Commands #2

antazoey · 2020-06-17T13:48:51Z

NEW COMMANDS

departing employee get all
high risk add
high risk remove
high risk add risk tags
high risk remove risk tags
high risk get all

alanag13 · 2020-06-17T14:43:19Z

Packs/Code42/Integrations/Code42/Code42.py

+        try:
+            user_id = self.get_user_id(username)
+            self._sdk.detectionlists.remove_user_risk_tags(user_id, risk_tags)
+        except Exception:


Is swallowing all exceptions an expected pattern? Do we have the capability to log info re: the exception somewhere instead of just silently failing?

alanag13 · 2020-06-17T14:45:18Z

Packs/Code42/Integrations/Code42/Code42.py

+
+            employee_tags = employee.get("riskFactors")
+            # If the employee risk tags contain all the given risk tags
+            if employee_tags and set(risk_tags) <= set(employee_tags):


would we only want employees with all the given risk tags to be returned, or would it make more sense to return employees with any of the given risk tags?

I'd vote all, it seems most intuitive.. "Give me employees with these risk factors" etc. That is also what Tony put in the story, but we can ask him what his thoughts are.

alanag13 · 2020-06-17T14:46:37Z

Packs/Code42/Integrations/Code42/Code42.py

+            employees,
+        )
+    else:
+        return_error(message="Could not get all Departing Employees")


could we move these error messages closer to where the request gets made an include the exception that is thrown there in the message detail?

From looking at the coding conventions, it seems kind of unnecessary to return None from the client. Not sure why it was designed like that. I'll fix it, I want those errors to propagate up to return_error, that's even how their example does it.

alanag13 · 2020-06-17T14:49:06Z

Packs/Code42/Integrations/Code42/Code42.py

+
+            employee_tags = employee.get("riskFactors")
+            # If the employee risk tags contain all the given risk tags
+            if employee_tags and set(risk_tags) <= set(employee_tags):


consider set(employee_tags).issubset(set(risk_tags))

antazoey · 2020-06-17T19:59:03Z

Packs/Code42/Integrations/Code42/Code42.yml

@@ -241,6 +241,17 @@ script:
      description: The severity of the alert.
      type: string
    description: Retrieve alert details by alert ID
+  - name: code42-alert-resolve


Just moved this by the other alert commands

antazoey · 2020-06-17T20:00:09Z

Packs/Code42/Integrations/Code42/README.md

@@ -10,435 +10,452 @@ Code42 provides simple, fast detection and response to everyday data loss from i



A lot this file was generated

kiran-chaudhary · 2020-06-19T04:22:11Z

Packs/Code42/Integrations/Code42/Code42.yml

+      description: The username of the High Risk Employee.
+      type: string
+    - contextPath: Code42.HighRiskEmployee.RiskTags
+      description: Risk tags to asspciate with the High Risk Employee.


alanag13 · 2020-06-19T20:09:44Z

LGTM besides the small spelling comment @kiran-chaudhary made, and a couple minor things I commented on earlier, but nothing blocking.

antazoey · 2020-06-22T12:47:06Z

I'm going to quicky look more into error handling

antazoey · 2020-06-22T13:46:11Z

I made some error handing improvements post your approval. No longer returning None from the client, just propagate errors up... I think I figured out why Nathan was doing that, so I accounted for certain other situations so that the error message is better. When there is no alert for a given ID, the error message now shows that. When there is no user with the given username, the error message now shows that. I considered putting in exception detail for when a user is already added to a detection list, but I'd prefer to wait until that it in py42 and then it'll occur automatically.

kiran-chaudhary · 2020-06-22T14:16:05Z

I made some error handing improvements post your approval. No longer returning None from the client, just propagate errors up... I think I figured out why Nathan was doing that, so I accounted for certain other situations so that the error message is better. When there is no alert for a given ID, the error message now shows that. When there is no user with the given username, the error message now shows that. I considered putting in exception detail for when a user is already added to a detection list, but I'd prefer to wait until that it in py42 and then it'll occur automatically.

No tests changes!? Do we need tests for additional try..except block.

antazoey · 2020-06-22T14:31:18Z

I made some error handing improvements post your approval. No longer returning None from the client, just propagate errors up... I think I figured out why Nathan was doing that, so I accounted for certain other situations so that the error message is better. When there is no alert for a given ID, the error message now shows that. When there is no user with the given username, the error message now shows that. I considered putting in exception detail for when a user is already added to a detection list, but I'd prefer to wait until that it in py42 and then it'll occur automatically.

No tests changes!? Do we need tests for additional try..except block.

There are test changes!

antazoey · 2020-06-22T14:32:21Z

I made some error handing improvements post your approval. No longer returning None from the client, just propagate errors up... I think I figured out why Nathan was doing that, so I accounted for certain other situations so that the error message is better. When there is no alert for a given ID, the error message now shows that. When there is no user with the given username, the error message now shows that. I considered putting in exception detail for when a user is already added to a detection list, but I'd prefer to wait until that it in py42 and then it'll occur automatically.

No tests changes!? Do we need tests for additional try..except block.

Git doesn't show some of those larger files until you click on them, that may be why you didn't see them

antazoey · 2020-06-22T14:35:09Z

Packs/Code42/Integrations/Code42/Code42_test.py

 """TESTS"""


+def test_client_when_no_alert_found_raises_exception(code42_sdk_mock):


@kiran-chaudhary

Oops. My bad :(

alanag13 · 2020-06-22T15:00:48Z

LGTM

* mock * vcontext * recursion * finish function * tests pass * fix * versioned int context, various fixes * lint * minor * remove if * update API * more API fixes... * more fixes * lint * update test pb * Refresh the context and delete mirror on close * fix * tests * remove ignore type * remove type ignores, fix log * fix regex * cr fixes #1 * cr fixes #2 * cr fixes #2 * python 2... * python 2... * python 2... * fix * fix * py3 tests * fix doc * CR fixes #3 * hint * fix rtype * fix python2 tests * ignore randint * lint * lint * delete workaround * Updated * lint

* mock * vcontext * recursion * finish function * tests pass * fix * versioned int context, various fixes * lint * minor * remove if * update API * more API fixes... * more fixes * lint * update test pb * Refresh the context and delete mirror on close * fix * tests * remove ignore type * remove type ignores, fix log * fix regex * cr fixes #1 * cr fixes #2 * cr fixes #2 * python 2... * python 2... * python 2... * fix * fix * py3 tests * fix doc * CR fixes #3 * hint * fix rtype * fix python2 tests * ignore randint * lint * lint * delete workaround * Updated * lint Co-authored-by: Alex Fiedler <[email protected]>

* Updated Docs * Added RNs * updated RN * updated known words * updated known words * updated Mandiant RNs * Updated CTIX .pack-ignore

* Update ZeroFox Integration (demisto#27969) * Add command to modify notes in a specific alert (#2) * Sort imports and add zerofox-submit-threat command * Add offending content url to alert responses * Add CTI feed lookup commands Adds commands for lookup into * compromised domains * compromised emails * malicious ips * hashes associated to malware * found exploits * Add commands to sync alerts from zf to xsoar * Add release notes and update integration version * Improve code presentation according to XSOARs guidelines * Improve code by replacing return_output for return_results, as well as adding client class * Add release notes and update integration version * Refactor to follow XSOAR Guidelines It also adds tests to the commands implemented. * Fix types in the integration file * Change data test's folder name * Update testing email data * Update docker tag, python type hints and docstrings - It fixes functions that modified dictionaries instead of creating copies. - It raises an error if command it is not implemented - It changes the fetch-incidents way to manage pages - It updates the release notes - It adds the author image * Add description in main Readme file * Fix zf api call * Fix list alerts call with offset instead of pages * Add integration instructions to get your creds --------- Co-authored-by: Diego Ramirez <[email protected]> * Updated test_data * Updated docker image * Update .pack-ignore * Fixed first_fetch and max_fetch parameters * Added support for old and new fetch incidents params * Changed back to old fetch parameters --------- Co-authored-by: Felipe Garrido <[email protected]> Co-authored-by: Diego Ramirez <[email protected]> Co-authored-by: Anas Yousef <[email protected]>

* [pre-commit ruff] Align the entire repo with ruff #2 * Add RN * Update the docker image

* [pre-commit MyPy] Align the entire repo with MyPy #2 * Add RN * Revert changes in 1.12.26 RN * Update the docker images

* add PAN-OS to xpanse MP and core (demisto#29826) * docker * RN * docker #2 --------- Co-authored-by: johnnywilkes <[email protected]> Co-authored-by: Yehuda <[email protected]>

* Update Group-IB TI APP PR from master branch (#29350) * test commit * remove bt link * Remove A in TI for yaml and md for indicator * back yaml to default * refactor yaml with cortex utils * refactor md and yaml for feed * remove bp/domain * replace git_leak with git_repository * Add new collection Fix issue with date for TI * remove changes outside the Packs * Update Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIB_TIA_Feed/test_data/example.json Co-authored-by: Mai Morag <[email protected]> * Update Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIB_TIA_Feed/test_data/example.json Co-authored-by: Mai Morag <[email protected]> * Update Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIBTIA/test_data/example.json Co-authored-by: Mai Morag <[email protected]> * Update Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIBTIA/test_data/example.json Co-authored-by: Mai Morag <[email protected]> * Update Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIBTIA/test_data/example.json Co-authored-by: Mai Morag <[email protected]> * update release notes * update logo * update logo * Revert "update release notes" This reverts commit fc93e44461b3085c156c42a96e3f5aaf8efbe0af. * revert microsocks * fix compromised account issue * adding RL * Update Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIBTIA/GroupIBTIA.py Co-authored-by: Mai Morag <[email protected]> * create release notes v1_3_12 * add test for compromised/account_group * refactor changes in playbook * fixed validation errors * adding pragma no cover * refactor RN * add urllib exception * fixing validation errors * adding pragma no cover * format * fix lint test errors * revert sentinel * revert changes to azure sentinel * fixing cloud machine ids processing (#29777) * fixing cloud machine ids processing * not exiting the installation script if we fail to install a pack. report an error but continue with the test playbook upload (#29759) Co-authored-by: kobymeir <[email protected]> * Microsoft DNS Parsing Rule Drop (#29765) * Updated ParsingRules * Updated ReleaseNotes * Updated ReleaseNotes * Updated ReleaseNotes * Updated pack_metadata * Updated pack_metadata * Updated pack_metadata * Updated README * Updated README * Updated README * [JoeSecurity] Pre-Commit (#29717) * [pre-commit ruff] Align the entire repo with ruff #2 (#29754) * [pre-commit ruff] Align the entire repo with ruff #2 * Add RN * Update the docker image * Don't checkout build files in pre-commit (#27900) * is file up to date pre-commit * Revert changes made by mistake --------- Co-authored-by: dorschw <[email protected]> Co-authored-by: Menachem Weinfeld <[email protected]> Co-authored-by: Menachem Weinfeld <[email protected]> * Fixes for 'NGFW Scan' and 'WildFire Malware' XSIAM playbooks (#29774) * Fixes for 'NGFW Scan' and 'WildFire Malware' XSIAM playbooks * RN * fixed RN and 'NGFW Scan playbook' * CiscoSMA- Added timeout parameter (#29372) * fix * add_tests * fix_test_description * fix_yml_add_readme * fixes - add timeout to the client * add timeout to yml * revert changes * Update CiscoSMA.py * Update CiscoSMA.py * CR review * add RN * fix CR review * update docker image * XSUP-27956/ Added EWS PS V3 Description (#29784) * updated the description * update rn * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> --------- Co-authored-by: ShirleyDenkberg <[email protected]> * Xsup 27738 DBotFindSimilarIncidents NoneType Error (#29701) * failed ut * fix * rn * pre-commit * pre commit * just the fix * fix description in yml * fix * docker * Update Packs/Base/ReleaseNotes/1_32_34.md Co-authored-by: Dan Tavori <[email protected]> * test * test * removed import --------- Co-authored-by: Dan Tavori <[email protected]> * Wiz v1 2 11 (#29719) * Wiz v1 2 11 (#29688) * remove redundant parenthesis * ../Packs/Wiz/Integrations/Wiz/Wiz.py * add Wiz user agent * rephrase release notes * update pack metadata json * rephrase release notes v2 * fix minor typos and update docker image * Bump Docker version --------- Co-authored-by: Ariel Tobiana <[email protected]> Co-authored-by: Michael Yochpaz <[email protected]> * [ASM] - Expander - Update ASM fields (4821) (#29702) * [ASM] - Expander - Update ASM fields (4821) (#29506) * Add missing comments to grid fields - Update descriptions of fields as needed. * Add release notes * Add descriptions to two fields - asmdevcheckdetails - asmenrichmentstatus * Update release notes. * Grammar updates. * Update release notes * Add mandatory or optional in comments * Update comments with mandatory * Update pack version and release notes * Add correct 1_6_33 release notes * fix rn * fix rn --------- Co-authored-by: John <[email protected]> Co-authored-by: ostolero <[email protected]> Co-authored-by: ostolero <[email protected]> * Wildfire-upload-url add poling timeout argument (#29790) * save adding timeout param * new docker image * added rn * fix ruff * ruff made me to do this fixes :( not related to my changes * Update Packs/Palo_Alto_Networks_WildFire/ReleaseNotes/2_1_35.md * poetry files (#29793) Co-authored-by: Content Bot <[email protected]> * Dra-cvss-color-fix (#29757) * Fixed a small issue when indicator had no custom fields * RN * docker bump * RN * Update CVECVSSColor.py * docker bump * RN * fixing typos in build scripts. (#29788) unremovable -> non-removable productname -> product_name testplaybook -> test_playbook changed some arg passing to use their full name: -gpidd -gpidp Co-authored-by: kobymeir <[email protected]> * mapping to standard stix values (#29785) * mapping to standard stix values * updated release notes * update docker * breaking json * add dot * Add the nightly_ruff file for run pre-commit with --all flag (#29684) * Add the nightly_ruff file for run pre-commit with --all flag * Add more rules; Add the error name * Add E501 * Add F601, F842, TID252 * XSUP-27528 (#29705) * add_tests * add_tests * add RN, fix tests, format yml * Update Packs/CommonScripts/ReleaseNotes/1_12_24.md Co-authored-by: Arad Carmi <[email protected]> * fix readme * Bump pack from version CommonScripts to 1.12.25. --------- Co-authored-by: Arad Carmi <[email protected]> Co-authored-by: Content Bot <[email protected]> * [Axonius Content Pack 1.2.0] Bumping Dockerfile (#29802) * [Axonius Content Pack 1.2.0] Bumping Dockerfile (#29625) * bumped docker version for axonius api client * docker image * remove the - --------- Co-authored-by: Yehuda <[email protected]> * format --------- Co-authored-by: Bryce Pedroza <[email protected]> Co-authored-by: Yehuda <[email protected]> * Updated native:8.4 image; Add auth-utils support (#29792) Co-authored-by: GuyAfik <[email protected]> * Fixed sc_task closing state (#29636) * Fixed sc_task closing state * Added release notes * Updated docker image * small fix * bumped dokcer * fixed rn --------- Co-authored-by: Shahaf Ben Yakir <[email protected]> Co-authored-by: sbenyakir <[email protected]> * Private Compliance Packs (#29664) * XSUP-27936 problem with regex (#29613) * failed test * fix * rn * rn * unit test * ut * validations * fixed test and docker * fix * validation * Prisma Cloud V2 Add "usernames" Argument (#29710) * add username arg * support list * update UT * update README * docker update * update TPB * Fortinet fortigate enhancement (#29655) * Updated the readme for proofpoint fortigate. * Modified the modeling rule. * Modified the modeling rule and the schema file. * Updated the release note. * Update Packs/FortiGate/README.md Co-authored-by: ShirleyDenkberg <[email protected]> * Updated the modeling rule. * Added tags to the readme. * removed ftntfgtmastersrcmac and ftntfgtmasterdstmac from the mapping. * updated the modeling rule and the schema file. * updated the modeling rule * updated the modeling rule --------- Co-authored-by: ShirleyDenkberg <[email protected]> * Add syslog example for War Room Actions (#29800) * Graph Security Update (#29797) * Updated MicrosoftGraphSecurity_schema * Updated ReleaseNotes * Updated ReleaseNotes * [Dataminr Pulse] Release 106 (#29805) * [Dataminr Pulse] Release 106 (#29693) * Changes related to release v1.0.6 * Changes related to release v1.0.6 * Fixing Release Note related issue --------- Co-authored-by: crestdatasystems <[email protected]> Co-authored-by: Michael Yochpaz <[email protected]> * Bump Docker version --------- Co-authored-by: Crest Data Systems <[email protected]> Co-authored-by: crestdatasystems <[email protected]> Co-authored-by: Michael Yochpaz <[email protected]> * [RecordedFuture] threat actor playbook update V2.5.1 (#29690) (#29807) * Update Threat actor search playbook. * Add release notes * Fix formatting * Change ExtractedIndicators to ExtractedIndicators\.File * Fix release notes --------- Co-authored-by: Yaroslav Nestor <[email protected]> Co-authored-by: Michael Yochpaz <[email protected]> * [JoeSecurity] show partial result in polling commands (#29715) * updating build docker image to latest devdemisto/gitlab-content-ci:1.0.0.64455 (#29761) * updating build docker image to latest devdemisto/gitlab-content-ci:1.0.0.64455 * Private Upload Mode - ThreatExchange v2 (#28249) * ThreatExchange integration * ThreatExchange updates * Added param to instance configuration * pre-commit * updated RN * RN test * CR updates * Removed Threat_Crowd * Update Packs/ThreatExchange/ReleaseNotes/2_0_12.md Co-authored-by: ShirleyDenkberg <[email protected]> * docker * format * skip tests since theres no instance * no testing instance --------- Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: Yehuda Rosenberg <[email protected]> Co-authored-by: Yehuda <[email protected]> * added plus 1 for each iteration in find destination (#29811) * added plus 1 for each iteration in find destination (#29760) * added plus 1 for each iteration in find destination * added release notes * Update Packs/Cisco-umbrella-cloud-security/ReleaseNotes/2_0_2.md Co-authored-by: ShirleyDenkberg <[email protected]> * updated docker image tag to latest * updated unit test for pagination functions * removed comments --------- Co-authored-by: ShirleyDenkberg <[email protected]> * Update 2_0_2.md --------- Co-authored-by: LiorQM <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: RotemAmit <[email protected]> * Mde list indicator filter (#29640) * Mde list indicator filter (#29338) * init indicator filter * release notes * latest docker image * updated docker image * minor fixes * reslove conflicts * resolve version conflicts * silence linter * format * docker * Apply suggestions from Shirley Co-authored-by: ShirleyDenkberg <[email protected]> * add period * change phrase * adding "is_mockable": false * docker * try change test playbook * empty line * docker * return the mock * Revert "return the mock" This reverts commit da9baeff5cadddf2cd125fb073c266c867f465a5. --------- Co-authored-by: ckaadic <[email protected]> Co-authored-by: Yehuda <[email protected]> Co-authored-by: Yehuda Rosenberg <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> * Audit Logs Endpoints Scripts Aligments for Xsoar-8 (#29781) * test * fix core api * ExportAuditLogsToFile - add support for xsoar-8 * add ExportAuditLogsToFile UTs * add forward audit logs uts * update ut * validation fixes * mypy * bump rns * update docker * update docker image * fix ut * format * Bump pack from version CommonScripts to 1.12.25. * Bump pack from version CommonScripts to 1.12.26. * cr * cr fixes * update * fix uts --------- Co-authored-by: Content Bot <[email protected]> * Add command prisma-cloud-compute-get-file-integrity-events (#29608) * Add command prisma-cloud-compute-get-file-integrity-events (#29187) * Add command prisma-cloud-compute-get-file-integrity-events * Incorporate changes from review comments. Add documentation and unit test. * Add missing lines to YML file (add description of new command) * Update docker image * Incorporate changes from demo * Update docker image * fix validation * fix validation --------- Co-authored-by: ostolero <[email protected]> Co-authored-by: ostolero <[email protected]> * Bump pack from version PrismaCloudCompute to 1.4.10. * [pre-commit ruff] Align the entire repo with ruff (#29603) * Fix falls of the ruff hook * pre-commit * Fix B003 ruff error * Fix ruff errors on Utils/update_playbook.py * remove code to trigger upload on dev branches (#29621) * [pre-commit pycln] Align the entire repo with pycln (#29611) * Fix falls of the pycln hook * pre-commit * Fix unit test * Add RN * Fix validate in GetDomainDNSDetails * fuff on GetDomainDNSDetails * ignore mypy error in test_content.py:350 * Fix falls of the autopep8 hook (#29638) * add marketplaces to metadata (#29629) * Fixing AWS Project Number in ASM Cloud (#29593) (#29642) Co-authored-by: Chait A <[email protected]> Co-authored-by: johnnywilkes <[email protected]> Co-authored-by: Michael Yochpaz <[email protected]> * [MS Teams] support reset_graph_auth (#29644) * fixed * pre-commit * update * Recordedfuture threathunting v2.5.0 (#29641) * Recordedfuture threathunting v2.5.0 (#29025) * Add commands related to Automated Threat hunting recordedfuture-threat-map recordedfuture-threat-links recordedfuture-detection-rules * Add recordedfuture-collective-insight command. Change app version. * Update README.md. Add release notes * Add playbook. Add unittests * Add unittests * Fix test_collective_insight_command * Remove incorrect release note * Add documentation for threat actor search playbook * update Recorded Future Threat actor search playbook. add release note about new playbook. * Update release notes, fix formatting * Format yml files * Update Recorded future threat actor search playbook * Update docker image * Fix linter --------- Co-authored-by: Michael Yochpaz <[email protected]> * Minor README fixes --------- Co-authored-by: Yaroslav Nestor <[email protected]> Co-authored-by: Michael Yochpaz <[email protected]> * [ASM] Expander 5777 (#29647) * [ASM] Expander 5777 (#29619) * first * RN * Bump pack from version CortexAttackSurfaceManagement to 1.6.36. --------- Co-authored-by: johnnywilkes <[email protected]> Co-authored-by: Content Bot <[email protected]> * XDR Malware Enrichment - hotfix for usernames (split) (#29585) * Updated playbook with hotfix where we split usernames from domains and append them to the username list of usernames for account enrichment * Added RN * remove irrelevant test * Updated RN * Bump pack from version CortexXDR to 5.1.6. * Update Packs/CortexXDR/ReleaseNotes/5_1_6.md Co-authored-by: ShirleyDenkberg <[email protected]> --------- Co-authored-by: Content Bot <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> * Update Docker Image To demisto/pyjwt3 (#29656) * Updated Metadata Of Pack Silverfort * Added release notes to pack Silverfort * Packs/Silverfort/Integrations/Silverfort/Silverfort.yml Docker image update * Update Docker Image To demisto/trustar (#29660) * Updated Metadata Of Pack TruSTAR * Added release notes to pack TruSTAR * Update Docker Image To demisto/keeper-ksm (#29661) * Updated Metadata Of Pack KeeperSecretsManager * Added release notes to pack KeeperSecretsManager * Packs/KeeperSecretsManager/Integrations/KeeperSecretsManager/KeeperSecretsManager.yml Docker image update * Update Docker Image To demisto/py3-tools (#29654) * Updated Metadata Of Pack Intezer * Added release notes to pack Intezer * Packs/Intezer/Integrations/IntezerV2/IntezerV2.yml Docker image update * Updated Metadata Of Pack FeedMalwareBazaar * Added release notes to pack FeedMalwareBazaar * Packs/FeedMalwareBazaar/Integrations/MalwareBazaarFeed/MalwareBazaarFeed.yml Docker image update * Updated Metadata Of Pack FeedGCPWhitelist * Added release notes to pack FeedGCPWhitelist * Packs/FeedGCPWhitelist/Integrations/FeedGoogleIPRanges/FeedGoogleIPRanges.yml Docker image update * Updated Metadata Of Pack AccentureCTI_Feed * Added release notes to pack AccentureCTI_Feed * Packs/AccentureCTI_Feed/Integrations/ACTIIndicatorFeed/ACTIIndicatorFeed.yml Docker image update * Fix DS108 --------- Co-authored-by: sberman <[email protected]> * Update Docker Image To demisto/taxii-server (#29659) * Updated Metadata Of Pack CybleThreatIntel * Added release notes to pack CybleThreatIntel * Packs/CybleThreatIntel/Integrations/CybleThreatIntel/CybleThreatIntel.yml Docker image update * Fix DS108 --------- Co-authored-by: sberman <[email protected]> * Update Docker Image To demisto/datadog-api-client (#29662) * Updated Metadata Of Pack DatadogCloudSIEM * Added release notes to pack DatadogCloudSIEM * Packs/DatadogCloudSIEM/Integrations/DatadogCloudSIEM/DatadogCloudSIEM.yml Docker image update * Fix DS108 --------- Co-authored-by: sberman <[email protected]> * Add reliability parameter to cves and pipl integration (#28703) * commiting PrismaCloudCompute * release notes added * changed couldcompute, CVESearchV2, pipl * added pack metadata * fixed pipl readme * reverting changes in CVESearch since it was deprecated * removed redundant * committing pre commit changes * added known words * added known words * fixed lint error * changed according to review * updated docker version in PrismaCloudCompute * changed according to doc review * Added condition for not receiving new incidents in the test playbook * updating release notes * reverting fetch changes * fixed playbook * formatted playbook * new validation, new run * new validation, new run * Bump pack from version PrismaCloudCompute to 1.4.10. * update the docker image --------- Co-authored-by: Content Bot <[email protected]> * Proofpoint email security pack: update description (#29651) * update description * Updated the schema file. * Updated the schema file. --------- Co-authored-by: Yehonatan Asta <[email protected]> * Jira v2 deprecated (#29649) * Deprecate to jira v2 * update RN * update conf.json file * add task to the Create Jira Issue playbook that check if jira v3 is enable * add image.png of the playbook * update the playbook (yml, readme, image) and RN * Update Docker Image To demisto/python3 (#29652) * Updated Metadata Of Pack PANOSPolicyOptimizer * Added release notes to pack PANOSPolicyOptimizer * Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml Docker image update * Updated Metadata Of Pack VMwareWorkspaceONEUEM * Added release notes to pack VMwareWorkspaceONEUEM * Packs/VMwareWorkspaceONEUEM/Integrations/VMwareWorkspaceONEUEM/VMwareWorkspaceONEUEM.yml Docker image update * Updated Metadata Of Pack CiscoSMA * Added release notes to pack CiscoSMA * Packs/CiscoSMA/Integrations/CiscoSMA/CiscoSMA.yml Docker image update * Updated Metadata Of Pack FeedThreatConnect * Added release notes to pack FeedThreatConnect * Packs/FeedThreatConnect/Integrations/FeedThreatConnect/FeedThreatConnect.yml Docker image update * Updated Metadata Of Pack BitSight * Added release notes to pack BitSight * Packs/BitSight/Integrations/BitSightForSecurityPerformanceManagement/BitSightForSecurityPerformanceManagement.yml Docker image update * Updated Metadata Of Pack AWS-ILM * Added release notes to pack AWS-ILM * Packs/AWS-ILM/Integrations/AWSILM/AWSILM.yml Docker image update * Updated Metadata Of Pack CiscoWSA * Added release notes to pack CiscoWSA * Packs/CiscoWSA/Integrations/CiscoWSAV2/CiscoWSAV2.yml Docker image update * Updated Metadata Of Pack SysAid * Added release notes to pack SysAid * Packs/SysAid/Integrations/SysAid/SysAid.yml Docker image update * Updated Metadata Of Pack ManageEngine_PAM360 * Added release notes to pack ManageEngine_PAM360 * Packs/ManageEngine_PAM360/Integrations/ManageEnginePAM360/ManageEnginePAM360.yml Docker image update * Updated Metadata Of Pack CiscoUmbrellaReporting * Added release notes to pack CiscoUmbrellaReporting * Packs/CiscoUmbrellaReporting/Integrations/CiscoUmbrellaReporting/CiscoUmbrellaReporting.yml Docker image update * Fix DS108 --------- Co-authored-by: sberman <[email protected]> * XSUP-27717/FortiSIEM (#29458) * add tests * add RN,fix,logs * Update 2_0_21.md * add period * add a name to incident * fixes CR * update docker image * delete logs * CR fixes * Update 2_0_21.md * Update FortiSIEMV2.py * reverting the Docker image (#29607) * reverting the Docker image * Update Packs/cyberark_AIM/ReleaseNotes/1_0_14.md --------- Co-authored-by: Dan Tavori <[email protected]> * [Marketplace Contribution] Roksit DNS Security Integration - Sarp (#29663) * [Marketplace Contribution] Roksit DNS Security Integration - Sarp (#29314) * "pack contribution initial commit" * Update RoksitDNSSecurityIntegrationSarp.py * Update RoksitDNSSecurityIntegrationSarp.py * Yehuda's version * test module * readme * new logo * Update RoksitDNSSecurityIntegrationSarp.yml * Apply suggestions from code review * Update RoksitDNSSecurityIntegrationSarp_description.md * Update pack_metadata.json * Update README.md * Update pack_metadata.json * Update pack_metadata.json * Update Packs/RoksitDNSSecurityIntegration-Sarp/pack_metadata.json * fixes * change name * folder name * file names * version * rename sub folder * remove (DNSSense) from the integration name * rename folder * docker * replace image * fix image name --------- Co-authored-by: asimsarpkurt <[email protected]> Co-authored-by: Yehuda <[email protected]> Co-authored-by: Yehuda Rosenberg <[email protected]> * rename image --------- Co-authored-by: xsoar-bot <[email protected]> Co-authored-by: asimsarpkurt <[email protected]> Co-authored-by: Yehuda <[email protected]> Co-authored-by: Yehuda Rosenberg <[email protected]> * add unstuck fetch stream command (#29646) * add unstuck fetch stream command * added RN * fixes * add note * cr fixes * fix conflicts * reverts * [pre-commit pycln] Align the entire repo with pycln #4 (#29665) * Fix pycln errors * Update the docker images * Run demisto-sdk pre-commit * Remove unnecessary recommendations from extensions.json (#29605) * update extensions.json * Update devcontainer.json * Update recommendations list * Zscaler-FW-Logs (#29094) * Zscaler FW Logs Modeling Rules * Zscaler FW logs Modeling Rules * Updated README * Updated ZscalerModelingRule_1_3 * Changed cs5 field name to cat * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * Updated README * Updated ModelingRules and Schema * Updated ModelingRules and schema * Updated ModelingRules * Updated ModelingRules --------- Co-authored-by: Eido Epstain <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> * PANOS - EXPANDR-5744 (#29223) (#29686) * playbook updates * RN, Readme, screenshot * Apply suggestions from code review * update RN * bump ver * more descriptive task * bump ver --------- Co-authored-by: johnnywilkes <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> * Audit alert fields fix (#29685) * Add associated types to systemAssociatedTypes * Add associated types to systemAssociatedTypes * fix incident field structure * RN * Workday documentation fix (#29681) * readme * readme * rn * rn * [Marketplace Contribution] Active Directory Query - Content Pack Update (#28633) * [Marketplace Contribution] Active Directory Query - Content Pack Update (#27822) * "contribution update to pack "Active Directory Query"" * revert changes * rl * remove files * removed from rl * Update pack_metadata.json * Create 1_6_19.md * Update 1_6_18.md * Update 1_6_19.md * Delete 1_6_19.md * Update 1_6_18.md * Update pack_metadata.json * Update Active_Directory_Query.yml removed duplicate section and type * pass SERVER_IP as argument to test_credentials function * Create 1_7_0.md * Update pack_metadata.json * Update README.md with ad-test-credentials info * Update Active_Directory_Query.yml * removed duplicate `type: 8` from ntlm * removed duplicate types from integration settings * removed duplicate description from ad-enable-account * Update Active_Directory_Query.yml * Update Active_Directory_Query.yml * Update Active_Directory_Query.yml * removing not relevant release note * adding function * update fucntion * cr note * adding NTLM_AUTH option * Update Active_Directory_Query.py * Update Packs/Active_Directory_Query/Integrations/Active_Directory_Query/Active_Directory_Query.py Co-authored-by: dorschw <[email protected]> * cr notes * update after merging from master * reverting a change in olr rl * added test_test_credentials unit test function * fix unit test * fixing unit tests * fix unit test * fixed lint errors * Update Active_Directory_Query_test.py * empty commit * fix yml and docker file * revert changes in send email manager * fix yml * fix * fix validation error * fixing in129 --------- Co-authored-by: maimorag <[email protected]> Co-authored-by: Randy Baldwin <[email protected]> Co-authored-by: Mai Morag <[email protected]> Co-authored-by: dorschw <[email protected]> * cr notes * Bump pack from version Active_Directory_Query to 1.6.21. * fix yml changes * cr notes * lint fixes * fix test * docker update * Update Packs/Active_Directory_Query/Integrations/Active_Directory_Query/README.md Co-authored-by: dorschw <[email protected]> * fix delete required * Apply suggestions from code review * fix test * docker update * rl * empty commit * docker update * empty commit * empty commit * merge from master * empty commit check * revert changes * Delete Packs/cyberark_AIM/Integrations/CyberArkAIM_v2/integration-CyberArkAIM_v2.yml * docker downgrade * rl * trying new docker image * validate errors fix * revert docker version * [DS108] - Description must end with a period (".") - fix * empty commit check * empty commit check --------- Co-authored-by: xsoar-bot <[email protected]> Co-authored-by: maimorag <[email protected]> Co-authored-by: Randy Baldwin <[email protected]> Co-authored-by: Mai Morag <[email protected]> Co-authored-by: dorschw <[email protected]> Co-authored-by: Content Bot <[email protected]> * Big query bug xsup 28132 (#29680) * bug fix * rn * rn * Apply suggestions from code review Co-authored-by: Dan Tavori <[email protected]> * format * pre commit --------- Co-authored-by: Dan Tavori <[email protected]> * New Prisma Cloud v2 commands (#29323) * resource list command * limit results * user roles list command * pre commit * users list command * edit remediation commands * UTs * update README * update RN * pre commit fixes * edit test playbook * CR changes * Demo changes - remediate 406 raises error new args for resource_list & user_roles * fix test * Apply suggestions from doc review Co-authored-by: ShirleyDenkberg <[email protected]> * fix test playbook * Tomer's changes --------- Co-authored-by: ShirleyDenkberg <[email protected]> * Prisma Cloud Update (#29666) * Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes * Updated ModelingRules * Updated ModelingRules * Updated ModelingRules * Bump pack from version PrismaCloud to 4.2.4. --------- Co-authored-by: Content Bot <[email protected]> * Rapid7 appsec (#29134) (#29687) * Revert "Add space to conf" This reverts commit 3a74b931d31ae2b33e0e4570c7df7d06c668e9c8. * Updated the packs category to *Authentication & Identity Management* (part 2) (#24876) * Update Docker Image To demisto/fastapi (#24923) * Updated Metadata Of Pack CyberArkIdentity * Added release notes to pack CyberArkIdentity * Packs/CyberArkIdentity/Integrations/CyberArkIdentityEventCollector/CyberArkIdentityEventCollector.yml Docker image update * Update Docker Image To demisto/lxml (#24924) * Updated Metadata Of Pack TaniumThreatResponse * Added release notes to pack TaniumThreatResponse * Packs/TaniumThreatResponse/Integrations/TaniumThreatResponseV2/TaniumThreatResponseV2.yml Docker image update * Update Docker Image To demisto/crypto (#24922) * Updated Metadata Of Pack X509Certificate * Added release notes to pack X509Certificate * Packs/X509Certificate/Scripts/CertificateExtract/CertificateExtract.yml Docker image update * Update Docker Image To demisto/python3 (#24921) * Updated Metadata Of Pack Cybereason * Added release notes to pack Cybereason * Packs/Cybereason/Integrations/Cybereason/Cybereason.yml Docker image update * Updated Metadata Of Pack DNSDB * Added release notes to pack DNSDB * Packs/DNSDB/Integrations/DNSDB_v2/DNSDB_v2.yml Docker image update * Updated Metadata Of Pack DeepInstinct * Added release notes to pack DeepInstinct * Packs/DeepInstinct/Integrations/DeepInstinct3x/DeepInstinct3x.yml Docker image update * Updated Metadata Of Pack FeedCyrenThreatInDepth * Added release notes to pack FeedCyrenThreatInDepth * Packs/FeedCyrenThreatInDepth/Integrations/CyrenThreatInDepth/CyrenThreatInDepth.yml Docker image update * Updated Metadata Of Pack IronDefense * Added release notes to pack IronDefense * Packs/IronDefense/Integrations/IronDefense/IronDefense.yml Docker image update * Updated Metadata Of Pack Qintel * Added release notes to pack Qintel * Packs/Qintel/Integrations/QintelPMI/QintelPMI.yml Docker image update * Packs/Qintel/Integrations/QintelQSentry/QintelQSentry.yml Docker image update * Packs/Qintel/Integrations/QintelQWatch/QintelQWatch.yml Docker image update * Updated Metadata Of Pack QualysFIM * Added release notes to pack QualysFIM * Packs/QualysFIM/Integrations/QualysFIM/QualysFIM.yml Docker image update * Updated Metadata Of Pack QutteraWebsiteMalwareScanner * Added release notes to pack QutteraWebsiteMalwareScanner * Packs/QutteraWebsiteMalwareScanner/Integrations/QutteraWebsiteMalwareScanner/QutteraWebsiteMalwareScanner.yml Docker image update * Fixed mypy + validation --------- * NGINXApiModule: fix logging typo (#24878) * fix logging typo * bump dependent packs --------- * Downgrade docker to fix banner issue (#24905) * Downgrade docker to fix banner issue * Fix docs * Add UT to prevent Docker bump * Fix yml validation * Adding vulnerability commands * Fixing pagination page index * Updating PR comments and Scan commands * Updating ID in test data. * Updating integration * Updating integration * Updating fromversion * Updating linters * Updating linters * Updating git pre-commit * Updating docstring * Updating the handling of request when limit * Removing get_pagination_params * Updating integration * Updating git-pre commit * Updating integration * Updating integration * Updating unit test * Updating docker image * Updating integration * Updating README version. * Updating secrets * Updating integration * Updating integration * Updating integration * Updating docstrings * Updating doc-review comments. * Updating doc-review comments. * Updating description --------- Co-authored-by: ‪Ron Hadad‬‏ <[email protected]> Co-authored-by: TalGumi <[email protected]> Co-authored-by: Mai Morag <[email protected]> Co-authored-by: sberman <[email protected]> Co-authored-by: Guy Lichtman <[email protected]> Co-authored-by: glicht <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> * Panos add param (#29672) * added param job_polling_max_num_attempts * Added rn * Added missing param type Fixed unit tests * added to readme * fixed readme * Update Packs/PAN-OS/Integrations/Panorama/Panorama.yml Co-authored-by: Guy Afik <[email protected]> * fixed text and namings * Bump pack from version PAN-OS to 2.1.8. --------- Co-authored-by: Guy Afik <[email protected]> Co-authored-by: Content Bot <[email protected]> * Fix proxy usage (#85) (#29630) * Fix proxy usage (#85) (#29181) * Fix proxy usage (#85) * Fix proxy usage in ZF client * Fix variable USE_SSL to verify requests * Remove proxy object from client Given that the proxy works by default with env vars, the proxy object is not necessary * Update version and add release notes * Fix call to modified alerts (#86) * Fix call to modified alerts * Update docker image * Fix tests associated with get modified data * change rn * fix validation --------- Co-authored-by: Felipe Garrido <[email protected]> Co-authored-by: ostolero <[email protected]> Co-authored-by: ostolero <[email protected]> * Missing dependencies when installing packs (#28989) * search and install packs --------- Co-authored-by: kobymeir <[email protected]> * Deprecate Picus Community (#29573) * Merge branch 'master' into github_workflow_partner # Conflicts: # Utils/github_workflow_scripts/utils.py * Merge branch 'master' into github_workflow_partner # Conflicts: # Utils/github_workflow_scripts/utils.py * Picus NG display name * Picus update * Picus update * Picus update * Picus update * Picus update * Picus update * Picus update * Picus update --------- Co-authored-by: RotemAmit <[email protected]> * [ASM] - Expander - GCP Hierarchy field - 4376 (#29696) (#29704) * Add assethierarchy field to GCP ASM playbook * Add release notes * Update field json Co-authored-by: John <[email protected]> * fix merge * update rn * remove access code * fix conflicts * update docker * fix validation --------- Co-authored-by: Ali Sawyer <[email protected]> Co-authored-by: ostolero <[email protected]> Co-authored-by: ostolero <[email protected]> Co-authored-by: Content Bot <[email protected]> Co-authored-by: Menachem Weinfeld <[email protected]> Co-authored-by: omerKarkKatz <[email protected]> Co-authored-by: Yaakov Praisler <[email protected]> Co-authored-by: Chait A <[email protected]> Co-authored-by: johnnywilkes <[email protected]> Co-authored-by: Michael Yochpaz <[email protected]> Co-authored-by: michal-dagan <[email protected]> Co-authored-by: Yaroslav Nestor <[email protected]> Co-authored-by: Ido van Dijk <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: sberman <[email protected]> Co-authored-by: DinaMeylakh <[email protected]> Co-authored-by: ilaner <[email protected]> Co-authored-by: Yehonatan Asta <[email protected]> Co-authored-by: israelpoli <[email protected]> Co-authored-by: sapir shuker <[email protected]> Co-authored-by: Mai Morag <[email protected]> Co-authored-by: Dan Tavori <[email protected]> Co-authored-by: xsoar-bot <[email protected]> Co-authored-by: asimsarpkurt <[email protected]> Co-authored-by: Yehuda <[email protected]> Co-authored-by: Yehuda Rosenberg <[email protected]> Co-authored-by: Yuval Hayun <[email protected]> Co-authored-by: samuelFain <[email protected]> Co-authored-by: nkanon <[email protected]> Co-authored-by: Eido Epstain <[email protected]> Co-authored-by: Tomer Haimof <[email protected]> Co-authored-by: EyalPintzov <[email protected]> Co-authored-by: maimorag <[email protected]> Co-authored-by: Randy Baldwin <[email protected]> Co-authored-by: dorschw <[email protected]> Co-authored-by: Adi Bamberger Edri <[email protected]> Co-authored-by: eepstain <[email protected]> Co-authored-by: ‪Ron Hadad‬‏ <[email protected]> Co-authored-by: TalGumi <[email protected]> Co-authored-by: Guy Lichtman <[email protected]> Co-authored-by: glicht <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: Shahaf Ben Yakir <[email protected]> Co-authored-by: Guy Afik <[email protected]> Co-authored-by: Felipe Garrido <[email protected]> Co-authored-by: Koby Meir <[email protected]> Co-authored-by: kobymeir <[email protected]> Co-authored-by: Edi Katsenelson <[email protected]> Co-authored-by: RotemAmit <[email protected]> Co-authored-by: John <[email protected]> * [Marketplace Contribution] Okta - Content Pack Update (#29650) * [Marketplace Contribution] Okta - Content Pack Update (#29303) * "contribution update to pack "Okta"" * minor fixes * add outputs and readme * add outputs description * update docker * change outputs --------- Co-authored-by: ostolero <[email protected]> Co-authored-by: ostolero <[email protected]> * Fixing AWS Project Number in ASM Cloud (#29593) (#29642) Co-authored-by: Chait A <[email protected]> Co-authored-by: johnnywilkes <[email protected]> Co-authored-by: Michael Yochpaz <[email protected]> * [MS Teams] support reset_graph_auth (#29644) * fixed * pre-commit * update * Recordedfuture threathunting v2.5.0 (#29641) * Recordedfuture threathunting v2.5.0 (#29025) * Add commands related to Automated Threat hunting recordedfuture-threat-map recordedfuture-threat-links recordedfuture-detection-rules * Add recordedfuture-collective-insight command. Change app version. * Update README.md. Add release notes * Add playbook. Add unittests * Add unittests * Fix test_collective_insight_command * Remove incorrect release note * Add documentation for threat actor search playbook * update Recorded Future Threat actor search playbook. add release note about new playbook. * Update release notes, fix formatting * Format yml files * Update Recorded future threat actor search playbook * Update docker image * Fix linter --------- Co-authored-by: Michael Yochpaz <[email protected]> * Minor README fixes --------- Co-authored-by: Yaroslav Nestor <[email protected]> Co-authored-by: Michael Yochpaz <[email protected]> * [ASM] Expander 5777 (#29647) * [ASM] Expander 5777 (#29619) * first * RN * Bump pack from version CortexAttackSurfaceManagement to 1.6.36. --------- Co-authored-by: johnnywilkes <[email protected]> Co-authored-by: Content Bot <[email protected]> * XDR Malware Enrichment - hotfix for usernames (split) (#29585) * Updated playbook with hotfix where we split usernames from domains and append them to the username list of usernames for account enrichment * Added RN * remove irrelevant test * Updated RN * Bump pack from version CortexXDR to 5.1.6. * Update Packs/CortexXDR/ReleaseNotes/5_1_6.md Co-authored-by: ShirleyDenkberg <[email protected]> --------- Co-authored-by: Content Bot <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> * Update Docker Image To demisto/pyjwt3 (#29656) * Updated Metadata Of Pack Silverfort * Added release notes to pack Silverfort * Packs/Silverfort/Integrations/Silverfort/Silverfort.yml Docker image update * Update Docker Image To demisto/trustar (#29660) * Updated Metadata Of Pack TruSTAR * Added release notes to pack TruSTAR * Update Docker Image To demisto/keeper-ksm (#29661) * Updated Metadata Of Pack KeeperSecretsManager * Added release notes to pack KeeperSecretsManager * Packs/KeeperSecretsManager/Integrations/KeeperSecretsManager/KeeperSecretsManager.yml Docker image update * Update Docker Image To demisto/py3-tools (#29654) * Updated Metadata Of Pack Intezer * Added release notes to pack Intezer * Packs/Intezer/Integrations/IntezerV2/IntezerV2.yml Docker image update * Updated Metadata Of Pack FeedMalwareBazaar * Added release notes to pack FeedMalwareBazaar * Packs/FeedMalwareBazaar/Integrations/MalwareBazaarFeed/MalwareBazaarFeed.yml Docker image update * Updated Metadata Of Pack FeedGCPWhitelist * Added release notes to pack FeedGCPWhitelist * Packs/FeedGCPWhitelist/Integrations/FeedGoogleIPRanges/FeedGoogleIPRanges.yml Docker image update * Updated Metadata Of Pack AccentureCTI_Feed * Added release notes to pack AccentureCTI_Feed * Packs/AccentureCTI_Feed/Integrations/ACTIIndicatorFeed/ACTIIndicatorFeed.yml Docker image update * Fix DS108 --------- Co-authored-by: sberman <[email protected]> * Update Docker Image To demisto/taxii-server (#29659) * Updated Metadata Of Pack CybleThreatIntel * Added release notes to pack CybleThreatIntel * Packs/CybleThreatIntel/Integrations/CybleThreatIntel/CybleThreatIntel.yml Docker image update * Fix DS108 --------- Co-authored-by: sberman <[email protected]> * Update Docker Image To demisto/datadog-api-client (#29662) * Updated Metadata Of Pack DatadogCloudSIEM * Added release notes to pack DatadogCloudSIEM * Packs/DatadogCloudSIEM/Integrations/DatadogCloudSIEM/DatadogCloudSIEM.yml Docker image update * Fix DS108 --------- Co-authored-by: sberman <[email protected]> * Add reliability parameter to cves and pipl integration (#28703) * commiting PrismaCloudCompute * release notes added * changed couldcompute, CVESearchV2, pipl * added pack metadata * fixed pipl readme * reverting changes in CVESearch since it was deprecated * removed redundant * committing pre commit changes * added known words * added known words * fixed lint error * changed according to review * updated docker version in PrismaCloudCompute * changed according to doc review * Added condition for not receiving new incidents in the test playbook * updating release notes * reverting fetch changes * fixed playbook * formatted playbook * new validation, new run * new validation, new run * Bump pack from version PrismaCloudCompute to 1.4.10. * update the docker image --------- Co-authored-by: Content Bot <[email protected]> * Proofpoint email security pack: update description (#29651) * update description * Updated the schema file. * Updated the schema file. --------- Co-authored-by: Yehonatan Asta <[email protected]> * Jira v2 deprecated (#29649) * Deprecate to jira v2 * update RN * update conf.json file * add task to the Create Jira Issue playbook that check if jira v3 is enable * add image.png of the playbook * update the playbook (yml, readme, image) and RN * Update Docker Image To demisto/python3 (#29652) * Updated Metadata Of Pack PANOSPolicyOptimizer * Added release notes to pack PANOSPolicyOptimizer * Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml Docker image update * Updated Metadata Of Pack VMwareWorkspaceONEUEM * Added release notes to pack VMwareWorkspaceONEUEM * Packs/VMwareWorkspaceONEUEM/Integrations/VMwareWorkspaceONEUEM/VMwareWorkspaceONEUEM.yml Docker image update * Updated Metadata Of Pack CiscoSMA * Added release notes to pack CiscoSMA * Packs/CiscoSMA/Integrations/CiscoSMA/CiscoSMA.yml Docker image update * Updated Metadata Of Pack FeedThreatConnect * Added release notes to pack FeedThreatConnect * Packs/FeedThreatConnect/Integrations/FeedThreatConnect/FeedThreatConnect.yml Docker image update * Updated Metadata Of Pack BitSight * Added release notes to pack BitSight * Packs/BitSight/Integrations/BitSightForSecurityPerformanceManagement/BitSightForSecurityPerformanceManagement.yml Docker image update * Updated Metadata Of Pack AWS-ILM * Added release notes to pack AWS-ILM * Packs/AWS-ILM/Integrations/AWSILM/AWSILM.yml Docker image update * Updated Metadata Of Pack CiscoWSA * Added release notes to pack CiscoWSA * Packs/CiscoWSA/Integrations/CiscoWSAV2/CiscoWSAV2.yml Docker image update * Updated Metadata Of Pack SysAid * Added release notes to pack SysAid * Packs/SysAid/Integrations/SysAid/SysAid.yml Docker image update * Updated Metadata Of Pack ManageEngine_PAM360 * Added release notes to pack ManageEngine_PAM360 * Packs/ManageEngine_PAM360/Integrations/ManageEnginePAM360/ManageEnginePAM360.yml Docker image update * Updated Metadata Of Pack CiscoUmbrellaReporting * Added release notes to pack CiscoUmbrellaReporting * Packs/CiscoUmbrellaReporting/Integrations/CiscoUmbrellaReporting/CiscoUmbrellaReporting.yml Docker image update * Fix DS108 --------- Co-authored-by: sberman <[email protected]> * XSUP-27717/FortiSIEM (#29458) * add tests * add RN,fix,logs * Update 2_0_21.md * add period * add a name to incident * fixes CR * update docker image * delete logs * CR fixes * Update 2_0_21.md * Update FortiSIEMV2.py * reverting the Docker image (#29607) * reverting the Docker image * Update Packs/cyberark_AIM/ReleaseNotes/1_0_14.md --------- Co-authored-by: Dan Tavori <[email protected]> * [Marketplace Contribution] Roksit DNS Security Integration - Sarp (#29663) * [Marketplace Contribution] Roksit DNS Security Integration - Sarp (#29314) * "pack contribution initial commit" * Update RoksitDNSSecurityIntegrationSarp.py * Update RoksitDNSSecurityIntegrationSarp.py * Yehuda's version * test module * readme * new logo * Update RoksitDNSSecurityIntegrationSarp.yml * Apply suggestions from code review * Update RoksitDNSSecurityIntegrationSarp_description.md * Update pack_metadata.json * Update README.md * Update pack_metadata.json * Update pack_metadata.json * Update Packs/RoksitDNSSecurityIntegration-Sarp/pack_metadata.json * fixes * change name * folder name * file names * version * rename sub folder * remove (DNSSense) from the integration name * rename folder * docker * replace image * fix image name --------- Co-authored-by: asimsarpkurt <[email protected]> Co-authored-by: Yehuda <[email protected]> Co-authored-by: Yehuda Rosenberg <[email protected]> * rename image --------- Co-authored-by: xsoar-bot <[email protected]> Co-authored-by: asimsarpkurt <[email protected]> Co-authored-by: Yehuda <[email protected]> Co-authored-by: Yehuda Rosenberg <[email protected]> * add unstuck fetch stream command (#29646) * add unstuck fetch stream command * added RN * fixes * add note * cr fixes * fix conflicts * reverts * [pre-commit pycln] Align the entire repo with pycln #4 (#29665) * Fix pycln errors * Update the docker images * Run demisto-sdk pre-commit * update docker --------- Co-authored-by: xsoar-bot <[email protected]> Co-authored-by: ostolero <[email protected]> Co-authored-by: ostolero <[email protected]> Co-authored-by: Chait A <[email protected]> Co-authored-by: johnnywilkes <[email protected]> Co-authored-by: Michael Yochpaz <[email protected]> Co-authored-by: michal-dagan <[email protected]> Co-authored-by: Yaroslav Nestor <[email protected]> Co-authored-by: Content Bot <[email protected]> Co-authored-by: Ido van Dijk <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: sberman <[email protected]> Co-authored-by: DinaMeylakh <[email protected]> Co-authored-by: ilaner <[email protected]> Co-authored-by: Yehonatan Asta <[email protected]> Co-authored-by: israelpoli <[email protected]> Co-authored-by: sapir shuker <[email protected]> Co-authored-by: Mai Morag <[email protected]> Co-authored-by: Dan Tavori <[email protected]> Co-authored-by: asimsarpkurt <[email protected]> Co-authored-by: Yehuda <[email protected]> Co-authored-by: Yehuda Rosenberg <[email protected]> Co-authored-by: Yuval Hayun <[email protected]> Co-authored-by: Menachem Weinfeld <[email protected]> * If-Elif Transformer (#27763) * IfElif init * minor changes * parse single strings not json * fixed regex * fixed json bug * removed context * created eval blacklist * added json KW to eval * Update bucket-upload.yml * added ast for parsing * use hash for context grab * added value arg * quick * added unit-tests * added README.md * added RN * added flags arg; use dt for context grabbing * fixed context grabbing * added regex support * finished readme * finished readme 2 * added variables arg * changed vars to upper * changed to class * prefixed variable bug * some tests * finished unit-tests * completed tests * finished docs * finished docs in yml * new design for 'value' * unit-tests complete * docs part 1 * docs complete * added if-elif TPB * fixed TPB * fixed mypy error * fixed mypy error * fixed injection issue; added + op * name changes * added injection test in TPB * CR changes * error for unknown variables * reformat 'from_context' func * resolve conflicts * demo changes * demo changes part 2 * bug fix * updated docker * added list_compare flag * added error catcher for comp funcs * readme update; textArea for conditions * resolve conflicts * resolve conflicts * updated docker * name changes * fixed unit-tests * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * added missing flag to readme * CR changes * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * name changes * added suppres_error behaviuor to docs * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * updated docker --------- Co-authored-by: ShirleyDenkberg <[email protected]> * revert removal of release notes generator (#29828) * revert * validations * rn * search_and_install_packs.py - less strict when installing packs during nightly. should be reverted in (#29806) Co-authored-by: kobymeir <[email protected]> * exit on error alignment.fixing echo message when exiting the uninstallation script. (#29821) * exit on error alignment. fixing echo message when exiting the uninstallation script. * installing specific poetry version (#29812) * installing specific poetry version - moving the logic to bootstrap * Cs falcon detections revert (#29833) * Revert "Cs falcon fetch limit issue (#29411)" This reverts commit f7b7d5c6 * Revert "Cs limit in idp detections (#29550)" This reverts commit 47738d56 * Added rn * Added rn * SQL Alchemy 2.x.x (#29436) * MySQL and Postgress works * MSSQL, My SQL and postgres works with bind_variables from the second form * resolve conflicts * fix CR's comments * pre commit * parsing the results * Add UT * same name and right docker * RN * sourcery * another docker image * revert docker image * Update Packs/GenericSQL/ReleaseNotes/1_0_25.md Co-authored-by: dorschw <[email protected]> * Update Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py Co-authored-by: dorschw <[email protected]> * Update Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py Co-authored-by: dorschw <[email protected]> * Update Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py Co-authored-by: dorschw <[email protected]> * fix variable name * constants * mapping instead of conditions * unskip Oracle TPB * resolve conflicts * resolve conflicts * Constants * Update Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py Co-authored-by: dorschw <[email protected]> * CR fixes * Update Packs/GenericSQL/ReleaseNotes/1_1_0.md Co-authored-by: dorschw <[email protected]> * add commit after executing a query * fix UT * remove autocommit true from MSSQL * fix UT * autocommit for MSSQL, commit for the others * commit for the others DBs, since in MSSQL is automatically * docker image --------- Co-authored-by: dorschw <[email protected]> * Generic playbooks fixes (#29711) * fixes for generic playbooks * fixes for generic playbooks * fixes for generic playbooks * Use Case Builder Development stage Field update (#29771) (#29825) * pushing changes to the use case stage * adding release notes * Update pack_metadata.json * Rename 1_1_0.md to 1_0_4.md * Update 1_0_4.md * Update 1_0_4.md --------- Co-authored-by: Joe Cosgrove <[email protected]> Co-authored-by: Michael Yochpaz <[email protected]> * Add mapper and disable auto extraction for ThinkstCanary (#29756) * Add Classification and Mapping to ThinkstCanary Integration * Duo Mapping Enrichment (#29139) * Updated DuoModelingRule_1_3 * Updated ModelingRules and ReleaseNotes * Updated ModelingRules and ReleaseNotes * Updated DuoModelingRule_1_3_schema and README * Rev DuoModelingRule_1_3 | add DuoModelingRule_2_0 * Updated .yml and ReleaseNotes * Updated DuoModelingRule_2_0 * Updated ReleaseNotes * Updated .yml with toversion: 8.3.0 * Updated DuoModelingRule_2_0_schema * Updated ModelingRules * Updated ReleaseNotes * Bump pack from version DuoAdminApi to 4.0.8. * Updated DuoModelingRule_1_3 * azure * Updated DuoModelingRule_2_0 * Updated DuoModelingRule_2_0 * Updated ParsingRules * Updated ReleaseNotes * Updated ReleaseNotes * Updated ReleaseNotes * Updated pack_metadata * Updated pack_metadata * Updated pack_metadata * Updated README * Updated README * Updated README * Updated ReleaseNotes * Updated ReleaseNotes * Updated DuoModelingRule_2_0 * Reverted MS packs * Reverted MS packs * Updated DuoModelingRule_1_3_schema * Updated ReleaseNotes * Update Packs/DuoAdminApi/ReleaseNotes/4_0_10.md Co-authored-by: ShirleyDenkberg <[email protected]> --------- Co-authored-by: Content Bot <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> * [AWS System Manager] New Pack (#28992) * init - new pack * 2 commands * aws-ssm-inventory-entry-list * list_associations_command * remove boto stubs * remove boto stubs * improve * poetry * revert poetry * aws-ssm-association-list * aws-ssm-association-get * aws-ssm-association-get * aws-ssm-association-version-list * format * aws-ssm-document-list * ruff * ruff * ssmclient test * test * doc get * docs * Update pyproject.toml * Update poetry.lock * Update .pre-commit-config_template.yaml * regex * aws-ssm-tag-remove * improve * aws-ssm-automation-execution-list * pack * aws-ssm-command-list * aws-ssm-command-run aws-ssm-command-cancel * ruff * Apply suggestions from code review Co-authored-by: Jacob Levy <[email protected]> * Apply suggestions from code review Co-authored-by: Jacob Levy <[email protected]> * UT * UT * cr and docs * black * black and ruff * format * description * format description * pack metadata * fix ut * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * cr * cr * fix yml * add outputs * Update Packs/AWS_SystemManager/Integrations/AWSSystemManager/AWSSystemManager.py Co-authored-by: dorschw <[email protected]> * fix cr * run command and fix UT * automation run * fix output add playbook * docs * docs * docs * docs * ruff and black * fix demo * fix demo * update docker and fix line to long * Apply suggestions from code review (docs) Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: dorschw <[email protected]> * cr fix * update docker * fix line * Fix an issue * Fix an issue * Update playbook description * Update docker --------- Co-authored-by: Jacob Levy <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: dorschw <[email protected]> * Fix splunk search in incident context (#29763) * fixes * fixes * fixes * update docker * added rn * add bc rn * Empty-Commit * Test For 'WildFire Malware' Playbook (#29404) * Test For 'WildFire Malware' Playbook * PR * RN * added the "is_mockable" config to the conf file * removed the "is_mockable" config to the conf file * Bump pack from version Core to 2.0.14. * Bump pack from version Core to 2.0.15. * Increased timeout configs * Added VirusTotal to the conf file * added virustotal instance name * changed the 'AutoContainment' playbook input config to 'true' * changed 'timeout' * changed 'timeout' * changed 'timeout' to 1600 * changed the 'ShouldCloseAutomatically' playbook input to 'false' * added the test playbook name to the playbook YML file * RN * removed the close note alert field verification * added the 'marketplacev2' to the test playbook YML file * added the '000001e7a228b2a7abdf7f7e404bc8522df32b725e86907dde32176bccbbbb27' malicious file hash to secrets ignore file. the file hash is used within the test playbook for enrichment and test purposes. --------- Co-authored-by: Content Bot <[email protected]> * update docker image (#29845) * added functionallity to download index by marketplace (#29834) * added functionallity to download index by marketplace * added some logs for validation * commit * removed logs * [pre-commit MyPy] Align the entire repo with MyPy #2 (#29799) * [pre-commit MyPy] Align the entire repo with MyPy #2 * Add RN * Revert changes in 1.12.26 RN * Update the docker images * [pre-commit MyPy] Align the entire repo with MyPy #1 (#29798) * [pre-commit MyPy] Align the entire repo with MyPy #1 * Xsup 27738 DBotFindSimilarIncidents NoneType Error (#29701) * failed ut * fix * rn * pre-commit * pre commit * just the fix * fix description in yml * fix * docker * Update Packs/Base/ReleaseNotes/1_32_34.md Co-authored-by: Dan Tavori <[email protected]> * test * test * removed import --------- Co-authored-by: Dan Tavori <[email protected]> * Wiz v1 2 11 (#29719) * Wiz v1 2 11 (#29688) * remove redundant parenthesis * ../Packs/Wiz/Integrations/Wiz/Wiz.py * add Wiz user agent *…

* Updated docker image to demisto/smbprotocol:1.0.0.112286. PR batch #1/1 (demisto#36482) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/stringsifter:3.20230711.112287. PR batch #1/1 (demisto#36481) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/yarapy:1.0.0.112291. PR batch #1/1 (demisto#36480) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/snowflake:1.0.0.112285. PR batch #1/1 (demisto#36479) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/ansible-runner:1.0.0.112234. PR batch #2/2 (demisto#36478) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/ansible-runner:1.0.0.112234. PR batch #1/2 (demisto#36477) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/netmiko:1.0.0.112262. PR batch #1/1 (demisto#36476) Co-authored-by: root <root@1e2de18e0cc3> --------- Co-authored-by: content-bot <[email protected]> Co-authored-by: root <root@1e2de18e0cc3>

* Updated docker image to demisto/py3ews:5.4.3.112092. PR batch #1/1 (demisto#36622) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/crypto:1.0.0.111961. PR batch #1/4 (demisto#36623) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/crypto:1.0.0.111961. PR batch #2/4 (demisto#36624) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/crypto:1.0.0.111961. PR batch #3/4 (demisto#36625) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/crypto:1.0.0.111961. PR batch #4/4 (demisto#36626) Co-authored-by: root <root@1e2de18e0cc3> --------- Co-authored-by: content-bot <[email protected]> Co-authored-by: root <root@1e2de18e0cc3>

* Updated docker image to demisto/googleapi-python3:1.0.0.112316. PR batch #2/2 (demisto#36495) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/googleapi-python3:1.0.0.112316. PR batch #1/2 (demisto#36494) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/google-cloud-translate:1.0.0.112239. PR batch #1/1 (demisto#36493) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/pcap-http-extractor:1.0.0.112272. PR batch #1/1 (demisto#36492) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/xpanse-ml-ev2:1.0.0.112461. PR batch #1/1 (demisto#36491) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/readpdf:1.0.0.112283. PR batch #1/1 (demisto#36490) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/unzip:1.0.0.112289. PR batch #1/1 (demisto#36489) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/bigquery:1.0.0.112225. PR batch #1/1 (demisto#36486) Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: Maya Goldman <[email protected]> * Updated docker image to demisto/google-kms:1.0.0.112242. PR batch #1/1 (demisto#36485) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/ssdeep:1.0.0.112284. PR batch #1/1 (demisto#36484) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/qrcode:1.0.0.112357. PR batch #1/1 (demisto#36483) Co-authored-by: root <root@1e2de18e0cc3> * demisto/python3-deb:3.11.10.112166 | 0-100 | PR batch #1/1 (demisto#36488) * Updated docker image to demisto/python3-deb:3.11.10.112166. PR batch #1/1 * ruff py datetime-timezone-utc (UP017) * ruff py datetime-timezone-utc (UP017) * ruff py datetime-timezone-utc (UP017) * exclude from native --------- Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: mayagoldman <[email protected]> Co-authored-by: Maya Goldman <[email protected]> * demisto/google-api-py3:1.0.0.112317 | 0-100 | PR batch #1/1 (demisto#36487) * Updated docker image to demisto/google-api-py3:1.0.0.112317. PR batch #1/1 * ruff py datetime-timezone-utc (UP017) * ruff py datetime-timezone-utc (UP017) * exclude from native --------- Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: mayagoldman <[email protected]> Co-authored-by: Maya Goldman <[email protected]> * updated release notes * Update 1_15_73.md * remove palce holder --------- Co-authored-by: content-bot <[email protected]> Co-authored-by: root <root@1e2de18e0cc3>

* Updated docker image to demisto/googleapi-python3:1.0.0.113882. PR batch #1/2 (demisto#36788) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/googleapi-python3:1.0.0.113882. PR batch #2/2 (demisto#36789) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/exodusintelligence:1.0.0.113866. PR batch #1/1 (demisto#36793) Co-authored-by: root <root@1e2de18e0cc3> * demisto/devo:1.0.0.113864 | 0-100 | PR batch #1/1 (demisto#36792) * Updated docker image to demisto/devo:1.0.0.113864. PR batch #1/1 * ruff-py3.11 * RN --------- Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: mayagoldman <[email protected]> * Updated docker image to demisto/google-api-py3:1.0.0.114199. PR batch #1/1 (demisto#36787) Co-authored-by: root <root@1e2de18e0cc3> * RN --------- Co-authored-by: content-bot <[email protected]> Co-authored-by: root <root@1e2de18e0cc3>

* Updated docker image to demisto/python3:3.11.10.113941. PR batch #4/7 (demisto#36995) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.113941. PR batch #3/7 (demisto#36994) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.113941. PR batch #7/7 (demisto#36998) Co-authored-by: root <root@1e2de18e0cc3> * demisto/python3:3.11.10.113941 | 0-100 | PR batch #2/7 (demisto#36993) * Updated docker image to demisto/python3:3.11.10.113941. PR batch #2/7 * Update IPNetwork.yml --------- Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: inbalapt1 <[email protected]> * Updated docker image to demisto/python3:3.11.10.113941. PR batch #1/7 (demisto#36992) Co-authored-by: root <root@1e2de18e0cc3> * demisto/python3:3.11.10.113941 | 0-100 | PR batch #6/7 (demisto#36997) * Updated docker image to demisto/python3:3.11.10.113941. PR batch #6/7 * fix UTC * remove paloaltonetworks_iot --------- Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: [email protected] <[email protected]> * update release notes * Bump pack from version MicrosoftExchangeOnline to 1.5.13. --------- Co-authored-by: content-bot <[email protected]> Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: Content Bot <[email protected]>

* Updated docker image to demisto/py3-tools:1.0.0.114656. PR batch #2/2 (demisto#37052) Co-authored-by: root <root@1e2de18e0cc3> * update-release-notes * demisto/py3-tools:1.0.0.114656 | 0-100 | PR batch #1/2 (demisto#37051) * Updated docker image to demisto/py3-tools:1.0.0.114656. PR batch #1/2 * Update RSSWidget.yml * update release notes * Update 1_0_3.md * Update 1_0_6.md * Update 1_0_3.md * Update 1_0_1.md * Update 1_0_8.md * release notes remove UPDATE_RN --------- Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: inbalapt1 <[email protected]> Co-authored-by: [email protected] <[email protected]> * Bump pack from version Mimecast to 2.5.3. * Bump pack from version Core to 3.0.88. * Bump pack from version Core to 3.0.89. * Bump pack from version Core to 3.0.90. * Bump pack from version FiltersAndTransformers to 1.2.81. --------- Co-authored-by: content-bot <[email protected]> Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: Content Bot <[email protected]>

* Updated docker image to demisto/python3:3.11.10.115186. PR batch #2/5 (demisto#37137) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.115186. PR batch #1/5 (demisto#37136) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.115186. PR batch #5/5 (demisto#37140) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.115186. PR batch #3/5 (demisto#37138) Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: inbalapt1 <[email protected]> * demisto/python3:3.11.10.115186 | 70-100 | PR batch #4/5 (demisto#37139) * Updated docker image to demisto/python3:3.11.10.115186. PR batch #4/5 * Update CortexXDRIR.yml * Update XQLQueryingEngine.yml * Update PaloAltoNetworksAIOps.yml --------- Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: inbalapt1 <[email protected]> * update release-notes * Bump pack from version CommonScripts to 1.15.88. * Bump pack from version SplunkPy to 3.1.44. * Bump pack from version Phishing to 3.6.27. * Bump pack from version CortexXDR to 6.1.89. --------- Co-authored-by: content-bot <[email protected]> Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: Content Bot <[email protected]>

* Updated docker image to demisto/python3:3.11.10.116949. PR batch #1/5 (demisto#37402) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.116949. PR batch #2/5 (demisto#37403) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.116949. PR batch #4/5 (demisto#37405) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.116949. PR batch #5/5 (demisto#37406) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.116949. PR batch #3/5 (demisto#37404) Co-authored-by: root <root@1e2de18e0cc3> * update to 3.11.10.115186 * remove issues * utc * remove * remove * update release notes * update * Bump pack from version Okta to 3.3.8. * remove mailsendernew * remove core * update release notes * Bump pack from version Palo_Alto_Networks_Enterprise_DLP to 2.0.13. * Bump pack from version Okta to 3.3.9. * Bump pack from version AzureSentinel to 1.5.54. * Bump pack from version PaloAltoNetworks_Threat_Vault to 2.0.15. --------- Co-authored-by: content-bot <[email protected]> Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: Content Bot <[email protected]>

* Updated docker image to demisto/python3:3.11.10.115186. PR batch #1/4 (demisto#37524) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.115186. PR batch #2/4 (demisto#37525) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.115186. PR batch #3/4 (demisto#37526) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.115186. PR batch #4/4 (demisto#37527) Co-authored-by: root <root@1e2de18e0cc3> * remove utc files * remove utc * ipnetwork * remove unittests issues * update release notes * update release notes --------- Co-authored-by: Koby Meir <[email protected]> Co-authored-by: root <root@1e2de18e0cc3>

* Updated docker image to demisto/python3:3.11.10.115186. PR batch #1/2 (demisto#37564) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.115186. PR batch #2/2 (demisto#37565) Co-authored-by: root <root@1e2de18e0cc3> * remove issues * remove utc * update fireeyeetp * remove elias * ipnetwork check old dockerimage * remove ipnetwork * update release notes * update core * update core release * Bump pack from version Core to 3.2.3. * Empty commit * update * fix * Bump pack from version CommunityCommonScripts to 1.3.8. * Bump pack from version Use_Case_Builder to 1.0.11. * update release notes * remove cortexcorexqlquery * Update 2_0_23.md * remove zeroFox * remove zeroFox --------- Co-authored-by: Koby Meir <[email protected]> Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: Content Bot <[email protected]>

* batch_1 (demisto#39162) * Adopt 'platform' MP to content packs #2 (demisto#39163) * batch_2 * revert incorrect changes * revert incorrect changes * remove identity_threat --------- Co-authored-by: darbel <[email protected]> * Adopt 'platform' MP to content packs #3 (demisto#39164) * batch_3 * remove identity_threat --------- Co-authored-by: darbel <[email protected]> * batch_4 (demisto#39165) * Adopt 'platform' MP to content packs #6 (demisto#39167) * batch_6 * revert incorrect changes * batch_7 (demisto#39168) * Adopt 'platform' MP to content packs #8 (demisto#39169) * batch_8 * revert incorrect changes * Update Packs/CommonScripts/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * Adopt 'platform' MP to content packs #9 (demisto#39170) * batch_9 * revert quick actions * revert incorrect changes * revert incorrect changes * batch_5 (demisto#39232) * batch_10 (demisto#39171) * batch_11 (demisto#39172) * Adopt 'platform' MP to content packs #12 (demisto#39173) * batch_12 * revert incorrect changes * batch_13 (demisto#39174) * Adopt 'platform' MP to content packs #14 (demisto#39175) * batch_14 * revert incorrect changes * Adopt 'platform' MP to content packs #15 (demisto#39176) * batch_15 * Update Packs/FiltersAndTransformers/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * batch_16 (demisto#39177) * batch_17 (demisto#39178) * Adopt 'platform' MP to content packs #18 (demisto#39179) * batch_18 * revert incorrect changes * Adopt 'platform' MP to content packs #19 (demisto#39180) * batch_19 * Update Packs/Jira/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * batch_20 (demisto#39181) * Adopt 'platform' MP to content packs #21 (demisto#39182) * batch_21 * revert incorrect changes * remove identity_threat --------- Co-authored-by: darbel <[email protected]> * Adopt 'platform' MP to content packs #22 (demisto#39183) * batch_22 * revert incorrect changes * Update Packs/Office365AndAzureAuditLog/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * batch_24 (demisto#39185) * Adopt 'platform' MP to content packs #25 (demisto#39186) * batch_25 * Update Packs/PingIdentity/pack_metadata.json * Update Packs/PrismaAccess/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * Adopt 'platform' MP to content packs #26 (demisto#39187) * batch_26 * revert incorrect changes * Adopt 'platform' MP to content packs #27 (demisto#39188) * batch_27 * revert incorrect changes * Adopt 'platform' MP to content packs #28 (demisto#39189) * batch_28 * revert incorrect changes * remove identity_threat --------- Co-authored-by: darbel <[email protected]> * Adopt 'platform' MP to content packs #29 (demisto#39190) * batch_29 * revert incorrect changes * Update Packs/Slack/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * batch_30 (demisto#39191) * batch_31 (demisto#39192) * Adopt 'platform' MP to content packs #32 (demisto#39193) * batch_32 * Update Packs/Workday/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * batch_33 (demisto#39194) * Adopt 'platform' MP to content packs #23 (demisto#39184) * batch_23 * revert incorrect changes * remove identity_threat --------- Co-authored-by: darbel <[email protected]> * fix json * limit common scripts * fix Core layouts * fix Core layouts --------- Co-authored-by: Israel Lappe <[email protected]> Co-authored-by: darbel <[email protected]>

* Added first draft for Quick action: Create Issue in Jira * Added first draft for Quick action: Create ServiceNow Ticket * Fixing Items in JIRA quick action * Adding Corrects Fields in Open Service Now Ticket * Quick Action Slack Integration * Quick Action MSFT Teams Integration * re-format the ${issue} syntax after clarifications * Adding Platform to pack_metadata.json * Updating pack_metadata.json for all Packs, according to platform-content-support * update supportsquickactions to higher scope adding hidden to relevant quiack-action cmds * Update slack to slackV3 * Remove deprecated arguments from JIRA cmd * Update default Value in Jira * Update Docker images versions * Update Release notes for quick actions Packs * Adding supports quick action for slack V3 * Change order of pre-defined options * Change defaultValue to predefined * Change pretty name for short_description in ServiceNowv2.yml * Remove prettyname for non required params * Update JiraV3.yml according to design changes * Update MicrosoftTeams.yml according to design changes * Update SlackV3.yml according to design changes * Update ServiceNowv2.yml according to design changes * Change from issue to alert keyword * Fixes After demo: Remove user option from teams and slack. Remove defaultValue from Servicenow TicketType * After Server fix - change from alert to issue keyword * Update Packs/Slack/ReleaseNotes/3_5_11.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/Slack/ReleaseNotes/3_5_11.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/ServiceNow/ReleaseNotes/2_7_8.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/Jira/Integrations/JiraV3/JiraV3.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/Jira/Integrations/JiraV3/JiraV3.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/Jira/ReleaseNotes/3_2_16.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * Update release note file name * Update description after pre commit notes * Create 3_5_12.md * Update Descriptions and params after product meeting * Revert "Create 3_5_12.md" This reverts commit 348e186. * Because of ST failed - update description in commands * batch_1 (demisto#39162) * Adopt 'platform' MP to content packs #2 (demisto#39163) * batch_2 * revert incorrect changes * revert incorrect changes * remove identity_threat --------- Co-authored-by: darbel <[email protected]> * Adopt 'platform' MP to content packs #3 (demisto#39164) * batch_3 * remove identity_threat --------- Co-authored-by: darbel <[email protected]> * batch_4 (demisto#39165) * Adopt 'platform' MP to content packs #6 (demisto#39167) * batch_6 * revert incorrect changes * batch_7 (demisto#39168) * Adopt 'platform' MP to content packs #8 (demisto#39169) * batch_8 * revert incorrect changes * Update Packs/CommonScripts/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * Adopt 'platform' MP to content packs #9 (demisto#39170) * batch_9 * revert quick actions * revert incorrect changes * revert incorrect changes * batch_5 (demisto#39232) * batch_10 (demisto#39171) * batch_11 (demisto#39172) * Adopt 'platform' MP to content packs #12 (demisto#39173) * batch_12 * revert incorrect changes * batch_13 (demisto#39174) * Adopt 'platform' MP to content packs #14 (demisto#39175) * batch_14 * revert incorrect changes * Adopt 'platform' MP to content packs #15 (demisto#39176) * batch_15 * Update Packs/FiltersAndTransformers/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * batch_16 (demisto#39177) * batch_17 (demisto#39178) * Adopt 'platform' MP to content packs #18 (demisto#39179) * batch_18 * revert incorrect changes * Adopt 'platform' MP to content packs #19 (demisto#39180) * batch_19 * Update Packs/Jira/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * batch_20 (demisto#39181) * Adopt 'platform' MP to content packs #21 (demisto#39182) * batch_21 * revert incorrect changes * remove identity_threat --------- Co-authored-by: darbel <[email protected]> * Adopt 'platform' MP to content packs #22 (demisto#39183) * batch_22 * revert incorrect changes * Update Packs/Office365AndAzureAuditLog/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * batch_24 (demisto#39185) * Adopt 'platform' MP to content packs #25 (demisto#39186) * batch_25 * Update Packs/PingIdentity/pack_metadata.json * Update Packs/PrismaAccess/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * Adopt 'platform' MP to content packs #26 (demisto#39187) * batch_26 * revert incorrect changes * Adopt 'platform' MP to content packs #27 (demisto#39188) * batch_27 * revert incorrect changes * Adopt 'platform' MP to content packs #28 (demisto#39189) * batch_28 * revert incorrect changes * remove identity_threat --------- Co-authored-by: darbel <[email protected]> * Adopt 'platform' MP to content packs #29 (demisto#39190) * batch_29 * revert incorrect changes * Update Packs/Slack/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * batch_30 (demisto#39191) * batch_31 (demisto#39192) * Adopt 'platform' MP to content packs #32 (demisto#39193) * batch_32 * Update Packs/Workday/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * batch_33 (demisto#39194) * Adopt 'platform' MP to content packs #23 (demisto#39184) * batch_23 * revert incorrect changes * remove identity_threat --------- Co-authored-by: darbel <[email protected]> * fix json * limit common scripts * Revert "Merge branch 'test-platform-mp' into nivbs/CIAC-13013_Quick_Actions" This reverts commit 78e897c, reversing changes made to d2885a5. * Update release notes before pre commit * Update release notes before pre commit * Update current version in pack_metadata.json * Applying changes to adjust pre-commit tests * Making sure that send slack message and send teams message dont run as one action * Updating SlackV3_test.py to support new version * Revert docker changes in slack and teams because of build not supporting new versions * Revert slack test changes becuase docker versions were not updated * Remove Unnecessary description in Teams --------- Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: Israel Lappe <[email protected]> Co-authored-by: darbel <[email protected]> Co-authored-by: barryyosi-panw <[email protected]> Co-authored-by: barryyosi-panw <[email protected]>

…emisto#39230) (demisto#39322) * "contribution update to pack 'Microsoft Sentinel'" * Revert unwanted changes * Update Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml * Update Packs/AzureSentinel/Integrations/AzureSentinel/README.md * Update Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml * Revert unwanted changes part 2 * Aligned tests to the input type change * update release notes * fix unittest * Update Packs/AzureSentinel/ReleaseNotes/1_5_60.md * fix * Added a note to the readme regarding the debugger panel (demisto#39243) * CRTX-133204-Trellix_ePO-fix (demisto#39248) * changed metadata file * added release notes * added release notes --------- * fix: get mapping fields function does not except any arguments (demisto#38786) (demisto#39261) * fix: get mapping fields function does not except any arguments * feat: add Bryan van der Net to CONTRIBUTORS.json * fix: update SentinelOne V2 integration to resolve mapping fields error and enhance configuration sections * fix: update Docker image version for SentinelOne V2 integration * docs: update Docker image version in release notes for SentinelOne V2 integration * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/ReleaseNotes/3_2_37.md * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * style: pr still showing changes on the release notes * Bump version and generate release notes * revert: revert config changes * chore: bump version and update release notes * style: undo random formatting changes --------- * Modeling rules modification - CRTX-151278 (demisto#39103) * Modified modeling rule after the modification of the integration * Fixed schema file * Added release note and modified modeling rule * Pack's version update * Update Packs/qualys/ReleaseNotes/3_2_4.md * Modified modeling rule * Bump pack from version qualys to 3.2.5. * Added xdm.event.type to assets events * Added tag * Fixed schema file * Fixed schema file --------- * Update Pan-OS playbook for supporting version 11 (demisto#39249) * added itamar (demisto#39265) * Added the validate-validation-config-file hook to content (demisto#39260) * Added the validate-validation-config-file hook to content * fixes * fix validations * Automation research releases (demisto#39270) * new playbook - First Azure AD PowerShell operation for a user (demisto#39159) * new playbook * RN * description fixed * added ignore * Bump pack from version CortexResponseAndRemediation to 1.1.25. * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * task description * position fix * fix for old link to documentation * continue on error * fix * skip if * fix * fix * added issilent: true --------- * Automation Research Release - 1 (demisto#39269) * fix: get mapping fields function does not except any arguments (demisto#38786) (demisto#39261) * fix: get mapping fields function does not except any arguments * feat: add Bryan van der Net to CONTRIBUTORS.json * fix: update SentinelOne V2 integration to resolve mapping fields error and enhance configuration sections * fix: update Docker image version for SentinelOne V2 integration * docs: update Docker image version in release notes for SentinelOne V2 integration * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/ReleaseNotes/3_2_37.md * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * style: pr still showing changes on the release notes * Bump version and generate release notes * revert: revert config changes * chore: bump version and update release notes * style: undo random formatting changes --------- * Modeling rules modification - CRTX-151278 (demisto#39103) * Modified modeling rule after the modification of the integration * Fixed schema file * Added release note and modified modeling rule * Pack's version update * Update Packs/qualys/ReleaseNotes/3_2_4.md * Modified modeling rule * Bump pack from version qualys to 3.2.5. * Added xdm.event.type to assets events * Added tag * Fixed schema file * Fixed schema file --------- * Update Pan-OS playbook for supporting version 11 (demisto#39249) * added itamar (demisto#39265) --------- --------- * add codeowner (demisto#39272) * [GenericPolling] Update docs (demisto#39250) * RN * Update Packs/CommonPlaybooks/ReleaseNotes/2_6_55.md * Update Packs/CommonPlaybooks/ReleaseNotes/2_6_55.md --------- * edit readme file (demisto#39196) * edit readme file * documentation after tech writing fixes * fix to soft break (line break) * improve images resolution * change permission list to bullet style * [Code owners] Update ContentManagement with talzich (demisto#39284) * Platform content support merge gateway (demisto#39268) * batch_1 (demisto#39162) * Adopt 'platform' MP to content packs #2 (demisto#39163) * batch_2 * revert incorrect changes * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #3 (demisto#39164) * batch_3 * remove identity_threat --------- * batch_4 (demisto#39165) * Adopt 'platform' MP to content packs #6 (demisto#39167) * batch_6 * revert incorrect changes * batch_7 (demisto#39168) * Adopt 'platform' MP to content packs #8 (demisto#39169) * batch_8 * revert incorrect changes * Update Packs/CommonScripts/pack_metadata.json --------- * Adopt 'platform' MP to content packs #9 (demisto#39170) * batch_9 * revert quick actions * revert incorrect changes * revert incorrect changes * batch_5 (demisto#39232) * batch_10 (demisto#39171) * batch_11 (demisto#39172) * Adopt 'platform' MP to content packs #12 (demisto#39173) * batch_12 * revert incorrect changes * batch_13 (demisto#39174) * Adopt 'platform' MP to content packs #14 (demisto#39175) * batch_14 * revert incorrect changes * Adopt 'platform' MP to content packs #15 (demisto#39176) * batch_15 * Update Packs/FiltersAndTransformers/pack_metadata.json --------- * batch_16 (demisto#39177) * batch_17 (demisto#39178) * Adopt 'platform' MP to content packs #18 (demisto#39179) * batch_18 * revert incorrect changes * Adopt 'platform' MP to content packs #19 (demisto#39180) * batch_19 * Update Packs/Jira/pack_metadata.json --------- * batch_20 (demisto#39181) * Adopt 'platform' MP to content packs #21 (demisto#39182) * batch_21 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #22 (demisto#39183) * batch_22 * revert incorrect changes * Update Packs/Office365AndAzureAuditLog/pack_metadata.json --------- * batch_24 (demisto#39185) * Adopt 'platform' MP to content packs #25 (demisto#39186) * batch_25 * Update Packs/PingIdentity/pack_metadata.json * Update Packs/PrismaAccess/pack_metadata.json --------- * Adopt 'platform' MP to content packs #26 (demisto#39187) * batch_26 * revert incorrect changes * Adopt 'platform' MP to content packs #27 (demisto#39188) * batch_27 * revert incorrect changes * Adopt 'platform' MP to content packs #28 (demisto#39189) * batch_28 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #29 (demisto#39190) * batch_29 * revert incorrect changes * Update Packs/Slack/pack_metadata.json --------- * batch_30 (demisto#39191) * batch_31 (demisto#39192) * Adopt 'platform' MP to content packs #32 (demisto#39193) * batch_32 * Update Packs/Workday/pack_metadata.json --------- * batch_33 (demisto#39194) * Adopt 'platform' MP to content packs #23 (demisto#39184) * batch_23 * revert incorrect changes * remove identity_threat --------- * fix json * limit common scripts * fix Core layouts * fix Core layouts --------- * IBM HA - add "haIntegrationEventID" to multiple integrations (demisto#38846) * add haIntegrationEventID key to qradar incidents * added rn * fixes * in progress * reverts & preperation * tests fixes * added haIntegrationEventID to more itnegrations * added rns * fixes * fixes * added sections to uptycs * work in progress, save before testing * working windows integration * done all 9 integrations * added rns * fix proof point * fix unit test * validations fixes * validations fixes * reverts * update uptycs contacts * update rns * update rns * revert ms atp * reverts * reverts * updated docker * fixed empty offset issue * added rn * reverts * Add ICDM Integration (demisto#38982) (demisto#39283) * Add ICDM Integration * Fix Formatting and Pipeline errors * Update Sections * Minor changes and refactors to address Review comments * Fix Unit test for network indicator * do not use deprecated method utcnow() * Fix context path and format readable output of Protection Commands * Update Readme * Fix version info in Readme * Box Quick Update (demisto#39267) * Updated README and pack_metadata * Updated README * Update Packs/Box/README.md * Update Packs/Box/README.md * Update Packs/Box/README.md * Update Packs/Box/README.md --------- * [Trellix_ePO] Remove MP xsoar (demisto#39296) * hide pack (demisto#39290) (demisto#39294) * CortexCoreIR: added `quick actions` commands (demisto#38663) * added prettynames placeholder * added quickaction * update prettypredefined * capital prettyPredefined * update prettypredefined * JUST FOR TEST SDK FIX * correct prettypredefined * test script * uuse sdk from branch * added supportedModules * adding the wrapper commands * remove "platform" properties from script * revert poetry changes * remove quick action from the orig command * correct the name of quick actions * fix wrong * update CoreIR integration with IA related & py code * PM changes * restore pack_metadata * replace placeholders * run ruff format after merge master * added RN * fix alert * update the RN --------- * drop CortexVulnerabilityManagement from platform (demisto#39299) * Nivbs/ciac 13013 quick actions (demisto#38979) * Added first draft for Quick action: Create Issue in Jira * Added first draft for Quick action: Create ServiceNow Ticket * Fixing Items in JIRA quick action * Adding Corrects Fields in Open Service Now Ticket * Quick Action Slack Integration * Quick Action MSFT Teams Integration * re-format the ${issue} syntax after clarifications * Adding Platform to pack_metadata.json * Updating pack_metadata.json for all Packs, according to platform-content-support * update supportsquickactions to higher scope adding hidden to relevant quiack-action cmds * Update slack to slackV3 * Remove deprecated arguments from JIRA cmd * Update default Value in Jira * Update Docker images versions * Update Release notes for quick actions Packs * Adding supports quick action for slack V3 * Change order of pre-defined options * Change defaultValue to predefined * Change pretty name for short_description in ServiceNowv2.yml * Remove prettyname for non required params * Update JiraV3.yml according to design changes * Update MicrosoftTeams.yml according to design changes * Update SlackV3.yml according to design changes * Update ServiceNowv2.yml according to design changes * Change from issue to alert keyword * Fixes After demo: Remove user option from teams and slack. Remove defaultValue from Servicenow TicketType * After Server fix - change from alert to issue keyword * Update Packs/Slack/ReleaseNotes/3_5_11.md * Update Packs/Slack/ReleaseNotes/3_5_11.md * Update Packs/ServiceNow/ReleaseNotes/2_7_8.md * Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml * Update Packs/Jira/Integrations/JiraV3/JiraV3.yml * Update Packs/Jira/Integrations/JiraV3/JiraV3.yml * Update Packs/Jira/ReleaseNotes/3_2_16.md * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml * Apply suggestions from code review * Update release note file name * Update description after pre commit notes * Create 3_5_12.md * Update Descriptions and params after product meeting * Revert "Create 3_5_12.md" This reverts commit 348e186. * Because of ST failed - update description in commands * batch_1 (demisto#39162) * Adopt 'platform' MP to content packs #2 (demisto#39163) * batch_2 * revert incorrect changes * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #3 (demisto#39164) * batch_3 * remove identity_threat --------- * batch_4 (demisto#39165) * Adopt 'platform' MP to content packs #6 (demisto#39167) * batch_6 * revert incorrect changes * batch_7 (demisto#39168) * Adopt 'platform' MP to content packs #8 (demisto#39169) * batch_8 * revert incorrect changes * Update Packs/CommonScripts/pack_metadata.json --------- * Adopt 'platform' MP to content packs #9 (demisto#39170) * batch_9 * revert quick actions * revert incorrect changes * revert incorrect changes * batch_5 (demisto#39232) * batch_10 (demisto#39171) * batch_11 (demisto#39172) * Adopt 'platform' MP to content packs #12 (demisto#39173) * batch_12 * revert incorrect changes * batch_13 (demisto#39174) * Adopt 'platform' MP to content packs #14 (demisto#39175) * batch_14 * revert incorrect changes * Adopt 'platform' MP to content packs #15 (demisto#39176) * batch_15 * Update Packs/FiltersAndTransformers/pack_metadata.json --------- * batch_16 (demisto#39177) * batch_17 (demisto#39178) * Adopt 'platform' MP to content packs #18 (demisto#39179) * batch_18 * revert incorrect changes * Adopt 'platform' MP to content packs #19 (demisto#39180) * batch_19 * Update Packs/Jira/pack_metadata.json --------- * batch_20 (demisto#39181) * Adopt 'platform' MP to content packs #21 (demisto#39182) * batch_21 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #22 (demisto#39183) * batch_22 * revert incorrect changes * Update Packs/Office365AndAzureAuditLog/pack_metadata.json --------- * batch_24 (demisto#39185) * Adopt 'platform' MP to content packs #25 (demisto#39186) * batch_25 * Update Packs/PingIdentity/pack_metadata.json * Update Packs/PrismaAccess/pack_metadata.json --------- * Adopt 'platform' MP to content packs #26 (demisto#39187) * batch_26 * revert incorrect changes * Adopt 'platform' MP to content packs #27 (demisto#39188) * batch_27 * revert incorrect changes * Adopt 'platform' MP to content packs #28 (demisto#39189) * batch_28 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #29 (demisto#39190) * batch_29 * revert incorrect changes * Update Packs/Slack/pack_metadata.json --------- * batch_30 (demisto#39191) * batch_31 (demisto#39192) * Adopt 'platform' MP to content packs #32 (demisto#39193) * batch_32 * Update Packs/Workday/pack_metadata.json --------- * batch_33 (demisto#39194) * Adopt 'platform' MP to content packs #23 (demisto#39184) * batch_23 * revert incorrect changes * remove identity_threat --------- * fix json * limit common scripts * Revert "Merge branch 'test-platform-mp' into nivbs/CIAC-13013_Quick_Actions" This reverts commit 78e897c, reversing changes made to d2885a5. * Update release notes before pre commit * Update release notes before pre commit * Update current version in pack_metadata.json * Applying changes to adjust pre-commit tests * Making sure that send slack message and send teams message dont run as one action * Updating SlackV3_test.py to support new version * Revert docker changes in slack and teams because of build not supporting new versions * Revert slack test changes becuase docker versions were not updated * Remove Unnecessary description in Teams --------- * Fix validate content tpb (demisto#39297) * Increase timeout * fix tpb yml * FormatURL does not correctly extract URLs from URLs of type ProofPoint URLDefense v3 (demisto#39086) * first commit * add rn * add tests- urls are from api * Bump pack from version CommonScripts to 1.19.34. * improve code * Bump pack from version ApiModules to 2.2.43. * add rn * fix docker * fix code * fix pre-commit * fix pre-commit * fix pre-commit * fix pre-commit * fix test * Bump pack from version CommonScripts to 1.19.35. * fix test * fix test playbook * fix warnings * fix warnings * fix warnings * fix warnings --------- * Modified readme file - Proofpoint TAP (demisto#39289) * Modified readme file * Update Packs/ProofpointTAP/README.md --------- * Improve handling of command execution timeout using timed thread in QualysV2 (demisto#39074) * Updated Silverfort Pack README (demisto#38764) (demisto#39304) * Updated Silverfort README * Updated based on ilaredo's feedback * Trigger build workflow * Fix for list of techniques in InvestigationDetailedSummaryToTable (demisto#39291) * fix for customer issue * FeedDomainTools Release v1.0.1 (demisto#39280) (demisto#39305) * Add release notes * Removed release notes * Add domain discovery feed. * Added domainrdap feeds * Add test cases for domainrdap feeds * Revert hardcoded indicator type * Remove unnecessary comment * Update README * Update release notes * Fix upload flow core packs validation (demisto#39306) * update the RN * empty * Intense sso failures fix (demisto#39301) * Change 90 days to 1 day * Change 90 days to 1 day * RN --------- Co-authored-by: xsoar-bot <[email protected]> Co-authored-by: ROCCO <[email protected]> Co-authored-by: ispRM <[email protected]> Co-authored-by: inbalapt1 <[email protected]> Co-authored-by: [email protected] <[email protected]> Co-authored-by: Shachar Kidor <[email protected]> Co-authored-by: sdaniel6 <[email protected]> Co-authored-by: Shahaf Ben Yakir <[email protected]> Co-authored-by: bryanster <[email protected]> Co-authored-by: Jelle Hol <[email protected]> Co-authored-by: yasta5 <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: Content Bot <[email protected]> Co-authored-by: Niv Ben Salmon <[email protected]> Co-authored-by: EyalPintzov <[email protected]> Co-authored-by: Yuval Hayun <[email protected]> Co-authored-by: Daniel Rezvani <[email protected]> Co-authored-by: Karina Fishman <[email protected]> Co-authored-by: Adi Peretz <[email protected]> Co-authored-by: Jacob Levy <[email protected]> Co-authored-by: Arad Carmi <[email protected]> Co-authored-by: lironcohen272 <[email protected]> Co-authored-by: Menachem Weinfeld <[email protected]> Co-authored-by: barryyosi-panw <[email protected]> Co-authored-by: Israel Lappe <[email protected]> Co-authored-by: darbel <[email protected]> Co-authored-by: rundssoar <[email protected]> Co-authored-by: eepstain <[email protected]> Co-authored-by: johnnywilkes <[email protected]> Co-authored-by: Danny_Fried <[email protected]> Co-authored-by: barryyosi-panw <[email protected]> Co-authored-by: Tal Zichlinsky <[email protected]> Co-authored-by: Tal Carmeli <[email protected]> Co-authored-by: Kamal Qarain <[email protected]> Co-authored-by: Frank Gasparovic <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: Bri <[email protected]> Co-authored-by: Tomer Haimof <[email protected]> Co-authored-by: RotemAmit <[email protected]>

Juliya Smith added 7 commits June 16, 2020 17:02

Rename search json to search file events

00fa6f5

Add two hr commands

7d2e3a3

Update yml

34aeff1

Add all the commands

930a293

Update commands after testing

d104e5b

Test new commands

e3621f9

Add changelog entry

c8e30a1

antazoey changed the base branch from CODE42/chore-update-py42 to master June 17, 2020 14:04

Merge branch 'master' into commands

ed2a35c

alanag13 reviewed Jun 17, 2020

View reviewed changes

Juliya Smith added 6 commits June 17, 2020 17:58

Typos

527237b

Update README

341291f

Create decorator for returning none on error

f1830a1

gen playbook readmes

f621b34

Gen playbook readmes

f2e229d

Conform yml file indentation

e5087a6

antazoey commented Jun 17, 2020

View reviewed changes

Split up fixtures

667f3b0

kiran-chaudhary reviewed Jun 19, 2020

View reviewed changes

alanag13 approved these changes Jun 19, 2020

View reviewed changes

Fix spelling

54a9afc

Juliya Smith added 2 commits June 22, 2020 13:20

error handling

35c63ee

Improve error messages

ee2ad7f

antazoey requested review from alanag13 and kiran-chaudhary June 22, 2020 13:46

antazoey commented Jun 22, 2020

View reviewed changes

antazoey merged commit 8cb1df3 into master Jun 22, 2020

antazoey deleted the commands branch June 22, 2020 15:22

jdullum pushed a commit that referenced this pull request Oct 12, 2023

Private upload mode - docs #2 (demisto#28619)

a85937b

* Updated Docs * Added RNs * updated RN * updated known words * updated known words * updated Mandiant RNs * Updated CTIX .pack-ignore

jdullum pushed a commit that referenced this pull request Oct 12, 2023

[pre-commit ruff] Align the entire repo with ruff #2 (demisto#29754)

44352ab

* [pre-commit ruff] Align the entire repo with ruff #2 * Add RN * Update the docker image

jdullum pushed a commit that referenced this pull request Oct 12, 2023

[pre-commit MyPy] Align the entire repo with MyPy #2 (demisto#29799)

049e878

* [pre-commit MyPy] Align the entire repo with MyPy #2 * Add RN * Revert changes in 1.12.26 RN * Update the docker images

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commands #2

Commands #2

antazoey commented Jun 17, 2020 •

edited

Loading

alanag13 Jun 17, 2020

alanag13 Jun 17, 2020 •

edited

Loading

antazoey Jun 22, 2020

alanag13 Jun 17, 2020

antazoey Jun 22, 2020

alanag13 Jun 17, 2020 •

edited

Loading

antazoey Jun 17, 2020

antazoey Jun 17, 2020

kiran-chaudhary Jun 19, 2020

alanag13 commented Jun 19, 2020 •

edited

Loading

antazoey commented Jun 22, 2020

antazoey commented Jun 22, 2020

kiran-chaudhary commented Jun 22, 2020

antazoey commented Jun 22, 2020

antazoey commented Jun 22, 2020

antazoey Jun 22, 2020

kiran-chaudhary Jun 22, 2020

alanag13 commented Jun 22, 2020

		@@ -10,435 +10,452 @@ Code42 provides simple, fast detection and response to everyday data loss from i

		"""TESTS"""


		def test_client_when_no_alert_found_raises_exception(code42_sdk_mock):

Commands #2

Commands #2

Conversation

antazoey commented Jun 17, 2020 • edited Loading

Choose a reason for hiding this comment

alanag13 Jun 17, 2020 • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

alanag13 Jun 17, 2020 • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

alanag13 commented Jun 19, 2020 • edited Loading

antazoey commented Jun 22, 2020

antazoey commented Jun 22, 2020

kiran-chaudhary commented Jun 22, 2020

antazoey commented Jun 22, 2020

antazoey commented Jun 22, 2020

Choose a reason for hiding this comment

Choose a reason for hiding this comment

alanag13 commented Jun 22, 2020

antazoey commented Jun 17, 2020 •

edited

Loading

alanag13 Jun 17, 2020 •

edited

Loading

alanag13 Jun 17, 2020 •

edited

Loading

alanag13 commented Jun 19, 2020 •

edited

Loading