demisto · OmriItzhak · Jan 21, 2024 · Jan 11, 2024 · Jan 11, 2024 · Jan 11, 2024
diff --git a/Packs/Core/Playbooks/playbook-IOC_Alert.yml b/Packs/Core/Playbooks/playbook-IOC_Alert.yml
@@ -1495,6 +1495,47 @@ inputs:
   required: false
   description: Comment for the ticket.
   playbookInputQuery: null
+inputSections:
+- inputs:
+  - ShouldCloseAutomatically
+  - ShouldHandleFPautomatically
+  name: Incident Management
+  description: Incident management settings and data, including escalation processes, and user engagements.
+- inputs:
+  - PreHostContainment
+  - AutoEradication
+  - AutoContainment
+  - BlockIndicatorsAutomatically
+  - FileRemediation
+  - AutoRestoreEndpoint
+  name: Remediation
+  description: Remediation settings and data, including containment, eradication, and recovery.
+- inputs:
+  - ShouldOpenTicket
+  - serviceNowShortDescription
+  - serviceNowImpact
+  - serviceNowUrgency
+  - serviceNowSeverity
+  - serviceNowTicketType
+  - serviceNowCategory
+  - serviceNowAssignmentGroup
+  - ZendeskPriority
+  - ZendeskRequester
+  - ZendeskStatus
+  - ZendeskSubject
+  - ZendeskTags
+  - ZendeskType
+  - ZendeskAssigne
+  - ZendeskCollaborators
+  - description
+  - addCommentPerEndpoint
+  - CommentToAdd
+  name: Ticket Management
+  description: Ticket management settings and data.
+outputSections:
+- outputs: []
+  name: General (Outputs group)
+  description: Generic group for outputs
 outputs: []
 tests:
 - No tests (auto formatted)

diff --git a/Packs/Core/Playbooks/playbook-IOC_Alert_README.md b/Packs/Core/Playbooks/playbook-IOC_Alert_README.md
@@ -28,13 +28,13 @@ This playbook uses the following sub-playbooks, integrations, and scripts.
 
 ### Sub-playbooks
 
+* Recovery Plan
 * Eradication Plan
+* Ticket Management - Generic
 * Endpoint Investigation Plan
+* Enrichment for Verdict
 * Containment Plan
 * Handle False Positive Alerts
-* Enrichment for Verdict
-* Ticket Management - Generic
-* Recovery Plan
 
 ### Integrations
 
@@ -46,9 +46,9 @@ This playbook does not use any scripts.
 
 ### Commands
 
-* setParentIncidentFields
 * extractIndicators
 * closeInvestigation
+* setParentIncidentFields
 
 ## Playbook Inputs
 

diff --git a/Packs/Core/Playbooks/playbook-Impossible_Traveler.yml b/Packs/Core/Playbooks/playbook-Impossible_Traveler.yml
@@ -23,7 +23,7 @@ tasks:
       {
         "position": {
           "x": -30,
-          "y": -10
+          "y": -50
         }
       }
     note: false
@@ -85,7 +85,7 @@ tasks:
       {
         "position": {
           "x": -30,
-          "y": 120
+          "y": 80
         }
       }
     note: false
@@ -621,7 +621,7 @@ tasks:
       {
         "position": {
           "x": -30,
-          "y": 400
+          "y": 390
         }
       }
     note: false
@@ -702,7 +702,7 @@ tasks:
       {
         "position": {
           "x": -30,
-          "y": 240
+          "y": 220
         }
       }
     note: false
@@ -928,7 +928,7 @@ tasks:
       HostAutoContainment:
         simple: "False"
       IAMUserDomain:
-        simple: '@demisto.com'
+        simple: ''
       IP:
         complex:
           root: ImpossibleTravelerIPs
@@ -992,7 +992,7 @@ tasks:
       HostAutoContainment:
         simple: "False"
       IAMUserDomain:
-        simple: '@demisto.com'
+        simple: ''
       IP:
         complex:
           root: ImpossibleTravelerIPs
@@ -1277,10 +1277,10 @@ view: |-
     },
     "paper": {
       "dimensions": {
-        "height": 4105,
+        "height": 4145,
         "width": 1490,
         "x": -310,
-        "y": -10
+        "y": -50
       }
     }
   }
@@ -1447,6 +1447,72 @@ inputs:
   required: false
   description: Comment for the ticket.
   playbookInputQuery: null
+inputSections:
+- inputs:
+  - domain
+  - username
+  - ContactUserManager
+  name: Alert Management
+  description: Incident management settings and data, including escalation processes, and user engagements.
+- inputs:
+  - WhitelistedIPs
+  - AllowlistCIDR
+  - MaxMilesPerHourAllowed
+  name: Investigation
+  description: Investigation settings and data, including any deep dive incident investigation and verdict determination.
+- inputs:
+  - preInvestigationContainment
+  - AutoContainment
+  - AbuseIPDBThreshold
+  name: Remediation
+  description: Remediation settings and data, including containment, eradication, and recovery.
+- inputs:
+  - ShouldOpenTicket
+  - serviceNowShortDescription
+  - serviceNowImpact
+  - serviceNowUrgency
+  - serviceNowSeverity
+  - serviceNowTicketType
+  - serviceNowCategory
+  - serviceNowAssignmentGroup
+  - ZendeskPriority
+  - ZendeskRequester
+  - ZendeskStatus
+  - ZendeskSubject
+  - ZendeskTags
+  - ZendeskType
+  - ZendeskAssigne
+  - ZendeskCollaborators
+  - description
+  - addCommentPerEndpoint
+  - CommentToAdd
+  name: Ticket Management
+  description: Ticket management settings and data.
+outputSections:
+- outputs:
+  - Account.Email.Address
+  - DBotScore
+  - Account.ID
+  - Account.Username
+  - Account.Email
+  - Account.Type
+  - Account.Groups
+  - Account
+  - Account.DisplayName
+  - Account.Manager
+  - DBotScore.Indicator
+  - DBotScore.Type
+  - DBotScore.Vendor
+  - DBotScore.Score
+  - IP
+  - Endpoint
+  - Endpoint.Hostname
+  - Endpoint.OS
+  - Endpoint.IP
+  - Endpoint.MAC
+  - Endpoint.Domain
+  name: General (Outputs group)
+  description: Generic group for outputs
 outputs:
 - contextPath: Account.Email.Address
   description: The email address object associated with the Account.

diff --git a/Packs/Core/Playbooks/playbook-Impossible_Traveler_README.md b/Packs/Core/Playbooks/playbook-Impossible_Traveler_README.md
@@ -36,24 +36,24 @@ This playbook uses the following sub-playbooks, integrations, and scripts.
 
 ### Sub-playbooks
 
+* Ticket Management - Generic
 * Impossible Traveler - Enrichment
 * Containment Plan
-* Ticket Management - Generic
 
 ### Integrations
 
 This playbook does not use any integrations.
 
 ### Scripts
 
+* CreateArray
 * Set
 * impossibleTravelerGetDistance
-* CreateArray
 
 ### Commands
 
-* closeInvestigation
 * setParentIncidentFields
+* closeInvestigation
 
 ## Playbook Inputs
 

diff --git a/Packs/Core/Playbooks/playbook-Local_Analysis_alert_Investigation.yml b/Packs/Core/Playbooks/playbook-Local_Analysis_alert_Investigation.yml
@@ -2334,6 +2334,56 @@ inputs:
   required: false
   description: Comment for the ticket.
   playbookInputQuery:
+inputSections:
+- inputs:
+  - AutoCloseAlert
+  - ShouldManualReviewFP
+  name: Incident Management
+  description: Incident management settings and data, including escalation processes, and user engagements.
+- inputs:
+  - Query
+  - SHA256
+  - Path
+  name: Enrichment
+  description: Enrichment settings and data, including assets and indicators enrichment using third-party enrichers.
+- inputs:
+  - GraywareAsMalware
+  - ShouldRescanBenign
+  name: Investigation
+  description: Investigation settings and data, including any deep dive incident investigation and verdict determination.
+- inputs:
+  - AutoEradication
+  - AutoContainment
+  - FileRemediation
+  - AutoRecovery
+  name: Remediation
+  description: Remediation settings and data, including containment, eradication, and recovery.
+- inputs:
+  - ShouldOpenTicket
+  - serviceNowShortDescription
+  - serviceNowImpact
+  - serviceNowUrgency
+  - serviceNowSeverity
+  - serviceNowTicketType
+  - serviceNowCategory
+  - serviceNowAssignmentGroup
+  - ZendeskPriority
+  - ZendeskRequester
+  - ZendeskStatus
+  - ZendeskSubject
+  - ZendeskTags
+  - ZendeskType
+  - ZendeskAssigne
+  - ZendeskCollaborators
+  - description
+  - addCommentPerEndpoint
+  - CommentToAdd
+  name: Ticket Management
+  description: Ticket management settings and data.
+outputSections:
+- outputs: []
+  name: General (Outputs group)
+  description: Generic group for outputs
 outputs: []
 tests:
 - No tests (auto formatted)

diff --git a/Packs/Core/Playbooks/playbook-Local_Analysis_alert_Investigation_README.md b/Packs/Core/Playbooks/playbook-Local_Analysis_alert_Investigation_README.md
@@ -41,32 +41,32 @@ This playbook uses the following sub-playbooks, integrations, and scripts.
 
 ### Sub-playbooks
 
-* Eradication Plan
+* Containment Plan
+* Handle False Positive Alerts
 * Ticket Management - Generic
-* Recovery Plan
 * Wildfire Detonate and Analyze File
-* Endpoint Investigation Plan
-* Handle False Positive Alerts
 * Enrichment for Verdict
-* Containment Plan
+* Endpoint Investigation Plan
+* Eradication Plan
+* Recovery Plan
 
 ### Integrations
 
 * CortexCoreIR
 
 ### Scripts
 
-* GetTime
 * UnzipFile
+* GetTime
 
 ### Commands
 
-* setParentIncidentFields
-* internal-wildfire-get-report
+* core-retrieve-file-details
 * closeInvestigation
 * core-report-incorrect-wildfire
+* internal-wildfire-get-report
+* setParentIncidentFields
 * core-retrieve-files
-* core-retrieve-file-details
 
 ## Playbook Inputs
 
@@ -85,7 +85,7 @@ This playbook uses the following sub-playbooks, integrations, and scripts.
 | SHA256 | The SHA256 hash of the file to respond to. Decided by the DT expression wether it's the initiator or the target file SHA256. | alert | Optional |
 | Path | The path of the file to respond to. Decided by the DT expression wether it's the initiator or the target file path. | alert | Optional |
 | Query | The query for searching previous alerts based on the file we want to respond to. Decided by the If-Then-Else expression wether it's the initiator or the target file. | alert | Optional |
-| ShouldOpenTicket | Whether to open a ticket automatically in a ticketing system. \(True/False\). | True | Optional |
+| ShouldOpenTicket | Whether to open a ticket automatically in a ticketing system. \(True/False\). | False | Optional |
 | serviceNowShortDescription | A short description of the ticket. | XSIAM Incident ID - ${parentIncidentFields.incident_id} | Optional |
 | serviceNowImpact | The impact for the new ticket. Leave empty for ServiceNow default impact. |  | Optional |
 | serviceNowUrgency | The urgency of the new ticket. Leave empty for ServiceNow default urgency. |  | Optional |

diff --git a/Packs/Core/Playbooks/playbook-NGFW_Internal_Scan.yml b/Packs/Core/Playbooks/playbook-NGFW_Internal_Scan.yml
@@ -985,6 +985,46 @@ inputs:
   required: false
   description: Comment for the ticket.
   playbookInputQuery:
+inputSections:
+- inputs:
+  - AutoCloseAlert
+  name: Incident Management
+  description: Incident management settings and data, including escalation processes, and user engagements.
+- inputs:
+  - scannerIP
+  name: Investigation
+  description: Investigation settings and data, including any deep dive incident investigation and verdict determination.
+- inputs:
+  - AutoContainment
+  - HostAutoContainment
+  name: Remediation
+  description: Remediation settings and data, including containment, eradication, and recovery.
+- inputs:
+  - ShouldOpenTicket
+  - serviceNowShortDescription
+  - serviceNowImpact
+  - serviceNowUrgency
+  - serviceNowSeverity
+  - serviceNowTicketType
+  - serviceNowCategory
+  - serviceNowAssignmentGroup
+  - ZendeskPriority
+  - ZendeskRequester
+  - ZendeskStatus
+  - ZendeskSubject
+  - ZendeskTags
+  - ZendeskType
+  - ZendeskAssigne
+  - ZendeskCollaborators
+  - description
+  - addCommentPerEndpoint
+  - CommentToAdd
+  name: Ticket Management
+  description: Ticket management settings and data.
+outputSections:
+- outputs: []
+  name: General (Outputs group)
+  description: Generic group for outputs
 outputs: []
 tests:
 - No tests (auto formatted)