Tags from content

22.2.0

2022-02-09T06:16:18Z

22.1.0

2022-01-23T13:01:38Z

21.12.1

2021-12-20T06:47:51Z

21.12.0

2021-12-07T09:58:34Z

21.11.1

2021-11-22T11:10:08Z

21.11.0

2021-11-08T06:59:57Z

21.10.1

2021-10-24T12:52:44Z

Fixed an issue where `is existing key` and `isn't existing key` dont'… (

demisto#15339) (demisto#15437)

* Fixed an issue where `is existing key` and `isn't existing key` dont' work.

* Modified pack_metadata.json

* Delete README.md.orig

Co-authored-by: iyeshaya <[email protected]>

Co-authored-by: Masahiko Inoue <[email protected]>
Co-authored-by: iyeshaya <[email protected]>

21.10.0: crowdstrike falcon generate status fix (#15153)

2021-10-10T11:57:44Z

crowdstrike falcon generate status fix (demisto#15153)

Fixed an issue where the predefined values of **status** argument in command **cs-falcon-search-device** were incorrect.

21.9.1: [flashpoint-163] Flashpoint integration enhancement (#15029)

2021-09-26T14:07:59Z

[flashpoint-163] Flashpoint integration enhancement (demisto#15029)

* [flashpoint-163] Flashpoint integration enhancement (#14790)

* Updated deprecation description.

* [Marketplace Contribution] SplunkCIMFields (#14484)

* "pack contribution initial commit" (#14439)

* change the scrpt according to the contributor

Co-authored-by: xsoar-bot <[email protected]>
Co-authored-by: cshayner <[email protected]>

* setGridField: Allow column names to have underscores (#14469)

Grid column names can have underscores in them.

Co-authored-by: Dean Arbel <[email protected]>

* Add more dates, tags, and TLP to feed integration (#14483)

* Add more dates, tags, and TLP to feed integration (#14380)

* Add more dates, tags and TLP to feed integration

* Add release notes

* fixed rn

Co-authored-by: EvgeniyMeteliza <[email protected]>
Co-authored-by: abaumgarten <[email protected]>

* Fixed Custom Indicator context value key (#14422)

* Fixed context value key

* Fixed customIndicator test

* Merge branch 'master' into custom-indicator-value

# Conflicts:
# Packs/Base/ReleaseNotes/1_13_22.md

* Update 1_13_23.md

Done.

Co-authored-by: ShirleyDenkberg <[email protected]>

* added ignore BA113,BA112 (#14465)

* GetFailedTasks - improve err msg of failure to retrieve tasks (#14442)

* improve err msg of failure to retrieve tasks

* rm new line

* Update Packs/IntegrationsAndIncidentsHealthCheck/Scripts/GetFailedTasks/README.md

Co-authored-by: Bar Katzir <[email protected]>

* Fix generic APIModule feeds (#14490)

* setGridField: undo column name truncation (#14492)

allow column name truncation

Co-authored-by: Dean Arbel <[email protected]>

* fixed bug in pop ranks (#14493)

* fixed bug in pop ranks

* Migrate bucket upload workflow to GitLab (#14130)

* Remove upload dev rules and env variable dev value assignment

* Show that it works with fixed demisto-sdk

* Revert "Show that it works with fixed demisto-sdk"

This reverts commit 0a813cdbe92fcd4c2840fb92d091661853e8339c.

* Enable bucket-upload trigger script to work against production bucket

Co-authored-by: ikeren <[email protected]>

* Added Iron Bank approved tag (#14489)

* Crowdstrike datetime bug (#14382)

* added test

* added test that fails

* fix for test

* added release notes

* Update Packs/FeedCrowdstrikeFalconIntel/ReleaseNotes/2_0_4.md

Co-authored-by: roysagi <[email protected]>

* Qss new pr (#14502)

* update README.md

* Rasterize improvements (#14124) (#14482)

* Added support for different filename

* Update the release notes

* fix mypy error

* Changed the naming from "filename" to "file_name"

* Rename 1_0_10.md to 1_0_11.md

* Update pack_metadata.json

Co-authored-by: Paul <[email protected]>
Co-authored-by: Yaakov Praisler <[email protected]>

Co-authored-by: Paul D <[email protected]>
Co-authored-by: Paul <[email protected]>
Co-authored-by: Yaakov Praisler <[email protected]>

* [Sixgill-195] dve bug (#14503)

* [Sixgill-195] dve bug (#14499)

* fixed tests

* fixed tags

* rn

Co-authored-by: tamarsix <[email protected]>
Co-authored-by: abaumgarten <[email protected]>

* metadata constants (#14466)

* metadata constants

* fix name

* typo fix

* Zip content packs step optimization (#12770)

* Testing download packs from gcs

* Deleting Skip Zip content packs so it can be tested

* Changed file download to gsutil

* Fixed bucket path

* Fixed gsutil flag

* Added dest path prints

* Old download

* Different url

* Changed gcp path

* Created a bash script for gcp command

* Rerun

* Added newline

* Changed path and error message

* Added shell statement to file

* Added prints

* Changed os.walk

* Changed zip path

* Changed gcp path

* added prints

* print entries

* prints subprocess

* Changed set and added exception handler

* removed unnecessary mkdir

* print path of pack

* test

* fixes

* testing old step

* checks and prints

* Added copy to other dir

* Added some comments

* removed script communication

* Added testing, changed parameters to general build

* Added docstring to tests

* Fixed flake8 issues

* Added packs list print - will be removed

* Removed print

* Added dir entries print

* Added check for circle_build

* Added src and dest path prints

* Added src path prints and check_output

* Removed trailing /

* Fixed zip path

* Added storage_base_path, bucket_name args. Removed prints, added logging. Added try except clause.

* Added missing arguments

* Moved to upload flow only

* Removed skip for non master branches - testing

* Moved sys.exit(1) to end of script, refactored search in blobs.

* Updated comment

* Fixed tests

* Added looseversion

* Added master check back

* Removed unnecessary bash script.

* Fixed PR comments

* Changed copy to artifacts to use the script's arguement

* Added gitlab support

* Testing gitlab's upload

* Added check back

* Fixed readme error

* Added back the upload check

* Fixed some todos

* Added todos

* Moved download to job

* Fixed tests

* Todo

* removing conditions for testing

* Added needed conditions

* Removed todo and added env var

* Changed packs src

* Removed conditions

* Updated sbp when bucket is dist-dev

* Changed to default storage_base_path

* Removed unnecessary conditions

* updated path

* Sharing variable between steps

* Added step to bucket-upload.yml

* Fixed flake8 issues

* commented out failing tests - for testing gitlab flow

* Fixed problem in unittest

* Changed bucket condition name

* Fixed yml file

* Removed unnecessary packs dir

* Added echo

* Added default storage_base_path value

* Fixed yml structure

* Fixing yml structure

* test

* Revert "test"

This reverts commit a340bfce

* Removed run validations

* Changed upload-to-marketplace rules

* Added gcloud login

* Added rule back, removed private zip folder creation

* Removed run validations

* Added requirement back

* Added run validations back

* StixParser - skip SSDEEP (#14501)

* add ssdeep to stix1 test file

* trigger ut

* skip ssdeep values

* Update Packs/Base/ReleaseNotes/1_13_24.md

Co-authored-by: Shahaf Ben Yakir <[email protected]>

* Ansible Integration Quality Improvements (#14375)

* Ansible Integration Quality Improvements (#12795)

* Ansible API Module

* Refactored Ansible Integrations using API Module

* HCloud Documentation

* Default values of [] and {} are invalid in Ansible

* Linux README. Work in progress.

* spelling

* Alibaba Cloud Readme

* typo

* commands for doco

* better acme banner

* better description

* ACME README WIP

* commands from debian server

* Windows ReadMe WIP

* docker tag bump

* docker version bump and displayname spacing

* remove commands with error outputs

* Release notes / Metadata

* validation issue resolution

* linting and formating corrections

* trimmed package listing

* MS Readme WIP

* aligning names in note to integrations

* MS Readme WIP

* get_md5 argument no longer exists on module

* More README WIP

* remove pester example, looks like it failed tests

* mypy and flake8 lint fixes

* docker image bump

* ignoring pylint errpr for specialised import

* typo

* pylint and pep8 errors use different ignore syntax

* dict2md revisions and unit tests

* rec_ansible_key_strip unit test

* Correct docker image for Ansible

* linting

* clean up loose demisto calls and add type hinting

* Inventory unit tests

* incorrect indentation

* remove unused value

* tidy up demisto calls

* generic_ansible unit test

* remove global var host_type

* linting

* mypy fixes, output_key field, and context camelCase

* regenerated integrations
* id/name prefixed with ansible
* removed whitespace on descriptions
* camelcase context
* corrected predefined args for bools
* outputs_key_field for targetbased integrations

* context path updated

* better error messages

* test-command functionality

* fix templating error

* correct logic for test-module

* version bump and linting

* linting

* docstring for generic_ansible

* Deprecating old pack
Adding new packs

* Alibaba Cloud Polish

* Documenetation for Alibaba Cloud

* Documentation for Azure Compute

* remove problematic module

* Documentation for Hetzner Cloud

* Partial documentation for Windows

* hcloud test playbook

* kubernetes documentation

* remove empty command example headings

* better explaination around ansible usage

* Linux doco

* Ansible naming

Co-authored-by: roysagi <[email protected]>

* Ansible naming

Co-authored-by: roysagi <[email protected]>

* Ansible naming

Co-authored-by: roysagi <[email protected]>

* Ansible naming

Co-authored-by: roysagi <[email protected]>

* Ansible naming

Co-authored-by: roysagi <[email protected]>

* Ansible naming

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* remove todo

* Ansible branding + description clean up

* Ansible DNS Doco

* Formating

* Linux doco

* formating

* moved dns back to linux pack

* Cisco NXOS

* typo

* IOS requires a seperate become/enable password

* Cisco IOS documentation

* Azure Networking Doco

* VMware Doco

* deprecated notice

* deprecated notices

* ACME deprecated notice

* min version

* removed erronious output

* merge azure packages

* corrected context case

* Case corrections in Context

* Added privilege escalation options for Linux

* Documentation about complex command inputs

* Update Packs/AnsibleAlibabaCloud/Integrations/AnsibleAlibabaCloud/AnsibleAlibabaCloud.py

Co-authored-by: roysagi <[email protected]>

* Update Packs/AnsibleLinux/Integrations/AnsibleACME/AnsibleACME.yml

Co-authored-by: roysagi <[email protected]>

* editing azure readme

* editing ciscos readmes

* Update Packs/AnsibleHetznerCloud/Integrations/AnsibleHCloud/README.md

* editing hcloud readme

* Update Packs/AnsibleKubernetes/Integrations/AnsibleKubernetes/README.md

* editing kubernetes readme

* editing linux readme

* editing windows readme

* editing vmware readme

* changing command examples

* fixing secrets

* fixing secrets and validations

* fixing secrets

* fixing rm108

* use title case for context

* fixing validations

* host argument collision fix

* whitespace

* revised doco for collided arg

* title case without underscores

* fix title case in documentation

* Title case in context path

* titlecase context paths

* correct display

* priv escalation details

* Capital letter in description

Co-authored-by: roysagi <[email protected]>
Co-authored-by: rsagi <[email protected]>

* reverting wrong changes

* fixing same playbook name

* skipping all integrations via conf.json

* fixing dependencies

* updating playbook-Windows_Application_Deployment_v2.yml

* fixing names

* updating playbook-Wait_Until_Windows_Host_Online_v2.yml

* adding creds support

* Merge branch 'master' into contrib/SergeBakharev_ansible_documentation&ApiModule

# Conflicts:
# Tests/conf.json

* disabling guardrails false positive

* adding creds support for hcould

Co-authored-by: SergeBakharev <[email protected]>
Co-authored-by: roysagi <[email protected]>
Co-authored-by: rsagi <[email protected]>

* [Marketplace Contribution] SendGrid - Content Pack Update (#14350) (#14507)

* "contribution update to pack "SendGrid""

* pack resubmitted

* fix cr

* Update RN

Co-authored-by: bachen <[email protected]>

Co-authored-by: xsoar-bot <[email protected]>
Co-authored-by: bachen <[email protected]>

* Incidents test playbook (#13848)

* adding scripts

* changes

* adding test

* adding using instance

* fixed test

* changed health ckeck script

* new playbook

* changing the playbook

* new playbook

* changed playbook and added new scripts from indicators pr

* fixed typo

* added one more fetch incidents integraion

* changes from demo

* fixes from cr

* Apply suggestions from code review

Co-authored-by: Dan Tavori <[email protected]>

* added release notes

* adding test to test-conf

* added readme

* Update VerifyEnoughIncidents.yml

* Update 1_2_2.md

* Update VerifyEnoughIncidents.yml

* changed test conf

* changed VerifyContextFieldsList to VerifyObjectFieldsList

* save little changes

* Update README.md

Co-authored-by: Dan Tavori <[email protected]>
Co-authored-by: Richard Bluestone <[email protected]>

* Deprecated microsoft policy and compliance playbooks (#14378)

* Deprecated Azure and office365 playbooks, moving them to other pack.

* Updated release notes

* Wildfire polling enhancement (#13857)

* polling command

* report context

* UT

* Common Objects

* deprecated: true

* upload assertment

* TPB

* rn

* UT

* lint

* validtae

* Delete lolo.xml

* Update Palo_Alto_Networks_WildFire_v2.yml

Done.

* Update 1_4_0.md

Done.

* RN

* yml fix

* Update Packs/Palo_Alto_Networks_WildFire/Integrations/Palo_Alto_Networks_WildFire_v2/Palo_Alto_Networks_WildFire_v2.py

Co-authored-by: Shai Yaakovi <[email protected]>

* RN

* server logs

* TPB

* added toversion to playbook

* fix sha256

* Merge branch 'master' into upload_list_content_item

# Conflicts:
# Tests/Marketplace/marketplace_constants.py
# Tests/Marketplace/marketplace_services.py

* fstring fix

Co-authored-by: ShirleyDenkberg <[email protected]>
Co-authored-by: Shai Yaakovi <[email protected]>
Co-authored-by: yaakovi <[email protected]>

* [Marketplace Contribution] ConvertTimezoneFromUTC (#14512)

* "pack contribution initial commit" (#14384)

* fixed validate & lint

* Update Packs/ConvertTimezoneFromUTC/Scripts/ConvertTimezoneFromUTC/ConvertTimezoneFromUTC.py

Co-authored-by: xsoar-bot <[email protected]>
Co-authored-by: cshayner <[email protected]>
Co-authored-by: ChanochShayner <[email protected]>

* fix typo (#14516)

* QRadar enhance ip commands (#14500)

* added support for ip arguments

* added args to readme

* Added rn

* small fixes to filter query

* reverted commenting

* Update Packs/QRadar/ReleaseNotes/2_0_22.md

Co-authored-by: roysagi <[email protected]>

* Update Docker Image To demisto/python3 (#14481)

* Updated Metadata Of Pack KasperskySecurityCenter

* Added release notes to pack KasperskySecurityCenter

* Packs/KasperskySecurityCenter/Integrations/KasperskySecurityCenter/KasperskySecurityCenter.yml Docker image update

* Updated Metadata Of Pack Shodan

* Added release notes to pack Shodan

* Packs/Shodan/Integrations/Shodan_v2/Shodan_v2.yml Docker image update

* Adding TPB of Kaspersky Security Center

* Updated Metadata Of Pack KasperskySecurityCenter

* Fixed build

* Added dbotscore to ip command + added readme file that was missing

* added dbotscore outputs to readme

* deleted use-case empty section

* removed unnecessary ignore

* Fixed cr comments

* added response_type to login

Co-authored-by: sberman <[email protected]>

* Upload list content item (#14464)

* removed the gke tag from run-validations job

* adding list item

* widget fix

* testing

* typo fix

* revert testing changes

* Update Docker Image To demisto/python3 (#14522)

* Updated Metadata Of Pack ExpanseV2

* Added release notes to pack ExpanseV2

* Packs/ExpanseV2/Integrations/FeedExpanse/FeedExpanse.yml Docker image update

* Content mgmt bug fixes (#14459)

* bug fixes

* rn

* metadata

* Update pack_metadata.json

* Update Packs/ContentManagement/ReleaseNotes/1_0_3.md

Co-authored-by: roysagi <[email protected]>

* Typo fix constnats upload (#14525)

* fix typo

* Update Docker Image To demisto/chromium (#14523)

* Updated Metadata Of Pack ExpanseV2

* Added release notes to pack ExpanseV2

* Packs/ExpanseV2/Scripts/ExpanseGenerateIssueMapWidgetScript/ExpanseGenerateIssueMapWidgetScript.yml Docker image update

* Fixed conflicts

Co-authored-by: sberman <[email protected]>
Co-authored-by: Shelly Berman <[email protected]>

* ParseEmailFiles - added code for multiple mime encoding (#14076)

* added code for multiple encoding

* added code for multiple encoding - rn tests

* docker

* rn

* add replace logic

* meta data

* fix test

* lint

* fix

* rn

* added default and force arguments, added a verification null bytes not on encoded string

* rn

* change debug

* add debug

* update

* Update Docker Image To demisto/python3 (#14532)

* Updated Metadata Of Pack Armis

* Added release notes to pack Armis

* Packs/Armis/Integrations/Armis/Armis.yml Docker image update

* Updated Metadata Of Pack AttackIQFireDrill

* Added release notes to pack AttackIQFireDrill

* Packs/AttackIQFireDrill/Integrations/AttackIQFireDrill/AttackIQFireDrill.yml Docker image update

* Updated Metadata Of Pack BPA

* Added release notes to pack BPA

* Packs/BPA/Integrations/BPA/BPA.yml Docker image update

* Updated Metadata Of Pack Barracuda

* Added release notes to pack Barracuda

* Packs/Barracuda/Integrations/BarracudaReputationBlockListBRBL/BarracudaReputationBlockListBRBL.yml Docker image update

* Updated Metadata Of Pack BastilleNetworks

* Added release notes to pack BastilleNetworks

* Packs/BastilleNetworks/Integrations/BastilleNetworks/BastilleNetworks.yml Docker image update

* Updated Metadata Of Pack BitDam

* Added release notes to pack BitDam

* Packs/BitDam/Integrations/BitDam/BitDam.yml Docker image update

* Updated Metadata Of Pack BitSight

* Added release notes to pack BitSight

* Packs/BitSight/Integrations/BitSightForSecurityPerformanceManagement/BitSightForSecurityPerformanceManagement.yml Docker image update

* Updated Metadata Of Pack BluelivThreatCompass

* Added release notes to pack BluelivThreatCompass

* Packs/BluelivThreatCompass/Integrations/BluelivThreatCompass/BluelivThreatCompass.yml Docker image update

* Updated Metadata Of Pack BluelivThreatContext

* Added release notes to pack BluelivThreatContext

* Packs/BluelivThreatContext/Integrations/BluelivThreatContext/BluelivThreatContext.yml Docker image update

* Updated Metadata Of Pack Bonusly

* Added release notes to pack Bonusly

* Packs/Bonusly/Integrations/Bonusly/Bonusly.yml Docker image update

* Updated the Microsoft Graph API README (#14368)

* Updated the Microsoft Graph API README

Added the authorization process commands - msgraph-api-auth-start, msgraph-api-auth-complete, msgraph-api-test

* Update Packs/MicrosoftGraphAPI/Integrations/MicrosoftGraphAPI/README.md

Co-authored-by: Itay Keren <[email protected]>

Co-authored-by: Itay Keren <[email protected]>
Co-authored-by: ikeren <[email protected]>

* Whois integration connectivity issue (#14519)

* test to recreate the bug

* bug fixed

* validate fix

* RN

* Update Packs/Whois/ReleaseNotes/1_2_4.md

Co-authored-by: Itay Keren <[email protected]>

* fixed proxy params in test.

Added more info to the proxy section in additional info

* Update Packs/Whois/Integrations/Whois/Whois.yml

Co-authored-by: Itay Keren <[email protected]>

* skip tests

* Revert "skip tests (#14455)"

This reverts commit 61bfafb9

* Indian domain test

* Indian domain fix

* rn

* Update Packs/Whois/ReleaseNotes/1_2_5.md

Co-authored-by: Itay Keren <[email protected]>

* checking for in tld in playbook-Whois-Test.yml

Co-authored-by: Itay Keren <[email protected]>

* Added several commands to Darktrace integration (#13905) (#14537)

* Added several commands to darktrace

* Update Darktrace.yml

* lint fixes

* Update Darktrace.py

* lint fixes

* Added readme, and changed some details on the outp

* Added example commands

* Added additional details in readme-file

* lint fix

* Updated command argument desc.

* upgrade the docker image

* upgrade docker image

* bump version

* Added release notes

* added outputs

* Added tests for alle commends with output

* Added a single iteration to skip the first result

* removed all instances of add-comment

* Added outputs_key_field

* Added secrets to ignore

* Update Packs/Darktrace/Integrations/Darktrace/README.md

Co-authored-by: Yaakov Praisler <[email protected]>

* Update Packs/Darktrace/Integrations/Darktrace/README.md

Co-authored-by: Yaakov Praisler <[email protected]>

* fix test

* lint fix

* Updated docs

* lint fix

Co-authored-by: Yaakov Praisler <[email protected]>

Co-authored-by: Solli <[email protected]>
Co-authored-by: Yaakov Praisler <[email protected]>

* Update README.md (#14540)

* Update README.md (#14538)

* update README.md

Co-authored-by: Dorin-PM <[email protected]>
Co-authored-by: abaumgarten <[email protected]>

* Add Edit and Pin commands to SlackV3 (#14372)

* Add Edit and Pin commands to SlackV3

* Alexa v2 (#14072)

Added alexa v2 intgeration

* Unit42 sub-techniques (#14524)

* add parent to the sub thecnique name

* remove unrelated files

* RN

* version

* Add UTs

* Fix UT

* Phishing - fixing dt + updating EWS/Gmail mappers (#14498)

* Strip labels and fix mail body dt script.

* Adding fields to EWS mapper

* Fix dt on main playbook v5

* Changing Playbook inputs on "Process Email - Generic" from labels to fields

* Adding fields to Gmail mapper

* fixing EWS mapper name

* Phishing release notes

* Gmail release notes

* EWS release notes

* fixing EWS mapper id

* fix playbook id

* fix dt

* revert field to label in V6 playbook

* revert playbook inputs fields to labels in process email generic playbook

* release notes

* minor fix

* Update 2_4_1.md

Co-authored-by: Richard Bluestone <[email protected]>

* Added new transformer script - StringToArray (#14536)

* Added new transformer script

* Added rn + bumped version and fixed linting

* Fixed import

* Fixed cr's and added tpb

* Added test to yml

* changed uuid to transformer name in tpb

* upload_code_coverage_report.py, initial add (#14302)

* upload_code_coverage_report.py, initial add

* Formatted file

* upload code coverage report in nightly

* Update .gitlab/ci/global.yml

Co-authored-by: eli sharf <[email protected]>

* fix syntax

* fix script

* fixup! fix script

* upload_code_coverage_report.py, initial add

* Formatted file

* upload code coverage report in nightly

* Update .gitlab/ci/global.yml

Co-authored-by: eli sharf <[email protected]>

* fix syntax

* fix script

* fixup! fix script

* fixup! fixup! fix script

* fix

* final fix

* improve

* fixup! improve

* Undelete line

* Rearrange erinstated lines

* Unit test

* Test files

* Format file

* Pythonify

* Format

* Update Utils/upload_code_coverage_report.py

Co-authored-by: Shai Yaakovi <[email protected]>

* Use Tuple instead of Dict

* Format file

Co-authored-by: eli sharf <[email protected]>
Co-authored-by: esharf <[email protected]>
Co-authored-by: Shai Yaakovi <[email protected]>

* [Marketplace Contribution] Palo Alto Networks Cortex XDR - Investigation and Response - Content Pack Update (#14550)

* "contribution update to pack "Palo Alto Networks Cortex XDR - Investigation and Response"" (#14505)

* fixed

Co-authored-by: xsoar-bot <[email protected]>
Co-authored-by: abaumgarten <[email protected]>

* AlienVault USM - handle alarms with timestamp_occured (#14542)

* add test for alarm with timestamp_occured

* use timestamp_occured as incident occurred time

* Update Packs/AlienVault_USM_Anywhere/Integrations/AlienVault_USM_Anywhere/AlienVault_USM_Anywhere.py

Co-authored-by: Bar Katzir <[email protected]>

* Update Packs/AlienVault_USM_Anywhere/Integrations/AlienVault_USM_Anywhere/AlienVault_USM_Anywhere.py

Co-authored-by: Bar Katzir <[email protected]>

* Microsoft Graph Mail incoming mapper (#14468)

* new mapper + release notes

* Adding more fields

* removed the use-cases from all ansible packs (#14555)

* change channels:write to channels:manage scope SlackV3 (#14556)

* Cisco Umbrella Investigate - handle empty emails list returned in the domain command (#14541)

* add google.com to domain cmd test

* add support for multiple domains

* pass emails list instead of dict to tbtomd

* adjust test playbook

* build output per domain

* ignore type hint

* set isArray to true and add note about multiple domains to rn

* CommonServerPython - check if session exist before trying to close it (#14526)

* Cortex XDR - handle already blacklisted files (#14552)

* test blacklist-files

* handle err returned in case file already blacklistedd

* verify res is dict

* revert 3_0_25.md

* CrowdStrike API Integration (#12335)

* crowdstrike api integration initial commit

* call handle_proxy

* Update CrowdStrikeAPI.yml

Done.

* Update CrowdStrikeAPI.yml

Done.

* Update CrowdStrikeAPI_description.md

Done.

* Update README.md

Done.

* Update README.md

Done.

* bump docker image tag

* gco

* add test data

* fix test data filename

* bump docker image tag

* autopep8

* ignore E501

* rm config json

* add readme

* improve docs

Co-authored-by: ShirleyDenkberg <[email protected]>

* Zscaler - handle returned URLs protocols (#14529)

* replace res urls from given ones

* add rn

* improve condition for matching url

* Symantec DLP - fix handling of fetch limit (#14561)

* test fetch incidents with limit less than num of dlp incidents returned

* fix fetch limit handling

* fix W293

* PP rule support (#14470)

* pp rule support

* testing

* fix name

* testing

* typo fix

* revert testing changes

* fix typo

* scheme verification

* Merge branch 'master' into upload_preprocessing_rule_content_item

# Conflicts:
# Tests/Marketplace/marketplace_constants.py
# Tests/Marketplace/marketplace_services.py

* Merge branch 'master' into upload_preprocessing_rule_content_item

# Conflicts:
# Tests/Marketplace/marketplace_constants.py
# Tests/Marketplace/marketplace_services.py

* added login to gcp, fixed a default argument (#14331)

* replaced the contrib checkout to use github api (#13676)

* replaced the contrib checkout to use GitHub REST API
* update UT

Co-authored-by: esharf <[email protected]>

* Thycotic dsv (#14475)

* Thycotic dsv (#11589)

* Init revision

* Add integration Thycotic Secret Server

* Delete comment block

* Add TestPlaybook

* Modify Tests/conf.json
Delete error files

* Delete file

* Add Test Playbook

* Update Packs/Thycotic/TestPlaybooks/Thycotic-Test.yml

Co-authored-by: Bar Katzir <[email protected]>

* Update Tests/conf.json

Co-authored-by: Bar Katzir <[email protected]>

* Update Packs/Thycotic/pack_metadata.json

Co-authored-by: Bar Katzir <[email protected]>

* Update Packs/Thycotic/pack_metadata.json

Co-authored-by: Bar Katzir <[email protected]>

* Change support contacts

* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.py

Co-authored-by: Bar Katzir <[email protected]>

* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.py

Co-authored-by: Bar Katzir <[email protected]>

* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.py

Co-authored-by: Bar Katzir <[email protected]>

* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.yml

Co-authored-by: Bar Katzir <[email protected]>

* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.yml

Co-authored-by: Bar Katzir <[email protected]>

* Change description for output parameters

* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.yml

Co-authored-by: Bar Katzir <[email protected]>

* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.yml

Co-authored-by: Bar Katzir <[email protected]>

* Fix

* Change exception message for command test_command

* Change description, add version Secret Server

* Add param proxy

* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.py

Co-authored-by: Bar Katzir <[email protected]>

* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.py

Co-authored-by: Bar Katzir <[email protected]>

* Generate documentation for integration

* Change version for Secret Server in documentation

* Add param verify to class Client

* Add files via upload

* Updated Thycotic Integration

* Delete conf.json

* Regenerate Thycotc-Test

* Update Thycotic_test.py

* Update Thycotic.yml

* Update pack_metadata.json

Change tags

* Update README.md

* Update conf.json

* Update pack_metadata.json

* Update Thycotic.yml

Change description

* Update Thycotic.py

Change test_module

* Update Thycotic.py

Fix syntax error

* Update Thycotic_test.py

Fix UT

* Modify test command fetch-credential

* running format

* Add files via upload

Change description

* Update Thycotic_description.md

* Add files via upload

Updated description for output paramets

* Init release for Thycotic DevOps Storage Vault

* Change description

* Fixed errors in descriptions.

* Fixed

* Add files via upload

* Fixed

* Add files via upload

* Fix description

* Add files via upload

* Fixed

* Add files via upload

* Delete ThycoticDSV.yml

* Add files via upload

* Delete ThycoticDSV.py

* Delete ThycoticDSV.yml

* Delete Packs/Thycotic directory

* Update pack_metadata.json

* Update descriptions

* Fix

* Markdown output

Co-authored-by: Bar Katzir <[email protected]>
Co-authored-by: Guy Keller <[email protected]>
Co-authored-by: guykeller <g12k34ppp>

* fixing docs

* added author image

Co-authored-by: Andrey Nikolaev <[email protected]>
Co-authored-by: Bar Katzir <[email protected]>
Co-authored-by: Guy Keller <[email protected]>
Co-authored-by: guykeller <g12k34ppp>

* Splunk Fixes (#14568)

* fixed an issue in the outgoing mapper, fixed an issue in update-remote-system command

* improved documentation

* version bump

* cr fixes

* Fix Get endpoint details - Generic playbook (#14569)

* fix_playbook

* fix task

* Fix RN

* upload new image

* update image link

* Update 2_0_3.md

Done.

Co-authored-by: ShirleyDenkberg <[email protected]>

* LogsignSiem Pack PR (#14565)

* LogsignSiem Pack PR (#13875)

* created logsignsiem pack

* added logsignsiem classifiers mapper files and deleted dockerfile

* fixed [PA126] validation warning

* fixed some description in yaml file

* deleted override http_request method and updated unittests

* fixed last_fetch parameter and updated tests

* removed unused variable

* fixed logsignsiem api description

* added query parameter and help section and fixed get-columns-query on api

* fixed unittest func name

* fixed Flake8 error

* Update Packs/LogsignSiem/README.md

* deleted logsign-get-incident method, added default param to query

* rm integration setup from detailed desc

* set default classifier and mapper

Co-authored-by: Itay Keren <[email protected]>

* add author_image

Co-authored-by: Kerem <[email protected]>
Co-authored-by: Itay Keren <[email protected]>
Co-authored-by: ikeren <[email protected]>

* Update Docker Image To demisto/python3 (#14558)

* Updated Metadata Of Pack C2sec

* Added release notes to pack C2sec

* Packs/C2sec/Integrations/C2sec/C2sec.yml Docker image update

* Updated Metadata Of Pack CTIX

* Added release notes to pack CTIX

* Packs/CTIX/Integrations/CTIX/CTIX.yml Docker image update

* Updated Metadata Of Pack CVESearch

* Added release notes to pack CVESearch

* Packs/CVESearch/Integrations/CVESearchV2/CVESearchV2.yml Docker image update

* Updated Metadata Of Pack CarbonBlackProtect

* Added release notes to pack CarbonBlackProtect

* Packs/CarbonBlackProtect/Integrations/CarbonBlackProtect/CarbonBlackProtect.yml Docker image update

* Updated Metadata Of Pack CentrifyVault

* Added release notes to pack CentrifyVault

* Packs/CentrifyVault/Integrations/CentrifyVault/CentrifyVault.yml Docker image update

* Updated Metadata Of Pack Cherwell

* Added release notes to pack Cherwell

* Packs/Cherwell/Integrations/Cherwell/Cherwell.yml Docker image update

* Updated Metadata Of Pack CiscoESAIronPortEmailAPI

* Added release notes to pack CiscoESAIronPortEmailAPI

* Packs/CiscoESAIronPortEmailAPI/Integrations/CiscoIronPortEMailAPI/CiscoIronPortEMailAPI.yml Docker image update

* Updated Metadata Of Pack CiscoEmailSecurity

* Added release notes to pack CiscoEmailSecurity

* Packs/CiscoEmailSecurity/Integrations/CiscoEmailSecurity/CiscoEmailSecurity.yml Docker image update

* Updated Metadata Of Pack Claroty

* Added release notes to pack Claroty

* Packs/Claroty/Integrations/Claroty/Claroty.yml Docker image update

* Updated Metadata Of Pack CloudConvert

* Added release notes to pack CloudConvert

* Packs/CloudConvert/Integrations/CloudConvert/CloudConvert.yml Docker image update

* Added dbotscore outputs to yml and readme

Co-authored-by: sberman <[email protected]>

* IAM Group Sync - Slack & Okta (#13550)

* changes

* fixes and changes

* RN

* remove test functions

* lint

* fix

* command result

* fix

* changes

* Merge branch 'master' into slack-iam

# Conflicts:
# Packs/Okta/ReleaseNotes/2_2_2.md
# Packs/Slack/ReleaseNotes/2_1_2.md

* in progress

* some minor changes

* RN conflicts fix

Co-authored-by: Dan Tavori <[email protected]>
Co-authored-by: Dan Tavori <[email protected]>

* fixing dups and typos (#14578)

* fix upload-flow bug in collect_content_items (#14579)

* qradar: fix aql link (#13902)

Co-authored-by: glicht <[email protected]>

* ran update conf script to generate full conf. Deleted from build call to script (#14583)

* Prisma Cloud playbooks bug fix (#14511)

* Prisma Cloud playbooks bug fix

* updated release notes

* Edited playbooks structure and added new photos

* Updated image names

* Added new links to images

* Nightly test failure skippings (#14557)

* Skipped the following tests: "iDefense_v2_Test", "EWS Mail Sender Test", "McAfee ESM v2 - Test v10.3.0", "AzureADTest", "AWS - IAM Test Playbook", "Feed iDefense Test", "FireEyeNX-Test", "McAfee ESM v2 - Test v10.2.0", "McAfee ESM Watchlists - Test v10.3.0", "McAfee ESM Watchlists - Test v10.2.0", "Microsoft Teams Management - Test"

* reverted integration changes

* reverted

* Skipped the following tests: "Zscaler Test", "palo_alto_panorama_test_pb"

* Update from master

* Skipped the following tests: "LogRhythm REST test", "Cisco Umbrella Test"

* Skipped the following tests: "Cisco Umbrella Test", "LogRhythm REST test"

* Skipped the following tests: "Detonate URL - WildFire v2.1 - Test", "LogRhythm REST test"

* merge from master

Co-authored-by: ShahafBenYakir <[email protected]>

* ParseEmailFiles - roll back to multiple encoding part (#14585)

* roll back

* rn

* du

* test

* Update Packs/CommonScripts/Scripts/ParseEmailFiles/ParseEmailFiles_test.py

Co-authored-by: yuvalbenshalom <[email protected]>

* Update Threat Intel objects and their score (#14587)

* Test DONT Merge

* test

* Add to Threat Intel

* Update Threat Intel Objs and Score

* remove unrelated files

* docker update

* CrowdStrike falcon enhancement (#14476)

Added new commands for CrowdStrike falcon integration:
- ***cs-falcon-create-host-group***
- ***cs-falcon-update-host-group***
- ***cs-falcon-list-host-group-members***
- ***cs-falcon-add-host-group-members***
- ***cs-falcon-remove-host-group-members***
- ***cs-falcon-list-host-groups***
- ***cs-falcon-delete-host-groups***

* Active Directory Query v2 - fixed an issue where group name includes parentheses (#14451)

* unskip LogRhythm REST test (#14596)

* ArcSight ESM - add the eventFieldsToStringify arg to get-case cmd (#14553)

* add the eventFieldsToStringify arg to get-case cmd

* fix W293

* rm fieldstostringify and cast to str every large int

* fix notes and docs

* bump docker image

* fix docker image

* [Bug] Maltiverse returns error when file command has no proccess_list (#14517)

* adding test that fails

* replace [] with get

* added rn

* Update Packs/Maltiverse/ReleaseNotes/1_0_7.md

Co-authored-by: Andrew Shamah <[email protected]>

* fixed typo in rn

* added given when then to test

Co-authored-by: Andrew Shamah <[email protected]>

* Add markdown images support in sanePdfReport (#14508)

* Add markdown images support in sanePdfReport

* Verify server object before closing the server

* Start markdown server only if demisto version is ge 6.5

* Add markdown server unit test

* update sane-pdf-reports image version in RN

* Update 1_13_28.md

Co-authored-by: yaron-libman <[email protected]>

* Update Docker Image To demisto/carbon-black-cloud (#14605)

* Updated Metadata Of Pack CarbonBlackDefense

* Added release notes to pack CarbonBlackDefense

* Packs/CarbonBlackDefense/Integrations/CarbonBlackLiveResponseCloud/CarbonBlackLiveResponseCloud.yml Docker image update

* Update Docker Image To demisto/boto3py3 (#14609)

* Updated Metadata Of Pack SecurityIntelligenceServicesFeed

* Added release notes to pack SecurityIntelligenceServicesFeed

* Packs/SecurityIntelligenceServicesFeed/Integrations/SecurityIntelligenceServicesFeed/SecurityIntelligenceServicesFeed.yml Docker image update

* Update Docker Image To demisto/cyjax (#14607)

* Updated Metadata Of Pack FeedCyjax

* Added release notes to pack FeedCyjax

* Packs/FeedCyjax/Integrations/FeedCyjax/FeedCyjax.yml Docker image update

* Fixed fetch to include max fetch + time range as part of api query (#14599)

* GitHub Releases List Command (#14480)

* added command, yml, unit test

* added test file data

* added task of new command to TPB

* added rn

* add README command entry

* removed dor username from test data

* validation fix

* dan cr notes

* lint fixes

* Added extra check since some eml files where still passing (#14600)

* Added extra check since some eml files where still passing (#14545)

* Added extra check since some eml files where still passing

* - Update metadata
- Add releasenotes

Co-authored-by: Aviya Baumgarten <[email protected]>

* update RN

Co-authored-by: Steven Goossens <[email protected]>
Co-authored-by: Aviya Baumgarten <[email protected]>
Co-authored-by: abaumgarten <[email protected]>

* Update Docker Image To demisto/google-api-py3 (#14608)

* Updated Metadata Of Pack GoogleCloudSCC

* Added release notes to pack GoogleCloudSCC

* Packs/GoogleCloudSCC/Integrations/GoogleCloudSCC/GoogleCloudSCC.yml Docker image update

* Update Docker Image To demisto/crypto (#14604)

* Updated Metadata Of Pack AzureSQLManagement

* Added release notes to pack AzureSQLManagement

* Packs/AzureSQLManagement/Integrations/AzureSQLManagement/AzureSQLManagement.yml Docker image update

* Updated Metadata Of Pack X509Certificate

* Added release notes to pack X509Certificate

* Packs/X509Certificate/Scripts/CertificateExtract/CertificateExtract.yml Docker image update

* Added test to script yml

Co-authored-by: sberman <[email protected]>

* Microsoft Teams bug fixes and improvements (#14548)

* Microsoft Teams bug fixes and improvements (#14543)

* Add support for full width

* Add support for Informational threshold

* Fix bug with auto_notifications

* Update release notes

* Change default for 'auto_notifications' to false

* changed parameter to be disable instead of enable

* Update readme

* possible test fixes

* lint fixes for severity to float

Co-authored-by: tneeman <[email protected]>

* cr fixes

* added microsoft teams TPB to conf json, although skipepd (for validation)

Co-authored-by: Paul D <[email protected]>
Co-authored-by: tneeman <[email protected]>

* Update Docker Image To demisto/python3 (#14602)

* Updated Metadata Of Pack C2sec

* Added release notes to pack C2sec

* Packs/C2sec/Integrations/C2sec/C2sec.yml Docker image update

* Updated Metadata Of Pack CTIX

* Added release notes to pack CTIX

* Packs/CTIX/Integrations/CTIX/CTIX.yml Docker image update

* Updated Metadata Of Pack CVESearch

* Added release notes to pack CVESearch

* Packs/CVESearch/Integrations/CVESearchV2/CVESearchV2.yml Docker image update

* Updated Metadata Of Pack CarbonBlackProtect

* Added release notes to pack CarbonBlackProtect

* Packs/CarbonBlackProtect/Integrations/CarbonBlackProtect/CarbonBlackProtect.yml Docker image update

* Updated Metadata Of Pack CentrifyVault

* Added release notes to pack CentrifyVault

* Packs/CentrifyVault/Integrations/CentrifyVault/CentrifyVault.yml Docker image update

* Updated Metadata Of Pack Cherwell

* Added release notes to pack Cherwell

* Packs/Cherwell/Integrations/Cherwell/Cherwell.yml Docker image update

* Updated Metadata Of Pack CiscoESAIronPortEmailAPI

* Added release notes to pack CiscoESAIronPortEmailAPI

* Packs/CiscoESAIronPortEmailAPI/Integrations/CiscoIronPortEMailAPI/CiscoIronPortEMailAPI.yml Docker image update

* Updated Metadata Of Pack CiscoEmailSecurity

* Added release notes to pack CiscoEmailSecurity

* Packs/CiscoEmailSecurity/Integrations/CiscoEmailSecurity/CiscoEmailSecurity.yml Docker image update

* Updated Metadata Of Pack Claroty

* Added release notes to pack Claroty

* Packs/Claroty/Integrations/Claroty/Claroty.yml Docker image update

* Updated Metadata Of Pack CloudConvert

* Added release notes to pack CloudConvert

* Packs/CloudConvert/Integrations/CloudConvert/CloudConvert.yml Docker image update

* Added dbotscore outputs to yml and readme

* Updated Metadata Of Pack APIVoid

* Added release notes to pack APIVoid

* Packs/APIVoid/Integrations/APIVoid/APIVoid.yml Docker image update

* Updated Metadata Of Pack AlienVault_OTX

* Added release notes to pack AlienVault_OTX

* Packs/AlienVault_OTX/Integrations/AlienVault_OTX_v2/AlienVault_OTX_v2.yml Docker image update

* Updated Metadata Of Pack Anomali_Enterprise

* Added release notes to pack Anomali_Enterprise

* Packs/Anomali_Enterprise/Integrations/Anomali_Enterprise/Anomali_Enterprise.yml Docker image update

* Updated Metadata Of Pack AnsibleTower

* Added release notes to pack AnsibleTower

* Packs/AnsibleTower/Integrations/AnsibleTower/AnsibleTower.yml Docker image update

* Updated Metadata Of Pack AutoFocus

* Added release notes to pack AutoFocus

* Packs/AutoFocus/Integrations/FeedAutofocus/FeedAutofocus.yml Docker image update

Co-authored-by: sberman <[email protected]>

* Update FortiAuthenticator with fixes and enhancements (#14590)

* Update FortiAuthenticator with fixes and enhancements (#14430)

* Create 1.0.1.md

release notes for updates.

* Update README.md

updated for additional command arguments

* Update FortiAuthenticator.yml

updated with additional arguments to existing commands

* Update FortiAuthenticator.py

code update for adding additional arguments to existing commands

* Update pack_metadata.json

* Update FortiAuthenticator.py

* Update FortiAuthenticator.yml

* Update FortiAuthenticator.py

* Create 1_0_1.md

* Delete 1.0.1.md

* Update Packs/FortiAuthenticator/Integrations/FortiAuthenticator/README.md

Co-authored-by: yuvalbenshalom <[email protected]>

* Update Packs/FortiAuthenticator/ReleaseNotes/1_0_1.md

Co-authored-by: yuvalbenshalom <[email protected]>

* Apply suggestions from code review

Changes per docs-review

Co-authored-by: yuvalbenshalom <[email protected]>
Co-authored-by: Andrew Shamah <[email protected]>

* update docker version

* update RN

Co-authored-by: Jason Lo <[email protected]>
Co-authored-by: yuvalbenshalom <[email protected]>
Co-authored-by: Andrew Shamah <[email protected]>

* add hello world test (#14611)

* remove ownership (#14614)

* ironbank enhancements to GitLab integration (#14376)

* ironbank enhancements to gitlab integration

* cr fixes

* changed 'in' arg name to 'scope'

* Added pack adoption notice. (#14613)

* Added pack adoption notice. (#14612)

* Added pack adoption notice.

* Apply suggestions from code review

Co-authored-by: Aviya Baumgarten <[email protected]>

* update RN

Co-authored-by: Kaushal Shah <[email protected]>
Co-authored-by: Aviya Baumgarten <[email protected]>
Co-authored-by: abaumgarten <[email protected]>

* GetIndicatorDBotScoreFromCache - handle KeyError (#14531)

* - Fixed an issue where the reliability of the indicator was not defined.

* Updated the Docker image

* added test playbook which reproduces the issue

* fixed test playbook

* fixed

* update rn

* update version

* update docker

* resolved conflicts

* added to conf.json

* TwitterSOARx Integration Addition (#14591)

* TwitterSOARx Integration Addition (#13994)

* Create README.md

* Create pack-ignore

* Rename pack-ignore to .pack-ignore

* Add files via upload

* Create .secrets-ignore

* Add files via upload

* Create TwitterSOARx_description.md

* Add files via upload

* Create delete

* Add files via upload

* Create delete

* Delete delete

* Update TwitterSOARx.yml

Modified docker image now that the tweepy image has been uploaded

* Rename TwitterSOARx.yml to integration-TwitterSOARx.yml

* Update TwitterSOARx.py

* Update integration-TwitterSOARx.yml

* Update TwitterSOARx.py

* Update integration-TwitterSOARx.yml

* Update TwitterSOARx.py

* Update integration-TwitterSOARx.yml

* Update TwitterSOARx.py

* Update integration-TwitterSOARx.yml

* Update Packs/TwitterSOARx/Integrations/integration-TwitterSOARx.yml

* rm integration- prefix

* mv py to dir

* mv yml to dir

* mv desc to dir

* Rename Packs/TwitterSOARx/Integrations/command_examples.txt to Packs/TwitterSOARx/Integrations/Twitter/command_examples.txt

* Update Packs/TwitterSOARx/pack_metadata.json

* rm title from readme

* import csp

* handle E0211 and E0213

* Update Twitter.py

Removed print statement

* Update Twitter.yml

* Delete LICENSE

Deleted LICENSE file, as per requested by Itay4

* Update Twitter.py

* Delete TwitterSOARx_image.png

* Add files via upload

* Update README.md

* Update Twitter.py

Added test module, made a couple resolutions to flake errors

* Update Twitter.py

* Delete TwitterSOARx Testing Documentation.docx

* Delete TwitterSOARx Design Document.docx

* Update Twitter.py

modified test results

* Update Twitter.py

* init client

* rm `BaseClient` heritage and `self` from command calls

* ignore attr-defined on urllib.parse.quote

* rm title from detailed desc

* add integration readme

* clean pack readme

Co-authored-by: Itay Keren <[email protected]>

* rename pack dir name

Co-authored-by: Christian Brake <[email protected]>
Co-authored-by: Itay Keren <[email protected]>
Co-authored-by: ikeren <[email protected]>

* Threat Intel Report - add fields and improve view (#14564)

* add type, status fields and update dashboard

* bump to 1.0.1 and add rn

* fmt module and add dashboard rn

* updated type and layout for test

* revert threat actor type changes

* sdk 1.4.9 (#14615)

* Update dev-requirements-py3.txt

Co-authored-by: tomneeman151293 <[email protected]>

* Bc support content side (#13924)

* added logic, and unit tests

* added tests, added docs, moved bc func call

* Update Tests/Marketplace/marketplace_services.py

Co-authored-by: Guy Freund <[email protected]>

* freund requests

* fixed typos, fixed validate failures

* flake8 fixes line too long

* started re-adding BC logic

* added tests

* added the files to git

* indents

* fix failures

* fixed another test failure

* Update Tests/Marketplace/release_notes_bc_calculator.py

Co-authored-by: Noy-Maimon <[email protected]>

* Update Tests/Marketplace/release_notes_bc_calculator.py

Co-authored-by: Noy-Maimon <[email protected]>

* added renaming of var

* filtered from modified the json files in ReleaseNotes

* freund cr fixes

* deleted added test file. test files were added to mp tests

* fix all occurrences of changed naming

* dan cr fixes

* upload test: edited existing RN

* reverted upload test 1

* upload test: new RN without BC

* test case 2: RN with BC

* added some logs for checks

* using custom sdk version to add artifacts support

* validating against sdk create artifacts

* test case 3: multipe rn, some bc, some not

* fixing fraudwatch version

* reverted all changes for tests

* noy CR fixes

Co-authored-by: Guy Freund <[email protected]>
Co-authored-by: Noy-Maimon <[email protected]>
Co-authored-by: guyfreund <[email protected]>

* Azure ad graph fetch (#14352)

* Hello Azure AD Pack

* Initial commit for AzureADIP

* list_risky_users works, list_risks broke?

* renamed to AzureADIdentityProtection, added all commands to yml

* corrected scope

* yaml update

* renamed command

* code formatting

* riskyUserHistory

* confirm compromised

* dismiss

* Generic query_list, passes validation

* prettier code

* reverted MicrosoftApiModule.yml to master

* removed redundant spaces

* filter_arguments is optional

* Update MicrosoftApiModule.yml

added newline to pass validations (no idea why it was removed)

* DT

* limit default in yml

* permission comment

* OData syntax comment

* login instructions in description

* country field description

* filter description

* removed header, added missing risky-user-list arguments

* updated prefix, fixed nextLink parsing, added next_link_description

* updated prefix

* formatting

* query_list docstrings

* separated querying from parsing results, renamed client to AADClient

* basic test

* parametrized list test

* risky users test

* risky_users_history_list test

* unit tests done

* passes linter

* moved comment

* removed resource group (unnecessary)

* added first_headers to tableToMd

* changed first_headers

* first_headers RN

* lint fix (e126)

* lint fix (126)

* redundant `or`

* updated beta notice

* updated description

* fixed RM100

* changed prefix

* updated permission notice

* filter_arguments now a list

* corrected context prefix

* corrected context paths

* yaml outputs, docs, example_commands

* base rn

* IPs

* fixed tests,removed unused comment

* ip

* updated userPrincipalName, pack name

* Confirm-compromised marked harmful

* test playbook

* readme

* lint: indentations

* Test playbook

* Test playbook fromversion

* CR: return_error message

* CR: inherit MSClient

* docs fix

* test_list unit test

* moved first_headers from CSP to AzureADGraph

* reverted CSP changes

* lint

* header orderˆ

* val to obj

* "1 results" -> "1 result", improved parse_list tests

* corrected id

* indentation change

* moved @ part to constructor head

* fixed name

* added auth-complete human-readable to markdown

* time argument parsing

* Update AzureADIdentityProtection_description.md

* Update AzureADIdentityProtection.yml

done

* Update AzureADIdentityProtection_description.md

done

* Update README.md

done

* Update README.md

done

* fetch-incidents, initial add

* extract method from azure_ad_identity_protection_risk_detection_list for fetch

* Fetch configuration

* Create incidents

* Cleaner code

* Fix incident occurred value

* IncidentType, initial add

* Mapper

* Layout

* Fixed mapper

* incident name

* Mapper

* Removed test data

* Update Packs/AzureActiveDirectory/Integrations/AzureADIdentityProtection/AzureADIdentityProtection.yml

Co-authored-by: dorschw <[email protected]>

* Support fetch pagination

* Updated Release Notes

* New common incident fields

* yml validations

* Format

* Updated Release Notes

* Fixed package name

* Align with Pack name

* Align pack name

* Fix json

* Align pack name

* Align Pack name

* Test fetch

* Test same fetch time

* Added missing import

* Fix test

* Missing var

* Unit tests

* Classifier keyTypeMap

* Cleaner code

* Remove unused command

* A minor version update

* Update Tests/conf.json

Co-authored-by: Dean Arbel <[email protected]>

* Integration name

* Short incident name

* Fix test

* Release notes

* Updated release notes

* Format release notes

Co-authored-by: dschwartz <[email protected]>
Co-authored-by: dorschw <[email protected]>
Co-authored-by: shannon-holland <[email protected]>
Co-authored-by: Dean Arbel <[email protected]>

* Skipped the following tests: "Domain Enrichment - Generic v2 - Test" (#14626)

* Update Docker Image To demisto/zabbix (#14635)

* Updated Metadata Of Pack Zabbix

* Added release notes to pack Zabbix

* Packs/Zabbix/Integrations/Zabbix/Zabbix.yml Docker image update

* Update Docker Image To demisto/intezer (#14633)

* Updated Metadata Of Pack Intezer

* Added release notes to pack Intezer

* Packs/Intezer/Integrations/IntezerV2/IntezerV2.yml Docker image update

* Update Docker Image To demisto/tesseract (#14632)

* Updated Metadata Of Pack ImageOCR

* Added release notes to pack ImageOCR

* Packs/ImageOCR/Integrations/ImageOCR/ImageOCR.yml Docker image update

* Fireeye ETP - handle unicode chars (#14622)

* add test for unicode chars in alert

* set system default encoding

* Update Packs/FireEyeETP/ReleaseNotes/1_0_4.md

Co-authored-by: Bar Katzir <[email protected]>

* Update Docker Image To demisto/trustar (#14634)

* Updated Metadata Of Pack TruSTAR

* Added release notes to pack TruSTAR

* Packs/TruSTAR/Integrations/TruSTAR_V2/TruSTAR_V2.yml Docker image update

* Coverage enforce 2 (#14625)

* git

* Format code

* Fix indentations

* Update Docker Image To demisto/greynoise (#14631)

* Updated Metadata Of Pack GreyNoise

* Added release notes to pack GreyNoise

* Packs/GreyNoise/Integrations/GreyNoise/GreyNoise.yml Docker image update

* Packs/GreyNoise/Integrations/GreyNoise_Community/GreyNoise_Community.yml Docker image update

* Improve stale branch deletion script (#14636)

Co-authored-by: avidan-H <>

* AlienVault OTX v2 - handle non lower-case URLs and insecure err msg (#14598)

* add test for HTTP

* handle no status_code and lowercase url

* fix url arg passed in the unit test

* lowercase url protocol

* adjust test

* adjust readme

* fix e731

* add type hints

* fix W291 and E305

* fix raise

* use non private ip in test

* bump to 1.1.8

* Update Packs/AlienVault_OTX/Integrations/A…

21.9.0: Update Docker Image To demisto/python (#14823)

2021-09-12T12:56:12Z

Update Docker Image To demisto/python (demisto#14823)

* Updated Metadata Of Pack Aella_StarLight

* Added release notes to pack Aella_StarLight

* Packs/Aella_StarLight/Integrations/integration-Aella_StarLight.yml Docker image update

* Updated Metadata Of Pack ArcSightXML

* Added release notes to pack ArcSightXML

* Packs/ArcSightXML/Integrations/integration-ArcSightXML.yml Docker image update

* Updated Metadata Of Pack BigFix

* Added release notes to pack BigFix

* Packs/BigFix/Integrations/BigFix/BigFix.yml Docker image update

* Updated Metadata Of Pack Censys

* Added release notes to pack Censys

* Packs/Censys/Integrations/Censys/Censys.yml Docker image update

* Updated Metadata Of Pack Centreon

* Added release notes to pack Centreon

* Packs/Centreon/Integrations/Centreon/Centreon.yml Docker image update

* Updated Metadata Of Pack Confluence

* Added release notes to pack Confluence

* Packs/Confluence/Integrations/Confluence/Confluence.yml Docker image update

* Updated Metadata Of Pack CounterTack

* Added release notes to pack CounterTack

* Packs/CounterTack/Integrations/CounterTack/CounterTack.yml Docker image update

* Updated Metadata Of Pack CyberTriage

* Added release notes to pack CyberTriage

* Packs/CyberTriage/Integrations/integration-CyberTriage.yml Docker image update

* Updated Metadata Of Pack EasyVista

* Added release notes to pack EasyVista

* Packs/EasyVista/Integrations/integration-EasyVista.yml Docker image update

* Updated Metadata Of Pack EclecticIQ

* Added release notes to pack EclecticIQ

* Packs/EclecticIQ/Integrations/EclecticIQ/EclecticIQ.yml Docker image update

* Updated Metadata Of Pack Exchange2016_Compliance

* Added release notes to pack Exchange2016_Compliance

* Packs/Exchange2016_Compliance/Integrations/Exchange2016_Compliance/Exchange2016_Compliance.yml Docker image update

* Updated Metadata Of Pack FidelisElevateNetwork

* Added release notes to pack FidelisElevateNetwork

* Packs/FidelisElevateNetwork/Integrations/FidelisElevateNetwork/FidelisElevateNetwork.yml Docker image update

* Updated Metadata Of Pack FortiGate

* Added release notes to pack FortiGate

* Packs/FortiGate/Integrations/FortiGate/FortiGate.yml Docker image update

* Updated Metadata Of Pack FortiSIEM

* Added release notes to pack FortiSIEM

* Packs/FortiSIEM/Integrations/FortiSIEM/FortiSIEM.yml Docker image update

* Updated Metadata Of Pack InfoArmor_VigilanteATI

* Added release notes to pack InfoArmor_VigilanteATI

* Packs/InfoArmor_VigilanteATI/Integrations/integration-InfoArmor_VigilanteATI.yml Docker image update

* Updated Metadata Of Pack IntSight

* Added release notes to pack IntSight

* Packs/IntSight/Integrations/IntSight/IntSight.yml Docker image update

* Updated Metadata Of Pack Ipstack

* Added release notes to pack Ipstack

* Packs/Ipstack/Integrations/Ipstack/Ipstack.yml Docker image update

* Updated Metadata Of Pack JoeSecurity

* Added release notes to pack JoeSecurity

* Packs/JoeSecurity/Integrations/JoeSecurity/JoeSecurity.yml Docker image update

* Updated Metadata Of Pack MailSenderNew

* Added release notes to pack MailSenderNew

* Packs/MailSenderNew/Integrations/MailSenderNew/MailSenderNew.yml Docker image update

* Updated Metadata Of Pack MaxMind_GeoIP2

* Added release notes to pack MaxMind_GeoIP2

* Packs/MaxMind_GeoIP2/Integrations/MaxMind_GeoIP2/MaxMind_GeoIP2.yml Docker image update

* Updated Metadata Of Pack Mimecast

* Added release notes to pack Mimecast

* Packs/Mimecast/Integrations/MimecastV2/MimecastV2.yml Docker image update

* Packs/Mimecast/Scripts/script-MimecastFindEmail.yml Docker image update

* Packs/Mimecast/Scripts/script-MimecastQuery.yml Docker image update

* Updated Metadata Of Pack MinervaLabsAntiEvasionPlatform

* Added release notes to pack MinervaLabsAntiEvasionPlatform

* Packs/MinervaLabsAntiEvasionPlatform/Integrations/integration-MinervaLabsAntiEvasionPlatform.yml Docker image update

* Updated Metadata Of Pack Packetsled

* Added release notes to pack Packetsled

* Packs/Packetsled/Integrations/integration-Packetsled.yml Docker image update

* Updated Metadata Of Pack PagerDuty

* Added release notes to pack PagerDuty

* Packs/PagerDuty/Integrations/PagerDuty/PagerDuty.yml Docker image update

* Updated Metadata Of Pack Preempt

* Added release notes to pack Preempt

* Packs/Preempt/Integrations/integration-Preempt.yml Docker image update

* Updated Metadata Of Pack RSANetWitnessEndpoint

* Added release notes to pack RSANetWitnessEndpoint

* Packs/RSANetWitnessEndpoint/Integrations/integration-RSANetWitnessEndpoint.yml Docker image update

* Updated Metadata Of Pack RSANetWitness_v11_1

* Added release notes to pack RSANetWitness_v11_1

* Packs/RSANetWitness_v11_1/Integrations/RSANetWitness_v11_1/RSANetWitness_v11_1.yml Docker image update

* Updated Metadata Of Pack Rapid7_Nexpose

* Added release notes to pack Rapid7_Nexpose

* Packs/Rapid7_Nexpose/Integrations/Rapid7_Nexpose/Rapid7_Nexpose.yml Docker image update

* Updated Metadata Of Pack Remedy_AR

* Added release notes to pack Remedy_AR

* Packs/Remedy_AR/Integrations/integration-Remedy_AR.yml Docker image update

* Updated Metadata Of Pack SCADAfence_CNM

* Added release notes to pack SCADAfence_CNM

* Packs/SCADAfence_CNM/Integrations/integration-SCADAfence_CNM.yml Docker image update

* Updated Metadata Of Pack SNDBOX

* Added release notes to pack SNDBOX

* Packs/SNDBOX/Integrations/SNDBOX/SNDBOX.yml Docker image update

* Updated Metadata Of Pack SignalSciences

* Added release notes to pack SignalSciences

* Packs/SignalSciences/Integrations/SignalSciences/SignalSciences.yml Docker image update

* Updated Metadata Of Pack Stealthwatch_Cloud

* Added release notes to pack Stealthwatch_Cloud

* Packs/Stealthwatch_Cloud/Integrations/Stealthwatch_Cloud/Stealthwatch_Cloud.yml Docker image update

* Updated Metadata Of Pack SymantecEndpointProtection

* Added release notes to pack SymantecEndpointProtection

* Packs/SymantecEndpointProtection/Integrations/SymantecEndpointProtection_V2/SymantecEndpointProtection_V2.yml Docker image update

* Updated Metadata Of Pack Symantec_Deepsight

* Added release notes to pack Symantec_Deepsight

* Packs/Symantec_Deepsight/Integrations/Symantec_Deepsight/Symantec_Deepsight.yml Docker image update

* Updated Metadata Of Pack Tenable_sc

* Added release notes to pack Tenable_sc

* Packs/Tenable_sc/Integrations/Tenable_sc/Tenable_sc.yml Docker image update

* Updated Metadata Of Pack ThreatGrid

* Added release notes to pack ThreatGrid

* Packs/ThreatGrid/Integrations/ThreatGrid/ThreatGrid.yml Docker image update

* Updated Metadata Of Pack ThreatMiner

* Added release notes to pack ThreatMiner

* Packs/ThreatMiner/Integrations/ThreatMiner/ThreatMiner.yml Docker image update

* Updated Metadata Of Pack ThreatQ

* Added release notes to pack ThreatQ

* Packs/ThreatQ/Integrations/integration-ThreatQ.yml Docker image update

* Updated Metadata Of Pack ThreatX

* Added release notes to pack ThreatX

* Packs/ThreatX/Integrations/ThreatX/ThreatX.yml Docker image update

* Updated Metadata Of Pack VMRay

* Added release notes to pack VMRay

* Packs/VMRay/Integrations/VMRay/VMRay.yml Docker image update

* Updated Metadata Of Pack VirusTotal-Private_API

* Added release notes to pack VirusTotal-Private_API

* Packs/VirusTotal-Private_API/Integrations/VirusTotal-Private_API/VirusTotal-Private_API.yml Docker image update

* Updated Metadata Of Pack remedy_SR

* Added release notes to pack remedy_SR

* Packs/remedy_SR/Integrations/remedy_SR/remedy_SR.yml Docker image update

* Updated Metadata Of Pack Algosec

* Added release notes to pack Algosec

* Packs/Algosec/Scripts/script-AlgosecCreateTicket.yml Docker image update

* Packs/Algosec/Scripts/script-AlgosecGetApplications.yml Docker image update

* Packs/Algosec/Scripts/script-AlgosecGetNetworkObject.yml Docker image update

* Packs/Algosec/Scripts/script-AlgosecGetTicket.yml Docker image update

* Packs/Algosec/Scripts/script-AlgosecQuery.yml Docker image update

* Updated Metadata Of Pack CrowdStrikeFalconStreamingV2

* Added release notes to pack CrowdStrikeFalconStreamingV2

* Packs/CrowdStrikeFalconStreamingV2/Scripts/script-CrowdStrikeStreamingPreProcessing.yml Docker image update

* Updated Metadata Of Pack CrowdStrikeHost

* Added release notes to pack CrowdStrikeHost

* Packs/CrowdStrikeHost/Scripts/script-CrowdStrikeUrlParse.yml Docker image update

* Updated Metadata Of Pack CuckooSandbox

* Added release notes to pack CuckooSandbox

* Packs/CuckooSandbox/Scripts/script-CuckooDetonateFile.yml Docker image update

* Packs/CuckooSandbox/Scripts/script-CuckooDetonateURL.yml Docker image update

* Packs/CuckooSandbox/Scripts/script-CuckooDisplayReport.yml Docker image update

* Packs/CuckooSandbox/Scripts/script-CuckooGetReport.yml Docker image update

* Packs/CuckooSandbox/Scripts/script-CuckooGetScreenshot.yml Docker image update

* Packs/CuckooSandbox/Scripts/script-CuckooTaskStatus.yml Docker image update

* Updated Metadata Of Pack DemistoRESTAPI

* Added release notes to pack DemistoRESTAPI

* Packs/DemistoRESTAPI/Scripts/script-DemistoUploadFileToIncident.yml Docker image update

* Updated Metadata Of Pack Forcepoint

* Added release notes to pack Forcepoint

* Packs/Forcepoint/Scripts/script-FPDeleteRule.yml Docker image update

* Packs/Forcepoint/Scripts/script-FPSetRule.yml Docker image update

* Updated Metadata Of Pack GRR

* Added release notes to pack GRR

* Packs/GRR/Scripts/script-GrrGetFiles.yml Docker image update

* Packs/GRR/Scripts/script-GrrGetFlows.yml Docker image update

* Packs/GRR/Scripts/script-GrrGetHunt.yml Docker image update

* Packs/GRR/Scripts/script-GrrGetHunts.yml Docker image update

* Packs/GRR/Scripts/script-GrrSetFlows.yml Docker image update

* Packs/GRR/Scripts/script-GrrSetHunts.yml Docker image update

* Updated Metadata Of Pack Imperva_Skyfence

* Added release notes to pack Imperva_Skyfence

* Packs/Imperva_Skyfence/Scripts/script-ImpSfListEndpoints.yml Docker image update

* Packs/Imperva_Skyfence/Scripts/script-ImpSfRevokeUnaccessedDevices.yml Docker image update

* Packs/Imperva_Skyfence/Scripts/script-ImpSfScheduleTask.yml Docker image update

* Packs/Imperva_Skyfence/Scripts/script-ImpSfSetEndpointStatus.yml Docker image update

* Updated Metadata Of Pack Incapsula

* Added release notes to pack Incapsula

* Packs/Incapsula/Scripts/script-IncapGetAppInfo.yml Docker image update

* Packs/Incapsula/Scripts/script-IncapGetDomainApproverEmail.yml Docker image update

* Packs/Incapsula/Scripts/script-IncapListSites.yml Docker image update

* Packs/Incapsula/Scripts/script-IncapScheduleTask.yml Docker image update

* Packs/Incapsula/Scripts/script-IncapWhitelistCompliance.yml Docker image update

* Updated Metadata Of Pack Jira

* Added release notes to pack Jira

* Packs/Jira/Scripts/script-JiraCreaetIssueGeneric.yml Docker image update

* Updated Metadata Of Pack Mattermost

* Added release notes to pack Mattermost

* Packs/Mattermost/Scripts/script-MattermostAskUser.yml Docker image update

* Updated Metadata Of Pack OSQuery

* Added release notes to pack OSQuery

* Packs/OSQuery/Scripts/script-OSQueryBasicQuery.yml Docker image update

* Packs/OSQuery/Scripts/script-OSQueryLoggedInUsers.yml Docker image update

* Packs/OSQuery/Scripts/script-OSQueryOpenSockets.yml Docker image update

* Packs/OSQuery/Scripts/script-OSQueryProcesses.yml Docker image update

* Packs/OSQuery/Scripts/script-OSQueryUsers.yml Docker image update

* Updated Metadata Of Pack Pipl

* Added release notes to pack Pipl

* Packs/Pipl/Scripts/script-CheckSender.yml Docker image update

* Updated Metadata Of Pack ProtectWise

* Added release notes to pack ProtectWise

* Packs/ProtectWise/Scripts/script-PWEventPcapDownload.yml Docker image update

* Packs/ProtectWise/Scripts/script-PWObservationPcapDownload.yml Docker image update

* Updated Metadata Of Pack Recorded_Future

* Added release notes to pack Recorded_Future

* Packs/Recorded_Future/Scripts/script-RecordedFutureDomainRiskList.yml Docker image update

* Packs/Recorded_Future/Scripts/script-RecordedFutureHashRiskList.yml Docker image update

* Packs/Recorded_Future/Scripts/script-RecordedFutureIPRiskList.yml Docker image update

* Packs/Recorded_Future/Scripts/script-RecordedFutureURLRiskList.yml Docker image update

* Packs/Recorded_Future/Scripts/script-RecordedFutureVulnerabilityRiskList.yml Docker image update

* Updated Metadata Of Pack RsaNetWitnessPacketsAndLogs

* Added release notes to pack RsaNetWitnessPacketsAndLogs

* Packs/RsaNetWitnessPacketsAndLogs/Scripts/script-NetwitnessQuery.yml Docker image update

* Packs/RsaNetWitnessPacketsAndLogs/Scripts/script-NetwitnessSearch.yml Docker image update

* Updated Metadata Of Pack RsaNetwitnessSecurityAnalytics

* Added release notes to pack RsaNetwitnessSecurityAnalytics

* Packs/RsaNetwitnessSecurityAnalytics/Scripts/script-NetwitnessSAAddEventsToIncident.yml Docker image update

* Packs/RsaNetwitnessSecurityAnalytics/Scripts/script-NetwitnessSACreateIncident.yml Docker image update

* Packs/RsaNetwitnessSecurityAnalytics/Scripts/script-NetwitnessSAGetAvailableAssignees.yml Docker image update

* Packs/RsaNetwitnessSecurityAnalytics/Scripts/script-NetwitnessSAGetComponents.yml Docker image update

* Packs/RsaNetwitnessSecurityAnalytics/Scripts/script-NetwitnessSAGetEvents.yml Docker image update

* Packs/RsaNetwitnessSecurityAnalytics/Scripts/script-NetwitnessSAListIncidents.yml Docker image update

* Updated Metadata Of Pack Salesforce

* Added release notes to pack Salesforce

* Packs/Salesforce/Scripts/script-SalesforceAskUser.yml Docker image update

* -

* Added Minerva tpb to NonCircleTests

Co-authored-by: sberman <[email protected]>