Cryptojacking files to the Cloud Incident Response pack (demisto#28058)

* Move the Cryptojacking files to the CloudIncidentResponse pack * update CloudIncidentResponse RN * update Core RN with BC * added the Cloud Incident Response pack as a dependency to the Core pack * RN fixes * pack ignore * update RN with bc changes to Cortex XDR * marketplace restrictions * update RN * Added the Cloud Incident Response pack as a dependency of the Cortex XDR pack * fix RN * fix RN * fix RN * bump RN * update RN * Alerts handling updates * pack ignore * fix layout * update RN * update RN * update RN * update RN
xsoar-contrib · Aug 2, 2023 · 179ae75 · 179ae75
1 parent 40a2b0a
commit 179ae75
Show file tree

Hide file tree

Showing 33 changed files with 361 additions and 139 deletions.
diff --git a/Packs/CloudIncidentResponse/.pack-ignore b/Packs/CloudIncidentResponse/.pack-ignore
@@ -23,4 +23,19 @@ ignore=GR101
 ignore=RM108
 
 [file:incidentfield-Is_VPN_IP_Address.json]
-ignore=IF113
+ignore=IF113
+
+[file:playbook-XCloud_Cryptomining_-_Set_Verdict.yml]
+ignore=BA101
+
+[file:playbook-XCloud_Cryptomining.yml]
+ignore=BA101
+
+[file:playbook-Cortex_XDR_-_Cloud_Cryptomining_-_Set_Verdict.yml]
+ignore=BA101
+
+[file:playbook-Cortex_XDR_-_Cloud_Cryptomining.yml]
+ignore=BA101
+
+[file:layoutscontainer-Cortex_XDR_-_XCLOUD_Cryptomining.json]
+ignore=BA101
diff --git a/...ner-Cortex_XDR_-_XCLOUD_Cryptomining.json → ...ner-Cortex_XDR_-_XCLOUD_Cryptomining.json b/...ner-Cortex_XDR_-_XCLOUD_Cryptomining.json → ...ner-Cortex_XDR_-_XCLOUD_Cryptomining.json
@@ -322,92 +322,6 @@
                 ],
                 "type": "custom"
             },
-            {
-                "hidden": true,
-                "id": "psvkrie7fh",
-                "name": "Alert Info",
-                "sections": [
-                    {
-                        "displayType": "ROW",
-                        "h": 2,
-                        "hideName": false,
-                        "i": "caseinfoid-psvkrie7fh-field-changed-psvkrie7fh-caseinfoid-swtuqptgvs-075ee440-cc9a-11e9-afca-8792f3871db0",
-                        "items": [
-                            {
-                                "dropEffect": "move",
-                                "endCol": 6,
-                                "fieldId": "xdralerts",
-                                "height": 106,
-                                "id": "1b6eb1e0-cc9a-11e9-afca-8792f3871db0",
-                                "index": 0,
-                                "listId": "swtuqptgvs-075ee440-cc9a-11e9-afca-8792f3871db0",
-                                "sectionItemType": "field",
-                                "startCol": 0
-                            }
-                        ],
-                        "maxW": 3,
-                        "minH": 1,
-                        "moved": false,
-                        "name": "XDR Alerts",
-                        "static": false,
-                        "w": 3,
-                        "x": 0,
-                        "y": 0
-                    },
-                    {
-                        "h": 4,
-                        "hideName": true,
-                        "i": "caseinfoid-psvkrie7fh-field-changed-psvkrie7fh-caseinfoid-e9e2edb0-3af3-11ec-b014-a9a9af2fb426",
-                        "items": [],
-                        "maxW": 3,
-                        "minH": 1,
-                        "moved": false,
-                        "name": "Additional alert information",
-                        "query": "CortexXDRAdditionalAlertInformationWidget",
-                        "queryType": "script",
-                        "static": false,
-                        "type": "dynamic",
-                        "w": 3,
-                        "x": 0,
-                        "y": 2
-                    },
-                    {
-                        "h": 3,
-                        "hideName": true,
-                        "i": "caseinfoid-psvkrie7fh-field-changed-psvkrie7fh-caseinfoid-0a9a5340-3af4-11ec-b014-a9a9af2fb426",
-                        "items": [],
-                        "maxW": 3,
-                        "minH": 1,
-                        "moved": false,
-                        "name": "Identity Information",
-                        "query": "CortexXDRIdentityInformationWidget",
-                        "queryType": "script",
-                        "static": false,
-                        "type": "dynamic",
-                        "w": 1,
-                        "x": 0,
-                        "y": 6
-                    },
-                    {
-                        "h": 3,
-                        "hideName": true,
-                        "i": "caseinfoid-psvkrie7fh-field-changed-psvkrie7fh-caseinfoid-25b394c0-3af4-11ec-b014-a9a9af2fb426",
-                        "items": [],
-                        "maxW": 3,
-                        "minH": 1,
-                        "moved": false,
-                        "name": "Remediation Actions",
-                        "query": "CortexXDRRemediationActionsWidget",
-                        "queryType": "script",
-                        "static": false,
-                        "type": "dynamic",
-                        "w": 2,
-                        "x": 1,
-                        "y": 6
-                    }
-                ],
-                "type": "custom"
-            },
             {
                 "hidden": false,
                 "id": "xmrrsnmlfj",
@@ -1051,14 +965,6 @@
                         "fieldId": "incident_incomingmirrorerror",
                         "isVisible": true
                     },
-                    {
-                        "fieldId": "incident_indicatorstype",
-                        "isVisible": true
-                    },
-                    {
-                        "fieldId": "incident_indicatortypes",
-                        "isVisible": true
-                    },
                     {
                         "fieldId": "incident_investigationstage",
                         "isVisible": true
@@ -1347,14 +1253,6 @@
                         "fieldId": "incident_state",
                         "isVisible": true
                     },
-                    {
-                        "fieldId": "incident_stringsifter",
-                        "isVisible": true
-                    },
-                    {
-                        "fieldId": "incident_stringssimilarity",
-                        "isVisible": true
-                    },
                     {
                         "fieldId": "incident_subcategory",
                         "isVisible": true
@@ -1491,5 +1389,6 @@
     "system": false,
     "version": -1,
     "fromVersion": "6.5.0",
+    "marketplaces": ["xsoar"],
     "description": ""
 }
diff --git a/...ybook-Cortex_XDR_-_Cloud_Cryptomining.yml → ...ybook-Cortex_XDR_-_Cloud_Cryptomining.yml b/...ybook-Cortex_XDR_-_Cloud_Cryptomining.yml → ...ybook-Cortex_XDR_-_Cloud_Cryptomining.yml
@@ -1166,4 +1166,5 @@ inputs:
 outputs: []
 tests:
 - No tests (auto formatted)
+marketplaces: ["xsoar"]
 fromversion: 6.5.0
diff --git a/...DR_-_Cloud_Cryptomining_-_Set_Verdict.yml → ...DR_-_Cloud_Cryptomining_-_Set_Verdict.yml b/...DR_-_Cloud_Cryptomining_-_Set_Verdict.yml → ...DR_-_Cloud_Cryptomining_-_Set_Verdict.yml
@@ -499,4 +499,5 @@ outputs:
 quiet: true
 tests:
 - No tests (auto formatted)
+marketplaces: ["xsoar"]
 fromversion: 6.5.0
diff --git a/...loud_Cryptomining_-_Set_Verdict_README.md → ...loud_Cryptomining_-_Set_Verdict_README.md b/...loud_Cryptomining_-_Set_Verdict_README.md → ...loud_Cryptomining_-_Set_Verdict_README.md
diff --git a/...Cortex_XDR_-_Cloud_Cryptomining_README.md → ...Cortex_XDR_-_Cloud_Cryptomining_README.md b/...Cortex_XDR_-_Cloud_Cryptomining_README.md → ...Cortex_XDR_-_Cloud_Cryptomining_README.md
diff --git a/...laybook-Cortex_XDR_-_Cloud_Enrichment.yml → ...laybook-Cortex_XDR_-_Cloud_Enrichment.yml b/...laybook-Cortex_XDR_-_Cloud_Enrichment.yml → ...laybook-Cortex_XDR_-_Cloud_Enrichment.yml
@@ -986,4 +986,5 @@ outputs:
   type: unknown
 tests:
 - No tests (auto formatted)
+marketplaces: ["xsoar"]
 fromversion: 6.5.0
diff --git a/...k-Cortex_XDR_-_Cloud_Enrichment_README.md → ...k-Cortex_XDR_-_Cloud_Enrichment_README.md b/...k-Cortex_XDR_-_Cloud_Enrichment_README.md → ...k-Cortex_XDR_-_Cloud_Enrichment_README.md
diff --git a/...ooks/playbook-XCloud_Alert_Enrichment.yml → ...ooks/playbook-XCloud_Alert_Enrichment.yml b/...ooks/playbook-XCloud_Alert_Enrichment.yml → ...ooks/playbook-XCloud_Alert_Enrichment.yml
@@ -532,6 +532,5 @@ outputs:
   type: unknown
 tests:
 - No tests (auto formatted)
-marketplaces:
-- marketplacev2
+marketplaces: ["marketplacev2"]
 fromversion: 6.6.0
diff --git a/...laybook-XCloud_Alert_Enrichment_README.md → ...laybook-XCloud_Alert_Enrichment_README.md b/...laybook-XCloud_Alert_Enrichment_README.md → ...laybook-XCloud_Alert_Enrichment_README.md
diff --git a/...laybooks/playbook-XCloud_Cryptomining.yml → ...laybooks/playbook-XCloud_Cryptomining.yml b/...laybooks/playbook-XCloud_Cryptomining.yml → ...laybooks/playbook-XCloud_Cryptomining.yml
diff --git a/...ook-XCloud_Cryptomining_-_Set_Verdict.yml → ...ook-XCloud_Cryptomining_-_Set_Verdict.yml b/...ook-XCloud_Cryptomining_-_Set_Verdict.yml → ...ook-XCloud_Cryptomining_-_Set_Verdict.yml
diff --git a/...loud_Cryptomining_-_Set_Verdict_README.md → ...loud_Cryptomining_-_Set_Verdict_README.md b/...loud_Cryptomining_-_Set_Verdict_README.md → ...loud_Cryptomining_-_Set_Verdict_README.md
diff --git a/...ks/playbook-XCloud_Cryptomining_README.md → ...ks/playbook-XCloud_Cryptomining_README.md b/...ks/playbook-XCloud_Cryptomining_README.md → ...ks/playbook-XCloud_Cryptomining_README.md
diff --git a/Packs/CloudIncidentResponse/ReleaseNotes/1_0_4.md b/Packs/CloudIncidentResponse/ReleaseNotes/1_0_4.md
@@ -0,0 +1,34 @@
+
+#### Playbooks
+
+##### New: Cortex XDR - Cloud Enrichment
+
+- Moved the playbook from the Cortex XDR pack to the Cloud Incident Response pack.
+
+##### New: Cortex XDR - XCloud Cryptojacking
+
+- Moved the playbook from the Cortex XDR pack to the Cloud Incident Response pack.
+
+##### New: Cortex XDR - XCloud Cryptojacking - Set Verdict
+
+- Moved the playbook from the Cortex XDR pack to the Cloud Incident Response pack.
+
+##### XCloud Cryptojacking
+
+- Moved the playbook from the Core pack to the Cloud Incident Response pack.
+##### XCloud Alert Enrichment
+
+- Moved the playbook from the Core pack to the Cloud Incident Response pack.
+##### XCloud Cryptojacking - Set Verdict
+
+- Moved the playbook from the Core pack to the Cloud Incident Response pack.
+
+#### Triggers Recommendations
+
+- New: **XCloud Cryptojacking**
+
+#### Layouts
+
+##### New: Cortex XDR - XCLOUD Cryptojacking
+
+- Moved the layout from the Cortex XDR pack to the Cloud Incident Response pack.
diff --git a/...ggers/Trigger_-_XCloud_Cryptojacking.json → ...ggers/Trigger_-_XCloud_Cryptojacking.json b/...ggers/Trigger_-_XCloud_Cryptojacking.json → ...ggers/Trigger_-_XCloud_Cryptojacking.json
diff --git a/...files/Cortex_XDR_-_Cloud_Cryptomining.png → ...files/Cortex_XDR_-_Cloud_Cryptomining.png b/...files/Cortex_XDR_-_Cloud_Cryptomining.png → ...files/Cortex_XDR_-_Cloud_Cryptomining.png
diff --git a/...c_files/Cortex_XDR_-_Cloud_Enrichment.png → ...c_files/Cortex_XDR_-_Cloud_Enrichment.png b/...c_files/Cortex_XDR_-_Cloud_Enrichment.png → ...c_files/Cortex_XDR_-_Cloud_Enrichment.png
diff --git a/...rtex_XDR_-_Cryptomining_-_Set_Verdict.png → ...rtex_XDR_-_Cryptomining_-_Set_Verdict.png b/...rtex_XDR_-_Cryptomining_-_Set_Verdict.png → ...rtex_XDR_-_Cryptomining_-_Set_Verdict.png
diff --git a/...ore/doc_files/XCloud_Alert_Enrichment.png → ...nse/doc_files/XCloud_Alert_Enrichment.png b/...ore/doc_files/XCloud_Alert_Enrichment.png → ...nse/doc_files/XCloud_Alert_Enrichment.png
diff --git a/Packs/Core/doc_files/XCloud_Cryptomining.png → ...esponse/doc_files/XCloud_Cryptomining.png b/Packs/Core/doc_files/XCloud_Cryptomining.png → ...esponse/doc_files/XCloud_Cryptomining.png
diff --git a/...les/XCloud_Cryptomining_-_Set_Verdict.png → ...les/XCloud_Cryptomining_-_Set_Verdict.png b/...les/XCloud_Cryptomining_-_Set_Verdict.png → ...les/XCloud_Cryptomining_-_Set_Verdict.png
diff --git a/Packs/CloudIncidentResponse/pack_metadata.json b/Packs/CloudIncidentResponse/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Cloud Incident Response",
     "description": "This content Pack helps you automate collection, investigation, and remediation of incidents related to cloud infrastructure activities in AWS, Azure, and GCP.",
     "support": "xsoar",
-    "currentVersion": "1.0.3",
+    "currentVersion": "1.0.4",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/Core/ReleaseNotes/2_0_0.json b/Packs/Core/ReleaseNotes/2_0_0.json
@@ -0,0 +1 @@
+{"breakingChanges":true,"breakingChangesNotes":"**Important Note**:The following playbooks have been moved to the 'Cloud Incident Response' pack. The 'Cloud Incident Resopnse' pack will be installed as a dependency of the 'Core' pack."}
diff --git a/Packs/Core/ReleaseNotes/2_0_0.md b/Packs/Core/ReleaseNotes/2_0_0.md
@@ -0,0 +1,3 @@
+##### Core
+
+- **Important Note**: The following playbooks: **XCloud Cryptojacking**, **XCloud Cryptojacking - Set Verdict** and **XCloud Alert Enrichment**, and the **XCloud Cryptojacking trigger** have been moved to the 'Cloud Incident Response' pack. The 'Cloud Incident Response' pack will be installed as a dependency of the 'Core' pack.
diff --git a/Packs/Core/pack_metadata.json b/Packs/Core/pack_metadata.json
@@ -2,13 +2,19 @@
     "name": "Core - Investigation and Response",
     "description": "Automates incident response",
     "support": "xsoar",
-    "currentVersion": "1.4.4",
+    "currentVersion": "2.0.0",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",
     "categories": [
         "Endpoint"
     ],
+    "dependencies": {
+        "CloudIncidentResponse": {
+            "mandatory": true,
+            "display_name": "Cloud Incident Response"
+        }
+    },
     "excludedDependencies": [
         "Dropbox"
     ],

diff --git a/Packs/CortexXDR/.pack-ignore b/Packs/CortexXDR/.pack-ignore
@@ -67,15 +67,6 @@ ignore=PB121
 [file:Cortex_XDR_incident_handling_v3.yml]
 ignore=PB121
 
-[file:playbook-Cortex_XDR_-_Cloud_Cryptomining_-_Set_Verdict.yml]
-ignore=BA101
-
-[file:playbook-Cortex_XDR_-_Cloud_Cryptomining.yml]
-ignore=BA101
-
-[file:layoutscontainer-Cortex_XDR_-_XCLOUD_Cryptomining.json]
-ignore=BA101
-
 [file:Cortex_XDR_incident_handling_v2_README.md]
 ignore=RM106