From 4003b6ef044eeebc07d400f08dee5960942a447b Mon Sep 17 00:00:00 2001 From: darkushin Date: Tue, 18 Jul 2023 11:24:20 +0300 Subject: [PATCH 01/13] ThreatExchange integration --- .../Integrations/ThreatExchangeV2/README.md | 17 ++++----- .../ThreatExchangeV2/ThreatExchangeV2.py | 35 +++++++++++++++---- .../ThreatExchangeV2/ThreatExchangeV2.yml | 24 +++++++++++-- Packs/ThreatExchange/ReleaseNotes/2_0_12.md | 6 ++++ Packs/ThreatExchange/pack_metadata.json | 2 +- 5 files changed, 66 insertions(+), 18 deletions(-) create mode 100644 Packs/ThreatExchange/ReleaseNotes/2_0_12.md diff --git a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/README.md b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/README.md index 9b23fdc41887..c19336138fcf 100644 --- a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/README.md +++ b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/README.md @@ -284,13 +284,14 @@ Checks URL Reputation `url` #### Input -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| url | URL to be checked. | Required | -| limit | The maximum number of results per page. The maximum is 1000. Default is 20. | Optional | -| headers | A comma-separated list of headers to display in human-readable format. For example: header1,header2,header3. | Optional | -| since | The start timestamp for collecting malware. Supported time formats: epoch time (e.g., 1619870400), ISO 8601 (e.g., 2021-05-01T12:00:00), and free text (e.g., 24 hours ago). | Optional | -| until | The end timestamp for collecting malware. Supported time formats: epoch time (e.g., 1619870400), ISO 8601 (e.g., 2021-05-01T12:00:00), and free text (e.g., 24 hours ago). | Optional | +| **Argument Name** | **Description** | **Required** | +|-------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| --- | +| url | URL to be checked. | Required | +| limit | The maximum number of results per page. The maximum is 1000. Default is 20. | Optional | +| headers | A comma-separated list of headers to display in human-readable format. For example: header1,header2,header3. | Optional | +| since | The start timestamp for collecting malware. Supported time formats: epoch time (e.g., 1619870400), ISO 8601 (e.g., 2021-05-01T12:00:00), and free text (e.g., 24 hours ago). | Optional | +| until | The end timestamp for collecting malware. Supported time formats: epoch time (e.g., 1619870400), ISO 8601 (e.g., 2021-05-01T12:00:00), and free text (e.g., 24 hours ago). | Optional | +| share_level | A designation of how the indicator may be shared, based on the US-CERT's Traffic Light Protocol. Default is RED. | Optional | #### Context Output @@ -421,7 +422,7 @@ Checks domain reputation. | headers | A comma-separated list of headers to display in human-readable format. For example: header1,header2,header3. | Optional | | since | The start timestamp for collecting malware. Supported time formats: epoch time (e.g., 1619870400), ISO 8601 (e.g., 2021-05-01T12:00:00), and free text (e.g., 24 hours ago). | Optional | | until | The end timestamp for collecting malware. Supported time formats: epoch time (e.g., 1619870400), ISO 8601 (e.g., 2021-05-01T12:00:00), and free text (e.g., 24 hours ago). | Optional | - +| share_level | A designation of how the indicator may be shared, based on the US-CERT's Traffic Light Protocol. Default is RED. | Optional | #### Context Output diff --git a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.py b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.py index 99d02fedda73..9f21126b886c 100644 --- a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.py +++ b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.py @@ -102,7 +102,7 @@ def file(self, file: str, since: Optional[int], until: Optional[int], limit: Opt ) return response - def domain(self, domain: str, since: Optional[int], until: Optional[int], + def domain(self, domain: str, since: Optional[int], until: Optional[int], share_level: str, limit: Optional[int] = DEFAULT_LIMIT) -> Dict: """ See Also: @@ -111,6 +111,7 @@ def domain(self, domain: str, since: Optional[int], until: Optional[int], domain: Domain since: Returns malware collected after a timestamp until: Returns malware collected before a timestamp + share_level: A designation of how the indicator may be shared, based on the US-CERT's Traffic Light Protocol. limit: Defines the maximum size of a page of results. The maximum is 1,000 Returns: The API call response @@ -126,12 +127,14 @@ def domain(self, domain: str, since: Optional[int], until: Optional[int], 'strict_text': True, 'since': since, 'until': until, - 'limit': limit + 'limit': limit, + 'share_level': share_level }) ) return response - def url(self, url: str, since: Optional[int], until: Optional[int], limit: Optional[int] = DEFAULT_LIMIT) -> Dict: + def url(self, url: str, since: Optional[int], until: Optional[int], share_level: str, + limit: Optional[int] = DEFAULT_LIMIT) -> Dict: """ See Also: https://developers.facebook.com/docs/threat-exchange/reference/apis/threat-descriptors @@ -139,6 +142,7 @@ def url(self, url: str, since: Optional[int], until: Optional[int], limit: Optio url: URL since: Returns malware collected after a timestamp until: Returns malware collected before a timestamp + share_level: A designation of how the indicator may be shared, based on the US-CERT's Traffic Light Protocol. limit: Defines the maximum size of a page of results. The maximum is 1,000 Returns: The API call response @@ -154,7 +158,8 @@ def url(self, url: str, since: Optional[int], until: Optional[int], limit: Optio 'strict_text': True, 'since': since, 'until': until, - 'limit': limit + 'limit': limit, + 'share_level': share_level }) ) return response @@ -612,16 +617,25 @@ def domain_command(client: Client, args: Dict[str, Any], params: Dict[str, Any]) limit = arg_to_number(args.get('limit'), arg_name='limit') headers = argToList(args.get('headers')) reliability = params.get('feedReliability') + share_level = args.get('share_level') results: List[CommandResults] = list() for domain in domains: try: - raw_response = client.domain(domain, since, until, limit) + raw_response = client.domain(domain, since, until, share_level, limit) except Exception as exception: # If anything happens, handle like there are no results err_msg = f'Could not process domain: "{domain}"\n {str(exception)}' demisto.debug(err_msg) raw_response = {} + readable_output = f'Processing domain: "{domain}" resulted in an exception. See logs for the exact error.' + result = CommandResults( + outputs={}, + readable_output=readable_output, + raw_response=raw_response + ) + results.append(result) + continue if data := raw_response.get('data'): score = calculate_dbot_score(reputation_data=data, params=params) num_of_engines, num_of_positive_engines = calculate_engines(reputation_data=data) @@ -681,15 +695,24 @@ def url_command(client: Client, args: Dict[str, Any], params: Dict[str, Any]) -> limit = arg_to_number(args.get('limit'), arg_name='limit') headers = argToList(args.get('headers')) reliability = params.get('feedReliability') + share_level = args.get('share_level') results: List[CommandResults] = list() for url in urls: try: - raw_response = client.url(url, since, until, limit) + raw_response = client.url(url, since, until, share_level, limit) except Exception as exception: # If anything happens, handle like there are no results err_msg = f'Could not process URL: "{url}"\n {str(exception)}' demisto.debug(err_msg) raw_response = {} + readable_output = f'Processing URL: "{url}" resulted in an exception. See logs for the exact error.' + result = CommandResults( + outputs={}, + readable_output=readable_output, + raw_response=raw_response + ) + results.append(result) + continue if data := raw_response.get('data'): score = calculate_dbot_score(reputation_data=data, params=params) num_of_engines, num_of_positive_engines = calculate_engines(reputation_data=data) diff --git a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml index 58d20ac62567..397235f97661 100644 --- a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml +++ b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml @@ -1,6 +1,6 @@ category: Data Enrichment & Threat Intelligence commonfields: - id: ThreatExchange v2 + id: ThreatExchange v2 - test version: -1 configuration: - display: App ID @@ -50,8 +50,8 @@ configuration: required: false defaultclassifier: 'null' description: Receive threat intelligence about applications, IP addresses, URLs, and hashes. A service by Facebook. -display: ThreatExchange v2 -name: ThreatExchange v2 +display: ThreatExchange v2 - test +name: ThreatExchange v2 - test script: commands: - arguments: @@ -263,6 +263,15 @@ script: name: since - description: 'The end timestamp for collecting malware. Supported time formats: epoch time (e.g., 1619870400), ISO 8601 (e.g., 2021-05-01T12:00:00), and free text (e.g., 24 hours ago).' name: until + - auto: PREDEFINED + defaultValue: RED + description: A designation of how the indicator may be shared, based on the US-CERT's Traffic Light Protocol. + name: share_level + predefined: + - RED + - AMBER + - GREEN + - WHITE description: Checks the URL reputation. name: url outputs: @@ -359,6 +368,15 @@ script: name: since - description: 'The end timestamp for collecting malware. Supported time formats: epoch time (e.g., 1619870400), ISO 8601 (e.g., 2021-05-01T12:00:00), and free text (e.g., 24 hours ago).' name: until + - auto: PREDEFINED + defaultValue: RED + description: A designation of how the indicator may be shared, based on the US-CERT's Traffic Light Protocol. + name: share_level + predefined: + - RED + - AMBER + - GREEN + - WHITE description: Checks a domain reputation. name: domain outputs: diff --git a/Packs/ThreatExchange/ReleaseNotes/2_0_12.md b/Packs/ThreatExchange/ReleaseNotes/2_0_12.md new file mode 100644 index 000000000000..db05c700ca28 --- /dev/null +++ b/Packs/ThreatExchange/ReleaseNotes/2_0_12.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### ThreatExchange v2 - test + +- %%UPDATE_RN%% diff --git a/Packs/ThreatExchange/pack_metadata.json b/Packs/ThreatExchange/pack_metadata.json index 013342c1ca61..69a972d5957b 100644 --- a/Packs/ThreatExchange/pack_metadata.json +++ b/Packs/ThreatExchange/pack_metadata.json @@ -2,7 +2,7 @@ "name": "ThreatExchange", "description": "Receive threat intelligence about applications, IP addresses, URLs and hashes, a service by Facebook", "support": "xsoar", - "currentVersion": "2.0.11", + "currentVersion": "2.0.12", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 900b4ca39821cc63aa38089cfca49d02fb6a46cc Mon Sep 17 00:00:00 2001 From: darkushin Date: Tue, 18 Jul 2023 12:08:31 +0300 Subject: [PATCH 02/13] ThreatExchange updates --- .../Integrations/ThreatExchangeV2/ThreatExchangeV2.yml | 6 +++--- Packs/ThreatExchange/ReleaseNotes/2_0_12.md | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml index 397235f97661..201aaf7820bc 100644 --- a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml +++ b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml @@ -1,6 +1,6 @@ category: Data Enrichment & Threat Intelligence commonfields: - id: ThreatExchange v2 - test + id: ThreatExchange v2 version: -1 configuration: - display: App ID @@ -50,8 +50,8 @@ configuration: required: false defaultclassifier: 'null' description: Receive threat intelligence about applications, IP addresses, URLs, and hashes. A service by Facebook. -display: ThreatExchange v2 - test -name: ThreatExchange v2 - test +display: ThreatExchange v2 +name: ThreatExchange v2 script: commands: - arguments: diff --git a/Packs/ThreatExchange/ReleaseNotes/2_0_12.md b/Packs/ThreatExchange/ReleaseNotes/2_0_12.md index db05c700ca28..c2ac29994d66 100644 --- a/Packs/ThreatExchange/ReleaseNotes/2_0_12.md +++ b/Packs/ThreatExchange/ReleaseNotes/2_0_12.md @@ -1,6 +1,6 @@ #### Integrations -##### ThreatExchange v2 - test +##### ThreatExchange v2 -- %%UPDATE_RN%% +- Added support for the *share_level* argument in the ***!url*** and ***!domain*** commands. From 65ef1a1cfa21cdc5ff3ba370835a1b1c35959b44 Mon Sep 17 00:00:00 2001 From: darkushin Date: Sun, 13 Aug 2023 14:18:22 +0300 Subject: [PATCH 03/13] Added param to instance configuration --- .../ThreatExchangeV2/ThreatExchangeV2.py | 6 ++++-- .../ThreatExchangeV2/ThreatExchangeV2.yml | 13 +++++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.py b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.py index 9f21126b886c..d4e0934c4105 100644 --- a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.py +++ b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.py @@ -617,7 +617,8 @@ def domain_command(client: Client, args: Dict[str, Any], params: Dict[str, Any]) limit = arg_to_number(args.get('limit'), arg_name='limit') headers = argToList(args.get('headers')) reliability = params.get('feedReliability') - share_level = args.get('share_level') + share_level = args.get('share_level', params.get('share_level', 'RED')) + demisto.debug(f'Setting share level to {share_level}') results: List[CommandResults] = list() for domain in domains: @@ -695,7 +696,8 @@ def url_command(client: Client, args: Dict[str, Any], params: Dict[str, Any]) -> limit = arg_to_number(args.get('limit'), arg_name='limit') headers = argToList(args.get('headers')) reliability = params.get('feedReliability') - share_level = args.get('share_level') + share_level = args.get('share_level', params.get('share_level', 'RED')) + demisto.debug(f'Setting share level to {share_level}') results: List[CommandResults] = list() for url in urls: try: diff --git a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml index 201aaf7820bc..caf76712d7f9 100644 --- a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml +++ b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml @@ -38,6 +38,17 @@ configuration: - F - Reliability cannot be judged required: true type: 15 +- additionalinfo: A designation of how the indicator may be shared based on the US-CERT's Traffic Light Protocol. + defaultvalue: RED + display: Share Level Type + name: share_level + options: + - RED + - AMBER + - GREEN + - WHITE + required: false + type: 15 - defaultvalue: 'false' display: Use system proxy settings name: proxy @@ -264,7 +275,6 @@ script: - description: 'The end timestamp for collecting malware. Supported time formats: epoch time (e.g., 1619870400), ISO 8601 (e.g., 2021-05-01T12:00:00), and free text (e.g., 24 hours ago).' name: until - auto: PREDEFINED - defaultValue: RED description: A designation of how the indicator may be shared, based on the US-CERT's Traffic Light Protocol. name: share_level predefined: @@ -369,7 +379,6 @@ script: - description: 'The end timestamp for collecting malware. Supported time formats: epoch time (e.g., 1619870400), ISO 8601 (e.g., 2021-05-01T12:00:00), and free text (e.g., 24 hours ago).' name: until - auto: PREDEFINED - defaultValue: RED description: A designation of how the indicator may be shared, based on the US-CERT's Traffic Light Protocol. name: share_level predefined: From 7057d03f8cea105648da4f7136fc48a3148cadd5 Mon Sep 17 00:00:00 2001 From: darkushin Date: Sun, 13 Aug 2023 14:32:51 +0300 Subject: [PATCH 04/13] pre-commit --- .../ThreatExchangeV2/ThreatExchangeV2.py | 13 +++++----- .../ThreatExchangeV2/ThreatExchangeV2.yml | 26 +++++++++---------- 2 files changed, 19 insertions(+), 20 deletions(-) diff --git a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.py b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.py index d4e0934c4105..2139da4c8c71 100644 --- a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.py +++ b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.py @@ -5,7 +5,6 @@ """ import collections -from typing import Tuple import urllib3 from CommonServerUserPython import * # noqa from CommonServerPython import * # noqa # pylint: disable=unused-wildcard-import @@ -353,7 +352,7 @@ def calculate_dbot_score(reputation_data: List, params: Dict[str, Any]) -> int: return score -def calculate_engines(reputation_data: List) -> Tuple[int, int]: +def calculate_engines(reputation_data: List) -> tuple[int, int]: """ Calculates the number of engines that scanned the indicator, and how many of them are positive - i.e returned malicious status. @@ -436,7 +435,7 @@ def convert_string_to_epoch_time(date: Optional[str], arg_name: Optional[str] = return int(epoch_time) else: # date was given in a wrong format if arg_name: - raise ValueError('Invalid date: "{}"="{}"'.format(arg_name, date)) + raise ValueError(f'Invalid date: "{arg_name}"="{date}"') return None @@ -469,7 +468,7 @@ def ip_command(client: Client, args: Dict[str, Any], params: Dict[str, Any]) -> limit = arg_to_number(args.get('limit'), arg_name='limit') headers = argToList(args.get('headers')) reliability = params.get('feedReliability') - results: List[CommandResults] = list() + results: List[CommandResults] = [] for ip in ips: if not is_ip_valid(ip, accept_v6_ips=True): # check IP's validity @@ -541,7 +540,7 @@ def file_command(client: Client, args: Dict[str, Any], params: Dict[str, Any]) - limit = arg_to_number(args.get('limit'), arg_name='limit') headers = argToList(args.get('headers')) reliability = params.get('feedReliability') - results: List[CommandResults] = list() + results: List[CommandResults] = [] for file in files: if get_hash_type(file) not in ('sha256', 'sha1', 'md5'): # check file's validity @@ -619,7 +618,7 @@ def domain_command(client: Client, args: Dict[str, Any], params: Dict[str, Any]) reliability = params.get('feedReliability') share_level = args.get('share_level', params.get('share_level', 'RED')) demisto.debug(f'Setting share level to {share_level}') - results: List[CommandResults] = list() + results: List[CommandResults] = [] for domain in domains: try: @@ -698,7 +697,7 @@ def url_command(client: Client, args: Dict[str, Any], params: Dict[str, Any]) -> reliability = params.get('feedReliability') share_level = args.get('share_level', params.get('share_level', 'RED')) demisto.debug(f'Setting share level to {share_level}') - results: List[CommandResults] = list() + results: List[CommandResults] = [] for url in urls: try: raw_response = client.url(url, since, until, share_level, limit) diff --git a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml index caf76712d7f9..053ada03d57f 100644 --- a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml +++ b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml @@ -38,17 +38,17 @@ configuration: - F - Reliability cannot be judged required: true type: 15 -- additionalinfo: A designation of how the indicator may be shared based on the US-CERT's Traffic Light Protocol. - defaultvalue: RED +- defaultvalue: 'RED' display: Share Level Type name: share_level + type: 15 + required: false + additionalinfo: A designation of how the indicator may be shared based on the US-CERT's Traffic Light Protocol. options: - RED - AMBER - GREEN - WHITE - required: false - type: 15 - defaultvalue: 'false' display: Use system proxy settings name: proxy @@ -278,10 +278,10 @@ script: description: A designation of how the indicator may be shared, based on the US-CERT's Traffic Light Protocol. name: share_level predefined: - - RED - - AMBER - - GREEN - - WHITE + - RED + - AMBER + - GREEN + - WHITE description: Checks the URL reputation. name: url outputs: @@ -382,10 +382,10 @@ script: description: A designation of how the indicator may be shared, based on the US-CERT's Traffic Light Protocol. name: share_level predefined: - - RED - - AMBER - - GREEN - - WHITE + - RED + - AMBER + - GREEN + - WHITE description: Checks a domain reputation. name: domain outputs: @@ -686,7 +686,7 @@ script: - contextPath: ThreatExchange.Object.id description: ID of a ThreatExchange object. type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.12.68714 runonce: false script: '-' subtype: python3 From 5556709a6641744a4d52c5c885895748cebd122d Mon Sep 17 00:00:00 2001 From: darkushin Date: Sun, 13 Aug 2023 14:50:10 +0300 Subject: [PATCH 05/13] updated RN --- .../Integrations/ThreatExchangeV2/ThreatExchangeV2.py | 4 ++-- Packs/ThreatExchange/ReleaseNotes/2_0_12.md | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.py b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.py index 2139da4c8c71..15bf2ca69775 100644 --- a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.py +++ b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.py @@ -628,7 +628,7 @@ def domain_command(client: Client, args: Dict[str, Any], params: Dict[str, Any]) err_msg = f'Could not process domain: "{domain}"\n {str(exception)}' demisto.debug(err_msg) raw_response = {} - readable_output = f'Processing domain: "{domain}" resulted in an exception. See logs for the exact error.' + readable_output = f'Processing domain "{domain}" resulted in an exception. See logs for the exact error.' result = CommandResults( outputs={}, readable_output=readable_output, @@ -706,7 +706,7 @@ def url_command(client: Client, args: Dict[str, Any], params: Dict[str, Any]) -> err_msg = f'Could not process URL: "{url}"\n {str(exception)}' demisto.debug(err_msg) raw_response = {} - readable_output = f'Processing URL: "{url}" resulted in an exception. See logs for the exact error.' + readable_output = f'Processing URL "{url}" resulted in an exception. See logs for the exact error.' result = CommandResults( outputs={}, readable_output=readable_output, diff --git a/Packs/ThreatExchange/ReleaseNotes/2_0_12.md b/Packs/ThreatExchange/ReleaseNotes/2_0_12.md index c2ac29994d66..f84ef9c720de 100644 --- a/Packs/ThreatExchange/ReleaseNotes/2_0_12.md +++ b/Packs/ThreatExchange/ReleaseNotes/2_0_12.md @@ -4,3 +4,4 @@ ##### ThreatExchange v2 - Added support for the *share_level* argument in the ***!url*** and ***!domain*** commands. +- Updated the Docker image to: *demisto/python3:3.10.12.68714*. From dde406063616d4ae9bc8f6fb2f450a4e5d6341f0 Mon Sep 17 00:00:00 2001 From: darkushin Date: Mon, 14 Aug 2023 11:50:03 +0300 Subject: [PATCH 06/13] RN test --- .../Threat_Crowd/Integrations/ThreatCrowd_v2/ThreatCrowd_v2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/Threat_Crowd/Integrations/ThreatCrowd_v2/ThreatCrowd_v2.py b/Packs/Threat_Crowd/Integrations/ThreatCrowd_v2/ThreatCrowd_v2.py index b335a0a1b522..027d24428f34 100644 --- a/Packs/Threat_Crowd/Integrations/ThreatCrowd_v2/ThreatCrowd_v2.py +++ b/Packs/Threat_Crowd/Integrations/ThreatCrowd_v2/ThreatCrowd_v2.py @@ -10,7 +10,7 @@ ''' CLIENT CLASS ''' - +# test RNs class Client(BaseClient): def __init__(self, base_url: str, verify: bool, proxy: bool, reliability: DBotScoreReliability, entry_limit: int): From 935e4ca619dd9ebf4e5020d01b208c334025687e Mon Sep 17 00:00:00 2001 From: darkushin Date: Mon, 14 Aug 2023 13:31:31 +0300 Subject: [PATCH 07/13] CR updates --- Packs/ThreatExchange/Integrations/ThreatExchangeV2/README.md | 3 ++- Packs/ThreatExchange/ReleaseNotes/2_0_12.md | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/README.md b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/README.md index c19336138fcf..2e7c43930c5c 100644 --- a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/README.md +++ b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/README.md @@ -21,10 +21,11 @@ For Cortex XSOAR versions 6.0 and below, the App Secret should be set in the *pa 3. Click **Add instance** to create and configure a new integration instance. | **Parameter** | **Description** | **Required** | - | --- | --- | --- | + | --- | -- | --- | | App ID | | True | | App Secret | | True | | Source Reliability | Reliability of the source providing the intelligence data | True | + | Share Level Type | A designation of how the indicator may be shared based on the US-CERT's Traffic Light Protocol | False | | Use system proxy settings | | False | | Trust any certificate (not secure) | | False | | Malicious Threshold | If the percentage of 'Malicious' reported statuses is above this threshold the indicator will be defined as malicious, otherwise suspicious. | False | diff --git a/Packs/ThreatExchange/ReleaseNotes/2_0_12.md b/Packs/ThreatExchange/ReleaseNotes/2_0_12.md index f84ef9c720de..d928548bd80a 100644 --- a/Packs/ThreatExchange/ReleaseNotes/2_0_12.md +++ b/Packs/ThreatExchange/ReleaseNotes/2_0_12.md @@ -4,4 +4,5 @@ ##### ThreatExchange v2 - Added support for the *share_level* argument in the ***!url*** and ***!domain*** commands. +- Added support for the *Share Level Type* parameter to the instance configuration. - Updated the Docker image to: *demisto/python3:3.10.12.68714*. From 761598eee075a3bb16c478d38da8bc1ce8203c23 Mon Sep 17 00:00:00 2001 From: darkushin Date: Mon, 14 Aug 2023 13:35:01 +0300 Subject: [PATCH 08/13] Removed Threat_Crowd --- .../Threat_Crowd/Integrations/ThreatCrowd_v2/ThreatCrowd_v2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/Threat_Crowd/Integrations/ThreatCrowd_v2/ThreatCrowd_v2.py b/Packs/Threat_Crowd/Integrations/ThreatCrowd_v2/ThreatCrowd_v2.py index 027d24428f34..b335a0a1b522 100644 --- a/Packs/Threat_Crowd/Integrations/ThreatCrowd_v2/ThreatCrowd_v2.py +++ b/Packs/Threat_Crowd/Integrations/ThreatCrowd_v2/ThreatCrowd_v2.py @@ -10,7 +10,7 @@ ''' CLIENT CLASS ''' -# test RNs + class Client(BaseClient): def __init__(self, base_url: str, verify: bool, proxy: bool, reliability: DBotScoreReliability, entry_limit: int): From 5b749e63e1b630788f037a76e8b637939e9062da Mon Sep 17 00:00:00 2001 From: darkushin <61732335+darkushin@users.noreply.github.com> Date: Mon, 14 Aug 2023 16:43:18 +0300 Subject: [PATCH 09/13] Update Packs/ThreatExchange/ReleaseNotes/2_0_12.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --- Packs/ThreatExchange/ReleaseNotes/2_0_12.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/ThreatExchange/ReleaseNotes/2_0_12.md b/Packs/ThreatExchange/ReleaseNotes/2_0_12.md index d928548bd80a..b2346f86ef63 100644 --- a/Packs/ThreatExchange/ReleaseNotes/2_0_12.md +++ b/Packs/ThreatExchange/ReleaseNotes/2_0_12.md @@ -4,5 +4,5 @@ ##### ThreatExchange v2 - Added support for the *share_level* argument in the ***!url*** and ***!domain*** commands. -- Added support for the *Share Level Type* parameter to the instance configuration. +- Added support for the *Share Level Type* parameter in the instance configuration. - Updated the Docker image to: *demisto/python3:3.10.12.68714*. From 301196add71cbebe14471314de0c7a562b89c2c5 Mon Sep 17 00:00:00 2001 From: Yehuda Date: Wed, 20 Sep 2023 10:20:48 +0300 Subject: [PATCH 10/13] docker --- .../Integrations/ThreatExchangeV2/ThreatExchangeV2.yml | 2 +- Packs/ThreatExchange/ReleaseNotes/2_0_12.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml index 053ada03d57f..44ae2990d915 100644 --- a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml +++ b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml @@ -686,7 +686,7 @@ script: - contextPath: ThreatExchange.Object.id description: ID of a ThreatExchange object. type: String - dockerimage: demisto/python3:3.10.12.68714 + dockerimage: demisto/python3:3.10.13.74666 runonce: false script: '-' subtype: python3 diff --git a/Packs/ThreatExchange/ReleaseNotes/2_0_12.md b/Packs/ThreatExchange/ReleaseNotes/2_0_12.md index b2346f86ef63..7e656b6d3d18 100644 --- a/Packs/ThreatExchange/ReleaseNotes/2_0_12.md +++ b/Packs/ThreatExchange/ReleaseNotes/2_0_12.md @@ -5,4 +5,4 @@ - Added support for the *share_level* argument in the ***!url*** and ***!domain*** commands. - Added support for the *Share Level Type* parameter in the instance configuration. -- Updated the Docker image to: *demisto/python3:3.10.12.68714*. +- Updated the Docker image to: *demisto/python3:3.10.13.74666*. \ No newline at end of file From 34f84a1340365e1d62c1b8e1c8de36d4d4b37600 Mon Sep 17 00:00:00 2001 From: Yehuda Date: Wed, 20 Sep 2023 10:23:35 +0300 Subject: [PATCH 11/13] format --- .../Integrations/ThreatExchangeV2/ThreatExchangeV2.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml index 44ae2990d915..34e3a3a42f5c 100644 --- a/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml +++ b/Packs/ThreatExchange/Integrations/ThreatExchangeV2/ThreatExchangeV2.yml @@ -236,7 +236,7 @@ script: description: The ID of the ThreatExchange member that submitted the descriptor. Non-editable. type: String - contextPath: ThreatExchange.IP.owner.name - description: The name of the ThreatExchange member that submitted the descriptor. Non-editable + description: The name of the ThreatExchange member that submitted the descriptor. Non-editable. type: String - contextPath: ThreatExchange.IP.raw_indicator description: A raw, unsanitized string of the indicator being described. @@ -340,7 +340,7 @@ script: description: The ID of the ThreatExchange member that submitted the descriptor. Non-editable. type: String - contextPath: ThreatExchange.URL.owner.name - description: The name of the ThreatExchange member that submitted the descriptor. Non-editable + description: The name of the ThreatExchange member that submitted the descriptor. Non-editable. type: String - contextPath: ThreatExchange.URL.raw_indicator description: A raw, unsanitized string of the indicator being described. @@ -441,7 +441,7 @@ script: description: The ID of the ThreatExchange member that submitted the descriptor. Non-editable. type: String - contextPath: ThreatExchange.Domain.owner.name - description: The name of the ThreatExchange member that submitted the descriptor. Non-editable + description: The name of the ThreatExchange member that submitted the descriptor. Non-editable. type: String - contextPath: ThreatExchange.Domain.raw_indicator description: A raw, unsanitized string of the indicator being described. From 2970dea71035ced286756e13c63841c29c9d495a Mon Sep 17 00:00:00 2001 From: Yehuda Date: Wed, 20 Sep 2023 16:19:26 +0300 Subject: [PATCH 12/13] skip tests since theres no instance --- Tests/conf.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Tests/conf.json b/Tests/conf.json index a8cc8b18f3ae..25bbad3fe527 100644 --- a/Tests/conf.json +++ b/Tests/conf.json @@ -5863,7 +5863,8 @@ "ThreatGridv2": "No instance - developed by Qmasters", "SentinelOne V2": "No instance - developed by partner", "CheckPhish": "Issue CRTX-86562", - "SecurityAndComplianceV2": "Can only be authenticated via MFA and requires user interaction to configure." + "SecurityAndComplianceV2": "Can only be authenticated via MFA and requires user interaction to configure.", + "ThreatExchange": "No instance" }, "nightly_packs": [ "CommonScripts", From b65edb9f3f92a0b6a126a1940bdd14f9501367d4 Mon Sep 17 00:00:00 2001 From: Yehuda Date: Thu, 21 Sep 2023 11:04:21 +0300 Subject: [PATCH 13/13] no testing instance --- Tests/conf.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/conf.json b/Tests/conf.json index 25bbad3fe527..ec666901dcd4 100644 --- a/Tests/conf.json +++ b/Tests/conf.json @@ -5864,7 +5864,7 @@ "SentinelOne V2": "No instance - developed by partner", "CheckPhish": "Issue CRTX-86562", "SecurityAndComplianceV2": "Can only be authenticated via MFA and requires user interaction to configure.", - "ThreatExchange": "No instance" + "ThreatExchange v2": "No instance" }, "nightly_packs": [ "CommonScripts",