From 7d619cd1744d87a00b5a3eef80e2cb5df407bd52 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Sun, 26 Nov 2023 10:19:02 +0200
Subject: [PATCH 01/63] Change the field to be searchable

---
 .../IncidentFields/incidentfield-External_Severity.json         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-External_Severity.json b/Packs/CommonTypes/IncidentFields/incidentfield-External_Severity.json
index 9fe6505f2ff7..7328db59f930 100644
--- a/Packs/CommonTypes/IncidentFields/incidentfield-External_Severity.json
+++ b/Packs/CommonTypes/IncidentFields/incidentfield-External_Severity.json
@@ -20,7 +20,7 @@
     "threshold": 72,
     "type": "multiSelect",
     "unmapped": false,
-    "unsearchable": true,
+    "unsearchable": false,
     "useAsKpi": false,
     "version": -1,
     "fromVersion": "6.2.0"

From b097fb9b12c1bc296b4d3a220d2a799e996e46a9 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Sun, 26 Nov 2023 10:58:44 +0200
Subject: [PATCH 02/63] RN

---
 Packs/CommonTypes/ReleaseNotes/3_3_93.md | 5 +++++
 Packs/CommonTypes/pack_metadata.json     | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 Packs/CommonTypes/ReleaseNotes/3_3_93.md

diff --git a/Packs/CommonTypes/ReleaseNotes/3_3_93.md b/Packs/CommonTypes/ReleaseNotes/3_3_93.md
new file mode 100644
index 000000000000..1ed2e425f807
--- /dev/null
+++ b/Packs/CommonTypes/ReleaseNotes/3_3_93.md
@@ -0,0 +1,5 @@
+
+#### Incident Fields
+
+- **External Severity**
+Updated the field to be searchable in XSOAR.
\ No newline at end of file
diff --git a/Packs/CommonTypes/pack_metadata.json b/Packs/CommonTypes/pack_metadata.json
index beb2dc769647..90ce4185f409 100644
--- a/Packs/CommonTypes/pack_metadata.json
+++ b/Packs/CommonTypes/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Common Types",
     "description": "This Content Pack will get you up and running in no-time and provide you with the most commonly used incident & indicator fields and types.",
     "support": "xsoar",
-    "currentVersion": "3.3.92",
+    "currentVersion": "3.3.93",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

From 1cda2ffe37413bd704aa0102fbbd6cff10054c4d Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Sun, 26 Nov 2023 13:57:20 +0200
Subject: [PATCH 03/63] Added missing scripts

---
 .../EntryWidgetResourceTypeXCLOUD.py          |  5 +-
 .../README.md                                 |  0
 .../XCloudAdditionalAlertInformationWidget.py | 56 +++++++++++++++++++
 ...XCloudAdditionalAlertInformationWidget.yml | 19 +++++++
 ...udAdditionalAlertInformationWidget_test.py | 41 ++++++++++++++
 5 files changed, 120 insertions(+), 1 deletion(-)
 create mode 100644 Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/README.md
 create mode 100644 Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
 create mode 100644 Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
 create mode 100644 Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py

diff --git a/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py b/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py
index 2c15c51d0c98..1fcc0bf34349 100644
--- a/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py
+++ b/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py
@@ -7,7 +7,10 @@
 def main():
     try:
         alert = demisto.context().get('Core', {}).get('OriginalAlert')[0]
-        event = alert.get('event')
+        if alert.get('raw_abioc') == None:
+            event = alert.get('event')
+        else:
+            event = alert.get('raw_abioc').get('event')
         resourceType = event.get('resource_type_orig')
 
         html = f"<h1 style='{BLACK_HTML_STYLE}'>{str(resourceType)}</h1>"
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/README.md b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/README.md
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
new file mode 100644
index 000000000000..2a25d688ee62
--- /dev/null
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
@@ -0,0 +1,56 @@
+import demistomock as demisto  # noqa: F401
+from CommonServerPython import *  # noqa: F401
+
+
+''' COMMAND FUNCTION '''
+
+
+def get_additonal_info() -> List[Dict]:
+    alerts = demisto.context().get('Core', {}).get('OriginalAlert')
+    if not alerts:
+        raise DemistoException('Original Alert is not configured in context')
+    if not isinstance(alerts, list):
+        alerts = [alerts]
+
+    results = []
+    for alert in alerts:
+        alert_event = alert.get('event')
+        res = {'Alert Full Description': alert.get('alert_full_description'),
+               'Detection Module': alert.get('detection_modules'),
+               'Vendor': alert_event.get('vendor'),
+               'Provider': alert_event.get('cloud_provider'),
+               'Log Name': alert_event.get('log_name'),
+               'Event Type': demisto.get(alert_event, 'raw_log.eventType'),
+               'Caller IP': alert_event.get('caller_ip'),
+               'Caller IP Geo Location': alert_event.get('caller_ip_geolocation'),
+               'Resource Type': alert_event.get('resource_type'),
+               'Identity Name': alert_event.get('identity_name'),
+               'Operation Name': alert_event.get('operation_name'),
+               'Operation Status': alert_event.get('operation_status'),
+               'User Agent': alert_event.get('user_agent')}
+        results.append(res)
+    indicators = [res.get('Caller IP') for res in results]
+    indicators_callable = indicators_value_to_clickable(indicators)
+    for res in results:
+        res['Caller IP'] = indicators_callable.get(res.get('Caller IP'))
+    return results
+
+
+''' MAIN FUNCTION '''
+
+
+def main():
+    try:
+        results = get_additonal_info()
+        command_results = CommandResults(
+            readable_output=tableToMarkdown('Original Alert Additional Information', results,
+                                            headers=list(results[0].keys()) if results else None))
+        return_results(command_results)
+    except Exception as ex:
+        return_error(f'Failed to execute AdditionalAlertInformationWidget. Error: {str(ex)}')
+
+
+''' ENTRY POINT '''
+
+if __name__ in ('__main__', '__builtin__', 'builtins'):
+    main()
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
new file mode 100644
index 000000000000..861270cb4bb2
--- /dev/null
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
@@ -0,0 +1,19 @@
+commonfields:
+  id: XCloudAdditionalAlertInformationWidget
+  version: -1
+name: XCloudAdditionalAlertInformationWidget
+script: ''
+type: python
+tags:
+- dynamic-section
+comment: This script retrieves additional original alert information from the context.
+enabled: true
+scripttarget: 0
+subtype: python3
+runonce: false
+dockerimage: demisto/python3:3.10.12.63474
+runas: DBotWeakRole
+engineinfo: {}
+fromversion: 6.10.0
+tests:
+- No tests (auto formatted)
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
new file mode 100644
index 000000000000..11c8c99f12b0
--- /dev/null
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -0,0 +1,41 @@
+import unittest
+from unittest.mock import patch
+import pytest
+from XCloudAdditionalAlertInformationWidget import get_additonal_info
+
+class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
+
+    @patch('demistomock.context', return_value={'Core': {'OriginalAlert': [{'event': {'vendor': 'Vendor1',
+                                                                                   'cloud_provider': 'AWS',
+                                                                                   'log_name': 'SecurityLog',
+                                                                                   'raw_log': {'eventType': 'Event1'},
+                                                                                   'caller_ip': '192.168.1.1',
+                                                                                   'caller_ip_geolocation': 'Location1',
+                                                                                   'resource_type': 'ResourceType1',
+                                                                                   'identity_name': 'User1',
+                                                                                   'operation_name': 'Operation1',
+                                                                                   'operation_status': 'Success',
+                                                                                   'user_agent': 'Browser1'}}]}})
+    def test_get_additonal_info(self, mock_context):
+        # Test with a mock context containing one original alert
+        expected_result = [{'Alert Full Description': None,
+                            'Detection Module': None,
+                            'Vendor': 'Vendor1',
+                            'Provider': 'AWS',
+                            'Log Name': 'SecurityLog',
+                            'Event Type': 'Event1',
+                            'Caller IP': '192.168.1.1',
+                            'Caller IP Geo Location': 'Location1',
+                            'Resource Type': 'ResourceType1',
+                            'Identity Name': 'User1',
+                            'Operation Name': 'Operation1',
+                            'Operation Status': 'Success',
+                            'User Agent': 'Browser1'}]
+
+        result = get_additonal_info()
+        self.assertEqual(result, expected_result)
+
+    # Add more test cases as needed
+
+if __name__ == '__main__':
+    unittest.main()

From 2e9c7db135f7183afd289335e427dd50d3bdeac1 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Sun, 26 Nov 2023 14:53:13 +0200
Subject: [PATCH 04/63] Added new layout rule Added new layout updated scripts

---
 .../LayoutRules/layoutrule-Cloud_Alerts.json  |   37 +
 .../layoutscontainer-Cloud_Alerts.json        | 1389 +++++++++++++++++
 ...XCloudAdditionalAlertInformationWidget.yml |    2 +-
 ...udAdditionalAlertInformationWidget_test.py |   22 +-
 4 files changed, 1439 insertions(+), 11 deletions(-)
 create mode 100644 Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json
 create mode 100644 Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json

diff --git a/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json b/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json
new file mode 100644
index 000000000000..bf7aac797ebe
--- /dev/null
+++ b/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json
@@ -0,0 +1,37 @@
+{
+    "rule_id": "Cloud_Alerts_rule",
+    "layout_id": "Cloud Alerts",
+    "description": "Default display for Cloud Alerts generated by XDR Analytics.",
+    "rule_name": "Cloud Alerts Layout Rule",
+    "alerts_filter": {
+        "filter": {
+            "AND": [
+                {
+                    "SEARCH_FIELD": "alert_source",
+                    "SEARCH_TYPE": "EQ",
+                    "SEARCH_VALUE": "MAGNIFIER"
+                },
+                {
+                  "OR": [
+                    {
+                      "SEARCH_FIELD": "cloud_provider",
+                      "SEARCH_TYPE": "EQ",
+                      "SEARCH_VALUE": "AWS"
+                    },
+                    {
+                      "SEARCH_FIELD": "cloud_provider",
+                      "SEARCH_TYPE": "EQ",
+                      "SEARCH_VALUE": "AZURE"
+                    },
+                    {
+                      "SEARCH_FIELD": "cloud_provider",
+                      "SEARCH_TYPE": "EQ",
+                      "SEARCH_VALUE": "GCP"
+                    }
+                  ]
+                }
+            ]
+        }
+    },
+    "fromVersion": "6.10.0"
+}
\ No newline at end of file
diff --git a/Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json b/Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json
new file mode 100644
index 000000000000..e9a0efd706a0
--- /dev/null
+++ b/Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json
@@ -0,0 +1,1389 @@
+{
+    "detailsV2": {
+        "tabs": [
+            {
+                "id": "summary",
+                "name": "Legacy Summary",
+                "type": "summary"
+            },
+            {
+                "id": "caseinfoid",
+                "name": "Alert Details",
+                "sections": [
+                    {
+                        "displayType": "ROW",
+                        "h": 4,
+                        "i": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-6aabad20-98b1-11e9-97d7-ed26ef9e46c8",
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Work Plan",
+                        "static": false,
+                        "type": "workplan",
+                        "w": 1,
+                        "x": 2,
+                        "y": 0
+                    },
+                    {
+                        "displayType": "ROW",
+                        "h": 2,
+                        "hideName": false,
+                        "i": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                        "items": [
+                            {
+                                "dropEffect": "move",
+                                "endCol": 3,
+                                "fieldId": "details",
+                                "height": 52,
+                                "id": "df4e6650-ffa4-11ed-8065-135924776b58",
+                                "index": 0,
+                                "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "xdrdescription",
+                                "height": 26,
+                                "id": "a79303f0-0d99-11ec-83df-e184d3cc52d9",
+                                "index": 1,
+                                "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "xdrincidentid",
+                                "height": 26,
+                                "id": "c2e0ea00-0d99-11ec-83df-e184d3cc52d9",
+                                "index": 1,
+                                "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "xdrurl",
+                                "height": 26,
+                                "id": "b2f7e2b0-0d99-11ec-83df-e184d3cc52d9",
+                                "index": 1,
+                                "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "xdralertcategory",
+                                "height": 26,
+                                "id": "a3301f00-0d99-11ec-83df-e184d3cc52d9",
+                                "index": 1,
+                                "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "xdralertname",
+                                "height": 26,
+                                "id": "a5953820-0d99-11ec-83df-e184d3cc52d9",
+                                "index": 1,
+                                "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "xdrdetectiontime",
+                                "height": 26,
+                                "id": "a9356950-0d99-11ec-83df-e184d3cc52d9",
+                                "index": 1,
+                                "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "dbotcreated",
+                                "height": 26,
+                                "id": "incident-created-field",
+                                "index": 1,
+                                "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "categoryname",
+                                "height": 26,
+                                "id": "298513a0-ffa4-11ed-8065-135924776b58",
+                                "index": 2,
+                                "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "severity",
+                                "height": 26,
+                                "id": "incident-severity-field",
+                                "index": 3,
+                                "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "xdrhostcount",
+                                "height": 26,
+                                "id": "d50dc6d0-0d99-11ec-83df-e184d3cc52d9",
+                                "index": 4,
+                                "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "xdrusercount",
+                                "height": 26,
+                                "id": "cf9fda80-0d99-11ec-83df-e184d3cc52d9",
+                                "index": 4,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "xdralertcount",
+                                "height": 26,
+                                "id": "a4bba100-0d99-11ec-83df-e184d3cc52d9",
+                                "index": 4,
+                                "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "xdrhighseverityalertcount",
+                                "height": 26,
+                                "id": "16aacde0-0d9a-11ec-83df-e184d3cc52d9",
+                                "index": 4,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "xdrmediumseverityalertcount",
+                                "height": 26,
+                                "id": "23c76ec0-0d9a-11ec-83df-e184d3cc52d9",
+                                "index": 4,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "xdrlowseverityalertcount",
+                                "height": 26,
+                                "id": "25413d80-0d9a-11ec-83df-e184d3cc52d9",
+                                "index": 4,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "playbookid",
+                                "height": 26,
+                                "id": "incident-playbookId-field",
+                                "index": 4,
+                                "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 6,
+                                "fieldId": "mitreattcktactic",
+                                "height": 26,
+                                "id": "41242d10-ffa5-11ed-8065-135924776b58",
+                                "index": 0,
+                                "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 4
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 6,
+                                "fieldId": "mitreattcktechnique",
+                                "height": 26,
+                                "id": "42aceff0-ffa5-11ed-8065-135924776b58",
+                                "index": 1,
+                                "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 4
+                            }
+                        ],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Alert Information",
+                        "static": false,
+                        "w": 2,
+                        "x": 0,
+                        "y": 0
+                    },
+                    {
+                        "displayType": "ROW",
+                        "h": 2,
+                        "hideName": false,
+                        "i": "caseinfoid-1ef783c0-4012-11ed-bd56-1f5a2b2d17b4",
+                        "items": [
+                            {
+                                "endCol": 2,
+                                "fieldId": "xdralerts",
+                                "height": 26,
+                                "id": "22a151e0-4012-11ed-bd56-1f5a2b2d17b4",
+                                "index": 0,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "cloudaccountid",
+                                "height": 26,
+                                "id": "45d156e0-ffa4-11ed-8065-135924776b58",
+                                "index": 0,
+                                "listId": "caseinfoid-1ef783c0-4012-11ed-bd56-1f5a2b2d17b4",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "cloudproject",
+                                "height": 26,
+                                "id": "671bd4b0-ffa4-11ed-8065-135924776b58",
+                                "index": 1,
+                                "listId": "caseinfoid-1ef783c0-4012-11ed-bd56-1f5a2b2d17b4",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "cloudidentitytype",
+                                "height": 26,
+                                "id": "38114a10-ffa4-11ed-8065-135924776b58",
+                                "index": 2,
+                                "listId": "caseinfoid-1ef783c0-4012-11ed-bd56-1f5a2b2d17b4",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "cloudoperationtype",
+                                "height": 26,
+                                "id": "5f71db10-ffa4-11ed-8065-135924776b58",
+                                "index": 3,
+                                "listId": "caseinfoid-1ef783c0-4012-11ed-bd56-1f5a2b2d17b4",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "cloudresourcetype",
+                                "height": 26,
+                                "id": "74d59ff0-ffa4-11ed-8065-135924776b58",
+                                "index": 4,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "cloudreferencedresource",
+                                "height": 26,
+                                "id": "6bc00860-ffa4-11ed-8065-135924776b58",
+                                "index": 5,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "cloudinstanceid",
+                                "height": 26,
+                                "id": "5cff5470-ffa4-11ed-8065-135924776b58",
+                                "index": 6,
+                                "listId": "caseinfoid-1ef783c0-4012-11ed-bd56-1f5a2b2d17b4",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            }
+                        ],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Cloud Extra Data",
+                        "static": false,
+                        "w": 1,
+                        "x": 0,
+                        "y": 2
+                    },
+                    {
+                        "h": 4,
+                        "hideName": true,
+                        "i": "caseinfoid-3f0c19a0-4012-11ed-bd56-1f5a2b2d17b4",
+                        "items": [],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Alert Extended Information",
+                        "query": "CortexXDRAdditionalAlertInformationWidget",
+                        "queryType": "script",
+                        "static": false,
+                        "type": "dynamic",
+                        "w": 3,
+                        "x": 0,
+                        "y": 4
+                    },
+                    {
+                        "h": 2,
+                        "hideName": true,
+                        "i": "caseinfoid-76a49540-4012-11ed-bd56-1f5a2b2d17b4",
+                        "items": [],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Cloud Provider",
+                        "query": "XCloudProviderWidget",
+                        "queryType": "script",
+                        "static": false,
+                        "type": "dynamic",
+                        "w": 1,
+                        "x": 1,
+                        "y": 2
+                    }
+                ],
+                "type": "custom"
+            },
+            {
+                "hidden": false,
+                "id": "xmrrsnmlfj",
+                "name": "Technical Details",
+                "sections": [
+                    {
+                        "displayType": "ROW",
+                        "h": 2,
+                        "hideName": false,
+                        "i": "caseinfoid-be53e110-3992-11ed-9adb-83e728f46893",
+                        "items": [
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "hostip",
+                                "height": 26,
+                                "id": "aeeee620-ffbc-11ed-91cb-b704c053731a",
+                                "index": 0,
+                                "listId": "caseinfoid-be53e110-3992-11ed-9adb-83e728f46893",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "isvpnipaddress",
+                                "height": 26,
+                                "id": "b65ebae0-141e-11ee-82aa-79d0d6f9a441",
+                                "index": 1,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "useragent",
+                                "height": 26,
+                                "id": "3e2d8e60-3fef-11ed-8b45-b1684b1bfc04",
+                                "index": 2,
+                                "listId": "caseinfoid-be53e110-3992-11ed-9adb-83e728f46893",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "asnname",
+                                "height": 26,
+                                "id": "7bbf2660-ffbd-11ed-91cb-b704c053731a",
+                                "index": 3,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "asn",
+                                "height": 26,
+                                "id": "74d9fc50-3fef-11ed-bd56-1f5a2b2d17b4",
+                                "index": 4,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "country",
+                                "height": 26,
+                                "id": "4c8d5610-0f52-11ee-81b3-5b1a51073e91",
+                                "index": 5,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            }
+                        ],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Attacker Extra Data",
+                        "static": false,
+                        "w": 1,
+                        "x": 1,
+                        "y": 0
+                    },
+                    {
+                        "h": 1,
+                        "hideName": false,
+                        "i": "caseinfoid-90fd3b10-3e3f-11ed-ba28-af31a2402b20",
+                        "items": [],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Regions",
+                        "query": "EntryWidgetRegionNameXCLOUD",
+                        "queryType": "script",
+                        "static": false,
+                        "type": "dynamic",
+                        "w": 1,
+                        "x": 2,
+                        "y": 0
+                    },
+                    {
+                        "h": 3,
+                        "i": "caseinfoid-944f47f0-3fce-11ed-81fb-f98f11f06b6f",
+                        "items": [],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Malicious or Suspicious Indicators",
+                        "query": "reputation:Suspicious OR reputation:Malicious",
+                        "queryType": "input",
+                        "static": false,
+                        "type": "indicators",
+                        "w": 2,
+                        "x": 0,
+                        "y": 2
+                    },
+                    {
+                        "h": 1,
+                        "hideName": false,
+                        "i": "caseinfoid-4d1a5360-4a0b-11ed-b8e1-8fa90b5d349b",
+                        "items": [],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Resource Type",
+                        "query": "EntryWidgetResourceTypeXCLOUD",
+                        "queryType": "script",
+                        "static": false,
+                        "type": "dynamic",
+                        "w": 1,
+                        "x": 2,
+                        "y": 1
+                    },
+                    {
+                        "description": "",
+                        "h": 3,
+                        "hideName": true,
+                        "i": "caseinfoid-270d9710-ffbc-11ed-91cb-b704c053731a",
+                        "items": [],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Related Alerts",
+                        "query": "XCloudRelatedAlertsWidget",
+                        "queryType": "script",
+                        "static": false,
+                        "type": "dynamic",
+                        "w": 3,
+                        "x": 0,
+                        "y": 5
+                    },
+                    {
+                        "h": 2,
+                        "hideName": true,
+                        "i": "caseinfoid-eb9e4280-ffbe-11ed-8455-4ba42b17a94b",
+                        "items": [],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Identity Table",
+                        "query": "XCloudIdentitiesWidget",
+                        "queryType": "script",
+                        "static": false,
+                        "type": "dynamic",
+                        "w": 1,
+                        "x": 0,
+                        "y": 0
+                    },
+                    {
+                        "h": 3,
+                        "i": "caseinfoid-738a28d0-ffd3-11ed-94b9-ab17767bb4e7",
+                        "items": [],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Hunting Results",
+                        "query": {
+                            "categories": [
+                                "tags"
+                            ],
+                            "preDefinedFilters": true,
+                            "tags": [
+                                "PersistenceHunting"
+                            ]
+                        },
+                        "queryType": "warRoomFilter",
+                        "static": false,
+                        "type": "invTimeline",
+                        "w": 1,
+                        "x": 2,
+                        "y": 2
+                    }
+                ],
+                "type": "custom"
+            },
+            {
+                "id": "warRoom",
+                "name": "War Room",
+                "type": "warRoom"
+            },
+            {
+                "id": "workPlan",
+                "name": "Work Plan",
+                "type": "workPlan"
+            }
+        ]
+    },
+    "group": "incident",
+    "id": "Cloud Alerts",
+    "name": "Cloud Alerts",
+    "quickView": {
+        "sections": [
+            {
+                "description": "",
+                "fields": [
+                    {
+                        "fieldId": "incident_type",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_severity",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_owner",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_dbotstatus",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcebrand",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourceinstance",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_playbookid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_phase",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_roles",
+                        "isVisible": true
+                    }
+                ],
+                "isVisible": true,
+                "name": "Basic Information",
+                "query": null,
+                "queryType": "",
+                "readOnly": false,
+                "type": ""
+            },
+            {
+                "description": "",
+                "fields": [
+                    {
+                        "fieldId": "incident_occurred",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_dbotcreated",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_dbotduedate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_dbotmodified",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_dbottotaltime",
+                        "isVisible": true
+                    }
+                ],
+                "isVisible": true,
+                "name": "Timeline Information",
+                "query": null,
+                "queryType": "",
+                "readOnly": false,
+                "type": ""
+            },
+            {
+                "description": "",
+                "fields": [
+                    {
+                        "fieldId": "incident_additionaldata",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_agentid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_agentsid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_agentversion",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_alertcategory",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_alerttypeid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_app",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_appchannelname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_appmessage",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_assigneduser",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_assignmentgroup",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_birthday",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_caller",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_categories",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_changed",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_childprocess",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_classification",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_cloudaccountid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_cloudinstanceid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_cmd",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_cmdline",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_commandline",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_comment",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_containmentsla",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_country",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_countrycode",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_countrycodenumber",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_destinationhostname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_destinationip",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_destinationnetwork",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_destinationnetworks",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_destinationport",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_detectedendpoints",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_detecteduser",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_detectionsla",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_detectionurl",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceexternalip",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceexternalips",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_devicehash",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceinternalips",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_devicelocalip",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_devicemacaddress",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_devicemodel",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_devicename",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceosname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceosversion",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceou",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceusername",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_domainname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_dsts",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_escalation",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_eventid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_eventtype",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalcategoryid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalcategoryname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalconfidence",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalendtime",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externallink",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalseverity",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalstarttime",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalstatus",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalsubcategoryid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalsubcategoryname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalsystemid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filehash",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filemd5",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filename",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filenames",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filepath",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filepaths",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filesha1",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filesha256",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filesize",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_firstname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_fullname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_hostnames",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_incidentlink",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_incomingmirrorerror",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_investigationstage",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_isactive",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_lastname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_logsource",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_lowlevelcategoriesevents",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_macaddress",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_md5",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_mitretacticid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_mitretacticname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_mitretechniqueid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_mitretechniquename",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_mobiledevicemodel",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_objective",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_orglevel1",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_orglevel2",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_orglevel3",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_orgunit",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_os",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_ostype",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_osversion",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_outgoingmirrorerror",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentcmdline",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocess",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocesscmd",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocessfilepath",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocessids",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocessmd5",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocessname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocesspath",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocesssha256",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_phonenumber",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_pid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_policyactions",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processcmd",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processcreationtime",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processmd5",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processnames",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processpath",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processpaths",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processsha256",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_protocol",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_protocolnames",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_registryhive",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_registrykey",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_registryvalue",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_registryvaluetype",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_remediationsla",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_renderedhtml",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_rulename",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_scenario",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sha1",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sha256",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sha512",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_similarincidents",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_similarincidentsdbot",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcecategory",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcecreatedby",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcecreatetime",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourceexternalips",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcehostname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourceip",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcenetwork",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcenetworks",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourceport",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcepriority",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcestatus",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourceusername",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_srcs",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_state",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_subcategory",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_tactic",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_tacticid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_teamname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_technique",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_techniqueid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_tenantname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_threatfamilyname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_threathuntingdetectedhostnames",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_threathuntingdetectedip",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_threatname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_ticketacknowledgeddate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_ticketcloseddate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_ticketnumber",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_ticketopeneddate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_timetoassignment",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_triagesla",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_urls",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_urlsslverification",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_usecasedescription",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_useraccountcontrol",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_users",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_usersid",
+                        "isVisible": true
+                    }
+                ],
+                "isVisible": true,
+                "name": "Custom Fields",
+                "query": null,
+                "queryType": "",
+                "readOnly": false,
+                "type": ""
+            },
+            {
+                "description": "",
+                "fields": [
+                    {
+                        "fieldId": "incident_labels",
+                        "isVisible": true
+                    }
+                ],
+                "isVisible": true,
+                "name": "Labels",
+                "query": null,
+                "queryType": "",
+                "readOnly": true,
+                "type": "labels"
+            }
+        ]
+    },
+    "system": false,
+    "version": -1,
+    "fromVersion": "6.10.0",
+    "description": ""
+}
\ No newline at end of file
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
index 861270cb4bb2..a9775e4e4746 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
@@ -11,7 +11,7 @@ enabled: true
 scripttarget: 0
 subtype: python3
 runonce: false
-dockerimage: demisto/python3:3.10.12.63474
+dockerimage: demisto/python3:3.10.13.80593
 runas: DBotWeakRole
 engineinfo: {}
 fromversion: 6.10.0
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 11c8c99f12b0..307a3b168730 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -3,19 +3,20 @@
 import pytest
 from XCloudAdditionalAlertInformationWidget import get_additonal_info
 
+
 class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
 
     @patch('demistomock.context', return_value={'Core': {'OriginalAlert': [{'event': {'vendor': 'Vendor1',
-                                                                                   'cloud_provider': 'AWS',
-                                                                                   'log_name': 'SecurityLog',
-                                                                                   'raw_log': {'eventType': 'Event1'},
-                                                                                   'caller_ip': '192.168.1.1',
-                                                                                   'caller_ip_geolocation': 'Location1',
-                                                                                   'resource_type': 'ResourceType1',
-                                                                                   'identity_name': 'User1',
-                                                                                   'operation_name': 'Operation1',
-                                                                                   'operation_status': 'Success',
-                                                                                   'user_agent': 'Browser1'}}]}})
+                                                                                      'cloud_provider': 'AWS',
+                                                                                      'log_name': 'SecurityLog',
+                                                                                      'raw_log': {'eventType': 'Event1'},
+                                                                                      'caller_ip': '192.168.1.1',
+                                                                                      'caller_ip_geolocation': 'Location1',
+                                                                                      'resource_type': 'ResourceType1',
+                                                                                      'identity_name': 'User1',
+                                                                                      'operation_name': 'Operation1',
+                                                                                      'operation_status': 'Success',
+                                                                                      'user_agent': 'Browser1'}}]}})
     def test_get_additonal_info(self, mock_context):
         # Test with a mock context containing one original alert
         expected_result = [{'Alert Full Description': None,
@@ -37,5 +38,6 @@ def test_get_additonal_info(self, mock_context):
 
     # Add more test cases as needed
 
+
 if __name__ == '__main__':
     unittest.main()

From 35ca1fcfd56e82c47907ff539a3b4ceacb16ab4e Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Mon, 4 Dec 2023 10:20:02 +0200
Subject: [PATCH 05/63] UPDATED SCRIPT

---
 .../XCloudAdditionalAlertInformationWidget.py         | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
index 2a25d688ee62..fe08982a07c6 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
@@ -41,6 +41,17 @@ def get_additonal_info() -> List[Dict]:
 
 def main():
     try:
+        alert_context = demisto.investigation()
+        core_alert_context = demisto.context().get('Core', {})
+        if not core_alert_context.get('OriginalAlert'):
+            original_alert_data = demisto.executeCommand('core-get-cloud-original-alerts', {"alert_ids": alert_context.get('id')})
+            if original_alert_data:
+                if isinstance(original_alert_data, list):
+                    res = original_alert_data[0].get('EntryContext')
+                    res['OriginalAlert'] = res.pop('Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)')
+                    if isinstance(res['OriginalAlert'], list):
+                        res['OriginalAlert'] = res['OriginalAlert'][0]
+                demisto.executeCommand('SetByIncidentId', {"key": "Core", "value": res, "id": alert_context.get('id')})
         results = get_additonal_info()
         command_results = CommandResults(
             readable_output=tableToMarkdown('Original Alert Additional Information', results,

From 26e7130867647bb9a50930a97ad1821c9ee6c557 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Tue, 5 Dec 2023 13:59:47 +0200
Subject: [PATCH 06/63] Fixed more pre-commit errors

---
 .../LayoutRules/layoutrule-Cloud_Alerts.json  | 35 +++++++------------
 .../EntryWidgetResourceTypeXCLOUD.py          |  2 +-
 ...XCloudAdditionalAlertInformationWidget.yml |  2 +-
 ...udAdditionalAlertInformationWidget_test.py |  3 +-
 4 files changed, 16 insertions(+), 26 deletions(-)

diff --git a/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json b/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json
index bf7aac797ebe..61fa792926e5 100644
--- a/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json
+++ b/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json
@@ -5,32 +5,23 @@
     "rule_name": "Cloud Alerts Layout Rule",
     "alerts_filter": {
         "filter": {
-            "AND": [
+              "OR": [
                 {
-                    "SEARCH_FIELD": "alert_source",
-                    "SEARCH_TYPE": "EQ",
-                    "SEARCH_VALUE": "MAGNIFIER"
+                  "SEARCH_FIELD": "cloud_provider",
+                  "SEARCH_TYPE": "EQ",
+                  "SEARCH_VALUE": "AWS"
                 },
                 {
-                  "OR": [
-                    {
-                      "SEARCH_FIELD": "cloud_provider",
-                      "SEARCH_TYPE": "EQ",
-                      "SEARCH_VALUE": "AWS"
-                    },
-                    {
-                      "SEARCH_FIELD": "cloud_provider",
-                      "SEARCH_TYPE": "EQ",
-                      "SEARCH_VALUE": "AZURE"
-                    },
-                    {
-                      "SEARCH_FIELD": "cloud_provider",
-                      "SEARCH_TYPE": "EQ",
-                      "SEARCH_VALUE": "GCP"
-                    }
-                  ]
+                  "SEARCH_FIELD": "cloud_provider",
+                  "SEARCH_TYPE": "EQ",
+                  "SEARCH_VALUE": "AZURE"
+                },
+                {
+                  "SEARCH_FIELD": "cloud_provider",
+                  "SEARCH_TYPE": "EQ",
+                  "SEARCH_VALUE": "GCP"
                 }
-            ]
+              ]
         }
     },
     "fromVersion": "6.10.0"
diff --git a/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py b/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py
index 1fcc0bf34349..db9385be1500 100644
--- a/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py
+++ b/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py
@@ -7,7 +7,7 @@
 def main():
     try:
         alert = demisto.context().get('Core', {}).get('OriginalAlert')[0]
-        if alert.get('raw_abioc') == None:
+        if alert.get("raw_abioc") is None:
             event = alert.get('event')
         else:
             event = alert.get('raw_abioc').get('event')
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
index a9775e4e4746..13ad656a2d48 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
@@ -11,7 +11,7 @@ enabled: true
 scripttarget: 0
 subtype: python3
 runonce: false
-dockerimage: demisto/python3:3.10.13.80593
+dockerimage: demisto/python3:3.10.13.82467
 runas: DBotWeakRole
 engineinfo: {}
 fromversion: 6.10.0
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 307a3b168730..d4dd3ffeb9cc 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -1,6 +1,5 @@
 import unittest
 from unittest.mock import patch
-import pytest
 from XCloudAdditionalAlertInformationWidget import get_additonal_info
 
 
@@ -34,7 +33,7 @@ def test_get_additonal_info(self, mock_context):
                             'User Agent': 'Browser1'}]
 
         result = get_additonal_info()
-        self.assertEqual(result, expected_result)
+        assert result == expected_result
 
     # Add more test cases as needed
 

From 23a6da926981d7b834998ba9575e23afc06fa86e Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Tue, 5 Dec 2023 14:09:55 +0200
Subject: [PATCH 07/63] Updated RN Fixed issue with the widget

---
 .../ReleaseNotes/1_0_9.md                     | 21 +++++++++++++++++++
 .../EntryWidgetResourceTypeXCLOUD.py          |  4 +++-
 .../CloudIncidentResponse/pack_metadata.json  |  2 +-
 3 files changed, 25 insertions(+), 2 deletions(-)
 create mode 100644 Packs/CloudIncidentResponse/ReleaseNotes/1_0_9.md

diff --git a/Packs/CloudIncidentResponse/ReleaseNotes/1_0_9.md b/Packs/CloudIncidentResponse/ReleaseNotes/1_0_9.md
new file mode 100644
index 000000000000..a93026d8fb38
--- /dev/null
+++ b/Packs/CloudIncidentResponse/ReleaseNotes/1_0_9.md
@@ -0,0 +1,21 @@
+
+#### Layout Rules
+
+##### New: Cloud Alerts Layout Rule
+
+- New: Cloud Alerts layout Rule (Available from Cortex XSIAM 2.0).
+
+#### Layouts
+
+##### New: Cloud Alerts
+
+- New: Cloud Alerts layout  (Available from Cortex XSIAM 2.0).
+
+#### Scripts
+
+##### New: XCloudAdditionalAlertInformationWidget
+
+- New: This script retrieves additional original alert information from the context. (Available from Cortex XCLOUD).
+##### EntryWidgetResourceTypeXCLOUD
+
+Fixed a bug when the required context key was defined as list.
diff --git a/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py b/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py
index db9385be1500..9a4ee4416c5c 100644
--- a/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py
+++ b/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py
@@ -6,7 +6,9 @@
 
 def main():
     try:
-        alert = demisto.context().get('Core', {}).get('OriginalAlert')[0]
+        alert = demisto.context().get('Core', {}).get('OriginalAlert')
+        if isinstance(alert, list):
+            alert = alert[0]
         if alert.get("raw_abioc") is None:
             event = alert.get('event')
         else:
diff --git a/Packs/CloudIncidentResponse/pack_metadata.json b/Packs/CloudIncidentResponse/pack_metadata.json
index 1162ab0f1ba5..da26f7874a52 100644
--- a/Packs/CloudIncidentResponse/pack_metadata.json
+++ b/Packs/CloudIncidentResponse/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Cloud Incident Response",
     "description": "This content Pack helps you automate collection, investigation, and remediation of incidents related to cloud infrastructure activities in AWS, Azure, and GCP.",
     "support": "xsoar",
-    "currentVersion": "1.0.8",
+    "currentVersion": "1.0.9",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

From b23650d390a63e8e74ed2da48d57f282f96d80e1 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Tue, 5 Dec 2023 14:49:46 +0200
Subject: [PATCH 08/63] Removed un-required script

---
 Packs/CloudIncidentResponse/ReleaseNotes/1_0_9.md        | 3 ---
 .../EntryWidgetResourceTypeXCLOUD.py                     | 9 ++-------
 2 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/Packs/CloudIncidentResponse/ReleaseNotes/1_0_9.md b/Packs/CloudIncidentResponse/ReleaseNotes/1_0_9.md
index a93026d8fb38..587276b9f0dd 100644
--- a/Packs/CloudIncidentResponse/ReleaseNotes/1_0_9.md
+++ b/Packs/CloudIncidentResponse/ReleaseNotes/1_0_9.md
@@ -16,6 +16,3 @@
 ##### New: XCloudAdditionalAlertInformationWidget
 
 - New: This script retrieves additional original alert information from the context. (Available from Cortex XCLOUD).
-##### EntryWidgetResourceTypeXCLOUD
-
-Fixed a bug when the required context key was defined as list.
diff --git a/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py b/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py
index 9a4ee4416c5c..2c15c51d0c98 100644
--- a/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py
+++ b/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py
@@ -6,13 +6,8 @@
 
 def main():
     try:
-        alert = demisto.context().get('Core', {}).get('OriginalAlert')
-        if isinstance(alert, list):
-            alert = alert[0]
-        if alert.get("raw_abioc") is None:
-            event = alert.get('event')
-        else:
-            event = alert.get('raw_abioc').get('event')
+        alert = demisto.context().get('Core', {}).get('OriginalAlert')[0]
+        event = alert.get('event')
         resourceType = event.get('resource_type_orig')
 
         html = f"<h1 style='{BLACK_HTML_STYLE}'>{str(resourceType)}</h1>"

From 32dad841913b8b8bd8628bddea660c7417958a4a Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Tue, 5 Dec 2023 14:51:05 +0200
Subject: [PATCH 09/63] Removed un-required script

---
 .../XCloudAdditionalAlertInformationWidget_test.py            | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index d4dd3ffeb9cc..678e895908c7 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -18,9 +18,7 @@ class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
                                                                                       'user_agent': 'Browser1'}}]}})
     def test_get_additonal_info(self, mock_context):
         # Test with a mock context containing one original alert
-        expected_result = [{'Alert Full Description': None,
-                            'Detection Module': None,
-                            'Vendor': 'Vendor1',
+        expected_result = [{'Vendor': 'Vendor1',
                             'Provider': 'AWS',
                             'Log Name': 'SecurityLog',
                             'Event Type': 'Event1',

From 0402f5cc07b6f06e67987091e68a13401205c561 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Tue, 5 Dec 2023 15:17:29 +0200
Subject: [PATCH 10/63] Removed un-required script

---
 .../XCloudAdditionalAlertInformationWidget_test.py        | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 678e895908c7..265fc8f2dd77 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -5,7 +5,9 @@
 
 class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
 
-    @patch('demistomock.context', return_value={'Core': {'OriginalAlert': [{'event': {'vendor': 'Vendor1',
+    @patch('demistomock.context', return_value={'Core': {'OriginalAlert': [{'event': {'alert_full_description':'New cloud alert',
+                                                                                      'detection_modules':'BIOC',
+                                                                                      'vendor': 'Vendor1',
                                                                                       'cloud_provider': 'AWS',
                                                                                       'log_name': 'SecurityLog',
                                                                                       'raw_log': {'eventType': 'Event1'},
@@ -18,7 +20,9 @@ class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
                                                                                       'user_agent': 'Browser1'}}]}})
     def test_get_additonal_info(self, mock_context):
         # Test with a mock context containing one original alert
-        expected_result = [{'Vendor': 'Vendor1',
+        expected_result = [{'Alert Full Description':'New cloud alert',
+                            'Detection Module':'BIOC',
+                            'Vendor': 'Vendor1',
                             'Provider': 'AWS',
                             'Log Name': 'SecurityLog',
                             'Event Type': 'Event1',

From bace01325e6960b432d939cd59ea7b064f64daba Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Tue, 5 Dec 2023 15:18:58 +0200
Subject: [PATCH 11/63] Removed un-required script

---
 .../XCloudAdditionalAlertInformationWidget_test.py        | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 265fc8f2dd77..831662223d79 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -5,8 +5,8 @@
 
 class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
 
-    @patch('demistomock.context', return_value={'Core': {'OriginalAlert': [{'event': {'alert_full_description':'New cloud alert',
-                                                                                      'detection_modules':'BIOC',
+    @patch('demistomock.context', return_value={'Core': {'OriginalAlert': [{'event': {'alert_full_description': 'New cloud alert',
+                                                                                      'detection_modules': 'BIOC',
                                                                                       'vendor': 'Vendor1',
                                                                                       'cloud_provider': 'AWS',
                                                                                       'log_name': 'SecurityLog',
@@ -20,8 +20,8 @@ class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
                                                                                       'user_agent': 'Browser1'}}]}})
     def test_get_additonal_info(self, mock_context):
         # Test with a mock context containing one original alert
-        expected_result = [{'Alert Full Description':'New cloud alert',
-                            'Detection Module':'BIOC',
+        expected_result = [{'Alert Full Description': 'New cloud alert',
+                            'Detection Module': 'BIOC',
                             'Vendor': 'Vendor1',
                             'Provider': 'AWS',
                             'Log Name': 'SecurityLog',

From 992e774bcfe1fe444c5251a897a9cde1d4bd90fc Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Tue, 5 Dec 2023 18:40:12 +0200
Subject: [PATCH 12/63] Added tests

---
 .../XCloudAdditionalAlertInformationWidget.py | 17 +++++++++++------
 ...udAdditionalAlertInformationWidget_test.py | 19 +++++++++++++++++--
 2 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
index fe08982a07c6..7fd2c3179083 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
@@ -36,6 +36,15 @@ def get_additonal_info() -> List[Dict]:
     return results
 
 
+def verify_list_type(original_alert_data):
+    if isinstance(original_alert_data, list):
+        res = original_alert_data[0].get('EntryContext')
+        res['OriginalAlert'] = res.pop('Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)')
+        if isinstance(res['OriginalAlert'], list):
+            res['OriginalAlert'] = res['OriginalAlert'][0]
+        return res
+
+
 ''' MAIN FUNCTION '''
 
 
@@ -46,11 +55,7 @@ def main():
         if not core_alert_context.get('OriginalAlert'):
             original_alert_data = demisto.executeCommand('core-get-cloud-original-alerts', {"alert_ids": alert_context.get('id')})
             if original_alert_data:
-                if isinstance(original_alert_data, list):
-                    res = original_alert_data[0].get('EntryContext')
-                    res['OriginalAlert'] = res.pop('Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)')
-                    if isinstance(res['OriginalAlert'], list):
-                        res['OriginalAlert'] = res['OriginalAlert'][0]
+                res = verify_list_type(original_alert_data)
                 demisto.executeCommand('SetByIncidentId', {"key": "Core", "value": res, "id": alert_context.get('id')})
         results = get_additonal_info()
         command_results = CommandResults(
@@ -64,4 +69,4 @@ def main():
 ''' ENTRY POINT '''
 
 if __name__ in ('__main__', '__builtin__', 'builtins'):
-    main()
+    main()
\ No newline at end of file
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 831662223d79..3f895282811a 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -1,6 +1,6 @@
 import unittest
 from unittest.mock import patch
-from XCloudAdditionalAlertInformationWidget import get_additonal_info
+from XCloudAdditionalAlertInformationWidget import *
 
 
 class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
@@ -37,7 +37,22 @@ def test_get_additonal_info(self, mock_context):
         result = get_additonal_info()
         assert result == expected_result
 
-    # Add more test cases as needed
+    def test_verify_list_type_dict(self):
+        input_dict = {"EntryContext": {"Core.OriginalAlert": {"id": "123"}}}
+        expected_output = {"EntryContext": {"OriginalAlert": {"id": "123"}}}
+        output = verify_list_type(input_dict)
+        self.assertEqual(output, expected_output)
+
+    def test_verify_list_type_list(self):
+        input_list = [{"EntryContext": {"Core.OriginalAlert": {"id": "123"}}}]
+        expected_output = {"EntryContext": {"OriginalAlert": {"id": "123"}}}
+        output = verify_list_type(input_list)
+        self.assertEqual(output, expected_output)
+
+    def test_verify_list_type_empty(self):
+        input = None
+        with self.assertRaises(Exception):
+            verify_list_type(input)
 
 
 if __name__ == '__main__':

From a78ad4a826db56594c69b376148638cde7410de4 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 12:34:28 +0200
Subject: [PATCH 13/63] Added a test for main

---
 ...oudAdditionalAlertInformationWidget_test.py | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 3f895282811a..bc9c111068d7 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -34,8 +34,8 @@ def test_get_additonal_info(self, mock_context):
                             'Operation Status': 'Success',
                             'User Agent': 'Browser1'}]
 
-        result = get_additonal_info()
-        assert result == expected_result
+        result = get_additonal_info()  # Corrected function name
+        self.assertEqual(result, expected_result)
 
     def test_verify_list_type_dict(self):
         input_dict = {"EntryContext": {"Core.OriginalAlert": {"id": "123"}}}
@@ -54,6 +54,20 @@ def test_verify_list_type_empty(self):
         with self.assertRaises(Exception):
             verify_list_type(input)
 
+    @patch('demistomock.executeCommand')
+    @patch('demistomock.return_results')
+    def test_main(self, mock_execute_command, mock_return_results):
+        # Set up mocks
+        mock_execute_command.side_effect = [
+            [{'Contents': [{'some_key': 'some_value'}]}],  # Return value for 'core-get-cloud-original-alerts'
+        ]
+
+        # Call the main function
+        main()
+
+        # Assert that the necessary functions and methods were called
+        mock_execute_command.assert_called_with('core-get-cloud-original-alerts', {"alert_ids": 'some_id'})
+        mock_return_results.assert_called_once()
 
 if __name__ == '__main__':
     unittest.main()

From c63e93d1fba773d0c92e457945223b4271527169 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 13:32:51 +0200
Subject: [PATCH 14/63] Added a test for main

---
 .../XCloudAdditionalAlertInformationWidget_test.py            | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index bc9c111068d7..b52d147a0364 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -1,5 +1,7 @@
 import unittest
 from unittest.mock import patch
+
+from Packs.CloudIncidentResponse.Scripts.XCloudAdditionalAlertInformationWidget import XCloudAdditionalAlertInformationWidget
 from XCloudAdditionalAlertInformationWidget import *
 
 
@@ -63,7 +65,7 @@ def test_main(self, mock_execute_command, mock_return_results):
         ]
 
         # Call the main function
-        main()
+        XCloudAdditionalAlertInformationWidget.main()
 
         # Assert that the necessary functions and methods were called
         mock_execute_command.assert_called_with('core-get-cloud-original-alerts', {"alert_ids": 'some_id'})

From 0206f8e5c7fb734008cade2cd23b7a330d39c3e2 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 13:37:48 +0200
Subject: [PATCH 15/63] Added a test for main

---
 .../XCloudAdditionalAlertInformationWidget_test.py              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index b52d147a0364..2b132a2a615b 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -65,7 +65,7 @@ def test_main(self, mock_execute_command, mock_return_results):
         ]
 
         # Call the main function
-        XCloudAdditionalAlertInformationWidget.main()
+        XCloudAdditionalAlertInformationWidget()
 
         # Assert that the necessary functions and methods were called
         mock_execute_command.assert_called_with('core-get-cloud-original-alerts', {"alert_ids": 'some_id'})

From 38d519e5ad8de37d23665b0e722626f82e33069a Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 13:59:45 +0200
Subject: [PATCH 16/63] Added a test for main

---
 .../XCloudAdditionalAlertInformationWidget.py              | 3 ++-
 .../XCloudAdditionalAlertInformationWidget_test.py         | 7 ++++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
index 7fd2c3179083..70e91b74ba9a 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
@@ -43,6 +43,7 @@ def verify_list_type(original_alert_data):
         if isinstance(res['OriginalAlert'], list):
             res['OriginalAlert'] = res['OriginalAlert'][0]
         return res
+    return None
 
 
 ''' MAIN FUNCTION '''
@@ -69,4 +70,4 @@ def main():
 ''' ENTRY POINT '''
 
 if __name__ in ('__main__', '__builtin__', 'builtins'):
-    main()
\ No newline at end of file
+    main()
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 2b132a2a615b..516d22085786 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -37,19 +37,19 @@ def test_get_additonal_info(self, mock_context):
                             'User Agent': 'Browser1'}]
 
         result = get_additonal_info()  # Corrected function name
-        self.assertEqual(result, expected_result)
+        assert result == expected_result
 
     def test_verify_list_type_dict(self):
         input_dict = {"EntryContext": {"Core.OriginalAlert": {"id": "123"}}}
         expected_output = {"EntryContext": {"OriginalAlert": {"id": "123"}}}
         output = verify_list_type(input_dict)
-        self.assertEqual(output, expected_output)
+        assert output == expected_output
 
     def test_verify_list_type_list(self):
         input_list = [{"EntryContext": {"Core.OriginalAlert": {"id": "123"}}}]
         expected_output = {"EntryContext": {"OriginalAlert": {"id": "123"}}}
         output = verify_list_type(input_list)
-        self.assertEqual(output, expected_output)
+        assert output == expected_output
 
     def test_verify_list_type_empty(self):
         input = None
@@ -71,5 +71,6 @@ def test_main(self, mock_execute_command, mock_return_results):
         mock_execute_command.assert_called_with('core-get-cloud-original-alerts', {"alert_ids": 'some_id'})
         mock_return_results.assert_called_once()
 
+
 if __name__ == '__main__':
     unittest.main()

From 0c479b7af5c0e2a7c70ab9c7681cb2a2c43d78dd Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 16:17:01 +0200
Subject: [PATCH 17/63] Updated main test

---
 ...udAdditionalAlertInformationWidget_test.py | 27 +++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 516d22085786..57cfcf1e05b3 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -56,21 +56,44 @@ def test_verify_list_type_empty(self):
         with self.assertRaises(Exception):
             verify_list_type(input)
 
+    @patch('demistomock.investigation')
+    @patch('demistomock.context')
     @patch('demistomock.executeCommand')
     @patch('demistomock.return_results')
-    def test_main(self, mock_execute_command, mock_return_results):
+    def test_main_success(self, mock_investigation, mock_context, mock_execute_command, mock_return_results):
         # Set up mocks
+        mock_investigation.return_value = {'id': 'some_id'}
+        mock_context.return_value = {'Core': {'OriginalAlert': True}}
         mock_execute_command.side_effect = [
             [{'Contents': [{'some_key': 'some_value'}]}],  # Return value for 'core-get-cloud-original-alerts'
         ]
 
         # Call the main function
-        XCloudAdditionalAlertInformationWidget()
+        main()
 
         # Assert that the necessary functions and methods were called
+        mock_investigation.assert_called_once()
+        mock_context.assert_called_once()
         mock_execute_command.assert_called_with('core-get-cloud-original-alerts', {"alert_ids": 'some_id'})
         mock_return_results.assert_called_once()
 
+    @patch('demistomock.investigation')
+    @patch('demistomock.context')
+    @patch('demistomock.executeCommand')
+    @patch('demistomock.return_results')
+    def test_main_exception(self, mock_investigation, mock_context, mock_execute_command, mock_return_results):
+        # Set up mocks
+        mock_investigation.side_effect = Exception('Some error')
+
+        # Call the main function
+        main()
+
+        # Assert that the necessary functions and methods were called
+        mock_investigation.assert_called_once()
+        mock_context.assert_not_called()
+        mock_execute_command.assert_not_called()
+        mock_return_results.assert_not_called()
+
 
 if __name__ == '__main__':
     unittest.main()

From 0088db33b1fe40e4975ee5edbfbae8b876d8e93f Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 16:31:58 +0200
Subject: [PATCH 18/63] Updated main test

---
 .../XCloudAdditionalAlertInformationWidget.yml         |  1 +
 .../XCloudAdditionalAlertInformationWidget_test.py     | 10 ++++++----
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
index 13ad656a2d48..b3f5477160ab 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
@@ -15,5 +15,6 @@ dockerimage: demisto/python3:3.10.13.82467
 runas: DBotWeakRole
 engineinfo: {}
 fromversion: 6.10.0
+marketplace: marketplacev2
 tests:
 - No tests (auto formatted)
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 57cfcf1e05b3..cbcb5e5cdbf7 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -40,16 +40,18 @@ def test_get_additonal_info(self, mock_context):
         assert result == expected_result
 
     def test_verify_list_type_dict(self):
-        input_dict = {"EntryContext": {"Core.OriginalAlert": {"id": "123"}}}
+        input_dict = {
+            "EntryContext": {"Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)": {"id": "123"}}}
         expected_output = {"EntryContext": {"OriginalAlert": {"id": "123"}}}
         output = verify_list_type(input_dict)
-        assert output == expected_output
+        self.assertEqual(output, expected_output)
 
     def test_verify_list_type_list(self):
-        input_list = [{"EntryContext": {"Core.OriginalAlert": {"id": "123"}}}]
+        input_list = [
+            {"EntryContext": {"Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)": {"id": "123"}}}]
         expected_output = {"EntryContext": {"OriginalAlert": {"id": "123"}}}
         output = verify_list_type(input_list)
-        assert output == expected_output
+        self.assertEqual(output, expected_output)
 
     def test_verify_list_type_empty(self):
         input = None

From b05c83e81cbe2546acbff7f738ac9bc069e0dbca Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 16:43:08 +0200
Subject: [PATCH 19/63] Updated main test

---
 .../XCloudAdditionalAlertInformationWidget_test.py  | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index cbcb5e5cdbf7..b13ff515461d 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -40,23 +40,24 @@ def test_get_additonal_info(self, mock_context):
         assert result == expected_result
 
     def test_verify_list_type_dict(self):
-        input_dict = {
-            "EntryContext": {"Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)": {"id": "123"}}}
-        expected_output = {"EntryContext": {"OriginalAlert": {"id": "123"}}}
+        input_dict = [{
+            "EntryContext": {"Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)": {"id": "123"}}}]
+        expected_output =  {"OriginalAlert": {"id": "123"}}
         output = verify_list_type(input_dict)
         self.assertEqual(output, expected_output)
 
     def test_verify_list_type_list(self):
         input_list = [
             {"EntryContext": {"Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)": {"id": "123"}}}]
-        expected_output = {"EntryContext": {"OriginalAlert": {"id": "123"}}}
+        expected_output = {"OriginalAlert": {"id": "123"}}
         output = verify_list_type(input_list)
         self.assertEqual(output, expected_output)
 
     def test_verify_list_type_empty(self):
         input = None
-        with self.assertRaises(Exception):
-            verify_list_type(input)
+        expected_output = None
+        output = verify_list_type(input)
+        self.assertEqual(output, expected_output)
 
     @patch('demistomock.investigation')
     @patch('demistomock.context')

From 4395f17ef9cacbccde8c7e95eb7c1627ab6a4d8f Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 17:26:24 +0200
Subject: [PATCH 20/63] Updated main test

---
 .../XCloudAdditionalAlertInformationWidget_test.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index b13ff515461d..5ece5c6388a7 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -7,8 +7,8 @@
 
 class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
 
-    @patch('demistomock.context', return_value={'Core': {'OriginalAlert': [{'event': {'alert_full_description': 'New cloud alert',
-                                                                                      'detection_modules': 'BIOC',
+    @patch('demistomock.context', return_value={'Core': {'OriginalAlert': [{'event': {'alert_full_description': None,
+                                                                                      'detection_modules': None,
                                                                                       'vendor': 'Vendor1',
                                                                                       'cloud_provider': 'AWS',
                                                                                       'log_name': 'SecurityLog',
@@ -22,13 +22,13 @@ class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
                                                                                       'user_agent': 'Browser1'}}]}})
     def test_get_additonal_info(self, mock_context):
         # Test with a mock context containing one original alert
-        expected_result = [{'Alert Full Description': 'New cloud alert',
-                            'Detection Module': 'BIOC',
+        expected_result = [{'Alert Full Description': None,
+                            'Detection Module': None,
                             'Vendor': 'Vendor1',
                             'Provider': 'AWS',
                             'Log Name': 'SecurityLog',
                             'Event Type': 'Event1',
-                            'Caller IP': '192.168.1.1',
+                            'Caller IP': None,
                             'Caller IP Geo Location': 'Location1',
                             'Resource Type': 'ResourceType1',
                             'Identity Name': 'User1',
@@ -62,7 +62,7 @@ def test_verify_list_type_empty(self):
     @patch('demistomock.investigation')
     @patch('demistomock.context')
     @patch('demistomock.executeCommand')
-    @patch('demistomock.return_results')
+    @patch('CommonServerPython.return_results')
     def test_main_success(self, mock_investigation, mock_context, mock_execute_command, mock_return_results):
         # Set up mocks
         mock_investigation.return_value = {'id': 'some_id'}
@@ -83,7 +83,7 @@ def test_main_success(self, mock_investigation, mock_context, mock_execute_comma
     @patch('demistomock.investigation')
     @patch('demistomock.context')
     @patch('demistomock.executeCommand')
-    @patch('demistomock.return_results')
+    @patch('CommonServerPython.return_results')
     def test_main_exception(self, mock_investigation, mock_context, mock_execute_command, mock_return_results):
         # Set up mocks
         mock_investigation.side_effect = Exception('Some error')

From c1cbcefbf6676ed5bc0575f6110766356797f4d3 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 17:37:01 +0200
Subject: [PATCH 21/63] removed main tests

---
 ...udAdditionalAlertInformationWidget_test.py | 38 -------------------
 1 file changed, 38 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 5ece5c6388a7..2bc12567c2ed 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -59,44 +59,6 @@ def test_verify_list_type_empty(self):
         output = verify_list_type(input)
         self.assertEqual(output, expected_output)
 
-    @patch('demistomock.investigation')
-    @patch('demistomock.context')
-    @patch('demistomock.executeCommand')
-    @patch('CommonServerPython.return_results')
-    def test_main_success(self, mock_investigation, mock_context, mock_execute_command, mock_return_results):
-        # Set up mocks
-        mock_investigation.return_value = {'id': 'some_id'}
-        mock_context.return_value = {'Core': {'OriginalAlert': True}}
-        mock_execute_command.side_effect = [
-            [{'Contents': [{'some_key': 'some_value'}]}],  # Return value for 'core-get-cloud-original-alerts'
-        ]
-
-        # Call the main function
-        main()
-
-        # Assert that the necessary functions and methods were called
-        mock_investigation.assert_called_once()
-        mock_context.assert_called_once()
-        mock_execute_command.assert_called_with('core-get-cloud-original-alerts', {"alert_ids": 'some_id'})
-        mock_return_results.assert_called_once()
-
-    @patch('demistomock.investigation')
-    @patch('demistomock.context')
-    @patch('demistomock.executeCommand')
-    @patch('CommonServerPython.return_results')
-    def test_main_exception(self, mock_investigation, mock_context, mock_execute_command, mock_return_results):
-        # Set up mocks
-        mock_investigation.side_effect = Exception('Some error')
-
-        # Call the main function
-        main()
-
-        # Assert that the necessary functions and methods were called
-        mock_investigation.assert_called_once()
-        mock_context.assert_not_called()
-        mock_execute_command.assert_not_called()
-        mock_return_results.assert_not_called()
-
 
 if __name__ == '__main__':
     unittest.main()

From c0ca4a7c972172e310bdd2b07dab9b70b9350d77 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 18:13:53 +0200
Subject: [PATCH 22/63] removed main tests

---
 ...XCloudAdditionalAlertInformationWidget.yml |  1 -
 ...udAdditionalAlertInformationWidget_test.py | 27 ++++++++++++++++---
 2 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
index b3f5477160ab..13ad656a2d48 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
@@ -15,6 +15,5 @@ dockerimage: demisto/python3:3.10.13.82467
 runas: DBotWeakRole
 engineinfo: {}
 fromversion: 6.10.0
-marketplace: marketplacev2
 tests:
 - No tests (auto formatted)
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 2bc12567c2ed..887255d2220a 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -1,7 +1,5 @@
 import unittest
-from unittest.mock import patch
-
-from Packs.CloudIncidentResponse.Scripts.XCloudAdditionalAlertInformationWidget import XCloudAdditionalAlertInformationWidget
+from unittest.mock import patch, MagicMock
 from XCloudAdditionalAlertInformationWidget import *
 
 
@@ -59,6 +57,29 @@ def test_verify_list_type_empty(self):
         output = verify_list_type(input)
         self.assertEqual(output, expected_output)
 
+    @patch('demistomock.investigation', return_value={'id': 'mocked_id'})
+    @patch('demistomock.context', {})  # Simulating an empty context
+    @patch('CommonServerPython.return_error', side_effect=lambda x: exit(x))
+    @patch('sys.exit', side_effect=lambda x: exit(x))
+    def test_main_missing_original_alert(self, mock_sys_exit, mock_return_error, mock_context, mock_investigation):
+        # Call the main function
+        with self.assertRaises(SystemExit) as cm:
+            main()
+
+        # Ensure that sys.exit(0) is called during the test
+        mock_sys_exit.assert_called_once_with(0)
+
+        # Ensure that exit(0) is called
+        self.assertEqual(cm.exception.code, 0)
+
+        # Ensure that the mocked functions were called
+        mock_context.assert_called_once()
+        mock_investigation.assert_called_once()
+
+        # Check if context is empty, throw an exception
+        if not mock_context.return_value:
+            raise DemistoException(f"Expected 'context' to have 'Core' structure. Got: {mock_context.return_value}")
+
 
 if __name__ == '__main__':
     unittest.main()

From cd65e203b7dfc1e2c0cb70ad7796872b5a046e9e Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Thu, 7 Dec 2023 10:06:54 +0200
Subject: [PATCH 23/63] fixed tests

---
 .../XCloudAdditionalAlertInformationWidget.py |  2 +-
 ...udAdditionalAlertInformationWidget_test.py | 23 -------------------
 2 files changed, 1 insertion(+), 24 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
index 70e91b74ba9a..c9f2fc29bd50 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
@@ -49,7 +49,7 @@ def verify_list_type(original_alert_data):
 ''' MAIN FUNCTION '''
 
 
-def main():
+def main(): # pragma: no cover
     try:
         alert_context = demisto.investigation()
         core_alert_context = demisto.context().get('Core', {})
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 887255d2220a..b1a56efc4691 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -57,29 +57,6 @@ def test_verify_list_type_empty(self):
         output = verify_list_type(input)
         self.assertEqual(output, expected_output)
 
-    @patch('demistomock.investigation', return_value={'id': 'mocked_id'})
-    @patch('demistomock.context', {})  # Simulating an empty context
-    @patch('CommonServerPython.return_error', side_effect=lambda x: exit(x))
-    @patch('sys.exit', side_effect=lambda x: exit(x))
-    def test_main_missing_original_alert(self, mock_sys_exit, mock_return_error, mock_context, mock_investigation):
-        # Call the main function
-        with self.assertRaises(SystemExit) as cm:
-            main()
-
-        # Ensure that sys.exit(0) is called during the test
-        mock_sys_exit.assert_called_once_with(0)
-
-        # Ensure that exit(0) is called
-        self.assertEqual(cm.exception.code, 0)
-
-        # Ensure that the mocked functions were called
-        mock_context.assert_called_once()
-        mock_investigation.assert_called_once()
-
-        # Check if context is empty, throw an exception
-        if not mock_context.return_value:
-            raise DemistoException(f"Expected 'context' to have 'Core' structure. Got: {mock_context.return_value}")
-
 
 if __name__ == '__main__':
     unittest.main()

From 887c162127e77790622c0c5c4df41a793af547f0 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Thu, 7 Dec 2023 10:38:29 +0200
Subject: [PATCH 24/63] added MP

---
 .../XCloudAdditionalAlertInformationWidget.yml                  | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
index 13ad656a2d48..689ddfae3f22 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
@@ -15,5 +15,7 @@ dockerimage: demisto/python3:3.10.13.82467
 runas: DBotWeakRole
 engineinfo: {}
 fromversion: 6.10.0
+marketplaces:
+- marketplacev2
 tests:
 - No tests (auto formatted)

From 567d1dbe42eb99dfde1db7f718a326565ea3a659 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Thu, 7 Dec 2023 10:39:45 +0200
Subject: [PATCH 25/63] added MP

---
 .../Layouts/layoutscontainer-Cloud_Alerts.json                   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json b/Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json
index e9a0efd706a0..a0bb2f268d22 100644
--- a/Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json
+++ b/Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json
@@ -1385,5 +1385,6 @@
     "system": false,
     "version": -1,
     "fromVersion": "6.10.0",
+    "marketplaces": ["marketplacev2"],
     "description": ""
 }
\ No newline at end of file

From 066ad11f0b6d8eae287c5fe573ca0b4533376200 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Thu, 7 Dec 2023 10:59:13 +0200
Subject: [PATCH 26/63] Updated README.md

---
 .../README.md                                 | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/README.md b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/README.md
index e69de29bb2d1..0e3c5c43a79e 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/README.md
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/README.md
@@ -0,0 +1,30 @@
+This script retrieves additional original alert information from the context.
+
+## Script Data
+
+---
+
+| **Name** | **Description** |
+| --- | --- |
+| Script Type | python3 |
+| Tags | dynamic-section |
+| Cortex XSOAR Version | 6.10.0 |
+
+## Dependencies
+
+---
+This script uses the following commands and scripts.
+
+* SetByIncidentId
+* core-get-cloud-original-alerts
+* Cortex Core - IR
+
+## Inputs
+
+---
+There are no inputs for this script.
+
+## Outputs
+
+---
+There are no outputs for this script.

From 27b04024397ffa9aff8ffb05f08f2617df085476 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Thu, 7 Dec 2023 12:27:08 +0200
Subject: [PATCH 27/63] Updated README.md

---
 .../XCloudAdditionalAlertInformationWidget.py                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
index c9f2fc29bd50..6c278d40bbb7 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
@@ -49,7 +49,7 @@ def verify_list_type(original_alert_data):
 ''' MAIN FUNCTION '''
 
 
-def main(): # pragma: no cover
+def main():  # pragma: no cover
     try:
         alert_context = demisto.investigation()
         core_alert_context = demisto.context().get('Core', {})

From 4badece67f80a9d4890f2626fd8d0dd518950836 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Thu, 7 Dec 2023 14:56:06 +0200
Subject: [PATCH 28/63] removed unrequited import

---
 .../XCloudAdditionalAlertInformationWidget.py                    | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
index 6c278d40bbb7..8354f6626322 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
@@ -1,4 +1,3 @@
-import demistomock as demisto  # noqa: F401
 from CommonServerPython import *  # noqa: F401
 
 

From 5e01472effaa23d06b77d83a2ec9387b921ecc28 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Thu, 7 Dec 2023 15:39:28 +0200
Subject: [PATCH 29/63] pre-commit

---
 .../XCloudAdditionalAlertInformationWidget_test.py     | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index b1a56efc4691..680a79d4c3c8 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -1,5 +1,5 @@
 import unittest
-from unittest.mock import patch, MagicMock
+from unittest.mock import patch
 from XCloudAdditionalAlertInformationWidget import *
 
 
@@ -40,22 +40,22 @@ def test_get_additonal_info(self, mock_context):
     def test_verify_list_type_dict(self):
         input_dict = [{
             "EntryContext": {"Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)": {"id": "123"}}}]
-        expected_output =  {"OriginalAlert": {"id": "123"}}
+        expected_output = {"OriginalAlert": {"id": "123"}}
         output = verify_list_type(input_dict)
-        self.assertEqual(output, expected_output)
+        assert output == expected_output
 
     def test_verify_list_type_list(self):
         input_list = [
             {"EntryContext": {"Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)": {"id": "123"}}}]
         expected_output = {"OriginalAlert": {"id": "123"}}
         output = verify_list_type(input_list)
-        self.assertEqual(output, expected_output)
+        assert output == expected_output
 
     def test_verify_list_type_empty(self):
         input = None
         expected_output = None
         output = verify_list_type(input)
-        self.assertEqual(output, expected_output)
+        assert output == expected_output
 
 
 if __name__ == '__main__':

From d2673c88ac8d0aea23ebe6cecdc1bcd25c959001 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Sun, 17 Dec 2023 18:33:26 +0200
Subject: [PATCH 30/63] Updated RN description

---
 .../XCloudAdditionalAlertInformationWidget.yml                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
index 689ddfae3f22..1756f7738de6 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
@@ -11,7 +11,7 @@ enabled: true
 scripttarget: 0
 subtype: python3
 runonce: false
-dockerimage: demisto/python3:3.10.13.82467
+dockerimage: demisto/python3:3.10.13.83255
 runas: DBotWeakRole
 engineinfo: {}
 fromversion: 6.10.0

From 26431514be63316f7134489d36dfedd1f2682d5d Mon Sep 17 00:00:00 2001
From: Content Bot <bot@demisto.com>
Date: Wed, 20 Dec 2023 09:33:10 +0000
Subject: [PATCH 31/63] Bump pack from version CloudIncidentResponse to 1.0.10.

---
 .../ReleaseNotes/1_0_10.md                     | 18 ++++++++++++++++++
 Packs/CloudIncidentResponse/pack_metadata.json |  2 +-
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 Packs/CloudIncidentResponse/ReleaseNotes/1_0_10.md

diff --git a/Packs/CloudIncidentResponse/ReleaseNotes/1_0_10.md b/Packs/CloudIncidentResponse/ReleaseNotes/1_0_10.md
new file mode 100644
index 000000000000..587276b9f0dd
--- /dev/null
+++ b/Packs/CloudIncidentResponse/ReleaseNotes/1_0_10.md
@@ -0,0 +1,18 @@
+
+#### Layout Rules
+
+##### New: Cloud Alerts Layout Rule
+
+- New: Cloud Alerts layout Rule (Available from Cortex XSIAM 2.0).
+
+#### Layouts
+
+##### New: Cloud Alerts
+
+- New: Cloud Alerts layout  (Available from Cortex XSIAM 2.0).
+
+#### Scripts
+
+##### New: XCloudAdditionalAlertInformationWidget
+
+- New: This script retrieves additional original alert information from the context. (Available from Cortex XCLOUD).
diff --git a/Packs/CloudIncidentResponse/pack_metadata.json b/Packs/CloudIncidentResponse/pack_metadata.json
index da26f7874a52..a5009ba0f288 100644
--- a/Packs/CloudIncidentResponse/pack_metadata.json
+++ b/Packs/CloudIncidentResponse/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Cloud Incident Response",
     "description": "This content Pack helps you automate collection, investigation, and remediation of incidents related to cloud infrastructure activities in AWS, Azure, and GCP.",
     "support": "xsoar",
-    "currentVersion": "1.0.9",
+    "currentVersion": "1.0.10",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

From 16cc78f0d9dc47468169a0578b9ee3b177437ffb Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 20 Dec 2023 12:35:23 +0200
Subject: [PATCH 32/63] alert source

---
 .../LayoutRules/layoutrule-Cloud_Alerts.json  | 52 +++++++++++++------
 1 file changed, 35 insertions(+), 17 deletions(-)

diff --git a/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json b/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json
index 61fa792926e5..b22984f07846 100644
--- a/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json
+++ b/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json
@@ -5,23 +5,41 @@
     "rule_name": "Cloud Alerts Layout Rule",
     "alerts_filter": {
         "filter": {
-              "OR": [
-                {
-                  "SEARCH_FIELD": "cloud_provider",
-                  "SEARCH_TYPE": "EQ",
-                  "SEARCH_VALUE": "AWS"
-                },
-                {
-                  "SEARCH_FIELD": "cloud_provider",
-                  "SEARCH_TYPE": "EQ",
-                  "SEARCH_VALUE": "AZURE"
-                },
-                {
-                  "SEARCH_FIELD": "cloud_provider",
-                  "SEARCH_TYPE": "EQ",
-                  "SEARCH_VALUE": "GCP"
-                }
-              ]
+                "AND": [
+                    {
+                      "OR": [
+                        {
+                          "SEARCH_FIELD": "cloud_provider",
+                          "SEARCH_TYPE": "EQ",
+                          "SEARCH_VALUE": "AWS"
+                        },
+                        {
+                          "SEARCH_FIELD": "cloud_provider",
+                          "SEARCH_TYPE": "EQ",
+                          "SEARCH_VALUE": "AZURE"
+                        },
+                        {
+                          "SEARCH_FIELD": "cloud_provider",
+                          "SEARCH_TYPE": "EQ",
+                          "SEARCH_VALUE": "GCP"
+                        }
+                      ]
+                    },
+                    {
+                      "OR": [
+                        {
+                          "SEARCH_FIELD": "alert_source",
+                          "SEARCH_TYPE": "EQ",
+                          "SEARCH_VALUE": "ANALYTICS_BIOC"
+                        },
+                        {
+                          "SEARCH_FIELD": "alert_source",
+                          "SEARCH_TYPE": "EQ",
+                          "SEARCH_VALUE": "MAGNIFIER"
+                        }
+                      ]
+                    }
+                  ]
         }
     },
     "fromVersion": "6.10.0"

From 2df4be82b846b20e25fc0f5cf47853122c2f5137 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Sun, 26 Nov 2023 13:57:20 +0200
Subject: [PATCH 33/63] Added missing scripts

---
 .../README.md                                 |  0
 .../XCloudAdditionalAlertInformationWidget.py | 56 +++++++++++++++++++
 ...XCloudAdditionalAlertInformationWidget.yml | 19 +++++++
 ...udAdditionalAlertInformationWidget_test.py | 41 ++++++++++++++
 4 files changed, 116 insertions(+)
 create mode 100644 Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/README.md
 create mode 100644 Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
 create mode 100644 Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
 create mode 100644 Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/README.md b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/README.md
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
new file mode 100644
index 000000000000..2a25d688ee62
--- /dev/null
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
@@ -0,0 +1,56 @@
+import demistomock as demisto  # noqa: F401
+from CommonServerPython import *  # noqa: F401
+
+
+''' COMMAND FUNCTION '''
+
+
+def get_additonal_info() -> List[Dict]:
+    alerts = demisto.context().get('Core', {}).get('OriginalAlert')
+    if not alerts:
+        raise DemistoException('Original Alert is not configured in context')
+    if not isinstance(alerts, list):
+        alerts = [alerts]
+
+    results = []
+    for alert in alerts:
+        alert_event = alert.get('event')
+        res = {'Alert Full Description': alert.get('alert_full_description'),
+               'Detection Module': alert.get('detection_modules'),
+               'Vendor': alert_event.get('vendor'),
+               'Provider': alert_event.get('cloud_provider'),
+               'Log Name': alert_event.get('log_name'),
+               'Event Type': demisto.get(alert_event, 'raw_log.eventType'),
+               'Caller IP': alert_event.get('caller_ip'),
+               'Caller IP Geo Location': alert_event.get('caller_ip_geolocation'),
+               'Resource Type': alert_event.get('resource_type'),
+               'Identity Name': alert_event.get('identity_name'),
+               'Operation Name': alert_event.get('operation_name'),
+               'Operation Status': alert_event.get('operation_status'),
+               'User Agent': alert_event.get('user_agent')}
+        results.append(res)
+    indicators = [res.get('Caller IP') for res in results]
+    indicators_callable = indicators_value_to_clickable(indicators)
+    for res in results:
+        res['Caller IP'] = indicators_callable.get(res.get('Caller IP'))
+    return results
+
+
+''' MAIN FUNCTION '''
+
+
+def main():
+    try:
+        results = get_additonal_info()
+        command_results = CommandResults(
+            readable_output=tableToMarkdown('Original Alert Additional Information', results,
+                                            headers=list(results[0].keys()) if results else None))
+        return_results(command_results)
+    except Exception as ex:
+        return_error(f'Failed to execute AdditionalAlertInformationWidget. Error: {str(ex)}')
+
+
+''' ENTRY POINT '''
+
+if __name__ in ('__main__', '__builtin__', 'builtins'):
+    main()
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
new file mode 100644
index 000000000000..861270cb4bb2
--- /dev/null
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
@@ -0,0 +1,19 @@
+commonfields:
+  id: XCloudAdditionalAlertInformationWidget
+  version: -1
+name: XCloudAdditionalAlertInformationWidget
+script: ''
+type: python
+tags:
+- dynamic-section
+comment: This script retrieves additional original alert information from the context.
+enabled: true
+scripttarget: 0
+subtype: python3
+runonce: false
+dockerimage: demisto/python3:3.10.12.63474
+runas: DBotWeakRole
+engineinfo: {}
+fromversion: 6.10.0
+tests:
+- No tests (auto formatted)
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
new file mode 100644
index 000000000000..11c8c99f12b0
--- /dev/null
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -0,0 +1,41 @@
+import unittest
+from unittest.mock import patch
+import pytest
+from XCloudAdditionalAlertInformationWidget import get_additonal_info
+
+class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
+
+    @patch('demistomock.context', return_value={'Core': {'OriginalAlert': [{'event': {'vendor': 'Vendor1',
+                                                                                   'cloud_provider': 'AWS',
+                                                                                   'log_name': 'SecurityLog',
+                                                                                   'raw_log': {'eventType': 'Event1'},
+                                                                                   'caller_ip': '192.168.1.1',
+                                                                                   'caller_ip_geolocation': 'Location1',
+                                                                                   'resource_type': 'ResourceType1',
+                                                                                   'identity_name': 'User1',
+                                                                                   'operation_name': 'Operation1',
+                                                                                   'operation_status': 'Success',
+                                                                                   'user_agent': 'Browser1'}}]}})
+    def test_get_additonal_info(self, mock_context):
+        # Test with a mock context containing one original alert
+        expected_result = [{'Alert Full Description': None,
+                            'Detection Module': None,
+                            'Vendor': 'Vendor1',
+                            'Provider': 'AWS',
+                            'Log Name': 'SecurityLog',
+                            'Event Type': 'Event1',
+                            'Caller IP': '192.168.1.1',
+                            'Caller IP Geo Location': 'Location1',
+                            'Resource Type': 'ResourceType1',
+                            'Identity Name': 'User1',
+                            'Operation Name': 'Operation1',
+                            'Operation Status': 'Success',
+                            'User Agent': 'Browser1'}]
+
+        result = get_additonal_info()
+        self.assertEqual(result, expected_result)
+
+    # Add more test cases as needed
+
+if __name__ == '__main__':
+    unittest.main()

From bc7f9779128e5b014c597b922585ba02726cf541 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Sun, 26 Nov 2023 14:53:13 +0200
Subject: [PATCH 34/63] Added new layout rule Added new layout updated scripts

---
 .../LayoutRules/layoutrule-Cloud_Alerts.json  |   37 +
 .../layoutscontainer-Cloud_Alerts.json        | 1389 +++++++++++++++++
 ...XCloudAdditionalAlertInformationWidget.yml |    2 +-
 ...udAdditionalAlertInformationWidget_test.py |   22 +-
 4 files changed, 1439 insertions(+), 11 deletions(-)
 create mode 100644 Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json
 create mode 100644 Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json

diff --git a/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json b/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json
new file mode 100644
index 000000000000..bf7aac797ebe
--- /dev/null
+++ b/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json
@@ -0,0 +1,37 @@
+{
+    "rule_id": "Cloud_Alerts_rule",
+    "layout_id": "Cloud Alerts",
+    "description": "Default display for Cloud Alerts generated by XDR Analytics.",
+    "rule_name": "Cloud Alerts Layout Rule",
+    "alerts_filter": {
+        "filter": {
+            "AND": [
+                {
+                    "SEARCH_FIELD": "alert_source",
+                    "SEARCH_TYPE": "EQ",
+                    "SEARCH_VALUE": "MAGNIFIER"
+                },
+                {
+                  "OR": [
+                    {
+                      "SEARCH_FIELD": "cloud_provider",
+                      "SEARCH_TYPE": "EQ",
+                      "SEARCH_VALUE": "AWS"
+                    },
+                    {
+                      "SEARCH_FIELD": "cloud_provider",
+                      "SEARCH_TYPE": "EQ",
+                      "SEARCH_VALUE": "AZURE"
+                    },
+                    {
+                      "SEARCH_FIELD": "cloud_provider",
+                      "SEARCH_TYPE": "EQ",
+                      "SEARCH_VALUE": "GCP"
+                    }
+                  ]
+                }
+            ]
+        }
+    },
+    "fromVersion": "6.10.0"
+}
\ No newline at end of file
diff --git a/Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json b/Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json
new file mode 100644
index 000000000000..e9a0efd706a0
--- /dev/null
+++ b/Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json
@@ -0,0 +1,1389 @@
+{
+    "detailsV2": {
+        "tabs": [
+            {
+                "id": "summary",
+                "name": "Legacy Summary",
+                "type": "summary"
+            },
+            {
+                "id": "caseinfoid",
+                "name": "Alert Details",
+                "sections": [
+                    {
+                        "displayType": "ROW",
+                        "h": 4,
+                        "i": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-6aabad20-98b1-11e9-97d7-ed26ef9e46c8",
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Work Plan",
+                        "static": false,
+                        "type": "workplan",
+                        "w": 1,
+                        "x": 2,
+                        "y": 0
+                    },
+                    {
+                        "displayType": "ROW",
+                        "h": 2,
+                        "hideName": false,
+                        "i": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                        "items": [
+                            {
+                                "dropEffect": "move",
+                                "endCol": 3,
+                                "fieldId": "details",
+                                "height": 52,
+                                "id": "df4e6650-ffa4-11ed-8065-135924776b58",
+                                "index": 0,
+                                "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "xdrdescription",
+                                "height": 26,
+                                "id": "a79303f0-0d99-11ec-83df-e184d3cc52d9",
+                                "index": 1,
+                                "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "xdrincidentid",
+                                "height": 26,
+                                "id": "c2e0ea00-0d99-11ec-83df-e184d3cc52d9",
+                                "index": 1,
+                                "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "xdrurl",
+                                "height": 26,
+                                "id": "b2f7e2b0-0d99-11ec-83df-e184d3cc52d9",
+                                "index": 1,
+                                "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "xdralertcategory",
+                                "height": 26,
+                                "id": "a3301f00-0d99-11ec-83df-e184d3cc52d9",
+                                "index": 1,
+                                "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "xdralertname",
+                                "height": 26,
+                                "id": "a5953820-0d99-11ec-83df-e184d3cc52d9",
+                                "index": 1,
+                                "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "xdrdetectiontime",
+                                "height": 26,
+                                "id": "a9356950-0d99-11ec-83df-e184d3cc52d9",
+                                "index": 1,
+                                "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "dbotcreated",
+                                "height": 26,
+                                "id": "incident-created-field",
+                                "index": 1,
+                                "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "categoryname",
+                                "height": 26,
+                                "id": "298513a0-ffa4-11ed-8065-135924776b58",
+                                "index": 2,
+                                "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "severity",
+                                "height": 26,
+                                "id": "incident-severity-field",
+                                "index": 3,
+                                "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "xdrhostcount",
+                                "height": 26,
+                                "id": "d50dc6d0-0d99-11ec-83df-e184d3cc52d9",
+                                "index": 4,
+                                "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "xdrusercount",
+                                "height": 26,
+                                "id": "cf9fda80-0d99-11ec-83df-e184d3cc52d9",
+                                "index": 4,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "xdralertcount",
+                                "height": 26,
+                                "id": "a4bba100-0d99-11ec-83df-e184d3cc52d9",
+                                "index": 4,
+                                "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "xdrhighseverityalertcount",
+                                "height": 26,
+                                "id": "16aacde0-0d9a-11ec-83df-e184d3cc52d9",
+                                "index": 4,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "xdrmediumseverityalertcount",
+                                "height": 26,
+                                "id": "23c76ec0-0d9a-11ec-83df-e184d3cc52d9",
+                                "index": 4,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "xdrlowseverityalertcount",
+                                "height": 26,
+                                "id": "25413d80-0d9a-11ec-83df-e184d3cc52d9",
+                                "index": 4,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "playbookid",
+                                "height": 26,
+                                "id": "incident-playbookId-field",
+                                "index": 4,
+                                "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 6,
+                                "fieldId": "mitreattcktactic",
+                                "height": 26,
+                                "id": "41242d10-ffa5-11ed-8065-135924776b58",
+                                "index": 0,
+                                "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 4
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 6,
+                                "fieldId": "mitreattcktechnique",
+                                "height": 26,
+                                "id": "42aceff0-ffa5-11ed-8065-135924776b58",
+                                "index": 1,
+                                "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9",
+                                "sectionItemType": "field",
+                                "startCol": 4
+                            }
+                        ],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Alert Information",
+                        "static": false,
+                        "w": 2,
+                        "x": 0,
+                        "y": 0
+                    },
+                    {
+                        "displayType": "ROW",
+                        "h": 2,
+                        "hideName": false,
+                        "i": "caseinfoid-1ef783c0-4012-11ed-bd56-1f5a2b2d17b4",
+                        "items": [
+                            {
+                                "endCol": 2,
+                                "fieldId": "xdralerts",
+                                "height": 26,
+                                "id": "22a151e0-4012-11ed-bd56-1f5a2b2d17b4",
+                                "index": 0,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "cloudaccountid",
+                                "height": 26,
+                                "id": "45d156e0-ffa4-11ed-8065-135924776b58",
+                                "index": 0,
+                                "listId": "caseinfoid-1ef783c0-4012-11ed-bd56-1f5a2b2d17b4",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "cloudproject",
+                                "height": 26,
+                                "id": "671bd4b0-ffa4-11ed-8065-135924776b58",
+                                "index": 1,
+                                "listId": "caseinfoid-1ef783c0-4012-11ed-bd56-1f5a2b2d17b4",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "cloudidentitytype",
+                                "height": 26,
+                                "id": "38114a10-ffa4-11ed-8065-135924776b58",
+                                "index": 2,
+                                "listId": "caseinfoid-1ef783c0-4012-11ed-bd56-1f5a2b2d17b4",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "cloudoperationtype",
+                                "height": 26,
+                                "id": "5f71db10-ffa4-11ed-8065-135924776b58",
+                                "index": 3,
+                                "listId": "caseinfoid-1ef783c0-4012-11ed-bd56-1f5a2b2d17b4",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "cloudresourcetype",
+                                "height": 26,
+                                "id": "74d59ff0-ffa4-11ed-8065-135924776b58",
+                                "index": 4,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "cloudreferencedresource",
+                                "height": 26,
+                                "id": "6bc00860-ffa4-11ed-8065-135924776b58",
+                                "index": 5,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "cloudinstanceid",
+                                "height": 26,
+                                "id": "5cff5470-ffa4-11ed-8065-135924776b58",
+                                "index": 6,
+                                "listId": "caseinfoid-1ef783c0-4012-11ed-bd56-1f5a2b2d17b4",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            }
+                        ],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Cloud Extra Data",
+                        "static": false,
+                        "w": 1,
+                        "x": 0,
+                        "y": 2
+                    },
+                    {
+                        "h": 4,
+                        "hideName": true,
+                        "i": "caseinfoid-3f0c19a0-4012-11ed-bd56-1f5a2b2d17b4",
+                        "items": [],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Alert Extended Information",
+                        "query": "CortexXDRAdditionalAlertInformationWidget",
+                        "queryType": "script",
+                        "static": false,
+                        "type": "dynamic",
+                        "w": 3,
+                        "x": 0,
+                        "y": 4
+                    },
+                    {
+                        "h": 2,
+                        "hideName": true,
+                        "i": "caseinfoid-76a49540-4012-11ed-bd56-1f5a2b2d17b4",
+                        "items": [],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Cloud Provider",
+                        "query": "XCloudProviderWidget",
+                        "queryType": "script",
+                        "static": false,
+                        "type": "dynamic",
+                        "w": 1,
+                        "x": 1,
+                        "y": 2
+                    }
+                ],
+                "type": "custom"
+            },
+            {
+                "hidden": false,
+                "id": "xmrrsnmlfj",
+                "name": "Technical Details",
+                "sections": [
+                    {
+                        "displayType": "ROW",
+                        "h": 2,
+                        "hideName": false,
+                        "i": "caseinfoid-be53e110-3992-11ed-9adb-83e728f46893",
+                        "items": [
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "hostip",
+                                "height": 26,
+                                "id": "aeeee620-ffbc-11ed-91cb-b704c053731a",
+                                "index": 0,
+                                "listId": "caseinfoid-be53e110-3992-11ed-9adb-83e728f46893",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "isvpnipaddress",
+                                "height": 26,
+                                "id": "b65ebae0-141e-11ee-82aa-79d0d6f9a441",
+                                "index": 1,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "useragent",
+                                "height": 26,
+                                "id": "3e2d8e60-3fef-11ed-8b45-b1684b1bfc04",
+                                "index": 2,
+                                "listId": "caseinfoid-be53e110-3992-11ed-9adb-83e728f46893",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "asnname",
+                                "height": 26,
+                                "id": "7bbf2660-ffbd-11ed-91cb-b704c053731a",
+                                "index": 3,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "asn",
+                                "height": 26,
+                                "id": "74d9fc50-3fef-11ed-bd56-1f5a2b2d17b4",
+                                "index": 4,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "country",
+                                "height": 26,
+                                "id": "4c8d5610-0f52-11ee-81b3-5b1a51073e91",
+                                "index": 5,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            }
+                        ],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Attacker Extra Data",
+                        "static": false,
+                        "w": 1,
+                        "x": 1,
+                        "y": 0
+                    },
+                    {
+                        "h": 1,
+                        "hideName": false,
+                        "i": "caseinfoid-90fd3b10-3e3f-11ed-ba28-af31a2402b20",
+                        "items": [],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Regions",
+                        "query": "EntryWidgetRegionNameXCLOUD",
+                        "queryType": "script",
+                        "static": false,
+                        "type": "dynamic",
+                        "w": 1,
+                        "x": 2,
+                        "y": 0
+                    },
+                    {
+                        "h": 3,
+                        "i": "caseinfoid-944f47f0-3fce-11ed-81fb-f98f11f06b6f",
+                        "items": [],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Malicious or Suspicious Indicators",
+                        "query": "reputation:Suspicious OR reputation:Malicious",
+                        "queryType": "input",
+                        "static": false,
+                        "type": "indicators",
+                        "w": 2,
+                        "x": 0,
+                        "y": 2
+                    },
+                    {
+                        "h": 1,
+                        "hideName": false,
+                        "i": "caseinfoid-4d1a5360-4a0b-11ed-b8e1-8fa90b5d349b",
+                        "items": [],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Resource Type",
+                        "query": "EntryWidgetResourceTypeXCLOUD",
+                        "queryType": "script",
+                        "static": false,
+                        "type": "dynamic",
+                        "w": 1,
+                        "x": 2,
+                        "y": 1
+                    },
+                    {
+                        "description": "",
+                        "h": 3,
+                        "hideName": true,
+                        "i": "caseinfoid-270d9710-ffbc-11ed-91cb-b704c053731a",
+                        "items": [],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Related Alerts",
+                        "query": "XCloudRelatedAlertsWidget",
+                        "queryType": "script",
+                        "static": false,
+                        "type": "dynamic",
+                        "w": 3,
+                        "x": 0,
+                        "y": 5
+                    },
+                    {
+                        "h": 2,
+                        "hideName": true,
+                        "i": "caseinfoid-eb9e4280-ffbe-11ed-8455-4ba42b17a94b",
+                        "items": [],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Identity Table",
+                        "query": "XCloudIdentitiesWidget",
+                        "queryType": "script",
+                        "static": false,
+                        "type": "dynamic",
+                        "w": 1,
+                        "x": 0,
+                        "y": 0
+                    },
+                    {
+                        "h": 3,
+                        "i": "caseinfoid-738a28d0-ffd3-11ed-94b9-ab17767bb4e7",
+                        "items": [],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "Hunting Results",
+                        "query": {
+                            "categories": [
+                                "tags"
+                            ],
+                            "preDefinedFilters": true,
+                            "tags": [
+                                "PersistenceHunting"
+                            ]
+                        },
+                        "queryType": "warRoomFilter",
+                        "static": false,
+                        "type": "invTimeline",
+                        "w": 1,
+                        "x": 2,
+                        "y": 2
+                    }
+                ],
+                "type": "custom"
+            },
+            {
+                "id": "warRoom",
+                "name": "War Room",
+                "type": "warRoom"
+            },
+            {
+                "id": "workPlan",
+                "name": "Work Plan",
+                "type": "workPlan"
+            }
+        ]
+    },
+    "group": "incident",
+    "id": "Cloud Alerts",
+    "name": "Cloud Alerts",
+    "quickView": {
+        "sections": [
+            {
+                "description": "",
+                "fields": [
+                    {
+                        "fieldId": "incident_type",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_severity",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_owner",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_dbotstatus",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcebrand",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourceinstance",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_playbookid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_phase",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_roles",
+                        "isVisible": true
+                    }
+                ],
+                "isVisible": true,
+                "name": "Basic Information",
+                "query": null,
+                "queryType": "",
+                "readOnly": false,
+                "type": ""
+            },
+            {
+                "description": "",
+                "fields": [
+                    {
+                        "fieldId": "incident_occurred",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_dbotcreated",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_dbotduedate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_dbotmodified",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_dbottotaltime",
+                        "isVisible": true
+                    }
+                ],
+                "isVisible": true,
+                "name": "Timeline Information",
+                "query": null,
+                "queryType": "",
+                "readOnly": false,
+                "type": ""
+            },
+            {
+                "description": "",
+                "fields": [
+                    {
+                        "fieldId": "incident_additionaldata",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_agentid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_agentsid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_agentversion",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_alertcategory",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_alerttypeid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_app",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_appchannelname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_appmessage",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_assigneduser",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_assignmentgroup",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_birthday",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_caller",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_categories",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_changed",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_childprocess",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_classification",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_cloudaccountid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_cloudinstanceid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_cmd",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_cmdline",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_commandline",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_comment",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_containmentsla",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_country",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_countrycode",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_countrycodenumber",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_destinationhostname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_destinationip",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_destinationnetwork",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_destinationnetworks",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_destinationport",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_detectedendpoints",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_detecteduser",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_detectionsla",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_detectionurl",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceexternalip",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceexternalips",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_devicehash",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceinternalips",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_devicelocalip",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_devicemacaddress",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_devicemodel",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_devicename",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceosname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceosversion",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceou",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceusername",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_domainname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_dsts",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_escalation",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_eventid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_eventtype",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalcategoryid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalcategoryname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalconfidence",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalendtime",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externallink",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalseverity",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalstarttime",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalstatus",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalsubcategoryid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalsubcategoryname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalsystemid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filehash",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filemd5",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filename",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filenames",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filepath",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filepaths",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filesha1",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filesha256",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filesize",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_firstname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_fullname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_hostnames",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_incidentlink",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_incomingmirrorerror",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_investigationstage",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_isactive",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_lastname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_logsource",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_lowlevelcategoriesevents",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_macaddress",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_md5",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_mitretacticid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_mitretacticname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_mitretechniqueid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_mitretechniquename",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_mobiledevicemodel",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_objective",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_orglevel1",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_orglevel2",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_orglevel3",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_orgunit",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_os",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_ostype",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_osversion",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_outgoingmirrorerror",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentcmdline",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocess",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocesscmd",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocessfilepath",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocessids",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocessmd5",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocessname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocesspath",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocesssha256",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_phonenumber",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_pid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_policyactions",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processcmd",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processcreationtime",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processmd5",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processnames",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processpath",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processpaths",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processsha256",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_protocol",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_protocolnames",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_registryhive",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_registrykey",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_registryvalue",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_registryvaluetype",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_remediationsla",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_renderedhtml",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_rulename",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_scenario",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sha1",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sha256",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sha512",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_similarincidents",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_similarincidentsdbot",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcecategory",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcecreatedby",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcecreatetime",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourceexternalips",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcehostname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourceip",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcenetwork",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcenetworks",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourceport",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcepriority",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcestatus",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourceusername",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_srcs",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_state",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_subcategory",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_tactic",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_tacticid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_teamname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_technique",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_techniqueid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_tenantname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_threatfamilyname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_threathuntingdetectedhostnames",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_threathuntingdetectedip",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_threatname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_ticketacknowledgeddate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_ticketcloseddate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_ticketnumber",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_ticketopeneddate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_timetoassignment",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_triagesla",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_urls",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_urlsslverification",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_usecasedescription",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_useraccountcontrol",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_users",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_usersid",
+                        "isVisible": true
+                    }
+                ],
+                "isVisible": true,
+                "name": "Custom Fields",
+                "query": null,
+                "queryType": "",
+                "readOnly": false,
+                "type": ""
+            },
+            {
+                "description": "",
+                "fields": [
+                    {
+                        "fieldId": "incident_labels",
+                        "isVisible": true
+                    }
+                ],
+                "isVisible": true,
+                "name": "Labels",
+                "query": null,
+                "queryType": "",
+                "readOnly": true,
+                "type": "labels"
+            }
+        ]
+    },
+    "system": false,
+    "version": -1,
+    "fromVersion": "6.10.0",
+    "description": ""
+}
\ No newline at end of file
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
index 861270cb4bb2..a9775e4e4746 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
@@ -11,7 +11,7 @@ enabled: true
 scripttarget: 0
 subtype: python3
 runonce: false
-dockerimage: demisto/python3:3.10.12.63474
+dockerimage: demisto/python3:3.10.13.80593
 runas: DBotWeakRole
 engineinfo: {}
 fromversion: 6.10.0
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 11c8c99f12b0..307a3b168730 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -3,19 +3,20 @@
 import pytest
 from XCloudAdditionalAlertInformationWidget import get_additonal_info
 
+
 class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
 
     @patch('demistomock.context', return_value={'Core': {'OriginalAlert': [{'event': {'vendor': 'Vendor1',
-                                                                                   'cloud_provider': 'AWS',
-                                                                                   'log_name': 'SecurityLog',
-                                                                                   'raw_log': {'eventType': 'Event1'},
-                                                                                   'caller_ip': '192.168.1.1',
-                                                                                   'caller_ip_geolocation': 'Location1',
-                                                                                   'resource_type': 'ResourceType1',
-                                                                                   'identity_name': 'User1',
-                                                                                   'operation_name': 'Operation1',
-                                                                                   'operation_status': 'Success',
-                                                                                   'user_agent': 'Browser1'}}]}})
+                                                                                      'cloud_provider': 'AWS',
+                                                                                      'log_name': 'SecurityLog',
+                                                                                      'raw_log': {'eventType': 'Event1'},
+                                                                                      'caller_ip': '192.168.1.1',
+                                                                                      'caller_ip_geolocation': 'Location1',
+                                                                                      'resource_type': 'ResourceType1',
+                                                                                      'identity_name': 'User1',
+                                                                                      'operation_name': 'Operation1',
+                                                                                      'operation_status': 'Success',
+                                                                                      'user_agent': 'Browser1'}}]}})
     def test_get_additonal_info(self, mock_context):
         # Test with a mock context containing one original alert
         expected_result = [{'Alert Full Description': None,
@@ -37,5 +38,6 @@ def test_get_additonal_info(self, mock_context):
 
     # Add more test cases as needed
 
+
 if __name__ == '__main__':
     unittest.main()

From 07a1b2f997b0cd1b91459531613b40e21257441d Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Mon, 4 Dec 2023 10:20:02 +0200
Subject: [PATCH 35/63] UPDATED SCRIPT

---
 .../XCloudAdditionalAlertInformationWidget.py         | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
index 2a25d688ee62..fe08982a07c6 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
@@ -41,6 +41,17 @@ def get_additonal_info() -> List[Dict]:
 
 def main():
     try:
+        alert_context = demisto.investigation()
+        core_alert_context = demisto.context().get('Core', {})
+        if not core_alert_context.get('OriginalAlert'):
+            original_alert_data = demisto.executeCommand('core-get-cloud-original-alerts', {"alert_ids": alert_context.get('id')})
+            if original_alert_data:
+                if isinstance(original_alert_data, list):
+                    res = original_alert_data[0].get('EntryContext')
+                    res['OriginalAlert'] = res.pop('Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)')
+                    if isinstance(res['OriginalAlert'], list):
+                        res['OriginalAlert'] = res['OriginalAlert'][0]
+                demisto.executeCommand('SetByIncidentId', {"key": "Core", "value": res, "id": alert_context.get('id')})
         results = get_additonal_info()
         command_results = CommandResults(
             readable_output=tableToMarkdown('Original Alert Additional Information', results,

From 03f22c617b6ced6990a10020f6b78746d6120229 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Tue, 5 Dec 2023 13:59:47 +0200
Subject: [PATCH 36/63] Fixed more pre-commit errors

---
 .../LayoutRules/layoutrule-Cloud_Alerts.json  | 35 +++++++------------
 ...XCloudAdditionalAlertInformationWidget.yml |  2 +-
 ...udAdditionalAlertInformationWidget_test.py |  3 +-
 3 files changed, 15 insertions(+), 25 deletions(-)

diff --git a/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json b/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json
index bf7aac797ebe..61fa792926e5 100644
--- a/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json
+++ b/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json
@@ -5,32 +5,23 @@
     "rule_name": "Cloud Alerts Layout Rule",
     "alerts_filter": {
         "filter": {
-            "AND": [
+              "OR": [
                 {
-                    "SEARCH_FIELD": "alert_source",
-                    "SEARCH_TYPE": "EQ",
-                    "SEARCH_VALUE": "MAGNIFIER"
+                  "SEARCH_FIELD": "cloud_provider",
+                  "SEARCH_TYPE": "EQ",
+                  "SEARCH_VALUE": "AWS"
                 },
                 {
-                  "OR": [
-                    {
-                      "SEARCH_FIELD": "cloud_provider",
-                      "SEARCH_TYPE": "EQ",
-                      "SEARCH_VALUE": "AWS"
-                    },
-                    {
-                      "SEARCH_FIELD": "cloud_provider",
-                      "SEARCH_TYPE": "EQ",
-                      "SEARCH_VALUE": "AZURE"
-                    },
-                    {
-                      "SEARCH_FIELD": "cloud_provider",
-                      "SEARCH_TYPE": "EQ",
-                      "SEARCH_VALUE": "GCP"
-                    }
-                  ]
+                  "SEARCH_FIELD": "cloud_provider",
+                  "SEARCH_TYPE": "EQ",
+                  "SEARCH_VALUE": "AZURE"
+                },
+                {
+                  "SEARCH_FIELD": "cloud_provider",
+                  "SEARCH_TYPE": "EQ",
+                  "SEARCH_VALUE": "GCP"
                 }
-            ]
+              ]
         }
     },
     "fromVersion": "6.10.0"
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
index a9775e4e4746..13ad656a2d48 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
@@ -11,7 +11,7 @@ enabled: true
 scripttarget: 0
 subtype: python3
 runonce: false
-dockerimage: demisto/python3:3.10.13.80593
+dockerimage: demisto/python3:3.10.13.82467
 runas: DBotWeakRole
 engineinfo: {}
 fromversion: 6.10.0
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 307a3b168730..d4dd3ffeb9cc 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -1,6 +1,5 @@
 import unittest
 from unittest.mock import patch
-import pytest
 from XCloudAdditionalAlertInformationWidget import get_additonal_info
 
 
@@ -34,7 +33,7 @@ def test_get_additonal_info(self, mock_context):
                             'User Agent': 'Browser1'}]
 
         result = get_additonal_info()
-        self.assertEqual(result, expected_result)
+        assert result == expected_result
 
     # Add more test cases as needed
 

From 05c5eef0ef147ea3cbcb621e7658441cb3f1c1bc Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Tue, 5 Dec 2023 14:49:46 +0200
Subject: [PATCH 37/63] Removed un-required script

---
 .../EntryWidgetResourceTypeXCLOUD.py                     | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py b/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py
index 596fbfaaf29b..fe852ce29958 100644
--- a/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py
+++ b/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py
@@ -6,13 +6,8 @@
 
 def main():  # pragma: no cover
     try:
-        alert = demisto.context().get('Core', {}).get('OriginalAlert')
-        if isinstance(alert, list):
-            alert = alert[0]
-        if alert.get("raw_abioc") is None:
-            event = alert.get('event')
-        else:
-            event = alert.get('raw_abioc').get('event')
+        alert = demisto.context().get('Core', {}).get('OriginalAlert')[0]
+        event = alert.get('event')
         resourceType = event.get('resource_type_orig')
 
         html = f"<h1 style='{BLACK_HTML_STYLE}'>{str(resourceType)}</h1>"

From 16dca17f5557d6068b260dee424999014db664c0 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Tue, 5 Dec 2023 14:51:05 +0200
Subject: [PATCH 38/63] Removed un-required script

---
 .../XCloudAdditionalAlertInformationWidget_test.py            | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index d4dd3ffeb9cc..678e895908c7 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -18,9 +18,7 @@ class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
                                                                                       'user_agent': 'Browser1'}}]}})
     def test_get_additonal_info(self, mock_context):
         # Test with a mock context containing one original alert
-        expected_result = [{'Alert Full Description': None,
-                            'Detection Module': None,
-                            'Vendor': 'Vendor1',
+        expected_result = [{'Vendor': 'Vendor1',
                             'Provider': 'AWS',
                             'Log Name': 'SecurityLog',
                             'Event Type': 'Event1',

From 01a915fa05a79713609ae89c8a5e6cba1b7799e3 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Tue, 5 Dec 2023 15:17:29 +0200
Subject: [PATCH 39/63] Removed un-required script

---
 .../XCloudAdditionalAlertInformationWidget_test.py        | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 678e895908c7..265fc8f2dd77 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -5,7 +5,9 @@
 
 class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
 
-    @patch('demistomock.context', return_value={'Core': {'OriginalAlert': [{'event': {'vendor': 'Vendor1',
+    @patch('demistomock.context', return_value={'Core': {'OriginalAlert': [{'event': {'alert_full_description':'New cloud alert',
+                                                                                      'detection_modules':'BIOC',
+                                                                                      'vendor': 'Vendor1',
                                                                                       'cloud_provider': 'AWS',
                                                                                       'log_name': 'SecurityLog',
                                                                                       'raw_log': {'eventType': 'Event1'},
@@ -18,7 +20,9 @@ class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
                                                                                       'user_agent': 'Browser1'}}]}})
     def test_get_additonal_info(self, mock_context):
         # Test with a mock context containing one original alert
-        expected_result = [{'Vendor': 'Vendor1',
+        expected_result = [{'Alert Full Description':'New cloud alert',
+                            'Detection Module':'BIOC',
+                            'Vendor': 'Vendor1',
                             'Provider': 'AWS',
                             'Log Name': 'SecurityLog',
                             'Event Type': 'Event1',

From 6c3e9e743ad278133a6f9692d07f9937711b4894 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Tue, 5 Dec 2023 15:18:58 +0200
Subject: [PATCH 40/63] Removed un-required script

---
 .../XCloudAdditionalAlertInformationWidget_test.py        | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 265fc8f2dd77..831662223d79 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -5,8 +5,8 @@
 
 class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
 
-    @patch('demistomock.context', return_value={'Core': {'OriginalAlert': [{'event': {'alert_full_description':'New cloud alert',
-                                                                                      'detection_modules':'BIOC',
+    @patch('demistomock.context', return_value={'Core': {'OriginalAlert': [{'event': {'alert_full_description': 'New cloud alert',
+                                                                                      'detection_modules': 'BIOC',
                                                                                       'vendor': 'Vendor1',
                                                                                       'cloud_provider': 'AWS',
                                                                                       'log_name': 'SecurityLog',
@@ -20,8 +20,8 @@ class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
                                                                                       'user_agent': 'Browser1'}}]}})
     def test_get_additonal_info(self, mock_context):
         # Test with a mock context containing one original alert
-        expected_result = [{'Alert Full Description':'New cloud alert',
-                            'Detection Module':'BIOC',
+        expected_result = [{'Alert Full Description': 'New cloud alert',
+                            'Detection Module': 'BIOC',
                             'Vendor': 'Vendor1',
                             'Provider': 'AWS',
                             'Log Name': 'SecurityLog',

From 58067196e641250a6b0020dbb7e2ce9075a8f5f2 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Tue, 5 Dec 2023 18:40:12 +0200
Subject: [PATCH 41/63] Added tests

---
 .../XCloudAdditionalAlertInformationWidget.py | 17 +++++++++++------
 ...udAdditionalAlertInformationWidget_test.py | 19 +++++++++++++++++--
 2 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
index fe08982a07c6..7fd2c3179083 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
@@ -36,6 +36,15 @@ def get_additonal_info() -> List[Dict]:
     return results
 
 
+def verify_list_type(original_alert_data):
+    if isinstance(original_alert_data, list):
+        res = original_alert_data[0].get('EntryContext')
+        res['OriginalAlert'] = res.pop('Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)')
+        if isinstance(res['OriginalAlert'], list):
+            res['OriginalAlert'] = res['OriginalAlert'][0]
+        return res
+
+
 ''' MAIN FUNCTION '''
 
 
@@ -46,11 +55,7 @@ def main():
         if not core_alert_context.get('OriginalAlert'):
             original_alert_data = demisto.executeCommand('core-get-cloud-original-alerts', {"alert_ids": alert_context.get('id')})
             if original_alert_data:
-                if isinstance(original_alert_data, list):
-                    res = original_alert_data[0].get('EntryContext')
-                    res['OriginalAlert'] = res.pop('Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)')
-                    if isinstance(res['OriginalAlert'], list):
-                        res['OriginalAlert'] = res['OriginalAlert'][0]
+                res = verify_list_type(original_alert_data)
                 demisto.executeCommand('SetByIncidentId', {"key": "Core", "value": res, "id": alert_context.get('id')})
         results = get_additonal_info()
         command_results = CommandResults(
@@ -64,4 +69,4 @@ def main():
 ''' ENTRY POINT '''
 
 if __name__ in ('__main__', '__builtin__', 'builtins'):
-    main()
+    main()
\ No newline at end of file
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 831662223d79..3f895282811a 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -1,6 +1,6 @@
 import unittest
 from unittest.mock import patch
-from XCloudAdditionalAlertInformationWidget import get_additonal_info
+from XCloudAdditionalAlertInformationWidget import *
 
 
 class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
@@ -37,7 +37,22 @@ def test_get_additonal_info(self, mock_context):
         result = get_additonal_info()
         assert result == expected_result
 
-    # Add more test cases as needed
+    def test_verify_list_type_dict(self):
+        input_dict = {"EntryContext": {"Core.OriginalAlert": {"id": "123"}}}
+        expected_output = {"EntryContext": {"OriginalAlert": {"id": "123"}}}
+        output = verify_list_type(input_dict)
+        self.assertEqual(output, expected_output)
+
+    def test_verify_list_type_list(self):
+        input_list = [{"EntryContext": {"Core.OriginalAlert": {"id": "123"}}}]
+        expected_output = {"EntryContext": {"OriginalAlert": {"id": "123"}}}
+        output = verify_list_type(input_list)
+        self.assertEqual(output, expected_output)
+
+    def test_verify_list_type_empty(self):
+        input = None
+        with self.assertRaises(Exception):
+            verify_list_type(input)
 
 
 if __name__ == '__main__':

From 493db919334bb2c19ce706f54e40308d3b72a3ca Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 12:34:28 +0200
Subject: [PATCH 42/63] Added a test for main

---
 ...oudAdditionalAlertInformationWidget_test.py | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 3f895282811a..bc9c111068d7 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -34,8 +34,8 @@ def test_get_additonal_info(self, mock_context):
                             'Operation Status': 'Success',
                             'User Agent': 'Browser1'}]
 
-        result = get_additonal_info()
-        assert result == expected_result
+        result = get_additonal_info()  # Corrected function name
+        self.assertEqual(result, expected_result)
 
     def test_verify_list_type_dict(self):
         input_dict = {"EntryContext": {"Core.OriginalAlert": {"id": "123"}}}
@@ -54,6 +54,20 @@ def test_verify_list_type_empty(self):
         with self.assertRaises(Exception):
             verify_list_type(input)
 
+    @patch('demistomock.executeCommand')
+    @patch('demistomock.return_results')
+    def test_main(self, mock_execute_command, mock_return_results):
+        # Set up mocks
+        mock_execute_command.side_effect = [
+            [{'Contents': [{'some_key': 'some_value'}]}],  # Return value for 'core-get-cloud-original-alerts'
+        ]
+
+        # Call the main function
+        main()
+
+        # Assert that the necessary functions and methods were called
+        mock_execute_command.assert_called_with('core-get-cloud-original-alerts', {"alert_ids": 'some_id'})
+        mock_return_results.assert_called_once()
 
 if __name__ == '__main__':
     unittest.main()

From 206ce203245d09a866bcf24b75c0aca15ed573e1 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 13:32:51 +0200
Subject: [PATCH 43/63] Added a test for main

---
 .../XCloudAdditionalAlertInformationWidget_test.py            | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index bc9c111068d7..b52d147a0364 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -1,5 +1,7 @@
 import unittest
 from unittest.mock import patch
+
+from Packs.CloudIncidentResponse.Scripts.XCloudAdditionalAlertInformationWidget import XCloudAdditionalAlertInformationWidget
 from XCloudAdditionalAlertInformationWidget import *
 
 
@@ -63,7 +65,7 @@ def test_main(self, mock_execute_command, mock_return_results):
         ]
 
         # Call the main function
-        main()
+        XCloudAdditionalAlertInformationWidget.main()
 
         # Assert that the necessary functions and methods were called
         mock_execute_command.assert_called_with('core-get-cloud-original-alerts', {"alert_ids": 'some_id'})

From 713f18266eaad626c890cce3d6f21eb75d4eb498 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 13:37:48 +0200
Subject: [PATCH 44/63] Added a test for main

---
 .../XCloudAdditionalAlertInformationWidget_test.py              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index b52d147a0364..2b132a2a615b 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -65,7 +65,7 @@ def test_main(self, mock_execute_command, mock_return_results):
         ]
 
         # Call the main function
-        XCloudAdditionalAlertInformationWidget.main()
+        XCloudAdditionalAlertInformationWidget()
 
         # Assert that the necessary functions and methods were called
         mock_execute_command.assert_called_with('core-get-cloud-original-alerts', {"alert_ids": 'some_id'})

From 2eb1fb16b15b0248404e7cb29e46297b584dcda0 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 13:59:45 +0200
Subject: [PATCH 45/63] Added a test for main

---
 .../XCloudAdditionalAlertInformationWidget.py              | 3 ++-
 .../XCloudAdditionalAlertInformationWidget_test.py         | 7 ++++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
index 7fd2c3179083..70e91b74ba9a 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
@@ -43,6 +43,7 @@ def verify_list_type(original_alert_data):
         if isinstance(res['OriginalAlert'], list):
             res['OriginalAlert'] = res['OriginalAlert'][0]
         return res
+    return None
 
 
 ''' MAIN FUNCTION '''
@@ -69,4 +70,4 @@ def main():
 ''' ENTRY POINT '''
 
 if __name__ in ('__main__', '__builtin__', 'builtins'):
-    main()
\ No newline at end of file
+    main()
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 2b132a2a615b..516d22085786 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -37,19 +37,19 @@ def test_get_additonal_info(self, mock_context):
                             'User Agent': 'Browser1'}]
 
         result = get_additonal_info()  # Corrected function name
-        self.assertEqual(result, expected_result)
+        assert result == expected_result
 
     def test_verify_list_type_dict(self):
         input_dict = {"EntryContext": {"Core.OriginalAlert": {"id": "123"}}}
         expected_output = {"EntryContext": {"OriginalAlert": {"id": "123"}}}
         output = verify_list_type(input_dict)
-        self.assertEqual(output, expected_output)
+        assert output == expected_output
 
     def test_verify_list_type_list(self):
         input_list = [{"EntryContext": {"Core.OriginalAlert": {"id": "123"}}}]
         expected_output = {"EntryContext": {"OriginalAlert": {"id": "123"}}}
         output = verify_list_type(input_list)
-        self.assertEqual(output, expected_output)
+        assert output == expected_output
 
     def test_verify_list_type_empty(self):
         input = None
@@ -71,5 +71,6 @@ def test_main(self, mock_execute_command, mock_return_results):
         mock_execute_command.assert_called_with('core-get-cloud-original-alerts', {"alert_ids": 'some_id'})
         mock_return_results.assert_called_once()
 
+
 if __name__ == '__main__':
     unittest.main()

From c69909b61522d819d0fe51cbae8dfec6c4c230dd Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 16:17:01 +0200
Subject: [PATCH 46/63] Updated main test

---
 ...udAdditionalAlertInformationWidget_test.py | 27 +++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 516d22085786..57cfcf1e05b3 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -56,21 +56,44 @@ def test_verify_list_type_empty(self):
         with self.assertRaises(Exception):
             verify_list_type(input)
 
+    @patch('demistomock.investigation')
+    @patch('demistomock.context')
     @patch('demistomock.executeCommand')
     @patch('demistomock.return_results')
-    def test_main(self, mock_execute_command, mock_return_results):
+    def test_main_success(self, mock_investigation, mock_context, mock_execute_command, mock_return_results):
         # Set up mocks
+        mock_investigation.return_value = {'id': 'some_id'}
+        mock_context.return_value = {'Core': {'OriginalAlert': True}}
         mock_execute_command.side_effect = [
             [{'Contents': [{'some_key': 'some_value'}]}],  # Return value for 'core-get-cloud-original-alerts'
         ]
 
         # Call the main function
-        XCloudAdditionalAlertInformationWidget()
+        main()
 
         # Assert that the necessary functions and methods were called
+        mock_investigation.assert_called_once()
+        mock_context.assert_called_once()
         mock_execute_command.assert_called_with('core-get-cloud-original-alerts', {"alert_ids": 'some_id'})
         mock_return_results.assert_called_once()
 
+    @patch('demistomock.investigation')
+    @patch('demistomock.context')
+    @patch('demistomock.executeCommand')
+    @patch('demistomock.return_results')
+    def test_main_exception(self, mock_investigation, mock_context, mock_execute_command, mock_return_results):
+        # Set up mocks
+        mock_investigation.side_effect = Exception('Some error')
+
+        # Call the main function
+        main()
+
+        # Assert that the necessary functions and methods were called
+        mock_investigation.assert_called_once()
+        mock_context.assert_not_called()
+        mock_execute_command.assert_not_called()
+        mock_return_results.assert_not_called()
+
 
 if __name__ == '__main__':
     unittest.main()

From 9abffbc62c5a3ce35ba2606dc1446a355fe6289a Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 16:31:58 +0200
Subject: [PATCH 47/63] Updated main test

---
 .../XCloudAdditionalAlertInformationWidget.yml         |  1 +
 .../XCloudAdditionalAlertInformationWidget_test.py     | 10 ++++++----
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
index 13ad656a2d48..b3f5477160ab 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
@@ -15,5 +15,6 @@ dockerimage: demisto/python3:3.10.13.82467
 runas: DBotWeakRole
 engineinfo: {}
 fromversion: 6.10.0
+marketplace: marketplacev2
 tests:
 - No tests (auto formatted)
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 57cfcf1e05b3..cbcb5e5cdbf7 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -40,16 +40,18 @@ def test_get_additonal_info(self, mock_context):
         assert result == expected_result
 
     def test_verify_list_type_dict(self):
-        input_dict = {"EntryContext": {"Core.OriginalAlert": {"id": "123"}}}
+        input_dict = {
+            "EntryContext": {"Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)": {"id": "123"}}}
         expected_output = {"EntryContext": {"OriginalAlert": {"id": "123"}}}
         output = verify_list_type(input_dict)
-        assert output == expected_output
+        self.assertEqual(output, expected_output)
 
     def test_verify_list_type_list(self):
-        input_list = [{"EntryContext": {"Core.OriginalAlert": {"id": "123"}}}]
+        input_list = [
+            {"EntryContext": {"Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)": {"id": "123"}}}]
         expected_output = {"EntryContext": {"OriginalAlert": {"id": "123"}}}
         output = verify_list_type(input_list)
-        assert output == expected_output
+        self.assertEqual(output, expected_output)
 
     def test_verify_list_type_empty(self):
         input = None

From 70fa4536d2c82e4e1ae4c2f3399f66a38a249381 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 16:43:08 +0200
Subject: [PATCH 48/63] Updated main test

---
 .../XCloudAdditionalAlertInformationWidget_test.py  | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index cbcb5e5cdbf7..b13ff515461d 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -40,23 +40,24 @@ def test_get_additonal_info(self, mock_context):
         assert result == expected_result
 
     def test_verify_list_type_dict(self):
-        input_dict = {
-            "EntryContext": {"Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)": {"id": "123"}}}
-        expected_output = {"EntryContext": {"OriginalAlert": {"id": "123"}}}
+        input_dict = [{
+            "EntryContext": {"Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)": {"id": "123"}}}]
+        expected_output =  {"OriginalAlert": {"id": "123"}}
         output = verify_list_type(input_dict)
         self.assertEqual(output, expected_output)
 
     def test_verify_list_type_list(self):
         input_list = [
             {"EntryContext": {"Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)": {"id": "123"}}}]
-        expected_output = {"EntryContext": {"OriginalAlert": {"id": "123"}}}
+        expected_output = {"OriginalAlert": {"id": "123"}}
         output = verify_list_type(input_list)
         self.assertEqual(output, expected_output)
 
     def test_verify_list_type_empty(self):
         input = None
-        with self.assertRaises(Exception):
-            verify_list_type(input)
+        expected_output = None
+        output = verify_list_type(input)
+        self.assertEqual(output, expected_output)
 
     @patch('demistomock.investigation')
     @patch('demistomock.context')

From 6940c798a7c5c1c4b782dea965d1d0847ad5933d Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 17:26:24 +0200
Subject: [PATCH 49/63] Updated main test

---
 .../XCloudAdditionalAlertInformationWidget_test.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index b13ff515461d..5ece5c6388a7 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -7,8 +7,8 @@
 
 class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
 
-    @patch('demistomock.context', return_value={'Core': {'OriginalAlert': [{'event': {'alert_full_description': 'New cloud alert',
-                                                                                      'detection_modules': 'BIOC',
+    @patch('demistomock.context', return_value={'Core': {'OriginalAlert': [{'event': {'alert_full_description': None,
+                                                                                      'detection_modules': None,
                                                                                       'vendor': 'Vendor1',
                                                                                       'cloud_provider': 'AWS',
                                                                                       'log_name': 'SecurityLog',
@@ -22,13 +22,13 @@ class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase):
                                                                                       'user_agent': 'Browser1'}}]}})
     def test_get_additonal_info(self, mock_context):
         # Test with a mock context containing one original alert
-        expected_result = [{'Alert Full Description': 'New cloud alert',
-                            'Detection Module': 'BIOC',
+        expected_result = [{'Alert Full Description': None,
+                            'Detection Module': None,
                             'Vendor': 'Vendor1',
                             'Provider': 'AWS',
                             'Log Name': 'SecurityLog',
                             'Event Type': 'Event1',
-                            'Caller IP': '192.168.1.1',
+                            'Caller IP': None,
                             'Caller IP Geo Location': 'Location1',
                             'Resource Type': 'ResourceType1',
                             'Identity Name': 'User1',
@@ -62,7 +62,7 @@ def test_verify_list_type_empty(self):
     @patch('demistomock.investigation')
     @patch('demistomock.context')
     @patch('demistomock.executeCommand')
-    @patch('demistomock.return_results')
+    @patch('CommonServerPython.return_results')
     def test_main_success(self, mock_investigation, mock_context, mock_execute_command, mock_return_results):
         # Set up mocks
         mock_investigation.return_value = {'id': 'some_id'}
@@ -83,7 +83,7 @@ def test_main_success(self, mock_investigation, mock_context, mock_execute_comma
     @patch('demistomock.investigation')
     @patch('demistomock.context')
     @patch('demistomock.executeCommand')
-    @patch('demistomock.return_results')
+    @patch('CommonServerPython.return_results')
     def test_main_exception(self, mock_investigation, mock_context, mock_execute_command, mock_return_results):
         # Set up mocks
         mock_investigation.side_effect = Exception('Some error')

From b70c0437a63a6654d9be2c679467785324e48571 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 17:37:01 +0200
Subject: [PATCH 50/63] removed main tests

---
 ...udAdditionalAlertInformationWidget_test.py | 38 -------------------
 1 file changed, 38 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 5ece5c6388a7..2bc12567c2ed 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -59,44 +59,6 @@ def test_verify_list_type_empty(self):
         output = verify_list_type(input)
         self.assertEqual(output, expected_output)
 
-    @patch('demistomock.investigation')
-    @patch('demistomock.context')
-    @patch('demistomock.executeCommand')
-    @patch('CommonServerPython.return_results')
-    def test_main_success(self, mock_investigation, mock_context, mock_execute_command, mock_return_results):
-        # Set up mocks
-        mock_investigation.return_value = {'id': 'some_id'}
-        mock_context.return_value = {'Core': {'OriginalAlert': True}}
-        mock_execute_command.side_effect = [
-            [{'Contents': [{'some_key': 'some_value'}]}],  # Return value for 'core-get-cloud-original-alerts'
-        ]
-
-        # Call the main function
-        main()
-
-        # Assert that the necessary functions and methods were called
-        mock_investigation.assert_called_once()
-        mock_context.assert_called_once()
-        mock_execute_command.assert_called_with('core-get-cloud-original-alerts', {"alert_ids": 'some_id'})
-        mock_return_results.assert_called_once()
-
-    @patch('demistomock.investigation')
-    @patch('demistomock.context')
-    @patch('demistomock.executeCommand')
-    @patch('CommonServerPython.return_results')
-    def test_main_exception(self, mock_investigation, mock_context, mock_execute_command, mock_return_results):
-        # Set up mocks
-        mock_investigation.side_effect = Exception('Some error')
-
-        # Call the main function
-        main()
-
-        # Assert that the necessary functions and methods were called
-        mock_investigation.assert_called_once()
-        mock_context.assert_not_called()
-        mock_execute_command.assert_not_called()
-        mock_return_results.assert_not_called()
-
 
 if __name__ == '__main__':
     unittest.main()

From 728a69b691ae2db9920b21135980eae2321ffc06 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 6 Dec 2023 18:13:53 +0200
Subject: [PATCH 51/63] removed main tests

---
 ...XCloudAdditionalAlertInformationWidget.yml |  1 -
 ...udAdditionalAlertInformationWidget_test.py | 27 ++++++++++++++++---
 2 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
index b3f5477160ab..13ad656a2d48 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
@@ -15,6 +15,5 @@ dockerimage: demisto/python3:3.10.13.82467
 runas: DBotWeakRole
 engineinfo: {}
 fromversion: 6.10.0
-marketplace: marketplacev2
 tests:
 - No tests (auto formatted)
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 2bc12567c2ed..887255d2220a 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -1,7 +1,5 @@
 import unittest
-from unittest.mock import patch
-
-from Packs.CloudIncidentResponse.Scripts.XCloudAdditionalAlertInformationWidget import XCloudAdditionalAlertInformationWidget
+from unittest.mock import patch, MagicMock
 from XCloudAdditionalAlertInformationWidget import *
 
 
@@ -59,6 +57,29 @@ def test_verify_list_type_empty(self):
         output = verify_list_type(input)
         self.assertEqual(output, expected_output)
 
+    @patch('demistomock.investigation', return_value={'id': 'mocked_id'})
+    @patch('demistomock.context', {})  # Simulating an empty context
+    @patch('CommonServerPython.return_error', side_effect=lambda x: exit(x))
+    @patch('sys.exit', side_effect=lambda x: exit(x))
+    def test_main_missing_original_alert(self, mock_sys_exit, mock_return_error, mock_context, mock_investigation):
+        # Call the main function
+        with self.assertRaises(SystemExit) as cm:
+            main()
+
+        # Ensure that sys.exit(0) is called during the test
+        mock_sys_exit.assert_called_once_with(0)
+
+        # Ensure that exit(0) is called
+        self.assertEqual(cm.exception.code, 0)
+
+        # Ensure that the mocked functions were called
+        mock_context.assert_called_once()
+        mock_investigation.assert_called_once()
+
+        # Check if context is empty, throw an exception
+        if not mock_context.return_value:
+            raise DemistoException(f"Expected 'context' to have 'Core' structure. Got: {mock_context.return_value}")
+
 
 if __name__ == '__main__':
     unittest.main()

From 2cac5db59f14353741d561c34a0f9e2bb8707dfc Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Thu, 7 Dec 2023 10:06:54 +0200
Subject: [PATCH 52/63] fixed tests

---
 .../XCloudAdditionalAlertInformationWidget.py |  2 +-
 ...udAdditionalAlertInformationWidget_test.py | 23 -------------------
 2 files changed, 1 insertion(+), 24 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
index 70e91b74ba9a..c9f2fc29bd50 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
@@ -49,7 +49,7 @@ def verify_list_type(original_alert_data):
 ''' MAIN FUNCTION '''
 
 
-def main():
+def main(): # pragma: no cover
     try:
         alert_context = demisto.investigation()
         core_alert_context = demisto.context().get('Core', {})
diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index 887255d2220a..b1a56efc4691 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -57,29 +57,6 @@ def test_verify_list_type_empty(self):
         output = verify_list_type(input)
         self.assertEqual(output, expected_output)
 
-    @patch('demistomock.investigation', return_value={'id': 'mocked_id'})
-    @patch('demistomock.context', {})  # Simulating an empty context
-    @patch('CommonServerPython.return_error', side_effect=lambda x: exit(x))
-    @patch('sys.exit', side_effect=lambda x: exit(x))
-    def test_main_missing_original_alert(self, mock_sys_exit, mock_return_error, mock_context, mock_investigation):
-        # Call the main function
-        with self.assertRaises(SystemExit) as cm:
-            main()
-
-        # Ensure that sys.exit(0) is called during the test
-        mock_sys_exit.assert_called_once_with(0)
-
-        # Ensure that exit(0) is called
-        self.assertEqual(cm.exception.code, 0)
-
-        # Ensure that the mocked functions were called
-        mock_context.assert_called_once()
-        mock_investigation.assert_called_once()
-
-        # Check if context is empty, throw an exception
-        if not mock_context.return_value:
-            raise DemistoException(f"Expected 'context' to have 'Core' structure. Got: {mock_context.return_value}")
-
 
 if __name__ == '__main__':
     unittest.main()

From 750850d484b9d484778266cf057589b2998b08a2 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Thu, 7 Dec 2023 10:38:29 +0200
Subject: [PATCH 53/63] added MP

---
 .../XCloudAdditionalAlertInformationWidget.yml                  | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
index 13ad656a2d48..689ddfae3f22 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
@@ -15,5 +15,7 @@ dockerimage: demisto/python3:3.10.13.82467
 runas: DBotWeakRole
 engineinfo: {}
 fromversion: 6.10.0
+marketplaces:
+- marketplacev2
 tests:
 - No tests (auto formatted)

From 7079281ce93f387c4795cb81e0ef8746e4535326 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Thu, 7 Dec 2023 10:39:45 +0200
Subject: [PATCH 54/63] added MP

---
 .../Layouts/layoutscontainer-Cloud_Alerts.json                   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json b/Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json
index e9a0efd706a0..a0bb2f268d22 100644
--- a/Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json
+++ b/Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json
@@ -1385,5 +1385,6 @@
     "system": false,
     "version": -1,
     "fromVersion": "6.10.0",
+    "marketplaces": ["marketplacev2"],
     "description": ""
 }
\ No newline at end of file

From 28c401f6fe56af73fcac691edba6f5d1077d2159 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Thu, 7 Dec 2023 10:59:13 +0200
Subject: [PATCH 55/63] Updated README.md

---
 .../README.md                                 | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/README.md b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/README.md
index e69de29bb2d1..0e3c5c43a79e 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/README.md
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/README.md
@@ -0,0 +1,30 @@
+This script retrieves additional original alert information from the context.
+
+## Script Data
+
+---
+
+| **Name** | **Description** |
+| --- | --- |
+| Script Type | python3 |
+| Tags | dynamic-section |
+| Cortex XSOAR Version | 6.10.0 |
+
+## Dependencies
+
+---
+This script uses the following commands and scripts.
+
+* SetByIncidentId
+* core-get-cloud-original-alerts
+* Cortex Core - IR
+
+## Inputs
+
+---
+There are no inputs for this script.
+
+## Outputs
+
+---
+There are no outputs for this script.

From f24b7429ae67af722c08fea65705f5d51fda2c46 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Thu, 7 Dec 2023 12:27:08 +0200
Subject: [PATCH 56/63] Updated README.md

---
 .../XCloudAdditionalAlertInformationWidget.py                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
index c9f2fc29bd50..6c278d40bbb7 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
@@ -49,7 +49,7 @@ def verify_list_type(original_alert_data):
 ''' MAIN FUNCTION '''
 
 
-def main(): # pragma: no cover
+def main():  # pragma: no cover
     try:
         alert_context = demisto.investigation()
         core_alert_context = demisto.context().get('Core', {})

From 4bd6b05b44732ee7f50860bdd640987d47ec623c Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Thu, 7 Dec 2023 14:56:06 +0200
Subject: [PATCH 57/63] removed unrequited import

---
 .../XCloudAdditionalAlertInformationWidget.py                    | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
index 6c278d40bbb7..8354f6626322 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py
@@ -1,4 +1,3 @@
-import demistomock as demisto  # noqa: F401
 from CommonServerPython import *  # noqa: F401
 
 

From 526da3e3f426d85cb25096043f3a41ce7abbe7ab Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Thu, 7 Dec 2023 15:39:28 +0200
Subject: [PATCH 58/63] pre-commit

---
 .../XCloudAdditionalAlertInformationWidget_test.py     | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
index b1a56efc4691..680a79d4c3c8 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py
@@ -1,5 +1,5 @@
 import unittest
-from unittest.mock import patch, MagicMock
+from unittest.mock import patch
 from XCloudAdditionalAlertInformationWidget import *
 
 
@@ -40,22 +40,22 @@ def test_get_additonal_info(self, mock_context):
     def test_verify_list_type_dict(self):
         input_dict = [{
             "EntryContext": {"Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)": {"id": "123"}}}]
-        expected_output =  {"OriginalAlert": {"id": "123"}}
+        expected_output = {"OriginalAlert": {"id": "123"}}
         output = verify_list_type(input_dict)
-        self.assertEqual(output, expected_output)
+        assert output == expected_output
 
     def test_verify_list_type_list(self):
         input_list = [
             {"EntryContext": {"Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)": {"id": "123"}}}]
         expected_output = {"OriginalAlert": {"id": "123"}}
         output = verify_list_type(input_list)
-        self.assertEqual(output, expected_output)
+        assert output == expected_output
 
     def test_verify_list_type_empty(self):
         input = None
         expected_output = None
         output = verify_list_type(input)
-        self.assertEqual(output, expected_output)
+        assert output == expected_output
 
 
 if __name__ == '__main__':

From cd8a2254ccbc77774abe3724bf6bc2eba0e89302 Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Sun, 17 Dec 2023 18:33:26 +0200
Subject: [PATCH 59/63] Updated RN description

---
 .../XCloudAdditionalAlertInformationWidget.yml                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
index 689ddfae3f22..1756f7738de6 100644
--- a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
+++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml
@@ -11,7 +11,7 @@ enabled: true
 scripttarget: 0
 subtype: python3
 runonce: false
-dockerimage: demisto/python3:3.10.13.82467
+dockerimage: demisto/python3:3.10.13.83255
 runas: DBotWeakRole
 engineinfo: {}
 fromversion: 6.10.0

From e218000154a220b2eeabbac2d7fe97cb9328086f Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Wed, 20 Dec 2023 12:35:23 +0200
Subject: [PATCH 60/63] alert source

---
 .../LayoutRules/layoutrule-Cloud_Alerts.json  | 52 +++++++++++++------
 1 file changed, 35 insertions(+), 17 deletions(-)

diff --git a/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json b/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json
index 61fa792926e5..b22984f07846 100644
--- a/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json
+++ b/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json
@@ -5,23 +5,41 @@
     "rule_name": "Cloud Alerts Layout Rule",
     "alerts_filter": {
         "filter": {
-              "OR": [
-                {
-                  "SEARCH_FIELD": "cloud_provider",
-                  "SEARCH_TYPE": "EQ",
-                  "SEARCH_VALUE": "AWS"
-                },
-                {
-                  "SEARCH_FIELD": "cloud_provider",
-                  "SEARCH_TYPE": "EQ",
-                  "SEARCH_VALUE": "AZURE"
-                },
-                {
-                  "SEARCH_FIELD": "cloud_provider",
-                  "SEARCH_TYPE": "EQ",
-                  "SEARCH_VALUE": "GCP"
-                }
-              ]
+                "AND": [
+                    {
+                      "OR": [
+                        {
+                          "SEARCH_FIELD": "cloud_provider",
+                          "SEARCH_TYPE": "EQ",
+                          "SEARCH_VALUE": "AWS"
+                        },
+                        {
+                          "SEARCH_FIELD": "cloud_provider",
+                          "SEARCH_TYPE": "EQ",
+                          "SEARCH_VALUE": "AZURE"
+                        },
+                        {
+                          "SEARCH_FIELD": "cloud_provider",
+                          "SEARCH_TYPE": "EQ",
+                          "SEARCH_VALUE": "GCP"
+                        }
+                      ]
+                    },
+                    {
+                      "OR": [
+                        {
+                          "SEARCH_FIELD": "alert_source",
+                          "SEARCH_TYPE": "EQ",
+                          "SEARCH_VALUE": "ANALYTICS_BIOC"
+                        },
+                        {
+                          "SEARCH_FIELD": "alert_source",
+                          "SEARCH_TYPE": "EQ",
+                          "SEARCH_VALUE": "MAGNIFIER"
+                        }
+                      ]
+                    }
+                  ]
         }
     },
     "fromVersion": "6.10.0"

From 545aef2b67277d96d55c8dcd74bb66f1ad0b5c17 Mon Sep 17 00:00:00 2001
From: Content Bot <bot@demisto.com>
Date: Wed, 20 Dec 2023 09:33:10 +0000
Subject: [PATCH 61/63] Bump pack from version CloudIncidentResponse to 1.0.10.

---
 .../ReleaseNotes/1_0_10.md                     | 18 ++++++++++++++++++
 Packs/CloudIncidentResponse/pack_metadata.json |  2 +-
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 Packs/CloudIncidentResponse/ReleaseNotes/1_0_10.md

diff --git a/Packs/CloudIncidentResponse/ReleaseNotes/1_0_10.md b/Packs/CloudIncidentResponse/ReleaseNotes/1_0_10.md
new file mode 100644
index 000000000000..587276b9f0dd
--- /dev/null
+++ b/Packs/CloudIncidentResponse/ReleaseNotes/1_0_10.md
@@ -0,0 +1,18 @@
+
+#### Layout Rules
+
+##### New: Cloud Alerts Layout Rule
+
+- New: Cloud Alerts layout Rule (Available from Cortex XSIAM 2.0).
+
+#### Layouts
+
+##### New: Cloud Alerts
+
+- New: Cloud Alerts layout  (Available from Cortex XSIAM 2.0).
+
+#### Scripts
+
+##### New: XCloudAdditionalAlertInformationWidget
+
+- New: This script retrieves additional original alert information from the context. (Available from Cortex XCLOUD).
diff --git a/Packs/CloudIncidentResponse/pack_metadata.json b/Packs/CloudIncidentResponse/pack_metadata.json
index da26f7874a52..a5009ba0f288 100644
--- a/Packs/CloudIncidentResponse/pack_metadata.json
+++ b/Packs/CloudIncidentResponse/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Cloud Incident Response",
     "description": "This content Pack helps you automate collection, investigation, and remediation of incidents related to cloud infrastructure activities in AWS, Azure, and GCP.",
     "support": "xsoar",
-    "currentVersion": "1.0.9",
+    "currentVersion": "1.0.10",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

From c1cdcafe55f00bee2f6e4eb17620129ca6bac56c Mon Sep 17 00:00:00 2001
From: michal-dagan <109464765+michal-dagan@users.noreply.github.com>
Date: Thu, 21 Dec 2023 10:42:10 +0200
Subject: [PATCH 62/63] [SanePdfReport] - Increase resourceTimeout (#31513)

* added random.randint

* pre-commit

* added a retry

* added a retry2

* added a retry3

* flake8

* fixed

* test
---
 Packs/Base/Scripts/SanePdfReport/SanePdfReport_test.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Packs/Base/Scripts/SanePdfReport/SanePdfReport_test.py b/Packs/Base/Scripts/SanePdfReport/SanePdfReport_test.py
index 9b63211d2cc8..0ac1feaf0df8 100644
--- a/Packs/Base/Scripts/SanePdfReport/SanePdfReport_test.py
+++ b/Packs/Base/Scripts/SanePdfReport/SanePdfReport_test.py
@@ -39,7 +39,7 @@ def test_sane_pdf_report(mocker):
         'ZmlsdGVyIjp7InF1ZXJ5IjoiIiwicGVyaW9kIjp7ImJ5RnJvbSI6ImRheXMiLCJmcm9tVmFsdWUiOjd9fX0sImF1dG9tYXRpb24iOnsibmFt'
         'ZSI6IiIsImlkIjoiIiwiYXJncyI6bnVsbCwibm9FdmVudCI6ZmFsc2V9LCJmcm9tRGF0ZSI6IjIwMjAtMTAtMThUMTE6MTY6MzcrMDM6MDAi'
         'LCJ0aXRsZSI6IlRleHQgV2lkZ2V0IiwiZW1wdHlOb3RpZmljYXRpb24iOiJObyByZXN1bHRzIGZvdW5kIiwidGl0bGVTdHlsZSI6bnVsbH1d',
-        'resourceTimeout': "10000"
+        'resourceTimeout': "60000"
     })
     mocker.patch.object(demisto, 'results')
 

From e792005a147e52a51652d84725d0d673b03d4eee Mon Sep 17 00:00:00 2001
From: ssokolovich <ssokolovich@paloaltonetworks.com>
Date: Thu, 21 Dec 2023 17:19:59 +0200
Subject: [PATCH 63/63] Reverted to master

---
 .../EntryWidgetResourceTypeXCLOUD.py                     | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py b/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py
index fe852ce29958..596fbfaaf29b 100644
--- a/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py
+++ b/Packs/CloudIncidentResponse/Scripts/EntryWidgetResourceTypeXCLOUD/EntryWidgetResourceTypeXCLOUD.py
@@ -6,8 +6,13 @@
 
 def main():  # pragma: no cover
     try:
-        alert = demisto.context().get('Core', {}).get('OriginalAlert')[0]
-        event = alert.get('event')
+        alert = demisto.context().get('Core', {}).get('OriginalAlert')
+        if isinstance(alert, list):
+            alert = alert[0]
+        if alert.get("raw_abioc") is None:
+            event = alert.get('event')
+        else:
+            event = alert.get('raw_abioc').get('event')
         resourceType = event.get('resource_type_orig')
 
         html = f"<h1 style='{BLACK_HTML_STYLE}'>{str(resourceType)}</h1>"