-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ipinfo.io - Added support to use API token for paid plans #1673
Conversation
Did you test it? I assume we don't have an instance. |
yes this is tested |
Integrations/integration-Ipinfo.yml
Outdated
@@ -32,7 +37,7 @@ script: | |||
} | |||
|
|||
var base = 'http://ipinfo.io/'; | |||
var jsonSuffix = '/json'; | |||
var jsonSuffix = '/json?token=' + params.token; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should it not be added to ipinfo_field
command endpoint URL as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, fixed
Integrations/integration-Ipinfo.yml
Outdated
@@ -50,7 +55,7 @@ script: | |||
} | |||
return reply; | |||
case 'ipinfo_field': | |||
return sendRequest(base+args.ip+'/'+args.field, false); | |||
return sendRequest(base+args.ip+'/'+args.field+'?token='+args.token, false); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no token
argument, should be params.token
.
Please create a global token
variable and use it in both URL addresses.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please change and check it works without the token as well
Integrations/integration-Ipinfo.yml
Outdated
@@ -32,7 +37,8 @@ script: | |||
} | |||
|
|||
var base = 'http://ipinfo.io/'; | |||
var jsonSuffix = '/json'; | |||
var token = params.token; | |||
var jsonSuffix = '/json?token=' + token; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you will have undefined there when no token
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you should use ternary condition here to just not add it (and the same below) when its not there
Integrations/integration-Ipinfo.yml
Outdated
@@ -37,8 +37,8 @@ script: | |||
} | |||
|
|||
var base = 'http://ipinfo.io/'; | |||
var token = params.token; | |||
var jsonSuffix = '/json?token=' + token; | |||
var token = params.token ? "?token=" + params.token : ""; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we use ' and not "
@omercnet your build is red, merge from master |
odd, it usually shows a button here in in the web UI to update from master.. will do it manually soon |
* Clear release notes (#1733) * clear rn * git hash * fix cylance test (#1740) - make the test run in sequance instead of parallel - command was failing because didnt found some threat * Farsight DNSDB - Added handling for 404 and 400 responses (#1675) * Added handling for 404 and 400 responses graceful handling of no inforamaion found condition Also improved humanreadable for results * fix commonfields fix commonfields * Added test plybook for DNSDB Farsight DNSDB test playbook * Remove special support for EWS (#1736) * Remove special support for EWS Remove special playbook for custom fields (Use "setIncident" instead) * Add release notes * CR fixes * move qualys test to nightly - it requires only single run of build in parallel (#1697) * add connections to canvas suggestions (#1729) * add connections to canvas suggestions * fix schema validation * Add vt connections (#1742) add VT connections * Ews untitled/empty attachments (#1728) * Fixed handling untitled/empty attachments * Added null checks for on attachment content. * Implemented workaround for exchangelib not handling empty file attachments (zero bytes) * Added empty attachment test playbook * Support for RedLock alerts (#1721) (#1738) * Support for RedLock alerts (#1721) * Support for RedLock alerts * Fixes issue with EWS Search and Delete (#1696) * Fixes issue with EWS Search and Delete * CR fixes * Fix typo and releaseNotes * Add Test playbook * Remove forward/ replay prefixes only from beginning of Subject * Update "Detonate File - Generic" (#1722) * Update "Detonate File - Generic" * Improve documentation * Add supported file types * Add support for updated Falcon integration * Add outputs description * Add output description * Remove auto-log from QRadarFullSearch (#1715) * Remove auto-log from QRadarFullSearch Was automatically printing logs to the war-room * Fix CR * CrowdStrike Falcon Sandbox enhancements and fixes (#1635) * Netskope integration test fix * CrowdStrike Falcon Sandbox enhancements and fixes * Made requested changes * add context canvas connections (#1718) * add context canvas connections * add schema validation * updated argument types (#1725) * Update playbook-RedLockTest.yml Fixed and rephrased some task names. * Added fetch-incidents * Splunkpy search (#1717) * add enhancement script for splunk search * add to indicator types SplunkSearchPy * use cmd only in depnds on * Reverted addition of threat-grid-detonate-file and threat-grid-url-to-file commands (#1726) * Update Intezer integration (#1727) * Update Intezer integration - Malicious should be added only for bad reputation hashes. * Update outputs * change the url for 'GET request test' task (#1731) * add command line output to cb defense (#1730) * remove minemeld for now (#1732) * remove minemeld for now * skip minemeld test * Fixed comments from code review * Update playbook-RedLockTest.yml Removed old command arguments from playbook tasks * Added RedLock test * Unskip Cybereason test (#1746) * remove releasenotes for SEPM14 (#1622) * remove releasenotes * Update integration-SymantecEndpointProtection.yml * ipinfo.io - Added support to use API token for paid plans (#1673) * Added support to use API token for paid plans * Add token to ipinfo_field command * token * only send token parameter if token is set * ' * Remove "command-timeout" command argument for 3.6.1 (#1749) * Removed argument "command-timeout" as this is replaced wtih the global argument with the same name and (effective) functionality. * Removed depracated argument * Renamed problematic argument instead of removing it. * Renamed problematic argument instead of removing it (in test playbook). * Rename integration-Carbon_Black_Enterprise_Live_Response_old.yml to integration-Carbon_Black_Enterprise_Live_Response_3.6.0.yml * Handle tanium/vmware timeout on errors issue (#1751) * handle errors from tanium integration * handle errors from vmware integration * unskip tests * vmware - verify logout is done even if there is an error * vmware - verify logout is done even if there is an error * added release notes * skip vmware test * Script helper python arg order fix (#1754) * fix arg order of args in pythoncommonserver doc * set automationOnly tag for commonServer commands using executeCommand * fix null argument descriptions in script helper * releasenotes * Fix circleci2 (#1759) * try fix curl bad characters * try fix curl bad characters * fix space * skip anomali test (#1763) * Hybrid Analysis Integration (#1745) * Hybrid Analysis Integration * fixed fromversion * Made requested changes * Single-setup adjustments (#1752) * Wildfire getReport bug fix (#1753) * getReport bug fix getReport bug fix * Added empty RN * Improved implementation * Cylance Protect v2 device data context path fix (#1661) * Cylance Protect v2 device data context path fix * Made requested changes * Made requested changes * Fixed test according to context changes * use the added command (#1761) * use the added command * deprecate * Postgres fix error (#1765) * fix error on no rows returned * test playbook * fix exception * Fixed move-between-mailboxes using impersonation (#1766) * Archer add fields checks and full results for get-records-by-report (#1744) * Archer add fields checks and full results for get-records-by-report * CR fixes * Access Investigation - Generic (#1760) * Access Investigation - Generic New playbooks: * Access Investigation - Generic * Access Investigation - QRadar Updated playbooks: * IP Enrichment - Generic New script: * IPToHost Updated script: * EmailAskUser * Add description * add description * Update task scheme * CR fixes * add systemAssociatedTypes (#1758) * Vulnerability Management - Nexpose: (#1762) * Vulnerability Management - Nexpose: New playbooks: * Vulnerability Handling - Nexpose * Vulnerability Management - Nexpose (Job) Updated playbooks: * Calculate Severity - Generic * Calculate Severity - 3rd-party integrations New scriptL * NexposeCreateIncidentsFromAssets * CR fixes * Add description * bug fix * Email sender in Python with embedded images (#1671) * Email sender in Python with embedded images * Added template variables in ugly way * Changed default value for sender address at email sender integration * removed empty lines at EOF * added Mail Sender (New) integration & playbook * added Mail Sender (New) integration & playbook * removed old integration file (difference only in name of integration) * changed email sender python (new) ID * fixed playbook trying to activate script by old name and failing * changed deletecontext script back to original * added google apps integration for mail sender (new) * Added newline support for base64 images in html * Fix missing release notes (#1767) * print commands outputs * check if files exist * refactor * print files * add prints * check if file is empty * grep error * update git hash * add missing rn * revert config.yml * remove prints * add missing space * removed palo alto from conf.json (#1771) * removed palo alto from conf.json * add running-playbooks widget (#1755) * add running-playbooks widget * Update widget-RunningPlaybooks.json * Crowdstrike falcon intel v2 support (#1768) * added crowdstrike intel test playbook + v2 indicator integration * fixed format (whitespace missing) * extended playbook cs-indicators * added test-module by version, more documentation * added releaseNotes to crowdstrike falcon intel * remove approve action from tanium playbook (#1769) * TruSTAR integration enhancements (#1772) * Enhanced Trustar integration (#1706) * Enhanced trustar integration * Enhanced trustar integration * Enhanced trustar integration * Revert "Enhanced trustar integration" This reverts commit c7aa5c9. * Enhanced trustar integration * Incorporated review comments for trustar integration * Incorporated review comment - added priority level in entry context * Added priority level to software indicator & in output parameter * Priority level key error handled for treding and search indicators command * Added RN * new widget should be predfined (#1773) * Recorded Future integration (#1764) * Recorded Future integration * Made requested changes * Skip Intezer test (#1777) * Add delay to intezer test playbook * Skip Intezer test * avoid error in domain format script (#1774) * AWS ec2 (#1770) * AWS EC2 Integration * add get-latest-ami outputs * added aws connection function * add test playbooks * fix test playbook location * Fix describe instances context issue * fix #12097 & describe instances tags output * fix #12097 for all aws integrations * Added new commands * added release notes * Nexpose enhancements (#1714) * paste * python * add commands * fix char * reports * scans, fixes * outputs, login, scan wait * test playbook * image * fixes #1 * rn, fixed playbook test * add report formats * fix test playbook * fix test playbook * fix test playbook * merge * add cve output, add raw outputs, search by multiple hosts & ips * Removed start-scan commands * Clear release notes (#1780) * Clear release notes * Update git hash * Add fromversion field to relevant playbooks * Added empty RN * Enable Intezer test (#1779) * spelling fixes (#1781) * fix wether to whether * relase notes * Moved qualys test to skipped due to expired account issues (#1783) currently fails content build nightly * Demisto REST API - new commands to upload and download files (#1748) * added multipart and download commands * added multipart and download commands * added multipart and download commands * added multipart and download commands * added multipart and download commands * added scripts to download logs bundle, and upload files to war room * Convert Incident fields to array (#1784) * convert to list * skip validate * add import json * use seek and truncate * revert config yml * Fix domain rep (#1785) * domain fix reputation * fix RN * fix RN * Crowdstrike falcon intel (#1790) * crowdstrike falcon intel change report id to retrieve due to size * updating default value of API version to 2.0 (#1782) * updating default value of API version to 2.0 1.6 is no longer available, 2.0 is the default version in the hosted environment * Clear release notes (#1789) * Clear release notes * Update git hash * Add fromversion field to relevant playbooks * Added empty RN * clear release notes after 18.7.1 release * update git hash * Replace demisto lock logo (#1792) * Updated integration name source (#1775) * Ews readable errors (#1788) * Changed default authentication method to "Basic" in accordance with instance defaults for office365. * Beautified error messages in test_module * Handled case where no error message is set * secureworks add default url -https://api.secureworks.com (#1798) * secureworks add default url -https://api.secureworks.com - fixes https://github.com/demisto/etc/issues/12378 * Update integration-SecureWorks.yml * fix ArcSight ESM addEntries (#1797) * fix ArcSight ESM addEntries - if entries had passed from context as JSON then we got exception * Update integration-ArcSightESM.yml * Added eventType fetch filter (#1796) * remove `runonce: true` from phish.ai (#1799) * remove `runonce: true` from phish.ai * add rn * scripts - deprecate checkwhitelist + add filterbywhite lists (#1708) * scripts - deprecate checkwhitelist + add filterbywhite lists * Change wording * add support for array input + change whitelist ot list * malicious ration reputation script (#1778) * malicious ration reputation script * change script logic to return score as reputation script & DBot score * disable TE test playbook (#1802) * disable TE test playbook * ignore right test * Top malicious ratio indicators (#1750) * Top malicious ratio indicators * Fix script schema validation * remove script schema validatiom * fix CR * add widget to display script results * add fromversion filter 0 malicious ratio * add widget from version * fix file format * Fix desc build (#1808) * adding RN * add desc * Replace integrations logos (#1807) * Replace integrations logos * Add release notes * Add release notes * Fixed logos * fix widget should be isPredefined (#1818) * fix widget should be isPredefined * Update widget-TopMaliciousRationIndicators.json * Validate widget isPredefined property is true (#1819) Output in case some widget has `isPredefined: false` ```bash Starting validate Widgets... Failed: Widgets/widget-IncidentInErrorNumber.json failed <SchemaError: error code 2: Schema validation failed: - Enum 'False' does not exist. Path: '/isPredefined'.: Path: '/'> Finished validate Widgets validate_files_structure.sh exiting with error ``` * Added traceback import (#1806) * Added traceback import * Moved redlock test to nightly (#1804) * check proxy parameter before client.connect() (#1824) * check proxy parameter before client.connect() Attempting to connect to the splunk server before checking for the proxy parameter causes a connection timeout if the splunk server is not accessible without using a proxy. * add release notes * Change the term investigation to incident in the layouts. (#1825) * FireEye URL submissions (#1743) (#1820) * FireEye URL submissions (#1743) * FireEye URL submissions Added functionality to submit URLs to FireEye and retrieve their status. Functions created are fe-submit-url and fe-submit-url-status * Modify integration description Modified integration description to aligh with naming standards and help user understand how certain parameters should be passed. * Reverted fe-submit and fe-submit-status back to original name Reverted fe-submit and fe-submit-status back to original name from fe-submit-file and fe-submit-status * deleting file that is not part of integration * Update integration-fireeye.yml * added predefined parameters for commands added predefined parameters for commands * Added release notes * Fixed Twilio test function (#1826) * Fixed Teilio test function Fixes https://github.com/demisto/etc/issues/12214 * CR fixes * Feature/widgets for engine and workers (#1689) * Widgets for engine and workers * Fixed unnamed attachments bug (#1822) * Fixed unnamed attachments bug. * Handled possible case where attachment name is not a string. * Corrected comparison method according to PEP-8 recommendation. * enable TE again (#1828) * add note to schema (#1830) * Passive Total - added proxy and insecure parameters (#1814) * added insecure and proxy settings * proxy defaults to true and insecure defaults to false * Fixed URL command, added IP and Domain * Added to release notes * add widget description (#1823) * Recorded Future bug fix (#1832) * Vulnerability Management issue fix (#1815) * RTIR integration (#1833) * RTIR Integration * add return_error function * added docstring * Updated the regex (#1801) (#1834) * Updated the regex (#1801) Updated the regex to properly pull the detection ID. Sometimes the detection ID changes in length, but it's always a number from 0-9 * add release notes * RTIR Spanish support (#1835) * RTIR integration spanish support * RTIR integration spanish support * prettify common server doc python error (#1836) * limit fetch incidents from netwitness (#1800) - fixes https://github.com/demisto/etc/issues/12195 * Update process email + phishing layout (#1813) * Update process email + phishing layout * And `HTML Rendered Image` MD field to phishing layout * Add Base64 output to the `rasterize-email` command * Update rasterized image to the Phishing summary page TODO: * Remove the HTML field mapping in the relevant integrations * Update incidentfields.json Change field name * Update layout-details-Phishing.json Change field name * Update playbook-Process_Email_-_Generic.yml change field name * Update playbook-Process_Email_-_Generic.yml big scheme issue * Update playbook-Process_Email_-_Generic.yml really fixing it * Update incidentfields.json typo fix * Add scheme * add missing tag * Add release notes * move note up (#1838) * Repopulate files (#1839) * Repopulate files adds the File context based on file entries * Removed some lines * Skipped redlock test (#1840) * Skipped redlock test * Removed duplicate test * Zoom support within Demisto (#1757) * Zoom support within Demisto * fix typo * - added test playbook to test zoom commands - added automation script to generate a random email * fixed 2 bugs in the zoom-fetch-recording: 1. Fetch recording didn't work because the wrong arg key was used (id instead of meeting_id) 2. Recording delete didn't work because params and headers weren't passed to the delete request * Updated zoom test playbook * changes requested in code review * changes requested in code review * Removed obsolete file that made tests fail * Added description to zoom integration * Handle tanium/vmware timeout on errors issue (#1751) * handle errors from tanium integration * handle errors from vmware integration * unskip tests * vmware - verify logout is done even if there is an error * vmware - verify logout is done even if there is an error * added release notes * skip vmware test * Script helper python arg order fix (#1754) * fix arg order of args in pythoncommonserver doc * set automationOnly tag for commonServer commands using executeCommand * fix null argument descriptions in script helper * releasenotes * Fix circleci2 (#1759) * try fix curl bad characters * try fix curl bad characters * fix space * skip anomali test (#1763) * Hybrid Analysis Integration (#1745) * Hybrid Analysis Integration * fixed fromversion * Made requested changes * Single-setup adjustments (#1752) * Wildfire getReport bug fix (#1753) * getReport bug fix getReport bug fix * Added empty RN * Improved implementation * Cylance Protect v2 device data context path fix (#1661) * Cylance Protect v2 device data context path fix * Made requested changes * Made requested changes * Fixed test according to context changes * use the added command (#1761) * use the added command * deprecate * Postgres fix error (#1765) * fix error on no rows returned * test playbook * fix exception * Fixed move-between-mailboxes using impersonation (#1766) * Archer add fields checks and full results for get-records-by-report (#1744) * Archer add fields checks and full results for get-records-by-report * CR fixes * Access Investigation - Generic (#1760) * Access Investigation - Generic New playbooks: * Access Investigation - Generic * Access Investigation - QRadar Updated playbooks: * IP Enrichment - Generic New script: * IPToHost Updated script: * EmailAskUser * Add description * add description * Update task scheme * CR fixes * add systemAssociatedTypes (#1758) * Vulnerability Management - Nexpose: (#1762) * Vulnerability Management - Nexpose: New playbooks: * Vulnerability Handling - Nexpose * Vulnerability Management - Nexpose (Job) Updated playbooks: * Calculate Severity - Generic * Calculate Severity - 3rd-party integrations New scriptL * NexposeCreateIncidentsFromAssets * CR fixes * Add description * bug fix * Email sender in Python with embedded images (#1671) * Email sender in Python with embedded images * Added template variables in ugly way * Changed default value for sender address at email sender integration * removed empty lines at EOF * added Mail Sender (New) integration & playbook * added Mail Sender (New) integration & playbook * removed old integration file (difference only in name of integration) * changed email sender python (new) ID * fixed playbook trying to activate script by old name and failing * changed deletecontext script back to original * added google apps integration for mail sender (new) * Added newline support for base64 images in html * Fix missing release notes (#1767) * print commands outputs * check if files exist * refactor * print files * add prints * check if file is empty * grep error * update git hash * add missing rn * revert config.yml * remove prints * add missing space * removed palo alto from conf.json (#1771) * removed palo alto from conf.json * add running-playbooks widget (#1755) * add running-playbooks widget * Update widget-RunningPlaybooks.json * Crowdstrike falcon intel v2 support (#1768) * added crowdstrike intel test playbook + v2 indicator integration * fixed format (whitespace missing) * extended playbook cs-indicators * added test-module by version, more documentation * added releaseNotes to crowdstrike falcon intel * remove approve action from tanium playbook (#1769) * TruSTAR integration enhancements (#1772) * Enhanced Trustar integration (#1706) * Enhanced trustar integration * Enhanced trustar integration * Enhanced trustar integration * Revert "Enhanced trustar integration" This reverts commit c7aa5c9. * Enhanced trustar integration * Incorporated review comments for trustar integration * Incorporated review comment - added priority level in entry context * Added priority level to software indicator & in output parameter * Priority level key error handled for treding and search indicators command * Added RN * new widget should be predfined (#1773) * Recorded Future integration (#1764) * Recorded Future integration * Made requested changes * Skip Intezer test (#1777) * Add delay to intezer test playbook * Skip Intezer test * avoid error in domain format script (#1774) * AWS ec2 (#1770) * AWS EC2 Integration * add get-latest-ami outputs * added aws connection function * add test playbooks * fix test playbook location * Fix describe instances context issue * fix #12097 & describe instances tags output * fix #12097 for all aws integrations * Added new commands * added release notes * Nexpose enhancements (#1714) * paste * python * add commands * fix char * reports * scans, fixes * outputs, login, scan wait * test playbook * image * fixes #1 * rn, fixed playbook test * add report formats * fix test playbook * fix test playbook * fix test playbook * merge * add cve output, add raw outputs, search by multiple hosts & ips * Removed start-scan commands * Clear release notes (#1780) * Clear release notes * Update git hash * Add fromversion field to relevant playbooks * Added empty RN * Enable Intezer test (#1779) * spelling fixes (#1781) * fix wether to whether * relase notes * Moved qualys test to skipped due to expired account issues (#1783) currently fails content build nightly * Demisto REST API - new commands to upload and download files (#1748) * added multipart and download commands * added multipart and download commands * added multipart and download commands * added multipart and download commands * added multipart and download commands * added scripts to download logs bundle, and upload files to war room * Convert Incident fields to array (#1784) * convert to list * skip validate * add import json * use seek and truncate * revert config yml * Fix domain rep (#1785) * domain fix reputation * fix RN * fix RN * Crowdstrike falcon intel (#1790) * crowdstrike falcon intel change report id to retrieve due to size * updating default value of API version to 2.0 (#1782) * updating default value of API version to 2.0 1.6 is no longer available, 2.0 is the default version in the hosted environment * Clear release notes (#1789) * Clear release notes * Update git hash * Add fromversion field to relevant playbooks * Added empty RN * clear release notes after 18.7.1 release * update git hash * Replace demisto lock logo (#1792) * Updated integration name source (#1775) * Ews readable errors (#1788) * Changed default authentication method to "Basic" in accordance with instance defaults for office365. * Beautified error messages in test_module * Handled case where no error message is set * secureworks add default url -https://api.secureworks.com (#1798) * secureworks add default url -https://api.secureworks.com - fixes https://github.com/demisto/etc/issues/12378 * Update integration-SecureWorks.yml * fix ArcSight ESM addEntries (#1797) * fix ArcSight ESM addEntries - if entries had passed from context as JSON then we got exception * Update integration-ArcSightESM.yml * Added eventType fetch filter (#1796) * remove `runonce: true` from phish.ai (#1799) * remove `runonce: true` from phish.ai * add rn * scripts - deprecate checkwhitelist + add filterbywhite lists (#1708) * scripts - deprecate checkwhitelist + add filterbywhite lists * Change wording * add support for array input + change whitelist ot list * malicious ration reputation script (#1778) * malicious ration reputation script * change script logic to return score as reputation script & DBot score * disable TE test playbook (#1802) * disable TE test playbook * ignore right test * Top malicious ratio indicators (#1750) * Top malicious ratio indicators * Fix script schema validation * remove script schema validatiom * fix CR * add widget to display script results * add fromversion filter 0 malicious ratio * add widget from version * fix file format * Fix desc build (#1808) * adding RN * add desc * Replace integrations logos (#1807) * Replace integrations logos * Add release notes * Add release notes * Fixed logos * fix widget should be isPredefined (#1818) * fix widget should be isPredefined * Update widget-TopMaliciousRationIndicators.json * Validate widget isPredefined property is true (#1819) Output in case some widget has `isPredefined: false` ```bash Starting validate Widgets... Failed: Widgets/widget-IncidentInErrorNumber.json failed <SchemaError: error code 2: Schema validation failed: - Enum 'False' does not exist. Path: '/isPredefined'.: Path: '/'> Finished validate Widgets validate_files_structure.sh exiting with error ``` * Added traceback import (#1806) * Added traceback import * Moved redlock test to nightly (#1804) * check proxy parameter before client.connect() (#1824) * check proxy parameter before client.connect() Attempting to connect to the splunk server before checking for the proxy parameter causes a connection timeout if the splunk server is not accessible without using a proxy. * add release notes * Change the term investigation to incident in the layouts. (#1825) * FireEye URL submissions (#1743) (#1820) * FireEye URL submissions (#1743) * FireEye URL submissions Added functionality to submit URLs to FireEye and retrieve their status. Functions created are fe-submit-url and fe-submit-url-status * Modify integration description Modified integration description to aligh with naming standards and help user understand how certain parameters should be passed. * Reverted fe-submit and fe-submit-status back to original name Reverted fe-submit and fe-submit-status back to original name from fe-submit-file and fe-submit-status * deleting file that is not part of integration * Update integration-fireeye.yml * added predefined parameters for commands added predefined parameters for commands * Added release notes * Fixed Twilio test function (#1826) * Fixed Teilio test function Fixes https://github.com/demisto/etc/issues/12214 * CR fixes * Feature/widgets for engine and workers (#1689) * Widgets for engine and workers * Fixed unnamed attachments bug (#1822) * Fixed unnamed attachments bug. * Handled possible case where attachment name is not a string. * Corrected comparison method according to PEP-8 recommendation. * enable TE again (#1828) * add note to schema (#1830) * Passive Total - added proxy and insecure parameters (#1814) * added insecure and proxy settings * proxy defaults to true and insecure defaults to false * Fixed URL command, added IP and Domain * Added to release notes * add widget description (#1823) * Recorded Future bug fix (#1832) * Vulnerability Management issue fix (#1815) * RTIR integration (#1833) * RTIR Integration * add return_error function * added docstring * Updated the regex (#1801) (#1834) * Updated the regex (#1801) Updated the regex to properly pull the detection ID. Sometimes the detection ID changes in length, but it's always a number from 0-9 * add release notes * RTIR Spanish support (#1835) * RTIR integration spanish support * RTIR integration spanish support * prettify common server doc python error (#1836) * limit fetch incidents from netwitness (#1800) - fixes https://github.com/demisto/etc/issues/12195 * Update process email + phishing layout (#1813) * Update process email + phishing layout * And `HTML Rendered Image` MD field to phishing layout * Add Base64 output to the `rasterize-email` command * Update rasterized image to the Phishing summary page TODO: * Remove the HTML field mapping in the relevant integrations * Update incidentfields.json Change field name * Update layout-details-Phishing.json Change field name * Update playbook-Process_Email_-_Generic.yml change field name * Update playbook-Process_Email_-_Generic.yml big scheme issue * Update playbook-Process_Email_-_Generic.yml really fixing it * Update incidentfields.json typo fix * Add scheme * add missing tag * Add release notes * move note up (#1838) * Repopulate files (#1839) * Repopulate files adds the File context based on file entries * Removed some lines * Skipped redlock test (#1840) * Skipped redlock test * Removed duplicate test * rebased master * Bug fix - Detonate playbooks (#1846) * Alien Vault OTX DBot Score removal (#1844) * Alien Vault OTX DBot Score removal * Removed AlienVault instance from tests and added VirusTotal * Parse email files enhancements (#1843) * Added support for "SMTP mail text, ASCII text" files. Fixed bug in email address extraction. * Added test case for multiline address * Fixed release note format * Fixed release note format * Created playbook-TestQradar (#1842) * Created playbook-TestQradar * 1. Updated Test playbooks id and version 2. Added QRadar to conf.json * Clear release notes (#1847) * Clear release notes * Update git hash * Add fromversion field to relevant playbooks * Added empty RN * clear release notes after 18.7.1 release * update git hash * 18.7.2 clear rn * 18.7.2 changed git hash * DeleteContext - added the ability to provide keys to keep (#1787) * added the ability to provide keys to keep * improving argument description * improving argument description * Demisto lock description fix and increase default timeout (#1849) * fixed description of param and argument * default timeout changed to 600 second (10 min) * default timeout changed to 600 second (10 min) * default timeout changed to 600 second (10 min) * enhance ExportToCSV script (#1669) * - add option to add csv headers as script argument - add parsing in case of string input * remove runonce * add newline at the end of file * add releaseNotes * add newline at the end of the file * handle array of strings * handle boolean and number values * modify to except more input types as valid inputs for csvArray * add release notes * add test playbook * fix scriptName reference * add test playbook * rn * versions * ES6 to ES5
* add etp integration * add outputs description * print response text and fix milliseconds when fetching * Fireeye etp integration fixes (#1853) * Clear release notes (#1733) * clear rn * git hash * fix cylance test (#1740) - make the test run in sequance instead of parallel - command was failing because didnt found some threat * Farsight DNSDB - Added handling for 404 and 400 responses (#1675) * Added handling for 404 and 400 responses graceful handling of no inforamaion found condition Also improved humanreadable for results * fix commonfields fix commonfields * Added test plybook for DNSDB Farsight DNSDB test playbook * Remove special support for EWS (#1736) * Remove special support for EWS Remove special playbook for custom fields (Use "setIncident" instead) * Add release notes * CR fixes * move qualys test to nightly - it requires only single run of build in parallel (#1697) * add connections to canvas suggestions (#1729) * add connections to canvas suggestions * fix schema validation * Add vt connections (#1742) add VT connections * Ews untitled/empty attachments (#1728) * Fixed handling untitled/empty attachments * Added null checks for on attachment content. * Implemented workaround for exchangelib not handling empty file attachments (zero bytes) * Added empty attachment test playbook * Support for RedLock alerts (#1721) (#1738) * Support for RedLock alerts (#1721) * Support for RedLock alerts * Fixes issue with EWS Search and Delete (#1696) * Fixes issue with EWS Search and Delete * CR fixes * Fix typo and releaseNotes * Add Test playbook * Remove forward/ replay prefixes only from beginning of Subject * Update "Detonate File - Generic" (#1722) * Update "Detonate File - Generic" * Improve documentation * Add supported file types * Add support for updated Falcon integration * Add outputs description * Add output description * Remove auto-log from QRadarFullSearch (#1715) * Remove auto-log from QRadarFullSearch Was automatically printing logs to the war-room * Fix CR * CrowdStrike Falcon Sandbox enhancements and fixes (#1635) * Netskope integration test fix * CrowdStrike Falcon Sandbox enhancements and fixes * Made requested changes * add context canvas connections (#1718) * add context canvas connections * add schema validation * updated argument types (#1725) * Update playbook-RedLockTest.yml Fixed and rephrased some task names. * Added fetch-incidents * Splunkpy search (#1717) * add enhancement script for splunk search * add to indicator types SplunkSearchPy * use cmd only in depnds on * Reverted addition of threat-grid-detonate-file and threat-grid-url-to-file commands (#1726) * Update Intezer integration (#1727) * Update Intezer integration - Malicious should be added only for bad reputation hashes. * Update outputs * change the url for 'GET request test' task (#1731) * add command line output to cb defense (#1730) * remove minemeld for now (#1732) * remove minemeld for now * skip minemeld test * Fixed comments from code review * Update playbook-RedLockTest.yml Removed old command arguments from playbook tasks * Added RedLock test * Unskip Cybereason test (#1746) * remove releasenotes for SEPM14 (#1622) * remove releasenotes * Update integration-SymantecEndpointProtection.yml * ipinfo.io - Added support to use API token for paid plans (#1673) * Added support to use API token for paid plans * Add token to ipinfo_field command * token * only send token parameter if token is set * ' * Remove "command-timeout" command argument for 3.6.1 (#1749) * Removed argument "command-timeout" as this is replaced wtih the global argument with the same name and (effective) functionality. * Removed depracated argument * Renamed problematic argument instead of removing it. * Renamed problematic argument instead of removing it (in test playbook). * Rename integration-Carbon_Black_Enterprise_Live_Response_old.yml to integration-Carbon_Black_Enterprise_Live_Response_3.6.0.yml * Handle tanium/vmware timeout on errors issue (#1751) * handle errors from tanium integration * handle errors from vmware integration * unskip tests * vmware - verify logout is done even if there is an error * vmware - verify logout is done even if there is an error * added release notes * skip vmware test * Script helper python arg order fix (#1754) * fix arg order of args in pythoncommonserver doc * set automationOnly tag for commonServer commands using executeCommand * fix null argument descriptions in script helper * releasenotes * Fix circleci2 (#1759) * try fix curl bad characters * try fix curl bad characters * fix space * skip anomali test (#1763) * Hybrid Analysis Integration (#1745) * Hybrid Analysis Integration * fixed fromversion * Made requested changes * Single-setup adjustments (#1752) * Wildfire getReport bug fix (#1753) * getReport bug fix getReport bug fix * Added empty RN * Improved implementation * Cylance Protect v2 device data context path fix (#1661) * Cylance Protect v2 device data context path fix * Made requested changes * Made requested changes * Fixed test according to context changes * use the added command (#1761) * use the added command * deprecate * Postgres fix error (#1765) * fix error on no rows returned * test playbook * fix exception * Fixed move-between-mailboxes using impersonation (#1766) * Archer add fields checks and full results for get-records-by-report (#1744) * Archer add fields checks and full results for get-records-by-report * CR fixes * Access Investigation - Generic (#1760) * Access Investigation - Generic New playbooks: * Access Investigation - Generic * Access Investigation - QRadar Updated playbooks: * IP Enrichment - Generic New script: * IPToHost Updated script: * EmailAskUser * Add description * add description * Update task scheme * CR fixes * add systemAssociatedTypes (#1758) * Vulnerability Management - Nexpose: (#1762) * Vulnerability Management - Nexpose: New playbooks: * Vulnerability Handling - Nexpose * Vulnerability Management - Nexpose (Job) Updated playbooks: * Calculate Severity - Generic * Calculate Severity - 3rd-party integrations New scriptL * NexposeCreateIncidentsFromAssets * CR fixes * Add description * bug fix * Email sender in Python with embedded images (#1671) * Email sender in Python with embedded images * Added template variables in ugly way * Changed default value for sender address at email sender integration * removed empty lines at EOF * added Mail Sender (New) integration & playbook * added Mail Sender (New) integration & playbook * removed old integration file (difference only in name of integration) * changed email sender python (new) ID * fixed playbook trying to activate script by old name and failing * changed deletecontext script back to original * added google apps integration for mail sender (new) * Added newline support for base64 images in html * Fix missing release notes (#1767) * print commands outputs * check if files exist * refactor * print files * add prints * check if file is empty * grep error * update git hash * add missing rn * revert config.yml * remove prints * add missing space * removed palo alto from conf.json (#1771) * removed palo alto from conf.json * add running-playbooks widget (#1755) * add running-playbooks widget * Update widget-RunningPlaybooks.json * Crowdstrike falcon intel v2 support (#1768) * added crowdstrike intel test playbook + v2 indicator integration * fixed format (whitespace missing) * extended playbook cs-indicators * added test-module by version, more documentation * added releaseNotes to crowdstrike falcon intel * remove approve action from tanium playbook (#1769) * TruSTAR integration enhancements (#1772) * Enhanced Trustar integration (#1706) * Enhanced trustar integration * Enhanced trustar integration * Enhanced trustar integration * Revert "Enhanced trustar integration" This reverts commit c7aa5c9. * Enhanced trustar integration * Incorporated review comments for trustar integration * Incorporated review comment - added priority level in entry context * Added priority level to software indicator & in output parameter * Priority level key error handled for treding and search indicators command * Added RN * new widget should be predfined (#1773) * Recorded Future integration (#1764) * Recorded Future integration * Made requested changes * Skip Intezer test (#1777) * Add delay to intezer test playbook * Skip Intezer test * avoid error in domain format script (#1774) * AWS ec2 (#1770) * AWS EC2 Integration * add get-latest-ami outputs * added aws connection function * add test playbooks * fix test playbook location * Fix describe instances context issue * fix #12097 & describe instances tags output * fix #12097 for all aws integrations * Added new commands * added release notes * Nexpose enhancements (#1714) * paste * python * add commands * fix char * reports * scans, fixes * outputs, login, scan wait * test playbook * image * fixes #1 * rn, fixed playbook test * add report formats * fix test playbook * fix test playbook * fix test playbook * merge * add cve output, add raw outputs, search by multiple hosts & ips * Removed start-scan commands * Clear release notes (#1780) * Clear release notes * Update git hash * Add fromversion field to relevant playbooks * Added empty RN * Enable Intezer test (#1779) * spelling fixes (#1781) * fix wether to whether * relase notes * Moved qualys test to skipped due to expired account issues (#1783) currently fails content build nightly * Demisto REST API - new commands to upload and download files (#1748) * added multipart and download commands * added multipart and download commands * added multipart and download commands * added multipart and download commands * added multipart and download commands * added scripts to download logs bundle, and upload files to war room * Convert Incident fields to array (#1784) * convert to list * skip validate * add import json * use seek and truncate * revert config yml * Fix domain rep (#1785) * domain fix reputation * fix RN * fix RN * Crowdstrike falcon intel (#1790) * crowdstrike falcon intel change report id to retrieve due to size * updating default value of API version to 2.0 (#1782) * updating default value of API version to 2.0 1.6 is no longer available, 2.0 is the default version in the hosted environment * Clear release notes (#1789) * Clear release notes * Update git hash * Add fromversion field to relevant playbooks * Added empty RN * clear release notes after 18.7.1 release * update git hash * Replace demisto lock logo (#1792) * Updated integration name source (#1775) * Ews readable errors (#1788) * Changed default authentication method to "Basic" in accordance with instance defaults for office365. * Beautified error messages in test_module * Handled case where no error message is set * secureworks add default url -https://api.secureworks.com (#1798) * secureworks add default url -https://api.secureworks.com - fixes https://github.com/demisto/etc/issues/12378 * Update integration-SecureWorks.yml * fix ArcSight ESM addEntries (#1797) * fix ArcSight ESM addEntries - if entries had passed from context as JSON then we got exception * Update integration-ArcSightESM.yml * Added eventType fetch filter (#1796) * remove `runonce: true` from phish.ai (#1799) * remove `runonce: true` from phish.ai * add rn * scripts - deprecate checkwhitelist + add filterbywhite lists (#1708) * scripts - deprecate checkwhitelist + add filterbywhite lists * Change wording * add support for array input + change whitelist ot list * malicious ration reputation script (#1778) * malicious ration reputation script * change script logic to return score as reputation script & DBot score * disable TE test playbook (#1802) * disable TE test playbook * ignore right test * Top malicious ratio indicators (#1750) * Top malicious ratio indicators * Fix script schema validation * remove script schema validatiom * fix CR * add widget to display script results * add fromversion filter 0 malicious ratio * add widget from version * fix file format * Fix desc build (#1808) * adding RN * add desc * Replace integrations logos (#1807) * Replace integrations logos * Add release notes * Add release notes * Fixed logos * fix widget should be isPredefined (#1818) * fix widget should be isPredefined * Update widget-TopMaliciousRationIndicators.json * Validate widget isPredefined property is true (#1819) Output in case some widget has `isPredefined: false` ```bash Starting validate Widgets... Failed: Widgets/widget-IncidentInErrorNumber.json failed <SchemaError: error code 2: Schema validation failed: - Enum 'False' does not exist. Path: '/isPredefined'.: Path: '/'> Finished validate Widgets validate_files_structure.sh exiting with error ``` * Added traceback import (#1806) * Added traceback import * Moved redlock test to nightly (#1804) * check proxy parameter before client.connect() (#1824) * check proxy parameter before client.connect() Attempting to connect to the splunk server before checking for the proxy parameter causes a connection timeout if the splunk server is not accessible without using a proxy. * add release notes * Change the term investigation to incident in the layouts. (#1825) * FireEye URL submissions (#1743) (#1820) * FireEye URL submissions (#1743) * FireEye URL submissions Added functionality to submit URLs to FireEye and retrieve their status. Functions created are fe-submit-url and fe-submit-url-status * Modify integration description Modified integration description to aligh with naming standards and help user understand how certain parameters should be passed. * Reverted fe-submit and fe-submit-status back to original name Reverted fe-submit and fe-submit-status back to original name from fe-submit-file and fe-submit-status * deleting file that is not part of integration * Update integration-fireeye.yml * added predefined parameters for commands added predefined parameters for commands * Added release notes * Fixed Twilio test function (#1826) * Fixed Teilio test function Fixes https://github.com/demisto/etc/issues/12214 * CR fixes * Feature/widgets for engine and workers (#1689) * Widgets for engine and workers * Fixed unnamed attachments bug (#1822) * Fixed unnamed attachments bug. * Handled possible case where attachment name is not a string. * Corrected comparison method according to PEP-8 recommendation. * enable TE again (#1828) * add note to schema (#1830) * Passive Total - added proxy and insecure parameters (#1814) * added insecure and proxy settings * proxy defaults to true and insecure defaults to false * Fixed URL command, added IP and Domain * Added to release notes * add widget description (#1823) * Recorded Future bug fix (#1832) * Vulnerability Management issue fix (#1815) * RTIR integration (#1833) * RTIR Integration * add return_error function * added docstring * Updated the regex (#1801) (#1834) * Updated the regex (#1801) Updated the regex to properly pull the detection ID. Sometimes the detection ID changes in length, but it's always a number from 0-9 * add release notes * RTIR Spanish support (#1835) * RTIR integration spanish support * RTIR integration spanish support * prettify common server doc python error (#1836) * limit fetch incidents from netwitness (#1800) - fixes https://github.com/demisto/etc/issues/12195 * Update process email + phishing layout (#1813) * Update process email + phishing layout * And `HTML Rendered Image` MD field to phishing layout * Add Base64 output to the `rasterize-email` command * Update rasterized image to the Phishing summary page TODO: * Remove the HTML field mapping in the relevant integrations * Update incidentfields.json Change field name * Update layout-details-Phishing.json Change field name * Update playbook-Process_Email_-_Generic.yml change field name * Update playbook-Process_Email_-_Generic.yml big scheme issue * Update playbook-Process_Email_-_Generic.yml really fixing it * Update incidentfields.json typo fix * Add scheme * add missing tag * Add release notes * move note up (#1838) * Repopulate files (#1839) * Repopulate files adds the File context based on file entries * Removed some lines * Skipped redlock test (#1840) * Skipped redlock test * Removed duplicate test * Zoom support within Demisto (#1757) * Zoom support within Demisto * fix typo * - added test playbook to test zoom commands - added automation script to generate a random email * fixed 2 bugs in the zoom-fetch-recording: 1. Fetch recording didn't work because the wrong arg key was used (id instead of meeting_id) 2. Recording delete didn't work because params and headers weren't passed to the delete request * Updated zoom test playbook * changes requested in code review * changes requested in code review * Removed obsolete file that made tests fail * Added description to zoom integration * Handle tanium/vmware timeout on errors issue (#1751) * handle errors from tanium integration * handle errors from vmware integration * unskip tests * vmware - verify logout is done even if there is an error * vmware - verify logout is done even if there is an error * added release notes * skip vmware test * Script helper python arg order fix (#1754) * fix arg order of args in pythoncommonserver doc * set automationOnly tag for commonServer commands using executeCommand * fix null argument descriptions in script helper * releasenotes * Fix circleci2 (#1759) * try fix curl bad characters * try fix curl bad characters * fix space * skip anomali test (#1763) * Hybrid Analysis Integration (#1745) * Hybrid Analysis Integration * fixed fromversion * Made requested changes * Single-setup adjustments (#1752) * Wildfire getReport bug fix (#1753) * getReport bug fix getReport bug fix * Added empty RN * Improved implementation * Cylance Protect v2 device data context path fix (#1661) * Cylance Protect v2 device data context path fix * Made requested changes * Made requested changes * Fixed test according to context changes * use the added command (#1761) * use the added command * deprecate * Postgres fix error (#1765) * fix error on no rows returned * test playbook * fix exception * Fixed move-between-mailboxes using impersonation (#1766) * Archer add fields checks and full results for get-records-by-report (#1744) * Archer add fields checks and full results for get-records-by-report * CR fixes * Access Investigation - Generic (#1760) * Access Investigation - Generic New playbooks: * Access Investigation - Generic * Access Investigation - QRadar Updated playbooks: * IP Enrichment - Generic New script: * IPToHost Updated script: * EmailAskUser * Add description * add description * Update task scheme * CR fixes * add systemAssociatedTypes (#1758) * Vulnerability Management - Nexpose: (#1762) * Vulnerability Management - Nexpose: New playbooks: * Vulnerability Handling - Nexpose * Vulnerability Management - Nexpose (Job) Updated playbooks: * Calculate Severity - Generic * Calculate Severity - 3rd-party integrations New scriptL * NexposeCreateIncidentsFromAssets * CR fixes * Add description * bug fix * Email sender in Python with embedded images (#1671) * Email sender in Python with embedded images * Added template variables in ugly way * Changed default value for sender address at email sender integration * removed empty lines at EOF * added Mail Sender (New) integration & playbook * added Mail Sender (New) integration & playbook * removed old integration file (difference only in name of integration) * changed email sender python (new) ID * fixed playbook trying to activate script by old name and failing * changed deletecontext script back to original * added google apps integration for mail sender (new) * Added newline support for base64 images in html * Fix missing release notes (#1767) * print commands outputs * check if files exist * refactor * print files * add prints * check if file is empty * grep error * update git hash * add missing rn * revert config.yml * remove prints * add missing space * removed palo alto from conf.json (#1771) * removed palo alto from conf.json * add running-playbooks widget (#1755) * add running-playbooks widget * Update widget-RunningPlaybooks.json * Crowdstrike falcon intel v2 support (#1768) * added crowdstrike intel test playbook + v2 indicator integration * fixed format (whitespace missing) * extended playbook cs-indicators * added test-module by version, more documentation * added releaseNotes to crowdstrike falcon intel * remove approve action from tanium playbook (#1769) * TruSTAR integration enhancements (#1772) * Enhanced Trustar integration (#1706) * Enhanced trustar integration * Enhanced trustar integration * Enhanced trustar integration * Revert "Enhanced trustar integration" This reverts commit c7aa5c9. * Enhanced trustar integration * Incorporated review comments for trustar integration * Incorporated review comment - added priority level in entry context * Added priority level to software indicator & in output parameter * Priority level key error handled for treding and search indicators command * Added RN * new widget should be predfined (#1773) * Recorded Future integration (#1764) * Recorded Future integration * Made requested changes * Skip Intezer test (#1777) * Add delay to intezer test playbook * Skip Intezer test * avoid error in domain format script (#1774) * AWS ec2 (#1770) * AWS EC2 Integration * add get-latest-ami outputs * added aws connection function * add test playbooks * fix test playbook location * Fix describe instances context issue * fix #12097 & describe instances tags output * fix #12097 for all aws integrations * Added new commands * added release notes * Nexpose enhancements (#1714) * paste * python * add commands * fix char * reports * scans, fixes * outputs, login, scan wait * test playbook * image * fixes #1 * rn, fixed playbook test * add report formats * fix test playbook * fix test playbook * fix test playbook * merge * add cve output, add raw outputs, search by multiple hosts & ips * Removed start-scan commands * Clear release notes (#1780) * Clear release notes * Update git hash * Add fromversion field to relevant playbooks * Added empty RN * Enable Intezer test (#1779) * spelling fixes (#1781) * fix wether to whether * relase notes * Moved qualys test to skipped due to expired account issues (#1783) currently fails content build nightly * Demisto REST API - new commands to upload and download files (#1748) * added multipart and download commands * added multipart and download commands * added multipart and download commands * added multipart and download commands * added multipart and download commands * added scripts to download logs bundle, and upload files to war room * Convert Incident fields to array (#1784) * convert to list * skip validate * add import json * use seek and truncate * revert config yml * Fix domain rep (#1785) * domain fix reputation * fix RN * fix RN * Crowdstrike falcon intel (#1790) * crowdstrike falcon intel change report id to retrieve due to size * updating default value of API version to 2.0 (#1782) * updating default value of API version to 2.0 1.6 is no longer available, 2.0 is the default version in the hosted environment * Clear release notes (#1789) * Clear release notes * Update git hash * Add fromversion field to relevant playbooks * Added empty RN * clear release notes after 18.7.1 release * update git hash * Replace demisto lock logo (#1792) * Updated integration name source (#1775) * Ews readable errors (#1788) * Changed default authentication method to "Basic" in accordance with instance defaults for office365. * Beautified error messages in test_module * Handled case where no error message is set * secureworks add default url -https://api.secureworks.com (#1798) * secureworks add default url -https://api.secureworks.com - fixes https://github.com/demisto/etc/issues/12378 * Update integration-SecureWorks.yml * fix ArcSight ESM addEntries (#1797) * fix ArcSight ESM addEntries - if entries had passed from context as JSON then we got exception * Update integration-ArcSightESM.yml * Added eventType fetch filter (#1796) * remove `runonce: true` from phish.ai (#1799) * remove `runonce: true` from phish.ai * add rn * scripts - deprecate checkwhitelist + add filterbywhite lists (#1708) * scripts - deprecate checkwhitelist + add filterbywhite lists * Change wording * add support for array input + change whitelist ot list * malicious ration reputation script (#1778) * malicious ration reputation script * change script logic to return score as reputation script & DBot score * disable TE test playbook (#1802) * disable TE test playbook * ignore right test * Top malicious ratio indicators (#1750) * Top malicious ratio indicators * Fix script schema validation * remove script schema validatiom * fix CR * add widget to display script results * add fromversion filter 0 malicious ratio * add widget from version * fix file format * Fix desc build (#1808) * adding RN * add desc * Replace integrations logos (#1807) * Replace integrations logos * Add release notes * Add release notes * Fixed logos * fix widget should be isPredefined (#1818) * fix widget should be isPredefined * Update widget-TopMaliciousRationIndicators.json * Validate widget isPredefined property is true (#1819) Output in case some widget has `isPredefined: false` ```bash Starting validate Widgets... Failed: Widgets/widget-IncidentInErrorNumber.json failed <SchemaError: error code 2: Schema validation failed: - Enum 'False' does not exist. Path: '/isPredefined'.: Path: '/'> Finished validate Widgets validate_files_structure.sh exiting with error ``` * Added traceback import (#1806) * Added traceback import * Moved redlock test to nightly (#1804) * check proxy parameter before client.connect() (#1824) * check proxy parameter before client.connect() Attempting to connect to the splunk server before checking for the proxy parameter causes a connection timeout if the splunk server is not accessible without using a proxy. * add release notes * Change the term investigation to incident in the layouts. (#1825) * FireEye URL submissions (#1743) (#1820) * FireEye URL submissions (#1743) * FireEye URL submissions Added functionality to submit URLs to FireEye and retrieve their status. Functions created are fe-submit-url and fe-submit-url-status * Modify integration description Modified integration description to aligh with naming standards and help user understand how certain parameters should be passed. * Reverted fe-submit and fe-submit-status back to original name Reverted fe-submit and fe-submit-status back to original name from fe-submit-file and fe-submit-status * deleting file that is not part of integration * Update integration-fireeye.yml * added predefined parameters for commands added predefined parameters for commands * Added release notes * Fixed Twilio test function (#1826) * Fixed Teilio test function Fixes https://github.com/demisto/etc/issues/12214 * CR fixes * Feature/widgets for engine and workers (#1689) * Widgets for engine and workers * Fixed unnamed attachments bug (#1822) * Fixed unnamed attachments bug. * Handled possible case where attachment name is not a string. * Corrected comparison method according to PEP-8 recommendation. * enable TE again (#1828) * add note to schema (#1830) * Passive Total - added proxy and insecure parameters (#1814) * added insecure and proxy settings * proxy defaults to true and insecure defaults to false * Fixed URL command, added IP and Domain * Added to release notes * add widget description (#1823) * Recorded Future bug fix (#1832) * Vulnerability Management issue fix (#1815) * RTIR integration (#1833) * RTIR Integration * add return_error function * added docstring * Updated the regex (#1801) (#1834) * Updated the regex (#1801) Updated the regex to properly pull the detection ID. Sometimes the detection ID changes in length, but it's always a number from 0-9 * add release notes * RTIR Spanish support (#1835) * RTIR integration spanish support * RTIR integration spanish support * prettify common server doc python error (#1836) * limit fetch incidents from netwitness (#1800) - fixes https://github.com/demisto/etc/issues/12195 * Update process email + phishing layout (#1813) * Update process email + phishing layout * And `HTML Rendered Image` MD field to phishing layout * Add Base64 output to the `rasterize-email` command * Update rasterized image to the Phishing summary page TODO: * Remove the HTML field mapping in the relevant integrations * Update incidentfields.json Change field name * Update layout-details-Phishing.json Change field name * Update playbook-Process_Email_-_Generic.yml change field name * Update playbook-Process_Email_-_Generic.yml big scheme issue * Update playbook-Process_Email_-_Generic.yml really fixing it * Update incidentfields.json typo fix * Add scheme * add missing tag * Add release notes * move note up (#1838) * Repopulate files (#1839) * Repopulate files adds the File context based on file entries * Removed some lines * Skipped redlock test (#1840) * Skipped redlock test * Removed duplicate test * rebased master * Bug fix - Detonate playbooks (#1846) * Alien Vault OTX DBot Score removal (#1844) * Alien Vault OTX DBot Score removal * Removed AlienVault instance from tests and added VirusTotal * Parse email files enhancements (#1843) * Added support for "SMTP mail text, ASCII text" files. Fixed bug in email address extraction. * Added test case for multiline address * Fixed release note format * Fixed release note format * Created playbook-TestQradar (#1842) * Created playbook-TestQradar * 1. Updated Test playbooks id and version 2. Added QRadar to conf.json * Clear release notes (#1847) * Clear release notes * Update git hash * Add fromversion field to relevant playbooks * Added empty RN * clear release notes after 18.7.1 release * update git hash * 18.7.2 clear rn * 18.7.2 changed git hash * DeleteContext - added the ability to provide keys to keep (#1787) * added the ability to provide keys to keep * improving argument description * improving argument description * Demisto lock description fix and increase default timeout (#1849) * fixed description of param and argument * default timeout changed to 600 second (10 min) * default timeout changed to 600 second (10 min) * default timeout changed to 600 second (10 min) * enhance ExportToCSV script (#1669) * - add option to add csv headers as script argument - add parsing in case of string input * remove runonce * add newline at the end of file * add releaseNotes * add newline at the end of the file * handle array of strings * handle boolean and number values * modify to except more input types as valid inputs for csvArray * add release notes * add test playbook * fix scriptName reference * add test playbook * rn * versions * ES6 to ES5 * added usage of return_error_and_exit in http_request * Update integration-FireEye_ETP.yml * fixed time formatting for last_run * change fetch incidents to poll alerts * Update integration-SplunkPy.yml * fix diff * add last alert creation time stamp to last run, to prevent duplicate incidents
* Added support to use API token for paid plans * Add token to ipinfo_field command * token * only send token parameter if token is set * '
* add etp integration * add outputs description * print response text and fix milliseconds when fetching * Fireeye etp integration fixes (#1853) * Clear release notes (#1733) * clear rn * git hash * fix cylance test (#1740) - make the test run in sequance instead of parallel - command was failing because didnt found some threat * Farsight DNSDB - Added handling for 404 and 400 responses (#1675) * Added handling for 404 and 400 responses graceful handling of no inforamaion found condition Also improved humanreadable for results * fix commonfields fix commonfields * Added test plybook for DNSDB Farsight DNSDB test playbook * Remove special support for EWS (#1736) * Remove special support for EWS Remove special playbook for custom fields (Use "setIncident" instead) * Add release notes * CR fixes * move qualys test to nightly - it requires only single run of build in parallel (#1697) * add connections to canvas suggestions (#1729) * add connections to canvas suggestions * fix schema validation * Add vt connections (#1742) add VT connections * Ews untitled/empty attachments (#1728) * Fixed handling untitled/empty attachments * Added null checks for on attachment content. * Implemented workaround for exchangelib not handling empty file attachments (zero bytes) * Added empty attachment test playbook * Support for RedLock alerts (#1721) (#1738) * Support for RedLock alerts (#1721) * Support for RedLock alerts * Fixes issue with EWS Search and Delete (#1696) * Fixes issue with EWS Search and Delete * CR fixes * Fix typo and releaseNotes * Add Test playbook * Remove forward/ replay prefixes only from beginning of Subject * Update "Detonate File - Generic" (#1722) * Update "Detonate File - Generic" * Improve documentation * Add supported file types * Add support for updated Falcon integration * Add outputs description * Add output description * Remove auto-log from QRadarFullSearch (#1715) * Remove auto-log from QRadarFullSearch Was automatically printing logs to the war-room * Fix CR * CrowdStrike Falcon Sandbox enhancements and fixes (#1635) * Netskope integration test fix * CrowdStrike Falcon Sandbox enhancements and fixes * Made requested changes * add context canvas connections (#1718) * add context canvas connections * add schema validation * updated argument types (#1725) * Update playbook-RedLockTest.yml Fixed and rephrased some task names. * Added fetch-incidents * Splunkpy search (#1717) * add enhancement script for splunk search * add to indicator types SplunkSearchPy * use cmd only in depnds on * Reverted addition of threat-grid-detonate-file and threat-grid-url-to-file commands (#1726) * Update Intezer integration (#1727) * Update Intezer integration - Malicious should be added only for bad reputation hashes. * Update outputs * change the url for 'GET request test' task (#1731) * add command line output to cb defense (#1730) * remove minemeld for now (#1732) * remove minemeld for now * skip minemeld test * Fixed comments from code review * Update playbook-RedLockTest.yml Removed old command arguments from playbook tasks * Added RedLock test * Unskip Cybereason test (#1746) * remove releasenotes for SEPM14 (#1622) * remove releasenotes * Update integration-SymantecEndpointProtection.yml * ipinfo.io - Added support to use API token for paid plans (#1673) * Added support to use API token for paid plans * Add token to ipinfo_field command * token * only send token parameter if token is set * ' * Remove "command-timeout" command argument for 3.6.1 (#1749) * Removed argument "command-timeout" as this is replaced wtih the global argument with the same name and (effective) functionality. * Removed depracated argument * Renamed problematic argument instead of removing it. * Renamed problematic argument instead of removing it (in test playbook). * Rename integration-Carbon_Black_Enterprise_Live_Response_old.yml to integration-Carbon_Black_Enterprise_Live_Response_3.6.0.yml * Handle tanium/vmware timeout on errors issue (#1751) * handle errors from tanium integration * handle errors from vmware integration * unskip tests * vmware - verify logout is done even if there is an error * vmware - verify logout is done even if there is an error * added release notes * skip vmware test * Script helper python arg order fix (#1754) * fix arg order of args in pythoncommonserver doc * set automationOnly tag for commonServer commands using executeCommand * fix null argument descriptions in script helper * releasenotes * Fix circleci2 (#1759) * try fix curl bad characters * try fix curl bad characters * fix space * skip anomali test (#1763) * Hybrid Analysis Integration (#1745) * Hybrid Analysis Integration * fixed fromversion * Made requested changes * Single-setup adjustments (#1752) * Wildfire getReport bug fix (#1753) * getReport bug fix getReport bug fix * Added empty RN * Improved implementation * Cylance Protect v2 device data context path fix (#1661) * Cylance Protect v2 device data context path fix * Made requested changes * Made requested changes * Fixed test according to context changes * use the added command (#1761) * use the added command * deprecate * Postgres fix error (#1765) * fix error on no rows returned * test playbook * fix exception * Fixed move-between-mailboxes using impersonation (#1766) * Archer add fields checks and full results for get-records-by-report (#1744) * Archer add fields checks and full results for get-records-by-report * CR fixes * Access Investigation - Generic (#1760) * Access Investigation - Generic New playbooks: * Access Investigation - Generic * Access Investigation - QRadar Updated playbooks: * IP Enrichment - Generic New script: * IPToHost Updated script: * EmailAskUser * Add description * add description * Update task scheme * CR fixes * add systemAssociatedTypes (#1758) * Vulnerability Management - Nexpose: (#1762) * Vulnerability Management - Nexpose: New playbooks: * Vulnerability Handling - Nexpose * Vulnerability Management - Nexpose (Job) Updated playbooks: * Calculate Severity - Generic * Calculate Severity - 3rd-party integrations New scriptL * NexposeCreateIncidentsFromAssets * CR fixes * Add description * bug fix * Email sender in Python with embedded images (#1671) * Email sender in Python with embedded images * Added template variables in ugly way * Changed default value for sender address at email sender integration * removed empty lines at EOF * added Mail Sender (New) integration & playbook * added Mail Sender (New) integration & playbook * removed old integration file (difference only in name of integration) * changed email sender python (new) ID * fixed playbook trying to activate script by old name and failing * changed deletecontext script back to original * added google apps integration for mail sender (new) * Added newline support for base64 images in html * Fix missing release notes (#1767) * print commands outputs * check if files exist * refactor * print files * add prints * check if file is empty * grep error * update git hash * add missing rn * revert config.yml * remove prints * add missing space * removed palo alto from conf.json (#1771) * removed palo alto from conf.json * add running-playbooks widget (#1755) * add running-playbooks widget * Update widget-RunningPlaybooks.json * Crowdstrike falcon intel v2 support (#1768) * added crowdstrike intel test playbook + v2 indicator integration * fixed format (whitespace missing) * extended playbook cs-indicators * added test-module by version, more documentation * added releaseNotes to crowdstrike falcon intel * remove approve action from tanium playbook (#1769) * TruSTAR integration enhancements (#1772) * Enhanced Trustar integration (#1706) * Enhanced trustar integration * Enhanced trustar integration * Enhanced trustar integration * Revert "Enhanced trustar integration" This reverts commit c7aa5c9. * Enhanced trustar integration * Incorporated review comments for trustar integration * Incorporated review comment - added priority level in entry context * Added priority level to software indicator & in output parameter * Priority level key error handled for treding and search indicators command * Added RN * new widget should be predfined (#1773) * Recorded Future integration (#1764) * Recorded Future integration * Made requested changes * Skip Intezer test (#1777) * Add delay to intezer test playbook * Skip Intezer test * avoid error in domain format script (#1774) * AWS ec2 (#1770) * AWS EC2 Integration * add get-latest-ami outputs * added aws connection function * add test playbooks * fix test playbook location * Fix describe instances context issue * fix #12097 & describe instances tags output * fix #12097 for all aws integrations * Added new commands * added release notes * Nexpose enhancements (#1714) * paste * python * add commands * fix char * reports * scans, fixes * outputs, login, scan wait * test playbook * image * fixes #1 * rn, fixed playbook test * add report formats * fix test playbook * fix test playbook * fix test playbook * merge * add cve output, add raw outputs, search by multiple hosts & ips * Removed start-scan commands * Clear release notes (#1780) * Clear release notes * Update git hash * Add fromversion field to relevant playbooks * Added empty RN * Enable Intezer test (#1779) * spelling fixes (#1781) * fix wether to whether * relase notes * Moved qualys test to skipped due to expired account issues (#1783) currently fails content build nightly * Demisto REST API - new commands to upload and download files (#1748) * added multipart and download commands * added multipart and download commands * added multipart and download commands * added multipart and download commands * added multipart and download commands * added scripts to download logs bundle, and upload files to war room * Convert Incident fields to array (#1784) * convert to list * skip validate * add import json * use seek and truncate * revert config yml * Fix domain rep (#1785) * domain fix reputation * fix RN * fix RN * Crowdstrike falcon intel (#1790) * crowdstrike falcon intel change report id to retrieve due to size * updating default value of API version to 2.0 (#1782) * updating default value of API version to 2.0 1.6 is no longer available, 2.0 is the default version in the hosted environment * Clear release notes (#1789) * Clear release notes * Update git hash * Add fromversion field to relevant playbooks * Added empty RN * clear release notes after 18.7.1 release * update git hash * Replace demisto lock logo (#1792) * Updated integration name source (#1775) * Ews readable errors (#1788) * Changed default authentication method to "Basic" in accordance with instance defaults for office365. * Beautified error messages in test_module * Handled case where no error message is set * secureworks add default url -https://api.secureworks.com (#1798) * secureworks add default url -https://api.secureworks.com - fixes https://github.com/demisto/etc/issues/12378 * Update integration-SecureWorks.yml * fix ArcSight ESM addEntries (#1797) * fix ArcSight ESM addEntries - if entries had passed from context as JSON then we got exception * Update integration-ArcSightESM.yml * Added eventType fetch filter (#1796) * remove `runonce: true` from phish.ai (#1799) * remove `runonce: true` from phish.ai * add rn * scripts - deprecate checkwhitelist + add filterbywhite lists (#1708) * scripts - deprecate checkwhitelist + add filterbywhite lists * Change wording * add support for array input + change whitelist ot list * malicious ration reputation script (#1778) * malicious ration reputation script * change script logic to return score as reputation script & DBot score * disable TE test playbook (#1802) * disable TE test playbook * ignore right test * Top malicious ratio indicators (#1750) * Top malicious ratio indicators * Fix script schema validation * remove script schema validatiom * fix CR * add widget to display script results * add fromversion filter 0 malicious ratio * add widget from version * fix file format * Fix desc build (#1808) * adding RN * add desc * Replace integrations logos (#1807) * Replace integrations logos * Add release notes * Add release notes * Fixed logos * fix widget should be isPredefined (#1818) * fix widget should be isPredefined * Update widget-TopMaliciousRationIndicators.json * Validate widget isPredefined property is true (#1819) Output in case some widget has `isPredefined: false` ```bash Starting validate Widgets... Failed: Widgets/widget-IncidentInErrorNumber.json failed <SchemaError: error code 2: Schema validation failed: - Enum 'False' does not exist. Path: '/isPredefined'.: Path: '/'> Finished validate Widgets validate_files_structure.sh exiting with error ``` * Added traceback import (#1806) * Added traceback import * Moved redlock test to nightly (#1804) * check proxy parameter before client.connect() (#1824) * check proxy parameter before client.connect() Attempting to connect to the splunk server before checking for the proxy parameter causes a connection timeout if the splunk server is not accessible without using a proxy. * add release notes * Change the term investigation to incident in the layouts. (#1825) * FireEye URL submissions (#1743) (#1820) * FireEye URL submissions (#1743) * FireEye URL submissions Added functionality to submit URLs to FireEye and retrieve their status. Functions created are fe-submit-url and fe-submit-url-status * Modify integration description Modified integration description to aligh with naming standards and help user understand how certain parameters should be passed. * Reverted fe-submit and fe-submit-status back to original name Reverted fe-submit and fe-submit-status back to original name from fe-submit-file and fe-submit-status * deleting file that is not part of integration * Update integration-fireeye.yml * added predefined parameters for commands added predefined parameters for commands * Added release notes * Fixed Twilio test function (#1826) * Fixed Teilio test function Fixes https://github.com/demisto/etc/issues/12214 * CR fixes * Feature/widgets for engine and workers (#1689) * Widgets for engine and workers * Fixed unnamed attachments bug (#1822) * Fixed unnamed attachments bug. * Handled possible case where attachment name is not a string. * Corrected comparison method according to PEP-8 recommendation. * enable TE again (#1828) * add note to schema (#1830) * Passive Total - added proxy and insecure parameters (#1814) * added insecure and proxy settings * proxy defaults to true and insecure defaults to false * Fixed URL command, added IP and Domain * Added to release notes * add widget description (#1823) * Recorded Future bug fix (#1832) * Vulnerability Management issue fix (#1815) * RTIR integration (#1833) * RTIR Integration * add return_error function * added docstring * Updated the regex (#1801) (#1834) * Updated the regex (#1801) Updated the regex to properly pull the detection ID. Sometimes the detection ID changes in length, but it's always a number from 0-9 * add release notes * RTIR Spanish support (#1835) * RTIR integration spanish support * RTIR integration spanish support * prettify common server doc python error (#1836) * limit fetch incidents from netwitness (#1800) - fixes https://github.com/demisto/etc/issues/12195 * Update process email + phishing layout (#1813) * Update process email + phishing layout * And `HTML Rendered Image` MD field to phishing layout * Add Base64 output to the `rasterize-email` command * Update rasterized image to the Phishing summary page TODO: * Remove the HTML field mapping in the relevant integrations * Update incidentfields.json Change field name * Update layout-details-Phishing.json Change field name * Update playbook-Process_Email_-_Generic.yml change field name * Update playbook-Process_Email_-_Generic.yml big scheme issue * Update playbook-Process_Email_-_Generic.yml really fixing it * Update incidentfields.json typo fix * Add scheme * add missing tag * Add release notes * move note up (#1838) * Repopulate files (#1839) * Repopulate files adds the File context based on file entries * Removed some lines * Skipped redlock test (#1840) * Skipped redlock test * Removed duplicate test * Zoom support within Demisto (#1757) * Zoom support within Demisto * fix typo * - added test playbook to test zoom commands - added automation script to generate a random email * fixed 2 bugs in the zoom-fetch-recording: 1. Fetch recording didn't work because the wrong arg key was used (id instead of meeting_id) 2. Recording delete didn't work because params and headers weren't passed to the delete request * Updated zoom test playbook * changes requested in code review * changes requested in code review * Removed obsolete file that made tests fail * Added description to zoom integration * Handle tanium/vmware timeout on errors issue (#1751) * handle errors from tanium integration * handle errors from vmware integration * unskip tests * vmware - verify logout is done even if there is an error * vmware - verify logout is done even if there is an error * added release notes * skip vmware test * Script helper python arg order fix (#1754) * fix arg order of args in pythoncommonserver doc * set automationOnly tag for commonServer commands using executeCommand * fix null argument descriptions in script helper * releasenotes * Fix circleci2 (#1759) * try fix curl bad characters * try fix curl bad characters * fix space * skip anomali test (#1763) * Hybrid Analysis Integration (#1745) * Hybrid Analysis Integration * fixed fromversion * Made requested changes * Single-setup adjustments (#1752) * Wildfire getReport bug fix (#1753) * getReport bug fix getReport bug fix * Added empty RN * Improved implementation * Cylance Protect v2 device data context path fix (#1661) * Cylance Protect v2 device data context path fix * Made requested changes * Made requested changes * Fixed test according to context changes * use the added command (#1761) * use the added command * deprecate * Postgres fix error (#1765) * fix error on no rows returned * test playbook * fix exception * Fixed move-between-mailboxes using impersonation (#1766) * Archer add fields checks and full results for get-records-by-report (#1744) * Archer add fields checks and full results for get-records-by-report * CR fixes * Access Investigation - Generic (#1760) * Access Investigation - Generic New playbooks: * Access Investigation - Generic * Access Investigation - QRadar Updated playbooks: * IP Enrichment - Generic New script: * IPToHost Updated script: * EmailAskUser * Add description * add description * Update task scheme * CR fixes * add systemAssociatedTypes (#1758) * Vulnerability Management - Nexpose: (#1762) * Vulnerability Management - Nexpose: New playbooks: * Vulnerability Handling - Nexpose * Vulnerability Management - Nexpose (Job) Updated playbooks: * Calculate Severity - Generic * Calculate Severity - 3rd-party integrations New scriptL * NexposeCreateIncidentsFromAssets * CR fixes * Add description * bug fix * Email sender in Python with embedded images (#1671) * Email sender in Python with embedded images * Added template variables in ugly way * Changed default value for sender address at email sender integration * removed empty lines at EOF * added Mail Sender (New) integration & playbook * added Mail Sender (New) integration & playbook * removed old integration file (difference only in name of integration) * changed email sender python (new) ID * fixed playbook trying to activate script by old name and failing * changed deletecontext script back to original * added google apps integration for mail sender (new) * Added newline support for base64 images in html * Fix missing release notes (#1767) * print commands outputs * check if files exist * refactor * print files * add prints * check if file is empty * grep error * update git hash * add missing rn * revert config.yml * remove prints * add missing space * removed palo alto from conf.json (#1771) * removed palo alto from conf.json * add running-playbooks widget (#1755) * add running-playbooks widget * Update widget-RunningPlaybooks.json * Crowdstrike falcon intel v2 support (#1768) * added crowdstrike intel test playbook + v2 indicator integration * fixed format (whitespace missing) * extended playbook cs-indicators * added test-module by version, more documentation * added releaseNotes to crowdstrike falcon intel * remove approve action from tanium playbook (#1769) * TruSTAR integration enhancements (#1772) * Enhanced Trustar integration (#1706) * Enhanced trustar integration * Enhanced trustar integration * Enhanced trustar integration * Revert "Enhanced trustar integration" This reverts commit c7aa5c9. * Enhanced trustar integration * Incorporated review comments for trustar integration * Incorporated review comment - added priority level in entry context * Added priority level to software indicator & in output parameter * Priority level key error handled for treding and search indicators command * Added RN * new widget should be predfined (#1773) * Recorded Future integration (#1764) * Recorded Future integration * Made requested changes * Skip Intezer test (#1777) * Add delay to intezer test playbook * Skip Intezer test * avoid error in domain format script (#1774) * AWS ec2 (#1770) * AWS EC2 Integration * add get-latest-ami outputs * added aws connection function * add test playbooks * fix test playbook location * Fix describe instances context issue * fix #12097 & describe instances tags output * fix #12097 for all aws integrations * Added new commands * added release notes * Nexpose enhancements (#1714) * paste * python * add commands * fix char * reports * scans, fixes * outputs, login, scan wait * test playbook * image * fixes #1 * rn, fixed playbook test * add report formats * fix test playbook * fix test playbook * fix test playbook * merge * add cve output, add raw outputs, search by multiple hosts & ips * Removed start-scan commands * Clear release notes (#1780) * Clear release notes * Update git hash * Add fromversion field to relevant playbooks * Added empty RN * Enable Intezer test (#1779) * spelling fixes (#1781) * fix wether to whether * relase notes * Moved qualys test to skipped due to expired account issues (#1783) currently fails content build nightly * Demisto REST API - new commands to upload and download files (#1748) * added multipart and download commands * added multipart and download commands * added multipart and download commands * added multipart and download commands * added multipart and download commands * added scripts to download logs bundle, and upload files to war room * Convert Incident fields to array (#1784) * convert to list * skip validate * add import json * use seek and truncate * revert config yml * Fix domain rep (#1785) * domain fix reputation * fix RN * fix RN * Crowdstrike falcon intel (#1790) * crowdstrike falcon intel change report id to retrieve due to size * updating default value of API version to 2.0 (#1782) * updating default value of API version to 2.0 1.6 is no longer available, 2.0 is the default version in the hosted environment * Clear release notes (#1789) * Clear release notes * Update git hash * Add fromversion field to relevant playbooks * Added empty RN * clear release notes after 18.7.1 release * update git hash * Replace demisto lock logo (#1792) * Updated integration name source (#1775) * Ews readable errors (#1788) * Changed default authentication method to "Basic" in accordance with instance defaults for office365. * Beautified error messages in test_module * Handled case where no error message is set * secureworks add default url -https://api.secureworks.com (#1798) * secureworks add default url -https://api.secureworks.com - fixes https://github.com/demisto/etc/issues/12378 * Update integration-SecureWorks.yml * fix ArcSight ESM addEntries (#1797) * fix ArcSight ESM addEntries - if entries had passed from context as JSON then we got exception * Update integration-ArcSightESM.yml * Added eventType fetch filter (#1796) * remove `runonce: true` from phish.ai (#1799) * remove `runonce: true` from phish.ai * add rn * scripts - deprecate checkwhitelist + add filterbywhite lists (#1708) * scripts - deprecate checkwhitelist + add filterbywhite lists * Change wording * add support for array input + change whitelist ot list * malicious ration reputation script (#1778) * malicious ration reputation script * change script logic to return score as reputation script & DBot score * disable TE test playbook (#1802) * disable TE test playbook * ignore right test * Top malicious ratio indicators (#1750) * Top malicious ratio indicators * Fix script schema validation * remove script schema validatiom * fix CR * add widget to display script results * add fromversion filter 0 malicious ratio * add widget from version * fix file format * Fix desc build (#1808) * adding RN * add desc * Replace integrations logos (#1807) * Replace integrations logos * Add release notes * Add release notes * Fixed logos * fix widget should be isPredefined (#1818) * fix widget should be isPredefined * Update widget-TopMaliciousRationIndicators.json * Validate widget isPredefined property is true (#1819) Output in case some widget has `isPredefined: false` ```bash Starting validate Widgets... Failed: Widgets/widget-IncidentInErrorNumber.json failed <SchemaError: error code 2: Schema validation failed: - Enum 'False' does not exist. Path: '/isPredefined'.: Path: '/'> Finished validate Widgets validate_files_structure.sh exiting with error ``` * Added traceback import (#1806) * Added traceback import * Moved redlock test to nightly (#1804) * check proxy parameter before client.connect() (#1824) * check proxy parameter before client.connect() Attempting to connect to the splunk server before checking for the proxy parameter causes a connection timeout if the splunk server is not accessible without using a proxy. * add release notes * Change the term investigation to incident in the layouts. (#1825) * FireEye URL submissions (#1743) (#1820) * FireEye URL submissions (#1743) * FireEye URL submissions Added functionality to submit URLs to FireEye and retrieve their status. Functions created are fe-submit-url and fe-submit-url-status * Modify integration description Modified integration description to aligh with naming standards and help user understand how certain parameters should be passed. * Reverted fe-submit and fe-submit-status back to original name Reverted fe-submit and fe-submit-status back to original name from fe-submit-file and fe-submit-status * deleting file that is not part of integration * Update integration-fireeye.yml * added predefined parameters for commands added predefined parameters for commands * Added release notes * Fixed Twilio test function (#1826) * Fixed Teilio test function Fixes https://github.com/demisto/etc/issues/12214 * CR fixes * Feature/widgets for engine and workers (#1689) * Widgets for engine and workers * Fixed unnamed attachments bug (#1822) * Fixed unnamed attachments bug. * Handled possible case where attachment name is not a string. * Corrected comparison method according to PEP-8 recommendation. * enable TE again (#1828) * add note to schema (#1830) * Passive Total - added proxy and insecure parameters (#1814) * added insecure and proxy settings * proxy defaults to true and insecure defaults to false * Fixed URL command, added IP and Domain * Added to release notes * add widget description (#1823) * Recorded Future bug fix (#1832) * Vulnerability Management issue fix (#1815) * RTIR integration (#1833) * RTIR Integration * add return_error function * added docstring * Updated the regex (#1801) (#1834) * Updated the regex (#1801) Updated the regex to properly pull the detection ID. Sometimes the detection ID changes in length, but it's always a number from 0-9 * add release notes * RTIR Spanish support (#1835) * RTIR integration spanish support * RTIR integration spanish support * prettify common server doc python error (#1836) * limit fetch incidents from netwitness (#1800) - fixes https://github.com/demisto/etc/issues/12195 * Update process email + phishing layout (#1813) * Update process email + phishing layout * And `HTML Rendered Image` MD field to phishing layout * Add Base64 output to the `rasterize-email` command * Update rasterized image to the Phishing summary page TODO: * Remove the HTML field mapping in the relevant integrations * Update incidentfields.json Change field name * Update layout-details-Phishing.json Change field name * Update playbook-Process_Email_-_Generic.yml change field name * Update playbook-Process_Email_-_Generic.yml big scheme issue * Update playbook-Process_Email_-_Generic.yml really fixing it * Update incidentfields.json typo fix * Add scheme * add missing tag * Add release notes * move note up (#1838) * Repopulate files (#1839) * Repopulate files adds the File context based on file entries * Removed some lines * Skipped redlock test (#1840) * Skipped redlock test * Removed duplicate test * rebased master * Bug fix - Detonate playbooks (#1846) * Alien Vault OTX DBot Score removal (#1844) * Alien Vault OTX DBot Score removal * Removed AlienVault instance from tests and added VirusTotal * Parse email files enhancements (#1843) * Added support for "SMTP mail text, ASCII text" files. Fixed bug in email address extraction. * Added test case for multiline address * Fixed release note format * Fixed release note format * Created playbook-TestQradar (#1842) * Created playbook-TestQradar * 1. Updated Test playbooks id and version 2. Added QRadar to conf.json * Clear release notes (#1847) * Clear release notes * Update git hash * Add fromversion field to relevant playbooks * Added empty RN * clear release notes after 18.7.1 release * update git hash * 18.7.2 clear rn * 18.7.2 changed git hash * DeleteContext - added the ability to provide keys to keep (#1787) * added the ability to provide keys to keep * improving argument description * improving argument description * Demisto lock description fix and increase default timeout (#1849) * fixed description of param and argument * default timeout changed to 600 second (10 min) * default timeout changed to 600 second (10 min) * default timeout changed to 600 second (10 min) * enhance ExportToCSV script (#1669) * - add option to add csv headers as script argument - add parsing in case of string input * remove runonce * add newline at the end of file * add releaseNotes * add newline at the end of the file * handle array of strings * handle boolean and number values * modify to except more input types as valid inputs for csvArray * add release notes * add test playbook * fix scriptName reference * add test playbook * rn * versions * ES6 to ES5 * added usage of return_error_and_exit in http_request * Update integration-FireEye_ETP.yml * fixed time formatting for last_run * change fetch incidents to poll alerts * Update integration-SplunkPy.yml * fix diff * add last alert creation time stamp to last run, to prevent duplicate incidents
fixes https://github.com/demisto/etc/issues/11915