diff --git a/Packs/FeedCSV/Integrations/FeedCSV/FeedCSV.py b/Packs/FeedCSV/Integrations/FeedCSV/FeedCSV.py index f6003ee829e3..6e349971d932 100644 --- a/Packs/FeedCSV/Integrations/FeedCSV/FeedCSV.py +++ b/Packs/FeedCSV/Integrations/FeedCSV/FeedCSV.py @@ -1,5 +1,5 @@ -import demistomock as demisto -from CommonServerPython import * +import demistomock as demisto # noqa: F401 +from CommonServerPython import * # noqa: F401 def main(): diff --git a/Packs/FeedCSV/Integrations/FeedCSV/FeedCSV.yml b/Packs/FeedCSV/Integrations/FeedCSV/FeedCSV.yml index b6505131310e..b65cb6b14378 100644 --- a/Packs/FeedCSV/Integrations/FeedCSV/FeedCSV.yml +++ b/Packs/FeedCSV/Integrations/FeedCSV/FeedCSV.yml @@ -129,19 +129,25 @@ configuration: name: skipinitialspace type: 8 required: false -- additionalinfo: Supports CSV values. - display: Tags +- additionalinfo: Text encoding for the CSV file. Defaults to latin-1. + display: Text Encoding + name: encoding + type: 0 + required: true + defaultvalue: latin-1 +- display: Tags name: feedTags type: 0 required: false + additionalinfo: Supports CSV values. - display: Trust any certificate (not secure) name: insecure type: 8 required: false - display: Use system proxy settings name: proxy - type: 8 required: false + type: 8 description: Fetch indicators from a CSV feed. display: CSV Feed name: CSVFeed @@ -165,10 +171,10 @@ script: - contextPath: CSV.Indicator.rawJSON description: The indicator rawJSON value. type: Unknown - dockerimage: demisto/py3-tools:1.0.0.45904 + dockerimage: demisto/py3-tools:1.0.0.80165 feed: true runonce: false - script: '-' + script: '' subtype: python3 type: python tests: diff --git a/Packs/FeedCSV/Integrations/FeedCSV/FeedCSV_description.md b/Packs/FeedCSV/Integrations/FeedCSV/FeedCSV_description.md index 307ff88cdf0f..6399a39bebd1 100644 --- a/Packs/FeedCSV/Integrations/FeedCSV/FeedCSV_description.md +++ b/Packs/FeedCSV/Integrations/FeedCSV/FeedCSV_description.md @@ -2,7 +2,7 @@ Fetch indicators from a CSV feed. The integration allows a great amount of user * **Indicator Type** - The type of indicators in the feed. * **Server URL** - URL of the feed. -* **Username + Password** - Credentials to access feeds that require basic authentication. + * **Username + Password** - Credentials to access feeds that require basic authentication. These fields also support the use of API key headers. To use API key headers, specify the header name and value in the following format: `_header:` in the **Username** field and the header value in the **Password** field. * **Ignore Regex** - Python regular expression for lines that should be ignored. @@ -14,16 +14,16 @@ These fields also support the use of API key headers. To use API key headers, sp * **Skip Initial Space** - When True, whitespace immediately following the delimiter is ignored. ## Step by step configuration -As an example, we'll be looking at the SSL BL feed by Abuse. This feed will ingest indicators of type IP. These are the feed isntance configuration parameters for our example. + As an example, we'll be looking at the SSL BL feed by Abuse. This feed will ingest indicators of type IP. These are the feed isntance configuration parameters for our example. **Indicator Type** - IP. **Server URL**: https://sslbl.abuse.ch/blacklist/sslipblacklist.csv. - + **Credentials** - This feed does not require authentication. From a quick look at the feed in the web browser, we are going to configure the rest of the parameters: - + **Ignore Regex** - We are going to need to ignore all the text inside the part enclosed by the `#` character (included) so we'll configure `^#` as the regular expression to use to ignore this text. @@ -35,7 +35,7 @@ Note that the field for the indicator value itself (the IP) must be `value`. So **Delimiter** - The delimiter between the fields in this feed is `,`, we'll use that as the value for this field. **Quote Character** - No need to change the quote character, we'll leave that as the default (`"`). - + **Escape Character** - No need to change the escape character, we'll leave that empty. **Skip Initial Space** - No whitespaces between the delimiter and the value, we'll leave the unchecked. @@ -43,4 +43,4 @@ Note that the field for the indicator value itself (the IP) must be `value`. So Now we have successfully configured an instance for the Abuse SSL BL feed, once we enable `Fetches indicators` the instance will start pulling indicators. By clicking `Mapping` in the integration instance, we can map the field names we previously configured to actual indicator fields (except `value` which is the indicator value). -We can use `Set up a new classification rule` using actual data from the feed. +We can use `Set up a new classification rule` using actual data from the feed. \ No newline at end of file diff --git a/Packs/FeedCSV/ReleaseNotes/1_1_29.md b/Packs/FeedCSV/ReleaseNotes/1_1_29.md new file mode 100644 index 000000000000..226f14f1bcc0 --- /dev/null +++ b/Packs/FeedCSV/ReleaseNotes/1_1_29.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### CSV Feed + +- Added an encoding parameter to support CSVs containing non-English text. +- Updated the Docker image to: *demisto/py3-tools:1.0.0.80165*. diff --git a/Packs/FeedCSV/pack_metadata.json b/Packs/FeedCSV/pack_metadata.json index e0c69eddbf62..a38dfb202bc9 100644 --- a/Packs/FeedCSV/pack_metadata.json +++ b/Packs/FeedCSV/pack_metadata.json @@ -2,7 +2,7 @@ "name": "CSV Feed", "description": "Indicators feed from a CSV file", "support": "xsoar", - "currentVersion": "1.1.28", + "currentVersion": "1.1.29", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",