diff --git a/Packs/AWS-SecurityHub/Integrations/AWS_SecurityHub/AWS_SecurityHub.py b/Packs/AWS-SecurityHub/Integrations/AWS_SecurityHub/AWS_SecurityHub.py
index 2350707c6e34..5fa06ff81281 100644
--- a/Packs/AWS-SecurityHub/Integrations/AWS_SecurityHub/AWS_SecurityHub.py
+++ b/Packs/AWS-SecurityHub/Integrations/AWS_SecurityHub/AWS_SecurityHub.py
@@ -549,7 +549,7 @@ def parse_filter_field(string_filters) -> dict:
try:
filters_list = string_filters.split(';')
filters = {split_str[0].split('=')[1]: [{'Value': split_str[1].split('=')[1],
- 'Comparison':split_str[2].split('=')[1].upper()}]
+ 'Comparison': split_str[2].split('=')[1].upper()}]
for split_str in [filter_str.split(',') for filter_str in filters_list]}
except Exception:
demisto.error(f'Failed parsing filters: {string_filters}\n error: {Exception}')
diff --git a/Packs/AWS-SecurityHub/Integrations/AWS_SecurityHub/AWS_SecurityHub.yml b/Packs/AWS-SecurityHub/Integrations/AWS_SecurityHub/AWS_SecurityHub.yml
index 086f4d338972..cdd20390074c 100644
--- a/Packs/AWS-SecurityHub/Integrations/AWS_SecurityHub/AWS_SecurityHub.yml
+++ b/Packs/AWS-SecurityHub/Integrations/AWS_SecurityHub/AWS_SecurityHub.yml
@@ -236,7 +236,7 @@ script:
- description: The identifier of the finding that was specified by the finding. Can be retrieved using the 'aws-securityhub-get-findings' command provider.
name: finding_identifiers_id
required: true
- - description: The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration. Can be retrieved using the 'aws-securityhub-get-findings' command
+ - description: The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration. Can be retrieved using the 'aws-securityhub-get-findings' command.
name: finding_identifiers_product_arn
required: true
- description: The updated note text.
@@ -260,7 +260,7 @@ script:
- TRUE_POSITIVE
- FALSE_POSITIVE
- BENIGN_POSITIVE
- - description: "One or more finding types in the format of namespace/category/classifier that classify a finding. Valid namespace values are as follows. * Software and Configuration Checks * TTPs * Effects * Unusual Behaviors * Sensitive Data Identifications"
+ - description: "One or more finding types in the format of namespace/category/classifier that classify a finding. Valid namespace values are as follows. * Software and Configuration Checks * TTPs * Effects * Unusual Behaviors * Sensitive Data Identifications."
name: types
- description: A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
name: user_defined_fields
@@ -308,7 +308,7 @@ script:
name: roleSessionDuration
- description: Override arguments and send a formatted JSON file.
name: raw_json
- - description: 'List of Tags separated by Key Value. For example: "key=key1,value=value1;key=key2,value=value2"'
+ - description: 'List of Tags separated by Key Value. For example: "key=key1,value=value1;key=key2,value=value2".'
name: tags
description: Enables Security Hub for your account in the current Region or the Region you specify in the request. Enabling Security Hub also enables the CIS AWS Foundations standard. When you enable Security Hub, you grant to Security Hub the permissions necessary to gather findings from AWS Config, Amazon GuardDuty, Amazon Inspector, and Amazon Macie. To learn more, see Setting Up AWS Security Hub.
name: aws-securityhub-enable-security-hub
@@ -326,7 +326,7 @@ script:
- description: The string filter value.
name: product_arn_value
- auto: PREDEFINED
- description: The condition to be applied to a string value when querying for findings
+ description: The condition to be applied to a string value when querying for findings.
name: product_arn_comparison
predefined:
- EQUALS
@@ -875,7 +875,7 @@ script:
description: The AWS account ID that a finding is generated in.
type: string
- contextPath: AWS-SecurityHub.Findings.Types
- description: 'One or more finding types in the format of namespace/category/classifier that classify a finding. Valid namespace values are as follows. Software and Configuration Checks, TTPs, Effects, Unusual Behaviors, Sensitive Data Identifications'
+ description: 'One or more finding types in the format of namespace/category/classifier that classify a finding. Valid namespace values are as follows. Software and Configuration Checks, TTPs, Effects, Unusual Behaviors, Sensitive Data Identifications.'
type: Unknown
- contextPath: AWS-SecurityHub.Findings.FirstObservedAt
description: An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.
@@ -1476,7 +1476,7 @@ script:
- description: Override arguments and send a formatted JSON file.
name: raw_json
- auto: PREDEFINED
- description: Specifies which member accounts the response includes based on their relationship status with the master account. The default value is TRUE. If onlyAssociated is set to TRUE, the response includes member accounts whose relationship status with the master is set to ENABLED or DISABLED. If onlyAssociated is set to FALSE, the response includes all existing member accounts.
+ description: Specifies which member accounts the response includes based on their relationship status with the master account. The default value is TRUE. If onlyAssociated is set to TRUE, the response includes member accounts whose relationship status with the master is set to ENABLED or DISABLED. If onlyAssociated is set to FALSE, the response includes all existing member accounts.
.
name: only_associated
predefined:
- 'True'
@@ -2068,7 +2068,7 @@ script:
description: The UTC timestamp in seconds since the last update. The incident is only updated if it was modified after the last update time.
- name: get-mapping-fields
description: Returns the list of fields to map in outgoing mirroring. This command is only used for debugging purposes.
- dockerimage: demisto/boto3py3:1.0.0.72851
+ dockerimage: demisto/boto3py3:1.0.0.79189
isfetch: true
ismappable: true
isremotesyncin: true
diff --git a/Packs/AWS-SecurityHub/ReleaseNotes/1_3_15.md b/Packs/AWS-SecurityHub/ReleaseNotes/1_3_15.md
new file mode 100644
index 000000000000..393a6da84131
--- /dev/null
+++ b/Packs/AWS-SecurityHub/ReleaseNotes/1_3_15.md
@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### AWS - Security Hub
+
+- Updated the Docker image to: *demisto/boto3py3:1.0.0.79189*.
diff --git a/Packs/AWS-SecurityHub/pack_metadata.json b/Packs/AWS-SecurityHub/pack_metadata.json
index 29c4fce7fb00..a771828d3081 100644
--- a/Packs/AWS-SecurityHub/pack_metadata.json
+++ b/Packs/AWS-SecurityHub/pack_metadata.json
@@ -2,7 +2,7 @@
"name": "AWS - Security Hub",
"description": "Amazon Web Services Security Hub Service.",
"support": "xsoar",
- "currentVersion": "1.3.14",
+ "currentVersion": "1.3.15",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
diff --git a/Packs/CommunityCommonScripts/ReleaseNotes/1_1_1.md b/Packs/CommunityCommonScripts/ReleaseNotes/1_1_1.md
new file mode 100644
index 000000000000..43ec6eaf0559
--- /dev/null
+++ b/Packs/CommunityCommonScripts/ReleaseNotes/1_1_1.md
@@ -0,0 +1,6 @@
+
+#### Scripts
+
+##### ExtFilter
+
+- Updated the Docker image to: *demisto/python3:3.10.13.78960*.
diff --git a/Packs/CommunityCommonScripts/Scripts/ExtFilter/ExtFilter.py b/Packs/CommunityCommonScripts/Scripts/ExtFilter/ExtFilter.py
index d6e64db1a2f0..67c3d25aa5af 100644
--- a/Packs/CommunityCommonScripts/Scripts/ExtFilter/ExtFilter.py
+++ b/Packs/CommunityCommonScripts/Scripts/ExtFilter/ExtFilter.py
@@ -936,7 +936,7 @@ def filter_with_expressions(self,
r, conds, path, True) for r in root] if v])
elif not isinstance(root, dict):
return None
- (parent, parent_path),\
+ (parent, parent_path), \
(child, child_name) = get_parent_child(root, path)
for x in self.__conds_items(conds, root):
diff --git a/Packs/CommunityCommonScripts/Scripts/ExtFilter/ExtFilter.yml b/Packs/CommunityCommonScripts/Scripts/ExtFilter/ExtFilter.yml
index 794458f1552b..34aefffda3c0 100644
--- a/Packs/CommunityCommonScripts/Scripts/ExtFilter/ExtFilter.yml
+++ b/Packs/CommunityCommonScripts/Scripts/ExtFilter/ExtFilter.yml
@@ -17,10 +17,10 @@ system: true
args:
- name: value
required: true
- description: Value to be filtered
+ description: Value to be filtered.
isArray: true
- name: path
- description: Context Path to which to filter
+ description: Context Path to which to filter.
- name: operation
required: true
auto: PREDEFINED
@@ -149,11 +149,11 @@ args:
- 'wildcard: matches caseless'
- is individually transformed with
- is collectively transformed with
- description: 'Filter Operation: value is filtered by,is filtered by,keeps,doesn''t keep,is,isn''t,equals,doesn''t equal,greater or equal,greater than,less or equal,less than,in range,starts with,starts with caseless,doesn''t start with,doesn''t start with caseless,email-header: decode,ends with,ends with caseless,doesn''t end with,doesn''t end with caseless,includes,includes caseless,doesn''t include,doesn''t include caseless,finds,finds caseless,doesn''t find,doesn''t find caseless,matches,matches caseless,doesn''t match,doesn''t match caseless,matches wildcard,matches caseless wildcard,doesn''t match wildcard,doesn''t match caseless wildcard,matches regex,matches caseless regex,doesn''t match regex,doesn''t match caseless regex,in list,in caseless list,not in list,not in caseless list,contains,contains caseless,doesn''t contain,doesn''t contain caseless,contains any match with wildcard,contains any match with caseless wildcard,doesn''t contain any match with wildcard,doesn''t contain any match with caseless wildcard,contains any match with regex,contains any match with caseless regex,doesn''t contain any match with regex,doesn''t contain any match with caseless regex,matches wildcard,matches caseless wildcard,doesn''t match wildcard,doesn''t match caseless wildcard,matches regex,matches caseless regex,doesn''t match regex,doesn''t match caseless regex,matches any string of,matches any caseless string of,doesn''t match any string of,doesn''t match any caseless string of,,matches any line of,,matches any caseless line of,,doesn''t match any line of,,doesn''t match any caseless line of,matches any wildcard of,matches any caseless wildcard of,doesn''t match any wildcard of,doesn''t match any caseless wildcard of,matches any regex of,matches any caseless regex of,doesn''t match any regex of,doesn''t match any caseless regex of,matches conditions of,matches custom conditions of,value matches conditions of,value matches custom conditions of,===,!==,==,!=,>=,>,<=,<'
+ description: 'Filter Operation: value is filtered by,is filtered by,keeps,doesn''t keep,is,isn''t,equals,doesn''t equal,greater or equal,greater than,less or equal,less than,in range,starts with,starts with caseless,doesn''t start with,doesn''t start with caseless,email-header: decode,ends with,ends with caseless,doesn''t end with,doesn''t end with caseless,includes,includes caseless,doesn''t include,doesn''t include caseless,finds,finds caseless,doesn''t find,doesn''t find caseless,matches,matches caseless,doesn''t match,doesn''t match caseless,matches wildcard,matches caseless wildcard,doesn''t match wildcard,doesn''t match caseless wildcard,matches regex,matches caseless regex,doesn''t match regex,doesn''t match caseless regex,in list,in caseless list,not in list,not in caseless list,contains,contains caseless,doesn''t contain,doesn''t contain caseless,contains any match with wildcard,contains any match with caseless wildcard,doesn''t contain any match with wildcard,doesn''t contain any match with caseless wildcard,contains any match with regex,contains any match with caseless regex,doesn''t contain any match with regex,doesn''t contain any match with caseless regex,matches wildcard,matches caseless wildcard,doesn''t match wildcard,doesn''t match caseless wildcard,matches regex,matches caseless regex,doesn''t match regex,doesn''t match caseless regex,matches any string of,matches any caseless string of,doesn''t match any string of,doesn''t match any caseless string of,,matches any line of,,matches any caseless line of,,doesn''t match any line of,,doesn''t match any caseless line of,matches any wildcard of,matches any caseless wildcard of,doesn''t match any wildcard of,doesn''t match any caseless wildcard of,matches any regex of,matches any caseless regex of,doesn''t match any regex of,doesn''t match any caseless regex of,matches conditions of,matches custom conditions of,value matches conditions of,value matches custom conditions of,===,!==,==,!=,>=,>,<=,<.'
isArray: true
- name: filter
required: true
- description: Filter Value
+ description: Filter Value.
- name: ctx_demisto
description: '`demisto` context: Input . (single dot) on `From previous tasks` to enable to extract the context data.'
- name: ctx_inputs
@@ -164,7 +164,7 @@ args:
description: '`demisto` context: Input ''incident'' (no quotation) on `From previous tasks` to enable ${incident.} expression in DT.'
scripttarget: 0
subtype: python3
-dockerimage: demisto/python3:3.10.12.63474
+dockerimage: demisto/python3:3.10.13.78960
runas: DBotWeakRole
fromversion: 5.0.0
tests:
diff --git a/Packs/CommunityCommonScripts/pack_metadata.json b/Packs/CommunityCommonScripts/pack_metadata.json
index 5ebc49e22d03..e8c8ea9afb98 100644
--- a/Packs/CommunityCommonScripts/pack_metadata.json
+++ b/Packs/CommunityCommonScripts/pack_metadata.json
@@ -2,7 +2,7 @@
"name": "Community Common Scripts",
"description": "A pack that contains community scripts",
"support": "community",
- "currentVersion": "1.1.0",
+ "currentVersion": "1.1.1",
"author": "",
"url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions",
"email": "",
diff --git a/Packs/ConcentricAI/Integrations/ConcentricAI/ConcentricAI.py b/Packs/ConcentricAI/Integrations/ConcentricAI/ConcentricAI.py
index 561c0a7943ac..52efa2bd52c7 100644
--- a/Packs/ConcentricAI/Integrations/ConcentricAI/ConcentricAI.py
+++ b/Packs/ConcentricAI/Integrations/ConcentricAI/ConcentricAI.py
@@ -77,7 +77,7 @@ def initialise_scrolls_and_rules():
def initialize_global_values():
- global URL, MAX_INCIDENTS_TO_FETCH, COOKIE, AUTH_HEADERS,\
+ global URL, MAX_INCIDENTS_TO_FETCH, COOKIE, AUTH_HEADERS, \
CLIENT_ID, CLIENT_SECRET, AUTH_HEADERS, DOMAIN, AUTHORIZATION
CLIENT_ID = demisto.getParam('client_id')
diff --git a/Packs/ConcentricAI/Integrations/ConcentricAI/ConcentricAI.yml b/Packs/ConcentricAI/Integrations/ConcentricAI/ConcentricAI.yml
index efd1c5dec59d..4248dfe15ebd 100644
--- a/Packs/ConcentricAI/Integrations/ConcentricAI/ConcentricAI.yml
+++ b/Packs/ConcentricAI/Integrations/ConcentricAI/ConcentricAI.yml
@@ -61,13 +61,13 @@ name: ConcentricAI
script:
commands:
- arguments:
- - description: Path of the file
+ - description: Path of the file.
name: path
required: true
- - description: Name of File
+ - description: Name of File.
name: file-name
required: true
- description: Get's file information
+ description: Get's file information.
name: concentricai-get-file-details
outputs:
- contextPath: ConcentricAI.FileInfo.risk_names
@@ -77,29 +77,29 @@ script:
description: owner Details.
type: String
- contextPath: ConcentricAI.FileInfo.pii
- description: PII present in file or not
+ description: PII present in file or not.
type: String
- contextPath: ConcentricAI.FileInfo.cid
- description: File ID
+ description: File ID.
type: String
- arguments:
- default: true
defaultValue: '50'
description: Maximum no. of users fetched per category.
name: max_users
- description: Get overview of Users involved
+ description: Get overview of Users involved.
name: concentricai-get-users-overview
- arguments:
- - description: Enter user name
+ - description: Enter user name.
name: user
required: true
- description: Get's user details
+ description: Get's user details.
name: concentricai-get-user-details
- arguments:
- - description: File ID
+ - description: File ID.
name: cid
required: true
- description: Get's file sharing details
+ description: Get's file sharing details.
name: concentricai-get-file-sharing-details
outputs:
- contextPath: ConcentricAI.FileSharingInfo.type
@@ -108,7 +108,7 @@ script:
- contextPath: ConcentricAI.FileSharingInfo.user_name
description: User name.
type: Array
- dockerimage: demisto/python3:3.10.12.68714
+ dockerimage: demisto/python3:3.10.13.78960
isfetch: true
runonce: false
script: '-'
diff --git a/Packs/ConcentricAI/ReleaseNotes/1_2_9.md b/Packs/ConcentricAI/ReleaseNotes/1_2_9.md
new file mode 100644
index 000000000000..62a5db65458d
--- /dev/null
+++ b/Packs/ConcentricAI/ReleaseNotes/1_2_9.md
@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### ConcentricAI
+
+- Updated the Docker image to: *demisto/python3:3.10.13.78960*.
diff --git a/Packs/ConcentricAI/pack_metadata.json b/Packs/ConcentricAI/pack_metadata.json
index f0e710222baa..cac638f94c5f 100644
--- a/Packs/ConcentricAI/pack_metadata.json
+++ b/Packs/ConcentricAI/pack_metadata.json
@@ -1,8 +1,8 @@
{
"name": "ConcentricAI",
- "description": "Plugin for Concentric.ai Concentric\u2019s Semantic Intelligence\u2122 solution discovers and protects business critical, unstructured data.\nWe use deep learning to identify risky sharing, inappropriate third party access, assets in the wrong location, \nmis-classified documents, or lateral movement of data \u2013 all without rules or complex upfront configuration.",
+ "description": "Plugin for Concentric.ai Concentric’s Semantic Intelligence™ solution discovers and protects business critical, unstructured data.\nWe use deep learning to identify risky sharing, inappropriate third party access, assets in the wrong location, \nmis-classified documents, or lateral movement of data – all without rules or complex upfront configuration.",
"support": "partner",
- "currentVersion": "1.2.8",
+ "currentVersion": "1.2.9",
"author": "Shams Hasan Rizvi",
"url": "https://concentric.ai",
"email": "shams@concentric.ai",
diff --git a/Packs/Cybereason/Integrations/Cybereason/Cybereason.py b/Packs/Cybereason/Integrations/Cybereason/Cybereason.py
index 90ff8e99acc0..5f21be9752e3 100644
--- a/Packs/Cybereason/Integrations/Cybereason/Cybereason.py
+++ b/Packs/Cybereason/Integrations/Cybereason/Cybereason.py
@@ -666,7 +666,7 @@ def malop_processes_command(client: Client, args: dict):
raise DemistoException("dateTime could not be parsed. Please enter a valid time parameter.")
date_time_parser = date_time_parser.timestamp()
milliseconds = int(date_time_parser * 1000)
- filter_input = [{"facetName": "creationTime", "filterType": "GreaterThan", "values": [milliseconds], "isResult":True}]
+ filter_input = [{"facetName": "creationTime", "filterType": "GreaterThan", "values": [milliseconds], "isResult": True}]
if isinstance(malop_guids, str):
malop_guids = malop_guids.split(',')
@@ -1620,8 +1620,8 @@ def fetch_malop_processes(client: Client, malop_id: str) -> list:
{
"requestedType": "MalopProcess",
"filters": [],
- "guidList":[malop_id],
- "connectionFeature":{
+ "guidList": [malop_id],
+ "connectionFeature": {
"elementInstanceType": "MalopProcess",
"featureName": "suspects"
}
@@ -1629,7 +1629,7 @@ def fetch_malop_processes(client: Client, malop_id: str) -> list:
{
"requestedType": "Process",
"filters": [],
- "isResult":True
+ "isResult": True
}
],
"totalResultLimit": 1000,
diff --git a/Packs/Cybereason/Integrations/Cybereason/Cybereason.yml b/Packs/Cybereason/Integrations/Cybereason/Cybereason.yml
index 5a55fe3edd94..a4dbc7aced49 100644
--- a/Packs/Cybereason/Integrations/Cybereason/Cybereason.yml
+++ b/Packs/Cybereason/Integrations/Cybereason/Cybereason.yml
@@ -108,31 +108,31 @@ script:
- 'true'
- 'false'
- auto: PREDEFINED
- description: If process has external connection
+ description: If process has external connection.
name: hasExternalConnection
predefined:
- 'true'
- 'false'
- auto: PREDEFINED
- description: If process is not known to reputation services and its image file is unsigned
+ description: If process is not known to reputation services and its image file is unsigned.
name: unsignedUnknownReputation
predefined:
- 'true'
- 'false'
- auto: PREDEFINED
- description: If process is running from temporary folder
+ description: If process is running from temporary folder.
name: fromTemporaryFolder
predefined:
- 'true'
- 'false'
- auto: PREDEFINED
- description: If process was identified elevating its privileges to local system user
+ description: If process was identified elevating its privileges to local system user.
name: privilegesEscalation
predefined:
- 'true'
- 'false'
- auto: PREDEFINED
- description: If the process was executed by PsExec service and is suspicious as being executed maliciously
+ description: If the process was executed by PsExec service and is suspicious as being executed maliciously.
name: maliciousPsExec
predefined:
- 'true'
@@ -141,65 +141,65 @@ script:
name: cybereason-query-processes
outputs:
- contextPath: Cybereason.Process.Name
- description: The process name
+ description: The process name.
type: Unknown
- contextPath: Cybereason.Process.Malicious
- description: Malicious status of the process
+ description: Malicious status of the process.
type: Unknown
- contextPath: Cybereason.Process.CreationTime
- description: The process creation time
+ description: The process creation time.
type: Unknown
- contextPath: Cybereason.Process.EndTime
- description: The process end time
+ description: The process end time.
type: Unknown
- contextPath: Cybereason.Process.CommandLine
- description: The command line of the process
+ description: The command line of the process.
type: Unknown
- contextPath: Cybereason.Process.SignedAndVerified
- description: Is the process signed and verified
+ description: Is the process signed and verified.
type: Unknown
- contextPath: Cybereason.Process.ProductType
- description: The product type
+ description: The product type.
type: Unknown
- contextPath: Cybereason.Process.Children
- description: Children of the process
+ description: Children of the process.
type: Unknown
- contextPath: Cybereason.Process.Parent
- description: The parent process
+ description: The parent process.
type: Unknown
- contextPath: Cybereason.Process.OwnerMachine
- description: The machine's hostname
+ description: The machine's hostname.
type: Unknown
- contextPath: Cybereason.Process.User
- description: The user who ran the process
+ description: The user who ran the process.
type: Unknown
- contextPath: Cybereason.Process.ImageFile
- description: Image file of the process
+ description: Image file of the process.
type: Unknown
- contextPath: Cybereason.Process.SHA1
- description: SHA1 of the process file
+ description: SHA1 of the process file.
type: Unknown
- contextPath: Cybereason.Process.MD5
- description: MD5 of the process file
+ description: MD5 of the process file.
type: Unknown
- contextPath: Cybereason.Process.CompanyName
- description: The company's name
+ description: The company's name.
type: Unknown
- contextPath: Cybereason.Process.ProductName
- description: The product's name
+ description: The product's name.
type: Unknown
- arguments:
- description: The hostname of the machine to check.
name: machine
required: true
- description: Checks if the machine is currently connected to the Cybereason server
+ description: Checks if the machine is currently connected to the Cybereason server.
name: cybereason-is-probe-connected
outputs:
- contextPath: Cybereason.Machine.isConnected
- description: true if machine is connected, else false
+ description: true if machine is connected, else false.
type: boolean
- contextPath: Cybereason.Machine.Name
- description: Machine name
+ description: Machine name.
type: string
- arguments:
- description: Filter connections which contain this IP (in or out).
@@ -217,70 +217,70 @@ script:
name: cybereason-query-connections
outputs:
- contextPath: Cybereason.Connection.Name
- description: The connection's name
+ description: The connection's name.
type: Unknown
- contextPath: Cybereason.Connection.Direction
- description: OUTGOING/INCOMING
+ description: OUTGOING/INCOMING.
type: Unknown
- contextPath: Cybereason.Connection.ServerAddress
- description: Address of the Cybereason machine
+ description: Address of the Cybereason machine.
type: Unknown
- contextPath: Cybereason.Connection.ServerPort
- description: Port of the Cybereason machine
+ description: Port of the Cybereason machine.
type: Unknown
- contextPath: Cybereason.Connection.PortType
- description: Type of the connection
+ description: Type of the connection.
type: Unknown
- contextPath: Cybereason.Connection.ReceivedBytes
- description: Received bytes count
+ description: Received bytes count.
type: Unknown
- contextPath: Cybereason.Connection.TransmittedBytes
- description: Transmitted bytes count
+ description: Transmitted bytes count.
type: Unknown
- contextPath: Cybereason.Connection.RemoteCountry
- description: The connection's remote country
+ description: The connection's remote country.
type: Unknown
- contextPath: Cybereason.Connection.OwnerMachine
- description: The machine's hostname
+ description: The machine's hostname.
type: Unknown
- contextPath: Cybereason.Connection.OwnerProcess
- description: The process which performed the connection
+ description: The process which performed the connection.
type: Unknown
- contextPath: Cybereason.Connection.CreationTime
- description: Creation time of the connection
+ description: Creation time of the connection.
type: Unknown
- contextPath: Cybereason.Connection.EndTime
- description: End time of the connection
+ description: End time of the connection.
type: Unknown
- arguments:
- default: true
- description: Machine name to be isolated
+ description: Machine name to be isolated.
name: machine
required: true
- description: Isolates a machine that has been infected from the rest of the network
+ description: Isolates a machine that has been infected from the rest of the network.
execution: true
name: cybereason-isolate-machine
outputs:
- contextPath: Cybereason.Machine
- description: Machine name
+ description: Machine name.
type: string
- contextPath: Cybereason.IsIsolated
- description: Is the machine isolated
+ description: Is the machine isolated.
type: boolean
- arguments:
- default: true
- description: Machine name to be un-isolated
+ description: Machine name to be un-isolated.
name: machine
required: true
- description: Stops isolation of a machine
+ description: Stops isolation of a machine.
execution: true
name: cybereason-unisolate-machine
outputs:
- contextPath: Cybereason.Machine
- description: Machine name
+ description: Machine name.
type: string
- contextPath: Cybereason.IsIsolated
- description: Is the machine isolated
+ description: Is the machine isolated.
type: boolean
- arguments:
- description: Filter to filter response by, given in Cybereason API syntax.
@@ -299,9 +299,9 @@ script:
- CUSTOM
- DETAILS
- OVERVIEW
- - description: Return all the malops within the last days
+ - description: Return all the malops within the last days.
name: withinLastDays
- - description: Malop GUIDs to filter by (Comma separated values supported, e.g. 11.5681864988155542407,11.1773255057963879999)
+ - description: Malop GUIDs to filter by (Comma separated values supported, e.g. 11.5681864988155542407,11.1773255057963879999).
name: malopGuid
description: Returns a list of all Malops and details on the Malops.
name: cybereason-query-malops
@@ -319,94 +319,94 @@ script:
description: Link to the Malop on Cybereason.
type: string
- contextPath: Cybereason.Malops.Suspects
- description: Malop suspect type and name
+ description: Malop suspect type and name.
type: string
- contextPath: Cybereason.Malops.LastUpdatedTime
- description: Last updated time of malop
+ description: Last updated time of malop.
type: string
- contextPath: Cybereason.Malops.AffectedMachine
- description: List of machines affected by this Malop
+ description: List of machines affected by this Malop.
type: string
- contextPath: Cybereason.Malops.InvolvedHash
- description: List of file hashes involved in this Malop
+ description: List of file hashes involved in this Malop.
type: string
- contextPath: Cybereason.Malops.Status
- description: Malop managemant status
+ description: Malop managemant status.
type: string
- arguments:
- - description: Array of malop GUIDs separated by comma. (Malop GUID can be retrieved with the command cybereason-query-malops command)
+ - description: Array of malop GUIDs separated by comma. (Malop GUID can be retrieved with the command cybereason-query-malops command).
name: malopGuids
required: true
- - description: Machine names which were affected by malop. Comma separated values supported (e.g., machine1,machine2)
+ - description: Machine names which were affected by malop. Comma separated values supported (e.g., machine1,machine2).
name: machineName
- description: Starting Date and Time to filter the Processes based on their creation date. The format for the input is ("YYYY/MM/DD HH:MM:SS").
name: dateTime
- description: Returns a list of malops
+ description: Returns a list of malops.
name: cybereason-malop-processes
outputs:
- contextPath: Cybereason.Process.Name
- description: The process name
+ description: The process name.
type: string
- contextPath: Cybereason.Process.Malicious
- description: Malicious status of the process
+ description: Malicious status of the process.
type: Unknown
- contextPath: Cybereason.Process.CreationTime
- description: The process creation time
+ description: The process creation time.
type: date
- contextPath: Cybereason.Process.EndTime
- description: The process end time
+ description: The process end time.
type: date
- contextPath: Cybereason.Process.CommandLine
- description: The command line of the process
+ description: The command line of the process.
type: string
- contextPath: Cybereason.Process.SignedAndVerified
- description: Is the process signed and verified
+ description: Is the process signed and verified.
type: Unknown
- contextPath: Cybereason.Process.ProductType
- description: The product type
+ description: The product type.
type: Unknown
- contextPath: Cybereason.Process.Children
- description: Children of the process
+ description: Children of the process.
type: Unknown
- contextPath: Cybereason.Process.Parent
- description: The parent process
+ description: The parent process.
type: Unknown
- contextPath: Cybereason.Process.OwnerMachine
- description: The machine's hostname
+ description: The machine's hostname.
type: Unknown
- contextPath: Cybereason.Process.User
- description: The user who ran the process
+ description: The user who ran the process.
type: string
- contextPath: Cybereason.Process.ImageFile
- description: Image file of the process
+ description: Image file of the process.
type: Unknown
- contextPath: Cybereason.Process.SHA1
- description: SHA1 of the process file
+ description: SHA1 of the process file.
type: string
- contextPath: Cybereason.Process.MD5
- description: MD5 of the process file
+ description: MD5 of the process file.
type: string
- contextPath: Cybereason.Process.CompanyName
- description: The company's name
+ description: The company's name.
type: string
- contextPath: Cybereason.Process.ProductName
- description: The product's name
+ description: The product's name.
type: string
- arguments:
- - description: Comment to add to the malop
+ - description: Comment to add to the malop.
name: comment
required: true
- - description: Malop GUID to add comment to. (Malop GUID can be retrieved with the command cybereason-query-malops command)
+ - description: Malop GUID to add comment to. (Malop GUID can be retrieved with the command cybereason-query-malops command).
name: malopGuid
required: true
- description: Add new comment to malop
+ description: Add new comment to malop.
name: cybereason-add-comment
- arguments:
- - description: Malop GUID to update its status
+ - description: Malop GUID to update its status.
name: malopGuid
required: true
- auto: PREDEFINED
- description: Status to update
+ description: Status to update.
name: status
predefined:
- To Review
@@ -415,312 +415,312 @@ script:
- Not Relevant
- Open
required: true
- description: Updates malop status
+ description: Updates malop status.
name: cybereason-update-malop-status
outputs:
- contextPath: Cybereason.Malops.GUID
- description: Malop GUID
+ description: Malop GUID.
type: string
- contextPath: Cybereason.Malops.Status
- description: 'Malop status: To Review,Unread,Remediated,Not Relevant'
+ description: 'Malop status: To Review,Unread,Remediated,Not Relevant.'
type: string
- arguments:
- default: true
- description: Malop process file MD5 to prevent
+ description: Malop process file MD5 to prevent.
name: md5
required: true
- description: Prevent malop process file
+ description: Prevent malop process file.
name: cybereason-prevent-file
outputs:
- contextPath: Cybereason.Process.MD5
- description: Process file MD5
+ description: Process file MD5.
type: string
- contextPath: Cybereason.Process.Prevent
- description: True if process file is prevented, else false
+ description: True if process file is prevented, else false.
type: boolean
- arguments:
- default: true
- description: Malop process file MD5 to unprevent
+ description: Malop process file MD5 to unprevent.
name: md5
required: true
- description: Unprevent malop process file
+ description: Unprevent malop process file.
name: cybereason-unprevent-file
outputs:
- contextPath: Cybereason.Process.MD5
- description: Process file MD5
+ description: Process file MD5.
type: string
- contextPath: Cybereason.Process.Prevent
- description: True if process file is prevented, else false
+ description: True if process file is prevented, else false.
type: boolean
- arguments:
- default: true
- description: File hash (SHA-1 and MD5 supported)
+ description: File hash (SHA-1 and MD5 supported).
name: file_hash
required: true
- description: Query files as part of investigation
+ description: Query files as part of investigation.
name: cybereason-query-file
outputs:
- contextPath: Cybereason.File.Path
- description: File path
+ description: File path.
type: string
- contextPath: Cybereason.File.SHA1
- description: File SHA-1 hash
+ description: File SHA-1 hash.
type: string
- contextPath: Cybereason.File.Machine
- description: Machine name on which file is located
+ description: Machine name on which file is located.
type: string
- contextPath: Cybereason.File.SuspicionsCount
- description: File suspicions count
+ description: File suspicions count.
type: number
- contextPath: Cybereason.File.Name
- description: File name
+ description: File name.
type: string
- contextPath: Cybereason.File.CreationTime
- description: File creation time
+ description: File creation time.
type: date
- contextPath: Cybereason.File.Suspicion
- description: File suspicions object of suspicion as key and detected date as value
+ description: File suspicions object of suspicion as key and detected date as value.
type: string
- contextPath: Cybereason.File.OSVersion
- description: Machine OS version on which file is located
+ description: Machine OS version on which file is located.
type: string
- contextPath: Cybereason.File.ModifiedTime
- description: File modified date
+ description: File modified date.
type: date
- contextPath: Cybereason.File.Malicious
- description: Is file malicious
+ description: Is file malicious.
type: boolean
- contextPath: Cybereason.File.Company
- description: Company name
+ description: Company name.
type: string
- contextPath: Cybereason.File.MD5
- description: File MD5 hash
+ description: File MD5 hash.
type: string
- contextPath: Cybereason.File.IsConnected
- description: Is machine connected to Cybereason
+ description: Is machine connected to Cybereason.
type: boolean
- contextPath: Cybereason.File.Signed
- description: Is file signed
+ description: Is file signed.
type: boolean
- contextPath: Cybereason.File.Evidence
- description: File evidences
+ description: File evidences.
type: string
- arguments:
- default: true
- description: Domain to query
+ description: Domain to query.
name: domain
required: true
- description: Query domains as part of investigation
+ description: Query domains as part of investigation.
name: cybereason-query-domain
outputs:
- contextPath: Cybereason.Domain.Name
- description: Domain name
+ description: Domain name.
type: string
- contextPath: Cybereason.Domain.Malicious
- description: Is domain malicious
+ description: Is domain malicious.
type: boolean
- contextPath: Cybereason.Domain.IsInternalDomain
- description: Is domain internal
+ description: Is domain internal.
type: boolean
- contextPath: Cybereason.Domain.Reputation
- description: Domain reputation
+ description: Domain reputation.
type: string
- contextPath: Cybereason.Domain.SuspicionsCount
- description: Domain suspicions count
+ description: Domain suspicions count.
type: number
- contextPath: Cybereason.Domain.WasEverResolved
- description: Was domain ever resolved
+ description: Was domain ever resolved.
type: boolean
- contextPath: Cybereason.Domain.WasEverResolvedAsASecondLevelDomain
- description: Was domain ever resolved as a second level domain
+ description: Was domain ever resolved as a second level domain.
type: boolean
- arguments:
- default: true
- description: Username to query
+ description: Username to query.
name: username
required: true
- description: Query users as part of investigation
+ description: Query users as part of investigation.
name: cybereason-query-user
outputs:
- contextPath: Cybereason.User.Username
- description: User name
+ description: User name.
type: string
- contextPath: Cybereason.User.Domain
- description: User domain
+ description: User domain.
type: string
- contextPath: Cybereason.User.LastMachineLoggedInTo
- description: Last machine which user logged in to
+ description: Last machine which user logged in to.
type: string
- contextPath: Cybereason.User.LocalSystem
- description: Is local system
+ description: Is local system.
type: boolean
- contextPath: Cybereason.User.Organization
- description: User organization
+ description: User organization.
type: string
- arguments:
- - description: Malop GUID for fetching a file from a sensor to download
+ - description: Malop GUID for fetching a file from a sensor to download.
name: malopGUID
required: true
- - description: The complete Cybereason user name string for the user performing the request
+ - description: The complete Cybereason user name string for the user performing the request.
name: userName
required: true
- description: Start fetching the file to download
+ description: Start fetching the file to download.
name: cybereason-start-fetchfile
- arguments:
- default: true
- description: Malop GUID to know the progress for downloading a file
+ description: Malop GUID to know the progress for downloading a file.
name: malopGuid
required: true
- description: Return a batch id for files waiting for download
+ description: Return a batch id for files waiting for download.
name: cybereason-fetchfile-progress
outputs:
- contextPath: Cybereason.Download.Progress.fileName
- description: Filename for tha given malop
+ description: Filename for tha given malop.
type: string
- contextPath: Cybereason.Download.Progress.status
- description: Status for batch ID
+ description: Status for batch ID.
type: boolean
- contextPath: Cybereason.Download.Progress.batchID
- description: Unique batch id
+ description: Unique batch id.
type: Unknown
- arguments:
- default: true
- description: The batch id for the file download operation
+ description: The batch id for the file download operation.
name: batchID
required: true
- description: Downloads the actual file to the machine
+ description: Downloads the actual file to the machine.
name: cybereason-download-file
- arguments:
- default: true
- description: The batch id to abort a file download operation
+ description: The batch id to abort a file download operation.
name: batchID
required: true
- description: Aborts a file download operation that is in progress
+ description: Aborts a file download operation that is in progress.
name: cybereason-close-file-batch-id
- arguments:
- - description: The unique ID assigned by the Cybereason platform for the Malop
+ - description: The unique ID assigned by the Cybereason platform for the Malop.
name: malopGuid
required: true
- description: Get all remediation action details whatever available for that malop
+ description: Get all remediation action details whatever available for that malop.
name: cybereason-available-remediation-actions
- arguments:
- - description: The unique ID assigned by the Cybereason platform for the Malop
+ - description: The unique ID assigned by the Cybereason platform for the Malop.
name: malopGuid
required: true
- - description: Machine name to kill the process
+ - description: Machine name to kill the process.
name: machine
required: true
- - description: Target ID to kill the process
+ - description: Target ID to kill the process.
name: targetId
required: true
- - description: The complete Cybereason user name string for the user performing the request
+ - description: The complete Cybereason user name string for the user performing the request.
name: userName
required: true
- - description: Comment to add to the malop
+ - description: Comment to add to the malop.
name: comment
- description: Kill a processes for the malicious file. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop)
+ description: Kill a processes for the malicious file. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop).
name: cybereason-kill-process
- arguments:
- - description: The unique ID assigned by the Cybereason platform for the Malop
+ - description: The unique ID assigned by the Cybereason platform for the Malop.
name: malopGuid
required: true
- - description: Machine name to quarantine a file
+ - description: Machine name to quarantine a file.
name: machine
required: true
- - description: Target ID to quarantine a file
+ - description: Target ID to quarantine a file.
name: targetId
required: true
- - description: The complete Cybereason user name string for the user performing the request
+ - description: The complete Cybereason user name string for the user performing the request.
name: userName
required: true
- - description: Comment to add to the malop
+ - description: Comment to add to the malop.
name: comment
- description: Quarantine the detected malicious file in a secure location. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop)
+ description: Quarantine the detected malicious file in a secure location. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop).
name: cybereason-quarantine-file
- arguments:
- - description: The unique ID assigned by the Cybereason platform for the Malop
+ - description: The unique ID assigned by the Cybereason platform for the Malop.
name: malopGuid
required: true
- - description: Machine name to unquarantine a file
+ - description: Machine name to unquarantine a file.
name: machine
required: true
- - description: Target ID to unquarantine a file
+ - description: Target ID to unquarantine a file.
name: targetId
required: true
- - description: The complete Cybereason user name string for the user performing the request
+ - description: The complete Cybereason user name string for the user performing the request.
name: userName
required: true
- - description: Comment to add to the malop
+ - description: Comment to add to the malop.
name: comment
- description: Unquarantine the detected malicious file in a secure location. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop)
+ description: Unquarantine the detected malicious file in a secure location. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop).
name: cybereason-unquarantine-file
- arguments:
- - description: The unique ID assigned by the Cybereason platform for the Malop
+ - description: The unique ID assigned by the Cybereason platform for the Malop.
name: malopGuid
required: true
- - description: Machine name whose files needs to be blocked
+ - description: Machine name whose files needs to be blocked.
name: machine
required: true
- - description: Target ID of file to be blocked
+ - description: Target ID of file to be blocked.
name: targetId
required: true
- - description: The complete Cybereason user name string for the user performing the request
+ - description: The complete Cybereason user name string for the user performing the request.
name: userName
required: true
- - description: Comment to add to the malop
+ - description: Comment to add to the malop.
name: comment
- description: Block a file only in particular machine. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop)
+ description: Block a file only in particular machine. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop).
name: cybereason-block-file
- arguments:
- - description: The unique ID assigned by the Cybereason platform for the Malop
+ - description: The unique ID assigned by the Cybereason platform for the Malop.
name: malopGuid
required: true
- - description: Machine name to delete the registry key
+ - description: Machine name to delete the registry key.
name: machine
required: true
- - description: Target ID to delete the registry key
+ - description: Target ID to delete the registry key.
name: targetId
required: true
- - description: The complete Cybereason user name string for the user performing the request
+ - description: The complete Cybereason user name string for the user performing the request.
name: userName
required: true
- - description: Comment to add to the malop
+ - description: Comment to add to the malop.
name: comment
- description: Delete a registry entry associated with a malicious process. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop)
+ description: Delete a registry entry associated with a malicious process. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop).
name: cybereason-delete-registry-key
- arguments:
- - description: The unique ID assigned by the Cybereason platform for the Malop
+ - description: The unique ID assigned by the Cybereason platform for the Malop.
name: malopGuid
required: true
- - description: Machine name to prevent detected ransomware from running on the machine
+ - description: Machine name to prevent detected ransomware from running on the machine.
name: machine
required: true
- - description: Target ID to prevent detected ransomware from running on the machine
+ - description: Target ID to prevent detected ransomware from running on the machine.
name: targetId
required: true
- - description: The complete Cybereason user name string for the user performing the request
+ - description: The complete Cybereason user name string for the user performing the request.
name: userName
required: true
- - description: Comment to add to the malop
+ - description: Comment to add to the malop.
name: comment
- description: Prevent detected ransomware from running on the machine. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop)
+ description: Prevent detected ransomware from running on the machine. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop).
name: cybereason-kill-prevent-unsuspend
- arguments:
- - description: The unique ID assigned by the Cybereason platform for the Malop
+ - description: The unique ID assigned by the Cybereason platform for the Malop.
name: malopGuid
required: true
- - description: Machine name to prevent a file associated with ransomware
+ - description: Machine name to prevent a file associated with ransomware.
name: machine
required: true
- - description: Target ID to prevent a file associated with ransomware
+ - description: Target ID to prevent a file associated with ransomware.
name: targetId
required: true
- - description: The complete Cybereason user name string for the user performing the request
+ - description: The complete Cybereason user name string for the user performing the request.
name: userName
required: true
- - description: Comment to add to the malop
+ - description: Comment to add to the malop.
name: comment
- description: Prevent a file associated with ransomware. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop)
+ description: Prevent a file associated with ransomware. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop).
name: cybereason-unsuspend-process
- arguments:
- description: Filter for Fetching Malwares by Malware needsAttention.
@@ -738,7 +738,7 @@ script:
- description: Filter for Fetching Malwares by Malware Limit.
name: limit
required: true
- description: Malware query with options and values to filter
+ description: Malware query with options and values to filter.
name: cybereason-malware-query
- arguments:
- description: Sensor ID of a sensor. (Comma separated values supported.)
@@ -770,7 +770,7 @@ script:
script: '-'
type: python
subtype: python3
- dockerimage: demisto/python3:3.10.13.72123
+ dockerimage: demisto/python3:3.10.13.78960
tests:
- Cybereason Test
fromversion: 5.0.0
diff --git a/Packs/Cybereason/ReleaseNotes/2_1_13.md b/Packs/Cybereason/ReleaseNotes/2_1_13.md
new file mode 100644
index 000000000000..5d2108352e2e
--- /dev/null
+++ b/Packs/Cybereason/ReleaseNotes/2_1_13.md
@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Cybereason
+
+- Updated the Docker image to: *demisto/python3:3.10.13.78960*.
diff --git a/Packs/Cybereason/pack_metadata.json b/Packs/Cybereason/pack_metadata.json
index 82f7a6e2b7ea..0dc29ce6aca9 100644
--- a/Packs/Cybereason/pack_metadata.json
+++ b/Packs/Cybereason/pack_metadata.json
@@ -2,7 +2,7 @@
"name": "Cybereason",
"description": "Endpoint detection and response to manage and query malops, connections and processes.",
"support": "partner",
- "currentVersion": "2.1.12",
+ "currentVersion": "2.1.13",
"author": "Cybereason",
"url": "https://nest.cybereason.com/",
"email": "support@cybereason.com",
diff --git a/Packs/EmailCommunication/ReleaseNotes/2_0_13.md b/Packs/EmailCommunication/ReleaseNotes/2_0_13.md
new file mode 100644
index 000000000000..bcdaefee798a
--- /dev/null
+++ b/Packs/EmailCommunication/ReleaseNotes/2_0_13.md
@@ -0,0 +1,6 @@
+
+#### Scripts
+
+##### SendEmailReply
+
+- Updated the Docker image to: *demisto/python3:3.10.13.78960*.
diff --git a/Packs/EmailCommunication/Scripts/SendEmailReply/SendEmailReply.py b/Packs/EmailCommunication/Scripts/SendEmailReply/SendEmailReply.py
index 73e3c40ca0be..75a4dc7d34af 100644
--- a/Packs/EmailCommunication/Scripts/SendEmailReply/SendEmailReply.py
+++ b/Packs/EmailCommunication/Scripts/SendEmailReply/SendEmailReply.py
@@ -812,7 +812,7 @@ def collect_thread_details(incident_email_threads, email_selected_thread):
# Keep track of the last processed list position
last_thread_processed = idx
- return thread_found, reply_to_message_id, outbound_only, reply_code, reply_subject, reply_recipients,\
+ return thread_found, reply_to_message_id, outbound_only, reply_code, reply_subject, reply_recipients, \
reply_mailbox, thread_cc, thread_bcc, last_thread_processed
@@ -870,7 +870,7 @@ def multi_thread_reply(new_email_body, incident_id, email_selected_thread, new_e
elif type(incident_email_threads) == list:
# Process existing thread entries in this email chain to gather re-usable data for new message
thread_found, reply_to_message_id, outbound_only, reply_code, reply_subject, reply_recipients, \
- reply_mailbox, thread_cc, thread_bcc,\
+ reply_mailbox, thread_cc, thread_bcc, \
last_thread_processed = collect_thread_details(incident_email_threads, email_selected_thread)
if thread_found is False:
diff --git a/Packs/EmailCommunication/Scripts/SendEmailReply/SendEmailReply.yml b/Packs/EmailCommunication/Scripts/SendEmailReply/SendEmailReply.yml
index 3258519738cf..07197f6586ab 100644
--- a/Packs/EmailCommunication/Scripts/SendEmailReply/SendEmailReply.yml
+++ b/Packs/EmailCommunication/Scripts/SendEmailReply/SendEmailReply.yml
@@ -1,17 +1,17 @@
args:
- defaultValue: ${File}
- description: Files
+ description: Files.
isArray: true
name: files
- defaultValue: ${incident.attachment}
- description: Attachment
+ description: Attachment.
isArray: true
name: attachment
- defaultValue:
description: The mailbox from which emails are sent from the 3rd party integration.
name: service_mail
- name: mail_sender_instance
- description: Name of the mail sender instance name for transmitting emails
+ description: Name of the mail sender instance name for transmitting emails.
defaultValue:
- name: new_thread
auto: PREDEFINED
@@ -19,7 +19,7 @@ args:
- 'true'
- 'false'
- n/a
- description: Specify whether to reply to an existing thread or start a new one. Default value of 'n/a' is for 'Email Communication' type incidents only
+ description: Specify whether to reply to an existing thread or start a new one. Default value of 'n/a' is for 'Email Communication' type incidents only.
defaultValue: n/a
- name: subject_include_incident_id
description: Include the Incident ID within the email subject.
@@ -46,7 +46,7 @@ subtype: python3
system: true
type: python
fromversion: 5.0.0
-dockerimage: demisto/python3:3.10.12.68300
+dockerimage: demisto/python3:3.10.13.78960
tests:
- No tests (auto formatted)
contentitemexportablefields:
diff --git a/Packs/EmailCommunication/pack_metadata.json b/Packs/EmailCommunication/pack_metadata.json
index d34a39203c2c..e4336a6b903d 100644
--- a/Packs/EmailCommunication/pack_metadata.json
+++ b/Packs/EmailCommunication/pack_metadata.json
@@ -2,7 +2,7 @@
"name": "Email Communication",
"description": "Do you have to send multiple emails to end users? This content pack helps you streamline the process and automate updates, notifications and more.\n",
"support": "xsoar",
- "currentVersion": "2.0.12",
+ "currentVersion": "2.0.13",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"videos": [
diff --git a/Packs/McAfee-TIE/Integrations/McAfeeTIEV2/McAfeeTIEV2.py b/Packs/McAfee-TIE/Integrations/McAfeeTIEV2/McAfeeTIEV2.py
index 3c96e1ce6092..a1369765b695 100644
--- a/Packs/McAfee-TIE/Integrations/McAfeeTIEV2/McAfeeTIEV2.py
+++ b/Packs/McAfee-TIE/Integrations/McAfeeTIEV2/McAfeeTIEV2.py
@@ -7,7 +7,7 @@
from dxlclient.broker import Broker
from dxltieclient import TieClient
from typing import NamedTuple
-from dxltieclient.constants import FileReputationProp, FileGtiAttrib, FileEnterpriseAttrib, AtdAttrib, TrustLevel,\
+from dxltieclient.constants import FileReputationProp, FileGtiAttrib, FileEnterpriseAttrib, AtdAttrib, TrustLevel, \
HashType, EnterpriseAttrib, FileProvider, FirstRefProp, AtdTrustLevel
VENDOR_NAME = 'McAfee Threat Intelligence Exchange'
@@ -520,8 +520,8 @@ def create_temp_credentials(temp_file: tempfile._TemporaryFileWrapper, data_to_w
@contextlib.contextmanager
def create_dxl_config(instance_cert: InstanceCertificates) -> DxlClientConfig:
- with tempfile.NamedTemporaryFile(mode='w+', dir='./', suffix='.crt') as broker_certs_file,\
- tempfile.NamedTemporaryFile(mode='w+', dir='./', suffix='.crt') as client_cert_file,\
+ with tempfile.NamedTemporaryFile(mode='w+', dir='./', suffix='.crt') as broker_certs_file, \
+ tempfile.NamedTemporaryFile(mode='w+', dir='./', suffix='.crt') as client_cert_file, \
tempfile.NamedTemporaryFile(mode='w+', dir='./', suffix='.key') as private_key_file:
broker_certs_file.delete
create_temp_credentials(broker_certs_file, instance_cert.broker_ca_bundle)
diff --git a/Packs/McAfee-TIE/Integrations/McAfeeTIEV2/McAfeeTIEV2.yml b/Packs/McAfee-TIE/Integrations/McAfeeTIEV2/McAfeeTIEV2.yml
index 00ddd33a77f9..cb17fba190f9 100644
--- a/Packs/McAfee-TIE/Integrations/McAfeeTIEV2/McAfeeTIEV2.yml
+++ b/Packs/McAfee-TIE/Integrations/McAfeeTIEV2/McAfeeTIEV2.yml
@@ -272,7 +272,7 @@ script:
- contextPath: McAfee.TIE.FilesReferences.Hash
description: The value of the hash.
type: String
- dockerimage: demisto/dxl:1.0.0.73187
+ dockerimage: demisto/dxl:1.0.0.78624
runonce: false
script: "-"
subtype: python3
diff --git a/Packs/McAfee-TIE/ReleaseNotes/2_0_15.md b/Packs/McAfee-TIE/ReleaseNotes/2_0_15.md
new file mode 100644
index 000000000000..cda894f42552
--- /dev/null
+++ b/Packs/McAfee-TIE/ReleaseNotes/2_0_15.md
@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### McAfee Threat Intelligence Exchange v2
+
+- Updated the Docker image to: *demisto/dxl:1.0.0.78624*.
diff --git a/Packs/McAfee-TIE/pack_metadata.json b/Packs/McAfee-TIE/pack_metadata.json
index bb342e576d47..45f2496d690c 100644
--- a/Packs/McAfee-TIE/pack_metadata.json
+++ b/Packs/McAfee-TIE/pack_metadata.json
@@ -2,7 +2,7 @@
"name": "McAfee Threat Intelligence Exchange",
"description": "Connect to McAfee TIE using the McAfee DXL client.",
"support": "xsoar",
- "currentVersion": "2.0.14",
+ "currentVersion": "2.0.15",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",