-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Xsiam-remote-psexec-lolbin-command-execution-playbook #31748
Merged
efelmandar
merged 5,138 commits into
master
from
xsiam-remote-psexec-lolbin-command-execution-playbook
Jan 11, 2024
Merged
Xsiam-remote-psexec-lolbin-command-execution-playbook #31748
efelmandar
merged 5,138 commits into
master
from
xsiam-remote-psexec-lolbin-command-execution-playbook
Jan 11, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#31197) * Replacing the deprecated sub-playbook within the 'NGFW Internal Scan' XSIAM playbook * RN
* "pack contribution initial commit" * Update pack_metadata.json * Update and rename dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CISO_Metrics.json to dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CommunityCommonDashboards.json Rename to CommunityCommonDashboards * Update pack_metadata.json Renamed "name": "CommunityCommonDashboards" * Update README.md Added description * Update README.md * Update and rename README.md to README.md * Rename dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CommunityCommonDashboards.json to dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CommunityCommonDashboards.json * Rename .pack-ignore to .pack-ignore * Rename .secrets-ignore to .secrets-ignore * Rename pack_metadata.json to pack_metadata.json * Update .pack-ignore * Update pack_metadata.json * Update .pack-ignore * Update and rename dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CommunityCommonDashboards.json to CISOMetrics.json Renamed to CISOMetrics * Update pack_metadata.json * Update pack_metadata.json * Update README.md --------- Co-authored-by: xsoar-bot <[email protected]> Co-authored-by: Sapir Shuker <[email protected]> Co-authored-by: David Uhrlaub <[email protected]>
* added v2.1.14 codebase * fix pr comments * replace dummy md5 placeholder * Update Packs/Cybereason/Integrations/Cybereason/Cybereason.py * updated docker image python version * updated release notes docker version * added pagination params * updated docker image * fix lint errors * fix demisto validate errors * updated release notes * updated release notes * updated release notes * updated command name as per PR comment * removed manual filtering for response * updated function name to match the command name format * updated unit test as per new command name * added machinename filter to api query * moved empty output message to the top * updated docker image tag to latest * undo changes from unisolate endpoint playbook --------- Co-authored-by: suraj-metron <[email protected]> Co-authored-by: Sapir Shuker <[email protected]>
* fixed polling support * fixed rn * added rn * added rn
* Added failing UT * Fixed the issue * Updated docker image * Updated RN * Update Packs/PAN-OS/ReleaseNotes/2_1_15.md Co-authored-by: Dan Tavori <[email protected]> * Updated the bug fix and the UT * updated docker image --------- Co-authored-by: Dan Tavori <[email protected]>
* rewrite to js * added tpb * added empty test case to tpb * precommit fixes * change fromversion so build wont fail
* mostly works * added release notes * fixes from review
* F5 APM Remove XSIAM tags * fix marketplace error
* add rawJSON field to incidents * release notes * update docker image tag * nit * fetching incident details * mapper + incident fields * remove incorrect incident field files * new incident field files, new mapper * sdk validate command changes * update release noteS * validation errors * fix validation errors * undo release notes changes * undo release notes change * undo release notes * undo release notes * undo release notes * nit * new release notes * remove playbook id * update docker image tag * revert release notes * revert RN * nit- remove filters used for testing * add details field to threats * remove try/except blocks * changing version * Update Abnormal_Security_Custom_Incident_types.json change from version * nit - remove changes used for demo * updating docker image * update docker image tag --------- Co-authored-by: William Olyslager <[email protected]> Co-authored-by: sapirshuker <[email protected]> Co-authored-by: Sapir Shuker <[email protected]>
* Updated Metadata Of Pack CIRCL * Added release notes to pack CIRCL * Packs/CIRCL/Integrations/CirclCVESearch/CirclCVESearch.yml Docker image update * Updated Metadata Of Pack ipinfo * Added release notes to pack ipinfo * Packs/ipinfo/Integrations/ipinfo_v2/ipinfo_v2.yml Docker image update * Updated Metadata Of Pack AutoFocus * Added release notes to pack AutoFocus * Packs/AutoFocus/Integrations/FeedAutofocus/FeedAutofocus.yml Docker image update * Packs/AutoFocus/Integrations/AutofocusV2/AutofocusV2.yml Docker image update * Updated Metadata Of Pack MailSenderNew * Added release notes to pack MailSenderNew * Packs/MailSenderNew/Integrations/MailSenderNew/MailSenderNew.yml Docker image update * avoid to update Docker for AutoFocusv2 --------- Co-authored-by: israelpolishook <[email protected]>
* Fixes For 'IP Enrichment - Generic v2' Playbook * RN * RN * Updated the 'InternalRange' playbook input's default value. * configured the 'extended_data' and 'threat_model_association' sub-playbook inputs * Bump pack from version CommonPlaybooks to 2.4.36. * Bump pack from version CommonPlaybooks to 2.4.37. * changed the default value of the 'ResolveIP' playbook input * re-added RN after merging from master * Fixes RN --------- Co-authored-by: Content Bot <[email protected]>
… take the revision from the correct bucket. (#31254)
* init * commands template * aws-org-children-list * more commands * even more commands * added account commands * removed enhancement commands * use json_transform * unit-tests init * unit-tests continued * unit-tests continued some more * TPB * one more unit-test * one more unit-test * one more unit-test * name change * TPB * docs complete * pack readme * pack readme part 2 * readme modified * more tests * more tests * use get() * adde description * removed isFetch * added image * name change * CR changes * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * Update docker * put the commands back in * code complete * yml part 2 * yml part 3 * test template * unit-tests continued some more * unit-tests almost complete * unit-tests complete * fixed a few bugs * fixed unit-tests * added readme * update readme * added missing descriptions to readme * TPB * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * CR changes * demo changes * update docker * build wars: round 1 * build wars: round 2 * build wars: round 3; add unit-tests * build wars: round 4 * build wars: round 5 * build wars: round 6 --------- Co-authored-by: ShirleyDenkberg <[email protected]>
* init * new design * added error in case of non nested input * RN * a tad more docs * Bump pack from version Base to 1.32.47. * Bump pack from version Base to 1.32.48. * Bump pack from version Base to 1.32.49. * improved doc-string * resolve conflicts * resolve conflicts * Bump pack from version Base to 1.32.52. --------- Co-authored-by: Content Bot <[email protected]>
* poetry files * update validate manager imports (#31179) * update validate manager imports * revert * Update Tests/configure_and_test_integration_instances.py * Edit file types test (#31170) * edited tests * s * s * edit --------- Co-authored-by: Content Bot <[email protected]> Co-authored-by: Yuval Hayun <[email protected]> Co-authored-by: merit-maita <[email protected]> Co-authored-by: JudithB <[email protected]>
* modified modeling rules of clearswift dlp * modified the parsing rule of clearswiftdlp * Added release notes. * added dlp to pack ignore * added Clearswift to pack ignore
* args updated to match the update in the sdk * add merge-coverage-report and coverage-analyze * updaing pyproject.toml * poetry lock * restoring pyproject.toml and poetry.lock * pre-commit.yml * updates * test comment * use sdk ref * if * add github output * revert ilan changes * merge-pytest-reports --------- Co-authored-by: ilan <[email protected]>
* EXPANDR-1576 CortexXpanse Remediation Guidance changes (#30712) * CortexXpanse RG changes * Fix flake8 errors * Fix unit test cases * Update docker version * update command name * Readme updates * docker update * Ignore BC error * fix packignore * Update release notes * update breaking change notes * update breaking change notes * correct RN --------- Co-authored-by: Chait A <[email protected]> Co-authored-by: ilappe <[email protected]>
* Feature/cyberint enhancement (#30493) * Update Docker Image To demisto/py3-tools (#25523) * Updated Metadata Of Pack FeedAWS * Added release notes to pack FeedAWS * Packs/FeedAWS/Integrations/FeedAWS/FeedAWS.yml Docker image update * update Cyberint Pack * update release note and incidentfields * update CommonType release note * update CommonType relesenotes * update CommonType relese notes * update CyberInt Related entity name * update release notes * add new incident field: Alert Data * foramt alert_data * update CyberInt Related Entity name to avoid validation errors * reset the CyberInt Related Entity name * update incident field name * Update 3_3_93.md * pre commit update docker * added known words * fixed the RN * known words --------- Co-authored-by: TalGumi <[email protected]> Co-authored-by: omerKarkKatz <[email protected]> Co-authored-by: okarkkatz <[email protected]>
* update poetry * use poll functions * test against builds * try to fix ssl issue * timeout = 300 + verify ssl * fix ssl issues * fix incident pull * fix * make verify=false by default * fix ports bug * use sdk master * revert poetry * revert infra used for testing
…eports' commands (#31265) * Fix the 'NoneType' object is not iterable issue * ruff * Update the docker image; Add RN * Update Packs/CrowdStrikeIntel/ReleaseNotes/2_0_34.md Co-authored-by: Dean Arbel <[email protected]> --------- Co-authored-by: Dean Arbel <[email protected]>
* test * test * revert debugs * pre-commit --------- Co-authored-by: Jas Beilin <[email protected]>
* Improved descriptions. * Added docs * Added rn. * Changed i.e to e.g
* Fix playbook input's default value, change to not required, add check for value not empty * Update playbook image * Update release notes * Bump pack from version CortexXDR to 6.0.5. * Moved InternalIPRanges input check to better location * Fix review comments --------- Co-authored-by: Content Bot <[email protected]>
* commit init - lint and type annotation * typing * pagination function and some typing * fix api limit and pagination * added UT and test_data * added RN and description for args * generate readme * update docker * added UT * fix flake8 * more docstring, one more UT, fix send unnecessary parameters * fix f-string * fix pep8 * revert copy * fix parameters name * docs review * update docker
…1276) * Update Display Name * Update release notes * Update docker image and add period to descriptions Co-authored-by: John <[email protected]> Co-authored-by: MLainer1 <[email protected]>
* Updated Metadata Of Pack QualysFIM * Added release notes to pack QualysFIM * Packs/QualysFIM/Integrations/QualysFIM/QualysFIM.yml Docker image update * Updated Metadata Of Pack FortiSIEM * Added release notes to pack FortiSIEM * Packs/FortiSIEM/Integrations/FortiSIEMV2/FortiSIEMV2.yml Docker image update * Updated Metadata Of Pack FreshworksFreshservice * Added release notes to pack FreshworksFreshservice * Packs/FreshworksFreshservice/Integrations/FreshworksFreshservice/FreshworksFreshservice.yml Docker image update * Updated Metadata Of Pack KnowBe4_KMSAT * Added release notes to pack KnowBe4_KMSAT * Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSATEventCollector/KnowBe4KMSATEventCollector.yml Docker image update * Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSAT/KnowBe4KMSAT.yml Docker image update * Updated Metadata Of Pack SafeNet_Trusted_Access * Added release notes to pack SafeNet_Trusted_Access * Packs/SafeNet_Trusted_Access/Integrations/SafeNetTrustedAccessEventCollector/SafeNetTrustedAccessEventCollector.yml Docker image update * Updated Metadata Of Pack DelineaSS * Added release notes to pack DelineaSS * Packs/DelineaSS/Integrations/DelineaSS/DelineaSS.yml Docker image update * Updated Metadata Of Pack Cryptocurrency * Added release notes to pack Cryptocurrency * Packs/Cryptocurrency/Integrations/Cryptocurrency/Cryptocurrency.yml Docker image update * Updated Metadata Of Pack PANOSPolicyOptimizer * Added release notes to pack PANOSPolicyOptimizer * Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml Docker image update * Updated Metadata Of Pack DeveloperTools * Added release notes to pack DeveloperTools * Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml Docker image update
* add XSOAR_SAAS section to EDL description * update RN
...texXDR/Playbooks/playbook-Cortex_XDR_-_Remote_PsExec_with_LOLBIN_command_execution_alert.yml
Show resolved
Hide resolved
...texXDR/Playbooks/playbook-Cortex_XDR_-_Remote_PsExec_with_LOLBIN_command_execution_alert.yml
Outdated
Show resolved
Hide resolved
altmannyarden
approved these changes
Jan 11, 2024
efelmandar
deleted the
xsiam-remote-psexec-lolbin-command-execution-playbook
branch
January 11, 2024 13:32
dantavori
added a commit
that referenced
this pull request
Jan 14, 2024
* Replacing the deprecated sub-playbook within the 'NGFW Internal Scan'… (#31197) * Replacing the deprecated sub-playbook within the 'NGFW Internal Scan' XSIAM playbook * RN * [Marketplace Contribution] CISO Metrics (#30641) (#31213) * "pack contribution initial commit" * Update pack_metadata.json * Update and rename dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CISO_Metrics.json to dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CommunityCommonDashboards.json Rename to CommunityCommonDashboards * Update pack_metadata.json Renamed "name": "CommunityCommonDashboards" * Update README.md Added description * Update README.md * Update and rename README.md to README.md * Rename dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CommunityCommonDashboards.json to dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CommunityCommonDashboards.json * Rename .pack-ignore to .pack-ignore * Rename .secrets-ignore to .secrets-ignore * Rename pack_metadata.json to pack_metadata.json * Update .pack-ignore * Update pack_metadata.json * Update .pack-ignore * Update and rename dashboard-98f353a2-312b-49f2-8e58-d71f60daf3a7-CommunityCommonDashboards.json to CISOMetrics.json Renamed to CISOMetrics * Update pack_metadata.json * Update pack_metadata.json * Update README.md --------- Co-authored-by: xsoar-bot <[email protected]> Co-authored-by: Sapir Shuker <[email protected]> Co-authored-by: David Uhrlaub <[email protected]> * Cybereason xsoar v 2.1.14 (#30647) (#31225) * added v2.1.14 codebase * fix pr comments * replace dummy md5 placeholder * Update Packs/Cybereason/Integrations/Cybereason/Cybereason.py * updated docker image python version * updated release notes docker version * added pagination params * updated docker image * fix lint errors * fix demisto validate errors * updated release notes * updated release notes * updated release notes * updated command name as per PR comment * removed manual filtering for response * updated function name to match the command name format * updated unit test as per new command name * added machinename filter to api query * moved empty output message to the top * updated docker image tag to latest * undo changes from unisolate endpoint playbook --------- Co-authored-by: suraj-metron <[email protected]> Co-authored-by: Sapir Shuker <[email protected]> * fixed polling support (#30873) * fixed polling support * fixed rn * added rn * added rn * XSUP-30786/Fix (#31168) * Added failing UT * Fixed the issue * Updated docker image * Updated RN * Update Packs/PAN-OS/ReleaseNotes/2_1_15.md Co-authored-by: Dan Tavori <[email protected]> * Updated the bug fix and the UT * updated docker image --------- Co-authored-by: Dan Tavori <[email protected]> * rewrite to js FirstArrayElement and LastArrayElement (#31228) * rewrite to js * added tpb * added empty test case to tpb * precommit fixes * change fromversion so build wont fail * Enable Core REST API with general XSIAM endpoints (#31226) * mostly works * added release notes * fixes from review * F5 APM fixed the marketplace build failure (#31236) * F5 APM Remove XSIAM tags * fix marketplace error * Add incidents field (#30393) (#31233) * add rawJSON field to incidents * release notes * update docker image tag * nit * fetching incident details * mapper + incident fields * remove incorrect incident field files * new incident field files, new mapper * sdk validate command changes * update release noteS * validation errors * fix validation errors * undo release notes changes * undo release notes change * undo release notes * undo release notes * undo release notes * nit * new release notes * remove playbook id * update docker image tag * revert release notes * revert RN * nit- remove filters used for testing * add details field to threats * remove try/except blocks * changing version * Update Abnormal_Security_Custom_Incident_types.json change from version * nit - remove changes used for demo * updating docker image * update docker image tag --------- Co-authored-by: William Olyslager <[email protected]> Co-authored-by: sapirshuker <[email protected]> Co-authored-by: Sapir Shuker <[email protected]> * Update Docker Image To demisto/python3 (#31242) * Updated Metadata Of Pack CIRCL * Added release notes to pack CIRCL * Packs/CIRCL/Integrations/CirclCVESearch/CirclCVESearch.yml Docker image update * Updated Metadata Of Pack ipinfo * Added release notes to pack ipinfo * Packs/ipinfo/Integrations/ipinfo_v2/ipinfo_v2.yml Docker image update * Updated Metadata Of Pack AutoFocus * Added release notes to pack AutoFocus * Packs/AutoFocus/Integrations/FeedAutofocus/FeedAutofocus.yml Docker image update * Packs/AutoFocus/Integrations/AutofocusV2/AutofocusV2.yml Docker image update * Updated Metadata Of Pack MailSenderNew * Added release notes to pack MailSenderNew * Packs/MailSenderNew/Integrations/MailSenderNew/MailSenderNew.yml Docker image update * avoid to update Docker for AutoFocusv2 --------- Co-authored-by: israelpolishook <[email protected]> * Fixes For 'IP Enrichment - Generic v2' Playbook (#31183) * Fixes For 'IP Enrichment - Generic v2' Playbook * RN * RN * Updated the 'InternalRange' playbook input's default value. * configured the 'extended_data' and 'threat_model_association' sub-playbook inputs * Bump pack from version CommonPlaybooks to 2.4.36. * Bump pack from version CommonPlaybooks to 2.4.37. * changed the default value of the 'ResolveIP' playbook input * re-added RN after merging from master * Fixes RN --------- Co-authored-by: Content Bot <[email protected]> * Check if should run Instance role (#31245) * Added the sync from the saas bucket and modified the verify script to take the revision from the correct bucket. (#31254) * AWS Organizations (#30525) * init * commands template * aws-org-children-list * more commands * even more commands * added account commands * removed enhancement commands * use json_transform * unit-tests init * unit-tests continued * unit-tests continued some more * TPB * one more unit-test * one more unit-test * one more unit-test * name change * TPB * docs complete * pack readme * pack readme part 2 * readme modified * more tests * more tests * use get() * adde description * removed isFetch * added image * name change * CR changes * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * Update docker * put the commands back in * code complete * yml part 2 * yml part 3 * test template * unit-tests continued some more * unit-tests almost complete * unit-tests complete * fixed a few bugs * fixed unit-tests * added readme * update readme * added missing descriptions to readme * TPB * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * CR changes * demo changes * update docker * build wars: round 1 * build wars: round 2 * build wars: round 3; add unit-tests * build wars: round 4 * build wars: round 5 * build wars: round 6 --------- Co-authored-by: ShirleyDenkberg <[email protected]> * NextToken in CommandResults (#30501) * init * new design * added error in case of non nested input * RN * a tad more docs * Bump pack from version Base to 1.32.47. * Bump pack from version Base to 1.32.48. * Bump pack from version Base to 1.32.49. * improved doc-string * resolve conflicts * resolve conflicts * Bump pack from version Base to 1.32.52. --------- Co-authored-by: Content Bot <[email protected]> * demisto-sdk-release 1.24.0 (#31268) * poetry files * update validate manager imports (#31179) * update validate manager imports * revert * Update Tests/configure_and_test_integration_instances.py * Edit file types test (#31170) * edited tests * s * s * edit --------- Co-authored-by: Content Bot <[email protected]> Co-authored-by: Yuval Hayun <[email protected]> Co-authored-by: merit-maita <[email protected]> Co-authored-by: JudithB <[email protected]> * modified modeling rules of clearswift dlp (#31247) * modified modeling rules of clearswift dlp * modified the parsing rule of clearswiftdlp * Added release notes. * added dlp to pack ignore * added Clearswift to pack ignore * QRadar: continue to poll in case of networking issues (#31084) * Generalize the mode option in pre-commit (#30663) * args updated to match the update in the sdk * add merge-coverage-report and coverage-analyze * updaing pyproject.toml * poetry lock * restoring pyproject.toml and poetry.lock * pre-commit.yml * updates * test comment * use sdk ref * if * add github output * revert ilan changes * merge-pytest-reports --------- Co-authored-by: ilan <[email protected]> * EXPANDR-1576 CortexXpanse Remediation Guidance changes (#31190) * EXPANDR-1576 CortexXpanse Remediation Guidance changes (#30712) * CortexXpanse RG changes * Fix flake8 errors * Fix unit test cases * Update docker version * update command name * Readme updates * docker update * Ignore BC error * fix packignore * Update release notes * update breaking change notes * update breaking change notes * correct RN --------- Co-authored-by: Chait A <[email protected]> Co-authored-by: ilappe <[email protected]> * Feature/cyberint enhancement (#31252) * Feature/cyberint enhancement (#30493) * Update Docker Image To demisto/py3-tools (#25523) * Updated Metadata Of Pack FeedAWS * Added release notes to pack FeedAWS * Packs/FeedAWS/Integrations/FeedAWS/FeedAWS.yml Docker image update * update Cyberint Pack * update release note and incidentfields * update CommonType release note * update CommonType relesenotes * update CommonType relese notes * update CyberInt Related entity name * update release notes * add new incident field: Alert Data * foramt alert_data * update CyberInt Related Entity name to avoid validation errors * reset the CyberInt Related Entity name * update incident field name * Update 3_3_93.md * pre commit update docker * added known words * fixed the RN * known words --------- Co-authored-by: TalGumi <[email protected]> Co-authored-by: omerKarkKatz <[email protected]> Co-authored-by: okarkkatz <[email protected]> * [xsoar-8 coverage] - use poll functions from SDK clients (#31144) * update poetry * use poll functions * test against builds * try to fix ssl issue * timeout = 300 + verify ssl * fix ssl issues * fix incident pull * fix * make verify=false by default * fix ports bug * use sdk master * revert poetry * revert infra used for testing * [CrowdStrike Falcon Intel v2] Fixed an issue in 'cs-actors' and 'cs-reports' commands (#31265) * Fix the 'NoneType' object is not iterable issue * ruff * Update the docker image; Add RN * Update Packs/CrowdStrikeIntel/ReleaseNotes/2_0_34.md Co-authored-by: Dean Arbel <[email protected]> --------- Co-authored-by: Dean Arbel <[email protected]> * oncall- installation orders (#31253) * test * test * revert debugs * pre-commit --------- Co-authored-by: Jas Beilin <[email protected]> * Core rest api docs fix (#31262) * Improved descriptions. * Added docs * Added rn. * Changed i.e to e.g * bugfix/XSUP-30713/port-scan-pb-issue-incident-failure (#31154) * Fix playbook input's default value, change to not required, add check for value not empty * Update playbook image * Update release notes * Bump pack from version CortexXDR to 6.0.5. * Moved InternalIPRanges input check to better location * Fix review comments --------- Co-authored-by: Content Bot <[email protected]> * [PagerDuty v2] Added Support For Pagination (#30959) * commit init - lint and type annotation * typing * pagination function and some typing * fix api limit and pagination * added UT and test_data * added RN and description for args * generate readme * update docker * added UT * fix flake8 * more docstring, one more UT, fix send unnecessary parameters * fix f-string * fix pep8 * revert copy * fix parameters name * docs review * update docker * [ASM] EXPANDR 7225 - Update Ev1 Integration Display Name (#31234) (#31276) * Update Display Name * Update release notes * Update docker image and add period to descriptions Co-authored-by: John <[email protected]> Co-authored-by: MLainer1 <[email protected]> * Update Docker Image To demisto/python3 (#31286) * Updated Metadata Of Pack QualysFIM * Added release notes to pack QualysFIM * Packs/QualysFIM/Integrations/QualysFIM/QualysFIM.yml Docker image update * Updated Metadata Of Pack FortiSIEM * Added release notes to pack FortiSIEM * Packs/FortiSIEM/Integrations/FortiSIEMV2/FortiSIEMV2.yml Docker image update * Updated Metadata Of Pack FreshworksFreshservice * Added release notes to pack FreshworksFreshservice * Packs/FreshworksFreshservice/Integrations/FreshworksFreshservice/FreshworksFreshservice.yml Docker image update * Updated Metadata Of Pack KnowBe4_KMSAT * Added release notes to pack KnowBe4_KMSAT * Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSATEventCollector/KnowBe4KMSATEventCollector.yml Docker image update * Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSAT/KnowBe4KMSAT.yml Docker image update * Updated Metadata Of Pack SafeNet_Trusted_Access * Added release notes to pack SafeNet_Trusted_Access * Packs/SafeNet_Trusted_Access/Integrations/SafeNetTrustedAccessEventCollector/SafeNetTrustedAccessEventCollector.yml Docker image update * Updated Metadata Of Pack DelineaSS * Added release notes to pack DelineaSS * Packs/DelineaSS/Integrations/DelineaSS/DelineaSS.yml Docker image update * Updated Metadata Of Pack Cryptocurrency * Added release notes to pack Cryptocurrency * Packs/Cryptocurrency/Integrations/Cryptocurrency/Cryptocurrency.yml Docker image update * Updated Metadata Of Pack PANOSPolicyOptimizer * Added release notes to pack PANOSPolicyOptimizer * Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml Docker image update * Updated Metadata Of Pack DeveloperTools * Added release notes to pack DeveloperTools * Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml Docker image update * Add XSOAR_SAAS section to EDL description (#31264) * add XSOAR_SAAS section to EDL description * update RN * [XSUP 30575] Added full fields query param (#31272) * get indicators full fields data * pre-commit * release notes * tests and CR fixes * Update Packs/FeedCrowdstrikeFalconIntel/ReleaseNotes/2_1_13.md Co-authored-by: Dan Tavori <[email protected]> --------- Co-authored-by: Dan Tavori <[email protected]> * Update Docker Image To demisto/boto3py3 (#31287) * Updated Metadata Of Pack SecurityIntelligenceServicesFeed * Added release notes to pack SecurityIntelligenceServicesFeed * Packs/SecurityIntelligenceServicesFeed/Integrations/SecurityIntelligenceServicesFeed/SecurityIntelligenceServicesFeed.yml Docker image update * Updated Metadata Of Pack AWS-IAM * Added release notes to pack AWS-IAM * Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml Docker image update * Updated Metadata Of Pack AWS-Route53 * Added release notes to pack AWS-Route53 * Packs/AWS-Route53/Integrations/AWSRoute53/AWSRoute53.yml Docker image update * Updated Metadata Of Pack AWS-AccessAnalyzer * Added release notes to pack AWS-AccessAnalyzer * Packs/AWS-AccessAnalyzer/Integrations/AWS-AccessAnalyzer/AWS-AccessAnalyzer.yml Docker image update * Updated Metadata Of Pack AWS-GuardDuty * Added release notes to pack AWS-GuardDuty * Packs/AWS-GuardDuty/Integrations/AWSGuardDutyEventCollector/AWSGuardDutyEventCollector.yml Docker image update * Packs/AWS-GuardDuty/Integrations/AWSGuardDuty/AWSGuardDuty.yml Docker image update * Updated Metadata Of Pack AWS-SecurityHub * Added release notes to pack AWS-SecurityHub * Packs/AWS-SecurityHub/Integrations/AWSSecurityHubEventCollector/AWSSecurityHubEventCollector.yml Docker image update * Updated Metadata Of Pack Aws-SecretsManager * Added release notes to pack Aws-SecretsManager * Packs/Aws-SecretsManager/Integrations/AwsSecretsManager/AwsSecretsManager.yml Docker image update * Update Docker Image To demisto/accessdata (#31288) * Updated Metadata Of Pack Exterro * Added release notes to pack Exterro * Packs/Exterro/Integrations/Exterro/Exterro.yml Docker image update * Update Docker Image To demisto/oci (#31290) * Updated Metadata Of Pack OracleCloudInfrastructure * Added release notes to pack OracleCloudInfrastructure * Packs/OracleCloudInfrastructure/Integrations/OracleCloudInfrastructureEventCollector/OracleCloudInfrastructureEventCollector.yml Docker image update * Update Docker Image To demisto/py3-tools (#31289) * Updated Metadata Of Pack Intezer * Added release notes to pack Intezer * Packs/Intezer/Integrations/IntezerV2/IntezerV2.yml Docker image update * Updated Metadata Of Pack Zabbix * Added release notes to pack Zabbix * Packs/Zabbix/Integrations/Zabbix/Zabbix.yml Docker image update * Updated Metadata Of Pack FeedMalwareBazaar * Added release notes to pack FeedMalwareBazaar * Packs/FeedMalwareBazaar/Integrations/MalwareBazaarFeed/MalwareBazaarFeed.yml Docker image update * Updated Metadata Of Pack FeedGCPWhitelist * Added release notes to pack FeedGCPWhitelist * Packs/FeedGCPWhitelist/Integrations/FeedGoogleIPRanges/FeedGoogleIPRanges.yml Docker image update * Updated Metadata Of Pack AccentureCTI_Feed * Added release notes to pack AccentureCTI_Feed * Packs/AccentureCTI_Feed/Integrations/ACTIIndicatorFeed/ACTIIndicatorFeed.yml Docker image update * Updated Metadata Of Pack SEKOIAIntelligenceCenter * Added release notes to pack SEKOIAIntelligenceCenter * Packs/SEKOIAIntelligenceCenter/Integrations/SEKOIAIntelligenceCenter/SEKOIAIntelligenceCenter.yml Docker image update * Updated Metadata Of Pack JARM * Added release notes to pack JARM * Packs/JARM/Integrations/JARM/JARM.yml Docker image update * Updated Metadata Of Pack Anomali_ThreatStream * Added release notes to pack Anomali_ThreatStream * Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3.yml Docker image update * Updated Metadata Of Pack CommonWidgets * Added release notes to pack CommonWidgets * Packs/CommonWidgets/Scripts/RSSWidget/RSSWidget.yml Docker image update * Updated Metadata Of Pack FiltersAndTransformers * Added release notes to pack FiltersAndTransformers * Packs/FiltersAndTransformers/Scripts/Jmespath/Jmespath.yml Docker image update * Update Docker Image To demisto/armorblox (#31291) * Updated Metadata Of Pack Armorblox * Added release notes to pack Armorblox * Packs/Armorblox/Integrations/Armorblox/Armorblox.yml Docker image update * Update Docker Image To demisto/crypto (#31292) * Updated Metadata Of Pack AzureKeyVault * Added release notes to pack AzureKeyVault * Packs/AzureKeyVault/Integrations/AzureKeyVault/AzureKeyVault.yml Docker image update * Updated Metadata Of Pack AzureSentinel * Added release notes to pack AzureSentinel * Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml Docker image update * Updated Metadata Of Pack AzureDevOps * Added release notes to pack AzureDevOps * Packs/AzureDevOps/Integrations/AzureDevOps/AzureDevOps.yml Docker image update * Updated Metadata Of Pack MicrosoftCloudAppSecurity * Added release notes to pack MicrosoftCloudAppSecurity * Packs/MicrosoftCloudAppSecurity/Integrations/MicrosoftCloudAppSecurity/MicrosoftCloudAppSecurity.yml Docker image update * Updated Metadata Of Pack AzureRiskyUsers * Added release notes to pack AzureRiskyUsers * Packs/AzureRiskyUsers/Integrations/AzureRiskyUsers/AzureRiskyUsers.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphGroups * Added release notes to pack MicrosoftGraphGroups * Packs/MicrosoftGraphGroups/Integrations/MicrosoftGraphGroups/MicrosoftGraphGroups.yml Docker image update * Updated Metadata Of Pack AzureSQLManagement * Added release notes to pack AzureSQLManagement * Packs/AzureSQLManagement/Integrations/AzureSQLManagement/AzureSQLManagement.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphAPI * Added release notes to pack MicrosoftGraphAPI * Packs/MicrosoftGraphAPI/Integrations/MicrosoftGraphAPI/MicrosoftGraphAPI.yml Docker image update * Updated Metadata Of Pack MicrosoftTeams * Added release notes to pack MicrosoftTeams * Packs/MicrosoftTeams/Integrations/MicrosoftTeamsManagement/MicrosoftTeamsManagement.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphApplications * Added release notes to pack MicrosoftGraphApplications * Packs/MicrosoftGraphApplications/Integrations/MicrosoftGraphApplications/MicrosoftGraphApplications.yml Docker image update * Update Docker Image To demisto/sixgill (#31293) * Updated Metadata Of Pack Cybersixgill-ActionableAlerts * Added release notes to pack Cybersixgill-ActionableAlerts * Packs/Cybersixgill-ActionableAlerts/Integrations/CybersixgillActionableAlerts/CybersixgillActionableAlerts.yml Docker image update * Updated Metadata Of Pack Sixgill-Darkfeed * Added release notes to pack Sixgill-Darkfeed * Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed_Enrichment/Sixgill_Darkfeed_Enrichment.yml Docker image update * Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed/Sixgill_Darkfeed.yml Docker image update * Update Docker Image To demisto/carbon-black-cloud (#31295) * Updated Metadata Of Pack CarbonBlackDefense * Added release notes to pack CarbonBlackDefense * Packs/CarbonBlackDefense/Integrations/CarbonBlackLiveResponseCloud/CarbonBlackLiveResponseCloud.yml Docker image update * Update Docker Image To demisto/taxii2 (#31294) * Updated Metadata Of Pack FeedDHS * Added release notes to pack FeedDHS * Packs/FeedDHS/Integrations/DHSFeedV2/DHSFeedV2.yml Docker image update * Updated Metadata Of Pack FeedUnit42v2 * Added release notes to pack FeedUnit42v2 * Packs/FeedUnit42v2/Integrations/FeedUnit42v2/FeedUnit42v2.yml Docker image update * MS IIS Update2 (#31256) * Updated MicrosoftIISWebServerModelingRules_1_3 * Updated ModelingRules filters * Updated ModelingRules filters * Updated ReleaseNotes * Upated ReleaseNotes * CrowdStrikeFalconX-genreic-polling (#31189) * old playbooks deprecated and new one added * readme file edited * set the interval from the inputs * fixes for release notes * added extensions to known words * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_URL_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2_README.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2_README.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CrowdStrikeFalconX/ReleaseNotes/1_2_37.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CrowdStrikeFalconX/ReleaseNotes/1_2_37.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CrowdStrikeFalconX/ReleaseNotes/1_2_37.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CrowdStrikeFalconX/ReleaseNotes/1_2_37.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2_README.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2_README.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_File_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2_README.md Co-authored-by: ShirleyDenkberg <[email protected]> * minor fixes for description * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_URL_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_URL_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2_README.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CrowdStrikeFalconX/Playbooks/Detonate_URL_-_CrowdStrike_Falcon_Intelligence_Sandbox_v2.yml Co-authored-by: ShirleyDenkberg <[email protected]> --------- Co-authored-by: ShirleyDenkberg <[email protected]> * Add Symantec MSS to ignored items (#31296) * [XSUP 30870] Added full fields option for cs-actors and cs-reports commands (#31271) * Added the display_full_fields argument * pre-commit * release notes * tests and CR fixes * resolve conflict * pre-commit * CR fixes * docker * pre-commit * add myself as codeowner (#31314) * ORKL Feed Integration 1.0.0 Initial Release (#31166) * ORKL Feed Integration 1.0.0 Initial Release (#31101) Co-authored-by: Martin Ohl <[email protected]> * [VirusTotal] Add suspicious threshold (#31220) * [VirusTotal] Add suspicious threshold (#31021) * fixing CimTrak_test.py unit tests (#31308) fixing CimTrak_test.py unit tests #31308 * Add new command and bug fix. (#31311) * Anomali ThreatStream v3 - Fix threatstream-get-indicators command (#31269) * fix get_indicators method * update RN * update docker * update test * update test * update get_indicators method * update RN * Update Packs/Anomali_ThreatStream/ReleaseNotes/2_2_9.md Co-authored-by: ShirleyDenkberg <[email protected]> * update docker * update docker --------- Co-authored-by: ShirleyDenkberg <[email protected]> * SentinelOne v2: Add 2 new commands (#31312) * fixing jira file attachments (#31297) fixing jira file attachments, fixing mapping of newly created tickets #31297 * CiscoSMA Update (#31315) * Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes * updated docs (#31192) * updated docs * running pre-commit and docker * docker update * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * remove package-lock file * cr note * Update Packs/MicrosoftGraphDeviceManagement/ReleaseNotes/1_1_20.md Co-authored-by: EyalPintzov <[email protected]> --------- Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: EyalPintzov <[email protected]> * Fix an issue when there is only one incident in fetch_incidents powershell (#31267) * added -AsArray * updated the docker image and added . * RN * unit tests and docker image * rn * docker image and release notes * Update Packs/Base/ReleaseNotes/1_32_53.md Co-authored-by: EyalPintzov <[email protected]> * updated the unit tests --------- Co-authored-by: EyalPintzov <[email protected]> * Get Entity Alerts by MITRE Tactics - Performance Improvements (Refactor) (#31232) * Added playbooks * New playbooks images, formatted playbooks, and added RN * Updated pb image to be in light mode * Further improvements to playbooks, updated docs, and updated playbook images * Bump pack from version CortexXDR to 6.0.6. * Changed alert to incident to fix validation * Descriptions --------- Co-authored-by: Content Bot <[email protected]> * fix for sdk nightly e2e tests (#31310) * [qradar-v3] - handle connection errors (#31246) * [qradar-v3] - handle connection errors * add uts * bump rn * remove irrelevant imports * update code * timeout = 300 * bump rn * update implementation * docker image * fixes * remove imports * rn * update debug-message * update log * fix docker-image * fix ut * oncall-sdk-nightly-create-xsoar-instance (#31300) * overwrite the filter env file * remove space * remove print * Update .gitlab/ci/.gitlab-ci.on-push.yml Co-authored-by: Koby Meir <[email protected]> --------- Co-authored-by: Koby Meir <[email protected]> * [ASM] - EXPANDER 7238 - Jira Playbook Support for V2 and V3 Project Key (#31273) (#31322) * Add support V2 and V3, remove default project key - Add data collection task for customer - Leave Jira Project Key input as blank - Add support for project key passed into Jira V2 and V3 integrations * Add release notes * Update Playbook ReadMe * Add task description * Update release notes Co-authored-by: John <[email protected]> Co-authored-by: MLainer1 <[email protected]> * Support contributions when the name of the repo isn't content (#31320) * update handle_external_pr.py * set repo_name arg as optional * Oncall sdk nightly create xsoar instance (#31324) Oncall sdk nightly create xsoar instance #31324 * CIAC-4556/xdr-remote-psexec-lolbin-command-execution-playbook (#29092) * Add playbook and readme files * Add updated files * Add playbook image * Update release notes * Fix validation error * Bump pack from version CortexXDR to 5.1.0. * Bump pack from version CortexXDR to 5.2.0. * Bump pack from version CortexXDR to 5.2.0. * Bump pack from version CortexXDR to 5.2.0. * Add CommandLine verdict to layout * Update according to demo review comments * Bump pack from version CortexXDR to 5.2.0. * Bump pack from version CortexXDR to 5.2.0. * Add field for cmd line verdict * Update layout * Fix review comments * Update from master * Update Packs/CortexXDR/ReleaseNotes/5_2_0.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CortexXDR/ReleaseNotes/5_2_0.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Remote_PsExec_with_LOLBIN_command_execution_alert_README.md Co-authored-by: ShirleyDenkberg <[email protected]> * Fix review comments and validations * Apply suggestions from code review Fix docs review Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Remote_PsExec_with_LOLBIN_command_execution_alert.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Remote_PsExec_with_LOLBIN_command_execution_alert.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Remote_PsExec_with_LOLBIN_command_execution_alert.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Remote_PsExec_with_LOLBIN_command_execution_alert.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Remote_PsExec_with_LOLBIN_command_execution_alert.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Remote_PsExec_with_LOLBIN_command_execution_alert.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_-_Remote_PsExec_with_LOLBIN_command_execution_alert.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Fix review comments * Remove duplicate task for alert details, update playbook image * Fix skipifunavailable validations and update release notes * Fix review comments * Update release notes * Update release notes * Bump pack from version CortexXDR to 5.2.0. * Fix review comments * Update release notes * Bump pack from version CortexXDR to 5.2.2. * Bump pack from version CortexXDR to 5.2.3. * Fix review comments * Fix validation error * Fix validation errors * Update release notes * Fix conflicts * removed already added incident field * Update release notes * Fix validation errors * Fix validation errors * revert file changes * Fix validation errors * Fix validation errors * Bump pack from version CortexXDR to 6.0.4. * Fix review comments * Fix review comments * Update to correct playbook image * Bump pack from version CortexXDR to 6.0.5. * Update 6_0_5.md * Update release notes * Update 6_0_5.md * Bump pack from version CortexXDR to 6.0.7. * Fix precommit errors --------- Co-authored-by: Content Bot <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> * Update README.md (#31299) * Last Mirrored New Field & Qradar fix (#31251) * add field * Bump pack from version CommonTypes to 3.3.95. * fix * review fix --------- Co-authored-by: Content Bot <[email protected]> * Update native candidate to py3-native:8.4.0.82817 (#31319) * SplunkPy missing incidents (#30783) * Used exclusion of even ids * Reverted changes in unit tests * Fixed unbound issue * Added last fetched notables * Added potential solution * Comments in UTs * Added UTs * Added UTs with explanation * Added RNs * Fixed UTs and updated how we exclude ids * Fixed conflicts * Fixed CR * Fixed conflicts * Updated docker image * Fixed pre-commit in test file * Removed second pytest * Fixed comments in test file * MATI - Supporting multiple inputs for generic enrichment commands (#30940) (#31334) * Supporting multiple inputs for generic enrichment commands * Return list of CommandResults * Re-adding rawJSON * Bumping docker version * Relesase Notes * Tests * Tests * Adding details to contexts * Fixing tests * Bumping docker * Bumping docker * Fixing spacing * Fixing spacing * Fixing fetch --------- Co-authored-by: Christopher Hultin <[email protected]> Co-authored-by: MLainer1 <[email protected]> * [Cortex Data Lake] Update the Docker Image (#31337) * Support Threat Assessment functionality in MS Graph Security (#30110) * added yml and the first command in code * added commands * added to description in yml * added readme for first command * added readme to second command * added third command to readme * added url command to readme * added list command to readme * added tests files * minor edits * added unittests * added unittest * updated docker image * added rn * edited readme * edit * fixed lint errors * fixed validation errors * fixed rn * edits precommits errors * fixed unittest for test auth code * edited tpb * added unittests * to revert some of these changes * update after doc review * added unittests * removed checking server version in CSP * updated docker image * added rn * Bump pack from version Base to 1.32.41. * reverted changes for csp * reveeted changes * deleted rn * added fromversion field * added unittest * updated for pre commit * updated for pre commit * edits after build failed * removed file * edits * added the tpb * fixed tpb * edited the list command * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/ReleaseNotes/2_2_5.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml Co-authored-by: ShirleyDenkberg <[email protected]> * updated docker image * edited after build failed * reverted changes * updated do * added arg * added rn * updated docker image * edit * edits after cr * updated do * edited the get user call * checked the 2 other commands * edited yml * updated do * edited test * removed comments * updated do * edit * edit --------- Co-authored-by: Content Bot <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> * incident field helloworld onprem (#31340) * update ParseEmailFilesV2 to 0.1.19 (#31331) * update Docker image and added bcc * update rn * update tests * Update Packs/CommonScripts/ReleaseNotes/1_12_55.md Co-authored-by: Shahaf Ben Yakir <[email protected]> --------- Co-authored-by: Shahaf Ben Yakir <[email protected]> * update readme (#31343) * [CommonServer.js] Update emailRegex (#31148) change email regex * Ciac 3790/add auto determine LDAP vendor (#31124) * Added auto determine LDAP vendor * Added test and RN * fix lint and rn * added to readme * docker * changed default vendor param to auto * [Versa Director] Update response data formats (#31327) * Remove accept: application/xml from get requests * Remove redundant get() from request responses * Update UTs * Release notes; pre-commit updates * Update UTs; Revert relevant get() functions * Revert relevant get() functions * Fix syntax error * Update Packs/VersaDirector/ReleaseNotes/1_0_7.md Co-authored-by: Jasmine Beilin <[email protected]> * Update 1_0_7.md --------- Co-authored-by: Jasmine Beilin <[email protected]> * Replace LastMirroredInTime incident field with Last Mirrored Time Stamp incident field in QRadar (#31281) * add field * Last Mirrored Time Stamp * fix unrelated release notes * RN * docker image and release notes * rn * rn * docker image and release notes * RN * updates * update * unit tests for the script * update rn and bc * docstring for the ubit tests --------- Co-authored-by: arikday <[email protected]> Co-authored-by: ArikDay <[email protected]> * Tessian integration setup (#31350) * Tessian integration setup (#31028) * revert package-lock.json --------- Co-authored-by: NicBunn-PlutoFlume <[email protected]> Co-authored-by: adi88d <[email protected]> Co-authored-by: Adi Daud <[email protected]> * Kiteworks Modeling CIAC-6377 (#31230) * init-pack * parsing-rules * json-format-modeling * README.md * modeling-rules * refactor-modeling-rules * fix-modeling-rules-issues * single-line-format-modeling * activity-group-type-modeling * refactor-modeling-rules * refactor-modeling-rules * Update Packs/Kiteworks/README.md Co-authored-by: ShirleyDenkberg <[email protected]> * refactor-modeling-rules * refactor-modeling-rules * modeling-rules-json-fix * modeling-rules-json-refactor * modeling-rules-remove-unused-field --------- Co-authored-by: ShirleyDenkberg <[email protected]> * Prisma SASE - Quarantine Host With Active Threat (#31346) * New playbook for Prisma SASE * update RN * update RN * update playbook description * update playbook readme * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * update RN * update playbook readme * update RN --------- Co-authored-by: ShirleyDenkberg <[email protected]> * Symantec web security service pack long running (#30990) * first commit * commit * commit * first commit * update pack_metadata file * extract_logs_from_response changes * get_events_command changes * commit * commit * add logs * commit * commit * commit * commit * commit * commit * commit * commit * commit * commit * commit * commit * commit * Fixed the memory load on Docker * commit * first commit for rewrite * commit * commit * add UT and finish implementation * design * Change pack name * add-modeling-rules * add-parsing-rules * siem-content-minor-fixes * add UT and docstring * add-siem-documentation * update-siem-documentation * update-siem-documentation * commit * Change readme file * fix UT and add description to pack_metadata * commit * fix mypy flake8 * add UT * refactor-siem-content * Apply suggestions from code review Comment corrections Co-authored-by: ShirleyDenkberg <[email protected]> * comment corrections * comment corrections and add UT for it * comment correction * mypy * update Docker * comment corrections * comment corrections * update docker * fix UT and pre-commit * commit * commit * fix pre commit * commit --------- Co-authored-by: Chanan Welt <[email protected]> Co-authored-by: cweltPA <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]> * FireEye ETP Event Collector fixes (#30819) * Fixed date parsing * format and tests * fixed date parsing from and to the api * fixed tests * fixed invalid date order * fetch in asc order * fetch in asc order * fix unitesing * fix potential formatting issue * change first_run * change first_run * Fix RN * Fix lint * Fix lint * added unitests * added unitests * CR fixes * CR fixes * Update Docker Image To demisto/accessdata (#31373) * Updated Metadata Of Pack Exterro * Added release notes to pack Exterro * Packs/Exterro/Integrations/Exterro/Exterro.yml Docker image update * Update Docker Image To demisto/boto3py3 (#31372) * Updated Metadata Of Pack SecurityIntelligenceServicesFeed * Added release notes to pack SecurityIntelligenceServicesFeed * Packs/SecurityIntelligenceServicesFeed/Integrations/SecurityIntelligenceServicesFeed/SecurityIntelligenceServicesFeed.yml Docker image update * Updated Metadata Of Pack AWS-IAM * Added release notes to pack AWS-IAM * Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml Docker image update * Updated Metadata Of Pack AWS-Route53 * Added release notes to pack AWS-Route53 * Packs/AWS-Route53/Integrations/AWSRoute53/AWSRoute53.yml Docker image update * Updated Metadata Of Pack AWS-AccessAnalyzer * Added release notes to pack AWS-AccessAnalyzer * Packs/AWS-AccessAnalyzer/Integrations/AWS-AccessAnalyzer/AWS-AccessAnalyzer.yml Docker image update * Updated Metadata Of Pack AWS-GuardDuty * Added release notes to pack AWS-GuardDuty * Packs/AWS-GuardDuty/Integrations/AWSGuardDutyEventCollector/AWSGuardDutyEventCollector.yml Docker image update * Packs/AWS-GuardDuty/Integrations/AWSGuardDuty/AWSGuardDuty.yml Docker image update * Updated Metadata Of Pack AWS-SecurityHub * Added release notes to pack AWS-SecurityHub * Packs/AWS-SecurityHub/Integrations/AWSSecurityHubEventCollector/AWSSecurityHubEventCollector.yml Docker image update * Updated Metadata Of Pack Aws-SecretsManager * Added release notes to pack Aws-SecretsManager * Packs/Aws-SecretsManager/Integrations/AwsSecretsManager/AwsSecretsManager.yml Docker image update * [ASM] - EXPANDER 3741 - XSIAM Layout and Rule (#31352) * [ASM] - EXPANDER 3741 - XSIAM Layout and Rule (#31212) * Update Rem. Guidance Playbook, add new fields Created fields: - "ASM - Attack Surface Rule Category" - "ASM - Attack Surface Rule Description" - "ASM - Attack Surface Rule Priority" - "ASM - Attack Surface Rule Remediation Guidance" Set fields in Remediation Guidance playbook * Update release notes * Update field descriptions * Format JSON files * update unsearchable and fromVersion * Add ASM layout and rule * Add release notes * Update pack ReadMe * Update server content items * Add marketplace to layout * Update release notes version * Add AlertType to server content items * Add IncidentType to server content items * update ASM.json layout * remove ASM from server_content_items.json --------- Co-authored-by: John <[email protected]> Co-authored-by: Adi Daud <[email protected]> Co-authored-by: adi88d <[email protected]> * Feed Recorded Future download all compressed data on disk bug (#30981) * Hint for solution * Potential solution * Tried solution, did not work * Added potential solution * Added RNs and updated docker image * Added debug logs * Resolved conflicts * Added handling of cut-off bytes while streaming * Added unit tests and test data * Outsourced decoder * Went over CR comments * Fixed Chunk Size * Added description to fixture * Ran pre-commit * Refactored decoding mechanism * Fix chunk size * Update FeedRecordedFuture.yml * Update 1_0_32.md * CISCO SMA u200b Update (#31349) * Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes * Updated ModelingRules logic * [e2e xsoar-saas] - fix issue with taxii2-server test (#31362) * Update Docker Image To demisto/crypto (#31368) * Updated Metadata Of Pack MicrosoftDefenderAdvancedThreatProtection * Added release notes to pack MicrosoftDefenderAdvancedThreatProtection * Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.yml Docker image update * Updated Metadata Of Pack AzureSecurityCenter * Added release notes to pack AzureSecurityCenter * Packs/AzureSecurityCenter/Integrations/AzureSecurityCenter_v2/AzureSecurityCenter_v2.yml Docker image update * Update Docker Image To demisto/armorblox (#31376) * Updated Metadata Of Pack Armorblox * Added release notes to pack Armorblox * Packs/Armorblox/Integrations/Armorblox/Armorblox.yml Docker image update * Update Docker Image To demisto/pymisp2 (#31369) * Updated Metadata Of Pack MISP * Added release notes to pack MISP * Packs/MISP/Integrations/MISPV3/MISPV3.yml Docker image update * Update Docker Image To demisto/genericsql (#31370) * Updated Metadata Of Pack GenericSQL * Added release notes to pack GenericSQL * Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.yml Docker image update * MS IIS Update3 (#31385) * Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes * Updated ModelingRules * Updated ModelingRules * Add a manual fatch once in 12 hours (#31123) * fixes * http module * CSV * common server * tests * RN * link * RN * change RN * one more * pre commit * update base version * [known_words] * removing typing * swap the known words * RN * fix RN * Bump pack from version FeedMalwareBazaar to 1.0.30. * Bump pack from version AccentureCTI_Feed to 1.1.27. * Bump pack from version FeedGCPWhitelist to 2.0.30. * Bump pack from version Base to 1.32.52. * make it better * docs * CR * cr * Fixing dirty merge #1 * fixing dirty merge #2 * fix dirty merge #3 * more * fox dirty merge #4 * common * poetry * fix dirty merge #5 * fix test date * base rn * RN * fix common docstring * fix rn * fix errors in build * shirley * Bump pack from version Base to 1.32.54. * RN * mypy * fix common server * ignore type error * skip test * fix test name * add import * remove the import, test is failing * fixed function and test * space * conf * add a test for a uniq time zone * fix test * move the import into the function * move the import from the test as well * replace timezone with pytz, to fit python 2 * Bump pack from version Base to 1.33.1. * fix test comment --------- Co-authored-by: Content Bot <[email protected]> * Fix gmail get mail context output (#31342) * update context path * added RN * updated readme * update docker * added run get attachments argument * pre commit fixes * pre commit fixes * cr fixes * cr fixes * cr fixes * update RN * update docker * Updated README.md (#31347) (#31363) * [Zscaler] Add URLs to Retaining Parent Category (#30637) * add retaining parent url * Update retaining_parent_category_url argument * Add retaining-parent-category-ip to yml * Add retaining-parent-category-ip logic * ip argument no longer marked required * url argument no longer marked required * retaining_parent_category args are None by default * Add retaining-parent-category-url to remove-url * Add retaining-parent-category-ip to remove-ip * UT fix; ruff updates * Remove redundant context output * Update release notes * FIx Failed UTs * Case of only one ip argument in remove commands * pre-commit updates * Update release notes * Change display value to original value * Update release notes * UT Coverage * Add UTs; Remove redundant debug logs * Update release notes * Apply suggestions from code review Co-authored-by: Jasmine Beilin <[email protected]> * Remove "pragma no cover" from unrelated UTs * Revert open function's default 'r' value for readability --------- Co-authored-by: Jasmine Beilin <[email protected]> * Update Docker Image To demisto/python3 (#31371) * Updated Metadata Of Pack QualysFIM * Added release notes to pack QualysFIM * Packs/QualysFIM/Integrations/QualysFIM/QualysFIM.yml Docker image update * Updated Metadata Of Pack FortiSIEM * Added release notes to pack FortiSIEM * Packs/FortiSIEM/Integrations/FortiSIEMV2/FortiSIEMV2.yml Docker image update * Updated Metadata Of Pack FreshworksFreshservice * Added release notes to pack FreshworksFreshservice * Packs/FreshworksFreshservice/Integrations/FreshworksFreshservice/FreshworksFreshservice.yml Docker image update * Updated Metadata Of Pack KnowBe4_KMSAT * Added release notes to pack KnowBe4_KMSAT * Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSATEventCollector/KnowBe4KMSATEventCollector.yml Docker image update * Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSAT/KnowBe4KMSAT.yml Docker image update * Updated Metadata Of Pack SafeNet_Trusted_Access * Added release notes to pack SafeNet_Trusted_Access * Packs/SafeNet_Trusted_Access/Integrations/SafeNetTrustedAccessEventCollector/SafeNetTrustedAccessEventCollector.yml Docker image update * Updated Metadata Of Pack DelineaSS * Added release notes to pack DelineaSS * Packs/DelineaSS/Integrations/DelineaSS/DelineaSS.yml Docker image update * Updated Metadata Of Pack Cryptocurrency * Added release notes to pack Cryptocurrency * Packs/Cryptocurrency/Integrations/Cryptocurrency/Cryptocurrency.yml Docker image update * Updated Metadata Of Pack PANOSPolicyOptimizer * Added release notes to pack PANOSPolicyOptimizer * Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml Docker image update * Updated Metadata Of Pack DeveloperTools * Added release notes to pack DeveloperTools * Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml Docker image update * Updated Metadata Of Pack QualysFIM * Updated Metadata Of Pack QualysFIM * [Marketplace Contribution] MicrosoftGraphTeams - Content Pack Update (#31097) (#31387) * "contribution update to pack "MicrosoftGraphTeams"" * Update MicrosoftGraphTeams.py uncomment 'topic' to allow subject for group type chat. * Update MicrosoftGraphTeams.yml fixed validation error for descriptions. * Update Packs/MicrosoftGraphTeams/Integrations/MicrosoftGraphTeams/MicrosoftGraphTeams.py done * cr * Update 1_1_0.md * Update MicrosoftGraphTeams.yml * Update 1_1_0.md * Update 1_1_0.md * Update MicrosoftGraphTeams.yml --------- Co-authored-by: xsoar-bot <[email protected]> Co-authored-by: Vipul Kaneriya <[email protected]> Co-authored-by: MLainer1 <[email protected]> Co-authored-by: MLainer1 <[email protected]> * Cybersixgill alerts typosquatting (#31386) * Cybersixgill alerts typosquatting (#30787) * Added mapper for 2 custom incident fields * Updated release notes. * Added typosquatting to known words * new Incident fields and incomming mapper formated * Release notes reviewed. * setting unseachable to true. * Suspicious and Triggered domain as tables. * Moved 3 mappings from code to mapper. * Updated test case * Updated test case * Added default mapper and updated docker image version * Added breaking change note * Removed breaking change note * Renamed files as per suggestion * renamed mapper as per suggestion * Added new release note. * Changed id and name for incident fields and updated docker image name * update RN * update RN, update fields names, update mapper * update id, update RN * Update 1_2_10.md * Update incidentfield-Cybersixgill_Triggered_Domain.json * update docker * ID value contained invalid caps character. * changing type in fields to tagselect --------- Co-authored-by: Sapir Shuker <[email protected]> Co-authored-by: sapirshuker <[email protected]> * docker image update --------- Co-authored-by: syed-loginsoft <[email protected]> Co-authored-by: Sapir Shuker <[email protected]> Co-authored-by: sapirshuker <[email protected]> * Armis …
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
Related Issues
fixes: link to the issue
Description
A new playbook for "Remote PsExec-like LOLBIN command execution from an unsigned non-standard source"
Must have