Skip to content

Wildfire verdicts c2 fix #24493

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 62 commits into from
Feb 9, 2023
Merged

Wildfire verdicts c2 fix #24493

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
62 commits
Select commit Hold shift + click to select a range
f9bd8d0
Added a widget script
gbouzar Jan 26, 2023
5915e4e
Added release notes
gbouzar Jan 26, 2023
2c4d559
Added release notes
gbouzar Jan 26, 2023
940e54c
added widget script
gbouzar Jan 26, 2023
9936530
fixed linting errors
gbouzar Jan 26, 2023
1b5b69e
Revert "fixed linting errors"
gbouzar Jan 27, 2023
8643982
fixed file and yml validation errors
gbouzar Jan 27, 2023
678a520
fixed mypy error
gbouzar Jan 27, 2023
fa9e44f
Removed 'Demisto' from readme content
gbouzar Jan 27, 2023
3e97422
re-linted, unified and zipped... not sure what last run validaiton er…
gbouzar Jan 27, 2023
c10be27
updated docker image to 3.10.9.45313
gbouzar Jan 27, 2023
c9d381a
updated docker image to 3.10.9.45313
gbouzar Jan 27, 2023
eacda98
changed some yml file parameters
gbouzar Jan 30, 2023
b5ebc89
Merge branch 'contrib/gbouzar_EDL-Metric' into EDL-Metric
gbouzar Jan 30, 2023
a3ecf78
re-ran unify command
gbouzar Jan 30, 2023
6cd3bd4
Merge branch 'EDL-Metric' of https://github.com/gbouzar/xsoar into ED…
gbouzar Jan 30, 2023
bbb2615
updated docker image
gbouzar Jan 30, 2023
d1c957b
updated docker image
gbouzar Jan 30, 2023
d9a0b2c
Merge branch 'contrib/gbouzar_EDL-Metric' into EDL-Metric
gbouzar Jan 30, 2023
614f80e
changed readme to match script
gbouzar Jan 30, 2023
5b6019f
Merge branch 'EDL-Metric' of https://github.com/gbouzar/xsoar into ED…
gbouzar Jan 30, 2023
f348d0b
updated docker image
gbouzar Jan 30, 2023
f210db5
updated README.md
gbouzar Jan 30, 2023
19a4b96
updated README and yml
gbouzar Jan 30, 2023
13f1ccb
removed redundant directory
gbouzar Jan 30, 2023
e63dccd
recreated project structure
gbouzar Jan 30, 2023
8b894bc
Merge branch 'contrib/gbouzar_EDL-Metric' into EDL-Metric
gbouzar Jan 30, 2023
df9d6f8
fresh attempt
gbouzar Jan 31, 2023
60d1ea9
Merge branch 'contrib/gbouzar_EDL-Metric' into EDL-Metric
gbouzar Jan 31, 2023
cff5b87
Merge branch 'contrib/gbouzar_EDL-Metric' into EDL-Metric
gbouzar Jan 31, 2023
fec34a6
modified .pack-ignore
gbouzar Jan 31, 2023
e39cf3c
Merge branch 'contrib/gbouzar_EDL-Metric' into EDL-Metric
gbouzar Jan 31, 2023
07b78d3
modified .pack-ignore
gbouzar Jan 31, 2023
0674303
Merge branch 'EDL-Metric' of https://github.com/gbouzar/xsoar into ED…
gbouzar Jan 31, 2023
b72912a
added newline
gbouzar Jan 31, 2023
a608dce
removed files
gbouzar Jan 31, 2023
42df455
updated release notes
gbouzar Jan 31, 2023
3e1a066
updated script yml
gbouzar Jan 31, 2023
8c5ac78
-
gbouzar Feb 1, 2023
021de79
Merge branch 'contrib/gbouzar_EDL-Metric' into EDL-Metric
gbouzar Feb 1, 2023
10e1da9
modified yml
gbouzar Feb 1, 2023
4f71dde
-
gbouzar Feb 1, 2023
00ab6b2
added 5:c2 to VERDICTS_DICT and 5:3 to VERDICTS_TO_DBOTSCORE
gbouzar Feb 8, 2023
be67d54
added 5:c2 to VERDICTS_DICT and 5:3 to VERDICTS_TO_DBOTSCORE
gbouzar Feb 8, 2023
2f0ed02
updated release notes
gbouzar Feb 8, 2023
49613d4
Update .devcontainer.json name
gbouzar Feb 8, 2023
1e82854
added 5:c2 to VERDICTS_DICT and 5:3 to VERDICTS_TO_DBOTSCORE
gbouzar Feb 8, 2023
474032f
Merge 'master' xsoar to wildfire_verdicts_c2_fix
gbouzar Feb 8, 2023
76b268a
fixed release notes to use template
gbouzar Feb 8, 2023
e583eef
resync
gbouzar Feb 8, 2023
21ced02
removed exterperanious directory
gbouzar Feb 8, 2023
5e3edb5
update release notes
gbouzar Feb 8, 2023
33293a0
updated release notes again
gbouzar Feb 8, 2023
b568e89
Update Packs/Palo_Alto_Networks_WildFire/ReleaseNotes/2_1_15.md
gbouzar Feb 9, 2023
1979bdf
Removed known words section of .pack-ignore file
gbouzar Feb 9, 2023
951624c
Merge branch 'wildfire_verdicts_c2_fix' of https://github.com/gbouzar…
gbouzar Feb 9, 2023
e3c7033
fixed some issues called out in PR
gbouzar Feb 9, 2023
5b3a7bf
Merge branch 'contrib/gbouzar_wildfire_verdicts_c2_fix-1' into wildfi…
gbouzar Feb 9, 2023
a6e4672
added newlines to end of files
gbouzar Feb 9, 2023
f8ee38d
Merge branch 'wildfire_verdicts_c2_fix' of https://github.com/gbouzar…
gbouzar Feb 9, 2023
47a07c1
revert old release notes change
yaakovpraisler Feb 9, 2023
63f6d32
unit test
yaakovpraisler Feb 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions ...ks_WildFire/Integrations/Palo_Alto_Networks_WildFire_v2/Palo_Alto_Networks_WildFire_v2.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@
'1': 'malware',
'2': 'grayware',
'4': 'phishing',
'5': 'c2',
'-100': 'pending, the sample exists, but there is currently no verdict',
'-101': 'error',
'-102': 'unknown, cannot find sample record in the database',
Expand All @@ -111,6 +112,7 @@
'1': 3,
'2': 2,
'4': 3,
'5': 3,
'-100': 0,
'-101': 0,
'-102': 0,
Expand Down
15 changes: 9 additions & 6 deletions ...ldFire/Integrations/Palo_Alto_Networks_WildFire_v2/Palo_Alto_Networks_WildFire_v2_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,15 @@ def test_prettify_report_entry():
assert expected_report_dict == prettify_report_entry_res


def test_prettify_verdict():
expected_verdict_dict = dict({
'MD5': "md5_hash", 'SHA256': "sha256_hash", 'Verdict': "1", 'VerdictDescription': 'malware'})
prettify_verdict_res = prettify_verdict(
{'md5': "md5_hash", 'sha256': "sha256_hash", 'verdict': "1"})
assert expected_verdict_dict == prettify_verdict_res
@pytest.mark.parametrize('verdict_dict, expected_verdict', [
({'md5': "md5_hash", 'sha256': "sha256_hash", 'verdict': "1"},
{'MD5': "md5_hash", 'SHA256': "sha256_hash", 'Verdict': "1", 'VerdictDescription': 'malware'}),
({'md5': "md5_hash", 'sha256': "sha256_hash", 'verdict': "5"},
{'MD5': "md5_hash", 'SHA256': "sha256_hash", 'Verdict': "5", 'VerdictDescription': 'c2'})
])
def test_prettify_verdict(verdict_dict, expected_verdict):
prettify_verdict_res = prettify_verdict(verdict_dict)
assert expected_verdict == prettify_verdict_res


def test_prettify_url_verdict():
Expand Down
5 changes: 5 additions & 0 deletions Packs/Palo_Alto_Networks_WildFire/ReleaseNotes/2_1_15.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@

#### Integrations
##### Palo Alto Networks WildFire v2
- Fixed an issue where the ***wildfire-get-verdict*** command has returned the integer 5 as a result of the c2 verdict.

2 changes: 1 addition & 1 deletion Packs/Palo_Alto_Networks_WildFire/pack_metadata.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "WildFire by Palo Alto Networks",
"description": "Perform malware dynamic analysis",
"support": "xsoar",
"currentVersion": "2.1.14",
"currentVersion": "2.1.15",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down