YR/Sailpoint-IdentityNow-Collector/CIAC-6503 (#34070)

* fix bug * init * yml * init py * Authorization * adding more * more * fix the query * fixes * entry status * revert * fixes * more * fix * more * link * readme * tests * fixes * adding logs * description * fix test * cr * image * format * fix * change readme * changes * more logs * testing * works * adding debug * using only ID * added modeling rules * added realse notes * fixed xif file in ModelingRule * update schema * deleting the modelling rules * fixes * fix loop * Revert "deleting the modelling rules" This reverts commit 7517839. * changes in schema of the modeling rule * changes in the modeling rule * fixed objects type in the schema * fixes to schema * improved version * version to sens * fixes * fixes * fix * fixes * tests * fixes * add test * add test * add test and pre commit * fixed from cr * fixes from cr * fix test * fix tests * pre commit and no cover * rn * mypy * mypy * fix mypy * remove type ignore * fixes from cr * remove the dev * Apply suggestions from Shirley Co-authored-by: ShirleyDenkberg <[email protected]> --------- Co-authored-by: Sharon Fish <[email protected]> Co-authored-by: Chanan Welt <[email protected]> Co-authored-by: sharonfi99 <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]>
demisto · Aug 8, 2024 · 7694698 · 7694698
1 parent 0c88fd4
commit 7694698
Show file tree

Hide file tree

Showing 11 changed files with 834 additions and 1 deletion.
diff --git a/.../SailPointIdentityNow/Integrations/SailPointIdentityNowEventCollector/README.md b/.../SailPointIdentityNow/Integrations/SailPointIdentityNowEventCollector/README.md
@@ -0,0 +1,48 @@
+This is the SailPoint IdentityNow event collector integration for Cortex XSIAM.
+This integration was integrated and tested with version 3 of SailPoint API.
+
+## Configure SailPoint IdentityNow Event Collector on Cortex XSOAR
+
+1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
+2. Search for SailPoint IdentityNow Event Collector.
+3. Click **Add instance** to create and configure a new integration instance.
+
+    | **Parameter** | **Required** |
+    | --- | --- |
+    | IdentityNow Server URL (e.g., https://{tenant}.api.identitynow.com)  <br /> In order to get the tenant name, follow this [link](https://developer.sailpoint.com/docs/api/getting-started/#find-your-tenant-name).| True |
+    | Client ID <br /> In order to generate the Client ID and Client Secret, follow this [link](https://developer.sailpoint.com/docs/api/authentication/#generate-a-personal-access-token).  | True |
+    | Client Secret | True |
+    | Max number of events per fetch | False |
+    | Trust any certificate (not secure) | False |
+    | Use system proxy settings | False |
+
+4. Click **Test** to validate the URLs, token, and connection.
+
+Note: After generating client credentials, it is required to allow the following scopes: sp, search, read.
+
+## Commands
+
+You can execute these commands from the Cortex XSIAM CLI, as part of an automation, or in a playbook.
+After you successfully execute a command, a DBot message appears in the War Room with the command details.
+
+### identitynow-get-events
+
+***
+Gets events from SailPoint IdentityNow. This command is used for developing/debugging and is to be used with caution, as it can create events, leading to event duplication and exceeding API request limitations.
+
+#### Base Command
+
+`identitynow-get-events`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| should_push_events | If true, the command will create events, otherwise it will only display them. Possible values are: true, false. Default is false. | Optional | 
+| limit | Maximum number of results to return. Default is 50. | Optional | 
+| from_date | Date from which to get events in the format of %Y-%m-%dT%H:%M:%S. | Optional |
+| from_id | An ID of the event to retrieve events from.| Optional |
+
+#### Context Output
+
+There is no context output for this command.