Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

URL Outbound Traffic Filtering Dispatch Playbook #2683

Merged
merged 36 commits into from
Jun 21, 2023

Conversation

P4T12ICK
Copy link
Collaborator

Pull Request Type

Please check all that apply:
  • New playbook
  • Bugfix
  • Feature add
  • Code style update (formatting, renaming)
  • Documentation
  • Other (please describe):

Release Notes

Replace the following list with release notes that describe the high level components of the PR:

  • Added new playbook ZScaler Outbound Traffic Filtering

Playbook quality checklist

Please check if your PR fulfills the following requirements.

Playbook Testing

  • Test playbook works with expected and not expected data.

Requirements for Settings

  • Playbook name is A-Z in Title case with underscores between words. (e.g. MS_Graph_Search_and_Purge)
  • Category in Title case with spaces between words (e.g. Identifier Reputation Analysis)
  • Description is free of grammatical errors and describe what the playbook does.
  • Notes list any setup required on the third-party API as well as intended areas for customization.
  • Label is set to '*'

Requirements for all playbooks

  • Playbook block count not greater than 15 (not including Start and End blocks).
  • No more than 3 branching paths.
  • If referencing a custom list, Notes document what the expected values are in that custom list.

Requirements for all playbook blocks

  • All blocks have a custom name no more than 4 words, all lowercase, and separated by space (e.g. close workbook task)
  • All blocks that support a Notes Tooltip have it filled out. Must be grammatically correct and describes the intended purpose of that block.
  • Where custom code is used, block notes indicate presence of custom code (e.g. "This block uses custom code")
  • No block is disabled by custom code
  • Custom code is documented with notes

Requirements for specific blocks

Action
  • Use apps available on Splunkbase
  • Use asset names that are the app name, all lowercase separated by underscores (e.g. Azure AD Graph becomes azure_ad_graph)
Utility
  • Block is using community version
Playbook
  • Block is using local version

Requirements for specific playbooks

Input playbooks
  • Start blocks use ocsf variable names and a minimum of one data type per variable name (e.g. device (type: host name))
  • Has at least one category tag (e.g. reputation)
  • Playbook has a tag for each vendor app used

Other considerations (PR type specific)

  • If new playbook, there is a screenshot ending in .png with the same name as the playbook .json
  • Playbook major minor version matches repo (e.g. 5.5 != 6.0)
  • PR contains both .py and .json

Thanks for contributing!

@P4T12ICK P4T12ICK added the WIP DO NOT MERGE Work in Progress label May 22, 2023
@kelby-shelton
Copy link
Contributor

Looks good!

@P4T12ICK P4T12ICK added 4.6.0 and removed WIP DO NOT MERGE Work in Progress labels Jun 21, 2023
Copy link
Contributor

@ljstella ljstella left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

:shipit:

@P4T12ICK P4T12ICK merged commit 62b9fb7 into develop Jun 21, 2023
@delete-merged-branch delete-merged-branch bot deleted the Dispatch_URL_Outbound_Traffic_Filtering branch June 21, 2023 14:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants