FireEyeNX Pack Corrections (demisto#24723)

* commit xdr mapping * Check * Check2 * Test - Changed Multimodel * Update FireEyeNX_1_3.xif * Updated RE * Removed ParsingRules * ParsingRules stash * Updated toversion * Updated Parsing * Updated Parsing
my-soar · Feb 24, 2023 · 95b831d · 95b831d
1 parent 5d7b26e
commit 95b831d
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 8 deletions.
diff --git a/Packs/FireEyeNX/ModelingRules/FireEyeNX/FireEyeNX.xif b/Packs/FireEyeNX/ModelingRules/FireEyeNX/FireEyeNX.xif
@@ -1,4 +1,4 @@
-[MODEL: dataset=fireeye_mps_raw, model=Network] 
+[MODEL:model="Network", dataset="fireeye_mps_raw"] 
 alter XDM.Network.event_timestamp = parse_timestamp("%s",arrayindex( regextract(to_string(rt),"(\d+)\d{3}"),0) ),
     XDM.Network.Destination.port = to_number(dpt),
     XDM.Network.Source.port = to_number(spt),

diff --git a/Packs/FireEyeNX/ModelingRules/FireEyeNX/FireEyeNX.yml b/Packs/FireEyeNX/ModelingRules/FireEyeNX/FireEyeNX.yml
@@ -1,6 +1,7 @@
 name: FireEye NX Modeling Rule
 id: fireeye_nx_modeling_rule
 fromversion: 6.8.0
+toversion: 6.9.9
 tags: FireEye NX
 rules: ''
 schema: ''
diff --git a/Packs/FireEyeNX/ModelingRules/FireEyeNX_1_3/FireEyeNX_1_3.xif b/Packs/FireEyeNX/ModelingRules/FireEyeNX_1_3/FireEyeNX_1_3.xif
@@ -1,5 +1,6 @@
 [MODEL: dataset=fireeye_mps_raw]
-alter xdm.target.port = to_number(dpt),
+alter 
+    xdm.target.port = to_number(dpt),
     xdm.source.port = to_number(spt),
     xdm.event.operation_sub_type = act,
     xdm.target.ipv4 = dst,
@@ -15,4 +16,4 @@ alter xdm.target.port = to_number(dpt),
     xdm.source.process.executable.md5 = fileHash,
     xdm.source.process.executable.file_type = fileType,
     xdm.network.http.method = requestMethod,
-    xdm.alert.original_threat_name = cs1;
+    xdm.alert.original_threat_name = cs1;
diff --git a/Packs/FireEyeNX/ParsingRules/FireEyeNX/FireEyeNX.xif b/Packs/FireEyeNX/ParsingRules/FireEyeNX/FireEyeNX.xif
@@ -1,5 +1,2 @@
 [INGEST:vendor="fireeye", product="mps", target_dataset="fireeye_mps_raw", no_hit = keep]
-alter tmp_year_number = format_timestamp("%Y", _insert_time)
-    , tmp_time_extract = arrayindex(regextract(_raw_log ,"\>\s*([a-zA-Z]+\s+\d+\s+\d+\:\d+\:\d+)"),0)
-| alter _time = parse_timestamp("%b %d %H:%M:%S %Y",concat(tmp_time_extract , " " ,tmp_year_number ))
-| fields - tmp_time_extract , tmp_year_number;
+alter _time = to_timestamp(to_integer(RT), "millis");
diff --git a/Packs/FireEyeNX/ReleaseNotes/1_1_16.md b/Packs/FireEyeNX/ReleaseNotes/1_1_16.md
@@ -0,0 +1,6 @@
+
+#### Modeling Rules
+
+##### FireEye NX Modeling Rule
+
+- Updated Modeling Rules
diff --git a/Packs/FireEyeNX/pack_metadata.json b/Packs/FireEyeNX/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "FireEye Network Security (NX)",
     "description": "FireEye Network Security is an effective cyber threat protection solution that helps organizations minimize the risk of costly breaches by accurately detecting and immediately stopping advanced, targeted, and other evasive attacks hiding in Internet traffic.",
     "support": "xsoar",
-    "currentVersion": "1.1.15",
+    "currentVersion": "1.1.16",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",