Content Testing | Marketplace

Details
Content
Dependencies
Version History

Supports assessment of upgraded Marketplace content packs against custom content and enables content testing within XSOAR. Dynamically select and test automations, playbooks, and sub-playbooks as required prior to push to production. Create a "UnitTesting" incident type and review the "Help" tab in the layout for description of the tools available and the examples using the testing tools.

Overview

This content pack provides tools for creating automated tests and test cases for XSOAR content and testing within XSOAR. Assessment tools identify potential impacts of an upgrade to a Marketplace content pack, display an XSOAR object's version history when using Save Version, and list automations used in playbooks. Playbook analysis provides average and maximum task duration across a range of incidents as well as task runnging status. Test data is created by pulling incident fields and context from existing incidents, manual updates of individual fields and context keys, and saving data to XSOAR lists for use in testing. Test cases are defined that load appropriate test data and execute automation, playbook, and sub-playbook tests. The UnitTest incident type, UnitTestingLayout layout, and UnitTestingTopLevel playbook provide an example of a content testing environment and use of the testing tools. These objects can be modified as needed for specific testing requirements or guide implementation of a custom content testing environment.

Provide guidance for what tests are required for a change
- Marketplace content pack updates
- Custom content change and release to production
Automated unit and regression testing of XSOAR content
- automations
- commands
- playbooks
- sub-playbooks
Configure incident fields and context for testing
Save incident fields and context for regression testing
Define and save test cases
Adhoc testing of content
Tests are dymanically added to an empty testing playbook
- Testing workplan and war room document testing performed
- Testing results displayed in the incident layout

Getting Started

The quickest way to get started is to create a new incident of the type UnitTesting. From there, execute the assessment tools, review the results in each tab of the incident layout, and from the Content Testing tab, exercise the content testing tools with the mock playbooks and lists.

XSOAR prerequesits are:

XSOAR API Key
Enabled REST API integration instance
Enabled Demisto Lock integration instance

Prior to content testing using the supplied examples, five XSOAR lists must be created:

UnitTestingAutomations
UnitTestingSubplaybooks
UnitTestCase
TestFields
TestContext

Below is example content for each of the three lists.

UnitTestingAutomations:

ip,{"ip":"8.8.8.8", "using":"VirusTotal (API v3)"}
http,{"method":"GET", "url":"https://www.google.com"}

UnitTestingSubplaybooks:

MockSubplaybook,{"input1":"value1", "input2":"value2"}

For the example test case, use the content testing tools to create and save XSOAR lists with incident fields and context. Two XSOAR lists to create are:

TestFields
TestContext

The test case XSOAR list to create for the example:

UnitTestCase:

LoadFields|TestFields
LoadContext|TestContext
Automation|UnitTestingAutomations
Subplaybook|UnitTestingSubplaybooks
Playbook|MockPlaybook

Test Environment Creation

Determine test cases required based on upgraded content packs or updated custom content
Create a new incident of the UnitTesting incident type
From the Content Assessment tab, use the Assessment Actions
- Review the Content Pack Details tab
- Review the Commit History tab for history of XSOAR content local changes (when using dev to prod)
- Review the Playbook Automations tab
Update UnitTestTopLevel playbook or create a testing playbook with section headers where test tasks are assigned
In the UnitTesting incident layout and the Content Testing tab
- In the Execute Tests section add buttons or multi-select fields and configure the script arguments
- For buttons, use the UnitTest automation
- For multi-select fields with an array of playbooks, use the UnitTestMultiSelect automation
- For button automation, the arguments are (see the automation sections for details on each automation):
  - addAfter - task ID in the playbook to add the test task after, usually a section header
  - playbook - specific playbook to launch or allow user to input a comma separated list. Blank if testType is Subplaybook
  - testType - type of test being executed
  - Playbook
  - Subplaybook
  - Multiselect
  - Automation
  - listName - if testType is Subplaybook or Automation, the name of the list to read input from
- For multi-select of playbooks to test, use the UnitTestMultiSelect script
- For a multi-select field parameters
  - Edit the unittestplaybooks field and set the values to playbook names to test
  - See caveat below
Load the incident fields from an existing incident
If needed, load the context from an existing incident
Update individual fields and context keys as needed for specific testing
For regression testing and test cases, save incident fields and context to XSOAR lists

Test Execution

Create a new incident of the UnitTesting incident type (or a custom type)
On the Content Testing tab in the Execute Test section
- For each test, load incident fields and context and as needed
- Execute the content tests using buttons and fields
- Review the Test Results section, Work Plan tab, and War Room tab to verify test results

Test Case Execution

Create and save XSOAR lists with incident fields and context needed for the test case
- Example uses TestFields
- Example uses TestContext
Define the test case in an XSOAR list (example uses UnitTestCase)
The use the two action on the Content Testing tab in the Execute Test Cases section to load the incident fields and context from the test case list and then execute the testing commands
- Prepare Data for Test Case
- Execute Test Case

Testing List Formats

Automation Unit Test List Format

<automation name/command name\>,<JSON command arguments\>

Subplaybook Unit Test List Format

<subplaybook name\>,<JSON subplaybook inputs\>

Test Case List Format

Test cases are defined by content testing commands in an XSOAR list. The following test commands are supported:

LoadFields|<XSOAR list name where test incident fields are saved\>
LoadContext|<XSOAR list name where test context are saved\>
Automation|<XSOAR list name with automation commands and their arguments\>
Subplaybook|<XSOAR list name with subplaybooks and their inputs\>
Playbook|<comma separated list of playbook names\>

Caveats

The multi-select option has a hard coded task number of where to add test tasks in the top level testing playbook. If creating a custom testing playbook, modify the MULTISELECT constant in the UnitTestMultiSelect automation to match your playbook
If custom fields exist required for testing but not added to all incident types, add them to the UnitTesting incident type, or any custom testing incident type created
Playbooks do not return errors: the "true/false" test results displayed indicate the playbook was was successfully added and executed to the top level testing playbook. Review the testing incident's war room and work plan to assess actual results of the playbook and playbook tasks

Content Testing Objects Included in the Content Pack

Playbook

UnitTestTopLevel
MockPlaybook
MockSubplaybook

Incident Type

UnitTesting

Incident Layout

UnitTestLayout

Incident Fields

contenttestingcontentautomations
contenttestingcontentdetails
contenttestingcontentimpacts
contenttestingcommithistory
contenttestingcoverage
contenttestingpbainfo
contenttestingdependencies
contenttestingunittestresults
contenttestingunittestplaybooks

Assessment Automations

ChangeHistory
ListPlaybookAutomationsCommands
UpgradeCheck

Content Testing Automations

UnitTest
UnitTestCase
UnitTestCasePrep
UnitTestCoverage
UnitTestLoadContext
UnitTestLoadContextList
UnitTestLoadFields
UnitTestLoadFieldsList
UnitTestMultiSelect
UnitTestResults
UnitTestSaveContextList
UnitTestSaveFieldsList
UnitTestSetField
UnitTestSubplaybookPrep

Playbook Analysis Automations

UnitTestPBAStats
UnitTestPBATaskAvg
UnitTestPBATaskMax
UnitTestPlaybookAnalyzer

Assessment Automations

UpgradeCheck

This automation looks at Marketplace content packs requiring updates and assesses impacts on existing custom content. The assessment results are stored in a field (contenttestingcontentimpacts) and displayed in a tab of in the testing incident's layout. Upgraded content pack details are summarized in another field (contenttestingcontentdetails) and displayed in a tab for copying to test documentation.

Inputs

None

Outputs

None

ChangeHistory

This automation searchs for the version history of all current local changes in XSOAR when using dev to prod and a remote repository. The version history is stored in a field (contenttestingcommithistory) and displayed in a tab of in the testing incident's layout. Version history is created when an XSOAR object such as a playbook is saved using the Save Version button.

Inputs

None

Outputs

None

ListPlaybookAutomationsCommand

This automation searches playbooks for automation or integration commands used by a playbook and stores them in a field (contenttestingcontentautomations) for display in the testing incident layout. This assists identifying playbooks and automations requiring testing as part of a change to XSOAR content.

Inputs

None

Outputs

None

Content Testing Automations

UnitTest

This automation runs each type of test, dynamically adds tasks to the testing playbook, and displays the results in the testing incident's layout.

Inputs

Argument Name	Description
playbook	Playbook to execute, blank if testType is Subplaybook or Automation
addAfter	Playbook task (typically a playbook section header) numeric ID to add this testing task after
testType	Type of test to run: Playbook, Subplaybook, Automation, Multiselect
listName	XSOAR list name to read sub-playbooks or automations and their inputs or arguments from. Blank if testType is Playbook or Multiselect

Outputs

None

UnitTestCoverage

Looks at all the content tests that have been executed using the specified playbook and whether each executable (regular, conditional, sub-playbook, and data collection) task was executed. Places Markdown formatted results in the contenttestingcoverage field for display in the incident layout.

Inputs

Argument Name	Description
playbook	Name of the playbook to assess test coverage

Outputs

None

UnitTestResults

This automation displays the results in the testing incident layout and must be executed within a Demisto lock to avoid concurrent updates the the test results grid field. It is invoked by UnitTest.

Inputs

Argument Name	Description
cmds	Array of automation or command names or playbook names executed
tasks	Array of tasks names, created for each testing task
gridfield	The grid incident field to store test results in (contenttestingunittestresults)
status	Array of result of the command (true, false)

Outputs

UnitTestLoadContext

This automation loads context from an existing incident into the current testing incident.

Inputs

Argument Name	Description
id	Incident numeric ID to load context from

Outputs

None

UnitTestSaveContextList

This automation saves context from the current testing incident to an XSOAR list.

Inputs

Argument Name	Description
list	XSOAR list name to save context to

Outputs

None

UnitTestLoadContextList

This automation loads context from an XSOAR list into the current testing incident.

Inputs

Argument Name	Description
list	XSOAR list name to load context from

Outputs

None

UnitTestLoadFields

This automation loads incident fields from an existing incident into the current testing incident.

Inputs

Argument Name	Description
id	Incident numeric ID to load incident fields from

Outputs

None

UnitTestSaveFieldsList

This automation saves incident fields from the current testing incident to an XSOAR list.

Inputs

Argument Name	Description
list	XSOAR list name to save incident fields to

Outputs

None

UnitTestLoadFieldsList

This automation loads incident fields from an XSOAR list into the current testing incident.

Inputs

Argument Name	Description
list	XSOAR list name to load incident fields from

Outputs

None

UnitTestSetField

This automation sets an incident field value in the current testing incident.

Inputs

Argument Name	Description
field	Incident field name to set
value	Value to set incident field to

Outputs

None

UnitTestMultiSelect

This automation is used if a set of playbooks are provided in a multi-select incident field. The selected playbooks are passed to the UnitTest automation. UnitTestMultiSelect hard codes the testing playbook task numeric ID to add these tasks after and assumes the TopLevelUnitTesting playbook is used. If using another testing playbook, edit the MULTISELECT constant in this automation to specify the task location to add the playbook testing task.

Inputs

Argument Name	Description
new	Playbook names selected from the array in the field

Outputs

None

UnitTestSubplaybookPrep

This automation loads context providing sub-playbook inputs. The sub-playbook testing list used is the same as used by UnitTesting. Context must be preloaded since caching of context updates does not occur until an automation exits. This automation must execute prior to UnitTesting executing against the "Subplaybook" type of test that requires playbook inputs.

Inputs

Argument Name	Description
listName	XSOAR list name to read subplaybook context inputs from

Outputs

None

UnitTestCase

This automation is used to execute a test case defined in an XSOAR list.

Inputs

Argument Name	Description
testName	Test case name (not used)
listName	XSOAR list name to read test case from
addAfter	Playbook task numeric ID to add this testing task after

Outputs

None

UnitTestCasePrep

These automation loads context and incident fields defined in a test case XSOAR list to configure it for the test case. Context must be preloaded since caching of context updates does not occur until an automation exits - this automation must execute prior to executing UnitTestCase.

Inputs

Argument Name	Description
testName	Test case name (not used)
listName	XSOAR list name to read test case from

Outputs

None

UnitTestLoadContext

This automation loads context from an existing incident into the current testing incident.

Inputs

Argument Name	Description
id	Incident numeric ID to load context from

Outputs

None

Playbook Analyzer Automations

UnitTestPlaybook Analyzer

Analyzes playbook dependencies on automations and sub-playbooks as well as tasks execution metrics over a set of selected incidents. Generates minumum, average, and maximum execution times for each task in the specified playbook. Execution statistics are stored in the PlaybookStatistics context key for display in the layout. Content dependencies are stored in the contenttestingdependencies field and task execution information is stored contenttestingpbainfo field for display in the layout.

Inputs

Argument Name	Description
playbook	Name of the playbook to analyze
occurred	Incident occurrance time and include in the analysis

Outputs

None

UnitTestPBAStats

General dynamic section script that creates and displays a bar widget that shows the task status (running, executed, not started, waiting, and error) counts for tasks from the data in the PlaybookStatistics context key.

Inputs

None

Outputs

None

UnitTestPBATaskAvg

General dynamic section script that creates and displays a pie widget of the average task durations for each task in the playbook based on the data in the PlaybookStatistics context key.

Inputs

None

Outputs

None

UnitTestPBATaskMax

General dynamic section script that creates and displays a pie widget of the maximum task durations for each task in the playbook based on the data in the PlaybookStatistics context key.

Inputs

None

Outputs

None

Overview

Provide guidance for what tests are required for a change
- Marketplace content pack updates
- Custom content change and release to production
Automated unit and regression testing of XSOAR content
- automations
- commands
- playbooks
- sub-playbooks
Configure incident fields and context for testing
Save incident fields and context for regression testing
Define and save test cases
Adhoc testing of content
Tests are dymanically added to an empty testing playbook
- Testing workplan and war room document testing performed
- Testing results displayed in the incident layout

Getting Started

XSOAR prerequesits are:

XSOAR API Key
Enabled REST API integration instance
Enabled Demisto Lock integration instance

Prior to content testing using the supplied examples, five XSOAR lists must be created:

UnitTestingAutomations
UnitTestingSubplaybooks
UnitTestCase
TestFields
TestContext

Below is example content for each of the three lists.

UnitTestingAutomations:

ip,{"ip":"8.8.8.8", "using":"VirusTotal (API v3)"}
http,{"method":"GET", "url":"https://www.google.com"}

UnitTestingSubplaybooks:

MockSubplaybook,{"input1":"value1", "input2":"value2"}

For the example test case, use the content testing tools to create and save XSOAR lists with incident fields and context. Two XSOAR lists to create are:

TestFields
TestContext

The test case XSOAR list to create for the example:

UnitTestCase:

LoadFields|TestFields
LoadContext|TestContext
Automation|UnitTestingAutomations
Subplaybook|UnitTestingSubplaybooks
Playbook|MockPlaybook

Test Environment Creation

Determine test cases required based on upgraded content packs or updated custom content
Create a new incident of the UnitTesting incident type
From the Content Assessment tab, use the Assessment Actions
- Review the Content Pack Details tab
- Review the Commit History tab for history of XSOAR content local changes (when using dev to prod)
- Review the Playbook Automations tab
Update UnitTestTopLevel playbook or create a testing playbook with section headers where test tasks are assigned
In the UnitTesting incident layout and the Content Testing tab
- In the Execute Tests section add buttons or multi-select fields and configure the script arguments
- For buttons, use the UnitTest automation
- For multi-select fields with an array of playbooks, use the UnitTestMultiSelect automation
- For button automation, the arguments are (see the automation sections for details on each automation):
  - addAfter - task ID in the playbook to add the test task after, usually a section header
  - playbook - specific playbook to launch or allow user to input a comma separated list. Blank if testType is Subplaybook
  - testType - type of test being executed
  - Playbook
  - Subplaybook
  - Multiselect
  - Automation
  - listName - if testType is Subplaybook or Automation, the name of the list to read input from
- For multi-select of playbooks to test, use the UnitTestMultiSelect script
- For a multi-select field parameters
  - Edit the unittestplaybooks field and set the values to playbook names to test
  - See caveat below
Load the incident fields from an existing incident
If needed, load the context from an existing incident
Update individual fields and context keys as needed for specific testing
For regression testing and test cases, save incident fields and context to XSOAR lists

Test Execution

Create a new incident of the UnitTesting incident type (or a custom type)
On the Content Testing tab in the Execute Test section
- For each test, load incident fields and context and as needed
- Execute the content tests using buttons and fields
- Review the Test Results section, Work Plan tab, and War Room tab to verify test results

Test Case Execution

Create and save XSOAR lists with incident fields and context needed for the test case
- Example uses TestFields
- Example uses TestContext
Define the test case in an XSOAR list (example uses UnitTestCase)
The use the two action on the Content Testing tab in the Execute Test Cases section to load the incident fields and context from the test case list and then execute the testing commands
- Prepare Data for Test Case
- Execute Test Case

Testing List Formats

Automation Unit Test List Format

<automation name/command name\>,<JSON command arguments\>

Subplaybook Unit Test List Format

<subplaybook name\>,<JSON subplaybook inputs\>

Test Case List Format

Test cases are defined by content testing commands in an XSOAR list. The following test commands are supported:

LoadFields|<XSOAR list name where test incident fields are saved\>
LoadContext|<XSOAR list name where test context are saved\>
Automation|<XSOAR list name with automation commands and their arguments\>
Subplaybook|<XSOAR list name with subplaybooks and their inputs\>
Playbook|<comma separated list of playbook names\>

Caveats

The multi-select option has a hard coded task number of where to add test tasks in the top level testing playbook. If creating a custom testing playbook, modify the MULTISELECT constant in the UnitTestMultiSelect automation to match your playbook
If custom fields exist required for testing but not added to all incident types, add them to the UnitTesting incident type, or any custom testing incident type created
Playbooks do not return errors: the "true/false" test results displayed indicate the playbook was was successfully added and executed to the top level testing playbook. Review the testing incident's war room and work plan to assess actual results of the playbook and playbook tasks

Content Testing Objects Included in the Content Pack

Playbook

UnitTestTopLevel
MockPlaybook
MockSubplaybook

Incident Type

UnitTesting

Incident Layout

UnitTestLayout

Incident Fields

contenttestingcontentautomations
contenttestingcontentdetails
contenttestingcontentimpacts
contenttestingcommithistory
contenttestingcoverage
contenttestingpbainfo
contenttestingdependencies
contenttestingunittestresults
contenttestingunittestplaybooks

Assessment Automations

ChangeHistory
ListPlaybookAutomationsCommands
UpgradeCheck

Content Testing Automations

UnitTest
UnitTestCase
UnitTestCasePrep
UnitTestCoverage
UnitTestLoadContext
UnitTestLoadContextList
UnitTestLoadFields
UnitTestLoadFieldsList
UnitTestMultiSelect
UnitTestResults
UnitTestSaveContextList
UnitTestSaveFieldsList
UnitTestSetField
UnitTestSubplaybookPrep

Playbook Analysis Automations

UnitTestPBAStats
UnitTestPBATaskAvg
UnitTestPBATaskMax
UnitTestPlaybookAnalyzer

Assessment Automations

UpgradeCheck

Inputs

None

Outputs

None

ChangeHistory

Inputs

None

Outputs

None

ListPlaybookAutomationsCommand

Inputs

None

Outputs

None

Content Testing Automations

UnitTest

This automation runs each type of test, dynamically adds tasks to the testing playbook, and displays the results in the testing incident's layout.

Inputs

Argument Name	Description
playbook	Playbook to execute, blank if testType is Subplaybook or Automation
addAfter	Playbook task (typically a playbook section header) numeric ID to add this testing task after
testType	Type of test to run: Playbook, Subplaybook, Automation, Multiselect
listName	XSOAR list name to read sub-playbooks or automations and their inputs or arguments from. Blank if testType is Playbook or Multiselect

Outputs

None

UnitTestCoverage

Inputs

Argument Name	Description
playbook	Name of the playbook to assess test coverage

Outputs

None

UnitTestResults

Inputs

Argument Name	Description
cmds	Array of automation or command names or playbook names executed
tasks	Array of tasks names, created for each testing task
gridfield	The grid incident field to store test results in (contenttestingunittestresults)
status	Array of result of the command (true, false)

Outputs

UnitTestLoadContext

This automation loads context from an existing incident into the current testing incident.

Inputs

Argument Name	Description
id	Incident numeric ID to load context from

Outputs

None

UnitTestSaveContextList

This automation saves context from the current testing incident to an XSOAR list.

Inputs

Argument Name	Description
list	XSOAR list name to save context to

Outputs

None

UnitTestLoadContextList

This automation loads context from an XSOAR list into the current testing incident.

Inputs

Argument Name	Description
list	XSOAR list name to load context from

Outputs

None

UnitTestLoadFields

This automation loads incident fields from an existing incident into the current testing incident.

Inputs

Argument Name	Description
id	Incident numeric ID to load incident fields from

Outputs

None

UnitTestSaveFieldsList

This automation saves incident fields from the current testing incident to an XSOAR list.

Inputs

Argument Name	Description
list	XSOAR list name to save incident fields to

Outputs

None

UnitTestLoadFieldsList

This automation loads incident fields from an XSOAR list into the current testing incident.

Inputs

Argument Name	Description
list	XSOAR list name to load incident fields from

Outputs

None

UnitTestSetField

This automation sets an incident field value in the current testing incident.

Inputs

Argument Name	Description
field	Incident field name to set
value	Value to set incident field to

Outputs

None

UnitTestMultiSelect

Inputs

Argument Name	Description
new	Playbook names selected from the array in the field

Outputs

None

UnitTestSubplaybookPrep

Inputs

Argument Name	Description
listName	XSOAR list name to read subplaybook context inputs from

Outputs

None

UnitTestCase

This automation is used to execute a test case defined in an XSOAR list.

Inputs

Argument Name	Description
testName	Test case name (not used)
listName	XSOAR list name to read test case from
addAfter	Playbook task numeric ID to add this testing task after

Outputs

None

UnitTestCasePrep

Inputs

Argument Name	Description
testName	Test case name (not used)
listName	XSOAR list name to read test case from

Outputs

None

UnitTestLoadContext

This automation loads context from an existing incident into the current testing incident.

Inputs

Argument Name	Description
id	Incident numeric ID to load context from

Outputs

None

Playbook Analyzer Automations

UnitTestPlaybook Analyzer

Inputs

Argument Name	Description
playbook	Name of the playbook to analyze
occurred	Incident occurrance time and include in the analysis

Outputs

None

UnitTestPBAStats

Inputs

None

Outputs

None

UnitTestPBATaskAvg

General dynamic section script that creates and displays a pie widget of the average task durations for each task in the playbook based on the data in the PlaybookStatistics context key.

Inputs

None

Outputs

None

UnitTestPBATaskMax

General dynamic section script that creates and displays a pie widget of the maximum task durations for each task in the playbook based on the data in the PlaybookStatistics context key.

Inputs

None

Outputs

None

Automations

Name	Description
ContentDependencies	Searches a set of playbooks, or all playbooks if no playbook query is provided, and identifies all dependencies between playbooks and automations and outputs either CSV or markdown. WARNING: Should be run on DEV since it may consume 100% CPU for 10 or more minutes if all playbooks are searched. This automation should be run in dev environments. It will consume 100% CPU for 10 minutes or more - depending on the amount of playbook and automation content. It is set to timeout at 15 minutes in Advanced settings. This may need to be increased if content amount is large. It only parses python scripts to see if additional automations/commands are invoked via demisto.executeCommand or execute_command. Javascript automations are not parsed. Command names passed in a variable to demisto.executeCommand or execute_command are not reported. If a python automation fails to parse, an error is reported in the war room: any automations it calls are not reported. Integration commands and builtins are not parsed.
UnitTest	Provides for automated testing of automations, playbooks, and sub-playbooks.
UnitTestSubplaybookPrep
UnitTestSetField
UnitTestPBATaskMax
UpgradeCheck	Check content pack upgrade impacts and display changes. Packs argument is comma separated list of content pack names, or blank for all content packs to assess.
UnitTestLoadFieldsList
UnitTestSaveFieldsList
UnitTestMultiSelect
UnitTestLoadContextList
UnitTestCase
UnitTestPlaybookAnalyzer	Profiles execution time of tasks in a playbook or sub-playbook (if specified). Provides minimum, maximum, and average task execution times in milliseconds as well as the state of each task: completed, error, notexecuted, started, and waiting.
UnitTestPBAStats	Playbook statistics.
UnitTestLoadContext
ListPlaybookAutomationsCommands	Check Upgrade and Display Changes.
UnitTestSaveContextList
UnitTestResults
UnitTestPBATaskAvg
ChangeHistory
UnitTestCasePrep
UnitTestCoverage	Assesses the tasks executed in a playbook during the content testing process.
UnitTestLoadFields

Incident Fields

Name	Description
Content Testing Content Details
Content Testing Coverage
Content Testing Content Automations
Content Testing Unit Test Help
Content Testing Dependencies
Content Testing Commit History
Content Testing Unit Test Playbooks
Content Testing Content Impacts
Content Testing PBA Info
Content Testing UnitTestResults

Incident Types

Name	Description
UnitTesting

Layouts

Name	Description
UnitTestLayout

Playbooks

Name	Description
MockSubplaybook
UnitTestTopLevel
MockPlaybook

Automations

Name	Description
UnitTestPlaybookAnalyzer	Profiles execution time of tasks in a playbook or sub-playbook (if specified). Provides minimum, maximum, and average task execution times in milliseconds as well as the state of each task: completed, error, notexecuted, started, and waiting.
UnitTestPBATaskAvg
UnitTestLoadContextList
ListPlaybookAutomationsCommands	Check Upgrade and Display Changes.
UnitTestCase
UnitTestLoadFields
UnitTestCoverage	Assesses the tasks executed in a playbook during the content testing process.
UnitTestSaveFieldsList
UnitTestSubplaybookPrep
UnitTestPBATaskMax
UnitTestPBAStats	Playbook statistics.
UnitTestMultiSelect
UnitTestLoadFieldsList
ContentDependencies	Searches a set of playbooks, or all playbooks if no playbook query is provided, and identifies all dependencies between playbooks and automations and outputs either CSV or markdown. WARNING: Should be run on DEV since it may consume 100% CPU for 10 or more minutes if all playbooks are searched. This automation should be run in dev environments. It will consume 100% CPU for 10 minutes or more - depending on the amount of playbook and automation content. It is set to timeout at 15 minutes in Advanced settings. This may need to be increased if content amount is large. It only parses python scripts to see if additional automations/commands are invoked via demisto.executeCommand or execute_command. Javascript automations are not parsed. Command names passed in a variable to demisto.executeCommand or execute_command are not reported. If a python automation fails to parse, an error is reported in the war room: any automations it calls are not reported. Integration commands and builtins are not parsed.
UnitTestCasePrep
ChangeHistory
UnitTestSaveContextList
UpgradeCheck	Check content pack upgrade impacts and display changes. Packs argument is comma separated list of content pack names, or blank for all content packs to assess.
UnitTestSetField
UnitTestResults
UnitTestLoadContext
UnitTest	Provides for automated testing of automations, playbooks, and sub-playbooks.

Incident Fields

Name	Description
Content Testing UnitTestResults
Content Testing PBA Info
Content Testing Commit History
Content Testing Content Automations
Content Testing Content Impacts
Content Testing Unit Test Playbooks
Content Testing Dependencies
Content Testing Content Details
Content Testing Coverage
Content Testing Unit Test Help

Incident Types

Name	Description
UnitTesting

Playbooks

Name	Description
MockSubplaybook
UnitTestTopLevel
MockPlaybook

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Cortex Lock	By: Cortex XSOAR

All level dependencies (3)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

2.1.2 - 7216131 (December 20, 2023)

Scripts

UnitTestPlaybookAnalyzer

Deprecated the demisto-api-* commands and replaced with the core-api-* commands. (Commands are identical, no effect is expected.)
Updated the Docker image to: demisto/python3:3.10.13.83255.

UnitTestCoverage

Deprecated the demisto-api-* commands and replaced with the core-api-* commands. (Commands are identical, no effect is expected.)
Updated the Docker image to: demisto/python3:3.10.13.83255.

UnitTestSaveContextList

Deprecated the demisto-api-* commands and replaced with the core-api-* commands. (Commands are identical, no effect is expected.)
Updated the Docker image to: demisto/python3:3.10.13.83255.

ContentDependencies

Deprecated the demisto-api-* commands and replaced with the core-api-* commands. (Commands are identical, no effect is expected.)
Updated the Docker image to: demisto/python3:3.10.13.83255.

ListPlaybookAutomationsCommands

Deprecated the demisto-api-* commands and replaced with the core-api-* commands. (Commands are identical, no effect is expected.)
Updated the Docker image to: demisto/python3:3.10.13.83255.

UnitTest

Deprecated the demisto-api-* commands and replaced with the core-api-* commands. (Commands are identical, no effect is expected.)
Updated the Docker image to: demisto/python3:3.10.13.83255.

UpgradeCheck

Deprecated the demisto-api-* commands and replaced with the core-api-* commands. (Commands are identical, no effect is expected.)
Updated the Docker image to: demisto/python3:3.10.13.83255.

ChangeHistory

Deprecated the demisto-api-* commands and replaced with the core-api-* commands. (Commands are identical, no effect is expected.)
Updated the Docker image to: demisto/python3:3.10.13.83255.

UnitTestSaveFieldsList

Deprecated the demisto-api-* commands and replaced with the core-api-* commands. (Commands are identical, no effect is expected.)
Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31388

Download

2.1.1 - 6259960 (September 7, 2023)

Layouts

UnitTestLayout
Improved layout by changing query references to script names from script IDs, for: Task Avg, Task Max, and Task Stats sections.

Related pull requests:
- 29520
- 29516

Download

2.1.0 - 6200580 (August 31, 2023)

Incident Fields

Content Testing Unit Test Playbooks

Layouts

UnitTestLayout
Improved layout by replacing script IDs with script names.

Scripts

UnitTestPBATaskMax

Updated the Docker image to: demisto/python3:3.10.13.72123.

UnitTest

Updated the Docker image to: demisto/python3:3.10.13.72123.

UnitTestSaveFieldsList

Updated the Docker image to: demisto/python3:3.10.13.72123.

UnitTestSetField

Updated the Docker image to: demisto/python3:3.10.13.72123.

UnitTestLoadContext

Updated the Docker image to: demisto/python3:3.10.13.72123.

UnitTestSubplaybookPrep

Updated the Docker image to: demisto/python3:3.10.13.72123.

UnitTestSaveContextList

Updated the Docker image to: demisto/python3:3.10.13.72123.

UnitTestLoadContextList

Updated the Docker image to: demisto/python3:3.10.13.72123.

ChangeHistory

Updated the Docker image to: demisto/python3:3.10.13.72123.

UnitTestCoverage

Updated the Docker image to: demisto/python3:3.10.13.72123.

UnitTestPBAStats

Updated the Docker image to: demisto/python3:3.10.13.72123.

UnitTestLoadFields

Updated the Docker image to: demisto/python3:3.10.13.72123.

UnitTestPBATaskAvg

Updated the Docker image to: demisto/python3:3.10.13.72123.

UpgradeCheck

Updated the Docker image to: demisto/python3:3.10.13.72123.

UnitTestMultiSelect

Updated the Docker image to: demisto/python3:3.10.13.72123.

UnitTestPlaybookAnalyzer

Updated the Docker image to: demisto/python3:3.10.13.72123.

UnitTestLoadFieldsList

Updated the Docker image to: demisto/python3:3.10.13.72123.

UnitTestCase

Updated the Docker image to: demisto/python3:3.10.13.72123.

ContentDependencies

Updated the Docker image to: demisto/python3:3.10.13.72123.

UnitTestCasePrep

Updated the Docker image to: demisto/python3:3.10.13.72123.

Related pull requests:
- 29308
- 28959

Download

2.0.0 - 6010750 (August 10, 2023)

Layouts

UnitTestLayout
Updated section name to 'Analysis Summary'
Updated button arguments to support new features in automations

Scripts

UnitTestSubplaybookPrep

Updated the Docker image to: demisto/python3:3.10.12.68300.

UnitTestSaveContextList

Updated the Docker image to: demisto/python3:3.10.12.68300.

UpgradeCheck

Added a Packs argument to the script to determine the list of packs that should be analyzed.
Updated the Docker image to: demisto/python3:3.10.12.68300.

UnitTestLoadFieldsList

Updated the Docker image to: demisto/python3:3.10.12.68300.

UnitTestCasePrep

Updated the Docker image to: demisto/python3:3.10.12.68300.

UnitTestLoadFields

Updated the Docker image to: demisto/python3:3.10.12.68300.

UnitTestSetField

Updated the Docker image to: demisto/python3:3.10.12.68300.

UnitTestMultiSelect

Updated the Docker image to: demisto/python3:3.10.12.68300.

UnitTest

Updated the Docker image to: demisto/python3:3.10.12.68300.

UnitTestLoadContext

Updated the Docker image to: demisto/python3:3.10.12.68300.

New: ContentDependencies

Provides playbook to sub-playbook, playbook to automation, automation to automation dependencies
Can select Markdown and incident field for results output
Can select CSV and file for results output
Searches a set of playbooks, or all playbooks if no playbook query is provided, and identifies all dependencies between playbooks and automations and outputs either CSV or markdown. WARNING: Should be run on DEV since it may consume 100% CPU for 10 or more minutes if all playbooks are searched. It is set to timeout at 15 minutes in Advanced settings. This may need to be increased if content amount is large
Parses python scripts for additional automations/commands are invoked via demisto.executeCommand or execute_command. Javascript automations are not parsed. Command names passed in a variable to demisto.executeCommand or execute_command are not reported. If a python automation fails to parse, an error is reported in the war room: any automations it calls are not reported
Integration commands and builtins are not parsed

ChangeHistory

Updated the Docker image to: demisto/python3:3.10.12.68300.</li>

UnitTestPBATaskMax

Code lint fixes.
Updated the Docker image to: demisto/python3:3.10.12.68300.

UnitTestLoadContextList

Updated the Docker image to: demisto/python3:3.10.12.68300.

UnitTestPlaybookAnalyzer

Added support for sub-playbook selection for the analysis
Added support for time range specification
Added support for maximum count of incidents
Simplified summary output since dependencies now handled in ContentDependencies
Updated the Docker image to: demisto/python3:3.10.12.68300.

UnitTestCoverage

Code lint fixes.
Updated the Docker image to: demisto/python3:3.10.12.68300.

UnitTestPBATaskAvg

Code lint fixes.
Updated the Docker image to: demisto/python3:3.10.12.68300.

UnitTestSaveFieldsList

Updated the Docker image to: demisto/python3:3.10.12.68300.

UnitTestCase

Updated the Docker image to: demisto/python3:3.10.12.68300.

UnitTestPBAStats

Code lint fixes.
Updated the Docker image to: demisto/python3:3.10.12.68300.

ListPlaybookAutomationsCommands

Updated the Docker image to: demisto/python3:3.10.12.68300.

UnitTestResults

Updated the Docker image to: demisto/python3:3.10.12.68300.
##### Breaking Change:
- The "occurred" argument has been replaced by the time range arguments
- The following parameters in UnitTestPlaybookAnalyzer are required now:
- playbook.
- firstday.
- lastday.

Related pull requests:
- 28537
- 28869

Download

1.1.3 - 5801668 (July 18, 2023)

Scripts

UnitTestMultiSelect

Updated the Docker image to: demisto/python3:3.10.12.63474.

UnitTestSaveContextList

Updated the Docker image to: demisto/python3:3.10.12.63474.

UnitTestCasePrep

Updated the Docker image to: demisto/python3:3.10.12.63474.

UnitTestLoadContextList

Updated the Docker image to: demisto/python3:3.10.12.63474.

UnitTestLoadContext

Updated the Docker image to: demisto/python3:3.10.12.63474.

UnitTestSetField

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 28251

Download

1.1.2 - R5692327 (July 5, 2023)

Scripts

UnitTest

Documentation and metadata improvements
Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 26988
- 26088

Download

1.1.1 - R5170573 (May 2, 2023)

Scripts

UpgradeCheck

Fixed issue to handle when a playbook referenced a sub-playbook or automation that was not installed
Updated the Docker image to: demisto/python3:3.10.10.49934.

Related pull requests:
- 25313
- 25319

Download

1.1.0 - R4718798 (March 1, 2023)

Incident Fields

Content Testing Dependencies
Content Testing Coverage
Content Testing PBA Info

Incident Types

UnitTesting

Layouts

UnitTestLayout
Added support for PBA tab.
Added support for Test Coverage button.
Added support for Test Coverage section for results.

Playbooks

MockSubplaybook

Updated the sub-playbook inputs.

Scripts

New: UnitTestPBAStats

Added support for playbook analysis statistics.

New: UnitTestCoverage

Added support for test coverage (Available from Cortex XSOAR 6.5.0).

New: UnitTestPBATaskMax

Added support for playbook task maximum.

New: UnitTestPlaybookAnalyzer

Added support for playbook analysis (Available from Cortex XSOAR 6.5.0).

New: UnitTestPBATaskAvg

Added support for playbook task averages

ChangeHistory

Updated the timeout to 600 seconds.
Updated the Docker image to: demisto/python3:3.10.10.48392.

UnitTest

Fixed an issue so playbooks with spaces in name do not require quotes in Ad Hoc Test button.
Fixed an issue in RunUTResults() to get arguments first in the event getting the automation ID throws an exception, uninitialized variable in the exception handler throws another exception, masking the original exception.
Updated the Docker image to: demisto/python3:3.10.10.48392.

UnitTestLoadFields

Fixed an issue to not overwrite incident type.
Updated the Docker image to: demisto/python3:3.10.10.48392.

UpgradeCheck

Updated the timeout to 1200 seconds.
Updated the Docker image to: demisto/python3:3.10.10.48392.

ListPlaybookAutomationsCommands

Fixed an issue for playbooks referencing missing automations.
Updated the timeout to 600 seconds.
Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24541
- 24776
- 24612
- 24617
- 24619
- 24618
- 24607
- 24616
- 24532
- 24617
- 24619
- 24618
- 24607
- 24616
- 24624
- 24561
- 24577
- 24474
- 24625
- 24471
- 24522
- 24511
- 24530
- 24523
- 24497
- 24546
- 24545
- 24544
- 24520
- 24308
- 24525
- 24493
- 24552
- 24475
- 24516
- 24551
- 24416
- 24347
- 24509
- 24550
- 24558
- 24102
- 24531
- 24480
- 24494
- 24439
- 24476
- 24510
- 24570
- 24571
- 23839
- 24478
- 23481
- 22589
- 24573
- 24339
- 24574
- 24567
- 24569
- 24348
- 24578
- 24298
- 24582
- 24539
- 24580
- 24440
- 24585
- 24515
- 24560
- 24547
- 24301
- 24261
- 24424
- 22241
- 24518
- 24486
- 24590
- 24420
- 24225
- 24300
- 24599
- 24584
- 24488
- 23665
- 24575
- 24490
- 24168
- 24586
- 24606
- 24600
- 24609
- 24591
- 24611
- 24612
- 24617
- 24619
- 24618
- 24607
- 24616
- 24532
- 24617
- 24619
- 24618
- 24607
- 24616
- 24624
- 24561
- 24577
- 24474
- 24625
- 24595
- 24521
- 24581
- 24638
- 24562
- 24646
- 24647
- 24648
- 24649
- 24640
- 24650
- 24653
- 24659
- 24654
- 24645
- 24655
- 24651

Download

1.0.1 - R4646022 (February 19, 2023)

Layouts

UnitTestLayout
This item is no longer supported in XSIAM.

Related pull requests:
- 24223

Download

1.0.0 - 4506096 (January 19, 2023)

Download

PUBLISHER

rurhrlaub

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Supported By	Community
Created	January 19, 2023
Last Release	December 20, 2023

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.