Fix for playbooks that uses deprecated sub-playbooks (#31330)

* The sub-playbook of wildfire detonate file was changed to v2 * Replaced the old version of Cortex XDR - Retrieve File with the new version * Crowdstrike detonate file was changed to a new version * release notes update * release notes update * readme files updated * release note * fix for taskid and task field * fixes for taskid and task not equal value * release notes fix * added new images for the playbooks * Unique value fix * RN updated * fixes for PR * RN fix * fix * fix * RN fix * Update Packs/CommonPlaybooks/ReleaseNotes/2_4_39.md Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> * PN fix and unique fix * fix for error in the build * Update Packs/CommonPlaybooks/Playbooks/playbook-Detonate_URL_-_Generic_v1.5.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Detonate_URL_-_Generic_v1.5.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Detonate_URL_-_Generic_v1.5.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Detonate_URL_-_Generic_v1.5.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Detonate_URL_-_Generic_v1.5.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Core/Playbooks/playbook-Ransomware_Enrich_and_Contain_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Core/Playbooks/playbook-Ransomware_Enrich_and_Contain_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Core/Playbooks/playbook-Ransomware_Enrich_and_Contain_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Core/ReleaseNotes/3_0_3.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CortexXDR/ReleaseNotes/6_0_8.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Detonate_URL_-_Generic_v1.5.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/ReleaseNotes/2_4_39.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/ReleaseNotes/2_4_39.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Core/Playbooks/playbook-Ransomware_Enrich_and_Contain.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Core/Playbooks/playbook-Ransomware_Enrich_and_Contain_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
demisto · Dec 11, 2023 · 7a8b0be · 7a8b0be
1 parent 4a6bf06
commit 7a8b0be
Show file tree

Hide file tree

Showing 18 changed files with 1,318 additions and 1,246 deletions.
diff --git a/Packs/CommonPlaybooks/Playbooks/playbook-Detonate_File_-_Generic.yml b/Packs/CommonPlaybooks/Playbooks/playbook-Detonate_File_-_Generic.yml
diff --git a/Packs/CommonPlaybooks/Playbooks/playbook-Detonate_File_-_Generic_README.md b/Packs/CommonPlaybooks/Playbooks/playbook-Detonate_File_-_Generic_README.md
diff --git a/Packs/CommonPlaybooks/Playbooks/playbook-Detonate_URL_-_Generic_v1.5.yml b/Packs/CommonPlaybooks/Playbooks/playbook-Detonate_URL_-_Generic_v1.5.yml
diff --git a/Packs/CommonPlaybooks/Playbooks/playbook-Detonate_URL_-_Generic_v1.5_README.md b/Packs/CommonPlaybooks/Playbooks/playbook-Detonate_URL_-_Generic_v1.5_README.md
diff --git a/Packs/CommonPlaybooks/ReleaseNotes/2_4_39.md b/Packs/CommonPlaybooks/ReleaseNotes/2_4_39.md
@@ -0,0 +1,10 @@
+
+#### Playbooks
+
+##### Detonate File - Generic
+
+The sub-playbook "Detonate File - CrowdStrike Falcon Intelligence Sandbox" was replaced with a new version "Detonate File - CrowdStrike Falcon Intelligence Sandbox v2".
+
+##### Detonate URL - Generic v1.5
+
+The sub-playbook "Detonate URL - CrowdStrike Falcon Intelligence Sandbox" was replaced with a new version "Detonate URL - CrowdStrike Falcon Intelligence Sandbox v2".
diff --git a/Packs/CommonPlaybooks/doc_files/Detonate_File_-_Generic.png b/Packs/CommonPlaybooks/doc_files/Detonate_File_-_Generic.png
diff --git a/Packs/CommonPlaybooks/doc_files/Detonate_URL_-_Generic_v1.5.png b/Packs/CommonPlaybooks/doc_files/Detonate_URL_-_Generic_v1.5.png
diff --git a/Packs/CommonPlaybooks/pack_metadata.json b/Packs/CommonPlaybooks/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Common Playbooks",
     "description": "Frequently used playbooks pack.",
     "support": "xsoar",
-    "currentVersion": "2.4.38",
+    "currentVersion": "2.4.39",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/Core/Playbooks/playbook-Ransomware_Enrich_and_Contain.yml b/Packs/Core/Playbooks/playbook-Ransomware_Enrich_and_Contain.yml
@@ -28,6 +28,7 @@ tasks:
       '#none#':
       - "7"
     separatecontext: false
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -38,7 +39,7 @@ tasks:
     note: false
     timertriggers: []
     ignoreworker: false
-    skipunavailable: false
+    skipunavailable: true
     quietmode: 0
     isoversize: false
     isautoswitchedtoquietmode: false
@@ -58,6 +59,7 @@ tasks:
       '#none#':
       - "8"
     separatecontext: false
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -100,6 +102,7 @@ tasks:
             iscontext: true
           right:
             value: {}
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -145,6 +148,7 @@ tasks:
             value:
               simple: "true"
           ignorecase: true
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -167,8 +171,7 @@ tasks:
       id: 25f7c2e8-f0e2-4ac5-81e8-78eb6cacc629
       version: -1
       name: Robust search of IoCs
-      description: |-
-        Searches Cortex XSIAM indicators. 
+      description: Searches Cortex XSIAM indicators.
       scriptName: SearchIncidentsV2
       type: regular
       iscommand: false
@@ -182,6 +185,7 @@ tasks:
       query:
         simple: initiatorsha256:${inputs.FileSHA256} OR remoteip:${alert.remoteip}
     separatecontext: false
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -225,6 +229,7 @@ tasks:
             iscontext: true
           right:
             value: {}
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -293,6 +298,7 @@ tasks:
                 iscontext: true
           - operator: uniq
     separatecontext: false
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -338,6 +344,7 @@ tasks:
             value:
               simple: "true"
           ignorecase: true
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -399,6 +406,7 @@ tasks:
       UserContainment:
         simple: "False"
     separatecontext: false
+    continueonerrortype: ""
     loop:
       iscommand: false
       scriptArguments:
@@ -444,6 +452,7 @@ tasks:
       brand: ""
       description: ''
     separatecontext: false
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -474,6 +483,7 @@ tasks:
       '#none#':
       - "30"
     separatecontext: false
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -514,6 +524,7 @@ tasks:
           root: alert
           accessor: initiatorpath
     separatecontext: false
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -544,7 +555,7 @@ tasks:
       '#default#':
       - "21"
       "yes":
-      - "29"
+      - "44"
     separatecontext: false
     conditions:
     - label: "yes"
@@ -559,6 +570,7 @@ tasks:
             value:
               simple: "True"
           ignorecase: true
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -573,54 +585,6 @@ tasks:
     quietmode: 0
     isoversize: false
     isautoswitchedtoquietmode: false
-  "29":
-    id: "29"
-    taskid: b9596e34-c1d6-4838-8c25-bfd9657f6e6f
-    type: playbook
-    task:
-      id: b9596e34-c1d6-4838-8c25-bfd9657f6e6f
-      version: -1
-      name: WildFire - Detonate file
-      description: |-
-        Detonate one or more files using the Wildfire integration. This playbook
-        returns relevant reports to the Alerts War Room and file reputations to the context data.
-        The detonation supports the following file types -
-        APK, JAR, DOC, DOCX, RTF, XLS, XLSX, PPT, PPTX, OOXML, PE32, PE, PDF, DMG, PKG, RAR, 7Z, JS, ELF, HTA, LNK, VBS, PS1, PERL, PYTHON, SHELL.
-      playbookName: WildFire - Detonate file
-      type: playbook
-      iscommand: false
-      brand: ""
-    nexttasks:
-      '#none#':
-      - "21"
-    scriptarguments:
-      File:
-        complex:
-          root: File
-      Interval:
-        simple: "1"
-      Timeout:
-        simple: "15"
-    separatecontext: false
-    loop:
-      iscommand: false
-      exitCondition: ""
-      wait: 1
-      max: 100
-    view: |-
-      {
-        "position": {
-          "x": -740,
-          "y": 1390
-        }
-      }
-    note: false
-    timertriggers: []
-    ignoreworker: false
-    skipunavailable: false
-    quietmode: 0
-    isoversize: false
-    isautoswitchedtoquietmode: false
   "30":
     id: "30"
     taskid: 15f199c3-7100-484e-82b5-21fd628f7087
@@ -650,6 +614,7 @@ tasks:
         simple: "true"
     reputationcalc: 2
     separatecontext: false
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -694,6 +659,7 @@ tasks:
             iscontext: true
           right:
             value: {}
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -730,6 +696,7 @@ tasks:
           root: Core.RetrievedFiles
           accessor: action_id
     separatecontext: false
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -801,8 +768,9 @@ tasks:
     scriptarguments:
       entryId:
         simple: ${lastCompletedTaskEntries}
-    continueonerror: true
     separatecontext: false
+    continueonerror: true
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -868,8 +836,9 @@ tasks:
         complex:
           root: Core.Endpoint
           accessor: endpoint_id
-    continueonerror: true
     separatecontext: false
+    continueonerror: true
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -900,6 +869,7 @@ tasks:
       '#none#':
       - "18"
     separatecontext: false
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -933,6 +903,7 @@ tasks:
       - "42"
       - "43"
     separatecontext: false
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -969,8 +940,9 @@ tasks:
           root: ExtractedIndicators
           accessor: IP
     reputationcalc: 1
-    continueonerror: true
     separatecontext: false
+    continueonerror: true
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -1007,8 +979,9 @@ tasks:
           root: ExtractedIndicators
           accessor: Domain
     reputationcalc: 1
-    continueonerror: true
     separatecontext: false
+    continueonerror: true
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -1045,8 +1018,9 @@ tasks:
           root: ExtractedIndicators
           accessor: URL
     reputationcalc: 1
-    continueonerror: true
     separatecontext: false
+    continueonerror: true
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -1083,8 +1057,9 @@ tasks:
           root: ExtractedIndicators
           accessor: File
     reputationcalc: 1
-    continueonerror: true
     separatecontext: false
+    continueonerror: true
+    continueonerrortype: ""
     view: |-
       {
         "position": {
@@ -1099,6 +1074,59 @@ tasks:
     quietmode: 0
     isoversize: false
     isautoswitchedtoquietmode: false
+  "44":
+    id: "44"
+    taskid: 2ba16adb-1683-409a-81be-59ed83cb7bbc
+    type: playbook
+    task:
+      id: 2ba16adb-1683-409a-81be-59ed83cb7bbc
+      version: -1
+      name: WildFire - Detonate file v2
+      description: |-
+        Detonate one or more files using the Wildfire v2 integration. This playbook
+        returns relevant reports to the War Room and file reputations to the context data.
+        The detonation supports the following file types -
+        APK, JAR, DOC, DOCX, RTF, XLS, XLSX, PPT, PPTX, OOXML, PE32, PE, PDF, DMG, PKG, RAR, 7Z, JS, ELF, HTA, LNK, VBS, PS1, PERL, PYTHON, SHELL.
+
+        Note: Base64 encoded files are currently not supported.
+      playbookName: WildFire - Detonate file v2
+      type: playbook
+      iscommand: false
+      brand: ""
+    nexttasks:
+      '#none#':
+      - "21"
+    scriptarguments:
+      File:
+        complex:
+          root: inputs.detonateRansomFile
+          transformers:
+          - operator: uniq
+      Interval:
+        simple: "1"
+      Timeout:
+        simple: "8"
+    separatecontext: true
+    continueonerrortype: ""
+    loop:
+      iscommand: false
+      exitCondition: ""
+      wait: 1
+      max: 0
+    view: |-
+      {
+        "position": {
+          "x": -770,
+          "y": 1400
+        }
+      }
+    note: false
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: true
+    quietmode: 0
+    isoversize: false
+    isautoswitchedtoquietmode: false
 view: |-
   {
     "linkLabelsPosition": {