demisto · ArikDay · Apr 11, 2024 · Apr 7, 2024 · Apr 7, 2024 · Apr 8, 2024
@@ -240,6 +240,9 @@ tasks:
       username:
         complex:
           root: inputs.username
+      sourceIP:
+        complex:
+          root: inputs.sourceIP
     separatecontext: false
     continueonerrortype: ""
     loop:
@@ -302,6 +305,9 @@ tasks:
       username:
         complex:
           root: inputs.username
+      sourceIP:
+        complex:
+          root: inputs.sourceIP
     separatecontext: false
     continueonerrortype: ""
     loop:

@@ -0,0 +1,6 @@
+
+#### Playbooks
+
+##### Cloud Response - Generic
+
+Added source ip to block for 'Cloud Response - AWS' and 'Cloud Response - Azure' playbooks.
@@ -2,7 +2,7 @@
     "name": "Common Playbooks",
     "description": "Frequently used playbooks pack.",
     "support": "xsoar",
-    "currentVersion": "2.6.28",
+    "currentVersion": "2.6.29",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

@@ -204,6 +204,9 @@ ignore=IF115
 [file:incidentfield-Alert_Source.json]
 ignore=IF100
 
+[file:incidentfield-Alert_Rules.json]
+ignore=IF100
+
 [file:incidentfield-Use_Case_Description.json]
 ignore=IF100
 

@@ -0,0 +1,27 @@
+{
+    "associatedToAll": true,
+    "caseInsensitive": true,
+    "cliName": "alertrules",
+    "closeForm": false,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_alertrules",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "Alert Rules",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "markdown",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.10.0"
+}
@@ -0,0 +1,27 @@
+{
+    "associatedToAll": true,
+    "caseInsensitive": true,
+    "cliName": "cveid",
+    "closeForm": false,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_cveid",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "CVE ID",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "shortText",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.10.0"
+}
@@ -0,0 +1,27 @@
+{
+    "associatedToAll": true,
+    "caseInsensitive": true,
+    "cliName": "cvepublished",
+    "closeForm": false,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_cvepublished",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "CVE Published",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "shortText",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.10.0"
+}
@@ -42,6 +42,7 @@
 	"useAsKpi": false,
 	"validationRegex": "",
 	"version": -1,
-	"fromVersion": "5.0.0"
+	"fromVersion": "5.0.0",
+    "x2_fields": "policy_recommendation"
 }
 
@@ -43,6 +43,7 @@
 	"useAsKpi": false,
 	"validationRegex": "",
 	"version": -1,
-	"fromVersion": "5.0.0"
+	"fromVersion": "5.0.0",
+    "x2_fields": "policy_type"
 }
 
@@ -0,0 +1,26 @@
+{
+    "associatedToAll": true,
+    "caseInsensitive": true,
+    "cliName": "resourceurl",
+    "closeForm": false,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_resourceurl",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "Resource URL",
+    "neverSetAsRequired": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "shortText",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "5.0.0"
+}
@@ -0,0 +1,27 @@
+{
+    "associatedToAll": true,
+    "caseInsensitive": true,
+    "cliName": "useranomalycount",
+    "closeForm": false,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_useranomalycount",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "User Anomaly Count",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "shortText",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.10.0"
+}
@@ -0,0 +1,27 @@
+{
+    "associatedToAll": true,
+    "caseInsensitive": true,
+    "cliName": "vulnerableproduct",
+    "closeForm": false,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_vulnerableproduct",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "Vulnerable Product",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "shortText",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.10.0"
+}
@@ -0,0 +1,11 @@
+
+#### Incident Fields
+
+- **Policy Type**
+- New: **CVE ID**
+- New: **Resource URL**
+- New: **User Anomaly Count**
+- New: **CVE Published**
+- **Policy Recommendation**
+- New: **Vulnerable Product**
+- New: **Alert Rules**
@@ -2,7 +2,7 @@
     "name": "Common Types",
     "description": "This Content Pack will get you up and running in no-time and provide you with the most commonly used incident & indicator fields and types.",
     "support": "xsoar",
-    "currentVersion": "3.4.9",
+    "currentVersion": "3.4.10",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/PrismaCloud/.pack-ignore b/Packs/PrismaCloud/.pack-ignore
@@ -10,6 +10,9 @@ ignore=RM102
 [file:layoutscontainer-AWS_CloudTrail_Misconfiguration.json]
 ignore=BA101
 
+[file:playbook-Prisma_Cloud_-_Network__API_and_Anomaly_Incidents.yml]
+ignore=PB106
+
 [file:layoutscontainer-AWS_EC2_Instance_Misconfiguration.json]
 ignore=BA101
 

diff --git a/Packs/PrismaCloud/LayoutRules/Prisma_Cloud_Network_API_and_Anomaly.json b/Packs/PrismaCloud/LayoutRules/Prisma_Cloud_Network_API_and_Anomaly.json
@@ -0,0 +1,32 @@
+{
+  "rule_id": "Prisma_Cloud_Network_API_and_Anomaly",
+  "layout_id": "Prisma Cloud - Network API and Anomaly Incident Layout",
+  "description": "display for Prisma Cloud Network API and Anomaly alerts.",
+  "rule_name": "Prisma Cloud Network API and Anomaly",
+  "alerts_filter": {
+    "filter": {
+      "AND": [
+        {
+          "OR": [
+            {
+              "SEARCH_FIELD": "policy_type",
+              "SEARCH_TYPE": "EQ",
+              "SEARCH_VALUE": "network"
+            },
+            {
+                "SEARCH_FIELD": "policy_type",
+                "SEARCH_TYPE": "EQ",
+                "SEARCH_VALUE": "api"
+            },
+            {
+                "SEARCH_FIELD": "policy_type",
+                "SEARCH_TYPE": "EQ",
+                "SEARCH_VALUE": "anomaly"
+            }
+          ]
+        }
+      ]
+    }
+  },
+  "fromVersion": "6.10.0"
+}