demisto/python3:3.11.10.116439, demisto/boto3py3:1.0.0.116921, demist… (demisto#37285)

* demisto/python3:3.11.10.116439, demisto/boto3py3:1.0.0.116921, demisto/auth-utils:1.0.0.116930 | 0-100 | PR batch #1/1

* update to UTC + docker native image

* remove import timezone

* update release notes

Author: inbalapt1

Packs/AWS-SecurityHub/Integrations/AWS_SecurityHub/AWS_SecurityHub.py

@@ -3,7 +3,7 @@
 import boto3
 
 import urllib3.util
-from datetime import timezone
+from datetime import UTC
 from dateparser import parse
 
 # Disable insecure warnings
@@ -815,7 +815,7 @@ def fetch_incidents(client, aws_sh_severity, archive_findings, additional_filter
         date_from = parse(f'{first_fetch_timestamp} UTC')
         last_run = date_from.isoformat()  # type: ignore
 
-    now = datetime.now(timezone.utc)
+    now = datetime.now(UTC)
 
     filters = {
         'CreatedAt': [{

Packs/AWS-SecurityHub/Integrations/AWS_SecurityHub/AWS_SecurityHub.yml

@@ -2077,7 +2077,7 @@ script:
       description: The UTC timestamp in seconds since the last update. The incident is only updated if it was modified after the last update time.
   - name: get-mapping-fields
     description: Returns the list of fields to map in outgoing mirroring. This command is only used for debugging purposes.
-  dockerimage: demisto/boto3py3:1.0.0.100468
+  dockerimage: demisto/boto3py3:1.0.0.116921
   isfetch: true
   ismappable: true
   isremotesyncin: true

Packs/AWS-SecurityHub/ReleaseNotes/1_3_38.md

@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### AWS - Security Hub
+
+
+- Updated the Docker image to: *demisto/boto3py3:1.0.0.116921*.

Packs/AWS-SecurityHub/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "AWS - Security Hub",
     "description": "Amazon Web Services Security Hub Service.",
     "support": "xsoar",
-    "currentVersion": "1.3.37",
+    "currentVersion": "1.3.38",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/Akamai_SIEM/Integrations/Akamai_SIEM/Akamai_SIEM.yml

@@ -220,7 +220,7 @@ script:
     - contextPath: IP.Geo.Country
       description: The country in which the IP address is located.
       type: String
-  dockerimage: demisto/auth-utils:1.0.0.116752
+  dockerimage: demisto/auth-utils:1.0.0.116930
   isfetch: true
   isfetch:marketplacev2: false
   isfetchevents: true

Packs/Akamai_SIEM/ReleaseNotes/1_1_8.md

@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### Akamai WAF SIEM
+
+
+- Updated the Docker image to: *demisto/auth-utils:1.0.0.116930*.

Packs/Akamai_SIEM/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Akamai WAF SIEM",
     "description": "Use the Akamai WAF SIEM integration to retrieve security events from Akamai Web Application Firewall (WAF) service.",
     "support": "xsoar",
-    "currentVersion": "1.1.7",
+    "currentVersion": "1.1.8",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/Box/Integrations/BoxV2/BoxV2.py

@@ -11,7 +11,7 @@
 import jwt
 import re
 from distutils.util import strtobool
-from datetime import timezone
+from datetime import UTC
 from typing import Any, Dict, Tuple, List, Optional, BinaryIO
 from requests.models import Response
 from hashlib import sha1
@@ -1935,7 +1935,7 @@ def test_module(client: Client, params: dict, first_fetch_time: int) -> str:
         if not params.get('as_user'):
             raise DemistoException("In order to use fetch, a User ID for Fetching Incidents is "
                                    "required.")
-        created_after = datetime.fromtimestamp(first_fetch_time, tz=timezone.utc).strftime(
+        created_after = datetime.fromtimestamp(first_fetch_time, tz=UTC).strftime(
             DATE_FORMAT)
         response = client.list_events(
             as_user=params.get('as_user'),  # type:ignore
@@ -1965,12 +1965,12 @@ def fetch_incidents(client: Client, max_results: int, last_run: dict, first_fetc
     created_after = last_run.get('time', None)
     incidents = []
     if not created_after:
-        created_after = datetime.fromtimestamp(first_fetch_time, tz=timezone.utc).strftime(
+        created_after = datetime.fromtimestamp(first_fetch_time, tz=UTC).strftime(
             DATE_FORMAT)
     results = client.list_events(stream_type='admin_logs', as_user=as_user, limit=max_results,
                                  created_after=created_after)
     raw_incidents = results.get('entries', [])
-    next_run = datetime.now(tz=timezone.utc).strftime(DATE_FORMAT)
+    next_run = datetime.now(tz=UTC).strftime(DATE_FORMAT)
     for raw_incident in raw_incidents:
         event = Event(raw_input=raw_incident)
         xsoar_incident = event.format_incident()

Packs/Box/Integrations/BoxV2/BoxV2.yml

@@ -2496,7 +2496,7 @@ script:
     - contextPath: Box.Folder.item_status
       description: The status of the parent of the item.
       type: String
-  dockerimage: demisto/auth-utils:1.0.0.91447
+  dockerimage: demisto/auth-utils:1.0.0.116930
   isfetch: true
   runonce: false
   script: '-'

Packs/Box/ReleaseNotes/3_2_5.md

@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### Box v2
+
+
+- Updated the Docker image to: *demisto/auth-utils:1.0.0.116930*.

Packs/Box/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Box",
     "description": "Manage Box users",
     "support": "xsoar",
-    "currentVersion": "3.2.4",
+    "currentVersion": "3.2.5",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/CrowdStrikeIntel/Integrations/CrowdStrikeFalconIntel_v2/CrowdStrikeFalconIntel_v2.py

@@ -1,7 +1,7 @@
 import demistomock as demisto
 from CommonServerPython import *
 from CommonServerUserPython import *
-from datetime import datetime, timezone
+from datetime import datetime, UTC
 from typing import Any
 from dateparser import parse
 
@@ -74,7 +74,7 @@ def build_filter_query(self, args: dict[str, str]) -> str:
                     parsed_date = parse(args[key])
                     assert parsed_date is not None
                     filter_query += f"{api_key}:" \
-                                    f"{operator}{int(parsed_date.replace(tzinfo=timezone.utc).timestamp())}+"
+                                    f"{operator}{int(parsed_date.replace(tzinfo=UTC).timestamp())}+"
 
         if filter_query.endswith('+'):
             filter_query = filter_query[:-1]
@@ -324,9 +324,9 @@ def get_indicator_outputs(resource: dict[str, Any]) -> dict[str, Any]:
             'ID': indicator_id,
             'Type': indicator_type,
             'Value': indicator_value,
-            'LastUpdate': datetime.fromtimestamp(last_update, timezone.utc).isoformat() if last_update
+            'LastUpdate': datetime.fromtimestamp(last_update, UTC).isoformat() if last_update
             else None,
-            'PublishDate': datetime.fromtimestamp(publish_date, timezone.utc).isoformat() if publish_date
+            'PublishDate': datetime.fromtimestamp(publish_date, UTC).isoformat() if publish_date
             else None,
             'MaliciousConfidence': malicious_confidence,
             'Reports': reports,
@@ -424,9 +424,9 @@ def cs_actors_command(client: Client, args: dict[str, str]) -> CommandResults:
                 'Slug': slug,
                 'ShortDescription': short_description,
                 'Description': description,
-                'FirstActivityDate': datetime.fromtimestamp(first_activity_date, timezone.utc).isoformat()
+                'FirstActivityDate': datetime.fromtimestamp(first_activity_date, UTC).isoformat()
                 if first_activity_date else None,
-                'LastActivityDate': datetime.fromtimestamp(last_activity_date, timezone.utc).isoformat()
+                'LastActivityDate': datetime.fromtimestamp(last_activity_date, UTC).isoformat()
                 if last_activity_date else None,
                 'Active': active,
                 'KnownAs': known_as,
@@ -539,9 +539,9 @@ def cs_reports_command(client: Client, args: dict[str, str]) -> CommandResults:
                 'Type': report_type,
                 'SubType': sub_type,
                 'Slug': slug,
-                'CreatedDate': datetime.fromtimestamp(created_date, timezone.utc).isoformat()
+                'CreatedDate': datetime.fromtimestamp(created_date, UTC).isoformat()
                 if created_date else None,
-                'LastModifiedSate': datetime.fromtimestamp(last_modified_date, timezone.utc).isoformat()
+                'LastModifiedSate': datetime.fromtimestamp(last_modified_date, UTC).isoformat()
                 if last_modified_date else None,
                 'ShortDescription': short_description,
                 'Description': description,

Packs/CrowdStrikeIntel/Integrations/CrowdStrikeFalconIntel_v2/CrowdStrikeFalconIntel_v2.yml

@@ -86,7 +86,7 @@ configuration:
   advanced: true
   required: false
 script:
-  dockerimage: demisto/python3:3.10.14.99865
+  dockerimage: demisto/python3:3.11.10.116439
   type: python
   subtype: python3
   script: '-'

Packs/CrowdStrikeIntel/ReleaseNotes/2_0_38.md

@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### CrowdStrike Falcon Intel v2
+
+
+- Updated the Docker image to: *demisto/python3:3.11.10.116439*.

Packs/CrowdStrikeIntel/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "CrowdStrike Falcon Intel",
     "description": "Threat intelligence service by CrowdStrike focused on delivering a technical feed to help organizations better defend themselves against adversary activity.",
     "support": "xsoar",
-    "currentVersion": "2.0.37",
+    "currentVersion": "2.0.38",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/Cyberpion/Integrations/Cyberpion/Cyberpion.py

@@ -2,7 +2,7 @@
 from CommonServerPython import *  # noqa: F401
 ''' IMPORTS '''
 from typing import Dict, Tuple, List
-from datetime import timezone
+from datetime import UTC
 import urllib3
 
 urllib3.disable_warnings()
@@ -272,7 +272,7 @@ def fetch_incidents(client: Client,
     for action_item in action_items:
         creation_date = action_item['creation_time']  # must be string of a DATE_FORMAT
         iso_format_data = datetime.strptime(creation_date, DATE_FORMAT).replace(
-            tzinfo=timezone.utc).isoformat()
+            tzinfo=UTC).isoformat()
         incident = {
             'name': '{} - {}'.format(action_item['title'], action_item['domain']),
             # name is required field, must be set

Packs/Cyberpion/Integrations/Cyberpion/Cyberpion.yml

@@ -184,7 +184,7 @@ script:
     - contextPath: Cyberpion.DomainState.discovery_date
       description: The Date domain was discovered
       type: Date
-  dockerimage: demisto/python3:3.10.13.72123
+  dockerimage: demisto/python3:3.11.10.116439
   isfetch: true
   runonce: false
   script: '-'

Packs/Cyberpion/ReleaseNotes/1_1_10.md

@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### Cyberpion
+
+
+- Updated the Docker image to: *demisto/python3:3.11.10.116439*.

Packs/Cyberpion/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Cyberpion",
     "description": "Cyberpion's platform provides the breadth and depth of discovery and vulnerability assessment that security teams need to manage the threats from their far-reaching online ecosystems. Cyberpion solves the rising cybersecurity challenge of understanding the risks and vulnerabilities of your connected online assets and their artifacts. You can use this pack to push Cyberpion Action Items directly into your XSOAR instance, and also get additional information relating to those Action Items, and much more",
     "support": "partner",
-    "currentVersion": "1.1.9",
+    "currentVersion": "1.1.10",
     "author": "Cyberpion",
     "url": "https://www.cyberpion.com",
     "email": "[email protected]",

Packs/Darktrace/Integrations/DarktraceEventCollector/DarktraceEventCollector.py

@@ -1,7 +1,7 @@
 import hashlib
 import hmac
 import json
-from datetime import datetime, timezone
+from datetime import datetime, UTC
 from typing import Any
 from collections.abc import Mapping
 
@@ -109,7 +109,7 @@ def error_handler(self, res: requests.Response):
     def _create_headers(self, query_uri: str, query_data: Dict = None, is_json: bool = False) -> Dict[str, str]:
         """Create headers required for successful authentication"""
         public_token, _ = self._auth
-        date = (datetime.now(timezone.utc)).isoformat(timespec="auto")
+        date = (datetime.now(UTC)).isoformat(timespec="auto")
         signature = _create_signature(self._auth, query_uri, date, query_data, is_json=is_json)
         return {'DTAPI-Token': public_token, 'DTAPI-Date': date, 'DTAPI-Signature': signature}
 

Packs/Darktrace/Integrations/DarktraceEventCollector/DarktraceEventCollector.yml

@@ -82,7 +82,7 @@ script:
   type: python
   subtype: python3
   isfetchevents: true
-  dockerimage: demisto/python3:3.10.13.78960
+  dockerimage: demisto/python3:3.11.10.116439
 marketplaces:
 - marketplacev2
 fromversion: 6.9.0

Packs/Darktrace/ReleaseNotes/3_0_12.md

@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### Darktrace Event Collector
+
+
+- Updated the Docker image to: *demisto/python3:3.11.10.116439*.

Packs/Darktrace/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Darktrace",
     "description": "Populates Darktrace Model Breaches and AI Analyst Events in Cortex XSOAR, allowing for cross-platform automated investigation and response.",
     "support": "partner",
-    "currentVersion": "3.0.11",
+    "currentVersion": "3.0.12",
     "fromVersion": "5.0.0",
     "author": "Darktrace",
     "githubUser": "",

Packs/FraudWatch/Integrations/FraudWatch/FraudWatch.yml

@@ -459,7 +459,7 @@ script:
     - contextPath: FraudWatch.Brand.services.action
       description: Brand service action.
       type: String
-  dockerimage: demisto/python3:3.10.13.72123
+  dockerimage: demisto/python3:3.11.10.116439
   isFetchSamples: true
   isfetch: true
   script: ''

Packs/FraudWatch/Integrations/FraudWatch/FraudWatch_test.py

@@ -3,7 +3,7 @@
 """
 import io
 import json
-from datetime import timezone, timedelta
+from datetime import timedelta, UTC
 from typing import *
 from unittest.mock import Mock
 
@@ -286,7 +286,7 @@ def test_fetch_incidents_command():
      - Ensure on another calls to fetch_incidents, only relevant incidents are fetched.
      - Ensure that the incidents returned are as expected.
     """
-    now = datetime.now(timezone.utc)
+    now = datetime.now(UTC)
     five_minutes_before = now - timedelta(minutes=5)
     one_hour_before = now - timedelta(hours=1)
     two_hours_before = now - timedelta(hours=2)

Packs/FraudWatch/ReleaseNotes/1_0_13.md

@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### FraudWatch
+
+
+- Updated the Docker image to: *demisto/python3:3.11.10.116439*.

Packs/FraudWatch/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "FraudWatch PhishPortal",
     "description": "FraudWatch International provides anti-phishing and online brand protection solutions.",
     "support": "xsoar",
-    "currentVersion": "1.0.12",
+    "currentVersion": "1.0.13",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/Infinipoint/Integrations/Infinipoint/Infinipoint.py

@@ -6,7 +6,7 @@
 import jwt
 import math
 import dateparser
-from datetime import timezone
+from datetime import UTC
 
 # disable insecure warnings
 import urllib3
@@ -316,7 +316,7 @@ def fetch_incidents(client, last_run: dict[str, int], first_fetch_time: int | No
         for alert in alerts.outputs:
             if alert.get("subscription") in subscription:
                 incident_created_epoch_time = int(alert.get('timestamp', '0'))
-                incident_created_time = datetime.fromtimestamp(int(alert.get('timestamp', '0')), timezone.utc)
+                incident_created_time = datetime.fromtimestamp(int(alert.get('timestamp', '0')), UTC)
 
                 incident = {
                     'name': f'Infinipoint {alert.get("name")}',
@@ -385,7 +385,7 @@ def infinipoint_command(client: Client, args=None, optional_args=None, paginatio
         for node in res:
             # Handle time format - convert to ISO from epoch
             if '$time' in node and isinstance(node['$time'], int):
-                created_time = datetime.fromtimestamp(int(node.get('$time', '0')), timezone.utc)
+                created_time = datetime.fromtimestamp(int(node.get('$time', '0')), UTC)
                 node['$time'] = created_time.isoformat()
 
         # CVE reputation

Packs/Infinipoint/Integrations/Infinipoint/Infinipoint.yml

@@ -995,7 +995,7 @@ script:
       description: success.
       type: Number
 
-  dockerimage: demisto/auth-utils:1.0.0.76157
+  dockerimage: demisto/auth-utils:1.0.0.116930
   isfetch: true
   script: '-'
   subtype: python3

Packs/Infinipoint/ReleaseNotes/1_0_15.md

@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### Infinipoint
+
+
+- Updated the Docker image to: *demisto/auth-utils:1.0.0.116930*.

Packs/Infinipoint/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Infinipoint",
     "description": "Use the Infinipoint integration to retrieve security and policy incompliance events, vulnerabilities or incidents. Investigate and respond to events in real-time",
     "support": "partner",
-    "currentVersion": "1.0.14",
+    "currentVersion": "1.0.15",
     "author": "Infinipoint - ET",
     "url": "",
     "email": "[email protected]",