[Marketplace Contribution] Generic Export Indicators Service - Content Pack Update #27338
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
content-bot
added
Contribution
content-bot
changed the base branch from
master
to
contrib/xsoar-contrib_xsoar-hmk-contrib-EDL
|
Thank you for your contribution. Your generosity and caring are unrivaled! Rest assured - our content wizard @thefrieddan1 will very shortly look over your proposed changes. |
There was a problem hiding this comment.
Hi @xsoar-hmk thank you for your contribution we appreciate your effort, I reviewed the content in the PR and would like to provide some feedback:
As this is an XSOAR level support integration please add unit test with your added argument.
Thanks
thefrieddan1
added
the
pending-contributor
|
I though I added the changes to the original submission.
Changes affecting proxysg formatting:
1. Added IP indicators to the list of possible IoCs
2. Added a for loop to handle IoCs in multiple proxysgcategories (Previously, the list would return empty of an IoC was in more than one category)
Robert Martin
Sr. Info. Security Engineer
Highmark Health | Cyber Analytics and Automation
From: Danny Fried ***@***.***>
Sent: Sunday, June 11, 2023 3:23 AM
To: demisto/content ***@***.***>
Cc: Martin, Robert (Highmark Health) ***@***.***>; Mention ***@***.***>
Subject: [EXTERNAL] Re: [demisto/content] [Marketplace Contribution] Generic Export Indicators Service - Content Pack Update (PR #27338)
WARNING: This email originated from an external source and could contain harmful links or attachments. Use extreme caution. Report this to ***@***.******@***.***> if you suspect this is a harmful email.
________________________________
@thefrieddan1 commented on this pull request.
Hi thank you for your contribution we appreciate your effort, I reviewed the content in the PR and would like to provide some feedback:
As this is an XSOAR level support integration please add unit test with your added argument.
Thanks
________________________________
In Packs/EDL/ReleaseNotes/3_2_0.md<https://secure-web.cisco.com/1-0Yto9Hxd5kRmsaUJjkfu79pucVqaBsb7cMotXHWI_Kkz1kkXwpczpStyMU5hxBUOhE8Hng_VKL9zEhLzy2JpzPjnXZBc8dfh0NWSBNBRMLKOvP93dQ3rztCeTfjEG0eXVTbvhmdZWzR84DFvz2TaEpeCFILRcZMK1YlOVMnoorkIUY9_04PRGW6Lh7x6wyEtGVPuOcWZjDt8WahFg8owDcURGUNs6y4SD7Z3q8zVJkp1xJs7qDbUS6ODnC3J3j-AjC1S3d0Wjwnti8KgqThdxRou5eQKshc9j03Sh0e0GBlBaVFXyuAxwwOijMF2d26/https%3A%2F%2Fgithub.com%2Fdemisto%2Fcontent%2Fpull%2F27338%23discussion_r1225730403>:
@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### Generic Export Indicators Service
+
+- %%UPDATE_RN%%
Please specify what was feature was added.
________________________________
In Packs/EDL/Integrations/EDL/EDL_description.md<https://secure-web.cisco.com/1xjrnC-mzwCQT7er2Qxv1dK-mvpzpsg-_YI9yOu8_p4lqOkjIlD8DAjbjrfVP2f41capClhnjtOi0Ius31i1pIRg2OStbFm-joRC6LwuOIkRYZXZO_tgxSeEaGOFiR7BIiZPrFeutKrk3Hy1b6H5TFtAx25JqTDZYFYmVPzgXzWBoQbTuZw6VJIrtdW_TWBaixLGP4n9xFhCgJftG7syuW_s8DJDvE6EvZ2Vl8IH2CHlhcXYn_7E21HfEJMliJ7AssDZT6m9Bg-XMSzflVssi2AShWEblweRZwxURCPyX2c8koWX8LgdqHpYuLhOsqoBf/https%3A%2F%2Fgithub.com%2Fdemisto%2Fcontent%2Fpull%2F27338%23discussion_r1225731426>:
@@ -1,36 +1,13 @@
## How to Access the Generic Export Indicators Service
-<~XSOAR>
Seems to me that the removal of XSOAR / XSIAM tags from this file was done automatically.
Please review it and revert if these removals are un intended.
________________________________
In Packs/EDL/Integrations/EDL/EDL.yml<https://secure-web.cisco.com/1hhiSTZrNjlwWCTH3I-57disswo94_XyCV4Ze_O6IjuF68WZJRLL4WR7bzC2uhlGJ9iHRs2wYI88zfCG318-JHCTt9mgQMttHE7CAqT08geGjPhQSLDMvx_sdUMsg8eTm1UwauM95bXCiQ6NN8SzOxwPfmbEqPswR4PLAfVVqs41j5Ft2Y5jAmpE62VPG7YdmtiZ1XLcq-OuIbIPvB7FMLe_S8HtO0peFjaFuSLRicjpc3e2vkvQspoYOZ3wMD8DmoEvHDvd9PRZtVZCJG8PNW6ux6ClsfyfrJvjddtwFBxCbsE7NiSn6M1o4AT-HTY7n/https%3A%2F%2Fgithub.com%2Fdemisto%2Fcontent%2Fpull%2F27338%23discussion_r1225732331>:
@@ -1,7 +1,4 @@
category: Data Enrichment & Threat Intelligence
Not clear to me why removal of arguments charecatsitics like default description isArray and such all across the file.
Please review it and revert if these changes are not required.
—
Reply to this email directly, view it on GitHub<https://secure-web.cisco.com/1upEtlQlqFDJjQh_WYc_m9U-FxxWQUkAfNXD_NJXqEftWtKz0F7A128S6NHtCLDG5hADWwEtHWDh8R7Kp0bzfC0RKGZ0h_kAbjJ3hUKQ2PlB7URV2feEekbZP4Z5HGtRR1jZuN_n1lN0gdF2yUI6HBl5PJuQN-dDlZZCZVH_skmmn8tboDUYQalIkJcPupI8niv0w2yjP59ICxMXUx4H614TiHbHfFUIfIxROvcdChP1_cWlLFnmTg1X1L8J0QDlQau-TtbCRL_HC9-XxXAhWQom6_XoI6FZ2cxfE5ckc-Th1CgCZXVgsTySBB61c7o5z/https%3A%2F%2Fgithub.com%2Fdemisto%2Fcontent%2Fpull%2F27338%23pullrequestreview-1473612033>, or unsubscribe<https://secure-web.cisco.com/1elpGPl-tDW5RyXIJkAfr93uyTqY-bAaoUyWR9bO2iut4JtkYCq_w_6LmivCu2789FRLzgC4y3ZdxtaRogJjyXY8PONsCFdzuHjFR22v9Xh_w0UqWe0CTbopbTntxE0VhefyY8CaQo7VuYt4009vT7-gixAZTFHjhwNVOZhXz5hsCrxQARkew8a_NKjkeneHVW244yqzpxwlJ9I5nJgFfOZuB2M-GpparY6h6CnHMmT0TCeLu3JlWbq0ShFqUTmR0dZovn7Xzmi7Rn8E2uhD_U_lQsrX5-Rg-01Ms3JQc-JhhcKFEGq70WQ-FUMk6OlQF/https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAWKFRVHJGX26GTI2TUHOL6LXKVW6HANCNFSM6AAAAAAZA6FFNI>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
…________________________________
The information contained in this transmission may contain privileged and confidential information including personal information protected by federal and/or state privacy laws. It is intended only for the use of the addressee named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Highmark Health is a Pennsylvania nonprofit corporation. This communication may come from Highmark Health or one of its subsidiaries or affiliated businesses.
|
|
Hi @xsoar-hmk, Lets please schedule a demo session where you can show me what you have added. Thanks, |
|
Sounds good. Let me know when you are available.
Robert Martin
Sr. Info. Security Engineer
Highmark Health | Cyber Analytics and Automation
From: Danny Fried ***@***.***>
Sent: Wednesday, June 14, 2023 4:45 AM
To: demisto/content ***@***.***>
Cc: Martin, Robert (Highmark Health) ***@***.***>; Mention ***@***.***>
Subject: [EXTERNAL] Re: [demisto/content] [Marketplace Contribution] Generic Export Indicators Service - Content Pack Update (PR #27338)
WARNING: This email originated from an external source and could contain harmful links or attachments. Use extreme caution. Report this to ***@***.******@***.***> if you suspect this is a harmful email.
…________________________________
Hi @xsoar-hmk<https://secure-web.cisco.com/1KnoJor7EemRfeAtRt_qvD7CgKAHaxPDZk5jFiYvG9Uaj0SCRnNeZuUURSqVvx2Si1lfoF7a10vyp_VUUNwtWdRhc48Ikm8-Ce06q2bWJjI7_RAHqxx5gqzZpiyYvhXB-cYfJVpg7AxISx_aH3YOOg-6XUeVO3PZRmuIRaG0PPY_4cDktybk8q1ZEG2thQg1q6KKDclYa5Jx2i_x79vXXKWQBTSEl7Lq9sLWNSZPu40yb4faD_RKBggXnib87O2LTD470Kfvh8MiCvZJphB46dnsj4g0zhdOqeYuwOTAKUgjrov0xGNouI2MR-1sSj7mL/https%3A%2F%2Fgithub.com%2Fxsoar-hmk>,
Lets please schedule a demo session where you can show me what you have added.
How it acted before and how it acts now after the addition.
Thanks,
—
Reply to this email directly, view it on GitHub<https://secure-web.cisco.com/1yLc132mTS16Ii2IbFXo6jv0aDbgvbFFpHtLISL6a8sfNzLLPyh3Tk5_vpZsopTsjFfKCeuuMnb5DyCsUz7I4U2iqvi3C00pV9gt2sDebqahprQ5P6JOy9i09U1AdQttnOJo-G_H5D-Wp85vEtksUf9Cs6SfuKcqJPfXFHzY8W5wlhoJULzMcDC9-VK-Pq2WOCe2UajiMnfW2I6geGksytr024fRZD2hjmkc3H6D5b50LjNhkErbHkmm45XiUETnpVGI1ecAovINupa8Z2GKyZUbqnK-9l3aqj02uoZNMxSk1YqMhXkv9nL3g6rI29boz/https%3A%2F%2Fgithub.com%2Fdemisto%2Fcontent%2Fpull%2F27338%23issuecomment-1590750476>, or unsubscribe<https://secure-web.cisco.com/1TADdWjmC_MgZSO_esHhVhwkGyv3wptd7KTULORIQm9agAz4fJ9H7EJCHmo6gtPQZLBAC2N2q4kEnRyhPR7KotUmIJEowu3mjOI1RMkLFM1oKiYyJhjHmx93q8dUueZXxJmZEjkqk2Vgp91mrf9n4Q-zwBg9VHBEIWYUcTydVhoGQtSUSVZo-qGzv7YslNyOje3ZM1cRvkBbseQc7RXpOowayEa9tKfEZEIjVyllrF21qzCMcUxWoYrz19_yMTp6AXGgFChYyYbPpoiuDhcH9EMB4QDWBWCnkqKfYRIURh32HFSIvjh85rhIlsVFQKofR/https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAWKFRVEH6CTRNG6WVOXYVD3XLF2XRANCNFSM6AAAAAAZA6FFNI>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
________________________________
The information contained in this transmission may contain privileged and confidential information including personal information protected by federal and/or state privacy laws. It is intended only for the use of the addressee named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Highmark Health is a Pennsylvania nonprofit corporation. This communication may come from Highmark Health or one of its subsidiaries or affiliated businesses.
|
Add RN Add known words.
thefrieddan1
added
post-demo
ready-for-instance-test
|
For the Reviewer: Successfully created a pipeline in Gitlab with url: https://code.pan.run/xsoar/content/-/pipelines/5558579 |
thefrieddan1
approved these changes
Jun 18, 2023
thefrieddan1
merged commit 059d68b
into
demisto:contrib/xsoar-contrib_xsoar-hmk-contrib-EDL
21 of 24 checks passed
3 tasks
thefrieddan1
added a commit
that referenced
this pull request
Jun 19, 2023
…t Pack Update (#27540) * [Marketplace Contribution] Generic Export Indicators Service - Content Pack Update (#27338) * "contribution update to pack "Generic Export Indicators Service"" * Revert changes to yml and description. Add RN Add known words. * Revert unnecessary changes. * Long line. --------- Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * Bump docker verion. * Remove comment. * fix known_words section --------- Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com>
MosheEichler
pushed a commit
that referenced
this pull request
Jul 2, 2023
…t Pack Update (#27540) * [Marketplace Contribution] Generic Export Indicators Service - Content Pack Update (#27338) * "contribution update to pack "Generic Export Indicators Service"" * Revert changes to yml and description. Add RN Add known words. * Revert unnecessary changes. * Long line. --------- Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * Bump docker verion. * Remove comment. * fix known_words section --------- Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com>
MosheEichler
added a commit
that referenced
this pull request
Jul 11, 2023
* add command * fixes * change client function name * RN * Cloud Incident Response pack and Cloud Token Theft playbook (#27331) * new pack for Cloud Incident Response playbooks * new pack for Cloud Incident Response playbooks * updates common playbooks RN * updates common playbooks RN * Added scripts * Added trigger * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Cloud_Enrichment_-_Generic_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Cloud_Enrichment_-_Generic_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/ReleaseNotes/2_3_74.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/ReleaseNotes/2_3_74.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fixes the Hunting Results section in the layout * Added the pack and scripts readme * updates pack meta-data * Review fixes * PBs screenshot * removes quiet mode * removes quiet mode * fixes shared sub-playbooks. * inputs validation * fixes tasks description * Added playbook outputs * update RN and PBs description * changes to MP2 only * new script * review fixes * update RN * fix typo * updates the readme png links * unit test and fixes * fix layout * added pack ignore for the dynamic sections unit tests * secrets * fixes * fixes * pack ignore * fixes * docker image version * fix flake errors * remove trigger due to sdk bug * added unit test * fix unit test coverage * fix unit test coverage --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * [ASM] - Expander - Update Service Ownership (#27140) (#27522) * Update Cortex ASM - Service Ownership - Updated Cortex ASM - GCP Enrichment playbook to retrieve the service account on the instance and writes it to incident field **asmserviceownerunrankedraw** for use by the **Cortex ASM - Service Ownership** playbook. - Updated the Service Ownership playbook to run for all cloud service providers and added support for retrieving GCP project owners from user-managed, cross-project service accounts. - Add script GetProjectOwners which prses a GCP service account email for the project ID, then looks up the project owners and adds them to a list of potential service owners for ranking. - Updated script RankServiceOwners to no longer limit to the top-5 service owners Test plan: pytest + tested in callu tenant on AWS and GCP alerts, verified the expected owners were written to `asmserviceowner` * Mark GetProjectOwners task as skip unavailable since it depends on GCP-IAM integration * Revert change to fromversion in RankServiceOwners * Bump pack version * Use regex to validate user-managed service account * Raise/catch exceptions rather than using nested if statements * Update docker image. * exclude GCP-IAM core-pack dependency * Update GCP Enrichment playbook with service account * Update pack README with new script * Update release notes * Add unit tests for error handling in GetProjectOwners - Validate error message on existing tests - Add unit test for get_iam_policy * Add tests to verify exception handling in main * Revert to ' | ' delimiter for Source field * Move up check for Cortex ASM integration * Update docker images * Update release notes * Update Packs/CortexAttackSurfaceManagement/README.md * Update docker image and release notes --------- Co-authored-by: kball-pa <131012047+kball-pa@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> Co-authored-by: John <40349459+BigEasyJ@users.noreply.github.com> * [VMRay] fix encoding of file names (#27429) (#27527) * fix encoding of file names * update docker image * add given, when, then to test * updated docker image --------- Co-authored-by: Jens Thom <72789379+jthom-vmray@users.noreply.github.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Xsoar file management (#26455) * commonserver.js * working * ok * fileDeleteAttachmentCommand * read me * removing examples file * removing changes * rl update * small fixes * removing extra space * RL * remove RL * adding version * RL base * commit * temp * coreApiFileCheckCommand fix * fixing fileDeleteCommand * fileUploadCommand fix * rl * Bump pack from version Base to 1.32.5. * after conflicts * Rl * xsoar concate bug fix * docstring * undo changes in unrelevant files * removing _mm * Bump pack from version Base to 1.32.6. * Bump pack from version Base to 1.32.7. * val changes * removing notes * small fixes * cr fixes * fileUploadCommand fix * small update * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/ReleaseNotes/1_3_26.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/ReleaseNotes/1_3_26.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/ReleaseNotes/1_3_26.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/ReleaseNotes/1_3_26.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/ReleaseNotes/1_3_26.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * specifying what the FileResult function does * RL * known word * ignore word * adding to read me * Update Packs/Base/ReleaseNotes/1_32_7.md Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> * removed from read me old demisto command * adding to ignore * ignore * Bump pack from version Base to 1.32.8. * m * Bump pack from version Base to 1.32.9. * Bump pack from version Base to 1.32.10. * Bump pack from version Base to 1.32.11. * Bump pack from version Base to 1.32.12. * demo fixes * Bump pack from version Base to 1.32.15. --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> * [VirusTotal] Fix only_stats default value (#27454) * [VirusTotal] Fix only_stats default value (#27428) * Fix only_stats default value * Made the change in the code instead yaml * fix * restore yaml defailtValue * fixed rn * updated docker --------- Co-authored-by: Daniel Pascual <danielvazquez@google.com> Co-authored-by: michal-dagan <mdagan@paloaltonetworks.com> Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * [Marketplace Contribution] Community Common Scripts - Content Pack Update (#27457) (#27532) * "contribution update to pack "Community Common Scripts"" * Add README * Move to version upgrade to revision. Concise RN. Move desc to README * Bump docker version. --------- Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * [Jira v2] Added 3 new commands (#27523) * [Jira v2] Added 3 new commands (#27431) * master * jira command * reverting headers * reverting union option * reverted the latest message * reverting debug message * get_organization_name * reverting update_issue_assignee_command * moving up the update_issue_assignee_command * git user * issue assign * command * customfields removed * jirav2copy * rmed jirav2copy * jira * format * jirav2 * reverted defaultmapperin * reverted hidden marketplace * jira * moved down edit-issue * wrong command * jira * replaced a line * Readme * watchers * added release notes * revert CrowdStrike * typo * test get_organizations * added a unit test * mocker error * fixing unit test * rmed 1_* * unit testing for organizations * removed .gitignore * taking care of comments * rmed 1_* files * new commands into README * Update Packs/Jira/Integrations/JiraV2/JiraV2.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Jira/Integrations/JiraV2/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Jira/ReleaseNotes/3_0_3.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Jira/ReleaseNotes/3_0_3.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Jira/ReleaseNotes/3_0_3.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update docker image. --------- Co-authored-by: Enes Özdemir <49711791+ennozdd@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * Updated description (#27524) * Updated description (#27440) * Updated description * Updated docker image version * Updated docker image version - update * updated docker image --------- Co-authored-by: grzegorzpapkala <grzegorzpapkala@gmail.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Added new fields to context output and UI (#27069) * added new fields * separated context and UI * updated human readable * fixed "cannot concatenate dict" bug * fixed the mess in profiles * updated tests * location now appears in UI * removed field restrictions for panorama * Updated yml * updated readme * updated release notes * added docs to xml_get * fixed test errors * Apply suggestions from code review Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * post CR commit * Update 1_17_4.md * Update Packs/PAN-OS/ReleaseNotes/1_17_4.md Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * CR changes * merged context/pretty rules to single dict * added test jsons * cleaned tests; added dict_test (dummy) * added unsafe_dict_get * added docs to unsafe_dict_get * unsafe_dict_get is now dict_recursive_get with changes * updated yml * fixed UI not showing all bug * updated readme * solved release notes conflict * CR changes * update release notes * Update 1_17_7.md * removed dict_recursive_get * updated release notes * Apply suggestions from code review Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * removed pylint ignore * added known words * removed unrelated release notes * added pylint ignore * return string by default * ignore pylint false positives * added defaults for profiles * added defaults for profiles 2 * ignore pylint * updated docker * resolve conflicts --------- Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> * Fix small grammar typos in documentation (#27489) (#27533) * Fix small grammar typos in documentation * Update docker image. Update RN and versions. * Update Packs/AccentureCTI/Integrations/ACTIIndicatorQuery/ACTIIndicatorQuery.py --------- Co-authored-by: Peter Elmers <peter.elmers@yahoo.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Support level tags for external contributions bug fix (#27167) * fix bug on new files * add existing file path change * add new partner pack for testing * update test * update * add python to pipenv * test change cwd works * remove panorama * check if works without change-cwd * add the option to checkout branch * try to see behaivor with checkout * comment out * fix import issue * search in paranets path * fixes * align the print * update * remove test files * remove pipfile * handle bug * add support to checkout forked branches * test * add support for checking out forked branches * add print * pragma no cover * small fix * enhancments * bug fix * remove unused imports * add forked repo even if not content * uncomment main code * always checkout to the branch * remove copy * cr fixes * cr fixes * empty packs support level in case of exception * Ivanti Pulse Secure Mapping (#27407) * Created IvantiPulseSecureVTM pack * Updated README * Updated README * Updated README * Updated README * Updated README * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Updated ModelingRules * Updated ModelingRules * Updated ModelingRules * Updated ModelingRules * Update README.md * Update README.md * Updated ModelingRules * Updated ModelingRules * Updated ModelingRules * Updated ModelingRules * Updated ModelingRules * Updated the pack name in pack_metadata * Updated ParsingRules --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Aws iam enhancement (#27271) * in progress * added rn * added put role policy command * added put_user_policy_command * added put_user_policy_command * done * readme update * pre-commit fixes * rn fix * improvments * update tpb * update rn * readme fix * cr fix * pre-commit fixes * cr fix * fixes * docs addition * docs addition * docs addition * docker update * Align credentials stores part 18 (#27441) * Align credentials part 18 * MxToolBox * RM110 * fix * Cs falcon enhancement (#26136) * initial branch commit; first command ready * 'build_cs_falcon_filter' gets kwargs instead of dict * added stubs for all seven commands, not tested * finished up to pending design functions * updated user response when no IDs match the filter * fixed scheduled scan validation bug * fixed scheduled scan validation bug * added commands to README; fixed create scans bug * ready for CR * added ODS to description * added cancel scan to readme; improved UI * beautified create scan output * beautified create scan output * beautified create scan output * updated release notes * updated release notes * fixed tests * fixed tests (v2) * shortened readme * test commit * removed cancel-scan command * removed unified yml * updated release notes * reset yml * possible solution for test fails * real solution to test fail * removed irrelevant files * update ReadNetstatFile * fixed error fails * formatted pack * updated docker image * fixed ruff errors * updated release notes * fixed pylint errors * added tests * fixed flake8 errors * fixed ruff errors * updated descriptions; changed start_timestamp * added create scheduled scan command * added polling to create/query scan * added polling to arg to yml * removed demo function * fixed 404 bug * func is now defined * fixed bug * corrected scan_in_progress * changed default cpu_priority * fixed bugs, now works * added new args * updated yml with new args * fixed dict_safe_get bug * fixed tests; added outputs to yml * human readable for scheduled scan only * updated readme * updated release notes * fixed backwards compatibility * fixed backwards compatibility 2 * Update examples.txt * capitalized descriptions * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * CR changes * update examples.txt * regenerated readme * updated tests * removed blank lines * added tests; duration is now in hours * atempt at no return polling (NOT TESTED) * atempt at no return polling * hide polling results * added tests * added tests for polling * removed temporary comments * updated examples * added test playbook * resolve conflicts * added fromversion field * improved playbook * update docker; improve UI * fixed unit tests * fixed unit tests * update docker in RN --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * pan-os-edit-rule command: Added support for removing and adding group profile settings (#27449) * add support for remove profile setting group * commit * add and replace same behavior * RN * Resolve conflict * add comment * add UT * fix a comment CR * fix the UT * mypy error * RN resolve conflict * [Marketplace Contribution] Generic Export Indicators Service - Content Pack Update (#27540) * [Marketplace Contribution] Generic Export Indicators Service - Content Pack Update (#27338) * "contribution update to pack "Generic Export Indicators Service"" * Revert changes to yml and description. Add RN Add known words. * Revert unnecessary changes. * Long line. --------- Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * Bump docker verion. * Remove comment. * fix known_words section --------- Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * Update Docker Image To demisto/python3 (#27554) * Updated Metadata Of Pack URLHaus * Added release notes to pack URLHaus * Packs/URLHaus/Integrations/URLHaus/URLHaus.yml Docker image update * Updated Metadata Of Pack CrowdStrikeIntel * Added release notes to pack CrowdStrikeIntel * Packs/CrowdStrikeIntel/Integrations/CrowdStrikeFalconIntel_v2/CrowdStrikeFalconIntel_v2.yml Docker image update * Updated Metadata Of Pack Shodan * Added release notes to pack Shodan * Packs/Shodan/Integrations/Shodan_v2/Shodan_v2.yml Docker image update * Updated Metadata Of Pack FeedOffice365 * Added release notes to pack FeedOffice365 * Packs/FeedOffice365/Integrations/FeedOffice365/FeedOffice365.yml Docker image update * Updated Metadata Of Pack PrismaCloud * Added release notes to pack PrismaCloud * Packs/PrismaCloud/Integrations/PrismaCloudV2/PrismaCloudV2.yml Docker image update * Update Docker Image To demisto/py3-tools (#27553) * Updated Metadata Of Pack Active_Directory_Query * Added release notes to pack Active_Directory_Query * Packs/Active_Directory_Query/Integrations/Active_Directory_Query/Active_Directory_Query.yml Docker image update * Wildfire v2 - fix an issue in the wildfire-report command (#27547) * fixes * bump rn * revert irrelevent changes * update rn * update test-playbook * update docker image * Azure Active Directory Identity: added test-module handling for client_credentials mode (#27462) * added test-module handling in client_credentials mode * fixed cr comments and added rn * fixed rn * update version * revert * Incident context core pb fix (#27546) * change setparentincident tasks to skipunavailable:true * RN after changed setparentincident tasks to skipunavailable:true * fix for validation errors * RN after fix for validation errors * fix for validation error * Fixed empty installation (#27541) * fix empty installation * Update Tests/Marketplace/search_and_install_packs.py Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com> --------- Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com> * Fixes for 'CrowdStrike Falcon - False Positive Incident Handling' pla… (#27453) * Fixes for 'CrowdStrike Falcon - False Positive Incident Handling' playbbok * Updated README file and generated RN * Bump pack from version CrowdStrikeFalcon to 1.10.22. * Added playbook PNG file * Removed the 'Test - CrowdStrike Falcon' and changed the 'completeafterv2' conf of task number 2 to 'false'. * Bump pack from version CrowdStrikeFalcon to 1.10.23. --------- Co-authored-by: Content Bot <bot@demisto.com> * Add retries to Trigger Test Upload Flow (#27537) * add retries to Trigger Test Upload Flow * add comment * revert lock_cloud_machines.py * Tenable sc enhancment (#26319) * code improvments * in progress * in progress * in progress * in progress * in progress * in progress * in progress * in progress * fix * fixes * fixes * fixes * fixes * deprecate playbook * update list-zones * added tenable-sc-list-groups command * adding tenable-sc-create-user command * in progress * finish create-user command * finish update-user command * in progress * added command results * add dock strings * added rn * all commands developed * validate fixes and added RN * generated readme * pre-commit fixes * adding unit tests * fixes * tests * pre-commit fixes * tests * more test cases * tests * add more tests * docker update * docker update * added tests * changes * updated readme * cr and validation fixes * validation fixes * added tpb * added tpb * fixes * fixes * fixes * fixes * fix tpb issues * revers * fixes * fixes * fixes * fixes * fixes * update * pre-commit fixes * pre-commit fixes * fix tpb * docs fix * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * cr fix * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/ReleaseNotes/1_0_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/ReleaseNotes/1_0_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/ReleaseNotes/1_0_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/ReleaseNotes/1_0_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/ReleaseNotes/1_0_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/ReleaseNotes/1_0_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * dor review * doc review * fixes * fixes * in progress * demo fixes * demo fixes * readme update * update tpb * revert * fixes * fixes * transfer password to secret * revert tpb * fixes * fixes * update docker * Test fix * Test fix * add more tests * add more tests * docker update * add more tests * add more tests * add more tests * add more tests * add more tests * fixes --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Align Credentials Part 2 (#27350) * Attlasian_IAM complete * C2sec complete * Tidy complete * CircleCI complete * update release notes * Update .pack-ignore * update docker * updated know words * updated release notes * removed CJ105 from .pack-ignore * FreeEnrichers Pack - small fix to pack names that were wrong (#27445) * small fix to related packs * Update Packs/FreeEnrichers/pack_metadata.json Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> --------- Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> * add readme to Zscaler (#27465) * update modeling rules * add readme to the pack * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * add readme to the pack * add readme to the pack * add readme to the pack --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Skyhigh SWG init (#27526) * Skyhigh SWG init (#27060) * Skyhigh SWG init * fix validation errors * fix mypy typing issues with ET * changes following the review * get method args and default empty string for mypy * changed doc review suggestions * Context rework * doc review * changed integration directory * rn * deprecation info and docker * rn * rn --------- Co-authored-by: ckaadic <48683125+ckaadic@users.noreply.github.com> Co-authored-by: epintzov <epintzov@paloaltonetworks.com> * [DBotPredictURLPhishing] - fix bug with None entires (#27563) * [DBotPredictURLPhishing] - fix issue bug with None entires * add retry mechanisem to tpb in case of failure * bump rn * pre-commit fixes * Align Credentials for GoogleCloudTranslate, Google Vision API, Google Resource Manager (#27560) * GoogleCloudTranslate complete * GoogleVisionAPI complete * GoogleResourceManager complete * GoogleResourceManager complete * Fixed GoogleVisionAPI.py * Versioned core packs (#25989) * Versioned Corepacks files * Changed content pack to triger an upload * flake8 * test upload to target bucket from prepare_content_packs_for_testing.sh * added versions-metadata.json file * cleaned code * uploading versions-metadata.json to bucket * copy versions-metadata to bucket * upload versions-metadata to artifacts * upload versions-metadata to production bucket * fix validations * copy with blob * corepacks upload and versions-metadata logic working, before relative paths * changed corepack file contents to relative paths * fixed validations * Cleand code * Test adding another version to the versions-metadata * changed corepacks.json file back to full paths * test multiple unlocked files * cleaned code * Fixed parameter name * fixed corepacks if * added UT for versions-metadata file format * pre-commit hooks * UT for upload_packs.py * CR updates * First commit for corepacks hotfix * pre-commit * pre-commit * test - should not override 8.2.0 * removed UT * CR updates * Added UTs for the hotfix part * Added UTs for copy_and_upload_packs * Updates * Added MP to versions-metadata. should upload 6.11.0 and 8.3.0 * Added MP to override. should upload 6.11.0 to xpanse only and override 8.2.0 in marketplacev2 only * flake8 * cleaned code and fixed UT * Cleaned versions-metadata.json file * CR updates * fixed UTs * fixed lint * CR updates * Ivanti Update (#27564) * Updated Ivanti * Updated ReleaseNotes * Updated ReleaseNotes * RTIR: fix add-comment (#27549) * remove more `encode`s * update image * Update Packs/RTIR/ReleaseNotes/1_0_16.md Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> --------- Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * move pre-commit template to content (#27535) * Fix packs with demisto-sdk lint issues (#27392) * Added the missing defaultValue arg in the yml files (#27443) * added the missing default value * Bump pack from version CrowdStrikeFalcon to 1.10.22. * update docker * update release notes with docker update * fix docker image issue * fix validation * update docker * update RN after merge master * fix duplicate field * fix rn --------- Co-authored-by: Content Bot <bot@demisto.com> * Fix For ADFS ModelingRules (#27568) * Update Docker Image To demisto/python3 (#27577) * Updated Metadata Of Pack PrismaCloudCompute * Added release notes to pack PrismaCloudCompute * Packs/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute.yml Docker image update * Packs/PrismaCloudCompute/Scripts/PrismaCloudComputeParseVulnerabilityAlert/PrismaCloudComputeParseVulnerabilityAlert.yml Docker image update * Updated Metadata Of Pack PrismaSaasSecurity * Added release notes to pack PrismaSaasSecurity * Packs/PrismaSaasSecurity/Integrations/SaasSecurity/SaasSecurity.yml Docker image update * Updated Metadata Of Pack AbuseDB * Added release notes to pack AbuseDB * Packs/AbuseDB/Scripts/AbuseIPDBPopulateIndicators/AbuseIPDBPopulateIndicators.yml Docker image update * Updated Metadata Of Pack PANWComprehensiveInvestigation * Added release notes to pack PANWComprehensiveInvestigation * Packs/PANWComprehensiveInvestigation/Scripts/PanwIndicatorCreateQueries/PanwIndicatorCreateQueries.yml Docker image update * GsuiteAdmin empty page token error (#27481) * Fixed an issue where an empty page_token would sometimes be sent * Updated RNs * Updated docker image * Added ruff suggestions --------- Co-authored-by: Content Bot <bot@demisto.com> * import-indicator-commands (#27558) * import-indicator-commands * fix doc review CR * Update carbon black deprecated content (#27100) * update content on playbook-Block_Endpoint_-_Carbon_Black_Response.yml * updated sub-playbook playbook-Block_Endpoint_-_Carbon_Black_Response_2_1 instead playbook-Block_Endpoint_-_Carbon_Black_Response * RN after create new playbook for block endpoint carbon black v2.1 * RN after replaced sub-playbook `Block Endpoint - Carbon Black Response V2` with sub-playbook `Block Endpoint - Carbon Black Response V2.1` on isolated endpoint - generic v2 * replace extrha hop deprecated command and update carbon black command on Endpoint Enrichment v2.1 * RN after replace extrha hop deprecated command and update carbon black command on Endpoint Enrichment v2.1 * Bump pack from version CommonPlaybooks to 2.3.73. * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * the playbook Block IP Generic v2 was deprecated * the playbook Block IP Generic v2 was deprecated * RN after playbook Block IP Generic v2 was deprecated * fix validation errors and change skipunavailable to true on isolated endpoint - generic v2 * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Endpoint_Enrichment_-_Generic_v2.1_6_8.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fix validation errors add missing png and edit RN for pack EOL date * Update Packs/Carbon_Black_Enterprise_Response/Playbooks/playbook-Block_Endpoint_-_Carbon_Black_Response_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Isolate_Endpoint_-_Generic_V2_6_8_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fix Conflicting files * Bump pack from version Carbon_Black_Enterprise_Response to 2.1.35. * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fix for conflict --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: altmannyarden <61933087+altmannyarden@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> * Remove unnecessary troubleshooting from README.md (#27531) * remove troubleshooting from README.md * generated README --------- Co-authored-by: xsoar-bot <xsoar-bot@paloaltonetworks.com> * Fix python 3 incompatibility for McAfee MAR (#27576) * CVE command (#27580) * CVE command (#27241) * Add ctix-get-vulnerability-data and cve commands * Add extra_data parameter for new cve-command * Update documentation for fields that are required in commands that already exist * Minor improvements/simplifications from code review * Remove required attribute that makes the changes backwards incompatible Replace with defaultValue * Update docker to latest version * Updating README to reflect default value added for optional arguments * Update docker image. --------- Co-authored-by: Corey Bodendein <corey.bodendein@cyware.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * Remove redundant assignment of var (#27571) * Remove redundant amount_of_events assignments. * Update RN. Update docker. Update version. * Fix unit tests * Feature/threatgrid add commands arguments (#27468) (#27590) * Update Docker Image To demisto/py3-tools (#25523) * Updated Metadata Of Pack FeedAWS * Added release notes to pack FeedAWS * Packs/FeedAWS/Integrations/FeedAWS/FeedAWS.yml Docker image update * Update the sample-upload command with arguments: vm and playbook * Add missing arguments * update docker image * update docker image in release note Co-authored-by: TalGumi <101499620+TalGumi@users.noreply.github.com> * Partner otrs ag adoption start (#27256) (#27592) * OTRS AG Pack Adoption * Update pack_metadata.json * update release notes Co-authored-by: jensoliver <jojo@jbothe.de> * Snow Transformer Error (#27479) * Fixed transformer in incoming mapper * Added RNs --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> * Domain extracted from a file with an extension as part of a URL (#27569) * Fix for domain regex and formatter to avoid catching files as domains * RN * docker bump * RN * Test playbook for 'CrowdStrike Falcon - Get Detections by Incident' (#27186) * Test playbook for 'CrowdStrike Falcon - Get Detections by Incident' * RN * Bump pack from version CrowdStrikeFalcon to 1.10.21. * Deleted duplicated tasks and added validation for CrowdStrike Falcon live incidents * Bump pack from version CrowdStrikeFalcon to 1.10.22. * added validations for the existence of CrowdStrike Falcon incidents and detections * Removed unnecessary 'print error' messages * Bump pack from version CrowdStrikeFalcon to 1.10.23. * Bump pack from version CrowdStrikeFalcon to 1.10.24. * Replaced the 'is not empty' condition with the 'Is defined' condition for tasks 324 and 318 * changed the 'fromversion' to 6.5.0 * RN --------- Co-authored-by: Content Bot <bot@demisto.com> * [TestIsMaliciousIndicatorFound] - add sleep for indexing indicators (#27584) * Microsoft usgov support (#27025) https://jira-hq.paloaltonetworks.local/browse/CIAC-818 Adding support for All Azure clouds in Azure Key Vault, Azure Sentinel, Azure Kubernetes Service Adding support for all endpoints in Microsoft Defender for Endpoints * Generic Webhook enhancements (#27478) (#27596) * Added request header information to the rawJSON output. Restructures the rawJSON output to include header and body details. * Updated Release notes and pack_metadata.json * Updated Release notes. * Updated Release notes. * Updated Release notes. Updated docker version. * Adjusted raw_json output. Aligned README.md and release note. * Updated Docker Image * Update Packs/GenericWebhook/ReleaseNotes/1_0_25.md * Remove Authorization header details. * Updated Known_Words in .pack-ignore * Fixed header_name * fixed secret_header --------- Co-authored-by: Martin Ohl <Martin.Ohl@ohl-net.eu> Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * Update Docker Image To demisto/pymisp2 (#27607) * Updated Metadata Of Pack MISP * Added release notes to pack MISP * Packs/MISP/Integrations/MISPV3/MISPV3.yml Docker image update * Ciac 3134 workday logs (#27055) * new pack * unit tests * added logic, readme and unit tests. also modeling rules. * removed test data * format and pre-commit fixes * validations and pre commit fixes * rn * test * test * schema and from version * docker * modeling rules and demo rejects * display name of params * CR fixes * build fix * build fix * test * test * readme fix * docker * bug fix * rn * rn * Apply suggestions from code review Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * Update Packs/Workday/ReleaseNotes/1_3_1.md Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * Bump pack from version Workday to 1.3.2. * add logs and fixed a bug with duplications * added max fetch * added support for duplications and fix bugs * rn * rn and changed last run to contain all log * rn and docker * unit test fix * CR fixes * pre commit changes --------- Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> * CrowdStrike Falcon - Search endpoints by hash enchantment (#27594) * Added a condition -> "IsIntegrationEnabled" * Updated RN * Removed un-required tests * Bump pack from version CrowdStrikeFalcon to 1.10.26. * Update 1_10_26.md Updated RN * Update 1_10_26.md --------- Co-authored-by: Content Bot <bot@demisto.com> * MacOS Update (#27608) * Updated MacOS vendor product * Updated RN * Updated ReleaseNotes * fix workday parsing rule id (#27615) * fix workday parsing rule id * rn * move a line in the yml to the correct position (#27610) * move the line * RN * remove the Dev * docker image * remove the Dev * Barracuda Update (#27545) * Updated the ParsingRules logic * Updated ReleaseNotes * Updated ReleaseNotes * Updated .yml configs for IvantiPulseSecureVTM * Reverted Ivanti VTM changes * IvantiPulseSecureVTM .yml update * Delete IvantiPulseSecureVTM_ParsingRules.yml * Delete IvantiPulseSecureVTM_ModelingRules.yml * Updated ReleaseNotes * Updated ReleaseNotes * Reverted changed to Ivanti * Reverted IvantiPulseSecureVTM RN * Align credentials stores integrations- part 20 (#27534) * lign credentials stores integrations- part 20 * Carbon Black Live Response Cloud * added '.' * fix rl * fix unit tests * raise exception * SMB - fix path concatenation (#27604) * SMB - fix wrong path concatenation * added RNs * fixed RNs * updated docker image * Moved path creation to function * Updated func * updated RN * removed yml rename * 1.17.0 sdk release (#27618) * Update ewsv2 exc2019 (#26670) * update * test * changes * changes * final commands changes * clean code * update TPBs * rvert name change * revert name change * cr changes * fix name * fix TPBs * remove skip of perm_set field * fix tpb and validations * revert arg removal * remove added tpb * update memory threshold * fix ut * fix ut * Fix urllib.parse import in CommonServerPython (#27252) * Allow applying a new profile over an existing one in ***pan-os-apply-security-profile*** command (#27237) * Add XSOAR support for updating existing profile types * RN * fix UT * Update Packs/PAN-OS/ReleaseNotes/1_17_5.md Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * fix CR * RN * UT was added * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * fix * flake8 * UT stability --------- Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Update Docker Image To demisto/splunksdk-py3 (#27263) * Updated Metadata Of Pack SplunkPy * Added release notes to pack SplunkPy * Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml Docker image update * Updated domain extraction playbook - changing .zip to a valid TLD (#27264) * Updated domain extraction playbook * some formatting. * Update playbook-Domain_extraction_test.yml * Update playbook-Domain_extraction_test.yml * Update Docker Image To demisto/duoadmin3 (#27268) * Updated Metadata Of Pack DuoAdminApi * Added release notes to pack DuoAdminApi * Packs/DuoAdminApi/Integrations/DuoEventCollector/DuoEventCollector.yml Docker image update * Packs/DuoAdminApi/Integrations/DuoAdminApi/DuoAdminApi.yml Docker image update * Update Docker Image To demisto/googleapi-python3 (#27267) * Updated Metadata Of Pack GoogleDrive * Added release notes to pack GoogleDrive * Packs/GoogleDrive/Integrations/GoogleDrive/GoogleDrive.yml Docker image update * Update Docker Image To demisto/python3 (#27266) * Updated Metadata Of Pack Darktrace * Added release notes to pack Darktrace * Packs/Darktrace/Integrations/DarktraceMBs/DarktraceMBs.yml Docker image update * Packs/Darktrace/Integrations/DarktraceAIA/DarktraceAIA.yml Docker image update * Updated Metadata Of Pack CybleEvents * Added release notes to pack CybleEvents * Packs/CybleEvents/Integrations/CybleEvents/CybleEvents.yml Docker image update * Updated Metadata Of Pack Censys * Added release notes to pack Censys * Packs/Censys/Integrations/CensysV2/CensysV2.yml Docker image update * Updated Metadata Of Pack VirusTotal * Added release notes to pack VirusTotal * Packs/VirusTotal/Integrations/FeedLivehunt/FeedLivehunt.yml Docker image update * Packs/VirusTotal/Integrations/FeedRetrohunt/FeedRetrohunt.yml Docker image update * Updated Metadata Of Pack CofenseIntelligenceV2 * Added release notes to pack CofenseIntelligenceV2 * Packs/CofenseIntelligenceV2/Integrations/CofenseIntelligenceV2/CofenseIntelligenceV2.yml Docker image update * Updated Metadata Of Pack CheckPointDome9 * Added release notes to pack CheckPointDome9 * Packs/CheckPointDome9/Integrations/CheckPointDome9/CheckPointDome9.yml Docker image update * Updated Metadata Of Pack Reco * Added release notes to pack Reco * Packs/Reco/Integrations/Reco/Reco.yml Docker image update * Updated Metadata Of Pack CimTrak-SystemIntegrityAssurance * Added release notes to pack CimTrak-SystemIntegrityAssurance * Packs/CimTrak-SystemIntegrityAssurance/Integrations/CimTrak/CimTrak.yml Docker image update * Update Docker Image To demisto/python3 (#27272) * Updated Metadata Of Pack FeedProofpoint * Added release notes to pack FeedProofpoint * Packs/FeedProofpoint/Integrations/FeedProofpoint/FeedProofpoint.yml Docker image update * Updated Metadata Of Pack FortiSIEM * Added release notes to pack FortiSIEM * Packs/FortiSIEM/Integrations/FortiSIEM/FortiSIEM.yml Docker image update * Updated Metadata Of Pack Ipstack * Added release notes to pack Ipstack * Packs/Ipstack/Integrations/Ipstack/Ipstack.yml Docker image update * Updated Metadata Of Pack SafeBreach * Added release notes to pack SafeBreach * Packs/SafeBreach/Integrations/SafeBreach_v2/SafeBreach_v2.yml Docker image update * Updated Metadata Of Pack RedCanary * Added release notes to pack RedCanary * Packs/RedCanary/Integrations/RedCanary/RedCanary.yml Docker image update * Updated Metadata Of Pack PiHole * Added release notes to pack PiHole * Packs/PiHole/Integrations/PiHole/PiHole.yml Docker image update * Updated Metadata Of Pack FeedDShield * Added release notes to pack FeedDShield * Packs/FeedDShield/Integrations/FeedDShield/FeedDShield.yml Docker image update * Updated Metadata Of Pack SafeNet_Trusted_Access * Added release notes to pack SafeNet_Trusted_Access * Packs/SafeNet_Trusted_Access/Integrations/SafeNetTrustedAccess/SafeNetTrustedAccess.yml Docker image update * Updated Metadata Of Pack OpenPhish * Added release notes to pack OpenPhish * Packs/OpenPhish/Integrations/OpenPhish_v2/OpenPhish_v2.yml Docker image update * Updated Metadata Of Pack NistNVD * Added release notes to pack NistNVD * Packs/NistNVD/Integrations/NistNVD/NistNVD.yml Docker image update * Updated Metadata Of Pack Cognni * Added release notes to pack Cognni * Packs/Cognni/Integrations/Cognni/Cognni.yml Docker image update * Updated Metadata Of Pack PANOSPolicyOptimizer * Added release notes to pack PANOSPolicyOptimizer * Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml Docker image update * Updated Metadata Of Pack DeveloperTools * Added release notes to pack DeveloperTools * Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml Docker image update * Packs/DeveloperTools/Integrations/CustomIndicatorDemo/CustomIndicatorDemo.yml Docker image update * Packs/DeveloperTools/Integrations/APIMetricsValidation/APIMetricsValidation.yml Docker image update * Updated Metadata Of Pack NozomiNetworks * Added release notes to pack NozomiNetworks * Packs/NozomiNetworks/Integrations/NozomiNetworks/NozomiNetworks.yml Docker image update * Updated Metadata Of Pack ANYRUN * Added release notes to pack ANYRUN * Packs/ANYRUN/Integrations/ANYRUN/ANYRUN.yml Docker image update * Updated Metadata Of Pack Carbon_Black_Enterprise_Response * Added release notes to pack Carbon_Black_Enterprise_Response * Packs/Carbon_Black_Enterprise_Response/Integrations/CarbonBlackResponseV2/CarbonBlackResponseV2.yml Docker image update * Updated Metadata Of Pack Absolute * Added release notes to pack Absolute * Packs/Absolute/Integrations/Absolute/Absolute.yml Docker image update * Updated Metadata Of Pack Ironscales * Added release notes to pack Ironscales * Packs/Ironscales/Integrations/Ironscales/Ironscales.yml Docker image update * Updated Metadata Of Pack FeedURLhaus * Added release notes to pack FeedURLhaus * Packs/FeedURLhaus/Integrations/FeedURLhaus/FeedURLhaus.yml Docker image update * Updated Metadata Of Pack Lokpath_Keylight * Added release notes to pack Lokpath_Keylight * Packs/Lokpath_Keylight/Integrations/Lockpath_KeyLight_v2/Lockpath_KeyLight_v2.yml Docker image update * Updated Metadata Of Pack FeedMISP * Added release notes to pack FeedMISP * Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml Docker image update * Updated Metadata Of Pack FraudWatch * Added release notes to pack FraudWatch * Packs/FraudWatch/Integrations/FraudWatch/FraudWatch.yml Docker image update * Updated Metadata Of Pack AbnormalSecurity * Added release notes to pack AbnormalSecurity * Packs/AbnormalSecurity/Integrations/AbnormalSecurityEventCollector/AbnormalSecurityEventCollector.yml Docker image update * Updated Metadata Of Pack CovalenceManagedSecurity * Added release notes to pack CovalenceManagedSecurity * Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/CovalenceManagedSecurity.yml Docker image update * Updated Metadata Of Pack IllusiveNetworks * Added release notes to pack IllusiveNetworks * Packs/IllusiveNetworks/Integrations/IllusiveNetworks/IllusiveNetworks.yml Docker image update * Updated Metadata Of Pack Edgescan * Added release notes to pack Edgescan * Packs/Edgescan/Integrations/Edgescan/Edgescan.yml Docker image update * Updated Metadata Of Pack PerceptionPoint * Added release notes to pack PerceptionPoint * Packs/PerceptionPoint/Integrations/PerceptionPoint/PerceptionPoint.yml Docker image update * Updated Metadata Of Pack Druva * Added release notes to pack Druva * Packs/Druva/Integrations/Druva/Druva.yml Docker image update * Updated Metadata Of Pack APIVoid * Added release notes to pack APIVoid * Packs/APIVoid/Integrations/APIVoid/APIVoid.yml Docker image update * Updated Metadata Of Pack PingIdentity * Added release notes to pack PingIdentity * Packs/PingIdentity/Integrations/PingOne/PingOne.yml Docker image update * Updated Metadata Of Pack cisco-ise * Added release notes to pack cisco-ise * Packs/cisco-ise/Integrations/cisco-ise/cisco-ise.yml Docker image update * Updated Metadata Of Pack SailPointIdentityIQ * Added release notes to pack SailPointIdentityIQ * Packs/SailPointIdentityIQ/Integrations/SailPointIdentityIQ/SailPointIdentityIQ.yml Docker image update * Updated Metadata Of Pack Cymulate * Added release notes to pack Cymulate * Packs/Cymulate/Integrations/Cymulate/Cymulate.yml Docker image update * Packs/Cymulate/Integrations/Cymulate_v2/Cymulate_v2.yml Docker image update * Updated Metadata Of Pack XSOARmirroring * Added release notes to pack XSOARmirroring * Packs/XSOARmirroring/Integrations/XSOARmirroring/XSOARmirroring.yml Docker image update * Updated Metadata Of Pack XMatters * Added release notes to pack XMatters * Packs/XMatters/Integrations/xMatters/xMatters.yml Docker image update * Updated Metadata Of Pack Zimperium * Added release notes to pack Zimperium * Packs/Zimperium/Integrations/Zimperium/Zimperium.yml Docker image update * Updated Metadata Of Pack RSANetWitnessEndpoint * Added release notes to pack RSANetWitnessEndpoint * Packs/RSANetWitnessEndpoint/Integrations/RSANetWitnessEndpoint/RSANetWitnessEndpoint.yml Docker image update * Updated Metadata Of Pack SymantecBlueCoatMalwareAnalysis * Added release notes to pack SymantecBlueCoatMalwareAnalysis * Packs/SymantecBlueCoatMalwareAnalysis/Integrations/SymantecBlueCoatMalwareAnalysis/SymantecBlueCoatMalwareAnalysis.yml Docker image update * Updated Metadata Of Pack InfoArmor_VigilanteATI * Added release notes to pack InfoArmor_VigilanteATI * Packs/InfoArmor_VigilanteATI/Integrations/InfoArmorVigilanteATI/InfoArmorVigilanteATI.yml Docker image update * Updated Metadata Of Pack AccentureCTI * Added release notes to pack AccentureCTI * Packs/AccentureCTI/Integrations/ACTIVulnerabilityQuery/ACTIVulnerabilityQuery.yml Docker image update * Updated Metadata Of Pack PingCastle * Added release notes to pack PingCastle * Packs/PingCastle/Integrations/PingCastle/PingCastle.yml Docker image update * Updated Metadata Of Pack MaxMind_GeoIP2 * Added release notes to pack MaxMind_GeoIP2 * Packs/MaxMind_GeoIP2/Integrations/MaxMind_GeoIP2/MaxMind_GeoIP2.yml Docker image update * Updated Metadata Of Pack Maltiverse * Added release notes to pack Maltiverse * Packs/Maltiverse/Integrations/Maltiverse/Maltiverse.yml Docker image update * Updated Metadata Of Pack CarbonBlackDefense * Added release notes to pack CarbonBlackDefense * Packs/CarbonBlackDefense/Integrations/CarbonBlackEndpointStandard/CarbonBlackEndpointStandard.yml Docker image update * Updated Metadata Of Pack AlienVault_USM_Anywhere * Added release notes to pack AlienVault_USM_Anywhere * Packs/AlienVault_USM_Anywhere/Integrations/AlienVault_USM_Anywhere/AlienVault_USM_Anywhere.yml Docker image update * Updated Metadata Of Pack ProofpointServerProtection * Added release notes to pack ProofpointServerProtection * Packs/ProofpointServerProtection/Integrations/ProofpointProtectionServerV2/ProofpointProtectionServerV2.yml Docker image update * Updated Metadata Of Pack OpsGenie * Added release notes to pack OpsGenie * Packs/OpsGenie/Integrations/OpsGenieV3/OpsGenieV3.yml Docker image update * Fixed lint and validate --------- Co-authored-by: sberman <sberman@paloaltonetworks.com> * Ignore modeling/parsing rules suffix error (#27274) * [EDL] Fixed a typo in the description (#27269) * Fixed a typo in the description * Update the docker image * Macos Regex Fix (#27270) * Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes * Updated ModelingRules * Updated ModelingRules * Cs falcon add tags to cs-falcon-upload-custom-ioc command (#27234) * CS Flacon add tags to upload-custom-ioc command * added RNs * Align credentials stores part 11 (#27253) * Align credentials part 11 * Trend Micro Apex * ignore * adding tests to hostlo * Trend Micro Apex tests * trend more test * change test * Syslogv2 was removed from xsiam marketplace (#27278) * remove Syslogv2 from xsiam marketplace * RN * known_words * Update Packs/Syslog/ReleaseNotes/2_0_16.md Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * DO --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * Microsoft Graph Single User - Edit documentation (#27275) * edit documentation * edit documentation * RN and DO * fix doc * mistake * ExtraHop release v2.1.0 (#27056) (#27279) * Update .devcontainer.json name * added changes related to ExtrHop 2.1.0 release --------- Co-authored-by: Crest Data Systems <60967033+crestdatasystems@users.noreply.github.com> Co-authored-by: crestdatasystems <crestdatasystems@users.noreply.github.com> * Recordedfuture listapi v1.0.0 (#26996) (#27281) * First version/implementation of new List Integration * Added new List integration * Updated validation step requirements and fixed tests to be working as expected * Updated test Coverage * Version bump and fixed frombersion for list app * Added custom content, incident type and classifier for coderepo leakage * Updated some documentation and fixed dockerimages * Bumped version of playbook alert app * Fixed changelog for 1.6.0 to not include an old change * fixed type0 in changelog * removed base64 import * Updated release notes * Update based on review * Removed references to old playbook alerts documentation from creation of integration --------- Co-authored-by: recordedfuture-simonhornestedt <109588368+recordedfuture-simonhornestedt@users.noreply.github.com> Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * fix bug by convert the password to bytes (#27283) * fix bug by convert the password to bytes * commit * update RN and Docker * comment corrections * commit * [greynoise-266] - Add greynoise-similar and greynoise-timeline commands (#27067) (#27291) * add sim and timeline updates * fix test file prints * update readme fix tests * updates to readme for pre-commit * updates from pre-commit run * more linting updates * update secrets * fix url in timeline Co-authored-by: Brad Chiappetta <38439955+bradchiappetta@users.noreply.github.com> * [ASM] - Expandr 4075 (#27258) (#27287) * init * RN * fix RN * Apply suggestions from code review -----…
xsoar-bot
added a commit
to xsoar-contrib/content
that referenced
this pull request
Jul 26, 2023
…t Pack Update (demisto#27540) * [Marketplace Contribution] Generic Export Indicators Service - Content Pack Update (demisto#27338) * "contribution update to pack "Generic Export Indicators Service"" * Revert changes to yml and description. Add RN Add known words. * Revert unnecessary changes. * Long line. --------- Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * Bump docker verion. * Remove comment. * fix known_words section --------- Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com>
xsoar-bot
added a commit
to xsoar-contrib/content
that referenced
this pull request
Aug 2, 2023
* add command * fixes * change client function name * RN * Cloud Incident Response pack and Cloud Token Theft playbook (#27331) * new pack for Cloud Incident Response playbooks * new pack for Cloud Incident Response playbooks * updates common playbooks RN * updates common playbooks RN * Added scripts * Added trigger * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Cloud_Enrichment_-_Generic_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Cloud_Enrichment_-_Generic_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/ReleaseNotes/2_3_74.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/ReleaseNotes/2_3_74.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fixes the Hunting Results section in the layout * Added the pack and scripts readme * updates pack meta-data * Review fixes * PBs screenshot * removes quiet mode * removes quiet mode * fixes shared sub-playbooks. * inputs validation * fixes tasks description * Added playbook outputs * update RN and PBs description * changes to MP2 only * new script * review fixes * update RN * fix typo * updates the readme png links * unit test and fixes * fix layout * added pack ignore for the dynamic sections unit tests * secrets * fixes * fixes * pack ignore * fixes * docker image version * fix flake errors * remove trigger due to sdk bug * added unit test * fix unit test coverage * fix unit test coverage --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * [ASM] - Expander - Update Service Ownership (#27140) (#27522) * Update Cortex ASM - Service Ownership - Updated Cortex ASM - GCP Enrichment playbook to retrieve the service account on the instance and writes it to incident field **asmserviceownerunrankedraw** for use by the **Cortex ASM - Service Ownership** playbook. - Updated the Service Ownership playbook to run for all cloud service providers and added support for retrieving GCP project owners from user-managed, cross-project service accounts. - Add script GetProjectOwners which prses a GCP service account email for the project ID, then looks up the project owners and adds them to a list of potential service owners for ranking. - Updated script RankServiceOwners to no longer limit to the top-5 service owners Test plan: pytest + tested in callu tenant on AWS and GCP alerts, verified the expected owners were written to `asmserviceowner` * Mark GetProjectOwners task as skip unavailable since it depends on GCP-IAM integration * Revert change to fromversion in RankServiceOwners * Bump pack version * Use regex to validate user-managed service account * Raise/catch exceptions rather than using nested if statements * Update docker image. * exclude GCP-IAM core-pack dependency * Update GCP Enrichment playbook with service account * Update pack README with new script * Update release notes * Add unit tests for error handling in GetProjectOwners - Validate error message on existing tests - Add unit test for get_iam_policy * Add tests to verify exception handling in main * Revert to ' | ' delimiter for Source field * Move up check for Cortex ASM integration * Update docker images * Update release notes * Update Packs/CortexAttackSurfaceManagement/README.md * Update docker image and release notes --------- Co-authored-by: kball-pa <131012047+kball-pa@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> Co-authored-by: John <40349459+BigEasyJ@users.noreply.github.com> * [VMRay] fix encoding of file names (#27429) (#27527) * fix encoding of file names * update docker image * add given, when, then to test * updated docker image --------- Co-authored-by: Jens Thom <72789379+jthom-vmray@users.noreply.github.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Xsoar file management (#26455) * commonserver.js * working * ok * fileDeleteAttachmentCommand * read me * removing examples file * removing changes * rl update * small fixes * removing extra space * RL * remove RL * adding version * RL base * commit * temp * coreApiFileCheckCommand fix * fixing fileDeleteCommand * fileUploadCommand fix * rl * Bump pack from version Base to 1.32.5. * after conflicts * Rl * xsoar concate bug fix * docstring * undo changes in unrelevant files * removing _mm * Bump pack from version Base to 1.32.6. * Bump pack from version Base to 1.32.7. * val changes * removing notes * small fixes * cr fixes * fileUploadCommand fix * small update * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/ReleaseNotes/1_3_26.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/ReleaseNotes/1_3_26.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/ReleaseNotes/1_3_26.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/ReleaseNotes/1_3_26.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/ReleaseNotes/1_3_26.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * specifying what the FileResult function does * RL * known word * ignore word * adding to read me * Update Packs/Base/ReleaseNotes/1_32_7.md Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> * removed from read me old demisto command * adding to ignore * ignore * Bump pack from version Base to 1.32.8. * m * Bump pack from version Base to 1.32.9. * Bump pack from version Base to 1.32.10. * Bump pack from version Base to 1.32.11. * Bump pack from version Base to 1.32.12. * demo fixes * Bump pack from version Base to 1.32.15. --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> * [VirusTotal] Fix only_stats default value (#27454) * [VirusTotal] Fix only_stats default value (#27428) * Fix only_stats default value * Made the change in the code instead yaml * fix * restore yaml defailtValue * fixed rn * updated docker --------- Co-authored-by: Daniel Pascual <danielvazquez@google.com> Co-authored-by: michal-dagan <mdagan@paloaltonetworks.com> Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * [Marketplace Contribution] Community Common Scripts - Content Pack Update (#27457) (#27532) * "contribution update to pack "Community Common Scripts"" * Add README * Move to version upgrade to revision. Concise RN. Move desc to README * Bump docker version. --------- Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * [Jira v2] Added 3 new commands (#27523) * [Jira v2] Added 3 new commands (#27431) * master * jira command * reverting headers * reverting union option * reverted the latest message * reverting debug message * get_organization_name * reverting update_issue_assignee_command * moving up the update_issue_assignee_command * git user * issue assign * command * customfields removed * jirav2copy * rmed jirav2copy * jira * format * jirav2 * reverted defaultmapperin * reverted hidden marketplace * jira * moved down edit-issue * wrong command * jira * replaced a line * Readme * watchers * added release notes * revert CrowdStrike * typo * test get_organizations * added a unit test * mocker error * fixing unit test * rmed 1_* * unit testing for organizations * removed .gitignore * taking care of comments * rmed 1_* files * new commands into README * Update Packs/Jira/Integrations/JiraV2/JiraV2.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Jira/Integrations/JiraV2/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Jira/ReleaseNotes/3_0_3.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Jira/ReleaseNotes/3_0_3.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Jira/ReleaseNotes/3_0_3.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update docker image. --------- Co-authored-by: Enes Özdemir <49711791+ennozdd@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * Updated description (#27524) * Updated description (#27440) * Updated description * Updated docker image version * Updated docker image version - update * updated docker image --------- Co-authored-by: grzegorzpapkala <grzegorzpapkala@gmail.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Added new fields to context output and UI (#27069) * added new fields * separated context and UI * updated human readable * fixed "cannot concatenate dict" bug * fixed the mess in profiles * updated tests * location now appears in UI * removed field restrictions for panorama * Updated yml * updated readme * updated release notes * added docs to xml_get * fixed test errors * Apply suggestions from code review Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * post CR commit * Update 1_17_4.md * Update Packs/PAN-OS/ReleaseNotes/1_17_4.md Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * CR changes * merged context/pretty rules to single dict * added test jsons * cleaned tests; added dict_test (dummy) * added unsafe_dict_get * added docs to unsafe_dict_get * unsafe_dict_get is now dict_recursive_get with changes * updated yml * fixed UI not showing all bug * updated readme * solved release notes conflict * CR changes * update release notes * Update 1_17_7.md * removed dict_recursive_get * updated release notes * Apply suggestions from code review Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * removed pylint ignore * added known words * removed unrelated release notes * added pylint ignore * return string by default * ignore pylint false positives * added defaults for profiles * added defaults for profiles 2 * ignore pylint * updated docker * resolve conflicts --------- Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> * Fix small grammar typos in documentation (#27489) (#27533) * Fix small grammar typos in documentation * Update docker image. Update RN and versions. * Update Packs/AccentureCTI/Integrations/ACTIIndicatorQuery/ACTIIndicatorQuery.py --------- Co-authored-by: Peter Elmers <peter.elmers@yahoo.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Support level tags for external contributions bug fix (#27167) * fix bug on new files * add existing file path change * add new partner pack for testing * update test * update * add python to pipenv * test change cwd works * remove panorama * check if works without change-cwd * add the option to checkout branch * try to see behaivor with checkout * comment out * fix import issue * search in paranets path * fixes * align the print * update * remove test files * remove pipfile * handle bug * add support to checkout forked branches * test * add support for checking out forked branches * add print * pragma no cover * small fix * enhancments * bug fix * remove unused imports * add forked repo even if not content * uncomment main code * always checkout to the branch * remove copy * cr fixes * cr fixes * empty packs support level in case of exception * Ivanti Pulse Secure Mapping (#27407) * Created IvantiPulseSecureVTM pack * Updated README * Updated README * Updated README * Updated README * Updated README * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Updated ModelingRules * Updated ModelingRules * Updated ModelingRules * Updated ModelingRules * Update README.md * Update README.md * Updated ModelingRules * Updated ModelingRules * Updated ModelingRules * Updated ModelingRules * Updated ModelingRules * Updated the pack name in pack_metadata * Updated ParsingRules --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Aws iam enhancement (#27271) * in progress * added rn * added put role policy command * added put_user_policy_command * added put_user_policy_command * done * readme update * pre-commit fixes * rn fix * improvments * update tpb * update rn * readme fix * cr fix * pre-commit fixes * cr fix * fixes * docs addition * docs addition * docs addition * docker update * Align credentials stores part 18 (#27441) * Align credentials part 18 * MxToolBox * RM110 * fix * Cs falcon enhancement (#26136) * initial branch commit; first command ready * 'build_cs_falcon_filter' gets kwargs instead of dict * added stubs for all seven commands, not tested * finished up to pending design functions * updated user response when no IDs match the filter * fixed scheduled scan validation bug * fixed scheduled scan validation bug * added commands to README; fixed create scans bug * ready for CR * added ODS to description * added cancel scan to readme; improved UI * beautified create scan output * beautified create scan output * beautified create scan output * updated release notes * updated release notes * fixed tests * fixed tests (v2) * shortened readme * test commit * removed cancel-scan command * removed unified yml * updated release notes * reset yml * possible solution for test fails * real solution to test fail * removed irrelevant files * update ReadNetstatFile * fixed error fails * formatted pack * updated docker image * fixed ruff errors * updated release notes * fixed pylint errors * added tests * fixed flake8 errors * fixed ruff errors * updated descriptions; changed start_timestamp * added create scheduled scan command * added polling to create/query scan * added polling to arg to yml * removed demo function * fixed 404 bug * func is now defined * fixed bug * corrected scan_in_progress * changed default cpu_priority * fixed bugs, now works * added new args * updated yml with new args * fixed dict_safe_get bug * fixed tests; added outputs to yml * human readable for scheduled scan only * updated readme * updated release notes * fixed backwards compatibility * fixed backwards compatibility 2 * Update examples.txt * capitalized descriptions * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * CR changes * update examples.txt * regenerated readme * updated tests * removed blank lines * added tests; duration is now in hours * atempt at no return polling (NOT TESTED) * atempt at no return polling * hide polling results * added tests * added tests for polling * removed temporary comments * updated examples * added test playbook * resolve conflicts * added fromversion field * improved playbook * update docker; improve UI * fixed unit tests * fixed unit tests * update docker in RN --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * pan-os-edit-rule command: Added support for removing and adding group profile settings (#27449) * add support for remove profile setting group * commit * add and replace same behavior * RN * Resolve conflict * add comment * add UT * fix a comment CR * fix the UT * mypy error * RN resolve conflict * [Marketplace Contribution] Generic Export Indicators Service - Content Pack Update (#27540) * [Marketplace Contribution] Generic Export Indicators Service - Content Pack Update (#27338) * "contribution update to pack "Generic Export Indicators Service"" * Revert changes to yml and description. Add RN Add known words. * Revert unnecessary changes. * Long line. --------- Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * Bump docker verion. * Remove comment. * fix known_words section --------- Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * Update Docker Image To demisto/python3 (#27554) * Updated Metadata Of Pack URLHaus * Added release notes to pack URLHaus * Packs/URLHaus/Integrations/URLHaus/URLHaus.yml Docker image update * Updated Metadata Of Pack CrowdStrikeIntel * Added release notes to pack CrowdStrikeIntel * Packs/CrowdStrikeIntel/Integrations/CrowdStrikeFalconIntel_v2/CrowdStrikeFalconIntel_v2.yml Docker image update * Updated Metadata Of Pack Shodan * Added release notes to pack Shodan * Packs/Shodan/Integrations/Shodan_v2/Shodan_v2.yml Docker image update * Updated Metadata Of Pack FeedOffice365 * Added release notes to pack FeedOffice365 * Packs/FeedOffice365/Integrations/FeedOffice365/FeedOffice365.yml Docker image update * Updated Metadata Of Pack PrismaCloud * Added release notes to pack PrismaCloud * Packs/PrismaCloud/Integrations/PrismaCloudV2/PrismaCloudV2.yml Docker image update * Update Docker Image To demisto/py3-tools (#27553) * Updated Metadata Of Pack Active_Directory_Query * Added release notes to pack Active_Directory_Query * Packs/Active_Directory_Query/Integrations/Active_Directory_Query/Active_Directory_Query.yml Docker image update * Wildfire v2 - fix an issue in the wildfire-report command (#27547) * fixes * bump rn * revert irrelevent changes * update rn * update test-playbook * update docker image * Azure Active Directory Identity: added test-module handling for client_credentials mode (#27462) * added test-module handling in client_credentials mode * fixed cr comments and added rn * fixed rn * update version * revert * Incident context core pb fix (#27546) * change setparentincident tasks to skipunavailable:true * RN after changed setparentincident tasks to skipunavailable:true * fix for validation errors * RN after fix for validation errors * fix for validation error * Fixed empty installation (#27541) * fix empty installation * Update Tests/Marketplace/search_and_install_packs.py Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com> --------- Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com> * Fixes for 'CrowdStrike Falcon - False Positive Incident Handling' pla… (#27453) * Fixes for 'CrowdStrike Falcon - False Positive Incident Handling' playbbok * Updated README file and generated RN * Bump pack from version CrowdStrikeFalcon to 1.10.22. * Added playbook PNG file * Removed the 'Test - CrowdStrike Falcon' and changed the 'completeafterv2' conf of task number 2 to 'false'. * Bump pack from version CrowdStrikeFalcon to 1.10.23. --------- Co-authored-by: Content Bot <bot@demisto.com> * Add retries to Trigger Test Upload Flow (#27537) * add retries to Trigger Test Upload Flow * add comment * revert lock_cloud_machines.py * Tenable sc enhancment (#26319) * code improvments * in progress * in progress * in progress * in progress * in progress * in progress * in progress * in progress * fix * fixes * fixes * fixes * fixes * deprecate playbook * update list-zones * added tenable-sc-list-groups command * adding tenable-sc-create-user command * in progress * finish create-user command * finish update-user command * in progress * added command results * add dock strings * added rn * all commands developed * validate fixes and added RN * generated readme * pre-commit fixes * adding unit tests * fixes * tests * pre-commit fixes * tests * more test cases * tests * add more tests * docker update * docker update * added tests * changes * updated readme * cr and validation fixes * validation fixes * added tpb * added tpb * fixes * fixes * fixes * fixes * fix tpb issues * revers * fixes * fixes * fixes * fixes * fixes * update * pre-commit fixes * pre-commit fixes * fix tpb * docs fix * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * cr fix * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/ReleaseNotes/1_0_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/ReleaseNotes/1_0_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/ReleaseNotes/1_0_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/ReleaseNotes/1_0_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/ReleaseNotes/1_0_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/ReleaseNotes/1_0_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * dor review * doc review * fixes * fixes * in progress * demo fixes * demo fixes * readme update * update tpb * revert * fixes * fixes * transfer password to secret * revert tpb * fixes * fixes * update docker * Test fix * Test fix * add more tests * add more tests * docker update * add more tests * add more tests * add more tests * add more tests * add more tests * fixes --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Align Credentials Part 2 (#27350) * Attlasian_IAM complete * C2sec complete * Tidy complete * CircleCI complete * update release notes * Update .pack-ignore * update docker * updated know words * updated release notes * removed CJ105 from .pack-ignore * FreeEnrichers Pack - small fix to pack names that were wrong (#27445) * small fix to related packs * Update Packs/FreeEnrichers/pack_metadata.json Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> --------- Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> * add readme to Zscaler (#27465) * update modeling rules * add readme to the pack * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * add readme to the pack * add readme to the pack * add readme to the pack --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Skyhigh SWG init (#27526) * Skyhigh SWG init (#27060) * Skyhigh SWG init * fix validation errors * fix mypy typing issues with ET * changes following the review * get method args and default empty string for mypy * changed doc review suggestions * Context rework * doc review * changed integration directory * rn * deprecation info and docker * rn * rn --------- Co-authored-by: ckaadic <48683125+ckaadic@users.noreply.github.com> Co-authored-by: epintzov <epintzov@paloaltonetworks.com> * [DBotPredictURLPhishing] - fix bug with None entires (#27563) * [DBotPredictURLPhishing] - fix issue bug with None entires * add retry mechanisem to tpb in case of failure * bump rn * pre-commit fixes * Align Credentials for GoogleCloudTranslate, Google Vision API, Google Resource Manager (#27560) * GoogleCloudTranslate complete * GoogleVisionAPI complete * GoogleResourceManager complete * GoogleResourceManager complete * Fixed GoogleVisionAPI.py * Versioned core packs (#25989) * Versioned Corepacks files * Changed content pack to triger an upload * flake8 * test upload to target bucket from prepare_content_packs_for_testing.sh * added versions-metadata.json file * cleaned code * uploading versions-metadata.json to bucket * copy versions-metadata to bucket * upload versions-metadata to artifacts * upload versions-metadata to production bucket * fix validations * copy with blob * corepacks upload and versions-metadata logic working, before relative paths * changed corepack file contents to relative paths * fixed validations * Cleand code * Test adding another version to the versions-metadata * changed corepacks.json file back to full paths * test multiple unlocked files * cleaned code * Fixed parameter name * fixed corepacks if * added UT for versions-metadata file format * pre-commit hooks * UT for upload_packs.py * CR updates * First commit for corepacks hotfix * pre-commit * pre-commit * test - should not override 8.2.0 * removed UT * CR updates * Added UTs for the hotfix part * Added UTs for copy_and_upload_packs * Updates * Added MP to versions-metadata. should upload 6.11.0 and 8.3.0 * Added MP to override. should upload 6.11.0 to xpanse only and override 8.2.0 in marketplacev2 only * flake8 * cleaned code and fixed UT * Cleaned versions-metadata.json file * CR updates * fixed UTs * fixed lint * CR updates * Ivanti Update (#27564) * Updated Ivanti * Updated ReleaseNotes * Updated ReleaseNotes * RTIR: fix add-comment (#27549) * remove more `encode`s * update image * Update Packs/RTIR/ReleaseNotes/1_0_16.md Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> --------- Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * move pre-commit template to content (#27535) * Fix packs with demisto-sdk lint issues (#27392) * Added the missing defaultValue arg in the yml files (#27443) * added the missing default value * Bump pack from version CrowdStrikeFalcon to 1.10.22. * update docker * update release notes with docker update * fix docker image issue * fix validation * update docker * update RN after merge master * fix duplicate field * fix rn --------- Co-authored-by: Content Bot <bot@demisto.com> * Fix For ADFS ModelingRules (#27568) * Update Docker Image To demisto/python3 (#27577) * Updated Metadata Of Pack PrismaCloudCompute * Added release notes to pack PrismaCloudCompute * Packs/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute.yml Docker image update * Packs/PrismaCloudCompute/Scripts/PrismaCloudComputeParseVulnerabilityAlert/PrismaCloudComputeParseVulnerabilityAlert.yml Docker image update * Updated Metadata Of Pack PrismaSaasSecurity * Added release notes to pack PrismaSaasSecurity * Packs/PrismaSaasSecurity/Integrations/SaasSecurity/SaasSecurity.yml Docker image update * Updated Metadata Of Pack AbuseDB * Added release notes to pack AbuseDB * Packs/AbuseDB/Scripts/AbuseIPDBPopulateIndicators/AbuseIPDBPopulateIndicators.yml Docker image update * Updated Metadata Of Pack PANWComprehensiveInvestigation * Added release notes to pack PANWComprehensiveInvestigation * Packs/PANWComprehensiveInvestigation/Scripts/PanwIndicatorCreateQueries/PanwIndicatorCreateQueries.yml Docker image update * GsuiteAdmin empty page token error (#27481) * Fixed an issue where an empty page_token would sometimes be sent * Updated RNs * Updated docker image * Added ruff suggestions --------- Co-authored-by: Content Bot <bot@demisto.com> * import-indicator-commands (#27558) * import-indicator-commands * fix doc review CR * Update carbon black deprecated content (#27100) * update content on playbook-Block_Endpoint_-_Carbon_Black_Response.yml * updated sub-playbook playbook-Block_Endpoint_-_Carbon_Black_Response_2_1 instead playbook-Block_Endpoint_-_Carbon_Black_Response * RN after create new playbook for block endpoint carbon black v2.1 * RN after replaced sub-playbook `Block Endpoint - Carbon Black Response V2` with sub-playbook `Block Endpoint - Carbon Black Response V2.1` on isolated endpoint - generic v2 * replace extrha hop deprecated command and update carbon black command on Endpoint Enrichment v2.1 * RN after replace extrha hop deprecated command and update carbon black command on Endpoint Enrichment v2.1 * Bump pack from version CommonPlaybooks to 2.3.73. * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * the playbook Block IP Generic v2 was deprecated * the playbook Block IP Generic v2 was deprecated * RN after playbook Block IP Generic v2 was deprecated * fix validation errors and change skipunavailable to true on isolated endpoint - generic v2 * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Endpoint_Enrichment_-_Generic_v2.1_6_8.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fix validation errors add missing png and edit RN for pack EOL date * Update Packs/Carbon_Black_Enterprise_Response/Playbooks/playbook-Block_Endpoint_-_Carbon_Black_Response_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Isolate_Endpoint_-_Generic_V2_6_8_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fix Conflicting files * Bump pack from version Carbon_Black_Enterprise_Response to 2.1.35. * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fix for conflict --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: altmannyarden <61933087+altmannyarden@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> * Remove unnecessary troubleshooting from README.md (#27531) * remove troubleshooting from README.md * generated README --------- Co-authored-by: xsoar-bot <xsoar-bot@paloaltonetworks.com> * Fix python 3 incompatibility for McAfee MAR (#27576) * CVE command (#27580) * CVE command (#27241) * Add ctix-get-vulnerability-data and cve commands * Add extra_data parameter for new cve-command * Update documentation for fields that are required in commands that already exist * Minor improvements/simplifications from code review * Remove required attribute that makes the changes backwards incompatible Replace with defaultValue * Update docker to latest version * Updating README to reflect default value added for optional arguments * Update docker image. --------- Co-authored-by: Corey Bodendein <corey.bodendein@cyware.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * Remove redundant assignment of var (#27571) * Remove redundant amount_of_events assignments. * Update RN. Update docker. Update version. * Fix unit tests * Feature/threatgrid add commands arguments (#27468) (#27590) * Update Docker Image To demisto/py3-tools (#25523) * Updated Metadata Of Pack FeedAWS * Added release notes to pack FeedAWS * Packs/FeedAWS/Integrations/FeedAWS/FeedAWS.yml Docker image update * Update the sample-upload command with arguments: vm and playbook * Add missing arguments * update docker image * update docker image in release note Co-authored-by: TalGumi <101499620+TalGumi@users.noreply.github.com> * Partner otrs ag adoption start (#27256) (#27592) * OTRS AG Pack Adoption * Update pack_metadata.json * update release notes Co-authored-by: jensoliver <jojo@jbothe.de> * Snow Transformer Error (#27479) * Fixed transformer in incoming mapper * Added RNs --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> * Domain extracted from a file with an extension as part of a URL (#27569) * Fix for domain regex and formatter to avoid catching files as domains * RN * docker bump * RN * Test playbook for 'CrowdStrike Falcon - Get Detections by Incident' (#27186) * Test playbook for 'CrowdStrike Falcon - Get Detections by Incident' * RN * Bump pack from version CrowdStrikeFalcon to 1.10.21. * Deleted duplicated tasks and added validation for CrowdStrike Falcon live incidents * Bump pack from version CrowdStrikeFalcon to 1.10.22. * added validations for the existence of CrowdStrike Falcon incidents and detections * Removed unnecessary 'print error' messages * Bump pack from version CrowdStrikeFalcon to 1.10.23. * Bump pack from version CrowdStrikeFalcon to 1.10.24. * Replaced the 'is not empty' condition with the 'Is defined' condition for tasks 324 and 318 * changed the 'fromversion' to 6.5.0 * RN --------- Co-authored-by: Content Bot <bot@demisto.com> * [TestIsMaliciousIndicatorFound] - add sleep for indexing indicators (#27584) * Microsoft usgov support (#27025) https://jira-hq.paloaltonetworks.local/browse/CIAC-818 Adding support for All Azure clouds in Azure Key Vault, Azure Sentinel, Azure Kubernetes Service Adding support for all endpoints in Microsoft Defender for Endpoints * Generic Webhook enhancements (#27478) (#27596) * Added request header information to the rawJSON output. Restructures the rawJSON output to include header and body details. * Updated Release notes and pack_metadata.json * Updated Release notes. * Updated Release notes. * Updated Release notes. Updated docker version. * Adjusted raw_json output. Aligned README.md and release note. * Updated Docker Image * Update Packs/GenericWebhook/ReleaseNotes/1_0_25.md * Remove Authorization header details. * Updated Known_Words in .pack-ignore * Fixed header_name * fixed secret_header --------- Co-authored-by: Martin Ohl <Martin.Ohl@ohl-net.eu> Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * Update Docker Image To demisto/pymisp2 (#27607) * Updated Metadata Of Pack MISP * Added release notes to pack MISP * Packs/MISP/Integrations/MISPV3/MISPV3.yml Docker image update * Ciac 3134 workday logs (#27055) * new pack * unit tests * added logic, readme and unit tests. also modeling rules. * removed test data * format and pre-commit fixes * validations and pre commit fixes * rn * test * test * schema and from version * docker * modeling rules and demo rejects * display name of params * CR fixes * build fix * build fix * test * test * readme fix * docker * bug fix * rn * rn * Apply suggestions from code review Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * Update Packs/Workday/ReleaseNotes/1_3_1.md Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * Bump pack from version Workday to 1.3.2. * add logs and fixed a bug with duplications * added max fetch * added support for duplications and fix bugs * rn * rn and changed last run to contain all log * rn and docker * unit test fix * CR fixes * pre commit changes --------- Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> * CrowdStrike Falcon - Search endpoints by hash enchantment (#27594) * Added a condition -> "IsIntegrationEnabled" * Updated RN * Removed un-required tests * Bump pack from version CrowdStrikeFalcon to 1.10.26. * Update 1_10_26.md Updated RN * Update 1_10_26.md --------- Co-authored-by: Content Bot <bot@demisto.com> * MacOS Update (#27608) * Updated MacOS vendor product * Updated RN * Updated ReleaseNotes * fix workday parsing rule id (#27615) * fix workday parsing rule id * rn * move a line in the yml to the correct position (#27610) * move the line * RN * remove the Dev * docker image * remove the Dev * Barracuda Update (#27545) * Updated the ParsingRules logic * Updated ReleaseNotes * Updated ReleaseNotes * Updated .yml configs for IvantiPulseSecureVTM * Reverted Ivanti VTM changes * IvantiPulseSecureVTM .yml update * Delete IvantiPulseSecureVTM_ParsingRules.yml * Delete IvantiPulseSecureVTM_ModelingRules.yml * Updated ReleaseNotes * Updated ReleaseNotes * Reverted changed to Ivanti * Reverted IvantiPulseSecureVTM RN * Align credentials stores integrations- part 20 (#27534) * lign credentials stores integrations- part 20 * Carbon Black Live Response Cloud * added '.' * fix rl * fix unit tests * raise exception * SMB - fix path concatenation (#27604) * SMB - fix wrong path concatenation * added RNs * fixed RNs * updated docker image * Moved path creation to function * Updated func * updated RN * removed yml rename * 1.17.0 sdk release (#27618) * Update ewsv2 exc2019 (#26670) * update * test * changes * changes * final commands changes * clean code * update TPBs * rvert name change * revert name change * cr changes * fix name * fix TPBs * remove skip of perm_set field * fix tpb and validations * revert arg removal * remove added tpb * update memory threshold * fix ut * fix ut * Fix urllib.parse import in CommonServerPython (#27252) * Allow applying a new profile over an existing one in ***pan-os-apply-security-profile*** command (#27237) * Add XSOAR support for updating existing profile types * RN * fix UT * Update Packs/PAN-OS/ReleaseNotes/1_17_5.md Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * fix CR * RN * UT was added * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * fix * flake8 * UT stability --------- Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Update Docker Image To demisto/splunksdk-py3 (#27263) * Updated Metadata Of Pack SplunkPy * Added release notes to pack SplunkPy * Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml Docker image update * Updated domain extraction playbook - changing .zip to a valid TLD (#27264) * Updated domain extraction playbook * some formatting. * Update playbook-Domain_extraction_test.yml * Update playbook-Domain_extraction_test.yml * Update Docker Image To demisto/duoadmin3 (#27268) * Updated Metadata Of Pack DuoAdminApi * Added release notes to pack DuoAdminApi * Packs/DuoAdminApi/Integrations/DuoEventCollector/DuoEventCollector.yml Docker image update * Packs/DuoAdminApi/Integrations/DuoAdminApi/DuoAdminApi.yml Docker image update * Update Docker Image To demisto/googleapi-python3 (#27267) * Updated Metadata Of Pack GoogleDrive * Added release notes to pack GoogleDrive * Packs/GoogleDrive/Integrations/GoogleDrive/GoogleDrive.yml Docker image update * Update Docker Image To demisto/python3 (#27266) * Updated Metadata Of Pack Darktrace * Added release notes to pack Darktrace * Packs/Darktrace/Integrations/DarktraceMBs/DarktraceMBs.yml Docker image update * Packs/Darktrace/Integrations/DarktraceAIA/DarktraceAIA.yml Docker image update * Updated Metadata Of Pack CybleEvents * Added release notes to pack CybleEvents * Packs/CybleEvents/Integrations/CybleEvents/CybleEvents.yml Docker image update * Updated Metadata Of Pack Censys * Added release notes to pack Censys * Packs/Censys/Integrations/CensysV2/CensysV2.yml Docker image update * Updated Metadata Of Pack VirusTotal * Added release notes to pack VirusTotal * Packs/VirusTotal/Integrations/FeedLivehunt/FeedLivehunt.yml Docker image update * Packs/VirusTotal/Integrations/FeedRetrohunt/FeedRetrohunt.yml Docker image update * Updated Metadata Of Pack CofenseIntelligenceV2 * Added release notes to pack CofenseIntelligenceV2 * Packs/CofenseIntelligenceV2/Integrations/CofenseIntelligenceV2/CofenseIntelligenceV2.yml Docker image update * Updated Metadata Of Pack CheckPointDome9 * Added release notes to pack CheckPointDome9 * Packs/CheckPointDome9/Integrations/CheckPointDome9/CheckPointDome9.yml Docker image update * Updated Metadata Of Pack Reco * Added release notes to pack Reco * Packs/Reco/Integrations/Reco/Reco.yml Docker image update * Updated Metadata Of Pack CimTrak-SystemIntegrityAssurance * Added release notes to pack CimTrak-SystemIntegrityAssurance * Packs/CimTrak-SystemIntegrityAssurance/Integrations/CimTrak/CimTrak.yml Docker image update * Update Docker Image To demisto/python3 (#27272) * Updated Metadata Of Pack FeedProofpoint * Added release notes to pack FeedProofpoint * Packs/FeedProofpoint/Integrations/FeedProofpoint/FeedProofpoint.yml Docker image update * Updated Metadata Of Pack FortiSIEM * Added release notes to pack FortiSIEM * Packs/FortiSIEM/Integrations/FortiSIEM/FortiSIEM.yml Docker image update * Updated Metadata Of Pack Ipstack * Added release notes to pack Ipstack * Packs/Ipstack/Integrations/Ipstack/Ipstack.yml Docker image update * Updated Metadata Of Pack SafeBreach * Added release notes to pack SafeBreach * Packs/SafeBreach/Integrations/SafeBreach_v2/SafeBreach_v2.yml Docker image update * Updated Metadata Of Pack RedCanary * Added release notes to pack RedCanary * Packs/RedCanary/Integrations/RedCanary/RedCanary.yml Docker image update * Updated Metadata Of Pack PiHole * Added release notes to pack PiHole * Packs/PiHole/Integrations/PiHole/PiHole.yml Docker image update * Updated Metadata Of Pack FeedDShield * Added release notes to pack FeedDShield * Packs/FeedDShield/Integrations/FeedDShield/FeedDShield.yml Docker image update * Updated Metadata Of Pack SafeNet_Trusted_Access * Added release notes to pack SafeNet_Trusted_Access * Packs/SafeNet_Trusted_Access/Integrations/SafeNetTrustedAccess/SafeNetTrustedAccess.yml Docker image update * Updated Metadata Of Pack OpenPhish * Added release notes to pack OpenPhish * Packs/OpenPhish/Integrations/OpenPhish_v2/OpenPhish_v2.yml Docker image update * Updated Metadata Of Pack NistNVD * Added release notes to pack NistNVD * Packs/NistNVD/Integrations/NistNVD/NistNVD.yml Docker image update * Updated Metadata Of Pack Cognni * Added release notes to pack Cognni * Packs/Cognni/Integrations/Cognni/Cognni.yml Docker image update * Updated Metadata Of Pack PANOSPolicyOptimizer * Added release notes to pack PANOSPolicyOptimizer * Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml Docker image update * Updated Metadata Of Pack DeveloperTools * Added release notes to pack DeveloperTools * Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml Docker image update * Packs/DeveloperTools/Integrations/CustomIndicatorDemo/CustomIndicatorDemo.yml Docker image update * Packs/DeveloperTools/Integrations/APIMetricsValidation/APIMetricsValidation.yml Docker image update * Updated Metadata Of Pack NozomiNetworks * Added release notes to pack NozomiNetworks * Packs/NozomiNetworks/Integrations/NozomiNetworks/NozomiNetworks.yml Docker image update * Updated Metadata Of Pack ANYRUN * Added release notes to pack ANYRUN * Packs/ANYRUN/Integrations/ANYRUN/ANYRUN.yml Docker image update * Updated Metadata Of Pack Carbon_Black_Enterprise_Response * Added release notes to pack Carbon_Black_Enterprise_Response * Packs/Carbon_Black_Enterprise_Response/Integrations/CarbonBlackResponseV2/CarbonBlackResponseV2.yml Docker image update * Updated Metadata Of Pack Absolute * Added release notes to pack Absolute * Packs/Absolute/Integrations/Absolute/Absolute.yml Docker image update * Updated Metadata Of Pack Ironscales * Added release notes to pack Ironscales * Packs/Ironscales/Integrations/Ironscales/Ironscales.yml Docker image update * Updated Metadata Of Pack FeedURLhaus * Added release notes to pack FeedURLhaus * Packs/FeedURLhaus/Integrations/FeedURLhaus/FeedURLhaus.yml Docker image update * Updated Metadata Of Pack Lokpath_Keylight * Added release notes to pack Lokpath_Keylight * Packs/Lokpath_Keylight/Integrations/Lockpath_KeyLight_v2/Lockpath_KeyLight_v2.yml Docker image update * Updated Metadata Of Pack FeedMISP * Added release notes to pack FeedMISP * Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml Docker image update * Updated Metadata Of Pack FraudWatch * Added release notes to pack FraudWatch * Packs/FraudWatch/Integrations/FraudWatch/FraudWatch.yml Docker image update * Updated Metadata Of Pack AbnormalSecurity * Added release notes to pack AbnormalSecurity * Packs/AbnormalSecurity/Integrations/AbnormalSecurityEventCollector/AbnormalSecurityEventCollector.yml Docker image update * Updated Metadata Of Pack CovalenceManagedSecurity * Added release notes to pack CovalenceManagedSecurity * Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/CovalenceManagedSecurity.yml Docker image update * Updated Metadata Of Pack IllusiveNetworks * Added release notes to pack IllusiveNetworks * Packs/IllusiveNetworks/Integrations/IllusiveNetworks/IllusiveNetworks.yml Docker image update * Updated Metadata Of Pack Edgescan * Added release notes to pack Edgescan * Packs/Edgescan/Integrations/Edgescan/Edgescan.yml Docker image update * Updated Metadata Of Pack PerceptionPoint * Added release notes to pack PerceptionPoint * Packs/PerceptionPoint/Integrations/PerceptionPoint/PerceptionPoint.yml Docker image update * Updated Metadata Of Pack Druva * Added release notes to pack Druva * Packs/Druva/Integrations/Druva/Druva.yml Docker image update * Updated Metadata Of Pack APIVoid * Added release notes to pack APIVoid * Packs/APIVoid/Integrations/APIVoid/APIVoid.yml Docker image update * Updated Metadata Of Pack PingIdentity * Added release notes to pack PingIdentity * Packs/PingIdentity/Integrations/PingOne/PingOne.yml Docker image update * Updated Metadata Of Pack cisco-ise * Added release notes to pack cisco-ise * Packs/cisco-ise/Integrations/cisco-ise/cisco-ise.yml Docker image update * Updated Metadata Of Pack SailPointIdentityIQ * Added release notes to pack SailPointIdentityIQ * Packs/SailPointIdentityIQ/Integrations/SailPointIdentityIQ/SailPointIdentityIQ.yml Docker image update * Updated Metadata Of Pack Cymulate * Added release notes to pack Cymulate * Packs/Cymulate/Integrations/Cymulate/Cymulate.yml Docker image update * Packs/Cymulate/Integrations/Cymulate_v2/Cymulate_v2.yml Docker image update * Updated Metadata Of Pack XSOARmirroring * Added release notes to pack XSOARmirroring * Packs/XSOARmirroring/Integrations/XSOARmirroring/XSOARmirroring.yml Docker image update * Updated Metadata Of Pack XMatters * Added release notes to pack XMatters * Packs/XMatters/Integrations/xMatters/xMatters.yml Docker image update * Updated Metadata Of Pack Zimperium * Added release notes to pack Zimperium * Packs/Zimperium/Integrations/Zimperium/Zimperium.yml Docker image update * Updated Metadata Of Pack RSANetWitnessEndpoint * Added release notes to pack RSANetWitnessEndpoint * Packs/RSANetWitnessEndpoint/Integrations/RSANetWitnessEndpoint/RSANetWitnessEndpoint.yml Docker image update * Updated Metadata Of Pack SymantecBlueCoatMalwareAnalysis * Added release notes to pack SymantecBlueCoatMalwareAnalysis * Packs/SymantecBlueCoatMalwareAnalysis/Integrations/SymantecBlueCoatMalwareAnalysis/SymantecBlueCoatMalwareAnalysis.yml Docker image update * Updated Metadata Of Pack InfoArmor_VigilanteATI * Added release notes to pack InfoArmor_VigilanteATI * Packs/InfoArmor_VigilanteATI/Integrations/InfoArmorVigilanteATI/InfoArmorVigilanteATI.yml Docker image update * Updated Metadata Of Pack AccentureCTI * Added release notes to pack AccentureCTI * Packs/AccentureCTI/Integrations/ACTIVulnerabilityQuery/ACTIVulnerabilityQuery.yml Docker image update * Updated Metadata Of Pack PingCastle * Added release notes to pack PingCastle * Packs/PingCastle/Integrations/PingCastle/PingCastle.yml Docker image update * Updated Metadata Of Pack MaxMind_GeoIP2 * Added release notes to pack MaxMind_GeoIP2 * Packs/MaxMind_GeoIP2/Integrations/MaxMind_GeoIP2/MaxMind_GeoIP2.yml Docker image update * Updated Metadata Of Pack Maltiverse * Added release notes to pack Maltiverse * Packs/Maltiverse/Integrations/Maltiverse/Maltiverse.yml Docker image update * Updated Metadata Of Pack CarbonBlackDefense * Added release notes to pack CarbonBlackDefense * Packs/CarbonBlackDefense/Integrations/CarbonBlackEndpointStandard/CarbonBlackEndpointStandard.yml Docker image update * Updated Metadata Of Pack AlienVault_USM_Anywhere * Added release notes to pack AlienVault_USM_Anywhere * Packs/AlienVault_USM_Anywhere/Integrations/AlienVault_USM_Anywhere/AlienVault_USM_Anywhere.yml Docker image update * Updated Metadata Of Pack ProofpointServerProtection * Added release notes to pack ProofpointServerProtection * Packs/ProofpointServerProtection/Integrations/ProofpointProtectionServerV2/ProofpointProtectionServerV2.yml Docker image update * Updated Metadata Of Pack OpsGenie * Added release notes to pack OpsGenie * Packs/OpsGenie/Integrations/OpsGenieV3/OpsGenieV3.yml Docker image update * Fixed lint and validate --------- Co-authored-by: sberman <sberman@paloaltonetworks.com> * Ignore modeling/parsing rules suffix error (#27274) * [EDL] Fixed a typo in the description (#27269) * Fixed a typo in the description * Update the docker image * Macos Regex Fix (#27270) * Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes * Updated ModelingRules * Updated ModelingRules * Cs falcon add tags to cs-falcon-upload-custom-ioc command (#27234) * CS Flacon add tags to upload-custom-ioc command * added RNs * Align credentials stores part 11 (#27253) * Align credentials part 11 * Trend Micro Apex * ignore * adding tests to hostlo * Trend Micro Apex tests * trend more test * change test * Syslogv2 was removed from xsiam marketplace (#27278) * remove Syslogv2 from xsiam marketplace * RN * known_words * Update Packs/Syslog/ReleaseNotes/2_0_16.md Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * DO --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * Microsoft Graph Single User - Edit documentation (#27275) * edit documentation * edit documentation * RN and DO * fix doc * mistake * ExtraHop release v2.1.0 (#27056) (#27279) * Update .devcontainer.json name * added changes related to ExtrHop 2.1.0 release --------- Co-authored-by: Crest Data Systems <60967033+crestdatasystems@users.noreply.github.com> Co-authored-by: crestdatasystems <crestdatasystems@users.noreply.github.com> * Recordedfuture listapi v1.0.0 (#26996) (#27281) * First version/implementation of new List Integration * Added new List integration * Updated validation step requirements and fixed tests to be working as expected * Updated test Coverage * Version bump and fixed frombersion for list app * Added custom content, incident type and classifier for coderepo leakage * Updated some documentation and fixed dockerimages * Bumped version of playbook alert app * Fixed changelog for 1.6.0 to not include an old change * fixed type0 in changelog * removed base64 import * Updated release notes * Update based on review * Removed references to old playbook alerts documentation from creation of integration --------- Co-authored-by: recordedfuture-simonhornestedt <109588368+recordedfuture-simonhornestedt@users.noreply.github.com> Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * fix bug by convert the password to bytes (#27283) * fix bug by convert the password to bytes * commit * update RN and Docker * comment corrections * commit * [greynoise-266] - Add greynoise-similar and greynoise-timeline commands (#27067) (#27291) * add sim and timeline updates * fix test file prints * update readme fix tests * updates to readme for pre-commit * updates from pre-commit run * more linting updates * update secrets * fix url in timeline Co-authored-by: Brad Chiappetta <38439955+bradchiappetta@users.noreply.github.com> * [ASM] - Expandr 4075 (#27258) (#27287) * init * RN * fix RN * Apply suggestions from code review -----…
xsoar-bot
added a commit
to xsoar-contrib/content
that referenced
this pull request
Aug 2, 2023
* add command * fixes * change client function name * RN * Cloud Incident Response pack and Cloud Token Theft playbook (#27331) * new pack for Cloud Incident Response playbooks * new pack for Cloud Incident Response playbooks * updates common playbooks RN * updates common playbooks RN * Added scripts * Added trigger * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Cloud_Enrichment_-_Generic_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Cloud_Enrichment_-_Generic_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/ReleaseNotes/2_3_74.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/ReleaseNotes/2_3_74.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fixes the Hunting Results section in the layout * Added the pack and scripts readme * updates pack meta-data * Review fixes * PBs screenshot * removes quiet mode * removes quiet mode * fixes shared sub-playbooks. * inputs validation * fixes tasks description * Added playbook outputs * update RN and PBs description * changes to MP2 only * new script * review fixes * update RN * fix typo * updates the readme png links * unit test and fixes * fix layout * added pack ignore for the dynamic sections unit tests * secrets * fixes * fixes * pack ignore * fixes * docker image version * fix flake errors * remove trigger due to sdk bug * added unit test * fix unit test coverage * fix unit test coverage --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * [ASM] - Expander - Update Service Ownership (#27140) (#27522) * Update Cortex ASM - Service Ownership - Updated Cortex ASM - GCP Enrichment playbook to retrieve the service account on the instance and writes it to incident field **asmserviceownerunrankedraw** for use by the **Cortex ASM - Service Ownership** playbook. - Updated the Service Ownership playbook to run for all cloud service providers and added support for retrieving GCP project owners from user-managed, cross-project service accounts. - Add script GetProjectOwners which prses a GCP service account email for the project ID, then looks up the project owners and adds them to a list of potential service owners for ranking. - Updated script RankServiceOwners to no longer limit to the top-5 service owners Test plan: pytest + tested in callu tenant on AWS and GCP alerts, verified the expected owners were written to `asmserviceowner` * Mark GetProjectOwners task as skip unavailable since it depends on GCP-IAM integration * Revert change to fromversion in RankServiceOwners * Bump pack version * Use regex to validate user-managed service account * Raise/catch exceptions rather than using nested if statements * Update docker image. * exclude GCP-IAM core-pack dependency * Update GCP Enrichment playbook with service account * Update pack README with new script * Update release notes * Add unit tests for error handling in GetProjectOwners - Validate error message on existing tests - Add unit test for get_iam_policy * Add tests to verify exception handling in main * Revert to ' | ' delimiter for Source field * Move up check for Cortex ASM integration * Update docker images * Update release notes * Update Packs/CortexAttackSurfaceManagement/README.md * Update docker image and release notes --------- Co-authored-by: kball-pa <131012047+kball-pa@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> Co-authored-by: John <40349459+BigEasyJ@users.noreply.github.com> * [VMRay] fix encoding of file names (#27429) (#27527) * fix encoding of file names * update docker image * add given, when, then to test * updated docker image --------- Co-authored-by: Jens Thom <72789379+jthom-vmray@users.noreply.github.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Xsoar file management (#26455) * commonserver.js * working * ok * fileDeleteAttachmentCommand * read me * removing examples file * removing changes * rl update * small fixes * removing extra space * RL * remove RL * adding version * RL base * commit * temp * coreApiFileCheckCommand fix * fixing fileDeleteCommand * fileUploadCommand fix * rl * Bump pack from version Base to 1.32.5. * after conflicts * Rl * xsoar concate bug fix * docstring * undo changes in unrelevant files * removing _mm * Bump pack from version Base to 1.32.6. * Bump pack from version Base to 1.32.7. * val changes * removing notes * small fixes * cr fixes * fileUploadCommand fix * small update * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/ReleaseNotes/1_3_26.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/ReleaseNotes/1_3_26.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/ReleaseNotes/1_3_26.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/ReleaseNotes/1_3_26.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/ReleaseNotes/1_3_26.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/CoreRESTAPI.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DemistoRESTAPI/Integrations/CoreRESTAPI/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * specifying what the FileResult function does * RL * known word * ignore word * adding to read me * Update Packs/Base/ReleaseNotes/1_32_7.md Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> * removed from read me old demisto command * adding to ignore * ignore * Bump pack from version Base to 1.32.8. * m * Bump pack from version Base to 1.32.9. * Bump pack from version Base to 1.32.10. * Bump pack from version Base to 1.32.11. * Bump pack from version Base to 1.32.12. * demo fixes * Bump pack from version Base to 1.32.15. --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> * [VirusTotal] Fix only_stats default value (#27454) * [VirusTotal] Fix only_stats default value (#27428) * Fix only_stats default value * Made the change in the code instead yaml * fix * restore yaml defailtValue * fixed rn * updated docker --------- Co-authored-by: Daniel Pascual <danielvazquez@google.com> Co-authored-by: michal-dagan <mdagan@paloaltonetworks.com> Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * [Marketplace Contribution] Community Common Scripts - Content Pack Update (#27457) (#27532) * "contribution update to pack "Community Common Scripts"" * Add README * Move to version upgrade to revision. Concise RN. Move desc to README * Bump docker version. --------- Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * [Jira v2] Added 3 new commands (#27523) * [Jira v2] Added 3 new commands (#27431) * master * jira command * reverting headers * reverting union option * reverted the latest message * reverting debug message * get_organization_name * reverting update_issue_assignee_command * moving up the update_issue_assignee_command * git user * issue assign * command * customfields removed * jirav2copy * rmed jirav2copy * jira * format * jirav2 * reverted defaultmapperin * reverted hidden marketplace * jira * moved down edit-issue * wrong command * jira * replaced a line * Readme * watchers * added release notes * revert CrowdStrike * typo * test get_organizations * added a unit test * mocker error * fixing unit test * rmed 1_* * unit testing for organizations * removed .gitignore * taking care of comments * rmed 1_* files * new commands into README * Update Packs/Jira/Integrations/JiraV2/JiraV2.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Jira/Integrations/JiraV2/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Jira/ReleaseNotes/3_0_3.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Jira/ReleaseNotes/3_0_3.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Jira/ReleaseNotes/3_0_3.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update docker image. --------- Co-authored-by: Enes Özdemir <49711791+ennozdd@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * Updated description (#27524) * Updated description (#27440) * Updated description * Updated docker image version * Updated docker image version - update * updated docker image --------- Co-authored-by: grzegorzpapkala <grzegorzpapkala@gmail.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Added new fields to context output and UI (#27069) * added new fields * separated context and UI * updated human readable * fixed "cannot concatenate dict" bug * fixed the mess in profiles * updated tests * location now appears in UI * removed field restrictions for panorama * Updated yml * updated readme * updated release notes * added docs to xml_get * fixed test errors * Apply suggestions from code review Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * post CR commit * Update 1_17_4.md * Update Packs/PAN-OS/ReleaseNotes/1_17_4.md Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * CR changes * merged context/pretty rules to single dict * added test jsons * cleaned tests; added dict_test (dummy) * added unsafe_dict_get * added docs to unsafe_dict_get * unsafe_dict_get is now dict_recursive_get with changes * updated yml * fixed UI not showing all bug * updated readme * solved release notes conflict * CR changes * update release notes * Update 1_17_7.md * removed dict_recursive_get * updated release notes * Apply suggestions from code review Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * removed pylint ignore * added known words * removed unrelated release notes * added pylint ignore * return string by default * ignore pylint false positives * added defaults for profiles * added defaults for profiles 2 * ignore pylint * updated docker * resolve conflicts --------- Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> * Fix small grammar typos in documentation (#27489) (#27533) * Fix small grammar typos in documentation * Update docker image. Update RN and versions. * Update Packs/AccentureCTI/Integrations/ACTIIndicatorQuery/ACTIIndicatorQuery.py --------- Co-authored-by: Peter Elmers <peter.elmers@yahoo.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Support level tags for external contributions bug fix (#27167) * fix bug on new files * add existing file path change * add new partner pack for testing * update test * update * add python to pipenv * test change cwd works * remove panorama * check if works without change-cwd * add the option to checkout branch * try to see behaivor with checkout * comment out * fix import issue * search in paranets path * fixes * align the print * update * remove test files * remove pipfile * handle bug * add support to checkout forked branches * test * add support for checking out forked branches * add print * pragma no cover * small fix * enhancments * bug fix * remove unused imports * add forked repo even if not content * uncomment main code * always checkout to the branch * remove copy * cr fixes * cr fixes * empty packs support level in case of exception * Ivanti Pulse Secure Mapping (#27407) * Created IvantiPulseSecureVTM pack * Updated README * Updated README * Updated README * Updated README * Updated README * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/IvantiPulseSecureVTM/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Updated ModelingRules * Updated ModelingRules * Updated ModelingRules * Updated ModelingRules * Update README.md * Update README.md * Updated ModelingRules * Updated ModelingRules * Updated ModelingRules * Updated ModelingRules * Updated ModelingRules * Updated the pack name in pack_metadata * Updated ParsingRules --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Aws iam enhancement (#27271) * in progress * added rn * added put role policy command * added put_user_policy_command * added put_user_policy_command * done * readme update * pre-commit fixes * rn fix * improvments * update tpb * update rn * readme fix * cr fix * pre-commit fixes * cr fix * fixes * docs addition * docs addition * docs addition * docker update * Align credentials stores part 18 (#27441) * Align credentials part 18 * MxToolBox * RM110 * fix * Cs falcon enhancement (#26136) * initial branch commit; first command ready * 'build_cs_falcon_filter' gets kwargs instead of dict * added stubs for all seven commands, not tested * finished up to pending design functions * updated user response when no IDs match the filter * fixed scheduled scan validation bug * fixed scheduled scan validation bug * added commands to README; fixed create scans bug * ready for CR * added ODS to description * added cancel scan to readme; improved UI * beautified create scan output * beautified create scan output * beautified create scan output * updated release notes * updated release notes * fixed tests * fixed tests (v2) * shortened readme * test commit * removed cancel-scan command * removed unified yml * updated release notes * reset yml * possible solution for test fails * real solution to test fail * removed irrelevant files * update ReadNetstatFile * fixed error fails * formatted pack * updated docker image * fixed ruff errors * updated release notes * fixed pylint errors * added tests * fixed flake8 errors * fixed ruff errors * updated descriptions; changed start_timestamp * added create scheduled scan command * added polling to create/query scan * added polling to arg to yml * removed demo function * fixed 404 bug * func is now defined * fixed bug * corrected scan_in_progress * changed default cpu_priority * fixed bugs, now works * added new args * updated yml with new args * fixed dict_safe_get bug * fixed tests; added outputs to yml * human readable for scheduled scan only * updated readme * updated release notes * fixed backwards compatibility * fixed backwards compatibility 2 * Update examples.txt * capitalized descriptions * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * CR changes * update examples.txt * regenerated readme * updated tests * removed blank lines * added tests; duration is now in hours * atempt at no return polling (NOT TESTED) * atempt at no return polling * hide polling results * added tests * added tests for polling * removed temporary comments * updated examples * added test playbook * resolve conflicts * added fromversion field * improved playbook * update docker; improve UI * fixed unit tests * fixed unit tests * update docker in RN --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * pan-os-edit-rule command: Added support for removing and adding group profile settings (#27449) * add support for remove profile setting group * commit * add and replace same behavior * RN * Resolve conflict * add comment * add UT * fix a comment CR * fix the UT * mypy error * RN resolve conflict * [Marketplace Contribution] Generic Export Indicators Service - Content Pack Update (#27540) * [Marketplace Contribution] Generic Export Indicators Service - Content Pack Update (#27338) * "contribution update to pack "Generic Export Indicators Service"" * Revert changes to yml and description. Add RN Add known words. * Revert unnecessary changes. * Long line. --------- Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * Bump docker verion. * Remove comment. * fix known_words section --------- Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * Update Docker Image To demisto/python3 (#27554) * Updated Metadata Of Pack URLHaus * Added release notes to pack URLHaus * Packs/URLHaus/Integrations/URLHaus/URLHaus.yml Docker image update * Updated Metadata Of Pack CrowdStrikeIntel * Added release notes to pack CrowdStrikeIntel * Packs/CrowdStrikeIntel/Integrations/CrowdStrikeFalconIntel_v2/CrowdStrikeFalconIntel_v2.yml Docker image update * Updated Metadata Of Pack Shodan * Added release notes to pack Shodan * Packs/Shodan/Integrations/Shodan_v2/Shodan_v2.yml Docker image update * Updated Metadata Of Pack FeedOffice365 * Added release notes to pack FeedOffice365 * Packs/FeedOffice365/Integrations/FeedOffice365/FeedOffice365.yml Docker image update * Updated Metadata Of Pack PrismaCloud * Added release notes to pack PrismaCloud * Packs/PrismaCloud/Integrations/PrismaCloudV2/PrismaCloudV2.yml Docker image update * Update Docker Image To demisto/py3-tools (#27553) * Updated Metadata Of Pack Active_Directory_Query * Added release notes to pack Active_Directory_Query * Packs/Active_Directory_Query/Integrations/Active_Directory_Query/Active_Directory_Query.yml Docker image update * Wildfire v2 - fix an issue in the wildfire-report command (#27547) * fixes * bump rn * revert irrelevent changes * update rn * update test-playbook * update docker image * Azure Active Directory Identity: added test-module handling for client_credentials mode (#27462) * added test-module handling in client_credentials mode * fixed cr comments and added rn * fixed rn * update version * revert * Incident context core pb fix (#27546) * change setparentincident tasks to skipunavailable:true * RN after changed setparentincident tasks to skipunavailable:true * fix for validation errors * RN after fix for validation errors * fix for validation error * Fixed empty installation (#27541) * fix empty installation * Update Tests/Marketplace/search_and_install_packs.py Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com> --------- Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com> * Fixes for 'CrowdStrike Falcon - False Positive Incident Handling' pla… (#27453) * Fixes for 'CrowdStrike Falcon - False Positive Incident Handling' playbbok * Updated README file and generated RN * Bump pack from version CrowdStrikeFalcon to 1.10.22. * Added playbook PNG file * Removed the 'Test - CrowdStrike Falcon' and changed the 'completeafterv2' conf of task number 2 to 'false'. * Bump pack from version CrowdStrikeFalcon to 1.10.23. --------- Co-authored-by: Content Bot <bot@demisto.com> * Add retries to Trigger Test Upload Flow (#27537) * add retries to Trigger Test Upload Flow * add comment * revert lock_cloud_machines.py * Tenable sc enhancment (#26319) * code improvments * in progress * in progress * in progress * in progress * in progress * in progress * in progress * in progress * fix * fixes * fixes * fixes * fixes * deprecate playbook * update list-zones * added tenable-sc-list-groups command * adding tenable-sc-create-user command * in progress * finish create-user command * finish update-user command * in progress * added command results * add dock strings * added rn * all commands developed * validate fixes and added RN * generated readme * pre-commit fixes * adding unit tests * fixes * tests * pre-commit fixes * tests * more test cases * tests * add more tests * docker update * docker update * added tests * changes * updated readme * cr and validation fixes * validation fixes * added tpb * added tpb * fixes * fixes * fixes * fixes * fix tpb issues * revers * fixes * fixes * fixes * fixes * fixes * update * pre-commit fixes * pre-commit fixes * fix tpb * docs fix * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * cr fix * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/ReleaseNotes/1_0_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/ReleaseNotes/1_0_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/ReleaseNotes/1_0_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/ReleaseNotes/1_0_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/ReleaseNotes/1_0_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/ReleaseNotes/1_0_10.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * dor review * doc review * fixes * fixes * in progress * demo fixes * demo fixes * readme update * update tpb * revert * fixes * fixes * transfer password to secret * revert tpb * fixes * fixes * update docker * Test fix * Test fix * add more tests * add more tests * docker update * add more tests * add more tests * add more tests * add more tests * add more tests * fixes --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Align Credentials Part 2 (#27350) * Attlasian_IAM complete * C2sec complete * Tidy complete * CircleCI complete * update release notes * Update .pack-ignore * update docker * updated know words * updated release notes * removed CJ105 from .pack-ignore * FreeEnrichers Pack - small fix to pack names that were wrong (#27445) * small fix to related packs * Update Packs/FreeEnrichers/pack_metadata.json Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> --------- Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> * add readme to Zscaler (#27465) * update modeling rules * add readme to the pack * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/Zscaler/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * add readme to the pack * add readme to the pack * add readme to the pack --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Skyhigh SWG init (#27526) * Skyhigh SWG init (#27060) * Skyhigh SWG init * fix validation errors * fix mypy typing issues with ET * changes following the review * get method args and default empty string for mypy * changed doc review suggestions * Context rework * doc review * changed integration directory * rn * deprecation info and docker * rn * rn --------- Co-authored-by: ckaadic <48683125+ckaadic@users.noreply.github.com> Co-authored-by: epintzov <epintzov@paloaltonetworks.com> * [DBotPredictURLPhishing] - fix bug with None entires (#27563) * [DBotPredictURLPhishing] - fix issue bug with None entires * add retry mechanisem to tpb in case of failure * bump rn * pre-commit fixes * Align Credentials for GoogleCloudTranslate, Google Vision API, Google Resource Manager (#27560) * GoogleCloudTranslate complete * GoogleVisionAPI complete * GoogleResourceManager complete * GoogleResourceManager complete * Fixed GoogleVisionAPI.py * Versioned core packs (#25989) * Versioned Corepacks files * Changed content pack to triger an upload * flake8 * test upload to target bucket from prepare_content_packs_for_testing.sh * added versions-metadata.json file * cleaned code * uploading versions-metadata.json to bucket * copy versions-metadata to bucket * upload versions-metadata to artifacts * upload versions-metadata to production bucket * fix validations * copy with blob * corepacks upload and versions-metadata logic working, before relative paths * changed corepack file contents to relative paths * fixed validations * Cleand code * Test adding another version to the versions-metadata * changed corepacks.json file back to full paths * test multiple unlocked files * cleaned code * Fixed parameter name * fixed corepacks if * added UT for versions-metadata file format * pre-commit hooks * UT for upload_packs.py * CR updates * First commit for corepacks hotfix * pre-commit * pre-commit * test - should not override 8.2.0 * removed UT * CR updates * Added UTs for the hotfix part * Added UTs for copy_and_upload_packs * Updates * Added MP to versions-metadata. should upload 6.11.0 and 8.3.0 * Added MP to override. should upload 6.11.0 to xpanse only and override 8.2.0 in marketplacev2 only * flake8 * cleaned code and fixed UT * Cleaned versions-metadata.json file * CR updates * fixed UTs * fixed lint * CR updates * Ivanti Update (#27564) * Updated Ivanti * Updated ReleaseNotes * Updated ReleaseNotes * RTIR: fix add-comment (#27549) * remove more `encode`s * update image * Update Packs/RTIR/ReleaseNotes/1_0_16.md Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> --------- Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * move pre-commit template to content (#27535) * Fix packs with demisto-sdk lint issues (#27392) * Added the missing defaultValue arg in the yml files (#27443) * added the missing default value * Bump pack from version CrowdStrikeFalcon to 1.10.22. * update docker * update release notes with docker update * fix docker image issue * fix validation * update docker * update RN after merge master * fix duplicate field * fix rn --------- Co-authored-by: Content Bot <bot@demisto.com> * Fix For ADFS ModelingRules (#27568) * Update Docker Image To demisto/python3 (#27577) * Updated Metadata Of Pack PrismaCloudCompute * Added release notes to pack PrismaCloudCompute * Packs/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute.yml Docker image update * Packs/PrismaCloudCompute/Scripts/PrismaCloudComputeParseVulnerabilityAlert/PrismaCloudComputeParseVulnerabilityAlert.yml Docker image update * Updated Metadata Of Pack PrismaSaasSecurity * Added release notes to pack PrismaSaasSecurity * Packs/PrismaSaasSecurity/Integrations/SaasSecurity/SaasSecurity.yml Docker image update * Updated Metadata Of Pack AbuseDB * Added release notes to pack AbuseDB * Packs/AbuseDB/Scripts/AbuseIPDBPopulateIndicators/AbuseIPDBPopulateIndicators.yml Docker image update * Updated Metadata Of Pack PANWComprehensiveInvestigation * Added release notes to pack PANWComprehensiveInvestigation * Packs/PANWComprehensiveInvestigation/Scripts/PanwIndicatorCreateQueries/PanwIndicatorCreateQueries.yml Docker image update * GsuiteAdmin empty page token error (#27481) * Fixed an issue where an empty page_token would sometimes be sent * Updated RNs * Updated docker image * Added ruff suggestions --------- Co-authored-by: Content Bot <bot@demisto.com> * import-indicator-commands (#27558) * import-indicator-commands * fix doc review CR * Update carbon black deprecated content (#27100) * update content on playbook-Block_Endpoint_-_Carbon_Black_Response.yml * updated sub-playbook playbook-Block_Endpoint_-_Carbon_Black_Response_2_1 instead playbook-Block_Endpoint_-_Carbon_Black_Response * RN after create new playbook for block endpoint carbon black v2.1 * RN after replaced sub-playbook `Block Endpoint - Carbon Black Response V2` with sub-playbook `Block Endpoint - Carbon Black Response V2.1` on isolated endpoint - generic v2 * replace extrha hop deprecated command and update carbon black command on Endpoint Enrichment v2.1 * RN after replace extrha hop deprecated command and update carbon black command on Endpoint Enrichment v2.1 * Bump pack from version CommonPlaybooks to 2.3.73. * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * the playbook Block IP Generic v2 was deprecated * the playbook Block IP Generic v2 was deprecated * RN after playbook Block IP Generic v2 was deprecated * fix validation errors and change skipunavailable to true on isolated endpoint - generic v2 * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Endpoint_Enrichment_-_Generic_v2.1_6_8.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fix validation errors add missing png and edit RN for pack EOL date * Update Packs/Carbon_Black_Enterprise_Response/Playbooks/playbook-Block_Endpoint_-_Carbon_Black_Response_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CommonPlaybooks/Playbooks/playbook-Isolate_Endpoint_-_Generic_V2_6_8_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fix Conflicting files * Bump pack from version Carbon_Black_Enterprise_Response to 2.1.35. * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fix for conflict --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: altmannyarden <61933087+altmannyarden@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> * Remove unnecessary troubleshooting from README.md (#27531) * remove troubleshooting from README.md * generated README --------- Co-authored-by: xsoar-bot <xsoar-bot@paloaltonetworks.com> * Fix python 3 incompatibility for McAfee MAR (#27576) * CVE command (#27580) * CVE command (#27241) * Add ctix-get-vulnerability-data and cve commands * Add extra_data parameter for new cve-command * Update documentation for fields that are required in commands that already exist * Minor improvements/simplifications from code review * Remove required attribute that makes the changes backwards incompatible Replace with defaultValue * Update docker to latest version * Updating README to reflect default value added for optional arguments * Update docker image. --------- Co-authored-by: Corey Bodendein <corey.bodendein@cyware.com> Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * Remove redundant assignment of var (#27571) * Remove redundant amount_of_events assignments. * Update RN. Update docker. Update version. * Fix unit tests * Feature/threatgrid add commands arguments (#27468) (#27590) * Update Docker Image To demisto/py3-tools (#25523) * Updated Metadata Of Pack FeedAWS * Added release notes to pack FeedAWS * Packs/FeedAWS/Integrations/FeedAWS/FeedAWS.yml Docker image update * Update the sample-upload command with arguments: vm and playbook * Add missing arguments * update docker image * update docker image in release note Co-authored-by: TalGumi <101499620+TalGumi@users.noreply.github.com> * Partner otrs ag adoption start (#27256) (#27592) * OTRS AG Pack Adoption * Update pack_metadata.json * update release notes Co-authored-by: jensoliver <jojo@jbothe.de> * Snow Transformer Error (#27479) * Fixed transformer in incoming mapper * Added RNs --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> * Domain extracted from a file with an extension as part of a URL (#27569) * Fix for domain regex and formatter to avoid catching files as domains * RN * docker bump * RN * Test playbook for 'CrowdStrike Falcon - Get Detections by Incident' (#27186) * Test playbook for 'CrowdStrike Falcon - Get Detections by Incident' * RN * Bump pack from version CrowdStrikeFalcon to 1.10.21. * Deleted duplicated tasks and added validation for CrowdStrike Falcon live incidents * Bump pack from version CrowdStrikeFalcon to 1.10.22. * added validations for the existence of CrowdStrike Falcon incidents and detections * Removed unnecessary 'print error' messages * Bump pack from version CrowdStrikeFalcon to 1.10.23. * Bump pack from version CrowdStrikeFalcon to 1.10.24. * Replaced the 'is not empty' condition with the 'Is defined' condition for tasks 324 and 318 * changed the 'fromversion' to 6.5.0 * RN --------- Co-authored-by: Content Bot <bot@demisto.com> * [TestIsMaliciousIndicatorFound] - add sleep for indexing indicators (#27584) * Microsoft usgov support (#27025) https://jira-hq.paloaltonetworks.local/browse/CIAC-818 Adding support for All Azure clouds in Azure Key Vault, Azure Sentinel, Azure Kubernetes Service Adding support for all endpoints in Microsoft Defender for Endpoints * Generic Webhook enhancements (#27478) (#27596) * Added request header information to the rawJSON output. Restructures the rawJSON output to include header and body details. * Updated Release notes and pack_metadata.json * Updated Release notes. * Updated Release notes. * Updated Release notes. Updated docker version. * Adjusted raw_json output. Aligned README.md and release note. * Updated Docker Image * Update Packs/GenericWebhook/ReleaseNotes/1_0_25.md * Remove Authorization header details. * Updated Known_Words in .pack-ignore * Fixed header_name * fixed secret_header --------- Co-authored-by: Martin Ohl <Martin.Ohl@ohl-net.eu> Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * Update Docker Image To demisto/pymisp2 (#27607) * Updated Metadata Of Pack MISP * Added release notes to pack MISP * Packs/MISP/Integrations/MISPV3/MISPV3.yml Docker image update * Ciac 3134 workday logs (#27055) * new pack * unit tests * added logic, readme and unit tests. also modeling rules. * removed test data * format and pre-commit fixes * validations and pre commit fixes * rn * test * test * schema and from version * docker * modeling rules and demo rejects * display name of params * CR fixes * build fix * build fix * test * test * readme fix * docker * bug fix * rn * rn * Apply suggestions from code review Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * Update Packs/Workday/ReleaseNotes/1_3_1.md Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * Bump pack from version Workday to 1.3.2. * add logs and fixed a bug with duplications * added max fetch * added support for duplications and fix bugs * rn * rn and changed last run to contain all log * rn and docker * unit test fix * CR fixes * pre commit changes --------- Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> * CrowdStrike Falcon - Search endpoints by hash enchantment (#27594) * Added a condition -> "IsIntegrationEnabled" * Updated RN * Removed un-required tests * Bump pack from version CrowdStrikeFalcon to 1.10.26. * Update 1_10_26.md Updated RN * Update 1_10_26.md --------- Co-authored-by: Content Bot <bot@demisto.com> * MacOS Update (#27608) * Updated MacOS vendor product * Updated RN * Updated ReleaseNotes * fix workday parsing rule id (#27615) * fix workday parsing rule id * rn * move a line in the yml to the correct position (#27610) * move the line * RN * remove the Dev * docker image * remove the Dev * Barracuda Update (#27545) * Updated the ParsingRules logic * Updated ReleaseNotes * Updated ReleaseNotes * Updated .yml configs for IvantiPulseSecureVTM * Reverted Ivanti VTM changes * IvantiPulseSecureVTM .yml update * Delete IvantiPulseSecureVTM_ParsingRules.yml * Delete IvantiPulseSecureVTM_ModelingRules.yml * Updated ReleaseNotes * Updated ReleaseNotes * Reverted changed to Ivanti * Reverted IvantiPulseSecureVTM RN * Align credentials stores integrations- part 20 (#27534) * lign credentials stores integrations- part 20 * Carbon Black Live Response Cloud * added '.' * fix rl * fix unit tests * raise exception * SMB - fix path concatenation (#27604) * SMB - fix wrong path concatenation * added RNs * fixed RNs * updated docker image * Moved path creation to function * Updated func * updated RN * removed yml rename * 1.17.0 sdk release (#27618) * Update ewsv2 exc2019 (#26670) * update * test * changes * changes * final commands changes * clean code * update TPBs * rvert name change * revert name change * cr changes * fix name * fix TPBs * remove skip of perm_set field * fix tpb and validations * revert arg removal * remove added tpb * update memory threshold * fix ut * fix ut * Fix urllib.parse import in CommonServerPython (#27252) * Allow applying a new profile over an existing one in ***pan-os-apply-security-profile*** command (#27237) * Add XSOAR support for updating existing profile types * RN * fix UT * Update Packs/PAN-OS/ReleaseNotes/1_17_5.md Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * fix CR * RN * UT was added * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Update Packs/PAN-OS/Integrations/Panorama/Panorama.py Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * fix * flake8 * UT stability --------- Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> * Update Docker Image To demisto/splunksdk-py3 (#27263) * Updated Metadata Of Pack SplunkPy * Added release notes to pack SplunkPy * Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml Docker image update * Updated domain extraction playbook - changing .zip to a valid TLD (#27264) * Updated domain extraction playbook * some formatting. * Update playbook-Domain_extraction_test.yml * Update playbook-Domain_extraction_test.yml * Update Docker Image To demisto/duoadmin3 (#27268) * Updated Metadata Of Pack DuoAdminApi * Added release notes to pack DuoAdminApi * Packs/DuoAdminApi/Integrations/DuoEventCollector/DuoEventCollector.yml Docker image update * Packs/DuoAdminApi/Integrations/DuoAdminApi/DuoAdminApi.yml Docker image update * Update Docker Image To demisto/googleapi-python3 (#27267) * Updated Metadata Of Pack GoogleDrive * Added release notes to pack GoogleDrive * Packs/GoogleDrive/Integrations/GoogleDrive/GoogleDrive.yml Docker image update * Update Docker Image To demisto/python3 (#27266) * Updated Metadata Of Pack Darktrace * Added release notes to pack Darktrace * Packs/Darktrace/Integrations/DarktraceMBs/DarktraceMBs.yml Docker image update * Packs/Darktrace/Integrations/DarktraceAIA/DarktraceAIA.yml Docker image update * Updated Metadata Of Pack CybleEvents * Added release notes to pack CybleEvents * Packs/CybleEvents/Integrations/CybleEvents/CybleEvents.yml Docker image update * Updated Metadata Of Pack Censys * Added release notes to pack Censys * Packs/Censys/Integrations/CensysV2/CensysV2.yml Docker image update * Updated Metadata Of Pack VirusTotal * Added release notes to pack VirusTotal * Packs/VirusTotal/Integrations/FeedLivehunt/FeedLivehunt.yml Docker image update * Packs/VirusTotal/Integrations/FeedRetrohunt/FeedRetrohunt.yml Docker image update * Updated Metadata Of Pack CofenseIntelligenceV2 * Added release notes to pack CofenseIntelligenceV2 * Packs/CofenseIntelligenceV2/Integrations/CofenseIntelligenceV2/CofenseIntelligenceV2.yml Docker image update * Updated Metadata Of Pack CheckPointDome9 * Added release notes to pack CheckPointDome9 * Packs/CheckPointDome9/Integrations/CheckPointDome9/CheckPointDome9.yml Docker image update * Updated Metadata Of Pack Reco * Added release notes to pack Reco * Packs/Reco/Integrations/Reco/Reco.yml Docker image update * Updated Metadata Of Pack CimTrak-SystemIntegrityAssurance * Added release notes to pack CimTrak-SystemIntegrityAssurance * Packs/CimTrak-SystemIntegrityAssurance/Integrations/CimTrak/CimTrak.yml Docker image update * Update Docker Image To demisto/python3 (#27272) * Updated Metadata Of Pack FeedProofpoint * Added release notes to pack FeedProofpoint * Packs/FeedProofpoint/Integrations/FeedProofpoint/FeedProofpoint.yml Docker image update * Updated Metadata Of Pack FortiSIEM * Added release notes to pack FortiSIEM * Packs/FortiSIEM/Integrations/FortiSIEM/FortiSIEM.yml Docker image update * Updated Metadata Of Pack Ipstack * Added release notes to pack Ipstack * Packs/Ipstack/Integrations/Ipstack/Ipstack.yml Docker image update * Updated Metadata Of Pack SafeBreach * Added release notes to pack SafeBreach * Packs/SafeBreach/Integrations/SafeBreach_v2/SafeBreach_v2.yml Docker image update * Updated Metadata Of Pack RedCanary * Added release notes to pack RedCanary * Packs/RedCanary/Integrations/RedCanary/RedCanary.yml Docker image update * Updated Metadata Of Pack PiHole * Added release notes to pack PiHole * Packs/PiHole/Integrations/PiHole/PiHole.yml Docker image update * Updated Metadata Of Pack FeedDShield * Added release notes to pack FeedDShield * Packs/FeedDShield/Integrations/FeedDShield/FeedDShield.yml Docker image update * Updated Metadata Of Pack SafeNet_Trusted_Access * Added release notes to pack SafeNet_Trusted_Access * Packs/SafeNet_Trusted_Access/Integrations/SafeNetTrustedAccess/SafeNetTrustedAccess.yml Docker image update * Updated Metadata Of Pack OpenPhish * Added release notes to pack OpenPhish * Packs/OpenPhish/Integrations/OpenPhish_v2/OpenPhish_v2.yml Docker image update * Updated Metadata Of Pack NistNVD * Added release notes to pack NistNVD * Packs/NistNVD/Integrations/NistNVD/NistNVD.yml Docker image update * Updated Metadata Of Pack Cognni * Added release notes to pack Cognni * Packs/Cognni/Integrations/Cognni/Cognni.yml Docker image update * Updated Metadata Of Pack PANOSPolicyOptimizer * Added release notes to pack PANOSPolicyOptimizer * Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml Docker image update * Updated Metadata Of Pack DeveloperTools * Added release notes to pack DeveloperTools * Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml Docker image update * Packs/DeveloperTools/Integrations/CustomIndicatorDemo/CustomIndicatorDemo.yml Docker image update * Packs/DeveloperTools/Integrations/APIMetricsValidation/APIMetricsValidation.yml Docker image update * Updated Metadata Of Pack NozomiNetworks * Added release notes to pack NozomiNetworks * Packs/NozomiNetworks/Integrations/NozomiNetworks/NozomiNetworks.yml Docker image update * Updated Metadata Of Pack ANYRUN * Added release notes to pack ANYRUN * Packs/ANYRUN/Integrations/ANYRUN/ANYRUN.yml Docker image update * Updated Metadata Of Pack Carbon_Black_Enterprise_Response * Added release notes to pack Carbon_Black_Enterprise_Response * Packs/Carbon_Black_Enterprise_Response/Integrations/CarbonBlackResponseV2/CarbonBlackResponseV2.yml Docker image update * Updated Metadata Of Pack Absolute * Added release notes to pack Absolute * Packs/Absolute/Integrations/Absolute/Absolute.yml Docker image update * Updated Metadata Of Pack Ironscales * Added release notes to pack Ironscales * Packs/Ironscales/Integrations/Ironscales/Ironscales.yml Docker image update * Updated Metadata Of Pack FeedURLhaus * Added release notes to pack FeedURLhaus * Packs/FeedURLhaus/Integrations/FeedURLhaus/FeedURLhaus.yml Docker image update * Updated Metadata Of Pack Lokpath_Keylight * Added release notes to pack Lokpath_Keylight * Packs/Lokpath_Keylight/Integrations/Lockpath_KeyLight_v2/Lockpath_KeyLight_v2.yml Docker image update * Updated Metadata Of Pack FeedMISP * Added release notes to pack FeedMISP * Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml Docker image update * Updated Metadata Of Pack FraudWatch * Added release notes to pack FraudWatch * Packs/FraudWatch/Integrations/FraudWatch/FraudWatch.yml Docker image update * Updated Metadata Of Pack AbnormalSecurity * Added release notes to pack AbnormalSecurity * Packs/AbnormalSecurity/Integrations/AbnormalSecurityEventCollector/AbnormalSecurityEventCollector.yml Docker image update * Updated Metadata Of Pack CovalenceManagedSecurity * Added release notes to pack CovalenceManagedSecurity * Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/CovalenceManagedSecurity.yml Docker image update * Updated Metadata Of Pack IllusiveNetworks * Added release notes to pack IllusiveNetworks * Packs/IllusiveNetworks/Integrations/IllusiveNetworks/IllusiveNetworks.yml Docker image update * Updated Metadata Of Pack Edgescan * Added release notes to pack Edgescan * Packs/Edgescan/Integrations/Edgescan/Edgescan.yml Docker image update * Updated Metadata Of Pack PerceptionPoint * Added release notes to pack PerceptionPoint * Packs/PerceptionPoint/Integrations/PerceptionPoint/PerceptionPoint.yml Docker image update * Updated Metadata Of Pack Druva * Added release notes to pack Druva * Packs/Druva/Integrations/Druva/Druva.yml Docker image update * Updated Metadata Of Pack APIVoid * Added release notes to pack APIVoid * Packs/APIVoid/Integrations/APIVoid/APIVoid.yml Docker image update * Updated Metadata Of Pack PingIdentity * Added release notes to pack PingIdentity * Packs/PingIdentity/Integrations/PingOne/PingOne.yml Docker image update * Updated Metadata Of Pack cisco-ise * Added release notes to pack cisco-ise * Packs/cisco-ise/Integrations/cisco-ise/cisco-ise.yml Docker image update * Updated Metadata Of Pack SailPointIdentityIQ * Added release notes to pack SailPointIdentityIQ * Packs/SailPointIdentityIQ/Integrations/SailPointIdentityIQ/SailPointIdentityIQ.yml Docker image update * Updated Metadata Of Pack Cymulate * Added release notes to pack Cymulate * Packs/Cymulate/Integrations/Cymulate/Cymulate.yml Docker image update * Packs/Cymulate/Integrations/Cymulate_v2/Cymulate_v2.yml Docker image update * Updated Metadata Of Pack XSOARmirroring * Added release notes to pack XSOARmirroring * Packs/XSOARmirroring/Integrations/XSOARmirroring/XSOARmirroring.yml Docker image update * Updated Metadata Of Pack XMatters * Added release notes to pack XMatters * Packs/XMatters/Integrations/xMatters/xMatters.yml Docker image update * Updated Metadata Of Pack Zimperium * Added release notes to pack Zimperium * Packs/Zimperium/Integrations/Zimperium/Zimperium.yml Docker image update * Updated Metadata Of Pack RSANetWitnessEndpoint * Added release notes to pack RSANetWitnessEndpoint * Packs/RSANetWitnessEndpoint/Integrations/RSANetWitnessEndpoint/RSANetWitnessEndpoint.yml Docker image update * Updated Metadata Of Pack SymantecBlueCoatMalwareAnalysis * Added release notes to pack SymantecBlueCoatMalwareAnalysis * Packs/SymantecBlueCoatMalwareAnalysis/Integrations/SymantecBlueCoatMalwareAnalysis/SymantecBlueCoatMalwareAnalysis.yml Docker image update * Updated Metadata Of Pack InfoArmor_VigilanteATI * Added release notes to pack InfoArmor_VigilanteATI * Packs/InfoArmor_VigilanteATI/Integrations/InfoArmorVigilanteATI/InfoArmorVigilanteATI.yml Docker image update * Updated Metadata Of Pack AccentureCTI * Added release notes to pack AccentureCTI * Packs/AccentureCTI/Integrations/ACTIVulnerabilityQuery/ACTIVulnerabilityQuery.yml Docker image update * Updated Metadata Of Pack PingCastle * Added release notes to pack PingCastle * Packs/PingCastle/Integrations/PingCastle/PingCastle.yml Docker image update * Updated Metadata Of Pack MaxMind_GeoIP2 * Added release notes to pack MaxMind_GeoIP2 * Packs/MaxMind_GeoIP2/Integrations/MaxMind_GeoIP2/MaxMind_GeoIP2.yml Docker image update * Updated Metadata Of Pack Maltiverse * Added release notes to pack Maltiverse * Packs/Maltiverse/Integrations/Maltiverse/Maltiverse.yml Docker image update * Updated Metadata Of Pack CarbonBlackDefense * Added release notes to pack CarbonBlackDefense * Packs/CarbonBlackDefense/Integrations/CarbonBlackEndpointStandard/CarbonBlackEndpointStandard.yml Docker image update * Updated Metadata Of Pack AlienVault_USM_Anywhere * Added release notes to pack AlienVault_USM_Anywhere * Packs/AlienVault_USM_Anywhere/Integrations/AlienVault_USM_Anywhere/AlienVault_USM_Anywhere.yml Docker image update * Updated Metadata Of Pack ProofpointServerProtection * Added release notes to pack ProofpointServerProtection * Packs/ProofpointServerProtection/Integrations/ProofpointProtectionServerV2/ProofpointProtectionServerV2.yml Docker image update * Updated Metadata Of Pack OpsGenie * Added release notes to pack OpsGenie * Packs/OpsGenie/Integrations/OpsGenieV3/OpsGenieV3.yml Docker image update * Fixed lint and validate --------- Co-authored-by: sberman <sberman@paloaltonetworks.com> * Ignore modeling/parsing rules suffix error (#27274) * [EDL] Fixed a typo in the description (#27269) * Fixed a typo in the description * Update the docker image * Macos Regex Fix (#27270) * Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes * Updated ModelingRules * Updated ModelingRules * Cs falcon add tags to cs-falcon-upload-custom-ioc command (#27234) * CS Flacon add tags to upload-custom-ioc command * added RNs * Align credentials stores part 11 (#27253) * Align credentials part 11 * Trend Micro Apex * ignore * adding tests to hostlo * Trend Micro Apex tests * trend more test * change test * Syslogv2 was removed from xsiam marketplace (#27278) * remove Syslogv2 from xsiam marketplace * RN * known_words * Update Packs/Syslog/ReleaseNotes/2_0_16.md Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * DO --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * Microsoft Graph Single User - Edit documentation (#27275) * edit documentation * edit documentation * RN and DO * fix doc * mistake * ExtraHop release v2.1.0 (#27056) (#27279) * Update .devcontainer.json name * added changes related to ExtrHop 2.1.0 release --------- Co-authored-by: Crest Data Systems <60967033+crestdatasystems@users.noreply.github.com> Co-authored-by: crestdatasystems <crestdatasystems@users.noreply.github.com> * Recordedfuture listapi v1.0.0 (#26996) (#27281) * First version/implementation of new List Integration * Added new List integration * Updated validation step requirements and fixed tests to be working as expected * Updated test Coverage * Version bump and fixed frombersion for list app * Added custom content, incident type and classifier for coderepo leakage * Updated some documentation and fixed dockerimages * Bumped version of playbook alert app * Fixed changelog for 1.6.0 to not include an old change * fixed type0 in changelog * removed base64 import * Updated release notes * Update based on review * Removed references to old playbook alerts documentation from creation of integration --------- Co-authored-by: recordedfuture-simonhornestedt <109588368+recordedfuture-simonhornestedt@users.noreply.github.com> Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * fix bug by convert the password to bytes (#27283) * fix bug by convert the password to bytes * commit * update RN and Docker * comment corrections * commit * [greynoise-266] - Add greynoise-similar and greynoise-timeline commands (#27067) (#27291) * add sim and timeline updates * fix test file prints * update readme fix tests * updates to readme for pre-commit * updates from pre-commit run * more linting updates * update secrets * fix url in timeline Co-authored-by: Brad Chiappetta <38439955+bradchiappetta@users.noreply.github.com> * [ASM] - Expandr 4075 (#27258) (#27287) * init * RN * fix RN * Apply suggestions from code review -----…
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
Contributor
@xsoar-hmk
Video Link
Short demo video of the Pack usage. Speeds up the review. Optional but recommended. Use a video sharing service such as Google Drive or YouTube.