AzureSentinel - keywords argument from 'comma separate' to 'str' in a…

…zure-sentinel-threat-indicator-query (#27380) * keywords argument from comma separate to str in azure-sentinel-threat -indicator-query command * RN * DO * Update Packs/AzureSentinel/Integrations/AzureSentinel/README.md Co-authored-by: dorschw <[email protected]> * Update Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml Co-authored-by: dorschw <[email protected]> * Update Packs/AzureSentinel/ReleaseNotes/1_5_8.md Co-authored-by: dorschw <[email protected]> * under sources * additional info for clarification * Update Packs/AzureSentinel/Integrations/AzureSentinel/README.md Co-authored-by: dorschw <[email protected]> * Update Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml Co-authored-by: dorschw <[email protected]> * Update Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml Co-authored-by: dorschw <[email protected]> * validate yml * validate yml * revert and Dor's solution * revert README * Update Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.py Co-authored-by: dorschw <[email protected]> * add instance name for the TPB --------- Co-authored-by: dorschw <[email protected]>
demisto · Jun 14, 2023 · f886b4d · f886b4d
1 parent ddae502
commit f886b4d
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 4 deletions.
diff --git a/Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.py b/Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.py
@@ -1391,7 +1391,7 @@ def build_query_filter(args):
         'minValidUntil': format_date(args.get('min_valid_from', '')),
         'maxValidUntil': format_date(args.get('max_valid_from', '')),
         'sources': argToList(args.get('sources')),
-        'keywords': argToList(args.get('keywords')),
+        'keywords': ' '.join(argToList(args.get('keywords'))),
         'threatTypes': argToList(args.get('threat_types')),
         'patternTypes': []
     }

diff --git a/Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml b/Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml
@@ -3005,7 +3005,7 @@ script:
     - contextPath: AzureSentinel.AlertRule.properties.incidentConfiguration
       description: The settings of the incidents that were created from alerts triggered by this analytics rule.
       type: Unknown
-  dockerimage: demisto/crypto:1.0.0.61689
+  dockerimage: demisto/crypto:1.0.0.62834
   feed: false
   isfetch: true
   longRunning: false

diff --git a/Packs/AzureSentinel/ReleaseNotes/1_5_8.md b/Packs/AzureSentinel/ReleaseNotes/1_5_8.md
@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### Microsoft Sentinel
+
+- Fixed an issue where ***azure-sentinel-threat-indicator-query*** would fail when provided with multiple keywords.
+- Updated the Docker image to: *demisto/crypto:1.0.0.62834*.
diff --git a/Packs/AzureSentinel/pack_metadata.json b/Packs/AzureSentinel/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Microsoft Sentinel",
     "description": "Microsoft Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise.",
     "support": "xsoar",
-    "currentVersion": "1.5.7",
+    "currentVersion": "1.5.8",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Tests/conf.json b/Tests/conf.json
@@ -4972,7 +4972,8 @@
             "integrations": "Azure Sentinel",
             "fromversion": "5.5.0",
             "is_mockable": false,
-            "playbookID": "TestAzureSentinelPlaybookV2"
+            "playbookID": "TestAzureSentinelPlaybookV2",
+            "instance_names": "azure_sentinel_dev"
         },
         {
             "integrations": "AnsibleAlibabaCloud",