-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Aburt-content-manager-improvements #17355
Aburt-content-manager-improvements #17355
Conversation
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @eyalpalo will know he can start review the proposed changes. |
@michalgold @altmannyarden - FYI |
The CircleCI check from your latest pushed commit was unsuccessful. @aburt-demisto take a look at the build by clicking this link. Failed Build Steps
Try and address the listed CircleCI build step failures at your earliest convenience. This will greatly expedite the process of getting your proposed changes merged into master. Happy coding and may the force be with you. |
The CircleCI build failed again. @aburt-demisto take a look at the build details here - and try and fix the issues so that we can merge your proposed changes as soon as possible. Failed Build Steps
|
@aburt-demisto shouldnt the "demistorestapiname" be playbook input? |
The CircleCI build failed again. @aburt-demisto take a look at the build details here - and try and fix the issues so that we can merge your proposed changes as soon as possible. Failed Build Steps
|
Yes, well spotted. I have added PB inputs to both PBs and set them to default to the incident fields. |
The CircleCI build failed again. @aburt-demisto take a look at the build details here - and try and fix the issues so that we can merge your proposed changes as soon as possible. Failed Build Steps
|
The CircleCI build failed again. @aburt-demisto take a look at the build details here - and try and fix the issues so that we can merge your proposed changes as soon as possible. Failed Build Steps
|
6c111f6
into
demisto:contrib/aburt-demisto_aburt-content-manager-improvements
* Added new Content Instance Name field * Ensured input is a list to iterate through * Added instance name to "new" layout * Fixed key syntax * Added auto update field * Added auto update to "new" layout * Added default input for auto install * Added default instance from field * Updated description * Added mapping for Content Pack Selection * Added or condition to decision * Changed instance name field name * Changed instance field name * Updated the layouts * Set the pack selection default to all if None. * Updated release notes * Fixed inputs error not referencing field * Reverted last changes * Updated to accept incident field * Update Docker image tag * Added demistoreastapi input to PB * Set using for task * Added PB input for demistorestapiname * Added using to task * Updated ignore file * Updated pack metadata Co-authored-by: Adam Burt - Demisto <53576129+aburt-demisto@users.noreply.github.com>
* CrowdStrike Falcon Intel v2 - encode URLs (#17501) * Mitre fields fix (#17544) * Removed MITRE aliases * RN * [O365, Gmail] add the reply-to header (#17284) * add replyTo arg EWS O365 * update docker * added to MSGraphMail * fix UTs * added replyTo MSgraphSingleUSer * fix * fix secrets * downgrade docker image * flake8 fixes * update rn * skipping confluence cloud (#17509) * Feature/sepiodev (#17449) (#17546) * #3482 [Demisto] release a new plugin * #3482 [Demisto] release a new plugin - readme * #3226 [Demisto] Release a new plug-in version to fix lost events * sepio fix test * sepio fix test2 * sepio fix test3 * sepio fix test4 * sepio fix test5 * fix test * fix tests * format Co-authored-by: ilan <ierukhimovic@paloaltonetworks.com> Co-authored-by: SepioSystems <65220432+SepioSystems@users.noreply.github.com> Co-authored-by: ilan <ierukhimovic@paloaltonetworks.com> * Update README.md (#17542) (#17549) Co-authored-by: cado-joshua <93199751+cado-joshua@users.noreply.github.com> * Aburt-content-manager-improvements (#17355) (#17555) * Added new Content Instance Name field * Ensured input is a list to iterate through * Added instance name to "new" layout * Fixed key syntax * Added auto update field * Added auto update to "new" layout * Added default input for auto install * Added default instance from field * Updated description * Added mapping for Content Pack Selection * Added or condition to decision * Changed instance name field name * Changed instance field name * Updated the layouts * Set the pack selection default to all if None. * Updated release notes * Fixed inputs error not referencing field * Reverted last changes * Updated to accept incident field * Update Docker image tag * Added demistoreastapi input to PB * Set using for task * Added PB input for demistorestapiname * Added using to task * Updated ignore file * Updated pack metadata Co-authored-by: Adam Burt - Demisto <53576129+aburt-demisto@users.noreply.github.com> * Improve slack notifier upload message (#17533) * add indication of marketplace in message titles * add indication of marketplace in message titles * Update gitlab_slack_notifier.py * Update gitlab_slack_notifier.py * Fix bug in windows ansible pack for !win-package (#17486) (#17557) * Fix bug * Make update a revision * Empty-Commit * Empty-Commit 2 Co-authored-by: Nicholas Ericksen <59053722+nericksen@users.noreply.github.com> * Added a feature to convert STIX Cyber Observable Objects to STIX Domain Object of 'indicator' so that the Microsoft Azure Sentinel TAXII Connector can feed indicators. (#17326) (#17492) * Added a feature to convert STIX Cyber Observable Objects tos STIX Domain Object of 'indicator' so that the Microsoft Azure Sentinel TAXII Connector can feed indicators. * Added a test pattern * Added codes to escape indicator values. * Updated to pass MyPy * Updated the ReleaseNotes * Small change for re-run CircleCI * Fixed a test pattern Co-authored-by: Masahiko Inoue <54964121+spearmin10@users.noreply.github.com> Co-authored-by: merit <meretmaayta@gmail.com> * sx-support-partner-update (#17562) * delete category field (#17559) * delete category field * remove marketplace key * update RN * Trend Micro Vision One (#17512) * Trend Micro Vision One (#16931) * Initial commit of Trend Micro Vision One integration * Modified command parameters to follow recommended format * Added mock JSON data for unit tests * Updates for MyPy validation * Updates to the Incident Types and Layouts * Updated max_fetch default value to 50 * Merged to single integration * Minor changes * Documentation Updates * Documentation Updates * Cleaned up test cases * Added submit to sandbox test * Removed field from mapper, classifier, updated docs * Incorporated feedback from XSOAR review * Removed entry from mapper, updated fromVersion * Update docker image * Changes associated with use of ScheduledCommand * Updated docs and removed unnecessary message * Update TrendMicroVisionOne_description.md * Updated docs to include full product name * Changed version to 6.2 in demistomock.py * Feedback from demo * demisto mock version reverted, mocked the raise error method of scheduled command Co-authored-by: Mike <mike@mdgsecurity.com> Co-authored-by: epintzov <epintzov@paloaltonetworks.com> * New Integration: ACTI Vulnerability Query (#17357) (#17567) * Initialized file structure for integration namely ACTI Vulnerability Query * Minor changes made to README.md for Accenture CTI v2 pack * Updated README * Shifted logo changes to a new branch * Shifted logo changes to a new branch * functions and unit test for vulnerability command * added contextual properties in extract_result function * changes in extract result function and updated command function and unit test * updated command for cve not found and updated yml * added unit test for cve not found and updated yml * Modified test-module for correct API testing * WIP: Minor changes made * minor changes * cve class added locally * field added in yml * changes in cvss and display text fields * Added necessary message to differentiate API token error for tokens not having access to vulnerability intel * changes in unit test according to code * changes * date_time issue fixed * Added fields to yml and made some minor changes * WIP: Removed RM102, IN136, PA114, RN106 : Try 1 * WIP: Updated Accenture CTI v2 pack README * removed print statements * WIP: Resolving errors : Try 1 * WIP: Fixing flake8 errors : Try 2 * WIP: Resolving minor Mypy, flake8 errors : Try 3 * WIP: Resolving errors : Try 4 * Removed unnecessary unused files * Corrected typo * created custom CVE class * Inherited CVE class in CustomCVE class * minorchanges * Removed flake8 errors * Resolving E302 * Resolving errors: final * Modified CustomCVE class * Updated yml for cvss2 & cvss3 fields * Updated README * Changed base command from vuln to acti-vuln Co-authored-by: Ankit Mordhwaj <mordhwaj.ankit@gmail.com> Co-authored-by: Satyaki Chakraborti <40510780+satyakidroid@users.noreply.github.com> Co-authored-by: Ankit Mordhwaj <mordhwaj.ankit@gmail.com> * Update Docker Image To demisto/python3 (#17551) * Updated Metadata Of Pack BluecatAddressManager * Added release notes to pack BluecatAddressManager * Packs/BluecatAddressManager/Integrations/BluecatAddressManager/BluecatAddressManager.yml Docker image update * Fix ReadPdfFileV2 script bug (#17548) * failed unit-test * failed unit-test * failed unit-test * failed unit-test * fix bug * bump rn * update mocker variable name * failed unit-test * failed unit-tests * secrets ignore * fix bug * fix cr comments * update func docstring * Proofpoint TAP v2 - Handle non-ascii chars in message (#17532) * test(fetch): message with non ascii chars subject * test(fetch): rm encoding arg * feat(encoding): add raw message encoding param * doc(encoding): add param to readme and add example * Remove wrong marketplace (#17571) * Remove wrong marketplace * RN * RN * Update core_packs_mpv2_list.json * Update core_packs_mpv2_list.json Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com> * Hackuity integration Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com> Co-authored-by: David Baumstein <51712181+David-BMS@users.noreply.github.com> Co-authored-by: Aviya Baumgarten <71635916+abaumgarten@users.noreply.github.com> Co-authored-by: Guy Keller <33782301+guykeller@users.noreply.github.com> Co-authored-by: content-bot <55035720+content-bot@users.noreply.github.com> Co-authored-by: SepioSystems <65220432+SepioSystems@users.noreply.github.com> Co-authored-by: ilan <ierukhimovic@paloaltonetworks.com> Co-authored-by: cado-joshua <93199751+cado-joshua@users.noreply.github.com> Co-authored-by: Adam Burt - Demisto <53576129+aburt-demisto@users.noreply.github.com> Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com> Co-authored-by: Nicholas Ericksen <59053722+nericksen@users.noreply.github.com> Co-authored-by: Masahiko Inoue <54964121+spearmin10@users.noreply.github.com> Co-authored-by: merit <meretmaayta@gmail.com> Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com> Co-authored-by: evisochek <72695126+evisochek@users.noreply.github.com> Co-authored-by: Mike <mike@mdgsecurity.com> Co-authored-by: epintzov <epintzov@paloaltonetworks.com> Co-authored-by: Satyaki Chakraborti <40510780+satyakidroid@users.noreply.github.com> Co-authored-by: Ankit Mordhwaj <mordhwaj.ankit@gmail.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com>
* New pack: Hackuity (#17106) * CrowdStrike Falcon Intel v2 - encode URLs (#17501) * Mitre fields fix (#17544) * Removed MITRE aliases * RN * [O365, Gmail] add the reply-to header (#17284) * add replyTo arg EWS O365 * update docker * added to MSGraphMail * fix UTs * added replyTo MSgraphSingleUSer * fix * fix secrets * downgrade docker image * flake8 fixes * update rn * skipping confluence cloud (#17509) * Feature/sepiodev (#17449) (#17546) * #3482 [Demisto] release a new plugin * #3482 [Demisto] release a new plugin - readme * #3226 [Demisto] Release a new plug-in version to fix lost events * sepio fix test * sepio fix test2 * sepio fix test3 * sepio fix test4 * sepio fix test5 * fix test * fix tests * format Co-authored-by: ilan <ierukhimovic@paloaltonetworks.com> Co-authored-by: SepioSystems <65220432+SepioSystems@users.noreply.github.com> Co-authored-by: ilan <ierukhimovic@paloaltonetworks.com> * Update README.md (#17542) (#17549) Co-authored-by: cado-joshua <93199751+cado-joshua@users.noreply.github.com> * Aburt-content-manager-improvements (#17355) (#17555) * Added new Content Instance Name field * Ensured input is a list to iterate through * Added instance name to "new" layout * Fixed key syntax * Added auto update field * Added auto update to "new" layout * Added default input for auto install * Added default instance from field * Updated description * Added mapping for Content Pack Selection * Added or condition to decision * Changed instance name field name * Changed instance field name * Updated the layouts * Set the pack selection default to all if None. * Updated release notes * Fixed inputs error not referencing field * Reverted last changes * Updated to accept incident field * Update Docker image tag * Added demistoreastapi input to PB * Set using for task * Added PB input for demistorestapiname * Added using to task * Updated ignore file * Updated pack metadata Co-authored-by: Adam Burt - Demisto <53576129+aburt-demisto@users.noreply.github.com> * Improve slack notifier upload message (#17533) * add indication of marketplace in message titles * add indication of marketplace in message titles * Update gitlab_slack_notifier.py * Update gitlab_slack_notifier.py * Fix bug in windows ansible pack for !win-package (#17486) (#17557) * Fix bug * Make update a revision * Empty-Commit * Empty-Commit 2 Co-authored-by: Nicholas Ericksen <59053722+nericksen@users.noreply.github.com> * Added a feature to convert STIX Cyber Observable Objects to STIX Domain Object of 'indicator' so that the Microsoft Azure Sentinel TAXII Connector can feed indicators. (#17326) (#17492) * Added a feature to convert STIX Cyber Observable Objects tos STIX Domain Object of 'indicator' so that the Microsoft Azure Sentinel TAXII Connector can feed indicators. * Added a test pattern * Added codes to escape indicator values. * Updated to pass MyPy * Updated the ReleaseNotes * Small change for re-run CircleCI * Fixed a test pattern Co-authored-by: Masahiko Inoue <54964121+spearmin10@users.noreply.github.com> Co-authored-by: merit <meretmaayta@gmail.com> * sx-support-partner-update (#17562) * delete category field (#17559) * delete category field * remove marketplace key * update RN * Trend Micro Vision One (#17512) * Trend Micro Vision One (#16931) * Initial commit of Trend Micro Vision One integration * Modified command parameters to follow recommended format * Added mock JSON data for unit tests * Updates for MyPy validation * Updates to the Incident Types and Layouts * Updated max_fetch default value to 50 * Merged to single integration * Minor changes * Documentation Updates * Documentation Updates * Cleaned up test cases * Added submit to sandbox test * Removed field from mapper, classifier, updated docs * Incorporated feedback from XSOAR review * Removed entry from mapper, updated fromVersion * Update docker image * Changes associated with use of ScheduledCommand * Updated docs and removed unnecessary message * Update TrendMicroVisionOne_description.md * Updated docs to include full product name * Changed version to 6.2 in demistomock.py * Feedback from demo * demisto mock version reverted, mocked the raise error method of scheduled command Co-authored-by: Mike <mike@mdgsecurity.com> Co-authored-by: epintzov <epintzov@paloaltonetworks.com> * New Integration: ACTI Vulnerability Query (#17357) (#17567) * Initialized file structure for integration namely ACTI Vulnerability Query * Minor changes made to README.md for Accenture CTI v2 pack * Updated README * Shifted logo changes to a new branch * Shifted logo changes to a new branch * functions and unit test for vulnerability command * added contextual properties in extract_result function * changes in extract result function and updated command function and unit test * updated command for cve not found and updated yml * added unit test for cve not found and updated yml * Modified test-module for correct API testing * WIP: Minor changes made * minor changes * cve class added locally * field added in yml * changes in cvss and display text fields * Added necessary message to differentiate API token error for tokens not having access to vulnerability intel * changes in unit test according to code * changes * date_time issue fixed * Added fields to yml and made some minor changes * WIP: Removed RM102, IN136, PA114, RN106 : Try 1 * WIP: Updated Accenture CTI v2 pack README * removed print statements * WIP: Resolving errors : Try 1 * WIP: Fixing flake8 errors : Try 2 * WIP: Resolving minor Mypy, flake8 errors : Try 3 * WIP: Resolving errors : Try 4 * Removed unnecessary unused files * Corrected typo * created custom CVE class * Inherited CVE class in CustomCVE class * minorchanges * Removed flake8 errors * Resolving E302 * Resolving errors: final * Modified CustomCVE class * Updated yml for cvss2 & cvss3 fields * Updated README * Changed base command from vuln to acti-vuln Co-authored-by: Ankit Mordhwaj <mordhwaj.ankit@gmail.com> Co-authored-by: Satyaki Chakraborti <40510780+satyakidroid@users.noreply.github.com> Co-authored-by: Ankit Mordhwaj <mordhwaj.ankit@gmail.com> * Update Docker Image To demisto/python3 (#17551) * Updated Metadata Of Pack BluecatAddressManager * Added release notes to pack BluecatAddressManager * Packs/BluecatAddressManager/Integrations/BluecatAddressManager/BluecatAddressManager.yml Docker image update * Fix ReadPdfFileV2 script bug (#17548) * failed unit-test * failed unit-test * failed unit-test * failed unit-test * fix bug * bump rn * update mocker variable name * failed unit-test * failed unit-tests * secrets ignore * fix bug * fix cr comments * update func docstring * Proofpoint TAP v2 - Handle non-ascii chars in message (#17532) * test(fetch): message with non ascii chars subject * test(fetch): rm encoding arg * feat(encoding): add raw message encoding param * doc(encoding): add param to readme and add example * Remove wrong marketplace (#17571) * Remove wrong marketplace * RN * RN * Update core_packs_mpv2_list.json * Update core_packs_mpv2_list.json Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com> * Hackuity integration Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com> Co-authored-by: David Baumstein <51712181+David-BMS@users.noreply.github.com> Co-authored-by: Aviya Baumgarten <71635916+abaumgarten@users.noreply.github.com> Co-authored-by: Guy Keller <33782301+guykeller@users.noreply.github.com> Co-authored-by: content-bot <55035720+content-bot@users.noreply.github.com> Co-authored-by: SepioSystems <65220432+SepioSystems@users.noreply.github.com> Co-authored-by: ilan <ierukhimovic@paloaltonetworks.com> Co-authored-by: cado-joshua <93199751+cado-joshua@users.noreply.github.com> Co-authored-by: Adam Burt - Demisto <53576129+aburt-demisto@users.noreply.github.com> Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com> Co-authored-by: Nicholas Ericksen <59053722+nericksen@users.noreply.github.com> Co-authored-by: Masahiko Inoue <54964121+spearmin10@users.noreply.github.com> Co-authored-by: merit <meretmaayta@gmail.com> Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com> Co-authored-by: evisochek <72695126+evisochek@users.noreply.github.com> Co-authored-by: Mike <mike@mdgsecurity.com> Co-authored-by: epintzov <epintzov@paloaltonetworks.com> Co-authored-by: Satyaki Chakraborti <40510780+satyakidroid@users.noreply.github.com> Co-authored-by: Ankit Mordhwaj <mordhwaj.ankit@gmail.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * added word Co-authored-by: Rogdham <3994389+Rogdham@users.noreply.github.com> Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com> Co-authored-by: David Baumstein <51712181+David-BMS@users.noreply.github.com> Co-authored-by: Aviya Baumgarten <71635916+abaumgarten@users.noreply.github.com> Co-authored-by: Guy Keller <33782301+guykeller@users.noreply.github.com> Co-authored-by: SepioSystems <65220432+SepioSystems@users.noreply.github.com> Co-authored-by: ilan <ierukhimovic@paloaltonetworks.com> Co-authored-by: cado-joshua <93199751+cado-joshua@users.noreply.github.com> Co-authored-by: Adam Burt - Demisto <53576129+aburt-demisto@users.noreply.github.com> Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com> Co-authored-by: Nicholas Ericksen <59053722+nericksen@users.noreply.github.com> Co-authored-by: Masahiko Inoue <54964121+spearmin10@users.noreply.github.com> Co-authored-by: merit <meretmaayta@gmail.com> Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com> Co-authored-by: evisochek <72695126+evisochek@users.noreply.github.com> Co-authored-by: Mike <mike@mdgsecurity.com> Co-authored-by: epintzov <epintzov@paloaltonetworks.com> Co-authored-by: Satyaki Chakraborti <40510780+satyakidroid@users.noreply.github.com> Co-authored-by: Ankit Mordhwaj <mordhwaj.ankit@gmail.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com>
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
There are issues, but I do not have the IDs for them.
Description
Fixes many bugs in the pack by adding a couple of fields and altering a few scripts and PB tasks.
Screenshots
Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have