Added Palo Alto Cortext XDR UDI Connector #858

lakshmi51974368 · 2022-03-18T14:49:14Z

Added Palo Alto Cortext XDR UDI Connector with updated fork.

mdazam1942

please fix the unittests. I see few are failing in. stix-shifter/stix_shifter_modules/paloalto/tests/stix_transmission/test_paloalto.py

stix_shifter_modules/paloalto/configuration/config.json

stix_shifter_modules/paloalto/stix_translation/query_constructor.py

stix_shifter_modules/paloalto/stix_transmission/results_connector.py

mdazam1942 · 2022-03-21T21:09:20Z

stix_shifter_modules/paloalto/configuration/config.json

+            }
+        },
+        "quota_threshold": {
+            "default": 3.00,


why is the default value 3.00?

To reserve only 60% of the license quota (5) to the API call, it is set to 3. Now the user is allowed to provide values between 1 and 4 in the CP4S UI. As discussed, additional quota threshold configuration is also available.

Can you leave a comment on this line stating that the regular license API quota is 5 so anyone seeing this knows what it's for?

Added details in lang_en.json

As discussed in the status call, additional quota configuration is merged with 'quota_threshold' configuration.

As discussed, updated x-oca-asset and x-oca-event mappings.

Updated PaloAlto Transmit Unit test Cases

Updated Transmit unit test file

1. Added support for more than 1000 records using stream API as discussed. 2. Updated Stix 2.1 to_stix_map.json with the modified format extensions 3. Added Quota Limit for API calls based on License.

codecov · 2022-03-24T15:10:24Z

Codecov Report

Merging #858 (72e2671) into develop (4ff9573) will increase coverage by 0.30%.
The diff coverage is 93.23%.

@@             Coverage Diff             @@
##           develop     #858      +/-   ##
===========================================
+ Coverage    63.41%   63.71%   +0.30%     
===========================================
  Files          467      483      +16     
  Lines        41733    44069    +2336     
===========================================
+ Hits         26466    28080    +1614     
- Misses       15267    15989     +722

Impacted Files	Coverage Δ
...r_modules/paloalto/stix_transmission/api_client.py	`44.11% <78.12%> (ø)`
..._modules/paloalto/stix_translation/transformers.py	`80.00% <80.00%> (ø)`
...les/paloalto/stix_transmission/delete_connector.py	`80.00% <80.00%> (ø)`
...ules/paloalto/stix_transmission/response_mapper.py	`53.21% <85.29%> (ø)`
...es/paloalto/stix_transmission/results_connector.py	`53.28% <86.25%> (ø)`
...les/paloalto/stix_translation/query_constructor.py	`77.74% <89.31%> (ø)`
...modules/paloalto/stix_transmission/error_mapper.py	`81.81% <90.00%> (ø)`
...ules/paloalto/stix_transmission/query_connector.py	`90.00% <90.00%> (ø)`
...les/paloalto/stix_transmission/status_connector.py	`89.02% <91.25%> (ø)`
...ts/stix_translation/test_paloalto_stix_to_query.py	`73.33% <96.35%> (ø)`
... and 7 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4ff9573...72e2671. Read the comment docs.

lakshmi51974368 · 2022-03-24T15:10:54Z

please fix the unittests. I see few are failing in. stix-shifter/stix_shifter_modules/paloalto/tests/stix_transmission/test_paloalto.py

The failed test cases are fixed and passed.

Updated the Standard daily License API quota details

Updated 'quota_threshold' configuration value

updated the mappings of x-oca-event and x-oca-asset fields

lakshmi51974368 and others added 2 commits March 18, 2022 14:48

Added Palo Alto Cortext XDR UDI Connector

3ddcbe1

Added Palo Alto Cortext XDR UDI Connector with updated fork.

Merge branch 'develop' into paloalto_v2

5cc7921

mdazam1942 suggested changes Mar 21, 2022

View reviewed changes