From 32f0ef70245352d54473551352baa631da278037 Mon Sep 17 00:00:00 2001 From: maimorag Date: Sun, 25 Jun 2023 18:27:18 +0300 Subject: [PATCH 01/11] align --- Packs/CheckPhish/.pack-ignore | 2 +- Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.yml | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Packs/CheckPhish/.pack-ignore b/Packs/CheckPhish/.pack-ignore index 573b1af4e1c6..f58946f9a513 100644 --- a/Packs/CheckPhish/.pack-ignore +++ b/Packs/CheckPhish/.pack-ignore @@ -1,2 +1,2 @@ [file:CheckPhish.yml] -ignore=IN135,IN145 +ignore=IN135 diff --git a/Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.yml b/Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.yml index bc217faaa3b4..02b4dbdd3f47 100644 --- a/Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.yml +++ b/Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.yml @@ -10,8 +10,9 @@ configuration: type: 0 - display: API Token name: token - required: true + required: false type: 4 + hidden: true - display: 'Good Dispositions (CheckPhish labels for non-phishing URLs. Default is "clean")' name: good_disp options: @@ -206,5 +207,5 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.11.54132 + dockerimage: demisto/python3:3.10.12.63474 fromversion: 5.0.0 From 26c618e98df5f026407d4c4170dfd4a451a9736a Mon Sep 17 00:00:00 2001 From: maimorag Date: Mon, 26 Jun 2023 11:09:37 +0300 Subject: [PATCH 02/11] Align credentials stores - part 26 --- Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.py | 6 ++++-- Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.yml | 5 +++++ Packs/CheckPhish/ReleaseNotes/1_0_18.md | 6 ++++++ Packs/CheckPhish/pack_metadata.json | 2 +- Packs/isight/.pack-ignore | 2 +- Packs/isight/Integrations/FireEyeISIGHT/FireEyeISIGHT.js | 5 ++++- Packs/isight/Integrations/FireEyeISIGHT/FireEyeISIGHT.yml | 8 +++++++- Packs/isight/ReleaseNotes/1_0_3.md | 5 +++++ Packs/isight/pack_metadata.json | 2 +- 9 files changed, 34 insertions(+), 7 deletions(-) create mode 100644 Packs/CheckPhish/ReleaseNotes/1_0_18.md create mode 100644 Packs/isight/ReleaseNotes/1_0_3.md diff --git a/Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.py b/Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.py index e24b36cb07ad..812eeaf4e5f4 100644 --- a/Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.py +++ b/Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.py @@ -226,7 +226,9 @@ def main(): good_disp = argToList(demisto_params.get('good_disp')) susp_disp = argToList(demisto_params.get('susp_disp')) bad_disp = argToList(demisto_params.get('bad_disp')) - + api_key = demisto_params.get('credentials_api_token', {}).get('password') or demisto_params.get('token') + if not api_key: + raise DemistoException('API token must be provided.') unite_dispositions(good_disp, susp_disp, bad_disp) reliability = demisto_params.get('integrationReliability') @@ -239,7 +241,7 @@ def main(): params = { 'base_url': demisto_params['url'], - 'api_key': demisto_params.get('token'), + 'api_key': api_key, 'use_ssl': not demisto_params.get('insecure', False), 'reliability': reliability } diff --git a/Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.yml b/Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.yml index 02b4dbdd3f47..a03bb07a7988 100644 --- a/Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.yml +++ b/Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.yml @@ -13,6 +13,11 @@ configuration: required: false type: 4 hidden: true +- displaypassword: API Token + name: credentials_api_token + required: false + hiddenusername: true + type: 9 - display: 'Good Dispositions (CheckPhish labels for non-phishing URLs. Default is "clean")' name: good_disp options: diff --git a/Packs/CheckPhish/ReleaseNotes/1_0_18.md b/Packs/CheckPhish/ReleaseNotes/1_0_18.md new file mode 100644 index 000000000000..4797909d9f24 --- /dev/null +++ b/Packs/CheckPhish/ReleaseNotes/1_0_18.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### CheckPhish +- Added the *API Token* integration parameters to support credentials fetching object. +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/CheckPhish/pack_metadata.json b/Packs/CheckPhish/pack_metadata.json index 938c55421f63..637c70cca517 100644 --- a/Packs/CheckPhish/pack_metadata.json +++ b/Packs/CheckPhish/pack_metadata.json @@ -2,7 +2,7 @@ "name": "CheckPhish", "description": "Check any URL to detect supsicious behavior.", "support": "xsoar", - "currentVersion": "1.0.17", + "currentVersion": "1.0.18", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/isight/.pack-ignore b/Packs/isight/.pack-ignore index c486bc4367a4..adb53639f2c4 100644 --- a/Packs/isight/.pack-ignore +++ b/Packs/isight/.pack-ignore @@ -1,2 +1,2 @@ [file:FireEyeISIGHT.yml] -ignore=IN144,IN145,IN107 +ignore=IN144,IN107 diff --git a/Packs/isight/Integrations/FireEyeISIGHT/FireEyeISIGHT.js b/Packs/isight/Integrations/FireEyeISIGHT/FireEyeISIGHT.js index 24c0cb3d54db..f6dbd8d6d95e 100644 --- a/Packs/isight/Integrations/FireEyeISIGHT/FireEyeISIGHT.js +++ b/Packs/isight/Integrations/FireEyeISIGHT/FireEyeISIGHT.js @@ -1,7 +1,7 @@ var baseUrl = 'https://api.isightpartners.com'; // iSight base url var publicKey = params.publicKey; -var privateKey = params.privateKey; +var privateKey = params.credentials_private_key? params.credentials_private_key.password : params.privateKey; var acceptVersion = params.version; var insecure = params.insecure; var proxy = params.proxy; @@ -45,6 +45,9 @@ var getHeaders = function(query) { } else if (timestamp.indexOf('-') > 0) { timestamp = timestamp.substring(0,timestamp.indexOf('-')); } + if (!privateKey){ + return DemistoException('Private Key must be provided.') + } message = query + acceptVersion + 'application/json' + timestamp; hashed = HMAC_SHA256_MAC(privateKey, message); diff --git a/Packs/isight/Integrations/FireEyeISIGHT/FireEyeISIGHT.yml b/Packs/isight/Integrations/FireEyeISIGHT/FireEyeISIGHT.yml index 4a2ba1062a9f..1c2aec430868 100644 --- a/Packs/isight/Integrations/FireEyeISIGHT/FireEyeISIGHT.yml +++ b/Packs/isight/Integrations/FireEyeISIGHT/FireEyeISIGHT.yml @@ -15,7 +15,13 @@ configuration: name: privateKey defaultvalue: "" type: 4 - required: true + required: false + hidden: true +- displaypassword: Private Key + name: credentials_private_key + required: false + hiddenusername: true + type: 9 - display: Version name: version defaultvalue: "2.5" diff --git a/Packs/isight/ReleaseNotes/1_0_3.md b/Packs/isight/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..40282220327e --- /dev/null +++ b/Packs/isight/ReleaseNotes/1_0_3.md @@ -0,0 +1,5 @@ + +#### Integrations + +##### FireEye iSIGHT +- Added the *Private Key* integration parameters to support credentials fetching object. diff --git a/Packs/isight/pack_metadata.json b/Packs/isight/pack_metadata.json index 9a222bde7569..05835486babb 100644 --- a/Packs/isight/pack_metadata.json +++ b/Packs/isight/pack_metadata.json @@ -2,7 +2,7 @@ "name": "FireEye iSIGHT", "description": "FireEye cyber threat intelligence", "support": "xsoar", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From fa3f977c17e2172f4a372ac714aa8036b99c2049 Mon Sep 17 00:00:00 2001 From: maimorag Date: Mon, 26 Jun 2023 11:42:41 +0300 Subject: [PATCH 03/11] fix --- Packs/isight/Integrations/FireEyeISIGHT/FireEyeISIGHT.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/isight/Integrations/FireEyeISIGHT/FireEyeISIGHT.js b/Packs/isight/Integrations/FireEyeISIGHT/FireEyeISIGHT.js index f6dbd8d6d95e..679bbd205b9f 100644 --- a/Packs/isight/Integrations/FireEyeISIGHT/FireEyeISIGHT.js +++ b/Packs/isight/Integrations/FireEyeISIGHT/FireEyeISIGHT.js @@ -46,7 +46,7 @@ var getHeaders = function(query) { timestamp = timestamp.substring(0,timestamp.indexOf('-')); } if (!privateKey){ - return DemistoException('Private Key must be provided.') + throw('Private Key must be provided.') } message = query + acceptVersion + 'application/json' + timestamp; hashed = HMAC_SHA256_MAC(privateKey, message); From b5aca457584c7d0a74b815a23fb48172d2a61e8b Mon Sep 17 00:00:00 2001 From: maimorag Date: Mon, 26 Jun 2023 11:46:32 +0300 Subject: [PATCH 04/11] fix rl --- Packs/isight/ReleaseNotes/1_0_3.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/isight/ReleaseNotes/1_0_3.md b/Packs/isight/ReleaseNotes/1_0_3.md index 40282220327e..99c15918de80 100644 --- a/Packs/isight/ReleaseNotes/1_0_3.md +++ b/Packs/isight/ReleaseNotes/1_0_3.md @@ -2,4 +2,4 @@ #### Integrations ##### FireEye iSIGHT -- Added the *Private Key* integration parameters to support credentials fetching object. +Added the *Private Key* integration parameters to support credentials fetching object. From 681c7cec3fd51d636dbcb9f5d11d54ae925dfc5f Mon Sep 17 00:00:00 2001 From: maimorag Date: Mon, 26 Jun 2023 14:19:29 +0300 Subject: [PATCH 05/11] added commands to readme --- .../Integrations/FireEyeISIGHT/README.md | 133 ++++++++++++++++++ 1 file changed, 133 insertions(+) diff --git a/Packs/isight/Integrations/FireEyeISIGHT/README.md b/Packs/isight/Integrations/FireEyeISIGHT/README.md index e69de29bb2d1..fe6548839d98 100644 --- a/Packs/isight/Integrations/FireEyeISIGHT/README.md +++ b/Packs/isight/Integrations/FireEyeISIGHT/README.md @@ -0,0 +1,133 @@ + +### ip + +*** +basic search reports by ip + +#### Base Command + +`ip` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| ip | ip to search by. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| DBotScore.Indicator | unknown | The indicator we tested | +| DBotScore.Type | unknown | The type of the indicator | +| DBotScore.Vendor | unknown | Vendor used to calculate the score | +| DBotScore.Score | unknown | The actual score | +| IP.Address | unknown | The IP address | +| Report.ID | unknown | Report ID | +| Report.title | unknown | Report title | +| Report.publishDate | unknown | Report publish date | +| Report.intelligenceType | unknown | Report intelligence type \(overview, vulnerability, malware, threat\) | +### domain + +*** +basic search reports by domain + +#### Base Command + +`domain` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| domain | domain to search by. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| DBotScore.Indicator | unknown | The indicator we tested | +| DBotScore.Type | unknown | The type of the indicator | +| DBotScore.Vendor | unknown | Vendor used to calculate the score | +| DBotScore.Score | unknown | The actual score | +| Domain.Name | unknown | The domain name. | +| Report.ID | unknown | Report ID | +| Report.title | unknown | Report title | +| Report.publishDate | unknown | Report publish date | +| Report.intelligenceType | unknown | Report intelligence type \(overview, vulnerability, malware, threat\) | +### file + +*** +basic search file report by md5/sha1. NOTE - specify only one of md5/sha1 arguments + +#### Base Command + +`file` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| file | md5 or sha1 to search by. | Optional | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| DBotScore.Indicator | unknown | The indicator we tested | +| DBotScore.Type | unknown | The type of the indicator | +| DBotScore.Vendor | unknown | Vendor used to calculate the score | +| DBotScore.Score | unknown | The actual score | +| Report.ID | unknown | Report ID | +| Report.title | unknown | Report title | +| Report.publishDate | unknown | Report publish date | +| Report.intelligenceType | unknown | Report intelligence type \(overview, vulnerability, malware, threat\) | +### isight-get-report + +*** +Get specific report + +#### Base Command + +`isight-get-report` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| reportID | Report ID to search by. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| Report.ID | unknown | Report ID | +| Report.title | unknown | Report title | +| Report.publishDate | unknown | Report publish date | +| Report.intelligenceType | unknown | Report intelligence type \(overview, vulnerability, malware, threat\) | +| Report.audience | unknown | Report audience | +| Report.ThreatScape | unknown | Report threat scape | +| Report.operatingSystems | unknown | Report operating systems | +| Report.riskRating | unknown | Report risk rating | +| Report.version | unknown | Report version | +| Report.tagSection | unknown | Report tag section | +### isight-submit-file + +*** +Submission of malware and other files for community sharing + +#### Base Command + +`isight-submit-file` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| entryID | entry-id of the file to submit (e.g. 41@18). | Required | +| description | file description. | Required | +| type | Type of the given file. Possible values are: malware, other. | Required | + +#### Context Output + +There is no context output for this command. \ No newline at end of file From 00b2ee3b644197e80a8269ccdb68411f9f525d5a Mon Sep 17 00:00:00 2001 From: maimorag Date: Mon, 26 Jun 2023 14:24:28 +0300 Subject: [PATCH 06/11] add description --- .../Integrations/FireEyeISIGHT/FireEyeISIGHT_description.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 Packs/isight/Integrations/FireEyeISIGHT/FireEyeISIGHT_description.md diff --git a/Packs/isight/Integrations/FireEyeISIGHT/FireEyeISIGHT_description.md b/Packs/isight/Integrations/FireEyeISIGHT/FireEyeISIGHT_description.md new file mode 100644 index 000000000000..41a5c9776f03 --- /dev/null +++ b/Packs/isight/Integrations/FireEyeISIGHT/FireEyeISIGHT_description.md @@ -0,0 +1,3 @@ +## FireEye iSIGHT +FireEye iSIGHT is a cybersecurity intelligence platform that provides organizations with comprehensive threat intelligence and analysis. +It offers real-time monitoring and detection of emerging cyber threats, allowing businesses to proactively defend against attacks. From 8035fa82a8fc865da4925d907be0e249228adaa3 Mon Sep 17 00:00:00 2001 From: maimorag Date: Thu, 29 Jun 2023 13:54:16 +0300 Subject: [PATCH 07/11] checkfish --- Tests/conf.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Tests/conf.json b/Tests/conf.json index bffffdbc957d..8cc6a0536294 100644 --- a/Tests/conf.json +++ b/Tests/conf.json @@ -5751,7 +5751,8 @@ "LogRhythm": "The integration is deprecated", "Threat Grid": "No instance & Depreceated, replaced by ThreatGridv2", "ThreatGridv2": "No instance - developed by Qmasters", - "SentinelOne V2": "No instance - developed by partner" + "SentinelOne V2": "No instance - developed by partner", + "CheckPhish": "Issue CRTX-86562" }, "nightly_packs": [ "CommonScripts", From 8e64190854cd234596d3ffc8a7cc531aa209cb14 Mon Sep 17 00:00:00 2001 From: maimorag Date: Thu, 29 Jun 2023 13:54:49 +0300 Subject: [PATCH 08/11] commit revert --- Tests/conf.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Tests/conf.json b/Tests/conf.json index 8cc6a0536294..bffffdbc957d 100644 --- a/Tests/conf.json +++ b/Tests/conf.json @@ -5751,8 +5751,7 @@ "LogRhythm": "The integration is deprecated", "Threat Grid": "No instance & Depreceated, replaced by ThreatGridv2", "ThreatGridv2": "No instance - developed by Qmasters", - "SentinelOne V2": "No instance - developed by partner", - "CheckPhish": "Issue CRTX-86562" + "SentinelOne V2": "No instance - developed by partner" }, "nightly_packs": [ "CommonScripts", From 7b2370ec386824f5da3575d51d8f70351957bb56 Mon Sep 17 00:00:00 2001 From: maimorag Date: Thu, 29 Jun 2023 13:55:27 +0300 Subject: [PATCH 09/11] commit --- Tests/conf.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Tests/conf.json b/Tests/conf.json index bffffdbc957d..8cc6a0536294 100644 --- a/Tests/conf.json +++ b/Tests/conf.json @@ -5751,7 +5751,8 @@ "LogRhythm": "The integration is deprecated", "Threat Grid": "No instance & Depreceated, replaced by ThreatGridv2", "ThreatGridv2": "No instance - developed by Qmasters", - "SentinelOne V2": "No instance - developed by partner" + "SentinelOne V2": "No instance - developed by partner", + "CheckPhish": "Issue CRTX-86562" }, "nightly_packs": [ "CommonScripts", From 0b99d5280a2b230dcf0d791ffcff4e10424ba5f0 Mon Sep 17 00:00:00 2001 From: Mai Morag <81917647+maimorag@users.noreply.github.com> Date: Thu, 29 Jun 2023 16:12:23 +0300 Subject: [PATCH 10/11] Update Packs/isight/ReleaseNotes/1_0_3.md Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> --- Packs/isight/ReleaseNotes/1_0_3.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/isight/ReleaseNotes/1_0_3.md b/Packs/isight/ReleaseNotes/1_0_3.md index 99c15918de80..aab876908522 100644 --- a/Packs/isight/ReleaseNotes/1_0_3.md +++ b/Packs/isight/ReleaseNotes/1_0_3.md @@ -2,4 +2,4 @@ #### Integrations ##### FireEye iSIGHT -Added the *Private Key* integration parameters to support credentials fetching object. +Added the *Private Key* integration parameter to support credentials fetching object. From 42934c02d64fb92ba716008d1a7684d69b734a64 Mon Sep 17 00:00:00 2001 From: Mai Morag <81917647+maimorag@users.noreply.github.com> Date: Thu, 29 Jun 2023 16:12:32 +0300 Subject: [PATCH 11/11] Update Packs/CheckPhish/ReleaseNotes/1_0_18.md Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> --- Packs/CheckPhish/ReleaseNotes/1_0_18.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/CheckPhish/ReleaseNotes/1_0_18.md b/Packs/CheckPhish/ReleaseNotes/1_0_18.md index 4797909d9f24..7d1e18f6481f 100644 --- a/Packs/CheckPhish/ReleaseNotes/1_0_18.md +++ b/Packs/CheckPhish/ReleaseNotes/1_0_18.md @@ -2,5 +2,5 @@ #### Integrations ##### CheckPhish -- Added the *API Token* integration parameters to support credentials fetching object. +- Added the *API Token* integration parameter to support credentials fetching object. - Updated the Docker image to: *demisto/python3:3.10.12.63474*.