SplunkPy: use expandtoken in mirroring query #34840

ilappe · 2024-06-13T10:28:19Z

Related Issues

fixes: https://jira-dc.paloaltonetworks.com/browse/XSUP-37814

Description

use the expandtoken in the mirror in query in order to avoid overriding the fields by the "non expanded tokens "

github-actions · 2024-06-13T10:31:18Z

Coverage Report

File	Stmts	Miss	Cover	Missing
Packs/SplunkPy/Integrations/SplunkPy
SplunkPy.py	1454	397	72%	114–115, 153, 155, 180–181, 185–188, 190–191, 195–198, 221, 232, 306, 310–312, 315–318, 345–347, 357, 491, 493, 606–607, 613, 634, 653–655, 657, 728–729, 742–747, 768–769, 771–773, 775, 777, 853–858, 860, 864–865, 1094–1095, 1097, 1116–1117, 1152–1161, 1196–1197, 1199, 1217, 1264–1265, 1267, 1272–1273, 1279, 1282–1283, 1315–1317, 1325, 1387–1389, 1391–1392, 1454, 1486, 1540–1541, 1607, 1638–1640, 1642, 1667–1668, 1672, 1675, 1678–1686, 1689–1690, 1692, 1694–1695, 1725–1727, 1729, 1731–1732, 1734–1738, 1740–1742, 1744, 1752, 1754–1757, 1761–1769, 1771–1772, 1940, 1943, 1946, 1949, 1952–1955, 1957, 1961–1964, 1967, 1969–1974, 1976, 2102, 2130, 2134, 2143, 2153, 2157, 2178, 2180, 2182, 2184, 2204, 2207, 2212–2216, 2224, 2226–2228, 2270, 2298, 2346, 2352, 2356–2361, 2363–2365, 2367–2368, 2370, 2372–2374, 2408, 2416–2418, 2420–2421, 2423, 2434, 2441–2445, 2449, 2451, 2459–2467, 2469, 2471–2474, 2476–2477, 2508–2513, 2521–2524, 2527–2530, 2545–2546, 2548–2553, 2555, 2565, 2569–2570, 2572, 2584, 2605, 2620, 2632, 2639–2641, 2643–2644, 2661–2663, 2686, 2693–2697, 2703–2704, 2712–2713, 2729–2733, 2736, 2738, 2744–2751, 2753–2754, 2756–2757, 2763–2771, 2773–2774, 2780–2781, 2787–2788, 2790–2792, 2794, 2799–2806, 2808, 2813, 2820–2823, 2832–2835, 2839–2842, 2857, 2859–2860, 2862–2863, 2865, 2874, 2878–2885, 2890, 2906–2907, 2914–2917, 2945–2952, 2956–2957, 2959–2964
TOTAL	1454	397	72%

Tests	Skipped	Failures	Errors	Time
192	0 💤	0 ❌	0 🔥	2.828s ⏱️

…pe/XSUP-37814/fix_mirror

* use expandtoken * expand token in mirror * update docker

* adding script * fixing regex * fix * fix * fixes * fixs * edit * fix script * fix script after demo * images * revert * remove files * fixing filename * fixed files names * fix name of files * rremoving links outside github * Implemented bypassing malformed indicators (#34693) * Implemented bypassing malformed indicators (#34657) * Implemented bypassing malformed indicators * Implemented review fixes --------- Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> * Fixed rn --------- Co-authored-by: cyble-dev <101622497+cyble-dev@users.noreply.github.com> Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> Co-authored-by: sberman <sberman@paloaltonetworks.com> * Extract hyperlinks from office files (#34671) * commit * pre commit fixes * rn * bumped by revision * Update Packs/CommonScripts/ReleaseNotes/1_15_5.md Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * Update Packs/CommonScripts/Scripts/ExtractHyperlinksFromOfficeFiles/ExtractHyperlinksFromOfficeFiles.py Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * created a new test file * known words and update docker --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * Container Script Null ExecutedCommands (#34681) * [API Execution Metrics] Added Error Types To The Main Widget (#34676) * init * Update 1_6_0.md * color and new name * Update Packs/CommonDashboards/ReleaseNotes/1_6_0.md * color --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * SentinelOne v2: Fixes sentinelone-disconnect-agent and sentinelone-connect-agent issues. (#34672) * fix: fix issues with sentinelone-disconnect-agent and sentinelone-connect-agent cmds (#34372) * keep AgentsAffected --------- Co-authored-by: chloerongier <150173582+chloerongier@users.noreply.github.com> Co-authored-by: Jacob Levy <129657918+jlevypaloalto@users.noreply.github.com> * Ciac 9706 (#34701) * section updated to advance (#34660) * section updated to advance * sections fixed * added release note * updated rn message * fixed section * MISP V3 Test (#34684) * MISP V3 Test * MISP V3 Test fixes * Update MISPV3.yml * MISP V3 Test add lines to trigger playbook * MISP V3 Test add lines to trigger playbook * Update MISP_V3_Test.yml * fix RNs * bump docker * undo misp changes * undo misp changes --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * Changes related to the Vectra XDR release 1.0.5 (#34700) (#34702) Co-authored-by: Crest Data <60967033+crestdatasystems@users.noreply.github.com> Co-authored-by: crestdatasystems <crestdatasystems@users.noreply.github.com> * Fix for 'Identity Analytics - Alert Handling' playbook (#34696) * mapping rule output for the 'Number Of Found Related Alerts' alert field needs to be changed from 'NumOfRelatedAlerts' to '${NumOfRelatedAlerts}'. * RN * Bump pack from version Core to 3.0.34. * re-added the inputSections of the playbook --------- Co-authored-by: Tal <tcarmeli@paloaltonetworks.com> Co-authored-by: Content Bot <bot@demisto.com> * Adding Armis logos for the XSIAM ingestion dashboard (#34117) (#34704) * adding dashboard icons * adding dashboard icons * updating version for dashboard icons * updating version for dashboard icons Co-authored-by: paulusaltus <tallpaul88@gmail.com> * Fix Incapsula authorization error (#34706) * Added headers * fix * imperva * revert * RN * RN * validate fixes * Microsoft defender rebranding (#34692) * Microsoft Defender XDR rebranding * RN * docker * keywords * format * fixed img * revert form version * update img * add svg * 9835 GitHub feed (#33735) * squash * add testes * fix file name * fix tests bug * add tests * commit * Revert "commit" This reverts commit cb7451d18b9edfcc3b809b991ace461ab73c92ce. * delete unused func * CR fix issues * split yara rules with plyara lib * CR issues * add secrets-ignore * commit * secrets-ignore * fix raw yara layout * commit * change readme * cr issues * Treatment of the first commit in the repository * CR issues * typing issue * commit * doc review issues * type fix * undo commit * delate rubbish * add tags * commit * commit * add test * empty commit * Empty-Commit * test changes * rename * rename fix * cr issues * validations issues * arrange secrets * testes --------- Co-authored-by: YuvHayun <yhayun@paloaltonetworks.com> * Remove nightly ok workflow (#34714) * Implementation of outgoing mirroring (#34703) * Implementation of outgoing mirroring (#34353) * outgoing mapping init * additional properties in mappers * set up mirroring parameters correctly (outgoing) * implement outgoing mirroring * fix close test * add tests for outgoing update * release notes * fix release notes * brecking changes release notes * remove unnecessary fields in outgoing mapper * Update Packs/VaronisSaaS/ReleaseNotes/1_0_6.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/VaronisSaaS/ReleaseNotes/1_0_6.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/VaronisSaaS/ReleaseNotes/1_0_6.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/VaronisSaaS/ReleaseNotes/1_0_6.json Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> * Update Packs/VaronisSaaS/IncidentFields/incidentfield-Varonis_SaaS_Close_Reason.json Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> * mirroring close action in xsoar on varonis close alert * Added post processing script to set the alert status to closed when an incident is closed. * Update Packs/VaronisSaaS/Integrations/VaronisSaaS/VaronisSaaS.py Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/VaronisSaaS/ReleaseNotes/1_0_6.json Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/VaronisSaaS/Scripts/varonis_alert_post_processing/README.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/VaronisSaaS/Scripts/varonis_alert_post_processing/README.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/VaronisSaaS/ReleaseNotes/1_0_6.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * fix issue with script naming * fix release notes * fix release notes * remove description file for script * remove exception catching from main * update read me file for Integration * Update Packs/VaronisSaaS/Integrations/VaronisSaaS/README.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/VaronisSaaS/Integrations/VaronisSaaS/README.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/VaronisSaaS/Integrations/VaronisSaaS/README.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> --------- Co-authored-by: bdudnyk-varonis <145133825+bdudnyk-varonis@users.noreply.github.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> * RN --------- Co-authored-by: vkorenkov-varonis <99330808+vkorenkov-varonis@users.noreply.github.com> Co-authored-by: bdudnyk-varonis <145133825+bdudnyk-varonis@users.noreply.github.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> * updated the docker image (#34725) * Joe-submission-info command Update (#34694) * Changed submission info to have a required argument * updated release notes * updated README * added bc note * added bc * Fix duo-get-events command (#34734) * rename push_events param * update RN * update RN * update docker * SymantecCloudSOC: fix date format error (#34640) * fix fromat error * fix date format issue * fix pre commit * Update Packs/SymantecCloudSOC/ReleaseNotes/1_0_8.md Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com> --------- Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com> * MicrosoftDefnderForCloud: update documentation (#34724) * update documentation * update RN * CR changes * Get list row (#34652) * removed new lines at the end causing index exception * removed un related file * improved the test * update release notes * update release notes * Bump pack from version CommonScripts to 1.15.5. * Bump pack from version CommonScripts to 1.15.6. * update release notes and bump docker * commit * test desc * changed the folder name to fit our conventions * change name * change name * change name * change name --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Koby Meir <kobymeir@users.noreply.github.com> * Qradar delete and cancel searches (#34443) * add search delete command * add search cancel command * cancel query when polling almost get timeout * add cancel search to fetch * RN * Apply suggestions from code review Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * RN * docker * remove unnecessary debug logs --------- Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * Infoblox Update (#34730) * Updated the ParsingRules * Updated ReleaseNotes * Updated ReleaseNotes * Fix unittest in CommonServerPython script (#34653) * fix CSP test --------- Co-authored-by: kobymeir <kmeir@paloaltonetworks.com> * XSUP 37940 aruba clearpass (#34732) * Updated dataset name * Updated ReleaseNotes * Updated ReleaseNotes * Updated HPEArubaClearPass_schema * Updated HPEArubaClearPass_schema * [Azure Log Analytics] Add High GCC support (#34667) * Add `Azure Cloud` parameter * Add `Server URL` parameter * Add get_azure_cloud argument in Client * pre-commit * Build base_url arg using azure_cloud * Update test file * Update test file * Fix suffix string * Update RN * format * Add know words * [CortexXpanse] - New Xpanse Feed (#34709) (#34755) * init * before removing range * more stuff * starting unit tests * unit tests * final touches * set defaults * RN * fix val * update RN * updates * Apply suggestions from code review * Apply suggestions from code review * bump ver and lint --------- Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> * Update clean_stale_branches.yml (#34759) * [Integration] - Mattermost V2 (#32423) * Initial commands * Added websocket support * handle threads and dm * cosmetic changes * ADDING WEBHOOK TO INTEGRATION * tests and docs * yml * added test and docs * small changes before demo * more changes after demo * added coverage * rename mattermost * rename mattermost * rename test playbook + tests * delete dup files * cr and small changes * cr * cr * cr * readme * doc review + small fixes * Added support for script MattermostAskUser * rn * doc review * tpb * script testplaybook * docs * readme * small changes * fix test * Apply suggestions from doc review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Apply suggestions from doc review - yml file Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * updated docker image, cr * added tpb to skipped, cr, pre commit * rn * updated scripr args, coverage * debug logs and pre commit * add support for xsoar_on_prem only --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * MITRE ATT&CK - Save intrusion-sets as threat-actor indicators parameter (#34598) * Threat-actor update * RN * small fix * RN * RN * Update Packs/FeedMitreAttackv2/ReleaseNotes/1_1_38.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update FeedMitreAttackv2.yml --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * add isFetchSamples to slack v3 (#34758) * add isFetchSamples to slack v3 * rn * Update XSOAR Engineer Training Docker Image (#34745) * Update XSOAR Engineer Training Docker Image * revert changes * bump docker image * rm release notes * readd 1_0_1 * update rn * fix docker image in rn * Fixed links to graphics (#34762) Graphics were not appearing. Fixed links to graphics. Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> * Support multiple drilldown searches response (#34327) * handled more than one drilldown search * Change the Submitted condition * Edited handle submitted notables * Edited SplunkShowDrilldown script * Fixed the to_incident function to keep BC * Present Results by Search Query * limit results table to a const * Use time frame of multiple drilldowns * added query name to the context and layout * added query name to the layout * Changed comment wordings * Removed unnecessary function * removed unnecessary loop * parse query name * Improved layout * Comments Improvements * Added docs * Added the RN file * fix comment * Updated the docker image * pre-commit changes * Fixed too long lines * Fixed timeframe test * Improve readme reference * fixed drilldown_enrichment function * Fixed drilldown_enrichment function for unsuccessful enrichments * Fixed RN * pre commit fixes * Removed unnecessary debug message * failed_to_submit condition change * added unit tests * Added Unit Tests * pre commit fixes * pre commit fixes * pre comit more fixes * pre commit more fixes * Added unit tests for SplunkShowDrilldown script * pre commit fixes * Fixed the Submitted condition * Improved logs * pre commit fixes * fixed explanation * Added info level log * Pre commit fixes * Improved the call to parse a query name * Update Packs/SplunkPy/Integrations/SplunkPy/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SplunkPy/Integrations/SplunkPy/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SplunkPy/Integrations/SplunkPy/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SplunkPy/Integrations/SplunkPy/SplunkPy_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SplunkPy/Integrations/SplunkPy/SplunkPy_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SplunkPy/Integrations/SplunkPy/SplunkPy_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SplunkPy/ReleaseNotes/3_1_28.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Edited the description of 'Number of Events Per Enrichment Type' param * change info level to error level * Changed the structure of the drilldown search results * Pre-commit fixes * Update Packs/SplunkPy/Integrations/SplunkPy/README.md Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * Update Packs/SplunkPy/Integrations/SplunkPy/README.md Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * Update Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.py Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * Removed temp const * Added BC json to the RN * Added ids to the unit tests --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * fix pyEWS TPB (#34742) * fix pwEWS TPB * fix timeout * conf * not parallel * [Marketplace Contribution] Akamai WAF - Content Pack Update (#34474) (#34766) * "contribution update to pack 'Akamai WAF'" * Update Akamai_WAF.py * Update Akamai_WAF.py * Update Akamai_WAF.py * Update Akamai_WAF.py * Update Akamai_WAF.py 1. Revert the deletion of the demisto.debug() statements. 2. Revert the following change. > - entry_context = [] - human_readable = [] * fixed a duplication in the README * Update Packs/Akamai_WAF/Integrations/Akamai_WAF/Akamai_WAF.yml * Update Packs/Akamai_WAF/Integrations/Akamai_WAF/README.md * Update Packs/Akamai_WAF/ReleaseNotes/2_0_11.md * unit tests * pre-commit updates --------- Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: davistonehub <111578758+davistonehub@users.noreply.github.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Implement support for other regions (#34774) (#34782) Co-authored-by: Christian Gutierrez <christiang@checkpoint.com> * VMware ESXi Parsing Update (#34763) * Updated ParsingRules * Updated ParsingRules * reverted Infoblox * Updated ReleaseNotes * Updated ReleaseNotes * Get Original Email - EWS v2 - test - fix (#34756) * fix tpb * not parallel * Fixes For 'IOC Alert' XSIAM Playbook (#34747) * Fixes For 'IOC Alert' XSIAM Playbook * RN * revert changes of task 83 * Changed the theme in the playbook picture to white. * add: update octoxlabs (#34645) * add: update octoxlabs (#34532) * add: update octoxlabs * add: new commands in release notes * change: dockerfile version --------- Co-authored-by: Kobbi Gal <85439776+kgal-pan@users.noreply.github.com> * Testing with master sdk * Testing with master sdk * Revert changes * revert poetry.lock --------- Co-authored-by: ogulcanhero <99717065+ogulcanhero@users.noreply.github.com> Co-authored-by: Kobbi Gal <85439776+kgal-pan@users.noreply.github.com> Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> Co-authored-by: sberman <sberman@paloaltonetworks.com> * CS Falcon - Reopen incident statuses (#34675) * added an option to choose in which statuses to reopen the incident * added reopen statuses to the rest of the incident types * unit tests update, reopened statuses update in the code, RN * pre-commit updates * unit tests * more unit tests and an update to get_remote_idp_or_mobile_detection_data * fixed yml * updated docker image * cr updates * more debug logs * Fix for 'Identity Analytics - Alert Handling' XSIAM playbook (#34777) * Fix for 'Identity Analytics - Alert Handling' XSIAM playbook * RN * Bump pack from version Core to 3.0.36. --------- Co-authored-by: Content Bot <bot@demisto.com> * Skip sending Slack Notifications for Tests (#34788) * Add Conditional for Slack Notifications * fix conditional * simplify title prefix * Bump core packs versions (#34804) * bump core packs versions * resolve conflict * empty-commit * Deprecate O365 Defender SafeLinks - Single User (#34729) * Deprecate O365 Defender SafeLinks - Single User * fix display * RN * Fix RN * back adopt_pack and checkout_contribution scripts (#34796) * back adopt_pack and checkout_contribution scripts * add contribution folder for contribution utilities * added deprecated comment * Update contribution/README.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * comment correction * fix pre commit --------- Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * [API Execution Metrics] Add Main Widget & Remove Integration Widgets (#34691) * init * init * init * rn * EWSO365 * category email * category email * revert rn * Update Packs/CommonDashboards/ReleaseNotes/1_7_0.md Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * rn and histogram * Bump pack from version CommonDashboards to 1.7.0. * Update Packs/CommonDashboards/ReleaseNotes/1_7_0.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Modeling & parsing rules were added, readme was updated as well (#34784) * Modeling & parsing rules were added, readme was updated as well * Modeling & parsing rules were added * update release notes * update release notes * update to versions in yml files * Update HuaweiNetworkDevices * ```bash * update relase notes --------- Co-authored-by: Eido Epstain <eepstain@paloaltonetworks.com> * Fix links to graphics in Pack Readme (#34783) * Fix links to graphics in Pack Readme * Fixed validate --------- Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> Co-authored-by: sberman <sberman@paloaltonetworks.com> * Print to incident and other alert's waroom (#34765) * Added both scripts * Added README * Updated YML * pre-commit * RNs * pack-ignore * Added docstrings * Changed fromversion * Bump pack from version CommonScripts to 1.15.8. * CR fixes * Docker upgrade * Added marketplaces * Updated pack-ignore * Updated RNs * Dummy change * Revert dummy change --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Jasmine Beilin <71636766+JasBeilin@users.noreply.github.com> * [QRadar v3] Metrics (#34485) * init * finally * RN * dashboard and widget * fix * revert * pre-commit * Update Packs/QRadar/pack_metadata.json * rn and readme * Update Packs/QRadar/Integrations/QRadar_v3/README.md * Apply suggestions from code review Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * MyToDoTasksWidget: fix broken link (#34768) * fix broken link * Bump pack from version CommonWidgets to 1.2.51. * Update Packs/CommonWidgets/ReleaseNotes/1_2_51.md Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com> --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com> * New Integration: Chronicle Streaming API (#34593) (#34813) * New Integration: Chronicle Streaming API * Resolving the PR comments and handled the scenario when continuous time coming from integration context is older for the API --------- Co-authored-by: Crest Data <60967033+crestdatasystems@users.noreply.github.com> Co-authored-by: crestdatasystems <crestdatasystems@users.noreply.github.com> Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> * special_lucin_char_indicators_from_cache (#34818) * special_lucin_char_indicators_from_cache * added some tests * commit * RN * test formating * Update Packs/CommonScripts/ReleaseNotes/1_15_9.md Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com> --------- Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com> * added validations to validation_config file (#34832) * del README blank lines (#34772) (#34830) Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> * [MS teams] update URLs (#34833) * update * update docker * Change Forescout Pack Name (#34829) * Change Forescout Pack Name * add rn * fix rn * fix (#34834) * deprecate (#34839) * removed extra args from readmem (#34828) * removed extra args from readmem * updated do * added rn * reverted do * updated do * added rn * PAN-OS Correlation Logs (#34388) * init * remote changes * remove .keys() * complete filter * update last_run complete * added typing * refactor * notations * refactor * stub tests * first tests * more tests * done(?) * unit-test complete * added logs * fix entries * add incident types * RN * removed system=true for incidents * Update 2_1_28.md * Bump pack from version PAN-OS to 2.1.29. * fix build issues * refactor * refactor * temp * working * pre-commit issues fixed --------- Co-authored-by: Content Bot <bot@demisto.com> * [CoretxXDRIR] edited the tooltip (#34838) * edited the tooltip * rn * readme * removing RM106 * [Azure Log Analytics] Update README.md (#34761) * Update README.md * pre-commit * checkout `.github/workflows/clean_stale_branches.yml` from origin * Update README.md (#34858) (#34861) Changed “Servers & Services” to “Instances” and added opening quotation marks to two examples that were missing them. Co-authored-by: rcookpalo <88800249+rcookpalo@users.noreply.github.com> * add parameter to Microsoft defender cloud apps event collector (#34764) * add support for event types * RN * add param to README.md * improve code * docs * Update Packs/MicrosoftCloudAppSecurity/ReleaseNotes/2_1_63.md Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * version * naming and remove condition * pre commit * clarify filters * Update Packs/MicrosoftCloudAppSecurity/Integrations/MicrosoftDefenderEventCollector/MicrosoftDefenderEventCollector.py Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * not required --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * added before query param to Armis event collector (#34738) * added before query param toarmis event collector * cr fixes * fixes * test fix * testings * pre-commit fixes * pre-commit fixes * update default time * Update Packs/Armis/ReleaseNotes/1_1_15.md Co-authored-by: Judah Schwartz <JudahSchwartz@users.noreply.github.com> * cr fixes --------- Co-authored-by: Judah Schwartz <JudahSchwartz@users.noreply.github.com> * Adding AdoptionMetricts script to CommonDashboard (#34538) * fixing bug artifacts from XDR missing * adding rl * add rl * remove debugging * fix default val * fix * Bump pack from version CortexXDR to 6.1.35. * Bump pack from version CortexXDR to 6.1.36. * Bump pack from version CortexXDR to 6.1.37. * cr * cr fix default values in functions * fix error * Update Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR.py Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> * fix default * fix docker * fix tests * fix default * conflict fixes * pre-commit fixes * Adding AdoptionMetricts script to CommonDashboard * fixing dirty commit * fixing tests * fix folder name * Bump pack from version CommonDashboards to 1.5.1. * Bump pack from version CommonDashboards to 1.6.1. * check * fim RM114 * adding note * check if adding rn113 helps * Bump pack from version CommonDashboards to 1.6.2. * fixing doocker * RN114 --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> * Removed username display in the configuration form and kept API key(password) (#34831) * Removed username display in the configuration form and kept API key(password) (#34748) * Removed username display in the configuration form and kept just the API key(password). * Updated SafeBreach Pack/Integration readme and release notes. * Formatting and Dockerimage update for the SafeBreach integration * Update SafeBreach.yml * Update 1_4_3.md --------- Co-authored-by: Devang Mungara <76464285+devang-metron@users.noreply.github.com> Co-authored-by: Jacob Levy <129657918+jlevypaloalto@users.noreply.github.com> * Remove redundant password. (#34846) * Remove redundant password. * RN. Format yml. version update. * RN * pre-commit changes * Update Packs/AWS-SNS/ReleaseNotes/1_0_16.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update README file --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Move misplaced files (InvalidDepthOneFile) (#34845) * move file * fixes * more fixes * remvoe from config * Cyberark epm add instance param (#34864) * Added instance param * RN * default to false * Fix mypy errors * docs review * Add ut * MITRE IDs pack - update scripts dir name (#34817) * update dir names * update RN * New XSIAM Dashboards/Reports (#34686) * init * remove images * add readmes * remove unneeded files * Update Packs/XSIAMCompliance_ISO_27001/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/XSIAMCompliance_GDPR/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: cweltPA <129675344+cweltPA@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Removed duplicate xdrc section form readme, and removed wrong reference to NPS in the readme (#34865) * fix arcsight image (#34867) * fix arcsight image * bump * autopep8 * image size * MapRangeValues - XSUP 38471 (#34863) * fixed the issue * added a unit test case * int(f_value) * removed and updated debug logs * rn update * removed script_info.txt creation (#34880) * Extract hyperlinks pptx issue (#34876) * added pptx test * added functionality for grouped shaped parsing * RN * RN * RN * dissable error * Mimecast integration ciac 9090 (#34386) * add oauth2 * add command mimecast-get-archive-search-logs * add command mimecast-get-search-logs * add arg_to_datetime * add mimecast-get-view-logs * add command mimecast-list-account * pre commit * add command mimecast-create-block-sender-policy * add command mimecast-update-block-sender-policy * add command mimecast-list-policies * mimecast-list-policies * fix get_policy_request() * add command mimecast-create-antispoofing-bypass-policy * add command mimecast-update-antispoofing-bypass-policy * add command mimecast-create-webwhiteurl-policy * add command mimecast-update-webwhiteurl-policies * add command mimecast-create-address-alteration-policy * add command * policyType to not required * fit type address-alteration * change for debug * fix mimecast-get-search-logs * add argument to mimecast_create_webwhiteurl_policy_command * add # default value * fix get_policy * fix delete_policy_request * add UT * fix mane fn * add space * fix conditions * format * fix updating_token_oauth2 * boolean * add readable output for list policies * fix pagination * space * fix conditions * webwhiteurl delete from YML * README * UT * add to readme * query_xml to query * delete get_archive_search_logs_request * fix pagination * add UT * mimecast-get-policy add description * add outputs to yml * delete print * add to description.md * delete print * fix description in yml * add command examples * add command examples * add command examples * fix description.md * remove checkbox use_oauth2 * relative time support * add command to readme * fix after demo * cr fix * update Existing commands in readme * command_examples * pagination * Merger request_with_pagination_api2 with request_with_pagination * ut * request_with_pagination * fix get_archive_search_logs_command * fix get_archive_search_logs_command * fix for build * add UT * add UT and fix pre commit * add release notes * add release notes * update docker * update ReleaseNotes * update ReleaseNotes * fix for build * add TestPlaybooks * add UT * Merge branch 'master' of github.com:demisto/content into mimecast-integration-ciac-9090 * DR * fix ReleaseNotes * add test playbook * add readme * fix outputs in yml * test playbook * Merge branch master of github.com:demisto/content into mimecast-integration-ciac-9090 * Mimecast Test api 2.0 * Merge branch master of github.com:demisto/content into mimecast-integration-ciac-9090 * Deleting an unnecessary title * merge * fix outputs * add instance_names to conf.json * add instance_names to conf.json * fix README * update docker * add outputs_prefix * add description to mimecast-delete-policy * add instance_names * Merge branch 'master' of github.com:demisto/content into mimecast-integration-ciac-9090 * fix instance_names * fix playbook * format TestPlaybooks * add log * add log * fix CLIENT_SECRET * add UT * format * replace json to md * CLIENT_ID to str * client_secret to str * UT * instance_names rename * update conf.json instance_names * fix test playbook * added a raise message to the test module * fix ci * format * recovery ci * fix CLIENT_SECRET * test_module return 'ok' * fromversion test playbook * Return to operation test_module * update instance_names * format * update docker * CS Falcon -readme update (#34881) * readme update * fixed IN101 * pre-commit updates * added RN * updated docker image * fixed pre-commit autopep8 malformed packs (#34884) * fixed autopep8 * update rn * update rn * update rn * Update Packs/SuspiciousDomainHunting/ReleaseNotes/1_0_2.md Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * YARA script - create relationships for YARA indicators (#34799) * YARA relationships * RN * RN * ignore words * Small fix in yml * docstrings * RN * RN * [ASM] Adding Slack Messages (#34827) (#34883) * update slack pack * CASM changed * update screenshot link * RN * skip if unavailable * slack RN * Apply suggestions from code review * add XSIAM ver * fix validations * update slack RN * pack README typo * update playbook README --------- Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * save artifacts (#34886) * Prisma logo update (#34512) * Update images to match branding * Move GitHub workflow scripts (#34887) * move check_if_needs_to_fill_contribution_form script to under the .github folder * delete check_if_needs_to_fill_contribution_form.py script from Utils/github_workflow_scripts/ folder * move check_if_partner_approved_label_exists script to .github folder with its test file * delete check_if_partner_approved_label_exists script from Utils folder * move check_protected_directories script to github folder * delete check_protected_directories script from Utils folder * move create_internal_pr to github folder * delete create_internal_pr from Utils folder * move handle_external_pr script to github folder * delete handle_external_pr script from Utils folder and fix UT for check_if_partner_approved_label_test * delete test_data from Utils folder * move parse_junit_per_pack to github folder * move request_contributor_review to github folder and delete it from Utils folder with parse_junit_per_pack script * move run_secrets_detection_get_playbook_status script to github and delete it from Utils folder * move run_secrets_detection to github folder and delete it from Utils folder * move send_slack_message to github folder and delete it from Utils folder * move sync_contrib_base to github folder and delete it from Utils folder * move utils_test to github and delete it from Utils folder * move all scripts under Utils/github_workflow_github folder * fix * fix * Update FireEyeNX.py (#34889) * Update FireEyeNX.py * reproduce issue with test + rns * after fix * change access to response (#34877) * change access to response * return a dict * fix bug * RN * fix UTs * change RN * change RN * RN for packages dependent on the modified API module CoreIRApiModule * DO * Update Docker Image To demisto/boto3py3 (#34904) * Updated Metadata Of Pack SecurityIntelligenceServicesFeed * Added release notes to pack SecurityIntelligenceServicesFeed * Packs/SecurityIntelligenceServicesFeed/Integrations/SecurityIntelligenceServicesFeed/SecurityIntelligenceServicesFeed.yml Docker image update * Updated Metadata Of Pack AWS-SecurityLake * Added release notes to pack AWS-SecurityLake * Packs/AWS-SecurityLake/Integrations/AWSSecurityLake/AWSSecurityLake.yml Docker image update * Updated Metadata Of Pack AWS-AccessAnalyzer * Added release notes to pack AWS-AccessAnalyzer * Packs/AWS-AccessAnalyzer/Integrations/AWS-AccessAnalyzer/AWS-AccessAnalyzer.yml Docker image update * Updated Metadata Of Pack AWS-IAMIdentityCenter * Added release notes to pack AWS-IAMIdentityCenter * Packs/AWS-IAMIdentityCenter/Integrations/AWSIAMIdentityCenter/AWSIAMIdentityCenter.yml Docker image update * Updated Metadata Of Pack AWS-GuardDuty * Added release notes to pack AWS-GuardDuty * Packs/AWS-GuardDuty/Integrations/AWSGuardDutyEventCollector/AWSGuardDutyEventCollector.yml Docker image update * Packs/AWS-GuardDuty/Integrations/AWSGuardDuty/AWSGuardDuty.yml Docker image update * Updated Metadata Of Pack AWS-EKS * Added release notes to pack AWS-EKS * Packs/AWS-EKS/Integrations/AWSEKS/AWSEKS.yml Docker image update * Updated Metadata Of Pack AWS-SecurityHub * Added release notes to pack AWS-SecurityHub * Packs/AWS-SecurityHub/Integrations/AWSSecurityHubEventCollector/AWSSecurityHubEventCollector.yml Docker image update * Updated Metadata Of Pack Aws-SecretsManager * Added release notes to pack Aws-SecretsManager * Packs/Aws-SecretsManager/Integrations/AwsSecretsManager/AwsSecretsManager.yml Docker image update * Updated Metadata Of Pack AWS-CloudTrail * Added release notes to pack AWS-CloudTrail * Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.yml Docker image update * Update Docker Image To demisto/accessdata (#34905) * Updated Metadata Of Pack Exterro * Added release notes to pack Exterro * Packs/Exterro/Integrations/Exterro/Exterro.yml Docker image update * fix contribution workflow scripts (#34909) * skipping autopep8 on nightlies (#34903) * Replace links so they link to master (#34906) * add EV2 core packs (#34147) (#34217) Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: anas-yousef <44998563+anas-yousef@users.noreply.github.com> * ReadPDFFileV2 open in binary mode (#34908) * Added fix * Added RNs * Updated docker image * Fixed RNs * SentinelOne V2- 3.2.25 - Updating Mappers (#34619) (#34911) * Updated the mappers and incient fields and type * enable the labels on mapper * Updating the mappers, layout * Adding related incidents tab * Updated release notes * Updated the layout * Updated the layout by adding the move command * Review comment fixes * Bumped version * Fixed new review comments * Fixed new review comments * Fixed new review comments * Fixed new review comments * demo review comment fixes * pre-commit fix * review comment fixes --------- Co-authored-by: munna-metron <82433049+munna-metron@users.noreply.github.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * CommonServerPython: truncate `return_error` messages (#34823) * return_error_message * pre commit * CR * RN * CR * ignore * move constant * pre commit * add verbose * revert to master * Fix image routing (#34837) * Fix image routing * add Yara pack to dependence * add release notes * add release notes * . * . * moved lo107 to warning (#34918) * adding a fix to parsing_user_query (#34816) * adding a fix to parsing_user_query * RL + change to *attribute_timestamp* * removing log * Update Packs/FeedMISP/ReleaseNotes/1_0_33.md Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * add test * fix docker * add docstring * fix tests * cr fix --------- Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * update to lates exchangelib version in ewsv2, remove pwsh (#34630) * checking docker 5.0.3 * fix find folders * added else, catch all exception in tree * extra thing * run w latest image * remove extra except block * Update Packs/MicrosoftExchangeOnPremise/ReleaseNotes/2_1_7.md * Update Packs/MicrosoftExchangeOnPremise/ReleaseNotes/2_1_7.md * Update Packs/MicrosoftExchangeOnPremise/ReleaseNotes/2_1_7.md * image * lint * demisto/py-ews:5.4.1.98082 * try old image * Revert "try old image" This reverts commit 23c86eada767c6906a81399961d8e49f7e115e94. * remove some to test * Revert "remove some to test" This reverts commit 9638f86197a642453771abc1442ba8cd85f81f1a. --------- Co-authored-by: Judah Schwartz <juschwartz@paloaltonetworks.com> Co-authored-by: Judah Schwartz <JudahSchwartz@users.noreply.github.com> * fixed an issue where test-module failed with oauth process. (#34871) * fixed an issue where test-module failed with oauth process. * reverted * revert service now * added handling to servicenow test module * added rn * edit * edit * added rn * Update Packs/CommonScripts/ReleaseNotes/1_15_12.md --------- Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com> * [Native Image] Update Candidate To `py3-native:8.6.0.98251` (#34767) * update * Update Tests/docker_native_image_config.json * Update Tests/docker_native_image_config.json * Update Tests/docker_native_image_config.json * infra * Update Tests/docker_native_image_config.json * Update .gitlab/ci/.gitlab-ci.yml * Update .gitlab/ci/.gitlab-ci.yml * Update base author image (#34879) * Update base author image * fix images * remove redundant images * Cisco webex update authentication call to use body instead of url params (#34912) * cisco webex rename integration context * change the access token to body * add ut and rn * fix import * fix ut * docker * fix RN * SplunkPy: use expandtoken in mirroring query (#34840) * use expandtoken * expand token in mirror * update docker * [sane-pdf-reports] - assign markdown server port automatically (#34931) * [sane-pdf-reports] - assign markdown server port automatically * bump rn * rollback changes * log on which port markdown server started * pragma cover * run time error * pragma * fix test * Joe security bug (#34892) * added logs * reverted yml * edit * fix * added rn * updated do * edit * added log * added log * log rewrite --------- Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * Digital guardian Bug (#34920) * fixed parsing events from api * fix * added rn * fix * fix * fixes * fixes * added rn * updated do * pre-commit edits * Update Packs/DigitalGuardian/ReleaseNotes/1_1_5.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DigitalGuardian/ReleaseNotes/1_1_5.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fixes * made a change for the unit test * edit * added fixes for unittests * fixed do --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * poetry files (#34926) Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: israelpoli <72099621+israelpoli@users.noreply.github.com> * Ys add 'get-machine-by-ip- command (#34814) * Added new command * enhance endpoint command * Readme * release notes * pre commit * pre commit * fix yml * format * rn * remove the dev * Build * fix yml * fix yml * generate docs * test description * readme * little fixes * fixes * fixes * fixes * code review fixes * fix yml * format * remove the dev * fix yml * fixes * / * code review fixes * change command's name * more fixes * add documentation * more code review fixes * more fixes * Update Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py * added 'Dev' to name of integration * / * pre commit * Build effort * release notes * rebuild * fix --------- Co-authored-by: Jasmine Beilin <71636766+JasBeilin@users.noreply.github.com> Co-authored-by: yrosenberg <yrosenberg@paloaltonetworks.com> * Added backslashes handling to drilldown enrichment (#34811) * Added backslashes handling to drilldown enrichment * Added comment + pre commit fixes * Fixed unit test * Added a test * fix test * Handled splunk variables that were surrounded by quotation marks in the original query * precommit fixes * Added RN file * Fixed Typo * Removed redundant logs * Removed unnecessary logs * Delete unnecessary variable * delete RN file * Update the RN files * Removed reference of checkpoint from readme file (#34964) * Fixed an issue where test button failed with un informative error. (#34967) * Fixed an issue where test button failed with un informative error. * Bumped the docker image * PrintToParentIncident skip name change (#34979) * Added skip * pack-ignore * BC * Update Packs/CommonScripts/ReleaseNotes/1_15_13.json Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * Moved to known words * Update Packs/CommonScripts/ReleaseNotes/1_15_13.md Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * Fixed RNs --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * [CSP] Fixed issue uploading large files (#34921) * [CSP] Fixed issue uploading large files * Add 'if files' * Replace from BaseClient to generic_http_request * Update Packs/Base/ReleaseNotes/1_34_14.md Co-authored-by: tkatzir <tkatzir@paloaltonetworks.com> * Update Packs/Base/Scripts/CommonServerPython/CommonServerPython.py Co-authored-by: Binat Ziser <89336697+bziser@users.noreply.github.com> * Update 1_34_14.md --------- Co-authored-by: tkatzir <tkatzir@paloaltonetworks.com> Co-authored-by: Binat Ziser <89336697+bziser@users.noreply.github.com> * delete tpb (#34990) * O365 Security and Compliance Auth Fix (#34896) * Fixed an issue where the authentication would use a deprecated app id * Fix alert regression in create email html body script (#34966) * fix attached email decode * CreateEmailHtmlBody add support for alert in XSIAM * fix script * RN * Cr fixes * FIX * revert * doc fixes * conflicts * [Xsup 38544 ] DisplayHTMLWithImages no default color for background (#34985) * added white background-color * docker and rn * Fix proofpoint widget (#34983) * proofpoint tap most attcked users widget * proofpoint tap top clickers widget fix * added a main function * RN * autopep8 * bumped the docker image * RN * commit * fine tune * pre commit fixes * Use `demisto/py3-tools` instead of `demisto/fastapi` for Pydantic (#34255) * pydantic image and fixes * use prod image * RN * RN * RN * bump api-dependent images * bump pydantic: BoxEventsCollector * add type hint * fix * bump minor versions * fix dict * add trailing period * Bump pack from version Mimecast to 2.4.0. --------- Co-authored-by: Content Bot <bot@demisto.com> * add more images * fix dile name * change name * change name --------- Co-authored-by: content-bot <55035720+content-bot@users.noreply.github.com> Co-authored-by: cyble-dev <101622497+cyble-dev@users.noreply.github.com> Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> Co-authored-by: sberman <sberman@paloaltonetworks.com> Co-authored-by: omerKarkKatz <95565843+omerKarkKatz@users.noreply.github.com> Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> Co-authored-by: tkatzir <tkatzir@paloaltonetworks.com> Co-authored-by: Shmuel Kroizer <69422117+shmuel44@users.noreply.github.com> Co-authored-by: chloerongier <150173582+chloerongier@users.noreply.github.com> Co-authored-by: Jacob Levy <129657918+jlevypaloalto@users.noreply.github.com> Co-authored-by: Edi Katsenelson <85438368+edik24@users.noreply.github.com> Co-authored-by: yedidyacohenpalo <162107504+yedidyacohenpalo@users.noreply.github.com> Co-authored-by: Sapir Shuker <49246861+sapirshuker@users.noreply.github.com> Co-authored-by: Crest Data <60967033+crestdatasystems@users.noreply.github.com> Co-authored-by: crestdatasystems <crestdatasystems@users.noreply.github.com> Co-authored-by: TalNos <112805149+TalNos@users.noreply.github.com> Co-authored-by: Tal <tcarmeli@paloaltonetworks.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: paulusaltus <tallpaul88@gmail.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: azonenfeld <117573492+aaron1535@users.noreply.github.com> Co-authored-by: YuvHayun <yhayun@paloaltonetworks.com> Co-authored-by: vkorenkov-varonis <99330808+vkorenkov-varonis@users.noreply.github.com> Co-authored-by: bdudnyk-varonis <145133825+bdudnyk-varonis@users.noreply.github.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> Co-authored-by: Israel Lappe <79846863+ilappe@users.noreply.github.com> Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com> Co-authored-by: Koby Meir <kobymeir@users.noreply.github.com> Co-authored-by: JudithB <132264628+jbabazadeh@users.noreply.github.com> Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> Co-authored-by: eepstain <116078117+eepstain@users.noreply.github.com> Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com> Co-authored-by: kobymeir <kmeir@paloaltonetworks.com> Co-authored-by: samuelFain <65926551+samuelFain@users.noreply.github.com> Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com> Co-authored-by: Dror Avrahami <davrahami@paloaltonetworks.com> Co-authored-by: Yuval Cohen <86777474+yucohen@users.noreply.github.com> Co-authored-by: Kobbi Gal <85439776+kgal-pan@users.noreply.github.com> Co-authored-by: Shachar Kidor <82749224+ShacharKidor@users.noreply.github.com> Co-authored-by: Tal Carmeli <158452762+tcarmeli1@users.noreply.github.com> Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: davistonehub <111578758+davistonehub@users.noreply.github.com> Co-authored-by: Christian Gutierrez <christiang@checkpoint.com> Co-authored-by: ogulcanhero <99717065+ogulcanhero@users.noreply.github.com> Co-authored-by: israelpoli <72099621+israelpoli@users.noreply.github.com> Co-authored-by: sharonfi99 <147984773+sharonfi99@users.noreply.github.com> Co-authored-by: Eido Epstain <eepstain@paloaltonetworks.com> Co-authored-by: anas-yousef <44998563+anas-yousef@users.noreply.github.com> Co-authored-by: Jasmine Beilin <71636766+JasBeilin@users.noreply.github.com> Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com> Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> Co-authored-by: merit-maita <49760643+merit-maita@users.noreply.github.com> Co-authored-by: Binat Ziser <89336697+bziser@users.noreply.github.com> Co-authored-by: rcookpalo <88800249+rcookpalo@users.noreply.github.com> Co-authored-by: rshunim <102469772+rshunim@users.noreply.github.com> Co-authored-by: Judah Schwartz <JudahSchwartz@users.noreply.github.com> Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> Co-authored-by: Devang Mungara <76464285+devang-metron@users.noreply.github.com> Co-authored-by: Danny Fried <dfried@paloaltonetworks.com> Co-authored-by: cweltPA <129675344+cweltPA@users.noreply.github.com> Co-authored-by: yasta5 <112320333+yasta5@users.noreply.github.com> Co-authored-by: YairGlik <148229942+YairGlik@users.noreply.github.com> Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> Co-authored-by: munna-metron <82433049+munna-metron@users.noreply.github.com> Co-authored-by: Judah Schwartz <juschwartz@paloaltonetworks.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Yael Shamai <111040837+YaelShamai@users.noreply.github.com> Co-authored-by: yrosenberg <yrosenberg@paloaltonetworks.com> Co-authored-by: Menachem Weinfeld <90556466+mmhw@users.noreply.github.com>

* use expandtoken * expand token in mirror * update docker

* adding script * fixing regex * fix * fix * fixes * fixs * edit * fix script * fix script after demo * images * revert * remove files * fixing filename * fixed files names * fix name of files * rremoving links outside github * Implemented bypassing malformed indicators (#34693) * Implemented bypassing malformed indicators (#34657) * Implemented bypassing malformed indicators * Implemented review fixes --------- Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> * Fixed rn --------- Co-authored-by: cyble-dev <101622497+cyble-dev@users.noreply.github.com> Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> Co-authored-by: sberman <sberman@paloaltonetworks.com> * Extract hyperlinks from office files (#34671) * commit * pre commit fixes * rn * bumped by revision * Update Packs/CommonScripts/ReleaseNotes/1_15_5.md Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * Update Packs/CommonScripts/Scripts/ExtractHyperlinksFromOfficeFiles/ExtractHyperlinksFromOfficeFiles.py Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * created a new test file * known words and update docker --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * Container Script Null ExecutedCommands (#34681) * [API Execution Metrics] Added Error Types To The Main Widget (#34676) * init * Update 1_6_0.md * color and new name * Update Packs/CommonDashboards/ReleaseNotes/1_6_0.md * color --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * SentinelOne v2: Fixes sentinelone-disconnect-agent and sentinelone-connect-agent issues. (#34672) * fix: fix issues with sentinelone-disconnect-agent and sentinelone-connect-agent cmds (#34372) * keep AgentsAffected --------- Co-authored-by: chloerongier <150173582+chloerongier@users.noreply.github.com> Co-authored-by: Jacob Levy <129657918+jlevypaloalto@users.noreply.github.com> * Ciac 9706 (#34701) * section updated to advance (#34660) * section updated to advance * sections fixed * added release note * updated rn message * fixed section * MISP V3 Test (#34684) * MISP V3 Test * MISP V3 Test fixes * Update MISPV3.yml * MISP V3 Test add lines to trigger playbook * MISP V3 Test add lines to trigger playbook * Update MISP_V3_Test.yml * fix RNs * bump docker * undo misp changes * undo misp changes --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * Changes related to the Vectra XDR release 1.0.5 (#34700) (#34702) Co-authored-by: Crest Data <60967033+crestdatasystems@users.noreply.github.com> Co-authored-by: crestdatasystems <crestdatasystems@users.noreply.github.com> * Fix for 'Identity Analytics - Alert Handling' playbook (#34696) * mapping rule output for the 'Number Of Found Related Alerts' alert field needs to be changed from 'NumOfRelatedAlerts' to '${NumOfRelatedAlerts}'. * RN * Bump pack from version Core to 3.0.34. * re-added the inputSections of the playbook --------- Co-authored-by: Tal <tcarmeli@paloaltonetworks.com> Co-authored-by: Content Bot <bot@demisto.com> * Adding Armis logos for the XSIAM ingestion dashboard (#34117) (#34704) * adding dashboard icons * adding dashboard icons * updating version for dashboard icons * updating version for dashboard icons Co-authored-by: paulusaltus <tallpaul88@gmail.com> * Fix Incapsula authorization error (#34706) * Added headers * fix * imperva * revert * RN * RN * validate fixes * Microsoft defender rebranding (#34692) * Microsoft Defender XDR rebranding * RN * docker * keywords * format * fixed img * revert form version * update img * add svg * 9835 GitHub feed (#33735) * squash * add testes * fix file name * fix tests bug * add tests * commit * Revert "commit" This reverts commit cb7451d18b9edfcc3b809b991ace461ab73c92ce. * delete unused func * CR fix issues * split yara rules with plyara lib * CR issues * add secrets-ignore * commit * secrets-ignore * fix raw yara layout * commit * change readme * cr issues * Treatment of the first commit in the repository * CR issues * typing issue * commit * doc review issues * type fix * undo commit * delate rubbish * add tags * commit * commit * add test * empty commit * Empty-Commit * test changes * rename * rename fix * cr issues * validations issues * arrange secrets * testes --------- Co-authored-by: YuvHayun <yhayun@paloaltonetworks.com> * Remove nightly ok workflow (#34714) * Implementation of outgoing mirroring (#34703) * Implementation of outgoing mirroring (#34353) * outgoing mapping init * additional properties in mappers * set up mirroring parameters correctly (outgoing) * implement outgoing mirroring * fix close test * add tests for outgoing update * release notes * fix release notes * brecking changes release notes * remove unnecessary fields in outgoing mapper * Update Packs/VaronisSaaS/ReleaseNotes/1_0_6.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/VaronisSaaS/ReleaseNotes/1_0_6.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/VaronisSaaS/ReleaseNotes/1_0_6.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/VaronisSaaS/ReleaseNotes/1_0_6.json Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> * Update Packs/VaronisSaaS/IncidentFields/incidentfield-Varonis_SaaS_Close_Reason.json Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> * mirroring close action in xsoar on varonis close alert * Added post processing script to set the alert status to closed when an incident is closed. * Update Packs/VaronisSaaS/Integrations/VaronisSaaS/VaronisSaaS.py Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/VaronisSaaS/ReleaseNotes/1_0_6.json Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/VaronisSaaS/Scripts/varonis_alert_post_processing/README.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/VaronisSaaS/Scripts/varonis_alert_post_processing/README.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/VaronisSaaS/ReleaseNotes/1_0_6.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * fix issue with script naming * fix release notes * fix release notes * remove description file for script * remove exception catching from main * update read me file for Integration * Update Packs/VaronisSaaS/Integrations/VaronisSaaS/README.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/VaronisSaaS/Integrations/VaronisSaaS/README.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/VaronisSaaS/Integrations/VaronisSaaS/README.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> --------- Co-authored-by: bdudnyk-varonis <145133825+bdudnyk-varonis@users.noreply.github.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> * RN --------- Co-authored-by: vkorenkov-varonis <99330808+vkorenkov-varonis@users.noreply.github.com> Co-authored-by: bdudnyk-varonis <145133825+bdudnyk-varonis@users.noreply.github.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> * updated the docker image (#34725) * Joe-submission-info command Update (#34694) * Changed submission info to have a required argument * updated release notes * updated README * added bc note * added bc * Fix duo-get-events command (#34734) * rename push_events param * update RN * update RN * update docker * SymantecCloudSOC: fix date format error (#34640) * fix fromat error * fix date format issue * fix pre commit * Update Packs/SymantecCloudSOC/ReleaseNotes/1_0_8.md Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com> --------- Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com> * MicrosoftDefnderForCloud: update documentation (#34724) * update documentation * update RN * CR changes * Get list row (#34652) * removed new lines at the end causing index exception * removed un related file * improved the test * update release notes * update release notes * Bump pack from version CommonScripts to 1.15.5. * Bump pack from version CommonScripts to 1.15.6. * update release notes and bump docker * commit * test desc * changed the folder name to fit our conventions * change name * change name * change name * change name --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Koby Meir <kobymeir@users.noreply.github.com> * Qradar delete and cancel searches (#34443) * add search delete command * add search cancel command * cancel query when polling almost get timeout * add cancel search to fetch * RN * Apply suggestions from code review Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * RN * docker * remove unnecessary debug logs --------- Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * Infoblox Update (#34730) * Updated the ParsingRules * Updated ReleaseNotes * Updated ReleaseNotes * Fix unittest in CommonServerPython script (#34653) * fix CSP test --------- Co-authored-by: kobymeir <kmeir@paloaltonetworks.com> * XSUP 37940 aruba clearpass (#34732) * Updated dataset name * Updated ReleaseNotes * Updated ReleaseNotes * Updated HPEArubaClearPass_schema * Updated HPEArubaClearPass_schema * [Azure Log Analytics] Add High GCC support (#34667) * Add `Azure Cloud` parameter * Add `Server URL` parameter * Add get_azure_cloud argument in Client * pre-commit * Build base_url arg using azure_cloud * Update test file * Update test file * Fix suffix string * Update RN * format * Add know words * [CortexXpanse] - New Xpanse Feed (#34709) (#34755) * init * before removing range * more stuff * starting unit tests * unit tests * final touches * set defaults * RN * fix val * update RN * updates * Apply suggestions from code review * Apply suggestions from code review * bump ver and lint --------- Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> * Update clean_stale_branches.yml (#34759) * [Integration] - Mattermost V2 (#32423) * Initial commands * Added websocket support * handle threads and dm * cosmetic changes * ADDING WEBHOOK TO INTEGRATION * tests and docs * yml * added test and docs * small changes before demo * more changes after demo * added coverage * rename mattermost * rename mattermost * rename test playbook + tests * delete dup files * cr and small changes * cr * cr * cr * readme * doc review + small fixes * Added support for script MattermostAskUser * rn * doc review * tpb * script testplaybook * docs * readme * small changes * fix test * Apply suggestions from doc review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Apply suggestions from doc review - yml file Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * updated docker image, cr * added tpb to skipped, cr, pre commit * rn * updated scripr args, coverage * debug logs and pre commit * add support for xsoar_on_prem only --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * MITRE ATT&CK - Save intrusion-sets as threat-actor indicators parameter (#34598) * Threat-actor update * RN * small fix * RN * RN * Update Packs/FeedMitreAttackv2/ReleaseNotes/1_1_38.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update FeedMitreAttackv2.yml --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * add isFetchSamples to slack v3 (#34758) * add isFetchSamples to slack v3 * rn * Update XSOAR Engineer Training Docker Image (#34745) * Update XSOAR Engineer Training Docker Image * revert changes * bump docker image * rm release notes * readd 1_0_1 * update rn * fix docker image in rn * Fixed links to graphics (#34762) Graphics were not appearing. Fixed links to graphics. Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> * Support multiple drilldown searches response (#34327) * handled more than one drilldown search * Change the Submitted condition * Edited handle submitted notables * Edited SplunkShowDrilldown script * Fixed the to_incident function to keep BC * Present Results by Search Query * limit results table to a const * Use time frame of multiple drilldowns * added query name to the context and layout * added query name to the layout * Changed comment wordings * Removed unnecessary function * removed unnecessary loop * parse query name * Improved layout * Comments Improvements * Added docs * Added the RN file * fix comment * Updated the docker image * pre-commit changes * Fixed too long lines * Fixed timeframe test * Improve readme reference * fixed drilldown_enrichment function * Fixed drilldown_enrichment function for unsuccessful enrichments * Fixed RN * pre commit fixes * Removed unnecessary debug message * failed_to_submit condition change * added unit tests * Added Unit Tests * pre commit fixes * pre commit fixes * pre comit more fixes * pre commit more fixes * Added unit tests for SplunkShowDrilldown script * pre commit fixes * Fixed the Submitted condition * Improved logs * pre commit fixes * fixed explanation * Added info level log * Pre commit fixes * Improved the call to parse a query name * Update Packs/SplunkPy/Integrations/SplunkPy/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SplunkPy/Integrations/SplunkPy/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SplunkPy/Integrations/SplunkPy/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SplunkPy/Integrations/SplunkPy/SplunkPy_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SplunkPy/Integrations/SplunkPy/SplunkPy_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SplunkPy/Integrations/SplunkPy/SplunkPy_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SplunkPy/ReleaseNotes/3_1_28.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Edited the description of 'Number of Events Per Enrichment Type' param * change info level to error level * Changed the structure of the drilldown search results * Pre-commit fixes * Update Packs/SplunkPy/Integrations/SplunkPy/README.md Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * Update Packs/SplunkPy/Integrations/SplunkPy/README.md Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * Update Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.py Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * Removed temp const * Added BC json to the RN * Added ids to the unit tests --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * fix pyEWS TPB (#34742) * fix pwEWS TPB * fix timeout * conf * not parallel * [Marketplace Contribution] Akamai WAF - Content Pack Update (#34474) (#34766) * "contribution update to pack 'Akamai WAF'" * Update Akamai_WAF.py * Update Akamai_WAF.py * Update Akamai_WAF.py * Update Akamai_WAF.py * Update Akamai_WAF.py 1. Revert the deletion of the demisto.debug() statements. 2. Revert the following change. > - entry_context = [] - human_readable = [] * fixed a duplication in the README * Update Packs/Akamai_WAF/Integrations/Akamai_WAF/Akamai_WAF.yml * Update Packs/Akamai_WAF/Integrations/Akamai_WAF/README.md * Update Packs/Akamai_WAF/ReleaseNotes/2_0_11.md * unit tests * pre-commit updates --------- Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: davistonehub <111578758+davistonehub@users.noreply.github.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Implement support for other regions (#34774) (#34782) Co-authored-by: Christian Gutierrez <christiang@checkpoint.com> * VMware ESXi Parsing Update (#34763) * Updated ParsingRules * Updated ParsingRules * reverted Infoblox * Updated ReleaseNotes * Updated ReleaseNotes * Get Original Email - EWS v2 - test - fix (#34756) * fix tpb * not parallel * Fixes For 'IOC Alert' XSIAM Playbook (#34747) * Fixes For 'IOC Alert' XSIAM Playbook * RN * revert changes of task 83 * Changed the theme in the playbook picture to white. * add: update octoxlabs (#34645) * add: update octoxlabs (#34532) * add: update octoxlabs * add: new commands in release notes * change: dockerfile version --------- Co-authored-by: Kobbi Gal <85439776+kgal-pan@users.noreply.github.com> * Testing with master sdk * Testing with master sdk * Revert changes * revert poetry.lock --------- Co-authored-by: ogulcanhero <99717065+ogulcanhero@users.noreply.github.com> Co-authored-by: Kobbi Gal <85439776+kgal-pan@users.noreply.github.com> Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> Co-authored-by: sberman <sberman@paloaltonetworks.com> * CS Falcon - Reopen incident statuses (#34675) * added an option to choose in which statuses to reopen the incident * added reopen statuses to the rest of the incident types * unit tests update, reopened statuses update in the code, RN * pre-commit updates * unit tests * more unit tests and an update to get_remote_idp_or_mobile_detection_data * fixed yml * updated docker image * cr updates * more debug logs * Fix for 'Identity Analytics - Alert Handling' XSIAM playbook (#34777) * Fix for 'Identity Analytics - Alert Handling' XSIAM playbook * RN * Bump pack from version Core to 3.0.36. --------- Co-authored-by: Content Bot <bot@demisto.com> * Skip sending Slack Notifications for Tests (#34788) * Add Conditional for Slack Notifications * fix conditional * simplify title prefix * Bump core packs versions (#34804) * bump core packs versions * resolve conflict * empty-commit * Deprecate O365 Defender SafeLinks - Single User (#34729) * Deprecate O365 Defender SafeLinks - Single User * fix display * RN * Fix RN * back adopt_pack and checkout_contribution scripts (#34796) * back adopt_pack and checkout_contribution scripts * add contribution folder for contribution utilities * added deprecated comment * Update contribution/README.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * comment correction * fix pre commit --------- Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * [API Execution Metrics] Add Main Widget & Remove Integration Widgets (#34691) * init * init * init * rn * EWSO365 * category email * category email * revert rn * Update Packs/CommonDashboards/ReleaseNotes/1_7_0.md Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * rn and histogram * Bump pack from version CommonDashboards to 1.7.0. * Update Packs/CommonDashboards/ReleaseNotes/1_7_0.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Modeling & parsing rules were added, readme was updated as well (#34784) * Modeling & parsing rules were added, readme was updated as well * Modeling & parsing rules were added * update release notes * update release notes * update to versions in yml files * Update HuaweiNetworkDevices * ```bash * update relase notes --------- Co-authored-by: Eido Epstain <eepstain@paloaltonetworks.com> * Fix links to graphics in Pack Readme (#34783) * Fix links to graphics in Pack Readme * Fixed validate --------- Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> Co-authored-by: sberman <sberman@paloaltonetworks.com> * Print to incident and other alert's waroom (#34765) * Added both scripts * Added README * Updated YML * pre-commit * RNs * pack-ignore * Added docstrings * Changed fromversion * Bump pack from version CommonScripts to 1.15.8. * CR fixes * Docker upgrade * Added marketplaces * Updated pack-ignore * Updated RNs * Dummy change * Revert dummy change --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Jasmine Beilin <71636766+JasBeilin@users.noreply.github.com> * [QRadar v3] Metrics (#34485) * init * finally * RN * dashboard and widget * fix * revert * pre-commit * Update Packs/QRadar/pack_metadata.json * rn and readme * Update Packs/QRadar/Integrations/QRadar_v3/README.md * Apply suggestions from code review Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * MyToDoTasksWidget: fix broken link (#34768) * fix broken link * Bump pack from version CommonWidgets to 1.2.51. * Update Packs/CommonWidgets/ReleaseNotes/1_2_51.md Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com> --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com> * New Integration: Chronicle Streaming API (#34593) (#34813) * New Integration: Chronicle Streaming API * Resolving the PR comments and handled the scenario when continuous time coming from integration context is older for the API --------- Co-authored-by: Crest Data <60967033+crestdatasystems@users.noreply.github.com> Co-authored-by: crestdatasystems <crestdatasystems@users.noreply.github.com> Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> * special_lucin_char_indicators_from_cache (#34818) * special_lucin_char_indicators_from_cache * added some tests * commit * RN * test formating * Update Packs/CommonScripts/ReleaseNotes/1_15_9.md Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com> --------- Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com> * added validations to validation_config file (#34832) * del README blank lines (#34772) (#34830) Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> * [MS teams] update URLs (#34833) * update * update docker * Change Forescout Pack Name (#34829) * Change Forescout Pack Name * add rn * fix rn * fix (#34834) * deprecate (#34839) * removed extra args from readmem (#34828) * removed extra args from readmem * updated do * added rn * reverted do * updated do * added rn * PAN-OS Correlation Logs (#34388) * init * remote changes * remove .keys() * complete filter * update last_run complete * added typing * refactor * notations * refactor * stub tests * first tests * more tests * done(?) * unit-test complete * added logs * fix entries * add incident types * RN * removed system=true for incidents * Update 2_1_28.md * Bump pack from version PAN-OS to 2.1.29. * fix build issues * refactor * refactor * temp * working * pre-commit issues fixed --------- Co-authored-by: Content Bot <bot@demisto.com> * [CoretxXDRIR] edited the tooltip (#34838) * edited the tooltip * rn * readme * removing RM106 * [Azure Log Analytics] Update README.md (#34761) * Update README.md * pre-commit * checkout `.github/workflows/clean_stale_branches.yml` from origin * Update README.md (#34858) (#34861) Changed “Servers & Services” to “Instances” and added opening quotation marks to two examples that were missing them. Co-authored-by: rcookpalo <88800249+rcookpalo@users.noreply.github.com> * add parameter to Microsoft defender cloud apps event collector (#34764) * add support for event types * RN * add param to README.md * improve code * docs * Update Packs/MicrosoftCloudAppSecurity/ReleaseNotes/2_1_63.md Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * version * naming and remove condition * pre commit * clarify filters * Update Packs/MicrosoftCloudAppSecurity/Integrations/MicrosoftDefenderEventCollector/MicrosoftDefenderEventCollector.py Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * not required --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * added before query param to Armis event collector (#34738) * added before query param toarmis event collector * cr fixes * fixes * test fix * testings * pre-commit fixes * pre-commit fixes * update default time * Update Packs/Armis/ReleaseNotes/1_1_15.md Co-authored-by: Judah Schwartz <JudahSchwartz@users.noreply.github.com> * cr fixes --------- Co-authored-by: Judah Schwartz <JudahSchwartz@users.noreply.github.com> * Adding AdoptionMetricts script to CommonDashboard (#34538) * fixing bug artifacts from XDR missing * adding rl * add rl * remove debugging * fix default val * fix * Bump pack from version CortexXDR to 6.1.35. * Bump pack from version CortexXDR to 6.1.36. * Bump pack from version CortexXDR to 6.1.37. * cr * cr fix default values in functions * fix error * Update Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR.py Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> * fix default * fix docker * fix tests * fix default * conflict fixes * pre-commit fixes * Adding AdoptionMetricts script to CommonDashboard * fixing dirty commit * fixing tests * fix folder name * Bump pack from version CommonDashboards to 1.5.1. * Bump pack from version CommonDashboards to 1.6.1. * check * fim RM114 * adding note * check if adding rn113 helps * Bump pack from version CommonDashboards to 1.6.2. * fixing doocker * RN114 --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> * Removed username display in the configuration form and kept API key(password) (#34831) * Removed username display in the configuration form and kept API key(password) (#34748) * Removed username display in the configuration form and kept just the API key(password). * Updated SafeBreach Pack/Integration readme and release notes. * Formatting and Dockerimage update for the SafeBreach integration * Update SafeBreach.yml * Update 1_4_3.md --------- Co-authored-by: Devang Mungara <76464285+devang-metron@users.noreply.github.com> Co-authored-by: Jacob Levy <129657918+jlevypaloalto@users.noreply.github.com> * Remove redundant password. (#34846) * Remove redundant password. * RN. Format yml. version update. * RN * pre-commit changes * Update Packs/AWS-SNS/ReleaseNotes/1_0_16.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update README file --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Move misplaced files (InvalidDepthOneFile) (#34845) * move file * fixes * more fixes * remvoe from config * Cyberark epm add instance param (#34864) * Added instance param * RN * default to false * Fix mypy errors * docs review * Add ut * MITRE IDs pack - update scripts dir name (#34817) * update dir names * update RN * New XSIAM Dashboards/Reports (#34686) * init * remove images * add readmes * remove unneeded files * Update Packs/XSIAMCompliance_ISO_27001/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/XSIAMCompliance_GDPR/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: cweltPA <129675344+cweltPA@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Removed duplicate xdrc section form readme, and removed wrong reference to NPS in the readme (#34865) * fix arcsight image (#34867) * fix arcsight image * bump * autopep8 * image size * MapRangeValues - XSUP 38471 (#34863) * fixed the issue * added a unit test case * int(f_value) * removed and updated debug logs * rn update * removed script_info.txt creation (#34880) * Extract hyperlinks pptx issue (#34876) * added pptx test * added functionality for grouped shaped parsing * RN * RN * RN * dissable error * Mimecast integration ciac 9090 (#34386) * add oauth2 * add command mimecast-get-archive-search-logs * add command mimecast-get-search-logs * add arg_to_datetime * add mimecast-get-view-logs * add command mimecast-list-account * pre commit * add command mimecast-create-block-sender-policy * add command mimecast-update-block-sender-policy * add command mimecast-list-policies * mimecast-list-policies * fix get_policy_request() * add command mimecast-create-antispoofing-bypass-policy * add command mimecast-update-antispoofing-bypass-policy * add command mimecast-create-webwhiteurl-policy * add command mimecast-update-webwhiteurl-policies * add command mimecast-create-address-alteration-policy * add command * policyType to not required * fit type address-alteration * change for debug * fix mimecast-get-search-logs * add argument to mimecast_create_webwhiteurl_policy_command * add # default value * fix get_policy * fix delete_policy_request * add UT * fix mane fn * add space * fix conditions * format * fix updating_token_oauth2 * boolean * add readable output for list policies * fix pagination * space * fix conditions * webwhiteurl delete from YML * README * UT * add to readme * query_xml to query * delete get_archive_search_logs_request * fix pagination * add UT * mimecast-get-policy add description * add outputs to yml * delete print * add to description.md * delete print * fix description in yml * add command examples * add command examples * add command examples * fix description.md * remove checkbox use_oauth2 * relative time support * add command to readme * fix after demo * cr fix * update Existing commands in readme * command_examples * pagination * Merger request_with_pagination_api2 with request_with_pagination * ut * request_with_pagination * fix get_archive_search_logs_command * fix get_archive_search_logs_command * fix for build * add UT * add UT and fix pre commit * add release notes * add release notes * update docker * update ReleaseNotes * update ReleaseNotes * fix for build * add TestPlaybooks * add UT * Merge branch 'master' of github.com:demisto/content into mimecast-integration-ciac-9090 * DR * fix ReleaseNotes * add test playbook * add readme * fix outputs in yml * test playbook * Merge branch master of github.com:demisto/content into mimecast-integration-ciac-9090 * Mimecast Test api 2.0 * Merge branch master of github.com:demisto/content into mimecast-integration-ciac-9090 * Deleting an unnecessary title * merge * fix outputs * add instance_names to conf.json * add instance_names to conf.json * fix README * update docker * add outputs_prefix * add description to mimecast-delete-policy * add instance_names * Merge branch 'master' of github.com:demisto/content into mimecast-integration-ciac-9090 * fix instance_names * fix playbook * format TestPlaybooks * add log * add log * fix CLIENT_SECRET * add UT * format * replace json to md * CLIENT_ID to str * client_secret to str * UT * instance_names rename * update conf.json instance_names * fix test playbook * added a raise message to the test module * fix ci * format * recovery ci * fix CLIENT_SECRET * test_module return 'ok' * fromversion test playbook * Return to operation test_module * update instance_names * format * update docker * CS Falcon -readme update (#34881) * readme update * fixed IN101 * pre-commit updates * added RN * updated docker image * fixed pre-commit autopep8 malformed packs (#34884) * fixed autopep8 * update rn * update rn * update rn * Update Packs/SuspiciousDomainHunting/ReleaseNotes/1_0_2.md Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * YARA script - create relationships for YARA indicators (#34799) * YARA relationships * RN * RN * ignore words * Small fix in yml * docstrings * RN * RN * [ASM] Adding Slack Messages (#34827) (#34883) * update slack pack * CASM changed * update screenshot link * RN * skip if unavailable * slack RN * Apply suggestions from code review * add XSIAM ver * fix validations * update slack RN * pack README typo * update playbook README --------- Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * save artifacts (#34886) * Prisma logo update (#34512) * Update images to match branding * Move GitHub workflow scripts (#34887) * move check_if_needs_to_fill_contribution_form script to under the .github folder * delete check_if_needs_to_fill_contribution_form.py script from Utils/github_workflow_scripts/ folder * move check_if_partner_approved_label_exists script to .github folder with its test file * delete check_if_partner_approved_label_exists script from Utils folder * move check_protected_directories script to github folder * delete check_protected_directories script from Utils folder * move create_internal_pr to github folder * delete create_internal_pr from Utils folder * move handle_external_pr script to github folder * delete handle_external_pr script from Utils folder and fix UT for check_if_partner_approved_label_test * delete test_data from Utils folder * move parse_junit_per_pack to github folder * move request_contributor_review to github folder and delete it from Utils folder with parse_junit_per_pack script * move run_secrets_detection_get_playbook_status script to github and delete it from Utils folder * move run_secrets_detection to github folder and delete it from Utils folder * move send_slack_message to github folder and delete it from Utils folder * move sync_contrib_base to github folder and delete it from Utils folder * move utils_test to github and delete it from Utils folder * move all scripts under Utils/github_workflow_github folder * fix * fix * Update FireEyeNX.py (#34889) * Update FireEyeNX.py * reproduce issue with test + rns * after fix * change access to response (#34877) * change access to response * return a dict * fix bug * RN * fix UTs * change RN * change RN * RN for packages dependent on the modified API module CoreIRApiModule * DO * Update Docker Image To demisto/boto3py3 (#34904) * Updated Metadata Of Pack SecurityIntelligenceServicesFeed * Added release notes to pack SecurityIntelligenceServicesFeed * Packs/SecurityIntelligenceServicesFeed/Integrations/SecurityIntelligenceServicesFeed/SecurityIntelligenceServicesFeed.yml Docker image update * Updated Metadata Of Pack AWS-SecurityLake * Added release notes to pack AWS-SecurityLake * Packs/AWS-SecurityLake/Integrations/AWSSecurityLake/AWSSecurityLake.yml Docker image update * Updated Metadata Of Pack AWS-AccessAnalyzer * Added release notes to pack AWS-AccessAnalyzer * Packs/AWS-AccessAnalyzer/Integrations/AWS-AccessAnalyzer/AWS-AccessAnalyzer.yml Docker image update * Updated Metadata Of Pack AWS-IAMIdentityCenter * Added release notes to pack AWS-IAMIdentityCenter * Packs/AWS-IAMIdentityCenter/Integrations/AWSIAMIdentityCenter/AWSIAMIdentityCenter.yml Docker image update * Updated Metadata Of Pack AWS-GuardDuty * Added release notes to pack AWS-GuardDuty * Packs/AWS-GuardDuty/Integrations/AWSGuardDutyEventCollector/AWSGuardDutyEventCollector.yml Docker image update * Packs/AWS-GuardDuty/Integrations/AWSGuardDuty/AWSGuardDuty.yml Docker image update * Updated Metadata Of Pack AWS-EKS * Added release notes to pack AWS-EKS * Packs/AWS-EKS/Integrations/AWSEKS/AWSEKS.yml Docker image update * Updated Metadata Of Pack AWS-SecurityHub * Added release notes to pack AWS-SecurityHub * Packs/AWS-SecurityHub/Integrations/AWSSecurityHubEventCollector/AWSSecurityHubEventCollector.yml Docker image update * Updated Metadata Of Pack Aws-SecretsManager * Added release notes to pack Aws-SecretsManager * Packs/Aws-SecretsManager/Integrations/AwsSecretsManager/AwsSecretsManager.yml Docker image update * Updated Metadata Of Pack AWS-CloudTrail * Added release notes to pack AWS-CloudTrail * Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.yml Docker image update * Update Docker Image To demisto/accessdata (#34905) * Updated Metadata Of Pack Exterro * Added release notes to pack Exterro * Packs/Exterro/Integrations/Exterro/Exterro.yml Docker image update * fix contribution workflow scripts (#34909) * skipping autopep8 on nightlies (#34903) * Replace links so they link to master (#34906) * add EV2 core packs (#34147) (#34217) Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: anas-yousef <44998563+anas-yousef@users.noreply.github.com> * ReadPDFFileV2 open in binary mode (#34908) * Added fix * Added RNs * Updated docker image * Fixed RNs * SentinelOne V2- 3.2.25 - Updating Mappers (#34619) (#34911) * Updated the mappers and incient fields and type * enable the labels on mapper * Updating the mappers, layout * Adding related incidents tab * Updated release notes * Updated the layout * Updated the layout by adding the move command * Review comment fixes * Bumped version * Fixed new review comments * Fixed new review comments * Fixed new review comments * Fixed new review comments * demo review comment fixes * pre-commit fix * review comment fixes --------- Co-authored-by: munna-metron <82433049+munna-metron@users.noreply.github.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * CommonServerPython: truncate `return_error` messages (#34823) * return_error_message * pre commit * CR * RN * CR * ignore * move constant * pre commit * add verbose * revert to master * Fix image routing (#34837) * Fix image routing * add Yara pack to dependence * add release notes * add release notes * . * . * moved lo107 to warning (#34918) * adding a fix to parsing_user_query (#34816) * adding a fix to parsing_user_query * RL + change to *attribute_timestamp* * removing log * Update Packs/FeedMISP/ReleaseNotes/1_0_33.md Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * add test * fix docker * add docstring * fix tests * cr fix --------- Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * update to lates exchangelib version in ewsv2, remove pwsh (#34630) * checking docker 5.0.3 * fix find folders * added else, catch all exception in tree * extra thing * run w latest image * remove extra except block * Update Packs/MicrosoftExchangeOnPremise/ReleaseNotes/2_1_7.md * Update Packs/MicrosoftExchangeOnPremise/ReleaseNotes/2_1_7.md * Update Packs/MicrosoftExchangeOnPremise/ReleaseNotes/2_1_7.md * image * lint * demisto/py-ews:5.4.1.98082 * try old image * Revert "try old image" This reverts commit 23c86eada767c6906a81399961d8e49f7e115e94. * remove some to test * Revert "remove some to test" This reverts commit 9638f86197a642453771abc1442ba8cd85f81f1a. --------- Co-authored-by: Judah Schwartz <juschwartz@paloaltonetworks.com> Co-authored-by: Judah Schwartz <JudahSchwartz@users.noreply.github.com> * fixed an issue where test-module failed with oauth process. (#34871) * fixed an issue where test-module failed with oauth process. * reverted * revert service now * added handling to servicenow test module * added rn * edit * edit * added rn * Update Packs/CommonScripts/ReleaseNotes/1_15_12.md --------- Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com> * [Native Image] Update Candidate To `py3-native:8.6.0.98251` (#34767) * update * Update Tests/docker_native_image_config.json * Update Tests/docker_native_image_config.json * Update Tests/docker_native_image_config.json * infra * Update Tests/docker_native_image_config.json * Update .gitlab/ci/.gitlab-ci.yml * Update .gitlab/ci/.gitlab-ci.yml * Update base author image (#34879) * Update base author image * fix images * remove redundant images * Cisco webex update authentication call to use body instead of url params (#34912) * cisco webex rename integration context * change the access token to body * add ut and rn * fix import * fix ut * docker * fix RN * SplunkPy: use expandtoken in mirroring query (#34840) * use expandtoken * expand token in mirror * update docker * [sane-pdf-reports] - assign markdown server port automatically (#34931) * [sane-pdf-reports] - assign markdown server port automatically * bump rn * rollback changes * log on which port markdown server started * pragma cover * run time error * pragma * fix test * Joe security bug (#34892) * added logs * reverted yml * edit * fix * added rn * updated do * edit * added log * added log * log rewrite --------- Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com> * Digital guardian Bug (#34920) * fixed parsing events from api * fix * added rn * fix * fix * fixes * fixes * added rn * updated do * pre-commit edits * Update Packs/DigitalGuardian/ReleaseNotes/1_1_5.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/DigitalGuardian/ReleaseNotes/1_1_5.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fixes * made a change for the unit test * edit * added fixes for unittests * fixed do --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * poetry files (#34926) Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: israelpoli <72099621+israelpoli@users.noreply.github.com> * Ys add 'get-machine-by-ip- command (#34814) * Added new command * enhance endpoint command * Readme * release notes * pre commit * pre commit * fix yml * format * rn * remove the dev * Build * fix yml * fix yml * generate docs * test description * readme * little fixes * fixes * fixes * fixes * code review fixes * fix yml * format * remove the dev * fix yml * fixes * / * code review fixes * change command's name * more fixes * add documentation * more code review fixes * more fixes * Update Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py * added 'Dev' to name of integration * / * pre commit * Build effort * release notes * rebuild * fix --------- Co-authored-by: Jasmine Beilin <71636766+JasBeilin@users.noreply.github.com> Co-authored-by: yrosenberg <yrosenberg@paloaltonetworks.com> * Added backslashes handling to drilldown enrichment (#34811) * Added backslashes handling to drilldown enrichment * Added comment + pre commit fixes * Fixed unit test * Added a test * fix test * Handled splunk variables that were surrounded by quotation marks in the original query * precommit fixes * Added RN file * Fixed Typo * Removed redundant logs * Removed unnecessary logs * Delete unnecessary variable * delete RN file * Update the RN files * Removed reference of checkpoint from readme file (#34964) * Fixed an issue where test button failed with un informative error. (#34967) * Fixed an issue where test button failed with un informative error. * Bumped the docker image * PrintToParentIncident skip name change (#34979) * Added skip * pack-ignore * BC * Update Packs/CommonScripts/ReleaseNotes/1_15_13.json Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * Moved to known words * Update Packs/CommonScripts/ReleaseNotes/1_15_13.md Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * Fixed RNs --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> * [CSP] Fixed issue uploading large files (#34921) * [CSP] Fixed issue uploading large files * Add 'if files' * Replace from BaseClient to generic_http_request * Update Packs/Base/ReleaseNotes/1_34_14.md Co-authored-by: tkatzir <tkatzir@paloaltonetworks.com> * Update Packs/Base/Scripts/CommonServerPython/CommonServerPython.py Co-authored-by: Binat Ziser <89336697+bziser@users.noreply.github.com> * Update 1_34_14.md --------- Co-authored-by: tkatzir <tkatzir@paloaltonetworks.com> Co-authored-by: Binat Ziser <89336697+bziser@users.noreply.github.com> * delete tpb (#34990) * O365 Security and Compliance Auth Fix (#34896) * Fixed an issue where the authentication would use a deprecated app id * Fix alert regression in create email html body script (#34966) * fix attached email decode * CreateEmailHtmlBody add support for alert in XSIAM * fix script * RN * Cr fixes * FIX * revert * doc fixes * conflicts * [Xsup 38544 ] DisplayHTMLWithImages no default color for background (#34985) * added white background-color * docker and rn * Fix proofpoint widget (#34983) * proofpoint tap most attcked users widget * proofpoint tap top clickers widget fix * added a main function * RN * autopep8 * bumped the docker image * RN * commit * fine tune * pre commit fixes * Use `demisto/py3-tools` instead of `demisto/fastapi` for Pydantic (#34255) * pydantic image and fixes * use prod image * RN * RN * RN * bump api-dependent images * bump pydantic: BoxEventsCollector * add type hint * fix * bump minor versions * fix dict * add trailing period * Bump pack from version Mimecast to 2.4.0. --------- Co-authored-by: Content Bot <bot@demisto.com> * add more images * fix dile name * change name * change name --------- Co-authored-by: content-bot <55035720+content-bot@users.noreply.github.com> Co-authored-by: cyble-dev <101622497+cyble-dev@users.noreply.github.com> Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> Co-authored-by: sberman <sberman@paloaltonetworks.com> Co-authored-by: omerKarkKatz <95565843+omerKarkKatz@users.noreply.github.com> Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> Co-authored-by: tkatzir <tkatzir@paloaltonetworks.com> Co-authored-by: Shmuel Kroizer <69422117+shmuel44@users.noreply.github.com> Co-authored-by: chloerongier <150173582+chloerongier@users.noreply.github.com> Co-authored-by: Jacob Levy <129657918+jlevypaloalto@users.noreply.github.com> Co-authored-by: Edi Katsenelson <85438368+edik24@users.noreply.github.com> Co-authored-by: yedidyacohenpalo <162107504+yedidyacohenpalo@users.noreply.github.com> Co-authored-by: Sapir Shuker <49246861+sapirshuker@users.noreply.github.com> Co-authored-by: Crest Data <60967033+crestdatasystems@users.noreply.github.com> Co-authored-by: crestdatasystems <crestdatasystems@users.noreply.github.com> Co-authored-by: TalNos <112805149+TalNos@users.noreply.github.com> Co-authored-by: Tal <tcarmeli@paloaltonetworks.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: paulusaltus <tallpaul88@gmail.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: azonenfeld <117573492+aaron1535@users.noreply.github.com> Co-authored-by: YuvHayun <yhayun@paloaltonetworks.com> Co-authored-by: vkorenkov-varonis <99330808+vkorenkov-varonis@users.noreply.github.com> Co-authored-by: bdudnyk-varonis <145133825+bdudnyk-varonis@users.noreply.github.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> Co-authored-by: Israel Lappe <79846863+ilappe@users.noreply.github.com> Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com> Co-authored-by: Koby Meir <kobymeir@users.noreply.github.com> Co-authored-by: JudithB <132264628+jbabazadeh@users.noreply.github.com> Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> Co-authored-by: eepstain <116078117+eepstain@users.noreply.github.com> Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com> Co-authored-by: kobymeir <kmeir@paloaltonetworks.com> Co-authored-by: samuelFain <65926551+samuelFain@users.noreply.github.com> Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com> Co-authored-by: Dror Avrahami <davrahami@paloaltonetworks.com> Co-authored-by: Yuval Cohen <86777474+yucohen@users.noreply.github.com> Co-authored-by: Kobbi Gal <85439776+kgal-pan@users.noreply.github.com> Co-authored-by: Shachar Kidor <82749224+ShacharKidor@users.noreply.github.com> Co-authored-by: Tal Carmeli <158452762+tcarmeli1@users.noreply.github.com> Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: davistonehub <111578758+davistonehub@users.noreply.github.com> Co-authored-by: Christian Gutierrez <christiang@checkpoint.com> Co-authored-by: ogulcanhero <99717065+ogulcanhero@users.noreply.github.com> Co-authored-by: israelpoli <72099621+israelpoli@users.noreply.github.com> Co-authored-by: sharonfi99 <147984773+sharonfi99@users.noreply.github.com> Co-authored-by: Eido Epstain <eepstain@paloaltonetworks.com> Co-authored-by: anas-yousef <44998563+anas-yousef@users.noreply.github.com> Co-authored-by: Jasmine Beilin <71636766+JasBeilin@users.noreply.github.com> Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com> Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> Co-authored-by: merit-maita <49760643+merit-maita@users.noreply.github.com> Co-authored-by: Binat Ziser <89336697+bziser@users.noreply.github.com> Co-authored-by: rcookpalo <88800249+rcookpalo@users.noreply.github.com> Co-authored-by: rshunim <102469772+rshunim@users.noreply.github.com> Co-authored-by: Judah Schwartz <JudahSchwartz@users.noreply.github.com> Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> Co-authored-by: Devang Mungara <76464285+devang-metron@users.noreply.github.com> Co-authored-by: Danny Fried <dfried@paloaltonetworks.com> Co-authored-by: cweltPA <129675344+cweltPA@users.noreply.github.com> Co-authored-by: yasta5 <112320333+yasta5@users.noreply.github.com> Co-authored-by: YairGlik <148229942+YairGlik@users.noreply.github.com> Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> Co-authored-by: munna-metron <82433049+munna-metron@users.noreply.github.com> Co-authored-by: Judah Schwartz <juschwartz@paloaltonetworks.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Co-authored-by: Yael Shamai <111040837+YaelShamai@users.noreply.github.com> Co-authored-by: yrosenberg <yrosenberg@paloaltonetworks.com> Co-authored-by: Menachem Weinfeld <90556466+mmhw@users.noreply.github.com>

use expandtoken

4facce9

ilappe self-assigned this Jun 13, 2024

ilappe added 3 commits June 19, 2024 10:16

Merge branch 'master' of https://github.com/demisto/content into ilap…

4c465bf

…pe/XSUP-37814/fix_mirror

expand token in mirror

0fb06d1

Merge branch 'master' of https://github.com/demisto/content into ilap…

d91a5da

…pe/XSUP-37814/fix_mirror

ilappe marked this pull request as ready for review June 19, 2024 07:38

ilappe requested review from DeanArbel and yasta5 June 19, 2024 07:38

yasta5 approved these changes Jun 19, 2024

View reviewed changes

update docker

cc48937

DeanArbel approved these changes Jun 19, 2024

View reviewed changes

DeanArbel added the docs-approved label Jun 19, 2024

ilappe merged commit 10664b5 into master Jun 19, 2024
17 of 18 checks passed

ilappe deleted the ilappe/XSUP-37814/fix_mirror branch June 19, 2024 13:14

amshamah419 pushed a commit that referenced this pull request Jun 20, 2024

SplunkPy: use expandtoken in mirroring query (#34840)

6b3e067

* use expandtoken * expand token in mirror * update docker

maimorag pushed a commit that referenced this pull request Jun 23, 2024

SplunkPy: use expandtoken in mirroring query (#34840)

deebd93

* use expandtoken * expand token in mirror * update docker

barryyosi-panw pushed a commit that referenced this pull request Jun 25, 2024

SplunkPy: use expandtoken in mirroring query (#34840)

79a84e7

* use expandtoken * expand token in mirror * update docker

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SplunkPy: use expandtoken in mirroring query #34840

SplunkPy: use expandtoken in mirroring query #34840

ilappe commented Jun 13, 2024

github-actions bot commented Jun 13, 2024 •

edited

Loading

SplunkPy: use expandtoken in mirroring query #34840

SplunkPy: use expandtoken in mirroring query #34840

Conversation

ilappe commented Jun 13, 2024

Related Issues

Description

github-actions bot commented Jun 13, 2024 • edited Loading

github-actions bot commented Jun 13, 2024 •

edited

Loading