Adding Rekall and Winpmem #7
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… Also added their descriptions and argument details into scripts.json.
|
@liorkol is this ready? |
5 tasks
bakatzir
added a commit
that referenced
this pull request
Jun 5, 2020
#7346) * [cofense-32] Two new commands and internal refactoring, second PR (#7104) * [CofenseTriage] Add new Triage commands on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] WIP tests on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Code style cleanup on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] assorted cleanup WIP on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add test fixtures WIP on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Refactor http_request - Rename to `triage_request` and rename first parameter to `endpoint` - Create new function `triage_api_url` to build full URL to a given endpoint - Refactor and simplify response handling logic on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Refactor `fetch_reports` No functional changes, except some speedups and a possible bug fix. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Break out TriageReport class on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Break out TriageInstance class on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add TriageReporter class on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Update tests and fixtures on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Rewrite get_report_by_id to use class on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move all classes into one file The plugin architecture requires it. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Refactor and add test coverage for get_threat_indicators() on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Eleminate unnecessary get_attachment() on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Refactor search_reports and increase test coverage on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Assume /reports/:id always returns an array Also eliminate unnecessary TriageReporter.from_json() and rename Triage_reporter.from_id() to .fetch(). on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Make test fixture more complicated on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Return actual JSON in to_json() Also enhance test coverage. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Don't call fetch_reports() in test_function() Triage always responds with a valid JSON object. There is no need to perform a second request to test the integration---if Triage responsds with an OK status, then everything is working. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Store last run data as a JSON blob on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Wrap incident attachment in single-element list on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Update metadata on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Clean up remnants in Legacy pack on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add mypy ignore comments Mypy has trouble with decorators like lru_cache() in several situations. Add inline comments to silence spurious linter complaints. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move import after stubs in test We have to stub demistomock before we import CofenseTriage. That's just how demistomock works, apparently. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Generate release notes on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move changes to new CofenseTriage 2 Both versions will exist in parallel on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move return_error to highest-level except block on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Update documentation on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Address various linter complaints on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move time constants inline Also eliminate the time format string in favor of datetime.datetime.fromisoformat(). on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Pass a TriageInstance argument instead of using a module var on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Let exceptions bubble up to main() on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Address more linter complaints on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Rename module to CofenseTriagev2 on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Centralize parameter fetching in main() on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add v2 to Tests/conf.json on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Rename more files to have v2 prefix on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add minimum Demisto version on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move test files to root dir of integration on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Remove tests from v1 integration on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Rename Cofense.ThreatIndicators context path on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Additional minor adjustments on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Merge all test files into one on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Stub fileResult more realistically on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Update release notes on-behalf-of: @Cofense <[email protected]> Co-authored-by: Mike Saurbaugh <[email protected]> * lgtm, docket tag, secrets * skip, no instance * pylint * secrets 101 * rm coverage * rm secrets * contrib commits 102 * contrib commits 103 * contrib commits 104 * str -> num * desc types * add newline * add cmd_ex file * typo * styling * add to_json() * add json.dumps * add readme, add tpb * linters * linters2 * linters3 * mv cofense triage v1 to non circle tests Co-authored-by: Eddie Lebow <[email protected]> Co-authored-by: Mike Saurbaugh <[email protected]>
teizenman
added a commit
that referenced
this pull request
Jun 21, 2020
* FireEye Helix - fix headers arg processing in search cmd (#7411) * add unit test for search command with headers arg given * add unit test for search command with headers arg given * pass to build_mql_query from search cmd only relevant args and not all * add default empty string to query arg * Updated * Updated Co-authored-by: Alex Fiedler <[email protected]> * Update config.yml (#7412) * fix print bucket path (#7416) * [cofense-32] Two new commands and internal refactoring, second PR (#7… (#7346) * [cofense-32] Two new commands and internal refactoring, second PR (#7104) * [CofenseTriage] Add new Triage commands on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] WIP tests on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Code style cleanup on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] assorted cleanup WIP on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add test fixtures WIP on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Refactor http_request - Rename to `triage_request` and rename first parameter to `endpoint` - Create new function `triage_api_url` to build full URL to a given endpoint - Refactor and simplify response handling logic on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Refactor `fetch_reports` No functional changes, except some speedups and a possible bug fix. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Break out TriageReport class on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Break out TriageInstance class on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add TriageReporter class on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Update tests and fixtures on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Rewrite get_report_by_id to use class on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move all classes into one file The plugin architecture requires it. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Refactor and add test coverage for get_threat_indicators() on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Eleminate unnecessary get_attachment() on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Refactor search_reports and increase test coverage on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Assume /reports/:id always returns an array Also eliminate unnecessary TriageReporter.from_json() and rename Triage_reporter.from_id() to .fetch(). on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Make test fixture more complicated on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Return actual JSON in to_json() Also enhance test coverage. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Don't call fetch_reports() in test_function() Triage always responds with a valid JSON object. There is no need to perform a second request to test the integration---if Triage responsds with an OK status, then everything is working. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Store last run data as a JSON blob on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Wrap incident attachment in single-element list on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Update metadata on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Clean up remnants in Legacy pack on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add mypy ignore comments Mypy has trouble with decorators like lru_cache() in several situations. Add inline comments to silence spurious linter complaints. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move import after stubs in test We have to stub demistomock before we import CofenseTriage. That's just how demistomock works, apparently. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Generate release notes on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move changes to new CofenseTriage 2 Both versions will exist in parallel on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move return_error to highest-level except block on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Update documentation on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Address various linter complaints on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move time constants inline Also eliminate the time format string in favor of datetime.datetime.fromisoformat(). on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Pass a TriageInstance argument instead of using a module var on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Let exceptions bubble up to main() on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Address more linter complaints on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Rename module to CofenseTriagev2 on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Centralize parameter fetching in main() on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add v2 to Tests/conf.json on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Rename more files to have v2 prefix on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add minimum Demisto version on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move test files to root dir of integration on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Remove tests from v1 integration on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Rename Cofense.ThreatIndicators context path on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Additional minor adjustments on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Merge all test files into one on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Stub fileResult more realistically on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Update release notes on-behalf-of: @Cofense <[email protected]> Co-authored-by: Mike Saurbaugh <[email protected]> * lgtm, docket tag, secrets * skip, no instance * pylint * secrets 101 * rm coverage * rm secrets * contrib commits 102 * contrib commits 103 * contrib commits 104 * str -> num * desc types * add newline * add cmd_ex file * typo * styling * add to_json() * add json.dumps * add readme, add tpb * linters * linters2 * linters3 * mv cofense triage v1 to non circle tests Co-authored-by: Eddie Lebow <[email protected]> Co-authored-by: Mike Saurbaugh <[email protected]> * Fixed server version calculation (#7419) * Fixed server version calculation * Fixed some LGTM and pylint comments * Fix Thread Crash Print (#7417) * Update test_content.py * added space * Fixed bug - CB-Live-Response (#7389) * Fixed release notes * Added rn * Fixed version bump * Removed unnecessary comment * Updated. Co-authored-by: Alex Fiedler <[email protected]> * Fixed a bug in download malware (#7400) * Fixed a bug in download malware * added rn and fixed cr * old changelog fix * Updated * added old changelog Co-authored-by: Alex Fiedler <[email protected]> * new Prisma Cloud remediation additions to GCP playbooks (#7265) (#7395) * new remediation additions * update release notes * update release notes Co-authored-by: Todd Murchison <[email protected]> Co-authored-by: syaakovi <[email protected]> * CS falconhost threatgraph API support (#7054) * cs threatgraph API support * missing dot * use tabletomarkdown * cs falconhost threatgraph * add rn marketplace format * Updated * Minor update Co-authored-by: Alex Fiedler <[email protected]> * Phishing - Core - Fixed URL screenshots tag + merged 2 conditions + updated pic (#7390) * Fixed URL screenshots tag + merged 2 conditions + updated pic * fixed changelogs / rn * Added new playbook playbook-Illinois_-_Breach_Notification (#7253) * Added new playbook playbook-Illinois_-_Breach_Notification.yml. Fixed issues with breach notification playbook. Added Readme files to breach notification playbooks. * update release notes. * update release notes. * Added the edit layout. * Added the edit layout. * Added the edit layout. * Added the edit layout. * Added the edit layout. * Update playbook-Illinois_-_Breach_Notification.yml * Changed conflicts. Co-authored-by: yaron-libman <[email protected]> * Slack Ask - Add user and response template (#7386) * change Pcap to PCAP + add "All" option for protocol output * add changelog * Updated. * Updated * README UPDATE Co-authored-by: Alex Fiedler <[email protected]> * epo update doc with permission info (#7249) * epo help images * update images * epo readme * typo fix * add link to epo docs * fixes from @kirbles19 * Fixing content (#7388) * fixing several pack validation errors * fixing extra hop * added test playbook for joe security playbook * adding rn * adding rn * bumping pack metadata for common reports * fixing content - additional BA101 * adding XDR iocs pack (#7144) * adding XDR iocs pack * code ready exept ioc from xdr to demisto * last changes * update YML * fixup! last changes * update pack format * fixing code CR * adding unit test and small changes * adding README * adding description * adding playbooks * adding test playbook * adding test module command * Updated * Updated * Update XDR_iocs_every_minute.yml * Update XDR_iocs_nightly_job.yml * Update XDR_iocs.yml * add to description * small test change * adding feedIncremental * last fix * fixup! last fix Co-authored-by: esharf <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: yaron-libman <[email protected]> * Tim indicators exclusion by related incidents (#7127) * Added new playbook * Added new playbook * Updated name. * Update TIM_-_Indicators_Exclusion_By_Related_Incidents.yml * Added description. * Added description. * Added description. * Added description. * Added description. * Added description. * Added description. * Added description. * Added description. * Added readme and bumped pack version * Added readme and bumped pack version * Improved descriptions. Co-authored-by: dbaumstein <[email protected]> Co-authored-by: yaron-libman <[email protected]> * Red lock token fix (#7408) * Added support for multi environment instances * Added RN * Change RN * fixed syntax * fixed syntax * Added error handling * Updated * Updated * Updated Co-authored-by: Alex Fiedler <[email protected]> * Access Investigation - deprecation & new playbook (#7315) * Access Investigation - deprecation of old playbook, creation of new playbook * Access Investigation - deprecation of old playbook, creation of new playbook * img for readme * manual RN * removed rn * back to old version * Update Access_Investigation_-_Generic_4_5_CHANGELOG.md * Update Access_Investigation_-_Generic_CHANGELOG.md Co-authored-by: yaron-libman <[email protected]> * Deprecated scripts comments (#7349) * Deprecated scripts comments * typo * Update deprecated comment. * Updated * Updated * Updated * Updated * Updated * RN Co-authored-by: Alex Fiedler <[email protected]> * JsonWhoIs - fixed error not returned from the integration (#7394) * JsonWhoIs - fixed error not returned from the integration * Fix CR * move error to http request * error handling * Updated * Updated * Update Packs/JsonWhoIs/Integrations/JsonWhoIs/JsonWhoIs.py Co-authored-by: Itay Keren <[email protected]> * fix mypy * rm mypy ignore Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: Itay Keren <[email protected]> * Added timestamp compare (#7195) * Added timestamp compare * fix CR * Adding timeformat option * Update TimeStampCompare.yml * Updated * Fix UT * fix yml Co-authored-by: Alex Fiedler <[email protected]> * Carbon Black Response - changed dt for File (#7391) * changed the dt for File * RN * Update 1_0_3.md Co-authored-by: roysagi <[email protected]> * Tim whois playbooks (#7039) * Added new playbook. * Update playbook-TIM_-_Process_Domain_Registrar_With_WHOIS.yml * Added section headers. * Added tech docs notes. * Added input and description. * Update playbook-TIM_-_Process_Domain_Registrar_With_WHOIS.yml * Added descriptions. * Added readme. * Added readme. * Added png link. * Added png link. * Removed changelog. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Change changelog * Update RNs * Update RNs * Multiple playbook changes. * Updated playbook. * Updated playbook. * Added new playbook * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * changed tag name. * changed tag name. * changed tag name. * changed tag name. * Minor logic change. * Revert "Minor logic change." This reverts commit dbfd9598 * Minor logic change. * Removed list name. * Removed default delimiter. * Casing. * Casing. * Added description. * Update playbook-TIM_-_Process_Domains_With_Whois.yml * Update playbook-TIM_-_Process_Domain_Registrant_With_Whois_README.md * Update playbook-TIM _-_Process_Domain_Age_With_Whois.yml * Update playbook-TIM_-_Process_Domain_Registrant_With_Whois.yml * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added image. Co-authored-by: dbaumstein <[email protected]> Co-authored-by: yaron-libman <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> * Added tests to phishing pack (#7345) * Added tests to pack * Added core * Moved files back to where they need to be * new MR for Deep Instinct Integration (#7415) * new MR for Deep Instinct Integration (#7316) * new MR for Deep Instinct Integration * Update pack_metadata.json * Delete CHANGELOG.md Co-authored-by: Rony Kozakish <[email protected]> * Update README.md * Adding skip on the integration * Fix file name Co-authored-by: deepinstinctdev <[email protected]> Co-authored-by: Rony Kozakish <[email protected]> Co-authored-by: ronykoz <[email protected]> * Red Canary - bug fixes in fetch incidents (#7421) * fetch only ack detections and remove timeline for detection in fetch * Updated * Updated * consider detection as acknoledges if one of the fields exist, not both * consider detection as acknoledges if one of the fields exist, not both * consider detection as acknoledges if one of the fields exist, not both Co-authored-by: Alex Fiedler <[email protected]> * Updated playbook image (#7423) * Add whois to autoprocessing (#7428) * Added sub playbook. * Added sub playbook. * Added sub playbook. * Added sub playbook. * Added image. * Added image. * Removed space. * Removed space. Co-authored-by: dbaumstein <[email protected]> * Fix content packs- Reut (#7341) * CommonScripts fix * CommonScripts fix * CommonScripts fix * Nist ignore * sdk version * Malware ignore errors * Malware ignore errors * ignore SC100 * Non-supported pack * Non-supported pack * Non-supported pack * Non-supported pack * Non-supported pack Co-authored-by: rsagi <[email protected]> * Marketplace step fix (#7425) * test * test * small fix * Prisma Access - Added tunnel health playbook (#7136) (#7431) * Prisma Access - Added tunnel health playbook * Add image file in doc_files * Added playbook image to README * Updating playbook image * Fixes to playbook Removed Slack task, added remediation recommendations on manual step. * Updating README * Update playbook-Prisma_Access_-_Connection_Health_Check_README.md * Update playbook-Prisma_Access_-_Connection_Health_Check.yml * Prisma Access - fix sdk validate Tests conf - fix Prisma Access brand name to remove validate error. yml - fix multiline description. Co-authored-by: yaron-libman <[email protected]> Co-authored-by: Lior Kolnik <[email protected]> Co-authored-by: yaron-libman <[email protected]> Co-authored-by: syaakovi <[email protected]> * PCS (Redlock) remediation command (#7270) (#7392) * Add remediation details command * Add condition to gracefully handle no remediation details * Update README.md; Add command_examples.txt * Clean up context and entry format; Support multiple alert-ids * Update README.md; Fix lint issues * Refactor no remediation condition * Update outputs and README * Create ReleaseNotes; Update pack_metadata.json * Fix human readable output; Update README; Update test playbook * Update instances of RedLock to Prisma Cloud (RedLock) * Update release notes * Update Packs/RedLock/TestPlaybooks/playbook-RedLockTest.yml * Updated * Updated descriptions for new command Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: Nicholas Ericksen <[email protected]> Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> * Print server conf for bucket (#7436) * removed TestFormatTableValues to check if it solve conflict * fix typo * fix typo * fix new lines * fix missing " * fix missing -e * Access Investigation Generic playbook - refactor filename (#7438) * change toversion field name * refactor new access investigation generic playbook name * revert 4.5 trigger * fix broken images (#7432) * Access Investigation - ID fix (#7440) * emergency ID fix * empty RN * Update Packs/AccessInvestigation/ReleaseNotes/1_1_1.md Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> * Content additional fix validations (#7445) * Content additional fix validations * updating gmail docker image * Update Packs/Digital_Defense_FrontlineVM/Playbooks/playbook-Digital_Defense_FrontlineVM_-_PAN-OS_block_assets.yml Co-authored-by: Bar Katzir <[email protected]> * adding changelogs Co-authored-by: Bar Katzir <[email protected]> * fix lintings (#7454) * Improved empty response handling (#7296) Co-authored-by: halpert <[email protected]> * [Enhancement] Search Search Endpoints By Hash - Carbon Black Response (#7399) * Deprecated Search Search Endpoints By Hash - Carbon Black Response. Created new playbook Search Search Endpoints By Hash - Carbon Black Response V2 instead. * added the playbook image. * added the playbook image. * Updated playbook image * Update playbook-Search_Endpoints_By_Hash_-_Carbon_Black_Response_V2.yml * Update playbook-Search_Endpoints_By_Hash_-_Generic_V2.yml * Update playbook-Hunt_Extracted_Hashes.yml * Update playbook-Search_Endpoints_By_Hash_-_Carbon_Black_Response.yml * updated release notes Co-authored-by: yaron-libman <[email protected]> * out of skipped tests (#7456) * out of skipped * parse email files out of skipped * Auto detect api modules (#7257) * changed docker image * changed docker image * changed docker image * changed docker image * changed docker image * updated conf json for nightly tests on generic feeds * updated None to '' * updated None to '' * updated conf json * updated conf json * updated conf json * updated conf json * updated rn * updated rn * updated pr * updated pr * fixed json ut * fixed json ut * fixed json ut * fixed json ut * updated pr * updated pr * updated pr * updated pr * updated pr Co-authored-by: yorhov <Orekhova97229!> * small fix in content (#7462) * unskipping phishlabs (#7455) * unskipping phishlabs * fixing test playbook * RTIR: fix ID header bug (#7453) * RTIR: Fix ID header * fix lint and format * fix flake8 * added rns * fix cr * Update 1_0_2.md Co-authored-by: roysagi <[email protected]> * fortisiem bug fix (#7469) * disabled the request to trigger an event, made queryData hardcoded * changelog * Updated. * Updated * Updated Co-authored-by: Alex Fiedler <[email protected]> * remove old regexes from content (#7398) * remove old regexes from content * use demisto-sdk from master * Update dev-requirements-py3.txt Co-authored-by: reut shalem <[email protected]> * Update dev-requirements-py3.txt * replace old regexes * sdk release 1-1-2 test * sdk release 1-1-2 test * sdk release 1-1-2 test * sdk release 1-1-2 Co-authored-by: reut shalem <[email protected]> Co-authored-by: rshalem <[email protected]> * changing playbook name (#7474) * changing playbook name * changing playbook name * fix rastarize name in core packs list (#7471) * Nightly Marketplace (#7467) * remove old regexes from content * use demisto-sdk from master * Update dev-requirements-py3.txt Co-authored-by: reut shalem <[email protected]> * Update dev-requirements-py3.txt * replace old regexes * use sdk master * conflicts fix * changed sdk branch * changed sdk branch to master * fixed config.yml, added developerTools pack to packs_to_install * reduced flake8 version * moved test playbooks to packs * removed Extract Indicators From File - test from conf.json * reverted changes in collect_tests and dev-requirements-py3 Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: reut shalem <[email protected]> Co-authored-by: ybenshalom <[email protected]> Co-authored-by: Shai Yaakovi <[email protected]> * bump content and sha1 versions (#7470) * reverted instance tests to run on server 5.5 (#7465) * Return of cofense feed (#7481) * Updated Cortex XDR IOCs pack names - 20.6.0 (#7437) (#7457) * Updated Cortex XDR IOCs pack names - 20.6.0 (#7437) * updated pack name, integration name, and command names of "Cortex XDR - IOC" * fixed bug * update tests * update pack & integration description * update pack & integration description * updated descriptions * update integration format * fixup! update integration format * adding ioc triger to push command * update README * fix CR * fixup! fix CR * Update Packs/XDR_iocs/Integrations/XDR_iocs/XDR_iocs.yml Co-authored-by: Shai Yaakovi <[email protected]> * Apply suggestions from code review Co-authored-by: Guy Lichtman <[email protected]> * update readme with a better description * updated descriptions and display name in yml * Update Packs/XDR_iocs/Integrations/XDR_iocs/XDR_iocs.yml * Update Packs/XDR_iocs/Integrations/XDR_iocs/XDR_iocs.yml * Apply suggestions from technical writer review * fix * fixup! fix * fixinig * last fix * add sleep time * add sleep time Co-authored-by: eli sharf <[email protected]> Co-authored-by: esharf <[email protected]> Co-authored-by: Guy Lichtman <[email protected]> * adding empty release notes * Update CHANGELOG.md Co-authored-by: Shai Yaakovi <[email protected]> Co-authored-by: esharf <[email protected]> Co-authored-by: Guy Lichtman <[email protected]> * deleted Legacy pack (#7463) * Delete Exchange pack (#7433) * Add the GetShiftsPerUser automation (#7213) * Add the GetShiftsPerUser automation * Add current user to script and fix bad check for GetOnCallHoursPerUser * Style guides * Remove unusedimports * Remove used vars * Add a better output type * Fix imports * Release notes of bug in GetOnCallHoursPerUser * Fix the tests * Fix the eslint lines too long * Fix eslint changelog * release notes * docker tags * Fix the output * Add related tests * Add header for the markdown * Update Packs/ShiftManagement/ReleaseNotes/1_1_0.md Co-authored-by: Andrew Shamah <[email protected]> * Eslint * Shifts per user * Trailing whitespace * RN * Docker version * Tests + imports * Debug tests * Debug tests 2 * Debug tests 3 * Debug 4 * Debug 5 * Debug 6 * Debug 7 * Debug 8 * Debug 9 * Debug 10 * Debug 12 * Fix mock result * Fix mock result * linting * Flake8 * Updated * Updated. Co-authored-by: Agam More <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> * ignore missing CHANGELOG failures (#7482) * Update config.yml * Update config.yml * demistomock.py formatting (#7483) * Fixed print when GCS_MARKET_KEY is not set (#7486) * Fixed print when GCS_MARKET_KEY is not set * Skipping a step in contribution Co-authored-by: halpert <[email protected]> * fixed build images paths (#7450) * Packs changelog - added build number to display name (#7279) * added build number to pack changelog * switched brackets to dash in changelog version * added versionInfo field * fixed doc strings * added versionInfo to unit test * Nightly failures (#7317) * Skipped nightly failures * Un-skipped infoblox * Skipped tonight's failing tests * Skipping failing tests * Skipping failing tests * Skipped traps * Skipped traps * Added timeout to "Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Test - Cofense Intelligence * Skipped Test - Cofense Intelligence * Update XDR_iocs.yml (#7494) * Uploader - changed upload corepacks.json logic (#7487) * changed upload corepacks.json logic * added sys.exit(1) in case of failure * Updated video link for Crisus Management (#7496) * Updated video link * moved video to pack readme * http = https * fix RNs Co-authored-by: Andrew Shamah <[email protected]> * [New Integration] EWS O365 (OAuth 2) (#7145) * created new branch with files from original branch * changed name to EWS O365 * changed app name * fixed service based and item based commands * fixed recover_soft_delete_item * added external files (test playbook, picture detailed description) * created readme and removed impersonation and mark_as_read fields * added test infrastructure * removed dev code * updated fetch logic to use last_modified_time * moved files to EWS pack * added rn and test * reformatted redame * removed ews-search-mailboxes * build fix * changed insecure logic * fixed test playbook * added proxy support * added constants and max incidents per fetch validation * style changes + added support for target_mailbox in get_folder and create_folder * Updated * moved ews v1 to deprecated * added docstrings * added back ews v1 to ews pack - will be moved to deprecated in a future PR * reverted changes to ewsv2 * removed ErrorInvalidPropertyRequest * added descriptions for test playbook-EWS_O365_test.yml * moved description a level deeper * added test for public folders * added descriptions to test playbook tasks * added descriptions to test playbook tasks * updated docker image * added fromversion to test playbook Co-authored-by: Alex Fiedler <[email protected]> * Removed legacy from special handling in dependencies calculation (#7493) * removed legacy from special handling * fixed unused import * test_collect_tests_and_content_packs - Improve packs collecting (#7477) * sdk release 1-1-2 * sdk release 1-1-2 * sdk release 1-1-2 * check docs upload * deleted comments * linting * linting * linting * Fixed UT * Fixed UT * Fixed UT * Fixed UT * Fixed UT * Fixed UT * CR fixes * CR fixes * Move default types to content (#7426) * move system incident types to content * add release notes * moved types to correct packs * updated pack versions * add DefaultPlaybook to core packs * update version * Docs: remove possible errors section (#7381) * Maltiverse: remove possible errors section * remove troubleshooting and overview * Update README.md * update zabbix * Securonix already fetched (#7025) * securonix fetch offset * changelog * Added max parameter to the `securonix-list-incidents` command Added the `max_fetch` parameter to the integration configuration, where the default and maximum value is 50. Fixed an issue where duplicate incidents where fetched. * linter 101 * linter 102 * linter 103 * set -> list, dumps the already_fetched * update RN and README * update dockerimage * Update Packs/Securonix/Integrations/Securonix/CHANGELOG.md Co-authored-by: Andrew Shamah <[email protected]> * Update Packs/Securonix/Integrations/Securonix/README.md Co-authored-by: Andrew Shamah <[email protected]> * Update Packs/Securonix/Integrations/Securonix/README.md Co-authored-by: Andrew Shamah <[email protected]> * Update Packs/Securonix/Integrations/Securonix/Securonix.yml Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> * add HelloWorld, ExportIndicators, Malware, DefaultPlaybook to core packs (#7504) * Fix collect tests and content packs (#7468) * replaced DocumentationTest with HelloWorld-Test * test fix * in progress * added developertools to packs to install if no tests * fixed test * moved GenericSQL test script * fix typo in DeleteContext file name * moved auto-extract test script to base pack (next to auto-extract test playbook) * moved CallTableToMarkdown test script to base pack (next to test playbook) * UT fix * UT fix search_and_install - removed redundant packs from installation list * reverted deletecontext renaming * moved CallTableToMarkdown script back to DeveloperTools * fixed conflicts * reverted movement of scripts from DeveloperTools Co-authored-by: syaakovi <[email protected]> * Fix common server python test: (#7311) * skipping tests * skipping tests * Update Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py Co-authored-by: hod <[email protected]> Co-authored-by: hod <[email protected]> * unskip wildfire-test (#7498) * Add safe get dict to common server python (#7451) * removed test pbs (#7524) * increase sshd MaxStartups and restart sshd (#7434) Co-authored-by: ikeren <[email protected]> * Create Troubleshooting Section for Packets and Logs README (#7429) * add troubleshooting section to the RSA NetWitness Packets and Logs integration readme * README addition minor changes * Updated Co-authored-by: Alex Fiedler <[email protected]> * moved deprecated ews integration (#7532) * added eula link support (#7525) * demisto-sdk find-dependencies (#7502) * demisto-sdk find-dependencies * deleted images. Co-authored-by: dbaumstein <[email protected]> * SetGridField - sort columns alphabetically (#7533) * sort columns alphabetically * remove print * update docker image tag and fix lint report in test * Elasticsearch Feed - fix bug in feed type handling (#7490) * pass feed type to get_scan_insight_format in fetch indicators cmd * bump docker image tag * added default to url arg in url command (#7514) * fix bug in threat-grid-get-analysis-by-id (#7377) * fix bug * fix releasenote * Joe security bug (#7362) * Fixed testPlaybook & check if the DBotScore.indicator exists * delete Joe Security from skipped * delete Joe Security from skipped * fix testplaybook * added changelog * fix * fix test playbook * added releasenote * fix releasenote * Update Packs/JoeSecurity/Integrations/JoeSecurity/CHANGELOG.md Co-authored-by: Shahaf Ben Yakir <[email protected]> * BigFix - add get_endpoint_details arg to get-endpoints cmd (#7515) * split bigfix yml into dir * parse xml response with utf-8 encoding * add get_endpoint_details arg to get endpoints cmd * add get_endpoints_details arg to readme * fixed lint reports * Recorded Future Feed - handle sparse response in fetch indicators command (#7414) * add test for fetch indicators cmd with sparse response * handle missing fields in iterator * handle score in case Risk is not returned from iterator * add release notes * Update Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture.py Co-authored-by: Rony Kozakish <[email protected]> Co-authored-by: Rony Kozakish <[email protected]> * fix a bug that test module failed on a delegated mailbox (#7435) * fix a bug in the test_module * added releasenote * added releasenote * fix releasenote Co-authored-by: ikeren <[email protected]> * fix for IsMaliciousIndicatorFound tpb (#7497) * fix for IsMaliciousIndicatorFound tpb * Added sleep in TPB * another sleep * unskip duo admin tpb (#7499) * unskip duo admin tpb * TPB sections now happens one after the other and not at the same time * Proofpoint Protection Server - use html.parser instead of lxml parser and update required admin role (#7396) * use html.parser instead of lxml parser and update required admin role * Updated * Updated * Updated * added 8.14.2 support for smart search * add new param to readme * verify pps version param is initialized in the condition * Update Packs/ProofpointServerProtection/Integrations/ProofpointServerProtection/ProofpointServerProtection.py Co-authored-by: Shai Yaakovi <[email protected]> * bump docker image tag * bump pack version to 1.0.2 Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: Shai Yaakovi <[email protected]> * fix akamai instance (#7549) * Labeled partner packs + cleared packs metadata (#7531) * cleaned packs metadata json * labeled partner packs * Apply suggestions from code review CR fixes Co-authored-by: Anar Azadaliyev <[email protected]> * additional fixes Co-authored-by: Anar Azadaliyev <[email protected]> * Nightly failures (#7547) * Skipped nightly failures * Un-skipped infoblox * Skipped tonight's failing tests * Skipping failing tests * Skipping failing tests * Skipped traps * Skipped traps * Added timeout to "Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Test - Cofense Intelligence * Skipped Test - Cofense Intelligence * Skipped nightly failures * Fix collect packs (#7519) * replaced DocumentationTest with HelloWorld-Test * test fix * in progress * added developertools to packs to install if no tests * fixed test * moved GenericSQL test script * fix typo in DeleteContext file name * moved auto-extract test script to base pack (next to auto-extract test playbook) * moved CallTableToMarkdown test script to base pack (next to test playbook) * UT fix * UT fix search_and_install - removed redundant packs from installation list * reverted deletecontext renaming * moved CallTableToMarkdown script back to DeveloperTools * testing fix * fixed conflicts * fix get_packs_of_tested_integrations * fix get_packs_of_tested_integrations * reverted movement of scripts from DeveloperTools * merge from master * renaming Co-authored-by: syaakovi <[email protected]> * DefaultPlaybook dependency fixes (#7528) * DefaultPlaybook dependency fixes * RN Co-authored-by: ybenshalom <[email protected]> * Flake8 phase3 (#7522) * Securonix flake8 fixes * Securonix flake8 fixes * CofenseTriage lint fixes * FireEyeHelix lint fixes * MongoDB lint fixes * added dockerimage45 * Revert "added dockerimage45" This reverts commit c882d3e0 * fix rns * Malware dependency fixes (#7527) * Malware dependency fixes * common changed to mandatory Co-authored-by: ybenshalom <[email protected]> * Skip all detonation subplaybooks if unavailable (#7530) * skip all subplaybooks if unavailable * deleted random fields * back to 1.0.0 * RN * fixed mistake * fixed mistake Co-authored-by: ybenshalom <[email protected]> * Base installation issue fix (marketplace) (#7544) * fixed Base installation issue * test fix * change get entities timeframe from 1 hour to 1 day (#7557) * Phishing dependency fixes (#7526) * Phishing dependency fixes * common changed to mandatory Co-authored-by: ybenshalom <[email protected]> * Move Redlock integration into PrismaCloud pack (#7464) * Moved Redlock integration into PrismaCloud pack * Updated pack release notes * Updated pack release notes * Common pb pack dependencies (#7568) * add dependencies for commonPlaybooks pack * add CalculateTimeDifference to core packs * fix in collect_tests (#7565) * migrate videos to content-assets (#7562) * Add packs dependencies to all core packs (#7555) * Add packs to all core packs * remove display images * fix json * Update pack_metadata.json fix metadata format Co-authored-by: yuvalbenshalom <[email protected]> * Common fixes (#7556) * Moved folder to common. * Updated command to SearchIncidentsV2. * Release notes. * Release notes. * Release notes. * Release notes. * Release notes. * Changed task to V2. * Added to pack ignore. * Added to pack ignore. * Added to pack ignore. * Added to pack ignore. Co-authored-by: dbaumstein <[email protected]> Co-authored-by: ybenshalom <[email protected]> * Add RP104 to ignore errors for reputations.json file (#7550) * New playbook for "Malware Playbook - Manual". (#7506) * New playbook for "Malware Playbook - Manual". * Changed release notes * Changed Playbook name to "Malware Investigation - Manual" * Changed Playbook name to "Malware Investigation - Manual" * Updated release notes * Updated release notes * Changed playbook task names * CHanged release notes * Update playbook-Malware_Investigation_-_Manual.yml Co-authored-by: yaron-libman <[email protected]> * Association of fields to all (#7492) * Associated some fields to all, added new common fields, and ensured everything moves/stays in CommonTypes * Generate RNs Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: ybenshalom <[email protected]> * removed ews o365 from skipped (#7577) * unskipd msg dvc mngmnt (#7574) * Code42 fix spellings (#7536) (#7538) * Correcty mispelling * Correct misspelling Co-authored-by: Juliya Smith <[email protected]> * Added to pack ignore (#7579) * Powershell improvements (#7479) * update pwsh tests to user pester 5.0 + allow returnoutputs to use object * release notes * release notes * update docker * set docker images to pwsh 7 * change to use also default docker * fix test for pwsh 7 * test also on pwsh 7 * set dockeriamge to 6.2.4 * release notes bump * bump release notes * bump * Updated Co-authored-by: Alex Fiedler <[email protected]> * Skipping subplaybooks for packs if unavailable (#7558) * Skipping many subplaybooks if unavailable * Added & commented out unnecessary RN * Added missing playbooks * reverted old rn changes * reverted old rn changes * reverted old rn changes * old rn back * version bump * version change Co-authored-by: ybenshalom <[email protected]> * sdk release 1-1-3 (#7543) * sdk release 1-1-3 test * release 1-1-3 test * sdk 1-1-3 merge * IsEnabled additions to playbooks for packs (CommonPlaybooks + Phishing changes) (#7560) * isenabled fixes * proper changelog and RN * imgs * new image links * Added another skip and moved subplaybook so it doesn't hide the other * Merge branch 'master' of https://github.com/demisto/content into playbook-isenabled-changes # Conflicts: # Packs/CommonPlaybooks/Playbooks/playbook-Detonate_File_-_Generic.yml # Packs/CommonPlaybooks/pack_metadata.json # Packs/Phishing/pack_metadata.json * Version bump & new RN * reverted change to old RN (shouldnt change it) Co-authored-by: ybenshalom <[email protected]> * fix Microsoft-ATP test playbook and update readme file (#7575) * New pack documentation suggestion (#7255) * New suggested documentation * triggers and small indentation fix * link to playbook readme in pan dev * Removed visualization title * visualization = image * added RN manually * small change to allow version bump * reverted * No need to say that changed readme template * tweak to how it was * Skip dedup - generic test (#7590) * skipping tpb * Revert "skipping tpb" This reverts commit 858f9a1b * skipped test * removed packs override (#7585) * Revert "Update XDR_iocs.yml (#7494)" (#7495) This reverts commit 8c85884a101b35f14589d1d12080118bca09ad60. * unskip zerofox (#7584) * unskip zerofox * test pb update * Get file sample TF fix (#7594) * unskip * moved to non circle tests dir * moved to global non circle tests dir * deleted from conf.json * Nightly failures (#7589) * Skipped nightly failures * Un-skipped infoblox * Skipped tonight's failing tests * Skipping failing tests * Skipping failing tests * Skipped traps * Skipped traps * Added timeout to "Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Test - Cofense Intelligence * Skipped Test - Cofense Intelligence * Skipped nightly failures * Skipped nightly test failures * Un-mocked josecurity * unskipped akamai * Flake8 phase6 (#7546) * vulndb and infoblox lint fixes * feed azure" * rns * revert mispv2 docker update * fix rns * Flake8 phase4 (#7542) * GoogleCloudTranslate lint fixes * Okta v2 lint fixes * Okta v2 lint fixes * JsonWhoIs lint fixes * GenericSQL lint fixes * AKAMAI lint fixes * added dockerimage45 * Revert "added dockerimage45" This reverts commit f68ccd33 * fix rns * unskip from nightly (#7596) * TimeStampCompare empty tag fixed (#7598) * drained all tags * docker image update * changelog update * Updated Co-authored-by: Alex Fiedler <[email protected]> * added all level packs dependencies (#7563) * ThreatX - increase test timeout (#7599) * increase threatx test timeout * change timeout to 600 secs * Flake8 phase12 (#7605) * OpenLDAP lint fixes * KennaV2 lint fixes * Forescout lint fixes * Flake8 phase5 (#7545) * Claroty lint fixes * MongoDB lint fixes * Tanium lint fixes * added dockerimage45 * Hello world fixes * revert dockerimage45 * fix rns * Mongo lint fixes * Office365 feed - Updated integration description. (#7606) * Office 365 Feed - Updated integration description. * update pack desc * update dockerimage * added Full Incident Enrichment (#7034) * Add PA113 ignore error (#7611) * Improved bad response handling (#7443) * Improved bad response handling Co-authored-by: halpert <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> * Uploader - summary fix (#7610) * fixed summary print * fixed pack author path * minor print fixes * Hod/rtir attachment parsing (#7424) * Improved attachment parsing Co-authored-by: halpert <[email protected]> * EWS v2 - handle exceptions in fetch incidents (#7559) * raise error str in fetch incidents * add traceback print * Updated Co-authored-by: Alex Fiedler <[email protected]> * reverting unrelated changes (#7591) * Deprecated old Dedup test playbook (#7586) * moved tpb * skipping tpb * Revert "skipping tpb" This reverts commit 858f9a1b * changed test of scripts to v2 * unskipped dedup generic test * Move RegPathReputationBasicLists test to D2 pack (#7619) * skipping tpb * Revert "skipping tpb" This reverts commit 858f9a1b * moved tpb to D2 pack * skip validate files on nightly run (#7617) * Run zipping packs only on master (#7616) * run zip_packs only on master * run zip_packs only on master changes * skipped test playbooks remove * cleaning mock debug prints (#7439) * Changed integrations key to integration (#7566) * Flake8 phase9 (#7602) * lint fixes ExtractDomainAndFQDNFromUrlAndEmail_test * Tanium_v2 lint fixes * Panorama lint fixes * ConvertFile_test lint fixes * FidelisEndpoint lint fixes * Flake8 phase11 (#7603) * AttackIQFireDrill lint fixes * CortexDataLake lint fixes * ServiceNowv2 lint fixes * Akamai_WAF lint fixes * MongoDBLog lint fixes * revert mongodb * rm mongo * Flake8 phase 7 (#7551) * Crowdstrikefalcon, code42, ms graph calendaer, ms defender atp lint fixes * Update Packs/Code42/Integrations/Code42/Code42.yml Co-authored-by: Itay Keren <[email protected]> * update code42 docker image * revert code42 docker image Co-authored-by: Itay Keren <[email protected]> * Flake8 phase2 (#7521) * fix rasterize lints * AlienVault format fixes * AlienVault and cherwell format fixes * fix docker images * remove unwanted changes * fix rns * added dockerimage45 * Revert "added dockerimage45" This reverts commit cbc6487b * Revert "Revert "added dockerimage45"" This reverts commit 35d3aff2 * fix rns * remove dockerimage45 * Powershall howto cleanup (#7286) * Added power-shell automation how-to * Changed typo in integration key * Intentionally failed infoblox test to have the machine running * Intentionally failed infoblox test to have the machine running * Un-skipped infoblox * Failed infoblox intentionally * Edited powershell automation howto * Edited powershell integration howto * Fixed typo * Made sure Infoblox will not fail * Hello world fetch incidents addition (#7214) * Added a condition to prevent duplicates * Changed the unit-test last fetch time * changelog * CR fixes * validate fixes * Added a new RN version * Integration instance config (#7422) * Added %%SERVER_HOST%% placeholder * changed something in taxii to run test * minor fix * moved to the right place * support for server keys * support for server keys * minor fix * check if server_keys run * check if server_keys run * check if server_keys run * pre-defined integration instance name * fix for server_keys * Changed TAXII tpb * deleting instances by name before creating new ones * Added logic to test instances as well * removed the change from TAXII feed * CR fixes * merge from master * Revert "merge from master" This reverts commit fb869fd8 * Added sleep for TAXII tpb * Make conf json redundant (#7124) * Make conf json redundant * Fix CR * Fix CR comments * Added a msg about the number of tests added to the conf.json * adding artifact + removing from conf.json for testing purposes * fixing yml structure * removing old usage * Update update_conf_json.py * Update Gmail.yml * adding nicer print to conf.json update output + reverting the changes to the conf.json * Mongodb: nested dicts fix (#7625) * Fixed an issue where nested dictionaries containing a datetime object were not parsed properly. * fix cr" * ServiceNow - added retry mechanism for status code 401 (#7614) * added retry mechanism for status code 403 * remove blank line * add 401 not authenticated test * add negative unauthenticated test * bump pack version * Adding documentaion * Support AWS Security Groups with only one ingress rule (#7592) (#7626) * Support AWS Security Groups with only one inbound rule * Add release notes to AWS-EC2 pack * Bump docker image tag to latest Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: Lindsey Smith <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: syaakovi <[email protected]> * Documentation fixes (#7507) * add image * update missing image * fix link * fix link * fix links * fix regexes * fix links * fix links * fix links * fix links * fix typo * secrets * Fix cfw extra arg (#7628) * Removed an unused argument ipname from **checkpoint-block-ip** command. * Deprecate an unused argument ipname from **checkpoint-block-ip** command. * removed deprecated arg from documentation * Updated Co-authored-by: Alex Fiedler <[email protected]> * Flake8 phase10 (#7604) * AutoFocusV2 lint fixes * MicrosoftGraphFiles_test.py lint fix * CarbonBlackEnterpriseEDR lint fix * FeedCofense lint fix * AzureSentinel_test lint fixes * csp bugfix (#7472) * unit test is failing * bug fix * updated tests * docs update * 1.0.7 RN * 1.0.8 RN * 1.0.9 RN * [HelloWorld] Minor yml update (#7448) (#7630) * Added additionalinfo tooltip to integration parameters * updated releasenotes to 1.1.4 * Update Packs/HelloWorld/Integrations/HelloWorld/HelloWorld.yml * Updated Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: Francesco Vigo <[email protected]> Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> * Okta zones - playbook and enhancement (#7620) * Okta zones - playbook and enhancement (#7137) * Okta V2 - Add commands for Network Zones * IP Whitelisting - add Okta Zone playbook * Whitelist playbook - Add Okta * Okta V2 - fix yaml and secrets ignore * Added playbook image * Uploading playbook image * Added playbook image * Setting author to Cortex XSOAR Co-authored-by: Anar Azadaliyev <[email protected]> * Removing email contact Co-authored-by: Anar Azadaliyev <[email protected]> * Setting URL in content pack metadata Co-authored-by: Anar Azadaliyev <[email protected]> * Okta V2 Zones fixes + unit tests + outputs * Okta V2 test - fix linter error * IP Whitelist pack - remove depe * Okta Zone playbook - move to Okta pack and update readme * Updated whitelist language * Updated new content * Removing pack + okta code fixes Removing IPWhitelist pack - sorting content into packs * Commit playbook images * Okta V2 code fixes * Egress Playbook fixes Renamed tasks, moved group names into playbook inputs * Update README and images * Update Okta V2 README with new commands * Added release notes, fixed integration name in conf.json * Remove unused import * Updated release notes. * Release notes for Legacy pack * Updating playbook images * Modified playbook text and READMEs * Update playbook-IP_Whitelist_-_AWS_Security_Group.yml * Update playbook-IP_Whitelist_-_GCP_Firewall.yml * Update Okta_v2.yml * Update playbook-Allow_IP_-_Okta_Zone.yml * Update playbook-Allow_IP_-_Okta_Zone_README.md * Update playbook-Prisma_Access_Whitelist_Egress_IPs_on_SaaS_Services.yml Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: yaron-libman <[email protected]> * move comparelists * delete Legacy pack * fix build * update version of CommonScripts Co-authored-by: Lior Kolnik <[email protected]> Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: yaron-libman <[email protected]> * SentinelOne v2 - improve date string handling (#7612) * add test for event with unexpected timeformat * parse dateoccurred to datetime * Updated * bump docker image Co-authored-by: Alex Fiedler <[email protected]> * Add ML collect data script (#7621) * Add ML collect data script * Add ML collect data scriptAdd ML collect data script Co-authored-by: eharush <[email protected]> * Update configure_and_test_integration_instances.py (#7645) * RedCanary - improve endpoint context standard handling (#7636) * add test for endpoint without mac address * improved implementation of get_endpoint_context * fix flake8 report in unit test * add condition to check if address_attributes * Updated. Co-authored-by: Alex Fiedler <[email protected]> * removed resource class (#7642) * set entities timeframe to 1 hour and skip in case no entities found (#7634) * SecureWorks - enhance README with incident fetch details (#7595) * update readme with fetch incidents notes * update readme with fetch incidents notes * Fixed recently created release notes files to new standard (#7644) * Pcapminer v2 post fix (#7150) * Reopening PR after fix * revert to preplaybook * revert to preplaybook + unit test fix * description * find path for testdata * remove rsa_key + try to fix testdata unittest * unittest fix * move test file to folder * unnittest fix * remove iterate and packets to analyze * run on a different docker each run * change Pcap to PCAP + add "All" option for protocol output * Updated * Readme * last additions * David fixes * uppercase * rsa_key fix + Capital PCAP in README * test fix * join 2 tests into one Co-authored-by: Alex Fiedler <[email protected]> * Added client re-creation to prevent api-key expiration (#7648) * Added https connection and SSL verification (#7631) * Added https connection and SSL verification * added rn * removed unnecessary keys * Updated Co-authored-by: Alex Fiedler <[email protected]> * timestamp_to_datestring uses `utcfromtimestamp` (#7488) * timestamp_to_datestring uses `utcfromtimestamp` (#7407) * timestamp_to_datestring uses `utcfromtimestamp` `timestamp_to_datestring`'s default date format includes Z for the time zone. However, it uses `datetime.fromtimestamp` which is in localtime. This yields incorrect results when the default time zone is anything other than UTC. The `epochToTimestamp` function in the same file does correctly use `utcfromtimestamp`. This commit corrects and normalizes the timestamp processing. * Added release notes Co-authored-by: halpert <[email protected]> * Adding condition for timestamp format Co-authored-by: Henry Stern <[email protected]> Co-authored-by: halpert <[email protected]> * Remove deprecated CloseInvestigation task from playbooks (#7653) * skipping tpb * Revert "skipping tpb" This reverts commit 858f9a1b * replaced CloseInvestigation tasks with Done section headers * small fix in TestIsValueInArray * Add a new pack for HIPAA (#7382) * Add a new pack for HIPAA * Changed playbook * Changed playbook * Added changelogs * Created pack release notes. * Cahngedrelease notes * Update playbook-HIPAA_-_Breach_Notification.yml * Updated playbook and layout * Changed HIPAA pack metadata and change the location of the incident fields. * Removed test changes * Removed test changes * Generated playbook readme Co-authored-by: yaron-libman <[email protected]> * Adding pagination mechanism for url logs request (#7277) Co-authored-by: halpert <[email protected]> * symantec dlp: permissions section (#7581) * dlp permissions section * Updated * upate troubleshooting Co-authored-by: Alex Fiedler <[email protected]> * Microsoft Defender ATP - set scope to default (#7647) * updated scope to atp default * Updated Co-authored-by: Alex Fiedler <[email protected]> * Add Zoom Feed Integration * Add Zoom Feed Integration * Change Regex pattern for iipv4cidrRegex * Add test_playbook id * Implemented requested changes * Modify gitignore * Minor changes * Update FeedZoom.yml * Updated * Updates * Updated * Updated validations Co-authored-by: Itay Keren <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: Shai Yaakovi <[email protected]> Co-authored-by: yuvalbenshalom <[email protected]> Co-authored-by: Bar Katzir <[email protected]> Co-authored-by: Eddie Lebow <[email protected]> Co-authored-by: Mike Saurbaugh <[email protected]> Co-authored-by: Shelly Berman <[email protected]> Co-authored-by: content-bot <[email protected]> Co-authored-by: Todd Murchison <[email protected]> Co-authored-by: syaakovi <[email protected]> Co-authored-by: Ido van Dijk <[email protected]> Co-authored-by: altmannyarden <[email protected]> Co-authored-by: yaron-libman <[email protected]> Co-authored-by: Or Lichter <[email protected]> Co-authored-by: Guy Lichtman <[email protected]> Co-authored-by: roysagi <[email protected]> Co-authored-by: eli sharf <[email protected]> Co-authored-by: esharf <[email protected]> Co-authored-by: David Baumstein <[email protected]> Co-authored-by: dbaumstein <[email protected]> Co-authored-by: Shahaf Ben Yakir <[email protected]> Co-authored-by: Lior Blobstein <[email protected]> Co-authored-by: Bar Hochman <[email protected]> Co-authored-by: Rony Kozakish <[email protected]> Co-authored-by: Timor Eizenman <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: deepinstinctdev <[email protected]> Co-authored-by: ronykoz <[email protected]> Co-authored-by: reut shalem <[email protected]> Co-authored-by: rsagi <[email protected]> Co-authored-by: Dan Tavori <[email protected]> Co-authored-by: Lior Kolnik <[email protected]> Co-authored-by: Nicholas Ericksen <[email protected]> Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: hod <[email protected]> Co-authored-by: halpert <[email protected]> Co-authored-by: Guy Freund <[email protected]> Co-authored-by: Yana Orhov <[email protected]> Co-authored-by: rshalem <[email protected]> Co-authored-by: Ika Gabashvili <[email protected]> Co-authored-by: Agam <[email protected]> Co-authored-by: Agam More <[email protected]> Co-authored-by: hod <[email protected]> Co-authored-by: Dean Arbel <[email protected]> Co-authored-by: Gal Rabin <[email protected]> Co-authored-by: avidan-H <[email protected]> Co-authored-by: ikeren <[email protected]> Co-authored-by: MosheGalitzky <[email protected]> Co-authored-by: mayagoldb <[email protected]> Co-authored-by: Bar Chen <[email protected]> Co-authored-by: Juliya Smith <[email protected]> Co-authored-by: Lindsey Smith <[email protected]> Co-authored-by: Francesco Vigo <[email protected]> Co-authored-by: erezh31 <[email protected]> Co-authored-by: eharush <[email protected]> Co-authored-by: Henry Stern <[email protected]> Co-authored-by: teizenman <[email protected]>
teizenman
added a commit
that referenced
this pull request
Jun 21, 2020
* FireEye Helix - fix headers arg processing in search cmd (#7411) * add unit test for search command with headers arg given * add unit test for search command with headers arg given * pass to build_mql_query from search cmd only relevant args and not all * add default empty string to query arg * Updated * Updated Co-authored-by: Alex Fiedler <[email protected]> * Update config.yml (#7412) * fix print bucket path (#7416) * [cofense-32] Two new commands and internal refactoring, second PR (#7… (#7346) * [cofense-32] Two new commands and internal refactoring, second PR (#7104) * [CofenseTriage] Add new Triage commands on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] WIP tests on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Code style cleanup on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] assorted cleanup WIP on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add test fixtures WIP on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Refactor http_request - Rename to `triage_request` and rename first parameter to `endpoint` - Create new function `triage_api_url` to build full URL to a given endpoint - Refactor and simplify response handling logic on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Refactor `fetch_reports` No functional changes, except some speedups and a possible bug fix. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Break out TriageReport class on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Break out TriageInstance class on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add TriageReporter class on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Update tests and fixtures on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Rewrite get_report_by_id to use class on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move all classes into one file The plugin architecture requires it. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Refactor and add test coverage for get_threat_indicators() on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Eleminate unnecessary get_attachment() on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Refactor search_reports and increase test coverage on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Assume /reports/:id always returns an array Also eliminate unnecessary TriageReporter.from_json() and rename Triage_reporter.from_id() to .fetch(). on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Make test fixture more complicated on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Return actual JSON in to_json() Also enhance test coverage. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Don't call fetch_reports() in test_function() Triage always responds with a valid JSON object. There is no need to perform a second request to test the integration---if Triage responsds with an OK status, then everything is working. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Store last run data as a JSON blob on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Wrap incident attachment in single-element list on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Update metadata on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Clean up remnants in Legacy pack on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add mypy ignore comments Mypy has trouble with decorators like lru_cache() in several situations. Add inline comments to silence spurious linter complaints. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move import after stubs in test We have to stub demistomock before we import CofenseTriage. That's just how demistomock works, apparently. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Generate release notes on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move changes to new CofenseTriage 2 Both versions will exist in parallel on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move return_error to highest-level except block on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Update documentation on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Address various linter complaints on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move time constants inline Also eliminate the time format string in favor of datetime.datetime.fromisoformat(). on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Pass a TriageInstance argument instead of using a module var on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Let exceptions bubble up to main() on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Address more linter complaints on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Rename module to CofenseTriagev2 on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Centralize parameter fetching in main() on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add v2 to Tests/conf.json on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Rename more files to have v2 prefix on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add minimum Demisto version on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move test files to root dir of integration on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Remove tests from v1 integration on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Rename Cofense.ThreatIndicators context path on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Additional minor adjustments on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Merge all test files into one on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Stub fileResult more realistically on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Update release notes on-behalf-of: @Cofense <[email protected]> Co-authored-by: Mike Saurbaugh <[email protected]> * lgtm, docket tag, secrets * skip, no instance * pylint * secrets 101 * rm coverage * rm secrets * contrib commits 102 * contrib commits 103 * contrib commits 104 * str -> num * desc types * add newline * add cmd_ex file * typo * styling * add to_json() * add json.dumps * add readme, add tpb * linters * linters2 * linters3 * mv cofense triage v1 to non circle tests Co-authored-by: Eddie Lebow <[email protected]> Co-authored-by: Mike Saurbaugh <[email protected]> * Fixed server version calculation (#7419) * Fixed server version calculation * Fixed some LGTM and pylint comments * Fix Thread Crash Print (#7417) * Update test_content.py * added space * Fixed bug - CB-Live-Response (#7389) * Fixed release notes * Added rn * Fixed version bump * Removed unnecessary comment * Updated. Co-authored-by: Alex Fiedler <[email protected]> * Fixed a bug in download malware (#7400) * Fixed a bug in download malware * added rn and fixed cr * old changelog fix * Updated * added old changelog Co-authored-by: Alex Fiedler <[email protected]> * new Prisma Cloud remediation additions to GCP playbooks (#7265) (#7395) * new remediation additions * update release notes * update release notes Co-authored-by: Todd Murchison <[email protected]> Co-authored-by: syaakovi <[email protected]> * CS falconhost threatgraph API support (#7054) * cs threatgraph API support * missing dot * use tabletomarkdown * cs falconhost threatgraph * add rn marketplace format * Updated * Minor update Co-authored-by: Alex Fiedler <[email protected]> * Phishing - Core - Fixed URL screenshots tag + merged 2 conditions + updated pic (#7390) * Fixed URL screenshots tag + merged 2 conditions + updated pic * fixed changelogs / rn * Added new playbook playbook-Illinois_-_Breach_Notification (#7253) * Added new playbook playbook-Illinois_-_Breach_Notification.yml. Fixed issues with breach notification playbook. Added Readme files to breach notification playbooks. * update release notes. * update release notes. * Added the edit layout. * Added the edit layout. * Added the edit layout. * Added the edit layout. * Added the edit layout. * Update playbook-Illinois_-_Breach_Notification.yml * Changed conflicts. Co-authored-by: yaron-libman <[email protected]> * Slack Ask - Add user and response template (#7386) * change Pcap to PCAP + add "All" option for protocol output * add changelog * Updated. * Updated * README UPDATE Co-authored-by: Alex Fiedler <[email protected]> * epo update doc with permission info (#7249) * epo help images * update images * epo readme * typo fix * add link to epo docs * fixes from @kirbles19 * Fixing content (#7388) * fixing several pack validation errors * fixing extra hop * added test playbook for joe security playbook * adding rn * adding rn * bumping pack metadata for common reports * fixing content - additional BA101 * adding XDR iocs pack (#7144) * adding XDR iocs pack * code ready exept ioc from xdr to demisto * last changes * update YML * fixup! last changes * update pack format * fixing code CR * adding unit test and small changes * adding README * adding description * adding playbooks * adding test playbook * adding test module command * Updated * Updated * Update XDR_iocs_every_minute.yml * Update XDR_iocs_nightly_job.yml * Update XDR_iocs.yml * add to description * small test change * adding feedIncremental * last fix * fixup! last fix Co-authored-by: esharf <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: yaron-libman <[email protected]> * Tim indicators exclusion by related incidents (#7127) * Added new playbook * Added new playbook * Updated name. * Update TIM_-_Indicators_Exclusion_By_Related_Incidents.yml * Added description. * Added description. * Added description. * Added description. * Added description. * Added description. * Added description. * Added description. * Added description. * Added readme and bumped pack version * Added readme and bumped pack version * Improved descriptions. Co-authored-by: dbaumstein <[email protected]> Co-authored-by: yaron-libman <[email protected]> * Red lock token fix (#7408) * Added support for multi environment instances * Added RN * Change RN * fixed syntax * fixed syntax * Added error handling * Updated * Updated * Updated Co-authored-by: Alex Fiedler <[email protected]> * Access Investigation - deprecation & new playbook (#7315) * Access Investigation - deprecation of old playbook, creation of new playbook * Access Investigation - deprecation of old playbook, creation of new playbook * img for readme * manual RN * removed rn * back to old version * Update Access_Investigation_-_Generic_4_5_CHANGELOG.md * Update Access_Investigation_-_Generic_CHANGELOG.md Co-authored-by: yaron-libman <[email protected]> * Deprecated scripts comments (#7349) * Deprecated scripts comments * typo * Update deprecated comment. * Updated * Updated * Updated * Updated * Updated * RN Co-authored-by: Alex Fiedler <[email protected]> * JsonWhoIs - fixed error not returned from the integration (#7394) * JsonWhoIs - fixed error not returned from the integration * Fix CR * move error to http request * error handling * Updated * Updated * Update Packs/JsonWhoIs/Integrations/JsonWhoIs/JsonWhoIs.py Co-authored-by: Itay Keren <[email protected]> * fix mypy * rm mypy ignore Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: Itay Keren <[email protected]> * Added timestamp compare (#7195) * Added timestamp compare * fix CR * Adding timeformat option * Update TimeStampCompare.yml * Updated * Fix UT * fix yml Co-authored-by: Alex Fiedler <[email protected]> * Carbon Black Response - changed dt for File (#7391) * changed the dt for File * RN * Update 1_0_3.md Co-authored-by: roysagi <[email protected]> * Tim whois playbooks (#7039) * Added new playbook. * Update playbook-TIM_-_Process_Domain_Registrar_With_WHOIS.yml * Added section headers. * Added tech docs notes. * Added input and description. * Update playbook-TIM_-_Process_Domain_Registrar_With_WHOIS.yml * Added descriptions. * Added readme. * Added readme. * Added png link. * Added png link. * Removed changelog. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Change changelog * Update RNs * Update RNs * Multiple playbook changes. * Updated playbook. * Updated playbook. * Added new playbook * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * changed tag name. * changed tag name. * changed tag name. * changed tag name. * Minor logic change. * Revert "Minor logic change." This reverts commit dbfd9598 * Minor logic change. * Removed list name. * Removed default delimiter. * Casing. * Casing. * Added description. * Update playbook-TIM_-_Process_Domains_With_Whois.yml * Update playbook-TIM_-_Process_Domain_Registrant_With_Whois_README.md * Update playbook-TIM _-_Process_Domain_Age_With_Whois.yml * Update playbook-TIM_-_Process_Domain_Registrant_With_Whois.yml * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added image. Co-authored-by: dbaumstein <[email protected]> Co-authored-by: yaron-libman <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> * Added tests to phishing pack (#7345) * Added tests to pack * Added core * Moved files back to where they need to be * new MR for Deep Instinct Integration (#7415) * new MR for Deep Instinct Integration (#7316) * new MR for Deep Instinct Integration * Update pack_metadata.json * Delete CHANGELOG.md Co-authored-by: Rony Kozakish <[email protected]> * Update README.md * Adding skip on the integration * Fix file name Co-authored-by: deepinstinctdev <[email protected]> Co-authored-by: Rony Kozakish <[email protected]> Co-authored-by: ronykoz <[email protected]> * Red Canary - bug fixes in fetch incidents (#7421) * fetch only ack detections and remove timeline for detection in fetch * Updated * Updated * consider detection as acknoledges if one of the fields exist, not both * consider detection as acknoledges if one of the fields exist, not both * consider detection as acknoledges if one of the fields exist, not both Co-authored-by: Alex Fiedler <[email protected]> * Updated playbook image (#7423) * Add whois to autoprocessing (#7428) * Added sub playbook. * Added sub playbook. * Added sub playbook. * Added sub playbook. * Added image. * Added image. * Removed space. * Removed space. Co-authored-by: dbaumstein <[email protected]> * Fix content packs- Reut (#7341) * CommonScripts fix * CommonScripts fix * CommonScripts fix * Nist ignore * sdk version * Malware ignore errors * Malware ignore errors * ignore SC100 * Non-supported pack * Non-supported pack * Non-supported pack * Non-supported pack * Non-supported pack Co-authored-by: rsagi <[email protected]> * Marketplace step fix (#7425) * test * test * small fix * Prisma Access - Added tunnel health playbook (#7136) (#7431) * Prisma Access - Added tunnel health playbook * Add image file in doc_files * Added playbook image to README * Updating playbook image * Fixes to playbook Removed Slack task, added remediation recommendations on manual step. * Updating README * Update playbook-Prisma_Access_-_Connection_Health_Check_README.md * Update playbook-Prisma_Access_-_Connection_Health_Check.yml * Prisma Access - fix sdk validate Tests conf - fix Prisma Access brand name to remove validate error. yml - fix multiline description. Co-authored-by: yaron-libman <[email protected]> Co-authored-by: Lior Kolnik <[email protected]> Co-authored-by: yaron-libman <[email protected]> Co-authored-by: syaakovi <[email protected]> * PCS (Redlock) remediation command (#7270) (#7392) * Add remediation details command * Add condition to gracefully handle no remediation details * Update README.md; Add command_examples.txt * Clean up context and entry format; Support multiple alert-ids * Update README.md; Fix lint issues * Refactor no remediation condition * Update outputs and README * Create ReleaseNotes; Update pack_metadata.json * Fix human readable output; Update README; Update test playbook * Update instances of RedLock to Prisma Cloud (RedLock) * Update release notes * Update Packs/RedLock/TestPlaybooks/playbook-RedLockTest.yml * Updated * Updated descriptions for new command Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: Nicholas Ericksen <[email protected]> Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> * Print server conf for bucket (#7436) * removed TestFormatTableValues to check if it solve conflict * fix typo * fix typo * fix new lines * fix missing " * fix missing -e * Access Investigation Generic playbook - refactor filename (#7438) * change toversion field name * refactor new access investigation generic playbook name * revert 4.5 trigger * fix broken images (#7432) * Access Investigation - ID fix (#7440) * emergency ID fix * empty RN * Update Packs/AccessInvestigation/ReleaseNotes/1_1_1.md Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> * Content additional fix validations (#7445) * Content additional fix validations * updating gmail docker image * Update Packs/Digital_Defense_FrontlineVM/Playbooks/playbook-Digital_Defense_FrontlineVM_-_PAN-OS_block_assets.yml Co-authored-by: Bar Katzir <[email protected]> * adding changelogs Co-authored-by: Bar Katzir <[email protected]> * fix lintings (#7454) * Improved empty response handling (#7296) Co-authored-by: halpert <[email protected]> * [Enhancement] Search Search Endpoints By Hash - Carbon Black Response (#7399) * Deprecated Search Search Endpoints By Hash - Carbon Black Response. Created new playbook Search Search Endpoints By Hash - Carbon Black Response V2 instead. * added the playbook image. * added the playbook image. * Updated playbook image * Update playbook-Search_Endpoints_By_Hash_-_Carbon_Black_Response_V2.yml * Update playbook-Search_Endpoints_By_Hash_-_Generic_V2.yml * Update playbook-Hunt_Extracted_Hashes.yml * Update playbook-Search_Endpoints_By_Hash_-_Carbon_Black_Response.yml * updated release notes Co-authored-by: yaron-libman <[email protected]> * out of skipped tests (#7456) * out of skipped * parse email files out of skipped * Auto detect api modules (#7257) * changed docker image * changed docker image * changed docker image * changed docker image * changed docker image * updated conf json for nightly tests on generic feeds * updated None to '' * updated None to '' * updated conf json * updated conf json * updated conf json * updated conf json * updated rn * updated rn * updated pr * updated pr * fixed json ut * fixed json ut * fixed json ut * fixed json ut * updated pr * updated pr * updated pr * updated pr * updated pr Co-authored-by: yorhov <Orekhova97229!> * small fix in content (#7462) * unskipping phishlabs (#7455) * unskipping phishlabs * fixing test playbook * RTIR: fix ID header bug (#7453) * RTIR: Fix ID header * fix lint and format * fix flake8 * added rns * fix cr * Update 1_0_2.md Co-authored-by: roysagi <[email protected]> * fortisiem bug fix (#7469) * disabled the request to trigger an event, made queryData hardcoded * changelog * Updated. * Updated * Updated Co-authored-by: Alex Fiedler <[email protected]> * remove old regexes from content (#7398) * remove old regexes from content * use demisto-sdk from master * Update dev-requirements-py3.txt Co-authored-by: reut shalem <[email protected]> * Update dev-requirements-py3.txt * replace old regexes * sdk release 1-1-2 test * sdk release 1-1-2 test * sdk release 1-1-2 test * sdk release 1-1-2 Co-authored-by: reut shalem <[email protected]> Co-authored-by: rshalem <[email protected]> * changing playbook name (#7474) * changing playbook name * changing playbook name * fix rastarize name in core packs list (#7471) * Nightly Marketplace (#7467) * remove old regexes from content * use demisto-sdk from master * Update dev-requirements-py3.txt Co-authored-by: reut shalem <[email protected]> * Update dev-requirements-py3.txt * replace old regexes * use sdk master * conflicts fix * changed sdk branch * changed sdk branch to master * fixed config.yml, added developerTools pack to packs_to_install * reduced flake8 version * moved test playbooks to packs * removed Extract Indicators From File - test from conf.json * reverted changes in collect_tests and dev-requirements-py3 Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: reut shalem <[email protected]> Co-authored-by: ybenshalom <[email protected]> Co-authored-by: Shai Yaakovi <[email protected]> * bump content and sha1 versions (#7470) * reverted instance tests to run on server 5.5 (#7465) * Return of cofense feed (#7481) * Updated Cortex XDR IOCs pack names - 20.6.0 (#7437) (#7457) * Updated Cortex XDR IOCs pack names - 20.6.0 (#7437) * updated pack name, integration name, and command names of "Cortex XDR - IOC" * fixed bug * update tests * update pack & integration description * update pack & integration description * updated descriptions * update integration format * fixup! update integration format * adding ioc triger to push command * update README * fix CR * fixup! fix CR * Update Packs/XDR_iocs/Integrations/XDR_iocs/XDR_iocs.yml Co-authored-by: Shai Yaakovi <[email protected]> * Apply suggestions from code review Co-authored-by: Guy Lichtman <[email protected]> * update readme with a better description * updated descriptions and display name in yml * Update Packs/XDR_iocs/Integrations/XDR_iocs/XDR_iocs.yml * Update Packs/XDR_iocs/Integrations/XDR_iocs/XDR_iocs.yml * Apply suggestions from technical writer review * fix * fixup! fix * fixinig * last fix * add sleep time * add sleep time Co-authored-by: eli sharf <[email protected]> Co-authored-by: esharf <[email protected]> Co-authored-by: Guy Lichtman <[email protected]> * adding empty release notes * Update CHANGELOG.md Co-authored-by: Shai Yaakovi <[email protected]> Co-authored-by: esharf <[email protected]> Co-authored-by: Guy Lichtman <[email protected]> * deleted Legacy pack (#7463) * Delete Exchange pack (#7433) * Add the GetShiftsPerUser automation (#7213) * Add the GetShiftsPerUser automation * Add current user to script and fix bad check for GetOnCallHoursPerUser * Style guides * Remove unusedimports * Remove used vars * Add a better output type * Fix imports * Release notes of bug in GetOnCallHoursPerUser * Fix the tests * Fix the eslint lines too long * Fix eslint changelog * release notes * docker tags * Fix the output * Add related tests * Add header for the markdown * Update Packs/ShiftManagement/ReleaseNotes/1_1_0.md Co-authored-by: Andrew Shamah <[email protected]> * Eslint * Shifts per user * Trailing whitespace * RN * Docker version * Tests + imports * Debug tests * Debug tests 2 * Debug tests 3 * Debug 4 * Debug 5 * Debug 6 * Debug 7 * Debug 8 * Debug 9 * Debug 10 * Debug 12 * Fix mock result * Fix mock result * linting * Flake8 * Updated * Updated. Co-authored-by: Agam More <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> * ignore missing CHANGELOG failures (#7482) * Update config.yml * Update config.yml * demistomock.py formatting (#7483) * Fixed print when GCS_MARKET_KEY is not set (#7486) * Fixed print when GCS_MARKET_KEY is not set * Skipping a step in contribution Co-authored-by: halpert <[email protected]> * fixed build images paths (#7450) * Packs changelog - added build number to display name (#7279) * added build number to pack changelog * switched brackets to dash in changelog version * added versionInfo field * fixed doc strings * added versionInfo to unit test * Nightly failures (#7317) * Skipped nightly failures * Un-skipped infoblox * Skipped tonight's failing tests * Skipping failing tests * Skipping failing tests * Skipped traps * Skipped traps * Added timeout to "Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Test - Cofense Intelligence * Skipped Test - Cofense Intelligence * Update XDR_iocs.yml (#7494) * Uploader - changed upload corepacks.json logic (#7487) * changed upload corepacks.json logic * added sys.exit(1) in case of failure * Updated video link for Crisus Management (#7496) * Updated video link * moved video to pack readme * http = https * fix RNs Co-authored-by: Andrew Shamah <[email protected]> * [New Integration] EWS O365 (OAuth 2) (#7145) * created new branch with files from original branch * changed name to EWS O365 * changed app name * fixed service based and item based commands * fixed recover_soft_delete_item * added external files (test playbook, picture detailed description) * created readme and removed impersonation and mark_as_read fields * added test infrastructure * removed dev code * updated fetch logic to use last_modified_time * moved files to EWS pack * added rn and test * reformatted redame * removed ews-search-mailboxes * build fix * changed insecure logic * fixed test playbook * added proxy support * added constants and max incidents per fetch validation * style changes + added support for target_mailbox in get_folder and create_folder * Updated * moved ews v1 to deprecated * added docstrings * added back ews v1 to ews pack - will be moved to deprecated in a future PR * reverted changes to ewsv2 * removed ErrorInvalidPropertyRequest * added descriptions for test playbook-EWS_O365_test.yml * moved description a level deeper * added test for public folders * added descriptions to test playbook tasks * added descriptions to test playbook tasks * updated docker image * added fromversion to test playbook Co-authored-by: Alex Fiedler <[email protected]> * Removed legacy from special handling in dependencies calculation (#7493) * removed legacy from special handling * fixed unused import * test_collect_tests_and_content_packs - Improve packs collecting (#7477) * sdk release 1-1-2 * sdk release 1-1-2 * sdk release 1-1-2 * check docs upload * deleted comments * linting * linting * linting * Fixed UT * Fixed UT * Fixed UT * Fixed UT * Fixed UT * Fixed UT * CR fixes * CR fixes * Move default types to content (#7426) * move system incident types to content * add release notes * moved types to correct packs * updated pack versions * add DefaultPlaybook to core packs * update version * Docs: remove possible errors section (#7381) * Maltiverse: remove possible errors section * remove troubleshooting and overview * Update README.md * update zabbix * Securonix already fetched (#7025) * securonix fetch offset * changelog * Added max parameter to the `securonix-list-incidents` command Added the `max_fetch` parameter to the integration configuration, where the default and maximum value is 50. Fixed an issue where duplicate incidents where fetched. * linter 101 * linter 102 * linter 103 * set -> list, dumps the already_fetched * update RN and README * update dockerimage * Update Packs/Securonix/Integrations/Securonix/CHANGELOG.md Co-authored-by: Andrew Shamah <[email protected]> * Update Packs/Securonix/Integrations/Securonix/README.md Co-authored-by: Andrew Shamah <[email protected]> * Update Packs/Securonix/Integrations/Securonix/README.md Co-authored-by: Andrew Shamah <[email protected]> * Update Packs/Securonix/Integrations/Securonix/Securonix.yml Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> * add HelloWorld, ExportIndicators, Malware, DefaultPlaybook to core packs (#7504) * Fix collect tests and content packs (#7468) * replaced DocumentationTest with HelloWorld-Test * test fix * in progress * added developertools to packs to install if no tests * fixed test * moved GenericSQL test script * fix typo in DeleteContext file name * moved auto-extract test script to base pack (next to auto-extract test playbook) * moved CallTableToMarkdown test script to base pack (next to test playbook) * UT fix * UT fix search_and_install - removed redundant packs from installation list * reverted deletecontext renaming * moved CallTableToMarkdown script back to DeveloperTools * fixed conflicts * reverted movement of scripts from DeveloperTools Co-authored-by: syaakovi <[email protected]> * Fix common server python test: (#7311) * skipping tests * skipping tests * Update Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py Co-authored-by: hod <[email protected]> Co-authored-by: hod <[email protected]> * unskip wildfire-test (#7498) * Add safe get dict to common server python (#7451) * removed test pbs (#7524) * increase sshd MaxStartups and restart sshd (#7434) Co-authored-by: ikeren <[email protected]> * Create Troubleshooting Section for Packets and Logs README (#7429) * add troubleshooting section to the RSA NetWitness Packets and Logs integration readme * README addition minor changes * Updated Co-authored-by: Alex Fiedler <[email protected]> * moved deprecated ews integration (#7532) * added eula link support (#7525) * demisto-sdk find-dependencies (#7502) * demisto-sdk find-dependencies * deleted images. Co-authored-by: dbaumstein <[email protected]> * SetGridField - sort columns alphabetically (#7533) * sort columns alphabetically * remove print * update docker image tag and fix lint report in test * Elasticsearch Feed - fix bug in feed type handling (#7490) * pass feed type to get_scan_insight_format in fetch indicators cmd * bump docker image tag * added default to url arg in url command (#7514) * fix bug in threat-grid-get-analysis-by-id (#7377) * fix bug * fix releasenote * Joe security bug (#7362) * Fixed testPlaybook & check if the DBotScore.indicator exists * delete Joe Security from skipped * delete Joe Security from skipped * fix testplaybook * added changelog * fix * fix test playbook * added releasenote * fix releasenote * Update Packs/JoeSecurity/Integrations/JoeSecurity/CHANGELOG.md Co-authored-by: Shahaf Ben Yakir <[email protected]> * BigFix - add get_endpoint_details arg to get-endpoints cmd (#7515) * split bigfix yml into dir * parse xml response with utf-8 encoding * add get_endpoint_details arg to get endpoints cmd * add get_endpoints_details arg to readme * fixed lint reports * Recorded Future Feed - handle sparse response in fetch indicators command (#7414) * add test for fetch indicators cmd with sparse response * handle missing fields in iterator * handle score in case Risk is not returned from iterator * add release notes * Update Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture.py Co-authored-by: Rony Kozakish <[email protected]> Co-authored-by: Rony Kozakish <[email protected]> * fix a bug that test module failed on a delegated mailbox (#7435) * fix a bug in the test_module * added releasenote * added releasenote * fix releasenote Co-authored-by: ikeren <[email protected]> * fix for IsMaliciousIndicatorFound tpb (#7497) * fix for IsMaliciousIndicatorFound tpb * Added sleep in TPB * another sleep * unskip duo admin tpb (#7499) * unskip duo admin tpb * TPB sections now happens one after the other and not at the same time * Proofpoint Protection Server - use html.parser instead of lxml parser and update required admin role (#7396) * use html.parser instead of lxml parser and update required admin role * Updated * Updated * Updated * added 8.14.2 support for smart search * add new param to readme * verify pps version param is initialized in the condition * Update Packs/ProofpointServerProtection/Integrations/ProofpointServerProtection/ProofpointServerProtection.py Co-authored-by: Shai Yaakovi <[email protected]> * bump docker image tag * bump pack version to 1.0.2 Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: Shai Yaakovi <[email protected]> * fix akamai instance (#7549) * Labeled partner packs + cleared packs metadata (#7531) * cleaned packs metadata json * labeled partner packs * Apply suggestions from code review CR fixes Co-authored-by: Anar Azadaliyev <[email protected]> * additional fixes Co-authored-by: Anar Azadaliyev <[email protected]> * Nightly failures (#7547) * Skipped nightly failures * Un-skipped infoblox * Skipped tonight's failing tests * Skipping failing tests * Skipping failing tests * Skipped traps * Skipped traps * Added timeout to "Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Test - Cofense Intelligence * Skipped Test - Cofense Intelligence * Skipped nightly failures * Fix collect packs (#7519) * replaced DocumentationTest with HelloWorld-Test * test fix * in progress * added developertools to packs to install if no tests * fixed test * moved GenericSQL test script * fix typo in DeleteContext file name * moved auto-extract test script to base pack (next to auto-extract test playbook) * moved CallTableToMarkdown test script to base pack (next to test playbook) * UT fix * UT fix search_and_install - removed redundant packs from installation list * reverted deletecontext renaming * moved CallTableToMarkdown script back to DeveloperTools * testing fix * fixed conflicts * fix get_packs_of_tested_integrations * fix get_packs_of_tested_integrations * reverted movement of scripts from DeveloperTools * merge from master * renaming Co-authored-by: syaakovi <[email protected]> * DefaultPlaybook dependency fixes (#7528) * DefaultPlaybook dependency fixes * RN Co-authored-by: ybenshalom <[email protected]> * Flake8 phase3 (#7522) * Securonix flake8 fixes * Securonix flake8 fixes * CofenseTriage lint fixes * FireEyeHelix lint fixes * MongoDB lint fixes * added dockerimage45 * Revert "added dockerimage45" This reverts commit c882d3e0 * fix rns * Malware dependency fixes (#7527) * Malware dependency fixes * common changed to mandatory Co-authored-by: ybenshalom <[email protected]> * Skip all detonation subplaybooks if unavailable (#7530) * skip all subplaybooks if unavailable * deleted random fields * back to 1.0.0 * RN * fixed mistake * fixed mistake Co-authored-by: ybenshalom <[email protected]> * Base installation issue fix (marketplace) (#7544) * fixed Base installation issue * test fix * change get entities timeframe from 1 hour to 1 day (#7557) * Phishing dependency fixes (#7526) * Phishing dependency fixes * common changed to mandatory Co-authored-by: ybenshalom <[email protected]> * Move Redlock integration into PrismaCloud pack (#7464) * Moved Redlock integration into PrismaCloud pack * Updated pack release notes * Updated pack release notes * Common pb pack dependencies (#7568) * add dependencies for commonPlaybooks pack * add CalculateTimeDifference to core packs * fix in collect_tests (#7565) * migrate videos to content-assets (#7562) * Add packs dependencies to all core packs (#7555) * Add packs to all core packs * remove display images * fix json * Update pack_metadata.json fix metadata format Co-authored-by: yuvalbenshalom <[email protected]> * Common fixes (#7556) * Moved folder to common. * Updated command to SearchIncidentsV2. * Release notes. * Release notes. * Release notes. * Release notes. * Release notes. * Changed task to V2. * Added to pack ignore. * Added to pack ignore. * Added to pack ignore. * Added to pack ignore. Co-authored-by: dbaumstein <[email protected]> Co-authored-by: ybenshalom <[email protected]> * Add RP104 to ignore errors for reputations.json file (#7550) * New playbook for "Malware Playbook - Manual". (#7506) * New playbook for "Malware Playbook - Manual". * Changed release notes * Changed Playbook name to "Malware Investigation - Manual" * Changed Playbook name to "Malware Investigation - Manual" * Updated release notes * Updated release notes * Changed playbook task names * CHanged release notes * Update playbook-Malware_Investigation_-_Manual.yml Co-authored-by: yaron-libman <[email protected]> * Association of fields to all (#7492) * Associated some fields to all, added new common fields, and ensured everything moves/stays in CommonTypes * Generate RNs Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: ybenshalom <[email protected]> * removed ews o365 from skipped (#7577) * unskipd msg dvc mngmnt (#7574) * Code42 fix spellings (#7536) (#7538) * Correcty mispelling * Correct misspelling Co-authored-by: Juliya Smith <[email protected]> * Added to pack ignore (#7579) * Powershell improvements (#7479) * update pwsh tests to user pester 5.0 + allow returnoutputs to use object * release notes * release notes * update docker * set docker images to pwsh 7 * change to use also default docker * fix test for pwsh 7 * test also on pwsh 7 * set dockeriamge to 6.2.4 * release notes bump * bump release notes * bump * Updated Co-authored-by: Alex Fiedler <[email protected]> * Skipping subplaybooks for packs if unavailable (#7558) * Skipping many subplaybooks if unavailable * Added & commented out unnecessary RN * Added missing playbooks * reverted old rn changes * reverted old rn changes * reverted old rn changes * old rn back * version bump * version change Co-authored-by: ybenshalom <[email protected]> * sdk release 1-1-3 (#7543) * sdk release 1-1-3 test * release 1-1-3 test * sdk 1-1-3 merge * IsEnabled additions to playbooks for packs (CommonPlaybooks + Phishing changes) (#7560) * isenabled fixes * proper changelog and RN * imgs * new image links * Added another skip and moved subplaybook so it doesn't hide the other * Merge branch 'master' of https://github.com/demisto/content into playbook-isenabled-changes # Conflicts: # Packs/CommonPlaybooks/Playbooks/playbook-Detonate_File_-_Generic.yml # Packs/CommonPlaybooks/pack_metadata.json # Packs/Phishing/pack_metadata.json * Version bump & new RN * reverted change to old RN (shouldnt change it) Co-authored-by: ybenshalom <[email protected]> * fix Microsoft-ATP test playbook and update readme file (#7575) * New pack documentation suggestion (#7255) * New suggested documentation * triggers and small indentation fix * link to playbook readme in pan dev * Removed visualization title * visualization = image * added RN manually * small change to allow version bump * reverted * No need to say that changed readme template * tweak to how it was * Skip dedup - generic test (#7590) * skipping tpb * Revert "skipping tpb" This reverts commit 858f9a1b * skipped test * removed packs override (#7585) * Revert "Update XDR_iocs.yml (#7494)" (#7495) This reverts commit 8c85884a101b35f14589d1d12080118bca09ad60. * unskip zerofox (#7584) * unskip zerofox * test pb update * Get file sample TF fix (#7594) * unskip * moved to non circle tests dir * moved to global non circle tests dir * deleted from conf.json * Nightly failures (#7589) * Skipped nightly failures * Un-skipped infoblox * Skipped tonight's failing tests * Skipping failing tests * Skipping failing tests * Skipped traps * Skipped traps * Added timeout to "Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Test - Cofense Intelligence * Skipped Test - Cofense Intelligence * Skipped nightly failures * Skipped nightly test failures * Un-mocked josecurity * unskipped akamai * Flake8 phase6 (#7546) * vulndb and infoblox lint fixes * feed azure" * rns * revert mispv2 docker update * fix rns * Flake8 phase4 (#7542) * GoogleCloudTranslate lint fixes * Okta v2 lint fixes * Okta v2 lint fixes * JsonWhoIs lint fixes * GenericSQL lint fixes * AKAMAI lint fixes * added dockerimage45 * Revert "added dockerimage45" This reverts commit f68ccd33 * fix rns * unskip from nightly (#7596) * TimeStampCompare empty tag fixed (#7598) * drained all tags * docker image update * changelog update * Updated Co-authored-by: Alex Fiedler <[email protected]> * added all level packs dependencies (#7563) * ThreatX - increase test timeout (#7599) * increase threatx test timeout * change timeout to 600 secs * Flake8 phase12 (#7605) * OpenLDAP lint fixes * KennaV2 lint fixes * Forescout lint fixes * Flake8 phase5 (#7545) * Claroty lint fixes * MongoDB lint fixes * Tanium lint fixes * added dockerimage45 * Hello world fixes * revert dockerimage45 * fix rns * Mongo lint fixes * Office365 feed - Updated integration description. (#7606) * Office 365 Feed - Updated integration description. * update pack desc * update dockerimage * added Full Incident Enrichment (#7034) * Add PA113 ignore error (#7611) * Improved bad response handling (#7443) * Improved bad response handling Co-authored-by: halpert <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> * Uploader - summary fix (#7610) * fixed summary print * fixed pack author path * minor print fixes * Hod/rtir attachment parsing (#7424) * Improved attachment parsing Co-authored-by: halpert <[email protected]> * EWS v2 - handle exceptions in fetch incidents (#7559) * raise error str in fetch incidents * add traceback print * Updated Co-authored-by: Alex Fiedler <[email protected]> * reverting unrelated changes (#7591) * Deprecated old Dedup test playbook (#7586) * moved tpb * skipping tpb * Revert "skipping tpb" This reverts commit 858f9a1b * changed test of scripts to v2 * unskipped dedup generic test * Move RegPathReputationBasicLists test to D2 pack (#7619) * skipping tpb * Revert "skipping tpb" This reverts commit 858f9a1b * moved tpb to D2 pack * skip validate files on nightly run (#7617) * Run zipping packs only on master (#7616) * run zip_packs only on master * run zip_packs only on master changes * skipped test playbooks remove * cleaning mock debug prints (#7439) * Changed integrations key to integration (#7566) * Flake8 phase9 (#7602) * lint fixes ExtractDomainAndFQDNFromUrlAndEmail_test * Tanium_v2 lint fixes * Panorama lint fixes * ConvertFile_test lint fixes * FidelisEndpoint lint fixes * Flake8 phase11 (#7603) * AttackIQFireDrill lint fixes * CortexDataLake lint fixes * ServiceNowv2 lint fixes * Akamai_WAF lint fixes * MongoDBLog lint fixes * revert mongodb * rm mongo * Flake8 phase 7 (#7551) * Crowdstrikefalcon, code42, ms graph calendaer, ms defender atp lint fixes * Update Packs/Code42/Integrations/Code42/Code42.yml Co-authored-by: Itay Keren <[email protected]> * update code42 docker image * revert code42 docker image Co-authored-by: Itay Keren <[email protected]> * Flake8 phase2 (#7521) * fix rasterize lints * AlienVault format fixes * AlienVault and cherwell format fixes * fix docker images * remove unwanted changes * fix rns * added dockerimage45 * Revert "added dockerimage45" This reverts commit cbc6487b * Revert "Revert "added dockerimage45"" This reverts commit 35d3aff2 * fix rns * remove dockerimage45 * Powershall howto cleanup (#7286) * Added power-shell automation how-to * Changed typo in integration key * Intentionally failed infoblox test to have the machine running * Intentionally failed infoblox test to have the machine running * Un-skipped infoblox * Failed infoblox intentionally * Edited powershell automation howto * Edited powershell integration howto * Fixed typo * Made sure Infoblox will not fail * Hello world fetch incidents addition (#7214) * Added a condition to prevent duplicates * Changed the unit-test last fetch time * changelog * CR fixes * validate fixes * Added a new RN version * Integration instance config (#7422) * Added %%SERVER_HOST%% placeholder * changed something in taxii to run test * minor fix * moved to the right place * support for server keys * support for server keys * minor fix * check if server_keys run * check if server_keys run * check if server_keys run * pre-defined integration instance name * fix for server_keys * Changed TAXII tpb * deleting instances by name before creating new ones * Added logic to test instances as well * removed the change from TAXII feed * CR fixes * merge from master * Revert "merge from master" This reverts commit fb869fd8 * Added sleep for TAXII tpb * Make conf json redundant (#7124) * Make conf json redundant * Fix CR * Fix CR comments * Added a msg about the number of tests added to the conf.json * adding artifact + removing from conf.json for testing purposes * fixing yml structure * removing old usage * Update update_conf_json.py * Update Gmail.yml * adding nicer print to conf.json update output + reverting the changes to the conf.json * Mongodb: nested dicts fix (#7625) * Fixed an issue where nested dictionaries containing a datetime object were not parsed properly. * fix cr" * ServiceNow - added retry mechanism for status code 401 (#7614) * added retry mechanism for status code 403 * remove blank line * add 401 not authenticated test * add negative unauthenticated test * bump pack version * Adding documentaion * Support AWS Security Groups with only one ingress rule (#7592) (#7626) * Support AWS Security Groups with only one inbound rule * Add release notes to AWS-EC2 pack * Bump docker image tag to latest Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: Lindsey Smith <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: syaakovi <[email protected]> * Documentation fixes (#7507) * add image * update missing image * fix link * fix link * fix links * fix regexes * fix links * fix links * fix links * fix links * fix typo * secrets * Fix cfw extra arg (#7628) * Removed an unused argument ipname from **checkpoint-block-ip** command. * Deprecate an unused argument ipname from **checkpoint-block-ip** command. * removed deprecated arg from documentation * Updated Co-authored-by: Alex Fiedler <[email protected]> * Flake8 phase10 (#7604) * AutoFocusV2 lint fixes * MicrosoftGraphFiles_test.py lint fix * CarbonBlackEnterpriseEDR lint fix * FeedCofense lint fix * AzureSentinel_test lint fixes * csp bugfix (#7472) * unit test is failing * bug fix * updated tests * docs update * 1.0.7 RN * 1.0.8 RN * 1.0.9 RN * [HelloWorld] Minor yml update (#7448) (#7630) * Added additionalinfo tooltip to integration parameters * updated releasenotes to 1.1.4 * Update Packs/HelloWorld/Integrations/HelloWorld/HelloWorld.yml * Updated Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: Francesco Vigo <[email protected]> Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> * Okta zones - playbook and enhancement (#7620) * Okta zones - playbook and enhancement (#7137) * Okta V2 - Add commands for Network Zones * IP Whitelisting - add Okta Zone playbook * Whitelist playbook - Add Okta * Okta V2 - fix yaml and secrets ignore * Added playbook image * Uploading playbook image * Added playbook image * Setting author to Cortex XSOAR Co-authored-by: Anar Azadaliyev <[email protected]> * Removing email contact Co-authored-by: Anar Azadaliyev <[email protected]> * Setting URL in content pack metadata Co-authored-by: Anar Azadaliyev <[email protected]> * Okta V2 Zones fixes + unit tests + outputs * Okta V2 test - fix linter error * IP Whitelist pack - remove depe * Okta Zone playbook - move to Okta pack and update readme * Updated whitelist language * Updated new content * Removing pack + okta code fixes Removing IPWhitelist pack - sorting content into packs * Commit playbook images * Okta V2 code fixes * Egress Playbook fixes Renamed tasks, moved group names into playbook inputs * Update README and images * Update Okta V2 README with new commands * Added release notes, fixed integration name in conf.json * Remove unused import * Updated release notes. * Release notes for Legacy pack * Updating playbook images * Modified playbook text and READMEs * Update playbook-IP_Whitelist_-_AWS_Security_Group.yml * Update playbook-IP_Whitelist_-_GCP_Firewall.yml * Update Okta_v2.yml * Update playbook-Allow_IP_-_Okta_Zone.yml * Update playbook-Allow_IP_-_Okta_Zone_README.md * Update playbook-Prisma_Access_Whitelist_Egress_IPs_on_SaaS_Services.yml Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: yaron-libman <[email protected]> * move comparelists * delete Legacy pack * fix build * update version of CommonScripts Co-authored-by: Lior Kolnik <[email protected]> Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: yaron-libman <[email protected]> * SentinelOne v2 - improve date string handling (#7612) * add test for event with unexpected timeformat * parse dateoccurred to datetime * Updated * bump docker image Co-authored-by: Alex Fiedler <[email protected]> * Add ML collect data script (#7621) * Add ML collect data script * Add ML collect data scriptAdd ML collect data script Co-authored-by: eharush <[email protected]> * Update configure_and_test_integration_instances.py (#7645) * RedCanary - improve endpoint context standard handling (#7636) * add test for endpoint without mac address * improved implementation of get_endpoint_context * fix flake8 report in unit test * add condition to check if address_attributes * Updated. Co-authored-by: Alex Fiedler <[email protected]> * removed resource class (#7642) * set entities timeframe to 1 hour and skip in case no entities found (#7634) * SecureWorks - enhance README with incident fetch details (#7595) * update readme with fetch incidents notes * update readme with fetch incidents notes * Fixed recently created release notes files to new standard (#7644) * Pcapminer v2 post fix (#7150) * Reopening PR after fix * revert to preplaybook * revert to preplaybook + unit test fix * description * find path for testdata * remove rsa_key + try to fix testdata unittest * unittest fix * move test file to folder * unnittest fix * remove iterate and packets to analyze * run on a different docker each run * change Pcap to PCAP + add "All" option for protocol output * Updated * Readme * last additions * David fixes * uppercase * rsa_key fix + Capital PCAP in README * test fix * join 2 tests into one Co-authored-by: Alex Fiedler <[email protected]> * Added client re-creation to prevent api-key expiration (#7648) * Added https connection and SSL verification (#7631) * Added https connection and SSL verification * added rn * removed unnecessary keys * Updated Co-authored-by: Alex Fiedler <[email protected]> * timestamp_to_datestring uses `utcfromtimestamp` (#7488) * timestamp_to_datestring uses `utcfromtimestamp` (#7407) * timestamp_to_datestring uses `utcfromtimestamp` `timestamp_to_datestring`'s default date format includes Z for the time zone. However, it uses `datetime.fromtimestamp` which is in localtime. This yields incorrect results when the default time zone is anything other than UTC. The `epochToTimestamp` function in the same file does correctly use `utcfromtimestamp`. This commit corrects and normalizes the timestamp processing. * Added release notes Co-authored-by: halpert <[email protected]> * Adding condition for timestamp format Co-authored-by: Henry Stern <[email protected]> Co-authored-by: halpert <[email protected]> * Remove deprecated CloseInvestigation task from playbooks (#7653) * skipping tpb * Revert "skipping tpb" This reverts commit 858f9a1b * replaced CloseInvestigation tasks with Done section headers * small fix in TestIsValueInArray * Add a new pack for HIPAA (#7382) * Add a new pack for HIPAA * Changed playbook * Changed playbook * Added changelogs * Created pack release notes. * Cahngedrelease notes * Update playbook-HIPAA_-_Breach_Notification.yml * Updated playbook and layout * Changed HIPAA pack metadata and change the location of the incident fields. * Removed test changes * Removed test changes * Generated playbook readme Co-authored-by: yaron-libman <[email protected]> * Adding pagination mechanism for url logs request (#7277) Co-authored-by: halpert <[email protected]> * symantec dlp: permissions section (#7581) * dlp permissions section * Updated * upate troubleshooting Co-authored-by: Alex Fiedler <[email protected]> * Microsoft Defender ATP - set scope to default (#7647) * updated scope to atp default * Updated Co-authored-by: Alex Fiedler <[email protected]> * Add Zoom Feed Integration * Add Zoom Feed Integration * Change Regex pattern for iipv4cidrRegex * Add test_playbook id * Implemented requested changes * Modify gitignore * Minor changes * Update FeedZoom.yml * Updated * Updates * Updated * Updated validations Co-authored-by: Itay Keren <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: Shai Yaakovi <[email protected]> Co-authored-by: yuvalbenshalom <[email protected]> Co-authored-by: Bar Katzir <[email protected]> Co-authored-by: Eddie Lebow <[email protected]> Co-authored-by: Mike Saurbaugh <[email protected]> Co-authored-by: Shelly Berman <[email protected]> Co-authored-by: content-bot <[email protected]> Co-authored-by: Todd Murchison <[email protected]> Co-authored-by: syaakovi <[email protected]> Co-authored-by: Ido van Dijk <[email protected]> Co-authored-by: altmannyarden <[email protected]> Co-authored-by: yaron-libman <[email protected]> Co-authored-by: Or Lichter <[email protected]> Co-authored-by: Guy Lichtman <[email protected]> Co-authored-by: roysagi <[email protected]> Co-authored-by: eli sharf <[email protected]> Co-authored-by: esharf <[email protected]> Co-authored-by: David Baumstein <[email protected]> Co-authored-by: dbaumstein <[email protected]> Co-authored-by: Shahaf Ben Yakir <[email protected]> Co-authored-by: Lior Blobstein <[email protected]> Co-authored-by: Bar Hochman <[email protected]> Co-authored-by: Rony Kozakish <[email protected]> Co-authored-by: Timor Eizenman <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: deepinstinctdev <[email protected]> Co-authored-by: ronykoz <[email protected]> Co-authored-by: reut shalem <[email protected]> Co-authored-by: rsagi <[email protected]> Co-authored-by: Dan Tavori <[email protected]> Co-authored-by: Lior Kolnik <[email protected]> Co-authored-by: Nicholas Ericksen <[email protected]> Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: hod <[email protected]> Co-authored-by: halpert <[email protected]> Co-authored-by: Guy Freund <[email protected]> Co-authored-by: Yana Orhov <[email protected]> Co-authored-by: rshalem <[email protected]> Co-authored-by: Ika Gabashvili <[email protected]> Co-authored-by: Agam <[email protected]> Co-authored-by: Agam More <[email protected]> Co-authored-by: hod <[email protected]> Co-authored-by: Dean Arbel <[email protected]> Co-authored-by: Gal Rabin <[email protected]> Co-authored-by: avidan-H <[email protected]> Co-authored-by: ikeren <[email protected]> Co-authored-by: MosheGalitzky <[email protected]> Co-authored-by: mayagoldb <[email protected]> Co-authored-by: Bar Chen <[email protected]> Co-authored-by: Juliya Smith <[email protected]> Co-authored-by: Lindsey Smith <[email protected]> Co-authored-by: Francesco Vigo <[email protected]> Co-authored-by: erezh31 <[email protected]> Co-authored-by: eharush <[email protected]> Co-authored-by: Henry Stern <[email protected]> Co-authored-by: teizenman <[email protected]>
ronykoz
added a commit
that referenced
this pull request
Jun 21, 2020
* FireEye Helix - fix headers arg processing in search cmd (#7411) * add unit test for search command with headers arg given * add unit test for search command with headers arg given * pass to build_mql_query from search cmd only relevant args and not all * add default empty string to query arg * Updated * Updated Co-authored-by: Alex Fiedler <[email protected]> * Update config.yml (#7412) * fix print bucket path (#7416) * [cofense-32] Two new commands and internal refactoring, second PR (#7… (#7346) * [cofense-32] Two new commands and internal refactoring, second PR (#7104) * [CofenseTriage] Add new Triage commands on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] WIP tests on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Code style cleanup on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] assorted cleanup WIP on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add test fixtures WIP on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Refactor http_request - Rename to `triage_request` and rename first parameter to `endpoint` - Create new function `triage_api_url` to build full URL to a given endpoint - Refactor and simplify response handling logic on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Refactor `fetch_reports` No functional changes, except some speedups and a possible bug fix. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Break out TriageReport class on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Break out TriageInstance class on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add TriageReporter class on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Update tests and fixtures on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Rewrite get_report_by_id to use class on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move all classes into one file The plugin architecture requires it. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Refactor and add test coverage for get_threat_indicators() on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Eleminate unnecessary get_attachment() on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Refactor search_reports and increase test coverage on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Assume /reports/:id always returns an array Also eliminate unnecessary TriageReporter.from_json() and rename Triage_reporter.from_id() to .fetch(). on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Make test fixture more complicated on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Return actual JSON in to_json() Also enhance test coverage. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Don't call fetch_reports() in test_function() Triage always responds with a valid JSON object. There is no need to perform a second request to test the integration---if Triage responsds with an OK status, then everything is working. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Store last run data as a JSON blob on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Wrap incident attachment in single-element list on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Update metadata on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Clean up remnants in Legacy pack on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add mypy ignore comments Mypy has trouble with decorators like lru_cache() in several situations. Add inline comments to silence spurious linter complaints. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move import after stubs in test We have to stub demistomock before we import CofenseTriage. That's just how demistomock works, apparently. on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Generate release notes on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move changes to new CofenseTriage 2 Both versions will exist in parallel on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move return_error to highest-level except block on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Update documentation on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Address various linter complaints on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move time constants inline Also eliminate the time format string in favor of datetime.datetime.fromisoformat(). on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Pass a TriageInstance argument instead of using a module var on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Let exceptions bubble up to main() on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Address more linter complaints on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Rename module to CofenseTriagev2 on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Centralize parameter fetching in main() on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add v2 to Tests/conf.json on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Rename more files to have v2 prefix on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Add minimum Demisto version on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Move test files to root dir of integration on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Remove tests from v1 integration on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Rename Cofense.ThreatIndicators context path on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Additional minor adjustments on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Merge all test files into one on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Stub fileResult more realistically on-behalf-of: @Cofense <[email protected]> * [CofenseTriage] Update release notes on-behalf-of: @Cofense <[email protected]> Co-authored-by: Mike Saurbaugh <[email protected]> * lgtm, docket tag, secrets * skip, no instance * pylint * secrets 101 * rm coverage * rm secrets * contrib commits 102 * contrib commits 103 * contrib commits 104 * str -> num * desc types * add newline * add cmd_ex file * typo * styling * add to_json() * add json.dumps * add readme, add tpb * linters * linters2 * linters3 * mv cofense triage v1 to non circle tests Co-authored-by: Eddie Lebow <[email protected]> Co-authored-by: Mike Saurbaugh <[email protected]> * Fixed server version calculation (#7419) * Fixed server version calculation * Fixed some LGTM and pylint comments * Fix Thread Crash Print (#7417) * Update test_content.py * added space * Fixed bug - CB-Live-Response (#7389) * Fixed release notes * Added rn * Fixed version bump * Removed unnecessary comment * Updated. Co-authored-by: Alex Fiedler <[email protected]> * Fixed a bug in download malware (#7400) * Fixed a bug in download malware * added rn and fixed cr * old changelog fix * Updated * added old changelog Co-authored-by: Alex Fiedler <[email protected]> * new Prisma Cloud remediation additions to GCP playbooks (#7265) (#7395) * new remediation additions * update release notes * update release notes Co-authored-by: Todd Murchison <[email protected]> Co-authored-by: syaakovi <[email protected]> * CS falconhost threatgraph API support (#7054) * cs threatgraph API support * missing dot * use tabletomarkdown * cs falconhost threatgraph * add rn marketplace format * Updated * Minor update Co-authored-by: Alex Fiedler <[email protected]> * Phishing - Core - Fixed URL screenshots tag + merged 2 conditions + updated pic (#7390) * Fixed URL screenshots tag + merged 2 conditions + updated pic * fixed changelogs / rn * Added new playbook playbook-Illinois_-_Breach_Notification (#7253) * Added new playbook playbook-Illinois_-_Breach_Notification.yml. Fixed issues with breach notification playbook. Added Readme files to breach notification playbooks. * update release notes. * update release notes. * Added the edit layout. * Added the edit layout. * Added the edit layout. * Added the edit layout. * Added the edit layout. * Update playbook-Illinois_-_Breach_Notification.yml * Changed conflicts. Co-authored-by: yaron-libman <[email protected]> * Slack Ask - Add user and response template (#7386) * change Pcap to PCAP + add "All" option for protocol output * add changelog * Updated. * Updated * README UPDATE Co-authored-by: Alex Fiedler <[email protected]> * epo update doc with permission info (#7249) * epo help images * update images * epo readme * typo fix * add link to epo docs * fixes from @kirbles19 * Fixing content (#7388) * fixing several pack validation errors * fixing extra hop * added test playbook for joe security playbook * adding rn * adding rn * bumping pack metadata for common reports * fixing content - additional BA101 * adding XDR iocs pack (#7144) * adding XDR iocs pack * code ready exept ioc from xdr to demisto * last changes * update YML * fixup! last changes * update pack format * fixing code CR * adding unit test and small changes * adding README * adding description * adding playbooks * adding test playbook * adding test module command * Updated * Updated * Update XDR_iocs_every_minute.yml * Update XDR_iocs_nightly_job.yml * Update XDR_iocs.yml * add to description * small test change * adding feedIncremental * last fix * fixup! last fix Co-authored-by: esharf <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: yaron-libman <[email protected]> * Tim indicators exclusion by related incidents (#7127) * Added new playbook * Added new playbook * Updated name. * Update TIM_-_Indicators_Exclusion_By_Related_Incidents.yml * Added description. * Added description. * Added description. * Added description. * Added description. * Added description. * Added description. * Added description. * Added description. * Added readme and bumped pack version * Added readme and bumped pack version * Improved descriptions. Co-authored-by: dbaumstein <[email protected]> Co-authored-by: yaron-libman <[email protected]> * Red lock token fix (#7408) * Added support for multi environment instances * Added RN * Change RN * fixed syntax * fixed syntax * Added error handling * Updated * Updated * Updated Co-authored-by: Alex Fiedler <[email protected]> * Access Investigation - deprecation & new playbook (#7315) * Access Investigation - deprecation of old playbook, creation of new playbook * Access Investigation - deprecation of old playbook, creation of new playbook * img for readme * manual RN * removed rn * back to old version * Update Access_Investigation_-_Generic_4_5_CHANGELOG.md * Update Access_Investigation_-_Generic_CHANGELOG.md Co-authored-by: yaron-libman <[email protected]> * Deprecated scripts comments (#7349) * Deprecated scripts comments * typo * Update deprecated comment. * Updated * Updated * Updated * Updated * Updated * RN Co-authored-by: Alex Fiedler <[email protected]> * JsonWhoIs - fixed error not returned from the integration (#7394) * JsonWhoIs - fixed error not returned from the integration * Fix CR * move error to http request * error handling * Updated * Updated * Update Packs/JsonWhoIs/Integrations/JsonWhoIs/JsonWhoIs.py Co-authored-by: Itay Keren <[email protected]> * fix mypy * rm mypy ignore Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: Itay Keren <[email protected]> * Added timestamp compare (#7195) * Added timestamp compare * fix CR * Adding timeformat option * Update TimeStampCompare.yml * Updated * Fix UT * fix yml Co-authored-by: Alex Fiedler <[email protected]> * Carbon Black Response - changed dt for File (#7391) * changed the dt for File * RN * Update 1_0_3.md Co-authored-by: roysagi <[email protected]> * Tim whois playbooks (#7039) * Added new playbook. * Update playbook-TIM_-_Process_Domain_Registrar_With_WHOIS.yml * Added section headers. * Added tech docs notes. * Added input and description. * Update playbook-TIM_-_Process_Domain_Registrar_With_WHOIS.yml * Added descriptions. * Added readme. * Added readme. * Added png link. * Added png link. * Removed changelog. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Multiple playbook changes. * Change changelog * Update RNs * Update RNs * Multiple playbook changes. * Updated playbook. * Updated playbook. * Added new playbook * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * Added new playbook. * changed tag name. * changed tag name. * changed tag name. * changed tag name. * Minor logic change. * Revert "Minor logic change." This reverts commit dbfd9598 * Minor logic change. * Removed list name. * Removed default delimiter. * Casing. * Casing. * Added description. * Update playbook-TIM_-_Process_Domains_With_Whois.yml * Update playbook-TIM_-_Process_Domain_Registrant_With_Whois_README.md * Update playbook-TIM _-_Process_Domain_Age_With_Whois.yml * Update playbook-TIM_-_Process_Domain_Registrant_With_Whois.yml * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added readme and bumped pack version * Added image. Co-authored-by: dbaumstein <[email protected]> Co-authored-by: yaron-libman <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> * Added tests to phishing pack (#7345) * Added tests to pack * Added core * Moved files back to where they need to be * new MR for Deep Instinct Integration (#7415) * new MR for Deep Instinct Integration (#7316) * new MR for Deep Instinct Integration * Update pack_metadata.json * Delete CHANGELOG.md Co-authored-by: Rony Kozakish <[email protected]> * Update README.md * Adding skip on the integration * Fix file name Co-authored-by: deepinstinctdev <[email protected]> Co-authored-by: Rony Kozakish <[email protected]> Co-authored-by: ronykoz <[email protected]> * Red Canary - bug fixes in fetch incidents (#7421) * fetch only ack detections and remove timeline for detection in fetch * Updated * Updated * consider detection as acknoledges if one of the fields exist, not both * consider detection as acknoledges if one of the fields exist, not both * consider detection as acknoledges if one of the fields exist, not both Co-authored-by: Alex Fiedler <[email protected]> * Updated playbook image (#7423) * Add whois to autoprocessing (#7428) * Added sub playbook. * Added sub playbook. * Added sub playbook. * Added sub playbook. * Added image. * Added image. * Removed space. * Removed space. Co-authored-by: dbaumstein <[email protected]> * Fix content packs- Reut (#7341) * CommonScripts fix * CommonScripts fix * CommonScripts fix * Nist ignore * sdk version * Malware ignore errors * Malware ignore errors * ignore SC100 * Non-supported pack * Non-supported pack * Non-supported pack * Non-supported pack * Non-supported pack Co-authored-by: rsagi <[email protected]> * Marketplace step fix (#7425) * test * test * small fix * Prisma Access - Added tunnel health playbook (#7136) (#7431) * Prisma Access - Added tunnel health playbook * Add image file in doc_files * Added playbook image to README * Updating playbook image * Fixes to playbook Removed Slack task, added remediation recommendations on manual step. * Updating README * Update playbook-Prisma_Access_-_Connection_Health_Check_README.md * Update playbook-Prisma_Access_-_Connection_Health_Check.yml * Prisma Access - fix sdk validate Tests conf - fix Prisma Access brand name to remove validate error. yml - fix multiline description. Co-authored-by: yaron-libman <[email protected]> Co-authored-by: Lior Kolnik <[email protected]> Co-authored-by: yaron-libman <[email protected]> Co-authored-by: syaakovi <[email protected]> * PCS (Redlock) remediation command (#7270) (#7392) * Add remediation details command * Add condition to gracefully handle no remediation details * Update README.md; Add command_examples.txt * Clean up context and entry format; Support multiple alert-ids * Update README.md; Fix lint issues * Refactor no remediation condition * Update outputs and README * Create ReleaseNotes; Update pack_metadata.json * Fix human readable output; Update README; Update test playbook * Update instances of RedLock to Prisma Cloud (RedLock) * Update release notes * Update Packs/RedLock/TestPlaybooks/playbook-RedLockTest.yml * Updated * Updated descriptions for new command Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: Nicholas Ericksen <[email protected]> Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> * Print server conf for bucket (#7436) * removed TestFormatTableValues to check if it solve conflict * fix typo * fix typo * fix new lines * fix missing " * fix missing -e * Access Investigation Generic playbook - refactor filename (#7438) * change toversion field name * refactor new access investigation generic playbook name * revert 4.5 trigger * fix broken images (#7432) * Access Investigation - ID fix (#7440) * emergency ID fix * empty RN * Update Packs/AccessInvestigation/ReleaseNotes/1_1_1.md Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> * Content additional fix validations (#7445) * Content additional fix validations * updating gmail docker image * Update Packs/Digital_Defense_FrontlineVM/Playbooks/playbook-Digital_Defense_FrontlineVM_-_PAN-OS_block_assets.yml Co-authored-by: Bar Katzir <[email protected]> * adding changelogs Co-authored-by: Bar Katzir <[email protected]> * fix lintings (#7454) * Improved empty response handling (#7296) Co-authored-by: halpert <[email protected]> * [Enhancement] Search Search Endpoints By Hash - Carbon Black Response (#7399) * Deprecated Search Search Endpoints By Hash - Carbon Black Response. Created new playbook Search Search Endpoints By Hash - Carbon Black Response V2 instead. * added the playbook image. * added the playbook image. * Updated playbook image * Update playbook-Search_Endpoints_By_Hash_-_Carbon_Black_Response_V2.yml * Update playbook-Search_Endpoints_By_Hash_-_Generic_V2.yml * Update playbook-Hunt_Extracted_Hashes.yml * Update playbook-Search_Endpoints_By_Hash_-_Carbon_Black_Response.yml * updated release notes Co-authored-by: yaron-libman <[email protected]> * out of skipped tests (#7456) * out of skipped * parse email files out of skipped * Auto detect api modules (#7257) * changed docker image * changed docker image * changed docker image * changed docker image * changed docker image * updated conf json for nightly tests on generic feeds * updated None to '' * updated None to '' * updated conf json * updated conf json * updated conf json * updated conf json * updated rn * updated rn * updated pr * updated pr * fixed json ut * fixed json ut * fixed json ut * fixed json ut * updated pr * updated pr * updated pr * updated pr * updated pr Co-authored-by: yorhov <Orekhova97229!> * small fix in content (#7462) * unskipping phishlabs (#7455) * unskipping phishlabs * fixing test playbook * RTIR: fix ID header bug (#7453) * RTIR: Fix ID header * fix lint and format * fix flake8 * added rns * fix cr * Update 1_0_2.md Co-authored-by: roysagi <[email protected]> * fortisiem bug fix (#7469) * disabled the request to trigger an event, made queryData hardcoded * changelog * Updated. * Updated * Updated Co-authored-by: Alex Fiedler <[email protected]> * remove old regexes from content (#7398) * remove old regexes from content * use demisto-sdk from master * Update dev-requirements-py3.txt Co-authored-by: reut shalem <[email protected]> * Update dev-requirements-py3.txt * replace old regexes * sdk release 1-1-2 test * sdk release 1-1-2 test * sdk release 1-1-2 test * sdk release 1-1-2 Co-authored-by: reut shalem <[email protected]> Co-authored-by: rshalem <[email protected]> * changing playbook name (#7474) * changing playbook name * changing playbook name * fix rastarize name in core packs list (#7471) * Nightly Marketplace (#7467) * remove old regexes from content * use demisto-sdk from master * Update dev-requirements-py3.txt Co-authored-by: reut shalem <[email protected]> * Update dev-requirements-py3.txt * replace old regexes * use sdk master * conflicts fix * changed sdk branch * changed sdk branch to master * fixed config.yml, added developerTools pack to packs_to_install * reduced flake8 version * moved test playbooks to packs * removed Extract Indicators From File - test from conf.json * reverted changes in collect_tests and dev-requirements-py3 Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: reut shalem <[email protected]> Co-authored-by: ybenshalom <[email protected]> Co-authored-by: Shai Yaakovi <[email protected]> * bump content and sha1 versions (#7470) * reverted instance tests to run on server 5.5 (#7465) * Return of cofense feed (#7481) * Updated Cortex XDR IOCs pack names - 20.6.0 (#7437) (#7457) * Updated Cortex XDR IOCs pack names - 20.6.0 (#7437) * updated pack name, integration name, and command names of "Cortex XDR - IOC" * fixed bug * update tests * update pack & integration description * update pack & integration description * updated descriptions * update integration format * fixup! update integration format * adding ioc triger to push command * update README * fix CR * fixup! fix CR * Update Packs/XDR_iocs/Integrations/XDR_iocs/XDR_iocs.yml Co-authored-by: Shai Yaakovi <[email protected]> * Apply suggestions from code review Co-authored-by: Guy Lichtman <[email protected]> * update readme with a better description * updated descriptions and display name in yml * Update Packs/XDR_iocs/Integrations/XDR_iocs/XDR_iocs.yml * Update Packs/XDR_iocs/Integrations/XDR_iocs/XDR_iocs.yml * Apply suggestions from technical writer review * fix * fixup! fix * fixinig * last fix * add sleep time * add sleep time Co-authored-by: eli sharf <[email protected]> Co-authored-by: esharf <[email protected]> Co-authored-by: Guy Lichtman <[email protected]> * adding empty release notes * Update CHANGELOG.md Co-authored-by: Shai Yaakovi <[email protected]> Co-authored-by: esharf <[email protected]> Co-authored-by: Guy Lichtman <[email protected]> * deleted Legacy pack (#7463) * Delete Exchange pack (#7433) * Add the GetShiftsPerUser automation (#7213) * Add the GetShiftsPerUser automation * Add current user to script and fix bad check for GetOnCallHoursPerUser * Style guides * Remove unusedimports * Remove used vars * Add a better output type * Fix imports * Release notes of bug in GetOnCallHoursPerUser * Fix the tests * Fix the eslint lines too long * Fix eslint changelog * release notes * docker tags * Fix the output * Add related tests * Add header for the markdown * Update Packs/ShiftManagement/ReleaseNotes/1_1_0.md Co-authored-by: Andrew Shamah <[email protected]> * Eslint * Shifts per user * Trailing whitespace * RN * Docker version * Tests + imports * Debug tests * Debug tests 2 * Debug tests 3 * Debug 4 * Debug 5 * Debug 6 * Debug 7 * Debug 8 * Debug 9 * Debug 10 * Debug 12 * Fix mock result * Fix mock result * linting * Flake8 * Updated * Updated. Co-authored-by: Agam More <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> * ignore missing CHANGELOG failures (#7482) * Update config.yml * Update config.yml * demistomock.py formatting (#7483) * Fixed print when GCS_MARKET_KEY is not set (#7486) * Fixed print when GCS_MARKET_KEY is not set * Skipping a step in contribution Co-authored-by: halpert <[email protected]> * fixed build images paths (#7450) * Packs changelog - added build number to display name (#7279) * added build number to pack changelog * switched brackets to dash in changelog version * added versionInfo field * fixed doc strings * added versionInfo to unit test * Nightly failures (#7317) * Skipped nightly failures * Un-skipped infoblox * Skipped tonight's failing tests * Skipping failing tests * Skipping failing tests * Skipped traps * Skipped traps * Added timeout to "Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Test - Cofense Intelligence * Skipped Test - Cofense Intelligence * Update XDR_iocs.yml (#7494) * Uploader - changed upload corepacks.json logic (#7487) * changed upload corepacks.json logic * added sys.exit(1) in case of failure * Updated video link for Crisus Management (#7496) * Updated video link * moved video to pack readme * http = https * fix RNs Co-authored-by: Andrew Shamah <[email protected]> * [New Integration] EWS O365 (OAuth 2) (#7145) * created new branch with files from original branch * changed name to EWS O365 * changed app name * fixed service based and item based commands * fixed recover_soft_delete_item * added external files (test playbook, picture detailed description) * created readme and removed impersonation and mark_as_read fields * added test infrastructure * removed dev code * updated fetch logic to use last_modified_time * moved files to EWS pack * added rn and test * reformatted redame * removed ews-search-mailboxes * build fix * changed insecure logic * fixed test playbook * added proxy support * added constants and max incidents per fetch validation * style changes + added support for target_mailbox in get_folder and create_folder * Updated * moved ews v1 to deprecated * added docstrings * added back ews v1 to ews pack - will be moved to deprecated in a future PR * reverted changes to ewsv2 * removed ErrorInvalidPropertyRequest * added descriptions for test playbook-EWS_O365_test.yml * moved description a level deeper * added test for public folders * added descriptions to test playbook tasks * added descriptions to test playbook tasks * updated docker image * added fromversion to test playbook Co-authored-by: Alex Fiedler <[email protected]> * Removed legacy from special handling in dependencies calculation (#7493) * removed legacy from special handling * fixed unused import * test_collect_tests_and_content_packs - Improve packs collecting (#7477) * sdk release 1-1-2 * sdk release 1-1-2 * sdk release 1-1-2 * check docs upload * deleted comments * linting * linting * linting * Fixed UT * Fixed UT * Fixed UT * Fixed UT * Fixed UT * Fixed UT * CR fixes * CR fixes * Move default types to content (#7426) * move system incident types to content * add release notes * moved types to correct packs * updated pack versions * add DefaultPlaybook to core packs * update version * Docs: remove possible errors section (#7381) * Maltiverse: remove possible errors section * remove troubleshooting and overview * Update README.md * update zabbix * Securonix already fetched (#7025) * securonix fetch offset * changelog * Added max parameter to the `securonix-list-incidents` command Added the `max_fetch` parameter to the integration configuration, where the default and maximum value is 50. Fixed an issue where duplicate incidents where fetched. * linter 101 * linter 102 * linter 103 * set -> list, dumps the already_fetched * update RN and README * update dockerimage * Update Packs/Securonix/Integrations/Securonix/CHANGELOG.md Co-authored-by: Andrew Shamah <[email protected]> * Update Packs/Securonix/Integrations/Securonix/README.md Co-authored-by: Andrew Shamah <[email protected]> * Update Packs/Securonix/Integrations/Securonix/README.md Co-authored-by: Andrew Shamah <[email protected]> * Update Packs/Securonix/Integrations/Securonix/Securonix.yml Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> * add HelloWorld, ExportIndicators, Malware, DefaultPlaybook to core packs (#7504) * Fix collect tests and content packs (#7468) * replaced DocumentationTest with HelloWorld-Test * test fix * in progress * added developertools to packs to install if no tests * fixed test * moved GenericSQL test script * fix typo in DeleteContext file name * moved auto-extract test script to base pack (next to auto-extract test playbook) * moved CallTableToMarkdown test script to base pack (next to test playbook) * UT fix * UT fix search_and_install - removed redundant packs from installation list * reverted deletecontext renaming * moved CallTableToMarkdown script back to DeveloperTools * fixed conflicts * reverted movement of scripts from DeveloperTools Co-authored-by: syaakovi <[email protected]> * Fix common server python test: (#7311) * skipping tests * skipping tests * Update Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py Co-authored-by: hod <[email protected]> Co-authored-by: hod <[email protected]> * unskip wildfire-test (#7498) * Add safe get dict to common server python (#7451) * removed test pbs (#7524) * increase sshd MaxStartups and restart sshd (#7434) Co-authored-by: ikeren <[email protected]> * Create Troubleshooting Section for Packets and Logs README (#7429) * add troubleshooting section to the RSA NetWitness Packets and Logs integration readme * README addition minor changes * Updated Co-authored-by: Alex Fiedler <[email protected]> * moved deprecated ews integration (#7532) * added eula link support (#7525) * demisto-sdk find-dependencies (#7502) * demisto-sdk find-dependencies * deleted images. Co-authored-by: dbaumstein <[email protected]> * SetGridField - sort columns alphabetically (#7533) * sort columns alphabetically * remove print * update docker image tag and fix lint report in test * Elasticsearch Feed - fix bug in feed type handling (#7490) * pass feed type to get_scan_insight_format in fetch indicators cmd * bump docker image tag * added default to url arg in url command (#7514) * fix bug in threat-grid-get-analysis-by-id (#7377) * fix bug * fix releasenote * Joe security bug (#7362) * Fixed testPlaybook & check if the DBotScore.indicator exists * delete Joe Security from skipped * delete Joe Security from skipped * fix testplaybook * added changelog * fix * fix test playbook * added releasenote * fix releasenote * Update Packs/JoeSecurity/Integrations/JoeSecurity/CHANGELOG.md Co-authored-by: Shahaf Ben Yakir <[email protected]> * BigFix - add get_endpoint_details arg to get-endpoints cmd (#7515) * split bigfix yml into dir * parse xml response with utf-8 encoding * add get_endpoint_details arg to get endpoints cmd * add get_endpoints_details arg to readme * fixed lint reports * Recorded Future Feed - handle sparse response in fetch indicators command (#7414) * add test for fetch indicators cmd with sparse response * handle missing fields in iterator * handle score in case Risk is not returned from iterator * add release notes * Update Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture.py Co-authored-by: Rony Kozakish <[email protected]> Co-authored-by: Rony Kozakish <[email protected]> * fix a bug that test module failed on a delegated mailbox (#7435) * fix a bug in the test_module * added releasenote * added releasenote * fix releasenote Co-authored-by: ikeren <[email protected]> * fix for IsMaliciousIndicatorFound tpb (#7497) * fix for IsMaliciousIndicatorFound tpb * Added sleep in TPB * another sleep * unskip duo admin tpb (#7499) * unskip duo admin tpb * TPB sections now happens one after the other and not at the same time * Proofpoint Protection Server - use html.parser instead of lxml parser and update required admin role (#7396) * use html.parser instead of lxml parser and update required admin role * Updated * Updated * Updated * added 8.14.2 support for smart search * add new param to readme * verify pps version param is initialized in the condition * Update Packs/ProofpointServerProtection/Integrations/ProofpointServerProtection/ProofpointServerProtection.py Co-authored-by: Shai Yaakovi <[email protected]> * bump docker image tag * bump pack version to 1.0.2 Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: Shai Yaakovi <[email protected]> * fix akamai instance (#7549) * Labeled partner packs + cleared packs metadata (#7531) * cleaned packs metadata json * labeled partner packs * Apply suggestions from code review CR fixes Co-authored-by: Anar Azadaliyev <[email protected]> * additional fixes Co-authored-by: Anar Azadaliyev <[email protected]> * Nightly failures (#7547) * Skipped nightly failures * Un-skipped infoblox * Skipped tonight's failing tests * Skipping failing tests * Skipping failing tests * Skipped traps * Skipped traps * Added timeout to "Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Test - Cofense Intelligence * Skipped Test - Cofense Intelligence * Skipped nightly failures * Fix collect packs (#7519) * replaced DocumentationTest with HelloWorld-Test * test fix * in progress * added developertools to packs to install if no tests * fixed test * moved GenericSQL test script * fix typo in DeleteContext file name * moved auto-extract test script to base pack (next to auto-extract test playbook) * moved CallTableToMarkdown test script to base pack (next to test playbook) * UT fix * UT fix search_and_install - removed redundant packs from installation list * reverted deletecontext renaming * moved CallTableToMarkdown script back to DeveloperTools * testing fix * fixed conflicts * fix get_packs_of_tested_integrations * fix get_packs_of_tested_integrations * reverted movement of scripts from DeveloperTools * merge from master * renaming Co-authored-by: syaakovi <[email protected]> * DefaultPlaybook dependency fixes (#7528) * DefaultPlaybook dependency fixes * RN Co-authored-by: ybenshalom <[email protected]> * Flake8 phase3 (#7522) * Securonix flake8 fixes * Securonix flake8 fixes * CofenseTriage lint fixes * FireEyeHelix lint fixes * MongoDB lint fixes * added dockerimage45 * Revert "added dockerimage45" This reverts commit c882d3e0 * fix rns * Malware dependency fixes (#7527) * Malware dependency fixes * common changed to mandatory Co-authored-by: ybenshalom <[email protected]> * Skip all detonation subplaybooks if unavailable (#7530) * skip all subplaybooks if unavailable * deleted random fields * back to 1.0.0 * RN * fixed mistake * fixed mistake Co-authored-by: ybenshalom <[email protected]> * Base installation issue fix (marketplace) (#7544) * fixed Base installation issue * test fix * change get entities timeframe from 1 hour to 1 day (#7557) * Phishing dependency fixes (#7526) * Phishing dependency fixes * common changed to mandatory Co-authored-by: ybenshalom <[email protected]> * Move Redlock integration into PrismaCloud pack (#7464) * Moved Redlock integration into PrismaCloud pack * Updated pack release notes * Updated pack release notes * Common pb pack dependencies (#7568) * add dependencies for commonPlaybooks pack * add CalculateTimeDifference to core packs * fix in collect_tests (#7565) * migrate videos to content-assets (#7562) * Add packs dependencies to all core packs (#7555) * Add packs to all core packs * remove display images * fix json * Update pack_metadata.json fix metadata format Co-authored-by: yuvalbenshalom <[email protected]> * Common fixes (#7556) * Moved folder to common. * Updated command to SearchIncidentsV2. * Release notes. * Release notes. * Release notes. * Release notes. * Release notes. * Changed task to V2. * Added to pack ignore. * Added to pack ignore. * Added to pack ignore. * Added to pack ignore. Co-authored-by: dbaumstein <[email protected]> Co-authored-by: ybenshalom <[email protected]> * Add RP104 to ignore errors for reputations.json file (#7550) * New playbook for "Malware Playbook - Manual". (#7506) * New playbook for "Malware Playbook - Manual". * Changed release notes * Changed Playbook name to "Malware Investigation - Manual" * Changed Playbook name to "Malware Investigation - Manual" * Updated release notes * Updated release notes * Changed playbook task names * CHanged release notes * Update playbook-Malware_Investigation_-_Manual.yml Co-authored-by: yaron-libman <[email protected]> * Association of fields to all (#7492) * Associated some fields to all, added new common fields, and ensured everything moves/stays in CommonTypes * Generate RNs Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: ybenshalom <[email protected]> * removed ews o365 from skipped (#7577) * unskipd msg dvc mngmnt (#7574) * Code42 fix spellings (#7536) (#7538) * Correcty mispelling * Correct misspelling Co-authored-by: Juliya Smith <[email protected]> * Added to pack ignore (#7579) * Powershell improvements (#7479) * update pwsh tests to user pester 5.0 + allow returnoutputs to use object * release notes * release notes * update docker * set docker images to pwsh 7 * change to use also default docker * fix test for pwsh 7 * test also on pwsh 7 * set dockeriamge to 6.2.4 * release notes bump * bump release notes * bump * Updated Co-authored-by: Alex Fiedler <[email protected]> * Skipping subplaybooks for packs if unavailable (#7558) * Skipping many subplaybooks if unavailable * Added & commented out unnecessary RN * Added missing playbooks * reverted old rn changes * reverted old rn changes * reverted old rn changes * old rn back * version bump * version change Co-authored-by: ybenshalom <[email protected]> * sdk release 1-1-3 (#7543) * sdk release 1-1-3 test * release 1-1-3 test * sdk 1-1-3 merge * IsEnabled additions to playbooks for packs (CommonPlaybooks + Phishing changes) (#7560) * isenabled fixes * proper changelog and RN * imgs * new image links * Added another skip and moved subplaybook so it doesn't hide the other * Merge branch 'master' of https://github.com/demisto/content into playbook-isenabled-changes # Conflicts: # Packs/CommonPlaybooks/Playbooks/playbook-Detonate_File_-_Generic.yml # Packs/CommonPlaybooks/pack_metadata.json # Packs/Phishing/pack_metadata.json * Version bump & new RN * reverted change to old RN (shouldnt change it) Co-authored-by: ybenshalom <[email protected]> * fix Microsoft-ATP test playbook and update readme file (#7575) * New pack documentation suggestion (#7255) * New suggested documentation * triggers and small indentation fix * link to playbook readme in pan dev * Removed visualization title * visualization = image * added RN manually * small change to allow version bump * reverted * No need to say that changed readme template * tweak to how it was * Skip dedup - generic test (#7590) * skipping tpb * Revert "skipping tpb" This reverts commit 858f9a1b * skipped test * removed packs override (#7585) * Revert "Update XDR_iocs.yml (#7494)" (#7495) This reverts commit 8c85884a101b35f14589d1d12080118bca09ad60. * unskip zerofox (#7584) * unskip zerofox * test pb update * Get file sample TF fix (#7594) * unskip * moved to non circle tests dir * moved to global non circle tests dir * deleted from conf.json * Nightly failures (#7589) * Skipped nightly failures * Un-skipped infoblox * Skipped tonight's failing tests * Skipping failing tests * Skipping failing tests * Skipped traps * Skipped traps * Added timeout to "Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test * Skipped Test - Cofense Intelligence * Skipped Test - Cofense Intelligence * Skipped nightly failures * Skipped nightly test failures * Un-mocked josecurity * unskipped akamai * Flake8 phase6 (#7546) * vulndb and infoblox lint fixes * feed azure" * rns * revert mispv2 docker update * fix rns * Flake8 phase4 (#7542) * GoogleCloudTranslate lint fixes * Okta v2 lint fixes * Okta v2 lint fixes * JsonWhoIs lint fixes * GenericSQL lint fixes * AKAMAI lint fixes * added dockerimage45 * Revert "added dockerimage45" This reverts commit f68ccd33 * fix rns * unskip from nightly (#7596) * TimeStampCompare empty tag fixed (#7598) * drained all tags * docker image update * changelog update * Updated Co-authored-by: Alex Fiedler <[email protected]> * added all level packs dependencies (#7563) * ThreatX - increase test timeout (#7599) * increase threatx test timeout * change timeout to 600 secs * Flake8 phase12 (#7605) * OpenLDAP lint fixes * KennaV2 lint fixes * Forescout lint fixes * Flake8 phase5 (#7545) * Claroty lint fixes * MongoDB lint fixes * Tanium lint fixes * added dockerimage45 * Hello world fixes * revert dockerimage45 * fix rns * Mongo lint fixes * Office365 feed - Updated integration description. (#7606) * Office 365 Feed - Updated integration description. * update pack desc * update dockerimage * added Full Incident Enrichment (#7034) * Add PA113 ignore error (#7611) * Improved bad response handling (#7443) * Improved bad response handling Co-authored-by: halpert <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> * Uploader - summary fix (#7610) * fixed summary print * fixed pack author path * minor print fixes * Hod/rtir attachment parsing (#7424) * Improved attachment parsing Co-authored-by: halpert <[email protected]> * EWS v2 - handle exceptions in fetch incidents (#7559) * raise error str in fetch incidents * add traceback print * Updated Co-authored-by: Alex Fiedler <[email protected]> * reverting unrelated changes (#7591) * Deprecated old Dedup test playbook (#7586) * moved tpb * skipping tpb * Revert "skipping tpb" This reverts commit 858f9a1b * changed test of scripts to v2 * unskipped dedup generic test * Move RegPathReputationBasicLists test to D2 pack (#7619) * skipping tpb * Revert "skipping tpb" This reverts commit 858f9a1b * moved tpb to D2 pack * skip validate files on nightly run (#7617) * Run zipping packs only on master (#7616) * run zip_packs only on master * run zip_packs only on master changes * skipped test playbooks remove * cleaning mock debug prints (#7439) * Changed integrations key to integration (#7566) * Flake8 phase9 (#7602) * lint fixes ExtractDomainAndFQDNFromUrlAndEmail_test * Tanium_v2 lint fixes * Panorama lint fixes * ConvertFile_test lint fixes * FidelisEndpoint lint fixes * Flake8 phase11 (#7603) * AttackIQFireDrill lint fixes * CortexDataLake lint fixes * ServiceNowv2 lint fixes * Akamai_WAF lint fixes * MongoDBLog lint fixes * revert mongodb * rm mongo * Flake8 phase 7 (#7551) * Crowdstrikefalcon, code42, ms graph calendaer, ms defender atp lint fixes * Update Packs/Code42/Integrations/Code42/Code42.yml Co-authored-by: Itay Keren <[email protected]> * update code42 docker image * revert code42 docker image Co-authored-by: Itay Keren <[email protected]> * Flake8 phase2 (#7521) * fix rasterize lints * AlienVault format fixes * AlienVault and cherwell format fixes * fix docker images * remove unwanted changes * fix rns * added dockerimage45 * Revert "added dockerimage45" This reverts commit cbc6487b * Revert "Revert "added dockerimage45"" This reverts commit 35d3aff2 * fix rns * remove dockerimage45 * Powershall howto cleanup (#7286) * Added power-shell automation how-to * Changed typo in integration key * Intentionally failed infoblox test to have the machine running * Intentionally failed infoblox test to have the machine running * Un-skipped infoblox * Failed infoblox intentionally * Edited powershell automation howto * Edited powershell integration howto * Fixed typo * Made sure Infoblox will not fail * Hello world fetch incidents addition (#7214) * Added a condition to prevent duplicates * Changed the unit-test last fetch time * changelog * CR fixes * validate fixes * Added a new RN version * Integration instance config (#7422) * Added %%SERVER_HOST%% placeholder * changed something in taxii to run test * minor fix * moved to the right place * support for server keys * support for server keys * minor fix * check if server_keys run * check if server_keys run * check if server_keys run * pre-defined integration instance name * fix for server_keys * Changed TAXII tpb * deleting instances by name before creating new ones * Added logic to test instances as well * removed the change from TAXII feed * CR fixes * merge from master * Revert "merge from master" This reverts commit fb869fd8 * Added sleep for TAXII tpb * Make conf json redundant (#7124) * Make conf json redundant * Fix CR * Fix CR comments * Added a msg about the number of tests added to the conf.json * adding artifact + removing from conf.json for testing purposes * fixing yml structure * removing old usage * Update update_conf_json.py * Update Gmail.yml * adding nicer print to conf.json update output + reverting the changes to the conf.json * Mongodb: nested dicts fix (#7625) * Fixed an issue where nested dictionaries containing a datetime object were not parsed properly. * fix cr" * ServiceNow - added retry mechanism for status code 401 (#7614) * added retry mechanism for status code 403 * remove blank line * add 401 not authenticated test * add negative unauthenticated test * bump pack version * Adding documentaion * Support AWS Security Groups with only one ingress rule (#7592) (#7626) * Support AWS Security Groups with only one inbound rule * Add release notes to AWS-EC2 pack * Bump docker image tag to latest Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: Lindsey Smith <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: syaakovi <[email protected]> * Documentation fixes (#7507) * add image * update missing image * fix link * fix link * fix links * fix regexes * fix links * fix links * fix links * fix links * fix typo * secrets * Fix cfw extra arg (#7628) * Removed an unused argument ipname from **checkpoint-block-ip** command. * Deprecate an unused argument ipname from **checkpoint-block-ip** command. * removed deprecated arg from documentation * Updated Co-authored-by: Alex Fiedler <[email protected]> * Flake8 phase10 (#7604) * AutoFocusV2 lint fixes * MicrosoftGraphFiles_test.py lint fix * CarbonBlackEnterpriseEDR lint fix * FeedCofense lint fix * AzureSentinel_test lint fixes * csp bugfix (#7472) * unit test is failing * bug fix * updated tests * docs update * 1.0.7 RN * 1.0.8 RN * 1.0.9 RN * [HelloWorld] Minor yml update (#7448) (#7630) * Added additionalinfo tooltip to integration parameters * updated releasenotes to 1.1.4 * Update Packs/HelloWorld/Integrations/HelloWorld/HelloWorld.yml * Updated Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: Francesco Vigo <[email protected]> Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> * Okta zones - playbook and enhancement (#7620) * Okta zones - playbook and enhancement (#7137) * Okta V2 - Add commands for Network Zones * IP Whitelisting - add Okta Zone playbook * Whitelist playbook - Add Okta * Okta V2 - fix yaml and secrets ignore * Added playbook image * Uploading playbook image * Added playbook image * Setting author to Cortex XSOAR Co-authored-by: Anar Azadaliyev <[email protected]> * Removing email contact Co-authored-by: Anar Azadaliyev <[email protected]> * Setting URL in content pack metadata Co-authored-by: Anar Azadaliyev <[email protected]> * Okta V2 Zones fixes + unit tests + outputs * Okta V2 test - fix linter error * IP Whitelist pack - remove depe * Okta Zone playbook - move to Okta pack and update readme * Updated whitelist language * Updated new content * Removing pack + okta code fixes Removing IPWhitelist pack - sorting content into packs * Commit playbook images * Okta V2 code fixes * Egress Playbook fixes Renamed tasks, moved group names into playbook inputs * Update README and images * Update Okta V2 README with new commands * Added release notes, fixed integration name in conf.json * Remove unused import * Updated release notes. * Release notes for Legacy pack * Updating playbook images * Modified playbook text and READMEs * Update playbook-IP_Whitelist_-_AWS_Security_Group.yml * Update playbook-IP_Whitelist_-_GCP_Firewall.yml * Update Okta_v2.yml * Update playbook-Allow_IP_-_Okta_Zone.yml * Update playbook-Allow_IP_-_Okta_Zone_README.md * Update playbook-Prisma_Access_Whitelist_Egress_IPs_on_SaaS_Services.yml Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: yaron-libman <[email protected]> * move comparelists * delete Legacy pack * fix build * update version of CommonScripts Co-authored-by: Lior Kolnik <[email protected]> Co-authored-by: Anar Azadaliyev <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: yaron-libman <[email protected]> * SentinelOne v2 - improve date string handling (#7612) * add test for event with unexpected timeformat * parse dateoccurred to datetime * Updated * bump docker image Co-authored-by: Alex Fiedler <[email protected]> * Add ML collect data script (#7621) * Add ML collect data script * Add ML collect data scriptAdd ML collect data script Co-authored-by: eharush <[email protected]> * Update configure_and_test_integration_instances.py (#7645) * RedCanary - improve endpoint context standard handling (#7636) * add test for endpoint without mac address * improved implementation of get_endpoint_context * fix flake8 report in unit test * add condition to check if address_attributes * Updated. Co-authored-by: Alex Fiedler <[email protected]> * removed resource class (#7642) * set entities timeframe to 1 hour and skip in case no entities found (#7634) * SecureWorks - enhance README with incident fetch details (#7595) * update readme with fetch incidents notes * update readme with fetch incidents notes * Fixed recently created release notes files to new standard (#7644) * Pcapminer v2 post fix (#7150) * Reopening PR after fix * revert to preplaybook * revert to preplaybook + unit test fix * description * find path for testdata * remove rsa_key + try to fix testdata unittest * unittest fix * move test file to folder * unnittest fix * remove iterate and packets to analyze * run on a different docker each run * change Pcap to PCAP + add "All" option for protocol output * Updated * Readme * last additions * David fixes * uppercase * rsa_key fix + Capital PCAP in README * test fix * join 2 tests into one Co-authored-by: Alex Fiedler <[email protected]> * Added client re-creation to prevent api-key expiration (#7648) * Added https connection and SSL verification (#7631) * Added https connection and SSL verification * added rn * removed unnecessary keys * Updated Co-authored-by: Alex Fiedler <[email protected]> * timestamp_to_datestring uses `utcfromtimestamp` (#7488) * timestamp_to_datestring uses `utcfromtimestamp` (#7407) * timestamp_to_datestring uses `utcfromtimestamp` `timestamp_to_datestring`'s default date format includes Z for the time zone. However, it uses `datetime.fromtimestamp` which is in localtime. This yields incorrect results when the default time zone is anything other than UTC. The `epochToTimestamp` function in the same file does correctly use `utcfromtimestamp`. This commit corrects and normalizes the timestamp processing. * Added release notes Co-authored-by: halpert <[email protected]> * Adding condition for timestamp format Co-authored-by: Henry Stern <[email protected]> Co-authored-by: halpert <[email protected]> * Remove deprecated CloseInvestigation task from playbooks (#7653) * skipping tpb * Revert "skipping tpb" This reverts commit 858f9a1b * replaced CloseInvestigation tasks with Done section headers * small fix in TestIsValueInArray * Add a new pack for HIPAA (#7382) * Add a new pack for HIPAA * Changed playbook * Changed playbook * Added changelogs * Created pack release notes. * Cahngedrelease notes * Update playbook-HIPAA_-_Breach_Notification.yml * Updated playbook and layout * Changed HIPAA pack metadata and change the location of the incident fields. * Removed test changes * Removed test changes * Generated playbook readme Co-authored-by: yaron-libman <[email protected]> * Adding pagination mechanism for url logs request (#7277) Co-authored-by: halpert <[email protected]> * symantec dlp: permissions section (#7581) * dlp permissions section * Updated * upate troubleshooting Co-authored-by: Alex Fiedler <[email protected]> * Microsoft Defender ATP - set scope to default (#7647) * updated scope to atp default * Updated Co-authored-by: Alex Fiedler <[email protected]> * Added logs for uncommited items (#7607) Co-authored-by: hod-alpert <[email protected]> * Added support for exclude passed checks (#7501) * Added support for exclude passed checks * Updated * Updated * dockerimage Co-authored-by: Alex Fiedler <[email protected]> * CDL - set temp creds dbfile (#7659) * set temp creds dbfile * use fixed temp file for caching between runs * add packs tags (#7651) * Added * Skipped PerceptionPoint Co-authored-by: dbaumstein <[email protected]> * remove test playbook from skipped tests (#7548) * remove test playbook from skipped tests * remove Akamai_WAF_SIEM-Test from skipped * [infocyte-604] Infocyte Pack (#7480) (#7666) * wip infocyte integration * fix format on yml file * Add tests * small update to yml * bug fixes from testing * Got tests running interactively (wip) * Working with Returns functions (wip) * Add test playbook * simplify test playbook * simplify test playbook * All tests now pass * Bug fixes and response to PR comments * finished refining README + small format bug fixes * remove api keys * markdown formating updates * update logo to spec * Updated. * small fix * Passes the tests * Add descriptions to playbook * Updated * Fixed a typo * fix back the docker version * Remove custom ReturnOutputs and fix typo * fix fetch-incidents and playbook modifications * fetch-incidents to use Demisto.incidents() * add fromversion * remove packages-microsoft-prod.deb * add description field to task 1 * rename to *.Tests.ps1 Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: Guy Lichtman <[email protected]> Co-authored-by: Chris <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: Guy Lichtman <[email protected]> * secret * Cortex xdr enhancement (#7262) * add comments again * readd tests * add unit testing files * 1. fix dt problems 2. fix mardown * fix unit testing * fix generic playbook * remove default params * add get quarantine status polling playbook * fix flake8 issues * update docker image * add changes to CHANGELOG * add README to get-quarantine-status playbook 2. add release notes * change release notes version * 1. add commands examples 2. change fromversion in qaurantine playbook * Update Packs/CortexXDR/Playbooks/Cortex_XDR_-_quarantine_file.yml Co-authored-by: Shai Yaakovi <[email protected]> * 1. change playbook name 2. change from version value * add back from version and change version to -1 * change playbook name * change playbook name * change playbook name * update from version * remove tests field from yml * add test field to yml * remove special character from docstring * in get_quarantine_status add a check if the reply type before access its content * change from version * 1. add descriptions in yml 2. create another test playbook * add descriptions * add release notes * add release notes * Updated * Updated * Updated * Updated * Update Cortex_XDR_-_quarantine_file.yml * update docker image Co-authored-by: Shai Yaakovi <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: yaron-libman <[email protected]> * Instance test enhancments (#7624) * Added failed instances to file artifact * Added failed instances to file artifact * Changed machine setup for debugging * Added devops comment back * Fixed slack message * Added https * Reverted config changes * Indentation fix * removed debugging * removed debugging * handled previous command error handling * Microsoft Teams - handle notifications from server (#7661) * handle notifications from server * bump docker image tag * Updated * refactor unclassified to unknown Co-authored-by: Alex Fiedler <[email protected]> * tpb * TPBs Co-authored-by: Itay Keren <[email protected]> Co-authored-by: Alex Fiedler <[email protected]> Co-authored-by: Shai Yaakovi <[email protected]> Co-authored-by: yuvalbenshalom <[email protected]> Co-authored-by: Bar Katzir <[email protected]> Co-authored-by: Eddie Lebow <[email protected]> Co-authored-by: Mike Saurbaugh <[email protected]> Co-authored-by: Shelly Berman <[email protected]> Co-authored-by: content-bot <[email protected]> Co-authored-by: Todd Murchison <[email protected]> Co-authored-by: syaakovi <syaako…
avidan-H
pushed a commit
that referenced
this pull request
Jul 12, 2020
ShahafBenYakir
pushed a commit
that referenced
this pull request
Nov 11, 2021
Pulled latest changes from demisto/content
ShahafBenYakir
added a commit
that referenced
this pull request
May 2, 2022
darkushin
added a commit
that referenced
this pull request
Aug 8, 2023
ostolero
pushed a commit
that referenced
this pull request
Aug 8, 2023
tkatzir
pushed a commit
that referenced
this pull request
Dec 20, 2023
samuelFain
added a commit
that referenced
this pull request
Apr 16, 2024
maimorag
pushed a commit
that referenced
this pull request
May 9, 2024
* Gem Security pack Commit Pack includes: 1 Automation 3 Classifiers 16 Incident Fields 1 Incident Type 1 Integration 1 Layout 3 Playbooks 1 Pre-process Rule * Ci fix (#5) * Fix post commit validation issues * Fix tests coverage * Fix indent (#6) * Cr fix (#7) * Fix playbooks * Format playbooks and fix Gem Alert Classifier * Fix blank space in Gem Layout * Fix incident fields * Fix cr (#8) * Fix double line * Update playbooks (#9)
maimorag
pushed a commit
that referenced
this pull request
May 9, 2024
* Gem Security pack Commit Pack includes: 1 Automation 3 Classifiers 16 Incident Fields 1 Incident Type 1 Integration 1 Layout 3 Playbooks 1 Pre-process Rule * Ci fix (#5) * Fix post commit validation issues * Fix tests coverage * Fix indent (#6) * Cr fix (#7) * Fix playbooks * Format playbooks and fix Gem Alert Classifier * Fix blank space in Gem Layout * Fix incident fields * Fix cr (#8) * Fix double line * Update playbooks (#9) Co-authored-by: Lior Maman <[email protected]>
pal-xmco
pushed a commit
to pal-xmco/content
that referenced
this pull request
Jun 19, 2024
* Gem Security pack Commit Pack includes: 1 Automation 3 Classifiers 16 Incident Fields 1 Incident Type 1 Integration 1 Layout 3 Playbooks 1 Pre-process Rule * Ci fix (demisto#5) * Fix post commit validation issues * Fix tests coverage * Fix indent (demisto#6) * Cr fix (demisto#7) * Fix playbooks * Format playbooks and fix Gem Alert Classifier * Fix blank space in Gem Layout * Fix incident fields * Fix cr (#8) * Fix double line * Update playbooks (demisto#9) Co-authored-by: Lior Maman <[email protected]>
samuelFain
added a commit
that referenced
this pull request
Jul 4, 2024
inbalapt1
pushed a commit
that referenced
this pull request
Jul 4, 2024
samuelFain
added a commit
that referenced
this pull request
Jul 9, 2024
…35310) * Updated docker image to demisto/python3:3.10.14.100715. PR batch #1/19 (#35234) * Updated docker image to demisto/python3:3.10.14.100715. PR batch #9/19 (#35242) * Updated docker image to demisto/python3:3.10.14.100715. PR batch #8/19 (#35241) * Updated docker image to demisto/python3:3.10.14.100715. PR batch #7/19 (#35240) * Updated docker image to demisto/python3:3.10.14.100715. PR batch #4/19 (#35237) * Updated docker image to demisto/python3:3.10.14.100715. PR batch #11/19 (#35244) * Updated docker image to demisto/python3:3.10.14.100715. PR batch #19/19 (#35252) * Updated docker image to demisto/python3:3.10.14.100715. PR batch #3/19 (#35236) * Updated docker image to demisto/python3:3.10.14.100715. PR batch #10/19 (#35243) * Updated docker image to demisto/python3:3.10.14.100715. PR batch #12/19 (#35245) Co-authored-by: Tal Zichlinsky <[email protected]> * Updated docker image to demisto/python3:3.10.14.100715. PR batch #13/19 (#35246) Co-authored-by: Tal Zichlinsky <[email protected]> * Updated docker image to demisto/python3:3.10.14.100715. PR batch #14/19 (#35247) Co-authored-by: Tal Zichlinsky <[email protected]> * Updated docker image to demisto/python3:3.10.14.100715. PR batch #17/19 (#35250) Co-authored-by: Tal Zichlinsky <[email protected]> * demisto/python3:3.10.14.100715 | 0-100 | PR batch #15/19 (#35248) * Updated docker image to demisto/python3:3.10.14.100715. PR batch #15/19 * Fix text encoding * Update Pulsedive.yml --------- Co-authored-by: Tal Zichlinsky <[email protected]> * demisto/python3:3.10.14.100715 | 0-100 | PR batch #16/19 (#35249) * Updated docker image to demisto/python3:3.10.14.100715. PR batch #16/19 * Update ThousandEyes.yml --------- Co-authored-by: Tal Zichlinsky <[email protected]> * demisto/python3:3.10.14.100715 | 0-100 | PR batch #2/19 (#35235) * Updated docker image to demisto/python3:3.10.14.100715. PR batch #2/19 * pre-commit fixes * fix --------- Co-authored-by: [email protected] <[email protected]> * demisto/python3:3.10.14.100715 | 0-100 | PR batch #6/19 (#35239) * Updated docker image to demisto/python3:3.10.14.100715. PR batch #6/19 * Empty commit * fixes * fix * space * fix --------- Co-authored-by: [email protected] <[email protected]> * demisto/python3:3.10.14.100715 | 0-100 | PR batch #5/19 (#35238) * Updated docker image to demisto/python3:3.10.14.100715. PR batch #5/19 * fixes * Empty commit * Empty commit * Empty commit * Empty commit --------- Co-authored-by: [email protected] <[email protected]> Co-authored-by: inbalapt1 <[email protected]> * Updated docker image to demisto/python3:3.10.14.100715. PR batch #18/19 (#35251) Co-authored-by: Tal Zichlinsky <[email protected]> * Update RN * Empty commit to re-trigger build pipeline --------- Co-authored-by: Tal Zichlinsky <[email protected]> Co-authored-by: [email protected] <[email protected]> Co-authored-by: inbalapt1 <[email protected]>
inbalapt1
pushed a commit
that referenced
this pull request
Oct 31, 2024
inbalapt1
added a commit
that referenced
this pull request
Nov 6, 2024
* Updated docker image to demisto/python3:3.11.10.113941. PR batch #4/7 (#36995) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.113941. PR batch #3/7 (#36994) Co-authored-by: root <root@1e2de18e0cc3> * Updated docker image to demisto/python3:3.11.10.113941. PR batch #7/7 (#36998) Co-authored-by: root <root@1e2de18e0cc3> * demisto/python3:3.11.10.113941 | 0-100 | PR batch #2/7 (#36993) * Updated docker image to demisto/python3:3.11.10.113941. PR batch #2/7 * Update IPNetwork.yml --------- Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: inbalapt1 <[email protected]> * Updated docker image to demisto/python3:3.11.10.113941. PR batch #1/7 (#36992) Co-authored-by: root <root@1e2de18e0cc3> * demisto/python3:3.11.10.113941 | 0-100 | PR batch #6/7 (#36997) * Updated docker image to demisto/python3:3.11.10.113941. PR batch #6/7 * fix UTC * remove paloaltonetworks_iot --------- Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: [email protected] <[email protected]> * update release notes * Bump pack from version MicrosoftExchangeOnline to 1.5.13. --------- Co-authored-by: content-bot <[email protected]> Co-authored-by: root <root@1e2de18e0cc3> Co-authored-by: Content Bot <[email protected]>
inbalapt1
pushed a commit
that referenced
this pull request
Nov 7, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added client-side D2 agent scripts in JS for both Rekall and Winpmem. Also added their descriptions and argument details into scripts.json.
Please review.