From 689c82712675e893d5ada69174d34ac8ad33bfc3 Mon Sep 17 00:00:00 2001 From: Panthemicolon Date: Fri, 14 Nov 2025 16:40:57 +0100 Subject: [PATCH 1/9] Add Detection Note commands These allow adding, updating and removing Notes to detections, based on the implementation for the Entity Notes --- .../Integrations/VectraXDR/VectraXDR.py | 329 ++++++++++++++++++ .../Integrations/VectraXDR/VectraXDR.yml | 201 +++++++++-- .../VectraXDR/VectraXDR_description.md | 2 +- 3 files changed, 503 insertions(+), 29 deletions(-) diff --git a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.py b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.py index 58640aefb7a1..5f827b7e520f 100644 --- a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.py +++ b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.py @@ -84,7 +84,9 @@ "GROUP_ENDPOINT": "/api/v3.3/groups", "ENTITY_ENDPOINT": "/api/v3.3/entities", "DETECTION_ENDPOINT": "/api/v3.3/detections", + "ADD_AND_LIST_DETECTION_NOTE_ENDPOINT": "/api/v3.3/detections/{}/notes", "ADD_AND_LIST_ENTITY_NOTE_ENDPOINT": "/api/v3.3/entities/{}/notes", + "UPDATE_AND_REMOVE_DETECTION_NOTE_ENDPOINT": "/api/v3.3/detections/{}/notes/{}", "UPDATE_AND_REMOVE_ENTITY_NOTE_ENDPOINT": "/api/v3.3/entities/{}/notes/{}", "ENTITY_TAG_ENDPOINT": "/api/v3.3/tagging/entity/{}", "ASSIGNMENT_ENDPOINT": "/api/v3.3/assignments", @@ -422,6 +424,23 @@ def list_entity_note_request(self, entity_id: int = None, entity_type: str = Non ) return notes + def list_detection_note_request(self, detection_id: int = None) -> dict: + """ + List entity notes. + + Args: + entity_id (int): The ID of the detection to get the notes for. + + Returns: + Dict: Response from the API. + """ + notes = self.http_request( + method="GET", + url_suffix=ENDPOINTS["ADD_AND_LIST_DETECTION_NOTE_ENDPOINT"].format(detection_id), + response_type="json", + ) + return notes + def add_entity_note_request(self, entity_id: int = None, entity_type: str = None, note: str = None) -> dict: """ Add a note to an entity. @@ -445,6 +464,26 @@ def add_entity_note_request(self, entity_id: int = None, entity_type: str = None ) return notes + def add_detection_note_request(self, detection_id: int = None, note: str = None) -> dict: + """ + Add a note to an detection. + + Args: + detection_id (int): The ID of the detection to add the note to. + note (str): The note to add. + + Returns: + Dict: Response from the API containing the added note. + """ + data = {"note": note} + notes = self.http_request( + method="POST", + url_suffix=ENDPOINTS["ADD_AND_LIST_DETECTION_NOTE_ENDPOINT"].format(detection_id), + data=data, + response_type="json", + ) + return notes + def update_entity_note_request( self, entity_id: int = None, entity_type: str = None, note: str = None, note_id: int = None ) -> dict: @@ -471,6 +510,27 @@ def update_entity_note_request( ) return notes + def update_detection_note_request(self, detection_id: int = None, note: str = None, note_id: int = None) -> dict: + """ + Updates the note of an entity. + + Args: + entity_id (int): The ID of the detection to update the note for. + note (str): The updated note for the detection. + note_id (int): The ID of the note to be updated. + + Returns: + Dict: Response from the API containing the updated note details. + """ + data = {"note": note} + notes = self.http_request( + method="PATCH", + url_suffix=ENDPOINTS["UPDATE_AND_REMOVE_DETECTION_NOTE_ENDPOINT"].format(detection_id, note_id), + data=data, + response_type="json", + ) + return notes + def remove_entity_note_request(self, entity_id: int = None, entity_type: str = None, note_id: int = None): """ Removes a note from an entity. @@ -492,6 +552,24 @@ def remove_entity_note_request(self, entity_id: int = None, entity_type: str = N ) return res + def remove_detection_note_request(self, detection_id: int = None, note_id: int = None): + """ + Removes a note from an entity. + + Args: + entity_id (int): The ID of the detection to remove the note from. + note_id (int): The ID of the note to be removed. + + Returns: + Dict: Response from the API confirming the removal of the note. + """ + res = self.http_request( + method="DELETE", + url_suffix=ENDPOINTS["UPDATE_AND_REMOVE_DETECTION_NOTE_ENDPOINT"].format(detection_id, note_id), + response_type="response", + ) + return res + def update_entity_tags_request(self, entity_id: int = None, entity_type: str = None, tags: List = None) -> dict: """ Update tags to an entity. @@ -1063,6 +1141,21 @@ def validate_entity_note_list_command_args(args: dict[Any, Any]): raise ValueError(ERRORS["INVALID_COMMAND_ARG_VALUE"].format("entity_type", ", ".join(VALID_ENTITY_TYPE))) +def validate_detection_note_list_command_args(args: dict[Any, Any]): + """ + Validates the arguments provided for the detection list add command. + + Args: + args (dict[Any, Any]): The arguments dictionary. + + Raises: + ValueError: If any of the arguments are invalid. + """ + entity_id = args.get("detection_id") + # Validate detection_id value + validate_positive_integer_arg(entity_id, arg_name="detection_id", required=True) + + def validate_entity_note_add_command_args(args: dict[Any, Any]): """ Validates the arguments provided for the entity note add command. @@ -1088,6 +1181,25 @@ def validate_entity_note_add_command_args(args: dict[Any, Any]): raise ValueError(ERRORS["REQUIRED_ARGUMENT"].format("note")) +def validate_detection_note_add_command_args(args: dict[Any, Any]): + """ + Validates the arguments provided for the detection note add command. + + Args: + args (dict[Any, Any]): The arguments dictionary. + + Raises: + ValueError: If any of the arguments are invalid. + """ + note = args.get("note") + detection_id = args.get("detection_id") + # Validate detection_id value + validate_positive_integer_arg(detection_id, arg_name="detection_id", required=True) + # Validate entity_type value + if not note: + raise ValueError(ERRORS["REQUIRED_ARGUMENT"].format("note")) + + def validate_entity_note_update_command_args(args: dict[Any, Any]): """ Validates the arguments provided for the entity note update command. @@ -1115,6 +1227,28 @@ def validate_entity_note_update_command_args(args: dict[Any, Any]): raise ValueError(ERRORS["REQUIRED_ARGUMENT"].format("note")) +def validate_detection_note_update_command_args(args: dict[Any, Any]): + """ + Validates the arguments provided for the entity note update command. + + Args: + args (dict[Any, Any]): The arguments dictionary. + + Raises: + ValueError: If any of the arguments are invalid. + """ + note = args.get("note") + detection_id = args.get("detection_id") + note_id = args.get("note_id") + # Validate detection_id value + validate_positive_integer_arg(detection_id, arg_name="detection_id", required=True) + # Validate note_id value + validate_positive_integer_arg(note_id, arg_name="note_id", required=True) + # Validate note value + if not note: + raise ValueError(ERRORS["REQUIRED_ARGUMENT"].format("note")) + + def validate_entity_note_remove_command_args(args: dict[Any, Any]): """ Validates the arguments provided for the entity note update command. @@ -1139,6 +1273,24 @@ def validate_entity_note_remove_command_args(args: dict[Any, Any]): raise ValueError(ERRORS["INVALID_COMMAND_ARG_VALUE"].format("entity_type", ", ".join(VALID_ENTITY_TYPE))) +def validate_detection_note_remove_command_args(args: dict[Any, Any]): + """ + Validates the arguments provided for the entity note update command. + + Args: + args (dict[Any, Any]): The arguments dictionary. + + Raises: + ValueError: If any of the arguments are invalid. + """ + detection_id = args.get("detection_id") + note_id = args.get("note_id") + # Validate detection_id value + validate_positive_integer_arg(detection_id, arg_name="detection_id", required=True) + # Validate note_id value + validate_positive_integer_arg(note_id, arg_name="note_id", required=True) + + def validate_entity_tag_add_command_args(args: dict[Any, Any]): """ Validates the arguments provided for the entity tag add command. @@ -1906,6 +2058,43 @@ def get_list_entity_notes_command_hr(notes: dict, entity_id: Optional[int], enti return human_readable +def get_list_detection_notes_command_hr(notes: dict, detection_id: Optional[int]) -> str: + """ + Returns the human-readable output for the detection notes. + + Args: + notes (Dict): The assignment details dictionary. + detection_id (Optional[int]): Detection ID. + + Returns: + str: The human-readable output. + """ + hr_dict = [] + for note in notes: + note["note_id"] = note["id"] + note.update({"detection_id": detection_id}) + + hr_dict.append( + { + "Note ID": note.get("id"), + "Note": note.get("note"), + "Created By": note.get("created_by"), + "Created Date": note.get("date_created"), + "Modified By": note.get("modified_by"), + "Modified Date": note.get("date_modified"), + } + ) + + # Prepare human-readable output table + human_readable = tableToMarkdown( + "Detection Notes Table", + hr_dict, + ["Note ID", "Note", "Created By", "Created Date", "Modified By", "Modified Date"], + removeNull=True, + ) + return human_readable + + def get_group_list_command_hr(groups: List): """ Converts a list of groups into a human-readable table format. @@ -2669,6 +2858,42 @@ def vectra_entity_note_list_command(client: VectraClient, args: dict[str, Any]): ) +def vectra_detection_note_list_command(client: VectraClient, args: dict[str, Any]): + """ + List entity notes. + + Args: + client (VectraClient): An instance of the VectraClient class. + args (Dict[str, Any]): The command arguments provided by the user. + + Returns: + CommandResults: The command results containing the outputs, readable output, raw response, and outputs key field. + """ + validate_detection_note_list_command_args(args) + # Get function arguments + detection_id = arg_to_number(args.get("detection_id"), arg_name="detection_id", required=True) + + # Call Vectra API to add entity note + notes = client.list_detection_note_request(detection_id=detection_id) # type: ignore + notes = remove_empty_elements(notes) + if notes: + human_readable = get_list_detection_notes_command_hr(notes, detection_id) + + context = [createContext(note) for note in notes] + + return CommandResults( + outputs_prefix="Vectra.Detection.Notes", + outputs=context, + readable_output=human_readable, + raw_response=notes, + outputs_key_field=["detection_id", "note_id"], + ) + else: + return CommandResults( + outputs={}, readable_output="##### Couldn't find any notes for provided detection.", raw_response=notes + ) + + def vectra_entity_note_add_command(client: VectraClient, args: dict[str, Any]): """ Adds a note to an entity in Vectra API. @@ -2704,6 +2929,40 @@ def vectra_entity_note_add_command(client: VectraClient, args: dict[str, Any]): ) +def vectra_detection_note_add_command(client: VectraClient, args: dict[str, Any]): + """ + Adds a note to an detection in Vectra API. + + Args: + client (VectraClient): An instance of the VectraClient class. + args (Dict[str, Any]): The command arguments provided by the user. + + Returns: + CommandResults: The command results containing the outputs, readable output, raw response, and outputs key field. + """ + validate_detection_note_add_command_args(args) + # Get function arguments + detection_id = arg_to_number(args.get("detection_id"), arg_name="detection_id", required=True) + note = args.get("note") + + # Call Vectra API to add entity note + notes = client.add_detection_note_request(detection_id=detection_id, note=note) # type: ignore + if notes: + notes["note_id"] = notes["id"] + notes.update({"detection_id": detection_id}) + + human_readable = "##### The note has been successfully added to the detection." + human_readable += f"\nReturned Note ID: **{notes['note_id']}**" + + return CommandResults( + outputs_prefix="Vectra.Detection.Notes", + outputs=createContext(remove_empty_elements(notes)), + readable_output=human_readable, + raw_response=notes, + outputs_key_field=["detection_id", "note_id"], + ) + + def vectra_entity_note_update_command(client: VectraClient, args: dict[str, Any]): """ Updates a note to an entity in Vectra API. @@ -2744,6 +3003,44 @@ def vectra_entity_note_update_command(client: VectraClient, args: dict[str, Any] ) +def vectra_detection_note_update_command(client: VectraClient, args: dict[str, Any]): + """ + Updates a note to a detection in Vectra API. + + Args: + client (VectraClient): An instance of the VectraClient class. + args (Dict[str, Any]): The command arguments provided by the user. + + Returns: + CommandResults: The command results containing the outputs, readable output, raw response, and outputs key field. + """ + validate_detection_note_update_command_args(args) + # Get function arguments + detection_id = arg_to_number(args.get("detection_id"), arg_name="detection_id", required=True) + note = args.get("note") + note_id = arg_to_number(args.get("note_id"), arg_name="note_id", required=True) + + # Call Vectra API to update entity note + notes = client.update_detection_note_request( + detection_id=detection_id, # type: ignore + note=note, # type: ignore + note_id=note_id, # type: ignore + ) + if notes: + notes["note_id"] = notes["id"] + notes.update({"detection_id": detection_id}) + + human_readable = "##### The note has been successfully updated in the detection." + + return CommandResults( + outputs_prefix="Vectra.Detection.Notes", + outputs=createContext(remove_empty_elements(notes)), + readable_output=human_readable, + raw_response=notes, + outputs_key_field=["detection_id", "note_id"], + ) + + def vectra_entity_note_remove_command(client: VectraClient, args: dict[str, Any]): """ Updates a note to an entity in Vectra API. @@ -2774,6 +3071,34 @@ def vectra_entity_note_remove_command(client: VectraClient, args: dict[str, Any] return CommandResults(outputs={}, readable_output=human_readable) +def vectra_detection_note_remove_command(client: VectraClient, args: dict[str, Any]): + """ + Updates a note to an entity in Vectra API. + + Args: + client (VectraClient): An instance of the VectraClient class. + args (Dict[str, Any]): The command arguments provided by the user. + + Returns: + CommandResults: The command results containing the outputs, readable output, raw response, and outputs key field. + """ + validate_detection_note_remove_command_args(args) + # Get function arguments + detection_id = arg_to_number(args.get("detection_id"), arg_name="detection_id", required=True) + note_id = arg_to_number(args.get("note_id"), arg_name="note_id", required=True) + + # Call Vectra API to remove note + response = client.remove_detection_note_request( + entity_id=detection_id, # type: ignore + note_id=note_id, # type: ignore + ) + if response.status_code == 204: + human_readable = "##### The note has been successfully removed from the entity." + else: + human_readable = "Something went wrong." + return CommandResults(outputs={}, readable_output=human_readable) + + def vectra_entity_tag_add_command(client: VectraClient, args: dict[str, Any]): """ Add tags to an entity. @@ -4162,6 +4487,10 @@ def main(): "vectra-entity-tag-list": vectra_entity_tag_list_command, "vectra-detections-mark-fixed": vectra_detections_mark_fixed_command, "vectra-detections-unmark-fixed": vectra_detections_unmark_fixed_command, + "vectra-detections-note-list": vectra_detection_note_list_command, + "vectra-detections-note-add": vectra_detection_note_add_command, + "vectra-detections-note-update": vectra_detection_note_update_command, + "vectra-detections-note-remove": vectra_detection_note_remove_command, "vectra-assignment-list": vectra_assignment_list_command, "vectra-entity-assignment-add": vectra_entity_assignment_add_command, "vectra-entity-assignment-update": vectra_entity_assignment_update_command, diff --git a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.yml b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.yml index 5f8e1045f31b..b60785da326d 100644 --- a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.yml +++ b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.yml @@ -1061,6 +1061,45 @@ script: - contextPath: Vectra.Entity.Notes.note description: Content of the note. type: String + - arguments: + - default: false + description: Specify the id of the detection. + isArray: false + name: detection_id + required: true + secret: false + - default: false + description: Note to be added in the specified detection_id. + isArray: false + name: note + required: true + secret: false + deprecated: false + description: Add a note to the detection. + execution: false + name: vectra-detections-note-add + outputs: + - contextPath: Vectra.Detection.Notes.entity_id + description: ID of the entity associated with the note. + type: String + - contextPath: Vectra.Detection.Notes.note_id + description: ID of the note. + type: Number + - contextPath: Vectra.Detection.Notes.date_created + description: Date when the note was created. + type: Date + - contextPath: Vectra.Detection.Notes.date_modified + description: Date when the note was last modified. + type: Unknown + - contextPath: Vectra.Detection.Notes.created_by + description: User who created the note. + type: String + - contextPath: Vectra.Detection.Notes.modified_by + description: User who last modified the note. + type: Unknown + - contextPath: Vectra.Detection.Notes.note + description: Content of the note. + type: String - arguments: - default: false description: Specify the id of the entity. @@ -1116,6 +1155,51 @@ script: - contextPath: Vectra.Entity.Notes.note description: Content of the note. type: String + - arguments: + - default: false + description: Specify the id of the detection. + isArray: false + name: detection_id + required: true + secret: false + - default: false + description: Specify the ID of the note. + isArray: false + name: note_id + required: true + secret: false + - default: false + description: Note to be updated for the specified note_id. + isArray: false + name: note + required: true + secret: false + deprecated: false + description: Update a note in the detection. + execution: false + name: vectra-detections-note-update + outputs: + - contextPath: Vectra.Detection.Notes.entity_id + description: ID of the entity associated with the note. + type: String + - contextPath: Vectra.Detection.Notes.note_id + description: ID of the note. + type: Number + - contextPath: Vectra.Detection.Notes.date_created + description: Date when the note was created. + type: Date + - contextPath: Vectra.Detection.Notes.date_modified + description: Date when the note was last modified. + type: Unknown + - contextPath: Vectra.Detection.Notes.created_by + description: User who created the note. + type: String + - contextPath: Vectra.Detection.Notes.modified_by + description: User who last modified the note. + type: Unknown + - contextPath: Vectra.Detection.Notes.note + description: Content of the note. + type: String - arguments: - default: false description: Specify the ID of the entity. @@ -1143,6 +1227,23 @@ script: description: Remove a note from the entity. execution: false name: vectra-entity-note-remove + - arguments: + - default: false + description: Specify the ID of the detection. + isArray: false + name: detection_id + required: true + secret: false + - default: false + description: Specify the ID of the note. + isArray: false + name: note_id + required: true + secret: false + deprecated: false + description: Remove a note from the detection. + execution: false + name: vectra-detections-note-remove - arguments: - default: false description: Provide a list of detection IDs separated by commas or a single detection ID. @@ -1212,16 +1313,16 @@ script: name: entity_id required: true secret: false - - auto: PREDEFINED - default: false + - default: false description: Specify the type of the entity. isArray: false name: entity_type + required: true + secret: false + auto: PREDEFINED predefined: - account - host - required: true - secret: false - default: false description: Comma-separated values of tags to be removed from the entity. isArray: true @@ -1497,12 +1598,12 @@ script: required: true secret: false - default: false - defaultValue: Updated by XSOAR. description: A note to be added for resolving an assignment in the entity. isArray: false name: note required: false secret: false + defaultValue: Updated by XSOAR. - default: false description: Triage rule for resolving an assignment in the entity. isArray: false @@ -1680,34 +1781,38 @@ script: name: entity_ids required: false secret: false - - auto: PREDEFINED - default: false - description: Specify the type of the entity. + - default: false + description: |- + Specify the type of the entity. isArray: false name: entity_type + required: false + secret: false + auto: PREDEFINED predefined: - account - host - required: false - secret: false - - auto: PREDEFINED - default: false - description: Filter by resolved status. + - default: false + description: |- + Filter by resolved status. isArray: false name: resolved + required: false + secret: false + auto: PREDEFINED predefined: - 'True' - 'False' - required: false - secret: false - default: false - description: Filter by user ids of the assignment. Comma-separated values supported. + description: |- + Filter by user ids of the assignment. Comma-separated values supported. isArray: false name: assignees required: false secret: false - default: false - description: Filter by outcome ids of the resolution. Comma-separated values supported. + description: |- + Filter by outcome ids of the resolution. Comma-separated values supported. isArray: false name: resolution required: false @@ -1719,19 +1824,20 @@ script: required: false secret: false - default: false - defaultValue: '1' - description: Enables the caller to specify a particular page of results. + description: |- + Enables the caller to specify a particular page of results. isArray: false name: page required: false secret: false + defaultValue: '1' - default: false - defaultValue: '50' description: Specify the desired page size for the request. isArray: false name: page_size required: false secret: false + defaultValue: '50' deprecated: false description: Returns a list of all assignments. execution: false @@ -1826,19 +1932,19 @@ script: type: String - arguments: - default: false - defaultValue: '1' description: Enables the caller to specify a particular page of results. isArray: false name: page required: false secret: false + defaultValue: '1' - default: false - defaultValue: '50' - description: Specify the desired page size for the request. + description: "Specify the desired page size for the request." isArray: false name: page_size required: false secret: false + defaultValue: '50' deprecated: false description: Returns a list of all entity assignment outcomes. execution: false @@ -1866,16 +1972,16 @@ script: name: entity_id required: true secret: false - - auto: PREDEFINED - default: false - description: Specify the type of the entity. + - default: false + description: "Specify the type of the entity." isArray: false name: entity_type + required: true + secret: false + auto: PREDEFINED predefined: - host - account - required: true - secret: false deprecated: false description: Returns a list of notes for a specified entity. execution: false @@ -1908,6 +2014,45 @@ script: - contextPath: Vectra.Entity.Notes.entity_type description: Type of the entity associated with the note. type: String + - arguments: + - default: false + description: Specify the ID of the detection. + isArray: false + name: detection_id + required: true + secret: false + deprecated: false + description: Returns a list of notes for a specified detection. + execution: false + name: vectra-detections-note-list + outputs: + - contextPath: Vectra.Detection.Notes.note_id + description: ID of the note. + type: Number + - contextPath: Vectra.Detection.Notes.id + description: ID of the note. + type: Number + - contextPath: Vectra.Detection.Notes.date_created + description: Date when the note was created. + type: Date + - contextPath: Vectra.Detection.Notes.date_modified + description: Date when the note was last modified. + type: Unknown + - contextPath: Vectra.Detection.Notes.created_by + description: User who created the note. + type: String + - contextPath: Vectra.Detection.Notes.modified_by + description: User who last modified the note. + type: Unknown + - contextPath: Vectra.Detection.Notes.note + description: Content of the note. + type: String + - contextPath: Vectra.Detection.Notes.entity_id + description: ID of the entity associated with the note. + type: String + - contextPath: Vectra.Detection.Notes.entity_type + description: Type of the entity associated with the note. + type: String - arguments: - auto: PREDEFINED default: false diff --git a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR_description.md b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR_description.md index 42ebc6cf5a7e..400c770f92fe 100644 --- a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR_description.md +++ b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR_description.md @@ -57,4 +57,4 @@ To fetch Vectra XDR Entity follow the next steps: - mirror_tags: This field determines what would be the tag needed to mirror the XSOAR entry out to Vectra XDR. It is a required field for XSOAR to enable mirroring support. - mirror_instance: This field determines from which instance the XSOAR incident was created. It is a required field for XSOAR to enable mirroring support. -For more information about this integration, visit [Vectra's knwoledge base](https://support.vectra.ai/s/article/KB-VS-1692). +For more information about this integration, visit [Vectra's knwoledge base](https://support.vectra.ai/s/article/KB-VS-1692). \ No newline at end of file From 444bc0607e470bea6af3e4ea3db48c1df0bee2fa Mon Sep 17 00:00:00 2001 From: Panthemicolon Date: Wed, 17 Dec 2025 16:27:51 +0100 Subject: [PATCH 2/9] Fix: use correct parameter for remove_detection_note_request --- Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.py b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.py index 5f827b7e520f..8d43b9ea66ba 100644 --- a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.py +++ b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.py @@ -3089,7 +3089,7 @@ def vectra_detection_note_remove_command(client: VectraClient, args: dict[str, A # Call Vectra API to remove note response = client.remove_detection_note_request( - entity_id=detection_id, # type: ignore + detection_id=detection_id, # type: ignore note_id=note_id, # type: ignore ) if response.status_code == 204: From 71fd338e82a2dde12b1278a53e91d5c1b828b1da Mon Sep 17 00:00:00 2001 From: Panthemicolon Date: Thu, 18 Dec 2025 07:43:43 +0100 Subject: [PATCH 3/9] Add Reset-fetch command --- .../Integrations/VectraXDR/VectraXDR.py | 14 +++++++++++++ .../Integrations/VectraXDR/VectraXDR.yml | 21 +++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.py b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.py index 8d43b9ea66ba..83d799646ec9 100644 --- a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.py +++ b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.py @@ -3732,6 +3732,19 @@ def vectra_group_list_command(client: VectraClient, args: dict[str, Any]): ) +def vectra_entity_reset_fetch_command(client: VectraClient, args: dict[str, Any]): + """Reset the Already_fetched state for the given entity + + Args: + client (VectraClient): An instance of the VectraClient class. + args (Dict[str, Any]): The command arguments. + """ + entity_id = args.get("entity_id", "") + entity_type = args.get("entity_type", "") + add_refetch_id_to_integration_context(entity_id=entity_id, entity_type=entity_type) + return CommandResults(readable_output=f"Reset fetch status for {entity_id}-{entity_type}") + + def vectra_group_unassign_command(client: VectraClient, args: dict[str, Any]): """ Unassign members in Group. @@ -4507,6 +4520,7 @@ def main(): "vectra-detection-tag-list": vectra_detection_tag_list_command, "vectra-detection-tag-add": vectra_detection_tag_add_command, "vectra-detection-tag-remove": vectra_detection_tag_remove_command, + "vectra-entity-reset-fetch": vectra_entity_reset_fetch_command, } try: result = None diff --git a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.yml b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.yml index b60785da326d..973ca90e1b66 100644 --- a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.yml +++ b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.yml @@ -2449,6 +2449,27 @@ script: - contextPath: Vectra.Detection.Tags.tags description: A list of tags linked to a detection. type: Unknown + - arguments: + - default: false + description: Specify the id of the entity. + isArray: false + name: entity_id + required: true + secret: false + - auto: PREDEFINED + default: false + description: Specify the type of the entity. + isArray: false + name: entity_type + predefined: + - account + - host + required: true + secret: false + deprecated: false + description: Reset the given entity to refetch incidents. + execution: false + name: vectra-entity-reset-fetch dockerimage: demisto/python3:3.12.12.5490952 feed: false isfetch: true From 3c712ade08f82baf47ab4150bc4ca77dc03d6f76 Mon Sep 17 00:00:00 2001 From: Panthemicolon Date: Thu, 18 Dec 2025 08:56:36 +0100 Subject: [PATCH 4/9] Update Readme and documentation --- .../Integrations/VectraXDR/README.md | 192 ++++++++++++++++++ Packs/VectraXDR/ReleaseNotes/1_2_1.md | 10 + Packs/VectraXDR/pack_metadata.json | 2 +- 3 files changed, 203 insertions(+), 1 deletion(-) create mode 100644 Packs/VectraXDR/ReleaseNotes/1_2_1.md diff --git a/Packs/VectraXDR/Integrations/VectraXDR/README.md b/Packs/VectraXDR/Integrations/VectraXDR/README.md index e379724191cc..d1474d09f8fc 100644 --- a/Packs/VectraXDR/Integrations/VectraXDR/README.md +++ b/Packs/VectraXDR/Integrations/VectraXDR/README.md @@ -2934,3 +2934,195 @@ Remove tags from the detection. >##### Specified tags have been successfully removed for the detection > >Updated list of tags: **tag**, **tag1**, **tag2** + +### vectra-detections-note-remove + +*** +Remove a note from the detection. + +#### Base Command + +`vectra-detections-note-remove` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| detection_id | Specify the ID of the detection. | Required | +| note_id | Specify the ID of the note. | Required | + +#### Context Output + +There is no context output for this command. + +#### Command Example + +```!vectra-detections-note-remove entity_id=1 entity_type=account note_id=1"``` + +#### Context Example + +```json +{} +``` + +### vectra-detections-note-update + +*** +Update a note in the detection. + +#### Base Command + +`vectra-detections-note-update` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| detection_id | Specify the id of the detection. | Required | +| note_id | Specify the ID of the note. | Required | +| note | Note to be updated for the specified note_id. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| Vectra.Detection.Notes.entity_id | String | ID of the entity associated with the note. | +| Vectra.Detection.Notes.note_id | Number | ID of the note. | +| Vectra.Detection.Notes.date_created | Date | Date when the note was created. | +| Vectra.Detection.Notes.date_modified | Unknown | Date when the note was last modified. | +| Vectra.Detection.Notes.created_by | String | User who created the note. | +| Vectra.Detection.Notes.modified_by | Unknown | User who last modified the note. | +| Vectra.Detection.Notes.note | String | Content of the note. | + +#### Command example + +```!vectra-detections-note-update detection_id=1 entity_type=account note_id=1 note="note modified"``` + +#### Context Example + +```json +{ + "Vectra.Detection.Notes(val.entity_id && val.entity_id == obj.entity_id && val.note_id && val.note_id == obj.note_id)": { + "date_created": "2023-06-16T04:55:58Z", + "date_modified": "2023-06-22T04:57:09Z", + "created_by": "test_user", + "modified_by": "test_user", + "note": "note modified", + "note_id": 8, + "entity_id": 1 + } +} +``` + +#### Human Readable Output + +>##### The note has been successfully updated in the entity + +### vectra-detections-note-list + +*** +Returns a list of notes for a specified detection. + +#### Base Command + +`vectra-detections-note-list` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| detection_id | Specify the ID of the detection. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| Vectra.Detection.Notes.note_id | Number | ID of the note. | +| Vectra.Detection.Notes.id | Number | ID of the note. | +| Vectra.Detection.Notes.date_created | Date | Date when the note was created. | +| Vectra.Detection.Notes.date_modified | Unknown | Date when the note was last modified. | +| Vectra.Detection.Notes.created_by | String | User who created the note. | +| Vectra.Detection.Notes.modified_by | Unknown | User who last modified the note. | +| Vectra.Detection.Notes.note | String | Content of the note. | +| Vectra.Detection.Notes.entity_id | String | ID of the entity associated with the note. | +| Vectra.Detection.Notes.entity_type | String | Type of the entity associated with the note. | + +#### Command example + +```!vectra-detections-note-list detection_id=1``` + +### vectra-detections-note-add + +*** +Add a note to the detection. + +#### Base Command + +`vectra-detections-note-add` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| detection_id | Specify the id of the detection. | Required | +| note | Note to be added in the specified detection_id. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| Vectra.Detection.Notes.entity_id | String | ID of the entity associated with the note. | +| Vectra.Detection.Notes.note_id | Number | ID of the note. | +| Vectra.Detection.Notes.date_created | Date | Date when the note was created. | +| Vectra.Detection.Notes.date_modified | Unknown | Date when the note was last modified. | +| Vectra.Detection.Notes.created_by | String | User who created the note. | +| Vectra.Detection.Notes.modified_by | Unknown | User who last modified the note. | +| Vectra.Detection.Notes.note | String | Content of the note. | + +#### Command example + +```!vectra-detections-note-add detection_id=1 note="test note"``` + +#### Context Example + +```json +{ + "Vectra.Detection.Notes(val.entity_id && val.entity_id == obj.entity_id && val.note_id && val.note_id == obj.note_id)": { + "date_created": "2023-06-21T06:19:15.224449Z", + "created_by": "test_user", + "note": "test note", + "note_id": 19, + "entity_id": 1 + } +} +``` + +#### Human Readable Output + +>##### The note has been successfully added to the detection +> +>Returned Note ID: **19** + +### vectra-entity-reset-fetch + +*** +Reset the given entity to refetch incidents. + +#### Base Command + +`vectra-entity-reset-fetch` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| entity_id | Specify the id of the entity. | Required | +| entity_type | Specify the type of the entity. Possible values are: account, host. | Required | + +#### Context Output + +There is no context output for this command. + +#### Command example + +```!vectra-entity-reset-fetch``` diff --git a/Packs/VectraXDR/ReleaseNotes/1_2_1.md b/Packs/VectraXDR/ReleaseNotes/1_2_1.md new file mode 100644 index 000000000000..a3738fcbdb66 --- /dev/null +++ b/Packs/VectraXDR/ReleaseNotes/1_2_1.md @@ -0,0 +1,10 @@ + +#### Integrations + +##### Vectra XDR + +- Added support for **vectra-detections-note-remove** command that remove a note from the detection. +- Added support for **vectra-detections-note-list** command that returns a list of notes for a specified detection. +- Added support for **vectra-detections-note-update** command that update a note in the detection. +- Added support for **vectra-detections-note-add** command that add a note to the detection. +- Added support for **vectra-entity-reset-fetch** command that reset the given entity to refetch incidents. diff --git a/Packs/VectraXDR/pack_metadata.json b/Packs/VectraXDR/pack_metadata.json index 46209151d5f1..18bbcd817b86 100644 --- a/Packs/VectraXDR/pack_metadata.json +++ b/Packs/VectraXDR/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Vectra XDR", "description": "Vectra XDR pack empowers the SOC to create incidents using Vectra AI's Attack Signal Intelligence.", "support": "partner", - "currentVersion": "1.2.0", + "currentVersion": "1.2.1", "author": "Vectra AI", "url": "https://support.vectra.ai", "email": "support@vectra.ai", From 5afa2403c9dfd146a7d40eed7e06825800a60a1c Mon Sep 17 00:00:00 2001 From: Panthemicolon Date: Thu, 18 Dec 2025 09:00:50 +0100 Subject: [PATCH 5/9] Add detection notes example context --- .../Integrations/VectraXDR/README.md | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/Packs/VectraXDR/Integrations/VectraXDR/README.md b/Packs/VectraXDR/Integrations/VectraXDR/README.md index d1474d09f8fc..9dae4d72faea 100644 --- a/Packs/VectraXDR/Integrations/VectraXDR/README.md +++ b/Packs/VectraXDR/Integrations/VectraXDR/README.md @@ -3051,6 +3051,48 @@ Returns a list of notes for a specified detection. ```!vectra-detections-note-list detection_id=1``` +#### Context Example + +```json +{ + "Vectra": { + "Entity": { + "Notes": [ + { + "created_by": "test_user@mail.com", + "date_created": "2023-08-25T07:09:08Z", + "entity_id": 107, + "entity_type": "account", + "id": 1070, + "modified_by": "test_user@mail.com", + "note": "From XSOAR", + "note_id": 1070 + }, + { + "created_by": "test_user@mail.com", + "date_created": "2023-08-25T07:08:58Z", + "entity_id": 107, + "entity_type": "account", + "id": 1069, + "modified_by": "test_user@mail.com", + "note": "Test note", + "note_id": 1069 + }, + { + "created_by": "api_client", + "date_created": "2023-08-16T05:23:33Z", + "entity_id": 107, + "entity_type": "account", + "id": 922, + "note": "[Mirrored From XSOAR] XSOAR Incident ID: 14228\n\nNote: **bold**\n\n_Italic_\n\n+Underline+\n\n~~strikethrough~~\n\nAdded By: admin", + "note_id": 922 + } + ] + } + } +} +``` + ### vectra-detections-note-add *** From efde7d0dd5d9719a057722150424840aa7953bca Mon Sep 17 00:00:00 2001 From: Panthemicolon Date: Tue, 13 Jan 2026 08:57:38 +0100 Subject: [PATCH 6/9] Apply Chances and comments from Review. --- .../Integrations/VectraXDR/README.md | 44 +++++----- .../Integrations/VectraXDR/VectraXDR.py | 50 +++++------ .../Integrations/VectraXDR/VectraXDR.yml | 86 +++++++++---------- .../VectraXDR/VectraXDR_description.md | 2 +- 4 files changed, 87 insertions(+), 95 deletions(-) diff --git a/Packs/VectraXDR/Integrations/VectraXDR/README.md b/Packs/VectraXDR/Integrations/VectraXDR/README.md index 9dae4d72faea..b2033fa2213f 100644 --- a/Packs/VectraXDR/Integrations/VectraXDR/README.md +++ b/Packs/VectraXDR/Integrations/VectraXDR/README.md @@ -2935,14 +2935,14 @@ Remove tags from the detection. > >Updated list of tags: **tag**, **tag1**, **tag2** -### vectra-detections-note-remove +### vectra-detection-note-remove *** Remove a note from the detection. #### Base Command -`vectra-detections-note-remove` +`vectra-detection-note-remove` #### Input @@ -2957,7 +2957,7 @@ There is no context output for this command. #### Command Example -```!vectra-detections-note-remove entity_id=1 entity_type=account note_id=1"``` +```!vectra-detection-note-remove note_id=1"``` #### Context Example @@ -2965,20 +2965,20 @@ There is no context output for this command. {} ``` -### vectra-detections-note-update +### vectra-detection-note-update *** Update a note in the detection. #### Base Command -`vectra-detections-note-update` +`vectra-detection-note-update` #### Input | **Argument Name** | **Description** | **Required** | | --- | --- | --- | -| detection_id | Specify the id of the detection. | Required | +| detection_id | Specify the ID of the detection. | Required | | note_id | Specify the ID of the note. | Required | | note | Note to be updated for the specified note_id. | Required | @@ -2986,17 +2986,17 @@ Update a note in the detection. | **Path** | **Type** | **Description** | | --- | --- | --- | -| Vectra.Detection.Notes.entity_id | String | ID of the entity associated with the note. | +| Vectra.Detection.Notes.detection_id | String | ID of the detection associated with the note. | | Vectra.Detection.Notes.note_id | Number | ID of the note. | | Vectra.Detection.Notes.date_created | Date | Date when the note was created. | -| Vectra.Detection.Notes.date_modified | Unknown | Date when the note was last modified. | +| Vectra.Detection.Notes.date_modified | Date | Date when the note was last modified. | | Vectra.Detection.Notes.created_by | String | User who created the note. | -| Vectra.Detection.Notes.modified_by | Unknown | User who last modified the note. | +| Vectra.Detection.Notes.modified_by | String | User who last modified the note. | | Vectra.Detection.Notes.note | String | Content of the note. | #### Command example -```!vectra-detections-note-update detection_id=1 entity_type=account note_id=1 note="note modified"``` +```!vectra-detection-note-update detection_id=1 note_id=1 note="note modified"``` #### Context Example @@ -3016,16 +3016,16 @@ Update a note in the detection. #### Human Readable Output ->##### The note has been successfully updated in the entity +>##### The note has been successfully updated in the detection -### vectra-detections-note-list +### vectra-detection-note-list *** Returns a list of notes for a specified detection. #### Base Command -`vectra-detections-note-list` +`vectra-detection-note-list` #### Input @@ -3040,16 +3040,16 @@ Returns a list of notes for a specified detection. | Vectra.Detection.Notes.note_id | Number | ID of the note. | | Vectra.Detection.Notes.id | Number | ID of the note. | | Vectra.Detection.Notes.date_created | Date | Date when the note was created. | -| Vectra.Detection.Notes.date_modified | Unknown | Date when the note was last modified. | +| Vectra.Detection.Notes.date_modified | Date | Date when the note was last modified. | | Vectra.Detection.Notes.created_by | String | User who created the note. | -| Vectra.Detection.Notes.modified_by | Unknown | User who last modified the note. | +| Vectra.Detection.Notes.modified_by | String | User who last modified the note. | | Vectra.Detection.Notes.note | String | Content of the note. | | Vectra.Detection.Notes.entity_id | String | ID of the entity associated with the note. | | Vectra.Detection.Notes.entity_type | String | Type of the entity associated with the note. | #### Command example -```!vectra-detections-note-list detection_id=1``` +```!vectra-detection-note-list detection_id=1``` #### Context Example @@ -3093,37 +3093,35 @@ Returns a list of notes for a specified detection. } ``` -### vectra-detections-note-add +### vectra-detection-note-add *** Add a note to the detection. #### Base Command -`vectra-detections-note-add` +`vectra-detection-note-add` #### Input | **Argument Name** | **Description** | **Required** | | --- | --- | --- | -| detection_id | Specify the id of the detection. | Required | +| detection_id | Specify the ID of the detection. | Required | | note | Note to be added in the specified detection_id. | Required | #### Context Output | **Path** | **Type** | **Description** | | --- | --- | --- | -| Vectra.Detection.Notes.entity_id | String | ID of the entity associated with the note. | +| Vectra.Detection.Notes.detection_id | String | ID of the detection associated with the note. | | Vectra.Detection.Notes.note_id | Number | ID of the note. | | Vectra.Detection.Notes.date_created | Date | Date when the note was created. | -| Vectra.Detection.Notes.date_modified | Unknown | Date when the note was last modified. | | Vectra.Detection.Notes.created_by | String | User who created the note. | -| Vectra.Detection.Notes.modified_by | Unknown | User who last modified the note. | | Vectra.Detection.Notes.note | String | Content of the note. | #### Command example -```!vectra-detections-note-add detection_id=1 note="test note"``` +```!vectra-detection-note-add detection_id=1 note="test note"``` #### Context Example diff --git a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.py b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.py index 83d799646ec9..560660464ce0 100644 --- a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.py +++ b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.py @@ -426,10 +426,10 @@ def list_entity_note_request(self, entity_id: int = None, entity_type: str = Non def list_detection_note_request(self, detection_id: int = None) -> dict: """ - List entity notes. + List detection notes. Args: - entity_id (int): The ID of the detection to get the notes for. + detection_id (int): The ID of the detection to get the notes for. Returns: Dict: Response from the API. @@ -466,7 +466,7 @@ def add_entity_note_request(self, entity_id: int = None, entity_type: str = None def add_detection_note_request(self, detection_id: int = None, note: str = None) -> dict: """ - Add a note to an detection. + Add a note to a detection. Args: detection_id (int): The ID of the detection to add the note to. @@ -512,10 +512,10 @@ def update_entity_note_request( def update_detection_note_request(self, detection_id: int = None, note: str = None, note_id: int = None) -> dict: """ - Updates the note of an entity. + Updates the note of a detection. Args: - entity_id (int): The ID of the detection to update the note for. + detection_id (int): The ID of the detection to update the note for. note (str): The updated note for the detection. note_id (int): The ID of the note to be updated. @@ -554,10 +554,10 @@ def remove_entity_note_request(self, entity_id: int = None, entity_type: str = N def remove_detection_note_request(self, detection_id: int = None, note_id: int = None): """ - Removes a note from an entity. + Removes a note from a detection. Args: - entity_id (int): The ID of the detection to remove the note from. + detection_id (int): The ID of the detection to remove the note from. note_id (int): The ID of the note to be removed. Returns: @@ -1143,7 +1143,7 @@ def validate_entity_note_list_command_args(args: dict[Any, Any]): def validate_detection_note_list_command_args(args: dict[Any, Any]): """ - Validates the arguments provided for the detection list add command. + Validates the arguments provided for the detection note list command. Args: args (dict[Any, Any]): The arguments dictionary. @@ -1151,9 +1151,9 @@ def validate_detection_note_list_command_args(args: dict[Any, Any]): Raises: ValueError: If any of the arguments are invalid. """ - entity_id = args.get("detection_id") + detection_id = args.get("detection_id") # Validate detection_id value - validate_positive_integer_arg(entity_id, arg_name="detection_id", required=True) + validate_positive_integer_arg(detection_id, arg_name="detection_id", required=True) def validate_entity_note_add_command_args(args: dict[Any, Any]): @@ -1195,7 +1195,7 @@ def validate_detection_note_add_command_args(args: dict[Any, Any]): detection_id = args.get("detection_id") # Validate detection_id value validate_positive_integer_arg(detection_id, arg_name="detection_id", required=True) - # Validate entity_type value + if not note: raise ValueError(ERRORS["REQUIRED_ARGUMENT"].format("note")) @@ -1229,7 +1229,7 @@ def validate_entity_note_update_command_args(args: dict[Any, Any]): def validate_detection_note_update_command_args(args: dict[Any, Any]): """ - Validates the arguments provided for the entity note update command. + Validates the arguments provided for the detection note update command. Args: args (dict[Any, Any]): The arguments dictionary. @@ -1275,7 +1275,7 @@ def validate_entity_note_remove_command_args(args: dict[Any, Any]): def validate_detection_note_remove_command_args(args: dict[Any, Any]): """ - Validates the arguments provided for the entity note update command. + Validates the arguments provided for the detection note remove command. Args: args (dict[Any, Any]): The arguments dictionary. @@ -2063,7 +2063,7 @@ def get_list_detection_notes_command_hr(notes: dict, detection_id: Optional[int] Returns the human-readable output for the detection notes. Args: - notes (Dict): The assignment details dictionary. + notes (Dict): list of detection notes. detection_id (Optional[int]): Detection ID. Returns: @@ -2860,7 +2860,7 @@ def vectra_entity_note_list_command(client: VectraClient, args: dict[str, Any]): def vectra_detection_note_list_command(client: VectraClient, args: dict[str, Any]): """ - List entity notes. + List detection notes. Args: client (VectraClient): An instance of the VectraClient class. @@ -2873,7 +2873,7 @@ def vectra_detection_note_list_command(client: VectraClient, args: dict[str, Any # Get function arguments detection_id = arg_to_number(args.get("detection_id"), arg_name="detection_id", required=True) - # Call Vectra API to add entity note + # Call Vectra API to list detection notes notes = client.list_detection_note_request(detection_id=detection_id) # type: ignore notes = remove_empty_elements(notes) if notes: @@ -2931,7 +2931,7 @@ def vectra_entity_note_add_command(client: VectraClient, args: dict[str, Any]): def vectra_detection_note_add_command(client: VectraClient, args: dict[str, Any]): """ - Adds a note to an detection in Vectra API. + Adds a note to a detection in Vectra API. Args: client (VectraClient): An instance of the VectraClient class. @@ -2945,7 +2945,7 @@ def vectra_detection_note_add_command(client: VectraClient, args: dict[str, Any] detection_id = arg_to_number(args.get("detection_id"), arg_name="detection_id", required=True) note = args.get("note") - # Call Vectra API to add entity note + # Call Vectra API to add detection note notes = client.add_detection_note_request(detection_id=detection_id, note=note) # type: ignore if notes: notes["note_id"] = notes["id"] @@ -3020,7 +3020,7 @@ def vectra_detection_note_update_command(client: VectraClient, args: dict[str, A note = args.get("note") note_id = arg_to_number(args.get("note_id"), arg_name="note_id", required=True) - # Call Vectra API to update entity note + # Call Vectra API to update detection note notes = client.update_detection_note_request( detection_id=detection_id, # type: ignore note=note, # type: ignore @@ -3073,7 +3073,7 @@ def vectra_entity_note_remove_command(client: VectraClient, args: dict[str, Any] def vectra_detection_note_remove_command(client: VectraClient, args: dict[str, Any]): """ - Updates a note to an entity in Vectra API. + Removes a note from a detection Args: client (VectraClient): An instance of the VectraClient class. @@ -3093,7 +3093,7 @@ def vectra_detection_note_remove_command(client: VectraClient, args: dict[str, A note_id=note_id, # type: ignore ) if response.status_code == 204: - human_readable = "##### The note has been successfully removed from the entity." + human_readable = "##### The note has been successfully removed from the detection." else: human_readable = "Something went wrong." return CommandResults(outputs={}, readable_output=human_readable) @@ -4500,10 +4500,10 @@ def main(): "vectra-entity-tag-list": vectra_entity_tag_list_command, "vectra-detections-mark-fixed": vectra_detections_mark_fixed_command, "vectra-detections-unmark-fixed": vectra_detections_unmark_fixed_command, - "vectra-detections-note-list": vectra_detection_note_list_command, - "vectra-detections-note-add": vectra_detection_note_add_command, - "vectra-detections-note-update": vectra_detection_note_update_command, - "vectra-detections-note-remove": vectra_detection_note_remove_command, + "vectra-detection-note-list": vectra_detection_note_list_command, + "vectra-detection-note-add": vectra_detection_note_add_command, + "vectra-detection-note-update": vectra_detection_note_update_command, + "vectra-detection-note-remove": vectra_detection_note_remove_command, "vectra-assignment-list": vectra_assignment_list_command, "vectra-entity-assignment-add": vectra_entity_assignment_add_command, "vectra-entity-assignment-update": vectra_entity_assignment_update_command, diff --git a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.yml b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.yml index 973ca90e1b66..c06ab95050f3 100644 --- a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.yml +++ b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.yml @@ -1063,7 +1063,7 @@ script: type: String - arguments: - default: false - description: Specify the id of the detection. + description: Specify the ID of the detection. isArray: false name: detection_id required: true @@ -1077,10 +1077,10 @@ script: deprecated: false description: Add a note to the detection. execution: false - name: vectra-detections-note-add + name: vectra-detection-note-add outputs: - - contextPath: Vectra.Detection.Notes.entity_id - description: ID of the entity associated with the note. + - contextPath: Vectra.Detection.Notes.detection_id + description: ID of the detection associated with the note. type: String - contextPath: Vectra.Detection.Notes.note_id description: ID of the note. @@ -1088,15 +1088,9 @@ script: - contextPath: Vectra.Detection.Notes.date_created description: Date when the note was created. type: Date - - contextPath: Vectra.Detection.Notes.date_modified - description: Date when the note was last modified. - type: Unknown - contextPath: Vectra.Detection.Notes.created_by description: User who created the note. type: String - - contextPath: Vectra.Detection.Notes.modified_by - description: User who last modified the note. - type: Unknown - contextPath: Vectra.Detection.Notes.note description: Content of the note. type: String @@ -1177,10 +1171,10 @@ script: deprecated: false description: Update a note in the detection. execution: false - name: vectra-detections-note-update + name: vectra-detection-note-update outputs: - - contextPath: Vectra.Detection.Notes.entity_id - description: ID of the entity associated with the note. + - contextPath: Vectra.Detection.Notes.detection_id + description: ID of the detection associated with the note. type: String - contextPath: Vectra.Detection.Notes.note_id description: ID of the note. @@ -1190,13 +1184,13 @@ script: type: Date - contextPath: Vectra.Detection.Notes.date_modified description: Date when the note was last modified. - type: Unknown + type: Date - contextPath: Vectra.Detection.Notes.created_by description: User who created the note. type: String - contextPath: Vectra.Detection.Notes.modified_by description: User who last modified the note. - type: Unknown + type: String - contextPath: Vectra.Detection.Notes.note description: Content of the note. type: String @@ -1243,7 +1237,7 @@ script: deprecated: false description: Remove a note from the detection. execution: false - name: vectra-detections-note-remove + name: vectra-detection-note-remove - arguments: - default: false description: Provide a list of detection IDs separated by commas or a single detection ID. @@ -2015,16 +2009,16 @@ script: description: Type of the entity associated with the note. type: String - arguments: - - default: false - description: Specify the ID of the detection. - isArray: false + - description: Specify the ID of the detection. name: detection_id required: true + default: false + isArray: false secret: false - deprecated: false description: Returns a list of notes for a specified detection. execution: false - name: vectra-detections-note-list + name: vectra-detection-note-list + deprecated: false outputs: - contextPath: Vectra.Detection.Notes.note_id description: ID of the note. @@ -2043,7 +2037,7 @@ script: type: String - contextPath: Vectra.Detection.Notes.modified_by description: User who last modified the note. - type: Unknown + type: Date - contextPath: Vectra.Detection.Notes.note description: Content of the note. type: String @@ -2054,26 +2048,26 @@ script: description: Type of the entity associated with the note. type: String - arguments: - - auto: PREDEFINED - default: false - description: Filter by group type. + - description: Filter by group type. isArray: false name: group_type + required: false + auto: PREDEFINED + default: false predefined: - account - host - ip - domain - required: false secret: false - - default: false - description: |- + - description: |- Filter by Account Names. Supports comma-separated values. Note: Only valid when the group_type parameter is set to "account". - isArray: true name: account_names required: false + default: false + isArray: true secret: false - default: false description: |- @@ -2152,10 +2146,10 @@ script: name: group_name required: false secret: false - deprecated: false description: Returns a list of all groups. execution: false name: vectra-group-list + deprecated: false outputs: - contextPath: Vectra.Group.group_id description: ID of the group. @@ -2212,11 +2206,11 @@ script: description: Whether the group is managed by Cognito or not. type: Boolean - arguments: - - default: false - description: Specify Group ID to unassign members. + - description: Specify Group ID to unassign members. isArray: false name: group_id required: true + default: false secret: false - default: false description: "Member values based on the group type. Supports comma-separated values.\n\n Note: \nIf the group type is host, then the \"Host IDs\". \nIf the group type is account, then \"Account Names\".\nIf the group type is ip, then the list of \"IPs\".\nIf the group type is domain, then the list of \"Domains\" ." @@ -2224,10 +2218,10 @@ script: name: members required: true secret: false - deprecated: false description: Unassign members from the specified group. execution: false name: vectra-group-unassign + deprecated: false outputs: - contextPath: Vectra.Group.group_id description: ID of the group. @@ -2278,11 +2272,11 @@ script: description: Description of the rule. type: String - arguments: - - default: false - description: Specify Group ID to assign members. - isArray: false + - description: Specify Group ID to assign members. name: group_id required: true + default: false + isArray: false secret: false - default: false description: "Member values based on the group type. Supports comma-separated values.\n\n Note: \nIf the group type is host, then the \"Host IDs\". \nIf the group type is account, then \"Account Names\".\nIf the group type is ip, then the list of \"IPs\".\nIf the group type is domain, then the list of \"Domains\" ." @@ -2347,13 +2341,13 @@ script: - description: Specify the ID of the entity. name: entity_id required: true - - auto: PREDEFINED - description: Specify the type of the entity. + - description: Specify the type of the entity. name: entity_type + required: true + auto: PREDEFINED predefined: - account - host - required: true - auto: PREDEFINED description: Specify the close reason. name: close_reason @@ -2366,16 +2360,16 @@ script: name: vectra-entity-detections-mark-asclosed - arguments: - description: Provide a list of detection IDs separated by commas or a single detection ID. - isArray: true name: detection_ids required: true - - auto: PREDEFINED - description: Specify the close reason. + isArray: true + - description: Specify the close reason. name: close_reason + required: true + auto: PREDEFINED predefined: - benign - remediated - required: true description: Mark detections as close with provided detection IDs in the argument. execution: false name: vectra-detections-mark-asclosed @@ -2465,12 +2459,12 @@ script: - account - host required: true - secret: false + secret: false deprecated: false description: Reset the given entity to refetch incidents. execution: false - name: vectra-entity-reset-fetch - dockerimage: demisto/python3:3.12.12.5490952 + name: vectra-entity-reset-fetch + dockerimage: demisto/python3:3.12.12.6391686 feed: false isfetch: true isremotesyncin: true diff --git a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR_description.md b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR_description.md index 400c770f92fe..317adaca3133 100644 --- a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR_description.md +++ b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR_description.md @@ -57,4 +57,4 @@ To fetch Vectra XDR Entity follow the next steps: - mirror_tags: This field determines what would be the tag needed to mirror the XSOAR entry out to Vectra XDR. It is a required field for XSOAR to enable mirroring support. - mirror_instance: This field determines from which instance the XSOAR incident was created. It is a required field for XSOAR to enable mirroring support. -For more information about this integration, visit [Vectra's knwoledge base](https://support.vectra.ai/s/article/KB-VS-1692). \ No newline at end of file +For more information about this integration, visit [Vectra's knowledge base](https://support.vectra.ai/s/article/KB-VS-1692). From 397477fe4c1b60df2b6da0b0fe9e9980ca584f6b Mon Sep 17 00:00:00 2001 From: Panthemicolon Date: Tue, 13 Jan 2026 08:59:53 +0100 Subject: [PATCH 7/9] Update Versioning --- Packs/VectraXDR/ReleaseNotes/1_3_0.md | 10 ++++++++++ Packs/VectraXDR/pack_metadata.json | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 Packs/VectraXDR/ReleaseNotes/1_3_0.md diff --git a/Packs/VectraXDR/ReleaseNotes/1_3_0.md b/Packs/VectraXDR/ReleaseNotes/1_3_0.md new file mode 100644 index 000000000000..2621bfe37c03 --- /dev/null +++ b/Packs/VectraXDR/ReleaseNotes/1_3_0.md @@ -0,0 +1,10 @@ + +#### Integrations + +##### Vectra XDR + +- Added support for **vectra-detection-note-remove** command that removes a note from the detection. +- Added support for **vectra-detection-note-list** command that returns a list of notes for a specified detection. +- Added support for **vectra-detection-note-update** command that updates a note in the detection. +- Added support for **vectra-detection-note-add** command that adds a note to the detection. +- Added support for **vectra-entity-reset-fetch** command that resets the given entity to refetch incidents. diff --git a/Packs/VectraXDR/pack_metadata.json b/Packs/VectraXDR/pack_metadata.json index 18bbcd817b86..de275c70f385 100644 --- a/Packs/VectraXDR/pack_metadata.json +++ b/Packs/VectraXDR/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Vectra XDR", "description": "Vectra XDR pack empowers the SOC to create incidents using Vectra AI's Attack Signal Intelligence.", "support": "partner", - "currentVersion": "1.2.1", + "currentVersion": "1.3.0", "author": "Vectra AI", "url": "https://support.vectra.ai", "email": "support@vectra.ai", From 0b7cc4092d3279d90b3d1a61ccef084e4f88105f Mon Sep 17 00:00:00 2001 From: Panthemicolon Date: Tue, 13 Jan 2026 09:17:43 +0100 Subject: [PATCH 8/9] Remove not used release notes --- Packs/VectraXDR/ReleaseNotes/1_2_1.md | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 Packs/VectraXDR/ReleaseNotes/1_2_1.md diff --git a/Packs/VectraXDR/ReleaseNotes/1_2_1.md b/Packs/VectraXDR/ReleaseNotes/1_2_1.md deleted file mode 100644 index a3738fcbdb66..000000000000 --- a/Packs/VectraXDR/ReleaseNotes/1_2_1.md +++ /dev/null @@ -1,10 +0,0 @@ - -#### Integrations - -##### Vectra XDR - -- Added support for **vectra-detections-note-remove** command that remove a note from the detection. -- Added support for **vectra-detections-note-list** command that returns a list of notes for a specified detection. -- Added support for **vectra-detections-note-update** command that update a note in the detection. -- Added support for **vectra-detections-note-add** command that add a note to the detection. -- Added support for **vectra-entity-reset-fetch** command that reset the given entity to refetch incidents. From 319318b7b5ac00b17ab053c4b23fd24ade74930f Mon Sep 17 00:00:00 2001 From: Panthemicolon Date: Wed, 4 Feb 2026 09:40:29 +0100 Subject: [PATCH 9/9] Apply Changes requested by Reviewer --- .../Integrations/VectraXDR/README.md | 476 +++++++++--------- .../Integrations/VectraXDR/VectraXDR.yml | 50 +- Packs/VectraXDR/ReleaseNotes/1_3_0.md | 6 +- 3 files changed, 271 insertions(+), 261 deletions(-) diff --git a/Packs/VectraXDR/Integrations/VectraXDR/README.md b/Packs/VectraXDR/Integrations/VectraXDR/README.md index b2033fa2213f..5fe41f830f9e 100644 --- a/Packs/VectraXDR/Integrations/VectraXDR/README.md +++ b/Packs/VectraXDR/Integrations/VectraXDR/README.md @@ -443,7 +443,7 @@ Describes an entity by ID. | **Argument Name** | **Description** | **Required** | | --- | --- | --- | -| entity_id | Specify the id of the entity. | Required | +| entity_id | Specify the ID of the entity. | Required | | entity_type | Specify the type of the entity. Possible values are: host and account. | Required | #### Context Output @@ -546,7 +546,7 @@ Returns a list of detections for a specified entity. | **Argument Name** | **Description** | **Required** | | --- | --- | --- | -| entity_id | Specify the id of the entity. | Required | +| entity_id | Specify the ID of the entity. | Required | | entity_type | Specify the type of the entity. Possible values are: account, host. | Required | | page | Enables the caller to specify a particular page of results. Default is 1. | Optional | | page_size | Specify the desired page size for the request. Maximum is 5000. Default is 50. | Optional | @@ -1237,7 +1237,7 @@ Add a note to the entity. | **Argument Name** | **Description** | **Required** | | --- | --- | --- | -| entity_id | Specify the id of the entity. | Required | +| entity_id | Specify the ID of the entity. | Required | | entity_type | Specify the type of the entity. Possible values are: account, host. | Required | | note | Note to be added in the specified entity_id. | Required | @@ -1277,6 +1277,60 @@ Add a note to the entity. > >Returned Note ID: **19** +### vectra-detection-note-add + +*** +Add a note to the detection. + +#### Base Command + +`vectra-detection-note-add` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| detection_id | Specify the ID of the detection. | Required | +| note | Note to be added in the specified detection_id. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| Vectra.Detection.Notes.detection_id | String | ID of the detection associated with the note. | +| Vectra.Detection.Notes.note_id | Number | ID of the note. | +| Vectra.Detection.Notes.id | Number | ID of the note. | +| Vectra.Detection.Notes.date_created | Date | Date when the note was created. | +| Vectra.Entity.Notes.date_modified | Unknown | Date when the note was last modified. | +| Vectra.Detection.Notes.created_by | String | User who created the note. | +| Vectra.Detection.Notes.modified_by | String | User who last modified the note. | +| Vectra.Detection.Notes.note | String | Content of the note. | + +#### Command example + +```!vectra-detection-note-add detection_id=1 note="test note"``` + +#### Context Example + +```json +{ + "Vectra.Detection.Notes(val.detection_id && val.detection_id == obj.detection_id && val.note_id && val.note_id == obj.note_id)": { + "date_created": "2023-06-21T06:19:15.224449Z", + "created_by": "test_user", + "note": "test note", + "note_id": 19, + "id": 19, + "detection_id": 1 + } +} +``` + +#### Human Readable Output + +>##### The note has been successfully added to the detection +> +>Returned Note ID: **19** + ### vectra-entity-note-update *** @@ -1290,7 +1344,7 @@ Update a note in the entity. | **Argument Name** | **Description** | **Required** | | --- | --- | --- | -| entity_id | Specify the id of the entity. | Required | +| entity_id | Specify the ID of the entity. | Required | | entity_type | Specify the type of the entity. Possible values are: account, host. | Required | | note_id | Specify the ID of the note. | Required | | note | Note to be updated for the specified note_id. | Required | @@ -1331,6 +1385,61 @@ Update a note in the entity. >##### The note has been successfully updated in the entity +### vectra-detection-note-update + +*** +Update a note in the detection. + +#### Base Command + +`vectra-detection-note-update` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| detection_id | Specify the ID of the detection. | Required | +| note_id | Specify the ID of the note. | Required | +| note | Note to be updated for the specified note_id. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| Vectra.Detection.Notes.detection_id | String | ID of the detection associated with the note. | +| Vectra.Detection.Notes.note_id | Number | ID of the note. | +| Vectra.Detection.Notes.id | Number | ID of the note. | +| Vectra.Detection.Notes.date_created | Date | Date when the note was created. | +| Vectra.Detection.Notes.date_modified | Date | Date when the note was last modified. | +| Vectra.Detection.Notes.created_by | String | User who created the note. | +| Vectra.Detection.Notes.modified_by | String | User who last modified the note. | +| Vectra.Detection.Notes.note | String | Content of the note. | + +#### Command example + +```!vectra-detection-note-update detection_id=1 note_id=1 note="note modified"``` + +#### Context Example + +```json +{ + "Vectra.Detection.Notes(val.detection_id && val.detection_id == obj.detection_id && val.note_id && val.note_id == obj.note_id)": { + "date_created": "2023-06-16T04:55:58Z", + "date_modified": "2023-06-22T04:57:09Z", + "created_by": "test_user", + "modified_by": "test_user", + "note": "note modified", + "note_id": 8, + "id": 8, + "detection_id": 1 + } +} +``` + +#### Human Readable Output + +>##### The note has been successfully updated in the detection + ### vectra-entity-note-remove *** @@ -1366,127 +1475,122 @@ There is no context output for this command. >##### The note has been successfully removed from the entity -### vectra-entity-tag-add +### vectra-detection-note-remove *** -Add tags in the entity. +Remove a note from the detection. #### Base Command -`vectra-entity-tag-add` +`vectra-detection-note-remove` #### Input | **Argument Name** | **Description** | **Required** | | --- | --- | --- | -| entity_id | Specify the id of the entity. | Required | -| entity_type | Specify the type of the entity. Possible values are: host, account. | Required | -| tags | Comma-separated values of tags to be included in the entity. | Required | +| detection_id | Specify the ID of the detection. | Required | +| note_id | Specify the ID of the note. | Required | #### Context Output -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| Vectra.Entity.Tags.tag_id | String | ID of the tag. | -| Vectra.Entity.Tags.entity_id | String | ID of the entity associated with the tag. | -| Vectra.Entity.Tags.entity_type | String | Type of the entity. | -| Vectra.Entity.Tags.tags | Unknown | A list of tags linked to an entity. | +There is no context output for this command. -#### Command example +#### Command Example -```!vectra-entity-tag-add entity_id=1 entity_type=host tags="tag1, tag2"``` +```!vectra-detection-note-remove note_id=1"``` #### Context Example ```json -{ - "Vectra.Entity.Tags(val.tag_id && val.tag_id == obj.tag_id && val.entity_type && val.entity_type == obj.entity_type)": { - "tag_id": "1", - "tags": [ - "tag1", - "tag2" - ], - "entity_type": "host", - "entity_id": 1 - } -} +{} ``` #### Human Readable Output ->##### Tags have been successfully added to the entity -> ->Updated list of tags: **tag1**, **tag2** +>##### The note has been successfully removed from the detection -### vectra-entity-tag-list +### vectra-detections-mark-fixed *** -Returns a list of tags for a specified entity. +Mark detection as fixed with provided detection IDs in argument. #### Base Command -`vectra-entity-tag-list` +`vectra-detections-mark-fixed` #### Input | **Argument Name** | **Description** | **Required** | | --- | --- | --- | -| entity_id | Specify the id of the entity. | Required | -| entity_type | Specify the type of the entity. Possible values are: host, account. | Required | +| detection_ids | Provide a list of detection IDs separated by commas or a single detection ID. | Required | #### Context Output -| **Path** | **Type** | **Description** | +There is no context output for this command. + +#### Command Example + +```!vectra-detections-mark-fixed detection_ids=1,2,3``` + +#### Context Example + +```json +{} +``` + +#### Human Readable Output + +>##### The provided detection IDs have been successfully marked as fixed + +### vectra-detections-unmark-fixed + +*** +Unmark detection as fixed with provided detection IDs in argument. + +#### Base Command + +`vectra-detections-unmark-fixed` + +#### Input + +| **Argument Name** | **Description** | **Required** | | --- | --- | --- | -| Vectra.Entity.Tags.tag_id | String | ID of the tag. | -| Vectra.Entity.Tags.entity_id | String | ID of the entity associated with the tag. | -| Vectra.Entity.Tags.entity_type | String | Type of the entity. | -| Vectra.Entity.Tags.tags | Unknown | A list of tags linked to an entity. | +| detection_ids | Provide a list of detection IDs separated by commas or a single detection ID. | Required | -#### Command example +#### Context Output -```!vectra-entity-tag-list entity_id=1 entity_type=host``` +There is no context output for this command. + +#### Command Example + +```!vectra-detections-unmark-fixed detection_ids=1,2,3``` #### Context Example ```json -{ - "Vectra": { - "Entity": { - "Tags": { - "tag_id": "1", - "tags": [ - "tag1", - "tag2" - ], - "entity_type": "host", - "entity_id": 1 - } - } - } -} +{} ``` #### Human Readable Output ->##### List of tags: **tag1**, **tag2** +>##### The provided detection IDs have been successfully unmarked as fixed -### vectra-entity-tag-remove +### vectra-entity-tag-add *** -Remove tags from the entity. +Add tags in the entity. #### Base Command -`vectra-entity-tag-remove` +`vectra-entity-tag-add` #### Input | **Argument Name** | **Description** | **Required** | | --- | --- | --- | -| entity_id | Specify the id of the entity. | Required | +| entity_id | Specify the ID of the entity. | Required | | entity_type | Specify the type of the entity. Possible values are: host, account. | Required | -| tags | Comma-separated values of tags to be removed from the entity. | Required | +| tags | Comma-separated values of tags to be included in the entity. | Required | #### Context Output @@ -1499,15 +1603,18 @@ Remove tags from the entity. #### Command example -```!vectra-entity-tag-remove entity_id=1 entity_type=host tags="tag2"``` +```!vectra-entity-tag-add entity_id=1 entity_type=host tags="tag1, tag2"``` #### Context Example ```json { - "Vectra.Entity.Tags(val.tag_id && val.tag_id == obj.tag_id && val.entity_type && val.entity_type == obj.entity_type && val.entity_id && val.entity_id == obj.entity_id)": { + "Vectra.Entity.Tags(val.tag_id && val.tag_id == obj.tag_id && val.entity_type && val.entity_type == obj.entity_type)": { "tag_id": "1", - "tags": ["tag1"], + "tags": [ + "tag1", + "tag2" + ], "entity_type": "host", "entity_id": 1 } @@ -1516,75 +1623,111 @@ Remove tags from the entity. #### Human Readable Output ->##### Specified tags have been successfully removed for the entity +>##### Tags have been successfully added to the entity > ->Updated list of tags: **tag1** +>Updated list of tags: **tag1**, **tag2** -### vectra-detections-mark-fixed +### vectra-entity-tag-remove *** -Mark detection as fixed with provided detection IDs in argument. +Remove tags from the entity. #### Base Command -`vectra-detections-mark-fixed` +`vectra-entity-tag-remove` #### Input | **Argument Name** | **Description** | **Required** | | --- | --- | --- | -| detection_ids | Provide a list of detection IDs separated by commas or a single detection ID. | Required | +| entity_id | Specify the ID of the entity. | Required | +| entity_type | Specify the type of the entity. Possible values are: host, account. | Required | +| tags | Comma-separated values of tags to be removed from the entity. | Required | #### Context Output -There is no context output for this command. +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| Vectra.Entity.Tags.tag_id | String | ID of the tag. | +| Vectra.Entity.Tags.entity_id | String | ID of the entity associated with the tag. | +| Vectra.Entity.Tags.entity_type | String | Type of the entity. | +| Vectra.Entity.Tags.tags | Unknown | A list of tags linked to an entity. | -#### Command Example +#### Command example -```!vectra-detections-mark-fixed detection_ids=1,2,3``` +```!vectra-entity-tag-remove entity_id=1 entity_type=host tags="tag2"``` #### Context Example ```json -{} +{ + "Vectra.Entity.Tags(val.tag_id && val.tag_id == obj.tag_id && val.entity_type && val.entity_type == obj.entity_type && val.entity_id && val.entity_id == obj.entity_id)": { + "tag_id": "1", + "tags": ["tag1"], + "entity_type": "host", + "entity_id": 1 + } +} ``` #### Human Readable Output ->##### The provided detection IDs have been successfully marked as fixed +>##### Specified tags have been successfully removed for the entity +> +>Updated list of tags: **tag1** -### vectra-detections-unmark-fixed +### vectra-entity-tag-list *** -Unmark detection as fixed with provided detection IDs in argument. +Returns a list of tags for a specified entity. #### Base Command -`vectra-detections-unmark-fixed` +`vectra-entity-tag-list` #### Input | **Argument Name** | **Description** | **Required** | | --- | --- | --- | -| detection_ids | Provide a list of detection IDs separated by commas or a single detection ID. | Required | +| entity_id | Specify the ID of the entity. | Required | +| entity_type | Specify the type of the entity. Possible values are: host, account. | Required | #### Context Output -There is no context output for this command. +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| Vectra.Entity.Tags.tag_id | String | ID of the tag. | +| Vectra.Entity.Tags.entity_id | String | ID of the entity associated with the tag. | +| Vectra.Entity.Tags.entity_type | String | Type of the entity. | +| Vectra.Entity.Tags.tags | Unknown | A list of tags linked to an entity. | -#### Command Example +#### Command example -```!vectra-detections-unmark-fixed detection_ids=1,2,3``` +```!vectra-entity-tag-list entity_id=1 entity_type=host``` #### Context Example ```json -{} +{ + "Vectra": { + "Entity": { + "Tags": { + "tag_id": "1", + "tags": [ + "tag1", + "tag2" + ], + "entity_type": "host", + "entity_id": 1 + } + } + } +} ``` #### Human Readable Output ->##### The provided detection IDs have been successfully unmarked as fixed +>##### List of tags: **tag1**, **tag2** ### vectra-entity-assignment-add @@ -2402,7 +2545,7 @@ Returns a list of all groups. | ips | Filter by IPs. Supports comma-separated values.

Note: Only valid when the group_type parameter is set to "ip". | Optional | | description | Filter by group description. | Optional | | last_modified_timestamp | Return only the groups which have a last modification timestamp equal to or after the given timestamp.

Supported formats: 2 minutes, 2 hours, 2 days, 2 weeks, 2 months, 2 years, yyyy-mm-dd, yyyy-mm-ddTHH:MM:SSZ.

For example: 01 May 2023, 01 Mar 2023 04:45:33, 2023-04-17T14:05:44Z. | Optional | -| last_modified_by | Filters by the user id who made the most recent modification to the group. | Optional | +| last_modified_by | Filters by the user ID who made the most recent modification to the group. | Optional | | group_name | Filters by group name. | Optional | #### Context Output @@ -2935,89 +3078,6 @@ Remove tags from the detection. > >Updated list of tags: **tag**, **tag1**, **tag2** -### vectra-detection-note-remove - -*** -Remove a note from the detection. - -#### Base Command - -`vectra-detection-note-remove` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| detection_id | Specify the ID of the detection. | Required | -| note_id | Specify the ID of the note. | Required | - -#### Context Output - -There is no context output for this command. - -#### Command Example - -```!vectra-detection-note-remove note_id=1"``` - -#### Context Example - -```json -{} -``` - -### vectra-detection-note-update - -*** -Update a note in the detection. - -#### Base Command - -`vectra-detection-note-update` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| detection_id | Specify the ID of the detection. | Required | -| note_id | Specify the ID of the note. | Required | -| note | Note to be updated for the specified note_id. | Required | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| Vectra.Detection.Notes.detection_id | String | ID of the detection associated with the note. | -| Vectra.Detection.Notes.note_id | Number | ID of the note. | -| Vectra.Detection.Notes.date_created | Date | Date when the note was created. | -| Vectra.Detection.Notes.date_modified | Date | Date when the note was last modified. | -| Vectra.Detection.Notes.created_by | String | User who created the note. | -| Vectra.Detection.Notes.modified_by | String | User who last modified the note. | -| Vectra.Detection.Notes.note | String | Content of the note. | - -#### Command example - -```!vectra-detection-note-update detection_id=1 note_id=1 note="note modified"``` - -#### Context Example - -```json -{ - "Vectra.Detection.Notes(val.entity_id && val.entity_id == obj.entity_id && val.note_id && val.note_id == obj.note_id)": { - "date_created": "2023-06-16T04:55:58Z", - "date_modified": "2023-06-22T04:57:09Z", - "created_by": "test_user", - "modified_by": "test_user", - "note": "note modified", - "note_id": 8, - "entity_id": 1 - } -} -``` - -#### Human Readable Output - ->##### The note has been successfully updated in the detection - ### vectra-detection-note-list *** @@ -3044,8 +3104,7 @@ Returns a list of notes for a specified detection. | Vectra.Detection.Notes.created_by | String | User who created the note. | | Vectra.Detection.Notes.modified_by | String | User who last modified the note. | | Vectra.Detection.Notes.note | String | Content of the note. | -| Vectra.Detection.Notes.entity_id | String | ID of the entity associated with the note. | -| Vectra.Detection.Notes.entity_type | String | Type of the entity associated with the note. | +| Vectra.Detection.Notes.detection_id | String | ID of the detection associated with the note. | #### Command example @@ -3061,8 +3120,7 @@ Returns a list of notes for a specified detection. { "created_by": "test_user@mail.com", "date_created": "2023-08-25T07:09:08Z", - "entity_id": 107, - "entity_type": "account", + "detection_id": 1, "id": 1070, "modified_by": "test_user@mail.com", "note": "From XSOAR", @@ -3071,8 +3129,7 @@ Returns a list of notes for a specified detection. { "created_by": "test_user@mail.com", "date_created": "2023-08-25T07:08:58Z", - "entity_id": 107, - "entity_type": "account", + "detection_id": 1, "id": 1069, "modified_by": "test_user@mail.com", "note": "Test note", @@ -3081,8 +3138,7 @@ Returns a list of notes for a specified detection. { "created_by": "api_client", "date_created": "2023-08-16T05:23:33Z", - "entity_id": 107, - "entity_type": "account", + "detection_id": 1, "id": 922, "note": "[Mirrored From XSOAR] XSOAR Incident ID: 14228\n\nNote: **bold**\n\n_Italic_\n\n+Underline+\n\n~~strikethrough~~\n\nAdded By: admin", "note_id": 922 @@ -3093,60 +3149,10 @@ Returns a list of notes for a specified detection. } ``` -### vectra-detection-note-add - -*** -Add a note to the detection. - -#### Base Command - -`vectra-detection-note-add` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| detection_id | Specify the ID of the detection. | Required | -| note | Note to be added in the specified detection_id. | Required | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| Vectra.Detection.Notes.detection_id | String | ID of the detection associated with the note. | -| Vectra.Detection.Notes.note_id | Number | ID of the note. | -| Vectra.Detection.Notes.date_created | Date | Date when the note was created. | -| Vectra.Detection.Notes.created_by | String | User who created the note. | -| Vectra.Detection.Notes.note | String | Content of the note. | - -#### Command example - -```!vectra-detection-note-add detection_id=1 note="test note"``` - -#### Context Example - -```json -{ - "Vectra.Detection.Notes(val.entity_id && val.entity_id == obj.entity_id && val.note_id && val.note_id == obj.note_id)": { - "date_created": "2023-06-21T06:19:15.224449Z", - "created_by": "test_user", - "note": "test note", - "note_id": 19, - "entity_id": 1 - } -} -``` - -#### Human Readable Output - ->##### The note has been successfully added to the detection -> ->Returned Note ID: **19** - ### vectra-entity-reset-fetch *** -Reset the given entity to refetch incidents. +Resets the given entity to refetch incidents. #### Base Command @@ -3156,7 +3162,7 @@ Reset the given entity to refetch incidents. | **Argument Name** | **Description** | **Required** | | --- | --- | --- | -| entity_id | Specify the id of the entity. | Required | +| entity_id | Specify the ID of the entity. | Required | | entity_type | Specify the type of the entity. Possible values are: account, host. | Required | #### Context Output @@ -3165,4 +3171,8 @@ There is no context output for this command. #### Command example -```!vectra-entity-reset-fetch``` +```!vectra-entity-reset-fetch entity_id=1 entity_type=host``` + +#### Human Readable Output + +>Reset fetch status for 1-host diff --git a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.yml b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.yml index df6b8ad3a626..cc06a15f7403 100644 --- a/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.yml +++ b/Packs/VectraXDR/Integrations/VectraXDR/VectraXDR.yml @@ -388,7 +388,7 @@ script: type: String - arguments: - default: false - description: Specify the id of the entity. + description: Specify the ID of the entity. isArray: false name: entity_id required: true @@ -494,7 +494,7 @@ script: type: Unknown - arguments: - default: false - description: Specify the id of the entity. + description: Specify the ID of the entity. isArray: false name: entity_id required: true @@ -1015,7 +1015,7 @@ script: type: String - arguments: - default: false - description: Specify the id of the entity. + description: Specify the ID of the entity. isArray: false name: entity_id required: true @@ -1086,6 +1086,9 @@ script: - contextPath: Vectra.Detection.Notes.note_id description: ID of the note. type: Number + - contextPath: Vectra.Detection.Notes.id + description: ID of the note. + type: Number - contextPath: Vectra.Detection.Notes.date_created description: Date when the note was created. type: Date @@ -1097,7 +1100,7 @@ script: type: String - arguments: - default: false - description: Specify the id of the entity. + description: Specify the ID of the entity. isArray: false name: entity_id required: true @@ -1152,7 +1155,7 @@ script: type: String - arguments: - default: false - description: Specify the id of the detection. + description: Specify the ID of the detection. isArray: false name: detection_id required: true @@ -1180,6 +1183,9 @@ script: - contextPath: Vectra.Detection.Notes.note_id description: ID of the note. type: Number + - contextPath: Vectra.Detection.Notes.id + description: ID of the note. + type: Number - contextPath: Vectra.Detection.Notes.date_created description: Date when the note was created. type: Date @@ -1263,7 +1269,7 @@ script: name: vectra-detections-unmark-fixed - arguments: - default: false - description: Specify the id of the entity. + description: Specify the ID of the entity. isArray: false name: entity_id required: true @@ -1303,7 +1309,7 @@ script: type: Unknown - arguments: - default: false - description: Specify the id of the entity. + description: Specify the ID of the entity. isArray: false name: entity_id required: true @@ -1343,7 +1349,7 @@ script: type: Unknown - arguments: - default: false - description: Specify the id of the entity. + description: Specify the ID of the entity. isArray: false name: entity_id required: true @@ -1777,8 +1783,7 @@ script: required: false secret: false - default: false - description: |- - Specify the type of the entity. + description: Specify the type of the entity. isArray: false name: entity_type required: false @@ -1788,8 +1793,7 @@ script: - account - host - default: false - description: |- - Filter by resolved status. + description: Filter by resolved status. isArray: false name: resolved required: false @@ -1799,15 +1803,13 @@ script: - 'True' - 'False' - default: false - description: |- - Filter by user ids of the assignment. Comma-separated values supported. + description: Filter by user ids of the assignment. Comma-separated values supported. isArray: false name: assignees required: false secret: false - default: false - description: |- - Filter by outcome ids of the resolution. Comma-separated values supported. + description: Filter by outcome ids of the resolution. Comma-separated values supported. isArray: false name: resolution required: false @@ -1819,8 +1821,7 @@ script: required: false secret: false - default: false - description: |- - Enables the caller to specify a particular page of results. + description: Enables the caller to specify a particular page of results. isArray: false name: page required: false @@ -2042,11 +2043,8 @@ script: - contextPath: Vectra.Detection.Notes.note description: Content of the note. type: String - - contextPath: Vectra.Detection.Notes.entity_id - description: ID of the entity associated with the note. - type: String - - contextPath: Vectra.Detection.Notes.entity_type - description: Type of the entity associated with the note. + - contextPath: Vectra.Detection.Notes.detection_id + description: ID of the detection associated with the note. type: String - arguments: - description: Filter by group type. @@ -2136,7 +2134,7 @@ script: required: false secret: false - default: false - description: Filters by the user id who made the most recent modification to the group. + description: Filters by the user ID who made the most recent modification to the group. isArray: false name: last_modified_by required: false @@ -2446,7 +2444,7 @@ script: type: Unknown - arguments: - default: false - description: Specify the id of the entity. + description: Specify the ID of the entity. isArray: false name: entity_id required: true @@ -2462,7 +2460,7 @@ script: required: true secret: false deprecated: false - description: Reset the given entity to refetch incidents. + description: Resets the given entity to refetch incidents. execution: false name: vectra-entity-reset-fetch dockerimage: demisto/python3:3.12.12.6391686 diff --git a/Packs/VectraXDR/ReleaseNotes/1_3_0.md b/Packs/VectraXDR/ReleaseNotes/1_3_0.md index 2621bfe37c03..34b14f04193b 100644 --- a/Packs/VectraXDR/ReleaseNotes/1_3_0.md +++ b/Packs/VectraXDR/ReleaseNotes/1_3_0.md @@ -3,8 +3,10 @@ ##### Vectra XDR +- Added support for **vectra-detection-note-add** command that adds a note to the detection. +- Added support for **vectra-detection-note-update** command that updates a note in the detection. - Added support for **vectra-detection-note-remove** command that removes a note from the detection. - Added support for **vectra-detection-note-list** command that returns a list of notes for a specified detection. -- Added support for **vectra-detection-note-update** command that updates a note in the detection. -- Added support for **vectra-detection-note-add** command that adds a note to the detection. - Added support for **vectra-entity-reset-fetch** command that resets the given entity to refetch incidents. + +- Updated Docker image to demisto/python3:3.12.12.6391686.