diff --git a/Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.js b/Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.js index fb6102328d17..fb32929d27d9 100644 --- a/Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.js +++ b/Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.js @@ -2,38 +2,95 @@ var serverURL = params.url; if (serverURL.slice(-1) === '/') { serverURL = serverURL.slice(0,-1); } -serverURL = serverURL + '/xsoar' -sendMultipart = function (uri, entryID, body) { +if (params.auth_id || (params.creds_apikey && params.creds_apikey.identifier)) { + serverURL = serverURL + '/xsoar' +} + +var marketplace_url = params.marketplace_url? params.marketplace_url : 'https://storage.googleapis.com/marketplace-dist/content/packs/' + +getTenantAccountName = function () { + // example: for 'https://account-testing-ysdkvou:443/acc_Test' will return 'acc_Test' + const urls = demistoUrls() + const server_url = urls['server'].toString() + // server_url example - https://account-testing-ysdkvou:443/acc_Test + var account_name = '' + // check if server_url contains "/acc_" string + if (server_url.indexOf("/acc_") >= 0){ + const words = server_url.split('acc_') + const tenant_name = words[words.length - 1] + if (tenant_name !== "") { + account_name = 'acc_' + tenant_name + } + } + return account_name +} + +getStandardAuthMethodHeaders = function(key, auth_id, content_type) { + return { + 'Authorization': [key], + 'x-xdr-auth-id': [auth_id], + 'Content-Type': [content_type], + 'Accept': ['application/json'] + } +} + +getAdvancedAuthMethodHeaders = function(key, auth_id, content_type,) { + const nonce = Array.from({length: 64}, () => Math.random().toString(36).charAt(2)).join(""); + const timestamp = Date.now().toString(); + var auth_key = key + nonce + timestamp + auth_key = unescape(encodeURIComponent(auth_key)); + const auth_key_hash = SHA256_hash(auth_key) + + return { + 'x-xdr-timestamp': [timestamp], + 'x-xdr-nonce': [nonce], + 'x-xdr-auth-id': [auth_id], + 'Authorization': [auth_key_hash], + 'Content-Type': [content_type], + 'Accept': ['application/json'] + } + } + +getRequestURL = function (uri) { var requestUrl = serverURL; - if (uri.slice(-1) !== '/') { + if (params.use_tenant){ + requestUrl += '/' + getTenantAccountName(); + } + if (uri.slice(0, 1) !== '/') { requestUrl += '/'; } requestUrl += uri; + return requestUrl +} + +sendMultipart = function (uri, entryID, body) { + var requestUrl = getRequestURL(uri) try { body = JSON.parse(body); } catch (ex) { // do nothing, use the body as is in the request. logDebug('could not parse body as a JSON object, passing as is. body: ' + JSON.stringify(body)); } - var key = [params.apikey? params.apikey : (params.creds_apikey? params.creds_apikey.password : '')]; + var key = params.apikey? params.apikey : (params.creds_apikey? params.creds_apikey.password : ''); if (key == ''){ throw 'API Key must be provided.'; } - var auth_id = [params.auth_id? params.auth_id : (params.creds_apikey? params.creds_apikey.identifier : '')]; - if (auth_id == ''){ - throw 'Auth ID must be provided.'; + var auth_id = params.auth_id? params.auth_id : (params.creds_apikey? params.creds_apikey.identifier : ''); + var headers = {} + // in case the integration was installed before auth_method was added, the auth_method param will be empty so + // we will use the standard auth method + if (!params.auth_method || params.auth_method == 'Standard'){ + headers = getStandardAuthMethodHeaders(key, auth_id, 'multipart/form-data') + } + else if (params.auth_method == 'Advanced') { + headers = getAdvancedAuthMethodHeaders(key, auth_id, 'multipart/form-data') } var res = httpMultipart( requestUrl, entryID, { - Headers: { - 'Authorization': key, - 'x-xdr-auth-id': auth_id, - 'Content-Type': ['multipart/form-data'], - 'Accept': ['application/json'] - }, + Headers: headers, }, body, params.insecure, @@ -42,7 +99,7 @@ sendMultipart = function (uri, entryID, body) { 'file' ); if (res.StatusCode < 200 || res.StatusCode >= 300) { - throw 'Demisto REST APIs - Request Failed.\nStatus code: ' + res.StatusCode + '.\nBody: ' + JSON.stringify(res) + '.'; + throw 'Core REST APIs - Request Failed.\nStatus code: ' + res.StatusCode + '.\nBody: ' + JSON.stringify(res) + '.'; } try { var response = res.Body; @@ -53,35 +110,35 @@ sendMultipart = function (uri, entryID, body) { } return {response: response}; } catch (ex) { - throw 'Demisto REST APIs - Error parsing response - ' + ex + '\nBody:' + res.Body; + throw 'Core REST APIs - Error parsing response - ' + ex + '\nBody:' + res.Body; } }; var sendRequest = function(method, uri, body, raw) { - var requestUrl = serverURL; - if (uri.slice(0, 1) !== '/') { - requestUrl += '/'; - } - requestUrl += uri; - var key = [params.apikey? params.apikey : (params.creds_apikey? params.creds_apikey.password : '')]; + var requestUrl = getRequestURL(uri) + var key = params.apikey? params.apikey : (params.creds_apikey? params.creds_apikey.password : ''); if (key == ''){ throw 'API Key must be provided.'; } - var auth_id = [params.auth_id? params.auth_id : (params.creds_apikey? params.creds_apikey.identifier : '')]; - if (auth_id == ''){ - throw 'Auth ID must be provided.'; + var auth_id = params.auth_id? params.auth_id : (params.creds_apikey? params.creds_apikey.identifier : ''); + var headers = {} + // in case the integration was installed before auth_method was added, the auth_method param will be empty so + // we will use the standard auth method + if (!params.auth_method || params.auth_method == 'Standard'){ + headers = getStandardAuthMethodHeaders(key, auth_id, 'application/json') + } + else if (params.auth_method == 'Advanced') { + if (!auth_id) { + throw 'Core REST APIs - please choose "Standard Authentication method" or provide the Auth ID.'; + } + headers = getAdvancedAuthMethodHeaders(key, auth_id, 'application/json') } var res = http( requestUrl, { Method: method, - Headers: { - 'Accept': ['application/json'], - 'content-type': ['application/json'], - 'authorization': key, - 'x-xdr-auth-id': auth_id - }, + Headers: headers, Body: body, SaveToFile: raw }, @@ -90,7 +147,7 @@ var sendRequest = function(method, uri, body, raw) { ); if (res.StatusCode < 200 || res.StatusCode >= 300) { - throw 'Demisto REST APIs - Request Failed.\nStatus code: ' + res.StatusCode + '.\nBody: ' + JSON.stringify(res) + '.'; + throw 'Core REST APIs - Request Failed.\nStatus code: ' + res.StatusCode + '.\nBody: ' + JSON.stringify(res) + '.'; } if (raw) { return res; @@ -104,12 +161,40 @@ var sendRequest = function(method, uri, body, raw) { } return {response: response}; } catch (ex) { - throw 'Demisto REST APIs - Error parsing response - ' + ex + '\nBody:' + res.Body; + throw 'Core REST APIs - Error parsing response - ' + ex + '\nBody:' + res.Body; } } }; -var deleteIncidents = function(ids_to_delete) { +function reduce_one_entry(data, keep_fields) { + var new_d = {}; + for (var field_index = 0; field_index < keep_fields.length; field_index += 1) { + var field = keep_fields[field_index]; + if (data[field]) { + new_d[field] = data[field]; + } + } + return new_d; +} + +function reduce_data(data, fields_to_keep) { + if (data instanceof Array) { + var new_data = []; + for (var data_index = 0; data_index < data.length; data_index += 1) { + var d = data[data_index]; + new_data.push(reduce_one_entry(d, fields_to_keep)); + } + return new_data; + } + else { + if (data.constructor == Object) { + return [reduce_one_entry(data, fields_to_keep)]; + } + } + return data; +} + +var deleteIncidents = function(ids_to_delete, fields_to_keep) { var body = { ids: ids_to_delete, all: false, @@ -121,8 +206,11 @@ var deleteIncidents = function(ids_to_delete) { throw res[0].Contents; } - var response = res['response'] - var md = tableToMarkdown('Demisto delete incidents', response, ['data', 'total', "notUpdated"]); + var response = res['response']; + if (fields_to_keep && (fields_to_keep != "all")) { + response['data'] = reduce_data(response['data'], fields_to_keep); + } + var md = tableToMarkdown('Core delete incidents', response, ['data', 'total', "notUpdated"]); return { ContentsFormat: formats.json, @@ -132,6 +220,83 @@ var deleteIncidents = function(ids_to_delete) { }; }; +var installPack = function(pack_url, entry_id, skip_verify, skip_validation){ + let file_path; + if (entry_id){ + file_path = entry_id; + } + else{ + // download pack zip file + var res = http( + pack_url, + { + Method: 'GET', + Headers: {}, + SaveToFile: true + }); + + if (res.StatusCode < 200 || res.StatusCode >= 300) { + throw 'Core REST APIs - Failed to download pack file from ' + pack_url; + } + file_path = res.Path; + } + + let upload_url = 'contentpacks/installed/upload?' + + // set the skipVerify parameter + if(isDemistoVersionGE('6.5.0')){ + if (skip_verify && skip_verify === 'false') { + upload_url+='skipVerify=false' + }else{ + upload_url+='skipVerify=true' + } + } + + // set the skipValidation parameter + if(isDemistoVersionGE('6.6.0')){ + if (skip_validation && skip_validation === 'false') { + upload_url+='&skipValidation=false' + }else{ + upload_url+='&skipValidation=true' + } + } + // upload the pack + sendMultipart(upload_url, file_path,'{}'); +}; + +var installPacks = function(packs_to_install, file_url, entry_id, skip_verify, skip_validation) { + if ((!packs_to_install) && (!file_url) && (!entry_id)) { + throw 'Either packs_to_install, file_url or entry_id argument must be provided.'; + } + else if (file_url) { + installPack(file_url, undefined, skip_verify, skip_validation) + logDebug('Pack installed successfully from ' + file_url) + return 'The pack installed successfully from the file ' + file_url + } + else if (entry_id) { + installPack(undefined, entry_id, skip_verify, skip_validation) + logDebug('The pack installed successfully from the file.') + return 'The pack installed successfully from the file.' + } + else{ + let installed_packs = [] + let packs = JSON.parse(packs_to_install); + + for (let pack_index = 0; pack_index < packs.length; pack_index += 1) { + let pack = packs[pack_index]; + let pack_id = Object.keys(pack)[0] + let pack_version = pack[pack_id] + + let pack_url = '{0}{1}/{2}/{3}.zip'.format(marketplace_url,pack_id,pack_version,pack_id) + installPack(pack_url, undefined, skip_verify, skip_validation) + logDebug(pack_id + ' pack installed successfully') + installed_packs.push(pack_id) + } + + return 'The following packs installed successfully: ' + installed_packs.join(", ") + } +}; + switch (command) { case 'test-module': sendRequest('GET','user'); @@ -174,7 +339,11 @@ switch (command) { case 'demisto-delete-incidents': case 'core-delete-incidents': var ids = argToList(args.ids); - return deleteIncidents(ids); + var fields = argToList(args.fields); + return deleteIncidents(ids, fields); + case 'demisto-api-install-packs': + case 'core-api-install-packs': + return installPacks(args.packs_to_install, args.file_url, args.entry_id, args.skip_verify, args.skip_validation); default: throw 'Core REST APIs - unknown command'; } diff --git a/Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml b/Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml index 103aaf41df0e..fe8e0b9e0584 100644 --- a/Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml +++ b/Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml @@ -14,6 +14,21 @@ configuration: - display: Auth ID name: creds_apikey type: 9 + additionalinfo: Please provide Auth ID when using Cortex XSIAM or Cortex XSOAR 8.0.0 and above. + required: false +- display: Authentication method + name: auth_method + type: 15 + required: false + defaultvalue: Advanced + additionalinfo: Whether authentication should be using "Standard" API key or "Advanced" API key. For XSOAR version < 8.0.0, choose "Standard". + options: + - Standard + - Advanced +- display: Base marketplace url + name: marketplace_url + defaultvalue: https://storage.googleapis.com/marketplace-dist/content/packs/ + type: 0 required: false - display: Trust any certificate (not secure) name: insecure @@ -23,6 +38,11 @@ configuration: name: proxy type: 8 required: false +- display: Use tenant + additionalinfo: Whether API calls should be made to the current tenant instead of the main tenant. + name: use_tenant + type: 8 + required: false script: script: '' type: javascript @@ -89,8 +109,47 @@ script: required: true description: IDs of the incidents to delete isArray: true + - name: fields + description: 'Comma separated list of fields to return, case sensitive. Set + "all" for all fields. WARNING: Setting all fields may result in big results.' + required: false + isArray: true + defaultValue: id,name,type,severity,status description: Delete Demisto incidents execution: true + - name: demisto-api-install-packs + arguments: + - name: packs_to_install + required: false + description: 'The packs to install in JSON format (e.g. [{"AutoFocus": "2.0.8"}] ).' + isArray: true + - name: file_url + description: 'The pack zip file url.' + required: false + isArray: false + - name: entry_id + description: 'The War Room entry ID of the pack zip file.' + required: false + isArray: false + - name: skip_verify + description: 'If true will skip pack signature validation, Available from 6.5.0 server version.' + required: false + isArray: false + defaultValue: 'true' + auto: PREDEFINED + predefined: + - 'true' + - 'false' + - name: skip_validation + description: 'If true will skip all pack validations, Available from 6.6.0 server version.' + required: false + isArray: false + defaultValue: 'true' + auto: PREDEFINED + predefined: + - 'true' + - 'false' + description: Upload packs to Demisto server from url or the marketplace. - name: core-api-post arguments: - name: uri @@ -155,9 +214,40 @@ script: isArray: true description: Delete Demisto incidents execution: true + - name: core-api-install-packs + arguments: + - name: packs_to_install + required: false + description: 'The packs to install in JSON format (e.g. [{"AutoFocus": "2.0.8"}] ).' + isArray: true + - name: file_url + description: 'The pack zip file url.' + required: false + isArray: false + - name: entry_id + description: 'The War Room entry ID of the pack zip file.' + required: false + isArray: false + - name: skip_verify + description: 'If true will skip pack signature validation, Available from 6.5.0 server version.' + required: false + isArray: false + defaultValue: 'true' + auto: PREDEFINED + predefined: + - 'true' + - 'false' + - name: skip_validation + description: 'If true will skip all pack validations, Available from 6.6.0 server version.' + required: false + isArray: false + defaultValue: 'true' + auto: PREDEFINED + predefined: + - 'true' + - 'false' + description: Upload packs to Demisto server from url or the marketplace. runonce: false tests: - No tests -marketplaces: - - marketplacev2 fromversion: 5.0.0 diff --git a/Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI_description.md b/Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI_description.md index 2539188976c7..c5d1e2d6c870 100644 --- a/Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI_description.md +++ b/Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI_description.md @@ -1 +1,7 @@ -Creating API keys is done in the Cortex XSIAM interface, under Settings -> Configurations -> API Keys \ No newline at end of file +<~XSIAM> +Creating API keys is done in the Cortex XSIAM interface, under Settings -> Configurations -> API Keys + +<~XSOAR> +Creating API keys is done in the Cortex XSOAR interface, under Settings -> Integrations -> API Keys + +Provide Auth ID only when using Cortex XSIAM or Cortex XSOAR 8.0.0 and above. \ No newline at end of file diff --git a/Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md b/Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md index 637859fb62da..a178d9989b29 100644 --- a/Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md +++ b/Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md @@ -1,8 +1,9 @@ Use Core REST APIs -## Configure Core REST API on Cortex XSIAM +## Configure Core REST API on Cortex XSIAM/XSOAR -1. Navigate to **Settings** > **Configurations** > **Automation & Feed Integrations**. +1. When using XSIAM: Navigate to **Settings** > **Configurations** > **Automation & Feed Integrations**. + When using XSOAR: Navigate to **Settings** > **Integrations**. 2. Search for Core REST API. 3. Click **Add instance** to create and configure a new integration instance. @@ -10,13 +11,14 @@ Use Core REST APIs | --- | --- | --- | | Core Server URL | | True | | Auth ID | | True | + | Authentication method | Whether authentication should be using "Standard" API key or "Advanced" API key. | True | | Trust any certificate (not secure) | Trust any certificate \(not secure\). | False | | Core Server API Key (Password) | | True | | Use system proxy settings | Use system proxy settings. | False | 4. Click **Test** to validate the URLs, token, and connection. ## Commands -You can execute these commands from the Cortex XSIAM CLI, as part of an automation, or in a playbook. +You can execute these commands from the Cortex XSIAM/XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details. ***Please Note:*** When updating or making changes to a custom content item (integration, script, list, etc.), it may be necessary to increment the version of the item. To do so, first fetch the current version (usually via a GET command) and then increment the version by 1. Lastly, when updating an item, please use this incremented value for the `version` field. @@ -72,7 +74,7 @@ There is no context output for this command. #### Human Readable Output ->{"response":{"addedSharedDashboards":["Threat Intelligence Feeds","Troubleshooting Instances"],"allRoles":["Administrator"],"defaultAdmin":true,"email":"admintest@demisto.com","id":"admin","image":"8327000###user_image_admin.png","lastLogin":"2022-05-29T15:13:46.224432+03:00","name":"Admin Dude","notificationsSettings":{"email":{"all":true},"pushNotifications":{"all":true}},"permissions":{"demisto":["scripts.rwx","playbooks.rw"]},"phone":"+650-123456","playgroundId":"beda-02ab-49ef-8fc1-c43a36f"}} +>{"response":{"addedSharedDashboards":["Threat Intelligence Feeds","Troubleshooting Instances"],"allRoles":["Administrator"],"defaultAdmin":true,"email":"admintest@core.com","id":"admin","image":"8327000###user_image_admin.png","lastLogin":"2022-05-29T15:13:46.224432+03:00","name":"Admin Dude","notificationsSettings":{"email":{"all":true},"pushNotifications":{"all":true}},"permissions":{"core":["scripts.rwx","playbooks.rw"]},"phone":"+650-123456","playgroundId":"beda-02ab-49ef-8fc1-c43a36f"}} ### core-api-put *** @@ -165,7 +167,7 @@ There is no context output for this command. ### core-api-multipart *** -Send HTTP Multipart request to upload files to Demisto server +Send HTTP Multipart request to upload files to Core server #### Base Command @@ -221,3 +223,31 @@ There is no context output for this command. >---|---|--- >{"id":"206","occurred":"2022-05-29T02:02:30Z"},{"id":"205","occurred":"2022-05-27T12:00:40Z"},{"id":"204","occurred":"2022-05-27T02:02:30Z"},{"id":"203","occurred":"2022-05-27T04:51:03Z"},{"id":"202","occurred":"2022-05-26T18:16:47Z"},{"id":"201","occurred":"2022-05-26T18:03:55Z"},{"id":"200","occurred":"2022-05-26T15:36:08Z"},{"id":"199","occurred":"2022-05-26T15:31:19Z"},{"id":"198","occurred":"2022-05-26T12:00:39Z"},{"id":"197","occurred":"2022-05-26T02:42:30Z"},{"id":"196","occurred":"2022-05-25T16:02:22Z"},{"id":"195","occurred":"2022-05-25T15:58:22Z"},{"id":"194","occurred":"2022-05-25T15:55:14Z"},{"id":"193","occurred":"2022-05-25T15:54:49Z"},{"id":"192","occurred":"2022-05-25T15:54:38Z"},{"id":"191","occurred":"2022-05-25T15:41:25Z"},{"id":"190","occurred":"2022-05-25T15:39:36Z"},{"id":"189","occurred":"2022-05-25T14:52:47Z"},{"id":"188","occurred":"2022-05-25T14:52:21Z"},{"id":"187","occurred":"2022-05-25T14:43:45Z"},{"id":"186","occurred":"2022-05-25T14:38:58Z"},{"id":"185","occurred":"2022-05-25T14:36:08Z"},{"id":"184","occurred":"2022-05-25T14:28:30Z"},{"id":"183","occurred":"2022-05-25T13:36:31Z"},{"id":"182","occurred":"2022-05-25T12:00:40Z"},{"id":"181","occurred":"2022-05-25T09:52:13Z"},{"id":"180","occurred":"2022-05-25T09:45:05Z"},{"id":"179","occurred":"2022-05-25T01:59:43Z"},{"id":"161","occurred":"2022-05-24T14:47:48Z"},{"id":"160","occurred":"2022-05-24T14:47:34Z"},{"id":"159","occurred":"2022-05-24T14:45:38Z"},{"id":"158","occurred":"2022-05-24T14:45:35Z"},{"id":"157","occurred":"2022-05-24T14:39:51Z"},{"id":"156","occurred":"2022-05-24T14:37:10Z"},{"id":"155","occurred":"2022-05-24T14:37:08Z"},{"id":"154","occurred":"2022-05-24T14:37:01Z"},{"id":"153","occurred":"2022-05-24T14:29:19Z"},{"id":"151","occurred":"2022-05-24T14:27:20Z"},{"id":"150","occurred":"2022-05-24T14:27:08Z"},{"id":"149","occurred":"2022-05-24T14:24:38Z"},{"id":"148","occurred":"2022-05-24T14:24:37Z"},{"id":"147","occurred":"2022-05-24T14:24:38Z"},{"id":"146","occurred":"2022-05-24T13:43:01Z"},{"id":"145","occurred":"2022-05-24T13:41:42Z"},{"id":"144","occurred":"2022-05-24T13:41:38Z"},{"id":"143","occurred":"2022-05-24T13:40:39Z"},{"id":"142","occurred":"2022-05-24T09:43:15Z"},{"id":"141","occurred":"2022-05-24T09:43:09Z"},{"id":"140","occurred":"2022-05-24T09:39:41Z"},{"id":"139","occurred":"2022-05-24T09:17:49Z"},{"id":"138","occurred":"2022-05-24T09:15:11Z"},{"id":"137","occurred":"2022-05-24T09:15:07Z"},{"id":"136","occurred":"2022-05-24T07:14:18Z"},{"id":"135","occurred":"2022-05-24T07:14:13Z"},{"id":"134","occurred":"2022-05-24T07:13:59Z"},{"id":"133","occurred":"2022-05-24T03:12:30Z"},{"id":"132","occurred":"2022-05-24T04:16:32Z"},{"id":"131","occurred":"2022-05-24T04:13:20Z"},{"id":"130","occurred":"2022-05-24T03:08:14Z"},{"id":"129","occurred":"2022-05-24T02:42:50Z"},{"id":"128","occurred":"2022-05-23T06:51:14Z"},{"id":"127","occurred":"2022-05-23T06:51:10Z"},{"id":"126","occurred":"2022-05-23T06:34:44Z"},{"id":"125","occurred":"2022-05-23T06:34:40Z"},{"id":"124","occurred":"2022-05-23T06:32:37Z"},{"id":"123","occurred":"2022-05-23T06:32:34Z"},{"id":"122","occurred":"2022-05-23T06:31:39Z"},{"id":"121","occurred":"2022-05-23T06:31:36Z"},{"id":"120","occurred":"2022-05-23T06:30:39Z"},{"id":"119","occurred":"2022-05-23T06:30:34Z"},{"id":"118","occurred":"2022-05-23T06:12:30Z"},{"id":"117","occurred":"2022-05-23T06:09:35.746115001Z"},{"id":"116","occurred":"2022-05-23T06:08:08.132076423Z"},{"id":"115","occurred":"2022-05-23T06:07:59.975247045Z"},{"id":"114","occurred":"2022-05-23T02:42:30Z"},{"id":"113","occurred":"2022-05-23T02:23:50Z"},{"id":"112","occurred":"2022-05-23T02:17:34Z"},{"id":"111","occurred":"2022-05-22T11:16:49Z"},{"id":"110","occurred":"2022-05-22T11:16:47Z"},{"id":"109","occurred":"2022-05-22T10:23:37Z"},{"id":"108","occurred":"2022-05-22T10:23:28Z"},{"id":"107","occurred":"2022-05-22T10:23:24Z"},{"id":"106","occurred":"2022-05-22T10:23:07Z"},{"id":"105","occurred":"2022-05-22T10:23:01Z"},{"id":"104","occurred":"2022-05-22T10:22:59Z"},{"id":"103","occurred":"2022-05-22T10:22:40Z"},{"id":"102","occurred":"2022-05-22T10:22:37Z"},{"id":"101","occurred":"2022-05-22T10:22:33Z"},{"id":"100","occurred":"2022-05-22T10:16:50Z"},{"id":"99","occurred":"2022-05-22T10:16:41Z"},{"id":"98","occurred":"2022-05-22T10:16:39Z"},{"id":"97","occurred":"2022-05-22T10:16:38Z"},{"id":"96","occurred":"2022-05-22T02:18:11Z"},{"id":"95","occurred":"2022-05-22T02:11:59Z"},{"id":"94","occurred":"2022-05-21T02:28:46Z"},{"id":"93","occurred":"2022-05-21T02:21:58Z"},{"id":"92","occurred":"2022-05-20T02:02:57Z"},{"id":"91","occurred":"2022-05-20T01:56:34Z"},{"id":"90","occurred":"2022-05-22T02:32:30Z"},{"id":"89","occurred":"2022-05-21T02:42:30Z"},{"id":"88","occurred":"2022-05-20T02:22:30Z"},{"id":"87","occurred":"2022-05-19T12:40:33Z"},{"id":"86","occurred":"2022-05-19T12:40:20Z"},{"id":"85","occurred":"2022-05-19T12:39:58Z"},{"id":"84","occurred":"2022-05-19T15:39:45.467321+03:00"},{"id":"83","occurred":"2022-05-19T11:07:32Z"},{"id":"82","occurred":"2022-05-19T10:10:20Z"},{"id":"81","occurred":"2022-05-19T10:02:49Z"},{"id":"80","occurred":"2022-05-19T02:22:30Z"},{"id":"79","occurred":"2022-05-19T02:11:15Z"},{"id":"78","occurred":"2022-05-18T23:12:49Z"},{"id":"77","occurred":"2022-05-18T23:07:27Z"},{"id":"76","occurred":"2022-05-18T22:49:04Z"},{"id":"75","occurred":"2022-05-18T22:43:53Z"},{"id":"74","occurred":"2022-05-18T22:35:27Z"},{"id":"73","occurred":"2022-05-18T22:33:00Z"},{"id":"72","occurred":"2022-05-18T14:40:02Z"},{"id":"71","occurred":"2022-05-18T14:38:03Z"},{"id":"70","occurred":"2022-05-18T14:19:54Z"},{"id":"69","occurred":"2022-05-17T02:52:30Z"},{"id":"68","occurred":"2022-05-16T10:22:30Z"},{"id":"67","occurred":"2022-05-16T06:52:30Z"},{"id":"66","occurred":"2022-05-16T06:45:24.600415024Z"},{"id":"65","occurred":"2022-05-16T06:42:30Z"},{"id":"64","occurred":"2022-05-16T06:36:15.112637478Z"},{"id":"63","occurred":"2022-05-16T06:28:02.589558435Z"},{"id":"62","occurred":"2022-05-15T02:12:30Z"},{"id":"61","occurred":"2022-05-13T03:02:30Z"},{"id":"60","occurred":"2022-05-12T02:22:30Z"},{"id":"59","occurred":"2022-05-10T02:52:30Z"},{"id":"58","occurred":"2022-05-09T03:02:30Z"},{"id":"57","occurred":"2022-05-08T02:02:30Z"},{"id":"56","occurred":"2022-05-07T02:32:30Z"},{"id":"55","occurred":"2022-05-05T03:02:30Z"},{"id":"54","occurred":"2022-05-03T02:52:30Z"},{"id":"53","occurred":"2022-05-03T17:59:41.498326+03:00"},{"id":"52","occurred":"2022-03-30T01:56:47Z"},{"id":"51","occurred":"2022-03-27T10:52:09Z"},{"id":"50","occurred":"2022-03-27T09:24:29Z"},{"id":"49","occurred":"2022-03-27T09:23:57Z"},{"id":"48","occurred":"2022-03-22T05:05:28Z"},{"id":"47","occurred":"2022-03-20T11:08:56Z"},{"id":"46","occurred":"2022-03-20T07:56:41Z"} | 143 | 0 +### core-api-install-packs +*** +Upload packs to Core server from url or the marketplace. + + +#### Base Command + +`core-api-install-packs` +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| packs_to_install | The packs to install in JSON format (e.g. [{"AutoFocus": "2.0.8"}] ). | Optional | +| file_url | The pack zip file url. | Optional | +| skip_verify | If true will skip pack signature validation, Available from 6.5.0 server version. | Optional | +| skip_validation | If true will skip all pack validations, Available from 6.6.0 server version. | Optional | + + +#### Context Output + +There is no context output for this command. + +#### Command Example +```!core-api-install-packs packs_to_install=[{"AutoFocus": "2.0.8"}]``` + +#### Human Readable Output + +>The following packs installed successfully: AutoFocus diff --git a/Packs/DemistoRESTAPI/Integrations/DemistoRESTAPI/DemistoRESTAPI.yml b/Packs/DemistoRESTAPI/Integrations/DemistoRESTAPI/DemistoRESTAPI.yml index cb45cf91166a..a86e82c50667 100644 --- a/Packs/DemistoRESTAPI/Integrations/DemistoRESTAPI/DemistoRESTAPI.yml +++ b/Packs/DemistoRESTAPI/Integrations/DemistoRESTAPI/DemistoRESTAPI.yml @@ -2,7 +2,7 @@ commonfields: id: Demisto REST API version: -1 name: Demisto REST API -display: Demisto REST API +display: Demisto REST API (Deprecated) category: Utilities description: Use Demisto REST APIs configuration: @@ -152,3 +152,5 @@ tests: marketplaces: - xsoar fromversion: 5.0.0 +toversion: 7.9.9 +deprecated: true diff --git a/Packs/DemistoRESTAPI/Integrations/DemistoRESTAPI/DemistoRESTAPI_description.md b/Packs/DemistoRESTAPI/Integrations/DemistoRESTAPI/DemistoRESTAPI_description.md index 461e27fc821a..2fc309e502f0 100644 --- a/Packs/DemistoRESTAPI/Integrations/DemistoRESTAPI/DemistoRESTAPI_description.md +++ b/Packs/DemistoRESTAPI/Integrations/DemistoRESTAPI/DemistoRESTAPI_description.md @@ -1 +1 @@ -Creating API keys is done in the Demisto interface, under Settings -> Integrations -> API Keys \ No newline at end of file +Deprecated. Use Core REST API instead. Creating API keys is done in the Demisto interface, under Settings -> Integrations -> API Keys \ No newline at end of file diff --git a/Packs/DemistoRESTAPI/ReleaseNotes/1_3_15.md b/Packs/DemistoRESTAPI/ReleaseNotes/1_3_15.md new file mode 100644 index 000000000000..52f4f30fbf18 --- /dev/null +++ b/Packs/DemistoRESTAPI/ReleaseNotes/1_3_15.md @@ -0,0 +1,8 @@ + +#### Integrations +##### Demisto REST API (Deprecated) +- Deprecated. Use the Core REST API integration instead. +##### Core REST API +- Now available on the XSOAR platform. +- Added a new parameter **Authentication method**. Supports authentication using a "Standard" API Key or an "Advanced" API key (relevant only for Cortex XSIAM and XSOAR 8.0.0 and above). +- Added the ***core-api-install-packs*** command. diff --git a/Packs/DemistoRESTAPI/pack_metadata.json b/Packs/DemistoRESTAPI/pack_metadata.json index 58fc44158384..e491b88966ad 100644 --- a/Packs/DemistoRESTAPI/pack_metadata.json +++ b/Packs/DemistoRESTAPI/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cortex REST API", "description": "Use Demisto REST APIs", "support": "xsoar", - "currentVersion": "1.3.14", + "currentVersion": "1.3.15", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",