Skip to content

Commit

Permalink
update-readme split-3 part (#37320)
Browse files Browse the repository at this point in the history
  • Loading branch information
inbalapt1 authored Nov 26, 2024
1 parent 6dae37f commit 0d99cd2
Show file tree
Hide file tree
Showing 257 changed files with 2,976 additions and 4,091 deletions.
21 changes: 8 additions & 13 deletions Packs/OpenCTI/Integrations/OpenCTI/README.md
Original file line number Diff line number Diff line change
@@ -1,22 +1,18 @@
Manages indicators from OpenCTI.
This integration was tested with version 5.12.17 of OpenCTI.

## Configure OpenCTI on Cortex XSOAR
## Configure OpenCTI in Cortex

1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
2. Search for OpenCTI.
3. Click **Add instance** to create and configure a new integration instance.

| **Parameter** | **Required** |
| --- | --- |
| Base URL | True |
| API Key (leave empty. Fill in the API key in the password field.) | False |
| Trust any certificate (not secure) | False |
| Use system proxy settings | False |
| **Parameter** | **Required** |
| --- | --- |
| Base URL | True |
| API Key (leave empty. Fill in the API key in the password field.) | False |
| Trust any certificate (not secure) | False |
| Use system proxy settings | False |

4. Click **Test** to validate the URLs, token, and connection.
## Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
You can execute these commands from the CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.
### opencti-get-indicators
***
Expand Down Expand Up @@ -634,4 +630,3 @@ Get a list of all marking definitions.
>|---|---|
>| TLP:GREEN | dc911977-796a-4d96-95e4-615bd1c41263 |
>| TLP:AMBER | 9128e411-c759-4af0-aeb0-b65f12082648 |
24 changes: 10 additions & 14 deletions Packs/OpenCVE/Integrations/OpenCVE/README.md
Original file line number Diff line number Diff line change
@@ -1,24 +1,20 @@
Ingests CVEs from an instance of OpenCVE.

## Configure OpenCVE on Cortex XSOAR
## Configure OpenCVE in Cortex

1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
2. Search for OpenCVE.
3. Click **Add instance** to create and configure a new integration instance.

| **Parameter** | **Description** | **Required** |
| --- | --- | --- |
| Server URL | | True |
| Username | | True |
| Password | | True |
| Source Reliability | Reliability of the source providing the intelligence data. | True |
| Trust any certificate (not secure) | | False |
| **Parameter** | **Description** | **Required** |
| --- | --- | --- |
| Server URL | | True |
| Username | | True |
| Password | | True |
| Source Reliability | Reliability of the source providing the intelligence data. | True |
| Trust any certificate (not secure) | | False |

4. Click **Test** to validate the URLs, token, and connection.

## Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
You can execute these commands from the CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.

### opencve-latest
Expand Down Expand Up @@ -254,4 +250,4 @@ List the products associated to a vendor or get a specific product of a vendor b

| **Path** | **Type** | **Description** |
| --- | --- | --- |
| vendors | unknown | Vendors. |
| vendors | unknown | Vendors. |
20 changes: 8 additions & 12 deletions Packs/OpenPhish/Integrations/OpenPhish_v2/README.md
Original file line number Diff line number Diff line change
@@ -1,20 +1,16 @@
OpenPhish uses proprietary Artificial Intelligence algorithms to automatically identify zero-day phishing sites and provide comprehensive, actionable, real-time threat intelligence.
## Configure OpenPhish_v2 on Cortex XSOAR
## Configure OpenPhish_v2 in Cortex

1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
2. Search for OpenPhish v2.
3. Click **Add instance** to create and configure a new integration instance.

| **Parameter** | **Description** | **Required** |
| --- | --- | --- |
| https | Use HTTPS connection | False |
| fetchIntervalHours | Database refresh interval \(hours\) | False |
| proxy | Use system proxy settings | False |
| insecure | Trust any certificate \(not secure\) | False |
| **Parameter** | **Description** | **Required** |
| --- | --- | --- |
| https | Use HTTPS connection | False |
| fetchIntervalHours | Database refresh interval \(hours\) | False |
| proxy | Use system proxy settings | False |
| insecure | Trust any certificate \(not secure\) | False |

4. Click **Test** to validate the URLs, token, and connection.
## Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
You can execute these commands from the CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.
### url
***
Expand Down
20 changes: 8 additions & 12 deletions Packs/OpenSourceVulnerabilities/Integrations/OSV/README.md
Original file line number Diff line number Diff line change
@@ -1,22 +1,18 @@
OSV (Open Source Vulnerability) is a vulnerability database for open source projects. For each vulnerability, it perform bisects to figure out the exact commit that introduces the bug, as well the exact commit that fixes it. This is cross referenced against upstream repositories to figure out the affected tags and commit ranges

## Configure OSV on Cortex XSOAR
## Configure OSV in Cortex

1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
2. Search for OSV.
3. Click **Add instance** to create and configure a new integration instance.

| **Parameter** | **Required** |
| --- | --- |
| Server URL (e.g. https://api.osv.dev) | True |
| Trust any certificate (not secure) | |
| Use system proxy settings | |
| **Parameter** | **Required** |
| --- | --- |
| Server URL (e.g. https://api.osv.dev) | True |
| Trust any certificate (not secure) | |
| Use system proxy settings | |

4. Click **Test** to validate the URLs, token, and connection.

## Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
You can execute these commands from the CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.

### osv-get-vuln-by-id
Expand Down Expand Up @@ -112,4 +108,4 @@ Query vulnerabilities for a particular project based on package name and verion
| OSV.VulnerabilityList.vulns.affected.ranges.events.introduced | string | The earliest version/commit where this vulnerability was introduced in. |
| OSV.VulnerabilityList.vulns.affected.ranges.events.fixed | string | The version/commit that this vulnerability was fixed in. |
| OSV.VulnerabilityList.vulns.affected.ranges.events.limit | string | The limit to apply to the range. |
| OSV.VulnerabilityList.vulns.references.url | string | Reference URL for more details. |
| OSV.VulnerabilityList.vulns.references.url | string | Reference URL for more details. |
46 changes: 21 additions & 25 deletions Packs/OpsGenie/Integrations/OpsGenieV3/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,31 +4,27 @@ This integration was integrated and tested with OpsGenie.
Some changes have been made that might affect your existing content.
If you are upgrading from a previous of this integration, see [Breaking Changes](#breaking-changes-from-the-previous-version-of-this-integration-opsgenie-v3).

## Configure OpsGenie v3 on Cortex XSOAR

1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
2. Search for OpsGenie v3.
3. Click **Add instance** to create and configure a new integration instance.

| **Parameter** | **Description** | **Required** |
| --- | --- | --- |
| Server URL (e.g., https://api.opsgenie.com) | | True |
| API Token | | False |
| Fetch incidents | | False |
| First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days) | | False |
| Max Fetch | | False |
| Event types | Fetch only events with selected event types. | False |
| Status | Fetch only events with selected status. If query is used, this parameter will be overridden. | False |
| Priority | Fetch only events with selected priority. If query is used, this parameter will be overridden. | False |
| Tags | Fetch only events with selected tags. If query is used, this parameter will be overridden. | False |
| Query | Query parameters will be used as URL encoded values for “query” key. i.e. 'https://api.opsgenie.com/v2/alerts?query=status%3Aopenor%20acknowledged%3Atrue&limit=10&sort=createdAt' | False |
| Incident type | | False |
| Trust any certificate (not secure) | | False |
| Use system proxy settings | | False |

4. Click **Test** to validate the URLs, token, and connection.
## Configure OpsGenie v3 in Cortex


| **Parameter** | **Description** | **Required** |
| --- | --- | --- |
| Server URL (e.g., https://api.opsgenie.com) | | True |
| API Token | | False |
| Fetch incidents | | False |
| First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days) | | False |
| Max Fetch | | False |
| Event types | Fetch only events with selected event types. | False |
| Status | Fetch only events with selected status. If query is used, this parameter will be overridden. | False |
| Priority | Fetch only events with selected priority. If query is used, this parameter will be overridden. | False |
| Tags | Fetch only events with selected tags. If query is used, this parameter will be overridden. | False |
| Query | Query parameters will be used as URL encoded values for “query” key. i.e. 'https://api.opsgenie.com/v2/alerts?query=status%3Aopenor%20acknowledged%3Atrue&limit=10&sort=createdAt' | False |
| Incident type | | False |
| Trust any certificate (not secure) | | False |
| Use system proxy settings | | False |

## Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
You can execute these commands from the CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.
### opsgenie-create-alert
***
Expand Down Expand Up @@ -1954,4 +1950,4 @@ Adds details to an OpsGenie Alert.
| OpsGenie.AddAlertDetails.processedAt | Date | When the request was processed. |
| OpsGenie.AddAlertDetails.requestId | String | The ID of the request. |
| OpsGenie.AddAlertDetails.status | String | The human readable result of the request. |
| OpsGenie.AddAlertDetails.success | Boolean | Whether the request was successful. |
| OpsGenie.AddAlertDetails.success | Boolean | Whether the request was successful. |
20 changes: 8 additions & 12 deletions Packs/Opsgeniev2/Integrations/Opsgeniev2/README.md
Original file line number Diff line number Diff line change
@@ -1,21 +1,17 @@
Integration with Atlassian OpsGenie V2
This integration was integrated and tested with version 1.0.0 of Opsgeniev2
## Configure Opsgeniev2 on Cortex XSOAR
## Configure Opsgeniev2 in Cortex

1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
2. Search for Opsgeniev2.
3. Click **Add instance** to create and configure a new integration instance.

| **Parameter** | **Description** | **Required** |
| --- | --- | --- |
| Server URL (e.g. https://example.net) | | True |
| Trust any certificate (not secure) | | False |
| Use system proxy settings | | False |
| API Token | Must be created from the Teams API Integration section. | False |
| **Parameter** | **Description** | **Required** |
| --- | --- | --- |
| Server URL (e.g. https://example.net) | | True |
| Trust any certificate (not secure) | | False |
| Use system proxy settings | | False |
| API Token | Must be created from the Teams API Integration section. | False |

4. Click **Test** to validate the URLs, token, and connection.
## Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
You can execute these commands from the CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.
### list-alerts
***
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,8 @@ Audit log events can be used for security audits, to track usage of and changes
[Oracle Cloud Infrastructure Audit Logs API documentation](https://docs.oracle.com/en-us/iaas/Content/Logging/Concepts/audit_logs.htm)
[Oracle Cloud Infrastructure Audit API Endpoints (available Regions)](https://docs.oracle.com/en-us/iaas/api/#/en/audit/20190901)

## Configure Oracle Cloud Infrastructure Event Collector on Cortex XSIAM
## Configure Oracle Cloud Infrastructure Event Collector in Cortex

1. Navigate to **Settings** > **Configurations** > **Automation & Feed Integrations**.
2. Search for *Oracle Cloud Infrastructure*.
3. Click **Add instance** to create and configure a new integration instance.

#### OCI Related Parameters
Oracle Cloud Infrastructure SDKs and CLI require basic configuration information, which is achieved by using configuration parameters either with a configuration file or a runtime defined configuration dictionary. This integration uses the runtime defined configuration dictionary.
Expand All @@ -28,9 +25,8 @@ More about OCI configuration [here](https://docs.oracle.com/en-us/iaas/Content/A
| Trust any certificate (not secure) | Use SSL secure connection or ‘None’. | False |
| User system proxy settings | Runs the integration instance using the proxy server (HTTP or HTTPS) that you defined in the server configuration. | False |

4. Click **Test** to validate the URLs, tokens, and connection.
## Commands
You can execute the following command from the Cortex XSIAM CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
You can execute the following command from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

#### oracle-cloud-infrastructure-get-events
***
Expand All @@ -45,4 +41,3 @@ Manual command to fetch and display events.
| **Argument Name** | **Description** | **Required** |
| --- | --- | --- |
| should_push_events | Set this argument to true in order to create events, otherwise the command will only display them. Default is false. | True |

Original file line number Diff line number Diff line change
@@ -1,32 +1,28 @@
Oracle Cloud Infrastructure Feed (OCI Feed)
This feed provides information about public IP address ranges for services that are deployed in Oracle Cloud Infrastructure.
## Configure Oracle Cloud Infrastructure Feed on Cortex XSOAR

1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
2. Search for Oracle Cloud Infrastructure Feed.
3. Click **Add instance** to create and configure a new integration instance.

| **Parameter** | **Description** | **Required** |
| --- | --- | --- |
| Fetch indicators | | False |
| Server's URL | | True |
| Indicator Reputation | Indicators from this integration instance will be marked with this reputation | False |
| Source Reliability | Reliability of the source providing the intelligence data | True |
| Traffic Light Protocol Color | The Traffic Light Protocol \(TLP\) designation to apply to indicators fetched from the feed | False |
| Feed Fetch Interval | | False |
| Bypass exclusion list | When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system. | False |
| Trust any certificate (not secure) | | False |
| Use system proxy settings | | False |
| | | False |
| | | False |
| Tags | Supports CSV values. | False |
| Create relationships | | False |

4. Click **Test** to validate the URLs, token, and connection.
## Configure Oracle Cloud Infrastructure Feed in Cortex


| **Parameter** | **Description** | **Required** |
| --- | --- | --- |
| Fetch indicators | | False |
| Server's URL | | True |
| Indicator Reputation | Indicators from this integration instance will be marked with this reputation | False |
| Source Reliability | Reliability of the source providing the intelligence data | True |
| Traffic Light Protocol Color | The Traffic Light Protocol \(TLP\) designation to apply to indicators fetched from the feed | False |
| Feed Fetch Interval | | False |
| Bypass exclusion list | When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system. | False |
| Trust any certificate (not secure) | | False |
| Use system proxy settings | | False |
| | | False |
| | | False |
| Tags | Supports CSV values. | False |
| Create relationships | | False |


## Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
You can execute these commands from the CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.

### oci-get-indicators
Expand All @@ -46,4 +42,4 @@ Gets indicators from the feed.

#### Context Output

There is no context output for this command.
There is no context output for this command.
44 changes: 20 additions & 24 deletions Packs/Oracle_IAM/Integrations/OracleIAM/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,30 +12,26 @@ Integrate with Oracle Identity Access Management service to execute CRUD (create

For more information, refer to the [Identity Lifecycle Management article](https://xsoar.pan.dev/docs/reference/articles/identity-lifecycle-management).

## Configure OracleIAM on Cortex XSOAR

1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
2. Search for OracleIAM.
3. Click **Add instance** to create and configure a new integration instance.

| **Parameter** | **Required** |
| --- | --- |
| Base URL | True |
| Username | True |
| Password | True |
| Allow creating users | False |
| Allow updating users | False |
| Allow enabling users | False |
| Allow disabling users | False |
| Automatically create user if not found in update command | False |
| Incoming Mapper | True |
| Outgoing Mapper | True |
| Trust any certificate (not secure) | False |
| Use system proxy settings | False |

4. Click **Test** to validate the URLs, token, and connection.
## Configure OracleIAM in Cortex


| **Parameter** | **Required** |
| --- | --- |
| Base URL | True |
| Username | True |
| Password | True |
| Allow creating users | False |
| Allow updating users | False |
| Allow enabling users | False |
| Allow disabling users | False |
| Automatically create user if not found in update command | False |
| Incoming Mapper | True |
| Outgoing Mapper | True |
| Trust any certificate (not secure) | False |
| Use system proxy settings | False |

## Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
You can execute these commands from the CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.
### iam-create-user
***
Expand Down Expand Up @@ -750,4 +746,4 @@ Updates an existing group resource. This command allows individual (or groups of
>### Oracle Cloud Update Group:
>|brand|id|instanceName|success|
>|---|---|---|---|
>| OracleIAM | 121212 | OracleIAM_instance_1 | true |
>| OracleIAM | 121212 | OracleIAM_instance_1 | true |
Loading

0 comments on commit 0d99cd2

Please sign in to comment.