From f97aca511c38587b42ef54a919e22f9dc6866b82 Mon Sep 17 00:00:00 2001 From: Randy Baldwin <32545292+randomizerxd@users.noreply.github.com> Date: Sun, 28 May 2023 08:00:27 -0400 Subject: [PATCH] Modify RF Playbooks: Check for "Recorded Future v2" instead of "Recorded Future" integration instance (#26589) * Update playbook-Recorded_Future_CVE_Reputation.yml * Check for "Recorded Future v2" instead of "Recorded Future" integration instance * Check for "Recorded Future v2" instead of "Recorded Future" integration instance * Check for "Recorded Future v2" instead of "Recorded Future" integration instance * Check for "Recorded Future v2" instead of "Recorded Future" integration instance * Check for "Recorded Future v2" instead of "Recorded Future" integration instance * Check for "Recorded Future v2" instead of "Recorded Future" integration instance * Check for "Recorded Future v2" instead of "Recorded Future" integration instance * Check for "Recorded Future v2" instead of "Recorded Future" integration instance * Check for "Recorded Future v2" instead of "Recorded Future" integration instance * Check for "Recorded Future v2" instead of "Recorded Future" integration instance * Check for "Recorded Future v2" instead of "Recorded Future" integration instance * Create 1_5_3.md * update currentVersion to 1.5.3 * scriptarguments inputs.url not needed * scriptarguments inputs.url not needed * ${inputs.URL} instead of ${RecordedFuture.URL.name} playbook currently fails when no RF results are returned * ${inputs.URL} instead of ${RecordedFuture.URL.name} playbook currently fails when no RF results are returned * ${inputs.CVE} instead of ${RecordedFuture.CVE.name} playbook currently fails when no RF results are returned * ${inputs.CVE} instead of ${RecordedFuture.CVE.name} playbook currently fails when no RF results are returned * ${inputs.Domain} instead of ${RecordedFuture.Domain.name} playbook currently fails when no RF results are returned * ${inputs.Domain} instead of ${RecordedFuture.Domain.name} playbook currently fails when no RF results are returned * ${inputs.IP} instead of ${RecordedFuture.IP.name} playbook currently fails when no RF results are returned * ${inputs.IP} instead of ${RecordedFuture.IP.name} playbook currently fails when no RF results are returned * Bump version --------- Co-authored-by: Danny_Fried --- ...ybook-Recorded_Future_CVE_Intelligence.yml | 4 +-- ...laybook-Recorded_Future_CVE_Reputation.yml | 4 +-- ...ok-Recorded_Future_Domain_Intelligence.yml | 4 +-- ...book-Recorded_Future_Domain_Reputation.yml | 4 +-- ...book-Recorded_Future_Entity_Enrichment.yml | 2 +- ...book-Recorded_Future_File_Intelligence.yml | 2 +- ...aybook-Recorded_Future_File_Reputation.yml | 2 +- ...aybook-Recorded_Future_IP_Intelligence.yml | 4 +-- ...playbook-Recorded_Future_IP_Reputation.yml | 4 +-- ...book-Recorded_Future_Threat_Assessment.yml | 2 +- ...ybook-Recorded_Future_URL_Intelligence.yml | 7 ++---- ...laybook-Recorded_Future_URL_Reputation.yml | 7 ++---- Packs/RecordedFuture/ReleaseNotes/1_5_3.md | 2 +- Packs/RecordedFuture/ReleaseNotes/1_5_4.md | 25 +++++++++++++++++++ Packs/RecordedFuture/pack_metadata.json | 4 +-- 15 files changed, 48 insertions(+), 29 deletions(-) create mode 100644 Packs/RecordedFuture/ReleaseNotes/1_5_4.md diff --git a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_CVE_Intelligence.yml b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_CVE_Intelligence.yml index 77862404a272..8faba03ba19d 100644 --- a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_CVE_Intelligence.yml +++ b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_CVE_Intelligence.yml @@ -130,7 +130,7 @@ tasks: iscontext: true right: value: - simple: Recorded Future + simple: Recorded Future v2 ignorecase: true - - operator: isEqualString left: @@ -242,7 +242,7 @@ tasks: recordedfutureriskrules: simple: ${RecordedFuture.CVE.concatRules} value: - simple: ${RecordedFuture.CVE.name} + simple: ${inputs.CVE} separatecontext: false view: |- { diff --git a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_CVE_Reputation.yml b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_CVE_Reputation.yml index c6269c5e3721..4f455d83abdd 100644 --- a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_CVE_Reputation.yml +++ b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_CVE_Reputation.yml @@ -130,7 +130,7 @@ tasks: iscontext: true right: value: - simple: Recorded Future + simple: Recorded Future v2 ignorecase: true - - operator: isEqualString left: @@ -236,7 +236,7 @@ tasks: recordedfutureriskrules: simple: ${RecordedFuture.CVE.rules} value: - simple: ${RecordedFuture.CVE.name} + simple: ${inputs.CVE} separatecontext: false view: |- { diff --git a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_Domain_Intelligence.yml b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_Domain_Intelligence.yml index 7d49b5cd6fe7..49e2f5c5eb98 100644 --- a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_Domain_Intelligence.yml +++ b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_Domain_Intelligence.yml @@ -130,7 +130,7 @@ tasks: iscontext: true right: value: - simple: Recorded Future + simple: Recorded Future v2 ignorecase: true - - operator: isEqualString left: @@ -242,7 +242,7 @@ tasks: recordedfutureriskrules: simple: ${RecordedFuture.Domain.concatRules} value: - simple: ${RecordedFuture.Domain.name} + simple: ${inputs.Domain} separatecontext: false view: |- { diff --git a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_Domain_Reputation.yml b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_Domain_Reputation.yml index 3a98dd3e6777..9b2e787407ce 100644 --- a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_Domain_Reputation.yml +++ b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_Domain_Reputation.yml @@ -130,7 +130,7 @@ tasks: iscontext: true right: value: - simple: Recorded Future + simple: Recorded Future v2 ignorecase: true - - operator: isEqualString left: @@ -239,7 +239,7 @@ tasks: recordedfutureriskrules: simple: ${RecordedFuture.Domain.rules} value: - simple: ${RecordedFuture.Domain.name} + simple: ${inputs.Domain} separatecontext: false view: |- { diff --git a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_Entity_Enrichment.yml b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_Entity_Enrichment.yml index 662e94a9e0f1..f3c96162a7ea 100644 --- a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_Entity_Enrichment.yml +++ b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_Entity_Enrichment.yml @@ -864,7 +864,7 @@ tasks: iscontext: true right: value: - simple: Recorded Future + simple: Recorded Future v2 - - operator: isEqualString left: value: diff --git a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_File_Intelligence.yml b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_File_Intelligence.yml index 75a4f3ca5465..9a967a7e5d0a 100644 --- a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_File_Intelligence.yml +++ b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_File_Intelligence.yml @@ -363,7 +363,7 @@ tasks: iscontext: true right: value: - simple: Recorded Future + simple: Recorded Future v2 - - operator: isEqualString left: value: diff --git a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_File_Reputation.yml b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_File_Reputation.yml index a25760eb07a7..3a69824a15f9 100644 --- a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_File_Reputation.yml +++ b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_File_Reputation.yml @@ -349,7 +349,7 @@ tasks: iscontext: true right: value: - simple: Recorded Future + simple: Recorded Future v2 - - operator: isEqualString left: value: diff --git a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_IP_Intelligence.yml b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_IP_Intelligence.yml index a2866f6ad1f5..f0537c8eb6d8 100644 --- a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_IP_Intelligence.yml +++ b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_IP_Intelligence.yml @@ -158,7 +158,7 @@ tasks: iscontext: true right: value: - simple: Recorded Future + simple: Recorded Future v2 ignorecase: true - - operator: isEqualString left: @@ -243,7 +243,7 @@ tasks: recordedfutureriskrules: simple: ${RecordedFuture.IP.concatRules} value: - simple: ${RecordedFuture.IP.name} + simple: ${inputs.IP} separatecontext: false view: |- { diff --git a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_IP_Reputation.yml b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_IP_Reputation.yml index a5e0026d9620..7d15c9bee029 100644 --- a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_IP_Reputation.yml +++ b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_IP_Reputation.yml @@ -158,7 +158,7 @@ tasks: iscontext: true right: value: - simple: Recorded Future + simple: Recorded Future v2 ignorecase: true - - operator: isEqualString left: @@ -237,7 +237,7 @@ tasks: recordedfutureriskrules: simple: ${RecordedFuture.IP.rules} value: - simple: ${RecordedFuture.IP.name} + simple: ${inputs.IP} separatecontext: false view: |- { diff --git a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_Threat_Assessment.yml b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_Threat_Assessment.yml index 04765ea0907c..fe0c9b886dcd 100644 --- a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_Threat_Assessment.yml +++ b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_Threat_Assessment.yml @@ -161,7 +161,7 @@ tasks: iscontext: true right: value: - simple: Recorded Future + simple: Recorded Future v2 ignorecase: true - - operator: isEqualString left: diff --git a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_URL_Intelligence.yml b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_URL_Intelligence.yml index c38bfd0eada9..cf3df7a4b8fa 100644 --- a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_URL_Intelligence.yml +++ b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_URL_Intelligence.yml @@ -48,9 +48,6 @@ tasks: - "24" "yes": - "35" - scriptarguments: - value: - simple: inputs.url separatecontext: false conditions: - label: "yes" @@ -160,7 +157,7 @@ tasks: iscontext: true right: value: - simple: Recorded Future + simple: Recorded Future v2 ignorecase: true - - operator: isEqualString left: @@ -243,7 +240,7 @@ tasks: recordedfutureriskrules: simple: ${RecordedFuture.URL.concatRules} value: - simple: ${RecordedFuture.URL.name} + simple: ${inputs.URL} separatecontext: false view: |- { diff --git a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_URL_Reputation.yml b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_URL_Reputation.yml index d5674605b693..f9a8bf63f47a 100644 --- a/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_URL_Reputation.yml +++ b/Packs/RecordedFuture/Playbooks/playbook-Recorded_Future_URL_Reputation.yml @@ -48,9 +48,6 @@ tasks: - "24" "yes": - "35" - scriptarguments: - value: - simple: inputs.url separatecontext: false conditions: - label: "yes" @@ -160,7 +157,7 @@ tasks: iscontext: true right: value: - simple: Recorded Future + simple: Recorded Future v2 ignorecase: true - - operator: isEqualString left: @@ -237,7 +234,7 @@ tasks: recordedfutureriskrules: simple: ${RecordedFuture.URL.rules} value: - simple: ${RecordedFuture.URL.name} + simple: ${inputs.URL} separatecontext: false view: |- { diff --git a/Packs/RecordedFuture/ReleaseNotes/1_5_3.md b/Packs/RecordedFuture/ReleaseNotes/1_5_3.md index c62a77616f84..d3b25e207d65 100644 --- a/Packs/RecordedFuture/ReleaseNotes/1_5_3.md +++ b/Packs/RecordedFuture/ReleaseNotes/1_5_3.md @@ -2,4 +2,4 @@ ##### Recorded Future v2 - Upgraded the Docker image to: *demisto/python3:3.10.11.59070*. ##### Recorded Future Event Collector -- Upgraded the Docker image to: *demisto/python3:3.10.11.59070*. +- Upgraded the Docker image to: *demisto/python3:3.10.11.59070*. \ No newline at end of file diff --git a/Packs/RecordedFuture/ReleaseNotes/1_5_4.md b/Packs/RecordedFuture/ReleaseNotes/1_5_4.md new file mode 100644 index 000000000000..f728548197da --- /dev/null +++ b/Packs/RecordedFuture/ReleaseNotes/1_5_4.md @@ -0,0 +1,25 @@ +#### Playbooks +##### Recorded Future CVE Intelligence +- Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance +##### Recorded Future CVE Reputation +- Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance +##### Recorded Future Domain Intelligence +- Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance +##### Recorded Future Domain Reputation +- Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance +##### Recorded Future Entity Enrichment +- Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance +##### Recorded Future File Intelligence +- Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance +##### Recorded Future File Reputation +- Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance +##### Recorded Future IP Intelligence +- Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance +##### Recorded Future IP Reputation +- Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance +##### Recorded Future Threat Assessment +- Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance +##### Recorded Future URL Intelligence +- Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance +##### Recorded Future URL Reputation +- Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance \ No newline at end of file diff --git a/Packs/RecordedFuture/pack_metadata.json b/Packs/RecordedFuture/pack_metadata.json index abca2c66ba56..c093b780bb82 100644 --- a/Packs/RecordedFuture/pack_metadata.json +++ b/Packs/RecordedFuture/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Recorded Future Intelligence", "description": "Recorded Future App, this pack is previously known as 'RecordedFuture v2'", "support": "partner", - "currentVersion": "1.5.3", + "currentVersion": "1.5.4", "author": "Recorded Future", "url": "https://www.recordedfuture.com/support/demisto-integration/", "email": "support@recordedfuture.com", @@ -42,4 +42,4 @@ "xsoar", "marketplacev2" ] -} \ No newline at end of file +}