Conversation
tcarmeli1
added
ready-for-pipeline-running
Contributor
🤖 AI-Powered Code Review AvailableYou can leverage AI-powered code review to assist with this PR! Available Commands:
|
barryyosi-panw
approved these changes
Mar 10, 2026
Contributor
|
Validate summary Verdict: PR can be force merged from validate perspective? ✅ |
matt6697
pushed a commit
to matt6697/content
that referenced
this pull request
Mar 16, 2026
* remove github action * remove github action
barryyosi-panw
pushed a commit
that referenced
this pull request
Mar 18, 2026
* remove github action * remove github action
kobymeir
pushed a commit
that referenced
this pull request
Mar 25, 2026
#43591) * Add override agent functionality to WildFireReports integration - Introduced `override_agent` parameter in WildFireReports.yml to allow users to specify the agent header for API requests. - Updated Client class to accept `override_agent` and modified `get_agent` method to utilize this parameter. - Enhanced agent detection logic based on platform. * release notes * Update WildFireReports integration to use `agent` instead of `override_agent`. * reorder params * endpointIsolation - create and delete policy (#43045) * endpointIsolation * add endpoint_ids * remove target, use endpoint_ids to craete filter, handle both profile_id and prpfile_name at the same argument * handle priority * identity and web_and_api based on platform * inner function * add tests * rn * remove handling missing policy_name * endpointIsolationDeleteMupltiplePolicies * description * tests * trigger build * code review * pre commit * Bump pack from version Core to 3.5.9. * ruff * tests + ruff * Bump pack from version Core to 3.5.22. * debug logs and doc string --------- Co-authored-by: Content Bot <bot@demisto.com> * Auto RN: dra-refactor-wmiprvse_rare_child_command_line (#43242) * Initial release notes for dra-refactor-wmiprvse_rare_child_command_line * Bump pack from version CortexResponseAndRemediation to 1.2.99. * Sync release notes from GitLab (5a7ed790) * Sync release notes from GitLab (96af86b6) * Sync release notes from GitLab (99bc5979) * Sync release notes from GitLab (93d90fbc) * Revert rename of ReleaseNotes 1_2_97.md back from 1_3_15.md * rn * Bump pack from version CortexResponseAndRemediation to 1.3.17. * Sync release notes from GitLab (f67bb4bf) * fix * rn * Sync release notes from GitLab (4424e548) * Sync release notes from GitLab (53c31e56) * Sync release notes from GitLab (a81ee83f) * Sync release notes from GitLab (8873b3a0) --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Ni-Knight <davrahami@paloaltonetworks.com> * Microsoft-Teams-Send-Proactive-Messages-to-Any-User (#42931) * Microsoft-Teams-Send-Proactive-Messages-to-Any-User * add * allow to get adaptive card response * readme * tests * Bump pack from version MicrosoftTeams to 1.5.54. * Update 1_5_54.md * code review * sevice_url * code review * code review * debug * ruff and debug * LRU cache * remove isinstance * command description * docker image * from jwt.types import Options as JWTOptions * ignore BA129 --------- Co-authored-by: Content Bot <bot@demisto.com> * Auto RN: msiexec_playbook_refactor (#43447) Documentation and metadata improvements. * Telemetry cortex update indicator (#43460) * TelemetryCortexUpdateIndicator * rn * docker image * Note: At least one of the following arguments must be provided: type, verdict, tags, or related_issues. * assert isinstance(result.outputs, dict) * supportedModules * trigger build * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) --------- Co-authored-by: CI Bot <ci@demisto.com> * Exclude posture policy alerts for fetch incidents in the Reco integration (#43536) * Exclude posture policy alerts for fetch incidents in the Reco integration (#43395) * Switch alert fetch to use ALERT_VIEW_WITH_SHARED_STATUS view - Replace RECO_ACTIVE_ALERTS_VIEW ("alerts") with ALERT_VIEW_WITH_SHARED_STATUS - Add scope: "data" to the table request - Rename filter field data_source → short_extraction_source - Update parse_alerts_to_incidents to handle both cells (table row) format and flat dict format, supporting both snake_case and camelCase field names Fixes posture check alerts being incorrectly ingested as incidents. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * updated RN and version number * Add User-Agent header to all API calls Sets User-Agent: xsoar/{pack_version} on every outbound request via the RecoClient constructor, using get_pack_version() from CommonServerPython. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fixed cr comments --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Update docker image --------- Co-authored-by: YanivBlum-Reco <yanivb@reco.ai> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com> * remove github action (#43429) * remove github action * remove github action * Censys: use api v3 (#42713) * implement v2 * RN * demo chanegs * update the integration image * dr changes * readme changes * fix validation * fix validation * section order * Apply suggestions from code review Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * minimize the test file * update text * update text + fix yml * update docker --------- Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * CSF - added support for the polling argument in the cs-falcon-ods-cre… (#43384) * CSF - added support for the polling argument in the cs-falcon-ods-create-scan command * pc * added readme * XSUP-63924: AWS-S3 test-module update (#43391) * added list_objects_v2 to the test module * rn and README * do106 * do106 * ai review * fixed unit tests * return an error * raise an exception * rn update --------- Co-authored-by: Moish-Gilboa <moish.gilboa@gmail.com> * CRTX-217680: COOC QA default values (#43477) * added default values to the quick actions required args * rn * ai review and do106 * gcp small update * aws-iam quick action * iam rn * do106 * cr updates * rn (#43527) * Zscaler: Add new ZIdentity integration with OAuth 2.0 support (#43445) * Zscaler: Add new ZIdentity integration with OAuth 2.0 support, bump version to 1.5.0 * Demo fixes * Update Packs/Zscaler/ReleaseNotes/1_5_0.md Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Update Packs/Zscaler/ReleaseNotes/1_5_0.md Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * CR fixes * AI CR fixes * commit (#43500) * Auto RN: ss_refacctor_creds_dump_known_tool_pb (#43495) * Initial release notes for ss_refacctor_creds_dump_known_tool_pb * Sync release notes from GitLab (b1566d7b) * Sync release notes from GitLab (a6c452eb) * Sync release notes from GitLab (dc2c6ba4) * Trigger AI Reviewer --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> Co-authored-by: Content Bot <Content-Bot@users.noreply.github.com> * pre-commit fixes * Fix UT * UT fixes * fix --------- Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> Co-authored-by: israelpoli <72099621+israelpoli@users.noreply.github.com> Co-authored-by: Content Bot <55035720+content-bot@users.noreply.github.com> Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> Co-authored-by: Content Bot <Content-Bot@users.noreply.github.com> * CSOAR-4383: Added lookback window logic in fetch incident function (#42723) (#43412) * CSOAR-4383: Added lookback window logic in fetch incident function * CSOAR-4383: added testcases and json * CSOAR-4383: added release notes md and updated pack * CSOAR-4383: updated code of lookback logic * CSOAR-4383 Fixed pre-commit issue --------- Co-authored-by: Ruturaj Jain <171145014+ruturajsumo@users.noreply.github.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: Rishav Rishav <rishav@sumologic.com> * Update on GraphQL Library Version 4 and Required Integration Changes (#43038) * first commit * Update 1_0_22.md * fixes * fixes * fixes * fixes * Delete Packs/CrowdStrikeFalcon/ReleaseNotes/2_7_4.md * Update pack_metadata.json * Update pack_metadata.json * fixes * fixes * Update GraphQL.yml * Update 1_0_22.md * fixes * fixes * fixes * Delete Packs/GraphQL/Integrations/GraphQL/GraphQL_test.py * Delete Packs/GraphQL/ReleaseNotes/1_0_23.md * Update pack_metadata.json * Update 1_0_22.md * Fixed data loss on API errors in Orca integration (#43498) (#43548) * Fix bug where API errors during `fetch-incidents` cause permanent alert data loss * Fix bug where API errors during `fetch-incidents` cause permanent alert data loss * Fix bug where API errors during `fetch-incidents` cause permanent alert data loss * Fix bug where API errors during `fetch-incidents` cause permanent alert data loss * Fix bug where API errors during `fetch-incidents` cause permanent alert data loss * Fix bug where API errors during `fetch-incidents` cause permanent alert data loss Co-authored-by: Viktor Poltorak <90267674+viktor-orca@users.noreply.github.com> * Auto RN: forwardingssosaastor (#43544) * Initial release notes for forwardingssosaastor * Sync release notes from GitLab (86ef2012) * Sync release notes from GitLab (9fad6450) * Sync release notes from GitLab (9b8e948b) * Sync release notes from GitLab (34b08d80) * Sync release notes from GitLab (2a32a8b3) * Sync release notes from GitLab (894e9341) --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: ArikDay <115150768+ArikDay@users.noreply.github.com> * [CRTX-179478] - Mapping - IBM Guardium Data Security Center (#43369) * Added Modeling Rules for IBM Guardium Data Security Center activity log report events. * demisto-sdk-release 1.38.22 (#43542) * poetry files * update validation config file --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: yedidyacohenpalo <yecohen@paloaltonetworks.com> * New administrative behavior (#43491) * RN * rn * fix * Trigger GitHub pipeline (user-created PR) * rn * Trigger GitHub pipeline (user-created PR) * Trigger AI Reviewer * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * rn * rn * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * GR109 ignore * rn * fixed ignores * GR109 - ignore scripts as well * SDK extensive DEBUG for GR109 * revert to infra tag * rn * GR109 - ignore * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * rn * rn --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Content Bot <Content-Bot@users.noreply.github.com> Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> Co-authored-by: rshunim <rshunim@paloaltonetworks.com> Co-authored-by: rshunim <102469772+rshunim@users.noreply.github.com> * Enhancement for sentinelone modeling rule (#43492) * Enhancment for SentinelOne modeling rule * added to schema * added release note * changed type * added fields * fixed os * Trigger GitHub pipeline (user-created PR) --------- Co-authored-by: CI Bot <ci@demisto.com> * Rapid7 - replace long-running with fetch assets (#43336) * Rapid7 - replace long-running with fetch assets * added things * revert back to 2 working clients * bc note * fix tests * reverted back to integration context * validate * bot review * Apply suggestions from doc review Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * SDK extensive DEBUG for GR109 * revert my mistake --------- Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> Co-authored-by: rshunim <rshunim@paloaltonetworks.com> * update Dataminr Pulse ReGenAI marketplaces (#43481) * update Dataminr Pulse ReGenAI marketplaces * update release note * Update 2_0_2.md * Trigger AI Reviewer --------- Co-authored-by: Content Bot <Content-Bot@users.noreply.github.com> * Fix polling timeout parameter name mismatch in Tenable.io (#43505) * Fix polling timeout parameter name mismatch in Tenable.io * Fix both export commands * ignore (#43577) * Fixed incorrect timestamp handling in Qualys FIM (#43497) * Fixed incorrect timestamp handling in Qualys FIM * Update QualysFIM_test.py --------- Co-authored-by: Daniel Tal <87daniel.tal@gmail.com> * Align args deconstruction EWS and Phishlabs (#43530) * fix phishlabs * fix ews * fix ews tests and add pishlabs DRP * added rn * fix tests * validate and AI CR fixes * pre-commit fixes * fix tests * fix tpb * fix tests * revert docker * fix rn * pre-commit fixes * Add force password change and read password state commands to PingOne(#43575) * Add pingone-password-force-change command to PingOne integration (#43373) their password on next login via POST to users/{id}/password with the forceChange content-type header - Add `pingone-read-password-state` command to retrieve the current password state for a user - Add unit tests for both new commands - Update README, command examples, and test playbook accordingly - Bump pack version to 1.0.12 * Fix validation errors --------- Co-authored-by: Peter Holko (Ping Identity) <peterholko@pingidentity.com> Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com> * Fix for Snapshot sealing incomplete when also fetching vulnerabilities Tenable (#43397) * Fix for Snapshot sealing incomplete when also fetching vulnerabilities * Add request takedown command and fetch improvements to ThreatMon (#43573) * Add request takedown command and improve fetch in ThreatMon (#43453) * eat/threatmon-add-request-takedown * ThreatMon: add fetch interval config, request takedown command, and pagination safety guards * Fix validation errors --------- Co-authored-by: cengugr <ugr.krcck@gmail.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com> * Fix Palo Alto Networks WildFire v2 agent resolution logic and update pack metadata to 2.1.72. * fix platform resolution * revert redundant changes * Revert WildFireReports files to master state (restore missing newlines) * Update test_get_agent to use new parameter names and handle edge cases for XSIAM and version >= 8. * Fix unified Cortex platform tenant detection and improve XSIAM platform detection in WildFire pack. * Improved accuracy of platform type determination * Corrected XSIAM platform detection issue in agent resolution logic * use updated playbook in TPB * Update Palo Alto Networks WildFire test playbook to v2.2. * update tpbs * update tpbs * rename playbook image .... * rename playbooks * tpb * empty commit * fix(tests): add fromversion to FileEnrichment conf.json entry The FileEnrichment - Test playbook requires XSOAR 8.0+ (fromversion: 8.0.0) but the conf.json entry had no version constraint, causing CI to attempt running it on XSOAR 6.x servers where the playbook cannot be installed. * empty commit * fix(playbook): update URL value in Detonate URL - WildFire-v2 - Test playbook * update release notes and increment version to 2.1.73 for WildFire integration * Bump pack from version Base to 1.41.70. * Remove 'fromversion' from Tests/onf.json entry Remove 'fromversion' field from Tests/conf.json. * Add 'fromversion' field to instance configuration for FileEnrichment-Test * Replace 'fromversion' filter with marketplaces filter * Update Detonate URL test playbook to simplify URL input * Update outputs_prefix in command_results to use WILDFIRE_REPORT_DT_FILE --------- Co-authored-by: hyaffe839 <hyaffe@paloaltonetworks.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Content Bot <55035720+content-bot@users.noreply.github.com> Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Ni-Knight <davrahami@paloaltonetworks.com> Co-authored-by: YanivBlum-Reco <yanivb@reco.ai> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com> Co-authored-by: Tal Carmeli <158452762+tcarmeli1@users.noreply.github.com> Co-authored-by: Israel Lappe <79846863+ilappe@users.noreply.github.com> Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> Co-authored-by: Moish-Gilboa <moish.gilboa@gmail.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> Co-authored-by: israelpoli <72099621+israelpoli@users.noreply.github.com> Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> Co-authored-by: Content Bot <Content-Bot@users.noreply.github.com> Co-authored-by: Ruturaj Jain <171145014+ruturajsumo@users.noreply.github.com> Co-authored-by: Rishav Rishav <rishav@sumologic.com> Co-authored-by: Bar Gali <75535203+BarGali@users.noreply.github.com> Co-authored-by: Viktor Poltorak <90267674+viktor-orca@users.noreply.github.com> Co-authored-by: ArikDay <115150768+ArikDay@users.noreply.github.com> Co-authored-by: oatias <oatias@paloaltonetworks.com> Co-authored-by: yedidyacohenpalo <yecohen@paloaltonetworks.com> Co-authored-by: rshunim <rshunim@paloaltonetworks.com> Co-authored-by: rshunim <102469772+rshunim@users.noreply.github.com> Co-authored-by: sharonfi99 <147984773+sharonfi99@users.noreply.github.com> Co-authored-by: yedidyacohenpalo <162107504+yedidyacohenpalo@users.noreply.github.com> Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> Co-authored-by: Adi Bamberger Edri <72088126+BEAdi@users.noreply.github.com> Co-authored-by: Daniel Tal <87daniel.tal@gmail.com> Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com> Co-authored-by: Peter Holko (Ping Identity) <peterholko@pingidentity.com> Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> Co-authored-by: cengugr <ugr.krcck@gmail.com>
adi88d
pushed a commit
that referenced
this pull request
Mar 25, 2026
#43591) * Add override agent functionality to WildFireReports integration - Introduced `override_agent` parameter in WildFireReports.yml to allow users to specify the agent header for API requests. - Updated Client class to accept `override_agent` and modified `get_agent` method to utilize this parameter. - Enhanced agent detection logic based on platform. * release notes * Update WildFireReports integration to use `agent` instead of `override_agent`. * reorder params * endpointIsolation - create and delete policy (#43045) * endpointIsolation * add endpoint_ids * remove target, use endpoint_ids to craete filter, handle both profile_id and prpfile_name at the same argument * handle priority * identity and web_and_api based on platform * inner function * add tests * rn * remove handling missing policy_name * endpointIsolationDeleteMupltiplePolicies * description * tests * trigger build * code review * pre commit * Bump pack from version Core to 3.5.9. * ruff * tests + ruff * Bump pack from version Core to 3.5.22. * debug logs and doc string --------- Co-authored-by: Content Bot <bot@demisto.com> * Auto RN: dra-refactor-wmiprvse_rare_child_command_line (#43242) * Initial release notes for dra-refactor-wmiprvse_rare_child_command_line * Bump pack from version CortexResponseAndRemediation to 1.2.99. * Sync release notes from GitLab (5a7ed790) * Sync release notes from GitLab (96af86b6) * Sync release notes from GitLab (99bc5979) * Sync release notes from GitLab (93d90fbc) * Revert rename of ReleaseNotes 1_2_97.md back from 1_3_15.md * rn * Bump pack from version CortexResponseAndRemediation to 1.3.17. * Sync release notes from GitLab (f67bb4bf) * fix * rn * Sync release notes from GitLab (4424e548) * Sync release notes from GitLab (53c31e56) * Sync release notes from GitLab (a81ee83f) * Sync release notes from GitLab (8873b3a0) --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Ni-Knight <davrahami@paloaltonetworks.com> * Microsoft-Teams-Send-Proactive-Messages-to-Any-User (#42931) * Microsoft-Teams-Send-Proactive-Messages-to-Any-User * add * allow to get adaptive card response * readme * tests * Bump pack from version MicrosoftTeams to 1.5.54. * Update 1_5_54.md * code review * sevice_url * code review * code review * debug * ruff and debug * LRU cache * remove isinstance * command description * docker image * from jwt.types import Options as JWTOptions * ignore BA129 --------- Co-authored-by: Content Bot <bot@demisto.com> * Auto RN: msiexec_playbook_refactor (#43447) Documentation and metadata improvements. * Telemetry cortex update indicator (#43460) * TelemetryCortexUpdateIndicator * rn * docker image * Note: At least one of the following arguments must be provided: type, verdict, tags, or related_issues. * assert isinstance(result.outputs, dict) * supportedModules * trigger build * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) --------- Co-authored-by: CI Bot <ci@demisto.com> * Exclude posture policy alerts for fetch incidents in the Reco integration (#43536) * Exclude posture policy alerts for fetch incidents in the Reco integration (#43395) * Switch alert fetch to use ALERT_VIEW_WITH_SHARED_STATUS view - Replace RECO_ACTIVE_ALERTS_VIEW ("alerts") with ALERT_VIEW_WITH_SHARED_STATUS - Add scope: "data" to the table request - Rename filter field data_source → short_extraction_source - Update parse_alerts_to_incidents to handle both cells (table row) format and flat dict format, supporting both snake_case and camelCase field names Fixes posture check alerts being incorrectly ingested as incidents. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * updated RN and version number * Add User-Agent header to all API calls Sets User-Agent: xsoar/{pack_version} on every outbound request via the RecoClient constructor, using get_pack_version() from CommonServerPython. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fixed cr comments --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Update docker image --------- Co-authored-by: YanivBlum-Reco <yanivb@reco.ai> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com> * remove github action (#43429) * remove github action * remove github action * Censys: use api v3 (#42713) * implement v2 * RN * demo chanegs * update the integration image * dr changes * readme changes * fix validation * fix validation * section order * Apply suggestions from code review Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * minimize the test file * update text * update text + fix yml * update docker --------- Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * CSF - added support for the polling argument in the cs-falcon-ods-cre… (#43384) * CSF - added support for the polling argument in the cs-falcon-ods-create-scan command * pc * added readme * XSUP-63924: AWS-S3 test-module update (#43391) * added list_objects_v2 to the test module * rn and README * do106 * do106 * ai review * fixed unit tests * return an error * raise an exception * rn update --------- Co-authored-by: Moish-Gilboa <moish.gilboa@gmail.com> * CRTX-217680: COOC QA default values (#43477) * added default values to the quick actions required args * rn * ai review and do106 * gcp small update * aws-iam quick action * iam rn * do106 * cr updates * rn (#43527) * Zscaler: Add new ZIdentity integration with OAuth 2.0 support (#43445) * Zscaler: Add new ZIdentity integration with OAuth 2.0 support, bump version to 1.5.0 * Demo fixes * Update Packs/Zscaler/ReleaseNotes/1_5_0.md Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Update Packs/Zscaler/ReleaseNotes/1_5_0.md Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * CR fixes * AI CR fixes * commit (#43500) * Auto RN: ss_refacctor_creds_dump_known_tool_pb (#43495) * Initial release notes for ss_refacctor_creds_dump_known_tool_pb * Sync release notes from GitLab (b1566d7b) * Sync release notes from GitLab (a6c452eb) * Sync release notes from GitLab (dc2c6ba4) * Trigger AI Reviewer --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> Co-authored-by: Content Bot <Content-Bot@users.noreply.github.com> * pre-commit fixes * Fix UT * UT fixes * fix --------- Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> Co-authored-by: israelpoli <72099621+israelpoli@users.noreply.github.com> Co-authored-by: Content Bot <55035720+content-bot@users.noreply.github.com> Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> Co-authored-by: Content Bot <Content-Bot@users.noreply.github.com> * CSOAR-4383: Added lookback window logic in fetch incident function (#42723) (#43412) * CSOAR-4383: Added lookback window logic in fetch incident function * CSOAR-4383: added testcases and json * CSOAR-4383: added release notes md and updated pack * CSOAR-4383: updated code of lookback logic * CSOAR-4383 Fixed pre-commit issue --------- Co-authored-by: Ruturaj Jain <171145014+ruturajsumo@users.noreply.github.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: Rishav Rishav <rishav@sumologic.com> * Update on GraphQL Library Version 4 and Required Integration Changes (#43038) * first commit * Update 1_0_22.md * fixes * fixes * fixes * fixes * Delete Packs/CrowdStrikeFalcon/ReleaseNotes/2_7_4.md * Update pack_metadata.json * Update pack_metadata.json * fixes * fixes * Update GraphQL.yml * Update 1_0_22.md * fixes * fixes * fixes * Delete Packs/GraphQL/Integrations/GraphQL/GraphQL_test.py * Delete Packs/GraphQL/ReleaseNotes/1_0_23.md * Update pack_metadata.json * Update 1_0_22.md * Fixed data loss on API errors in Orca integration (#43498) (#43548) * Fix bug where API errors during `fetch-incidents` cause permanent alert data loss * Fix bug where API errors during `fetch-incidents` cause permanent alert data loss * Fix bug where API errors during `fetch-incidents` cause permanent alert data loss * Fix bug where API errors during `fetch-incidents` cause permanent alert data loss * Fix bug where API errors during `fetch-incidents` cause permanent alert data loss * Fix bug where API errors during `fetch-incidents` cause permanent alert data loss Co-authored-by: Viktor Poltorak <90267674+viktor-orca@users.noreply.github.com> * Auto RN: forwardingssosaastor (#43544) * Initial release notes for forwardingssosaastor * Sync release notes from GitLab (86ef2012) * Sync release notes from GitLab (9fad6450) * Sync release notes from GitLab (9b8e948b) * Sync release notes from GitLab (34b08d80) * Sync release notes from GitLab (2a32a8b3) * Sync release notes from GitLab (894e9341) --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: ArikDay <115150768+ArikDay@users.noreply.github.com> * [CRTX-179478] - Mapping - IBM Guardium Data Security Center (#43369) * Added Modeling Rules for IBM Guardium Data Security Center activity log report events. * demisto-sdk-release 1.38.22 (#43542) * poetry files * update validation config file --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: yedidyacohenpalo <yecohen@paloaltonetworks.com> * New administrative behavior (#43491) * RN * rn * fix * Trigger GitHub pipeline (user-created PR) * rn * Trigger GitHub pipeline (user-created PR) * Trigger AI Reviewer * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * rn * rn * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * GR109 ignore * rn * fixed ignores * GR109 - ignore scripts as well * SDK extensive DEBUG for GR109 * revert to infra tag * rn * GR109 - ignore * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * rn * rn --------- Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Content Bot <Content-Bot@users.noreply.github.com> Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> Co-authored-by: rshunim <rshunim@paloaltonetworks.com> Co-authored-by: rshunim <102469772+rshunim@users.noreply.github.com> * Enhancement for sentinelone modeling rule (#43492) * Enhancment for SentinelOne modeling rule * added to schema * added release note * changed type * added fields * fixed os * Trigger GitHub pipeline (user-created PR) --------- Co-authored-by: CI Bot <ci@demisto.com> * Rapid7 - replace long-running with fetch assets (#43336) * Rapid7 - replace long-running with fetch assets * added things * revert back to 2 working clients * bc note * fix tests * reverted back to integration context * validate * bot review * Apply suggestions from doc review Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> * SDK extensive DEBUG for GR109 * revert my mistake --------- Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> Co-authored-by: rshunim <rshunim@paloaltonetworks.com> * update Dataminr Pulse ReGenAI marketplaces (#43481) * update Dataminr Pulse ReGenAI marketplaces * update release note * Update 2_0_2.md * Trigger AI Reviewer --------- Co-authored-by: Content Bot <Content-Bot@users.noreply.github.com> * Fix polling timeout parameter name mismatch in Tenable.io (#43505) * Fix polling timeout parameter name mismatch in Tenable.io * Fix both export commands * ignore (#43577) * Fixed incorrect timestamp handling in Qualys FIM (#43497) * Fixed incorrect timestamp handling in Qualys FIM * Update QualysFIM_test.py --------- Co-authored-by: Daniel Tal <87daniel.tal@gmail.com> * Align args deconstruction EWS and Phishlabs (#43530) * fix phishlabs * fix ews * fix ews tests and add pishlabs DRP * added rn * fix tests * validate and AI CR fixes * pre-commit fixes * fix tests * fix tpb * fix tests * revert docker * fix rn * pre-commit fixes * Add force password change and read password state commands to PingOne(#43575) * Add pingone-password-force-change command to PingOne integration (#43373) their password on next login via POST to users/{id}/password with the forceChange content-type header - Add `pingone-read-password-state` command to retrieve the current password state for a user - Add unit tests for both new commands - Update README, command examples, and test playbook accordingly - Bump pack version to 1.0.12 * Fix validation errors --------- Co-authored-by: Peter Holko (Ping Identity) <peterholko@pingidentity.com> Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com> * Fix for Snapshot sealing incomplete when also fetching vulnerabilities Tenable (#43397) * Fix for Snapshot sealing incomplete when also fetching vulnerabilities * Add request takedown command and fetch improvements to ThreatMon (#43573) * Add request takedown command and improve fetch in ThreatMon (#43453) * eat/threatmon-add-request-takedown * ThreatMon: add fetch interval config, request takedown command, and pagination safety guards * Fix validation errors --------- Co-authored-by: cengugr <ugr.krcck@gmail.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com> * Fix Palo Alto Networks WildFire v2 agent resolution logic and update pack metadata to 2.1.72. * fix platform resolution * revert redundant changes * Revert WildFireReports files to master state (restore missing newlines) * Update test_get_agent to use new parameter names and handle edge cases for XSIAM and version >= 8. * Fix unified Cortex platform tenant detection and improve XSIAM platform detection in WildFire pack. * Improved accuracy of platform type determination * Corrected XSIAM platform detection issue in agent resolution logic * use updated playbook in TPB * Update Palo Alto Networks WildFire test playbook to v2.2. * update tpbs * update tpbs * rename playbook image .... * rename playbooks * tpb * empty commit * fix(tests): add fromversion to FileEnrichment conf.json entry The FileEnrichment - Test playbook requires XSOAR 8.0+ (fromversion: 8.0.0) but the conf.json entry had no version constraint, causing CI to attempt running it on XSOAR 6.x servers where the playbook cannot be installed. * empty commit * fix(playbook): update URL value in Detonate URL - WildFire-v2 - Test playbook * update release notes and increment version to 2.1.73 for WildFire integration * Bump pack from version Base to 1.41.70. * Remove 'fromversion' from Tests/onf.json entry Remove 'fromversion' field from Tests/conf.json. * Add 'fromversion' field to instance configuration for FileEnrichment-Test * Replace 'fromversion' filter with marketplaces filter * Update Detonate URL test playbook to simplify URL input * Update outputs_prefix in command_results to use WILDFIRE_REPORT_DT_FILE --------- Co-authored-by: hyaffe839 <hyaffe@paloaltonetworks.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Content Bot <55035720+content-bot@users.noreply.github.com> Co-authored-by: CI Bot <ci@demisto.com> Co-authored-by: Ni-Knight <davrahami@paloaltonetworks.com> Co-authored-by: YanivBlum-Reco <yanivb@reco.ai> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com> Co-authored-by: Tal Carmeli <158452762+tcarmeli1@users.noreply.github.com> Co-authored-by: Israel Lappe <79846863+ilappe@users.noreply.github.com> Co-authored-by: julieschwartz18 <91824591+julieschwartz18@users.noreply.github.com> Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> Co-authored-by: Moish-Gilboa <moish.gilboa@gmail.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> Co-authored-by: israelpoli <72099621+israelpoli@users.noreply.github.com> Co-authored-by: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> Co-authored-by: Content Bot <Content-Bot@users.noreply.github.com> Co-authored-by: Ruturaj Jain <171145014+ruturajsumo@users.noreply.github.com> Co-authored-by: Rishav Rishav <rishav@sumologic.com> Co-authored-by: Bar Gali <75535203+BarGali@users.noreply.github.com> Co-authored-by: Viktor Poltorak <90267674+viktor-orca@users.noreply.github.com> Co-authored-by: ArikDay <115150768+ArikDay@users.noreply.github.com> Co-authored-by: oatias <oatias@paloaltonetworks.com> Co-authored-by: yedidyacohenpalo <yecohen@paloaltonetworks.com> Co-authored-by: rshunim <rshunim@paloaltonetworks.com> Co-authored-by: rshunim <102469772+rshunim@users.noreply.github.com> Co-authored-by: sharonfi99 <147984773+sharonfi99@users.noreply.github.com> Co-authored-by: yedidyacohenpalo <162107504+yedidyacohenpalo@users.noreply.github.com> Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> Co-authored-by: Adi Bamberger Edri <72088126+BEAdi@users.noreply.github.com> Co-authored-by: Daniel Tal <87daniel.tal@gmail.com> Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com> Co-authored-by: Peter Holko (Ping Identity) <peterholko@pingidentity.com> Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> Co-authored-by: cengugr <ugr.krcck@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Migrate to cloud run