From 3c3e01426e5ec759b2807d04d9cdba9a303eed79 Mon Sep 17 00:00:00 2001 From: Crest Data Systems <60967033+crestdatasystems@users.noreply.github.com> Date: Thu, 8 Jun 2023 17:25:40 +0530 Subject: [PATCH] Cofense Triage Release 2.1.13 (#27265) * Update .devcontainer.json name * Added cofense-report-attachment-payload-list command * Updated context example in report attachment payload list command * Updated docker images in all YML files * Updated release notes --------- Co-authored-by: crestdatasystems Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> --- Packs/CofenseTriage/.pack-ignore | 5 +- .../CofenseTriagev3/CofenseTriagev3.py | 54 ++++++- .../CofenseTriagev3/CofenseTriagev3.yml | 99 +++++++++++- .../CofenseTriagev3/CofenseTriagev3_test.py | 56 +++++++ .../Integrations/CofenseTriagev3/README.md | 148 ++++++++++++++++++ .../report_attachment_payload_list.md | 5 + ...eport_attachment_payload_list_context.json | 83 ++++++++++ ...port_attachment_payload_list_response.json | 95 +++++++++++ Packs/CofenseTriage/ReleaseNotes/2_1_13.md | 19 +++ .../CofenseTriageReportDownload.yml | 2 +- .../CofenseTriageThreatEnrichment.yml | 2 +- Packs/CofenseTriage/pack_metadata.json | 2 +- 12 files changed, 563 insertions(+), 7 deletions(-) create mode 100644 Packs/CofenseTriage/Integrations/CofenseTriagev3/test_data/report_attachment_payload/report_attachment_payload_list.md create mode 100644 Packs/CofenseTriage/Integrations/CofenseTriagev3/test_data/report_attachment_payload/report_attachment_payload_list_context.json create mode 100644 Packs/CofenseTriage/Integrations/CofenseTriagev3/test_data/report_attachment_payload/report_attachment_payload_list_response.json create mode 100644 Packs/CofenseTriage/ReleaseNotes/2_1_13.md diff --git a/Packs/CofenseTriage/.pack-ignore b/Packs/CofenseTriage/.pack-ignore index 5604a84daf2b..c008a413653a 100644 --- a/Packs/CofenseTriage/.pack-ignore +++ b/Packs/CofenseTriage/.pack-ignore @@ -9,4 +9,7 @@ ignore=RM102 ignore=IM111 [file:CofenseTriage_image.png] -ignore=IM111 \ No newline at end of file +ignore=IM111 + +[known_words] +Cofense \ No newline at end of file diff --git a/Packs/CofenseTriage/Integrations/CofenseTriagev3/CofenseTriagev3.py b/Packs/CofenseTriage/Integrations/CofenseTriagev3/CofenseTriagev3.py index 655ed3f1a2d0..6e381ff50fb9 100644 --- a/Packs/CofenseTriage/Integrations/CofenseTriagev3/CofenseTriagev3.py +++ b/Packs/CofenseTriage/Integrations/CofenseTriagev3/CofenseTriagev3.py @@ -34,7 +34,8 @@ "ATTACHMENT_PAYLOAD": "api/public/v2/attachment_payloads", "COMMENTS": "api/public/v2/comments/", "REPORT_ID": "api/public/v2/reports/{}", - "CLUSTER": "api/public/v2/clusters" + "CLUSTER": "api/public/v2/clusters", + "REPORT_ATTACHMENT_PAYLOAD": "/api/public/v2/reports/{}/attachment_payloads" } OUTPUT_PREFIX = { @@ -1350,6 +1351,54 @@ def cofense_report_image_download_command(client: Client, args: Dict[str, str]) return fileResult(filename, data=raw_response, file_type=entryTypes["image"]) +def cofense_report_attachment_payload_list_command(client: Client, args: Dict[str, str]) -> CommandResults: + """ + Retrieves report attachment payloads based on the filter values provided in the command arguments. + Attachment payloads identify the MIME type and MD5 and SHA256 hash signatures of a reported email attachment. + + :type client: ``Client`` + :param client: Client object to be used. + + :type args: ``Dict[str, str]`` + :param args: The command arguments provided by the user. + + :return: Standard command result. + :rtype: ``CommandResults`` + """ + params = validate_list_attachment_payload_args(args) + report_id = args.get("id") + # Validation for empty report_id + if not report_id: + raise ValueError(MESSAGES["REQUIRED_ARGUMENT"].format("id")) + # Appending the report id to the url_suffix + url_suffix = URL_SUFFIX["REPORT_ATTACHMENT_PAYLOAD"].format(report_id) + + # Sending http request + response = client.http_request(url_suffix, params=params) + + result = response.get("data") + + # Returning if data is empty or not present + if not result: + return CommandResults(readable_output=MESSAGES["NO_RECORDS_FOUND"].format("attachment payloads")) + + if isinstance(result, dict): + result = [result] + + # Creating the Human Readable + hr_response = prepare_hr_for_attachment_payloads(result) + + # Creating the Context data + context_data = remove_empty_elements(result) + + return CommandResults(outputs_prefix=OUTPUT_PREFIX["ATTACHMENT_PAYLOAD"], + outputs_key_field="id", + outputs=context_data, + readable_output=hr_response, + raw_response=response + ) + + def fetch_incidents(client: Client, last_run: dict, params: Dict) -> Tuple[dict, list]: """Fetches incidents from Cofense API. @@ -1983,7 +2032,8 @@ def main() -> None: 'cofense-comment-list': cofense_comment_list_command, 'cofense-cluster-list': cofense_cluster_list_command, 'cofense-threat-indicator-update': cofense_threat_indicator_update_command, - 'cofense-report-image-download': cofense_report_image_download_command + 'cofense-report-image-download': cofense_report_image_download_command, + 'cofense-report-attachment-payload-list': cofense_report_attachment_payload_list_command } command = demisto.command() demisto.debug(f'[CofenseTriagev3] Command being called is {command}') diff --git a/Packs/CofenseTriage/Integrations/CofenseTriagev3/CofenseTriagev3.yml b/Packs/CofenseTriage/Integrations/CofenseTriagev3/CofenseTriagev3.yml index 66ecca5405ab..6d5657627914 100644 --- a/Packs/CofenseTriage/Integrations/CofenseTriagev3/CofenseTriagev3.yml +++ b/Packs/CofenseTriage/Integrations/CofenseTriagev3/CofenseTriagev3.yml @@ -17,12 +17,14 @@ configuration: - additionalinfo: The maximum limit is 200. defaultvalue: '15' display: Maximum number of incidents per fetch + hidden: false name: max_fetch required: false type: 0 - additionalinfo: 'Date or relative timestamp to start fetching incidents from. (Formats accepted: 2 minutes, 2 hours, 2 days, 2 weeks, 2 months, 2 years, yyyy-mm-dd, yyyy-mm-ddTHH:MM:SSZ, etc)' defaultvalue: 3 days display: First fetch time interval + hidden: false name: first_fetch required: false type: 0 @@ -64,6 +66,7 @@ configuration: Supports comma separated values. Note: Categorization tags are associated with the reports which are processed. display: Categorization Tags + hidden: false name: categorization_tags required: false type: 0 @@ -83,14 +86,17 @@ configuration: Format accepted: {"attribute1_operator": "value1, value2", "attribute2_operator" : "value3, value4"} For example: {"updated_at_gt":"2020-10-26T10:48:16.834Z","categorization_tags_any":"test, snow"} display: Advanced Filters + hidden: false name: filter_by required: false type: 12 - display: Use system proxy settings + hidden: false name: proxy required: false type: 8 - display: Trust any certificate (not secure) + hidden: false name: insecure required: false type: 8 @@ -2139,7 +2145,98 @@ script: - contextPath: InfoFile.Extension description: File extension. type: String - dockerimage: demisto/python3:3.10.11.61265 + - arguments: + - default: false + description: 'Specify ID of the report to retrieve the attachment payloads.' + isArray: false + name: id + required: true + secret: false + - default: false + defaultValue: '20' + description: 'Specify the number of attachment payloads to retrieve per page. Note: Possible values are between 1 and 200. ' + isArray: false + name: page_size + required: false + secret: false + - default: false + defaultValue: '1' + description: 'Specify a page number to retrieve the attachment payloads.' + isArray: false + name: page_number + required: false + secret: false + - default: false + description: 'Specify the date and time of creation, from when to retrieve the attachment payloads. Formats accepted: 2 minutes, 2 hours, 2 days, 2 weeks, 2 months, 2 years, yyyy-mm-dd, yyyy-mm-ddTHH:MM:SSZ, etc.' + isArray: false + name: created_at + required: false + secret: false + - default: false + description: 'Specify the date and time of updation, from when to retrieve the attachment payloads. Formats accepted: 2 minutes, 2 hours, 2 days, 2 weeks, 2 months, 2 years, yyyy-mm-dd, yyyy-mm-ddTHH:MM:SSZ, etc.' + isArray: false + name: updated_at + required: false + secret: false + deprecated: false + description: |- + Retrieves attachment payloads based on provided report id in the command arguments. + Attachment payloads identify the MIME type and MD5 and SHA256 hash signatures of a reported email attachment. + execution: false + name: cofense-report-attachment-payload-list + outputs: + - contextPath: Cofense.AttachmentPayload.id + description: Unique identifier of the attachment payload. + type: String + - contextPath: Cofense.AttachmentPayload.type + description: Type of the resource of Cofense Triage. + type: String + - contextPath: Cofense.AttachmentPayload.links.self + description: Link of the resource. + type: String + - contextPath: Cofense.AttachmentPayload.attributes.mime_type + description: MIME type of the payload. + type: String + - contextPath: Cofense.AttachmentPayload.attributes.md5 + description: MD5 hash of the payload. + type: String + - contextPath: Cofense.AttachmentPayload.attributes.sha256 + description: SHA256 hash of the payload. + type: String + - contextPath: Cofense.AttachmentPayload.attributes.risk_score + description: Risk score of the payload. + type: Number + - contextPath: Cofense.AttachmentPayload.attributes.created_at + description: Date and time, in ISO 8601 format, when the resource was created. + type: Date + - contextPath: Cofense.AttachmentPayload.attributes.updated_at + description: Date and time, in ISO 8601 format, when the resource was last updated. + type: Date + - contextPath: Cofense.AttachmentPayload.relationships.attachments.links.self + description: Link to retrieve the attachment containing the payload. + type: String + - contextPath: Cofense.AttachmentPayload.relationships.attachments.links.related + description: Link to retrieve the detailed information of the attachment containing the payload. + type: String + - contextPath: Cofense.AttachmentPayload.relationships.clusters.links.self + description: Link to retrieve the cluster of reports containing the payload. + type: String + - contextPath: Cofense.AttachmentPayload.relationships.clusters.links.related + description: Link to retrieve the detailed information of the cluster of reports containing the payload. + type: String + - contextPath: Cofense.AttachmentPayload.relationships.integration_submissions.links.self + description: Link to retrieve the integration submissions related to attachment. + type: String + - contextPath: Cofense.AttachmentPayload.relationships.integration_submissions.links.related + description: Link to retrieve the detailed information of the integration submissions related to attachment. + type: String + - contextPath: Cofense.AttachmentPayload.relationships.reports.links.self + description: Link to retrieve the report with attachments containing the payload. + type: String + - contextPath: Cofense.AttachmentPayload.relationships.reports.links.related + description: Link to retrieve the detailed information of the report with attachments containing the payload. + type: String + dockerimage: demisto/python3:3.10.12.62631 feed: false isfetch: true isremotesyncin: true diff --git a/Packs/CofenseTriage/Integrations/CofenseTriagev3/CofenseTriagev3_test.py b/Packs/CofenseTriage/Integrations/CofenseTriagev3/CofenseTriagev3_test.py index 744340e197bf..521682dc096f 100644 --- a/Packs/CofenseTriage/Integrations/CofenseTriagev3/CofenseTriagev3_test.py +++ b/Packs/CofenseTriage/Integrations/CofenseTriagev3/CofenseTriagev3_test.py @@ -1047,3 +1047,59 @@ def test_cofense_report_image_download_command_when_invalid_args_are_provided(mo with pytest.raises(ValueError) as err: cofense_report_image_download_command(mocked_client, args) assert str(err.value) == err_msg + + +def test_cofense_report_attachment_payload_list_command_when_valid_response_is_returned(mocked_client): + """Test case scenario for successful execution of cofense-report-attachment-payload-list command.""" + + from CofenseTriagev3 import cofense_report_attachment_payload_list_command + + response = util_load_json( + os.path.join("test_data", "report_attachment_payload/report_attachment_payload_list_response.json")) + + mocked_client.http_request.return_value = response + + context_output = util_load_json( + os.path.join("test_data", "report_attachment_payload/report_attachment_payload_list_context.json")) + + with open(os.path.join("test_data", "report_attachment_payload/report_attachment_payload_list.md"), 'r') as f: + readable_output = f.read() + + # Execute + args = {"id": "4720", "updated_at": "2020-10-21T20:30:24.185Z"} + + command_response = cofense_report_attachment_payload_list_command(mocked_client, args) + # Assert + assert command_response.outputs_prefix == 'Cofense.AttachmentPayload' + assert command_response.outputs_key_field == "id" + assert command_response.outputs == context_output + assert command_response.readable_output == readable_output + assert command_response.raw_response == response + + +def test_cofense_report_attachment_payload_list_command_when_empty_response_is_returned(mocked_client): + """Test case scenario for successful execution of cofense-report-attachment-payload-list command with an empty + response. """ + + from CofenseTriagev3 import cofense_report_attachment_payload_list_command + mocked_client.http_request.return_value = {"data": {}} + readable_output = "No attachment payloads were found for the given argument(s)." + + # Execute + command_response = cofense_report_attachment_payload_list_command(mocked_client, {'id': 'test'}) + # Assert + assert command_response.readable_output == readable_output + + +def test_validate_report_attachment_payload_list_args_when_invalid_args_are_provided(mocked_client): + """Test case scenario when the arguments provided are not valid.""" + + from CofenseTriagev3 import MESSAGES, cofense_report_attachment_payload_list_command + + args = { + "id": None, + } + + with pytest.raises(ValueError) as err: + cofense_report_attachment_payload_list_command(mocked_client, args) + assert str(err.value) == MESSAGES['REQUIRED_ARGUMENT'].format('id') diff --git a/Packs/CofenseTriage/Integrations/CofenseTriagev3/README.md b/Packs/CofenseTriage/Integrations/CofenseTriagev3/README.md index 6232ac90723f..ba62796491e7 100644 --- a/Packs/CofenseTriage/Integrations/CofenseTriagev3/README.md +++ b/Packs/CofenseTriage/Integrations/CofenseTriagev3/README.md @@ -715,6 +715,153 @@ There is no context output for this command. >Report with ID = 4 is categorized successfully. + +### cofense-report-attachment-payload-list +*** +Retrieves attachment payloads based on provided report id in the command arguments. +Attachment payloads identify the MIME type and MD5 and SHA256 hash signatures of a reported email attachment. + + +#### Base Command + +`cofense-report-attachment-payload-list` +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| id | Specify ID of the report to retrieve the attachment payloads. | Required | +| page_size | Specify the number of attachment payloads to retrieve per page. Note: Possible values are between 1 and 200. Default is 20. | Optional | +| page_number | Specify a page number to retrieve the attachment payloads. Default is 1. | Optional | +| created_at | Specify the date and time of creation, from when to retrieve the attachment payloads. Formats accepted: 2 minutes, 2 hours, 2 days, 2 weeks, 2 months, 2 years, yyyy-mm-dd, yyyy-mm-ddTHH:MM:SSZ, etc. | Optional | +| updated_at | Specify the date and time of updation, from when to retrieve the attachment payloads. Formats accepted: 2 minutes, 2 hours, 2 days, 2 weeks, 2 months, 2 years, yyyy-mm-dd, yyyy-mm-ddTHH:MM:SSZ, etc. | Optional | + + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| Cofense.AttachmentPayload.id | String | Unique identifier of the attachment payload. | +| Cofense.AttachmentPayload.type | String | Type of the resource of Cofense Triage. | +| Cofense.AttachmentPayload.links.self | String | Link of the resource. | +| Cofense.AttachmentPayload.attributes.mime_type | String | MIME type of the payload. | +| Cofense.AttachmentPayload.attributes.md5 | String | MD5 hash of the payload. | +| Cofense.AttachmentPayload.attributes.sha256 | String | SHA256 hash of the payload. | +| Cofense.AttachmentPayload.attributes.risk_score | Number | Risk score of the payload. | +| Cofense.AttachmentPayload.attributes.created_at | Date | Date and time, in ISO 8601 format, when the resource was created. | +| Cofense.AttachmentPayload.attributes.updated_at | Date | Date and time, in ISO 8601 format, when the resource was last updated. | +| Cofense.AttachmentPayload.relationships.attachments.links.self | String | Link to retrieve the attachment containing the payload. | +| Cofense.AttachmentPayload.relationships.attachments.links.related | String | Link to retrieve the detailed information of the attachment containing the payload. | +| Cofense.AttachmentPayload.relationships.clusters.links.self | String | Link to retrieve the cluster of reports containing the payload. | +| Cofense.AttachmentPayload.relationships.clusters.links.related | String | Link to retrieve the detailed information of the cluster of reports containing the payload. | +| Cofense.AttachmentPayload.relationships.integration_submissions.links.self | String | Link to retrieve the integration submissions related to attachment. | +| Cofense.AttachmentPayload.relationships.integration_submissions.links.related | String | Link to retrieve the detailed information of the integration submissions related to attachment. | +| Cofense.AttachmentPayload.relationships.reports.links.self | String | Link to retrieve the report with attachments containing the payload. | +| Cofense.AttachmentPayload.relationships.reports.links.related | String | Link to retrieve the detailed information of the report with attachments containing the payload. | + + +#### Command Example +```!cofense-report-attachment-payload-list id=47024 page_size=2``` + +#### Context Example +```json +{ + "Cofense": { + "AttachmentPayload": [ + { + "attributes": { + "created_at": "2020-10-21T20:57:56.750Z", + "md5": "99a9eb2612d7e84c5402fde1114c53ee", + "mime_type": "application/xml; charset=us-ascii", + "risk_score": 0, + "sha256": "22b3e2a4f41a0a0b6c93cd0da7b28b84a2375b815f787624e81acaaf32a5d191", + "updated_at": "2022-03-08T20:20:32.561Z" + }, + "id": "74", + "links": { + "self": "https://reltest6.phishmecloud.com/api/public/v2/attachment_payloads/74" + }, + "relationships": { + "attachments": { + "links": { + "related": "https://reltest6.phishmecloud.com/api/public/v2/attachment_payloads/74/attachments", + "self": "https://reltest6.phishmecloud.com/api/public/v2/attachment_payloads/74/relationships/attachments" + } + }, + "clusters": { + "links": { + "related": "https://reltest6.phishmecloud.com/api/public/v2/attachment_payloads/74/clusters", + "self": "https://reltest6.phishmecloud.com/api/public/v2/attachment_payloads/74/relationships/clusters" + } + }, + "integration_submissions": { + "links": { + "related": "https://reltest6.phishmecloud.com/api/public/v2/attachment_payloads/74/integration_submissions", + "self": "https://reltest6.phishmecloud.com/api/public/v2/attachment_payloads/74/relationships/integration_submissions" + } + }, + "reports": { + "links": { + "related": "https://reltest6.phishmecloud.com/api/public/v2/attachment_payloads/74/reports", + "self": "https://reltest6.phishmecloud.com/api/public/v2/attachment_payloads/74/relationships/reports" + } + } + }, + "type": "attachment_payloads" + }, + { + "attributes": { + "created_at": "2020-10-21T20:57:56.940Z", + "md5": "61da9c47fff9b04e59b951aa700c7980", + "mime_type": "image/png; charset=binary", + "sha256": "7757f5392a8971b280464ae0d760b04980b82a9a2a3105c2bd6c9293ff7f9b9a", + "updated_at": "2020-10-21T20:57:56.940Z" + }, + "id": "78", + "links": { + "self": "https://reltest6.phishmecloud.com/api/public/v2/attachment_payloads/78" + }, + "relationships": { + "attachments": { + "links": { + "related": "https://reltest6.phishmecloud.com/api/public/v2/attachment_payloads/78/attachments", + "self": "https://reltest6.phishmecloud.com/api/public/v2/attachment_payloads/78/relationships/attachments" + } + }, + "clusters": { + "links": { + "related": "https://reltest6.phishmecloud.com/api/public/v2/attachment_payloads/78/clusters", + "self": "https://reltest6.phishmecloud.com/api/public/v2/attachment_payloads/78/relationships/clusters" + } + }, + "integration_submissions": { + "links": { + "related": "https://reltest6.phishmecloud.com/api/public/v2/attachment_payloads/78/integration_submissions", + "self": "https://reltest6.phishmecloud.com/api/public/v2/attachment_payloads/78/relationships/integration_submissions" + } + }, + "reports": { + "links": { + "related": "https://reltest6.phishmecloud.com/api/public/v2/attachment_payloads/78/reports", + "self": "https://reltest6.phishmecloud.com/api/public/v2/attachment_payloads/78/relationships/reports" + } + } + }, + "type": "attachment_payloads" + } + ] + } +} +``` + +#### Human Readable Output + +>### Attachment Payload(s) +>|Attachment Payload ID|Mime Type|MD5|SHA256|Risk Score|Created At|Updated At| +>|---|---|---|---|---|---|---| +>| 74 | application/xml; charset=us-ascii | 99a9eb2612d7e84c5402fde1114c53ee | 22b3e2a4f41a0a0b6c93cd0da7b28b84a2375b815f787624e81acaaf32a5d191 | 0 | 2020-10-21T20:57:56.750Z | 2022-03-08T20:20:32.561Z | +>| 78 | image/png; charset=binary | 61da9c47fff9b04e59b951aa700c7980 | 7757f5392a8971b280464ae0d760b04980b82a9a2a3105c2bd6c9293ff7f9b9a | | 2020-10-21T20:57:56.940Z | 2020-10-21T20:57:56.940Z | + + ### cofense-category-list *** Retrieves categories based on the provided parameters. @@ -2411,3 +2558,4 @@ The ability to mirror incident data has been added. * *cofense-threat-indicator-create* * *cofense-threat-indicator-update* * *cofense-url-list* +* *cofense-report-attachment-payload-list* diff --git a/Packs/CofenseTriage/Integrations/CofenseTriagev3/test_data/report_attachment_payload/report_attachment_payload_list.md b/Packs/CofenseTriage/Integrations/CofenseTriagev3/test_data/report_attachment_payload/report_attachment_payload_list.md new file mode 100644 index 000000000000..b3ab1ee0909f --- /dev/null +++ b/Packs/CofenseTriage/Integrations/CofenseTriagev3/test_data/report_attachment_payload/report_attachment_payload_list.md @@ -0,0 +1,5 @@ +### Attachment Payload(s) +|Attachment Payload ID|Mime Type|MD5|SHA256|Risk Score|Created At|Updated At| +|---|---|---|---|---|---|---| +| 74 | application/xml; charset=us-ascii | 99a9eb2612d7e84c5402fde1114c53ee | 22b3e2a4f41a0a0b6c93cd0da7b28b84a2375b815f787624e81acaaf32a5d191 | 0 | 2020-10-21T20:57:56.750Z | 2022-03-08T20:20:32.561Z | +| 78 | image/png; charset=binary | 61da9c47fff9b04e59b951aa700c7980 | 7757f5392a8971b280464ae0d760b04980b82a9a2a3105c2bd6c9293ff7f9b9a | | 2020-10-21T20:57:56.940Z | 2020-10-21T20:57:56.940Z | diff --git a/Packs/CofenseTriage/Integrations/CofenseTriagev3/test_data/report_attachment_payload/report_attachment_payload_list_context.json b/Packs/CofenseTriage/Integrations/CofenseTriagev3/test_data/report_attachment_payload/report_attachment_payload_list_context.json new file mode 100644 index 000000000000..6dcf2e4c4c00 --- /dev/null +++ b/Packs/CofenseTriage/Integrations/CofenseTriagev3/test_data/report_attachment_payload/report_attachment_payload_list_context.json @@ -0,0 +1,83 @@ +[ + { + "id": "74", + "type": "attachment_payloads", + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/74" + }, + "attributes": { + "mime_type": "application/xml; charset=us-ascii", + "md5": "99a9eb2612d7e84c5402fde1114c53ee", + "sha256": "22b3e2a4f41a0a0b6c93cd0da7b28b84a2375b815f787624e81acaaf32a5d191", + "risk_score": 0, + "created_at": "2020-10-21T20:57:56.750Z", + "updated_at": "2022-03-08T20:20:32.561Z" + }, + "relationships": { + "attachments": { + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/74/relationships/attachments", + "related": "https://triage.example.com/api/public/v2/attachment_payloads/74/attachments" + } + }, + "clusters": { + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/74/relationships/clusters", + "related": "https://triage.example.com/api/public/v2/attachment_payloads/74/clusters" + } + }, + "integration_submissions": { + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/74/relationships/integration_submissions", + "related": "https://triage.example.com/api/public/v2/attachment_payloads/74/integration_submissions" + } + }, + "reports": { + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/74/relationships/reports", + "related": "https://triage.example.com/api/public/v2/attachment_payloads/74/reports" + } + } + } + }, + { + "id": "78", + "type": "attachment_payloads", + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/78" + }, + "attributes": { + "mime_type": "image/png; charset=binary", + "md5": "61da9c47fff9b04e59b951aa700c7980", + "sha256": "7757f5392a8971b280464ae0d760b04980b82a9a2a3105c2bd6c9293ff7f9b9a", + "created_at": "2020-10-21T20:57:56.940Z", + "updated_at": "2020-10-21T20:57:56.940Z" + }, + "relationships": { + "attachments": { + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/78/relationships/attachments", + "related": "https://triage.example.com/api/public/v2/attachment_payloads/78/attachments" + } + }, + "clusters": { + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/78/relationships/clusters", + "related": "https://triage.example.com/api/public/v2/attachment_payloads/78/clusters" + } + }, + "integration_submissions": { + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/78/relationships/integration_submissions", + "related": "https://triage.example.com/api/public/v2/attachment_payloads/78/integration_submissions" + } + }, + "reports": { + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/78/relationships/reports", + "related": "https://triage.example.com/api/public/v2/attachment_payloads/78/reports" + } + } + } + } +] \ No newline at end of file diff --git a/Packs/CofenseTriage/Integrations/CofenseTriagev3/test_data/report_attachment_payload/report_attachment_payload_list_response.json b/Packs/CofenseTriage/Integrations/CofenseTriagev3/test_data/report_attachment_payload/report_attachment_payload_list_response.json new file mode 100644 index 000000000000..165324741c04 --- /dev/null +++ b/Packs/CofenseTriage/Integrations/CofenseTriagev3/test_data/report_attachment_payload/report_attachment_payload_list_response.json @@ -0,0 +1,95 @@ +{ + "data": [ + { + "id": "74", + "type": "attachment_payloads", + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/74" + }, + "attributes": { + "mime_type": "application/xml; charset=us-ascii", + "md5": "99a9eb2612d7e84c5402fde1114c53ee", + "sha256": "22b3e2a4f41a0a0b6c93cd0da7b28b84a2375b815f787624e81acaaf32a5d191", + "risk_score": 0, + "created_at": "2020-10-21T20:57:56.750Z", + "updated_at": "2022-03-08T20:20:32.561Z" + }, + "relationships": { + "attachments": { + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/74/relationships/attachments", + "related": "https://triage.example.com/api/public/v2/attachment_payloads/74/attachments" + } + }, + "clusters": { + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/74/relationships/clusters", + "related": "https://triage.example.com/api/public/v2/attachment_payloads/74/clusters" + } + }, + "integration_submissions": { + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/74/relationships/integration_submissions", + "related": "https://triage.example.com/api/public/v2/attachment_payloads/74/integration_submissions" + } + }, + "reports": { + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/74/relationships/reports", + "related": "https://triage.example.com/api/public/v2/attachment_payloads/74/reports" + } + } + } + }, + { + "id": "78", + "type": "attachment_payloads", + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/78" + }, + "attributes": { + "mime_type": "image/png; charset=binary", + "md5": "61da9c47fff9b04e59b951aa700c7980", + "sha256": "7757f5392a8971b280464ae0d760b04980b82a9a2a3105c2bd6c9293ff7f9b9a", + "risk_score": null, + "created_at": "2020-10-21T20:57:56.940Z", + "updated_at": "2020-10-21T20:57:56.940Z" + }, + "relationships": { + "attachments": { + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/78/relationships/attachments", + "related": "https://triage.example.com/api/public/v2/attachment_payloads/78/attachments" + } + }, + "clusters": { + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/78/relationships/clusters", + "related": "https://triage.example.com/api/public/v2/attachment_payloads/78/clusters" + } + }, + "integration_submissions": { + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/78/relationships/integration_submissions", + "related": "https://triage.example.com/api/public/v2/attachment_payloads/78/integration_submissions" + } + }, + "reports": { + "links": { + "self": "https://triage.example.com/api/public/v2/attachment_payloads/78/relationships/reports", + "related": "https://triage.example.com/api/public/v2/attachment_payloads/78/reports" + } + } + } + } + ], + "meta": { + "record_count": 16, + "page_count": 8 + }, + "links": { + "first": "https://triage.example.com/api/public/v2/reports/47024/attachment_payloads?filter%5Bupdated_at_gteq%5D=2020-10-21T20%3A57%3A56.940Z&page%5Bnumber%5D=1&page%5Bsize%5D=2", + "next": "https://triage.example.com/api/public/v2/reports/47024/attachment_payloads?filter%5Bupdated_at_gteq%5D=2020-10-21T20%3A57%3A56.940Z&page%5Bnumber%5D=2&page%5Bsize%5D=2", + "last": "https://triage.example.com/api/public/v2/reports/47024/attachment_payloads?filter%5Bupdated_at_gteq%5D=2020-10-21T20%3A57%3A56.940Z&page%5Bnumber%5D=8&page%5Bsize%5D=2" + } +} \ No newline at end of file diff --git a/Packs/CofenseTriage/ReleaseNotes/2_1_13.md b/Packs/CofenseTriage/ReleaseNotes/2_1_13.md new file mode 100644 index 000000000000..1ef3db5beff0 --- /dev/null +++ b/Packs/CofenseTriage/ReleaseNotes/2_1_13.md @@ -0,0 +1,19 @@ + +#### Integrations + +##### Cofense Triage v3 +- Updated the Docker image to: *demisto/python3:3.10.12.62631*. + +- Added the new `cofense-report-attachment-payload-list` command. + + +#### Scripts + +##### CofenseTriageThreatEnrichment +- Updated the Docker image to: *demisto/python3:3.10.12.62631*. + + +##### CofenseTriageReportDownload +- Updated the Docker image to: *demisto/python3:3.10.12.62631*. + + diff --git a/Packs/CofenseTriage/Scripts/CofenseTriageReportDownload/CofenseTriageReportDownload.yml b/Packs/CofenseTriage/Scripts/CofenseTriageReportDownload/CofenseTriageReportDownload.yml index 27547509843a..70456cc0d87b 100644 --- a/Packs/CofenseTriage/Scripts/CofenseTriageReportDownload/CofenseTriageReportDownload.yml +++ b/Packs/CofenseTriage/Scripts/CofenseTriageReportDownload/CofenseTriageReportDownload.yml @@ -20,7 +20,7 @@ dependson: - '|||cofense-report-list' - '|||cofense-report-download' runonce: false -dockerimage: demisto/python3:3.10.11.56082 +dockerimage: demisto/python3:3.10.12.62631 runas: DBotWeakRole fromversion: 6.0.0 tests: diff --git a/Packs/CofenseTriage/Scripts/CofenseTriageThreatEnrichment/CofenseTriageThreatEnrichment.yml b/Packs/CofenseTriage/Scripts/CofenseTriageThreatEnrichment/CofenseTriageThreatEnrichment.yml index 3c280d28cfec..07b2ab202239 100644 --- a/Packs/CofenseTriage/Scripts/CofenseTriageThreatEnrichment/CofenseTriageThreatEnrichment.yml +++ b/Packs/CofenseTriage/Scripts/CofenseTriageThreatEnrichment/CofenseTriageThreatEnrichment.yml @@ -21,7 +21,7 @@ dependson: must: - '|||cofense-threat-indicator-list' runonce: false -dockerimage: demisto/python3:3.10.11.56082 +dockerimage: demisto/python3:3.10.12.62631 runas: DBotWeakRole fromversion: 6.0.0 tests: diff --git a/Packs/CofenseTriage/pack_metadata.json b/Packs/CofenseTriage/pack_metadata.json index 836b6c4d5697..51886fa4101d 100644 --- a/Packs/CofenseTriage/pack_metadata.json +++ b/Packs/CofenseTriage/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cofense Triage", "description": "Cofense Triage allows users to fetch reports by using the fetch incidents capability. It also provides commands to get entities like reporters, rules, categories, and more.", "support": "partner", - "currentVersion": "2.1.12", + "currentVersion": "2.1.13", "author": "Cofense", "url": "https://cofense.com/contact-support/", "email": "support@cofense.com",