From 5314759733449e07b42a5a72889f60823e69f462 Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Wed, 20 Sep 2023 16:50:46 +0300 Subject: [PATCH] [ASM] - Expander - Update ASM fields (4821) (#29702) * [ASM] - Expander - Update ASM fields (4821) (#29506) * Add missing comments to grid fields - Update descriptions of fields as needed. * Add release notes * Add descriptions to two fields - asmdevcheckdetails - asmenrichmentstatus * Update release notes. * Grammar updates. * Update release notes * Add mandatory or optional in comments * Update comments with mandatory * Update pack version and release notes * Add correct 1_6_33 release notes * fix rn * fix rn --------- Co-authored-by: John <40349459+BigEasyJ@users.noreply.github.com> Co-authored-by: ostolero <86190583+ostolero@users.noreply.github.com> Co-authored-by: ostolero --- .../incidentfield-ASM_-_Alert_Summary.json | 8 ++++--- .../incidentfield-ASM_-_Asset_ID.json | 2 +- ...entfield-ASM_-_Attack_Surface_Rule_ID.json | 2 +- .../incidentfield-ASM_-_Cloud.json | 15 ++++++++----- .../incidentfield-ASM_-_Data_Collection.json | 14 +++++++----- ...incidentfield-ASM_-_Dev_Check_Details.json | 1 + ...incidentfield-ASM_-_Enrichment_Status.json | 1 + .../incidentfield-ASM_-_Notification.json | 12 ++++++---- .../incidentfield-ASM_-_Playbook_Stage.json | 6 +++-- .../incidentfield-ASM_-_Private_IP.json | 8 ++++--- .../incidentfield-ASM_-_Related.json | 6 +++-- .../incidentfield-ASM_-_Remediation.json | 14 +++++++----- ...entfield-ASM_-_Remediation_Objectives.json | 6 ++--- ...dentfield-ASM_-_Remediation_Path_Rule.json | 15 ++++++++----- ...incidentfield-ASM_-_Service_Detection.json | 17 +++++++++----- .../incidentfield-ASM_-_Service_Owner.json | 18 ++++++++++----- ...ield-ASM_-_Service_Owner_Unranked_Raw.json | 14 +++++++----- .../incidentfield-ASM_-_System_IDs.json | 11 ++++++---- .../incidentfield-ASM_-_Tags.json | 9 +++++--- .../ReleaseNotes/1_6_39.md | 22 +++++++++++++++++++ .../pack_metadata.json | 2 +- 21 files changed, 139 insertions(+), 64 deletions(-) create mode 100644 Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_6_39.md diff --git a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Alert_Summary.json b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Alert_Summary.json index 39352df32bf2..77831095d0ff 100644 --- a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Alert_Summary.json +++ b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Alert_Summary.json @@ -15,7 +15,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: URL to display/download summary." }, { "displayName": "EntryID", @@ -28,7 +29,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: File entryID." } ], "content": true, @@ -37,7 +39,7 @@ {}, {} ], - "description": "Summary report of alert", + "description": "Summary report of alert.", "editForm": true, "group": 0, "hidden": false, diff --git a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Asset_ID.json b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Asset_ID.json index 83b4829fe535..45ef0b153ff6 100644 --- a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Asset_ID.json +++ b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Asset_ID.json @@ -4,7 +4,7 @@ "cliName": "asmassetid", "closeForm": false, "content": true, - "description": "UUID for ASM Asset", + "description": "UUID for ASM Asset.", "editForm": true, "group": 0, "hidden": false, diff --git a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Attack_Surface_Rule_ID.json b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Attack_Surface_Rule_ID.json index ae0b58b4d094..6160fbc7eb83 100644 --- a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Attack_Surface_Rule_ID.json +++ b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Attack_Surface_Rule_ID.json @@ -4,7 +4,7 @@ "cliName": "asmattacksurfaceruleid", "closeForm": false, "content": true, - "description": "UUID for ASM rule", + "description": "UUID for ASM rule.", "editForm": true, "group": 0, "hidden": true, diff --git a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Cloud.json b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Cloud.json index 12e21826dd0d..3994d6fe0364 100644 --- a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Cloud.json +++ b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Cloud.json @@ -15,7 +15,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: The cloud provider: AWS, GCP, Azure, etc." }, { "displayName": "Organization", @@ -28,7 +29,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Optional: Highest level cloud management object." }, { "displayName": "Project", @@ -41,7 +43,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Second highest level cloud management object." }, { "displayName": "Region", @@ -54,7 +57,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Region being used for the asset." }, { "displayName": "Other", @@ -67,7 +71,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Optional: Availability zone or other information." } ], "content": true, diff --git a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Data_Collection.json b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Data_Collection.json index 0e71f35f696c..519f10e9a7a8 100644 --- a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Data_Collection.json +++ b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Data_Collection.json @@ -15,7 +15,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Options available on data collection task." }, { "displayName": "Selected", @@ -28,7 +29,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Which option was selected." }, { "displayName": "Answerer", @@ -41,7 +43,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Who answered the data collection task." }, { "displayName": "Timestamp", @@ -54,7 +57,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Timestamp of when the data collection task was completed." } ], "content": true, @@ -63,7 +67,7 @@ {}, {} ], - "description": "Collect information on data collection tasks", + "description": "Collect information on data collection tasks.", "editForm": true, "group": 0, "hidden": false, diff --git a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Dev_Check_Details.json b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Dev_Check_Details.json index 95f68fc37a64..a9e629839521 100644 --- a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Dev_Check_Details.json +++ b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Dev_Check_Details.json @@ -72,6 +72,7 @@ "isReadOnly": false, "locked": false, "name": "ASM - Dev Check Details", + "description": "A field to determine whether the asset is most likely used for solely development/non-production purposes, including uses like testing, staging, QA, sandbox, and user acceptance testing. Why reasons and confidence.", "neverSetAsRequired": false, "openEnded": false, "ownerOnly": false, diff --git a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Enrichment_Status.json b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Enrichment_Status.json index 55bed6f68a74..4a16d3b5440e 100644 --- a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Enrichment_Status.json +++ b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Enrichment_Status.json @@ -61,6 +61,7 @@ "group": 0, "hidden": false, "id": "incident_asmenrichmentstatus", + "description": "A field to gather information on whether or not an integration perform enrichment for ASM.", "isReadOnly": false, "locked": false, "name": "ASM - Enrichment Status", diff --git a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Notification.json b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Notification.json index cf7f88ef6074..e5facd080650 100644 --- a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Notification.json +++ b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Notification.json @@ -15,7 +15,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment":"Mandatory: Type of notification could be a ServiceNow incident, email, etc." }, { "displayName": "Value", @@ -28,7 +29,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment":"Mandatory: Dependent on type. Ex: ServiceNOW UUID, email recipients, etc." }, { "displayName": "URL", @@ -41,7 +43,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment":"Optional: Related URL of the notification created if applicable." }, { "displayName": "Timestamp", @@ -54,7 +57,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment":"Mandatory: Timestamp of notification sent." } ], "content": true, diff --git a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Playbook_Stage.json b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Playbook_Stage.json index 8e7d0b37f979..d4e4a861e50c 100644 --- a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Playbook_Stage.json +++ b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Playbook_Stage.json @@ -15,7 +15,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: The stage of playbook that was completed." }, { "displayName": "timestamp", @@ -28,7 +29,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: The timestamp of the completed playbook stage." } ], "content": true, diff --git a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Private_IP.json b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Private_IP.json index 674ab2818f74..3f117a1f0248 100644 --- a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Private_IP.json +++ b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Private_IP.json @@ -15,7 +15,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: The IP address of the relevant asset." }, { "displayName": "Source", @@ -28,7 +29,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: The source of the IP address." } ], "content": true, @@ -37,7 +39,7 @@ {}, {} ], - "description": "Private IP addresses found", + "description": "Field for private IP addresses found.", "editForm": true, "group": 0, "hidden": false, diff --git a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Related.json b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Related.json index ad6910718601..aecf1499176d 100644 --- a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Related.json +++ b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Related.json @@ -15,7 +15,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Optional: The source of related item. Ex: Alerts, ServiceNOW, JIRA, etc." }, { "displayName": "Link", @@ -28,7 +29,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Optional: Link to object (if available)." } ], "content": true, diff --git a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Remediation.json b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Remediation.json index 38db27e3879e..5afc663a1138 100644 --- a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Remediation.json +++ b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Remediation.json @@ -15,7 +15,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Description of the remediation action." }, { "displayName": "ActionTimestamp", @@ -28,7 +29,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Timestamp of when action was taken." }, { "displayName": "Outcome", @@ -41,7 +43,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Outcome of the remediation action." }, { "displayName": "OutcomeTimestamp", @@ -54,7 +57,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Timestamp of the remediation outcome." } ], "content": true, @@ -63,7 +67,7 @@ {}, {} ], - "description": "Collect information on remediation action(s)", + "description": "Collect information on remediation action(s).", "editForm": true, "group": 0, "hidden": false, diff --git a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Remediation_Objectives.json b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Remediation_Objectives.json index eb2ff80d2597..dd3090a2d705 100644 --- a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Remediation_Objectives.json +++ b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Remediation_Objectives.json @@ -16,7 +16,7 @@ "selectValues": null, "type": "shortText", "width": 150, - "_comment": "Corresponds with remediation option for the main data collection task." + "_comment": "Mandatory: Corresponds with remediation option for the main data collection task." }, { "displayName": "statement", @@ -30,7 +30,7 @@ "selectValues": null, "type": "shortText", "width": 150, - "_comment": "Summary of the remediation action." + "_comment": "Mandatory: Summary of the remediation action." } ], "content": true, @@ -39,7 +39,7 @@ {}, {} ], - "description": "Remediation objectives uses to display the remediation actions to the end user", + "description": "Remediation objectives uses to display the remediation actions to the end user.", "editForm": true, "group": 0, "hidden": false, diff --git a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Remediation_Path_Rule.json b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Remediation_Path_Rule.json index 0ebd58b10356..4454afbb9e41 100644 --- a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Remediation_Path_Rule.json +++ b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Remediation_Path_Rule.json @@ -15,7 +15,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Name of the matching Remediation Path Rule." }, { "displayName": "Description", @@ -28,7 +29,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Description of the matching rule." }, { "displayName": "Action", @@ -41,7 +43,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Action of the matching rule." }, { "displayName": "Created_by", @@ -54,7 +57,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: The user that created the rule." }, { "displayName": "Criteria", @@ -67,7 +71,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: The criteria of the rule." } ], "content": true, diff --git a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Service_Detection.json b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Service_Detection.json index 7c28cd901969..60913914b6b5 100644 --- a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Service_Detection.json +++ b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Service_Detection.json @@ -15,7 +15,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment":"Mandatory: ID of the scan." }, { "displayName": "ScanDone", @@ -28,7 +29,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment":"Optional: Set to false if the scan failed." }, { "displayName": "ScanResult", @@ -46,7 +48,8 @@ "other" ], "type": "shortText", - "width": 150 + "width": 150, + "_comment":"Mandatory: Set to REMEDIATED or UNREMEDIATED based on the result of the scan." }, { "displayName": "TimeStamp", @@ -59,7 +62,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment":"Mandatory: Current timestamp the scan was seen completed by the playbook." }, { "displayName": "ScanState", @@ -72,14 +76,15 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment":"Mandatory: The status of the scan. Ex: SUCCESS, IN_PROGRESS, FAILED_ERROR, FAILED_TIMEOUT." } ], "content": true, "defaultRows": [ {} ], - "description": "Pre/Post remediation scan to check if service is still detectable", + "description": "A post remediation scan to check if service is still detectable.", "editForm": true, "group": 0, "hidden": false, diff --git a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Service_Owner.json b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Service_Owner.json index 6a33905ed2ec..c245184d174d 100644 --- a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Service_Owner.json +++ b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Service_Owner.json @@ -15,7 +15,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Optional: Name of service owner. Either name or email will be present." }, { "displayName": "Email", @@ -28,7 +29,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Optional: Email address of service owner. Either name or email will be present." }, { "displayName": "Source", @@ -41,7 +43,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Where this service owner was found from based on data from integrations." }, { "displayName": "Timestamp", @@ -54,7 +57,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Current timestamp the user was found by the playbook." }, { "displayName": "Ranking Score", @@ -67,7 +71,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Score for how likely a the user is a service owner." }, { "displayName": "Justification", @@ -80,7 +85,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Same as source, subject to change in the future." } ], "content": true, diff --git a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Service_Owner_Unranked_Raw.json b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Service_Owner_Unranked_Raw.json index 7235dd3fdc35..9d8f7911bff6 100644 --- a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Service_Owner_Unranked_Raw.json +++ b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Service_Owner_Unranked_Raw.json @@ -15,7 +15,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Optional: Name of service owner. Either name or email will be present." }, { "displayName": "Email", @@ -28,7 +29,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Optional: Email address of service owner. Either name or email will be present." }, { "displayName": "Source", @@ -41,7 +43,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Where this service owner was found from based on data from integrations." }, { "displayName": "Timestamp", @@ -54,7 +57,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Current timestamp the user was found by the playbook." } ], "content": true, @@ -63,7 +67,7 @@ {}, {} ], - "description": "Original set of potential service owners gathered through playbook", + "description": "Original set of potential service owners gathered through playbook. This field contains all the service owners collected by the playbook in asmserviceowner as well as additional users that may help identify likely owners (e.g. service accounts).", "editForm": true, "group": 0, "hidden": false, diff --git a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_System_IDs.json b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_System_IDs.json index b9a1b9afc2b3..b898ec0ed03e 100644 --- a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_System_IDs.json +++ b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_System_IDs.json @@ -15,7 +15,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: A key to represent a type of system identifier such as ASSET-NAME or ASSET-ID." }, { "displayName": "ID", @@ -28,7 +29,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: The identifier (UUID) associated with the type that is set." }, { "displayName": "Link", @@ -41,7 +43,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Optional: Link to object (if available)." } ], "content": true, @@ -50,7 +53,7 @@ {}, {} ], - "description": "Related system identifiers", + "description": "Related system identifiers.", "editForm": true, "group": 0, "hidden": false, diff --git a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Tags.json b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Tags.json index af33d709a43a..b9b7a551c784 100644 --- a/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Tags.json +++ b/Packs/CortexAttackSurfaceManagement/IncidentFields/incidentfield-ASM_-_Tags.json @@ -15,7 +15,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: Key of key/value tag or could be a list entry if not key/value format." }, { "displayName": "Value", @@ -28,7 +29,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Optional: Value of key/value tag or n/a if list format. Some CSPs only provide a key." }, { "displayName": "Source", @@ -41,7 +43,8 @@ "script": "", "selectValues": null, "type": "shortText", - "width": 150 + "width": 150, + "_comment": "Mandatory: The source of tag. Ex: ServiceNOW, AWS, GCP, Tenable, etc." } ], "content": true, diff --git a/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_6_39.md b/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_6_39.md new file mode 100644 index 000000000000..8795b9205cf0 --- /dev/null +++ b/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_6_39.md @@ -0,0 +1,22 @@ +#### Incident Fields + +Updated the following fields with a comment field and new descriptions as needed. +- **ASM - Service Detection** +- **ASM - Private IP** +- **ASM - Asset ID** +- **ASM - Playbook Stage** +- **ASM - Remediation Objectives** +- **ASM - Dev Check Details** +- **ASM - Alert Summary** +- **ASM - Remediation Path Rule** +- **ASM - Notification** +- **ASM - Attack Surface Rule ID** +- **ASM - Enrichment Status** +- **ASM - System IDs** +- **ASM - Related** +- **ASM - Data Collection** +- **ASM - Remediation** +- **ASM - Service Owner Unranked Raw** +- **ASM - Tags** +- **ASM - Cloud** +- **ASM - Service Owner** diff --git a/Packs/CortexAttackSurfaceManagement/pack_metadata.json b/Packs/CortexAttackSurfaceManagement/pack_metadata.json index c86ce91e035a..2887e7d95078 100644 --- a/Packs/CortexAttackSurfaceManagement/pack_metadata.json +++ b/Packs/CortexAttackSurfaceManagement/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cortex Attack Surface Management", "description": "Content for working with Attack Surface Management (ASM).", "support": "xsoar", - "currentVersion": "1.6.38", + "currentVersion": "1.6.39", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",