Deprecated content quick wins (#26406)

* deprecated the playbook Archer initiate incident

* RN for deprecated the playbook Archer initiate incident

* Update deprecated content on Block Account - Generic v2 playbook

* RN for Update deprecated content on Block Account - Generic v2 playbook

* Update Deprecated content on cortex xdr playbooks

* RN for Update Deprecated content on cortex xdr playbooks

* Update deprecated content on Saas_Security_-_Incident_Processor playbook

* RN for Update deprecated content on Saas_Security_-_Incident_Processor playbook

* deprecated the playbook Vulnerability Management - Qualys (Job)

* RN for deprecated the playbook Vulnerability Management - Qualys (Job)

* update command on the playbook Tanium Demo

* RN for update command on the playbook Tanium Demo

* Update deprecated commands on the playbooks TIE IOC Hunt and `Search_Endpoints_By_Hash_-_TIE`

* RN for Update deprecated commands on the playbooks TIE IOC Hunt and `Search_Endpoints_By_Hash_-_TIE`

* Bump pack from version CortexXDR to 4.10.41.

* Bump pack from version ArcherRSA to 1.2.11.

* fix validation errors

* update test playbook McAfee TIE to use the integration McAfee Threat Intelligence Exchange V2

* update test playbook McAfee TIE to use the integration McAfee Threat Intelligence Exchange

* Bump pack from version CommonPlaybooks to 2.3.65.

* Bump pack from version CommonPlaybooks to 2.3.66.

* Bump pack from version CortexXDR to 4.10.42.

* Bump pack from version McAfee-TIE to 2.0.7.

* Bump pack from version CommonPlaybooks to 2.3.67.

* Bump pack from version CortexXDR to 4.10.43.

* Bump pack from version Tanium to 1.0.25.

* Bump pack from version qualys to 1.2.8.

* Bump pack from version CortexXDR to 4.10.44.

* Bump pack from version CommonPlaybooks to 2.3.68.

* Bump pack from version ArcherRSA to 1.2.12.

* Bump pack from version qualys to 1.2.9.

* Bump pack from version CortexXDR to 4.10.45.

* Bump pack from version CommonPlaybooks to 2.3.69.

* removed deprecated commands `EPOFindSystem` (EOL) from playbook-Search_Endpoints_By_Hash_-_TIE.yml and from playbook-TIE_-_IOC_Hunt.yml

* Deprecated cortex xdr playbooks. replaced with relevance commands

* RN for Deprecated cortex xdr playbooks. replaced with relevance commands

* Bump pack from version CortexXDR to 4.10.46.

* replaced sub-playbook-Cortex_XDR_-_delete_file with relevance commands xdr-file-delete-script-execute

* RN after replaced sub-playbook-Cortex_XDR_-_delete_file with relevance commands xdr-file-delete-script-execute

* RN after replaced sub-playbook-Cortex_XDR_-_delete_file with relevance commands xdr-file-delete-script-execute

* fix validation error - update png name on RM files

* Bump pack from version CortexXDR to 4.11.1.

* Bump pack from version CommonPlaybooks to 2.3.70.

* fix for build error

* fix for build error

* Bump pack from version CommonPlaybooks to 2.3.71.

* Update Packs/ArcherRSA/ReleaseNotes/1_2_12.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Execute_snippet_code_script.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_True_Positive_Incident_Handling.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/qualys/Playbooks/playbook-Vulnerability_Management__-_Qualys_(Job)_README.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/qualys/Playbooks/playbook-Vulnerability_Management__-_Qualys_(Job)_README.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Execute_snippet_code_script_README.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/Tanium/ReleaseNotes/1_0_25.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/qualys/Playbooks/playbook-Vulnerability_Management__-_Qualys_(Job)_README.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/qualys/ReleaseNotes/1_2_9.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_True_Positive_Incident_Handling.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_True_Positive_Incident_Handling.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_True_Positive_Incident_Handling.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_True_Positive_Incident_Handling.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_True_Positive_Incident_Handling.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_check_file_existence.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_check_file_existence.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_check_file_existence.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_check_file_existence.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_check_file_existence_README.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_delete_file.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_delete_file.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_kill_process_README.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_delete_file.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_delete_file_README.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_execute_commands.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_execute_commands.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_execute_commands_README.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_kill_process.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_kill_process.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_kill_process.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/ReleaseNotes/4_11_1.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/ReleaseNotes/4_11_1.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/Tanium/ReleaseNotes/1_0_25.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/ReleaseNotes/4_11_1.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/ReleaseNotes/4_11_1.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/ReleaseNotes/4_11_1.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexXDR/ReleaseNotes/4_11_1.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/McAfee-TIE/ReleaseNotes/2_0_7.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/McAfee-TIE/ReleaseNotes/2_0_7.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/McAfee-TIE/ReleaseNotes/2_0_7.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/McAfee-TIE/ReleaseNotes/2_0_7.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/McAfee-TIE/ReleaseNotes/2_0_7.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/McAfee-TIE/ReleaseNotes/2_0_7.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/PrismaSaasSecurity/ReleaseNotes/2_0_21.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* update after review - rollback and commit only changes on xdr playbooks

* update after review - rollback and commit only changes on xdr playbook-Cortex_XDR_-_True_Positive_Incident_Handling.yml

* fix for validation error change png name

---------

Co-authored-by: Content Bot <[email protected]>
Co-authored-by: Sasha Sokolovich <[email protected]>
Co-authored-by: ShirleyDenkberg <[email protected]>

Packs/ArcherRSA/Playbooks/playbook-Archer_initiate_incident.yml

@@ -2,8 +2,10 @@ id: Archer initiate incident
 version: -1
 name: Archer initiate incident
 fromversion: "5.0.0"
+deprecated: true
 starttaskid: "0"
-description: "initiate Archer incident"
+description: "Deprecated. Use the `archer-get-file` command directly instead. 
+initiate Archer incident"
 tasks:
   "0":
     id: "0"

Packs/ArcherRSA/Playbooks/playbook-Archer_initiate_incident_README.md

@@ -1,28 +1,38 @@
-Initiates an Archer incident.
+Deprecated. Use the `archer-get-file` command directly instead.
+initiate Archer incident
 
 ## Dependencies
+
 This playbook uses the following sub-playbooks, integrations, and scripts.
 
-## Sub-playbooks
+### Sub-playbooks
+
 This playbook does not use any sub-playbooks.
 
-## Integrations
+### Integrations
+
 * RSA Archer
 
-## Scripts
+### Scripts
+
 This playbook does not use any scripts.
 
-## Commands
+### Commands
+
 * archer-get-file
 
 ## Playbook Inputs
+
 ---
 There are no inputs for this playbook.
 
 ## Playbook Outputs
+
 ---
 There are no outputs for this playbook.
 
 ## Playbook Image
+
 ---
-![Archer_initiate_incident](https://raw.githubusercontent.com/demisto/content/1bdd5229392bd86f0cc58265a24df23ee3f7e662/docs/images/playbooks/Archer_initiate_incident.png)
+
+![Archer initiate incident](../doc_files/Archer_initiate_incident.png)

Packs/ArcherRSA/ReleaseNotes/1_2_12.md

@@ -0,0 +1,6 @@
+
+#### Playbooks
+
+##### Archer initiate incident
+
+Deprecated. Use the ***archer-get-file*** command directly instead.

Packs/ArcherRSA/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "RSA Archer",
     "description": "The RSA Archer GRC Platform provides a common foundation for managing policies, controls, risks, assessments and deficiencies across lines of business.",
     "support": "xsoar",
-    "currentVersion": "1.2.11",
+    "currentVersion": "1.2.12",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/CommonPlaybooks/Playbooks/playbook-Block_Account_-_Generic_v2.yml

@@ -160,8 +160,8 @@ tasks:
       id: 6c4b8a60-449b-4710-89e8-a68c32fdda28
       version: -1
       name: PAN-OS - Register Tag to User
-      description: Apply a tag to a user.
-      script: "|||panorama-register-user-tag"
+      description: Registers users to a tag. This command is only available for PAN-OS version 9.x and above.
+      script: '|||pan-os-register-user-tag'
       type: regular
       iscommand: true
       brand: ""
@@ -170,10 +170,14 @@ tasks:
         - "2"
     scriptarguments:
       Users:
-        simple: ${Blocklist.Final}
+        complex:
+          root: Blocklist
+          accessor: Final
       tag:
-        simple: ${inputs.Tag}
+        complex:
+          root: inputs.Tag
     separatecontext: false
+    continueonerrortype: ""
     view: |-
       {
         "position": {

Packs/CommonPlaybooks/Playbooks/playbook-Block_Account_-_Generic_v2_README.md

@@ -3,28 +3,41 @@ This playbook blocks malicious usernames using all integrations that you have en
 Supported integrations for this playbook:
 * Active Directory
 * PAN-OS - This requires PAN-OS 9.1 or higher.
+* SailPoint
+* PingOne
+* AWS IAM
+* Clarizen IAM
+* Envoy IAM
+* ExceedLMS IAM
+* Okta
 
 ## Dependencies
+
 This playbook uses the following sub-playbooks, integrations, and scripts.
 
 ### Sub-playbooks
+
 This playbook does not use any sub-playbooks.
 
 ### Integrations
+
 * Active Directory Query v2
 
 ### Scripts
+
 * SetAndHandleEmpty
 * IsIntegrationAvailable
 
 ### Commands
-* panorama-register-user-tag
-* pingone-deactivate-user
+
+* iam-disable-user
 * identityiq-disable-account
+* pingone-deactivate-user
+* pan-os-register-user-tag
 * ad-disable-account
-* iam-disable-user
 
 ## Playbook Inputs
+
 ---
 
 | **Name** | **Description** | **Default Value** | **Required** |
@@ -35,12 +48,15 @@ This playbook does not use any sub-playbooks.
 | UserVerification | Possible values:True/False. Default:True.<br/>Specify if User Verification is Requrired | True | Optional |
 
 ## Playbook Outputs
+
 ---
 
 | **Path** | **Description** | **Type** |
 | --- | --- | --- |
 | Blocklist.Final | Blocked accounts | unknown |
 
 ## Playbook Image
+
 ---
-![Block Account - Generic v2](../doc_files/Block_Account_-_Generic_v2.png)
+
+![Block Account - Generic v2](../doc_files/Block_Account_-_Generic_v2.png)

Packs/CommonPlaybooks/ReleaseNotes/2_3_71.md

@@ -0,0 +1,4 @@
+#### Playbooks
+
+##### Block Account - Generic v2
+Updated deprecated command from ***panorama-register-user-tag*** to ***pan-os-register-user-tag***.

Packs/CommonPlaybooks/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Common Playbooks",
     "description": "Frequently used playbooks pack.",
     "support": "xsoar",
-    "currentVersion": "2.3.70",
+    "currentVersion": "2.3.71",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Execute_snippet_code_script.yml

@@ -1,4 +1,5 @@
-description: Initiates a new endpoint script execution action using the provided snippet
+deprecated: true
+description: Deprecated. Use the `xdr-snippet-code-script-execute` command instead. Initiates a new endpoint script execution action using the provided snippet
   code and retrieves the file results.
 id: Cortex XDR - Execute snippet code script
 inputs:

Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Execute_snippet_code_script_README.md

@@ -1,23 +1,28 @@
-Initiates a new endpoint script execution action using the provided snippet code and retrieve the file results.
-
+Deprecated. Use the `xdr-snippet-code-script-execute` command instead. Initiates a new endpoint script execution action using the provided snippet code and retrieves the file results.
 
 ## Dependencies
+
 This playbook uses the following sub-playbooks, integrations, and scripts.
 
 ### Sub-playbooks
-Cortex XDR - Check Action Status
+
+* Cortex XDR - Check Action Status
 
 ### Integrations
-CortexXDRIR
+
+* CortexXDRIR
 
 ### Scripts
+
 This playbook does not use any scripts.
 
 ### Commands
+
 * xdr-get-script-execution-results
 * xdr-run-snippet-code-script
 
 ## Playbook Inputs
+
 ---
 
 | **Name** | **Description** | **Default Value** | **Required** |
@@ -26,12 +31,15 @@ This playbook does not use any scripts.
 | snippet_code | Section of a script you want to initiate on an endpoint \(e.g., print\("7"\)\). |  | Optional |
 
 ## Playbook Outputs
+
 ---
 
 | **Path** | **Description** | **Type** |
 | --- | --- | --- |
 | PaloAltoNetworksXDR.ScriptResult.results._return_value | Value returned by the script in case the type is not a dictionary. | unknown |
 
 ## Playbook Image
+
 ---
-![Cortex XDR - Execute snippet code script](https://raw.githubusercontent.com/demisto/content/2e19477c6355d781bf8f5c9dfdd1216a6bca07b7/Packs/CortexXDR/doc_files/Cortex_XDR_-_Execute_snippet_code_script.png)
+
+![Cortex XDR - Execute snippet code script](../doc_files/Cortex_XDR_-_Execute_snippet_code_script.png)

Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_True_Positive_Incident_Handling.yml

@@ -996,54 +996,6 @@ tasks:
         }
       }
     continueonerrortype: ""
-  '71':
-    id: '71'
-    ignoreworker: false
-    isautoswitchedtoquietmode: false
-    isoversize: false
-    loop:
-      exitCondition: ''
-      iscommand: false
-      max: 0
-      wait: 1
-    nexttasks:
-      '#none#':
-      - '64'
-    note: false
-    quietmode: 0
-    scriptarguments:
-      endpoint_id:
-        simple: ${inputs.HostID}
-      file_path:
-        complex:
-          root: Confirm which File Path will be deleted.Answers
-          accessor: "0"
-          transformers:
-          - operator: uniq
-      polling_timeout:
-        simple: '10'
-    separatecontext: true
-    skipunavailable: false
-    task:
-      brand: ''
-      description: Initiates a new endpoint script execution to delete the specified file and retrieve the results.
-      id: 480bc329-81ff-4f7e-8f55-977b58dda775
-      iscommand: false
-      name: Cortex XDR - delete file
-      type: playbook
-      version: -1
-      playbookName: Cortex XDR - delete file
-    taskid: 480bc329-81ff-4f7e-8f55-977b58dda775
-    timertriggers: []
-    type: playbook
-    view: |-
-      {
-        "position": {
-          "x": -2030,
-          "y": 580
-        }
-      }
-    continueonerrortype: ""
   '72':
     id: '72'
     ignoreworker: false
@@ -1209,7 +1161,7 @@ tasks:
       '#default#':
       - '64'
       yes:
-      - '71'
+      - '91'
     note: false
     quietmode: 0
     separatecontext: false
@@ -1625,7 +1577,8 @@ tasks:
       - "88"
     scriptarguments:
       entryIDs:
-        simple: ${lastCompletedTaskEntries}
+        complex:
+          root: lastCompletedTaskEntries
       tags:
         simple: Found additional assets
     separatecontext: false
@@ -1761,15 +1714,21 @@ tasks:
       QRadarTimeFrame:
         simple: LAST 7 DAYS
       SHA1:
-        simple: ${Specify IOCs to hunt upon.Answers.2}
+        complex:
+          root: Specify IOCs to hunt upon.Answers
+          accessor: "2"
       SHA256:
-        simple: ${Specify IOCs to hunt upon.Answers.1}
+        complex:
+          root: Specify IOCs to hunt upon.Answers
+          accessor: "1"
       SplunkEarliestTime:
         simple: -7d@d
       SplunkLatestTime:
         simple: now
       URLDomain:
-        simple: ${Specify IOCs to hunt upon.Answers.4}
+        complex:
+          root: Specify IOCs to hunt upon.Answers
+          accessor: "4"
     separatecontext: true
     continueonerrortype: ""
     loop:
@@ -1791,7 +1750,51 @@ tasks:
     quietmode: 0
     isoversize: false
     isautoswitchedtoquietmode: false
-version: -1
+  "91":
+    id: "91"
+    taskid: c79fa8ce-3da8-424b-865d-e1994c3ea043
+    type: regular
+    task:
+      id: c79fa8ce-3da8-424b-865d-e1994c3ea043
+      version: -1
+      name: xdr-file-delete-script-execute
+      description: Initiates a new endpoint script execution to delete the specified
+        file.
+      script: Cortex XDR - IR|||xdr-file-delete-script-execute
+      type: regular
+      iscommand: true
+      brand: Cortex XDR - IR
+    nexttasks:
+      '#none#':
+      - "64"
+    scriptarguments:
+      endpoint_ids:
+        complex:
+          root: inputs.HostID
+      file_path:
+        complex:
+          root: Confirm which File Path will be deleted.Answers
+          accessor: "0"
+          transformers:
+          - operator: uniq
+      timeout_in_seconds:
+        simple: "600"
+    separatecontext: false
+    continueonerrortype: ""
+    view: |-
+      {
+        "position": {
+          "x": -2030,
+          "y": 580
+        }
+      }
+    note: false
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: false
+    quietmode: 0
+    isoversize: false
+    isautoswitchedtoquietmode: false
 view: |-
   {
     "linkLabelsPosition": {},
@@ -1804,6 +1807,7 @@ view: |-
       }
     }
   }
+version: -1
 tests:
 - Test XDR Playbook
 fromversion: 6.5.0