From 4156d18044c8afde891c566c8b3ff8712871d645 Mon Sep 17 00:00:00 2001 From: MLainer1 <93524335+MLainer1@users.noreply.github.com> Date: Sun, 11 Jun 2023 11:57:15 +0300 Subject: [PATCH] AWS Feed - added support for IPv6 (#27141) * AWS Feed - added support for IPv6 * added tests * cr * tests an rn * validation * rn * cr * di --- .../AccentureCTI_Feed/ReleaseNotes/1_1_14.md | 6 + Packs/AccentureCTI_Feed/pack_metadata.json | 2 +- .../JSONFeedApiModule/JSONFeedApiModule.py | 25 +++- .../JSONFeedApiModule_test.py | 123 +++++++++++++++++- Packs/FeedAWS/Integrations/FeedAWS/FeedAWS.py | 75 ++++++----- .../FeedAWS/Integrations/FeedAWS/FeedAWS.yml | 9 +- Packs/FeedAWS/ReleaseNotes/1_1_35.md | 8 ++ Packs/FeedAWS/pack_metadata.json | 2 +- Packs/FeedFastly/ReleaseNotes/1_1_25.md | 6 + Packs/FeedFastly/pack_metadata.json | 2 +- Packs/FeedGCPWhitelist/ReleaseNotes/2_0_16.md | 6 + Packs/FeedGCPWhitelist/pack_metadata.json | 2 +- Packs/FeedIntel471/ReleaseNotes/2_1_1.md | 10 ++ Packs/FeedIntel471/pack_metadata.json | 2 +- Packs/FeedJSON/ReleaseNotes/1_1_28.md | 7 + Packs/FeedJSON/pack_metadata.json | 2 +- .../FeedMalwareBazaar/ReleaseNotes/1_0_17.md | 6 + Packs/FeedMalwareBazaar/pack_metadata.json | 2 +- Packs/iDefense/ReleaseNotes/3_2_11.md | 6 + Packs/iDefense/pack_metadata.json | 2 +- 20 files changed, 255 insertions(+), 48 deletions(-) create mode 100644 Packs/AccentureCTI_Feed/ReleaseNotes/1_1_14.md create mode 100644 Packs/FeedAWS/ReleaseNotes/1_1_35.md create mode 100644 Packs/FeedFastly/ReleaseNotes/1_1_25.md create mode 100644 Packs/FeedGCPWhitelist/ReleaseNotes/2_0_16.md create mode 100644 Packs/FeedIntel471/ReleaseNotes/2_1_1.md create mode 100644 Packs/FeedJSON/ReleaseNotes/1_1_28.md create mode 100644 Packs/FeedMalwareBazaar/ReleaseNotes/1_0_17.md create mode 100644 Packs/iDefense/ReleaseNotes/3_2_11.md diff --git a/Packs/AccentureCTI_Feed/ReleaseNotes/1_1_14.md b/Packs/AccentureCTI_Feed/ReleaseNotes/1_1_14.md new file mode 100644 index 000000000000..5304450fcc65 --- /dev/null +++ b/Packs/AccentureCTI_Feed/ReleaseNotes/1_1_14.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### ACTI Indicator Feed + +- Enhanced the ***JSONFeedApiModule*** to support fetching multiple indicator types in the ***AWS Feed*** integration. The change has no impact on this integration. diff --git a/Packs/AccentureCTI_Feed/pack_metadata.json b/Packs/AccentureCTI_Feed/pack_metadata.json index 75d31cfdb97f..b31c797210e4 100644 --- a/Packs/AccentureCTI_Feed/pack_metadata.json +++ b/Packs/AccentureCTI_Feed/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Accenture CTI Feed", "description": "Accenture Cyber Threat Intelligence Feed", "support": "partner", - "currentVersion": "1.1.13", + "currentVersion": "1.1.14", "author": "Accenture", "url": "https://www.accenture.com/us-en/services/security/cyber-defense", "email": "CTI.AcctManagement@accenture.com", diff --git a/Packs/ApiModules/Scripts/JSONFeedApiModule/JSONFeedApiModule.py b/Packs/ApiModules/Scripts/JSONFeedApiModule/JSONFeedApiModule.py index e03665d446b8..1836ad13231b 100644 --- a/Packs/ApiModules/Scripts/JSONFeedApiModule/JSONFeedApiModule.py +++ b/Packs/ApiModules/Scripts/JSONFeedApiModule/JSONFeedApiModule.py @@ -111,11 +111,13 @@ def build_iterator(self, feed: dict, feed_name: str, **kwargs) -> Tuple[List, bo url = feed.get('url', self.url) if is_demisto_version_ge('6.5.0'): + prefix_feed_name = get_formatted_feed_name(feed_name) # Support for AWS feed + # Set the If-None-Match and If-Modified-Since headers # if we have etag or last_modified values in the context, with server version higher than 6.5.0. last_run = demisto.getLastRun() - etag = demisto.get(last_run, f'{feed_name}.etag') - last_modified = demisto.get(last_run, f'{feed_name}.last_modified') + etag = last_run.get(prefix_feed_name, {}).get('etag') or last_run.get(feed_name, {}).get('etag') + last_modified = last_run.get(prefix_feed_name, {}).get('last_modified') or last_run.get(feed_name, {}).get('last_modified') # noqa: E501 if etag: self.headers['If-None-Match'] = etag @@ -147,6 +149,7 @@ def build_iterator(self, feed: dict, feed_name: str, **kwargs) -> Tuple[List, bo try: r.raise_for_status() if r.content: + demisto.debug(f'JSON: found content for {feed_name}') data = r.json() result = jmespath.search(expression=feed.get('extractor'), data=data) @@ -170,7 +173,6 @@ def get_no_update_value(response: requests.Response, feed_name: str) -> bool: boolean with the value for noUpdate argument. The value should be False if the response was modified. """ - # HTTP status code 304 (Not Modified) set noUpdate to True. if response.status_code == 304: demisto.debug('No new indicators fetched, createIndicators will be executed with noUpdate=True.') @@ -190,12 +192,26 @@ def get_no_update_value(response: requests.Response, feed_name: str) -> bool: 'etag': etag } demisto.setLastRun(last_run) - + demisto.debug(f'JSON: The new last run is: {last_run}') demisto.debug('New indicators fetched - the Last-Modified value has been updated,' ' createIndicators will be executed with noUpdate=False.') return False +def get_formatted_feed_name(feed_name: str): + """support for AWS Feed config name, that contains $$ in the name. + example: AMAZON$$CIDR + Args: + feed_name (str): The feed config name + """ + prefix_feed_name = '' + if '$$' in feed_name: + prefix_feed_name = feed_name.split('$$')[0] + return prefix_feed_name + + return feed_name + + def test_module(client: Client, limit) -> str: for feed_name, feed in client.feed_name_to_config.items(): custom_build_iterator = feed.get('custom_build_iterator') @@ -241,6 +257,7 @@ def fetch_indicators_command(client: Client, indicator_type: str, feedTags: list mapping_function = feed_config.get('mapping_function', indicator_mapping) handle_indicator_function = feed_config.get('handle_indicator_function', handle_indicator) create_relationships_function = feed_config.get('create_relations_function') + service_name = get_formatted_feed_name(service_name) for item in items: if isinstance(item, str): diff --git a/Packs/ApiModules/Scripts/JSONFeedApiModule/JSONFeedApiModule_test.py b/Packs/ApiModules/Scripts/JSONFeedApiModule/JSONFeedApiModule_test.py index c1a29e84fbf3..a1c827c63671 100644 --- a/Packs/ApiModules/Scripts/JSONFeedApiModule/JSONFeedApiModule_test.py +++ b/Packs/ApiModules/Scripts/JSONFeedApiModule/JSONFeedApiModule_test.py @@ -29,7 +29,7 @@ def test_json_feed_no_config(): CONFIG_PARAMETERS = [ ( { - 'AMAZON': { + 'AMAZON$$CIDR': { 'url': 'https://ip-ranges.amazonaws.com/ip-ranges.json', 'extractor': "prefixes[?service=='AMAZON']", 'indicator': 'ip_prefix', @@ -42,13 +42,20 @@ def test_json_feed_no_config(): ), ( { - 'AMAZON': { + 'AMAZON$$CIDR': { 'url': 'https://ip-ranges.amazonaws.com/ip-ranges.json', 'extractor': "prefixes[?service=='AMAZON']", 'indicator': 'ip_prefix', 'indicator_type': FeedIndicatorType.CIDR, 'fields': ['region', 'service'] }, + 'AMAZON$$IPV6': { + 'url': 'https://ip-ranges.amazonaws.com/ip-ranges.json', + 'extractor': "ipv6_prefixes[?service=='AMAZON']", + 'indicator': 'ipv6_prefix', + 'indicator_type': FeedIndicatorType.IPv6, + 'fields': ['region', 'service'] + }, 'CLOUDFRONT': { 'url': 'https://ip-ranges.amazonaws.com/ip-ranges.json', 'extractor': "prefixes[?service=='CLOUDFRONT']", @@ -57,7 +64,7 @@ def test_json_feed_no_config(): 'fields': ['region', 'service'] } }, - 1148, + 1465, 36 ) ] @@ -89,7 +96,7 @@ def test_json_feed_with_config_mapping(): ip_ranges = json.load(ip_ranges_json) feed_name_to_config = { - 'AMAZON': { + 'AMAZON$$CIDR': { 'url': 'https://ip-ranges.amazonaws.com/ip-ranges.json', 'extractor': "prefixes[?service=='AMAZON']", 'indicator': 'ip_prefix', @@ -350,3 +357,111 @@ def test_fetch_indicators_command_google_ip_ranges(mocker): indicators, _ = fetch_indicators_command(client, indicator_type=None, feedTags=[], auto_detect=None, limit=100) for indicator in indicators: assert indicator.get('value') + + +def test_json_feed_with_config_mapping_with_aws_feed_no_update(mocker): + """ + Given + - Feed config from AWS feed, with last_run from the same feed, emulating the first + fetch after updating the AWS Feed integration when there is no update to the feed. + (the last_run object contains an 'AMAZON' entry) + + When + - Running fetch indicators command + + Then + - Ensure that the correct message displays in demisto.debug, and the last_run object + remained the same, and continue to have the previous AWS feed config name 'AMAZON'. + (the last_run object contains an 'AMAZON' entry) + """ + with open('test_data/amazon_ip_ranges.json') as ip_ranges_json: + ip_ranges = json.load(ip_ranges_json) + + mocker.patch.object(demisto, 'debug') + last_run = mocker.patch.object(demisto, 'setLastRun') + + feed_name_to_config = { + 'AMAZON$$CIDR': { + 'url': 'https://ip-ranges.amazonaws.com/ip-ranges.json', + 'extractor': "prefixes[?service=='AMAZON']", + 'indicator': 'ip_prefix', + 'indicator_type': FeedIndicatorType.CIDR, + 'fields': ['region', 'service'], + 'mapping': { + 'region': 'Region' + } + } + } + mocker.patch('CommonServerPython.is_demisto_version_ge', return_value=True) + mocker.patch('JSONFeedApiModule.is_demisto_version_ge', return_value=True) + mock_last_run = {"AMAZON": {"last_modified": '2019-12-17-23-03-10', "etag": "etag"}} + mocker.patch.object(demisto, 'getLastRun', return_value=mock_last_run) + + with requests_mock.Mocker() as m: + m.get('https://ip-ranges.amazonaws.com/ip-ranges.json', json=ip_ranges, status_code=304,) + + client = Client( + url='https://ip-ranges.amazonaws.com/ip-ranges.json', + credentials={'username': 'test', 'password': 'test'}, + feed_name_to_config=feed_name_to_config, + insecure=True + ) + + fetch_indicators_command(client=client, indicator_type='CIDR', feedTags=['test'], auto_detect=False) + assert demisto.debug.call_args[0][0] == 'No new indicators fetched, createIndicators will be executed with noUpdate=True.' + assert last_run.call_count == 0 + + +def test_json_feed_with_config_mapping_with_aws_feed_with_update(mocker): + """ + Given + - Feed config from AWS feed, with last_run from the same feed, emulating the first + fetch after updating the AWS Feed, when there is an update to the indicators + (the last_run object contains an 'AMAZON' entry) + + When + - Running fetch indicators command + + Then + - Ensure that the correct message displays in demisto.debug, and the last_run object + contains the new feed config name 'AMAZON$$CIDR' + """ + with open('test_data/amazon_ip_ranges.json') as ip_ranges_json: + ip_ranges = json.load(ip_ranges_json) + + mocker.patch.object(demisto, 'debug') + last_run = mocker.patch.object(demisto, 'setLastRun') + + feed_name_to_config = { + 'AMAZON$$CIDR': { + 'url': 'https://ip-ranges.amazonaws.com/ip-ranges.json', + 'extractor': "prefixes[?service=='AMAZON']", + 'indicator': 'ip_prefix', + 'indicator_type': FeedIndicatorType.CIDR, + 'fields': ['region', 'service'], + 'mapping': { + 'region': 'Region' + } + } + } + mocker.patch('CommonServerPython.is_demisto_version_ge', return_value=True) + mocker.patch('JSONFeedApiModule.is_demisto_version_ge', return_value=True) + mock_last_run = {"AMAZON": {"last_modified": '2019-12-17-23-03-10', "etag": "etag"}} + mocker.patch.object(demisto, 'getLastRun', return_value=mock_last_run) + + with requests_mock.Mocker() as m: + m.get('https://ip-ranges.amazonaws.com/ip-ranges.json', json=ip_ranges, status_code=200, + headers={'Last-Modified': 'Fri, 30 Jul 2021 00:24:13 GMT', # guardrails-disable-line + 'ETag': 'd309ab6e51ed310cf869dab0dfd0d34b'}) # guardrails-disable-line) + + client = Client( + url='https://ip-ranges.amazonaws.com/ip-ranges.json', + credentials={'username': 'test', 'password': 'test'}, + feed_name_to_config=feed_name_to_config, + insecure=True + ) + + fetch_indicators_command(client=client, indicator_type='CIDR', feedTags=['test'], auto_detect=False) + assert demisto.debug.call_args[0][0] == 'New indicators fetched - the Last-Modified value has been updated,' \ + ' createIndicators will be executed with noUpdate=False.' + assert "AMAZON$$CIDR" in last_run.call_args[0][0] diff --git a/Packs/FeedAWS/Integrations/FeedAWS/FeedAWS.py b/Packs/FeedAWS/Integrations/FeedAWS/FeedAWS.py index a801a2836b15..dd281105e84c 100644 --- a/Packs/FeedAWS/Integrations/FeedAWS/FeedAWS.py +++ b/Packs/FeedAWS/Integrations/FeedAWS/FeedAWS.py @@ -1,6 +1,30 @@ import demistomock as demisto from CommonServerPython import * +AVAILABLE_FEEDS = ['AMAZON', + 'EC2', + 'ROUTE53', + 'ROUTE53_HEALTHCHECKS', + 'CLOUDFRONT', + 'S3', + 'AMAZON_APPFLOW', + 'AMAZON_CONNECT', + 'API_GATEWAY', + 'CHIME_MEETINGS', + 'CHIME_VOICECONNECTOR', + 'CLOUD9', + 'CLOUDFRONT_ORIGIN_FACING', + 'CODEBUILD', + 'DYNAMODB', + 'EBS', + 'EC2_INSTANCE_CONNECT', + 'GLOBALACCELERATOR', + 'KINESIS_VIDEO_STREAMS', + 'ROUTE53_HEALTHCHECKS_PUBLISHING', + 'ROUTE53_RESOLVER', + 'WORKSPACES_GATEWAYS', + ] + def get_feed_config(services: list, regions: list): """ @@ -12,39 +36,18 @@ def get_feed_config(services: list, regions: list): Returns: The feed configuration. """ - available_feeds = { - 'AMAZON', - 'EC2', - 'ROUTE53', - 'ROUTE53_HEALTHCHECKS', - 'CLOUDFRONT', - 'S3', - 'AMAZON_APPFLOW', - 'AMAZON_CONNECT', - 'API_GATEWAY', - 'CHIME_MEETINGS', - 'CHIME_VOICECONNECTOR', - 'CLOUD9', - 'CLOUDFRONT_ORIGIN_FACING', - 'CODEBUILD', - 'DYNAMODB', - 'EBS', - 'EC2_INSTANCE_CONNECT', - 'GLOBALACCELERATOR', - 'KINESIS_VIDEO_STREAMS', - 'ROUTE53_HEALTHCHECKS_PUBLISHING', - 'ROUTE53_RESOLVER', - 'WORKSPACES_GATEWAYS', - } region_path = '' - if regions: + if regions and 'All' not in regions: region_path = f" && contains({regions}, region)" + if 'All' in services or not services: + services = AVAILABLE_FEEDS + feed_name_to_config = {} - for feed in available_feeds: - feed_name_to_config[feed] = { + for feed in services: + feed_name_to_config[f'{feed}$$CIDR'] = { 'url': 'https://ip-ranges.amazonaws.com/ip-ranges.json', 'extractor': f"prefixes[?service=='{feed}'{region_path}]", 'indicator': 'ip_prefix', @@ -56,7 +59,19 @@ def get_feed_config(services: list, regions: list): } } - return {feed_name: feed_name_to_config.get(feed_name) for feed_name in services} + feed_name_to_config[f'{feed}$$IPv6'] = { + 'url': 'https://ip-ranges.amazonaws.com/ip-ranges.json', + 'extractor': f"ipv6_prefixes[?service=='{feed}'{region_path}]", + 'indicator': 'ipv6_prefix', + 'indicator_type': FeedIndicatorType.IPv6, + 'fields': ['region', 'service'], + 'mapping': { + 'region': 'region', + 'service': 'service' + } + } + + return feed_name_to_config from JSONFeedApiModule import * # noqa: E402 @@ -64,8 +79,8 @@ def get_feed_config(services: list, regions: list): def main(): params = {k: v for k, v in demisto.params().items() if v is not None} - params['feed_name_to_config'] = get_feed_config(params.get('services', ['AMAZON']), - argToList(params.get('regions', []))) + params['feed_name_to_config'] = get_feed_config(params.get('services', ['All']), + argToList(params.get('regions', ['All']))) feed_main(params, 'AWS Feed', 'aws') diff --git a/Packs/FeedAWS/Integrations/FeedAWS/FeedAWS.yml b/Packs/FeedAWS/Integrations/FeedAWS/FeedAWS.yml index a2fccb87d0bb..87115780d676 100644 --- a/Packs/FeedAWS/Integrations/FeedAWS/FeedAWS.yml +++ b/Packs/FeedAWS/Integrations/FeedAWS/FeedAWS.yml @@ -28,9 +28,12 @@ configuration: - ROUTE53_HEALTHCHECKS_PUBLISHING - ROUTE53_RESOLVER - WORKSPACES_GATEWAYS + - All required: true type: 16 -- additionalinfo: The AWS Regions to fetch indicators by. If empty, all regions will be included. + additionalinfo: The services to fetch indicators from. Default value is 'All'. If empty, all services will be included. + defaultvalue: 'All' +- additionalinfo: The AWS Regions to fetch indicators by. Default value is 'All'. If empty, all regions will be included. display: Regions name: regions options: @@ -67,8 +70,10 @@ configuration: - us-west-1 - us-west-2 - GLOBAL + - All required: false type: 16 + defaultvalue: 'All' - display: Fetch indicators name: feed required: false @@ -163,7 +168,7 @@ script: description: Fetches indicators from the feed. execution: false name: aws-get-indicators - dockerimage: demisto/py3-tools:1.0.0.61931 + dockerimage: demisto/py3-tools:1.0.0.63020 feed: true isfetch: false longRunning: false diff --git a/Packs/FeedAWS/ReleaseNotes/1_1_35.md b/Packs/FeedAWS/ReleaseNotes/1_1_35.md new file mode 100644 index 000000000000..8f7bdb0fcc65 --- /dev/null +++ b/Packs/FeedAWS/ReleaseNotes/1_1_35.md @@ -0,0 +1,8 @@ +#### Integrations + +##### AWS Feed + +- Updated the Docker image to: *demisto/py3-tools:1.0.0.63020*. +- Added support for fetching IPv6 indicators from the feed. +- Enhanced the ***JSONFeedApiModule*** to support fetching multiple indicator types from the feed. +- Updated the default value of the *services* integration parameter to *All*. \ No newline at end of file diff --git a/Packs/FeedAWS/pack_metadata.json b/Packs/FeedAWS/pack_metadata.json index f9ed615f34e5..729bebcdf3e4 100644 --- a/Packs/FeedAWS/pack_metadata.json +++ b/Packs/FeedAWS/pack_metadata.json @@ -2,7 +2,7 @@ "name": "AWS Feed", "description": "Indicators feed from AWS", "support": "xsoar", - "currentVersion": "1.1.34", + "currentVersion": "1.1.35", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FeedFastly/ReleaseNotes/1_1_25.md b/Packs/FeedFastly/ReleaseNotes/1_1_25.md new file mode 100644 index 000000000000..85d4bbd219f5 --- /dev/null +++ b/Packs/FeedFastly/ReleaseNotes/1_1_25.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Fastly Feed + +- Enhanced the ***JSONFeedApiModule*** to support fetching multiple indicator types in the ***AWS Feed*** integration. The change has no impact on this integration. diff --git a/Packs/FeedFastly/pack_metadata.json b/Packs/FeedFastly/pack_metadata.json index b9087fa926ed..b98e7c121a49 100644 --- a/Packs/FeedFastly/pack_metadata.json +++ b/Packs/FeedFastly/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Fastly Feed", "description": "Indicators feed from Fastly", "support": "xsoar", - "currentVersion": "1.1.24", + "currentVersion": "1.1.25", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FeedGCPWhitelist/ReleaseNotes/2_0_16.md b/Packs/FeedGCPWhitelist/ReleaseNotes/2_0_16.md new file mode 100644 index 000000000000..2ba6b6e83fa9 --- /dev/null +++ b/Packs/FeedGCPWhitelist/ReleaseNotes/2_0_16.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Google IP Ranges Feed + +- Enhanced the ***JSONFeedApiModule*** to support fetching multiple indicator types in the ***AWS Feed*** integration. The change has no impact on this integration. diff --git a/Packs/FeedGCPWhitelist/pack_metadata.json b/Packs/FeedGCPWhitelist/pack_metadata.json index 2718b6b15658..d461d3857fbd 100644 --- a/Packs/FeedGCPWhitelist/pack_metadata.json +++ b/Packs/FeedGCPWhitelist/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Google IP Ranges Feed", "description": "Use the Google IP Ranges Feed integration to get GCP and Google global IP ranges.", "support": "xsoar", - "currentVersion": "2.0.15", + "currentVersion": "2.0.16", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FeedIntel471/ReleaseNotes/2_1_1.md b/Packs/FeedIntel471/ReleaseNotes/2_1_1.md new file mode 100644 index 000000000000..150615486301 --- /dev/null +++ b/Packs/FeedIntel471/ReleaseNotes/2_1_1.md @@ -0,0 +1,10 @@ + +#### Integrations + +##### Intel471 Malware Feed (Deprecated) + +- Enhanced the ***JSONFeedApiModule*** to support fetching multiple indicator types in the ***AWS Feed*** integration. The change has no impact on this integration. + +##### Intel471 Actors Feed (Deprecated) + +- Enhanced the ***JSONFeedApiModule*** to support fetching multiple indicator types in the ***AWS Feed*** integration. The change has no impact on this integration. diff --git a/Packs/FeedIntel471/pack_metadata.json b/Packs/FeedIntel471/pack_metadata.json index 0effdd914ef0..c8d1b8c13bac 100644 --- a/Packs/FeedIntel471/pack_metadata.json +++ b/Packs/FeedIntel471/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Intel471 Feed", "description": "This content pack fetches actor and malware related indicators from Intel 471. It also fetches watcher alerts.", "support": "partner", - "currentVersion": "2.1.0", + "currentVersion": "2.1.1", "author": "Intel 471", "url": "https://www.intel471.com", "email": "support@intel471.com", diff --git a/Packs/FeedJSON/ReleaseNotes/1_1_28.md b/Packs/FeedJSON/ReleaseNotes/1_1_28.md new file mode 100644 index 000000000000..8c020dfe054a --- /dev/null +++ b/Packs/FeedJSON/ReleaseNotes/1_1_28.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### JSON Feed + + +- Enhanced the ***JSONFeedApiModule*** to support fetching multiple indicator types in the ***AWS Feed*** integration. The change has no impact on this integration. diff --git a/Packs/FeedJSON/pack_metadata.json b/Packs/FeedJSON/pack_metadata.json index ccf2441e96e7..73cd36068329 100644 --- a/Packs/FeedJSON/pack_metadata.json +++ b/Packs/FeedJSON/pack_metadata.json @@ -2,7 +2,7 @@ "name": "JSON Feed", "description": "Indicators feed from a JSON file", "support": "xsoar", - "currentVersion": "1.1.27", + "currentVersion": "1.1.28", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FeedMalwareBazaar/ReleaseNotes/1_0_17.md b/Packs/FeedMalwareBazaar/ReleaseNotes/1_0_17.md new file mode 100644 index 000000000000..b4a06cb79509 --- /dev/null +++ b/Packs/FeedMalwareBazaar/ReleaseNotes/1_0_17.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### MalwareBazaar Feed + +- Enhanced the ***JSONFeedApiModule*** to support fetching multiple indicator types in the ***AWS Feed*** integration. The change has no impact on this integration. diff --git a/Packs/FeedMalwareBazaar/pack_metadata.json b/Packs/FeedMalwareBazaar/pack_metadata.json index 1dcd62c4febf..8cf0a000d8ed 100644 --- a/Packs/FeedMalwareBazaar/pack_metadata.json +++ b/Packs/FeedMalwareBazaar/pack_metadata.json @@ -2,7 +2,7 @@ "name": "MalwareBazaar Feed", "description": "MalwareBazaar is a project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers.", "support": "xsoar", - "currentVersion": "1.0.16", + "currentVersion": "1.0.17", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/iDefense/ReleaseNotes/3_2_11.md b/Packs/iDefense/ReleaseNotes/3_2_11.md new file mode 100644 index 000000000000..795bcfde6517 --- /dev/null +++ b/Packs/iDefense/ReleaseNotes/3_2_11.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### ACTI Feed (Deprecated) + +- Enhanced the ***JSONFeedApiModule*** to support fetching multiple indicator types in the ***AWS Feed*** integration. The change has no impact on this integration. diff --git a/Packs/iDefense/pack_metadata.json b/Packs/iDefense/pack_metadata.json index 52c499a2b265..53e98544c25f 100644 --- a/Packs/iDefense/pack_metadata.json +++ b/Packs/iDefense/pack_metadata.json @@ -3,7 +3,7 @@ "description": "Deprecated. Use Accenture CTI v2 & Accenture CTI Feed instead.", "support": "partner", "hidden": true, - "currentVersion": "3.2.10", + "currentVersion": "3.2.11", "author": "Accenture", "url": "https://www.accenture.com/us-en/services/security/cyber-defense", "email": "CTI.AcctManagement@accenture.com",