Cloud user investigation inputs description fix (#30965)

* updated the outputs description * updated the outputs description - RN * updated the outputs description - RN pack meta date * Bump pack from version CommonPlaybooks to 2.4.26. * updated the outputs types - Boolean * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Bump pack from version CommonPlaybooks to 2.4.27. * Bump pack from version CommonPlaybooks to 2.4.28. --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
demisto · Nov 21, 2023 · c82f337 · c82f337
1 parent 0e463f3
commit c82f337
Show file tree

Hide file tree

Showing 16 changed files with 194 additions and 158 deletions.
diff --git a/Packs/AWS-Enrichment-Remediation/Playbooks/playbook-AWS_-_User_Investigation.yml b/Packs/AWS-Enrichment-Remediation/Playbooks/playbook-AWS_-_User_Investigation.yml
@@ -1663,31 +1663,31 @@ inputs:
 outputs:
 - contextPath: AwsMFAConfigCount
   description: The number of MFA configurations performed by the user in the AWS environment.
-  type: unknown
+  type: number
 - contextPath: AwsUserRoleChangesCount
   description: The number of user roles that were changed by the user in the AWS environment.
-  type: unknown
+  type: number
 - contextPath: AwsSuspiciousActivitiesCount
   description: The number of suspicious activities performed by the user in the AWS environment.
-  type: unknown
+  type: number
 - contextPath: AwsScriptBasedUserAgentCount
   description: The number of script-based user agent usages by the user in the AWS environment.
-  type: unknown
+  type: number
 - contextPath: AwsAccessKeyActivitiesCount
   description: The number of access key activities performed by the user in the AWS environment.
-  type: unknown
+  type: number
 - contextPath: AwsSecurityChangesCount
   description: The number of security rules that were changed by the user in the AWS environment.
-  type: unknown
+  type: number
 - contextPath: AwsAdminActivitiesCount
   description: The number of administrative activities performed by the user in the AWS environment.
-  type: unknown
+  type: number
 - contextPath: AwsApiAccessDeniedCount
   description: The number of API accesses denied by the user in the AWS environment.
-  type: unknown
+  type: number
 - contextPath: AwsFailedLogonCount
   description: The number of failed logins by the user in the AWS environment.
-  type: unknown
+  type: number
 tests:
 - No tests (auto formatted)
 fromversion: 6.9.0
diff --git a/...WS-Enrichment-Remediation/Playbooks/playbook-AWS_-_User_Investigation_README.md b/...WS-Enrichment-Remediation/Playbooks/playbook-AWS_-_User_Investigation_README.md
@@ -24,9 +24,9 @@ AWS - CloudTrail
 
 ### Scripts
 
+* Set
 * LoadJSON
 * GetTime
-* Set
 
 ### Commands
 
@@ -47,15 +47,15 @@ aws-cloudtrail-lookup-events
 
 | **Path** | **Description** | **Type** |
 | --- | --- | --- |
-| AwsMFAConfigCount | The number of MFA configurations performed by the user in the AWS environment. | unknown |
-| AwsUserRoleChangesCount | The number of user roles that were changed by the user in the AWS environment. | unknown |
-| AwsSuspiciousActivitiesCount | The number of suspicious activities performed by the user in the AWS environment. | unknown |
-| AwsScriptBasedUserAgentCount | The number of script-based user agent usages by the user in the AWS environment. | unknown |
-| AwsAccessKeyActivitiesCount | The number of access key activities performed by the user in the AWS environment. | unknown |
-| AwsSecurityChangesCount | The number of security rules that were changed by the user in the AWS environment. | unknown |
-| AwsAdminActivitiesCount | The number of administrative activities performed by the user in the AWS environment. | unknown |
-| AwsApiAccessDeniedCount | The number of API accesses denied by the user in the AWS environment. | unknown |
-| AwsFailedLogonCount | The number of failed logins by the user in the AWS environment. | unknown |
+| AwsMFAConfigCount | The number of MFA configurations performed by the user in the AWS environment. | number |
+| AwsUserRoleChangesCount | The number of user roles that were changed by the user in the AWS environment. | number |
+| AwsSuspiciousActivitiesCount | The number of suspicious activities performed by the user in the AWS environment. | number |
+| AwsScriptBasedUserAgentCount | The number of script-based user agent usages by the user in the AWS environment. | number |
+| AwsAccessKeyActivitiesCount | The number of access key activities performed by the user in the AWS environment. | number |
+| AwsSecurityChangesCount | The number of security rules that were changed by the user in the AWS environment. | number |
+| AwsAdminActivitiesCount | The number of administrative activities performed by the user in the AWS environment. | number |
+| AwsApiAccessDeniedCount | The number of API accesses denied by the user in the AWS environment. | number |
+| AwsFailedLogonCount | The number of failed logins by the user in the AWS environment. | number |
 
 ## Playbook Image
 

diff --git a/Packs/AWS-Enrichment-Remediation/ReleaseNotes/1_1_8.md b/Packs/AWS-Enrichment-Remediation/ReleaseNotes/1_1_8.md
@@ -0,0 +1,6 @@
+
+#### Playbooks
+
+##### AWS - User Investigation
+
+Updated the outputs description.
diff --git a/Packs/AWS-Enrichment-Remediation/pack_metadata.json b/Packs/AWS-Enrichment-Remediation/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "AWS Enrichment and Remediation",
     "description": "Playbooks using multiple AWS content packs for enrichment and remediation purposes",
     "support": "xsoar",
-    "currentVersion": "1.1.7",
+    "currentVersion": "1.1.8",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/Azure-Enrichment-Remediation/Playbooks/playbook-Azure_-_User_Investigation.yml b/Packs/Azure-Enrichment-Remediation/Playbooks/playbook-Azure_-_User_Investigation.yml
@@ -1327,61 +1327,61 @@ inputs:
 outputs:
 - contextPath: AzureScriptBasedUserAgentEvents
   description: Script-based user agent events used by the user in the Azure environment.
-  type: unknown
+  type: string
 - contextPath: CountAzureEvents.AzureScriptBasedUserAgentCount
   description: The number of script-based user agent usages by the user in the Azure environment.
-  type: unknown
+  type: number
 - contextPath: AzureAdminActivitiesEvents
   description: Administrative activities performed by the user in the Azure environment.
-  type: unknown
+  type: string
 - contextPath: CountAzureEvents.AzureAdminActivitiesCount
   description: The number of administrative activities performed by the user in the Azure environment.
-  type: unknown
+  type: number
 - contextPath: AzureSecurityRulesChangeEvents
   description: Security rules that were changed by the user in the Azure environment.
-  type: unknown
+  type: string
 - contextPath: CountAzureEvents.AzureSecurityRulesChangeCount
   description: The number of security rules that were changed by the user in the Azure environment.
-  type: unknown
+  type: number
 - contextPath: AzureUnsuccessSecurityRulesChangeEvents
   description: Unsuccessful attempts to change security rules by the user in the Azure environment.
-  type: unknown
+  type: string
 - contextPath: CountAzureEvents.AzureUnsuccessSecurityRulesChangeCount
   description: The number of unsuccessful attempts to change security rules by the user in the Azure environment.
-  type: unknown
+  type: number
 - contextPath: AzureFailLoginCount
   description: The number of failed logins by the user in the Azure environment.
-  type: unknown
+  type: number
 - contextPath: AzureFailLoginMFACount
   description: The number of failed logins by the user using MFA in the Azure environment.
-  type: unknown
+  type: number
 - contextPath: AzureAnomaliesEvents
   description: Anomaly events on the user in the Azure environment.
-  type: unknown
+  type: string
 - contextPath: CountAzureEvents.AzureAnomaliesCount
   description: The number of anomaly events on the user in the Azure environment.
-  type: unknown
+  type: number
 - contextPath: AzureRiskyUserCount
   description: The number of events where the user was defined as a risky user in the Azure environment.
-  type: unknown
+  type: number
 - contextPath: AzureUncommonCountryLogonEvents
   description: Uncommon country logon events by the user in the Azure environment.
-  type: unknown
+  type: string
 - contextPath: CountAzureEvents.AzureUncommonCountryLogonCount
   description: The number of uncommon country logon events by the user in the Azure environment.
-  type: unknown
+  type: number
 - contextPath: AzureUncommonVolumeEvents
   description: Uncommon volume events by the user in the Azure environment.
-  type: unknown
+  type: string
 - contextPath: CountAzureEvents.AzureUncommonVolumeCount
   description: The number of uncommon volume events by the user in the Azure environment.
-  type: unknown
+  type: number
 - contextPath: AzureUncommonActivitiesEvents
   description: Uncommon activity events by the user in the Azure environment.
-  type: unknown
+  type: string
 - contextPath: CountAzureEvents.AzureUncommonActivitiesCount
   description: The number of uncommon activity events by the user in the Azure environment.
-  type: unknown
+  type: number
 tests:
 - No tests (auto formatted)
 fromversion: 6.9.0
diff --git a/...-Enrichment-Remediation/Playbooks/playbook-Azure_-_User_Investigation_README.md b/...-Enrichment-Remediation/Playbooks/playbook-Azure_-_User_Investigation_README.md
@@ -4,7 +4,7 @@ This playbook performs an investigation on a specific user in Azure environments
 - Security rules and policies changes
 - Failed login attempt
 - MFA failed login attempt
-- Login attempt from an uncommon country.
+- Login attempt from an uncommon country
 - Anomalies activities
 - Risky users
 - Uncommon high volume of actions
@@ -48,25 +48,25 @@ azure-log-analytics-execute-query
 
 | **Path** | **Description** | **Type** |
 | --- | --- | --- |
-| AzureScriptBasedUserAgentEvents | Script-based user agent events used by the user in the Azure environment. | unknown |
-| CountAzureEvents.AzureScriptBasedUserAgentCount | The number of script-based user agent usages by the user in the Azure environment. | unknown |
-| AzureAdminActivitiesEvents | Administrative activities performed by the user in the Azure environment. | unknown |
-| CountAzureEvents.AzureAdminActivitiesCount | The number of administrative activities performed by the user in the Azure environment. | unknown |
-| AzureSecurityRulesChangeEvents | Security rules that were changed by the user in the Azure environment. | unknown |
-| CountAzureEvents.AzureSecurityRulesChangeCount | The number of security rules that were changed by the user in the Azure environment. | unknown |
-| AzureUnsuccessSecurityRulesChangeEvents | Unsuccessful attempts to change security rules by the user in the Azure environment. | unknown |
-| CountAzureEvents.AzureUnsuccessSecurityRulesChangeCount | The number of unsuccessful attempts to change security rules by the user in the Azure environment. | unknown |
-| AzureFailLoginCount | The number of failed logins by the user in the Azure environment. | unknown |
-| AzureFailLoginMFACount | The number of failed logins by the user using MFA in the Azure environment. | unknown |
-| AzureAnomaliesEvents | Anomaly events on the user in the Azure environment. | unknown |
-| CountAzureEvents.AzureAnomaliesCount | The number of anomaly events on the user in the Azure environment. | unknown |
-| AzureRiskyUserCount | The number of events where the user was defined as a risky user in the Azure environment. | unknown |
-| AzureUncommonCountryLogonEvents | Uncommon country logon events by the user in the Azure environment. | unknown |
-| CountAzureEvents.AzureUncommonCountryLogonCount | The number of uncommon country logon events by the user in the Azure environment. | unknown |
-| AzureUncommonVolumeEvents | Uncommon volume events by the user in the Azure environment. | unknown |
-| CountAzureEvents.AzureUncommonVolumeCount | The number of uncommon volume events by the user in the Azure environment. | unknown |
-| AzureUncommonActivitiesEvents | Uncommon activity events by the user in the Azure environment. | unknown |
-| CountAzureEvents.AzureUncommonActivitiesCount | The number of uncommon activity events by the user in the Azure environment. | unknown |
+| AzureScriptBasedUserAgentEvents | Script-based user agent events used by the user in the Azure environment. | string |
+| CountAzureEvents.AzureScriptBasedUserAgentCount | The number of script-based user agent usages by the user in the Azure environment. | number |
+| AzureAdminActivitiesEvents | Administrative activities performed by the user in the Azure environment. | string |
+| CountAzureEvents.AzureAdminActivitiesCount | The number of administrative activities performed by the user in the Azure environment. | number |
+| AzureSecurityRulesChangeEvents | Security rules that were changed by the user in the Azure environment. | string |
+| CountAzureEvents.AzureSecurityRulesChangeCount | The number of security rules that were changed by the user in the Azure environment. | number |
+| AzureUnsuccessSecurityRulesChangeEvents | Unsuccessful attempts to change security rules by the user in the Azure environment. | string |
+| CountAzureEvents.AzureUnsuccessSecurityRulesChangeCount | The number of unsuccessful attempts to change security rules by the user in the Azure environment. | number |
+| AzureFailLoginCount | The number of failed logins by the user in the Azure environment. | number |
+| AzureFailLoginMFACount | The number of failed logins by the user using MFA in the Azure environment. | number |
+| AzureAnomaliesEvents | Anomaly events on the user in the Azure environment. | string |
+| CountAzureEvents.AzureAnomaliesCount | The number of anomaly events on the user in the Azure environment. | number |
+| AzureRiskyUserCount | The number of events where the user was defined as a risky user in the Azure environment. | number |
+| AzureUncommonCountryLogonEvents | Uncommon country logon events by the user in the Azure environment. | string |
+| CountAzureEvents.AzureUncommonCountryLogonCount | The number of uncommon country logon events by the user in the Azure environment. | number |
+| AzureUncommonVolumeEvents | Uncommon volume events by the user in the Azure environment. | string |
+| CountAzureEvents.AzureUncommonVolumeCount | The number of uncommon volume events by the user in the Azure environment. | number |
+| AzureUncommonActivitiesEvents | Uncommon activity events by the user in the Azure environment. | string |
+| CountAzureEvents.AzureUncommonActivitiesCount | The number of uncommon activity events by the user in the Azure environment. | number |
 
 ## Playbook Image
 

diff --git a/Packs/Azure-Enrichment-Remediation/ReleaseNotes/1_1_8.md b/Packs/Azure-Enrichment-Remediation/ReleaseNotes/1_1_8.md
@@ -0,0 +1,6 @@
+
+#### Playbooks
+
+##### Azure - User Investigation
+
+Updated the outputs description.
diff --git a/Packs/Azure-Enrichment-Remediation/pack_metadata.json b/Packs/Azure-Enrichment-Remediation/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Azure Enrichment and Remediation",
     "description": "Playbooks using multiple Azure content packs for enrichment and remediation purposes",
     "support": "xsoar",
-    "currentVersion": "1.1.7",
+    "currentVersion": "1.1.8",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",