Skip to content

SLS - SCM GW Auth#44967

Open
TheL0L wants to merge 7 commits into
masterfrom
syakima/ciac-17092/sls-new-auth
Open

SLS - SCM GW Auth#44967
TheL0L wants to merge 7 commits into
masterfrom
syakima/ciac-17092/sls-new-auth

Conversation

@TheL0L

@TheL0L TheL0L commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Related Issues

fixes: CIAC-17092

Description

Implemented SCM GW authentication as a replacement for the deprecated OProxy authentication.

@content-bot

Copy link
Copy Markdown
Contributor

🤖 AI-Powered Code Review Available

You can leverage AI-powered code review to assist with this PR!

Available Commands:

  • @marketplace-ai-reviewer start review - Initiate a full AI code review
  • @marketplace-ai-reviewer re-review - Incremental review for new commits

@TheL0L TheL0L self-assigned this Jul 6, 2026
@TheL0L TheL0L requested a review from kamalq97 July 6, 2026 13:01
@TheL0L TheL0L added python Pull requests that update Python code ready-for-pipeline-running Whether the pr is ready for running the whole pipeline, including testing on SAAS machines ready-for-ai-review The PR is ready for reviewing the PR with the AI Reviewer. labels Jul 6, 2026
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown

@marketplace-ai-reviewer marketplace-ai-reviewer removed the ready-for-ai-review The PR is ready for reviewing the PR with the AI Reviewer. label Jul 6, 2026
@marketplace-ai-reviewer

Copy link
Copy Markdown
Contributor

🤖 Analysis started. Please wait for results...

@marketplace-ai-reviewer

Copy link
Copy Markdown
Contributor
🤖 AI Review Disclaimer

This review was generated by an AI-powered tool and may contain inaccuracies. Please be advised, and we extend our sincere apologies for any inconvenience this may cause.

@marketplace-ai-reviewer marketplace-ai-reviewer left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi there, thanks for your updates to the Cortex Data Lake integration! I've left a few suggestions to help polish the code and documentation. Specifically, please improve the exception handling to preserve error context, ensure all deprecated OProxy parameters are fully hidden in the YAML configuration, and make a few minor metadata and release note styling tweaks. Thanks again for your hard work on this!

Additionally, please address the following file-level notes:

  • Packs/CortexDataLake/Integrations/CortexDataLake/CortexDataLake.yml: The PR description states that OProxy authentication is deprecated. While hidden: true was added to credentials_refresh_token, the other OProxy-related parameters (credentials_reg_id and credentials_auth_key) remain visible. Consider hiding them as well if they are no longer used.
  • Packs/CortexDataLake/Integrations/CortexDataLake/CortexDataLake_description.md: Move the ## Overview section and version-compatibility statement to the README.
  • Packs/CortexDataLake/pack_metadata.json: - The url field should be updated to https://www.paloaltonetworks.com/cortex.
  • Please add the vendor name (e.g., Palo Alto Networks) to the keywords array.
  • Please add "marketplacev2" to the marketplaces array.

@kamalq97, @TheL0L please review and approve the results generated by the AI Reviewer by responding 👍 on this comment.

Comment thread Packs/CortexDataLake/Integrations/CortexDataLake/CortexDataLake.py Outdated
Comment thread Packs/CortexDataLake/Integrations/CortexDataLake/CortexDataLake.py Outdated
Comment thread Packs/CortexDataLake/Integrations/CortexDataLake/CortexDataLake.yml Outdated
Comment thread Packs/CortexDataLake/ReleaseNotes/1_6_0.md Outdated
Comment thread Packs/CortexDataLake/ReleaseNotes/1_6_0.md Outdated
@content-bot

This comment has been minimized.

@TheL0L TheL0L requested a review from richardbluestone July 7, 2026 08:14
@content-bot

Copy link
Copy Markdown
Contributor

Validate summary
The following errors were thrown as a part of this pr: IN124, BA130.
The following errors can be ignored: IN124, BA130.
If the AG100 validation in the pre-commit GitHub Action fails, the pull request cannot be force-merged.
The following errors don't run as part of the nightly flow and therefore can be force merged: IN124, BA130.

Verdict: PR can be force merged from validate perspective? ✅

@TheL0L TheL0L marked this pull request as ready for review July 7, 2026 10:17
@content-bot

Copy link
Copy Markdown
Contributor

🔍 AI Triage Report Available

An automated triage report has been generated for this pipeline.

Status: failed
Report ID: 44371ea7e5037306

📋 Triage Report
💡 Resolutions are available in the full report.

⚠️ AI-generated triage. Validate before acting.

@richardbluestone richardbluestone requested review from julieschwartz18 and removed request for richardbluestone July 7, 2026 16:37

@julieschwartz18 julieschwartz18 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@TheL0L Doc review complete, minor edits. Please check the comments. In the meantime, adding the label docs-approved

1. In the War Room, run the command `!GetLicenseID` to get the `license ID`.
2. Go to __Settings__ > __ABOUT__ > __License__ to get the `Customer Name`.
3. Go to the [HUB](https://apps.paloaltonetworks.com/apps) and login using your **Palo Alto Networks** credentials.
3. Go to the [HUB](https://apps.paloaltonetworks.com/apps) and login using your **Palo Alto Networks** credentials.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
3. Go to the [HUB](https://apps.paloaltonetworks.com/apps) and login using your **Palo Alto Networks** credentials.
3. Go to the [HUB](https://apps.paloaltonetworks.com/apps) and log in using your Palo Alto Networks credentials.

8. Click __Add instance__ to create and configure a new integration instance.
* __Name__: A textual name for the integration instance.
* __Authentication Token__: From the authentication process
* __Registration ID__: From the authentication process

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* __Registration ID__: From the authentication process
* __Registration ID__: From the authentication process.

* __Authentication Token__: From the authentication process
* __Registration ID__: From the authentication process
* The token retrieval URL is inferred based on the tenant's FedRAMP status unless explicitly specified in the __Registration ID__ parameter in the format `REGISTRATION_ID@URL`.
* __Encryption Key__: From the authentication process

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* __Encryption Key__: From the authentication process
* __Encryption Key__: From the authentication process.

* __Registration ID__: From the authentication process
* The token retrieval URL is inferred based on the tenant's FedRAMP status unless explicitly specified in the __Registration ID__ parameter in the format `REGISTRATION_ID@URL`.
* __Encryption Key__: From the authentication process
* __Client Secret__: From the authentication process

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* __Client Secret__: From the authentication process
* __Client Secret__: From the authentication process.

* The token retrieval URL is inferred based on the tenant's FedRAMP status unless explicitly specified in the __Registration ID__ parameter in the format `REGISTRATION_ID@URL`.
* __Encryption Key__: From the authentication process
* __Client Secret__: From the authentication process
* __proxy__: Use system proxy settings

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* __proxy__: Use system proxy settings
* __proxy__: Use system proxy settings.

* __Client Secret__: From the authentication process
* __proxy__: Use system proxy settings
* __insecure__: Trust any certificate (not secure)
* __Fetch incidents__: Whether to fetch incidents or not

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* __Fetch incidents__: Whether to fetch incidents or not
* __Fetch incidents__: Whether to fetch incidents.

* __proxy__: Use system proxy settings
* __insecure__: Trust any certificate (not secure)
* __Fetch incidents__: Whether to fetch incidents or not
* __first_fetch_timestamp__: First fetch time (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* __first_fetch_timestamp__: First fetch time (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)
* __first_fetch_timestamp__: First fetch time (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year).

* __insecure__: Trust any certificate (not secure)
* __Fetch incidents__: Whether to fetch incidents or not
* __first_fetch_timestamp__: First fetch time (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)
* __Severity of events to fetch (Firewall)__: Select from all,Critical,High,Medium,Low,Informational,Unused

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* __Severity of events to fetch (Firewall)__: Select from all,Critical,High,Medium,Low,Informational,Unused
* __Severity of events to fetch (Firewall)__: Select from all, Critical, High, Medium, Low, Informational, or Unused.

* __Fetch incidents__: Whether to fetch incidents or not
* __first_fetch_timestamp__: First fetch time (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)
* __Severity of events to fetch (Firewall)__: Select from all,Critical,High,Medium,Low,Informational,Unused
* __Subtype of events to fetch (Firewall)__: Select from all,attack,url,virus,spyware,vulnerability,file,scan,flood,packet,resource,data,url-content,wildfire,extpcap,wildfire-virus,http-hdr-insert,http-hdr,email-hdr,spyware-dns,spyware-wildfire-dns,spyware-wpc-dns,spyware-custom-dns,spyware-cloud-dns,spyware-raven,spyware-wildfire-raven,spyware-wpc-raven,wpc-virus,sctp

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* __Subtype of events to fetch (Firewall)__: Select from all,attack,url,virus,spyware,vulnerability,file,scan,flood,packet,resource,data,url-content,wildfire,extpcap,wildfire-virus,http-hdr-insert,http-hdr,email-hdr,spyware-dns,spyware-wildfire-dns,spyware-wpc-dns,spyware-custom-dns,spyware-cloud-dns,spyware-raven,spyware-wildfire-raven,spyware-wpc-raven,wpc-virus,sctp
* __Subtype of events to fetch (Firewall)__: Select from all, attack, url, virus, spyware, vulnerability, file, scan, flood, packet, resource, data, url-content, wildfire, extpcap, wildfire-virus, http-hdr-insert, http-hdr, email-hdr, spyware-dns, spyware-wildfire-dns, spyware-wpc-dns, spyware-custom-dns, spyware-cloud-dns, spyware-raven, spyware-wildfire-raven, spyware-wpc-raven, or wpc-virus,sctp.

3. After that every 60 minutes.

If you wish to try authenticating again, run the 'cdl-reset-authentication-timeout' command and retry. No newline at end of file
If you wish to try authenticating again, run the 'cdl-reset-authentication-timeout' command and retry.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
If you wish to try authenticating again, run the 'cdl-reset-authentication-timeout' command and retry.
To try authenticating again, run the 'cdl-reset-authentication-timeout' command and retry.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

docs-approved python Pull requests that update Python code ready-for-pipeline-running Whether the pr is ready for running the whole pipeline, including testing on SAAS machines

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants