From 976b7986725bae643ee04626c531d08fa3037343 Mon Sep 17 00:00:00 2001 From: Mai Morag <81917647+maimorag@users.noreply.github.com> Date: Wed, 6 Mar 2024 17:47:14 +0200 Subject: [PATCH] fix a bug in fetch-indicators (#32991) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix * fix fetch using timestamp * cr notes * adding unify * cr * after meeting with the client fix * after meeting with the client fixing tests 2 * fixing fetching above 2000 indicators * fixing fetching * fixing fetching * adding unify for customer * Bump gitpython from 3.1.40 to 3.1.41 (#32119) * Bump gitpython from 3.1.40 to 3.1.41 Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.40 to 3.1.41. - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.40...3.1.41) --- updated-dependencies: - dependency-name: gitpython dependency-type: indirect ... Signed-off-by: dependabot[bot] * update pre-commit dependencies --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * Bump pillow from 10.1.0 to 10.2.0 (#32356) Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.1.0 to 10.2.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](https://github.com/python-pillow/Pillow/compare/10.1.0...10.2.0) --- updated-dependencies: - dependency-name: pillow dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * Notify External PR Merge (#32349) * added new action * Test SK (#32350) * Jira bugfix in edit issue - xsup 31954 (#32041) * Added tests * Updated RNs * Updated docstrings * Updated TPB * Updated command description * Updated RNs --------- Co-authored-by: Anas Yousef <44998563+anas-yousef@users.noreply.github.com> * Update AMPv2.yml --------- Co-authored-by: israelpoli <72099621+israelpoli@users.noreply.github.com> Co-authored-by: Anas Yousef <44998563+anas-yousef@users.noreply.github.com> * Revert "Test SK" (#32352) * Fixed * Update .github/workflows/create-internal-pr-from-external.yml Co-authored-by: RotemAmit * Update .github/workflows/create-internal-pr-from-external.yml Co-authored-by: RotemAmit --------- Co-authored-by: israelpoli <72099621+israelpoli@users.noreply.github.com> Co-authored-by: Anas Yousef <44998563+anas-yousef@users.noreply.github.com> Co-authored-by: RotemAmit * added 'W291, # trailing-whitespace' to pyproject.toml and nightly (#32862) * [greynoise-266] New Pack - FeedGreyNoiseIndicator (#32514) (#32942) * updates * pre-commit and readme * pre-commit * updates * more updates * fix tests * fix tests * fix formatting * fix pack ver check * update tests * fix flake8 and secrets * feedback * updates * feedback updates * fix default feedRep * add notes to docs * update docker image num Co-authored-by: Brad Chiappetta <38439955+bradchiappetta@users.noreply.github.com> * Fix CommonServerPython mypy (#32931) * Update docker images of `CommonScript` items (#32938) * Update `demisto/xslxwriter` 70-100 coverage rate (#32763) * upgrade images * update RN * Bump pack from version CommonScripts to 1.13.34. * Bump pack from version CommonScripts to 1.13.35. * Bump pack from version CommonScripts to 1.13.36. * Bump pack from version CommonScripts to 1.13.37. * Bump pack from version CommonScripts to 1.13.38. * Bump pack from version CommonScripts to 1.13.39. * revert RN --------- Co-authored-by: Content Bot * Update `demisto/xml-feed` 70-100 coverage rate (#32762) * upgrade images * revert * update RN * Bump pack from version CommonScripts to 1.13.34. * Bump pack from version CommonScripts to 1.13.35. * Bump pack from version CommonScripts to 1.13.36. * Bump pack from version CommonScripts to 1.13.37. * Bump pack from version CommonScripts to 1.13.38. * Bump pack from version CommonScripts to 1.13.39. * revert RN --------- Co-authored-by: Content Bot * Update `demisto/bs4-py3` 70-100 coverage rate (#32741) * upgrade images * update RN * Bump pack from version CommonScripts to 1.13.34. * Bump pack from version CommonScripts to 1.13.35. * Bump pack from version CommonScripts to 1.13.36. * Bump pack from version CommonScripts to 1.13.37. * Bump pack from version CommonScripts to 1.13.38. * Bump pack from version FiltersAndTransformers to 1.2.59. * Bump pack from version CommonScripts to 1.13.39. * revert RN --------- Co-authored-by: Content Bot * Update `demisto/bs4-tld` 0-10 coverage rate (#32744) * upgrade images * update RN * Bump pack from version CommonScripts to 1.13.34. * Bump pack from version CommonScripts to 1.13.35. * Bump pack from version CommonScripts to 1.13.36. * Bump pack from version CommonScripts to 1.13.37. * Bump pack from version CommonScripts to 1.13.38. * Bump pack from version CommonScripts to 1.13.39. * revert RN --------- Co-authored-by: Content Bot * Update `demisto/btfl-soup` 70-100 coverage rate (#32745) * upgrade images * update RN * Bump pack from version CommonScripts to 1.13.34. * Bump pack from version CommonScripts to 1.13.35. * Bump pack from version CommonScripts to 1.13.36. * Bump pack from version CommonScripts to 1.13.37. * Bump pack from version CommonScripts to 1.13.38. * Bump pack from version CommonScripts to 1.13.39. * revert RN --------- Co-authored-by: Content Bot * Update `demisto/netutils` 70-100 coverage rate (#32752) * upgrade images * update RN * Bump pack from version CommonScripts to 1.13.34. * Bump pack from version CommonScripts to 1.13.35. * Bump pack from version CommonScripts to 1.13.36. * Bump pack from version CommonScripts to 1.13.37. * Bump pack from version CommonScripts to 1.13.38. * Bump pack from version CommonScripts to 1.13.39. * revert RN --------- Co-authored-by: Content Bot * Update `demisto/nltk` 70-100 coverage rate (#32753) * upgrade images * update RN * Bump pack from version CommonScripts to 1.13.34. * Bump pack from version CommonScripts to 1.13.35. * Bump pack from version CommonScripts to 1.13.36. * Bump pack from version CommonScripts to 1.13.37. * Bump pack from version CommonScripts to 1.13.38. * Bump pack from version CommonScripts to 1.13.39. * revert RN --------- Co-authored-by: Content Bot * Update `demisto/pcap-http-extractor` 70-100 coverage rate (#32754) * upgrade images * update RN * Bump pack from version CommonScripts to 1.13.34. * Bump pack from version CommonScripts to 1.13.35. * Bump pack from version CommonScripts to 1.13.36. * Bump pack from version CommonScripts to 1.13.37. * Bump pack from version CommonScripts to 1.13.38. * Bump pack from version CommonScripts to 1.13.39. * revert RN --------- Co-authored-by: Content Bot * Update `demisto/python3-deb` 70-100 coverage rate (#32759) * upgrade images * update RN * Bump pack from version CommonScripts to 1.13.34. * Bump pack from version CommonScripts to 1.13.35. * Bump pack from version CommonScripts to 1.13.36. * Bump pack from version CommonScripts to 1.13.37. * Bump pack from version CommonScripts to 1.13.38. * Bump pack from version CommonScripts to 1.13.39. * revert RN --------- Co-authored-by: Content Bot * Update `demisto/unzip` 40-55 coverage rate (#32761) * upgrade images * update RN * Bump pack from version CommonScripts to 1.13.34. * Bump pack from version CommonScripts to 1.13.35. * Bump pack from version CommonScripts to 1.13.36. * Bump pack from version CommonScripts to 1.13.37. * Bump pack from version CommonScripts to 1.13.38. * Bump pack from version CommonScripts to 1.13.39. * revert RN --------- Co-authored-by: Content Bot * update RN * Bump pack from version FiltersAndTransformers to 1.2.60. --------- Co-authored-by: Content Bot * [ASM] EXPANDR-3608: store potential offending firewall rules (#32721) (#32940) * update GCP enrich play * RN * Apply suggestions from code review * update field name and bump ver --------- Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * XSUP-31342 - XDR mirroring changes incident resolution (#32359) * added more debug logs to the mirroring process * more debug logs * updated the schema * added ckose_reason * updated the schema name * updated the outgoing mapper and some debug logs * added RN * Bump pack from version CortexXDR to 6.1.14. * Bump pack from version CortexXDR to 6.1.15. * updated test_get_mapping_fields_command * updated handle_outgoing_issue_closure to use close_reason or closeReason * updated RN and docker image * added a unit test test_handle_outgoing_issue_closure * added RN to core pack and ctf01 pack * Bump pack from version CortexXDR to 6.1.16. * updated the RN * added an incident type to the outgoing mapper and updated the RN --------- Co-authored-by: Content Bot * Domaintools iris release v2.0.1 (#32880) (#32946) * first pass at fixing proxy use * don't use empty strings * avoid empty string * fix docker tag, add release notes * update release notes with docker image * Update Packs/DomainTools_Iris/ReleaseNotes/2_0_1.md --------- Co-authored-by: Wesley Agena Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com> * revert docker changes (#32944) * AWS Require Region (#32687) * init * update docker * update docker * update docker * RN * fix conflicts * update docker * fix conflicts * Update `demisto/fastapi` 70-100 coverage rate (#32573) * upgrade images * update RN * fix pb parser (#32826) * fix pb parser - test * change xpanse stuff * remove poetry changes * more xpanse changes * fix gr103 * YR/Handle long running pipelines, and commits with no pipelines/CIAC-9386 (#32462) * Fix GetIndicatorDBotScoreFromCache to handle better a special character (#31070) * a fix and a test * docker image update * added rn * Bump pack from version CommonScripts to 1.12.47. * unit test fix * unit test fix * unit test fix * Bump pack from version CommonScripts to 1.12.48. * Bump pack from version CommonScripts to 1.12.49. * Update Packs/CommonScripts/ReleaseNotes/1_12_49.md Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> --------- Co-authored-by: Content Bot Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * change pack support to community (#31110) * change pack support to community * first level header so im told * Update Packs/DeveloperTools/ReleaseNotes/1_3_0.md Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> * Update Packs/DeveloperTools/ReleaseNotes/1_3_0.md Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> --------- Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> * removed GIT_DEPTH (#31141) * support multiple entry ids in ImageOCR (#31145) * Fix taxi feed observables extraction (#31120) * fixed an isssue where taxi feed will fail to retreive all indicators due to wrong extraction from XML blocks. * added rn * update docker * update test_data * add secret to secrets ignore * [transformers] Enhance to be more durable #2 (#31063) * ExtractDomainAndFQDNFromUrlAndEmail * ExtractEmailV2 * ruff fix * FormatURL * Bump pack from version CommonScripts to 1.12.47. * Bump pack from version CommonScripts to 1.12.48. * Bump pack from version CommonScripts to 1.12.49. * Added unit tests * Update the docker image * Bump pack from version CommonScripts to 1.12.50. * Update Packs/CommonScripts/ReleaseNotes/1_12_50.md Co-authored-by: Dean Arbel * Update Packs/CommonScripts/ReleaseNotes/1_12_50.md Co-authored-by: Dean Arbel * Update the RN * Update the docker image * empty * Skip "FormattingPerformance - Test" TPB in XSOAR 8 --------- Co-authored-by: Content Bot Co-authored-by: Dean Arbel * Sleep w/ Polling (#30661) add polling mechanism to sleep upon crossing polling_threshold * Update shift management scripts (#31130) * fixed the bug and added unit tests * updated docker image * RN * updated docker image * cr updates * EWS rule commands - MS graph python integrations (#30943) Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * MS IIS Update (#31132) * Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes * Anomali ThreatStream change DBot verdict from Benign to Unknown for Low Confidence Indicators (#30993) (#31151) * change DBot verdict from Benign to Unknown for Low Confidence Indicators Indicators found in Anomali that are below Confidence thresholds should be created as Unknown and not Benign. Anomali ThreatStream documentation regarding Confidence https://ui.threatstream.com/optic-doc/Content/Features/threat_model/Observables/details_indicator.htm Confidence - Confidence indicates the certainty that an observable exhibits or is connected to malicious behavior. If Anomali has indicators with low Confidence, that doesn't mean the indicator is Benign/Safe. It means Anomali is unsure that the indicator is Malicious and as such the more appropriate verdict in XSOAR should be Unknown. * add indicator_default_score param * changed values to Benign and Unknown * update README and RN * update RN * update docker set required to false * update docker * fix docs comments --------- Co-authored-by: zdrouse Co-authored-by: adi88d Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> * generate empty junit files (#31153) * Update 1_6_0.json (#31164) * fix splunkpy splunk_submit_event_hec_command string issue (#30978) * fix splunkpy splunk_submit_event_hec_command string issue * test * add fix * update rn * [xsoar saas] - fix ports taxii2 e2e (#31163) * Hello world saas (#30901) * added a new incident field only for saas mp * added an incident field to xsoar_saas only for demonstration * format incident field * format incident field * added saas word to known words * version * merge with master * fixed the xsoar_saas end tag * Added tests to validate result * modified RN * pre commit changes * RN tags * ignoe long line * MS IIS README (#31158) * Updated README * Updated README * Fixes For IP Enrichment Playbooks (#31114) * Fixes For IP Enrichment Playbooks * RN * Removed the mapping rule from both playbooks. Updated the default value of the internal range playbook input according to RFC 1918. * Removed the value of 'UseReputationCommand' playbook input and fixes the YML files * Fixed RN * Removed the value set for the 'UseReputationCommand' sub-playbook input. Re-added the default value for 'UseReputationCommand' playbook input * skip ThreatStream-Test (#31172) * [transformers] Enhance to be more durable (#30897) [transformers] Enhance to be more durable * Fixes For 'Email Address Enrichment - Generic v2.1' (#31122) * Fixes For 'Email Address Enrichment - Generic v2.1' * Re-added the test playbook and marketplace configs to the playbook YML file * changed the 'domain' playbook input value * removed the 'domain' playbook input value and added RN * Fixed RN * Bump pack from version CommonPlaybooks to 2.4.34. --------- Co-authored-by: Content Bot * DisplayMappedFields - Fix dark mode text color (#31085) * removed the hardcoded color * removed the hardcoded color * update RN * update docker image * Bump pack from version CommonScripts to 1.12.48. * Unittest fixes * Bump pack from version CommonScripts to 1.12.49. * Unittest fixes * Bump pack from version CommonScripts to 1.12.50. * Bump pack from version CommonScripts to 1.12.51. * Bump pack from version CommonScripts to 1.12.52. * Bump pack from version CommonScripts to 1.12.53. --------- Co-authored-by: Content Bot * Updated the layout to exclude integration incident fields that are not pertinent to Vectra XDR (#31127) (#31182) Co-authored-by: Crest Data Systems <60967033+crestdatasystems@users.noreply.github.com> Co-authored-by: crestdatasystems Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com> * Taxii2 server relationship bug (#31162) * [taxii2-server] - code fixes * bump rn * docker update * remove debug-log because may wanted * [ASM] EXPANDER-7096 - ASM Remediation Guidance Fields (#30955) (#31178) Co-authored-by: John <40349459+BigEasyJ@users.noreply.github.com> Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> * Created pack for F5 BIG-IP APM (#31017) * Created pack for f5 apm * Added modeling rule files. * adding modeling rules and schema. * modified modeling rules * update yml file for modeling rule. * Update Packs/F5APM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/F5APM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/F5APM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/F5APM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/F5APM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/F5APM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * update readme. * Modified the read me file. --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * HelloWorld - delete old classifier (#31185) * Add support for is array for rep commands (#31169) * added support for isArray for python Xsoar supported reputation commands * added rn * Empty-Commit * python files fixes * fix docker issue * cr fixes * added logs and cache fix (#30577) * added logs and cache fix * Fixed another executeCommand results handling. * Updated docker image * Added rn * Update Packs/Phishing/ReleaseNotes/3_6_2.md Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * Update Packs/Phishing/Scripts/FindDuplicateEmailIncidents/FindDuplicateEmailIncidents.py --------- Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * Add support for is array for rep commands js (#31184) * JS files fixes * added rn * pre commit fixes * pre commit fixes * cr fixes * xsiam-avaya-siem-content-ciac-8502 (#31128) * init-pack * modeling-rules * add-docs * fix-pid-parsing * fix-README.md * Fixed For Endpoint Enrichment Playbooks (#31147) * Fixed For 'Endpoint Enrichment - Generic v2.1' Playbook * RN * RN * Fixes for Endpoint_Enrichment_-_Generic_v2.1_6_8 playbook * Bump pack from version CommonPlaybooks to 2.4.34. * Bump pack from version CommonPlaybooks to 2.4.35. * Fixed version for 'Endpoint Enrichment - Generic v2.1.6.8' playbook * Fixes for 'Endpoint Enrichment - Generic v2.1' playbook * Revert changes in 'Endpoint Enrichment - Generic v2.1' playbook --------- Co-authored-by: Content Bot * Update Docker Image To demisto/python3 (#31198) * Updated Metadata Of Pack DeveloperTools * Added release notes to pack DeveloperTools * Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml Docker image update * Updated Metadata Of Pack FlashpointFeed * Added release notes to pack FlashpointFeed * Packs/FlashpointFeed/Integrations/FlashpointFeed/FlashpointFeed.yml Docker image update * Updated Metadata Of Pack AbnormalSecurity * Added release notes to pack AbnormalSecurity * Packs/AbnormalSecurity/Integrations/AbnormalSecurity/AbnormalSecurity.yml Docker image update * Updated Metadata Of Pack FeedLOLBAS * Added release notes to pack FeedLOLBAS * Packs/FeedLOLBAS/Integrations/FeedLOLBAS/FeedLOLBAS.yml Docker image update * Updated Metadata Of Pack Hackuity * Added release notes to pack Hackuity * Packs/Hackuity/Integrations/Hackuity/Hackuity.yml Docker image update * Updated Metadata Of Pack Grafana * Added release notes to pack Grafana * Packs/Grafana/Integrations/Grafana/Grafana.yml Docker image update * Updated Metadata Of Pack Binalyze * Added release notes to pack Binalyze * Packs/Binalyze/Integrations/BinalyzeAIR/BinalyzeAIR.yml Docker image update * Updated Metadata Of Pack ServiceDeskPlus * Added release notes to pack ServiceDeskPlus * Packs/ServiceDeskPlus/Integrations/ServiceDeskPlus/ServiceDeskPlus.yml Docker image update * Updated Metadata Of Pack Oracle_IAM * Added release notes to pack Oracle_IAM * Packs/Oracle_IAM/Integrations/OracleIAM/OracleIAM.yml Docker image update * Updated Metadata Of Pack AccentureCTI * Added release notes to pack AccentureCTI * Packs/AccentureCTI/Integrations/ACTIIndicatorQuery/ACTIIndicatorQuery.yml Docker image update * Update Docker Image To demisto/boto3py3 (#31199) * Updated Metadata Of Pack SecurityIntelligenceServicesFeed * Added release notes to pack SecurityIntelligenceServicesFeed * Packs/SecurityIntelligenceServicesFeed/Integrations/SecurityIntelligenceServicesFeed/SecurityIntelligenceServicesFeed.yml Docker image update * Updated Metadata Of Pack AWS-IAM * Added release notes to pack AWS-IAM * Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml Docker image update * Updated Metadata Of Pack AWS-Route53 * Added release notes to pack AWS-Route53 * Packs/AWS-Route53/Integrations/AWSRoute53/AWSRoute53.yml Docker image update * Updated Metadata Of Pack AWS-AccessAnalyzer * Added release notes to pack AWS-AccessAnalyzer * Packs/AWS-AccessAnalyzer/Integrations/AWS-AccessAnalyzer/AWS-AccessAnalyzer.yml Docker image update * Updated Metadata Of Pack AWS-GuardDuty * Added release notes to pack AWS-GuardDuty * Packs/AWS-GuardDuty/Integrations/AWSGuardDutyEventCollector/AWSGuardDutyEventCollector.yml Docker image update * Packs/AWS-GuardDuty/Integrations/AWSGuardDuty/AWSGuardDuty.yml Docker image update * Updated Metadata Of Pack AWS-SecurityHub * Added release notes to pack AWS-SecurityHub * Packs/AWS-SecurityHub/Integrations/AWSSecurityHubEventCollector/AWSSecurityHubEventCollector.yml Docker image update * Updated Metadata Of Pack Aws-SecretsManager * Added release notes to pack Aws-SecretsManager * Packs/Aws-SecretsManager/Integrations/AwsSecretsManager/AwsSecretsManager.yml Docker image update * Update Docker Image To demisto/armorblox (#31203) * Updated Metadata Of Pack Armorblox * Added release notes to pack Armorblox * Packs/Armorblox/Integrations/Armorblox/Armorblox.yml Docker image update * Update Docker Image To demisto/py3-tools (#31201) * Updated Metadata Of Pack Intezer * Added release notes to pack Intezer * Packs/Intezer/Integrations/IntezerV2/IntezerV2.yml Docker image update * Updated Metadata Of Pack Zabbix * Added release notes to pack Zabbix * Packs/Zabbix/Integrations/Zabbix/Zabbix.yml Docker image update * Updated Metadata Of Pack FeedMalwareBazaar * Added release notes to pack FeedMalwareBazaar * Packs/FeedMalwareBazaar/Integrations/MalwareBazaarFeed/MalwareBazaarFeed.yml Docker image update * Updated Metadata Of Pack FeedGCPWhitelist * Added release notes to pack FeedGCPWhitelist * Packs/FeedGCPWhitelist/Integrations/FeedGoogleIPRanges/FeedGoogleIPRanges.yml Docker image update * Updated Metadata Of Pack AccentureCTI_Feed * Added release notes to pack AccentureCTI_Feed * Packs/AccentureCTI_Feed/Integrations/ACTIIndicatorFeed/ACTIIndicatorFeed.yml Docker image update * Updated Metadata Of Pack SEKOIAIntelligenceCenter * Added release notes to pack SEKOIAIntelligenceCenter * Packs/SEKOIAIntelligenceCenter/Integrations/SEKOIAIntelligenceCenter/SEKOIAIntelligenceCenter.yml Docker image update * Updated Metadata Of Pack JARM * Added release notes to pack JARM * Packs/JARM/Integrations/JARM/JARM.yml Docker image update * Updated Metadata Of Pack CommonWidgets * Added release notes to pack CommonWidgets * Packs/CommonWidgets/Scripts/RSSWidget/RSSWidget.yml Docker image update * Updated Metadata Of Pack FiltersAndTransformers * Added release notes to pack FiltersAndTransformers * Packs/FiltersAndTransformers/Scripts/Jmespath/Jmespath.yml Docker image update * Update Docker Image To demisto/oci (#31202) * Updated Metadata Of Pack OracleCloudInfrastructure * Added release notes to pack OracleCloudInfrastructure * Packs/OracleCloudInfrastructure/Integrations/OracleCloudInfrastructureEventCollector/OracleCloudInfrastructureEventCollector.yml Docker image update * Update Docker Image To demisto/accessdata (#31200) * Updated Metadata Of Pack Exterro * Added release notes to pack Exterro * Packs/Exterro/Integrations/Exterro/Exterro.yml Docker image update * Fix DS108 --------- Co-authored-by: israelpolishook * Update Docker Image To demisto/carbon-black-cloud (#31206) * Updated Metadata Of Pack CarbonBlackDefense * Added release notes to pack CarbonBlackDefense * Packs/CarbonBlackDefense/Integrations/CarbonBlackLiveResponseCloud/CarbonBlackLiveResponseCloud.yml Docker image update * Update Docker Image To demisto/taxii2 (#31205) * Updated Metadata Of Pack FeedUnit42v2 * Added release notes to pack FeedUnit42v2 * Packs/FeedUnit42v2/Integrations/FeedUnit42v2/FeedUnit42v2.yml Docker image update * Update Docker Image To demisto/crypto (#31204) * Updated Metadata Of Pack AzureKeyVault * Added release notes to pack AzureKeyVault * Packs/AzureKeyVault/Integrations/AzureKeyVault/AzureKeyVault.yml Docker image update * Updated Metadata Of Pack AzureSentinel * Added release notes to pack AzureSentinel * Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml Docker image update * Updated Metadata Of Pack AzureDevOps * Added release notes to pack AzureDevOps * Packs/AzureDevOps/Integrations/AzureDevOps/AzureDevOps.yml Docker image update * Updated Metadata Of Pack MicrosoftCloudAppSecurity * Added release notes to pack MicrosoftCloudAppSecurity * Packs/MicrosoftCloudAppSecurity/Integrations/MicrosoftCloudAppSecurity/MicrosoftCloudAppSecurity.yml Docker image update * Updated Metadata Of Pack AzureRiskyUsers * Added release notes to pack AzureRiskyUsers * Packs/AzureRiskyUsers/Integrations/AzureRiskyUsers/AzureRiskyUsers.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphGroups * Added release notes to pack MicrosoftGraphGroups * Packs/MicrosoftGraphGroups/Integrations/MicrosoftGraphGroups/MicrosoftGraphGroups.yml Docker image update * Updated Metadata Of Pack AzureSQLManagement * Added release notes to pack AzureSQLManagement * Packs/AzureSQLManagement/Integrations/AzureSQLManagement/AzureSQLManagement.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphAPI * Added release notes to pack MicrosoftGraphAPI * Packs/MicrosoftGraphAPI/Integrations/MicrosoftGraphAPI/MicrosoftGraphAPI.yml Docker image update * Updated Metadata Of Pack MicrosoftTeams * Added release notes to pack MicrosoftTeams * Packs/MicrosoftTeams/Integrations/MicrosoftTeamsManagement/MicrosoftTeamsManagement.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphApplications * Added release notes to pack MicrosoftGraphApplications * Packs/MicrosoftGraphApplications/Integrations/MicrosoftGraphApplications/MicrosoftGraphApplications.yml Docker image update * Update Docker Image To demisto/opnsense (#31208) * Updated Metadata Of Pack OPNSense * Added release notes to pack OPNSense * Packs/OPNSense/Integrations/OPNSense/OPNSense.yml Docker image update * Update Docker Image To demisto/auth-utils (#31207) * Updated Metadata Of Pack Cylance_Protect * Added release notes to pack Cylance_Protect * Packs/Cylance_Protect/Integrations/Cylance_Protect_v2/Cylance_Protect_v2.yml Docker image update * Updated Metadata Of Pack Zoom * Added release notes to pack Zoom * Packs/Zoom/Integrations/ZoomEventCollector/ZoomEventCollector.yml Docker image update * Updated Metadata Of Pack Silverfort * Added release notes to pack Silverfort * Packs/Silverfort/Integrations/Silverfort/Silverfort.yml Docker image update * Updated Metadata Of Pack AzureDataExplorer * Added release notes to pack AzureDataExplorer * Packs/AzureDataExplorer/Integrations/AzureDataExplorer/AzureDataExplorer.yml Docker image update * Updated Metadata Of Pack MicrosoftManagementActivity * Added release notes to pack MicrosoftManagementActivity * Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity.yml Docker image update * Updated Metadata Of Pack Box * Added release notes to pack Box * Packs/Box/Integrations/BoxEventsCollector/BoxEventsCollector.yml Docker image update * Packs/Box/Integrations/BoxV2/BoxV2.yml Docker image update * Updated Metadata Of Pack Troubleshoot * Added release notes to pack Troubleshoot * Packs/Troubleshoot/Scripts/CertificatesTroubleshoot/CertificatesTroubleshoot.yml Docker image update * commit --------- Co-authored-by: israelpolishook * Update Docker Image To demisto/ippysocks-py3 (#31211) * Updated Metadata Of Pack Whois * Added release notes to pack Whois * Packs/Whois/Integrations/Whois/Whois.yml Docker image update * Update Docker Image To demisto/python3 (#31214) * Updated Metadata Of Pack QualysFIM * Added release notes to pack QualysFIM * Packs/QualysFIM/Integrations/QualysFIM/QualysFIM.yml Docker image update * Updated Metadata Of Pack FortiSIEM * Added release notes to pack FortiSIEM * Packs/FortiSIEM/Integrations/FortiSIEMV2/FortiSIEMV2.yml Docker image update * Updated Metadata Of Pack FreshworksFreshservice * Added release notes to pack FreshworksFreshservice * Packs/FreshworksFreshservice/Integrations/FreshworksFreshservice/FreshworksFreshservice.yml Docker image update * Updated Metadata Of Pack KnowBe4_KMSAT * Added release notes to pack KnowBe4_KMSAT * Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSATEventCollector/KnowBe4KMSATEventCollector.yml Docker image update * Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSAT/KnowBe4KMSAT.yml Docker image update * Updated Metadata Of Pack SafeNet_Trusted_Access * Added release notes to pack SafeNet_Trusted_Access * Packs/SafeNet_Trusted_Access/Integrations/SafeNetTrustedAccessEventCollector/SafeNetTrustedAccessEventCollector.yml Docker image update * Updated Metadata Of Pack DelineaSS * Added release notes to pack DelineaSS * Packs/DelineaSS/Integrations/DelineaSS/DelineaSS.yml Docker image update * Updated Metadata Of Pack Cryptocurrency * Added release notes to pack Cryptocurrency * Packs/Cryptocurrency/Integrations/Cryptocurrency/Cryptocurrency.yml Docker image update * Updated Metadata Of Pack PANOSPolicyOptimizer * Added release notes to pack PANOSPolicyOptimizer * Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml Docker image update * Updated Metadata Of Pack DeveloperTools * Added release notes to pack DeveloperTools * Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml Docker image update * Update Docker Image To demisto/boto3py3 (#31215) * Updated Metadata Of Pack SecurityIntelligenceServicesFeed * Added release notes to pack SecurityIntelligenceServicesFeed * Packs/SecurityIntelligenceServicesFeed/Integrations/SecurityIntelligenceServicesFeed/SecurityIntelligenceServicesFeed.yml Docker image update * Updated Metadata Of Pack AWS-IAM * Added release notes to pack AWS-IAM * Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml Docker image update * Updated Metadata Of Pack AWS-Route53 * Added release notes to pack AWS-Route53 * Packs/AWS-Route53/Integrations/AWSRoute53/AWSRoute53.yml Docker image update * Updated Metadata Of Pack AWS-AccessAnalyzer * Added release notes to pack AWS-AccessAnalyzer * Packs/AWS-AccessAnalyzer/Integrations/AWS-AccessAnalyzer/AWS-AccessAnalyzer.yml Docker image update * Updated Metadata Of Pack AWS-GuardDuty * Added release notes to pack AWS-GuardDuty * Packs/AWS-GuardDuty/Integrations/AWSGuardDutyEventCollector/AWSGuardDutyEventCollector.yml Docker image update * Packs/AWS-GuardDuty/Integrations/AWSGuardDuty/AWSGuardDuty.yml Docker image update * Updated Metadata Of Pack AWS-SecurityHub * Added release notes to pack AWS-SecurityHub * Packs/AWS-SecurityHub/Integrations/AWSSecurityHubEventCollector/AWSSecurityHubEventCollector.yml Docker image update * Updated Metadata Of Pack Aws-SecretsManager * Added release notes to pack Aws-SecretsManager * Packs/Aws-SecretsManager/Integrations/AwsSecretsManager/AwsSecretsManager.yml Docker image update * Update Docker Image To demisto/accessdata (#31216) * Updated Metadata Of Pack Exterro * Added release notes to pack Exterro * Packs/Exterro/Integrations/Exterro/Exterro.yml Docker image update * Update Docker Image To demisto/oci (#31218) * Updated Metadata Of Pack OracleCloudInfrastructure * Added release notes to pack OracleCloudInfrastructure * Packs/OracleCloudInfrastructure/Integrations/OracleCloudInfrastructureEventCollector/OracleCloudInfrastructureEventCollector.yml Docker image update * Update Docker Image To demisto/py3-tools (#31217) * Updated Metadata Of Pack Intezer * Added release notes to pack Intezer * Packs/Intezer/Integrations/IntezerV2/IntezerV2.yml Docker image update * Updated Metadata Of Pack Zabbix * Added release notes to pack Zabbix * Packs/Zabbix/Integrations/Zabbix/Zabbix.yml Docker image update * Updated Metadata Of Pack FeedMalwareBazaar * Added release notes to pack FeedMalwareBazaar * Packs/FeedMalwareBazaar/Integrations/MalwareBazaarFeed/MalwareBazaarFeed.yml Docker image update * Updated Metadata Of Pack FeedGCPWhitelist * Added release notes to pack FeedGCPWhitelist * Packs/FeedGCPWhitelist/Integrations/FeedGoogleIPRanges/FeedGoogleIPRanges.yml Docker image update * Updated Metadata Of Pack AccentureCTI_Feed * Added release notes to pack AccentureCTI_Feed * Packs/AccentureCTI_Feed/Integrations/ACTIIndicatorFeed/ACTIIndicatorFeed.yml Docker image update * Updated Metadata Of Pack SEKOIAIntelligenceCenter * Added release notes to pack SEKOIAIntelligenceCenter * Packs/SEKOIAIntelligenceCenter/Integrations/SEKOIAIntelligenceCenter/SEKOIAIntelligenceCenter.yml Docker image update * Updated Metadata Of Pack JARM * Added release notes to pack JARM * Packs/JARM/Integrations/JARM/JARM.yml Docker image update * Updated Metadata Of Pack Anomali_ThreatStream * Added release notes to pack Anomali_ThreatStream * Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3.yml Docker image update * Updated Metadata Of Pack CommonWidgets * Added release notes to pack CommonWidgets * Packs/CommonWidgets/Scripts/RSSWidget/RSSWidget.yml Docker image update * Updated Metadata Of Pack FiltersAndTransformers * Added release notes to pack FiltersAndTransformers * Packs/FiltersAndTransformers/Scripts/Jmespath/Jmespath.yml Docker image update * CortexXDRIR-generic-polling (#31082) * - Added new playbook for quarantine_file - Old playbook deprecated - New image added * release notes added * - New playbook for _Retrieve_File_Playbook_v2 created - Old playbook _Retrieve_File_Playbook deprecated - Image was added * Release notes were added * Changed the name of the playbook * Readme file added * Added image * fixed image location in readme file * Update Packs/CortexXDR/Playbooks/Cortex_XDR_-_Retrieve_File_v2.yml Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> * Bump pack from version CortexXDR to 6.0.4. * Removed unnecessary tests * Readme files were updated * Fixes for the playbooks * fixed Tests/conf.json file * image issue fixed * Added new images * Update Packs/CortexXDR/Playbooks/Cortex_XDR_-_Retrieve_File_Playbook_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/Playbooks/Cortex_XDR_-_Retrieve_File_Playbook_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/ReleaseNotes/6_0_4.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/ReleaseNotes/6_0_4.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/ReleaseNotes/6_0_4.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/ReleaseNotes/6_0_4.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/Playbooks/Cortex_XDR_-_Retrieve_File_Playbook_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/Playbooks/Cortex_XDR_-_quarantine_file_v2_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * PR fixes - new condition to check if the task finished successfully * release notes updated * image path fixed * Added new outputs for playbook * release notes updated * fix * readme files fixed * image issue * image issue * fix * fix * fix * fix * uploaded new playbook because of the image issue * fix for image issue * delete photo * fixes * test playbooks fixed * test playbooks removed --------- Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> Co-authored-by: Content Bot Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Docker Image To demisto/crypto (#31219) * Updated Metadata Of Pack AzureKeyVault * Added release notes to pack AzureKeyVault * Packs/AzureKeyVault/Integrations/AzureKeyVault/AzureKeyVault.yml Docker image update * Updated Metadata Of Pack AzureSentinel * Added release notes to pack AzureSentinel * Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml Docker image update * Updated Metadata Of Pack AzureDevOps * Added release notes to pack AzureDevOps * Packs/AzureDevOps/Integrations/AzureDevOps/AzureDevOps.yml Docker image update * Updated Metadata Of Pack MicrosoftCloudAppSecurity * Added release notes to pack MicrosoftCloudAppSecurity * Packs/MicrosoftCloudAppSecurity/Integrations/MicrosoftCloudAppSecurity/MicrosoftCloudAppSecurity.yml Docker image update * Updated Metadata Of Pack AzureRiskyUsers * Added release notes to pack AzureRiskyUsers * Packs/AzureRiskyUsers/Integrations/AzureRiskyUsers/AzureRiskyUsers.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphGroups * Added release notes to pack MicrosoftGraphGroups * Packs/MicrosoftGraphGroups/Integrations/MicrosoftGraphGroups/MicrosoftGraphGroups.yml Docker image update * Updated Metadata Of Pack AzureSQLManagement * Added release notes to pack AzureSQLManagement * Packs/AzureSQLManagement/Integrations/AzureSQLManagement/AzureSQLManagement.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphAPI * Added release notes to pack MicrosoftGraphAPI * Packs/MicrosoftGraphAPI/Integrations/MicrosoftGraphAPI/MicrosoftGraphAPI.yml Docker image update * Updated Metadata Of Pack MicrosoftTeams * Added release notes to pack MicrosoftTeams * Packs/MicrosoftTeams/Integrations/MicrosoftTeamsManagement/MicrosoftTeamsManagement.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphApplications * Added release notes to pack MicrosoftGraphApplications * Packs/MicrosoftGraphApplications/Integrations/MicrosoftGraphApplications/MicrosoftGraphApplications.yml Docker image update * update pack ignore (#31193) * Slack event collector: fixed an issue where we get a Bad Request error (#31135) * fixed an issue where we get a Bad Request error. * pre-commit * added test * fixed Flake8 error * fixed cr comments * fixed cr comments * update Docker image * YR/Remove-fields-with-one-letter-DBotFindSimilarIncidents/XSUP-29299 (#31161) * fixes * code and test * remove Json feed from this pr * test * note * pre commit * RN * CR and Flake8 * format * pre commit * Fixes For 'URL Enrichment - Generic v2' Playbook (#31195) * Fixes For 'URL Enrichment - Generic v2' Playbook * RN * Bump pack from version CommonPlaybooks to 2.4.36. --------- Co-authored-by: Content Bot * F5 APM Remove XSIAM tags (#31221) * remove ls from test_e2e_results.sh (#31186) * [IsEmailAddressInternal] Fix an issue with **domain** argument (#31222) * First commit * Added RN * Update Packs/CommonScripts/ReleaseNotes/1_12_54.md Co-authored-by: Dean Arbel --------- Co-authored-by: Dean Arbel * Deprecate 'Get endpoint details - Generic' Playbook (#31196) * Deprecate 'Get endpoint details - Generic' Playbook * RN * Bump pack from version CommonPlaybooks to 2.4.36. * Bump pack from version CommonPlaybooks to 2.4.37. --------- Co-authored-by: Content Bot * Replacing the deprecated sub-playbook within the 'NGFW Internal Scan'… (#31197) * Replacing the deprecated sub-playbook within the 'NGFW Internal Scan' XSIAM playbook * RN * [Marketplace Contribution] CISO Metrics (#30641) (#31213) * "pack contribution initial commit" * Update pack_metadata.json * Update and rename dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CISO_Metrics.json to dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CommunityCommonDashboards.json Rename to CommunityCommonDashboards * Update pack_metadata.json Renamed "name": "CommunityCommonDashboards" * Update README.md Added description * Update README.md * Update and rename README.md to README.md * Rename dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CommunityCommonDashboards.json to dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CommunityCommonDashboards.json * Rename .pack-ignore to .pack-ignore * Rename .secrets-ignore to .secrets-ignore * Rename pack_metadata.json to pack_metadata.json * Update .pack-ignore * Update pack_metadata.json * Update .pack-ignore * Update and rename dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CommunityCommonDashboards.json to CISOMetrics.json Renamed to CISOMetrics * Update pack_metadata.json * Update pack_metadata.json * Update README.md --------- Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: Sapir Shuker <49246861+sapirshuker@users.noreply.github.com> Co-authored-by: David Uhrlaub <90627446+rurhrlaub@users.noreply.github.com> * Cybereason xsoar v 2.1.14 (#30647) (#31225) * added v2.1.14 codebase * fix pr comments * replace dummy md5 placeholder * Update Packs/Cybereason/Integrations/Cybereason/Cybereason.py * updated docker image python version * updated release notes docker version * added pagination params * updated docker image * fix lint errors * fix demisto validate errors * updated release notes * updated release notes * updated release notes * updated command name as per PR comment * removed manual filtering for response * updated function name to match the command name format * updated unit test as per new command name * added machinename filter to api query * moved empty output message to the top * updated docker image tag to latest * undo changes from unisolate endpoint playbook --------- Co-authored-by: suraj-metron <87964764+suraj-metron@users.noreply.github.com> Co-authored-by: Sapir Shuker <49246861+sapirshuker@users.noreply.github.com> * fixed polling support (#30873) * fixed polling support * fixed rn * added rn * added rn * XSUP-30786/Fix (#31168) * Added failing UT * Fixed the issue * Updated docker image * Updated RN * Update Packs/PAN-OS/ReleaseNotes/2_1_15.md Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * Updated the bug fix and the UT * updated docker image --------- Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * rewrite to js FirstArrayElement and LastArrayElement (#31228) * rewrite to js * added tpb * added empty test case to tpb * precommit fixes * change fromversion so build wont fail * Enable Core REST API with general XSIAM endpoints (#31226) * mostly works * added release notes * fixes from review * F5 APM fixed the marketplace build failure (#31236) * F5 APM Remove XSIAM tags * fix marketplace error * Add incidents field (#30393) (#31233) * add rawJSON field to incidents * release notes * update docker image tag * nit * fetching incident details * mapper + incident fields * remove incorrect incident field files * new incident field files, new mapper * sdk validate command changes * update release noteS * validation errors * fix validation errors * undo release notes changes * undo release notes change * undo release notes * undo release notes * undo release notes * nit * new release notes * remove playbook id * update docker image tag * revert release notes * revert RN * nit- remove filters used for testing * add details field to threats * remove try/except blocks * changing version * Update Abnormal_Security_Custom_Incident_types.json change from version * nit - remove changes used for demo * updating docker image * update docker image tag --------- Co-authored-by: William Olyslager Co-authored-by: sapirshuker Co-authored-by: Sapir Shuker <49246861+sapirshuker@users.noreply.github.com> * Update Docker Image To demisto/python3 (#31242) * Updated Metadata Of Pack CIRCL * Added release notes to pack CIRCL * Packs/CIRCL/Integrations/CirclCVESearch/CirclCVESearch.yml Docker image update * Updated Metadata Of Pack ipinfo * Added release notes to pack ipinfo * Packs/ipinfo/Integrations/ipinfo_v2/ipinfo_v2.yml Docker image update * Updated Metadata Of Pack AutoFocus * Added release notes to pack AutoFocus * Packs/AutoFocus/Integrations/FeedAutofocus/FeedAutofocus.yml Docker image update * Packs/AutoFocus/Integrations/AutofocusV2/AutofocusV2.yml Docker image update * Updated Metadata Of Pack MailSenderNew * Added release notes to pack MailSenderNew * Packs/MailSenderNew/Integrations/MailSenderNew/MailSenderNew.yml Docker image update * avoid to update Docker for AutoFocusv2 --------- Co-authored-by: israelpolishook * Fixes For 'IP Enrichment - Generic v2' Playbook (#31183) * Fixes For 'IP Enrichment - Generic v2' Playbook * RN * RN * Updated the 'InternalRange' playbook input's default value. * configured the 'extended_data' and 'threat_model_association' sub-playbook inputs * Bump pack from version CommonPlaybooks to 2.4.36. * Bump pack from version CommonPlaybooks to 2.4.37. * changed the default value of the 'ResolveIP' playbook input * re-added RN after merging from master * Fixes RN --------- Co-authored-by: Content Bot * Check if should run Instance role (#31245) * Added the sync from the saas bucket and modified the verify script to take the revision from the correct bucket. (#31254) * AWS Organizations (#30525) * init * commands template * aws-org-children-list * more commands * even more commands * added account commands * removed enhancement commands * use json_transform * unit-tests init * unit-tests continued * unit-tests continued some more * TPB * one more unit-test * one more unit-test * one more unit-test * name change * TPB * docs complete * pack readme * pack readme part 2 * readme modified * more tests * more tests * use get() * adde description * removed isFetch * added image * name change * CR changes * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update docker * put the commands back in * code complete * yml part 2 * yml part 3 * test template * unit-tests continued some more * unit-tests almost complete * unit-tests complete * fixed a few bugs * fixed unit-tests * added readme * update readme * added missing descriptions to readme * TPB * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * CR changes * demo changes * update docker * build wars: round 1 * build wars: round 2 * build wars: round 3; add unit-tests * build wars: round 4 * build wars: round 5 * build wars: round 6 --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * NextToken in CommandResults (#30501) * init * new design * added error in case of non nested input * RN * a tad more docs * Bump pack from version Base to 1.32.47. * Bump pack from version Base to 1.32.48. * Bump pack from version Base to 1.32.49. * improved doc-string * resolve conflicts * resolve conflicts * Bump pack from version Base to 1.32.52. --------- Co-authored-by: Content Bot * demisto-sdk-release 1.24.0 (#31268) * poetry files * update validate manager imports (#31179) * update validate manager imports * revert * Update Tests/configure_and_test_integration_instances.py * Edit file types test (#31170) * edited tests * s * s * edit --------- Co-authored-by: Content Bot Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com> Co-authored-by: merit-maita <49760643+merit-maita@users.noreply.github.com> Co-authored-by: JudithB <132264628+jbabazadeh@users.noreply.github.com> * modified modeling rules of clearswift dlp (#31247) * modified modeling rules of clearswift dlp * modified the parsing rule of clearswiftdlp * Added release notes. * added dlp to pack ignore * added Clearswift to pack ignore * QRadar: continue to poll in case of networking issues (#31084) * Generalize the mode option in pre-commit (#30663) * args updated to match the update in the sdk * add merge-coverage-report and coverage-analyze * updaing pyproject.toml * poetry lock * restoring pyproject.toml and poetry.lock * pre-commit.yml * updates * test comment * use sdk ref * if * add github output * revert ilan changes * merge-pytest-reports --------- Co-authored-by: ilan * EXPANDR-1576 CortexXpanse Remediation Guidance changes (#31190) * EXPANDR-1576 CortexXpanse Remediation Guidance changes (#30712) * CortexXpanse RG changes * Fix flake8 errors * Fix unit test cases * Update docker version * update command name * Readme updates * docker update * Ignore BC error * fix packignore * Update release notes * update breaking change notes * update breaking change notes * correct RN --------- Co-authored-by: Chait A <112722030+capanw@users.noreply.github.com> Co-authored-by: ilappe * Feature/cyberint enhancement (#31252) * Feature/cyberint enhancement (#30493) * Update Docker Image To demisto/py3-tools (#25523) * Updated Metadata Of Pack FeedAWS * Added release notes to pack FeedAWS * Packs/FeedAWS/Integrations/FeedAWS/FeedAWS.yml Docker image update * update Cyberint Pack * update release note and incidentfields * update CommonType release note * update CommonType relesenotes * update CommonType relese notes * update CyberInt Related entity name * update release notes * add new incident field: Alert Data * foramt alert_data * update CyberInt Related Entity name to avoid validation errors * reset the CyberInt Related Entity name * update incident field name * Update 3_3_93.md * pre commit update docker * added known words * fixed the RN * known words --------- Co-authored-by: TalGumi <101499620+TalGumi@users.noreply.github.com> Co-authored-by: omerKarkKatz <95565843+omerKarkKatz@users.noreply.github.com> Co-authored-by: okarkkatz * [xsoar-8 coverage] - use poll functions from SDK clients (#31144) * update poetry * use poll functions * test against builds * try to fix ssl issue * timeout = 300 + verify ssl * fix ssl issues * fix incident pull * fix * make verify=false by default * fix ports bug * use sdk master * revert poetry * revert infra used for testing * [CrowdStrike Falcon Intel v2] Fixed an issue in 'cs-actors' and 'cs-reports' commands (#31265) * Fix the 'NoneType' object is not iterable issue * ruff * Update the docker image; Add RN * Update Packs/CrowdStrikeIntel/ReleaseNotes/2_0_34.md Co-authored-by: Dean Arbel --------- Co-authored-by: Dean Arbel * oncall- installation orders (#31253) * test * test * revert debugs * pre-commit --------- Co-authored-by: Jas Beilin * Core rest api docs fix (#31262) * Improved descriptions. * Added docs * Added rn. * Changed i.e to e.g * bugfix/XSUP-30713/port-scan-pb-issue-incident-failure (#31154) * Fix playbook input's default value, change to not required, add check for value not empty * Update playbook image * Update release notes * Bump pack from version CortexXDR to 6.0.5. * Moved InternalIPRanges input check to better location * Fix review comments --------- Co-authored-by: Content Bot * [PagerDuty v2] Added Support For Pagination (#30959) * commit init - lint and type annotation * typing * pagination function and some typing * fix api limit and pagination * added UT and test_data * added RN and description for args * generate readme * update docker * added UT * fix flake8 * more docstring, one more UT, fix send unnecessary parameters * fix f-string * fix pep8 * revert copy * fix parameters name * docs review * update docker * [ASM] EXPANDR 7225 - Update Ev1 Integration Display Name (#31234) (#31276) * Update Display Name * Update release notes * Update docker image and add period to descriptions Co-authored-by: John <40349459+BigEasyJ@users.noreply.github.com> Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com> * Update Docker Image To demisto/python3 (#31286) * Updated Metadata Of Pack QualysFIM * Added release notes to pack QualysFIM * Packs/QualysFIM/Integrations/QualysFIM/QualysFIM.yml Docker image update * Updated Metadata Of Pack FortiSIEM * Added release notes to pack FortiSIEM * Packs/FortiSIEM/Integrations/FortiSIEMV2/FortiSIEMV2.yml Docker image update * Updated Metadata Of Pack FreshworksFreshservice * Added release notes to pack FreshworksFreshservice * Packs/FreshworksFreshservice/Integrations/FreshworksFreshservice/FreshworksFreshservice.yml Docker image update * Updated Metadata Of Pack KnowBe4_KMSAT * Added release notes to pack KnowBe4_KMSAT * Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSATEventCollector/KnowBe4KMSATEventCollector.yml Docker image update * Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSAT/KnowBe4KMSAT.yml Docker image update * Updated Metadata Of Pack SafeNet_Trusted_Access * Added release notes to pack SafeNet_Trusted_Access * Packs/SafeNet_Trusted_Access/Integrations/SafeNetTrustedAccessEventCollector/SafeNetTrustedAccessEventCollector.yml Docker image update * Updated Metadata Of Pack DelineaSS * Added release notes to pack DelineaSS * Packs/DelineaSS/Integrations/DelineaSS/DelineaSS.yml Docker image update * Updated Metadata Of Pack Cryptocurrency * Added release notes to pack Cryptocurrency * Packs/Cryptocurrency/Integrations/Cryptocurrency/Cryptocurrency.yml Docker image update * Updated Metadata Of Pack PANOSPolicyOptimizer * Added release notes to pack PANOSPolicyOptimizer * Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml Docker image update * Updated Metadata Of Pack DeveloperTools * Added release notes to pack DeveloperTools * Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml Docker image update * Add XSOAR_SAAS section to EDL description (#31264) * add XSOAR_SAAS section to EDL description * update RN * [XSUP 30575] Added full fields query param (#31272) * get indicators full fields data * pre-commit * release notes * tests and CR fixes * Update Packs/FeedCrowdstrikeFalconIntel/ReleaseNotes/2_1_13.md Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> --------- Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * Update Docker Image To demisto/boto3py3 (#31287) * Updated Metadata Of Pack SecurityIntelligenceServicesFeed * Added release notes to pack SecurityIntelligenceServicesFeed * Packs/SecurityIntelligenceServicesFeed/Integrations/SecurityIntelligenceServicesFeed/SecurityIntelligenceServicesFeed.yml Docker image update * Updated Metadata Of Pack AWS-IAM * Added release notes to pack AWS-IAM * Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml Docker image update * Updated Metadata Of Pack AWS-Route53 * Added release notes to pack AWS-Route53 * Packs/AWS-Route53/Integrations/AWSRoute53/AWSRoute53.yml Docker image update * Updated Metadata Of Pack AWS-AccessAnalyzer * Added release notes to pack AWS-AccessAnalyzer * Packs/AWS-AccessAnalyzer/Integrations/AWS-AccessAnalyzer/AWS-AccessAnalyzer.yml Docker image update * Updated Metadata Of Pack AWS-GuardDuty * Added release notes to pack AWS-GuardDuty * Packs/AWS-GuardDuty/Integrations/AWSGuardDutyEventCollector/AWSGuardDutyEventCollector.yml Docker image update * Packs/AWS-GuardDuty/Integrations/AWSGuardDuty/AWSGuardDuty.yml Docker image update * Updated Metadata Of Pack AWS-SecurityHub * Added release notes to pack AWS-SecurityHub * Packs/AWS-SecurityHub/Integrations/AWSSecurityHubEventCollector/AWSSecurityHubEventCollector.yml Docker image update * Updated Metadata Of Pack Aws-SecretsManager * Added release notes to pack Aws-SecretsManager * Packs/Aws-SecretsManager/Integrations/AwsSecretsManager/AwsSecretsManager.yml Docker image update * Update Docker Image To demisto/accessdata (#31288) * Updated Metadata Of Pack Exterro * Added release notes to pack Exterro * Packs/Exterro/Integrations/Exterro/Exterro.yml Docker image update * Update Docker Image To demisto/oci (#31290) * Updated Metadata Of Pack OracleCloudInfrastructure * Added release notes to pack OracleCloudInfrastructure * Packs/OracleCloudInfrastructure/Integrations/OracleCloudInfrastructureEventCollector/OracleCloudInfrastructureEventCollector.yml Docker image update * Update Docker Image To demisto/py3-tools (#31289) * Updated Metadata Of Pack Intezer * Added release notes to pack Intezer * Packs/Intezer/Integrations/IntezerV2/IntezerV2.yml Docker image update * Updated Metadata Of Pack Zabbix * Added release notes to pack Zabbix * Packs/Zabbix/Integrations/Zabbix/Zabbix.yml Docker image update * Updated Metadata Of Pack FeedMalwareBazaar * Added release notes to pack FeedMalwareBazaar * Packs/FeedMalwareBazaar/Integrations/MalwareBazaarFeed/MalwareBazaarFeed.yml Docker image update * Updated Metadata Of Pack FeedGCPWhitelist * Added release notes to pack FeedGCPWhitelist * Packs/FeedGCPWhitelist/Integrations/FeedGoogleIPRanges/FeedGoogleIPRanges.yml Docker image update * Updated Metadata Of Pack AccentureCTI_Feed * Added release notes to pack AccentureCTI_Feed * Packs/AccentureCTI_Feed/Integrations/ACTIIndicatorFeed/ACTIIndicatorFeed.yml Docker image update * Updated Metadata Of Pack SEKOIAIntelligenceCenter * Added release notes to pack SEKOIAIntelligenceCenter * Packs/SEKOIAIntelligenceCenter/Integrations/SEKOIAIntelligenceCenter/SEKOIAIntelligenceCenter.yml Docker image update * Updated Metadata Of Pack JARM * Added release notes to pack JARM * Packs/JARM/Integrations/JARM/JARM.yml Docker image update * Updated Metadata Of Pack Anomali_ThreatStream * Added release notes to pack Anomali_ThreatStream * Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3.yml Docker image update * Updated Metadata Of Pack CommonWidgets * Added release notes to pack CommonWidgets * Packs/CommonWidgets/Scripts/RSSWidget/RSSWidget.yml Docker image update * Updated Metadata Of Pack FiltersAndTransformers * Added release notes to pack FiltersAndTransformers * Packs/FiltersAndTransformers/Scripts/Jmespath/Jmespath.yml Docker image update * Update Docker Image To demisto/armorblox (#31291) * Updated Metadata Of Pack Armorblox * Added release notes to pack Armorblox * Packs/Armorblox/Integrations/Armorblox/Armorblox.yml Docker image update * Update Docker Image To demisto/crypto (#31292) * Updated Metadata Of Pack AzureKeyVault * Added release notes to pack AzureKeyVault * Packs/AzureKeyVault/Integrations/AzureKeyVault/AzureKeyVault.yml Docker image update * Updated Metadata Of Pack AzureSentinel * Added release notes to pack AzureSentinel * Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml Docker image update * Updated Metadata Of Pack AzureDevOps * Added release notes to pack AzureDevOps * Packs/AzureDevOps/Integrations/AzureDevOps/AzureDevOps.yml Docker image update * Updated Metadata Of Pack MicrosoftCloudAppSecurity * Added release notes to pack MicrosoftCloudAppSecurity * Packs/MicrosoftCloudAppSecurity/Integrations/MicrosoftCloudAppSecurity/MicrosoftCloudAppSecurity.yml Docker image update * Updated Metadata Of Pack AzureRiskyUsers * Added release notes to pack AzureRiskyUsers * Packs/AzureRiskyUsers/Integrations/AzureRiskyUsers/AzureRiskyUsers.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphGroups * Added release notes to pack MicrosoftGraphGroups * Packs/MicrosoftGraphGroups/Integrations/MicrosoftGraphGroups/MicrosoftGraphGroups.yml Docker image update * Updated Metadata Of Pack AzureSQLManagement * Added release notes to pack AzureSQLManagement * Packs/AzureSQLManagement/Integrations/AzureSQLManagement/AzureSQLManagement.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphAPI * Added release notes to pack MicrosoftGraphAPI * Packs/MicrosoftGraphAPI/Integrations/MicrosoftGraphAPI/MicrosoftGraphAPI.yml Docker image update * Updated Metadata Of Pack MicrosoftTeams * Added release notes to pack MicrosoftTeams * Packs/MicrosoftTeams/Integrations/MicrosoftTeamsManagement/MicrosoftTeamsManagement.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphApplications * Added release notes to pack MicrosoftGraphApplications * Packs/MicrosoftGraphApplications/Integrations/MicrosoftGraphApplications/MicrosoftGraphApplications.yml Docker image update * Update Docker Image To demisto/sixgill (#31293) * Updated Metadata Of Pack Cybersixgill-ActionableAlerts * Added release notes to pack Cybersixgill-ActionableAlerts * Packs/Cybersixgill-ActionableAlerts/Integrations/CybersixgillActionableAlerts/CybersixgillActionableAlerts.yml Docker image update * Updated Metadata Of Pack Sixgill-Darkfeed * Added release notes to pack Sixgill-Darkfeed * Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed_Enrichment/Sixgill_Darkfeed_Enrichment.yml Docker image update * Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed/Sixgill_Darkfeed.yml Docker image update * Update Docker Image To demisto/carbon-black-cloud (#31295) * Updated Metadata Of Pack CarbonBlackDefense * Added release notes to pack CarbonBlackDefense * Packs/CarbonBlackDefense/Integrations/CarbonBlackLiveResponseCloud/CarbonBlackLiveResponseCloud.yml Docker image update * Update Docker Image To demisto/taxii2 (#31294) * Updated Metadata Of Pack FeedDHS * Added release notes to pack FeedDHS * Packs/FeedDHS/Integrations/DHSFeedV2/DHSFeedV2.yml Docker image update * Updated Metadata Of Pack FeedUnit42v2 * Added release notes to pack FeedUnit42v2 * Packs/FeedUnit42v2/Integrations/FeedUnit42v2/FeedUnit42v2.yml Docker image update * MS IIS Update2 (#31256) * Updated MicrosoftIISWebServerModelingRules_1_3 * Updated ModelingRules filters * Updated ModelingRules filters * Updated ReleaseNotes * Upated ReleaseNotes * CrowdStrikeFalconX-genreic-polling (#31189) * old playbooks deprecated and new one added * readme file edited * set the interval from the inputs * fixes for release notes * added extensions to known words * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_URL_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/ReleaseNotes/1_2_37.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/ReleaseNotes/1_2_37.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/ReleaseNotes/1_2_37.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/ReleaseNotes/1_2_37.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * minor fixes for description * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_URL_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_URL_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_URL_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Add Symantec MSS to ignored items (#31296) * [XSUP 30870] Added full fields option for cs-actors and cs-reports commands (#31271) * Added the display_full_fields argument * pre-commit * release notes * tests and CR fixes * resolve conflict * pre-commit * CR fixes * docker * pre-commit * add myself as codeowner (#31314) * ORKL Feed Integration 1.0.0 Initial Release (#31166) * ORKL Feed Integration 1.0.0 Initial Release (#31101) Co-authored-by: Martin Ohl * [VirusTotal] Add suspicious threshold (#31220) * [VirusTotal] Add suspicious threshold (#31021) * fixing CimTrak_test.py unit tests (#31308) fixing CimTrak_test.py unit tests #31308 * Add new command and bug fix. (#31311) * Anomali ThreatStream v3 - Fix threatstream-get-indicators command (#31269) * fix get_indicators method * update RN * update docker * update test * update test * update get_indicators method * update RN * Update Packs/Anomali_ThreatStream/ReleaseNotes/2_2_9.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * update docker * update docker --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * SentinelOne v2: Add 2 new commands (#31312) * fixing jira file attachments (#31297) fixing jira file attachments, fixing mapping of newly created tickets #31297 * CiscoSMA Update (#31315) * Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes * updated docs (#31192) * updated docs * running pre-commit and docker * docker update * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * remove package-lock file * cr note * Update Packs/MicrosoftGraphDeviceManagement/ReleaseNotes/1_1_20.md Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> * Fix an issue when there is only one incident in fetch_incidents powershell (#31267) * added -AsArray * updated the docker image and added . * RN * unit tests and docker image * rn * docker image and release notes * Update Packs/Base/ReleaseNotes/1_32_53.md Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> * updated the unit tests --------- Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> * Get Entity Alerts by MITRE Tactics - Performance Improvements (Refactor) (#31232) * Added playbooks * New playbooks images, formatted playbooks, and added RN * Updated pb image to be in light mode * Further improvements to playbooks, updated docs, and updated playbook images * Bump pack from version CortexXDR to 6.0.6. * Changed alert to incident to fix validation * Descriptions --------- Co-authored-by: Content Bot * fix for sdk nightly e2e tests (#31310) * [qradar-v3] - handle connection errors (#31246) * [qradar-v3] - handle connection errors * add uts * bump rn * remove irrelevant imports * update code * timeout = 300 * bump rn * update implementation * docker image * fixes * remove imports * rn * update debug-message * update log * fix docker-image * fix ut * oncall-sdk-nightly-create-xsoar-instance (#31300) * overwrite the filter env file * remove space * remove print * Update .gitlab/ci/.gitlab-ci.on-push.yml Co-authored-by: Koby Meir --------- Co-authored-by: Koby Meir * [ASM] - EXPANDER 7238 - Jira Playbook Support for V2 and V3 Project Key (#31273) (#31322) * Add support V2 and V3, remove default project key - Add data collection task for customer - Leave Jira Project Key input as blank - Add support for project key passed into Jira V2 and V3 integrations * Add release notes * Update Playbook ReadMe * Add task description * Update release notes Co-authored-by: John <40349459+BigEasyJ@users.noreply.github.com> Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com> * Support contributions when the name of the repo isn't content (#31320) * update handle_external_pr.py * set repo_name arg as optional * Oncall sdk nightly create xsoar instance (#31324) Oncall sdk nightly create xsoar instance #31324 * CIAC-4556/xdr-remote-psexec-lolbin-command-execution-playbook (#29092) * Add playbook and readme files * Add updated files * Add playbook image * Update release notes * Fix validation error * Bump pack from version CortexXDR to 5.1.0. * Bump pack from version CortexXDR to 5.2.0. * Bump pack from version CortexXDR to 5.2.0. * Bump pack from version CortexXDR to 5.2.0. * Add CommandLine verdict to layout * Update according to demo review comments * Bump pack from version CortexXDR to 5.2.0. * Bump pack from version CortexXDR to 5.2.0. * Add field for cmd line verdict * Update layout * Fix review comments * Update from master * Update Packs/CortexXDR/ReleaseNot… * Add Joesecurity onprem integration (#31674) (#32888) * Add JoeSecurity On-Premis Integration * Update dockerimage to address validate errors * Update config file to address validate errors * Adjust playbook to use either integration version * update relase notes * Revert dedicated OnPremise Integration Add support to existing JoeSecurityV2 Integration * apply format to test file * revert tests conf.json changes * Add back deprecated parameters for backwards compability, also add "deprecated" value to parameter * Update releasenotes * undo command name change * Update Release notes and add breaking changes * update docker image * add newline to playbook to match version on master * update release note * Make the on_premise parameter required * catch cloud only param exception and re-raise with better info The 'syntax' of the raw data given to the new raise exception is deducted from the jbxapi github * Add file_name attribute to submit-sample command if non is given, the existing behavior remains. If given, the provided name is given to the sandbox * apply format to yml file * fix typos in release notes * update docker Image --------- Co-authored-by: rundssoar <139948408+rundssoar@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com> * populated fields default values fix (#32879) * populated fields default values fix * RN + precommit * Bump pack from version Base to 1.33.29. * Bump pack from version Base to 1.33.30. * Fix unitests and RN * Pre-commit * fix rn --------- Co-authored-by: jbabazadeh Co-authored-by: Content Bot * saassecurity (#32912) * add lines to trigger tpb * update docker * Update 2_0_29.md * Automate Demisto SDK release (#31941) * Major Rapid Ivanti Update (#32775) * update RN * Added pack ignore for the RN header issue * Remove the maximum page size from the docs (#32869) * remove the maximum * RN * Shirley * format * RN * Fix issue with empty folder raising error, and fix duplicate emails/ XSUP-32511 (#32787) * init * rn * changes * fix * tests * pre commit * fix * fix tests * fix test * more * fox to OR * docker * add debug * my mistake * fix with Jasmine * fixes * RN * Docker * RN * flake 8 * updated the reviwers and TL github users (#32952) * [QRadar] Add support for last run and remove support multithreading (#32502) * Add build files to git ignore (#32851) * Add build files to git ignore * add git commit * change branch * remove nightly condition * revert * git commit with flag a * git commit with flag a * revert * Update on call to Edri&Polishuk (#32964) * bug - Cortex IR resolved incidents not mirrored correctly (#32856) * bug - Cortex IR resolved incidents not mirrored correctly * Possible fix * RN * Bump pack from version CortexXDR to 6.1.16. * pre commit * rn * pre-commit * fix test * pre commit --------- Co-authored-by: Content Bot * Update Docker Image To demisto/taxii-server (#32897) * Updated Metadata Of Pack CybleThreatIntel * Added release notes to pack CybleThreatIntel * Packs/CybleThreatIntel/Integrations/CybleThreatIntel/CybleThreatIntel.yml Docker image update * EXPANDR-8026: Azure Remediation Bug Fix and Improvements (#32882) (#32941) * update files * RN * RN part 2 * Apply suggestions from code review --------- Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Yuval Cohen <86777474+yucohen@users.noreply.github.com> * fix(sekoiaio/cti): return None for unknown indicator (#32246) (#32953) * fix(sekoiaio/cti): properly return unknown indicator * fix(sekoiaio/cti): properly return unknown indicator * Apply review suggestion by @sapirshuker * Apply review suggestion by @sapirshuker * Apply review suggestion by @sapirshuker * Apply review suggestion by @sapirshuker * fix(sekoiacti): fix tests and bump version * Apply review suggestion by @sapirshuker * Apply review suggestion by @sapirshuker * Revert "Apply review suggestion by @sapirshuker" This reverts commit 8ec89e66818215fae209e95c2c099e4ed304b26f. * Apply review suggestion by @sapirshuker * Bump version and Docker image * Fix CI Co-authored-by: lilyus <8960084+PierrickV@users.noreply.github.com> * stage private packs for the graph (#32923) * Qualys_Add_New_Commands (#31917) (#32972) * Qualys_Add_New_Commands * Qualys_Add_New_Commands * update Qualysv2.py * update Qualysv2.yml * update README.md * update RN * fix commands * update yml * update descriptions * update README.md * update RN * update docker * pre commit * doc review --------- Co-authored-by: DaniSalcedoGFT <153612119+DaniSalcedoGFT@users.noreply.github.com> Co-authored-by: adi88d Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> * Update `demisto/crypto` 70-100 coverage rate (#32593) * upgrade images * update RN * Update demisto/yarapy 70-100 coverage rate (#32585) * upgrade images * update RN * Update `demisto/xml-feed` 55-70 coverage rate (#32642) * upgrade images * update RN * Bump pack from version FeedDHS to 2.0.32. * Update DHS_Feed.yml * Update 2_0_32.md --------- Co-authored-by: Content Bot * Update `demisto/pycef` 55-70 coverage rate (#32672) * upgrade images * update RN * Update `demisto/faker3` 55-70 coverage rate (#32662) * upgrade images * update RN * Update `demisto/ntlm` 55-70 coverage rate (#32660) * upgrade images * update RN * Update `googleapi-python3` 40-55 coverage rate (#32647) * upgrade images * update RN * Update GoogleDocs.yml * Update 1_0_24.md * Update `demisto/btfl-soup` 40-55 coverage rate (#32628) * upgrade images * update RN * Update `demisto/python3-deb` 40-55 coverage rate (#32569) * upgrade images * update RN * Update ArcherV2.yml * Update 1_2_15.md * Update docker images of `Syslog` items (#32947) * update docker * update RN * revert git commit (#32973) * update tanium v2 readme (#32975) * Revert "YR/Handle long running pipelines, and commits with no pipelines/CIAC-9386 (#32462)" (#32974) This reverts commit 29aa622d6aebb5b27f5eec510caa3ee90a2f25c8. Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com> * MISP 2.1.41 - Add Custom Object command (#32955) * MISP 2.1.41 - Add Custom Object command (#32881) * MISP 2.1.41 - add-custom-object command * Updated release notes * Updated MISPV3_test.py * Update Packs/MISP/ReleaseNotes/2_1_41.md Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com> * Updated MISPV3.py * Revert Docker Version --------- Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com> * Update Packs/MISP/ReleaseNotes/2_1_41.md Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> --------- Co-authored-by: Martin Ohl Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com> Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * Zimperium v2Integration (#32615) * saving initial integration * added fetch + fixes in the commands * unitests and output descriptions * pre-commit fix * trying to fix fetch * trying to fix fetch * rn; mapper; last fixes; * incident field * remove conf.json * added mapper * fixes from cr * fixes from cr * adding readme, pre-commit fixes * adding readme fixes * fix for test module * limit fix * fix readme * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * docker, coverage * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fix validation on readme * limit and page_size * save fixes from the demo * filter report by improtance * fixes in pre-commit after demo * fixed a release notes * change the search params descriptioin * changes from thr cr * pre-commit fix * fromversion 6.9 to pass the build * fromversion 6.9 to pass the build --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Upgrade `python3` docker images 0-20 coverage rate (#32446) * update docker * updateRN * revert RN * update RN * Bump pack from version Base to 1.33.31. * update RN after merge master * Bump pack from version ArcherRSA to 1.2.16. --------- Co-authored-by: Content Bot * [Okta v2] Make API Token Non-required When Using OAuth (#32877) * Make API token optional and non-required when using OAuth * Update documentation * Bump version * pre-commit * Bump pack from version Okta to 3.2.11. * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Bump Docker version * Fix mypy issues * Fix release-notes * Minor documentation improvement * Minor fix --------- Co-authored-by: Content Bot Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * [Xsup 33523] fix for microsoft-365-defender-advanced-hunting (#32976) * reproduce the error * replace split by "|" with regex * update rn * pre commit * update docker * [AlienVault] Add error handling for convert_timestamp_to_iso86 (#32958) * fix IdentifyAttachedEmail handle None (#32966) * fix IdentifyAttachedEmail handle None * fix docker * add coverage * Bump pack from version CommonScripts to 1.14.0. --------- Co-authored-by: Content Bot * Update `demisto/dxl` 25-40 coverage rate (#32648) * upgrade images * update RN * Update `demisto/googleapi-python3` 0-10 coverage rate (#32646) * upgrade images * update RN * Update `demisto/google-api-py3` 25-40 coverage rate (#32645) * upgrade images * update RN * Update `demisto/bs4-py3` 0-10 coverage rate (#32637) * upgrade images * update RN * Update `demisto/netutils` 0-10 coverage rate (#32631) * upgrade images * update RN * Update `demisto/graphql` 0-10 coverage rate (#32625) * upgrade images * update RN * Update `demisto/blueliv` 0-10 coverage rate (#32624) * upgrade images * update RN * Update `demisto/taxii` 10-25 coverage rate (#32604) * upgrade images * update RN * Bump pack from version FeedAlienVault to 1.1.31. --------- Co-authored-by: Content Bot * Update `demisto/dnstwist` '0-10' coverage rate (#32582) * upgrade images * updateRN * Update `demisto/fastapi` 0-10 coverage rate (#32571) * upgrade images * update RN * Bump pack from version AlibabaActionTrail to 1.0.24. --------- Co-authored-by: Content Bot * Upgrade `demisto/boto3py3` items 0-10 coverage rate (#32565) * upgrade images * update RN * update docker * upgrade docker * update AWSWAF * Awssns listener (#31633) * init commit * Adding missing files, * Remove unnecessary imports * Adding test playbook. Removing redundant fields from yml conf * Adding the TPB to the yml test * Ignoring secret Deleting redundant file * Fix validations issues * Edit readme files. * flake8 error * Adding image * Remove redundant import * Remove redundant file. Fix image name. * Apply suggestions from code review tech doc review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Fix wrong descriptions. * Fix description in yml and README. Fix TestPlaybook * Add instance_names to TPB * Adding store sample logic * update docker version. * Add a unique endpoint instead of the server builtin endpoint * Adding validation to messages * testing long running port * with comments * adding comments * working * Trying to validate the request * Added proxy and verify to call * Removed redundant log writes. Added validation for version2 * Added integration username and password specific verification * bump docker version * Added additional info to username command * updated the README * Logs refactoring * Specified a version in README * remove TODO * README description and yml changes. * Code review changes * Added support for baseclient Added CSP implementation of handle proxy for long runnning integrations * Code review changes * Split long functions * Extracting server config * RN for CSP * Fix READMS. bump docker version. * ignoring false positive secrets * changes ep on tbp * ignore AWS-SNS_Listener TPB * after merge from master * Add unit tests * ignore false positive secret * fix pragma no cover annotation. Bump Base version * ignore demitso.error print from test. --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * [Slack v3] - add support for file-mirroring from xsoar to slack (#32611) * logs * mirror files from xsoar to slack * start implementing mirror from slack to xsoar * mirror from slack to xsoar - in progress * use http-request for mirroring slack files to xsoar * revert enable_dm param * revert csp changes * handle ssl errors * add context * revert mirror from slack to xsoar * add test * bump rn * type ignore * add comment handling and fix test * update param location * bump docker * rn * update docs * fix test * update rn * update disclaimer * Bump pack from version Slack to 3.4.6. --------- Co-authored-by: Content Bot * Qradar reference sets list issue (#32779) * fix qradar-reference-sets-list to able use ref_name with filter and range * Bump pack from version QRadar to 2.4.49. * filter description * Update QRadar_v3.py * RN * RN --------- Co-authored-by: Content Bot * [XSUP-33662] Fix Okta Auth0 test-module (#32992) * fixed XSUP-33662 * docker * XSIAM Compliance Dashboard&Report Update (#31947) * test commit * Update RN * Ignoring failing RN validation * Updated to verison 2.0.0 * Changed ReadME * Updated RN * Updated RN * Updated Hipaa RN testing * Updated RN * Updated README * Updated pack ignore --------- Co-authored-by: cweltPA <129675344+cweltPA@users.noreply.github.com> * PhishTank v2 - Added the username parameter (#32951) * added the username parameter * update docker * set username as optional * doc review * add test_user_agent_header * flake8 * [CortexXpanse] Update Integration Fetch Offset (#32868) (#33002) * Remove 3 second offset * Add debug logging and remove comments * changes after convo with John * docket and RN * bump ver * edit RN * readd old RN * Update Packs/CortexXpanse/Integrations/CortexXpanse/CortexXpanse.py --------- Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: bigeasyj Co-authored-by: John <40349459+BigEasyJ@users.noreply.github.com> Co-authored-by: Moshe Galitzky <112559840+moishce@users.noreply.github.com> * metrics in csp (#32383) * Update Docker Image To demisto/boto3py3 (#33008) * Updated Metadata Of Pack AWS-CloudTrail * Added release notes to pack AWS-CloudTrail * Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.yml Docker image update * Update Docker Image To demisto/python3 (#33007) * Updated Metadata Of Pack DomainToolsIrisDetect * Added release notes to pack DomainToolsIrisDetect * Packs/DomainToolsIrisDetect/Integrations/DomainToolsIrisDetect/DomainToolsIrisDetect.yml Docker image update * Updated Metadata Of Pack AtlassianConfluenceCloud * Added release notes to pack AtlassianConfluenceCloud * Packs/AtlassianConfluenceCloud/Integrations/AtlassianConfluenceCloud/AtlassianConfluenceCloud.yml Docker image update * Updated Metadata Of Pack Gatewatcher-AionIQ * Added release notes to pack Gatewatcher-AionIQ * Packs/Gatewatcher-AionIQ/Integrations/GCenter/GCenter.yml Docker image update * Updated Metadata Of Pack McAfeeNSM * Added release notes to pack McAfeeNSM * Packs/McAfeeNSM/Integrations/McAfeeNSMv2/McAfeeNSMv2.yml Docker image update * Updated Metadata Of Pack RecordedFutureASI * Added release notes to pack RecordedFutureASI * Packs/RecordedFutureASI/Integrations/RecordedFutureASI/RecordedFutureASI.yml Docker image update * Updated Metadata Of Pack Securonix * Added release notes to pack Securonix * Packs/Securonix/Integrations/Securonix/Securonix.yml Docker image update * Updated Metadata Of Pack NetBox * Added release notes to pack NetBox * Packs/NetBox/Integrations/NetBoxEventCollector/NetBoxEventCollector.yml Docker image update * Updated Metadata Of Pack SentinelOne * Added release notes to pack SentinelOne * Packs/SentinelOne/Integrations/SentinelOneEventCollector/SentinelOneEventCollector.yml Docker image update * Updated Metadata Of Pack illuminate * Added release notes to pack illuminate * Packs/illuminate/Integrations/Analyst1/Analyst1.yml Docker image update * Updated Metadata Of Pack DeHashed * Added release notes to pack DeHashed * Packs/DeHashed/Integrations/DeHashed/DeHashed.yml Docker image update * Update Docker Image To demisto/googleapi-python3 (#33009) * Updated Metadata Of Pack GSuiteAdmin * Added release notes to pack GSuiteAdmin * Packs/GSuiteAdmin/Integrations/GSuiteAdmin/GSuiteAdmin.yml Docker image update * Updated Metadata Of Pack GoogleSheets * Added release notes to pack GoogleSheets * Packs/GoogleSheets/Integrations/GoogleSheets/GoogleSheets.yml Docker image update * Updated Metadata Of Pack GoogleChronicleBackstory * Added release notes to pack GoogleChronicleBackstory * Packs/GoogleChronicleBackstory/Integrations/GoogleChronicleBackstory/GoogleChronicleBackstory.yml Docker image update * Updated Metadata Of Pack GSuiteSecurityAlertCenter * Added release notes to pack GSuiteSecurityAlertCenter * Packs/GSuiteSecurityAlertCenter/Integrations/GSuiteSecurityAlertCenter/GSuiteSecurityAlertCenter.yml Docker image update * Updated Metadata Of Pack GoogleDrive * Added release notes to pack GoogleDrive * Packs/GoogleDrive/Integrations/GoogleDrive/GoogleDrive.yml Docker image update * Updated Metadata Of Pack GoogleCalendar * Added release notes to pack GoogleCalendar * Packs/GoogleCalendar/Integrations/GoogleCalendar/GoogleCalendar.yml Docker image update * Update Docker Image To demisto/btfl-soup (#33010) * Updated Metadata Of Pack EmailCommunication * Added release notes to pack EmailCommunication * Packs/EmailCommunication/Scripts/DisplayEmailHtmlThread/DisplayEmailHtmlThread.yml Docker image update * update docker + RN (#32995) * update docker + RN (#32996) * update docker + RN (#32999) * [Okta Event Collector] Add next pagination token logic (#32393) * Update last fetch logic * Implemented 'next' pagination token logic * Handle resetting next_link token * Update release notes * FIxed failing UTs * Remove pragma no cover * Rename 3_2_10.md to 3_2_12.md * add 3_2_10.md * Add UTs * Add UTs * Update `demisto/sklearn` 0-10 coverage rate (#32760) * upgrade images * update RN * Bump pack from version Base to 1.33.26. * Bump pack from version Base to 1.33.27. * Bump pack from version Base to 1.33.28. * Bump pack from version Base to 1.33.29. * Bump pack from version Base to 1.33.30. * Bump pack from version Base to 1.33.31. * Bump pack from version Base to 1.33.32. * Bump pack from version Base to 1.33.33. * Bump pack from version Base to 1.33.34. --------- Co-authored-by: Content Bot * Update `demisto/tidy` 0-10 coverage rate (#32671) * upgrade images * update RN * Update `demisto/snowflake` 0-10 coverage rate (#32667) * upgrade images * update RN * Update `demisto/smbprotocol` 0-10 coverage rate (#32666) * upgrade images * update RN * Update `demisto/resilient` 10-25 coverage rate (#32659) * upgrade images * update RN * Update `demisto/google-vision-api` 0-10 coverage rate (#32658) * upgrade images * update RN * Update `demisto/google-kms` 10-25 coverage rate (#32656) * upgrade images * update RN * Update `demisto/google-cloud-translate` 25-40 coverage rate (#32655) * upgrade images * update RN * Update `demisto/pwsh-exchangev3` 0-10 coverage rate (#32654) * upgrade images * update RN * Bump pack from version Microsoft365Defender to 4.5.18. * Bump pack from version Microsoft365Defender to 4.5.19. --------- Co-authored-by: Content Bot * Update `demisto/fastapi` 25-40 coverage rate (#32572) * upgrade images * update RN * Update `demisto/etl2pcap` 25-40 coverage rate (#32674) * upgrade images * update RN * Update `demisto/btfl-soup` 25-40 coverage rate (#32627) * upgrade images * update RN * [Microsoft Graph Security] Update msg-update-alert documentation (#32983) * update docs * update dockers * add "MSG-ediscovery-tpb" to skipped_tests * Ignore E2E jobs in check jobs are really done (#32963) * update docker + RN (#33000) * troubleshooting splunk cloud (#33019) * troubleshooting splunk cloud * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * AWS Cloud Watch logs - fix proxy issue (#32956) (#33024) * fix proxy issue * format yml * Update Packs/AWS-CloudWatchLogs/Integrations/AWS-CloudWatchLogs/AWS-CloudWatchLogs.yml * Update Packs/AWS-CloudWatchLogs/ReleaseNotes/1_2_19.md * format and ReleaseNotes * ReleaseNotes * add 1_2_20 --------- Co-authored-by: Fábio Dias Co-authored-by: merit-maita <49760643+merit-maita@users.noreply.github.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> * fix + RN (#32990) * Add nightly ok label workflow (#32876) * Add nightly ran GitHub workflow * change label name * change label name * update message * remove continue on error * changed gitlab * update workflow * change name * typo * Update on call to Edri&Polishuk (#32964) * bug - Cortex IR resolved incidents not mirrored correctly (#32856) * bug - Cortex IR resolved incidents not mirrored correctly * Possible fix * RN * Bump pack from version CortexXDR to 6.1.16. * pre commit * rn * pre-commit * fix test * pre commit --------- Co-authored-by: Content Bot * Update Docker Image To demisto/taxii-server (#32897) * Updated Metadata Of Pack CybleThreatIntel * Added release notes to pack CybleThreatIntel * Packs/CybleThreatIntel/Integrations/CybleThreatIntel/CybleThreatIntel.yml Docker image update * EXPANDR-8026: Azure Remediation Bug Fix and Improvements (#32882) (#32941) * update files * RN * RN part 2 * Apply suggestions from code review --------- Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Yuval Cohen <86777474+yucohen@users.noreply.github.com> * change to run * cr fixes * fix git diff * add git checkout * origin * github event * chckout * master * GITHUB_REF * change name * only master * fetch origin master * remove print * chekcout * 0 * fi * add origin * fix syntax * revert gitlab * add if * change else * curl brackets * remove n * $GITHUB_OUTPUT * gitlab change * print * revert * add changed files null * commit * echo * comment * without grep * fix * new line * gitlab changed * remove ^ * remove " * gitlab/ci * use * * GITLAB_CHANGED_FILES * fix check * console log outputs * fix logs * add $ * remove logs * remove true * revert * log * impement if * add brackets * gitlab * revert gitlab --------- Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com> Co-authored-by: Content Bot Co-authored-by: content-bot <55035720+content-bot@users.noreply.github.com> Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Yuval Cohen <86777474+yucohen@users.noreply.github.com> * [FeedElasticSearch] Fix ids in last run (#32778) * Update Docker Image To demisto/crypto (#33042) * Updated Metadata Of Pack MicrosoftTeams * Added release notes to pack MicrosoftTeams * Packs/MicrosoftTeams/Integrations/MicrosoftTeamsManagement/MicrosoftTeamsManagement.yml Docker image update * Update Docker Image To demisto/python3 (#33040) * Updated Metadata Of Pack Darktrace * Added release notes to pack Darktrace * Packs/Darktrace/Integrations/DarktraceAdmin/DarktraceAdmin.yml Docker image update * Packs/Darktrace/Integrations/DarktraceMBs/DarktraceMBs.yml Docker image update * Packs/Darktrace/Integrations/DarktraceAIA/DarktraceAIA.yml Docker image update * Updated Metadata Of Pack ForescoutEyeInspect * Added release notes to pack ForescoutEyeInspect * Packs/ForescoutEyeInspect/Integrations/ForescoutEyeInspect/ForescoutEyeInspect.yml Docker image update * Updated Metadata Of Pack Stairwell * Added release notes to pack Stairwell * Packs/Stairwell/Integrations/Inception/Inception.yml Docker image update * Updated Metadata Of Pack SecureWorks * Added release notes to pack SecureWorks * Packs/SecureWorks/Integrations/TaegisXDRv2/TaegisXDRv2.yml Docker image update * Updated Metadata Of Pack BmcITSM * Added release notes to pack BmcITSM * Packs/BmcITSM/Integrations/BmcITSM/BmcITSM.yml Docker image update * Updated Metadata Of Pack Tessian * Added release notes to pack Tessian * Packs/Tessian/Integrations/Tessian/Tessian.yml Docker image update * Updated Metadata Of Pack Cisco-umbrella-cloud-security * Added release notes to pack Cisco-umbrella-cloud-security * Packs/Cisco-umbrella-cloud-security/Integrations/CiscoUmbrellaCloudSecurityv2/CiscoUmbrellaCloudSecurityv2.yml Docker image update * Updated Metadata Of Pack SingleConnect * Added release notes to pack SingleConnect * Packs/SingleConnect/Integrations/SingleConnect/SingleConnect.yml Docker image update * fix base client execution metrics (#33044) * fix base client execution metrics * added test * [pre commit] Update coverage-analyze hook (#33035) * change coverage-analyze to coverage-pytest-analyze * Update hook * Update .pre-commit-config_template.yaml * Teams docs (#32949) * updated readme * edited description * added rn * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * lr * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/MicrosoftTeams_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * added unittest --------- Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * [bug] - threatconnect feed missing indicator type parser (#32993) * [bug] - threatconnect feed missing indicator type parser * test * rn * debug logs * DI * revert * precommit * [Sleep] Removed Polling in 6 (#33056) * ad-modify-user-ou adds backslash to CN (#31491) * Update shift management scripts (#31130) * fixed the bug and added unit tests * updated docker image * RN * updated docker image * cr updates * EWS rule commands - MS graph python integrations (#30943) Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * MS IIS Update (#31132) * Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes * Anomali ThreatStream change DBot verdict from Benign to Unknown for Low Confidence Indicators (#30993) (#31151) * change DBot verdict from Benign to Unknown for Low Confidence Indicators Indicators found in Anomali that are below Confidence thresholds should be created as Unknown and not Benign. Anomali ThreatStream documentation regarding Confidence https://ui.threatstream.com/optic-doc/Content/Features/threat_model/Observables/details_indicator.htm Confidence - Confidence indicates the certainty that an observable exhibits or is connected to malicious behavior. If Anomali has indicators with low Confidence, that doesn't mean the indicator is Benign/Safe. It means Anomali is unsure that the indicator is Malicious and as such the more appropriate verdict in XSOAR should be Unknown. * add indicator_default_score param * changed values to Benign and Unknown * update README and RN * update RN * update docker set required to false * update docker * fix docs comments --------- Co-authored-by: zdrouse Co-authored-by: adi88d Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> * generate empty junit files (#31153) * Update 1_6_0.json (#31164) * fix splunkpy splunk_submit_event_hec_command string issue (#30978) * fix splunkpy splunk_submit_event_hec_command string issue * test * add fix * update rn * [xsoar saas] - fix ports taxii2 e2e (#31163) * Hello world saas (#30901) * added a new incident field only for saas mp * added an incident field to xsoar_saas only for demonstration * format incident field * format incident field * added saas word to known words * version * merge with master * fixed the xsoar_saas end tag * Added tests to validate result * modified RN * pre commit changes * RN tags * ignoe long line * MS IIS README (#31158) * Updated README * Updated README * Fixes For IP Enrichment Playbooks (#31114) * Fixes For IP Enrichment Playbooks * RN * Removed the mapping rule from both playbooks. Updated the default value of the internal range playbook input according to RFC 1918. * Removed the value of 'UseReputationCommand' playbook input and fixes the YML files * Fixed RN * Removed the value set for the 'UseReputationCommand' sub-playbook input. Re-added the default value for 'UseReputationCommand' playbook input * skip ThreatStream-Test (#31172) * [transformers] Enhance to be more durable (#30897) [transformers] Enhance to be more durable * Fixes For 'Email Address Enrichment - Generic v2.1' (#31122) * Fixes For 'Email Address Enrichment - Generic v2.1' * Re-added the test playbook and marketplace configs to the playbook YML file * changed the 'domain' playbook input value * removed the 'domain' playbook input value and added RN * Fixed RN * Bump pack from version CommonPlaybooks to 2.4.34. --------- Co-authored-by: Content Bot * DisplayMappedFields - Fix dark mode text color (#31085) * removed the hardcoded color * removed the hardcoded color * update RN * update docker image * Bump pack from version CommonScripts to 1.12.48. * Unittest fixes * Bump pack from version CommonScripts to 1.12.49. * Unittest fixes * Bump pack from version CommonScripts to 1.12.50. * Bump pack from version CommonScripts to 1.12.51. * Bump pack from version CommonScripts to 1.12.52. * Bump pack from version CommonScripts to 1.12.53. --------- Co-authored-by: Content Bot * Updated the layout to exclude integration incident fields that are not pertinent to Vectra XDR (#31127) (#31182) Co-authored-by: Crest Data Systems <60967033+crestdatasystems@users.noreply.github.com> Co-authored-by: crestdatasystems Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com> * Taxii2 server relationship bug (#31162) * [taxii2-server] - code fixes * bump rn * docker update * remove debug-log because may wanted * [ASM] EXPANDER-7096 - ASM Remediation Guidance Fields (#30955) (#31178) Co-authored-by: John <40349459+BigEasyJ@users.noreply.github.com> Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> * Created pack for F5 BIG-IP APM (#31017) * Created pack for f5 apm * Added modeling rule files. * adding modeling rules and schema. * modified modeling rules * update yml file for modeling rule. * Update Packs/F5APM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/F5APM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/F5APM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/F5APM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/F5APM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/F5APM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * update readme. * Modified the read me file. --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * HelloWorld - delete old classifier (#31185) * Add support for is array for rep commands (#31169) * added support for isArray for python Xsoar supported reputation commands * added rn * Empty-Commit * python files fixes * fix docker issue * cr fixes * added logs and cache fix (#30577) * added logs and cache fix * Fixed another executeCommand results handling. * Updated docker image * Added rn * Update Packs/Phishing/ReleaseNotes/3_6_2.md Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * Update Packs/Phishing/Scripts/FindDuplicateEmailIncidents/FindDuplicateEmailIncidents.py --------- Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * Add support for is array for rep commands js (#31184) * JS files fixes * added rn * pre commit fixes * pre commit fixes * cr fixes * xsiam-avaya-siem-content-ciac-8502 (#31128) * init-pack * modeling-rules * add-docs * fix-pid-parsing * fix-README.md * Fixed For Endpoint Enrichment Playbooks (#31147) * Fixed For 'Endpoint Enrichment - Generic v2.1' Playbook * RN * RN * Fixes for Endpoint_Enrichment_-_Generic_v2.1_6_8 playbook * Bump pack from version CommonPlaybooks to 2.4.34. * Bump pack from version CommonPlaybooks to 2.4.35. * Fixed version for 'Endpoint Enrichment - Generic v2.1.6.8' playbook * Fixes for 'Endpoint Enrichment - Generic v2.1' playbook * Revert changes in 'Endpoint Enrichment - Generic v2.1' playbook --------- Co-authored-by: Content Bot * Update Docker Image To demisto/python3 (#31198) * Updated Metadata Of Pack DeveloperTools * Added release notes to pack DeveloperTools * Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml Docker image update * Updated Metadata Of Pack FlashpointFeed * Added release notes to pack FlashpointFeed * Packs/FlashpointFeed/Integrations/FlashpointFeed/FlashpointFeed.yml Docker image update * Updated Metadata Of Pack AbnormalSecurity * Added release notes to pack AbnormalSecurity * Packs/AbnormalSecurity/Integrations/AbnormalSecurity/AbnormalSecurity.yml Docker image update * Updated Metadata Of Pack FeedLOLBAS * Added release notes to pack FeedLOLBAS * Packs/FeedLOLBAS/Integrations/FeedLOLBAS/FeedLOLBAS.yml Docker image update * Updated Metadata Of Pack Hackuity * Added release notes to pack Hackuity * Packs/Hackuity/Integrations/Hackuity/Hackuity.yml Docker image update * Updated Metadata Of Pack Grafana * Added release notes to pack Grafana * Packs/Grafana/Integrations/Grafana/Grafana.yml Docker image update * Updated Metadata Of Pack Binalyze * Added release notes to pack Binalyze * Packs/Binalyze/Integrations/BinalyzeAIR/BinalyzeAIR.yml Docker image update * Updated Metadata Of Pack ServiceDeskPlus * Added release notes to pack ServiceDeskPlus * Packs/ServiceDeskPlus/Integrations/ServiceDeskPlus/ServiceDeskPlus.yml Docker image update * Updated Metadata Of Pack Oracle_IAM * Added release notes to pack Oracle_IAM * Packs/Oracle_IAM/Integrations/OracleIAM/OracleIAM.yml Docker image update * Updated Metadata Of Pack AccentureCTI * Added release notes to pack AccentureCTI * Packs/AccentureCTI/Integrations/ACTIIndicatorQuery/ACTIIndicatorQuery.yml Docker image update * Update Docker Image To demisto/boto3py3 (#31199) * Updated Metadata Of Pack SecurityIntelligenceServicesFeed * Added release notes to pack SecurityIntelligenceServicesFeed * Packs/SecurityIntelligenceServicesFeed/Integrations/SecurityIntelligenceServicesFeed/SecurityIntelligenceServicesFeed.yml Docker image update * Updated Metadata Of Pack AWS-IAM * Added release notes to pack AWS-IAM * Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml Docker image update * Updated Metadata Of Pack AWS-Route53 * Added release notes to pack AWS-Route53 * Packs/AWS-Route53/Integrations/AWSRoute53/AWSRoute53.yml Docker image update * Updated Metadata Of Pack AWS-AccessAnalyzer * Added release notes to pack AWS-AccessAnalyzer * Packs/AWS-AccessAnalyzer/Integrations/AWS-AccessAnalyzer/AWS-AccessAnalyzer.yml Docker image update * Updated Metadata Of Pack AWS-GuardDuty * Added release notes to pack AWS-GuardDuty * Packs/AWS-GuardDuty/Integrations/AWSGuardDutyEventCollector/AWSGuardDutyEventCollector.yml Docker image update * Packs/AWS-GuardDuty/Integrations/AWSGuardDuty/AWSGuardDuty.yml Docker image update * Updated Metadata Of Pack AWS-SecurityHub * Added release notes to pack AWS-SecurityHub * Packs/AWS-SecurityHub/Integrations/AWSSecurityHubEventCollector/AWSSecurityHubEventCollector.yml Docker image update * Updated Metadata Of Pack Aws-SecretsManager * Added release notes to pack Aws-SecretsManager * Packs/Aws-SecretsManager/Integrations/AwsSecretsManager/AwsSecretsManager.yml Docker image update * Update Docker Image To demisto/armorblox (#31203) * Updated Metadata Of Pack Armorblox * Added release notes to pack Armorblox * Packs/Armorblox/Integrations/Armorblox/Armorblox.yml Docker image update * Update Docker Image To demisto/py3-tools (#31201) * Updated Metadata Of Pack Intezer * Added release notes to pack Intezer * Packs/Intezer/Integrations/IntezerV2/IntezerV2.yml Docker image update * Updated Metadata Of Pack Zabbix * Added release notes to pack Zabbix * Packs/Zabbix/Integrations/Zabbix/Zabbix.yml Docker image update * Updated Metadata Of Pack FeedMalwareBazaar * Added release notes to pack FeedMalwareBazaar * Packs/FeedMalwareBazaar/Integrations/MalwareBazaarFeed/MalwareBazaarFeed.yml Docker image update * Updated Metadata Of Pack FeedGCPWhitelist * Added release notes to pack FeedGCPWhitelist * Packs/FeedGCPWhitelist/Integrations/FeedGoogleIPRanges/FeedGoogleIPRanges.yml Docker image update * Updated Metadata Of Pack AccentureCTI_Feed * Added release notes to pack AccentureCTI_Feed * Packs/AccentureCTI_Feed/Integrations/ACTIIndicatorFeed/ACTIIndicatorFeed.yml Docker image update * Updated Metadata Of Pack SEKOIAIntelligenceCenter * Added release notes to pack SEKOIAIntelligenceCenter * Packs/SEKOIAIntelligenceCenter/Integrations/SEKOIAIntelligenceCenter/SEKOIAIntelligenceCenter.yml Docker image update * Updated Metadata Of Pack JARM * Added release notes to pack JARM * Packs/JARM/Integrations/JARM/JARM.yml Docker image update * Updated Metadata Of Pack CommonWidgets * Added release notes to pack CommonWidgets * Packs/CommonWidgets/Scripts/RSSWidget/RSSWidget.yml Docker image update * Updated Metadata Of Pack FiltersAndTransformers * Added release notes to pack FiltersAndTransformers * Packs/FiltersAndTransformers/Scripts/Jmespath/Jmespath.yml Docker image update * Update Docker Image To demisto/oci (#31202) * Updated Metadata Of Pack OracleCloudInfrastructure * Added release notes to pack OracleCloudInfrastructure * Packs/OracleCloudInfrastructure/Integrations/OracleCloudInfrastructureEventCollector/OracleCloudInfrastructureEventCollector.yml Docker image update * Update Docker Image To demisto/accessdata (#31200) * Updated Metadata Of Pack Exterro * Added release notes to pack Exterro * Packs/Exterro/Integrations/Exterro/Exterro.yml Docker image update * Fix DS108 --------- Co-authored-by: israelpolishook * Update Docker Image To demisto/carbon-black-cloud (#31206) * Updated Metadata Of Pack CarbonBlackDefense * Added release notes to pack CarbonBlackDefense * Packs/CarbonBlackDefense/Integrations/CarbonBlackLiveResponseCloud/CarbonBlackLiveResponseCloud.yml Docker image update * Update Docker Image To demisto/taxii2 (#31205) * Updated Metadata Of Pack FeedUnit42v2 * Added release notes to pack FeedUnit42v2 * Packs/FeedUnit42v2/Integrations/FeedUnit42v2/FeedUnit42v2.yml Docker image update * Update Docker Image To demisto/crypto (#31204) * Updated Metadata Of Pack AzureKeyVault * Added release notes to pack AzureKeyVault * Packs/AzureKeyVault/Integrations/AzureKeyVault/AzureKeyVault.yml Docker image update * Updated Metadata Of Pack AzureSentinel * Added release notes to pack AzureSentinel * Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml Docker image update * Updated Metadata Of Pack AzureDevOps * Added release notes to pack AzureDevOps * Packs/AzureDevOps/Integrations/AzureDevOps/AzureDevOps.yml Docker image update * Updated Metadata Of Pack MicrosoftCloudAppSecurity * Added release notes to pack MicrosoftCloudAppSecurity * Packs/MicrosoftCloudAppSecurity/Integrations/MicrosoftCloudAppSecurity/MicrosoftCloudAppSecurity.yml Docker image update * Updated Metadata Of Pack AzureRiskyUsers * Added release notes to pack AzureRiskyUsers * Packs/AzureRiskyUsers/Integrations/AzureRiskyUsers/AzureRiskyUsers.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphGroups * Added release notes to pack MicrosoftGraphGroups * Packs/MicrosoftGraphGroups/Integrations/MicrosoftGraphGroups/MicrosoftGraphGroups.yml Docker image update * Updated Metadata Of Pack AzureSQLManagement * Added release notes to pack AzureSQLManagement * Packs/AzureSQLManagement/Integrations/AzureSQLManagement/AzureSQLManagement.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphAPI * Added release notes to pack MicrosoftGraphAPI * Packs/MicrosoftGraphAPI/Integrations/MicrosoftGraphAPI/MicrosoftGraphAPI.yml Docker image update * Updated Metadata Of Pack MicrosoftTeams * Added release notes to pack MicrosoftTeams * Packs/MicrosoftTeams/Integrations/MicrosoftTeamsManagement/MicrosoftTeamsManagement.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphApplications * Added release notes to pack MicrosoftGraphApplications * Packs/MicrosoftGraphApplications/Integrations/MicrosoftGraphApplications/MicrosoftGraphApplications.yml Docker image update * Update Docker Image To demisto/opnsense (#31208) * Updated Metadata Of Pack OPNSense * Added release notes to pack OPNSense * Packs/OPNSense/Integrations/OPNSense/OPNSense.yml Docker image update * Update Docker Image To demisto/auth-utils (#31207) * Updated Metadata Of Pack Cylance_Protect * Added release notes to pack Cylance_Protect * Packs/Cylance_Protect/Integrations/Cylance_Protect_v2/Cylance_Protect_v2.yml Docker image update * Updated Metadata Of Pack Zoom * Added release notes to pack Zoom * Packs/Zoom/Integrations/ZoomEventCollector/ZoomEventCollector.yml Docker image update * Updated Metadata Of Pack Silverfort * Added release notes to pack Silverfort * Packs/Silverfort/Integrations/Silverfort/Silverfort.yml Docker image update * Updated Metadata Of Pack AzureDataExplorer * Added release notes to pack AzureDataExplorer * Packs/AzureDataExplorer/Integrations/AzureDataExplorer/AzureDataExplorer.yml Docker image update * Updated Metadata Of Pack MicrosoftManagementActivity * Added release notes to pack MicrosoftManagementActivity * Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity.yml Docker image update * Updated Metadata Of Pack Box * Added release notes to pack Box * Packs/Box/Integrations/BoxEventsCollector/BoxEventsCollector.yml Docker image update * Packs/Box/Integrations/BoxV2/BoxV2.yml Docker image update * Updated Metadata Of Pack Troubleshoot * Added release notes to pack Troubleshoot * Packs/Troubleshoot/Scripts/CertificatesTroubleshoot/CertificatesTroubleshoot.yml Docker image update * commit --------- Co-authored-by: israelpolishook * Update Docker Image To demisto/ippysocks-py3 (#31211) * Updated Metadata Of Pack Whois * Added release notes to pack Whois * Packs/Whois/Integrations/Whois/Whois.yml Docker image update * Update Docker Image To demisto/python3 (#31214) * Updated Metadata Of Pack QualysFIM * Added release notes to pack QualysFIM * Packs/QualysFIM/Integrations/QualysFIM/QualysFIM.yml Docker image update * Updated Metadata Of Pack FortiSIEM * Added release notes to pack FortiSIEM * Packs/FortiSIEM/Integrations/FortiSIEMV2/FortiSIEMV2.yml Docker image update * Updated Metadata Of Pack FreshworksFreshservice * Added release notes to pack FreshworksFreshservice * Packs/FreshworksFreshservice/Integrations/FreshworksFreshservice/FreshworksFreshservice.yml Docker image update * Updated Metadata Of Pack KnowBe4_KMSAT * Added release notes to pack KnowBe4_KMSAT * Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSATEventCollector/KnowBe4KMSATEventCollector.yml Docker image update * Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSAT/KnowBe4KMSAT.yml Docker image update * Updated Metadata Of Pack SafeNet_Trusted_Access * Added release notes to pack SafeNet_Trusted_Access * Packs/SafeNet_Trusted_Access/Integrations/SafeNetTrustedAccessEventCollector/SafeNetTrustedAccessEventCollector.yml Docker image update * Updated Metadata Of Pack DelineaSS * Added release notes to pack DelineaSS * Packs/DelineaSS/Integrations/DelineaSS/DelineaSS.yml Docker image update * Updated Metadata Of Pack Cryptocurrency * Added release notes to pack Cryptocurrency * Packs/Cryptocurrency/Integrations/Cryptocurrency/Cryptocurrency.yml Docker image update * Updated Metadata Of Pack PANOSPolicyOptimizer * Added release notes to pack PANOSPolicyOptimizer * Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml Docker image update * Updated Metadata Of Pack DeveloperTools * Added release notes to pack DeveloperTools * Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml Docker image update * Update Docker Image To demisto/boto3py3 (#31215) * Updated Metadata Of Pack SecurityIntelligenceServicesFeed * Added release notes to pack SecurityIntelligenceServicesFeed * Packs/SecurityIntelligenceServicesFeed/Integrations/SecurityIntelligenceServicesFeed/SecurityIntelligenceServicesFeed.yml Docker image update * Updated Metadata Of Pack AWS-IAM * Added release notes to pack AWS-IAM * Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml Docker image update * Updated Metadata Of Pack AWS-Route53 * Added release notes to pack AWS-Route53 * Packs/AWS-Route53/Integrations/AWSRoute53/AWSRoute53.yml Docker image update * Updated Metadata Of Pack AWS-AccessAnalyzer * Added release notes to pack AWS-AccessAnalyzer * Packs/AWS-AccessAnalyzer/Integrations/AWS-AccessAnalyzer/AWS-AccessAnalyzer.yml Docker image update * Updated Metadata Of Pack AWS-GuardDuty * Added release notes to pack AWS-GuardDuty * Packs/AWS-GuardDuty/Integrations/AWSGuardDutyEventCollector/AWSGuardDutyEventCollector.yml Docker image update * Packs/AWS-GuardDuty/Integrations/AWSGuardDuty/AWSGuardDuty.yml Docker image update * Updated Metadata Of Pack AWS-SecurityHub * Added release notes to pack AWS-SecurityHub * Packs/AWS-SecurityHub/Integrations/AWSSecurityHubEventCollector/AWSSecurityHubEventCollector.yml Docker image update * Updated Metadata Of Pack Aws-SecretsManager * Added release notes to pack Aws-SecretsManager * Packs/Aws-SecretsManager/Integrations/AwsSecretsManager/AwsSecretsManager.yml Docker image update * Update Docker Image To demisto/accessdata (#31216) * Updated Metadata Of Pack Exterro * Added release notes to pack Exterro * Packs/Exterro/Integrations/Exterro/Exterro.yml Docker image update * Update Docker Image To demisto/oci (#31218) * Updated Metadata Of Pack OracleCloudInfrastructure * Added release notes to pack OracleCloudInfrastructure * Packs/OracleCloudInfrastructure/Integrations/OracleCloudInfrastructureEventCollector/OracleCloudInfrastructureEventCollector.yml Docker image update * Update Docker Image To demisto/py3-tools (#31217) * Updated Metadata Of Pack Intezer * Added release notes to pack Intezer * Packs/Intezer/Integrations/IntezerV2/IntezerV2.yml Docker image update * Updated Metadata Of Pack Zabbix * Added release notes to pack Zabbix * Packs/Zabbix/Integrations/Zabbix/Zabbix.yml Docker image update * Updated Metadata Of Pack FeedMalwareBazaar * Added release notes to pack FeedMalwareBazaar * Packs/FeedMalwareBazaar/Integrations/MalwareBazaarFeed/MalwareBazaarFeed.yml Docker image update * Updated Metadata Of Pack FeedGCPWhitelist * Added release notes to pack FeedGCPWhitelist * Packs/FeedGCPWhitelist/Integrations/FeedGoogleIPRanges/FeedGoogleIPRanges.yml Docker image update * Updated Metadata Of Pack AccentureCTI_Feed * Added release notes to pack AccentureCTI_Feed * Packs/AccentureCTI_Feed/Integrations/ACTIIndicatorFeed/ACTIIndicatorFeed.yml Docker image update * Updated Metadata Of Pack SEKOIAIntelligenceCenter * Added release notes to pack SEKOIAIntelligenceCenter * Packs/SEKOIAIntelligenceCenter/Integrations/SEKOIAIntelligenceCenter/SEKOIAIntelligenceCenter.yml Docker image update * Updated Metadata Of Pack JARM * Added release notes to pack JARM * Packs/JARM/Integrations/JARM/JARM.yml Docker image update * Updated Metadata Of Pack Anomali_ThreatStream * Added release notes to pack Anomali_ThreatStream * Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3.yml Docker image update * Updated Metadata Of Pack CommonWidgets * Added release notes to pack CommonWidgets * Packs/CommonWidgets/Scripts/RSSWidget/RSSWidget.yml Docker image update * Updated Metadata Of Pack FiltersAndTransformers * Added release notes to pack FiltersAndTransformers * Packs/FiltersAndTransformers/Scripts/Jmespath/Jmespath.yml Docker image update * CortexXDRIR-generic-polling (#31082) * - Added new playbook for quarantine_file - Old playbook deprecated - New image added * release notes added * - New playbook for _Retrieve_File_Playbook_v2 created - Old playbook _Retrieve_File_Playbook deprecated - Image was added * Release notes were added * Changed the name of the playbook * Readme file added * Added image * fixed image location in readme file * Update Packs/CortexXDR/Playbooks/Cortex_XDR_-_Retrieve_File_v2.yml Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> * Bump pack from version CortexXDR to 6.0.4. * Removed unnecessary tests * Readme files were updated * Fixes for the playbooks * fixed Tests/conf.json file * image issue fixed * Added new images * Update Packs/CortexXDR/Playbooks/Cortex_XDR_-_Retrieve_File_Playbook_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/Playbooks/Cortex_XDR_-_Retrieve_File_Playbook_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/ReleaseNotes/6_0_4.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/ReleaseNotes/6_0_4.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/ReleaseNotes/6_0_4.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/ReleaseNotes/6_0_4.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/Playbooks/Cortex_XDR_-_Retrieve_File_Playbook_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/Playbooks/Cortex_XDR_-_quarantine_file_v2_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * PR fixes - new condition to check if the task finished successfully * release notes updated * image path fixed * Added new outputs for playbook * release notes updated * fix * readme files fixed * image issue * image issue * fix * fix * fix * fix * uploaded new playbook because of the image issue * fix for image issue * delete photo * fixes * test playbooks fixed * test playbooks removed --------- Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> Co-authored-by: Content Bot Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Docker Image To demisto/crypto (#31219) * Updated Metadata Of Pack AzureKeyVault * Added release notes to pack AzureKeyVault * Packs/AzureKeyVault/Integrations/AzureKeyVault/AzureKeyVault.yml Docker image update * Updated Metadata Of Pack AzureSentinel * Added release notes to pack AzureSentinel * Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml Docker image update * Updated Metadata Of Pack AzureDevOps * Added release notes to pack AzureDevOps * Packs/AzureDevOps/Integrations/AzureDevOps/AzureDevOps.yml Docker image update * Updated Metadata Of Pack MicrosoftCloudAppSecurity * Added release notes to pack MicrosoftCloudAppSecurity * Packs/MicrosoftCloudAppSecurity/Integrations/MicrosoftCloudAppSecurity/MicrosoftCloudAppSecurity.yml Docker image update * Updated Metadata Of Pack AzureRiskyUsers * Added release notes to pack AzureRiskyUsers * Packs/AzureRiskyUsers/Integrations/AzureRiskyUsers/AzureRiskyUsers.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphGroups * Added release notes to pack MicrosoftGraphGroups * Packs/MicrosoftGraphGroups/Integrations/MicrosoftGraphGroups/MicrosoftGraphGroups.yml Docker image update * Updated Metadata Of Pack AzureSQLManagement * Added release notes to pack AzureSQLManagement * Packs/AzureSQLManagement/Integrations/AzureSQLManagement/AzureSQLManagement.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphAPI * Added release notes to pack MicrosoftGraphAPI * Packs/MicrosoftGraphAPI/Integrations/MicrosoftGraphAPI/MicrosoftGraphAPI.yml Docker image update * Updated Metadata Of Pack MicrosoftTeams * Added release notes to pack MicrosoftTeams * Packs/MicrosoftTeams/Integrations/MicrosoftTeamsManagement/MicrosoftTeamsManagement.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphApplications * Added release notes to pack MicrosoftGraphApplications * Packs/MicrosoftGraphApplications/Integrations/MicrosoftGraphApplications/MicrosoftGraphApplications.yml Docker image update * update pack ignore (#31193) * Slack event collector: fixed an issue where we get a Bad Request error (#31135) * fixed an issue where we get a Bad Request error. * pre-commit * added test * fixed Flake8 error * fixed cr comments * fixed cr comments * update Docker image * YR/Remove-fields-with-one-letter-DBotFindSimilarIncidents/XSUP-29299 (#31161) * fixes * code and test * remove Json feed from this pr * test * note * pre commit * RN * CR and Flake8 * format * pre commit * Fixes For 'URL Enrichment - Generic v2' Playbook (#31195) * Fixes For 'URL Enrichment - Generic v2' Playbook * RN * Bump pack from version CommonPlaybooks to 2.4.36. --------- Co-authored-by: Content Bot * F5 APM Remove XSIAM tags (#31221) * remove ls from test_e2e_results.sh (#31186) * [IsEmailAddressInternal] Fix an issue with **domain** argument (#31222) * First commit * Added RN * Update Packs/CommonScripts/ReleaseNotes/1_12_54.md Co-authored-by: Dean Arbel --------- Co-authored-by: Dean Arbel * Deprecate 'Get endpoint details - Generic' Playbook (#31196) * Deprecate 'Get endpoint details - Generic' Playbook * RN * Bump pack from version CommonPlaybooks to 2.4.36. * Bump pack from version CommonPlaybooks to 2.4.37. --------- Co-authored-by: Content Bot * Replacing the deprecated sub-playbook within the 'NGFW Internal Scan'… (#31197) * Replacing the deprecated sub-playbook within the 'NGFW Internal Scan' XSIAM playbook * RN * [Marketplace Contribution] CISO Metrics (#30641) (#31213) * "pack contribution initial commit" * Update pack_metadata.json * Update and rename dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CISO_Metrics.json to dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CommunityCommonDashboards.json Rename to CommunityCommonDashboards * Update pack_metadata.json Renamed "name": "CommunityCommonDashboards" * Update README.md Added description * Update README.md * Update and rename README.md to README.md * Rename dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CommunityCommonDashboards.json to dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CommunityCommonDashboards.json * Rename .pack-ignore to .pack-ignore * Rename .secrets-ignore to .secrets-ignore * Rename pack_metadata.json to pack_metadata.json * Update .pack-ignore * Update pack_metadata.json * Update .pack-ignore * Update and rename dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CommunityCommonDashboards.json to CISOMetrics.json Renamed to CISOMetrics * Update pack_metadata.json * Update pack_metadata.json * Update README.md --------- Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: Sapir Shuker <49246861+sapirshuker@users.noreply.github.com> Co-authored-by: David Uhrlaub <90627446+rurhrlaub@users.noreply.github.com> * Cybereason xsoar v 2.1.14 (#30647) (#31225) * added v2.1.14 codebase * fix pr comments * replace dummy md5 placeholder * Update Packs/Cybereason/Integrations/Cybereason/Cybereason.py * updated docker image python version * updated release notes docker version * added pagination params * updated docker image * fix lint errors * fix demisto validate errors * updated release notes * updated release notes * updated release notes * updated command name as per PR comment * removed manual filtering for response * updated function name to match the command name format * updated unit test as per new command name * added machinename filter to api query * moved empty output message to the top * updated docker image tag to latest * undo changes from unisolate endpoint playbook --------- Co-authored-by: suraj-metron <87964764+suraj-metron@users.noreply.github.com> Co-authored-by: Sapir Shuker <49246861+sapirshuker@users.noreply.github.com> * fixed polling support (#30873) * fixed polling support * fixed rn * added rn * added rn * XSUP-30786/Fix (#31168) * Added failing UT * Fixed the issue * Updated docker image * Updated RN * Update Packs/PAN-OS/ReleaseNotes/2_1_15.md Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * Updated the bug fix and the UT * updated docker image --------- Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * rewrite to js FirstArrayElement and LastArrayElement (#31228) * rewrite to js * added tpb * added empty test case to tpb * precommit fixes * change fromversion so build wont fail * Enable Core REST API with general XSIAM endpoints (#31226) * mostly works * added release notes * fixes from review * F5 APM fixed the marketplace build failure (#31236) * F5 APM Remove XSIAM tags * fix marketplace error * Add incidents field (#30393) (#31233) * add rawJSON field to incidents * release notes * update docker image tag * nit * fetching incident details * mapper + incident fields * remove incorrect incident field files * new incident field files, new mapper * sdk validate command changes * update release noteS * validation errors * fix validation errors * undo release notes changes * undo release notes change * undo release notes * undo release notes * undo release notes * nit * new release notes * remove playbook id * update docker image tag * revert release notes * revert RN * nit- remove filters used for testing * add details field to threats * remove try/except blocks * changing version * Update Abnormal_Security_Custom_Incident_types.json change from version * nit - remove changes used for demo * updating docker image * update docker image tag --------- Co-authored-by: William Olyslager Co-authored-by: sapirshuker Co-authored-by: Sapir Shuker <49246861+sapirshuker@users.noreply.github.com> * Update Docker Image To demisto/python3 (#31242) * Updated Metadata Of Pack CIRCL * Added release notes to pack CIRCL * Packs/CIRCL/Integrations/CirclCVESearch/CirclCVESearch.yml Docker image update * Updated Metadata Of Pack ipinfo * Added release notes to pack ipinfo * Packs/ipinfo/Integrations/ipinfo_v2/ipinfo_v2.yml Docker image update * Updated Metadata Of Pack AutoFocus * Added release notes to pack AutoFocus * Packs/AutoFocus/Integrations/FeedAutofocus/FeedAutofocus.yml Docker image update * Packs/AutoFocus/Integrations/AutofocusV2/AutofocusV2.yml Docker image update * Updated Metadata Of Pack MailSenderNew * Added release notes to pack MailSenderNew * Packs/MailSenderNew/Integrations/MailSenderNew/MailSenderNew.yml Docker image update * avoid to update Docker for AutoFocusv2 --------- Co-authored-by: israelpolishook * Fixes For 'IP Enrichment - Generic v2' Playbook (#31183) * Fixes For 'IP Enrichment - Generic v2' Playbook * RN * RN * Updated the 'InternalRange' playbook input's default value. * configured the 'extended_data' and 'threat_model_association' sub-playbook inputs * Bump pack from version CommonPlaybooks to 2.4.36. * Bump pack from version CommonPlaybooks to 2.4.37. * changed the default value of the 'ResolveIP' playbook input * re-added RN after merging from master * Fixes RN --------- Co-authored-by: Content Bot * Check if should run Instance role (#31245) * Added the sync from the saas bucket and modified the verify script to take the revision from the correct bucket. (#31254) * AWS Organizations (#30525) * init * commands template * aws-org-children-list * more commands * even more commands * added account commands * removed enhancement commands * use json_transform * unit-tests init * unit-tests continued * unit-tests continued some more * TPB * one more unit-test * one more unit-test * one more unit-test * name change * TPB * docs complete * pack readme * pack readme part 2 * readme modified * more tests * more tests * use get() * adde description * removed isFetch * added image * name change * CR changes * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update docker * put the commands back in * code complete * yml part 2 * yml part 3 * test template * unit-tests continued some more * unit-tests almost complete * unit-tests complete * fixed a few bugs * fixed unit-tests * added readme * update readme * added missing descriptions to readme * TPB * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * CR changes * demo changes * update docker * build wars: round 1 * build wars: round 2 * build wars: round 3; add unit-tests * build wars: round 4 * build wars: round 5 * build wars: round 6 --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * NextToken in CommandResults (#30501) * init * new design * added error in case of non nested input * RN * a tad more docs * Bump pack from version Base to 1.32.47. * Bump pack from version Base to 1.32.48. * Bump pack from version Base to 1.32.49. * improved doc-string * resolve conflicts * resolve conflicts * Bump pack from version Base to 1.32.52. --------- Co-authored-by: Content Bot * demisto-sdk-release 1.24.0 (#31268) * poetry files * update validate manager imports (#31179) * update validate manager imports * revert * Update Tests/configure_and_test_integration_instances.py * Edit file types test (#31170) * edited tests * s * s * edit --------- Co-authored-by: Content Bot Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com> Co-authored-by: merit-maita <49760643+merit-maita@users.noreply.github.com> Co-authored-by: JudithB <132264628+jbabazadeh@users.noreply.github.com> * modified modeling rules of clearswift dlp (#31247) * modified modeling rules of clearswift dlp * modified the parsing rule of clearswiftdlp * Added release notes. * added dlp to pack ignore * added Clearswift to pack ignore * QRadar: continue to poll in case of networking issues (#31084) * Generalize the mode option in pre-commit (#30663) * args updated to match the update in the sdk * add merge-coverage-report and coverage-analyze * updaing pyproject.toml * poetry lock * restoring pyproject.toml and poetry.lock * pre-commit.yml * updates * test comment * use sdk ref * if * add github output * revert ilan changes * merge-pytest-reports --------- Co-authored-by: ilan * EXPANDR-1576 CortexXpanse Remediation Guidance changes (#31190) * EXPANDR-1576 CortexXpanse Remediation Guidance changes (#30712) * CortexXpanse RG changes * Fix flake8 errors * Fix unit test cases * Update docker version * update command name * Readme updates * docker update * Ignore BC error * fix packignore * Update release notes * update breaking change notes * update breaking change notes * correct RN --------- Co-authored-by: Chait A <112722030+capanw@users.noreply.github.com> Co-authored-by: ilappe * Feature/cyberint enhancement (#31252) * Feature/cyberint enhancement (#30493) * Update Docker Image To demisto/py3-tools (#25523) * Updated Metadata Of Pack FeedAWS * Added release notes to pack FeedAWS * Packs/FeedAWS/Integrations/FeedAWS/FeedAWS.yml Docker image update * update Cyberint Pack * update release note and incidentfields * update CommonType release note * update CommonType relesenotes * update CommonType relese notes * update CyberInt Related entity name * update release notes * add new incident field: Alert Data * foramt alert_data * update CyberInt Related Entity name to avoid validation errors * reset the CyberInt Related Entity name * update incident field name * Update 3_3_93.md * pre commit update docker * added known words * fixed the RN * known words --------- Co-authored-by: TalGumi <101499620+TalGumi@users.noreply.github.com> Co-authored-by: omerKarkKatz <95565843+omerKarkKatz@users.noreply.github.com> Co-authored-by: okarkkatz * [xsoar-8 coverage] - use poll functions from SDK clients (#31144) * update poetry * use poll functions * test against builds * try to fix ssl issue * timeout = 300 + verify ssl * fix ssl issues * fix incident pull * fix * make verify=false by default * fix ports bug * use sdk master * revert poetry * revert infra used for testing * [CrowdStrike Falcon Intel v2] Fixed an issue in 'cs-actors' and 'cs-reports' commands (#31265) * Fix the 'NoneType' object is not iterable issue * ruff * Update the docker image; Add RN * Update Packs/CrowdStrikeIntel/ReleaseNotes/2_0_34.md Co-authored-by: Dean Arbel --------- Co-authored-by: Dean Arbel * oncall- installation orders (#31253) * test * test * revert debugs * pre-commit --------- Co-authored-by: Jas Beilin * Core rest api docs fix (#31262) * Improved descriptions. * Added docs * Added rn. * Changed i.e to e.g * bugfix/XSUP-30713/port-scan-pb-issue-incident-failure (#31154) * Fix playbook input's default value, change to not required, add check for value not empty * Update playbook image * Update release notes * Bump pack from version CortexXDR to 6.0.5. * Moved InternalIPRanges input check to better location * Fix review comments --------- Co-authored-by: Content Bot * [PagerDuty v2] Added Support For Pagination (#30959) * commit init - lint and type annotation * typing * pagination function and some typing * fix api limit and pagination * added UT and test_data * added RN and description for args * generate readme * update docker * added UT * fix flake8 * more docstring, one more UT, fix send unnecessary parameters * fix f-string * fix pep8 * revert copy * fix parameters name * docs review * update docker * [ASM] EXPANDR 7225 - Update Ev1 Integration Display Name (#31234) (#31276) * Update Display Name * Update release notes * Update docker image and add period to descriptions Co-authored-by: John <40349459+BigEasyJ@users.noreply.github.com> Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com> * Update Docker Image To demisto/python3 (#31286) * Updated Metadata Of Pack QualysFIM * Added release notes to pack QualysFIM * Packs/QualysFIM/Integrations/QualysFIM/QualysFIM.yml Docker image update * Updated Metadata Of Pack FortiSIEM * Added release notes to pack FortiSIEM * Packs/FortiSIEM/Integrations/FortiSIEMV2/FortiSIEMV2.yml Docker image update * Updated Metadata Of Pack FreshworksFreshservice * Added release notes to pack FreshworksFreshservice * Packs/FreshworksFreshservice/Integrations/FreshworksFreshservice/FreshworksFreshservice.yml Docker image update * Updated Metadata Of Pack KnowBe4_KMSAT * Added release notes to pack KnowBe4_KMSAT * Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSATEventCollector/KnowBe4KMSATEventCollector.yml Docker image update * Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSAT/KnowBe4KMSAT.yml Docker image update * Updated Metadata Of Pack SafeNet_Trusted_Access * Added release notes to pack SafeNet_Trusted_Access * Packs/SafeNet_Trusted_Access/Integrations/SafeNetTrustedAccessEventCollector/SafeNetTrustedAccessEventCollector.yml Docker image update * Updated Metadata Of Pack DelineaSS * Added release notes to pack DelineaSS * Packs/DelineaSS/Integrations/DelineaSS/DelineaSS.yml Docker image update * Updated Metadata Of Pack Cryptocurrency * Added release notes to pack Cryptocurrency * Packs/Cryptocurrency/Integrations/Cryptocurrency/Cryptocurrency.yml Docker image update * Updated Metadata Of Pack PANOSPolicyOptimizer * Added release notes to pack PANOSPolicyOptimizer * Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml Docker image update * Updated Metadata Of Pack DeveloperTools * Added release notes to pack DeveloperTools * Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml Docker image update * Add XSOAR_SAAS section to EDL description (#31264) * add XSOAR_SAAS section to EDL description * update RN * [XSUP 30575] Added full fields query param (#31272) * get indicators full fields data * pre-commit * release notes * tests and CR fixes * Update Packs/FeedCrowdstrikeFalconIntel/ReleaseNotes/2_1_13.md Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> --------- Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * Update Docker Image To demisto/boto3py3 (#31287) * Updated Metadata Of Pack SecurityIntelligenceServicesFeed * Added release notes to pack SecurityIntelligenceServicesFeed * Packs/SecurityIntelligenceServicesFeed/Integrations/SecurityIntelligenceServicesFeed/SecurityIntelligenceServicesFeed.yml Docker image update * Updated Metadata Of Pack AWS-IAM * Added release notes to pack AWS-IAM * Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml Docker image update * Updated Metadata Of Pack AWS-Route53 * Added release notes to pack AWS-Route53 * Packs/AWS-Route53/Integrations/AWSRoute53/AWSRoute53.yml Docker image update * Updated Metadata Of Pack AWS-AccessAnalyzer * Added release notes to pack AWS-AccessAnalyzer * Packs/AWS-AccessAnalyzer/Integrations/AWS-AccessAnalyzer/AWS-AccessAnalyzer.yml Docker image update * Updated Metadata Of Pack AWS-GuardDuty * Added release notes to pack AWS-GuardDuty * Packs/AWS-GuardDuty/Integrations/AWSGuardDutyEventCollector/AWSGuardDutyEventCollector.yml Docker image update * Packs/AWS-GuardDuty/Integrations/AWSGuardDuty/AWSGuardDuty.yml Docker image update * Updated Metadata Of Pack AWS-SecurityHub * Added release notes to pack AWS-SecurityHub * Packs/AWS-SecurityHub/Integrations/AWSSecurityHubEventCollector/AWSSecurityHubEventCollector.yml Docker image update * Updated Metadata Of Pack Aws-SecretsManager * Added release notes to pack Aws-SecretsManager * Packs/Aws-SecretsManager/Integrations/AwsSecretsManager/AwsSecretsManager.yml Docker image update * Update Docker Image To demisto/accessdata (#31288) * Updated Metadata Of Pack Exterro * Added release notes to pack Exterro * Packs/Exterro/Integrations/Exterro/Exterro.yml Docker image update * Update Docker Image To demisto/oci (#31290) * Updated Metadata Of Pack OracleCloudInfrastructure * Added release notes to pack OracleCloudInfrastructure * Packs/OracleCloudInfrastructure/Integrations/OracleCloudInfrastructureEventCollector/OracleCloudInfrastructureEventCollector.yml Docker image update * Update Docker Image To demisto/py3-tools (#31289) * Updated Metadata Of Pack Intezer * Added release notes to pack Intezer * Packs/Intezer/Integrations/IntezerV2/IntezerV2.yml Docker image update * Updated Metadata Of Pack Zabbix * Added release notes to pack Zabbix * Packs/Zabbix/Integrations/Zabbix/Zabbix.yml Docker image update * Updated Metadata Of Pack FeedMalwareBazaar * Added release notes to pack FeedMalwareBazaar * Packs/FeedMalwareBazaar/Integrations/MalwareBazaarFeed/MalwareBazaarFeed.yml Docker image update * Updated Metadata Of Pack FeedGCPWhitelist * Added release notes to pack FeedGCPWhitelist * Packs/FeedGCPWhitelist/Integrations/FeedGoogleIPRanges/FeedGoogleIPRanges.yml Docker image update * Updated Metadata Of Pack AccentureCTI_Feed * Added release notes to pack AccentureCTI_Feed * Packs/AccentureCTI_Feed/Integrations/ACTIIndicatorFeed/ACTIIndicatorFeed.yml Docker image update * Updated Metadata Of Pack SEKOIAIntelligenceCenter * Added release notes to pack SEKOIAIntelligenceCenter * Packs/SEKOIAIntelligenceCenter/Integrations/SEKOIAIntelligenceCenter/SEKOIAIntelligenceCenter.yml Docker image update * Updated Metadata Of Pack JARM * Added release notes to pack JARM * Packs/JARM/Integrations/JARM/JARM.yml Docker image update * Updated Metadata Of Pack Anomali_ThreatStream * Added release notes to pack Anomali_ThreatStream * Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3.yml Docker image update * Updated Metadata Of Pack CommonWidgets * Added release notes to pack CommonWidgets * Packs/CommonWidgets/Scripts/RSSWidget/RSSWidget.yml Docker image update * Updated Metadata Of Pack FiltersAndTransformers * Added release notes to pack FiltersAndTransformers * Packs/FiltersAndTransformers/Scripts/Jmespath/Jmespath.yml Docker image update * Update Docker Image To demisto/armorblox (#31291) * Updated Metadata Of Pack Armorblox * Added release notes to pack Armorblox * Packs/Armorblox/Integrations/Armorblox/Armorblox.yml Docker image update * Update Docker Image To demisto/crypto (#31292) * Updated Metadata Of Pack AzureKeyVault * Added release notes to pack AzureKeyVault * Packs/AzureKeyVault/Integrations/AzureKeyVault/AzureKeyVault.yml Docker image update * Updated Metadata Of Pack AzureSentinel * Added release notes to pack AzureSentinel * Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml Docker image update * Updated Metadata Of Pack AzureDevOps * Added release notes to pack AzureDevOps * Packs/AzureDevOps/Integrations/AzureDevOps/AzureDevOps.yml Docker image update * Updated Metadata Of Pack MicrosoftCloudAppSecurity * Added release notes to pack MicrosoftCloudAppSecurity * Packs/MicrosoftCloudAppSecurity/Integrations/MicrosoftCloudAppSecurity/MicrosoftCloudAppSecurity.yml Docker image update * Updated Metadata Of Pack AzureRiskyUsers * Added release notes to pack AzureRiskyUsers * Packs/AzureRiskyUsers/Integrations/AzureRiskyUsers/AzureRiskyUsers.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphGroups * Added release notes to pack MicrosoftGraphGroups * Packs/MicrosoftGraphGroups/Integrations/MicrosoftGraphGroups/MicrosoftGraphGroups.yml Docker image update * Updated Metadata Of Pack AzureSQLManagement * Added release notes to pack AzureSQLManagement * Packs/AzureSQLManagement/Integrations/AzureSQLManagement/AzureSQLManagement.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphAPI * Added release notes to pack MicrosoftGraphAPI * Packs/MicrosoftGraphAPI/Integrations/MicrosoftGraphAPI/MicrosoftGraphAPI.yml Docker image update * Updated Metadata Of Pack MicrosoftTeams * Added release notes to pack MicrosoftTeams * Packs/MicrosoftTeams/Integrations/MicrosoftTeamsManagement/MicrosoftTeamsManagement.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphApplications * Added release notes to pack MicrosoftGraphApplications * Packs/MicrosoftGraphApplications/Integrations/MicrosoftGraphApplications/MicrosoftGraphApplications.yml Docker image update * Update Docker Image To demisto/sixgill (#31293) * Updated Metadata Of Pack Cybersixgill-ActionableAlerts * Added release notes to pack Cybersixgill-ActionableAlerts * Packs/Cybersixgill-ActionableAlerts/Integrations/CybersixgillActionableAlerts/CybersixgillActionableAlerts.yml Docker image update * Updated Metadata Of Pack Sixgill-Darkfeed * Added release notes to pack Sixgill-Darkfeed * Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed_Enrichment/Sixgill_Darkfeed_Enrichment.yml Docker image update * Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed/Sixgill_Darkfeed.yml Docker image update * Update Docker Image To demisto/carbon-black-cloud (#31295) * Updated Metadata Of Pack CarbonBlackDefense * Added release notes to pack CarbonBlackDefense * Packs/CarbonBlackDefense/Integrations/CarbonBlackLiveResponseCloud/CarbonBlackLiveResponseCloud.yml Docker image update * Update Docker Image To demisto/taxii2 (#31294) * Updated Metadata Of Pack FeedDHS * Added release notes to pack FeedDHS * Packs/FeedDHS/Integrations/DHSFeedV2/DHSFeedV2.yml Docker image update * Updated Metadata Of Pack FeedUnit42v2 * Added release notes to pack FeedUnit42v2 * Packs/FeedUnit42v2/Integrations/FeedUnit42v2/FeedUnit42v2.yml Docker image update * MS IIS Update2 (#31256) * Updated MicrosoftIISWebServerModelingRules_1_3 * Updated ModelingRules filters * Updated ModelingRules filters * Updated ReleaseNotes * Upated ReleaseNotes * CrowdStrikeFalconX-genreic-polling (#31189) * old playbooks deprecated and new one added * readme file edited * set the interval from the inputs * fixes for release notes * added extensions to known words * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_URL_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/ReleaseNotes/1_2_37.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/ReleaseNotes/1_2_37.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/ReleaseNotes/1_2_37.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/ReleaseNotes/1_2_37.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * minor fixes for description * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_URL_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_URL_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_URL_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Add Symantec MSS to ignored items (#31296) * [XSUP 30870] Added full fields option for cs-actors and cs-reports commands (#31271) * Added the display_full_fields argument * pre-commit * release notes * tests and CR fixes * resolve conflict * pre-commit * CR fixes * docker * pre-commit * add myself as codeowner (#31314) * ORKL Feed Integration 1.0.0 Initial Release (#31166) * ORKL Feed Integration 1.0.0 Initial Release (#31101) Co-authored-by: Martin Ohl * [VirusTotal] Add suspicious threshold (#31220) * [VirusTotal] Add suspicious threshold (#31021) * fixing CimTrak_test.py unit tests (#31308) fixing CimTrak_test.py unit tests #31308 * Add new command and bug fix. (#31311) * Anomali ThreatStream v3 - Fix threatstream-get-indicators command (#31269) * fix get_indicators method * update RN * update docker * update test * update test * update get_indicators method * update RN * Update Packs/Anomali_ThreatStream/ReleaseNotes/2_2_9.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * update docker * update docker --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * SentinelOne v2: Add 2 new commands (#31312) * fixing jira file attachments (#31297) fixing jira file attachments, fixing mapping of newly created tickets #31297 * CiscoSMA Update (#31315) * Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes * updated docs (#31192) * updated docs * running pre-commit and docker * docker update * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * remove package-lock file * cr note * Update Packs/MicrosoftGraphDeviceManagement/ReleaseNotes/1_1_20.md Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> * Fix an issue when there is only one incident in fetch_incidents powershell (#31267) * added -AsArray * updated the docker image and added . * RN * unit tests and docker image * rn * docker image and release notes * Update Packs/Base/ReleaseNotes/1_32_53.md Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> * updated the unit tests --------- Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> * Get Entity Alerts by MITRE Tactics - Performance Improvements (Refactor) (#31232) * Added playbooks * New playbooks images, formatted playbooks, and added RN * Updated pb image to be in light mode * Further improvements to playbooks, updated docs, and updated playbook images * Bump pack from version CortexXDR to 6.0.6. * Changed alert to incident to fix validation * Descriptions --------- Co-authored-by: Content Bot * fix for sdk nightly e2e tests (#31310) * [qradar-v3] - handle connection errors (#31246) * [qradar-v3] - handle connection errors * add uts * bump rn * remove irrelevant imports * update code * timeout = 300 * bump rn * update implementation * docker image * fixes * remove imports * rn * update debug-message * update log * fix docker-image * fix ut * oncall-sdk-nightly-create-xsoar-instance (#31300) * overwrite the filter env file * remove space * remove print * Update .gitlab/ci/.gitlab-ci.on-push.yml Co-authored-by: Koby Meir --------- Co-authored-by: Koby Meir * [ASM] - EXPANDER 7238 - Jira Playbook Support for V2 and V3 Project Key (#31273) (#31322) * Add support V2 and V3, remove default project key - Add data collection task for customer - Leave Jira Project Key input as blank - Add support for project key passed into Jira V2 and V3 integrations * Add release notes * Update Playbook ReadMe * Add task description * Update release notes Co-authored-by: John <40349459+BigEasyJ@users.noreply.github.com> Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com> * Support contributions when the name of the repo isn't content (#31320) * update handle_external_pr.py * set repo_name arg as optional * Oncall sdk nightly create xsoar instance (#31324) Oncall sdk nightly create xsoar instance #31324 * CIAC-4556/xdr-remote-psexec-lolbin-command-execution-playbook (#29092) * Add playbook and readme files * Add updated files * Add playbook image * Update release notes * Fix validation error * Bump pack from version CortexXDR to 5.1.0. * Bump pack from version CortexXDR to 5.2.0. * Bump pack from version CortexXDR to 5.2.0. * Bump pack from version CortexXDR to 5.2.0. * Add CommandLine verdict to layout * Update according to demo review comments * Bump pack from version CortexXDR to 5.2.0. * Bump pack from version CortexXDR to 5.2.0. * Add field for cmd line verdict * Update layout * Fix review comments * Update from master * Update Packs/CortexXDR/ReleaseNotes/5_2_0.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/ReleaseNotes/5_2_0.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Remote_PsExec_with_LOLBIN_command_execution_alert_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Fix review comments and validations * Apply suggestions from code review Fix docs review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Remote_PsExec_with_LOLBIN_command_execution_alert.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Remote_PsExec_with_LOLBIN_command_execution_alert.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Remote_PsExec_with_LOLBIN_command_execution_alert.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Remote_PsExec_with_LOLBIN_command_execution_alert.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Remote_PsExec_with_LOLBIN_command_execution_alert.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Remote_PsExec_with_LOLBIN_command_execution_alert.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Remote_PsExec_with_LOLBIN_command_execution_alert.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Fix review comments * Remove duplicate task for alert details, update playbook image * Fix skipifunavailable validations and update release notes * Fix review comments * Update release notes * Update release notes * Bump pack from version CortexXDR to 5.2.0. * Fix review comments * Update release notes * Bump pack from version CortexXDR to 5.2.2. * Bump pack from version CortexXDR to 5.2.3. * Fix review comments … * Update MS DNS README (#33053) * Updated README * Update Packs/MicrosoftDNS/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update `demisto/teams` 0-10 coverage rate (#32633) * upgrade images * update RN * Bump pack from version Workday to 1.4.11. --------- Co-authored-by: Content Bot * Updated repo name from the Github Context (#33055) * [EWSO365] Handle corrupt Message-ID header (#32776) * Add handling of Message-ID header coming from attachment.item.headers Add debug logs * Update malformed Message-ID handling to also consider escape characters * Update handle_incorrect_message_id to consider escape characters Update RN; Update docker image * Add UT; Update docker image ref * Update release notes * Replace string.find with regex search * Remove XSUP-32660 debug logs * Add test use cases * Apply suggestions from code review Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * Remove redundant IndexError handling * Update docker image * Update release notes --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * [Native Image] Release py3-native 8.6 (#32977) * Update native image versions Reference for 8.6 will be updated once available * Update native image 8.6 reference * Update native image ref * Apply suggestions from code review Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Remove native:8.4 * Remove trailing comma in json file --------- Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * ServiceNow mirror: fix bug when mirror not started (#33065) * fix + RN * fix * Update Packs/ServiceNow/ReleaseNotes/2_5_55.md Co-authored-by: Dean Arbel --------- Co-authored-by: Dean Arbel * [OpenCTI] Update Documentation (#33071) * Update README.md * Bump version * ignore `RN112` validation error * Prisma Cloud Compute docs update (#32943) * update README * doc review * RN * [Native Image] Update native image tag (#33080) * Update native image tag * Add supported modules * Remove redundant modules * SentinelOne V2 3.2.21 (#33005) (#33057) * Removing the labels and details from incident * Bumped the version * fixed the unit tests * Bumped the docker image * Resolving the RN conflicts --------- Co-authored-by: munna-metron <82433049+munna-metron@users.noreply.github.com> Co-authored-by: merit-maita <49760643+merit-maita@users.noreply.github.com> Co-authored-by: merit-maita * Exclude nightly ok in contribution PRs (#33087) * Exclude nightly ok in contrib PRs * change name * space * more space * [Marketplace Contribution] XSOAR File Management - Content Pack Update (#32961) (#33086) * "contribution update to pack "XSOAR File Management"" * Update Packs/XSOARFileManagement/Integrations/XSOARFileManagement/XSOARFileManagement.py * Update Packs/XSOARFileManagement/ReleaseNotes/1_1_0.md * Update Packs/XSOARFileManagement/ReleaseNotes/1_1_0.md --------- Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: amontminypa <118302525+amontminypa@users.noreply.github.com> Co-authored-by: JudithB <132264628+jbabazadeh@users.noreply.github.com> * Convert file hash to corresponding hash improvement (#33001) * added another method to search for indicators * release notes updated * added length check for hashes * RM update * Update Packs/CommonPlaybooks/ReleaseNotes/2_6_14.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Convert_file_hash_to_corresponding_hashes.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Convert_file_hash_to_corresponding_hashes.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Convert_file_hash_to_corresponding_hashes.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Fix QRadar TPB (#33003) * init * remove hard-coded test * change test order * [Marketplace Contribution] PAN-OS by Palo Alto Networks - Content Pack Update (#31985) (#33088) * "contribution update to pack "PAN-OS by Palo Alto Networks"" * Update Panorama.yml * Update Panorama.py * Update Panorama.yml * Update Panorama_test.py * Update Panorama.yml * Update Panorama.py * pre-commit * Update 2_1_21.md * Update 2_1_21.md * Apply suggestions from code review * rn * rn --------- Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: amkoppad <82898085+amkoppad@users.noreply.github.com> Co-authored-by: MLainer1 Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Fix retrieve the SDK changelog workflow status while loop (#33093) * sleep before retrieve the SDK changelog workflow status * Update create_sdk_pr.py * Update create_sdk_pr.py * Update create_sdk_pr.py * fix infra mypy errors (#33067) * pre-commit: Upload pytest junit artifact (#33033) * JoeSecurityv2 fixed filename and comment (#32819) * fixed filename and comment * Update Packs/JoeSecurity/Integrations/JoeSecurityV2/JoeSecurityV2.py * test * issue fix * Update README.md * Update README.md * fix comment argument * RN * fix * Update JoeSecurityV2.py * fix pre commit * [Microsoft Graph Security] msg-purge-ediscovery-data - update docs (#33054) * test * update * remove from skipped_tests * Update Packs/MicrosoftGraphSecurity/ReleaseNotes/2_2_9.md Co-authored-by: Yuval Cohen <86777474+yucohen@users.noreply.github.com> --------- Co-authored-by: Yuval Cohen <86777474+yucohen@users.noreply.github.com> * demisto-sdk-release 1.27.0 (#33095) * poetry files * added demisto-sdk==1.27.0to pre-commit config --------- Co-authored-by: Content Bot Co-authored-by: Shmuel Kroizer * Add a limit to cs falcon search device command (#32979) * added a limit parameter to search device command * updated release notes * updated docker image * updated the release notes * add BC release ntoes and parameters to endpoint command * docker update * removed the params from the endpoint command * updated the docker image * removed unrelated files * removed unrelated files * Trigger-build * Fixed error runner not found (#33031) * add variables * add to all steps * Upgrade native:candidate to 8.6 (#33094) * Add alert output content as specified in yml file (#120) (#33030) (#33092) * Add alert output content as specified in yml file (#120) * Add alert output content as specified in yml file Also update command outputs in the yml file * Add release notes and update the app's version * Update integration readme * Update Packs/ZeroFox/ReleaseNotes/1_2_8.md --------- Co-authored-by: Felipe Garrido Co-authored-by: merit-maita <49760643+merit-maita@users.noreply.github.com> * Extract indicators from file fix (#33100) * Omri added something * RN added * revert the nightly in gitlab on-push (#33099) * revert the nightly in gitlab on-push * remove when --------- Co-authored-by: Adi Bamberger Edri <72088126+BEAdi@users.noreply.github.com> * BmcITSM work order support added (#33043) (#33102) * work order * description.md * Empty posiible values removed * package-lock updated * package-lock * validation * docker, vresion * comment issue * flake * flake * Update Packs/BmcITSM/Integrations/BmcITSM/BmcITSM.yml * Update Packs/BmcITSM/Integrations/BmcITSM/BmcITSM.yml * Update Packs/BmcITSM/Integrations/BmcITSM/BmcITSM.yml * Update Packs/BmcITSM/Integrations/BmcITSM/BmcITSM.yml * Update Packs/BmcITSM/Integrations/BmcITSM/BmcITSM.yml * Update Packs/BmcITSM/Integrations/BmcITSM/README.md * Update Packs/BmcITSM/Integrations/BmcITSM/README.md * Update Packs/BmcITSM/Integrations/BmcITSM/README.md * Update Packs/BmcITSM/ReleaseNotes/1_0_22.md * Update Packs/BmcITSM/ReleaseNotes/1_0_22.md * Update Packs/BmcITSM/Integrations/BmcITSM/BmcITSM.yml * Update Packs/BmcITSM/Integrations/BmcITSM/BmcITSM.yml * Update Packs/BmcITSM/Integrations/BmcITSM/BmcITSM.yml * Update Packs/BmcITSM/Integrations/BmcITSM/BmcITSM.yml * Update Packs/BmcITSM/Integrations/BmcITSM/README.md * Update Packs/BmcITSM/Integrations/BmcITSM/README.md * Update Packs/BmcITSM/Integrations/BmcITSM/README.md * Update Packs/BmcITSM/Integrations/BmcITSM/README.md * Update Packs/BmcITSM/Integrations/BmcITSM/README.md * Update Packs/BmcITSM/Integrations/BmcITSM/README.md * Palo comments resolved * resolving issues * spaces removed * test fixed --------- Co-authored-by: dberezovik <103488527+dberezovik@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Judah Schwartz * add git add (#33105) * Fix AWSRecreateSG EC2 breaking change bug (#32962) * fixed * remove print * update docker + RN * add BC warning * remove duplicate * fixed unit-tests * newline * Add Teradata to GenericSQL integration (#29352) * works with simple select query * add print for showing the table * revert self.port * Update Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * add support for ldap * add comment * Update Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * add pre_process_result_query function * pre-commit * typing * remove print and use devdocker * extract the code to external method and add UT for testing it * add limit and fix dialect * pre commit * converting b'' and datetime objects to readable ones for Teradata too * add UT for default ports * resolve conflicts * RN * add known_words * RN * revert changes * update UT, use constant * Update docker version * slight improvements * change error message * rename param * rename `is_ldap` to `use_ldap` * fix UT * naming * autopep8, type fix * bump * allow use pool with Teradata * CR * last comment --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * Refactor product parsing rule ms graph (#33049) * Change the product value of in the parsing rule. * Added release note. * Bump pack from version MicrosoftGraphSecurity to 2.2.10. --------- Co-authored-by: Content Bot * Extract indicators hyperlinks (#33073) * initial script * aded docker image * stated tests * save new tests and fixes * save new tests and fixes * white secret; rn * readme * rn * randomness in the test fix * Apply suggestions from code review Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * outputs key field array * new docker image * . --------- Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * taxii2serverperformancetest - add server configuration (#32713) * add lines * fixes * Update configure_and_test_integration_instances.py * Update TAXII2Server.py * update docker * revert changes * EXPANDR-8024: Additional Azure Remediation Bug Fix and Improvements (#33039) (#33112) * update play * RN * Apply suggestions from code review * update input name --------- Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Moshe Galitzky <112559840+moishce@users.noreply.github.com> * fix tpb (#33117) * Raise neo4j memory limit. (#33120) * Deprecate old bmc (#33118) * deprecate * deprecated integration * fix description * fixed rn * Fix/[XSUP-33100]/GitHub/Payload too large (#33045) * CR change user agent and remove data in get request * add ut * add ut * revert * RN * revert * RN * [Marketplace Contribution] Cisco Umbrella cloud security - Content Pack Update (#33070) * [Marketplace Contribution] Cisco Umbrella cloud security - Content Pack Update (#32939) * "contribution update to pack "Cisco Umbrella cloud security"" * Revert description * remove try/except around get_access_token call * removed resp_type and ok_codes arguments passed to _http_request * currentVersion to 2.0.8 Co-authored-by: merit-maita <49760643+merit-maita@users.noreply.github.com> * Update Packs/Cisco-umbrella-cloud-security/ReleaseNotes/2_1_0.md Co-authored-by: merit-maita <49760643+merit-maita@users.noreply.github.com> * Rename 2_1_0.md to 2_0_8.md * add test_get_access_token * Create token.json * Apply suggestions from code review Co-authored-by: merit-maita <49760643+merit-maita@users.noreply.github.com> * provide access_token dict and update docstrings test_get_access_token() - token.json deleted, so provided response dict containing access_token within function updated "When" docstrings of all test functions * revert * Delete Packs/Cisco-umbrella-cloud-security/Integrations/CiscoUmbrellaCloudSecurityv2/test_data/token.json * update currentVersion to 2.0.9 * Create 2_0_9.md --------- Co-authored-by: Randy Baldwin <32545292+randomizerxd@users.noreply.github.com> Co-authored-by: merit-maita <49760643+merit-maita@users.noreply.github.com> * fixed lint errors --------- Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: Randy Baldwin <32545292+randomizerxd@users.noreply.github.com> Co-authored-by: merit-maita <49760643+merit-maita@users.noreply.github.com> Co-authored-by: merit-maita * [EDL] get_indicators_to_format - fix demisto.error (#33123) * update demisto.error * update demisto.error * pre-commit * Splunkpy cache incidents by window (#32857) * Added solution * Added Rns * Updated docker image * Added docstrings * Bump pack from version SplunkPy to 3.1.20. * Added logs and comments --------- Co-authored-by: Content Bot * [AzureLogAnalytics] update docs (#33076) * test * fix README.md * update desc * update docs * update * Update Packs/AzureLogAnalytics/ReleaseNotes/1_1_27.md * cr updates * removing param * Update Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.py Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * cr notes dan * fixing test * cr dan * Update Packs/FeedMISP/ReleaseNotes/1_0_32.md Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> * cr eyal * Update FeedMISP.yml * Update 1_0_32.md --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> Co-authored-by: Shmuel Kroizer <69422117+shmuel44@users.noreply.github.com> Co-authored-by: israelpoli <72099621+israelpoli@users.noreply.github.com> Co-authored-by: Anas Yousef <44998563+anas-yousef@users.noreply.github.com> Co-authored-by: RotemAmit Co-authored-by: content-bot <55035720+content-bot@users.noreply.github.com> Co-authored-by: Brad Chiappetta <38439955+bradchiappetta@users.noreply.github.com> Co-authored-by: ilaner <88267954+ilaner@users.noreply.github.com> Co-authored-by: Israel Lappe <79846863+ilappe@users.noreply.github.com> Co-authored-by: Content Bot Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Wesley Agena Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com> Co-authored-by: Sapir Shuker <49246861+sapirshuker@users.noreply.github.com> Co-authored-by: Jacob Levy <129657918+jlevypaloalto@users.noreply.github.com> Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> Co-authored-by: Yehuda Rosenberg <90599084+RosenbergYehuda@users.noreply.github.com> Co-authored-by: Judah Schwartz Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> Co-authored-by: Menachem Weinfeld <90556466+mmhw@users.noreply.github.com> Co-authored-by: Dean Arbel Co-authored-by: eli sharf <57587340+esharf@users.noreply.github.com> Co-authored-by: eepstain <116078117+eepstain@users.noreply.github.com> Co-authored-by: zdrouse Co-authored-by: adi88d Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: omerKarkKatz <95565843+omerKarkKatz@users.noreply.github.com> Co-authored-by: TalNos <112805149+TalNos@users.noreply.github.com> Co-authored-by: Ben Melamed Co-authored-by: Crest Data Systems <60967033+crestdatasystems@users.noreply.github.com> Co-authored-by: crestdatasystems Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com> Co-authored-by: John <40349459+BigEasyJ@users.noreply.github.com> Co-authored-by: yasta5 <112320333+yasta5@users.noreply.github.com> Co-authored-by: cweltPA <129675344+cweltPA@users.noreply.github.com> Co-authored-by: israelpolishook Co-authored-by: Karina Fishman <147307864+karinafishman@users.noreply.github.com> Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> Co-authored-by: Moshe Galitzky <112559840+moishce@users.noreply.github.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: David Uhrlaub <90627446+rurhrlaub@users.noreply.github.com> Co-authored-by: suraj-metron <87964764+suraj-metron@users.noreply.github.com> Co-authored-by: Jasmine Beilin <71636766+JasBeilin@users.noreply.github.com> Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> Co-authored-by: DinaMeylakh <72339665+DinaMeylakh@users.noreply.github.com> Co-authored-by: William Olyslager Co-authored-by: sapirshuker Co-authored-by: JudithB <132264628+jbabazadeh@users.noreply.github.com> Co-authored-by: merit-maita <49760643+merit-maita@users.noreply.github.com> Co-authored-by: ilan Co-authored-by: Chait A <112722030+capanw@users.noreply.github.com> Co-authored-by: ilappe Co-authored-by: TalGumi <101499620+TalGumi@users.noreply.github.com> Co-authored-by: okarkkatz Co-authored-by: Jas Beilin Co-authored-by: Erez FelmanDar <102903097+efelmandar@users.noreply.github.com> Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com> Co-authored-by: samuelFain <65926551+samuelFain@users.noreply.github.com> Co-authored-by: Martin Ohl Co-authored-by: Koby Meir Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> Co-authored-by: Ido van Dijk <43602124+idovandijk@users.noreply.github.com> Co-authored-by: ArikDay <115150768+ArikDay@users.noreply.github.com> Co-authored-by: Christopher Hultin Co-authored-by: Yuval Cohen <86777474+yucohen@users.noreply.github.com> Co-authored-by: arikday Co-authored-by: NicBunn-PlutoFlume <112942358+NicBunn-PlutoFlume@users.noreply.github.com> Co-authored-by: Chanan Welt Co-authored-by: Vipul Kaneriya <50216620+vipulkaneriya@users.noreply.github.com> Co-authored-by: MLainer1 Co-authored-by: syed-loginsoft <97145640+syed-loginsoft@users.noreply.github.com> Co-authored-by: Danny Fried Co-authored-by: kobymeir Co-authored-by: rundssoar <139948408+rundssoar@users.noreply.github.com> Co-authored-by: jbabazadeh Co-authored-by: lilyus <8960084+PierrickV@users.noreply.github.com> Co-authored-by: DaniSalcedoGFT <153612119+DaniSalcedoGFT@users.noreply.github.com> Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com> Co-authored-by: Darya Koval <72339940+daryakoval@users.noreply.github.com> Co-authored-by: Anar Azadaliyev Co-authored-by: bigeasyj Co-authored-by: Fábio Dias Co-authored-by: sharonfi99 <147984773+sharonfi99@users.noreply.github.com> Co-authored-by: IP2Location Co-authored-by: Liron Michalevich <73780437+lmichalevich@users.noreply.github.com> Co-authored-by: asieberle <121243004+asieberle@users.noreply.github.com> Co-authored-by: shaqnawe Co-authored-by: yaakovpraisler Co-authored-by: Kobbi Gal <85439776+kgal-pan@users.noreply.github.com> Co-authored-by: chloerongier <150173582+chloerongier@users.noreply.github.com> Co-authored-by: Isaiah Eichen Co-authored-by: Dror Avrahami Co-authored-by: ssokolovich Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> Co-authored-by: Joerg Stephan <7138386+johestephan@users.noreply.github.com> Co-authored-by: OmriItzhak <115150792+OmriItzhak@users.noreply.github.com> Co-authored-by: Adi Bamberger Edri <72088126+BEAdi@users.noreply.github.com> Co-authored-by: munna-metron <82433049+munna-metron@users.noreply.github.com> Co-authored-by: merit-maita Co-authored-by: amontminypa <118302525+amontminypa@users.noreply.github.com> Co-authored-by: amkoppad <82898085+amkoppad@users.noreply.github.com> Co-authored-by: Shmuel Kroizer Co-authored-by: Felipe Garrido Co-authored-by: dberezovik <103488527+dberezovik@users.noreply.github.com> Co-authored-by: rshunim <102469772+rshunim@users.noreply.github.com> Co-authored-by: Randy Baldwin <32545292+randomizerxd@users.noreply.github.com> --- .../Integrations/FeedMISP/FeedMISP.py | 35 +++++++++++++------ .../Integrations/FeedMISP/FeedMISP.yml | 2 +- .../Integrations/FeedMISP/FeedMISP_test.py | 25 ++++++------- Packs/FeedMISP/ReleaseNotes/1_0_32.md | 7 ++++ Packs/FeedMISP/pack_metadata.json | 2 +- 5 files changed, 47 insertions(+), 24 deletions(-) create mode 100644 Packs/FeedMISP/ReleaseNotes/1_0_32.md diff --git a/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.py b/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.py index e9ff6a435187..96e0ec7a3816 100644 --- a/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.py +++ b/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.py @@ -113,6 +113,8 @@ 'misp-galaxy:mitre-course-of-action': ThreatIntel.ObjectsNames.COURSE_OF_ACTION, } +LIMIT: int = 2000 + class Client(BaseClient): @@ -210,7 +212,8 @@ def handle_file_type_fields(raw_type: str, indicator_obj: Dict[str, Any]) -> Non indicator_obj['fields'][raw_type.upper()] = hash_value -def build_params_dict(tags: List[str], attribute_type: List[str], limit: int, page: int) -> Dict[str, Any]: +def build_params_dict(tags: List[str], attribute_type: List[str], limit: int, page: int, from_timestamp: str | None = None + ) -> Dict[str, Any]: """ Creates a dictionary in the format required by MISP to be used as a query. Args: @@ -229,20 +232,28 @@ def build_params_dict(tags: List[str], attribute_type: List[str], limit: int, pa 'limit': limit, 'page': page } + if from_timestamp: + params['from'] = from_timestamp return params -def clean_user_query(query: str) -> Dict[str, Any]: +def parsing_user_query(query: str, limit: int, page: int = 1, from_timestamp: str | None = None) -> Dict[str, Any]: """ - Takes the query string created by the user, adds necessary argument and removes unnecessary arguments + Parsing the query string created by the user by adding necessary argument and removing unnecessary arguments Args: query: User's query string Returns: Dict which has only needed arguments to be sent to MISP """ + global LIMIT try: params = json.loads(query) params["returnFormat"] = "json" params.pop("timestamp", None) + if 'page' not in params: + params["page"] = page + params["limit"] = params.get("limit") or LIMIT + if from_timestamp: + params['from'] = from_timestamp except Exception as err: demisto.debug(str(err)) raise DemistoException(f'Could not parse user query. \nError massage: {err}') @@ -472,8 +483,8 @@ def get_attributes_command(client: Client, args: Dict[str, str], params: Dict[st query = args.get('query', None) attribute_type = argToList(args.get('attribute_type', '')) page = arg_to_number(args.get('page')) or 1 - params_dict = clean_user_query(query) if query else build_params_dict(tags=tags, attribute_type=attribute_type, limit=limit, - page=page) + params_dict = parsing_user_query(query, limit, page) if query else build_params_dict(tags=tags, attribute_type=attribute_type, + limit=limit, page=page) response = client.search_query(params_dict) if error_message := response.get('Error'): raise DemistoException(error_message) @@ -512,19 +523,23 @@ def fetch_attributes_command(client: Client, params: Dict[str, str]): feed_tags = argToList(params.get("feedTags", [])) attribute_types = argToList(params.get('attribute_types', '')) query = params.get('query', None) - params_dict = clean_user_query(query) if query else build_params_dict(tags=tags, attribute_type=attribute_types, limit=2000, - page=1) + last_run = demisto.getLastRun().get('timestamp') or "" + params_dict = parsing_user_query(query, LIMIT, from_timestamp=last_run) if query else\ + build_params_dict(tags=tags, attribute_type=attribute_types, limit=LIMIT, page=1, from_timestamp=last_run) search_query_per_page = client.search_query(params_dict) + demisto.debug(f'params_dict: {params_dict}') while len(search_query_per_page.get("response", {}).get("Attribute", [])): demisto.debug(f'search_query_per_page number of attributes:\ - {len(search_query_per_page.get("response", {}).get("Attribute", []))}\ - page: {params_dict["page"]}') + {len(search_query_per_page.get("response", {}).get("Attribute", []))} page: {params_dict["page"]}') indicators = build_indicators(search_query_per_page, attribute_types, tlp_color, params.get('url'), reputation, feed_tags) - demisto.createIndicators(indicators) + for iter_ in batch(indicators, batch_size=2000): + demisto.createIndicators(iter_) params_dict['page'] += 1 + last_run = search_query_per_page['response']['Attribute'][-1]['timestamp'] search_query_per_page = client.search_query(params_dict) if error_message := search_query_per_page.get('Error'): raise DemistoException(f"Error in API call - check the input parameters and the API Key. Error: {error_message}") + demisto.setLastRun({'timestamp': last_run}) def main(): diff --git a/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml b/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml index 75eee6171477..6a7331d06bfe 100644 --- a/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml +++ b/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml @@ -142,7 +142,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.13.86272 + dockerimage: demisto/python3:3.10.13.89009 fromversion: 5.5.0 tests: - MISPfeed Test diff --git a/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP_test.py b/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP_test.py index 3c3592f51b0c..e6d41ad058cc 100644 --- a/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP_test.py +++ b/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP_test.py @@ -3,7 +3,7 @@ import demistomock as demisto from CommonServerPython import DemistoException, ThreatIntel, FeedIndicatorType -from FeedMISP import clean_user_query, build_indicators_iterator, \ +from FeedMISP import parsing_user_query, build_indicators_iterator, \ handle_file_type_fields, get_galaxy_indicator_type, build_indicators_from_galaxies, \ update_indicator_fields, get_ip_type, Client, fetch_attributes_command @@ -90,7 +90,7 @@ def test_handle_file_type_fields_hash_and_filename(): assert indicator_obj['value'] == 'somehashvalue' -def test_clean_user_query_success(): +def test_parsing_user_query_success(): """ Given - A json string query @@ -99,12 +99,12 @@ def test_clean_user_query_success(): Then - create a dict from json string """ - querystr = '{"returnFormat": "json", "type": {"OR": ["ip-src"]}, "tags": {"OR": ["tlp:%"]}}' - params = clean_user_query(querystr) - assert len(params) == 3 + querystr = '{"returnFormat": "json","limit": "3", "type": {"OR": ["ip-src"]}, "tags": {"OR": ["tlp:%"]}}' + params = parsing_user_query(querystr, limit=40000) + assert len(params) == 5 -def test_clean_user_query_bad_query(): +def test_parsing_user_query_bad_query(): """ Given - A json string query @@ -115,10 +115,10 @@ def test_clean_user_query_bad_query(): """ with pytest.raises(DemistoException): querystr = '{"returnFormat": "json", "type": {"OR": ["md5"]}, "tags": {"OR": ["tlp:%"]' - clean_user_query(querystr) + parsing_user_query(querystr, limit=4) -def test_clean_user_query_change_format(): +def test_parsing_user_query_change_format(): """ Given - A json parsed result from qualys @@ -128,11 +128,11 @@ def test_clean_user_query_change_format(): - change return format to json """ querystr = '{"returnFormat": "xml", "type": {"OR": ["md5"]}, "tags": {"OR": ["tlp:%"]}}' - params = clean_user_query(querystr) + params = parsing_user_query(querystr, limit=4) assert params["returnFormat"] == "json" -def test_clean_user_query_remove_timestamp(): +def test_parsing_user_query_remove_timestamp(): """ Given - A json parsed result from qualys @@ -141,9 +141,9 @@ def test_clean_user_query_remove_timestamp(): Then - Return query without the timestamp parameter """ - good_query = '{"returnFormat": "json", "type": {"OR": ["md5"]}, "tags": {"OR": ["tlp:%"]}}' + good_query = '{"returnFormat": "json", "type": {"OR": ["md5"]}, "tags": {"OR": ["tlp:%"]}, "page": 1, "limit": 2000}' querystr = '{"returnFormat": "json", "timestamp": "1617875568", "type": {"OR": ["md5"]}, "tags": {"OR": ["tlp:%"]}}' - params = clean_user_query(querystr) + params = parsing_user_query(querystr, limit=2) assert good_query == json.dumps(params) @@ -317,6 +317,7 @@ def test_search_query_indicators_pagination(mocker): 'type': 'attribute', 'filters': {'category': ['Payload delivery']}, } + mocker.patch("FeedMISP.LIMIT", new=2000) mocker.patch.object(demisto, 'setLastRun') mocker.patch.object(demisto, 'createIndicators') fetch_attributes_command(client, params_dict) diff --git a/Packs/FeedMISP/ReleaseNotes/1_0_32.md b/Packs/FeedMISP/ReleaseNotes/1_0_32.md new file mode 100644 index 000000000000..6e860eaad010 --- /dev/null +++ b/Packs/FeedMISP/ReleaseNotes/1_0_32.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### MISP Feed + +- Fixed an issue where ***fetch-indicators*** retrieves all feed indicators. +- Updated the Docker image to: *demisto/python3:3.10.13.89009*. diff --git a/Packs/FeedMISP/pack_metadata.json b/Packs/FeedMISP/pack_metadata.json index 3b4056d8a51a..6fd9b9652430 100644 --- a/Packs/FeedMISP/pack_metadata.json +++ b/Packs/FeedMISP/pack_metadata.json @@ -2,7 +2,7 @@ "name": "MISP Feed", "description": "Indicators feed from MISP", "support": "xsoar", - "currentVersion": "1.0.31", + "currentVersion": "1.0.32", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",