+8Hello all,
One regular thing I have to do is update integrations and one risk mitigation I do is export the current integration before performing the update.
What field in the exported json can I change so that the tenant does not produce this overwrite warning message on reimport:
Best answer by ddiserens
@donkos That makes sense, what you need to change is not the name in the integration def its the identifier. One thing to Note: make sure to change it in all def files. (i.e. actiondef and connector def.)
Its also important that the name of the integration def file and the identifier that you use match. As shown in the screenshot below:
+6The reason for the overwrite notification that you are getting is because the integration you are importing already exists. If you don't want to see the error you would need to delete the integration before importing the integration.
+8The reason for the overwrite notification that you are getting is because the integration you are importing already exists. If you don't want to see the error you would need to delete the integration before importing the integration.
But its judging that based on a name correct? and a version?
I'm aiming to have a backup, older version of an integration available before I update the true integration for risk mitigation purposes. I have had support help with this before but I'm looking for some formal guidance so that I can do this myself when necessary.
+6@donkos That makes sense, what you need to change is not the name in the integration def its the identifier. One thing to Note: make sure to change it in all def files. (i.e. actiondef and connector def.)
Its also important that the name of the integration def file and the identifier that you use match. As shown in the screenshot below:
+8I was trying to use the AbuseIPDB integration as an example - I changed the identifier to AbuseIPDB_v25, I changed the name of the def file to Integration-AbuseIPDB_v25, I changed the identifiers in the action defs to the same name, but I'm getting the error that an integration def file could not be found upon import to the platform.
{"Name":"Check IP Reputation","Description":"Checks the reputation of all address entities associated with an alert. Includes pre-formatted insight creation. Excludes internal entities by default.","Script":"from SiemplifyAction import SiemplifyAction\\nfrom SiemplifyDataModel import EntityTypes\\nfrom SiemplifyUtils import unix_now, convert_unixtime_to_datetime, output_handler, add_prefix_to_dict, \\\\\\n convert_dict_to_json_result_dict\\nfrom ScriptResult import EXECUTION_STATE_COMPLETED, EXECUTION_STATE_FAILED, EXECUTION_STATE_TIMEDOUT\\nfrom AbuseIPDB import AbuseIPDBManager, AbuseIPDBInvalidAPIKeyManagerError, AbuseIPDBLimitManagerError\\nimport json\\n\\nSCRIPT_NAME = \\"Check IP Reputation\\"\\nIDENTIFIER = u'AbuseIPDB_v25'\\nABUSEIPDB_PREFIX = u'AbuseIPDB_'\\n\\n\\n@output_handler\\ndef main():\\n siemplify = SiemplifyAction()\\n siemplify.script_name = SCRIPT_NAME\\
I've also included the first bit of one of the action defs to show that I renamed the identifier.
+6In the actiondef files the name of the field that you want to change is called "IntegrationIdentifier". It looks like from what you sent that you changed a value called IDENTIFIER within the actual code of the action.
+7@donkos That makes sense, what you need to change is not the name in the integration def its the identifier. One thing to Note: make sure to change it in all def files. (i.e. actiondef and connector def.)
Its also important that the name of the integration def file and the identifier that you use match. As shown in the screenshot below:
Hi @ddiserens
I recently tried to change the integration name, following the steps mentioned in this answer, except renaming the integration def file.
When I imported this integration bundle, it showed "> 1 def files found" error, but the integration got installed. However, I cannot delete this integration by any means.
I have asked a similar question here: https://www.googlecloudcommunity.com/gc/SOAR-Forum/Need-to-delete-a-custom-integration-in-SecOps-SOAR/m-p/834631#M3057
Is there any way to remove this integration ?
+6Hi @ddiserens
I recently tried to change the integration name, following the steps mentioned in this answer, except renaming the integration def file.
When I imported this integration bundle, it showed "> 1 def files found" error, but the integration got installed. However, I cannot delete this integration by any means.
I have asked a similar question here: https://www.googlecloudcommunity.com/gc/SOAR-Forum/Need-to-delete-a-custom-integration-in-SecOps-SOAR/m-p/834631#M3057
Is there any way to remove this integration ?
Support needs to do it. Are you able to open a support ticket? Can you post what you submitted? Integration def file name and the identifier you used in each file.
+7Support needs to do it. Are you able to open a support ticket? Can you post what you submitted? Integration def file name and the identifier you used in each file.
Hi @ddiserens, Unfortunately, I only have a Basic support plan, so I could not raise a support ticket for this.
However, my integration def file name is something like Integration-Test Integration.def and the identifier I used in each file is TestIntegration. So, there is a mismatch of a space.
I faced a similar issue while importing the integration in the Staging environment, but luckily, I was able to delete it. This is not the case in Production, as it shows the error code: 500. This is somewhat of a blocker issue for me as I cannot upload any integration with the same Identifier field.
Thanks.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
