* [flashpoint-163] Flashpoint integration enhancement (#14790)
* Updated deprecation description.
* [Marketplace Contribution] SplunkCIMFields (#14484)
* "pack contribution initial commit" (#14439)
* change the scrpt according to the contributor
* change the scrpt according to the contributor
Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com>
Co-authored-by: cshayner <cshayner@paloaltonetworks.com>
* setGridField: Allow column names to have underscores (#14469)
Grid column names can have underscores in them.
Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com>
* Add more dates, tags, and TLP to feed integration (#14483)
* Add more dates, tags, and TLP to feed integration (#14380)
* Add more dates, tags and TLP to feed integration
* Add release notes
* fixed rn
Co-authored-by: EvgeniyMeteliza <81425065+EvgeniyMeteliza@users.noreply.github.com>
Co-authored-by: abaumgarten <abaumgarten@paloaltonetworks.com>
* Fixed Custom Indicator context value key (#14422)
* Fixed context value key
* Fixed customIndicator test
* Fixed customIndicator test
* Merge branch 'master' into custom-indicator-value
# Conflicts:
# Packs/Base/ReleaseNotes/1_13_22.md
* Update 1_13_23.md
Done.
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* added ignore BA113,BA112 (#14465)
* GetFailedTasks - improve err msg of failure to retrieve tasks (#14442)
* improve err msg of failure to retrieve tasks
* rm new line
* Update Packs/IntegrationsAndIncidentsHealthCheck/Scripts/GetFailedTasks/README.md
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
* Fix generic APIModule feeds (#14490)
* setGridField: undo column name truncation (#14492)
allow column name truncation
Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com>
* fixed bug in pop ranks (#14493)
* fixed bug in pop ranks
* fixed bug in pop ranks
* Migrate bucket upload workflow to GitLab (#14130)
* Remove upload dev rules and env variable dev value assignment
* Show that it works with fixed demisto-sdk
* Revert "Show that it works with fixed demisto-sdk"
This reverts commit 0a813cdbe92fcd4c2840fb92d091661853e8339c.
* Enable bucket-upload trigger script to work against production bucket
Co-authored-by: ikeren <itay@demisto.com>
* Added Iron Bank approved tag (#14489)
* Crowdstrike datetime bug (#14382)
* added test
* added test that fails
* fix for test
* added release notes
* Update Packs/FeedCrowdstrikeFalconIntel/ReleaseNotes/2_0_4.md
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Qss new pr (#14502)
* update README.md
* update README.md
* Rasterize improvements (#14124) (#14482)
* Added support for different filename
* Update the release notes
* fix mypy error
* Changed the naming from "filename" to "file_name"
* Rename 1_0_10.md to 1_0_11.md
* Update pack_metadata.json
Co-authored-by: Paul <32433511+blestemee@users.noreply.github.com>
Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com>
Co-authored-by: Paul D <88715381+nb-pdragoi@users.noreply.github.com>
Co-authored-by: Paul <32433511+blestemee@users.noreply.github.com>
Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com>
* [Sixgill-195] dve bug (#14503)
* [Sixgill-195] dve bug (#14499)
* fixed tests
* fixed tests
* fixed tags
* fixed tags
* rn
Co-authored-by: tamarsix <72441754+tamarsix@users.noreply.github.com>
Co-authored-by: abaumgarten <abaumgarten@paloaltonetworks.com>
* metadata constants (#14466)
* metadata constants
* metadata constants
* metadata constants
* fix name
* typo fix
* typo fix
* Zip content packs step optimization (#12770)
* Testing download packs from gcs
* Deleting Skip Zip content packs so it can be tested
* Changed file download to gsutil
* Fixed bucket path
* Fixed gsutil flag
* Added dest path prints
* Old download
* Different url
* Changed gcp path
* Changed gcp path
* Created a bash script for gcp command
* Rerun
* Added newline
* Changed path and error message
* Added shell statement to file
* Added prints
* Changed os.walk
* Changed zip path
* Changed gcp path
* Changed gcp path
* added prints
* print entries
* print entries
* print entries
* print entries
* prints subprocess
* prints subprocess
* prints subprocess
* prints subprocess
* prints subprocess
* prints subprocess
* Changed set and added exception handler
* removed unnecessary mkdir
* print path of pack
* test
* test
* fixes
* fixes
* fixes
* fixes
* testing old step
* checks and prints
* checks and prints
* Added copy to other dir
* Added some comments
* removed script communication
* Added testing, changed parameters to general build
* Added docstring to tests
* Fixed flake8 issues
* Added packs list print - will be removed
* Removed print
* Added dir entries print
* Added check for circle_build
* Added src and dest path prints
* Added src path prints and check_output
* Added src path prints and check_output
* Removed trailing /
* Fixed zip path
* Added storage_base_path, bucket_name args. Removed prints, added logging. Added try except clause.
* Added missing arguments
* Moved to upload flow only
* Removed skip for non master branches - testing
* Moved sys.exit(1) to end of script, refactored search in blobs.
* Updated comment
* Fixed tests
* Added looseversion
* Added master check back
* Removed unnecessary bash script.
* Fixed PR comments
* Changed copy to artifacts to use the script's arguement
* Added gitlab support
* Testing gitlab's upload
* Added check back
* Fixed readme error
* Added back the upload check
* Fixed some todos
* Added todos
* Moved download to job
* Fixed tests
* Todo
* removing conditions for testing
* Added needed conditions
* Removed todo and added env var
* Changed packs src
* Removed conditions
* Updated sbp when bucket is dist-dev
* Changed to default storage_base_path
* Removed unnecessary conditions
* updated path
* Sharing variable between steps
* Added step to bucket-upload.yml
* Fixed flake8 issues
* commented out failing tests - for testing gitlab flow
* Fixed problem in unittest
* Fixed problem in unittest
* Changed bucket condition name
* Fixed yml file
* Removed unnecessary packs dir
* Added echo
* Added default storage_base_path value
* Fixed yml structure
* Fixing yml structure
* test
* Revert "test"
This reverts commit a340bfce
* Removed run validations
* Changed upload-to-marketplace rules
* Added gcloud login
* Added rule back, removed private zip folder creation
* Removed run validations
* Added requirement back
* Added run validations back
* StixParser - skip SSDEEP (#14501)
* add ssdeep to stix1 test file
* trigger ut
* skip ssdeep values
* Update Packs/Base/ReleaseNotes/1_13_24.md
Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com>
Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com>
* Ansible Integration Quality Improvements (#14375)
* Ansible Integration Quality Improvements (#12795)
* Ansible API Module
* Refactored Ansible Integrations using API Module
* HCloud Documentation
* Default values of [] and {} are invalid in Ansible
* Linux README. Work in progress.
* spelling
* Alibaba Cloud Readme
* typo
* typo
* commands for doco
* better acme banner
* better description
* ACME README WIP
* commands from debian server
* Windows ReadMe WIP
* docker tag bump
* docker version bump and displayname spacing
* remove commands with error outputs
* Release notes / Metadata
* validation issue resolution
* linting and formating corrections
* trimmed package listing
* MS Readme WIP
* aligning names in note to integrations
* MS Readme WIP
* get_md5 argument no longer exists on module
* More README WIP
* remove pester example, looks like it failed tests
* mypy and flake8 lint fixes
* docker image bump
* ignoring pylint errpr for specialised import
* typo
* pylint and pep8 errors use different ignore syntax
* dict2md revisions and unit tests
* rec_ansible_key_strip unit test
* Correct docker image for Ansible
* linting
* clean up loose demisto calls and add type hinting
* Inventory unit tests
* incorrect indentation
* remove unused value
* tidy up demisto calls
* generic_ansible unit test
* remove global var host_type
* linting
* mypy fixes, output_key field, and context camelCase
* regenerated integrations
* id/name prefixed with ansible
* removed whitespace on descriptions
* camelcase context
* corrected predefined args for bools
* outputs_key_field for targetbased integrations
* context path updated
* better error messages
* test-command functionality
* fix templating error
* correct logic for test-module
* version bump and linting
* linting
* docstring for generic_ansible
* Deprecating old pack
Adding new packs
* Alibaba Cloud Polish
* Documenetation for Alibaba Cloud
* Documentation for Azure Compute
* remove problematic module
* Documentation for Hetzner Cloud
* Partial documentation for Windows
* hcloud test playbook
* kubernetes documentation
* remove empty command example headings
* better explaination around ansible usage
* Linux doco
* Ansible naming
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Ansible naming
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Ansible naming
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Ansible naming
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Ansible naming
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Ansible naming
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Better description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* remove todo
* Ansible branding + description clean up
* Ansible DNS Doco
* Formating
* Linux doco
* formating
* moved dns back to linux pack
* Cisco NXOS
* typo
* IOS requires a seperate become/enable password
* Cisco IOS documentation
* Azure Networking Doco
* VMware Doco
* deprecated notice
* deprecated notices
* ACME deprecated notice
* min version
* removed erronious output
* merge azure packages
* corrected context case
* Case corrections in Context
* Added privilege escalation options for Linux
* Documentation about complex command inputs
* Update Packs/AnsibleAlibabaCloud/Integrations/AnsibleAlibabaCloud/AnsibleAlibabaCloud.py
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Update Packs/AnsibleLinux/Integrations/AnsibleACME/AnsibleACME.yml
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* editing azure readme
* editing azure readme
* editing ciscos readmes
* editing ciscos readmes
* Update Packs/AnsibleHetznerCloud/Integrations/AnsibleHCloud/README.md
* editing hcloud readme
* Update Packs/AnsibleKubernetes/Integrations/AnsibleKubernetes/README.md
* editing kubernetes readme
* editing linux readme
* editing windows readme
* editing windows readme
* editing vmware readme
* editing vmware readme
* editing vmware readme
* editing vmware readme
* editing vmware readme
* editing vmware readme
* editing vmware readme
* changing command examples
* fixing secrets
* fixing secrets and validations
* fixing secrets
* fixing secrets
* fixing secrets
* fixing rm108
* use title case for context
* fixing validations
* host argument collision fix
* whitespace
* revised doco for collided arg
* title case without underscores
* fix title case
8000
in documentation
* Title case in context path
* titlecase context paths
* correct display
* priv escalation details
* Capital letter in description
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
Co-authored-by: rsagi <rsagi@paloaltonetworks.com>
* reverting wrong changes
* fixing same playbook name
* skipping all integrations via conf.json
* fixing dependencies
* updating playbook-Windows_Application_Deployment_v2.yml
* updating playbook-Windows_Application_Deployment_v2.yml
* fixing names
* updating playbook-Wait_Until_Windows_Host_Online_v2.yml
* adding creds support
* adding creds support
* Merge branch 'master' into contrib/SergeBakharev_ansible_documentation&ApiModule
# Conflicts:
# Tests/conf.json
* disabling guardrails false positive
* adding creds support for hcould
Co-authored-by: SergeBakharev <serge.bakharev@gmail.com>
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
Co-authored-by: rsagi <rsagi@paloaltonetworks.com>
* [Marketplace Contribution] SendGrid - Content Pack Update (#14350) (#14507)
* "contribution update to pack "SendGrid""
* pack resubmitted
* pack resubmitted
* pack resubmitted
* fix cr
* fix cr
* Update RN
Co-authored-by: bachen <bachen@paloaltonetworks.com>
Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com>
Co-authored-by: bachen <bachen@paloaltonetworks.com>
* Incidents test playbook (#13848)
* adding scripts
* changes
* adding test
* adding using instance
* fixed test
* changed health ckeck script
* new playbook
* changing the playbook
* new playbook
* new playbook
* changed playbook and added new scripts from indicators pr
* fixed typo
* added one more fetch incidents integraion
* changes from demo
* fixes from cr
* Apply suggestions from code review
Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com>
* added release notes
* adding test to test-conf
* added readme
* Update VerifyEnoughIncidents.yml
* Update 1_2_2.md
* Update VerifyEnoughIncidents.yml
* changed test conf
* changed VerifyContextFieldsList to VerifyObjectFieldsList
* save little changes
* Update README.md
Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com>
Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com>
* Deprecated microsoft policy and compliance playbooks (#14378)
* Deprecated Azure and office365 playbooks, moving them to other pack.
* Updated release notes
* Updated release notes
* Wildfire polling enhancement (#13857)
* polling command
* report context
* report context
* report context
* report context
* report context
* report context
* UT
* UT
* Common Objects
* Common Objects
* deprecated: true
* upload assertment
* upload assertment
* TPB
* rn
* UT
* lint
* validtae
* validtae
* Delete lolo.xml
* Update Palo_Alto_Networks_WildFire_v2.yml
Done.
* Update 1_4_0.md
Done.
* RN
* yml fix
* Update Packs/Palo_Alto_Networks_WildFire/Integrations/Palo_Alto_Networks_WildFire_v2/Palo_Alto_Networks_WildFire_v2.py
Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>
* RN
* server logs
* server logs
* server logs
* server logs
* TPB
* TPB
* TPB
* added toversion to playbook
* added toversion to playbook
* added toversion to playbook
* added toversion to playbook
* added toversion to playbook
* added toversion to playbook
* added toversion to playbook
* added toversion to playbook
* fix sha256
* fix sha256
* fix sha256
* fix sha256
* fix sha256
* Merge branch 'master' into upload_list_content_item
# Conflicts:
# Tests/Marketplace/marketplace_constants.py
# Tests/Marketplace/marketplace_services.py
* fstring fix
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>
Co-authored-by: yaakovi <syaakovi@paloaltonetworks.com>
* [Marketplace Contribution] ConvertTimezoneFromUTC (#14512)
* "pack contribution initial commit" (#14384)
* fixed validate & lint
* Update Packs/ConvertTimezoneFromUTC/Scripts/ConvertTimezoneFromUTC/ConvertTimezoneFromUTC.py
* Update Packs/ConvertTimezoneFromUTC/Scripts/ConvertTimezoneFromUTC/ConvertTimezoneFromUTC.py
Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com>
Co-authored-by: cshayner <cshayner@paloaltonetworks.com>
Co-authored-by: ChanochShayner <57212002+ChanochShayner@users.noreply.github.com>
* fix typo (#14516)
* QRadar enhance ip commands (#14500)
* added support for ip arguments
* added args to readme
* Added rn
* small fixes to filter query
* reverted commenting
* Update Packs/QRadar/ReleaseNotes/2_0_22.md
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Update Docker Image To demisto/python3 (#14481)
* Updated Metadata Of Pack KasperskySecurityCenter
* Added release notes to pack KasperskySecurityCenter
* Packs/KasperskySecurityCenter/Integrations/KasperskySecurityCenter/KasperskySecurityCenter.yml Docker image update
* Updated Metadata Of Pack Shodan
* Added release notes to pack Shodan
* Packs/Shodan/Integrations/Shodan_v2/Shodan_v2.yml Docker image update
* Adding TPB of Kaspersky Security Center
* Updated Metadata Of Pack KasperskySecurityCenter
* Fixed build
* Added dbotscore to ip command + added readme file that was missing
* added dbotscore outputs to readme
* deleted use-case empty section
* removed unnecessary ignore
* Fixed cr comments
* added response_type to login
Co-authored-by: sberman <sberman@paloaltonetworks.com>
* Upload list content item (#14464)
* removed the gke tag from run-validations job
* adding list item
* adding list item
* widget fix
* testing
* testing
* testing
* testing
* typo fix
* revert testing changes
* revert testing changes
* revert testing changes
* Update Docker Image To demisto/python3 (#14522)
* Updated Metadata Of Pack ExpanseV2
* Added release notes to pack ExpanseV2
* Packs/ExpanseV2/Integrations/FeedExpanse/FeedExpanse.yml Docker image update
* Content mgmt bug fixes (#14459)
* bug fixes
* bug fixes
* rn
* metadata
* Update pack_metadata.json
* Update Packs/ContentManagement/ReleaseNotes/1_0_3.md
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
* Typo fix constnats upload (#14525)
* fix typo
* fix typo
* fix typo
* Update Docker Image To demisto/chromium (#14523)
* Updated Metadata Of Pack ExpanseV2
* Added release notes to pack ExpanseV2
* Packs/ExpanseV2/Scripts/ExpanseGenerateIssueMapWidgetScript/ExpanseGenerateIssueMapWidgetScript.yml Docker image update
* Fixed conflicts
Co-authored-by: sberman <sberman@paloaltonetworks.com>
Co-authored-by: Shelly Berman <45915502+Shellyber@users.noreply.github.com>
* ParseEmailFiles - added code for multiple mime encoding (#14076)
* added code for multiple encoding
* added code for multiple encoding - rn tests
* added code for multiple encoding - rn tests
* added code for multiple encoding - rn tests
* docker
* rn
* add replace logic
* add replace logic
* meta data
* fix test
* lint
* fix
* rn
* added default and force arguments, added a verification null bytes not on encoded string
* rn
* change debug
* add debug
* update
* update
* Update Docker Image To demisto/python3 (#14532)
* Updated Metadata Of Pack Armis
* Added release notes to pack Armis
* Packs/Armis/Integrations/Armis/Armis.yml Docker image update
* Updated Metadata Of Pack AttackIQFireDrill
* Added release notes to pack AttackIQFireDrill
* Packs/AttackIQFireDrill/Integrations/AttackIQFireDrill/AttackIQFireDrill.yml Docker image update
* Updated Metadata Of Pack BPA
* Added release notes to pack BPA
* Packs/BPA/Integrations/BPA/BPA.yml Docker image update
* Updated Metadata Of Pack Barracuda
* Added release notes to pack Barracuda
* Packs/Barracuda/Integrations/BarracudaReputationBlockListBRBL/BarracudaReputationBlockListBRBL.yml Docker image update
* Updated Metadata Of Pack BastilleNetworks
* Added release notes to pack BastilleNetworks
* Packs/BastilleNetworks/Integrations/BastilleNetworks/BastilleNetworks.yml Docker image update
* Updated Metadata Of Pack BitDam
* Added release notes to pack BitDam
* Packs/BitDam/Integrations/BitDam/BitDam.yml Docker image update
* Updated Metadata Of Pack BitSight
* Added release notes to pack BitSight
* Packs/BitSight/Integrations/BitSightForSecurityPerformanceManagement/BitSightForSecurityPerformanceManagement.yml Docker image update
* Updated Metadata Of Pack BluelivThreatCompass
* Added release notes to pack BluelivThreatCompass
* Packs/BluelivThreatCompass/Integrations/BluelivThreatCompass/BluelivThreatCompass.yml Docker image update
* Updated Metadata Of Pack BluelivThreatContext
* Added release notes to pack BluelivThreatContext
* Packs/BluelivThreatContext/Integrations/BluelivThreatContext/BluelivThreatContext.yml Docker image update
* Updated Metadata Of Pack Bonusly
* Added release notes to pack Bonusly
* Packs/Bonusly/Integrations/Bonusly/Bonusly.yml Docker image update
* Updated the Microsoft Graph API README (#14368)
* Updated the Microsoft Graph API README
Added the authorization process commands - msgraph-api-auth-start, msgraph-api-auth-complete, msgraph-api-test
* Update Packs/MicrosoftGraphAPI/Integrations/MicrosoftGraphAPI/README.md
Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>
Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>
Co-authored-by: ikeren <itay@demisto.com>
* Whois integration connectivity issue (#14519)
* test to recreate the bug
* bug fixed
* validate fix
* RN
* Update Packs/Whois/ReleaseNotes/1_2_4.md
Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>
* fixed proxy params in test.
Added more info to the proxy section in additional info
* Update Packs/Whois/Integrations/Whois/Whois.yml
Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>
* skip tests
* Revert "skip tests (#14455)"
This reverts commit 61bfafb9
* Indian domain test
* Indian domain fix
* rn
* Update Packs/Whois/ReleaseNotes/1_2_5.md
Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>
* checking for in tld in playbook-Whois-Test.yml
Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>
* Added several commands to Darktrace integration (#13905) (#14537)
* Added several commands to darktrace
* Update Darktrace.yml
* lint fixes
* Update Darktrace.py
* lint fixes
* Added readme, and changed some details on the outp
* Added example commands
* Added additional details in readme-file
* lint fix
* Updated command argument desc.
* upgrade the docker image
* upgrade docker image
* bump version
* Added release notes
* added outputs
* Added tests for alle commends with output
* Added a single iteration to skip the first result
* removed all instances of add-comment
* Added outputs_key_field
* Added secrets to ignore
* Update Packs/Darktrace/Integrations/Darktrace/README.md
Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com>
* Update Packs/Darktrace/Integrations/Darktrace/README.md
Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com>
* fix test
* lint fix
* Updated docs
* lint fix
* lint fix
Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com>
Co-authored-by: Solli <59604718+simmyno@users.noreply.github.com>
Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com>
* Update README.md (#14540)
* Update README.md (#14538)
* update README.md
Co-authored-by: Dorin-PM <89532307+Dorin-PM@users.noreply.github.com>
Co-authored-by: abaumgarten <abaumgarten@paloaltonetworks.com>
* Add Edit and Pin commands to SlackV3 (#14372)
* Add Edit and Pin commands to SlackV3
* Alexa v2 (#14072)
Added alexa v2 intgeration
* Unit42 sub-techniques (#14524)
* add parent to the sub thecnique name
* remove unrelated files
* RN
* version
* version
* Add UTs
* Fix UT
* Phishing - fixing dt + updating EWS/Gmail mappers (#14498)
* Strip labels and fix mail body dt script.
* Strip labels and fix mail body dt script.
* Adding fields to EWS mapper
* Fix dt on main playbook v5
* Changing Playbook inputs on "Process Email - Generic" from labels to fields
* Adding fields to Gmail mapper
* fixing EWS mapper name
* Phishing release notes
* Gmail release notes
* EWS release notes
* fixing EWS mapper id
* fix playbook id
* fix dt
* revert field to label in V6 playbook
* revert playbook inputs fields to labels in process email generic playbook
* release notes
* minor fix
* Update 2_4_1.md
Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com>
* Added new transformer script - StringToArray (#14536)
* Added new transformer script
* Added rn + bumped version and fixed linting
* Fixed import
* Fixed cr's and added tpb
* Added test to yml
* changed uuid to transformer name in tpb
* upload_code_coverage_report.py, initial add (#14302)
* upload_code_coverage_report.py, initial add
* Formatted file
* upload code coverage report in nightly
* Update .gitlab/ci/global.yml
Co-authored-by: eli sharf <57587340+esharf@users.noreply.github.com>
* fix syntax
* fix script
* fixup! fix script
* upload_code_coverage_report.py, initial add
* Formatted file
* upload code coverage report in nightly
* Update .gitlab/ci/global.yml
Co-authored-by: eli sharf <57587340+esharf@users.noreply.github.com>
* fix syntax
* fix script
* fixup! fix script
* fixup! fixup! fix script
* fix
* final fix
* improve
* fixup! improve
* Undelete line
* Rearrange erinstated lines
* Unit test
* Test files
* Format file
* Pythonify
* Format
* Update Utils/upload_code_coverage_report.py
Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>
* Use Tuple instead of Dict
* Format file
Co-authored-by: eli sharf <57587340+esharf@users.noreply.github.com>
Co-authored-by: esharf <esahrf@paloaltonetworks.com>
Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>
* [Marketplace Contribution] Palo Alto Networks Cortex XDR - Investigation and Response - Content Pack Update (#14550)
* "contribution update to pack "Palo Alto Networks Cortex XDR - Investigation and Response"" (#14505)
* fixed
* fixed
Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com>
Co-authored-by: abaumgarten <abaumgarten@paloaltonetworks.com>
* AlienVault USM - handle alarms with timestamp_occured (#14542)
* add test for alarm with timestamp_occured
* use timestamp_occured as incident occurred time
* Update Packs/AlienVault_USM_Anywhere/Integrations/AlienVault_USM_Anywhere/AlienVault_USM_Anywhere.py
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
* Update Packs/AlienVault_USM_Anywhere/Integrations/AlienVault_USM_Anywhere/AlienVault_USM_Anywhere.py
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
* Microsoft Graph Mail incoming mapper (#14468)
* new mapper + release notes
* Adding more fields
* removed the use-cases from all ansible packs (#14555)
* change channels:write to channels:manage scope SlackV3 (#14556)
* Cisco Umbrella Investigate - handle empty emails list returned in the domain command (#14541)
* add google.com to domain cmd test
* add support for multiple domains
* pass emails list instead of dict to tbtomd
* adjust test playbook
* build output per domain
* ignore type hint
* set isArray to true and add note about multiple domains to rn
* CommonServerPython - check if session exist before trying to close it (#14526)
* Cortex XDR - handle already blacklisted files (#14552)
* test blacklist-files
* handle err returned in case file already blacklistedd
* verify res is dict
* revert 3_0_25.md
* revert 3_0_25.md
* CrowdStrike API Integration (#12335)
* crowdstrike api integration initial commit
* call handle_proxy
* Update CrowdStrikeAPI.yml
Done.
* Update CrowdStrikeAPI.yml
Done.
* Update CrowdStrikeAPI_description.md
Done.
* Update README.md
Done.
* Update README.md
Done.
* bump docker image tag
* gco
* add test data
* fix test data filename
* bump docker image tag
* autopep8
* ignore E501
* rm config json
* add readme
* improve docs
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* Zscaler - handle returned URLs protocols (#14529)
* replace res urls from given ones
* add rn
* improve condition for matching url
* Symantec DLP - fix handling of fetch limit (#14561)
* test fetch incidents with limit less than num of dlp incidents returned
* fix fetch limit handling
* fix W293
* fix W293
* PP rule support (#14470)
* pp rule support
* testing
* fix name
* testing
* typo fix
* revert testing changes
* revert testing changes
* revert testing changes
* fix typo
* scheme verification
* Merge branch 'master' into upload_preprocessing_rule_content_item
# Conflicts:
# Tests/Marketplace/marketplace_constants.py
# Tests/Marketplace/marketplace_services.py
* Merge branch 'master' into upload_preprocessing_rule_content_item
# Conflicts:
# Tests/Marketplace/marketplace_constants.py
# Tests/Marketplace/marketplace_services.py
* added login to gcp, fixed a default argument (#14331)
* replaced the contrib checkout to use github api (#13676)
* replaced the contrib checkout to use GitHub REST API
* update UT
Co-authored-by: esharf <esahrf@paloaltonetworks.com>
* Thycotic dsv (#14475)
* Thycotic dsv (#11589)
* Init revision
* Init revision
* Add integration Thycotic Secret Server
* Delete comment block
* Add TestPlaybook
* Modify Tests/conf.json
Delete error files
* Delete file
* Add Test Playbook
* Update Packs/Thycotic/TestPlaybooks/Thycotic-Test.yml
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
* Update Tests/conf.json
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
* Update Packs/Thycotic/pack_metadata.json
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
* Update Packs/Thycotic/pack_metadata.json
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
* Change support contacts
* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.py
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.py
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.py
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.yml
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.yml
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
* Change description for output parameters
* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.yml
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.yml
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
* Fix
* Change exception message for command test_command
* Change description, add version Secret Server
* Add param proxy
* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.py
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.py
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
* Generate documentation for integration
* Change version for Secret Server in documentation
* Add param verify to class Client
* Add files via upload
* Add files via upload
* Add files via upload
* Updated Thycotic Integration
* Delete conf.json
* Regenerate Thycotc-Test
* Update Thycotic_test.py
* Update Thycotic.yml
* Update pack_metadata.json
Change tags
* Update README.md
* Update conf.json
* Update pack_metadata.json
* Update Thycotic.yml
Change description
* Update Thycotic.py
Change test_module
* Update Thycotic.py
Fix syntax error
* Update Thycotic_test.py
Fix UT
* Modify test command fetch-credential
* running format
* Add files via upload
Change description
* Update Thycotic_description.md
* Update Thycotic_description.md
* Add files via upload
Updated description for output paramets
* Init release for Thycotic DevOps Storage Vault
* Change description
* Fixed errors in descriptions.
* Fixed
* Add files via upload
* Fixed
* Add files via upload
* Add files via upload
* Fix description
* Add files via upload
* Add files via upload
* Fixed
* Add files via upload
* Add files via upload
* Add files via upload
* Delete ThycoticDSV.yml
* Add files via upload
* Delete ThycoticDSV.py
* Delete ThycoticDSV.yml
* Delete Packs/Thycotic directory
* Update pack_metadata.json
* Update descriptions
* Update descriptions
* Fix
* Markdown output
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
Co-authored-by: Guy Keller <33782301+guykeller@users.noreply.github.com>
Co-authored-by: guykeller <g12k34ppp>
* fixing docs
* added author image
Co-authored-by: Andrey Nikolaev <69254946+AndyNikolaev@users.noreply.github.com>
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
Co-authored-by: Guy Keller <33782301+guykeller@users.noreply.github.com>
Co-authored-by: guykeller <g12k34ppp>
* Splunk Fixes (#14568)
* fixed an issue in the outgoing mapper, fixed an issue in update-remote-system command
* improved documentation
* version bump
* cr fixes
* Fix Get endpoint details - Generic playbook (#14569)
* fix_playbook
* fix task
* Fix RN
* upload new image
* update image link
* Update 2_0_3.md
Done.
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* LogsignSiem Pack PR (#14565)
* LogsignSiem Pack PR (#13875)
* created logsignsiem pack
* added logsignsiem classifiers mapper files and deleted dockerfile
* fixed [PA126] validation warning
* fixed some description in yaml file
* deleted override http_request method and updated unittests
* fixed last_fetch parameter and updated tests
* removed unused variable
* fixed logsignsiem api description
* fixed logsignsiem api description
* added query parameter and help section and fixed get-columns-query on api
* fixed unittest func name
* fixed Flake8 error
* Update Packs/LogsignSiem/README.md
* deleted logsign-get-incident method, added default param to query
* rm integration setup from detailed desc
* set default classifier and mapper
Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>
* add author_image
Co-authored-by: Kerem <keremvatandas@gmail.com>
Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>
Co-authored-by: ikeren <itay@demisto.com>
* Update Docker Image To demisto/python3 (#14558)
* Updated Metadata Of Pack C2sec
* Added release notes to pack C2sec
* Packs/C2sec/Integrations/C2sec/C2sec.yml Docker image update
* Updated Metadata Of Pack CTIX
* Added release notes to pack CTIX
* Packs/CTIX/Integrations/CTIX/CTIX.yml Docker image update
* Updated Metadata Of Pack CVESearch
* Added release notes to pack CVESearch
* Packs/CVESearch/Integrations/CVESearchV2/CVESearchV2.yml Docker image update
* Updated Metadata Of Pack CarbonBlackProtect
* Added release notes to pack CarbonBlackProtect
* Packs/CarbonBlackProtect/Integrations/CarbonBlackProtect/CarbonBlackProtect.yml Docker image update
* Updated Metadata Of Pack CentrifyVault
* Added release notes to pack CentrifyVault
* Packs/CentrifyVault/Integrations/CentrifyVault/CentrifyVault.yml Docker image update
* Updated Metadata Of Pack Cherwell
* Added release notes to pack Cherwell
* Packs/Cherwell/Integrations/Cherwell/Cherwell.yml Docker image update
* Updated Metadata Of Pack CiscoESAIronPortEmailAPI
* Added release notes to pack CiscoESAIronPortEmailAPI
* Packs/CiscoESAIronPortEmailAPI/Integrations/CiscoIronPortEMailAPI/CiscoIronPortEMailAPI.yml Docker image update
* Updated Metadata Of Pack CiscoEmailSecurity
* Added release notes to pack CiscoEmailSecurity
* Packs/CiscoEmailSecurity/Integrations/CiscoEmailSecurity/CiscoEmailSecurity.yml Docker image update
* Updated Metadata Of Pack Claroty
* Added release notes to pack Claroty
* Packs/Claroty/Integrations/Claroty/Claroty.yml Docker image update
* Updated Metadata Of Pack CloudConvert
* Added release notes to pack CloudConvert
* Packs/CloudConvert/Integrations/CloudConvert/CloudConvert.yml Docker image update
* Added dbotscore outputs to yml and readme
Co-authored-by: sberman <sberman@paloaltonetworks.com>
* IAM Group Sync - Slack & Okta (#13550)
* changes
* fixes and changes
* fixes and changes
* RN
* remove test functions
* lint
* fix
* fix
* command result
* fix
* fix
* changes
* Merge branch 'master' into slack-iam
# Conflicts:
# Packs/Okta/ReleaseNotes/2_2_2.md
# Packs/Slack/ReleaseNotes/2_1_2.md
* in progress
* some minor changes
* RN conflicts fix
* RN conflicts fix
Co-authored-by: Dan Tavori <dtavori@paloaltonetworks.com>
Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com>
* fixing dups and typos (#14578)
* fix upload-flow bug in collect_content_items (#14579)
* qradar: fix aql link (#13902)
Co-authored-by: glicht <glicht@users.noreply.github.com>
* ran update conf script to generate full conf. Deleted from build call to script (#14583)
* Prisma Cloud playbooks bug fix (#14511)
* Prisma Cloud playbooks bug fix
* updated release notes
* Edited playbooks structure and added new photos
* Updated image names
* Added new links to images
* Nightly test failure skippings (#14557)
* Skipped the following tests: "iDefense_v2_Test", "EWS Mail Sender Test", "McAfee ESM v2 - Test v10.3.0", "AzureADTest", "AWS - IAM Test Playbook", "Feed iDefense Test", "FireEyeNX-Test", "McAfee ESM v2 - Test v10.2.0", "McAfee ESM Watchlists - Test v10.3.0", "McAfee ESM Watchlists - Test v10.2.0", "Microsoft Teams Management - Test"
* reverted integration changes
* reverted
* Skipped the following tests: "Zscaler Test", "palo_alto_panorama_test_pb"
* Update from master
* Skipped the following tests: "LogRhythm REST test", "Cisco Umbrella Test"
* Skipped the following tests: "Cisco Umbrella Test", "LogRhythm REST test"
* Skipped the following tests: "Detonate URL - WildFire v2.1 - Test", "LogRhythm REST test"
* Skipped the following tests: "Detonate URL - WildFire v2.1 - Test", "LogRhythm REST test"
* merge from master
* merge from master
Co-authored-by: ShahafBenYakir <shahaf.benyakir@demisto.com>
* ParseEmailFiles - roll back to multiple encoding part (#14585)
* roll back
* rn
* du
* test
* Update Packs/CommonScripts/Scripts/ParseEmailFiles/ParseEmailFiles_test.py
Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com>
Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com>
* Update Threat Intel objects and their score (#14587)
* Test DONT Merge
* Test DONT Merge
* test
* Add to Threat Intel
* Update Threat Intel Objs and Score
* remove unrelated files
* docker update
* CrowdStrike falcon enhancement (#14476)
Added new commands for CrowdStrike falcon integration:
- ***cs-falcon-create-host-group***
- ***cs-falcon-update-host-group***
- ***cs-falcon-list-host-group-members***
- ***cs-falcon-add-host-group-members***
- ***cs-falcon-remove-host-group-members***
- ***cs-falcon-list-host-groups***
- ***cs-falcon-delete-host-groups***
* Active Directory Query v2 - fixed an issue where group name includes parentheses (#14451)
* unskip LogRhythm REST test (#14596)
* ArcSight ESM - add the eventFieldsToStringify arg to get-case cmd (#14553)
* add the eventFieldsToStringify arg to get-case cmd
* fix W293
* rm fieldstostringify and cast to str every large int
* fix notes and docs
* bump docker image
* fix docker image
* [Bug] Maltiverse returns error when file command has no proccess_list (#14517)
* adding test that fails
* replace [] with get
* added rn
* Update Packs/Maltiverse/ReleaseNotes/1_0_7.md
Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>
* fixed typo in rn
* added given when then to test
Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>
* Add markdown images support in sanePdfReport (#14508)
* Add markdown images support in sanePdfReport
* Verify server object before closing the server
* Start markdown server only if demisto version is ge 6.5
* Add markdown server unit test
* update sane-pdf-reports image version in RN
* Update 1_13_28.md
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>
* Update Docker Image To demisto/carbon-black-cloud (#14605)
* Updated Metadata Of Pack CarbonBlackDefense
* Added release notes to pack CarbonBlackDefense
* Packs/CarbonBlackDefense/Integrations/CarbonBlackLiveResponseCloud/CarbonBlackLiveResponseCloud.yml Docker image update
* Update Docker Image To demisto/boto3py3 (#14609)
* Updated Metadata Of Pack SecurityIntelligenceServicesFeed
* Added release notes to pack SecurityIntelligenceServicesFeed
* Packs/SecurityIntelligenceServicesFeed/Integrations/SecurityIntelligenceServicesFeed/SecurityIntelligenceServicesFeed.yml Docker image update
* Update Docker Image To demisto/cyjax (#14607)
* Updated Metadata Of Pack FeedCyjax
* Added release notes to pack FeedCyjax
* Packs/FeedCyjax/Integrations/FeedCyjax/FeedCyjax.yml Docker image update
* Fixed fetch to include max fetch + time range as part of api query (#14599)
* GitHub Releases List Command (#14480)
* added command, yml, unit test
* added test file data
* added task of new command to TPB
* added rn
* add README command entry
* removed dor username from test data
* validation fix
* dan cr notes
* lint fixes
* Added extra check since some eml files where still passing (#14600)
* Added extra check since some eml files where still passing (#14545)
* Added extra check since some eml files where still passing
* - Update metadata
- Add releasenotes
Co-authored-by: Aviya Baumgarten <71635916+abaumgarten@us
7B60
ers.noreply.github.com>
* update RN
* update RN
Co-authored-by: Steven Goossens <steven@teamg.be>
Co-authored-by: Aviya Baumgarten <71635916+abaumgarten@users.noreply.github.com>
Co-authored-by: abaumgarten <abaumgarten@paloaltonetworks.com>
* Update Docker Image To demisto/google-api-py3 (#14608)
* Updated Metadata Of Pack GoogleCloudSCC
* Added release notes to pack GoogleCloudSCC
* Packs/GoogleCloudSCC/Integrations/GoogleCloudSCC/GoogleCloudSCC.yml Docker image update
* Update Docker Image To demisto/crypto (#14604)
* Updated Metadata Of Pack AzureSQLManagement
* Added release notes to pack AzureSQLManagement
* Packs/AzureSQLManagement/Integrations/AzureSQLManagement/AzureSQLManagement.yml Docker image update
* Updated Metadata Of Pack X509Certificate
* Added release notes to pack X509Certificate
* Packs/X509Certificate/Scripts/CertificateExtract/CertificateExtract.yml Docker image update
* Added test to script yml
Co-authored-by: sberman <sberman@paloaltonetworks.com>
* Microsoft Teams bug fixes and improvements (#14548)
* Microsoft Teams bug fixes and improvements (#14543)
* Add support for full width
* Add support for Informational threshold
* Fix bug with auto_notifications
* Update release notes
* Change default for 'auto_notifications' to false
* changed parameter to be disable instead of enable
* Update readme
* possible test fixes
* lint fixes for severity to float
Co-authored-by: tneeman <tneeman@paloaltonetworks.com>
* cr fixes
* added microsoft teams TPB to conf json, although skipepd (for validation)
Co-authored-by: Paul D <88715381+nb-pdragoi@users.noreply.github.com>
Co-authored-by: tneeman <tneeman@paloaltonetworks.com>
* Update Docker Image To demisto/python3 (#14602)
* Updated Metadata Of Pack C2sec
* Added release notes to pack C2sec
* Packs/C2sec/Integrations/C2sec/C2sec.yml Docker image update
* Updated Metadata Of Pack CTIX
* Added release notes to pack CTIX
* Packs/CTIX/Integrations/CTIX/CTIX.yml Docker image update
* Updated Metadata Of Pack CVESearch
* Added release notes to pack CVESearch
* Packs/CVESearch/Integrations/CVESearchV2/CVESearchV2.yml Docker image update
* Updated Metadata Of Pack CarbonBlackProtect
* Added release notes to pack CarbonBlackProtect
* Packs/CarbonBlackProtect/Integrations/CarbonBlackProtect/CarbonBlackProtect.yml Docker image update
* Updated Metadata Of Pack CentrifyVault
* Added release notes to pack CentrifyVault
* Packs/CentrifyVault/Integrations/CentrifyVault/CentrifyVault.yml Docker image update
* Updated Metadata Of Pack Cherwell
* Added release notes to pack Cherwell
* Packs/Cherwell/Integrations/Cherwell/Cherwell.yml Docker image update
* Updated Metadata Of Pack CiscoESAIronPortEmailAPI
* Added release notes to pack CiscoESAIronPortEmailAPI
* Packs/CiscoESAIronPortEmailAPI/Integrations/CiscoIronPortEMailAPI/CiscoIronPortEMailAPI.yml Docker image update
* Updated Metadata Of Pack CiscoEmailSecurity
* Added release notes to pack CiscoEmailSecurity
* Packs/CiscoEmailSecurity/Integrations/CiscoEmailSecurity/CiscoEmailSecurity.yml Docker image update
* Updated Metadata Of Pack Claroty
* Added release notes to pack Claroty
* Packs/Claroty/Integrations/Claroty/Claroty.yml Docker image update
* Updated Metadata Of Pack CloudConvert
* Added release notes to pack CloudConvert
* Packs/CloudConvert/Integrations/CloudConvert/CloudConvert.yml Docker image update
* Added dbotscore outputs to yml and readme
* Updated Metadata Of Pack APIVoid
* Added release notes to pack APIVoid
* Packs/APIVoid/Integrations/APIVoid/APIVoid.yml Docker image update
* Updated Metadata Of Pack AlienVault_OTX
* Added release notes to pack AlienVault_OTX
* Packs/AlienVault_OTX/Integrations/AlienVault_OTX_v2/AlienVault_OTX_v2.yml Docker image update
* Updated Metadata Of Pack Anomali_Enterprise
* Added release notes to pack Anomali_Enterprise
* Packs/Anomali_Enterprise/Integrations/Anomali_Enterprise/Anomali_Enterprise.yml Docker image update
* Updated Metadata Of Pack AnsibleTower
* Added release notes to pack AnsibleTower
* Packs/AnsibleTower/Integrations/AnsibleTower/AnsibleTower.yml Docker image update
* Updated Metadata Of Pack AutoFocus
* Added release notes to pack AutoFocus
* Packs/AutoFocus/Integrations/FeedAutofocus/FeedAutofocus.yml Docker image update
Co-authored-by: sberman <sberman@paloaltonetworks.com>
* Update FortiAuthenticator with fixes and enhancements (#14590)
* Update FortiAuthenticator with fixes and enhancements (#14430)
* Create 1.0.1.md
release notes for updates.
* Update README.md
updated for additional command arguments
* Update FortiAuthenticator.yml
updated with additional arguments to existing commands
* Update FortiAuthenticator.py
code update for adding additional arguments to existing commands
* Update pack_metadata.json
* Update FortiAuthenticator.py
* Update FortiAuthenticator.yml
* Update FortiAuthenticator.py
* Create 1_0_1.md
* Delete 1.0.1.md
* Update Packs/FortiAuthenticator/Integrations/FortiAuthenticator/README.md
Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com>
* Update Packs/FortiAuthenticator/ReleaseNotes/1_0_1.md
Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com>
* Apply suggestions from code review
Changes per docs-review
Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com>
Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>
* update docker version
* update RN
Co-authored-by: Jason Lo <85333433+jasonlo82@users.noreply.github.com>
Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com>
Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>
* add hello world test (#14611)
* remove ownership (#14614)
* ironbank enhancements to GitLab integration (#14376)
* ironbank enhancements to gitlab integration
* cr fixes
* changed 'in' arg name to 'scope'
* Added pack adoption notice. (#14613)
* Added pack adoption notice. (#14612)
* Added pack adoption notice.
* Apply suggestions from code review
Co-authored-by: Aviya Baumgarten <71635916+abaumgarten@users.noreply.github.com>
Co-authored-by: Aviya Baumgarten <71635916+abaumgarten@users.noreply.github.com>
* update RN
Co-authored-by: Kaushal Shah <shah.kaushal95@gmail.com>
Co-authored-by: Aviya Baumgarten <71635916+abaumgarten@users.noreply.github.com>
Co-authored-by: abaumgarten <abaumgarten@paloaltonetworks.com>
* GetIndicatorDBotScoreFromCache - handle KeyError (#14531)
* - Fixed an issue where the reliability of the indicator was not defined.
* Updated the Docker image
* added test playbook which reproduces the issue
* fixed test playbook
* fixed
* update rn
* update version
* update docker
* resolved conflicts
* added to conf.json
* TwitterSOARx Integration Addition (#14591)
* TwitterSOARx Integration Addition (#13994)
* Create README.md
* Create pack-ignore
* Rename pack-ignore to .pack-ignore
* Add files via upload
* Create .secrets-ignore
* Add files via upload
* Add files via upload
* Add files via upload
* Create TwitterSOARx_description.md
* Add files via upload
* Add files via upload
* Add files via upload
* Add files via upload
* Create delete
* Add files via upload
* Create delete
* Delete delete
* Delete delete
* Update TwitterSOARx.yml
Modified docker image now that the tweepy image has been uploaded
* Rename TwitterSOARx.yml to integration-TwitterSOARx.yml
* Update TwitterSOARx.py
* Update integration-TwitterSOARx.yml
* Update TwitterSOARx.py
* Update integration-TwitterSOARx.yml
* Update TwitterSOARx.py
* Update integration-TwitterSOARx.yml
* Update TwitterSOARx.py
* Update integration-TwitterSOARx.yml
* Update Packs/TwitterSOARx/Integrations/integration-TwitterSOARx.yml
* Update Packs/TwitterSOARx/Integrations/integration-TwitterSOARx.yml
* rm integration- prefix
* mv py to dir
* mv yml to dir
* mv desc to dir
* Rename Packs/TwitterSOARx/Integrations/command_examples.txt to Packs/TwitterSOARx/Integrations/Twitter/command_examples.txt
* Update Packs/TwitterSOARx/pack_metadata.json
* rm title from readme
* import csp
* handle E0211 and E0213
* Update Twitter.py
Removed print statement
* Update Twitter.yml
* Delete LICENSE
Deleted LICENSE file, as per requested by Itay4
* Update Twitter.py
* Update Twitter.py
* Delete TwitterSOARx_image.png
* Add files via upload
* Update README.md
* Update Twitter.py
Added test module, made a couple resolutions to flake errors
* Update Twitter.py
* Delete TwitterSOARx Testing Documentation.docx
* Delete TwitterSOARx Design Document.docx
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
modified test results
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* Update Twitter.py
* init client
* rm `BaseClient` heritage and `self` from command calls
* ignore attr-defined on urllib.parse.quote
* rm title from detailed desc
* add integration readme
* clean pack readme
Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>
* rename pack dir name
Co-authored-by: Christian Brake <85197027+cbrake1@users.noreply.github.com>
Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>
Co-authored-by: ikeren <itay@demisto.com>
* Threat Intel Report - add fields and improve view (#14564)
* add type, status fields and update dashboard
* bump to 1.0.1 and add rn
* fmt module and add dashboard rn
* updated type and layout for test
* revert threat actor type changes
* sdk 1.4.9 (#14615)
* Update dev-requirements-py3.txt
* Update dev-requirements-py3.txt
Co-authored-by: tomneeman151293 <70005542+tomneeman151293@users.noreply.github.com>
* Bc support content side (#13924)
* added logic, and unit tests
* added tests, added docs, moved bc func call
* Update Tests/Marketplace/marketplace_services.py
Co-authored-by: Guy Freund <53565845+guyfreund@users.noreply.github.com>
* freund requests
* fixed typos, fixed validate failures
* flake8 fixes line too long
* started re-adding BC logic
* added tests
* added the files to git
* indents
* fix failures
* fixed another test failure
* Update Tests/Marketplace/release_notes_bc_calculator.py
Co-authored-by: Noy-Maimon <72340690+Noy-Maimon@users.noreply.github.com>
* Update Tests/Marketplace/release_notes_bc_calculator.py
Co-authored-by: Noy-Maimon <72340690+Noy-Maimon@users.noreply.github.com>
* added renaming of var
* filtered from modified the json files in ReleaseNotes
* freund cr fixes
* freund cr fixes
* deleted added test file. test files were added to mp tests
* fix all occurrences of changed naming
* dan cr fixes
* upload test: edited existing RN
* reverted upload test 1
* upload test: new RN without BC
* test case 2: RN with BC
* added some logs for checks
* using custom sdk version to add artifacts support
* using custom sdk version to add artifacts support
* validating against sdk create artifacts
* test case 3: multipe rn, some bc, some not
* fixing fraudwatch version
* reverted all changes for tests
* noy CR fixes
Co-authored-by: Guy Freund <53565845+guyfreund@users.noreply.github.com>
Co-authored-by: Noy-Maimon <72340690+Noy-Maimon@users.noreply.github.com>
Co-authored-by: guyfreund <gfreund@paloaltonetworks.com>
* Azure ad graph fetch (#14352)
* Hello Azure AD Pack
* Initial commit for AzureADIP
* list_risky_users works, list_risks broke?
* renamed to AzureADIdentityProtection, added all commands to yml
* corrected scope
* yaml update
* renamed command
* code formatting
* riskyUserHistory
* confirm compromised
* dismiss
* Generic query_list, passes validation
* prettier code
* reverted MicrosoftApiModule.yml to master
* removed redundant spaces
* filter_arguments is optional
* Update MicrosoftApiModule.yml
added newline to pass validations (no idea why it was removed)
* DT
* limit default in yml
* permission comment
* permission comment
* OData syntax comment
* login instructions in description
* country field description
* filter description
* filter description
* removed header, added missing risky-user-list arguments
* updated prefix, fixed nextLink parsing, added next_link_description
* updated prefix
* formatting
* formatting
* query_list docstrings
* separated querying from parsing results, renamed client to AADClient
* basic test
* parametrized list test
* risky users test
* risky_users_history_list test
* unit tests done
* passes linter
* moved comment
* moved comment
* removed resource group (unnecessary)
* added first_headers to tableToMd
* changed first_headers
* first_headers RN
* lint fix (e126)
* lint fix (126)
* redundant `or`
* updated beta notice
* updated description
* fixed RM100
* changed prefix
* updated permission notice
* filter_arguments now a list
* corrected context prefix
* corrected context paths
* yaml outputs, docs, example_commands
* base rn
* IPs
* fixed tests,removed unused comment
* ip
* updated userPrincipalName, pack name
* Confirm-compromised marked harmful
* test playbook
* readme
* lint: indentations
* Test playbook
* Test playbook fromversion
* CR: return_error message
* CR: inherit MSClient
* CR: inherit MSClient
* docs fix
* docs fix
* test_list unit test
* moved first_headers from CSP to AzureADGraph
* reverted CSP changes
* lint
* lint
* header orderˆ
* val to obj
* "1 results" -> "1 result", improved parse_list tests
* corrected id
* indentation change
* moved @ part to constructor head
* fixed name
* added auth-complete human-readable to markdown
* time argument parsing
* time argument parsing
* Update AzureADIdentityProtection_description.md
* Update AzureADIdentityProtection.yml
done
* Update AzureADIdentityProtection_description.md
done
* Update README.md
done
* Update README.md
done
* fetch-incidents, initial add
* extract method from azure_ad_identity_protection_risk_detection_list for fetch
* Fetch configuration
* Create incidents
* Cleaner code
* Fix incident occurred value
* IncidentType, initial add
* Mapper
* Layout
* Fixed mapper
* incident name
* Mapper
* Removed test data
* Update Packs/AzureActiveDirectory/Integrations/AzureADIdentityProtection/AzureADIdentityProtection.yml
Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com>
* Support fetch pagination
* Updated Release Notes
* New common incident fields
* yml validations
* Format
* Format
* Format
* Updated Release Notes
* Fixed package name
* Align with Pack name
* Align pack name
* Fix json
* Align pack name
* Align Pack name
* Align Pack name
* Test fetch
* Test same fetch time
* Added missing import
* Fix test
* Missing var
* Unit tests
* Unit tests
* Classifier keyTypeMap
* Cleaner code
* Remove unused command
* A minor version update
* Update Tests/conf.json
Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com>
* Integration name
* Short incident name
* Fix test
* Fix test
* Release notes
* Updated release notes
* Format release notes
Co-authored-by: dschwartz <dschwartz@paloaltonetworks.com>
Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com>
Co-authored-by: shannon-holland <84771356+shannon-holland@users.noreply.github.com>
Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com>
* Skipped the following tests: "Domain Enrichment - Generic v2 - Test" (#14626)
* Update Docker Image To demisto/zabbix (#14635)
* Updated Metadata Of Pack Zabbix
* Added release notes to pack Zabbix
* Packs/Zabbix/Integrations/Zabbix/Zabbix.yml Docker image update
* Update Docker Image To demisto/intezer (#14633)
* Updated Metadata Of Pack Intezer
* Added release notes to pack Intezer
* Packs/Intezer/Integrations/IntezerV2/IntezerV2.yml Docker image update
* Update Docker Image To demisto/tesseract (#14632)
* Updated Metadata Of Pack ImageOCR
* Added release notes to pack ImageOCR
* Packs/ImageOCR/Integrations/ImageOCR/ImageOCR.yml Docker image update
* Fireeye ETP - handle unicode chars (#14622)
* add test for unicode chars in alert
* set system default encoding
* Update Packs/FireEyeETP/ReleaseNotes/1_0_4.md
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
* Update Docker Image To demisto/trustar (#14634)
* Updated Metadata Of Pack TruSTAR
* Added release notes to pack TruSTAR
* Packs/TruSTAR/Integrations/TruSTAR_V2/TruSTAR_V2.yml Docker image update
* Coverage enforce 2 (#14625)
* git
* Format code
* Fix indentations
* Update Docker Image To demisto/greynoise (#14631)
* Updated Metadata Of Pack GreyNoise
* Added release notes to pack GreyNoise
* Packs/GreyNoise/Integrations/GreyNoise/GreyNoise.yml Docker image update
* Packs/GreyNoise/Integrations/GreyNoise_Community/GreyNoise_Community.yml Docker image update
* Improve stale branch deletion script (#14636)
Co-authored-by: avidan-H <>
* AlienVault OTX v2 - handle non lower-case URLs and insecure err msg (#14598)
* add test for HTTP
* handle no status_code and lowercase url
* fix url arg passed in the unit test
* lowercase url protocol
* adjust test
* adjust readme
* fix e731
* add type hints
* fix W291 and E305
* fix raise
* use non private ip in test
* bump to 1.1.8
* Update Packs/AlienVault_OTX/Integrations/A…