Overview
With this feature, you can synchronize the content in a Custom Repository with a dedicated project in SOC Prime's on-prem GitLab instance:
Push updates from a Custom Repository to the GitLab project
Pull updates from the GitLab project to a Custom Repository
Prerequisites
Ensure the following:
Your Threat Detection Marketplace subscription plan includes:
GitLab CI/CD
At least one user seat with a Manager role
The Manager has selected users who can have GitLab access
Here's how the Manager can choose users who have access to the GitLab CI/CD feature:
Ensure you have a Manager role.
Go to the Team Management page.
Choose a user and click the three dots icon on the right.
Select the Give GitLab Access option.
You can view who was granted the access in the GitLab Access column:
On β the user has GitLab access
Off β the user does not have GitLab access
If you've reached the limit on the number of users who can have GitLab access, you can revoke another user's access (with the Revoke GitLab Access option in the three-dot menu) and provide it to the selected user.
Set up a Custom Repository
Note: The settings described here are only available to users who have GitLab access enabled by their team's manager.
Go to the Repositories page and:
Click Add Repository to create a new Custom Repository that will be synchronized with GitLab
or
Click the Edit icon of an existing Custom Repository to synchronize it with GitLab
In the settings menu, go to the GitLab Synchronization section.
Set the Synchronize content with your GitLab? parameter to Yes.
By default, synchronization is performed on demand. Optionally, you can enable the Sync with GitLab automatically switch to have your updates synchronized automatically each 3 minutes.
Optionally, enable the OpenTide Integration switch if you want the custom repository to be dedicated to OpenTide. Read more.
Click the Apply button.
If this is the first time you use this feature, check your inbox for emails from SOC Prime GitLab and follow these steps:
Open the Confirmation instructions email and confirm the GitLab account created for you.
Open the Account was created for you email and set your password.
Once synchronization is enabled for the first Custom Repository of your organization, a dedicated project is created for your organization in the SOC Prime GitLab instance. Each Custom Repository is represented by a separate branch in that project. You can always navigate to this branch from the Repositories page by clicking the link in the GitLab Sync column for the corresponding Custom Repository.
Note: all users from your team who were granted GitLab access by your Manager can access all branches in your organization's dedicated project on GitLab.
Synchronize Content Updates
Manually (On Demand)
Note:
To make sync updates manually (on demand), the Sync with GitLab automatically switch has to be disabled in the Custom Repository settings.
The check for updates both on Threat Detection Marketplace and on GitLab takes place every 3 minutes. This way, you can monitor and sync content updates:
If the Ready to Push icon is green, it means that there are updates in Threat Detection Marketplace. You can push Threat Detection Marketplace updates to GitLab using the Push to GitLab option in the three dots menu of the Custom Repository.
Once you click Push to GitLab:
Your updates are pushed to GitLab as a commit to the branch corresponding to the Custom Repository in Threat Detection Marketplace
The Ready to Push icon turns grey again
If the Ready to Pull icon is blue, it means that there are updated in GitLab. You can pull GitLab updates to Threat Detection Marketplace using the Pull from GitLab option in the three dots menu of the Custom Repository.
Once you click Pull from GitLab:
Your GitLab updates are pulled to the corresponding Custom Repository in Threat Detection Marketplace
The Ready to Pull icon turns grey again
If the Ready to Push icon is green and the Ready to Pull icon is blue, it means that there are updates both in Threat Detection Marketplace and in GitLab. In this case, you can:
Pull GitLab updates to Threat Detection Marketplace using the Pull from GitLab option in the three dots menu of the Custom Repository (Threat Detection Marketplace updates will be overwritten)
Create a GitLab merge request with Threat Detection Marketplace updates by selecting the Resolve Conflicts in the three dots menu of the Custom Repository. Then, the user has to resolve any potential conflicts on GitLab and after that pull the GitLab updates to Threat Detection Marketplace (so that content in Threat Detection Marketplace and content in GitLab have the same state)
Notes on system behavior once you click Resolve Conflicts:
A modal appears with the link to the created merge request. Use it to easily navigate to the merge request.
The Resolve Conflicts option becomes inactive since a request has already been created. If new updates are made on the Threat Detection Marketplace side, the Resolve Conflicts option becomes active again. If you click it, another merge request is created; the previous one is not deleted.
Automatically
Note:
Updates are synced automatically in both ways (from Threat Detection Marketplace to GitLab and vice versa) when the Sync with GitLab automatically switch is enabled in the Custom Repository settings.
The automatic sync takes place every 3 minutes, right after the check for updates. Accordingly, Ready to Push and Ready to Pull icons and the three dots menu options related to sync management do not become active. Thus, when automatic sync is enabled, you cannot sync updates on demand.
If updates are available both in Threat Detection Marketplace and in GitLab, a GitLab merge request with Threat Detection Marketplace updates is created automatically. Then, the GitLab updates are automatically pulled to Threat Detection Marketplace. This way, GitLab updates are considered as having priority. If you need to apply updates from Threat Detection Marketplace, you can always find them in the automatically created merge request.