CVE updates - type, layouts and CVEsearchV2 #26486
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…es made to the CVE type.
Ni-Knight
requested review from
altmannyarden
and removed request for
michalgold and
idovandijk
This PR was automatically updated by a GitHub Action
To stop automatic version bumps, add the |
This PR was automatically updated by a GitHub Action
To stop automatic version bumps, add the |
eyalpalo
requested changes
Jun 27, 2023
Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com>
altmannyarden
approved these changes
Jun 28, 2023
no need for toVersion as its deprcated
This PR was automatically updated by a GitHub Action
To stop automatic version bumps, add the |
xsoar-bot
pushed a commit
to xsoar-contrib/content
that referenced
this pull request
Jul 26, 2023
* Updated the integration to parse all the data coming from the source. * Updated the Common.CVE class with new attributes needed for the changes made to the CVE type. * New indicator fields - "Vulnerable Products" and "Vulnerable Configurations" * New script to support a new dynamic section in the CVE layout. * Updated layout for CVEs. * New and improved custom mapping for CVEs. * Small fix to comments section in the layout * Added "KeyError" handling to the automation if no CVSS score is present. * Small fixes and docstrings. * Updated fromVersion. * RN * ignore "CPE" and "CPEs". * ignore "CWE" and "CWEs". * Small fixes to errors in CSP. * Switched branch name back to `master` in CSP. * Reverted doc_stirng to reinclude dbot info. * Fixed field name from "description" to "comment" * PEP8 fixes * Docker bump * Readme update * code fixes and unit-tests * Bump pack from version CommonTypes to 3.3.69. * Fixed tags and escape characters * Typo * readme fixes * Bump pack from version CommonTypes to 3.3.70. * Update CVECVSSColor.py * Update CVECVSSColor_test.py * RN * Removed `script` from yml * Some more tests for indicator generation * Bump pack from version Base to 1.32.3. * More tests for the new code sections * Added relationships to tests * Update CVECVSSColor.py * Fixed issue with relationships being referenced before assignment * Updated test playbook * Bump pack from version CommonScripts to 1.11.75. * Bump pack from version Base to 1.32.4. * A bit more comments * Fixed `ruff` errors * Bumped docker * RN * Bump pack from version CommonScripts to 1.11.76. * CR fixes * Updated readme file * ReleaseNotes * Updated YML * ReleaseNotes * Fixed YML * Updated breaking changes * ignore BC102 error * ReleaseNotes * fixed ignore * Update .pack-ignore * Bump pack from version CommonScripts to 1.11.78. * Bump pack from version CommonScripts to 1.11.79. * Adding an explenation for the change in the context. * Docker bumps * RN * Bump pack from version CommonScripts to 1.11.80. * Restored script name that was deleted by format * docker bump * RN * Fixed small error in unit test * Bump pack from version CommonScripts to 1.11.81. * Fixed CPE parsing to support multiple products. * Fixed tags being overwritten. * CveReputation update to Python3 * Updated cpes to a single grid * Updated layout with fixes to quick and edit * Moved integration to CIRCL and reverted changes in CVESearch * Reverting changes to CVESearch Pack * Deprecating CVESearch * Delete Pipfile.lock * Delete Pipfile * RN * Update .secrets-ignore * pip8 issues * New picture * docs updates * Bump pack from version CommonScripts to 1.11.83. * added script key to yml * added "python" to code block * Added unittests for the script * Fixed typing hint * typing hint * Hint yet again * Added a python3 docker key to the yml * RN * update poetry setup version * Bump pack from version CommonScripts to 1.11.84. * Validation fixes * Bump pack from version Base to 1.32.8. * Update conf.json Removed unneeded square brackets * Fixed import path * Update indicatorfield-vulnerableproducts.json typo (missing an "s" in products) * typo fixes (changed to vulnerableproducts from vulnerableproduct) * vulnerableproduct -> vulnerableproducts in Common.CVE * Camel in context keys * vulnerableproducts -> VulnerableProducts in mapping * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Updated ExtraHop PB to use new integration. * RN * RN * vulnerableproduct - > vulnerableproducts * Update 3_3_73.md Changing due a validation issue. * Removed deprecated pack CVE Search * RN * Bump pack from version CommonScripts to 1.11.86. * removed CVESearch from nightly (deprecated) * Added CIRCL to nightly packs * RN * Update pack_metadata.json * Update pack_metadata.json * Update playbook-ExtraHop_-_CVE-2019-0708_BlueKeep.yml * Update pack_metadata.json * RN * ReleaseNotes * RN * Update 1_0_19.md * ignore CJ105 in CveReputation.yml * RN * Update CveReputation.yml * Changed cve_id to cve * Deprecated notifications * RN * RN * RN * added "toversion" again to try * Bump pack from version Base to 1.32.15. * Bump pack from version CommonScripts to 1.11.88. * docker bump * RN * RN * Test fixes to use "cve" * PB Fix * fromversion fix. * Apply suggestions from code review Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> * CR fixes * More CR changes * RN * typo * missing `return` after change * fix to tests * Update conf.json Added "CIRCL" to nightly packs instead of CVESearchV2 * cvss_color fix * RN * Fixed test_module * catching bad JSON * `cve_id`->`cve` * Fixes to mypy issues. * Bump pack from version CommonTypes to 3.3.77. * Bump pack from version CommonScripts to 1.11.90. * Update Packs/CIRCL/Integrations/CirclCVESearch/CirclCVESearch.py Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> * Fixed "id" issue and better exception for bad URL * Fixed mypy issues and ruff * RN * RN * Update CVESearchV2.yml no need for toVersion as its deprcated * Bump pack from version CommonScripts to 1.11.91. * removing toversion from cvereputatoin and changing id to V2 * RN * RN * updated comment --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: ilaner <88267954+ilaner@users.noreply.github.com> Co-authored-by: adi88d <adaud@paloaltonetworks.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
Related Issues
fixes: link to the issue
Description
The PR is an overhaul to the CVE type within the system allowing to represent CPEs, CWEs, CVSS (Score and table) and more. The PR updates:
Vulnerable ProductsPublications)Screenshots
Minimum version of Cortex XSOAR
Does it break backward compatibility?