Skip to content

Illumio Block Port Playbook #153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: 6.0
Choose a base branch
from
Open

Illumio Block Port Playbook #153

wants to merge 2 commits into from

Conversation

@dsommerville-illumio
Copy link

@dsommerville-illumio dsommerville-illumio commented Jul 3, 2023

Playbook quality checklist

  • Please check if your PR fulfills the following requirements.

Requirements for Settings

  • Playbook name is A-Z in Title case with underscores between words. (e.g. MS_Graph_Search_and_Purge)
  • Category in Title case with spaces between words (e.g. Identifier Reputation Analysis)
  • Description is free of grammatical errors and describe what the playbook does.
  • Notes list any setup required on the third-party API as well as intended areas for customization.

Requirements for all playbooks

  • Playbook block count not greater than 20 (not including Start and End blocks).
  • If referencing a custom list, Notes document what the expected values are in that custom list.

Requirements for all playbook blocks

  • All blocks have a custom name no more than 4 words, all lowercase, and separated by space (e.g. close workbook task)
  • All blocks that support a Notes Tooltip have it filled out. Must be grammatically correct and describes the intended purpose of that block.
  • Where custom code is used, block notes indicate presence of custom code (e.g. "This block uses custom code")
  • No block is disabled by custom code
  • Custom code is documented with notes
  • Debug statements are removed or commented out

Requirements for specific blocks

Start/End blocks

  • No custom code of any kind in Start and End blocks

Decision/Filter

  • All condition paths have a custom label
Action
  • Use apps available on Splunkbase
  • Use asset names that are the app name, all lowercase separated by underscores (e.g. Azure AD Graph becomes azure_ad_graph)
Utility
  • Block is using community version
Playbook
  • Block is using local version

Requirements for specific playbooks

Automation Playbooks
  • Label is set to '*'
  • No more than 3 concurrent branching paths.

Other considerations (PR type specific)

  • If new playbook, there is a screenshot ending in .png with the same name as the playbook .json
  • Playbook major minor version matches repo (e.g. 5.5 != 6.0)
  • PR contains both .py and .json

Playbook Testing

  • Playbook tested against expected input
  • Playbook handles invalid input
  • If playbook launches actions, it handles actions with status == failed.

@dsommerville-illumio
Copy link
Author

dsommerville-illumio commented Jul 3, 2023

I wanted to clarify a couple of points before updating the playbook:

  • Is there a way to indicate to the user that the playbook has failed if an action fails? Should each action be followed by a decision that outputs the error on failure?
  • Similarly, what is the recommended way to inform the user that the inputs are incorrect? Or should there simply be sequential filters that check the validity of each playbook?
  • This playbook is already past the 20-node limit, and with those additions it would be well over 30 (assuming filters and decisions are included in the count). Does the scope of the playbook need to be changed?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dsommerville-illumio