Contrib/dzion - create-appsec-rules#42981
Open
DorZion51 wants to merge 27 commits intodemisto:contrib/DorZion51_contrib/dzion-CreateAppSecRulesfrom
Open
Contrib/dzion - create-appsec-rules#42981DorZion51 wants to merge 27 commits intodemisto:contrib/DorZion51_contrib/dzion-CreateAppSecRulesfrom
DorZion51 wants to merge 27 commits intodemisto:contrib/DorZion51_contrib/dzion-CreateAppSecRulesfrom
Conversation
|
|
content-bot
added
Contribution
content-bot
changed the base branch from
master
to
contrib/DorZion51_contrib/dzion-CreateAppSecRules
Contributor
|
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @kamalq97 will know the proposed changes are ready to be reviewed. |
Contributor
|
Hi @DorZion51, thanks for contributing to the XSOAR marketplace. To receive credit for your generous contribution please follow this link. |
Contributor
🤖 AI-Powered Code Review AvailableHi @kamalq97, you can leverage AI-powered code review to assist with this PR! Available Commands:
|
…required , change script to add uniqness to rule name
… contrib/dzion-CreateAppSecRules
…DorZion51/demisto-content into contrib/dzion-CreateAppSecRules
mayyagoldman
requested changes
Mar 16, 2026
| version: -1 | ||
| name: CreateSecretAppsecRule | ||
| display: CAS - Create Secret Appsec Rule | ||
| description: Creates a new Application Security rule in Cortex Platform. An AppSec rule defines the specific criteria and scanners used to detect vulnerabilities or misconfigurations across your application lifecycle. |
Contributor
There was a problem hiding this comment.
Suggested change
| description: Creates a new Application Security rule in Cortex Platform. An AppSec rule defines the specific criteria and scanners used to detect vulnerabilities or misconfigurations across your application lifecycle. | |
| description: Creates a new Secret Application Security rule in Cortex Platform. An AppSec rule defines the specific criteria and scanners used to detect vulnerabilities or misconfigurations across your application lifecycle. |
| version: -1 | ||
| name: CreateIACAppsecRule | ||
| display: CAS - Create Iac Appsec Rule | ||
| description: Creates a new Application Security rule in Cortex Platform. An AppSec rule defines the specific criteria and scanners used to detect vulnerabilities or misconfigurations across your application lifecycle. |
Contributor
There was a problem hiding this comment.
Suggested change
| description: Creates a new Application Security rule in Cortex Platform. An AppSec rule defines the specific criteria and scanners used to detect vulnerabilities or misconfigurations across your application lifecycle. | |
| description: Creates a new IAC Application Security rule in Cortex Platform. An AppSec rule defines the specific criteria and scanners used to detect vulnerabilities or misconfigurations across your application lifecycle. |
| - name: rule_name | ||
| underlyingargname: rule_name | ||
| description: > | ||
| Must be unique if exist generate new one |
Contributor
There was a problem hiding this comment.
Suggested change
| Must be unique if exist generate new one |
| underlyingargname: rule_name | ||
| description: > | ||
| Must be unique if exist generate new one | ||
| A unique name for the AppSec rule following the organization's naming conventions. |
Contributor
There was a problem hiding this comment.
Suggested change
| A unique name for the AppSec rule following the organization's naming conventions. | |
| A unique name for the AppSec rule. |
|
|
||
| else: | ||
| context = res[0]["EntryContext"] | ||
| data = context.get("data") |
Contributor
There was a problem hiding this comment.
Suggested change
| data = context.get("data") | |
| data = context.get("data" , {}) |
| CommandResults( | ||
| outputs_prefix="Appsec.Rule", | ||
| outputs=data, | ||
| readable_output=f"Rules {data}", |
Contributor
There was a problem hiding this comment.
Suggested change
| readable_output=f"Rules {data}", |
…ntrib/dzion-CreateAppSecRules
Co-authored-by: Maya Goldman <94686128+mayyagoldman@users.noreply.github.com>
Co-authored-by: Maya Goldman <94686128+mayyagoldman@users.noreply.github.com>
DorZion51
force-pushed
the
contrib/dzion-CreateAppSecRules
branch
from
bfa5981 to
c67487a
Compare
mayyagoldman
approved these changes
Mar 18, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
https://jira-dc.paloaltonetworks.com/browse/BCE-56629
https://jira-dc.paloaltonetworks.com/browse/CRTX-226145
Description
Requesting module : CAS
Operational Use Case: Enables automated creation of custom Application Security rules to detect secrets (API keys, credentials) and IaC misconfigurations across the application lifecycle, eliminating manual rule creation and ensuring consistent security policy enforcement.
Scope of Contribution:
New Script: CreateAppsecRule – Underlying automation script.
New Action: CreateSecretAppsecRule – For secrets detection rules.
New Action: CreateIACAppsecRule – For Infrastructure-as-Code security rules.
Enhancement Agent: Application Security Agent
Technical Details
API Endpoint: /api/webapp/public_api/appsec/v1/rules **
HTTP Method: POST
Endpoint Docs
Wrapper Command: core-generic-api-call
Inputs/Parameters:
rule_name (required): Unique rule name.
severity (required): CRITICAL, HIGH, MEDIUM, LOW
scanner (required): SECRETS or IAC
category (required): Scanner-specific categories (8 for SECRETS, 9 for IAC)
sub_category (required for IAC): Granular classification
frameworks (required): JSON array with name, definition, remediationDescription
description (optional): Rule description
labels (optional): Comma-separated labels
Outputs:
Appsec.Rule.RULE_NAME: Created rule name
Full rule object in context
Target Supported License:
Valid modules for this action:
agentix
xsiam
cloud_posture
cloud_appsec
Must have
relates: https://jira-dc.paloaltonetworks.com/browse/CIAC-15801