Wiz - XSOAR | Add detections #393
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* CTM360 Pack Update - Fetch Evidence (demisto#39550) * Add new main playbook version (v3) * Add new playbook to be used as subplaybook * Update incident type to use new playbook version * Update README & integration to support screenshots * Add tests and test data for new addition * Update pack minor version and release notes * Update .pack-ignore * Update .pack-ignore again * Update Packs/CTM360-CyberBlindspot/ReleaseNotes/2_2_0.md Co-authored-by: Moshe Eichler <[email protected]> * Run `demisto-sdk format` on new playbooks * Fix bug causing setting to always be set to True * Update new command's output context * Fix timestamp not showing in markdown table * No duplicate fetching and early return * Ran format against config and regen. docs after --------- Co-authored-by: Moshe Eichler <[email protected]> * Fix RN * ignore 440 --------- Co-authored-by: S. AlQasim D. <[email protected]> Co-authored-by: Moshe Eichler <[email protected]> Co-authored-by: meichler <[email protected]>
* fix playbook conditions * RN * silent fix * fix type in 3 playbooks
Update NVDv2 to Support CVSS version 4.0 - most updated version of the Common Vulnerability Scoring System standard. Co-authored-by: Shelly Tzohar <[email protected]> --------- Co-authored-by: Shelly Tzohar <[email protected]>
* Rubrik Release 1.5.0 * Fix pre-commit errors * Updated the release notes as per PR review comments * removed the modified key from the activity type incident field * Updated the Integration README for known limitations --------- Co-authored-by: Crest Data <[email protected]> Co-authored-by: crestdatasystems <[email protected]> Co-authored-by: Moshe Eichler <[email protected]>
* Add Lookback * CR issues
* final version * add new fields to detection types * without iom and ioa * remove ioa and iom logic from fetch-events function * remove ioa and iom fetch type from instance configuration window only for xsiam * fix pre commit errors * remove is_fetch_events function and create a new parameter instead * change fetch types query text
* consent * rn * fixes * fix * fix * Bump pack from version CortexResponseAndRemediation to 1.1.38. * Bump pack from version CortexResponseAndRemediation to 1.1.39. * fix * Bump pack from version CortexResponseAndRemediation to 1.1.40. * review fixes * fix * fix --------- Co-authored-by: Content Bot <[email protected]>
* Created ModelingRules
* remove beta * RN * rn * rn * update docker image
* added logs to snowflake * reproduce the issue * revert logs and add fix * added rn * added tests * validate fixes * validate fixes * remove * added tests * added tests * added tests
… context filters. (demisto#39607) (demisto#39764) * Merge * revert package-lock.json * Fixed an issue where caching was not working when using context filters. * Update RN * Updated the Docker image. * fix Co-authored-by: Masahiko Inoue <[email protected]>
* type fix * added RN * additional logs * docker update * fix rn
* Implement newly-observed-hostnames(NOH) feeds * Update release notes * Bump release notes * Update README Co-authored-by: Bri <[email protected]>
* ReversingLabs TitaniumCloud v2.7.0 (demisto#39602) * Update version to 2.4.4 * Update readme * Fix minor bugs in classification commands. * Add the contributors file * Add release notes * Add progress * !file command done * !url command done * !ip command done * !domain command done * Update the docker image * Create release notes * Update command examples * Update the version * Update the readme * Update the user agent * Edit release notes * Add isArray: true * Add the contributors file * Update Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.yml Co-authored-by: Moshe Eichler <[email protected]> * Update Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.yml Co-authored-by: Moshe Eichler <[email protected]> * Update Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.py Co-authored-by: Moshe Eichler <[email protected]> * Update release notes * Add config section order * Update YAML return types * Update the version in the user agent string * Update test data * Update tests * Update tests --------- Co-authored-by: Moshe Eichler <[email protected]> * ignore 400 * ignore 440 --------- Co-authored-by: Mislav Sever <[email protected]> Co-authored-by: Moshe Eichler <[email protected]> Co-authored-by: meichler <[email protected]>
* required yml fields to allow mapping * added markdownlint hook to pre commit * Revert Microsoft365Defender.yml to match master * mdx-validation * invalid.md test file * valid * invalid + run on mdx * changed files * invalid readme * modified is_html_doc * for file in $(git ls-files '*.md') * refactor test * refactor test * refactor test * refactor test * Validate MDX for README.md files * Validate MDX for README.md files * Validate MDX for README.md files * Validate MDX for README.md files * fix * only changed files * changed * the EOF delimiter should be alone on its own line without quotes * `EOF' * Validate README.md files * Validate README.md files * Validate README.md files * check which files are returne * Validate Root README.md with MDX * Validate All README.md Files with MDX * removed echo - too long * removed echo - too long * all of them * removed echos * eof * fi * done * pass file * collect errors * collect errors * collect errors * collect errors * collect errors * check if html * fix mdx * dependencies * read entire file + html placeholders * exclude node mosules * exclude node mosules * validate-mdx hook init * markdown lint version * markdown lint version * markdown lint version * Test commit * stage * validate mdx custom hook * validate mdx custom hook * validate mdx custom hook added to template * removed unnecessery logs * html should pass validation * modified logs * removed the workflow * removed top of file * require_serial: true * require_serial: true revert * - "@mdx-js/mdx@^1.6.22" * require_serial: true * markdownlint hook for readmes * test readme * removed unneccesery logs * mdx-validation versioning * delete test * revert README.md * remove pre-commit-config * revert test readme * frop require serieal * demo comments * demo comments * html rules * excluded non fixable > 150 occurences rules * md042 * MD052 and MD036 excluded * updated markdownlint * use markdownlint-cli2 * "default": false dont allow any rules * Revert "md042" This reverts commit f0ce628. * added rules that currently aren't violated in content * Revert "added rules that currently aren't violated in content" This reverts commit cde0a8a. * added rules that trigger 0 erros in our repo (demisto#39393) * Ciac 11349 md039 (demisto#39363) * fixed MD039 * added rule MD039 * Ciac 11349 md042 (demisto#39365) * md042 * added MD042 to rules * added MD042 to rules * Ciac 11349 md025 (demisto#39366) * added MD025 to rules * manual fixes * Ciac 11349 md005 (demisto#39367) * manual fixes * added rule * auto fix * disable md005 fp * remove dot * Ciac 11349 md052 (demisto#39368) * added md052 * disabled md052 fp * pre commit * pr comments - use power of async with promises * pre commit * pre commit * rn * clean up * updated rn * validate * rn * rn * Bump pack from version MicrosoftGraphSecurity to 2.2.27. * Bump pack from version AzureSQLManagement to 1.2.7. * Bump pack from version MicrosoftGraphAPI to 1.1.56. * Update 1_2_8.md * Update 1_0_4.md * Update 1_0_14.md * Update 1_0_17.md * Update 1_5_45.md * Update 1_3_8.md * Update 1_4_9.md * Update 1_0_14.md * Update 1_1_46.md * Update 1_2_7.md * Update 1_3_8.md * Update 1_2_39.md * Update 1_2_33.md * Update 1_2_9.md * Update 1_0_4.md * Update 1_1_31.md * Update 1_0_17.md * Update 1_1_56.md * Update 1_6_26.md * Update 2_2_27.md * Update 1_5_45.md * Update 1_3_54.md * Update 1_0_19.md * update docker image * update docker image rn * latest image * latest image * Bump pack from version AzureWAF to 1.2.10. * <!-- markdownlint-enable MD005 --> * Packs/XQLDSHelper/Scripts/XQLDSHelper/XQLDSHelper.yml: [DO106] - docker image demisto/python3:3.11.11.1940698's tag 3.11.11.1940698 is outdated. The latest tag is 3.12.8.1983910 * Packs/XQLDSHelper/Scripts/XQLDSHelper/XQLDSHelper.yml: [DO106] - docker image demisto/python3:3.11.11.1940698's tag 3.11.11.1940698 is outdated. The latest tag is 3.12.8.1983910 * GR107 ignore * GR107 ignore * rn * rn * Update 1_4_8.md * Update 1_0_14.md * Update 1_1_46.md * Update 1_1_30.md * Update 1_2_8.md * Update 1_5_25.md * rn * rn * Bump pack from version XQLDSHelper to 1.0.7. --------- Co-authored-by: Content Bot <[email protected]>
demisto#39761) * microsoftTeams - microsoft-teams-message-send-to-chat message_type argument removal (hidden) * pc * cr * bc + pr * dr
* added the label ready-for-pipeline-running to internal * updtae the security reviewer
* New pack - Cortex CloudSec * Update Packs/CortexCloudSec/pack_metadata.json * Update Packs/CortexCloudSec/pack_metadata.json * Update Packs/CortexCloudSec/Integrations/AWS/AWS.yml * Apply suggestions from code review * incorporated suggested changes. * - Addressed review comments - Added unit tests - minor bug fixes * Update README.md * - Import changes - variable renames - Incorporate suggested changes * - made session name optional - added integration documentation. * Renamed package and integration * update Integration image * - Incorporate suggestions - documentation fixes * bug fixes * yaml updates. * rename pack to AWS * Apply suggestions from code review * add test case * exclude main from unit test requirement * Update demisto/boto3py3 tag to latest image --------- Co-authored-by: abaansalpanw <[email protected]> Co-authored-by: barryyosi-panw <[email protected]> Co-authored-by: Menachem Weinfeld <[email protected]>
* added fix * added RN * added description * Update Packs/PAN-OS/ReleaseNotes/2_3_12.md Co-authored-by: Sasha Sokolovich <[email protected]> * description added to the input * build fixes * fix --------- Co-authored-by: Sasha Sokolovich <[email protected]>
Remove invalid utf-8 characters in the splunk-search output before parsing the data.
* Fix ews-get-attachment returning CommandResults directly instead of return_results * Docker and RN * Added docstring to test case
…#39753) * pb * format * rn and playbook line improve * format * fixed from cr * IsExists -> isNotEmpty * removed marketplaces key from script, it should inherit from CommonScripts and causes dependency issue in build * RN for CommonScripts * Added RM116 since the pb img is correct
* version bump rn docker bump * added support for XSIAM MP * pre-commit add yml collect section * layout to support XSOAR only because of LO107 on types evidenceBoard, relatedIncidents. * adding RN * added section order * Add platform mp. RN hide irrelevant RN and mark specific XSIAM RN * docker image.
* first commit * add docs * pre-commit fixes * pre-commit fixes * Update Packs/Core/Integrations/CortexCoreIR/CortexCoreIR.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/CortexCoreIR.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/README.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/CortexCoreIR.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/CortexCoreIR.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/README.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/Core/ReleaseNotes/3_2_31.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/README.md Co-authored-by: ShirleyDenkberg <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/README.md Co-authored-by: ShirleyDenkberg <[email protected]> * fix typo error * Bump pack from version Core to 3.2.32. * add release notes * add release notes * add release notes * Bump pack from version CortexXDR to 6.2.18. * Bump pack from version ctf01 to 1.0.41. * Update Packs/ctf01/ReleaseNotes/1_0_41.md Co-authored-by: Shachar Kidor <[email protected]> * Update Packs/CortexXDR/ReleaseNotes/6_2_18.md Co-authored-by: Shachar Kidor <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/CortexCoreIR.yml Co-authored-by: Shachar Kidor <[email protected]> * Update Packs/Core/ReleaseNotes/3_2_32.md Co-authored-by: Shachar Kidor <[email protected]> * change yml and readme * add ignore * fixes for CR * add release notes * Bump pack from version Core to 3.2.33. * reformat output * reformat output * Update Packs/ApiModules/ReleaseNotes/2_2_44.md Co-authored-by: Shachar Kidor <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/CortexCoreIR.yml Co-authored-by: Shachar Kidor <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/CortexCoreIR.py Co-authored-by: Shachar Kidor <[email protected]> * Update Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py Co-authored-by: Shachar Kidor <[email protected]> * change output and readable * add tests * Bump pack from version CortexXDR to 6.2.19. * Bump pack from version Core to 3.2.34. * Update Packs/Core/Integrations/CortexCoreIR/README.md Co-authored-by: Shachar Kidor <[email protected]> * Update Packs/Core/ReleaseNotes/3_2_34.md Co-authored-by: Shachar Kidor <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/CortexCoreIR.yml Co-authored-by: Shachar Kidor <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/CortexCoreIR.yml Co-authored-by: Shachar Kidor <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/CortexCoreIR.py Co-authored-by: Shachar Kidor <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/CortexCoreIR.py Co-authored-by: Shachar Kidor <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/CortexCoreIR.py Co-authored-by: Shachar Kidor <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/CortexCoreIR.py Co-authored-by: Shachar Kidor <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/CortexCoreIR.py Co-authored-by: Shachar Kidor <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/CortexCoreIR.py Co-authored-by: Shachar Kidor <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/CortexCoreIR.py Co-authored-by: Shachar Kidor <[email protected]> * Update Packs/Core/Integrations/CortexCoreIR/CortexCoreIR.py Co-authored-by: Shachar Kidor <[email protected]> * fixes for PR * fixes for PR * fixes for PR * Update Packs/ApiModules/ReleaseNotes/2_2_44.md Co-authored-by: Tal Carmeli <[email protected]> * Update Packs/ApiModules/ReleaseNotes/2_2_44.md Co-authored-by: Tal Carmeli <[email protected]> * Update Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py Co-authored-by: Tal Carmeli <[email protected]> * fix release notes * pre commit fixes * pre commit fixes --------- Co-authored-by: ShirleyDenkberg <[email protected]> Co-authored-by: Content Bot <[email protected]> Co-authored-by: Shachar Kidor <[email protected]> Co-authored-by: Tal Carmeli <[email protected]>
Co-authored-by: Content Bot <[email protected]>
…emisto#39798) * split the rawjson data handling to fetch-events and fetch-incidents * add release-notes * fix data to json format * fix string type * update rn * Update Packs/CrowdStrikeFalcon/ReleaseNotes/2_1_20.md Co-authored-by: ShirleyDenkberg <[email protected]> --------- Co-authored-by: ShirleyDenkberg <[email protected]>
* integration updates * rn * added the port update to the rn * rn * docker image update * docker image update
…f params, update WizDefend resolution types
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.