diff --git a/Packs/Code42/Integrations/Code42/CHANGELOG.md b/Packs/Code42/Integrations/Code42/CHANGELOG.md
index 64cdf65c7f14..d30648e07019 100644
--- a/Packs/Code42/Integrations/Code42/CHANGELOG.md
+++ b/Packs/Code42/Integrations/Code42/CHANGELOG.md
@@ -1,22 +1,18 @@
 ## [Unreleased]
-- Internal code improvements.
-- Added new commands:
-    - **code42-departingemployee-get-all**
-    - **code42-highriskemployee-add**
-    - **code42-highriskemployee-remove**
-    - **code42-highriskemployee-get-all**
-    - **code42-highriskemployee-add-risk-tags**
-    - **code42-highriskemployee-remove-risk-tags**
-    - **code42-user-deactivate**
-    - **code42-user-reactivate**
-    - **code42-user-block**
-    - **code42-user-unblock**
-    - **code42-user-create**
-    - **code42-file-download**
-- Improve error messages for all Commands to include exception detail.
-- Fixed bug in Fetch where errors occurred when `FileCategory` was set to include only one category.
-- Fixed bug in Fetch to handle new Code42 exposure type **Outside trusted domains**.
-- Improved Fetch to handle unsupported exposure types better.
+Added new commands:
+    - **code42-departingemployee-get-all** that gets all the employees on the Departing Employee List.
+    - **code42-highriskemployee-add** that takes a username and adds the employee to the High Risk Employee List.
+    - **code42-highriskemployee-remove** that takes a username and remove the employee from the High Risk Employee List.
+    - **code42-highriskemployee-get-all** that gets all the employees on the High Risk Employee List. 
+        Optionally takes a list of risk tags and only gets employees who have those risk tags.
+    - **code42-highriskemployee-add-risk-tags** that takes a username and risk tags and associates the risk tags with the user.
+    - **code42-highriskemployee-remove-risk-tags** that takes a username and risk tags and disassociates the risk tags from the user.
+    - **code42-user-deactivate** that deactivates a user in Code42.
+    - **code42-user-reactivate** that reactivates a user in Code42.
+    - **code42-user-block** that blocks a user in Code42.
+    - **code42-user-unblock** that unblocks a user in Code42.
+    - **code42-user-create** that creates a user in Code42.
+Improve error messages for all Commands to include exception detail.
 
 ## [20.3.3] - 2020-03-18
 #### New Integration
diff --git a/Packs/Code42/Integrations/Code42/Code42.py b/Packs/Code42/Integrations/Code42/Code42.py
index 7a38ccdd163e..23dfcbe25f12 100644
--- a/Packs/Code42/Integrations/Code42/Code42.py
+++ b/Packs/Code42/Integrations/Code42/Code42.py
@@ -306,15 +306,6 @@ def search_file_events(self, payload):
         res = self._get_sdk().securitydata.search_file_events(payload)
         return res["fileEvents"]
 
-    def download_file(self, hash_arg):
-        security_module = self._get_sdk().securitydata
-        if _hash_is_md5(hash_arg):
-            return security_module.stream_file_by_md5(hash_arg)
-        elif _hash_is_sha256(hash_arg):
-            return security_module.stream_file_by_sha256(hash_arg)
-        else:
-            raise Exception("Unsupported hash. Must be SHA256 or MD5.")
-
     def _get_user_id(self, username):
         user_id = self.get_user(username).get("userUid")
         if user_id:
@@ -428,18 +419,12 @@ def build_query_payload(args):
     return query
 
 
-def _hash_is_sha256(hash_arg):
-    return hash_arg and len(hash_arg) == 64
-
-
-def _hash_is_md5(hash_arg):
-    return hash_arg and len(hash_arg) == 32
-
-
 def _create_hash_filter(hash_arg):
-    if _hash_is_md5(hash_arg):
+    if not hash_arg:
+        return None
+    elif len(hash_arg) == 32:
         return MD5.eq(hash_arg)
-    elif _hash_is_sha256(hash_arg):
+    elif len(hash_arg) == 64:
         return SHA256.eq(hash_arg)
 
 
@@ -470,7 +455,7 @@ class ObservationToSecurityQueryMapper(object):
     exposure_type_map = {
         "PublicSearchableShare": ExposureType.IS_PUBLIC,
         "PublicLinkShare": ExposureType.SHARED_VIA_LINK,
-        "SharedOutsideTrustedDomain": ExposureType.OUTSIDE_TRUSTED_DOMAINS,
+        "SharedOutsideTrustedDomain": "OutsideTrustedDomains",
     }
 
     def __init__(self, observation, actor):
@@ -950,13 +935,6 @@ def user_reactivate_command(client, args):
     )
 
 
-def download_file_command(client, args):
-    file_hash = args.get("hash")
-    response = client.download_file(file_hash)
-    file_chunks = [c for c in response.iter_content(chunk_size=128) if c]
-    return fileResult(file_hash, data=b"".join(file_chunks))
-
-
 """Fetching"""
 
 
@@ -996,7 +974,7 @@ def __init__(
         self._first_fetch_time = first_fetch_time
         self._event_severity_filter = event_severity_filter
         self._fetch_limit = fetch_limit
-        self._include_files = include_files
+        self._include_files = (include_files,)
         self._integration_context = integration_context
 
     @logger
@@ -1018,7 +996,7 @@ def _fetch_remaining_incidents_from_last_run(self):
             if remaining_incidents:
                 return (
                     self._last_run,
-                    remaining_incidents[:self._fetch_limit],
+                    remaining_incidents[: self._fetch_limit],
                     remaining_incidents[self._fetch_limit:],
                 )
 
@@ -1043,8 +1021,7 @@ def _fetch_alerts(self, start_query_time):
     def _create_incident_from_alert(self, alert):
         details = self._client.get_alert_details(alert["id"])
         incident = _create_incident_from_alert_details(details)
-        if self._include_files:
-            details = self._relate_files_to_alert(details)
+        details = self._relate_files_to_alert(details)
         incident["rawJSON"] = json.dumps(details)
         return incident
 
@@ -1118,7 +1095,6 @@ def get_command_map():
         "code42-user-unblock": user_unblock_command,
         "code42-user-deactivate": user_deactivate_command,
         "code42_user-reactivate": user_reactivate_command,
-        "code42-download-file": download_file_command,
     }
 
 
@@ -1147,10 +1123,10 @@ def handle_fetch_command(client):
     demisto.setIntegrationContext(integration_context)
 
 
-def run_command(command):
+def try_run_command(command):
     try:
         results = command()
-        if not isinstance(results, (tuple, list)):
+        if not isinstance(results, tuple) and not isinstance(results, list):
             results = [results]
         for result in results:
             return_results(result)
@@ -1158,32 +1134,28 @@ def run_command(command):
         return_error(create_command_error_message(demisto.command(), e))
 
 
-def create_client():
+def run_code42_integration():
     username = demisto.params().get("credentials").get("identifier")
     password = demisto.params().get("credentials").get("password")
     base_url = demisto.params().get("console_url")
     verify_certificate = not demisto.params().get("insecure", False)
     proxy = demisto.params().get("proxy", False)
-    return Code42Client(
+    LOG("Command being called is {0}.".format(demisto.command()))
+    client = Code42Client(
         base_url=base_url,
         sdk=None,
         auth=(username, password),
         verify=verify_certificate,
         proxy=proxy,
     )
-
-
-def run_code42_integration():
-    client = create_client()
     commands = get_command_map()
-    command_key = demisto.command()
-    LOG("Command being called is {0}.".format(command_key))
-    if command_key == "test-module":
+    command = demisto.command()
+    if command == "test-module":
         handle_test_command(client)
-    elif command_key == "fetch-incidents":
+    elif command == "fetch-incidents":
         handle_fetch_command(client)
-    elif command_key in commands:
-        run_command(lambda: commands[command_key](client, demisto.args()))
+    elif command in commands:
+        try_run_command(lambda: commands[command](client, demisto.args()))
 
 
 def main():
diff --git a/Packs/Code42/Integrations/Code42/Code42.yml b/Packs/Code42/Integrations/Code42/Code42.yml
index b16f1aa93348..1315f1bff0f0 100644
--- a/Packs/Code42/Integrations/Code42/Code42.yml
+++ b/Packs/Code42/Integrations/Code42/Code42.yml
@@ -79,7 +79,7 @@ script:
     - auto: PREDEFINED
       default: false
       description: Exposure types to search for. Can be "RemovableMedia", "ApplicationRead",
-        "CloudStorage", "IsPublic", "SharedViaLink", "SharedViaDomain", or "OutsideTrustedDomains".
+        "CloudStorage", "IsPublic", "SharedViaLink", or "SharedViaDomain".
       isArray: true
       name: exposure
       predefined:
@@ -89,7 +89,6 @@ script:
       - IsPublic
       - SharedViaLink
       - SharedViaDomain
-      - OutsideTrustedDomains
       required: false
       secret: false
     - default: false
@@ -332,7 +331,7 @@ script:
       description: The username to remove from the Departing Employee List.
       isArray: false
       name: username
-      required: false
+      required: true
       secret: false
     deprecated: false
     description: Removes a user from the Departing Employee List.
@@ -597,18 +596,7 @@ script:
     - contextPath: Code42.User.UserID
       description: The ID of a Code42 User.
       type: String
-  - arguments:
-    - default: false
-      description: Either the SHA256 or MD5 hash of the file.
-      isArray: false
-      name: hash
-      required: true
-      secret: false
-    deprecated: false
-    description: Downloads a file from Code42 servers.
-    execution: false
-    name: code42-download-file
-  dockerimage: demisto/py42:1.0.0.9653
+  dockerimage: demisto/py42:1.0.0.9323
   feed: false
   isfetch: true
   longRunning: false
diff --git a/Packs/Code42/Integrations/Code42/Code42_test.py b/Packs/Code42/Integrations/Code42/Code42_test.py
index 43ea9043687e..a3698087000d 100644
--- a/Packs/Code42/Integrations/Code42/Code42_test.py
+++ b/Packs/Code42/Integrations/Code42/Code42_test.py
@@ -26,7 +26,6 @@
     user_unblock_command,
     user_deactivate_command,
     user_reactivate_command,
-    download_file_command,
     fetch_incidents,
 )
 import time
@@ -1380,7 +1379,16 @@ def test_departingemployee_get_all_command_when_no_employees(
         no_employees_response
     )
     client = create_client(code42_departing_employee_mock)
-    cmd_res = departingemployee_get_all_command(client,{})
+    cmd_res = departingemployee_get_all_command(
+        client,
+        {
+            "risktags": [
+                "PERFORMANCE_CONCERNS",
+                "SUSPICIOUS_SYSTEM_ACTIVITY",
+                "POOR_SECURITY_PRACTICES",
+            ]
+        },
+    )
     assert cmd_res.outputs_prefix == "Code42.DepartingEmployee"
     assert cmd_res.outputs_key_field == "UserID"
     assert cmd_res.raw_response == {}
@@ -1627,25 +1635,6 @@ def test_security_data_search_command(code42_file_events_mock):
         assert output_item == mapped_event
 
 
-def test_download_file_command_when_given_md5(code42_sdk_mock, mocker):
-    fr = mocker.patch("Code42.fileResult")
-    client = create_client(code42_sdk_mock)
-    _ = download_file_command(client, {"hash": "b6312dbe4aa4212da94523ccb28c5c16"})
-    code42_sdk_mock.securitydata.stream_file_by_md5.assert_called_once_with(
-        "b6312dbe4aa4212da94523ccb28c5c16"
-    )
-    assert fr.call_count == 1
-
-
-def test_download_file_command_when_given_sha256(code42_sdk_mock, mocker):
-    fr = mocker.patch("Code42.fileResult")
-    _hash = "41966f10cc59ab466444add08974fde4cd37f88d79321d42da8e4c79b51c2149"
-    client = create_client(code42_sdk_mock)
-    _ = download_file_command(client, {"hash": _hash})
-    code42_sdk_mock.securitydata.stream_file_by_sha256.assert_called_once_with(_hash)
-    assert fr.call_count == 1
-
-
 def test_fetch_when_no_significant_file_categories_ignores_filter(
     code42_fetch_incidents_mock, mocker
 ):
@@ -1694,41 +1683,8 @@ def test_fetch_incidents_handles_multi_severity(code42_fetch_incidents_mock):
         include_files=True,
         integration_context=None,
     )
-    call_args = str(code42_fetch_incidents_mock.alerts.search.call_args[0][0])
-    assert "HIGH" in call_args
-    assert "LOW" in call_args
-
-
-def test_fetch_when_include_files_includes_files(code42_fetch_incidents_mock):
-    client = create_client(code42_fetch_incidents_mock)
-    _, incidents, _ = fetch_incidents(
-        client=client,
-        last_run={"last_fetch": None},
-        first_fetch_time=MOCK_FETCH_TIME,
-        event_severity_filter=["High", "Low"],
-        fetch_limit=10,
-        include_files=True,
-        integration_context=None,
-    )
-    for i in incidents:
-        _json = json.loads(i["rawJSON"])
-        assert len(_json["fileevents"])
-
-
-def test_fetch_when_not_include_files_excludes_files(code42_fetch_incidents_mock):
-    client = create_client(code42_fetch_incidents_mock)
-    _, incidents, _ = fetch_incidents(
-        client=client,
-        last_run={"last_fetch": None},
-        first_fetch_time=MOCK_FETCH_TIME,
-        event_severity_filter=["High", "Low"],
-        fetch_limit=10,
-        include_files=False,
-        integration_context=None,
-    )
-    for i in incidents:
-        _json = json.loads(i["rawJSON"])
-        assert not _json.get("fileevents")
+    assert "HIGH" in str(code42_fetch_incidents_mock.alerts.search.call_args[0][0])
+    assert "LOW" in str(code42_fetch_incidents_mock.alerts.search.call_args[0][0])
 
 
 def test_fetch_incidents_first_run(code42_fetch_incidents_mock):
diff --git a/Packs/Code42/Integrations/Code42/README.md b/Packs/Code42/Integrations/Code42/README.md
index 02c75bdbd7de..5ad1a1e2e4ca 100644
--- a/Packs/Code42/Integrations/Code42/README.md
+++ b/Packs/Code42/Integrations/Code42/README.md
@@ -717,27 +717,3 @@ Reactivates the user with the given username.
 | UserID |
 | ------ |
 | 123456790 |
-
-
-### code42-download-file
-***
-Downloads a file from Code42 servers.
-
-#### Base Command
-
-`code42-download-file`
-#### Input
-
-| **Argument Name** | **Description** | **Required** |
-| --- | --- | --- |
-| hash | Either the SHA256 or MD5 hash of the file. | Required | 
-
-
-#### Command Example
-```!code42-download-file hash="bf6b326107d4d85eb485eed84b28133a"```
-
-#### Human Readable Output
-### Code42 User Deactivated
-| Type   | Size | Info | MD5 | SHA1 | SHA256 | SHA512 | SSDeep |
-| ------ | ---- | ---- | --- | ---- | ------ | ------ | ------ |
-| application/vnd.ms-excel | 41,472 bytes | Composite Document File V2 Document, Little Endian, Os: MacOS, Version 14.10, Code page: 10000, Last Saved By: John Doe, Name of Creating Application: Microsoft Macintosh Excel, Create Time/Date: Fri Feb 21 17:35:19 2020, Last Saved Time/Date: Mon Apr 13 11:54:08 2020, Security: 0 | 2e45562437ec4f41387f2e14c3850dd6 | 59e552e637bfe5254b163bb4e426a2322d10f50d | d3f8566d04df5dc34bf2607ac803a585ac81e06f28afe81f35cc2e5fe63d2ab5 | 776bd9626761cd567a4b498bafe4f5f896c3f4bc9f3c60513ccacd14251a2568fa3ba44060000affa8b57fb768c417cf271500086e4e49272f26b26a90627abb | 768:pudkQzl3ZpWh+QO3uMdS9dSttRJwyE/KtxA1almvy6mhk+GlESOwWoqSY7bTKCUv:siQzl3ZpWh+QO3uMdS9dSttRJwyE/KtF |  
\ No newline at end of file
diff --git a/Packs/Code42/Integrations/Code42/integration-Code42.yml b/Packs/Code42/Integrations/Code42/integration-Code42.yml
new file mode 100644
index 000000000000..80c39d1cad62
--- /dev/null
+++ b/Packs/Code42/Integrations/Code42/integration-Code42.yml
@@ -0,0 +1,1822 @@
+category: Endpoint
+commonfields:
+  id: Code42
+  version: -1
+configuration:
+- defaultvalue: console.us.code42.com
+  display: Code42 Console URL for the pod your Code42 instance is running in
+  name: console_url
+  required: true
+  type: 0
+- display: Username
+  name: credentials
+  required: true
+  type: 9
+- display: Fetch incidents
+  name: isFetch
+  required: false
+  type: 8
+- display: Incident type
+  name: incidentType
+  required: false
+  type: 13
+- display: Alert severities to fetch when fetching incidents
+  name: alert_severity
+  options:
+  - High
+  - Medium
+  - Low
+  required: false
+  type: 16
+- defaultvalue: 24 hours
+  display: First fetch time range (<number> <time unit>, e.g., 1 hour, 30 minutes)
+  name: fetch_time
+  required: false
+  type: 0
+- defaultvalue: '10'
+  display: Alerts to fetch per run; note that increasing this value may result in slow performance if too many results are returned at once
+  name: fetch_limit
+  required: false
+  type: 0
+- defaultvalue: 'false'
+  display: Include the list of files in returned incidents.
+  name: include_files
+  required: false
+  type: 8
+description: Use the Code42 integration to identify potential data exfiltration from insider threats while speeding investigation and response by providing fast access to file events and metadata across physical and cloud environments.
+display: Code42 (Partner Contribution)
+name: Code42
+script:
+  commands:
+  - arguments:
+    - default: false
+      description: JSON query payload using Code42 query syntax.
+      isArray: false
+      name: json
+      required: false
+      secret: false
+    - default: false
+      description: MD5 or SHA256 hash of the file to search for.
+      isArray: false
+      name: hash
+      required: false
+      secret: false
+    - default: false
+      description: Username to search for.
+      isArray: false
+      name: username
+      required: false
+      secret: false
+    - default: false
+      description: Hostname to search for.
+      isArray: false
+      name: hostname
+      required: false
+      secret: false
+    - auto: PREDEFINED
+      default: false
+      description: Exposure types to search for. Can be "RemovableMedia", "ApplicationRead", "CloudStorage", "IsPublic", "SharedViaLink", or "SharedViaDomain".
+      isArray: true
+      name: exposure
+      predefined:
+      - RemovableMedia
+      - ApplicationRead
+      - CloudStorage
+      - IsPublic
+      - SharedViaLink
+      - SharedViaDomain
+      required: false
+      secret: false
+    - default: false
+      defaultValue: '100'
+      description: The number of results to return. The default is 100.
+      isArray: false
+      name: results
+      required: false
+      secret: false
+    deprecated: false
+    description: Searches for a file in Security Data by JSON query, hash, username, device hostname, exfiltration type, or a combination of parameters. At least one argument must be passed in the command. If a JSON argument is passed, it will be used to the exclusion of other parameters, otherwise parameters will be combined with an AND clause.
+    execution: false
+    name: code42-securitydata-search
+    outputs:
+    - contextPath: Code42.SecurityData.EventTimestamp
+      description: Timestamp for the event.
+      type: date
+    - contextPath: Code42.SecurityData.FileCreated
+      description: File creation date.
+      type: date
+    - contextPath: Code42.SecurityData.EndpointID
+      description: Code42 device ID.
+      type: string
+    - contextPath: Code42.SecurityData.DeviceUsername
+      description: The username that the device is associated with in Code42.
+      type: string
+    - contextPath: Code42.SecurityData.EmailFrom
+      description: The sender email address for email exfiltration events.
+      type: string
+    - contextPath: Code42.SecurityData.EmailTo
+      description: The recipient email address for email exfiltration events.
+      type: string
+    - contextPath: Code42.SecurityData.EmailSubject
+      description: The email subject line for email exfiltration events.
+      type: string
+    - contextPath: Code42.SecurityData.EventID
+      description: The Security Data event ID.
+      type: string
+    - contextPath: Code42.SecurityData.EventType
+      description: The type of Security Data event.
+      type: string
+    - contextPath: Code42.SecurityData.FileCategory
+      description: The file type, as determined by Code42 engine.
+      type: string
+    - contextPath: Code42.SecurityData.FileOwner
+      description: The owner of the file.
+      type: string
+    - contextPath: Code42.SecurityData.FileName
+      description: The file name.
+      type: string
+    - contextPath: Code42.SecurityData.FilePath
+      description: The path to file.
+      type: string
+    - contextPath: Code42.SecurityData.FileSize
+      description: The size of the file (in bytes).
+      type: number
+    - contextPath: Code42.SecurityData.FileModified
+      description: The date the file was last modified.
+      type: date
+    - contextPath: Code42.SecurityData.FileMD5
+      description: MD5 hash of the file.
+      type: string
+    - contextPath: Code42.SecurityData.FileHostname
+      description: Hostname where the file event was captured.
+      type: string
+    - contextPath: Code42.SecurityData.DevicePrivateIPAddress
+      description: Private IP addresses of the device where the event was captured.
+      type: string
+    - contextPath: Code42.SecurityData.DevicePublicIPAddress
+      description: Public IP address of the device where the event was captured.
+      type: string
+    - contextPath: Code42.SecurityData.RemovableMediaType
+      description: Type of removable media.
+      type: string
+    - contextPath: Code42.SecurityData.RemovableMediaCapacity
+      description: Total capacity of removable media (in bytes).
+      type: number
+    - contextPath: Code42.SecurityData.RemovableMediaMediaName
+      description: The full name of the removable media.
+      type: string
+    - contextPath: Code42.SecurityData.RemovableMediaName
+      description: The name of the removable media.
+      type: string
+    - contextPath: Code42.SecurityData.RemovableMediaSerialNumber
+      description: The serial number for the removable medial device.
+      type: string
+    - contextPath: Code42.SecurityData.RemovableMediaVendor
+      description: The vendor name for removable device.
+      type: string
+    - contextPath: Code42.SecurityData.FileSHA256
+      description: The SHA256 hash of the file.
+      type: string
+    - contextPath: Code42.SecurityData.FileShared
+      description: Whether the file is shared using a cloud file service.
+      type: boolean
+    - contextPath: Code42.SecurityData.FileSharedWith
+      description: Accounts that the file is shared with on a cloud file service.
+      type: string
+    - contextPath: Code42.SecurityData.Source
+      description: The source of the file event. Can be "Cloud" or "Endpoint".
+      type: string
+    - contextPath: Code42.SecurityData.ApplicationTabURL
+      description: The URL associated with the application read event.
+      type: string
+    - contextPath: Code42.SecurityData.ProcessName
+      description: The process name for the application read event.
+      type: string
+    - contextPath: Code42.SecurityData.ProcessOwner
+      description: The process owner for the application read event.
+      type: string
+    - contextPath: Code42.SecurityData.WindowTitle
+      description: The process name for the application read event.
+      type: string
+    - contextPath: Code42.SecurityData.FileURL
+      description: The URL of the file on a cloud file service.
+      type: string
+    - contextPath: Code42.SecurityData.Exposure
+      description: The event exposure type.
+      type: string
+    - contextPath: Code42.SecurityData.SharingTypeAdded
+      description: The type of sharing added to the file.
+      type: string
+    - contextPath: File.Name
+      description: The file name.
+      type: string
+    - contextPath: File.Path
+      description: The file path.
+      type: string
+    - contextPath: File.Size
+      description: The file size (in bytes).
+      type: number
+    - contextPath: File.MD5
+      description: The MD5 hash of the file.
+      type: string
+    - contextPath: File.SHA256
+      description: The SHA256 hash of the file.
+      type: string
+    - contextPath: File.Hostname
+      description: The hostname where the file event was captured.
+      type: string
+  - arguments:
+    - default: false
+      description: The alert ID to retrieve. Alert IDs are associated with alerts that are fetched via fetch-incidents.
+      isArray: false
+      name: id
+      required: true
+      secret: false
+    deprecated: false
+    description: Retrieve alert details by alert ID
+    execution: false
+    name: code42-alert-get
+    outputs:
+    - contextPath: Code42.SecurityAlert.Username
+      description: The username associated with the alert.
+      type: string
+    - contextPath: Code42.SecurityAlert.Occurred
+      description: The timestamp when the alert occurred.
+      type: date
+    - contextPath: Code42.SecurityAlert.Description
+      description: The description of the alert.
+      type: string
+    - contextPath: Code42.SecurityAlert.ID
+      description: The alert ID.
+      type: string
+    - contextPath: Code42.SecurityAlert.Name
+      description: The alert rule name that generated the alert.
+      type: string
+    - contextPath: Code42.SecurityAlert.State
+      description: The alert state.
+      type: string
+    - contextPath: Code42.SecurityAlert.Type
+      description: The alert type.
+      type: string
+    - contextPath: Code42.SecurityAlert.Severity
+      description: The severity of the alert.
+      type: string
+  - arguments:
+    - default: false
+      description: The alert ID to resolve. Alert IDs are associated with alerts that are fetched via fetch-incidents.
+      isArray: false
+      name: id
+      required: true
+      secret: false
+    deprecated: false
+    description: Resolves a Code42 Security alert.
+    execution: false
+    name: code42-alert-resolve
+    outputs:
+    - contextPath: Code42.SecurityAlert.ID
+      description: The alert ID of the resolved alert.
+      type: string
+  - arguments:
+    - default: false
+      description: The username to add to the Departing Employee List.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    - default: false
+      description: The departure date for the employee, in the format YYYY-MM-DD.
+      isArray: false
+      name: departuredate
+      required: false
+      secret: false
+    - default: false
+      description: Note to attach to the Departing Employee.
+      isArray: false
+      name: note
+      required: false
+      secret: false
+    deprecated: false
+    description: Adds a user to the Departing Employee List.
+    execution: false
+    name: code42-departingemployee-add
+    outputs:
+    - contextPath: Code42.DepartingEmployee.CaseID
+      description: Internal Code42 Case ID for the Departing Employee. Deprecated. Use Code42.DepartingEmployee.UserID.
+      type: string
+    - contextPath: Code42.DepartingEmployee.UserID
+      description: Internal Code42 User ID for the Departing Employee.
+      type: string
+    - contextPath: Code42.DepartingEmployee.Username
+      description: The username of the Departing Employee.
+      type: string
+    - contextPath: Code42.DepartingEmployee.Note
+      description: Note associated with the Departing Employee.
+      type: string
+    - contextPath: Code42.DepartingEmployee.DepartureDate
+      description: The departure date for the Departing Employee.
+      type: Unknown
+  - arguments:
+    - default: false
+      description: The username to remove from the Departing Employee List.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    deprecated: false
+    description: Removes a user from the Departing Employee List.
+    execution: false
+    name: code42-departingemployee-remove
+    outputs:
+    - contextPath: Code42.DepartingEmployee.CaseID
+      description: Internal Code42 Case ID for the Departing Employee. Deprecated. Use Code42.DepartingEmployee.UserID.
+      type: string
+    - contextPath: Code42.DepartingEmployee.UserID
+      description: Internal Code42 User ID for the Departing Employee.
+      type: string
+    - contextPath: Code42.DepartingEmployee.Username
+      description: The username of the Departing Employee.
+      type: string
+  - arguments:
+    - default: false
+      description: The number of items to return.
+      isArray: false
+      name: results
+      required: false
+      secret: false
+    deprecated: false
+    description: Get all employees on the Departing Employee List.
+    execution: false
+    name: code42-departingemployee-get-all
+    outputs:
+    - contextPath: Code42.DepartingEmployee.UserID
+      description: Internal Code42 User ID for the Departing Employee.
+      type: string
+    - contextPath: Code42.DepartingEmployee.Username
+      description: The username of the Departing Employee.
+      type: string
+    - contextPath: Code42.DepartingEmployee.Note
+      description: Note associated with the Departing Employee.
+      type: string
+    - contextPath: Code42.DepartingEmployee.DepartureDate
+      description: The departure date for the Departing Employee.
+      type: Unknown
+  - arguments:
+    - default: false
+      description: The username to add to the High Risk Employee List.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    - default: false
+      description: Note to attach to the High Risk Employee.
+      isArray: false
+      name: note
+      required: false
+      secret: false
+    deprecated: false
+    description: Adds a user from the High Risk Employee List.
+    execution: false
+    name: code42-highriskemployee-add
+    outputs:
+    - contextPath: Code42.HighRiskEmployee.UserID
+      description: Internal Code42 User ID for the High Risk Employee.
+      type: string
+    - contextPath: Code42.HighRiskEmployee.Username
+      description: The username of the High Risk Employee.
+      type: string
+    - contextPath: Code42.HighRiskEmployee.Note
+      description: Note associated with the High Risk Employee.
+      type: string
+  - arguments:
+    - default: false
+      description: The username to remove from the High Risk Employee List.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    deprecated: false
+    description: Removes a user from the High Risk Employee List.
+    execution: false
+    name: code42-highriskemployee-remove
+    outputs:
+    - contextPath: Code42.HighRiskEmployee.UserID
+      description: Internal Code42 User ID for the High Risk Employee.
+      type: Unknown
+    - contextPath: Code42.HighRiskEmployee.Username
+      description: The username of the High Risk Employee.
+      type: Unknown
+  - arguments:
+    - default: false
+      description: To filter results by employees who have these risk tags. Space delimited.
+      isArray: false
+      name: risktags
+      required: false
+      secret: false
+    - default: false
+      description: The number of items to return.
+      isArray: false
+      name: results
+      required: false
+      secret: false
+    deprecated: false
+    description: Get all employees on the High Risk Employee List.
+    execution: false
+    name: code42-highriskemployee-get-all
+    outputs:
+    - contextPath: Code42.HighRiskEmployee.UserID
+      description: Internal Code42 User ID for the High Risk Employee.
+      type: string
+    - contextPath: Code42.HighRiskEmployee.Username
+      description: The username of the High Risk Employee.
+      type: string
+    - contextPath: Code42.HighRiskEmployee.Note
+      description: Note associated with the High Risk Employee.
+      type: string
+  - arguments:
+    - default: false
+      description: The username of the High Risk Employee.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    - default: false
+      description: Space-delimited risk tags to associate with the High Risk Employee.
+      isArray: false
+      name: risktags
+      required: true
+      secret: false
+    deprecated: false
+    description: Associates risk tags with the employee with the given username.
+    execution: false
+    name: code42-highriskemployee-add-risk-tags
+    outputs:
+    - contextPath: Code42.HighRiskEmployee.UserID
+      description: Internal Code42 User ID for the Departing Employee.
+      type: string
+    - contextPath: Code42.HighRiskEmployee.Username
+      description: The username of the High Risk Employee.
+      type: string
+    - contextPath: Code42.HighRiskEmployee.RiskTags
+      description: Risk tags to associate with the High Risk Employee.
+      type: Unknown
+  - arguments:
+    - default: false
+      description: The username of the High Risk Employee.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    - default: false
+      description: Space-delimited risk tags to disassociate from the High Risk Employee.
+      isArray: false
+      name: risktags
+      required: true
+      secret: false
+    deprecated: false
+    description: Disassociates risk tags from the user with the given username.
+    execution: false
+    name: code42-highriskemployee-remove-risk-tags
+    outputs:
+    - contextPath: Code42.HighRiskEmployee.UserID
+      description: Internal Code42 User ID for the Departing Employee.
+      type: string
+    - contextPath: Code42.HighRiskEmployee.Username
+      description: The username of the High Risk Employee.
+      type: string
+    - contextPath: Code42.HighRiskEmployee.RiskTags
+      description: Risk tags to disassociate from the High Risk Employee.
+      type: Unknown
+  - arguments:
+    - default: false
+      description: The name of the Code42 organization from which to add the user.
+      isArray: false
+      name: orgname
+      required: true
+      secret: false
+    - default: false
+      description: The username to give to the user.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    - default: false
+      defaultValue: The email to give to the user.
+      description: The email of the employee to create.
+      isArray: false
+      name: email
+      required: true
+      secret: false
+    deprecated: false
+    description: Creates a Code42 user.
+    execution: false
+    name: code42-user-create
+    outputs:
+    - contextPath: Code42.User.Username
+      description: A username for a Code42 user.
+      type: String
+    - contextPath: Code42.User.Email
+      description: An email for a Code42 user.
+      type: String
+    - contextPath: Code42.User.UserID
+      description: An ID for a Code42 user.
+      type: String
+  - arguments:
+    - default: false
+      description: The username of the user to block.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    deprecated: false
+    description: Blocks a user in Code42.  A blocked user is not allowed to log in or restore files. Backups will continue if the user is still active.
+    execution: false
+    name: code42-user-block
+    outputs:
+    - contextPath: Code42.User.UserID
+      description: An ID for a Code42 user.
+      type: String
+  - arguments:
+    - default: false
+      description: The username of the user to deactivate.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    deprecated: false
+    description: Deactivate a user in Code42; signing them out of their devices. Backups discontinue for a deactivated user, and their archives go to cold storage.
+    execution: false
+    name: code42-user-deactivate
+    outputs:
+    - contextPath: Code42.User.UserID
+      description: The ID of a Code42 User.
+      type: String
+  - arguments:
+    - default: false
+      description: The username of the user to unblock.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    deprecated: false
+    description: Removes a block, if one exists, on the user with the given user ID. Unblocked users are allowed to log in and restore.
+    execution: false
+    name: code42-user-unblock
+    outputs:
+    - contextPath: Code42.User.UserID
+      description: An ID for a Code42 user.
+      type: String
+  - arguments:
+    - default: false
+      description: The username of the user to reactivate.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    deprecated: false
+    description: Reactivates the user with the given username.
+    execution: false
+    name: code42-user-reactivate
+    outputs:
+    - contextPath: Code42.User.UserID
+      description: The ID of a Code42 User.
+      type: String
+  dockerimage: demisto/py42:1.0.0.9323
+  feed: false
+  isfetch: true
+  longRunning: false
+  longRunningPort: false
+  runonce: false
+  script: >2
+
+
+
+    """ IMPORTS """
+
+    import json
+
+    import requests
+
+    import py42.sdk
+
+    import py42.settings
+
+    from datetime import datetime
+
+    from py42.sdk.queries.fileevents.file_event_query import FileEventQuery
+
+    from py42.sdk.queries.fileevents.filters import (
+        MD5,
+        SHA256,
+        Actor,
+        EventTimestamp,
+        OSHostname,
+        DeviceUsername,
+        ExposureType,
+        EventType,
+        FileCategory,
+    )
+
+    from py42.sdk.queries.alerts.alert_query import AlertQuery
+
+    from py42.sdk.queries.alerts.filters import DateObserved, Severity, AlertState
+
+
+    # Disable insecure warnings
+
+    requests.packages.urllib3.disable_warnings()
+
+
+    """ CONSTANTS """
+
+    CODE42_EVENT_CONTEXT_FIELD_MAPPER = {
+        "eventTimestamp": "EventTimestamp",
+        "createTimestamp": "FileCreated",
+        "deviceUid": "EndpointID",
+        "deviceUserName": "DeviceUsername",
+        "emailFrom": "EmailFrom",
+        "emailRecipients": "EmailTo",
+        "emailSubject": "EmailSubject",
+        "eventId": "EventID",
+        "eventType": "EventType",
+        "fileCategory": "FileCategory",
+        "fileOwner": "FileOwner",
+        "fileName": "FileName",
+        "filePath": "FilePath",
+        "fileSize": "FileSize",
+        "modifyTimestamp": "FileModified",
+        "md5Checksum": "FileMD5",
+        "osHostName": "FileHostname",
+        "privateIpAddresses": "DevicePrivateIPAddress",
+        "publicIpAddresses": "DevicePublicIPAddress",
+        "removableMediaBusType": "RemovableMediaType",
+        "removableMediaCapacity": "RemovableMediaCapacity",
+        "removableMediaMediaName": "RemovableMediaMediaName",
+        "removableMediaName": "RemovableMediaName",
+        "removableMediaSerialNumber": "RemovableMediaSerialNumber",
+        "removableMediaVendor": "RemovableMediaVendor",
+        "sha256Checksum": "FileSHA256",
+        "shared": "FileShared",
+        "sharedWith": "FileSharedWith",
+        "source": "Source",
+        "tabUrl": "ApplicationTabURL",
+        "url": "FileURL",
+        "processName": "ProcessName",
+        "processOwner": "ProcessOwner",
+        "windowTitle": "WindowTitle",
+        "exposure": "Exposure",
+        "sharingTypeAdded": "SharingTypeAdded",
+    }
+
+
+    CODE42_ALERT_CONTEXT_FIELD_MAPPER = {
+        "actor": "Username",
+        "createdAt": "Occurred",
+        "description": "Description",
+        "id": "ID",
+        "name": "Name",
+        "state": "State",
+        "type": "Type",
+        "severity": "Severity",
+    }
+
+
+    FILE_CONTEXT_FIELD_MAPPER = {
+        "fileName": "Name",
+        "filePath": "Path",
+        "fileSize": "Size",
+        "md5Checksum": "MD5",
+        "sha256Checksum": "SHA256",
+        "osHostName": "Hostname",
+    }
+
+
+    CODE42_FILE_TYPE_MAPPER = {
+        "SourceCode": "SOURCE_CODE",
+        "Audio": "AUDIO",
+        "Executable": "EXECUTABLE",
+        "Document": "DOCUMENT",
+        "Image": "IMAGE",
+        "PDF": "PDF",
+        "Presentation": "PRESENTATION",
+        "Script": "SCRIPT",
+        "Spreadsheet": "SPREADSHEET",
+        "Video": "VIDEO",
+        "VirtualDiskImage": "VIRTUAL_DISK_IMAGE",
+        "Archive": "ARCHIVE",
+    }
+
+
+    SECURITY_EVENT_HEADERS = [
+        "EventType",
+        "FileName",
+        "FileSize",
+        "FileHostname",
+        "FileOwner",
+        "FileCategory",
+        "DeviceUsername",
+    ]
+
+
+    SECURITY_ALERT_HEADERS = ["Type", "Occurred", "Username", "Name", "Description", "State", "ID"]
+
+
+
+    def _get_severity_filter_value(severity_arg):
+        """Converts single str to upper case. If given list of strs, converts all to upper case."""
+        if severity_arg:
+            return (
+                [severity_arg.upper()]
+                if isinstance(severity_arg, str)
+                else list(map(lambda x: x.upper(), severity_arg))
+            )
+
+
+    def _create_alert_query(event_severity_filter, start_time):
+        """Creates an alert query for the given severity (or severities) and start time."""
+        alert_filters = AlertQueryFilters()
+        severity = event_severity_filter
+        alert_filters.append_result(_get_severity_filter_value(severity), Severity.is_in)
+        alert_filters.append(AlertState.eq(AlertState.OPEN))
+        alert_filters.append_result(start_time, DateObserved.on_or_after)
+        alert_query = alert_filters.to_all_query()
+        return alert_query
+
+
+    def _get_all_high_risk_employees_from_page(page, risk_tags):
+        res = []
+        # Note: page is a `Py42Response` and has no `get()` method.
+        employees = page["items"]
+        for employee in employees:
+            if not risk_tags:
+                res.append(employee)
+                continue
+
+            employee_tags = employee.get("riskFactors")
+            # If the employee risk tags contain all the given risk tags
+            if employee_tags and set(risk_tags) <= set(employee_tags):
+                res.append(employee)
+        return res
+
+
+    def _try_convert_str_list_to_list(str_list):
+        if isinstance(str_list, str):
+            return str_list.split()
+        return str_list
+
+
+    class Code42Client(BaseClient):
+        """
+        Client will implement the service API, should not contain Cortex XSOAR logic.
+        Should do requests and return data
+        """
+
+        def __init__(self, sdk, base_url, auth, verify=True, proxy=False):
+            super().__init__(base_url, verify=verify, proxy=proxy)
+            # Allow sdk parameter for unit testing.
+            # Otherwise, lazily load the SDK so that the TEST Command can effectively check auth.
+            self._sdk = sdk
+            self._sdk_factory = (
+                lambda: py42.sdk.from_local_account(base_url, auth[0], auth[1])
+                if not self._sdk
+                else None
+            )
+            py42.settings.set_user_agent_suffix("Cortex XSOAR")
+
+        def _get_sdk(self):
+            if self._sdk is None:
+                self._sdk = self._sdk_factory()
+            return self._sdk
+
+        def add_user_to_departing_employee(self, username, departure_date=None, note=None):
+            user_id = self._get_user_id(username)
+            self._get_sdk().detectionlists.departing_employee.add(
+                user_id, departure_date=departure_date
+            )
+            if note:
+                self._get_sdk().detectionlists.update_user_notes(user_id, note)
+            return user_id
+
+        def remove_user_from_departing_employee(self, username):
+            user_id = self._get_user_id(username)
+            self._get_sdk().detectionlists.departing_employee.remove(user_id)
+            return user_id
+
+        def get_all_departing_employees(self, results):
+            res = []
+            results = int(results) if results else None
+            pages = self._get_sdk().detectionlists.departing_employee.get_all()
+            for page in pages:
+                # Note: page is a `Py42Response` and has no `get()` method.
+                employees = page["items"]
+                for employee in employees:
+                    res.append(employee)
+                    if results and len(res) == results:
+                        return res
+            return res
+
+        def add_user_to_high_risk_employee(self, username, note=None):
+            user_id = self._get_user_id(username)
+            self._get_sdk().detectionlists.high_risk_employee.add(user_id)
+            if note:
+                self._get_sdk().detectionlists.update_user_notes(user_id, note)
+            return user_id
+
+        def remove_user_from_high_risk_employee(self, username):
+            user_id = self._get_user_id(username)
+            self._get_sdk().detectionlists.high_risk_employee.remove(user_id)
+            return user_id
+
+        def add_user_risk_tags(self, username, risk_tags):
+            risk_tags = _try_convert_str_list_to_list(risk_tags)
+            user_id = self._get_user_id(username)
+            self._get_sdk().detectionlists.add_user_risk_tags(user_id, risk_tags)
+            return user_id
+
+        def remove_user_risk_tags(self, username, risk_tags):
+            risk_tags = _try_convert_str_list_to_list(risk_tags)
+            user_id = self._get_user_id(username)
+            self._get_sdk().detectionlists.remove_user_risk_tags(user_id, risk_tags)
+            return user_id
+
+        def get_all_high_risk_employees(self, risk_tags, results):
+            risk_tags = _try_convert_str_list_to_list(risk_tags)
+            results = int(results) if results else None
+            res = []
+            pages = self._get_sdk().detectionlists.high_risk_employee.get_all()
+            for page in pages:
+                employees = _get_all_high_risk_employees_from_page(page, risk_tags)
+                for employee in employees:
+                    res.append(employee)
+                    if results and len(res) == results:
+                        return res
+            return res
+
+        def fetch_alerts(self, start_time, event_severity_filter):
+            query = _create_alert_query(event_severity_filter, start_time)
+            res = self._get_sdk().alerts.search(query)
+            return res["alerts"]
+
+        def get_alert_details(self, alert_id):
+            res = self._get_sdk().alerts.get_details(alert_id)["alerts"]
+            if not res:
+                raise Code42AlertNotFoundError(alert_id)
+            return res[0]
+
+        def resolve_alert(self, id):
+            self._get_sdk().alerts.resolve(id)
+            return id
+
+        def get_current_user(self):
+            res = self._get_sdk().users.get_current()
+            return res
+
+        def get_user(self, username):
+            res = self._get_sdk().users.get_by_username(username)["users"]
+            if not res:
+                raise Code42UserNotFoundError(username)
+            return res[0]
+
+        def create_user(self, org_name, username, email):
+            org_uid = self._get_org_id(org_name)
+            response = self._get_sdk().users.create_user(org_uid, username, email)
+            return json.loads(response.text)
+
+        def block_user(self, username):
+            user_id = self._get_legacy_user_id(username)
+            self._get_sdk().users.block(user_id)
+            return user_id
+
+        def unblock_user(self, username):
+            user_id = self._get_legacy_user_id(username)
+            self._get_sdk().users.unblock(user_id)
+            return user_id
+
+        def deactivate_user(self, username):
+            user_id = self._get_legacy_user_id(username)
+            self._get_sdk().users.deactivate(user_id)
+            return user_id
+
+        def reactivate_user(self, username):
+            user_id = self._get_legacy_user_id(username)
+            self._get_sdk().users.reactivate(user_id)
+            return user_id
+
+        def get_org(self, org_name):
+            org_pages = self._get_sdk().orgs.get_all()
+            for org_page in org_pages:
+                orgs = org_page["orgs"]
+                for org in orgs:
+                    if org.get("orgName") == org_name:
+                        return org
+            raise Code42OrgNotFoundError(org_name)
+
+        def search_file_events(self, payload):
+            res = self._get_sdk().securitydata.search_file_events(payload)
+            return res["fileEvents"]
+
+        def _get_user_id(self, username):
+            user_id = self.get_user(username).get("userUid")
+            if user_id:
+                return user_id
+            raise Code42UserNotFoundError(username)
+
+        def _get_legacy_user_id(self, username):
+            user_id = self.get_user(username).get("userId")
+            if user_id:
+                return user_id
+            raise Code42UserNotFoundError(username)
+
+        def _get_org_id(self, org_name):
+            org_uid = self.get_org(org_name).get("orgUid")
+            if org_uid:
+                return org_uid
+            raise Code42OrgNotFoundError(org_name)
+
+
+    class Code42AlertNotFoundError(Exception):
+        def __init__(self, alert_id):
+            super(Code42AlertNotFoundError, self).__init__(
+                "No alert found with ID {0}.".format(alert_id)
+            )
+
+
+    class Code42UserNotFoundError(Exception):
+        def __init__(self, username):
+            super(Code42UserNotFoundError, self).__init__(
+                "No user found with username {0}.".format(username)
+            )
+
+
+    class Code42OrgNotFoundError(Exception):
+        def __init__(self, org_name):
+            super(Code42OrgNotFoundError, self).__init__(
+                "No organization found with name {0}.".format(org_name)
+            )
+
+
+    class Code42SearchFilters(object):
+        def __init__(self):
+            self._filters = []
+
+        @property
+        def filters(self):
+            return self._filters
+
+        def to_all_query(self):
+            """Override"""
+
+        def append(self, _filter):
+            if _filter:
+                self._filters.append(_filter)
+
+        def extend(self, _filters):
+            if _filters:
+                self._filters.extend(_filters)
+
+        def append_result(self, value, create_filter):
+            """Safely creates and appends the filter to the working list."""
+            if not value:
+                return
+            _filter = create_filter(value)
+            self.append(_filter)
+
+
+    class FileEventQueryFilters(Code42SearchFilters):
+        """Class for simplifying building up a file event search query"""
+
+        def __init__(self, pg_size=None):
+            self._pg_size = pg_size
+            super(FileEventQueryFilters, self).__init__()
+
+        def to_all_query(self):
+            """Convert list of search criteria to *args"""
+            query = FileEventQuery.all(*self._filters)
+            if self._pg_size:
+                query.page_size = self._pg_size
+            return query
+
+
+    class AlertQueryFilters(Code42SearchFilters):
+        """Class for simplifying building up an alert search query"""
+
+        def to_all_query(self):
+            query = AlertQuery.all(*self._filters)
+            query.page_size = 500
+            query.sort_direction = "asc"
+            return query
+
+
+    @logger
+
+    def build_query_payload(args):
+        """Build a query payload combining passed args"""
+
+        pg_size = args.get("results")
+        _hash = args.get("hash")
+        hostname = args.get("hostname")
+        username = args.get("username")
+        exposure = args.get("exposure")
+
+        search_args = FileEventQueryFilters(pg_size)
+        search_args.append_result(_hash, _create_hash_filter)
+        search_args.append_result(hostname, OSHostname.eq)
+        search_args.append_result(username, DeviceUsername.eq)
+        search_args.append_result(exposure, _create_exposure_filter)
+
+        query = search_args.to_all_query()
+        LOG("File Event Query: {}".format(str(query)))
+        return query
+
+
+    def _create_hash_filter(hash_arg):
+        if not hash_arg:
+            return None
+        elif len(hash_arg) == 32:
+            return MD5.eq(hash_arg)
+        elif len(hash_arg) == 64:
+            return SHA256.eq(hash_arg)
+
+
+    def _create_exposure_filter(exposure_arg):
+        # Because the CLI can't accept lists, convert the args to a list if the type is string.
+        if isinstance(exposure_arg, str):
+            exposure_arg = exposure_arg.split(",")
+        return ExposureType.is_in(exposure_arg)
+
+
+    def _create_category_filter(file_type):
+        category_value = CODE42_FILE_TYPE_MAPPER.get(file_type.get("category"), "UNCATEGORIZED")
+        return FileCategory.eq(category_value)
+
+
+    class ObservationToSecurityQueryMapper(object):
+        """Class to simplify the process of mapping observation data to query objects."""
+
+        # Exfiltration consts
+        _ENDPOINT_TYPE = "FedEndpointExfiltration"
+        _CLOUD_TYPE = "FedCloudSharePermissions"
+
+        # Query consts
+        _PUBLIC_SEARCHABLE = "PublicSearchableShare"
+        _PUBLIC_LINK = "PublicLinkShare"
+        _OUTSIDE_TRUSTED_DOMAINS = "SharedOutsideTrustedDomain"
+
+        exposure_type_map = {
+            "PublicSearchableShare": ExposureType.IS_PUBLIC,
+            "PublicLinkShare": ExposureType.SHARED_VIA_LINK,
+            "SharedOutsideTrustedDomain": "OutsideTrustedDomains",
+        }
+
+        def __init__(self, observation, actor):
+            self._obs = observation
+            self._actor = actor
+
+        @property
+        def _observation_data(self):
+            return self._obs.get("data")
+
+        @property
+        def _exfiltration_type(self):
+            return self._obs.get("type")
+
+        @property
+        def _is_endpoint_exfiltration(self):
+            return self._exfiltration_type == self._ENDPOINT_TYPE
+
+        @property
+        def _is_cloud_exfiltration(self):
+            return self._exfiltration_type == self._CLOUD_TYPE
+
+        def _create_user_filter(self):
+            return (
+                DeviceUsername.eq(self._actor)
+                if self._is_endpoint_exfiltration
+                else Actor.eq(self._actor)
+            )
+
+        def map(self):
+            search_args = self._create_search_args()
+            query = search_args.to_all_query()
+            LOG("Alert Observation Query: {}".format(query))
+            return query
+
+        def _create_search_args(self):
+            filters = FileEventQueryFilters()
+            exposure_types = self._observation_data.get("exposureTypes")
+            first_activity = self._observation_data.get("firstActivityAt")
+            last_activity = self._observation_data.get("lastActivityAt")
+            filters.append(self._create_user_filter())
+            if first_activity:
+                begin_time = _convert_date_arg_to_epoch(first_activity)
+                if begin_time:
+                    filters.append(EventTimestamp.on_or_after(begin_time))
+            if last_activity:
+                end_time = _convert_date_arg_to_epoch(last_activity)
+                if end_time:
+                    filters.append(EventTimestamp.on_or_before(end_time))
+            filters.extend(self._create_exposure_filters(exposure_types))
+            filters.append(self._create_file_category_filters())
+            return filters
+
+        @logger
+        def _create_exposure_filters(self, exposure_types):
+            """Determine exposure types based on alert type"""
+            exp_types = []
+            if self._is_cloud_exfiltration:
+                for t in exposure_types:
+                    exp_type = self.exposure_type_map.get(t)
+                    if exp_type:
+                        exp_types.append(exp_type)
+                    else:
+                        LOG("Received unsupported exposure type {0}.".format(t))
+                if exp_types:
+                    return [ExposureType.is_in(exp_types)]
+                else:
+                    # If not given a support exposure type, search for all unsupported exposure types
+                    supported_exp_types = list(self.exposure_type_map.values())
+                    return [ExposureType.not_in(supported_exp_types)]
+            elif self._is_endpoint_exfiltration:
+                return [
+                    EventType.is_in([EventType.CREATED, EventType.MODIFIED, EventType.READ_BY_APP]),
+                    ExposureType.is_in(exposure_types),
+                ]
+            return []
+
+        def _create_file_category_filters(self):
+            """Determine if file categorization is significant"""
+            observed_file_categories = self._observation_data.get("fileCategories")
+            if observed_file_categories:
+                categories = [
+                    c.get("category").upper()
+                    for c in observed_file_categories
+                    if c.get("isSignificant") and c.get("category")
+                ]
+                if categories:
+                    return FileCategory.is_in(categories)
+
+
+    def map_observation_to_security_query(observation, actor):
+        mapper = ObservationToSecurityQueryMapper(observation, actor)
+        return mapper.map()
+
+
+    def _convert_date_arg_to_epoch(date_arg):
+        date_arg = date_arg[:25]
+        return (
+            datetime.strptime(date_arg, "%Y-%m-%dT%H:%M:%S.%f") - datetime.utcfromtimestamp(0)
+        ).total_seconds()
+
+
+    @logger
+
+    def map_to_code42_event_context(obj):
+        code42_context = _map_obj_to_context(obj, CODE42_EVENT_CONTEXT_FIELD_MAPPER)
+        # FileSharedWith is a special case and needs to be converted to a list
+        shared_with_list = code42_context.get("FileSharedWith")
+        if shared_with_list:
+            shared_list = [u.get("cloudUsername") for u in shared_with_list if u.get("cloudUsername")]
+            code42_context["FileSharedWith"] = str(shared_list)
+        return code42_context
+
+
+    @logger
+
+    def map_to_code42_alert_context(obj):
+        return _map_obj_to_context(obj, CODE42_ALERT_CONTEXT_FIELD_MAPPER)
+
+
+    @logger
+
+    def map_to_file_context(obj):
+        return _map_obj_to_context(obj, FILE_CONTEXT_FIELD_MAPPER)
+
+
+    @logger
+
+    def _map_obj_to_context(obj, context_mapper):
+        return {v: obj.get(k) for k, v in context_mapper.items() if obj.get(k)}
+
+
+    def create_command_error_message(cmd, ex):
+        return "Failed to execute command {0} command. Error: {1}".format(cmd, str(ex))
+
+
+    """Commands"""
+
+
+
+    @logger
+
+    def alert_get_command(client, args):
+        code42_securityalert_context = []
+        alert = client.get_alert_details(args.get("id"))
+        if not alert:
+            return CommandResults(
+                readable_output="No results found",
+                outputs={"Results": []},
+                outputs_key_field="ID",
+                outputs_prefix="Code42.SecurityAlert",
+                raw_response={},
+            )
+
+        code42_context = map_to_code42_alert_context(alert)
+        code42_securityalert_context.append(code42_context)
+        readable_outputs = tableToMarkdown(
+            "Code42 Security Alert Results",
+            code42_securityalert_context,
+            headers=SECURITY_ALERT_HEADERS,
+        )
+        return CommandResults(
+            outputs_prefix="Code42.SecurityAlert",
+            outputs_key_field="ID",
+            outputs=code42_securityalert_context,
+            readable_output=readable_outputs,
+            raw_response=alert,
+        )
+
+
+    @logger
+
+    def alert_resolve_command(client, args):
+        code42_securityalert_context = []
+        alert_id = client.resolve_alert(args.get("id"))
+        if not alert_id:
+            return CommandResults(
+                readable_output="No results found",
+                outputs={"Results": []},
+                outputs_key_field="ID",
+                outputs_prefix="Code42.SecurityAlert",
+                raw_response={},
+            )
+
+        # Retrieve new alert details
+        alert_details = client.get_alert_details(alert_id)
+        code42_context = map_to_code42_alert_context(alert_details)
+        code42_securityalert_context.append(code42_context)
+        readable_outputs = tableToMarkdown(
+            "Code42 Security Alert Resolved",
+            code42_securityalert_context,
+            headers=SECURITY_ALERT_HEADERS,
+        )
+        return CommandResults(
+            outputs_prefix="Code42.SecurityAlert",
+            outputs_key_field="ID",
+            outputs=code42_securityalert_context,
+            readable_output=readable_outputs,
+            raw_response=alert_details,
+        )
+
+
+    @logger
+
+    def departingemployee_add_command(client, args):
+        departing_date = args.get("departuredate")
+        username = args.get("username")
+        note = args.get("note")
+        user_id = client.add_user_to_departing_employee(username, departing_date, note)
+        # CaseID included but is deprecated.
+        de_context = {
+            "CaseID": user_id,
+            "UserID": user_id,
+            "Username": username,
+            "DepartureDate": departing_date,
+            "Note": note,
+        }
+        readable_outputs = tableToMarkdown("Code42 Departing Employee List User Added", de_context)
+        return CommandResults(
+            outputs_prefix="Code42.DepartingEmployee",
+            outputs_key_field="UserID",
+            outputs=de_context,
+            readable_output=readable_outputs,
+            raw_response=user_id,
+        )
+
+
+    @logger
+
+    def departingemployee_remove_command(client, args):
+        username = args.get("username")
+        user_id = client.remove_user_from_departing_employee(username)
+        # CaseID included but is deprecated.
+        de_context = {"CaseID": user_id, "UserID": user_id, "Username": username}
+        readable_outputs = tableToMarkdown("Code42 Departing Employee List User Removed", de_context)
+        return CommandResults(
+            outputs_prefix="Code42.DepartingEmployee",
+            outputs_key_field="UserID",
+            outputs=de_context,
+            readable_output=readable_outputs,
+            raw_response=user_id,
+        )
+
+
+    @logger
+
+    def departingemployee_get_all_command(client, args):
+        results = args.get("results") or 50
+        employees = client.get_all_departing_employees(results)
+        if not employees:
+            return CommandResults(
+                readable_output="No results found",
+                outputs_prefix="Code42.DepartingEmployee",
+                outputs_key_field="UserID",
+                outputs={"Results": []},
+                raw_response={},
+            )
+
+        employees_context = [
+            {
+                "UserID": e.get("userId"),
+                "Username": e.get("userName"),
+                "DepartureDate": e.get("departureDate"),
+                "Note": e.get("notes"),
+            }
+            for e in employees
+        ]
+        readable_outputs = tableToMarkdown("All Departing Employees", employees_context)
+        return CommandResults(
+            outputs_prefix="Code42.DepartingEmployee",
+            outputs_key_field="UserID",
+            outputs=employees_context,
+            readable_output=readable_outputs,
+            raw_response=employees,
+        )
+
+
+    @logger
+
+    def highriskemployee_add_command(client, args):
+        username = args.get("username")
+        note = args.get("note")
+        user_id = client.add_user_to_high_risk_employee(username, note)
+        hr_context = {"UserID": user_id, "Username": username}
+        readable_outputs = tableToMarkdown("Code42 High Risk Employee List User Added", hr_context)
+        return CommandResults(
+            outputs_prefix="Code42.HighRiskEmployee",
+            outputs_key_field="UserID",
+            outputs=hr_context,
+            readable_output=readable_outputs,
+            raw_response=user_id,
+        )
+
+
+    @logger
+
+    def highriskemployee_remove_command(client, args):
+        username = args.get("username")
+        user_id = client.remove_user_from_high_risk_employee(username)
+        hr_context = {"UserID": user_id, "Username": username}
+        readable_outputs = tableToMarkdown("Code42 High Risk Employee List User Removed", hr_context)
+        return CommandResults(
+            outputs_prefix="Code42.HighRiskEmployee",
+            outputs_key_field="UserID",
+            outputs=hr_context,
+            readable_output=readable_outputs,
+            raw_response=user_id,
+        )
+
+
+    @logger
+
+    def highriskemployee_get_all_command(client, args):
+        tags = args.get("risktags")
+        results = args.get("results") or 50
+        employees = client.get_all_high_risk_employees(tags, results)
+        if not employees:
+            return CommandResults(
+                readable_output="No results found",
+                outputs_prefix="Code42.HighRiskEmployee",
+                outputs_key_field="UserID",
+                outputs={"Results": []},
+                raw_response={},
+            )
+        employees_context = [
+            {"UserID": e.get("userId"), "Username": e.get("userName"), "Note": e.get("notes")}
+            for e in employees
+        ]
+        readable_outputs = tableToMarkdown("Retrieved All High Risk Employees", employees_context)
+        return CommandResults(
+            outputs_prefix="Code42.HighRiskEmployee",
+            outputs_key_field="UserID",
+            outputs=employees_context,
+            readable_output=readable_outputs,
+            raw_response=employees,
+        )
+
+
+    @logger
+
+    def highriskemployee_add_risk_tags_command(client, args):
+        username = args.get("username")
+        tags = args.get("risktags")
+        user_id = client.add_user_risk_tags(username, tags)
+        rt_context = {"UserID": user_id, "Username": username, "RiskTags": tags}
+        readable_outputs = tableToMarkdown("Code42 Risk Tags Added", rt_context)
+        return CommandResults(
+            outputs_prefix="Code42.HighRiskEmployee",
+            outputs_key_field="UserID",
+            outputs=rt_context,
+            readable_output=readable_outputs,
+            raw_response=user_id,
+        )
+
+
+    @logger
+
+    def highriskemployee_remove_risk_tags_command(client, args):
+        username = args.get("username")
+        tags = args.get("risktags")
+        user_id = client.remove_user_risk_tags(username, tags)
+        rt_context = {"UserID": user_id, "Username": username, "RiskTags": tags}
+        readable_outputs = tableToMarkdown("Code42 Risk Tags Removed", rt_context)
+        return CommandResults(
+            outputs_prefix="Code42.HighRiskEmployee",
+            outputs_key_field="UserID",
+            outputs=rt_context,
+            readable_output=readable_outputs,
+            raw_response=user_id,
+        )
+
+
+    @logger
+
+    def securitydata_search_command(client, args):
+        code42_security_data_context = []
+        _json = args.get("json")
+        file_context = []
+
+        # If JSON payload is passed as an argument, ignore all other args and search by JSON payload
+        if _json is not None:
+            file_events = client.search_file_events(_json)
+        else:
+            # Build payload
+            payload = build_query_payload(args)
+            file_events = client.search_file_events(payload)
+        if file_events:
+            for file_event in file_events:
+                code42_context_event = map_to_code42_event_context(file_event)
+                code42_security_data_context.append(code42_context_event)
+                file_context_event = map_to_file_context(file_event)
+                file_context.append(file_context_event)
+            readable_outputs = tableToMarkdown(
+                "Code42 Security Data Results",
+                code42_security_data_context,
+                headers=SECURITY_EVENT_HEADERS,
+            )
+            code42_results = CommandResults(
+                outputs_prefix="Code42.SecurityData",
+                outputs_key_field="EventID",
+                outputs=code42_security_data_context,
+                readable_output=readable_outputs,
+                raw_response=file_events,
+            )
+            file_results = CommandResults(
+                outputs_prefix="File", outputs_key_field=None, outputs=file_context
+            )
+            return code42_results, file_results
+
+        else:
+            return CommandResults(
+                readable_output="No results found",
+                outputs={"Results": []},
+                outputs_key_field="EventID",
+                outputs_prefix="Code42.SecurityData",
+                raw_response={},
+            )
+
+
+    def user_create_command(client, args):
+        org_name = args.get("orgname")
+        username = args.get("username")
+        email = args.get("email")
+        res = client.create_user(org_name, username, email)
+        outputs = {
+            "Username": res.get("username"),
+            "UserID": res.get("userUid"),
+            "Email": res.get("email"),
+        }
+        readable_outputs = tableToMarkdown("Code42 User Created", outputs)
+        return CommandResults(
+            outputs_prefix="Code42.User",
+            outputs_key_field="UserID",
+            outputs=outputs,
+            readable_output=readable_outputs,
+            raw_response=res,
+        )
+
+
+    def user_block_command(client, args):
+        username = args.get("username")
+        user_id = client.block_user(username)
+        outputs = {"UserID": user_id}
+        readable_outputs = tableToMarkdown("Code42 User Blocked", outputs)
+        return CommandResults(
+            outputs_prefix="Code42.User",
+            outputs_key_field="UserID",
+            outputs=outputs,
+            readable_output=readable_outputs,
+            raw_response=user_id,
+        )
+
+
+    def user_unblock_command(client, args):
+        username = args.get("username")
+        user_id = client.unblock_user(username)
+        outputs = {"UserID": user_id}
+        readable_outputs = tableToMarkdown("Code42 User Unblocked", outputs)
+        return CommandResults(
+            outputs_prefix="Code42.User",
+            outputs_key_field="UserID",
+            outputs=outputs,
+            readable_output=readable_outputs,
+            raw_response=user_id,
+        )
+
+
+    def user_deactivate_command(client, args):
+        username = args.get("username")
+        user_id = client.deactivate_user(username)
+        outputs = {"UserID": user_id}
+        readable_outputs = tableToMarkdown("Code42 User Deactivated", outputs)
+        return CommandResults(
+            outputs_prefix="Code42.User",
+            outputs_key_field="UserID",
+            outputs=outputs,
+            readable_output=readable_outputs,
+            raw_response=user_id,
+        )
+
+
+    def user_reactivate_command(client, args):
+        username = args.get("username")
+        user_id = client.reactivate_user(username)
+        outputs = {"UserID": user_id}
+        readable_outputs = tableToMarkdown("Code42 User Reactivated", outputs)
+        return CommandResults(
+            outputs_prefix="Code42.User",
+            outputs_key_field="UserID",
+            outputs=outputs,
+            readable_output=readable_outputs,
+            raw_response=user_id,
+        )
+
+
+    """Fetching"""
+
+
+
+    def _create_incident_from_alert_details(details):
+        return {"name": "Code42 - {}".format(details.get("name")), "occurred": details.get("createdAt")}
+
+
+    def _stringify_lists_if_needed(event):
+        # We need to convert certain fields to a stringified list or React.JS will throw an error
+        shared_with = event.get("sharedWith")
+        private_ip_addresses = event.get("privateIpAddresses")
+        if shared_with:
+            shared_list = [u.get("cloudUsername") for u in shared_with if u.get("cloudUsername")]
+            event["sharedWith"] = str(shared_list)
+        if private_ip_addresses:
+            event["privateIpAddresses"] = str(private_ip_addresses)
+        return event
+
+
+    def _process_event_from_observation(event):
+        return _stringify_lists_if_needed(event)
+
+
+    class Code42SecurityIncidentFetcher(object):
+        def __init__(
+            self,
+            client,
+            last_run,
+            first_fetch_time,
+            event_severity_filter,
+            fetch_limit,
+            include_files,
+            integration_context=None,
+        ):
+            self._client = client
+            self._last_run = last_run
+            self._first_fetch_time = first_fetch_time
+            self._event_severity_filter = event_severity_filter
+            self._fetch_limit = fetch_limit
+            self._include_files = (include_files,)
+            self._integration_context = integration_context
+
+        @logger
+        def fetch(self):
+            remaining_incidents_from_last_run = self._fetch_remaining_incidents_from_last_run()
+            if remaining_incidents_from_last_run:
+                return remaining_incidents_from_last_run
+            start_query_time = self._get_start_query_time()
+            alerts = self._fetch_alerts(start_query_time)
+            incidents = [self._create_incident_from_alert(a) for a in alerts]
+            save_time = datetime.utcnow().timestamp()
+            next_run = {"last_fetch": save_time}
+            return next_run, incidents[: self._fetch_limit], incidents[self._fetch_limit:]
+
+        def _fetch_remaining_incidents_from_last_run(self):
+            if self._integration_context:
+                remaining_incidents = self._integration_context.get("remaining_incidents")
+                # return incidents if exists in context.
+                if remaining_incidents:
+                    return (
+                        self._last_run,
+                        remaining_incidents[: self._fetch_limit],
+                        remaining_incidents[self._fetch_limit:],
+                    )
+
+        def _get_start_query_time(self):
+            start_query_time = self._try_get_last_fetch_time()
+
+            # Handle first time fetch, fetch incidents retroactively
+            if not start_query_time:
+                start_query_time, _ = parse_date_range(
+                    self._first_fetch_time, to_timestamp=True, utc=True
+                )
+                start_query_time /= 1000
+
+            return start_query_time
+
+        def _try_get_last_fetch_time(self):
+            return self._last_run.get("last_fetch")
+
+        def _fetch_alerts(self, start_query_time):
+            return self._client.fetch_alerts(start_query_time, self._event_severity_filter)
+
+        def _create_incident_from_alert(self, alert):
+            details = self._client.get_alert_details(alert["id"])
+            incident = _create_incident_from_alert_details(details)
+            details = self._relate_files_to_alert(details)
+            incident["rawJSON"] = json.dumps(details)
+            return incident
+
+        def _relate_files_to_alert(self, alert_details):
+            observations = alert_details.get("observations")
+            if not observations:
+                alert_details["fileevents"] = []
+                return
+            for obs in observations:
+                file_events = self._get_file_events_from_alert_details(obs, alert_details)
+                alert_details["fileevents"] = [_process_event_from_observation(e) for e in file_events]
+            return alert_details
+
+        def _get_file_events_from_alert_details(self, observation, alert_details):
+            security_data_query = map_observation_to_security_query(observation, alert_details["actor"])
+            return self._client.search_file_events(security_data_query)
+
+
+    def fetch_incidents(
+        client,
+        last_run,
+        first_fetch_time,
+        event_severity_filter,
+        fetch_limit,
+        include_files,
+        integration_context=None,
+    ):
+        fetcher = Code42SecurityIncidentFetcher(
+            client,
+            last_run,
+            first_fetch_time,
+            event_severity_filter,
+            fetch_limit,
+            include_files,
+            integration_context,
+        )
+        return fetcher.fetch()
+
+
+    """Main and test"""
+
+
+
+    def test_module(client):
+        try:
+            # Will fail if unauthorized
+            client.get_current_user()
+            return "ok"
+        except Exception:
+            return (
+                "Invalid credentials or host address. Check that the username and password are correct, that the host "
+                "is available and reachable, and that you have supplied the full scheme, domain, and port "
+                "(e.g. https://myhost.code42.com:4285)."
+            )
+
+
+    def get_command_map():
+        return {
+            "code42-alert-get": alert_get_command,
+            "code42-alert-resolve": alert_resolve_command,
+            "code42-securitydata-search": securitydata_search_command,
+            "code42-departingemployee-add": departingemployee_add_command,
+            "code42-departingemployee-remove": departingemployee_remove_command,
+            "code42-departingemployee-get-all": departingemployee_get_all_command,
+            "code42-highriskemployee-add": highriskemployee_add_command,
+            "code42-highriskemployee-remove": highriskemployee_remove_command,
+            "code42-highriskemployee-get-all": highriskemployee_get_all_command,
+            "code42-highriskemployee-add-risk-tags": highriskemployee_add_risk_tags_command,
+            "code42-highriskemployee-remove-risk-tags": highriskemployee_remove_risk_tags_command,
+            "code42-user-create": user_create_command,
+            "code42-user-block": user_block_command,
+            "code42-user-unblock": user_unblock_command,
+            "code42-user-deactivate": user_deactivate_command,
+            "code42_user-reactivate": user_reactivate_command,
+        }
+
+
+    def handle_test_command(client):
+        # This is the call made when pressing the integration Test button.
+        result = test_module(client)
+        demisto.results(result)
+
+
+    def handle_fetch_command(client):
+        integration_context = demisto.getIntegrationContext()
+        # Set and define the fetch incidents command to run after activated via integration settings.
+        next_run, incidents, remaining_incidents = fetch_incidents(
+            client=client,
+            last_run=demisto.getLastRun(),
+            first_fetch_time=demisto.params().get("fetch_time"),
+            event_severity_filter=demisto.params().get("alert_severity"),
+            fetch_limit=int(demisto.params().get("fetch_limit")),
+            include_files=demisto.params().get("include_files"),
+            integration_context=integration_context,
+        )
+        demisto.setLastRun(next_run)
+        demisto.incidents(incidents)
+        # Store remaining incidents in integration context
+        integration_context["remaining_incidents"] = remaining_incidents
+        demisto.setIntegrationContext(integration_context)
+
+
+    def try_run_command(command):
+        try:
+            results = command()
+            if not isinstance(results, tuple) and not isinstance(results, list):
+                results = [results]
+            for result in results:
+                return_results(result)
+        except Exception as e:
+            return_error(create_command_error_message(demisto.command(), e))
+
+
+    def run_code42_integration():
+        username = demisto.params().get("credentials").get("identifier")
+        password = demisto.params().get("credentials").get("password")
+        base_url = demisto.params().get("console_url")
+        verify_certificate = not demisto.params().get("insecure", False)
+        proxy = demisto.params().get("proxy", False)
+        LOG("Command being called is {0}.".format(demisto.command()))
+        client = Code42Client(
+            base_url=base_url,
+            sdk=None,
+            auth=(username, password),
+            verify=verify_certificate,
+            proxy=proxy,
+        )
+        commands = get_command_map()
+        command = demisto.command()
+        if command == "test-module":
+            handle_test_command(client)
+        elif command == "fetch-incidents":
+            handle_fetch_command(client)
+        elif command in commands:
+            try_run_command(lambda: commands[command](client, demisto.args()))
+
+
+    def main():
+        run_code42_integration()
+
+
+    if __name__ in ("__main__", "__builtin__", "builtins"):
+        main()
+  subtype: python3
+  type: python
+image: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHgAAAAyCAYAAACXpx/YAAAHjElEQVR4nO2aeYxV1R3HP/e+h2wyoCxalhkQpFJpUcQ2LijRLsE9ikutUjCh44poWzUqalyitmqiQdM0rfsSlbjVuFsXlChVaaWKSnBBBnDsMAwyFpiZd815871wuNztDTP4B+eT3Hn3nv2e3zm/3+/87uBwOBwOh8PhcDgcDofD4XA4HA6Hw7EteKXjqAMGA9908kz2AVYDY4B6O8ML4GN/ANOKU/AJ6EGrE2IXUZQgsH47E9Omb7fn6fdef19Wen3YM2igtCnV0dn4XTyjga4tUhb7g3i6MIYhwVon3C6mqwW8BaEo7/b3pZEe9Kbl+3rvHYbidn3RAD7wB/Fs4YdUB020bbl7+wIHAbsBG4CFwOIKWt8f2AsoAMuA+cD6jDo1wE5Am549XQ1AY44+ewDDgNJWmmoz3YAmYFVGWz3VVpvaMu+xUe+S1LbZoPsBo3T/KfC2xlOmUgG3qrNuFdazbO941tCT3fmGtnYFYgZ3E3CMVSzkE2Am8HxK05cBFwD9I+lmcu4GLgbWxNQzE/gmMCSh3c+AF4AbgM8TyvwUeC1lbCHPAEdmlLkROC+SZhZFNWyl6nYBrgJO173NWuDPwLVUoKL/BkzQ7hoEjANuzVm3nQAW+bvxTGE0NUFjKNxTgCXAsRKuWb11lkc/GngOuDqmxSpgkV4kFG6DtVPMzvwdsBzYp6KxtjMCqJWgoxPf2RxUQR8n63QyM0a44bxcA7xIDgF/K8HOAN5Vw2Y3vA/Mkkr8X9aIwm35lD+GRnqFx6JfAg9ZxWYDuwJDNcjJUk9h3mmRZs3uGqv7f2gxDAB+oIU4R3m9tcsGpwxxLrCzjnSmnfGapGbl3wZcmPGaf5CaHRu5jAo9K6PuLRn5NuNi0pq0c21+DlyUJeBfSbBJfAxMSrERm2jxfBb4wxgYNIee8+1W9gHaifYgn5NdNbv0PuCfVt5FwM90f7PU+xIrv147Yrqeq1QuidUS5kdqx9j/K4CR0ihhP3untLFMNv+DyPWetVDj+L1UPaq3KGMqLzWWTvePaTH1kw9zQaTsMWkCNmr5jYzOwkHdmJDnl68Alnr9qaOKncv+EyfJ9houB95KqF+vFTsVWGGlT9XvJ9o5SRgb/KTyjGobnlAu6az2FTDNep6R0ldHqA5tpZgtJymL2TJrJ2j+Q+ZE5mlAmpP1YAUD/gvQXd5vGJYy6mpdaE+Xe1Ws83aiT1AW8C9UpmStxiSi2mGstZOeyDG2RywbPzHFYUriJe3C8aqfRLXeeWQk33jaX2qxRLle+UhjPQ6cmWNMyxK0woSIKVqVJOBWqd+8fJFkozz9ubMwgSIlCgRGYuFOWqyXr4Q9rLIf5qj3X+s+aQfnaWO8hNgj4fh1k644jIa7JJJ+NHCq9TxLvz07OEbjfzwcSZubpqIz7WoltFDA29xk2G9HgtAF6z5PffuIUUgpl0bYj99JwSE/4hPUWhuqI/P+Y9WvttJeNio7aQcX5U2uzNnBUA1yozUZZqU3B3C7F9A8ve0dZhWPKjtYHkF4lBku56Cpgpeps+7z7EhbZeZ9nyh76rleJ4s4ZsnbHhXJ6x4T5LjCahPVuUyevD3eKpkwc+S5M6HfM4C/R9IW6BSSGuj4dc5DPBLu5THprfKAm4cGa8uhSRO9KhLMl3rqK/uYZYdtFsqRGCwv/7qM8pOt+39V0E/IOMv2vpNSboV235KUMiHRc/kfE8r1UqxgYIKAH5ScbO4Azgmf09RNreW+pzFa0aI4SuXLg5pgDQOCZr5tD4I9IgcMeZFVCfV9BVROsdJa5IygiZ+aUNdgjlln636enKVKucMq/0AH6ncFP5KTFRXuGZZwy2HXLHvyfMbZz8RyX8kTuuwbrGefYCVfe73NuelrqSkUf/1PzKo2bT6qiM1D1pkWhelW6/4e4PyYLs3OfcV6np01Rgtfnr6xawcq+S55uklU8lnsbcUXnrSux7XwG6xyG7QoX7XSJupoNCzSpqk3RWOuU0zhffPBf22Ob8HGtvxVR4ySjPlvFXBIc1w2quxX5iP/y4WRzCgez/CgMXS45tjqRBGyfysceqjlUb6mgIrNgYolh6zSuX2DgiC2LazV+G0K8v6HKMhRr7RA/dverIl0nRjzfodYZqxBvkR0sQ/TIpwWUz+O1y2TEBeL/g1wf862mvJ+bJipa70E3Ctnvc14cHjbUg7xP+NNv6Ys5BLeuVrNtyka8xNdNn9KMAHzdWS6X8LeXSvY5nOp8HkZo+ut2HMUcwy7UgJOeKtN9I/54BEyKM8UxbS5zeTdwR1l0w5G/6rzUmEUtcXjqA7WtIe42jEq8QjgYE3SBqmauTk9X3NMOEq7paD+zDEhzUn0FOI08e//W+lFecrv5QiKDNRXoo32J7oIVQqBvp5zDg/Xwm1R3P+pSNs1Mh/NGUcq472v274Cpn1I07tNYZ5fw4j2XdxFXTvY3v/RES6300sLy+Ju3b7d75B09Qx7W9kUDw5rW8qk0qfUeVV2dMvRBRTl+fVJ+K+HbaGf2tzCNgWS+LS2d1ngDy2HMIuJ5svhcDgcDofD4XA4HA6Hw+FwOBwOh8Px/QF8B+pZzTnuPtCMAAAAAElFTkSuQmCC
+detaileddescription: >
+  ### Partner Contributed Integration
+
+  #### Integration Author: Code42
+
+  Support and maintenance for this integration are provided by the author. Please use the following contact details:
+
+  - **URL**: [https://support.code42.com/Administrator/Cloud/Monitoring_and_managing](https://support.code42.com/Administrator/Cloud/Monitoring_and_managing)
+
+  ***
+
+  ## Code42
+
+
+  Code42 provides simple, fast detection and response to everyday data loss from insider threats by focusing on customer data on endpoints and the cloud.
+
+
+  To configure this integration, you will need to create a local (non-SSO) user within the Code42 application with one of the following sets of roles:
+
+
+  * Customer Cloud Admin
+
+  * Security Center User + (Org Security Viewer or Cross Org Security Viewer)
+
+
+  After this user is set up, use the username and password to configure the Code42 integration.
diff --git a/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json b/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json
index a9fb242081d2..d33aea2ec4e3 100644
--- a/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json
+++ b/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json
@@ -1,478 +1,473 @@
 {
-    "typeId": "Code42 Security Alert",
-    "version": -1,
-    "TypeName": "Code42 Security Alert",
-    "kind": "details",
-    "fromVersion": "5.0.0",
-    "layout": {
-        "TypeName": "",
-        "id": "Code42 Security Alert",
-        "kind": "details",
-        "name": "",
-        "system": false,
-        "typeId": "Code42 Security Alert",
-        "version": -1,
-        "tabs": [
-            {
-                "id": "summary",
-                "name": "Legacy Summary",
-                "type": "summary"
-            },
-            {
-                "id": "caseinfoid",
-                "name": "Incident Info",
-                "sections": [
-                    {
-                        "displayType": "ROW",
-                        "h": 2,
-                        "i": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8",
-                        "isVisible": true,
-                        "items": [
+       "TypeName": "",
+       "id": "Code42 Security Alert",
+       "kind": "details",
+       "name": "",
+       "sortValues": null,
+       "system": false,
+       "tabs": [
+              {
+                     "id": "summary",
+                     "name": "Legacy Summary",
+                     "type": "summary"
+              },
+              {
+                     "id": "caseinfoid",
+                     "name": "Incident Info",
+                     "sections": [
                             {
-                                "endCol": 2,
-                                "fieldId": "type",
-                                "height": 22,
-                                "id": "incident-type-field",
-                                "index": 0,
-                                "sectionItemType": "field",
-                                "startCol": 0
+                                   "displayType": "ROW",
+                                   "h": 2,
+                                   "i": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8",
+                                   "isVisible": true,
+                                   "items": [
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "type",
+                                                 "height": 22,
+                                                 "id": "incident-type-field",
+                                                 "index": 0,
+                                                 "sectionItemType": "field",
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "severity",
+                                                 "height": 22,
+                                                 "id": "incident-severity-field",
+                                                 "index": 1,
+                                                 "sectionItemType": "field",
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "owner",
+                                                 "height": 22,
+                                                 "id": "incident-owner-field",
+                                                 "index": 2,
+                                                 "sectionItemType": "field",
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "dbotsource",
+                                                 "height": 22,
+                                                 "id": "incident-source-field",
+                                                 "index": 3,
+                                                 "sectionItemType": "field",
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "sourcebrand",
+                                                 "height": 22,
+                                                 "id": "incident-sourceBrand-field",
+                                                 "index": 5,
+                                                 "sectionItemType": "field",
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "sourceinstance",
+                                                 "height": 22,
+                                                 "id": "incident-sourceInstance-field",
+                                                 "index": 6,
+                                                 "sectionItemType": "field",
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "playbookid",
+                                                 "height": 22,
+                                                 "id": "incident-playbookId-field",
+                                                 "index": 7,
+                                                 "sectionItemType": "field",
+                                                 "startCol": 0
+                                          }
+                                   ],
+                                   "moved": false,
+                                   "name": "Case Details",
+                                   "static": false,
+                                   "w": 1,
+                                   "x": 0,
+                                   "y": 0
                             },
                             {
-                                "endCol": 2,
-                                "fieldId": "severity",
-                                "height": 22,
-                                "id": "incident-severity-field",
-                                "index": 1,
-                                "sectionItemType": "field",
-                                "startCol": 0
+                                   "h": 2,
+                                   "i": "caseinfoid-61263cc0-98b1-11e9-97d7-ed26ef9e46c8",
+                                   "moved": false,
+                                   "name": "Notes",
+                                   "static": false,
+                                   "type": "notes",
+                                   "w": 1,
+                                   "x": 2,
+                                   "y": 5
                             },
                             {
-                                "endCol": 2,
-                                "fieldId": "owner",
-                                "height": 22,
-                                "id": "incident-owner-field",
-                                "index": 2,
-                                "sectionItemType": "field",
-                                "startCol": 0
+                                   "displayType": "ROW",
+                                   "h": 2,
+                                   "i": "caseinfoid-6aabad20-98b1-11e9-97d7-ed26ef9e46c8",
+                                   "moved": false,
+                                   "name": "Work Plan",
+                                   "static": false,
+                                   "type": "workplan",
+                                   "w": 1,
+                                   "x": 2,
+                                   "y": 0
                             },
                             {
-                                "endCol": 2,
-                                "fieldId": "dbotsource",
-                                "height": 22,
-                                "id": "incident-source-field",
-                                "index": 3,
-                                "sectionItemType": "field",
-                                "startCol": 0
+                                   "displayType": "ROW",
+                                   "h": 2,
+                                   "i": "caseinfoid-770ec200-98b1-11e9-97d7-ed26ef9e46c8",
+                                   "isVisible": true,
+                                   "moved": false,
+                                   "name": "Linked Incidents",
+                                   "static": false,
+                                   "type": "linkedIncidents",
+                                   "w": 1,
+                                   "x": 0,
+                                   "y": 9
                             },
                             {
-                                "endCol": 2,
-                                "fieldId": "sourcebrand",
-                                "height": 22,
-                                "id": "incident-sourceBrand-field",
-                                "index": 5,
-                                "sectionItemType": "field",
-                                "startCol": 0
+                                   "displayType": "ROW",
+                                   "h": 2,
+                                   "i": "caseinfoid-842632c0-98b1-11e9-97d7-ed26ef9e46c8",
+                                   "moved": false,
+                                   "name": "Child Incidents",
+                                   "static": false,
+                                   "type": "childInv",
+                                   "w": 1,
+                                   "x": 1,
+                                   "y": 9
                             },
                             {
-                                "endCol": 2,
-                                "fieldId": "sourceinstance",
-                                "height": 22,
-                                "id": "incident-sourceInstance-field",
-                                "index": 6,
-                                "sectionItemType": "field",
-                                "startCol": 0
+                                   "displayType": "ROW",
+                                   "h": 2,
+                                   "hideName": false,
+                                   "i": "caseinfoid-7717e580-9bed-11e9-9a3f-8b4b2158e260",
+                                   "moved": false,
+                                   "name": "Team Members",
+                                   "static": false,
+                                   "type": "team",
+                                   "w": 1,
+                                   "x": 2,
+                                   "y": 9
                             },
                             {
-                                "endCol": 2,
-                                "fieldId": "playbookid",
-                                "height": 22,
-                                "id": "incident-playbookId-field",
-                                "index": 7,
-                                "sectionItemType": "field",
-                                "startCol": 0
-                            }
-                        ],
-                        "moved": false,
-                        "name": "Case Details",
-                        "static": false,
-                        "w": 1,
-                        "x": 0,
-                        "y": 0
-                    },
-                    {
-                        "h": 2,
-                        "i": "caseinfoid-61263cc0-98b1-11e9-97d7-ed26ef9e46c8",
-                        "moved": false,
-                        "name": "Notes",
-                        "static": false,
-                        "type": "notes",
-                        "w": 1,
-                        "x": 2,
-                        "y": 5
-                    },
-                    {
-                        "displayType": "ROW",
-                        "h": 2,
-                        "i": "caseinfoid-6aabad20-98b1-11e9-97d7-ed26ef9e46c8",
-                        "moved": false,
-                        "name": "Work Plan",
-                        "static": false,
-                        "type": "workplan",
-                        "w": 1,
-                        "x": 2,
-                        "y": 0
-                    },
-                    {
-                        "displayType": "ROW",
-                        "h": 2,
-                        "i": "caseinfoid-770ec200-98b1-11e9-97d7-ed26ef9e46c8",
-                        "isVisible": true,
-                        "moved": false,
-                        "name": "Linked Incidents",
-                        "static": false,
-                        "type": "linkedIncidents",
-                        "w": 1,
-                        "x": 0,
-                        "y": 9
-                    },
-                    {
-                        "displayType": "ROW",
-                        "h": 2,
-                        "i": "caseinfoid-842632c0-98b1-11e9-97d7-ed26ef9e46c8",
-                        "moved": false,
-                        "name": "Child Incidents",
-                        "static": false,
-                        "type": "childInv",
-                        "w": 1,
-                        "x": 1,
-                        "y": 9
-                    },
-                    {
-                        "displayType": "ROW",
-                        "h": 2,
-                        "hideName": false,
-                        "i": "caseinfoid-7717e580-9bed-11e9-9a3f-8b4b2158e260",
-                        "moved": false,
-                        "name": "Team Members",
-                        "static": false,
-                        "type": "team",
-                        "w": 1,
-                        "x": 2,
-                        "y": 9
-                    },
-                    {
-                        "displayType": "CARD",
-                        "h": 4,
-                        "i": "caseinfoid-ac32f620-a0b0-11e9-b27f-13ae1773d289",
-                        "items": [
-                            {
-                                "endCol": 1,
-                                "fieldId": "occurred",
-                                "height": 55,
-                                "id": "incident-occurred-field",
-                                "index": 1,
-                                "startCol": 0
-                            },
-                            {
-                                "endCol": 1,
-                                "fieldId": "dbotmodified",
-                                "height": 55,
-                                "id": "incident-modified-field",
-                                "index": 2,
-                                "startCol": 0
-                            },
-                            {
-                                "endCol": 2,
-                                "fieldId": "dbotduedate",
-                                "height": 55,
-                                "id": "incident-dueDate-field",
-                                "index": 3,
-                                "startCol": 0
-                            },
-                            {
-                                "endCol": 2,
-                                "fieldId": "dbotcreated",
-                                "height": 55,
-                                "id": "incident-created-field",
-                                "index": 1,
-                                "startCol": 1
-                            },
-                            {
-                                "endCol": 2,
-                                "fieldId": "dbotclosed",
-                                "height": 55,
-                                "id": "incident-closed-field",
-                                "index": 2,
-                                "startCol": 1
-                            }
-                        ],
-                        "moved": false,
-                        "name": "Timeline Information",
-                        "static": false,
-                        "w": 1,
-                        "x": 0,
-                        "y": 5
-                    },
-                    {
-                        "displayType": "ROW",
-                        "h": 2,
-                        "i": "caseinfoid-88e6bf70-a0b1-11e9-b27f-13ae1773d289",
-                        "isVisible": true,
-                        "items": [
-                            {
-                                "endCol": 2,
-                                "fieldId": "dbotclosed",
-                                "height": 24,
-                                "id": "incident-dbotClosed-field",
-                                "index": 0,
-                                "startCol": 0
-                            },
-                            {
-                                "endCol": 2,
-                                "fieldId": "closereason",
-                                "height": 24,
-                                "id": "incident-closeReason-field",
-                                "index": 1,
-                                "startCol": 0
-                            },
-                            {
-                                "endCol": 2,
-                                "fieldId": "closenotes",
-                                "height": 48,
-                                "id": "incident-closeNotes-field",
-                                "index": 2,
-                                "startCol": 0
-                            }
-                        ],
-                        "moved": false,
-                        "name": "Closing Information",
-                        "static": false,
-                        "w": 1,
-                        "x": 2,
-                        "y": 7
-                    },
-                    {
-                        "displayType": "CARD",
-                        "h": 4,
-                        "i": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289",
-                        "isVisible": true,
-                        "items": [
-                            {
-                                "dropEffect": "move",
-                                "endCol": 2,
-                                "fieldId": "name",
-                                "height": 55,
-                                "id": "f4316c20-598a-11ea-b904-997d555669cb",
-                                "index": 0,
-                                "listId": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289",
-                                "startCol": 0
-                            },
-                            {
-                                "endCol": 2,
-                                "fieldId": "details",
-                                "height": 110,
-                                "id": "incident-details-field",
-                                "index": 1,
-                                "startCol": 0
-                            },
-                            {
-                                "dropEffect": "move",
-                                "endCol": 2,
-                                "fieldId": "code42alerttype",
-                                "height": 55,
-                                "id": "66a7ca60-598b-11ea-b904-997d555669cb",
-                                "index": 2,
-                                "listId": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289",
-                                "startCol": 0
-                            },
-                            {
-                                "endCol": 2,
-                                "fieldId": "employeedisplayname",
-                                "height": 55,
-                                "id": "9e36d450-5984-11ea-b904-997d555669cb",
-                                "index": 3,
-                                "startCol": 0
-                            },
-                            {
-                                "endCol": 2,
-                                "fieldId": "employeeemail",
-                                "height": 55,
-                                "id": "a3608bb0-5984-11ea-b904-997d555669cb",
-                                "index": 4,
-                                "startCol": 0
-                            },
-                            {
-                                "endCol": 2,
-                                "fieldId": "employeemanageremail",
-                                "height": 55,
-                                "id": "a4bc7230-5984-11ea-b904-997d555669cb",
-                                "index": 5,
-                                "startCol": 0
-                            }
-                        ],
-                        "moved": false,
-                        "name": "Investigation Data",
-                        "static": false,
-                        "w": 1,
-                        "x": 1,
-                        "y": 5
-                    },
-                    {
-                        "displayType": "ROW",
-                        "h": 3,
-                        "hideName": false,
-                        "i": "caseinfoid-d0b3fb00-5985-11ea-b904-997d555669cb",
-                        "items": [
-                            {
-                                "endCol": 6,
-                                "fieldId": "code42fileevents",
-                                "height": 106,
-                                "id": "484a0170-b6ef-11ea-8e1b-f35e38fc5b4a",
-                                "index": 0,
-                                "sectionItemType": "field",
-                                "startCol": 0
-                            },
-                            {
-                                "dropEffect": "move",
-                                "endCol": 6,
-                                "fieldId": "exfiltratedfilelist",
-                                "height": 22,
-                                "id": "d857da20-5985-11ea-b904-997d555669cb",
-                                "index": 1,
-                                "listId": "caseinfoid-d0b3fb00-5985-11ea-b904-997d555669cb",
-                                "sectionItemType": "field",
-                                "startCol": 0
-                            }
-                        ],
-                        "maxW": 3,
-                        "minH": 1,
-                        "minW": 1,
-                        "moved": false,
-                        "name": "File Events",
-                        "static": false,
-                        "w": 3,
-                        "x": 0,
-                        "y": 2
-                    },
-                    {
-                        "displayType": "ROW",
-                        "h": 2,
-                        "hideName": false,
-                        "i": "caseinfoid-bcc9c440-b6ef-11ea-8e1b-f35e38fc5b4a",
-                        "items": [
-                            {
-                                "endCol": 2,
-                                "fieldId": "code42alertname",
-                                "height": 22,
-                                "id": "d3760eb0-b6ef-11ea-8e1b-f35e38fc5b4a",
-                                "index": 0,
-                                "sectionItemType": "field",
-                                "startCol": 0
-                            },
-                            {
-                                "endCol": 2,
-                                "fieldId": "code42username",
-                                "height": 22,
-                                "id": "e7d311f0-b6ef-11ea-8e1b-f35e38fc5b4a",
-                                "index": 1,
-                                "sectionItemType": "field",
-                                "startCol": 0
-                            },
-                            {
-                                "dropEffect": "move",
-                                "endCol": 2,
-                                "fieldId": "code42alerttype",
-                                "height": 22,
-                                "id": "dcb30460-b6ef-11ea-8e1b-f35e38fc5b4a",
-                                "index": 2,
-                                "listId": "caseinfoid-bcc9c440-b6ef-11ea-8e1b-f35e38fc5b4a",
-                                "sectionItemType": "field",
-                                "startCol": 0
-                            },
-                            {
-                                "endCol": 2,
-                                "fieldId": "code42alertdescription",
-                                "height": 22,
-                                "id": "d4ac1db0-b6ef-11ea-8e1b-f35e38fc5b4a",
-                                "index": 3,
-                                "sectionItemType": "field",
-                                "startCol": 0
+                                   "displayType": "CARD",
+                                   "h": 4,
+                                   "i": "caseinfoid-ac32f620-a0b0-11e9-b27f-13ae1773d289",
+                                   "items": [
+                                          {
+                                                 "endCol": 1,
+                                                 "fieldId": "occurred",
+                                                 "height": 55,
+                                                 "id": "incident-occurred-field",
+                                                 "index": 1,
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 1,
+                                                 "fieldId": "dbotmodified",
+                                                 "height": 55,
+                                                 "id": "incident-modified-field",
+                                                 "index": 2,
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "dbotduedate",
+                                                 "height": 55,
+                                                 "id": "incident-dueDate-field",
+                                                 "index": 3,
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "dbotcreated",
+                                                 "height": 55,
+                                                 "id": "incident-created-field",
+                                                 "index": 1,
+                                                 "startCol": 1
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "dbotclosed",
+                                                 "height": 55,
+                                                 "id": "incident-closed-field",
+                                                 "index": 2,
+                                                 "startCol": 1
+                                          }
+                                   ],
+                                   "moved": false,
+                                   "name": "Timeline Information",
+                                   "static": false,
+                                   "w": 1,
+                                   "x": 0,
+                                   "y": 5
                             },
                             {
-                                "endCol": 2,
-                                "fieldId": "code42alertstate",
-                                "height": 22,
-                                "id": "d8f1b6a0-b6ef-11ea-8e1b-f35e38fc5b4a",
-                                "index": 4,
-                                "sectionItemType": "field",
-                                "startCol": 0
+                                   "displayType": "ROW",
+                                   "h": 2,
+                                   "i": "caseinfoid-88e6bf70-a0b1-11e9-b27f-13ae1773d289",
+                                   "isVisible": true,
+                                   "items": [
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "dbotclosed",
+                                                 "height": 24,
+                                                 "id": "incident-dbotClosed-field",
+                                                 "index": 0,
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "closereason",
+                                                 "height": 24,
+                                                 "id": "incident-closeReason-field",
+                                                 "index": 1,
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "closenotes",
+                                                 "height": 48,
+                                                 "id": "incident-closeNotes-field",
+                                                 "index": 2,
+                                                 "startCol": 0
+                                          }
+                                   ],
+                                   "moved": false,
+                                   "name": "Closing Information",
+                                   "static": false,
+                                   "w": 1,
+                                   "x": 2,
+                                   "y": 7
                             },
                             {
-                                "endCol": 2,
-                                "fieldId": "code42alertid",
-                                "height": 22,
-                                "id": "d6de3ff0-b6ef-11ea-8e1b-f35e38fc5b4a",
-                                "index": 5,
-                                "sectionItemType": "field",
-                                "startCol": 0
+                                   "displayType": "CARD",
+                                   "h": 4,
+                                   "i": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289",
+                                   "isVisible": true,
+                                   "items": [
+                                          {
+                                                 "dropEffect": "move",
+                                                 "endCol": 2,
+                                                 "fieldId": "name",
+                                                 "height": 55,
+                                                 "id": "f4316c20-598a-11ea-b904-997d555669cb",
+                                                 "index": 0,
+                                                 "listId": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289",
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "details",
+                                                 "height": 110,
+                                                 "id": "incident-details-field",
+                                                 "index": 1,
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "dropEffect": "move",
+                                                 "endCol": 2,
+                                                 "fieldId": "code42alerttype",
+                                                 "height": 55,
+                                                 "id": "66a7ca60-598b-11ea-b904-997d555669cb",
+                                                 "index": 2,
+                                                 "listId": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289",
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "employeedisplayname",
+                                                 "height": 55,
+                                                 "id": "9e36d450-5984-11ea-b904-997d555669cb",
+                                                 "index": 3,
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "employeeemail",
+                                                 "height": 55,
+                                                 "id": "a3608bb0-5984-11ea-b904-997d555669cb",
+                                                 "index": 4,
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "employeemanageremail",
+                                                 "height": 55,
+                                                 "id": "a4bc7230-5984-11ea-b904-997d555669cb",
+                                                 "index": 5,
+                                                 "startCol": 0
+                                          }
+                                   ],
+                                   "moved": false,
+                                   "name": "Investigation Data",
+                                   "static": false,
+                                   "w": 1,
+                                   "x": 1,
+                                   "y": 5
                             },
                             {
-                                "endCol": 2,
-                                "fieldId": "code42alerttimestamp",
-                                "height": 22,
-                                "id": "dabdeb20-b6ef-11ea-8e1b-f35e38fc5b4a",
-                                "index": 6,
-                                "sectionItemType": "field",
-                                "startCol": 0
+                                   "displayType": "ROW",
+                                   "h": 3,
+                                   "hideName": false,
+                                   "i": "caseinfoid-d0b3fb00-5985-11ea-b904-997d555669cb",
+                                   "items": [
+                                          {
+                                                 "endCol": 6,
+                                                 "fieldId": "code42fileevents",
+                                                 "height": 106,
+                                                 "id": "484a0170-b6ef-11ea-8e1b-f35e38fc5b4a",
+                                                 "index": 0,
+                                                 "sectionItemType": "field",
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "dropEffect": "move",
+                                                 "endCol": 6,
+                                                 "fieldId": "exfiltratedfilelist",
+                                                 "height": 22,
+                                                 "id": "d857da20-5985-11ea-b904-997d555669cb",
+                                                 "index": 1,
+                                                 "listId": "caseinfoid-d0b3fb00-5985-11ea-b904-997d555669cb",
+                                                 "sectionItemType": "field",
+                                                 "startCol": 0
+                                          }
+                                   ],
+                                   "maxW": 3,
+                                   "minH": 1,
+                                   "minW": 1,
+                                   "moved": false,
+                                   "name": "File Events",
+                                   "static": false,
+                                   "w": 3,
+                                   "x": 0,
+                                   "y": 2
                             },
                             {
-                                "endCol": 2,
-                                "fieldId": "code42severity",
-                                "height": 22,
-                                "id": "e5bab940-b6ef-11ea-8e1b-f35e38fc5b4a",
-                                "index": 7,
-                                "sectionItemType": "field",
-                                "startCol": 0
+                                   "displayType": "ROW",
+                                   "h": 2,
+                                   "hideName": false,
+                                   "i": "caseinfoid-bcc9c440-b6ef-11ea-8e1b-f35e38fc5b4a",
+                                   "items": [
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "code42alertname",
+                                                 "height": 22,
+                                                 "id": "d3760eb0-b6ef-11ea-8e1b-f35e38fc5b4a",
+                                                 "index": 0,
+                                                 "sectionItemType": "field",
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "code42username",
+                                                 "height": 22,
+                                                 "id": "e7d311f0-b6ef-11ea-8e1b-f35e38fc5b4a",
+                                                 "index": 1,
+                                                 "sectionItemType": "field",
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "dropEffect": "move",
+                                                 "endCol": 2,
+                                                 "fieldId": "code42alerttype",
+                                                 "height": 22,
+                                                 "id": "dcb30460-b6ef-11ea-8e1b-f35e38fc5b4a",
+                                                 "index": 2,
+                                                 "listId": "caseinfoid-bcc9c440-b6ef-11ea-8e1b-f35e38fc5b4a",
+                                                 "sectionItemType": "field",
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "code42alertdescription",
+                                                 "height": 22,
+                                                 "id": "d4ac1db0-b6ef-11ea-8e1b-f35e38fc5b4a",
+                                                 "index": 3,
+                                                 "sectionItemType": "field",
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "code42alertstate",
+                                                 "height": 22,
+                                                 "id": "d8f1b6a0-b6ef-11ea-8e1b-f35e38fc5b4a",
+                                                 "index": 4,
+                                                 "sectionItemType": "field",
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "code42alertid",
+                                                 "height": 22,
+                                                 "id": "d6de3ff0-b6ef-11ea-8e1b-f35e38fc5b4a",
+                                                 "index": 5,
+                                                 "sectionItemType": "field",
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "code42alerttimestamp",
+                                                 "height": 22,
+                                                 "id": "dabdeb20-b6ef-11ea-8e1b-f35e38fc5b4a",
+                                                 "index": 6,
+                                                 "sectionItemType": "field",
+                                                 "startCol": 0
+                                          },
+                                          {
+                                                 "endCol": 2,
+                                                 "fieldId": "code42severity",
+                                                 "height": 22,
+                                                 "id": "e5bab940-b6ef-11ea-8e1b-f35e38fc5b4a",
+                                                 "index": 7,
+                                                 "sectionItemType": "field",
+                                                 "startCol": 0
+                                          }
+                                   ],
+                                   "maxW": 3,
+                                   "minH": 1,
+                                   "minW": 1,
+                                   "moved": false,
+                                   "name": "Code42 Alert Details",
+                                   "static": false,
+                                   "w": 1,
+                                   "x": 1,
+                                   "y": 0
                             }
-                        ],
-                        "maxW": 3,
-                        "minH": 1,
-                        "minW": 1,
-                        "moved": false,
-                        "name": "Code42 Alert Details",
-                        "static": false,
-                        "w": 1,
-                        "x": 1,
-                        "y": 0
-                    }
-                ],
-                "type": "custom"
-            },
-            {
-                "id": "warRoom",
-                "name": "War Room",
-                "type": "warRoom"
-            },
-            {
-                "id": "workPlan",
-                "name": "Work Plan",
-                "type": "workPlan"
-            },
-            {
-                "id": "evidenceBoard",
-                "name": "Evidence Board",
-                "type": "evidenceBoard"
-            },
-            {
-                "id": "relatedIncidents",
-                "name": "Related Incidents",
-                "type": "relatedIncidents"
-            },
-            {
-                "id": "canvas",
-                "name": "Canvas",
-                "type": "canvas"
-            }
-        ]
-    }
+                     ],
+                     "type": "custom"
+              },
+              {
+                     "id": "warRoom",
+                     "name": "War Room",
+                     "type": "warRoom"
+              },
+              {
+                     "id": "workPlan",
+                     "name": "Work Plan",
+                     "type": "workPlan"
+              },
+              {
+                     "id": "evidenceBoard",
+                     "name": "Evidence Board",
+                     "type": "evidenceBoard"
+              },
+              {
+                     "id": "relatedIncidents",
+                     "name": "Related Incidents",
+                     "type": "relatedIncidents"
+              },
+              {
+                     "id": "canvas",
+                     "name": "Canvas",
+                     "type": "canvas"
+              }
+       ],
+       "typeId": "Code42 Security Alert",
+       "fromVersion": "5.0.0",
+       "version": -1
 }
\ No newline at end of file
diff --git a/Packs/Code42/Playbooks/playbook-Code42_Exfiltration_Playbook.yml b/Packs/Code42/Playbooks/playbook-Code42_Exfiltration_Playbook.yml
index 9509d8b59e87..bfdc6561a1a0 100644
--- a/Packs/Code42/Playbooks/playbook-Code42_Exfiltration_Playbook.yml
+++ b/Packs/Code42/Playbooks/playbook-Code42_Exfiltration_Playbook.yml
@@ -4,57 +4,55 @@ name: Code42 Exfiltration Playbook
 description: The Code42 Exfiltration playbook acts on Code42 Security Alerts, retrieves
   file event data, and allows security teams to remediate file exfiltration events
   by revoking access rights to cloud files or containing endpoints.
-starttaskid: "0"
+starttaskid: '0'
 tasks:
-  "0":
-    id: "0"
-    taskid: 11508213-8fce-4682-8536-65ed426d2664
+  '0':
+    id: '0'
+    taskid: ab4c0d6a-996e-415c-8f44-8a76d279ca15
     type: start
     task:
-      id: 11508213-8fce-4682-8536-65ed426d2664
+      id: ab4c0d6a-996e-415c-8f44-8a76d279ca15
       version: -1
-      name: ""
+      name: ''
       iscommand: false
-      brand: ""
-      description: ""
+      brand: ''
+      description: ''
     nexttasks:
       '#none#':
-      - "1"
+      - '1'
     separatecontext: false
     view: |-
       {
         "position": {
           "x": 520,
-          "y": 50
+          "y": -90
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "1":
-    id: "1"
-    taskid: 77e2b71f-78fb-467e-8e87-416fd03967d7
+  '1':
+    id: '1'
+    taskid: e588a1bf-ad9e-4755-8e55-efba11ad1aff
     type: title
     task:
-      id: 77e2b71f-78fb-467e-8e87-416fd03967d7
+      id: e588a1bf-ad9e-4755-8e55-efba11ad1aff
       version: -1
       name: Start Remediation Timer
-      description: Starts a timer to track how long it takes to resolve the alert.
       type: title
       iscommand: false
-      brand: ""
+      brand: ''
+      description: ''
     nexttasks:
       '#none#':
-      - "25"
-      - "34"
+      - '24'
+      - '25'
     separatecontext: false
     view: |-
       {
         "position": {
           "x": 520,
-          "y": 195
+          "y": 75
         }
       }
     note: false
@@ -62,112 +60,104 @@ tasks:
     - fieldname: remediationsla
       action: start
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "5":
-    id: "5"
-    taskid: 64d02f6f-5a06-40f8-8552-c98b4b959286
+  '5':
+    id: '5'
+    taskid: e0da957a-46bb-44b9-8ea6-408e043cae88
     type: condition
     task:
-      id: 64d02f6f-5a06-40f8-8552-c98b4b959286
+      id: e0da957a-46bb-44b9-8ea6-408e043cae88
       version: -1
       name: Review Evidence for Malicious Behavior
-      description: Searches the related files for malicious behavior.
+      description: ''
       type: condition
       iscommand: false
-      brand: ""
+      brand: ''
     nexttasks:
       '#default#':
-      - "7"
+      - '7'
       Malicious:
-      - "6"
+      - '6'
     separatecontext: false
     view: |-
       {
         "position": {
           "x": 520,
-          "y": 515
+          "y": 465
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "6":
-    id: "6"
-    taskid: 617588ed-c8d8-4b5a-87ed-ed84204058fc
+  '6':
+    id: '6'
+    taskid: b6a7b214-a52b-48cc-8c0b-bc966c11ff90
     type: title
     task:
-      id: 617588ed-c8d8-4b5a-87ed-ed84204058fc
+      id: b6a7b214-a52b-48cc-8c0b-bc966c11ff90
       version: -1
       name: Malicious Behavior Determined
       type: title
       iscommand: false
-      brand: ""
-      description: ""
+      brand: ''
+      description: ''
     nexttasks:
       '#none#':
-      - "19"
-      - "22"
-      - "23"
+      - '19'
+      - '22'
+      - '23'
     separatecontext: false
     view: |-
       {
         "position": {
-          "x": 960,
-          "y": 690
+          "x": 1000,
+          "y": 670
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "7":
-    id: "7"
-    taskid: 7187278b-d996-465a-8c9a-3ad518285299
+  '7':
+    id: '7'
+    taskid: 2c7eb57c-ee9b-4059-8b73-34bdb9963ca0
     type: title
     task:
-      id: 7187278b-d996-465a-8c9a-3ad518285299
+      id: 2c7eb57c-ee9b-4059-8b73-34bdb9963ca0
       version: -1
       name: Benign Behavior Determined
       type: title
       iscommand: false
-      brand: ""
-      description: ""
+      brand: ''
+      description: ''
     nexttasks:
       '#none#':
-      - "9"
+      - '9'
     separatecontext: false
     view: |-
       {
         "position": {
           "x": 50,
-          "y": 1725
+          "y": 1900
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "8":
-    id: "8"
-    taskid: f37b26ac-38c5-40c6-800d-4cfc9692c1a8
+  '8':
+    id: '8'
+    taskid: b8a80acb-a2f7-4899-88e7-16382828b9b4
     type: regular
     task:
-      id: f37b26ac-38c5-40c6-800d-4cfc9692c1a8
+      id: b8a80acb-a2f7-4899-88e7-16382828b9b4
       version: -1
       name: Resolve Code42 Alert
-      script: Code42|||code42-alert-resolve
+      description: ''
+      script: '|||code42-alert-resolve'
       type: regular
       iscommand: true
-      brand: ""
-      description: ""
+      brand: ''
     nexttasks:
       '#none#':
-      - "26"
+      - '26'
     scriptarguments:
       id:
         simple: ${incident.labels.id}
@@ -175,36 +165,34 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 407.5,
-          "y": 2030
+          "x": 480,
+          "y": 2455
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "9":
-    id: "9"
-    taskid: 16012eb4-0937-44b0-833b-560ec34de44d
+  '9':
+    id: '9'
+    taskid: 1905e906-499f-4c14-8ec1-9c02eb6ef22a
     type: title
     task:
-      id: 16012eb4-0937-44b0-833b-560ec34de44d
+      id: 1905e906-499f-4c14-8ec1-9c02eb6ef22a
       version: -1
       name: Stop Remediation Timer
       type: title
       iscommand: false
-      brand: ""
-      description: ""
+      brand: ''
+      description: ''
     nexttasks:
       '#none#':
-      - "8"
+      - '8'
     separatecontext: false
     view: |-
       {
         "position": {
-          "x": 407.5,
-          "y": 1885
+          "x": 480,
+          "y": 2260
         }
       }
     note: false
@@ -212,49 +200,45 @@ tasks:
     - fieldname: remediationsla
       action: stop
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "10":
-    id: "10"
-    taskid: 51669a43-475a-44d1-81fe-20207c26598e
+  '10':
+    id: '10'
+    taskid: 2b0168b7-3d35-470d-8902-5517dc8e9164
     type: title
     task:
-      id: 51669a43-475a-44d1-81fe-20207c26598e
+      id: 2b0168b7-3d35-470d-8902-5517dc8e9164
       version: -1
       name: Done
       type: title
       iscommand: false
-      brand: ""
-      description: ""
+      brand: ''
+      description: ''
     separatecontext: false
     view: |-
       {
         "position": {
-          "x": 407.5,
-          "y": 2380
+          "x": 480,
+          "y": 2905
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "11":
-    id: "11"
-    taskid: d03df5b6-28c0-4df7-85ae-aa6b74d2b5dd
+  '11':
+    id: '11'
+    taskid: 99490d9a-6acf-41de-8d77-1266f5d63d7f
     type: regular
     task:
-      id: d03df5b6-28c0-4df7-85ae-aa6b74d2b5dd
+      id: 99490d9a-6acf-41de-8d77-1266f5d63d7f
       version: -1
       name: Locate CrowdStrike Host
+      description: ''
       script: CrowdstrikeFalcon|||cs-falcon-search-device
       type: regular
       iscommand: true
       brand: CrowdstrikeFalcon
-      description: ""
     nexttasks:
       '#none#':
-      - "31"
+      - '31'
     scriptarguments:
       filter: {}
       hostname:
@@ -273,34 +257,32 @@ tasks:
       {
         "position": {
           "x": 990,
-          "y": 1010
+          "y": 1195
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "19":
-    id: "19"
-    taskid: 434d094a-f26e-4e94-81df-fa5227beacf7
+  '19':
+    id: '19'
+    taskid: 9bfcad2c-62a7-4c59-8140-1e5ba45199bd
     type: condition
     task:
-      id: 434d094a-f26e-4e94-81df-fa5227beacf7
+      id: 9bfcad2c-62a7-4c59-8140-1e5ba45199bd
       version: -1
       name: Is Jira Enabled?
+      description: ''
       type: condition
       iscommand: false
-      brand: ""
-      description: ""
+      brand: ''
     nexttasks:
       '#default#':
-      - "30"
-      "yes":
-      - "21"
+      - '30'
+      'yes':
+      - '21'
     separatecontext: false
     conditions:
-    - label: "yes"
+    - label: 'yes'
       condition:
       - - operator: isExists
           left:
@@ -330,30 +312,28 @@ tasks:
       {
         "position": {
           "x": 295,
-          "y": 1360
+          "y": 1535
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "21":
-    id: "21"
-    taskid: e109fde4-4b66-4e1f-8734-fadd49886a5e
+  '21':
+    id: '21'
+    taskid: 47b1400e-6d83-483c-875f-7cac4b335481
     type: regular
     task:
-      id: e109fde4-4b66-4e1f-8734-fadd49886a5e
+      id: 47b1400e-6d83-483c-875f-7cac4b335481
       version: -1
       name: Create Jira Incident Ticket
+      description: ''
       script: jira-v2|||jira-create-issue
       type: regular
       iscommand: true
       brand: jira-v2
-      description: ""
     nexttasks:
       '#none#':
-      - "30"
+      - '30'
     scriptarguments:
       assignee: {}
       description: {}
@@ -376,35 +356,33 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 397.5,
-          "y": 1535
+          "x": 295,
+          "y": 1780
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "22":
-    id: "22"
-    taskid: f04b92f6-4e78-460e-8aab-6445d3c500c9
+  '22':
+    id: '22'
+    taskid: 86aaec3f-7f38-4d4d-800b-406ca59605bd
     type: condition
     task:
-      id: f04b92f6-4e78-460e-8aab-6445d3c500c9
+      id: 86aaec3f-7f38-4d4d-800b-406ca59605bd
       version: -1
       name: Can host be contained?
+      description: ''
       type: condition
       iscommand: false
-      brand: ""
-      description: ""
+      brand: ''
     nexttasks:
       '#default#':
-      - "30"
-      "yes":
-      - "11"
+      - '30'
+      'yes':
+      - '11'
     separatecontext: false
     conditions:
-    - label: "yes"
+    - label: 'yes'
       condition:
       - - operator: isExists
           left:
@@ -437,35 +415,33 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 960,
-          "y": 835
+          "x": 990,
+          "y": 810
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "23":
-    id: "23"
-    taskid: 278d6243-3d8c-4d31-8491-b6168ebffb99
+  '23':
+    id: '23'
+    taskid: ce5fa797-bd44-48ba-8ebe-62cbe6f986e5
     type: condition
     task:
-      id: 278d6243-3d8c-4d31-8491-b6168ebffb99
+      id: ce5fa797-bd44-48ba-8ebe-62cbe6f986e5
       version: -1
       name: Does Manager Email Exist?
+      description: ''
       type: condition
       iscommand: false
-      brand: ""
-      description: ""
+      brand: ''
     nexttasks:
       '#default#':
-      - "30"
-      "yes":
-      - "33"
+      - '30'
+      'yes':
+      - '33'
     separatecontext: false
     conditions:
-    - label: "yes"
+    - label: 'yes'
       condition:
       - - operator: isExists
           left:
@@ -475,31 +451,55 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 1420,
-          "y": 1185
+          "x": 1570,
+          "y": 1195
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "25":
-    id: "25"
-    taskid: eccca7ff-aaa7-4864-8345-fc65108a2230
+  '24':
+    id: '24'
+    taskid: 50db689b-2583-4a22-844c-868914c79e80
+    type: regular
+    task:
+      id: 50db689b-2583-4a22-844c-868914c79e80
+      version: -1
+      name: Retrieve File Contents
+      description: ''
+      type: regular
+      iscommand: false
+      brand: ''
+    nexttasks:
+      '#none#':
+      - '5'
+    separatecontext: false
+    view: |-
+      {
+        "position": {
+          "x": 310,
+          "y": 260
+        }
+      }
+    note: false
+    timertriggers: []
+    ignoreworker: false
+  '25':
+    id: '25'
+    taskid: 9bccb9d7-118b-4a63-8e1d-288a4fe993a2
     type: playbook
     task:
-      id: eccca7ff-aaa7-4864-8345-fc65108a2230
+      id: 9bccb9d7-118b-4a63-8e1d-288a4fe993a2
       version: -1
       name: Active Directory - Get User Manager Details
+      description: ''
       playbookName: Active Directory - Get User Manager Details
       type: playbook
       iscommand: false
-      brand: ""
-      description: ""
+      brand: ''
     nexttasks:
       '#none#':
-      - "5"
+      - '5'
     scriptarguments:
       UserEmail:
         simple: ${incident.employeeemail}
@@ -507,37 +507,34 @@ tasks:
     separatecontext: true
     loop:
       iscommand: false
-      exitCondition: ""
+      exitCondition: ''
       wait: 1
-      max: 0
     view: |-
       {
         "position": {
-          "x": 305,
-          "y": 340
+          "x": 735,
+          "y": 260
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "26":
-    id: "26"
-    taskid: 5db26724-aad0-4316-82f2-c2a6635d5200
+  '26':
+    id: '26'
+    taskid: 335b248d-7a04-4514-8890-57e3913dcdfa
     type: regular
     task:
-      id: 5db26724-aad0-4316-82f2-c2a6635d5200
+      id: 335b248d-7a04-4514-8890-57e3913dcdfa
       version: -1
       name: Close Incident
+      description: ''
       script: Builtin|||closeInvestigation
       type: regular
       iscommand: true
       brand: Builtin
-      description: ""
     nexttasks:
       '#none#':
-      - "10"
+      - '10'
     scriptarguments:
       assetid: {}
       closeNotes: {}
@@ -550,61 +547,57 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 407.5,
-          "y": 2205
+          "x": 480,
+          "y": 2680
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "27":
-    id: "27"
-    taskid: ab9f4c32-a0e4-41e9-8228-22724cecae76
+  '27':
+    id: '27'
+    taskid: 10331857-eb12-46fa-8f1d-6f6239d4ac61
     type: condition
     task:
-      id: ab9f4c32-a0e4-41e9-8228-22724cecae76
+      id: 10331857-eb12-46fa-8f1d-6f6239d4ac61
       version: -1
       name: Confirm Network Contain
+      description: ''
       type: condition
       iscommand: false
-      brand: ""
-      description: ""
+      brand: ''
     nexttasks:
       '#default#':
-      - "30"
-      "Yes":
-      - "32"
+      - '30'
+      'Yes':
+      - '32'
     separatecontext: false
     view: |-
       {
         "position": {
-          "x": 857.5,
-          "y": 1360
+          "x": 1115,
+          "y": 1580
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "29":
-    id: "29"
-    taskid: 136c085e-aa37-4bc5-807c-5b7ff981c140
+  '29':
+    id: '29'
+    taskid: 7387a45c-92d3-44ca-8f63-f66ec2b6ebaa
     type: regular
     task:
-      id: 136c085e-aa37-4bc5-807c-5b7ff981c140
+      id: 7387a45c-92d3-44ca-8f63-f66ec2b6ebaa
       version: -1
       name: Send email to manager
+      description: ''
       script: '|||send-mail'
       type: regular
       iscommand: true
-      brand: ""
-      description: ""
+      brand: ''
     nexttasks:
       '#none#':
-      - "30"
+      - '30'
     scriptarguments:
       additionalHeader: {}
       attachCIDs: {}
@@ -642,63 +635,59 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 1645,
-          "y": 1535
+          "x": 1570,
+          "y": 1805
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "30":
-    id: "30"
-    taskid: 877d11e9-c080-4db3-87ec-76bab3b69cd8
+  '30':
+    id: '30'
+    taskid: ea60127b-366c-4a94-85db-339b32ca66c5
     type: regular
     task:
-      id: 877d11e9-c080-4db3-87ec-76bab3b69cd8
+      id: ea60127b-366c-4a94-85db-339b32ca66c5
       version: -1
       name: Confirm Remediation Is Complete
+      description: ''
       type: regular
       iscommand: false
-      brand: ""
-      description: ""
+      brand: ''
     nexttasks:
       '#none#':
-      - "9"
+      - '9'
     separatecontext: false
     view: |-
       {
         "position": {
-          "x": 970,
-          "y": 1710
+          "x": 710,
+          "y": 2080
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "31":
-    id: "31"
-    taskid: 4f1b2a83-bf99-4f7b-8ac1-58fff1dd8e73
+  '31':
+    id: '31'
+    taskid: a7815436-cc18-4236-8833-318204036b2a
     type: condition
     task:
-      id: 4f1b2a83-bf99-4f7b-8ac1-58fff1dd8e73
+      id: a7815436-cc18-4236-8833-318204036b2a
       version: -1
       name: Determine if network contain should be bypassed based on host count
+      description: ''
       type: condition
       iscommand: false
-      brand: ""
-      description: ""
+      brand: ''
     nexttasks:
       '#default#':
-      - "27"
-      "yes":
-      - "30"
+      - '27'
+      'yes':
+      - '30'
     separatecontext: false
     conditions:
-    - label: "yes"
+    - label: 'yes'
       condition:
       - - operator: greaterThan
           left:
@@ -722,30 +711,28 @@ tasks:
       {
         "position": {
           "x": 990,
-          "y": 1185
+          "y": 1360
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "32":
-    id: "32"
-    taskid: d515a4bf-42b6-4aa4-89ea-33125635ca98
+  '32':
+    id: '32'
+    taskid: 9e908ce6-7623-4a06-865b-3725d5bab3e1
     type: regular
     task:
-      id: d515a4bf-42b6-4aa4-89ea-33125635ca98
+      id: 9e908ce6-7623-4a06-865b-3725d5bab3e1
       version: -1
       name: CrowdStrike Network Contain
+      description: ''
       script: '|||cs-falcon-contain-host'
       type: regular
       iscommand: true
-      brand: ""
-      description: ""
+      brand: ''
     nexttasks:
       '#none#':
-      - "30"
+      - '30'
     scriptarguments:
       ids:
         simple: ${CrowdStrike.Device.ID}
@@ -754,35 +741,33 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 970,
-          "y": 1535
+          "x": 1115,
+          "y": 1805
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "33":
-    id: "33"
-    taskid: 44c4cdc8-8740-456e-8559-3e3c35286d83
+  '33':
+    id: '33'
+    taskid: df73e338-6ae3-4d35-8d01-76e97fc62866
     type: condition
     task:
-      id: 44c4cdc8-8740-456e-8559-3e3c35286d83
+      id: df73e338-6ae3-4d35-8d01-76e97fc62866
       version: -1
       name: Is email integration enabled?
+      description: ''
       type: condition
       iscommand: false
-      brand: ""
-      description: ""
+      brand: ''
     nexttasks:
       '#default#':
-      - "30"
-      "yes":
-      - "29"
+      - '30'
+      'yes':
+      - '29'
     separatecontext: false
     conditions:
-    - label: "yes"
+    - label: 'yes'
       condition:
       - - operator: isExists
           left:
@@ -856,82 +841,22 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 1532.5,
+          "x": 1570,
           "y": 1360
         }
       }
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-  "34":
-    id: "34"
-    taskid: 8ef0e565-aa9b-4866-8cae-ec8dcc9a15c9
-    type: playbook
-    task:
-      id: 8ef0e565-aa9b-4866-8cae-ec8dcc9a15c9
-      version: -1
-      name: Code42 File Download
-      playbookName: Code42 File Download
-      type: playbook
-      iscommand: false
-      brand: ""
-      description: ""
-    nexttasks:
-      '#none#':
-      - "5"
-    scriptarguments:
-      MD5:
-        complex:
-          root: incident
-          accessor: code42fileevents
-          transformers:
-          - operator: uniq
-          - operator: getField
-            args:
-              field:
-                value:
-                  simple: md5checksum
-      SHA256:
-        complex:
-          root: incident
-          accessor: code42fileevents
-          transformers:
-          - operator: uniq
-          - operator: getField
-            args:
-              field:
-                value:
-                  simple: sha256checksum
-    separatecontext: true
-    loop:
-      iscommand: false
-      exitCondition: ""
-      wait: 1
-      max: 100
-    view: |-
-      {
-        "position": {
-          "x": 735,
-          "y": 340
-        }
-      }
-    note: false
-    timertriggers: []
-    ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-system: true
 view: |-
   {
     "linkLabelsPosition": {},
     "paper": {
       "dimensions": {
-        "height": 2395,
-        "width": 1975,
+        "height": 3060,
+        "width": 1900,
         "x": 50,
-        "y": 50
+        "y": -90
       }
     }
   }
@@ -941,32 +866,27 @@ inputs:
     simple: Security
   required: false
   description: Jira Project for created incident ticket
-  playbookInputQuery: null
 - key: JiraType
   value:
     simple: Investigation
   required: false
   description: Type of Jira ticket to create
-  playbookInputQuery: null
 - key: JiraSummary
   value:
     simple: Code42 Security Alert for Demisto Incident ${incident.id}
   required: false
   description: Summary to use with Jira ticket creation
-  playbookInputQuery: null
 - key: ContainHostsMax
   value:
-    simple: "2"
+    simple: '2'
   required: false
   description: Maximum number of network hosts to contain.
-  playbookInputQuery: null
 - key: DemistoInstanceURL
   value:
     simple: https://example.com/
   required: false
   description: URL of Demisto instance for emails.
-  playbookInputQuery: null
-fromversion: "5.0.0"
+outputs: []
+fromversion: 5.0.0
 tests:
 - No Test
-outputs: []
diff --git a/Packs/Code42/Playbooks/playbook-Code42_Exfiltration_Playbook_CHANGELOG.md b/Packs/Code42/Playbooks/playbook-Code42_Exfiltration_Playbook_CHANGELOG.md
index 82508df7afe5..a6efe385e6d7 100644
--- a/Packs/Code42/Playbooks/playbook-Code42_Exfiltration_Playbook_CHANGELOG.md
+++ b/Packs/Code42/Playbooks/playbook-Code42_Exfiltration_Playbook_CHANGELOG.md
@@ -1,5 +1,4 @@
 ## [Unreleased]
-Automated the manual step of retrieving file contents using the Code42 File Download playbook.
 
 
 ## [20.3.3] - 2020-03-18
diff --git a/Packs/Code42/Playbooks/playbook-Code42_File_Download.yml b/Packs/Code42/Playbooks/playbook-Code42_File_Download.yml
deleted file mode 100644
index e93c2e3fd235..000000000000
--- a/Packs/Code42/Playbooks/playbook-Code42_File_Download.yml
+++ /dev/null
@@ -1,300 +0,0 @@
-description: This playbook downloads a file via Code42 by either MD5 or SHA256 hash.
-id: Code42 File Download
-inputs:
-- description: MD5 hash to search for
-  key: MD5
-  playbookInputQuery:
-  required: false
-  value:
-    complex:
-      accessor: MD5
-      root: File
-      transformers:
-      - operator: uniq
-- description: SHA256 hash to search for
-  key: SHA256
-  playbookInputQuery:
-  required: false
-  value:
-    complex:
-      accessor: SHA256
-      root: File
-      transformers:
-      - operator: uniq
-name: Code42 File Download
-outputs: []
-sourceplaybookid: Code42 File Search
-starttaskid: "0"
-tasks:
-  "0":
-    id: "0"
-    ignoreworker: false
-    nexttasks:
-      '#none#':
-      - "1"
-    note: false
-    quietmode: 0
-    separatecontext: false
-    skipunavailable: false
-    task:
-      brand: ""
-      id: d045a003-2e7f-4f47-80c7-3882baf399b6
-      iscommand: false
-      name: ""
-      description: ""
-      version: -1
-    taskid: d045a003-2e7f-4f47-80c7-3882baf399b6
-    timertriggers: []
-    type: start
-    view: |-
-      {
-        "position": {
-          "x": 377.5,
-          "y": 50
-        }
-      }
-  "1":
-    conditions:
-    - condition:
-      - - left:
-            iscontext: true
-            value:
-              complex:
-                filters:
-                - - left:
-                      iscontext: true
-                      value:
-                        simple: brand
-                    operator: isEqualString
-                    right:
-                      value:
-                        simple: Code42
-                - - left:
-                      iscontext: true
-                      value:
-                        simple: state
-                    operator: isEqualString
-                    right:
-                      value:
-                        simple: active
-                root: modules
-          operator: isExists
-      label: "yes"
-    id: "1"
-    ignoreworker: false
-    nexttasks:
-      "yes":
-      - "3"
-    note: false
-    quietmode: 0
-    separatecontext: false
-    skipunavailable: false
-    task:
-      brand: ""
-      id: 746c1a4e-7084-45f1-86e6-e9764ffbbf5c
-      iscommand: false
-      name: Is Code42 Integration Active?
-      description: "Checks to see if a Code42 Integration is active."
-      type: condition
-      version: -1
-    taskid: 746c1a4e-7084-45f1-86e6-e9764ffbbf5c
-    timertriggers: []
-    type: condition
-    view: |-
-      {
-        "position": {
-          "x": 377.5,
-          "y": 195
-        }
-      }
-  "2":
-    conditions:
-    - condition:
-      - - left:
-            iscontext: true
-            value:
-              simple: inputs.SHA256
-          operator: isNotEmpty
-      label: "yes"
-    id: "2"
-    ignoreworker: false
-    nexttasks:
-      '#default#':
-      - "7"
-      "yes":
-      - "5"
-    note: false
-    quietmode: 0
-    separatecontext: false
-    skipunavailable: false
-    task:
-      brand: ""
-      id: 935cb1d6-e328-4a8e-888f-347c3b33ce11
-      iscommand: false
-      name: Does SHA256 Exist?
-      description: "Checks to see if a SHA256 hash exists in the inputs."
-      type: condition
-      version: -1
-    taskid: 935cb1d6-e328-4a8e-888f-347c3b33ce11
-    timertriggers: []
-    type: condition
-    view: |-
-      {
-        "position": {
-          "x": 592.5,
-          "y": 545
-        }
-      }
-  "3":
-    conditions:
-    - condition:
-      - - left:
-            iscontext: true
-            value:
-              simple: inputs.MD5
-          operator: isNotEmpty
-      label: "yes"
-    id: "3"
-    ignoreworker: false
-    nexttasks:
-      '#default#':
-      - "2"
-      "yes":
-      - "6"
-    note: false
-    quietmode: 0
-    separatecontext: false
-    skipunavailable: false
-    task:
-      brand: ""
-      id: 1d0dfb1f-6874-41e9-8593-fca2a96c58c4
-      iscommand: false
-      name: Does MD5 Exist?
-      description: "Checks to see if a MD5 hash exists in the inputs."
-      type: condition
-      version: -1
-    taskid: 1d0dfb1f-6874-41e9-8593-fca2a96c58c4
-    timertriggers: []
-    type: condition
-    view: |-
-      {
-        "position": {
-          "x": 377.5,
-          "y": 370
-        }
-      }
-  "5":
-    continueonerror: true
-    evidencedata:
-      customfields: {}
-      description:
-        simple: The file that caused the alert.
-    id: "5"
-    ignoreworker: false
-    nexttasks:
-      '#none#':
-      - "7"
-    note: false
-    quietmode: 0
-    scriptarguments:
-      hash:
-        simple: ${inputs.SHA256}
-    separatecontext: false
-    skipunavailable: false
-    task:
-      brand: Code42
-      description: Downloads a file from Code42 servers.
-      id: c83baa5d-207c-44de-868c-8b131dc0357b
-      iscommand: true
-      name: Code42 Download by SHA256
-      script: Code42|||code42-download-file
-      type: regular
-      version: -1
-    taskid: c83baa5d-207c-44de-868c-8b131dc0357b
-    timertriggers: []
-    type: regular
-    view: |-
-      {
-        "position": {
-          "x": 480,
-          "y": 720
-        }
-      }
-  "6":
-    continueonerror: true
-    evidencedata:
-      customfields: {}
-      description:
-        simple: The file that caused the alert.
-    id: "6"
-    ignoreworker: false
-    nexttasks:
-      '#none#':
-      - "7"
-    note: false
-    quietmode: 0
-    scriptarguments:
-      hash:
-        simple: ${inputs.MD5}
-    separatecontext: false
-    skipunavailable: false
-    task:
-      brand: Code42
-      description: Downloads a file from Code42 servers.
-      id: 687edce2-d09d-4ad1-845e-a3ed7b7b7d4a
-      iscommand: true
-      name: Code42 Download by MD5
-      script: Code42|||code42-download-file
-      type: regular
-      version: -1
-    taskid: 687edce2-d09d-4ad1-845e-a3ed7b7b7d4a
-    timertriggers: []
-    type: regular
-    view: |-
-      {
-        "position": {
-          "x": 50,
-          "y": 720
-        }
-      }
-  "7":
-    id: "7"
-    ignoreworker: false
-    note: false
-    quietmode: 0
-    separatecontext: false
-    skipunavailable: false
-    task:
-      brand: ""
-      id: 7f03d6ab-3bb8-4bd5-867b-fe853fa38684
-      iscommand: false
-      name: Complete
-      description: ""
-      type: title
-      version: -1
-    taskid: 7f03d6ab-3bb8-4bd5-867b-fe853fa38684
-    timertriggers: []
-    type: title
-    view: |-
-      {
-        "position": {
-          "x": 480,
-          "y": 895
-        }
-      }
-version: -1
-fromversion: 5.0.0
-tests:
-- No Test
-view: |-
-  {
-    "linkLabelsPosition": {},
-    "paper": {
-      "dimensions": {
-        "height": 910,
-        "width": 922.5,
-        "x": 50,
-        "y": 50
-      }
-    }
-  }
diff --git a/Packs/Code42/Playbooks/playbook-Code42_File_Download_CHANGELOG.md b/Packs/Code42/Playbooks/playbook-Code42_File_Download_CHANGELOG.md
deleted file mode 100644
index 044101fc496a..000000000000
--- a/Packs/Code42/Playbooks/playbook-Code42_File_Download_CHANGELOG.md
+++ /dev/null
@@ -1,2 +0,0 @@
-## [Unreleased]
-New playbook for downloading files by MD5 or SHA256 hash.
diff --git a/Packs/Code42/Playbooks/playbook-Code42_File_Download_README.md b/Packs/Code42/Playbooks/playbook-Code42_File_Download_README.md
deleted file mode 100644
index 2e6b6513046b..000000000000
--- a/Packs/Code42/Playbooks/playbook-Code42_File_Download_README.md
+++ /dev/null
@@ -1,79 +0,0 @@
-This playbook searches for files via Code42 security events by either MD5 or SHA256 hash. The data is output to the Code42.SecurityData context for use.
-
-## Dependencies
-This playbook uses the following sub-playbooks, integrations, and scripts.
-
-### Sub-playbooks
-This playbook does not use any sub-playbooks.
-
-### Integrations
-* Code42
-
-### Scripts
-This playbook does not use any scripts.
-
-### Commands
-* code42-securitydata-search
-* code42-download-file
-
-## Playbook Inputs
----
-
-| **Name** | **Description** | **Default Value** | **Required** |
-| --- | --- | --- | --- |
-| MD5 | MD5 hash to search for | File.MD5 | Optional |
-| SHA256 | SHA256 hash to search for | File.SHA256 | Optional |
-
-## Playbook Outputs
----
-
-| **Path** | **Description** | **Type** |
-| --- | --- | --- |
-| Code42.SecurityData | Returned File Results | unknown |
-| Code42.SecurityData.EventTimestamp | Timestamp for event | unknown |
-| Code42.SecurityData.FileCreated | File creation date | unknown |
-| Code42.SecurityData.EndpointID | Code42 device ID | unknown |
-| Code42.SecurityData.DeviceUsername | Username that device is associated with in Code42 | unknown |
-| Code42.SecurityData.EmailFrom | Sender email address for email exfiltration events | unknown |
-| Code42.SecurityData.EmailTo | Recipient emial address for email exfiltration events | unknown |
-| Code42.SecurityData.EmailSubject | Email subject line for email exfiltration events | unknown |
-| Code42.SecurityData.EventID | Security Data event ID | unknown |
-| Code42.SecurityData.EventType | Type of Security Data event | unknown |
-| Code42.SecurityData.FileCategory | Type of file as determined by Code42 engine | unknown |
-| Code42.SecurityData.FileOwner | Owner of file | unknown |
-| Code42.SecurityData.FileName | File name | unknown |
-| Code42.SecurityData.FilePath | Path to file | unknown |
-| Code42.SecurityData.FileSize | Size of file in bytes | unknown |
-| Code42.SecurityData.FileModified | File modification date | unknown |
-| Code42.SecurityData.FileMD5 | MD5 hash of file | unknown |
-| Code42.SecurityData.FileHostname | Hostname where file event was captured | unknown |
-| Code42.SecurityData.DevicePrivateIPAddress | Private IP addresses of device where event was captured | unknown |
-| Code42.SecurityData.DevicePublicIPAddress | Public IP address of device where event was captured | unknown |
-| Code42.SecurityData.RemovableMediaType | Type of removate media | unknown |
-| Code42.SecurityData.RemovableMediaCapacity | Total capacity of removable media in bytes | unknown |
-| Code42.SecurityData.RemovableMediaMediaName | Full name of removable media | unknown |
-| Code42.SecurityData.RemovableMediaName | Name of removable media | unknown |
-| Code42.SecurityData.RemovableMediaSerialNumber | Serial number for removable medial device | unknown |
-| Code42.SecurityData.RemovableMediaVendor | Vendor name for removable device | unknown |
-| Code42.SecurityData.FileSHA256 | SHA256 hash of file | unknown |
-| Code42.SecurityData.FileShared | Whether file is shared using cloud file service | unknown |
-| Code42.SecurityData.FileSharedWith | Accounts that file is shared with on cloud file service | unknown |
-| Code42.SecurityData.Source | Source of file event, Cloud or Endpoint | unknown |
-| Code42.SecurityData.ApplicationTabURL | URL associated with application read event | unknown |
-| Code42.SecurityData.ProcessName | Process name for application read event | unknown |
-| Code42.SecurityData.ProcessOwner | Process owner for application read event | unknown |
-| Code42.SecurityData.WindowTitle | Process name for application read event | unknown |
-| Code42.SecurityData.FileURL | URL of file on cloud file service | unknown |
-| Code42.SecurityData.Exposure | Exposure type for event | unknown |
-| Code42.SecurityData.SharingTypeAdded | Type of sharing added to file | unknown |
-| File | The file object. | unknown |
-| File.Name | File name | unknown |
-| File.Path | File path | unknown |
-| File.Size | File size in bytes | unknown |
-| File.MD5 | MD5 hash of file | unknown |
-| File.SHA256 | SHA256 hash of file | unknown |
-| File.Hostname | Hostname where file event was captured | unknown |
-
-## Playbook Image
----
-![Code42 Exfiltration Playbook](../Integrations/Code42/Code42_image.png)
\ No newline at end of file
diff --git a/Packs/Code42/Playbooks/playbook-Code42_File_Search.yml b/Packs/Code42/Playbooks/playbook-Code42_File_Search.yml
index e6a8b3bb6aa8..50f5c72dfe40 100644
--- a/Packs/Code42/Playbooks/playbook-Code42_File_Search.yml
+++ b/Packs/Code42/Playbooks/playbook-Code42_File_Search.yml
@@ -369,7 +369,7 @@ outputs:
 - contextPath: File.MD5
   description: MD5 hash of file
 - contextPath: File.SHA256
-  description: SHA256 hash of file
+  description: FSHA256 hash of file
 - contextPath: File.Hostname
   description: Hostname where file event was captured
 sourceplaybookid: Code42 File Search
diff --git a/Packs/Code42/Playbooks/playbook-Code42_File_Search_README.md b/Packs/Code42/Playbooks/playbook-Code42_File_Search_README.md
index ea136d3de4cd..4c7201673fe5 100644
--- a/Packs/Code42/Playbooks/playbook-Code42_File_Search_README.md
+++ b/Packs/Code42/Playbooks/playbook-Code42_File_Search_README.md
@@ -70,7 +70,7 @@ This playbook does not use any scripts.
 | File.Path | File path | unknown |
 | File.Size | File size in bytes | unknown |
 | File.MD5 | MD5 hash of file | unknown |
-| File.SHA256 | SHA256 hash of file | unknown |
+| File.SHA256 | FSHA256 hash of file | unknown |
 | File.Hostname | Hostname where file event was captured | unknown |
 
 ## Playbook Image
diff --git a/Packs/Code42/ReleaseNotes/2_0_0.md b/Packs/Code42/ReleaseNotes/2_0_0.md
deleted file mode 100644
index 8b2b76d3b58b..000000000000
--- a/Packs/Code42/ReleaseNotes/2_0_0.md
+++ /dev/null
@@ -1,36 +0,0 @@
-
-#### Integrations
-##### Code42
-- Internal code improvements.
-- Added new commands:
-    - **code42-departingemployee-get-all**
-    - **code42-highriskemployee-add**
-    - **code42-highriskemployee-remove**
-    - **code42-highriskemployee-get-all**
-    - **code42-highriskemployee-add-risk-tags**
-    - **code42-highriskemployee-remove-risk-tags**
-    - **code42-user-deactivate**
-    - **code42-user-reactivate**
-    - **code42-user-block**
-    - **code42-user-unblock**
-    - **code42-user-create**
-    - **code42-file-download**
-- Improve error messages for all Commands to include exception detail.
-- **Code42 Exfiltration Playbook** now downloads the file in replace of a manual step for retrieving file contents.
-- Added new IncidentFields
-    - **Code42 SecurityAlert Description**
-    - **Code42 SecurityAlert Name**
-    - **Code42 SecurityAlert Timestamp**
-    - **Code42 SecurityAlert State**
-    - **Code42 SecurityAlert ID**
-    - **Code42 Severity**
-    - **Code42 Username**
-- Updated **Code42 Security Alert** layout to include Code42 Alert Details.
-- Added new playbooks
-    - **Code42 Change Blocked Status**
-    - **Code42 Create User Playbook**
-    - **Code42 File Download**
-    - **Code42 Change User Activation**
-- Fixed bug in Fetch where errors occurred when `FileCategory` was set to include only one category.
-- Fixed bug in Fetch to handle new Code42 exposure type **Outside trusted domains**.
-- Improved Fetch to handle unsupported exposure types better.