IBM Security SOAR

Expand all | Collapse all

Version Control for Scripts and Pre-Process Scripts

  • 1.  Version Control for Scripts and Pre-Process Scripts

    Posted Mon January 06, 2020 01:20 AM

    Hi,

    Does anybody know of a way we can version control scripts or pre/post process scripts contained in workflows/functions. We have some key integrations based on them and would like to make sure that we are protected some what from tweaks and changes.

    Many thanks
    Ryan



  • 2.  RE: Version Control for Scripts and Pre-Process Scripts

    Posted Mon January 06, 2020 08:37 AM
    Hello Ryan,

    Thanks for the great question. There are multiple ways to emulate version control for workflows in resilient, the current best approach (particularly in production environments) for something akin to version control for workflows consists of making use of the resilient-circuits extract capability:

    You can specify multiples workflows that you wish to version within the .res file, giving a descriptive name and timestamp to avoid confusion in production environments. We are considering adding this functionality as a utility in the future. Grateful as always for your input, we are constantly striving for process improvement.

    Kind regards,

    ------------------------------
    Sean OGorman
    ------------------------------



  • 3.  RE: Version Control for Scripts and Pre-Process Scripts

    Posted Tue January 07, 2020 08:29 AM
    Ryan, 

    This is not easy to do currently with Resilient. There are some ways to accomplish part of what you want which is what Sean has described.

    We have heard this as a significant pain point for customer and are currently in the process of trying to define the most effective way to do this in the product. If it is possible for you to describe what your ideal use case looks like and the steps you would like the product to support that provides us with good information to take into account.

    One of the thoughts we have is to support a process similar to what developers would use when they have git as their source code control. The idea of checkouts, changes, commits, checkins, etc. Not sure if that is overkill or not.

    Any thoughts you have is welcome.

    Ben

    ------------------------------
    Ben Lurie
    ------------------------------



  • 4.  RE: Version Control for Scripts and Pre-Process Scripts

    Posted Wed January 08, 2020 02:11 PM
    Edited by Jared Fagel Wed January 08, 2020 02:12 PM
    @Ben Lurie,

    I think the Git methodology for version control would be overkill and too technical for some users.

    I'd recommend a simpler approach:
    • Clicking "Save" from the script/workflow editor could open a dialog for "Change Notes" with a rich-text text editor for the notes.
    • Selecting "Confirm Save" in that dialog would save the notes to the updated script/workflow, archive the original (unedited) script/workflow (with it's original "Change Notes") and an archived_on timestamp, and then overwrite it.
    • A "Previous Versions Repo" option could be visible in the editor that would open a list of the the archived versions, archived_on timestamp, and changelog notes.
    • Clicking into a previous version would open it in the editor with a "Restore Previous Version" option where "Save" was.

    ​Just an idea, added comment to the Aha.io idea on this.

    ------------------------------
    Jared Fagel
    Cyber Security Analyst I
    Public Utility
    ------------------------------



  • 5.  RE: Version Control for Scripts and Pre-Process Scripts

    Posted Thu January 09, 2020 12:58 AM

    @Ben Lurie @Jared Fagel

    Yes, I think logistically it would be better to create some basic functionality within the product. Not everybody who will use resilient is a developer. If the above can be implemented I would suggest this.


    Thanks everyone for the comments. It's good to see the team taking ideas on-board. ​



    ------------------------------
    ryan Harvey
    ------------------------------



  • 6.  RE: Version Control for Scripts and Pre-Process Scripts

    Posted Tue January 07, 2020 01:31 PM
    I'm working on this same issue right now, trying to version control everything in the front end by querying the API using the python SDK.

    Scripts are an easy get by querying the /scripts/{id} endpoint.  Each script will have a key script_text that contains the full script

    Workflows are a little more complex, the pre and post processing is embedded in XML but can be called using the /workflows endpoint.  The data is stored in the xml subkey of the key content

    ------------------------------
    Ian Day
    ------------------------------