[Marketplace Contribution] ExtraHop Reveal(x) - Content Pack Update (d…

…emisto#27587) (demisto#27760)

* "contribution update to pack "ExtraHop Reveal(x)""

* Update 2_2_0.md

* Fix flake8 line too long error.

* Revert type to title

* Update docker image.

* Revert marketplace changes to yml file.

---------

Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com>
Co-authored-by: RFC1918 <61937657+RFC1918-hub@users.noreply.github.com>
Co-authored-by: Danny_Fried <dfried@paloaltonetworks.com>

Packs/ExtraHop/Integrations/ExtraHop_v2/ExtraHop_v2.py

@@ -1,3 +1,6 @@
+import demistomock as demisto  # noqa: F401
+from CommonServerPython import *  # noqa: F401
+
 import json
 import traceback
 from collections import defaultdict
@@ -7,7 +10,6 @@
 
 import urllib3
 
-from CommonServerPython import *
 
 # Disable insecure warnings
 urllib3.disable_warnings()
@@ -69,6 +71,13 @@
     "3": "acknowledged"  # archived
 }
 
+TICKET_SEVERITY = {
+    "0-39": 1,  # low
+    "40-69": 2,  # medium
+    "70-89": 3,  # high
+    "90-100": 4  # critical
+}
+
 VALID_ALERT_RULE_REFIRE_INTERVALS = ["300", "600", "900", "1800", "3600", "7200", "14400"]
 
 VALID_ALERT_RULE_TYPE = ["threshold", "detection"]
@@ -1446,6 +1455,8 @@ def fetch_extrahop_detections(client: ExtraHopClient, advanced_filter: Dict, las
                         'name': str(detection.get("type", "")),
                         'occurred': datetime.utcfromtimestamp(detection['start_time'] / 1000).strftime(
                             DATE_FORMAT),
+                        'severity': next((severity for range_str, severity in TICKET_SEVERITY.items() if
+                                          detection.get("risk_score") in range(*map(int, range_str.split("-")))), None),
                         'rawJSON': json.dumps(detection)
                     }
                     incidents.append(incident)

Packs/ExtraHop/Integrations/ExtraHop_v2/ExtraHop_v2.yml

@@ -5473,7 +5473,7 @@ script:
     description: Use extrahop-packets-search instead. Search for specific packets in Reveal(x).
     execution: false
     name: extrahop-search-packets
-  dockerimage: demisto/python3:3.10.11.61265
+  dockerimage: demisto/python3:3.10.12.63474
   feed: false
   isfetch: true
   longRunning: false

Packs/ExtraHop/ReleaseNotes/2_2_0.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### ExtraHop Reveal(x)
+- Updated the Docker image to: *demisto/python3:3.10.12.63474*.
+- Updated ***fetch_incidents*** to incorporate severity from detection risk score.

Packs/ExtraHop/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "ExtraHop Reveal(x)",
     "description": "Network detection and response. Complete visibility of network communications at enterprise scale, real-time threat detections backed by machine learning, and guided investigation workflows that simplify response.",
     "support": "partner",
-    "currentVersion": "2.1.1",
+    "currentVersion": "2.2.0",
     "author": "ExtraHop",
     "url": "",
     "email": "support@extrahop.com",