Varonissaas : New App - application for fetching events and alerts from Varonis SaaS to Splunk SOAR

[vkorenkov-varonis]

Please ensure your pull request (PR) adheres to the following guidelines:

• Please refer to our contributing documentation for any questions on submitting a pull request, link: Contribution Guide

Pull Request Checklist

Please check if your PR fulfills the following requirements:

• Testing of all the changes has been performed (for bug fixes / features)
• The manual_readme_content.md has been reviewed and added / updated if needed (for bug fixes / features)
• Use the following format for the PR description: <App Name>: <PR Type> - <PR Description>
• Provide release notes as part of the PR submission which describe high level points about the changes for the upcoming GA release.
• Verify all checks are passing.
• Do NOT use the next branch of the forked repo. Create separate feature branch for raising the PR.
• Do NOT submit updates to dependencies unless it fixes an issue.

Pull Request Type

Please check the type of change your PR introduces:

• New App
• Bugfix
• Feature
• Code style update (formatting, renaming)
• Refactoring (no functional changes, no api changes)
• Documentation
• Other (please describe):

Security Considerations (REQUIRED)

• If you are exposing any endpoints using a REST handler,
  please document them in the manual_readme_content.md.
• If this is a new connector or you are adding new actions
  • Please document in the manual_readme_content.md all methods (eg, OAuth) used to authenticate
    with the service that the connector is integrating with.
  • If any actions are unable to run on SOAR Cloud, please document this in the manual_readme_content.md.
• Are you introducing any new cryptography modules? If yes, please elaborate their purpose:
• Are you are accessing the file system? If yes, please verify that you are only accessing paths returned through
  the Vault API.
• Are you are marking code to be ignored by Semgrep with nosemgrep?
  If yes, please provide justification in an additional comment next to the ignored code.

Release Notes (REQUIRED)

• action get alerts - Get alerts from Varonis SaaS
• action update alert status - Update Varonis alert status command
• action close alert - Close Varonis alert command
• action get alerted events - Get alerted events from Varonis SaaS
• functionality to ingest data from Varonis SaaS

What is the current behavior? (OPTIONAL)

• Describe the current behavior that you are modifying.

What is the new behavior? (OPTIONAL)

• Describe the behavior or changes that are being added by this PR.

Other information (OPTIONAL)

• Any other information that is important to this PR such as screenshots of how the component looks before and after the change.

Pay close attention to (OPTIONAL)

• Any specific code change or test case points which must be addressed/reviewed at the time of GA release.

Screenshots (if relevant)

---

Thanks for contributing!

[splunk-soar-connectors-bot]

Thank you for your submission! We have a total of 21 PRs open right now, and we are working hard on all of them! We will take a look as soon as we can.

[splunk-soar-connectors-bot]

@vkorenkov-varonis Static Tests results for commit ee68ddd - https://drive.google.com/file/d/1gXjbto4AOKHyXFHUwCzZdOlQ0Uhwlce6/view?usp=drivesdk

[splunk-soar-connectors-bot]

@vkorenkov-varonis Compile Tests results for commit ee68ddd - https://drive.google.com/file/d/1kLvP0O3CvIk2H6-UEmsNscyrlnu_VkZ-/view?usp=drivesdk

[splunk-soar-connectors-bot]

@github-actions[bot] Static Tests results for commit 5ff7ba4 - https://drive.google.com/file/d/1WtwrbKIO7XCtZODfA4w_sMDfC4dybodu/view?usp=drivesdk

[splunk-soar-connectors-bot]

@github-actions[bot] Compile Tests results for commit 5ff7ba4 - https://drive.google.com/file/d/19Ko6k-qz7EW-XY2GekP9RKP3SmwJuTxY/view?usp=drivesdk

[splunk-soar-connectors-bot]

@vkorenkov-varonis Static Tests results for commit a960988 - https://drive.google.com/file/d/1BEK9vgoCdR0Ds1j4FV2vqHYX08UMFlpc/view?usp=drivesdk

[splunk-soar-connectors-bot]

@vkorenkov-varonis Compile Tests results for commit a960988 - https://drive.google.com/file/d/1OUIBq5p0Q44vEeZVgEB5C9MoOf_0eRoi/view?usp=drivesdk

[splunk-soar-connectors-bot]

@stutib-crest Static Tests results for commit 431cc46 - https://drive.google.com/file/d/1ESAZQEFCzzq0YDZAhEapmsTg1W91po6-/view?usp=drivesdk

[splunk-soar-connectors-bot]

@github-actions[bot] Static Tests results for commit a043283 - https://drive.google.com/file/d/1t_8bL6BxTzsNV3oCRpYqvpsMIp0AHHCy/view?usp=drivesdk

[splunk-soar-connectors-bot]

@github-actions[bot] Compile Tests results for commit a043283 - https://drive.google.com/file/d/1mSan8ZEfYnphCLeLC8KbZW0CcfqjRSgv/view?usp=drivesdk

[splunk-soar-connectors-bot]

@stutib-crest Static Tests results for commit 928af16 - https://drive.google.com/file/d/1PEPJj76tcEm1unHFw7IzDqazWZD7ZDuJ/view?usp=drivesdk

[splunk-soar-connectors-bot]

@stutib-crest Compile Tests results for commit 928af16 - https://drive.google.com/file/d/1ZBeRI1HIDNeUeyiAjVpc6oyKrchOrCNe/view?usp=drivesdk

[splunk-soar-connectors-bot]

@stutib-crest Static Tests results for commit a88f4f5 - https://drive.google.com/file/d/10titfnTs3-9X9MDgDySgQrmyOEM3gobj/view?usp=drivesdk

[splunk-soar-connectors-bot]

@stutib-crest Compile Tests results for commit a88f4f5 - https://drive.google.com/file/d/1xgqtazZfcmcbYjI5DpHzl-qoFWF1VLlK/view?usp=drivesdk

[vkorenkov-varonis]

Hi @stutib-crest, can you provide me information, approximately when pull request can be approved? I just need to notify my management.

[vdobrotskyi-varonis]

Hi @tonyc-phantom @stutib-crest @alexa-phantom do you have any ETA for approving this PR? Thanks

[splunk-soar-connectors-bot]

@stutib-crest Static Tests results for commit 9e1cc8a - https://drive.google.com/file/d/1ga2Do4eTcVdf_vtEtDi22GqoESBNdKdn/view?usp=drivesdk

[splunk-soar-connectors-bot]

@github-actions[bot] Static Tests results for commit 477c78f - https://drive.google.com/file/d/1N3dzYId-D2vEeWly01CS60KSuIawK0Ou/view?usp=drivesdk

[splunk-soar-connectors-bot]

@github-actions[bot] Compile Tests results for commit 477c78f - https://drive.google.com/file/d/1bs2Om33-FV9Px868DHXfa58-5XbDAZS8/view?usp=drivesdk

[stutib-crest]

Hi @vkorenkov-varonis,
We observed that in connector file while processing the empty response in line 143, we observed that even in case when r.text exists we are processing it as empty response. Is this an expected behaviour? As even if there will be text in response we will be returning that we got an empty reponse.

[vkorenkov-varonis]

Hi @vkorenkov-varonis, we observed that in connector file while processing the empty response in line 143, we observed that even in case when r.text exists we are processing it as empty response. Is this an expected behavior? As even if there will be text in response, we will be returning that we got an empty response.

Hi @stutib-crest,
In short, it's expected behavior.

Explanation:

1. This is code generated by phantom, when the application was initialized.
2. There is an explanation in the comment, that if we receive text in response, that we can't parse, we observe it as an empty response
3. In normal case it shouldn't be called ever