Skip to content

[CEM] Cortex Exposure Management Pack #40555

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 47 commits into from
Jul 20, 2025
Merged

[CEM] Cortex Exposure Management Pack #40555

merged 47 commits into from
Jul 20, 2025
+4,669 −11

Conversation

@johnnywilkes
Copy link
Contributor

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

  • In Progress
  • Ready
  • In Hold - (Reason for hold)

Related Issues

https://jira-dc.paloaltonetworks.com/browse/UVEM-2497

Description

New Cortex Exposure Management Pack

Must have

  • Tests
  • Documentation

johnnywilkes and others added 23 commits May 12, 2025 09:45
@johnnywilkes
init new pack
5890e92
@johnnywilkes
update
537d14d
@johnnywilkes
started migrating RankServiceOnwer
a3b404c
@johnnywilkes
change naming/fix ContextSetup
37430a4
@johnnywilkes
update naming/bring in RankRemediationOwners
e29eda9
@johnnywilkes
fix validation errors
9861e98
@johnnywilkes
Merge branch 'contrib/PaloAltoNetworks_CortexExposureManagement' into…
0dd279b 
… CortexExposureManagement
@johnnywilkes
Merge branch 'contrib/PaloAltoNetworks_CortexExposureManagement' into…
e451f1c 
… CortexExposureManagement
@johnnywilkes
remove most references to VM/ASM
e6693ea
@johnnywilkes
fix contextsetup
91efe40
@johnnywilkes
update/add automation rules
14e8ab0
@johnnywilkes
fix typo
db1d1b1
@johnnywilkes
Add remediation playbook
5eb302d
@johnnywilkes
fix format error
9a05c53
@johnnywilkes
Add AWS-Enrichment-Remediation dependency
9649e9e
@johnnywilkes
test update EM module
e3e8470
@johnnywilkes
Merge branch 'contrib/PaloAltoNetworks_CortexExposureManagement' into…
ea21f9b 
… CortexExposureManagement
@johnnywilkes
Merge branch 'contrib/PaloAltoNetworks_CortexExposureManagement-1' in…
ea8268a 
…to CortexExposureManagement
@johnnywilkes
test with ASM tag
9c6a9a6
@johnnywilkes
add marketplace tags
45ffc92
@johnnywilkes
Andrew's README update
c941bfa
@johnnywilkes
update triggers
bcf7697
@johnnywilkes
update RankRemediationOwners docker
efa3581
@johnnywilkes johnnywilkes requested a review from tcarmeli1 as a code owner July 8, 2025 18:56
@content-bot content-bot added Community Contribution Form Filled Whether contribution form filled or not. Contribution Thank you! Contributions are always welcome! External PR Xsoar Support Level Indicates that the contribution is for XSOAR supported pack labels Jul 8, 2025
@content-bot content-bot changed the base branch from master to contrib/PaloAltoNetworks_CortexExposureManagement-3 July 8, 2025 18:58
YaelShamai
YaelShamai requested changes Jul 16, 2025
View reviewed changes
Copy link
Contributor

@YaelShamai YaelShamai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey,
I answered your questions, please take a look.

Benimanela
Benimanela reviewed Jul 16, 2025
View reviewed changes
Copy link
Collaborator

@Benimanela Benimanela left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @johnnywilkes, The playbooks look good!

I have just one question:

In the playbook Cortex EM - Exposure Issue, there's a step called Initialize fields that uses the setIssue (Builtin) automation. I don't see this automation available, even after installing all dependencies.
Could you clarify where this automation comes from?

@johnnywilkes
Copy link
Contributor Author

Hi @johnnywilkes, The playbooks look good!

I have just one question:

In the playbook Cortex EM - Exposure Issue, there's a step called Initialize fields that uses the setIssue (Builtin) automation. I don't see this automation available, even after installing all dependencies. Could you clarify where this automation comes from?

@Benimanela , my understanding is that !setIssue does exactly what !setAlert/setIncident do and is a standard of platform tenants as alerts are being replaced by issues:
image

@Benimanela
Copy link
Collaborator

Hi @johnnywilkes, The playbooks look good!
I have just one question:
In the playbook Cortex EM - Exposure Issue, there's a step called Initialize fields that uses the setIssue (Builtin) automation. I don't see this automation available, even after installing all dependencies. Could you clarify where this automation comes from?

@Benimanela , my understanding is that !setIssue does exactly what !setAlert/setIncident do and is a standard of platform tenants as alerts are being replaced by issues: image

Ok, understood. I’m using XSOAR on-prem, and I don’t have the setIssue automation available, so the playbook will throw an error. Maybe we should set the fromversion to 8.x or higher to prevent installing it on older environments that don’t have setIssue?

However, the PR is approved from my review side, and I’d like to see a demo to better understand how the playbooks work in practice.

@johnnywilkes
Copy link
Contributor Author

Hi @johnnywilkes, The playbooks look good!
I have just one question:
In the playbook Cortex EM - Exposure Issue, there's a step called Initialize fields that uses the setIssue (Builtin) automation. I don't see this automation available, even after installing all dependencies. Could you clarify where this automation comes from?

@Benimanela , my understanding is that !setIssue does exactly what !setAlert/setIncident do and is a standard of platform tenants as alerts are being replaced by issues: image

Ok, understood. I’m using XSOAR on-prem, and I don’t have the setIssue automation available, so the playbook will throw an error. Maybe we should set the fromversion to 8.x or higher to prevent installing it on older environments that don’t have setIssue?

However, the PR is approved from my review side, and I’d like to see a demo to better understand how the playbooks work in practice.

This pack is scoped to platform marketplace, so it shouldn't be a concern.

kball-pa
kball-pa reviewed Jul 17, 2025
View reviewed changes
@YaelShamai YaelShamai added Security Approved If a contribution has been approved for merge by the security team, then this will allow a merge ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR. labels Jul 20, 2025
@content-bot
Copy link
Collaborator

For the Reviewer: Trigger build request has been accepted for this contribution PR.

@content-bot
Copy link
Collaborator

For the Reviewer: Successfully created a pipeline in GitLab with url: https://gitlab.xdr.pan.local/xdr/cortex-content/content/-/pipelines/4228003

@content-bot content-bot removed the ready-for-instance-test In contribution PRs, this label will cause a trigger of a build with a modified pack from the PR. label Jul 20, 2025
@content-bot
Copy link
Collaborator

Validate summary
The following errors were thrown as a part of this pr: RM104, RM108, RN106, RM116, PA128, RM109, GR103.
The following errors can be ignored: RM104, RM108, RM116, GR103.
The following errors cannot be ignored: RN106, PA128, RM109.
If the AG100 validation in the pre-commit GitHub Action fails, the pull request cannot be force-merged.
The following errors don't run as part of the nightly flow and therefore can be force merged: RM108, RN106, RM116, PA128, RM109.

Verdict: PR can be force merged from validate perspective? ❌

@YaelShamai YaelShamai merged commit 622f441 into demisto:contrib/PaloAltoNetworks_CortexExposureManagement-3 Jul 20, 2025
24 of 26 checks passed
@content-bot content-bot mentioned this pull request Jul 20, 2025
Merged
5 tasks
@github-actions
Copy link

Thank you for your contribution. Your external PR has been merged and the changes are now included in an internal PR for further review. The internal PR will be merged to the master branch within 3 business days.

YaelShamai added a commit that referenced this pull request Jul 21, 2025
@content-bot @johnnywilkes @YaelShamai
[CEM] Cortex Exposure Management Pack (#40649)
fdfce12 
* [CEM] Cortex Exposure Management Pack (#40555)

* init new pack

* update

* started migrating RankServiceOnwer

* change naming/fix ContextSetup

* update naming/bring in RankRemediationOwners

* fix validation errors

* remove most references to VM/ASM

* fix contextsetup

* update/add automation rules

* fix typo

* Add remediation playbook

* fix format error

* Add AWS-Enrichment-Remediation dependency

* test update EM module

* test with ASM tag

* add marketplace tags

* Andrew's README update

* update triggers

* update RankRemediationOwners docker

* documenation review

* RN/metadata update

* update RN

* bump versions

* code review changes #1

* bump ver

* fix validations

* fix error

* fix long lines

* format pack README

* few simple change

* RankRemediationOwners updates

* feedback ContextSetup and bump

* missed bump file

* add GR103 to pack ignore

* fix image path

* pre commit

---------

Co-authored-by: johnnywilkes <[email protected]>
Co-authored-by: Yael Shamai <[email protected]>
Co-authored-by: yshamai <[email protected]>
TOUFIKIzakarya pushed a commit to TOUFIKIzakarya/content that referenced this pull request Jul 24, 2025
@content-bot @johnnywilkes
@YaelShamai @TOUFIKIzakarya
[CEM] Cortex Exposure Management Pack (demisto#40649)
d9d2892 
* [CEM] Cortex Exposure Management Pack (demisto#40555)

* init new pack

* update

* started migrating RankServiceOnwer

* change naming/fix ContextSetup

* update naming/bring in RankRemediationOwners

* fix validation errors

* remove most references to VM/ASM

* fix contextsetup

* update/add automation rules

* fix typo

* Add remediation playbook

* fix format error

* Add AWS-Enrichment-Remediation dependency

* test update EM module

* test with ASM tag

* add marketplace tags

* Andrew's README update

* update triggers

* update RankRemediationOwners docker

* documenation review

* RN/metadata update

* update RN

* bump versions

* code review changes #1

* bump ver

* fix validations

* fix error

* fix long lines

* format pack README

* few simple change

* RankRemediationOwners updates

* feedback ContextSetup and bump

* missed bump file

* add GR103 to pack ignore

* fix image path

* pre commit

---------

Co-authored-by: johnnywilkes <[email protected]>
Co-authored-by: Yael Shamai <[email protected]>
Co-authored-by: yshamai <[email protected]>
xsoar-bot pushed a commit to xsoar-contrib/content that referenced this pull request Sep 17, 2025
@content-bot @johnnywilkes
@YaelShamai @xsoar-bot
[CEM] Cortex Exposure Management Pack (demisto#40649)
7d8f4d0 
* [CEM] Cortex Exposure Management Pack (demisto#40555)

* init new pack

* update

* started migrating RankServiceOnwer

* change naming/fix ContextSetup

* update naming/bring in RankRemediationOwners

* fix validation errors

* remove most references to VM/ASM

* fix contextsetup

* update/add automation rules

* fix typo

* Add remediation playbook

* fix format error

* Add AWS-Enrichment-Remediation dependency

* test update EM module

* test with ASM tag

* add marketplace tags

* Andrew's README update

* update triggers

* update RankRemediationOwners docker

* documenation review

* RN/metadata update

* update RN

* bump versions

* code review changes #1

* bump ver

* fix validations

* fix error

* fix long lines

* format pack README

* few simple change

* RankRemediationOwners updates

* feedback ContextSetup and bump

* missed bump file

* add GR103 to pack ignore

* fix image path

* pre commit

---------

Co-authored-by: johnnywilkes <[email protected]>
Co-authored-by: Yael Shamai <[email protected]>
Co-authored-by: yshamai <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@julieschwartz18 julieschwartz18 julieschwartz18 left review comments

@YaelShamai YaelShamai YaelShamai approved these changes

@tcarmeli1 tcarmeli1 Awaiting requested review from tcarmeli1

@jlevypaloalto jlevypaloalto Awaiting requested review from jlevypaloalto

+3 more reviewers

@Benimanela Benimanela Benimanela left review comments

@kball-pa kball-pa kball-pa left review comments

@andrew-paloalto andrew-paloalto andrew-paloalto approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@YaelShamai YaelShamai

Labels

Community Contribution Form Filled Whether contribution form filled or not. Contribution Thank you! Contributions are always welcome! docs-approved External PR Security Approved If a contribution has been approved for merge by the security team, then this will allow a merge Security Review Xsoar Support Level Indicates that the contribution is for XSOAR supported pack

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@johnnywilkes @content-bot @Benimanela @andrew-paloalto @julieschwartz18 @YaelShamai @kball-pa