Contributing to SecOps SOAR integrations

Hey ​@quotermice ,

If you have a suggestion for how the integrations can be improved, currently it’s done via FR ticket issued using support team. 

The Github page that you’ve linked is the official page. Currently, it only lists community integration, but it will be expanded to include all integrations. When that will happen, we will be open to external suggestions and have them merged, as long as they will pass our vetting.

But there is one thing that is not clear to me, why build a whole integration from scratch, where you can make custom changes to commercial ones? You can copy the “Manager” and then add your tweaks to the code. Whenever new version of integration is released, the custom changes are not affected by them, so you can build code in a safe way.

One “hack” that you can do is to export the integration and then import it again. That will make the whole integration customizable, but any script that has the same name as the in the official version will be overwritten during the upgrade (you will get a warning about it during upgrade).

Let me know, if this makes sense. Thanks 

Hey ​@ylandovskyy , 

Support ticket is not convenient in our specific case, but the fact that the GitHub repo is going to become more open is very promising… Hope that it will make new integration posting easier as well.

As you mentioned, it is not always building from the scratch, so we do use existing code with small patches. Though, there are cases when its just more clean to build the full integration from the ground. For example, there is a lot of TIPCommon module usage which for my understanding is a wrapper for siemplify api, and it adds complexity in terms of maintaining the code.

The hack you mentioned is pretty neat, I agree, but also marketplace updates gonna roll back the change 😁 Even thought it prompts, you still want to have the update 😎

Do you happen to know if there is any plan to work on documentation of integrations and SOAR API?

​@quotermice ,

When you mention documentation of integrations, you mean best practices on how to build integrations or something else?

We will work in the nearest future on a proper SOAR SDK, which will also contain things that we have in TIPCommon, so that there is 1 unified library for everything. Can’t give timelines on that.

Current TIPCommon documentation is available here.

​ [removed by moderator] ,

Actually you touched a very good topic, but I mean the information required to use/setup integrations from Marketplace. There are many cases were there are parameters, which are not self-explanatory and would be nice to have additional info/page with more details.

Also SOAR SDK documentation, would be very nice addon. I really love the way SOAR IDE is designed and the whole idea of not leaving the system, so detailed API reference with explanations and samples would be a really great feature!

Thank you for such an insights, is there a way to be more informed/tuned about these kind of topics (SOAR devs in general)?

​@quotermice ,

If you have any integrations from the top of your memory that were challenging to setup, please share it and I will take internally.

I do have to mention that this kind of documentation is generally available here.

This community portal is best space to track announcements!

Thanks again for information!

From the top of my head, there is missing information about secret phrase (parameter doesn’t exist) in ScreenShotMachine.

Also the Send Email action of Microsoft Graph Email has an “Attachment Location” parameter, it is not clear what exactly is the “GCP Bucket” flag means and where the attachment should be? Like which bucket is used exactly.

For the rest will wait the repo :)

Have a nice one!

​@quotermice ,

Thanks for feedback! Will take it internally