Cs spotlight enhancement (#22287)

* add to yml * add to yml * yml updating * added description to output path * fixed contextPath in vulnerability commands * readme no secrets with hook precommits * adding first command to main * fixed validate bug * endpoint fix * my commit * small fixes to the first func, need to close the vs * updating the vul command * finishing one more command * small fixes host_by_vulnerability, starting cve * temp get vul still getting invalid data, not finished * fixed problem in cs-vul : facet not a filter param * list vul is now working after tpm notes, and soon to be a test * one test passed * search_vulnerability done+ test * there was trailing whitespace * fixed vul-by-host according to new notes * adding test to vul-by-host * space * cve command * cve command working beside indicators * updating relationship for cve command * adding playbook for vul commands + small changes * release note to base * changes after tpm meeting * adding commands ro readme * deleting old list playbook and adding to test playbook * adding credentials * adding example for vul list * removing param added by mistake * after pr notes * changes after review * updating yml and release note * adding DBotScore output fields * adding Reliability * moving Reliability to required: false * fixing lgtm error * formatting common server python * fixing bug in filter param spotlight_search_vulnerability + updating read me * read me update and converting to upper in severity * adding docstring to create_publications * updating test playbook * adding hidden * updating test cs falcon * updating release notes, and adding market place to yml * adding hidden: true to pack-ignore * adding docstring to create_dbot_Score * fixing playbook * removing comment * adding description to test playbook * changes after demo * code review changes * fixed test * again * Update 1_31_46.md Done. * Update CrowdStrikeFalcon.yml Done. * reverting changes in cs-falcon-search-custom-iocs command * updating read-me according to docs review fixes * triggering pipline * undo changes to search-custom-iocs * update playbook * Update Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> * cr note * cr note * Revert "Update Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md" This reverts commit 4f9caae. * release note update * full path to docs * update release note * update version Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com>
demisto · Dec 26, 2022 · bfda256 · bfda256
1 parent a5667c9
commit bfda256
Show file tree

Hide file tree

Showing 13 changed files with 1,623 additions and 289 deletions.
diff --git a/Packs/Base/ReleaseNotes/1_31_50.md b/Packs/Base/ReleaseNotes/1_31_50.md
@@ -0,0 +1,3 @@
+#### Scripts
+##### CommonServerPython
+Added the optional **Publications** field to the **CVE** indicator.
diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py
@@ -138,9 +138,6 @@ def fix_traceback_line_numbers(trace_str):
     return trace_str
 
 
-from DemistoClassApiModule import *     # type:ignore [no-redef]  # noqa:E402
-
-
 OS_LINUX = False
 OS_MAC = False
 OS_WINDOWS = False
@@ -3917,6 +3914,9 @@ class CVE(Indicator):
         :type traffic_light_protocol: ``str``
         :param traffic_light_protocol: The CVE tlp color.
 
+        :type publications: ``str``
+        :param publications: Unique system-assigned ID of the vulnerability evaluation logic
+
         :type dbot_score: ``DBotScore``
         :param dbot_score: If file has a score then create and set a DBotScore object
 
@@ -3927,7 +3927,7 @@ class CVE(Indicator):
 
         def __init__(self, id, cvss, published, modified, description, relationships=None, stix_id=None,
                      cvss_version=None, cvss_score=None, cvss_vector=None, cvss_table=None, community_notes=None,
-                     tags=None, traffic_light_protocol=None, dbot_score=None):
+                     tags=None, traffic_light_protocol=None, dbot_score=None, publications=None):
             # type (str, str, str, str, str) -> None
 
             # Main indicator value
@@ -3946,6 +3946,7 @@ def __init__(self, id, cvss, published, modified, description, relationships=Non
             self.stix_id = stix_id
             self.tags = tags
             self.traffic_light_protocol = traffic_light_protocol
+            self.publications = publications
 
             # XSOAR Fields
             self.relationships = relationships
@@ -4001,6 +4002,9 @@ def to_context(self):
             if self.traffic_light_protocol:
                 cve_context['TrafficLightProtocol'] = self.traffic_light_protocol
 
+            if self.publications:
+                cve_context['Publications'] = self.create_context_table(self.publications)
+
             ret_value = {
                 Common.CVE.CONTEXT_PATH: cve_context
             }
@@ -5213,6 +5217,7 @@ class SubjectAlternativeName(object):
             :return: None
             :rtype: ``None``
             """
+
             def __init__(
                 self,
                 gn=None,  # type: Optional[Common.GeneralName]
@@ -5252,6 +5257,7 @@ class AuthorityKeyIdentifier(object):
             :return: None
             :rtype: ``None``
             """
+
             def __init__(
                 self,
                 issuer=None,  # type: Optional[List[Common.GeneralName]]
@@ -5295,6 +5301,7 @@ class DistributionPoint(object):
             :return: None
             :rtype: ``None``
             """
+
             def __init__(
                 self,
                 full_name=None,  # type: Optional[List[Common.GeneralName]]
@@ -5334,6 +5341,7 @@ class CertificatePolicy(object):
             :return: None
             :rtype: ``None``
             """
+
             def __init__(
                 self,
                 policy_identifier,  # type: str
@@ -5366,6 +5374,7 @@ class AuthorityInformationAccess(object):
             :return: None
             :rtype: ``None``
             """
+
             def __init__(
                 self,
                 access_method,  # type: str
@@ -5394,6 +5403,7 @@ class BasicConstraints(object):
             :return: None
             :rtype: ``None``
             """
+
             def __init__(
                 self,
                 ca,  # type: bool
@@ -6101,6 +6111,7 @@ class IndicatorsTimeline:
     :return: None
     :rtype: ``None``
     """
+
     def __init__(self, indicators=None, category=None, message=None):
         # type: (list, str, str) -> None
         if indicators is None:
@@ -6133,7 +6144,6 @@ def __init__(self, indicators=None, category=None, message=None):
 
 def arg_to_number(arg, arg_name=None, required=False):
     # type: (Any, Optional[str], bool) -> Optional[int]
-
     """Converts an XSOAR argument to a Python int
 
     This function is used to quickly validate an argument provided to XSOAR
@@ -6191,7 +6201,6 @@ def arg_to_number(arg, arg_name=None, required=False):
 
 def arg_to_datetime(arg, arg_name=None, is_utc=True, required=False, settings=None):
     # type: (Any, Optional[str], bool, bool, dict) -> Optional[datetime]
-
     """Converts an XSOAR argument to a datetime
 
     This function is used to quickly validate an argument provided to XSOAR
@@ -7053,6 +7062,7 @@ class ExecutionMetrics(object):
         :return: None
         :rtype: ``None``
     """
+
     def __init__(self, success=0, quota_error=0, general_error=0, auth_error=0, service_error=0, connection_error=0,
                  proxy_error=0, ssl_error=0, timeout_error=0):
         self._metrics = []
@@ -7237,6 +7247,7 @@ class Command:
         :return: None
         :rtype: ``None``
         """
+
         def __init__(self, commands, args_lst, brand=None, instance=None):
             """
 
@@ -7286,6 +7297,7 @@ class Result:
         :return: None
         :rtype: ``None``
         """
+
         def __init__(self, command, args, brand, instance, result):
             """
             :param command: command that was run.
@@ -8656,7 +8668,7 @@ def _is_status_code_valid(self, response, ok_codes=None):
                 return response.status_code in status_codes
             return response.ok
 
-        def  client_error_handler(self, res):
+        def client_error_handler(self, res):
             """Generic handler for API call error
             Constructs and throws a proper error for the API call response.
 
@@ -9519,6 +9531,7 @@ class AutoFocusKeyRetriever:
     :return: No data returned
     :rtype: ``None``
     """
+
     def __init__(self, api_key):
         # demisto.getAutoFocusApiKey() is available from version 6.2.0
         if not api_key:
@@ -10010,6 +10023,7 @@ class PollResult:
     :rtype: ``PollResult``
 
     """
+
     def __init__(self, response, continue_to_poll=False, args_for_next_run=None, partial_result=None):
         """
         Constructor for PollResult
@@ -10623,6 +10637,7 @@ class OutputArgument:
     :return: The OutputArgument object
     :rtype: ``OutputArgument``
     """
+
     def __init__(self,
                  name,
                  output_type=dict,
@@ -10641,6 +10656,7 @@ class InputArgument:
     :return: The InputArgument object
     :rtype: ``InputArgument``
     """
+
     def __init__(self,
                  name=None,
                  description=None,
@@ -10664,6 +10680,7 @@ class ConfKey:
     :return: The ConfKey object
     :rtype: ``ConfKey``
     """
+
     def __init__(self,
                  name,
                  display=None,
@@ -10687,6 +10704,7 @@ class YMLMetadataCollector:
     :return: The YMLMetadataCollector object
     :rtype: ``YMLMetadataCollector``
     """
+
     def __init__(self, integration_name, docker_image="demisto/python3:latest",
                  description=None, category="Utilities", conf=None,
                  is_feed=False, is_fetch=False, is_runonce=False,

diff --git a/Packs/Base/pack_metadata.json b/Packs/Base/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Base",
     "description": "The base pack for Cortex XSOAR.",
     "support": "xsoar",
-    "currentVersion": "1.31.48",
+    "currentVersion": "1.31.50",
     "author": "Cortex XSOAR",
     "serverMinVersion": "6.0.0",
     "url": "https://www.paloaltonetworks.com/cortex",

diff --git a/Packs/CrowdStrikeFalcon/.pack-ignore b/Packs/CrowdStrikeFalcon/.pack-ignore
@@ -1,5 +1,5 @@
 [file:CrowdStrikeFalcon.yml]
-ignore=IN126,IN136,IN144,IN145
+ignore=IN126,IN136,IN144,IN145,IN124
 
 [file:README.md]
 ignore=RM102,RM104,RM106

diff --git a/Packs/CrowdStrikeFalcon/.secrets-ignore b/Packs/CrowdStrikeFalcon/.secrets-ignore
@@ -16,7 +16,8 @@
 7.5.9.8
 9.6.3.5
 4.6.8.7
+4.6.8.7
 098f6bcd4621d373cade4e832627b4f6
 2000:db1:3333:4444:5555:6666:7777:8888
 test.com
-e444c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+e444c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855