diff --git a/Packs/AWS_WAF/Integrations/AWSWAF/AWSWAF.yml b/Packs/AWS_WAF/Integrations/AWSWAF/AWSWAF.yml index 3aedaa258458..8008612bfdf7 100644 --- a/Packs/AWS_WAF/Integrations/AWSWAF/AWSWAF.yml +++ b/Packs/AWS_WAF/Integrations/AWSWAF/AWSWAF.yml @@ -39,6 +39,20 @@ configuration: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 section: Connect - display: Role Session Duration name: sessionDuration @@ -145,6 +159,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 - name: tag_key description: A comma-separated list of the keys of the tags to associate with the IP set. isArray: true @@ -205,6 +233,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 description: Get a specific IP set. name: aws-waf-ip-set-get outputs: @@ -268,6 +310,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 - auto: PREDEFINED defaultValue: 'false' description: Whether to overwrite the existing addresses. @@ -312,6 +368,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 description: Lists IP sets. name: aws-waf-ip-set-list outputs: @@ -368,6 +438,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 description: Delete a specific IP set. name: aws-waf-ip-set-delete - arguments: @@ -409,6 +493,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 - name: tag_key description: A comma-separated list of the keys of the tags to associate with the regex set. isArray: true @@ -469,6 +567,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 description: Get a specific regex set. name: aws-waf-regex-set-get outputs: @@ -529,6 +641,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 - auto: PREDEFINED defaultValue: 'false' description: Whether to overwrite the existing regex patterns. @@ -573,6 +699,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 description: Lists regex sets. name: aws-waf-regex-set-list outputs: @@ -629,6 +769,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 description: Delete a specific regex set. name: aws-waf-regex-set-delete - arguments: @@ -666,6 +820,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 description: Lists rule groups. name: aws-waf-rule-group-list outputs: @@ -722,6 +890,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 description: Get a specific rule group. name: aws-waf-rule-group-get outputs: @@ -776,6 +958,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 description: Delete a specific rule group. name: aws-waf-rule-group-delete - arguments: @@ -832,6 +1028,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 - name: tag_key description: A comma-separated list of the keys of the tags to associate with the rule group. isArray: true @@ -895,6 +1105,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 - name: priority description: The rule priority. required: true @@ -960,6 +1184,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 - name: priority description: The rule priority. required: true @@ -1018,6 +1256,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 - name: priority description: The rule priority. required: true @@ -1132,6 +1384,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 description: Delete a specific rule from a rule group. name: aws-waf-rule-delete - arguments: @@ -1173,6 +1439,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 - name: ip_set_arn description: The IP set ARN. You can get this value by running the aws-waf-ip-set-list command. isArray: true @@ -1224,6 +1504,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 - name: country_codes description: A comma-separated list of two-character country codes. isArray: true @@ -1275,6 +1569,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 - name: match_type description: The string match type. required: true @@ -1382,6 +1690,20 @@ script: - eu-west-3 - us-gov-east-1 - us-gov-west-1 + - af-south-1 + - ap-east-1 + - ap-east-2 + - ap-northeast-3 + - ap-south-2 + - ap-southeast-3 + - ap-southeast-4 + - cn-north-1 + - cn-northwest-1 + - eu-central-2 + - eu-south-1 + - eu-south-2 + - me-south-1 + - me-central-1 - name: statement_json description: A generic JSON statement to add to the rule. You can get the templates by running the aws-waf-statement-json-template-get command. isArray: true @@ -1421,7 +1743,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/boto3py3:1.0.0.87902 + dockerimage: demisto/boto3py3:1.0.0.101500 fromversion: 6.5.0 tests: - No tests (auto formatted) diff --git a/Packs/AWS_WAF/ReleaseNotes/1_0_7.md b/Packs/AWS_WAF/ReleaseNotes/1_0_7.md new file mode 100644 index 000000000000..9a8d4892c37b --- /dev/null +++ b/Packs/AWS_WAF/ReleaseNotes/1_0_7.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### AWS-WAF + +- Fixed an issue where some regions were missing from the *Regions* parameter. +- Updated the Docker image to *demisto/boto3py3:1.0.0.101500*. diff --git a/Packs/AWS_WAF/pack_metadata.json b/Packs/AWS_WAF/pack_metadata.json index b6febbd34c7c..9e22310a8d32 100644 --- a/Packs/AWS_WAF/pack_metadata.json +++ b/Packs/AWS_WAF/pack_metadata.json @@ -2,7 +2,7 @@ "name": "AWS WAF", "description": "Amazon Web Services Web Application Firewall (WAF)", "support": "xsoar", - "currentVersion": "1.0.6", + "currentVersion": "1.0.7", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Aella_StarLight/Integrations/AellaStarLight/AellaStarLight.yml b/Packs/Aella_StarLight/Integrations/AellaStarLight/AellaStarLight.yml index 8051a70a00cb..30d034a8d6ee 100644 --- a/Packs/Aella_StarLight/Integrations/AellaStarLight/AellaStarLight.yml +++ b/Packs/Aella_StarLight/Integrations/AellaStarLight/AellaStarLight.yml @@ -8,12 +8,12 @@ description: Aella Star Light Integration configuration: - display: Server URL (e.g. https://starlight.companyname.com:8889) name: url - defaultvalue: "" + defaultvalue: '' type: 0 required: true - display: User name name: credentials - defaultvalue: "" + defaultvalue: '' type: 9 required: true - display: Fetch incidents @@ -26,17 +26,17 @@ configuration: required: false - display: Fetching interval in minutes (default is 15, minimum is 15 ) name: fetch_interval - defaultvalue: "15" + defaultvalue: '15' type: 0 required: false - display: The specific security event to look for. Default is all events name: event_name - defaultvalue: "" + defaultvalue: '' type: 0 required: false - display: Security event severity threshold, between 0-100 name: severity - defaultvalue: "50" + defaultvalue: '50' type: 0 required: false - display: Trust any certificate (not secure) @@ -45,7 +45,7 @@ configuration: required: false - display: Use system proxy settings name: proxy - defaultvalue: "false" + defaultvalue: 'false' type: 8 required: false script: @@ -87,7 +87,7 @@ script: description: Query the details for a specific Start Light event isfetch: true runonce: false - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 tests: - No test fromversion: 6.5.0 diff --git a/Packs/Aella_StarLight/ReleaseNotes/1_0_14.md b/Packs/Aella_StarLight/ReleaseNotes/1_0_14.md new file mode 100644 index 000000000000..7bd8bad6157f --- /dev/null +++ b/Packs/Aella_StarLight/ReleaseNotes/1_0_14.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Aella Star Light + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/Aella_StarLight/pack_metadata.json b/Packs/Aella_StarLight/pack_metadata.json index 3dd74c095cbf..185e1f66cd44 100644 --- a/Packs/Aella_StarLight/pack_metadata.json +++ b/Packs/Aella_StarLight/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Aella Star Light", "description": "Aella Star Light Integration", "support": "community", - "currentVersion": "1.0.13", + "currentVersion": "1.0.14", "author": "Aella Star Light", "url": "", "email": "", diff --git a/Packs/AlphaVantage/Integrations/AlphaVantage/AlphaVantage.yml b/Packs/AlphaVantage/Integrations/AlphaVantage/AlphaVantage.yml index c0e5d0692c0b..8b4572ca9087 100755 --- a/Packs/AlphaVantage/Integrations/AlphaVantage/AlphaVantage.yml +++ b/Packs/AlphaVantage/Integrations/AlphaVantage/AlphaVantage.yml @@ -29,34 +29,34 @@ script: name: alphavantage-stock-data-get outputs: - contextPath: AlphaVantage.StockData.symbol - description: 'Stock symbol' + description: Stock symbol type: String - contextPath: AlphaVantage.StockData.open - description: 'Open price' + description: Open price type: String - contextPath: AlphaVantage.StockData.high - description: 'Day high price' + description: Day high price type: String - contextPath: AlphaVantage.StockData.low - description: 'Day low price' + description: Day low price type: String - contextPath: AlphaVantage.StockData.price - description: 'Last price recorded' + description: Last price recorded type: String - contextPath: AlphaVantage.StockData.volume - description: 'Trade volume' + description: Trade volume type: String - contextPath: AlphaVantage.StockData.latest trading day - description: 'Last trade day date' + description: Last trade day date type: Date - contextPath: AlphaVantage.StockData.previous close - description: 'Last day close price' + description: Last day close price type: String - contextPath: AlphaVantage.StockData.change - description: 'Change since last close' + description: Change since last close type: String - contextPath: AlphaVantage.StockData.change percent - description: 'Change since last close in %' + description: Change since last close in % type: String - arguments: - description: Symbols of stocksto fetch @@ -64,44 +64,44 @@ script: name: symbol required: true - auto: PREDEFINED - defaultValue: '60min' + defaultValue: 60min description: Time interval between two data points name: interval predefined: - - '1min' - - '5min' - - '15min' - - '30min' - - '60min' + - 1min + - 5min + - 15min + - 30min + - 60min - auto: PREDEFINED defaultValue: compact description: Amount of data return name: output_size predefined: - - 'compact' - - 'full' + - compact + - full description: Gets historical data for a stock name: alphavantage-stock-history-get outputs: - contextPath: AlphaVantage.StockHistory.Information - description: 'Info about each time series' + description: Info about each time series type: String - contextPath: AlphaVantage.StockHistory.Interval - description: 'Time interval between two data samples' + description: Time interval between two data samples type: String - contextPath: AlphaVantage.StockHistory.Last Refreshed - description: 'Last time the API data was refreshed' + description: Last time the API data was refreshed type: String - contextPath: AlphaVantage.StockHistory.Output Size - description: 'Amount of data. Either last 100 samples or as much as possible' + description: Amount of data. Either last 100 samples or as much as possible type: String - contextPath: AlphaVantage.StockHistory.Symbol - description: 'Stock symbol' + description: Stock symbol type: String - contextPath: AlphaVantage.StockHistory.Time Series - description: 'List of all stock data samples' + description: List of all stock data samples type: Unknown - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '-' subtype: python3 diff --git a/Packs/AlphaVantage/ReleaseNotes/1_0_13.md b/Packs/AlphaVantage/ReleaseNotes/1_0_13.md new file mode 100644 index 000000000000..7085d010083c --- /dev/null +++ b/Packs/AlphaVantage/ReleaseNotes/1_0_13.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### AlphaVantage + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/AlphaVantage/pack_metadata.json b/Packs/AlphaVantage/pack_metadata.json index a7165d72d35e..1aaf8de1d2f5 100755 --- a/Packs/AlphaVantage/pack_metadata.json +++ b/Packs/AlphaVantage/pack_metadata.json @@ -2,7 +2,7 @@ "name": "AlphaVantage", "description": "The Alpha Vantage content pack provides accessible APIs for financial market data such as stock prices. Utilize this pack to get open stock prices, high/low price, trade volume, and so on.", "support": "community", - "currentVersion": "1.0.12", + "currentVersion": "1.0.13", "author": "Ohad Valtzer", "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions", "email": "", diff --git a/Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3.py b/Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3.py index 98ca9d09b4f5..494231938bf2 100644 --- a/Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3.py +++ b/Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3.py @@ -184,8 +184,7 @@ def __init__(self, base_url, user_name, api_key, verify, proxy, reliability, sho self.reliability = reliability self.should_create_relationships = should_create_relationships self.credentials = { - 'username': user_name, - 'api_key': api_key + 'Authorization': f"apikey {user_name}:{api_key}", } self.remote_api = remote_api @@ -198,9 +197,9 @@ def http_request(self, method, """ A wrapper for requests lib to send our requests and handle requests and responses better. """ - params = params or {} + headers = headers or {} if not without_credentials: - params.update(self.credentials) + headers.update(self.credentials) res = super()._http_request( method=method, url_suffix=url_suffix, diff --git a/Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3.yml b/Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3.yml index 7338f5a79dd4..41965a38e51a 100644 --- a/Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3.yml +++ b/Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3.yml @@ -6431,7 +6431,7 @@ script: isArray: true description: Remove tags from the indicators. name: threatstream-remove-indicator-tag - dockerimage: demisto/py3-tools:1.0.0.93223 + dockerimage: demisto/py3-tools:1.0.0.99035 runonce: false script: '-' subtype: python3 diff --git a/Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3_test.py b/Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3_test.py index 26e7b7c46773..be8e6402c43d 100644 --- a/Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3_test.py +++ b/Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3_test.py @@ -38,8 +38,8 @@ def util_tmp_json_file(mock_object, file_name: str): def mock_client(): return Client( base_url='', - user_name='', - api_key='', + user_name='user', + api_key='key', proxy=False, should_create_relationships=True, verify=False, @@ -1869,7 +1869,7 @@ def test_remove_indicator_tag_command_success( @pytest.mark.parametrize( "without_credentials, expected_params", [ - (False, {'username': '', 'api_key': ''}), + (False, {'Authorization': 'apikey user:key'}), (True, {}), ], ) @@ -1882,5 +1882,6 @@ def test_http_request_without_credentials(mocker, without_credentials: bool, exp from AnomaliThreatStreamv3 import BaseClient http_request = mocker.patch.object(BaseClient, "_http_request", return_value={}) client: BaseClient = mock_client() + client.http_request("GET", "/hello", without_credentials=without_credentials) - assert http_request.call_args.kwargs["params"] == expected_params + assert http_request.call_args.kwargs["headers"] == expected_params diff --git a/Packs/Anomali_ThreatStream/ReleaseNotes/2_2_21.md b/Packs/Anomali_ThreatStream/ReleaseNotes/2_2_21.md new file mode 100644 index 000000000000..5fb49329abc5 --- /dev/null +++ b/Packs/Anomali_ThreatStream/ReleaseNotes/2_2_21.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### Anomali ThreatStream v3 + +- Updated the Authorization flow due to changes on Anomali API side. +- Updated the Docker image to *demisto/py3-tools:1.0.0.99035*. diff --git a/Packs/Anomali_ThreatStream/pack_metadata.json b/Packs/Anomali_ThreatStream/pack_metadata.json index d42aa334e2b6..c1505570d0ae 100644 --- a/Packs/Anomali_ThreatStream/pack_metadata.json +++ b/Packs/Anomali_ThreatStream/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Anomali ThreatStream", "description": "Use Anomali ThreatStream to query and submit threats.", "support": "xsoar", - "currentVersion": "2.2.20", + "currentVersion": "2.2.21", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py index da80ebf03a6e..97868007170f 100644 --- a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py +++ b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py @@ -2968,6 +2968,7 @@ def resolve_xdr_close_reason(xsoar_close_reason: str) -> str: """ # Initially setting the close reason according to the default mapping. xdr_close_reason = XSOAR_RESOLVED_STATUS_TO_XDR.get(xsoar_close_reason, 'resolved_other') + # Reading custom XSOAR->XDR close-reason mapping. custom_xsoar_to_xdr_close_reason_mapping = comma_separated_mapping_to_dict( demisto.params().get("custom_xsoar_to_xdr_close_reason_mapping") @@ -2975,16 +2976,15 @@ def resolve_xdr_close_reason(xsoar_close_reason: str) -> str: # Overriding default close-reason mapping if there exists a custom one. if xsoar_close_reason in custom_xsoar_to_xdr_close_reason_mapping: - xdr_close_reason_candidate = custom_xsoar_to_xdr_close_reason_mapping[xsoar_close_reason] + xdr_close_reason_candidate = custom_xsoar_to_xdr_close_reason_mapping.get(xsoar_close_reason) # Transforming resolved close-reason into snake_case format with known prefix to match XDR status format. - demisto.debug( - f"resolve_xdr_close_reason XSOAR->XDR custom close-reason exists, using {xsoar_close_reason}={xdr_close_reason}") xdr_close_reason_candidate = "resolved_" + "_".join(xdr_close_reason_candidate.lower().split(" ")) - if xdr_close_reason_candidate not in XDR_RESOLVED_STATUS_TO_XSOAR: demisto.debug("Warning: Provided XDR close-reason does not exist. Using default XDR close-reason mapping. ") else: xdr_close_reason = xdr_close_reason_candidate + demisto.debug( + f"resolve_xdr_close_reason XSOAR->XDR custom close-reason exists, using {xsoar_close_reason}={xdr_close_reason}") else: demisto.debug(f"resolve_xdr_close_reason using default mapping {xsoar_close_reason}={xdr_close_reason}") diff --git a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.yml b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.yml index 8683ceb30d47..61f96a384a73 100644 --- a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.yml +++ b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.yml @@ -12,7 +12,7 @@ comment: Common Core IR Client, provides generic Infrastructure. scripttarget: 0 dependson: {} timeout: 0s -dockerimage: demisto/python3:3.10.14.99865 +dockerimage: demisto/python3:3.11.9.101916 fromversion: 5.0.0 tests: - No tests (auto formatted) diff --git a/Packs/Arduino/Integrations/Arduino/Arduino.yml b/Packs/Arduino/Integrations/Arduino/Arduino.yml index fa8f39aa1beb..e88b16600133 100644 --- a/Packs/Arduino/Integrations/Arduino/Arduino.yml +++ b/Packs/Arduino/Integrations/Arduino/Arduino.yml @@ -9,7 +9,7 @@ configuration: required: true type: 0 - additionalinfo: Port number - defaultvalue: "9090" + defaultvalue: '9090' display: Port number name: port required: true @@ -123,7 +123,7 @@ script: - contextPath: Arduino.DataSend.Received description: The data received type: string - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 script: '' subtype: python3 type: python diff --git a/Packs/Arduino/ReleaseNotes/1_0_12.md b/Packs/Arduino/ReleaseNotes/1_0_12.md new file mode 100644 index 000000000000..300943139f24 --- /dev/null +++ b/Packs/Arduino/ReleaseNotes/1_0_12.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Arduino + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/Arduino/pack_metadata.json b/Packs/Arduino/pack_metadata.json index af20b07da0ca..906a0cea4704 100644 --- a/Packs/Arduino/pack_metadata.json +++ b/Packs/Arduino/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Arduino", "description": "Communicate with an Arduino over a network. Sample code for the Arduino is provided to get up and running. There are functions in the Arduino code to handle setting and getting pin values as well as arbitrary data.", "support": "community", - "currentVersion": "1.0.11", + "currentVersion": "1.0.12", "author": "Adam Burt", "url": "", "email": "", diff --git a/Packs/Barracuda/Integrations/BarracudaReputationBlockListBRBL/BarracudaReputationBlockListBRBL.yml b/Packs/Barracuda/Integrations/BarracudaReputationBlockListBRBL/BarracudaReputationBlockListBRBL.yml index 928e2144bdbc..3c4496ba42fb 100644 --- a/Packs/Barracuda/Integrations/BarracudaReputationBlockListBRBL/BarracudaReputationBlockListBRBL.yml +++ b/Packs/Barracuda/Integrations/BarracudaReputationBlockListBRBL/BarracudaReputationBlockListBRBL.yml @@ -75,7 +75,7 @@ script: description: A description explaining why the IP address was reported as malicious. type: String description: Get IP Reputation - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false subtype: python3 fromversion: 6.0.0 diff --git a/Packs/Barracuda/ReleaseNotes/1_0_11.md b/Packs/Barracuda/ReleaseNotes/1_0_11.md new file mode 100644 index 000000000000..efc658339547 --- /dev/null +++ b/Packs/Barracuda/ReleaseNotes/1_0_11.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Barracuda Reputation Block List (BRBL) + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/Barracuda/pack_metadata.json b/Packs/Barracuda/pack_metadata.json index 6a313300d572..6153998c9c9b 100644 --- a/Packs/Barracuda/pack_metadata.json +++ b/Packs/Barracuda/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Barracuda", "description": "Barracuda Reputation Block List (BRBL)", "support": "community", - "currentVersion": "1.0.10", + "currentVersion": "1.0.11", "author": "Harri Ruuttila", "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions", "email": "", diff --git a/Packs/Base/ReleaseNotes/1_34_27.md b/Packs/Base/ReleaseNotes/1_34_27.md new file mode 100644 index 000000000000..05d2fa1dc596 --- /dev/null +++ b/Packs/Base/ReleaseNotes/1_34_27.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### CommonServerPython + +Added a functionality to read server configuration. diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py index 28ff0f5c6b4d..fa8b204733d9 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py @@ -12021,6 +12021,36 @@ def is_time_sensitive(): return hasattr(demisto, 'isTimeSensitive') and demisto.isTimeSensitive() +def parse_json_string(json_string): + """ + Parse a JSON string into a Python dictionary. + + :type json_string: ``str`` + :param json_string: The JSON string to be parsed. + + :rtype: ``dict`` + :return: A Python dictionary representing the parsed JSON data. + """ + try: + data = json.loads(json_string) + return data + except json.JSONDecodeError as error: # type: ignore[attr-defined] + demisto.error("Error decoding JSON: {error}".format(error=error)) + return {} + + +def get_server_config(): + """ + Retrieves XSOAR server configuration. + + :rtype: ``dict`` + :return: The XSOAR server configuration. + """ + response = demisto.internalHttpRequest(method='GET', uri='/system/config') + body = parse_json_string(response.get('body')) + server_config = body.get('sysConf', {}) + return server_config + from DemistoClassApiModule import * # type:ignore [no-redef] # noqa:E402 diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py index 53bcb7894e74..8efb56a5b1d3 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py @@ -18,18 +18,21 @@ import CommonServerPython import demistomock as demisto -from CommonServerPython import xml2json, json2xml, entryTypes, formats, tableToMarkdown, underscoreToCamelCase, \ - flattenCell, date_to_timestamp, datetime, timedelta, camelize, pascalToSpace, argToList, \ - remove_nulls_from_dictionary, is_error, get_error, hash_djb2, fileResult, is_ip_valid, get_demisto_version, \ - IntegrationLogger, parse_date_string, IS_PY3, PY_VER_MINOR, DebugLogger, b64_encode, parse_date_range, \ - return_outputs, is_filename_valid, convert_dict_values_bytes_to_str, \ - argToBoolean, ipv4Regex, ipv4cidrRegex, ipv6cidrRegex, urlRegex, ipv6Regex, domainRegex, batch, FeedIndicatorType, \ - encode_string_results, safe_load_json, remove_empty_elements, aws_table_to_markdown, is_demisto_version_ge, \ - appendContext, auto_detect_indicator_type, handle_proxy, get_demisto_version_as_str, get_x_content_info_headers, \ - url_to_clickable_markdown, WarningsHandler, DemistoException, SmartGetDict, JsonTransformer, \ - remove_duplicates_from_list_arg, DBotScoreType, DBotScoreReliability, Common, send_events_to_xsiam, ExecutionMetrics, \ - response_to_context, is_integration_command_execution, is_xsiam_or_xsoar_saas, is_xsoar, is_xsoar_on_prem, \ - is_xsoar_hosted, is_xsoar_saas, is_xsiam, send_data_to_xsiam, censor_request_logs, censor_request_logs, safe_sleep +from CommonServerPython import (xml2json, json2xml, entryTypes, formats, tableToMarkdown, underscoreToCamelCase, + flattenCell, date_to_timestamp, datetime, timedelta, camelize, pascalToSpace, argToList, + remove_nulls_from_dictionary, is_error, get_error, hash_djb2, fileResult, is_ip_valid, + get_demisto_version, IntegrationLogger, parse_date_string, IS_PY3, PY_VER_MINOR, DebugLogger, + b64_encode, parse_date_range, return_outputs, is_filename_valid, convert_dict_values_bytes_to_str, + argToBoolean, ipv4Regex, ipv4cidrRegex, ipv6cidrRegex, urlRegex, ipv6Regex, domainRegex, batch, + FeedIndicatorType, encode_string_results, safe_load_json, remove_empty_elements, + aws_table_to_markdown, is_demisto_version_ge, appendContext, auto_detect_indicator_type, + handle_proxy, get_demisto_version_as_str, get_x_content_info_headers, url_to_clickable_markdown, + WarningsHandler, DemistoException, SmartGetDict, JsonTransformer, remove_duplicates_from_list_arg, + DBotScoreType, DBotScoreReliability, Common, send_events_to_xsiam, ExecutionMetrics, + response_to_context, is_integration_command_execution, is_xsiam_or_xsoar_saas, is_xsoar, + is_xsoar_on_prem, is_xsoar_hosted, is_xsoar_saas, is_xsiam, send_data_to_xsiam, + censor_request_logs, censor_request_logs, safe_sleep, get_server_config + ) EVENTS_LOG_ERROR = \ """Error sending new events into XSIAM. @@ -9769,3 +9772,51 @@ def test_sleep_mocked_time(mocker): # Verify sleep duration based on mocked time difference assert sleep_mocker.call_count == 2 + + +def test_get_server_config(mocker): + mock_response = { + 'body': '{"sysConf":{"incident.closereasons":"CustomReason1, CustomReason 2, Foo","versn":40},"defaultMap":{}}\n', + 'headers': { + 'Content-Length': ['104'], + 'X-Xss-Protection': ['1; mode=block'], + 'X-Content-Type-Options': ['nosniff'], + 'Strict-Transport-Security': ['max-age=10886400000000000; includeSubDomains'], + 'Vary': ['Accept-Encoding'], + 'Server-Timing': ['7'], + 'Date': ['Wed, 03 Jul 2010 09:11:35 GMT'], + 'X-Frame-Options': ['DENY'], + 'Content-Type': ['application/json'] + }, + 'status': '200 OK', + 'statusCode': 200 + } + + mocker.patch.object(demisto, 'internalHttpRequest', return_value=mock_response) + server_config = get_server_config() + assert server_config == {'incident.closereasons': 'CustomReason1, CustomReason 2, Foo', 'versn': 40} + + +@pytest.mark.skipif(not IS_PY3, reason='test not supported in py2') +def test_get_server_config_fail(mocker): + mock_response = { + 'body': 'NOT A VALID JSON', + 'headers': { + 'Content-Length': ['104'], + 'X-Xss-Protection': ['1; mode=block'], + 'X-Content-Type-Options': ['nosniff'], + 'Strict-Transport-Security': ['max-age=10886400000000000; includeSubDomains'], + 'Vary': ['Accept-Encoding'], + 'Server-Timing': ['7'], + 'Date': ['Wed, 03 Jul 2010 09:11:35 GMT'], + 'X-Frame-Options': ['DENY'], + 'Content-Type': ['application/json'] + }, + 'status': '200 OK', + 'statusCode': 200 + } + + mocker.patch.object(demisto, 'internalHttpRequest', return_value=mock_response) + mocked_error = mocker.patch.object(demisto, 'error') + assert get_server_config() == {} + assert mocked_error.call_args[0][0] == 'Error decoding JSON: Expecting value: line 1 column 1 (char 0)' diff --git a/Packs/Base/pack_metadata.json b/Packs/Base/pack_metadata.json index fe70744f2b12..7809b945f12f 100644 --- a/Packs/Base/pack_metadata.json +++ b/Packs/Base/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Base", "description": "The base pack for Cortex XSOAR.", "support": "xsoar", - "currentVersion": "1.34.26", + "currentVersion": "1.34.27", "author": "Cortex XSOAR", "serverMinVersion": "6.0.0", "url": "https://www.paloaltonetworks.com/cortex", diff --git a/Packs/BitDam/Integrations/BitDam/BitDam.yml b/Packs/BitDam/Integrations/BitDam/BitDam.yml index 978661ce70ed..6ad1c6a90936 100644 --- a/Packs/BitDam/Integrations/BitDam/BitDam.yml +++ b/Packs/BitDam/Integrations/BitDam/BitDam.yml @@ -13,7 +13,7 @@ configuration: required: true - display: API Token name: apitoken - defaultvalue: "" + defaultvalue: '' type: 4 required: true - display: Trust any certificate (not secure) @@ -77,7 +77,7 @@ script: type: string description: Returns the verdict for a scanned file. runonce: false - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 tests: - Detonate File - BitDam Test fromversion: 5.0.0 diff --git a/Packs/BitDam/ReleaseNotes/1_0_14.md b/Packs/BitDam/ReleaseNotes/1_0_14.md new file mode 100644 index 000000000000..840d3942b629 --- /dev/null +++ b/Packs/BitDam/ReleaseNotes/1_0_14.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### BitDam + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/BitDam/pack_metadata.json b/Packs/BitDam/pack_metadata.json index 7d2cf47dbe65..7d9484582b64 100644 --- a/Packs/BitDam/pack_metadata.json +++ b/Packs/BitDam/pack_metadata.json @@ -2,7 +2,7 @@ "name": "BitDam", "description": "BitDam secure email gateway protects from advanced content-borne threats with the most accurate prevention of known and unknown threats, at their source.", "support": "community", - "currentVersion": "1.0.13", + "currentVersion": "1.0.14", "author": "BitDam", "url": "https://www.bitdam.com", "email": "support@bitdam.com", diff --git a/Packs/BluelivThreatContext/Integrations/BluelivThreatContext/BluelivThreatContext.yml b/Packs/BluelivThreatContext/Integrations/BluelivThreatContext/BluelivThreatContext.yml index f704970b21c8..1605d231b7c6 100644 --- a/Packs/BluelivThreatContext/Integrations/BluelivThreatContext/BluelivThreatContext.yml +++ b/Packs/BluelivThreatContext/Integrations/BluelivThreatContext/BluelivThreatContext.yml @@ -637,7 +637,7 @@ script: - contextPath: BluelivThreatContext.signature.type description: Signature type. type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '-' subtype: python3 diff --git a/Packs/BluelivThreatContext/ReleaseNotes/1_0_10.md b/Packs/BluelivThreatContext/ReleaseNotes/1_0_10.md new file mode 100644 index 000000000000..f4f03e975627 --- /dev/null +++ b/Packs/BluelivThreatContext/ReleaseNotes/1_0_10.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Blueliv ThreatContext + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/BluelivThreatContext/pack_metadata.json b/Packs/BluelivThreatContext/pack_metadata.json index d107e8e5d43e..492910a21878 100644 --- a/Packs/BluelivThreatContext/pack_metadata.json +++ b/Packs/BluelivThreatContext/pack_metadata.json @@ -2,8 +2,8 @@ "name": "Blueliv ThreatContext", "description": "The Threat Context module provides SOC, Incident Response and Threat Intelligence teams with continuously updated and intuitive information around threat actors, campaigns, malware indicators, attack patterns, tools, signatures and CVEs. Analysts can rapidly gather enriched, contextualized information to enhance cybersecurity processes before, during and after an attack.", "support": "community", - "currentVersion": "1.0.9", - "author": "Oriol Campderr\u00f3s", + "currentVersion": "1.0.10", + "author": "Oriol Campderrós", "url": " ", "email": "", "created": "2020-06-08T15:37:54Z", diff --git a/Packs/BmcITSM/Integrations/BmcITSM/BmcITSM.py b/Packs/BmcITSM/Integrations/BmcITSM/BmcITSM.py index ecb3b8105e6f..29690795fd97 100644 --- a/Packs/BmcITSM/Integrations/BmcITSM/BmcITSM.py +++ b/Packs/BmcITSM/Integrations/BmcITSM/BmcITSM.py @@ -3,7 +3,7 @@ # type: ignore # mypy: ignore-errors from copy import deepcopy -from typing import Callable, Tuple +from collections.abc import Callable from datetime import datetime @@ -351,9 +351,8 @@ def retrieve_access_token(self, username: str, password: str) -> str: """ integration_context = get_integration_context() now = int(datetime.now().timestamp()) - if integration_context.get("token") and integration_context.get("expires_in"): - if now < integration_context["expires_in"]: - return integration_context["token"] + if integration_context.get("token") and integration_context.get("expires_in") and now < integration_context["expires_in"]: + return integration_context["token"] try: token = self._http_request( @@ -2914,7 +2913,7 @@ def get_paginated_records_with_hr( limit: Optional[int], page: int = None, page_size: int = None, -) -> Tuple[list, str]: +) -> tuple[list, str]: """ Retrieve the required page either with Automatic or Manual pagination, and the matching readable output header. @@ -2995,7 +2994,7 @@ def validate_related_arguments_provided(**related_args): def extract_args_from_additional_fields_arg(additional_fields: str, - field_name: str) -> Tuple[Any, List[str]]: + field_name: str) -> tuple[Any, List[str]]: """ Extract dictionary structure from additional field argument. @@ -3298,7 +3297,7 @@ def fetch_relevant_tickets( impact_filter: List[str], urgency_filter: List[str], custom_query: str, -) -> Tuple[list, dict]: +) -> tuple[list, dict]: """ Fetch the relevant tickets according to the provided filter arguments. The Tickets are fetched Iteratively, by their ticket type until the capacity @@ -3340,9 +3339,9 @@ def fetch_relevant_tickets( tickets_capacity -= tickets_amount if fetched_tickets: - last_ticket_create_time = total_tickets[-1].get("CreateDate") - ticket_type_to_last_epoch[ticket_type] = date_to_epoch_for_fetch( - arg_to_datetime(last_ticket_create_time)) + ticket_type_to_last_epoch[ticket_type] = max( + [date_to_epoch_for_fetch(arg_to_datetime(ticket.get("CreateDate"))) + for ticket in total_tickets]) if tickets_capacity <= 0: # no more tickets to retrieve in the current fetch break @@ -3425,10 +3424,7 @@ def all_keys_empty(dict_obj: Dict[str, Any]) -> bool: Returns: bool: Wheter or not all keys have None value. """ - for value in dict_obj.values(): - if value: - return False - return True + return all(not value for value in dict_obj.values()) def gen_multi_filters_statement(filter_mapper: Dict[str, Any], oper_in_filter: str, diff --git a/Packs/BmcITSM/Integrations/BmcITSM/BmcITSM.yml b/Packs/BmcITSM/Integrations/BmcITSM/BmcITSM.yml index d378dd20956b..224b419e8cf4 100644 --- a/Packs/BmcITSM/Integrations/BmcITSM/BmcITSM.yml +++ b/Packs/BmcITSM/Integrations/BmcITSM/BmcITSM.yml @@ -169,7 +169,7 @@ script: script: "" type: python subtype: python3 - dockerimage: demisto/python3:3.10.13.87159 + dockerimage: demisto/python3:3.10.14.100715 commands: - name: bmc-itsm-user-list description: Retrieves a list of user profiles from BMC Helix ITSM. The records are retrieved by the query argument or by the filtering arguments. When using filtering arguments, each one defines a 'LIKE' operation and an 'AND' operator is used between them. To see the entire JSON then you can use the raw_response=true at the end of the command. diff --git a/Packs/BmcITSM/Integrations/BmcITSM/BmcITSM_test.py b/Packs/BmcITSM/Integrations/BmcITSM/BmcITSM_test.py index 675c49954956..2173fd904a4f 100644 --- a/Packs/BmcITSM/Integrations/BmcITSM/BmcITSM_test.py +++ b/Packs/BmcITSM/Integrations/BmcITSM/BmcITSM_test.py @@ -2,6 +2,8 @@ import os import pytest from unittest.mock import patch +from CommonServerPython import * + """MOCK PARAMETERS """ CREDENTIALS = "credentials" ACCOUNT_ID = "account_id" @@ -22,7 +24,7 @@ def load_mock_response(file_name: str) -> str: Returns: str: Mock file content. """ - with open(os.path.join("test_data", file_name), mode="r", encoding="utf-8") as mock_file: + with open(os.path.join("test_data", file_name), encoding="utf-8") as mock_file: return json.loads(mock_file.read()) @@ -1480,3 +1482,35 @@ def test_ticket_list_work_order_command( assert result.outputs_prefix == "BmcITSM.Ticket" assert len(outputs) == expected_outputs_len assert outputs[0]["DisplayID"] == expected_name + + +def test_fetch_command( + mocker +): + """ + Given: + - List tickets. + When: + - fetch_incidents command called. + Then: + - Ensure that the *last_create_time* in *last_run_result* is the last between all incidents. + """ + import BmcITSM + mock_response = load_mock_response("list_tickets_not_sorted.json") + expected_result = 1719671916 + mocker.patch.object(demisto, 'getLastRun', return_value={"SRM:Request": {"last_create_time": '2021-06-29T14:38:36.000+0000'}}) + mocker.patch.object(BmcITSM, "fetch_relevant_tickets_by_ticket_type", return_value=mock_response) + incidents_result, last_run_result = BmcITSM.fetch_incidents(mock_client, + max_fetch=2, + first_fetch="2022-06-29T14:38:36.000+0000", + last_run={"SRM:Request": { + "last_create_time": '2021-06-29T14:38:36.000+0000'}}, + ticket_type_filter=["SRM:Request"], + status_filter=[], + impact_filter=[], + urgency_filter=[], + custom_query=("'Submit Date' <= \"1657032797\" AND 'Submit Date'" + ">\"1657032797\" AND 'Urgency' = \"4-Low\""), + mirror_direction="both", + ) + assert last_run_result["SRM:Request"]["last_create_time"] == expected_result diff --git a/Packs/BmcITSM/Integrations/BmcITSM/test_data/list_tickets_not_sorted.json b/Packs/BmcITSM/Integrations/BmcITSM/test_data/list_tickets_not_sorted.json new file mode 100644 index 000000000000..c4125a410a58 --- /dev/null +++ b/Packs/BmcITSM/Integrations/BmcITSM/test_data/list_tickets_not_sorted.json @@ -0,0 +1,112 @@ +[ + { + "values": { + "SysRequestID": "000000000000402", + "Submitter": "appadmin", + "Submit Date": "2024-06-29T14:38:36.000+0000", + "System Assignee": null, + "Status": "Planning", + "Status-History": { + "Draft": { + "user": "appadmin", + "timestamp": "2022-06-29T14:38:37.000+0000" + }, + "Submitted": { + "user": "appadmin", + "timestamp": "2022-06-29T14:38:37.000+0000" + }, + "Waiting Approval": { + "user": "Remedy Application Service", + "timestamp": "2022-06-29T14:39:49.000+0000" + }, + "Planning": { + "user": "Remedy Application Service", + "timestamp": "2022-06-29T14:39:49.000+0000" + } + }, + "Assignee Groups": "1000000003;'appadmin';", + "InstanceId": "AGGAI7ZXDK9WFAR4IUA2R3J3RVIB6V", + "Vendor Assignee Groups": null, + "Vendor Assignee Groups_parent": null, + "Assignee Groups_parent": "", + "z1D_WorkInfoType": null, + "z1D_WorkInfoSummary": null, + "z1D_WorkInfoDetails": null, + "z1D_WorkInfoSecureLog": null, + "z1D_WorkInfoViewAccess": null, + "z1D_WorkInfoDate": null, + "z1D_CommunicationSource": null, + "Assignee Group": "Backoffice Support", + "Assignee": "Mary Mann", + "Recurring Price Basis": null, + "Location Company": "Calbro Services", + "Organization": null, + "Assigned Support Organization": "IT Support", + "Last Name": "Admin", + "First Name": "App", + "Service Location Address": "1114 Eighth Avenue, 31st Floor. \r\nNew York, New York 10036 \r\nUnited States", + "Internet E-mail": null, + "Phone Number": "###", + "Navigation Tier 1": "File & Print", + "Navigation Tier 2": null, + "Navigation Tier 3": null, + "z1D Action": null, + "Request Manager Group ID": null, + "Company": "Calbro Services", + "Status_Reason": null, + "Details": null, + "Urgency": "2-High", + "Impact": "1-Extensive/Widespread", + "Assigned Group": null, + "Request Manager": null, + "Assigned Support Company": "Calbro Services", + "Request Manager Login": null, + "Total Escalation Level": 0, + "Request Number": "REQ000000000401", + "Date Required": null, + "Next Target Date": null, + "SLM Status": null, + "Customer First Name": "App", + "Customer Last Name": "Admin", + "Customer Company": "Calbro Services", + "Customer Organization": null, + "Customer Department": null, + "Customer Internet E-mail": null, + "Customer Phone Number": "###" + }, + "CreateDate": "2024-06-29T14:38:36.000+0000" + }, + { + "values": { + "SysRequestID": "000000000000403", + "Submitter": "appadmin", + "Submit Date": "2022-06-29T14:38:36.000+0000", + "System Assignee": null, + "Status": "Planning", + "Status-History": { + "Draft": { + "user": "appadmin", + "timestamp": "2022-06-29T14:38:37.000+0000" + }, + "Submitted": { + "user": "appadmin", + "timestamp": "2022-06-29T14:38:37.000+0000" + }, + "Waiting Approval": { + "user": "Remedy Application Service", + "timestamp": "2022-06-29T14:39:43.000+0000" + }, + "Planning": { + "user": "Remedy Application Service", + "timestamp": "2022-06-29T14:39:43.000+0000" + } + }, + "Assignee Groups": "1000000003;'appadmin';", + "InstanceId": "AGGAI7ZXDK9WFAR4IUA2R3J3RVIB6S", + "Vendor Assignee Groups": null, + "Vendor Assignee Groups_parent": null, + "Assignee Groups_parent": "" + }, + "CreateDate": "2022-06-29T14:38:36.000+0000" + } + ] diff --git a/Packs/BmcITSM/ReleaseNotes/1_0_23.md b/Packs/BmcITSM/ReleaseNotes/1_0_23.md new file mode 100644 index 000000000000..35e13be316f4 --- /dev/null +++ b/Packs/BmcITSM/ReleaseNotes/1_0_23.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### BMC Helix ITSM + +- Fixed an issue in the ***fetch-incidents*** command where duplicate incidents were fetched due to the incorrect assumption that tickets pulled from BMC Helix ITSM are sorted in ascending order. +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/BmcITSM/pack_metadata.json b/Packs/BmcITSM/pack_metadata.json index 75cb746144cf..66cfdbd19553 100644 --- a/Packs/BmcITSM/pack_metadata.json +++ b/Packs/BmcITSM/pack_metadata.json @@ -2,7 +2,7 @@ "name": "BMC Helix ITSM", "description": "BMC Helix ITSM allows customers to manage service request, incident, change request, task, problem investigation, known error and work order tickets.", "support": "xsoar", - "currentVersion": "1.0.22", + "currentVersion": "1.0.23", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Bonusly/Integrations/Bonusly/Bonusly.yml b/Packs/Bonusly/Integrations/Bonusly/Bonusly.yml index 05258e9c40ae..86d0cea6c318 100644 --- a/Packs/Bonusly/Integrations/Bonusly/Bonusly.yml +++ b/Packs/Bonusly/Integrations/Bonusly/Bonusly.yml @@ -59,9 +59,9 @@ script: - defaultValue: '20' description: 'Number of bonuses to retrieve (min: 1, max: 100) Default: 20.' name: limit - - description: 'The start time by which to filter returned bonuses. e.g., 2015-10-28T21:26:50Z.' + - description: The start time by which to filter returned bonuses. e.g., 2015-10-28T21:26:50Z. name: start-time - - description: 'The end time by which to filter returned bonuses, e.g., 2015-10-28T21:26:50Z.' + - description: The end time by which to filter returned bonuses, e.g., 2015-10-28T21:26:50Z. name: end-time - description: Email address of the bonus giver by which to filter results. name: giver-email @@ -71,7 +71,7 @@ script: name: user-email - description: 'Filter to get a list of bonuses by a hashtag Example: %23teamwork' name: hashtag - - description: 'Whether to include child responses of the bonus.' + - description: Whether to include child responses of the bonus. name: include-children - description: Whether to show private bonuses. Requires Admin API key. name: show-private-bonuses @@ -82,7 +82,7 @@ script: description: Bonus ID. type: String - contextPath: Bonusly.Bonus.created_at - description: 'Date the bonus was created (given), e.g., 2015-10-28T21:26:50Z.' + description: Date the bonus was created (given), e.g., 2015-10-28T21:26:50Z. type: Date - contextPath: Bonusly.Bonus.reason description: 'The bonus message, e.g., "For signing up for the world''s favorite employee recognition solution! #problem-solving"' @@ -196,7 +196,7 @@ script: - description: "The bonus message, e.g., \n+10 @george and @john for #execution with that customer #collaboration with the team, and #integrity on the known vulnerabilities to the application. \n\n+10 @francesco because he is fast and detailed\n" name: reason required: true - - description: 'The parent bonus ID with which to associate this bonus, e.g., 24abcdef1234567890abcdef.' + - description: The parent bonus ID with which to associate this bonus, e.g., 24abcdef1234567890abcdef. name: parent-bonus-id description: Creates a Bonusly bonus. name: bonusly-create-bonus @@ -205,7 +205,7 @@ script: description: Bonus ID. type: String - contextPath: Bonusly.Bonus.created_at - description: 'Date the bonus was created (given), e.g., 2015-10-28T21:26:50Z.' + description: Date the bonus was created (given), e.g., 2015-10-28T21:26:50Z. type: Date - contextPath: Bonusly.Bonus.reason description: 'The bonus message, e.g., "For signing up for the world''s favorite employee recognition solution! #problem-solving"' @@ -313,7 +313,7 @@ script: description: Family bonus balance. type: Number - arguments: - - description: 'ID of the bonus to get information for.' + - description: ID of the bonus to get information for. name: id required: true description: Gets a bonus by bonus ID. @@ -323,7 +323,7 @@ script: description: Bonus ID. type: String - contextPath: Bonusly.Bonus.created_at - description: 'Date the bonus was created (given), e.g., 2015-10-28T21:26:50Z.' + description: Date the bonus was created (given), e.g., 2015-10-28T21:26:50Z. type: Date - contextPath: Bonusly.Bonus.reason description: 'The bonus message, e.g., "For signing up for the world''s favorite employee recognition solution! #problem-solving"' @@ -444,7 +444,7 @@ script: description: Bonus ID. type: String - contextPath: Bonusly.Bonus.created_at - description: 'Date the bonus was created (given), e.g., 2015-10-28T21:26:50Z.' + description: Date the bonus was created (given), e.g., 2015-10-28T21:26:50Z. type: Date - contextPath: Bonusly.Bonus.reason description: 'The bonus message, e.g., "For signing up for the world''s favorite employee recognition solution! #problem-solving"' @@ -561,7 +561,7 @@ script: - contextPath: Bonusly.Bonus.message description: Message type: Unknown - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 isfetch: true runonce: false script: '-' diff --git a/Packs/Bonusly/ReleaseNotes/1_0_15.md b/Packs/Bonusly/ReleaseNotes/1_0_15.md new file mode 100644 index 000000000000..cd9f63c7980e --- /dev/null +++ b/Packs/Bonusly/ReleaseNotes/1_0_15.md @@ -0,0 +1,12 @@ + +#### Integrations + +##### Bonusly + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. + +#### Scripts + +##### IncOwnerToBonuslyUser + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/Bonusly/Scripts/IncOwnerToBonuslyUser/IncOwnerToBonuslyUser.yml b/Packs/Bonusly/Scripts/IncOwnerToBonuslyUser/IncOwnerToBonuslyUser.yml index 68060ba74572..a6bbe222236e 100644 --- a/Packs/Bonusly/Scripts/IncOwnerToBonuslyUser/IncOwnerToBonuslyUser.yml +++ b/Packs/Bonusly/Scripts/IncOwnerToBonuslyUser/IncOwnerToBonuslyUser.yml @@ -25,7 +25,7 @@ tags: - Utilities timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 5.0.0 tests: diff --git a/Packs/Bonusly/pack_metadata.json b/Packs/Bonusly/pack_metadata.json index a89dcaa402d3..6f357b014e29 100644 --- a/Packs/Bonusly/pack_metadata.json +++ b/Packs/Bonusly/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Bonusly", "description": "Bonus.ly is an employee recognition platform which enterprises use to for employee recognition. We're building tools to help people feel a sense of purpose and progress at work. The platform which also has an API enables employees to recognize each other by providing a point based bonus system. Bonus.ly helps your employees feel connected, engaged, and aligned is mission critical right now. Bonusly makes employee recognition easy and fun, fostering community and creating company-wide alignment. It also provides employees with positive feedback in the work that they are doing. ", "support": "community", - "currentVersion": "1.0.14", + "currentVersion": "1.0.15", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CaseManagement-Generic/ReleaseNotes/1_4_8.md b/Packs/CaseManagement-Generic/ReleaseNotes/1_4_8.md new file mode 100644 index 000000000000..407aa7c451ad --- /dev/null +++ b/Packs/CaseManagement-Generic/ReleaseNotes/1_4_8.md @@ -0,0 +1,27 @@ + +#### Scripts + +##### TimersOnOwnerChange + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### AddUserToIncidentTeam + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CaseMgmtIncidentTypesDisplay + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CaseMgmtIncidentTypesByRole + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CaseMgmtAnalystTools + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CaseMgmtResponseProcess + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CaseMgmtDisplayLabels + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CompleteTaskOnTimerBreach + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/CaseManagement-Generic/Scripts/AddUserToIncidentTeam/AddUserToIncidentTeam.yml b/Packs/CaseManagement-Generic/Scripts/AddUserToIncidentTeam/AddUserToIncidentTeam.yml index 052f6c88bf95..fa1807636542 100644 --- a/Packs/CaseManagement-Generic/Scripts/AddUserToIncidentTeam/AddUserToIncidentTeam.yml +++ b/Packs/CaseManagement-Generic/Scripts/AddUserToIncidentTeam/AddUserToIncidentTeam.yml @@ -8,8 +8,8 @@ commonfields: version: -1 contentitemexportablefields: contentitemfields: - fromServerVersion: "" -dockerimage: demisto/python3:3.10.12.63474 + fromServerVersion: '' +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: AddUserToIncidentTeam runas: DBotWeakRole diff --git a/Packs/CaseManagement-Generic/Scripts/CaseMgmtAnalystTools/CaseMgmtAnalystTools.yml b/Packs/CaseManagement-Generic/Scripts/CaseMgmtAnalystTools/CaseMgmtAnalystTools.yml index f1020519180f..2d9195f56407 100644 --- a/Packs/CaseManagement-Generic/Scripts/CaseMgmtAnalystTools/CaseMgmtAnalystTools.yml +++ b/Packs/CaseManagement-Generic/Scripts/CaseMgmtAnalystTools/CaseMgmtAnalystTools.yml @@ -1,11 +1,11 @@ -comment: |- - Dynamic display script to display a list of useful Analyst Tools on an Incident layout. +comment: 'Dynamic display script to display a list of useful Analyst Tools on an Incident layout. - Create an XSOAR list called "Case Management Analyst Tools", and add a markdown table to provide your own list. + + Create an XSOAR list called "Case Management Analyst Tools", and add a markdown table to provide your own list.' commonfields: id: CaseMgmtAnalystTools version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: CaseMgmtAnalystTools runas: DBotWeakRole diff --git a/Packs/CaseManagement-Generic/Scripts/CaseMgmtDisplayLabels/CaseMgmtDisplayLabels.yml b/Packs/CaseManagement-Generic/Scripts/CaseMgmtDisplayLabels/CaseMgmtDisplayLabels.yml index 94bd2b8a6282..669ddebd08e2 100644 --- a/Packs/CaseManagement-Generic/Scripts/CaseMgmtDisplayLabels/CaseMgmtDisplayLabels.yml +++ b/Packs/CaseManagement-Generic/Scripts/CaseMgmtDisplayLabels/CaseMgmtDisplayLabels.yml @@ -2,7 +2,7 @@ comment: 'Dynamic section that will display the Labels for an Incident in a mark commonfields: id: CaseMgmtDisplayLabels version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: CaseMgmtDisplayLabels runas: DBotWeakRole diff --git a/Packs/CaseManagement-Generic/Scripts/CaseMgmtIncidentTypesByRole/CaseMgmtIncidentTypesByRole.py b/Packs/CaseManagement-Generic/Scripts/CaseMgmtIncidentTypesByRole/CaseMgmtIncidentTypesByRole.py index 0f918fafcc8b..7fcde77bf89f 100644 --- a/Packs/CaseManagement-Generic/Scripts/CaseMgmtIncidentTypesByRole/CaseMgmtIncidentTypesByRole.py +++ b/Packs/CaseManagement-Generic/Scripts/CaseMgmtIncidentTypesByRole/CaseMgmtIncidentTypesByRole.py @@ -28,7 +28,7 @@ # for each role the user has, add their types if the role exists in the list for role in roles: - if role in role_list.keys(): + if role in role_list: allowedTypes.extend(role_list[role]) # remove duplicates diff --git a/Packs/CaseManagement-Generic/Scripts/CaseMgmtIncidentTypesByRole/CaseMgmtIncidentTypesByRole.yml b/Packs/CaseManagement-Generic/Scripts/CaseMgmtIncidentTypesByRole/CaseMgmtIncidentTypesByRole.yml index 3ac577d64b85..66abf37089d7 100644 --- a/Packs/CaseManagement-Generic/Scripts/CaseMgmtIncidentTypesByRole/CaseMgmtIncidentTypesByRole.yml +++ b/Packs/CaseManagement-Generic/Scripts/CaseMgmtIncidentTypesByRole/CaseMgmtIncidentTypesByRole.yml @@ -2,7 +2,7 @@ comment: "Restricts the Incident Types a user can create manually, based on thei commonfields: id: CaseMgmtIncidentTypesByRole version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: CaseMgmtIncidentTypesByRole runas: DBotWeakRole diff --git a/Packs/CaseManagement-Generic/Scripts/CaseMgmtIncidentTypesDisplay/CaseMgmtIncidentTypesDisplay.yml b/Packs/CaseManagement-Generic/Scripts/CaseMgmtIncidentTypesDisplay/CaseMgmtIncidentTypesDisplay.yml index 6c26b9d6cf71..ea15c4b9d1e3 100644 --- a/Packs/CaseManagement-Generic/Scripts/CaseMgmtIncidentTypesDisplay/CaseMgmtIncidentTypesDisplay.yml +++ b/Packs/CaseManagement-Generic/Scripts/CaseMgmtIncidentTypesDisplay/CaseMgmtIncidentTypesDisplay.yml @@ -2,7 +2,7 @@ comment: "Restricts the Incident Types a user can create manually based on an XS commonfields: id: CaseMgmtIncidentTypesDisplay version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: CaseMgmtIncidentTypesDisplay runas: DBotWeakRole diff --git a/Packs/CaseManagement-Generic/Scripts/CaseMgmtResponseProcess/CaseMgmtResponseProcess.yml b/Packs/CaseManagement-Generic/Scripts/CaseMgmtResponseProcess/CaseMgmtResponseProcess.yml index ed919a31029f..86139ccb2d46 100644 --- a/Packs/CaseManagement-Generic/Scripts/CaseMgmtResponseProcess/CaseMgmtResponseProcess.yml +++ b/Packs/CaseManagement-Generic/Scripts/CaseMgmtResponseProcess/CaseMgmtResponseProcess.yml @@ -2,7 +2,7 @@ comment: Dynamic display script to display a response process on an Incident lay commonfields: id: CaseMgmtResponseProcess version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: CaseMgmtResponseProcess runas: DBotWeakRole diff --git a/Packs/CaseManagement-Generic/Scripts/CompleteTaskOnTimerBreach/CompleteTaskOnTimerBreach.yml b/Packs/CaseManagement-Generic/Scripts/CompleteTaskOnTimerBreach/CompleteTaskOnTimerBreach.yml index b052e5177088..bc00cdc80b97 100644 --- a/Packs/CaseManagement-Generic/Scripts/CompleteTaskOnTimerBreach/CompleteTaskOnTimerBreach.yml +++ b/Packs/CaseManagement-Generic/Scripts/CompleteTaskOnTimerBreach/CompleteTaskOnTimerBreach.yml @@ -4,8 +4,8 @@ commonfields: version: -1 contentitemexportablefields: contentitemfields: - fromServerVersion: "" -dockerimage: demisto/python3:3.10.12.63474 + fromServerVersion: '' +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: CompleteTaskOnTimerBreach runas: DBotWeakRole diff --git a/Packs/CaseManagement-Generic/Scripts/TimersOnOwnerChange/TimersOnOwnerChange.yml b/Packs/CaseManagement-Generic/Scripts/TimersOnOwnerChange/TimersOnOwnerChange.yml index eb7e14edef9b..ffabe0017799 100644 --- a/Packs/CaseManagement-Generic/Scripts/TimersOnOwnerChange/TimersOnOwnerChange.yml +++ b/Packs/CaseManagement-Generic/Scripts/TimersOnOwnerChange/TimersOnOwnerChange.yml @@ -9,7 +9,7 @@ comment: |- commonfields: id: TimersOnOwnerChange version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: TimersOnOwnerChange runas: DBotWeakRole diff --git a/Packs/CaseManagement-Generic/pack_metadata.json b/Packs/CaseManagement-Generic/pack_metadata.json index e1034e0372b2..d84248042850 100644 --- a/Packs/CaseManagement-Generic/pack_metadata.json +++ b/Packs/CaseManagement-Generic/pack_metadata.json @@ -2,7 +2,7 @@ "name": "CaseManagement-Generic", "description": "Case Management - Generic\n\nBuilt by the Cortex Customer Success Team to provide quick deployment of Case Management with XSOAR", "support": "community", - "currentVersion": "1.4.7", + "currentVersion": "1.4.8", "author": "Cortex XSOAR Customer Success", "url": "", "email": "", diff --git a/Packs/CentrifyVault/Integrations/CentrifyVault/CentrifyVault.py b/Packs/CentrifyVault/Integrations/CentrifyVault/CentrifyVault.py index 60f87be4bb6a..fd9529d5ebab 100644 --- a/Packs/CentrifyVault/Integrations/CentrifyVault/CentrifyVault.py +++ b/Packs/CentrifyVault/Integrations/CentrifyVault/CentrifyVault.py @@ -51,10 +51,9 @@ def authenticate_oauth(self): bearer_token = integration_context.get('bearer_token') valid_until = integration_context.get('valid_until') time_now = int(time.time()) - if bearer_token and valid_until: - if time_now < valid_until: - # Bearer Token is still valid - did not expire yet - return bearer_token + if bearer_token and valid_until and time_now < valid_until: + # Bearer Token is still valid - did not expire yet + return bearer_token response = self.get_token_request() bearer_token = response.get('access_token') t = time.time() @@ -230,10 +229,7 @@ def fetch_set_details(client: Client, set_details_list): centrify_setdetails_response = client.request_set_details(url_suffix=urlSuffix, data=payload) centrify_setdetails_response = centrify_setdetails_response.get('Result').get('Results') for set_item in centrify_setdetails_response: - if 'Description' not in set_item['Row']: - set_description = "" - else: - set_description = set_item['Row']['Description'] + set_description = set_item['Row'].get('Description', '') set_details_list.append({'SetName': set_item['Row']['Name'], 'SetID': set_item['Row']['ID'], 'SetDescription': set_description}) return set_details_list @@ -419,7 +415,7 @@ def fetch_secrets(args: dict, client: Client): else: folder_id = "" secret_ids_list = fetch_secretids_folder(client, folder_id, secret_ids_list, True) - secret_list = list() + secret_list = [] for secret_id in secret_ids_list: secret_list.append(fetch_secret(client, secret_id, secret_name, True)) secret_list = list(filter(None, secret_list)) @@ -492,8 +488,8 @@ def create_vault_secret(args: dict, client: Client): folder_name = args.get('holderName') folder_id = fetch_secret_folder_id(client, folder_name) else: - setId_list = list() - set_name_list = list() + setId_list = [] + set_name_list = [] if ';' in str(args.get('holderName')): set_name_list = str(args.get('holderName')).split(';') for set_item in set_name_list: @@ -681,7 +677,7 @@ def delete_vault_secret(args: dict, client: Client): def delete_vault_secretid(args: dict, client: Client): try: secret_id = args.get('secretId') - delete_secret_id_list = list() + delete_secret_id_list = [] delete_secret_id_list.append(fetch_secret(client, secret_id, None, None)) delete_secret(client, secret_id) if delete_secret_id_list: diff --git a/Packs/CentrifyVault/Integrations/CentrifyVault/CentrifyVault.yml b/Packs/CentrifyVault/Integrations/CentrifyVault/CentrifyVault.yml index 19ca593d5c90..038295bda2d9 100644 --- a/Packs/CentrifyVault/Integrations/CentrifyVault/CentrifyVault.yml +++ b/Packs/CentrifyVault/Integrations/CentrifyVault/CentrifyVault.yml @@ -227,15 +227,15 @@ script: description: '"Yes" if you want to delete all the secrets having same name in all the subfolders recursively. "No" if you want do not want to delete the secret in the subfolders.' name: recursiveDelete predefined: - - "Yes" - - "No" + - 'Yes' + - 'No' required: true - auto: PREDEFINED description: '"Yes" if you want to delete the secret having the provided secretname as a part of the Secret. "No" if you want to delete the secret with the exact name match. Ex: Demisto* will delete all secrets like Demisto_1, Demisto_pwd, Demisto. ' name: matchPartOfSecret predefined: - - "Yes" - - "No" + - 'Yes' + - 'No' required: true description: 'Delete Secret from the Centrify Vault. Please note: Enabling "recursiveDelete" to "Yes" will delete all secrets if there multiple secrets with same name in subfolders.' name: centrify-delete-secret @@ -273,7 +273,7 @@ script: required: true description: Delete set from the Centrify Vault name: centrify-delete-set - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '' subtype: python3 diff --git a/Packs/CentrifyVault/ReleaseNotes/1_0_8.md b/Packs/CentrifyVault/ReleaseNotes/1_0_8.md new file mode 100644 index 000000000000..8e5259e808c9 --- /dev/null +++ b/Packs/CentrifyVault/ReleaseNotes/1_0_8.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Centrify Vault + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/CentrifyVault/pack_metadata.json b/Packs/CentrifyVault/pack_metadata.json index edb67bc0f8ec..663b599081da 100644 --- a/Packs/CentrifyVault/pack_metadata.json +++ b/Packs/CentrifyVault/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Centrify Vault", "description": "Centrify Vault integration to create/fetch/delete secrets/folders/sets.", "support": "community", - "currentVersion": "1.0.7", + "currentVersion": "1.0.8", "author": "prashasthbaliga", "url": "", "email": "", diff --git a/Packs/CloudIDS/.pack-ignore b/Packs/CloudIDS/.pack-ignore index e69de29bb2d1..5c290f30245f 100644 --- a/Packs/CloudIDS/.pack-ignore +++ b/Packs/CloudIDS/.pack-ignore @@ -0,0 +1,2 @@ +[file:README.md] +ignore=RM108 \ No newline at end of file diff --git a/Packs/CloudIDS/README.md b/Packs/CloudIDS/README.md index ef38aaae55ac..d3a8b141fb09 100644 --- a/Packs/CloudIDS/README.md +++ b/Packs/CloudIDS/README.md @@ -1,16 +1,16 @@ -# CloudIDS -Google Cloud IDS is a next-generation advanced intrusion detection service that provides threat detection for intrusions, malware, spyware, and command-and-control attacks. - -## What does this pack do? - -### Playbook -* `Cloud_IDS-IP_Blacklist-GCP_Firewall_Extract`: Gets the attacker's IP address from Cloud IDS through Google Pub/Sub. - `Cloud_IDS-IP_Blacklist-GCP_Firewall_Append` will update the ip list so GCP automatically blocks the IP address. - -#### Flow Chart of Playbook -* [Cloud_IDS-IP_Blacklist-GCP_Firewall](https://github.com/demisto/content/blob/423e13b69b375288d3ec2183bfbd4d2ee6fe018c/Packs/CloudIDS/Playbooks/Cloud_IDS-IP_Blacklist-GCP_Firewall_README.md) -![Playbook Image](https://github.com/demisto/content/raw/423e13b69b375288d3ec2183bfbd4d2ee6fe018c/Packs/CloudIDS/doc_files/Cloud_IDS-IP_Blacklist-GCP_Firewall_Combine.png) -![Playbook Image](https://github.com/demisto/content/raw/423e13b69b375288d3ec2183bfbd4d2ee6fe018c/Packs/CloudIDS/doc_files/Cloud_IDS-IP_Blacklist-GCP_Firewall_Extract.png) -![Playbook Image](https://github.com/demisto/content/raw/423e13b69b375288d3ec2183bfbd4d2ee6fe018c/Packs/CloudIDS/doc_files/Cloud_IDS-IP_Blacklist-GCP_Firewall_Append.png) - - +# CloudIDS +Google Cloud IDS is a next-generation advanced intrusion detection service that provides threat detection for intrusions, malware, spyware, and command-and-control attacks. + +## What does this pack do? + +### Playbook +* `Cloud_IDS-IP_Blacklist-GCP_Firewall_Extract`: Gets the attacker's IP address from Cloud IDS through Google Pub/Sub. + `Cloud_IDS-IP_Blacklist-GCP_Firewall_Append` will update the ip list so GCP automatically blocks the IP address. + +#### Flow Chart of Playbook +* [Cloud_IDS-IP_Blacklist-GCP_Firewall](https://github.com/demisto/content/blob/423e13b69b375288d3ec2183bfbd4d2ee6fe018c/Packs/CloudIDS/Playbooks/Cloud_IDS-IP_Blacklist-GCP_Firewall_README.md) +![Playbook Image](doc_files/Cloud_IDS-IP_Blacklist-GCP_Firewall_Combine.png) +![Playbook Image](doc_files/Cloud_IDS-IP_Blacklist-GCP_Firewall_Extract.png) +![Playbook Image](doc_files/Cloud_IDS-IP_Blacklist-GCP_Firewall_Append.png) + + diff --git a/Packs/CloudShare/Integrations/CloudShare/CloudShare.yml b/Packs/CloudShare/Integrations/CloudShare/CloudShare.yml index 0498145fd59b..673916eacfe4 100644 --- a/Packs/CloudShare/Integrations/CloudShare/CloudShare.yml +++ b/Packs/CloudShare/Integrations/CloudShare/CloudShare.yml @@ -39,17 +39,17 @@ script: - name: owned auto: PREDEFINED predefined: - - "true" - - "false" + - 'true' + - 'false' description: Returns only environments owned by the user. - defaultValue: "false" + defaultValue: 'false' - name: visible auto: PREDEFINED predefined: - - "true" - - "false" + - 'true' + - 'false' description: Returns all environments visible to the user. - defaultValue: "false" + defaultValue: 'false' - name: ownerEmail description: Optional. Filters results by the environment owner's email address, where {ownerEmail} is the environment owner's email address. - name: classId @@ -57,10 +57,10 @@ script: - name: brief auto: PREDEFINED predefined: - - "true" - - "false" + - 'true' + - 'false' description: 'Optional. Whether to return a less detailed or more detailed response. {brief_value} can be: true (default) - Returns less detail. false - Returns more detail.' - defaultValue: "true" + defaultValue: 'true' outputs: - contextPath: CloudShare.Environments.projectId description: Project ID @@ -99,23 +99,23 @@ script: auto: PREDEFINED predefined: - tru - - "false" + - 'false' description: Returns only projects in which the user is a project manager. - defaultValue: "false" + defaultValue: 'false' - name: WhereUserIsProjectMember auto: PREDEFINED predefined: - - "true" - - "false" + - 'true' + - 'false' description: Returns only projects in which the user is a project member. - defaultValue: "false" + defaultValue: 'false' - name: WhereUserCanCreateClass auto: PREDEFINED predefined: - - "true" - - "false" + - 'true' + - 'false' description: Returns only projects in which the user is allowed to create a class. The minimum user level allowed to create classes is set per project and can be changed by project manager users. - defaultValue: "false" + defaultValue: 'false' outputs: - contextPath: CloudShare.Projects.name description: Name @@ -184,7 +184,7 @@ script: - contextPath: CloudShare.Projects.isActive description: Is active type: boolean - description: Retrieves a specified project’s details + description: "Retrieves a specified project's details" - name: cloudshare-get-project-policies arguments: - name: projectId @@ -214,10 +214,10 @@ script: - name: defaultSnapshot auto: PREDEFINED predefined: - - "true" - - "false" - description: ' If set to true – get the default snapshot for every blueprint. The returned JSON will contain a property ‘CreateFromVersions’, which is an array of one element – the default snapshot. If unspecified, default is false (don’t return the default snapshot).' - defaultValue: "false" + - 'true' + - 'false' + description: " If set to true - get the default snapshot for every blueprint. The returned JSON will contain a property 'CreateFromVersions', which is an array of one element - the default snapshot. If unspecified, default is false (don't return the default snapshot)." + defaultValue: 'false' outputs: - contextPath: CloudShare.Projects.Blueprints.id description: ID @@ -895,7 +895,7 @@ script: arguments: - name: PolicyId required: true - description: The ID of the policy to apply to the class. The policy will control the runtime and storage time of each student’s environment and what will happen to the environment when it is inactive. + description: "The ID of the policy to apply to the class. The policy will control the runtime and storage time of each student's environment and what will happen to the environment when it is inactive." - name: BlueprintId required: true description: The ID of the blueprint to base the class on. Students who attend the class will be served environments based on this blueprint. @@ -919,19 +919,19 @@ script: - name: UseCustomInvitationEmail auto: PREDEFINED predefined: - - "false" - - "true" + - 'false' + - 'true' description: Whether or not the student invitation email is customized. - defaultValue: "false" + defaultValue: 'false' - name: LimitEarlyAccess required: true auto: PREDEFINED predefined: - - "0" - - "1" - - "2" + - '0' + - '1' + - '2' description: 'This option controls access by students and instructor to a lab before scheduled class time. Possible values: 0 - Allow lab access before class (default). 1 - Allow lab access before class for instructor only. 2 - No early access allowed.' - defaultValue: "0" + defaultValue: '0' - name: CustomInvitationEmailSubject description: The subject line of the custom student invitation email. Used if UseCustomInvitationEmail is set to true. - name: CustomInvitationEmailBody @@ -939,10 +939,10 @@ script: - name: PermitAccessToNonRegisteredStudent auto: PREDEFINED predefined: - - "false" - - "true" + - 'false' + - 'true' description: Whether to permit users to self register as students for the class. - defaultValue: "false" + defaultValue: 'false' - name: MaxStudents description: 'Numeric. The maximum number of students allowed in the class (can be null). Maximum value: 60' - name: address @@ -952,33 +952,33 @@ script: - name: enableSteps auto: PREDEFINED predefined: - - "false" - - "true" + - 'false' + - 'true' description: Enables the class to have multiple steps. - defaultValue: "false" + defaultValue: 'false' - name: StudentsCanSwitchStep auto: PREDEFINED predefined: - - "false" - - "true" + - 'false' + - 'true' description: Whether students can change steps independently. Applies when enableSteps is set to true. - defaultValue: "false" + defaultValue: 'false' - name: steps description: A list of class steps (JSON dictionaries) for a multi-step class. Must be provided if enableSteps is set to true. - name: selfPaced auto: PREDEFINED predefined: - - "false" - - "true" + - 'false' + - 'true' description: Creates a Self-Paced Class that allows a student to enter class at a time convenient to them. - defaultValue: "false" + defaultValue: 'false' - name: allowMultipleStudentLogin auto: PREDEFINED predefined: - - "false" - - "true" + - 'false' + - 'true' description: When set to true, allows for more than one environment activation per student. - defaultValue: "false" + defaultValue: 'false' outputs: - contextPath: CloudShare.Classes.id description: ID @@ -1028,18 +1028,18 @@ script: - name: useCustomInvitationEmail auto: PREDEFINED predefined: - - "false" - - "true" + - 'false' + - 'true' description: Whether or not the student invitation email is customized. - defaultValue: "false" + defaultValue: 'false' - name: limitEarlyAccess auto: PREDEFINED predefined: - - "0" - - "1" - - "2" + - '0' + - '1' + - '2' description: 'This option controls access by students and instructor to a lab before scheduled class time. Possible values: 0 - Allow lab access before class (default). 1 - Allow lab access before class for instructor only. 2 - No early access allowed.' - defaultValue: "0" + defaultValue: '0' - name: customInvitationEmailSubject description: The subject line of the custom student invitation email. Used if UseCustomInvitationEmail is set to true. - name: customInvitationEmailBody @@ -1047,10 +1047,10 @@ script: - name: permitAccessToNonRegisteredStudent auto: PREDEFINED predefined: - - "false" - - "true" + - 'false' + - 'true' description: Whether to permit users to self register as students for the class. - defaultValue: "false" + defaultValue: 'false' - name: maxStudents description: 'Numeric. The maximum number of students allowed in the class (can be null). Maximum value: 60' - name: address @@ -1060,17 +1060,17 @@ script: - name: selfPaced auto: PREDEFINED predefined: - - "false" - - "true" + - 'false' + - 'true' description: Creates a Self-Paced Class that allows a student to enter class at a time convenient to them. - defaultValue: "false" + defaultValue: 'false' - name: allowMultipleStudentLogin auto: PREDEFINED predefined: - - "false" - - "true" + - 'false' + - 'true' description: When set to true, allows for more than one environment activation per student. - defaultValue: "false" + defaultValue: 'false' - name: classId required: true description: The ID of the class. @@ -1226,10 +1226,10 @@ script: - name: isFull auto: PREDEFINED predefined: - - "false" - - "true" - description: Whether to return the details of the VMs in each student’s environment as well as other details. - defaultValue: "false" + - 'false' + - 'true' + description: "Whether to return the details of the VMs in each student's environment as well as other details." + defaultValue: 'false' outputs: - contextPath: CloudShare.Students.status description: Status @@ -1301,7 +1301,7 @@ script: - contextPath: CloudShare.Students.VMs.name description: Name type: string - description: Retrieves information about a student in a class, including the student’s environment and VMs + description: "Retrieves information about a student in a class, including the student's environment and VMs" - name: cloudshare-delete-student arguments: - name: classId @@ -1318,13 +1318,13 @@ script: description: The ID of the class. - name: email required: true - description: The student’s email address + description: "The student's email address" - name: firstName required: true - description: The student’s first name + description: "The student's first name" - name: lastName required: true - description: The student’s last name + description: "The student's last name" outputs: - contextPath: CloudShare.Students.id description: ID @@ -1339,12 +1339,12 @@ script: required: true description: The ID of the student. - name: email - description: The student’s email address. This can be changed as long as the student did not yet log in. + description: "The student's email address. This can be changed as long as the student did not yet log in." - name: firstName - description: The student’s first name. + description: "The student's first name." - name: lastName - description: The student’s last name. - description: Modifies a student’s registration details + description: "The student's last name." + description: "Modifies a student's registration details" - name: cloudshare-get-regions arguments: [] outputs: @@ -1669,7 +1669,7 @@ script: description: Specifies the start of the time range, where {starttime_value} is the start of the time range in the format ISO 8601. For example, "2017-01-01" - name: endtime required: true - description: Specifies the end of the time range, where {endtime_value} is the end of the time range in the format ISO 8601. For example, “2017-02-01“. + description: "Specifies the end of the time range, where {endtime_value} is the end of the time range in the format ISO 8601. For example, '2017-02-01'." - name: skip description: 'Optional. Specifies to skip the first {skip_value} records, where {skip_value} is an integer (default: 0). Can be used iteratively in conjunction with take to view distinct sets of environment records.' - name: take @@ -1701,40 +1701,40 @@ script: arguments: - name: envId required: true - description: Specifies the environment, where {envId} is the environment’s ID. + description: "Specifies the environment, where {envId} is the environment's ID." description: Extends the lifetime of an environment - name: cloudshare-postpone-env-suspend arguments: - name: envId required: true - description: Specifies the environment, where {envId} is the environment’s ID. - description: Postpones an environment’s suspended state Request Path + description: "Specifies the environment, where {envId} is the environment's ID." + description: "Postpones an environment's suspended state Request Path" - name: cloudshare-resume-env arguments: - name: envId required: true - description: Specifies the environment, where {envId} is the environment’s ID. + description: "Specifies the environment, where {envId} is the environment's ID." description: Resumes an environment that was previously suspended, returning it to active running state - name: cloudshare-revert-env arguments: - name: envId required: true - description: Specifies the environment, where {envId} is the environment’s ID. + description: "Specifies the environment, where {envId} is the environment's ID." - name: snapshotId required: true - description: Specifies the snapshot to which to revert the environment, where {snapshotId} is the snapshot’s ID. + description: "Specifies the snapshot to which to revert the environment, where {snapshotId} is the snapshot's ID." description: Reverts an environment to a specified snapshot - name: cloudshare-suspend-env arguments: - name: envId required: true - description: Specifies the environment, where {envId} is the environment’s ID. + description: "Specifies the environment, where {envId} is the environment's ID." description: Suspends an environment - name: cloudshare-get-env arguments: - name: envID required: true - description: The environment’s ID. + description: "The environment's ID." - name: permission auto: PREDEFINED predefined: @@ -1770,7 +1770,7 @@ script: - contextPath: CloudShare.Environments.teamId description: Team ID type: string - description: Retrieves properties of an environment and enables verification of the requesting user’s permissions to the environment + description: "Retrieves properties of an environment and enables verification of the requesting user's permissions to the environment" - name: cloudshare-delete-env arguments: - name: envID @@ -1993,10 +1993,10 @@ script: arguments: - name: vmId required: true - description: "The ID of the VM" + description: The ID of the VM - name: path required: true - description: "Path in VM" + description: Path in VM outputs: - contextPath: CloudShare.VM.Execute.executionId description: Execution ID @@ -2026,7 +2026,7 @@ script: - contextPath: CloudShare.VM.Modify.conflicts description: Conflicts type: string - description: Adjusts a VM’s CPU count, disk size, and RAM + description: "Adjusts a VM's CPU count, disk size, and RAM" - name: cloudshare-reboot-vm arguments: - name: VmID @@ -2078,7 +2078,7 @@ script: - contextPath: CloudShare.Folders.projectFolders.usagePercentage description: Usage percentage type: string - description: Retrieves the user’s cloud folder and the user’s projects’ project folder(s) + description: "Retrieves the user's cloud folder and the user's projects' project folder(s)" - name: cloudshare-get-env-cloud-folders arguments: - name: EnvId @@ -2100,7 +2100,7 @@ script: - contextPath: CloudShare.EnvFolders.token description: Token type: string - description: Shows the cloud folder on all of the environment’s machines + description: "Shows the cloud folder on all of the environment's machines" - name: cloudshare-generate-cloud-folder-password arguments: [] outputs: @@ -2110,20 +2110,20 @@ script: - contextPath: CloudShare.FoldersPassword.newFtpUri description: New FTP URI type: string - description: Generates a new FTP password for accessing the user’s cloud folders. + description: "Generates a new FTP password for accessing the user's cloud folders." - name: cloudshare-unmount-env-folders arguments: - name: EnvId required: true description: The ID of the environment. - description: Hides the cloud folder on all of the environment’s machines + description: "Hides the cloud folder on all of the environment's machines" - name: cloudshare-get-templates arguments: - name: templateType auto: PREDEFINED predefined: - - "0" - - "1" + - '0' + - '1' description: 'Filters the results by type of template. Possible values: 0 - Returns blueprints only. 1 - Returns VM templates only.' - name: projectId description: Filters the results to include only blueprints that belong to a specific project. @@ -2404,7 +2404,7 @@ script: type: number - contextPath: CloudShare.Snapshots.regions description: Regions - description: Retrieves all snapshots contained in a specified environment’s blueprint. A blueprint can contain up to five snapshots, with newer snapshots displacing the oldest snapshots in the blueprint. + description: "Retrieves all snapshots contained in a specified environment's blueprint. A blueprint can contain up to five snapshots, with newer snapshots displacing the oldest snapshots in the blueprint." - name: cloudshare-mark-default-snapshot arguments: - name: snapshotID @@ -2428,10 +2428,10 @@ script: - name: setAsDefault auto: PREDEFINED predefined: - - "true" - - "false" + - 'true' + - 'false' description: Defaults to true. If true, the new snapshot is marked as the default snapshot in the containing blueprint. - defaultValue: "true" + defaultValue: 'true' description: Takes a snapshot of an environment - name: cloudshare-get-teams arguments: [] @@ -2446,10 +2446,10 @@ script: - name: cloudshare-invite-user-poc arguments: - name: policyId - description: The ID of the environment policy to assign to the environment created for the end user as part of the POC. The policy will govern the life cycle of the end user’s environment. + description: "The ID of the environment policy to assign to the environment created for the end user as part of the POC. The policy will govern the life cycle of the end user's environment." - name: blueprintId required: true - description: The ID of the blueprint based on which the end user’s environment will be created (this is the POC’s blueprint). + description: "The ID of the blueprint based on which the end user's environment will be created (this is the POC's blueprint)." - name: OwningProjectMemberId required: true description: The ID of the project member user to whom the end user will be assigned @@ -2461,22 +2461,22 @@ script: description: The number of days to keep the invitation valid for - name: email required: true - description: The recipient’s email. The invitation will be sent to the specified email. + description: "The recipient's email. The invitation will be sent to the specified email." - name: firstName required: true - description: The recipient’s first name + description: "The recipient's first name" - name: LastName required: true - description: The recipient’s last name + description: "The recipient's last name" - name: regionId - description: The region in which to create the POC’s environment. + description: "The region in which to create the POC's environment." - name: InviteeCanSetEmail auto: PREDEFINED predefined: - - "true" - - "false" + - 'true' + - 'false' description: Indicates whether an end user can set email when accepting the invitation. Default is true. - defaultValue: "true" + defaultValue: 'true' - name: customEmailSubject description: The subject of the email. The invitation will be sent with the specified custom email subject. This value will override the custom email subject in the UI. - name: customEmailBody @@ -2553,7 +2553,7 @@ script: description: Blueprint name type: string description: Retrieves POC invitations sent. - dockerimage: demisto/cloudshare:1.0.0.14120 + dockerimage: demisto/cloudshare:1.0.0.73056 subtype: python3 beta: true fromversion: 6.0.0 diff --git a/Packs/CloudShare/ReleaseNotes/1_0_3.md b/Packs/CloudShare/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..817687d95525 --- /dev/null +++ b/Packs/CloudShare/ReleaseNotes/1_0_3.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### CloudShare (Beta) + +- Updated the Docker image to: *demisto/cloudshare:1.0.0.73056*. diff --git a/Packs/CloudShare/pack_metadata.json b/Packs/CloudShare/pack_metadata.json index ff1f3e1dc25a..5149a5d35a23 100644 --- a/Packs/CloudShare/pack_metadata.json +++ b/Packs/CloudShare/pack_metadata.json @@ -2,7 +2,7 @@ "name": "CloudShare", "description": "CloudShare integration", "support": "community", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "Adam Burt", "url": "", "email": "", diff --git a/Packs/CommonScripts/ReleaseNotes/1_15_23.md b/Packs/CommonScripts/ReleaseNotes/1_15_23.md new file mode 100644 index 000000000000..903013bf512d --- /dev/null +++ b/Packs/CommonScripts/ReleaseNotes/1_15_23.md @@ -0,0 +1,8 @@ + +#### Scripts + +##### ExportAuditLogsToFile + +- Fixed an issue with Cortex XSOAR 6.x where the command would fail by sending the wrong request. +- Updated the Docker image to: *demisto/python3:3.10.14.101217*. + diff --git a/Packs/CommonScripts/Scripts/ExportAuditLogsToFile/ExportAuditLogsToFile.py b/Packs/CommonScripts/Scripts/ExportAuditLogsToFile/ExportAuditLogsToFile.py index 5bec8c862fbd..082150889d3d 100644 --- a/Packs/CommonScripts/Scripts/ExportAuditLogsToFile/ExportAuditLogsToFile.py +++ b/Packs/CommonScripts/Scripts/ExportAuditLogsToFile/ExportAuditLogsToFile.py @@ -82,7 +82,7 @@ def main(): # pragma: no cover # if there are more events than the default size, page through and get them all while len(audits) < total: - if body.get("page"): # pagination for xsoar-6 + if demisto_version.startswith("6"): # pagination for xsoar-6 body["page"] = page_num else: # pagination for xsoar-8 body["request_data"]["search_from"] = page_num # type: ignore[index] diff --git a/Packs/CommonScripts/Scripts/ExportAuditLogsToFile/ExportAuditLogsToFile.yml b/Packs/CommonScripts/Scripts/ExportAuditLogsToFile/ExportAuditLogsToFile.yml index c1e6c4698f19..b8a4006659ab 100644 --- a/Packs/CommonScripts/Scripts/ExportAuditLogsToFile/ExportAuditLogsToFile.yml +++ b/Packs/CommonScripts/Scripts/ExportAuditLogsToFile/ExportAuditLogsToFile.yml @@ -25,7 +25,7 @@ contentitemexportablefields: dependson: must: - core-api-post -dockerimage: demisto/python3:3.10.13.83255 +dockerimage: demisto/python3:3.10.14.101217 enabled: true name: ExportAuditLogsToFile runas: DBotWeakRole diff --git a/Packs/CommonScripts/pack_metadata.json b/Packs/CommonScripts/pack_metadata.json index bbefcd5b2044..5f7e72cb62d6 100644 --- a/Packs/CommonScripts/pack_metadata.json +++ b/Packs/CommonScripts/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Common Scripts", "description": "Frequently used scripts pack.", "support": "xsoar", - "currentVersion": "1.15.22", + "currentVersion": "1.15.23", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CommunityCommonScripts/ReleaseNotes/1_2_3.md b/Packs/CommunityCommonScripts/ReleaseNotes/1_2_3.md new file mode 100644 index 000000000000..9982caee0048 --- /dev/null +++ b/Packs/CommunityCommonScripts/ReleaseNotes/1_2_3.md @@ -0,0 +1,12 @@ + +#### Scripts + +##### MarkdownToHTML + +- Updated the Docker image to: *demisto/bs4-py3:1.0.0.100299*. +##### PHash + +- Updated the Docker image to: *demisto/python-phash:1.0.0.100267*. +##### jq + +- Updated the Docker image to: *demisto/jq:1.0.0.100247*. diff --git a/Packs/CommunityCommonScripts/ReleaseNotes/1_2_4.md b/Packs/CommunityCommonScripts/ReleaseNotes/1_2_4.md new file mode 100644 index 000000000000..ec0abe3698ca --- /dev/null +++ b/Packs/CommunityCommonScripts/ReleaseNotes/1_2_4.md @@ -0,0 +1,81 @@ + +#### Scripts + +##### DateTimeToADTime + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### MaxList + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### StripAccentMarksFromString + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### GetFields + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### MapRegex + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### IPCalcReturnSubnetNetwork + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### DisplayTaggedWarroomEntries + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### BatchData + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### ConvertUTCEpochTimeToTimeStamp + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### IPCalcReturnAddressIANAAllocation + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### SSLVerifier + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CreateArrayWithDuplicates + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### RandomElementFromList + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### GetFilePathPreProcessing + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### InvertEveryTwoItems + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### IPCalcReturnSubnetBroadcastAddress + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### IPCalcCheckSubnetCollision + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CreateFileFromPathObject + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CompareList + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### IPCalcReturnAddressBinary + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### isArrayItemInList + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### IPCalcReturnSubnetAddresses + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### MinList + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### delete_expired_indicator_with_exlusion + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### DisplayIndicatorReputationContent + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### RandomPhotoNasa + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/CommunityCommonScripts/Scripts/BatchData/BatchData.py b/Packs/CommunityCommonScripts/Scripts/BatchData/BatchData.py index a0d4cc2a8d1f..e687918c3182 100644 --- a/Packs/CommunityCommonScripts/Scripts/BatchData/BatchData.py +++ b/Packs/CommunityCommonScripts/Scripts/BatchData/BatchData.py @@ -8,7 +8,7 @@ list_of_items = list(list_of_items.split(",")) batch_size = int(batch_size) -batch_list = list() +batch_list = [] for i in range(0, len(list_of_items), batch_size): batch_list.append(list_of_items[i:i + batch_size]) diff --git a/Packs/CommunityCommonScripts/Scripts/BatchData/BatchData.yml b/Packs/CommunityCommonScripts/Scripts/BatchData/BatchData.yml index 3cbfac200fe5..0b7526bd7572 100644 --- a/Packs/CommunityCommonScripts/Scripts/BatchData/BatchData.yml +++ b/Packs/CommunityCommonScripts/Scripts/BatchData/BatchData.yml @@ -14,8 +14,8 @@ commonfields: version: -1 contentitemexportablefields: contentitemfields: - fromServerVersion: "" -dockerimage: demisto/python3:3.10.12.63474 + fromServerVersion: '' +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: BatchData runas: DBotWeakRole diff --git a/Packs/CommunityCommonScripts/Scripts/CompareList/CompareList.yml b/Packs/CommunityCommonScripts/Scripts/CompareList/CompareList.yml index fd6f275e6d19..c94e4de1d21c 100644 --- a/Packs/CommunityCommonScripts/Scripts/CompareList/CompareList.yml +++ b/Packs/CommunityCommonScripts/Scripts/CompareList/CompareList.yml @@ -1,15 +1,15 @@ args: - name: list1_name required: true - description: "First list name to compare." + description: First list name to compare. - name: list2_name required: true - description: "Second list name to compare." + description: Second list name to compare. commonfields: id: CompareList version: -1 -dockerimage: demisto/python3:3.10.12.63474 -comment: "Compares two lists." +dockerimage: demisto/python3:3.10.14.100715 +comment: Compares two lists. enabled: true name: CompareList runas: DBotWeakRole diff --git a/Packs/CommunityCommonScripts/Scripts/ConvertUTCEpochTimeToTimeStamp/ConvertUTCEpochTimeToTimeStamp.yml b/Packs/CommunityCommonScripts/Scripts/ConvertUTCEpochTimeToTimeStamp/ConvertUTCEpochTimeToTimeStamp.yml index e52ae3522109..a3c982805b4b 100644 --- a/Packs/CommunityCommonScripts/Scripts/ConvertUTCEpochTimeToTimeStamp/ConvertUTCEpochTimeToTimeStamp.yml +++ b/Packs/CommunityCommonScripts/Scripts/ConvertUTCEpochTimeToTimeStamp/ConvertUTCEpochTimeToTimeStamp.yml @@ -16,8 +16,8 @@ commonfields: version: -1 contentitemexportablefields: contentitemfields: - fromServerVersion: "" -dockerimage: demisto/python3:3.10.12.63474 + fromServerVersion: '' +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: ConvertUTCEpochTimeToTimeStamp runas: DBotWeakRole diff --git a/Packs/CommunityCommonScripts/Scripts/CreateArrayWithDuplicates/CreateArrayWithDuplicates.yml b/Packs/CommunityCommonScripts/Scripts/CreateArrayWithDuplicates/CreateArrayWithDuplicates.yml index 6639d9280555..bd7e39f20039 100644 --- a/Packs/CommunityCommonScripts/Scripts/CreateArrayWithDuplicates/CreateArrayWithDuplicates.yml +++ b/Packs/CommunityCommonScripts/Scripts/CreateArrayWithDuplicates/CreateArrayWithDuplicates.yml @@ -8,19 +8,20 @@ args: name: separator - description: The key to place result array in context, by default will be "array". name: contextKey -comment: |- - Will create an array object in context from a given string input , allowing for duplicate values to be retained +comment: 'Will create an array object in context from a given string input , allowing for duplicate values to be retained + Output is to ContextKey.array as JSON does not permit duplicate key names - e.g., ContextKey.array.value1, ContextKey.array.value2, ContextKey.array.value3, etc. + + e.g., ContextKey.array.value1, ContextKey.array.value2, ContextKey.array.value3, etc.' commonfields: id: CreateArrayWithDuplicates version: -1 contentitemexportablefields: contentitemfields: - fromServerVersion: "" -dockerimage: demisto/python3:3.10.12.63474 + fromServerVersion: '' +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: CreateArrayWithDuplicates runas: DBotWeakRole diff --git a/Packs/CommunityCommonScripts/Scripts/CreateFileFromPathObject/CreateFileFromPathObject.yml b/Packs/CommunityCommonScripts/Scripts/CreateFileFromPathObject/CreateFileFromPathObject.yml index 61701b043819..4e930ca41b8f 100644 --- a/Packs/CommunityCommonScripts/Scripts/CreateFileFromPathObject/CreateFileFromPathObject.yml +++ b/Packs/CommunityCommonScripts/Scripts/CreateFileFromPathObject/CreateFileFromPathObject.yml @@ -10,7 +10,7 @@ commonfields: contentitemexportablefields: contentitemfields: fromServerVersion: '' -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: CreateFileFromPathObject runas: DBotWeakRole diff --git a/Packs/CommunityCommonScripts/Scripts/DateTimeToADTime/DateTimeToADTime.yml b/Packs/CommunityCommonScripts/Scripts/DateTimeToADTime/DateTimeToADTime.yml index 32f84ec61374..36813c97f87f 100644 --- a/Packs/CommunityCommonScripts/Scripts/DateTimeToADTime/DateTimeToADTime.yml +++ b/Packs/CommunityCommonScripts/Scripts/DateTimeToADTime/DateTimeToADTime.yml @@ -1,5 +1,5 @@ args: -- defaultValue: "0" +- defaultValue: '0' description: Number of days before todays date name: days_ago required: true @@ -7,7 +7,7 @@ comment: Converts unix time to AD Integer8 time. This is used in many AD date fi commonfields: id: DateTimeToADTime version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: DateTimeToADTime runas: DBotWeakRole diff --git a/Packs/CommunityCommonScripts/Scripts/DeleteExpiredIndicatorWithExlusion/DeleteExpiredIndicatorWithExlusion.yml b/Packs/CommunityCommonScripts/Scripts/DeleteExpiredIndicatorWithExlusion/DeleteExpiredIndicatorWithExlusion.yml index 5dac140ecd32..466fbd9e3684 100644 --- a/Packs/CommunityCommonScripts/Scripts/DeleteExpiredIndicatorWithExlusion/DeleteExpiredIndicatorWithExlusion.yml +++ b/Packs/CommunityCommonScripts/Scripts/DeleteExpiredIndicatorWithExlusion/DeleteExpiredIndicatorWithExlusion.yml @@ -3,8 +3,8 @@ commonfields: version: -1 contentitemexportablefields: contentitemfields: - fromServerVersion: "" -dockerimage: demisto/python3:3.10.12.63474 + fromServerVersion: '' +dockerimage: demisto/python3:3.10.14.100715 comment: deletes expired indicators. enabled: true name: delete_expired_indicator_with_exlusion diff --git a/Packs/CommunityCommonScripts/Scripts/DisplayIndicatorReputationContent/DisplayIndicatorReputationContent.yml b/Packs/CommunityCommonScripts/Scripts/DisplayIndicatorReputationContent/DisplayIndicatorReputationContent.yml index a821b890ea78..a2f0035c0def 100644 --- a/Packs/CommunityCommonScripts/Scripts/DisplayIndicatorReputationContent/DisplayIndicatorReputationContent.yml +++ b/Packs/CommunityCommonScripts/Scripts/DisplayIndicatorReputationContent/DisplayIndicatorReputationContent.yml @@ -1,11 +1,11 @@ commonfields: id: DisplayIndicatorReputationContent version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: DisplayIndicatorReputationContent runas: DBotWeakRole -comment: 'Display the indicator context object in markdown format in a dynamic section layout' +comment: Display the indicator context object in markdown format in a dynamic section layout script: '' scripttarget: 0 subtype: python3 diff --git a/Packs/CommunityCommonScripts/Scripts/DisplayTaggedWarroomEntries/DisplayTaggedWarroomEntries.yml b/Packs/CommunityCommonScripts/Scripts/DisplayTaggedWarroomEntries/DisplayTaggedWarroomEntries.yml index 86f139dfba06..9bafd11dd7f6 100644 --- a/Packs/CommunityCommonScripts/Scripts/DisplayTaggedWarroomEntries/DisplayTaggedWarroomEntries.yml +++ b/Packs/CommunityCommonScripts/Scripts/DisplayTaggedWarroomEntries/DisplayTaggedWarroomEntries.yml @@ -5,9 +5,9 @@ args: commonfields: id: DisplayTaggedWarroomEntries version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true -comment: "Display warroom entries in a dynamic section which are tagged with 'report'" +comment: Display warroom entries in a dynamic section which are tagged with 'report' name: DisplayTaggedWarroomEntries runas: DBotWeakRole script: '' diff --git a/Packs/CommunityCommonScripts/Scripts/GetFields/GetFields.yml b/Packs/CommunityCommonScripts/Scripts/GetFields/GetFields.yml index 667cc6f24c89..73db679889fd 100644 --- a/Packs/CommunityCommonScripts/Scripts/GetFields/GetFields.yml +++ b/Packs/CommunityCommonScripts/Scripts/GetFields/GetFields.yml @@ -7,22 +7,22 @@ args: description: The field to extract from each item (Optional). name: getField predefined: - - "" + - '' - auto: PREDEFINED - defaultValue: "false" + defaultValue: 'false' description: Whether the argument should be saved as a string (Optional). name: stringify predefined: - - "true" - - "false" + - 'true' + - 'false' comment: Retrieves fields from an object using dot notation commonfields: id: GetFields version: -1 contentitemexportablefields: contentitemfields: - fromServerVersion: "" -dockerimage: demisto/python3:3.10.12.63474 + fromServerVersion: '' +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: GetFields runas: DBotWeakRole diff --git a/Packs/CommunityCommonScripts/Scripts/GetFilePathPreProcessing/GetFilePathPreProcessing.yml b/Packs/CommunityCommonScripts/Scripts/GetFilePathPreProcessing/GetFilePathPreProcessing.yml index e443a3536e83..b5fd53437265 100644 --- a/Packs/CommunityCommonScripts/Scripts/GetFilePathPreProcessing/GetFilePathPreProcessing.yml +++ b/Packs/CommunityCommonScripts/Scripts/GetFilePathPreProcessing/GetFilePathPreProcessing.yml @@ -1,14 +1,15 @@ -comment: |- - This is a pre-processing script that is used to create the attachments of incoming incidents in an existing incident, then drop the incoming incident. +comment: 'This is a pre-processing script that is used to create the attachments of incoming incidents in an existing incident, then drop the incoming incident. + It should be configured as a pre-processing rule, and the logic for finding the right incident should be added to the code manually. - The automation collects the paths and names of the attachments of the incoming incident and passes it to the "CreateFileFromPathObject" automation that is being executed on the existing incident + + The automation collects the paths and names of the attachments of the incoming incident and passes it to the "CreateFileFromPathObject" automation that is being executed on the existing incident' commonfields: id: GetFilePathPreProcessing version: -1 contentitemexportablefields: contentitemfields: fromServerVersion: '' -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: GetFilePathPreProcessing runas: DBotWeakRole diff --git a/Packs/CommunityCommonScripts/Scripts/IPCalcCheckSubnetCollision/IPCalcCheckSubnetCollision.yml b/Packs/CommunityCommonScripts/Scripts/IPCalcCheckSubnetCollision/IPCalcCheckSubnetCollision.yml index 25dcaf20d3bb..43a73d0978c6 100644 --- a/Packs/CommunityCommonScripts/Scripts/IPCalcCheckSubnetCollision/IPCalcCheckSubnetCollision.yml +++ b/Packs/CommunityCommonScripts/Scripts/IPCalcCheckSubnetCollision/IPCalcCheckSubnetCollision.yml @@ -24,7 +24,7 @@ script: '-' subtype: python3 timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 tests: - No tests fromversion: 6.0.0 diff --git a/Packs/CommunityCommonScripts/Scripts/IPCalcReturnAddressBinary/IPCalcReturnAddressBinary.yml b/Packs/CommunityCommonScripts/Scripts/IPCalcReturnAddressBinary/IPCalcReturnAddressBinary.yml index 56b302ea4c4f..9976771f1851 100644 --- a/Packs/CommunityCommonScripts/Scripts/IPCalcReturnAddressBinary/IPCalcReturnAddressBinary.yml +++ b/Packs/CommunityCommonScripts/Scripts/IPCalcReturnAddressBinary/IPCalcReturnAddressBinary.yml @@ -18,7 +18,7 @@ script: '-' subtype: python3 timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 tests: - No tests fromversion: 6.0.0 diff --git a/Packs/CommunityCommonScripts/Scripts/IPCalcReturnAddressIANAAllocation/IPCalcReturnAddressIANAAllocation.yml b/Packs/CommunityCommonScripts/Scripts/IPCalcReturnAddressIANAAllocation/IPCalcReturnAddressIANAAllocation.yml index 56db5c149a8c..f515edb65ac6 100644 --- a/Packs/CommunityCommonScripts/Scripts/IPCalcReturnAddressIANAAllocation/IPCalcReturnAddressIANAAllocation.yml +++ b/Packs/CommunityCommonScripts/Scripts/IPCalcReturnAddressIANAAllocation/IPCalcReturnAddressIANAAllocation.yml @@ -18,7 +18,7 @@ script: '-' subtype: python3 timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 tests: - No tests fromversion: 6.0.0 diff --git a/Packs/CommunityCommonScripts/Scripts/IPCalcReturnSubnetAddresses/IPCalcReturnSubnetAddresses.yml b/Packs/CommunityCommonScripts/Scripts/IPCalcReturnSubnetAddresses/IPCalcReturnSubnetAddresses.yml index 0245e7b9e89a..b3cc5581fc83 100644 --- a/Packs/CommunityCommonScripts/Scripts/IPCalcReturnSubnetAddresses/IPCalcReturnSubnetAddresses.yml +++ b/Packs/CommunityCommonScripts/Scripts/IPCalcReturnSubnetAddresses/IPCalcReturnSubnetAddresses.yml @@ -15,7 +15,7 @@ script: '-' subtype: python3 timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 tests: - No tests fromversion: 6.0.0 diff --git a/Packs/CommunityCommonScripts/Scripts/IPCalcReturnSubnetBroadcastAddress/IPCalcReturnSubnetBroadcastAddress.yml b/Packs/CommunityCommonScripts/Scripts/IPCalcReturnSubnetBroadcastAddress/IPCalcReturnSubnetBroadcastAddress.yml index e67d89183cb4..43f75a1218e2 100644 --- a/Packs/CommunityCommonScripts/Scripts/IPCalcReturnSubnetBroadcastAddress/IPCalcReturnSubnetBroadcastAddress.yml +++ b/Packs/CommunityCommonScripts/Scripts/IPCalcReturnSubnetBroadcastAddress/IPCalcReturnSubnetBroadcastAddress.yml @@ -15,7 +15,7 @@ script: '-' subtype: python3 timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 tests: - No tests fromversion: 6.0.0 diff --git a/Packs/CommunityCommonScripts/Scripts/IPCalcReturnSubnetNetwork/IPCalcReturnSubnetNetwork.yml b/Packs/CommunityCommonScripts/Scripts/IPCalcReturnSubnetNetwork/IPCalcReturnSubnetNetwork.yml index 7c012e27616a..6017afcf2351 100644 --- a/Packs/CommunityCommonScripts/Scripts/IPCalcReturnSubnetNetwork/IPCalcReturnSubnetNetwork.yml +++ b/Packs/CommunityCommonScripts/Scripts/IPCalcReturnSubnetNetwork/IPCalcReturnSubnetNetwork.yml @@ -15,7 +15,7 @@ script: '-' subtype: python3 timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 tests: - No tests fromversion: 6.0.0 diff --git a/Packs/CommunityCommonScripts/Scripts/InvertEveryTwoItems/InvertEveryTwoItems.yml b/Packs/CommunityCommonScripts/Scripts/InvertEveryTwoItems/InvertEveryTwoItems.yml index acea2e81a83d..00516aa27adb 100644 --- a/Packs/CommunityCommonScripts/Scripts/InvertEveryTwoItems/InvertEveryTwoItems.yml +++ b/Packs/CommunityCommonScripts/Scripts/InvertEveryTwoItems/InvertEveryTwoItems.yml @@ -1,15 +1,15 @@ args: - isArray: true name: value - description: "Input list" + description: Input list comment: "This transformer will invert every two items in an array.\nExample: \n[\"A\", \"B\", \"C\", \"D\"]\nResult:\n[\"B\", \"A\", \"D\", \"C\"]\n\nIf the total of items in the array is an odd number the last item will be removed\nExample:\n[\"A\", \"B\", \"C\", \"D\", \"E\"]\nResult:\n[\"B\", \"A\", \"D\", \"C\"]\n\nIf the item is not an array the output will be same passed object." commonfields: id: InvertEveryTwoItems version: -1 contentitemexportablefields: contentitemfields: - fromServerVersion: "" -dockerimage: demisto/python3:3.10.12.63474 + fromServerVersion: '' +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: InvertEveryTwoItems runas: DBotWeakRole diff --git a/Packs/CommunityCommonScripts/Scripts/Jq/Jq.yml b/Packs/CommunityCommonScripts/Scripts/Jq/Jq.yml index 75b33acc578b..804004243dfc 100644 --- a/Packs/CommunityCommonScripts/Scripts/Jq/Jq.yml +++ b/Packs/CommunityCommonScripts/Scripts/Jq/Jq.yml @@ -14,7 +14,7 @@ contentitemexportablefields: fromServerVersion: '' dependson: must: [] -dockerimage: demisto/jq:1.0.0.24037 +dockerimage: demisto/jq:1.0.0.100247 enabled: true name: jq outputs: diff --git a/Packs/CommunityCommonScripts/Scripts/MapRegex/MapRegex.yml b/Packs/CommunityCommonScripts/Scripts/MapRegex/MapRegex.yml index af60c624e2a8..edcf090b2639 100644 --- a/Packs/CommunityCommonScripts/Scripts/MapRegex/MapRegex.yml +++ b/Packs/CommunityCommonScripts/Scripts/MapRegex/MapRegex.yml @@ -4,24 +4,11 @@ args: required: true - description: A JSON dictionary that contains key:value pairs that represent the "Outcome":"Regex". name: json_regex -comment: |- - This transformer will take in a value and transform it based on multiple regular expressions defined in a JSON dictionary structure. The key:value pair of the JSON dictionary should be: - - "desired outcome": "regex to match" - - For example: - - { - "Match 1": ".*match 1.*", - "Match 2": ".*match 2.*", - "Catch all": ".*" - } - - The transformer will match in order of dictionary entries. +comment: "This transformer will take in a value and transform it based on multiple regular expressions defined in a JSON dictionary structure. The key:value pair of the JSON dictionary should be:\n\n\"desired outcome\": \"regex to match\"\n\nFor example:\n\n{\n \"Match 1\": \".*match 1.*\",\n \"Match 2\": \".*match 2.*\",\n \"Catch all\": \".*\"\n}\n\nThe transformer will match in order of dictionary entries." commonfields: id: MapRegex version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: MapRegex runas: DBotWeakRole diff --git a/Packs/CommunityCommonScripts/Scripts/MarkdownToHTML/MarkdownToHTML.yml b/Packs/CommunityCommonScripts/Scripts/MarkdownToHTML/MarkdownToHTML.yml index 43b6e0bf2717..128ba5c0a39e 100644 --- a/Packs/CommunityCommonScripts/Scripts/MarkdownToHTML/MarkdownToHTML.yml +++ b/Packs/CommunityCommonScripts/Scripts/MarkdownToHTML/MarkdownToHTML.yml @@ -36,7 +36,7 @@ type: python contentitemexportablefields: contentitemfields: fromServerVersion: '' -dockerimage: demisto/bs4-py3:1.0.0.30051 +dockerimage: demisto/bs4-py3:1.0.0.100299 runas: DBotWeakRole tests: - No tests (auto formatted) diff --git a/Packs/CommunityCommonScripts/Scripts/MaxList/MaxList.yml b/Packs/CommunityCommonScripts/Scripts/MaxList/MaxList.yml index 3ed66fac3028..38a93389f306 100644 --- a/Packs/CommunityCommonScripts/Scripts/MaxList/MaxList.yml +++ b/Packs/CommunityCommonScripts/Scripts/MaxList/MaxList.yml @@ -8,7 +8,7 @@ comment: "Gets the maximum value from list\ne.g. [\"25\", \"10\", \"25\"] => \" commonfields: id: MaxList version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: MaxList runas: DBotWeakRole diff --git a/Packs/CommunityCommonScripts/Scripts/MinList/MinList.yml b/Packs/CommunityCommonScripts/Scripts/MinList/MinList.yml index e5a6f3881904..ddc00b80a071 100644 --- a/Packs/CommunityCommonScripts/Scripts/MinList/MinList.yml +++ b/Packs/CommunityCommonScripts/Scripts/MinList/MinList.yml @@ -8,7 +8,7 @@ comment: "Gets the minimum value from list\ne.g. [\"25\", \"10\", \"25\"] => \" commonfields: id: MinList version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: MinList runas: DBotWeakRole diff --git a/Packs/CommunityCommonScripts/Scripts/PHash/PHash.yml b/Packs/CommunityCommonScripts/Scripts/PHash/PHash.yml index c3e6a80e4f23..7ea13e598541 100644 --- a/Packs/CommunityCommonScripts/Scripts/PHash/PHash.yml +++ b/Packs/CommunityCommonScripts/Scripts/PHash/PHash.yml @@ -8,8 +8,8 @@ commonfields: version: -1 contentitemexportablefields: contentitemfields: - fromServerVersion: "" -dockerimage: demisto/python-phash:1.0.0.25389 + fromServerVersion: '' +dockerimage: demisto/python-phash:1.0.0.100267 enabled: true name: PHash outputs: diff --git a/Packs/CommunityCommonScripts/Scripts/RandomElementFromList/RandomElementFromList.yml b/Packs/CommunityCommonScripts/Scripts/RandomElementFromList/RandomElementFromList.yml index fb4a31cd4436..d7614a39b059 100644 --- a/Packs/CommunityCommonScripts/Scripts/RandomElementFromList/RandomElementFromList.yml +++ b/Packs/CommunityCommonScripts/Scripts/RandomElementFromList/RandomElementFromList.yml @@ -11,7 +11,7 @@ comment: randomly select elements from a list in Python commonfields: id: RandomElementFromList version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: RandomElementFromList runas: DBotWeakRole diff --git a/Packs/CommunityCommonScripts/Scripts/RandomPhotoNasa/RandomPhotoNasa.yml b/Packs/CommunityCommonScripts/Scripts/RandomPhotoNasa/RandomPhotoNasa.yml index df90bab7862a..69b9f7be8e17 100644 --- a/Packs/CommunityCommonScripts/Scripts/RandomPhotoNasa/RandomPhotoNasa.yml +++ b/Packs/CommunityCommonScripts/Scripts/RandomPhotoNasa/RandomPhotoNasa.yml @@ -5,7 +5,7 @@ args: commonfields: id: RandomPhotoNasa version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: RandomPhotoNasa runas: DBotWeakRole diff --git a/Packs/CommunityCommonScripts/Scripts/SSLVerifier/SSLVerifier.yml b/Packs/CommunityCommonScripts/Scripts/SSLVerifier/SSLVerifier.yml index 6a049355ee32..28bfd71c0c72 100644 --- a/Packs/CommunityCommonScripts/Scripts/SSLVerifier/SSLVerifier.yml +++ b/Packs/CommunityCommonScripts/Scripts/SSLVerifier/SSLVerifier.yml @@ -14,7 +14,7 @@ args: - name: Port default: true description: Port to check - defaultValue: "443" + defaultValue: '443' outputs: - contextPath: SSLVerifier.Certificate.Expiry description: Time of expiration @@ -30,7 +30,7 @@ outputs: type: string scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 5.0.0 tests: diff --git a/Packs/CommunityCommonScripts/Scripts/StripAccentMarksFromString/StripAccentMarksFromString.yml b/Packs/CommunityCommonScripts/Scripts/StripAccentMarksFromString/StripAccentMarksFromString.yml index b0d1a4af1f31..2e0e25e8c9d6 100644 --- a/Packs/CommunityCommonScripts/Scripts/StripAccentMarksFromString/StripAccentMarksFromString.yml +++ b/Packs/CommunityCommonScripts/Scripts/StripAccentMarksFromString/StripAccentMarksFromString.yml @@ -2,14 +2,14 @@ args: - name: value required: true description: Value to strip accent marks from -comment: |- +comment: |- Strip accent marks (diacritics) from a given string. For example: "Niño שָׁלוֹם Montréal اَلسَّلَامُ عَلَيْكُمْ‎" Will return: "Nino שלום Montreal السلام عليكم" commonfields: id: StripAccentMarksFromString version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: StripAccentMarksFromString runas: DBotWeakRole diff --git a/Packs/CommunityCommonScripts/Scripts/isArrayItemInList/IsArrayItemInList.yml b/Packs/CommunityCommonScripts/Scripts/isArrayItemInList/IsArrayItemInList.yml index f39709366f8b..d0705a26a28a 100644 --- a/Packs/CommunityCommonScripts/Scripts/isArrayItemInList/IsArrayItemInList.yml +++ b/Packs/CommunityCommonScripts/Scripts/isArrayItemInList/IsArrayItemInList.yml @@ -6,17 +6,18 @@ args: - description: the XSOAR system list name. name: listName required: true -comment: |- - This automation is for comparing array(list) data of context to existing lists on XSOAR server. You can avoid using loop of sub-playbook. +comment: 'This automation is for comparing array(list) data of context to existing lists on XSOAR server. You can avoid using loop of sub-playbook. + inputArray: the context array/list data - listName: the XSOAR system list + + listName: the XSOAR system list' commonfields: id: isArrayItemInList version: -1 contentitemexportablefields: contentitemfields: - fromServerVersion: "" -dockerimage: demisto/python3:3.10.12.63474 + fromServerVersion: '' +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: isArrayItemInList runas: DBotWeakRole diff --git a/Packs/CommunityCommonScripts/pack_metadata.json b/Packs/CommunityCommonScripts/pack_metadata.json index f11ddddfa6cb..10fd2dbdadfd 100644 --- a/Packs/CommunityCommonScripts/pack_metadata.json +++ b/Packs/CommunityCommonScripts/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Community Common Scripts", "description": "A pack that contains community scripts", "support": "community", - "currentVersion": "1.2.2", + "currentVersion": "1.2.4", "author": "", "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions", "email": "", @@ -22,4 +22,4 @@ "marketplacev2" ], "githubUser": [] -} +} \ No newline at end of file diff --git a/Packs/Core/ReleaseNotes/3_0_50.md b/Packs/Core/ReleaseNotes/3_0_50.md new file mode 100644 index 000000000000..672dcb686dc3 --- /dev/null +++ b/Packs/Core/ReleaseNotes/3_0_50.md @@ -0,0 +1,11 @@ + +#### Integrations + +##### Indicators detection + +Updated the CoreIRApiModule with support for custom XSOAR close-reasons in XSOAR-XDR close-reason mapping. + +##### Investigation & Response + +Updated the CoreIRApiModule with support for custom XSOAR close-reasons in XSOAR-XDR close-reason mapping. + diff --git a/Packs/Core/pack_metadata.json b/Packs/Core/pack_metadata.json index 4475ac546e47..938281cded61 100644 --- a/Packs/Core/pack_metadata.json +++ b/Packs/Core/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Core - Investigation and Response", "description": "Automates incident response", "support": "xsoar", - "currentVersion": "3.0.49", + "currentVersion": "3.0.50", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert.yml b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert.yml index eb449c9ae299..05889ab17039 100644 --- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert.yml +++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert.yml @@ -6,10 +6,10 @@ starttaskid: "0" tasks: "0": id: "0" - taskid: dd7508ca-6f68-4bef-8f62-8104ddaa7766 + taskid: b7b07d0b-fee5-4b51-8e6b-928088c82c42 type: start task: - id: dd7508ca-6f68-4bef-8f62-8104ddaa7766 + id: b7b07d0b-fee5-4b51-8e6b-928088c82c42 version: -1 name: "" iscommand: false @@ -36,10 +36,10 @@ tasks: continueonerrortype: "" "4": id: "4" - taskid: 524a4f11-6bf7-4076-8025-19770047bea2 + taskid: c300597e-a947-4a0e-8551-7e862c5caa53 type: title task: - id: 524a4f11-6bf7-4076-8025-19770047bea2 + id: c300597e-a947-4a0e-8551-7e862c5caa53 version: -1 name: Complete type: title @@ -64,10 +64,10 @@ tasks: continueonerrortype: "" "5": id: "5" - taskid: 741b1342-a66b-469a-8a76-d9d91bc3554f + taskid: c77b9c64-6bba-4ba5-85b5-726d41384dab type: title task: - id: 741b1342-a66b-469a-8a76-d9d91bc3554f + id: c77b9c64-6bba-4ba5-85b5-726d41384dab version: -1 name: Triage and Qualifier Stage type: title @@ -95,10 +95,10 @@ tasks: continueonerrortype: "" "6": id: "6" - taskid: aedd6ffd-a9c6-45b4-8cb0-7ff05b35e36c + taskid: 6e545db5-41cc-4414-8755-1094a1c03fe8 type: title task: - id: aedd6ffd-a9c6-45b4-8cb0-7ff05b35e36c + id: 6e545db5-41cc-4414-8755-1094a1c03fe8 version: -1 name: Enrichment Stage type: title @@ -107,7 +107,7 @@ tasks: description: '' nexttasks: '#none#': - - "97" + - "185" separatecontext: false continueonerrortype: "" view: |- @@ -126,10 +126,10 @@ tasks: isautoswitchedtoquietmode: false "8": id: "8" - taskid: ac144da8-4dc7-4d20-8739-218c58debc64 + taskid: 1b80b617-5189-4039-8315-7b11be105d7d type: title task: - id: ac144da8-4dc7-4d20-8739-218c58debc64 + id: 1b80b617-5189-4039-8315-7b11be105d7d version: -1 name: Decision Stage type: title @@ -138,7 +138,7 @@ tasks: description: '' nexttasks: '#none#': - - "120" + - "186" separatecontext: false continueonerrortype: "" view: |- @@ -157,10 +157,10 @@ tasks: isautoswitchedtoquietmode: false "10": id: "10" - taskid: ededc28d-03e7-4c76-86ac-5603bbcfd7f6 + taskid: 4a19c6fd-f41a-40d5-87b9-811c1235dc71 type: title task: - id: ededc28d-03e7-4c76-86ac-5603bbcfd7f6 + id: 4a19c6fd-f41a-40d5-87b9-811c1235dc71 version: -1 name: Notification Stage type: title @@ -188,10 +188,10 @@ tasks: isautoswitchedtoquietmode: false "11": id: "11" - taskid: 973030d6-2b5a-419e-8092-35e5da4cc2ee + taskid: b149b6cb-541e-45b8-8b18-27fecce33932 type: title task: - id: 973030d6-2b5a-419e-8092-35e5da4cc2ee + id: b149b6cb-541e-45b8-8b18-27fecce33932 version: -1 name: Validation Stage type: title @@ -219,10 +219,10 @@ tasks: isautoswitchedtoquietmode: false "12": id: "12" - taskid: 18ba5222-fc56-4c88-8dac-f1d311d880c3 + taskid: e70c7cd7-c4d1-4f49-8ca1-8d1522da9d6a type: title task: - id: 18ba5222-fc56-4c88-8dac-f1d311d880c3 + id: e70c7cd7-c4d1-4f49-8ca1-8d1522da9d6a version: -1 name: Remediation Stage type: title @@ -231,7 +231,7 @@ tasks: description: '' nexttasks: '#none#': - - "167" + - "187" separatecontext: false continueonerrortype: "" view: |- @@ -250,10 +250,10 @@ tasks: isautoswitchedtoquietmode: false "13": id: "13" - taskid: 1fb346f8-fe68-4bd2-8558-d18bf2b0bddd + taskid: e460ad6f-77f0-4911-887d-9954b478ff75 type: title task: - id: 1fb346f8-fe68-4bd2-8558-d18bf2b0bddd + id: e460ad6f-77f0-4911-887d-9954b478ff75 version: -1 name: Summarization Stage type: title @@ -281,10 +281,10 @@ tasks: isautoswitchedtoquietmode: false "20": id: "20" - taskid: 7b89f179-88dc-40be-815f-8a889746458f + taskid: c428c373-5c79-44cb-80e7-de555c354c34 type: condition task: - id: 7b89f179-88dc-40be-815f-8a889746458f + id: c428c373-5c79-44cb-80e7-de555c354c34 version: -1 name: Service exposure still observable? description: Determines if service was still observable and also if automated remediation was done. @@ -339,10 +339,10 @@ tasks: isautoswitchedtoquietmode: false "21": id: "21" - taskid: 77d232a7-a2db-4c6d-8f0b-cb2defa7ee99 + taskid: 2076296d-2bfe-4b4c-8cdf-7bb538290e97 type: collection task: - id: 77d232a7-a2db-4c6d-8f0b-cb2defa7ee99 + id: 2076296d-2bfe-4b4c-8cdf-7bb538290e97 version: -1 name: What to do if Remediation Confirmation Scan is inconclusive? description: Determines if alert should be closed or kept open for auto-closure based on analyst input. @@ -408,10 +408,10 @@ tasks: isautoswitchedtoquietmode: false "48": id: "48" - taskid: ded0a956-bf49-4efe-8048-3943798b6346 + taskid: 21578536-97b4-4a27-842c-4b119942084d type: condition task: - id: ded0a956-bf49-4efe-8048-3943798b6346 + id: 21578536-97b4-4a27-842c-4b119942084d version: -1 name: What was data collection task response? description: Determines the next action (remediation or ticket) based on the previous data collection task. @@ -467,6 +467,14 @@ tasks: right: value: simple: Automated remediation by creating empty S3 bucket + - left: + iscontext: true + value: + simple: alert.asmdatacollection.selected + operator: isEqualString + right: + value: + simple: Automated remediation by patching vulnerable software - label: Manual remediation condition: - - operator: isEqualString @@ -542,10 +550,10 @@ tasks: isautoswitchedtoquietmode: false "50": id: "50" - taskid: 9e471e5c-5ad1-4ca3-8b76-5087d3769207 + taskid: 4d07e99c-e580-4bdf-8883-f051bd03c896 type: collection task: - id: 9e471e5c-5ad1-4ca3-8b76-5087d3769207 + id: 4d07e99c-e580-4bdf-8883-f051bd03c896 version: -1 name: Verify service exposure resolved by service owner description: Determines if manual remediation (by service owner or otherwise) was completed via analyst input. @@ -609,10 +617,10 @@ tasks: isautoswitchedtoquietmode: false "60": id: "60" - taskid: 8081531e-9a7e-4ac0-8965-336013d59f19 + taskid: e04643ac-8595-484f-82b5-e5afcd13544f type: title task: - id: 8081531e-9a7e-4ac0-8965-336013d59f19 + id: e04643ac-8595-484f-82b5-e5afcd13544f version: -1 name: Notification Stage type: title @@ -640,12 +648,12 @@ tasks: isautoswitchedtoquietmode: false "63": id: "63" - taskid: 5312a099-808b-4e8f-8988-2fa1b6235fe9 + taskid: 4e9b77ee-dc7b-47da-83a3-3e9c0e6f878f type: title task: - id: 5312a099-808b-4e8f-8988-2fa1b6235fe9 + id: 4e9b77ee-dc7b-47da-83a3-3e9c0e6f878f version: -1 - name: Remediation Stage + name: Manual Remediation Stage type: title iscommand: false brand: "" @@ -671,10 +679,10 @@ tasks: isautoswitchedtoquietmode: false "69": id: "69" - taskid: dabb36da-ff49-4adc-8205-8b48c97cb33e + taskid: f2dd6603-f4fa-4499-8958-14daaf688193 type: regular task: - id: dabb36da-ff49-4adc-8205-8b48c97cb33e + id: f2dd6603-f4fa-4499-8958-14daaf688193 version: -1 name: Set remediation grid field description: |- @@ -720,10 +728,10 @@ tasks: isautoswitchedtoquietmode: false "72": id: "72" - taskid: ffe42a7a-95e1-4a97-86ee-d5302c7a7967 + taskid: 78bbbc1a-fe99-4e9a-8435-8960b0af1087 type: condition task: - id: ffe42a7a-95e1-4a97-86ee-d5302c7a7967 + id: 78bbbc1a-fe99-4e9a-8435-8960b0af1087 version: -1 name: Manual remediation selected? description: Determines if "manual remediation" was selected on main data collection task. @@ -781,10 +789,10 @@ tasks: isautoswitchedtoquietmode: false "73": id: "73" - taskid: 12e79db8-c6bc-4bf6-849e-b1fde187a780 + taskid: 0b8598c4-c5e0-4cce-8383-c91f58facf2d type: regular task: - id: 12e79db8-c6bc-4bf6-849e-b1fde187a780 + id: 0b8598c4-c5e0-4cce-8383-c91f58facf2d version: -1 name: Set remediation grid field description: |- @@ -839,10 +847,10 @@ tasks: isautoswitchedtoquietmode: false "81": id: "81" - taskid: cd24ef90-212e-4265-820e-3f4fd480cdde + taskid: b7f68d25-ba83-4275-8340-e9b0d96fd9e3 type: regular task: - id: cd24ef90-212e-4265-820e-3f4fd480cdde + id: b7f68d25-ba83-4275-8340-e9b0d96fd9e3 version: -1 name: Set alert summary grid field description: |- @@ -909,10 +917,10 @@ tasks: isautoswitchedtoquietmode: false "86": id: "86" - taskid: 68906b18-c318-4196-87c4-e1da1cfb0fe0 + taskid: 7760cd6c-8132-4e21-8eb5-9769a3834bc9 type: playbook task: - id: 68906b18-c318-4196-87c4-e1da1cfb0fe0 + id: 7760cd6c-8132-4e21-8eb5-9769a3834bc9 version: -1 name: Cortex ASM - Detect Service description: Playbook that looks at what ASM sub-type the alert is and directs it to different pre/post mitigation scans (such as NMAP). @@ -961,10 +969,10 @@ tasks: isautoswitchedtoquietmode: false "88": id: "88" - taskid: 1d156f00-86d1-4cdc-885b-d2194f4c98b3 + taskid: f3b899dd-18a9-48f6-8503-7cf6263aca64 type: collection task: - id: 1d156f00-86d1-4cdc-885b-d2194f4c98b3 + id: f3b899dd-18a9-48f6-8503-7cf6263aca64 version: -1 name: Complete manual remediation description: Determines if manual remediation (by service owner or otherwise) was completed via analyst input. @@ -1026,56 +1034,12 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "97": - id: "97" - taskid: 0811d2d4-6d24-483f-8927-10416dc9c732 - type: playbook - task: - id: 0811d2d4-6d24-483f-8927-10416dc9c732 - version: -1 - name: Cortex ASM - Enrichment - description: Used as a container folder for all enrichments of ASM alerts. - type: playbook - iscommand: false - brand: "" - playbookId: Cortex ASM - Enrichment - nexttasks: - '#none#': - - "125" - separatecontext: true - continueonerrortype: "" - view: |- - { - "position": { - "x": 70, - "y": -870 - } - } - note: false - timertriggers: [] - ignoreworker: false - skipunavailable: false - quietmode: 0 - isoversize: false - isautoswitchedtoquietmode: false - loop: - exitCondition: "" - iscommand: false - max: 100 - wait: 1 - scriptarguments: - AWSAssumeRoleName: - simple: ${inputs.AWSAssumeRoleName} - RemoteIP: - complex: - accessor: remoteip - root: alert "103": id: "103" - taskid: 5621c9ee-0fd0-49fe-874a-671d79d09bbc + taskid: 4ac1a981-fe3b-4cad-807b-3b40afbba041 type: regular task: - id: 5621c9ee-0fd0-49fe-874a-671d79d09bbc + id: 4ac1a981-fe3b-4cad-807b-3b40afbba041 version: -1 name: Set remediation grid field description: |- @@ -1120,10 +1084,10 @@ tasks: isautoswitchedtoquietmode: false "110": id: "110" - taskid: b2bd3099-21ea-4494-8c0d-cc760a967e9d + taskid: 9384d7c9-9814-45cb-863d-6cecba635833 type: condition task: - id: b2bd3099-21ea-4494-8c0d-cc760a967e9d + id: 9384d7c9-9814-45cb-863d-6cecba635833 version: -1 name: Close or keep open? description: Determines if the alert will be closed or kept open. @@ -1226,10 +1190,10 @@ tasks: isautoswitchedtoquietmode: false "111": id: "111" - taskid: bf85e503-d866-4a17-86b4-2cc9bf122262 + taskid: 9243de06-b239-4956-80c8-b0c36a28ce99 type: regular task: - id: bf85e503-d866-4a17-86b4-2cc9bf122262 + id: 9243de06-b239-4956-80c8-b0c36a28ce99 version: -1 name: Close alert (close now) description: Close the current alert because auto-close was selected. @@ -1263,10 +1227,10 @@ tasks: isautoswitchedtoquietmode: false "112": id: "112" - taskid: e8ffd516-c0fe-4eec-8a0c-c252a06a3c9b + taskid: eac13f7d-5da0-4dfa-8b41-568ab413edec type: regular task: - id: e8ffd516-c0fe-4eec-8a0c-c252a06a3c9b + id: eac13f7d-5da0-4dfa-8b41-568ab413edec version: -1 name: Close alert (remediated automatically) description: Close the current alert because Automated Remediation path was selected. @@ -1300,10 +1264,10 @@ tasks: isautoswitchedtoquietmode: false "113": id: "113" - taskid: 3d915d61-ab31-4f8c-8a0f-9b1e015e0f2f + taskid: b94080d0-cf5d-408b-8a5f-d1a3e781f33b type: regular task: - id: 3d915d61-ab31-4f8c-8a0f-9b1e015e0f2f + id: b94080d0-cf5d-408b-8a5f-d1a3e781f33b version: -1 name: Close alert (close now) with rule match description: Close the current alert because auto-close was selected. @@ -1346,10 +1310,10 @@ tasks: isautoswitchedtoquietmode: false "114": id: "114" - taskid: d9757cec-c740-487c-8b85-34cd5a40d227 + taskid: 9cce412b-6cb5-403e-8ba5-1092762c0fb6 type: regular task: - id: d9757cec-c740-487c-8b85-34cd5a40d227 + id: 9cce412b-6cb5-403e-8ba5-1092762c0fb6 version: -1 name: Close alert (remediated automatically) with rule match description: Close the current alert because Automated Remediation path was selected. @@ -1390,57 +1354,12 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "120": - id: "120" - taskid: dfed6b1e-c333-4167-8fdb-b0d0f123cd9c - type: playbook - task: - id: dfed6b1e-c333-4167-8fdb-b0d0f123cd9c - version: -1 - name: Cortex ASM - Remediation Path Rules - type: playbook - iscommand: false - brand: "" - playbookId: Cortex ASM - Remediation Path Rules - description: '' - nexttasks: - '#none#': - - "145" - scriptarguments: - BypassDevCheck: - complex: - root: inputs.BypassDevCheck - ExternallyDetectedProviders: - complex: - root: ASM.ExternalService - accessor: externally_detected_providers - separatecontext: true - continueonerrortype: "" - loop: - iscommand: false - exitCondition: "" - wait: 1 - max: 100 - view: |- - { - "position": { - "x": 70, - "y": 470 - } - } - note: false - timertriggers: [] - ignoreworker: false - skipunavailable: false - quietmode: 0 - isoversize: false - isautoswitchedtoquietmode: false "121": id: "121" - taskid: f09a3539-f2d7-4ef4-8232-decf8c4f0c6b + taskid: 598c7420-4eeb-48fc-8b5f-b539d6085c05 type: title task: - id: f09a3539-f2d7-4ef4-8232-decf8c4f0c6b + id: 598c7420-4eeb-48fc-8b5f-b539d6085c05 version: -1 name: Analysis Stage type: title @@ -1468,10 +1387,10 @@ tasks: isautoswitchedtoquietmode: false "124": id: "124" - taskid: 3d004d2e-1553-47df-895f-b2bb82cc4234 + taskid: 83cd02a3-ed01-4a17-8376-a2b8c394944c type: regular task: - id: 3d004d2e-1553-47df-895f-b2bb82cc4234 + id: 83cd02a3-ed01-4a17-8376-a2b8c394944c version: -1 name: Set playbook stage grid field (triage) description: |- @@ -1511,10 +1430,10 @@ tasks: isautoswitchedtoquietmode: false "125": id: "125" - taskid: 79fa27de-b9c9-4c95-8003-d45cdacf4234 + taskid: 422e3206-c215-49c0-8c50-0225df53a429 type: regular task: - id: 79fa27de-b9c9-4c95-8003-d45cdacf4234 + id: 422e3206-c215-49c0-8c50-0225df53a429 version: -1 name: Set playbook stage grid field (enrichment) description: |- @@ -1554,10 +1473,10 @@ tasks: isautoswitchedtoquietmode: false "126": id: "126" - taskid: efe24279-8922-40c6-82a8-09f9a0242f31 + taskid: 4d3f708f-412f-409d-815c-d8daf22f1000 type: regular task: - id: efe24279-8922-40c6-82a8-09f9a0242f31 + id: 4d3f708f-412f-409d-815c-d8daf22f1000 version: -1 name: Set playbook stage grid field (analysis) description: |- @@ -1597,10 +1516,10 @@ tasks: isautoswitchedtoquietmode: false "128": id: "128" - taskid: dc828cbd-e702-4ca7-8945-f83a175d17d8 + taskid: 028eece5-24f0-4890-89f8-3803d33144e0 type: regular task: - id: dc828cbd-e702-4ca7-8945-f83a175d17d8 + id: 028eece5-24f0-4890-89f8-3803d33144e0 version: -1 name: Set playbook stage grid field (decision) description: |- @@ -1640,10 +1559,10 @@ tasks: isautoswitchedtoquietmode: false "129": id: "129" - taskid: e5758c73-aa8b-4713-8f72-757da5ed7e00 + taskid: d814ba48-42c5-414d-86c9-dfeb842f02f0 type: regular task: - id: e5758c73-aa8b-4713-8f72-757da5ed7e00 + id: d814ba48-42c5-414d-86c9-dfeb842f02f0 version: -1 name: Set playbook stage grid field (decision) description: |- @@ -1671,7 +1590,7 @@ tasks: { "position": { "x": -700, - "y": 1120 + "y": 1125 } } note: false @@ -1683,10 +1602,10 @@ tasks: isautoswitchedtoquietmode: false "130": id: "130" - taskid: 80372fd3-eeaf-4095-84bd-d52c437c03da + taskid: b48cba1e-0a6c-4a12-8bf7-9f2bbf47b37a type: regular task: - id: 80372fd3-eeaf-4095-84bd-d52c437c03da + id: b48cba1e-0a6c-4a12-8bf7-9f2bbf47b37a version: -1 name: Set playbook stage grid field (decision) description: |- @@ -1726,10 +1645,10 @@ tasks: isautoswitchedtoquietmode: false "131": id: "131" - taskid: 285687f0-08f1-4ced-8325-906375957e83 + taskid: 768ae5de-aa06-4975-8e4c-aa9ae75ece4b type: regular task: - id: 285687f0-08f1-4ced-8325-906375957e83 + id: 768ae5de-aa06-4975-8e4c-aa9ae75ece4b version: -1 name: Set playbook stage grid field (decision) description: |- @@ -1769,10 +1688,10 @@ tasks: isautoswitchedtoquietmode: false "133": id: "133" - taskid: 8d1859e4-fa76-4f57-8b2a-112a4732ef6f + taskid: cd2d1025-4773-4743-8baf-dec1932028bd type: regular task: - id: 8d1859e4-fa76-4f57-8b2a-112a4732ef6f + id: cd2d1025-4773-4743-8baf-dec1932028bd version: -1 name: Set playbook stage grid field (remediation) description: |- @@ -1812,10 +1731,10 @@ tasks: isautoswitchedtoquietmode: false "134": id: "134" - taskid: 1b72f224-dd3b-4469-8a4a-f0d7f155f665 + taskid: 238955d2-13ea-4e94-816f-d28db1defaf2 type: regular task: - id: 1b72f224-dd3b-4469-8a4a-f0d7f155f665 + id: 238955d2-13ea-4e94-816f-d28db1defaf2 version: -1 name: Set playbook stage grid field (notification) description: |- @@ -1855,10 +1774,10 @@ tasks: isautoswitchedtoquietmode: false "135": id: "135" - taskid: a91526b1-d509-484a-8b5d-6dd6e0cdfe90 + taskid: e33d4d1a-08ec-4517-8930-445a3b108f08 type: regular task: - id: a91526b1-d509-484a-8b5d-6dd6e0cdfe90 + id: e33d4d1a-08ec-4517-8930-445a3b108f08 version: -1 name: Set playbook stage grid field (validation) description: |- @@ -1898,10 +1817,10 @@ tasks: isautoswitchedtoquietmode: false "136": id: "136" - taskid: 5e11132d-3f79-4914-81db-3f9c0c2d3162 + taskid: 8c17fd19-2790-46fa-878d-ad53d3fff9f8 type: regular task: - id: 5e11132d-3f79-4914-81db-3f9c0c2d3162 + id: 8c17fd19-2790-46fa-878d-ad53d3fff9f8 version: -1 name: Set playbook stage grid field (summarization) description: |- @@ -1941,10 +1860,10 @@ tasks: isautoswitchedtoquietmode: false "141": id: "141" - taskid: f42d564a-6981-4ee4-8024-aa3873ad4088 + taskid: 6152a9df-a84b-4bbe-8a9f-59afec75c4ae type: title task: - id: f42d564a-6981-4ee4-8024-aa3873ad4088 + id: 6152a9df-a84b-4bbe-8a9f-59afec75c4ae version: -1 name: continue type: title @@ -1972,10 +1891,10 @@ tasks: isautoswitchedtoquietmode: false "142": id: "142" - taskid: ec3d4619-fffa-4372-8893-c67c6f0065da + taskid: 0e38bd21-c3da-422c-8ac8-a2ebcaf93a39 type: regular task: - id: ec3d4619-fffa-4372-8893-c67c6f0065da + id: 0e38bd21-c3da-422c-8ac8-a2ebcaf93a39 version: -1 name: Close alert (accepted risk) description: Close the current alert because the service is no longer observed. @@ -2009,10 +1928,10 @@ tasks: isautoswitchedtoquietmode: false "144": id: "144" - taskid: a561ff8a-f9aa-474f-85ee-13f5175b206a + taskid: 167fe7ef-89a1-413f-85cb-94d9c086d6d1 type: condition task: - id: a561ff8a-f9aa-474f-85ee-13f5175b206a + id: 167fe7ef-89a1-413f-85cb-94d9c086d6d1 version: -1 name: Are there any matches from accepted risk lists? description: Checks if the system IDs, folders, and projects are present in the accepted risk lists. @@ -2150,10 +2069,10 @@ tasks: isautoswitchedtoquietmode: false "145": id: "145" - taskid: cc484203-56ae-4a58-8e0a-a47ef6415346 + taskid: 87cca956-c103-4e7c-84a4-0bfa10d39b81 type: condition task: - id: cc484203-56ae-4a58-8e0a-a47ef6415346 + id: 87cca956-c103-4e7c-84a4-0bfa10d39b81 version: -1 name: What is the remediation action? description: Determines what the remediation action is (direct action or data collection task). @@ -2259,10 +2178,10 @@ tasks: isautoswitchedtoquietmode: false "146": id: "146" - taskid: df09a445-07a6-46b7-83a3-9f203715dfc4 + taskid: 5cc9450d-b22b-4100-8390-f3ec343b9319 type: title task: - id: df09a445-07a6-46b7-83a3-9f203715dfc4 + id: 5cc9450d-b22b-4100-8390-f3ec343b9319 version: -1 name: Automated Remediation type: title @@ -2290,10 +2209,10 @@ tasks: isautoswitchedtoquietmode: false "152": id: "152" - taskid: 62394500-6bb9-4213-8b20-9498f68d294b + taskid: 3ca6aa20-4977-4c33-8d6f-4506f9f5af07 type: title task: - id: 62394500-6bb9-4213-8b20-9498f68d294b + id: 3ca6aa20-4977-4c33-8d6f-4506f9f5af07 version: -1 name: Manual Remediation type: title @@ -2321,10 +2240,10 @@ tasks: isautoswitchedtoquietmode: false "156": id: "156" - taskid: 78316ab2-21fb-44cf-8fc1-b94cd770b5e6 + taskid: 79daba2b-1791-4d5c-855c-fb9d663191ee type: title task: - id: 78316ab2-21fb-44cf-8fc1-b94cd770b5e6 + id: 79daba2b-1791-4d5c-855c-fb9d663191ee version: -1 name: Notification Stage type: title @@ -2352,10 +2271,10 @@ tasks: isautoswitchedtoquietmode: false "157": id: "157" - taskid: fe208949-9f9f-4ccf-84de-a2e0b3821af0 + taskid: 9c6555fc-9a4f-480d-8292-0aa18468581c type: regular task: - id: fe208949-9f9f-4ccf-84de-a2e0b3821af0 + id: 9c6555fc-9a4f-480d-8292-0aa18468581c version: -1 name: Set playbook stage grid field (decision) description: |- @@ -2395,10 +2314,10 @@ tasks: isautoswitchedtoquietmode: false "161": id: "161" - taskid: 9928bef3-2131-4d80-8f3b-d534240a79e1 + taskid: 5617a3f5-278a-492e-8d16-09e896120c1d type: title task: - id: 9928bef3-2131-4d80-8f3b-d534240a79e1 + id: 5617a3f5-278a-492e-8d16-09e896120c1d version: -1 name: Jira Ticket type: title @@ -2426,10 +2345,10 @@ tasks: isautoswitchedtoquietmode: false "162": id: "162" - taskid: 574d8ee3-6d6f-49d9-872f-2e05b95c575c + taskid: 0d78ff20-65b6-48a7-8f3e-c0d99809a5bf type: title task: - id: 574d8ee3-6d6f-49d9-872f-2e05b95c575c + id: 0d78ff20-65b6-48a7-8f3e-c0d99809a5bf version: -1 name: ServiceNow Ticket type: title @@ -2457,10 +2376,10 @@ tasks: isautoswitchedtoquietmode: false "163": id: "163" - taskid: f05f334b-ce0f-4505-8478-98ccc00d5dc5 + taskid: 68147b67-a457-4d09-817b-bbf1a7539f20 type: title task: - id: f05f334b-ce0f-4505-8478-98ccc00d5dc5 + id: 68147b67-a457-4d09-817b-bbf1a7539f20 version: -1 name: Email Notification type: title @@ -2488,10 +2407,10 @@ tasks: isautoswitchedtoquietmode: false "164": id: "164" - taskid: c2cbffd1-9e92-4dea-8d67-af7105bce947 + taskid: cf574345-4885-46c3-8781-6fe82703cd32 type: regular task: - id: c2cbffd1-9e92-4dea-8d67-af7105bce947 + id: cf574345-4885-46c3-8781-6fe82703cd32 version: -1 name: Set remediation grid field description: |- @@ -2535,10 +2454,10 @@ tasks: isautoswitchedtoquietmode: false "165": id: "165" - taskid: b7d59316-36be-4ac7-81c3-7796518b8772 + taskid: 3b65d35e-d409-446e-8200-8c7a2d26b927 type: condition task: - id: b7d59316-36be-4ac7-81c3-7796518b8772 + id: 3b65d35e-d409-446e-8200-8c7a2d26b927 version: -1 name: Are there service owners with emails? description: Verifies if we have emails for service owners. @@ -2589,10 +2508,10 @@ tasks: isautoswitchedtoquietmode: false "166": id: "166" - taskid: 81ba672b-6c55-43b7-8afe-b6b22c4a5b78 + taskid: ddad11be-1a2e-45a3-8030-1696ba3fe875 type: regular task: - id: 81ba672b-6c55-43b7-8afe-b6b22c4a5b78 + id: ddad11be-1a2e-45a3-8030-1696ba3fe875 version: -1 name: Send remediation notification email to service owners description: Send an email to service owners regarding the status of the automated remediation action that was taken. @@ -2639,52 +2558,12 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "167": - id: "167" - taskid: 641053ac-63af-4099-8593-5625502fd245 - type: playbook - task: - id: 641053ac-63af-4099-8593-5625502fd245 - version: -1 - name: Cortex ASM - Remediation - description: This playbook contains all the cloud provider sub playbooks for remediation. - type: playbook - iscommand: false - brand: "" - playbookId: Cortex ASM - Remediation - nexttasks: - '#none#': - - "164" - separatecontext: true - continueonerrortype: "" - view: |- - { - "position": { - "x": -690, - "y": 1685 - } - } - note: false - timertriggers: [] - ignoreworker: false - skipunavailable: false - quietmode: 0 - isoversize: false - isautoswitchedtoquietmode: false - loop: - exitCondition: "" - iscommand: false - max: 100 - wait: 1 - scriptarguments: - AWSAssumeRoleName: - simple: ${inputs.AWSAssumeRoleName} "168": id: "168" - taskid: c1b8c2a1-b656-4ea3-8dba-ccad5b91f5ee + taskid: 3f1c6f44-04d4-4590-838c-d88bc36fbd79 type: regular task: - id: c1b8c2a1-b656-4ea3-8dba-ccad5b91f5ee + id: 3f1c6f44-04d4-4590-838c-d88bc36fbd79 version: -1 name: Set playbook stage grid field (remediation) description: |- @@ -2724,10 +2603,10 @@ tasks: isautoswitchedtoquietmode: false "169": id: "169" - taskid: 2a3e0cc0-ba4f-46dc-88cc-13ffb6b5998c + taskid: ef95362b-ca5f-483b-8f1c-b49eaa591bb5 type: regular task: - id: 2a3e0cc0-ba4f-46dc-88cc-13ffb6b5998c + id: ef95362b-ca5f-483b-8f1c-b49eaa591bb5 version: -1 name: Set playbook stage grid field (notification) description: |- @@ -2767,10 +2646,10 @@ tasks: isautoswitchedtoquietmode: false "171": id: "171" - taskid: 24fca124-2988-4d3a-8fee-71e259527599 + taskid: 1b619bad-e5c8-41f8-85f8-54c7ad48c8bc type: regular task: - id: 24fca124-2988-4d3a-8fee-71e259527599 + id: 1b619bad-e5c8-41f8-85f8-54c7ad48c8bc version: -1 name: Initialize grid fields description: Clear ASM grid fields in case the playbook is rerun. @@ -2832,10 +2711,10 @@ tasks: isautoswitchedtoquietmode: false "172": id: "172" - taskid: f0db3269-8d70-4134-830c-0cbc7e5c3ace + taskid: 24dedd51-5427-4637-8cfc-b5dc476678a7 type: regular task: - id: f0db3269-8d70-4134-830c-0cbc7e5c3ace + id: 24dedd51-5427-4637-8cfc-b5dc476678a7 version: -1 name: GenerateSummaryReport - Analysis description: Generate an ASM Alert Summary report. @@ -2938,10 +2817,10 @@ tasks: isautoswitchedtoquietmode: false "175": id: "175" - taskid: 9a78c8cf-dd23-475f-8087-c9247c0a8b20 + taskid: 27b52a79-73b2-46f1-8df7-8f139873b8f4 type: playbook task: - id: 9a78c8cf-dd23-475f-8087-c9247c0a8b20 + id: 27b52a79-73b2-46f1-8df7-8f139873b8f4 version: -1 name: Cortex ASM - Remediation Guidance type: playbook @@ -2970,10 +2849,10 @@ tasks: isautoswitchedtoquietmode: false "176": id: "176" - taskid: e3c46065-209e-4c50-87bf-e3a09155aefd + taskid: e7101013-512c-48bf-8a4c-6a70b08dec6d type: playbook task: - id: e3c46065-209e-4c50-87bf-e3a09155aefd + id: e7101013-512c-48bf-8a4c-6a70b08dec6d version: -1 name: Cortex ASM - Email Notification description: This playbook is used to send email notifications to service owners to notify them of their internet exposures. @@ -3017,10 +2896,10 @@ tasks: isautoswitchedtoquietmode: false "177": id: "177" - taskid: fc186e03-ae9c-43df-8aec-0e4b3974964e + taskid: ac48f670-dfa1-4419-8bd3-a0bdc2b54c40 type: regular task: - id: fc186e03-ae9c-43df-8aec-0e4b3974964e + id: ac48f670-dfa1-4419-8bd3-a0bdc2b54c40 version: -1 name: GenerateSummaryReport - Summary description: Generate an ASM Alert Summary report. @@ -3127,10 +3006,10 @@ tasks: isautoswitchedtoquietmode: false "178": id: "178" - taskid: 9068290d-00f6-4030-865e-0014779a53b1 + taskid: 31a1fbd0-1f8f-462a-81fd-79b5f5c2d462 type: playbook task: - id: 9068290d-00f6-4030-865e-0014779a53b1 + id: 31a1fbd0-1f8f-462a-81fd-79b5f5c2d462 version: -1 name: Cortex ASM - Jira Notification type: playbook @@ -3174,10 +3053,10 @@ tasks: isautoswitchedtoquietmode: false "179": id: "179" - taskid: 3b5f854d-d552-4149-8450-e7f51d293862 + taskid: 70be4075-98e6-4a30-85bd-2a2fd6c3bbbd type: playbook task: - id: 3b5f854d-d552-4149-8450-e7f51d293862 + id: 70be4075-98e6-4a30-85bd-2a2fd6c3bbbd version: -1 name: Cortex ASM - ServiceNow Notification type: playbook @@ -3221,10 +3100,10 @@ tasks: isautoswitchedtoquietmode: false "180": id: "180" - taskid: 6821e4af-fea8-4b29-8190-f83f664ffeb4 + taskid: bd53973d-cb69-4fd3-838f-093a8acec197 type: regular task: - id: 6821e4af-fea8-4b29-8190-f83f664ffeb4 + id: bd53973d-cb69-4fd3-838f-093a8acec197 version: -1 name: Delete context description: |- @@ -3274,13 +3153,13 @@ tasks: skipunavailable: false task: brand: "" - id: 5e8d3185-d40a-40dd-8ae1-9c074bc66c7e + id: ab2861ef-0661-4556-82e8-ca82ca8247cd iscommand: false name: Slack Message type: title version: -1 description: '' - taskid: 5e8d3185-d40a-40dd-8ae1-9c074bc66c7e + taskid: ab2861ef-0661-4556-82e8-ca82ca8247cd timertriggers: [] type: title view: |- @@ -3317,13 +3196,13 @@ tasks: description: |- Automation used to more easily populate a grid field. This is necessary when you want to assign certain values as static or if you have context paths that you will assign to different values as well. Instead of a value, you can enter `TIMESTAMP` to get the current timestamp in ISO format. Example of the command: `!GridFieldSetup keys=ip,src,timestamp val1=${AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddress} val2="AWS" val3="TIMESTAMP" gridfiled="gridfield"` - id: 781bc101-1cc4-4f44-8dcb-7862c724fc9e + id: 98805312-6ca7-42e5-8c15-1d823f925f77 iscommand: false name: Set playbook stage grid field (decision) script: GridFieldSetup type: regular version: -1 - taskid: 781bc101-1cc4-4f44-8dcb-7862c724fc9e + taskid: 98805312-6ca7-42e5-8c15-1d823f925f77 timertriggers: [] type: regular view: |- @@ -3348,13 +3227,13 @@ tasks: skipunavailable: false task: brand: "" - id: 948a8d72-8065-4f5b-8ead-3ca0fda04a44 + id: 27daf64d-b14d-4a42-8a5b-cf42d0953d35 iscommand: false name: Notification Stage type: title version: -1 description: '' - taskid: 948a8d72-8065-4f5b-8ead-3ca0fda04a44 + taskid: 27daf64d-b14d-4a42-8a5b-cf42d0953d35 timertriggers: [] type: title view: |- @@ -3392,13 +3271,13 @@ tasks: task: brand: "" description: This playbook is used to create instant messages toward service owners to notify them of their internet exposures. - id: da3b6dea-eab0-498c-832f-85d9ac318401 + id: 0f2ae625-39be-4cb7-8d21-7e1632aa18a0 iscommand: false name: 'Cortex ASM - Instant Message' playbookId: 'Cortex ASM - Instant Message' type: playbook version: -1 - taskid: da3b6dea-eab0-498c-832f-85d9ac318401 + taskid: 0f2ae625-39be-4cb7-8d21-7e1632aa18a0 timertriggers: [] type: playbook view: |- @@ -3408,6 +3287,132 @@ tasks: "y": 1780 } } + "185": + continueonerrortype: "" + id: "185" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + loop: + exitCondition: "" + iscommand: false + max: 0 + wait: 1 + nexttasks: + '#none#': + - "125" + note: false + quietmode: 0 + scriptarguments: + AWSAssumeRoleName: + simple: ${inputs.AWSAssumeRoleName} + RemoteIP: + complex: + accessor: remoteip + root: alert + separatecontext: true + skipunavailable: false + task: + brand: "" + id: 937819ab-91bd-438e-8329-4b00b1d6dfeb + iscommand: false + name: Cortex ASM - Enrichment + playbookId: Cortex ASM - Enrichment + type: playbook + version: -1 + description: '' + taskid: 937819ab-91bd-438e-8329-4b00b1d6dfeb + timertriggers: [] + type: playbook + view: |- + { + "position": { + "x": 70, + "y": -870 + } + } + "186": + continueonerrortype: "" + id: "186" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + loop: + exitCondition: "" + iscommand: false + max: 0 + wait: 1 + nexttasks: + '#none#': + - "145" + note: false + quietmode: 0 + scriptarguments: + BypassDevCheck: + simple: ${inputs.BypassDevCheck} + ExternallyDetectedProviders: + simple: ${ASM.ExternalService.externally_detected_providers} + separatecontext: true + skipunavailable: false + task: + brand: "" + id: 3898edf1-25e6-484d-8f4e-572a9c84455c + iscommand: false + name: Cortex ASM - Remediation Path Rules + playbookId: Cortex ASM - Remediation Path Rules + type: playbook + version: -1 + description: '' + taskid: 3898edf1-25e6-484d-8f4e-572a9c84455c + timertriggers: [] + type: playbook + view: |- + { + "position": { + "x": 70, + "y": 480 + } + } + "187": + continueonerrortype: "" + id: "187" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + loop: + exitCondition: "" + iscommand: false + max: 0 + wait: 1 + nexttasks: + '#none#': + - "164" + note: false + quietmode: 0 + scriptarguments: + AWSAssumeRoleName: + simple: ${inputs.AWSAssumeRoleName} + separatecontext: true + skipunavailable: false + task: + brand: "" + id: 647b684a-7cfd-4edb-883d-4de8c9516d5b + iscommand: false + name: Cortex ASM - Remediation + playbookId: Cortex ASM - Remediation + type: playbook + version: -1 + description: '' + taskid: 647b684a-7cfd-4edb-883d-4de8c9516d5b + timertriggers: [] + type: playbook + view: |- + { + "position": { + "x": -690, + "y": 1675 + } + } view: |- { "linkLabelsPosition": { diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_AWS_Enrichment.yml b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_AWS_Enrichment.yml index 8dbf47955514..3feef25deeff 100644 --- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_AWS_Enrichment.yml +++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_AWS_Enrichment.yml @@ -6,10 +6,10 @@ starttaskid: "0" tasks: "0": id: "0" - taskid: 51c3f602-b00e-4cdb-8389-4874746a7e01 + taskid: f2a59ef0-cb1e-4798-8bd4-32f87bdcb801 type: start task: - id: 51c3f602-b00e-4cdb-8389-4874746a7e01 + id: f2a59ef0-cb1e-4798-8bd4-32f87bdcb801 version: -1 name: "" iscommand: false @@ -36,10 +36,10 @@ tasks: isautoswitchedtoquietmode: false "1": id: "1" - taskid: 2d771cd2-db77-4f80-8aec-9594c2347039 + taskid: 8eca27f9-7709-4c5c-85ea-9723f1ba9817 type: title task: - id: 2d771cd2-db77-4f80-8aec-9594c2347039 + id: 8eca27f9-7709-4c5c-85ea-9723f1ba9817 version: -1 name: Set Field description: commands.local.cmd.set.incident @@ -52,6 +52,7 @@ tasks: - "9" - "22" - "29" + - "64" separatecontext: false continueonerrortype: "" view: |- @@ -70,10 +71,10 @@ tasks: isautoswitchedtoquietmode: false "2": id: "2" - taskid: 5263a753-00be-4ec4-83ae-2b9f77092ca5 + taskid: 7f2a1f3a-a3f2-4914-8757-5e8750a9954e type: regular task: - id: 5263a753-00be-4ec4-83ae-2b9f77092ca5 + id: 7f2a1f3a-a3f2-4914-8757-5e8750a9954e version: -1 name: Set private IP grid field description: |- @@ -115,10 +116,10 @@ tasks: isautoswitchedtoquietmode: false "4": id: "4" - taskid: 5a02ff40-8e58-4578-81ab-ee2af7d68478 + taskid: 14d35979-d26d-4475-811b-ca37e4fea28c type: condition task: - id: 5a02ff40-8e58-4578-81ab-ee2af7d68478 + id: 14d35979-d26d-4475-811b-ca37e4fea28c version: -1 name: Is there EC2 information? description: Determines if there is EC2 information to set the private IP, cloud, and tags fields. @@ -159,10 +160,10 @@ tasks: isautoswitchedtoquietmode: false "6": id: "6" - taskid: 782d1aa8-51b1-4cfb-845b-51ab382cdbb1 + taskid: b2537a81-ff0e-4dec-8e3c-d27d839bd677 type: title task: - id: 782d1aa8-51b1-4cfb-845b-51ab382cdbb1 + id: b2537a81-ff0e-4dec-8e3c-d27d839bd677 version: -1 name: Private IP type: title @@ -190,10 +191,10 @@ tasks: isautoswitchedtoquietmode: false "8": id: "8" - taskid: c175b36e-f61d-4fed-81dc-4aac584d57e5 + taskid: 7c312963-025c-4236-8a8a-490376d80924 type: title task: - id: c175b36e-f61d-4fed-81dc-4aac584d57e5 + id: 7c312963-025c-4236-8a8a-490376d80924 version: -1 name: System IDs type: title @@ -208,7 +209,7 @@ tasks: view: |- { "position": { - "x": 90, + "x": -890, "y": 720 } } @@ -221,10 +222,10 @@ tasks: isautoswitchedtoquietmode: false "9": id: "9" - taskid: 70e6bd2a-1018-4417-82a9-4ce3f948fea3 + taskid: a0c545b4-7ca6-4d1e-8ec4-9e7d5f906410 type: condition task: - id: 70e6bd2a-1018-4417-82a9-4ce3f948fea3 + id: a0c545b4-7ca6-4d1e-8ec4-9e7d5f906410 version: -1 name: Is there EC2 and security group information? description: Determines if there is EC2 and security group information to set in the system IDs field. @@ -258,7 +259,7 @@ tasks: view: |- { "position": { - "x": 90, + "x": -890, "y": 515 } } @@ -271,10 +272,10 @@ tasks: isautoswitchedtoquietmode: false "10": id: "10" - taskid: c2790638-0379-47ee-86a2-b6f270b30023 + taskid: d5e9eeba-26f8-403e-82d4-d81ddb1b2862 type: regular task: - id: c2790638-0379-47ee-86a2-b6f270b30023 + id: d5e9eeba-26f8-403e-82d4-d81ddb1b2862 version: -1 name: Set system IDs grid field (VPC) description: |- @@ -305,7 +306,7 @@ tasks: view: |- { "position": { - "x": 90, + "x": -890, "y": 1020 } } @@ -318,10 +319,10 @@ tasks: isautoswitchedtoquietmode: false "11": id: "11" - taskid: 17605a41-dcf6-4bc6-82ac-35b74c405b65 + taskid: af4fcae6-fa3a-4036-86f2-a044c2e2b150 type: regular task: - id: 17605a41-dcf6-4bc6-82ac-35b74c405b65 + id: af4fcae6-fa3a-4036-86f2-a044c2e2b150 version: -1 name: Set system IDs grid field (SG) description: |- @@ -352,7 +353,7 @@ tasks: view: |- { "position": { - "x": 90, + "x": -890, "y": 1190 } } @@ -365,10 +366,10 @@ tasks: isautoswitchedtoquietmode: false "12": id: "12" - taskid: 068282df-bda6-4f5e-8e14-caf76cbe3ed7 + taskid: fa4088df-9a3a-4480-8e61-7672d7a4ea69 type: regular task: - id: 068282df-bda6-4f5e-8e14-caf76cbe3ed7 + id: fa4088df-9a3a-4480-8e61-7672d7a4ea69 version: -1 name: Set system IDs grid field (subnet ID) description: |- @@ -399,7 +400,7 @@ tasks: view: |- { "position": { - "x": 90, + "x": -890, "y": 1360 } } @@ -412,10 +413,10 @@ tasks: isautoswitchedtoquietmode: false "13": id: "13" - taskid: cd819f74-7964-456c-8dfa-709434039bf3 + taskid: aee30d2e-a57d-406f-8973-da95d14221b2 type: regular task: - id: cd819f74-7964-456c-8dfa-709434039bf3 + id: aee30d2e-a57d-406f-8973-da95d14221b2 version: -1 name: Set system IDs grid field (NIC) description: |- @@ -446,7 +447,7 @@ tasks: view: |- { "position": { - "x": 90, + "x": -890, "y": 1540 } } @@ -459,10 +460,10 @@ tasks: isautoswitchedtoquietmode: false "14": id: "14" - taskid: c83ea01a-4333-40f5-8cd5-7a176c34e1cd + taskid: ff76595f-a547-4bff-8d63-e3a322dadc06 type: regular task: - id: c83ea01a-4333-40f5-8cd5-7a176c34e1cd + id: ff76595f-a547-4bff-8d63-e3a322dadc06 version: -1 name: Set system IDs grid field (EC2 ID) description: |- @@ -493,7 +494,7 @@ tasks: view: |- { "position": { - "x": 90, + "x": -890, "y": 1710 } } @@ -506,10 +507,10 @@ tasks: isautoswitchedtoquietmode: false "15": id: "15" - taskid: 7048ede0-a0e8-4093-8933-a89715d9dfd6 + taskid: 4bcc6bc5-345b-4561-8386-36c1f7622f90 type: title task: - id: 7048ede0-a0e8-4093-8933-a89715d9dfd6 + id: 4bcc6bc5-345b-4561-8386-36c1f7622f90 version: -1 name: Cloud type: title @@ -537,10 +538,10 @@ tasks: isautoswitchedtoquietmode: false "16": id: "16" - taskid: c7c33d43-fb9a-43b6-8660-9dc57994afe3 + taskid: b5715924-3d84-472a-8c05-65d6902a7ce0 type: regular task: - id: c7c33d43-fb9a-43b6-8660-9dc57994afe3 + id: b5715924-3d84-472a-8c05-65d6902a7ce0 version: -1 name: Set cloud grid field description: |- @@ -592,10 +593,10 @@ tasks: isautoswitchedtoquietmode: false "17": id: "17" - taskid: 4809e879-3600-4207-8053-7af1e9884404 + taskid: 16fe96c8-1930-477e-8ab7-8b5fcce4efed type: title task: - id: 4809e879-3600-4207-8053-7af1e9884404 + id: 16fe96c8-1930-477e-8ab7-8b5fcce4efed version: -1 name: Tags type: title @@ -623,10 +624,10 @@ tasks: isautoswitchedtoquietmode: false "18": id: "18" - taskid: 2d8c53e5-5c46-4bfe-8f54-101c5e4143d9 + taskid: d5122bf5-b3f5-42b7-8df4-a13c3be6f51e type: regular task: - id: 2d8c53e5-5c46-4bfe-8f54-101c5e4143d9 + id: d5122bf5-b3f5-42b7-8df4-a13c3be6f51e version: -1 name: Set tags grid field description: |- @@ -672,10 +673,10 @@ tasks: isautoswitchedtoquietmode: false "19": id: "19" - taskid: 448283e1-7429-4854-80f7-8dc8ebfcf306 + taskid: fdf7bd3a-cb0d-4de5-8b17-5bfa14d2cfe3 type: playbook task: - id: 448283e1-7429-4854-80f7-8dc8ebfcf306 + id: fdf7bd3a-cb0d-4de5-8b17-5bfa14d2cfe3 version: -1 name: AWS - Enrichment description: Given the IP address this playbook enriches EC2 and IAM information. @@ -698,7 +699,7 @@ tasks: { "position": { "x": 450, - "y": 150 + "y": 170 } } note: false @@ -710,10 +711,10 @@ tasks: isautoswitchedtoquietmode: false "20": id: "20" - taskid: 36ad2f54-2ba5-4f0a-81ed-9f709d27b1c5 + taskid: 99e7c32f-4435-48a8-8f27-05f7f3de346f type: title task: - id: 36ad2f54-2ba5-4f0a-81ed-9f709d27b1c5 + id: 99e7c32f-4435-48a8-8f27-05f7f3de346f version: -1 name: Closing Steps type: title @@ -741,10 +742,10 @@ tasks: - "51" "22": id: "22" - taskid: 6962e5f9-ce36-492a-8fad-4e4368f6b379 + taskid: c43230f7-e626-4657-86c0-ca663895f99c type: condition task: - id: 6962e5f9-ce36-492a-8fad-4e4368f6b379 + id: c43230f7-e626-4657-86c0-ca663895f99c version: -1 name: Are there EC2 tags? description: Determines if there is EC2 tag information to set the tags fields. @@ -786,10 +787,10 @@ tasks: isautoswitchedtoquietmode: false "23": id: "23" - taskid: c083d6a8-8589-478d-8fe3-5ff4b401a959 + taskid: 8b5f68d9-28ff-4f5e-8330-93fd0c76919d type: playbook task: - id: c083d6a8-8589-478d-8fe3-5ff4b401a959 + id: 8b5f68d9-28ff-4f5e-8330-93fd0c76919d version: -1 name: AWS - Unclaimed S3 Bucket Validation description: The playbook sends a HTTP get response to the hostname and validates if there is missing bucket information. @@ -805,7 +806,7 @@ tasks: view: |- { "position": { - "x": -530, + "x": -1510, "y": 810 } } @@ -818,10 +819,10 @@ tasks: isautoswitchedtoquietmode: false "24": id: "24" - taskid: cf0429d6-e359-4b5e-85b5-faf866471e35 + taskid: ea9e07e7-7ce3-41bc-86a5-17e0195a004b type: condition task: - id: cf0429d6-e359-4b5e-85b5-faf866471e35 + id: ea9e07e7-7ce3-41bc-86a5-17e0195a004b version: -1 name: Was an S3 bucket passed back? description: Determines if an S3 bucket was passed back or not. @@ -847,7 +848,7 @@ tasks: view: |- { "position": { - "x": -530, + "x": -1510, "y": 995 } } @@ -860,10 +861,10 @@ tasks: isautoswitchedtoquietmode: false "28": id: "28" - taskid: dc5e8c03-8cdd-4451-8308-4ef5d5cf82d9 + taskid: 6e45383f-a0d9-4c67-8ead-a718cb785920 type: regular task: - id: dc5e8c03-8cdd-4451-8308-4ef5d5cf82d9 + id: 6e45383f-a0d9-4c67-8ead-a718cb785920 version: -1 name: Set system IDs grid field (BucketName) description: |- @@ -893,7 +894,7 @@ tasks: view: |- { "position": { - "x": -530, + "x": -1510, "y": 1455 } } @@ -906,10 +907,10 @@ tasks: isautoswitchedtoquietmode: false "29": id: "29" - taskid: 070d4c16-2e9b-4a9f-8946-f8b81fa95a5b + taskid: 2e89202d-f805-4a8d-8d34-dd3c0075d17f type: condition task: - id: 070d4c16-2e9b-4a9f-8946-f8b81fa95a5b + id: 2e89202d-f805-4a8d-8d34-dd3c0075d17f version: -1 name: What is the sub-alert type? description: Determines the ASM sub-alert type for different scans. @@ -944,7 +945,7 @@ tasks: view: |- { "position": { - "x": -410, + "x": -1390, "y": 505 } } @@ -957,10 +958,10 @@ tasks: isautoswitchedtoquietmode: false "30": id: "30" - taskid: 519f41b6-9cea-47d4-8c31-c2aea0f3c57e + taskid: 083b4657-6d36-4ee6-8f3a-5aae7feafdec type: regular task: - id: 519f41b6-9cea-47d4-8c31-c2aea0f3c57e + id: 083b4657-6d36-4ee6-8f3a-5aae7feafdec version: -1 name: Set true flag for completed enrichment description: Set a value in context under the key you entered. @@ -996,10 +997,10 @@ tasks: isautoswitchedtoquietmode: false "32": id: "32" - taskid: 2bd2d10d-ec05-4363-8227-ce5275114507 + taskid: 79d0de58-5b4f-428e-8d6e-ec8ce48f3288 type: regular task: - id: 2bd2d10d-ec05-4363-8227-ce5275114507 + id: 79d0de58-5b4f-428e-8d6e-ec8ce48f3288 version: -1 name: Set false flag for completed enrichment description: Set a value in context under the key you entered. @@ -1035,10 +1036,10 @@ tasks: isautoswitchedtoquietmode: false "33": id: "33" - taskid: dea20ab0-84b6-4885-880b-8d1abc2d4d5c + taskid: be750499-2442-4db5-8d97-ba7b7e68b011 type: regular task: - id: dea20ab0-84b6-4885-880b-8d1abc2d4d5c + id: be750499-2442-4db5-8d97-ba7b7e68b011 version: -1 name: Set true flag for completed enrichment description: Set a value in context under the key you entered. @@ -1074,10 +1075,10 @@ tasks: isautoswitchedtoquietmode: false "34": id: "34" - taskid: c0cad7ce-44b8-4a76-8226-5a7287be663a + taskid: bbbaa31e-c07e-4788-8e3a-a591a6bb57d2 type: regular task: - id: c0cad7ce-44b8-4a76-8226-5a7287be663a + id: bbbaa31e-c07e-4788-8e3a-a591a6bb57d2 version: -1 name: Set true flag for completed enrichment description: Set a value in context under the key you entered. @@ -1113,10 +1114,10 @@ tasks: isautoswitchedtoquietmode: false "38": id: "38" - taskid: 54d33a30-9d4b-4b1d-8112-cb019c18c419 + taskid: bcfc39b2-9ec1-47d9-8c59-372270fcc548 type: regular task: - id: 54d33a30-9d4b-4b1d-8112-cb019c18c419 + id: bcfc39b2-9ec1-47d9-8c59-372270fcc548 version: -1 name: Set false flag for completed enrichment description: Set a value in context under the key you entered. @@ -1139,8 +1140,8 @@ tasks: view: |- { "position": { - "x": 520, - "y": 1480 + "x": -430, + "y": 1635 } } note: false @@ -1152,10 +1153,10 @@ tasks: isautoswitchedtoquietmode: false "39": id: "39" - taskid: 9f2bc905-fc3d-4c37-8199-7e2ef2d8a6b8 + taskid: d5bf97bc-5f7e-4e2e-8d74-57be7f721dc0 type: regular task: - id: 9f2bc905-fc3d-4c37-8199-7e2ef2d8a6b8 + id: d5bf97bc-5f7e-4e2e-8d74-57be7f721dc0 version: -1 name: Set true flag for completed enrichment description: Set a value in context under the key you entered. @@ -1170,7 +1171,7 @@ tasks: append: simple: "true" key: - simple: asm_enrichment_flag_aws + simple: asm_enrichment_flag_aws_ssm value: simple: "true" separatecontext: false @@ -1178,7 +1179,7 @@ tasks: view: |- { "position": { - "x": 90, + "x": -890, "y": 1880 } } @@ -1191,10 +1192,10 @@ tasks: isautoswitchedtoquietmode: false "40": id: "40" - taskid: fa715bac-0be6-4767-8235-d6810ae4bd10 + taskid: 6d6f9409-62c3-4c9d-8f84-e497b6497872 type: regular task: - id: fa715bac-0be6-4767-8235-d6810ae4bd10 + id: 6d6f9409-62c3-4c9d-8f84-e497b6497872 version: -1 name: Set true flag for completed enrichment description: Set a value in context under the key you entered. @@ -1217,7 +1218,7 @@ tasks: view: |- { "position": { - "x": -530, + "x": -1510, "y": 1865 } } @@ -1230,10 +1231,10 @@ tasks: isautoswitchedtoquietmode: false "41": id: "41" - taskid: 9e6312e8-0a0f-4647-8ba5-973e0b5ed91f + taskid: ee76e6eb-a96d-437d-8ef2-f5db8eadb783 type: regular task: - id: 9e6312e8-0a0f-4647-8ba5-973e0b5ed91f + id: ee76e6eb-a96d-437d-8ef2-f5db8eadb783 version: -1 name: Set false flag for completed enrichment description: Set a value in context under the key you entered. @@ -1256,7 +1257,7 @@ tasks: view: |- { "position": { - "x": -310, + "x": -1290, "y": 1635 } } @@ -1269,10 +1270,10 @@ tasks: isautoswitchedtoquietmode: false "43": id: "43" - taskid: 456a42f9-d42f-4005-884d-82c8f1af4c5d + taskid: 27a03fef-3842-46bb-81ba-0c3b556ff3c2 type: regular task: - id: 456a42f9-d42f-4005-884d-82c8f1af4c5d + id: 27a03fef-3842-46bb-81ba-0c3b556ff3c2 version: -1 name: Set ASM enrichment status to true (s3) description: |- @@ -1314,10 +1315,10 @@ tasks: isautoswitchedtoquietmode: false "44": id: "44" - taskid: 39cba846-8cb8-4153-8778-57b3eb0640a4 + taskid: 4afafe5c-7a00-4f78-8f0f-2ed2f09fe76c type: regular task: - id: 39cba846-8cb8-4153-8778-57b3eb0640a4 + id: 4afafe5c-7a00-4f78-8f0f-2ed2f09fe76c version: -1 name: Set ASM enrichment status to true (AWS) description: |- @@ -1359,10 +1360,10 @@ tasks: isautoswitchedtoquietmode: false "51": id: "51" - taskid: ac24bdff-06e4-421e-8fdf-fc9e21998c84 + taskid: 94b9ccf0-0c2c-422c-80f0-ac07e330085d type: condition task: - id: ac24bdff-06e4-421e-8fdf-fc9e21998c84 + id: 94b9ccf0-0c2c-422c-80f0-ac07e330085d version: -1 name: Was enrichment performed? description: Check if enrichment was performed by checking for a value of true in the relevant flag variable. @@ -1439,10 +1440,10 @@ tasks: isautoswitchedtoquietmode: false "52": id: "52" - taskid: 11325ebe-a5d7-4461-8f01-2405f328c059 + taskid: 1381ba16-f89d-40b5-86e2-54143a790af2 type: title task: - id: 11325ebe-a5d7-4461-8f01-2405f328c059 + id: 1381ba16-f89d-40b5-86e2-54143a790af2 version: -1 name: Both type: title @@ -1471,10 +1472,10 @@ tasks: isautoswitchedtoquietmode: false "53": id: "53" - taskid: 2b3f9482-232a-42af-84b8-94341cb27760 + taskid: 32d50c6b-2f9a-4302-829b-8c5aee0ca3c2 type: regular task: - id: 2b3f9482-232a-42af-84b8-94341cb27760 + id: 32d50c6b-2f9a-4302-829b-8c5aee0ca3c2 version: -1 name: Set ASM enrichment status to false (AWS) description: |- @@ -1516,10 +1517,10 @@ tasks: isautoswitchedtoquietmode: false "54": id: "54" - taskid: 44cd6e08-91e4-4c1d-89cb-4ca2ea6bf109 + taskid: f946c5cc-65b6-4e5d-86ee-f730fe0ea9ad type: regular task: - id: 44cd6e08-91e4-4c1d-89cb-4ca2ea6bf109 + id: f946c5cc-65b6-4e5d-86ee-f730fe0ea9ad version: -1 name: Set ASM enrichment status to false (s3) description: |- @@ -1561,10 +1562,10 @@ tasks: isautoswitchedtoquietmode: false "55": id: "55" - taskid: 61f966c0-67d1-4a51-8be0-bb7a82a52b1a + taskid: 37aea528-4d0b-4237-82e9-9f15d40007c0 type: title task: - id: 61f966c0-67d1-4a51-8be0-bb7a82a52b1a + id: 37aea528-4d0b-4237-82e9-9f15d40007c0 version: -1 name: Complete type: title @@ -1589,10 +1590,10 @@ tasks: isautoswitchedtoquietmode: false "56": id: "56" - taskid: aa1861eb-40a6-43c1-8dc1-fe409506a657 + taskid: aefccfa5-4c36-4a60-8aec-0df67d820a0c type: regular task: - id: aa1861eb-40a6-43c1-8dc1-fe409506a657 + id: aefccfa5-4c36-4a60-8aec-0df67d820a0c version: -1 name: Set system IDs grid field (type) description: Sets the type of cloud asset to the grid field for the ASM system IDs object. @@ -1619,7 +1620,7 @@ tasks: view: |- { "position": { - "x": 90, + "x": -890, "y": 855 } } @@ -1632,10 +1633,10 @@ tasks: isautoswitchedtoquietmode: false "57": id: "57" - taskid: acba7940-e548-49be-88e6-a78d4d37a720 + taskid: 7df56655-292b-4db0-8d27-a2724d72203b type: regular task: - id: acba7940-e548-49be-88e6-a78d4d37a720 + id: 7df56655-292b-4db0-8d27-a2724d72203b version: -1 name: Set system IDs grid field (type) description: |- @@ -1664,7 +1665,7 @@ tasks: view: |- { "position": { - "x": -530, + "x": -1510, "y": 1235 } } @@ -1716,13 +1717,13 @@ tasks: task: brand: "" description: Set a value in context under the key you entered. - id: cec9ceb0-c771-4e25-8958-aaa841c0cc5a + id: 8196e4aa-6d02-4315-848f-ff9487841f41 iscommand: false name: Set org script: Set type: regular version: -1 - taskid: cec9ceb0-c771-4e25-8958-aaa841c0cc5a + taskid: 8196e4aa-6d02-4315-848f-ff9487841f41 timertriggers: [] type: regular view: |- @@ -1753,13 +1754,13 @@ tasks: task: brand: "" description: Set a value in context under the key you entered. - id: 1884cb2d-a89e-44cc-8b28-cff7deb2edde + id: 9d212a96-b43b-46a7-8417-0e836cd68a79 iscommand: false name: Set org to n/a script: Set type: regular version: -1 - taskid: 1884cb2d-a89e-44cc-8b28-cff7deb2edde + taskid: 9d212a96-b43b-46a7-8417-0e836cd68a79 timertriggers: [] type: regular view: |- @@ -1808,12 +1809,12 @@ tasks: task: brand: "" description: Determines if there is AWS organization information to set in the cloud field. - id: e5d551f1-b2a2-4e40-8683-3c6ee7d13dd1 + id: d47da135-9824-4f1a-8f35-9f955ae78114 iscommand: false name: Is there an organization id? type: condition version: -1 - taskid: e5d551f1-b2a2-4e40-8683-3c6ee7d13dd1 + taskid: d47da135-9824-4f1a-8f35-9f955ae78114 timertriggers: [] type: condition view: |- @@ -1851,13 +1852,13 @@ tasks: task: brand: Builtin description: commands.local.cmd.set.incident - id: 0ccf9ad4-ce5f-4473-8961-176dfb6a8cf5 + id: 67f0fcb4-0526-4c92-80be-4f89df7ec211 iscommand: true name: Set hierarchy field script: Builtin|||setAlert type: regular version: -1 - taskid: 0ccf9ad4-ce5f-4473-8961-176dfb6a8cf5 + taskid: 67f0fcb4-0526-4c92-80be-4f89df7ec211 timertriggers: [] type: regular view: |- @@ -1867,6 +1868,450 @@ tasks: "y": 1470 } } + "64": + conditions: + - condition: + - - left: + iscontext: true + value: + complex: + filters: + - - left: + iscontext: true + value: + simple: AWS.SSM.InventoryEntry.Entries.[0].InstanceStatus + operator: isEqualString + right: + value: + simple: Active + root: AWS.SSM + operator: isNotEmpty + right: + value: {} + label: "yes" + continueonerrortype: "" + id: "64" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#default#': + - "72" + "yes": + - "65" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Determines if there is SSM information to set in the system IDs field. + id: 31a242a0-5a16-433c-8034-e9712abe8f9a + iscommand: false + name: Is there AWS SSM information? + type: condition + version: -1 + taskid: 31a242a0-5a16-433c-8034-e9712abe8f9a + timertriggers: [] + type: condition + view: |- + { + "position": { + "x": 40, + "y": 515 + } + } + "65": + continueonerrortype: "" + id: "65" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "66" + note: false + quietmode: 0 + scriptarguments: + gridfield: + simple: asmsystemids + keys: + simple: type,id,link + val1: + simple: ASSET-TYPE + val2: + simple: AWS-SSM + val3: + simple: n/a + separatecontext: false + skipunavailable: false + task: + brand: Builtin + description: Sets the type of cloud asset to the grid field for the ASM system IDs object. + id: 627c9db8-e0bf-4d1e-87c2-de7a9b566d8a + iscommand: false + name: Set system IDs grid field (type) + script: GridFieldSetup + type: regular + version: -1 + taskid: 627c9db8-e0bf-4d1e-87c2-de7a9b566d8a + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 40, + "y": 720 + } + } + "66": + continueonerrortype: "" + id: "66" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "67" + note: false + quietmode: 0 + scriptarguments: + gridfield: + simple: asmsystemids + keys: + simple: type,id,link + val1: + simple: ASSET-SSM-AGENT-STATUS + val2: + complex: + accessor: Entries + root: AWS.SSM.InventoryEntry + transformers: + - operator: FirstArrayElement + - args: + field: + value: + simple: InstanceStatus + operator: getField + val3: + simple: n/a + separatecontext: false + skipunavailable: false + task: + brand: Builtin + description: |- + Automation used to more easily populate a grid field. This is necessary when you want to assign certain values as static or if you have context paths that you will assign to different values as well. For example: + `!GridFieldSetup keys=ip,src val1=${AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddress} val2="AWS" gridfiled="gridfield"` + id: b685526c-05d1-49a6-8976-54cec87051fd + iscommand: false + name: Set system IDs grid field (SSMAgentStatus) + script: GridFieldSetup + type: regular + version: -1 + taskid: b685526c-05d1-49a6-8976-54cec87051fd + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 40, + "y": 880 + } + } + "67": + continueonerrortype: "" + id: "67" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "68" + note: false + quietmode: 0 + scriptarguments: + gridfield: + simple: asmsystemids + keys: + simple: type,id,link + val1: + simple: ASSET-SSM-ID + val2: + complex: + accessor: Entries + root: AWS.SSM.InventoryEntry + transformers: + - operator: FirstArrayElement + - args: + field: + value: + simple: InstanceId + operator: getField + val3: + simple: n/a + separatecontext: false + skipunavailable: false + task: + brand: Builtin + description: |- + Automation used to more easily populate a grid field. This is necessary when you want to assign certain values as static or if you have context paths that you will assign to different values as well. For example: + `!GridFieldSetup keys=ip,src val1=${AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddress} val2="AWS" gridfiled="gridfield"` + id: 6b837a41-225c-4a41-880d-e04829a897db + iscommand: false + name: Set system IDs grid field (SSMInstanceID) + script: GridFieldSetup + type: regular + version: -1 + taskid: 6b837a41-225c-4a41-880d-e04829a897db + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 40, + "y": 1055 + } + } + "68": + continueonerrortype: "" + id: "68" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "69" + note: false + quietmode: 0 + scriptarguments: + gridfield: + simple: asmsystemids + keys: + simple: type,id,link + val1: + simple: ASSET-SSM-PLATFORM-NAME + val2: + complex: + accessor: Entries + root: AWS.SSM.InventoryEntry + transformers: + - operator: FirstArrayElement + - args: + field: + value: + simple: PlatformName + operator: getField + val3: + simple: n/a + separatecontext: false + skipunavailable: false + task: + brand: Builtin + description: |- + Automation used to more easily populate a grid field. This is necessary when you want to assign certain values as static or if you have context paths that you will assign to different values as well. For example: + `!GridFieldSetup keys=ip,src val1=${AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddress} val2="AWS" gridfiled="gridfield"` + id: 0385d4a3-a23d-4cbc-8bdb-bb49f09687bd + iscommand: false + name: Set system IDs grid field (SSMPlatformName) + script: GridFieldSetup + type: regular + version: -1 + taskid: 0385d4a3-a23d-4cbc-8bdb-bb49f09687bd + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 40, + "y": 1235 + } + } + "69": + continueonerrortype: "" + id: "69" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "70" + note: false + quietmode: 0 + scriptarguments: + gridfield: + simple: asmsystemids + keys: + simple: type,id,link + val1: + simple: ASSET-SSM-PLATFORM-TYPE + val2: + complex: + accessor: Entries + root: AWS.SSM.InventoryEntry + transformers: + - operator: FirstArrayElement + - args: + field: + value: + simple: PlatformType + operator: getField + val3: + simple: n/a + separatecontext: false + skipunavailable: false + task: + brand: Builtin + description: |- + Automation used to more easily populate a grid field. This is necessary when you want to assign certain values as static or if you have context paths that you will assign to different values as well. For example: + `!GridFieldSetup keys=ip,src val1=${AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddress} val2="AWS" gridfiled="gridfield"` + id: d261ca8f-cb4e-4a63-8879-fc8b88e79b57 + iscommand: false + name: Set system IDs grid field (SSMPlatformType) + script: GridFieldSetup + type: regular + version: -1 + taskid: d261ca8f-cb4e-4a63-8879-fc8b88e79b57 + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 40, + "y": 1395 + } + } + "70": + continueonerrortype: "" + id: "70" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "71" + note: false + quietmode: 0 + scriptarguments: + gridfield: + simple: asmsystemids + keys: + simple: type,id,link + val1: + simple: ASSET-SSM-PLATFORM-VERSION + val2: + complex: + accessor: Entries + root: AWS.SSM.InventoryEntry + transformers: + - operator: FirstArrayElement + - args: + field: + value: + simple: PlatformVersion + operator: getField + val3: + simple: n/a + separatecontext: false + skipunavailable: false + task: + brand: Builtin + description: |- + Automation used to more easily populate a grid field. This is necessary when you want to assign certain values as static or if you have context paths that you will assign to different values as well. For example: + `!GridFieldSetup keys=ip,src val1=${AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddress} val2="AWS" gridfiled="gridfield"` + id: a84f696e-8f71-45a0-8878-b1235db97942 + iscommand: false + name: Set system IDs grid field (SSMPlatformVersion) + script: GridFieldSetup + type: regular + version: -1 + taskid: a84f696e-8f71-45a0-8878-b1235db97942 + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 40, + "y": 1565 + } + } + "71": + continueonerrortype: "" + id: "71" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "20" + note: false + quietmode: 0 + scriptarguments: + append: + simple: "true" + key: + simple: asm_enrichment_flag_aws_ssm + value: + simple: "true" + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Set a value in context under the key you entered. + id: a8d26022-1fc4-4030-87e4-be61c8133b4e + iscommand: false + name: Set true flag for completed enrichment + script: Set + type: regular + version: -1 + taskid: a8d26022-1fc4-4030-87e4-be61c8133b4e + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 40, + "y": 1730 + } + } + "72": + continueonerrortype: "" + id: "72" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "20" + note: false + quietmode: 0 + scriptarguments: + append: + simple: "true" + key: + simple: asm_enrichment_flag_aws_ssm + value: + simple: "false" + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Set a value in context under the key you entered. + id: ca8eb5bb-d6c2-4cbc-8633-d2d62d1e2466 + iscommand: false + name: Set false flag for completed enrichment + script: Set + type: regular + version: -1 + taskid: ca8eb5bb-d6c2-4cbc-8633-d2d62d1e2466 + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 460, + "y": 1340 + } + } view: |- { "linkLabelsPosition": { @@ -1879,8 +2324,8 @@ view: |- "paper": { "dimensions": { "height": 3285, - "width": 3000, - "x": -530, + "width": 3980, + "x": -1510, "y": 0 } } diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_AWS_Enrichment_README.md b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_AWS_Enrichment_README.md index b0087f4b10da..9734ea2f5280 100644 --- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_AWS_Enrichment_README.md +++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_AWS_Enrichment_README.md @@ -15,8 +15,8 @@ This playbook does not use any integrations. ### Scripts -* Set * GridFieldSetup +* Set ### Commands diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Remediation.yml b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Remediation.yml index f5f91eb25de0..7cec40a459e1 100644 --- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Remediation.yml +++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Remediation.yml @@ -6,10 +6,10 @@ starttaskid: '0' tasks: '0': id: '0' - taskid: e8d9de22-8cb1-45cb-8336-7a3634a2eaef + taskid: 41328bf8-d0ab-4322-8df0-3ef3a6f7911b type: start task: - id: e8d9de22-8cb1-45cb-8336-7a3634a2eaef + id: 41328bf8-d0ab-4322-8df0-3ef3a6f7911b version: -1 name: '' iscommand: false @@ -36,10 +36,10 @@ tasks: isautoswitchedtoquietmode: false '3': id: '3' - taskid: 4d5d4d16-ec25-4600-8aa3-9db0085d2be4 + taskid: 27c5352a-022a-4aff-87d4-8d948fa788bc type: condition task: - id: 4d5d4d16-ec25-4600-8aa3-9db0085d2be4 + id: 27c5352a-022a-4aff-87d4-8d948fa788bc version: -1 name: What provider is this service? description: Determines which cloud provider the service is in order to direct to the correct enrichment. @@ -50,7 +50,7 @@ tasks: '#default#': - '4' AWS: - - '10' + - "15" Azure: - '6' Cortex Endpoint: @@ -163,10 +163,10 @@ tasks: isautoswitchedtoquietmode: false '4': id: '4' - taskid: 025137d8-71d5-4a03-87fc-593dc78f0167 + taskid: f8177daa-c79e-4080-8d8a-40ea707367aa type: title task: - id: 025137d8-71d5-4a03-87fc-593dc78f0167 + id: f8177daa-c79e-4080-8d8a-40ea707367aa version: -1 name: Completed type: title @@ -178,8 +178,8 @@ tasks: view: |- { "position": { - "x": 510, - "y": 1060 + "x": 520, + "y": 1360 } } note: false @@ -191,10 +191,10 @@ tasks: isautoswitchedtoquietmode: false '6': id: '6' - taskid: 8755ee7e-a021-424c-8a4c-0159367c490a + taskid: 57d9147d-2a07-41d4-8cc9-f54a8950643f type: playbook task: - id: 8755ee7e-a021-424c-8a4c-0159367c490a + id: 57d9147d-2a07-41d4-8cc9-f54a8950643f version: -1 name: Azure - Network Security Group Remediation description: |- @@ -259,8 +259,8 @@ tasks: view: |- { "position": { - "x": 1070, - "y": 560 + "x": 1220, + "y": 610 } } note: false @@ -272,10 +272,10 @@ tasks: isautoswitchedtoquietmode: false '7': id: '7' - taskid: 4a5a1b3f-8f19-486d-8778-6bdadca1adc9 + taskid: c03179f9-4132-4a54-8f0f-4a63d31a6f40 type: playbook task: - id: 4a5a1b3f-8f19-486d-8778-6bdadca1adc9 + id: c03179f9-4132-4a54-8f0f-4a63d31a6f40 version: -1 name: AWS - Unclaimed S3 Bucket Remediation description: The playbook will create the unclaimed S3 bucket. @@ -310,8 +310,8 @@ tasks: view: |- { "position": { - "x": 0, - "y": 550 + "x": -110, + "y": 635 } } note: false @@ -323,10 +323,10 @@ tasks: isautoswitchedtoquietmode: false '8': id: '8' - taskid: ac918c29-4d5f-48b5-8060-94a4c15cc060 + taskid: 0d8eb068-70f3-4fe0-80ef-ca218e2cd125 type: playbook task: - id: ac918c29-4d5f-48b5-8060-94a4c15cc060 + id: 0d8eb068-70f3-4fe0-80ef-ca218e2cd125 version: -1 name: AWS - Security Group Remediation v2 description: This playbook takes in some information about an EC2 instance (ID and public_ip) and with provided port and protocol, determines what security groups on the primary interface of an EC2 instance are over-permissive. It uses an automation to determine what interface on an EC2 instance has an over-permissive security group on, determine which security groups have over-permissive rules and to replace them with a copy of the security group that has only the over-permissive portion removed. Over-permissive is defined as sensitive ports (SSH, RDP, etc) being exposed to the internet via IPv4. @@ -381,8 +381,8 @@ tasks: view: |- { "position": { - "x": -260, - "y": 835 + "x": -420, + "y": 1160 } } note: false @@ -394,10 +394,10 @@ tasks: isautoswitchedtoquietmode: false '9': id: '9' - taskid: 3bfc76d9-be4e-4402-84eb-1b09f3af599f + taskid: 3008b5df-87a9-407c-894b-e346377b1145 type: playbook task: - id: 3bfc76d9-be4e-4402-84eb-1b09f3af599f + id: 3008b5df-87a9-407c-894b-e346377b1145 version: -1 name: GCP - Firewall Remediation type: playbook @@ -472,8 +472,8 @@ tasks: view: |- { "position": { - "x": 740, - "y": 750 + "x": 790, + "y": 730 } } note: false @@ -485,10 +485,10 @@ tasks: isautoswitchedtoquietmode: false '10': id: '10' - taskid: 7c022be5-c22d-4413-854c-d2a87249e532 + taskid: 231659ad-e527-4ca9-806c-e9392b78dabb type: condition task: - id: 7c022be5-c22d-4413-854c-d2a87249e532 + id: 231659ad-e527-4ca9-806c-e9392b78dabb version: -1 name: Is AWSAssumeRoleName Input defined? description: Determines which cloud provider the service is in order to direct to the correct enrichment. @@ -514,8 +514,8 @@ tasks: view: |- { "position": { - "x": -260, - "y": 400 + "x": -600, + "y": 760 } } note: false @@ -527,10 +527,10 @@ tasks: isautoswitchedtoquietmode: false '11': id: '11' - taskid: 85ddd43d-66b3-48f5-8861-a1c60e51024e + taskid: 438b1fed-2bbe-4214-8883-bcfd8f9e2000 type: playbook task: - id: 85ddd43d-66b3-48f5-8861-a1c60e51024e + id: 438b1fed-2bbe-4214-8883-bcfd8f9e2000 version: -1 name: AWS - Security Group Remediation v2 description: This playbook takes in some information about an EC2 instance (ID and public_ip) and with provided port and protocol, determines what security groups on the primary interface of an EC2 instance are over-permissive. It uses an automation to determine what interface on an EC2 instance has an over-permissive security group on, determine which security groups have over-permissive rules and to replace them with a copy of the security group that has only the over-permissive portion removed. Over-permissive is defined as sensitive ports (SSH, RDP, etc) being exposed to the internet via IPv4. @@ -606,8 +606,8 @@ tasks: view: |- { "position": { - "x": -510, - "y": 655 + "x": -810, + "y": 1000 } } note: false @@ -619,10 +619,10 @@ tasks: isautoswitchedtoquietmode: false '12': id: '12' - taskid: 0300188b-1a4f-4da1-8d6f-559597a8873c + taskid: c8e87bd8-3019-42db-8ac9-2e8193077cc6 type: playbook task: - id: 0300188b-1a4f-4da1-8d6f-559597a8873c + id: c8e87bd8-3019-42db-8ac9-2e8193077cc6 version: -1 name: Cortex ASM - On Prem Remediation description: "This playbook adds new block rule(s) to on-prem firewall vendors in order to block internet access for internet exposures.\n\nConditions:\nThis is currently limited to stand-alone firewalls for PAN-OS." @@ -697,8 +697,8 @@ tasks: view: |- { "position": { - "x": 1300, - "y": 390 + "x": 1650, + "y": 480 } } note: false @@ -710,10 +710,10 @@ tasks: isautoswitchedtoquietmode: false '13': id: '13' - taskid: 56f329df-f61c-49b0-8b5d-048a4330f190 + taskid: 9597ebaa-a391-45d6-8b94-367e5f110b7f type: playbook task: - id: 56f329df-f61c-49b0-8b5d-048a4330f190 + id: 9597ebaa-a391-45d6-8b94-367e5f110b7f version: -1 name: Cortex ASM - Cortex Endpoint Remediation type: playbook @@ -753,8 +753,8 @@ tasks: view: |- { "position": { - "x": 300, - "y": 750 + "x": 250, + "y": 1050 } } note: false @@ -764,14 +764,139 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false + "14": + continueonerrortype: "" + id: "14" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + loop: + exitCondition: "" + iscommand: false + max: 100 + wait: 1 + nexttasks: + '#none#': + - "4" + note: false + quietmode: 0 + scriptarguments: + ASM Rule ID: + simple: ${alert.asmattacksurfaceruleid} + Account ID: + simple: ${alert.asmcloud.project} + Assume Role: + simple: ${inputs.AWSAssumeRoleName} + Instance ID: + complex: + accessor: id + filters: + - - left: + iscontext: true + value: + simple: alert.asmsystemids.type + operator: isEqualString + right: + value: + simple: ASSET-ID + root: alert.asmsystemids + Region: + complex: + accessor: region + root: alert.asmcloud + transformers: + - operator: FirstArrayElement + separatecontext: true + skipunavailable: true + task: + brand: "" + description: This playbook upgrades supported packages on an AWS EC2 instance using AWS Systems manager. + id: d22ca941-9360-417f-8d13-c86eae687622 + iscommand: false + name: AWS - Package Upgrade + playbookId: AWS - Package Upgrade + type: playbook + version: -1 + taskid: d22ca941-9360-417f-8d13-c86eae687622 + timertriggers: [] + type: playbook + view: |- + { + "position": { + "x": -1250, + "y": 785 + } + } + "15": + conditions: + - condition: + - - left: + iscontext: true + value: + complex: + accessor: id + filters: + - - left: + iscontext: true + value: + simple: alert.asmsystemids.type + operator: isEqualString + right: + value: + simple: ASSET-SSM-PLATFORM-NAME + root: alert.asmsystemids + operator: isNotEmpty + right: + value: {} + - - left: + iscontext: true + value: + simple: alert.asmdatacollection.selected + operator: isEqualString + right: + value: + simple: Automated remediation by patching vulnerable software + label: "yes" + continueonerrortype: "" + id: "15" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#default#': + - "10" + "yes": + - "14" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Is AWS Systems manager option selected for remediation? + id: 428b2bb0-e540-4d7e-8f02-044e35dbcd33 + iscommand: false + name: Is AWS Systems manager option selected for remediation? + type: condition + version: -1 + taskid: 428b2bb0-e540-4d7e-8f02-044e35dbcd33 + timertriggers: [] + type: condition + view: |- + { + "position": { + "x": -830, + "y": 450 + } + } view: |- { "linkLabelsPosition": {}, "paper": { "dimensions": { - "height": 1105, - "width": 2190, - "x": -510, + "height": 1405, + "width": 3280, + "x": -1250, "y": 20 } } @@ -783,6 +908,6 @@ inputs: description: If assuming roles for AWS, this is the name of the role to assume (should be the same for all organizations) playbookInputQuery: outputs: [] -fromversion: 6.5.0 +fromversion: 6.10.0 tests: - No tests (auto formatted) diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Remediation_Path_Rules.yml b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Remediation_Path_Rules.yml index ef4b7a724bfa..b48228acd335 100644 --- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Remediation_Path_Rules.yml +++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Remediation_Path_Rules.yml @@ -6,10 +6,10 @@ starttaskid: "0" tasks: "0": id: "0" - taskid: f1d641cb-5c08-4f6e-845f-ebe6496e022a + taskid: 21d5081e-7e2a-4269-86f4-ec16219239e9 type: start task: - id: f1d641cb-5c08-4f6e-845f-ebe6496e022a + id: 21d5081e-7e2a-4269-86f4-ec16219239e9 version: -1 name: "" iscommand: false @@ -36,10 +36,10 @@ tasks: isautoswitchedtoquietmode: false "1": id: "1" - taskid: 6d53bedc-d81f-4285-8e6e-dc97f4614354 + taskid: f5a08734-d17a-4fb1-8463-38fef0c3c540 type: regular task: - id: 6d53bedc-d81f-4285-8e6e-dc97f4614354 + id: f5a08734-d17a-4fb1-8463-38fef0c3c540 version: -1 name: List remediation path rules description: Returns list of remediation path rules. @@ -82,10 +82,10 @@ tasks: isautoswitchedtoquietmode: false "3": id: "3" - taskid: 9df5d879-eeb5-40c3-8eb8-aceb4ec9618c + taskid: dd594f41-21ad-4b5b-857d-c581e2fbf153 type: condition task: - id: 9df5d879-eeb5-40c3-8eb8-aceb4ec9618c + id: dd594f41-21ad-4b5b-857d-c581e2fbf153 version: -1 name: Was there a result? description: Determines if there was a result from the previous command to continue. @@ -125,10 +125,10 @@ tasks: isautoswitchedtoquietmode: false "4": id: "4" - taskid: 22599bbd-9854-465e-8df9-66064c1b0c36 + taskid: c4f9c21c-5836-414a-822c-51497dc91b01 type: regular task: - id: 22599bbd-9854-465e-8df9-66064c1b0c36 + id: c4f9c21c-5836-414a-822c-51497dc91b01 version: -1 name: Evaluate remediation path rules description: For a given alert and remediation path rules that are defined for that alert's attack surface rule, this takes each remediation path rule and looks at the rule criteria too see if the rule matches for the given alert. If multiple rules match, it will return the most recently created rule. This assumes that the rules passed in are filtered to correlate with the alert's attack surface rule. @@ -189,10 +189,10 @@ tasks: isautoswitchedtoquietmode: false "6": id: "6" - taskid: 02723b92-4f05-4d1a-8fa2-c3857e794069 + taskid: 1a5064d9-30a7-4d7b-8a48-4595d514d0c3 type: title task: - id: 02723b92-4f05-4d1a-8fa2-c3857e794069 + id: 1a5064d9-30a7-4d7b-8a48-4595d514d0c3 version: -1 name: Complete type: title @@ -217,10 +217,10 @@ tasks: isautoswitchedtoquietmode: false "10": id: "10" - taskid: 9a61e92b-ebd0-42f8-86e3-48a46c7ba7f6 + taskid: 06d9bc06-59ea-4f26-8e72-62158cfaaefa type: condition task: - id: 9a61e92b-ebd0-42f8-86e3-48a46c7ba7f6 + id: 06d9bc06-59ea-4f26-8e72-62158cfaaefa version: -1 name: Meets automated remediation requirements? description: Determines if the alert meets the criteria for automated remediation. @@ -234,11 +234,135 @@ tasks: - "52" Unclaimed S3 Bucket: - "33" - "yes": + AWS Systems Manager: + - "58" + Restrict Open Ports: - "34" separatecontext: false conditions: - - label: "yes" + - label: "AWS Systems Manager" + condition: + - - operator: isExists + left: + value: + complex: + root: modules + filters: + - - left: + iscontext: true + value: + simple: modules.brand + operator: isEqualString + right: + value: + simple: AWS - System Manager + - - left: + iscontext: true + value: + simple: modules.state + operator: isEqualString + right: + value: + simple: active + iscontext: true + - - operator: inList + left: + value: + complex: + root: alert.asmsystemids + accessor: id + filters: + - - left: + iscontext: true + value: + simple: alert.asmsystemids.type + operator: isEqualString + right: + value: + simple: ASSET-SSM-PLATFORM-NAME + transformers: + - operator: toLowerCase + iscontext: true + right: + value: + simple: ubuntu + - - operator: inList + left: + value: + complex: + root: alert + accessor: asmattacksurfaceruleid + transformers: + - args: + chars: + value: + simple: '[\"]' + operator: StripChars + iscontext: true + right: + value: + simple: InsecureOpenSSH + - - operator: inList + left: + value: + complex: + root: alert.asmsystemids + accessor: id + filters: + - - left: + iscontext: true + value: + simple: alert.asmsystemids.type + operator: isEqualString + right: + value: + simple: ASSET-SSM-PLATFORM-TYPE + transformers: + - operator: toLowerCase + iscontext: true + right: + value: + simple: linux + - - left: + iscontext: true + value: + complex: + accessor: id + filters: + - - left: + iscontext: true + value: + simple: alert.asmsystemids.type + operator: isEqualString + right: + value: + simple: ASSET-SSM-AGENT-STATUS + root: alert.asmsystemids + transformers: + - operator: toLowerCase + operator: isEqualString + right: + value: + simple: active + - - left: + iscontext: true + value: + simple: alert.asmdevcheckdetails.result + operator: isTrue + - left: + iscontext: true + value: + simple: inputs.BypassDevCheck + operator: isEqualString + right: + value: + simple: "True" + - - left: + iscontext: true + value: + simple: alert.asmserviceowner + operator: isNotEmpty + - label: "Restrict Open Ports" condition: - - operator: inList left: @@ -420,10 +544,10 @@ tasks: isautoswitchedtoquietmode: false "13": id: "13" - taskid: e6ed66bb-f03a-44ad-8869-cbcad1bc5c7e + taskid: 1d34e7f1-89dd-4e52-8e68-aeefba08d1ab type: condition task: - id: e6ed66bb-f03a-44ad-8869-cbcad1bc5c7e + id: 1d34e7f1-89dd-4e52-8e68-aeefba08d1ab version: -1 name: Is Cortex ASM enabled? description: Determines if the "Cortex Attack Surface Management" integration instance is configured to pull Remediation Path Rules. @@ -481,10 +605,10 @@ tasks: isautoswitchedtoquietmode: false "16": id: "16" - taskid: 872e7d75-7798-4745-8c45-9c5d67833adc + taskid: 69e5192d-ad2f-4a44-8aac-0a45ad590fbe type: condition task: - id: 872e7d75-7798-4745-8c45-9c5d67833adc + id: 69e5192d-ad2f-4a44-8aac-0a45ad590fbe version: -1 name: Is ServiceNow v2 enabled? description: Determines if the "ServiceNow v2" integration instance is enabled in order to send ServiceNow tickets as notifications. @@ -542,10 +666,10 @@ tasks: isautoswitchedtoquietmode: false "17": id: "17" - taskid: 7a5830bc-6940-4622-854d-5cc41bea9678 + taskid: 32d41c9c-ef4b-43eb-8629-9cad1bfffa4e type: regular task: - id: 7a5830bc-6940-4622-854d-5cc41bea9678 + id: 32d41c9c-ef4b-43eb-8629-9cad1bfffa4e version: -1 name: Set ServiceNowv2Enabled to true description: Set a value in context under the key you entered. @@ -579,10 +703,10 @@ tasks: isautoswitchedtoquietmode: false "18": id: "18" - taskid: 18f501de-2d4c-45bf-81b3-015a4130a2e3 + taskid: 66158556-6cc6-4c11-8cb6-af2202cc02a8 type: regular task: - id: 18f501de-2d4c-45bf-81b3-015a4130a2e3 + id: 66158556-6cc6-4c11-8cb6-af2202cc02a8 version: -1 name: Set ServiceNowv2Enabled to false description: Set a value in context under the key you entered. @@ -616,10 +740,10 @@ tasks: isautoswitchedtoquietmode: false "19": id: "19" - taskid: 9f25d9ed-b762-4a00-87e9-afa7994391e8 + taskid: 08373f55-01ab-487c-8a1a-628d0e094e18 type: regular task: - id: 9f25d9ed-b762-4a00-87e9-afa7994391e8 + id: 08373f55-01ab-487c-8a1a-628d0e094e18 version: -1 name: Set AutoRemediationRequirements to true description: Set a value in context under the key you entered. @@ -653,10 +777,10 @@ tasks: isautoswitchedtoquietmode: false "20": id: "20" - taskid: f51f4a24-b789-48c5-846d-4db40bc79d4f + taskid: 400a7a8b-004b-48e6-877f-8db9b91d3bd4 type: regular task: - id: f51f4a24-b789-48c5-846d-4db40bc79d4f + id: 400a7a8b-004b-48e6-877f-8db9b91d3bd4 version: -1 name: Set AutoRemediationRequirements to false description: Set a value in context under the key you entered. @@ -677,8 +801,8 @@ tasks: view: |- { "position": { - "x": -110, - "y": -1475 + "x": -450, + "y": -1485 } } note: false @@ -690,10 +814,10 @@ tasks: isautoswitchedtoquietmode: false "22": id: "22" - taskid: b04443f9-0b6e-41af-876e-a39a746c444d + taskid: f74a74e6-61b3-4843-8e2b-3713727c3345 type: condition task: - id: b04443f9-0b6e-41af-876e-a39a746c444d + id: f74a74e6-61b3-4843-8e2b-3713727c3345 version: -1 name: Was there a match? description: Determines if a matching remediation path rule was found based on population of the "ASM - Remediation Path Rule" field. @@ -735,10 +859,10 @@ tasks: isautoswitchedtoquietmode: false "23": id: "23" - taskid: 673dc3c7-b5e7-44d2-8d1f-b99c49e38459 + taskid: cbc75f55-18a5-4da5-8367-76d54c82dc35 type: condition task: - id: 673dc3c7-b5e7-44d2-8d1f-b99c49e38459 + id: cbc75f55-18a5-4da5-8367-76d54c82dc35 version: -1 name: What is the action of the matched rule? description: Determines what is returned to the parent playbook based on contents of "ASM - Remediation Path Rule" field and other requirements. @@ -882,10 +1006,10 @@ tasks: isautoswitchedtoquietmode: false "24": id: "24" - taskid: 5f6db26e-c815-46c0-8526-6cafe69162a7 + taskid: dcd0c02a-1157-49c9-8afa-d4faeffaa8a5 type: regular task: - id: 5f6db26e-c815-46c0-8526-6cafe69162a7 + id: dcd0c02a-1157-49c9-8afa-d4faeffaa8a5 version: -1 name: Return AR description: Set a value in context under the key you entered. @@ -919,10 +1043,10 @@ tasks: isautoswitchedtoquietmode: false "25": id: "25" - taskid: 3a779211-73aa-4227-8d4b-e226266aecf9 + taskid: ac3fd175-bf39-42f7-8874-eb6e183cbc0d type: regular task: - id: 3a779211-73aa-4227-8d4b-e226266aecf9 + id: ac3fd175-bf39-42f7-8874-eb6e183cbc0d version: -1 name: Return SNOW description: Set a value in context under the key you entered. @@ -956,10 +1080,10 @@ tasks: isautoswitchedtoquietmode: false "26": id: "26" - taskid: cacdb1e1-788f-4206-8efe-e80c54afbc53 + taskid: b5c1a6f2-b3a5-4f2d-8f67-eef2b8b83687 type: regular task: - id: cacdb1e1-788f-4206-8efe-e80c54afbc53 + id: b5c1a6f2-b3a5-4f2d-8f67-eef2b8b83687 version: -1 name: Return Email description: Set a value in context under the key you entered. @@ -993,10 +1117,10 @@ tasks: isautoswitchedtoquietmode: false "27": id: "27" - taskid: d7d4f883-128c-4d9d-8fab-105b0daae9d6 + taskid: 6d4daab5-8668-42ed-8dda-a91fc6d4357d type: regular task: - id: d7d4f883-128c-4d9d-8fab-105b0daae9d6 + id: 6d4daab5-8668-42ed-8dda-a91fc6d4357d version: -1 name: Return Manual description: Set a value in context under the key you entered. @@ -1030,10 +1154,10 @@ tasks: isautoswitchedtoquietmode: false "31": id: "31" - taskid: df241042-452b-4119-86b3-d03f6ec228b0 + taskid: a907d910-10fc-4d9c-8c99-3efce090b3d2 type: regular task: - id: df241042-452b-4119-86b3-d03f6ec228b0 + id: a907d910-10fc-4d9c-8c99-3efce090b3d2 version: -1 name: Get current time description: | @@ -1063,10 +1187,10 @@ tasks: isautoswitchedtoquietmode: false "32": id: "32" - taskid: 54580754-7324-4b6f-8fb8-b8812d59472a + taskid: 459223ef-daed-41f1-8114-cccdd677c737 type: regular task: - id: 54580754-7324-4b6f-8fb8-b8812d59472a + id: 459223ef-daed-41f1-8114-cccdd677c737 version: -1 name: Set timestamp description: Set a value in context under the key you entered. @@ -1103,10 +1227,10 @@ tasks: isautoswitchedtoquietmode: false "33": id: "33" - taskid: 4de8a07c-0f69-4ec7-8ab1-eedb57c82b87 + taskid: a8cce078-4e13-499d-8364-7dc9db8a271f type: title task: - id: 4de8a07c-0f69-4ec7-8ab1-eedb57c82b87 + id: a8cce078-4e13-499d-8364-7dc9db8a271f version: -1 name: Also True type: title @@ -1121,8 +1245,8 @@ tasks: view: |- { "position": { - "x": 1210, - "y": -1590 + "x": 1380, + "y": -1600 } } note: false @@ -1134,10 +1258,10 @@ tasks: isautoswitchedtoquietmode: false "34": id: "34" - taskid: fe46ce0d-166d-4ac5-8853-7b020dae803c + taskid: 096532c1-dd74-4367-8d80-bb8c4723de75 type: regular task: - id: fe46ce0d-166d-4ac5-8853-7b020dae803c + id: 096532c1-dd74-4367-8d80-bb8c4723de75 version: -1 name: Set remediationoptions context (AR ports) description: Set a value in context under the key you entered. @@ -1160,8 +1284,8 @@ tasks: view: |- { "position": { - "x": 300, - "y": -1475 + "x": -40, + "y": -1485 } } note: false @@ -1173,10 +1297,10 @@ tasks: isautoswitchedtoquietmode: false "35": id: "35" - taskid: f66a622d-5407-40d5-8ba7-18fe4e140e28 + taskid: dfc35f93-b585-4dfc-80ab-0232bf901677 type: regular task: - id: f66a622d-5407-40d5-8ba7-18fe4e140e28 + id: dfc35f93-b585-4dfc-80ab-0232bf901677 version: -1 name: Set remediationoptions context (AR S3) description: Set a value in context under the key you entered. @@ -1199,8 +1323,8 @@ tasks: view: |- { "position": { - "x": 1210, - "y": -1475 + "x": 1380, + "y": -1485 } } note: false @@ -1212,10 +1336,10 @@ tasks: isautoswitchedtoquietmode: false "36": id: "36" - taskid: 1ffe487c-5824-4193-8a27-31b564884200 + taskid: 9d23c5f0-606e-4ba1-8c2d-81ac7a4c68db type: title task: - id: 1ffe487c-5824-4193-8a27-31b564884200 + id: 9d23c5f0-606e-4ba1-8c2d-81ac7a4c68db version: -1 name: Notification Check type: title @@ -1245,10 +1369,10 @@ tasks: isautoswitchedtoquietmode: false "37": id: "37" - taskid: b6742788-2eab-48d7-801d-fb177fddc2ef + taskid: 68e55153-7505-4154-8cb6-66dbc63a3c73 type: regular task: - id: b6742788-2eab-48d7-801d-fb177fddc2ef + id: 68e55153-7505-4154-8cb6-66dbc63a3c73 version: -1 name: Set remediationoptions context (SNOW) description: Set a value in context under the key you entered. @@ -1284,10 +1408,10 @@ tasks: isautoswitchedtoquietmode: false "39": id: "39" - taskid: 909f6cfe-e0f7-4a9b-864f-de30c442d850 + taskid: 3aaee7fd-4302-42eb-8cd1-61a070e172b8 type: regular task: - id: 909f6cfe-e0f7-4a9b-864f-de30c442d850 + id: 3aaee7fd-4302-42eb-8cd1-61a070e172b8 version: -1 name: Set JiraEnabled to true description: Set a value in context under the key you entered. @@ -1321,10 +1445,10 @@ tasks: isautoswitchedtoquietmode: false "40": id: "40" - taskid: 85b0b148-69ca-45bc-8d6b-04e072eda19b + taskid: 148d6abb-00cb-4444-81c4-d63b880e6353 type: regular task: - id: 85b0b148-69ca-45bc-8d6b-04e072eda19b + id: 148d6abb-00cb-4444-81c4-d63b880e6353 version: -1 name: Set JiraEnabled to false description: Set a value in context under the key you entered. @@ -1358,10 +1482,10 @@ tasks: isautoswitchedtoquietmode: false "42": id: "42" - taskid: f2a81c15-a56e-4dc8-8036-84a48240154b + taskid: 31981082-5856-4eba-8278-a6ca48bf2907 type: regular task: - id: f2a81c15-a56e-4dc8-8036-84a48240154b + id: 31981082-5856-4eba-8278-a6ca48bf2907 version: -1 name: Set remediationoptions context (Jira) description: Set a value in context under the key you entered. @@ -1397,10 +1521,10 @@ tasks: isautoswitchedtoquietmode: false "43": id: "43" - taskid: e70816ef-97c2-48cc-8bb7-9f9db73848dd + taskid: 30ce7f6b-5825-4e42-8546-e2248718d6e0 type: regular task: - id: e70816ef-97c2-48cc-8bb7-9f9db73848dd + id: 30ce7f6b-5825-4e42-8546-e2248718d6e0 version: -1 name: Set remediationoptions context (Email) description: Set a value in context under the key you entered. @@ -1436,10 +1560,10 @@ tasks: isautoswitchedtoquietmode: false "44": id: "44" - taskid: 4dd679b5-46a7-4861-8392-a11b98d7f868 + taskid: 2e55ccd2-0577-4ac9-8dc9-7bbc9c1f04eb type: regular task: - id: 4dd679b5-46a7-4861-8392-a11b98d7f868 + id: 2e55ccd2-0577-4ac9-8dc9-7bbc9c1f04eb version: -1 name: Set remediationoptions context (Manual) description: Set a value in context under the key you entered. @@ -1475,10 +1599,10 @@ tasks: isautoswitchedtoquietmode: false "45": id: "45" - taskid: 07bc720d-5745-4f20-8367-094894f285ca + taskid: 79eb4fd7-1804-40e1-8a4e-a22b40296203 type: collection task: - id: 07bc720d-5745-4f20-8367-094894f285ca + id: 79eb4fd7-1804-40e1-8a4e-a22b40296203 version: -1 name: Select remediation action (dynamic) description: Determines the next action (remediation or ticket) based on user input. Options are based on if ServiceNowV2 integration is set up and/or the alert meets the requirement for automated remediation. @@ -1545,10 +1669,10 @@ tasks: isautoswitchedtoquietmode: false "46": id: "46" - taskid: a2513b43-b1d0-4d13-8311-6396fd8c6250 + taskid: 44017a99-2d7b-4cfe-82b8-c5cdfcd093ec type: regular task: - id: a2513b43-b1d0-4d13-8311-6396fd8c6250 + id: 44017a99-2d7b-4cfe-82b8-c5cdfcd093ec version: -1 name: Set data collection grid field description: |- @@ -1600,10 +1724,10 @@ tasks: isautoswitchedtoquietmode: false "47": id: "47" - taskid: 5a2c5b2d-7d92-4fbf-8e7d-678217ad68aa + taskid: b9ea6816-55e3-49f3-8260-f9495b32cc19 type: regular task: - id: 5a2c5b2d-7d92-4fbf-8e7d-678217ad68aa + id: b9ea6816-55e3-49f3-8260-f9495b32cc19 version: -1 name: Set playbook stage grid field (decision) description: |- @@ -1643,10 +1767,10 @@ tasks: isautoswitchedtoquietmode: false "48": id: "48" - taskid: dba10119-d0ef-46c6-87d8-18c0b4bc114c + taskid: 30198f95-cbb7-4bb6-869d-9b6e4f3f0ec3 type: regular task: - id: dba10119-d0ef-46c6-87d8-18c0b4bc114c + id: 30198f95-cbb7-4bb6-869d-9b6e4f3f0ec3 version: -1 name: Return Jira description: Set a value in context under the key you entered. @@ -1680,10 +1804,10 @@ tasks: isautoswitchedtoquietmode: false "49": id: "49" - taskid: 52f28b8b-f66b-4d11-84f0-f1ab7f28e3a0 + taskid: 12d27d63-68ff-48ed-8042-9b7df6031760 type: condition task: - id: 52f28b8b-f66b-4d11-84f0-f1ab7f28e3a0 + id: 12d27d63-68ff-48ed-8042-9b7df6031760 version: -1 name: Is Atlassian Jira v2 or v3 enabled? description: Determines if the "Atlassian Jira v2" or "Atlassian Jira v3" integration instance is enabled in order to send Jira tickets as notifications. @@ -1749,10 +1873,10 @@ tasks: isautoswitchedtoquietmode: false "51": id: "51" - taskid: 58720e77-debb-4205-8a8d-245c18f42bf5 + taskid: 1579a8f3-bf24-4911-81a4-1da8456b3625 type: regular task: - id: 58720e77-debb-4205-8a8d-245c18f42bf5 + id: 1579a8f3-bf24-4911-81a4-1da8456b3625 version: -1 name: Set Attack Surface Rules list description: Set a value in context under the key you entered. @@ -1786,10 +1910,10 @@ tasks: isautoswitchedtoquietmode: false "52": id: "52" - taskid: 20584fc7-7e06-45f2-8055-6a44a1e36af2 + taskid: a24d37a0-b4de-4610-880b-7115b65e02df type: regular task: - id: 20584fc7-7e06-45f2-8055-6a44a1e36af2 + id: a24d37a0-b4de-4610-880b-7115b65e02df version: -1 name: Set remediationoptions context (AR Cortex Endpoint) description: Set a value in context under the key you entered. @@ -1812,8 +1936,8 @@ tasks: view: |- { "position": { - "x": 750, - "y": -1475 + "x": 920, + "y": -1485 } } note: false @@ -1844,13 +1968,13 @@ tasks: task: brand: "" description: Set a value in context under the key you entered. - id: 314f9e04-2477-47a7-83dc-a8b21d48b006 + id: 08b8619c-ab9a-4195-8102-2de2f16a44e0 iscommand: false name: Set SlackEnabled to true script: Set type: regular version: -1 - taskid: 314f9e04-2477-47a7-83dc-a8b21d48b006 + taskid: 08b8619c-ab9a-4195-8102-2de2f16a44e0 timertriggers: [] type: regular view: |- @@ -1881,13 +2005,13 @@ tasks: task: brand: "" description: Set a value in context under the key you entered. - id: f51f39d7-302a-4835-80de-5a9796c0e38d + id: c8b4e73c-bc67-456c-83fe-a2102124e99b iscommand: false name: Set SlackEnabled to false script: Set type: regular version: -1 - taskid: f51f39d7-302a-4835-80de-5a9796c0e38d + taskid: c8b4e73c-bc67-456c-83fe-a2102124e99b timertriggers: [] type: regular view: |- @@ -1920,13 +2044,13 @@ tasks: task: brand: "" description: Set a value in context under the key you entered. - id: 16a734a7-6889-426d-8fe3-4f90d13e70bc + id: 56cb6392-ed52-45b2-8194-b4e05730c350 iscommand: false name: Set remediationoptions context (Slack) script: Set type: regular version: -1 - taskid: 16a734a7-6889-426d-8fe3-4f90d13e70bc + taskid: 56cb6392-ed52-45b2-8194-b4e05730c350 timertriggers: [] type: regular view: |- @@ -1982,12 +2106,12 @@ tasks: task: brand: "" description: Determines if the Slack integration (v3) instance is enabled in order to send Slack messages as notifications. - id: 83fa531f-9f0f-40a8-8b65-3e24414ff867 + id: 84e72fc4-8d45-44b2-8c3d-ce4ec92ad200 iscommand: false name: Is Slack enabled? type: condition version: -1 - taskid: 83fa531f-9f0f-40a8-8b65-3e24414ff867 + taskid: 84e72fc4-8d45-44b2-8c3d-ce4ec92ad200 timertriggers: [] type: condition view: |- @@ -2018,13 +2142,13 @@ tasks: task: brand: "" description: Set a value in context under the key you entered. - id: 688b2697-3d80-41e6-821e-ebbc7f725666 + id: bfcc975f-d7db-46ad-8a1d-b9be5cfd186c iscommand: false name: Return Slack script: Set type: regular version: -1 - taskid: 688b2697-3d80-41e6-821e-ebbc7f725666 + taskid: bfcc975f-d7db-46ad-8a1d-b9be5cfd186c timertriggers: [] type: regular view: |- @@ -2034,11 +2158,50 @@ tasks: "y": 1350 } } + "58": + continueonerrortype: "" + id: "58" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "19" + note: false + quietmode: 0 + scriptarguments: + append: + simple: "true" + key: + simple: remediationoptions + value: + simple: Automated remediation by patching vulnerable software + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Set a value in context under the key you entered. + id: 5a0f0dc0-2fc1-44a0-8256-339e9db69aea + iscommand: false + name: Set remediationoptions context (AWS Systems manager) + script: Set + type: regular + version: -1 + taskid: 5a0f0dc0-2fc1-44a0-8256-339e9db69aea + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 400, + "y": -1485 + } + } view: |- { "linkLabelsPosition": { "10_33_Unclaimed S3 Bucket": 0.55, - "10_34_yes": 0.83, + "10_34_Restrict Open Ports": 0.83, "10_52_Cortex Endpoint": 0.66, "16_17_yes": 0.55, "23_48_Jira": 0.88, diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Remediation_Path_Rules_README.md b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Remediation_Path_Rules_README.md index 40d827c1f5a7..5a0e1a416948 100644 --- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Remediation_Path_Rules_README.md +++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Remediation_Path_Rules_README.md @@ -45,4 +45,4 @@ This playbook does not use any sub-playbooks. --- -![Cortex ASM - Remediation Path Rules](../doc_files/Cortex_ASM_-_Remediation_Path_Rules.png) +![Cortex ASM - Remediation Path Rules](../doc_files/Cortex_ASM_-_Remediation_Path_Rules.png) \ No newline at end of file diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Remediation_README.md b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Remediation_README.md index e40c09570c20..cd5f87a53b96 100644 --- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Remediation_README.md +++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Remediation_README.md @@ -1,4 +1,4 @@ -This playbook contains all the cloud provider sub playbooks for remediation +This playbook contains all the cloud provider sub playbooks for remediation. ## Dependencies @@ -6,11 +6,13 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks -* AWS - Unclaimed S3 Bucket Remediation +* AWS - Package Upgrade * AWS - Security Group Remediation v2 +* AWS - Unclaimed S3 Bucket Remediation +* Azure - Network Security Group Remediation +* Cortex ASM - Cortex Endpoint Remediation * Cortex ASM - On Prem Remediation * GCP - Firewall Remediation -* Azure - Network Security Group Remediation ### Integrations diff --git a/Packs/CortexAttackSurfaceManagement/README.md b/Packs/CortexAttackSurfaceManagement/README.md index bf53caf2415b..3a950094e3cc 100644 --- a/Packs/CortexAttackSurfaceManagement/README.md +++ b/Packs/CortexAttackSurfaceManagement/README.md @@ -47,6 +47,7 @@ Automated remediation is only possible when the right conditions are met. These - Unclaimed S3 Bucket* - Asset one of the following: - AWS EC2 Instance + - AWS Systems manager agent (active) on AWS EC2 Instance* - Azure Compute Instance - GCP Compute Engine (VM) - On-prem asset protected with a Palo Alto Networks Firewall @@ -73,6 +74,8 @@ Automated remediation is only possible when the right conditions are met. These \* The `Unclaimed S3 Bucket` attack surface rule ID only requires `AWS-S3` integration to be enabled. +\* Patching using AWS Systems manager requires agent to be installed on the EC2 instance and currently we only support InsecureOpenSSH and OS versions of Linux Ubuntu. + ## What is included in this pack? The main active response playbook is the `Cortex ASM - ASM Alert` playbook. This playbook contains a set of sub-playbooks and automation scripts, which support many different remediation paths that can be taken depending on the types of configured integrations, the type of alert, and input provided by the analyst. After the final stage, the alert is resolved. diff --git a/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_42.md b/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_42.md new file mode 100644 index 000000000000..7cd014b59002 --- /dev/null +++ b/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_42.md @@ -0,0 +1,18 @@ + +#### Playbooks + +##### Cortex ASM - ASM Alert + +Added support for patching using AWS Systems manger. + +##### Cortex ASM - AWS Enrichment + +Added the system ids to extract information from AWS Systems manger. + +##### Cortex ASM - Remediation Path Rules + +Added support for patching by AWS Systems manager data collection option. + +##### Cortex ASM - Remediation + +Added the "AWS - Package Upgrade" remediation playbook for patching. diff --git a/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_ASM_Alert.png b/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_ASM_Alert.png index 6426825a38c9..23943ef2b20e 100644 Binary files a/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_ASM_Alert.png and b/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_ASM_Alert.png differ diff --git a/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_AWS_Enrichment.png b/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_AWS_Enrichment.png index a16a04cfb0b1..5149020a496b 100644 Binary files a/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_AWS_Enrichment.png and b/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_AWS_Enrichment.png differ diff --git a/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Remediation.png b/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Remediation.png index b38084a7b572..169f4b1db74b 100644 Binary files a/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Remediation.png and b/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Remediation.png differ diff --git a/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Remediation_Path_Rules.png b/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Remediation_Path_Rules.png index 5c467d9460d5..031a09a03126 100644 Binary files a/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Remediation_Path_Rules.png and b/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Remediation_Path_Rules.png differ diff --git a/Packs/CortexAttackSurfaceManagement/pack_metadata.json b/Packs/CortexAttackSurfaceManagement/pack_metadata.json index d9e1d005439a..c73bc4124b8c 100644 --- a/Packs/CortexAttackSurfaceManagement/pack_metadata.json +++ b/Packs/CortexAttackSurfaceManagement/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cortex Attack Surface Management", "description": "Content for working with Attack Surface Management (ASM).", "support": "xsoar", - "currentVersion": "1.7.41", + "currentVersion": "1.7.42", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CortexXDR/Dashboards/dashboard-Cortex_XDR_Events_Grouping.json b/Packs/CortexXDR/Dashboards/dashboard-Cortex_XDR_Events_Grouping.json index 407ee21acf49..ae7e515c5085 100644 --- a/Packs/CortexXDR/Dashboards/dashboard-Cortex_XDR_Events_Grouping.json +++ b/Packs/CortexXDR/Dashboards/dashboard-Cortex_XDR_Events_Grouping.json @@ -175,5 +175,8 @@ ], "fromVersion": "6.2.0", "description": "", - "isPredefined": true + "isPredefined": true, + "marketplaces": [ + "xsoar_on_prem" + ] } \ No newline at end of file diff --git a/Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR.py b/Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR.py index c7daa184979d..57b549eea3ba 100644 --- a/Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR.py +++ b/Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR.py @@ -130,6 +130,64 @@ def filter_and_save_unseen_incident(incidents: List, limit: int, number_of_alrea return filtered_incidents +def get_xsoar_close_reasons(): + """ + Get the default XSOAR close-reasons in addition to custom close-reasons from server configuration. + """ + default_xsoar_close_reasons = list(XSOAR_RESOLVED_STATUS_TO_XDR.keys()) + custom_close_reasons: List[str] = [] + try: + server_config = get_server_config() + demisto.debug(f'get_xsoar_close_reasons server-config: {str(server_config)}') + if server_config: + custom_close_reasons = argToList(server_config.get('incident.closereasons', '')) + except Exception as e: + demisto.error(f"Could not get server configuration: {e}") + return default_xsoar_close_reasons + custom_close_reasons + + +def validate_custom_close_reasons_mapping(mapping: str, direction: str): + """ Check validity of provided custom close-reason mappings. """ + + xdr_statuses = [status.replace("resolved_", "").replace("_", " ").title() for status in XDR_RESOLVED_STATUS_TO_XSOAR] + xsoar_statuses = get_xsoar_close_reasons() + + exception_message = ('Improper custom mapping ({direction}) provided: "{key_or_value}" is not a valid Cortex ' + '{xsoar_or_xdr} close-reason. Valid Cortex {xsoar_or_xdr} close-reasons are: {statuses}') + + def to_xdr_status(status): + return "resolved_" + "_".join(status.lower().split(" ")) + + custom_mapping = comma_separated_mapping_to_dict(mapping) + + valid_key = valid_value = True # If no mapping was provided. + + for key, value in custom_mapping.items(): + if direction == XSOAR_TO_XDR: + xdr_close_reason = to_xdr_status(value) + valid_key = key in xsoar_statuses + valid_value = xdr_close_reason in XDR_RESOLVED_STATUS_TO_XSOAR + elif direction == XDR_TO_XSOAR: + xdr_close_reason = to_xdr_status(key) + valid_key = xdr_close_reason in XDR_RESOLVED_STATUS_TO_XSOAR + valid_value = value in xsoar_statuses + + if not valid_key: + raise DemistoException( + exception_message.format(direction=direction, + key_or_value=key, + xsoar_or_xdr="XSOAR" if direction == XSOAR_TO_XDR else "XDR", + statuses=xsoar_statuses + if direction == XSOAR_TO_XDR else xdr_statuses)) + elif not valid_value: + raise DemistoException( + exception_message.format(direction=direction, + key_or_value=value, + xsoar_or_xdr="XDR" if direction == XSOAR_TO_XDR else "XSOAR", + statuses=xdr_statuses + if direction == XSOAR_TO_XDR else xsoar_statuses)) + + class Client(CoreClient): def __init__(self, base_url, proxy, verify, timeout, params=None): if not params: @@ -157,54 +215,12 @@ def test_module(self, first_fetch_time): raise # XSOAR -> XDR - self.validate_custom_mapping(mapping=self._params.get("custom_xsoar_to_xdr_close_reason_mapping"), - direction=XSOAR_TO_XDR) + validate_custom_close_reasons_mapping(mapping=self._params.get("custom_xsoar_to_xdr_close_reason_mapping"), + direction=XSOAR_TO_XDR) # XDR -> XSOAR - self.validate_custom_mapping(mapping=self._params.get("custom_xdr_to_xsoar_close_reason_mapping"), - direction=XDR_TO_XSOAR) - - def validate_custom_mapping(self, mapping: str, direction: str): - """ Check validity of provided custom close-reason mappings. """ - - xdr_statuses_to_xsoar = [status.replace("resolved_", "").replace("_", " ").title() - for status in XDR_RESOLVED_STATUS_TO_XSOAR] - xsoar_statuses_to_xdr = list(XSOAR_RESOLVED_STATUS_TO_XDR.keys()) - - exception_message = ('Improper custom mapping ({direction}) provided: "{key_or_value}" is not a valid Cortex ' - '{xsoar_or_xdr} close-reason. Valid Cortex {xsoar_or_xdr} close-reasons are: {statuses}') - - def to_xdr_status(status): - return "resolved_" + "_".join(status.lower().split(" ")) - - custom_mapping = comma_separated_mapping_to_dict(mapping) - - valid_key = valid_value = True # If no mapping was provided. - - for key, value in custom_mapping.items(): - if direction == XSOAR_TO_XDR: - xdr_close_reason = to_xdr_status(value) - valid_key = key in XSOAR_RESOLVED_STATUS_TO_XDR - valid_value = xdr_close_reason in XDR_RESOLVED_STATUS_TO_XSOAR - elif direction == XDR_TO_XSOAR: - xdr_close_reason = to_xdr_status(key) - valid_key = xdr_close_reason in XDR_RESOLVED_STATUS_TO_XSOAR - valid_value = value in XSOAR_RESOLVED_STATUS_TO_XDR - - if not valid_key: - raise DemistoException( - exception_message.format(direction=direction, - key_or_value=key, - xsoar_or_xdr="XSOAR" if direction == XSOAR_TO_XDR else "XDR", - statuses=xsoar_statuses_to_xdr - if direction == XSOAR_TO_XDR else xdr_statuses_to_xsoar)) - elif not valid_value: - raise DemistoException( - exception_message.format(direction=direction, - key_or_value=value, - xsoar_or_xdr="XDR" if direction == XSOAR_TO_XDR else "XSOAR", - statuses=xdr_statuses_to_xsoar - if direction == XSOAR_TO_XDR else xsoar_statuses_to_xdr)) + validate_custom_close_reasons_mapping(mapping=self._params.get("custom_xdr_to_xsoar_close_reason_mapping"), + direction=XDR_TO_XSOAR) def handle_fetch_starred_incidents(self, limit: int, page_number: int, request_data: dict) -> List: """ @@ -789,6 +805,7 @@ def resolve_xsoar_close_reason(xdr_close_reason: str): :param xdr_close_reason: XDR raw status/close reason e.g. 'resolved_false_positive'. :return: XSOAR close reason. """ + possible_xsoar_close_reasons = get_xsoar_close_reasons() # Check if incoming XDR close-reason has a non-default mapping to XSOAR close-reason. if demisto.params().get("custom_xdr_to_xsoar_close_reason_mapping"): @@ -802,7 +819,7 @@ def resolve_xsoar_close_reason(xdr_close_reason: str): xdr_close_reason.replace("resolved_", "").replace("_", " ").title() ) xsoar_close_reason = custom_xdr_to_xsoar_close_reason_mapping.get(title_cased_xdr_close_reason) - if xsoar_close_reason in XSOAR_RESOLVED_STATUS_TO_XDR: + if xsoar_close_reason in possible_xsoar_close_reasons: demisto.debug( f"XDR->XSOAR custom close-reason exists, using {xdr_close_reason}={xsoar_close_reason}" ) diff --git a/Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR.yml b/Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR.yml index 1190070c4cbb..bd3efda84455 100644 --- a/Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR.yml +++ b/Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR.yml @@ -3547,7 +3547,7 @@ script: Update one or more alerts with the provided arguments. Required license: Cortex XDR Prevent, Cortex XDR Pro per Endpoint, or Cortex XDR Pro per GB. name: xdr-update-alert - dockerimage: demisto/python3:3.10.14.99865 + dockerimage: demisto/python3:3.11.9.101916 isfetch: true isfetch:xpanse: false script: '' diff --git a/Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR_test.py b/Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR_test.py index d448dc09e2a8..fe455a085a96 100644 --- a/Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR_test.py +++ b/Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR_test.py @@ -7,8 +7,9 @@ import demistomock as demisto from CommonServerPython import urljoin, DemistoException -from CoreIRApiModule import XDR_RESOLVED_STATUS_TO_XSOAR -from CortexXDRIR import XSOAR_TO_XDR, XDR_TO_XSOAR +from CoreIRApiModule import XDR_RESOLVED_STATUS_TO_XSOAR, XSOAR_RESOLVED_STATUS_TO_XDR +from CortexXDRIR import XSOAR_TO_XDR, XDR_TO_XSOAR, get_xsoar_close_reasons + XDR_URL = 'https://api.xdrurl.com' ''' HELPER FUNCTIONS ''' @@ -94,7 +95,7 @@ def test_fetch_incidents_filtered_by_status(requests_mock, mocker): client = Client( base_url=f'{XDR_URL}/public_api/v1', verify=False, timeout=120, proxy=False) - incident_extra_data_under_investigation = load_test_data('./test_data/get_incident_extra_data_host_id_array.json')\ + incident_extra_data_under_investigation = load_test_data('./test_data/get_incident_extra_data_host_id_array.json') \ .get('reply', {}).get('incidents') incident_extra_data_new = load_test_data('./test_data/get_incident_extra_data_new_status.json').get('reply').get('incidents') mocker.patch.object(Client, 'get_multiple_incidents_extra_data', side_effect=[incident_extra_data_under_investigation, @@ -106,8 +107,8 @@ def test_fetch_incidents_filtered_by_status(requests_mock, mocker): next_run, incidents = fetch_incidents(client, '3 month', 'MyInstance', exclude_artifacts=False, statuses=statuses_to_fetch) assert len(incidents) == 2 - assert incidents[0]['name'] == "XDR Incident 1 - 'Local Analysis Malware' generated by XDR Agent detected on host AAAAAA "\ - "involving user Administrator" + assert incidents[0]['name'] == "XDR Incident 1 - 'Local Analysis Malware' generated by XDR Agent detected on host AAAAAA " \ + "involving user Administrator" assert incidents[1]['name'] == "XDR Incident 2 - 'Local Analysis Malware' generated by XDR Agent detected on host " \ "BBBBB involving user Administrator" @@ -216,8 +217,8 @@ def test_fetch_only_starred_incidents(self, mocker): starred=True, starred_incidents_fetch_window='3 days') assert len(incidents) == 2 - assert incidents[0]['name'] == "XDR Incident 3 - 'Local Analysis Malware' generated by XDR Agent detected"\ - " on host AAAAA involving user Administrator" + assert incidents[0]['name'] == "XDR Incident 3 - 'Local Analysis Malware' generated by XDR Agent detected" \ + " on host AAAAA involving user Administrator" last_run_obj = {'next_run': next_run, 'fetched_starred_incidents': {'3': True, '4': True} @@ -479,7 +480,7 @@ def test_get_remote_data_command_should_not_update(requests_mock, mocker): @pytest.mark.parametrize(argnames='incident_status', argvalues=XDR_RESOLVED_STATUS_TO_XSOAR.keys()) -def test_get_remote_data_command_should_close_issue(requests_mock, mocker, incident_status): +def test_get_remote_data_command_should_close_issue(capfd, requests_mock, mocker, incident_status): """ Given: - an XDR client @@ -536,7 +537,8 @@ def test_get_remote_data_command_should_close_issue(requests_mock, mocker, incid mocker.patch("CortexXDRIR.ALERTS_LIMIT_PER_INCIDENTS", new=50) mocker.patch.object(Client, 'save_modified_incidents_to_integration_context') mocker.patch.object(Client, 'get_multiple_incidents_extra_data', return_value=raw_incident['reply']) - response = get_remote_data_command(client, args) + with capfd.disabled(): + response = get_remote_data_command(client, args) sort_all_list_incident_fields(expected_modified_incident) assert response.mirrored_object == expected_modified_incident @@ -759,7 +761,7 @@ def test_get_incident_extra_data(mocker): """ from CortexXDRIR import get_incident_extra_data_command, Client - get_incident_extra_data_response = load_test_data('./test_data/get_incident_extra_data_host_id_array.json')\ + get_incident_extra_data_response = load_test_data('./test_data/get_incident_extra_data_host_id_array.json') \ .get('reply', {}).get('incidents', []) mocker.patch.object(Client, 'get_multiple_incidents_extra_data', return_value=get_incident_extra_data_response) mocker.patch("CortexXDRIR.ALERTS_LIMIT_PER_INCIDENTS", new=2) @@ -877,14 +879,14 @@ def test_test_module(capfd, custom_mapping, direction, should_raise_error): Then: - Ensure no error is raised, and return `ok` """ - from CortexXDRIR import Client + from CortexXDRIR import Client, validate_custom_close_reasons_mapping # using two different credentials object as they both fields need to be encrypted base_url = urljoin("dummy_url", '/public_api/v1') proxy = demisto.params().get('proxy') verify_cert = not demisto.params().get('insecure', False) - client = Client( + Client( base_url=base_url, proxy=proxy, verify=verify_cert, @@ -895,10 +897,10 @@ def test_test_module(capfd, custom_mapping, direction, should_raise_error): with capfd.disabled(): if should_raise_error: with pytest.raises(DemistoException): - client.validate_custom_mapping(mapping=custom_mapping, direction=direction) + validate_custom_close_reasons_mapping(mapping=custom_mapping, direction=direction) else: try: - client.validate_custom_mapping(mapping=custom_mapping, direction=direction) + validate_custom_close_reasons_mapping(mapping=custom_mapping, direction=direction) except DemistoException as e: pytest.fail(f"Unexpected exception raised for input {input}: {e}") @@ -1034,8 +1036,8 @@ def test_filter_and_save_unseen_incident_limit_test(): "creation_time": 1577836800000 }, { - "id": "2", - "creation_time": 1577836800001 + "id": "2", + "creation_time": 1577836800001 }] assert filter_and_save_unseen_incident(incident, 1, 1) == [{"id": "1", "creation_time": 1577836800000}] @@ -1285,7 +1287,7 @@ def test_sort_all_incident_data_fields_fetch_case_get_multiple_incidents_extra_d - Verify that alerts and artifacts are found. """ from CortexXDRIR import sort_incident_data, sort_all_list_incident_fields - incident_case_get_multiple_incidents_extra_data = load_test_data('./test_data/get_multiple_incidents_extra_data.json')\ + incident_case_get_multiple_incidents_extra_data = load_test_data('./test_data/get_multiple_incidents_extra_data.json') \ .get('reply').get('incidents')[0] incident_data = sort_incident_data(incident_case_get_multiple_incidents_extra_data) sort_all_list_incident_fields(incident_data) @@ -1441,7 +1443,8 @@ def test_update_alerts_in_xdr_request_called_with(): json_data={'request_data': {'alert_id_list': '1,2,3', 'update_data': - {'severity': 'High', 'status': 'resolved', 'comment': 'i am a test'} + {'severity': 'High', 'status': 'resolved', + 'comment': 'i am a test'} } }, headers={ @@ -1556,3 +1559,24 @@ def test_core_http_request_xpanse_tenant(mocker): mocker.patch.object(BaseClient, "_http_request", return_value={'reply': {"incidents": [{"incident": {"incident_id": "1"}}]}}) res = client.get_incidents(incident_id_list=['1']) assert res == [{'incident': {'incident_id': '1'}}] + + +def test_get_xsoar_close_reasons(mocker): + mock_response = { + 'body': '{"sysConf":{"incident.closereasons":"CustomReason1, CustomReason 2, Foo","versn":40},"defaultMap":{}}\n', + 'headers': { + 'Content-Length': ['104'], + 'X-Xss-Protection': ['1; mode=block'], + 'X-Content-Type-Options': ['nosniff'], + 'Strict-Transport-Security': ['max-age=10886400000000000; includeSubDomains'], + 'Vary': ['Accept-Encoding'], + 'Server-Timing': ['7'], + 'Date': ['Wed, 03 Jul 2010 09:11:35 GMT'], + 'X-Frame-Options': ['DENY'], + 'Content-Type': ['application/json'] + }, + 'status': '200 OK', + 'statusCode': 200 + } + mocker.patch.object(demisto, 'internalHttpRequest', return_value=mock_response) + assert get_xsoar_close_reasons() == list(XSOAR_RESOLVED_STATUS_TO_XDR.keys()) + ['CustomReason1', 'CustomReason 2', 'Foo'] diff --git a/Packs/CortexXDR/ReleaseNotes/6_1_53.md b/Packs/CortexXDR/ReleaseNotes/6_1_53.md new file mode 100644 index 000000000000..12d7e272c2d5 --- /dev/null +++ b/Packs/CortexXDR/ReleaseNotes/6_1_53.md @@ -0,0 +1,27 @@ + +#### Dashboards + +##### Cortex XDR Events Grouping + +Cortex XDR Events Grouping dashboard is now only supported for Cortex XSOAR on-prem. + +#### Scripts + +##### DBotGroupXDRIncidents + +- DBotGroupXDRIncidents script is now only supported for Cortex XSOAR on-prem. +- Updated the Docker image to: *demisto/python3:3.10.14.99865*. + +#### Widgets + +##### Cortex XDR Grouping - Summary + +Cortex XDR Grouping - Summary widget is now only supported for Cortex XSOAR on-prem. + +##### Cortex XDR Grouping - Incidents + +Cortex XDR Grouping - Incidents widget is now only supported for Cortex XSOAR on-prem. + +##### Cortex XDR Groups - Scatter + +Cortex XDR Groups - Scatter widget is now only supported for Cortex XSOAR on-prem. diff --git a/Packs/CortexXDR/ReleaseNotes/6_1_54.md b/Packs/CortexXDR/ReleaseNotes/6_1_54.md new file mode 100644 index 000000000000..d40fc4231544 --- /dev/null +++ b/Packs/CortexXDR/ReleaseNotes/6_1_54.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Palo Alto Networks Cortex XDR - Investigation and Response + +Added support for custom XSOAR close-reasons in XSOAR-XDR close-reason mapping. diff --git a/Packs/CortexXDR/Scripts/DBotGroupXDRIncidents/DBotGroupXDRIncidents.yml b/Packs/CortexXDR/Scripts/DBotGroupXDRIncidents/DBotGroupXDRIncidents.yml index 3ed249b9d0ff..0f029437939d 100644 --- a/Packs/CortexXDR/Scripts/DBotGroupXDRIncidents/DBotGroupXDRIncidents.yml +++ b/Packs/CortexXDR/Scripts/DBotGroupXDRIncidents/DBotGroupXDRIncidents.yml @@ -47,6 +47,7 @@ type: python tests: - No tests (auto formatted) fromversion: 6.2.0 -dockerimage: demisto/python3:3.10.13.83255 +dockerimage: demisto/python3:3.10.14.99865 marketplaces: - xsoar +- xsoar_on_prem diff --git a/Packs/CortexXDR/Widgets/Widget-Cortex_XDR_Groups_Incidents.json b/Packs/CortexXDR/Widgets/Widget-Cortex_XDR_Groups_Incidents.json index 864aef65a60b..dbd2ff5400c0 100644 --- a/Packs/CortexXDR/Widgets/Widget-Cortex_XDR_Groups_Incidents.json +++ b/Packs/CortexXDR/Widgets/Widget-Cortex_XDR_Groups_Incidents.json @@ -21,5 +21,8 @@ "id": "c89bc765-50a9-479f-88e5-d256e09788c5", "widgetType": "text", "fromVersion": "6.2.0", - "description": "" + "description": "", + "marketplaces": [ + "xsoar_on_prem" + ] } \ No newline at end of file diff --git a/Packs/CortexXDR/Widgets/Widget-Cortex_XDR_Groups_Scatter.json b/Packs/CortexXDR/Widgets/Widget-Cortex_XDR_Groups_Scatter.json index 5d7df2e4f7b0..e0a24c91c922 100644 --- a/Packs/CortexXDR/Widgets/Widget-Cortex_XDR_Groups_Scatter.json +++ b/Packs/CortexXDR/Widgets/Widget-Cortex_XDR_Groups_Scatter.json @@ -16,5 +16,8 @@ "id": "5827f988-df26-42a5-8c46-18b3af444702", "widgetType": "scatter", "fromVersion": "6.2.0", - "description": "" + "description": "", + "marketplaces": [ + "xsoar_on_prem" + ] } \ No newline at end of file diff --git a/Packs/CortexXDR/Widgets/Widget-Cortex_XDR_Groups_Summary.json b/Packs/CortexXDR/Widgets/Widget-Cortex_XDR_Groups_Summary.json index f5e3bece8fc1..3186a53a2222 100644 --- a/Packs/CortexXDR/Widgets/Widget-Cortex_XDR_Groups_Summary.json +++ b/Packs/CortexXDR/Widgets/Widget-Cortex_XDR_Groups_Summary.json @@ -21,5 +21,8 @@ "id": "ccf4d070-47f3-4559-8563-a63240f17f74", "widgetType": "text", "fromVersion": "6.2.0", - "description": "" + "description": "", + "marketplaces": [ + "xsoar_on_prem" + ] } \ No newline at end of file diff --git a/Packs/CortexXDR/pack_metadata.json b/Packs/CortexXDR/pack_metadata.json index c8d146f9be0c..5f2aeb91f77a 100644 --- a/Packs/CortexXDR/pack_metadata.json +++ b/Packs/CortexXDR/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cortex XDR by Palo Alto Networks", "description": "Automates Cortex XDR incident response, and includes custom Cortex XDR incident views and layouts to aid analyst investigations.", "support": "xsoar", - "currentVersion": "6.1.52", + "currentVersion": "6.1.54", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Certificate_Asset.json b/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Certificate_Asset.json index 4ddfdcae4279..17db8f1aad23 100644 --- a/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Certificate_Asset.json +++ b/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Certificate_Asset.json @@ -46,6 +46,19 @@ "type": "shortText", "width": 150 }, + { + "displayName": "tags", + "fieldCalcScript": "", + "isDefault": true, + "isReadOnly": false, + "key": "tags", + "orgType": "shortText", + "required": false, + "script": "", + "selectValues": null, + "type": "shortText", + "width": 150 + }, { "displayName": "explainers", "fieldCalcScript": "", diff --git a/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Cloud_Asset.json b/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Cloud_Asset.json index 3774ebc5a366..3a59fcdc830b 100644 --- a/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Cloud_Asset.json +++ b/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Cloud_Asset.json @@ -46,6 +46,19 @@ "type": "shortText", "width": 150 }, + { + "displayName": "tags", + "fieldCalcScript": "", + "isDefault": true, + "isReadOnly": false, + "key": "tags", + "orgType": "shortText", + "required": false, + "script": "", + "selectValues": null, + "type": "shortText", + "width": 150 + }, { "displayName": "explainers", "fieldCalcScript": "", diff --git a/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Domain_Asset.json b/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Domain_Asset.json index 822546907b0b..85366233f0fe 100644 --- a/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Domain_Asset.json +++ b/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Domain_Asset.json @@ -46,6 +46,19 @@ "type": "shortText", "width": 150 }, + { + "displayName": "tags", + "fieldCalcScript": "", + "isDefault": true, + "isReadOnly": false, + "key": "tags", + "orgType": "shortText", + "required": false, + "script": "", + "selectValues": null, + "type": "shortText", + "width": 150 + }, { "displayName": "explainers", "fieldCalcScript": "", diff --git a/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Responsive_IP_Asset.json b/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Responsive_IP_Asset.json index c54197dc4145..2ab7850cbbd2 100644 --- a/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Responsive_IP_Asset.json +++ b/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Responsive_IP_Asset.json @@ -46,6 +46,19 @@ "type": "shortText", "width": 150 }, + { + "displayName": "tags", + "fieldCalcScript": "", + "isDefault": true, + "isReadOnly": false, + "key": "tags", + "orgType": "shortText", + "required": false, + "script": "", + "selectValues": null, + "type": "shortText", + "width": 150 + }, { "displayName": "explainers", "fieldCalcScript": "", diff --git a/Packs/CortexXpanse/IncidentTypes/incidenttype-Xpanse_Alert6.8.json b/Packs/CortexXpanse/IncidentTypes/incidenttype-Xpanse_Alert6.8.json index 4999f977a3f9..27a4aa81be5c 100644 --- a/Packs/CortexXpanse/IncidentTypes/incidenttype-Xpanse_Alert6.8.json +++ b/Packs/CortexXpanse/IncidentTypes/incidenttype-Xpanse_Alert6.8.json @@ -1,5 +1,5 @@ { - "autorun": false, + "autorun": true, "color": "#3C64C5", "days": 0, "daysR": 0, diff --git a/Packs/CortexXpanse/Playbooks/Xpanse_-_Alert_Handler.yml b/Packs/CortexXpanse/Playbooks/Xpanse_-_Alert_Handler.yml index 12a67501c63d..04bec91f1c71 100644 --- a/Packs/CortexXpanse/Playbooks/Xpanse_-_Alert_Handler.yml +++ b/Packs/CortexXpanse/Playbooks/Xpanse_-_Alert_Handler.yml @@ -6,10 +6,10 @@ starttaskid: "0" tasks: "0": id: "0" - taskid: 214bf91b-ba2c-4bc0-8f79-b8fa030361a1 + taskid: 51e81457-177e-4950-8197-6bfcaabd0be7 type: start task: - id: 214bf91b-ba2c-4bc0-8f79-b8fa030361a1 + id: 51e81457-177e-4950-8197-6bfcaabd0be7 version: -1 name: "" iscommand: false @@ -36,17 +36,17 @@ tasks: isautoswitchedtoquietmode: false "1": id: "1" - taskid: ae2ce6f3-734a-47ff-84f6-61606557ffea + taskid: 2dbfd762-668c-4085-89db-75eeae61e6fe type: playbook task: - id: ae2ce6f3-734a-47ff-84f6-61606557ffea + id: 2dbfd762-668c-4085-89db-75eeae61e6fe version: -1 name: Xpanse - NMap - Detect Service description: Looks at what ASM sub-type the alert is and uses NMap to do a validation scan. - playbookName: Xpanse - NMap - Detect Service type: playbook iscommand: false brand: "" + playbookId: Xpanse - NMap - Detect Service nexttasks: '#none#': - "6" @@ -72,7 +72,7 @@ tasks: { "position": { "x": 450, - "y": 250 + "y": 180 } } note: false @@ -84,10 +84,10 @@ tasks: isautoswitchedtoquietmode: false "2": id: "2" - taskid: b216af93-2946-42a9-87b8-be99ddc48659 + taskid: 30d2124a-8ddf-4901-8bd7-089476652a10 type: title task: - id: b216af93-2946-42a9-87b8-be99ddc48659 + id: 30d2124a-8ddf-4901-8bd7-089476652a10 version: -1 name: Complete type: title @@ -100,7 +100,7 @@ tasks: { "position": { "x": 450, - "y": 980 + "y": 1370 } } note: false @@ -112,17 +112,17 @@ tasks: isautoswitchedtoquietmode: false "3": id: "3" - taskid: 0a1ed7f5-fc19-4362-87c5-686806c40cbd + taskid: c47edf3e-f390-4c0c-8e46-666c4429f94d type: playbook task: - id: 0a1ed7f5-fc19-4362-87c5-686806c40cbd + id: c47edf3e-f390-4c0c-8e46-666c4429f94d version: -1 name: Xpanse - Alert Self-Enrichment description: Enrichment on the alert itself using Cortex Xpanse APIs. - playbookName: Xpanse - Alert Self-Enrichment type: playbook iscommand: false brand: "" + playbookId: Xpanse - Alert Self-Enrichment nexttasks: '#none#': - "4" @@ -137,7 +137,7 @@ tasks: { "position": { "x": 450, - "y": 580 + "y": 470 } } note: false @@ -149,27 +149,27 @@ tasks: isautoswitchedtoquietmode: false "4": id: "4" - taskid: eb478d2a-e73f-4840-8682-b02f063b587a + taskid: e55bd85b-30af-42a7-8556-2d5bf31ddfa5 type: playbook task: - id: eb478d2a-e73f-4840-8682-b02f063b587a + id: e55bd85b-30af-42a7-8556-2d5bf31ddfa5 version: -1 name: Xpanse - Alert Enrichment - playbookName: Xpanse - Alert Enrichment type: playbook iscommand: false brand: "" + playbookId: Xpanse - Alert Enrichment description: '' nexttasks: '#none#': - - "2" + - "10" separatecontext: true continueonerrortype: "" view: |- { "position": { "x": 450, - "y": 780 + "y": 630 } } note: false @@ -181,10 +181,10 @@ tasks: isautoswitchedtoquietmode: false "5": id: "5" - taskid: 6f78d9b9-f90e-4c99-833d-742e6697d336 + taskid: e7947bb6-bd91-43f4-8b58-9ea6e402aa4d type: title task: - id: 6f78d9b9-f90e-4c99-833d-742e6697d336 + id: e7947bb6-bd91-43f4-8b58-9ea6e402aa4d version: -1 name: Is the service still exposed? type: title @@ -200,7 +200,7 @@ tasks: { "position": { "x": 450, - "y": 80 + "y": 50 } } note: false @@ -212,10 +212,10 @@ tasks: isautoswitchedtoquietmode: false "6": id: "6" - taskid: 9d7740e1-a0b5-4fc5-8c01-e5e0b876bee4 + taskid: 8db016d6-0000-4d73-8b2e-d6d5d1ab0e2f type: title task: - id: 9d7740e1-a0b5-4fc5-8c01-e5e0b876bee4 + id: 8db016d6-0000-4d73-8b2e-d6d5d1ab0e2f version: -1 name: Asset and Alert Enrichment type: title @@ -231,7 +231,7 @@ tasks: { "position": { "x": 450, - "y": 420 + "y": 340 } } note: false @@ -241,20 +241,216 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false + "7": + continueonerrortype: "" + form: + description: Add one or more tags to the assets(s) associated with the current Cortex XSOAR incident. + expired: false + questions: + - defaultrows: [] + fieldassociated: "" + gridcolumns: [] + id: "0" + label: "" + labelarg: + simple: What tag(s) do you want to add to asset(s)? + options: [] + optionsarg: [] + placeholder: "" + readonly: false + required: true + tooltip: Specify a comma-separated list of tags you want to add to the asset(s) associated to the current Cortex XSOAR incident. + type: shortText + sender: Your SOC team + title: Determine tags to add to asset + totalanswers: 0 + id: "7" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + message: + bcc: + body: + cc: + format: "" + methods: [] + subject: + timings: + completeafterreplies: 1 + completeaftersla: false + completeafterv2: true + retriescount: 0 + retriesinterval: 0 + to: + nexttasks: + '#none#': + - "9" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + id: 54995d00-c6c0-4549-8ded-319d5bc01e0e + iscommand: false + name: Determine tags to add to asset(s) + type: collection + version: -1 + description: Add one or more tags to the assets(s) associated with the current Cortex XSOAR incident. + taskid: 54995d00-c6c0-4549-8ded-319d5bc01e0e + timertriggers: [] + type: collection + view: |- + { + "position": { + "x": 450, + "y": 1020 + } + } + "9": + continueonerrortype: "" + id: "9" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "2" + note: false + quietmode: 0 + scriptarguments: + asm_id_list: + complex: + accessor: xpanseassetids + root: incident + transformers: + - args: + chars: + value: + simple: '[]' + operator: StripChars + - args: + limit: {} + replaceWith: {} + toReplace: + value: + simple: '"' + operator: replace + tags: + complex: + accessor: Answers + root: Determine tags to add to asset + transformers: + - operator: LastArrayElement + - args: + field: + value: + simple: "0" + operator: getField + - args: + delimiter: + value: + simple: ',' + operator: split + separatecontext: false + skipunavailable: false + task: + brand: Cortex Xpanse + description: Assigns tags to a list of assets. + id: 3279b4b2-f6ca-4f10-8bcf-c199409bcf5f + iscommand: true + name: Assign Tag to Asset(s) + script: Cortex Xpanse|||asm-tag-asset-assign + type: regular + version: -1 + taskid: 3279b4b2-f6ca-4f10-8bcf-c199409bcf5f + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 450, + "y": 1180 + } + } + "10": + conditions: + - condition: + - - ignorecase: true + left: + iscontext: true + value: + simple: inputs.WriteToXpanse + operator: isEqualString + right: + value: + simple: "True" + label: "yes" + continueonerrortype: "" + id: "10" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#default#': + - "2" + "yes": + - "7" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Determine whether the playbook should write data back to Cortex Xpanse. + id: 62fb488b-6b5a-469d-800e-80a6e253d8b1 + iscommand: false + name: Are we writing to Cortex Xpanse? + type: condition + version: -1 + taskid: 62fb488b-6b5a-469d-800e-80a6e253d8b1 + timertriggers: [] + type: condition + view: |- + { + "position": { + "x": 450, + "y": 790 + } + } view: |- { - "linkLabelsPosition": {}, + "linkLabelsPosition": { + "10_7_yes": 0.49 + }, "paper": { "dimensions": { - "height": 1125, + "height": 1515, "width": 380, "x": 450, "y": -80 } } } -inputs: [] +inputs: +- description: Whether to write data back to Cortex Xpanse. + key: WriteToXpanse + playbookInputQuery: + required: false + value: + simple: "False" outputs: [] tests: - No tests (auto formatted) fromversion: 6.8.0 +contentitemexportablefields: + contentitemfields: {} +inputSections: +- description: Generic group for inputs. + inputs: + - WriteToXpanse + name: General (Inputs group) +outputSections: +- description: Generic group for outputs. + name: General (Outputs group) + outputs: [] diff --git a/Packs/CortexXpanse/Playbooks/Xpanse_-_Alert_Handler_README.md b/Packs/CortexXpanse/Playbooks/Xpanse_-_Alert_Handler_README.md index 52fc3f85fd7f..b606c342f999 100644 --- a/Packs/CortexXpanse/Playbooks/Xpanse_-_Alert_Handler_README.md +++ b/Packs/CortexXpanse/Playbooks/Xpanse_-_Alert_Handler_README.md @@ -1,4 +1,4 @@ -This playbook is the default handler for Cortex Xpanse alerts that focuses primarily on enrichment. +Default alert handling for Cortex Xpanse alerts. ## Dependencies @@ -10,10 +10,25 @@ This playbook uses the following sub-playbooks, integrations, and scripts. * Xpanse - Alert Self-Enrichment * Xpanse - Alert Enrichment +### Integrations + +Cortex Xpanse + +### Scripts + +This playbook does not use any scripts. + +### Commands + +asm-tag-asset-assign + ## Playbook Inputs --- -There are no inputs for this playbook + +| **Name** | **Description** | **Default Value** | **Required** | +| --- | --- | --- | --- | +| WriteToXpanse | Whether to write data back to Cortex Expanse. | False | Optional | ## Playbook Outputs @@ -24,4 +39,4 @@ There are no outputs for this playbook. --- -![Xpanse - Alert Handler](../doc_files/Xpanse_-_Alert_Handler.png) \ No newline at end of file +![Xpanse - Alert Handler](../doc_files/Xpanse_-_Alert_Handler.png) diff --git a/Packs/CortexXpanse/Playbooks/Xpanse_-_Alert_Self-Enrichment.yml b/Packs/CortexXpanse/Playbooks/Xpanse_-_Alert_Self-Enrichment.yml index 0d98cb9f69f2..46f837f9d4cb 100644 --- a/Packs/CortexXpanse/Playbooks/Xpanse_-_Alert_Self-Enrichment.yml +++ b/Packs/CortexXpanse/Playbooks/Xpanse_-_Alert_Self-Enrichment.yml @@ -575,7 +575,7 @@ tasks: gridfield: simple: xpansecertificateasset keys: - simple: name,type,date_added,explainers,subject,subject_alerternative_names,issuer,issuer_email,expires,algorithm + simple: name,type,date_added,tags,explainers,subject,subject_alerternative_names,issuer,issuer_email,expires,algorithm val1: complex: accessor: name @@ -632,7 +632,7 @@ tasks: - operator: TimeStampToDate val4: complex: - accessor: explainers + accessor: tags filters: - - left: iscontext: true @@ -647,9 +647,28 @@ tasks: - args: separator: value: - simple: ',' + simple: ', ' operator: join val5: + complex: + accessor: explainers + filters: + - - left: + iscontext: true + value: + simple: ASM.AssetInternetExposure.type + operator: isEqualString + right: + value: + simple: Certificate + root: ASM.AssetInternetExposure + transformers: + - args: + separator: + value: + simple: ', ' + operator: join + val6: complex: accessor: details.certificateDetails.subject filters: @@ -669,7 +688,7 @@ tasks: value: simple: n/a operator: SetIfEmpty - val6: + val7: complex: accessor: details.certificateDetails.subjectAlternativeNames filters: @@ -689,7 +708,7 @@ tasks: value: simple: n/a operator: SetIfEmpty - val7: + val8: complex: accessor: certificate_issuer filters: @@ -709,7 +728,7 @@ tasks: value: simple: n/a operator: SetIfEmpty - val8: + val9: complex: accessor: details.certificateDetails.issuerEmail filters: @@ -723,13 +742,13 @@ tasks: simple: Certificate root: ASM.AssetInternetExposure transformers: - - args: + - operator: SetIfEmpty + args: applyIfEmpty: {} defaultValue: value: simple: n/a - operator: SetIfEmpty - val9: + val10: complex: accessor: details.certificateDetails.validNotAfter filters: @@ -744,7 +763,7 @@ tasks: root: ASM.AssetInternetExposure transformers: - operator: TimeStampToDate - val10: + val11: complex: accessor: certificate_algorithm filters: @@ -848,7 +867,7 @@ tasks: gridfield: simple: xpanseresponsiveipasset keys: - simple: name,type,date_added,explainers,ip_version,range,asn_number,asn_country + simple: name,type,date_added,tags,explainers,ip_version,range,asn_number,asn_country val1: complex: accessor: name @@ -905,7 +924,7 @@ tasks: - operator: TimeStampToDate val4: complex: - accessor: explainers + accessor: tags filters: - - left: iscontext: true @@ -920,20 +939,39 @@ tasks: - args: separator: value: - simple: ',' + simple: ', ' operator: join val5: + complex: + accessor: explainers + root: ASM.AssetInternetExposure + transformers: + - args: + separator: + value: + simple: ', ' + operator: join + filters: + - - left: + iscontext: true + value: + simple: ASM.AssetInternetExposure.type + operator: isEqualString + right: + value: + simple: ResponsiveIP + val6: complex: accessor: IP_VERSION root: range_info transformers: - - args: + - operator: SetIfEmpty + args: applyIfEmpty: {} defaultValue: value: simple: n/a - operator: SetIfEmpty - val6: + val7: complex: accessor: handle root: range_info.DETAILS.networkRecords @@ -942,9 +980,9 @@ tasks: - args: separator: value: - simple: ',' + simple: ', ' operator: join - val7: + val8: complex: accessor: ASN_HANDLES root: range_info @@ -952,9 +990,9 @@ tasks: - args: separator: value: - simple: ',' + simple: ', ' operator: join - val8: + val9: complex: accessor: ASN_COUNTRIES root: range_info @@ -1492,7 +1530,7 @@ tasks: gridfield: simple: xpansecertificateasset keys: - simple: name,type,date_added,explainers,subject,subject_alerternative_names,issuer,issuer_email,expires,algorithm + simple: name,type,date_added,tags,explainers,subject,subject_alerternative_names,issuer,issuer_email,expires,algorithm val1: complex: accessor: name @@ -1549,7 +1587,7 @@ tasks: - operator: TimeStampToDate val4: complex: - accessor: explainers + accessor: tags filters: - - left: iscontext: true @@ -1564,9 +1602,28 @@ tasks: - args: separator: value: - simple: ',' + simple: ', ' operator: join val5: + complex: + accessor: explainers + filters: + - - left: + iscontext: true + value: + simple: ASM.AssetInternetExposure.type + operator: isEqualString + right: + value: + simple: Certificate + root: ASM.AssetInternetExposure + transformers: + - args: + separator: + value: + simple: ', ' + operator: join + val6: complex: accessor: details.certificateDetails.subject filters: @@ -1586,7 +1643,7 @@ tasks: value: simple: n/a operator: SetIfEmpty - val6: + val7: complex: accessor: details.certificateDetails.subjectAlternativeNames filters: @@ -1606,7 +1663,7 @@ tasks: value: simple: n/a operator: SetIfEmpty - val7: + val8: complex: accessor: certificate_issuer filters: @@ -1626,7 +1683,7 @@ tasks: value: simple: n/a operator: SetIfEmpty - val8: + val9: complex: accessor: details.certificateDetails.issuerEmail filters: @@ -1646,9 +1703,9 @@ tasks: value: simple: n/a operator: SetIfEmpty - val9: - simple: n/a val10: + simple: n/a + val11: complex: accessor: certificate_algorithm filters: @@ -1706,7 +1763,7 @@ tasks: gridfield: simple: xpansedomainasset keys: - simple: name,type,date_added,explainers,registrar_name,registry_expiration,domain_status,registrant_name,registrant_org,registrant_email + simple: name,type,date_added,tags,explainers,registrar_name,registry_expiration,domain_status,registrant_name,registrant_org,registrant_email val1: complex: accessor: name @@ -1763,7 +1820,7 @@ tasks: - operator: TimeStampToDate val4: complex: - accessor: explainers + accessor: tags filters: - - left: iscontext: true @@ -1778,11 +1835,11 @@ tasks: - args: separator: value: - simple: ',' + simple: ', ' operator: join val5: complex: - accessor: details.domainDetails.registrar.name + accessor: explainers filters: - - left: iscontext: true @@ -1795,12 +1852,31 @@ tasks: root: ASM.AssetInternetExposure transformers: - args: + separator: + value: + simple: ', ' + operator: join + val6: + complex: + accessor: details.domainDetails.registrar.name + filters: + - - left: + iscontext: true + value: + simple: ASM.AssetInternetExposure.type + operator: isEqualString + right: + value: + simple: Domain + root: ASM.AssetInternetExposure + transformers: + - operator: SetIfEmpty + args: applyIfEmpty: {} defaultValue: value: simple: n/a - operator: SetIfEmpty - val6: + val7: complex: accessor: details.domainDetails.registryExpiryDate filters: @@ -1815,7 +1891,7 @@ tasks: root: ASM.AssetInternetExposure transformers: - operator: TimeStampToDate - val7: + val8: complex: accessor: details.domainDetails.domainStatuses filters: @@ -1832,9 +1908,9 @@ tasks: - args: separator: value: - simple: ',' + simple: ', ' operator: join - val8: + val9: complex: accessor: details.domainDetails.registrant.name filters: @@ -1854,7 +1930,7 @@ tasks: value: simple: n/a operator: SetIfEmpty - val9: + val10: complex: accessor: details.domainDetails.registrant.organization filters: @@ -1874,7 +1950,7 @@ tasks: value: simple: n/a operator: SetIfEmpty - val10: + val11: complex: accessor: details.domainDetails.registrant.emailAddress filters: @@ -1932,7 +2008,7 @@ tasks: gridfield: simple: xpansecloudasset keys: - simple: name,type,date_added,explainers,externally_detected_providers,ips,domain + simple: name,type,date_added,tags,explainers,externally_detected_providers,ips,domain val1: complex: accessor: name @@ -1989,7 +2065,7 @@ tasks: - operator: TimeStampToDate val4: complex: - accessor: explainers + accessor: tags filters: - - left: iscontext: true @@ -2004,11 +2080,11 @@ tasks: - args: separator: value: - simple: ',' + simple: ', ' operator: join val5: complex: - accessor: externally_detected_providers + accessor: explainers filters: - - left: iscontext: true @@ -2023,11 +2099,11 @@ tasks: - args: separator: value: - simple: ',' + simple: ', ' operator: join val6: complex: - accessor: ips + accessor: externally_detected_providers filters: - - left: iscontext: true @@ -2042,9 +2118,28 @@ tasks: - args: separator: value: - simple: ',' + simple: ', ' operator: join val7: + complex: + accessor: ips + filters: + - - left: + iscontext: true + value: + simple: ASM.AssetInternetExposure.type + operator: isEqualString + right: + value: + simple: CloudIntegration + root: ASM.AssetInternetExposure + transformers: + - args: + separator: + value: + simple: ', ' + operator: join + val8: complex: accessor: domain filters: @@ -2156,7 +2251,7 @@ tasks: gridfield: simple: xpansedomainasset keys: - simple: name,type,date_added,explainers,registrar_name,registry_expiration,domain_status,registrant_name,registrant_org,registrant_email + simple: name,type,date_added,tags,explainers,registrar_name,registry_expiration,domain_status,registrant_name,registrant_org,registrant_email val1: complex: accessor: name @@ -2213,7 +2308,7 @@ tasks: - operator: TimeStampToDate val4: complex: - accessor: explainers + accessor: tags filters: - - left: iscontext: true @@ -2228,9 +2323,28 @@ tasks: - args: separator: value: - simple: ',' + simple: ', ' operator: join val5: + complex: + accessor: explainers + filters: + - - left: + iscontext: true + value: + simple: ASM.AssetInternetExposure.type + operator: isEqualString + right: + value: + simple: Domain + root: ASM.AssetInternetExposure + transformers: + - args: + separator: + value: + simple: ', ' + operator: join + val6: complex: accessor: details.domainDetails.registrar.name filters: @@ -2250,9 +2364,9 @@ tasks: value: simple: n/a operator: SetIfEmpty - val6: - simple: n/a val7: + simple: n/a + val8: complex: accessor: details.domainDetails.domainStatuses filters: @@ -2269,9 +2383,9 @@ tasks: - args: separator: value: - simple: ',' + simple: ', ' operator: join - val8: + val9: complex: accessor: details.domainDetails.registrant.name filters: @@ -2291,7 +2405,7 @@ tasks: value: simple: n/a operator: SetIfEmpty - val9: + val10: complex: accessor: details.domainDetails.registrant.organization filters: @@ -2311,7 +2425,7 @@ tasks: value: simple: n/a operator: SetIfEmpty - val10: + val11: complex: accessor: details.domainDetails.registrant.emailAddress filters: @@ -2520,7 +2634,7 @@ tasks: gridfield: simple: xpanseresponsiveipasset keys: - simple: name,type,date_added,explainers,ip_version,range,asn_number,asn_country + simple: name,type,date_added,tags,explainers,ip_version,range,asn_number,asn_country val1: complex: accessor: name @@ -2577,7 +2691,7 @@ tasks: - operator: TimeStampToDate val4: complex: - accessor: explainers + accessor: tags filters: - - left: iscontext: true @@ -2592,16 +2706,35 @@ tasks: - args: separator: value: - simple: ',' + simple: ', ' operator: join val5: - simple: n/a + complex: + accessor: explainers + filters: + - - left: + iscontext: true + value: + simple: ASM.AssetInternetExposure.type + operator: isEqualString + right: + value: + simple: ResponsiveIP + root: ASM.AssetInternetExposure + transformers: + - args: + separator: + value: + simple: ', ' + operator: join val6: simple: n/a val7: simple: n/a val8: simple: n/a + val9: + simple: n/a separatecontext: false skipunavailable: false task: diff --git a/Packs/CortexXpanse/ReleaseNotes/1_2_2.md b/Packs/CortexXpanse/ReleaseNotes/1_2_2.md new file mode 100644 index 000000000000..9748ac0d68a8 --- /dev/null +++ b/Packs/CortexXpanse/ReleaseNotes/1_2_2.md @@ -0,0 +1,34 @@ + +#### Incident Fields + +##### Xpanse Certificate Asset + +Added the tags column. + +##### Xpanse Cloud Asset + +Added the tags column. + +##### Xpanse Responsive IP Asset + +Added the tags column. + +##### Xpanse Domain Asset + +Added the tags column. + +#### Incident Types + +##### Xpanse Alert + +Updated the playbook to run automatically. + +#### Playbooks + +##### Xpanse - Alert Self-Enrichment + +Updated the playbook to populate the tags column of assets gridfields. + +##### Xpanse - Alert Handler + +Updated the playbook to include *WriteToXpanse* input to determine if the analyst wants to be prompted to manually add tags to assets associated with the incident. diff --git a/Packs/CortexXpanse/doc_files/Xpanse_-_Alert_Handler.png b/Packs/CortexXpanse/doc_files/Xpanse_-_Alert_Handler.png index ddd5485ac7e0..a40afaa33837 100644 Binary files a/Packs/CortexXpanse/doc_files/Xpanse_-_Alert_Handler.png and b/Packs/CortexXpanse/doc_files/Xpanse_-_Alert_Handler.png differ diff --git a/Packs/CortexXpanse/pack_metadata.json b/Packs/CortexXpanse/pack_metadata.json index 6bae547e7b1b..a8a34ad56f86 100644 --- a/Packs/CortexXpanse/pack_metadata.json +++ b/Packs/CortexXpanse/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cortex Xpanse", "description": "Content for working with Attack Surface Management (ASM).", "support": "xsoar", - "currentVersion": "1.2.1", + "currentVersion": "1.2.2", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CyberChef/Integrations/CyberChef/CyberChef.yml b/Packs/CyberChef/Integrations/CyberChef/CyberChef.yml index 426d886033ca..ed07bf7f3397 100644 --- a/Packs/CyberChef/Integrations/CyberChef/CyberChef.yml +++ b/Packs/CyberChef/Integrations/CyberChef/CyberChef.yml @@ -53,7 +53,7 @@ script: - contextPath: CyberChef.Magic description: Output of the Magic operation type: string - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '' subtype: python3 diff --git a/Packs/CyberChef/ReleaseNotes/1_0_5.md b/Packs/CyberChef/ReleaseNotes/1_0_5.md new file mode 100644 index 000000000000..0c7c9d0866b4 --- /dev/null +++ b/Packs/CyberChef/ReleaseNotes/1_0_5.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### CyberChef + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/CyberChef/pack_metadata.json b/Packs/CyberChef/pack_metadata.json index 114d88e3f15c..351591dc44ed 100644 --- a/Packs/CyberChef/pack_metadata.json +++ b/Packs/CyberChef/pack_metadata.json @@ -2,7 +2,7 @@ "name": "CyberChef", "description": "Integration with your CyberChef server or https://prod.apifor.io service for CyberChef.", "support": "community", - "currentVersion": "1.0.4", + "currentVersion": "1.0.5", "author": "Harri Ruuttila", "url": "", "email": "", diff --git a/Packs/DNSOverHttps/Integrations/DNSOverHttps/DNSOverHttps.yml b/Packs/DNSOverHttps/Integrations/DNSOverHttps/DNSOverHttps.yml index 4303cee81de8..0ae9d03d6e7a 100644 --- a/Packs/DNSOverHttps/Integrations/DNSOverHttps/DNSOverHttps.yml +++ b/Packs/DNSOverHttps/Integrations/DNSOverHttps/DNSOverHttps.yml @@ -41,19 +41,19 @@ script: - DNSKEY - NS - auto: PREDEFINED - defaultValue: "True" + defaultValue: 'True' description: If you only want to return the answers name: only_answers predefined: - - "True" - - "False" + - 'True' + - 'False' description: Resolve a name to IP over HTTPS name: doh-resolve outputs: - contextPath: DNSoOverHTTPS.Results description: DNS query results type: list - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 script: '' subtype: python3 type: python diff --git a/Packs/DNSOverHttps/ReleaseNotes/1_0_5.md b/Packs/DNSOverHttps/ReleaseNotes/1_0_5.md new file mode 100644 index 000000000000..1a07431acfb7 --- /dev/null +++ b/Packs/DNSOverHttps/ReleaseNotes/1_0_5.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### DNSOverHttps + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/DNSOverHttps/pack_metadata.json b/Packs/DNSOverHttps/pack_metadata.json index d74b878cc1ce..eec3dc6c2202 100644 --- a/Packs/DNSOverHttps/pack_metadata.json +++ b/Packs/DNSOverHttps/pack_metadata.json @@ -2,7 +2,7 @@ "name": "DNSOverHttps", "description": "Use this pack to make DNS queries over HTTPS to Cloudflare or Google DoH service.", "support": "community", - "currentVersion": "1.0.4", + "currentVersion": "1.0.5", "author": "Harri Ruuttila", "url": "", "email": "", diff --git a/Packs/DeepL/Integrations/DeepL/DeepL.yml b/Packs/DeepL/Integrations/DeepL/DeepL.yml index 7d79e1957a77..56b2851f1be0 100644 --- a/Packs/DeepL/Integrations/DeepL/DeepL.yml +++ b/Packs/DeepL/Integrations/DeepL/DeepL.yml @@ -271,7 +271,7 @@ script: description: File Size - contextPath: InfoFile.Type description: File type e.g. "PDF" - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '' subtype: python3 diff --git a/Packs/DeepL/ReleaseNotes/1_2_4.md b/Packs/DeepL/ReleaseNotes/1_2_4.md new file mode 100644 index 000000000000..c0a72f8db8d8 --- /dev/null +++ b/Packs/DeepL/ReleaseNotes/1_2_4.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### DeepL + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/DeepL/pack_metadata.json b/Packs/DeepL/pack_metadata.json index 9298f7265311..9b3622ee5a1f 100644 --- a/Packs/DeepL/pack_metadata.json +++ b/Packs/DeepL/pack_metadata.json @@ -2,7 +2,7 @@ "name": "DeepL", "description": "Uses DeepL (https://www.deepl.com/) to translate text or files", "support": "community", - "currentVersion": "1.2.3", + "currentVersion": "1.2.4", "author": "Harri Ruuttila", "url": "", "email": "", diff --git a/Packs/DevSecOps/Integrations/DockerEngine/DockerEngine.py b/Packs/DevSecOps/Integrations/DockerEngine/DockerEngine.py index 2fcbfb31d0a8..c763df4eeaf8 100644 --- a/Packs/DevSecOps/Integrations/DockerEngine/DockerEngine.py +++ b/Packs/DevSecOps/Integrations/DockerEngine/DockerEngine.py @@ -16,7 +16,7 @@ def __init__(self, server_url, verify, proxy, headers, client_cert, client_key, self._verify = verify self._base_url = server_url self._proxy = proxy - self._headers = headers if headers else dict() + self._headers = headers if headers else {} self._client_cert = client_cert self._client_key = client_key diff --git a/Packs/DevSecOps/Integrations/DockerEngine/DockerEngine.yml b/Packs/DevSecOps/Integrations/DockerEngine/DockerEngine.yml index 0c8af8bd10ba..cc8eb032138c 100644 --- a/Packs/DevSecOps/Integrations/DockerEngine/DockerEngine.yml +++ b/Packs/DevSecOps/Integrations/DockerEngine/DockerEngine.yml @@ -107,7 +107,7 @@ script: - description: ID or name of the container name: id required: true - description: Get changes on a container’s filesystem + description: Get changes on a container's filesystem name: docker-container-changes outputs: - contextPath: Docker.ContainerChangeResponseItem.Path @@ -981,7 +981,7 @@ script: description: 'The network endpoint that the Engine advertises for the purpose of node discovery. ClusterAdvertise is a `host:port` combination on which the daemon is reachable by other hosts. p / /p Deprecated : This field is only propagated when using standalone Swarm mode, and overlay networking using an external k/v store. Overlay networks with Swarm mode enabled use the built-in raft store, and this field will be empty. ' type: String - contextPath: Docker.SystemInfo.Runtimes.path - description: "Name and, optional, path, of the OCI executable binary. If the path is omitted, the daemon searches the host's `$PATH` for the binary and uses the first result. " + description: "Name and, optional, path of the OCI executable binary. If the path is omitted, the daemon searches the host's `$PATH` for the binary and uses the first result. " type: String - contextPath: Docker.SystemInfo.DefaultRuntime description: 'Name of the default OCI runtime that is used when starting containers. The default can be overridden per-container at create time. ' @@ -1234,7 +1234,7 @@ script: - contextPath: Docker.ImageTag.Status Code description: Image Tag Result type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '-' subtype: python3 diff --git a/Packs/DevSecOps/Integrations/LGTM/LGTM.yml b/Packs/DevSecOps/Integrations/LGTM/LGTM.yml index 7d530b2c15ac..d7f6cafa3006 100644 --- a/Packs/DevSecOps/Integrations/LGTM/LGTM.yml +++ b/Packs/DevSecOps/Integrations/LGTM/LGTM.yml @@ -29,10 +29,10 @@ script: - description: The URL of the repository to analyze. LGTM tests this against the [repository providers](https://lgtm.com/admin/help/adding-repository-providers) defined for the system. If it doesn't match any of them, the request fails. name: repository required: true - - description: 'Optional, a [language code](https://lgtm.com/help/lgtm/analysis-faqs#which-languages-are-supported) to specify which language to analyze. To request the analysis of more than one language, specify a query meter for each language. By default, LGTM tries to analyze all supported languages.' + - description: Optional, a [language code](https://lgtm.com/help/lgtm/analysis-faqs#which-languages-are-supported) to specify which language to analyze. To request the analysis of more than one language, specify a query meter for each language. By default, LGTM tries to analyze all supported languages. isArray: true name: language - - description: 'The analysis mode of the new project. When set to `full` all commits of the project are analyzed; when set to `sparse` the latest commit of the project is analyzed periodically; when set to `upload`, no automatic analysis is performed, instead externally-generated databases should be uploaded. For new projects the default value is `full`. The `mode` meter cannot be used to change the analysis mode of existing projects. Therefore, for existing projects, it should either be left blank or set to match the analysis mode of the project.' + - description: The analysis mode of the new project. When set to `full` all commits of the project are analyzed; when set to `sparse` the latest commit of the project is analyzed periodically; when set to `upload`, no automatic analysis is performed, instead externally-generated databases should be uploaded. For new projects the default value is `full`. The `mode` meter cannot be used to change the analysis mode of existing projects. Therefore, for existing projects, it should either be left blank or set to match the analysis mode of the project. name: mode - description: Required when `mode=upload`, specify the identifier of the commit used to generate the database. name: commit @@ -71,7 +71,7 @@ script: description: The analysis identifier. type: String - contextPath: LGTM.analysis_summary.commit-id - description: 'The commit identifier. The commit identifier is included only if the same commit was successfully analyzed for all languages. A detailed eakdown of which commit was analyzed for each language is provided in the `languages` property.' + description: The commit identifier. The commit identifier is included only if the same commit was successfully analyzed for all languages. A detailed eakdown of which commit was analyzed for each language is provided in the `languages` property. type: String - contextPath: LGTM.analysis_summary.languages.language description: The short name for the language. @@ -114,7 +114,7 @@ script: description: The analysis identifier. type: String - contextPath: LGTM.analysis_summary.commit-id - description: 'The commit identifier. The commit identifier is included only if the same commit was successfully analyzed for all languages. A detailed eakdown of which commit was analyzed for each language is provided in the `languages` property.' + description: The commit identifier. The commit identifier is included only if the same commit was successfully analyzed for all languages. A detailed eakdown of which commit was analyzed for each language is provided in the `languages` property. type: String - contextPath: LGTM.analysis_summary.languages.language description: The short name for the language. @@ -265,7 +265,7 @@ script: - description: The identifier of the commit to analyze. name: commit required: true - - description: 'The language codes of the languages to analyze. For a list of available languages, see [Supported languages](https://lgtm.com/help/lgtm/analysis-faqs#which-languages-are-supported). To specify more than one language, this meter can be repeated. If no language is specified, all the project''s languages will be analyzed.' + - description: The language codes of the languages to analyze. For a list of available languages, see [Supported languages](https://lgtm.com/help/lgtm/analysis-faqs#which-languages-are-supported). To specify more than one language, this meter can be repeated. If no language is specified, all the project's languages will be analyzed. isArray: true name: language description: Run analysis of a specific commit @@ -293,9 +293,9 @@ script: - description: Your reference number for the code review. name: external-id required: true - - description: 'The callback URL for LGTM to post to on completion of the review. When the code review is complete, the API sends an HTTP POST request to the callback URL with the result of the code review in the request body. The code review results in the request body are identical to the results accessed through the [`/codereviews/{review-id}`](https://lgtm.com/help/lgtm/api/api-v1#opIdgetCodeReview) end-point. If you specify a `callback-secret`, the request also includes an `x-lgtm-signature` header with a digital signature of the request''s contents.' + - description: The callback URL for LGTM to post to on completion of the review. When the code review is complete, the API sends an HTTP POST request to the callback URL with the result of the code review in the request body. The code review results in the request body are identical to the results accessed through the [`/codereviews/{review-id}`](https://lgtm.com/help/lgtm/api/api-v1#opIdgetCodeReview) end-point. If you specify a `callback-secret`, the request also includes an `x-lgtm-signature` header with a digital signature of the request's contents. name: callback-url - - description: 'The `callback-secret` is used to compute a signature which is included in the `x-lgtm-signature` header of the callback response. The receiver of the callback can check the validity of the response by computing the signature using HMAC-SHA1 and verifying that it matches the `x-lgtm-signature` header value. The HMAC algorithm requires byte sequences as inputs for both the secret and the message. The callback secret string must be converted to bytes using UTF-8 encoding. The response body should ideally be read as a plain byte sequence. Conversion to, for example a JSON object, and back to a byte sequence might change the formatting, and would invalidate the signature.' + - description: The `callback-secret` is used to compute a signature which is included in the `x-lgtm-signature` header of the callback response. The receiver of the callback can check the validity of the response by computing the signature using HMAC-SHA1 and verifying that it matches the `x-lgtm-signature` header value. The HMAC algorithm requires byte sequences as inputs for both the secret and the message. The callback secret string must be converted to bytes using UTF-8 encoding. The response body should ideally be read as a plain byte sequence. Conversion to, for example a JSON object, and back to a byte sequence might change the formatting, and would invalidate the signature. name: callback-secret - description: Entry ID of the Patch File , you can use git diff --binary to generate patch file name: patch-entry-id @@ -313,7 +313,7 @@ script: description: LGTM Code Review request task id type: Unknown - arguments: - - description: 'The [language](https://lgtm.com/help/lgtm/analysis-faqs#which-languages-are-supported) you want to analyze.' + - description: The [language](https://lgtm.com/help/lgtm/analysis-faqs#which-languages-are-supported) you want to analyze. name: language required: true - description: The identifier of the project to analyze. Either `project-id` or `projects-list` must be specified. @@ -384,7 +384,7 @@ script: description: Describes whether the query was sucessfully executed against the project. type: String - contextPath: LGTM.queryjob-results-overview.data.total - description: 'Number of results returned by the query. This is oken down further into `internal` and `external` results. Only applies if `status` is `success`.' + description: Number of results returned by the query. This is oken down further into `internal` and `external` results. Only applies if `status` is `success`. type: Number - contextPath: LGTM.queryjob-results-overview.data.internal description: Number of results that refer to elements within the source tree. Only applies if `status` is `success`. @@ -398,7 +398,7 @@ script: - contextPath: LGTM.queryjob-results-overview.next description: LGTM Query Job Results Overview Next type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '-' subtype: python3 diff --git a/Packs/DevSecOps/ReleaseNotes/1_1_9.md b/Packs/DevSecOps/ReleaseNotes/1_1_9.md new file mode 100644 index 000000000000..33a9cf163984 --- /dev/null +++ b/Packs/DevSecOps/ReleaseNotes/1_1_9.md @@ -0,0 +1,9 @@ + +#### Integrations + +##### Docker Engine API + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### LGTM + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/DevSecOps/pack_metadata.json b/Packs/DevSecOps/pack_metadata.json index 3b1718cb947a..cdbcfce56c51 100644 --- a/Packs/DevSecOps/pack_metadata.json +++ b/Packs/DevSecOps/pack_metadata.json @@ -2,7 +2,7 @@ "name": "DevSecOps", "description": "DevSecOps CI/CD Orchestration Integration Pack.", "support": "community", - "currentVersion": "1.1.8", + "currentVersion": "1.1.9", "author": "Ayman Mahmoud", "githubUser": [ "ayman-m" @@ -20,4 +20,4 @@ "xsoar", "marketplacev2" ] -} +} \ No newline at end of file diff --git a/Packs/DeveloperTools/ReleaseNotes/1_3_18.md b/Packs/DeveloperTools/ReleaseNotes/1_3_18.md new file mode 100644 index 000000000000..cd34bd2ea380 --- /dev/null +++ b/Packs/DeveloperTools/ReleaseNotes/1_3_18.md @@ -0,0 +1,18 @@ + +#### Scripts + +##### VerifyObjectFieldsList + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### FetchFromInstance + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### VerifyEnoughIncidents + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### GetInstanceName + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### VerifyEnoughIndicators + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/DeveloperTools/Scripts/FetchFromInstance/FetchFromInstance.py b/Packs/DeveloperTools/Scripts/FetchFromInstance/FetchFromInstance.py index b718d2f02c87..239961da0c2a 100644 --- a/Packs/DeveloperTools/Scripts/FetchFromInstance/FetchFromInstance.py +++ b/Packs/DeveloperTools/Scripts/FetchFromInstance/FetchFromInstance.py @@ -30,22 +30,22 @@ def main(): instance_name = get_instance_name(args) instance_name = instance_name.replace(" ", "_") - command = '!{0}-fetch'.format(instance_name) + command = f'!{instance_name}-fetch' response = demisto.executeCommand(command, {}) try: if not response and expect_data: - raise Exception("Error occurred while fetching incidents from {}".format(instance_name)) + raise Exception(f"Error occurred while fetching incidents from {instance_name}") for inc in response: contents = inc.get('Contents', '') error_msg_in_incident = demisto.args().get('error_msg_in_incident') if error_msg_in_incident and error_msg_in_incident in str(contents): - return_error("Error message '{0}' encountered while fetching incidents from {1}: {2}".format( + return_error("Error message '{}' encountered while fetching incidents from {}: {}".format( error_msg_in_incident, instance_name, str(contents))) if re.match("invalid character \'[a-zA-Z]\' looking for beginning of value", str(contents), re.IGNORECASE): - return_error("Error occurred while fetching incidents from {0}: {1}".format(instance_name, str(contents))) + return_error(f"Error occurred while fetching incidents from {instance_name}: {str(contents)}") if add_to_context: try: for entry in contents: diff --git a/Packs/DeveloperTools/Scripts/FetchFromInstance/FetchFromInstance.yml b/Packs/DeveloperTools/Scripts/FetchFromInstance/FetchFromInstance.yml index bdd01a1c0995..78ef2f3bf328 100644 --- a/Packs/DeveloperTools/Scripts/FetchFromInstance/FetchFromInstance.yml +++ b/Packs/DeveloperTools/Scripts/FetchFromInstance/FetchFromInstance.yml @@ -14,19 +14,19 @@ args: description: The name of the instance you want to fetch from - name: expect_data description: Whether to expect data to return from the fetch - defaultValue: "true" + defaultValue: 'true' - name: brand_name description: The name of the brand you want to fetch from - name: add_to_context auto: PREDEFINED predefined: - - "true" - - "false" + - 'true' + - 'false' description: Add the raw JSON of incidents to context - defaultValue: "false" + defaultValue: 'false' - name: error_msg_in_incident description: If this error message appears in the contents of the fetched incidents, will return error - defaultValue: "Error" + defaultValue: Error outputs: - contextPath: FetchedIncidents description: All incidents entries (raw JSON) @@ -34,4 +34,4 @@ scripttarget: 0 runonce: false tests: - No test - cannot create a dummy integration inorder to test that -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 diff --git a/Packs/DeveloperTools/Scripts/GetInstanceName/GetInstanceName.py b/Packs/DeveloperTools/Scripts/GetInstanceName/GetInstanceName.py index e8d0e8bae919..e07cf0d9bd4a 100644 --- a/Packs/DeveloperTools/Scripts/GetInstanceName/GetInstanceName.py +++ b/Packs/DeveloperTools/Scripts/GetInstanceName/GetInstanceName.py @@ -1,10 +1,10 @@ import demistomock as demisto from CommonServerPython import * from CommonServerUserPython import * -from typing import Dict, Any, List +from typing import Any -def instance_check(instances, integration_name: str) -> List: +def instance_check(instances, integration_name: str) -> list: instance_names = [] for instance_name, details in instances.items(): if details.get('brand') == integration_name: @@ -13,7 +13,7 @@ def instance_check(instances, integration_name: str) -> List: return instance_names -def get_instance_name_command(args: Dict[str, Any]) -> CommandResults: +def get_instance_name_command(args: dict[str, Any]) -> CommandResults: integration_name = args.get('integration_name', '') instances = demisto.getModules() diff --git a/Packs/DeveloperTools/Scripts/GetInstanceName/GetInstanceName.yml b/Packs/DeveloperTools/Scripts/GetInstanceName/GetInstanceName.yml index e8e91919bfd5..4e9ee03a605b 100644 --- a/Packs/DeveloperTools/Scripts/GetInstanceName/GetInstanceName.yml +++ b/Packs/DeveloperTools/Scripts/GetInstanceName/GetInstanceName.yml @@ -26,7 +26,7 @@ tags: timeout: '0' type: python subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 fromversion: 6.0.0 tests: - No test diff --git a/Packs/DeveloperTools/Scripts/VerifyEnoughIncidents/VerifyEnoughIncidents.yml b/Packs/DeveloperTools/Scripts/VerifyEnoughIncidents/VerifyEnoughIncidents.yml index 50efdceb7335..baca1191bb83 100644 --- a/Packs/DeveloperTools/Scripts/VerifyEnoughIncidents/VerifyEnoughIncidents.yml +++ b/Packs/DeveloperTools/Scripts/VerifyEnoughIncidents/VerifyEnoughIncidents.yml @@ -27,7 +27,7 @@ outputs: type: boolean scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole tests: - No test diff --git a/Packs/DeveloperTools/Scripts/VerifyEnoughIndicators/VerifyEnoughIndicators.yml b/Packs/DeveloperTools/Scripts/VerifyEnoughIndicators/VerifyEnoughIndicators.yml index 726d2be4b1dc..edd36b61737c 100644 --- a/Packs/DeveloperTools/Scripts/VerifyEnoughIndicators/VerifyEnoughIndicators.yml +++ b/Packs/DeveloperTools/Scripts/VerifyEnoughIndicators/VerifyEnoughIndicators.yml @@ -27,7 +27,7 @@ outputs: type: boolean scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole tests: - No test diff --git a/Packs/DeveloperTools/Scripts/VerifyObjectFieldsList/VerifyObjectFieldsList.py b/Packs/DeveloperTools/Scripts/VerifyObjectFieldsList/VerifyObjectFieldsList.py index 628d85cca0e4..d271c61099f1 100644 --- a/Packs/DeveloperTools/Scripts/VerifyObjectFieldsList/VerifyObjectFieldsList.py +++ b/Packs/DeveloperTools/Scripts/VerifyObjectFieldsList/VerifyObjectFieldsList.py @@ -1,7 +1,7 @@ import demistomock as demisto # noqa: F401 from CommonServerPython import * # noqa: F401 -from typing import Dict, Any, Tuple +from typing import Any def check_components(components: list, context: Any): @@ -21,7 +21,7 @@ def check_components(components: list, context: Any): raise KeyError -def check_fields(fields_to_search_array: list, context_json) -> Tuple[bool, Any]: +def check_fields(fields_to_search_array: list, context_json) -> tuple[bool, Any]: """ Args: fields_to_search_array(list): list of fields to search @@ -42,7 +42,7 @@ def check_fields(fields_to_search_array: list, context_json) -> Tuple[bool, Any] return True, None -def check_fields_command(args: Dict[str, Any]) -> CommandResults: +def check_fields_command(args: dict[str, Any]) -> CommandResults: """ Args: args(dict): args from demisto diff --git a/Packs/DeveloperTools/Scripts/VerifyObjectFieldsList/VerifyObjectFieldsList.yml b/Packs/DeveloperTools/Scripts/VerifyObjectFieldsList/VerifyObjectFieldsList.yml index 510e9c209e05..547b07f3bef7 100644 --- a/Packs/DeveloperTools/Scripts/VerifyObjectFieldsList/VerifyObjectFieldsList.yml +++ b/Packs/DeveloperTools/Scripts/VerifyObjectFieldsList/VerifyObjectFieldsList.yml @@ -22,7 +22,7 @@ tags: timeout: '0' type: python subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 fromversion: 6.0.0 tests: - No test diff --git a/Packs/DeveloperTools/pack_metadata.json b/Packs/DeveloperTools/pack_metadata.json index 8c50c3684c13..76172ac21d0c 100644 --- a/Packs/DeveloperTools/pack_metadata.json +++ b/Packs/DeveloperTools/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Developer Tools", "description": "Basic tools for content development.", "support": "community", - "currentVersion": "1.3.17", + "currentVersion": "1.3.18", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/DomainToolsIrisDetect/Integrations/DomainToolsIrisDetect/DomainToolsIrisDetect.py b/Packs/DomainToolsIrisDetect/Integrations/DomainToolsIrisDetect/DomainToolsIrisDetect.py index ce2f0db0792b..40ff62f199e8 100644 --- a/Packs/DomainToolsIrisDetect/Integrations/DomainToolsIrisDetect/DomainToolsIrisDetect.py +++ b/Packs/DomainToolsIrisDetect/Integrations/DomainToolsIrisDetect/DomainToolsIrisDetect.py @@ -1,10 +1,11 @@ """ DomainTools Iris Detect XSOAR Integration """ + from hashlib import sha256 from hmac import new from math import ceil -from typing import Callable, Tuple +from collections.abc import Callable from urllib.parse import urlencode, urlunparse from urllib3 import disable_warnings from CommonServerPython import * # noqa # pylint: disable=unused-wildcard-import @@ -12,7 +13,7 @@ # Disable insecure warnings disable_warnings() # pylint: disable=no-member -''' CONSTANTS ''' +""" CONSTANTS """ INTEGRATION_CONTEXT_NAME = "DomainToolsIrisDetect" DOMAINTOOLS_PARAMS: Dict[str, Any] = { @@ -21,18 +22,33 @@ "app_version": "1", } -DEFAULT_HEADERS: Dict[str, str] = {"accept": "application/json", "Content-Type": "application/json"} +DEFAULT_HEADERS: Dict[str, str] = { + "accept": "application/json", + "Content-Type": "application/json", +} TIMEOUT = 60.0 RETRY = 3 DOMAINTOOLS_API_BASE_URL = "api.domaintools.com" DOMAINTOOLS_API_VERSION = "v1" -DOMAINTOOLS_MANAGE_WATCHLIST_ENDPOINT = f"/{DOMAINTOOLS_API_VERSION}/iris-detect/domains/" -DOMAINTOOLS_NEW_DOMAINS_ENDPOINT = f"/{DOMAINTOOLS_API_VERSION}/iris-detect/domains/new/" -DOMAINTOOLS_WATCHED_DOMAINS_ENDPOINT = f"/{DOMAINTOOLS_API_VERSION}/iris-detect/domains/watched/" -DOMAINTOOLS_IGNORED_DOMAINS_ENDPOINT = f"/{DOMAINTOOLS_API_VERSION}/iris-detect/domains/ignored/" -DOMAINTOOLS_MONITOR_DOMAINS_ENDPOINT = f"/{DOMAINTOOLS_API_VERSION}/iris-detect/monitors/" -DOMAINTOOLS_ESCALATE_DOMAINS_ENDPOINT = f"/{DOMAINTOOLS_API_VERSION}/iris-detect/escalations/" +DOMAINTOOLS_MANAGE_WATCHLIST_ENDPOINT = ( + f"/{DOMAINTOOLS_API_VERSION}/iris-detect/domains/" +) +DOMAINTOOLS_NEW_DOMAINS_ENDPOINT = ( + f"/{DOMAINTOOLS_API_VERSION}/iris-detect/domains/new/" +) +DOMAINTOOLS_WATCHED_DOMAINS_ENDPOINT = ( + f"/{DOMAINTOOLS_API_VERSION}/iris-detect/domains/watched/" +) +DOMAINTOOLS_IGNORED_DOMAINS_ENDPOINT = ( + f"/{DOMAINTOOLS_API_VERSION}/iris-detect/domains/ignored/" +) +DOMAINTOOLS_MONITOR_DOMAINS_ENDPOINT = ( + f"/{DOMAINTOOLS_API_VERSION}/iris-detect/monitors/" +) +DOMAINTOOLS_ESCALATE_DOMAINS_ENDPOINT = ( + f"/{DOMAINTOOLS_API_VERSION}/iris-detect/escalations/" +) DOMAINTOOLS_ESCALATE_DOMAINS_HEADER = "Escalated Domains" DOMAINTOOLS_WATCHED_DOMAINS_HEADER = "Watched Domains" @@ -71,7 +87,7 @@ DATE_TIME_FORMAT = "%Y-%m-%dT%H:%M:%SZ" # ISO8601 format with UTC, default in XSOAR NO_DOMAINS_FOUND = "No Domains Found." LIMIT_ERROR_MSG = "Invalid Input Error: limit should be greater than zero." -DEFAULT_DAYS_BACK = '3 days' +DEFAULT_DAYS_BACK = "3 days" MAX_DAYS_BACK = 30 DATE_FORMAT = "%Y-%m-%d %H:%M:%S.%f" DEFAULT_PAGE_SIZE = 50 @@ -150,18 +166,18 @@ class Client(BaseClient): """ def __init__( - self, - username: str, - api_key: str, - new_domains: str, - changed_domains: str, - blocked_domains: str, - risk_score_ranges: List, - include_domain_data: Optional[bool] = None, - first_fetch: str = '3 days', - fetch_limit: Optional[int] = 50, - verify=None, - proxy=None, + self, + username: str, + api_key: str, + new_domains: str, + changed_domains: str, + blocked_domains: str, + risk_score_ranges: List, + include_domain_data: Optional[bool] = None, + first_fetch: str = "3 days", + fetch_limit: Optional[int] = 50, + verify=None, + proxy=None, ): super().__init__( DOMAINTOOLS_API_BASE_URL, @@ -199,10 +215,11 @@ def query_dt_api(self, end_point: str, method: str, **kwargs): query = { "api_username": self.username, "signature": signer.sign(timestamp, end_point), - "timestamp": timestamp + "timestamp": timestamp, } - full_url = urlunparse(("https", DOMAINTOOLS_API_BASE_URL, end_point, "", urlencode(query), None)) - + full_url = urlunparse( + ("https", DOMAINTOOLS_API_BASE_URL, end_point, "", urlencode(query), None) + ) return self._http_request( method=method, full_url=full_url, @@ -214,7 +231,9 @@ def query_dt_api(self, end_point: str, method: str, **kwargs): error_handler=dt_error_handler, ) - def create_indicator_from_detect_domain(self, item: Dict, term: Dict) -> Dict[str, Any]: + def create_indicator_from_detect_domain( + self, item: Dict, term: Dict + ) -> Dict[str, Any]: """Return the indicator object for the given DomainTools Iris Detect domain object. Args: @@ -224,7 +243,9 @@ def create_indicator_from_detect_domain(self, item: Dict, term: Dict) -> Dict[st Returns: Dict: The indicator object containing various fields and values. """ - risk_score_components = flatten_nested_dict(item.get("risk_score_components", {})) + risk_score_components = flatten_nested_dict( + item.get("risk_score_components", {}) + ) return { "name": "DomainTools Iris Detect", @@ -241,9 +262,14 @@ def create_indicator_from_detect_domain(self, item: Dict, term: Dict) -> Dict[st "irisdetectdiscovereddate": item.get("discovered_date", ""), "irisdetectchangeddate": item.get("changed_date", ""), "irisdetectdomainstatus": item.get("status", ""), - "irisdetectdomainstate": "blocked" if any(result.get("escalation_type", "") == "blocked" for result in - item.get("escalations", [])) else item.get("state", ""), - + "irisdetectdomainstate": ( + "blocked" + if any( + result.get("escalation_type", "") == "blocked" + for result in item.get("escalations", []) + ) + else item.get("state", "") + ), "domaintoolsriskscore": item.get("risk_score", ""), "domaintoolsriskscorestatus": item.get("risk_score_status", ""), "irisdetectdomainid": item.get("id", ""), @@ -282,8 +308,14 @@ def create_indicator_from_detect_domain(self, item: Dict, term: Dict) -> Dict[st }, } - def process_dt_domains_into_xsoar(self, domains_list: List[Dict[str, Any]], incident_name: str, last_run: str, - term: Dict[str, Any], enable_incidents: bool = True) -> List[Any]: + def process_dt_domains_into_xsoar( + self, + domains_list: List[Dict[str, Any]], + incident_name: str, + last_run: str, + term: Dict[str, Any], + enable_incidents: bool = True, + ) -> List[Any]: """ Create indicators and, optionally, an incident in XSOAR for a list of DomainTools Iris Detect domains. @@ -300,8 +332,13 @@ def process_dt_domains_into_xsoar(self, domains_list: List[Dict[str, Any]], inci otherwise an empty list. """ for domain in domains_list: - domain['monitor_term'] = join_dict_values_for_keys(domain.get("monitor_ids", []), term) - indicators = [self.create_indicator_from_detect_domain(item, term) for item in domains_list] + domain["monitor_term"] = join_dict_values_for_keys( + domain.get("monitor_ids", []), term + ) + indicators = [ + self.create_indicator_from_detect_domain(item, term) + for item in domains_list + ] if not indicators: return [] @@ -310,13 +347,19 @@ def process_dt_domains_into_xsoar(self, domains_list: List[Dict[str, Any]], inci demisto.info(f"Added {len(indicators)} indicators to demisto") if enable_incidents: - last_run_dt_without_ms = datetime.strptime(get_last_run(last_run), DATE_FORMAT).replace( - microsecond=0) if get_last_run(last_run) else None - first_run_dt_without_ms = (datetime.now() - timedelta(days=validate_first_fetch(self.first_fetch))).replace( - microsecond=0) + last_run_dt_without_ms = ( + datetime.strptime(get_last_run(last_run), DATE_FORMAT).replace( + microsecond=0 + ) + if get_last_run(last_run) + else None + ) + first_run_dt_without_ms = ( + datetime.now() - timedelta(days=validate_first_fetch(self.first_fetch)) + ).replace(microsecond=0) incident = { "name": f"{incident_name} " - f"{last_run_dt_without_ms or first_run_dt_without_ms}", + f"{last_run_dt_without_ms or first_run_dt_without_ms}", "details": json.dumps(domains_list), "rawJSON": json.dumps({"incidents": domains_list}), "type": INCIDENT_TYPE[incident_name], @@ -325,7 +368,9 @@ def process_dt_domains_into_xsoar(self, domains_list: List[Dict[str, Any]], inci return [] - def fetch_dt_domains_from_api(self, end_point: str, last_run: str) -> Tuple[List[Dict], str]: + def fetch_dt_domains_from_api( + self, end_point: str, last_run: str + ) -> tuple[List[Dict], str]: """ Makes an API call to the Domain Tools API endpoint and retrieves domain data based on the provided parameters. @@ -344,16 +389,20 @@ def fetch_dt_domains_from_api(self, end_point: str, last_run: str) -> Tuple[List if last_run_value: params = DOMAINTOOLS_PARAMS | { DT_TIMESTAMP_DICT[last_run]: last_run_value, - "include_domain_data": INCLUDE_DOMAIN_DATA_VALUE if self.include_domain_data else 0, + "include_domain_data": ( + INCLUDE_DOMAIN_DATA_VALUE if self.include_domain_data else 0 + ), } - demisto.info(f'Found last run, fetching domains from {last_run_value}') + demisto.info(f"Found last run, fetching domains from {last_run_value}") else: days_back = validate_first_fetch(self.first_fetch) params = DOMAINTOOLS_PARAMS | { DT_TIMESTAMP_DICT[last_run]: datetime.now() - timedelta(days=days_back), - "include_domain_data": INCLUDE_DOMAIN_DATA_VALUE if self.include_domain_data else 0, + "include_domain_data": ( + INCLUDE_DOMAIN_DATA_VALUE if self.include_domain_data else 0 + ), } - demisto.info(f'First run, fetching domains from last {days_back} days') + demisto.info(f"First run, fetching domains from last {days_back} days") if self.risk_score_ranges: params["risk_score_ranges[]"] = self.risk_score_ranges @@ -371,11 +420,13 @@ def fetch_and_process_domains(self) -> None: """Fetches DomainTools domain information and creates incidents in XSOAR.""" def process_domains( - process_endpoint: str, - process_timestamp_key: str, - process_incident_name: str, - import_only: bool, - process_filter_func: Optional[Callable[[List[Dict[str, Any]]], List[Dict[str, Any]]]] = None, + process_endpoint: str, + process_timestamp_key: str, + process_incident_name: str, + import_only: bool, + process_filter_func: Optional[ + Callable[[List[Dict[str, Any]]], List[Dict[str, Any]]] + ] = None, ) -> str: """ Process domains by calling DomainTools API, filtering results, and converting them into XSOAR incidents. @@ -407,7 +458,9 @@ def process_domains( ) return last_run - def filter_blocked_domains(domains: List[Dict[str, Any]]) -> List[Dict[str, Any]]: + def filter_blocked_domains( + domains: List[Dict[str, Any]] + ) -> List[Dict[str, Any]]: """ Filters the list of domains to return only the blocked domains. @@ -420,12 +473,15 @@ def filter_blocked_domains(domains: List[Dict[str, Any]]) -> List[Dict[str, Any] return [ domain for domain in domains - if domain.get("escalations") and any( - escalation.get("escalation_type") == "blocked" for escalation in domain["escalations"]) + if domain.get("escalations") + and any( + escalation.get("escalation_type") == "blocked" + for escalation in domain["escalations"] + ) ] monitor_result = self.query_dt_api( - DOMAINTOOLS_MONITOR_DOMAINS_ENDPOINT, "GET" + DOMAINTOOLS_MONITOR_DOMAINS_ENDPOINT, "GET", params=DOMAINTOOLS_PARAMS ) term = { results.get("id"): results.get("term") @@ -459,11 +515,21 @@ def filter_blocked_domains(domains: List[Dict[str, Any]]) -> List[Dict[str, Any] last_runs = {CHANGED_DOMAIN_TIMESTAMP: "", NEW_DOMAIN_TIMESTAMP: ""} - for endpoint, timestamp_key, incident_name, domain_setting, filter_func in domains_to_process: + for ( + endpoint, + timestamp_key, + incident_name, + domain_setting, + filter_func, + ) in domains_to_process: if domain_setting: - last_runs[timestamp_key] = process_domains(endpoint, timestamp_key, incident_name, - domain_setting == "Import Indicators Only", filter_func, - ) + last_runs[timestamp_key] = process_domains( + endpoint, + timestamp_key, + incident_name, + domain_setting == "Import Indicators Only", + filter_func, + ) demisto.setIntegrationContext(last_runs) demisto.info(f"Adding {len(incidents)} incidents to demisto") @@ -561,17 +627,23 @@ def dt_error_handler(response: requests.Response) -> None: 403: "Forbidden: The request is understood, but it has been refused or access is not allowed.", 404: "Not Found: The requested resource could not be found.", 500: "Internal Server Error: An error occurred on the server side.", - 206: "Partial Content: The requested resource has been partially returned." + 206: "Partial Content: The requested resource has been partially returned.", } if response.status_code in {206} | set(range(400, 600)): try: error_json = response.json().get("error", {}) - error_message = (error_json.get("message") or " ".join( - error_json.get("messages", [])) or specific_error_messages.get(response.status_code, - "An unknown error occurred.")) + error_message = ( + error_json.get("message") + or " ".join(error_json.get("messages", [])) + or specific_error_messages.get( + response.status_code, "An unknown error occurred." + ) + ) except ValueError: - error_message = specific_error_messages.get(response.status_code, "An unknown error occurred.") + error_message = specific_error_messages.get( + response.status_code, "An unknown error occurred." + ) raise DemistoException(error_message, res=response) @@ -671,10 +743,10 @@ def format_watchlist_fields(result: Dict[Any, Any]) -> Dict[str, Any]: def format_data( - result: Dict[str, List[Dict[str, Any]]], - field: str, - output_prefix: str, - data_key: str, + result: Dict[str, List[Dict[str, Any]]], + field: str, + output_prefix: str, + data_key: str, ) -> Dict[str, Any]: """ Extracts and formats data. @@ -763,17 +835,22 @@ def create_common_api_arguments(args: Dict[str, Any]) -> Dict[str, Any]: return { "monitor_id": args.get("monitor_id"), "tlds[]": argToList(args.get("tlds")), - "include_domain_data": argToBoolean(args.get("include_domain_data")) if args.get( - "include_domain_data") else None, + "include_domain_data": ( + argToBoolean(args.get("include_domain_data")) + if args.get("include_domain_data") + else None + ), "risk_score_ranges[]": argToList(args.get("risk_score_ranges")), "sort[]": argToList(args.get("sort")), "order": args.get("order"), - "mx_exists": argToBoolean(args.get("mx_exists")) if args.get("mx_exists") else None, + "mx_exists": ( + argToBoolean(args.get("mx_exists")) if args.get("mx_exists") else None + ), "preview": argToBoolean(args.get("preview")) if args.get("preview") else None, "search": args.get("search"), "limit": arg_to_number(args.get("limit")), "page": arg_to_number(args.get("page")), - "page_size": arg_to_number(args.get("page_size")) + "page_size": arg_to_number(args.get("page_size")), } @@ -794,21 +871,23 @@ def create_escalated_api_arguments(args: Dict[str, Any]) -> Dict[str, Any]: return { "escalated_since": args.get("escalated_since"), "escalation_types[]": args.get("escalation_types"), - "changed_since": args.get("changed_since") + "changed_since": args.get("changed_since"), } -def pagination(page: Optional[int], page_size: Optional[int], limit: Optional[int]) -> Tuple[int, int]: +def pagination( + page: Optional[int], page_size: Optional[int], limit: Optional[int] +) -> tuple[int, int]: + """ + Define pagination. + Args: + limit: Records per page. + page: The page number. + page_size: The number of requested results per page. + Returns: + limit (int): Records per page. + offset (int): The number of records to be skipped. """ - Define pagination. - Args: - limit: Records per page. - page: The page number. - page_size: The number of requested results per page. - Returns: - limit (int): Records per page. - offset (int): The number of records to be skipped. - """ if page is not None and page <= 0: raise DemistoException(PAGE_NUMBER_ERROR_MSG) @@ -818,11 +897,14 @@ def pagination(page: Optional[int], page_size: Optional[int], limit: Optional[in raise DemistoException(LIMIT_ERROR_MSG) if page_size and limit: limit = page_size - return limit or page_size or DEFAULT_PAGE_SIZE, (page - 1 if page else DEFAULT_OFFSET) * (page_size or DEFAULT_PAGE_SIZE) + return limit or page_size or DEFAULT_PAGE_SIZE, ( + page - 1 if page else DEFAULT_OFFSET + ) * (page_size or DEFAULT_PAGE_SIZE) -def get_command_title_string(sub_context: str, page: Optional[int], page_size: Optional[int], - hits: Optional[int]) -> str: +def get_command_title_string( + sub_context: str, page: Optional[int], page_size: Optional[int], hits: Optional[int] +) -> str: """ Generates a command title string based on the provided context and pagination information. @@ -837,8 +919,10 @@ def get_command_title_string(sub_context: str, page: Optional[int], page_size: O """ if page and page_size and hits is not None and (page > 0 and page_size > 0): total_page = ceil(hits / page_size) if hits > 0 else 1 - return f'{sub_context} \nCurrent page size: {page_size}\n' \ - f'Showing page {page} out of {total_page}' + return ( + f"{sub_context} \nCurrent page size: {page_size}\n" + f"Showing page {page} out of {total_page}" + ) return f"{sub_context}" @@ -867,16 +951,23 @@ def get_max_limit(end_point: str, dt_args: Dict[str, Any]) -> int: include_domain_data = dt_args.get("include_domain_data", False) return ( - MONITOR_DOMAINS_LIMIT if end_point == DOMAINTOOLS_MONITOR_DOMAINS_ENDPOINT and not include_counts else - INCLUDE_COUNTS_LIMIT if include_counts else - INCLUDE_DOMAIN_DATA_LIMIT if include_domain_data else - DEFAULT_LIMIT + MONITOR_DOMAINS_LIMIT + if end_point == DOMAINTOOLS_MONITOR_DOMAINS_ENDPOINT and not include_counts + else ( + INCLUDE_COUNTS_LIMIT + if include_counts + else INCLUDE_DOMAIN_DATA_LIMIT if include_domain_data else DEFAULT_LIMIT + ) ) def get_results_helper( - client: Client, end_point: str, dt_args: Dict[str, Any], result_key: str, tb_header_name: str -) -> Tuple[List[Any], str]: + client: Client, + end_point: str, + dt_args: Dict[str, Any], + result_key: str, + tb_header_name: str, +) -> tuple[List[Any], str]: """ Helper function to get results for the given endpoint and result_key. @@ -902,12 +993,17 @@ def get_results_helper( total_count = 0 while True: - fetch_size = min(limit - len(results), max_limit) if limit is not None else max_limit + fetch_size = ( + min(limit - len(results), max_limit) if limit is not None else max_limit + ) if fetch_size <= 0: break dt_args.update({"offset": offset, "limit": fetch_size}) - response = client.query_dt_api(end_point, "GET", params=DOMAINTOOLS_PARAMS | dt_args) + + response = client.query_dt_api( + end_point, "GET", params=DOMAINTOOLS_PARAMS | dt_args + ) total_count = response.get("total_count", 0) new_results = response.get(result_key, []) @@ -920,11 +1016,13 @@ def get_results_helper( if len(new_results) < fetch_size: break - return results, get_command_title_string(tb_header_name, page, page_size, total_count) + return results, get_command_title_string( + tb_header_name, page, page_size, total_count + ) def fetch_domain_tools_api_results( - client: Client, end_point: str, tb_header_name: str, dt_args: Dict[str, Any] + client: Client, end_point: str, tb_header_name: str, dt_args: Dict[str, Any] ) -> CommandResults: """ Gets the results for a DomainTools API endpoint. @@ -939,7 +1037,10 @@ def fetch_domain_tools_api_results( CommandResults: The results of the command. """ - results, title = get_results_helper(client, end_point, dt_args, "watchlist_domains", tb_header_name) + + results, title = get_results_helper( + client, end_point, dt_args, "watchlist_domains", tb_header_name + ) indicator_list: List[Dict] = [] if results: @@ -964,14 +1065,16 @@ def fetch_domain_tools_api_results( outputs=results, outputs_prefix=f"{INTEGRATION_CONTEXT_NAME}.{CONTEXT_PATH_KEY[tb_header_name]}", outputs_key_field="domain", - readable_output=tableToMarkdown(name=title, t=indicator_list) - if indicator_list - else NO_DOMAINS_FOUND, + readable_output=( + tableToMarkdown(name=title, t=indicator_list) + if indicator_list + else NO_DOMAINS_FOUND + ), ) def domaintools_iris_detect_get_watched_domains_command( - client: Client, args: Dict[str, Any] + client: Client, args: Dict[str, Any] ) -> CommandResults: """ domaintools_iris_detect_get_watched_domains_command: Get the watched domains list. @@ -992,7 +1095,7 @@ def domaintools_iris_detect_get_watched_domains_command( def domaintools_iris_detect_get_new_domains_command( - client: Client, args: Dict[str, Any] + client: Client, args: Dict[str, Any] ) -> CommandResults: """ domaintools_iris_detect_get_new_domains_command: Get the new domains list. @@ -1009,14 +1112,12 @@ def domaintools_iris_detect_get_new_domains_command( DOMAINTOOLS_NEW_DOMAINS_ENDPOINT, DOMAINTOOLS_NEW_DOMAINS_HEADER, create_common_api_arguments(args) - | { - "discovered_since": args.get("discovered_since") - }, + | {"discovered_since": args.get("discovered_since")}, ) def domaintools_iris_detect_get_ignored_domains_command( - client: Client, args: Dict[str, Any] + client: Client, args: Dict[str, Any] ) -> CommandResults: """ domaintools_iris_detect_get_ignored_domains_command: Get the ignored domains list. @@ -1037,7 +1138,7 @@ def domaintools_iris_detect_get_ignored_domains_command( def domaintools_iris_detect_get_blocklist_domains_command( - client: Client, args: Dict[str, Any] + client: Client, args: Dict[str, Any] ) -> CommandResults: """ domaintools_iris_detect_get_blocklist_domains_command: Get the blocked domains list. @@ -1053,12 +1154,14 @@ def domaintools_iris_detect_get_blocklist_domains_command( client, DOMAINTOOLS_WATCHED_DOMAINS_ENDPOINT, DOMAINTOOLS_BLOCKED_DOMAINS_HEADER, - create_common_api_arguments(args) | create_escalated_api_arguments(args) | {"escalation_types[]": "blocked"}, + create_common_api_arguments(args) + | create_escalated_api_arguments(args) + | {"escalation_types[]": "blocked"}, ) def domaintools_iris_detect_get_escalated_domains_command( - client: Client, args: Dict[str, Any] + client: Client, args: Dict[str, Any] ) -> CommandResults: """ domaintools_iris_detect_get_escalated_domains_command: Get the escalated domains @@ -1075,13 +1178,14 @@ def domaintools_iris_detect_get_escalated_domains_command( client, DOMAINTOOLS_WATCHED_DOMAINS_ENDPOINT, DOMAINTOOLS_ESCALATE_DOMAINS_HEADER, - create_common_api_arguments(args) | create_escalated_api_arguments(args) | { - "escalation_types[]": "google_safe"}, + create_common_api_arguments(args) + | create_escalated_api_arguments(args) + | {"escalation_types[]": "google_safe"}, ) def domaintools_iris_detect_get_monitors_list_command( - client: Client, args: Dict[str, Any] + client: Client, args: Dict[str, Any] ) -> CommandResults: """ Get the monitor domains list. @@ -1103,13 +1207,16 @@ def domaintools_iris_detect_get_monitors_list_command( } | create_common_api_arguments(args) | create_escalated_api_arguments(args), - "monitors", DOMAINTOOLS_MONITORS_HEADER + "monitors", + DOMAINTOOLS_MONITORS_HEADER, ) + if results: monitor_data = [format_monitor_fields(result) for result in results] headers = list(monitor_data[0].keys()) - readable_output = tableToMarkdown(name=title, t=monitor_data, - removeNull=True, headers=headers) + readable_output = tableToMarkdown( + name=title, t=monitor_data, removeNull=True, headers=headers + ) else: readable_output = NO_DOMAINS_FOUND return CommandResults( @@ -1121,7 +1228,7 @@ def domaintools_iris_detect_get_monitors_list_command( def handle_domain_action( - client: Client, args: Dict[str, Any], action: str + client: Client, args: Dict[str, Any], action: str ) -> CommandResults: """ Performs the specified action on one or more watchlist domains. @@ -1141,33 +1248,35 @@ def handle_domain_action( DOMAINTOOLS_MANAGE_WATCHLIST_ENDPOINT, DOMAINTOOLS_WATCHED_DOMAINS_HEADER, format_watchlist_fields, - "WatchedDomain" + "WatchedDomain", ), "ignored": ( "PATCH", DOMAINTOOLS_MANAGE_WATCHLIST_ENDPOINT, DOMAINTOOLS_IGNORE_DOMAINS_HEADER, format_watchlist_fields, - "IgnoredDomain" + "IgnoredDomain", ), "google_safe": ( "POST", DOMAINTOOLS_ESCALATE_DOMAINS_ENDPOINT, DOMAINTOOLS_ESCALATE_DOMAINS_HEADER, format_blocklist_fields, - "EscalatedDomain" + "EscalatedDomain", ), "blocked": ( "POST", DOMAINTOOLS_ESCALATE_DOMAINS_ENDPOINT, DOMAINTOOLS_BLOCKED_DOMAINS_HEADER, format_blocklist_fields, - "BlockedDomain" + "BlockedDomain", ), } method, endpoint, header, format_func, context_output_string = action_params[action] - data = {"watchlist_domain_ids": argToList(args.get("watchlist_domain_ids"))} | DOMAINTOOLS_PARAMS + data = { + "watchlist_domain_ids": argToList(args.get("watchlist_domain_ids")) + } | DOMAINTOOLS_PARAMS if action in ["watched", "ignored"]: data |= {"state": action} @@ -1175,24 +1284,28 @@ def handle_domain_action( data |= {"escalation_type": action} indicators_list = [ - dict(format_func(result)) for result in - client.query_dt_api(endpoint, method, json_data=data).get( - "watchlist_domains" if action in ["watched", "ignored"] else "escalations", []) + dict(format_func(result)) + for result in client.query_dt_api(endpoint, method, json_data=data).get( + "watchlist_domains" if action in ["watched", "ignored"] else "escalations", + [], + ) ] return CommandResults( outputs=indicators_list, outputs_prefix=f"{INTEGRATION_CONTEXT_NAME}.{context_output_string}", outputs_key_field="", - readable_output=tableToMarkdown(name=header, t=indicators_list) - if indicators_list - else NO_DOMAINS_FOUND, + readable_output=( + tableToMarkdown(name=header, t=indicators_list) + if indicators_list + else NO_DOMAINS_FOUND + ), raw_response=indicators_list, ) def domaintools_iris_detect_watch_domains_command( - client: Client, args: Dict[str, Any] + client: Client, args: Dict[str, Any] ) -> CommandResults: """ Watch domains for changes using DomainTools Iris API. @@ -1209,7 +1322,7 @@ def domaintools_iris_detect_watch_domains_command( def domaintools_iris_detect_ignore_domains_command( - client: Client, args: Dict[str, Any] + client: Client, args: Dict[str, Any] ) -> CommandResults: """ Ignore domains using DomainTools Iris API. @@ -1226,7 +1339,7 @@ def domaintools_iris_detect_ignore_domains_command( def domaintools_iris_detect_escalate_domains_command( - client: Client, args: Dict[str, Any] + client: Client, args: Dict[str, Any] ) -> CommandResults: """ Escalate domains to Google Safe Browsing using DomainTools Iris API. @@ -1243,7 +1356,7 @@ def domaintools_iris_detect_escalate_domains_command( def domaintools_iris_detect_blocklist_domains_command( - client: Client, args: Dict[str, Any] + client: Client, args: Dict[str, Any] ) -> CommandResults: """ Blocklist domains using DomainTools Iris API. @@ -1272,15 +1385,15 @@ def main() -> None: command = demisto.command() args = demisto.args() params = demisto.params() - username = params.get('credentials', {}).get('identifier') - api_key = params.get('credentials', {}).get('password') + username = params.get("credentials", {}).get("identifier") + api_key = params.get("credentials", {}).get("password") verify_certificate = not params.get("insecure", False) proxy = params.get("proxy", False) handle_proxy() risk_score_ranges = argToList(params.get("risk_score_ranges")) include_domain_data = params.get("include_domain_data") - first_fetch_time = params.get('first_fetch', DEFAULT_DAYS_BACK).strip() - fetch_limit = arg_to_number(params.get('max_fetch', 50)) + first_fetch_time = params.get("first_fetch", DEFAULT_DAYS_BACK).strip() + fetch_limit = arg_to_number(params.get("max_fetch", 50)) new_domains = params.get("new_domains") changed_domains = params.get("changed_domains") blocked_domains = params.get("blocked_domains") diff --git a/Packs/DomainToolsIrisDetect/Integrations/DomainToolsIrisDetect/DomainToolsIrisDetect.yml b/Packs/DomainToolsIrisDetect/Integrations/DomainToolsIrisDetect/DomainToolsIrisDetect.yml index 493ca164efb6..fac966d9cb89 100644 --- a/Packs/DomainToolsIrisDetect/Integrations/DomainToolsIrisDetect/DomainToolsIrisDetect.yml +++ b/Packs/DomainToolsIrisDetect/Integrations/DomainToolsIrisDetect/DomainToolsIrisDetect.yml @@ -104,7 +104,7 @@ script: commands: - arguments: - description: |- - List of Iris Detect domain IDs to escalate. The domain ID can be + List of Iris Detect domain IDs to escalate. The domain ID can be found using 'domaintools-iris-detect-get-new-domains' command. isArray: true name: watchlist_domain_ids @@ -132,8 +132,8 @@ script: type: String - arguments: - description: |- - List of Iris Detect domain IDs to escalate. The domain ID can be - found using 'domaintools-iris-detect-get-new-domains, + List of Iris Detect domain IDs to escalate. The domain ID can be + found using 'domaintools-iris-detect-get-new-domains, domaintools-iris-detect-get-watched-domains' commands. isArray: true name: watchlist_domain_ids @@ -161,7 +161,7 @@ script: type: String - arguments: - description: |- - List of Iris Detect domain IDs to escalate. The domain ID can be + List of Iris Detect domain IDs to escalate. The domain ID can be found using 'domaintools-iris-detect-get-new-domains' command. isArray: true name: watchlist_domain_ids @@ -192,7 +192,7 @@ script: type: String - arguments: - description: |- - List of Iris Detect domain IDs to escalate. The domain ID can be + List of Iris Detect domain IDs to escalate. The domain ID can be found using 'domaintools-iris-detect-get-new-domains, domaintools-iris-detect-get-watched-domains' command. isArray: true name: watchlist_domain_ids @@ -282,8 +282,8 @@ script: - description: Filter domains by when they were discovered. Provide a datetime in ISO 8601 format, for example 2022-05-18T12:19:51.685496. name: discovered_since - description: |- - Monitor ID is used when requesting domains for a specific monitor. - The monitor ID can be found using the + Monitor ID is used when requesting domains for a specific monitor. + The monitor ID can be found using the 'domaintools-iris-detect-get-monitors-list' command. name: monitor_id - auto: PREDEFINED @@ -436,8 +436,8 @@ script: - blocked - google_safe - description: |- - Monitor ID is used when requesting domains for a specific monitor. - The monitor ID can be found using the + Monitor ID is used when requesting domains for a specific monitor. + The monitor ID can be found using the 'domaintools-iris-detect-get-monitors-list' command. name: monitor_id - auto: PREDEFINED @@ -597,8 +597,8 @@ script: - 70-99 - 100-100 - description: |- - Monitor ID is used when requesting domains for a specific monitor. - The monitor ID can be found using the + Monitor ID is used when requesting domains for a specific monitor. + The monitor ID can be found using the 'domaintools-iris-detect-get-monitors-list' command. name: monitor_id - auto: PREDEFINED @@ -749,8 +749,8 @@ script: - 70-99 - 100-100 - description: |- - Monitor ID is used when requesting domains for a specific monitor. - The monitor ID can be found using the + Monitor ID is used when requesting domains for a specific monitor. + The monitor ID can be found using the 'domaintools-iris-detect-get-monitors-list' command. name: monitor_id - auto: PREDEFINED @@ -892,8 +892,8 @@ script: type: String - arguments: - description: |- - Monitor ID is used when requesting domains for a specific monitor. - The monitor ID can be found using the + Monitor ID is used when requesting domains for a specific monitor. + The monitor ID can be found using the 'domaintools-iris-detect-get-monitors-list' command. name: monitor_id - auto: PREDEFINED diff --git a/Packs/DomainToolsIrisDetect/Integrations/DomainToolsIrisDetect/DomainToolsIrisDetect_test.py b/Packs/DomainToolsIrisDetect/Integrations/DomainToolsIrisDetect/DomainToolsIrisDetect_test.py index 50f2abee06b7..695db4be34b1 100644 --- a/Packs/DomainToolsIrisDetect/Integrations/DomainToolsIrisDetect/DomainToolsIrisDetect_test.py +++ b/Packs/DomainToolsIrisDetect/Integrations/DomainToolsIrisDetect/DomainToolsIrisDetect_test.py @@ -2,11 +2,10 @@ DomainTools Iris Detect Test Cases """ import hmac -import io import json import time from hashlib import sha256 -from typing import Any, Dict, Optional, Tuple +from typing import Any import pytest import requests @@ -213,7 +212,7 @@ def load_json(path): JSONDecodeError: If the file at the specified path contains invalid JSON. """ - with io.open(path, mode="r", encoding="utf-8") as file: + with open(path, encoding="utf-8") as file: return json.loads(file.read()) @@ -1012,7 +1011,7 @@ def test_validate_first_fetch_parametrized(value, expected): (1, 10, 10, (10, 0)), ], ) -def test_pagination(page: Optional[int], page_size: Optional[int], limit: Optional[int], expected: Tuple[int, int]): +def test_pagination(page: int | None, page_size: int | None, limit: int | None, expected: tuple[int, int]): """ Test the pagination function with various input cases, including when page, page_size, and limit are None, when only page is provided, when page and page_size are provided, and when all parameters are provided. @@ -1038,7 +1037,7 @@ def test_pagination(page: Optional[int], page_size: Optional[int], limit: Option (1, 10, 0, LIMIT_ERROR_MSG), ], ) -def test_pagination_errors(page: Optional[int], page_size: Optional[int], limit: Optional[int], error_msg: str): +def test_pagination_errors(page: int | None, page_size: int | None, limit: int | None, error_msg: str): """ Test the pagination function with invalid input cases that should raise exceptions. @@ -1061,7 +1060,7 @@ def test_pagination_errors(page: Optional[int], page_size: Optional[int], limit: ("Test Context", 1, 10, 0, "Test Context \nCurrent page size: 10\nShowing page 1 out of 1"), ], ) -def test_get_command_title_string(sub_context: str, page: Optional[int], page_size: Optional[int], hits: Optional[int], +def test_get_command_title_string(sub_context: str, page: int | None, page_size: int | None, hits: int | None, expected_output: str): """ Test the get_command_title_string function with various input cases. @@ -1086,7 +1085,7 @@ def test_get_command_title_string(sub_context: str, page: Optional[int], page_si ("some_other_endpoint", {"include_counts": False, "include_domain_data": False}, DEFAULT_LIMIT), ], ) -def test_get_max_limit(end_point: str, dt_args: Dict[str, Any], expected_max_limit: int): +def test_get_max_limit(end_point: str, dt_args: dict[str, Any], expected_max_limit: int): """ Test the get_max_limit function with various input cases, including different endpoints and argument combinations. diff --git a/Packs/DomainToolsIrisDetect/ReleaseNotes/1_0_14.md b/Packs/DomainToolsIrisDetect/ReleaseNotes/1_0_14.md new file mode 100644 index 000000000000..ba26b37f9ef9 --- /dev/null +++ b/Packs/DomainToolsIrisDetect/ReleaseNotes/1_0_14.md @@ -0,0 +1,9 @@ + +#### Integrations + +##### DomainTools Iris Detect + +- Fixed an issue in **fetch_incident** command that calls monitor domains API without the default following api parameters: + - *app_partner* + - *app_name* + - *app_version* diff --git a/Packs/DomainToolsIrisDetect/pack_metadata.json b/Packs/DomainToolsIrisDetect/pack_metadata.json index 2ef388318da3..aa32d0a80909 100644 --- a/Packs/DomainToolsIrisDetect/pack_metadata.json +++ b/Packs/DomainToolsIrisDetect/pack_metadata.json @@ -2,7 +2,7 @@ "name": "DomainTools Iris Detect", "description": "Iris Detect protects against malicious domains impersonating your brands and supply chain.", "support": "partner", - "currentVersion": "1.0.13", + "currentVersion": "1.0.14", "author": "DomainTools Integrations", "url": "http://www.domaintools.com", "email": "enterprisesupport@domaintools.com", diff --git a/Packs/Drift/Integrations/Drift/Drift.py b/Packs/Drift/Integrations/Drift/Drift.py index 9a0401373462..0d6f78a2a280 100644 --- a/Packs/Drift/Integrations/Drift/Drift.py +++ b/Packs/Drift/Integrations/Drift/Drift.py @@ -18,7 +18,7 @@ def post_contact(self, email: dict = None): def get_contact(self, contact_id: str = None, email: str = None): url_suffix = '/contacts' - params = dict() + params = {} if contact_id: url_suffix = f"{url_suffix}/{contact_id}" elif email: diff --git a/Packs/Drift/Integrations/Drift/Drift.yml b/Packs/Drift/Integrations/Drift/Drift.yml index d1d4046e3b12..04403a98fd25 100644 --- a/Packs/Drift/Integrations/Drift/Drift.yml +++ b/Packs/Drift/Integrations/Drift/Drift.yml @@ -86,7 +86,7 @@ script: - contextPath: Drift.Contacts.Attributes description: Attributes of the contact (JSON dict). description: 'Post New Contact using a new contact Email ' - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false subtype: python3 fromversion: 6.2.0 diff --git a/Packs/Drift/ReleaseNotes/1_0_4.md b/Packs/Drift/ReleaseNotes/1_0_4.md new file mode 100644 index 000000000000..b826959d263a --- /dev/null +++ b/Packs/Drift/ReleaseNotes/1_0_4.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Drift + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/Drift/pack_metadata.json b/Packs/Drift/pack_metadata.json index c7a23263de4c..9c4d60da4805 100644 --- a/Packs/Drift/pack_metadata.json +++ b/Packs/Drift/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Drift", "description": "Drift Pack containing integrations with the Drift API", "support": "community", - "currentVersion": "1.0.3", + "currentVersion": "1.0.4", "author": "Adriana Rose Diaz", "url": "https://devdocs.drift.com/docs/using-drift-apis", "email": "", diff --git a/Packs/EDLMonitor/Integrations/EDLMonitor/EDLMonitor.py b/Packs/EDLMonitor/Integrations/EDLMonitor/EDLMonitor.py index a3d728932c71..f5fa48f53e3e 100644 --- a/Packs/EDLMonitor/Integrations/EDLMonitor/EDLMonitor.py +++ b/Packs/EDLMonitor/Integrations/EDLMonitor/EDLMonitor.py @@ -172,6 +172,7 @@ def check_edl(cmd, start_time, EDL, edl_user, edl_pwd, verify_certificate, email return ["Success"] elif cmd == "get-edl-contents": return [csv_string, pull_time] + return None ''' MAIN FUNCTION ''' diff --git a/Packs/EDLMonitor/Integrations/EDLMonitor/EDLMonitor.yml b/Packs/EDLMonitor/Integrations/EDLMonitor/EDLMonitor.yml index b3801e01ac18..9828366d2b25 100644 --- a/Packs/EDLMonitor/Integrations/EDLMonitor/EDLMonitor.yml +++ b/Packs/EDLMonitor/Integrations/EDLMonitor/EDLMonitor.yml @@ -4,7 +4,7 @@ commonfields: version: -1 configuration: - additionalinfo: Timeout (in seconds) for how long to wait for EDL response before detecting as down (default 2 minutes) - defaultvalue: "120" + defaultvalue: '120' display: 'Timeout:' name: timeout type: 0 @@ -86,7 +86,7 @@ script: - contextPath: ResponseCode description: The response code. type: number - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '' subtype: python3 diff --git a/Packs/EDLMonitor/ReleaseNotes/1_0_2.md b/Packs/EDLMonitor/ReleaseNotes/1_0_2.md new file mode 100644 index 000000000000..78dfffacf08c --- /dev/null +++ b/Packs/EDLMonitor/ReleaseNotes/1_0_2.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### EDL Monitor + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/EDLMonitor/pack_metadata.json b/Packs/EDLMonitor/pack_metadata.json index 9dca0081ae30..bf568652e756 100644 --- a/Packs/EDLMonitor/pack_metadata.json +++ b/Packs/EDLMonitor/pack_metadata.json @@ -2,12 +2,14 @@ "name": "EDL Monitor", "description": "This content pack can monitor EDL contents a by emailing the content of an EDL as a zipped file to a specified user at an interval (simply configure a job to run the playbook included), and/or simply monitor the EDL for availability and email the user if the EDL is not available", "support": "community", - "currentVersion": "1.0.1", + "currentVersion": "1.0.2", "author": "Andrew Murret", "url": "", "email": "", "created": "2023-04-03T14:42:50Z", - "categories": ["Utilities"], + "categories": [ + "Utilities" + ], "tags": [], "useCases": [], "keywords": [], diff --git a/Packs/F5LTM/Integrations/F5LTM/F5LTM.py b/Packs/F5LTM/Integrations/F5LTM/F5LTM.py index 60bdba71ca25..c0f058f118f8 100644 --- a/Packs/F5LTM/Integrations/F5LTM/F5LTM.py +++ b/Packs/F5LTM/Integrations/F5LTM/F5LTM.py @@ -289,7 +289,7 @@ def ltm_get_node_by_address_command(client, args): outputs=node, ) return_error(f'No nodes found matching the address: {ip_address}') - return + return None def ltm_get_pools_by_node_command(client, args) -> CommandResults: diff --git a/Packs/F5LTM/Integrations/F5LTM/F5LTM.yml b/Packs/F5LTM/Integrations/F5LTM/F5LTM.yml index e3084a26951b..7de1fd69e819 100644 --- a/Packs/F5LTM/Integrations/F5LTM/F5LTM.yml +++ b/Packs/F5LTM/Integrations/F5LTM/F5LTM.yml @@ -517,7 +517,7 @@ script: - contextPath: F5.LTM.Nodes.name description: The node name type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '-' subtype: python3 diff --git a/Packs/F5LTM/ReleaseNotes/1_0_9.md b/Packs/F5LTM/ReleaseNotes/1_0_9.md new file mode 100644 index 000000000000..4ac8c7471a9c --- /dev/null +++ b/Packs/F5LTM/ReleaseNotes/1_0_9.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### F5 LTM + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/F5LTM/pack_metadata.json b/Packs/F5LTM/pack_metadata.json index 469f477e0537..3c77a71d39ef 100644 --- a/Packs/F5LTM/pack_metadata.json +++ b/Packs/F5LTM/pack_metadata.json @@ -2,7 +2,7 @@ "name": "F5 LTM", "description": "You can use this pack to automate traffic management use cases in integration with F5 Local Traffic Manager (LTM), the integration with F5 LTM included with the pack comes with several commands to get LTM information about nodes, pools and pool members, along with that some of those commands can be used to automate remediation actions such as disabling an active node.", "support": "community", - "currentVersion": "1.0.8", + "currentVersion": "1.0.9", "author": "Ayman Mahmoud", "email": "amahmoud@paloaltonetworks.com", "url": "", diff --git a/Packs/FeedCyrenThreatInDepth/ReleaseNotes/1_5_25.md b/Packs/FeedCyrenThreatInDepth/ReleaseNotes/1_5_25.md new file mode 100644 index 000000000000..7c3e4e2c147e --- /dev/null +++ b/Packs/FeedCyrenThreatInDepth/ReleaseNotes/1_5_25.md @@ -0,0 +1,18 @@ + +#### Scripts + +##### CyrenCountryLookup + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CyrenThreatInDepthRandomHunt + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CyrenThreatInDepthRelatedWidgetQuick + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CyrenThreatInDepthRelatedWidget + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CyrenThreatInDepthRenderRelated + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenCountryLookup/CyrenCountryLookup.py b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenCountryLookup/CyrenCountryLookup.py index e8dbe83c684a..aaa2588818ce 100644 --- a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenCountryLookup/CyrenCountryLookup.py +++ b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenCountryLookup/CyrenCountryLookup.py @@ -4,257 +4,257 @@ # ISO 3166-1-derived mapping (begin) -COUNTRIES = dict( - AW=dict(name="Aruba"), - AF=dict(name="Afghanistan"), - AO=dict(name="Angola"), - AI=dict(name="Anguilla"), - AX=dict(name="Åland Islands"), - AL=dict(name="Albania"), - AD=dict(name="Andorra"), - AE=dict(name="United Arab Emirates"), - AR=dict(name="Argentina"), - AM=dict(name="Armenia"), - AS=dict(name="American Samoa"), - AQ=dict(name="Antarctica"), - TF=dict(name="French Southern Territories"), - AG=dict(name="Antigua and Barbuda"), - AU=dict(name="Australia"), - AT=dict(name="Austria"), - AZ=dict(name="Azerbaijan"), - BI=dict(name="Burundi"), - BE=dict(name="Belgium"), - BJ=dict(name="Benin"), - BQ=dict(name="Bonaire, Sint Eustatius and Saba"), - BF=dict(name="Burkina Faso"), - BD=dict(name="Bangladesh"), - BG=dict(name="Bulgaria"), - BH=dict(name="Bahrain"), - BS=dict(name="Bahamas"), - BA=dict(name="Bosnia and Herzegovina"), - BL=dict(name="Saint Barthélemy"), - BY=dict(name="Belarus"), - BZ=dict(name="Belize"), - BM=dict(name="Bermuda"), - BO=dict(name="Bolivia, Plurinational State of"), - BR=dict(name="Brazil"), - BB=dict(name="Barbados"), - BN=dict(name="Brunei Darussalam"), - BT=dict(name="Bhutan"), - BV=dict(name="Bouvet Island"), - BW=dict(name="Botswana"), - CF=dict(name="Central African Republic"), - CA=dict(name="Canada"), - CC=dict(name="Cocos (Keeling) Islands"), - CH=dict(name="Switzerland"), - CL=dict(name="Chile"), - CN=dict(name="China"), - CI=dict(name="Côte d'Ivoire"), - CM=dict(name="Cameroon"), - CD=dict(name="Congo, The Democratic Republic of the"), - CG=dict(name="Congo"), - CK=dict(name="Cook Islands"), - CO=dict(name="Colombia"), - KM=dict(name="Comoros"), - CV=dict(name="Cabo Verde"), - CR=dict(name="Costa Rica"), - CU=dict(name="Cuba"), - CW=dict(name="Curaçao"), - CX=dict(name="Christmas Island"), - KY=dict(name="Cayman Islands"), - CY=dict(name="Cyprus"), - CZ=dict(name="Czechia"), - DE=dict(name="Germany"), - DJ=dict(name="Djibouti"), - DM=dict(name="Dominica"), - DK=dict(name="Denmark"), - DO=dict(name="Dominican Republic"), - DZ=dict(name="Algeria"), - EC=dict(name="Ecuador"), - EG=dict(name="Egypt"), - ER=dict(name="Eritrea"), - EH=dict(name="Western Sahara"), - ES=dict(name="Spain"), - EE=dict(name="Estonia"), - ET=dict(name="Ethiopia"), - FI=dict(name="Finland"), - FJ=dict(name="Fiji"), - FK=dict(name="Falkland Islands (Malvinas)"), - FR=dict(name="France"), - FO=dict(name="Faroe Islands"), - FM=dict(name="Micronesia, Federated States of"), - GA=dict(name="Gabon"), - GB=dict(name="United Kingdom"), - GE=dict(name="Georgia"), - GG=dict(name="Guernsey"), - GH=dict(name="Ghana"), - GI=dict(name="Gibraltar"), - GN=dict(name="Guinea"), - GP=dict(name="Guadeloupe"), - GM=dict(name="Gambia"), - GW=dict(name="Guinea-Bissau"), - GQ=dict(name="Equatorial Guinea"), - GR=dict(name="Greece"), - GD=dict(name="Grenada"), - GL=dict(name="Greenland"), - GT=dict(name="Guatemala"), - GF=dict(name="French Guiana"), - GU=dict(name="Guam"), - GY=dict(name="Guyana"), - HK=dict(name="Hong Kong"), - HM=dict(name="Heard Island and McDonald Islands"), - HN=dict(name="Honduras"), - HR=dict(name="Croatia"), - HT=dict(name="Haiti"), - HU=dict(name="Hungary"), - ID=dict(name="Indonesia"), - IM=dict(name="Isle of Man"), - IN=dict(name="India"), - IO=dict(name="British Indian Ocean Territory"), - IE=dict(name="Ireland"), - IR=dict(name="Iran, Islamic Republic of"), - IQ=dict(name="Iraq"), - IS=dict(name="Iceland"), - IL=dict(name="Israel"), - IT=dict(name="Italy"), - JM=dict(name="Jamaica"), - JE=dict(name="Jersey"), - JO=dict(name="Jordan"), - JP=dict(name="Japan"), - KZ=dict(name="Kazakhstan"), - KE=dict(name="Kenya"), - KG=dict(name="Kyrgyzstan"), - KH=dict(name="Cambodia"), - KI=dict(name="Kiribati"), - KN=dict(name="Saint Kitts and Nevis"), - KR=dict(name="Korea, Republic of"), - KW=dict(name="Kuwait"), - LA=dict(name="Lao People's Democratic Republic"), - LB=dict(name="Lebanon"), - LR=dict(name="Liberia"), - LY=dict(name="Libya"), - LC=dict(name="Saint Lucia"), - LI=dict(name="Liechtenstein"), - LK=dict(name="Sri Lanka"), - LS=dict(name="Lesotho"), - LT=dict(name="Lithuania"), - LU=dict(name="Luxembourg"), - LV=dict(name="Latvia"), - MO=dict(name="Macao"), - MF=dict(name="Saint Martin (French part)"), - MA=dict(name="Morocco"), - MC=dict(name="Monaco"), - MD=dict(name="Moldova, Republic of"), - MG=dict(name="Madagascar"), - MV=dict(name="Maldives"), - MX=dict(name="Mexico"), - MH=dict(name="Marshall Islands"), - MK=dict(name="North Macedonia"), - ML=dict(name="Mali"), - MT=dict(name="Malta"), - MM=dict(name="Myanmar"), - ME=dict(name="Montenegro"), - MN=dict(name="Mongolia"), - MP=dict(name="Northern Mariana Islands"), - MZ=dict(name="Mozambique"), - MR=dict(name="Mauritania"), - MS=dict(name="Montserrat"), - MQ=dict(name="Martinique"), - MU=dict(name="Mauritius"), - MW=dict(name="Malawi"), - MY=dict(name="Malaysia"), - YT=dict(name="Mayotte"), - NA=dict(name="Namibia"), - NC=dict(name="New Caledonia"), - NE=dict(name="Niger"), - NF=dict(name="Norfolk Island"), - NG=dict(name="Nigeria"), - NI=dict(name="Nicaragua"), - NU=dict(name="Niue"), - NL=dict(name="Netherlands"), - NO=dict(name="Norway"), - NP=dict(name="Nepal"), - NR=dict(name="Nauru"), - NZ=dict(name="New Zealand"), - OM=dict(name="Oman"), - PK=dict(name="Pakistan"), - PA=dict(name="Panama"), - PN=dict(name="Pitcairn"), - PE=dict(name="Peru"), - PH=dict(name="Philippines"), - PW=dict(name="Palau"), - PG=dict(name="Papua New Guinea"), - PL=dict(name="Poland"), - PR=dict(name="Puerto Rico"), - KP=dict(name="Korea, Democratic People's Republic of"), - PT=dict(name="Portugal"), - PY=dict(name="Paraguay"), - PS=dict(name="Palestine, State of"), - PF=dict(name="French Polynesia"), - QA=dict(name="Qatar"), - RE=dict(name="Réunion"), - RO=dict(name="Romania"), - RU=dict(name="Russian Federation"), - RW=dict(name="Rwanda"), - SA=dict(name="Saudi Arabia"), - SD=dict(name="Sudan"), - SN=dict(name="Senegal"), - SG=dict(name="Singapore"), - GS=dict(name="South Georgia and the South Sandwich Islands"), - SH=dict(name="Saint Helena, Ascension and Tristan da Cunha"), - SJ=dict(name="Svalbard and Jan Mayen"), - SB=dict(name="Solomon Islands"), - SL=dict(name="Sierra Leone"), - SV=dict(name="El Salvador"), - SM=dict(name="San Marino"), - SO=dict(name="Somalia"), - PM=dict(name="Saint Pierre and Miquelon"), - RS=dict(name="Serbia"), - SS=dict(name="South Sudan"), - ST=dict(name="Sao Tome and Principe"), - SR=dict(name="Suriname"), - SK=dict(name="Slovakia"), - SI=dict(name="Slovenia"), - SE=dict(name="Sweden"), - SZ=dict(name="Eswatini"), - SX=dict(name="Sint Maarten (Dutch part)"), - SC=dict(name="Seychelles"), - SY=dict(name="Syrian Arab Republic"), - TC=dict(name="Turks and Caicos Islands"), - TD=dict(name="Chad"), - TG=dict(name="Togo"), - TH=dict(name="Thailand"), - TJ=dict(name="Tajikistan"), - TK=dict(name="Tokelau"), - TM=dict(name="Turkmenistan"), - TL=dict(name="Timor-Leste"), - TO=dict(name="Tonga"), - TT=dict(name="Trinidad and Tobago"), - TN=dict(name="Tunisia"), - TR=dict(name="Turkey"), - TV=dict(name="Tuvalu"), - TW=dict(name="Taiwan, Province of China"), - TZ=dict(name="Tanzania, United Republic of"), - UG=dict(name="Uganda"), - UA=dict(name="Ukraine"), - UM=dict(name="United States Minor Outlying Islands"), - UY=dict(name="Uruguay"), - US=dict(name="United States"), - UZ=dict(name="Uzbekistan"), - VA=dict(name="Holy See (Vatican City State)"), - VC=dict(name="Saint Vincent and the Grenadines"), - VE=dict(name="Venezuela, Bolivarian Republic of"), - VG=dict(name="Virgin Islands, British"), - VI=dict(name="Virgin Islands, U.S."), - VN=dict(name="Viet Nam"), - VU=dict(name="Vanuatu"), - WF=dict(name="Wallis and Futuna"), - WS=dict(name="Samoa"), - YE=dict(name="Yemen"), - ZA=dict(name="South Africa"), - ZM=dict(name="Zambia"), - ZW=dict(name="Zimbabwe"), -) +COUNTRIES = { + "AW": {"name": "Aruba"}, + "AF": {"name": "Afghanistan"}, + "AO": {"name": "Angola"}, + "AI": {"name": "Anguilla"}, + "AX": {"name": "Åland Islands"}, + "AL": {"name": "Albania"}, + "AD": {"name": "Andorra"}, + "AE": {"name": "United Arab Emirates"}, + "AR": {"name": "Argentina"}, + "AM": {"name": "Armenia"}, + "AS": {"name": "American Samoa"}, + "AQ": {"name": "Antarctica"}, + "TF": {"name": "French Southern Territories"}, + "AG": {"name": "Antigua and Barbuda"}, + "AU": {"name": "Australia"}, + "AT": {"name": "Austria"}, + "AZ": {"name": "Azerbaijan"}, + "BI": {"name": "Burundi"}, + "BE": {"name": "Belgium"}, + "BJ": {"name": "Benin"}, + "BQ": {"name": "Bonaire, Sint Eustatius and Saba"}, + "BF": {"name": "Burkina Faso"}, + "BD": {"name": "Bangladesh"}, + "BG": {"name": "Bulgaria"}, + "BH": {"name": "Bahrain"}, + "BS": {"name": "Bahamas"}, + "BA": {"name": "Bosnia and Herzegovina"}, + "BL": {"name": "Saint Barthélemy"}, + "BY": {"name": "Belarus"}, + "BZ": {"name": "Belize"}, + "BM": {"name": "Bermuda"}, + "BO": {"name": "Bolivia, Plurinational State of"}, + "BR": {"name": "Brazil"}, + "BB": {"name": "Barbados"}, + "BN": {"name": "Brunei Darussalam"}, + "BT": {"name": "Bhutan"}, + "BV": {"name": "Bouvet Island"}, + "BW": {"name": "Botswana"}, + "CF": {"name": "Central African Republic"}, + "CA": {"name": "Canada"}, + "CC": {"name": "Cocos (Keeling) Islands"}, + "CH": {"name": "Switzerland"}, + "CL": {"name": "Chile"}, + "CN": {"name": "China"}, + "CI": {"name": "Côte d'Ivoire"}, + "CM": {"name": "Cameroon"}, + "CD": {"name": "Congo, The Democratic Republic of the"}, + "CG": {"name": "Congo"}, + "CK": {"name": "Cook Islands"}, + "CO": {"name": "Colombia"}, + "KM": {"name": "Comoros"}, + "CV": {"name": "Cabo Verde"}, + "CR": {"name": "Costa Rica"}, + "CU": {"name": "Cuba"}, + "CW": {"name": "Curaçao"}, + "CX": {"name": "Christmas Island"}, + "KY": {"name": "Cayman Islands"}, + "CY": {"name": "Cyprus"}, + "CZ": {"name": "Czechia"}, + "DE": {"name": "Germany"}, + "DJ": {"name": "Djibouti"}, + "DM": {"name": "Dominica"}, + "DK": {"name": "Denmark"}, + "DO": {"name": "Dominican Republic"}, + "DZ": {"name": "Algeria"}, + "EC": {"name": "Ecuador"}, + "EG": {"name": "Egypt"}, + "ER": {"name": "Eritrea"}, + "EH": {"name": "Western Sahara"}, + "ES": {"name": "Spain"}, + "EE": {"name": "Estonia"}, + "ET": {"name": "Ethiopia"}, + "FI": {"name": "Finland"}, + "FJ": {"name": "Fiji"}, + "FK": {"name": "Falkland Islands (Malvinas)"}, + "FR": {"name": "France"}, + "FO": {"name": "Faroe Islands"}, + "FM": {"name": "Micronesia, Federated States of"}, + "GA": {"name": "Gabon"}, + "GB": {"name": "United Kingdom"}, + "GE": {"name": "Georgia"}, + "GG": {"name": "Guernsey"}, + "GH": {"name": "Ghana"}, + "GI": {"name": "Gibraltar"}, + "GN": {"name": "Guinea"}, + "GP": {"name": "Guadeloupe"}, + "GM": {"name": "Gambia"}, + "GW": {"name": "Guinea-Bissau"}, + "GQ": {"name": "Equatorial Guinea"}, + "GR": {"name": "Greece"}, + "GD": {"name": "Grenada"}, + "GL": {"name": "Greenland"}, + "GT": {"name": "Guatemala"}, + "GF": {"name": "French Guiana"}, + "GU": {"name": "Guam"}, + "GY": {"name": "Guyana"}, + "HK": {"name": "Hong Kong"}, + "HM": {"name": "Heard Island and McDonald Islands"}, + "HN": {"name": "Honduras"}, + "HR": {"name": "Croatia"}, + "HT": {"name": "Haiti"}, + "HU": {"name": "Hungary"}, + "ID": {"name": "Indonesia"}, + "IM": {"name": "Isle of Man"}, + "IN": {"name": "India"}, + "IO": {"name": "British Indian Ocean Territory"}, + "IE": {"name": "Ireland"}, + "IR": {"name": "Iran, Islamic Republic of"}, + "IQ": {"name": "Iraq"}, + "IS": {"name": "Iceland"}, + "IL": {"name": "Israel"}, + "IT": {"name": "Italy"}, + "JM": {"name": "Jamaica"}, + "JE": {"name": "Jersey"}, + "JO": {"name": "Jordan"}, + "JP": {"name": "Japan"}, + "KZ": {"name": "Kazakhstan"}, + "KE": {"name": "Kenya"}, + "KG": {"name": "Kyrgyzstan"}, + "KH": {"name": "Cambodia"}, + "KI": {"name": "Kiribati"}, + "KN": {"name": "Saint Kitts and Nevis"}, + "KR": {"name": "Korea, Republic of"}, + "KW": {"name": "Kuwait"}, + "LA": {"name": "Lao People's Democratic Republic"}, + "LB": {"name": "Lebanon"}, + "LR": {"name": "Liberia"}, + "LY": {"name": "Libya"}, + "LC": {"name": "Saint Lucia"}, + "LI": {"name": "Liechtenstein"}, + "LK": {"name": "Sri Lanka"}, + "LS": {"name": "Lesotho"}, + "LT": {"name": "Lithuania"}, + "LU": {"name": "Luxembourg"}, + "LV": {"name": "Latvia"}, + "MO": {"name": "Macao"}, + "MF": {"name": "Saint Martin (French part)"}, + "MA": {"name": "Morocco"}, + "MC": {"name": "Monaco"}, + "MD": {"name": "Moldova, Republic of"}, + "MG": {"name": "Madagascar"}, + "MV": {"name": "Maldives"}, + "MX": {"name": "Mexico"}, + "MH": {"name": "Marshall Islands"}, + "MK": {"name": "North Macedonia"}, + "ML": {"name": "Mali"}, + "MT": {"name": "Malta"}, + "MM": {"name": "Myanmar"}, + "ME": {"name": "Montenegro"}, + "MN": {"name": "Mongolia"}, + "MP": {"name": "Northern Mariana Islands"}, + "MZ": {"name": "Mozambique"}, + "MR": {"name": "Mauritania"}, + "MS": {"name": "Montserrat"}, + "MQ": {"name": "Martinique"}, + "MU": {"name": "Mauritius"}, + "MW": {"name": "Malawi"}, + "MY": {"name": "Malaysia"}, + "YT": {"name": "Mayotte"}, + "NA": {"name": "Namibia"}, + "NC": {"name": "New Caledonia"}, + "NE": {"name": "Niger"}, + "NF": {"name": "Norfolk Island"}, + "NG": {"name": "Nigeria"}, + "NI": {"name": "Nicaragua"}, + "NU": {"name": "Niue"}, + "NL": {"name": "Netherlands"}, + "NO": {"name": "Norway"}, + "NP": {"name": "Nepal"}, + "NR": {"name": "Nauru"}, + "NZ": {"name": "New Zealand"}, + "OM": {"name": "Oman"}, + "PK": {"name": "Pakistan"}, + "PA": {"name": "Panama"}, + "PN": {"name": "Pitcairn"}, + "PE": {"name": "Peru"}, + "PH": {"name": "Philippines"}, + "PW": {"name": "Palau"}, + "PG": {"name": "Papua New Guinea"}, + "PL": {"name": "Poland"}, + "PR": {"name": "Puerto Rico"}, + "KP": {"name": "Korea, Democratic People's Republic of"}, + "PT": {"name": "Portugal"}, + "PY": {"name": "Paraguay"}, + "PS": {"name": "Palestine, State of"}, + "PF": {"name": "French Polynesia"}, + "QA": {"name": "Qatar"}, + "RE": {"name": "Réunion"}, + "RO": {"name": "Romania"}, + "RU": {"name": "Russian Federation"}, + "RW": {"name": "Rwanda"}, + "SA": {"name": "Saudi Arabia"}, + "SD": {"name": "Sudan"}, + "SN": {"name": "Senegal"}, + "SG": {"name": "Singapore"}, + "GS": {"name": "South Georgia and the South Sandwich Islands"}, + "SH": {"name": "Saint Helena, Ascension and Tristan da Cunha"}, + "SJ": {"name": "Svalbard and Jan Mayen"}, + "SB": {"name": "Solomon Islands"}, + "SL": {"name": "Sierra Leone"}, + "SV": {"name": "El Salvador"}, + "SM": {"name": "San Marino"}, + "SO": {"name": "Somalia"}, + "PM": {"name": "Saint Pierre and Miquelon"}, + "RS": {"name": "Serbia"}, + "SS": {"name": "South Sudan"}, + "ST": {"name": "Sao Tome and Principe"}, + "SR": {"name": "Suriname"}, + "SK": {"name": "Slovakia"}, + "SI": {"name": "Slovenia"}, + "SE": {"name": "Sweden"}, + "SZ": {"name": "Eswatini"}, + "SX": {"name": "Sint Maarten (Dutch part)"}, + "SC": {"name": "Seychelles"}, + "SY": {"name": "Syrian Arab Republic"}, + "TC": {"name": "Turks and Caicos Islands"}, + "TD": {"name": "Chad"}, + "TG": {"name": "Togo"}, + "TH": {"name": "Thailand"}, + "TJ": {"name": "Tajikistan"}, + "TK": {"name": "Tokelau"}, + "TM": {"name": "Turkmenistan"}, + "TL": {"name": "Timor-Leste"}, + "TO": {"name": "Tonga"}, + "TT": {"name": "Trinidad and Tobago"}, + "TN": {"name": "Tunisia"}, + "TR": {"name": "Turkey"}, + "TV": {"name": "Tuvalu"}, + "TW": {"name": "Taiwan, Province of China"}, + "TZ": {"name": "Tanzania, United Republic of"}, + "UG": {"name": "Uganda"}, + "UA": {"name": "Ukraine"}, + "UM": {"name": "United States Minor Outlying Islands"}, + "UY": {"name": "Uruguay"}, + "US": {"name": "United States"}, + "UZ": {"name": "Uzbekistan"}, + "VA": {"name": "Holy See (Vatican City State)"}, + "VC": {"name": "Saint Vincent and the Grenadines"}, + "VE": {"name": "Venezuela, Bolivarian Republic of"}, + "VG": {"name": "Virgin Islands, British"}, + "VI": {"name": "Virgin Islands, U.S."}, + "VN": {"name": "Viet Nam"}, + "VU": {"name": "Vanuatu"}, + "WF": {"name": "Wallis and Futuna"}, + "WS": {"name": "Samoa"}, + "YE": {"name": "Yemen"}, + "ZA": {"name": "South Africa"}, + "ZM": {"name": "Zambia"}, + "ZW": {"name": "Zimbabwe"}, +} # ISO 3166-1-derived mapping (end) diff --git a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenCountryLookup/CyrenCountryLookup.yml b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenCountryLookup/CyrenCountryLookup.yml index 97c07ad8548c..490adb70cadd 100644 --- a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenCountryLookup/CyrenCountryLookup.yml +++ b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenCountryLookup/CyrenCountryLookup.yml @@ -6,7 +6,7 @@ comment: Translates a country code provided by Cyren products to a full country commonfields: id: CyrenCountryLookup version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: CyrenCountryLookup script: '-' diff --git a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenCountryLookup/CyrenCountryLookup_test.py b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenCountryLookup/CyrenCountryLookup_test.py index 89767081785e..8728cafbed8a 100644 --- a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenCountryLookup/CyrenCountryLookup_test.py +++ b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenCountryLookup/CyrenCountryLookup_test.py @@ -16,15 +16,15 @@ def test_lookup(value, expected): """ from CyrenCountryLookup import lookup - assert lookup(dict(value=value)) == expected + assert lookup({"value": value}) == expected @pytest.mark.parametrize("args", [ - dict(), - dict(value=None), - dict(value=""), - dict(value=9), - dict(value=[]), + {}, + {"value": None}, + {"value": ""}, + {"value": 9}, + {"value": []}, ]) def test_lookup_error(args): """ diff --git a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRandomHunt/CyrenThreatInDepthRandomHunt.py b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRandomHunt/CyrenThreatInDepthRandomHunt.py index 36606bbba8af..13aec63be999 100644 --- a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRandomHunt/CyrenThreatInDepthRandomHunt.py +++ b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRandomHunt/CyrenThreatInDepthRandomHunt.py @@ -48,7 +48,7 @@ def create_random_hunt_incident(args): query = " ".join(query_parts) random_page = randrange(10) + 1 - res = demisto.executeCommand("findIndicators", dict(query=query, size=1, page=random_page)) + res = demisto.executeCommand("findIndicators", {"query": query, "size": 1, "page": random_page}) if isError(res[0]): raise DemistoException(f"Could not find any indicators: {res}") @@ -56,14 +56,14 @@ def create_random_hunt_incident(args): if not any(indicators): return simple_result(f"Could not find any indicators for \"{query}\"!") - incident = dict(name="Cyren Threat InDepth Threat Hunt", - type=incident_type, - details=yaml.dump(indicators[0])) + incident = {"name": "Cyren Threat InDepth Threat Hunt", + "type": incident_type, + "details": yaml.dump(indicators[0])} if assignee: incident["owner"] = assignee else: - res = demisto.executeCommand("getUsers", dict(current=True)) + res = demisto.executeCommand("getUsers", {"current": True}) if not isError(res[0]): current_user = res[0]["Contents"][0] current_user_id = current_user.get("id") @@ -74,10 +74,10 @@ def create_random_hunt_incident(args): raise DemistoException(f"Could not create new incident: {res}") created_incident = res[0] - id = created_incident.get("EntryContext", dict()).get("CreatedIncidentID") + id = created_incident.get("EntryContext", {}).get("CreatedIncidentID") data = f"Successfully created incident {incident['name']}.\n" \ f"Click here to investigate: [{id}](#/incident/{id})." - res = demisto.executeCommand("investigate", dict(id=id)) + res = demisto.executeCommand("investigate", {"id": id}) if isError(res[0]): data = data + "\n(An investigation has not been started.)" diff --git a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRandomHunt/CyrenThreatInDepthRandomHunt.yml b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRandomHunt/CyrenThreatInDepthRandomHunt.yml index 3526db9f0b0d..d546eb3cca57 100644 --- a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRandomHunt/CyrenThreatInDepthRandomHunt.yml +++ b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRandomHunt/CyrenThreatInDepthRandomHunt.yml @@ -12,18 +12,21 @@ args: name: incident_type - description: Specify the user you want to assign the new incident (optional, default is current user) name: assignee -comment: |- - This script will take a random Cyren Threat InDepth feed indicator and its relationships and create a threat hunting incident for you. +comment: 'This script will take a random Cyren Threat InDepth feed indicator and its relationships and create a threat hunting incident for you. + The main query parameters for the resulting, internal indicator query are: + 1. Seen for the first time by the feed source within the last 7 days. + 2. No investigation on it yet. - 3. Must have relationships to other indicators. + + 3. Must have relationships to other indicators.' commonfields: id: CyrenThreatInDepthRandomHunt version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: CyrenThreatInDepthRandomHunt script: '-' diff --git a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRandomHunt/CyrenThreatInDepthRandomHunt_test.py b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRandomHunt/CyrenThreatInDepthRandomHunt_test.py index 08462335162d..66643a7a484d 100644 --- a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRandomHunt/CyrenThreatInDepthRandomHunt_test.py +++ b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRandomHunt/CyrenThreatInDepthRandomHunt_test.py @@ -70,40 +70,41 @@ def inner(command, args=None): "Contents": [{}], } ] + return None return inner @pytest.mark.parametrize("args, expected_incident", [ ( - dict(), - dict(name="Cyren Threat InDepth Threat Hunt", type="Hunt", - details="indicator_type: URL\nvalue: http://google.de\n", owner="admin") + {}, + {"name": "Cyren Threat InDepth Threat Hunt", "type": "Hunt", + "details": "indicator_type: URL\nvalue: http://google.de\n", "owner": "admin"} ), ( - dict(assignee="other.user"), - dict(name="Cyren Threat InDepth Threat Hunt", type="Hunt", - details="indicator_type: URL\nvalue: http://google.de\n", owner="other.user") + {"assignee": "other.user"}, + {"name": "Cyren Threat InDepth Threat Hunt", "type": "Hunt", + "details": "indicator_type: URL\nvalue: http://google.de\n", "owner": "other.user"} ), ( - dict(assignee="other.user", incident_type="My Type"), - dict(name="Cyren Threat InDepth Threat Hunt", type="My Type", - details="indicator_type: URL\nvalue: http://google.de\n", owner="other.user") + {"assignee": "other.user", "incident_type": "My Type"}, + {"name": "Cyren Threat InDepth Threat Hunt", "type": "My Type", + "details": "indicator_type: URL\nvalue: http://google.de\n", "owner": "other.user"} ), ( - dict(indicator_type="ip_reputation"), - dict(name="Cyren Threat InDepth Threat Hunt", type="Hunt", - details="indicator_type: URL\nvalue: http://google.de\n", owner="admin") + {"indicator_type": "ip_reputation"}, + {"name": "Cyren Threat InDepth Threat Hunt", "type": "Hunt", + "details": "indicator_type: URL\nvalue: http://google.de\n", "owner": "admin"} ), ( - dict(incident_type="My Type"), - dict(name="Cyren Threat InDepth Threat Hunt", type="My Type", - details="indicator_type: URL\nvalue: http://google.de\n", owner="admin") + {"incident_type": "My Type"}, + {"name": "Cyren Threat InDepth Threat Hunt", "type": "My Type", + "details": "indicator_type: URL\nvalue: http://google.de\n", "owner": "admin"} ), ( - dict(indicator_type="ip_reputation", incident_type="My Type"), - dict(name="Cyren Threat InDepth Threat Hunt", type="My Type", - details="indicator_type: URL\nvalue: http://google.de\n", owner="admin") + {"indicator_type": "ip_reputation", "incident_type": "My Type"}, + {"name": "Cyren Threat InDepth Threat Hunt", "type": "My Type", + "details": "indicator_type: URL\nvalue: http://google.de\n", "owner": "admin"} ), ]) def test_create_random_hunt_incident(mocker, args, expected_incident): @@ -132,7 +133,7 @@ def test_create_random_hunt_incident_find_indicators_error(mocker): mocker.patch.object(demisto, "executeCommand", side_effect=executeCommand(find_indicators_error=True)) with pytest.raises(DemistoException): - create_random_hunt_incident(dict()) + create_random_hunt_incident({}) def test_create_random_hunt_incident_find_indicators_empty(mocker): @@ -144,7 +145,7 @@ def test_create_random_hunt_incident_find_indicators_empty(mocker): from CyrenThreatInDepthRandomHunt import create_random_hunt_incident mocker.patch.object(demisto, "executeCommand", side_effect=executeCommand(find_indicators_result=FIND_INDICATORS_EMPTY)) - result = create_random_hunt_incident(dict()) + result = create_random_hunt_incident({}) assert "Could not find any indicators for " in result.readable_output @@ -158,7 +159,7 @@ def test_create_random_hunt_incident_get_current_user_error(mocker): from CyrenThreatInDepthRandomHunt import create_random_hunt_incident mocker.patch.object(demisto, "executeCommand", side_effect=executeCommand(get_users_error=True)) - result = create_random_hunt_incident(dict()) + result = create_random_hunt_incident({}) assert result.readable_output == ("Successfully created incident Cyren Threat InDepth Threat Hunt.\n" "Click here to investigate: [1234](#/incident/1234).") @@ -175,7 +176,7 @@ def test_create_random_hunt_incident_create_new_incident_error(mocker): mocker.patch.object(demisto, "executeCommand", side_effect=executeCommand(create_new_incident_error=True)) with pytest.raises(DemistoException): - create_random_hunt_incident(dict()) + create_random_hunt_incident({}) def test_create_random_hunt_incident_investigate_error(mocker): @@ -187,7 +188,7 @@ def test_create_random_hunt_incident_investigate_error(mocker): from CyrenThreatInDepthRandomHunt import create_random_hunt_incident mocker.patch.object(demisto, "executeCommand", side_effect=executeCommand(investigate_error=True)) - result = create_random_hunt_incident(dict()) + result = create_random_hunt_incident({}) assert result.readable_output == ("Successfully created incident Cyren Threat InDepth Threat Hunt.\n" "Click here to investigate: [1234](#/incident/1234).\n" diff --git a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidget/CyrenThreatInDepthRelatedWidget.py b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidget/CyrenThreatInDepthRelatedWidget.py index 6f194dac8ed9..3780072150fa 100644 --- a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidget/CyrenThreatInDepthRelatedWidget.py +++ b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidget/CyrenThreatInDepthRelatedWidget.py @@ -8,7 +8,7 @@ def cyren_feed_relationship(args) -> CommandResults: if not indicator: raise ValueError("Please provide 'indicator' argument!") - result = demisto.executeCommand("CyrenThreatInDepthRenderRelated", dict(indicator=json.dumps(indicator))) + result = demisto.executeCommand("CyrenThreatInDepthRenderRelated", {"indicator": json.dumps(indicator)}) if is_error(result[0]): raise ValueError(f"Failed to render related: {str(get_error(result))}") diff --git a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidget/CyrenThreatInDepthRelatedWidget.yml b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidget/CyrenThreatInDepthRelatedWidget.yml index 6dd66cda20f6..928ea32c36a1 100644 --- a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidget/CyrenThreatInDepthRelatedWidget.yml +++ b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidget/CyrenThreatInDepthRelatedWidget.yml @@ -10,5 +10,5 @@ tags: - dynamic-indicator-section timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 fromversion: 6.0.0 diff --git a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidget/CyrenThreatInDepthRelatedWidget_test.py b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidget/CyrenThreatInDepthRelatedWidget_test.py index a8edeb1d8274..7e69a5af5520 100644 --- a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidget/CyrenThreatInDepthRelatedWidget_test.py +++ b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidget/CyrenThreatInDepthRelatedWidget_test.py @@ -24,6 +24,7 @@ def inner(command, args=None): if error: return ERROR return result + return None return inner @@ -37,10 +38,10 @@ def test_cyren_feed_relationship_normal(mocker): from CyrenThreatInDepthRelatedWidget import cyren_feed_relationship mocker.patch.object(demisto, "executeCommand", side_effect=executeCommand()) - args = dict(indicator=dict(some="value")) + args = {"indicator": {"some": "value"}} result = cyren_feed_relationship(args) - demisto.executeCommand.assert_any_call("CyrenThreatInDepthRenderRelated", dict(indicator="{\"some\": \"value\"}")) + demisto.executeCommand.assert_any_call("CyrenThreatInDepthRenderRelated", {"indicator": "{\"some\": \"value\"}"}) assert result.readable_output == "tha output!" @@ -54,7 +55,7 @@ def test_cyren_feed_relationship_no_indicator(mocker): mocker.patch.object(demisto, "executeCommand", side_effect=executeCommand()) with pytest.raises(ValueError): - cyren_feed_relationship(dict()) + cyren_feed_relationship({}) def test_cyren_feed_relationship_error_response(mocker): @@ -66,7 +67,7 @@ def test_cyren_feed_relationship_error_response(mocker): from CyrenThreatInDepthRelatedWidget import cyren_feed_relationship mocker.patch.object(demisto, "executeCommand", side_effect=executeCommand(error=True)) - args = dict(indicator=dict(some="value")) + args = {"indicator": {"some": "value"}} with pytest.raises(ValueError): cyren_feed_relationship(args) diff --git a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidgetQuick/CyrenThreatInDepthRelatedWidgetQuick.py b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidgetQuick/CyrenThreatInDepthRelatedWidgetQuick.py index 6584d7fbbb66..d91f1dbd3aba 100644 --- a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidgetQuick/CyrenThreatInDepthRelatedWidgetQuick.py +++ b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidgetQuick/CyrenThreatInDepthRelatedWidgetQuick.py @@ -10,8 +10,8 @@ def cyren_feed_relationship(args) -> CommandResults: if not indicator: raise ValueError("Please provide 'indicator' argument!") - result = demisto.executeCommand("CyrenThreatInDepthRenderRelated", dict(indicator=json.dumps(indicator), - columns="Indicator Type,Value")) + result = demisto.executeCommand("CyrenThreatInDepthRenderRelated", {"indicator": json.dumps(indicator), + "columns": "Indicator Type,Value"}) if is_error(result[0]): raise ValueError(f"Failed to render related: {str(get_error(result))}") diff --git a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidgetQuick/CyrenThreatInDepthRelatedWidgetQuick.yml b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidgetQuick/CyrenThreatInDepthRelatedWidgetQuick.yml index e1a50106216b..2744983a9785 100644 --- a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidgetQuick/CyrenThreatInDepthRelatedWidgetQuick.yml +++ b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidgetQuick/CyrenThreatInDepthRelatedWidgetQuick.yml @@ -10,5 +10,5 @@ tags: - dynamic-indicator-section timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 fromversion: 6.0.0 diff --git a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidgetQuick/CyrenThreatInDepthRelatedWidgetQuick_test.py b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidgetQuick/CyrenThreatInDepthRelatedWidgetQuick_test.py index 65f2eb7ed46f..de65a62ad3b6 100644 --- a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidgetQuick/CyrenThreatInDepthRelatedWidgetQuick_test.py +++ b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidgetQuick/CyrenThreatInDepthRelatedWidgetQuick_test.py @@ -24,6 +24,7 @@ def inner(command, args=None): if error: return ERROR return result + return None return inner @@ -37,12 +38,12 @@ def test_cyren_feed_relationship_normal(mocker): from CyrenThreatInDepthRelatedWidgetQuick import cyren_feed_relationship mocker.patch.object(demisto, "executeCommand", side_effect=executeCommand()) - args = dict(indicator=dict(some="value")) + args = {"indicator": {"some": "value"}} result = cyren_feed_relationship(args) demisto.executeCommand.assert_any_call("CyrenThreatInDepthRenderRelated", - dict(indicator="{\"some\": \"value\"}", - columns="Indicator Type,Value")) + {"indicator": "{\"some\": \"value\"}", + "columns": "Indicator Type,Value"}) assert result.readable_output == "tha output!" @@ -56,7 +57,7 @@ def test_cyren_feed_relationship_no_indicator(mocker): mocker.patch.object(demisto, "executeCommand", side_effect=executeCommand()) with pytest.raises(ValueError): - cyren_feed_relationship(dict()) + cyren_feed_relationship({}) def test_cyren_feed_relationship_error_response(mocker): @@ -68,7 +69,7 @@ def test_cyren_feed_relationship_error_response(mocker): from CyrenThreatInDepthRelatedWidgetQuick import cyren_feed_relationship mocker.patch.object(demisto, "executeCommand", side_effect=executeCommand(error=True)) - args = dict(indicator=dict(some="value")) + args = {"indicator": {"some": "value"}} with pytest.raises(ValueError): cyren_feed_relationship(args) diff --git a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRenderRelated/CyrenThreatInDepthRenderRelated.yml b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRenderRelated/CyrenThreatInDepthRenderRelated.yml index 29a933a5e283..de94f3e572b7 100644 --- a/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRenderRelated/CyrenThreatInDepthRenderRelated.yml +++ b/Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRenderRelated/CyrenThreatInDepthRenderRelated.yml @@ -10,7 +10,7 @@ tags: - cyren timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 fromversion: 6.0.0 args: - description: The indicator that holds the relationships. As JSON representation. diff --git a/Packs/FeedCyrenThreatInDepth/pack_metadata.json b/Packs/FeedCyrenThreatInDepth/pack_metadata.json index ce755e00b2f8..172652047c43 100644 --- a/Packs/FeedCyrenThreatInDepth/pack_metadata.json +++ b/Packs/FeedCyrenThreatInDepth/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cyren Threat InDepth Threat Intelligence", "description": "Threat InDepth's actionable and contextualized intelligence helps enterprises improve their threat detection and response by providing unprecedented visibility into new email-borne security threats faster than other security vendors.", "support": "community", - "currentVersion": "1.5.24", + "currentVersion": "1.5.25", "author": "Cyren", "url": "", "email": "", diff --git a/Packs/FeedTalos/Integrations/FeedTalos/FeedTalos.yml b/Packs/FeedTalos/Integrations/FeedTalos/FeedTalos.yml index e222cd3e0f30..4c7bcfc7c21d 100644 --- a/Packs/FeedTalos/Integrations/FeedTalos/FeedTalos.yml +++ b/Packs/FeedTalos/Integrations/FeedTalos/FeedTalos.yml @@ -8,7 +8,7 @@ description: Use the Talos Feed integration to get indicators from the feed. configuration: - display: Fetch indicators name: feed - defaultvalue: "true" + defaultvalue: 'true' type: 8 required: false - display: Talos Endpoint URL @@ -50,7 +50,7 @@ configuration: - WHITE type: 15 required: false -- display: "" +- display: '' name: feedExpirationPolicy defaultvalue: suddenDeath type: 17 @@ -60,14 +60,14 @@ configuration: - indicatorType - suddenDeath required: false -- display: "" +- display: '' name: feedExpirationInterval - defaultvalue: "20160" + defaultvalue: '20160' type: 1 required: false - display: Feed Fetch Interval name: feedFetchInterval - defaultvalue: "30" + defaultvalue: '30' type: 19 required: false - display: Tags @@ -77,7 +77,7 @@ configuration: required: false - display: Bypass exclusion list name: feedBypassExclusionList - defaultvalue: "true" + defaultvalue: 'true' type: 8 additionalinfo: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system. required: false @@ -97,9 +97,9 @@ script: arguments: - name: limit description: The maximum number of results to return. The default value is 10. - defaultValue: "10" + defaultValue: '10' description: Gets indicators from the feed. - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 feed: true subtype: python3 fromversion: 5.5.0 diff --git a/Packs/FeedTalos/ReleaseNotes/1_0_7.md b/Packs/FeedTalos/ReleaseNotes/1_0_7.md new file mode 100644 index 000000000000..c4a5986564c2 --- /dev/null +++ b/Packs/FeedTalos/ReleaseNotes/1_0_7.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Talos Feed + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/FeedTalos/pack_metadata.json b/Packs/FeedTalos/pack_metadata.json index 3cfb59c2b32d..dd9f611affcf 100644 --- a/Packs/FeedTalos/pack_metadata.json +++ b/Packs/FeedTalos/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Talos Feed", "description": "Talos Threat Intelligence IPv4 Feed", "support": "community", - "currentVersion": "1.0.6", + "currentVersion": "1.0.7", "author": "Guillermo Serrano", "url": "", "email": "", diff --git a/Packs/FortiAuthenticator/Integrations/FortiAuthenticator/FortiAuthenticator.yml b/Packs/FortiAuthenticator/Integrations/FortiAuthenticator/FortiAuthenticator.yml index 177b7afdee01..f9effe1e549f 100644 --- a/Packs/FortiAuthenticator/Integrations/FortiAuthenticator/FortiAuthenticator.yml +++ b/Packs/FortiAuthenticator/Integrations/FortiAuthenticator/FortiAuthenticator.yml @@ -46,7 +46,7 @@ script: - arguments: - auto: PREDEFINED defaultValue: 'true' - description: "Define user's active status: false = Disabled, true = enabled" + description: 'Define user''s active status: false = Disabled, true = enabled' name: active predefined: - 'true' @@ -66,7 +66,7 @@ script: description: The username that is defined in the User Information on FortiAuthenticator. name: fortiauthenticator-update-user description: Update the active status for specific user by email - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '' subtype: python3 diff --git a/Packs/FortiAuthenticator/ReleaseNotes/1_0_7.md b/Packs/FortiAuthenticator/ReleaseNotes/1_0_7.md new file mode 100644 index 000000000000..09fc96e31eed --- /dev/null +++ b/Packs/FortiAuthenticator/ReleaseNotes/1_0_7.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### FortiAuthenticator + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/FortiAuthenticator/pack_metadata.json b/Packs/FortiAuthenticator/pack_metadata.json index e932b65219fd..3b587bacdb36 100644 --- a/Packs/FortiAuthenticator/pack_metadata.json +++ b/Packs/FortiAuthenticator/pack_metadata.json @@ -2,7 +2,7 @@ "name": "FortiAuthenticator", "description": "Manage user configuration on FortiAuthenticator.", "support": "community", - "currentVersion": "1.0.6", + "currentVersion": "1.0.7", "author": "Jason Lo", "url": "", "email": "", diff --git a/Packs/FullHunt/Integrations/FullHunt/FullHunt.yml b/Packs/FullHunt/Integrations/FullHunt/FullHunt.yml index 57c2178ba976..52766a51d8d3 100644 --- a/Packs/FullHunt/Integrations/FullHunt/FullHunt.yml +++ b/Packs/FullHunt/Integrations/FullHunt/FullHunt.yml @@ -9,7 +9,7 @@ configuration: required: true section: Connect type: 0 -- display: "" +- display: '' displaypassword: API Key hiddenusername: true name: credentials @@ -23,7 +23,7 @@ configuration: type: 8 required: false - advanced: true - defaultvalue: "false" + defaultvalue: 'false' display: Use system proxy settings name: proxy section: Connect @@ -258,7 +258,7 @@ script: - contextPath: FullHunt.Subdomain.status description: HTTP status code type: number - dockerimage: demisto/python3:3.10.12.65389 + dockerimage: demisto/python3:3.10.14.100715 script: '' subtype: python3 type: python diff --git a/Packs/FullHunt/ReleaseNotes/1_0_4.md b/Packs/FullHunt/ReleaseNotes/1_0_4.md new file mode 100644 index 000000000000..53a939521777 --- /dev/null +++ b/Packs/FullHunt/ReleaseNotes/1_0_4.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### FullHunt + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/FullHunt/pack_metadata.json b/Packs/FullHunt/pack_metadata.json index f501a18372ac..13d73fb2a210 100644 --- a/Packs/FullHunt/pack_metadata.json +++ b/Packs/FullHunt/pack_metadata.json @@ -2,7 +2,7 @@ "name": "FullHunt", "description": "Integration with FullHunt, the attack surface database of the internet.\nFullHunt enables companies to discover all of their attack surfaces, monitor them for exposure, and continuously scan them for the latest security vulnerabilities.", "support": "community", - "currentVersion": "1.0.3", + "currentVersion": "1.0.4", "author": "@sam0x90", "url": "https://fullhunt.io/", "email": "", diff --git a/Packs/GigamonThreatINSIGHT/Integrations/GigamonThreatINSIGHT/GigamonThreatINSIGHT.yml b/Packs/GigamonThreatINSIGHT/Integrations/GigamonThreatINSIGHT/GigamonThreatINSIGHT.yml index 23c462539e61..2b7157fed0a4 100644 --- a/Packs/GigamonThreatINSIGHT/Integrations/GigamonThreatINSIGHT/GigamonThreatINSIGHT.yml +++ b/Packs/GigamonThreatINSIGHT/Integrations/GigamonThreatINSIGHT/GigamonThreatINSIGHT.yml @@ -318,13 +318,13 @@ script: - name: insight-get-telemetry-network arguments: - name: account_code - description: 'Account code to filter by.' + description: Account code to filter by. - name: interval auto: PREDEFINED predefined: - day - month_to_day - description: 'The interval to filter by (day, month_to_day).' + description: The interval to filter by (day, month_to_day). - name: latest_each_month description: "latest_each_month\tNo\tNo\tFilters out all but the latest day and month_to_date for each month." - name: sort_order @@ -332,16 +332,16 @@ script: predefined: - asc - desc - description: 'Sorts by account code first, then timestamp. asc or desc. The default is desc.' + description: Sorts by account code first, then timestamp. asc or desc. The default is desc. - name: limit description: 'The maximum number of records to return, default: 100, max: 1000.' defaultValue: '1000' - name: offset description: 'The number of records to skip past. Default: 0.' - name: start_date - description: 'Start date to filter by.' + description: Start date to filter by. - name: end_date - description: 'End date to filter by.' + description: End date to filter by. outputs: - contextPath: Insight.Telemetry.NetworkUsage.account_code description: The account code for the network usage. @@ -531,7 +531,7 @@ script: - status - device_ip - indicator_count - description: 'Field to sort by (first_seen, last_seen, status, device_ip, indicator_count).' + description: Field to sort by (first_seen, last_seen, status, device_ip, indicator_count). - name: sort_order auto: PREDEFINED predefined: @@ -891,8 +891,7 @@ script: - x509:san_ip.ip description: List of event fields to check for impacted devices description: Create a new detection rule. - - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 isfetch: true subtype: python3 fromversion: 6.5.0 diff --git a/Packs/GigamonThreatINSIGHT/ReleaseNotes/1_0_4.md b/Packs/GigamonThreatINSIGHT/ReleaseNotes/1_0_4.md new file mode 100644 index 000000000000..6b124fb621fb --- /dev/null +++ b/Packs/GigamonThreatINSIGHT/ReleaseNotes/1_0_4.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Gigamon ThreatINSIGHT + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/GigamonThreatINSIGHT/pack_metadata.json b/Packs/GigamonThreatINSIGHT/pack_metadata.json index 95828083ed7b..2015eb6026ba 100644 --- a/Packs/GigamonThreatINSIGHT/pack_metadata.json +++ b/Packs/GigamonThreatINSIGHT/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Gigamon ThreatINSIGHT", "description": "Gigamon ThreatINSIGHT allows a fast detection and effective response to active threats.", "support": "community", - "currentVersion": "1.0.3", + "currentVersion": "1.0.4", "author": "Gigamon", "url": "https://www.gigamon.com/products/detect-respond/gigamon-threatinsight.html", "email": "apps@gigamon.com", diff --git a/Packs/GoogleDorking/Integrations/GoogleDorking/GoogleDorking.yml b/Packs/GoogleDorking/Integrations/GoogleDorking/GoogleDorking.yml index 6faf49b01e5b..97dcdea21237 100644 --- a/Packs/GoogleDorking/Integrations/GoogleDorking/GoogleDorking.yml +++ b/Packs/GoogleDorking/Integrations/GoogleDorking/GoogleDorking.yml @@ -76,7 +76,7 @@ configuration: required: false - display: Maximum number of incidents per fetch name: max_fetch - defaultvalue: "100" + defaultvalue: '100' type: 0 required: false - display: First fetch time @@ -93,7 +93,7 @@ configuration: required: false - display: Incidents Fetch Interval name: incidentFetchInterval - defaultvalue: "60" + defaultvalue: '60' type: 19 required: false script: @@ -153,7 +153,7 @@ script: - name: urls description: Provide a single or comma separated list of sites from which to perform the search on. description: Use the google search engine to search a query. - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 isfetch: true subtype: python3 fromversion: 6.2.0 diff --git a/Packs/GoogleDorking/ReleaseNotes/1_0_4.md b/Packs/GoogleDorking/ReleaseNotes/1_0_4.md new file mode 100644 index 000000000000..8cbf8bf4643f --- /dev/null +++ b/Packs/GoogleDorking/ReleaseNotes/1_0_4.md @@ -0,0 +1,12 @@ + +#### Integrations + +##### Google Dorking + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. + +#### Scripts + +##### ExtractUsernames + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/GoogleDorking/Scripts/ExtractUsernames/ExtractUsernames.yml b/Packs/GoogleDorking/Scripts/ExtractUsernames/ExtractUsernames.yml index 89a43f210cd1..73b5d8810e32 100644 --- a/Packs/GoogleDorking/Scripts/ExtractUsernames/ExtractUsernames.yml +++ b/Packs/GoogleDorking/Scripts/ExtractUsernames/ExtractUsernames.yml @@ -20,7 +20,7 @@ outputs: type: string scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 6.2.0 tests: diff --git a/Packs/GoogleDorking/pack_metadata.json b/Packs/GoogleDorking/pack_metadata.json index 26dd81f94ef2..9a29cda31ad6 100644 --- a/Packs/GoogleDorking/pack_metadata.json +++ b/Packs/GoogleDorking/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Google Dorking", "description": "Automate the process of google dorking searches in order to detect leaked data.", "support": "community", - "currentVersion": "1.0.3", + "currentVersion": "1.0.4", "author": "David Baumstien", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Graylog/Integrations/Graylog/Graylog.yml b/Packs/Graylog/Integrations/Graylog/Graylog.yml index f1ebb00c3764..326e436fb838 100644 --- a/Packs/Graylog/Integrations/Graylog/Graylog.yml +++ b/Packs/Graylog/Integrations/Graylog/Graylog.yml @@ -102,10 +102,10 @@ script: description: Query (Lucene syntax) - name: range description: Relative timeframe to search in. Default 300s - defaultValue: "300" + defaultValue: '300' - name: limit description: Maximum number of messages to return. Default 20 - defaultValue: "20" + defaultValue: '20' - name: offset description: offset (integer) - name: filter @@ -117,8 +117,8 @@ script: - name: decorate auto: PREDEFINED predefined: - - "true" - - "false" + - 'true' + - 'false' description: Run decorators on search result (default True) outputs: - contextPath: Graylog.Search @@ -143,7 +143,7 @@ script: description: how many per page (integer) - name: timerange description: Relative timerange to search in seconds - defaultValue: "300" + defaultValue: '300' - name: sort_by description: how to sort outputs: @@ -164,7 +164,7 @@ script: description: Search for messages using an absolute timerange, specified as from/to with format yyyy-MM-ddTHH:mm:ss.SSSZ (e.g. 2014-01-23T15:34:49.000Z) or yyyy-MM-dd HH:mm:ss. - name: limit description: Maximum number of messages to return. - defaultValue: "20" + defaultValue: '20' - name: offset description: Offset - name: filter @@ -180,15 +180,15 @@ script: - name: decorate auto: PREDEFINED predefined: - - "true" - - "false" + - 'true' + - 'false' description: Run decorators on search result outputs: - contextPath: Graylog.SearchAbsolute description: Search results of Absolute search type: String description: Search with absolute times - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 isfetch: true subtype: python3 fromversion: 5.0.0 diff --git a/Packs/Graylog/ReleaseNotes/1_0_7.md b/Packs/Graylog/ReleaseNotes/1_0_7.md new file mode 100644 index 000000000000..68358050f104 --- /dev/null +++ b/Packs/Graylog/ReleaseNotes/1_0_7.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Graylog + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/Graylog/pack_metadata.json b/Packs/Graylog/pack_metadata.json index 8517f741a70a..eb3a563ff158 100644 --- a/Packs/Graylog/pack_metadata.json +++ b/Packs/Graylog/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Graylog", "description": "Integration with Graylog", "support": "community", - "currentVersion": "1.0.6", + "currentVersion": "1.0.7", "author": "Harri Ruuttila", "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions", "email": "", diff --git a/Packs/HealthCheck/ReleaseNotes/2_1_1.md b/Packs/HealthCheck/ReleaseNotes/2_1_1.md new file mode 100644 index 000000000000..57857bcc8127 --- /dev/null +++ b/Packs/HealthCheck/ReleaseNotes/2_1_1.md @@ -0,0 +1,54 @@ + +#### Scripts + +##### HealthCheckReadConf + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### HealthCheckReadTemeletryLog + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### HealthCheckNumberOfPartitions + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### HealthCheckUnpack + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### HealthCheckPanicLog + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### HealthCheckNumberOfLargeIncidents + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### HealthCheckServerLog + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### HealthCheckNumberOfLargeIOIncidents + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### HealthCheckGetLargestInputsAndOutputsInIncidents + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### HealthCheckOutdatedPacks + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### HealthCheckNumberOfEngines + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### HealthCheckFileSystem + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### HealthCheckDockerLog + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### HealthCheckReadVC + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### HealthCheckLicenseData + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### HealthCheckExportSummary + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### HealthCheckPacksInstalled + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/HealthCheck/Scripts/HealthCheckDockerLog/HealthCheckDockerLog.yml b/Packs/HealthCheck/Scripts/HealthCheckDockerLog/HealthCheckDockerLog.yml index 311937e059d8..1e00a20ac1e7 100644 --- a/Packs/HealthCheck/Scripts/HealthCheckDockerLog/HealthCheckDockerLog.yml +++ b/Packs/HealthCheck/Scripts/HealthCheckDockerLog/HealthCheckDockerLog.yml @@ -7,7 +7,7 @@ comment: Read docker log file commonfields: id: HealthCheckDockerLog version: -1 -dockerimage: demisto/python3:3.10.4.29342 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: HealthCheckDockerLog runas: DBotWeakRole diff --git a/Packs/HealthCheck/Scripts/HealthCheckExportSummary/HealthCheckExportSummary.yml b/Packs/HealthCheck/Scripts/HealthCheckExportSummary/HealthCheckExportSummary.yml index 5a471133afb5..b7811b00d5e6 100644 --- a/Packs/HealthCheck/Scripts/HealthCheckExportSummary/HealthCheckExportSummary.yml +++ b/Packs/HealthCheck/Scripts/HealthCheckExportSummary/HealthCheckExportSummary.yml @@ -2,7 +2,7 @@ comment: Export all Incident, Context and Widget data into Json format output. commonfields: id: HealthCheckExportSummary version: -1 -dockerimage: demisto/python3:3.10.4.29342 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: HealthCheckExportSummary runas: DBotWeakRole diff --git a/Packs/HealthCheck/Scripts/HealthCheckFileSystem/HealthCheckFileSystem.yml b/Packs/HealthCheck/Scripts/HealthCheckFileSystem/HealthCheckFileSystem.yml index 83902aabcfb1..6c9a3878d6ff 100644 --- a/Packs/HealthCheck/Scripts/HealthCheckFileSystem/HealthCheckFileSystem.yml +++ b/Packs/HealthCheck/Scripts/HealthCheckFileSystem/HealthCheckFileSystem.yml @@ -10,7 +10,7 @@ comment: read and parse filesystem.log commonfields: id: HealthCheckFileSystem version: -1 -dockerimage: demisto/python3:3.10.4.29342 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: HealthCheckFileSystem runas: DBotWeakRole diff --git a/Packs/HealthCheck/Scripts/HealthCheckGetLargestInputsAndOutputsInIncidents/HealthCheckGetLargestInputsAndOutputsInIncidents.yml b/Packs/HealthCheck/Scripts/HealthCheckGetLargestInputsAndOutputsInIncidents/HealthCheckGetLargestInputsAndOutputsInIncidents.yml index 309a57c4a17a..f66709b073d3 100644 --- a/Packs/HealthCheck/Scripts/HealthCheckGetLargestInputsAndOutputsInIncidents/HealthCheckGetLargestInputsAndOutputsInIncidents.yml +++ b/Packs/HealthCheck/Scripts/HealthCheckGetLargestInputsAndOutputsInIncidents/HealthCheckGetLargestInputsAndOutputsInIncidents.yml @@ -12,7 +12,7 @@ comment: Returns inputs and outputs larger than 1 MB from all Cortex XSOAR inves commonfields: id: HealthCheckGetLargestInputsAndOutputsInIncidents version: -1 -dockerimage: demisto/python3:3.10.4.29342 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: HealthCheckGetLargestInputsAndOutputsInIncidents runas: DBotWeakRole diff --git a/Packs/HealthCheck/Scripts/HealthCheckLicenseData/HealthCheckLicenseData.yml b/Packs/HealthCheck/Scripts/HealthCheckLicenseData/HealthCheckLicenseData.yml index 3cdad394c618..46bb59f72c16 100644 --- a/Packs/HealthCheck/Scripts/HealthCheckLicenseData/HealthCheckLicenseData.yml +++ b/Packs/HealthCheck/Scripts/HealthCheckLicenseData/HealthCheckLicenseData.yml @@ -7,7 +7,7 @@ comment: Read the license_data.log file extracted from the log bundle commonfields: id: HealthCheckLicenseData version: -1 -dockerimage: demisto/python3:3.10.8.37753 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: HealthCheckLicenseData outputs: diff --git a/Packs/HealthCheck/Scripts/HealthCheckNumberOfEngines/HealthCheckNumberOfEngines.yml b/Packs/HealthCheck/Scripts/HealthCheckNumberOfEngines/HealthCheckNumberOfEngines.yml index c43078f4cb2b..701a433d4cbf 100644 --- a/Packs/HealthCheck/Scripts/HealthCheckNumberOfEngines/HealthCheckNumberOfEngines.yml +++ b/Packs/HealthCheck/Scripts/HealthCheckNumberOfEngines/HealthCheckNumberOfEngines.yml @@ -2,7 +2,7 @@ comment: Presenting Number of engines commonfields: id: HealthCheckNumberOfEngines version: -1 -dockerimage: demisto/python3:3.10.4.29342 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: HealthCheckNumberOfEngines runas: DBotWeakRole diff --git a/Packs/HealthCheck/Scripts/HealthCheckNumberOfLargeIOIncidents/HealthCheckNumberOfLargeIOIncidents.yml b/Packs/HealthCheck/Scripts/HealthCheckNumberOfLargeIOIncidents/HealthCheckNumberOfLargeIOIncidents.yml index 130fa5a33d8a..595d1a63e082 100644 --- a/Packs/HealthCheck/Scripts/HealthCheckNumberOfLargeIOIncidents/HealthCheckNumberOfLargeIOIncidents.yml +++ b/Packs/HealthCheck/Scripts/HealthCheckNumberOfLargeIOIncidents/HealthCheckNumberOfLargeIOIncidents.yml @@ -2,7 +2,7 @@ comment: Widget Script to present the number of incidents with large input and o commonfields: id: HealthCheckNumberOfLargeIOIncidents version: -1 -dockerimage: demisto/python3:3.10.11.58677 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: HealthCheckNumberOfLargeIOIncidents runas: DBotWeakRole diff --git a/Packs/HealthCheck/Scripts/HealthCheckNumberOfLargeIncidents/HealthCheckNumberOfLargeIncidents.yml b/Packs/HealthCheck/Scripts/HealthCheckNumberOfLargeIncidents/HealthCheckNumberOfLargeIncidents.yml index e054c83b8a95..de22908a6ac0 100644 --- a/Packs/HealthCheck/Scripts/HealthCheckNumberOfLargeIncidents/HealthCheckNumberOfLargeIncidents.yml +++ b/Packs/HealthCheck/Scripts/HealthCheckNumberOfLargeIncidents/HealthCheckNumberOfLargeIncidents.yml @@ -2,7 +2,7 @@ comment: Widget Script to present the number of large incidents commonfields: id: HealthCheckNumberOfLargeIncidents version: -1 -dockerimage: demisto/python3:3.10.11.58677 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: HealthCheckNumberOfLargeIncidents runas: DBotWeakRole diff --git a/Packs/HealthCheck/Scripts/HealthCheckNumberOfPartitions/HealthCheckNumberOfPartitions.yml b/Packs/HealthCheck/Scripts/HealthCheckNumberOfPartitions/HealthCheckNumberOfPartitions.yml index 2b0465068c85..65a7f222a41e 100644 --- a/Packs/HealthCheck/Scripts/HealthCheckNumberOfPartitions/HealthCheckNumberOfPartitions.yml +++ b/Packs/HealthCheck/Scripts/HealthCheckNumberOfPartitions/HealthCheckNumberOfPartitions.yml @@ -2,7 +2,7 @@ comment: Widget Script to present the number of BoltDB partitions commonfields: id: HealthCheckNumberOfPartitions version: -1 -dockerimage: demisto/python3:3.10.4.29342 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: HealthCheckNumberOfPartitions runas: DBotWeakRole diff --git a/Packs/HealthCheck/Scripts/HealthCheckOutdatedPacks/HealthCheckOutdatedPacks.yml b/Packs/HealthCheck/Scripts/HealthCheckOutdatedPacks/HealthCheckOutdatedPacks.yml index f31871cce929..afea158dacb3 100644 --- a/Packs/HealthCheck/Scripts/HealthCheckOutdatedPacks/HealthCheckOutdatedPacks.yml +++ b/Packs/HealthCheck/Scripts/HealthCheckOutdatedPacks/HealthCheckOutdatedPacks.yml @@ -2,7 +2,7 @@ comment: Presenting Outdated Packs commonfields: id: HealthCheckOutdatedPacks version: -1 -dockerimage: demisto/python3:3.10.4.29342 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: HealthCheckOutdatedPacks runas: DBotWeakRole diff --git a/Packs/HealthCheck/Scripts/HealthCheckPacksInstalled/HealthCheckPacksInstalled.yml b/Packs/HealthCheck/Scripts/HealthCheckPacksInstalled/HealthCheckPacksInstalled.yml index 4ddfc7ce4c46..aa102641f4a7 100644 --- a/Packs/HealthCheck/Scripts/HealthCheckPacksInstalled/HealthCheckPacksInstalled.yml +++ b/Packs/HealthCheck/Scripts/HealthCheckPacksInstalled/HealthCheckPacksInstalled.yml @@ -2,7 +2,7 @@ comment: Presenting numbers of packs installed commonfields: id: HealthCheckPacksInstalled version: -1 -dockerimage: demisto/python3:3.10.4.29342 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: HealthCheckPacksInstalled runas: DBotWeakRole diff --git a/Packs/HealthCheck/Scripts/HealthCheckPanicLog/HealthCheckPanicLog.yml b/Packs/HealthCheck/Scripts/HealthCheckPanicLog/HealthCheckPanicLog.yml index 825b51210576..2d3051b429df 100644 --- a/Packs/HealthCheck/Scripts/HealthCheckPanicLog/HealthCheckPanicLog.yml +++ b/Packs/HealthCheck/Scripts/HealthCheckPanicLog/HealthCheckPanicLog.yml @@ -6,7 +6,7 @@ comment: Read panic log file line by line and display warnings, fatal errors and commonfields: id: HealthCheckPanicLog version: -1 -dockerimage: demisto/python3:3.10.8.37753 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: HealthCheckPanicLog runas: DBotWeakRole diff --git a/Packs/HealthCheck/Scripts/HealthCheckReadConf/HealthCheckReadConf.yml b/Packs/HealthCheck/Scripts/HealthCheckReadConf/HealthCheckReadConf.yml index 97f7214027ea..22d6dcfcf94a 100644 --- a/Packs/HealthCheck/Scripts/HealthCheckReadConf/HealthCheckReadConf.yml +++ b/Packs/HealthCheck/Scripts/HealthCheckReadConf/HealthCheckReadConf.yml @@ -7,7 +7,7 @@ comment: Read the license_data.log file extracted from the log bundle commonfields: id: HealthCheckReadConf version: -1 -dockerimage: demisto/python3:3.10.4.29342 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: HealthCheckReadConf outputs: diff --git a/Packs/HealthCheck/Scripts/HealthCheckReadTemeletryLog/HealthCheckReadTemeletryLog.yml b/Packs/HealthCheck/Scripts/HealthCheckReadTemeletryLog/HealthCheckReadTemeletryLog.yml index 998976dee14c..4a151d9edbd8 100644 --- a/Packs/HealthCheck/Scripts/HealthCheckReadTemeletryLog/HealthCheckReadTemeletryLog.yml +++ b/Packs/HealthCheck/Scripts/HealthCheckReadTemeletryLog/HealthCheckReadTemeletryLog.yml @@ -5,7 +5,7 @@ comment: Read Telemtry log commonfields: id: HealthCheckReadTemeletryLog version: -1 -dockerimage: demisto/python3:3.10.4.29342 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: HealthCheckReadTemeletryLog runas: DBotWeakRole diff --git a/Packs/HealthCheck/Scripts/HealthCheckReadVC/HealthCheckReadVC.yml b/Packs/HealthCheck/Scripts/HealthCheckReadVC/HealthCheckReadVC.yml index 16a23ee05948..0401c3d837c3 100644 --- a/Packs/HealthCheck/Scripts/HealthCheckReadVC/HealthCheckReadVC.yml +++ b/Packs/HealthCheck/Scripts/HealthCheckReadVC/HealthCheckReadVC.yml @@ -7,7 +7,7 @@ comment: Read the version_control.log file extracted from the log bundle commonfields: id: HealthCheckReadVC version: -1 -dockerimage: demisto/python3:3.10.4.29342 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: HealthCheckReadVC outputs: diff --git a/Packs/HealthCheck/Scripts/HealthCheckServerLog/HealthCheckServerLog.yml b/Packs/HealthCheck/Scripts/HealthCheckServerLog/HealthCheckServerLog.yml index cf6036506f0f..e3c20e021424 100644 --- a/Packs/HealthCheck/Scripts/HealthCheckServerLog/HealthCheckServerLog.yml +++ b/Packs/HealthCheck/Scripts/HealthCheckServerLog/HealthCheckServerLog.yml @@ -6,7 +6,7 @@ comment: Read server log file line by line and display warnings, fatal errors an commonfields: id: HealthCheckServerLog version: -1 -dockerimage: demisto/python3:3.10.9.46032 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: HealthCheckServerLog runas: DBotWeakRole diff --git a/Packs/HealthCheck/Scripts/HealthCheckUnpack/HealthCheckUnpack.yml b/Packs/HealthCheck/Scripts/HealthCheckUnpack/HealthCheckUnpack.yml index 2b31c62d55d2..0dcd70b29513 100644 --- a/Packs/HealthCheck/Scripts/HealthCheckUnpack/HealthCheckUnpack.yml +++ b/Packs/HealthCheck/Scripts/HealthCheckUnpack/HealthCheckUnpack.yml @@ -6,13 +6,13 @@ comment: "Extract files from log bundle - supports tar.gz & tar \n\nhandle unsup commonfields: id: HealthCheckUnpack version: -1 -dockerimage: demisto/python3:3.10.4.29342 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: HealthCheckUnpack outputs: -- contextPath: "no" +- contextPath: 'no' description: file type is not supported. -- contextPath: "yes" +- contextPath: 'yes' description: file type is supported. runas: DBotWeakRole script: '' diff --git a/Packs/HealthCheck/pack_metadata.json b/Packs/HealthCheck/pack_metadata.json index 7d1ca2bf278a..bebe023e51f6 100644 --- a/Packs/HealthCheck/pack_metadata.json +++ b/Packs/HealthCheck/pack_metadata.json @@ -2,7 +2,7 @@ "name": "System Diagnostics and Health Check", "description": "CS Health Check", "support": "community", - "currentVersion": "2.1.0", + "currentVersion": "2.1.1", "author": "Cortex XSOAR Customer Success", "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions", "email": "", diff --git a/Packs/HelloWorld/Integrations/FeedHelloWorld/FeedHelloWorld.yml b/Packs/HelloWorld/Integrations/FeedHelloWorld/FeedHelloWorld.yml index 0865a4d0b9ec..252eb7033c24 100644 --- a/Packs/HelloWorld/Integrations/FeedHelloWorld/FeedHelloWorld.yml +++ b/Packs/HelloWorld/Integrations/FeedHelloWorld/FeedHelloWorld.yml @@ -100,13 +100,13 @@ script: name: limit description: Gets indicators from the feed. name: helloworld-get-indicators - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 feed: true runonce: false script: '-' subtype: python3 type: python fromversion: 5.5.0 -description: 'This is the Feed Hello World integration for getting started with your feed integration.' +description: This is the Feed Hello World integration for getting started with your feed integration. tests: - No tests (auto formatted) diff --git a/Packs/HelloWorld/ReleaseNotes/3_0_12.md b/Packs/HelloWorld/ReleaseNotes/3_0_12.md new file mode 100644 index 000000000000..2a8ba57fb28d --- /dev/null +++ b/Packs/HelloWorld/ReleaseNotes/3_0_12.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### HelloWorld Feed + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/HelloWorld/pack_metadata.json b/Packs/HelloWorld/pack_metadata.json index ac87dc25fb95..98bd86e8faff 100644 --- a/Packs/HelloWorld/pack_metadata.json +++ b/Packs/HelloWorld/pack_metadata.json @@ -2,7 +2,7 @@ "name": "HelloWorld", "description": "This is the Hello World integration for getting started.", "support": "community", - "currentVersion": "3.0.11", + "currentVersion": "3.0.12", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/IP-API/Integrations/IPAPI/IPAPI.yml b/Packs/IP-API/Integrations/IPAPI/IPAPI.yml index ebb3a0c5811d..539a02f0cef2 100644 --- a/Packs/IP-API/Integrations/IPAPI/IPAPI.yml +++ b/Packs/IP-API/Integrations/IPAPI/IPAPI.yml @@ -4,7 +4,7 @@ commonfields: version: -1 configuration: - additionalinfo: Use of HTTPS requires an API key - defaultvalue: "false" + defaultvalue: 'false' display: Use HTTPS to communicate with the API name: https type: 8 @@ -15,17 +15,17 @@ configuration: type: 4 required: false - additionalinfo: See https://members.ip-api.com/docs/json for details - defaultvalue: "536608767" + defaultvalue: '536608767' display: Fields to return name: fields required: true type: 0 -- defaultvalue: "false" +- defaultvalue: 'false' display: Use system proxy settings name: proxy type: 8 required: false -- defaultvalue: "false" +- defaultvalue: 'false' display: Trust any certificate (not secure) name: insecure type: 8 @@ -59,10 +59,12 @@ configuration: display: '' type: 1 required: false -description: | - This integration will enrich IP addresses from IP-API with data about the geolocation, as well as a determination of the IP address being associated with a mobile device, hosting or proxy. Revers DNS is also returned. +description: 'This integration will enrich IP addresses from IP-API with data about the geolocation, as well as a determination of the IP address being associated with a mobile device, hosting or proxy. Revers DNS is also returned. + This service is available for free (with a throttle) - or paid. + + ' display: IP-API name: IP-API script: @@ -172,8 +174,7 @@ script: - contextPath: DBotScore.Reliability description: Reliability of the source providing the intelligence data. type: String - - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '' subtype: python3 diff --git a/Packs/IP-API/ReleaseNotes/1_0_4.md b/Packs/IP-API/ReleaseNotes/1_0_4.md new file mode 100644 index 000000000000..bed9b32f5aba --- /dev/null +++ b/Packs/IP-API/ReleaseNotes/1_0_4.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### IP-API + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/IP-API/pack_metadata.json b/Packs/IP-API/pack_metadata.json index 6319915a8020..05866773c277 100644 --- a/Packs/IP-API/pack_metadata.json +++ b/Packs/IP-API/pack_metadata.json @@ -2,7 +2,7 @@ "name": "IP-API", "description": "Integrate with the IP-API.com IP enrichment service.", "support": "community", - "currentVersion": "1.0.3", + "currentVersion": "1.0.4", "author": "Michael Wareman", "url": "", "email": "", diff --git a/Packs/Ja3er/Integrations/Ja3er/Ja3er.yml b/Packs/Ja3er/Integrations/Ja3er/Ja3er.yml index 1d988fa76827..71044c670587 100644 --- a/Packs/Ja3er/Integrations/Ja3er/Ja3er.yml +++ b/Packs/Ja3er/Integrations/Ja3er/Ja3er.yml @@ -21,15 +21,15 @@ script: name: ja3-search outputs: - contextPath: JA3.Count - description: 'Number of times seen' + description: Number of times seen type: Number - contextPath: JA3.Last_seen - description: 'Last seen date' + description: Last seen date type: Date - contextPath: JA3.User-Agent - description: 'User-Agent' + description: User-Agent type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '' subtype: python3 diff --git a/Packs/Ja3er/ReleaseNotes/1_0_4.md b/Packs/Ja3er/ReleaseNotes/1_0_4.md new file mode 100644 index 000000000000..edc52a9467a9 --- /dev/null +++ b/Packs/Ja3er/ReleaseNotes/1_0_4.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Ja3er + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/Ja3er/pack_metadata.json b/Packs/Ja3er/pack_metadata.json index 6050b91cd5ae..7f77b7a69fca 100644 --- a/Packs/Ja3er/pack_metadata.json +++ b/Packs/Ja3er/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Ja3er", "description": "Query for hashes of JA3 fingerprints", "support": "community", - "currentVersion": "1.0.3", + "currentVersion": "1.0.4", "author": "Matt Houston", "url": "", "email": "", @@ -20,4 +20,4 @@ "xsoar", "marketplacev2" ] -} +} \ No newline at end of file diff --git a/Packs/Jira/Integrations/JiraV3/JiraV3.py b/Packs/Jira/Integrations/JiraV3/JiraV3.py index 8e85d96c5cf2..99f9f29660ff 100644 --- a/Packs/Jira/Integrations/JiraV3/JiraV3.py +++ b/Packs/Jira/Integrations/JiraV3/JiraV3.py @@ -3823,9 +3823,10 @@ def get_updated_remote_data(client: JiraBaseClient, issue: Dict[str, Any], updat if ( COMMENT_MIRRORED_FROM_XSOAR not in comment_body and incident_modified_date - and comment_updated_date > incident_modified_date + and comment_updated_date >= incident_modified_date ): - # We only want to add comments as a Note Entry if it is newer than the incident's modified date. + # We should only add comments as a Note Entry if the comment's modified date is the same as + # or newer than the incident's modified date. parsed_entries.append({ 'Type': EntryType.NOTE, 'Contents': f'{comment_body}\nJira Author: {comment_entry.get("UpdateUser")}', diff --git a/Packs/Jira/Integrations/JiraV3/JiraV3.yml b/Packs/Jira/Integrations/JiraV3/JiraV3.yml index c4648cdfaa64..a5e52a98685c 100644 --- a/Packs/Jira/Integrations/JiraV3/JiraV3.yml +++ b/Packs/Jira/Integrations/JiraV3/JiraV3.yml @@ -1480,7 +1480,7 @@ script: - description: Updates the remote incident with local incident changes. This method is only used for debugging purposes and will not update the current incident. name: update-remote-system arguments: [] - dockerimage: demisto/btfl-soup:1.0.1.91405 + dockerimage: demisto/btfl-soup:1.0.1.101506 isfetch: true ismappable: true isremotesyncin: true diff --git a/Packs/Jira/Integrations/JiraV3/JiraV3_test.py b/Packs/Jira/Integrations/JiraV3/JiraV3_test.py index 4f03ca90ef15..baaba79075b9 100644 --- a/Packs/Jira/Integrations/JiraV3/JiraV3_test.py +++ b/Packs/Jira/Integrations/JiraV3/JiraV3_test.py @@ -2025,7 +2025,7 @@ def test_get_comment_entries(self, mocker): {"Comment": "Comment 3", "Updated": "2023-05-01", "UpdatedUser": "User 3"}] expected_parsed_entries = [ {"Type": 1, "Contents": "Comment 3\nJira Author: None", - "ContentsFormat": "text", "Tags": ["comment from jira"], "Note": True} + "ContentsFormat": "text", "Tags": ["comment from jira"], "Note": True} ] assert updated_incident.get('extractedComments') == expected_extracted_attachments assert parsed_entries == expected_parsed_entries @@ -2082,7 +2082,7 @@ def test_get_remote_data_response_is_returned(self, mocker): close_reason = "Issue was marked as \"Resolved\", or status was changed to \"Done\"" expected_parsed_entries = [ {"Type": 1, "Contents": "Comment 3\nJira Author: None", - "ContentsFormat": "text", "Tags": ["comment from jira"], "Note": True}, + "ContentsFormat": "text", "Tags": ["comment from jira"], "Note": True}, {"File": "dummy_file_name", "FileID": "id1", "Tags": ["attachment from jira"]}, {"Type": 1, "Contents": {"dbotIncidentClose": True, "closeReason": close_reason}, "ContentsFormat": "json"} @@ -2094,6 +2094,35 @@ def test_get_remote_data_response_is_returned(self, mocker): fetch_comments=True, fetch_attachments=True) assert remote_data_response.entries == expected_parsed_entries + def test_get_remote_data_comment_updated_time_same_as_issue_updated_time(self, mocker): + """ + Given: + - A Jira client with an issue that has a comment with the same updated time as the issue updated time. + When + - When the mirror in mechanism is called, which calls the get-remote-data command. + Then + - Validate that the comment is returned, as it is considered as part of the issue update. + """ + from JiraV3 import get_remote_data_command + client = jira_base_client_mock() + issue_response = {'id': '1234', 'fields': {'summary': 'dummy summary', 'updated': '2023-01-01'}} + mocker.patch.object(client, 'get_issue', return_value=issue_response) + mocker.patch('JiraV3.get_user_timezone', return_value='Asia/Jerusalem') + + expected_parsed_entries = [ + {"Type": 1, "Contents": "Comment 3\nJira Author: None", + "ContentsFormat": "text", "Tags": [""], "Note": True} + ] + mocked_get_comments_entries = [{"Comment": "Comment 3", "Updated": "2023-01-01"}] + mocker.patch('JiraV3.get_comments_entries_for_fetched_incident', + return_value=mocked_get_comments_entries) + + remote_data_response = get_remote_data_command(client=client, args={'id': '1234', 'lastUpdate': '2023-01-01'}, + attachment_tag_from_jira='', + comment_tag_from_jira='', mirror_resolved_issue=True, + fetch_comments=True, fetch_attachments=True) + assert remote_data_response.entries == expected_parsed_entries + class TestJiraFetchIncidents: FETCH_INCIDENTS_QUERY_CASES = [ @@ -2632,8 +2661,8 @@ def test_update_issue_assignee_command(self, mocker, assignee, assignee_id, excp from JiraV3 import update_issue_assignee_command get_issue_response = util_load_json('test_data/get_issue_test/raw_response.json') args = { - 'assignee': assignee, # For Jira OnPrem - 'assignee_id': assignee_id, # For Jira Cloud + 'assignee': assignee, # For Jira OnPrem + 'assignee_id': assignee_id, # For Jira Cloud 'issue_id': 21487, } client: JiraBaseClient = jira_base_client_mock() @@ -2659,8 +2688,8 @@ def test_test_update_issue_assignee_command_no_assignees(self): from JiraV3 import update_issue_assignee_command args = { - 'assignee': None, # For Jira OnPrem - 'assignee_id': None, # For Jira Cloud + 'assignee': None, # For Jira OnPrem + 'assignee_id': None, # For Jira Cloud 'issue_id': 21487, } diff --git a/Packs/Jira/ReleaseNotes/3_2_1.md b/Packs/Jira/ReleaseNotes/3_2_1.md new file mode 100644 index 000000000000..2443c5650274 --- /dev/null +++ b/Packs/Jira/ReleaseNotes/3_2_1.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### Atlassian Jira v3 + +- Fixed an issue where mirroring new comments from Jira to XSOAR was not functioning correctly. +- Updated the Docker image to: *demisto/btfl-soup:1.0.1.101506*. diff --git a/Packs/Jira/pack_metadata.json b/Packs/Jira/pack_metadata.json index a9591d41df50..6e197a1cf068 100644 --- a/Packs/Jira/pack_metadata.json +++ b/Packs/Jira/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Atlassian Jira", "description": "Use the Jira integration to manage issues and create Cortex XSOAR incidents from Jira projects.", "support": "xsoar", - "currentVersion": "3.2.0", + "currentVersion": "3.2.1", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/LINENotify/Integrations/LINENotify/LINENotify.yml b/Packs/LINENotify/Integrations/LINENotify/LINENotify.yml index 919cc59b6835..05dd78b3c032 100644 --- a/Packs/LINENotify/Integrations/LINENotify/LINENotify.yml +++ b/Packs/LINENotify/Integrations/LINENotify/LINENotify.yml @@ -18,7 +18,7 @@ script: required: true description: Send message/notification to LINE Group name: line-send-message - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '-' subtype: python3 diff --git a/Packs/LINENotify/ReleaseNotes/1_0_4.md b/Packs/LINENotify/ReleaseNotes/1_0_4.md new file mode 100644 index 000000000000..517ad90bce9d --- /dev/null +++ b/Packs/LINENotify/ReleaseNotes/1_0_4.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### LINENotify + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/LINENotify/pack_metadata.json b/Packs/LINENotify/pack_metadata.json index 8f79fd7b8e3c..89f7b9f94072 100644 --- a/Packs/LINENotify/pack_metadata.json +++ b/Packs/LINENotify/pack_metadata.json @@ -2,7 +2,7 @@ "name": "LINENotify", "description": "LINE API Integration is used for sending a message to LINE Group.", "support": "community", - "currentVersion": "1.0.3", + "currentVersion": "1.0.4", "author": "nicholashsiao", "url": "", "email": "", diff --git a/Packs/MS-ISAC/Integrations/MSISAC/MSISAC.yml b/Packs/MS-ISAC/Integrations/MSISAC/MSISAC.yml index 82bb2693cde0..43266c6a0781 100644 --- a/Packs/MS-ISAC/Integrations/MSISAC/MSISAC.yml +++ b/Packs/MS-ISAC/Integrations/MSISAC/MSISAC.yml @@ -125,7 +125,7 @@ script: - contextPath: MSISAC.Event.Stream.event_type description: The type of event submitted from MS-ISAC - arguments: - - defaultValue: "1" + - defaultValue: '1' description: The number of days worth of events to return. Must be one or greater name: days required: true @@ -176,7 +176,7 @@ script: - contextPath: MSISAC.RetrievedEvents.severity description: The severity assigned to the MS-ISAC alert type: string - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '' subtype: python3 diff --git a/Packs/MS-ISAC/ReleaseNotes/1_0_2.md b/Packs/MS-ISAC/ReleaseNotes/1_0_2.md new file mode 100644 index 000000000000..72ed018d4105 --- /dev/null +++ b/Packs/MS-ISAC/ReleaseNotes/1_0_2.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### MS-ISAC + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/MS-ISAC/pack_metadata.json b/Packs/MS-ISAC/pack_metadata.json index 9838258db5a9..6a070a04f3f2 100644 --- a/Packs/MS-ISAC/pack_metadata.json +++ b/Packs/MS-ISAC/pack_metadata.json @@ -2,7 +2,7 @@ "name": "MS-ISAC", "description": "This content pack's purpose is to integrate with the MS-ISAC private API to fetch MS-ISAC events and alert details. ", "support": "community", - "currentVersion": "1.0.1", + "currentVersion": "1.0.2", "author": "North Dakota Information Technology Department", "url": "", "email": "", @@ -13,8 +13,7 @@ "tags": [], "useCases": [], "keywords": [], - "githubUser": [ - ], + "githubUser": [], "marketplaces": [ "xsoar", "marketplacev2" diff --git a/Packs/MicroFocusSMAX/Integrations/MicroFocusSMAX/MicroFocusSMAX.yml b/Packs/MicroFocusSMAX/Integrations/MicroFocusSMAX/MicroFocusSMAX.yml index 0d67ea88195e..459c11703d61 100644 --- a/Packs/MicroFocusSMAX/Integrations/MicroFocusSMAX/MicroFocusSMAX.yml +++ b/Packs/MicroFocusSMAX/Integrations/MicroFocusSMAX/MicroFocusSMAX.yml @@ -343,7 +343,7 @@ script: - contextPath: MicroFocus.SMAX.Entities.properties.completion_status description: Query result status type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 isfetch: true runonce: false script: '-' diff --git a/Packs/MicroFocusSMAX/ReleaseNotes/1_0_3.md b/Packs/MicroFocusSMAX/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..0d2021d8208f --- /dev/null +++ b/Packs/MicroFocusSMAX/ReleaseNotes/1_0_3.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### MicroFocus SMAX + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/MicroFocusSMAX/pack_metadata.json b/Packs/MicroFocusSMAX/pack_metadata.json index e76ca6853560..2ce867a6cda5 100644 --- a/Packs/MicroFocusSMAX/pack_metadata.json +++ b/Packs/MicroFocusSMAX/pack_metadata.json @@ -2,7 +2,7 @@ "name": "MicroFocus SMAX", "description": "You can use this pack to fetch SMAX incidents/requests and automate different sort of actions", "support": "community", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "Ayman Mahmoud", "url": "", "email": "amahmoud@paloaltonetworks.com", diff --git a/Packs/MicrosoftCloudAppSecurity/Integrations/MicrosoftDefenderEventCollector/MicrosoftDefenderEventCollector.py b/Packs/MicrosoftCloudAppSecurity/Integrations/MicrosoftDefenderEventCollector/MicrosoftDefenderEventCollector.py index 265a70ef58e2..d6e7fc85c7af 100644 --- a/Packs/MicrosoftCloudAppSecurity/Integrations/MicrosoftDefenderEventCollector/MicrosoftDefenderEventCollector.py +++ b/Packs/MicrosoftCloudAppSecurity/Integrations/MicrosoftDefenderEventCollector/MicrosoftDefenderEventCollector.py @@ -166,7 +166,7 @@ def _set_proxy(self): class IntegrationGetEvents(ABC): def __init__( - self, client: IntegrationEventsClient, options: IntegrationOptions, event_filters: list[EventFilter] + self, client: IntegrationEventsClient, options: IntegrationOptions, event_filters: list[EventFilter], base_url: AnyUrl ) -> None: self.client = client self.options = options @@ -174,20 +174,28 @@ def __init__( event_filter.name: event_filter.attributes for event_filter in event_filters } + self.base_url = base_url def run(self): - stored = [] - for logs in self._iter_events(): - stored.extend(logs) - if self.options.limit: - demisto.debug( - f'{self.options.limit=} reached. \ - slicing from {len(logs)=}. \ - limit must be presented ONLY in commands and not in fetch-events.' - ) - if len(stored) >= self.options.limit: - return stored[: self.options.limit] - return stored + final_stored_all_types = [] + # In this integration we need to do 3 API calls: + # - activities with filter to get the admin events + # - activities with different filter to get the login events + # - alerts with no filter + for event_type_name, endpoint_details in self.filter_name_to_attributes.items(): + stored_per_type = [] + for logs in self._iter_events(event_type_name, endpoint_details): + stored_per_type.extend(logs) + if self.options.limit: + demisto.debug( + f'{self.options.limit=} reached. \ + slicing from {len(logs)=}. \ + limit must be presented ONLY in commands and not in fetch-events.' + ) + if len(stored_per_type) >= self.options.limit: + final_stored_all_types.extend(stored_per_type[: self.options.limit]) + break + return final_stored_all_types def call(self) -> requests.Response: return self.client.call(self.client.request) @@ -201,7 +209,7 @@ def get_last_run(events: list) -> dict: return {'after': events[-1]['created']} @abstractmethod - def _iter_events(self): + def _iter_events(self, event_type_name: str, endpoint_details: dict): """Create iterators with Yield""" raise NotImplementedError @@ -289,28 +297,37 @@ def authenticate(self): class DefenderGetEvents(IntegrationGetEvents): client: DefenderClient - def _iter_events(self): + def _iter_events(self, event_type_name, endpoint_details): self.last_timestamp = {} - base_url = self.client.request.url + base_url = self.base_url self.client.authenticate() - # In this integration we need to do 3 API calls: - # - activities with filter to get the admin events - # - activities with different filter to get the login events - # - alerts with no filter - for event_type_name, endpoint_details in self.filter_name_to_attributes.items(): - self.client.request.params.pop('filters', None) - self.client.request.url = parse_obj_as(HttpUrl, f'{base_url}{endpoint_details["type"]}') + self.client.request.params.pop('filters', None) + self.client.request.url = parse_obj_as(HttpUrl, f'{base_url}{endpoint_details["type"]}') + + # get the filter for this type + filters = endpoint_details['filters'] + + after = demisto.getLastRun().get(event_type_name) or self.client.after + # add the time filter + if after: + filters['date'] = {'gte': after} # type: ignore + + self.client.request.params['filters'] = json.dumps(filters) + response = self.client.call(self.client.request).json() + events = response.get('data', []) + + # add new field with the event type + for event in events: + event['event_type_name'] = event_type_name - # get the filter for this type - filters = endpoint_details['filters'] + has_next = response.get('hasNext') - after = demisto.getLastRun().get(event_type_name) or self.client.after - # add the time filter - if after: - filters['date'] = {'gte': after} # type: ignore + yield events - self.client.request.params['filters'] = json.dumps(filters) + while has_next: + last = events.pop() + self.client.set_request_filter(last['timestamp']) response = self.client.call(self.client.request).json() events = response.get('data', []) @@ -322,20 +339,6 @@ def _iter_events(self): yield events - while has_next: - last = events.pop() - self.client.set_request_filter(last['timestamp']) - response = self.client.call(self.client.request).json() - events = response.get('data', []) - - # add new field with the event type - for event in events: - event['event_type_name'] = event_type_name - - has_next = response.get('hasNext') - - yield events - @staticmethod def get_last_run(events: list) -> dict: last_run = demisto.getLastRun() @@ -384,6 +387,7 @@ def module_test(get_events: DefenderGetEvents) -> str: try: get_events.client.request.params = {'limit': 1} + get_events.options.limit = 1 get_events.run() message = 'ok' except DemistoException as e: @@ -418,7 +422,7 @@ def main(command: str, demisto_params: dict): client = DefenderClient(request=request, options=options, authenticator=authenticator, after=after) - get_events = DefenderGetEvents(client=client, options=options, event_filters=event_filters) + get_events = DefenderGetEvents(client=client, base_url=request.url, options=options, event_filters=event_filters) if command == 'test-module': return_results(module_test(get_events=get_events)) diff --git a/Packs/MicrosoftCloudAppSecurity/ReleaseNotes/2_2_1.md b/Packs/MicrosoftCloudAppSecurity/ReleaseNotes/2_2_1.md new file mode 100644 index 000000000000..33a0fb8912a2 --- /dev/null +++ b/Packs/MicrosoftCloudAppSecurity/ReleaseNotes/2_2_1.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Microsoft Defender for Cloud Apps Event Collector + +Fixed an issue where the ***fetch-events*** command was fetching only one type of event despite selecting several types. \ No newline at end of file diff --git a/Packs/MicrosoftCloudAppSecurity/pack_metadata.json b/Packs/MicrosoftCloudAppSecurity/pack_metadata.json index 9ee01cd3f4bf..1f3a7417aa9e 100644 --- a/Packs/MicrosoftCloudAppSecurity/pack_metadata.json +++ b/Packs/MicrosoftCloudAppSecurity/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Microsoft Defender for Cloud Apps", "description": "Microsoft Cloud App Security Integration, a Cloud Access Security Broker that supports various deployment modes", "support": "xsoar", - "currentVersion": "2.2.0", + "currentVersion": "2.2.1", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/TestPlaybooks/playbook-Microsoft_Defender_Advanced_Threat_Protection-Test.yml b/Packs/MicrosoftDefenderAdvancedThreatProtection/TestPlaybooks/playbook-Microsoft_Defender_Advanced_Threat_Protection-Test.yml index 4453a24ee74b..c975e645ad19 100644 --- a/Packs/MicrosoftDefenderAdvancedThreatProtection/TestPlaybooks/playbook-Microsoft_Defender_Advanced_Threat_Protection-Test.yml +++ b/Packs/MicrosoftDefenderAdvancedThreatProtection/TestPlaybooks/playbook-Microsoft_Defender_Advanced_Threat_Protection-Test.yml @@ -1048,9 +1048,21 @@ tasks: - "48" scriptarguments: left: - simple: ${Endpoint.ID} + complex: + root: Endpoint + accessor: ID + transformers: + - operator: sort + args: + descending: {} right: - simple: ${MicrosoftATP.Machine.ID} + complex: + root: MicrosoftATP.Machine + accessor: ID + transformers: + - operator: sort + args: + descending: {} results: - AreValuesEqual separatecontext: false diff --git a/Packs/MicrosoftExchangeOnline/Integrations/EWSO365/EWSO365.py b/Packs/MicrosoftExchangeOnline/Integrations/EWSO365/EWSO365.py index 09131156bd99..d852a91c0a50 100644 --- a/Packs/MicrosoftExchangeOnline/Integrations/EWSO365/EWSO365.py +++ b/Packs/MicrosoftExchangeOnline/Integrations/EWSO365/EWSO365.py @@ -1096,7 +1096,7 @@ def fetch_attachments_for_message( entries.append( fileResult( get_attachment_name(attachment_name=attachment.name, eml_extension=True, - content_id=attachment.attachment.content_id, + content_id=attachment.content_id, attachment_id=attachment.attachment_id.id), attachment.item.mime_content, ) diff --git a/Packs/MicrosoftExchangeOnline/ReleaseNotes/1_3_18.md b/Packs/MicrosoftExchangeOnline/ReleaseNotes/1_3_18.md new file mode 100644 index 000000000000..b7764079338c --- /dev/null +++ b/Packs/MicrosoftExchangeOnline/ReleaseNotes/1_3_18.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### EWS O365 + +- Fixed an issue in the ews-get-attachments command where the itemAttachment did not have an attachment field. \ No newline at end of file diff --git a/Packs/MicrosoftExchangeOnline/pack_metadata.json b/Packs/MicrosoftExchangeOnline/pack_metadata.json index e02dcfa9554f..e6cfe3ae58ee 100644 --- a/Packs/MicrosoftExchangeOnline/pack_metadata.json +++ b/Packs/MicrosoftExchangeOnline/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Microsoft Exchange Online", "description": "Exchange Online and Office 365 (mail)", "support": "xsoar", - "currentVersion": "1.3.17", + "currentVersion": "1.3.18", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/MinervaLabsAntiEvasionPlatform/Integrations/MinervaLabsAntiEvasionPlatform/MinervaLabsAntiEvasionPlatform.yml b/Packs/MinervaLabsAntiEvasionPlatform/Integrations/MinervaLabsAntiEvasionPlatform/MinervaLabsAntiEvasionPlatform.yml index ac5f3d7fd0b6..087c16cd0fcf 100644 --- a/Packs/MinervaLabsAntiEvasionPlatform/Integrations/MinervaLabsAntiEvasionPlatform/MinervaLabsAntiEvasionPlatform.yml +++ b/Packs/MinervaLabsAntiEvasionPlatform/Integrations/MinervaLabsAntiEvasionPlatform/MinervaLabsAntiEvasionPlatform.yml @@ -8,12 +8,12 @@ description: Minerva eliminates the endpoint security gap while empowering compa configuration: - display: Minerva Management Console URL name: url - defaultvalue: "" + defaultvalue: '' type: 0 required: true - display: Username name: credentials - defaultvalue: "" + defaultvalue: '' type: 9 required: true - display: Trust any certificate (not secure) @@ -90,10 +90,10 @@ script: - name: isMonitorOnly auto: PREDEFINED predefined: - - "True" - - "False" + - 'True' + - 'False' description: isMonitorOnly - defaultValue: "False" + defaultValue: 'False' outputs: - contextPath: Minerva.Vaccine.Name description: Name of the mutex vaccination. @@ -314,7 +314,7 @@ script: description: Moves all the events from Archive state to New event state. isfetch: true runonce: false - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 tests: - No tests fromversion: 5.0.0 diff --git a/Packs/MinervaLabsAntiEvasionPlatform/ReleaseNotes/1_0_10.md b/Packs/MinervaLabsAntiEvasionPlatform/ReleaseNotes/1_0_10.md new file mode 100644 index 000000000000..46f587823906 --- /dev/null +++ b/Packs/MinervaLabsAntiEvasionPlatform/ReleaseNotes/1_0_10.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Minerva Labs Anti-Evasion Platform + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/MinervaLabsAntiEvasionPlatform/pack_metadata.json b/Packs/MinervaLabsAntiEvasionPlatform/pack_metadata.json index 0997322ad3fc..5d0d30bb4b7e 100644 --- a/Packs/MinervaLabsAntiEvasionPlatform/pack_metadata.json +++ b/Packs/MinervaLabsAntiEvasionPlatform/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Minerva Labs Anti-Evasion Platform", "description": "Minerva eliminates the endpoint security gap while empowering companies to embrace technology fearlessly.", "support": "community", - "currentVersion": "1.0.9", + "currentVersion": "1.0.10", "author": "Minerva Labs", "url": "https://minerva-labs.com/support", "email": "Support@minerva-labs.com", diff --git a/Packs/MitreCaldera/Integrations/MitreCaldera/MitreCaldera.yml b/Packs/MitreCaldera/Integrations/MitreCaldera/MitreCaldera.yml index 75af4808a379..a076d3fa82b5 100644 --- a/Packs/MitreCaldera/Integrations/MitreCaldera/MitreCaldera.yml +++ b/Packs/MitreCaldera/Integrations/MitreCaldera/MitreCaldera.yml @@ -32,7 +32,7 @@ script: script: '' type: python subtype: python3 - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 commands: - name: caldera-create-fact description: Create a Fact diff --git a/Packs/MitreCaldera/ReleaseNotes/1_0_5.md b/Packs/MitreCaldera/ReleaseNotes/1_0_5.md new file mode 100644 index 000000000000..0a3a44d9b078 --- /dev/null +++ b/Packs/MitreCaldera/ReleaseNotes/1_0_5.md @@ -0,0 +1,39 @@ + +#### Integrations + +##### MitreCaldera + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. + +#### Scripts + +##### CalderaStartOperation + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CalderaPopulateAgents + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CalderaPopulateObjectiveIDField + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CalderaGetOperationReport + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CalderaOperationPostProcessing + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CalderaReadOnlyFields + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CalderaPopulateAdversaryIDField + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CalderaPopulateSourceIDField + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CalderaPopulateEventLogs + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CalderaPopulatePlannerIDField + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/MitreCaldera/Scripts/CalderaGetOperationReport/CalderaGetOperationReport.yml b/Packs/MitreCaldera/Scripts/CalderaGetOperationReport/CalderaGetOperationReport.yml index ce5e59ef1059..809f540dc323 100644 --- a/Packs/MitreCaldera/Scripts/CalderaGetOperationReport/CalderaGetOperationReport.yml +++ b/Packs/MitreCaldera/Scripts/CalderaGetOperationReport/CalderaGetOperationReport.yml @@ -13,7 +13,7 @@ tags: enabled: true scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 6.2.0 tests: diff --git a/Packs/MitreCaldera/Scripts/CalderaOperationPostProcessing/CalderaOperationPostProcessing.yml b/Packs/MitreCaldera/Scripts/CalderaOperationPostProcessing/CalderaOperationPostProcessing.yml index 4bb0979315e5..abd7938eb24c 100644 --- a/Packs/MitreCaldera/Scripts/CalderaOperationPostProcessing/CalderaOperationPostProcessing.yml +++ b/Packs/MitreCaldera/Scripts/CalderaOperationPostProcessing/CalderaOperationPostProcessing.yml @@ -9,7 +9,7 @@ tags: enabled: true scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 6.2.0 comment: Post processing script for MITRE Caldera incidents. diff --git a/Packs/MitreCaldera/Scripts/CalderaPopulateAdversaryIDField/CalderaPopulateAdversaryIDField.yml b/Packs/MitreCaldera/Scripts/CalderaPopulateAdversaryIDField/CalderaPopulateAdversaryIDField.yml index b77ff8e9914c..3e30bc348670 100644 --- a/Packs/MitreCaldera/Scripts/CalderaPopulateAdversaryIDField/CalderaPopulateAdversaryIDField.yml +++ b/Packs/MitreCaldera/Scripts/CalderaPopulateAdversaryIDField/CalderaPopulateAdversaryIDField.yml @@ -13,7 +13,7 @@ tags: enabled: true scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 6.2.0 tests: diff --git a/Packs/MitreCaldera/Scripts/CalderaPopulateAgents/CalderaPopulateAgents.yml b/Packs/MitreCaldera/Scripts/CalderaPopulateAgents/CalderaPopulateAgents.yml index 7401c54a2e9e..8ecd915fd84f 100644 --- a/Packs/MitreCaldera/Scripts/CalderaPopulateAgents/CalderaPopulateAgents.yml +++ b/Packs/MitreCaldera/Scripts/CalderaPopulateAgents/CalderaPopulateAgents.yml @@ -13,7 +13,7 @@ tags: enabled: true scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 6.2.0 tests: diff --git a/Packs/MitreCaldera/Scripts/CalderaPopulateEventLogs/CalderaPopulateEventLogs.yml b/Packs/MitreCaldera/Scripts/CalderaPopulateEventLogs/CalderaPopulateEventLogs.yml index 53edce95ebf1..e91c86828f4d 100644 --- a/Packs/MitreCaldera/Scripts/CalderaPopulateEventLogs/CalderaPopulateEventLogs.yml +++ b/Packs/MitreCaldera/Scripts/CalderaPopulateEventLogs/CalderaPopulateEventLogs.yml @@ -13,7 +13,7 @@ tags: enabled: true scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 6.2.0 tests: diff --git a/Packs/MitreCaldera/Scripts/CalderaPopulateObjectiveIDField/CalderaPopulateObjectiveIDField.yml b/Packs/MitreCaldera/Scripts/CalderaPopulateObjectiveIDField/CalderaPopulateObjectiveIDField.yml index 2629a631f6a1..358f516994f1 100644 --- a/Packs/MitreCaldera/Scripts/CalderaPopulateObjectiveIDField/CalderaPopulateObjectiveIDField.yml +++ b/Packs/MitreCaldera/Scripts/CalderaPopulateObjectiveIDField/CalderaPopulateObjectiveIDField.yml @@ -13,7 +13,7 @@ tags: enabled: true scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 6.2.0 tests: diff --git a/Packs/MitreCaldera/Scripts/CalderaPopulatePlannerIDField/CalderaPopulatePlannerIDField.yml b/Packs/MitreCaldera/Scripts/CalderaPopulatePlannerIDField/CalderaPopulatePlannerIDField.yml index 39484230b113..ff01f3ae3364 100644 --- a/Packs/MitreCaldera/Scripts/CalderaPopulatePlannerIDField/CalderaPopulatePlannerIDField.yml +++ b/Packs/MitreCaldera/Scripts/CalderaPopulatePlannerIDField/CalderaPopulatePlannerIDField.yml @@ -13,7 +13,7 @@ tags: enabled: true scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 6.2.0 tests: diff --git a/Packs/MitreCaldera/Scripts/CalderaPopulateSourceIDField/CalderaPopulateSourceIDField.yml b/Packs/MitreCaldera/Scripts/CalderaPopulateSourceIDField/CalderaPopulateSourceIDField.yml index 796b3a1403da..bc52bc716e9f 100644 --- a/Packs/MitreCaldera/Scripts/CalderaPopulateSourceIDField/CalderaPopulateSourceIDField.yml +++ b/Packs/MitreCaldera/Scripts/CalderaPopulateSourceIDField/CalderaPopulateSourceIDField.yml @@ -13,7 +13,7 @@ tags: enabled: true scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 6.2.0 tests: diff --git a/Packs/MitreCaldera/Scripts/CalderaReadOnlyFields/CalderaReadOnlyFields.yml b/Packs/MitreCaldera/Scripts/CalderaReadOnlyFields/CalderaReadOnlyFields.yml index 20148e422776..c2a730081041 100644 --- a/Packs/MitreCaldera/Scripts/CalderaReadOnlyFields/CalderaReadOnlyFields.yml +++ b/Packs/MitreCaldera/Scripts/CalderaReadOnlyFields/CalderaReadOnlyFields.yml @@ -9,7 +9,7 @@ tags: enabled: true scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole comment: Prevents specific fields from being set manually. fromversion: 6.2.0 diff --git a/Packs/MitreCaldera/Scripts/CalderaStartOperation/CalderaStartOperation.yml b/Packs/MitreCaldera/Scripts/CalderaStartOperation/CalderaStartOperation.yml index 766e4d424559..5545dd3786c0 100644 --- a/Packs/MitreCaldera/Scripts/CalderaStartOperation/CalderaStartOperation.yml +++ b/Packs/MitreCaldera/Scripts/CalderaStartOperation/CalderaStartOperation.yml @@ -13,7 +13,7 @@ tags: enabled: true scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 6.2.0 tests: diff --git a/Packs/MitreCaldera/pack_metadata.json b/Packs/MitreCaldera/pack_metadata.json index e0f91c99d50e..1e1073e777be 100644 --- a/Packs/MitreCaldera/pack_metadata.json +++ b/Packs/MitreCaldera/pack_metadata.json @@ -2,7 +2,7 @@ "name": "MITRE Caldera", "description": "Interact with MITRE Caldera via the v2 API.", "support": "community", - "currentVersion": "1.0.4", + "currentVersion": "1.0.5", "author": "Adam Burt", "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions", "email": "", diff --git a/Packs/NCSCCyberAsssessmentFramework/ReleaseNotes/1_1_5.md b/Packs/NCSCCyberAsssessmentFramework/ReleaseNotes/1_1_5.md new file mode 100644 index 000000000000..7c63848d8ce9 --- /dev/null +++ b/Packs/NCSCCyberAsssessmentFramework/ReleaseNotes/1_1_5.md @@ -0,0 +1,42 @@ + +#### Scripts + +##### EntryWidgetNCSCResultsA + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### EntryWidgetNCSCResultsC + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### EntryWidgetNCSCResultsB + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### NCSCReportDetails + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### EntryWidgetNCSCResultsD + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### NCSCReportOverview + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### NCSCCalculateQuestionsScore + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### NCSCFieldProtection + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### NCSCReportDetails_D + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### NCSCReportDetails_B + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### NCSCQuestionPopulate + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### NCSCReportDetails_A + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### NCSCReportDetails_C + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/NCSCCyberAsssessmentFramework/Scripts/EntryWidgetNCSCResultsA/EntryWidgetNCSCResultsA.yml b/Packs/NCSCCyberAsssessmentFramework/Scripts/EntryWidgetNCSCResultsA/EntryWidgetNCSCResultsA.yml index 9a4f4b149a2e..0ba1a95b6cc9 100644 --- a/Packs/NCSCCyberAsssessmentFramework/Scripts/EntryWidgetNCSCResultsA/EntryWidgetNCSCResultsA.yml +++ b/Packs/NCSCCyberAsssessmentFramework/Scripts/EntryWidgetNCSCResultsA/EntryWidgetNCSCResultsA.yml @@ -1,7 +1,7 @@ commonfields: id: EntryWidgetNCSCResultsA version: -1 -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: EntryWidgetNCSCResultsA runas: DBotWeakRole @@ -14,4 +14,4 @@ type: python fromversion: 6.0.0 tests: - No tests (auto formatted) -comment: 'This script populates results for the dynamic content shown in the incident layout.' +comment: This script populates results for the dynamic content shown in the incident layout. diff --git a/Packs/NCSCCyberAsssessmentFramework/Scripts/EntryWidgetNCSCResultsB/EntryWidgetNCSCResultsB.yml b/Packs/NCSCCyberAsssessmentFramework/Scripts/EntryWidgetNCSCResultsB/EntryWidgetNCSCResultsB.yml index 557564b307a5..7c1a6fb685f6 100644 --- a/Packs/NCSCCyberAsssessmentFramework/Scripts/EntryWidgetNCSCResultsB/EntryWidgetNCSCResultsB.yml +++ b/Packs/NCSCCyberAsssessmentFramework/Scripts/EntryWidgetNCSCResultsB/EntryWidgetNCSCResultsB.yml @@ -1,7 +1,7 @@ commonfields: id: EntryWidgetNCSCResultsB version: -1 -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: EntryWidgetNCSCResultsB runas: DBotWeakRole @@ -14,4 +14,4 @@ type: python fromversion: 6.0.0 tests: - No tests (auto formatted) -comment: 'This script populates results for the dynamic content shown in the incident layout.' +comment: This script populates results for the dynamic content shown in the incident layout. diff --git a/Packs/NCSCCyberAsssessmentFramework/Scripts/EntryWidgetNCSCResultsC/EntryWidgetNCSCResultsC.yml b/Packs/NCSCCyberAsssessmentFramework/Scripts/EntryWidgetNCSCResultsC/EntryWidgetNCSCResultsC.yml index a60ff419593c..6b01c6ad0893 100644 --- a/Packs/NCSCCyberAsssessmentFramework/Scripts/EntryWidgetNCSCResultsC/EntryWidgetNCSCResultsC.yml +++ b/Packs/NCSCCyberAsssessmentFramework/Scripts/EntryWidgetNCSCResultsC/EntryWidgetNCSCResultsC.yml @@ -1,7 +1,7 @@ commonfields: id: EntryWidgetNCSCResultsC version: -1 -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: EntryWidgetNCSCResultsC runas: DBotWeakRole @@ -14,4 +14,4 @@ type: python fromversion: 6.0.0 tests: - No tests (auto formatted) -comment: 'This script populates results for the dynamic content shown in the incident layout.' +comment: This script populates results for the dynamic content shown in the incident layout. diff --git a/Packs/NCSCCyberAsssessmentFramework/Scripts/EntryWidgetNCSCResultsD/EntryWidgetNCSCResultsD.yml b/Packs/NCSCCyberAsssessmentFramework/Scripts/EntryWidgetNCSCResultsD/EntryWidgetNCSCResultsD.yml index 4e7f3cb5aaf8..e256bdc6b6d6 100644 --- a/Packs/NCSCCyberAsssessmentFramework/Scripts/EntryWidgetNCSCResultsD/EntryWidgetNCSCResultsD.yml +++ b/Packs/NCSCCyberAsssessmentFramework/Scripts/EntryWidgetNCSCResultsD/EntryWidgetNCSCResultsD.yml @@ -1,7 +1,7 @@ commonfields: id: EntryWidgetNCSCResultsD version: -1 -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: EntryWidgetNCSCResultsD runas: DBotWeakRole @@ -14,4 +14,4 @@ type: python fromversion: 6.0.0 tests: - No tests (auto formatted) -comment: 'This script populates results for the dynamic content shown in the incident layout.' +comment: This script populates results for the dynamic content shown in the incident layout. diff --git a/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCCalculateQuestionsScore/NCSCCalculateQuestionsScore.yml b/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCCalculateQuestionsScore/NCSCCalculateQuestionsScore.yml index 3631a421dddf..fcb7d0916000 100644 --- a/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCCalculateQuestionsScore/NCSCCalculateQuestionsScore.yml +++ b/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCCalculateQuestionsScore/NCSCCalculateQuestionsScore.yml @@ -8,7 +8,7 @@ args: commonfields: id: NCSCCalculateQuestionsScore version: -1 -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: NCSCCalculateQuestionsScore outputs: @@ -32,4 +32,4 @@ type: python fromversion: 6.0.0 tests: - No tests (auto formatted) -comment: 'This script calculates the score based on the question and answer responses.' +comment: This script calculates the score based on the question and answer responses. diff --git a/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCFieldProtection/NCSCFieldProtection.yml b/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCFieldProtection/NCSCFieldProtection.yml index ba88c5de0097..2abd9e2ef906 100644 --- a/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCFieldProtection/NCSCFieldProtection.yml +++ b/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCFieldProtection/NCSCFieldProtection.yml @@ -1,7 +1,7 @@ commonfields: id: NCSCFieldProtection version: -1 -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: NCSCFieldProtection runas: DBotWeakRole @@ -14,4 +14,4 @@ type: python fromversion: 6.0.0 tests: - No tests (auto formatted) -comment: 'This script protects the fields associated with the assessment from accidental modification.' +comment: This script protects the fields associated with the assessment from accidental modification. diff --git a/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCQuestionPopulate/NCSCQuestionPopulate.yml b/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCQuestionPopulate/NCSCQuestionPopulate.yml index 6a8ad346ca0d..ddcc60baace7 100644 --- a/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCQuestionPopulate/NCSCQuestionPopulate.yml +++ b/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCQuestionPopulate/NCSCQuestionPopulate.yml @@ -9,7 +9,7 @@ comment: Populate a list named "NCSC CAF Assessment" with a list of the NCSC Que enabled: true scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 5.0.0 tests: diff --git a/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetails/NCSCReportDetails.yml b/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetails/NCSCReportDetails.yml index 26608c0f54e7..44fbba4252c0 100644 --- a/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetails/NCSCReportDetails.yml +++ b/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetails/NCSCReportDetails.yml @@ -1,13 +1,15 @@ -comment: |- - This script generates the report details used in the final report. +comment: 'This script generates the report details used in the final report. + This automation runs using the default Limited User role, unless you explicitly change the permissions. + For more information, see the section about permissions here: - https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations + + https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations' commonfields: id: NCSCReportDetails version: -1 -dockerimage: demisto/python3:3.10.10.48392 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: NCSCReportDetails script: '' diff --git a/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetailsA/NCSCReportDetailsA.yml b/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetailsA/NCSCReportDetailsA.yml index c6c676792941..96ea732be21b 100644 --- a/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetailsA/NCSCReportDetailsA.yml +++ b/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetailsA/NCSCReportDetailsA.yml @@ -1,13 +1,15 @@ -comment: |- - This script generates the report details for the individual CAF Section. +comment: 'This script generates the report details for the individual CAF Section. + This automation runs using the default Limited User role, unless you explicitly change the permissions. + For more information, see the section about permissions here: - https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations + + https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations' commonfields: id: NCSCReportDetails_A version: -1 -dockerimage: demisto/python3:3.10.10.48392 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: NCSCReportDetails_A script: '' diff --git a/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetailsB/NCSCReportDetailsB.yml b/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetailsB/NCSCReportDetailsB.yml index 422e6b57cf75..6051769b551f 100644 --- a/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetailsB/NCSCReportDetailsB.yml +++ b/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetailsB/NCSCReportDetailsB.yml @@ -1,13 +1,15 @@ -comment: |- - This script generates the report details for the individual CAF Section. +comment: 'This script generates the report details for the individual CAF Section. + This automation runs using the default Limited User role, unless you explicitly change the permissions. + For more information, see the section about permissions here: - https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations + + https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations' commonfields: id: NCSCReportDetails_B version: -1 -dockerimage: demisto/python3:3.10.10.48392 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: NCSCReportDetails_B script: '' diff --git a/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetailsC/NCSCReportDetailsC.yml b/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetailsC/NCSCReportDetailsC.yml index 80e17a031e36..fe8fdd941cd5 100644 --- a/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetailsC/NCSCReportDetailsC.yml +++ b/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetailsC/NCSCReportDetailsC.yml @@ -1,13 +1,15 @@ -comment: |- - This script generates the report details for the individual CAF Section. +comment: 'This script generates the report details for the individual CAF Section. + This automation runs using the default Limited User role, unless you explicitly change the permissions. + For more information, see the section about permissions here: - https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations + + https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations' commonfields: id: NCSCReportDetails_C version: -1 -dockerimage: demisto/python3:3.10.10.48392 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: NCSCReportDetails_C script: '' diff --git a/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetailsD/NCSCReportDetailsD.yml b/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetailsD/NCSCReportDetailsD.yml index 0231adbb0a9e..ab9b7e0c8d9a 100644 --- a/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetailsD/NCSCReportDetailsD.yml +++ b/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportDetailsD/NCSCReportDetailsD.yml @@ -1,13 +1,15 @@ -comment: |- - This script generates the report details for the individual CAF Section. +comment: 'This script generates the report details for the individual CAF Section. + This automation runs using the default Limited User role, unless you explicitly change the permissions. + For more information, see the section about permissions here: - https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations + + https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations' commonfields: id: NCSCReportDetails_D version: -1 -dockerimage: demisto/python3:3.10.10.48392 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: NCSCReportDetails_D script: '' diff --git a/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportOverview/NCSCReportOverview.yml b/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportOverview/NCSCReportOverview.yml index a9605c14a25d..ca09961c8e18 100644 --- a/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportOverview/NCSCReportOverview.yml +++ b/Packs/NCSCCyberAsssessmentFramework/Scripts/NCSCReportOverview/NCSCReportOverview.yml @@ -1,13 +1,15 @@ -comment: |- - This script generates the report details for the individual CAF Section. +comment: 'This script generates the report details for the individual CAF Section. + This automation runs using the default Limited User role, unless you explicitly change the permissions. + For more information, see the section about permissions here: - https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations + + https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations' commonfields: id: NCSCReportOverview version: -1 -dockerimage: demisto/python3:3.10.10.48392 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: NCSCReportOverview script: '' diff --git a/Packs/NCSCCyberAsssessmentFramework/pack_metadata.json b/Packs/NCSCCyberAsssessmentFramework/pack_metadata.json index 60fb25b4db06..948ea09acf19 100644 --- a/Packs/NCSCCyberAsssessmentFramework/pack_metadata.json +++ b/Packs/NCSCCyberAsssessmentFramework/pack_metadata.json @@ -2,7 +2,7 @@ "name": "NCSC Cyber Asssessment Framework", "description": "This pack contains an incident type and relevant fields to initiate a self-assessment against the National Cyber Security Centre's Cyber Assessment Framework.\n\nAll assessment questions are sent via e-mail and the responses also sent via e-mail. The assessments can also be answered within the Cortex XSOAR platform.", "support": "community", - "currentVersion": "1.1.4", + "currentVersion": "1.1.5", "author": "Adam Burt", "url": "", "email": "", diff --git a/Packs/NTT_Cyber_Threat_Sensor/Integrations/NTT_Cyber_Threat_Sensor/NTT_Cyber_Threat_Sensor.yml b/Packs/NTT_Cyber_Threat_Sensor/Integrations/NTT_Cyber_Threat_Sensor/NTT_Cyber_Threat_Sensor.yml index 76f0b545cb71..4ca93bba0b76 100644 --- a/Packs/NTT_Cyber_Threat_Sensor/Integrations/NTT_Cyber_Threat_Sensor/NTT_Cyber_Threat_Sensor.yml +++ b/Packs/NTT_Cyber_Threat_Sensor/Integrations/NTT_Cyber_Threat_Sensor/NTT_Cyber_Threat_Sensor.yml @@ -8,7 +8,7 @@ description: Retrieve alerts and recommendations from NTT CTS configuration: - display: 'The API key for accessing CTS over AWS ' name: APIKEY - defaultvalue: "" + defaultvalue: '' type: 4 required: true - display: Tenant identification. UUID formatted string @@ -28,7 +28,7 @@ configuration: required: true - display: The unique key for accessing the alerts and active response recommendations name: SOARTOKEN - defaultvalue: "" + defaultvalue: '' type: 4 required: true - display: Fetch incidents @@ -115,7 +115,7 @@ script: type: boolean description: Collecting blobs, most commonly pcap from an incident execution: true - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 isfetch: true subtype: python3 fromversion: 5.0.0 diff --git a/Packs/NTT_Cyber_Threat_Sensor/ReleaseNotes/1_0_7.md b/Packs/NTT_Cyber_Threat_Sensor/ReleaseNotes/1_0_7.md new file mode 100644 index 000000000000..8773fcde2f34 --- /dev/null +++ b/Packs/NTT_Cyber_Threat_Sensor/ReleaseNotes/1_0_7.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### NTT Cyber Threat Sensor + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/NTT_Cyber_Threat_Sensor/pack_metadata.json b/Packs/NTT_Cyber_Threat_Sensor/pack_metadata.json index 88bb95c61ad6..a3a14968725e 100644 --- a/Packs/NTT_Cyber_Threat_Sensor/pack_metadata.json +++ b/Packs/NTT_Cyber_Threat_Sensor/pack_metadata.json @@ -2,7 +2,7 @@ "name": "NTT Cyber Threat Sensor", "description": "NTT Cyber Threat Sensor integration", "support": "community", - "currentVersion": "1.0.6", + "currentVersion": "1.0.7", "author": "NTT Ltd.", "url": "https://www.global.ntt", "email": "servicedesk@global.ntt", diff --git a/Packs/Nexthink/Integrations/Nexthink/Nexthink.yml b/Packs/Nexthink/Integrations/Nexthink/Nexthink.yml index 541220839f4e..c997d3176b7d 100644 --- a/Packs/Nexthink/Integrations/Nexthink/Nexthink.yml +++ b/Packs/Nexthink/Integrations/Nexthink/Nexthink.yml @@ -121,7 +121,7 @@ script: - contextPath: Nexthink.Endpoint.MACAddress description: Endpoint MAC address. type: string - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '' subtype: python3 diff --git a/Packs/Nexthink/ReleaseNotes/1_0_4.md b/Packs/Nexthink/ReleaseNotes/1_0_4.md new file mode 100644 index 000000000000..6e44cd60f9e7 --- /dev/null +++ b/Packs/Nexthink/ReleaseNotes/1_0_4.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Nexthink + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/Nexthink/pack_metadata.json b/Packs/Nexthink/pack_metadata.json index 5147babb3019..b582adb58349 100644 --- a/Packs/Nexthink/pack_metadata.json +++ b/Packs/Nexthink/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Nexthink", "description": "Nexthink helps IT teams deliver on the promise of the modern digital workplace.", "support": "community", - "currentVersion": "1.0.3", + "currentVersion": "1.0.4", "author": "Farrukh Ahmed", "url": "", "email": "", diff --git a/Packs/OpenSourceVulnerabilities/Integrations/OSV/OSV.yml b/Packs/OpenSourceVulnerabilities/Integrations/OSV/OSV.yml index 6119b7ee3bb8..5432a3433f7a 100644 --- a/Packs/OpenSourceVulnerabilities/Integrations/OSV/OSV.yml +++ b/Packs/OpenSourceVulnerabilities/Integrations/OSV/OSV.yml @@ -146,7 +146,7 @@ script: - contextPath: OSV.VulnerabilityList.vulns.references.url description: Reference URL for more details. type: string - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 script: '' subtype: python3 type: python diff --git a/Packs/OpenSourceVulnerabilities/ReleaseNotes/1_0_2.md b/Packs/OpenSourceVulnerabilities/ReleaseNotes/1_0_2.md new file mode 100644 index 000000000000..62bdf58a1899 --- /dev/null +++ b/Packs/OpenSourceVulnerabilities/ReleaseNotes/1_0_2.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### OSV + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/OpenSourceVulnerabilities/pack_metadata.json b/Packs/OpenSourceVulnerabilities/pack_metadata.json index ab8cd2204903..5f9a7707cecf 100644 --- a/Packs/OpenSourceVulnerabilities/pack_metadata.json +++ b/Packs/OpenSourceVulnerabilities/pack_metadata.json @@ -2,7 +2,7 @@ "name": "OpenSourceVulnerabilities", "description": "OSV (Open Source Vulnerability) is a vulnerability database for open source projects. For each vulnerability, it perform bisects to figure out the exact commit that introduces the bug, as well the exact commit that fixes it. This is cross referenced against upstream repositories to figure out the affected tags and commit ranges", "support": "community", - "currentVersion": "1.0.1", + "currentVersion": "1.0.2", "author": "Anil Agrawal", "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions", "email": "", diff --git a/Packs/OracleCloudInfrastructureFeed/Integrations/OracleCloudInfrastructureFeed/OracleCloudInfrastructureFeed.yml b/Packs/OracleCloudInfrastructureFeed/Integrations/OracleCloudInfrastructureFeed/OracleCloudInfrastructureFeed.yml index b2d37548bf04..927fbcae4b1a 100644 --- a/Packs/OracleCloudInfrastructureFeed/Integrations/OracleCloudInfrastructureFeed/OracleCloudInfrastructureFeed.yml +++ b/Packs/OracleCloudInfrastructureFeed/Integrations/OracleCloudInfrastructureFeed/OracleCloudInfrastructureFeed.yml @@ -3,7 +3,7 @@ commonfields: id: Oracle Cloud Infrastructure Feed version: -1 configuration: -- defaultvalue: "true" +- defaultvalue: 'true' display: Fetch indicators name: feed type: 8 @@ -47,13 +47,13 @@ configuration: - WHITE type: 15 required: false -- defaultvalue: "30" +- defaultvalue: '30' display: Feed Fetch Interval name: feedFetchInterval type: 19 required: false - additionalinfo: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system. - defaultvalue: "true" + defaultvalue: 'true' display: Bypass exclusion list name: feedBypassExclusionList type: 8 @@ -66,7 +66,7 @@ configuration: name: proxy type: 8 required: false -- display: "" +- display: '' name: feedExpirationPolicy options: - never @@ -75,7 +75,7 @@ configuration: - suddenDeath type: 17 required: false -- display: "" +- display: '' name: feedExpirationInterval type: 1 required: false @@ -84,25 +84,25 @@ configuration: name: feedTags type: 0 required: false -- defaultvalue: "false" +- defaultvalue: 'false' display: Create relationships name: create_relationships type: 8 required: false -description: |- - Oracle Cloud Infrastructure Feed (OCI Feed) - This feed provides information about public IP address ranges for services that are deployed in Oracle Cloud Infrastructure. +description: 'Oracle Cloud Infrastructure Feed (OCI Feed) + + This feed provides information about public IP address ranges for services that are deployed in Oracle Cloud Infrastructure.' display: Oracle Cloud Infrastructure Feed name: Oracle Cloud Infrastructure Feed script: commands: - arguments: - - defaultValue: "10" + - defaultValue: '10' description: The maximum number of results to return. name: limit description: Gets indicators from the feed. name: oci-get-indicators - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 feed: true script: '' subtype: python3 diff --git a/Packs/OracleCloudInfrastructureFeed/ReleaseNotes/1_0_1.md b/Packs/OracleCloudInfrastructureFeed/ReleaseNotes/1_0_1.md new file mode 100644 index 000000000000..26252621b596 --- /dev/null +++ b/Packs/OracleCloudInfrastructureFeed/ReleaseNotes/1_0_1.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Oracle Cloud Infrastructure Feed + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/OracleCloudInfrastructureFeed/pack_metadata.json b/Packs/OracleCloudInfrastructureFeed/pack_metadata.json index 6e1fcb71fdc0..be1efbe17f34 100644 --- a/Packs/OracleCloudInfrastructureFeed/pack_metadata.json +++ b/Packs/OracleCloudInfrastructureFeed/pack_metadata.json @@ -2,13 +2,13 @@ "name": "Oracle Cloud Infrastructure Feed", "description": "This feed provides information about public IP address ranges for services that are deployed in Oracle Cloud Infrastructure.\nSee additional information in this link:\nhttps://docs.oracle.com/en-us/iaas/Content/General/Concepts/addressranges.htm", "support": "community", - "currentVersion": "1.0.0", + "currentVersion": "1.0.1", "author": "Rod Gonzalez", "url": "", "email": "", "created": "2023-06-22T18:59:06Z", "categories": [ - "Cloud Services" + "Cloud Services" ], "tags": [], "useCases": [], diff --git a/Packs/PANOSPolicyOptimizer/ReleaseNotes/1_1_28.md b/Packs/PANOSPolicyOptimizer/ReleaseNotes/1_1_28.md new file mode 100644 index 000000000000..f11f4ca75551 --- /dev/null +++ b/Packs/PANOSPolicyOptimizer/ReleaseNotes/1_1_28.md @@ -0,0 +1,12 @@ + +#### Scripts + +##### EntryWidgetPortBasedRules + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### EntryWidgetUnusedApplications + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### EntryWidgetUnusedRules + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/PANOSPolicyOptimizer/Scripts/EntryWidgetPortBasedRules/EntryWidgetPortBasedRules.yml b/Packs/PANOSPolicyOptimizer/Scripts/EntryWidgetPortBasedRules/EntryWidgetPortBasedRules.yml index ef87ecb9b512..5c10d0db0787 100644 --- a/Packs/PANOSPolicyOptimizer/Scripts/EntryWidgetPortBasedRules/EntryWidgetPortBasedRules.yml +++ b/Packs/PANOSPolicyOptimizer/Scripts/EntryWidgetPortBasedRules/EntryWidgetPortBasedRules.yml @@ -2,7 +2,7 @@ comment: Entry widget that returns the number of port based rules found by PAN-O commonfields: id: EntryWidgetPortBasedRules version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: EntryWidgetPortBasedRules runas: DBotWeakRole diff --git a/Packs/PANOSPolicyOptimizer/Scripts/EntryWidgetUnusedApplications/EntryWidgetUnusedApplications.yml b/Packs/PANOSPolicyOptimizer/Scripts/EntryWidgetUnusedApplications/EntryWidgetUnusedApplications.yml index 141b8eac9108..d97093b34c62 100644 --- a/Packs/PANOSPolicyOptimizer/Scripts/EntryWidgetUnusedApplications/EntryWidgetUnusedApplications.yml +++ b/Packs/PANOSPolicyOptimizer/Scripts/EntryWidgetUnusedApplications/EntryWidgetUnusedApplications.yml @@ -2,7 +2,7 @@ comment: Entry widget that returns the number of rules with unused applications commonfields: id: EntryWidgetUnusedApplications version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: EntryWidgetUnusedApplications runas: DBotWeakRole diff --git a/Packs/PANOSPolicyOptimizer/Scripts/EntryWidgetUnusedRules/EntryWidgetUnusedRules.yml b/Packs/PANOSPolicyOptimizer/Scripts/EntryWidgetUnusedRules/EntryWidgetUnusedRules.yml index dabe4b4ec485..b84fdfef0b53 100644 --- a/Packs/PANOSPolicyOptimizer/Scripts/EntryWidgetUnusedRules/EntryWidgetUnusedRules.yml +++ b/Packs/PANOSPolicyOptimizer/Scripts/EntryWidgetUnusedRules/EntryWidgetUnusedRules.yml @@ -2,7 +2,7 @@ comment: Entry widget that returns the number of unused rules found by PAN-OS po commonfields: id: EntryWidgetUnusedRules version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: EntryWidgetUnusedRules runas: DBotWeakRole diff --git a/Packs/PANOSPolicyOptimizer/pack_metadata.json b/Packs/PANOSPolicyOptimizer/pack_metadata.json index 0115c32f9991..f15501889ab3 100644 --- a/Packs/PANOSPolicyOptimizer/pack_metadata.json +++ b/Packs/PANOSPolicyOptimizer/pack_metadata.json @@ -2,7 +2,7 @@ "name": "PAN-OS Policy Optimizer (beta)", "description": "This integration introduces Policy Optimizer and DAG features that are not available through the regular PAN API", "support": "community", - "currentVersion": "1.1.27", + "currentVersion": "1.1.28", "author": "Maciej Drobniuch and Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/PANOStoCDLMonitoring/ReleaseNotes/1_0_15.md b/Packs/PANOStoCDLMonitoring/ReleaseNotes/1_0_15.md new file mode 100644 index 000000000000..110999ac7c35 --- /dev/null +++ b/Packs/PANOStoCDLMonitoring/ReleaseNotes/1_0_15.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### PANOStoCortexDataLakeMonitoring + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/PANOStoCDLMonitoring/Scripts/PANOStoCortexDataLakeMonitoring/PANOStoCortexDataLakeMonitoring.yml b/Packs/PANOStoCDLMonitoring/Scripts/PANOStoCortexDataLakeMonitoring/PANOStoCortexDataLakeMonitoring.yml index 818680c7d584..6afa97b39f7a 100644 --- a/Packs/PANOStoCDLMonitoring/Scripts/PANOStoCortexDataLakeMonitoring/PANOStoCortexDataLakeMonitoring.yml +++ b/Packs/PANOStoCDLMonitoring/Scripts/PANOStoCortexDataLakeMonitoring/PANOStoCortexDataLakeMonitoring.yml @@ -7,7 +7,9 @@ args: name: fw_serials - description: PAN-OS integration instance name to retrieve Firewalls serials list. name: pan_os_integration_instance_name -comment: "Verify that all firewalls successfully pushed logs to the Cortex Data Lake for the last 12 hours. It's an easy way to do monitoring of the FW connection to CDL.\nYou can use either a manual list of FW serials or a Panorama integration to get the list of equipment to monitor. " +comment: 'Verify that all firewalls successfully pushed logs to the Cortex Data Lake for the last 12 hours. It''s an easy way to do monitoring of the FW connection to CDL. + + You can use either a manual list of FW serials or a Panorama integration to get the list of equipment to monitor. ' dependson: must: - pan-os @@ -27,7 +29,7 @@ tags: - XDR type: python subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 fromversion: 6.0.0 tests: - No tests (auto formatted) diff --git a/Packs/PANOStoCDLMonitoring/pack_metadata.json b/Packs/PANOStoCDLMonitoring/pack_metadata.json index daae061c05ae..6ab479760274 100644 --- a/Packs/PANOStoCDLMonitoring/pack_metadata.json +++ b/Packs/PANOStoCDLMonitoring/pack_metadata.json @@ -2,7 +2,7 @@ "name": "PAN-OS to Strata Logging Service Monitoring", "description": "Monitor the PAN-OS FW log upload to the Strata Logging Service in a reoccurring job. The key pre-requisite is the configuration of the Strata Logging Service integration.", "support": "community", - "currentVersion": "1.0.14", + "currentVersion": "1.0.15", "fromversion": "6.0.0", "author": "Brice RENAUD", "url": "", diff --git a/Packs/PassiveTotal/ReleaseNotes/2_1_16.md b/Packs/PassiveTotal/ReleaseNotes/2_1_16.md new file mode 100644 index 000000000000..c729eab5377a --- /dev/null +++ b/Packs/PassiveTotal/ReleaseNotes/2_1_16.md @@ -0,0 +1,51 @@ + +#### Scripts + +##### RiskIQPassiveTotalTrackersScript + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### RiskIQPassiveTotalSSLForSubjectEmailWidgetScript + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### RiskIQPassiveTotalPDNSScript + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### RiskIQPassiveTotalSSLForIssuerEmailWidgetScript + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### RiskIQPassiveTotalPDNSWidgetScript + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### RiskIQPassiveTotalHostPairsParentsWidgetScript + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### RiskIQPassiveTotalWhoisScript + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### RiskIQPassiveTotalSSLScript + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### RiskIQPassiveTotalHostPairsChildrenWidgetScript + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### RiskIQPassiveTotalHostPairChildrenScript + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### RiskIQPassiveTotalHostPairParentsScript + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### RiskIQPassiveTotalSSLWidgetScript + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### RiskIQPassiveTotalTrackersWidgetScript + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### RiskIQPassiveTotalComponentsScript + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### RiskIQPassiveTotalWhoisWidgetScript + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### RiskIQPassiveTotalComponentsWidgetScript + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalComponentsScript/RiskIQPassiveTotalComponentsScript.yml b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalComponentsScript/RiskIQPassiveTotalComponentsScript.yml index a3a24f9b7c07..d3690cb983d2 100644 --- a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalComponentsScript/RiskIQPassiveTotalComponentsScript.yml +++ b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalComponentsScript/RiskIQPassiveTotalComponentsScript.yml @@ -15,7 +15,7 @@ tags: - enhancement timeout: '0' type: python -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole dependson: must: diff --git a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalComponentsWidgetScript/RiskIQPassiveTotalComponentsWidgetScript.yml b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalComponentsWidgetScript/RiskIQPassiveTotalComponentsWidgetScript.yml index 21eed530fa05..65e262d9ad1b 100644 --- a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalComponentsWidgetScript/RiskIQPassiveTotalComponentsWidgetScript.yml +++ b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalComponentsWidgetScript/RiskIQPassiveTotalComponentsWidgetScript.yml @@ -13,7 +13,7 @@ tags: - dynamic-indicator-section timeout: 300ns type: python -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole tests: - No tests (auto formatted) diff --git a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalHostPairChildrenScript/RiskIQPassiveTotalHostPairChildrenScript.yml b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalHostPairChildrenScript/RiskIQPassiveTotalHostPairChildrenScript.yml index f34a331f8311..f1e659e4d6c6 100644 --- a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalHostPairChildrenScript/RiskIQPassiveTotalHostPairChildrenScript.yml +++ b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalHostPairChildrenScript/RiskIQPassiveTotalHostPairChildrenScript.yml @@ -18,7 +18,7 @@ subtype: python3 dependson: must: - '|||pt-get-host-pairs' -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 5.0.0 tests: diff --git a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalHostPairParentsScript/RiskIQPassiveTotalHostPairParentsScript.yml b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalHostPairParentsScript/RiskIQPassiveTotalHostPairParentsScript.yml index fc9030749b34..154db2cdc57c 100644 --- a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalHostPairParentsScript/RiskIQPassiveTotalHostPairParentsScript.yml +++ b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalHostPairParentsScript/RiskIQPassiveTotalHostPairParentsScript.yml @@ -18,7 +18,7 @@ subtype: python3 dependson: must: - '|||pt-get-host-pairs' -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 5.0.0 tests: diff --git a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalHostPairsChildrenWidgetScript/RiskIQPassiveTotalHostPairsChildrenWidgetScript.yml b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalHostPairsChildrenWidgetScript/RiskIQPassiveTotalHostPairsChildrenWidgetScript.yml index 04d941005f3f..89c803dfb02d 100644 --- a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalHostPairsChildrenWidgetScript/RiskIQPassiveTotalHostPairsChildrenWidgetScript.yml +++ b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalHostPairsChildrenWidgetScript/RiskIQPassiveTotalHostPairsChildrenWidgetScript.yml @@ -13,7 +13,7 @@ tags: - dynamic-indicator-section timeout: 300ns type: python -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole tests: - No tests (auto formatted) diff --git a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalHostPairsParentsWidgetScript/RiskIQPassiveTotalHostPairsParentsWidgetScript.yml b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalHostPairsParentsWidgetScript/RiskIQPassiveTotalHostPairsParentsWidgetScript.yml index 00752d010a8c..f5e37213e685 100644 --- a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalHostPairsParentsWidgetScript/RiskIQPassiveTotalHostPairsParentsWidgetScript.yml +++ b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalHostPairsParentsWidgetScript/RiskIQPassiveTotalHostPairsParentsWidgetScript.yml @@ -13,7 +13,7 @@ tags: - dynamic-indicator-section timeout: 300ns type: python -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole tests: - No tests (auto formatted) diff --git a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalPDNSScript/RiskIQPassiveTotalPDNSScript.yml b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalPDNSScript/RiskIQPassiveTotalPDNSScript.yml index 55e892444814..0ad064a550a9 100644 --- a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalPDNSScript/RiskIQPassiveTotalPDNSScript.yml +++ b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalPDNSScript/RiskIQPassiveTotalPDNSScript.yml @@ -20,4 +20,4 @@ type: python fromversion: 5.0.0 tests: - No tests (auto formatted) -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 diff --git a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalPDNSWidgetScript/RiskIQPassiveTotalPDNSWidgetScript.yml b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalPDNSWidgetScript/RiskIQPassiveTotalPDNSWidgetScript.yml index 30142c4c2ef2..bf29da031a22 100644 --- a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalPDNSWidgetScript/RiskIQPassiveTotalPDNSWidgetScript.yml +++ b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalPDNSWidgetScript/RiskIQPassiveTotalPDNSWidgetScript.yml @@ -13,7 +13,7 @@ tags: - dynamic-indicator-section timeout: 300ns type: python -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole tests: - No tests (auto formatted) diff --git a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalSSLForIssuerEmailWidgetScript/RiskIQPassiveTotalSSLForIssuerEmailWidgetScript.yml b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalSSLForIssuerEmailWidgetScript/RiskIQPassiveTotalSSLForIssuerEmailWidgetScript.yml index 6e83718ade9f..3ffe9dd0307e 100644 --- a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalSSLForIssuerEmailWidgetScript/RiskIQPassiveTotalSSLForIssuerEmailWidgetScript.yml +++ b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalSSLForIssuerEmailWidgetScript/RiskIQPassiveTotalSSLForIssuerEmailWidgetScript.yml @@ -13,7 +13,7 @@ tags: - dynamic-indicator-section timeout: 300ns type: python -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole tests: - No tests (auto formatted) diff --git a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalSSLForSubjectEmailWidgetScript/RiskIQPassiveTotalSSLForSubjectEmailWidgetScript.yml b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalSSLForSubjectEmailWidgetScript/RiskIQPassiveTotalSSLForSubjectEmailWidgetScript.yml index 4423fabea7b3..ec79e90352ec 100644 --- a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalSSLForSubjectEmailWidgetScript/RiskIQPassiveTotalSSLForSubjectEmailWidgetScript.yml +++ b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalSSLForSubjectEmailWidgetScript/RiskIQPassiveTotalSSLForSubjectEmailWidgetScript.yml @@ -13,7 +13,7 @@ tags: - dynamic-indicator-section timeout: 300ns type: python -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole tests: - No tests (auto formatted) diff --git a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalSSLScript/RiskIQPassiveTotalSSLScript.yml b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalSSLScript/RiskIQPassiveTotalSSLScript.yml index 045fc55700a9..fa3d6da45120 100644 --- a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalSSLScript/RiskIQPassiveTotalSSLScript.yml +++ b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalSSLScript/RiskIQPassiveTotalSSLScript.yml @@ -18,7 +18,7 @@ subtype: python3 dependson: must: - '|||pt-ssl-cert-search' -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 5.0.0 tests: diff --git a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalSSLWidgetScript/RiskIQPassiveTotalSSLWidgetScript.yml b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalSSLWidgetScript/RiskIQPassiveTotalSSLWidgetScript.yml index 9cd7e0b6ff64..1f76f75be8ba 100644 --- a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalSSLWidgetScript/RiskIQPassiveTotalSSLWidgetScript.yml +++ b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalSSLWidgetScript/RiskIQPassiveTotalSSLWidgetScript.yml @@ -13,7 +13,7 @@ tags: - dynamic-indicator-section timeout: 300ns type: python -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole tests: - No tests (auto formatted) diff --git a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalTrackersScript/RiskIQPassiveTotalTrackersScript.yml b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalTrackersScript/RiskIQPassiveTotalTrackersScript.yml index e358f8443904..62b5a157e434 100644 --- a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalTrackersScript/RiskIQPassiveTotalTrackersScript.yml +++ b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalTrackersScript/RiskIQPassiveTotalTrackersScript.yml @@ -22,4 +22,4 @@ runas: DBotWeakRole fromversion: 5.0.0 tests: - No tests (auto formatted) -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 diff --git a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalTrackersWidgetScript/RiskIQPassiveTotalTrackersWidgetScript.yml b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalTrackersWidgetScript/RiskIQPassiveTotalTrackersWidgetScript.yml index 675e3af04787..76bafac44d6a 100644 --- a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalTrackersWidgetScript/RiskIQPassiveTotalTrackersWidgetScript.yml +++ b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalTrackersWidgetScript/RiskIQPassiveTotalTrackersWidgetScript.yml @@ -13,7 +13,7 @@ tags: - dynamic-indicator-section timeout: 300ns type: python -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole tests: - No tests (auto formatted) diff --git a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalWhoisScript/RiskIQPassiveTotalWhoisScript.yml b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalWhoisScript/RiskIQPassiveTotalWhoisScript.yml index 43eea907a03d..10c399de766c 100644 --- a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalWhoisScript/RiskIQPassiveTotalWhoisScript.yml +++ b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalWhoisScript/RiskIQPassiveTotalWhoisScript.yml @@ -18,7 +18,7 @@ tags: - enhancement timeout: '0' type: python -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole tests: - No tests (auto formatted) diff --git a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalWhoisWidgetScript/RiskIQPassiveTotalWhoisWidgetScript.yml b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalWhoisWidgetScript/RiskIQPassiveTotalWhoisWidgetScript.yml index 0af24b5d4156..cbebbfc3ffe9 100644 --- a/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalWhoisWidgetScript/RiskIQPassiveTotalWhoisWidgetScript.yml +++ b/Packs/PassiveTotal/Scripts/RiskIQPassiveTotalWhoisWidgetScript/RiskIQPassiveTotalWhoisWidgetScript.yml @@ -13,7 +13,7 @@ tags: - dynamic-indicator-section timeout: 300ns type: python -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole tests: - No tests (auto formatted) diff --git a/Packs/PassiveTotal/pack_metadata.json b/Packs/PassiveTotal/pack_metadata.json index c9282c84ce15..0b52ad60e5b5 100644 --- a/Packs/PassiveTotal/pack_metadata.json +++ b/Packs/PassiveTotal/pack_metadata.json @@ -2,7 +2,7 @@ "name": "PassiveTotal", "description": "Analyze and understand threat infrastructure from a variety of sources–passive DNS, active DNS, WHOIS, SSL certificates and more–without devoting resources to time-intensive manual threat research and analysis", "support": "community", - "currentVersion": "2.1.15", + "currentVersion": "2.1.16", "author": "RiskIQ", "url": "https://www.riskiq.com/resources/support/", "email": "paloaltonetworks@riskiq.net", diff --git a/Packs/PostmarkSpamcheck/Integrations/PostmarkSpamcheck/PostmarkSpamcheck.yml b/Packs/PostmarkSpamcheck/Integrations/PostmarkSpamcheck/PostmarkSpamcheck.yml index fbccb4333072..228244e6da42 100644 --- a/Packs/PostmarkSpamcheck/Integrations/PostmarkSpamcheck/PostmarkSpamcheck.yml +++ b/Packs/PostmarkSpamcheck/Integrations/PostmarkSpamcheck/PostmarkSpamcheck.yml @@ -6,7 +6,7 @@ display: Postmark Spamcheck category: Messaging and Conferencing description: Postmark's spam API, Spamcheck, is a RESTfull interface to the Spam filter tool SpamAssassin. configuration: -- display: 'URL' +- display: URL name: base_url defaultvalue: https://spamcheck.postmarkapp.com type: 0 @@ -14,13 +14,13 @@ configuration: additionalinfo: Postmark Spamcheck API URL - display: Trust any certificate (not secure) name: insecure - defaultvalue: "false" + defaultvalue: 'false' type: 8 - additionalinfo: When ‘trust any certificate’ is selected, the integration ignores TLS/SSL certificate validation errors. Used to test connection issues or connect to a server without a valid certificate. + additionalinfo: "When 'trust any certificate' is selected, the integration ignores TLS/SSL certificate validation errors. Used to test connection issues or connect to a server without a valid certificate." required: false - display: Use system proxy settings name: proxy - defaultvalue: "false" + defaultvalue: 'false' type: 8 additionalinfo: Runs the integration instance using the proxy server (HTTP or HTTPS) that you defined in the server configuration. required: false @@ -36,8 +36,8 @@ script: - name: short auto: PREDEFINED predefined: - - "True" - - "False" + - 'True' + - 'False' description: Only return spam score outputs: - contextPath: Postmark.Spamcheck.score @@ -49,7 +49,7 @@ script: - contextPath: Postmark.Spamcheck.report description: Detailed SpamAssassin report description: Check the spamscore of your email message - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 subtype: python3 fromversion: 6.0.0 tests: diff --git a/Packs/PostmarkSpamcheck/ReleaseNotes/1_0_3.md b/Packs/PostmarkSpamcheck/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..b7f4ad71c808 --- /dev/null +++ b/Packs/PostmarkSpamcheck/ReleaseNotes/1_0_3.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Postmark Spamcheck + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/PostmarkSpamcheck/pack_metadata.json b/Packs/PostmarkSpamcheck/pack_metadata.json index d7f05a1427d7..8791503e577b 100644 --- a/Packs/PostmarkSpamcheck/pack_metadata.json +++ b/Packs/PostmarkSpamcheck/pack_metadata.json @@ -1,8 +1,8 @@ { "name": "Postmark Spamcheck", - "description": "Postmark\u2019s spam API, Spamcheck, is a RESTfull interface to the Spam filter tool SpamAssassin.", + "description": "Postmark’s spam API, Spamcheck, is a RESTfull interface to the Spam filter tool SpamAssassin.", "support": "community", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "NVISO", "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions", "email": "", diff --git a/Packs/Pulsedive/Integrations/Pulsedive/Pulsedive.yml b/Packs/Pulsedive/Integrations/Pulsedive/Pulsedive.yml index 99b0b2f1f2de..5d9814ca7981 100644 --- a/Packs/Pulsedive/Integrations/Pulsedive/Pulsedive.yml +++ b/Packs/Pulsedive/Integrations/Pulsedive/Pulsedive.yml @@ -445,7 +445,7 @@ script: - contextPath: URL.DATA description: The URL. type: String - dockerimage: demisto/python3:3.10.12.65389 + dockerimage: demisto/python3:3.10.14.100715 script: '' subtype: python3 type: python diff --git a/Packs/Pulsedive/ReleaseNotes/1_6_6.md b/Packs/Pulsedive/ReleaseNotes/1_6_6.md new file mode 100644 index 000000000000..f597311a7f4e --- /dev/null +++ b/Packs/Pulsedive/ReleaseNotes/1_6_6.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Pulsedive + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/Pulsedive/pack_metadata.json b/Packs/Pulsedive/pack_metadata.json index b405c7bffa0b..ae5875439af5 100644 --- a/Packs/Pulsedive/pack_metadata.json +++ b/Packs/Pulsedive/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Pulsedive", "description": "Leverage Pulsedive threat intelligence in Cortex XSOAR to enrich any domain, URL, or IP. Retrieve risk scores and factors, investigate contextual data, pivot on any data point, and investigate potential threats.", "support": "community", - "currentVersion": "1.6.5", + "currentVersion": "1.6.6", "author": "Konrad Zacharias", "url": "https://pulsedive.com", "email": "support@pulsedive.com ", diff --git a/Packs/QRCodeReader/Integrations/QRCodeReaderGoqrMe/QRCodeReaderGoqrMe.yml b/Packs/QRCodeReader/Integrations/QRCodeReaderGoqrMe/QRCodeReaderGoqrMe.yml index c53086e8ac93..0b8ec372d78d 100644 --- a/Packs/QRCodeReader/Integrations/QRCodeReaderGoqrMe/QRCodeReaderGoqrMe.yml +++ b/Packs/QRCodeReader/Integrations/QRCodeReaderGoqrMe/QRCodeReaderGoqrMe.yml @@ -3,7 +3,7 @@ commonfields: id: QR Code Reader - goqr.me version: -1 configuration: -- defaultvalue: "false" +- defaultvalue: 'false' display: Trust any certificate (not secure) name: insecure type: 8 @@ -26,7 +26,7 @@ script: description: Errors reading QR code - contextPath: GoQRCodeData.seq description: sequence numbers read from code - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '' subtype: python3 diff --git a/Packs/QRCodeReader/ReleaseNotes/1_0_6.md b/Packs/QRCodeReader/ReleaseNotes/1_0_6.md new file mode 100644 index 000000000000..13c4d3837fc9 --- /dev/null +++ b/Packs/QRCodeReader/ReleaseNotes/1_0_6.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### QR Code Reader - goqr.me + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/QRCodeReader/pack_metadata.json b/Packs/QRCodeReader/pack_metadata.json index 0baee697ac13..7cc3f74c1e2d 100644 --- a/Packs/QRCodeReader/pack_metadata.json +++ b/Packs/QRCodeReader/pack_metadata.json @@ -2,7 +2,7 @@ "name": "QR Code Reader", "description": "Pack contains an integration with api.qrserver.com to read QR codes from uploaded image files.", "support": "community", - "currentVersion": "1.0.5", + "currentVersion": "1.0.6", "author": "vibhuabharadwaj", "url": "", "email": "", diff --git a/Packs/Rapid7InsightVMCloud/Integrations/Rapid7InsightVMCloud/Rapid7InsightVMCloud.yml b/Packs/Rapid7InsightVMCloud/Integrations/Rapid7InsightVMCloud/Rapid7InsightVMCloud.yml index f0a87de4540c..7384645dad37 100644 --- a/Packs/Rapid7InsightVMCloud/Integrations/Rapid7InsightVMCloud/Rapid7InsightVMCloud.yml +++ b/Packs/Rapid7InsightVMCloud/Integrations/Rapid7InsightVMCloud/Rapid7InsightVMCloud.yml @@ -7,7 +7,7 @@ configuration: name: credentials required: true type: 9 -- defaultvalue: "false" +- defaultvalue: 'false' display: Trust any certificate (not secure) name: insecure type: 8 @@ -39,10 +39,10 @@ script: description: Retrieves the scan with the specified identifier. name: insightvm-cloud-get-scan - arguments: - - defaultValue: "0" + - defaultValue: '0' description: The index of the page to retrieve. name: page - - defaultValue: "10" + - defaultValue: '10' description: The number of records per page to retrieve. name: size description: Retrieves a page of scan engines. @@ -54,28 +54,28 @@ script: - description: Search criteria for filtering assets returned. name: hostname required: true - - defaultValue: "0" + - defaultValue: '0' description: The index of the page (zero-based) to retrieve. name: page - - defaultValue: "10" + - defaultValue: '10' description: The number of records per page to retrieve. name: size description: Returns the inventory, assessment, and summary details for a page of assets. name: insightvm-cloud-search-assets - arguments: - - defaultValue: "0" + - defaultValue: '0' description: The index of the page (zero-based) to retrieve. name: page - - defaultValue: "10" + - defaultValue: '10' description: The number of records per page to retrieve. name: size description: Returns the details for sites. name: insightvm-cloud-last-sites - arguments: - - defaultValue: "0" + - defaultValue: '0' description: The index of the page to retrieve. name: page - - defaultValue: "10" + - defaultValue: '10' description: The number of records per page to retrieve name: size - description: Query by which to search for vulnerabilities. @@ -97,7 +97,7 @@ script: required: true description: Stops the scan with the specified identifier. name: insightvm-cloud-stop-scan - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '' subtype: python3 diff --git a/Packs/Rapid7InsightVMCloud/ReleaseNotes/1_0_2.md b/Packs/Rapid7InsightVMCloud/ReleaseNotes/1_0_2.md new file mode 100644 index 000000000000..48cf42bf3168 --- /dev/null +++ b/Packs/Rapid7InsightVMCloud/ReleaseNotes/1_0_2.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Rapid7 InsightVM Cloud + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/Rapid7InsightVMCloud/pack_metadata.json b/Packs/Rapid7InsightVMCloud/pack_metadata.json index f403f3c75db7..fa0564225fb8 100644 --- a/Packs/Rapid7InsightVMCloud/pack_metadata.json +++ b/Packs/Rapid7InsightVMCloud/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Rapid7 InsightVM Cloud", "description": "Insight VM is a Vulnerability Management Tool which Scan your Network, Eliminate Vulnerabilities, Track and Communicate progress. ", "support": "community", - "currentVersion": "1.0.1", + "currentVersion": "1.0.2", "author": "thimanshu474", "url": "", "email": "", diff --git a/Packs/SSLCertificates/ReleaseNotes/1_0_2.md b/Packs/SSLCertificates/ReleaseNotes/1_0_2.md new file mode 100644 index 000000000000..920c8dc3e08d --- /dev/null +++ b/Packs/SSLCertificates/ReleaseNotes/1_0_2.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### SSLVerifierV2_ParseOutput + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/SSLCertificates/Scripts/SSLVerifierV2ParseOutput/SSLVerifierV2ParseOutput.yml b/Packs/SSLCertificates/Scripts/SSLVerifierV2ParseOutput/SSLVerifierV2ParseOutput.yml index c9fb8a3b8b69..f6620782987a 100644 --- a/Packs/SSLCertificates/Scripts/SSLVerifierV2ParseOutput/SSLVerifierV2ParseOutput.yml +++ b/Packs/SSLCertificates/Scripts/SSLVerifierV2ParseOutput/SSLVerifierV2ParseOutput.yml @@ -15,18 +15,18 @@ args: - all type: textArea - auto: PREDEFINED - defaultValue: "True" + defaultValue: 'True' description: 'Output the resulting tables to the war room? Default: true' name: OutputToWarRoom predefined: - - "True" - - "False" + - 'True' + - 'False' type: unknown comment: "Parses the output from the !SSLVerifierV2 automation into a markdown table and separate context key . \n\nThis automation uses the SSLVerifierV2 key by default, but a custom context key can be specified in the event extend-context is used with the SSLVerifierV2 automation. \n\nOption to specify whether to output certificates with an expiring, warning, or good status (or all at once). \n\nOption to specify whether or not to output the generated tables to the war room. \n\n" commonfields: id: SSLVerifierV2_ParseOutput version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: SSLVerifierV2_ParseOutput outputs: diff --git a/Packs/SSLCertificates/pack_metadata.json b/Packs/SSLCertificates/pack_metadata.json index 11fba65cfe84..959b271b1e61 100644 --- a/Packs/SSLCertificates/pack_metadata.json +++ b/Packs/SSLCertificates/pack_metadata.json @@ -2,12 +2,14 @@ "name": "SSL Certificates", "description": "SSL Certificate Content Pack for performing SSL Certificate validation.", "support": "community", - "currentVersion": "1.0.1", + "currentVersion": "1.0.2", "author": "Josh Levine", "url": "", "email": "", "created": "2023-02-01T17:39:08Z", - "categories": ["Utilities"], + "categories": [ + "Utilities" + ], "tags": [], "useCases": [], "keywords": [], @@ -18,4 +20,4 @@ "githubUser": [ "TerminalFin" ] -} +} \ No newline at end of file diff --git a/Packs/SalesforceIndicators/Integrations/SalesforceIndicators/SalesforceIndicators.yml b/Packs/SalesforceIndicators/Integrations/SalesforceIndicators/SalesforceIndicators.yml index dfbcdfa7e3e8..d5b4466f5ff6 100644 --- a/Packs/SalesforceIndicators/Integrations/SalesforceIndicators/SalesforceIndicators.yml +++ b/Packs/SalesforceIndicators/Integrations/SalesforceIndicators/SalesforceIndicators.yml @@ -97,7 +97,7 @@ configuration: name: key_field required: true type: 0 -- additionalinfo: "The SOQL filter to use (example: Id = '123' AND Name = 'Test')" +- additionalinfo: 'The SOQL filter to use (example: Id = ''123'' AND Name = ''Test'')' display: Filter name: filter type: 12 @@ -141,7 +141,7 @@ script: - arguments: [] name: salesforce-get-indicators description: Executes the fetch-indicators command - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 feed: true script: '' subtype: python3 diff --git a/Packs/SalesforceIndicators/ReleaseNotes/1_0_10.md b/Packs/SalesforceIndicators/ReleaseNotes/1_0_10.md new file mode 100644 index 000000000000..85791a300a35 --- /dev/null +++ b/Packs/SalesforceIndicators/ReleaseNotes/1_0_10.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Salesforce Indicators + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/SalesforceIndicators/pack_metadata.json b/Packs/SalesforceIndicators/pack_metadata.json index 8f58ca5fa2af..d5a737cc086e 100644 --- a/Packs/SalesforceIndicators/pack_metadata.json +++ b/Packs/SalesforceIndicators/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Salesforce Indicators", "description": "This pack contains 1 integration.\n\nThe Salesforce Indicator Integration allows you to pull in Salesforce objects as indicators.", "support": "community", - "currentVersion": "1.0.9", + "currentVersion": "1.0.10", "author": "Adam Burt", "url": "", "email": "", diff --git a/Packs/SalesforceV2/Integrations/SalesforceV2/SalesforceV2.yml b/Packs/SalesforceV2/Integrations/SalesforceV2/SalesforceV2.yml index 118cba740fb2..aed9f2a21180 100644 --- a/Packs/SalesforceV2/Integrations/SalesforceV2/SalesforceV2.yml +++ b/Packs/SalesforceV2/Integrations/SalesforceV2/SalesforceV2.yml @@ -37,7 +37,7 @@ configuration: - comments type: 15 required: false -- additionalinfo: "E.g.: OwnerId='0056s000000wGoWAAX'" +- additionalinfo: 'E.g.: OwnerId=''0056s000000wGoWAAX''' display: Define a query to determine which objects to fetch. name: condition type: 0 @@ -1083,7 +1083,7 @@ script: name: caseNumber description: Retrieve a case file by file ID. name: salesforce-get-case-file-by-id - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 isfetch: true ismappable: true isremotesyncin: true diff --git a/Packs/SalesforceV2/ReleaseNotes/1_0_5.md b/Packs/SalesforceV2/ReleaseNotes/1_0_5.md new file mode 100644 index 000000000000..3d6e45ac17b6 --- /dev/null +++ b/Packs/SalesforceV2/ReleaseNotes/1_0_5.md @@ -0,0 +1,15 @@ + +#### Integrations + +##### Salesforce v2 + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. + +#### Scripts + +##### SalesforceCaseStatusPicklist + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### SalesforceCaseStatus + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/SalesforceV2/Scripts/SalesforceCaseStatus/SalesforceCaseStatus.yml b/Packs/SalesforceV2/Scripts/SalesforceCaseStatus/SalesforceCaseStatus.yml index 4eb2068f9cc9..0009857a60b3 100644 --- a/Packs/SalesforceV2/Scripts/SalesforceCaseStatus/SalesforceCaseStatus.yml +++ b/Packs/SalesforceV2/Scripts/SalesforceCaseStatus/SalesforceCaseStatus.yml @@ -1,12 +1,13 @@ -comment: | - Populates the value of the Salesforce status field and displays it in a layout widget. +comment: 'Populates the value of the Salesforce status field and displays it in a layout widget. + + ' commonfields: id: SalesforceCaseStatus version: -1 contentitemexportablefields: contentitemfields: - fromServerVersion: "" -dockerimage: demisto/python3:3.10.12.63474 + fromServerVersion: '' +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: SalesforceCaseStatus runas: DBotWeakRole diff --git a/Packs/SalesforceV2/Scripts/SalesforceCaseStatusPicklist/SalesforceCaseStatusPicklist.yml b/Packs/SalesforceV2/Scripts/SalesforceCaseStatusPicklist/SalesforceCaseStatusPicklist.yml index 42e5e2739260..36ccb51f0544 100644 --- a/Packs/SalesforceV2/Scripts/SalesforceCaseStatusPicklist/SalesforceCaseStatusPicklist.yml +++ b/Packs/SalesforceV2/Scripts/SalesforceCaseStatusPicklist/SalesforceCaseStatusPicklist.yml @@ -1,11 +1,11 @@ -comment: 'Retrieves and displays the case status values from Salesforce.' +comment: Retrieves and displays the case status values from Salesforce. commonfields: id: SalesforceCaseStatusPicklist version: -1 contentitemexportablefields: contentitemfields: - fromServerVersion: "" -dockerimage: demisto/python3:3.10.12.63474 + fromServerVersion: '' +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: SalesforceCaseStatusPicklist runas: DBotWeakRole diff --git a/Packs/SalesforceV2/pack_metadata.json b/Packs/SalesforceV2/pack_metadata.json index 053e3ee78895..adc6bd1d1c59 100644 --- a/Packs/SalesforceV2/pack_metadata.json +++ b/Packs/SalesforceV2/pack_metadata.json @@ -2,7 +2,7 @@ "name": "SalesforceV2", "description": "CRM Services", "support": "community", - "currentVersion": "1.0.4", + "currentVersion": "1.0.5", "author": "Silviu-Mihail Dascalu", "url": "", "email": "sdascalu@paloaltonetworks.com", diff --git a/Packs/SecurityTrails/Integrations/SecurityTrails/SecurityTrails.yml b/Packs/SecurityTrails/Integrations/SecurityTrails/SecurityTrails.yml index ea7898eb651a..0dff92ae6601 100644 --- a/Packs/SecurityTrails/Integrations/SecurityTrails/SecurityTrails.yml +++ b/Packs/SecurityTrails/Integrations/SecurityTrails/SecurityTrails.yml @@ -60,12 +60,12 @@ script: name: hostname required: true - auto: PREDEFINED - defaultValue: "true" + defaultValue: 'true' description: Only return children subdomains name: children_only predefined: - - "true" - - "false" + - 'true' + - 'false' description: Returns child and sibling subdomains for a given hostname. name: securitytrails-get-subdomains outputs: @@ -531,21 +531,21 @@ script: type: string - arguments: - auto: PREDEFINED - defaultValue: "false" + defaultValue: 'false' description: Resolves any A records and additionally returns IP addresses. name: include_ips predefined: - - "false" - - "true" + - 'false' + - 'true' - description: The page of the returned results, starting at 1. A page returns 100 results. name: page - auto: PREDEFINED - defaultValue: "false" + defaultValue: 'false' description: Request scrolling. Only supported when query is used and not filter. See the Scrolling API endpoint. name: scroll predefined: - - "false" - - "true" + - 'false' + - 'true' - description: The DSL query you want to run (https://docs.securitytrails.com/docs/how-to-use-the-dsl). name: query - description: JSON dicitonary of filter terms (https://docs.securitytrails.com/reference#domain-search). Can not be used together with query. @@ -643,7 +643,7 @@ script: description: Associated Domain Count type: number - arguments: - - defaultValue: "1" + - defaultValue: '1' description: The page of the returned results, starting at 1. A page returns 100 results. name: page - description: The DSL query you want to run (https://docs.securitytrails.com/docs/how-to-use-the-dsl). @@ -730,7 +730,7 @@ script: - description: IP Address name: ipaddress required: true - - defaultValue: "1" + - defaultValue: '1' description: The page of the returned results, starting at 1. A page returns 100 results. name: page description: Fetch user agents seen during the last 30 days for a specific IPv4 address. It shows devices with egressing traffic based on large scale web server logs. The number of results is not limited. @@ -866,7 +866,7 @@ script: description: The phone number of the registrant. type: String - contextPath: Domain.WHOIS.Registrar.Name - description: "The name of the registrar, for example: `GoDaddy`" + description: 'The name of the registrar, for example: `GoDaddy`' type: String - contextPath: Domain.WHOIS.Registrar.Email description: The email address of the contact. @@ -899,16 +899,16 @@ script: - name: sql description: 'The SQL query to execute (example: SELECT attribute FROM table WHERE condition = "value")' required: true - defaultValue: "" + defaultValue: '' predefined: - - "" + - '' - name: timeout description: Read timeout for calls (default is 20 seconds) - defaultValue: "20" + defaultValue: '20' predefined: - - "" + - '' name: securitytrails-sql-query - description: "Queries the SecurityTrails SQL endpoint. The SecurityTrails SQL API provides a powerful SQL-like query interface to data via certain API endpoints. For a full reference of properties and operators please check the following link: https://securitytrails.com/reference/sql" + description: 'Queries the SecurityTrails SQL endpoint. The SecurityTrails SQL API provides a powerful SQL-like query interface to data via certain API endpoints. For a full reference of properties and operators please check the following link: https://securitytrails.com/reference/sql' outputs: - contextPath: Securitytrails.SQL.total description: The total number of hits discovered @@ -929,14 +929,14 @@ script: - name: id description: The ID to use to retrieve the next page of results required: true - defaultValue: "" + defaultValue: '' predefined: - - "" + - '' - name: timeout description: Read timeout for calls (default is 20 seconds) - defaultValue: "20" + defaultValue: '20' predefined: - - "" + - '' name: securitytrails-sql-get-next description: Retrieves the next page of results returned from a SQL query where the results exceeded the last page. outputs: @@ -951,7 +951,7 @@ script: - contextPath: Securitytrails.SQL.query description: The original query used type: string - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '' subtype: python3 diff --git a/Packs/SecurityTrails/ReleaseNotes/1_1_7.md b/Packs/SecurityTrails/ReleaseNotes/1_1_7.md new file mode 100644 index 000000000000..a8ada8b69571 --- /dev/null +++ b/Packs/SecurityTrails/ReleaseNotes/1_1_7.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### SecurityTrails + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/SecurityTrails/pack_metadata.json b/Packs/SecurityTrails/pack_metadata.json index 602bfede7ecb..b2befd079d20 100644 --- a/Packs/SecurityTrails/pack_metadata.json +++ b/Packs/SecurityTrails/pack_metadata.json @@ -2,7 +2,7 @@ "name": "SecurityTrails", "description": "Integration for the SecurityTrails platform.", "support": "community", - "currentVersion": "1.1.6", + "currentVersion": "1.1.7", "author": "Adam Burt", "url": "", "email": "", diff --git a/Packs/ShiftManagement-AssignToNextShift/ReleaseNotes/1_1_5.md b/Packs/ShiftManagement-AssignToNextShift/ReleaseNotes/1_1_5.md new file mode 100644 index 000000000000..498b3bb76c52 --- /dev/null +++ b/Packs/ShiftManagement-AssignToNextShift/ReleaseNotes/1_1_5.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### AssignToNextShift + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/ShiftManagement-AssignToNextShift/Scripts/AssignToNextShift/AssignToNextShift.yml b/Packs/ShiftManagement-AssignToNextShift/Scripts/AssignToNextShift/AssignToNextShift.yml index e7e8209fcda3..26739d705220 100644 --- a/Packs/ShiftManagement-AssignToNextShift/Scripts/AssignToNextShift/AssignToNextShift.yml +++ b/Packs/ShiftManagement-AssignToNextShift/Scripts/AssignToNextShift/AssignToNextShift.yml @@ -2,18 +2,22 @@ args: - description: The Incident IDs to reassign, can be a comma separated list (e.g. 1,2,3,4) name: incident_id required: true -comment: |- - Randomly assigns the incidents to users on call (requires shift management) and users on call. +comment: 'Randomly assigns the incidents to users on call (requires shift management) and users on call. + https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Shift-Management#idf554fd0f-f93b-40cd-9111-1393bf25ac6e + Incident Ids should be passed in as a comma separated list. + This automation runs using the default Limited User role, unless you explicitly change the permissions. + For more information, see the section about permissions here: - https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations + + https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations' commonfields: id: AssignToNextShift version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: AssignToNextShift script: '' diff --git a/Packs/ShiftManagement-AssignToNextShift/pack_metadata.json b/Packs/ShiftManagement-AssignToNextShift/pack_metadata.json index 98d3689f03e4..1796b3b99583 100644 --- a/Packs/ShiftManagement-AssignToNextShift/pack_metadata.json +++ b/Packs/ShiftManagement-AssignToNextShift/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Shift Management - Assign to Next Shift", "description": "Automation & Playbook to assign active Incidents to the next group of users on call. ", "support": "community", - "currentVersion": "1.1.4", + "currentVersion": "1.1.5", "author": "beauchompers", "url": "", "email": "", diff --git a/Packs/SimpleDebugger/ReleaseNotes/1_0_2.md b/Packs/SimpleDebugger/ReleaseNotes/1_0_2.md new file mode 100644 index 000000000000..a601f6308ed9 --- /dev/null +++ b/Packs/SimpleDebugger/ReleaseNotes/1_0_2.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### SimpleDebugger + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/SimpleDebugger/Scripts/SimpleDebugger/SimpleDebugger.yml b/Packs/SimpleDebugger/Scripts/SimpleDebugger/SimpleDebugger.yml index 12bb2cf5be28..56a6265336db 100644 --- a/Packs/SimpleDebugger/Scripts/SimpleDebugger/SimpleDebugger.yml +++ b/Packs/SimpleDebugger/Scripts/SimpleDebugger/SimpleDebugger.yml @@ -4,8 +4,8 @@ commonfields: version: -1 contentitemexportablefields: contentitemfields: - fromServerVersion: "" -dockerimage: demisto/python3:3.10.10.48392 + fromServerVersion: '' +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: SimpleDebugger runas: DBotWeakRole diff --git a/Packs/SimpleDebugger/pack_metadata.json b/Packs/SimpleDebugger/pack_metadata.json index 2e2c58c8981b..ee1e496bf87e 100644 --- a/Packs/SimpleDebugger/pack_metadata.json +++ b/Packs/SimpleDebugger/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Simple Debugger", "description": "This content pack provides a simple debugger for debugging custom python automations in XSOAR. You can visually trace code execution, set breakpoints, step through the code, display local variables, and profile execution times of python functions.", "support": "community", - "currentVersion": "1.0.1", + "currentVersion": "1.0.2", "author": "rurhrlaub", "url": "", "email": "", @@ -19,4 +19,4 @@ "githubUser": [ "rurhrlaub" ] -} +} \ No newline at end of file diff --git a/Packs/SnortIPBlocklist/Integrations/FeedSnortIPBlocklist/FeedSnortIPBlocklist.yml b/Packs/SnortIPBlocklist/Integrations/FeedSnortIPBlocklist/FeedSnortIPBlocklist.yml index a6358b1cae9a..2968ec1d3cd9 100644 --- a/Packs/SnortIPBlocklist/Integrations/FeedSnortIPBlocklist/FeedSnortIPBlocklist.yml +++ b/Packs/SnortIPBlocklist/Integrations/FeedSnortIPBlocklist/FeedSnortIPBlocklist.yml @@ -3,7 +3,7 @@ commonfields: id: Snort IP Blocklist Feed version: -1 configuration: -- defaultvalue: "true" +- defaultvalue: 'true' display: Fetch indicators name: feed type: 8 @@ -47,13 +47,13 @@ configuration: - WHITE type: 15 required: false -- defaultvalue: "480" +- defaultvalue: '480' display: Feed Fetch Interval name: feedFetchInterval type: 19 required: false - additionalinfo: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system. - defaultvalue: "true" + defaultvalue: 'true' display: Bypass exclusion list name: feedBypassExclusionList type: 8 @@ -66,7 +66,7 @@ configuration: name: proxy type: 8 required: false -- display: "" +- display: '' name: feedExpirationPolicy options: - never @@ -75,7 +75,7 @@ configuration: - suddenDeath type: 17 required: false -- display: "" +- display: '' name: feedExpirationInterval type: 1 required: false @@ -91,12 +91,12 @@ name: Snort IP Blocklist Feed script: commands: - arguments: - - defaultValue: "10" + - defaultValue: '10' description: The maximum number of IP indicators to return. name: limit description: Gets indicators from the feed. name: snort-get-ip-blocklist-indicators - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 feed: true script: '' subtype: python3 diff --git a/Packs/SnortIPBlocklist/ReleaseNotes/1_0_2.md b/Packs/SnortIPBlocklist/ReleaseNotes/1_0_2.md new file mode 100644 index 000000000000..07af4712237e --- /dev/null +++ b/Packs/SnortIPBlocklist/ReleaseNotes/1_0_2.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Snort IP Blocklist Feed + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/SnortIPBlocklist/pack_metadata.json b/Packs/SnortIPBlocklist/pack_metadata.json index ba2943b7ab37..68b6155f97bf 100644 --- a/Packs/SnortIPBlocklist/pack_metadata.json +++ b/Packs/SnortIPBlocklist/pack_metadata.json @@ -2,18 +2,22 @@ "name": "Snort IP Blocklist Feed", "description": "Snort IP Blocklist feed from https://www.snort.org/", "support": "community", - "currentVersion": "1.0.1", + "currentVersion": "1.0.2", "author": "Vibhu A Bharadwaj", "url": "", "email": "vbharadwaj@paloaltonetworks.com", "created": "2022-09-01T21:49:03Z", - "categories": ["Data Enrichment & Threat Intelligence"], + "categories": [ + "Data Enrichment & Threat Intelligence" + ], "tags": [ "Free Feed", "Plug & Fetch" ], "useCases": [], - "keywords": ["Feed"], + "keywords": [ + "Feed" + ], "marketplaces": [ "xsoar", "marketplacev2" @@ -21,4 +25,4 @@ "githubUser": [ "vibhuabharadwaj" ] -} +} \ No newline at end of file diff --git a/Packs/SpyCloud/Integrations/SpyCloud/SpyCloud.yml b/Packs/SpyCloud/Integrations/SpyCloud/SpyCloud.yml index 2d780e2bdf48..3120fce4f737 100644 --- a/Packs/SpyCloud/Integrations/SpyCloud/SpyCloud.yml +++ b/Packs/SpyCloud/Integrations/SpyCloud/SpyCloud.yml @@ -219,7 +219,7 @@ script: - contextPath: SpyCloud.Watchlist.domain description: The domain involved of the watchlist (if that type is selected) type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '' subtype: python3 diff --git a/Packs/SpyCloud/ReleaseNotes/1_0_4.md b/Packs/SpyCloud/ReleaseNotes/1_0_4.md new file mode 100644 index 000000000000..48e36274a382 --- /dev/null +++ b/Packs/SpyCloud/ReleaseNotes/1_0_4.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### SpyCloud + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/SpyCloud/pack_metadata.json b/Packs/SpyCloud/pack_metadata.json index 2cc8a2857d29..17aa292cde18 100644 --- a/Packs/SpyCloud/pack_metadata.json +++ b/Packs/SpyCloud/pack_metadata.json @@ -2,7 +2,7 @@ "name": "SpyCloud", "description": "Integration for retrieving data from the SpyCloud ATO API", "support": "community", - "currentVersion": "1.0.3", + "currentVersion": "1.0.4", "author": "Niels Heijmans", "url": "", "email": "", diff --git a/Packs/StarterPack/Integrations/BaseIntegration/BaseIntegration.yml b/Packs/StarterPack/Integrations/BaseIntegration/BaseIntegration.yml index f7455a2baadc..2af0cb63cf77 100644 --- a/Packs/StarterPack/Integrations/BaseIntegration/BaseIntegration.yml +++ b/Packs/StarterPack/Integrations/BaseIntegration/BaseIntegration.yml @@ -23,7 +23,7 @@ configuration: type: 8 required: false description: '[Enter a comprehensive, yet concise, description of what the integration does, what use cases it is designed for, etc.]' -display: 'Starter Base Integration - Name the integration as it will appear in the XSOAR UI' +display: Starter Base Integration - Name the integration as it will appear in the XSOAR UI name: BaseIntegration script: commands: @@ -41,7 +41,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 fromversion: 5.0.0 tests: - No tests (auto formatted) diff --git a/Packs/StarterPack/ReleaseNotes/1_0_13.md b/Packs/StarterPack/ReleaseNotes/1_0_13.md new file mode 100644 index 000000000000..c01f922a6b4f --- /dev/null +++ b/Packs/StarterPack/ReleaseNotes/1_0_13.md @@ -0,0 +1,12 @@ + +#### Integrations + +##### Starter Base Integration - Name the integration as it will appear in the XSOAR UI + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. + +#### Scripts + +##### BaseScript + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/StarterPack/Scripts/BaseScript/BaseScript.yml b/Packs/StarterPack/Scripts/BaseScript/BaseScript.yml index 26be0019b1ee..93f767a3e39f 100644 --- a/Packs/StarterPack/Scripts/BaseScript/BaseScript.yml +++ b/Packs/StarterPack/Scripts/BaseScript/BaseScript.yml @@ -17,5 +17,5 @@ tags: timeout: '0' type: python subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 fromversion: 5.0.0 diff --git a/Packs/StarterPack/pack_metadata.json b/Packs/StarterPack/pack_metadata.json index e1c357dbe48d..593af69b6462 100644 --- a/Packs/StarterPack/pack_metadata.json +++ b/Packs/StarterPack/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Starter Pack", "description": "Starter Pack for learning how to build new content in Cortex XSOAR", "support": "community", - "currentVersion": "1.0.12", + "currentVersion": "1.0.13", "author": "Cortex XSOAR", "url": "https://put_your_support_url_here", "email": "put_your_support_email@here", @@ -10,7 +10,9 @@ "categories": [ "Utilities" ], - "tags": ["Core"], + "tags": [ + "Core" + ], "useCases": [], "keywords": [], "marketplaces": [ diff --git a/Packs/TeamManagement/ReleaseNotes/1_0_3.md b/Packs/TeamManagement/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..21bf1904431b --- /dev/null +++ b/Packs/TeamManagement/ReleaseNotes/1_0_3.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### EnumerateRoles + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/TeamManagement/Scripts/EnumerateRoles/EnumerateRoles.yml b/Packs/TeamManagement/Scripts/EnumerateRoles/EnumerateRoles.yml index 864a2c213236..45b7f7e066d4 100644 --- a/Packs/TeamManagement/Scripts/EnumerateRoles/EnumerateRoles.yml +++ b/Packs/TeamManagement/Scripts/EnumerateRoles/EnumerateRoles.yml @@ -6,7 +6,7 @@ comment: The script will enumerate any provided role names and output the list o commonfields: id: EnumerateRoles version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: EnumerateRoles outputs: diff --git a/Packs/TeamManagement/pack_metadata.json b/Packs/TeamManagement/pack_metadata.json index 62dca8b25254..82c9535d939d 100644 --- a/Packs/TeamManagement/pack_metadata.json +++ b/Packs/TeamManagement/pack_metadata.json @@ -2,12 +2,14 @@ "name": "Team Management", "description": "This pack contains playbooks and automation scripts to help with the management of team members within an incident. It's current features include:\n\n- Ability to add team members to an incident based on username or role\n", "support": "community", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "Adam Burt", "url": "", "email": "", "created": "2021-06-09T12:29:39Z", - "categories": ["Data Enrichment & Threat Intelligence"], + "categories": [ + "Data Enrichment & Threat Intelligence" + ], "tags": [], "useCases": [], "keywords": [], diff --git a/Packs/ThousandEyes/Integrations/ThousandEyes/ThousandEyes.yml b/Packs/ThousandEyes/Integrations/ThousandEyes/ThousandEyes.yml index aa79c88613dd..0ce4b624ce39 100644 --- a/Packs/ThousandEyes/Integrations/ThousandEyes/ThousandEyes.yml +++ b/Packs/ThousandEyes/Integrations/ThousandEyes/ThousandEyes.yml @@ -1,13 +1,13 @@ category: Vulnerability Management commonfields: - id: 'ThousandEyes' + id: ThousandEyes version: -1 configuration: - display: Base API URL name: base_url required: true type: 0 -- display: "API Token" +- display: API Token name: credentials required: true hiddenusername: true @@ -16,7 +16,7 @@ configuration: name: isFetch type: 8 required: false -- defaultvalue: "1" +- defaultvalue: '1' display: Incidents Fetch Interval name: incidentFetchInterval type: 19 @@ -48,9 +48,9 @@ configuration: - CRITICAL type: 15 required: false -description: This Integration is used to to fetch-incidents via “Active alerts”, get alert details via “Alert details”, and get the “Agent list”. -display: 'ThousandEyes' -name: 'ThousandEyes' +description: 'This Integration is used to to fetch-incidents via "Active alerts", get alert details via "Alert details", and get the "Agent list".' +display: ThousandEyes +name: ThousandEyes script: commands: - arguments: @@ -149,7 +149,7 @@ script: required: true description: Fetches a given agent. name: thousandeyes-get-agent - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 isFetchSamples: true isfetch: true script: '' diff --git a/Packs/ThousandEyes/ReleaseNotes/1_0_2.md b/Packs/ThousandEyes/ReleaseNotes/1_0_2.md new file mode 100644 index 000000000000..b51a61d3a30c --- /dev/null +++ b/Packs/ThousandEyes/ReleaseNotes/1_0_2.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### ThousandEyes + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/ThousandEyes/pack_metadata.json b/Packs/ThousandEyes/pack_metadata.json index 3a523d09010e..34e9fa052838 100644 --- a/Packs/ThousandEyes/pack_metadata.json +++ b/Packs/ThousandEyes/pack_metadata.json @@ -2,12 +2,14 @@ "name": "ThousandEyes", "description": "This pack is used to to fetch-incidents, get alerts details and to get agent list", "support": "community", - "currentVersion": "1.0.1", + "currentVersion": "1.0.2", "author": "masquerad3r", "url": "", "email": "masquerad3r@gmail.com", "created": "2022-07-21T11:23:11Z", - "categories": ["Network Security"], + "categories": [ + "Network Security" + ], "tags": [], "useCases": [], "keywords": [], @@ -18,4 +20,4 @@ "xsoar", "marketplacev2" ] -} +} \ No newline at end of file diff --git a/Packs/Trello/Integrations/Trello/Trello.yml b/Packs/Trello/Integrations/Trello/Trello.yml index 97292109c6cb..5bb93039fcde 100644 --- a/Packs/Trello/Integrations/Trello/Trello.yml +++ b/Packs/Trello/Integrations/Trello/Trello.yml @@ -328,7 +328,7 @@ script: - contextPath: Trello.Cards.Labels.id description: Label ID type: Unknown - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 isfetch: true runonce: false script: '-' diff --git a/Packs/Trello/ReleaseNotes/1_0_10.md b/Packs/Trello/ReleaseNotes/1_0_10.md new file mode 100644 index 000000000000..c728f3cc654c --- /dev/null +++ b/Packs/Trello/ReleaseNotes/1_0_10.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Trello + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/Trello/pack_metadata.json b/Packs/Trello/pack_metadata.json index 125a461f6615..adb8776a199c 100644 --- a/Packs/Trello/pack_metadata.json +++ b/Packs/Trello/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Trello", "description": "Trello is a card-based activity tracker. Use this content pack to organize and prioritize your personal and work life using boards, lists, cards and so on.", "support": "community", - "currentVersion": "1.0.9", + "currentVersion": "1.0.10", "author": "Adam Baumeister", "url": "", "email": "", diff --git a/Packs/TwitterIOCHunter-FullDailyFeed/Integrations/TwitterIOCHunterFullDailyFeed/TwitterIOCHunterFullDailyFeed.yml b/Packs/TwitterIOCHunter-FullDailyFeed/Integrations/TwitterIOCHunterFullDailyFeed/TwitterIOCHunterFullDailyFeed.yml index 09616252bd1d..6031b72d5b12 100644 --- a/Packs/TwitterIOCHunter-FullDailyFeed/Integrations/TwitterIOCHunterFullDailyFeed/TwitterIOCHunterFullDailyFeed.yml +++ b/Packs/TwitterIOCHunter-FullDailyFeed/Integrations/TwitterIOCHunterFullDailyFeed/TwitterIOCHunterFullDailyFeed.yml @@ -102,7 +102,7 @@ script: - arguments: [] description: Get Indicators from TwitterIOCHunter name: twitteriochunter-get-indicators - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 feed: true isFetchSamples: true script: '' diff --git a/Packs/TwitterIOCHunter-FullDailyFeed/ReleaseNotes/1_0_6.md b/Packs/TwitterIOCHunter-FullDailyFeed/ReleaseNotes/1_0_6.md new file mode 100644 index 000000000000..4a3eac499a87 --- /dev/null +++ b/Packs/TwitterIOCHunter-FullDailyFeed/ReleaseNotes/1_0_6.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### TwitterIOCHunter Feed + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/TwitterIOCHunter-FullDailyFeed/pack_metadata.json b/Packs/TwitterIOCHunter-FullDailyFeed/pack_metadata.json index d19ac99ee8c9..994fadbe07bf 100644 --- a/Packs/TwitterIOCHunter-FullDailyFeed/pack_metadata.json +++ b/Packs/TwitterIOCHunter-FullDailyFeed/pack_metadata.json @@ -2,12 +2,14 @@ "name": "TwitterIOCHunter - Full Daily Feed", "description": "Implements the Twitter IOC project daily full feed as indicator feed into XSOAR. http://tweettioc.com/feed/api", "support": "community", - "currentVersion": "1.0.5", + "currentVersion": "1.0.6", "author": "Harri Ruuttila", "url": "", "email": "", "created": "2021-05-25T19:02:59Z", - "categories": ["Data Enrichment & Threat Intelligence"], + "categories": [ + "Data Enrichment & Threat Intelligence" + ], "tags": [ "Threat Intelligence Management", "Getting Started" @@ -21,4 +23,4 @@ "xsoar", "marketplacev2" ] -} +} \ No newline at end of file diff --git a/Packs/USTA/Integrations/USTA/USTA.yml b/Packs/USTA/Integrations/USTA/USTA.yml index 17337efd737c..8a27a4038040 100644 --- a/Packs/USTA/Integrations/USTA/USTA.yml +++ b/Packs/USTA/Integrations/USTA/USTA.yml @@ -23,7 +23,7 @@ configuration: name: proxy type: 8 required: false -description: "USTA is an Cyber Intelligence Platform that responds directly and effectively to today's complex cyber threats. " +description: 'USTA is an Cyber Intelligence Platform that responds directly and effectively to today''s complex cyber threats. ' display: USTA name: USTA script: @@ -251,7 +251,7 @@ script: - contextPath: Usta.CloseIncident.id description: If the incident is closed, returns the id value that was closed. name: usta-close-incident - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '' subtype: python3 diff --git a/Packs/USTA/ReleaseNotes/1_0_5.md b/Packs/USTA/ReleaseNotes/1_0_5.md new file mode 100644 index 000000000000..abccc608c9ca --- /dev/null +++ b/Packs/USTA/ReleaseNotes/1_0_5.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### USTA + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/USTA/pack_metadata.json b/Packs/USTA/pack_metadata.json index 7fb7a00507f8..c10cd26e3b69 100644 --- a/Packs/USTA/pack_metadata.json +++ b/Packs/USTA/pack_metadata.json @@ -2,7 +2,7 @@ "name": "USTA", "description": "USTA is developed and operated by PRODAFT. Continuously growing since 2012, USTA is one of the first cyber intelligence platforms ever developed. Featuring a unique synergy of threat intelligence, fraud intelligence and brand protection modules; USTA responds directly and effectively to today's complex cyber threats. \nToday, USTA is one of the most widely used threat-intel solutions of critical infrastructures. ", "support": "community", - "currentVersion": "1.0.4", + "currentVersion": "1.0.5", "author": "Murat Ozfidan", "url": "", "email": "", diff --git a/Packs/UltraMSG/Integrations/UltraMSG/UltraMSG.yml b/Packs/UltraMSG/Integrations/UltraMSG/UltraMSG.yml index bd517c07c6d9..2c673cb6e19a 100644 --- a/Packs/UltraMSG/Integrations/UltraMSG/UltraMSG.yml +++ b/Packs/UltraMSG/Integrations/UltraMSG/UltraMSG.yml @@ -3,12 +3,12 @@ commonfields: id: UltraMSG version: -1 configuration: -- additionalinfo: "When creating an instance, you'll get a token Example: ty37deadbeef37xx" +- additionalinfo: 'When creating an instance, you''ll get a token Example: ty37deadbeef37xx' display: Token name: token required: true type: 4 -- additionalinfo: "When creating an instance, you'll get an instance id. Example: instance12345" +- additionalinfo: 'When creating an instance, you''ll get an instance id. Example: instance12345' display: Instance name: instance required: true @@ -27,7 +27,7 @@ script: required: true description: Send WhatsApp Message name: send-whatsapp - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '' subtype: python3 diff --git a/Packs/UltraMSG/ReleaseNotes/1_0_2.md b/Packs/UltraMSG/ReleaseNotes/1_0_2.md new file mode 100644 index 000000000000..64202eb3c79e --- /dev/null +++ b/Packs/UltraMSG/ReleaseNotes/1_0_2.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### UltraMSG + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/UltraMSG/pack_metadata.json b/Packs/UltraMSG/pack_metadata.json index 6f599e1fda80..8edbaee373da 100644 --- a/Packs/UltraMSG/pack_metadata.json +++ b/Packs/UltraMSG/pack_metadata.json @@ -2,12 +2,14 @@ "name": "UltraMSG", "description": "UltraMSG Integration.\nSend Whatsapp to Single Person Or Groups.\n", "support": "community", - "currentVersion": "1.0.1", + "currentVersion": "1.0.2", "author": "Bar Halifa-Levi Trustnet", "url": "", "email": "", "created": "2022-09-11T07:10:34Z", - "categories": ["Utilities"], + "categories": [ + "Utilities" + ], "tags": [], "useCases": [], "keywords": [], @@ -18,4 +20,4 @@ "githubUser": [ "BarHalifa" ] -} +} \ No newline at end of file diff --git a/Packs/UnisysStealth/Integrations/UnisysStealth/UnisysStealth.yml b/Packs/UnisysStealth/Integrations/UnisysStealth/UnisysStealth.yml index fddcf5236b09..79528b0a5188 100644 --- a/Packs/UnisysStealth/Integrations/UnisysStealth/UnisysStealth.yml +++ b/Packs/UnisysStealth/Integrations/UnisysStealth/UnisysStealth.yml @@ -71,7 +71,7 @@ script: name: user description: This is the command which will un-isolate an endpoint and user from Stealth Network name: stealth-unisolate-machine-and-user - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '' subtype: python3 diff --git a/Packs/UnisysStealth/ReleaseNotes/1_0_4.md b/Packs/UnisysStealth/ReleaseNotes/1_0_4.md new file mode 100644 index 000000000000..3f3ad2657704 --- /dev/null +++ b/Packs/UnisysStealth/ReleaseNotes/1_0_4.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Unisys Stealth + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/UnisysStealth/pack_metadata.json b/Packs/UnisysStealth/pack_metadata.json index 2a522272dc45..fc425cdd6858 100644 --- a/Packs/UnisysStealth/pack_metadata.json +++ b/Packs/UnisysStealth/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Unisys Stealth", "description": "This integration is intended to aid companies in integrating with the Stealth EcoAPI service. Using the included commands, security teams can trigger dynamically isolation of users or endpoints from the rest of the Stealth network.", "support": "community", - "currentVersion": "1.0.3", + "currentVersion": "1.0.4", "author": "Unisys", "url": "", "email": "", diff --git a/Packs/UpdateEntriesBySearch/ReleaseNotes/1_0_4.md b/Packs/UpdateEntriesBySearch/ReleaseNotes/1_0_4.md new file mode 100644 index 000000000000..55aed55b40c2 --- /dev/null +++ b/Packs/UpdateEntriesBySearch/ReleaseNotes/1_0_4.md @@ -0,0 +1,12 @@ + +#### Scripts + +##### MarkAsEvidenceBySearch + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### SetTagsBySearch + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### MarkAsNoteBySearch + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/UpdateEntriesBySearch/Scripts/MarkAsEvidenceBySearch/MarkAsEvidenceBySearch.yml b/Packs/UpdateEntriesBySearch/Scripts/MarkAsEvidenceBySearch/MarkAsEvidenceBySearch.yml index abf720364557..68991a7327d0 100644 --- a/Packs/UpdateEntriesBySearch/Scripts/MarkAsEvidenceBySearch/MarkAsEvidenceBySearch.yml +++ b/Packs/UpdateEntriesBySearch/Scripts/MarkAsEvidenceBySearch/MarkAsEvidenceBySearch.yml @@ -80,17 +80,17 @@ args: - name: case_insensitive auto: PREDEFINED predefined: - - "true" - - "false" + - 'true' + - 'false' description: true if the pattern is matched in case-insensitive, false otherwise - defaultValue: "false" + defaultValue: 'false' - name: dry_run auto: PREDEFINED predefined: - - "true" - - "false" + - 'true' + - 'false' description: true if it only search the entries and doesn't update, false otherwise - defaultValue: "false" + defaultValue: 'false' - name: summary auto: PREDEFINED predefined: @@ -101,7 +101,7 @@ args: defaultValue: basic scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 6.0.0 tests: diff --git a/Packs/UpdateEntriesBySearch/Scripts/MarkAsNoteBySearch/MarkAsNoteBySearch.yml b/Packs/UpdateEntriesBySearch/Scripts/MarkAsNoteBySearch/MarkAsNoteBySearch.yml index 9fda35cfd69c..2ffb55e2eaca 100644 --- a/Packs/UpdateEntriesBySearch/Scripts/MarkAsNoteBySearch/MarkAsNoteBySearch.yml +++ b/Packs/UpdateEntriesBySearch/Scripts/MarkAsNoteBySearch/MarkAsNoteBySearch.yml @@ -14,10 +14,10 @@ args: - name: mark auto: PREDEFINED predefined: - - "true" - - "false" + - 'true' + - 'false' description: false if you un-mark entries as note, otherwise mark entries. - defaultValue: "true" + defaultValue: 'true' - name: filter_categories auto: PREDEFINED predefined: @@ -83,17 +83,17 @@ args: - name: case_insensitive auto: PREDEFINED predefined: - - "true" - - "false" + - 'true' + - 'false' description: true if the pattern is matched in case-insensitive, false otherwise - defaultValue: "false" + defaultValue: 'false' - name: dry_run auto: PREDEFINED predefined: - - "true" - - "false" + - 'true' + - 'false' description: true if it only search the entries and doesn't update, false otherwise - defaultValue: "false" + defaultValue: 'false' - name: summary auto: PREDEFINED predefined: @@ -104,7 +104,7 @@ args: defaultValue: basic scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 6.0.0 tests: diff --git a/Packs/UpdateEntriesBySearch/Scripts/SetTagsBySearch/SetTagsBySearch.yml b/Packs/UpdateEntriesBySearch/Scripts/SetTagsBySearch/SetTagsBySearch.yml index c561d69e1ee4..450c5ef55501 100644 --- a/Packs/UpdateEntriesBySearch/Scripts/SetTagsBySearch/SetTagsBySearch.yml +++ b/Packs/UpdateEntriesBySearch/Scripts/SetTagsBySearch/SetTagsBySearch.yml @@ -3,7 +3,7 @@ commonfields: version: -1 contentitemexportablefields: contentitemfields: - fromServerVersion: "" + fromServerVersion: '' name: SetTagsBySearch script: '' type: python @@ -96,17 +96,17 @@ args: - name: case_insensitive auto: PREDEFINED predefined: - - "true" - - "false" + - 'true' + - 'false' description: true if the pattern is matched in case-insensitive, false otherwise. - defaultValue: "false" + defaultValue: 'false' - name: dry_run auto: PREDEFINED predefined: - - "true" - - "false" + - 'true' + - 'false' description: true if it only search the entries and doesn't update, false otherwise. - defaultValue: "false" + defaultValue: 'false' - name: summary auto: PREDEFINED predefined: @@ -117,7 +117,7 @@ args: defaultValue: basic scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.9.7.24076 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 6.0.0 tests: diff --git a/Packs/UpdateEntriesBySearch/pack_metadata.json b/Packs/UpdateEntriesBySearch/pack_metadata.json index 56fe9206b2df..86ca5721a074 100644 --- a/Packs/UpdateEntriesBySearch/pack_metadata.json +++ b/Packs/UpdateEntriesBySearch/pack_metadata.json @@ -2,12 +2,14 @@ "name": "UpdateEntriesBySearch", "description": "Update WarRoom entries with setting tags, mark as note or mark as evidence by search with a pattern", "support": "community", - "currentVersion": "1.0.3", + "currentVersion": "1.0.4", "author": "Masahiko Inoue", "url": "", "email": "", "created": "2021-02-13T07:03:03Z", - "categories": ["Utilities"], + "categories": [ + "Utilities" + ], "tags": [], "useCases": [], "keywords": [], diff --git a/Packs/Use_Case_Builder/ReleaseNotes/1_0_6.md b/Packs/Use_Case_Builder/ReleaseNotes/1_0_6.md new file mode 100644 index 000000000000..e3b36502a5d6 --- /dev/null +++ b/Packs/Use_Case_Builder/ReleaseNotes/1_0_6.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### UseCaseBuilderMarkdownToHTML + +- Updated the Docker image to: *demisto/bs4-py3:1.0.0.100299*. diff --git a/Packs/Use_Case_Builder/ReleaseNotes/1_0_7.md b/Packs/Use_Case_Builder/ReleaseNotes/1_0_7.md new file mode 100644 index 000000000000..0343154d83ac --- /dev/null +++ b/Packs/Use_Case_Builder/ReleaseNotes/1_0_7.md @@ -0,0 +1,24 @@ + +#### Scripts + +##### UseCaseDevelopmentTimers + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CreateUseCaseStepsList + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### GettingStartedWithXSOAR + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CreateXSOARIncidentFlowList + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### StopUseCaseDevelopmentTimer + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### DeleteAndExcludeIndicators + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### PlaybookAutoGeneratorDynamicSectionMessage + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/Use_Case_Builder/Scripts/CreateUseCaseStepsList/CreateUseCaseStepsList.yml b/Packs/Use_Case_Builder/Scripts/CreateUseCaseStepsList/CreateUseCaseStepsList.yml index 810806325cdc..092f290631a6 100644 --- a/Packs/Use_Case_Builder/Scripts/CreateUseCaseStepsList/CreateUseCaseStepsList.yml +++ b/Packs/Use_Case_Builder/Scripts/CreateUseCaseStepsList/CreateUseCaseStepsList.yml @@ -3,9 +3,9 @@ commonfields: version: -1 contentitemexportablefields: contentitemfields: - fromServerVersion: "" + fromServerVersion: '' comment: '' -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: CreateUseCaseStepsList runas: DBotWeakRole diff --git a/Packs/Use_Case_Builder/Scripts/CreateXSOARIncidentFlowList/CreateXSOARIncidentFlowList.yml b/Packs/Use_Case_Builder/Scripts/CreateXSOARIncidentFlowList/CreateXSOARIncidentFlowList.yml index 039b8f0b4a14..1b532f3b7e07 100644 --- a/Packs/Use_Case_Builder/Scripts/CreateXSOARIncidentFlowList/CreateXSOARIncidentFlowList.yml +++ b/Packs/Use_Case_Builder/Scripts/CreateXSOARIncidentFlowList/CreateXSOARIncidentFlowList.yml @@ -3,9 +3,9 @@ commonfields: version: -1 contentitemexportablefields: contentitemfields: - fromServerVersion: "" + fromServerVersion: '' comment: '' -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: CreateXSOARIncidentFlowList runas: DBotWeakRole diff --git a/Packs/Use_Case_Builder/Scripts/DeleteAndExcludeIndicators/DeleteAndExcludeIndicators.yml b/Packs/Use_Case_Builder/Scripts/DeleteAndExcludeIndicators/DeleteAndExcludeIndicators.yml index db1a5ec0b1b9..7591212d23dc 100644 --- a/Packs/Use_Case_Builder/Scripts/DeleteAndExcludeIndicators/DeleteAndExcludeIndicators.yml +++ b/Packs/Use_Case_Builder/Scripts/DeleteAndExcludeIndicators/DeleteAndExcludeIndicators.yml @@ -6,7 +6,7 @@ args: commonfields: id: DeleteAndExcludeIndicators version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true comment: '' name: DeleteAndExcludeIndicators diff --git a/Packs/Use_Case_Builder/Scripts/GettingStartedWithXSOAR/GettingStartedWithXSOAR.yml b/Packs/Use_Case_Builder/Scripts/GettingStartedWithXSOAR/GettingStartedWithXSOAR.yml index dac0787bb253..1b1f0d3c7332 100644 --- a/Packs/Use_Case_Builder/Scripts/GettingStartedWithXSOAR/GettingStartedWithXSOAR.yml +++ b/Packs/Use_Case_Builder/Scripts/GettingStartedWithXSOAR/GettingStartedWithXSOAR.yml @@ -3,9 +3,9 @@ commonfields: version: -1 contentitemexportablefields: contentitemfields: - fromServerVersion: "" + fromServerVersion: '' comment: '' -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: GettingStartedWithXSOAR runas: DBotWeakRole diff --git a/Packs/Use_Case_Builder/Scripts/PlaybookAutoGeneratorDynamicSectionMessage/PlaybookAutoGeneratorDynamicSectionMessage.yml b/Packs/Use_Case_Builder/Scripts/PlaybookAutoGeneratorDynamicSectionMessage/PlaybookAutoGeneratorDynamicSectionMessage.yml index 3b6db5859e97..9d224eb3808e 100644 --- a/Packs/Use_Case_Builder/Scripts/PlaybookAutoGeneratorDynamicSectionMessage/PlaybookAutoGeneratorDynamicSectionMessage.yml +++ b/Packs/Use_Case_Builder/Scripts/PlaybookAutoGeneratorDynamicSectionMessage/PlaybookAutoGeneratorDynamicSectionMessage.yml @@ -3,9 +3,9 @@ commonfields: version: -1 contentitemexportablefields: contentitemfields: - fromServerVersion: "" + fromServerVersion: '' comment: '' -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: PlaybookAutoGeneratorDynamicSectionMessage runas: DBotWeakRole diff --git a/Packs/Use_Case_Builder/Scripts/StopUseCaseDevelopmentTimer/StopUseCaseDevelopmentTimer.yml b/Packs/Use_Case_Builder/Scripts/StopUseCaseDevelopmentTimer/StopUseCaseDevelopmentTimer.yml index 5a762a330564..d52fa4ed3f11 100644 --- a/Packs/Use_Case_Builder/Scripts/StopUseCaseDevelopmentTimer/StopUseCaseDevelopmentTimer.yml +++ b/Packs/Use_Case_Builder/Scripts/StopUseCaseDevelopmentTimer/StopUseCaseDevelopmentTimer.yml @@ -2,7 +2,7 @@ commonfields: id: StopUseCaseDevelopmentTimer version: -1 comment: '' -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: StopUseCaseDevelopmentTimer runas: DBotWeakRole diff --git a/Packs/Use_Case_Builder/Scripts/UseCaseBuilderMarkdownToHTML/UseCaseBuilderMarkdownToHTML.yml b/Packs/Use_Case_Builder/Scripts/UseCaseBuilderMarkdownToHTML/UseCaseBuilderMarkdownToHTML.yml index f6e44d3c79f8..94d419a60e89 100644 --- a/Packs/Use_Case_Builder/Scripts/UseCaseBuilderMarkdownToHTML/UseCaseBuilderMarkdownToHTML.yml +++ b/Packs/Use_Case_Builder/Scripts/UseCaseBuilderMarkdownToHTML/UseCaseBuilderMarkdownToHTML.yml @@ -3,24 +3,24 @@ args: name: text required: true - auto: PREDEFINED - defaultValue: "True" + defaultValue: 'True' description: If True - The markdown text will be converted to HTML without a Full HTML structure. name: convertOnlyMarkdown predefined: - - "True" - - "False" + - 'True' + - 'False' - auto: PREDEFINED - defaultValue: "False" + defaultValue: 'False' description: If True - The resulted HTML will be nicely formatted as a Unicode string, with a separate line for each tag and each string. name: prettifyHTML predefined: - - "True" - - "False" + - 'True' + - 'False' comment: Converts Markdown to HTML. commonfields: id: UseCaseBuilderMarkdownToHTML version: -1 -dockerimage: demisto/bs4-py3:1.0.0.63660 +dockerimage: demisto/bs4-py3:1.0.0.100299 enabled: true name: UseCaseBuilderMarkdownToHTML outputs: diff --git a/Packs/Use_Case_Builder/Scripts/UseCaseDevelopmentTimers/UseCaseDevelopmentTimers.yml b/Packs/Use_Case_Builder/Scripts/UseCaseDevelopmentTimers/UseCaseDevelopmentTimers.yml index a181aec7439f..3c6f35cc75b6 100644 --- a/Packs/Use_Case_Builder/Scripts/UseCaseDevelopmentTimers/UseCaseDevelopmentTimers.yml +++ b/Packs/Use_Case_Builder/Scripts/UseCaseDevelopmentTimers/UseCaseDevelopmentTimers.yml @@ -2,7 +2,7 @@ commonfields: id: UseCaseDevelopmentTimers version: -1 comment: '' -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: UseCaseDevelopmentTimers runas: DBotWeakRole diff --git a/Packs/Use_Case_Builder/pack_metadata.json b/Packs/Use_Case_Builder/pack_metadata.json index 66b95a738d69..aaa5a7f34c2e 100644 --- a/Packs/Use_Case_Builder/pack_metadata.json +++ b/Packs/Use_Case_Builder/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Use Case Builder", "description": "To streamline the Use Case Design process and provide tools to help you get into production faster!", "support": "community", - "currentVersion": "1.0.5", + "currentVersion": "1.0.7", "author": "Joe Cosgrove", "url": "https://www.paloaltonetworks.com/cortex", "email": "jcosgrove@paloaltonetworks.com", diff --git a/Packs/VerifyIPv4Indicator/ReleaseNotes/1_0_3.md b/Packs/VerifyIPv4Indicator/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..8ce97793d561 --- /dev/null +++ b/Packs/VerifyIPv4Indicator/ReleaseNotes/1_0_3.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### VerifyIPv4Indicator + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/VerifyIPv4Indicator/Scripts/VerifyIPv4Indicator/VerifyIPv4Indicator.yml b/Packs/VerifyIPv4Indicator/Scripts/VerifyIPv4Indicator/VerifyIPv4Indicator.yml index 290d956affbd..5f8a71f3741a 100644 --- a/Packs/VerifyIPv4Indicator/Scripts/VerifyIPv4Indicator/VerifyIPv4Indicator.yml +++ b/Packs/VerifyIPv4Indicator/Scripts/VerifyIPv4Indicator/VerifyIPv4Indicator.yml @@ -1,9 +1,9 @@ args: - default: true - description: 'The IPv4 to vriefy.' + description: The IPv4 to vriefy. isArray: true name: input -comment: 'Verify that the address is a valid IPv4 address.' +comment: Verify that the address is a valid IPv4 address. commonfields: id: VerifyIPv4Indicator version: -1 @@ -15,7 +15,7 @@ tags: timeout: '0' type: python subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 fromversion: 5.5.0 tests: - No test diff --git a/Packs/VerifyIPv4Indicator/pack_metadata.json b/Packs/VerifyIPv4Indicator/pack_metadata.json index 58e68c1a65b6..cc24b60a3340 100644 --- a/Packs/VerifyIPv4Indicator/pack_metadata.json +++ b/Packs/VerifyIPv4Indicator/pack_metadata.json @@ -2,11 +2,13 @@ "name": "VerifyIPv4Indicator", "description": "Script to verify if the input or list of inputs is IPv4 address.", "support": "community", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", - "categories": ["Utilities"], + "categories": [ + "Utilities" + ], "tags": [], "useCases": [], "keywords": [], diff --git a/Packs/Viper/Integrations/Viper/Viper.yml b/Packs/Viper/Integrations/Viper/Viper.yml index c65c568461fa..56b69c5291fa 100644 --- a/Packs/Viper/Integrations/Viper/Viper.yml +++ b/Packs/Viper/Integrations/Viper/Viper.yml @@ -41,7 +41,7 @@ script: required: true description: Search for sample with file hash name: viper-search - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '' subtype: python3 diff --git a/Packs/Viper/ReleaseNotes/1_0_4.md b/Packs/Viper/ReleaseNotes/1_0_4.md new file mode 100644 index 000000000000..54d3cb9a9bfc --- /dev/null +++ b/Packs/Viper/ReleaseNotes/1_0_4.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Viper + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/Viper/pack_metadata.json b/Packs/Viper/pack_metadata.json index af171fe24832..fd319cf831f8 100644 --- a/Packs/Viper/pack_metadata.json +++ b/Packs/Viper/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Viper", "description": "Viper is a binary analysis and management framework. The integration provides the capabilities to search in the framework und to download samples.", "support": "community", - "currentVersion": "1.0.3", + "currentVersion": "1.0.4", "author": "DACHSER SE", "url": "", "email": "", @@ -10,7 +10,9 @@ "categories": [ "Forensics & Malware Analysis" ], - "tags": ["Forensics"], + "tags": [ + "Forensics" + ], "useCases": [], "keywords": [], "marketplaces": [ diff --git a/Packs/WebScraper/ReleaseNotes/1_0_1.md b/Packs/WebScraper/ReleaseNotes/1_0_1.md new file mode 100644 index 000000000000..d93039125d5c --- /dev/null +++ b/Packs/WebScraper/ReleaseNotes/1_0_1.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### WebScraper + +- Updated the Docker image to: *demisto/bs4-py3:1.0.0.100299*. diff --git a/Packs/WebScraper/Scripts/WebScraper/WebScraper.yml b/Packs/WebScraper/Scripts/WebScraper/WebScraper.yml index 71cd93261f20..6fea0df77ccb 100644 --- a/Packs/WebScraper/Scripts/WebScraper/WebScraper.yml +++ b/Packs/WebScraper/Scripts/WebScraper/WebScraper.yml @@ -31,7 +31,7 @@ tags: - '' timeout: '0' type: python -dockerimage: demisto/bs4-py3:1.0.0.24176 -fromversion: '6.0.0' +dockerimage: demisto/bs4-py3:1.0.0.100299 +fromversion: 6.0.0 tests: - No tests diff --git a/Packs/WebScraper/pack_metadata.json b/Packs/WebScraper/pack_metadata.json index fad6a658431d..bdde02ad7ea9 100644 --- a/Packs/WebScraper/pack_metadata.json +++ b/Packs/WebScraper/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Web Scraper", "description": "Web Scrap websites and html pages matching a navigation tree.", "support": "community", - "currentVersion": "1.0.0", + "currentVersion": "1.0.1", "author": "Ayman Mahmoud", "url": "", "email": "amahmoud@paloaltonetworks.com", diff --git a/Packs/WolkenITSM/Integrations/WolkenITSM/WolkenITSM.yml b/Packs/WolkenITSM/Integrations/WolkenITSM/WolkenITSM.yml index 87ff21cefb59..aa5f95790805 100644 --- a/Packs/WolkenITSM/Integrations/WolkenITSM/WolkenITSM.yml +++ b/Packs/WolkenITSM/Integrations/WolkenITSM/WolkenITSM.yml @@ -53,10 +53,10 @@ script: name: wolken-add-internal-notes outputs: - contextPath: Wolken.UpdateIncidents.status - description: "" + description: '' type: String - contextPath: Wolken.UpdateIncidents.message - description: "" + description: '' type: String - arguments: - description: Pass Subject of the Incident @@ -109,32 +109,32 @@ script: name: wolken-create-incident-requestv1 outputs: - contextPath: Wolken.CreateIncidents.status - description: "" + description: '' type: String - contextPath: Wolken.CreateIncidents.message - description: "" + description: '' type: String - contextPath: Wolken.CreateIncidents.data.requestId - description: "" + description: '' type: String - arguments: [] description: Use to get access token and save it in integration context . Refresh Token saved in integration context will be used to create new access token after expiration. name: wolken-get-access-token outputs: - contextPath: Wolken.Token.access_token - description: "" + description: '' type: String - contextPath: Wolken.Token.token_type - description: "" + description: '' type: String - contextPath: Wolken.Token.refresh_token - description: "" + description: '' type: String - contextPath: Wolken.Token.expires_in - description: "" + description: '' type: Number - contextPath: Wolken.Token.scope - description: "" + description: '' type: String - arguments: - description: Pass Incident Id required for searching @@ -144,7 +144,7 @@ script: name: wolken-get-incident-by-id outputs: - contextPath: Wolken.GetIncidents.status - description: "" + description: '' type: String - arguments: - description: Pass Incident Id @@ -160,10 +160,10 @@ script: name: wolken-post-api-v1-incidents-add-attachments outputs: - contextPath: Wolken.UpdateIncidents.status - description: "" + description: '' type: String - contextPath: Wolken.UpdateIncidents.message - description: "" + description: '' type: String - arguments: - description: pass incidentId @@ -176,10 +176,10 @@ script: name: wolken-post-api-v1-incidents-add-outbound-notes outputs: - contextPath: Wolken.UpdateIncidents.status - description: "" + description: '' type: String - contextPath: Wolken.UpdateIncidents.message - description: "" + description: '' type: String - arguments: - description: Pass Incident Id @@ -198,10 +198,10 @@ script: name: wolken-post-api-v1-incidents-by-incident-id outputs: - contextPath: Wolken.UpdateIncidents.status - description: "" + description: '' type: String - contextPath: Wolken.UpdateIncidents.message - description: "" + description: '' type: String - arguments: - description: Pass Incident Id @@ -229,10 +229,10 @@ script: name: wolken-post-api-v1-incidents-close outputs: - contextPath: Wolken.UpdateIncidents.status - description: "" + description: '' type: String - contextPath: Wolken.UpdateIncidents.message - description: "" + description: '' type: String - arguments: - description: Pass Incident Id @@ -245,10 +245,10 @@ script: name: wolken-put-api-v1-incidents-cancel outputs: - contextPath: Wolken.UpdateIncidents.status - description: "" + description: '' type: String - contextPath: Wolken.UpdateIncidents.message - description: "" + description: '' type: String - arguments: - description: Pass limit @@ -291,9 +291,9 @@ script: name: wolken-search-incidents-by-params outputs: - contextPath: Wolken.GetIncidents.status - description: "" + description: '' type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '' subtype: python3 diff --git a/Packs/WolkenITSM/ReleaseNotes/1_0_2.md b/Packs/WolkenITSM/ReleaseNotes/1_0_2.md new file mode 100644 index 000000000000..56f808d8b253 --- /dev/null +++ b/Packs/WolkenITSM/ReleaseNotes/1_0_2.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Wolken ITSM + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/WolkenITSM/pack_metadata.json b/Packs/WolkenITSM/pack_metadata.json index 719b91a42bd8..e08d131cfa34 100644 --- a/Packs/WolkenITSM/pack_metadata.json +++ b/Packs/WolkenITSM/pack_metadata.json @@ -2,12 +2,14 @@ "name": "Wolken ITSM", "description": "Use The Wolken IT Service Management (ITSM) solution to modernize the way you manage and deliver services to your users.This is case management. Cortex XSOAR interfaces with Wolken ITSM to help streamline security-related service management and IT operations.", "support": "community", - "currentVersion": "1.0.1", + "currentVersion": "1.0.2", "author": "Shubham Agarwal", "url": "", "email": "", "created": "2022-02-13T11:18:49Z", - "categories": ["Case Management"], + "categories": [ + "Case Management" + ], "tags": [], "useCases": [], "keywords": [], @@ -18,4 +20,4 @@ "xsoar", "marketplacev2" ] -} +} \ No newline at end of file diff --git a/Packs/Wordpress/Integrations/Wordpress/Wordpress.yml b/Packs/Wordpress/Integrations/Wordpress/Wordpress.yml index 292f5998d0f4..2459161b3f42 100644 --- a/Packs/Wordpress/Integrations/Wordpress/Wordpress.yml +++ b/Packs/Wordpress/Integrations/Wordpress/Wordpress.yml @@ -1779,7 +1779,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 fromversion: 6.2.0 tests: - No tests (auto formatted) diff --git a/Packs/Wordpress/ReleaseNotes/1_0_2.md b/Packs/Wordpress/ReleaseNotes/1_0_2.md new file mode 100644 index 000000000000..0f25980b8ada --- /dev/null +++ b/Packs/Wordpress/ReleaseNotes/1_0_2.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Wordpress + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/Wordpress/pack_metadata.json b/Packs/Wordpress/pack_metadata.json index d0299e213b5c..cf24a5b81b13 100644 --- a/Packs/Wordpress/pack_metadata.json +++ b/Packs/Wordpress/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Wordpress", "description": "The WordPress REST API provides an interface for applications to interact with your WordPress site.", "support": "community", - "currentVersion": "1.0.1", + "currentVersion": "1.0.2", "author": "Adam Burt", "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions", "email": "", diff --git a/Packs/XSOARContentUpdateNotifications/ReleaseNotes/1_0_8.md b/Packs/XSOARContentUpdateNotifications/ReleaseNotes/1_0_8.md new file mode 100644 index 000000000000..0bdb5b5bb0d5 --- /dev/null +++ b/Packs/XSOARContentUpdateNotifications/ReleaseNotes/1_0_8.md @@ -0,0 +1,12 @@ + +#### Scripts + +##### GetLatestReleaseNotes + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### CollectPacksData + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### FormatContentData + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/XSOARContentUpdateNotifications/Scripts/CollectPacksData/CollectPacksData.yml b/Packs/XSOARContentUpdateNotifications/Scripts/CollectPacksData/CollectPacksData.yml index 864d8a4c43d0..e30970b09e3e 100644 --- a/Packs/XSOARContentUpdateNotifications/Scripts/CollectPacksData/CollectPacksData.yml +++ b/Packs/XSOARContentUpdateNotifications/Scripts/CollectPacksData/CollectPacksData.yml @@ -9,7 +9,7 @@ tags: [] enabled: true scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 6.0.0 tests: diff --git a/Packs/XSOARContentUpdateNotifications/Scripts/FormatContentData/FormatContentData.yml b/Packs/XSOARContentUpdateNotifications/Scripts/FormatContentData/FormatContentData.yml index fe087488d904..d993392a4d7d 100644 --- a/Packs/XSOARContentUpdateNotifications/Scripts/FormatContentData/FormatContentData.yml +++ b/Packs/XSOARContentUpdateNotifications/Scripts/FormatContentData/FormatContentData.yml @@ -5,7 +5,7 @@ args: commonfields: id: FormatContentData version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: FormatContentData runas: DBotWeakRole diff --git a/Packs/XSOARContentUpdateNotifications/Scripts/GetLatestReleaseNotes/GetLatestReleaseNotes.yml b/Packs/XSOARContentUpdateNotifications/Scripts/GetLatestReleaseNotes/GetLatestReleaseNotes.yml index 8cdd87b1ba6e..fe0142599c16 100644 --- a/Packs/XSOARContentUpdateNotifications/Scripts/GetLatestReleaseNotes/GetLatestReleaseNotes.yml +++ b/Packs/XSOARContentUpdateNotifications/Scripts/GetLatestReleaseNotes/GetLatestReleaseNotes.yml @@ -15,7 +15,7 @@ args: description: The content data path from the context, for example "${ContentData}". scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 runas: DBotWeakRole fromversion: 6.0.0 tests: diff --git a/Packs/XSOARContentUpdateNotifications/pack_metadata.json b/Packs/XSOARContentUpdateNotifications/pack_metadata.json index 60be8ac68354..4dfee27111e6 100644 --- a/Packs/XSOARContentUpdateNotifications/pack_metadata.json +++ b/Packs/XSOARContentUpdateNotifications/pack_metadata.json @@ -2,7 +2,7 @@ "name": "XSOAR Content Update Notifications", "description": "This pack will check for any available content updates for existing packs and send an e-mail or Slack message to users to inform them of the updates.", "support": "community", - "currentVersion": "1.0.7", + "currentVersion": "1.0.8", "author": "Adam Burt and XSOAR Labs", "url": "", "email": "", diff --git a/Packs/XSOARLabUpdates/ReleaseNotes/1_0_3.md b/Packs/XSOARLabUpdates/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..537b97c87b33 --- /dev/null +++ b/Packs/XSOARLabUpdates/ReleaseNotes/1_0_3.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### BuildSlackBlocksFromIndex + +- Updated the Docker image to: *demisto/unzip:1.0.0.100283*. diff --git a/Packs/XSOARLabUpdates/Scripts/BuildSlackBlocksFromIndex/BuildSlackBlocksFromIndex.yml b/Packs/XSOARLabUpdates/Scripts/BuildSlackBlocksFromIndex/BuildSlackBlocksFromIndex.yml index 89cf70f8cdb3..8f29113fc7f2 100644 --- a/Packs/XSOARLabUpdates/Scripts/BuildSlackBlocksFromIndex/BuildSlackBlocksFromIndex.yml +++ b/Packs/XSOARLabUpdates/Scripts/BuildSlackBlocksFromIndex/BuildSlackBlocksFromIndex.yml @@ -5,13 +5,13 @@ args: - description: The last time the message was sent. Typically one week ago. name: last_run_str required: true -comment: |- - Extracts the index.zip and filters new packs since the last run. - Builds the slack message for new packs. +comment: 'Extracts the index.zip and filters new packs since the last run. + + Builds the slack message for new packs.' commonfields: id: BuildSlackBlocksFromIndex version: -1 -dockerimage: demisto/unzip:1.0.0.19258 +dockerimage: demisto/unzip:1.0.0.100283 enabled: true name: BuildSlackBlocksFromIndex outputs: diff --git a/Packs/XSOARLabUpdates/pack_metadata.json b/Packs/XSOARLabUpdates/pack_metadata.json index 2d1cfd32c19d..7d02fa74c0b2 100644 --- a/Packs/XSOARLabUpdates/pack_metadata.json +++ b/Packs/XSOARLabUpdates/pack_metadata.json @@ -2,7 +2,7 @@ "name": "XSOAR Lab Updates", "description": "Manage Cortex XSOAR updates", "support": "community", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "XSOAR Lab", "url": "", "email": "", diff --git a/Packs/XSOAR_EDL_Checker/ReleaseNotes/1_1_1.md b/Packs/XSOAR_EDL_Checker/ReleaseNotes/1_1_1.md new file mode 100644 index 000000000000..638c791c747c --- /dev/null +++ b/Packs/XSOAR_EDL_Checker/ReleaseNotes/1_1_1.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### XSOARAllEDLCheckerAutomation + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/XSOAR_EDL_Checker/Scripts/XSOARAllEDLCheckerAutomation/XSOARAllEDLCheckerAutomation.yml b/Packs/XSOAR_EDL_Checker/Scripts/XSOARAllEDLCheckerAutomation/XSOARAllEDLCheckerAutomation.yml index c722915aac77..a1e1b18ea6f0 100644 --- a/Packs/XSOAR_EDL_Checker/Scripts/XSOARAllEDLCheckerAutomation/XSOARAllEDLCheckerAutomation.yml +++ b/Packs/XSOAR_EDL_Checker/Scripts/XSOARAllEDLCheckerAutomation/XSOARAllEDLCheckerAutomation.yml @@ -5,7 +5,7 @@ commonfields: dependson: must: - XSOAR EDL Checker|||xsoaredlchecker-get-edl -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: XSOARAllEDLCheckerAutomation outputs: diff --git a/Packs/XSOAR_EDL_Checker/pack_metadata.json b/Packs/XSOAR_EDL_Checker/pack_metadata.json index cdfd028159fd..2b1050707484 100644 --- a/Packs/XSOAR_EDL_Checker/pack_metadata.json +++ b/Packs/XSOAR_EDL_Checker/pack_metadata.json @@ -2,7 +2,7 @@ "name": "XSOAR EDL Checker", "description": "Checks EDLs hosted by the XSOAR server to ensure they are functioning.", "support": "community", - "currentVersion": "1.1.0", + "currentVersion": "1.1.1", "author": "Mike Beauchamp", "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions", "email": "", diff --git a/Packs/XsoarWebserver/ReleaseNotes/1_0_3.md b/Packs/XsoarWebserver/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..0222e2feedeb --- /dev/null +++ b/Packs/XsoarWebserver/ReleaseNotes/1_0_3.md @@ -0,0 +1,12 @@ + +#### Scripts + +##### xsoar-ws-poll-status + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### xsoar-ws-parse-context + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. +##### EmailSLABreach + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/XsoarWebserver/Scripts/EmailSLABreach/EmailSLABreach.yml b/Packs/XsoarWebserver/Scripts/EmailSLABreach/EmailSLABreach.yml index 102420a847b2..2227d7fecf92 100644 --- a/Packs/XsoarWebserver/Scripts/EmailSLABreach/EmailSLABreach.yml +++ b/Packs/XsoarWebserver/Scripts/EmailSLABreach/EmailSLABreach.yml @@ -4,7 +4,7 @@ commonfields: version: -1 contentitemexportablefields: contentitemfields: {} -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: EmailSLABreach runas: DBotWeakRole diff --git a/Packs/XsoarWebserver/Scripts/XsoarWsParseContext/XsoarWsParseContext.yml b/Packs/XsoarWebserver/Scripts/XsoarWsParseContext/XsoarWsParseContext.yml index 1f97727581fc..c45c174c674b 100644 --- a/Packs/XsoarWebserver/Scripts/XsoarWsParseContext/XsoarWsParseContext.yml +++ b/Packs/XsoarWebserver/Scripts/XsoarWsParseContext/XsoarWsParseContext.yml @@ -14,7 +14,7 @@ commonfields: version: -1 contentitemexportablefields: contentitemfields: {} -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: xsoar-ws-parse-context runas: DBotWeakRole diff --git a/Packs/XsoarWebserver/Scripts/XsoarWsPollStatus/XsoarWsPollStatus.yml b/Packs/XsoarWebserver/Scripts/XsoarWsPollStatus/XsoarWsPollStatus.yml index f469bfde44f9..1c8e117db424 100644 --- a/Packs/XsoarWebserver/Scripts/XsoarWsPollStatus/XsoarWsPollStatus.yml +++ b/Packs/XsoarWebserver/Scripts/XsoarWsPollStatus/XsoarWsPollStatus.yml @@ -2,19 +2,19 @@ args: - description: webserver action uuid name: uuid required: true -- defaultValue: "30" +- defaultValue: '30' description: Time between 2 polls name: timebetweenruns -comment: |- - Companion automation to XSOAR-Web-Server that polls a certain UUID for user response. - The automation returns a scheduledcommand if the user has not responded to the action url +comment: 'Companion automation to XSOAR-Web-Server that polls a certain UUID for user response. + + The automation returns a scheduledcommand if the user has not responded to the action url' commonfields: id: xsoar-ws-poll-status version: -1 contentitemexportablefields: contentitemfields: - fromServerVersion: "" -dockerimage: demisto/python3:3.10.12.63474 + fromServerVersion: '' +dockerimage: demisto/python3:3.10.14.100715 enabled: true name: xsoar-ws-poll-status outputs: diff --git a/Packs/XsoarWebserver/pack_metadata.json b/Packs/XsoarWebserver/pack_metadata.json index b3c54117f8b3..0597af77393f 100644 --- a/Packs/XsoarWebserver/pack_metadata.json +++ b/Packs/XsoarWebserver/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Xsoar-web-server", "description": "Contains a minimal webserver and an automation that can be used to generate predictable URLs that can be inserted into emails and the responses can be tracked. Also contains a test playbook meant to be a POC.", "support": "community", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "Arun Narayanan", "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions", "email": "", diff --git a/Packs/Xsoar_Utils/Integrations/XsoarUtils/XsoarUtils.yml b/Packs/Xsoar_Utils/Integrations/XsoarUtils/XsoarUtils.yml index fc6731d53869..e27b08834413 100644 --- a/Packs/Xsoar_Utils/Integrations/XsoarUtils/XsoarUtils.yml +++ b/Packs/Xsoar_Utils/Integrations/XsoarUtils/XsoarUtils.yml @@ -16,20 +16,23 @@ configuration: required: true type: 0 - additionalinfo: Check this to ignore certificate signature - defaultvalue: "false" + defaultvalue: 'false' display: Trust any certificate (not secure) name: insecure type: 8 required: false -description: |- - This is a wrapper on top of XSOAR API. Can be used to implement commands that call the XSOAR API in the background. This is mostly to avoid constructing raw json strings while calling the demisto rest api integration. +description: 'This is a wrapper on top of XSOAR API. Can be used to implement commands that call the XSOAR API in the background. This is mostly to avoid constructing raw json strings while calling the demisto rest api integration. + The first implemented command can be used to create an entry on any investigation; playground by default. An example use-case could be debugging a pre-process script. (Call demisto.execute_command("xsoar-create-entry",{arguments}) + The idea is to use the same code to test from a local machine. - python3 Xsoar_Utils.py xsoar-create-entry '{"data":"# testapi4","inv_id":"122c7bff-feae-4177-867e-37e2096cd7d9"}' - Read the code to understand more. + python3 Xsoar_Utils.py xsoar-create-entry ''{"data":"# testapi4","inv_id":"122c7bff-feae-4177-867e-37e2096cd7d9"}'' + + + Read the code to understand more.' display: Xsoar_Utils name: Xsoar_Utils script: @@ -41,7 +44,7 @@ script: name: inv_id description: Creates an entry into an investigation warroom or by default on the playground. name: xsoar-create-entry - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.14.100715 runonce: false script: '' subtype: python3 diff --git a/Packs/Xsoar_Utils/ReleaseNotes/1_0_2.md b/Packs/Xsoar_Utils/ReleaseNotes/1_0_2.md new file mode 100644 index 000000000000..b1057bc11ed0 --- /dev/null +++ b/Packs/Xsoar_Utils/ReleaseNotes/1_0_2.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Xsoar_Utils + +- Updated the Docker image to: *demisto/python3:3.10.14.100715*. diff --git a/Packs/Xsoar_Utils/pack_metadata.json b/Packs/Xsoar_Utils/pack_metadata.json index d11e17e27284..4819d6d3910b 100644 --- a/Packs/Xsoar_Utils/pack_metadata.json +++ b/Packs/Xsoar_Utils/pack_metadata.json @@ -2,12 +2,14 @@ "name": "Xsoar_Utils", "description": "This is a wrapper on top of XSOAR API. Can be used to implement commands that call the XSOAR API in the background.", "support": "community", - "currentVersion": "1.0.1", + "currentVersion": "1.0.2", "author": "Arun Narayanan", "url": "", "email": "", "created": "2022-01-19T09:04:15Z", - "categories": ["Utilities"], + "categories": [ + "Utilities" + ], "tags": [], "useCases": [], "keywords": [], @@ -18,4 +20,4 @@ "xsoar", "marketplacev2" ] -} +} \ No newline at end of file diff --git a/Packs/Zimperium/Integrations/ZimperiumV2/README.md b/Packs/Zimperium/Integrations/ZimperiumV2/README.md index d5094e997e1b..f7c6f53f1ef5 100644 --- a/Packs/Zimperium/Integrations/ZimperiumV2/README.md +++ b/Packs/Zimperium/Integrations/ZimperiumV2/README.md @@ -51,6 +51,7 @@ Search users. Only a user created as a "Team admin" is authorized to perform thi | page | Page number. Default is 0. | Optional | | limit | Number of total results to return. Default is 50. | Optional | | team_id | Used to filter the user data by the team the user belongs to. | Optional | +| email | The email of the user to search. | Optional | #### Context Output diff --git a/Packs/Zimperium/Integrations/ZimperiumV2/ZimperiumV2.py b/Packs/Zimperium/Integrations/ZimperiumV2/ZimperiumV2.py index ddb6b2908561..2a2a34f4ef8e 100644 --- a/Packs/Zimperium/Integrations/ZimperiumV2/ZimperiumV2.py +++ b/Packs/Zimperium/Integrations/ZimperiumV2/ZimperiumV2.py @@ -38,7 +38,7 @@ def auth(self, client_id: str, client_secret: str): return access_token def users_search(self, size: Optional[int], page: Optional[int], team_id: Optional[str] = None, - user_id: Optional[str] = None): + user_id: Optional[str] = None, email: Optional[str] = None): """Search users by sending a GET request. Args: @@ -46,6 +46,7 @@ def users_search(self, size: Optional[int], page: Optional[int], team_id: Option page: response page. user_id: the id of the user to search. team_id: the id of the team filter by. + email: the email of the user to search. Returns: Response from API. @@ -56,9 +57,21 @@ def users_search(self, size: Optional[int], page: Optional[int], team_id: Option 'teamId': team_id, }) - return self._http_request(method='GET', url_suffix=f'auth/public/v1/users/{user_id if user_id else ""}', - headers=self._headers, - params=params) + if not email: + return self._http_request(method='GET', url_suffix=f'auth/public/v1/users/{user_id if user_id else ""}', + headers=self._headers, + params=params) + + res = self._http_request(method='GET', url_suffix='auth/public/v1/users', + headers=self._headers, + params=params) + + users = [] + for user in res.get('content'): + if user.get('email') == email or user.get('id') == user_id: + users.append(user) + + return users def device_search(self, size: Optional[int], page: Optional[int], device_id: Optional[str]): """Search devices by sending a GET request. @@ -389,11 +402,11 @@ def users_search_command(client: Client, args: dict) -> CommandResults: limit = arg_to_number(args.get('limit', '50')) team_id = args.get('team_id') user_id = args.get('user_id') + email = args.get('email') size = page_size if page_size else limit - response = client.users_search(size=size, page=page, team_id=team_id, user_id=user_id) - - content = response.get('content') if not user_id else response + response = client.users_search(size=size, page=page, team_id=team_id, user_id=user_id, email=email) + content = response.get('content') if (not user_id and not email) else response hr = tableToMarkdown(name='Users Search Results', t=content, headers=['id', 'firstName', 'lastName', 'email', 'created', 'role', 'teams'], diff --git a/Packs/Zimperium/Integrations/ZimperiumV2/ZimperiumV2.yml b/Packs/Zimperium/Integrations/ZimperiumV2/ZimperiumV2.yml index 188d24c3a545..4e610dfbf17f 100644 --- a/Packs/Zimperium/Integrations/ZimperiumV2/ZimperiumV2.yml +++ b/Packs/Zimperium/Integrations/ZimperiumV2/ZimperiumV2.yml @@ -76,6 +76,8 @@ script: name: limit - description: Used to filter the user data by the Team the user belongs to. name: team_id + - description: The email of the user to search. + name: email description: Search users. Only a user created as a "Team admin" is authorized to perform this request. Also, it will only get information about the teams that this user is associated with. Users that are not part of any team (such as account admin) won’t appear in the response. name: zimperium-users-search outputs: @@ -1342,7 +1344,7 @@ script: - contextPath: Zimperium.PolicyDeviceInactivity.teamId description: The team ID for the policy device inactivity. type: String - dockerimage: demisto/python3:3.10.13.90168 + dockerimage: demisto/python3:3.10.14.99865 isfetch: true runonce: false script: '-' diff --git a/Packs/Zimperium/Integrations/ZimperiumV2/ZimperiumV2_test.py b/Packs/Zimperium/Integrations/ZimperiumV2/ZimperiumV2_test.py index ac94f808a0a1..5bfc16e2ffc7 100644 --- a/Packs/Zimperium/Integrations/ZimperiumV2/ZimperiumV2_test.py +++ b/Packs/Zimperium/Integrations/ZimperiumV2/ZimperiumV2_test.py @@ -42,6 +42,25 @@ def test_users_search_command(client, requests_mock): assert results.outputs.get('id') == '01' +def test_users_search_by_email_command(client, requests_mock): + """ + When: Running zimperium-users-search + Given: team_id and user_id + Then: validate the command result returned. + """ + args = {'team_id': '3', 'email': 'user1@email.com'} + mock_response_users_search = util_load_json( + './test_data/users_search_by_email.json') + + requests_mock.get(f'{SERVER_URL}/auth/public/v1/users', json=mock_response_users_search) + results = users_search_command(client=client, args=args) + + assert results.outputs_prefix == 'Zimperium.User' + assert results.outputs_key_field == 'id' + assert results.raw_response == mock_response_users_search['content'] + assert results.outputs[0].get('id') == '01' + + def test_devices_search_command(client, requests_mock): """ When: running zimperium-devices-search diff --git a/Packs/Zimperium/Integrations/ZimperiumV2/test_data/users_search_by_email.json b/Packs/Zimperium/Integrations/ZimperiumV2/test_data/users_search_by_email.json new file mode 100644 index 000000000000..30623bda8643 --- /dev/null +++ b/Packs/Zimperium/Integrations/ZimperiumV2/test_data/users_search_by_email.json @@ -0,0 +1,25 @@ +{"content":[{ + "languagePreference": null, + "modified": "2024-01-21T11:02:08.789+00:00", + "notificationEmail": "user1@email.com", + "phone": null, + "middleName": null, + "lastLogin": null, + "email": "user1@email.com", + "created": "2024-01-21T11:02:08.789+00:00", + "lastName": "user1", + "firstName": "user1", + "validated": false, + "teams": [ + { + "name": "Default", + "id": "3" + } + ], + "role": { + "scopeBounds": "TEAM_BOUNDED", + "name": "Team Admin", + "id": "d3" + }, + "id": "01" +}]} \ No newline at end of file diff --git a/Packs/Zimperium/ReleaseNotes/2_0_4.md b/Packs/Zimperium/ReleaseNotes/2_0_4.md new file mode 100644 index 000000000000..132c073bff77 --- /dev/null +++ b/Packs/Zimperium/ReleaseNotes/2_0_4.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### Zimperium v2 +- Updated the Docker image to: *demisto/python3:3.10.14.99865*. +- Added the *email* argument to the ***zimperium-users-search*** command. + diff --git a/Packs/Zimperium/TestPlaybooks/Zimperiumv2-TestPlaybook.yml b/Packs/Zimperium/TestPlaybooks/Zimperiumv2-TestPlaybook.yml index e7f7e118561f..187849f37e91 100644 --- a/Packs/Zimperium/TestPlaybooks/Zimperiumv2-TestPlaybook.yml +++ b/Packs/Zimperium/TestPlaybooks/Zimperiumv2-TestPlaybook.yml @@ -2211,52 +2211,54 @@ tasks: conditions: - label: "yes" condition: - - - operator: isNotEmpty + - - operator: isExists left: value: simple: Zimperium.Vulnerability.id iscontext: true - - - operator: isNotEmpty + right: + value: {} + - - operator: isExists left: value: simple: Zimperium.Vulnerability.blueBorneVulnerable iscontext: true - - - operator: isNotEmpty + - - operator: isExists left: value: simple: Zimperium.Vulnerability.cveCount iscontext: true - - - operator: isNotEmpty + - - operator: isExists left: value: simple: Zimperium.Vulnerability.lastCveSync iscontext: true - - - operator: isNotEmpty + - - operator: isExists left: value: simple: Zimperium.Vulnerability.os iscontext: true - - - operator: isNotEmpty + - - operator: isExists left: value: simple: Zimperium.Vulnerability.osPatchDate iscontext: true - - - operator: isNotEmpty + - - operator: isExists left: value: simple: Zimperium.Vulnerability.osRiskChecksum iscontext: true - - - operator: isNotEmpty + - - operator: isExists left: value: simple: Zimperium.Vulnerability.osVersion iscontext: true - - - operator: isNotEmpty + - - operator: isExists left: value: simple: Zimperium.Vulnerability.osVersionAndPatchDate iscontext: true - - - operator: isNotEmpty + - - operator: isExists left: value: simple: Zimperium.Vulnerability.risk @@ -2266,7 +2268,7 @@ tasks: { "position": { "x": 50, - "y": 3345 + "y": 3350 } } note: false diff --git a/Packs/Zimperium/pack_metadata.json b/Packs/Zimperium/pack_metadata.json index 1a2a518477c8..eb03a30b0587 100644 --- a/Packs/Zimperium/pack_metadata.json +++ b/Packs/Zimperium/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Zimperium", "description": "Streamline investigation and remediation of mobile alerts, generated alerts based on anomalous or unauthorized activities using the Zimperium pack.", "support": "xsoar", - "currentVersion": "2.0.3", + "currentVersion": "2.0.4", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/ctf01/ReleaseNotes/1_0_21.md b/Packs/ctf01/ReleaseNotes/1_0_21.md new file mode 100644 index 000000000000..7c0976bb9387 --- /dev/null +++ b/Packs/ctf01/ReleaseNotes/1_0_21.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Cortex XDR - IR CTF + +Updated the CoreIRApiModule with support for custom XSOAR close-reasons in XSOAR-XDR close-reason mapping. diff --git a/Packs/ctf01/pack_metadata.json b/Packs/ctf01/pack_metadata.json index a07445d1bb86..35c18fc22799 100644 --- a/Packs/ctf01/pack_metadata.json +++ b/Packs/ctf01/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Capture The Flag - 01", "description": "XSOAR's Capture the flag (CTF)", "support": "xsoar", - "currentVersion": "1.0.20", + "currentVersion": "1.0.21", "serverMinVersion": "8.2.0", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", diff --git a/Tests/conf.json b/Tests/conf.json index 658c946d822a..fa8b8fd5f60a 100644 --- a/Tests/conf.json +++ b/Tests/conf.json @@ -158,7 +158,7 @@ }, { "playbookID": "Test Playbook - Cortex XDR Malware - Incident Enrichment", - "timeout": 1200, + "timeout": 400, "integrations": "Cortex XDR - IR", "memory_threshold": 120 }, @@ -168,7 +168,7 @@ "Core REST API" ], "playbookID": "Test Playbook - Cortex XDR - Retrieve File by sha256", - "timeout": 1200, + "timeout": 800, "memory_threshold": 200 }, { @@ -2979,7 +2979,7 @@ "Active Directory Query v2", "Cortex XDR - IR" ], - "memory_threshold": 100, + "memory_threshold": 125, "instance_names": "active_directory_80k", "has_api": false }, diff --git a/poetry.lock b/poetry.lock index 25ebc6f6ade9..e4f153bc9e7a 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1273,20 +1273,20 @@ reference = "pypi-public" [[package]] name = "google-cloud-compute" -version = "1.19.0" +version = "1.19.1" description = "Google Cloud Compute API client library" optional = false python-versions = ">=3.7" files = [ - {file = "google-cloud-compute-1.19.0.tar.gz", hash = "sha256:a07b3408b3f77786dcb196669ff3767bc51080718a7c2d3fd779defc8d817b4d"}, - {file = "google_cloud_compute-1.19.0-py2.py3-none-any.whl", hash = "sha256:48d5582dd257fc817113556ab40990ec7a50fb6b2e341bc8a55ef90e2e66501d"}, + {file = "google-cloud-compute-1.19.1.tar.gz", hash = "sha256:6b4a5b86c2cbbcda5dd90f4e338c5103f3e84604ecfb002d4ecb3a0c5d41531b"}, + {file = "google_cloud_compute-1.19.1-py2.py3-none-any.whl", hash = "sha256:9744c6b393a8b41d972e163d2f780a6c24c8bc706d091dfc60a7b6013de49e87"}, ] [package.dependencies] google-api-core = {version = ">=1.34.1,<2.0.dev0 || >=2.11.dev0,<3.0.0dev", extras = ["grpc"]} google-auth = ">=2.14.1,<2.24.0 || >2.24.0,<2.25.0 || >2.25.0,<3.0.0dev" proto-plus = ">=1.22.3,<2.0.0dev" -protobuf = ">=3.19.5,<3.20.0 || >3.20.0,<3.20.1 || >3.20.1,<4.21.0 || >4.21.0,<4.21.1 || >4.21.1,<4.21.2 || >4.21.2,<4.21.3 || >4.21.3,<4.21.4 || >4.21.4,<4.21.5 || >4.21.5,<5.0.0dev" +protobuf = ">=3.20.2,<4.21.0 || >4.21.0,<4.21.1 || >4.21.1,<4.21.2 || >4.21.2,<4.21.3 || >4.21.3,<4.21.4 || >4.21.4,<4.21.5 || >4.21.5,<6.0.0dev" [package.source] type = "legacy" @@ -5307,4 +5307,4 @@ reference = "pypi-public" [metadata] lock-version = "2.0" python-versions = "^3.8,<3.11" -content-hash = "c2a839dc9d312d1f82e74176f71326389d82ce6d77b099d65e3eccf4847c4624" +content-hash = "15123ac8849bceb7b3579f730442fc00dd99278ed4614a81d526059149d88d3d" diff --git a/pyproject.toml b/pyproject.toml index 17fa5ecd537a..e3e9c1133926 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -59,7 +59,7 @@ optional = true [tool.poetry.group.ci.dependencies] google-cloud-bigquery = "^3.2.0" google-cloud-secret-manager = "^2.13.0" -google-cloud-compute = "^1.8.0" +google-cloud-compute = "^1.19.1" blessings = "^1.7" coloredlogs = "^15.0.1" pandas = "^1.3.3"