crowdstrike falcon generate status fix#15153
Merged
Conversation
added 9 commits
September 1, 2021 17:15
added tests
supporting both normal and Normal
added 2 commits
October 3, 2021 12:21
DeanArbel
approved these changes
Oct 4, 2021
Contributor
DeanArbel
left a comment
There was a problem hiding this comment.
@amshamah419 Can you please take a look at the RN?
added 2 commits
October 7, 2021 17:22
Co-authored-by: yuvalbenshalom <[email protected]>
bakatzir
reviewed
Oct 10, 2021
…o Ilan_Crowdstrike_falcon_fix
DeanArbel
pushed a commit
that referenced
this pull request
Oct 13, 2021
Fixed an issue where the predefined values of **status** argument in command **cs-falcon-search-device** were incorrect.
DeanArbel
added a commit
that referenced
this pull request
Oct 13, 2021
) * move alt_targets arg to body * typo * Update Packs/Tenable_io/ReleaseNotes/1_1_5.md Co-authored-by: Bar Katzir <[email protected]> * Update Packs/Tenable_io/ReleaseNotes/1_1_5.md * Remove Problematic Echoing of Shell Version (#15227) * Move echo shell version to after node installation * Remove problematic echoing of shell version Co-authored-by: avidan-H <> * added the headers argument (#15213) * Cherwell enhancements (#14473) * MispV3 update attribute command added (#15194) * added the command to update attribute * update RN * update readme * update TPB * remove wrong outputs * remove wrong outputs * changes by CR * avoid using mutable in funcs * update RN * Fileorbis integration (#15234) * Fileorbis integration (#15202) * FileOrbis integration added * FileOrbis Pack metadata updated * FileOrbis integration output names fixed * FileOrbis integration readme file fixed * FileOrbis url added to .secrets-ignore * FileOrbis pack author image added * FileOrbis pack review suggestions fixed * FileOrbis pack readme.md suggestions implemented Co-authored-by: hüsrev beyazışık <[email protected]> * Update .pack-ignore * Update .pack-ignore Co-authored-by: hakcekoce <[email protected]> Co-authored-by: hüsrev beyazışık <[email protected]> Co-authored-by: Darya Koval <[email protected]> * Update README.md (#15196) (#15219) * Update README.md Updated description * Add files via upload * Update README.md * Update README.md * Update Packs/Druva/README.md Co-authored-by: Shahaf Ben Yakir <[email protected]> Co-authored-by: sahilgoyaldruva <[email protected]> Co-authored-by: Shahaf Ben Yakir <[email protected]> Co-authored-by: ShahafBenYakir <[email protected]> * Update pack_metadata.json (#15197) (#15221) Updated pack name and description Co-authored-by: sahilgoyaldruva <[email protected]> Co-authored-by: iyeshaya <[email protected]> * fix the ListUsedDockerImages to fine tune the output result. (#15193) * fix the ListUsedDockerImages to fine tune the output result. * update RN * Update description of Azure Sentinel integration (#15229) * update description * update description * update description - CR changes * Update AzureSentinel_description.md Made minor textual changes. * Update README.md Made same changes here. Co-authored-by: yaron-libman <[email protected]> * SecurityAndCompliance: Added ref to MS limitations article (#15110) * Added a ref to the MS known eDiscovery limits article in the README.md * Bumped version and added rn * Changed polling args to be pb and sub pb inputs * RN * modified default polling commands inputd * Increased timeout * Trigger push * increased memory threshold * Timeout, timeouts everywhere. * Timeout, timeouts everywhere. * Add O365-SecurityAndCompliance-ContextResults-Test to skipped * Fix mock of time (#15011) * Fix mock of time * Add release notes * Retract release notes * Added control over which core packs are upgraded. (#15124) * Added control over which core packs are upgraded. * review fixes * fixed file structure * Update Tests/Marketplace/upload_packs.py Co-authored-by: Noy-Maimon <[email protected]> * Update Tests/Marketplace/copy_and_upload_packs.py Co-authored-by: Noy-Maimon <[email protected]> * fix lint * fix lint Co-authored-by: Noy-Maimon <[email protected]> * Adding Classifiers, Mappers, Incident Type, Incident Fields (#15014) (#15233) * feat: added Lacework sub-account capability * feat: added Incident Type, Incident Fields, Classifier and Mapper * doc: Adding release notes and bumping version * fix: removed trailing whitespace * feat: added additional Incident Fields & Mappings for compliance * docs: noted new Incident Fields in the 1_1_0.md README * fix: updated 5.x classifier GUID * fix: added descriptions for all Incident Fields * docs: cleaned up v1.1 release notes * fix: updated the ID of the 5.x Classifier * fix: added default Classifier/Mapper * fix: updated to latest demisto/lacework docker image Co-authored-by: Alan Nix <[email protected]> * XSOAR RF 2.3 release (#14780) (#15230) * Add two new comands to change alert status and add fetch incidents * Updated docker version and documentation * add types and fix mypy * fix bug for inteligence command when there was no data in ip location * change error message in test-module * Change error handling. Remove default value for rules * update release note * update license year * update docker image * rename setnote and writestatus command * update docker image version * fix docker image * PR fix. Added test. Added max_fetch for fetching incidents * fix secret * fix variable naming * bump release version * bump version. remove real email * update doc text * add RecordedFuture type and layout. Formatting. Context for alert cmd * add updates to release notes * Update Packs/RecordedFuture/ReleaseNotes/1_2_0.md * Update Packs/RecordedFuture/ReleaseNotes/1_2_0.md * update readme. Change the file name and the name of RF incident type * update release notes * bump the fromVersion for layout, incidenttype and fields * revert changes to indicatorfield fromVersion Co-authored-by: Bar Katzir <[email protected]> Co-authored-by: rderkachrf <[email protected]> Co-authored-by: Bar Katzir <[email protected]> * Update README.md (#15218) (#15242) Co-authored-by: Rohan Puri <[email protected]> * [malwarebytes-254] Fix for RTP Detections(EP) incident creation. (#15238) (#15246) * Fix for RTP Detections(EP) incident creation. * Update 1_1_4.md Co-authored-by: rskumar-mwb <[email protected]> * add rbac support (#15245) * Reducing memory usage for DBotBuildPhishingClassifier (#15079) * Reducing memory usage for DBotBuildPhishingClassifier * ADDED RN * Update RN * Update RN * updated release notes * Moving playbook tests from Base pack to ML pack as playbooks fail without their ML dependencies Co-authored-by: yaakovi <[email protected]> * Add support for Sites to SentinelOne threat commands (#15088) (#15249) * Add site_ids for fetching threats * Release notes, version bump * Update display text * Update type * Remove branch * cleanup * Documentation * Suggested changes Move description to additionalInfo Co-authored-by: Shahaf Ben Yakir <[email protected]> Co-authored-by: Shahaf Ben Yakir <[email protected]> Co-authored-by: Stephen Ferrero <[email protected]> Co-authored-by: Shahaf Ben Yakir <[email protected]> * F5 LTM Integration (#14914) (#15220) * List Pack Update * List Pack Update * LTM Integration * F5 LTM * Adding command * Additional Commands * Additional Commands * Adding LTM Commands * Additional Commands * Additional Commands * PR Commit * Linting Update * PR Update * PR Update 2 * PR Updates * Adding more inputs * Update README * Added F5 Version * A Lint fix * A Lint fix * Update pack metadata * Added my Github Rep as a metadata url * URL Field Co-authored-by: Ayman Mahmoud <[email protected]> * Kela radark (#15248) (#15250) * KELARaDark v1.0.0 * KELARaDark V1 after PR fixes * KELARaDark V1 add unit tests * KELARaDark V1 add unit tests * KELARaDark V1 add unit tests * Item purchase issue fix * KELA RaDark v1.0.1 item purchase bug fix * KELA RaDark v1.0.1 item purchase bug fix Co-authored-by: [email protected] <[email protected]> * Deprecate Largest Inputs And Outputs In Incidents and Largest Incidents by Storage Size (#15176) * deprecate largest_incidents * update no incident found message * add deprecate: true * update rn * remove toversion and replace with deprecate * add that system diagonistics is available from version 6.2.0 * Apply suggestions from code review Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> * silverfront_pack_readme_file (#15244) * pack_readme_file * minor re-format * secret * crowdstrike falcon generate status fix (#15153) Fixed an issue where the predefined values of **status** argument in command **cs-falcon-search-device** were incorrect. * Update Docker Image To demisto/feed-performance-test (#15261) * Updated Metadata Of Pack DeveloperTools * Added release notes to pack DeveloperTools * Packs/DeveloperTools/Integrations/CreateMockFeed/CreateMockFeed.yml Docker image update * XDR - Port-Scan input validation fix (#15209) * Playbook fix * plabook docs * Release notes * Release notes * Playboook reformat * Docs fix * doc fix * EditServerConfig - new script (#15256) * added a new script * update RN * spelling issue * fix lint errors * update RN * spelling issues * spelling issues * added to conf.json * pan-os network objects on panorama (#15247) * pan-pos network objects on panorama * re phrase errors * add typing * add mocker * ass missing space * set template in the intialize_params func * add comment * OutOfOfficeListCleanup - cleanup OOO list only when the list changed (#15184) * use setList command only when modified * update RN * fix mypy * add unitests * update RN * Update Packs/ShiftManagement/ReleaseNotes/1_2_6.md Co-authored-by: Bar Katzir <[email protected]> * XDR xql docs improvement (#15251) * Added role to docs * added link * Update Packs/CortexXDR/Integrations/XQLQueryingEngine/README.md Co-authored-by: Bar Katzir <[email protected]> * All search tickets in Contents (#15136) (#15269) * All search tickets in Contents OTRS Integrations search command only contained the last raw ticket in "Contents". Fixed to store all of them in list like EntryContext. * Pack Notes * Update pack_metadata.json * Create 1_0_5.md * Update Packs/OTRS/ReleaseNotes/1_0_5.md Co-authored-by: Shachar Kidor <[email protected]> Co-authored-by: ckaadic <[email protected]> Co-authored-by: Shachar Kidor <[email protected]> Co-authored-by: h <[email protected]> * Update README.md (#15264) (#15284) * Update README.md * Update Packs/Sepio/README.md Co-authored-by: Darya Koval <[email protected]> Co-authored-by: Darya Koval <[email protected]> Co-authored-by: sepioGH <[email protected]> Co-authored-by: Darya Koval <[email protected]> * deprecate Devo integration (#15258) * update reputations command - is array 2 (#15146) * ignore IN144 error * update rn * update rn * update rn * update rn * update rn * update reputations command - is array 3 (#15148) * ignore IN144 error * update rn * update reputations command - is array 4 (#15149) * ignore IN144 error * update Guardicore * update rn * update reputations command - is array 1 (#15145) * ignore IN144 error * update rn * update CB * Update README.md Cofense Feed (#15130) (#15279) * Update README.md * Update pack_metadata.json * Create 1_0_14.md * Update Packs/FeedCofense/README.md Co-authored-by: Matt Chase <[email protected]> * Update README.md * Update Packs/FeedCofense/README.md Co-authored-by: Matt Chase <[email protected]> * Update README.md * Update Packs/FeedCofense/README.md Co-authored-by: Shachar Kidor <[email protected]> * Add files via upload * Update pack_metadata.json * Update pack_metadata.json * move author image file * trim description Co-authored-by: Matt Chase <[email protected]> Co-authored-by: Shachar Kidor <[email protected]> Co-authored-by: ShacharKidor <[email protected]> Co-authored-by: mjsaurbaugh <[email protected]> Co-authored-by: Matt Chase <[email protected]> Co-authored-by: Shachar Kidor <[email protected]> Co-authored-by: ShacharKidor <[email protected]> Co-authored-by: ShahafBenYakir <[email protected]> * fix ignore file (#15286) * fix bug when running using playbook (#15265) * fix bug when running using playbook * fix bug when running using playbook * fixed yml texts * Update Packs/ShiftManagement/Scripts/ManageOOOusers/ManageOOOusers.py Co-authored-by: Adi Daud <[email protected]> * Update Packs/ShiftManagement/Scripts/ManageOOOusers/ManageOOOusers.py Co-authored-by: Adi Daud <[email protected]> * fixed lint * ignore missing pb as it is redundent (approved by TL) * trying to add test playbook Co-authored-by: Adi Daud <[email protected]> * Initial commit of HYASProtect (#15108) (#15270) * Initial commit of HYASProtect * Adding missing files :-) Co-authored-by: Rambatla Venkat Rao <[email protected]> Co-authored-by: ShahafBenYakir <[email protected]> * update fields prefix (#15273) * Bump automation scripts to Python3 (#15240) * DumpJSON * update dumpjson readme * GetIndicatorDBotScore * InRange * update pipfiles and subtype * IsListExist * fix W292 and F401 * LoadJSON * RepopulateFiles * ReverseList * RunPollingCommand * update pipfiles * SetByIncidentId * SetIfEmpty * use str instead of basestr * adjust setifempty unicode test * Update Packs/CommonScripts/Scripts/DumpJSON/DumpJSON.py Co-authored-by: Shai Yaakovi <[email protected]> * Update Packs/CommonScripts/Scripts/IsListExist/IsListExist.yml Co-authored-by: Shai Yaakovi <[email protected]> * Update Packs/CommonScripts/Scripts/SetByIncidentId/SetByIncidentId.py Co-authored-by: Shai Yaakovi <[email protected]> * revert runpollingcommand Co-authored-by: Shai Yaakovi <[email protected]> * Update README.md (#15274) Added the following to the Listen Port description in light of demisto/etc#41066: You can use any available port except for 80, 443, or 9100. When the `instance.execute.external.<instance_name>` key is set to true, Cortex XSOAR redirects the endpoint from HTTPS to the container on the port that you specify here, using port 443 as the secured publicly open port. * bump version (#15298) * Adding Cyren Inbox Security cortex integration pack (#15294) * Adding Cyren Inbox Security cortex integration pack (#14074) * Adding Cyren Inbox Security cortex integration pack * fix review comments * fix review comments re simulation * fix review comments * fix review comments * latest fixes after integration demo * add pack and secret ignore files to fix failing build * fix readme images failed build * fix readme images failed build * fix readme relative path images * fix readme relative path images * fix review comments * fix review comments * fix additional reviews * fix doc reviews * Update Cyren_Inbox_Security_Default.yml Co-authored-by: Eran Levy <[email protected]> Co-authored-by: Yaakov Praisler <[email protected]> * PAN-OS - Documentation and metadata improvements around push (#15297) * PAN-OS - Documentation and metadata improvements around push * Update Packs/PAN-OS/Integrations/Panorama/Panorama.yml Co-authored-by: Andrew Shamah <[email protected]> * add whitespace Co-authored-by: Andrew Shamah <[email protected]> * [Marketplace Contribution] Forward XSOAR Audit Logs to Splunk HEC (#15287) * [Marketplace Contribution] Forward XSOAR Audit Logs to Splunk HEC (#15119) * "pack contribution initial commit" * Update Packs/ForwardXSOARAuditLogsToSplunkHEC/Scripts/ForwardAuditLogsToSplunkHEC/ForwardAuditLogsToSplunkHEC.yml Co-authored-by: Darya Koval <[email protected]> * Update Packs/ForwardXSOARAuditLogsToSplunkHEC/Scripts/ForwardAuditLogsToSplunkHEC/ForwardAuditLogsToSplunkHEC.yml Co-authored-by: Darya Koval <[email protected]> * Update Packs/ForwardXSOARAuditLogsToSplunkHEC/Scripts/ForwardAuditLogsToSplunkHEC/ForwardAuditLogsToSplunkHEC.yml Co-authored-by: Darya Koval <[email protected]> * Update Packs/ForwardXSOARAuditLogsToSplunkHEC/Scripts/ForwardAuditLogsToSplunkHEC/ForwardAuditLogsToSplunkHEC.yml Co-authored-by: Darya Koval <[email protected]> * Update Packs/ForwardXSOARAuditLogsToSplunkHEC/pack_metadata.json Co-authored-by: Darya Koval <[email protected]> * Update pack_metadata.json * Update Packs/ForwardXSOARAuditLogsToSplunkHEC/Scripts/ForwardAuditLogsToSplunkHEC/ForwardAuditLogsToSplunkHEC.yml Co-authored-by: Darya Koval <[email protected]> * Update Packs/ForwardXSOARAuditLogsToSplunkHEC/Scripts/ForwardAuditLogsToSplunkHEC/ForwardAuditLogsToSplunkHEC.yml Co-authored-by: Darya Koval <[email protected]> * Update .pack-ignore * Update ForwardAuditLogsToSplunkHEC.yml Co-authored-by: Hruuttila <[email protected]> Co-authored-by: Darya Koval <[email protected]> * Update Packs/ForwardXSOARAuditLogsToSplunkHEC/Scripts/ForwardAuditLogsToSplunkHEC/ForwardAuditLogsToSplunkHEC.yml Co-authored-by: xsoar-bot <[email protected]> Co-authored-by: Hruuttila <[email protected]> Co-authored-by: Darya Koval <[email protected]> * Added trigger for a secrets detection run (#15169) * added scripts * change to env * change to env * change to env * change to env * change to env * change to env * change to env * change to env * change to env * add fake secret for testing * add fake secret for testing * add fake secret for testing * add fake secret for testing * added checking result * added fake secret test * added print * added new step * added new step * added new step * added new step * added new step * added new step * added new step * added new step * added new step * added new step * added new step * remove installed packs * remove installed packs * debugging * debugging * debugging * debugging * debugging * debugging * debugging * remove secret * added api key arg * code improve * add fake secrets * make the pring better * revert changes with fake secrets * changed var name * change according to CR * changes according to CR * update link to layout not to playbook * update link to layout not to playbook * no change commit * no change commit * no change commit * no change commit * changes according to CR * add fake secret * remove temp changes * Disable sdk_nightly (#15302) Disable sdk_nightly * Add user ids to pagerduty (#15277) (#15305) * Add user IDs to responses When using the contact methods or notification command, it asks for User ID. Add UserID to context when returning incident data. * Add supporting things for code change * Update README.md * Update README.md * Update Packs/PagerDuty/ReleaseNotes/1_0_8.md Co-authored-by: Darya Koval <[email protected]> Co-authored-by: iyeshaya <[email protected]> Co-authored-by: Darya Koval <[email protected]> Co-authored-by: Chris Schafer <[email protected]> Co-authored-by: iyeshaya <[email protected]> Co-authored-by: Darya Koval <[email protected]> * ignore fork PRs (#15307) Co-authored-by: Bar Katzir <[email protected]> Co-authored-by: avidan-H <[email protected]> Co-authored-by: Shai Yaakovi <[email protected]> Co-authored-by: Adi Daud <[email protected]> Co-authored-by: Aviya Baumgarten <[email protected]> Co-authored-by: content-bot <[email protected]> Co-authored-by: hakcekoce <[email protected]> Co-authored-by: hüsrev beyazışık <[email protected]> Co-authored-by: Darya Koval <[email protected]> Co-authored-by: sahilgoyaldruva <[email protected]> Co-authored-by: Shahaf Ben Yakir <[email protected]> Co-authored-by: ShahafBenYakir <[email protected]> Co-authored-by: iyeshaya <[email protected]> Co-authored-by: Wissam Ghammashi <[email protected]> Co-authored-by: Israel Lappe <[email protected]> Co-authored-by: yaron-libman <[email protected]> Co-authored-by: Bargenish <[email protected]> Co-authored-by: Agam More <[email protected]> Co-authored-by: Dan Sterenson <[email protected]> Co-authored-by: Noy-Maimon <[email protected]> Co-authored-by: Alan Nix <[email protected]> Co-authored-by: rderkachrf <[email protected]> Co-authored-by: Rohan Puri <[email protected]> Co-authored-by: rskumar-mwb <[email protected]> Co-authored-by: Itay Keren <[email protected]> Co-authored-by: Lior Perry <[email protected]> Co-authored-by: yaakovi <[email protected]> Co-authored-by: Stephen Ferrero <[email protected]> Co-authored-by: Ayman Mahmoud <[email protected]> Co-authored-by: [email protected] <[email protected]> Co-authored-by: Andrew Shamah <[email protected]> Co-authored-by: iyeshaya <[email protected]> Co-authored-by: ilaner <[email protected]> Co-authored-by: EliorKedar <[email protected]> Co-authored-by: ckaadic <[email protected]> Co-authored-by: Shachar Kidor <[email protected]> Co-authored-by: h <[email protected]> Co-authored-by: sepioGH <[email protected]> Co-authored-by: EyalPintzov <[email protected]> Co-authored-by: Bar Chen <[email protected]> Co-authored-by: mjsaurbaugh <[email protected]> Co-authored-by: Matt Chase <[email protected]> Co-authored-by: Jasmine Beilin <[email protected]> Co-authored-by: Rambatla Venkat Rao <[email protected]> Co-authored-by: okaufman34 <[email protected]> Co-authored-by: MosheGalitzky <[email protected]> Co-authored-by: Eran Levy <[email protected]> Co-authored-by: Yaakov Praisler <[email protected]> Co-authored-by: xsoar-bot <[email protected]> Co-authored-by: Hruuttila <[email protected]> Co-authored-by: tkatzir <[email protected]> Co-authored-by: Chris Schafer <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Status
Related Issues
fixes: https://github.com/demisto/etc/issues/41704
Description
Fixing
generate_status_fieldfunction. The yml expects the status to beNormal, and the function expects it's to benormal. Changed the function to support bothnormalandNormal.Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have