Add command prisma-cloud-compute-get-file-integrity-events (demisto#29608)

* Add command prisma-cloud-compute-get-file-integrity-events (demisto#29187)

* Add command prisma-cloud-compute-get-file-integrity-events

* Incorporate changes from review comments. Add documentation and unit test.

* Add missing lines to YML file (add description of new command)

* Update docker image

* Incorporate changes from demo

* Update docker image

* fix validation

* fix validation

---------

Co-authored-by: ostolero <[email protected]>
Co-authored-by: ostolero <[email protected]>

* Bump pack from version PrismaCloudCompute to 1.4.10.

* [pre-commit ruff] Align the entire repo with ruff (demisto#29603)

* Fix falls of the ruff hook

* pre-commit

* Fix B003 ruff error

* Fix ruff errors on Utils/update_playbook.py

* remove code to trigger upload on dev branches (demisto#29621)

* [pre-commit pycln] Align the entire repo with pycln (demisto#29611)

* Fix falls of the pycln hook

* pre-commit

* Fix unit test

* Add RN

* Fix validate in GetDomainDNSDetails

* fuff on GetDomainDNSDetails

* ignore mypy error in test_content.py:350

* Fix falls of the autopep8 hook (demisto#29638)

* add marketplaces to metadata (demisto#29629)

* Fixing AWS Project Number in ASM Cloud (demisto#29593) (demisto#29642)

Co-authored-by: Chait A <[email protected]>
Co-authored-by: johnnywilkes <[email protected]>
Co-authored-by: Michael Yochpaz <[email protected]>

* [MS Teams] support reset_graph_auth (demisto#29644)

* fixed

* pre-commit

* update

* Recordedfuture threathunting v2.5.0 (demisto#29641)

* Recordedfuture threathunting v2.5.0 (demisto#29025)

* Add commands related to Automated Threat hunting
recordedfuture-threat-map
recordedfuture-threat-links
recordedfuture-detection-rules

* Add recordedfuture-collective-insight command. Change app version.

* Update README.md. Add release notes

* Add playbook. Add unittests

* Add unittests

* Fix test_collective_insight_command

* Remove incorrect release note

* Add documentation for threat actor search playbook

* update Recorded Future Threat actor search playbook. add release note about new playbook.

* Update release notes, fix formatting

* Format yml files

* Update Recorded future threat actor search playbook

* Update docker image

* Fix linter

---------

Co-authored-by: Michael Yochpaz <[email protected]>

* Minor README fixes

---------

Co-authored-by: Yaroslav Nestor <[email protected]>
Co-authored-by: Michael Yochpaz <[email protected]>

* [ASM] Expander 5777 (demisto#29647)

* [ASM] Expander 5777 (demisto#29619)

* first

* RN

* Bump pack from version CortexAttackSurfaceManagement to 1.6.36.

---------

Co-authored-by: johnnywilkes <[email protected]>
Co-authored-by: Content Bot <[email protected]>

* XDR Malware Enrichment - hotfix for usernames (split) (demisto#29585)

* Updated playbook with hotfix where we split usernames from domains and append them to the username list of usernames for account enrichment

* Added RN

* remove irrelevant test

* Updated RN

* Bump pack from version CortexXDR to 5.1.6.

* Update Packs/CortexXDR/ReleaseNotes/5_1_6.md

Co-authored-by: ShirleyDenkberg <[email protected]>

---------

Co-authored-by: Content Bot <[email protected]>
Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Docker Image To demisto/pyjwt3  (demisto#29656)

* Updated Metadata Of Pack Silverfort

* Added release notes to pack Silverfort

* Packs/Silverfort/Integrations/Silverfort/Silverfort.yml Docker image update

* Update Docker Image To demisto/trustar  (demisto#29660)

* Updated Metadata Of Pack TruSTAR

* Added release notes to pack TruSTAR

* Update Docker Image To demisto/keeper-ksm  (demisto#29661)

* Updated Metadata Of Pack KeeperSecretsManager

* Added release notes to pack KeeperSecretsManager

* Packs/KeeperSecretsManager/Integrations/KeeperSecretsManager/KeeperSecretsManager.yml Docker image update

* Update Docker Image To demisto/py3-tools  (demisto#29654)

* Updated Metadata Of Pack Intezer

* Added release notes to pack Intezer

* Packs/Intezer/Integrations/IntezerV2/IntezerV2.yml Docker image update

* Updated Metadata Of Pack FeedMalwareBazaar

* Added release notes to pack FeedMalwareBazaar

* Packs/FeedMalwareBazaar/Integrations/MalwareBazaarFeed/MalwareBazaarFeed.yml Docker image update

* Updated Metadata Of Pack FeedGCPWhitelist

* Added release notes to pack FeedGCPWhitelist

* Packs/FeedGCPWhitelist/Integrations/FeedGoogleIPRanges/FeedGoogleIPRanges.yml Docker image update

* Updated Metadata Of Pack AccentureCTI_Feed

* Added release notes to pack AccentureCTI_Feed

* Packs/AccentureCTI_Feed/Integrations/ACTIIndicatorFeed/ACTIIndicatorFeed.yml Docker image update

* Fix DS108

---------

Co-authored-by: sberman <[email protected]>

* Update Docker Image To demisto/taxii-server  (demisto#29659)

* Updated Metadata Of Pack CybleThreatIntel

* Added release notes to pack CybleThreatIntel

* Packs/CybleThreatIntel/Integrations/CybleThreatIntel/CybleThreatIntel.yml Docker image update

* Fix DS108

---------

Co-authored-by: sberman <[email protected]>

* Update Docker Image To demisto/datadog-api-client  (demisto#29662)

* Updated Metadata Of Pack DatadogCloudSIEM

* Added release notes to pack DatadogCloudSIEM

* Packs/DatadogCloudSIEM/Integrations/DatadogCloudSIEM/DatadogCloudSIEM.yml Docker image update

* Fix DS108

---------

Co-authored-by: sberman <[email protected]>

* Add reliability parameter to cves and pipl integration (demisto#28703)

* commiting PrismaCloudCompute

* release notes added

* changed couldcompute, CVESearchV2, pipl

* added pack metadata

* fixed pipl readme

* reverting changes in CVESearch since it was deprecated

* removed redundant

* committing pre commit changes

* added known words

* added known words

* fixed lint error

* changed according to review

* updated docker version in PrismaCloudCompute

* changed according to doc review

* Added condition for not receiving new incidents in the test playbook

* updating release notes

* reverting fetch changes

* fixed playbook

* formatted playbook

* new validation, new run

* new validation, new run

* Bump pack from version PrismaCloudCompute to 1.4.10.

* update the docker image

---------

Co-authored-by: Content Bot <[email protected]>

* Proofpoint email security pack: update description (demisto#29651)

* update description

* Updated the schema file.

* Updated the schema file.

---------

Co-authored-by: Yehonatan Asta <[email protected]>

* Jira v2 deprecated (demisto#29649)

* Deprecate to jira v2

* update RN

* update conf.json file

* add task to the Create Jira Issue playbook that check if jira v3 is enable

* add image.png of the playbook

* update the playbook (yml, readme, image) and RN

* Update Docker Image To demisto/python3  (demisto#29652)

* Updated Metadata Of Pack PANOSPolicyOptimizer

* Added release notes to pack PANOSPolicyOptimizer

* Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml Docker image update

* Updated Metadata Of Pack VMwareWorkspaceONEUEM

* Added release notes to pack VMwareWorkspaceONEUEM

* Packs/VMwareWorkspaceONEUEM/Integrations/VMwareWorkspaceONEUEM/VMwareWorkspaceONEUEM.yml Docker image update

* Updated Metadata Of Pack CiscoSMA

* Added release notes to pack CiscoSMA

* Packs/CiscoSMA/Integrations/CiscoSMA/CiscoSMA.yml Docker image update

* Updated Metadata Of Pack FeedThreatConnect

* Added release notes to pack FeedThreatConnect

* Packs/FeedThreatConnect/Integrations/FeedThreatConnect/FeedThreatConnect.yml Docker image update

* Updated Metadata Of Pack BitSight

* Added release notes to pack BitSight

* Packs/BitSight/Integrations/BitSightForSecurityPerformanceManagement/BitSightForSecurityPerformanceManagement.yml Docker image update

* Updated Metadata Of Pack AWS-ILM

* Added release notes to pack AWS-ILM

* Packs/AWS-ILM/Integrations/AWSILM/AWSILM.yml Docker image update

* Updated Metadata Of Pack CiscoWSA

* Added release notes to pack CiscoWSA

* Packs/CiscoWSA/Integrations/CiscoWSAV2/CiscoWSAV2.yml Docker image update

* Updated Metadata Of Pack SysAid

* Added release notes to pack SysAid

* Packs/SysAid/Integrations/SysAid/SysAid.yml Docker image update

* Updated Metadata Of Pack ManageEngine_PAM360

* Added release notes to pack ManageEngine_PAM360

* Packs/ManageEngine_PAM360/Integrations/ManageEnginePAM360/ManageEnginePAM360.yml Docker image update

* Updated Metadata Of Pack CiscoUmbrellaReporting

* Added release notes to pack CiscoUmbrellaReporting

* Packs/CiscoUmbrellaReporting/Integrations/CiscoUmbrellaReporting/CiscoUmbrellaReporting.yml Docker image update

* Fix DS108

---------

Co-authored-by: sberman <[email protected]>

* XSUP-27717/FortiSIEM (demisto#29458)

* add tests

* add RN,fix,logs

* Update 2_0_21.md

* add period

* add a name to incident

* fixes CR

* update docker image

* delete logs

* CR fixes

* Update 2_0_21.md

* Update FortiSIEMV2.py

* reverting the Docker image (demisto#29607)

* reverting the Docker image

* Update Packs/cyberark_AIM/ReleaseNotes/1_0_14.md

---------

Co-authored-by: Dan Tavori <[email protected]>

* [Marketplace Contribution] Roksit DNS Security Integration - Sarp (demisto#29663)

* [Marketplace Contribution] Roksit DNS Security Integration - Sarp (demisto#29314)

* "pack contribution initial commit"

* Update RoksitDNSSecurityIntegrationSarp.py

* Update RoksitDNSSecurityIntegrationSarp.py

* Yehuda's version

* test module

* readme

* new logo

* Update RoksitDNSSecurityIntegrationSarp.yml

* Apply suggestions from code review

* Update RoksitDNSSecurityIntegrationSarp_description.md

* Update pack_metadata.json

* Update README.md

* Update pack_metadata.json

* Update pack_metadata.json

* Update Packs/RoksitDNSSecurityIntegration-Sarp/pack_metadata.json

* fixes

* change name

* folder name

* file names

* version

* rename sub folder

* remove (DNSSense) from the integration name

* rename folder

* docker

* replace image

* fix image name

---------

Co-authored-by: asimsarpkurt <[email protected]>
Co-authored-by: Yehuda <[email protected]>
Co-authored-by: Yehuda Rosenberg <[email protected]>

* rename image

---------

Co-authored-by: xsoar-bot <[email protected]>
Co-authored-by: asimsarpkurt <[email protected]>
Co-authored-by: Yehuda <[email protected]>
Co-authored-by: Yehuda Rosenberg <[email protected]>

* add unstuck fetch stream command (demisto#29646)

* add unstuck fetch stream command

* added RN

* fixes

* add note

* cr fixes

* fix conflicts

* reverts

* [pre-commit pycln] Align the entire repo with pycln demisto#4 (demisto#29665)

* Fix pycln errors

* Update the docker images

* Run demisto-sdk pre-commit

* Remove unnecessary recommendations from extensions.json (demisto#29605)

* update extensions.json

* Update devcontainer.json

* Update recommendations list

* Zscaler-FW-Logs (demisto#29094)

* Zscaler FW Logs Modeling Rules

* Zscaler FW logs Modeling Rules

* Updated README

* Updated ZscalerModelingRule_1_3

* Changed cs5 field name to cat

* Apply suggestions from code review

Co-authored-by: ShirleyDenkberg <[email protected]>

* Updated README

* Updated ModelingRules and Schema

* Updated ModelingRules and schema

* Updated ModelingRules

* Updated ModelingRules

---------

Co-authored-by: Eido Epstain <[email protected]>
Co-authored-by: ShirleyDenkberg <[email protected]>

* PANOS - EXPANDR-5744 (demisto#29223) (demisto#29686)

* playbook updates

* RN, Readme, screenshot

* Apply suggestions from code review



* update RN

* bump ver

* more descriptive task

* bump ver

---------

Co-authored-by: johnnywilkes <[email protected]>
Co-authored-by: ShirleyDenkberg <[email protected]>

* Audit alert fields fix (demisto#29685)

* Add associated types to systemAssociatedTypes

* Add associated types to systemAssociatedTypes

* fix incident field structure

* RN

* Workday documentation fix (demisto#29681)

* readme

* readme

* rn

* rn

* [Marketplace Contribution] Active Directory Query - Content Pack Update (demisto#28633)

* [Marketplace Contribution] Active Directory Query - Content Pack Update (demisto#27822)

* "contribution update to pack "Active Directory Query""

* revert changes

* rl

* remove files

* removed from rl

* Update pack_metadata.json

* Create 1_6_19.md

* Update 1_6_18.md

* Update 1_6_19.md

* Delete 1_6_19.md

* Update 1_6_18.md

* Update pack_metadata.json

* Update Active_Directory_Query.yml

removed duplicate section and type

* pass SERVER_IP as argument to test_credentials function

* Create 1_7_0.md

* Update pack_metadata.json

* Update README.md with ad-test-credentials info

* Update Active_Directory_Query.yml

* removed duplicate `type: 8` from ntlm

* removed duplicate types from integration settings

* removed duplicate description from ad-enable-account

* Update Active_Directory_Query.yml

* Update Active_Directory_Query.yml

* Update Active_Directory_Query.yml

* removing not relevant  release note

* adding function

* update fucntion

* cr note

* adding NTLM_AUTH option

* Update Active_Directory_Query.py

* Update Packs/Active_Directory_Query/Integrations/Active_Directory_Query/Active_Directory_Query.py

Co-authored-by: dorschw <[email protected]>

* cr notes

* update after merging from master

* reverting a change in olr rl

* added test_test_credentials unit test function

* fix unit test

* fixing unit tests

* fix unit test

* fixed lint errors

* Update Active_Directory_Query_test.py

* empty commit

* fix yml and docker file

* revert changes in send email manager

* fix yml

* fix

* fix validation error

* fixing in129

---------

Co-authored-by: maimorag <[email protected]>
Co-authored-by: Randy Baldwin <[email protected]>
Co-authored-by: Mai Morag <[email protected]>
Co-authored-by: dorschw <[email protected]>

* cr notes

* Bump pack from version Active_Directory_Query to 1.6.21.

* fix yml changes

* cr notes

* lint fixes

* fix test

* docker update

* Update Packs/Active_Directory_Query/Integrations/Active_Directory_Query/README.md

Co-authored-by: dorschw <[email protected]>

* fix delete required

* Apply suggestions from code review

* fix test

* docker update

* rl

* empty commit

* docker update

* empty commit

* empty commit

* merge from master

* empty commit check

* revert changes

* Delete Packs/cyberark_AIM/Integrations/CyberArkAIM_v2/integration-CyberArkAIM_v2.yml

* docker downgrade

* rl

* trying  new docker image

* validate errors fix

* revert docker version

* [DS108] - Description must end with a period (".") - fix

* empty commit check

* empty commit check

---------

Co-authored-by: xsoar-bot <[email protected]>
Co-authored-by: maimorag <[email protected]>
Co-authored-by: Randy Baldwin <[email protected]>
Co-authored-by: Mai Morag <[email protected]>
Co-authored-by: dorschw <[email protected]>
Co-authored-by: Content Bot <[email protected]>

* Big query bug xsup 28132 (demisto#29680)

* bug fix

* rn

* rn

* Apply suggestions from code review

Co-authored-by: Dan Tavori <[email protected]>

* format

* pre commit

---------

Co-authored-by: Dan Tavori <[email protected]>

* New Prisma Cloud v2 commands (demisto#29323)

* resource list command

* limit results

* user roles list command

* pre commit

* users list command

* edit remediation commands

* UTs

* update README

* update RN

* pre commit fixes

* edit test playbook

* CR changes

* Demo changes -
remediate 406 raises error
new args for resource_list & user_roles

* fix test

* Apply suggestions from doc review

Co-authored-by: ShirleyDenkberg <[email protected]>

* fix test playbook

* Tomer's changes

---------

Co-authored-by: ShirleyDenkberg <[email protected]>

* Prisma Cloud Update (demisto#29666)

* Updated ModelingRules

* Updated ReleaseNotes

* Updated ReleaseNotes

* Updated ModelingRules

* Updated ModelingRules

* Updated ModelingRules

* Bump pack from version PrismaCloud to 4.2.4.

---------

Co-authored-by: Content Bot <[email protected]>

* Rapid7 appsec (demisto#29134) (demisto#29687)

* Revert "Add space to  conf"

This reverts commit 3a74b93.

* Updated the packs category to *Authentication & Identity Management*  (part 2) (demisto#24876)

* Update Docker Image To demisto/fastapi  (demisto#24923)

* Updated Metadata Of Pack CyberArkIdentity

* Added release notes to pack CyberArkIdentity

* Packs/CyberArkIdentity/Integrations/CyberArkIdentityEventCollector/CyberArkIdentityEventCollector.yml Docker image update

* Update Docker Image To demisto/lxml  (demisto#24924)

* Updated Metadata Of Pack TaniumThreatResponse

* Added release notes to pack TaniumThreatResponse

* Packs/TaniumThreatResponse/Integrations/TaniumThreatResponseV2/TaniumThreatResponseV2.yml Docker image update

* Update Docker Image To demisto/crypto  (demisto#24922)

* Updated Metadata Of Pack X509Certificate

* Added release notes to pack X509Certificate

* Packs/X509Certificate/Scripts/CertificateExtract/CertificateExtract.yml Docker image update

* Update Docker Image To demisto/python3  (demisto#24921)

* Updated Metadata Of Pack Cybereason

* Added release notes to pack Cybereason

* Packs/Cybereason/Integrations/Cybereason/Cybereason.yml Docker image update

* Updated Metadata Of Pack DNSDB

* Added release notes to pack DNSDB

* Packs/DNSDB/Integrations/DNSDB_v2/DNSDB_v2.yml Docker image update

* Updated Metadata Of Pack DeepInstinct

* Added release notes to pack DeepInstinct

* Packs/DeepInstinct/Integrations/DeepInstinct3x/DeepInstinct3x.yml Docker image update

* Updated Metadata Of Pack FeedCyrenThreatInDepth

* Added release notes to pack FeedCyrenThreatInDepth

* Packs/FeedCyrenThreatInDepth/Integrations/CyrenThreatInDepth/CyrenThreatInDepth.yml Docker image update

* Updated Metadata Of Pack IronDefense

* Added release notes to pack IronDefense

* Packs/IronDefense/Integrations/IronDefense/IronDefense.yml Docker image update

* Updated Metadata Of Pack Qintel

* Added release notes to pack Qintel

* Packs/Qintel/Integrations/QintelPMI/QintelPMI.yml Docker image update

* Packs/Qintel/Integrations/QintelQSentry/QintelQSentry.yml Docker image update

* Packs/Qintel/Integrations/QintelQWatch/QintelQWatch.yml Docker image update

* Updated Metadata Of Pack QualysFIM

* Added release notes to pack QualysFIM

* Packs/QualysFIM/Integrations/QualysFIM/QualysFIM.yml Docker image update

* Updated Metadata Of Pack QutteraWebsiteMalwareScanner

* Added release notes to pack QutteraWebsiteMalwareScanner

* Packs/QutteraWebsiteMalwareScanner/Integrations/QutteraWebsiteMalwareScanner/QutteraWebsiteMalwareScanner.yml Docker image update

* Fixed mypy + validation

---------



* NGINXApiModule: fix logging typo (demisto#24878)

* fix logging typo

* bump dependent packs

---------



* Downgrade docker to fix banner issue (demisto#24905)

* Downgrade docker to fix banner issue

* Fix docs

* Add UT to prevent Docker bump

* Fix yml validation

* Adding vulnerability commands

* Fixing pagination page index

* Updating PR comments and Scan commands

* Updating ID in test data.

* Updating integration

* Updating integration

* Updating fromversion

* Updating linters

* Updating linters

* Updating git pre-commit

* Updating docstring

* Updating the handling of request when limit

* Removing get_pagination_params

* Updating integration

* Updating git-pre commit

* Updating integration

* Updating integration

* Updating unit test

* Updating docker image

* Updating integration

* Updating README version.

* Updating secrets

* Updating integration

* Updating integration

* Updating integration

* Updating docstrings

* Updating doc-review comments.

* Updating doc-review comments.

* Updating description

---------

Co-authored-by: ‪Ron Hadad‬‏ <[email protected]>
Co-authored-by: TalGumi <[email protected]>
Co-authored-by: Mai Morag <[email protected]>
Co-authored-by: sberman <[email protected]>
Co-authored-by: Guy Lichtman <[email protected]>
Co-authored-by: glicht <[email protected]>
Co-authored-by: Andrew Shamah <[email protected]>

* Panos add param (demisto#29672)

* added param job_polling_max_num_attempts

* Added rn

* Added missing param type
Fixed unit tests

* added to readme

* fixed readme

* Update Packs/PAN-OS/Integrations/Panorama/Panorama.yml

Co-authored-by: Guy Afik <[email protected]>

* fixed text and namings

* Bump pack from version PAN-OS to 2.1.8.

---------

Co-authored-by: Guy Afik <[email protected]>
Co-authored-by: Content Bot <[email protected]>

* Fix proxy usage (demisto#85) (demisto#29630)

* Fix proxy usage (demisto#85) (demisto#29181)

* Fix proxy usage (demisto#85)

* Fix proxy usage in ZF client

* Fix variable USE_SSL to verify requests

* Remove proxy object from client

Given that the proxy works by default with env vars, the proxy object
is not necessary

* Update version and add release notes

* Fix call to modified alerts (demisto#86)

* Fix call to modified alerts

* Update docker image

* Fix tests associated with get modified data

* change rn

* fix validation

---------

Co-authored-by: Felipe Garrido <[email protected]>
Co-authored-by: ostolero <[email protected]>
Co-authored-by: ostolero <[email protected]>

* Missing dependencies when installing packs (demisto#28989)

* search and install packs


---------

Co-authored-by: kobymeir <[email protected]>

* Deprecate Picus Community (demisto#29573)

* Merge branch 'master' into github_workflow_partner

# Conflicts:
#	Utils/github_workflow_scripts/utils.py

* Merge branch 'master' into github_workflow_partner

# Conflicts:
#	Utils/github_workflow_scripts/utils.py

* Picus NG display name

* Picus update

* Picus update

* Picus update

* Picus update

* Picus update

* Picus update

* Picus update

* Picus update

---------

Co-authored-by: RotemAmit <[email protected]>

* [ASM] - Expander - GCP Hierarchy field - 4376 (demisto#29696) (demisto#29704)

* Add assethierarchy field to GCP ASM playbook

* Add release notes

* Update field json

Co-authored-by: John <[email protected]>

* fix merge

* update rn

* remove access code

* fix conflicts

* update docker

* fix validation

---------

Co-authored-by: Ali Sawyer <[email protected]>
Co-authored-by: ostolero <[email protected]>
Co-authored-by: ostolero <[email protected]>
Co-authored-by: Content Bot <[email protected]>
Co-authored-by: Menachem Weinfeld <[email protected]>
Co-authored-by: omerKarkKatz <[email protected]>
Co-authored-by: Yaakov Praisler <[email protected]>
Co-authored-by: Chait A <[email protected]>
Co-authored-by: johnnywilkes <[email protected]>
Co-authored-by: Michael Yochpaz <[email protected]>
Co-authored-by: michal-dagan <[email protected]>
Co-authored-by: Yaroslav Nestor <[email protected]>
Co-authored-by: Ido van Dijk <[email protected]>
Co-authored-by: ShirleyDenkberg <[email protected]>
Co-authored-by: sberman <[email protected]>
Co-authored-by: DinaMeylakh <[email protected]>
Co-authored-by: ilaner <[email protected]>
Co-authored-by: Yehonatan Asta <[email protected]>
Co-authored-by: israelpoli <[email protected]>
Co-authored-by: sapir shuker <[email protected]>
Co-authored-by: Mai Morag <[email protected]>
Co-authored-by: Dan Tavori <[email protected]>
Co-authored-by: xsoar-bot <[email protected]>
Co-authored-by: asimsarpkurt <[email protected]>
Co-authored-by: Yehuda <[email protected]>
Co-authored-by: Yehuda Rosenberg <[email protected]>
Co-authored-by: Yuval Hayun <[email protected]>
Co-authored-by: samuelFain <[email protected]>
Co-authored-by: nkanon <[email protected]>
Co-authored-by: Eido Epstain <[email protected]>
Co-authored-by: Tomer Haimof <[email protected]>
Co-authored-by: EyalPintzov <[email protected]>
Co-authored-by: maimorag <[email protected]>
Co-authored-by: Randy Baldwin <[email protected]>
Co-authored-by: dorschw <[email protected]>
Co-authored-by: Adi Bamberger Edri <[email protected]>
Co-authored-by: eepstain <[email protected]>
Co-authored-by: ‪Ron Hadad‬‏ <[email protected]>
Co-authored-by: TalGumi <[email protected]>
Co-authored-by: Guy Lichtman <[email protected]>
Co-authored-by: glicht <[email protected]>
Co-authored-by: Andrew Shamah <[email protected]>
Co-authored-by: Shahaf Ben Yakir <[email protected]>
Co-authored-by: Guy Afik <[email protected]>
Co-authored-by: Felipe Garrido <[email protected]>
Co-authored-by: Koby Meir <[email protected]>
Co-authored-by: kobymeir <[email protected]>
Co-authored-by: Edi Katsenelson <[email protected]>
Co-authored-by: RotemAmit <[email protected]>
Co-authored-by: John <[email protected]>

Author: 46 people

Packs/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute.py

@@ -419,6 +419,32 @@ def get_logs_defender_download_request(self, hostname, lines):
         headers = self._headers
         return self._http_request('get', 'logs/defender/download', params=params, headers=headers, resp_type="content")
 
+    def get_file_integrity_events(self, limit, sort, hostname=None, event_id=None, from_date=None,
+                                  to_date=None, search_term=None):
+        """
+        Get runtime file integrity audit events
+
+        Args:
+            hostname (str): The hostname for which to get runtime file integrity events
+
+        Returns:
+            HTTP response
+        """
+        endpoint = "audits/runtime/file-integrity"
+
+        headers = self._headers
+        params = {
+            "hostname": hostname,
+            "id": event_id,
+            "limit": limit,
+            "from": from_date,
+            "to": to_date,
+            "search": search_term,
+            "sort": "time",
+            "reverse": sort == "desc"
+        }
+        return self._http_request('get', endpoint, params=params, headers=headers)
+
 
 def format_context(context):
     """
@@ -1967,6 +1993,42 @@ def get_logs_defender_download_command(client: PrismaCloudComputeClient, args: d
     return fileResult(f"{hostname}-logs.tar.gz", response, entryTypes["entryInfoFile"])
 
 
+def get_file_integrity_events_command(client: PrismaCloudComputeClient, args: dict):
+    """
+    Get runtime file integrity audit events for the given hostname
+
+    Args:
+        client (PrismaCloudComputeClient): prisma-cloud-compute client.
+        args (dict): prisma-cloud-compute-get-file-integrity-events command arguments
+
+    Returns:
+        HTTP Response object
+    """
+    hostname = args.get('hostname')
+    event_id = args.get('event_id')
+    limit = args.get('limit')
+    from_date = args.get('from_date')
+    to_date = args.get('to_date')
+    search_term = args.get('search_term')
+    sort = args.get('sort')
+
+    response = client.get_file_integrity_events(
+        limit, sort, hostname=hostname, event_id=event_id,
+        from_date=from_date, to_date=to_date, search_term=search_term
+    )
+    if not response:
+        readable_output = "No results for the given search."
+    else:
+        readable_output = None
+    return CommandResults(
+        outputs_prefix='PrismaCloudCompute.FileIntegrity',
+        outputs_key_field='_id',
+        outputs=format_context(response),
+        raw_response=response,
+        readable_output=readable_output
+    )
+
+
 def unstuck_fetch_stream_command():
     """
     Adds a field to ensure that is_command_is_fetch will recognize the next fetch incidents run as fetch.
@@ -2100,6 +2162,8 @@ def main():
             return_results(results=get_logs_defender_download_command(client=client, args=demisto.args()))
         elif requested_command == "prisma-cloud-compute-unstuck-fetch-stream":
             return_results(unstuck_fetch_stream_command())
+        elif requested_command == "prisma-cloud-compute-get-file-integrity-events":
+            return_results(results=get_file_integrity_events_command(client=client, args=demisto.args()))
     # Log exceptions
     except Exception as e:
         return_error(f'Failed to execute {requested_command} command. Error: {str(e)}')

Packs/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute.yml

@@ -74,7 +74,7 @@ description: Use the Prisma Cloud Compute integration to fetch incidents from yo
 display: Palo Alto Networks - Prisma Cloud Compute
 name: PaloAltoNetworks_PrismaCloudCompute
 script:
-  dockerimage: demisto/python3:3.10.13.73190
+  dockerimage: demisto/python3:3.10.13.74666
   isfetch: true
   runonce: false
   script: "-"
@@ -1960,6 +1960,71 @@ script:
     - contextPath: PrismaCloudCompute.Backups.Time
       description: The time of the backup.
       type: Date
+  - description: Get runtime file integrity audit events.
+    name: prisma-cloud-compute-get-file-integrity-events
+    arguments:
+    - name: hostname
+      description: Hostname for which to get runtime file integrity audit events. Either event_id or hostname is required.
+    - name: event_id
+      description: Event ID of runtime file integrity audit event for which to get details. Either event_id or hostname is required.
+    - name: limit
+      description: Limit on number of events to return. Only relevant if filtering by hostname.
+      defaultValue: "10"
+    - description: 'Minimum timestamp for event search. Format: YYYY-mm-ddTHH:MM:SSZ.'
+      name: from_date
+    - description: 'Maximum timestamp for event search. Format: YYYY-mm-ddTHH:MM:SSZ.'
+      name: to_date
+    - description: Search term to search events for.
+      name: search_term
+    - auto: PREDEFINED
+      defaultValue: desc
+      description: Whether to sort by ascending or descending time.
+      name: sort
+      predefined:
+      - asc
+      - desc
+    outputs:
+    - contextPath: PrismaCloudCompute.FileIntegrity.Path
+      description: The absolute path of the event.
+      type: string
+    - contextPath: PrismaCloudCompute.FileIntegrity.RuleName
+      description: The name of the applied rule for auditing file integrity rules.
+      type: string
+    - contextPath: PrismaCloudCompute.FileIntegrity.AccountID
+      description: The cloud account ID.
+      type: string
+    - contextPath: PrismaCloudCompute.FileIntegrity.User
+      description: The user that initiated the event.
+      type: string
+    - contextPath: PrismaCloudCompute.FileIntegrity.Time
+      description: The time of the event.
+      type: date
+    - contextPath: PrismaCloudCompute.FileIntegrity.Hostname
+      description: The hostname on which the event was found.
+      type: string
+    - contextPath: PrismaCloudCompute.FileIntegrity.EventType
+      description: 'Represents the type of the file integrity event. Possible values: [metadata,read,write].'
+      type: string
+    - contextPath: PrismaCloudCompute.FileIntegrity.Collections
+      description: Collections to which this event applies.
+    - contextPath: PrismaCloudCompute.FileIntegrity.Fqdn
+      description: The current fully qualified domain name used in audit alerts.
+      type: string
+    - contextPath: PrismaCloudCompute.FileIntegrity.FileType
+      description: Represents the file type.
+      type: number
+    - contextPath: PrismaCloudCompute.FileIntegrity.ProcessName
+      description: The name of the process that initiated the event.
+      type: string
+    - contextPath: PrismaCloudCompute.FileIntegrity.Cluster
+      description: The cluster on which the event was found.
+      type: string
+    - contextPath: PrismaCloudCompute.FileIntegrity._Id
+      description: The activity's unique identifier.
+      type: string
+    - contextPath: PrismaCloudCompute.FileIntegrity.Description
+      description: A human readable description of the action performed on the path.
+      type: string
   - description: Use this command to unstuck the fetch stream in case it's getting duplicated incidents.
     name: prisma-cloud-compute-unstuck-fetch-stream
 tests:

Packs/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute_description.md

@@ -11,3 +11,7 @@ This integration provides the ability to import **Palo Alto Networks - Prisma Cl
 5. On the right, select the alert triggers. Alert triggers specify which alerts are sent to Cortex XSOAR.
 6. Click **Save** to save the alert profile.
 7. Make sure you configure the user role to be at least `auditor`, otherwise you will not be able to fetch the alerts.
+
+
+---
+[View Integration Documentation](https://xsoar.pan.dev/docs/reference/integrations/palo-alto-networks-prisma-cloud-compute)

Packs/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute_test.py

@@ -1559,6 +1559,30 @@ def test_get_logs_defender_download_command(requests_mock):
     assert r["File"] == f"{args.get('hostname')}-logs.tar.gz"
 
 
+def test_get_file_integrity_events_command(requests_mock):
+    """
+    Given:
+        - An app client object
+        - Relevant arguments
+    When:
+        - Calling 'prisma-cloud-compute-get-file-integrity-events' command
+    Then:
+        - Ensure the file integrity events output equals the raw_response object which is mocked
+    """
+    from PaloAltoNetworks_PrismaCloudCompute import get_file_integrity_events_command, PrismaCloudComputeClient
+    with open("test_data/file_integrity_events.json") as f:
+        d = json.load(f)
+
+    requests_mock.get(url=BASE_URL + '/audits/runtime/file-integrity', json=d)
+    client = PrismaCloudComputeClient(base_url=BASE_URL, verify='False', project='', auth=('test', 'test'))
+    args = {
+        "hostname": "test123",
+        "limit": 3
+    }
+
+    assert get_file_integrity_events_command(client, args).raw_response == d
+
+
 EXAMPLE_CVES = [
     {
         "cve": "cve1",