Change all paths in Readme and Description file-part6

Packs/BitDam/Playbooks/playbook-BitDam_Scan_File_README.md

@@ -43,4 +43,4 @@ This playbook does not use any integrations.
 
 ## Playbook Image
 ---
-![Detonate_File_-_BitDam](https://raw.githubusercontent.com/demisto/content/1bdd5229392bd86f0cc58265a24df23ee3f7e662/docs/images/playbooks/Detonate_File_-_BitDam.png)
+![Detonate_File_-_BitDam](../doc_files/BitDam_Scan_File.png)

Packs/BreachNotification-US/README.md

@@ -15,4 +15,4 @@ As part of this pack, you will also get out-of-the-box US breach notification in
 
 _For more information, visit our [Cortex XSOAR Developer Docs](https://xsoar.pan.dev/docs/reference/playbooks/us---breach-notification)_
 
-![US-BreachNotification](https://raw.githubusercontent.com/demisto/content/master/Packs/BreachNotification-US/doc_files/US_-_Breach_Notification.png)
+![US-BreachNotification](doc_files/US_-_Breach_Notification.png)

Packs/BruteForce/README.md

@@ -19,4 +19,4 @@ As part of this pack, you will also get out-of-the-box Brute Force incident type
 
 _For more information, visit our  [Cortex XSOAR Developer Docs](https://xsoar.pan.dev/docs/reference/playbooks/brute-force-investigation---generic)_
 
-![Brute Force Investigation - Generic](https://raw.githubusercontent.com/demisto/content/7255df3f657fa784586367a9552141b3916a263d/Packs/BruteForce/doc_files/Brute_Force_Investigation_-_Generic.png)
+![Brute Force Investigation - Generic](doc_files/Brute_Force_Investigation_-_Generic.png)

Packs/CVE_2021_44228/README.md

@@ -23,4 +23,4 @@ More information about the vulnerability:
 
 Note: This is a beta playbook, which lets you implement and test pre-release software. Since the playbook is beta, it might contain bugs. Updates to the pack during the beta phase might include non-backward compatible features. We appreciate your feedback on the quality and usability of the pack to help us identify issues, fix them, and continually improve.
 
-![CVE-2021-44228 - Log4j RCE](https://raw.githubusercontent.com/demisto/content/f28245475f1e121bad9c8b64bbb1a11694ca04f1/Packs/CVE_2021_44228/doc_files/CVE-2021-44228_-_Log4j_RCE.png)
+![CVE-2021-44228 - Log4j RCE](doc_files/CVE-2021-44228_-_Log4j_RCE.png)

Packs/CVE_2022_26134/README.md

@@ -25,4 +25,4 @@ This playbook includes the following tasks:
 **Note:** This is a beta playbook, which lets you implement and test pre-release software. Since the playbook is beta, it might contain bugs. Updates to the pack during the beta phase might include non-backward compatible features. We appreciate your feedback on the quality and usability of the pack to help us identify issues, fix them, and continually improve.
 
 
-![CVE-2022-26134 - Confluence RCE](https://raw.githubusercontent.com/demisto/content/d6d448f2cf2d12de2d7d84e3c67369fa273a4289/Packs/CVE_2022_26134/doc_files/CVE-2022-26134_-_Confluence_RCE.png)
+![CVE-2022-26134 - Confluence RCE](doc_files/CVE-2022-26134_-_Confluence_RCE.png)

Packs/Campaign/README.md

@@ -1,28 +1,27 @@
-When a suspicious email is detected, you can use this pack to determine whether the email is part of a bigger phishing campaign, and to understand its scale and potential risks.
-
-## What does this pack do?
-
-The pack includes the **FindEmailCampaign** script which enables you to: 
-- Filter past email incidents according to multiple search criteria such as incident types, email body and/or subject, email sender and more.
-- Define criteria for a collection of related email incidents to be considered a campaign: minimum number of incidents, minimum number of unique recipients and machine-learning driven similarity threshold between emails.
-
-The script output indicates whether a campaign was identified. When a campaign is identified, more information about the campaign is provided: number of incidents involved in the campaign, indicators involved in the campaign and more.
-This allows the user to take additional steps on the campaign findings, like blocking the email of the campaign sender or notifying the email recipients about the campaign.
-
-
-## How does this pack work?
-
-- You can use the FindEmailCampaign script from this pack on any existing email incident to search through past incidents of the same type and identify campaigns.
-- You can use the data gathered from the FindEmailCampaign script to close existing incidents as duplicates and to let the recipients know about the detected campaign.
-- You can use the data gathered from the FindEmailCampaign script to identify malicious indicators used in the campaign and block them.
-- The pack expects you to have pre-existing email incidents created from a mail listener such as EWS v2.
-- The Phishing content pack is required because the **FindEmailCampaign** script uses the **FindDuplicateEmailIncidents** script from that pack.
-
-_For more information, visit our [Cortex XSOAR Developer Docs](https://xsoar.pan.dev/docs/reference/packs/phishing-campaign)._
-
-![image](https://raw.githubusercontent.com/demisto/content/master/Images/campaign-overview.png)
-
-![image](https://raw.githubusercontent.com/demisto/content/master/Images/campaign-canvas.png)
-
-
-
+When a suspicious email is detected, you can use this pack to determine whether the email is part of a bigger phishing campaign, and to understand its scale and potential risks.
+
+## What does this pack do?
+
+The pack includes the **FindEmailCampaign** script which enables you to: 
+- Filter past email incidents according to multiple search criteria such as incident types, email body and/or subject, email sender and more.
+- Define criteria for a collection of related email incidents to be considered a campaign: minimum number of incidents, minimum number of unique recipients and machine-learning driven similarity threshold between emails.
+
+The script output indicates whether a campaign was identified. When a campaign is identified, more information about the campaign is provided: number of incidents involved in the campaign, indicators involved in the campaign and more.
+This allows the user to take additional steps on the campaign findings, like blocking the email of the campaign sender or notifying the email recipients about the campaign.
+
+
+## How does this pack work?
+
+- You can use the FindEmailCampaign script from this pack on any existing email incident to search through past incidents of the same type and identify campaigns.
+- You can use the data gathered from the FindEmailCampaign script to close existing incidents as duplicates and to let the recipients know about the detected campaign.
+- You can use the data gathered from the FindEmailCampaign script to identify malicious indicators used in the campaign and block them.
+- The pack expects you to have pre-existing email incidents created from a mail listener such as EWS v2.
+- The Phishing content pack is required because the **FindEmailCampaign** script uses the **FindDuplicateEmailIncidents** script from that pack.
+
+_For more information, visit our [Cortex XSOAR Developer Docs](https://xsoar.pan.dev/docs/reference/packs/phishing-campaign)._
+c
+
+![image](doc_files/campaign-canvas.png)
+
+
+

Packs/CarbonBlackProtect/Playbooks/playbook-Carbon_black_Protection_Rapid_IOC_Hunting_README.md

@@ -27,4 +27,4 @@ There are no outputs for this playbook.
 
 ## Playbook Image
 ---
-![Carbon_black_Protection_Rapid_IOC_Hunting](https://raw.githubusercontent.com/demisto/content/1bdd5229392bd86f0cc58265a24df23ee3f7e662/docs/images/playbooks/Carbon_black_Protection_Rapid_IOC_Hunting.png)
+![Carbon_black_Protection_Rapid_IOC_Hunting](../doc_files/Carbon_black_Protection_Rapid_IOC_Hunting.png)

Packs/CarbonBlackProtect/Playbooks/playbook-Search_Endpoints_By_Hash_-_Carbon_Black_Protection_README.md

@@ -35,4 +35,4 @@ This playbook does not use any sub-playbooks.
 
 ## Playbook Image
 ---
-![Search_Endpoints_By_Hash_Carbon_Black_Protection](https://raw.githubusercontent.com/demisto/content/f975de39b05cd3560b782f54d37637741d87ff65/docs/images/playbooks/Search_Endpoints_By_Hash_Carbon_Black_Protection.png)
+![Search_Endpoints_By_Hash_Carbon_Black_Protection](../doc_files/Search_Endpoints_By_Hash_-_Carbon_Black_Protection.png)

Packs/CiscoASA/README.md

@@ -26,7 +26,7 @@ Another supported date format is "Jul 08 09:14:35 UTC".
 
 **Note** : If a different timestamp format is used, time extraction and mapping will not be supported.
 
-![Server Screenshot](https://raw.githubusercontent.com/demisto/content/8a2f8a41f73e9d9f4e20693e3b99dc6b75336321/Packs/CiscoASA/docs_imgs/CiscoASDM_timestamp.png)
+![Server Screenshot](docs_imgs/CiscoASDM_timestamp.png)
 
 
 ### The supported events on Modeling rules:

Packs/CitrixADC/README.md

@@ -5,13 +5,13 @@ This pack includes Cortex XSIAM content.
 You need to configure an audit log policy in the Citrix ADC UI.
 
 1. Navigate to **Configuration** > **System** > **Auditing** > **Syslog**.
-![Server Screenshot](https://raw.githubusercontent.com/demisto/content/6bdec7b07cba1473f92fe12319f8b812ea45494c/Packs/CitrixADC/doc_imgs/citrixadc1.png)
+![Server Screenshot](../doc_files/citrixadc1.png)
 2. Select **Servers** tab.
 3. Click **Add**.
 4. In the **Create Auditing Server** page, populate the relevant fields, and click **Create**.
 5. To add the policy, select the **Policies** tab, and click **Add**.
 6. In the **Create Auditing Syslog Policy** page, populate the relevant fields, and click **Create**.
-![Server Screenshot](https://raw.githubusercontent.com/demisto/content/6bdec7b07cba1473f92fe12319f8b812ea45494c/Packs/CitrixADC/doc_imgs/citrixadc2.png)
+![Server Screenshot](../doc_file/citrixadc2.png)
 7. To bind the policy globally, select **Advanced Policy Global Bindings** from the dropdown list. Select the **best_syslog_policy_ever** policy. Click **Select**.
 8. From the dropdown list, select the bind point as **SYSTEM_GLOBAL** and click **Bind**, and then click **Done**.
 9. Navigate to **System** > **Auditing** > **Message Actions**, and create the audit message action.

Packs/CohesityHelios/README.md

@@ -2,11 +2,11 @@
 
 This content pack from Cohesity provides Cortex XSOAR customers with alerts by integrating ransomware detection into an automated playbook for managing ransomware attack recovery to help reduce [ransomware risk](https://www.cohesity.com/dm/ransomware-risk-assessment/?utm_content=ransomware-quiz&utm_medium=ppc&utm_source=google&utm_campaign=fy22-q2-11-glob-en-evergreen-backup-recovery&utm_term=cohesity%20security&utm_targetid=kwd-1392771848867&gclid=Cj0KCQiAk4aOBhCTARIsAFWFP9HNb7Kw18i2ZqwxikFPu_pqUJjBeBsIe1_yVhKYHiLtTinbqoi-fvMaAg8oEALw_wcB).
 
-![Protect Backup](https://github.com/cohesity/cortex-xsoar/raw/97238bd730522c292046100ab775ec40c67ce5b6/Packs/CohesityHelios/doc_files/protect_backup.png)
+![Protect Backup](doc_files/protect_backup.png)
 
 Cohesity’s comprehensive, end-to-end solution [Cohesity Ransomware](https://www.cohesity.com/solutions/ransomware/) features a multi-layered approach to protect backup data against ransomware, detect, and rapidly recover from an attack. Cohesity’s unique [immutable architecture](https://www.cohesity.com/blogs/how-backup-immutability-defends-against-ransomware-attacks/) ensures that your backup data cannot be encrypted, modified or deleted. Using machine learning, it provides visibility and continuously monitors for any anomalies in your data. And if the worst happens, Cohesity helps to locate a clean copy of data across your global footprint, including public clouds, to instantly recover and reduce downtime.
 
-![Reduce Downtime](https://github.com/cohesity/cortex-xsoar/raw/97238bd730522c292046100ab775ec40c67ce5b6/Packs/CohesityHelios/doc_files/reduce_downtime.png)
+![Reduce Downtime](doc_files/reduce_downtime.png)
 
 #### What does this pack provide?
 

Packs/CyrenInboxSecurity/README.md

@@ -18,7 +18,7 @@ Evasive phishing, BEC and fraud attacks are getting past existing email defenses
 
 
 
-![Cyren Inbox Security](https://raw.githubusercontent.com/cyrencloud/content/cis-cortex/Packs/CyrenInboxSecurity/doc_files/CIS_Icons.png)
+![Cyren Inbox Security](doc_files/CIS_Icons.png)
 
 
 
@@ -64,7 +64,7 @@ Our seamless mailbox plugin lets users scan and report suspicious emails at will
 
 
 
-![Cyren Inbox Security](https://raw.githubusercontent.com/cyrencloud/content/cis-cortex/Packs/CyrenInboxSecurity/doc_files/CIS_Hero_Diagram.png)
+![Cyren Inbox Security](doc_files/CIS_Hero_Diagram.png)
 
 
 

Packs/DevSecOps/README.md

@@ -1,23 +1,23 @@
 DevSecOps content pack contains multiple integrations and playbooks to help shifting security as left as the planning stage of a continues integration pipeline and make DevSecOps orchestration to be within reach.
 
-![](https://github.com/demisto/content/raw/ede7f0dc6211dd5aeaec77fa9912d9a57d5976b0/Packs/DevSecOps/doc_files/Inspiration.png)
+![](doc_files/Inspiration.png)
 
 While CI/CD orchestration tools such as Jenkins, CircleCI and others were primarily built by and to developers, SOAR is better positioned to bridge this orchestration gap between DevOps and SecOps for the following reasons:
-![](https://github.com/demisto/content/raw/ede7f0dc6211dd5aeaec77fa9912d9a57d5976b0/Packs/DevSecOps/doc_files/Playbooks.png)
+![](doc_files/Playbooks.png)
 * CI/CD orchestration pipelines are arguably easy to read and troubleshoot by developers , SOAR provides the same orchestration workflow in two different formats that are readable by both Developers and Security Analysts.
-![](https://github.com/demisto/content/raw/ede7f0dc6211dd5aeaec77fa9912d9a57d5976b0/Packs/DevSecOps/doc_files/SOAR%20Features.png)
+![](doc_files/SOAR_Features.png)
 * SOAR provides way more to a DevSecOps Eco-System than CI/CD Orchestrator does:
     * Collaboration between teams members in the Eco-System.
     * Cases management.
     * Central reporting and long list of out of box integrations with security tools.
 
 With SOAR integrations, playbooks, fields, XSOAR can be turned into a DevSecOps Orchestrator that taps in a DevSecOps Eco-System and solve for a spectrum of use cases in different stages of CI/CD piplines.
 
-![](https://github.com/demisto/content/raw/ede7f0dc6211dd5aeaec77fa9912d9a57d5976b0/Packs/DevSecOps/doc_files/DevOps%20Services.png)
+![](doc_files/DevOps_Services.png)
 
 From threat-modeling in the **Planning** stage to IaC security in **Dev**, static code analysis in **Build**, post deployment scans in **Deploy** and **Monitoring**/Responding to incidents once the code is running in production.
 
-![](https://github.com/demisto/content/raw/ede7f0dc6211dd5aeaec77fa9912d9a57d5976b0/Packs/DevSecOps/doc_files/Architecture.png)
+![](doc_files/Architecture.png)
 
 This content pack will be updated with more integrations with different software factory tools:
 

Packs/DomainTools_Iris/Playbooks/playbook-Indicator_Pivoting-DomainTools_Iris_README.md

@@ -128,4 +128,4 @@ This playbook does not use any scripts.
 
 ## Playbook Image
 ---
-![Indicator_Pivoting-DomainTools_Iris](https://raw.githubusercontent.com/demisto/content/1bdd5229392bd86f0cc58265a24df23ee3f7e662/docs/images/playbooks/Indicator_Pivoting_DomainTools_Iris.png)
+![Indicator_Pivoting-DomainTools_Iris](../doc_files/Indicator_Pivoting-DomainTools_Iris.png)

Packs/ExtraHop/Playbooks/playbook-ExtraHop_-_CVE-2019-0708_BlueKeep_README.md

@@ -41,4 +41,4 @@ This playbook uses the following sub-playbooks, integrations, and scripts.
 
 ## Playbook Image
 ---
-![ExtraHop_CVE-2019-0708_(BlueKeep)](https://raw.githubusercontent.com/demisto/content/1bdd5229392bd86f0cc58265a24df23ee3f7e662/docs/images/playbooks/ExtraHop_CVE-2019-0708_(BlueKeep).png)
+![ExtraHop_CVE-2019-0708_(BlueKeep)](../doc_files/ExtraHop_-_CVE-2019-0708_BlueKeep.png)

Packs/ExtraHop/Playbooks/playbook-ExtraHop_-_Default_README.md

@@ -32,4 +32,4 @@ There are no inputs for this playbook.
 
 ## Playbook Image
 ---
-![ExtraHop_Default](../doc_files/ExtraHop_Default.png)
+![ExtraHop_Default](../doc_files/ExtraHop_-_Default.png)

Packs/ExtraHop/Playbooks/playbook-ExtraHop_-_Get_Peers_by_Host_README.md

@@ -38,4 +38,4 @@ This playbook does not use any integrations.
 
 ## Playbook Image
 ---
-![ExtraHop_Get_Peers_by_Host](https://raw.githubusercontent.com/demisto/content/1bdd5229392bd86f0cc58265a24df23ee3f7e662/docs/images/playbooks/ExtraHop_Get_Peers_by_Host.png)
+![ExtraHop_Get_Peers_by_Host](../doc_files/ExtraHop_-_Get_Peers_by_Host.png)

Packs/ExtraHop/README.md

@@ -10,14 +10,14 @@ This integration enables the following investigative tasks and workflows in Cort
 
 The following figures show an example of an ExtraHop Reveal(x) detection and the resulting playbook workflows in Cortex XSOAR.
 
-![ExtraHop detection card](https://github.com/demisto/content/raw/master/Packs/ExtraHop/doc_files/ExtraHop_Detection_CVE-2019-0708_BlueKeep.png)
+![ExtraHop detection card](doc_files/ExtraHop_Detection_CVE-2019-0708_BlueKeep.png)
 
 *Figure 1. Reveal(x) detection card for CVE-2019-0708 RDP Exploit Attempt*
 
-![Cortex XSOAR playbook: ExtraHop Default](https://github.com/demisto/content/raw/master/Packs/ExtraHop/doc_files/ExtraHop_Default.png)
+![Cortex XSOAR playbook: ExtraHop Default](doc_files/ExtraHop_-_Default.png)
 
 *Figure 2. Reveal(x) Default playbook to set up ticket tracking and run the BlueKeep playbook*
 
-![Cortex XSOAR playbook: ExtraHop CVE-2019-0708 BlueKeep](https://github.com/demisto/content/raw/master/Packs/ExtraHop/doc_files/ExtraHop_CVE-2019-0708_BlueKeep.png)
+![Cortex XSOAR playbook: ExtraHop CVE-2019-0708 BlueKeep](doc_files/ExtraHop_-_CVE-2019-0708_BlueKeep.png)
 
 *Figure 3. Reveal(x) CVE-2019-0708 BlueKeep playbook to automate detailed network investigation*

Packs/ThreatIntelReports/ReleaseNotes/1_0_21.md

@@ -0,0 +1,3 @@
+## Threat Intel Reports (BETA)
+
+- Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Packs/ThreatIntelReports/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Threat Intel Reports (BETA)",
     "description": "Threat Intel Reports gives the user the ability to create, review, publish, and export threat intelligence reports.",
     "support": "xsoar",
-    "currentVersion": "1.0.20",
+    "currentVersion": "1.0.21",
     "serverMinVersion": "6.5.0",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",

Packs/Whois/ReleaseNotes/1_5_21.md

@@ -0,0 +1,4 @@
+
+## Whois
+
+- Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Packs/Whois/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Whois",
     "description": "This Content Pack helps you run Whois commands as playbook tasks or real-time actions within Cortex XSOAR to obtain valuable domain metadata.",
     "support": "xsoar",
-    "currentVersion": "1.5.20",
+    "currentVersion": "1.5.21",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",