From d4a222cc68f56cfc67bf8a0bb9809badd8f548c9 Mon Sep 17 00:00:00 2001 From: rjmurray Date: Wed, 28 Aug 2024 09:14:43 +0100 Subject: [PATCH 1/3] SDK Bump --- plugins/palo_alto_cortex_xdr/.CHECKSUM | 6 +++--- plugins/palo_alto_cortex_xdr/Dockerfile | 2 +- plugins/palo_alto_cortex_xdr/bin/icon_palo_alto_cortex_xdr | 2 +- plugins/palo_alto_cortex_xdr/help.md | 1 + plugins/palo_alto_cortex_xdr/plugin.spec.yaml | 5 +++-- plugins/palo_alto_cortex_xdr/setup.py | 2 +- 6 files changed, 10 insertions(+), 8 deletions(-) diff --git a/plugins/palo_alto_cortex_xdr/.CHECKSUM b/plugins/palo_alto_cortex_xdr/.CHECKSUM index 71ea5f5a06..6dd05ca61a 100644 --- a/plugins/palo_alto_cortex_xdr/.CHECKSUM +++ b/plugins/palo_alto_cortex_xdr/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "4c4b12beb4b3a96ae6079eeb4876530c", - "manifest": "a31f3829257215b9a2c7033e63d20449", - "setup": "1de7057327642796416a3bc46dd6fc54", + "spec": "b3f072fd3011e2a5172412299a802d2e", + "manifest": "9a2adc1a99d29387c7a5325f0acf7110", + "setup": "ba1676a404daabafa12a37cf6cc3a716", "schemas": [ { "identifier": "allow_file/schema.py", diff --git a/plugins/palo_alto_cortex_xdr/Dockerfile b/plugins/palo_alto_cortex_xdr/Dockerfile index 36c24e5efa..62d679227c 100755 --- a/plugins/palo_alto_cortex_xdr/Dockerfile +++ b/plugins/palo_alto_cortex_xdr/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.0.1 +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.1.0 LABEL organization=rapid7 LABEL sdk=python diff --git a/plugins/palo_alto_cortex_xdr/bin/icon_palo_alto_cortex_xdr b/plugins/palo_alto_cortex_xdr/bin/icon_palo_alto_cortex_xdr index f951334eb1..470c97fd3e 100755 --- a/plugins/palo_alto_cortex_xdr/bin/icon_palo_alto_cortex_xdr +++ b/plugins/palo_alto_cortex_xdr/bin/icon_palo_alto_cortex_xdr @@ -6,7 +6,7 @@ from sys import argv Name = "Palo Alto Cortex XDR" Vendor = "rapid7" -Version = "4.0.0" +Version = "4.0.1" Description = "Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data" diff --git a/plugins/palo_alto_cortex_xdr/help.md b/plugins/palo_alto_cortex_xdr/help.md index 87b5cda146..939495ad59 100644 --- a/plugins/palo_alto_cortex_xdr/help.md +++ b/plugins/palo_alto_cortex_xdr/help.md @@ -820,6 +820,7 @@ Isolate Endpoint fails with 500 error - This will happen if an isolation action # Version History +* 4.0.1 - SDK Bump to 6.1.0 * 4.0.0 - `Get Alerts`: Fixed issue where trigger was failing due to empty output fields * 3.0.0 - Updated `hosts` output of `Get Incident` trigger and `Monitor Incident Events` task to separate host values | Update `insightconnect-plugin-runtime` to version 5 * 2.3.0 - Add types `xql_query_result` to `Get XQL Query Results` action's response | Add new trigger `Get Query Results` diff --git a/plugins/palo_alto_cortex_xdr/plugin.spec.yaml b/plugins/palo_alto_cortex_xdr/plugin.spec.yaml index 3c2955a091..8834b8e9c7 100644 --- a/plugins/palo_alto_cortex_xdr/plugin.spec.yaml +++ b/plugins/palo_alto_cortex_xdr/plugin.spec.yaml @@ -4,11 +4,11 @@ products: [insightconnect] name: palo_alto_cortex_xdr title: Palo Alto Cortex XDR description: Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data -version: 4.0.0 +version: 4.0.1 connection_version: 2 sdk: type: slim - version: 6.0.1 + version: 6.1.0 user: nobody supported_versions: ["2024-07-15 Palo Alto Cortex XDR API"] vendor: rapid7 @@ -37,6 +37,7 @@ key_features: - "Add files to the block or allow lists" troubleshooting: "Isolate Endpoint fails with 500 error - This will happen if an isolation action (Isolate or Unisolate) is in progress on the selected endpoint. Wait a few minutes and try again." version_history: + - "4.0.1 - SDK Bump to 6.1.0" - "4.0.0 - `Get Alerts`: Fixed issue where trigger was failing due to empty output fields" - "3.0.0 - Updated `hosts` output of `Get Incident` trigger and `Monitor Incident Events` task to separate host values | Update `insightconnect-plugin-runtime` to version 5" - "2.3.0 - Add types `xql_query_result` to `Get XQL Query Results` action's response | Add new trigger `Get Query Results`" diff --git a/plugins/palo_alto_cortex_xdr/setup.py b/plugins/palo_alto_cortex_xdr/setup.py index 08f3d94cd9..8a883d9a50 100755 --- a/plugins/palo_alto_cortex_xdr/setup.py +++ b/plugins/palo_alto_cortex_xdr/setup.py @@ -3,7 +3,7 @@ setup(name="palo_alto_cortex_xdr-rapid7-plugin", - version="4.0.0", + version="4.0.1", description="Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data", author="rapid7", author_email="", From 8aece67c0b7f424ad813c4f1bdcd28ead4010e35 Mon Sep 17 00:00:00 2001 From: rjmurray Date: Wed, 28 Aug 2024 11:35:53 +0100 Subject: [PATCH 2/3] Reverting Version --- plugins/palo_alto_cortex_xdr/.CHECKSUM | 6 +++--- plugins/palo_alto_cortex_xdr/bin/icon_palo_alto_cortex_xdr | 2 +- plugins/palo_alto_cortex_xdr/help.md | 2 +- plugins/palo_alto_cortex_xdr/plugin.spec.yaml | 4 ++-- plugins/palo_alto_cortex_xdr/setup.py | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/plugins/palo_alto_cortex_xdr/.CHECKSUM b/plugins/palo_alto_cortex_xdr/.CHECKSUM index 6dd05ca61a..f32b37962e 100644 --- a/plugins/palo_alto_cortex_xdr/.CHECKSUM +++ b/plugins/palo_alto_cortex_xdr/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "b3f072fd3011e2a5172412299a802d2e", - "manifest": "9a2adc1a99d29387c7a5325f0acf7110", - "setup": "ba1676a404daabafa12a37cf6cc3a716", + "spec": "461265b436c0f81eeac845ac08774f32", + "manifest": "a31f3829257215b9a2c7033e63d20449", + "setup": "1de7057327642796416a3bc46dd6fc54", "schemas": [ { "identifier": "allow_file/schema.py", diff --git a/plugins/palo_alto_cortex_xdr/bin/icon_palo_alto_cortex_xdr b/plugins/palo_alto_cortex_xdr/bin/icon_palo_alto_cortex_xdr index 470c97fd3e..f951334eb1 100755 --- a/plugins/palo_alto_cortex_xdr/bin/icon_palo_alto_cortex_xdr +++ b/plugins/palo_alto_cortex_xdr/bin/icon_palo_alto_cortex_xdr @@ -6,7 +6,7 @@ from sys import argv Name = "Palo Alto Cortex XDR" Vendor = "rapid7" -Version = "4.0.1" +Version = "4.0.0" Description = "Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data" diff --git a/plugins/palo_alto_cortex_xdr/help.md b/plugins/palo_alto_cortex_xdr/help.md index 939495ad59..1984e4bfbd 100644 --- a/plugins/palo_alto_cortex_xdr/help.md +++ b/plugins/palo_alto_cortex_xdr/help.md @@ -820,7 +820,7 @@ Isolate Endpoint fails with 500 error - This will happen if an isolation action # Version History -* 4.0.1 - SDK Bump to 6.1.0 +* 4.0.0 - SDK Bump to 6.1.0 * 4.0.0 - `Get Alerts`: Fixed issue where trigger was failing due to empty output fields * 3.0.0 - Updated `hosts` output of `Get Incident` trigger and `Monitor Incident Events` task to separate host values | Update `insightconnect-plugin-runtime` to version 5 * 2.3.0 - Add types `xql_query_result` to `Get XQL Query Results` action's response | Add new trigger `Get Query Results` diff --git a/plugins/palo_alto_cortex_xdr/plugin.spec.yaml b/plugins/palo_alto_cortex_xdr/plugin.spec.yaml index 8834b8e9c7..5bee63a76e 100644 --- a/plugins/palo_alto_cortex_xdr/plugin.spec.yaml +++ b/plugins/palo_alto_cortex_xdr/plugin.spec.yaml @@ -4,7 +4,7 @@ products: [insightconnect] name: palo_alto_cortex_xdr title: Palo Alto Cortex XDR description: Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data -version: 4.0.1 +version: 4.0.0 connection_version: 2 sdk: type: slim @@ -37,7 +37,7 @@ key_features: - "Add files to the block or allow lists" troubleshooting: "Isolate Endpoint fails with 500 error - This will happen if an isolation action (Isolate or Unisolate) is in progress on the selected endpoint. Wait a few minutes and try again." version_history: - - "4.0.1 - SDK Bump to 6.1.0" + - "4.0.0 - SDK Bump to 6.1.0" - "4.0.0 - `Get Alerts`: Fixed issue where trigger was failing due to empty output fields" - "3.0.0 - Updated `hosts` output of `Get Incident` trigger and `Monitor Incident Events` task to separate host values | Update `insightconnect-plugin-runtime` to version 5" - "2.3.0 - Add types `xql_query_result` to `Get XQL Query Results` action's response | Add new trigger `Get Query Results`" diff --git a/plugins/palo_alto_cortex_xdr/setup.py b/plugins/palo_alto_cortex_xdr/setup.py index 8a883d9a50..08f3d94cd9 100755 --- a/plugins/palo_alto_cortex_xdr/setup.py +++ b/plugins/palo_alto_cortex_xdr/setup.py @@ -3,7 +3,7 @@ setup(name="palo_alto_cortex_xdr-rapid7-plugin", - version="4.0.1", + version="4.0.0", description="Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data", author="rapid7", author_email="", From e5627b0e5d2b2e6a703333c063f9653c92be0e0d Mon Sep 17 00:00:00 2001 From: rjmurray Date: Wed, 28 Aug 2024 11:41:12 +0100 Subject: [PATCH 3/3] Updating help.md --- plugins/palo_alto_cortex_xdr/.CHECKSUM | 2 +- plugins/palo_alto_cortex_xdr/help.md | 3 +-- plugins/palo_alto_cortex_xdr/plugin.spec.yaml | 3 +-- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/plugins/palo_alto_cortex_xdr/.CHECKSUM b/plugins/palo_alto_cortex_xdr/.CHECKSUM index f32b37962e..573fc1585e 100644 --- a/plugins/palo_alto_cortex_xdr/.CHECKSUM +++ b/plugins/palo_alto_cortex_xdr/.CHECKSUM @@ -1,5 +1,5 @@ { - "spec": "461265b436c0f81eeac845ac08774f32", + "spec": "2e275fa7720d4f2670ada9604b1a838f", "manifest": "a31f3829257215b9a2c7033e63d20449", "setup": "1de7057327642796416a3bc46dd6fc54", "schemas": [ diff --git a/plugins/palo_alto_cortex_xdr/help.md b/plugins/palo_alto_cortex_xdr/help.md index 1984e4bfbd..1986caaa8c 100644 --- a/plugins/palo_alto_cortex_xdr/help.md +++ b/plugins/palo_alto_cortex_xdr/help.md @@ -820,8 +820,7 @@ Isolate Endpoint fails with 500 error - This will happen if an isolation action # Version History -* 4.0.0 - SDK Bump to 6.1.0 -* 4.0.0 - `Get Alerts`: Fixed issue where trigger was failing due to empty output fields +* 4.0.0 - `Get Alerts`: Fixed issue where trigger was failing due to empty output fields | SDK Bump to 6.1.0 * 3.0.0 - Updated `hosts` output of `Get Incident` trigger and `Monitor Incident Events` task to separate host values | Update `insightconnect-plugin-runtime` to version 5 * 2.3.0 - Add types `xql_query_result` to `Get XQL Query Results` action's response | Add new trigger `Get Query Results` * 2.2.1 - Fix issue in Get Incidents trigger where fields with null values were causing trigger to fail diff --git a/plugins/palo_alto_cortex_xdr/plugin.spec.yaml b/plugins/palo_alto_cortex_xdr/plugin.spec.yaml index 5bee63a76e..79a0b41b1f 100644 --- a/plugins/palo_alto_cortex_xdr/plugin.spec.yaml +++ b/plugins/palo_alto_cortex_xdr/plugin.spec.yaml @@ -37,8 +37,7 @@ key_features: - "Add files to the block or allow lists" troubleshooting: "Isolate Endpoint fails with 500 error - This will happen if an isolation action (Isolate or Unisolate) is in progress on the selected endpoint. Wait a few minutes and try again." version_history: - - "4.0.0 - SDK Bump to 6.1.0" - - "4.0.0 - `Get Alerts`: Fixed issue where trigger was failing due to empty output fields" + - "4.0.0 - `Get Alerts`: Fixed issue where trigger was failing due to empty output fields | SDK Bump to 6.1.0" - "3.0.0 - Updated `hosts` output of `Get Incident` trigger and `Monitor Incident Events` task to separate host values | Update `insightconnect-plugin-runtime` to version 5" - "2.3.0 - Add types `xql_query_result` to `Get XQL Query Results` action's response | Add new trigger `Get Query Results`" - "2.2.1 - Fix issue in Get Incidents trigger where fields with null values were causing trigger to fail"