CheckPoint Threat Emulation / Sandblast - Fix get_dbotscore() (demisto#24550)

content-bot · xsoar-bot · commit c4162fedb08c · 2023-02-16T19:10:51.000Z
diff --git a/Packs/CheckPointSandBlast/Integrations/CheckPointSandBlast/CheckPointSandBlast.py b/Packs/CheckPointSandBlast/Integrations/CheckPointSandBlast/CheckPointSandBlast.py
@@ -846,8 +846,8 @@ def get_dbotscore(response: Dict[str, Any]) -> int:
     te_severity = dict_safe_get(response, ['response', 'te', 'severity'])
     te_combined_verdict = dict_safe_get(response, ['response', 'te', 'combined_verdict'])
     if av_confidence == 0 and av_severity == 0 and \
-            te_combined_verdict == 'Benign' and (te_severity == 0 or te_severity is None) and (te_confidence
-                                                                                               <= 1 or te_confidence is None):
+            te_combined_verdict.lower() == 'benign' and (te_severity == 0 or te_severity is None) and \
+            (te_confidence <= 1 or te_confidence is None):
         score = Common.DBotScore.GOOD
 
     elif te_severity == 1:
diff --git a/Packs/CheckPointSandBlast/Integrations/CheckPointSandBlast/CheckPointSandBlast.yml b/Packs/CheckPointSandBlast/Integrations/CheckPointSandBlast/CheckPointSandBlast.yml
@@ -590,7 +590,7 @@ script:
     - contextPath: SandBlast.Quota.Action
       description: The quota action.
       type: String
-  dockerimage: demisto/python3:3.10.9.46807
+  dockerimage: demisto/python3:3.10.10.47713
   feed: false
   isfetch: false
   longRunning: false
diff --git a/Packs/CheckPointSandBlast/ReleaseNotes/1_0_5.md b/Packs/CheckPointSandBlast/ReleaseNotes/1_0_5.md
@@ -0,0 +1,4 @@
+#### Integrations
+##### Check Point Threat Emulation (SandBlast)
+- Fixed an issue where the Dbot score was not calculated correctly for the ***file*** command.
+- Updated the Docker image to: *demisto/python3:3.10.10.47713*.
diff --git a/Packs/CheckPointSandBlast/pack_metadata.json b/Packs/CheckPointSandBlast/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Check Point Threat Emulation (SandBlast)",
     "description": "Upload files using polling, the service supports Microsoft Office files, as well as PDF, SWF, archives and executables. Active content will be cleaned from any documents that you upload (Microsoft Office and PDF files only). Query on existing IOCs, file status, analysis, reports. Download files from the database. Supports both appliance and cloud. Supported Threat Emulation versions are any R80x.",
     "support": "xsoar",
-    "currentVersion": "1.0.4",
+    "currentVersion": "1.0.5",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",
@@ -15,4 +15,4 @@
     "keywords": [],
     "githubUser": [],
     "certification": "certified"
-}
+}
