Conversation
amshamah419
added
docs-approved
ready-for-pipeline-running
🤖 AI-Powered Code Review AvailableYou can leverage AI-powered code review to assist with this PR! Available Commands:
|
marketplace-ai-reviewer
removed
the
ready-for-ai-review
|
🤖 Analysis started. Please wait for results... |
There was a problem hiding this comment.
Pull request overview
Adds a new collector-style integration to the Tessian pack to ingest Proofpoint Tessian security events into Cortex XSIAM, alongside the accompanying pack metadata and documentation updates.
Changes:
- Introduces the Tessian Event Collector integration (YML + Python implementation) with checkpoint-based pagination and XSIAM event forwarding.
- Adds unit tests and test fixture responses for the new integration.
- Updates pack metadata/versioning and adds release notes + integration documentation.
Reviewed changes
Copilot reviewed 9 out of 10 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| Packs/Tessian/ReleaseNotes/1_1_0.md | Adds release notes entry for the new event collector integration. |
| Packs/Tessian/pack_metadata.json | Bumps pack version and updates support/author/url; adds defaultDataSource and keywords. |
| Packs/Tessian/Integrations/TessianEventCollector/test_data/security_events_response.json | Adds a representative API response fixture for tests. |
| Packs/Tessian/Integrations/TessianEventCollector/test_data/security_events_empty_response.json | Adds an empty API response fixture for tests. |
| Packs/Tessian/Integrations/TessianEventCollector/TessianEventCollector.yml | Defines the new event collector integration configuration and command schema. |
| Packs/Tessian/Integrations/TessianEventCollector/TessianEventCollector.py | Implements API client, pagination, enrichment, manual command, and fetch-events flow. |
| Packs/Tessian/Integrations/TessianEventCollector/TessianEventCollector_test.py | Adds unit test coverage for helpers, pagination, and command flows. |
| Packs/Tessian/Integrations/TessianEventCollector/TessianEventCollector_image.png | Adds integration image asset. |
| Packs/Tessian/Integrations/TessianEventCollector/TessianEventCollector_description.md | Adds setup guidance for portal URL and API token generation. |
| Packs/Tessian/Integrations/TessianEventCollector/README.md | Documents behavior (pagination limits) and enrichment fields. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Packs/Tessian/Integrations/TessianEventCollector/TessianEventCollector.py
Show resolved
Hide resolved
Packs/Tessian/Integrations/TessianEventCollector/TessianEventCollector.py
Show resolved
Hide resolved
Packs/Tessian/Integrations/TessianEventCollector/TessianEventCollector_test.py
Show resolved
Hide resolved
|
@marketplace-ai-reviewer re-review |
|
🤖 Analysis started. Please wait for results... |
🤖 AI Review DisclaimerThis review was generated by an AI-powered tool and may contain inaccuracies. Please be advised, and we extend our sincere apologies for any inconvenience this may cause. |
marketplace-ai-reviewer
left a comment
marketplace-ai-reviewer
left a comment
There was a problem hiding this comment.
Thanks for contributing this Tessian Event Collector integration! I've reviewed the PR and have a few suggestions to help align it with XSOAR standards.
Primarily, please generate the README using demisto-sdk generate-docs, fix a few pack metadata issues (like the missing created key), and ensure the YAML integration parameters follow the standard order (Proxy, then Insecure). In the Python code, make sure to support a first_fetch parameter, enforce the API's minimum fetch limit of 2, and use standard XSOAR helpers like arg_to_datetime.
Let me know if you have any questions!
Additionally, please address the following file-level notes:
Packs/Tessian/Integrations/TessianEventCollector/README.md: This README appears to be manually written and is missing standard sections (e.g., Setup, Commands, Troubleshooting). Please usedemisto-sdk generate-docsto generate a complete and compliant README that includes all commands defined in the YAML file. See Creating Documentation for more details.Packs/Tessian/Integrations/TessianEventCollector/TessianEventCollector_image.png: Consider using only the logo mark (the colorful cube icon) without the text.Packs/Tessian/pack_metadata.json: - The mandatory keycreatedis missing from the pack metadata.- The
githubUserfield contains usernames, butsupportis set toxsoar.
@copilot-pull-request-reviewer[bot], @marketplace-ai-reviewer, @DanielTal87 please review and approve the results generated by the AI Reviewer by responding 👍 on this comment.
| @@ -0,0 +1,402 @@ | |||
| from typing import Any | |||
|
|
|||
| import demistomock as demisto # noqa: F401 | |||
There was a problem hiding this comment.
Add missing imports for datetime and timezone.
| initial_checkpoint: str | None, | ||
| max_fetch: int, | ||
| ) -> tuple[list[dict], str | None]: | ||
| """Fetches events using checkpoint-based pagination. |
There was a problem hiding this comment.
Use more precise type hints for event lists.
| created_after = datetime.now(timezone.utc).strftime(DATE_FORMAT) | ||
| demisto.debug(f"First fetch, starting from: {created_after}") | ||
|
|
||
| events, new_checkpoint = fetch_events_with_pagination( |
There was a problem hiding this comment.
Use arg_to_datetime to parse the created_after argument.
|
|
||
| def main() -> None: # pragma: no cover | ||
| """Main function, parses params and runs command functions.""" | ||
| params = demisto.params() |
There was a problem hiding this comment.
Include the raw response in CommandResults.
Packs/Tessian/Integrations/TessianEventCollector/TessianEventCollector.py
Show resolved
Hide resolved
Packs/Tessian/Integrations/TessianEventCollector/TessianEventCollector.py
Outdated
Show resolved
Hide resolved
Packs/Tessian/Integrations/TessianEventCollector/TessianEventCollector.py
Outdated
Show resolved
Hide resolved
Packs/Tessian/Integrations/TessianEventCollector/TessianEventCollector.yml
Outdated
Show resolved
Hide resolved
Packs/Tessian/Integrations/TessianEventCollector/TessianEventCollector_description.md
Show resolved
Hide resolved
|
|
||
| #### Integrations | ||
|
|
||
| ##### New: Tessian Event Collector |
There was a problem hiding this comment.
The content item header must match the display name exactly.
|
Validate summary Verdict: PR can be force merged from validate perspective? ✅ |
Your contributed Tessian pack has been modified on files:Packs/Tessian/Integrations/TessianEventCollector/TessianEventCollector_test.py |
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
fixes: https://jira-dc.paloaltonetworks.com/browse/CIAC-15730
Description
Added the new Tessian Event Collector
Must have