XSOAR EDL Checker - Add support for XSOAR 8.x - Oct 2023 (demisto#30657)

* XSOAR EDL Checker - Add support for XSOAR 8.x - Oct 2023 (demisto#30539) * after format * updated description, integration readme, and increased pack version * updating pack metadata to use my Palo Alto information * updated readme for integration --------- Co-authored-by: Moshe Eichler <[email protected]> * remove hourly * add image * docker image * RN * docker * period * RN --------- Co-authored-by: Mike Beauchamp <[email protected]> Co-authored-by: Moshe Eichler <[email protected]> Co-authored-by: MosheEichler <[email protected]>
VirusTotal · Nov 7, 2023 · d53314d · d53314d
1 parent 49412a3
commit d53314d
Show file tree

Hide file tree

Showing 9 changed files with 150 additions and 80 deletions.
diff --git a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/README.md
@@ -1,5 +1,6 @@
-Checks an XSOAR EDL to make sure it's returning a valid response.
-This integration was integrated and tested with version 6.8+ of Cortex XSOAR.
+Checks an XSOAR hosted EDL to make sure it's returning a valid response. Supports PAN-OS (text), CSV, or JSON EDLs.
+
+This integration was integrated and tested with version 6.12 and 8.4 of Cortex XSOAR, and version 3.2.12 of the Generic Export Indicator Service.
 
 ## Configure XSOAR EDL Checker on Cortex XSOAR
 
@@ -12,18 +13,21 @@ This integration was integrated and tested with version 6.8+ of Cortex XSOAR.
     | EDL Name | The name of the edl from the generic indicator export service | True |
     | Username |  | False |
     | Password |  | False |
+    | Trust any certificate (not secure) |  | False |
+    | XSOAR Version | The version of XSOAR you are using 6.x or 8.x  | False |
 
 4. Click **Test** to validate the URLs, token, and connection.
 
 ## Commands
+
 You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
 After you successfully execute a command, a DBot message appears in the War Room with the command details.
 
 ### xsoaredlchecker-get-edl
+
 ***
 Checks the EDL and returns the response. 
 
-
 #### Base Command
 
 `xsoaredlchecker-get-edl`
@@ -33,7 +37,6 @@ Checks the EDL and returns the response.
 | **Argument Name** | **Description** | **Required** |
 | --- | --- | --- |
 
-
 #### Context Output
 
 | **Path** | **Type** | **Description** |
@@ -42,3 +45,33 @@ Checks the EDL and returns the response.
 | EDLChecker.Status | unknown | The HTTP Status Code returned by the EDL | 
 | EDLChecker.Response | unknown | The Response or Error from the check. | 
 | EDLChecker.ItemsOnList | unknown | The number of indicators on the list, assuming a successful response\! | 
+
+#### Command example
+```!xsoaredlchecker-get-edl```
+#### Context Example
+```json
+{
+    "EDLChecker": [
+        {
+            "ItemsOnList": 2,
+            "Name": "domains",
+            "Response": "domains returned a 200 response, all should be well",
+            "Status": 200
+        },
+        {
+            "ItemsOnList": 0,
+            "Name": "ips",
+            "Response": "Instance 'ips' is disabled (922)",
+            "Status": 400
+        }
+    ]
+}
+```
+
+#### Human Readable Output
+
+>### EDL Response for domains
+>|Name|Status|Response|ItemsOnList|
+>|---|---|---|---|
+>| domains | 200 | domains returned a 200 response, all should be well | 2 |
+
diff --git a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.py b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.py
@@ -2,7 +2,6 @@
 import requests
 import urllib3
 from CommonServerPython import *  # noqa: F401
-from typing import Union
 
 # Disable insecure warnings
 urllib3.disable_warnings()
@@ -11,12 +10,26 @@
 ''' HELPER FUNCTIONS '''
 
 
+def get_base_url(xsoar_version):
+    """
+    Returns the url to be used to check the EDL, depends on the XSOAR version.
+    """
+    url = demisto.demistoUrls().get('server')
+    if xsoar_version == "6.x":
+        # return the server url for xsoar 6
+        return url
+    else:
+        # construct the url for xsoar 8
+        url = f"{url[:8]}ext-{url[8:]}/xsoar"
+        return url
+
+
 def edl_http_request(base_url, edl_name, verify, creds):
     """
     HTTP Request to check EDL, using basic auth if creds are provided
     Returns the full response.
     """
-    response: Union[Dict, requests.Response]
+    response: Dict | requests.Response
     try:
         if creds:
             username = creds.get('username')
@@ -104,7 +117,7 @@ def get_edl_command(base_url, edl_name, verify, creds=None):
 
 
 def main():
-    base_url = demisto.demistoUrls().get('server')
+    base_url = get_base_url(demisto.params().get('xsoarversion'))
     edl_name = demisto.params().get('edl_name')
     verify = not demisto.params().get('insecure', False)
     credentials = demisto.params().get('credentials', None)

diff --git a/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.yml b/Packs/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker.yml
@@ -17,6 +17,15 @@ configuration:
   name: insecure
   type: 8
   required: false
+- display: XSOAR Version
+  name: xsoarversion
+  defaultvalue: 6.x
+  type: 15
+  required: false
+  options:
+  - 6.x
+  - 8.x
+  additionalinfo: 'The version of XSOAR you are using 6.x or 8.x '
 description: Checks an XSOAR hosted EDL to make sure it's returning a valid response.   Supports PAN-OS (text), CSV, or JSON EDLs.
 display: XSOAR EDL Checker
 name: XSOAR EDL Checker
@@ -27,14 +36,14 @@ script:
     name: xsoaredlchecker-get-edl
     outputs:
     - contextPath: EDLChecker.Name
-      description: The Name of the EDL from the Generic Indicators Export Service instance
+      description: The Name of the EDL from the Generic Indicators Export Service instance.
     - contextPath: EDLChecker.Status
-      description: The HTTP Status Code returned by the EDL
+      description: The HTTP Status Code returned by the EDL.
     - contextPath: EDLChecker.Response
       description: The Response or Error from the check.
     - contextPath: EDLChecker.ItemsOnList
       description: The number of indicators on the list, assuming a successful response!
-  dockerimage: demisto/python3:3.10.12.63474
+  dockerimage: demisto/python3:3.10.13.80014
   runonce: false
   script: ''
   subtype: python3

diff --git a/...s/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker_description.md b/...s/XSOAR_EDL_Checker/Integrations/XSOAREDLChecker/XSOAREDLChecker_description.md
@@ -2,10 +2,14 @@
 
 This integration checks an external dynamic list provided by the [XSOAR Generic Indicators Export Service](https://xsoar.pan.dev/docs/reference/integrations/edl), to validate it is responding as required.
 
+XSOAR 6.x:
 Only supports lists hosted off the XSOAR server, and requires the following server configuration be set from Settings -> About -> Troubleshooting
 
 instance.execute.external = true 
 
+XSOAR 8.X: 
+Make sure to configre the credentials for Long Running Integrations (Settings -> Settings & Info -> Instances -> Long Running Integrations)
+
 ## Setup
 
 Configure an instance and provide the name of the instance name from the XSOAR Generic Indicators Export Service.