Added Rapid7 ThreatCommand workflow Signed-off-by: Benimanela benim@qmasters.co#167
Added Rapid7 ThreatCommand workflow Signed-off-by: Benimanela benim@qmasters.co#167Benimanela wants to merge 2 commits intoIBM:masterfrom
Conversation
ChrisCollinsIBM
added
the
workflow-submission
ChrisCollinsIBM
left a comment
ChrisCollinsIBM
left a comment
There was a problem hiding this comment.
Everything looks great overall, I made a few small comments you can have a look at but nothing that would stop this from being merged.
Feel free to resolve any of those threads by addressing it or commenting and marking them as resolved and I'll get this merged.
Thanks for the submission!
| <CallEndpoint url="${/hostname}/public/v2/data/alerts/alerts-list" method="GET" savePath="/get_alert_list" > | ||
| <BasicAuthentication username="${/account_id}" password="${/api_key}" /> | ||
| <QueryParameter name="isClosed" value="${/is_closed}" /> | ||
| <QueryParameter name="severity" value="${/severity}" /> |
There was a problem hiding this comment.
Since this parameter isn't required, you may want to consider setting omitIfEmpty=true so the parameter isn't included in the <CallEndpoint> if the value is just empty.
| # Rapid& ThreatCommand Parameters Configuration | ||
| Parameter | Name | Default Value | Type | Required (True/False) | Description | ||
| --- | --- | --- | --- |--- |--- | ||
| hostname | Host Name | https://api.ti.insight.rapid7.com | String | True | IP or URL for the instance. |
There was a problem hiding this comment.
Does this API use regional endpoints as outlined here - https://docs.rapid7.com/insight/product-apis/#supported-regions
These endpoints may have changed since this workflow was submitted, but just wanted to see if there's maybe a list worth providing to end users to make sure they use the correct endpoint for their region if appropriate.
| </If> | ||
|
|
||
| <!-- Initialize a list to contain all alerts --> | ||
| <Set path="/alerts" value="[]" /> |
There was a problem hiding this comment.
Does this API support paging? If so this will only get the first page of data and then more pages on subsequent runs.
Often with Alert based integrations this is usually fine but just wanted to probe that point.
ChrisCollinsIBM
left a comment
ChrisCollinsIBM
left a comment
There was a problem hiding this comment.
Thanks for the submission, I had added comments back in July but forgot to include them as part of a review.
If you could comment or address some of the review topics that would be great, thanks!
2 participants
Added Rapid7 ThreatCommand workflow Signed-off-by: Benimanela benim@qmasters.co