diff --git a/Packs/FeedCrowdstrikeFalconIntel/Integrations/CrowdStrikeIndicatorFeed/CrowdStrikeIndicatorFeed.yml b/Packs/FeedCrowdstrikeFalconIntel/Integrations/CrowdStrikeIndicatorFeed/CrowdStrikeIndicatorFeed.yml index 831680cf3a78..29efb9fbcec8 100644 --- a/Packs/FeedCrowdstrikeFalconIntel/Integrations/CrowdStrikeIndicatorFeed/CrowdStrikeIndicatorFeed.yml +++ b/Packs/FeedCrowdstrikeFalconIntel/Integrations/CrowdStrikeIndicatorFeed/CrowdStrikeIndicatorFeed.yml @@ -46,10 +46,11 @@ configuration: type: 16 - display: First fetch time name: first_fetch - required: false + required: true type: 0 - additionalinfo: The time range to consider for the initial data fetch. Leave empty - to fetch from the first available indicator. + additionalinfo: "The time range to consider for the initial data fetch. + Warning: This feed may fetch tens of thousands of indicators per day. Please consider this when configuring this parameter to further in the past, as it may overload the system with indicators." + defaultvalue: '1 week' - display: Max. indicators per fetch defaultvalue: 5000 hidden: false @@ -169,6 +170,13 @@ configuration: name: feedBypassExclusionList required: false type: 8 +- additionalinfo: Incremental feeds pull only new or modified indicators that have been sent from the integration. As the determination if the indicator is new or modified happens on the 3rd-party vendor's side, and only indicators that are new or modified are sent to Cortex XSOAR, all indicators coming from these feeds are labeled new or modified. + display: Incremental Feed + name: feedIncremental + defaultvalue: 'true' + required: false + type: 8 + hidden: true description: Retrieves indicators from the CrowdStrike Falcon Intel Feed. display: CrowdStrike Indicator Feed name: CrowdStrike Indicator Feed @@ -253,7 +261,7 @@ script: description: 'Resets the retrieving start time according to the `First Fetch Time` parameter, WARNING: This command will reset your fetch history.' execution: false name: crowdstrike-reset-fetch-indicators - dockerimage: demisto/python3:3.10.11.59581 + dockerimage: demisto/python3:3.10.11.61265 feed: true isfetch: false longRunning: false diff --git a/Packs/FeedCrowdstrikeFalconIntel/ReleaseNotes/2_1_7.md b/Packs/FeedCrowdstrikeFalconIntel/ReleaseNotes/2_1_7.md new file mode 100644 index 000000000000..5366c9e0775b --- /dev/null +++ b/Packs/FeedCrowdstrikeFalconIntel/ReleaseNotes/2_1_7.md @@ -0,0 +1,8 @@ + +#### Integrations + +##### CrowdStrike Indicator Feed +- Updated the Docker image to: *demisto/python3:3.10.11.61265*. + +- Updated the `First Fetch Time` parameter to mandatory. +- Fixed an issue where already fetched indicators were immediately marked as `Removed from feed` during a subsequent fetch. diff --git a/Packs/FeedCrowdstrikeFalconIntel/pack_metadata.json b/Packs/FeedCrowdstrikeFalconIntel/pack_metadata.json index ba85cdcd86f5..03255e4b861d 100644 --- a/Packs/FeedCrowdstrikeFalconIntel/pack_metadata.json +++ b/Packs/FeedCrowdstrikeFalconIntel/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Crowdstrike Falcon Intel Feed", "description": "Tracks the activities of threat actor groups and advanced persistent threats (APTs) to understand as much as possible about their known aliases, targets, methods, and more.", "support": "xsoar", - "currentVersion": "2.1.6", + "currentVersion": "2.1.7", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",