pythonran
diff --git a/‎Packs/Base/ReleaseNotes/1_10_8.md‎
Lines changed: 7 additions & 0 deletions b/‎Packs/Base/ReleaseNotes/1_10_8.md‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎Packs/Base/Scripts/CommonServerPython/CommonServerPython.py‎
Lines changed: 31 additions & 1 deletion b/‎Packs/Base/Scripts/CommonServerPython/CommonServerPython.py‎
Lines changed: 31 additions & 1 deletion
diff --git a/‎Packs/Base/pack_metadata.json‎
Lines changed: 1 addition & 1 deletion b/‎Packs/Base/pack_metadata.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR.py‎
Lines changed: 83 additions & 12 deletions b/‎Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR.py‎
Lines changed: 83 additions & 12 deletions
diff --git a/‎Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR.yml‎
Lines changed: 63 additions & 3 deletions b/‎Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR.yml‎
Lines changed: 63 additions & 3 deletions
diff --git a/‎Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR_test.py‎
Lines changed: 26 additions & 1 deletion b/‎Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR_test.py‎
Lines changed: 26 additions & 1 deletion
@@ -0,0 +1,7 @@
+
+#### Scripts
+##### CommonServerPython
+Added the following optional fields to the **Endpoint** indicator:
+- **Status**
+- **Vendor**
+- **IsIsolated** 
@@ -98,6 +98,18 @@ def __del__(self):
     'widget': 17
 }
 
+ENDPOINT_STATUS_OPTIONS = [
+    'Online',
+    'Offline'
+]
+
+ENDPOINT_ISISOLATED_OPTIONS = [
+    'Yes',
+    'No',
+    'Pending isolation',
+    'Pending unisolation'
+]
+
 
 class EntryType(object):
     """
@@ -3024,7 +3036,8 @@ class Endpoint(Indicator):
 
         def __init__(self, id, hostname=None, ip_address=None, domain=None, mac_address=None,
                      os=None, os_version=None, dhcp_server=None, bios_version=None, model=None,
-                     memory=None, processors=None, processor=None, relations=None):
+                     memory=None, processors=None, processor=None, relations=None, vendor=None, status=None,
+                     is_isolated=None):
             self.id = id
             self.hostname = hostname
             self.ip_address = ip_address
@@ -3038,6 +3051,9 @@ def __init__(self, id, hostname=None, ip_address=None, domain=None, mac_address=
             self.memory = memory
             self.processors = processors
             self.processor = processor
+            self.vendor = vendor
+            self.status = status
+            self.is_isolated = is_isolated
             self.relations = relations
 
         def to_context(self):
@@ -3085,6 +3101,20 @@ def to_context(self):
                 relations_context = [relation.to_context() for relation in self.relations if relation.to_context()]
                 endpoint_context['Relationships'] = relations_context
 
+            if self.vendor:
+                endpoint_context['Vendor'] = self.vendor
+
+            if self.status:
+                if self.status not in ENDPOINT_STATUS_OPTIONS:
+                    raise ValueError('Status does not have a valid value such as: Online or Offline')
+                endpoint_context['Status'] = self.status
+
+            if self.is_isolated:
+                if self.is_isolated not in ENDPOINT_ISISOLATED_OPTIONS:
+                    raise ValueError('Is Isolated does not have a valid value such as: Yes, No, Pending'
+                                     ' isolation or Pending unisolation')
+                endpoint_context['IsIsolated'] = self.is_isolated
+
             ret_value = {
                 Common.Endpoint.CONTEXT_PATH: endpoint_context
             }
 
@@ -2,7 +2,7 @@
     "name": "Base",
     "description": "The base pack for Cortex XSOAR.",
     "support": "xsoar",
-    "currentVersion": "1.10.7",
+    "currentVersion": "1.10.8",
     "author": "Cortex XSOAR",
     "serverMinVersion": "6.0.0",
     "url": "https://www.paloaltonetworks.com/cortex",
 
@@ -21,6 +21,7 @@
 
 INTEGRATION_CONTEXT_BRAND = 'PaloAltoNetworksXDR'
 XDR_INCIDENT_TYPE_NAME = 'Cortex XDR Incident'
+INTEGRATION_NAME = 'Cortex XDR - IR'
 
 XDR_INCIDENT_FIELDS = {
     "status": {"description": "Current status of the incident: \"new\",\"under_"
@@ -1681,9 +1682,16 @@ def get_endpoints_command(client, args):
             sort_by_first_seen=sort_by_first_seen,
             sort_by_last_seen=sort_by_last_seen
         )
+
+    standard_endpoints = generate_endpoint_by_contex_standard(endpoints, False)
+    endpoint_context_list = []
+    for endpoint in standard_endpoints:
+        endpoint_context = endpoint.to_context().get(Common.Endpoint.CONTEXT_PATH)
+        endpoint_context_list.append(endpoint_context)
+
     context = {
         f'{INTEGRATION_CONTEXT_BRAND}.Endpoint(val.endpoint_id == obj.endpoint_id)': endpoints,
-        Common.Endpoint.CONTEXT_PATH: return_endpoint_standard_context(endpoints)
+        Common.Endpoint.CONTEXT_PATH: endpoint_context_list
     }
     account_context = create_account_context(endpoints)
     if account_context:
@@ -1695,17 +1703,77 @@ def get_endpoints_command(client, args):
     )
 
 
-def return_endpoint_standard_context(endpoints):
-    endpoints_context_list = []
-    for endpoint in endpoints:
-        endpoints_context_list.append(assign_params(**{
-            "Hostname": (endpoint['host_name'] if endpoint.get('host_name', '') else endpoint.get('endpoint_name')),
-            "ID": endpoint.get('endpoint_id'),
-            "IPAddress": endpoint.get('ip'),
-            "Domain": endpoint.get('domain'),
-            "OS": endpoint.get('os_type'),
-        }))
-    return endpoints_context_list
+def convert_os_to_standard(endpoint_os):
+    os_type = ''
+    endpoint_os = endpoint_os.lower()
+    if 'windows' in endpoint_os:
+        os_type = "Windows"
+    elif 'linux' in endpoint_os:
+        os_type = "Linux"
+    elif 'macos' in endpoint_os:
+        os_type = "Macos"
+    elif 'android' in endpoint_os:
+        os_type = "Android"
+    return os_type
+
+
+def generate_endpoint_by_contex_standard(endpoints, ip_as_string):
+    standard_endpoints = []
+    for single_endpoint in endpoints:
+        status = 'Online' if single_endpoint.get('endpoint_status') == 'connected' else 'Offline'
+        is_isolated = 'No' if 'unisolated' in single_endpoint.get('is_isolated', '').lower() else 'Yes'
+        hostname = single_endpoint['host_name'] if single_endpoint.get('host_name', '') else single_endpoint.get(
+            'endpoint_name')
+        ip = single_endpoint.get('ip')
+        # in the `xdr-get-endpoints` command the ip is returned as list, in order not to break bc we will keep it
+        # in the `endpoint` command we use the standard
+        if ip_as_string and isinstance(ip, list):
+            ip = ip[0]
+        os_type = convert_os_to_standard(single_endpoint.get('os_type', ''))
+        endpoint = Common.Endpoint(
+            id=single_endpoint.get('endpoint_id'),
+            hostname=hostname,
+            ip_address=ip,
+            os=os_type,
+            status=status,
+            is_isolated=is_isolated,
+            mac_address=single_endpoint.get('mac_address'),
+            domain=single_endpoint.get('domain'),
+            vendor=INTEGRATION_NAME)
+
+        standard_endpoints.append(endpoint)
+    return standard_endpoints
+
+
+def endpoint_command(client, args):
+    endpoint_id_list = argToList(args.get('id'))
+    endpoint_ip_list = argToList(args.get('ip'))
+    endpoint_hostname_list = argToList(args.get('hostname'))
+
+    endpoints = client.get_endpoints(
+        endpoint_id_list=endpoint_id_list,
+        ip_list=endpoint_ip_list,
+        hostname=endpoint_hostname_list,
+    )
+    standard_endpoints = generate_endpoint_by_contex_standard(endpoints, True)
+    command_results = []
+    if standard_endpoints:
+        for endpoint in standard_endpoints:
+            endpoint_context = endpoint.to_context().get(Common.Endpoint.CONTEXT_PATH)
+            hr = tableToMarkdown('Cortex XDR Endpoint', endpoint_context)
+
+            command_results.append(CommandResults(
+                readable_output=hr,
+                raw_response=endpoints,
+                indicator=endpoint
+            ))
+
+    else:
+        command_results.append(CommandResults(
+            readable_output="No endpoints were found",
+            raw_response=endpoints,
+        ))
+    return command_results
 
 
 def create_parsed_alert(product, vendor, local_ip, local_port, remote_ip, remote_port, event_timestamp, severity,
@@ -3297,6 +3365,9 @@ def main():
         elif demisto.command() == 'xdr-run-script-kill-process':
             return_results(run_script_kill_process_command(client, args))
 
+        elif demisto.command() == 'endpoint':
+            return_results(endpoint_command(client, args))
+
     except Exception as err:
         if demisto.command() == 'fetch-incidents':
             LOG(str(err))
 
@@ -40,7 +40,7 @@ configuration:
   name: timeout
   required: false
   type: 0
-- additionalinfo: The maximum number of incidents per fetch. cannot exceed 100.
+- additionalinfo: The maximum number of incidents per fetch. Cannot exceed 100.
   defaultvalue: '10'
   display: Maximum number of incidents per fetch
   name: max_fetch
@@ -73,7 +73,7 @@ configuration:
   required: false
   type: 8
 - additionalinfo: 'The statuses of the incidents that will be fetched. If no status
-    is provided then incidents of all the statuses will be fetched. Note: an incident
+    is provided then incidents of all the statuses will be fetched. Note: An incident
     whose status was changed to a filtered status after its creation time will not
     be fetched.'
   display: Incident Statuses to Fetch
@@ -1033,14 +1033,26 @@ script:
       description: The domain of the endpoint.
       type: String
     - contextPath: Endpoint.OS
-      description: Endpoint OS.
+      description: The endpoint's operation system.
       type: String
     - contextPath: Account.Username
       description: The username in the relevant system.
       type: String
     - contextPath: Account.Domain
       description: The domain of the account.
       type: String
+    - contextPath: Endpoint.Status
+      description: The endpoint's status.
+      type: String
+    - contextPath: Endpoint.IsIsolated
+      description: The endpoint's isolation status.
+      type: String
+    - contextPath: Endpoint.MACAddress
+      description: The endpoint's MAC address.
+      type: String
+    - contextPath: Endpoint.Vendor
+      description: The integration name of the endpoint vendor. 
+      type: String
   - deprecated: false
     description: Gets a list of all the agent versions to use for creating a distribution
       list.
@@ -2741,6 +2753,54 @@ script:
     - contextPath: PaloAltoNetworksXDR.ScriptRun.endpoints_count
       description: Number of endpoints the action was initiated on.
       type: Number
+  - arguments:
+    - default: false
+      description: The endpoint ID.
+      isArray: false
+      name: id
+      required: false
+      secret: false
+    - default: true
+      description: The endpoint IP address.
+      isArray: false
+      name: ip
+      required: false
+      secret: false
+    - default: false
+      description: The endpoint hostname.
+      isArray: false
+      name: hostname
+      required: false
+      secret: false
+    deprecated: false
+    description: Returns information about an endpoint.
+    execution: false
+    name: endpoint
+    outputs:
+    - contextPath: Endpoint.Hostname
+      description: The endpoint's hostname.
+      type: String
+    - contextPath: Endpoint.OS
+      description: The endpoint's operation system.
+      type: String
+    - contextPath: Endpoint.IPAddress
+      description: The endpoint's IP address.
+      type: String
+    - contextPath: Endpoint.ID
+      description: The endpoint's ID.
+      type: String
+    - contextPath: Endpoint.Status
+      description: The endpoint's status.
+      type: String
+    - contextPath: Endpoint.IsIsolated
+      description: The endpoint's isolation status.
+      type: String
+    - contextPath: Endpoint.MACAddress
+      description: The endpoint's MAC address.
+      type: String
+    - contextPath: Endpoint.Vendor
+      description: The integration name of the endpoint vendor.
+      type: String
   dockerimage: demisto/python3:3.9.4.18682
   feed: false
   isfetch: true
 
@@ -312,13 +312,38 @@ def test_get_all_endpoints_using_limit(requests_mock):
         'page': 0,
         'sort_order': 'asc'
     }
-
     _, outputs, _ = get_endpoints_command(client, args)
     expected_endpoint = get_endpoints_response.get('reply')[0]
 
     assert [expected_endpoint] == outputs['PaloAltoNetworksXDR.Endpoint(val.endpoint_id == obj.endpoint_id)']
 
 
+def test_endpoint_command(requests_mock):
+    from CortexXDRIR import endpoint_command, Client
+
+    get_endpoints_response = load_test_data('./test_data/get_endpoints.json')
+    requests_mock.post(f'{XDR_URL}/public_api/v1/endpoints/get_endpoint/', json=get_endpoints_response)
+
+    client = Client(
+        base_url=f'{XDR_URL}/public_api/v1', headers={}
+    )
+    args = {'id': 'identifier'}
+
+    outputs = endpoint_command(client, args)
+
+    get_endpoints_response = {
+        Common.Endpoint.CONTEXT_PATH: [{'ID': '1111',
+                                        'Hostname': 'ip-3.3.3.3',
+                                        'IPAddress': '3.3.3.3',
+                                        'OS': 'Linux',
+                                        'Vendor': 'Cortex XDR - IR',
+                                        'Status': 'Offline',
+                                        'IsIsolated': 'No'}]}
+
+    results = outputs[0].to_context()
+    assert results.get("EntryContext") == get_endpoints_response
+
+
 def test_insert_parsed_alert(requests_mock):
     from CortexXDRIR import insert_parsed_alert_command, Client