[Marketplace Contribution] Microsoft Sentinel - Content Pack Update #39230
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
content-bot
added
Contribution
content-bot
changed the base branch from
master
to
contrib/xsoar-contrib_ispRM-contrib-AzureSentinel
|
Thank you for your contribution. Your generosity and caring are unrivaled! Rest assured - our content wizard @inbalapt1 will very shortly look over your proposed changes. |
|
Thanks for contributing to the XSOAR marketplace. To receive credit for your generous contribution, please ask the reviewer to update your information in the pack contributors file. See more information here link |
content-bot
added
the
Contribution Form Filled
Thank you for your message. I appreciate the opportunity to contribute to the XSOAR marketplace. If my contribution is accepted, please update my information in the pack contributors file with my name 'Rocco Mercante'. |
inbalapt1
reviewed
Mar 23, 2025
Packs/ApiModules/Scripts/MicrosoftApiModule/MicrosoftApiModule.py
Outdated
Show resolved
Hide resolved
Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml
Outdated
Show resolved
Hide resolved
Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml
Outdated
Show resolved
Hide resolved
Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml
Outdated
Show resolved
Hide resolved
|
|
Co-authored-by: inbalapt1 <[email protected]>
Co-authored-by: inbalapt1 <[email protected]>
Co-authored-by: inbalapt1 <[email protected]>
… ispRM-contrib-AzureSentinel
ispRM
approved these changes
Mar 23, 2025
ispRM
approved these changes
Mar 23, 2025
|
Hi @ispRM , |
Ok I'll send you a demo video asap. Thank you! |
Hi @inbalapt1, Let me now if you see the google drive link of the demo video sent to [email protected] |
inbalapt1
reviewed
Mar 25, 2025
Hi @ispRM , |
inbalapt1
removed request for
DeanArbel,
Ni-Knight,
talzich,
idovandijk,
sapirshuker,
altmannyarden,
samuelFain,
YuvHayun,
ilappe,
MLainer1,
michal-dagan,
jlevypaloalto,
jbabazadeh and
tcarmeli1
inbalapt1
added
the
ready-for-instance-test
|
For the Reviewer: Trigger build request has been accepted for this contribution PR. |
|
For the Reviewer: Successfully created a pipeline in GitLab with url: https://gitlab.xdr.pan.local/xdr/cortex-content/content/-/pipelines/2986117 |
content-bot
removed
the
ready-for-instance-test
… ispRM-contrib-AzureSentinel
inbalapt1
approved these changes
Mar 27, 2025
|
Requires a force merge as it is incorrectly requesting signatures from irrelevant users on the CLA. |
DeanArbel
merged commit 7b30d89
into
demisto:contrib/xsoar-contrib_ispRM-contrib-AzureSentinel
16 of 17 checks passed
4 tasks
|
Thank you for your contribution. Your external PR has been merged and the changes are now included in an internal PR for further review. The internal PR will be merged to the master branch within 3 business days. |
inbalapt1
added a commit
that referenced
this pull request
Mar 30, 2025
…39230) (#39322) * "contribution update to pack 'Microsoft Sentinel'" * Revert unwanted changes * Update Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml * Update Packs/AzureSentinel/Integrations/AzureSentinel/README.md * Update Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml * Revert unwanted changes part 2 * Aligned tests to the input type change * update release notes * fix unittest * Update Packs/AzureSentinel/ReleaseNotes/1_5_60.md * fix * Added a note to the readme regarding the debugger panel (#39243) * CRTX-133204-Trellix_ePO-fix (#39248) * changed metadata file * added release notes * added release notes --------- * fix: get mapping fields function does not except any arguments (#38786) (#39261) * fix: get mapping fields function does not except any arguments * feat: add Bryan van der Net to CONTRIBUTORS.json * fix: update SentinelOne V2 integration to resolve mapping fields error and enhance configuration sections * fix: update Docker image version for SentinelOne V2 integration * docs: update Docker image version in release notes for SentinelOne V2 integration * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/ReleaseNotes/3_2_37.md * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * style: pr still showing changes on the release notes * Bump version and generate release notes * revert: revert config changes * chore: bump version and update release notes * style: undo random formatting changes --------- * Modeling rules modification - CRTX-151278 (#39103) * Modified modeling rule after the modification of the integration * Fixed schema file * Added release note and modified modeling rule * Pack's version update * Update Packs/qualys/ReleaseNotes/3_2_4.md * Modified modeling rule * Bump pack from version qualys to 3.2.5. * Added xdm.event.type to assets events * Added tag * Fixed schema file * Fixed schema file --------- * Update Pan-OS playbook for supporting version 11 (#39249) * added itamar (#39265) * Added the validate-validation-config-file hook to content (#39260) * Added the validate-validation-config-file hook to content * fixes * fix validations * Automation research releases (#39270) * new playbook - First Azure AD PowerShell operation for a user (#39159) * new playbook * RN * description fixed * added ignore * Bump pack from version CortexResponseAndRemediation to 1.1.25. * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * task description * position fix * fix for old link to documentation * continue on error * fix * skip if * fix * fix * added issilent: true --------- * Automation Research Release - 1 (#39269) * fix: get mapping fields function does not except any arguments (#38786) (#39261) * fix: get mapping fields function does not except any arguments * feat: add Bryan van der Net to CONTRIBUTORS.json * fix: update SentinelOne V2 integration to resolve mapping fields error and enhance configuration sections * fix: update Docker image version for SentinelOne V2 integration * docs: update Docker image version in release notes for SentinelOne V2 integration * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/ReleaseNotes/3_2_37.md * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * style: pr still showing changes on the release notes * Bump version and generate release notes * revert: revert config changes * chore: bump version and update release notes * style: undo random formatting changes --------- * Modeling rules modification - CRTX-151278 (#39103) * Modified modeling rule after the modification of the integration * Fixed schema file * Added release note and modified modeling rule * Pack's version update * Update Packs/qualys/ReleaseNotes/3_2_4.md * Modified modeling rule * Bump pack from version qualys to 3.2.5. * Added xdm.event.type to assets events * Added tag * Fixed schema file * Fixed schema file --------- * Update Pan-OS playbook for supporting version 11 (#39249) * added itamar (#39265) --------- --------- * add codeowner (#39272) * [GenericPolling] Update docs (#39250) * RN * Update Packs/CommonPlaybooks/ReleaseNotes/2_6_55.md * Update Packs/CommonPlaybooks/ReleaseNotes/2_6_55.md --------- * edit readme file (#39196) * edit readme file * documentation after tech writing fixes * fix to soft break (line break) * improve images resolution * change permission list to bullet style * [Code owners] Update ContentManagement with talzich (#39284) * Platform content support merge gateway (#39268) * batch_1 (#39162) * Adopt 'platform' MP to content packs #2 (#39163) * batch_2 * revert incorrect changes * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #3 (#39164) * batch_3 * remove identity_threat --------- * batch_4 (#39165) * Adopt 'platform' MP to content packs #6 (#39167) * batch_6 * revert incorrect changes * batch_7 (#39168) * Adopt 'platform' MP to content packs #8 (#39169) * batch_8 * revert incorrect changes * Update Packs/CommonScripts/pack_metadata.json --------- * Adopt 'platform' MP to content packs #9 (#39170) * batch_9 * revert quick actions * revert incorrect changes * revert incorrect changes * batch_5 (#39232) * batch_10 (#39171) * batch_11 (#39172) * Adopt 'platform' MP to content packs #12 (#39173) * batch_12 * revert incorrect changes * batch_13 (#39174) * Adopt 'platform' MP to content packs #14 (#39175) * batch_14 * revert incorrect changes * Adopt 'platform' MP to content packs #15 (#39176) * batch_15 * Update Packs/FiltersAndTransformers/pack_metadata.json --------- * batch_16 (#39177) * batch_17 (#39178) * Adopt 'platform' MP to content packs #18 (#39179) * batch_18 * revert incorrect changes * Adopt 'platform' MP to content packs #19 (#39180) * batch_19 * Update Packs/Jira/pack_metadata.json --------- * batch_20 (#39181) * Adopt 'platform' MP to content packs #21 (#39182) * batch_21 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #22 (#39183) * batch_22 * revert incorrect changes * Update Packs/Office365AndAzureAuditLog/pack_metadata.json --------- * batch_24 (#39185) * Adopt 'platform' MP to content packs #25 (#39186) * batch_25 * Update Packs/PingIdentity/pack_metadata.json * Update Packs/PrismaAccess/pack_metadata.json --------- * Adopt 'platform' MP to content packs #26 (#39187) * batch_26 * revert incorrect changes * Adopt 'platform' MP to content packs #27 (#39188) * batch_27 * revert incorrect changes * Adopt 'platform' MP to content packs #28 (#39189) * batch_28 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #29 (#39190) * batch_29 * revert incorrect changes * Update Packs/Slack/pack_metadata.json --------- * batch_30 (#39191) * batch_31 (#39192) * Adopt 'platform' MP to content packs #32 (#39193) * batch_32 * Update Packs/Workday/pack_metadata.json --------- * batch_33 (#39194) * Adopt 'platform' MP to content packs #23 (#39184) * batch_23 * revert incorrect changes * remove identity_threat --------- * fix json * limit common scripts * fix Core layouts * fix Core layouts --------- * IBM HA - add "haIntegrationEventID" to multiple integrations (#38846) * add haIntegrationEventID key to qradar incidents * added rn * fixes * in progress * reverts & preperation * tests fixes * added haIntegrationEventID to more itnegrations * added rns * fixes * fixes * added sections to uptycs * work in progress, save before testing * working windows integration * done all 9 integrations * added rns * fix proof point * fix unit test * validations fixes * validations fixes * reverts * update uptycs contacts * update rns * update rns * revert ms atp * reverts * reverts * updated docker * fixed empty offset issue * added rn * reverts * Add ICDM Integration (#38982) (#39283) * Add ICDM Integration * Fix Formatting and Pipeline errors * Update Sections * Minor changes and refactors to address Review comments * Fix Unit test for network indicator * do not use deprecated method utcnow() * Fix context path and format readable output of Protection Commands * Update Readme * Fix version info in Readme * Box Quick Update (#39267) * Updated README and pack_metadata * Updated README * Update Packs/Box/README.md * Update Packs/Box/README.md * Update Packs/Box/README.md * Update Packs/Box/README.md --------- * [Trellix_ePO] Remove MP xsoar (#39296) * hide pack (#39290) (#39294) * CortexCoreIR: added `quick actions` commands (#38663) * added prettynames placeholder * added quickaction * update prettypredefined * capital prettyPredefined * update prettypredefined * JUST FOR TEST SDK FIX * correct prettypredefined * test script * uuse sdk from branch * added supportedModules * adding the wrapper commands * remove "platform" properties from script * revert poetry changes * remove quick action from the orig command * correct the name of quick actions * fix wrong * update CoreIR integration with IA related & py code * PM changes * restore pack_metadata * replace placeholders * run ruff format after merge master * added RN * fix alert * update the RN --------- * drop CortexVulnerabilityManagement from platform (#39299) * Nivbs/ciac 13013 quick actions (#38979) * Added first draft for Quick action: Create Issue in Jira * Added first draft for Quick action: Create ServiceNow Ticket * Fixing Items in JIRA quick action * Adding Corrects Fields in Open Service Now Ticket * Quick Action Slack Integration * Quick Action MSFT Teams Integration * re-format the ${issue} syntax after clarifications * Adding Platform to pack_metadata.json * Updating pack_metadata.json for all Packs, according to platform-content-support * update supportsquickactions to higher scope adding hidden to relevant quiack-action cmds * Update slack to slackV3 * Remove deprecated arguments from JIRA cmd * Update default Value in Jira * Update Docker images versions * Update Release notes for quick actions Packs * Adding supports quick action for slack V3 * Change order of pre-defined options * Change defaultValue to predefined * Change pretty name for short_description in ServiceNowv2.yml * Remove prettyname for non required params * Update JiraV3.yml according to design changes * Update MicrosoftTeams.yml according to design changes * Update SlackV3.yml according to design changes * Update ServiceNowv2.yml according to design changes * Change from issue to alert keyword * Fixes After demo: Remove user option from teams and slack. Remove defaultValue from Servicenow TicketType * After Server fix - change from alert to issue keyword * Update Packs/Slack/ReleaseNotes/3_5_11.md * Update Packs/Slack/ReleaseNotes/3_5_11.md * Update Packs/ServiceNow/ReleaseNotes/2_7_8.md * Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml * Update Packs/Jira/Integrations/JiraV3/JiraV3.yml * Update Packs/Jira/Integrations/JiraV3/JiraV3.yml * Update Packs/Jira/ReleaseNotes/3_2_16.md * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml * Apply suggestions from code review * Update release note file name * Update description after pre commit notes * Create 3_5_12.md * Update Descriptions and params after product meeting * Revert "Create 3_5_12.md" This reverts commit 348e186. * Because of ST failed - update description in commands * batch_1 (#39162) * Adopt 'platform' MP to content packs #2 (#39163) * batch_2 * revert incorrect changes * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #3 (#39164) * batch_3 * remove identity_threat --------- * batch_4 (#39165) * Adopt 'platform' MP to content packs #6 (#39167) * batch_6 * revert incorrect changes * batch_7 (#39168) * Adopt 'platform' MP to content packs #8 (#39169) * batch_8 * revert incorrect changes * Update Packs/CommonScripts/pack_metadata.json --------- * Adopt 'platform' MP to content packs #9 (#39170) * batch_9 * revert quick actions * revert incorrect changes * revert incorrect changes * batch_5 (#39232) * batch_10 (#39171) * batch_11 (#39172) * Adopt 'platform' MP to content packs #12 (#39173) * batch_12 * revert incorrect changes * batch_13 (#39174) * Adopt 'platform' MP to content packs #14 (#39175) * batch_14 * revert incorrect changes * Adopt 'platform' MP to content packs #15 (#39176) * batch_15 * Update Packs/FiltersAndTransformers/pack_metadata.json --------- * batch_16 (#39177) * batch_17 (#39178) * Adopt 'platform' MP to content packs #18 (#39179) * batch_18 * revert incorrect changes * Adopt 'platform' MP to content packs #19 (#39180) * batch_19 * Update Packs/Jira/pack_metadata.json --------- * batch_20 (#39181) * Adopt 'platform' MP to content packs #21 (#39182) * batch_21 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #22 (#39183) * batch_22 * revert incorrect changes * Update Packs/Office365AndAzureAuditLog/pack_metadata.json --------- * batch_24 (#39185) * Adopt 'platform' MP to content packs #25 (#39186) * batch_25 * Update Packs/PingIdentity/pack_metadata.json * Update Packs/PrismaAccess/pack_metadata.json --------- * Adopt 'platform' MP to content packs #26 (#39187) * batch_26 * revert incorrect changes * Adopt 'platform' MP to content packs #27 (#39188) * batch_27 * revert incorrect changes * Adopt 'platform' MP to content packs #28 (#39189) * batch_28 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #29 (#39190) * batch_29 * revert incorrect changes * Update Packs/Slack/pack_metadata.json --------- * batch_30 (#39191) * batch_31 (#39192) * Adopt 'platform' MP to content packs #32 (#39193) * batch_32 * Update Packs/Workday/pack_metadata.json --------- * batch_33 (#39194) * Adopt 'platform' MP to content packs #23 (#39184) * batch_23 * revert incorrect changes * remove identity_threat --------- * fix json * limit common scripts * Revert "Merge branch 'test-platform-mp' into nivbs/CIAC-13013_Quick_Actions" This reverts commit 78e897c, reversing changes made to d2885a5. * Update release notes before pre commit * Update release notes before pre commit * Update current version in pack_metadata.json * Applying changes to adjust pre-commit tests * Making sure that send slack message and send teams message dont run as one action * Updating SlackV3_test.py to support new version * Revert docker changes in slack and teams because of build not supporting new versions * Revert slack test changes becuase docker versions were not updated * Remove Unnecessary description in Teams --------- * Fix validate content tpb (#39297) * Increase timeout * fix tpb yml * FormatURL does not correctly extract URLs from URLs of type ProofPoint URLDefense v3 (#39086) * first commit * add rn * add tests- urls are from api * Bump pack from version CommonScripts to 1.19.34. * improve code * Bump pack from version ApiModules to 2.2.43. * add rn * fix docker * fix code * fix pre-commit * fix pre-commit * fix pre-commit * fix pre-commit * fix test * Bump pack from version CommonScripts to 1.19.35. * fix test * fix test playbook * fix warnings * fix warnings * fix warnings * fix warnings --------- * Modified readme file - Proofpoint TAP (#39289) * Modified readme file * Update Packs/ProofpointTAP/README.md --------- * Improve handling of command execution timeout using timed thread in QualysV2 (#39074) * Updated Silverfort Pack README (#38764) (#39304) * Updated Silverfort README * Updated based on ilaredo's feedback * Trigger build workflow * Fix for list of techniques in InvestigationDetailedSummaryToTable (#39291) * fix for customer issue * FeedDomainTools Release v1.0.1 (#39280) (#39305) * Add release notes * Removed release notes * Add domain discovery feed. * Added domainrdap feeds * Add test cases for domainrdap feeds * Revert hardcoded indicator type * Remove unnecessary comment * Update README * Update release notes * Fix upload flow core packs validation (#39306) * update the RN * empty * Intense sso failures fix (#39301) * Change 90 days to 1 day * Change 90 days to 1 day * RN --------- Co-authored-by: xsoar-bot <[email protected]> Co-authored-by: ROCCO <[email protected]> Co-authored-by: ispRM <[email protected]> Co-authored-by: inbalapt1 <[email protected]> Co-authored-by: [email protected] <[email protected]> Co-authored-by: Shachar Kidor <[email protected]> Co-authored-by: sdaniel6 <[email protected]> Co-authored-by: Shahaf Ben Yakir <[email protected]> Co-authored-by: bryanster <[email protected]> Co-authored-by: Jelle Hol <[email protected]> Co-authored-by: yasta5 <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: Content Bot <[email protected]> Co-authored-by: Niv Ben Salmon <[email protected]> Co-authored-by: EyalPintzov <[email protected]> Co-authored-by: Yuval Hayun <[email protected]> Co-authored-by: Daniel Rezvani <[email protected]> Co-authored-by: Karina Fishman <[email protected]> Co-authored-by: Adi Peretz <[email protected]> Co-authored-by: Jacob Levy <[email protected]> Co-authored-by: Arad Carmi <[email protected]> Co-authored-by: lironcohen272 <[email protected]> Co-authored-by: Menachem Weinfeld <[email protected]> Co-authored-by: barryyosi-panw <[email protected]> Co-authored-by: Israel Lappe <[email protected]> Co-authored-by: darbel <[email protected]> Co-authored-by: rundssoar <[email protected]> Co-authored-by: eepstain <[email protected]> Co-authored-by: johnnywilkes <[email protected]> Co-authored-by: Danny_Fried <[email protected]> Co-authored-by: barryyosi-panw <[email protected]> Co-authored-by: Tal Zichlinsky <[email protected]> Co-authored-by: Tal Carmeli <[email protected]> Co-authored-by: Kamal Qarain <[email protected]> Co-authored-by: Frank Gasparovic <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: Bri <[email protected]> Co-authored-by: Tomer Haimof <[email protected]> Co-authored-by: RotemAmit <[email protected]>
akshotiamit-pa
pushed a commit
that referenced
this pull request
Mar 31, 2025
…39230) (#39322) * "contribution update to pack 'Microsoft Sentinel'" * Revert unwanted changes * Update Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml * Update Packs/AzureSentinel/Integrations/AzureSentinel/README.md * Update Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml * Revert unwanted changes part 2 * Aligned tests to the input type change * update release notes * fix unittest * Update Packs/AzureSentinel/ReleaseNotes/1_5_60.md * fix * Added a note to the readme regarding the debugger panel (#39243) * CRTX-133204-Trellix_ePO-fix (#39248) * changed metadata file * added release notes * added release notes --------- * fix: get mapping fields function does not except any arguments (#38786) (#39261) * fix: get mapping fields function does not except any arguments * feat: add Bryan van der Net to CONTRIBUTORS.json * fix: update SentinelOne V2 integration to resolve mapping fields error and enhance configuration sections * fix: update Docker image version for SentinelOne V2 integration * docs: update Docker image version in release notes for SentinelOne V2 integration * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/ReleaseNotes/3_2_37.md * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * style: pr still showing changes on the release notes * Bump version and generate release notes * revert: revert config changes * chore: bump version and update release notes * style: undo random formatting changes --------- * Modeling rules modification - CRTX-151278 (#39103) * Modified modeling rule after the modification of the integration * Fixed schema file * Added release note and modified modeling rule * Pack's version update * Update Packs/qualys/ReleaseNotes/3_2_4.md * Modified modeling rule * Bump pack from version qualys to 3.2.5. * Added xdm.event.type to assets events * Added tag * Fixed schema file * Fixed schema file --------- * Update Pan-OS playbook for supporting version 11 (#39249) * added itamar (#39265) * Added the validate-validation-config-file hook to content (#39260) * Added the validate-validation-config-file hook to content * fixes * fix validations * Automation research releases (#39270) * new playbook - First Azure AD PowerShell operation for a user (#39159) * new playbook * RN * description fixed * added ignore * Bump pack from version CortexResponseAndRemediation to 1.1.25. * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * task description * position fix * fix for old link to documentation * continue on error * fix * skip if * fix * fix * added issilent: true --------- * Automation Research Release - 1 (#39269) * fix: get mapping fields function does not except any arguments (#38786) (#39261) * fix: get mapping fields function does not except any arguments * feat: add Bryan van der Net to CONTRIBUTORS.json * fix: update SentinelOne V2 integration to resolve mapping fields error and enhance configuration sections * fix: update Docker image version for SentinelOne V2 integration * docs: update Docker image version in release notes for SentinelOne V2 integration * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/ReleaseNotes/3_2_37.md * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * style: pr still showing changes on the release notes * Bump version and generate release notes * revert: revert config changes * chore: bump version and update release notes * style: undo random formatting changes --------- * Modeling rules modification - CRTX-151278 (#39103) * Modified modeling rule after the modification of the integration * Fixed schema file * Added release note and modified modeling rule * Pack's version update * Update Packs/qualys/ReleaseNotes/3_2_4.md * Modified modeling rule * Bump pack from version qualys to 3.2.5. * Added xdm.event.type to assets events * Added tag * Fixed schema file * Fixed schema file --------- * Update Pan-OS playbook for supporting version 11 (#39249) * added itamar (#39265) --------- --------- * add codeowner (#39272) * [GenericPolling] Update docs (#39250) * RN * Update Packs/CommonPlaybooks/ReleaseNotes/2_6_55.md * Update Packs/CommonPlaybooks/ReleaseNotes/2_6_55.md --------- * edit readme file (#39196) * edit readme file * documentation after tech writing fixes * fix to soft break (line break) * improve images resolution * change permission list to bullet style * [Code owners] Update ContentManagement with talzich (#39284) * Platform content support merge gateway (#39268) * batch_1 (#39162) * Adopt 'platform' MP to content packs #2 (#39163) * batch_2 * revert incorrect changes * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #3 (#39164) * batch_3 * remove identity_threat --------- * batch_4 (#39165) * Adopt 'platform' MP to content packs #6 (#39167) * batch_6 * revert incorrect changes * batch_7 (#39168) * Adopt 'platform' MP to content packs #8 (#39169) * batch_8 * revert incorrect changes * Update Packs/CommonScripts/pack_metadata.json --------- * Adopt 'platform' MP to content packs #9 (#39170) * batch_9 * revert quick actions * revert incorrect changes * revert incorrect changes * batch_5 (#39232) * batch_10 (#39171) * batch_11 (#39172) * Adopt 'platform' MP to content packs #12 (#39173) * batch_12 * revert incorrect changes * batch_13 (#39174) * Adopt 'platform' MP to content packs #14 (#39175) * batch_14 * revert incorrect changes * Adopt 'platform' MP to content packs #15 (#39176) * batch_15 * Update Packs/FiltersAndTransformers/pack_metadata.json --------- * batch_16 (#39177) * batch_17 (#39178) * Adopt 'platform' MP to content packs #18 (#39179) * batch_18 * revert incorrect changes * Adopt 'platform' MP to content packs #19 (#39180) * batch_19 * Update Packs/Jira/pack_metadata.json --------- * batch_20 (#39181) * Adopt 'platform' MP to content packs #21 (#39182) * batch_21 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #22 (#39183) * batch_22 * revert incorrect changes * Update Packs/Office365AndAzureAuditLog/pack_metadata.json --------- * batch_24 (#39185) * Adopt 'platform' MP to content packs #25 (#39186) * batch_25 * Update Packs/PingIdentity/pack_metadata.json * Update Packs/PrismaAccess/pack_metadata.json --------- * Adopt 'platform' MP to content packs #26 (#39187) * batch_26 * revert incorrect changes * Adopt 'platform' MP to content packs #27 (#39188) * batch_27 * revert incorrect changes * Adopt 'platform' MP to content packs #28 (#39189) * batch_28 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #29 (#39190) * batch_29 * revert incorrect changes * Update Packs/Slack/pack_metadata.json --------- * batch_30 (#39191) * batch_31 (#39192) * Adopt 'platform' MP to content packs #32 (#39193) * batch_32 * Update Packs/Workday/pack_metadata.json --------- * batch_33 (#39194) * Adopt 'platform' MP to content packs #23 (#39184) * batch_23 * revert incorrect changes * remove identity_threat --------- * fix json * limit common scripts * fix Core layouts * fix Core layouts --------- * IBM HA - add "haIntegrationEventID" to multiple integrations (#38846) * add haIntegrationEventID key to qradar incidents * added rn * fixes * in progress * reverts & preperation * tests fixes * added haIntegrationEventID to more itnegrations * added rns * fixes * fixes * added sections to uptycs * work in progress, save before testing * working windows integration * done all 9 integrations * added rns * fix proof point * fix unit test * validations fixes * validations fixes * reverts * update uptycs contacts * update rns * update rns * revert ms atp * reverts * reverts * updated docker * fixed empty offset issue * added rn * reverts * Add ICDM Integration (#38982) (#39283) * Add ICDM Integration * Fix Formatting and Pipeline errors * Update Sections * Minor changes and refactors to address Review comments * Fix Unit test for network indicator * do not use deprecated method utcnow() * Fix context path and format readable output of Protection Commands * Update Readme * Fix version info in Readme * Box Quick Update (#39267) * Updated README and pack_metadata * Updated README * Update Packs/Box/README.md * Update Packs/Box/README.md * Update Packs/Box/README.md * Update Packs/Box/README.md --------- * [Trellix_ePO] Remove MP xsoar (#39296) * hide pack (#39290) (#39294) * CortexCoreIR: added `quick actions` commands (#38663) * added prettynames placeholder * added quickaction * update prettypredefined * capital prettyPredefined * update prettypredefined * JUST FOR TEST SDK FIX * correct prettypredefined * test script * uuse sdk from branch * added supportedModules * adding the wrapper commands * remove "platform" properties from script * revert poetry changes * remove quick action from the orig command * correct the name of quick actions * fix wrong * update CoreIR integration with IA related & py code * PM changes * restore pack_metadata * replace placeholders * run ruff format after merge master * added RN * fix alert * update the RN --------- * drop CortexVulnerabilityManagement from platform (#39299) * Nivbs/ciac 13013 quick actions (#38979) * Added first draft for Quick action: Create Issue in Jira * Added first draft for Quick action: Create ServiceNow Ticket * Fixing Items in JIRA quick action * Adding Corrects Fields in Open Service Now Ticket * Quick Action Slack Integration * Quick Action MSFT Teams Integration * re-format the ${issue} syntax after clarifications * Adding Platform to pack_metadata.json * Updating pack_metadata.json for all Packs, according to platform-content-support * update supportsquickactions to higher scope adding hidden to relevant quiack-action cmds * Update slack to slackV3 * Remove deprecated arguments from JIRA cmd * Update default Value in Jira * Update Docker images versions * Update Release notes for quick actions Packs * Adding supports quick action for slack V3 * Change order of pre-defined options * Change defaultValue to predefined * Change pretty name for short_description in ServiceNowv2.yml * Remove prettyname for non required params * Update JiraV3.yml according to design changes * Update MicrosoftTeams.yml according to design changes * Update SlackV3.yml according to design changes * Update ServiceNowv2.yml according to design changes * Change from issue to alert keyword * Fixes After demo: Remove user option from teams and slack. Remove defaultValue from Servicenow TicketType * After Server fix - change from alert to issue keyword * Update Packs/Slack/ReleaseNotes/3_5_11.md * Update Packs/Slack/ReleaseNotes/3_5_11.md * Update Packs/ServiceNow/ReleaseNotes/2_7_8.md * Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml * Update Packs/Jira/Integrations/JiraV3/JiraV3.yml * Update Packs/Jira/Integrations/JiraV3/JiraV3.yml * Update Packs/Jira/ReleaseNotes/3_2_16.md * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml * Apply suggestions from code review * Update release note file name * Update description after pre commit notes * Create 3_5_12.md * Update Descriptions and params after product meeting * Revert "Create 3_5_12.md" This reverts commit 348e186. * Because of ST failed - update description in commands * batch_1 (#39162) * Adopt 'platform' MP to content packs #2 (#39163) * batch_2 * revert incorrect changes * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #3 (#39164) * batch_3 * remove identity_threat --------- * batch_4 (#39165) * Adopt 'platform' MP to content packs #6 (#39167) * batch_6 * revert incorrect changes * batch_7 (#39168) * Adopt 'platform' MP to content packs #8 (#39169) * batch_8 * revert incorrect changes * Update Packs/CommonScripts/pack_metadata.json --------- * Adopt 'platform' MP to content packs #9 (#39170) * batch_9 * revert quick actions * revert incorrect changes * revert incorrect changes * batch_5 (#39232) * batch_10 (#39171) * batch_11 (#39172) * Adopt 'platform' MP to content packs #12 (#39173) * batch_12 * revert incorrect changes * batch_13 (#39174) * Adopt 'platform' MP to content packs #14 (#39175) * batch_14 * revert incorrect changes * Adopt 'platform' MP to content packs #15 (#39176) * batch_15 * Update Packs/FiltersAndTransformers/pack_metadata.json --------- * batch_16 (#39177) * batch_17 (#39178) * Adopt 'platform' MP to content packs #18 (#39179) * batch_18 * revert incorrect changes * Adopt 'platform' MP to content packs #19 (#39180) * batch_19 * Update Packs/Jira/pack_metadata.json --------- * batch_20 (#39181) * Adopt 'platform' MP to content packs #21 (#39182) * batch_21 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #22 (#39183) * batch_22 * revert incorrect changes * Update Packs/Office365AndAzureAuditLog/pack_metadata.json --------- * batch_24 (#39185) * Adopt 'platform' MP to content packs #25 (#39186) * batch_25 * Update Packs/PingIdentity/pack_metadata.json * Update Packs/PrismaAccess/pack_metadata.json --------- * Adopt 'platform' MP to content packs #26 (#39187) * batch_26 * revert incorrect changes * Adopt 'platform' MP to content packs #27 (#39188) * batch_27 * revert incorrect changes * Adopt 'platform' MP to content packs #28 (#39189) * batch_28 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #29 (#39190) * batch_29 * revert incorrect changes * Update Packs/Slack/pack_metadata.json --------- * batch_30 (#39191) * batch_31 (#39192) * Adopt 'platform' MP to content packs #32 (#39193) * batch_32 * Update Packs/Workday/pack_metadata.json --------- * batch_33 (#39194) * Adopt 'platform' MP to content packs #23 (#39184) * batch_23 * revert incorrect changes * remove identity_threat --------- * fix json * limit common scripts * Revert "Merge branch 'test-platform-mp' into nivbs/CIAC-13013_Quick_Actions" This reverts commit 78e897c, reversing changes made to d2885a5. * Update release notes before pre commit * Update release notes before pre commit * Update current version in pack_metadata.json * Applying changes to adjust pre-commit tests * Making sure that send slack message and send teams message dont run as one action * Updating SlackV3_test.py to support new version * Revert docker changes in slack and teams because of build not supporting new versions * Revert slack test changes becuase docker versions were not updated * Remove Unnecessary description in Teams --------- * Fix validate content tpb (#39297) * Increase timeout * fix tpb yml * FormatURL does not correctly extract URLs from URLs of type ProofPoint URLDefense v3 (#39086) * first commit * add rn * add tests- urls are from api * Bump pack from version CommonScripts to 1.19.34. * improve code * Bump pack from version ApiModules to 2.2.43. * add rn * fix docker * fix code * fix pre-commit * fix pre-commit * fix pre-commit * fix pre-commit * fix test * Bump pack from version CommonScripts to 1.19.35. * fix test * fix test playbook * fix warnings * fix warnings * fix warnings * fix warnings --------- * Modified readme file - Proofpoint TAP (#39289) * Modified readme file * Update Packs/ProofpointTAP/README.md --------- * Improve handling of command execution timeout using timed thread in QualysV2 (#39074) * Updated Silverfort Pack README (#38764) (#39304) * Updated Silverfort README * Updated based on ilaredo's feedback * Trigger build workflow * Fix for list of techniques in InvestigationDetailedSummaryToTable (#39291) * fix for customer issue * FeedDomainTools Release v1.0.1 (#39280) (#39305) * Add release notes * Removed release notes * Add domain discovery feed. * Added domainrdap feeds * Add test cases for domainrdap feeds * Revert hardcoded indicator type * Remove unnecessary comment * Update README * Update release notes * Fix upload flow core packs validation (#39306) * update the RN * empty * Intense sso failures fix (#39301) * Change 90 days to 1 day * Change 90 days to 1 day * RN --------- Co-authored-by: xsoar-bot <[email protected]> Co-authored-by: ROCCO <[email protected]> Co-authored-by: ispRM <[email protected]> Co-authored-by: inbalapt1 <[email protected]> Co-authored-by: [email protected] <[email protected]> Co-authored-by: Shachar Kidor <[email protected]> Co-authored-by: sdaniel6 <[email protected]> Co-authored-by: Shahaf Ben Yakir <[email protected]> Co-authored-by: bryanster <[email protected]> Co-authored-by: Jelle Hol <[email protected]> Co-authored-by: yasta5 <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: Content Bot <[email protected]> Co-authored-by: Niv Ben Salmon <[email protected]> Co-authored-by: EyalPintzov <[email protected]> Co-authored-by: Yuval Hayun <[email protected]> Co-authored-by: Daniel Rezvani <[email protected]> Co-authored-by: Karina Fishman <[email protected]> Co-authored-by: Adi Peretz <[email protected]> Co-authored-by: Jacob Levy <[email protected]> Co-authored-by: Arad Carmi <[email protected]> Co-authored-by: lironcohen272 <[email protected]> Co-authored-by: Menachem Weinfeld <[email protected]> Co-authored-by: barryyosi-panw <[email protected]> Co-authored-by: Israel Lappe <[email protected]> Co-authored-by: darbel <[email protected]> Co-authored-by: rundssoar <[email protected]> Co-authored-by: eepstain <[email protected]> Co-authored-by: johnnywilkes <[email protected]> Co-authored-by: Danny_Fried <[email protected]> Co-authored-by: barryyosi-panw <[email protected]> Co-authored-by: Tal Zichlinsky <[email protected]> Co-authored-by: Tal Carmeli <[email protected]> Co-authored-by: Kamal Qarain <[email protected]> Co-authored-by: Frank Gasparovic <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: Bri <[email protected]> Co-authored-by: Tomer Haimof <[email protected]> Co-authored-by: RotemAmit <[email protected]>
oatias
pushed a commit
that referenced
this pull request
Apr 1, 2025
…39230) (#39322) * "contribution update to pack 'Microsoft Sentinel'" * Revert unwanted changes * Update Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml * Update Packs/AzureSentinel/Integrations/AzureSentinel/README.md * Update Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml * Revert unwanted changes part 2 * Aligned tests to the input type change * update release notes * fix unittest * Update Packs/AzureSentinel/ReleaseNotes/1_5_60.md * fix * Added a note to the readme regarding the debugger panel (#39243) * CRTX-133204-Trellix_ePO-fix (#39248) * changed metadata file * added release notes * added release notes --------- * fix: get mapping fields function does not except any arguments (#38786) (#39261) * fix: get mapping fields function does not except any arguments * feat: add Bryan van der Net to CONTRIBUTORS.json * fix: update SentinelOne V2 integration to resolve mapping fields error and enhance configuration sections * fix: update Docker image version for SentinelOne V2 integration * docs: update Docker image version in release notes for SentinelOne V2 integration * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/ReleaseNotes/3_2_37.md * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * style: pr still showing changes on the release notes * Bump version and generate release notes * revert: revert config changes * chore: bump version and update release notes * style: undo random formatting changes --------- * Modeling rules modification - CRTX-151278 (#39103) * Modified modeling rule after the modification of the integration * Fixed schema file * Added release note and modified modeling rule * Pack's version update * Update Packs/qualys/ReleaseNotes/3_2_4.md * Modified modeling rule * Bump pack from version qualys to 3.2.5. * Added xdm.event.type to assets events * Added tag * Fixed schema file * Fixed schema file --------- * Update Pan-OS playbook for supporting version 11 (#39249) * added itamar (#39265) * Added the validate-validation-config-file hook to content (#39260) * Added the validate-validation-config-file hook to content * fixes * fix validations * Automation research releases (#39270) * new playbook - First Azure AD PowerShell operation for a user (#39159) * new playbook * RN * description fixed * added ignore * Bump pack from version CortexResponseAndRemediation to 1.1.25. * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * Update Packs/CortexResponseAndRemediation/Playbooks/silent-playbook-First_Azure_AD_PowerShell_operation_for_a_user.yml * task description * position fix * fix for old link to documentation * continue on error * fix * skip if * fix * fix * added issilent: true --------- * Automation Research Release - 1 (#39269) * fix: get mapping fields function does not except any arguments (#38786) (#39261) * fix: get mapping fields function does not except any arguments * feat: add Bryan van der Net to CONTRIBUTORS.json * fix: update SentinelOne V2 integration to resolve mapping fields error and enhance configuration sections * fix: update Docker image version for SentinelOne V2 integration * docs: update Docker image version in release notes for SentinelOne V2 integration * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * Update Packs/SentinelOne/ReleaseNotes/3_2_37.md * Update Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml * style: pr still showing changes on the release notes * Bump version and generate release notes * revert: revert config changes * chore: bump version and update release notes * style: undo random formatting changes --------- * Modeling rules modification - CRTX-151278 (#39103) * Modified modeling rule after the modification of the integration * Fixed schema file * Added release note and modified modeling rule * Pack's version update * Update Packs/qualys/ReleaseNotes/3_2_4.md * Modified modeling rule * Bump pack from version qualys to 3.2.5. * Added xdm.event.type to assets events * Added tag * Fixed schema file * Fixed schema file --------- * Update Pan-OS playbook for supporting version 11 (#39249) * added itamar (#39265) --------- --------- * add codeowner (#39272) * [GenericPolling] Update docs (#39250) * RN * Update Packs/CommonPlaybooks/ReleaseNotes/2_6_55.md * Update Packs/CommonPlaybooks/ReleaseNotes/2_6_55.md --------- * edit readme file (#39196) * edit readme file * documentation after tech writing fixes * fix to soft break (line break) * improve images resolution * change permission list to bullet style * [Code owners] Update ContentManagement with talzich (#39284) * Platform content support merge gateway (#39268) * batch_1 (#39162) * Adopt 'platform' MP to content packs #2 (#39163) * batch_2 * revert incorrect changes * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #3 (#39164) * batch_3 * remove identity_threat --------- * batch_4 (#39165) * Adopt 'platform' MP to content packs #6 (#39167) * batch_6 * revert incorrect changes * batch_7 (#39168) * Adopt 'platform' MP to content packs #8 (#39169) * batch_8 * revert incorrect changes * Update Packs/CommonScripts/pack_metadata.json --------- * Adopt 'platform' MP to content packs #9 (#39170) * batch_9 * revert quick actions * revert incorrect changes * revert incorrect changes * batch_5 (#39232) * batch_10 (#39171) * batch_11 (#39172) * Adopt 'platform' MP to content packs #12 (#39173) * batch_12 * revert incorrect changes * batch_13 (#39174) * Adopt 'platform' MP to content packs #14 (#39175) * batch_14 * revert incorrect changes * Adopt 'platform' MP to content packs #15 (#39176) * batch_15 * Update Packs/FiltersAndTransformers/pack_metadata.json --------- * batch_16 (#39177) * batch_17 (#39178) * Adopt 'platform' MP to content packs #18 (#39179) * batch_18 * revert incorrect changes * Adopt 'platform' MP to content packs #19 (#39180) * batch_19 * Update Packs/Jira/pack_metadata.json --------- * batch_20 (#39181) * Adopt 'platform' MP to content packs #21 (#39182) * batch_21 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #22 (#39183) * batch_22 * revert incorrect changes * Update Packs/Office365AndAzureAuditLog/pack_metadata.json --------- * batch_24 (#39185) * Adopt 'platform' MP to content packs #25 (#39186) * batch_25 * Update Packs/PingIdentity/pack_metadata.json * Update Packs/PrismaAccess/pack_metadata.json --------- * Adopt 'platform' MP to content packs #26 (#39187) * batch_26 * revert incorrect changes * Adopt 'platform' MP to content packs #27 (#39188) * batch_27 * revert incorrect changes * Adopt 'platform' MP to content packs #28 (#39189) * batch_28 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #29 (#39190) * batch_29 * revert incorrect changes * Update Packs/Slack/pack_metadata.json --------- * batch_30 (#39191) * batch_31 (#39192) * Adopt 'platform' MP to content packs #32 (#39193) * batch_32 * Update Packs/Workday/pack_metadata.json --------- * batch_33 (#39194) * Adopt 'platform' MP to content packs #23 (#39184) * batch_23 * revert incorrect changes * remove identity_threat --------- * fix json * limit common scripts * fix Core layouts * fix Core layouts --------- * IBM HA - add "haIntegrationEventID" to multiple integrations (#38846) * add haIntegrationEventID key to qradar incidents * added rn * fixes * in progress * reverts & preperation * tests fixes * added haIntegrationEventID to more itnegrations * added rns * fixes * fixes * added sections to uptycs * work in progress, save before testing * working windows integration * done all 9 integrations * added rns * fix proof point * fix unit test * validations fixes * validations fixes * reverts * update uptycs contacts * update rns * update rns * revert ms atp * reverts * reverts * updated docker * fixed empty offset issue * added rn * reverts * Add ICDM Integration (#38982) (#39283) * Add ICDM Integration * Fix Formatting and Pipeline errors * Update Sections * Minor changes and refactors to address Review comments * Fix Unit test for network indicator * do not use deprecated method utcnow() * Fix context path and format readable output of Protection Commands * Update Readme * Fix version info in Readme * Box Quick Update (#39267) * Updated README and pack_metadata * Updated README * Update Packs/Box/README.md * Update Packs/Box/README.md * Update Packs/Box/README.md * Update Packs/Box/README.md --------- * [Trellix_ePO] Remove MP xsoar (#39296) * hide pack (#39290) (#39294) * CortexCoreIR: added `quick actions` commands (#38663) * added prettynames placeholder * added quickaction * update prettypredefined * capital prettyPredefined * update prettypredefined * JUST FOR TEST SDK FIX * correct prettypredefined * test script * uuse sdk from branch * added supportedModules * adding the wrapper commands * remove "platform" properties from script * revert poetry changes * remove quick action from the orig command * correct the name of quick actions * fix wrong * update CoreIR integration with IA related & py code * PM changes * restore pack_metadata * replace placeholders * run ruff format after merge master * added RN * fix alert * update the RN --------- * drop CortexVulnerabilityManagement from platform (#39299) * Nivbs/ciac 13013 quick actions (#38979) * Added first draft for Quick action: Create Issue in Jira * Added first draft for Quick action: Create ServiceNow Ticket * Fixing Items in JIRA quick action * Adding Corrects Fields in Open Service Now Ticket * Quick Action Slack Integration * Quick Action MSFT Teams Integration * re-format the ${issue} syntax after clarifications * Adding Platform to pack_metadata.json * Updating pack_metadata.json for all Packs, according to platform-content-support * update supportsquickactions to higher scope adding hidden to relevant quiack-action cmds * Update slack to slackV3 * Remove deprecated arguments from JIRA cmd * Update default Value in Jira * Update Docker images versions * Update Release notes for quick actions Packs * Adding supports quick action for slack V3 * Change order of pre-defined options * Change defaultValue to predefined * Change pretty name for short_description in ServiceNowv2.yml * Remove prettyname for non required params * Update JiraV3.yml according to design changes * Update MicrosoftTeams.yml according to design changes * Update SlackV3.yml according to design changes * Update ServiceNowv2.yml according to design changes * Change from issue to alert keyword * Fixes After demo: Remove user option from teams and slack. Remove defaultValue from Servicenow TicketType * After Server fix - change from alert to issue keyword * Update Packs/Slack/ReleaseNotes/3_5_11.md * Update Packs/Slack/ReleaseNotes/3_5_11.md * Update Packs/ServiceNow/ReleaseNotes/2_7_8.md * Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml * Update Packs/Jira/Integrations/JiraV3/JiraV3.yml * Update Packs/Jira/Integrations/JiraV3/JiraV3.yml * Update Packs/Jira/ReleaseNotes/3_2_16.md * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/MicrosoftTeams/ReleaseNotes/1_5_17.md * Update Packs/ServiceNow/Integrations/ServiceNowv2/ServiceNowv2.yml * Apply suggestions from code review * Update release note file name * Update description after pre commit notes * Create 3_5_12.md * Update Descriptions and params after product meeting * Revert "Create 3_5_12.md" This reverts commit 348e186. * Because of ST failed - update description in commands * batch_1 (#39162) * Adopt 'platform' MP to content packs #2 (#39163) * batch_2 * revert incorrect changes * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #3 (#39164) * batch_3 * remove identity_threat --------- * batch_4 (#39165) * Adopt 'platform' MP to content packs #6 (#39167) * batch_6 * revert incorrect changes * batch_7 (#39168) * Adopt 'platform' MP to content packs #8 (#39169) * batch_8 * revert incorrect changes * Update Packs/CommonScripts/pack_metadata.json --------- * Adopt 'platform' MP to content packs #9 (#39170) * batch_9 * revert quick actions * revert incorrect changes * revert incorrect changes * batch_5 (#39232) * batch_10 (#39171) * batch_11 (#39172) * Adopt 'platform' MP to content packs #12 (#39173) * batch_12 * revert incorrect changes * batch_13 (#39174) * Adopt 'platform' MP to content packs #14 (#39175) * batch_14 * revert incorrect changes * Adopt 'platform' MP to content packs #15 (#39176) * batch_15 * Update Packs/FiltersAndTransformers/pack_metadata.json --------- * batch_16 (#39177) * batch_17 (#39178) * Adopt 'platform' MP to content packs #18 (#39179) * batch_18 * revert incorrect changes * Adopt 'platform' MP to content packs #19 (#39180) * batch_19 * Update Packs/Jira/pack_metadata.json --------- * batch_20 (#39181) * Adopt 'platform' MP to content packs #21 (#39182) * batch_21 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #22 (#39183) * batch_22 * revert incorrect changes * Update Packs/Office365AndAzureAuditLog/pack_metadata.json --------- * batch_24 (#39185) * Adopt 'platform' MP to content packs #25 (#39186) * batch_25 * Update Packs/PingIdentity/pack_metadata.json * Update Packs/PrismaAccess/pack_metadata.json --------- * Adopt 'platform' MP to content packs #26 (#39187) * batch_26 * revert incorrect changes * Adopt 'platform' MP to content packs #27 (#39188) * batch_27 * revert incorrect changes * Adopt 'platform' MP to content packs #28 (#39189) * batch_28 * revert incorrect changes * remove identity_threat --------- * Adopt 'platform' MP to content packs #29 (#39190) * batch_29 * revert incorrect changes * Update Packs/Slack/pack_metadata.json --------- * batch_30 (#39191) * batch_31 (#39192) * Adopt 'platform' MP to content packs #32 (#39193) * batch_32 * Update Packs/Workday/pack_metadata.json --------- * batch_33 (#39194) * Adopt 'platform' MP to content packs #23 (#39184) * batch_23 * revert incorrect changes * remove identity_threat --------- * fix json * limit common scripts * Revert "Merge branch 'test-platform-mp' into nivbs/CIAC-13013_Quick_Actions" This reverts commit 78e897c, reversing changes made to d2885a5. * Update release notes before pre commit * Update release notes before pre commit * Update current version in pack_metadata.json * Applying changes to adjust pre-commit tests * Making sure that send slack message and send teams message dont run as one action * Updating SlackV3_test.py to support new version * Revert docker changes in slack and teams because of build not supporting new versions * Revert slack test changes becuase docker versions were not updated * Remove Unnecessary description in Teams --------- * Fix validate content tpb (#39297) * Increase timeout * fix tpb yml * FormatURL does not correctly extract URLs from URLs of type ProofPoint URLDefense v3 (#39086) * first commit * add rn * add tests- urls are from api * Bump pack from version CommonScripts to 1.19.34. * improve code * Bump pack from version ApiModules to 2.2.43. * add rn * fix docker * fix code * fix pre-commit * fix pre-commit * fix pre-commit * fix pre-commit * fix test * Bump pack from version CommonScripts to 1.19.35. * fix test * fix test playbook * fix warnings * fix warnings * fix warnings * fix warnings --------- * Modified readme file - Proofpoint TAP (#39289) * Modified readme file * Update Packs/ProofpointTAP/README.md --------- * Improve handling of command execution timeout using timed thread in QualysV2 (#39074) * Updated Silverfort Pack README (#38764) (#39304) * Updated Silverfort README * Updated based on ilaredo's feedback * Trigger build workflow * Fix for list of techniques in InvestigationDetailedSummaryToTable (#39291) * fix for customer issue * FeedDomainTools Release v1.0.1 (#39280) (#39305) * Add release notes * Removed release notes * Add domain discovery feed. * Added domainrdap feeds * Add test cases for domainrdap feeds * Revert hardcoded indicator type * Remove unnecessary comment * Update README * Update release notes * Fix upload flow core packs validation (#39306) * update the RN * empty * Intense sso failures fix (#39301) * Change 90 days to 1 day * Change 90 days to 1 day * RN --------- Co-authored-by: xsoar-bot <[email protected]> Co-authored-by: ROCCO <[email protected]> Co-authored-by: ispRM <[email protected]> Co-authored-by: inbalapt1 <[email protected]> Co-authored-by: [email protected] <[email protected]> Co-authored-by: Shachar Kidor <[email protected]> Co-authored-by: sdaniel6 <[email protected]> Co-authored-by: Shahaf Ben Yakir <[email protected]> Co-authored-by: bryanster <[email protected]> Co-authored-by: Jelle Hol <[email protected]> Co-authored-by: yasta5 <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: Content Bot <[email protected]> Co-authored-by: Niv Ben Salmon <[email protected]> Co-authored-by: EyalPintzov <[email protected]> Co-authored-by: Yuval Hayun <[email protected]> Co-authored-by: Daniel Rezvani <[email protected]> Co-authored-by: Karina Fishman <[email protected]> Co-authored-by: Adi Peretz <[email protected]> Co-authored-by: Jacob Levy <[email protected]> Co-authored-by: Arad Carmi <[email protected]> Co-authored-by: lironcohen272 <[email protected]> Co-authored-by: Menachem Weinfeld <[email protected]> Co-authored-by: barryyosi-panw <[email protected]> Co-authored-by: Israel Lappe <[email protected]> Co-authored-by: darbel <[email protected]> Co-authored-by: rundssoar <[email protected]> Co-authored-by: eepstain <[email protected]> Co-authored-by: johnnywilkes <[email protected]> Co-authored-by: Danny_Fried <[email protected]> Co-authored-by: barryyosi-panw <[email protected]> Co-authored-by: Tal Zichlinsky <[email protected]> Co-authored-by: Tal Carmeli <[email protected]> Co-authored-by: Kamal Qarain <[email protected]> Co-authored-by: Frank Gasparovic <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: Bri <[email protected]> Co-authored-by: Tomer Haimof <[email protected]> Co-authored-by: RotemAmit <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
Contributor
@ispRM
Notes
Improved the fetching process by retrieving only incidents that meet the defined minimum severity, optimizing time and resource consumption where previously all incidents were collected and then filtered which made the process inefficient.
Example of queries that will be made on fetch_incidents based on the chosen Mimimum severity:
Original query for all the min severities:
"properties/incidentNumber gt 233809"
After this minor change:
If min_severity == "Informational" (no changes):
- "properties/incidentNumber gt 233809"
If min_severity == "High":
- "properties/incidentNumber gt 233809 and (properties/severity eq 'High')"
If min_severity == "Medium":
- "properties/incidentNumber gt 233809 and (properties/severity eq 'Medium' or properties/severity eq 'High')"
If min_severity == "Low":
- "properties/incidentNumber gt 233809 and (properties/severity eq 'Low' or properties/severity eq 'Medium' or properties/severity eq 'High')"
Auto-Generated Documentation Requiring Modification
Video Link
Short demo video of the Pack usage. Speeds up the review. Optional but recommended. Use a video sharing service such as Google Drive or YouTube.