St update docker 2

Packs/Active_Directory_Query/Integrations/Active_Directory_Query/Active_Directory_Query.yml

@@ -825,7 +825,7 @@ script:
       description: Value to set "Password Never Expire".
     description: 'Modifies the AD account attribute "Password Never Expire".'
     execution: true
-  dockerimage: demisto/py3-tools:1.0.0.49475
+  dockerimage: demisto/py3-tools:1.0.0.49929
   runonce: false
   ismappable: true
   isremotesyncout: true

Packs/Active_Directory_Query/ReleaseNotes/1_6_9.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Active Directory Query v2
+
+- Updated the Docker image to: *demisto/py3-tools:1.0.0.49929*.

Packs/Active_Directory_Query/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Active Directory Query",
     "description": "Active Directory Query integration enables you to access and manage Active Directory objects (users, contacts, and computers).",
     "support": "xsoar",
-    "currentVersion": "1.6.8",
+    "currentVersion": "1.6.9",
     "author": "Cortex XSOAR",
     "url": "",
     "email": "",

Packs/Base/ReleaseNotes/1_31_74.md

@@ -0,0 +1,14 @@
+
+#### Scripts
+
+##### DBotFindSimilarIncidentsByIndicators
+
+- Updated the Docker image to: *demisto/ml:1.0.0.49819*.
+
+##### DrawRelatedIncidentsCanvas
+
+- Updated the Docker image to: *demisto/sklearn:1.0.0.49796*.
+
+##### FindSimilarIncidentsByText
+
+- Updated the Docker image to: *demisto/sklearn:1.0.0.49796*.

Packs/Base/Scripts/DBotFindSimilarIncidents/README.md

@@ -0,0 +1,51 @@
+Find past similar incidents based on incident fields' similarity. Includes an option to also display indicators similarity.
+
+## Script Data
+
+---
+
+| **Name** | **Description** |
+| --- | --- |
+| Script Type | python3 |
+| Cortex XSOAR Version | 5.0.0 |
+
+## Used In
+
+---
+This script is used in the following playbooks and scripts.
+
+* Cortex XDR incident handling v3
+* Dedup - Generic v4
+* Endpoint Malware Investigation - Generic V2
+
+## Inputs
+
+---
+
+| **Argument Name** | **Description** |
+| --- | --- |
+| incidentId | Incident ID to get the prediction of. If empty, predicts the the current incident ID. |
+| similarTextField | Comma-separated list of incident text fields to take into account when computing similarity. For example: commandline, URL |
+| similarCategoricalField | Comma-separated list of incident categorical fields to take into account whe computing similarity. For example: IP, URL |
+| similarJsonField | Comma-separated list of incident JSON fields to take into account whe computing similarity. For example: CustomFields |
+| fieldsToDisplay | Comma-separated list of additional incident fields to display, but which will not be taken into account when computing similarity. |
+| fieldExactMatch | Comma-separated list of incident fields that have to be equal to the current incident fields. This helps reduce the query size. |
+| useAllFields | Whether to use a predefined set of fields and custom fields to compute similarity. If "True", it will ignore values in similarTextField, similarCategoricalField, similarJsonField. |
+| fromDate | The start date by which to filter incidents. Date format will be the same as in the incidents query page, for example, "3 days ago", ""2019-01-01T00:00:00 \+0200"\). |
+| toDate | The end date by which to filter incidents. Date format will be the same as in the incidents query page, for example, "3 days ago", ""2019-01-01T00:00:00 \+0200"\). |
+| query | Argument for the query. This helps reduce the query size. |
+| limit | The maximum number of incidents to query. |
+| aggreagateIncidentsDifferentDate | Whether to aggregate duplicate incidents within diffrerent dates. |
+| showIncidentSimilarityForAllFields | Whether to display the similarity score for each of the incident fields. |
+| minimunIncidentSimilarity | Retain incidents with similarity score that's higher than the MinimunIncidentSimilarity. |
+| maxIncidentsToDisplay | The maximum number of incidents to display. |
+| showCurrentIncident | Whether to display the current incident. |
+| includeIndicatorsSimilarity | Whether to include similarity of indicators from DBotFindSimilarIncidentsByIndicators in the final score. |
+| minNumberOfIndicators | The minimum number of indicators required related to the incident before running the model. Relevant if includeIndicatorsSimilarity is "True". |
+| indicatorsTypes | Comma-separated list of indicator types to take into account. If empty, uses all indicators types. Relevant if includeIndicatorsSimilarity is "True". |
+| maxIncidentsInIndicatorsForWhiteList | Help to filter out indicators that appear in many incidents. Relevant if includeIndicatorsSimilarity is "True". |
+
+## Outputs
+
+---
+There are no outputs for this script.

Packs/Base/Scripts/DBotFindSimilarIncidentsByIndicators/DBotFindSimilarIncidentsByIndicators.yml

@@ -88,7 +88,7 @@ subtype: python3
 system: false
 timeout: '0'
 type: python
-dockerimage: demisto/ml:1.0.0.25666
+dockerimage: demisto/ml:1.0.0.49819
 runas: DBotWeakRole
 runonce: false
 tests:

Packs/Base/Scripts/DBotFindSimilarIncidentsByIndicators/README.md

@@ -0,0 +1,39 @@
+Finds similar incidents based on indicators' similarity. Indicators' contribution to the final score is based on their scarcity.
+
+## Script Data
+
+---
+
+| **Name** | **Description** |
+| --- | --- |
+| Script Type | python3 |
+| Cortex XSOAR Version | 5.0.0 |
+
+## Used In
+
+---
+This script is used in the following playbooks and scripts.
+
+* Dedup - Generic v4
+
+## Inputs
+
+---
+
+| **Argument Name** | **Description** |
+| --- | --- |
+| incidentId | Incident ID to get the prediction of. If empty, predicts the current incident ID. |
+| maxIncidentsInIndicatorsForWhiteList | The maximum number of incidents that an indicator can be associated with to be retained. This helps to filter out indicators that appear in many incidents  |
+| minNumberOfIndicators | The minimum number of indicators related to the incident required before running the model. |
+| threshold | Threshold to similarity value which is between 0 and 1. |
+| indicatorsTypes | Type of indicators to take into account. If empty, uses all indicators types. |
+| showActualIncident | Whether to show the incident you are investigating. |
+| maxIncidentsToDisplay | The maximum number of incidents to display. |
+| fieldsIncidentToDisplay | Fields to add in the table of incident |
+| fromDate | The start date by which we retrieve information on incidents. |
+| query | Argument for the query of similar incidents. |
+
+## Outputs
+
+---
+There are no outputs for this script.

Packs/Base/Scripts/DrawRelatedIncidentsCanvas/DrawRelatedIncidentsCanvas.yml

@@ -57,7 +57,7 @@ subtype: python3
 system: false
 timeout: '0'
 type: python
-dockerimage: demisto/sklearn:1.0.0.43324
+dockerimage: demisto/sklearn:1.0.0.49796
 runas: DBotWeakRole
 runonce: false
 tests:

Packs/Base/Scripts/DrawRelatedIncidentsCanvas/README.md

@@ -0,0 +1,27 @@
+Draw incidents and indicators on the canvas to map and visualize their connections.
+
+## Script Data
+
+---
+
+| **Name** | **Description** |
+| --- | --- |
+| Script Type | python3 |
+| Cortex XSOAR Version | 6.1.0 |
+
+## Inputs
+
+---
+
+| **Argument Name** | **Description** |
+| --- | --- |
+| incidentID | Incident ID of the incident with which to update the canvas. If not specified, updates the current incident. |
+| relatedIncidentsIDs | Incident IDs to draw on the canvas and relate to the main incident. The format can be a list of IDs or comma-separated values. |
+| indicators | Indicators to draw on the canvas. The format is a list of indicator objects. |
+| layout | The canvas layout. Can be "multipartite", "shell", "spring", "kamada_kawai", or "circular". |
+| overrideUserCanvas | Override the canvas if it exists. |
+
+## Outputs
+
+---
+There are no outputs for this script.

Packs/Base/Scripts/FindSimilarIncidentsByText/FindSimilarIncidentsByText.yml

@@ -111,7 +111,7 @@ tags:
 - incidents
 timeout: '0'
 type: python
-dockerimage: demisto/sklearn:1.0.0.47448
+dockerimage: demisto/sklearn:1.0.0.49796
 runonce: true
 tests:
 - No test

Packs/Base/Scripts/FindSimilarIncidentsByText/README.md

@@ -0,0 +1,53 @@
+Find similar incidents by text comparison - the algorithm based on TF-IDF method.
+To read more about this method: https://en.wikipedia.org/wiki/Tf%E2%80%93idf
+
+This automation runs using the default Limited User role, unless you explicitly
+change the permissions.
+For more information, see the section about permissions here:
+https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations
+
+## Script Data
+
+---
+
+| **Name** | **Description** |
+| --- | --- |
+| Script Type | python3 |
+| Tags | ml, dedup, duplicate, incidents |
+| Cortex XSOAR Version | 5.0.0 |
+
+## Used In
+
+---
+This script is used in the following playbooks and scripts.
+
+* Dedup - Generic
+* Dedup - Generic v2
+* Dedup - Generic v3
+
+## Inputs
+
+---
+
+| **Argument Name** | **Description** |
+| --- | --- |
+| textFields | Text fields to compare. Can be label name, incident fields or custom fields. Comma separated value.  |
+| threshold | TFIDF score threshold \(to consider incident as similar\). |
+| maximumNumberOfIncidents | Maximum number of incidents to check. |
+| timeFrameHours | Check incidents in this time frame. |
+| ignoreClosedIncidents | Ignore close incidents. |
+| timeField | Time field to consider. |
+| maxResults | Maximum number of similar candidates. |
+| minTextLength | Minimum required text length to compare. |
+| preProcessText | Whether to pre-process text \(removing HTML, normilize words\) |
+
+## Outputs
+
+---
+
+| **Path** | **Description** | **Type** |
+| --- | --- | --- |
+| similarIncident.rawId | Similar incident ID. | string |
+| isSimilarIncidentFound | Is similar incident found? \(true\\false\) | boolean |
+| similarIncident | Similar incident. | Unknown |
+| similarIncident.name | Similar incident name. | string |

Packs/Base/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Base",
     "description": "The base pack for Cortex XSOAR.",
     "support": "xsoar",
-    "currentVersion": "1.31.73",
+    "currentVersion": "1.31.74",
     "author": "Cortex XSOAR",
     "serverMinVersion": "6.0.0",
     "url": "https://www.paloaltonetworks.com/cortex",

Packs/CommonScripts/ReleaseNotes/1_11_53.md

@@ -0,0 +1,10 @@
+
+#### Scripts
+
+##### ShowLocationOnMap
+
+- Updated the Docker image to: *demisto/python3:3.10.10.49934*.
+
+##### RepopulateFiles
+
+- Updated the Docker image to: *demisto/python3:3.10.10.49934*.

Packs/CommonScripts/Scripts/RepopulateFiles/RepopulateFiles.yml

@@ -68,6 +68,6 @@ subtype: python3
 runonce: false
 runas: DBotWeakRole
 fromversion: 5.0.0
-dockerimage: demisto/python3:3.10.5.31928
+dockerimage: demisto/python3:3.10.10.49934
 tests:
 - No tests (auto formatted)

Packs/CommonScripts/Scripts/ShowLocationOnMap/ShowLocationOnMap.yml

@@ -11,7 +11,7 @@ enabled: true
 scripttarget: 0
 subtype: python3
 runonce: false
-dockerimage: demisto/python3:3.10.1.25933
+dockerimage: demisto/python3:3.10.10.49934
 runas: DBotWeakRole
 fromversion: 5.0.0
 tests:

Packs/CommonScripts/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Common Scripts",
     "description": "Frequently used scripts pack.",
     "support": "xsoar",
-    "currentVersion": "1.11.52",
+    "currentVersion": "1.11.53",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/CommonWidgets/ReleaseNotes/1_2_16.md

@@ -0,0 +1,6 @@
+
+#### Scripts
+
+##### RSSWidget
+
+- Updated the Docker image to: *demisto/py3-tools:1.0.0.49929*.

Packs/CommonWidgets/Scripts/RSSWidget/RSSWidget.yml

@@ -32,7 +32,7 @@ args:
 scripttarget: 0
 subtype: python3
 runonce: false
-dockerimage: demisto/py3-tools:1.0.0.48698
+dockerimage: demisto/py3-tools:1.0.0.49929
 runas: DBotWeakRole
 fromversion: 5.5.0
 tests:

Packs/CommonWidgets/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Common Widgets",
     "description": "Frequently used widgets pack.",
     "support": "xsoar",
-    "currentVersion": "1.2.15",
+    "currentVersion": "1.2.16",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/HealthCheck/ReleaseNotes/2_0_11.md

@@ -0,0 +1,6 @@
+
+#### Scripts
+
+##### HealthCheckPlaybookAnalysis
+
+- Updated the Docker image to: *demisto/python3:3.10.10.49934*.

Packs/HealthCheck/Scripts/HealthCheckPlaybookAnalysis/HealthCheckPlaybookAnalysis.yml

@@ -7,7 +7,7 @@ comment: Parsing playbooks
 commonfields:
   id: HealthCheckPlaybookAnalysis
   version: -1
-dockerimage: demisto/python3:3.10.8.36650
+dockerimage: demisto/python3:3.10.10.49934
 enabled: true
 name: HealthCheckPlaybookAnalysis
 runas: DBotWeakRole

Packs/HealthCheck/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "System Diagnostics and Health Check",
     "description": "CS Health Check",
     "support": "community",
-    "currentVersion": "2.0.10",
+    "currentVersion": "2.0.11",
     "author": "Cortex XSOAR Customer Success",
     "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions",
     "email": "",
@@ -23,4 +23,4 @@
         "xsoar",
         "marketplacev2"
     ]
-}
+}

Packs/ImpossibleTraveler/ReleaseNotes/1_2_10.md

@@ -0,0 +1,6 @@
+
+#### Scripts
+
+##### CalculateGeoDistance
+
+- Updated the Docker image to: *demisto/py3-tools:1.0.0.49929*.

Packs/ImpossibleTraveler/Scripts/CalculateGeoDistance/CalculateGeoDistance.py

@@ -2,8 +2,8 @@
 from CommonServerPython import *
 from CommonServerUserPython import *
 import geopy.distance
-
-requests.packages.urllib3.disable_warnings()
+import urllib3
+urllib3.disable_warnings()
 
 try:
     # Extract each set of coordinates and create a list

Packs/ImpossibleTraveler/Scripts/CalculateGeoDistance/CalculateGeoDistance.yml

@@ -23,7 +23,7 @@ outputs:
   description: List of coordinates used in the calculation.
 scripttarget: 0
 runonce: false
-dockerimage: demisto/py3-tools:0.0.1.30715
+dockerimage: demisto/py3-tools:1.0.0.49929
 runas: DBotWeakRole
 tests:
 - Impossible Traveler - Test

Packs/ImpossibleTraveler/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Impossible Traveler",
     "description": "Catch the impossible traveler. This Content Pack helps you quickly determine the legitimacy of remote access attempts and contain malicious activity.",
     "support": "xsoar",
-    "currentVersion": "1.2.9",
+    "currentVersion": "1.2.10",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/MalwareBazaar/Integrations/MalwareBazaar/MalwareBazaar.yml

@@ -491,7 +491,7 @@ script:
     - contextPath: MalwareBazaar.MalwarebazaarSamplesList.intelligence.mail
       description: Indicates if this malware sample has been seen in global spam traffic.
       type: String
-  dockerimage: demisto/python3:3.10.9.44472
+  dockerimage: demisto/python3:3.10.10.49934
   feed: false
   isfetch: false
   longRunning: false

Packs/MalwareBazaar/ReleaseNotes/1_0_13.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### MalwareBazaar
+
+- Updated the Docker image to: *demisto/python3:3.10.10.49934*.