+
 
 def get_machine_details_command_pagination_params(args: dict) -> dict:
     '''
@@ -2174,10 +2179,10 @@ def main():
 
         elif demisto.command() == 'cybereason-get-machine-details':
             return_results(get_machine_details_command(client, args))
-        
+
         elif demisto.command() == 'cybereason-query-malop-management':
             return_results(query_malop_management_command(client, args))
-        
+
         elif demisto.command() == 'cybereason-process-attack-tree':
             return_results(cybereason_process_attack_tree_command(client, args))
 

diff --git a/Packs/Cybereason/Integrations/Cybereason/Cybereason_test.py b/Packs/Cybereason/Integrations/Cybereason/Cybereason_test.py
@@ -283,6 +283,22 @@ def test_query_malops_command(mocker):
     assert command_output.outputs[0]['AffectedMachine'] == ['desktop-j60ivd0']
 
 
+def test_query_malop_management_command(mocker):
+    from Cybereason import query_malop_management_command
+    from Cybereason import Client
+    HEADERS = {'Content-Type': 'application/json', 'Connection': 'close'}
+    client = Client(
+        base_url="https://test.server.com:8888",
+        verify=False,
+        headers=HEADERS,
+        proxy=True)
+    args = {"guid": "AAAA0w7GERjl3oae"}
+    query_malop_management_raw_response = json.loads(load_mock_response('query_malop_management_raw_response.json'))
+    mocker.patch("Cybereason.Client.cybereason_api_call", return_value=query_malop_management_raw_response)
+    command_output = query_malop_management_command(client, args)
+    assert command_output.outputs[0]['GUID'] == 'AAAA0w7GERjl3oae'
+
+
 def test_update_malop_status_command(mocker):
     from Cybereason import update_malop_status_command
     from Cybereason import Client

diff --git a/Packs/Cybereason/Scripts/CybereasonPreProcessingExample/CybereasonPreProcessingExample.py b/Packs/Cybereason/Scripts/CybereasonPreProcessingExample/CybereasonPreProcessingExample.py
@@ -1,8 +1,9 @@
 import demistomock as demisto  # noqa: F401
 from CommonServerPython import *  # noqa: F401
+from typing import Dict
 
 
-def get_guid_from_system_incident(incident: dict[str, Any]) -> str:
+def get_guid_from_system_incident(incident: Dict[str, Any]) -> str:
     malop_guid = ''
     for label in incident['labels']:
         if label['type'] == 'guidString':