Prisma Cloud v2 (#24171)

* initial commit

* fetch

* pre demo updates & beautify

* UTs

* demo updates (mapper, outputs, display name, parameters, test module)

* add v1 commands

* update playbooks

* add README

* doc review updates

* CR changes

* add TPB

* update RN

Author: BEAdi

Packs/CommonTypes/.pack-ignore

@@ -347,6 +347,8 @@ swid
 cpe
 TLDs
 mailto
+Misconfiguration
+CloudTrail
 
 [file:classifier-Mail-listener.json]
 ignore=BA101

Packs/CommonTypes/IncidentFields/incidentfield-Last_Update_Time.json

@@ -21,7 +21,13 @@
         "AWS Guard Duty Kubernetes Finding",
         "AWS Guard Duty Malware Protection Finding",
         "AWS Guard Duty S3 Finding",
-        "Microsoft Sentinel Incident"
+        "Microsoft Sentinel Incident",
+        "Prisma Cloud",
+        "GCP Compute Engine Misconfiguration",
+        "GCP Kubernetes Engine Misconfiguration",
+        "AWS CloudTrail Misconfiguration",
+        "AWS IAM Policy Misconfiguration",
+        "AWS EC2 Instance Misconfiguration"
     ],
     "breachScript": "",
     "caseInsensitive": true,

Packs/CommonTypes/ReleaseNotes/3_3_53.md

@@ -0,0 +1,4 @@
+
+#### Incident Fields
+Added the following incident field to be associated with the *Prisma Cloud*, *GCP Compute Engine Misconfiguration*, *GCP Kubernetes Engine Misconfiguration*, *AWS CloudTrail Misconfiguration*, *AWS IAM Policy Misconfiguration* and *AWS EC2 Instance Misconfiguration* incident types.
+- **Last Update Time**

Packs/CommonTypes/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Common Types",
     "description": "This Content Pack will get you up and running in no-time and provide you with the most commonly used incident & indicator fields and types.",
     "support": "xsoar",
-    "currentVersion": "3.3.52",
+    "currentVersion": "3.3.53",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/PrismaCloud/.pack-ignore

@@ -43,6 +43,10 @@ ignore=IM111
 [known_words]
 SSH
 Misconfiguration
+RRN
+FQDN
+VPC
+CloudTrail
 
 [file:classifier-Prisma_Cloud.json]
 ignore=BA101

Packs/PrismaCloud/.secrets-ignore

@@ -6,4 +6,6 @@ [email protected]
 172.21.21.111
 10.0.1.3
 10.0.0.3
-10.0.2.5
+10.0.2.5
+https://app
+https://api

Packs/PrismaCloud/Classifiers/classifier-mapper-incoming-Prisma_Cloud.json

@@ -65,6 +65,17 @@
 						]
 					}
 				},
+				"Last Update Time": {
+					"complex": {
+						"filters": [],
+						"root": "lastUpdated",
+						"transformers": [
+							{
+								"operator": "TimeStampToDate"
+							}
+						]
+					}
+				},
 				"Policy Deleted": {
 					"complex": {
 						"accessor": "deleted",
@@ -160,6 +171,9 @@
 						"transformers": []
 					}
 				},
+				"RRN": {
+					"simple": "resource.rrn"
+				},
 				"Region": {
 					"complex": {
 						"accessor": "region",
@@ -412,6 +426,17 @@
 						]
 					}
 				},
+				"Last Update Time": {
+					"complex": {
+						"filters": [],
+						"root": "lastUpdated",
+						"transformers": [
+							{
+								"operator": "TimeStampToDate"
+							}
+						]
+					}
+				},
 				"Policy Deleted": {
 					"complex": {
 						"accessor": "deleted",
@@ -507,6 +532,9 @@
 						"transformers": []
 					}
 				},
+				"RRN": {
+					"simple": "resource.rrn"
+				},
 				"Region": {
 					"complex": {
 						"accessor": "region",
@@ -759,6 +787,17 @@
 						]
 					}
 				},
+				"Last Update Time": {
+					"complex": {
+						"filters": [],
+						"root": "lastUpdated",
+						"transformers": [
+							{
+								"operator": "TimeStampToDate"
+							}
+						]
+					}
+				},
 				"Policy Deleted": {
 					"complex": {
 						"accessor": "deleted",
@@ -854,6 +893,9 @@
 						"transformers": []
 					}
 				},
+				"RRN": {
+					"simple": "resource.rrn"
+				},
 				"Region": {
 					"complex": {
 						"accessor": "region",
@@ -1106,6 +1148,17 @@
 						]
 					}
 				},
+				"Last Update Time": {
+					"complex": {
+						"filters": [],
+						"root": "lastUpdated",
+						"transformers": [
+							{
+								"operator": "TimeStampToDate"
+							}
+						]
+					}
+				},
 				"Policy Deleted": {
 					"complex": {
 						"accessor": "deleted",
@@ -1201,6 +1254,9 @@
 						"transformers": []
 					}
 				},
+				"RRN": {
+					"simple": "resource.rrn"
+				},
 				"Region": {
 					"complex": {
 						"accessor": "region",
@@ -1453,6 +1509,17 @@
 						]
 					}
 				},
+				"Last Update Time": {
+					"complex": {
+						"filters": [],
+						"root": "lastUpdated",
+						"transformers": [
+							{
+								"operator": "TimeStampToDate"
+							}
+						]
+					}
+				},
 				"Policy Deleted": {
 					"complex": {
 						"accessor": "deleted",
@@ -1548,6 +1615,9 @@
 						"transformers": []
 					}
 				},
+				"RRN": {
+					"simple": "resource.rrn"
+				},
 				"Region": {
 					"complex": {
 						"accessor": "region",
@@ -1795,6 +1865,17 @@
 						]
 					}
 				},
+				"Last Update Time": {
+					"complex": {
+						"filters": [],
+						"root": "lastUpdated",
+						"transformers": [
+							{
+								"operator": "TimeStampToDate"
+							}
+						]
+					}
+				},
 				"Policy Deleted": {
 					"complex": {
 						"accessor": "deleted",
@@ -1890,6 +1971,9 @@
 						"transformers": []
 					}
 				},
+				"RRN": {
+					"simple": "resource.rrn"
+				},
 				"Region": {
 					"complex": {
 						"accessor": "region",