Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Group-IB hot fix integration (#30470)
* test commit
* remove bt link
* Remove A in TI for yaml and md for indicator
* back yaml to default
* refactor yaml with cortex utils
* refactor md and yaml for feed
* remove bp/domain
* replace git_leak with git_repository
* Add new collection
Fix issue with date for TI
* remove changes outside the Packs
* Update Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIB_TIA_Feed/test_data/example.json
Co-authored-by: Mai Morag <81917647+maimorag@users.noreply.github.com>
* Update Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIB_TIA_Feed/test_data/example.json
Co-authored-by: Mai Morag <81917647+maimorag@users.noreply.github.com>
* Update Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIBTIA/test_data/example.json
Co-authored-by: Mai Morag <81917647+maimorag@users.noreply.github.com>
* Update Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIBTIA/test_data/example.json
Co-authored-by: Mai Morag <81917647+maimorag@users.noreply.github.com>
* Update Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIBTIA/test_data/example.json
Co-authored-by: Mai Morag <81917647+maimorag@users.noreply.github.com>
* update release notes
* update logo
* update logo
* Revert "update release notes"
This reverts commit 7c9ac76fd46c499fd185de154fe8d272657971db.
* revert microsocks
* fix compromised account issue
* adding RL
* Update Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIBTIA/GroupIBTIA.py
Co-authored-by: Mai Morag <81917647+maimorag@users.noreply.github.com>
* create release notes v1_3_12
* add test for compromised/account_group
* refactor changes in playbook
* fixed validation errors
* adding pragma no cover
* refactor RN
* add urllib exception
* fixing validation errors
* adding pragma no cover
* format
* fix lint test errors
* revert sentinel
* revert changes to azure sentinel
* fixing cloud machine ids processing (#29777)
* fixing cloud machine ids processing
* not exiting the installation script if we fail to install a pack. report an error but continue with the test playbook upload (#29759)
Co-authored-by: kobymeir <ymeir@paloaltonetworks.com>
* Microsoft DNS Parsing Rule Drop (#29765)
* Updated ParsingRules
* Updated ReleaseNotes
* Updated ReleaseNotes
* Updated ReleaseNotes
* Updated pack_metadata
* Updated pack_metadata
* Updated pack_metadata
* Updated README
* Updated README
* Updated README
* [JoeSecurity] Pre-Commit (#29717)
* [pre-commit ruff] Align the entire repo with ruff #2 (#29754)
* [pre-commit ruff] Align the entire repo with ruff #2
* Add RN
* Update the docker image
* Don't checkout build files in pre-commit (#27900)
* is file up to date pre-commit
* Revert changes made by mistake
---------
Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com>
Co-authored-by: Menachem Weinfeld <90556466+mmhw@users.noreply.github.com>
Co-authored-by: Menachem Weinfeld <mmhw770@gmail.com>
* Fixes for 'NGFW Scan' and 'WildFire Malware' XSIAM playbooks (#29774)
* Fixes for 'NGFW Scan' and 'WildFire Malware' XSIAM playbooks
* RN
* fixed RN and 'NGFW Scan playbook'
* CiscoSMA- Added timeout parameter (#29372)
* fix
* add_tests
* fix_test_description
* fix_yml_add_readme
* fixes - add timeout to the client
* add timeout to yml
* revert changes
* Update CiscoSMA.py
* Update CiscoSMA.py
* CR review
* add RN
* fix CR review
* update docker image
* XSUP-27956/ Added EWS PS V3 Description (#29784)
* updated the description
* update rn
* Apply suggestions from code review
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
---------
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* Xsup 27738 DBotFindSimilarIncidents NoneType Error (#29701)
* failed ut
* fix
* rn
* pre-commit
* pre commit
* just the fix
* fix description in yml
* fix
* docker
* Update Packs/Base/ReleaseNotes/1_32_34.md
Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com>
* test
* test
* removed import
---------
Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com>
* Wiz v1 2 11 (#29719)
* Wiz v1 2 11 (#29688)
* remove redundant parenthesis
* ../Packs/Wiz/Integrations/Wiz/Wiz.py
* add Wiz user agent
* rephrase release notes
* update pack metadata json
* rephrase release notes v2
* fix minor typos and update docker image
* Bump Docker version
---------
Co-authored-by: Ariel Tobiana <107474518+ariel-wiz@users.noreply.github.com>
Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
* [ASM] - Expander - Update ASM fields (4821) (#29702)
* [ASM] - Expander - Update ASM fields (4821) (#29506)
* Add missing comments to grid fields
- Update descriptions of fields as needed.
* Add release notes
* Add descriptions to two fields
- asmdevcheckdetails
- asmenrichmentstatus
* Update release notes.
* Grammar updates.
* Update release notes
* Add mandatory or optional in comments
* Update comments with mandatory
* Update pack version and release notes
* Add correct 1_6_33 release notes
* fix rn
* fix rn
---------
Co-authored-by: John <40349459+BigEasyJ@users.noreply.github.com>
Co-authored-by: ostolero <86190583+ostolero@users.noreply.github.com>
Co-authored-by: ostolero <ostolero@paloaltonetworks.com>
* Wildfire-upload-url add poling timeout argument (#29790)
* save adding timeout param
* new docker image
* added rn
* fix ruff
* ruff made me to do this fixes :( not related to my changes
* Update Packs/Palo_Alto_Networks_WildFire/ReleaseNotes/2_1_35.md
* poetry files (#29793)
Co-authored-by: Content Bot <bot@demisto.com>
* Dra-cvss-color-fix (#29757)
* Fixed a small issue when indicator had no custom fields
* RN
* docker bump
* RN
* Update CVECVSSColor.py
* docker bump
* RN
* fixing typos in build scripts. (#29788)
unremovable -> non-removable
productname -> product_name
testplaybook -> test_playbook
changed some arg passing to use their full name:
-gpidd -gpidp
Co-authored-by: kobymeir <ymeir@paloaltonetworks.com>
* mapping to standard stix values (#29785)
* mapping to standard stix values
* updated release notes
* update docker
* breaking json
* add dot
* Add the nightly_ruff file for run pre-commit with --all flag (#29684)
* Add the nightly_ruff file for run pre-commit with --all flag
* Add more rules; Add the error name
* Add E501
* Add F601, F842, TID252
* XSUP-27528 (#29705)
* add_tests
* add_tests
* add RN, fix tests, format yml
* Update Packs/CommonScripts/ReleaseNotes/1_12_24.md
Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com>
* fix readme
* Bump pack from version CommonScripts to 1.12.25.
---------
Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com>
Co-authored-by: Content Bot <bot@demisto.com>
* [Axonius Content Pack 1.2.0] Bumping Dockerfile (#29802)
* [Axonius Content Pack 1.2.0] Bumping Dockerfile (#29625)
* bumped docker version for axonius api client
* docker image
* remove the -
---------
Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com>
* format
---------
Co-authored-by: Bryce Pedroza <97995056+bryce-ax@users.noreply.github.com>
Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com>
* Updated native:8.4 image; Add auth-utils support (#29792)
Co-authored-by: GuyAfik <guyafik11@gmail.com>
* Fixed sc_task closing state (#29636)
* Fixed sc_task closing state
* Added release notes
* Updated docker image
* small fix
* bumped dokcer
* fixed rn
---------
Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com>
Co-authored-by: sbenyakir <shahaf.benyakir@demisto.com>
* Private Compliance Packs (#29664)
* XSUP-27936 problem with regex (#29613)
* failed test
* fix
* rn
* rn
* unit test
* ut
* validations
* fixed test and docker
* fix
* validation
* Prisma Cloud V2 Add "usernames" Argument (#29710)
* add username arg
* support list
* update UT
* update README
* docker update
* update TPB
* Fortinet fortigate enhancement (#29655)
* Updated the readme for proofpoint fortigate.
* Modified the modeling rule.
* Modified the modeling rule and the schema file.
* Updated the release note.
* Update Packs/FortiGate/README.md
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* Updated the modeling rule.
* Added tags to the readme.
* removed ftntfgtmastersrcmac and ftntfgtmasterdstmac from the mapping.
* updated the modeling rule and the schema file.
* updated the modeling rule
* updated the modeling rule
---------
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* Add syslog example for War Room Actions (#29800)
* Graph Security Update (#29797)
* Updated MicrosoftGraphSecurity_schema
* Updated ReleaseNotes
* Updated ReleaseNotes
* [Dataminr Pulse] Release 106 (#29805)
* [Dataminr Pulse] Release 106 (#29693)
* Changes related to release v1.0.6
* Changes related to release v1.0.6
* Fixing Release Note related issue
---------
Co-authored-by: crestdatasystems <crestdatasystems@users.noreply.github.com>
Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
* Bump Docker version
---------
Co-authored-by: Crest Data Systems <60967033+crestdatasystems@users.noreply.github.com>
Co-authored-by: crestdatasystems <crestdatasystems@users.noreply.github.com>
Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
* [RecordedFuture] threat actor playbook update V2.5.1 (#29690) (#29807)
* Update Threat actor search playbook.
* Add release notes
* Fix formatting
* Change ExtractedIndicators to ExtractedIndicators\.File
* Fix release notes
---------
Co-authored-by: Yaroslav Nestor <yaroslav.nestor22@gmail.com>
Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
* [JoeSecurity] show partial result in polling commands (#29715)
* updating build docker image to latest devdemisto/gitlab-content-ci:1.0.0.64455 (#29761)
* updating build docker image to latest devdemisto/gitlab-content-ci:1.0.0.64455
* Private Upload Mode - ThreatExchange v2 (#28249)
* ThreatExchange integration
* ThreatExchange updates
* Added param to instance configuration
* pre-commit
* updated RN
* RN test
* CR updates
* Removed Threat_Crowd
* Update Packs/ThreatExchange/ReleaseNotes/2_0_12.md
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* docker
* format
* skip tests since theres no instance
* no testing instance
---------
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Co-authored-by: Yehuda Rosenberg <90599084+RosenbergYehuda@users.noreply.github.com>
Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com>
* added plus 1 for each iteration in find destination (#29811)
* added plus 1 for each iteration in find destination (#29760)
* added plus 1 for each iteration in find destination
* added release notes
* Update Packs/Cisco-umbrella-cloud-security/ReleaseNotes/2_0_2.md
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* updated docker image tag to latest
* updated unit test for pagination functions
* removed comments
---------
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* Update 2_0_2.md
---------
Co-authored-by: LiorQM <106475467+LiorQM@users.noreply.github.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Co-authored-by: RotemAmit <ramit@paloaltonetworks.com>
* Mde list indicator filter (#29640)
* Mde list indicator filter (#29338)
* init indicator filter
* release notes
* latest docker image
* updated docker image
* minor fixes
* reslove conflicts
* resolve version conflicts
* silence linter
* format
* docker
* Apply suggestions from Shirley
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* add period
* change phrase
* adding "is_mockable": false
* docker
* try change test playbook
* empty line
* docker
* return the mock
* Revert "return the mock"
This reverts commit ef23428eac12ef075f0dbdfba672399fb4ca7090.
---------
Co-authored-by: ckaadic <48683125+ckaadic@users.noreply.github.com>
Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com>
Co-authored-by: Yehuda Rosenberg <90599084+RosenbergYehuda@users.noreply.github.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* Audit Logs Endpoints Scripts Aligments for Xsoar-8 (#29781)
* test
* fix core api
* ExportAuditLogsToFile - add support for xsoar-8
* add ExportAuditLogsToFile UTs
* add forward audit logs uts
* update ut
* validation fixes
* mypy
* bump rns
* update docker
* update docker image
* fix ut
* format
* Bump pack from version CommonScripts to 1.12.25.
* Bump pack from version CommonScripts to 1.12.26.
* cr
* cr fixes
* update
* fix uts
---------
Co-authored-by: Content Bot <bot@demisto.com>
* Add command prisma-cloud-compute-get-file-integrity-events (#29608)
* Add command prisma-cloud-compute-get-file-integrity-events (#29187)
* Add command prisma-cloud-compute-get-file-integrity-events
* Incorporate changes from review comments. Add documentation and unit test.
* Add missing lines to YML file (add description of new command)
* Update docker image
* Incorporate changes from demo
* Update docker image
* fix validation
* fix validation
---------
Co-authored-by: ostolero <86190583+ostolero@users.noreply.github.com>
Co-authored-by: ostolero <ostolero@paloaltonetworks.com>
* Bump pack from version PrismaCloudCompute to 1.4.10.
* [pre-commit ruff] Align the entire repo with ruff (#29603)
* Fix falls of the ruff hook
* pre-commit
* Fix B003 ruff error
* Fix ruff errors on Utils/update_playbook.py
* remove code to trigger upload on dev branches (#29621)
* [pre-commit pycln] Align the entire repo with pycln (#29611)
* Fix falls of the pycln hook
* pre-commit
* Fix unit test
* Add RN
* Fix validate in GetDomainDNSDetails
* fuff on GetDomainDNSDetails
* ignore mypy error in test_content.py:350
* Fix falls of the autopep8 hook (#29638)
* add marketplaces to metadata (#29629)
* Fixing AWS Project Number in ASM Cloud (#29593) (#29642)
Co-authored-by: Chait A <112722030+capanw@users.noreply.github.com>
Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com>
Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
* [MS Teams] support reset_graph_auth (#29644)
* fixed
* pre-commit
* update
* Recordedfuture threathunting v2.5.0 (#29641)
* Recordedfuture threathunting v2.5.0 (#29025)
* Add commands related to Automated Threat hunting
recordedfuture-threat-map
recordedfuture-threat-links
recordedfuture-detection-rules
* Add recordedfuture-collective-insight command. Change app version.
* Update README.md. Add release notes
* Add playbook. Add unittests
* Add unittests
* Fix test_collective_insight_command
* Remove incorrect release note
* Add documentation for threat actor search playbook
* update Recorded Future Threat actor search playbook. add release note about new playbook.
* Update release notes, fix formatting
* Format yml files
* Update Recorded future threat actor search playbook
* Update docker image
* Fix linter
---------
Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
* Minor README fixes
---------
Co-authored-by: Yaroslav Nestor <yaroslav.nestor22@gmail.com>
Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
* [ASM] Expander 5777 (#29647)
* [ASM] Expander 5777 (#29619)
* first
* RN
* Bump pack from version CortexAttackSurfaceManagement to 1.6.36.
---------
Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com>
Co-authored-by: Content Bot <bot@demisto.com>
* XDR Malware Enrichment - hotfix for usernames (split) (#29585)
* Updated playbook with hotfix where we split usernames from domains and append them to the username list of usernames for account enrichment
* Added RN
* remove irrelevant test
* Updated RN
* Bump pack from version CortexXDR to 5.1.6.
* Update Packs/CortexXDR/ReleaseNotes/5_1_6.md
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
---------
Co-authored-by: Content Bot <bot@demisto.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* Update Docker Image To demisto/pyjwt3 (#29656)
* Updated Metadata Of Pack Silverfort
* Added release notes to pack Silverfort
* Packs/Silverfort/Integrations/Silverfort/Silverfort.yml Docker image update
* Update Docker Image To demisto/trustar (#29660)
* Updated Metadata Of Pack TruSTAR
* Added release notes to pack TruSTAR
* Update Docker Image To demisto/keeper-ksm (#29661)
* Updated Metadata Of Pack KeeperSecretsManager
* Added release notes to pack KeeperSecretsManager
* Packs/KeeperSecretsManager/Integrations/KeeperSecretsManager/KeeperSecretsManager.yml Docker image update
* Update Docker Image To demisto/py3-tools (#29654)
* Updated Metadata Of Pack Intezer
* Added release notes to pack Intezer
* Packs/Intezer/Integrations/IntezerV2/IntezerV2.yml Docker image update
* Updated Metadata Of Pack FeedMalwareBazaar
* Added release notes to pack FeedMalwareBazaar
* Packs/FeedMalwareBazaar/Integrations/MalwareBazaarFeed/MalwareBazaarFeed.yml Docker image update
* Updated Metadata Of Pack FeedGCPWhitelist
* Added release notes to pack FeedGCPWhitelist
* Packs/FeedGCPWhitelist/Integrations/FeedGoogleIPRanges/FeedGoogleIPRanges.yml Docker image update
* Updated Metadata Of Pack AccentureCTI_Feed
* Added release notes to pack AccentureCTI_Feed
* Packs/AccentureCTI_Feed/Integrations/ACTIIndicatorFeed/ACTIIndicatorFeed.yml Docker image update
* Fix DS108
---------
Co-authored-by: sberman <sberman@paloaltonetworks.com>
* Update Docker Image To demisto/taxii-server (#29659)
* Updated Metadata Of Pack CybleThreatIntel
* Added release notes to pack CybleThreatIntel
* Packs/CybleThreatIntel/Integrations/CybleThreatIntel/CybleThreatIntel.yml Docker image update
* Fix DS108
---------
Co-authored-by: sberman <sberman@paloaltonetworks.com>
* Update Docker Image To demisto/datadog-api-client (#29662)
* Updated Metadata Of Pack DatadogCloudSIEM
* Added release notes to pack DatadogCloudSIEM
* Packs/DatadogCloudSIEM/Integrations/DatadogCloudSIEM/DatadogCloudSIEM.yml Docker image update
* Fix DS108
---------
Co-authored-by: sberman <sberman@paloaltonetworks.com>
* Add reliability parameter to cves and pipl integration (#28703)
* commiting PrismaCloudCompute
* release notes added
* changed couldcompute, CVESearchV2, pipl
* added pack metadata
* fixed pipl readme
* reverting changes in CVESearch since it was deprecated
* removed redundant
* committing pre commit changes
* added known words
* added known words
* fixed lint error
* changed according to review
* updated docker version in PrismaCloudCompute
* changed according to doc review
* Added condition for not receiving new incidents in the test playbook
* updating release notes
* reverting fetch changes
* fixed playbook
* formatted playbook
* new validation, new run
* new validation, new run
* Bump pack from version PrismaCloudCompute to 1.4.10.
* update the docker image
---------
Co-authored-by: Content Bot <bot@demisto.com>
* Proofpoint email security pack: update description (#29651)
* update description
* Updated the schema file.
* Updated the schema file.
---------
Co-authored-by: Yehonatan Asta <yasta@paloaltonetworks.com>
* Jira v2 deprecated (#29649)
* Deprecate to jira v2
* update RN
* update conf.json file
* add task to the Create Jira Issue playbook that check if jira v3 is enable
* add image.png of the playbook
* update the playbook (yml, readme, image) and RN
* Update Docker Image To demisto/python3 (#29652)
* Updated Metadata Of Pack PANOSPolicyOptimizer
* Added release notes to pack PANOSPolicyOptimizer
* Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml Docker image update
* Updated Metadata Of Pack VMwareWorkspaceONEUEM
* Added release notes to pack VMwareWorkspaceONEUEM
* Packs/VMwareWorkspaceONEUEM/Integrations/VMwareWorkspaceONEUEM/VMwareWorkspaceONEUEM.yml Docker image update
* Updated Metadata Of Pack CiscoSMA
* Added release notes to pack CiscoSMA
* Packs/CiscoSMA/Integrations/CiscoSMA/CiscoSMA.yml Docker image update
* Updated Metadata Of Pack FeedThreatConnect
* Added release notes to pack FeedThreatConnect
* Packs/FeedThreatConnect/Integrations/FeedThreatConnect/FeedThreatConnect.yml Docker image update
* Updated Metadata Of Pack BitSight
* Added release notes to pack BitSight
* Packs/BitSight/Integrations/BitSightForSecurityPerformanceManagement/BitSightForSecurityPerformanceManagement.yml Docker image update
* Updated Metadata Of Pack AWS-ILM
* Added release notes to pack AWS-ILM
* Packs/AWS-ILM/Integrations/AWSILM/AWSILM.yml Docker image update
* Updated Metadata Of Pack CiscoWSA
* Added release notes to pack CiscoWSA
* Packs/CiscoWSA/Integrations/CiscoWSAV2/CiscoWSAV2.yml Docker image update
* Updated Metadata Of Pack SysAid
* Added release notes to pack SysAid
* Packs/SysAid/Integrations/SysAid/SysAid.yml Docker image update
* Updated Metadata Of Pack ManageEngine_PAM360
* Added release notes to pack ManageEngine_PAM360
* Packs/ManageEngine_PAM360/Integrations/ManageEnginePAM360/ManageEnginePAM360.yml Docker image update
* Updated Metadata Of Pack CiscoUmbrellaReporting
* Added release notes to pack CiscoUmbrellaReporting
* Packs/CiscoUmbrellaReporting/Integrations/CiscoUmbrellaReporting/CiscoUmbrellaReporting.yml Docker image update
* Fix DS108
---------
Co-authored-by: sberman <sberman@paloaltonetworks.com>
* XSUP-27717/FortiSIEM (#29458)
* add tests
* add RN,fix,logs
* Update 2_0_21.md
* add period
* add a name to incident
* fixes CR
* update docker image
* delete logs
* CR fixes
* Update 2_0_21.md
* Update FortiSIEMV2.py
* reverting the Docker image (#29607)
* reverting the Docker image
* Update Packs/cyberark_AIM/ReleaseNotes/1_0_14.md
---------
Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com>
* [Marketplace Contribution] Roksit DNS Security Integration - Sarp (#29663)
* [Marketplace Contribution] Roksit DNS Security Integration - Sarp (#29314)
* "pack contribution initial commit"
* Update RoksitDNSSecurityIntegrationSarp.py
* Update RoksitDNSSecurityIntegrationSarp.py
* Yehuda's version
* test module
* readme
* new logo
* Update RoksitDNSSecurityIntegrationSarp.yml
* Apply suggestions from code review
* Update RoksitDNSSecurityIntegrationSarp_description.md
* Update pack_metadata.json
* Update README.md
* Update pack_metadata.json
* Update pack_metadata.json
* Update Packs/RoksitDNSSecurityIntegration-Sarp/pack_metadata.json
* fixes
* change name
* folder name
* file names
* version
* rename sub folder
* remove (DNSSense) from the integration name
* rename folder
* docker
* replace image
* fix image name
---------
Co-authored-by: asimsarpkurt <79475614+asimsarpkurt@users.noreply.github.com>
Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com>
Co-authored-by: Yehuda Rosenberg <90599084+RosenbergYehuda@users.noreply.github.com>
* rename image
---------
Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com>
Co-authored-by: asimsarpkurt <79475614+asimsarpkurt@users.noreply.github.com>
Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com>
Co-authored-by: Yehuda Rosenberg <90599084+RosenbergYehuda@users.noreply.github.com>
* add unstuck fetch stream command (#29646)
* add unstuck fetch stream command
* added RN
* fixes
* add note
* cr fixes
* fix conflicts
* reverts
* [pre-commit pycln] Align the entire repo with pycln #4 (#29665)
* Fix pycln errors
* Update the docker images
* Run demisto-sdk pre-commit
* Remove unnecessary recommendations from extensions.json (#29605)
* update extensions.json
* Update devcontainer.json
* Update recommendations list
* Zscaler-FW-Logs (#29094)
* Zscaler FW Logs Modeling Rules
* Zscaler FW logs Modeling Rules
* Updated README
* Updated ZscalerModelingRule_1_3
* Changed cs5 field name to cat
* Apply suggestions from code review
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* Updated README
* Updated ModelingRules and Schema
* Updated ModelingRules and schema
* Updated ModelingRules
* Updated ModelingRules
---------
Co-authored-by: Eido Epstain <eepstain@paloaltonetworks.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* PANOS - EXPANDR-5744 (#29223) (#29686)
* playbook updates
* RN, Readme, screenshot
* Apply suggestions from code review
* update RN
* bump ver
* more descriptive task
* bump ver
---------
Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* Audit alert fields fix (#29685)
* Add associated types to systemAssociatedTypes
* Add associated types to systemAssociatedTypes
* fix incident field structure
* RN
* Workday documentation fix (#29681)
* readme
* readme
* rn
* rn
* [Marketplace Contribution] Active Directory Query - Content Pack Update (#28633)
* [Marketplace Contribution] Active Directory Query - Content Pack Update (#27822)
* "contribution update to pack "Active Directory Query""
* revert changes
* rl
* remove files
* removed from rl
* Update pack_metadata.json
* Create 1_6_19.md
* Update 1_6_18.md
* Update 1_6_19.md
* Delete 1_6_19.md
* Update 1_6_18.md
* Update pack_metadata.json
* Update Active_Directory_Query.yml
removed duplicate section and type
* pass SERVER_IP as argument to test_credentials function
* Create 1_7_0.md
* Update pack_metadata.json
* Update README.md with ad-test-credentials info
* Update Active_Directory_Query.yml
* removed duplicate `type: 8` from ntlm
* removed duplicate types from integration settings
* removed duplicate description from ad-enable-account
* Update Active_Directory_Query.yml
* Update Active_Directory_Query.yml
* Update Active_Directory_Query.yml
* removing not relevant release note
* adding function
* update fucntion
* cr note
* adding NTLM_AUTH option
* Update Active_Directory_Query.py
* Update Packs/Active_Directory_Query/Integrations/Active_Directory_Query/Active_Directory_Query.py
Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com>
* cr notes
* update after merging from master
* reverting a change in olr rl
* added test_test_credentials unit test function
* fix unit test
* fixing unit tests
* fix unit test
* fixed lint errors
* Update Active_Directory_Query_test.py
* empty commit
* fix yml and docker file
* revert changes in send email manager
* fix yml
* fix
* fix validation error
* fixing in129
---------
Co-authored-by: maimorag <mmorag@paloaltonetworks.com>
Co-authored-by: Randy Baldwin <32545292+randomizerxd@users.noreply.github.com>
Co-authored-by: Mai Morag <81917647+maimorag@users.noreply.github.com>
Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com>
* cr notes
* Bump pack from version Active_Directory_Query to 1.6.21.
* fix yml changes
* cr notes
* lint fixes
* fix test
* docker update
* Update Packs/Active_Directory_Query/Integrations/Active_Directory_Query/README.md
Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com>
* fix delete required
* Apply suggestions from code review
* fix test
* docker update
* rl
* empty commit
* docker update
* empty commit
* empty commit
* merge from master
* empty commit check
* revert changes
* Delete Packs/cyberark_AIM/Integrations/CyberArkAIM_v2/integration-CyberArkAIM_v2.yml
* docker downgrade
* rl
* trying new docker image
* validate errors fix
* revert docker version
* [DS108] - Description must end with a period (".") - fix
* empty commit check
* empty commit check
---------
Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com>
Co-authored-by: maimorag <mmorag@paloaltonetworks.com>
Co-authored-by: Randy Baldwin <32545292+randomizerxd@users.noreply.github.com>
Co-authored-by: Mai Morag <81917647+maimorag@users.noreply.github.com>
Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com>
Co-authored-by: Content Bot <bot@demisto.com>
* Big query bug xsup 28132 (#29680)
* bug fix
* rn
* rn
* Apply suggestions from code review
Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com>
* format
* pre commit
---------
Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com>
* New Prisma Cloud v2 commands (#29323)
* resource list command
* limit results
* user roles list command
* pre commit
* users list command
* edit remediation commands
* UTs
* update README
* update RN
* pre commit fixes
* edit test playbook
* CR changes
* Demo changes -
remediate 406 raises error
new args for resource_list & user_roles
* fix test
* Apply suggestions from doc review
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* fix test playbook
* Tomer's changes
---------
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* Prisma Cloud Update (#29666)
* Updated ModelingRules
* Updated ReleaseNotes
* Updated ReleaseNotes
* Updated ModelingRules
* Updated ModelingRules
* Updated ModelingRules
* Bump pack from version PrismaCloud to 4.2.4.
---------
Co-authored-by: Content Bot <bot@demisto.com>
* Rapid7 appsec (#29134) (#29687)
* Revert "Add space to conf"
This reverts commit 08e6490c8907bdb3fbf2dc394d0bc352dc0c5935.
* Updated the packs category to *Authentication & Identity Management* (part 2) (#24876)
* Update Docker Image To demisto/fastapi (#24923)
* Updated Metadata Of Pack CyberArkIdentity
* Added release notes to pack CyberArkIdentity
* Packs/CyberArkIdentity/Integrations/CyberArkIdentityEventCollector/CyberArkIdentityEventCollector.yml Docker image update
* Update Docker Image To demisto/lxml (#24924)
* Updated Metadata Of Pack TaniumThreatResponse
* Added release notes to pack TaniumThreatResponse
* Packs/TaniumThreatResponse/Integrations/TaniumThreatResponseV2/TaniumThreatResponseV2.yml Docker image update
* Update Docker Image To demisto/crypto (#24922)
* Updated Metadata Of Pack X509Certificate
* Added release notes to pack X509Certificate
* Packs/X509Certificate/Scripts/CertificateExtract/CertificateExtract.yml Docker image update
* Update Docker Image To demisto/python3 (#24921)
* Updated Metadata Of Pack Cybereason
* Added release notes to pack Cybereason
* Packs/Cybereason/Integrations/Cybereason/Cybereason.yml Docker image update
* Updated Metadata Of Pack DNSDB
* Added release notes to pack DNSDB
* Packs/DNSDB/Integrations/DNSDB_v2/DNSDB_v2.yml Docker image update
* Updated Metadata Of Pack DeepInstinct
* Added release notes to pack DeepInstinct
* Packs/DeepInstinct/Integrations/DeepInstinct3x/DeepInstinct3x.yml Docker image update
* Updated Metadata Of Pack FeedCyrenThreatInDepth
* Added release notes to pack FeedCyrenThreatInDepth
* Packs/FeedCyrenThreatInDepth/Integrations/CyrenThreatInDepth/CyrenThreatInDepth.yml Docker image update
* Updated Metadata Of Pack IronDefense
* Added release notes to pack IronDefense
* Packs/IronDefense/Integrations/IronDefense/IronDefense.yml Docker image update
* Updated Metadata Of Pack Qintel
* Added release notes to pack Qintel
* Packs/Qintel/Integrations/QintelPMI/QintelPMI.yml Docker image update
* Packs/Qintel/Integrations/QintelQSentry/QintelQSentry.yml Docker image update
* Packs/Qintel/Integrations/QintelQWatch/QintelQWatch.yml Docker image update
* Updated Metadata Of Pack QualysFIM
* Added release notes to pack QualysFIM
* Packs/QualysFIM/Integrations/QualysFIM/QualysFIM.yml Docker image update
* Updated Metadata Of Pack QutteraWebsiteMalwareScanner
* Added release notes to pack QutteraWebsiteMalwareScanner
* Packs/QutteraWebsiteMalwareScanner/Integrations/QutteraWebsiteMalwareScanner/QutteraWebsiteMalwareScanner.yml Docker image update
* Fixed mypy + validation
---------
* NGINXApiModule: fix logging typo (#24878)
* fix logging typo
* bump dependent packs
---------
* Downgrade docker to fix banner issue (#24905)
* Downgrade docker to fix banner issue
* Fix docs
* Add UT to prevent Docker bump
* Fix yml validation
* Adding vulnerability commands
* Fixing pagination page index
* Updating PR comments and Scan commands
* Updating ID in test data.
* Updating integration
* Updating integration
* Updating fromversion
* Updating linters
* Updating linters
* Updating git pre-commit
* Updating docstring
* Updating the handling of request when limit
* Removing get_pagination_params
* Updating integration
* Updating git-pre commit
* Updating integration
* Updating integration
* Updating unit test
* Updating docker image
* Updating integration
* Updating README version.
* Updating secrets
* Updating integration
* Updating integration
* Updating integration
* Updating docstrings
* Updating doc-review comments.
* Updating doc-review comments.
* Updating description
---------
Co-authored-by: Ron Hadad <112933572+ronh1@users.noreply.github.com>
Co-authored-by: TalGumi <talg@qmasters.co>
Co-authored-by: Mai Morag <81917647+maimorag@users.noreply.github.com>
Co-authored-by: sberman <sberman@paloaltonetworks.com>
Co-authored-by: Guy Lichtman <1395797+glicht@users.noreply.github.com>
Co-authored-by: glicht <glicht@users.noreply.github.com>
Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>
* Panos add param (#29672)
* added param job_polling_max_num_attempts
* Added rn
* Added missing param type
Fixed unit tests
* added to readme
* fixed readme
* Update Packs/PAN-OS/Integrations/Panorama/Panorama.yml
Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com>
* fixed text and namings
* Bump pack from version PAN-OS to 2.1.8.
---------
Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com>
Co-authored-by: Content Bot <bot@demisto.com>
* Fix proxy usage (#85) (#29630)
* Fix proxy usage (#85) (#29181)
* Fix proxy usage (#85)
* Fix proxy usage in ZF client
* Fix variable USE_SSL to verify requests
* Remove proxy object from client
Given that the proxy works by default with env vars, the proxy object
is not necessary
* Update version and add release notes
* Fix call to modified alerts (#86)
* Fix call to modified alerts
* Update docker image
* Fix tests associated with get modified data
* change rn
* fix validation
---------
Co-authored-by: Felipe Garrido <fgarridob.95+github@gmail.com>
Co-authored-by: ostolero <ostolero@paloaltonetworks.com>
Co-authored-by: ostolero <86190583+ostolero@users.noreply.github.com>
* Missing dependencies when installing packs (#28989)
* search and install packs
---------
Co-authored-by: kobymeir <ymeir@paloaltonetworks.com>
* Deprecate Picus Community (#29573)
* Merge branch 'master' into github_workflow_partner
# Conflicts:
# Utils/github_workflow_scripts/utils.py
* Merge branch 'master' into github_workflow_partner
# Conflicts:
# Utils/github_workflow_scripts/utils.py
* Picus NG display name
* Picus update
* Picus update
* Picus update
* Picus update
* Picus update
* Picus update
* Picus update
* Picus update
---------
Co-authored-by: RotemAmit <ramit@paloaltonetworks.com>
* [ASM] - Expander - GCP Hierarchy field - 4376 (#29696) (#29704)
* Add assethierarchy field to GCP ASM playbook
* Add release notes
* Update field json
Co-authored-by: John <40349459+BigEasyJ@users.noreply.github.com>
* fix merge
* update rn
* remove access code
* fix conflicts
* update docker
* fix validation
---------
Co-authored-by: Ali Sawyer <91506078+ali-sawyer@users.noreply.github.com>
Co-authored-by: ostolero <86190583+ostolero@users.noreply.github.com>
Co-authored-by: ostolero <ostolero@paloaltonetworks.com>
Co-authored-by: Content Bot <bot@demisto.com>
Co-authored-by: Menachem Weinfeld <90556466+mmhw@users.noreply.github.com>
Co-authored-by: omerKarkKatz <95565843+omerKarkKatz@users.noreply.github.com>
Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com>
Co-authored-by: Chait A <112722030+capanw@users.noreply.github.com>
Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com>
Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com>
Co-authored-by: Yaroslav Nestor <yaroslav.nestor22@gmail.com>
Co-authored-by: Ido van Dijk <43602124+idovandijk@users.noreply.github.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Co-authored-by: sberman <sberman@paloaltonetworks.com>
Co-authored-by: DinaMeylakh <72339665+DinaMeylakh@users.noreply.github.com>
Co-authored-by: ilaner <88267954+ilaner@users.noreply.github.com>
Co-authored-by: Yehonatan Asta <yasta@paloaltonetworks.com>
Co-authored-by: israelpoli <72099621+israelpoli@users.noreply.github.com>
Co-authored-by: sapir shuker <49246861+sapirshuker@users.noreply.github.com>
Co-authored-by: Mai Morag <81917647+maimorag@users.noreply.github.com>
Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com>
Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com>
Co-authored-by: asimsarpkurt <79475614+asimsarpkurt@users.noreply.github.com>
Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com>
Co-authored-by: Yehuda Rosenberg <90599084+RosenbergYehuda@users.noreply.github.com>
Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com>
Co-authored-by: samuelFain <65926551+samuelFain@users.noreply.github.com>
Co-authored-by: nkanon <109467661+nkanon@users.noreply.github.com>
Co-authored-by: Eido Epstain <eepstain@paloaltonetworks.com>
Co-authored-by: Tomer Haimof <81556849+tomer-pan@users.noreply.github.com>
Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com>
Co-authored-by: maimorag <mmorag@paloaltonetworks.com>
Co-authored-by: Randy Baldwin <32545292+randomizerxd@users.noreply.github.com>
Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com>
Co-authored-by: Adi Bamberger Edri <72088126+BEAdi@users.noreply.github.com>
Co-authored-by: eepstain <116078117+eepstain@users.noreply.github.com>
Co-authored-by: Ron Hadad <112933572+ronh1@users.noreply.github.com>
Co-authored-by: TalGumi <talg@qmasters.co>
Co-authored-by: Guy Lichtman <1395797+glicht@users.noreply.github.com>
Co-authored-by: glicht <glicht@users.noreply.github.com>
Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>
Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com>
Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com>
Co-authored-by: Felipe Garrido <fgarridob.95+github@gmail.com>
Co-authored-by: Koby Meir <kobymeir@users.noreply.github.com>
Co-authored-by: kobymeir <ymeir@paloaltonetworks.com>
Co-authored-by: Edi Katsenelson <85438368+edik24@users.noreply.github.com>
Co-authored-by: RotemAmit <ramit@paloaltonetworks.com>
Co-authored-by: John <40349459+BigEasyJ@users.noreply.github.com>
* [Marketplace Contribution] Okta - Content Pack Update (#29650)
* [Marketplace Contribution] Okta - Content Pack Update (#29303)
* "contribution update to pack "Okta""
* minor fixes
* add outputs and readme
* add outputs description
* update docker
* change outputs
---------
Co-authored-by: ostolero <ostolero@paloaltonetworks.com>
Co-authored-by: ostolero <86190583+ostolero@users.noreply.github.com>
* Fixing AWS Project Number in ASM Cloud (#29593) (#29642)
Co-authored-by: Chait A <112722030+capanw@users.noreply.github.com>
Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com>
Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
* [MS Teams] support reset_graph_auth (#29644)
* fixed
* pre-commit
* update
* Recordedfuture threathunting v2.5.0 (#29641)
* Recordedfuture threathunting v2.5.0 (#29025)
* Add commands related to Automated Threat hunting
recordedfuture-threat-map
recordedfuture-threat-links
recordedfuture-detection-rules
* Add recordedfuture-collective-insight command. Change app version.
* Update README.md. Add release notes
* Add playbook. Add unittests
* Add unittests
* Fix test_collective_insight_command
* Remove incorrect release note
* Add documentation for threat actor search playbook
* update Recorded Future Threat actor search playbook. add release note about new playbook.
* Update release notes, fix formatting
* Format yml files
* Update Recorded future threat actor search playbook
* Update docker image
* Fix linter
---------
Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
* Minor README fixes
---------
Co-authored-by: Yaroslav Nestor <yaroslav.nestor22@gmail.com>
Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
* [ASM] Expander 5777 (#29647)
* [ASM] Expander 5777 (#29619)
* first
* RN
* Bump pack from version CortexAttackSurfaceManagement to 1.6.36.
---------
Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com>
Co-authored-by: Content Bot <bot@demisto.com>
* XDR Malware Enrichment - hotfix for usernames (split) (#29585)
* Updated playbook with hotfix where we split usernames from domains and append them to the username list of usernames for account enrichment
* Added RN
* remove irrelevant test
* Updated RN
* Bump pack from version CortexXDR to 5.1.6.
* Update Packs/CortexXDR/ReleaseNotes/5_1_6.md
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
---------
Co-authored-by: Content Bot <bot@demisto.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* Update Docker Image To demisto/pyjwt3 (#29656)
* Updated Metadata Of Pack Silverfort
* Added release notes to pack Silverfort
* Packs/Silverfort/Integrations/Silverfort/Silverfort.yml Docker image update
* Update Docker Image To demisto/trustar (#29660)
* Updated Metadata Of Pack TruSTAR
* Added release notes to pack TruSTAR
* Update Docker Image To demisto/keeper-ksm (#29661)
* Updated Metadata Of Pack KeeperSecretsManager
* Added release notes to pack KeeperSecretsManager
* Packs/KeeperSecretsManager/Integrations/KeeperSecretsManager/KeeperSecretsManager.yml Docker image update
* Update Docker Image To demisto/py3-tools (#29654)
* Updated Metadata Of Pack Intezer
* Added release notes to pack Intezer
* Packs/Intezer/Integrations/IntezerV2/IntezerV2.yml Docker image update
* Updated Metadata Of Pack FeedMalwareBazaar
* Added release notes to pack FeedMalwareBazaar
* Packs/FeedMalwareBazaar/Integrations/MalwareBazaarFeed/MalwareBazaarFeed.yml Docker image update
* Updated Metadata Of Pack FeedGCPWhitelist
* Added release notes to pack FeedGCPWhitelist
* Packs/FeedGCPWhitelist/Integrations/FeedGoogleIPRanges/FeedGoogleIPRanges.yml Docker image update
* Updated Metadata Of Pack AccentureCTI_Feed
* Added release notes to pack AccentureCTI_Feed
* Packs/AccentureCTI_Feed/Integrations/ACTIIndicatorFeed/ACTIIndicatorFeed.yml Docker image update
* Fix DS108
---------
Co-authored-by: sberman <sberman@paloaltonetworks.com>
* Update Docker Image To demisto/taxii-server (#29659)
* Updated Metadata Of Pack CybleThreatIntel
* Added release notes to pack CybleThreatIntel
* Packs/CybleThreatIntel/Integrations/CybleThreatIntel/CybleThreatIntel.yml Docker image update
* Fix DS108
---------
Co-authored-by: sberman <sberman@paloaltonetworks.com>
* Update Docker Image To demisto/datadog-api-client (#29662)
* Updated Metadata Of Pack DatadogCloudSIEM
* Added release notes to pack DatadogCloudSIEM
* Packs/DatadogCloudSIEM/Integrations/DatadogCloudSIEM/DatadogCloudSIEM.yml Docker image update
* Fix DS108
---------
Co-authored-by: sberman <sberman@paloaltonetworks.com>
* Add reliability parameter to cves and pipl integration (#28703)
* commiting PrismaCloudCompute
* release notes added
* changed couldcompute, CVESearchV2, pipl
* added pack metadata
* fixed pipl readme
* reverting changes in CVESearch since it was deprecated
* removed redundant
* committing pre commit changes
* added known words
* added known words
* fixed lint error
* changed according to review
* updated docker version in PrismaCloudCompute
* changed according to doc review
* Added condition for not receiving new incidents in the test playbook
* updating release notes
* reverting fetch changes
* fixed playbook
* formatted playbook
* new validation, new run
* new validation, new run
* Bump pack from version PrismaCloudCompute to 1.4.10.
* update the docker image
---------
Co-authored-by: Content Bot <bot@demisto.com>
* Proofpoint email security pack: update description (#29651)
* update description
* Updated the schema file.
* Updated the schema file.
---------
Co-authored-by: Yehonatan Asta <yasta@paloaltonetworks.com>
* Jira v2 deprecated (#29649)
* Deprecate to jira v2
* update RN
* update conf.json file
* add task to the Create Jira Issue playbook that check if jira v3 is enable
* add image.png of the playbook
* update the playbook (yml, readme, image) and RN
* Update Docker Image To demisto/python3 (#29652)
* Updated Metadata Of Pack PANOSPolicyOptimizer
* Added release notes to pack PANOSPolicyOptimizer
* Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml Docker image update
* Updated Metadata Of Pack VMwareWorkspaceONEUEM
* Added release notes to pack VMwareWorkspaceONEUEM
* Packs/VMwareWorkspaceONEUEM/Integrations/VMwareWorkspaceONEUEM/VMwareWorkspaceONEUEM.yml Docker image update
* Updated Metadata Of Pack CiscoSMA
* Added release notes to pack CiscoSMA
* Packs/CiscoSMA/Integrations/CiscoSMA/CiscoSMA.yml Docker image update
* Updated Metadata Of Pack FeedThreatConnect
* Added release notes to pack FeedThreatConnect
* Packs/FeedThreatConnect/Integrations/FeedThreatConnect/FeedThreatConnect.yml Docker image update
* Updated Metadata Of Pack BitSight
* Added release notes to pack BitSight
* Packs/BitSight/Integrations/BitSightForSecurityPerformanceManagement/BitSightForSecurityPerformanceManagement.yml Docker image update
* Updated Metadata Of Pack AWS-ILM
* Added release notes to pack AWS-ILM
* Packs/AWS-ILM/Integrations/AWSILM/AWSILM.yml Docker image update
* Updated Metadata Of Pack CiscoWSA
* Added release notes to pack CiscoWSA
* Packs/CiscoWSA/Integrations/CiscoWSAV2/CiscoWSAV2.yml Docker image update
* Updated Metadata Of Pack SysAid
* Added release notes to pack SysAid
* Packs/SysAid/Integrations/SysAid/SysAid.yml Docker image update
* Updated Metadata Of Pack ManageEngine_PAM360
* Added release notes to pack ManageEngine_PAM360
* Packs/ManageEngine_PAM360/Integrations/ManageEnginePAM360/ManageEnginePAM360.yml Docker image update
* Updated Metadata Of Pack CiscoUmbrellaReporting
* Added release notes to pack CiscoUmbrellaReporting
* Packs/CiscoUmbrellaReporting/Integrations/CiscoUmbrellaReporting/CiscoUmbrellaReporting.yml Docker image update
* Fix DS108
---------
Co-authored-by: sberman <sberman@paloaltonetworks.com>
* XSUP-27717/FortiSIEM (#29458)
* add tests
* add RN,fix,logs
* Update 2_0_21.md
* add period
* add a name to incident
* fixes CR
* update docker image
* delete logs
* CR fixes
* Update 2_0_21.md
* Update FortiSIEMV2.py
* reverting the Docker image (#29607)
* reverting the Docker image
* Update Packs/cyberark_AIM/ReleaseNotes/1_0_14.md
---------
Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com>
* [Marketplace Contribution] Roksit DNS Security Integration - Sarp (#29663)
* [Marketplace Contribution] Roksit DNS Security Integration - Sarp (#29314)
* "pack contribution initial commit"
* Update RoksitDNSSecurityIntegrationSarp.py
* Update RoksitDNSSecurityIntegrationSarp.py
* Yehuda's version
* test module
* readme
* new logo
* Update RoksitDNSSecurityIntegrationSarp.yml
* Apply suggestions from code review
* Update RoksitDNSSecurityIntegrationSarp_description.md
* Update pack_metadata.json
* Update README.md
* Update pack_metadata.json
* Update pack_metadata.json
* Update Packs/RoksitDNSSecurityIntegration-Sarp/pack_metadata.json
* fixes
* change name
* folder name
* file names
* version
* rename sub folder
* remove (DNSSense) from the integration name
* rename folder
* docker
* replace image
* fix image name
---------
Co-authored-by: asimsarpkurt <79475614+asimsarpkurt@users.noreply.github.com>
Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com>
Co-authored-by: Yehuda Rosenberg <90599084+RosenbergYehuda@users.noreply.github.com>
* rename image
---------
Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com>
Co-authored-by: asimsarpkurt <79475614+asimsarpkurt@users.noreply.github.com>
Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com>
Co-authored-by: Yehuda Rosenberg <90599084+RosenbergYehuda@users.noreply.github.com>
* add unstuck fetch stream command (#29646)
* add unstuck fetch stream command
* added RN
* fixes
* add note
* cr fixes
* fix conflicts
* reverts
* [pre-commit pycln] Align the entire repo with pycln #4 (#29665)
* Fix pycln errors
* Update the docker images
* Run demisto-sdk pre-commit
* update docker
---------
Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com>
Co-authored-by: ostolero <ostolero@paloaltonetworks.com>
Co-authored-by: ostolero <86190583+ostolero@users.noreply.github.com>
Co-authored-by: Chait A <112722030+capanw@users.noreply.github.com>
Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com>
Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com>
Co-authored-by: Yaroslav Nestor <yaroslav.nestor22@gmail.com>
Co-authored-by: Content Bot <bot@demisto.com>
Co-authored-by: Ido van Dijk <43602124+idovandijk@users.noreply.github.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Co-authored-by: sberman <sberman@paloaltonetworks.com>
Co-authored-by: DinaMeylakh <72339665+DinaMeylakh@users.noreply.github.com>
Co-authored-by: ilaner <88267954+ilaner@users.noreply.github.com>
Co-authored-by: Yehonatan Asta <yasta@paloaltonetworks.com>
Co-authored-by: israelpoli <72099621+israelpoli@users.noreply.github.com>
Co-authored-by: sapir shuker <49246861+sapirshuker@users.noreply.github.com>
Co-authored-by: Mai Morag <81917647+maimorag@users.noreply.github.com>
Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com>
Co-authored-by: asimsarpkurt <79475614+asimsarpkurt@users.noreply.github.com>
Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com>
Co-authored-by: Yehuda Rosenberg <90599084+RosenbergYehuda@users.noreply.github.com>
Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com>
Co-authored-by: Menachem Weinfeld <90556466+mmhw@users.noreply.github.com>
* If-Elif Transformer (#27763)
* IfElif init
* minor changes
* parse single strings not json
* fixed regex
* fixed json bug
* removed context
* created eval blacklist
* added json KW to eval
* Update bucket-upload.yml
* added ast for parsing
* use hash for context grab
* added value arg
* quick
* added unit-tests
* added README.md
* added RN
* added flags arg; use dt for context grabbing
* fixed context grabbing
* added regex support
* finished readme
* finished readme 2
* added variables arg
* changed vars to upper
* changed to class
* prefixed variable bug
* some tests
* finished unit-tests
* completed tests
* finished docs
* finished docs in yml
* new design for 'value'
* unit-tests complete
* docs part 1
* docs complete
* added if-elif TPB
* fixed TPB
* fixed mypy error
* fixed mypy error
* fixed injection issue; added + op
* name changes
* added injection test in TPB
* CR changes
* error for unknown variables
* reformat 'from_context' func
* resolve conflicts
* demo changes
* demo changes part 2
* bug fix
* updated docker
* added list_compare flag
* added error catcher for comp funcs
* readme update; textArea for conditions
* resolve conflicts
* resolve conflicts
* updated docker
* name changes
* fixed unit-tests
* Apply suggestions from code review
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* added missing flag to readme
* CR changes
* Apply suggestions from code review
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* name changes
* added suppres_error behaviuor to docs
* Apply suggestions from code review
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* updated docker
---------
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* revert removal of release notes generator (#29828)
* revert
* validations
* rn
* search_and_install_packs.py - less strict when installing packs during nightly. should be reverted in (#29806)
Co-authored-by: kobymeir <ymeir@paloaltonetworks.com>
* exit on error alignment.fixing echo message when exiting the uninstallation script. (#29821)
* exit on error alignment.
fixing echo message when exiting the uninstallation script.
* installing specific poetry version (#29812)
* installing specific poetry version - moving the logic to bootstrap
* Cs falcon detections revert (#29833)
* Revert "Cs falcon fetch limit issue (#29411)"
This reverts commit f7b7d5c6
* Revert "Cs limit in idp detections (#29550)"
This reverts commit 47738d56
* Added rn
* Added rn
* SQL Alchemy 2.x.x (#29436)
* MySQL and Postgress works
* MSSQL, My SQL and postgres works with bind_variables from the second form
* resolve conflicts
* fix CR's comments
* pre commit
* parsing the results
* Add UT
* same name and right docker
* RN
* sourcery
* another docker image
* revert docker image
* Update Packs/GenericSQL/ReleaseNotes/1_0_25.md
Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com>
* Update Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py
Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com>
* Update Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py
Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com>
* Update Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py
Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com>
* fix variable name
* constants
* mapping instead of conditions
* unskip Oracle TPB
* resolve conflicts
* resolve conflicts
* Constants
* Update Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py
Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com>
* CR fixes
* Update Packs/GenericSQL/ReleaseNotes/1_1_0.md
Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com>
* add commit after executing a query
* fix UT
* remove autocommit true from MSSQL
* fix UT
* autocommit for
MSSQL, commit for the others
* commit for the others DBs, since in MSSQL is automatically
* docker image
---------
Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com>
* Generic playbooks fixes (#29711)
* fixes for generic playbooks
* fixes for generic playbooks
* fixes for generic playbooks
* Use Case Builder Development stage Field update (#29771) (#29825)
* pushing changes to the use case stage
* adding release notes
* Update pack_metadata.json
* Rename 1_1_0.md to 1_0_4.md
* Update 1_0_4.md
* Update 1_0_4.md
---------
Co-authored-by: Joe Cosgrove <joecosgrove5@gmail.com>
Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com>
* Add mapper and disable auto extraction for ThinkstCanary (#29756)
* Add Classification and Mapping to ThinkstCanary Integration
* Duo Mapping Enrichment (#29139)
* Updated DuoModelingRule_1_3
* Updated ModelingRules and ReleaseNotes
* Updated ModelingRules and ReleaseNotes
* Updated DuoModelingRule_1_3_schema and README
* Rev DuoModelingRule_1_3 | add DuoModelingRule_2_0
* Updated .yml and ReleaseNotes
* Updated DuoModelingRule_2_0
* Updated ReleaseNotes
* Updated .yml with toversion: 8.3.0
* Updated DuoModelingRule_2_0_schema
* Updated ModelingRules
* Updated ReleaseNotes
* Bump pack from version DuoAdminApi to 4.0.8.
* Updated DuoModelingRule_1_3
* azure
* Updated DuoModelingRule_2_0
* Updated DuoModelingRule_2_0
* Updated ParsingRules
* Updated ReleaseNotes
* Updated ReleaseNotes
* Updated ReleaseNotes
* Updated pack_metadata
* Updated pack_metadata
* Updated pack_metadata
* Updated README
* Updated README
* Updated README
* Updated ReleaseNotes
* Updated ReleaseNotes
* Updated DuoModelingRule_2_0
* Reverted MS packs
* Reverted MS packs
* Updated DuoModelingRule_1_3_schema
* Updated ReleaseNotes
* Update Packs/DuoAdminApi/ReleaseNotes/4_0_10.md
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
---------
Co-authored-by: Content Bot <bot@demisto.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* [AWS System Manager] New Pack (#28992)
* init - new pack
* 2 commands
* aws-ssm-inventory-entry-list
* list_associations_command
* remove boto stubs
* remove boto stubs
* improve
* poetry
* revert poetry
* aws-ssm-association-list
* aws-ssm-association-get
* aws-ssm-association-get
* aws-ssm-association-version-list
* format
* aws-ssm-document-list
* ruff
* ruff
* ssmclient test
* test
* doc get
* docs
* Update pyproject.toml
* Update poetry.lock
* Update .pre-commit-config_template.yaml
* regex
* aws-ssm-tag-remove
* improve
* aws-ssm-automation-execution-list
* pack
* aws-ssm-command-list
* aws-ssm-command-run aws-ssm-command-cancel
* ruff
* Apply suggestions from code review
Co-authored-by: Jacob Levy <129657918+jlevypaloalto@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Jacob Levy <129657918+jlevypaloalto@users.noreply.github.com>
* UT
* UT
* cr and docs
* black
* black and ruff
* format
* description
* format description
* pack metadata
* fix ut
* Apply suggestions from code review
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* cr
* cr
* fix yml
* add outputs
* Update Packs/AWS_SystemManager/Integrations/AWSSystemManager/AWSSystemManager.py
Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com>
* fix cr
* run command and fix UT
* automation run
* fix output add playbook
* docs
* docs
* docs
* docs
* ruff and black
* fix demo
* fix demo
* update docker and fix line to long
* Apply suggestions from code review (docs)
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com>
* cr fix
* update docker
* fix line
* Fix an issue
* Fix an issue
* Update playbook description
* Update docker
---------
Co-authored-by: Jacob Levy <129657918+jlevypaloalto@users.noreply.github.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com>
* Fix splunk search in incident context (#29763)
* fixes
* fixes
* fixes
* update docker
* added rn
* add bc rn
* Empty-Commit
* Test For 'WildFire Malware' Playbook (#29404)
* Test For 'WildFire Malware' Playbook
* PR
* RN
* added the "is_mockable" config to the conf file
* removed the "is_mockable" config to the conf file
* Bump pack from version Core to 2.0.14.
* Bump pack from version Core to 2.0.15.
* Increased timeout configs
* Added VirusTotal to the conf file
* added virustotal instance name
* changed the 'AutoContainment' playbook input config to 'true'
* changed 'timeout'
* changed 'timeout'
* changed 'timeout' to 1600
* changed the 'ShouldCloseAutomatically' playbook input to 'false'
* added the test playbook name to the playbook YML file
* RN
* removed the close note alert field verification
* added the 'marketplacev2' to the test playbook YML file
* added the '000001e7a228b2a7abdf7f7e404bc8522df32b725e86907dde32176bccbbbb27' malicious file hash to secrets ignore file. the file hash is used within the test playbook for enrichment and test purposes.
---------
Co-authored-by: Content Bot <bot@demisto.com>
* update docker image (#29845)
* added functionallity to download index by marketplace (#29834)
* added functionallity to download index by marketplace
* added some logs for validation
* commit
* removed logs
* [pre-commit MyPy] Align the entire repo with MyPy #2 (#29799)
* [pre-commit MyPy] Align the entire repo with MyPy #2
* Add RN
* Revert changes in 1.12.26 RN
* Update the docker images
* [pre-commit MyPy] Align the entire repo with MyPy #1 (#29798)
* [pre-commit MyPy] Align the entire repo with MyPy #1
* Xsup 27738 DBotFindSimilarIncidents NoneType Error (#29701)
* failed ut
* fix
* rn
* pre-commit
* pre commit
* just the fix
* fix description in yml
* fix
* docker
* Update Packs/Base/ReleaseNotes/1_32_34.md
Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com>
* test
* test
* removed import
---------
Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com>
* Wiz v1 2 11 (#29719)
* Wiz v1 2 11 (#29688)
* remove redundant parenthesis
* ../Packs/Wiz/Integrations/Wiz/Wiz.py
* add Wiz user agent
* rephrase release notes
* update pack metadata json
* rephrase release notes v2
…- Loading branch information
84 people
committed
Nov 13, 2023
1 parent
b8a0d97
commit 0f8cec9