GuardiCoreV2 : Enhancement of Incident Severity Parameter to Prevent Command Failures

Packs/GuardiCore/Integrations/GuardiCoreV2/GuardiCoreV2.py

@@ -448,19 +448,19 @@ def main() -> None:
     demisto.debug(f"Command being called is {demisto.command()}")
 
     # fetch incidents params
-    severity = params.get("severity", None)
+    severity = params.get("severity")
     if "All" in severity:
         severity = None
     elif severity:
         severity = ",".join(severity)
-    source = params.get("source", None)
-    destination = params.get("destination", None)
-    incident_type = params.get("incident_type", None)
+    source = params.get("source")
+    destination = params.get("destination")
+    incident_type = params.get("incident_type")
     if "All" in incident_type:
         incident_type = None
     elif incident_type:
         incident_type = ",".join(incident_type).lower()
-    tag = params.get("tag", None)
+    tag = params.get("tag")
     first_fetch = params.get("first_fetch", "7 days")
     limit = int(params.get("max_fetch", 50))
     GLOBAL_TIMEOUT = int(params.get("timeout", 10))

Packs/GuardiCore/Integrations/GuardiCoreV2/GuardiCoreV2.yml

@@ -2,39 +2,48 @@ category: Deception & Breach Simulation
 commonfields:
   id: GuardiCore v2
   version: -1
+sectionorder:
+- Connect
+- Collect
 configuration:
 - name: base_url
   display: Server URL
   required: true
   defaultvalue: https://example.com/api/v3.0/
   type: 0
   additionalinfo:
+  section: Connect
 - display: Username
   name: credentials
   type: 9
   required: true
+  section: Connect
 - display: Fetch incidents
   name: isFetch
   type: 8
   required: false
+  section: Collect
 - name: source
   display: Source
   defaultvalue:
   type: 0
   additionalinfo: GuardiCore source incident (e.g., Environment:*, App:*, Role:*).
   required: false
+  section: Collect
 - name: destination
   display: Destination
   defaultvalue:
   type: 0
   additionalinfo: GuardiCore destination incident (e.g., Environment:*, App:*, Role:*).
   required: false
+  section: Collect
 - name: tag
   display: Tag
   defaultvalue:
   type: 0
   additionalinfo: GuardiCore tag incident (e.g., Reputation, Internal, Blocked Traffic).
   required: false
+  section: Collect
 - name: incident_type
   display: Incident Type
   defaultvalue: All
@@ -48,9 +57,10 @@ configuration:
   - Experimental
   - All
   required: false
+  section: Collect
 - name: severity
   display: Incident Severity
-  defaultvalue:
+  defaultvalue: All
   type: 16
   additionalinfo: GuardiCore incident severity
   options:
@@ -59,39 +69,46 @@ configuration:
   - High
   - All
   required: false
+  section: Collect
 - name: max_fetch
   display: Maximum incidents to fetch
   defaultvalue: "50"
   type: 0
   additionalinfo: Limit on incidents to fetch
   required: false
+  section: Collect
 - name: first_fetch
   display: First fetch time
   defaultvalue: "7 days"
   type: 0
   additionalinfo: Fetch incidents - First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)
   required: false
+  section: Collect
 - name: timeout
   display: Global timeout to all requests
   defaultvalue: "10"
   type: 0
   additionalinfo: ""
   required: false
+  section: Connect
 - name: insecure
   display: Trust any certificate (not secure)
   type: 8
   additionalinfo:
   required: false
+  section: Connect
 - name: proxy
   display: Use system proxy settings
   type: 8
   additionalinfo:
   required: false
+  section: Connect
 - display: Incident type
   name: incidentType
   type: 13
   required: false
-description: GuardiCore v2 Integration enables you to get information about incidents and endpoints (assets) via the GuardiCore API.
+  section: Collect
+description: The GuardiCore v2 integration provides access to incident and endpoint (asset) information via the GuardiCore API.
 display: GuardiCore v2
 fromversion: 6.0.0
 name: GuardiCore v2
@@ -1192,7 +1209,7 @@ script:
     - contextPath: Endpoint.MACAddress
       description: The endpoint's MAC address.
       type: String
-  dockerimage: demisto/python3:3.12.8.3296088
+  dockerimage: demisto/python3:3.12.11.4819260
   isfetch: true
   runonce: false
   script: "-"

Packs/GuardiCore/Integrations/GuardiCoreV2/README.md

@@ -1,24 +1,25 @@
-GuardiCoreV2 Integration allows to get information about incidents and endpoints (aseets) via the guardicore api.
+The GuardiCore v2 integration provides access to incident and endpoint (asset) information via the GuardiCore API.
 This integration was integrated and tested with version 3.0.0 of the GuardiCore API.
 
 ## Configure GuardiCore v2 in Cortex
 
 | **Parameter** | **Description** | **Required** |
 | --- | --- | --- |
-| API Server URL | For example: `https://example.com/api/v3.0/` | True |
-| Username for API |  | True |
-| Password for API |  | True |
-| Source | Fetch incidents - Guardicore Source Incident Value | False |
-| Desctination | Fetch incidents - Guardicore Desctination Incident Value | False |
-| Tag |  | False |
-| Incident Type | Fetch incidents - Guardicore Incident Type Value | False |
-| Incident Severity | Fetch incidents - Guardicore Incident Severity Value | False |
-| Maximum alerts to fetch | Fetch incidents - limit on incidents to fetch | False |
-| First fetch time | Fetch incidents - First fetch timestamp \(<number> <time unit>, e.g., 12 hours, 7 days\) | False |
+| Server URL |  | True |
+| Username |  | True |
+| Password |  | True |
+| Fetch incidents |  | False |
+| Source | GuardiCore source incident \(e.g., Environment:\*, App:\*, Role:\*\). | False |
+| Destination | GuardiCore destination incident \(e.g., Environment:\*, App:\*, Role:\*\). | False |
+| Tag | GuardiCore tag incident \(e.g., Reputation, Internal, Blocked Traffic\). | False |
+| Incident Type | GuardiCore incident types. | False |
+| Incident Severity | GuardiCore incident severity | False |
+| Maximum incidents to fetch | Limit on incidents to fetch | False |
+| First fetch time | Fetch incidents - First fetch timestamp \(<number> <time unit>, e.g., 12 hours, 7 days\) | False |
+| Global timeout to all requests |  | False |
 | Trust any certificate (not secure) |  | False |
 | Use system proxy settings |  | False |
 | Incident type |  | False |
-| Fetch incidents |  | False |
 
 ## Commands
 

Packs/GuardiCore/ReleaseNotes/2_0_16.md

@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### GuardiCore v2
+
+- Updated the Docker image to: *demisto/python3:3.12.11.4819260*.
+- Fixed an issue where commands would fail when the Incident Severity parameter was not set.

Packs/GuardiCore/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "GuardiCore",
     "description": "Data center breach detection",
     "support": "xsoar",
-    "currentVersion": "2.0.15",
+    "currentVersion": "2.0.16",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",