From 60de63c96d0127fa45074f102ec94f04cc5bafd6 Mon Sep 17 00:00:00 2001 From: daryakoval Date: Thu, 4 Jan 2024 09:46:49 +0200 Subject: [PATCH 01/14] save change to command results --- .../CoreIRApiModule/CoreIRApiModule.py | 102 ++++++++++-------- 1 file changed, 59 insertions(+), 43 deletions(-) diff --git a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py index ed9e99f9bb17..ae4fce546f16 100644 --- a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py +++ b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py @@ -2055,20 +2055,23 @@ def run_script_kill_process_command(client: CoreClient, args: Dict) -> List[Comm incident_id = arg_to_number(args.get('incident_id')) timeout = arg_to_number(args.get('timeout', 600)) or 600 processes_names = argToList(args.get('process_name')) - all_processes_response = [] + replies = [] + for process_name in processes_names: parameters = {'process_name': process_name} response = client.run_script('fd0a544a99a9421222b4f57a11839481', endpoint_ids, parameters, timeout, incident_id) reply = response.get('reply') - all_processes_response.append(CommandResults( - readable_output=tableToMarkdown(f'Run Script Kill Process on {process_name}', reply), - outputs_prefix=f'{args.get("integration_context_brand", "CoreApiModule")}.ScriptRun', - outputs_key_field='action_id', - outputs=reply, - raw_response=reply, - )) + replies.append(reply) - return all_processes_response + command_result = CommandResults( + readable_output=tableToMarkdown(f'Run Script Kill Process on {",".join(processes_names)}', replies), + outputs_prefix=f'{args.get("integration_context_brand", "CoreApiModule")}.ScriptRun', + outputs_key_field='action_id', + outputs=replies, + raw_response=replies, + ) + + return command_result def run_script_file_exists_command(client: CoreClient, args: Dict) -> List[CommandResults]: @@ -2076,19 +2079,21 @@ def run_script_file_exists_command(client: CoreClient, args: Dict) -> List[Comma incident_id = arg_to_number(args.get('incident_id')) timeout = arg_to_number(args.get('timeout', 600)) or 600 file_paths = argToList(args.get('file_path')) - all_files_response = [] + replies = [] for file_path in file_paths: parameters = {'path': file_path} response = client.run_script('414763381b5bfb7b05796c9fe690df46', endpoint_ids, parameters, timeout, incident_id) reply = response.get('reply') - all_files_response.append(CommandResults( - readable_output=tableToMarkdown(f'Run Script File Exists on {file_path}', reply), - outputs_prefix=f'{args.get("integration_context_brand", "CoreApiModule")}.ScriptRun', - outputs_key_field='action_id', - outputs=reply, - raw_response=reply, - )) - return all_files_response + replies.append(reply) + + command_result = CommandResults( + readable_output=tableToMarkdown(f'Run Script File Exists on {",".join(file_paths)}', replies), + outputs_prefix=f'{args.get("integration_context_brand", "CoreApiModule")}.ScriptRun', + outputs_key_field='action_id', + outputs=replies, + raw_response=replies, + ) + return command_result def run_script_delete_file_command(client: CoreClient, args: Dict) -> List[CommandResults]: @@ -2096,19 +2101,21 @@ def run_script_delete_file_command(client: CoreClient, args: Dict) -> List[Comma incident_id = arg_to_number(args.get('incident_id')) timeout = arg_to_number(args.get('timeout', 600)) or 600 file_paths = argToList(args.get('file_path')) - all_files_response = [] + replies = [] for file_path in file_paths: parameters = {'file_path': file_path} response = client.run_script('548023b6e4a01ec51a495ba6e5d2a15d', endpoint_ids, parameters, timeout, incident_id) reply = response.get('reply') - all_files_response.append(CommandResults( - readable_output=tableToMarkdown(f'Run Script Delete File on {file_path}', reply), - outputs_prefix=f'{args.get("integration_context_brand", "CoreApiModule")}.ScriptRun', - outputs_key_field='action_id', - outputs=reply, - raw_response=reply, - )) - return all_files_response + replies.append(reply) + + command_result = CommandResults( + readable_output=tableToMarkdown(f'Run Script Delete File on {",".join(file_paths)}', replies), + outputs_prefix=f'{args.get("integration_context_brand", "CoreApiModule")}.ScriptRun', + outputs_key_field='action_id', + outputs=replies, + raw_response=replies, + ) + return command_result def quarantine_files_command(client, args): @@ -3066,19 +3073,23 @@ def run_script_command(client: CoreClient, args: Dict) -> CommandResults: def get_script_execution_status_command(client: CoreClient, args: Dict) -> List[CommandResults]: action_ids = argToList(args.get('action_id', '')) - command_results = [] + replies = [] + raw_responses = [] for action_id in action_ids: response = client.get_script_execution_status(action_id) reply = response.get('reply') reply['action_id'] = int(action_id) - command_results.append(CommandResults( - readable_output=tableToMarkdown(f'Script Execution Status - {action_id}', reply), - outputs_prefix=f'{args.get("integration_context_brand", "CoreApiModule")}.ScriptStatus', - outputs_key_field='action_id', - outputs=reply, - raw_response=response, - )) - return command_results + replies.append(reply) + raw_responses.append(response) + + command_result = CommandResults( + readable_output=tableToMarkdown(f'Script Execution Status - {",".join(action_ids)}', replies), + outputs_prefix=f'{args.get("integration_context_brand", "CoreApiModule")}.ScriptStatus', + outputs_key_field='action_id', + outputs=replies, + raw_response=raw_responses, + ) + return command_result def parse_get_script_execution_results(results: List[Dict]) -> List[Dict]: @@ -3110,7 +3121,8 @@ def parse_get_script_execution_results(results: List[Dict]) -> List[Dict]: def get_script_execution_results_command(client: CoreClient, args: Dict) -> List[CommandResults]: action_ids = argToList(args.get('action_id', '')) - command_results = [] + contexts = [] + raw_responses = [] for action_id in action_ids: response = client.get_script_execution_results(action_id) results = response.get('reply', {}).get('results') @@ -3118,14 +3130,18 @@ def get_script_execution_results_command(client: CoreClient, args: Dict) -> List 'action_id': int(action_id), 'results': parse_get_script_execution_results(results), } - command_results.append(CommandResults( - readable_output=tableToMarkdown(f'Script Execution Results - {action_id}', results), + contexts.append(context) + raw_responses.append(response) + + command_result = CommandResults( + readable_output=tableToMarkdown(f'Script Execution Results - {",".join(action_ids)}', + [c.get('results') for c in contexts]), outputs_prefix=f'{args.get("integration_context_brand", "CoreApiModule")}.ScriptResult', outputs_key_field='action_id', - outputs=context, - raw_response=response, - )) - return command_results + outputs=contexts, + raw_response=raw_responses, + ) + return command_result def get_script_execution_result_files_command(client: CoreClient, args: Dict) -> Dict: From 6112873bbb4f19392e88242de92d4bc584c77ec3 Mon Sep 17 00:00:00 2001 From: daryakoval Date: Thu, 4 Jan 2024 09:55:53 +0200 Subject: [PATCH 02/14] precommit fixes --- .../CoreIRApiModule/CoreIRApiModule.py | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py index ae4fce546f16..049af3b6a17d 100644 --- a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py +++ b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py @@ -2050,7 +2050,7 @@ def run_script_execute_commands_command(client: CoreClient, args: Dict) -> Comma ) -def run_script_kill_process_command(client: CoreClient, args: Dict) -> List[CommandResults]: +def run_script_kill_process_command(client: CoreClient, args: Dict) -> CommandResults: endpoint_ids = argToList(args.get('endpoint_ids')) incident_id = arg_to_number(args.get('incident_id')) timeout = arg_to_number(args.get('timeout', 600)) or 600 @@ -2074,7 +2074,7 @@ def run_script_kill_process_command(client: CoreClient, args: Dict) -> List[Comm return command_result -def run_script_file_exists_command(client: CoreClient, args: Dict) -> List[CommandResults]: +def run_script_file_exists_command(client: CoreClient, args: Dict) -> CommandResults: endpoint_ids = argToList(args.get('endpoint_ids')) incident_id = arg_to_number(args.get('incident_id')) timeout = arg_to_number(args.get('timeout', 600)) or 600 @@ -2096,7 +2096,7 @@ def run_script_file_exists_command(client: CoreClient, args: Dict) -> List[Comma return command_result -def run_script_delete_file_command(client: CoreClient, args: Dict) -> List[CommandResults]: +def run_script_delete_file_command(client: CoreClient, args: Dict) -> CommandResults: endpoint_ids = argToList(args.get('endpoint_ids')) incident_id = arg_to_number(args.get('incident_id')) timeout = arg_to_number(args.get('timeout', 600)) or 600 @@ -3071,7 +3071,7 @@ def run_script_command(client: CoreClient, args: Dict) -> CommandResults: ) -def get_script_execution_status_command(client: CoreClient, args: Dict) -> List[CommandResults]: +def get_script_execution_status_command(client: CoreClient, args: Dict) -> CommandResults: action_ids = argToList(args.get('action_id', '')) replies = [] raw_responses = [] @@ -3119,7 +3119,7 @@ def parse_get_script_execution_results(results: List[Dict]) -> List[Dict]: return parsed_results -def get_script_execution_results_command(client: CoreClient, args: Dict) -> List[CommandResults]: +def get_script_execution_results_command(client: CoreClient, args: Dict) -> CommandResults: action_ids = argToList(args.get('action_id', '')) contexts = [] raw_responses = [] @@ -3134,13 +3134,13 @@ def get_script_execution_results_command(client: CoreClient, args: Dict) -> List raw_responses.append(response) command_result = CommandResults( - readable_output=tableToMarkdown(f'Script Execution Results - {",".join(action_ids)}', - [c.get('results') for c in contexts]), - outputs_prefix=f'{args.get("integration_context_brand", "CoreApiModule")}.ScriptResult', - outputs_key_field='action_id', - outputs=contexts, - raw_response=raw_responses, - ) + readable_output=tableToMarkdown(f'Script Execution Results - {",".join(action_ids)}', + [c.get('results') for c in contexts]), + outputs_prefix=f'{args.get("integration_context_brand", "CoreApiModule")}.ScriptResult', + outputs_key_field='action_id', + outputs=contexts, + raw_response=raw_responses, + ) return command_result From 35a508786905639c1f6e5a3d74435cf3ba2d6488 Mon Sep 17 00:00:00 2001 From: daryakoval Date: Sun, 7 Jan 2024 14:45:06 +0200 Subject: [PATCH 03/14] revert get_script_execution_results_command --- .../CoreIRApiModule/CoreIRApiModule.py | 32 ++++++++----------- .../CoreIRApiModule/CoreIRApiModule_test.py | 16 +++++----- 2 files changed, 21 insertions(+), 27 deletions(-) diff --git a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py index 049af3b6a17d..6d9d42e97fef 100644 --- a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py +++ b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py @@ -1407,10 +1407,9 @@ def run_polling_command(client: CoreClient, if command_decision_field not in args: # create new command run command_results = command_function(client, args) - if isinstance(command_results, CommandResults): - outputs = [command_results.raw_response] if command_results.raw_response else [] - else: - outputs = [c.raw_response for c in command_results] + outputs = command_results.raw_response + if outputs and not isinstance(outputs, list): + outputs = [outputs] command_decision_values = [o.get(command_decision_field) for o in outputs] if outputs else [] # type: ignore if outputs and command_decision_values: polling_args = { @@ -3119,10 +3118,9 @@ def parse_get_script_execution_results(results: List[Dict]) -> List[Dict]: return parsed_results -def get_script_execution_results_command(client: CoreClient, args: Dict) -> CommandResults: +def get_script_execution_results_command(client: CoreClient, args: Dict) -> List[CommandResults]: action_ids = argToList(args.get('action_id', '')) - contexts = [] - raw_responses = [] + command_results = [] for action_id in action_ids: response = client.get_script_execution_results(action_id) results = response.get('reply', {}).get('results') @@ -3130,18 +3128,14 @@ def get_script_execution_results_command(client: CoreClient, args: Dict) -> Comm 'action_id': int(action_id), 'results': parse_get_script_execution_results(results), } - contexts.append(context) - raw_responses.append(response) - - command_result = CommandResults( - readable_output=tableToMarkdown(f'Script Execution Results - {",".join(action_ids)}', - [c.get('results') for c in contexts]), - outputs_prefix=f'{args.get("integration_context_brand", "CoreApiModule")}.ScriptResult', - outputs_key_field='action_id', - outputs=contexts, - raw_response=raw_responses, - ) - return command_result + command_results.append(CommandResults( + readable_output=tableToMarkdown(f'Script Execution Results - {action_id}', results), + outputs_prefix=f'{args.get("integration_context_brand", "CoreApiModule")}.ScriptResult', + outputs_key_field='action_id', + outputs=context, + raw_response=response, + )) + return command_results def get_script_execution_result_files_command(client: CoreClient, args: Dict) -> Dict: diff --git a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule_test.py b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule_test.py index 23bb9097e17f..a1df20d5d18e 100644 --- a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule_test.py +++ b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule_test.py @@ -1752,7 +1752,7 @@ def test_get_script_execution_status_command(requests_mock): response = get_script_execution_status_command(client, args) api_response['reply']['action_id'] = int(action_id) - assert response[0].outputs == api_response.get('reply') + assert response.outputs[0] == api_response.get('reply') assert requests_mock.request_history[0].json() == { 'request_data': { 'action_id': action_id @@ -1790,7 +1790,7 @@ def test_get_script_execution_results_command(requests_mock): 'action_id': int(action_id), 'results': api_response.get('reply').get('results') } - assert response[0].outputs == expected_output + assert response.outputs[0] == expected_output assert requests_mock.request_history[0].json() == { 'request_data': { 'action_id': action_id @@ -1931,7 +1931,7 @@ def test_run_script_delete_file_command(requests_mock): response = run_script_delete_file_command(client, args) - assert response[0].outputs == api_response.get('reply') + assert response.outputs[0] == api_response.get('reply') assert requests_mock.request_history[0].json() == { 'request_data': { 'script_uid': '548023b6e4a01ec51a495ba6e5d2a15d', @@ -1978,7 +1978,7 @@ def test_run_script_delete_multiple_files_command(requests_mock): response = run_script_delete_file_command(client, args) - assert response[0].outputs == api_response.get('reply') + assert response.outputs[0] == api_response.get('reply') assert requests_mock.request_history[0].json() == { 'request_data': { 'script_uid': '548023b6e4a01ec51a495ba6e5d2a15d', @@ -2038,7 +2038,7 @@ def test_run_script_file_exists_command(requests_mock): response = run_script_file_exists_command(client, args) - assert response[0].outputs == api_response.get('reply') + assert response.outputs[0] == api_response.get('reply') assert requests_mock.request_history[0].json() == { 'request_data': { 'script_uid': '414763381b5bfb7b05796c9fe690df46', @@ -2085,7 +2085,7 @@ def test_run_script_file_exists_multiple_files_command(requests_mock): response = run_script_file_exists_command(client, args) - assert response[0].outputs == api_response.get('reply') + assert response.outputs[0] == api_response.get('reply') assert requests_mock.request_history[0].json() == { 'request_data': { 'script_uid': '414763381b5bfb7b05796c9fe690df46', @@ -2145,7 +2145,7 @@ def test_run_script_kill_process_command(requests_mock): response = run_script_kill_process_command(client, args) - assert response[0].outputs == api_response.get('reply') + assert response.outputs[0] == api_response.get('reply') assert requests_mock.request_history[0].json() == { 'request_data': { 'script_uid': 'fd0a544a99a9421222b4f57a11839481', @@ -2192,7 +2192,7 @@ def test_run_script_kill_multiple_processes_command(requests_mock): response = run_script_kill_process_command(client, args) - assert response[0].outputs == api_response.get('reply') + assert response.outputs[0] == api_response.get('reply') assert requests_mock.request_history[0].json() == { 'request_data': { 'script_uid': 'fd0a544a99a9421222b4f57a11839481', From 223393a8fa27ac1835f8e6cf52ceb99d8cb286f4 Mon Sep 17 00:00:00 2001 From: daryakoval Date: Sun, 7 Jan 2024 14:47:14 +0200 Subject: [PATCH 04/14] fix tests --- .../ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule_test.py b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule_test.py index a1df20d5d18e..d76b684a63de 100644 --- a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule_test.py +++ b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule_test.py @@ -1790,7 +1790,7 @@ def test_get_script_execution_results_command(requests_mock): 'action_id': int(action_id), 'results': api_response.get('reply').get('results') } - assert response.outputs[0] == expected_output + assert response[0].outputs == expected_output assert requests_mock.request_history[0].json() == { 'request_data': { 'action_id': action_id From 87f330e44aa259801dc7308bd77b77292e004730 Mon Sep 17 00:00:00 2001 From: daryakoval Date: Mon, 8 Jan 2024 11:29:43 +0200 Subject: [PATCH 05/14] rn --- Packs/Core/ReleaseNotes/3_0_6.md | 10 ++++++++++ Packs/Core/pack_metadata.json | 2 +- Packs/CortexXDR/ReleaseNotes/6_1_2.md | 11 +++++++++++ Packs/CortexXDR/pack_metadata.json | 2 +- Packs/ctf01/ReleaseNotes/1_0_4.md | 6 ++++++ Packs/ctf01/pack_metadata.json | 2 +- 6 files changed, 30 insertions(+), 3 deletions(-) create mode 100644 Packs/Core/ReleaseNotes/3_0_6.md create mode 100644 Packs/CortexXDR/ReleaseNotes/6_1_2.md create mode 100644 Packs/ctf01/ReleaseNotes/1_0_4.md diff --git a/Packs/Core/ReleaseNotes/3_0_6.md b/Packs/Core/ReleaseNotes/3_0_6.md new file mode 100644 index 000000000000..557e07b21158 --- /dev/null +++ b/Packs/Core/ReleaseNotes/3_0_6.md @@ -0,0 +1,10 @@ + +#### Integrations + +##### Investigation & Response + +- Improved the following commands results: + - ***core-run-script-kill-process*** + - ***core-run-script-file-exists*** + - ***core-run-script-delete-file*** + - ***core-get-script-execution-status*** \ No newline at end of file diff --git a/Packs/Core/pack_metadata.json b/Packs/Core/pack_metadata.json index 83f42984c28b..075d2bd12999 100644 --- a/Packs/Core/pack_metadata.json +++ b/Packs/Core/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Core - Investigation and Response", "description": "Automates incident response", "support": "xsoar", - "currentVersion": "3.0.5", + "currentVersion": "3.0.6", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CortexXDR/ReleaseNotes/6_1_2.md b/Packs/CortexXDR/ReleaseNotes/6_1_2.md new file mode 100644 index 000000000000..ae973314473c --- /dev/null +++ b/Packs/CortexXDR/ReleaseNotes/6_1_2.md @@ -0,0 +1,11 @@ + +#### Integrations + +##### Palo Alto Networks Cortex XDR - Investigation and Response + +- Improved the following commands results: + - ***xdr-kill-process-script-execute*** + - ***xdr-file-exist-script-execute*** + - ***xdr-run-script-file-exists*** + - ***xdr-run-script-delete-file*** + - ***xdr-get-script-execution-status*** diff --git a/Packs/CortexXDR/pack_metadata.json b/Packs/CortexXDR/pack_metadata.json index 957daa92bd7f..518c89cdfbe6 100644 --- a/Packs/CortexXDR/pack_metadata.json +++ b/Packs/CortexXDR/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cortex XDR by Palo Alto Networks", "description": "Automates Cortex XDR incident response, and includes custom Cortex XDR incident views and layouts to aid analyst investigations.", "support": "xsoar", - "currentVersion": "6.1.1", + "currentVersion": "6.1.2", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/ctf01/ReleaseNotes/1_0_4.md b/Packs/ctf01/ReleaseNotes/1_0_4.md new file mode 100644 index 000000000000..c164163c1a0e --- /dev/null +++ b/Packs/ctf01/ReleaseNotes/1_0_4.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Cortex XDR - IR CTF + +- No changes related directly to this integration. diff --git a/Packs/ctf01/pack_metadata.json b/Packs/ctf01/pack_metadata.json index 8812cb6a2b2c..723a462582db 100644 --- a/Packs/ctf01/pack_metadata.json +++ b/Packs/ctf01/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Capture The Flag - 01", "description": "XSOAR's Capture the flag (CTF)", "support": "xsoar", - "currentVersion": "1.0.3", + "currentVersion": "1.0.4", "serverMinVersion": "8.2.0", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", From 1542426b686346c505807e3a4f42c22d113f04e3 Mon Sep 17 00:00:00 2001 From: daryakoval Date: Mon, 8 Jan 2024 14:20:35 +0200 Subject: [PATCH 06/14] fix bug found by the test playbbok --- Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py index 6d9d42e97fef..c9a3059d8293 100644 --- a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py +++ b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py @@ -3082,7 +3082,7 @@ def get_script_execution_status_command(client: CoreClient, args: Dict) -> Comma raw_responses.append(response) command_result = CommandResults( - readable_output=tableToMarkdown(f'Script Execution Status - {",".join(action_ids)}', replies), + readable_output=tableToMarkdown(f'Script Execution Status - {",".join(str(i) for i in action_ids)}', replies), outputs_prefix=f'{args.get("integration_context_brand", "CoreApiModule")}.ScriptStatus', outputs_key_field='action_id', outputs=replies, From bfd59e3860f3105d3a3cbb19fa8f6f648878305d Mon Sep 17 00:00:00 2001 From: Content Bot Date: Mon, 8 Jan 2024 13:29:10 +0000 Subject: [PATCH 07/14] Bump pack from version CortexXDR to 6.1.3. --- Packs/CortexXDR/ReleaseNotes/6_1_3.md | 11 +++++++++++ Packs/CortexXDR/pack_metadata.json | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 Packs/CortexXDR/ReleaseNotes/6_1_3.md diff --git a/Packs/CortexXDR/ReleaseNotes/6_1_3.md b/Packs/CortexXDR/ReleaseNotes/6_1_3.md new file mode 100644 index 000000000000..ae973314473c --- /dev/null +++ b/Packs/CortexXDR/ReleaseNotes/6_1_3.md @@ -0,0 +1,11 @@ + +#### Integrations + +##### Palo Alto Networks Cortex XDR - Investigation and Response + +- Improved the following commands results: + - ***xdr-kill-process-script-execute*** + - ***xdr-file-exist-script-execute*** + - ***xdr-run-script-file-exists*** + - ***xdr-run-script-delete-file*** + - ***xdr-get-script-execution-status*** diff --git a/Packs/CortexXDR/pack_metadata.json b/Packs/CortexXDR/pack_metadata.json index 518c89cdfbe6..92f46604aecd 100644 --- a/Packs/CortexXDR/pack_metadata.json +++ b/Packs/CortexXDR/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cortex XDR by Palo Alto Networks", "description": "Automates Cortex XDR incident response, and includes custom Cortex XDR incident views and layouts to aid analyst investigations.", "support": "xsoar", - "currentVersion": "6.1.2", + "currentVersion": "6.1.3", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 6e9dbfd2c83e3f7ffc9294df49bf74728eb67b67 Mon Sep 17 00:00:00 2001 From: Content Bot Date: Tue, 9 Jan 2024 11:06:53 +0000 Subject: [PATCH 08/14] Bump pack from version ctf01 to 1.0.5. --- Packs/ctf01/ReleaseNotes/1_0_5.md | 6 ++++++ Packs/ctf01/pack_metadata.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 Packs/ctf01/ReleaseNotes/1_0_5.md diff --git a/Packs/ctf01/ReleaseNotes/1_0_5.md b/Packs/ctf01/ReleaseNotes/1_0_5.md new file mode 100644 index 000000000000..c164163c1a0e --- /dev/null +++ b/Packs/ctf01/ReleaseNotes/1_0_5.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Cortex XDR - IR CTF + +- No changes related directly to this integration. diff --git a/Packs/ctf01/pack_metadata.json b/Packs/ctf01/pack_metadata.json index 723a462582db..6aa04f2227f6 100644 --- a/Packs/ctf01/pack_metadata.json +++ b/Packs/ctf01/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Capture The Flag - 01", "description": "XSOAR's Capture the flag (CTF)", "support": "xsoar", - "currentVersion": "1.0.4", + "currentVersion": "1.0.5", "serverMinVersion": "8.2.0", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", From b06a71af28e2425a91506e2729a19914d1f2ea1a Mon Sep 17 00:00:00 2001 From: Darya Koval <72339940+daryakoval@users.noreply.github.com> Date: Wed, 10 Jan 2024 10:55:05 +0200 Subject: [PATCH 09/14] Apply suggestions from code review Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> --- Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py | 2 +- Packs/Core/ReleaseNotes/3_0_6.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py index c9a3059d8293..ab00ae5edc98 100644 --- a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py +++ b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py @@ -2063,7 +2063,7 @@ def run_script_kill_process_command(client: CoreClient, args: Dict) -> CommandRe replies.append(reply) command_result = CommandResults( - readable_output=tableToMarkdown(f'Run Script Kill Process on {",".join(processes_names)}', replies), + readable_output=tableToMarkdown("Run Script Kill Process Results", replies), outputs_prefix=f'{args.get("integration_context_brand", "CoreApiModule")}.ScriptRun', outputs_key_field='action_id', outputs=replies, diff --git a/Packs/Core/ReleaseNotes/3_0_6.md b/Packs/Core/ReleaseNotes/3_0_6.md index 557e07b21158..69412f2e76fb 100644 --- a/Packs/Core/ReleaseNotes/3_0_6.md +++ b/Packs/Core/ReleaseNotes/3_0_6.md @@ -3,7 +3,7 @@ ##### Investigation & Response -- Improved the following commands results: +- Fixed an issue where the following polling commands retrieved partial results when a list of arguments was provided: - ***core-run-script-kill-process*** - ***core-run-script-file-exists*** - ***core-run-script-delete-file*** From 229b4c96e08bb45f2de88b56719a096f8b32e872 Mon Sep 17 00:00:00 2001 From: Darya Koval <72339940+daryakoval@users.noreply.github.com> Date: Wed, 10 Jan 2024 10:56:15 +0200 Subject: [PATCH 10/14] Apply suggestions from code review Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> --- Packs/ctf01/ReleaseNotes/1_0_5.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Packs/ctf01/ReleaseNotes/1_0_5.md b/Packs/ctf01/ReleaseNotes/1_0_5.md index c164163c1a0e..1413cd39feef 100644 --- a/Packs/ctf01/ReleaseNotes/1_0_5.md +++ b/Packs/ctf01/ReleaseNotes/1_0_5.md @@ -1,6 +1,8 @@ + From 879e326ccd060116c3c566204acf0e9724d22da3 Mon Sep 17 00:00:00 2001 From: Content Bot Date: Wed, 10 Jan 2024 09:04:30 +0000 Subject: [PATCH 11/14] Bump pack from version Core to 3.0.7. --- Packs/Core/ReleaseNotes/3_0_7.md | 10 ++++++++++ Packs/Core/pack_metadata.json | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 Packs/Core/ReleaseNotes/3_0_7.md diff --git a/Packs/Core/ReleaseNotes/3_0_7.md b/Packs/Core/ReleaseNotes/3_0_7.md new file mode 100644 index 000000000000..69412f2e76fb --- /dev/null +++ b/Packs/Core/ReleaseNotes/3_0_7.md @@ -0,0 +1,10 @@ + +#### Integrations + +##### Investigation & Response + +- Fixed an issue where the following polling commands retrieved partial results when a list of arguments was provided: + - ***core-run-script-kill-process*** + - ***core-run-script-file-exists*** + - ***core-run-script-delete-file*** + - ***core-get-script-execution-status*** \ No newline at end of file diff --git a/Packs/Core/pack_metadata.json b/Packs/Core/pack_metadata.json index 075d2bd12999..946c42669234 100644 --- a/Packs/Core/pack_metadata.json +++ b/Packs/Core/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Core - Investigation and Response", "description": "Automates incident response", "support": "xsoar", - "currentVersion": "3.0.6", + "currentVersion": "3.0.7", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 1b61bb3568ddeec6a7726ff1c6a3b140b126f0fb Mon Sep 17 00:00:00 2001 From: daryakoval Date: Wed, 10 Jan 2024 11:12:09 +0200 Subject: [PATCH 12/14] save changes from cr in rn --- Packs/Core/ReleaseNotes/3_0_6.md | 3 +-- Packs/CortexXDR/ReleaseNotes/6_1_3.md | 5 ++--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/Packs/Core/ReleaseNotes/3_0_6.md b/Packs/Core/ReleaseNotes/3_0_6.md index 69412f2e76fb..58bc1f72b5d5 100644 --- a/Packs/Core/ReleaseNotes/3_0_6.md +++ b/Packs/Core/ReleaseNotes/3_0_6.md @@ -6,5 +6,4 @@ - Fixed an issue where the following polling commands retrieved partial results when a list of arguments was provided: - ***core-run-script-kill-process*** - ***core-run-script-file-exists*** - - ***core-run-script-delete-file*** - - ***core-get-script-execution-status*** \ No newline at end of file + - ***core-run-script-delete-file*** \ No newline at end of file diff --git a/Packs/CortexXDR/ReleaseNotes/6_1_3.md b/Packs/CortexXDR/ReleaseNotes/6_1_3.md index ae973314473c..d92b0827ab19 100644 --- a/Packs/CortexXDR/ReleaseNotes/6_1_3.md +++ b/Packs/CortexXDR/ReleaseNotes/6_1_3.md @@ -3,9 +3,8 @@ ##### Palo Alto Networks Cortex XDR - Investigation and Response -- Improved the following commands results: +- Fixed an issue where the following polling commands retrieved partial results when a list of arguments was provided: - ***xdr-kill-process-script-execute*** - ***xdr-file-exist-script-execute*** - - ***xdr-run-script-file-exists*** - - ***xdr-run-script-delete-file*** - ***xdr-get-script-execution-status*** + - ***xdr-file-delete-script-execute*** From 6f4e91c3299f3c076ef11a4f4f02d2be6df98da2 Mon Sep 17 00:00:00 2001 From: daryakoval Date: Wed, 10 Jan 2024 11:14:10 +0200 Subject: [PATCH 13/14] rn --- Packs/Core/ReleaseNotes/3_0_7.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Packs/Core/ReleaseNotes/3_0_7.md b/Packs/Core/ReleaseNotes/3_0_7.md index 69412f2e76fb..58bc1f72b5d5 100644 --- a/Packs/Core/ReleaseNotes/3_0_7.md +++ b/Packs/Core/ReleaseNotes/3_0_7.md @@ -6,5 +6,4 @@ - Fixed an issue where the following polling commands retrieved partial results when a list of arguments was provided: - ***core-run-script-kill-process*** - ***core-run-script-file-exists*** - - ***core-run-script-delete-file*** - - ***core-get-script-execution-status*** \ No newline at end of file + - ***core-run-script-delete-file*** \ No newline at end of file From 123549f9305ef32cabab13f54a69f1652e3ce5dd Mon Sep 17 00:00:00 2001 From: Content Bot Date: Wed, 10 Jan 2024 11:29:00 +0000 Subject: [PATCH 14/14] Bump pack from version Core to 3.0.8. --- Packs/Core/ReleaseNotes/3_0_8.md | 9 +++++++++ Packs/Core/pack_metadata.json | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 Packs/Core/ReleaseNotes/3_0_8.md diff --git a/Packs/Core/ReleaseNotes/3_0_8.md b/Packs/Core/ReleaseNotes/3_0_8.md new file mode 100644 index 000000000000..58bc1f72b5d5 --- /dev/null +++ b/Packs/Core/ReleaseNotes/3_0_8.md @@ -0,0 +1,9 @@ + +#### Integrations + +##### Investigation & Response + +- Fixed an issue where the following polling commands retrieved partial results when a list of arguments was provided: + - ***core-run-script-kill-process*** + - ***core-run-script-file-exists*** + - ***core-run-script-delete-file*** \ No newline at end of file diff --git a/Packs/Core/pack_metadata.json b/Packs/Core/pack_metadata.json index 946c42669234..e9d8c0b96a2d 100644 --- a/Packs/Core/pack_metadata.json +++ b/Packs/Core/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Core - Investigation and Response", "description": "Automates incident response", "support": "xsoar", - "currentVersion": "3.0.7", + "currentVersion": "3.0.8", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",