Handle outside td #3
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
antazoey
commented
Jun 22, 2020
| "sendingIpAddresses": ["127.0.0.1"] | ||
| } | ||
| } | ||
| "type$": "ALERT_DETAILS_RESPONSE", |
There was a problem hiding this comment.
This was just formatted + added a new observation for outside td
|
What happens when a new exposure type that we aren't accounting for in here gets inevitably added (again)? Will this similarly fail again with similar symptoms? In the JIRA ticket, Nathan mentions that we could surface the alert info without the details, at minimum. Doing something like that and logging a message that the Exposure type was unrecognized seems like a pragmatic thing to do. |
antazoey
commented
Jun 23, 2020
| @@ -411,7 +424,8 @@ def _create_file_category_filters(self): | |||
| """Determine if file categorization is significant""" | |||
| observed_file_categories = self._observation_data["fileCategories"] | |||
| categories = [c["category"].upper() for c in observed_file_categories if c["isSignificant"]] | |||
| return FileCategory.is_in(categories) | |||
| if categories: | |||
There was a problem hiding this comment.
Another missed bug that was messing up fetch (this one was my fault though)
antazoey
commented
Jun 23, 2020
| "GoogleDrive" | ||
| ], | ||
| "exposureTypes": [ | ||
| "UnknownExposureTypeThatWeDontSupportYet" |
There was a problem hiding this comment.
Note that none of the tests fail now with unsupported types
|
Ready again! |
alanag13
reviewed
Jun 23, 2020
| else: | ||
| LOG("Received unsupported exposure type {0}.".format(t)) | ||
| if exp_types: | ||
| return [ExposureType.is_in(exp_types)] |
There was a problem hiding this comment.
if the exp_types is empty due to it being unsupported, this will result in an ffs query of all events in the given time frame. If we returned [ExposureType.not_in(exp_types)], this would actually return the result set for the events they were looking for (unless we have two or more types of unsupported events, in which theres a case it would be a mix between those two).
There was a problem hiding this comment.
Why would we return [ExposureType.not_in(exp_types)] is exp_types is empty?
There was a problem hiding this comment.
if we find an alert that was triggered by an unsupported type, doing not_in(list_of_supported_types) would return only the not supported ones
added 3 commits
June 24, 2020 13:53
alanag13
approved these changes
Jun 24, 2020
antazoey
pushed a commit
that referenced
this pull request
Jun 29, 2020
* mock * vcontext * recursion * finish function * tests pass * fix * versioned int context, various fixes * lint * minor * remove if * update API * more API fixes... * more fixes * lint * update test pb * Refresh the context and delete mirror on close * fix * tests * remove ignore type * remove type ignores, fix log * fix regex * cr fixes #1 * cr fixes #2 * cr fixes #2 * python 2... * python 2... * python 2... * fix * fix * py3 tests * fix doc * CR fixes #3 * hint * fix rtype * fix python2 tests * ignore randint * lint * lint * delete workaround * Updated * lint
antazoey
pushed a commit
that referenced
this pull request
Jun 29, 2020
* mock * vcontext * recursion * finish function * tests pass * fix * versioned int context, various fixes * lint * minor * remove if * update API * more API fixes... * more fixes * lint * update test pb * Refresh the context and delete mirror on close * fix * tests * remove ignore type * remove type ignores, fix log * fix regex * cr fixes #1 * cr fixes #2 * cr fixes #2 * python 2... * python 2... * python 2... * fix * fix * py3 tests * fix doc * CR fixes #3 * hint * fix rtype * fix python2 tests * ignore randint * lint * lint * delete workaround * Updated * lint Co-authored-by: Alex Fiedler <[email protected]>
timabrmsn
pushed a commit
that referenced
this pull request
May 20, 2022
) * Added new files: - MSDE playbooks for isolation and unisolations - new images of all playbooks - README files Modified: - Common playbooks for isolation and unisolation * . * Update RN * Changes on the PB for dealing with incorrect Device IDs * Changes on the PB - adding support for Hostname and IP * Updated RN * Fixed Issue with Task #3 in the Unisolate (filters were incorrect). * Additional fix - added else on task 26 * Applied PR comments * Applied PR comments * Applied PR comments * Updated RN for MSDE pack * Fixed issues with validation * Changed "devices" --> "device" * Added !endpoint instead the enrichment that was done through the native MSDE commands * Fixed conflicts + Updated RN * Fix Format issues * Fix RN issues * Fix dependencies * Fix dependencies * Updated RN * Updated RN * Merge from master + Resolve conflicts + Resolve comments * Updated RN * Update playbook-Isolate_Endpoint_-_Generic_V2.yml Doc review complete for this file, updated descriptions. * Update playbook-Isolate_Endpoint_-_Generic_V2_README.md doc review complete for this file. Updated descriptions to align with the yaml file. * Update playbook-Isolate_Endpoint_-_Generic_V2.yml minor additional update * Update playbook-Unisolate_Endpoint_-_Generic.yml Doc review complete for this file, updated descriptions. * Update playbook-Unisolate_Endpoint_-_Generic_README.md Doc review complete for this file, aligned the descriptions with the yaml file. * Update 2_2_0.md Doc review complete for this file, minor formatting updates. * Update playbook-Microsoft_Defender_For_Endpoint_-_Isolate_Endpoint.yml Doc review complete for the playbook-Microsoft_Defender_For_Endpoint_-_Isolate_Endpoint.yml file. @ssokolovich please confirm the following: - Lines 314, 368, 591, 645, 695 - the description for **Set Active Device** , **Set Non-valid Devices**, **Set Incorrect ID**, **Set Incorrect IP**, **Set Incorrect Hostname** is "Set a value in context under the key you entered. If no value is entered, the script doesn't do anything. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/playbooks/automations.html" This description is generic - should there be descriptions specific to these tasks? - Line 500 - the description for **Check if there is any provided incorrect info** is "Check if there are any incorrect device IDs." - is this correct (incorrect info = incorrect device ID)? - Line 903 - the description for **Was any data provided?** is "'Validate/Enrich inputs through !endpoint'" - this looks like a boolean task. Is it that if it returns yes, then the playbook returns the data? * Update playbook-Microsoft_Defender_For_Endpoint_-_Unisolate_Endpoint.yml Doc review complete for the playbook-Microsoft_Defender_For_Endpoint_-_Unisolate_Endpoint.yml file. @ssokolovich - please confirm the following: - Lines 278, 333, 501, 551, 605 - the description for **Set Unisolate list**, **Set Inactive Device list**, **Set Incorrect IP**, **Set Incorrect Hostname**, **Set Incorrect ID** is generic, should it be more specific? - Line 399 - the simple description for **Print those that can't be unisolated as are not active** is "The following devices can't be isolated...." - shouldn't it be "The following devices can't be unisolated..."? - Line 659 - the description for **Check if there is any provided incorrect info** is "Check if there are any incorrect device IDs." - is incorrect info = incorrect device ID? - Line 904 - the description for **Was any data provided?** is "'Validate/Enrich inputs through !endpoint'" - is this description correct? * Update 1_6_2.md doc review complete for this file. Minor formatting update * Update 1_6_3.md doc review complete for this file, minor formatting update * Update 1_6_2.md additional minor update * Update 1_7_0.md doc review complete for this file, aligned descriptions with the yaml files. * Update RN * Update Yml description * Update Yml description Co-authored-by: julieschwartz18 <[email protected]>
jdullum
pushed a commit
that referenced
this pull request
Oct 12, 2023
* Updated Docs * Added RNs * updated known words * updated known words * Bump pack from version ThreatConnect to 3.0.8. * Bump pack from version CrowdStrikeFalconX to 1.2.33. --------- Co-authored-by: Content Bot <[email protected]>
jdullum
pushed a commit
that referenced
this pull request
Oct 12, 2023
* [pre-commit MyPy] Align the entire repo with MyPy #3 * Fix the typing * Add RNs * Fix mypy errors * Add hint type * Fix Flake8 errorsmypy errors * Fix mypy error * Fix mypy error * Fix review comments * Fix more types * Fix more types
jdullum
pushed a commit
that referenced
this pull request
Oct 12, 2023
* [pre-commit ruff] Align the entire repo with ruff #3 * Add RN * Update the RN * Update the docker image
ceciliastevens
pushed a commit
that referenced
this pull request
Dec 4, 2024
* Updated docker image to demisto/py3ews:5.4.3.112092. PR batch #1/1 (demisto#36622) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/crypto:1.0.0.111961. PR batch #1/4 (demisto#36623) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/crypto:1.0.0.111961. PR batch #2/4 (demisto#36624) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/crypto:1.0.0.111961. PR batch #3/4 (demisto#36625) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/crypto:1.0.0.111961. PR batch #4/4 (demisto#36626) Co-authored-by: root <root@1e2de18e0cc3> --------- Co-authored-by: content-bot <[email protected]> Co-authored-by: root <root@1e2de18e0cc3>
ceciliastevens
pushed a commit
that referenced
this pull request
Dec 4, 2024
* Updated docker image to demisto/python3:3.11.10.113941. PR batch #4/7 (demisto#36995) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.113941. PR batch #3/7 (demisto#36994) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.113941. PR batch #7/7 (demisto#36998) Co-authored-by: root <root@1e2de18e0cc3> * demisto/python3:3.11.10.113941 | 0-100 | PR batch #2/7 (demisto#36993) * Updated docker image to demisto/python3:3.11.10.113941. PR batch #2/7 * Update IPNetwork.yml --------- Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: inbalapt1 <[email protected]> * Updated docker image to demisto/python3:3.11.10.113941. PR batch #1/7 (demisto#36992) Co-authored-by: root <root@1e2de18e0cc3> * demisto/python3:3.11.10.113941 | 0-100 | PR batch #6/7 (demisto#36997) * Updated docker image to demisto/python3:3.11.10.113941. PR batch #6/7 * fix UTC * remove paloaltonetworks_iot --------- Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: [email protected] <[email protected]> * update release notes * Bump pack from version MicrosoftExchangeOnline to 1.5.13. --------- Co-authored-by: content-bot <[email protected]> Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: Content Bot <[email protected]>
ceciliastevens
pushed a commit
that referenced
this pull request
Dec 4, 2024
* Updated docker image to demisto/python3:3.11.10.115186. PR batch #2/5 (demisto#37137) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.115186. PR batch #1/5 (demisto#37136) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.115186. PR batch #5/5 (demisto#37140) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.115186. PR batch #3/5 (demisto#37138) Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: inbalapt1 <[email protected]> * demisto/python3:3.11.10.115186 | 70-100 | PR batch #4/5 (demisto#37139) * Updated docker image to demisto/python3:3.11.10.115186. PR batch #4/5 * Update CortexXDRIR.yml * Update XQLQueryingEngine.yml * Update PaloAltoNetworksAIOps.yml --------- Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: inbalapt1 <[email protected]> * update release-notes * Bump pack from version CommonScripts to 1.15.88. * Bump pack from version SplunkPy to 3.1.44. * Bump pack from version Phishing to 3.6.27. * Bump pack from version CortexXDR to 6.1.89. --------- Co-authored-by: content-bot <[email protected]> Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: Content Bot <[email protected]>
ceciliastevens
pushed a commit
that referenced
this pull request
Dec 4, 2024
* Updated docker image to demisto/python3:3.11.10.116949. PR batch #1/5 (demisto#37402) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.116949. PR batch #2/5 (demisto#37403) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.116949. PR batch #4/5 (demisto#37405) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.116949. PR batch #5/5 (demisto#37406) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.116949. PR batch #3/5 (demisto#37404) Co-authored-by: root <root@1e2de18e0cc3> * update to 3.11.10.115186 * remove issues * utc * remove * remove * update release notes * update * Bump pack from version Okta to 3.3.8. * remove mailsendernew * remove core * update release notes * Bump pack from version Palo_Alto_Networks_Enterprise_DLP to 2.0.13. * Bump pack from version Okta to 3.3.9. * Bump pack from version AzureSentinel to 1.5.54. * Bump pack from version PaloAltoNetworks_Threat_Vault to 2.0.15. --------- Co-authored-by: content-bot <[email protected]> Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: Content Bot <[email protected]>
ceciliastevens
pushed a commit
that referenced
this pull request
Dec 4, 2024
* Updated docker image to demisto/python3:3.11.10.115186. PR batch #1/4 (demisto#37524) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.115186. PR batch #2/4 (demisto#37525) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.115186. PR batch #3/4 (demisto#37526) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.115186. PR batch #4/4 (demisto#37527) Co-authored-by: root <root@1e2de18e0cc3> * remove utc files * remove utc * ipnetwork * remove unittests issues * update release notes * update release notes --------- Co-authored-by: Koby Meir <[email protected]> Co-authored-by: root <root@1e2de18e0cc3>
ceciliastevens
pushed a commit
that referenced
this pull request
Feb 11, 2025
…used" (demisto#38371) * Revert "LDAP Authentication - Fail login attempts when wildcards are used (#3…" This reverts commit d569dd5. * Bumped the version and added rn * Update Packs/OpenLDAP/ReleaseNotes/2_0_17.md Co-authored-by: yuvalbenshalom <[email protected]> --------- Co-authored-by: yuvalbenshalom <[email protected]>
ceciliastevens
pushed a commit
that referenced
this pull request
Apr 15, 2025
* batch_1 (demisto#39162) * Adopt 'platform' MP to content packs #2 (demisto#39163) * batch_2 * revert incorrect changes * revert incorrect changes * remove identity_threat --------- Co-authored-by: darbel <[email protected]> * Adopt 'platform' MP to content packs #3 (demisto#39164) * batch_3 * remove identity_threat --------- Co-authored-by: darbel <[email protected]> * batch_4 (demisto#39165) * Adopt 'platform' MP to content packs #6 (demisto#39167) * batch_6 * revert incorrect changes * batch_7 (demisto#39168) * Adopt 'platform' MP to content packs #8 (demisto#39169) * batch_8 * revert incorrect changes * Update Packs/CommonScripts/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * Adopt 'platform' MP to content packs #9 (demisto#39170) * batch_9 * revert quick actions * revert incorrect changes * revert incorrect changes * batch_5 (demisto#39232) * batch_10 (demisto#39171) * batch_11 (demisto#39172) * Adopt 'platform' MP to content packs #12 (demisto#39173) * batch_12 * revert incorrect changes * batch_13 (demisto#39174) * Adopt 'platform' MP to content packs #14 (demisto#39175) * batch_14 * revert incorrect changes * Adopt 'platform' MP to content packs #15 (demisto#39176) * batch_15 * Update Packs/FiltersAndTransformers/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * batch_16 (demisto#39177) * batch_17 (demisto#39178) * Adopt 'platform' MP to content packs #18 (demisto#39179) * batch_18 * revert incorrect changes * Adopt 'platform' MP to content packs #19 (demisto#39180) * batch_19 * Update Packs/Jira/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * batch_20 (demisto#39181) * Adopt 'platform' MP to content packs #21 (demisto#39182) * batch_21 * revert incorrect changes * remove identity_threat --------- Co-authored-by: darbel <[email protected]> * Adopt 'platform' MP to content packs #22 (demisto#39183) * batch_22 * revert incorrect changes * Update Packs/Office365AndAzureAuditLog/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * batch_24 (demisto#39185) * Adopt 'platform' MP to content packs #25 (demisto#39186) * batch_25 * Update Packs/PingIdentity/pack_metadata.json * Update Packs/PrismaAccess/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * Adopt 'platform' MP to content packs #26 (demisto#39187) * batch_26 * revert incorrect changes * Adopt 'platform' MP to content packs #27 (demisto#39188) * batch_27 * revert incorrect changes * Adopt 'platform' MP to content packs #28 (demisto#39189) * batch_28 * revert incorrect changes * remove identity_threat --------- Co-authored-by: darbel <[email protected]> * Adopt 'platform' MP to content packs #29 (demisto#39190) * batch_29 * revert incorrect changes * Update Packs/Slack/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * batch_30 (demisto#39191) * batch_31 (demisto#39192) * Adopt 'platform' MP to content packs #32 (demisto#39193) * batch_32 * Update Packs/Workday/pack_metadata.json --------- Co-authored-by: Dean Arbel <[email protected]> * batch_33 (demisto#39194) * Adopt 'platform' MP to content packs #23 (demisto#39184) * batch_23 * revert incorrect changes * remove identity_threat --------- Co-authored-by: darbel <[email protected]> * fix json * limit common scripts * fix Core layouts * fix Core layouts --------- Co-authored-by: Israel Lappe <[email protected]> Co-authored-by: darbel <[email protected]>
ceciliastevens
pushed a commit
that referenced
this pull request
Apr 15, 2025
* Added first draft for Quick action: Create Issue in Jira
* Added first draft for Quick action: Create ServiceNow Ticket
* Fixing Items in JIRA quick action
* Adding Corrects Fields in Open Service Now Ticket
* Quick Action Slack Integration
* Quick Action MSFT Teams Integration
* re-format the ${issue} syntax after clarifications
* Adding Platform to pack_metadata.json
* Updating pack_metadata.json for all Packs, according to platform-content-support
* update supportsquickactions to higher scope
adding hidden to relevant quiack-action cmds
* Update slack to slackV3
* Remove deprecated arguments from JIRA cmd
* Update default Value in Jira
* Update Docker images versions
* Update Release notes for quick actions Packs
* Adding supports quick action for slack V3
* Change order of pre-defined options
* Change defaultValue to predefined
* Change pretty name for short_description in ServiceNowv2.yml
* Remove prettyname for non required params
* Update JiraV3.yml according to design changes
* Update MicrosoftTeams.yml according to design changes
* Update SlackV3.yml according to design changes
* Update ServiceNowv2.yml according to design changes
* Change from issue to alert keyword
* Fixes After demo: Remove user option from teams and slack. Remove defaultValue from Servicenow TicketType
* After Server fix - change from alert to issue keyword
* Update Packs/Slack/ReleaseNotes/3_5_11.md
Co-authored-by: ShirleyDenkberg <[email protected]>
* Update Packs/Slack/ReleaseNotes/3_5_11.md
Co-authored-by: ShirleyDenkberg <[email protected]>
* Update Packs/ServiceNow/ReleaseNotes/2_7_8.md
Co-authored-by: ShirleyDenkberg <[email protected]>
* Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml
Co-authored-by: ShirleyDenkberg <[email protected]>
* Update Packs/Jira/Integrations/JiraV3/JiraV3.yml
Co-authored-by: ShirleyDenkberg <[email protected]>
* Update Packs/Jira/Integrations/JiraV3/JiraV3.yml
Co-authored-by: ShirleyDenkberg <[email protected]>
* Update Packs/Jira/ReleaseNotes/3_2_16.md
Co-authored-by: ShirleyDenkberg <[email protected]>
* Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md
Co-authored-by: ShirleyDenkberg <[email protected]>
* Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md
Co-authored-by: ShirleyDenkberg <[email protected]>
* Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml
Co-authored-by: ShirleyDenkberg <[email protected]>
* Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md
Co-authored-by: ShirleyDenkberg <[email protected]>
* Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md
Co-authored-by: ShirleyDenkberg <[email protected]>
* Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml
Co-authored-by: ShirleyDenkberg <[email protected]>
* Apply suggestions from code review
Co-authored-by: ShirleyDenkberg <[email protected]>
* Update release note file name
* Update description after pre commit notes
* Create 3_5_12.md
* Update Descriptions and params after product meeting
* Revert "Create 3_5_12.md"
This reverts commit 348e186.
* Because of ST failed - update description in commands
* batch_1 (demisto#39162)
* Adopt 'platform' MP to content packs #2 (demisto#39163)
* batch_2
* revert incorrect changes
* revert incorrect changes
* remove identity_threat
---------
Co-authored-by: darbel <[email protected]>
* Adopt 'platform' MP to content packs #3 (demisto#39164)
* batch_3
* remove identity_threat
---------
Co-authored-by: darbel <[email protected]>
* batch_4 (demisto#39165)
* Adopt 'platform' MP to content packs #6 (demisto#39167)
* batch_6
* revert incorrect changes
* batch_7 (demisto#39168)
* Adopt 'platform' MP to content packs #8 (demisto#39169)
* batch_8
* revert incorrect changes
* Update Packs/CommonScripts/pack_metadata.json
---------
Co-authored-by: Dean Arbel <[email protected]>
* Adopt 'platform' MP to content packs #9 (demisto#39170)
* batch_9
* revert quick actions
* revert incorrect changes
* revert incorrect changes
* batch_5 (demisto#39232)
* batch_10 (demisto#39171)
* batch_11 (demisto#39172)
* Adopt 'platform' MP to content packs #12 (demisto#39173)
* batch_12
* revert incorrect changes
* batch_13 (demisto#39174)
* Adopt 'platform' MP to content packs #14 (demisto#39175)
* batch_14
* revert incorrect changes
* Adopt 'platform' MP to content packs #15 (demisto#39176)
* batch_15
* Update Packs/FiltersAndTransformers/pack_metadata.json
---------
Co-authored-by: Dean Arbel <[email protected]>
* batch_16 (demisto#39177)
* batch_17 (demisto#39178)
* Adopt 'platform' MP to content packs #18 (demisto#39179)
* batch_18
* revert incorrect changes
* Adopt 'platform' MP to content packs #19 (demisto#39180)
* batch_19
* Update Packs/Jira/pack_metadata.json
---------
Co-authored-by: Dean Arbel <[email protected]>
* batch_20 (demisto#39181)
* Adopt 'platform' MP to content packs #21 (demisto#39182)
* batch_21
* revert incorrect changes
* remove identity_threat
---------
Co-authored-by: darbel <[email protected]>
* Adopt 'platform' MP to content packs #22 (demisto#39183)
* batch_22
* revert incorrect changes
* Update Packs/Office365AndAzureAuditLog/pack_metadata.json
---------
Co-authored-by: Dean Arbel <[email protected]>
* batch_24 (demisto#39185)
* Adopt 'platform' MP to content packs #25 (demisto#39186)
* batch_25
* Update Packs/PingIdentity/pack_metadata.json
* Update Packs/PrismaAccess/pack_metadata.json
---------
Co-authored-by: Dean Arbel <[email protected]>
* Adopt 'platform' MP to content packs #26 (demisto#39187)
* batch_26
* revert incorrect changes
* Adopt 'platform' MP to content packs #27 (demisto#39188)
* batch_27
* revert incorrect changes
* Adopt 'platform' MP to content packs #28 (demisto#39189)
* batch_28
* revert incorrect changes
* remove identity_threat
---------
Co-authored-by: darbel <[email protected]>
* Adopt 'platform' MP to content packs #29 (demisto#39190)
* batch_29
* revert incorrect changes
* Update Packs/Slack/pack_metadata.json
---------
Co-authored-by: Dean Arbel <[email protected]>
* batch_30 (demisto#39191)
* batch_31 (demisto#39192)
* Adopt 'platform' MP to content packs #32 (demisto#39193)
* batch_32
* Update Packs/Workday/pack_metadata.json
---------
Co-authored-by: Dean Arbel <[email protected]>
* batch_33 (demisto#39194)
* Adopt 'platform' MP to content packs #23 (demisto#39184)
* batch_23
* revert incorrect changes
* remove identity_threat
---------
Co-authored-by: darbel <[email protected]>
* fix json
* limit common scripts
* Revert "Merge branch 'test-platform-mp' into nivbs/CIAC-13013_Quick_Actions"
This reverts commit 78e897c, reversing
changes made to d2885a5.
* Update release notes before pre commit
* Update release notes before pre commit
* Update current version in pack_metadata.json
* Applying changes to adjust pre-commit tests
* Making sure that send slack message and send teams message dont run as one action
* Updating SlackV3_test.py to support new version
* Revert docker changes in slack and teams because of build not supporting new versions
* Revert slack test changes becuase docker versions were not updated
* Remove Unnecessary description in Teams
---------
Co-authored-by: ShirleyDenkberg <[email protected]>
Co-authored-by: Israel Lappe <[email protected]>
Co-authored-by: darbel <[email protected]>
Co-authored-by: barryyosi-panw <[email protected]>
Co-authored-by: barryyosi-panw <[email protected]>
ceciliastevens
pushed a commit
that referenced
this pull request
Apr 15, 2025
…emisto#39230) (demisto#39322) * "contribution update to pack 'Microsoft Sentinel'" * Revert unwanted changes * Update Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml * Update Packs/AzureSentinel/Integrations/AzureSentinel/README.md * Update Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml * Revert unwanted changes part 2 * Aligned tests to the input type change * update release notes * fix unittest * Update Packs/AzureSentinel/ReleaseNotes/1_5_60.md * fix * Added a note to the readme regarding the debugger panel (demisto#39243) * CRTX-133204-Trellix_ePO-fix (demisto#39248) * changed metadata file * added release notes * added release notes --------- * fix: get mapping fields function does not except any arguments (demisto#38786) (demisto#39261) * fix: get mapping fields function does not except any arguments * feat: add Bryan van der Net to CONTRIBUTORS.json * fix: update SentinelOne V2 integration to resolve mapping fields error and enhance configuration sections * fix: update Docker image version for SentinelOne V2 integration * docs: update Docker image version in release notes for SentinelOne V2 integration * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/ReleaseNotes/3_2_37.md * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * style: pr still showing changes on the release notes * Bump version and generate release notes * revert: revert config changes * chore: bump version and update release notes * style: undo random formatting changes --------- * Modeling rules modification - CRTX-151278 (demisto#39103) * Modified modeling rule after the modification of the integration * Fixed schema file * Added release note and modified modeling rule * Pack's version update * Update Packs/qualys/ReleaseNotes/3_2_4.md * Modified modeling rule * Bump pack from version qualys to 3.2.5. * Added xdm.event.type to assets events * Added tag * Fixed schema file * Fixed schema file --------- * Update Pan-OS playbook for supporting version 11 (demisto#39249) * added itamar (demisto#39265) * Added the validate-validation-config-file hook to content (demisto#39260) * Added the validate-validation-config-file hook to content * fixes * fix validations * Automation research releases (demisto#39270) * new playbook - First Azure AD PowerShell operation for a user (demisto#39159) * new playbook * RN * description fixed * added ignore * Bump pack from version CortexResponseAndRemediation to 1.1.25. * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * task description * position fix * fix for old link to documentation * continue on error * fix * skip if * fix * fix * added issilent: true --------- * Automation Research Release - 1 (demisto#39269) * fix: get mapping fields function does not except any arguments (demisto#38786) (demisto#39261) * fix: get mapping fields function does not except any arguments * feat: add Bryan van der Net to CONTRIBUTORS.json * fix: update SentinelOne V2 integration to resolve mapping fields error and enhance configuration sections * fix: update Docker image version for SentinelOne V2 integration * docs: update Docker image version in release notes for SentinelOne V2 integration * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/ReleaseNotes/3_2_37.md * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * style: pr still showing changes on the release notes * Bump version and generate release notes * revert: revert config changes * chore: bump version and update release notes * style: undo random formatting changes --------- * Modeling rules modification - CRTX-151278 (demisto#39103) * Modified modeling rule after the modification of the integration * Fixed schema file * Added release note and modified modeling rule * Pack's version update * Update Packs/qualys/ReleaseNotes/3_2_4.md * Modified modeling rule * Bump pack from version qualys to 3.2.5. * Added xdm.event.type to assets events * Added tag * Fixed schema file * Fixed schema file --------- * Update Pan-OS playbook for supporting version 11 (demisto#39249) * added itamar (demisto#39265) --------- --------- * add codeowner (demisto#39272) * [GenericPolling] Update docs (demisto#39250) * RN * Update Packs/CommonPlaybooks/ReleaseNotes/2_6_55.md * Update Packs/CommonPlaybooks/ReleaseNotes/2_6_55.md --------- * edit readme file (demisto#39196) * edit readme file * documentation after tech writing fixes * fix to soft break (line break) * improve images resolution * change permission list to bullet style * [Code owners] Update ContentManagement with talzich (demisto#39284) * Platform content support merge gateway (demisto#39268) * batch_1 (demisto#39162) * Adopt 'platform' MP to content packs #2 (demisto#39163) * batch_2 * revert incorrect changes * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #3 (demisto#39164) * batch_3 * remove identity_threat --------- * batch_4 (demisto#39165) * Adopt 'platform' MP to content packs #6 (demisto#39167) * batch_6 * revert incorrect changes * batch_7 (demisto#39168) * Adopt 'platform' MP to content packs #8 (demisto#39169) * batch_8 * revert incorrect changes * Update Packs/CommonScripts/pack_metadata.json --------- * Adopt 'platform' MP to content packs #9 (demisto#39170) * batch_9 * revert quick actions * revert incorrect changes * revert incorrect changes * batch_5 (demisto#39232) * batch_10 (demisto#39171) * batch_11 (demisto#39172) * Adopt 'platform' MP to content packs #12 (demisto#39173) * batch_12 * revert incorrect changes * batch_13 (demisto#39174) * Adopt 'platform' MP to content packs #14 (demisto#39175) * batch_14 * revert incorrect changes * Adopt 'platform' MP to content packs #15 (demisto#39176) * batch_15 * Update Packs/FiltersAndTransformers/pack_metadata.json --------- * batch_16 (demisto#39177) * batch_17 (demisto#39178) * Adopt 'platform' MP to content packs #18 (demisto#39179) * batch_18 * revert incorrect changes * Adopt 'platform' MP to content packs #19 (demisto#39180) * batch_19 * Update Packs/Jira/pack_metadata.json --------- * batch_20 (demisto#39181) * Adopt 'platform' MP to content packs #21 (demisto#39182) * batch_21 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #22 (demisto#39183) * batch_22 * revert incorrect changes * Update Packs/Office365AndAzureAuditLog/pack_metadata.json --------- * batch_24 (demisto#39185) * Adopt 'platform' MP to content packs #25 (demisto#39186) * batch_25 * Update Packs/PingIdentity/pack_metadata.json * Update Packs/PrismaAccess/pack_metadata.json --------- * Adopt 'platform' MP to content packs #26 (demisto#39187) * batch_26 * revert incorrect changes * Adopt 'platform' MP to content packs #27 (demisto#39188) * batch_27 * revert incorrect changes * Adopt 'platform' MP to content packs #28 (demisto#39189) * batch_28 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #29 (demisto#39190) * batch_29 * revert incorrect changes * Update Packs/Slack/pack_metadata.json --------- * batch_30 (demisto#39191) * batch_31 (demisto#39192) * Adopt 'platform' MP to content packs #32 (demisto#39193) * batch_32 * Update Packs/Workday/pack_metadata.json --------- * batch_33 (demisto#39194) * Adopt 'platform' MP to content packs #23 (demisto#39184) * batch_23 * revert incorrect changes * remove identity_threat --------- * fix json * limit common scripts * fix Core layouts * fix Core layouts --------- * IBM HA - add "haIntegrationEventID" to multiple integrations (demisto#38846) * add haIntegrationEventID key to qradar incidents * added rn * fixes * in progress * reverts & preperation * tests fixes * added haIntegrationEventID to more itnegrations * added rns * fixes * fixes * added sections to uptycs * work in progress, save before testing * working windows integration * done all 9 integrations * added rns * fix proof point * fix unit test * validations fixes * validations fixes * reverts * update uptycs contacts * update rns * update rns * revert ms atp * reverts * reverts * updated docker * fixed empty offset issue * added rn * reverts * Add ICDM Integration (demisto#38982) (demisto#39283) * Add ICDM Integration * Fix Formatting and Pipeline errors * Update Sections * Minor changes and refactors to address Review comments * Fix Unit test for network indicator * do not use deprecated method utcnow() * Fix context path and format readable output of Protection Commands * Update Readme * Fix version info in Readme * Box Quick Update (demisto#39267) * Updated README and pack_metadata * Updated README * Update Packs/Box/README.md * Update Packs/Box/README.md * Update Packs/Box/README.md * Update Packs/Box/README.md --------- * [Trellix_ePO] Remove MP xsoar (demisto#39296) * hide pack (demisto#39290) (demisto#39294) * CortexCoreIR: added `quick actions` commands (demisto#38663) * added prettynames placeholder * added quickaction * update prettypredefined * capital prettyPredefined * update prettypredefined * JUST FOR TEST SDK FIX * correct prettypredefined * test script * uuse sdk from branch * added supportedModules * adding the wrapper commands * remove "platform" properties from script * revert poetry changes * remove quick action from the orig command * correct the name of quick actions * fix wrong * update CoreIR integration with IA related & py code * PM changes * restore pack_metadata * replace placeholders * run ruff format after merge master * added RN * fix alert * update the RN --------- * drop CortexVulnerabilityManagement from platform (demisto#39299) * Nivbs/ciac 13013 quick actions (demisto#38979) * Added first draft for Quick action: Create Issue in Jira * Added first draft for Quick action: Create ServiceNow Ticket * Fixing Items in JIRA quick action * Adding Corrects Fields in Open Service Now Ticket * Quick Action Slack Integration * Quick Action MSFT Teams Integration * re-format the ${issue} syntax after clarifications * Adding Platform to pack_metadata.json * Updating pack_metadata.json for all Packs, according to platform-content-support * update supportsquickactions to higher scope adding hidden to relevant quiack-action cmds * Update slack to slackV3 * Remove deprecated arguments from JIRA cmd * Update default Value in Jira * Update Docker images versions * Update Release notes for quick actions Packs * Adding supports quick action for slack V3 * Change order of pre-defined options * Change defaultValue to predefined * Change pretty name for short_description in ServiceNowv2.yml * Remove prettyname for non required params * Update JiraV3.yml according to design changes * Update MicrosoftTeams.yml according to design changes * Update SlackV3.yml according to design changes * Update ServiceNowv2.yml according to design changes * Change from issue to alert keyword * Fixes After demo: Remove user option from teams and slack. Remove defaultValue from Servicenow TicketType * After Server fix - change from alert to issue keyword * Update Packs/Slack/ReleaseNotes/3_5_11.md * Update Packs/Slack/ReleaseNotes/3_5_11.md * Update Packs/ServiceNow/ReleaseNotes/2_7_8.md * Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml * Update Packs/Jira/Integrations/JiraV3/JiraV3.yml * Update Packs/Jira/Integrations/JiraV3/JiraV3.yml * Update Packs/Jira/ReleaseNotes/3_2_16.md * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml * Apply suggestions from code review * Update release note file name * Update description after pre commit notes * Create 3_5_12.md * Update Descriptions and params after product meeting * Revert "Create 3_5_12.md" This reverts commit 348e186. * Because of ST failed - update description in commands * batch_1 (demisto#39162) * Adopt 'platform' MP to content packs #2 (demisto#39163) * batch_2 * revert incorrect changes * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #3 (demisto#39164) * batch_3 * remove identity_threat --------- * batch_4 (demisto#39165) * Adopt 'platform' MP to content packs #6 (demisto#39167) * batch_6 * revert incorrect changes * batch_7 (demisto#39168) * Adopt 'platform' MP to content packs #8 (demisto#39169) * batch_8 * revert incorrect changes * Update Packs/CommonScripts/pack_metadata.json --------- * Adopt 'platform' MP to content packs #9 (demisto#39170) * batch_9 * revert quick actions * revert incorrect changes * revert incorrect changes * batch_5 (demisto#39232) * batch_10 (demisto#39171) * batch_11 (demisto#39172) * Adopt 'platform' MP to content packs #12 (demisto#39173) * batch_12 * revert incorrect changes * batch_13 (demisto#39174) * Adopt 'platform' MP to content packs #14 (demisto#39175) * batch_14 * revert incorrect changes * Adopt 'platform' MP to content packs #15 (demisto#39176) * batch_15 * Update Packs/FiltersAndTransformers/pack_metadata.json --------- * batch_16 (demisto#39177) * batch_17 (demisto#39178) * Adopt 'platform' MP to content packs #18 (demisto#39179) * batch_18 * revert incorrect changes * Adopt 'platform' MP to content packs #19 (demisto#39180) * batch_19 * Update Packs/Jira/pack_metadata.json --------- * batch_20 (demisto#39181) * Adopt 'platform' MP to content packs #21 (demisto#39182) * batch_21 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #22 (demisto#39183) * batch_22 * revert incorrect changes * Update Packs/Office365AndAzureAuditLog/pack_metadata.json --------- * batch_24 (demisto#39185) * Adopt 'platform' MP to content packs #25 (demisto#39186) * batch_25 * Update Packs/PingIdentity/pack_metadata.json * Update Packs/PrismaAccess/pack_metadata.json --------- * Adopt 'platform' MP to content packs #26 (demisto#39187) * batch_26 * revert incorrect changes * Adopt 'platform' MP to content packs #27 (demisto#39188) * batch_27 * revert incorrect changes * Adopt 'platform' MP to content packs #28 (demisto#39189) * batch_28 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #29 (demisto#39190) * batch_29 * revert incorrect changes * Update Packs/Slack/pack_metadata.json --------- * batch_30 (demisto#39191) * batch_31 (demisto#39192) * Adopt 'platform' MP to content packs #32 (demisto#39193) * batch_32 * Update Packs/Workday/pack_metadata.json --------- * batch_33 (demisto#39194) * Adopt 'platform' MP to content packs #23 (demisto#39184) * batch_23 * revert incorrect changes * remove identity_threat --------- * fix json * limit common scripts * Revert "Merge branch 'test-platform-mp' into nivbs/CIAC-13013_Quick_Actions" This reverts commit 78e897c, reversing changes made to d2885a5. * Update release notes before pre commit * Update release notes before pre commit * Update current version in pack_metadata.json * Applying changes to adjust pre-commit tests * Making sure that send slack message and send teams message dont run as one action * Updating SlackV3_test.py to support new version * Revert docker changes in slack and teams because of build not supporting new versions * Revert slack test changes becuase docker versions were not updated * Remove Unnecessary description in Teams --------- * Fix validate content tpb (demisto#39297) * Increase timeout * fix tpb yml * FormatURL does not correctly extract URLs from URLs of type ProofPoint URLDefense v3 (demisto#39086) * first commit * add rn * add tests- urls are from api * Bump pack from version CommonScripts to 1.19.34. * improve code * Bump pack from version ApiModules to 2.2.43. * add rn * fix docker * fix code * fix pre-commit * fix pre-commit * fix pre-commit * fix pre-commit * fix test * Bump pack from version CommonScripts to 1.19.35. * fix test * fix test playbook * fix warnings * fix warnings * fix warnings * fix warnings --------- * Modified readme file - Proofpoint TAP (demisto#39289) * Modified readme file * Update Packs/ProofpointTAP/README.md --------- * Improve handling of command execution timeout using timed thread in QualysV2 (demisto#39074) * Updated Silverfort Pack README (demisto#38764) (demisto#39304) * Updated Silverfort README * Updated based on ilaredo's feedback * Trigger build workflow * Fix for list of techniques in InvestigationDetailedSummaryToTable (demisto#39291) * fix for customer issue * FeedDomainTools Release v1.0.1 (demisto#39280) (demisto#39305) * Add release notes * Removed release notes * Add domain discovery feed. * Added domainrdap feeds * Add test cases for domainrdap feeds * Revert hardcoded indicator type * Remove unnecessary comment * Update README * Update release notes * Fix upload flow core packs validation (demisto#39306) * update the RN * empty * Intense sso failures fix (demisto#39301) * Change 90 days to 1 day * Change 90 days to 1 day * RN --------- Co-authored-by: xsoar-bot <[email protected]> Co-authored-by: ROCCO <[email protected]> Co-authored-by: ispRM <[email protected]> Co-authored-by: inbalapt1 <[email protected]> Co-authored-by: [email protected] <[email protected]> Co-authored-by: Shachar Kidor <[email protected]> Co-authored-by: sdaniel6 <[email protected]> Co-authored-by: Shahaf Ben Yakir <[email protected]> Co-authored-by: bryanster <[email protected]> Co-authored-by: Jelle Hol <[email protected]> Co-authored-by: yasta5 <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: Content Bot <[email protected]> Co-authored-by: Niv Ben Salmon <[email protected]> Co-authored-by: EyalPintzov <[email protected]> Co-authored-by: Yuval Hayun <[email protected]> Co-authored-by: Daniel Rezvani <[email protected]> Co-authored-by: Karina Fishman <[email protected]> Co-authored-by: Adi Peretz <[email protected]> Co-authored-by: Jacob Levy <[email protected]> Co-authored-by: Arad Carmi <[email protected]> Co-authored-by: lironcohen272 <[email protected]> Co-authored-by: Menachem Weinfeld <[email protected]> Co-authored-by: barryyosi-panw <[email protected]> Co-authored-by: Israel Lappe <[email protected]> Co-authored-by: darbel <[email protected]> Co-authored-by: rundssoar <[email protected]> Co-authored-by: eepstain <[email protected]> Co-authored-by: johnnywilkes <[email protected]> Co-authored-by: Danny_Fried <[email protected]> Co-authored-by: barryyosi-panw <[email protected]> Co-authored-by: Tal Zichlinsky <[email protected]> Co-authored-by: Tal Carmeli <[email protected]> Co-authored-by: Kamal Qarain <[email protected]> Co-authored-by: Frank Gasparovic <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: Bri <[email protected]> Co-authored-by: Tomer Haimof <[email protected]> Co-authored-by: RotemAmit <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.