Fixed an issue with a wrong link to a Varonis Alert page on VaronisSa…

…aS Web Application. (#38588) (#38624) * fixed link to varonis alert page * demisto pyhon latest version * update docker image version * fix pre-commit message for empty tests * fix pre-commit errors --------- Co-authored-by: vkorenkov-varonis <[email protected]> Co-authored-by: Tal Zichlinsky <[email protected]>
demisto · Feb 13, 2025 · e552a11 · e552a11
1 parent ef264f4
commit e552a11
Show file tree

Hide file tree

Showing 9 changed files with 46 additions and 18 deletions.
diff --git a/Packs/VaronisSaaS/Integrations/VaronisSaaS/VaronisSaaS.py b/Packs/VaronisSaaS/Integrations/VaronisSaaS/VaronisSaaS.py
@@ -1400,7 +1400,7 @@ def enrich_with_url(output: dict[str, Any], baseUrl: str, id: str) -> dict[str,
     :rtype: ``Dict[str, Any]``
     """
 
-    output['Url'] = urljoin(baseUrl, f'/#/app/analytics/entity/Alert/{id}')
+    output['Url'] = urljoin(baseUrl, f'/analytics/entity/Alert/{id}')
     return output
 
 

diff --git a/Packs/VaronisSaaS/Integrations/VaronisSaaS/VaronisSaaS.yml b/Packs/VaronisSaaS/Integrations/VaronisSaaS/VaronisSaaS.yml
@@ -1,4 +1,7 @@
 category: Analytics & SIEM
+sectionOrder:
+- Connect
+- Collect
 commonfields:
   id: VaronisSaaS
   version: -1
@@ -7,44 +10,52 @@ configuration:
   name: isFetch
   required: false
   type: 8
+  section: Collect
 - display: Incident type
   name: incidentType
   required: false
   type: 13
   defaultvalue: Varonis SaaS Incident
+  section: Collect
 - display: The FQDN/IP the integration should connect to
   hidden: false
   name: url
   required: true
   type: 0
+  section: Connect
 - displaypassword: X-API-Key
   hidden: false
   name: apiKey
   required: true
   type: 9
   hiddenusername: true
+  section: Connect
 - display: Use system proxy settings
   hidden: false
   name: proxy
   required: false
   type: 8
+  section: Connect
 - display: Trust any certificate (not secure)
   hidden: false
   name: insecure
   required: false
   type: 8
+  section: Connect
 - defaultvalue: '1000'
   display: Maximum number of incidents per fetch
   additionalinfo:
   name: max_fetch
   type: 0
   required: false
+  section: Collect
 - defaultvalue: 1 week
   display: First fetch time
   hidden: false
   name: first_fetch
   required: false
   type: 0
+  section: Collect
 - defaultvalue: Low
   display: Minimum severity of alerts to fetch
   hidden: false
@@ -55,12 +66,14 @@ configuration:
   - High
   required: false
   type: 15
+  section: Collect
 - display: Varonis threat model name
   additionalinfo: Pipe-separated list of threat model names of alerts to fetch. Use "varonis-get-threat-models" command to retrieve the full list
   hidden: false
   name: threat_model
   required: false
   type: 0
+  section: Collect
 - defaultvalue: New
   display: Varonis alert status
   hidden: false
@@ -73,6 +86,7 @@ configuration:
   - Auto-Resolved
   required: false
   type: 15
+  section: Collect
 - additionalinfo: 'Choose the direction to mirror the incident: Outgoing (from Cortex XSOAR to Varonis SaaS).'
   defaultvalue: None
   display: Incident Mirroring Direction
@@ -82,6 +96,7 @@ configuration:
   - Outgoing
   type: 15
   required: false
+  section: Collect
 description: Streamline alerts and related forensic information from Varonis SaaS.
 display: Varonis SaaS
 name: VaronisSaaS
@@ -523,7 +538,7 @@ script:
     name: get-mapping-fields
   - description: Updates the remote incident with local incident changes. This method is only used for debugging purposes and will not update the current incident.
     name: update-remote-system
-  dockerimage: demisto/python3:3.11.10.115186
+  dockerimage: demisto/python3:3.12.8.1983910
   feed: false
   isfetch: true
   ismappable: true
@@ -536,7 +551,7 @@ script:
   subtype: python3
   type: python
 tests:
-- No tests (auto formatted)
+- No tests
 fromversion: 6.5.0
 defaultmapperin: Varonis SaaS Incident - Incoming Mapper
 
diff --git a/Packs/VaronisSaaS/Integrations/VaronisSaaS/VaronisSaaS_test.py b/Packs/VaronisSaaS/Integrations/VaronisSaaS/VaronisSaaS_test.py
@@ -283,7 +283,7 @@ def test_enrich_with_url():
     obj = {}
     baseUrl = 'http://test.com'
     id = '1'
-    expectedUrl = f'{baseUrl}/#/app/analytics/entity/Alert/{id}'
+    expectedUrl = f'{baseUrl}/analytics/entity/Alert/{id}'
 
     enrich_with_url(obj, baseUrl, id)
     assert obj['Url'] == expectedUrl

diff --git a/Packs/VaronisSaaS/Integrations/VaronisSaaS/test_data/fetch_incidents_output.json b/Packs/VaronisSaaS/Integrations/VaronisSaaS/test_data/fetch_incidents_output.json
@@ -30,7 +30,7 @@
       "Alert.User.SidID": "971",
       "Alert.IngestTime": "2023-12-11T03:52:00",
       "Alert.Time": "2023-12-11T03:50:00",
-      "Url": "https://test.com/#/app/analytics/entity/Alert/A5F4B69A-F5C0-494F-B5B4-185185BC3FBE",
+      "Url": "https://test.com/analytics/entity/Alert/A5F4B69A-F5C0-494F-B5B4-185185BC3FBE",
       "Category": "Denial of Service",
       "ID": "A5F4B69A-F5C0-494F-B5B4-185185BC3FBE",
       "Name": "Deletion: Multiple directory service objects",

diff --git a/Packs/VaronisSaaS/Integrations/VaronisSaaS/test_data/varonis_fetch_incidents_output.json b/Packs/VaronisSaaS/Integrations/VaronisSaaS/test_data/varonis_fetch_incidents_output.json
@@ -42,7 +42,7 @@
                 "Department": ""
             }
         ],
-        "Url": "https://test.com/#/app/analytics/entity/Alert/70FED0AD-8C95-4B52-A8EE-47F9AF72514F"
+        "Url": "https://test.com/analytics/entity/Alert/70FED0AD-8C95-4B52-A8EE-47F9AF72514F"
     },
     {
         "ID": "08CA3B6B-CFC4-45B0-8822-4C0BD007E0B0",
@@ -87,6 +87,6 @@
                 "Department": ""
             }
         ],
-        "Url": "https://test.com/#/app/analytics/entity/Alert/08CA3B6B-CFC4-45B0-8822-4C0BD007E0B0"
+        "Url": "https://test.com/analytics/entity/Alert/08CA3B6B-CFC4-45B0-8822-4C0BD007E0B0"
     }
 ]
diff --git a/Packs/VaronisSaaS/Integrations/VaronisSaaS/test_data/varonis_get_alerts_command_output.json b/Packs/VaronisSaaS/Integrations/VaronisSaaS/test_data/varonis_get_alerts_command_output.json
@@ -30,7 +30,7 @@
         "Alert.Location.AbnormalLocation": "",
         "Alert.User.SidID": "971",
         "Alert.IngestTime": "2023-12-12T03:23:36",
-        "Url": "https://test.com/#/app/analytics/entity/Alert/6769D061-A714-4C95-A8AE-121E5379BF3C"
+        "Url": "https://test.com/analytics/entity/Alert/6769D061-A714-4C95-A8AE-121E5379BF3C"
       },
       {
         "Alert.Rule.Name": "Deletion: Active Directory containers, Foreign Security Principal, or GPO",
@@ -62,7 +62,7 @@
         "Alert.Location.AbnormalLocation": "",
         "Alert.User.SidID": "971",
         "Alert.IngestTime": "2023-12-12T03:23:33",
-        "Url": "https://test.com/#/app/analytics/entity/Alert/77230F1D-BFA6-4B0B-BE0D-323B503A67D1"
+        "Url": "https://test.com/analytics/entity/Alert/77230F1D-BFA6-4B0B-BE0D-323B503A67D1"
       },
       {
         "Alert.Rule.Name": "Deletion: Active Directory containers, Foreign Security Principal, or GPO",
@@ -94,7 +94,7 @@
         "Alert.Location.AbnormalLocation": "",
         "Alert.User.SidID": "971",
         "Alert.IngestTime": "2023-12-12T03:23:30",
-        "Url": "https://test.com/#/app/analytics/entity/Alert/60F667E1-41E6-4807-8DDF-57DAB867772E"
+        "Url": "https://test.com/analytics/entity/Alert/60F667E1-41E6-4807-8DDF-57DAB867772E"
       },
       {
         "Alert.Rule.Name": "Health check #1: Any Event On Single Day",
@@ -126,7 +126,7 @@
         "Alert.Location.AbnormalLocation": "",
         "Alert.User.SidID": "971",
         "Alert.IngestTime": "2023-12-12T00:07:13",
-        "Url": "https://test.com/#/app/analytics/entity/Alert/B316F1CE-52BE-4264-92AC-8A2BDB42EDCA"
+        "Url": "https://test.com/analytics/entity/Alert/B316F1CE-52BE-4264-92AC-8A2BDB42EDCA"
       },
       {
         "Alert.Rule.Name": "Health check #1: Any Event On Single Day",
@@ -158,7 +158,7 @@
         "Alert.Location.AbnormalLocation": "",
         "Alert.User.SidID": "971",
         "Alert.IngestTime": "2023-12-12T00:02:35",
-        "Url": "https://test.com/#/app/analytics/entity/Alert/166AB86E-ABFB-47E1-B1BB-C90853FD8C61"
+        "Url": "https://test.com/analytics/entity/Alert/166AB86E-ABFB-47E1-B1BB-C90853FD8C61"
       },
       {
         "Alert.Rule.Name": "Activity from blocklisted geolocation",
@@ -190,7 +190,7 @@
         "Alert.Location.AbnormalLocation": "Not new/abnormal",
         "Alert.User.SidID": "4357",
         "Alert.IngestTime": "2023-12-12T00:02:30",
-        "Url": "https://test.com/#/app/analytics/entity/Alert/76A03D61-A1BF-4C64-AFCF-995FBCE20079"
+        "Url": "https://test.com/analytics/entity/Alert/76A03D61-A1BF-4C64-AFCF-995FBCE20079"
       },
       {
         "Alert.Rule.Name": "Permissions granted directly to user in directory services",
@@ -222,7 +222,7 @@
         "Alert.Location.AbnormalLocation": "",
         "Alert.User.SidID": "4336",
         "Alert.IngestTime": "2023-12-11T23:32:23",
-        "Url": "https://test.com/#/app/analytics/entity/Alert/EB18954F-5AE7-4384-999A-79172FEED6FA"
+        "Url": "https://test.com/analytics/entity/Alert/EB18954F-5AE7-4384-999A-79172FEED6FA"
       },
       {
         "Alert.Rule.Name": "ATP_NonATP_Threshold_RTA_Rule_12/11/2023 10:45:06 PM",
@@ -254,7 +254,7 @@
         "Alert.Location.AbnormalLocation": "",
         "Alert.User.SidID": "4209",
         "Alert.IngestTime": "2023-12-11T22:51:14",
-        "Url": "https://test.com/#/app/analytics/entity/Alert/87586397-8905-4705-ABDA-584197586A70"
+        "Url": "https://test.com/analytics/entity/Alert/87586397-8905-4705-ABDA-584197586A70"
       },
       {
         "Alert.Rule.Name": "ATP_Threshold_RTA_Rule_12/11/2023 10:45:06 PM",
@@ -286,7 +286,7 @@
         "Alert.Location.AbnormalLocation": "",
         "Alert.User.SidID": "4209",
         "Alert.IngestTime": "2023-12-11T22:51:11",
-        "Url": "https://test.com/#/app/analytics/entity/Alert/7B752108-FB89-4CF9-A28C-06178ECA6E9C"
+        "Url": "https://test.com/analytics/entity/Alert/7B752108-FB89-4CF9-A28C-06178ECA6E9C"
       }
     ]
  }
diff --git a/Packs/VaronisSaaS/ReleaseNotes/1_0_10.md b/Packs/VaronisSaaS/ReleaseNotes/1_0_10.md
@@ -0,0 +1,11 @@
+#### Integrations
+##### Varonis SaaS
+- Fixed an issue with a wrong link to a Varonis Alert page on VaronisSaaS Web Application.
+- Updated the Docker image to: *demisto/python3:3.12.8.1983910*.
+
+
+
+#### Scripts
+
+##### varonis-alert-post-processing
+- Updated the Docker image to: *demisto/python3:3.12.8.1983910*.
diff --git a/Packs/VaronisSaaS/Scripts/varonisalertpostprocessing/varonisalertpostprocessing.yml b/Packs/VaronisSaaS/Scripts/varonisalertpostprocessing/varonisalertpostprocessing.yml
@@ -10,5 +10,7 @@ tags:
 timeout: '0'
 type: python
 subtype: python3
-dockerimage: demisto/python3:3.11.10.115186
+dockerimage: demisto/python3:3.12.8.1983910
+tests:
+- No tests
 fromversion: 6.5.0
diff --git a/Packs/VaronisSaaS/pack_metadata.json b/Packs/VaronisSaaS/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Varonis SaaS",
     "description": "Streamline alerts, events and related forensic information from Varonis SaaS",
     "support": "partner",
-    "currentVersion": "1.0.9",
+    "currentVersion": "1.0.10",
     "author": "Varonis",
     "url": "https://www.varonis.com/support",
     "email": "",