[ASM] - EXPANDER - 4378 - NotificationTicketType Input for ServiceNow (…

…#30732)

* [ASM] - EXPANDER - 4378 - NotificationTicketType Input for ServiceNow (#30322)

* Add NotificationTicketType input

* Update readme files

* Add Release Notes

* Update Release Notes

* update RN

* update RN

* update version

* update version to 1.7.11

---------

Co-authored-by: John <40349459+BigEasyJ@users.noreply.github.com>
Co-authored-by: ilappe <ilappe@paloaltonetworks.com>

Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert.yml

@@ -3141,6 +3141,9 @@ tasks:
       RemediationGuidance:
         complex:
           root: RemediationGuidance
+      NotificationTicketType:
+        complex:
+          root: inputs.NotificationTicketType
     separatecontext: true
     continueonerrortype: ""
     loop:
@@ -3242,6 +3245,12 @@ inputs:
   required: true
   description: Body of the notification (email or ticket) sent to potential service owner.
   playbookInputQuery:
+- key: NotificationTicketType
+  value:
+    simple: incident
+  required: true
+  description: The ticket type used by ticketing systems. The default is "incident" because ticketing systems such as ServiceNow and Cherwell use it as default.
+  playbookInputQuery:
 - key: RemediationNotificationSubject
   value:
     simple: |-

Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert_README.md

@@ -39,6 +39,7 @@ This playbook does not use any integrations.
 | --- | --- | --- | --- |
 | OwnerNotificationSubject | Subject of the notification \(email or ticket\) sent to potential service owner. | A new security risk was identified on an external service owned by your team | Required |
 | OwnerNotificationBody | Body of the notification \(email or ticket\) sent to potential service owner. | Infosec identified a security risk on an external service potentially owned by your team: ${alert.name}&lt;br&gt;&lt;br&gt;<br/><br/>Description: ${alert.details}<br/>&lt;br&gt;&lt;br&gt;<br/><br/> | Required |
+| NotificationTicketType | The ticket type used by ticketing systems. The default is "incident" because ticketing systems such as ServiceNow and Cherwell use it as default. | incident | Required |
 | RemediationNotificationSubject | Subject of the notification \(email or ticket\) sent to the service owner after remediation. | A new security risk was addressed on an external service owned by your team | Required |
 | RemediationNotificationHTMLBody | Body of the notification \(email or ticket\) sent to the service owner after remediation. | &lt;!DOCTYPE html&gt;<br/>&lt;html lang="en"&gt;<br/>&lt;body&gt;<br/>    &lt;p&gt;<br/>        Infosec identified a security risk on an external service potentially owned by your<br/>        team:&lt;br&gt;&lt;b&gt;${alert.name}&lt;/b&gt;<br/>    &lt;/p&gt;<br/>    &lt;p&gt;<br/>        &lt;b&gt;Alert Details:&lt;/b&gt; ${alert.details}&lt;br&gt;<br/>        &lt;b&gt;Action Taken:&lt;/b&gt; ${alert.asmremediation.[0].action}&lt;br&gt;<br/>        &lt;b&gt;Action Outcome:&lt;/b&gt; ${alert.asmremediation.[0].outcome}&lt;br&gt;<br/>    &lt;/p&gt;<br/>&lt;/body&gt;<br/>&lt;/html&gt; | Required |
 | BypassDevCheck | Determine whether to bypass the Dev Check in automated remediation criteria: <https://docs-cortex.paloaltonetworks.com/r/Cortex-XPANSE/Cortex-Xpanse-Expander-User-Guide/Automated-Remediation-Capabilities-Matrix><br/><br/>Set to "True" if you want to bypass.  Default is "False". | False | Optional |

Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ServiceNow_Notification.yml

@@ -112,6 +112,9 @@ tasks:
                 value:
                   simple: 'Cortex ASM Alert: '
               suffix: {}
+      ticket_type:
+        complex:
+          root: inputs.NotificationTicketType
     separatecontext: false
     continueonerrortype: ""
     view: |-
@@ -213,6 +216,10 @@ inputs:
   required: true
   description: Body of the notification (email or ticket) sent to the potential service owner.
   playbookInputQuery:
+- key: NotificationTicketType
+  value: {}
+  required: true
+  description: The ticket type used by ticketing systems. The default is "incident" because ticketing systems such as ServiceNow and Cherwell use it as default.
 - key: RemediationGuidance
   value: {}
   required: true

Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ServiceNow_Notification_README.md

@@ -23,6 +23,7 @@ servicenow-create-ticket
 | **Name** | **Description** | **Default Value** | **Required** |
 | --- | --- | --- | --- |
 | OwnerNotificationBody | Body of the notification \(email or ticket\) sent to the potential service owner. |  | Required |
+| NotificationTicketType | The ticket type used by ticketing systems. The default is "incident" because ticketing systems such as ServiceNow and Cherwell use it as default. |  | Required |
 | RemediationGuidance | Remediation Guidance of the Attack Surface Rule. |  | Required |
 
 ## Playbook Outputs

Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_11.md

@@ -0,0 +1,11 @@
+
+#### Playbooks
+
+##### Cortex ASM - ServiceNow Notification
+
+Updated the playbook to use the new parent playbook input, `NotificationTicketType`, for ServiceNow ticket type.
+
+
+##### Cortex ASM - ASM Alert
+
+Updated the playbook to include a new input, `NotificationTicketType`, primarily used for ServiceNow ticket type.

Packs/CortexAttackSurfaceManagement/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Cortex Attack Surface Management",
     "description": "Content for working with Attack Surface Management (ASM).",
     "support": "xsoar",
-    "currentVersion": "1.7.10",
+    "currentVersion": "1.7.11",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",