Revert "Group-IB hot fix integration (#30470)"

This reverts commit f43de9f.
demisto · Nov 13, 2023 · 54ac41d · 54ac41d
1 parent f43de9f
commit 54ac41d
Show file tree

Hide file tree

Showing 15 changed files with 833 additions and 1,931 deletions.
diff --git a/...ThreatIntelligenceAttribution/IncidentTypes/incidenttype-GIB_Brand_Protection_Domain.json b/...ThreatIntelligenceAttribution/IncidentTypes/incidenttype-GIB_Brand_Protection_Domain.json
@@ -0,0 +1,44 @@
+{
+    "autorun": true,
+    "color": "#8052f3",
+    "days": 0,
+    "daysR": 0,
+    "default": false,
+    "detached": false,
+    "disabled": false,
+    "extractSettings": {
+        "fieldCliNameToExtractSettings": {
+            "alertcategory": {
+                "extractAsIsIndicatorTypeId": "",
+                "extractIndicatorTypesIDs": [],
+                "isExtractingAllIndicatorTypes": false
+            },
+            "gibphishingdomain": {
+                "extractAsIsIndicatorTypeId": "domainRepUnified",
+                "extractIndicatorTypesIDs": [],
+                "isExtractingAllIndicatorTypes": false
+            },
+            "gibrelatedindicatorsdata": {
+                "extractAsIsIndicatorTypeId": "",
+                "extractIndicatorTypesIDs": [],
+                "isExtractingAllIndicatorTypes": true
+            }
+        },
+        "mode": "Specific"
+    },
+    "hours": 0,
+    "hoursR": 0,
+    "id": "GIB Brand Protection Domain",
+    "layout": "GIB Brand Protection Domain Layout",
+    "locked": false,
+    "name": "GIB Brand Protection Domain",
+    "onChangeRepAlg": 2,
+    "playbookId": "Incident Postprocessing - Group-IB Threat Intelligence & Attribution",
+    "readonly": false,
+    "reputationCalc": 2,
+    "system": false,
+    "version": -1,
+    "weeks": 0,
+    "weeksR": 0,
+    "fromVersion": "6.0.0"
+}
diff --git a/Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIBTIA/GroupIBTIA.py b/Packs/GroupIB_ThreatIntelligenceAttribution/Integrations/GroupIBTIA/GroupIBTIA.py
@@ -1,3 +1,8 @@
+
+import demistomock as demisto
+from CommonServerPython import *
+from CommonServerUserPython import *
+
 """ IMPORTS """
 
 import json
@@ -35,9 +40,6 @@
                     "add_fields": ["events.cnc.ipv4.asn", "events.cnc.ipv4.countryName", "events.cnc.ipv4.region"],
                     "add_fields_types": ["asn", "geocountry", "geolocation"]
                 },
-                {
-                    "main_field": "events.client.ipv4.ip",
-                }
             ]
     },
     "compromised/card": {
@@ -435,7 +437,7 @@ class Client(BaseClient):
     """
 
     def _create_update_generator(self, collection_name: str, max_requests: int,
-                                 date_from: str | None = None, seq_update: int | str = None,
+                                 date_from: Optional[str] = None, seq_update: Union[int, str] = None,
                                  limit: int = 200) -> Generator:
         """
         Creates generator of lists with feeds class objects for an update session
@@ -837,7 +839,7 @@ def calculate_dbot_score(type_):
         return Common.DBotScore(
             indicator=value,
             indicator_type=type_,
-            integration_name="GIB TI&A",
+            integration_name="GIB TI",
             score=score
         )
 
@@ -1030,13 +1032,16 @@ def fetch_incidents_command(client: Client, last_run: dict, first_fetch_time: st
     :return: next_run will be last_run in the next fetch-incidents; incidents and indicators will be created in Demisto.
     """
     incidents = []
-    next_run: dict[str, dict[str, int | Any]] = {"last_fetch": {}}
+    next_run: dict[str, dict[str, Union[int, Any]]] = {"last_fetch": {}}
     for collection_name in incident_collections:
         last_fetch = last_run.get("last_fetch", {}).get(collection_name)
 
         portions = client.create_poll_generator(collection_name=collection_name, max_requests=requests_count,
                                                 last_fetch=last_fetch, first_fetch_time=first_fetch_time)
         for portion, last_fetch in portions:
+            last_test = last_fetch
+            for last in last_test:
+                set(last)
             for feed in portion:
                 mapping = MAPPING.get(collection_name, {})
                 if collection_name == "compromised/breached":
@@ -1081,7 +1086,7 @@ def fetch_incidents_command(client: Client, last_run: dict, first_fetch_time: st
     return next_run, incidents
 
 
-def get_available_collections_command(client: Client, args):
+def get_available_collections_command(client: Client):
     """
     Returns list of available collections to context and War Room.