added support for time_zone arg by merit-maita · Pull Request #43237 · demisto/content

merit-maita · 2026-02-23T10:15:55Z

Status

In Progress
Ready
In Hold - (Reason for hold)

Related Issues

Fixes: https://jira-dc.paloaltonetworks.com/browse/CIAC-15764

Description

Must have

Tests
Documentation

content-bot · 2026-02-23T10:17:08Z

🤖 AI-Powered Code Review Available

You can leverage AI-powered code review to assist with this PR!

Available Commands:

@content-bot start review - Initiate a full AI code review
@content-bot re-review - Incremental review for new commits

github-actions · 2026-02-23T10:20:02Z

Coverage Report

File	Stmts	Miss	Cover	Missing
Packs/EmailCommunication/Scripts/PreprocessEmail
PreprocessEmail.py	243	66	72%	25–29, 31, 50–51, 56, 115, 149–150, 192, 194–196, 198–200, 202–205, 207–209, 211, 223–226, 281, 291–295, 309–312, 338, 345–347, 357–364, 411, 429, 432, 435, 466–469, 552–553, 555–556, 559
Packs/EmailCommunication/Scripts/SendEmailReply
SendEmailReply.py	497	97	80%	40–44, 46, 273, 298, 303, 318, 366, 385, 388, 410–413, 527, 532, 556, 609–610, 612–613, 617–622, 624–626, 633–634, 636–637, 641–645, 647, 706, 729, 738, 742, 817–818, 823, 837, 839, 841–843, 846–849, 851–852, 881–882, 890–891, 897–898, 1004, 1022, 1123, 1153–1154, 1221, 1231, 1261–1262, 1304, 1308, 1317, 1321–1325, 1329–1333, 1392, 1403, 1455, 1494, 1534, 1537, 1562–1563
TOTAL	740	163	77%

Tests	Skipped	Failures	Errors	Time
93	0 💤	0 ❌	0 🔥	15.306s ⏱️

content-bot · 2026-02-23T10:28:17Z

🤖 Content AI Reviewer: Analysis started. Please wait for results...

content-bot · 2026-02-23T10:28:19Z

Review not published as no human-reviewer was assigned as reviewer.

marketplace-ai-reviewer · 2026-03-25T09:41:08Z

🤖 Analysis started. Please wait for results...

marketplace-ai-reviewer · 2026-03-25T09:57:55Z

🤖 AI Review Disclaimer

This review was generated by an AI-powered tool and may contain inaccuracies. Please be advised, and we extend our sincere apologies for any inconvenience this may cause.

marketplace-ai-reviewer

Hi, thanks for your contribution to the EmailCommunication pack! I've reviewed the PR and left a few notes, primarily focusing on backward compatibility and error handling. Please verify that the timestamp format changes and the removal of get_utc_now() won't break existing unit tests, ensure you catch specific exceptions rather than a broad Exception, and remember to include the necessary YAML and Pack Metadata bumps. Thanks again for your hard work!

Additionally, please address the following file-level notes:

Packs/EmailCommunication/Scripts/PreprocessEmail/PreprocessEmail.py: Missing YAML configuration update and Pack Metadata bump.
Packs/EmailCommunication/Scripts/SendEmailReply/SendEmailReply.py: Missing YAML configuration update.

@kamalq97 please review and approve the results generated by the AI Reviewer by responding 👍 on this comment.

…communication

content-bot · 2026-03-25T12:41:29Z

Validate summary
The following errors were thrown as a part of this pr: DO106.
The following errors cannot be ignored: DO106.
If the AG100 validation in the pre-commit GitHub Action fails, the pull request cannot be force-merged.
The following errors don't run as part of the nightly flow and therefore can be force merged: DO106.

Verdict: PR can be force merged from validate perspective? ✅

* added support for time_zone arg * added rn * added support for time_zone arg * added rn * fixed UTs

* Add override agent functionality to WildFireReports integration - Introduced `override_agent` parameter in WildFireReports.yml to allow users to specify the agent header for API requests. - Updated Client class to accept `override_agent` and modified `get_agent` method to utilize this parameter. - Enhanced agent detection logic based on platform. * release notes * Update WildFireReports integration to use `agent` instead of `override_agent`. * reorder params * Bump pack from version Base to 1.41.70. * Apply suggestion from @barryyosi-panw * Apply suggestion from @barryyosi-panw * Auto RN: refactoring-sso-password-spray (#43605) * Initial release notes for refactoring-sso-password-spray * Bump pack from version CortexResponseAndRemediation to 1.3.26. * Bump pack from version CortexResponseAndRemediation to 1.3.27. * Bump pack from version CortexResponseAndRemediation to 1.3.28. * Sync release notes from GitLab (3f13aef7) * Sync release notes from GitLab (e26d22e7) * Sync release notes from GitLab (6338f0ce) * Sync release notes from GitLab (6502d6df) * Sync release notes from GitLab (fb82c5f6) * Sync release notes from GitLab (0db0ddf3) --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: ArikDay <115150768+ArikDay@users.noreply.github.com> Co-authored-by: Karina Fishman <147307864+karinafishman@users.noreply.github.com> * fix conflict (#43644) * added support for time_zone arg (#43237) * added support for time_zone arg * added rn * added support for time_zone arg * added rn * fixed UTs * Fix SendEmailReply recipient email address casing (#43655) * Fix SendEmailReply casing (#43614) * Fixed issue with SendEmailReply when mailbox may be cased differently than configured. * Updated release info * Update 2_0_51.md --------- Co-authored-by: Ryan McVicar <rymcvicar@gmail.com> Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> * CRTX-237803 - CopyNotesToAlert script: fix error handling (#43642) * fix error handling * update docker image * Bump pack from version CommonScripts to 1.21.2. * update deprecated structures --------- Co-authored-by: Content Bot <bot@demisto.com> * Download large emails in Checkpoint HEC (#43659) * Download large emails in CheckPointHEC (#43451) * Update command/client to download presigned url file * Remove host option * Update cloudinfra auth to v2 * Update cloudinfra authentication to v2 * Raise exception if presigned url not returned Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Remove package-lock.json * add presigned url test response json * add package-lock.json * use master package-lock.json --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update release notes --------- Co-authored-by: Arvid Bushati <arvidb@checkpoint.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com> * [Core IOC] fix api key error from automation rule (#43643) * init * RN * Update Packs/Core/ReleaseNotes/3_5_25.md Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> * small thing --------- Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> * Added check if the endpoint starts with /platform in Core REST API (#43602) * Added check if the endpoint starts with /platform in Core REST API (#43207) * Added a check to see if the endpoint being called starts with /platform. Currently in XSIAM if the endpoint starts with /platform and the user is attempting to make the api call using the Core REST API integration, the integration adds the /xsoar path into the URI, making the call invalid. * changed ispublicapi and isplatformapi from var to const, as suggested by the review bot * added a const for "isXsoar" to ensure consistency with the other two new constants previously added into this function. * Update release notes --------- Co-authored-by: kbajkowski <118195969+kbajkowski@users.noreply.github.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com> Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> * github actions fixes (#43658) Co-authored-by: github-pr-rebaser <github-pr-rebaser@local.invalid> * Cyberint Alerts: Update closure reason select values to human-readable (#43657) * Update closure reason select values to human-readable in Cyberint Alerts (#43592) * update the Data Residency field name * update the Data Residency field name * bump version in headers * remove region field, fix headers * add pytest-asyncio * fix lib versions * add new fetch types * update demisto-sdk * update demisto-sdk * add new alert fetch types * update poetry.lock * update docs * update poetry.lock * update poetry.lock * fixes * fix description mapping * updated docker image version * add release notes * add release notes * fix mirroring * fix poetry * minor fixes * LF * improve tests * revert python ver * minor updates * update tests * update code * update test * update test * fix test * fix test * fix test * make fields renaming * update closure reason variants * update closure reason variants * update closure reason variants tests * get version header value from get_pack_version() * add breaking changes info * rollback poetry.lock * rollback poetry.lock * update README.md * update ymls * fix README.md * update README.md * Update release notes * Update 1_3_2.md --------- Co-authored-by: klevitskiy <155461095+klevitskiy@users.noreply.github.com> Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com> * Auto RN: ss_refactor_silent-playbook-Suspicious_LDAP_search_query_Test (#43646) * Initial release notes for ss_refactor_silent-playbook-Suspicious_LDAP_search_query_Test * Bump pack from version CortexResponseAndRemediation to 1.3.30. * Sync release notes from GitLab (453c2e92) * Sync release notes from GitLab (becace54) * Sync release notes from GitLab (6614d059) --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Content Bot <bot@demisto.com> * GTI Release 2.1.3 (#43679) * GTI Release 2.1.3 (#43637) Co-authored-by: crestdatasystems <crestdatasystems@users.noreply.github.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> * Docker * docker --------- Co-authored-by: Crest Data <60967033+crestdatasystems@users.noreply.github.com> Co-authored-by: crestdatasystems <crestdatasystems@users.noreply.github.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: Moshe Eichler <meichler@paloaltonetworks.com> * Auto RN: Refactoring_Execution_of_an_uncommon_process_at_an_early_startup_stage (#43669) * Initial release notes for Refactoring_Execution_of_an_uncommon_process_at_an_early_startup_stage * Sync release notes from GitLab (1b2ef564) * Sync release notes from GitLab (a0c7d1ec) * Sync release notes from GitLab (095f7cfe) --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: OmriItzhak <115150792+OmriItzhak@users.noreply.github.com> * Auto RN: Refactor-ProdReview-silent-A-user-executed-multiple-LDAP-enumeration-queries-Test (#43671) * Initial release notes for Refactor-ProdReview-silent-A-user-executed-multiple-LDAP-enumeration-queries-Test * Sync release notes from GitLab (c40ff91e) * Sync release notes from GitLab (7ba0f9f2) * Sync release notes from GitLab (45f1cad8) * Sync release notes from GitLab (9b429d6a) --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: ohados2601 <oamar@paloaltonetworks.com> * [ThreatConnect] - Added TQL filter support and configurable tag operator (#43561) * Enhance Threat Connect * fix YML collection * move TQL param * conflicts * ENDSWITH * RN * CR fixes * Update Packs/ThreatConnect/Integrations/ThreatConnectV3/README.md Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Update Packs/ThreatConnect/Integrations/ThreatConnectV3/ThreatConnectV3.yml Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Update Packs/ThreatConnect/Integrations/ThreatConnectV3/ThreatConnectV3.yml Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Update Packs/ThreatConnect/Integrations/ThreatConnectV3/README.md Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Update Packs/ThreatConnect/Integrations/ThreatConnectV3/README.md Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> --------- Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Auto RN: prod-review-pb-hotfix-user-attempted-to-connect-from-a-suspicious-country (#43683) * Initial release notes for prod-review-pb-hotfix-user-attempted-to-connect-from-a-suspicious-country * Sync release notes from GitLab (d8667f72) * Bump pack from version CortexResponseAndRemediation to 1.3.32. * Sync release notes from GitLab (be8a2dd4) * Sync release notes from GitLab (ccb64de4) * Bump pack from version CortexResponseAndRemediation to 1.3.33. --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Content Bot <bot@demisto.com> * Auto RN: Refactor-ProdReview-silent-playbook-Suspicious_Local_User_Account_Creation (#43688) * Initial release notes for Refactor-ProdReview-silent-playbook-Suspicious_Local_User_Account_Creation * Sync release notes from GitLab (4880af3a) * Bump pack from version CortexResponseAndRemediation to 1.3.33. --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: ohados2601 <oamar@paloaltonetworks.com> * clean up .pack-ignore (#43670) * fix * RN * Trigger GitHub pipeline (user-created PR) --------- Co-authored-by: CI Bot <ci@demisto.com> * XSUP-66162 Akamai WAF fix (#43675) * amp_odb_prod_raw * Updated ReleaseNotes * Updated ReleaseNotes * Updated ModelingRules * Updated ModelingRules * Oracle OCI - Add fetch for Search Logs (#43692) * Add fetch for Search Logs * update docker * Add tilda handling for indicatorsearch in agg script api module (#43674) * apply fix * update rn * Fixed KeyError in mimecast-remove-group-member command (#43704) * fixed an issue * added rn * updated do * Auto RN: dra-pb-fix-wmi-process-execution (#43653) * Initial release notes for dra-pb-fix-wmi-process-execution * Bump pack from version CortexResponseAndRemediation to 1.3.31. * Bump pack from version CortexResponseAndRemediation to 1.3.32. * Bump pack from version CortexResponseAndRemediation to 1.3.33. * Bump pack from version CortexResponseAndRemediation to 1.3.34. * Bump pack from version CortexResponseAndRemediation to 1.3.35. * Bump pack from version CortexResponseAndRemediation to 1.3.36. * Sync release notes from GitLab (f9160f08) --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Dror Avrahami <davrahami@paloaltonetworks.com> * Fix Qualys issue - XSUP-63834 (#43610) * fix * fix * improve code * format * image * ruff * Empty commit * refactor * add test * Empty commit * Fixed a bug with indicator create expiration date (#43668) * Fixed a bug with indicator create expiration date * Update docker image * Fixed docker rn :( * added the _Demisto__do mock function to demistomock (#43709) * Add Ignore GR103 (#43720) * Add ignore GR103 * add ignore * Migrate Jamf integration from Classic to Pro API (#43588) * - migrate deprecated JAMF Classic API to Pro API - add jamf-get-computer-subset command * increment version number and add release notes * pre-commit formatting * update documentation * fix identifier mapping for predefined argument commands * update breaking changes note * remove datetime mapping and transformation * update all affected unit tests * pre-commit formatting * Apply suggestions from doc review Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * address doc review suggestions * replace logic with existing helper function * remove basic auth argument * apply suggestion * remove carried over path mappings * fix incorrect context path prefix to match design requirement * apply suggestions * add typehints * refactor as suggested * ruff format * update `jamf-get-computer-by-match` task to use new `filter` argument * update docker image version * add missing sectionorder and section keys * update readme * add pack warning ignore * fix typo * fix context path prefix to match documentation * fix bugs and address suggestions * update readme --------- Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Fix TrendAI Vision One v3 integration proxy issue at Cortex XSOAR V8 (#43716) * Fix TrendAI Vision One v3 integration proxy issue at Cortex XSOAR V8 (#43698) * feat(TrendMicroVisionOneV3): add proxy support and conditional SSL warning suppression - Add handle_proxy() call in main() to support proxy configuration - Move urllib3.disable_warnings() to be conditional on the 'insecure' parameter instead of always disabling SSL warnings globally - Bump docker image to demisto/pytmv1:0.10.1.7762963 * TrendAI Vision One v3 release notes update * feat(TrendMicroVisionOneV3): enhance client initialization and add debug logging * feat(TrendMicroVisionOneV3): support max_fetch parameter and implement alert sorting * update release notes * feat(TrendMicroVisionOneV3): remove unused max_fetch parameter and enhance incident fetching * remove Max Incidents parameter from README * update current version to 4.5.4 - adjust first fetch default value * update release note * ruff format code --------- Co-authored-by: qinshuang1998 <1378860132@qq.com> * Update release notes --------- Co-authored-by: bot-trendmicro <shawn_qin@trendmicro.com> Co-authored-by: qinshuang1998 <1378860132@qq.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com> * CoreGetIssuesPrivate (#42328) * CoreGetIssuesPrivate * ruff * patch * patch * tests * rn * rn +ruff * searchIssues * rn + ruff * ruff * pre commit * --allow-empty * pre commit * tests * ruff * tests * remove tests * status typo * tests * tests * Bump pack from version CommonScripts to 1.20.61. * coverage * coverage * tests * update case tests * deafultValue * rn validation * supported moduels * pre commit * rn * pack metadata * rn * split to get issues and get alerts * rn * rn * ruff * rn * get issues * tests * test * Bump pack from version Core to 3.4.71. * rn * rn * rn * remove issue to alert * filter * add issue metadata * Ruff * Bump pack from version Core to 3.4.73. * Bump pack from version CommonScripts to 1.20.63. * limit, offset, timeframe * tests * tests * TestS * conflict * crowdStrike * Bump pack from version CommonScripts to 1.20.64. * Bump pack from version Core to 3.4.85. * Bump pack from version ApiModules to 2.3.6. * Bump pack from version Core to 3.4.86. * Bump pack from version CortexXDR to 6.2.51. * filterBuildeR * Triggering build: empty commit * WILDCARD * filter types * IP_MATCH, NEQ * get_webapp_data * Identity_type and rn for ctf01 * Bump pack from version Core to 3.4.95. * Bump pack from version CommonScripts to 1.20.74. * merge from master + email to mail * cr * code review * ruff * Bump pack from version Core to 3.5.14. * code review * Bump pack from version CommonScripts to 1.20.84. * Bump pack from version ApiModules to 2.4.3. * pre commit * rn * trigger build * trigger build * is_platform() * code review * / * ruff * tests * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * Bump pack from version CommonScripts to 1.21.1. * rn * agent to endpoint * Trigger GitHub pipeline (user-created PR) * endpoint to agent * endpoint to agent * docker image * docker image * Bump pack from version CommonScripts to 1.21.2. * trigger build * trigger build * Trigger GitHub pipeline (user-created PR) * trigger build * Trigger GitHub pipeline (user-created PR) * Bump pack from version CommonScripts to 1.21.3. * Bump pack from version Core to 3.5.26. * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: CI Bot <ci@demisto.com> * CRTX-216136_fix_aws_rds_table (#43623) * CRTX-216136_fix_aws_rds_table * update rn * update rn * update rn * CRTX-235042/Fix/Prevent Page Break and Text widgets from querying incidents DB (#43572) * fix: prevent Page Break and Text widgets from querying incidents DB (CRTX-235042) * Update Packs/CommonWidgets/ReleaseNotes/1_2_61.md Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Update release notes for dataType change * revert changes * r * Added the NoOp scripts for the text based widgets * revert --------- Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * CRTX-239148 CP FW Update (#43722) * Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes * add to pack ignore (#43727) * secrets-ignore * add more secrets * Auto RN: core-timeline-commands (#43535) * Initial release notes for core-timeline-commands * Sync release notes from GitLab (39955431) * Sync release notes from GitLab (e40a5c08) * Sync release notes from GitLab (73a20007) * Sync release notes from GitLab (83fca29d) * Sync release notes from GitLab (07ba3bb0) * Sync release notes from GitLab (8057c846) * Sync release notes from GitLab (d85ccd17) * Sync release notes from GitLab (a6b098bb) * Delete Packs/Core/ReleaseNotes/3_5_24.md * Delete Packs/Core/ReleaseNotes/3_5_25.md * Apply suggestion from @michal-dagan * Apply suggestion from @michal-dagan --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * Added a separate client_id param to ms sentinel (#43450) * Added a separate client_id param to ms sentinel * modified release notes * restore * CoreGetIssuesDeafultValues (#43731) * Fix: TAXII2 partial labels - XSUP-65746 (#43618) * fix: TAXII2 partial labels - XSUP-65746 - Fix add_sdo_required_field_2_1 to map tags -> labels for TAXII 2.1 SDO types (indicator, malware, report, threat-actor, tool). Previously this mapping only existed for TAXII 2.0, causing all SDO labels to be missing when serving TAXII 2.1 (the default). - Fix convert_sco_to_indicator_sdo to merge score-based labels with custom tags from CustomFields.tags. Previously only a single score-based label was emitted, dropping all custom indicator tags. - Add unit tests for both fixes. - Add release notes for TAXIIServer 2.2.4 and ApiModules 2.4.3. * Delete RN * CRTX-217396 - aws quick actions (#43388) * first commit * add quickactions * agter demo * update RN * fixes * fixes * ai cr fixes * remove iam-role quickaction * rn fixes * cr fixes * cr fixes * cr fixes * fixes * fixes * pack ignore * doc review fixes * cr fixes --------- Co-authored-by: rshunim <102469772+rshunim@users.noreply.github.com> * Specteropsbhe v1.0.0 (#43616) * Specteropsbhe v1.0.0 (#42281) * Initial Commit * Removed pack ignore content * This change was requested from XSOAR review team. Updating support type from xsoar to community * Incorporating fixes based on the PR comments from the XSOAR team * Adding some more fixes of PR comments from XSOAR team * Fixing minor pre-commit issues * Incorporating fixes based on the PR comments * Update validation_config.toml as main version * Update validation_config.toml as main version * Add SpecterOpsBHE Attack Path incident type JSON file * update YAML configurations, remove unused fields, and add documentation image * Update SpecterOpsBHE integration YAML configuration and fix image path in README * fix: update image paths in README and remove obsolete playbook screenshot --------- Co-authored-by: ishikap-metron <ishika.patidar@metronlabs.com> Co-authored-by: barryyosi-panw <byosilevich@paloaltonetworks.com> Co-authored-by: barryyosi-panw <158817412+barryyosi-panw@users.noreply.github.com> * Added support for override argument in the zscaler-edit-ip-destination command (#43619) * Added support for *override* argument in the **zscaler-edit-ip-destination-group** command. * revert * fixes * chore: delete old supported modules - part 4/4 (#43569) * chore: delete old supported modules - part 3/4 (#43568) * chore: delete old supported modules - part 3/4 * merge from master * merge from master * merge from master * merge from master * CRTX-235259_update_credentials_params (#43547) * first commit * tests fixes * build fixes * fixes * cr fixes * chore: delete old supported modules - part 1/4 (#43567) * chore: delete old supported modules - part 1/4 * merge from master * merge from master * Xsup 64556 fix nvd severity filter and timeouts (#43485) * Update NVD API integrations for FeedNVDv2 to support CVSS v4 severity and other improvements. * Add NVD API rate limits and primary CVSS entry selection. * test data * Add error handling and descriptive output for empty CVE results. * Update FeedNVDv2 integration to sort deduplicated CVEs by last-modified date for consistent batch trimming and trim batches based on remaining indicators. * Update FeedNVDv2 integration to use boolean values for proxy and hasKev parameters. * Update fetch indicators command to persist progress correctly. * Simplify setting of last run data in FeedNVDv2.py. * Trigger AI Reviewer * Update FeedNVDv2 integration to use CVE.ID and improve output schema. * Rename NistNVDv2.Indicators.id to CVE.ID * Update contextPath for various outputs to use CVE instead of NistNVDv2.Indicators * Trigger AI Reviewer * Update CVE data processing to include CVSS Version and Severity fields * Update Packs/FeedNVDv2/ReleaseNotes/1_1_0.md Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/FeedNVDv2/ReleaseNotes/1_1_0.md Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/FeedNVDv2.yml Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/FeedNVDv2.yml Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/FeedNVDv2.yml Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/FeedNVDv2.yml Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update CVSS severity filter options and default value. * Add new CVSSv3 severity option. * Update CVSS severity filter to use default value from CVSSv3. * Update FeedNVDv2 integration to use NistNVDv2 indicators. * Renamed 'CVE' prefixes to 'NistNVDv2.Indicators' in FeedNVDv2.py and YAML file. * rever BC changes * revert output prefix * update docs * update docs * update RN * Update build_indicators function to use preferred CVSS versions and refactor CVSS data processing. * Fix: Use matched CVSS version when present in build_indicators and cves_to_war_room functions. * Add 'Include Rejected CVEs' option and improve timeout handling in fetch logic * fix: use DEFAULT_MANUAL_HISTORY for history argument in manual_get_indicators_command * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/README.md Co-authored-by: Marketplace AI reviewer <svc-mp-ai-reviewer@paloaltonetworks.com> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/README.md Co-authored-by: Marketplace AI reviewer <svc-mp-ai-reviewer@paloaltonetworks.com> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/README.md Co-authored-by: Marketplace AI reviewer <svc-mp-ai-reviewer@paloaltonetworks.com> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/README.md Co-authored-by: Marketplace AI reviewer <svc-mp-ai-reviewer@paloaltonetworks.com> --------- Co-authored-by: Content Bot <Content-Bot@users.noreply.github.com> Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> Co-authored-by: Marketplace AI reviewer <svc-mp-ai-reviewer@paloaltonetworks.com> * CRTX-229093 Agentix | Telemetry Failures | EnrichURL (#43408) * normalize urls * maintain same schema * not raising errors when all urls don't exist * rn * rn * rn * rn * rn + tests * rn + tests * pre commit * Bump pack from version Base to 1.41.68. * Bump pack from version AggregatedScripts to 1.3.30. * Bump pack from version AggregatedScripts to 1.3.31. * Bump pack from version Base to 1.41.69. * revert changes * revert changes * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: CI Bot <ci@demisto.com> * Remove unused arg from service desk plus docs (#43625) * Update README.md * Update release notes * Update docker image * XSUP 65733 azure security center update (#43636) * Updated ParsingRules * Updated ReleaseNotes * Updated ReleaseNotes * fix(review): address code review comments on TAXII2 labels fix - Use 'or []' instead of default=[] so explicitly-None tags are handled - Cast tags to str() before .lower().replace() to prevent AttributeError - Simplify fallback logic: 'tags or [type]' replaces the verbose 'tags if tags != [] else [type]' pattern * docs: update auto-generated RN stubs for TAXII2ApiModule dependents All packs that depend on TAXII2ApiModule received auto-generated stub release notes. Updated them to reflect the actual change: the module was enhanced to fix partial labels in TAXII 2.1 responses, with no direct impact on these integrations/scripts. * docs: fix RN prefixes for TAXII2ApiModule dependent packs Use 'Updated the' prefix and remove trailing 'no impact' sentence to comply with release note style guidelines. * Bump pack from version CommonScripts to 1.21.2. * pre-commit fixes * Bump pack from version CommonScripts to 1.21.3. * Add RN * Bump pack from version CommonScripts to 1.21.4. --------- Co-authored-by: masulin97 <masulin@paloaltonetworks.com> Co-authored-by: rshunim <102469772+rshunim@users.noreply.github.com> Co-authored-by: Content Bot <55035720+content-bot@users.noreply.github.com> Co-authored-by: ishikap-metron <ishika.patidar@metronlabs.com> Co-authored-by: barryyosi-panw <byosilevich@paloaltonetworks.com> Co-authored-by: barryyosi-panw <158817412+barryyosi-panw@users.noreply.github.com> Co-authored-by: Shir Matathias <132361594+Shir2611@users.noreply.github.com> Co-authored-by: Content Bot <Content-Bot@users.noreply.github.com> Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> Co-authored-by: Marketplace AI reviewer <svc-mp-ai-reviewer@paloaltonetworks.com> Co-authored-by: Maya Goldman <94686128+mayyagoldman@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> Co-authored-by: eepstain <116078117+eepstain@users.noreply.github.com> * demisto-sdk-release 1.38.23 (#43736) * poetry files * update validation config file --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: yedidyacohenpalo <yecohen@paloaltonetworks.com> * Auto RN: dra-pb-fix-WmiPrvSe (#43652) * Initial release notes for dra-pb-fix-WmiPrvSe * Bump pack from version CortexResponseAndRemediation to 1.3.31. * Bump pack from version CortexResponseAndRemediation to 1.3.32. * Bump pack from version CortexResponseAndRemediation to 1.3.33. * Bump pack from version CortexResponseAndRemediation to 1.3.34. * Bump pack from version CortexResponseAndRemediation to 1.3.35. * Bump pack from version CortexResponseAndRemediation to 1.3.36. * Sync release notes from GitLab (9408fb59) * rn bump * Sync release notes from GitLab (9ca202af) --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Dror Avrahami <davrahami@paloaltonetworks.com> * Auto RN: mdagan-master-patch-96983 (#43737) * Initial release notes for mdagan-master-patch-96983 * ignore GR103 * Sync release notes from GitLab (899d4df9) --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: michal-dagan <mdagan@paloaltonetworks.com> Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * version bump only (XQL view graph) (#43250) * Initial support for view graph queries * Unit tests * Remove diff * Core - Add widget name and description parameters to XQL query command * Fix * Add log * Improve XQL query results retrieval with force_stream=False optimization * Fix * Fix * fix * Restore specific files to match master * Add ReleaseNotes * Trigger GitHub pipeline (user-created PR) * Bump pack from version Core to 3.5.26. * Bump pack from version Core to 3.5.27. * Bump pack from version Core to 3.5.28. * Trigger GitHub pipeline (user-created PR) --------- Co-authored-by: Sapir Malka <samalka@paloaltonetworks.com> Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * ServiceNow-XSUP-65101 (#43601) * ServiceNow-XSUP-65101 * true * test * ruff * ruff * docker image * code review * revert teams * test * Update validation_config.toml (#43747) * CRTX-227948 fix qa's (#43620) * Merge master to dev-cloud (#41128) * update codeowners - platform automation (#40952) * update codeowners * Update CODEOWNERS * Update CODEOWNERS * Fix JiraV3 Issues Query using deprecated endpoint (#41025) * Update the issue query endpoint and replace start_at with next_page_token * Fix next page token output * Change to use old ep when start_at is given; add UTs * update rn * error message * Added BC note * Update 3_3_7.md * Apply suggestions from doc review Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * log the actual error --------- Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Bump pack version. (#40999) * Nbensalmon/ciac 10618/collection app sentinels.ai (#39982) Appsentinels.ai offers a platform for collecting, analyzing, and managing security events to provide comprehensive application protection. * Updated Relationship names in Mandiant Enrich and Feed Mandiant Integ… (#40947) (#41113) * Updated Relationship names in Mandiant Enrich and Feed Mandiant Integration * Fixed typo in FeedMandiantThreatIntelligence.py * Increment pack version and Docker tags --------- Co-authored-by: adamlevymandiant <93735185+adamlevymandiant@users.noreply.github.com> Co-authored-by: Adam Levy <adamhlevy@google.com> * XSUP-54313 (#40991) * Initial implementation * Fix UT * ruff chagnes * UT * ruff * RN and UT * ruff * Update Packs/CrowdStrikeFalcon/ReleaseNotes/2_3_7.md Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Minor fix * Fix UT * Apply suggestion from @AradCarmi Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> * Apply suggestion from @AradCarmi Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> * Delete Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/integration-CrowdStrikeFalcon.yml * final CR * Change user key * Raise version * RN * Fix --------- Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> * Xsup 55040 (#41063) * required yml fields to allow mapping * yml changes * return results * return results * pre-commit * pre-commit * pr comments * pr comments * pre commot * Mark remaining internal scripts with isInternal (#41083) * Add missing isInternal to agentix scripts * Bump versions and RN * Update docker * Remove list notation from rn * Apply suggestions from doc review Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Fix rn * Bump pack from version CrowdStrikeFalcon to 2.3.9. * replace rn with generic message --------- Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> * fix get-endpoint-data action inputs (#41118) * bump version of aggregated scripts * Update 1_1_3.md * Whois - adding another regex for registrant_regexes (#41116) * add one log to see the raw-response as is * adding another regex for registrant_regexes * CRTX-165828 - Mapping Tigera Calico Secure (#40925) * create all files * remove unwanted files * update readme according to tech writer suggestions * update readme * create files * fix timestamp parsing rule * fix timestamp parsing rule * fix timestamp parsing rule * fix readme * fix readme * fix metadata - add platform * fix time parsing * fix time parsing * fix readme precommit error * fix readme precommit error * fix xif * readme file error * readme file error * fix xif * change ip_protocol * cisco umbrella - use risk score for domain verdict (#41000) * domaine verdict update to use risk score * update rn * Update Packs/Cisco-umbrella/ReleaseNotes/2_0_5.md Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * sectionOrder and docker image * add docker update to release note * send risk_score and improve threshold logic * update Threshold default value --------- Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * Updating Trend Micro Vision One pack (#41079) * Updating Trend Micro Vision One pack * Updating RN * fixing rn and md * fixing fields in modeling rules * TIM/Improve the removal of trailing characters in the format URL script (#41075) * TIM/Improve the removal of trailing characters in the format URL script * Bump pack from version CommonScripts to 1.20.7. * Bump pack from version CommonScripts to 1.20.8. * cr fixes * Bump pack from version CommonScripts to 1.20.9. * Bump pack from version CommonScripts to 1.20.10. * empty commit * fixes --------- Co-authored-by: Content Bot <bot@demisto.com> * Microsoft Management Activity API (O365/Azure Events) integration request to have case insensitive for Operations to fetch (#41070) * Operation filter changed to lowercase * Operation filter changed to lowercase * formatter * formatter * formatter * back to doc change only * back to doc change only * Small change * Small change * Small change * Small change * merged from master * review changes * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity.yml Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity.yml Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity_description.md Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/MicrosoftManagementActivity/ReleaseNotes/1_3_60.md Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity_description.md Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity_description.md Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * small changes * small changes * small changes * small changes * small changes * small changes * added to readme * added to readme * Update Packs/MicrosoftManagementActivity/ReleaseNotes/1_3_60.md Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> --------- Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> * Fix get user data ad missing args (#41125) * fix the arg name username is directed to when calling ad-get-user * added rn --------- Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> Co-authored-by: Sapir Malka <44067957+itssapir@users.noreply.github.com> Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> Co-authored-by: Mike Rizzo <mrizzo@paloaltonetworks.com> Co-authored-by: Niv Ben Salmon <nbensalmon@paloaltonetworks.com> Co-authored-by: content-bot <55035720+content-bot@users.noreply.github.com> Co-authored-by: adamlevymandiant <93735185+adamlevymandiant@users.noreply.github.com> Co-authored-by: Adam Levy <adamhlevy@google.com> Co-authored-by: Tal Zichlinsky <35036457+talzich@users.noreply.github.com> Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> Co-authored-by: Maya Goldman <94686128+mayyagoldman@users.noreply.github.com> Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: rshunim <102469772+rshunim@users.noreply.github.com> Co-authored-by: akshotiamit-pa <aakshoti@paloaltonetworks.com> Co-authored-by: yedidyacohenpalo <162107504+yedidyacohenpalo@users.noreply.github.com> Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> Co-authored-by: ellopez777 <159898322+ellopez777@users.noreply.github.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: almog2296 <alabudi@paloaltonetworks.com> Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com> * Merge branch 'master' into dev-cloud * CRTX-193174 - CloudTrail describe command (#41105) * CRTX-193174 * finish implemention py, add unit-test, add RN * Empty-Commit to trigger build * doc review fixes * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * doc review fixes * Empty-Commit to trigger build * add description * fix demo comments * fix UT, add contextpaths * add errors handling mechanism to the main * README fix * error hundling * RN change version number --------- Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * CRTX-192056 - S3 existing commands (#41129) * CRTX-192056 * implement commands * remove download and upload commands * fix yml contextpath, fix commands implemention, delete contextpath from README * add UT, doc review, little fix * Demo fixes * fix RM102 * reslove conflicts * CRTX-187358 - Instance commands (#40861) * Empty-Commit - CRTX-187356 * add RN and commands template method * update RN * change RN, add commands templates, add command mapping, order REQUIRED_ACTIONS * add yml commands, add methods * add describe method, add quick actions, add contextpath * fix pre-commit errors, change arguments names * change supportsquickactions place in yml * delete long context from yml fix describe command add readme * fix pre-commit errors * add arguments pretty names * remove tag_specifications rewrite parse_filter_field * change description of filter argument, limit filter regex, add RN * add dot, add REQUIRED_ACTIONS, add tests * fix error Using variable 'error_message' before assignment * delete failed test * add return to the delete_security_group_command * fix regex * fix regex * error hundling * fix method issue * fix delete method and fix error entry * fix parse_filter_field method * improve regex * add AWSErrorHandler, add pagination for describe_command,fix filter regexs, fix describe command * fix aws-ec2-security-group-egress-authorize update README.md * Empty-Commit - CRTX-187358 * change aws-ec2-security-group-describe to aws-ec2-security-groups-describe * add quickaction prettypredefined * fixed deleted ip_permissions arg * change regex and errors hundling * add COOC error handling * replace *port* arg support, add bc RN * fix UT * error hundling * error hundling * remove quick action * fix UT * fix test_ec2_create_security_group_command_client_error test * fix UT, add remove_encoded_authorization_message method * fix UT * change API Module, Fix UT, Fix README, Add ex to yml * replace parse_resource_ids with argToList * fix from argToList(args.get("group_ids",[]) to argToList(args.get("group_ids",[])) * Update AWS.py * remove AccountId context from aws-ec2-security-group-create command * remove regex overlaps * remove regex overlaps * Update README.md * change from_port to_port description, README Re-generated and doc-review fixes * Update 3_0_0.md * first implementation * add describe_instances_command and fix yml * Update AWS.py * Update AWS.py * change implementation, add more info to README * fix tests according to new implemntion * change yml for create command * change ruff errors * add parse_tag_field method * Update AWS.py * remove any CRTX-187356 * remove any CRTX-187356 * remove any CRTX-187356 * Add README for new commands, Delete yml not supported arguments, Add UT, Fix parse_tag_field method and add UT * fix UT * change AWSErrorHandler * fix yml defaultvalue to defaultValue and change PREDEFINED from capital letters * change defaultValue to defaultvalue in configuration AWS.yml * change build_pagination_kwargs * doc review * doc review * finish doc review * add methods * change process_instance_data * fix CR review * add tests form #40861 to here * update docker, update RN, add errors handling mechanism to the main * add tests and fix build_pagination_kwargs * ruff format errors * add errors handling mechanism to the main - aws error hundling * ruff format errors * change cotextpath * change metadata version * change context path * Update AWS.py * RM102 change * Update README.md * pre-commit fixes * Update AWS.py * Update AWS.py * CR review fixes * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * fix error handling, fix UT * reslove conflicts and CR review fixes * reslove conflicts * change metadata version * CR review fixes * reslove conflicts --------- Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * feat: add AWS EKS, EC2 snapshot and ECS cluster management commands (#41101) * feat: add AWS EKS, EC2 snapshot and ECS cluster management commands * style: reformat AWS integration YAML with consistent indentation and quotes * feat: add AWS EKS cluster management commands and update EC2 snapshot functionality * docs: relocate command descriptions to top of AWS integration command blocks * test: add AWS ECS/EKS/EC2 snapshot and cluster management tests * fix: add error handling and debug logs for AWS EC2, EKS and ECS operations, added tests * fix: update AWS region parameter and add missing EC2/EKS/ECS required actions * fix: update ECS cluster settings with correct parameter names and error handling * style: fix indentation in ECS cluster settings update method * refactor: move parse_tag_field function to module level and improve error handling - cr * refactor: simplify error handling in ECS cluster settings update + cr * cr * cr * cr * docs: add docstring and tests for EC2 snapshot permission modification * pc * feat: update AWS regions and remove redundant isArray flags in EKS commands * docs: consolidate AWS S3 bucket commands into v2.1.5 release notes * Changed context path to Snapshot * docs: update EC2 snapshot output paths from plural to singular form * fix: update EC2 snapshot test output prefix from plural to singular * CRTX-187328: GCP commands (#41302) * commands * unit tests and commands updates * error handling + fine tunning * removed iam unit tests + pre-commit updates * removed the iam commands * pre-commit updates * readme * yml + readme updates * rn * remove metadata-set command * review * pre-commit readme updates * unit tests and small fixes * small updates * small README update * remove debug statements * README pre-commit * labels-set add oprion and unit tests * pre-commit and small fixes * readme * xsoar * error handling explanation * cr updates * fixed unit tests * pre-commit * doc review * readme * add labels and labelFingerprint to hr * pre-commit * do106 * rn * Add commands from Azure NSG to Azure integration (#41096) * add pattern * add pattern * added commands to yml * added all commands * fixed yml * changes * fixed yml and py * added unittest beside the delete function * removed mock from publicip * fixed unittests * fixed pre commit errors * changed docker image, aligned readme and run precommit * fixed delete function * fixed conflicts * added command exmaples * fixed readme * fixed readme * added the permissions to the py file * Update pack_metadata.json * edited the permissions in the py file * run pre commit * fixed ai cr * added descriptions to functions * changes * added to readme * fixed readme * removed letter * fixed delete function * added unittest for delete * Added also the case of 200 in the delete command * Added patterns for the new 2 commands * added first command and permissions * added both commands * added to readme * added json and unttests for 2 commands * run pre commit * fixed permissions' * Apply suggestions from code review Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * added 2 commands to rn * fixed errors in delete, commit before errors handeling change * Added a new dict and handle errors 401 and 403 * added unittests and fix error handling * added try-except to commands * run pre commit * fixed the delete function * fixed * added exmaples for 2 commands * removed the subsriptions list * removed the 2 additional commands * run pre commit * removed more in yml * removed jsons test and from commands examples * fixed handle_azure_error function * added descriptions * added a small test for etag * added return types * fixed delte rule functio * fixed delte rule functio * fixed issues after demo * fixed unittests * added more unittets * removed a file * added retuen statments * pre commit * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * added comments * fixed context paths * fixed readme * run pre commit * review and pre-commit * updated the doc strings * cr updates * doc review * README update * error entries --------- Co-authored-by: noydavidi <nodavidi.paloaltonetworks.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Add blob commands to Azure integration (#41147) * added the commands * added to readme * created rn * added the examples command and jsons * Added the util_load_json function * run pre commit * CR: extract Azure resource info parsing into dedicated function and simplify code * notes from demo * fix: move removeNull parameter to correct TableData constructor argument * pc * refactor: remove unused util_load_json function from Azure test file * doc review + pc --------- Co-authored-by: noydavidi <nodavidi.paloaltonetworks.com> Co-authored-by: MLainer1 <mlainer@paloaltonetworks.com> * Crtx 196562 add aws additional commands (#41466) * init aws-s3-delete-bucket-website command * delete_bucket_website_command done * wip modify_event_subscription_command * allign with naming convention and add aws-s3-bucket-ownership-controls-put * enforce OwnershipControls contain rules * put_bucket_ownership_controls_command validations * add aws-ec2-subnet-attribute-modify * fine tuning * wip modify_event_subscription_command * wip modify_event_subscription_command * wip * wip * add modify_subnet_attribute_command * wip * wip * done modify_subnet_attribute_command * add docstrings * delete expected bucket owner * create ownership control dict in code * add unit tests * fix unit tests * ruff format * ruff format * add rn, pack metadata and readme * revert pack metatadata * fix readme, output of aws-rds-event-subscription-modify * pre commit changes * fix arg_to_boolean_or_none * Update Packs/AWS/Integrations/AWS/AWS.py Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * docs * Update Packs/AWS/Integrations/AWS/AWS.py Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * ruff * ruff * add modify_event_subscription_command * empty commit * empty commit --------- Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Aws additional commands s3 upload/download (#41599) * commands * working commands * release notes + readme * release notes + readme * release notes + readme * release notes + readme * minor change * minor change * Your commit message here * Your commit message here * minor change * added context path to yml * changed permission * Update Packs/AWS/Integrations/AWS/AWS_test.py Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS_test.py Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/README.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/README.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/README.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * empty commit --------- Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Add Azure VM commands (#41559) * Azure QA Batch1 (#41528) * add subscription id argument * commands * update release notes * add permission + update release notes * tests change * tests change * tests change * tests change * tests change * Update Packs/Azure/Integrations/Azure/Azure.yml Co-authored-by: Moish-Gilboa <moish.gilboa@gmail.com> * tests change * merged from master * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud --------- Co-authored-by: Moish-Gilboa <moish.gilboa@gmail.com> * Azure QA Batch2 (#41529) * add permission + update release notes * add permission + update release notes * add permission + update release notes * tests change * tests change * tests change * tests change * tests change * tests change * tests change * tests change * tests change * tests change * docs * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * Gcp quick actions (#41446) * added quick actions * fixed qa * rn and fix * added default values * fix qa's * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * fix pr comments * ruff format * ruff format * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * generate README * pre-commit updates --------- Co-authored-by: ilaredo <ilaredo@paloaltonetworks.com> Co-authored-by: ilaredo <166304750+ilaredo@users.noreply.github.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Crtx 196222 support aws new quick actions v2 (#41509) * add aws ec2 revoke-security-group-ingress qa * wip * wip * add some qa's * add qa's * add qa's * add qa's * add qa's * merge * add qa's * fix identation * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * add description * add qa * add rn for aws * add rn for aws-iam * add rn for aws-iam * Update Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * fix rn * fix pr comments * update aws-iam tag * ruff format * handle int convertion error * Update Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS-IAM/ReleaseNotes/1_1_76.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Apply suggestions from code review Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.py Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * generated docs * add readme * pre-commit updates * pre-commit updates * pre-commit updates * add 4 commands to readme --------- Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Azure QA Batch3 (#41531) * add permission + update release notes * add permission + update release notes * add permission + update release notes * add permission + update release notes * tests change * tests change * tests change * tests change * tests change * merged from dev-cloud * merged from dev-cloud * small changes * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * Platform AWS & Azure Billing & Budgets (#41564) * Platform AWS & Azure Billing & Budgets * README (#41706) * Az CIAC 13916.2 (#41711) * AWS new commands Crtx 193217 (#41622) * first commit * first commit * add commands + tests * add readme+release notes * add ignore context depth above 5 * add ignore context depth above 5 * small readme fix * tests change * tests change * removed kms command * removed kms command * fixed tests * fixed tests * fixed tests * fixed tests * small changes * small changes * small changes * merged from dev-cloud * update after review * update after review * update after review * update after review * update after review * update after review * update after review * feat: add EC2 VPC and IPAM resource discovery commands to AWS pack (#41554) * feat: add EC2 VPC and IPAM resource discovery commands to AWS pack * feat: add commands to describe VPCs and subnets in AWS EC2 * feat: add EC2 IPAM resource discovery commands and VPC/subnet descriptions * demo notes: enhance AWS EC2 table formatting and standardize pagination parameters * demo notes * chore: remove BA109 ignore rule from AWS pack configuration * chore: remove unused EC2 VPC and IPAM permissions from required actions list * review notes * docs: clarify AWS account ID description in EC2 IPAM commands * refactor: rename AWS EC2 describe commands to follow consistent naming pattern * revert to origin before merge * pc * revert readme for merge * feat: add AWS subnet and IPAM resource discovery commands to AWS integration * docs: update AWS integration with expanded region list and context output fixes * revert before merge * docs: fix markdown escaping in AWS integration documentation * rm * feat: add AWS EC2 commands for VPC, subnet, and IPAM resource discovery management * CRTX-193821/AWSLambda (#41596) * Empty-Commit * RN, update YML, Update py methods * update YML, add README, add commands, add tests * update tests, fixs py, fix readme * reslove conflicts * generate README.md * update README.md * delete extra lambda class * add raw response to invoke command * CR review * fix get_policy_command context * fix demo comments * CR review * CR review * CR review * reslove conflicts * reslove conflicts * fix tests * fix tests * Update AWS_test.py * update get-policy README * CR review * reslove conflicts * Create GCP Storage commands (#41632) * Create GCP Storage commands * Add GCP Compute commands (#41672) * Add 7 GCP Compute commands `gcp-compute-firewall-insert` `gcp-compute-firewall-list` `gcp-compute-firewall-get` `gcp-compute-snapshots-list` `gcp-compute-snapshot-get` `gcp-compute-instances-aggregated-list-by-ip` `gcp-compute-network-tag-set` * lambda commad add region (#41870) * Crtx 188346 aws ec2 add additional commands (#41717) * get_latest_ami_command wip * add create_network_acl_command * wip * add command * add create tags command * wip * get_latest_ami_command * fix get_latest_ami_command * fix create_network_acl_command * fix get_ipam_discovered_public_addresses_command * fix create_tags_command * add get_bucket_website_command get_bucket_acl_command * add docstrings * support pagination * support pagination * support pagination * add unit tests * add unit tests * FIX TAGS * add tests * wip * wip * fix get_latest_ami_command * fix unit tests * add get_ipam_discovered_public_addresses_command tests * add rn,readme, and fix commands * fix tag specification * fix descriptions * fix readme * demo comments * Apply suggestions from code review Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * fix pc comments * fix tests * fix conflict * add new rn * pre-commit fixes * pre-commit fixes * wip * wip * fix pr comment * ruff * fix max_results issues * remove whitespace from readme * remove whitespace from readme * remove whitespace from readme * remove limit and next token from latest-ami * Apply suggestions from code review Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * pr comments * Apply suggestions from code review Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * update readme for aws-ec2-tags-create * fix unit tests * ruff format * add empty line --------- Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * fixed aws rn * fix azure rn * fix gcp rn * fixed the quick actions naming in the rn * removed the quick actions from readme * aws-iam update readme and rn * removed docker image update from rn * limit default value 50 in gcp * fix unit test * commands and quick actions renaming * CRTX-203967-aws-update-certificate (#41682) * new pr * first commit * first commit * first commit * merged from dev-cloud * merged from dev-cloud + readme removal * merged from dev-cloud + readme removal * update * Empty-Commit * Crtx 193217 batch4 (#41708) * yml + .py * update after review * update after review * update after review * update after review * update after review * update after review * update after review * update after review * first commit * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * update * update * Crtx 204150 additional aws qas (#41767) * add 2 qa's * add eks qa's * add iam qa * add rn * wrap code * fix qa's * add readme * Apply suggestions from code review Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * pr comments * Apply suggestions from code review Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * ruff format * ruff format * revert readme, format files * revert format * format yml * add new line in the end of file * fix qa name * revoke aws-iam-suspend-access-for-role-quick-action * remove empty line * revert Enable IMDSv2, Block S3 Public Access qa * merged * add rn --------- Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * removed Revoke NSG Rule to Stop Traffic which is Update NSG to Block Traffic from Azure QA * add Enable IMDSv2 and Block S3 Public Access qa's (#42006) * add gcp com…

* added support for time_zone arg * added rn * added support for time_zone arg * added rn * fixed UTs

…sto#43571) * Add override agent functionality to WildFireReports integration - Introduced `override_agent` parameter in WildFireReports.yml to allow users to specify the agent header for API requests. - Updated Client class to accept `override_agent` and modified `get_agent` method to utilize this parameter. - Enhanced agent detection logic based on platform. * release notes * Update WildFireReports integration to use `agent` instead of `override_agent`. * reorder params * Bump pack from version Base to 1.41.70. * Apply suggestion from @barryyosi-panw * Apply suggestion from @barryyosi-panw * Auto RN: refactoring-sso-password-spray (#43605) * Initial release notes for refactoring-sso-password-spray * Bump pack from version CortexResponseAndRemediation to 1.3.26. * Bump pack from version CortexResponseAndRemediation to 1.3.27. * Bump pack from version CortexResponseAndRemediation to 1.3.28. * Sync release notes from GitLab (3f13aef7) * Sync release notes from GitLab (e26d22e7) * Sync release notes from GitLab (6338f0ce) * Sync release notes from GitLab (6502d6df) * Sync release notes from GitLab (fb82c5f6) * Sync release notes from GitLab (0db0ddf3) --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: ArikDay <115150768+ArikDay@users.noreply.github.com> Co-authored-by: Karina Fishman <147307864+karinafishman@users.noreply.github.com> * fix conflict (#43644) * added support for time_zone arg (#43237) * added support for time_zone arg * added rn * added support for time_zone arg * added rn * fixed UTs * Fix SendEmailReply recipient email address casing (#43655) * Fix SendEmailReply casing (#43614) * Fixed issue with SendEmailReply when mailbox may be cased differently than configured. * Updated release info * Update 2_0_51.md --------- Co-authored-by: Ryan McVicar <rymcvicar@gmail.com> Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> * CRTX-237803 - CopyNotesToAlert script: fix error handling (#43642) * fix error handling * update docker image * Bump pack from version CommonScripts to 1.21.2. * update deprecated structures --------- Co-authored-by: Content Bot <bot@demisto.com> * Download large emails in Checkpoint HEC (#43659) * Download large emails in CheckPointHEC (#43451) * Update command/client to download presigned url file * Remove host option * Update cloudinfra auth to v2 * Update cloudinfra authentication to v2 * Raise exception if presigned url not returned Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Remove package-lock.json * add presigned url test response json * add package-lock.json * use master package-lock.json --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update release notes --------- Co-authored-by: Arvid Bushati <arvidb@checkpoint.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com> * [Core IOC] fix api key error from automation rule (#43643) * init * RN * Update Packs/Core/ReleaseNotes/3_5_25.md Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> * small thing --------- Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> * Added check if the endpoint starts with /platform in Core REST API (#43602) * Added check if the endpoint starts with /platform in Core REST API (#43207) * Added a check to see if the endpoint being called starts with /platform. Currently in XSIAM if the endpoint starts with /platform and the user is attempting to make the api call using the Core REST API integration, the integration adds the /xsoar path into the URI, making the call invalid. * changed ispublicapi and isplatformapi from var to const, as suggested by the review bot * added a const for "isXsoar" to ensure consistency with the other two new constants previously added into this function. * Update release notes --------- Co-authored-by: kbajkowski <118195969+kbajkowski@users.noreply.github.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com> Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> * github actions fixes (#43658) Co-authored-by: github-pr-rebaser <github-pr-rebaser@local.invalid> * Cyberint Alerts: Update closure reason select values to human-readable (#43657) * Update closure reason select values to human-readable in Cyberint Alerts (#43592) * update the Data Residency field name * update the Data Residency field name * bump version in headers * remove region field, fix headers * add pytest-asyncio * fix lib versions * add new fetch types * update demisto-sdk * update demisto-sdk * add new alert fetch types * update poetry.lock * update docs * update poetry.lock * update poetry.lock * fixes * fix description mapping * updated docker image version * add release notes * add release notes * fix mirroring * fix poetry * minor fixes * LF * improve tests * revert python ver * minor updates * update tests * update code * update test * update test * fix test * fix test * fix test * make fields renaming * update closure reason variants * update closure reason variants * update closure reason variants tests * get version header value from get_pack_version() * add breaking changes info * rollback poetry.lock * rollback poetry.lock * update README.md * update ymls * fix README.md * update README.md * Update release notes * Update 1_3_2.md --------- Co-authored-by: klevitskiy <155461095+klevitskiy@users.noreply.github.com> Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com> * Auto RN: ss_refactor_silent-playbook-Suspicious_LDAP_search_query_Test (#43646) * Initial release notes for ss_refactor_silent-playbook-Suspicious_LDAP_search_query_Test * Bump pack from version CortexResponseAndRemediation to 1.3.30. * Sync release notes from GitLab (453c2e92) * Sync release notes from GitLab (becace54) * Sync release notes from GitLab (6614d059) --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Content Bot <bot@demisto.com> * GTI Release 2.1.3 (#43679) * GTI Release 2.1.3 (#43637) Co-authored-by: crestdatasystems <crestdatasystems@users.noreply.github.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> * Docker * docker --------- Co-authored-by: Crest Data <60967033+crestdatasystems@users.noreply.github.com> Co-authored-by: crestdatasystems <crestdatasystems@users.noreply.github.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: Moshe Eichler <meichler@paloaltonetworks.com> * Auto RN: Refactoring_Execution_of_an_uncommon_process_at_an_early_startup_stage (#43669) * Initial release notes for Refactoring_Execution_of_an_uncommon_process_at_an_early_startup_stage * Sync release notes from GitLab (1b2ef564) * Sync release notes from GitLab (a0c7d1ec) * Sync release notes from GitLab (095f7cfe) --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: OmriItzhak <115150792+OmriItzhak@users.noreply.github.com> * Auto RN: Refactor-ProdReview-silent-A-user-executed-multiple-LDAP-enumeration-queries-Test (#43671) * Initial release notes for Refactor-ProdReview-silent-A-user-executed-multiple-LDAP-enumeration-queries-Test * Sync release notes from GitLab (c40ff91e) * Sync release notes from GitLab (7ba0f9f2) * Sync release notes from GitLab (45f1cad8) * Sync release notes from GitLab (9b429d6a) --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: ohados2601 <oamar@paloaltonetworks.com> * [ThreatConnect] - Added TQL filter support and configurable tag operator (#43561) * Enhance Threat Connect * fix YML collection * move TQL param * conflicts * ENDSWITH * RN * CR fixes * Update Packs/ThreatConnect/Integrations/ThreatConnectV3/README.md Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Update Packs/ThreatConnect/Integrations/ThreatConnectV3/ThreatConnectV3.yml Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Update Packs/ThreatConnect/Integrations/ThreatConnectV3/ThreatConnectV3.yml Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Update Packs/ThreatConnect/Integrations/ThreatConnectV3/README.md Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Update Packs/ThreatConnect/Integrations/ThreatConnectV3/README.md Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> --------- Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Auto RN: prod-review-pb-hotfix-user-attempted-to-connect-from-a-suspicious-country (#43683) * Initial release notes for prod-review-pb-hotfix-user-attempted-to-connect-from-a-suspicious-country * Sync release notes from GitLab (d8667f72) * Bump pack from version CortexResponseAndRemediation to 1.3.32. * Sync release notes from GitLab (be8a2dd4) * Sync release notes from GitLab (ccb64de4) * Bump pack from version CortexResponseAndRemediation to 1.3.33. --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Content Bot <bot@demisto.com> * Auto RN: Refactor-ProdReview-silent-playbook-Suspicious_Local_User_Account_Creation (#43688) * Initial release notes for Refactor-ProdReview-silent-playbook-Suspicious_Local_User_Account_Creation * Sync release notes from GitLab (4880af3a) * Bump pack from version CortexResponseAndRemediation to 1.3.33. --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: ohados2601 <oamar@paloaltonetworks.com> * clean up .pack-ignore (#43670) * fix * RN * Trigger GitHub pipeline (user-created PR) --------- Co-authored-by: CI Bot <ci@demisto.com> * XSUP-66162 Akamai WAF fix (#43675) * amp_odb_prod_raw * Updated ReleaseNotes * Updated ReleaseNotes * Updated ModelingRules * Updated ModelingRules * Oracle OCI - Add fetch for Search Logs (#43692) * Add fetch for Search Logs * update docker * Add tilda handling for indicatorsearch in agg script api module (#43674) * apply fix * update rn * Fixed KeyError in mimecast-remove-group-member command (#43704) * fixed an issue * added rn * updated do * Auto RN: dra-pb-fix-wmi-process-execution (#43653) * Initial release notes for dra-pb-fix-wmi-process-execution * Bump pack from version CortexResponseAndRemediation to 1.3.31. * Bump pack from version CortexResponseAndRemediation to 1.3.32. * Bump pack from version CortexResponseAndRemediation to 1.3.33. * Bump pack from version CortexResponseAndRemediation to 1.3.34. * Bump pack from version CortexResponseAndRemediation to 1.3.35. * Bump pack from version CortexResponseAndRemediation to 1.3.36. * Sync release notes from GitLab (f9160f08) --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Dror Avrahami <davrahami@paloaltonetworks.com> * Fix Qualys issue - XSUP-63834 (#43610) * fix * fix * improve code * format * image * ruff * Empty commit * refactor * add test * Empty commit * Fixed a bug with indicator create expiration date (#43668) * Fixed a bug with indicator create expiration date * Update docker image * Fixed docker rn :( * added the _Demisto__do mock function to demistomock (#43709) * Add Ignore GR103 (#43720) * Add ignore GR103 * add ignore * Migrate Jamf integration from Classic to Pro API (#43588) * - migrate deprecated JAMF Classic API to Pro API - add jamf-get-computer-subset command * increment version number and add release notes * pre-commit formatting * update documentation * fix identifier mapping for predefined argument commands * update breaking changes note * remove datetime mapping and transformation * update all affected unit tests * pre-commit formatting * Apply suggestions from doc review Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * address doc review suggestions * replace logic with existing helper function * remove basic auth argument * apply suggestion * remove carried over path mappings * fix incorrect context path prefix to match design requirement * apply suggestions * add typehints * refactor as suggested * ruff format * update `jamf-get-computer-by-match` task to use new `filter` argument * update docker image version * add missing sectionorder and section keys * update readme * add pack warning ignore * fix typo * fix context path prefix to match documentation * fix bugs and address suggestions * update readme --------- Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Fix TrendAI Vision One v3 integration proxy issue at Cortex XSOAR V8 (#43716) * Fix TrendAI Vision One v3 integration proxy issue at Cortex XSOAR V8 (#43698) * feat(TrendMicroVisionOneV3): add proxy support and conditional SSL warning suppression - Add handle_proxy() call in main() to support proxy configuration - Move urllib3.disable_warnings() to be conditional on the 'insecure' parameter instead of always disabling SSL warnings globally - Bump docker image to demisto/pytmv1:0.10.1.7762963 * TrendAI Vision One v3 release notes update * feat(TrendMicroVisionOneV3): enhance client initialization and add debug logging * feat(TrendMicroVisionOneV3): support max_fetch parameter and implement alert sorting * update release notes * feat(TrendMicroVisionOneV3): remove unused max_fetch parameter and enhance incident fetching * remove Max Incidents parameter from README * update current version to 4.5.4 - adjust first fetch default value * update release note * ruff format code --------- Co-authored-by: qinshuang1998 <1378860132@qq.com> * Update release notes --------- Co-authored-by: bot-trendmicro <shawn_qin@trendmicro.com> Co-authored-by: qinshuang1998 <1378860132@qq.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com> * CoreGetIssuesPrivate (#42328) * CoreGetIssuesPrivate * ruff * patch * patch * tests * rn * rn +ruff * searchIssues * rn + ruff * ruff * pre commit * --allow-empty * pre commit * tests * ruff * tests * remove tests * status typo * tests * tests * Bump pack from version CommonScripts to 1.20.61. * coverage * coverage * tests * update case tests * deafultValue * rn validation * supported moduels * pre commit * rn * pack metadata * rn * split to get issues and get alerts * rn * rn * ruff * rn * get issues * tests * test * Bump pack from version Core to 3.4.71. * rn * rn * rn * remove issue to alert * filter * add issue metadata * Ruff * Bump pack from version Core to 3.4.73. * Bump pack from version CommonScripts to 1.20.63. * limit, offset, timeframe * tests * tests * TestS * conflict * crowdStrike * Bump pack from version CommonScripts to 1.20.64. * Bump pack from version Core to 3.4.85. * Bump pack from version ApiModules to 2.3.6. * Bump pack from version Core to 3.4.86. * Bump pack from version CortexXDR to 6.2.51. * filterBuildeR * Triggering build: empty commit * WILDCARD * filter types * IP_MATCH, NEQ * get_webapp_data * Identity_type and rn for ctf01 * Bump pack from version Core to 3.4.95. * Bump pack from version CommonScripts to 1.20.74. * merge from master + email to mail * cr * code review * ruff * Bump pack from version Core to 3.5.14. * code review * Bump pack from version CommonScripts to 1.20.84. * Bump pack from version ApiModules to 2.4.3. * pre commit * rn * trigger build * trigger build * is_platform() * code review * / * ruff * tests * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * Bump pack from version CommonScripts to 1.21.1. * rn * agent to endpoint * Trigger GitHub pipeline (user-created PR) * endpoint to agent * endpoint to agent * docker image * docker image * Bump pack from version CommonScripts to 1.21.2. * trigger build * trigger build * Trigger GitHub pipeline (user-created PR) * trigger build * Trigger GitHub pipeline (user-created PR) * Bump pack from version CommonScripts to 1.21.3. * Bump pack from version Core to 3.5.26. * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: CI Bot <ci@demisto.com> * CRTX-216136_fix_aws_rds_table (#43623) * CRTX-216136_fix_aws_rds_table * update rn * update rn * update rn * CRTX-235042/Fix/Prevent Page Break and Text widgets from querying incidents DB (#43572) * fix: prevent Page Break and Text widgets from querying incidents DB (CRTX-235042) * Update Packs/CommonWidgets/ReleaseNotes/1_2_61.md Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Update release notes for dataType change * revert changes * r * Added the NoOp scripts for the text based widgets * revert --------- Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * CRTX-239148 CP FW Update (#43722) * Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes * add to pack ignore (#43727) * secrets-ignore * add more secrets * Auto RN: core-timeline-commands (#43535) * Initial release notes for core-timeline-commands * Sync release notes from GitLab (39955431) * Sync release notes from GitLab (e40a5c08) * Sync release notes from GitLab (73a20007) * Sync release notes from GitLab (83fca29d) * Sync release notes from GitLab (07ba3bb0) * Sync release notes from GitLab (8057c846) * Sync release notes from GitLab (d85ccd17) * Sync release notes from GitLab (a6b098bb) * Delete Packs/Core/ReleaseNotes/3_5_24.md * Delete Packs/Core/ReleaseNotes/3_5_25.md * Apply suggestion from @michal-dagan * Apply suggestion from @michal-dagan --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * Added a separate client_id param to ms sentinel (#43450) * Added a separate client_id param to ms sentinel * modified release notes * restore * CoreGetIssuesDeafultValues (#43731) * Fix: TAXII2 partial labels - XSUP-65746 (#43618) * fix: TAXII2 partial labels - XSUP-65746 - Fix add_sdo_required_field_2_1 to map tags -> labels for TAXII 2.1 SDO types (indicator, malware, report, threat-actor, tool). Previously this mapping only existed for TAXII 2.0, causing all SDO labels to be missing when serving TAXII 2.1 (the default). - Fix convert_sco_to_indicator_sdo to merge score-based labels with custom tags from CustomFields.tags. Previously only a single score-based label was emitted, dropping all custom indicator tags. - Add unit tests for both fixes. - Add release notes for TAXIIServer 2.2.4 and ApiModules 2.4.3. * Delete RN * CRTX-217396 - aws quick actions (#43388) * first commit * add quickactions * agter demo * update RN * fixes * fixes * ai cr fixes * remove iam-role quickaction * rn fixes * cr fixes * cr fixes * cr fixes * fixes * fixes * pack ignore * doc review fixes * cr fixes --------- Co-authored-by: rshunim <102469772+rshunim@users.noreply.github.com> * Specteropsbhe v1.0.0 (#43616) * Specteropsbhe v1.0.0 (#42281) * Initial Commit * Removed pack ignore content * This change was requested from XSOAR review team. Updating support type from xsoar to community * Incorporating fixes based on the PR comments from the XSOAR team * Adding some more fixes of PR comments from XSOAR team * Fixing minor pre-commit issues * Incorporating fixes based on the PR comments * Update validation_config.toml as main version * Update validation_config.toml as main version * Add SpecterOpsBHE Attack Path incident type JSON file * update YAML configurations, remove unused fields, and add documentation image * Update SpecterOpsBHE integration YAML configuration and fix image path in README * fix: update image paths in README and remove obsolete playbook screenshot --------- Co-authored-by: ishikap-metron <ishika.patidar@metronlabs.com> Co-authored-by: barryyosi-panw <byosilevich@paloaltonetworks.com> Co-authored-by: barryyosi-panw <158817412+barryyosi-panw@users.noreply.github.com> * Added support for override argument in the zscaler-edit-ip-destination command (#43619) * Added support for *override* argument in the **zscaler-edit-ip-destination-group** command. * revert * fixes * chore: delete old supported modules - part 4/4 (#43569) * chore: delete old supported modules - part 3/4 (#43568) * chore: delete old supported modules - part 3/4 * merge from master * merge from master * merge from master * merge from master * CRTX-235259_update_credentials_params (#43547) * first commit * tests fixes * build fixes * fixes * cr fixes * chore: delete old supported modules - part 1/4 (#43567) * chore: delete old supported modules - part 1/4 * merge from master * merge from master * Xsup 64556 fix nvd severity filter and timeouts (#43485) * Update NVD API integrations for FeedNVDv2 to support CVSS v4 severity and other improvements. * Add NVD API rate limits and primary CVSS entry selection. * test data * Add error handling and descriptive output for empty CVE results. * Update FeedNVDv2 integration to sort deduplicated CVEs by last-modified date for consistent batch trimming and trim batches based on remaining indicators. * Update FeedNVDv2 integration to use boolean values for proxy and hasKev parameters. * Update fetch indicators command to persist progress correctly. * Simplify setting of last run data in FeedNVDv2.py. * Trigger AI Reviewer * Update FeedNVDv2 integration to use CVE.ID and improve output schema. * Rename NistNVDv2.Indicators.id to CVE.ID * Update contextPath for various outputs to use CVE instead of NistNVDv2.Indicators * Trigger AI Reviewer * Update CVE data processing to include CVSS Version and Severity fields * Update Packs/FeedNVDv2/ReleaseNotes/1_1_0.md Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/FeedNVDv2/ReleaseNotes/1_1_0.md Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/FeedNVDv2.yml Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/FeedNVDv2.yml Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/FeedNVDv2.yml Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/FeedNVDv2.yml Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update CVSS severity filter options and default value. * Add new CVSSv3 severity option. * Update CVSS severity filter to use default value from CVSSv3. * Update FeedNVDv2 integration to use NistNVDv2 indicators. * Renamed 'CVE' prefixes to 'NistNVDv2.Indicators' in FeedNVDv2.py and YAML file. * rever BC changes * revert output prefix * update docs * update docs * update RN * Update build_indicators function to use preferred CVSS versions and refactor CVSS data processing. * Fix: Use matched CVSS version when present in build_indicators and cves_to_war_room functions. * Add 'Include Rejected CVEs' option and improve timeout handling in fetch logic * fix: use DEFAULT_MANUAL_HISTORY for history argument in manual_get_indicators_command * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/README.md Co-authored-by: Marketplace AI reviewer <svc-mp-ai-reviewer@paloaltonetworks.com> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/README.md Co-authored-by: Marketplace AI reviewer <svc-mp-ai-reviewer@paloaltonetworks.com> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/README.md Co-authored-by: Marketplace AI reviewer <svc-mp-ai-reviewer@paloaltonetworks.com> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/README.md Co-authored-by: Marketplace AI reviewer <svc-mp-ai-reviewer@paloaltonetworks.com> --------- Co-authored-by: Content Bot <Content-Bot@users.noreply.github.com> Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> Co-authored-by: Marketplace AI reviewer <svc-mp-ai-reviewer@paloaltonetworks.com> * CRTX-229093 Agentix | Telemetry Failures | EnrichURL (#43408) * normalize urls * maintain same schema * not raising errors when all urls don't exist * rn * rn * rn * rn * rn + tests * rn + tests * pre commit * Bump pack from version Base to 1.41.68. * Bump pack from version AggregatedScripts to 1.3.30. * Bump pack from version AggregatedScripts to 1.3.31. * Bump pack from version Base to 1.41.69. * revert changes * revert changes * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: CI Bot <ci@demisto.com> * Remove unused arg from service desk plus docs (#43625) * Update README.md * Update release notes * Update docker image * XSUP 65733 azure security center update (#43636) * Updated ParsingRules * Updated ReleaseNotes * Updated ReleaseNotes * fix(review): address code review comments on TAXII2 labels fix - Use 'or []' instead of default=[] so explicitly-None tags are handled - Cast tags to str() before .lower().replace() to prevent AttributeError - Simplify fallback logic: 'tags or [type]' replaces the verbose 'tags if tags != [] else [type]' pattern * docs: update auto-generated RN stubs for TAXII2ApiModule dependents All packs that depend on TAXII2ApiModule received auto-generated stub release notes. Updated them to reflect the actual change: the module was enhanced to fix partial labels in TAXII 2.1 responses, with no direct impact on these integrations/scripts. * docs: fix RN prefixes for TAXII2ApiModule dependent packs Use 'Updated the' prefix and remove trailing 'no impact' sentence to comply with release note style guidelines. * Bump pack from version CommonScripts to 1.21.2. * pre-commit fixes * Bump pack from version CommonScripts to 1.21.3. * Add RN * Bump pack from version CommonScripts to 1.21.4. --------- Co-authored-by: masulin97 <masulin@paloaltonetworks.com> Co-authored-by: rshunim <102469772+rshunim@users.noreply.github.com> Co-authored-by: Content Bot <55035720+content-bot@users.noreply.github.com> Co-authored-by: ishikap-metron <ishika.patidar@metronlabs.com> Co-authored-by: barryyosi-panw <byosilevich@paloaltonetworks.com> Co-authored-by: barryyosi-panw <158817412+barryyosi-panw@users.noreply.github.com> Co-authored-by: Shir Matathias <132361594+Shir2611@users.noreply.github.com> Co-authored-by: Content Bot <Content-Bot@users.noreply.github.com> Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> Co-authored-by: Marketplace AI reviewer <svc-mp-ai-reviewer@paloaltonetworks.com> Co-authored-by: Maya Goldman <94686128+mayyagoldman@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> Co-authored-by: eepstain <116078117+eepstain@users.noreply.github.com> * demisto-sdk-release 1.38.23 (#43736) * poetry files * update validation config file --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: yedidyacohenpalo <yecohen@paloaltonetworks.com> * Auto RN: dra-pb-fix-WmiPrvSe (#43652) * Initial release notes for dra-pb-fix-WmiPrvSe * Bump pack from version CortexResponseAndRemediation to 1.3.31. * Bump pack from version CortexResponseAndRemediation to 1.3.32. * Bump pack from version CortexResponseAndRemediation to 1.3.33. * Bump pack from version CortexResponseAndRemediation to 1.3.34. * Bump pack from version CortexResponseAndRemediation to 1.3.35. * Bump pack from version CortexResponseAndRemediation to 1.3.36. * Sync release notes from GitLab (9408fb59) * rn bump * Sync release notes from GitLab (9ca202af) --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Dror Avrahami <davrahami@paloaltonetworks.com> * Auto RN: mdagan-master-patch-96983 (#43737) * Initial release notes for mdagan-master-patch-96983 * ignore GR103 * Sync release notes from GitLab (899d4df9) --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: michal-dagan <mdagan@paloaltonetworks.com> Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> * version bump only (XQL view graph) (#43250) * Initial support for view graph queries * Unit tests * Remove diff * Core - Add widget name and description parameters to XQL query command * Fix * Add log * Improve XQL query results retrieval with force_stream=False optimization * Fix * Fix * fix * Restore specific files to match master * Add ReleaseNotes * Trigger GitHub pipeline (user-created PR) * Bump pack from version Core to 3.5.26. * Bump pack from version Core to 3.5.27. * Bump pack from version Core to 3.5.28. * Trigger GitHub pipeline (user-created PR) --------- Co-authored-by: Sapir Malka <samalka@paloaltonetworks.com> Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * ServiceNow-XSUP-65101 (#43601) * ServiceNow-XSUP-65101 * true * test * ruff * ruff * docker image * code review * revert teams * test * Update validation_config.toml (#43747) * CRTX-227948 fix qa's (#43620) * Merge master to dev-cloud (#41128) * update codeowners - platform automation (#40952) * update codeowners * Update CODEOWNERS * Update CODEOWNERS * Fix JiraV3 Issues Query using deprecated endpoint (#41025) * Update the issue query endpoint and replace start_at with next_page_token * Fix next page token output * Change to use old ep when start_at is given; add UTs * update rn * error message * Added BC note * Update 3_3_7.md * Apply suggestions from doc review Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * log the actual error --------- Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Bump pack version. (#40999) * Nbensalmon/ciac 10618/collection app sentinels.ai (#39982) Appsentinels.ai offers a platform for collecting, analyzing, and managing security events to provide comprehensive application protection. * Updated Relationship names in Mandiant Enrich and Feed Mandiant Integ… (#40947) (#41113) * Updated Relationship names in Mandiant Enrich and Feed Mandiant Integration * Fixed typo in FeedMandiantThreatIntelligence.py * Increment pack version and Docker tags --------- Co-authored-by: adamlevymandiant <93735185+adamlevymandiant@users.noreply.github.com> Co-authored-by: Adam Levy <adamhlevy@google.com> * XSUP-54313 (#40991) * Initial implementation * Fix UT * ruff chagnes * UT * ruff * RN and UT * ruff * Update Packs/CrowdStrikeFalcon/ReleaseNotes/2_3_7.md Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Minor fix * Fix UT * Apply suggestion from @AradCarmi Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> * Apply suggestion from @AradCarmi Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> * Delete Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/integration-CrowdStrikeFalcon.yml * final CR * Change user key * Raise version * RN * Fix --------- Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> * Xsup 55040 (#41063) * required yml fields to allow mapping * yml changes * return results * return results * pre-commit * pre-commit * pr comments * pr comments * pre commot * Mark remaining internal scripts with isInternal (#41083) * Add missing isInternal to agentix scripts * Bump versions and RN * Update docker * Remove list notation from rn * Apply suggestions from doc review Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Fix rn * Bump pack from version CrowdStrikeFalcon to 2.3.9. * replace rn with generic message --------- Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> * fix get-endpoint-data action inputs (#41118) * bump version of aggregated scripts * Update 1_1_3.md * Whois - adding another regex for registrant_regexes (#41116) * add one log to see the raw-response as is * adding another regex for registrant_regexes * CRTX-165828 - Mapping Tigera Calico Secure (#40925) * create all files * remove unwanted files * update readme according to tech writer suggestions * update readme * create files * fix timestamp parsing rule * fix timestamp parsing rule * fix timestamp parsing rule * fix readme * fix readme * fix metadata - add platform * fix time parsing * fix time parsing * fix readme precommit error * fix readme precommit error * fix xif * readme file error * readme file error * fix xif * change ip_protocol * cisco umbrella - use risk score for domain verdict (#41000) * domaine verdict update to use risk score * update rn * Update Packs/Cisco-umbrella/ReleaseNotes/2_0_5.md Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * sectionOrder and docker image * add docker update to release note * send risk_score and improve threshold logic * update Threshold default value --------- Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * Updating Trend Micro Vision One pack (#41079) * Updating Trend Micro Vision One pack * Updating RN * fixing rn and md * fixing fields in modeling rules * TIM/Improve the removal of trailing characters in the format URL script (#41075) * TIM/Improve the removal of trailing characters in the format URL script * Bump pack from version CommonScripts to 1.20.7. * Bump pack from version CommonScripts to 1.20.8. * cr fixes * Bump pack from version CommonScripts to 1.20.9. * Bump pack from version CommonScripts to 1.20.10. * empty commit * fixes --------- Co-authored-by: Content Bot <bot@demisto.com> * Microsoft Management Activity API (O365/Azure Events) integration request to have case insensitive for Operations to fetch (#41070) * Operation filter changed to lowercase * Operation filter changed to lowercase * formatter * formatter * formatter * back to doc change only * back to doc change only * Small change * Small change * Small change * Small change * merged from master * review changes * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity.yml Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity.yml Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity_description.md Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/MicrosoftManagementActivity/ReleaseNotes/1_3_60.md Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity_description.md Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity_description.md Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * small changes * small changes * small changes * small changes * small changes * small changes * added to readme * added to readme * Update Packs/MicrosoftManagementActivity/ReleaseNotes/1_3_60.md Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> --------- Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> * Fix get user data ad missing args (#41125) * fix the arg name username is directed to when calling ad-get-user * added rn --------- Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> Co-authored-by: Sapir Malka <44067957+itssapir@users.noreply.github.com> Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> Co-authored-by: Mike Rizzo <mrizzo@paloaltonetworks.com> Co-authored-by: Niv Ben Salmon <nbensalmon@paloaltonetworks.com> Co-authored-by: content-bot <55035720+content-bot@users.noreply.github.com> Co-authored-by: adamlevymandiant <93735185+adamlevymandiant@users.noreply.github.com> Co-authored-by: Adam Levy <adamhlevy@google.com> Co-authored-by: Tal Zichlinsky <35036457+talzich@users.noreply.github.com> Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> Co-authored-by: Maya Goldman <94686128+mayyagoldman@users.noreply.github.com> Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: rshunim <102469772+rshunim@users.noreply.github.com> Co-authored-by: akshotiamit-pa <aakshoti@paloaltonetworks.com> Co-authored-by: yedidyacohenpalo <162107504+yedidyacohenpalo@users.noreply.github.com> Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> Co-authored-by: ellopez777 <159898322+ellopez777@users.noreply.github.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: almog2296 <alabudi@paloaltonetworks.com> Co-authored-by: Shelly Tzohar <45915502+Shellyber@users.noreply.github.com> Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com> * Merge branch 'master' into dev-cloud * CRTX-193174 - CloudTrail describe command (#41105) * CRTX-193174 * finish implemention py, add unit-test, add RN * Empty-Commit to trigger build * doc review fixes * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * doc review fixes * Empty-Commit to trigger build * add description * fix demo comments * fix UT, add contextpaths * add errors handling mechanism to the main * README fix * error hundling * RN change version number --------- Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * CRTX-192056 - S3 existing commands (#41129) * CRTX-192056 * implement commands * remove download and upload commands * fix yml contextpath, fix commands implemention, delete contextpath from README * add UT, doc review, little fix * Demo fixes * fix RM102 * reslove conflicts * CRTX-187358 - Instance commands (#40861) * Empty-Commit - CRTX-187356 * add RN and commands template method * update RN * change RN, add commands templates, add command mapping, order REQUIRED_ACTIONS * add yml commands, add methods * add describe method, add quick actions, add contextpath * fix pre-commit errors, change arguments names * change supportsquickactions place in yml * delete long context from yml fix describe command add readme * fix pre-commit errors * add arguments pretty names * remove tag_specifications rewrite parse_filter_field * change description of filter argument, limit filter regex, add RN * add dot, add REQUIRED_ACTIONS, add tests * fix error Using variable 'error_message' before assignment * delete failed test * add return to the delete_security_group_command * fix regex * fix regex * error hundling * fix method issue * fix delete method and fix error entry * fix parse_filter_field method * improve regex * add AWSErrorHandler, add pagination for describe_command,fix filter regexs, fix describe command * fix aws-ec2-security-group-egress-authorize update README.md * Empty-Commit - CRTX-187358 * change aws-ec2-security-group-describe to aws-ec2-security-groups-describe * add quickaction prettypredefined * fixed deleted ip_permissions arg * change regex and errors hundling * add COOC error handling * replace *port* arg support, add bc RN * fix UT * error hundling * error hundling * remove quick action * fix UT * fix test_ec2_create_security_group_command_client_error test * fix UT, add remove_encoded_authorization_message method * fix UT * change API Module, Fix UT, Fix README, Add ex to yml * replace parse_resource_ids with argToList * fix from argToList(args.get("group_ids",[]) to argToList(args.get("group_ids",[])) * Update AWS.py * remove AccountId context from aws-ec2-security-group-create command * remove regex overlaps * remove regex overlaps * Update README.md * change from_port to_port description, README Re-generated and doc-review fixes * Update 3_0_0.md * first implementation * add describe_instances_command and fix yml * Update AWS.py * Update AWS.py * change implementation, add more info to README * fix tests according to new implemntion * change yml for create command * change ruff errors * add parse_tag_field method * Update AWS.py * remove any CRTX-187356 * remove any CRTX-187356 * remove any CRTX-187356 * Add README for new commands, Delete yml not supported arguments, Add UT, Fix parse_tag_field method and add UT * fix UT * change AWSErrorHandler * fix yml defaultvalue to defaultValue and change PREDEFINED from capital letters * change defaultValue to defaultvalue in configuration AWS.yml * change build_pagination_kwargs * doc review * doc review * finish doc review * add methods * change process_instance_data * fix CR review * add tests form #40861 to here * update docker, update RN, add errors handling mechanism to the main * add tests and fix build_pagination_kwargs * ruff format errors * add errors handling mechanism to the main - aws error hundling * ruff format errors * change cotextpath * change metadata version * change context path * Update AWS.py * RM102 change * Update README.md * pre-commit fixes * Update AWS.py * Update AWS.py * CR review fixes * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * fix error handling, fix UT * reslove conflicts and CR review fixes * reslove conflicts * change metadata version * CR review fixes * reslove conflicts --------- Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * feat: add AWS EKS, EC2 snapshot and ECS cluster management commands (#41101) * feat: add AWS EKS, EC2 snapshot and ECS cluster management commands * style: reformat AWS integration YAML with consistent indentation and quotes * feat: add AWS EKS cluster management commands and update EC2 snapshot functionality * docs: relocate command descriptions to top of AWS integration command blocks * test: add AWS ECS/EKS/EC2 snapshot and cluster management tests * fix: add error handling and debug logs for AWS EC2, EKS and ECS operations, added tests * fix: update AWS region parameter and add missing EC2/EKS/ECS required actions * fix: update ECS cluster settings with correct parameter names and error handling * style: fix indentation in ECS cluster settings update method * refactor: move parse_tag_field function to module level and improve error handling - cr * refactor: simplify error handling in ECS cluster settings update + cr * cr * cr * cr * docs: add docstring and tests for EC2 snapshot permission modification * pc * feat: update AWS regions and remove redundant isArray flags in EKS commands * docs: consolidate AWS S3 bucket commands into v2.1.5 release notes * Changed context path to Snapshot * docs: update EC2 snapshot output paths from plural to singular form * fix: update EC2 snapshot test output prefix from plural to singular * CRTX-187328: GCP commands (#41302) * commands * unit tests and commands updates * error handling + fine tunning * removed iam unit tests + pre-commit updates * removed the iam commands * pre-commit updates * readme * yml + readme updates * rn * remove metadata-set command * review * pre-commit readme updates * unit tests and small fixes * small updates * small README update * remove debug statements * README pre-commit * labels-set add oprion and unit tests * pre-commit and small fixes * readme * xsoar * error handling explanation * cr updates * fixed unit tests * pre-commit * doc review * readme * add labels and labelFingerprint to hr * pre-commit * do106 * rn * Add commands from Azure NSG to Azure integration (#41096) * add pattern * add pattern * added commands to yml * added all commands * fixed yml * changes * fixed yml and py * added unittest beside the delete function * removed mock from publicip * fixed unittests * fixed pre commit errors * changed docker image, aligned readme and run precommit * fixed delete function * fixed conflicts * added command exmaples * fixed readme * fixed readme * added the permissions to the py file * Update pack_metadata.json * edited the permissions in the py file * run pre commit * fixed ai cr * added descriptions to functions * changes * added to readme * fixed readme * removed letter * fixed delete function * added unittest for delete * Added also the case of 200 in the delete command * Added patterns for the new 2 commands * added first command and permissions * added both commands * added to readme * added json and unttests for 2 commands * run pre commit * fixed permissions' * Apply suggestions from code review Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * added 2 commands to rn * fixed errors in delete, commit before errors handeling change * Added a new dict and handle errors 401 and 403 * added unittests and fix error handling * added try-except to commands * run pre commit * fixed the delete function * fixed * added exmaples for 2 commands * removed the subsriptions list * removed the 2 additional commands * run pre commit * removed more in yml * removed jsons test and from commands examples * fixed handle_azure_error function * added descriptions * added a small test for etag * added return types * fixed delte rule functio * fixed delte rule functio * fixed issues after demo * fixed unittests * added more unittets * removed a file * added retuen statments * pre commit * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * added comments * fixed context paths * fixed readme * run pre commit * review and pre-commit * updated the doc strings * cr updates * doc review * README update * error entries --------- Co-authored-by: noydavidi <nodavidi.paloaltonetworks.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Add blob commands to Azure integration (#41147) * added the commands * added to readme * created rn * added the examples command and jsons * Added the util_load_json function * run pre commit * CR: extract Azure resource info parsing into dedicated function and simplify code * notes from demo * fix: move removeNull parameter to correct TableData constructor argument * pc * refactor: remove unused util_load_json function from Azure test file * doc review + pc --------- Co-authored-by: noydavidi <nodavidi.paloaltonetworks.com> Co-authored-by: MLainer1 <mlainer@paloaltonetworks.com> * Crtx 196562 add aws additional commands (#41466) * init aws-s3-delete-bucket-website command * delete_bucket_website_command done * wip modify_event_subscription_command * allign with naming convention and add aws-s3-bucket-ownership-controls-put * enforce OwnershipControls contain rules * put_bucket_ownership_controls_command validations * add aws-ec2-subnet-attribute-modify * fine tuning * wip modify_event_subscription_command * wip modify_event_subscription_command * wip * wip * add modify_subnet_attribute_command * wip * wip * done modify_subnet_attribute_command * add docstrings * delete expected bucket owner * create ownership control dict in code * add unit tests * fix unit tests * ruff format * ruff format * add rn, pack metadata and readme * revert pack metatadata * fix readme, output of aws-rds-event-subscription-modify * pre commit changes * fix arg_to_boolean_or_none * Update Packs/AWS/Integrations/AWS/AWS.py Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * docs * Update Packs/AWS/Integrations/AWS/AWS.py Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * ruff * ruff * add modify_event_subscription_command * empty commit * empty commit --------- Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Aws additional commands s3 upload/download (#41599) * commands * working commands * release notes + readme * release notes + readme * release notes + readme * release notes + readme * minor change * minor change * Your commit message here * Your commit message here * minor change * added context path to yml * changed permission * Update Packs/AWS/Integrations/AWS/AWS_test.py Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS_test.py Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/README.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/README.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/README.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * empty commit --------- Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Add Azure VM commands (#41559) * Azure QA Batch1 (#41528) * add subscription id argument * commands * update release notes * add permission + update release notes * tests change * tests change * tests change * tests change * tests change * Update Packs/Azure/Integrations/Azure/Azure.yml Co-authored-by: Moish-Gilboa <moish.gilboa@gmail.com> * tests change * merged from master * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud --------- Co-authored-by: Moish-Gilboa <moish.gilboa@gmail.com> * Azure QA Batch2 (#41529) * add permission + update release notes * add permission + update release notes * add permission + update release notes * tests change * tests change * tests change * tests change * tests change * tests change * tests change * tests change * tests change * tests change * docs * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * Gcp quick actions (#41446) * added quick actions * fixed qa * rn and fix * added default values * fix qa's * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * fix pr comments * ruff format * ruff format * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * generate README * pre-commit updates --------- Co-authored-by: ilaredo <ilaredo@paloaltonetworks.com> Co-authored-by: ilaredo <166304750+ilaredo@users.noreply.github.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Crtx 196222 support aws new quick actions v2 (#41509) * add aws ec2 revoke-security-group-ingress qa * wip * wip * add some qa's * add qa's * add qa's * add qa's * add qa's * merge * add qa's * fix identation * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * add description * add qa * add rn for aws * add rn for aws-iam * add rn for aws-iam * Update Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * fix rn * fix pr comments * update aws-iam tag * ruff format * handle int convertion error * Update Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS-IAM/ReleaseNotes/1_1_76.md Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Apply suggestions from code review Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Update Packs/AWS/Integrations/AWS/AWS.py Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * generated docs * add readme * pre-commit updates * pre-commit updates * pre-commit updates * add 4 commands to readme --------- Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * Azure QA Batch3 (#41531) * add permission + update release notes * add permission + update release notes * add permission + update release notes * add permission + update release notes * tests change * tests change * tests change * tests change * tests change * merged from dev-cloud * merged from dev-cloud * small changes * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * Platform AWS & Azure Billing & Budgets (#41564) * Platform AWS & Azure Billing & Budgets * README (#41706) * Az CIAC 13916.2 (#41711) * AWS new commands Crtx 193217 (#41622) * first commit * first commit * add commands + tests * add readme+release notes * add ignore context depth above 5 * add ignore context depth above 5 * small readme fix * tests change * tests change * removed kms command * removed kms command * fixed tests * fixed tests * fixed tests * fixed tests * small changes * small changes * small changes * merged from dev-cloud * update after review * update after review * update after review * update after review * update after review * update after review * update after review * feat: add EC2 VPC and IPAM resource discovery commands to AWS pack (#41554) * feat: add EC2 VPC and IPAM resource discovery commands to AWS pack * feat: add commands to describe VPCs and subnets in AWS EC2 * feat: add EC2 IPAM resource discovery commands and VPC/subnet descriptions * demo notes: enhance AWS EC2 table formatting and standardize pagination parameters * demo notes * chore: remove BA109 ignore rule from AWS pack configuration * chore: remove unused EC2 VPC and IPAM permissions from required actions list * review notes * docs: clarify AWS account ID description in EC2 IPAM commands * refactor: rename AWS EC2 describe commands to follow consistent naming pattern * revert to origin before merge * pc * revert readme for merge * feat: add AWS subnet and IPAM resource discovery commands to AWS integration * docs: update AWS integration with expanded region list and context output fixes * revert before merge * docs: fix markdown escaping in AWS integration documentation * rm * feat: add AWS EC2 commands for VPC, subnet, and IPAM resource discovery management * CRTX-193821/AWSLambda (#41596) * Empty-Commit * RN, update YML, Update py methods * update YML, add README, add commands, add tests * update tests, fixs py, fix readme * reslove conflicts * generate README.md * update README.md * delete extra lambda class * add raw response to invoke command * CR review * fix get_policy_command context * fix demo comments * CR review * CR review * CR review * reslove conflicts * reslove conflicts * fix tests * fix tests * Update AWS_test.py * update get-policy README * CR review * reslove conflicts * Create GCP Storage commands (#41632) * Create GCP Storage commands * Add GCP Compute commands (#41672) * Add 7 GCP Compute commands `gcp-compute-firewall-insert` `gcp-compute-firewall-list` `gcp-compute-firewall-get` `gcp-compute-snapshots-list` `gcp-compute-snapshot-get` `gcp-compute-instances-aggregated-list-by-ip` `gcp-compute-network-tag-set` * lambda commad add region (#41870) * Crtx 188346 aws ec2 add additional commands (#41717) * get_latest_ami_command wip * add create_network_acl_command * wip * add command * add create tags command * wip * get_latest_ami_command * fix get_latest_ami_command * fix create_network_acl_command * fix get_ipam_discovered_public_addresses_command * fix create_tags_command * add get_bucket_website_command get_bucket_acl_command * add docstrings * support pagination * support pagination * support pagination * add unit tests * add unit tests * FIX TAGS * add tests * wip * wip * fix get_latest_ami_command * fix unit tests * add get_ipam_discovered_public_addresses_command tests * add rn,readme, and fix commands * fix tag specification * fix descriptions * fix readme * demo comments * Apply suggestions from code review Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * fix pc comments * fix tests * fix conflict * add new rn * pre-commit fixes * pre-commit fixes * wip * wip * fix pr comment * ruff * fix max_results issues * remove whitespace from readme * remove whitespace from readme * remove whitespace from readme * remove limit and next token from latest-ami * Apply suggestions from code review Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * pr comments * Apply suggestions from code review Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * update readme for aws-ec2-tags-create * fix unit tests * ruff format * add empty line --------- Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * fixed aws rn * fix azure rn * fix gcp rn * fixed the quick actions naming in the rn * removed the quick actions from readme * aws-iam update readme and rn * removed docker image update from rn * limit default value 50 in gcp * fix unit test * commands and quick actions renaming * CRTX-203967-aws-update-certificate (#41682) * new pr * first commit * first commit * first commit * merged from dev-cloud * merged from dev-cloud + readme removal * merged from dev-cloud + readme removal * update * Empty-Commit * Crtx 193217 batch4 (#41708) * yml + .py * update after review * update after review * update after review * update after review * update after review * update after review * update after review * update after review * first commit * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * update * update * Crtx 204150 additional aws qas (#41767) * add 2 qa's * add eks qa's * add iam qa * add rn * wrap code * fix qa's * add readme * Apply suggestions from code review Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> * pr comments * Apply suggestions from code review Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * ruff format * ruff format * revert readme, format files * revert format * format yml * add new line in the end of file * fix qa name * revoke aws-iam-suspend-access-for-role-quick-action * remove empty line * revert Enable IMDSv2, Block S3 Public Access qa * merged * add rn --------- Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> Co-authored-by: talihaff <thaffner@paloaltonetworks.com> * removed Revoke NSG Rule to Stop Traffic which is Update NSG to Block Traffic from Azure QA * add Enable IMDSv2 and Block S3 Public Access qa's (#42006) * add gcp com…

added support for time_zone arg

afc0641

merit-maita self-assigned this Feb 23, 2026

merit-maita added ready-for-pipeline-running Whether the pr is ready for running the whole pipeline, including testing on SAAS machines ready-for-ai-review The PR is ready for reviewing the PR with the AI Reviewer. docs-approved labels Feb 23, 2026

added rn

c843587

content-bot removed the ready-for-ai-review The PR is ready for reviewing the PR with the AI Reviewer. label Feb 23, 2026

merit-maita added 2 commits March 25, 2026 09:40

added support for time_zone arg

5d32e5d

added rn

731e966

marketplace-content-sync force-pushed the email-communication branch from c843587 to 731e966 Compare March 25, 2026 07:40

merit-maita requested a review from kamalq97 March 25, 2026 08:55

merit-maita added the ready-for-ai-review The PR is ready for reviewing the PR with the AI Reviewer. label Mar 25, 2026

kamalq97 approved these changes Mar 25, 2026

View reviewed changes

marketplace-ai-reviewer removed the ready-for-ai-review The PR is ready for reviewing the PR with the AI Reviewer. label Mar 25, 2026

marketplace-ai-reviewer reviewed Mar 25, 2026

View reviewed changes

merit-maita added 3 commits March 25, 2026 12:56

Merge remote-tracking branch 'origin/email-communication' into email-…

2e486e0

…communication

Merge branch 'master' into email-communication

499d1a1

fixed UTs

3c5f437

merit-maita enabled auto-merge (squash) March 25, 2026 12:31

updated do

6c5ce6c

merit-maita merged commit 8a7a01e into master Mar 25, 2026
20 of 21 checks passed

merit-maita deleted the email-communication branch March 25, 2026 14:41

barryyosi-panw pushed a commit that referenced this pull request Apr 14, 2026

added support for time_zone arg (#43237)

7c348d4

* added support for time_zone arg * added rn * added support for time_zone arg * added rn * fixed UTs

mcvic1rj pushed a commit to mcvic1rj/xsoar-content that referenced this pull request Apr 16, 2026

added support for time_zone arg (demisto#43237)

5f14690

* added support for time_zone arg * added rn * added support for time_zone arg * added rn * fixed UTs

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

added support for time_zone arg#43237

added support for time_zone arg#43237
merit-maita merged 8 commits intomasterfrom
email-communication

merit-maita commented Feb 23, 2026

Uh oh!

content-bot commented Feb 23, 2026

Uh oh!

github-actions Bot commented Feb 23, 2026 •

edited

Loading

Uh oh!

content-bot commented Feb 23, 2026

Uh oh!

content-bot commented Feb 23, 2026

Uh oh!

marketplace-ai-reviewer commented Mar 25, 2026

Uh oh!

marketplace-ai-reviewer commented Mar 25, 2026

Uh oh!

marketplace-ai-reviewer left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

content-bot commented Mar 25, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

merit-maita commented Feb 23, 2026

Status

Related Issues

Description

Must have

Uh oh!

content-bot commented Feb 23, 2026

🤖 AI-Powered Code Review Available

Uh oh!

github-actions Bot commented Feb 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

content-bot commented Feb 23, 2026

Uh oh!

content-bot commented Feb 23, 2026

Uh oh!

marketplace-ai-reviewer commented Mar 25, 2026

Uh oh!

marketplace-ai-reviewer commented Mar 25, 2026

Uh oh!

marketplace-ai-reviewer left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

content-bot commented Mar 25, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

github-actions Bot commented Feb 23, 2026 •

edited

Loading