diff --git a/Packs/ArcSightESM/Integrations/ArcSightESMv2/ArcSightESMv2.yml b/Packs/ArcSightESM/Integrations/ArcSightESMv2/ArcSightESMv2.yml index 0522f1fef121..65fc74f81ad8 100644 --- a/Packs/ArcSightESM/Integrations/ArcSightESMv2/ArcSightESMv2.yml +++ b/Packs/ArcSightESM/Integrations/ArcSightESMv2/ArcSightESMv2.yml @@ -341,7 +341,7 @@ script: runonce: false script: '-' subtype: python3 - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.12.63474 type: python tests: - ArcSight ESM v2 Test diff --git a/Packs/ArcSightESM/ReleaseNotes/1_1_11.md b/Packs/ArcSightESM/ReleaseNotes/1_1_11.md new file mode 100644 index 000000000000..b01dd9c71580 --- /dev/null +++ b/Packs/ArcSightESM/ReleaseNotes/1_1_11.md @@ -0,0 +1,3 @@ +#### Integrations +##### ArcSight ESM v2 +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/ArcSightESM/pack_metadata.json b/Packs/ArcSightESM/pack_metadata.json index 27117b1f556b..4eb3cd4ff3dd 100644 --- a/Packs/ArcSightESM/pack_metadata.json +++ b/Packs/ArcSightESM/pack_metadata.json @@ -2,7 +2,7 @@ "name": "ArcSight ESM", "description": "ArcSight ESM SIEM by Micro Focus (Formerly HPE Software).", "support": "xsoar", - "currentVersion": "1.1.10", + "currentVersion": "1.1.11", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/ArcusTeam/Integrations/ArcusTeam/ArcusTeam.yml b/Packs/ArcusTeam/Integrations/ArcusTeam/ArcusTeam.yml index 5725160bede5..d914228fe113 100644 --- a/Packs/ArcusTeam/Integrations/ArcusTeam/ArcusTeam.yml +++ b/Packs/ArcusTeam/Integrations/ArcusTeam/ArcusTeam.yml @@ -164,7 +164,7 @@ script: description: CVE url type: string description: ' Retrieve CVEs for an ArcusTeam device' - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.12.63474 subtype: python3 fromversion: 6.0.0 tests: diff --git a/Packs/ArcusTeam/ReleaseNotes/1_0_9.md b/Packs/ArcusTeam/ReleaseNotes/1_0_9.md new file mode 100644 index 000000000000..13afd3a8d02c --- /dev/null +++ b/Packs/ArcusTeam/ReleaseNotes/1_0_9.md @@ -0,0 +1,3 @@ +#### Integrations +##### ArcusTeam +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/ArcusTeam/pack_metadata.json b/Packs/ArcusTeam/pack_metadata.json index 1221741e72f3..e96a52c20fb5 100644 --- a/Packs/ArcusTeam/pack_metadata.json +++ b/Packs/ArcusTeam/pack_metadata.json @@ -2,7 +2,7 @@ "name": "ArcusTeam", "description": "ArcusTeam's DeviceTotal Platform helps to identify and manage vulnerabilities found on IoT devices", "support": "partner", - "currentVersion": "1.0.8", + "currentVersion": "1.0.9", "author": "ArcusTeam", "url": "https://arcusteam.com/pa-partnership/", "email": "support@arcusteam.com", diff --git a/Packs/Armis/Integrations/Armis/Armis.yml b/Packs/Armis/Integrations/Armis/Armis.yml index 9fbba644bb6b..e4b7125357fe 100644 --- a/Packs/Armis/Integrations/Armis/Armis.yml +++ b/Packs/Armis/Integrations/Armis/Armis.yml @@ -376,7 +376,7 @@ script: - contextPath: Armis.Device.visibility description: The visibility of the device. type: String - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.12.63474 isfetch: true runonce: false script: '-' diff --git a/Packs/Armis/ReleaseNotes/1_0_18.md b/Packs/Armis/ReleaseNotes/1_0_18.md new file mode 100644 index 000000000000..8ed341a7ab9f --- /dev/null +++ b/Packs/Armis/ReleaseNotes/1_0_18.md @@ -0,0 +1,3 @@ +#### Integrations +##### Armis +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/Armis/pack_metadata.json b/Packs/Armis/pack_metadata.json index e4a14a8b728f..05c9ea0035c6 100755 --- a/Packs/Armis/pack_metadata.json +++ b/Packs/Armis/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Armis", "description": "Agentless and passive security platform that sees, identifies, and classifies every device, tracks behavior, identifies threats, and takes action automatically to protect critical information and systems", "support": "partner", - "currentVersion": "1.0.17", + "currentVersion": "1.0.18", "author": "Armis Corporation", "url": "https://support.armis.com/", "email": "support@armis.com", diff --git a/Packs/AwakeSecurity/Integrations/AwakeSecurity/AwakeSecurity.yml b/Packs/AwakeSecurity/Integrations/AwakeSecurity/AwakeSecurity.yml index 9f7d75793d2a..486f64383bec 100644 --- a/Packs/AwakeSecurity/Integrations/AwakeSecurity/AwakeSecurity.yml +++ b/Packs/AwakeSecurity/Integrations/AwakeSecurity/AwakeSecurity.yml @@ -101,7 +101,7 @@ script: script: '' type: python subtype: python3 - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.12.63474 commands: - name: awake-query-devices arguments: diff --git a/Packs/AwakeSecurity/ReleaseNotes/1_0_22.md b/Packs/AwakeSecurity/ReleaseNotes/1_0_22.md new file mode 100644 index 000000000000..fd765b8b129b --- /dev/null +++ b/Packs/AwakeSecurity/ReleaseNotes/1_0_22.md @@ -0,0 +1,3 @@ +#### Integrations +##### Awake Security +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/AwakeSecurity/pack_metadata.json b/Packs/AwakeSecurity/pack_metadata.json index 0f2a10068af8..b4d0441892c5 100644 --- a/Packs/AwakeSecurity/pack_metadata.json +++ b/Packs/AwakeSecurity/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Awake Security", "description": "Network Traffic Analysis", "support": "xsoar", - "currentVersion": "1.0.21", + "currentVersion": "1.0.22", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Bitbucket/Integrations/Bitbucket/Bitbucket.yml b/Packs/Bitbucket/Integrations/Bitbucket/Bitbucket.yml index 57c9e3a23875..d2fff3f5c18b 100644 --- a/Packs/Bitbucket/Integrations/Bitbucket/Bitbucket.yml +++ b/Packs/Bitbucket/Integrations/Bitbucket/Bitbucket.yml @@ -2326,6 +2326,6 @@ script: script: "-" type: python subtype: python3 - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.12.63474 tests: - Test_Bitbucket diff --git a/Packs/Bitbucket/ReleaseNotes/1_0_11.md b/Packs/Bitbucket/ReleaseNotes/1_0_11.md new file mode 100644 index 000000000000..711f76b3147e --- /dev/null +++ b/Packs/Bitbucket/ReleaseNotes/1_0_11.md @@ -0,0 +1,3 @@ +#### Integrations +##### Bitbucket +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/Bitbucket/pack_metadata.json b/Packs/Bitbucket/pack_metadata.json index 1f2d731fffeb..f972ec428309 100644 --- a/Packs/Bitbucket/pack_metadata.json +++ b/Packs/Bitbucket/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Bitbucket", "description": "Bitbucket Cloud is a Git-based code and CI/CD tool optimized for teams using Jira", "support": "xsoar", - "currentVersion": "1.0.10", + "currentVersion": "1.0.11", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CheckPointSandBlast/Integrations/CheckPointSandBlast/CheckPointSandBlast.yml b/Packs/CheckPointSandBlast/Integrations/CheckPointSandBlast/CheckPointSandBlast.yml index c2daf8477e8c..a7c979a76548 100644 --- a/Packs/CheckPointSandBlast/Integrations/CheckPointSandBlast/CheckPointSandBlast.yml +++ b/Packs/CheckPointSandBlast/Integrations/CheckPointSandBlast/CheckPointSandBlast.yml @@ -553,7 +553,7 @@ script: - contextPath: SandBlast.Quota.Action description: The quota action. type: String - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.12.63474 runonce: false script: '-' subtype: python3 diff --git a/Packs/CheckPointSandBlast/ReleaseNotes/1_0_9.md b/Packs/CheckPointSandBlast/ReleaseNotes/1_0_9.md new file mode 100644 index 000000000000..d99748e7bc00 --- /dev/null +++ b/Packs/CheckPointSandBlast/ReleaseNotes/1_0_9.md @@ -0,0 +1,3 @@ +#### Integrations +##### Check Point Threat Emulation (SandBlast) +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/CheckPointSandBlast/pack_metadata.json b/Packs/CheckPointSandBlast/pack_metadata.json index b5f1493fc803..3c3ed5daba70 100644 --- a/Packs/CheckPointSandBlast/pack_metadata.json +++ b/Packs/CheckPointSandBlast/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Check Point Threat Emulation (SandBlast)", "description": "Upload files using polling, the service supports Microsoft Office files, as well as PDF, SWF, archives and executables. Active content will be cleaned from any documents that you upload (Microsoft Office and PDF files only). Query on existing IOCs, file status, analysis, reports. Download files from the database. Supports both appliance and cloud. Supported Threat Emulation versions are any R80x.", "support": "xsoar", - "currentVersion": "1.0.8", + "currentVersion": "1.0.9", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CloudConvert/Integrations/CloudConvert/CloudConvert.yml b/Packs/CloudConvert/Integrations/CloudConvert/CloudConvert.yml index 6db6685903ec..c36f0ad85cf9 100644 --- a/Packs/CloudConvert/Integrations/CloudConvert/CloudConvert.yml +++ b/Packs/CloudConvert/Integrations/CloudConvert/CloudConvert.yml @@ -329,7 +329,7 @@ script: - contextPath: CloudConvert.Task.links description: API link for the task. type: String - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.12.63474 runonce: false script: '-' subtype: python3 diff --git a/Packs/CloudConvert/ReleaseNotes/1_0_6.md b/Packs/CloudConvert/ReleaseNotes/1_0_6.md new file mode 100644 index 000000000000..36264e83a9ab --- /dev/null +++ b/Packs/CloudConvert/ReleaseNotes/1_0_6.md @@ -0,0 +1,3 @@ +#### Integrations +##### CloudConvert +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/CloudConvert/pack_metadata.json b/Packs/CloudConvert/pack_metadata.json index 9f14d550ea51..ee2724c07611 100644 --- a/Packs/CloudConvert/pack_metadata.json +++ b/Packs/CloudConvert/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cloud Convert", "description": "Use this integration to convert files using CloudConvert API", "support": "xsoar", - "currentVersion": "1.0.5", + "currentVersion": "1.0.6", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CybleEventsV2/Integrations/CybleEventsV2/CybleEventsV2.yml b/Packs/CybleEventsV2/Integrations/CybleEventsV2/CybleEventsV2.yml index 1f695db7e866..de5fc448dc61 100644 --- a/Packs/CybleEventsV2/Integrations/CybleEventsV2/CybleEventsV2.yml +++ b/Packs/CybleEventsV2/Integrations/CybleEventsV2/CybleEventsV2.yml @@ -161,7 +161,7 @@ script: - contextPath: CybleEvents.AlertGroup description: Fetch all the alert groups type: String - dockerimage: demisto/python3:3.10.12.62631 + dockerimage: demisto/python3:3.10.12.63474 isfetch: true runonce: false script: '-' diff --git a/Packs/CybleEventsV2/ReleaseNotes/1_0_1.md b/Packs/CybleEventsV2/ReleaseNotes/1_0_1.md new file mode 100644 index 000000000000..1de7fb16b5e4 --- /dev/null +++ b/Packs/CybleEventsV2/ReleaseNotes/1_0_1.md @@ -0,0 +1,3 @@ +#### Integrations +##### CybleEvents v2 +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/CybleEventsV2/pack_metadata.json b/Packs/CybleEventsV2/pack_metadata.json index 277813d99f99..bbb676fe3070 100644 --- a/Packs/CybleEventsV2/pack_metadata.json +++ b/Packs/CybleEventsV2/pack_metadata.json @@ -2,7 +2,7 @@ "name": "CybleEventsV2", "description": "Cyble Events for Vision Users. Must have Vision API access to use the threat intelligence.", "support": "partner", - "currentVersion": "1.0.0", + "currentVersion": "1.0.1", "author": "Cyble Info Sec", "url": "https://cyble.com/", "email": "", diff --git a/Packs/DevSecOps/Integrations/DockerEngine/DockerEngine.yml b/Packs/DevSecOps/Integrations/DockerEngine/DockerEngine.yml index d91da8c6a608..96b1461c5cb1 100644 --- a/Packs/DevSecOps/Integrations/DockerEngine/DockerEngine.yml +++ b/Packs/DevSecOps/Integrations/DockerEngine/DockerEngine.yml @@ -1228,7 +1228,7 @@ script: - contextPath: Docker.ImageTag.Status Code description: Image Tag Result type: String - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.12.63474 runonce: false script: '-' subtype: python3 diff --git a/Packs/DevSecOps/Integrations/LGTM/LGTM.yml b/Packs/DevSecOps/Integrations/LGTM/LGTM.yml index 4e57badba3d4..4fc5847fab29 100644 --- a/Packs/DevSecOps/Integrations/LGTM/LGTM.yml +++ b/Packs/DevSecOps/Integrations/LGTM/LGTM.yml @@ -396,7 +396,7 @@ script: - contextPath: LGTM.queryjob-results-overview.next description: LGTM Query Job Results Overview Next type: String - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.12.63474 runonce: false script: '-' subtype: python3 diff --git a/Packs/DevSecOps/ReleaseNotes/1_1_6.md b/Packs/DevSecOps/ReleaseNotes/1_1_6.md new file mode 100644 index 000000000000..80c161250270 --- /dev/null +++ b/Packs/DevSecOps/ReleaseNotes/1_1_6.md @@ -0,0 +1,5 @@ +#### Integrations +##### Docker Engine API +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. +##### LGTM +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/DevSecOps/pack_metadata.json b/Packs/DevSecOps/pack_metadata.json index 8ea69cafc46c..9608ebe4a731 100644 --- a/Packs/DevSecOps/pack_metadata.json +++ b/Packs/DevSecOps/pack_metadata.json @@ -2,7 +2,7 @@ "name": "DevSecOps", "description": "DevSecOps CI/CD Orchestration Integration Pack.", "support": "community", - "currentVersion": "1.1.5", + "currentVersion": "1.1.6", "author": "Ayman Mahmoud", "githubUser": [ "ayman-m" diff --git a/Packs/DragosWorldview/Integrations/DragosWorldview/DragosWorldview.yml b/Packs/DragosWorldview/Integrations/DragosWorldview/DragosWorldview.yml index ff9813e07a79..e409f781b15e 100644 --- a/Packs/DragosWorldview/Integrations/DragosWorldview/DragosWorldview.yml +++ b/Packs/DragosWorldview/Integrations/DragosWorldview/DragosWorldview.yml @@ -77,7 +77,7 @@ script: required: true description: Get the stix2 json bundle of indicators from a given report name: dragos-get-stix2 - dockerimage: demisto/python3:3.10.11.57890 + dockerimage: demisto/python3:3.10.12.63474 isFetchSamples: true isfetch: true script: '' diff --git a/Packs/DragosWorldview/ReleaseNotes/1_1_1.md b/Packs/DragosWorldview/ReleaseNotes/1_1_1.md new file mode 100644 index 000000000000..1e0763ef5861 --- /dev/null +++ b/Packs/DragosWorldview/ReleaseNotes/1_1_1.md @@ -0,0 +1,3 @@ +#### Integrations +##### Dragos Worldview +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/DragosWorldview/pack_metadata.json b/Packs/DragosWorldview/pack_metadata.json index f2b2b5176c03..73774836c17c 100644 --- a/Packs/DragosWorldview/pack_metadata.json +++ b/Packs/DragosWorldview/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Dragos Worldview", "description": "The pack contains an integration the pulls from the Dragos Worldview API. The integration can be configured to fetch report as incidents. The has commands which can pull the indicators related to a report and any files associated with the report in the API.", "support": "community", - "currentVersion": "1.1.0", + "currentVersion": "1.1.1", "author": "Accenture", "url": "", "email": "", diff --git a/Packs/F5LTM/Integrations/F5LTM/F5LTM.yml b/Packs/F5LTM/Integrations/F5LTM/F5LTM.yml index df056f4cf7fc..250a7eeac130 100644 --- a/Packs/F5LTM/Integrations/F5LTM/F5LTM.yml +++ b/Packs/F5LTM/Integrations/F5LTM/F5LTM.yml @@ -514,7 +514,7 @@ script: - contextPath: F5.LTM.Nodes.name description: The node name type: String - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.12.63474 runonce: false script: '-' subtype: python3 diff --git a/Packs/F5LTM/ReleaseNotes/1_0_7.md b/Packs/F5LTM/ReleaseNotes/1_0_7.md new file mode 100644 index 000000000000..95d9d1bbf389 --- /dev/null +++ b/Packs/F5LTM/ReleaseNotes/1_0_7.md @@ -0,0 +1,3 @@ +#### Integrations +##### F5 LTM +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/F5LTM/pack_metadata.json b/Packs/F5LTM/pack_metadata.json index ef5de235e4cf..5b9a9fc668f3 100644 --- a/Packs/F5LTM/pack_metadata.json +++ b/Packs/F5LTM/pack_metadata.json @@ -2,7 +2,7 @@ "name": "F5 LTM", "description": "You can use this pack to automate traffic management use cases in integration with F5 Local Traffic Manager (LTM), the integration with F5 LTM included with the pack comes with several commands to get LTM information about nodes, pools and pool members, along with that some of those commands can be used to automate remediation actions such as disabling an active node.", "support": "community", - "currentVersion": "1.0.6", + "currentVersion": "1.0.7", "author": "Ayman Mahmoud", "email": "amahmoud@paloaltonetworks.com", "url": "", diff --git a/Packs/F5Silverline/Integrations/F5Silverline/F5Silverline.yml b/Packs/F5Silverline/Integrations/F5Silverline/F5Silverline.yml index 078679af645f..7511be7d57f7 100644 --- a/Packs/F5Silverline/Integrations/F5Silverline/F5Silverline.yml +++ b/Packs/F5Silverline/Integrations/F5Silverline/F5Silverline.yml @@ -129,7 +129,7 @@ script: name: object_ip description: Delete an existing particular threatening IP address object by its object ID or by its IP address. If both id and ip are given, delete operation will be done by the given object_id. name: f5-silverline-ip-object-delete - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.12.63474 runonce: false script: '-' subtype: python3 diff --git a/Packs/F5Silverline/ReleaseNotes/1_0_24.md b/Packs/F5Silverline/ReleaseNotes/1_0_24.md new file mode 100644 index 000000000000..19739d877e17 --- /dev/null +++ b/Packs/F5Silverline/ReleaseNotes/1_0_24.md @@ -0,0 +1,3 @@ +#### Integrations +##### F5 Silverline +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/F5Silverline/pack_metadata.json b/Packs/F5Silverline/pack_metadata.json index 62db5d8edac9..2cf0a5140e68 100644 --- a/Packs/F5Silverline/pack_metadata.json +++ b/Packs/F5Silverline/pack_metadata.json @@ -2,7 +2,7 @@ "name": "F5 Silverline", "description": "An integration with F5 Silverline to retrieve alerts and read/update IP lists.", "support": "xsoar", - "currentVersion": "1.0.23", + "currentVersion": "1.0.24", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FeedAzure/Integrations/FeedAzure/FeedAzure.yml b/Packs/FeedAzure/Integrations/FeedAzure/FeedAzure.yml index d4c8487c18da..b47f482260d1 100644 --- a/Packs/FeedAzure/Integrations/FeedAzure/FeedAzure.yml +++ b/Packs/FeedAzure/Integrations/FeedAzure/FeedAzure.yml @@ -213,7 +213,7 @@ script: name: limit description: Gets indicators from the feed. name: azure-get-indicators - dockerimage: demisto/python3:3.10.11.58677 + dockerimage: demisto/python3:3.10.12.63474 feed: true runonce: false script: '-' diff --git a/Packs/FeedAzure/ReleaseNotes/1_0_26.md b/Packs/FeedAzure/ReleaseNotes/1_0_26.md new file mode 100644 index 000000000000..be35487fdb7f --- /dev/null +++ b/Packs/FeedAzure/ReleaseNotes/1_0_26.md @@ -0,0 +1,3 @@ +#### Integrations +##### Azure Feed +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/FeedAzure/pack_metadata.json b/Packs/FeedAzure/pack_metadata.json index 726b686d2e36..6bb7404b750a 100644 --- a/Packs/FeedAzure/pack_metadata.json +++ b/Packs/FeedAzure/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Azure Feed", "description": "Indicators feed from Azure", "support": "xsoar", - "currentVersion": "1.0.25", + "currentVersion": "1.0.26", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FeedBlocklist_de/Integrations/FeedBlocklist_de/FeedBlocklist_de.yml b/Packs/FeedBlocklist_de/Integrations/FeedBlocklist_de/FeedBlocklist_de.yml index ba4cd8969bdb..5e73ae7e2201 100644 --- a/Packs/FeedBlocklist_de/Integrations/FeedBlocklist_de/FeedBlocklist_de.yml +++ b/Packs/FeedBlocklist_de/Integrations/FeedBlocklist_de/FeedBlocklist_de.yml @@ -102,7 +102,7 @@ script: name: indicator_type description: Gets the feed indicators. name: blocklist_de-get-indicators - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.12.63474 feed: true runonce: false script: '-' diff --git a/Packs/FeedBlocklist_de/ReleaseNotes/1_1_26.md b/Packs/FeedBlocklist_de/ReleaseNotes/1_1_26.md new file mode 100644 index 000000000000..eb385f2821f8 --- /dev/null +++ b/Packs/FeedBlocklist_de/ReleaseNotes/1_1_26.md @@ -0,0 +1,3 @@ +#### Integrations +##### Blocklist_de Feed +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/FeedBlocklist_de/pack_metadata.json b/Packs/FeedBlocklist_de/pack_metadata.json index 1e2b51def3e5..da9d998987cc 100644 --- a/Packs/FeedBlocklist_de/pack_metadata.json +++ b/Packs/FeedBlocklist_de/pack_metadata.json @@ -2,7 +2,7 @@ "name": "BlockList DE Feed", "description": "Indicators feed from BlockList DE", "support": "xsoar", - "currentVersion": "1.1.25", + "currentVersion": "1.1.26", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FidelisElevateNetwork/Integrations/FidelisElevateNetwork/FidelisElevateNetwork.yml b/Packs/FidelisElevateNetwork/Integrations/FidelisElevateNetwork/FidelisElevateNetwork.yml index cd638c7e27f8..70baaab69bac 100644 --- a/Packs/FidelisElevateNetwork/Integrations/FidelisElevateNetwork/FidelisElevateNetwork.yml +++ b/Packs/FidelisElevateNetwork/Integrations/FidelisElevateNetwork/FidelisElevateNetwork.yml @@ -893,7 +893,7 @@ script: runonce: false script: '-' subtype: python3 - dockerimage: demisto/python3:3.10.10.48392 + dockerimage: demisto/python3:3.10.12.63474 type: python tests: - Fidelis-Test diff --git a/Packs/FidelisElevateNetwork/ReleaseNotes/1_0_8.md b/Packs/FidelisElevateNetwork/ReleaseNotes/1_0_8.md new file mode 100644 index 000000000000..5a8a76c9bd1e --- /dev/null +++ b/Packs/FidelisElevateNetwork/ReleaseNotes/1_0_8.md @@ -0,0 +1,3 @@ +#### Integrations +##### Fidelis Elevate Network +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/FidelisElevateNetwork/pack_metadata.json b/Packs/FidelisElevateNetwork/pack_metadata.json index ea5361bac18a..fbc028d40d21 100644 --- a/Packs/FidelisElevateNetwork/pack_metadata.json +++ b/Packs/FidelisElevateNetwork/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Fidelis Elevate Network", "description": "Automate Detection and Response to Network Threats and data leakage in your organization with Fidelis Elevate Network Integration.", "support": "xsoar", - "currentVersion": "1.0.7", + "currentVersion": "1.0.8", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FireEye-Detection-on-Demand/Integrations/FireEye-Detection-on-Demand/FireEye-Detection-on-Demand.py b/Packs/FireEye-Detection-on-Demand/Integrations/FireEye-Detection-on-Demand/FireEye-Detection-on-Demand.py index 53111bb8c4d0..b969be415dd9 100644 --- a/Packs/FireEye-Detection-on-Demand/Integrations/FireEye-Detection-on-Demand/FireEye-Detection-on-Demand.py +++ b/Packs/FireEye-Detection-on-Demand/Integrations/FireEye-Detection-on-Demand/FireEye-Detection-on-Demand.py @@ -1,449 +1,449 @@ import demistomock as demisto # noqa: F401 from CommonServerPython import * # noqa: F401 -from typing import Any, Dict, List, Optional, Tuple - -import dateparser -import requests - -# Disable insecure warnings -requests.packages.urllib3.disable_warnings() - - -''' CONSTANTS ''' - - -DATE_FORMAT = '%Y-%m-%dT%H:%M:%SZ' - -''' CLIENT CLASS ''' - - -class Client(BaseClient): - """Client class to interact with the service API - - This Client implements API calls, and does not contain any Demisto logic. - Should only do requests and return data. - It inherits from BaseClient defined in CommonServer Python. - Most calls use _http_request() that handles proxy, SSL verification, etc. - For this HelloWorld implementation, no special attributes defined - """ - - def get_file_reputation(self, file: str) -> Dict[str, Any]: - return self._http_request( - method='GET', - url_suffix=f'/hashes/{file}' - ) - - def get_health(self) -> Dict[str, Any]: - return self._http_request( - method='GET', - url_suffix='/health' - ) - - def submit_file(self, files: Dict[str, Any], data: Dict[str, Any]) -> Dict[str, Any]: - return self._http_request( - method='POST', - url_suffix='/files', - files=files, - data=data - ) - - def submit_urls(self, data: Dict[str, Any]) -> Dict[str, Any]: - return self._http_request( - method='POST', - url_suffix='/urls', - files=data, - data=None - ) - - def get_report_url(self, report_id: str, expiration: int) -> Dict[str, Any]: - return self._http_request( - method='GET', - url_suffix=f'/presigned-url/{report_id}', - params={ - 'expiry': expiration - } - ) - - def report_status(self, report_id: str, extended: str) -> Dict[str, Any]: - return self._http_request( - method='GET', - url_suffix=f'/reports/{report_id}', - params={ - 'extended': extended - } - ) - - def report_artifact(self, report_id: str, artifact_type: str) -> Dict[str, Any]: - return self._http_request( - method='GET', - url_suffix=f'/artifacts/{report_id}', - params={ - 'type': artifact_type, - }, - resp_type='content' - ) - - -''' HELPER FUNCTIONS ''' - - -def convert_to_demisto_severity(severity: str) -> int: - # In this case the mapping is straightforward, but more complex mappings - # might be required in your integration, so a dedicated function is - # recommended. This mapping should also be documented. - return { - 'Low': 1, # low severity - 'Medium': 2, # medium severity - 'High': 3, # high severity - 'Critical': 4 # critical severity - }[severity] - - -def arg_to_int(arg: Any, arg_name: str, required: bool = False) -> Optional[int]: - if arg is None: - if required is True: - raise ValueError(f'Missing "{arg_name}"') - return None - if isinstance(arg, str): - if arg.isdigit(): - return int(arg) - raise ValueError(f'Invalid number: "{arg_name}"="{arg}"') - if isinstance(arg, int): - return arg - raise ValueError(f'Invalid number: "{arg_name}"') - - -def arg_to_timestamp(arg: Any, arg_name: str, required: bool = False) -> Optional[int]: - if arg is None: - if required is True: - raise ValueError(f'Missing "{arg_name}"') - return None - - if isinstance(arg, str) and arg.isdigit(): - # timestamp is a str containing digits - we just convert it to int - return int(arg) - if isinstance(arg, str): - # we use dateparser to handle strings either in ISO8601 format, or - # relative time stamps. - # For example: format 2019-10-23T00:00:00 or "3 days", etc - date = dateparser.parse(arg, settings={'TIMEZONE': 'UTC'}) - if date is None: - # if d is None it means dateparser failed to parse it - raise ValueError(f'Invalid date: {arg_name}') - - return int(date.timestamp()) - if isinstance(arg, (int, float)): - # Convert to int if the input is a float - return int(arg) - raise ValueError(f'Invalid date: "{arg_name}"') - - -''' COMMAND FUNCTIONS ''' - - -def test_module(client: Client) -> str: - # INTEGRATION DEVELOPER TIP - # Client class should raise the exceptions, but if the test fails - # the exception text is printed to the Cortex XSOAR UI. - # If you have some specific errors you want to capture (i.e. auth failure) - # you should catch the exception here and return a string with a more - # readable output (for example return 'Authentication Error, API Key - # invalid'). - # Cortex XSOAR will print everything you return different than 'ok' as - # an error - try: - # - client.get_health() - except DemistoException as e: - if 'Forbidden' in str(e): - return 'Authorization Error: make sure API Key is correctly set' - else: - raise e - return 'ok' - - -def get_hashes_command(client: Client, args: Dict[str, Any]) -> Tuple[str, dict, Any]: - - hashes = argToList(args.get('md5_hashes')) - if len(hashes) == 0: - raise ValueError('hash(es) not specified') - - for hash in hashes: - if md5Regex.match(hash): - continue - raise Exception('Invalid hash. Only MD5 is supported.') - - dbot_score_list: List[Dict[str, Any]] = [] - file_standard_list: List[Dict[str, Any]] = [] - file_data_list: List[Dict[str, Any]] = [] - - for hash in hashes: - file_data = client.get_file_reputation(hash) - file_data['MD5'] = file_data['md5'] - del file_data['md5'] - # demisto.results(file_data) - engines = file_data.get('engine_results', {}) - for key in engines.keys(): - if engines[key].get('sha256'): - file_data['SHA256'] = engines[key].get('sha256') - del engines[key]['sha256'] - # If the outer `is_malicious` is set to True, assume the score should be bad - # Otherwise, default to unknown unless at least one engine has returned a verdict besides `not_found` - if file_data['is_malicious']: - score = 3 # bad - else: - score = 0 # unknown - for key in engines.keys(): - verdict = engines[key].get('verdict', 'not_found') - if verdict != "not_found" and verdict != "malicious": - score = 1 # good - break - - dbot_score = { - 'Indicator': hash, - 'Vendor': 'FireEye DoD', - 'Type': 'file', - 'Score': score - } - file_standard_context = { - 'MD5': hash, - } - - if score == 3: - # if score is bad must add DBotScore Vendor and Description - file_standard_context['Malicious'] = { - 'Vendor': 'FireEye DoD' - } - - filedata = {} - filedata['FireEyeDoD'] = file_data - filedata['MD5'] = file_data['MD5'] - del filedata['FireEyeDoD']['MD5'] - if file_data.get('SHA256'): - dbot_score_sha256 = { - 'Indicator': file_data.get('SHA256'), - 'Vendor': 'FireEye DoD', - 'Type': 'file', - 'Score': score - } - dbot_score_list.append(dbot_score_sha256) - filedata['SHA256'] = file_data['SHA256'] - file_standard_context['SHA256'] = file_data['SHA256'] - del filedata['FireEyeDoD']['SHA256'] - - file_standard_list.append(file_standard_context) - dbot_score_list.append(dbot_score) - file_data_list.append(filedata) - - outputs = { - 'DBotScore(val.Vendor == obj.Vendor && val.Indicator == obj.Indicator)': dbot_score_list, - outputPaths['file']: file_standard_list, - 'File(val.MD5 == obj.MD5 || val.SHA256 == obj.SHA256)': file_data_list - } - - readable_output = tableToMarkdown('FireEye DoD Results', file_standard_list, headers=["MD5", "SHA256", "Malicious"]) - - return ( - readable_output, - outputs, - file_data_list - ) - - -def generate_report_url(client: Client, args: Dict[str, Any]) -> Tuple[str, dict, dict]: - report_id = str(args.get('report_id')) - expiration = arg_to_int(arg=args.get('expiration'), arg_name='expiration', required=True) - if expiration: - if expiration < 1 or expiration > 8760: - raise ValueError('Expiration must be between 1 and 8760 hours.') - else: - raise ValueError('Expiration not specified or not a number.') - - report = client.get_report_url(report_id=report_id, expiration=expiration) - presigned_report_url = report.get('presigned_report_url') - - readable_output = f'Report {report_id} is available [here]({presigned_report_url})' - - return ( - readable_output, - {}, - report - ) - - -def submit_file_command(client: Client, args: Dict[str, Any]) -> Tuple[str, dict, dict]: - entry_id = demisto.args().get('entryID') - file_entry = demisto.getFilePath(entry_id) # .get('path') - file_name = file_entry['name'] - file_path = file_entry['path'] - files = {'file': (file_name, open(file_path, 'rb'))} - - # Optional parameters to send along with the file - optional_params = ['password', 'param', 'screenshot', 'video', 'fileExtraction', 'memoryDump', 'pcap'] - data = {} - for param in optional_params: - value = demisto.args().get(param) - if value: - data[param] = value - - scan = client.submit_file(files=files, data=data) - - scan['filename'] = file_name - del scan['status'] - scan['overall_status'] = 'RUNNING' - - report_id = scan.get('report_id') - - readable_output = ( - f'Started analysis of {file_name} with FireEye Detection on Demand.' - f'Results will be published to report id: {report_id}' - ) - outputs = { - 'FireEyeDoD.Scan(val.report_id == obj.report_id)': scan - } - return ( - readable_output, - outputs, - scan - ) - - -def submit_urls_command(client: Client, args: Dict[str, Any]) -> Tuple[str, dict, dict]: - urls = argToList(args.get('urls')) - if len(urls) == 0: - raise ValueError('hash(es) not specified') - - # Format the URLs into a string list, which the API understands - formatted_urls = "[" + ",".join(list(map(lambda url: url.replace(url, f'"{url}"'), urls))) + "]" - data = {'urls': formatted_urls} - - scan = client.submit_urls(data=data) - - del scan['status'] - scan['overall_status'] = 'RUNNING' - - report_id = scan.get('report_id') - - readable_output = ( - f'Started analysis of {urls} with FireEye Detection on Demand.' - f'Results will be published to report id: {report_id}' - ) - outputs = { - 'FireEyeDoD.Scan(val.report_id == obj.report_id)': scan - } - return ( - readable_output, - outputs, - scan - ) - - -def get_reports_command(client: Client, args: Dict[str, Any]) -> Tuple[str, dict, Any]: - report_id_list = argToList(args.get('report_ids', [])) - extended = args.get('extended_report', "False") - screenshot = args.get('get_screenshot', "false") - artifact = args.get('get_artifact', "") - if len(report_id_list) == 0: - raise ValueError('report_id(s) not specified') - - report_list: List[Dict[str, Any]] = [] - for report_id in report_id_list: - report = client.report_status(report_id=report_id, extended=extended) - if screenshot.lower() == "true": - screenshot = client.report_artifact(report_id=report_id, artifact_type="screenshot") - stored_img = fileResult('screenshot.gif', screenshot) - demisto.results({'Type': entryTypes['image'], 'ContentsFormat': formats['text'], - 'File': stored_img['File'], 'FileID': stored_img['FileID'], 'Contents': ''}) - - if artifact != "": - artifacts = client.report_artifact(report_id=report_id, artifact_type=artifact) - stored_artifacts = fileResult('artifacts.zip', artifacts) - demisto.results({'Type': entryTypes['file'], 'ContentsFormat': formats['text'], - 'File': stored_artifacts['File'], 'FileID': stored_artifacts['FileID'], 'Contents': ''}) - - report_list.append(report) - - readable_output = tableToMarkdown('Scan status', report_list) - outputs = { - 'FireEyeDoD.Scan(val.report_id == obj.report_id)': report_list - } - return ( - readable_output, - outputs, - report_list - ) - - -''' MAIN FUNCTION ''' - - -def main() -> None: - """main function, parses params and runs command functions - - :return: - :rtype: - """ - - api_key = demisto.params().get('apikey') - - # get the service API url - base_url = demisto.params()['url'] - - # if your Client class inherits from BaseClient, SSL verification is - # handled out of the box by it, just pass ``verify_certificate`` to - # the Client constructor - verify_certificate = not demisto.params().get('insecure', False) - - # if your Client class inherits from BaseClient, system proxy is handled - # out of the box by it, just pass ``proxy`` to the Client constructor - proxy = demisto.params().get('proxy', False) - - # INTEGRATION DEVELOPER TIP - # You can use functions such as ``demisto.debug()``, ``demisto.info()``, - # etc. to print information in the XSOAR server log. You can set the log - # level on the server configuration - # See: https://xsoar.pan.dev/docs/integrations/code-conventions#logging - - demisto.debug(f'Command being called is {demisto.command()}') - try: - headers = { - 'feye-auth-key': f'{api_key}' - } - client = Client( - base_url=base_url, - verify=verify_certificate, - headers=headers, - proxy=proxy) - - if demisto.command() == 'test-module': - # This is the call made when pressing the integration Test button. - result = test_module(client) - demisto.results(result) - - elif demisto.command() == 'fireeye-dod-get-hashes': - return_outputs(*get_hashes_command(client, demisto.args())) - - elif demisto.command() == 'fireeye-dod-get-reports': - return_outputs(*get_reports_command(client, demisto.args())) - - elif demisto.command() == 'fireeye-dod-submit-file': - return_outputs(*submit_file_command(client, demisto.args())) - - elif demisto.command() == 'fireeye-dod-submit-urls': - return_outputs(*submit_urls_command(client, demisto.args())) - - elif demisto.command() == 'fireeye-dod-get-report-url': - return_outputs(*generate_report_url(client, demisto.args())) - - # Log exceptions and return errors - except Exception as e: - raise e - # demisto.error(traceback.format_exc()) # print the traceback - # return_error(f'Failed to execute {demisto.command()} command.\nError:\n{str(e)}') - - -''' ENTRY POINT ''' - - -if __name__ in ('__main__', '__builtin__', 'builtins'): - main() +from typing import Any, Dict, List, Optional, Tuple + +import dateparser +import urllib3 + +# Disable insecure warnings +urllib3.disable_warnings() + + +''' CONSTANTS ''' + + +DATE_FORMAT = '%Y-%m-%dT%H:%M:%SZ' + +''' CLIENT CLASS ''' + + +class Client(BaseClient): + """Client class to interact with the service API + + This Client implements API calls, and does not contain any Demisto logic. + Should only do requests and return data. + It inherits from BaseClient defined in CommonServer Python. + Most calls use _http_request() that handles proxy, SSL verification, etc. + For this HelloWorld implementation, no special attributes defined + """ + + def get_file_reputation(self, file: str) -> Dict[str, Any]: + return self._http_request( + method='GET', + url_suffix=f'/hashes/{file}' + ) + + def get_health(self) -> Dict[str, Any]: + return self._http_request( + method='GET', + url_suffix='/health' + ) + + def submit_file(self, files: Dict[str, Any], data: Dict[str, Any]) -> Dict[str, Any]: + return self._http_request( + method='POST', + url_suffix='/files', + files=files, + data=data + ) + + def submit_urls(self, data: Dict[str, Any]) -> Dict[str, Any]: + return self._http_request( + method='POST', + url_suffix='/urls', + files=data, + data=None + ) + + def get_report_url(self, report_id: str, expiration: int) -> Dict[str, Any]: + return self._http_request( + method='GET', + url_suffix=f'/presigned-url/{report_id}', + params={ + 'expiry': expiration + } + ) + + def report_status(self, report_id: str, extended: str) -> Dict[str, Any]: + return self._http_request( + method='GET', + url_suffix=f'/reports/{report_id}', + params={ + 'extended': extended + } + ) + + def report_artifact(self, report_id: str, artifact_type: str) -> Dict[str, Any]: + return self._http_request( + method='GET', + url_suffix=f'/artifacts/{report_id}', + params={ + 'type': artifact_type, + }, + resp_type='content' + ) + + +''' HELPER FUNCTIONS ''' + + +def convert_to_demisto_severity(severity: str) -> int: + # In this case the mapping is straightforward, but more complex mappings + # might be required in your integration, so a dedicated function is + # recommended. This mapping should also be documented. + return { + 'Low': 1, # low severity + 'Medium': 2, # medium severity + 'High': 3, # high severity + 'Critical': 4 # critical severity + }[severity] + + +def arg_to_int(arg: Any, arg_name: str, required: bool = False) -> Optional[int]: + if arg is None: + if required is True: + raise ValueError(f'Missing "{arg_name}"') + return None + if isinstance(arg, str): + if arg.isdigit(): + return int(arg) + raise ValueError(f'Invalid number: "{arg_name}"="{arg}"') + if isinstance(arg, int): + return arg + raise ValueError(f'Invalid number: "{arg_name}"') + + +def arg_to_timestamp(arg: Any, arg_name: str, required: bool = False) -> Optional[int]: + if arg is None: + if required is True: + raise ValueError(f'Missing "{arg_name}"') + return None + + if isinstance(arg, str) and arg.isdigit(): + # timestamp is a str containing digits - we just convert it to int + return int(arg) + if isinstance(arg, str): + # we use dateparser to handle strings either in ISO8601 format, or + # relative time stamps. + # For example: format 2019-10-23T00:00:00 or "3 days", etc + date = dateparser.parse(arg, settings={'TIMEZONE': 'UTC'}) + if date is None: + # if d is None it means dateparser failed to parse it + raise ValueError(f'Invalid date: {arg_name}') + + return int(date.timestamp()) + if isinstance(arg, (int, float)): + # Convert to int if the input is a float + return int(arg) + raise ValueError(f'Invalid date: "{arg_name}"') + + +''' COMMAND FUNCTIONS ''' + + +def test_module(client: Client) -> str: + # INTEGRATION DEVELOPER TIP + # Client class should raise the exceptions, but if the test fails + # the exception text is printed to the Cortex XSOAR UI. + # If you have some specific errors you want to capture (i.e. auth failure) + # you should catch the exception here and return a string with a more + # readable output (for example return 'Authentication Error, API Key + # invalid'). + # Cortex XSOAR will print everything you return different than 'ok' as + # an error + try: + # + client.get_health() + except DemistoException as e: + if 'Forbidden' in str(e): + return 'Authorization Error: make sure API Key is correctly set' + else: + raise e + return 'ok' + + +def get_hashes_command(client: Client, args: Dict[str, Any]) -> Tuple[str, dict, Any]: + + hashes = argToList(args.get('md5_hashes')) + if len(hashes) == 0: + raise ValueError('hash(es) not specified') + + for hash in hashes: + if md5Regex.match(hash): + continue + raise Exception('Invalid hash. Only MD5 is supported.') + + dbot_score_list: List[Dict[str, Any]] = [] + file_standard_list: List[Dict[str, Any]] = [] + file_data_list: List[Dict[str, Any]] = [] + + for hash in hashes: + file_data = client.get_file_reputation(hash) + file_data['MD5'] = file_data['md5'] + del file_data['md5'] + # demisto.results(file_data) + engines = file_data.get('engine_results', {}) + for key in engines.keys(): + if engines[key].get('sha256'): + file_data['SHA256'] = engines[key].get('sha256') + del engines[key]['sha256'] + # If the outer `is_malicious` is set to True, assume the score should be bad + # Otherwise, default to unknown unless at least one engine has returned a verdict besides `not_found` + if file_data['is_malicious']: + score = 3 # bad + else: + score = 0 # unknown + for key in engines.keys(): + verdict = engines[key].get('verdict', 'not_found') + if verdict != "not_found" and verdict != "malicious": + score = 1 # good + break + + dbot_score = { + 'Indicator': hash, + 'Vendor': 'FireEye DoD', + 'Type': 'file', + 'Score': score + } + file_standard_context = { + 'MD5': hash, + } + + if score == 3: + # if score is bad must add DBotScore Vendor and Description + file_standard_context['Malicious'] = { + 'Vendor': 'FireEye DoD' + } + + filedata = {} + filedata['FireEyeDoD'] = file_data + filedata['MD5'] = file_data['MD5'] + del filedata['FireEyeDoD']['MD5'] + if file_data.get('SHA256'): + dbot_score_sha256 = { + 'Indicator': file_data.get('SHA256'), + 'Vendor': 'FireEye DoD', + 'Type': 'file', + 'Score': score + } + dbot_score_list.append(dbot_score_sha256) + filedata['SHA256'] = file_data['SHA256'] + file_standard_context['SHA256'] = file_data['SHA256'] + del filedata['FireEyeDoD']['SHA256'] + + file_standard_list.append(file_standard_context) + dbot_score_list.append(dbot_score) + file_data_list.append(filedata) + + outputs = { + 'DBotScore(val.Vendor == obj.Vendor && val.Indicator == obj.Indicator)': dbot_score_list, + outputPaths['file']: file_standard_list, + 'File(val.MD5 == obj.MD5 || val.SHA256 == obj.SHA256)': file_data_list + } + + readable_output = tableToMarkdown('FireEye DoD Results', file_standard_list, headers=["MD5", "SHA256", "Malicious"]) + + return ( + readable_output, + outputs, + file_data_list + ) + + +def generate_report_url(client: Client, args: Dict[str, Any]) -> Tuple[str, dict, dict]: + report_id = str(args.get('report_id')) + expiration = arg_to_int(arg=args.get('expiration'), arg_name='expiration', required=True) + if expiration: + if expiration < 1 or expiration > 8760: + raise ValueError('Expiration must be between 1 and 8760 hours.') + else: + raise ValueError('Expiration not specified or not a number.') + + report = client.get_report_url(report_id=report_id, expiration=expiration) + presigned_report_url = report.get('presigned_report_url') + + readable_output = f'Report {report_id} is available [here]({presigned_report_url})' + + return ( + readable_output, + {}, + report + ) + + +def submit_file_command(client: Client, args: Dict[str, Any]) -> Tuple[str, dict, dict]: + entry_id = demisto.args().get('entryID') + file_entry = demisto.getFilePath(entry_id) # .get('path') + file_name = file_entry['name'] + file_path = file_entry['path'] + files = {'file': (file_name, open(file_path, 'rb'))} + + # Optional parameters to send along with the file + optional_params = ['password', 'param', 'screenshot', 'video', 'fileExtraction', 'memoryDump', 'pcap'] + data = {} + for param in optional_params: + value = demisto.args().get(param) + if value: + data[param] = value + + scan = client.submit_file(files=files, data=data) + + scan['filename'] = file_name + del scan['status'] + scan['overall_status'] = 'RUNNING' + + report_id = scan.get('report_id') + + readable_output = ( + f'Started analysis of {file_name} with FireEye Detection on Demand.' + f'Results will be published to report id: {report_id}' + ) + outputs = { + 'FireEyeDoD.Scan(val.report_id == obj.report_id)': scan + } + return ( + readable_output, + outputs, + scan + ) + + +def submit_urls_command(client: Client, args: Dict[str, Any]) -> Tuple[str, dict, dict]: + urls = argToList(args.get('urls')) + if len(urls) == 0: + raise ValueError('hash(es) not specified') + + # Format the URLs into a string list, which the API understands + formatted_urls = "[" + ",".join(list(map(lambda url: url.replace(url, f'"{url}"'), urls))) + "]" + data = {'urls': formatted_urls} + + scan = client.submit_urls(data=data) + + del scan['status'] + scan['overall_status'] = 'RUNNING' + + report_id = scan.get('report_id') + + readable_output = ( + f'Started analysis of {urls} with FireEye Detection on Demand.' + f'Results will be published to report id: {report_id}' + ) + outputs = { + 'FireEyeDoD.Scan(val.report_id == obj.report_id)': scan + } + return ( + readable_output, + outputs, + scan + ) + + +def get_reports_command(client: Client, args: Dict[str, Any]) -> Tuple[str, dict, Any]: + report_id_list = argToList(args.get('report_ids', [])) + extended = args.get('extended_report', "False") + screenshot = args.get('get_screenshot', "false") + artifact = args.get('get_artifact', "") + if len(report_id_list) == 0: + raise ValueError('report_id(s) not specified') + + report_list: List[Dict[str, Any]] = [] + for report_id in report_id_list: + report = client.report_status(report_id=report_id, extended=extended) + if screenshot.lower() == "true": + screenshot = client.report_artifact(report_id=report_id, artifact_type="screenshot") + stored_img = fileResult('screenshot.gif', screenshot) + demisto.results({'Type': entryTypes['image'], 'ContentsFormat': formats['text'], + 'File': stored_img['File'], 'FileID': stored_img['FileID'], 'Contents': ''}) + + if artifact != "": + artifacts = client.report_artifact(report_id=report_id, artifact_type=artifact) + stored_artifacts = fileResult('artifacts.zip', artifacts) + demisto.results({'Type': entryTypes['file'], 'ContentsFormat': formats['text'], + 'File': stored_artifacts['File'], 'FileID': stored_artifacts['FileID'], 'Contents': ''}) + + report_list.append(report) + + readable_output = tableToMarkdown('Scan status', report_list) + outputs = { + 'FireEyeDoD.Scan(val.report_id == obj.report_id)': report_list + } + return ( + readable_output, + outputs, + report_list + ) + + +''' MAIN FUNCTION ''' + + +def main() -> None: + """main function, parses params and runs command functions + + :return: + :rtype: + """ + + api_key = demisto.params().get('apikey') + + # get the service API url + base_url = demisto.params()['url'] + + # if your Client class inherits from BaseClient, SSL verification is + # handled out of the box by it, just pass ``verify_certificate`` to + # the Client constructor + verify_certificate = not demisto.params().get('insecure', False) + + # if your Client class inherits from BaseClient, system proxy is handled + # out of the box by it, just pass ``proxy`` to the Client constructor + proxy = demisto.params().get('proxy', False) + + # INTEGRATION DEVELOPER TIP + # You can use functions such as ``demisto.debug()``, ``demisto.info()``, + # etc. to print information in the XSOAR server log. You can set the log + # level on the server configuration + # See: https://xsoar.pan.dev/docs/integrations/code-conventions#logging + + demisto.debug(f'Command being called is {demisto.command()}') + try: + headers = { + 'feye-auth-key': f'{api_key}' + } + client = Client( + base_url=base_url, + verify=verify_certificate, + headers=headers, + proxy=proxy) + + if demisto.command() == 'test-module': + # This is the call made when pressing the integration Test button. + result = test_module(client) + demisto.results(result) + + elif demisto.command() == 'fireeye-dod-get-hashes': + return_outputs(*get_hashes_command(client, demisto.args())) + + elif demisto.command() == 'fireeye-dod-get-reports': + return_outputs(*get_reports_command(client, demisto.args())) + + elif demisto.command() == 'fireeye-dod-submit-file': + return_outputs(*submit_file_command(client, demisto.args())) + + elif demisto.command() == 'fireeye-dod-submit-urls': + return_outputs(*submit_urls_command(client, demisto.args())) + + elif demisto.command() == 'fireeye-dod-get-report-url': + return_outputs(*generate_report_url(client, demisto.args())) + + # Log exceptions and return errors + except Exception as e: + raise e + # demisto.error(traceback.format_exc()) # print the traceback + # return_error(f'Failed to execute {demisto.command()} command.\nError:\n{str(e)}') + + +''' ENTRY POINT ''' + + +if __name__ in ('__main__', '__builtin__', 'builtins'): + main() diff --git a/Packs/FireEye-Detection-on-Demand/Integrations/FireEye-Detection-on-Demand/FireEye-Detection-on-Demand.yml b/Packs/FireEye-Detection-on-Demand/Integrations/FireEye-Detection-on-Demand/FireEye-Detection-on-Demand.yml index 828a4a665003..a4e4da28f910 100644 --- a/Packs/FireEye-Detection-on-Demand/Integrations/FireEye-Detection-on-Demand/FireEye-Detection-on-Demand.yml +++ b/Packs/FireEye-Detection-on-Demand/Integrations/FireEye-Detection-on-Demand/FireEye-Detection-on-Demand.yml @@ -25,7 +25,7 @@ configuration: script: script: '' type: python - dockerimage: demisto/python3:3.9.8.24399 + dockerimage: demisto/python3:3.10.12.63474 runonce: false subtype: python3 commands: diff --git a/Packs/FireEye-Detection-on-Demand/ReleaseNotes/1_0_3.md b/Packs/FireEye-Detection-on-Demand/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..af470e3ecb98 --- /dev/null +++ b/Packs/FireEye-Detection-on-Demand/ReleaseNotes/1_0_3.md @@ -0,0 +1,3 @@ +#### Integrations +##### FireEye Detection on Demand +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/FireEye-Detection-on-Demand/pack_metadata.json b/Packs/FireEye-Detection-on-Demand/pack_metadata.json index 81216ef3d331..150df30162ca 100644 --- a/Packs/FireEye-Detection-on-Demand/pack_metadata.json +++ b/Packs/FireEye-Detection-on-Demand/pack_metadata.json @@ -2,7 +2,7 @@ "name": "FireEye Detection on Demand", "description": "Detonate files, hashes, and URLs using FireEye Detection on Demand", "support": "partner", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "FireEye Inc.", "githubUser": [ "mckibbenc", diff --git a/Packs/FireEyeCM/ReleaseNotes/1_1_20.md b/Packs/FireEyeCM/ReleaseNotes/1_1_20.md new file mode 100644 index 000000000000..1f47e8436101 --- /dev/null +++ b/Packs/FireEyeCM/ReleaseNotes/1_1_20.md @@ -0,0 +1,3 @@ +#### Integrations +##### FireEye Central Management +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/FireEyeCM/pack_metadata.json b/Packs/FireEyeCM/pack_metadata.json index b2b8dfc9d705..a8c35547b09b 100644 --- a/Packs/FireEyeCM/pack_metadata.json +++ b/Packs/FireEyeCM/pack_metadata.json @@ -2,7 +2,7 @@ "name": "FireEye Central Management", "description": "FireEye Central Management (CM Series) is the FireEye threat intelligence hub. It services the FireEye ecosystem, ensuring that FireEye products share the latest intelligence and correlate across attack vectors to detect and prevent cyber attacks", "support": "xsoar", - "currentVersion": "1.1.19", + "currentVersion": "1.1.20", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FireEyeETP/Integrations/FireEyeETP/FireEyeETP.yml b/Packs/FireEyeETP/Integrations/FireEyeETP/FireEyeETP.yml index 8e5a95a4ad32..09eee519a4b2 100644 --- a/Packs/FireEyeETP/Integrations/FireEyeETP/FireEyeETP.yml +++ b/Packs/FireEyeETP/Integrations/FireEyeETP/FireEyeETP.yml @@ -295,7 +295,7 @@ script: description: Detailed information from any particular alert. Alerts more than 90 days old are not available. isfetch: true subtype: python3 - dockerimage: demisto/python3:3.10.12.62631 + dockerimage: demisto/python3:3.10.12.63474 tests: - No Test diff --git a/Packs/FireEyeETP/ReleaseNotes/1_2_4.md b/Packs/FireEyeETP/ReleaseNotes/1_2_4.md new file mode 100644 index 000000000000..daed08cec609 --- /dev/null +++ b/Packs/FireEyeETP/ReleaseNotes/1_2_4.md @@ -0,0 +1,3 @@ +#### Integrations +##### FireEye ETP +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/FireEyeETP/pack_metadata.json b/Packs/FireEyeETP/pack_metadata.json index eec18a2665cc..108f939cf4fd 100644 --- a/Packs/FireEyeETP/pack_metadata.json +++ b/Packs/FireEyeETP/pack_metadata.json @@ -2,7 +2,7 @@ "name": "FireEye ETP", "description": "FireEye Email Threat Prevention (ETP Cloud) is a cloud-based platform that protects against advanced email attacks.", "support": "xsoar", - "currentVersion": "1.2.3", + "currentVersion": "1.2.4", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FireEyeHX/Integrations/FireEyeHXEventCollector/FireEyeHXEventCollector.yml b/Packs/FireEyeHX/Integrations/FireEyeHXEventCollector/FireEyeHXEventCollector.yml index c454e711e798..b94c70d8ebb5 100644 --- a/Packs/FireEyeHX/Integrations/FireEyeHXEventCollector/FireEyeHXEventCollector.yml +++ b/Packs/FireEyeHX/Integrations/FireEyeHXEventCollector/FireEyeHXEventCollector.yml @@ -50,7 +50,7 @@ script: - 'true' - 'false' required: true - dockerimage: demisto/python3:3.10.11.61265 + dockerimage: demisto/python3:3.10.12.63474 isfetchevents: true script: '-' subtype: python3 diff --git a/Packs/FireEyeHX/ReleaseNotes/2_3_10.md b/Packs/FireEyeHX/ReleaseNotes/2_3_10.md new file mode 100644 index 000000000000..9cd7d7755610 --- /dev/null +++ b/Packs/FireEyeHX/ReleaseNotes/2_3_10.md @@ -0,0 +1,3 @@ +#### Integrations +##### FireEye HX Event Collector +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/FireEyeHX/pack_metadata.json b/Packs/FireEyeHX/pack_metadata.json index 0bc01e142ee0..7a3d709894a6 100644 --- a/Packs/FireEyeHX/pack_metadata.json +++ b/Packs/FireEyeHX/pack_metadata.json @@ -2,7 +2,7 @@ "name": "FireEye HX", "description": "FireEye Endpoint Security is an integrated solution that detects and protects endpoints against known and unknown threats. The FireEye HX Cortex XSOAR integration provides access to information about endpoints, acquisitions, alerts, indicators, and containment. Customers can extract critical data and effectively operate the security operations automated playbooks.", "support": "xsoar", - "currentVersion": "2.3.9", + "currentVersion": "2.3.10", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FortiSandbox/Integrations/FortiSandbox/FortiSandbox.py b/Packs/FortiSandbox/Integrations/FortiSandbox/FortiSandbox.py index 0c2fce0152eb..561b6dc040cb 100644 --- a/Packs/FortiSandbox/Integrations/FortiSandbox/FortiSandbox.py +++ b/Packs/FortiSandbox/Integrations/FortiSandbox/FortiSandbox.py @@ -9,9 +9,10 @@ import os import requests +import urllib3 # Disable insecure warnings -requests.packages.urllib3.disable_warnings() +urllib3.disable_warnings() """HELPER FUNCTIONS""" diff --git a/Packs/FortiSandbox/Integrations/FortiSandbox/FortiSandbox.yml b/Packs/FortiSandbox/Integrations/FortiSandbox/FortiSandbox.yml index eebb91c83538..99cd525a4007 100644 --- a/Packs/FortiSandbox/Integrations/FortiSandbox/FortiSandbox.yml +++ b/Packs/FortiSandbox/Integrations/FortiSandbox/FortiSandbox.yml @@ -122,7 +122,7 @@ script: required: true description: Upload CSV URLs name: fortisandbox-upload-urls - dockerimage: demisto/python3:3.10.6.33415 + dockerimage: demisto/python3:3.10.12.63474 runonce: true script: '' subtype: python3 diff --git a/Packs/FortiSandbox/ReleaseNotes/1_0_4.md b/Packs/FortiSandbox/ReleaseNotes/1_0_4.md new file mode 100644 index 000000000000..041518b7e3d8 --- /dev/null +++ b/Packs/FortiSandbox/ReleaseNotes/1_0_4.md @@ -0,0 +1,3 @@ +#### Integrations +##### FortiSandbox +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/FortiSandbox/pack_metadata.json b/Packs/FortiSandbox/pack_metadata.json index 14f7dec06cd2..d771227d62a5 100644 --- a/Packs/FortiSandbox/pack_metadata.json +++ b/Packs/FortiSandbox/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Forti Sandbox", "description": "Pack contains integration with playbooks to upload file for malware analysis, retrieve the results and get file rating for previously scanned files from FortiSandbox", "support": "community", - "currentVersion": "1.0.3", + "currentVersion": "1.0.4", "author": "vibhuabharadwaj", "url": "", "email": "", diff --git a/Packs/Genians/Integrations/Genians/Genians.py b/Packs/Genians/Integrations/Genians/Genians.py index 4e246999306c..b81965606b39 100755 --- a/Packs/Genians/Integrations/Genians/Genians.py +++ b/Packs/Genians/Integrations/Genians/Genians.py @@ -1,206 +1,207 @@ -import demistomock as demisto -from CommonServerPython import * - -''' IMPORT ''' - -import json -import requests - -# Disable insecure warnings -requests.packages.urllib3.disable_warnings() - - -''' PARAMS ''' - -SERVER_IP = demisto.params().get("server_ip") -APIKEY = demisto.params().get("apikey") -TAG_NAME = demisto.params().get("tag_name") - -# Genian NAC Policy Center (Server) URL -BASE_URL = "https://" + SERVER_IP + ":8443/mc2" -# Genian NAC REST API Request URL -REQUEST_BASE_URL = "https://" + SERVER_IP + ":8443/mc2/rest/" -# Should We use SSL -USE_SSL = not demisto.params().get("insecure", False) -# Response Content Type -HEADER = { - "accept": "application/json", - "content-type": "application/json;charset=UTF-8" -} - - -''' HELPER FUNCTIONS ''' - - -def http_request(method, url, body=None): - """ - Makes an API call with the given arguments - """ - try: - result = requests.request( - method, - url, - data=body, - headers=HEADER, - verify=USE_SSL, - ) - if result.status_code < 200 or result.status_code >= 300: - raise Exception("Error in Genian NAC Integration API Call. Code: {0}".format(str(result.status_code))) - - json_result = result.json() - - return json_result - - except Exception as e: - return_error(str(e)) - - -def get_ip_nodeid(ip: str): - URL = REQUEST_BASE_URL + "nodes/" + ip + "/managementscope?apiKey=" + APIKEY - result = http_request("GET", URL) - return result - - -def get_tag_list(): - URL = REQUEST_BASE_URL + "tags?page=1&pageSize=30&npName=" + TAG_NAME + "&apiKey=" + APIKEY - result = http_request("GET", URL) - return result - - -def list_tag_data_string(tag_name: str): - data = [{ - "id": "", - "name": tag_name, - "description": "", - "startDate": "", - "expireDate": "", - "periodType": "", - "expiryPeriod": "" - }] - return data - - -''' COMMANDS + REQUESTS FUNCTIONS ''' - - -def assign_ip_tag(nodeid: str): - URL = REQUEST_BASE_URL + "nodes/" + nodeid + "/tags?apiKey=" + APIKEY - data = list_tag_data_string(TAG_NAME) - result = http_request("POST", URL, body=json.dumps(data)) - return result - - -def assign_ip_tag_command(): - IP = demisto.getArg("ip") - - result = get_ip_nodeid(IP) - nodeid = result[0]["nl_nodeid"] - - if not nodeid: - demisto.results("IP not found. [{0}] is not exist in your network".format(IP)) - else: - result2 = assign_ip_tag(nodeid) - - tag_check = "assign fail" - for a in result2: - if a["Name"] == TAG_NAME: - tag_check = TAG_NAME - break - - if tag_check == TAG_NAME: - hr = "IP : [{0}], [{1}] Tag assign success.".format(IP, TAG_NAME) - assign_tag = { - "nodeId": nodeid, - "Name": TAG_NAME - } - demisto.results({ - 'Type': entryTypes['note'], - 'ContentsFormat': formats['json'], - 'Contents': result2, - 'ReadableContentsFormat': formats['text'], - 'HumanReadable': hr, - 'EntryContext': { - "genians.tag.(val.Tag == obj.Tag)": assign_tag - } - }) - else: - raise Exception("IP : [{0}], [{1}] Tag assign fail.".format(IP, TAG_NAME)) - - -def unassign_ip_tag(nodeid: str, data): - URL = REQUEST_BASE_URL + "nodes/" + nodeid + "/tags?apiKey=" + APIKEY - result = http_request("DELETE", URL, body=data) - return result - - -def unassign_ip_tag_command(): - IP = demisto.getArg("ip") - - result = get_ip_nodeid(IP) - nodeid = result[0]["nl_nodeid"] - - if not nodeid: - demisto.results("IP not found. [{0}] is not exist in your network".format(IP)) - else: - result2 = get_tag_list() - - tag_check = "tag_not_exists" - for a in result2["result"]: - if a["NP_NAME"] == TAG_NAME: - tag_check = a["NP_IDX"] - break - - if tag_check != "tag_not_exists": - if int(tag_check): - data = "[\"" + str(tag_check) + "\"]" - result3 = unassign_ip_tag(nodeid, data) - if str(result3) == "[]": - hr = "IP : [{0}], [{1}] Tag unassign success.".format(IP, TAG_NAME) - unassign_tag = { - "nodeId": nodeid, - "Name": TAG_NAME - } - demisto.results({ - 'Type': entryTypes['note'], - 'ContentsFormat': formats['json'], - 'Contents': result3, - 'ReadableContentsFormat': formats['text'], - 'HumanReadable': hr, - 'EntryContext': { - "genians.tag.(val.Tag == obj.Tag)": unassign_tag - } - }) - else: - raise Exception("IP : [{0}], [{1}] Tag unassign fail.".format(IP, TAG_NAME)) - else: - demisto.results("[{0}] Tag not found.".format(TAG_NAME)) - else: - demisto.results("[{0}] Tag not found.".format(TAG_NAME)) - - -def main(): - """Main execution block""" - try: - - LOG("Command being called is {0}".format(demisto.command())) - - if demisto.command() == "test-module": - get_ip_nodeid('8.8.8.8') - demisto.results('ok') - elif demisto.command() == 'genians-assign-ip-tag': - assign_ip_tag_command() - elif demisto.command() == 'genians-unassign-ip-tag': - unassign_ip_tag_command() - else: - raise NotImplementedError("Command {} was not implemented.".format(demisto.command())) - - except Exception as e: - return_error(str(e)) - - finally: - LOG.print_log() - - -# python2 uses __builtin__ python3 uses builtins -if __name__ == '__builtin__' or __name__ == 'builtins': - main() +import demistomock as demisto +from CommonServerPython import * + +''' IMPORT ''' + +import json +import requests +import urllib3 + +# Disable insecure warnings +urllib3.disable_warnings() + + +''' PARAMS ''' + +SERVER_IP = demisto.params().get("server_ip") +APIKEY = demisto.params().get("apikey") +TAG_NAME = demisto.params().get("tag_name") + +# Genian NAC Policy Center (Server) URL +BASE_URL = "https://" + SERVER_IP + ":8443/mc2" +# Genian NAC REST API Request URL +REQUEST_BASE_URL = "https://" + SERVER_IP + ":8443/mc2/rest/" +# Should We use SSL +USE_SSL = not demisto.params().get("insecure", False) +# Response Content Type +HEADER = { + "accept": "application/json", + "content-type": "application/json;charset=UTF-8" +} + + +''' HELPER FUNCTIONS ''' + + +def http_request(method, url, body=None): + """ + Makes an API call with the given arguments + """ + try: + result = requests.request( + method, + url, + data=body, + headers=HEADER, + verify=USE_SSL, + ) + if result.status_code < 200 or result.status_code >= 300: + raise Exception("Error in Genian NAC Integration API Call. Code: {0}".format(str(result.status_code))) + + json_result = result.json() + + return json_result + + except Exception as e: + return_error(str(e)) + + +def get_ip_nodeid(ip: str): + URL = REQUEST_BASE_URL + "nodes/" + ip + "/managementscope?apiKey=" + APIKEY + result = http_request("GET", URL) + return result + + +def get_tag_list(): + URL = REQUEST_BASE_URL + "tags?page=1&pageSize=30&npName=" + TAG_NAME + "&apiKey=" + APIKEY + result = http_request("GET", URL) + return result + + +def list_tag_data_string(tag_name: str): + data = [{ + "id": "", + "name": tag_name, + "description": "", + "startDate": "", + "expireDate": "", + "periodType": "", + "expiryPeriod": "" + }] + return data + + +''' COMMANDS + REQUESTS FUNCTIONS ''' + + +def assign_ip_tag(nodeid: str): + URL = REQUEST_BASE_URL + "nodes/" + nodeid + "/tags?apiKey=" + APIKEY + data = list_tag_data_string(TAG_NAME) + result = http_request("POST", URL, body=json.dumps(data)) + return result + + +def assign_ip_tag_command(): + IP = demisto.getArg("ip") + + result = get_ip_nodeid(IP) + nodeid = result[0]["nl_nodeid"] + + if not nodeid: + demisto.results("IP not found. [{0}] is not exist in your network".format(IP)) + else: + result2 = assign_ip_tag(nodeid) + + tag_check = "assign fail" + for a in result2: + if a["Name"] == TAG_NAME: + tag_check = TAG_NAME + break + + if tag_check == TAG_NAME: + hr = "IP : [{0}], [{1}] Tag assign success.".format(IP, TAG_NAME) + assign_tag = { + "nodeId": nodeid, + "Name": TAG_NAME + } + demisto.results({ + 'Type': entryTypes['note'], + 'ContentsFormat': formats['json'], + 'Contents': result2, + 'ReadableContentsFormat': formats['text'], + 'HumanReadable': hr, + 'EntryContext': { + "genians.tag.(val.Tag == obj.Tag)": assign_tag + } + }) + else: + raise Exception("IP : [{0}], [{1}] Tag assign fail.".format(IP, TAG_NAME)) + + +def unassign_ip_tag(nodeid: str, data): + URL = REQUEST_BASE_URL + "nodes/" + nodeid + "/tags?apiKey=" + APIKEY + result = http_request("DELETE", URL, body=data) + return result + + +def unassign_ip_tag_command(): + IP = demisto.getArg("ip") + + result = get_ip_nodeid(IP) + nodeid = result[0]["nl_nodeid"] + + if not nodeid: + demisto.results("IP not found. [{0}] is not exist in your network".format(IP)) + else: + result2 = get_tag_list() + + tag_check = "tag_not_exists" + for a in result2["result"]: + if a["NP_NAME"] == TAG_NAME: + tag_check = a["NP_IDX"] + break + + if tag_check != "tag_not_exists": + if int(tag_check): + data = "[\"" + str(tag_check) + "\"]" + result3 = unassign_ip_tag(nodeid, data) + if str(result3) == "[]": + hr = "IP : [{0}], [{1}] Tag unassign success.".format(IP, TAG_NAME) + unassign_tag = { + "nodeId": nodeid, + "Name": TAG_NAME + } + demisto.results({ + 'Type': entryTypes['note'], + 'ContentsFormat': formats['json'], + 'Contents': result3, + 'ReadableContentsFormat': formats['text'], + 'HumanReadable': hr, + 'EntryContext': { + "genians.tag.(val.Tag == obj.Tag)": unassign_tag + } + }) + else: + raise Exception("IP : [{0}], [{1}] Tag unassign fail.".format(IP, TAG_NAME)) + else: + demisto.results("[{0}] Tag not found.".format(TAG_NAME)) + else: + demisto.results("[{0}] Tag not found.".format(TAG_NAME)) + + +def main(): + """Main execution block""" + try: + + LOG("Command being called is {0}".format(demisto.command())) + + if demisto.command() == "test-module": + get_ip_nodeid('8.8.8.8') + demisto.results('ok') + elif demisto.command() == 'genians-assign-ip-tag': + assign_ip_tag_command() + elif demisto.command() == 'genians-unassign-ip-tag': + unassign_ip_tag_command() + else: + raise NotImplementedError("Command {} was not implemented.".format(demisto.command())) + + except Exception as e: + return_error(str(e)) + + finally: + LOG.print_log() + + +# python2 uses __builtin__ python3 uses builtins +if __name__ == '__builtin__' or __name__ == 'builtins': + main() diff --git a/Packs/Genians/Integrations/Genians/Genians.yml b/Packs/Genians/Integrations/Genians/Genians.yml index b8a6c600525d..083499bbd52d 100755 --- a/Packs/Genians/Integrations/Genians/Genians.yml +++ b/Packs/Genians/Integrations/Genians/Genians.yml @@ -57,7 +57,7 @@ script: description: Tag name type: string description: Removes the tag(s) from the Node specified. - dockerimage: demisto/python3:3.9.8.24399 + dockerimage: demisto/python3:3.10.12.63474 runonce: false script: '-' subtype: python3 diff --git a/Packs/Genians/ReleaseNotes/1_0_9.md b/Packs/Genians/ReleaseNotes/1_0_9.md new file mode 100644 index 000000000000..9e44fedb3505 --- /dev/null +++ b/Packs/Genians/ReleaseNotes/1_0_9.md @@ -0,0 +1,3 @@ +#### Integrations +##### Genians +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/Genians/pack_metadata.json b/Packs/Genians/pack_metadata.json index 1c271e17ad83..a23c5bad2e12 100644 --- a/Packs/Genians/pack_metadata.json +++ b/Packs/Genians/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Genians", "description": "Use the Genian NAC integration to block IP addresses using the assign tag.", "support": "partner", - "currentVersion": "1.0.8", + "currentVersion": "1.0.9", "author": "Genians", "url": "https://www.genians.com/resources-overview/", "email": "integration@genians.com", diff --git a/Packs/GoogleMaps/Integrations/GoogleMaps/GoogleMaps.yml b/Packs/GoogleMaps/Integrations/GoogleMaps/GoogleMaps.yml index 5ab8c846a7e0..e43566f95d59 100644 --- a/Packs/GoogleMaps/Integrations/GoogleMaps/GoogleMaps.yml +++ b/Packs/GoogleMaps/Integrations/GoogleMaps/GoogleMaps.yml @@ -52,7 +52,7 @@ script: - contextPath: GoogleMaps.Country description: The country or region where the provided location is, according to Google Maps. type: String - dockerimage: demisto/python3:3.10.8.37233 + dockerimage: demisto/python3:3.10.12.63474 runonce: false script: '-' subtype: python3 diff --git a/Packs/GoogleMaps/ReleaseNotes/1_0_14.md b/Packs/GoogleMaps/ReleaseNotes/1_0_14.md new file mode 100644 index 000000000000..ef1a4ada0bb7 --- /dev/null +++ b/Packs/GoogleMaps/ReleaseNotes/1_0_14.md @@ -0,0 +1,3 @@ +#### Integrations +##### Google Maps +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/GoogleMaps/pack_metadata.json b/Packs/GoogleMaps/pack_metadata.json index ab9ec05567b3..6718e1b288f6 100644 --- a/Packs/GoogleMaps/pack_metadata.json +++ b/Packs/GoogleMaps/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Google Maps", "description": "Use the Google Maps Geocoding API", "support": "xsoar", - "currentVersion": "1.0.13", + "currentVersion": "1.0.14", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/GoogleSafeBrowsing/Integrations/GoogleSafeBrowsingV2/GoogleSafeBrowsingV2.yml b/Packs/GoogleSafeBrowsing/Integrations/GoogleSafeBrowsingV2/GoogleSafeBrowsingV2.yml index 7f221daffa76..432c6e0800e5 100644 --- a/Packs/GoogleSafeBrowsing/Integrations/GoogleSafeBrowsingV2/GoogleSafeBrowsingV2.yml +++ b/Packs/GoogleSafeBrowsing/Integrations/GoogleSafeBrowsingV2/GoogleSafeBrowsingV2.yml @@ -90,7 +90,7 @@ script: - contextPath: GoogleSafeBrowsing.URL.threatEntryType description: The URL threat entry type. type: string - dockerimage: demisto/python3:3.10.8.37233 + dockerimage: demisto/python3:3.10.12.63474 runonce: false script: '-' subtype: python3 diff --git a/Packs/GoogleSafeBrowsing/ReleaseNotes/2_0_18.md b/Packs/GoogleSafeBrowsing/ReleaseNotes/2_0_18.md new file mode 100644 index 000000000000..bb5e8604a293 --- /dev/null +++ b/Packs/GoogleSafeBrowsing/ReleaseNotes/2_0_18.md @@ -0,0 +1,3 @@ +#### Integrations +##### Google Safe Browsing v2 +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/GoogleSafeBrowsing/pack_metadata.json b/Packs/GoogleSafeBrowsing/pack_metadata.json index 93c38ea280db..eb86af967cca 100644 --- a/Packs/GoogleSafeBrowsing/pack_metadata.json +++ b/Packs/GoogleSafeBrowsing/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Google Safe Browsing", "description": "Search Safe Browsing", "support": "xsoar", - "currentVersion": "2.0.17", + "currentVersion": "2.0.18", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIBTIA/GroupIBTIA.yml b/Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIBTIA/GroupIBTIA.yml index 128a9b1ee151..54b19d932f2f 100644 --- a/Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIBTIA/GroupIBTIA.yml +++ b/Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIBTIA/GroupIBTIA.yml @@ -1167,7 +1167,7 @@ script: - contextPath: additional_info description: Additional info about feed type: String - dockerimage: demisto/python3:3.10.4.29342 + dockerimage: demisto/python3:3.10.12.63474 isfetch: true runonce: false script: '-' diff --git a/Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIB_TIA_Feed/GroupIB_TIA_Feed.yml b/Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIB_TIA_Feed/GroupIB_TIA_Feed.yml index 92ad23241870..f7f19edd13ee 100644 --- a/Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIB_TIA_Feed/GroupIB_TIA_Feed.yml +++ b/Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIB_TIA_Feed/GroupIB_TIA_Feed.yml @@ -160,7 +160,7 @@ script: - '50' description: Get limited count of indicators for specified collection and get all indicators from particular events by id. name: gibtia-get-indicators - dockerimage: demisto/python3:3.10.4.29342 + dockerimage: demisto/python3:3.10.12.63474 feed: true runonce: false script: '-' diff --git a/Packs/GroupIB_ThreatIntelligenceAttribution/ReleaseNotes/1_3_11.md b/Packs/GroupIB_ThreatIntelligenceAttribution/ReleaseNotes/1_3_11.md new file mode 100644 index 000000000000..133abe7af225 --- /dev/null +++ b/Packs/GroupIB_ThreatIntelligenceAttribution/ReleaseNotes/1_3_11.md @@ -0,0 +1,5 @@ +#### Integrations +##### Group-IB Threat Intelligence & Attribution Feed +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. +##### Group-IB Threat Intelligence & Attribution +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/GroupIB_ThreatIntelligenceAttribution/pack_metadata.json b/Packs/GroupIB_ThreatIntelligenceAttribution/pack_metadata.json index 10a6b6bd9642..6d012c0e3ca2 100644 --- a/Packs/GroupIB_ThreatIntelligenceAttribution/pack_metadata.json +++ b/Packs/GroupIB_ThreatIntelligenceAttribution/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Group-IB Threat Intelligence & Attribution", "description": "Group-IB Threat Intelligence & Attribution is a system for analyzing and attributing cyberattacks, threat hunting, and protecting network infrastructure based on data relating to adversary tactics, tools, and activity. Use this pack to fast receive incidents related to you, attribute them to adversaries to do instant response, enrich your security with an enormous IOCs collection, and provide possibilities for manual investigation through Group-IB data via Cortex XSOAR interface.", "support": "partner", - "currentVersion": "1.3.10", + "currentVersion": "1.3.11", "author": "Group-IB", "url": "https://www.group-ib.com/", "email": "presale@group-ib.com", diff --git a/Packs/Imperva_WAF/Integrations/ImpervaWAF/ImpervaWAF.yml b/Packs/Imperva_WAF/Integrations/ImpervaWAF/ImpervaWAF.yml index a09599820776..e207c54d51d9 100644 --- a/Packs/Imperva_WAF/Integrations/ImpervaWAF/ImpervaWAF.yml +++ b/Packs/Imperva_WAF/Integrations/ImpervaWAF/ImpervaWAF.yml @@ -505,7 +505,7 @@ script: required: true description: Deletes a web service custom policy indicated by the policy name. name: imperva-waf-web-service-custom-policy-delete - dockerimage: demisto/python3:3.10.8.37233 + dockerimage: demisto/python3:3.10.12.63474 runonce: false script: '-' subtype: python3 diff --git a/Packs/Imperva_WAF/ReleaseNotes/1_0_17.md b/Packs/Imperva_WAF/ReleaseNotes/1_0_17.md new file mode 100644 index 000000000000..da14013fb8b1 --- /dev/null +++ b/Packs/Imperva_WAF/ReleaseNotes/1_0_17.md @@ -0,0 +1,3 @@ +#### Integrations +##### Imperva WAF +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/Imperva_WAF/pack_metadata.json b/Packs/Imperva_WAF/pack_metadata.json index 42607287caa5..0c91ef785d2d 100644 --- a/Packs/Imperva_WAF/pack_metadata.json +++ b/Packs/Imperva_WAF/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Imperva WAF", "description": "Use the Imperva WAF integration to manage IP groups and Web security policies in Imperva WAF.", "support": "xsoar", - "currentVersion": "1.0.16", + "currentVersion": "1.0.17", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/KasperskySecurityCenter/Integrations/KasperskySecurityCenter/KasperskySecurityCenter.py b/Packs/KasperskySecurityCenter/Integrations/KasperskySecurityCenter/KasperskySecurityCenter.py index ee3397971eb1..7c6fb6cbff15 100644 --- a/Packs/KasperskySecurityCenter/Integrations/KasperskySecurityCenter/KasperskySecurityCenter.py +++ b/Packs/KasperskySecurityCenter/Integrations/KasperskySecurityCenter/KasperskySecurityCenter.py @@ -2,7 +2,8 @@ from CommonServerPython import * from CommonServerUserPython import * -requests.packages.urllib3.disable_warnings() +import urllib3 +urllib3.disable_warnings() HOST_FIELDS = [ 'KLHST_WKS_FQDN', diff --git a/Packs/KasperskySecurityCenter/Integrations/KasperskySecurityCenter/KasperskySecurityCenter.yml b/Packs/KasperskySecurityCenter/Integrations/KasperskySecurityCenter/KasperskySecurityCenter.yml index 1e49cca727c2..048c08acf52f 100644 --- a/Packs/KasperskySecurityCenter/Integrations/KasperskySecurityCenter/KasperskySecurityCenter.yml +++ b/Packs/KasperskySecurityCenter/Integrations/KasperskySecurityCenter/KasperskySecurityCenter.yml @@ -359,7 +359,7 @@ script: - contextPath: KasperskySecurityCenter.Policy.KLPOL_ID description: Policy ID. type: Number - dockerimage: demisto/python3:3.10.4.27798 + dockerimage: demisto/python3:3.10.12.63474 runonce: false script: '-' subtype: python3 diff --git a/Packs/KasperskySecurityCenter/ReleaseNotes/1_0_8.md b/Packs/KasperskySecurityCenter/ReleaseNotes/1_0_8.md new file mode 100644 index 000000000000..a2fcb5ea3a3f --- /dev/null +++ b/Packs/KasperskySecurityCenter/ReleaseNotes/1_0_8.md @@ -0,0 +1,3 @@ +#### Integrations +##### Kaspersky Security Center (Beta) +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/KasperskySecurityCenter/pack_metadata.json b/Packs/KasperskySecurityCenter/pack_metadata.json index 8649a1689df4..66ce582bb908 100644 --- a/Packs/KasperskySecurityCenter/pack_metadata.json +++ b/Packs/KasperskySecurityCenter/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Kaspersky Security Center", "description": "Manage endpoints and groups through the Kaspersky Security Center.", "support": "xsoar", - "currentVersion": "1.0.7", + "currentVersion": "1.0.8", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Linkshadow/Integrations/Linkshadow/Linkshadow.yml b/Packs/Linkshadow/Integrations/Linkshadow/Linkshadow.yml index 22db1ea47f29..e78687c0e16e 100644 --- a/Packs/Linkshadow/Integrations/Linkshadow/Linkshadow.yml +++ b/Packs/Linkshadow/Integrations/Linkshadow/Linkshadow.yml @@ -119,7 +119,7 @@ script: description: Time of Anomaly seen type: date description: Return the full entity details for all devices referenced by data in an API response. Use of this command will return the JSON structure of the API response . - dockerimage: demisto/python3:3.9.8.24399 + dockerimage: demisto/python3:3.10.12.63474 isfetch: true script: '-' subtype: python3 diff --git a/Packs/Linkshadow/ReleaseNotes/1_0_6.md b/Packs/Linkshadow/ReleaseNotes/1_0_6.md new file mode 100644 index 000000000000..5f882ef5d1e3 --- /dev/null +++ b/Packs/Linkshadow/ReleaseNotes/1_0_6.md @@ -0,0 +1,3 @@ +#### Integrations +##### Linkshadow +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/Linkshadow/pack_metadata.json b/Packs/Linkshadow/pack_metadata.json index dbdc504e278c..da04114eaaec 100644 --- a/Packs/Linkshadow/pack_metadata.json +++ b/Packs/Linkshadow/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Linkshadow", "description": "Fetch Network Anomalies data from LinkShadow and execute the remediation Actions.", "support": "partner", - "currentVersion": "1.0.5", + "currentVersion": "1.0.6", "author": "Linkshadow", "url": "https://www.linkshadow.com/account/login", "email": "support@linkshadow.com", diff --git a/Packs/Mimecast/Integrations/MimecastV2/MimecastV2.yml b/Packs/Mimecast/Integrations/MimecastV2/MimecastV2.yml index 3216d3ed47ab..f5d3b2a95a01 100644 --- a/Packs/Mimecast/Integrations/MimecastV2/MimecastV2.yml +++ b/Packs/Mimecast/Integrations/MimecastV2/MimecastV2.yml @@ -2016,7 +2016,7 @@ script: script: '-' subtype: python3 type: python - dockerimage: demisto/python3:3.10.10.48392 + dockerimage: demisto/python3:3.10.12.63474 tests: - Mimecast test fromversion: 5.0.0 diff --git a/Packs/Mimecast/ReleaseNotes/2_1_8.md b/Packs/Mimecast/ReleaseNotes/2_1_8.md new file mode 100644 index 000000000000..18f714dc9881 --- /dev/null +++ b/Packs/Mimecast/ReleaseNotes/2_1_8.md @@ -0,0 +1,3 @@ +#### Integrations +##### Mimecast v2 +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/Mimecast/pack_metadata.json b/Packs/Mimecast/pack_metadata.json index 53f668196d59..20b3b8ebe108 100644 --- a/Packs/Mimecast/pack_metadata.json +++ b/Packs/Mimecast/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Mimecast", "description": "Mimecast unified email management offers cloud email services for email security, continuity and archiving emails. Read the detailed instructions to understand how to configure the integration's parameters.", "support": "xsoar", - "currentVersion": "2.1.7", + "currentVersion": "2.1.8", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/NationalVulnerabilityDatabaseFeed/Integrations/NationalVulnerabilityDatabaseFeed/NationalVulnerabilityDatabaseFeed.py b/Packs/NationalVulnerabilityDatabaseFeed/Integrations/NationalVulnerabilityDatabaseFeed/NationalVulnerabilityDatabaseFeed.py index 9c93c26fcbd1..daa1e14306dc 100644 --- a/Packs/NationalVulnerabilityDatabaseFeed/Integrations/NationalVulnerabilityDatabaseFeed/NationalVulnerabilityDatabaseFeed.py +++ b/Packs/NationalVulnerabilityDatabaseFeed/Integrations/NationalVulnerabilityDatabaseFeed/NationalVulnerabilityDatabaseFeed.py @@ -5,10 +5,11 @@ from typing import Dict, Any, List from datetime import datetime, timedelta from time import sleep +import urllib3 # Disable insecure warnings -requests.packages.urllib3.disable_warnings() # pylint: disable=no-member +urllib3.disable_warnings() # pylint: disable=no-member ''' CONSTANTS ''' diff --git a/Packs/NationalVulnerabilityDatabaseFeed/Integrations/NationalVulnerabilityDatabaseFeed/NationalVulnerabilityDatabaseFeed.yml b/Packs/NationalVulnerabilityDatabaseFeed/Integrations/NationalVulnerabilityDatabaseFeed/NationalVulnerabilityDatabaseFeed.yml index c33f0853140f..79013caa016a 100644 --- a/Packs/NationalVulnerabilityDatabaseFeed/Integrations/NationalVulnerabilityDatabaseFeed/NationalVulnerabilityDatabaseFeed.yml +++ b/Packs/NationalVulnerabilityDatabaseFeed/Integrations/NationalVulnerabilityDatabaseFeed/NationalVulnerabilityDatabaseFeed.yml @@ -191,7 +191,7 @@ script: - contextPath: CPE.titles description: This element contains the human-readable, English title for the CPE. type: Unknown - dockerimage: demisto/python3:3.10.1.25933 + dockerimage: demisto/python3:3.10.12.63474 feed: true subtype: python3 isFetchSamples: true diff --git a/Packs/NationalVulnerabilityDatabaseFeed/ReleaseNotes/1_0_3.md b/Packs/NationalVulnerabilityDatabaseFeed/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..0143aab55b69 --- /dev/null +++ b/Packs/NationalVulnerabilityDatabaseFeed/ReleaseNotes/1_0_3.md @@ -0,0 +1,3 @@ +#### Integrations +##### National Vulnerability Database +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/NationalVulnerabilityDatabaseFeed/pack_metadata.json b/Packs/NationalVulnerabilityDatabaseFeed/pack_metadata.json index 34827e59a3cf..592b5b535dc4 100644 --- a/Packs/NationalVulnerabilityDatabaseFeed/pack_metadata.json +++ b/Packs/NationalVulnerabilityDatabaseFeed/pack_metadata.json @@ -2,7 +2,7 @@ "name": "National Vulnerability Database Feed", "description": "CVE and CPE feed from the National Vulnerability Database", "support": "community", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "Adam Burt", "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions", "email": "", diff --git a/Packs/NucleonCyber/Integrations/NucleonCyberFeed/NucleonCyberFeed.yml b/Packs/NucleonCyber/Integrations/NucleonCyberFeed/NucleonCyberFeed.yml index e10a93f5bc68..fb90cf589f68 100644 --- a/Packs/NucleonCyber/Integrations/NucleonCyberFeed/NucleonCyberFeed.yml +++ b/Packs/NucleonCyber/Integrations/NucleonCyberFeed/NucleonCyberFeed.yml @@ -118,7 +118,7 @@ script: - contextPath: NucleonCyber.Indicators.exp description: Indicators exp. type: String - dockerimage: demisto/python3:3.9.8.24399 + dockerimage: demisto/python3:3.10.12.63474 feed: true runonce: false script: '-' diff --git a/Packs/NucleonCyber/ReleaseNotes/1_0_3.md b/Packs/NucleonCyber/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..f5a954e3b917 --- /dev/null +++ b/Packs/NucleonCyber/ReleaseNotes/1_0_3.md @@ -0,0 +1,3 @@ +#### Integrations +##### NucleonCyberFeed +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/NucleonCyber/pack_metadata.json b/Packs/NucleonCyber/pack_metadata.json index a4d4bb73205a..a17909a4e6ce 100644 --- a/Packs/NucleonCyber/pack_metadata.json +++ b/Packs/NucleonCyber/pack_metadata.json @@ -2,7 +2,7 @@ "name": "NucleonCyber", "description": "NucleonCyber indicator data feed ", "support": "partner", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "NucleonCyber", "url": "", "email": "support@nucleon.sh", diff --git a/Packs/OpenSourceVulnerabilities/Integrations/OSV/OSV.py b/Packs/OpenSourceVulnerabilities/Integrations/OSV/OSV.py index f2d5eb73f422..f11c324a1a9f 100644 --- a/Packs/OpenSourceVulnerabilities/Integrations/OSV/OSV.py +++ b/Packs/OpenSourceVulnerabilities/Integrations/OSV/OSV.py @@ -1,5 +1,6 @@ import demistomock as demisto # noqa: F401 from CommonServerPython import * # noqa: F401 +import urllib3 class Client(BaseClient): @@ -100,7 +101,7 @@ def main() -> None: demisto.debug(f'Command being called is {command}') try: - requests.packages.urllib3.disable_warnings() + urllib3.disable_warnings() client: Client = Client(urljoin(url, ''), verify_certificate, proxy, headers=headers, auth=None) commands = { diff --git a/Packs/OpenSourceVulnerabilities/Integrations/OSV/OSV.yml b/Packs/OpenSourceVulnerabilities/Integrations/OSV/OSV.yml index 24b0129d6667..188a5fb19f59 100644 --- a/Packs/OpenSourceVulnerabilities/Integrations/OSV/OSV.yml +++ b/Packs/OpenSourceVulnerabilities/Integrations/OSV/OSV.yml @@ -144,7 +144,7 @@ script: - contextPath: OSV.VulnerabilityList.vulns.references.url description: Reference URL for more details. type: string - dockerimage: demisto/python3:3.10.1.25933 + dockerimage: demisto/python3:3.10.12.63474 script: '' subtype: python3 type: python diff --git a/Packs/OpenSourceVulnerabilities/Integrations/OSV/README.md b/Packs/OpenSourceVulnerabilities/Integrations/OSV/README.md index 5d6d1dc2bf52..5cc820c0c0b9 100644 --- a/Packs/OpenSourceVulnerabilities/Integrations/OSV/README.md +++ b/Packs/OpenSourceVulnerabilities/Integrations/OSV/README.md @@ -1,5 +1,115 @@ -This README contains the full documentation for your integration. +OSV (Open Source Vulnerability) is a vulnerability database for open source projects. For each vulnerability, it perform bisects to figure out the exact commit that introduces the bug, as well the exact commit that fixes it. This is cross referenced against upstream repositories to figure out the affected tags and commit ranges -You auto-generate this README file from your integration YML file using the `demisto-sdk generate-docs` command. +## Configure OSV on Cortex XSOAR -For more information see the [integration documentation](https://xsoar.pan.dev/docs/integrations/integration-docs). +1. Navigate to **Settings** > **Integrations** > **Servers & Services**. +2. Search for OSV. +3. Click **Add instance** to create and configure a new integration instance. + + | **Parameter** | **Required** | + | --- | --- | + | Server URL (e.g. https://api.osv.dev) | True | + | Trust any certificate (not secure) | | + | Use system proxy settings | | + +4. Click **Test** to validate the URLs, token, and connection. + +## Commands + +You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. +After you successfully execute a command, a DBot message appears in the War Room with the command details. + +### osv-get-vuln-by-id + +*** +Return a `Vulnerability` object for a given OSV ID. All list of vulnerabilities can be found at https://osv.dev/list + +#### Base Command + +`osv-get-vuln-by-id` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| id_ | The `id` field is a unique identifier for the vulnerability entry. For example: OSV-2020-111. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| OSV.Vulnerability.id | String | The \`id\` field is a unique identifier for the vulnerability entry | +| OSV.Vulnerability.published | String | The RFC3339 timestamp indicating when this entry was published. | +| OSV.Vulnerability.modified | String | The RFC3339 timestamp indicating when this entry was last modified. | +| OSV.Vulnerability.withdrawn | String | The RFC3339 timestamp indicating when this entry is considered to be withdrawn. | +| OSV.Vulnerability.summary | String | One line human readable summary for the vulnerability. It is recommended to keep this under 120 characters. | +| OSV.Vulnerability.details | String | Any additional human readable details for the vulnerability. | +| OSV.Vulnerability.affected.ranges.repo | String | Applicable if type is GIT. The publicly accessible URL of the repo that can be directly passed to clone commands. | +| OSV.Vulnerability.affected.ranges.events.introduced | String | The earliest version/commit where this vulnerability was introduced in. | +| OSV.Vulnerability.affected.ranges.events.fixed | String | The version/commit that this vulnerability was fixed in. | +| OSV.Vulnerability.affected.ranges.events.limit | String | The limit to apply to the range. | +| OSV.Vulnerability.references.url | String | Reference URL for more details. | + +### osv-query-affected-by-commit + +*** +Query vulnerabilities for a particular project at a given commit + +#### Base Command + +`osv-query-affected-by-commit` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| commit | The commit hash to query for. E.g 6879efc2c1596d11a6a6ad296f80063b558d5e0f. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| OSV.VulnerabilityList.vulns.id | String | The \`id\` field is a unique identifier for the vulnerability entry. | +| OSV.VulnerabilityList.vulns.published | String | The RFC3339 timestamp indicating when this entry was published. | +| OSV.VulnerabilityList.vulns.modified | String | The RFC3339 timestamp indicating when this entry was last modified. | +| OSV.VulnerabilityList.vulns.withdrawn | String | The RFC3339 timestamp indicating when this entry is considered to be withdrawn. | +| OSV.VulnerabilityList.vulns.summary | String | One line human readable summary for the vulnerability. It is recommended to keep this under 120 characters. | +| OSV.VulnerabilityList.vulns.details | String | Any additional human readable details for the vulnerability. | +| OSV.VulnerabilityList.vulns.affected.ranges.repo | String | Applicable if type is GIT. The publicly accessible URL of the repo that can be directly passed to clone commands. | +| OSV.VulnerabilityList.vulns.affected.ranges.events.introduced | String | The earliest version/commit where this vulnerability was introduced in. | +| OSV.VulnerabilityList.vulns.affected.ranges.events.fixed | String | The version/commit that this vulnerability was fixed in. | +| OSV.VulnerabilityList.vulns.affected.ranges.events.limit | String | The limit to apply to the range. | +| OSV.VulnerabilityList.vulns.references.url | String | Reference URL for more details. | + +### osv-query-affected-by-package + +*** +Query vulnerabilities for a particular project based on package name and verion + +#### Base Command + +`osv-query-affected-by-package` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| version | The version string to query for. A fuzzy match is done against upstream versions. Eg. 3.3.0. | Required | +| packageName | The name of the package/project to query for. Eg. django-tinymce. | Required | +| ecosystem | The ecosystem of the package. Eg. PyPI. | Optional | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| OSV.VulnerabilityList.vulns.id | string | The \`id\` field is a unique identifier for the vulnerability entry. | +| OSV.VulnerabilityList.vulns.published | string | The RFC3339 timestamp indicating when this entry was published. | +| OSV.VulnerabilityList.vulns.modified | string | The RFC3339 timestamp indicating when this entry was last modified. | +| OSV.VulnerabilityList.vulns.withdrawn | string | The RFC3339 timestamp indicating when this entry is considered to be withdrawn. | +| OSV.VulnerabilityList.vulns.summary | string | One line human readable summary for the vulnerability. It is recommended to keep this under 120 characters. | +| OSV.VulnerabilityList.vulns.details | string | Any additional human readable details for the vulnerability. | +| OSV.VulnerabilityList.vulns.affected.ranges.repo | string | Applicable if type is GIT. The publicly accessible URL of the repo that can be directly passed to clone commands. | +| OSV.VulnerabilityList.vulns.affected.ranges.events.introduced | string | The earliest version/commit where this vulnerability was introduced in. | +| OSV.VulnerabilityList.vulns.affected.ranges.events.fixed | string | The version/commit that this vulnerability was fixed in. | +| OSV.VulnerabilityList.vulns.affected.ranges.events.limit | string | The limit to apply to the range. | +| OSV.VulnerabilityList.vulns.references.url | string | Reference URL for more details. | diff --git a/Packs/OpenSourceVulnerabilities/ReleaseNotes/1_0_1.md b/Packs/OpenSourceVulnerabilities/ReleaseNotes/1_0_1.md new file mode 100644 index 000000000000..478b1c8d5290 --- /dev/null +++ b/Packs/OpenSourceVulnerabilities/ReleaseNotes/1_0_1.md @@ -0,0 +1,3 @@ +#### Integrations +##### OSV +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/OpenSourceVulnerabilities/pack_metadata.json b/Packs/OpenSourceVulnerabilities/pack_metadata.json index 1fbf8ac5844e..ab8cd2204903 100644 --- a/Packs/OpenSourceVulnerabilities/pack_metadata.json +++ b/Packs/OpenSourceVulnerabilities/pack_metadata.json @@ -2,7 +2,7 @@ "name": "OpenSourceVulnerabilities", "description": "OSV (Open Source Vulnerability) is a vulnerability database for open source projects. For each vulnerability, it perform bisects to figure out the exact commit that introduces the bug, as well the exact commit that fixes it. This is cross referenced against upstream repositories to figure out the affected tags and commit ranges", "support": "community", - "currentVersion": "1.0.0", + "currentVersion": "1.0.1", "author": "Anil Agrawal", "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions", "email": "", diff --git a/Packs/Orca/Integrations/Orca/Orca.yml b/Packs/Orca/Integrations/Orca/Orca.yml index e177ee2d1b6d..8a2e5152a3d0 100644 --- a/Packs/Orca/Integrations/Orca/Orca.yml +++ b/Packs/Orca/Integrations/Orca/Orca.yml @@ -186,7 +186,7 @@ script: description: Basic information of the file type: string description: Downloads a capture file from CS Enterprise. - dockerimage: demisto/python3:3.10.12.62631 + dockerimage: demisto/python3:3.10.12.63474 isfetch: true runonce: false script: '-' diff --git a/Packs/Orca/ReleaseNotes/2_2_4.md b/Packs/Orca/ReleaseNotes/2_2_4.md new file mode 100644 index 000000000000..728f611e3096 --- /dev/null +++ b/Packs/Orca/ReleaseNotes/2_2_4.md @@ -0,0 +1,3 @@ +#### Integrations +##### Orca +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/Orca/pack_metadata.json b/Packs/Orca/pack_metadata.json index 520cb8384852..18c71e355982 100644 --- a/Packs/Orca/pack_metadata.json +++ b/Packs/Orca/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Orca", "description": "Integrate with Orca security for bidirectional incident management and fetching of asset information. \n", "support": "partner", - "currentVersion": "2.2.3", + "currentVersion": "2.2.4", "author": "Orca Security", "url": "https://orca.security/", "email": "support@orca.security", diff --git a/Packs/PICUS/Integrations/PICUS/PICUS.py b/Packs/PICUS/Integrations/PICUS/PICUS.py index 179104a672a7..2b7f7165fc27 100644 --- a/Packs/PICUS/Integrations/PICUS/PICUS.py +++ b/Packs/PICUS/Integrations/PICUS/PICUS.py @@ -5,9 +5,10 @@ import traceback import requests +import urllib3 # disable insecure warnings -requests.packages.urllib3.disable_warnings() +urllib3.disable_warnings() ''' GLOBAL VARIABLES''' VERIFY_SSL = not demisto.params().get('insecure', False) diff --git a/Packs/PICUS/Integrations/PICUS/PICUS.yml b/Packs/PICUS/Integrations/PICUS/PICUS.yml index 05d3b5dc37be..4f0c6a4ba038 100644 --- a/Packs/PICUS/Integrations/PICUS/PICUS.yml +++ b/Packs/PICUS/Integrations/PICUS/PICUS.yml @@ -182,7 +182,7 @@ script: name: size description: Returns the list of the vectors all disabled and enabled ones have optional parameters for pagination name: picus-vector-list - dockerimage: demisto/python3:3.9.8.24399 + dockerimage: demisto/python3:3.10.12.63474 script: '' subtype: python3 type: python diff --git a/Packs/PICUS/Integrations/PICUS/README.md b/Packs/PICUS/Integrations/PICUS/README.md index e69de29bb2d1..83e7f4976e56 100644 --- a/Packs/PICUS/Integrations/PICUS/README.md +++ b/Packs/PICUS/Integrations/PICUS/README.md @@ -0,0 +1,263 @@ +Continuous Breach And Attack Simulation + +## Configure PICUS on Cortex XSOAR + +1. Navigate to **Settings** > **Integrations** > **Servers & Services**. +2. Search for PICUS. +3. Click **Add instance** to create and configure a new integration instance. + + | **Parameter** | **Description** | **Required** | + | --- | --- | --- | + | PICUS URL | For example : https://192.168.100.100/ | True | + | API Key - Refresh Token | Picus Interface - SETTINGS - ADVANCED - API TOKEN - Generate and Show Token | True | + | Trust any certificate (not secure) | | | + | Use system proxy settings | | | + +4. Click **Test** to validate the URLs, token, and connection. + +## Commands + +You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. +After you successfully execute a command, a DBot message appears in the War Room with the command details. + +### picus-vector-compare + +*** +Attack Result - Makes a comparison of the given vector's results. Example Command: !picus-vector-compare begin_date=2020-01-20 end_date=2021-01-20 trusted=Trusted_Peer1 untrusted=Untrusted_Peer1 + +#### Base Command + +`picus-vector-compare` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| begin_date | Result begin date. | Required | +| end_date | Result end date. | Required | +| trusted | Victem Peer. | Required | +| untrusted | Attacker Peer. | Required | + +#### Context Output + +There is no context output for this command. +### picus-attack-result-list + +*** +Returns the list of the attack results have optional parameters for pagination and filtration. \nExample Command:\n !picus-attack-result-list attack_result=insecure begin_date=2020-01-01 end_date=2020-09-05 vector1=Trusted-Peer1 vector2=Untrusted-Peer1 + +#### Base Command + +`picus-attack-result-list` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| attack_result | Attack results that should be filtered. Secure or Insecure. Possible values are: secure, insecure. Default is insecure. | Required | +| begin_date | Threat release date filter start of the date range. | Required | +| console_output_info | Default: false - Process Results of Scenario Details have console output information which can be in large sizes so this data is disabled by default. Default is False. | Optional | +| end_date | string Default: "Today's date formatted YYYY-mm-dd" Threat release date filter end of the date range if a begin date is given and end date not, default will be used. | Required | +| from_time | Default: "null" allowed time formats RFC822, RFC822Z, RFC1123, RFC1123Z, RFC850, RFC3339. Default is null. | Optional | +| page | Default: 1 Requested page number. Default is 1. | Optional | +| size | Default: 50 Requested data size. Default is 50. | Optional | +| threat_parameters | "threat_parameters": { "begin_date": "2018-10-29", "categories": [ [ "Malicious Code" ], [ "Attack Scenario", "Defense Evasion", "Indicator Removal from Tools" ] ],. | Optional | +| vector1 | Array of objects (PeerPairParams) Vectors.(Trusted Peer). | Required | +| vector2 | Array of objects (PeerPairParams) Vectors.(Untrusted Peer). | Required | + +#### Context Output + +There is no context output for this command. +### picus-specific-threats-results + +*** +Returns the list of the attack results of a single threat have optional parameters for pagination and filtration. Example Command: !picus-specific-threats-results threat_id=666059 + +#### Base Command + +`picus-specific-threats-results` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| cve | CVE code of the threat to be filtered. | Optional | +| md5 | The md5 of the threat. | Optional | +| page | integer <int64> - Default: 1 Requested page number. Default is 1. | Optional | +| sha256 | SHA256 hash of the threat. | Optional | +| size | integer <int64> - Default: 50 Requested data size. Default is 50. | Optional | +| threat_id | integer <int64> PID of the threat. | Required | + +#### Context Output + +There is no context output for this command. +### picus-peer-list + +*** +Returns the peer list with current statuses + +#### Base Command + +`picus-peer-list` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | + +#### Context Output + +There is no context output for this command. +### picus-attack-all-vectors + +*** +Schedules given attack on all possible vectors + +#### Base Command + +`picus-attack-all-vectors` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| threat_id | Example: threat_id=100682 PID of the threat. | Required | + +#### Context Output + +There is no context output for this command. +### picus-attack-single + +*** +Schedules a single attack on requested vector + +#### Base Command + +`picus-attack-single` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| threat_id | Example: threat_id=666059 PID of the threat. | Required | +| variant | Example: variant=HTTP. | Required | +| vector1 | Example: trusted=Trusted-Peer-Name Trusted peer name, if type is overall, it is not necessary. | Required | +| vector2 | Example: untrusted=Untrusted-Peer-Name Untrusted peer name, if type is overall, it is not necessary. | Required | + +#### Context Output + +There is no context output for this command. +### picus-trigger-update + +*** +Triggers the update mechanism manually, returns if the update-command is taken successfully + +#### Base Command + +`picus-trigger-update` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | + +#### Context Output + +There is no context output for this command. +### picus-version + +*** +Returns the current version and the update time config + +#### Base Command + +`picus-version` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | + +#### Context Output + +There is no context output for this command. +### picus-mitigation-list + +*** +Returns the list of the mitigations of threats\nhave optional parameters for pagination and filtration, this route may not be used associated with your license. Example Command: !picus-mitigation-list begin_date=2021-01-01 end_date=2021-02-01 threat_id=528370 products="McAfee IPS" signature_id=0x40208a00 + +#### Base Command + +`picus-mitigation-list` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| begin_date | Threat release date filter start of the date range. | Required | +| end_date | Default: "Today's date formatted YYYY-mm-dd" Threat release date filter end of the date range if a begin date is given and end date not, default will be used. | Required | +| page | integer <int64> Default: 1 Requested page number. Default is 1. | Optional | +| products | Array of strings - Products info of the mitigation. Possible values are: , . | Required | +| signature_id | ID of the signature. | Required | +| size | integer <int64> - Default: 50 Requested data size. Default is 50. | Optional | +| threat_id | integer <int64> - PID of the threat. | Required | + +#### Context Output + +There is no context output for this command. +### picus-mitre-matrix + +*** +Returns the mitre matrix metadata takes no parameters + +#### Base Command + +`picus-mitre-matrix` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | + +#### Context Output + +There is no context output for this command. +### picus-sigma-rules-list + +*** +Returns the list of the sigma rules of scenario actions have optional parameters for pagination and filtration, this route may not be used associated with your license + +#### Base Command + +`picus-sigma-rules-list` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| size | Size of Displayed Rule. Default is 100. | Optional | +| page | Page of Displayed Rule. Default is 1. | Optional | + +#### Context Output + +There is no context output for this command. +### picus-vector-list + +*** +Returns the list of the vectors all disabled and enabled ones have optional parameters for pagination + +#### Base Command + +`picus-vector-list` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| add_user_details | boolean - Add vectors' assigned user details to the response. Default is True. | Optional | +| page | Default: 1 Requested page number. Default is 1. | Optional | +| size | Default: 50 Requested data size. Default is 50. | Optional | + +#### Context Output + +There is no context output for this command. diff --git a/Packs/PICUS/ReleaseNotes/1_0_3.md b/Packs/PICUS/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..933f941415d9 --- /dev/null +++ b/Packs/PICUS/ReleaseNotes/1_0_3.md @@ -0,0 +1,3 @@ +#### Integrations +##### PICUS +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/PICUS/pack_metadata.json b/Packs/PICUS/pack_metadata.json index 8b3da26b9ccb..baf0c0eb79a3 100644 --- a/Packs/PICUS/pack_metadata.json +++ b/Packs/PICUS/pack_metadata.json @@ -2,7 +2,7 @@ "name": "PICUS", "description": "Picus is Breach and Attack Simulation tools.", "support": "community", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "Murat Ozfidan", "url": "", "email": "", diff --git a/Packs/Packetsled/Integrations/Packetsled/Packetsled.py b/Packs/Packetsled/Integrations/Packetsled/Packetsled.py index 81cf5b8701fc..f200e4188766 100644 --- a/Packs/Packetsled/Integrations/Packetsled/Packetsled.py +++ b/Packs/Packetsled/Integrations/Packetsled/Packetsled.py @@ -2,9 +2,9 @@ from CommonServerPython import * # noqa: F401 import struct from urllib.parse import quote +import urllib3 - -requests.packages.urllib3.disable_warnings() +urllib3.disable_warnings() VERIFY = False @@ -107,7 +107,7 @@ def make_context(dargs, apiserver, auth_token): } else: response = requests.get(urljoin(apiserver, '/admin/probes'), - params={'filterscount': 1, 'filtercondition0': 'NOT_EQUAL', + params={'filterscount': 1, 'filtercondition0': 'NOT_EQUAL', # type: ignore[arg-type] 'filterdatafield0': 'deleted', 'filtervalue0': 1}, headers={'cache-control': 'no-cache', 'x-api-access-token': auth_token}, verify=VERIFY) result = validate_response(response) @@ -211,8 +211,8 @@ def main(): elif demisto.command() == 'packetsled-sensors': response = requests.get(urljoin(apiserver, '/admin/probes'), - params={'filterscount': 1, 'filtercondition0': 'NOT_EQUAL', 'filterdatafield0': 'deleted', - 'filtervalue0': 1}, + params={'filterscount': 1, 'filtercondition0': 'NOT_EQUAL', + 'filterdatafield0': 'deleted', 'filtervalue0': 1}, # type: ignore[arg-type] headers={'cache-control': 'no-cache', 'x-api-access-token': auth_token}, verify=VERIFY) result = response.json() diff --git a/Packs/Packetsled/Integrations/Packetsled/Packetsled.yml b/Packs/Packetsled/Integrations/Packetsled/Packetsled.yml index 967a944b97ba..3c587f7f9f35 100644 --- a/Packs/Packetsled/Integrations/Packetsled/Packetsled.yml +++ b/Packs/Packetsled/Integrations/Packetsled/Packetsled.yml @@ -559,7 +559,7 @@ script: description: The respondant of the Events description: Get all of the events for a given uid isfetch: true - dockerimage: demisto/python3:3.10.6.33415 + dockerimage: demisto/python3:3.10.12.63474 tests: - No test fromversion: 5.0.0 diff --git a/Packs/Packetsled/Integrations/Packetsled/README.md b/Packs/Packetsled/Integrations/Packetsled/README.md index 401565619160..ff586a7a9c3d 100644 --- a/Packs/Packetsled/Integrations/Packetsled/README.md +++ b/Packs/Packetsled/Integrations/Packetsled/README.md @@ -339,4 +339,53 @@ Optional - \ No newline at end of file + + + +### packetsled-sensors + +*** +List the sensors attached to the packetsled platform. + +#### Base Command + +`packetsled-sensors` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| Packetsled.Sensors | unknown | The list of sensors | +| Packetsled.Sensors.label | unknown | The label of the sensor | +| Packetsled.Sensors.envid | unknown | The environment id of the sensor | +| Packetsled.Sensors.probe | unknown | The probe number of the sensor | +### packetsled-get-events + +*** +Get all of the events for a given uid + +#### Base Command + +`packetsled-get-events` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| uid | The uid to retrieve logs for. Use the _id attribute from a flow for this parameter value. | Required | +| envid | The environment id of the probe to search. | Optional | +| probe | The probe number of the probe to search. | Optional | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| Packetsled.Events | unknown | Retrieve all logs for a single flow | +| Packetsled.Events._id | unknown | The unique id of the Event | +| Packetsled.Events.src_ip | unknown | The originator of the Events | +| Packetsled.Events.dest_ip | unknown | The respondant of the Events | diff --git a/Packs/Packetsled/ReleaseNotes/1_0_7.md b/Packs/Packetsled/ReleaseNotes/1_0_7.md new file mode 100644 index 000000000000..f1461d7baad7 --- /dev/null +++ b/Packs/Packetsled/ReleaseNotes/1_0_7.md @@ -0,0 +1,3 @@ +#### Integrations +##### Packetsled +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/Packetsled/pack_metadata.json b/Packs/Packetsled/pack_metadata.json index a8852618034d..eb0990fee0d0 100644 --- a/Packs/Packetsled/pack_metadata.json +++ b/Packs/Packetsled/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Packetsled", "description": "Packetsled Network Security API commands", "support": "xsoar", - "currentVersion": "1.0.6", + "currentVersion": "1.0.7", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/PrismaSaasSecurity/Integrations/SaasSecurityEventCollector/SaasSecurityEventCollector.yml b/Packs/PrismaSaasSecurity/Integrations/SaasSecurityEventCollector/SaasSecurityEventCollector.yml index fe427b0b9c72..4fe3ca901584 100644 --- a/Packs/PrismaSaasSecurity/Integrations/SaasSecurityEventCollector/SaasSecurityEventCollector.yml +++ b/Packs/PrismaSaasSecurity/Integrations/SaasSecurityEventCollector/SaasSecurityEventCollector.yml @@ -140,7 +140,7 @@ script: - contextPath: SaasSecurity.Event.resource_value_new description: New resource value. (optional). type: String - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.12.63474 isfetchevents: true script: '-' subtype: python3 diff --git a/Packs/PrismaSaasSecurity/ReleaseNotes/2_0_23.md b/Packs/PrismaSaasSecurity/ReleaseNotes/2_0_23.md new file mode 100644 index 000000000000..9536483f8a2c --- /dev/null +++ b/Packs/PrismaSaasSecurity/ReleaseNotes/2_0_23.md @@ -0,0 +1,3 @@ +#### Integrations +##### SaaS Security Event Collector +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/PrismaSaasSecurity/pack_metadata.json b/Packs/PrismaSaasSecurity/pack_metadata.json index 29c8b11c25d5..626777212d3a 100644 --- a/Packs/PrismaSaasSecurity/pack_metadata.json +++ b/Packs/PrismaSaasSecurity/pack_metadata.json @@ -2,7 +2,7 @@ "name": "SaaS Security by Palo Alto Networks", "description": "SaaS Security connects directly to your sanctioned SaaS applications to provide data classification, sharing and permission visibility, and threat detection.", "support": "xsoar", - "currentVersion": "2.0.22", + "currentVersion": "2.0.23", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Pulsedive/Integrations/Pulsedive/Pulsedive.yml b/Packs/Pulsedive/Integrations/Pulsedive/Pulsedive.yml index 51fe6677a97f..b901e467be56 100644 --- a/Packs/Pulsedive/Integrations/Pulsedive/Pulsedive.yml +++ b/Packs/Pulsedive/Integrations/Pulsedive/Pulsedive.yml @@ -437,7 +437,7 @@ script: - contextPath: URL.DATA description: The URL. type: String - dockerimage: demisto/python3:3.10.8.37233 + dockerimage: demisto/python3:3.10.12.63474 script: '' subtype: python3 type: python diff --git a/Packs/Pulsedive/ReleaseNotes/1_6_3.md b/Packs/Pulsedive/ReleaseNotes/1_6_3.md new file mode 100644 index 000000000000..7cfde8bbc937 --- /dev/null +++ b/Packs/Pulsedive/ReleaseNotes/1_6_3.md @@ -0,0 +1,3 @@ +#### Integrations +##### Pulsedive +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/Pulsedive/pack_metadata.json b/Packs/Pulsedive/pack_metadata.json index 7af1fd264db5..58e5fb0ebdbb 100644 --- a/Packs/Pulsedive/pack_metadata.json +++ b/Packs/Pulsedive/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Pulsedive", "description": "Leverage Pulsedive threat intelligence in Cortex XSOAR to enrich any domain, URL, or IP. Retrieve risk scores and factors, investigate contextual data, pivot on any data point, and investigate potential threats.", "support": "community", - "currentVersion": "1.6.2", + "currentVersion": "1.6.3", "author": "Konrad Zacharias", "url": "https://pulsedive.com", "email": "support@pulsedive.com ", diff --git a/Packs/QSS/Integrations/QSS/QSS.yml b/Packs/QSS/Integrations/QSS/QSS.yml index e595091c6569..91b47e01e4f5 100644 --- a/Packs/QSS/Integrations/QSS/QSS.yml +++ b/Packs/QSS/Integrations/QSS/QSS.yml @@ -58,7 +58,7 @@ description: QSS integration helps you to fetch Cases from Q-SCMP and add new ca display: QSS name: QSS script: - dockerimage: demisto/python3:3.9.8.24399 + dockerimage: demisto/python3:3.10.12.63474 isfetch: true script: '' subtype: python3 diff --git a/Packs/QSS/ReleaseNotes/1_0_9.md b/Packs/QSS/ReleaseNotes/1_0_9.md new file mode 100644 index 000000000000..9a12590fa505 --- /dev/null +++ b/Packs/QSS/ReleaseNotes/1_0_9.md @@ -0,0 +1,3 @@ +#### Integrations +##### QSS +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/QSS/pack_metadata.json b/Packs/QSS/pack_metadata.json index 0a906e06d194..b9c6a7d30829 100644 --- a/Packs/QSS/pack_metadata.json +++ b/Packs/QSS/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Quantum Security Systems", "description": "Use SOC Case Management Platform (SCMP) solution to manage and automated SOC activities in an efficient way", "support": "partner", - "currentVersion": "1.0.8", + "currentVersion": "1.0.9", "author": "Quantum Security Systems", "url": "https://www.qss.com.sa", "email": "dev@qss.com.sa", diff --git a/Packs/QueryAI/Integrations/QueryAI/QueryAI.yml b/Packs/QueryAI/Integrations/QueryAI/QueryAI.yml index 4eed9a54d62d..ec529d5320ae 100644 --- a/Packs/QueryAI/Integrations/QueryAI/QueryAI.yml +++ b/Packs/QueryAI/Integrations/QueryAI/QueryAI.yml @@ -56,14 +56,11 @@ script: - contextPath: QueryAI.query.markdown_string description: Readable Response after running query type: String - dockerimage: demisto/python3:3.9.8.24399 + dockerimage: demisto/python3:3.10.12.63474 runonce: false script: '-' subtype: python3 type: python -defaultmapperin: QueryAI-mapper -defaultclassifier: QueryAI tests: - No tests - fromversion: 5.0.0 diff --git a/Packs/QueryAI/ReleaseNotes/1_0_9.md b/Packs/QueryAI/ReleaseNotes/1_0_9.md new file mode 100644 index 000000000000..8225a4244393 --- /dev/null +++ b/Packs/QueryAI/ReleaseNotes/1_0_9.md @@ -0,0 +1,3 @@ +#### Integrations +##### Query.AI +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/QueryAI/pack_metadata.json b/Packs/QueryAI/pack_metadata.json index ab36e04a7b0f..ed7c27e8e15a 100644 --- a/Packs/QueryAI/pack_metadata.json +++ b/Packs/QueryAI/pack_metadata.json @@ -2,7 +2,7 @@ "name": "QueryAI", "description": "Query.AI\u00a0is a decentralized data access and analysis technology that simplifies security investigations across disparate platforms without data duplication.", "support": "partner", - "currentVersion": "1.0.8", + "currentVersion": "1.0.9", "author": "Query.AI", "url": "https://www.query.ai", "email": "support@query.ai", diff --git a/Packs/Remedy_AR/Integrations/RemedyAR/RemedyAR.yml b/Packs/Remedy_AR/Integrations/RemedyAR/RemedyAR.yml index 78694c29932a..795e47f9d1c4 100644 --- a/Packs/Remedy_AR/Integrations/RemedyAR/RemedyAR.yml +++ b/Packs/Remedy_AR/Integrations/RemedyAR/RemedyAR.yml @@ -51,7 +51,7 @@ script: description: Server name type: string description: Retrieves server details - dockerimage: demisto/python3:3.10.8.37233 + dockerimage: demisto/python3:3.10.12.63474 fromversion: 5.0.0 tests: - No tests (auto formatted) diff --git a/Packs/Remedy_AR/ReleaseNotes/1_0_8.md b/Packs/Remedy_AR/ReleaseNotes/1_0_8.md new file mode 100644 index 000000000000..1006c5470f95 --- /dev/null +++ b/Packs/Remedy_AR/ReleaseNotes/1_0_8.md @@ -0,0 +1,3 @@ +#### Integrations +##### BMC Remedy AR +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/Remedy_AR/pack_metadata.json b/Packs/Remedy_AR/pack_metadata.json index 97d61fbe5811..07994d513749 100644 --- a/Packs/Remedy_AR/pack_metadata.json +++ b/Packs/Remedy_AR/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Remedy AR", "description": "BMC Remedy AR System is a professional development environment that leverages the recommendations of the IT Infrastructure Library (ITIL) and provides a foundation for Business Service Management (BSM) solutions. For incident management (i.e. create, fetch, update), please refer to Remedy On-Demand integration.", "support": "xsoar", - "currentVersion": "1.0.7", + "currentVersion": "1.0.8", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Respond/Integrations/RespondAnalyst/RespondAnalyst.yml b/Packs/Respond/Integrations/RespondAnalyst/RespondAnalyst.yml index c71d077c587a..f5e8e031e84e 100644 --- a/Packs/Respond/Integrations/RespondAnalyst/RespondAnalyst.yml +++ b/Packs/Respond/Integrations/RespondAnalyst/RespondAnalyst.yml @@ -226,7 +226,7 @@ script: name: tenant_id description: Get escalation data associated with incident. In Respond, an 'escalation' is a specific event derived from a cybersecurity telemetry. Escalations are compiled together to form Incidents in Respond. name: mad-get-escalations - dockerimage: demisto/python3:3.10.10.48392 + dockerimage: demisto/python3:3.10.12.63474 isfetch: true isremotesyncin: true isremotesyncout: true diff --git a/Packs/Respond/ReleaseNotes/1_0_6.md b/Packs/Respond/ReleaseNotes/1_0_6.md new file mode 100644 index 000000000000..78567d644125 --- /dev/null +++ b/Packs/Respond/ReleaseNotes/1_0_6.md @@ -0,0 +1,3 @@ +#### Integrations +##### Mandiant Automated Defense (Formerly Respond Software) +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/Respond/pack_metadata.json b/Packs/Respond/pack_metadata.json index 402f61390493..10495c30f7ae 100644 --- a/Packs/Respond/pack_metadata.json +++ b/Packs/Respond/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Mandiant Automated Defense", "description": "Mandiant Automated Defense Pack", "support": "partner", - "currentVersion": "1.0.5", + "currentVersion": "1.0.6", "author": "Mandiant", "url": "https://www.mandiant.com/support", "email": "customersupport@mandiant.com", diff --git a/Packs/RiskSense/Integrations/RiskSense/RiskSense.yml b/Packs/RiskSense/Integrations/RiskSense/RiskSense.yml index 5420483c8d18..8def48ff491e 100644 --- a/Packs/RiskSense/Integrations/RiskSense/RiskSense.yml +++ b/Packs/RiskSense/Integrations/RiskSense/RiskSense.yml @@ -1909,7 +1909,7 @@ script: description: The time when the tag was associated. type: String description: Apply the new or existing tag to the asset, creates a new tag if it does not exist in RiskSense. - dockerimage: demisto/python3:3.9.8.24399 + dockerimage: demisto/python3:3.10.12.63474 runonce: false subtype: python3 type: python diff --git a/Packs/RiskSense/ReleaseNotes/1_0_12.md b/Packs/RiskSense/ReleaseNotes/1_0_12.md new file mode 100644 index 000000000000..362d7341c6c0 --- /dev/null +++ b/Packs/RiskSense/ReleaseNotes/1_0_12.md @@ -0,0 +1,3 @@ +#### Integrations +##### RiskSense +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/RiskSense/pack_metadata.json b/Packs/RiskSense/pack_metadata.json index 61f11e1d39ec..6c42814eec99 100644 --- a/Packs/RiskSense/pack_metadata.json +++ b/Packs/RiskSense/pack_metadata.json @@ -2,7 +2,7 @@ "name": "RiskSense", "description": "RiskSense is a cloud-based platform that provides vulnerability management and prioritization to measure and control cybersecurity risk.", "support": "partner", - "currentVersion": "1.0.11", + "currentVersion": "1.0.12", "author": "RiskSense", "url": "https://risksense.com/support/", "email": "support@risksense.com", diff --git a/Packs/SecurityTrails/Integrations/SecurityTrails/SecurityTrails.yml b/Packs/SecurityTrails/Integrations/SecurityTrails/SecurityTrails.yml index a97c9244234b..fdf6e18f4706 100644 --- a/Packs/SecurityTrails/Integrations/SecurityTrails/SecurityTrails.yml +++ b/Packs/SecurityTrails/Integrations/SecurityTrails/SecurityTrails.yml @@ -945,7 +945,7 @@ script: - contextPath: Securitytrails.SQL.query description: The original query used type: string - dockerimage: demisto/python3:3.10.5.31928 + dockerimage: demisto/python3:3.10.12.63474 runonce: false script: '' subtype: python3 diff --git a/Packs/SecurityTrails/ReleaseNotes/1_1_5.md b/Packs/SecurityTrails/ReleaseNotes/1_1_5.md new file mode 100644 index 000000000000..ab25f70fee51 --- /dev/null +++ b/Packs/SecurityTrails/ReleaseNotes/1_1_5.md @@ -0,0 +1,3 @@ +#### Integrations +##### SecurityTrails +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/SecurityTrails/pack_metadata.json b/Packs/SecurityTrails/pack_metadata.json index 34fd3604dd16..433895bd0634 100644 --- a/Packs/SecurityTrails/pack_metadata.json +++ b/Packs/SecurityTrails/pack_metadata.json @@ -2,7 +2,7 @@ "name": "SecurityTrails", "description": "Integration for the SecurityTrails platform.", "support": "community", - "currentVersion": "1.1.4", + "currentVersion": "1.1.5", "author": "Adam Burt", "url": "", "email": "", diff --git a/Packs/Smokescreen_IllusionBLACK/Integrations/Smokescreen_IllusionBLACK/Smokescreen_IllusionBLACK.yml b/Packs/Smokescreen_IllusionBLACK/Integrations/Smokescreen_IllusionBLACK/Smokescreen_IllusionBLACK.yml index 5c632ccda315..6bc15a9b7d07 100644 --- a/Packs/Smokescreen_IllusionBLACK/Integrations/Smokescreen_IllusionBLACK/Smokescreen_IllusionBLACK.yml +++ b/Packs/Smokescreen_IllusionBLACK/Integrations/Smokescreen_IllusionBLACK/Smokescreen_IllusionBLACK.yml @@ -133,7 +133,7 @@ script: - contextPath: IllusionBlack.Event.type description: IllusionBLACK Event Attack Type. type: Unknown - dockerimage: demisto/python3:3.10.10.48392 + dockerimage: demisto/python3:3.10.12.63474 isfetch: true runonce: false script: '-' diff --git a/Packs/Smokescreen_IllusionBLACK/ReleaseNotes/1_0_14.md b/Packs/Smokescreen_IllusionBLACK/ReleaseNotes/1_0_14.md new file mode 100644 index 000000000000..fca617649574 --- /dev/null +++ b/Packs/Smokescreen_IllusionBLACK/ReleaseNotes/1_0_14.md @@ -0,0 +1,3 @@ +#### Integrations +##### Smokescreen IllusionBLACK +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/Smokescreen_IllusionBLACK/pack_metadata.json b/Packs/Smokescreen_IllusionBLACK/pack_metadata.json index 5bde8fc54adf..9878cde13ee6 100644 --- a/Packs/Smokescreen_IllusionBLACK/pack_metadata.json +++ b/Packs/Smokescreen_IllusionBLACK/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Smokescreen IllusionBLACK", "description": "Smokescreen IllusionBLACK is a deception-based threat defense platform designed to accurately and efficiently detect targeted threats including reconnaissance, lateral movement, malware-less attacks, social engineering, Man-in-the-Middle attacks, and ransomware in real-time.", "support": "partner", - "currentVersion": "1.0.13", + "currentVersion": "1.0.14", "author": "Smokescreen Technologies", "url": "", "email": "customersupport@smokescreen.io", diff --git a/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOne/TrendMicroVisionOne.yml b/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOne/TrendMicroVisionOne.yml index 7716002cbf91..881c74a810aa 100644 --- a/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOne/TrendMicroVisionOne.yml +++ b/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOne/TrendMicroVisionOne.yml @@ -716,7 +716,7 @@ script: type: string description: Updates the status of a workbench alert name: trendmicro-visionone-update-status - dockerimage: demisto/python3:3.10.9.44472 + dockerimage: demisto/python3:3.10.12.63474 isFetchSamples: true isfetch: true script: '' diff --git a/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOneV3/TrendMicroVisionOneV3.yml b/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOneV3/TrendMicroVisionOneV3.yml index e2a1ac88d42c..6383f06750a8 100644 --- a/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOneV3/TrendMicroVisionOneV3.yml +++ b/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOneV3/TrendMicroVisionOneV3.yml @@ -805,7 +805,7 @@ script: type: string description: Updates the status of a workbench alert name: trendmicro-visionone-update-status - dockerimage: demisto/python3:3.10.11.61265 + dockerimage: demisto/python3:3.10.12.63474 isFetchSamples: true isfetch: true script: '' diff --git a/Packs/TrendMicroVisionOne/ReleaseNotes/2_2_1.md b/Packs/TrendMicroVisionOne/ReleaseNotes/2_2_1.md new file mode 100644 index 000000000000..184b0db59897 --- /dev/null +++ b/Packs/TrendMicroVisionOne/ReleaseNotes/2_2_1.md @@ -0,0 +1,5 @@ +#### Integrations +##### Trend Micro Vision One +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. +##### Trend Micro Vision One V3. +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/TrendMicroVisionOne/pack_metadata.json b/Packs/TrendMicroVisionOne/pack_metadata.json index dd4737a8caab..6c8d8641ad15 100755 --- a/Packs/TrendMicroVisionOne/pack_metadata.json +++ b/Packs/TrendMicroVisionOne/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Trend Micro Vision One", "description": "Trend Micro Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response(XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—Trend Micro Vision One prevents the majority of attacks with automated protection.", "support": "partner", - "currentVersion": "2.2.0", + "currentVersion": "2.2.1", "serverMinVersion": "6.2.0", "author": "Trend Micro", "url": "https://success.trendmicro.com", diff --git a/Packs/UrlScan/Integrations/UrlScan/UrlScan.yml b/Packs/UrlScan/Integrations/UrlScan/UrlScan.yml index 370dc4c6943b..e0f643fdd2e8 100644 --- a/Packs/UrlScan/Integrations/UrlScan/UrlScan.yml +++ b/Packs/UrlScan/Integrations/UrlScan/UrlScan.yml @@ -453,7 +453,7 @@ script: script: '' subtype: python3 type: python - dockerimage: demisto/python3:3.10.10.51930 + dockerimage: demisto/python3:3.10.12.63474 fromversion: 5.0.0 tests: - urlscan_malicious_Test diff --git a/Packs/UrlScan/ReleaseNotes/1_2_8.md b/Packs/UrlScan/ReleaseNotes/1_2_8.md new file mode 100644 index 000000000000..a44c5eb9b3a9 --- /dev/null +++ b/Packs/UrlScan/ReleaseNotes/1_2_8.md @@ -0,0 +1,3 @@ +#### Integrations +##### urlscan.io +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/UrlScan/pack_metadata.json b/Packs/UrlScan/pack_metadata.json index 1029580ed729..6e6299e2cd6b 100644 --- a/Packs/UrlScan/pack_metadata.json +++ b/Packs/UrlScan/pack_metadata.json @@ -2,7 +2,7 @@ "name": "URLScan.io", "description": "urlscan.io Web Threat Intelligence", "support": "partner", - "currentVersion": "1.2.7", + "currentVersion": "1.2.8", "author": "urlscan GmbH", "url": "https://urlscan.io", "email": "support@urlscan.io", diff --git a/Packs/VirusTotal/Integrations/VirusTotal_V3_Premium/VirusTotal_V3_Premium.yml b/Packs/VirusTotal/Integrations/VirusTotal_V3_Premium/VirusTotal_V3_Premium.yml index 44e9a3d8b695..c42ff94cbc6a 100644 --- a/Packs/VirusTotal/Integrations/VirusTotal_V3_Premium/VirusTotal_V3_Premium.yml +++ b/Packs/VirusTotal/Integrations/VirusTotal_V3_Premium/VirusTotal_V3_Premium.yml @@ -1471,7 +1471,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.11.56082 + dockerimage: demisto/python3:3.10.12.63474 defaultmapperin: VirusTotal Intelligence LiveHunt Notification fromversion: 5.5.0 tests: diff --git a/Packs/VirusTotal/ReleaseNotes/2_6_7.md b/Packs/VirusTotal/ReleaseNotes/2_6_7.md new file mode 100644 index 000000000000..b31de0d1aaa5 --- /dev/null +++ b/Packs/VirusTotal/ReleaseNotes/2_6_7.md @@ -0,0 +1,3 @@ +#### Integrations +##### VirusTotal - Premium (API v3) +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/VirusTotal/pack_metadata.json b/Packs/VirusTotal/pack_metadata.json index 1107cc10684b..014d1cd0650a 100644 --- a/Packs/VirusTotal/pack_metadata.json +++ b/Packs/VirusTotal/pack_metadata.json @@ -2,7 +2,7 @@ "name": "VirusTotal", "description": "Analyze suspicious hashes, URLs, domains and IP addresses", "support": "partner", - "currentVersion": "2.6.6", + "currentVersion": "2.6.7", "author": "VirusTotal", "url": "https://www.virustotal.com", "email": "contact@virustotal.com", diff --git a/Packs/ZeroTrustAnalyticsPlatform/Integrations/ZeroTrustAnalyticsPlatform/ZeroTrustAnalyticsPlatform.yml b/Packs/ZeroTrustAnalyticsPlatform/Integrations/ZeroTrustAnalyticsPlatform/ZeroTrustAnalyticsPlatform.yml index e178ae1d4d28..7e88ec1ac6a7 100644 --- a/Packs/ZeroTrustAnalyticsPlatform/Integrations/ZeroTrustAnalyticsPlatform/ZeroTrustAnalyticsPlatform.yml +++ b/Packs/ZeroTrustAnalyticsPlatform/Integrations/ZeroTrustAnalyticsPlatform/ZeroTrustAnalyticsPlatform.yml @@ -106,7 +106,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.10.51930 + dockerimage: demisto/python3:3.10.12.63474 fromversion: 6.0.0 defaultmapperin: ZeroTrustAnalyticsPlatform - Incoming Mapper defaultmapperout: ZeroTrustAnalyticsPlatform - Outgoing Mapper diff --git a/Packs/ZeroTrustAnalyticsPlatform/ReleaseNotes/1_1_8.md b/Packs/ZeroTrustAnalyticsPlatform/ReleaseNotes/1_1_8.md new file mode 100644 index 000000000000..501783c14cf4 --- /dev/null +++ b/Packs/ZeroTrustAnalyticsPlatform/ReleaseNotes/1_1_8.md @@ -0,0 +1,3 @@ +#### Integrations +##### ZeroTrustAnalyticsPlatform +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/ZeroTrustAnalyticsPlatform/pack_metadata.json b/Packs/ZeroTrustAnalyticsPlatform/pack_metadata.json index d2a86d5b9b59..3332b0bf0fd9 100644 --- a/Packs/ZeroTrustAnalyticsPlatform/pack_metadata.json +++ b/Packs/ZeroTrustAnalyticsPlatform/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Zero Trust Analytics Platform", "description": "Provides view of raised alerts within ZTAP.", "support": "partner", - "currentVersion": "1.1.7", + "currentVersion": "1.1.8", "author": "Critical Start", "url": "https://support.criticalstart.com/", "email": "support@criticalstart.com",