NetApp Ransomware Resilience Integration for Google SecOps

[ronypnetapp]

NetApp Ransomware Resilience Integration for Google SecOps

Description

The NetApp Ransomware Resilience integration enables security teams to leverage NetApp's advanced storage protection capabilities directly within Google SecOps SOAR workflows for rapid ransomware incident response. This integration authenticates via OAuth 2.0 using client credentials (client ID, client secret, and account ID) to connect with NetApp's Ransomware Resilience SaaS service. It provides six core actions: Ping (connectivity testing), Enrich IP Address (threat intelligence enrichment for suspicious IPs), Enrich Storage (retrieve volume information for specific agents and storage systems), Take Snapshot (create immutable volume snapshots for recovery purposes), Volume Offline (immediately isolate compromised volumes to prevent lateral spread), and Check Job Status (monitor asynchronous operations). The integration requires configuration of the authentication credentials and optionally supports SSL verification, making it essential for organizations seeking automated, storage-level containment and forensic preservation during active ransomware attacks.

---

Checklist:

Please ensure you have completed the following items before submitting your PR.
This helps us review your contribution faster and more efficiently.

General Checks:

• I have read and followed the project's contributing.md guide.
• My code follows the project's coding style guidelines.
• I have performed a self-review of my own code.
• My changes do not introduce any new warnings.
• My changes pass all existing tests.
• I have added new tests where appropriate to cover my changes. (If applicable)
• I have updated the documentation where necessary (e.g., README, API docs). (If applicable)

Open-Source Specific Checks:

• My changes do not introduce any Personally Identifiable Information (PII) or sensitive customer data.
• My changes do not expose any internal-only code examples, configurations, or URLs.
• All code examples, comments, and messages are generic and suitable for a public repository.
• I understand that any internal context or sensitive details related to this work are handled separately in internal systems (Buganizer for Google team members).

For Google Team Members and Reviewers Only:

• I have included the Buganizer ID in the PR title or description (e.g., "Internal Buganizer ID: 123456789" or "Related Buganizer: go/buganizer/123456789").
• I have ensured that all internal discussions and PII related to this work remain in Buganizer.
• I have tagged the PR with one or more labels that reflect the pull request purpose.

---

Screenshots (If Applicable)

If your changes involve UI or visual elements, please include screenshots or GIFs here.
Ensure any sensitive data is redacted or generalized.

---

Further Comments / Questions

Any additional comments, questions, or areas where you'd like specific feedback.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[gemini-code-assist]

Summary of Changes

Hello @ronypnetapp, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request delivers a comprehensive integration of NetApp's Ransomware Resilience capabilities into Google SecOps SOAR workflows. The primary goal is to provide security teams with robust tools for rapid ransomware incident response, allowing for automated actions directly on storage systems. The integration is designed for secure communication via OAuth 2.0 and offers a suite of actions to enrich threat intelligence, manage storage resources, and monitor operations, thereby streamlining the containment and recovery process during security incidents.

Highlights

• New Integration: Introduced a new integration for NetApp Ransomware Resilience with Google SecOps to enhance incident response capabilities.
• Authentication: Implemented OAuth 2.0 client credentials for secure authentication with the NetApp Ransomware Resilience SaaS service.
• Core Actions: Added six core actions: Ping (connectivity test), Enrich IP Address (threat intelligence), Enrich Storage (volume information), Take Snapshot (immutable snapshots), Volume Offline (isolation), and Check Job Status (asynchronous operations).
• Automated Response: Enabled automated, storage-level containment and forensic preservation during active ransomware attacks within SOAR workflows.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• content/response_integrations/third_party/partner/netappransomwareresilience/.python-version
  • Added Python version specification.
• content/response_integrations/third_party/partner/netappransomwareresilience/actions/Check Job Status.py
  • Added Python script for checking the status of asynchronous jobs.
• content/response_integrations/third_party/partner/netappransomwareresilience/actions/Check Job Status.yaml
  • Added YAML definition for the 'Check Job Status' action.
• content/response_integrations/third_party/partner/netappransomwareresilience/actions/Enrich IP Address.py
  • Added Python script for enriching IP addresses with threat intelligence.
• content/response_integrations/third_party/partner/netappransomwareresilience/actions/Enrich IP Address.yaml
  • Added YAML definition for the 'Enrich IP Address' action.
• content/response_integrations/third_party/partner/netappransomwareresilience/actions/Enrich Storage.py
  • Added Python script for enriching storage information.
• content/response_integrations/third_party/partner/netappransomwareresilience/actions/Enrich Storage.yaml
  • Added YAML definition for the 'Enrich Storage' action.
• content/response_integrations/third_party/partner/netappransomwareresilience/actions/Ping.py
  • Added Python script for testing connectivity to the Ransomware Resilience service.
• content/response_integrations/third_party/partner/netappransomwareresilience/actions/Ping.yaml
  • Added YAML definition for the 'Ping' action.
• content/response_integrations/third_party/partner/netappransomwareresilience/actions/Take Snapshot.py
  • Added Python script for creating volume snapshots.
• content/response_integrations/third_party/partner/netappransomwareresilience/actions/Take Snapshot.yaml
  • Added YAML definition for the 'Take Snapshot' action.
• content/response_integrations/third_party/partner/netappransomwareresilience/actions/Volume Offline.py
  • Added Python script for taking volumes offline.
• content/response_integrations/third_party/partner/netappransomwareresilience/actions/Volume Offline.yaml
  • Added YAML definition for the 'Volume Offline' action.
• content/response_integrations/third_party/partner/netappransomwareresilience/core/ApiManager.py
  • Added API manager for handling authentication and API calls to NetApp RRS.
• content/response_integrations/third_party/partner/netappransomwareresilience/core/auth_manager.py
  • Added custom OAuth manager and adapter for secure token management and refresh.
• content/response_integrations/third_party/partner/netappransomwareresilience/core/constants.py
  • Added constants for integration configuration and API endpoints.
• content/response_integrations/third_party/partner/netappransomwareresilience/core/utils.py
  • Added utility functions for OAuth token expiry calculation, encryption key generation, and URL construction.
• content/response_integrations/third_party/partner/netappransomwareresilience/definition.yaml
  • Added the main integration definition file, specifying parameters and metadata.
• content/response_integrations/third_party/partner/netappransomwareresilience/pyproject.toml
  • Added project configuration and dependencies for Python.
• content/response_integrations/third_party/partner/netappransomwareresilience/release_notes.yaml
  • Added an empty release notes file.
• content/response_integrations/third_party/partner/netappransomwareresilience/resources/logo.svg
  • Added the SVG logo for the integration.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request introduces the NetApp Ransomware Resilience integration, providing actions for IP enrichment, storage enrichment, snapshot creation, volume offline operations, and job status checks. The code generally follows a good structure for integrations. However, several areas require attention to improve correctness, maintainability, and adherence to the repository's style guide. Key issues include incorrect token expiration logic, logging of potentially sensitive information, missing documentation for function parameters and exceptions, and the use of specific IDs as default values in YAML configuration files. Additionally, some imports are unused, and there are minor style inconsistencies.

[gemini-code-assist]

Warning

Gemini encountered an error creating the review. You can try again by commenting /gemini review.

[ronypnetapp]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a new integration for NetApp Ransomware Resilience. While the core functionality for several actions is present, there are critical issues that must be addressed before this can be considered for merging. Most importantly, the submission is missing the required unit tests, which is a mandatory part of the contribution process for this repository. Additionally, the code contains hardcoded staging endpoints and has SSL verification disabled, making it unsuitable for a production environment. I have also left several comments regarding violations of the repository's style guide, including missing type hints, incomplete docstrings, broad exception handling, and potential logging of sensitive data. Please address these points to improve the security, reliability, and maintainability of the integration.

[gemini-code-assist]

This new integration is missing the required unit tests. The repository style guide mandates that all new features in the content/response_integrations/** directory must include corresponding pytest unit tests to ensure production stability. Please add a test suite that covers the new actions and core logic, ensuring that network calls are mocked as per the guide's reference examples.

References

1. All new features, bug fixes, or integrations added to content/response_integrations/** must include corresponding unit tests to ensure production stability. ^(link)

[gemini-code-assist]

The try...except block catches the generic Exception, which can mask underlying issues and make debugging difficult. Please catch more specific exceptions, such as requests.exceptions.RequestException for network errors, and other potential exceptions from the ApiManager. This will improve error handling and resilience, as per the style guide's "Production-Ready SecOps" principle. This comment applies to all action scripts in this PR.

References

1. Code must be resilient. Implement defensive programming, proactive error handling, and structured logging. ^(link)

[gemini-code-assist]

The main function is missing a return type annotation (-> None) and a Google-style docstring. The repository style guide requires both for all functions to improve readability and maintainability. Please add them. This applies to all action scripts in this PR.

Suggested change

	def main():
	def main() -> None:

References

1. All function parameters and return types must be annotated. ^(link)
2. Use """Docstring""" for all modules, classes, and functions. ^(link)

[AmitJ98]

Hi @ronypnetapp my name is Amit i will review your pr.
first of all please sign the google cla: https://github.com/chronicle/content-hub/blob/main/docs/contributing.md
resolve all the pr comments by me and gemini.

[AmitJ98]

Hi @ronypnetapp please see the errors from the github actions:
linter errors
build errors
validation errors

i think that the build and validations errors is caused by the missing image.png in the resources folder.
see example in: https://github.com/chronicle/content-hub/tree/main/content/response_integrations/third_party/partner/anyrun_sandbox/resources

[ronypnetapp]

@AmitJ98 I have a question regarding the linter errors. This integration was entirely developed using SecOps IDE, and I used the mp tool to pull the custom integration codebase locally. Given this, I expected the pulled code to comply with the expected linter rules. If I start fixing these linter issues in my local codebase, these fixes will be overridden the next time I do a fresh pull, requiring me to redo them.

Additionally, I am unable to push my local changes to the remote repository using the command mp dev-env push integration netapp-ransomware-resilience. I am encountering the following error. (The pulled root folder name is "netappransomwareresilience" without hyphens.)

What would you recommend in this case to resolve this issue gracefully?

[AmitJ98]

@AmitJ98 I have a question regarding the linter errors. This integration was entirely developed using SecOps IDE, and I used the mp tool to pull the custom integration codebase locally. Given this, I expected the pulled code to comply with the expected linter rules. If I start fixing these linter issues in my local codebase, these fixes will be overridden the next time I do a fresh pull, requiring me to redo them.

Additionally, I am unable to push my local changes to the remote repository using the command mp dev-env push integration netapp-ransomware-resilience. I am encountering the following error. (The pulled root folder name is "netappransomwareresilience" without hyphens.)

What would you recommend in this case to resolve this issue gracefully?

to answer your questions:

1. you should fix the the linter issues, the SecOps idea doesnt have lint, when you push it will be pushed fixed.
   you can use mp check and mp format commands to fix most of the lint issues automaticlly.
2. the push command expect to be like:
   "mp dev-env push integration "

[ronypnetapp]

@AmitJ98 I have a question regarding the linter errors. This integration was entirely developed using SecOps IDE, and I used the mp tool to pull the custom integration codebase locally. Given this, I expected the pulled code to comply with the expected linter rules. If I start fixing these linter issues in my local codebase, these fixes will be overridden the next time I do a fresh pull, requiring me to redo them.
Additionally, I am unable to push my local changes to the remote repository using the command mp dev-env push integration netapp-ransomware-resilience. I am encountering the following error. (The pulled root folder name is "netappransomwareresilience" without hyphens.)
What would you recommend in this case to resolve this issue gracefully?

to answer your questions:

1. you should fix the the linter issues, the SecOps idea doesnt have lint, when you push it will be pushed fixed.
   you can use mp check and mp format commands to fix most of the lint issues automaticlly.
2. the push command expect to be like:
   "mp dev-env push integration "

@AmitJ98 I have a question regarding the linter errors. This integration was entirely developed using SecOps IDE, and I used the mp tool to pull the custom integration codebase locally. Given this, I expected the pulled code to comply with the expected linter rules. If I start fixing these linter issues in my local codebase, these fixes will be overridden the next time I do a fresh pull, requiring me to redo them.
Additionally, I am unable to push my local changes to the remote repository using the command mp dev-env push integration netapp-ransomware-resilience. I am encountering the following error. (The pulled root folder name is "netappransomwareresilience" without hyphens.)
What would you recommend in this case to resolve this issue gracefully?

to answer your questions:

1. you should fix the the linter issues, the SecOps idea doesnt have lint, when you push it will be pushed fixed.
   you can use mp check and mp format commands to fix most of the lint issues automaticlly.
2. the push command expect to be like:
   "mp dev-env push integration "

@AmitJ98 I figured out the actual issue, and it's related to the folder name of the custom integration. When I pulled the integration from the IDE, it was pulled into a folder named using the snake_case pattern, even though my identifier followed the PascalCase pattern. This creates a problem when pushing using the mp command: the integration name is in PascalCase, but the folder name generated is in snake_case. Using the PascalCase name throws an error with the mp command, complaining that such a folder does not exist. How do we handle such a case?

[AmitJ98]

@AmitJ98 I have a question regarding the linter errors. This integration was entirely developed using SecOps IDE, and I used the mp tool to pull the custom integration codebase locally. Given this, I expected the pulled code to comply with the expected linter rules. If I start fixing these linter issues in my local codebase, these fixes will be overridden the next time I do a fresh pull, requiring me to redo them.
Additionally, I am unable to push my local changes to the remote repository using the command mp dev-env push integration netapp-ransomware-resilience. I am encountering the following error. (The pulled root folder name is "netappransomwareresilience" without hyphens.)
What would you recommend in this case to resolve this issue gracefully?

to answer your questions:

1. you should fix the the linter issues, the SecOps idea doesnt have lint, when you push it will be pushed fixed.
   you can use mp check and mp format commands to fix most of the lint issues automaticlly.
2. the push command expect to be like:
   "mp dev-env push integration "

@AmitJ98 I have a question regarding the linter errors. This integration was entirely developed using SecOps IDE, and I used the mp tool to pull the custom integration codebase locally. Given this, I expected the pulled code to comply with the expected linter rules. If I start fixing these linter issues in my local codebase, these fixes will be overridden the next time I do a fresh pull, requiring me to redo them.
Additionally, I am unable to push my local changes to the remote repository using the command mp dev-env push integration netapp-ransomware-resilience. I am encountering the following error. (The pulled root folder name is "netappransomwareresilience" without hyphens.)
What would you recommend in this case to resolve this issue gracefully?

to answer your questions:

1. you should fix the the linter issues, the SecOps idea doesnt have lint, when you push it will be pushed fixed.
   you can use mp check and mp format commands to fix most of the lint issues automaticlly.
2. the push command expect to be like:
   "mp dev-env push integration "

@AmitJ98 I figured out the actual issue, and it's related to the folder name of the custom integration. When I pulled the integration from the IDE, it was pulled into a folder named using the snake_case pattern, even though my identifier followed the PascalCase pattern. This creates a problem when pushing using the mp command: the integration name is in PascalCase, but the folder name generated is in snake_case. Using the PascalCase name throws an error with the mp command, complaining that such a folder does not exist. How do we handle such a case?

the command should be mp dev-env push integration netappransomwareresilience
when you push you need to specify the integration folder name, and when pulling from soar you need to write the integration name in the idea

[github-actions]

❌ Marketplace Validation Failed

Click to view the full report

---

Validation Report

🧩 Integrations

Pre-Build Stage

netappransomwareresilience

Validation Name	Details
⚠️ Integration Version Bump	New integration project.toml and release_note.yaml version must be initialize to 1.0
⚠️ SSL Integration Validation	netapp-ransomware-resilience is missing a 'Verify SSL' parameter
⚠️ Documentation Link Validation	'netappransomwareresilience' is missing a documentation link
⚠️ Fields Validation	Action Parameter name: volume_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: agent_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: system_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: agent_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: system_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: volume_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: agent_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: system_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: agent_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: job_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds)

[github-actions]

❌ Marketplace Validation Failed

Click to view the full report

---

Validation Report

🧩 Integrations

Pre-Build Stage

netappransomwareresilience

Validation Name	Details
⚠️ Integration Version Bump	New integration project.toml and release_note.yaml version must be initialize to 1.0
⚠️ SSL Integration Validation	netapp-ransomware-resilience is missing a 'Verify SSL' parameter
⚠️ Documentation Link Validation	'netappransomwareresilience' is missing a documentation link
⚠️ Fields Validation	Action Parameter name: volume_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: agent_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: system_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: agent_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: system_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: volume_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: agent_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: system_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: agent_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: job_id does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds)

[AmitJ98]

please change actions file names to snake case

[AmitJ98]

Hey @ronypnetapp please resolve gemini comments and my comments before we can continue.
In addition fix the linter issues. you can see them in the failed github actions or by using mp cli tool and running "mp check ." and "mp format ." from your integration folder.