Update fetch-incident#324
Open
TalGumi wants to merge 470 commits intocontibute-cyberint-integrationfrom
Open
Conversation
OfekMQmasters
suggested changes
Feb 19, 2023
OfekMQmasters
left a comment
OfekMQmasters
left a comment
There was a problem hiding this comment.
Great work! @TalGumi
Regarding the fetch incidents related files -
It seems that there is some inconsistency there regarding the "fromversion" key attributes -
Some have "fromversion":"6.0.0", others have: "fromversion":"5.0.0" and I so also that some files are defined without this key attribute, and use the "fromServerVersion" key attribute.
I suggest the following:
- Check the difference between fromversion and fromserverversion, and decide which one is more relevant.
- Align al incidents files to the same fromversion\fromserverversion value. (6.0.0).
- Maybe you should consider to use demisto-sdk and format on those files. (although it might change previous defined files).
Good luck!
Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Payment_Card_Exposed_CSV.json
Outdated
Show resolved
Hide resolved
Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Related_entities.json
Outdated
Show resolved
Hide resolved
Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Targeted_Brand.json
Outdated
Show resolved
Hide resolved
Packs/Cyberint/IncidentTypes/incidenttype-Cyberint_Incident.json
Outdated
Show resolved
Hide resolved
Packs/Cyberint/Layouts/layoutscontainer-Cyberint_Incident_Layout.json
Outdated
Show resolved
Hide resolved
| @@ -1,30 +1,55 @@ | |||
| { | |||
| "id": "incident_cyberintrelatedentities", | |||
| @@ -1,30 +1,55 @@ | |||
| { | |||
| "id": "incident_cyberinttags", | |||
| "version": -1, | |||
| @@ -1,30 +1,55 @@ | |||
| { | |||
| "id": "incident_cyberinttargetedbrand", | |||
| @@ -1,30 +1,55 @@ | |||
| { | |||
| "id": "incident_cyberinttargetedvector", | |||
* Updated Metadata Of Pack Shodan * Added release notes to pack Shodan * Packs/Shodan/Integrations/Shodan_v2/Shodan_v2.yml Docker image update * Updated Metadata Of Pack PANWComprehensiveInvestigation * Added release notes to pack PANWComprehensiveInvestigation * Packs/PANWComprehensiveInvestigation/Scripts/PanwIndicatorCreateQueries/PanwIndicatorCreateQueries.yml Docker image update * Updated Metadata Of Pack PrismaCloud * Added release notes to pack PrismaCloud * Packs/PrismaCloud/Scripts/PrismaCloudAttribution/PrismaCloudAttribution.yml Docker image update * Added missing script README.md --------- Co-authored-by: sberman <sberman@paloaltonetworks.com>
* ignore pack dependencies that are hidden * remove adding metadata first level dependencies * un-comment test upload hidden case * fix tests * fix tests * added new test upload case for hidden dependency * validate * fix * fix * fix * delete redundant test
…eprecated `Isolate Endpoint - Generic` playbook (demisto#24482) * Remove unused fields and minor lint fixes * Switch `Isolate Endpoint - Generic` to use v2 * Generate missing README * Bump version * Add missing screenshot * Shorten pack's description * Remove unused inputs --------- Co-authored-by: Binat Ziser <89336697+bziser@users.noreply.github.com>
* Updated with check * Reverted check * Updated with check * Removed check * Updated folders for Forcepoint * Added Modeling Rules * Updated RE * Updated README * Updated README * Update Packs/Forcepoint/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Updated secrets-ignore * Updated Modeling Rule * Updated Modeling Rules --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* fix * update RN * fixes * fixes * fixes * Changes to XDR Alert layout and new default for non-XDR alerts * fixes * fixes
* Search incidents v2 fix paging (demisto#24954) * Fix max page for paging * Fix test failure * Fix wording in RN * Update SearchIncidentsV2.py --------- Co-authored-by: daftops <95306906+daftops@users.noreply.github.com> Co-authored-by: gal-forer <forer.gal@gmail.com>
* Updated Metadata Of Pack AzureFirewall * Added release notes to pack AzureFirewall * Packs/AzureFirewall/Integrations/AzureFirewall/AzureFirewall.yml Docker image update * Updated Metadata Of Pack AzureSQLManagement * Added release notes to pack AzureSQLManagement * Packs/AzureSQLManagement/Integrations/AzureSQLManagement/AzureSQLManagement.yml Docker image update * Updated Metadata Of Pack AzureSentinel * Added release notes to pack AzureSentinel * Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphAPI * Added release notes to pack MicrosoftGraphAPI * Packs/MicrosoftGraphAPI/Integrations/MicrosoftGraphAPI/MicrosoftGraphAPI.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphApplications * Added release notes to pack MicrosoftGraphApplications * Packs/MicrosoftGraphApplications/Integrations/MicrosoftGraphApplications/MicrosoftGraphApplications.yml Docker image update
* Updated Metadata Of Pack MicrosoftManagementActivity * Added release notes to pack MicrosoftManagementActivity * Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity.yml Docker image update
* Updated Metadata Of Pack AzureDataExplorer * Added release notes to pack AzureDataExplorer * Packs/AzureDataExplorer/Integrations/AzureDataExplorer/AzureDataExplorer.yml Docker image update
* Updated Metadata Of Pack DemistoRESTAPI * Added release notes to pack DemistoRESTAPI * Packs/DemistoRESTAPI/Scripts/UploadFile/UploadFile.yml Docker image update
* Updated Metadata Of Pack FeedSOCRadarThreatFeed * Added release notes to pack FeedSOCRadarThreatFeed * Packs/FeedSOCRadarThreatFeed/Integrations/FeedSOCRadarThreatFeed/FeedSOCRadarThreatFeed.yml Docker image update * Updated Metadata Of Pack FeedThreatConnect * Added release notes to pack FeedThreatConnect * Packs/FeedThreatConnect/Integrations/FeedThreatConnect/FeedThreatConnect.yml Docker image update * Updated Metadata Of Pack FlashpointFeed * Added release notes to pack FlashpointFeed * Packs/FlashpointFeed/Integrations/FlashpointFeed/FlashpointFeed.yml Docker image update * Updated Metadata Of Pack SophosCentral * Added release notes to pack SophosCentral * Packs/SophosCentral/Integrations/SophosCentral/SophosCentral.yml Docker image update * Updated Metadata Of Pack Stairwell * Added release notes to pack Stairwell * Packs/Stairwell/Integrations/Inception/Inception.yml Docker image update * Updated Metadata Of Pack SumoLogic_Cloud_SIEM * Added release notes to pack SumoLogic_Cloud_SIEM * Packs/SumoLogic_Cloud_SIEM/Integrations/SumoLogicCloudSIEM/SumoLogicCloudSIEM.yml Docker image update * Updated Metadata Of Pack SysAid * Added release notes to pack SysAid * Packs/SysAid/Integrations/SysAid/SysAid.yml Docker image update * Updated Metadata Of Pack ThreatGrid * Added release notes to pack ThreatGrid * Packs/ThreatGrid/Integrations/ThreatGridv2/ThreatGridv2.yml Docker image update * Updated Metadata Of Pack TrendMicroDeepSecurity * Added release notes to pack TrendMicroDeepSecurity * Packs/TrendMicroDeepSecurity/Integrations/TrendMicroDeepSecurity/TrendMicroDeepSecurity.yml Docker image update * Updated Metadata Of Pack TrustwaveFusion * Added release notes to pack TrustwaveFusion * Packs/TrustwaveFusion/Integrations/TrustwaveFusion/TrustwaveFusion.yml Docker image update * Fixed Mypy error --------- Co-authored-by: sberman <sberman@paloaltonetworks.com>
…misto#24962) Co-authored-by: Sébastien Quioc <sebastien.quioc@sekoia.fr>
* Add all commands * Added all commands to yml * Revert commit. * Support for case-create, list and delete. * Adding policy and rules commands implementation. * Bump version, Add RN, fix typos in commands. * Fix hash_table to cmdlet * Remove unknown word from RN. * Remove trailing white spaces. * Fix RN. * Update docker image. * Update Packs/MicrosoftExchangeOnline/Integrations/SecurityAndComplianceV2/SecurityAndComplianceV2.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Apply suggestions from code review Tech doc review changes. Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * More tech doc PR changes. * Add fix for memory management issue * Fix RN. * Printing Guid value to HR in added commands. get and list commands check for empty result set. --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: ashamah <ashamah@paloaltonetworks.com>
* update required permissions * update docker
…emisto#24964) * "pack contribution initial commit" * moved the pack tם community common scripts --------- Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: yucohen <yucohen@paloaltonetworks.com>
* Updated Metadata Of Pack CarbonBlackDefense * Added release notes to pack CarbonBlackDefense * Packs/CarbonBlackDefense/Integrations/CarbonBlackLiveResponseCloud/CarbonBlackLiveResponseCloud.yml Docker image update
* Updated Metadata Of Pack DuoAdminApi * Added release notes to pack DuoAdminApi * Packs/DuoAdminApi/Integrations/DuoAdminApi/DuoAdminApi.yml Docker image update * Packs/DuoAdminApi/Integrations/DuoEventCollector/DuoEventCollector.yml Docker image update
* Updated Metadata Of Pack GenericSQL * Added release notes to pack GenericSQL * Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.yml Docker image update
* Added MicrosoftIntune * Updated fromversion * Microsoft Intune Modeling Rules * Updated pack README * Updated Pack README * Updated ModelingRules * Update README.md * Updated ParsingRules * Updating ParsingRules * Updated README * Updated ModelingRules * Updated ModelingRules * Update README.md
* Add IpPermissionsFull Arg to Multiple EC2 Commands (demisto#25209) * updates * format/validate/lint * README and RN * fix RN * dan's requested changes Co-authored-by: Dan Sterenson <38375556+dansterenson@users.noreply.github.com> * add ippermissionsfull example * unit test --------- Co-authored-by: Dan Sterenson <38375556+dansterenson@users.noreply.github.com> * update docker image --------- Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: Dan Sterenson <38375556+dansterenson@users.noreply.github.com>
* Updated regex, test playbook and added result to context * Updated regex, test playbook and added result to context * Updated regex, test playbook and added result to context * Update ExtractEmailFormatting_test.py * removed unneeded blank line * RN * Added functions to formatter, updated regex in formatter and in the type, new tests. * Updated RN * Updated RN * Update 3_3_31.md * Update ExtractEmailFormatting_test.py * Update 1_10_8.md * Validation errors. * Update ExtractEmailFormatting_test.py * Validation errors. * Validation errors. * Docker Update * RN * RN * Added the output email to context and edited the test playbook. * Fixed tests * switched xsoar@xsoar.com to test_valid@test.com * Update 3_3_32.md * Update 1_10_9.md * RN * RN * Update 1_10_17.md * RN * updated docker * updated docker * RN * RN * RN * changed test domains names * RN * Update playbook-Indicators-reputation-.json-Test.yml * Update pack_metadata.json * Updated email regex and formatter to allow idna * Changed IndexError to AttributeError to correctly catch the exception * RN * Updated tests * Adjusted code to avoid email being "None" after regex. * Removed an empty line. * RN * Added [.] to the content-part in the email regex * RN * updated email extraction test playbook * RN * RN * RN * Comments for better understanding
* Created Kubernetes pack * check * check * Updated README * Updated README * Updated README AND secrets-ignore
* "pack contribution initial commit" * Moving the script to CommunityCommonScripts * adding release notes --------- Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: Darya Koval <dkoval@paloaltonetworks.com>
demisto#25269) * Add `freeze_time` to unit test to make it consistent
* Add reputation command to domain enrichment generic PB * Add reputation command to enrichment generic PB * Add reputation command to endpoint enrichment generic PB * Add reputation command to file enrichment generic PB * Add reputation command to URL enrichment generic PB * Revert to include tests and marketplaceV2 * Update PB images * Update release notes * Resolve conflicts in release notes * Fix missing else path causing tests to fail
* Updated Metadata Of Pack Silverfort * Added release notes to pack Silverfort * Packs/Silverfort/Integrations/Silverfort/Silverfort.yml Docker image update
* Updated Metadata Of Pack CyberArkIdentity * Added release notes to pack CyberArkIdentity * Packs/CyberArkIdentity/Integrations/CyberArkIdentityEventCollector/CyberArkIdentityEventCollector.yml Docker image update
* Updated Metadata Of Pack AzureKeyVault * Added release notes to pack AzureKeyVault * Packs/AzureKeyVault/Integrations/AzureKeyVault/AzureKeyVault.yml Docker image update * Updated Metadata Of Pack MicrosoftGraphIdentityandAccess * Added release notes to pack MicrosoftGraphIdentityandAccess * Packs/MicrosoftGraphIdentityandAccess/Integrations/MicrosoftGraphIdentityandAccess/MicrosoftGraphIdentityandAccess.yml Docker image update * Updated Metadata Of Pack X509Certificate * Added release notes to pack X509Certificate * Packs/X509Certificate/Scripts/CertificateExtract/CertificateExtract.yml Docker image update
* Updated Metadata Of Pack Aws-SecretsManager * Added release notes to pack Aws-SecretsManager * Packs/Aws-SecretsManager/Integrations/AwsSecretsManager/AwsSecretsManager.yml Docker image update
* Updated Metadata Of Pack BmcHelixRemedyForce * Added release notes to pack BmcHelixRemedyForce * Packs/BmcHelixRemedyForce/Scripts/BMCHelixRemedyforceCreateIncident/BMCHelixRemedyforceCreateIncident.yml Docker image update * Packs/BmcHelixRemedyForce/Scripts/BMCHelixRemedyforceCreateServiceRequest/BMCHelixRemedyforceCreateServiceRequest.yml Docker image update * Updated Metadata Of Pack CarbonBlackProtect * Added release notes to pack CarbonBlackProtect * Packs/CarbonBlackProtect/Scripts/CBPCatalogFindHash/CBPCatalogFindHash.yml Docker image update * Packs/CarbonBlackProtect/Scripts/CBPFindComputer/CBPFindComputer.yml Docker image update * Packs/CarbonBlackProtect/Scripts/CBPFindRule/CBPFindRule.yml Docker image update * Updated Metadata Of Pack Cybereason * Added release notes to pack Cybereason * Packs/Cybereason/Scripts/CybereasonPreProcessingExample/CybereasonPreProcessingExample.yml Docker image update * Updated Metadata Of Pack FeedCyrenThreatInDepth * Added release notes to pack FeedCyrenThreatInDepth * Packs/FeedCyrenThreatInDepth/Scripts/CyrenCountryLookup/CyrenCountryLookup.yml Docker image update * Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRandomHunt/CyrenThreatInDepthRandomHunt.yml Docker image update * Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidget/CyrenThreatInDepthRelatedWidget.yml Docker image update * Packs/FeedCyrenThreatInDepth/Scripts/CyrenThreatInDepthRelatedWidgetQuick/CyrenThreatInDepthRelatedWidgetQuick.yml Docker image update
* fix the bug and add unit-tests * bump rn * remove un-relevant comments * add logs * remove irrelevant ut * update * update * add uts * update docker image * remove * remove utc time * remove unused variables * mypy fixes * fix small error * cr fixes * remove utc * save alert as utc * fix cr
* Fixed param type * Added rn and update docker
* Cryptojacking Fixes * update ReleaseNotes * Added id-name conflict to pack-ignore * fixes * fixes * fixes * fixes * fixes * update RN * update RN * update RN * update RN * Name change * Name change * Name change * Name change * update RN * build fixes * build fixes * update RN
* playbook-Block_IP_-_Generic_v3 - add new input and change task inputs `PAN-OS DAG Configuration` * playbook-Block_IP_-_Generic_v3 - add new input and change task inputs `PAN-OS DAG Configuration` * remove input CiscoFWSource * release note after remove input CiscoFWSource * Rearrange the playbook * Rearrange the playbook * update release note * update release note version * update release note version
…update-cyberint-integration
…ters-ltd/content into update-cyberint-integration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
fixes: link to the issue
Description
A few sentences describing the overall goals of the pull request's commits.
Screenshots
Paste here any images that will help the reviewer
Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have