Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding playbooks for cofense vision #148

Open
wants to merge 1 commit into
base: 6.0
Choose a base branch
from
Open

Adding playbooks for cofense vision #148

wants to merge 1 commit into from

Conversation

crestdatasystems
Copy link

@crestdatasystems crestdatasystems commented Jun 16, 2023
edited
Loading

Adding usecase playbooks for cofense vision

App Link: https://splunkbase.splunk.com/app/6811

Playbook quality checklist

  • Please check if your PR fulfills the following requirements.

Requirements for Settings

  • Playbook name is A-Z in Title case with underscores between words. (e.g.
    MS_Graph_Search_and_Purge)
  • Category in Title case with spaces between words (e.g. Identifier Reputation
    Analysis)
  • Description is free of grammatical errors and describe what the playbook does.
  • Notes list any setup required on the third-party API as well as intended areas
    for customization. N/A

Requirements for all playbooks

  • Playbook block count not greater than 20 (not including Start and End blocks).
  • If referencing a custom list, Notes document what the expected values are in
    that custom list.

Requirements for all playbook blocks

  • All blocks have a custom name no more than 4 words, all lowercase, and
    separated by space (e.g. close workbook task)
  • All blocks that support a Notes Tooltip have it filled out. Must be
    grammatically correct and describes the intended purpose of that block.
  • Where custom code is used, block notes indicate presence of custom code (e.g.
    "This block uses custom code")
  • No block is disabled by custom code
  • Custom code is documented with notes
  • Debug statements are removed or commented out

Requirements for specific blocks

Start/End blocks

  • No custom code of any kind in Start and End blocks

Decision/Filter

  • All condition paths have a custom label
Action
  • Use apps available on Splunkbase (Cofense Vision)
  • Use asset names that are the app name, all lowercase separated by underscores
    (e.g. Azure AD Graph becomes azure_ad_graph)
Utility
  • Block is using community version N/A
Playbook
  • Block is using local version

Requirements for specific playbooks

Automation Playbooks
  • Label is set to '*'
  • No more than 3 concurrent branching paths.

Other considerations (PR type specific)

  • If new playbook, there is a screenshot ending in .png with the same name as the
    playbook .json
  • Playbook major minor version matches repo (e.g. 5.5 != 6.0)
  • PR contains both .py and .json

Playbook Testing

  • Playbook tested against expected input
  • Playbook handles invalid input
  • If playbook launches actions, it handles actions with status == failed.

@crestdatasystems crestdatasystems changed the title Adding new playbooks for cofense vision Adding playbooks for cofense vision Jun 16, 2023
@crestdatasystems
Copy link
Author

Hi @kelby-shelton
Can you please help with reviewing this PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@crestdatasystems