demisto · yuvalbenshalom · May 31, 2023 · May 29, 2023 · May 30, 2023 · May 30, 2023
diff --git a/...CrowdstrikeFalconIntel/Integrations/CrowdStrikeIndicatorFeed/CrowdStrikeIndicatorFeed.yml b/...CrowdstrikeFalconIntel/Integrations/CrowdStrikeIndicatorFeed/CrowdStrikeIndicatorFeed.yml
@@ -46,10 +46,11 @@ configuration:
   type: 16
 - display: First fetch time
   name: first_fetch
-  required: false
+  required: true
   type: 0
-  additionalinfo: The time range to consider for the initial data fetch. Leave empty
-    to fetch from the first available indicator.
+  additionalinfo: The time range to consider for the initial data fetch.
+    Warning: This feed fetches tens of thousands of indicators per day. Please consider this when configuring this parameter to further in the past, as it may overload the system with indicators.
+  defaultvalue: '1 week'
 - display: Max. indicators per fetch
   defaultvalue: 5000
   hidden: false
@@ -169,6 +170,13 @@ configuration:
   name: feedBypassExclusionList
   required: false
   type: 8
+- additionalinfo: Incremental feeds pull only new or modified indicators that have been sent from the integration. As the determination if the indicator is new or modified happens on the 3rd-party vendor's side, and only indicators that are new or modified are sent to Cortex XSOAR, all indicators coming from these feeds are labeled new or modified.
+  display: Incremental Feed
+  name: feedIncremental
+  defaultvalue: 'true'
+  required: false
+  type: 8
+  hidden: true
 description: Retrieves indicators from the CrowdStrike Falcon Intel Feed.
 display: CrowdStrike Indicator Feed
 name: CrowdStrike Indicator Feed
@@ -253,7 +261,7 @@ script:
     description: 'Resets the retrieving start time according to the `First Fetch Time` parameter, WARNING: This command will reset your fetch history.'
     execution: false
     name: crowdstrike-reset-fetch-indicators
-  dockerimage: demisto/python3:3.10.11.59581
+  dockerimage: demisto/python3:3.10.11.61265
   feed: true
   isfetch: false
   longRunning: false

diff --git a/Packs/FeedCrowdstrikeFalconIntel/ReleaseNotes/2_1_7.md b/Packs/FeedCrowdstrikeFalconIntel/ReleaseNotes/2_1_7.md
@@ -0,0 +1,8 @@
+
+#### Integrations
+
+##### CrowdStrike Indicator Feed
+- Updated the Docker image to: *demisto/python3:3.10.11.61265*.
+
+- Updated the `First Fetch Time` parameter to mandatory.
+- Fixed an issue where already fetched indicators were immediately marked as `Removed from feed` during a subsequent fetch.
diff --git a/Packs/FeedCrowdstrikeFalconIntel/pack_metadata.json b/Packs/FeedCrowdstrikeFalconIntel/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Crowdstrike Falcon Intel Feed",
     "description": "Tracks the activities of threat actor groups and advanced persistent threats (APTs) to understand as much as possible about their known aliases, targets, methods, and more.",
     "support": "xsoar",
-    "currentVersion": "2.1.6",
+    "currentVersion": "2.1.7",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",