New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Marketplace Contribution] PAN-OS by Palo Alto Networks - Content Pack Update #31239
[Marketplace Contribution] PAN-OS by Palo Alto Networks - Content Pack Update #31239
Conversation
* added the ability to add resolution when closing issue * RN * RN * add in yml * revert non-relevant * Update Packs/Jira/ReleaseNotes/3_1_5.md Co-authored-by: Adi Bamberger Edri <72088126+BEAdi@users.noreply.github.com> * Update Packs/Jira/Integrations/JiraV2/JiraV2.yml Co-authored-by: Adi Bamberger Edri <72088126+BEAdi@users.noreply.github.com> --------- Co-authored-by: Adi Bamberger Edri <72088126+BEAdi@users.noreply.github.com>
* Reco: get user context by email address (demisto#30720) * Reco: get user context by email address Signed-off-by: Gal Nakash <gal@recolabs.ai> * Update Packs/Reco/Integrations/Reco/Reco_test.py Co-authored-by: Sapir Shuker <49246861+sapirshuker@users.noreply.github.com> * Reco: fix error handling Signed-off-by: Gal Nakash <gal@recolabs.ai> * Reco: fix readme.md Signed-off-by: Gal Nakash <gal@recolabs.ai> * Reco: get user context by email address Signed-off-by: Gal Nakash <gal@recolabs.ai> --------- Signed-off-by: Gal Nakash <gal@recolabs.ai> Co-authored-by: Sapir Shuker <49246861+sapirshuker@users.noreply.github.com> * Update .secrets-ignore * Update README.md * update docker --------- Signed-off-by: Gal Nakash <gal@recolabs.ai> Co-authored-by: GalNakash-RecoLabs <71227802+GalNakash-RecoLabs@users.noreply.github.com> Co-authored-by: Sapir Shuker <49246861+sapirshuker@users.noreply.github.com> Co-authored-by: sapirshuker <sshuker@paloaltonetworks.com>
…uts (demisto#30784) * Added playbook, formatted, and added README * RN * Update Packs/CommonPlaybooks/ReleaseNotes/2_4_14.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Bump pack from version CommonPlaybooks to 2.4.15. * Bump pack from version CommonPlaybooks to 2.4.16. * Bump pack from version CommonPlaybooks to 2.4.17. * Bump pack from version CommonPlaybooks to 2.4.18. * Bump pack from version CommonPlaybooks to 2.4.19. * Bump pack from version CommonPlaybooks to 2.4.20. * Bump pack from version CommonPlaybooks to 2.4.21. * Bump pack from version CommonPlaybooks to 2.4.22. * Bump pack from version CommonPlaybooks to 2.4.23. * Bump pack from version CommonPlaybooks to 2.4.24. * Bump pack from version CommonPlaybooks to 2.4.25. --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com>
* changed path for test playbook in xsoar * changed path for test playbook in xsoar * changed path for test playbook in xsoar * changed keyword for testing --------- Co-authored-by: JudithB <132264628+jbabazadeh@users.noreply.github.com>
Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: JudithB <132264628+jbabazadeh@users.noreply.github.com>
* Beyond Trust new pack - CIAC-8670 * Update Packs/BeyondTrustRemoteSupport/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fixes --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
…30968) * Small fixes to pack names * Update pack_metadata.json
* Adding new Playbook input grouping * adding new Playbook input grouping * updating pack pack_metadata * update ReleaseNotes * Update Packs/Phishing/ReleaseNotes/3_6_1.md Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> --------- Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com>
* added explanation about command in the documentation * rn * update docker * Update Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/README.md Co-authored-by: Sapir Shuker <49246861+sapirshuker@users.noreply.github.com> --------- Co-authored-by: Sapir Shuker <49246861+sapirshuker@users.noreply.github.com>
* fix sync validation * fix prod-us
…ils (demisto#30961) * Add corrupt email object handling; Add debug logs * Update docker image * Update release notes * Remove additional debug logs * Fix double printing of message id in debug log * Add UT
* playbook fix * added release notes * Added to ignore pack Inteval and InternetAccess * Deleted unused input: Interval * Added release notes * deleted from ignore input * Update Packs/JoeSecurity/ReleaseNotes/1_1_16.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/JoeSecurity/ReleaseNotes/1_1_16.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * added error message to the playbook outputs. added new task for checking if the file type is supported * release notes added * Update Packs/JoeSecurity/Playbooks/playbook-Detonate_File_-_JoeSecurity_V2_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SecneurXAnalysis/Playbooks/Detonate_File_-_SecneurX_Analysis_README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Fixes for the pre-commit process * Added new images for Joesecurity and SecneurXAnalysis playbooks. Grammer fix for the release notes * Added ignore case for task of the supported types * Fixes for the release notes * added file types * fixes for release ReleaseNotes removed input of interval --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* added missing outputs and removed unneeded playbook outputs * Re-added the test playbook and marketplaces configs * RN * Bump pack from version CommonPlaybooks to 2.4.21. * Bump pack from version CommonPlaybooks to 2.4.22. * Bump pack from version CommonPlaybooks to 2.4.23. * Bump pack from version CommonPlaybooks to 2.4.24. * Bump pack from version CommonPlaybooks to 2.4.25. * Bump pack from version CommonPlaybooks to 2.4.26. --------- Co-authored-by: Content Bot <bot@demisto.com>
* add-microsoft-defender-modeling * fix-readme-instruction-number-1-to-5 * event_type_minor_fix * fix-duration-typo * fix-minor-issues * fix-target-file-path * add-process_id-type-safety
* added icons * added icons * added icons * reverted changes * added more icons
* Wiz 1.2.14 (demisto#30951) * initial commit - better error management for empty issues fetch * update testing to correspond with changed error catching * RNs * Update Wiz.py * Docker Image --------- Co-authored-by: solalraveh <solal.raveh@gmail.com> Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com> Co-authored-by: MLainer1 <mlainer@paloaltonetworks.com>
* Added filter to the parsing rule of manage engine * Added release note. * Removed capture group from the parsing rule filter * Modified the parsing rule.
* Fixes for 'Detonate URL - Generic v1.5' playbook * RN * Bump pack from version CommonPlaybooks to 2.4.17. * Bump pack from version CommonPlaybooks to 2.4.18. * Bump pack from version CommonPlaybooks to 2.4.19. * Bump pack from version CommonPlaybooks to 2.4.20. * Bump pack from version CommonPlaybooks to 2.4.21. * Bump pack from version CommonPlaybooks to 2.4.22. * added 'unique' transformer to 'url' input within all sub-playbooks and tasks. * Bump pack from version CommonPlaybooks to 2.4.23. * Bump pack from version CommonPlaybooks to 2.4.24. * Bump pack from version CommonPlaybooks to 2.4.25. * Bump pack from version CommonPlaybooks to 2.4.26. * Bump pack from version CommonPlaybooks to 2.4.27. * replaced the command used within task number 19 - replaced 'OPSWAT Filescan|||opswat-filescan-scan-url' command with 'opswat-filescan-scan-url' command. --------- Co-authored-by: Content Bot <bot@demisto.com>
* fix * update docker
* updated the outputs description * updated the outputs description - RN * updated the outputs description - RN pack meta date * Bump pack from version CommonPlaybooks to 2.4.26. * updated the outputs types - Boolean * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Bump pack from version CommonPlaybooks to 2.4.27. * Bump pack from version CommonPlaybooks to 2.4.28. --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* Detonate_URL_-_ThreatStream * RN * RN * RN
* set to false field Threat Name Co-authored-by: franciscojavierfernandezjim <127735202+franciscojavierfernandezjim@users.noreply.github.com>
* Fixed the modeling rule and the schema file, in reference to the boolean fields. * Fixed the modeling rule and the schema file, in reference to the boolean fields. * Added release notes. * Fixed the schema file
…t entity alerts by MITRE tactics (demisto#30874) * Added playbook, new pb readme and new pb image * RN * Bump pack from version CommonPlaybooks to 2.4.18. * Bump pack from version CommonPlaybooks to 2.4.19. * Bump pack from version CommonPlaybooks to 2.4.20. * Bump pack from version CommonPlaybooks to 2.4.21. * Update Packs/CommonPlaybooks/ReleaseNotes/2_4_21.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Bump pack from version CommonPlaybooks to 2.4.22. * Bump pack from version CommonPlaybooks to 2.4.23. * Bump pack from version CommonPlaybooks to 2.4.24. * Bump pack from version CommonPlaybooks to 2.4.25. * Bump pack from version CommonPlaybooks to 2.4.26. * Fixed issue in get entity alerts playbook and in firewall search. Updated RN. * Fixed version * Updated playbook with fixes from review * Updated playbook with fixes from review * Bump pack from version CommonPlaybooks to 2.4.27. * Updated playbook with fixes from review * Bump pack from version CommonPlaybooks to 2.4.28. * Bump pack from version CommonPlaybooks to 2.4.29. --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* first commit * commit * commit * first commit * update pack_metadata file * extract_logs_from_response changes * get_events_command changes * commit * commit * add logs * commit * commit * commit * commit * commit * commit * commit * commit * commit * commit * commit * commit * commit * Fixed the memory load on Docker * commit * first commit for rewrite * commit * commit * add UT and finish implementation * design * Change pack name * add-modeling-rules * add-parsing-rules * siem-content-minor-fixes * add UT and docstring * add-siem-documentation * update-siem-documentation * update-siem-documentation * commit * Change readme file * fix UT and add description to pack_metadata * commit * fix mypy flake8 * add UT * refactor-siem-content * Apply suggestions from code review Comment corrections Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * comment corrections * comment corrections and add UT for it * comment correction * mypy * update Docker * comment corrections * comment corrections * update docker * fix UT and pre-commit * commit * commit * fix pre commit * commit --------- Co-authored-by: Chanan Welt <cwelt@paloaltonetworks.com> Co-authored-by: cweltPA <129675344+cweltPA@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* Fixed date parsing * format and tests * fixed date parsing from and to the api * fixed tests * fixed invalid date order * fetch in asc order * fetch in asc order * fix unitesing * fix potential formatting issue * change first_run * change first_run * Fix RN * Fix lint * Fix lint * added unitests * added unitests * CR fixes * CR fixes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work! make sure to look at the review comments, and fix the validation errors.
Afterwards, we can schedule a short demo to see the changes you made in the PR.
Hi @MLainer1. I will make the suggested changes. Just give me a couple of days. It’s a busy week with the customers. |
Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com>
Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com>
Hi @MLainer1 I have committed the suggested changes. Please let me know when you want to have a quick meeting for the demo. Thank you. Please feel free to reach out to me on slack. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
great work, a few comments:
file_name_arg = args.get("filename") | ||
target = args.get("target") | ||
if file_name_arg != 'running_config': | ||
file_name = target + '_' + file_name_arg + '_running_config' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's use the filename as we receive it from the user without changing it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @jlevypaloalto We will have to append at least the target name to the filename argument because it will save all the config files to all the hostnames with the same filename which will be confusing.
@@ -5033,6 +5033,9 @@ script: | |||
- arguments: | |||
- description: The serial number of the device. | |||
name: target | |||
- defaultValue: running_config | |||
description: Name of the file to save the config to. Default is "running_config" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The default values are added to the README when it's generated, let's remove it from the yml
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I addressed this in my new PR that I created.
10bf8d8
to
66ceee9
Compare
Hi @amkoppad, Your contribution was impacted by changes in the git history of the content repo, and you see many file changes that are not related to your PR. Our team is currently working on a solution, and we hope that it will be resolved soon. |
Hi @amkoppad , Last Thursday, December 20th, there was an update in the content repo. This is why your PR looks like there were a lot of commits and files changed. Thank you very much for your contribution and your understanding of the situation. |
Status
Contributor
@amkoppad
Notes
Added the filename argument to the two commands.
!pan-os-platform-get-device-state
!pan-os-get-running-config
If the filename argument is not provided then it uses the current logic to name the files.
If the filename argument is provided then it appends the provided value to the hostname/target and then saves the file.
This is very useful for the running-config command because that downloads all the files with the same name which makes it very difficult to identify which target the running config belongs to.
Video Link
Short demo video of the Pack usage. Speeds up the review. Optional but recommended. Use a video sharing service such as Google Drive or YouTube.