Update SplunkPy README Configuration/Commands Sections (#31693)

* update integration

* update readme

* rm test conf

* added eof newline

* Add Xpanse Scope for XDR Integration (#31582)

* Add Xpanse Scope for XDR Integration (#31539)

* update xpanse mp and docker

* RN

* Update Packs/CortexXDR/ReleaseNotes/6_0_11.md

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

---------

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update CortexXDRIR.yml

* Update Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR.yml

Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com>

* Update CortexXDRIR.yml

---------

Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com>
Co-authored-by: adi88d <adaud@paloaltonetworks.com>

* [pre-commit] fix script runner (#31592)

* SentinelOneV2 (#31687)

* SentinelOneV2 (#31595)

* removing the empty fields from a payload of remote-script

* bumped version

* updated release notes

* Update Packs/SentinelOne/ReleaseNotes/3_2_15.md

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

---------

Co-authored-by: munna-metron <82433049+munna-metron@users.noreply.github.com>
Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Updated file variable revert test variable (#30846)

Updated file variable revert test variable

* [Whois] test_socks_proxy UT failed  (#31395)

* Init test.py/sh to run in unittests-and-lint

* add location commands to bash script

* Remove running script with python3

* Restructure imports

* Restructure imports

* Show hidden files and permissions in test script

* Temporarily comment out test.py script in CI

* remove test.py script

* remove commented out python test script

* disable darwin service startup in bash script

* Add execution permissions and update darwin command

* Fix microsocks_darwin path

* Add microsocks executable and enable netstat

* Re-enable whois integration tests

* Add tempfile, time and subprocess imports

* Add sys import

* Update Tests/scripts/test.sh

* Update Tests/scripts/test.sh

* Empty commit

* Update test.sh with whois commands

* Fix echo command

* script fix

* Add dig command

* Empty commit

* Empty commit

* Empty commit

* Empty commit

* [VirusTotal] Fix missing suspicious value for running instances (#31684)

* Fix missing suspicious value for running instances (#31648)

* Update docker

* Update docker

* Update pack_metadata.json

* Update pack_metadata.json

---------

Co-authored-by: Daniel Pascual <danielvazquez@google.com>
Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com>

* un-skip test_socks_proxy UT

* revert to origin

* un-skip test_socks_proxy UT

* Remove unnecessary files

* Add necessary imports

---------

Co-authored-by: Koby Meir <kobymeir@users.noreply.github.com>
Co-authored-by: content-bot <55035720+content-bot@users.noreply.github.com>
Co-authored-by: Daniel Pascual <danielvazquez@google.com>
Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com>

* delete test data files from repo (#31658)

* NetskopeAPIv2 `alert_query` argument (#31690)

* ParseEmailFiles: Update docker (#31683)

* update docker

* update rn

* update rn

* revert

* update version

* Adding Cloud Alerts Layout (#31118)

* Change the field to be searchable

* RN

* Added missing scripts

* Added new layout rule
Added new layout
updated scripts

* UPDATED SCRIPT

* Fixed more pre-commit errors

* Updated RN
Fixed issue with the widget

* Removed un-required script

* Removed un-required script

* Removed un-required script

* Removed un-required script

* Added tests

* Added a test for main

* Added a test for main

* Added a test for main

* Added a test for main

* Updated main test

* Updated main test

* Updated main test

* Updated main test

* removed main tests

* removed main tests

* fixed tests

* added MP

* added MP

* Updated README.md

* Updated README.md

* removed unrequited import

* pre-commit

* Updated RN description

* Bump pack from version CloudIncidentResponse to 1.0.10.

* alert source

* Added missing scripts

* Added new layout rule
Added new layout
updated scripts

* UPDATED SCRIPT

* Fixed more pre-commit errors

* Removed un-required script

* Removed un-required script

* Removed un-required script

* Removed un-required script

* Added tests

* Added a test for main

* Added a test for main

* Added a test for main

* Added a test for main

* Updated main test

* Updated main test

* Updated main test

* Updated main test

* removed main tests

* removed main tests

* fixed tests

* added MP

* added MP

* Updated README.md

* Updated README.md

* removed unrequited import

* pre-commit

* Updated RN description

* alert source

* Bump pack from version CloudIncidentResponse to 1.0.10.

* [SanePdfReport] - Increase resourceTimeout (#31513)

* added random.randint

* pre-commit

* added a retry

* added a retry2

* added a retry3

* flake8

* fixed

* test

* Reverted to master

---------

Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com>
Co-authored-by: Content Bot <bot@demisto.com>
Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com>

* fixed output typo

* rm closing parenthesis

* updated cmd sections to cmd names

* rm closing bracket from arg description

* changed default for kv collection to auto-generated

* update rn

* Update pack_metadata.json

* raised memory threshold for parse-raw tpb

---------

Co-authored-by: content-bot <55035720+content-bot@users.noreply.github.com>
Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com>
Co-authored-by: adi88d <adaud@paloaltonetworks.com>
Co-authored-by: ilaner <88267954+ilaner@users.noreply.github.com>
Co-authored-by: munna-metron <82433049+munna-metron@users.noreply.github.com>
Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com>
Co-authored-by: samuelFain <65926551+samuelFain@users.noreply.github.com>
Co-authored-by: Koby Meir <kobymeir@users.noreply.github.com>
Co-authored-by: Daniel Pascual <danielvazquez@google.com>
Co-authored-by: yasta5 <112320333+yasta5@users.noreply.github.com>
Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com>
Co-authored-by: Moshe Galitzky <112559840+moishce@users.noreply.github.com>
Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com>
Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com>
Co-authored-by: Content Bot <bot@demisto.com>

Packs/SplunkPy/Integrations/SplunkPy/README.md

@@ -59,8 +59,8 @@ This integration was integrated and tested with Splunk v9.0.4.
     | XSOAR user key | The name of the lookup column containing the Cortex XSOAR username. | False |
     | SPLUNK user key | The name of the lookup table containing the Splunk username. | False |
     | Incidents Fetch Interval |  | False |
-
-The (!) *Earliest time to fetch* and *Latest time to fetch* are search parameters options. The search uses *All Time* as the default time range when you run a search from the CLI. Time ranges can be specified using one of the CLI search parameters, such as *earliest_time*, *index_earliest*, or *latest_time*.
+    | Comment tag from Splunk | Add this tag to an entry to mirror it as a comment from Splunk. | False |
+    | Comment tag to Splunk | Add this tag to an entry to mirror it as a comment to Splunk. | False |
 
 4. Click **Test** to validate the URLs, token, and connection.
 
@@ -296,7 +296,7 @@ For example:
 You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
 After you successfully execute a command, a DBot message appears in the War Room with the command details.
 
-### Get results
+### splunk-results
 ***
 Returns the results of a previous Splunk search. This command can be used in conjunction with the `splunk-job-create` command.
 
@@ -319,7 +319,7 @@ There is no context output for this command.
 ##### Command Example
 ``` !splunk-results sid="1566221331.1186" limit="200" ```
 
-### Search for events
+### splunk-search
 ***
 Searches Splunk for events. For human readable output, the table command is supported in the query argument. For example, `query=" * | table field1 field2 field3"` will generate a table with field1, field2, and field3 as headers.
 
@@ -364,7 +364,7 @@ Searches Splunk for events. For human readable output, the table command is supp
 |---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
 | main~445~66D21DF4-F4FD-4886-A986-82E72ADCBFE9 | 445:897774 | 1585462906 | 1 | InsertedAt="2020-03-29 06:21:43"; EventID="837005"; EventType="Application control"; Action="None"; ComputerName="ACME-code-007"; ComputerDomain="DOMAIN"; ComputerIPAddress="127.0.0.1"; EventTime="2020-03-29 06:21:43"; EventTypeID="5"; Name="LogMeIn"; EventName="LogMeIn"; UserName=""; ActionID="6"; ScanTypeID="200"; ScanType="Unknown"; SubTypeID="23"; SubType="Remote management tool"; GroupName="";\u003cbr\u003e | 2 | ip-172-31-44-193, main | sophos:appcontrol | 2020-03-28T23:21:43.000-07:00 | 127.0.0.1 | main | 2 | eventgen | sophos:appcontrol | ip-172-31-44-193 |
 
-### Create event
+### splunk-submit-event
 ***
 Creates a new event in Splunk.
 
@@ -395,7 +395,7 @@ There is no context output for this command.
 ![image](https://user-images.githubusercontent.com/50324325/63268589-2fda4b00-c29d-11e9-95b5-4b9fcf6c08ee.png)
 
 
-### Print all index names
+### splunk-get-indexes
 ***
 Prints all Splunk index names.
 ##### Base Command
@@ -418,7 +418,7 @@ There is no context output for this command.
 ![image](https://user-images.githubusercontent.com/50324325/63268447-d8d47600-c29c-11e9-88a4-5003971a492e.png)
 
 
-### Update notable events
+### splunk-notable-event-edit
 ***
 Update an existing notable event in Splunk ES.
 
@@ -449,7 +449,7 @@ There is no context output for this command.
 ![image](https://user-images.githubusercontent.com/50324325/63522203-914e2400-c500-11e9-949a-0b55eb2c5871.png)
 
 
-### Create a new job
+### splunk-job-create
 ***
 Creates a new search job in Splunk.
 
@@ -486,7 +486,7 @@ Creates a new search job in Splunk.
 ![image](https://user-images.githubusercontent.com/50324325/63269769-75981300-c29f-11e9-950a-6ca77bcf564c.png)
 
 
-### Parse an event
+### splunk-parse-raw
 ***
 Parses the raw part of the event.
 
@@ -513,7 +513,7 @@ Parses the raw part of the event.
 ``` !splunk-parse-raw ```
 
 
-### Submit an event 
+### splunk-submit-event-hec
 ***
 Sends events to an HTTP event collector using the Splunk platform JSON event protocol.
 ##### Base Command
@@ -541,7 +541,7 @@ There is no context output for this command.
 ##### Human Readable Output
 The event was sent successfully to Splunk.
 
-### Get job status
+### splunk-job-status
 ***
 Returns the status of a job.
 
@@ -573,7 +573,7 @@ Splank.JobStatus = {
 ##### Human Readable Output
 ![image](https://user-images.githubusercontent.com/50324325/77630707-2b24f600-6f54-11ea-94fe-4bf6c734aa29.png)
 
-### Get Mapping Fields
+### get-mapping-fields
 ***
 Gets one sample alert per alert type. Used only for creating a mapping with `Select Schema`. 
 ##### Base Command
@@ -799,7 +799,7 @@ Lists all data within a specific KV store collection or collections.
 
 | **Argument Name** | **Description** | **Required** |
 | --- | --- | --- |
-| app_name | The name of the Splunk application that contains the KV store collection. The default is "search". | Required | 
+| app_name | The name of the Splunk application that contains the KV store collection. Default is search. | Required | 
 | kv_store_collection_name | A comma-separated list of KV store collections. | Required | 
 | limit | Maximum number of records to return. The default is 50. | Optional | 
 
@@ -808,7 +808,7 @@ Lists all data within a specific KV store collection or collections.
 
 | **Path** | **Type** | **Description** |
 | --- | --- | --- |
-| Splunk.KVstoreData | Unknown | An array of collection names. Each collection name will have an array of values, e.g., Splunk.KVstoreData.<colletion_name> is a list of the data in the collection\). | 
+| Splunk.KVstoreData | Unknown | An array of collection names. Each collection name will have an array of values, e.g., Splunk.KVstoreData.<collection_name> is a list of the data in the collection. | 
 
 
 #### Command Example
@@ -917,7 +917,7 @@ Searches for specific objects in a store. Search can be a basic key-value pair o
 
 | **Path** | **Type** | **Description** |
 | --- | --- | --- |
-| Splunk.KVstoreData | Unknown | An array of collection names. Each collection name will have an array of values, e.g., Splunk.KVstoreData.<colletion_name> is a list of the data in the collection\). | 
+| Splunk.KVstoreData | Unknown | An array of collection names. Each collection name will have an array of values, e.g., Splunk.KVstoreData.<collection_name> is a list of the data in the collection. | 
 
 
 #### Command Example

Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml

@@ -608,7 +608,7 @@ script:
     name: splunk-kv-store-collection-search-entry
     outputs:
     - contextPath: Splunk.KVstoreData
-      description: An array of collection names. Each collection name will have an array of values, e.g., Splunk.KVstoreData.<collection_name> is a list of the data in the collection).
+      description: An array of collection names. Each collection name will have an array of values, e.g., Splunk.KVstoreData.<collection_name> is a list of the data in the collection.
       type: Unknown
   - arguments:
     - default: true

Packs/SplunkPy/ReleaseNotes/3_1_14.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### SplunkPy
+
+- Documentation and metadata improvements.

Packs/SplunkPy/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Splunk",
     "description": "Run queries on Splunk servers.",
     "support": "xsoar",
-    "currentVersion": "3.1.13",
+    "currentVersion": "3.1.14",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",
@@ -50,4 +50,4 @@
         "marketplacev2",
         "xpanse"
     ]
-}
+}

Tests/conf.json

@@ -1920,7 +1920,7 @@
         {
             "integrations": "SplunkPy",
             "playbookID": "SplunkPy parse-raw - Test",
-            "memory_threshold": 100,
+            "memory_threshold": 250,
             "instance_names": "use_default_handler",
             "is_mockable": false
         },