Domain Tools Iris - First Release #4445
Conversation
…comments and descriptions.
…comments, descriptions, and mypy errors.
yuvalbenshalom
requested review from
Itay4
and removed request for
yuvalbenshalom
There was a problem hiding this comment.
Looks good 👍
A few general comments:
- Please generate integration documentation
- Please add tests for all content entities (playbooks and scripts) and not only for the integration.
- Please outputs types to all commands outputs.
- Add Python 3 docker image.
- File names should be same the directory name, so if the directory name is
DomainTools_Iris, so should be the Python, YAML, etc. - Please use
'instead of"in the code. - Please change the command prefix to something like
domaintools-ordomaintoolsiris- - Please don't access dictionary keys directly, use
.get()instead. - Please don't access list indices without checking length first.
- Please add Google style docstrings.
- Split each function to two, command and request. For more details please have a look here
- No need for the format functions, please move the parsing logic code to be inside the command functions instead.
- Please add DBot Score outputs.
- Make sure all entities
idandnameare the same, and not GUIDs - Did not review playbooks and scripts yet
|
I believe all the suggested changes for the integration are done other than what I have left unresolved. Still working on updating playbooks and scripts due to changes in the integration. |
|
Also can you point to examples of testing automation scripts and playbooks? I'm not seeing much in the docs on the best way to do this. |
Example for automation script test: ParseEmailFiles Example for playbook test: Phishing playbook |
There was a problem hiding this comment.
Looks good, some general comments:
- Please use Python 3 docker image.
- Some of the docstrings missing details about the arguments, please improve these.
- Some of the context outputs have
Unknowntype, please change to the relevant type, if possible. - Please add the
DBotScoreobject to the context outputs in the YAML. - Please update the command names in the test playbook.
Co-Authored-By: Itay Keren <[email protected]>
|
Is the repo for docker images an entirely different repo? Or where does that image/dockerfile have to be? |
you can see the python 3 docker image here |
…the reviewers suggestions.
# Conflicts: # Integrations/DomainTools_Iris/DomainTools_Iris.py
There was a problem hiding this comment.
Thank you for providing this contribution. I could find use to some of your playbooks, but I have some comments and there are things that need to be fixed to meet our standards and enter Demisto as out-of-the-box playbooks. I commented on the first lane of each relevant playbook, as commenting in exact areas in the YML can confuse. I added screenshots and task numbers for your convenience. There are also some general points for the playbooks:
-
Please provide meaningful descriptions for all playbooks and all tasks. If you write them for your integration commands, then upon creating the tasks, the description will be used automatically and save you the time of re-writing it.
-
Please set the "Auto extract indicators" setting of each task according to what fits that task best. You can read more about this setting in our documentation. Generally, this determines whether indicators should be extracted and have their reputation calculated, from the data that you print to the war-room in that specific task (its "results", not "outputs"). Sometimes data printed to the war-room does not need this functionality and it unnecessarily extends playbook run-time and provides excessive context. A rule of thumb is to set it to "none" unless that task prints to the war-room some interesting indicators on which we want to run automatically !ip, !domain and so on, in the background.
-
Please change the task names to go hand in hand with our conventions. For example, condition tasks should be questions.
You can refer to these playbooks, which meet our standards and are good examples, to see how we name different tasks:IP Enrichment - Internal - Generic v2,Extract Indicators From File - Generic v2. Note capitalization of letters and the meaningfulness and conciseness of the names. -
Please replace all "DT" (things like ${something}) to our normal selectors, and add the "Unique" operator where possible and applicable. This prevents mistakes and data duplication. Do this for inputs of tasks and for inputs of the playbooks.
DT should only be used in cases where complex logic unsupported by our filters and transformers is needed.
- For all playbooks that work on input data, always check for the existence of that data before working with it. Never assume inputs are present, or the tasks will fail whenever an input is empty. The example playbooks I provided above demonstrate that as well (where we check if a file exists, or if an IP exists).
Thanks again for your efforts.
|
@ChuckWoodraska please pull from the base branch |
# Conflicts: # Tests/conf.json
|
|
|
@ChuckWoodraska looks good, just note 1 comment i've unresolved |
|
Playbook review complete. Final review by @kirbles19 now |
|
Is there an ETA for the final review being done? |
mid next week |
Updated the file
|
All docs have been reviewed. |
* Domain Tools Iris - First Release (#4445) * DomainTools Iris Integration - Initial Release * Updated after failing Circle CI validation steps mostly dealing with comments and descriptions. * Updated after failing Circle CI validation steps mostly dealing with comments, descriptions, and mypy errors. * mypy and subtype update for integration. * Integration updates to take into consideration the reviewers suggestions. * Apply suggestions from code review Co-Authored-By: Itay Keren <[email protected]> * Integration, script, and playbook updates to take into consideration the reviewers suggestions. * Trying to appease circle ci * Trying to appease circle ci * Take out unused playbooks and automation scripts. Update other playbooks. * Fix circle ci errors * Fix circle ci errors * Fix circle ci errors dealing with type hints * improve imports * add type ignore * remove typing import * import dict * import any * update docker image * Apply suggestions from code review Co-Authored-By: Itay Keren <[email protected]> * Requested updates from reviewer of the integration. * Take out unused variable. * Updated playbooks. * Remove return error. Only raise exception. * Update default inputs for pivot playbook. * Update DomainTools_Iris.yml Reviewed the yml file * Update DomainTools_Iris.yml * Update DomainTools_Iris_description.md * Update playbook-Indicator_Pivoting-DomainTools_Iris.yml Updated the file * change integration id in conf
Status
Ready
Required version of Demisto
4.1.0
Does it break backward compatibility?
Must have
Additional changes
Add List named tags for the IrisTags playbook
Technical writer review
Mention and link to the files that require a technical writer review.