Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incident context core pb fix #27546

Merged
merged 5 commits into from Jun 19, 2023
Merged

Incident context core pb fix #27546

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
2bf8ad2
change setparentincident tasks to skipunavailable:true
OmriItzhak Jun 18, 2023
95accfc
RN after changed setparentincident tasks to skipunavailable:true
OmriItzhak Jun 18, 2023
44bf7f9
fix for validation errors
OmriItzhak Jun 18, 2023
ae5aba1
RN after fix for validation errors
OmriItzhak Jun 18, 2023
2883880
fix for validation error
OmriItzhak Jun 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
9 changes: 6 additions & 3 deletions Packs/CommonPlaybooks/Playbooks/playbook-Ticket_Management_-_Generic.yml
View file
Open in desktop
Expand Up @@ -63,6 +63,9 @@ tasks:
description:
complex:
root: inputs.description
serviceNowAssignmentGroup:
complex:
root: inputs.serviceNowAssignmentGroup
serviceNowCategory:
complex:
root: inputs.serviceNowCategory
Expand Down Expand Up @@ -272,7 +275,7 @@ tasks:
note: false
timertriggers: []
ignoreworker: false
skipunavailable: false
skipunavailable: true
quietmode: 0
isoversize: false
isautoswitchedtoquietmode: false
Expand Down Expand Up @@ -336,7 +339,7 @@ tasks:
note: false
timertriggers: []
ignoreworker: false
skipunavailable: false
skipunavailable: true
quietmode: 0
isoversize: false
isautoswitchedtoquietmode: false
Expand Down Expand Up @@ -402,7 +405,7 @@ tasks:
note: false
timertriggers: []
ignoreworker: false
skipunavailable: false
skipunavailable: true
quietmode: 0
isoversize: false
isautoswitchedtoquietmode: false
Expand Down
5 changes: 5 additions & 0 deletions Packs/CommonPlaybooks/ReleaseNotes/2_3_76.md
View file
Open in desktop
@@ -0,0 +1,5 @@

#### Playbooks

##### Ticket Management - Generic
Added skip if unavailable for `setParentIncidentContext` tasks.
2 changes: 1 addition & 1 deletion Packs/CommonPlaybooks/pack_metadata.json
View file
Open in desktop
Expand Up @@ -2,7 +2,7 @@
"name": "Common Playbooks",
"description": "Frequently used playbooks pack.",
"support": "xsoar",
"currentVersion": "2.3.75",
"currentVersion": "2.3.76",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down
2 changes: 1 addition & 1 deletion Packs/Core/Playbooks/playbook-Cloud_IAM_User_Access_Investigation.yml
View file
Open in desktop
Expand Up @@ -837,7 +837,7 @@ tasks:
note: false
timertriggers: []
ignoreworker: false
skipunavailable: false
skipunavailable: true
quietmode: 2
isoversize: false
isautoswitchedtoquietmode: false
Expand Down
2 changes: 1 addition & 1 deletion Packs/Core/Playbooks/playbook-IOC_Alert.yml
View file
Open in desktop
Expand Up @@ -1164,7 +1164,7 @@ tasks:
note: false
timertriggers: []
ignoreworker: false
skipunavailable: false
skipunavailable: true
quietmode: 2
isoversize: false
isautoswitchedtoquietmode: false
Expand Down
2 changes: 1 addition & 1 deletion Packs/Core/Playbooks/playbook-Impossible_Traveler.yml
View file
Open in desktop
Expand Up @@ -1119,7 +1119,7 @@ tasks:
note: false
timertriggers: []
ignoreworker: false
skipunavailable: false
skipunavailable: true
quietmode: 2
isoversize: false
isautoswitchedtoquietmode: false
Expand Down
2 changes: 1 addition & 1 deletion Packs/Core/Playbooks/playbook-Local_Analysis_alert_Investigation.yml
View file
Open in desktop
Expand Up @@ -1946,7 +1946,7 @@ tasks:
note: false
timertriggers: []
ignoreworker: false
skipunavailable: false
skipunavailable: true
quietmode: 2
isoversize: false
isautoswitchedtoquietmode: false
Expand Down
2 changes: 1 addition & 1 deletion Packs/Core/Playbooks/playbook-NGFW_Internal_Scan.yml
View file
Open in desktop
Expand Up @@ -673,7 +673,7 @@ tasks:
note: false
timertriggers: []
ignoreworker: false
skipunavailable: false
skipunavailable: true
quietmode: 2
isoversize: false
isautoswitchedtoquietmode: false
Expand Down
2 changes: 1 addition & 1 deletion Packs/Core/Playbooks/playbook-NGFW_Scan.yml
View file
Open in desktop
Expand Up @@ -1307,7 +1307,7 @@ tasks:
note: false
timertriggers: []
ignoreworker: false
skipunavailable: false
skipunavailable: true
quietmode: 2
isoversize: false
isautoswitchedtoquietmode: false
Expand Down
2 changes: 1 addition & 1 deletion Packs/Core/Playbooks/playbook-Ransomware_Response.yml
View file
Open in desktop
Expand Up @@ -1351,7 +1351,7 @@ tasks:
note: false
timertriggers: []
ignoreworker: false
skipunavailable: false
skipunavailable: true
quietmode: 2
isoversize: false
isautoswitchedtoquietmode: false
Expand Down
2 changes: 1 addition & 1 deletion Packs/Core/Playbooks/playbook-T1036_-_Masquerading.yml
View file
Open in desktop
Expand Up @@ -1315,7 +1315,7 @@ tasks:
note: false
timertriggers: []
ignoreworker: false
skipunavailable: false
skipunavailable: true
quietmode: 2
isoversize: false
isautoswitchedtoquietmode: false
Expand Down
2 changes: 1 addition & 1 deletion Packs/Core/Playbooks/playbook-T1059_-_Command_and_Scripting_Interpreter.yml
View file
Open in desktop
Expand Up @@ -1287,7 +1287,7 @@ tasks:
note: false
timertriggers: []
ignoreworker: false
skipunavailable: false
skipunavailable: true
quietmode: 2
isoversize: false
isautoswitchedtoquietmode: false
Expand Down
2 changes: 1 addition & 1 deletion Packs/Core/Playbooks/playbook-WildFire_Malware.yml
View file
Open in desktop
Expand Up @@ -1755,7 +1755,7 @@ tasks:
note: false
timertriggers: []
ignoreworker: false
skipunavailable: false
skipunavailable: true
quietmode: 2
isoversize: false
isautoswitchedtoquietmode: false
Expand Down
2 changes: 1 addition & 1 deletion Packs/Core/Playbooks/playbook-XCloud_Cryptomining.yml
View file
Open in desktop
Expand Up @@ -98,7 +98,7 @@ tasks:
note: false
timertriggers: []
ignoreworker: false
skipunavailable: false
skipunavailable: true
quietmode: 0
isoversize: false
isautoswitchedtoquietmode: false
Expand Down
36 changes: 36 additions & 0 deletions Packs/Core/ReleaseNotes/1_4_3.md
View file
Open in desktop
@@ -0,0 +1,36 @@

#### Playbooks

##### T1059 - Command and Scripting Interpreter
- Added skip if unavailable for `Set Incident Severity to High` task.

##### IOC Alert
- Added skip if unavailable for `Set Incident Severity to High` task.

##### Local Analysis alert Investigation
- Added skip if unavailable for `Set Incident Severity to High` task.

##### T1036 - Masquerading
- Added skip if unavailable for `Set Incident Severity to High` task.

##### Cloud IAM User Access Investigation
- Added skip if unavailable for `Set Incident Severity to High` task.

##### Impossible Traveler Response
- Added skip if unavailable for `Set Incident Severity to High` task.

##### XCloud Cryptojacking
- Added skip if unavailable for `Set Incident Severity to High` task.

##### NGFW Scan
- Added skip if unavailable for `Set Incident Severity to High` task.

##### NGFW Internal Scan
- Added skip if unavailable for `Set Incident Severity to High` task.

##### WildFire Malware
- Added skip if unavailable for `Set Incident Severity to High` task.

##### Ransomware Response
- Added skip if unavailable for `Set Incident Severity to High` task.

2 changes: 1 addition & 1 deletion Packs/Core/pack_metadata.json
View file
Open in desktop
Expand Up @@ -2,7 +2,7 @@
"name": "Core - Investigation and Response",
"description": "Automates incident response",
"support": "xsoar",
"currentVersion": "1.4.2",
"currentVersion": "1.4.3",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down
7 changes: 6 additions & 1 deletion Packs/ServiceNow/Playbooks/playbook-ServiceNow_-_Ticket_Management.yml
View file
Open in desktop
Expand Up @@ -686,7 +686,7 @@ tasks:
root: inputs.serviceNowCategory
comments:
complex:
root: inputs.Comment
root: inputs.CommentToAdd
description:
complex:
root: inputs.description
Expand Down Expand Up @@ -832,6 +832,11 @@ inputs:
required: false
description: 'Whether to open a new ticket or to add a new comment. Possible values: NewTicket/AddComment.'
playbookInputQuery:
- key: serviceNowAssignmentGroup
value: {}
required: false
description: The group to which to assign the new ticket.
playbookInputQuery:
outputs:
- contextPath: ServiceNow.Ticket.ID
description: ServiceNow Ticket ID.
Expand Down
1 change: 1 addition & 0 deletions Packs/ServiceNow/Playbooks/playbook-ServiceNow_-_Ticket_Management_README.md
View file
Open in desktop
Expand Up @@ -39,6 +39,7 @@ This playbook does not use any scripts.
| addCommentPerEndpoint | Whether to add a new comment to the ticket for each endpoint in the incident. Possible values: True/False. | True | Optional |
| serviceNowShortDescription | A short description of the ticket. | | Optional |
| Action | Whether to open a new ticket or to add a new comment. Possible values: NewTicket/AddComment. | | Optional |
| serviceNowAssignmentGroup | The group to which to assign the new ticket. | | Optional |

## Playbook Outputs

Expand Down
5 changes: 5 additions & 0 deletions Packs/ServiceNow/ReleaseNotes/2_5_29.md
View file
Open in desktop
@@ -0,0 +1,5 @@

#### Playbooks

##### ServiceNow - Ticket Management
- Added input `serviceNowAssignmentGroup` - This input determines the group to which to assign the new ticket.
2 changes: 1 addition & 1 deletion Packs/ServiceNow/pack_metadata.json
View file
Open in desktop
Expand Up @@ -2,7 +2,7 @@
"name": "ServiceNow",
"description": "Use The ServiceNow IT Service Management (ITSM) solution to modernize the way you manage and deliver services to your users.",
"support": "xsoar",
"currentVersion": "2.5.28",
"currentVersion": "2.5.29",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down