Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crowdstrike falcon intel v2 support #1768

Merged
merged 8 commits into from
Jul 9, 2018
Merged

Crowdstrike falcon intel v2 support #1768

merged 8 commits into from
Jul 9, 2018

Conversation

yardensade
Copy link
Contributor

No description provided.

@yardensade yardensade requested a review from anara123 July 9, 2018 10:55
anara123
anara123 approved these changes Jul 9, 2018
View reviewed changes
Integrations/integration-CrowdStrikeIntel.yml Outdated
@@ -5,7 +5,7 @@ name: FalconIntel
display: CrowdStrike Falcon Intel
category: Data Enrichment & Threat Intelligence
image: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHgAAAATCAYAAABbV8lLAAALzElEQVRo3u1YeVgV5RdWMQpFKDJMVBRNJQGRfQlZFRRUFHEXs0gjQwRKAbPABZcEk9wwQzMFLVcUREEEAbdExSVMRQgURYF7Z+69c+fO3aZ3BrhyA63H3z+/fJjnmQdm7jfn+77znvOe93yd5EVnbDt1XK/uRW9cG0unrFvT8qy8efWdDq+8Qpf6Ua0J4Wkhkq6JT+CexZ/OzJGfPB7c4ZlXKYtT1q4UWL/FUl9FpjDZRycKHfrKZBk/TevwzCtySROXJYnmTjovdOxHi2aPL6C+/iJV6NyflMQu3CwvLjDq8NB//FJV3htK+No/FM0Nyhf6jKghRg6tF4dOySNGmjcQ7ubV1PLYOHlBXu8OT/2HL/nZ/ABksIQM8roqmuZ3SejUnyJ87R4DbFYw3JAl3AYLxPNn/ExvXj+BOZnVs8Nj/0WQzxfZEwGuZRy4ZKB7FeFlxRKuZiyymBXa92a5Oi0Y0ZMlRg4RiGaMzaWWx4QzWYfNXmYu2bbv/KjYiJXUkvDVsq0bpir/uPWa5rcTmb2Y/XtCmYyfFtJbksLpb5cHqOoedf67De4beuOaYGrx52uo+MXfMAfTnbWY6c/7JvLD+0NUT+p0NXssyPNVXL1srxlTV2fIHN4/R1V134B7Zg7t88e8YczPPy7E/uYx+3Y7teurglxzKmbhMklk6Hp628YQVcUfemop1VX2w6Z59PqV0fSGxCh6w+rmOzGaXhsfrSy7YiHPOdaZTk6cjzuK/m5NNJW47DPmQLqDlu3c7A9QNqNUlRWDeH9sT+kBm5FY15SWMczJ4wHShCVLVLfKzPlvftkzhV63PKp53mjYj5ZtTfZqs3Dl72W60nUJkYSHxWMAzSKLWcJjGCt0HcQK7XqzQoc++PsugH6bB1zoPEAKaj8G5e36r1S7iDQUzZ6QS3zwXoNo1rgsUciETMLT8hEC6iZTkGvCjSG8Lb2EtsYsMcbhIjHG8QICql68ICRLLRHrtgJvCBHgcgtBWCOaM/EIOc0vD2shJVHzd7EKeVdujKL0ghkEIyvPP+XI7+1xrS7hZdkg/jg4V+OofbuDEcAS1d3b3blngU3PMsJ1YC1snyP8na5inQIw2ln140d9Wr5RXDrngblEAovXwW5vso1DOrGS6E8z1KTwdfhKIni/Kyuw1OeZj08KK0N+DJOxK4z6OloHz5TAqgfGdGcFFm/wYwBeeIt9ydJFyQ2DO7GKM7l8NyP0tRnAjSODR13m915VMVRga6wkvIfXqxobjLl3opkBpY3v68BmN41dYLbruUAoykp7SBO/XiIcbVvJgUn42tZjU0qhvUkTyC03QOc2AHpnFL+dd/wngCURH2eSk0fdUFwv7aWZ62KxgWzntk9YpbIHv6HRI3zg4BpN0JWV9oIeoJj0XeP5IJFK9cE0f0qiw/Yqb1zVa+X4IQjIWunahJSWd+REj1vo8xfzv5cU2vB78bJsVFbceZNfz+IFOyURHx1pGU+4mF0ngzwXPFtbiYnow0kFEJ+/qWlah3fm3KBsgfWbLL05aaps944hEKXfMicyp/OZdPqkNZNzzEG2fdOHQpt3WMLf+RBzMMMBCeCgulPeUxw+x1Bo05PAusrleTkO9I5NY7kgQqA+wV74IKMSliQ2DnuNVZzND+TXNN7FFN+okQynm3z4UTb3u7yoYEzLOhHkJYTzAAYM4YkSOgLrscH/pu2Lrid1vRTnikybDj6u6VBxEetARxnSFXHbBFb62gA331wkS+IiFr6wBJQUWgpdzBTKG9csXjSOCHDyIca7VWu98x7eyOxNm8pnXfquUHK0zRO1+FlGa+YoPO0DvUApy2/2bnZWsmhOYCHfDm5aH0NOGFmOYH2E0uLL2/V3rkIWf6yZx21wGeFnF6nlj5o/jQGClDl+0IM/KwibfbgR2StdG78UAWDQ3h5AocO54Cc8zDdr7WPiyLfxXgz2uvBsvy530bXQ8lNZfMeC0vA3gF1NwWhKBFkhAiqUm5uKi9zT2q4oJPAc4TpIhjJgprx+xaAlWNoH+O5tc3KSZzm16qtYett34ciIxahJs1RP6wyQfdeFyAJtgE1YAaIVk095Yb+9JSmE8Bpe/U9ZTgS6eRLuw0hsPJGY4BYPZ2SDnn7n6J3fzKxxP4hmjjvabhAVFxjgWwG9Ndmdd/SJzNGkt1WDqrpKj5zhf16WmrIIdJouXR6TrLx+tR83j/LubVMtgMc6RrZZk79zueTLzz5vqv2/WxIBzrcazbuABgcSACReJRToaQGcfcSBL2k+w1Nbvyen+Bih9NUjYAgwyTH4uURgbcQigfaq5QyvM6An2mawk6mIK1sc/YJJadXDmv6t7Yo/mnyWL5kcw2Kc0Me6kk7bovdcJyuvXX5PNMO/gKOiRnMdRKJFgyTqk1/EocH5qIkSTnRpgQzDqF2kaPqYk3RqSqiKEHZtI6x2bJ6IU7N6xeULr78Y4JHuXMYgYg+Qk30KuQUr75QP1dB81PxkAFzQbmm5UGxMuA0RMccO2DfVq/v6HG3Lft4Ryv1VXLk0EEwwWzTVr5TeuuELMsj7htbczwN4rFMFBNE8TRLcv6uDY95w0tu6iqt9VEz4XlB4578DDObRBnjqKCMAVIekUELLiDnACD+HarVI1KNlTLsU7dCHwfrL4ZPDXJ2V7UxdrJXBH04qhj0ltTRyN4J3uzRpZaK85IzuP6vdPT+OFn8+50dy1Ij7TcJAvylC2qFpvh6PMGIbh+ly2RzRzrHoOwgOijl2MOSFAPvZoQa7ajIdINylv1+/vFVddEMwKVT37wxuG0RbYgBGtar+qSZ60d4dJ7ytH5BBPmXNZacvnPoQvX8Vsi+5DcC+dlqlRlF60ZHTH4rSS3xpUT190ktelD+Qt3XjWmeUi1pkmFi2e7v+vwLY3oRE5l6BH3qIPwvJBMgqrk19IcA2PVlk6Ql0E29wZxZgAbH6QXX/ZxQ94RzWTr98C3U6pytUoB1o6lvx3KAzGkXdKoOblLURywUC4TJQClFh3qY27UlbBGUrR2sxDTYN5YV53ZnMA+7Y8GXUj1H8hrwsRxF+9rUQV92a2oacQGxICfWoacnQYqWTPtY18kMZHmgrujHZh9+WJq0Ih20lnidrl4bkCE6VQktonA0GON8ItYuxnq3HCl0GQGR5xdPfr+kt25VqJkvbNh1nAY3QH9u53zmFjvP6fOxfSsUtWg06XQUxpeJKl6q6UsNaTNYhR74T8LL8QQvgYG8jjKdQcq7wAVJ+0wJ+U5KBHrfVEgkflBBtqzn6h56Y2KxJTIVIHDBqEW/7+KEQXrlHzjvaugZz3Q2+3ShNiFkt/ebL1Sitn7wU2MqbZdZCp35yTiW2gAsApOJ504/QG1ZNQd32x4TF6AnD2hUgaakL4LQ6KMc6UNwj0HGjZGlkMsSdQdOGnL3QNt1TNAPMZ+HcyWepZdE7NWwgkXTBZpLxbT1vw2PYE2RLJbIiqG1/X2yJ9UmQVeM0oCetSuDbjKoKLZGEoDkNxY76aFWPNTagpNSgJ/2KZWQ8/aopSRdZ2tYQjKvmGQ2ikxxtW6G4dlmrX4aStoMil4LuN2lR6ayAt/D+qWjW+BLNUfGK2O2gXQWTsZtX79SKuASURqmiuIBfLznZsx/hZEqJmts7VqnoLA6blQe2lCuKCnixKJk/MxdBR3Mg8wzLKXj3YcUvndHMqayxqCNyXlXbwpjrIIlopv8pKEHr5n5XH3XY4Llt2Pmi7nC4jWxvmj1saZ2MQRC9AeXaRy19VtPUJKGPute/zTpOHDXCQYG9/Mh+K/mFoq7tzcUqFJ1hr69a1tTmNNvTg1B5t43ArK40xgHDABxcmIGx+oKK27WpuHKxG/NruiWz7yer1q2axj4UPoLHFPa0zvJVD6q74H1fVe0Dzdxo+3RV9/4wxW+9m0rAU0NVxR1TNUXpNan4Kh3eVu1D41b2u0EM9295p35ci3XfM+XHtdzVVcb/08kX8+ue8RA833NtCbI3i4pduBHUG9ZxJviqHXHm5XigjVgLdWrd4Y3/r+svksqca07dD2oAAAAASUVORK5CYII=
description: Actors, indicators and reports intelligence
description: Actors, indicators and reports intelligence with indicator V2
detaileddescription: |-
Please provide the API id and key for the CrowsStrike Falcon Intelligence.
API Key Pairs can be generated by accessing the CrowdStrike API tab located in the user settings on the Intelligence Portal.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Explain more about Indicator API V2 in detaileddescription. How to generate this key.

@yardensade
Copy link
Contributor Author

Tested migration from from old integration to new with both v1 and v2 api keys

@anara123 anara123 merged commit 89c54a8 into master Jul 9, 2018
@anara123 anara123 deleted the crowdstrike-falcon-intel branch July 9, 2018 19:22
@yardensade yardensade restored the crowdstrike-falcon-intel branch July 11, 2018 15:23
DeanArbel pushed a commit that referenced this pull request Jul 24, 2018
Crowdstrike falcon intel v2 support (#1768)
edc336c 
* added crowdstrike intel test playbook + v2 indicator integration

* fixed format (whitespace missing)

* extended playbook cs-indicators

* added test-module by version, more documentation

* added releaseNotes to crowdstrike falcon intel
DeanArbel pushed a commit that referenced this pull request Jul 24, 2018
@slavikm @DeanArbel
Zoom support within Demisto (#1757)
49418bd 
* Zoom support within Demisto

* fix typo

* - added test playbook to test zoom commands
- added automation script to generate a random email

* fixed 2 bugs in the zoom-fetch-recording:

1. Fetch recording didn't work because the wrong arg key was used (id instead of meeting_id)
2. Recording delete didn't work because params and headers weren't passed to the delete request

* Updated zoom test playbook

* changes requested in code review

* changes requested in code review

* Removed obsolete file that made tests fail

* Added description to zoom integration

* Handle tanium/vmware timeout on errors issue (#1751)

* handle errors from tanium integration

* handle errors from vmware integration

* unskip tests

* vmware - verify logout is done even if there is an error

* vmware - verify logout is done even if there is an error

* added release notes

* skip vmware test

* Script helper python arg order fix (#1754)

* fix arg order of args in pythoncommonserver doc

* set automationOnly tag for commonServer commands using executeCommand

* fix null argument descriptions in script helper

* releasenotes

* Fix circleci2 (#1759)

* try fix curl bad characters

* try fix curl bad characters

* fix space

* skip anomali test (#1763)

* Hybrid Analysis Integration (#1745)

* Hybrid Analysis Integration

* fixed fromversion

* Made requested changes

* Single-setup adjustments (#1752)

* Wildfire getReport bug fix (#1753)

* getReport bug fix
getReport bug fix

* Added empty RN

* Improved implementation

* Cylance Protect v2 device data context path fix (#1661)

* Cylance Protect v2 device data context path fix

* Made requested changes

* Made requested changes

* Fixed test according to context changes

* use the added command (#1761)

* use the added command

* deprecate

* Postgres fix error (#1765)

* fix error on no rows returned

* test playbook

* fix exception

* Fixed move-between-mailboxes using impersonation (#1766)

* Archer add fields checks and full results for get-records-by-report (#1744)

* Archer add fields checks and full results for get-records-by-report

* CR fixes

* Access Investigation - Generic (#1760)

* Access Investigation - Generic

New playbooks:
* Access Investigation - Generic
* Access Investigation - QRadar

Updated playbooks:
* IP Enrichment - Generic

New script:
* IPToHost

Updated script:
* EmailAskUser

* Add description

* add description

* Update task scheme

* CR fixes

* add systemAssociatedTypes (#1758)

* Vulnerability Management - Nexpose: (#1762)

* Vulnerability Management - Nexpose:

New playbooks:
* Vulnerability Handling - Nexpose
* Vulnerability Management - Nexpose (Job)

Updated playbooks:
* Calculate Severity - Generic
* Calculate Severity - 3rd-party integrations

New scriptL
* NexposeCreateIncidentsFromAssets

* CR fixes

* Add description

* bug fix

* Email sender in Python with embedded images (#1671)

* Email sender in Python with embedded images

* Added template variables in ugly way

* Changed default value for sender address at email sender integration

* removed empty lines at EOF

* added Mail Sender (New) integration & playbook

* added Mail Sender (New) integration & playbook

* removed old integration file (difference only in name of integration)

* changed email sender python (new) ID

* fixed playbook trying to activate script by old name and failing

* changed deletecontext script back to original

* added google apps integration for mail sender (new)

* Added newline support for base64 images in html

* Fix missing release notes (#1767)

* print commands outputs

* check if files exist

* refactor

* print files

* add prints

* check if file is empty

* grep error

* update git hash

* add missing rn

* revert config.yml

* remove prints

* add missing space

* removed palo alto from conf.json (#1771)

* removed palo alto from conf.json

* add running-playbooks widget (#1755)

* add running-playbooks widget

* Update widget-RunningPlaybooks.json

* Crowdstrike falcon intel v2 support (#1768)

* added crowdstrike intel test playbook + v2 indicator integration

* fixed format (whitespace missing)

* extended playbook cs-indicators

* added test-module by version, more documentation

* added releaseNotes to crowdstrike falcon intel

* remove approve action from tanium playbook (#1769)

* TruSTAR integration enhancements (#1772)

* Enhanced Trustar integration (#1706)

* Enhanced trustar integration

* Enhanced trustar integration

* Enhanced trustar integration

* Revert "Enhanced trustar integration"

This reverts commit c7aa5c9.

* Enhanced trustar integration

* Incorporated review comments for trustar integration

* Incorporated review comment - added priority level in entry context

* Added priority level to software indicator & in output parameter

* Priority level key error handled for treding and search indicators command

* Added RN

* new widget should be predfined (#1773)

* Recorded Future integration (#1764)

* Recorded Future integration

* Made requested changes

* Skip Intezer test (#1777)

* Add delay to intezer test playbook

* Skip Intezer test

* avoid error in domain format script (#1774)

* AWS ec2  (#1770)

* AWS EC2 Integration

* add get-latest-ami outputs

* added aws connection function

* add test playbooks

* fix test playbook location

* Fix describe instances context issue

* fix #12097 & describe instances tags output

* fix #12097 for all aws integrations

* Added new commands

* added release notes

* Nexpose enhancements (#1714)

* paste

* python

* add commands

* fix char

* reports

* scans, fixes

* outputs, login, scan wait

* test playbook

* image

* fixes #1

* rn, fixed playbook test

* add report formats

* fix test playbook

* fix test playbook

* fix test playbook

* merge

* add cve output, add raw outputs, search by multiple hosts & ips

* Removed start-scan commands

* Clear release notes (#1780)

* Clear release notes

* Update git hash

* Add fromversion field to relevant playbooks

* Added empty RN

* Enable Intezer test (#1779)

* spelling fixes (#1781)

* fix wether to whether

* relase notes

* Moved qualys test to skipped due to expired account issues (#1783)

currently fails content build nightly

* Demisto REST API - new commands to upload and download files (#1748)

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added scripts to download logs bundle, and upload files to war room

* Convert Incident fields to array (#1784)

* convert to list

* skip validate

* add import json

* use seek and truncate

* revert config yml

* Fix domain rep (#1785)

* domain fix reputation

* fix RN

* fix RN

* Crowdstrike falcon intel (#1790)

* crowdstrike falcon intel  change report id to retrieve due to size

* updating default value of API version to 2.0 (#1782)

* updating default value of API version to 2.0

1.6 is no longer available, 2.0 is the default version in the hosted environment

* Clear release notes (#1789)

* Clear release notes

* Update git hash

* Add fromversion field to relevant playbooks

* Added empty RN

* clear release notes after 18.7.1 release

* update git hash

* Replace demisto lock logo (#1792)

* Updated integration name source (#1775)

* Ews readable errors (#1788)

* Changed default authentication method to "Basic" in accordance with instance defaults for office365.

* Beautified error messages in test_module

* Handled case where no error message is set

* secureworks add default url -https://api.secureworks.com (#1798)

* secureworks add default url -https://api.secureworks.com

- fixes demisto/etc#12378

* Update integration-SecureWorks.yml

* fix ArcSight ESM addEntries (#1797)

* fix ArcSight ESM addEntries

- if entries had passed from context as JSON then we got exception

* Update integration-ArcSightESM.yml

* Added eventType fetch filter (#1796)

* remove  `runonce: true` from phish.ai (#1799)

* remove  `runonce: true` from phish.ai

* add rn

* scripts - deprecate checkwhitelist + add filterbywhite lists (#1708)

* scripts - deprecate checkwhitelist + add filterbywhite lists

* Change wording

* add support for array input + change whitelist ot list

* malicious ration reputation script (#1778)

* malicious ration reputation script

* change script logic to return score as reputation script & DBot score

* disable TE test playbook (#1802)

* disable TE test playbook

* ignore right test

* Top malicious ratio indicators (#1750)

* Top malicious ratio indicators

* Fix script schema validation

* remove script schema validatiom

* fix CR

* add widget to display script results

* add fromversion
filter 0 malicious ratio

* add widget from version

* fix file format

* Fix desc build (#1808)

* adding RN

* add desc

* Replace integrations logos (#1807)

* Replace integrations logos

* Add release notes

* Add release notes

* Fixed logos

* fix widget should be isPredefined (#1818)

* fix widget should be isPredefined

* Update widget-TopMaliciousRationIndicators.json

* Validate widget isPredefined property is true (#1819)

Output in case some widget has 
`isPredefined: false`

```bash
Starting validate Widgets...
Failed: Widgets/widget-IncidentInErrorNumber.json failed
<SchemaError: error code 2: Schema validation failed:
 - Enum 'False' does not exist. Path: '/isPredefined'.: Path: '/'>
Finished validate Widgets
validate_files_structure.sh exiting with error
```

* Added traceback import (#1806)

* Added traceback import

* Moved redlock test to nightly (#1804)

* check proxy parameter before client.connect() (#1824)

* check proxy parameter before client.connect()

Attempting to connect to the splunk server before checking for the proxy parameter causes a connection timeout if the splunk server is not accessible without using a proxy.

* add release notes

* Change the term investigation to incident in the layouts. (#1825)

* FireEye URL submissions (#1743) (#1820)

* FireEye URL submissions (#1743)

* FireEye URL submissions

Added functionality to submit URLs to FireEye and retrieve their status.
Functions created are fe-submit-url and fe-submit-url-status

* Modify integration description

Modified integration description to aligh with naming standards and help user understand how certain parameters should be passed.

* Reverted fe-submit and fe-submit-status back to original name

Reverted fe-submit and fe-submit-status back to original name from fe-submit-file and fe-submit-status

* deleting file that is not part of integration

* Update integration-fireeye.yml

* added predefined parameters for commands

added predefined parameters for commands

* Added release notes

* Fixed Twilio test function (#1826)

* Fixed Teilio test function
Fixes demisto/etc#12214

* CR fixes

* Feature/widgets for engine and workers (#1689)

* Widgets for engine and workers

* Fixed unnamed attachments bug (#1822)

* Fixed unnamed attachments bug.

* Handled possible case where attachment name is not a string.

* Corrected comparison method according to PEP-8 recommendation.

* enable TE again (#1828)

* add note to schema (#1830)

* Passive Total - added proxy and insecure parameters (#1814)

* added insecure and proxy settings
* proxy defaults to true and insecure defaults to false
* Fixed URL command, added IP and Domain
* Added to release notes

* add widget description (#1823)

* Recorded Future bug fix (#1832)

* Vulnerability Management issue fix (#1815)

* RTIR integration (#1833)

* RTIR Integration

* add return_error function

* added docstring

* Updated the regex (#1801) (#1834)

* Updated the regex (#1801)

Updated the regex to properly pull the detection ID.

Sometimes the detection ID changes in length, but it's always a number from 0-9

* add release notes

* RTIR Spanish support (#1835)

* RTIR integration spanish support

* RTIR integration spanish support

* prettify common server doc python error (#1836)

* limit fetch incidents from netwitness (#1800)

- fixes demisto/etc#12195

* Update process email + phishing layout (#1813)

* Update process email + phishing layout

* And `HTML Rendered Image` MD field to phishing layout
* Add Base64 output to the `rasterize-email` command
* Update rasterized image to the Phishing summary page

TODO:
* Remove the HTML field mapping in the relevant integrations

* Update incidentfields.json

Change field name

* Update layout-details-Phishing.json

Change field name

* Update playbook-Process_Email_-_Generic.yml

change field name

* Update playbook-Process_Email_-_Generic.yml

big scheme issue

* Update playbook-Process_Email_-_Generic.yml

really fixing it

* Update incidentfields.json

typo fix

* Add scheme

* add missing tag

* Add release notes

* move note up (#1838)

* Repopulate files (#1839)

* Repopulate files adds the File context based on file entries

* Removed some lines

* Skipped redlock test (#1840)

* Skipped redlock test

* Removed duplicate test

* rebased master
hirshbergshachar added a commit that referenced this pull request Jul 25, 2018
@hirshbergshachar
Fireeye etp integration fixes (#1853)
c046173 
* Clear release notes (#1733)

* clear rn

* git hash

* fix cylance test (#1740)

- make the test run in sequance instead of parallel
- command was failing because didnt found some threat

* Farsight DNSDB - Added handling for 404 and 400 responses (#1675)

* Added handling for 404 and 400 responses

graceful handling of no inforamaion found condition
Also improved humanreadable for results

* fix commonfields

fix commonfields

* Added test plybook for DNSDB

Farsight DNSDB test playbook

* Remove special support for EWS (#1736)

* Remove special support for EWS
Remove special playbook for custom fields (Use "setIncident" instead)

* Add release notes

* CR fixes

* move qualys test to nightly - it requires only single run of build in parallel (#1697)

* add connections to canvas suggestions (#1729)

* add connections to canvas suggestions

* fix schema validation

* Add vt connections (#1742)

add VT connections

* Ews untitled/empty attachments (#1728)

* Fixed handling untitled/empty attachments

* Added null checks for on attachment content.

* Implemented workaround for exchangelib not handling empty file attachments (zero bytes)

* Added empty attachment test playbook

* Support for RedLock alerts (#1721) (#1738)

* Support for RedLock alerts (#1721)

* Support for RedLock alerts

* Fixes issue with EWS Search and Delete (#1696)

* Fixes issue with EWS Search and Delete

* CR fixes
* Fix typo and releaseNotes
* Add Test playbook
* Remove forward/ replay prefixes only from beginning of Subject

* Update "Detonate File - Generic" (#1722)

* Update "Detonate File - Generic"
* Improve documentation
* Add supported file types
* Add support for updated Falcon integration

* Add outputs description

* Add output description

* Remove auto-log from QRadarFullSearch (#1715)

* Remove auto-log from QRadarFullSearch

Was automatically printing logs to the war-room

* Fix CR

* CrowdStrike Falcon Sandbox enhancements and fixes (#1635)

* Netskope integration test fix

* CrowdStrike Falcon Sandbox enhancements and fixes

* Made requested changes

* add context canvas connections (#1718)

* add context canvas connections

* add schema validation

* updated argument types (#1725)

* Update playbook-RedLockTest.yml

Fixed and rephrased some task names.

* Added fetch-incidents

* Splunkpy search (#1717)

* add enhancement script for splunk search

* add to indicator types SplunkSearchPy

* use cmd only in depnds on

* Reverted addition of threat-grid-detonate-file and threat-grid-url-to-file commands (#1726)

* Update Intezer integration (#1727)

* Update Intezer integration - Malicious should be added only for bad reputation hashes.

* Update outputs

* change the url for 'GET request test' task (#1731)

* add command line output to cb defense (#1730)

* remove minemeld for now (#1732)

* remove minemeld for now

* skip minemeld test

* Fixed comments from code review

* Update playbook-RedLockTest.yml

Removed old command arguments from playbook tasks

* Added RedLock test

* Unskip Cybereason test (#1746)

* remove releasenotes for SEPM14 (#1622)

* remove releasenotes

* Update integration-SymantecEndpointProtection.yml

* ipinfo.io - Added support to use API token for paid plans (#1673)

* Added support to use API token for paid plans

* Add token to ipinfo_field command

* token

* only send token parameter if token is set

* '

* Remove "command-timeout" command argument for 3.6.1 (#1749)

* Removed argument "command-timeout" as this is replaced wtih the global argument with the same name and (effective) functionality.

* Removed depracated argument

* Renamed problematic argument instead of removing it.

* Renamed problematic argument instead of removing it (in test playbook).

* Rename integration-Carbon_Black_Enterprise_Live_Response_old.yml to integration-Carbon_Black_Enterprise_Live_Response_3.6.0.yml

* Handle tanium/vmware timeout on errors issue (#1751)

* handle errors from tanium integration

* handle errors from vmware integration

* unskip tests

* vmware - verify logout is done even if there is an error

* vmware - verify logout is done even if there is an error

* added release notes

* skip vmware test

* Script helper python arg order fix (#1754)

* fix arg order of args in pythoncommonserver doc

* set automationOnly tag for commonServer commands using executeCommand

* fix null argument descriptions in script helper

* releasenotes

* Fix circleci2 (#1759)

* try fix curl bad characters

* try fix curl bad characters

* fix space

* skip anomali test (#1763)

* Hybrid Analysis Integration (#1745)

* Hybrid Analysis Integration

* fixed fromversion

* Made requested changes

* Single-setup adjustments (#1752)

* Wildfire getReport bug fix (#1753)

* getReport bug fix
getReport bug fix

* Added empty RN

* Improved implementation

* Cylance Protect v2 device data context path fix (#1661)

* Cylance Protect v2 device data context path fix

* Made requested changes

* Made requested changes

* Fixed test according to context changes

* use the added command (#1761)

* use the added command

* deprecate

* Postgres fix error (#1765)

* fix error on no rows returned

* test playbook

* fix exception

* Fixed move-between-mailboxes using impersonation (#1766)

* Archer add fields checks and full results for get-records-by-report (#1744)

* Archer add fields checks and full results for get-records-by-report

* CR fixes

* Access Investigation - Generic (#1760)

* Access Investigation - Generic

New playbooks:
* Access Investigation - Generic
* Access Investigation - QRadar

Updated playbooks:
* IP Enrichment - Generic

New script:
* IPToHost

Updated script:
* EmailAskUser

* Add description

* add description

* Update task scheme

* CR fixes

* add systemAssociatedTypes (#1758)

* Vulnerability Management - Nexpose: (#1762)

* Vulnerability Management - Nexpose:

New playbooks:
* Vulnerability Handling - Nexpose
* Vulnerability Management - Nexpose (Job)

Updated playbooks:
* Calculate Severity - Generic
* Calculate Severity - 3rd-party integrations

New scriptL
* NexposeCreateIncidentsFromAssets

* CR fixes

* Add description

* bug fix

* Email sender in Python with embedded images (#1671)

* Email sender in Python with embedded images

* Added template variables in ugly way

* Changed default value for sender address at email sender integration

* removed empty lines at EOF

* added Mail Sender (New) integration & playbook

* added Mail Sender (New) integration & playbook

* removed old integration file (difference only in name of integration)

* changed email sender python (new) ID

* fixed playbook trying to activate script by old name and failing

* changed deletecontext script back to original

* added google apps integration for mail sender (new)

* Added newline support for base64 images in html

* Fix missing release notes (#1767)

* print commands outputs

* check if files exist

* refactor

* print files

* add prints

* check if file is empty

* grep error

* update git hash

* add missing rn

* revert config.yml

* remove prints

* add missing space

* removed palo alto from conf.json (#1771)

* removed palo alto from conf.json

* add running-playbooks widget (#1755)

* add running-playbooks widget

* Update widget-RunningPlaybooks.json

* Crowdstrike falcon intel v2 support (#1768)

* added crowdstrike intel test playbook + v2 indicator integration

* fixed format (whitespace missing)

* extended playbook cs-indicators

* added test-module by version, more documentation

* added releaseNotes to crowdstrike falcon intel

* remove approve action from tanium playbook (#1769)

* TruSTAR integration enhancements (#1772)

* Enhanced Trustar integration (#1706)

* Enhanced trustar integration

* Enhanced trustar integration

* Enhanced trustar integration

* Revert "Enhanced trustar integration"

This reverts commit c7aa5c9.

* Enhanced trustar integration

* Incorporated review comments for trustar integration

* Incorporated review comment - added priority level in entry context

* Added priority level to software indicator & in output parameter

* Priority level key error handled for treding and search indicators command

* Added RN

* new widget should be predfined (#1773)

* Recorded Future integration (#1764)

* Recorded Future integration

* Made requested changes

* Skip Intezer test (#1777)

* Add delay to intezer test playbook

* Skip Intezer test

* avoid error in domain format script (#1774)

* AWS ec2  (#1770)

* AWS EC2 Integration

* add get-latest-ami outputs

* added aws connection function

* add test playbooks

* fix test playbook location

* Fix describe instances context issue

* fix #12097 & describe instances tags output

* fix #12097 for all aws integrations

* Added new commands

* added release notes

* Nexpose enhancements (#1714)

* paste

* python

* add commands

* fix char

* reports

* scans, fixes

* outputs, login, scan wait

* test playbook

* image

* fixes #1

* rn, fixed playbook test

* add report formats

* fix test playbook

* fix test playbook

* fix test playbook

* merge

* add cve output, add raw outputs, search by multiple hosts & ips

* Removed start-scan commands

* Clear release notes (#1780)

* Clear release notes

* Update git hash

* Add fromversion field to relevant playbooks

* Added empty RN

* Enable Intezer test (#1779)

* spelling fixes (#1781)

* fix wether to whether

* relase notes

* Moved qualys test to skipped due to expired account issues (#1783)

currently fails content build nightly

* Demisto REST API - new commands to upload and download files (#1748)

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added scripts to download logs bundle, and upload files to war room

* Convert Incident fields to array (#1784)

* convert to list

* skip validate

* add import json

* use seek and truncate

* revert config yml

* Fix domain rep (#1785)

* domain fix reputation

* fix RN

* fix RN

* Crowdstrike falcon intel (#1790)

* crowdstrike falcon intel  change report id to retrieve due to size

* updating default value of API version to 2.0 (#1782)

* updating default value of API version to 2.0

1.6 is no longer available, 2.0 is the default version in the hosted environment

* Clear release notes (#1789)

* Clear release notes

* Update git hash

* Add fromversion field to relevant playbooks

* Added empty RN

* clear release notes after 18.7.1 release

* update git hash

* Replace demisto lock logo (#1792)

* Updated integration name source (#1775)

* Ews readable errors (#1788)

* Changed default authentication method to "Basic" in accordance with instance defaults for office365.

* Beautified error messages in test_module

* Handled case where no error message is set

* secureworks add default url -https://api.secureworks.com (#1798)

* secureworks add default url -https://api.secureworks.com

- fixes https://github.com/demisto/etc/issues/12378

* Update integration-SecureWorks.yml

* fix ArcSight ESM addEntries (#1797)

* fix ArcSight ESM addEntries

- if entries had passed from context as JSON then we got exception

* Update integration-ArcSightESM.yml

* Added eventType fetch filter (#1796)

* remove  `runonce: true` from phish.ai (#1799)

* remove  `runonce: true` from phish.ai

* add rn

* scripts - deprecate checkwhitelist + add filterbywhite lists (#1708)

* scripts - deprecate checkwhitelist + add filterbywhite lists

* Change wording

* add support for array input + change whitelist ot list

* malicious ration reputation script (#1778)

* malicious ration reputation script

* change script logic to return score as reputation script & DBot score

* disable TE test playbook (#1802)

* disable TE test playbook

* ignore right test

* Top malicious ratio indicators (#1750)

* Top malicious ratio indicators

* Fix script schema validation

* remove script schema validatiom

* fix CR

* add widget to display script results

* add fromversion
filter 0 malicious ratio

* add widget from version

* fix file format

* Fix desc build (#1808)

* adding RN

* add desc

* Replace integrations logos (#1807)

* Replace integrations logos

* Add release notes

* Add release notes

* Fixed logos

* fix widget should be isPredefined (#1818)

* fix widget should be isPredefined

* Update widget-TopMaliciousRationIndicators.json

* Validate widget isPredefined property is true (#1819)

Output in case some widget has 
`isPredefined: false`

```bash
Starting validate Widgets...
Failed: Widgets/widget-IncidentInErrorNumber.json failed
<SchemaError: error code 2: Schema validation failed:
 - Enum 'False' does not exist. Path: '/isPredefined'.: Path: '/'>
Finished validate Widgets
validate_files_structure.sh exiting with error
```

* Added traceback import (#1806)

* Added traceback import

* Moved redlock test to nightly (#1804)

* check proxy parameter before client.connect() (#1824)

* check proxy parameter before client.connect()

Attempting to connect to the splunk server before checking for the proxy parameter causes a connection timeout if the splunk server is not accessible without using a proxy.

* add release notes

* Change the term investigation to incident in the layouts. (#1825)

* FireEye URL submissions (#1743) (#1820)

* FireEye URL submissions (#1743)

* FireEye URL submissions

Added functionality to submit URLs to FireEye and retrieve their status.
Functions created are fe-submit-url and fe-submit-url-status

* Modify integration description

Modified integration description to aligh with naming standards and help user understand how certain parameters should be passed.

* Reverted fe-submit and fe-submit-status back to original name

Reverted fe-submit and fe-submit-status back to original name from fe-submit-file and fe-submit-status

* deleting file that is not part of integration

* Update integration-fireeye.yml

* added predefined parameters for commands

added predefined parameters for commands

* Added release notes

* Fixed Twilio test function (#1826)

* Fixed Teilio test function
Fixes https://github.com/demisto/etc/issues/12214

* CR fixes

* Feature/widgets for engine and workers (#1689)

* Widgets for engine and workers

* Fixed unnamed attachments bug (#1822)

* Fixed unnamed attachments bug.

* Handled possible case where attachment name is not a string.

* Corrected comparison method according to PEP-8 recommendation.

* enable TE again (#1828)

* add note to schema (#1830)

* Passive Total - added proxy and insecure parameters (#1814)

* added insecure and proxy settings
* proxy defaults to true and insecure defaults to false
* Fixed URL command, added IP and Domain
* Added to release notes

* add widget description (#1823)

* Recorded Future bug fix (#1832)

* Vulnerability Management issue fix (#1815)

* RTIR integration (#1833)

* RTIR Integration

* add return_error function

* added docstring

* Updated the regex (#1801) (#1834)

* Updated the regex (#1801)

Updated the regex to properly pull the detection ID.

Sometimes the detection ID changes in length, but it's always a number from 0-9

* add release notes

* RTIR Spanish support (#1835)

* RTIR integration spanish support

* RTIR integration spanish support

* prettify common server doc python error (#1836)

* limit fetch incidents from netwitness (#1800)

- fixes https://github.com/demisto/etc/issues/12195

* Update process email + phishing layout (#1813)

* Update process email + phishing layout

* And `HTML Rendered Image` MD field to phishing layout
* Add Base64 output to the `rasterize-email` command
* Update rasterized image to the Phishing summary page

TODO:
* Remove the HTML field mapping in the relevant integrations

* Update incidentfields.json

Change field name

* Update layout-details-Phishing.json

Change field name

* Update playbook-Process_Email_-_Generic.yml

change field name

* Update playbook-Process_Email_-_Generic.yml

big scheme issue

* Update playbook-Process_Email_-_Generic.yml

really fixing it

* Update incidentfields.json

typo fix

* Add scheme

* add missing tag

* Add release notes

* move note up (#1838)

* Repopulate files (#1839)

* Repopulate files adds the File context based on file entries

* Removed some lines

* Skipped redlock test (#1840)

* Skipped redlock test

* Removed duplicate test

* Zoom support within Demisto (#1757)

* Zoom support within Demisto

* fix typo

* - added test playbook to test zoom commands
- added automation script to generate a random email

* fixed 2 bugs in the zoom-fetch-recording:

1. Fetch recording didn't work because the wrong arg key was used (id instead of meeting_id)
2. Recording delete didn't work because params and headers weren't passed to the delete request

* Updated zoom test playbook

* changes requested in code review

* changes requested in code review

* Removed obsolete file that made tests fail

* Added description to zoom integration

* Handle tanium/vmware timeout on errors issue (#1751)

* handle errors from tanium integration

* handle errors from vmware integration

* unskip tests

* vmware - verify logout is done even if there is an error

* vmware - verify logout is done even if there is an error

* added release notes

* skip vmware test

* Script helper python arg order fix (#1754)

* fix arg order of args in pythoncommonserver doc

* set automationOnly tag for commonServer commands using executeCommand

* fix null argument descriptions in script helper

* releasenotes

* Fix circleci2 (#1759)

* try fix curl bad characters

* try fix curl bad characters

* fix space

* skip anomali test (#1763)

* Hybrid Analysis Integration (#1745)

* Hybrid Analysis Integration

* fixed fromversion

* Made requested changes

* Single-setup adjustments (#1752)

* Wildfire getReport bug fix (#1753)

* getReport bug fix
getReport bug fix

* Added empty RN

* Improved implementation

* Cylance Protect v2 device data context path fix (#1661)

* Cylance Protect v2 device data context path fix

* Made requested changes

* Made requested changes

* Fixed test according to context changes

* use the added command (#1761)

* use the added command

* deprecate

* Postgres fix error (#1765)

* fix error on no rows returned

* test playbook

* fix exception

* Fixed move-between-mailboxes using impersonation (#1766)

* Archer add fields checks and full results for get-records-by-report (#1744)

* Archer add fields checks and full results for get-records-by-report

* CR fixes

* Access Investigation - Generic (#1760)

* Access Investigation - Generic

New playbooks:
* Access Investigation - Generic
* Access Investigation - QRadar

Updated playbooks:
* IP Enrichment - Generic

New script:
* IPToHost

Updated script:
* EmailAskUser

* Add description

* add description

* Update task scheme

* CR fixes

* add systemAssociatedTypes (#1758)

* Vulnerability Management - Nexpose: (#1762)

* Vulnerability Management - Nexpose:

New playbooks:
* Vulnerability Handling - Nexpose
* Vulnerability Management - Nexpose (Job)

Updated playbooks:
* Calculate Severity - Generic
* Calculate Severity - 3rd-party integrations

New scriptL
* NexposeCreateIncidentsFromAssets

* CR fixes

* Add description

* bug fix

* Email sender in Python with embedded images (#1671)

* Email sender in Python with embedded images

* Added template variables in ugly way

* Changed default value for sender address at email sender integration

* removed empty lines at EOF

* added Mail Sender (New) integration & playbook

* added Mail Sender (New) integration & playbook

* removed old integration file (difference only in name of integration)

* changed email sender python (new) ID

* fixed playbook trying to activate script by old name and failing

* changed deletecontext script back to original

* added google apps integration for mail sender (new)

* Added newline support for base64 images in html

* Fix missing release notes (#1767)

* print commands outputs

* check if files exist

* refactor

* print files

* add prints

* check if file is empty

* grep error

* update git hash

* add missing rn

* revert config.yml

* remove prints

* add missing space

* removed palo alto from conf.json (#1771)

* removed palo alto from conf.json

* add running-playbooks widget (#1755)

* add running-playbooks widget

* Update widget-RunningPlaybooks.json

* Crowdstrike falcon intel v2 support (#1768)

* added crowdstrike intel test playbook + v2 indicator integration

* fixed format (whitespace missing)

* extended playbook cs-indicators

* added test-module by version, more documentation

* added releaseNotes to crowdstrike falcon intel

* remove approve action from tanium playbook (#1769)

* TruSTAR integration enhancements (#1772)

* Enhanced Trustar integration (#1706)

* Enhanced trustar integration

* Enhanced trustar integration

* Enhanced trustar integration

* Revert "Enhanced trustar integration"

This reverts commit c7aa5c9.

* Enhanced trustar integration

* Incorporated review comments for trustar integration

* Incorporated review comment - added priority level in entry context

* Added priority level to software indicator & in output parameter

* Priority level key error handled for treding and search indicators command

* Added RN

* new widget should be predfined (#1773)

* Recorded Future integration (#1764)

* Recorded Future integration

* Made requested changes

* Skip Intezer test (#1777)

* Add delay to intezer test playbook

* Skip Intezer test

* avoid error in domain format script (#1774)

* AWS ec2  (#1770)

* AWS EC2 Integration

* add get-latest-ami outputs

* added aws connection function

* add test playbooks

* fix test playbook location

* Fix describe instances context issue

* fix #12097 & describe instances tags output

* fix #12097 for all aws integrations

* Added new commands

* added release notes

* Nexpose enhancements (#1714)

* paste

* python

* add commands

* fix char

* reports

* scans, fixes

* outputs, login, scan wait

* test playbook

* image

* fixes #1

* rn, fixed playbook test

* add report formats

* fix test playbook

* fix test playbook

* fix test playbook

* merge

* add cve output, add raw outputs, search by multiple hosts & ips

* Removed start-scan commands

* Clear release notes (#1780)

* Clear release notes

* Update git hash

* Add fromversion field to relevant playbooks

* Added empty RN

* Enable Intezer test (#1779)

* spelling fixes (#1781)

* fix wether to whether

* relase notes

* Moved qualys test to skipped due to expired account issues (#1783)

currently fails content build nightly

* Demisto REST API - new commands to upload and download files (#1748)

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added scripts to download logs bundle, and upload files to war room

* Convert Incident fields to array (#1784)

* convert to list

* skip validate

* add import json

* use seek and truncate

* revert config yml

* Fix domain rep (#1785)

* domain fix reputation

* fix RN

* fix RN

* Crowdstrike falcon intel (#1790)

* crowdstrike falcon intel  change report id to retrieve due to size

* updating default value of API version to 2.0 (#1782)

* updating default value of API version to 2.0

1.6 is no longer available, 2.0 is the default version in the hosted environment

* Clear release notes (#1789)

* Clear release notes

* Update git hash

* Add fromversion field to relevant playbooks

* Added empty RN

* clear release notes after 18.7.1 release

* update git hash

* Replace demisto lock logo (#1792)

* Updated integration name source (#1775)

* Ews readable errors (#1788)

* Changed default authentication method to "Basic" in accordance with instance defaults for office365.

* Beautified error messages in test_module

* Handled case where no error message is set

* secureworks add default url -https://api.secureworks.com (#1798)

* secureworks add default url -https://api.secureworks.com

- fixes https://github.com/demisto/etc/issues/12378

* Update integration-SecureWorks.yml

* fix ArcSight ESM addEntries (#1797)

* fix ArcSight ESM addEntries

- if entries had passed from context as JSON then we got exception

* Update integration-ArcSightESM.yml

* Added eventType fetch filter (#1796)

* remove  `runonce: true` from phish.ai (#1799)

* remove  `runonce: true` from phish.ai

* add rn

* scripts - deprecate checkwhitelist + add filterbywhite lists (#1708)

* scripts - deprecate checkwhitelist + add filterbywhite lists

* Change wording

* add support for array input + change whitelist ot list

* malicious ration reputation script (#1778)

* malicious ration reputation script

* change script logic to return score as reputation script & DBot score

* disable TE test playbook (#1802)

* disable TE test playbook

* ignore right test

* Top malicious ratio indicators (#1750)

* Top malicious ratio indicators

* Fix script schema validation

* remove script schema validatiom

* fix CR

* add widget to display script results

* add fromversion
filter 0 malicious ratio

* add widget from version

* fix file format

* Fix desc build (#1808)

* adding RN

* add desc

* Replace integrations logos (#1807)

* Replace integrations logos

* Add release notes

* Add release notes

* Fixed logos

* fix widget should be isPredefined (#1818)

* fix widget should be isPredefined

* Update widget-TopMaliciousRationIndicators.json

* Validate widget isPredefined property is true (#1819)

Output in case some widget has 
`isPredefined: false`

```bash
Starting validate Widgets...
Failed: Widgets/widget-IncidentInErrorNumber.json failed
<SchemaError: error code 2: Schema validation failed:
 - Enum 'False' does not exist. Path: '/isPredefined'.: Path: '/'>
Finished validate Widgets
validate_files_structure.sh exiting with error
```

* Added traceback import (#1806)

* Added traceback import

* Moved redlock test to nightly (#1804)

* check proxy parameter before client.connect() (#1824)

* check proxy parameter before client.connect()

Attempting to connect to the splunk server before checking for the proxy parameter causes a connection timeout if the splunk server is not accessible without using a proxy.

* add release notes

* Change the term investigation to incident in the layouts. (#1825)

* FireEye URL submissions (#1743) (#1820)

* FireEye URL submissions (#1743)

* FireEye URL submissions

Added functionality to submit URLs to FireEye and retrieve their status.
Functions created are fe-submit-url and fe-submit-url-status

* Modify integration description

Modified integration description to aligh with naming standards and help user understand how certain parameters should be passed.

* Reverted fe-submit and fe-submit-status back to original name

Reverted fe-submit and fe-submit-status back to original name from fe-submit-file and fe-submit-status

* deleting file that is not part of integration

* Update integration-fireeye.yml

* added predefined parameters for commands

added predefined parameters for commands

* Added release notes

* Fixed Twilio test function (#1826)

* Fixed Teilio test function
Fixes https://github.com/demisto/etc/issues/12214

* CR fixes

* Feature/widgets for engine and workers (#1689)

* Widgets for engine and workers

* Fixed unnamed attachments bug (#1822)

* Fixed unnamed attachments bug.

* Handled possible case where attachment name is not a string.

* Corrected comparison method according to PEP-8 recommendation.

* enable TE again (#1828)

* add note to schema (#1830)

* Passive Total - added proxy and insecure parameters (#1814)

* added insecure and proxy settings
* proxy defaults to true and insecure defaults to false
* Fixed URL command, added IP and Domain
* Added to release notes

* add widget description (#1823)

* Recorded Future bug fix (#1832)

* Vulnerability Management issue fix (#1815)

* RTIR integration (#1833)

* RTIR Integration

* add return_error function

* added docstring

* Updated the regex (#1801) (#1834)

* Updated the regex (#1801)

Updated the regex to properly pull the detection ID.

Sometimes the detection ID changes in length, but it's always a number from 0-9

* add release notes

* RTIR Spanish support (#1835)

* RTIR integration spanish support

* RTIR integration spanish support

* prettify common server doc python error (#1836)

* limit fetch incidents from netwitness (#1800)

- fixes https://github.com/demisto/etc/issues/12195

* Update process email + phishing layout (#1813)

* Update process email + phishing layout

* And `HTML Rendered Image` MD field to phishing layout
* Add Base64 output to the `rasterize-email` command
* Update rasterized image to the Phishing summary page

TODO:
* Remove the HTML field mapping in the relevant integrations

* Update incidentfields.json

Change field name

* Update layout-details-Phishing.json

Change field name

* Update playbook-Process_Email_-_Generic.yml

change field name

* Update playbook-Process_Email_-_Generic.yml

big scheme issue

* Update playbook-Process_Email_-_Generic.yml

really fixing it

* Update incidentfields.json

typo fix

* Add scheme

* add missing tag

* Add release notes

* move note up (#1838)

* Repopulate files (#1839)

* Repopulate files adds the File context based on file entries

* Removed some lines

* Skipped redlock test (#1840)

* Skipped redlock test

* Removed duplicate test

* rebased master

* Bug fix - Detonate playbooks (#1846)

* Alien Vault OTX DBot Score removal (#1844)

* Alien Vault OTX DBot Score removal

* Removed AlienVault instance from tests and added VirusTotal

* Parse email files enhancements (#1843)

* Added support for "SMTP mail text, ASCII text" files. Fixed bug in email address extraction.

* Added test case for multiline address

* Fixed release note format

* Fixed release note format

* Created playbook-TestQradar (#1842)

* Created playbook-TestQradar

* 1. Updated Test playbooks id and version
2. Added QRadar to conf.json

* Clear release notes (#1847)

* Clear release notes

* Update git hash

* Add fromversion field to relevant playbooks

* Added empty RN

* clear release notes after 18.7.1 release

* update git hash

* 18.7.2 clear rn

* 18.7.2 changed git hash

* DeleteContext - added the ability to provide keys to keep (#1787)

* added the ability to provide keys to keep

* improving argument description

* improving argument description

* Demisto lock description fix and increase default timeout (#1849)

* fixed description of param and argument

* default timeout changed to 600 second (10 min)

* default timeout changed to 600 second (10 min)

* default timeout changed to 600 second (10 min)

* enhance ExportToCSV script (#1669)

* - add option to add csv headers as script argument
- add parsing in case of string input

* remove runonce

* add newline at the end of file

* add releaseNotes

* add newline at the end of the file

* handle array of strings

* handle boolean and number values

* modify to except more input types as valid inputs for csvArray

* add release notes

* add test playbook

* fix scriptName reference

* add test playbook

* rn

* versions

* ES6 to ES5
noaco added a commit that referenced this pull request Aug 21, 2018
@noaco
FireEye ETP integration (#1735)
655f057 
* add etp integration

* add outputs description

* print response text and fix milliseconds when fetching

* Fireeye etp integration fixes (#1853)

* Clear release notes (#1733)

* clear rn

* git hash

* fix cylance test (#1740)

- make the test run in sequance instead of parallel
- command was failing because didnt found some threat

* Farsight DNSDB - Added handling for 404 and 400 responses (#1675)

* Added handling for 404 and 400 responses

graceful handling of no inforamaion found condition
Also improved humanreadable for results

* fix commonfields

fix commonfields

* Added test plybook for DNSDB

Farsight DNSDB test playbook

* Remove special support for EWS (#1736)

* Remove special support for EWS
Remove special playbook for custom fields (Use "setIncident" instead)

* Add release notes

* CR fixes

* move qualys test to nightly - it requires only single run of build in parallel (#1697)

* add connections to canvas suggestions (#1729)

* add connections to canvas suggestions

* fix schema validation

* Add vt connections (#1742)

add VT connections

* Ews untitled/empty attachments (#1728)

* Fixed handling untitled/empty attachments

* Added null checks for on attachment content.

* Implemented workaround for exchangelib not handling empty file attachments (zero bytes)

* Added empty attachment test playbook

* Support for RedLock alerts (#1721) (#1738)

* Support for RedLock alerts (#1721)

* Support for RedLock alerts

* Fixes issue with EWS Search and Delete (#1696)

* Fixes issue with EWS Search and Delete

* CR fixes
* Fix typo and releaseNotes
* Add Test playbook
* Remove forward/ replay prefixes only from beginning of Subject

* Update "Detonate File - Generic" (#1722)

* Update "Detonate File - Generic"
* Improve documentation
* Add supported file types
* Add support for updated Falcon integration

* Add outputs description

* Add output description

* Remove auto-log from QRadarFullSearch (#1715)

* Remove auto-log from QRadarFullSearch

Was automatically printing logs to the war-room

* Fix CR

* CrowdStrike Falcon Sandbox enhancements and fixes (#1635)

* Netskope integration test fix

* CrowdStrike Falcon Sandbox enhancements and fixes

* Made requested changes

* add context canvas connections (#1718)

* add context canvas connections

* add schema validation

* updated argument types (#1725)

* Update playbook-RedLockTest.yml

Fixed and rephrased some task names.

* Added fetch-incidents

* Splunkpy search (#1717)

* add enhancement script for splunk search

* add to indicator types SplunkSearchPy

* use cmd only in depnds on

* Reverted addition of threat-grid-detonate-file and threat-grid-url-to-file commands (#1726)

* Update Intezer integration (#1727)

* Update Intezer integration - Malicious should be added only for bad reputation hashes.

* Update outputs

* change the url for 'GET request test' task (#1731)

* add command line output to cb defense (#1730)

* remove minemeld for now (#1732)

* remove minemeld for now

* skip minemeld test

* Fixed comments from code review

* Update playbook-RedLockTest.yml

Removed old command arguments from playbook tasks

* Added RedLock test

* Unskip Cybereason test (#1746)

* remove releasenotes for SEPM14 (#1622)

* remove releasenotes

* Update integration-SymantecEndpointProtection.yml

* ipinfo.io - Added support to use API token for paid plans (#1673)

* Added support to use API token for paid plans

* Add token to ipinfo_field command

* token

* only send token parameter if token is set

* '

* Remove "command-timeout" command argument for 3.6.1 (#1749)

* Removed argument "command-timeout" as this is replaced wtih the global argument with the same name and (effective) functionality.

* Removed depracated argument

* Renamed problematic argument instead of removing it.

* Renamed problematic argument instead of removing it (in test playbook).

* Rename integration-Carbon_Black_Enterprise_Live_Response_old.yml to integration-Carbon_Black_Enterprise_Live_Response_3.6.0.yml

* Handle tanium/vmware timeout on errors issue (#1751)

* handle errors from tanium integration

* handle errors from vmware integration

* unskip tests

* vmware - verify logout is done even if there is an error

* vmware - verify logout is done even if there is an error

* added release notes

* skip vmware test

* Script helper python arg order fix (#1754)

* fix arg order of args in pythoncommonserver doc

* set automationOnly tag for commonServer commands using executeCommand

* fix null argument descriptions in script helper

* releasenotes

* Fix circleci2 (#1759)

* try fix curl bad characters

* try fix curl bad characters

* fix space

* skip anomali test (#1763)

* Hybrid Analysis Integration (#1745)

* Hybrid Analysis Integration

* fixed fromversion

* Made requested changes

* Single-setup adjustments (#1752)

* Wildfire getReport bug fix (#1753)

* getReport bug fix
getReport bug fix

* Added empty RN

* Improved implementation

* Cylance Protect v2 device data context path fix (#1661)

* Cylance Protect v2 device data context path fix

* Made requested changes

* Made requested changes

* Fixed test according to context changes

* use the added command (#1761)

* use the added command

* deprecate

* Postgres fix error (#1765)

* fix error on no rows returned

* test playbook

* fix exception

* Fixed move-between-mailboxes using impersonation (#1766)

* Archer add fields checks and full results for get-records-by-report (#1744)

* Archer add fields checks and full results for get-records-by-report

* CR fixes

* Access Investigation - Generic (#1760)

* Access Investigation - Generic

New playbooks:
* Access Investigation - Generic
* Access Investigation - QRadar

Updated playbooks:
* IP Enrichment - Generic

New script:
* IPToHost

Updated script:
* EmailAskUser

* Add description

* add description

* Update task scheme

* CR fixes

* add systemAssociatedTypes (#1758)

* Vulnerability Management - Nexpose: (#1762)

* Vulnerability Management - Nexpose:

New playbooks:
* Vulnerability Handling - Nexpose
* Vulnerability Management - Nexpose (Job)

Updated playbooks:
* Calculate Severity - Generic
* Calculate Severity - 3rd-party integrations

New scriptL
* NexposeCreateIncidentsFromAssets

* CR fixes

* Add description

* bug fix

* Email sender in Python with embedded images (#1671)

* Email sender in Python with embedded images

* Added template variables in ugly way

* Changed default value for sender address at email sender integration

* removed empty lines at EOF

* added Mail Sender (New) integration & playbook

* added Mail Sender (New) integration & playbook

* removed old integration file (difference only in name of integration)

* changed email sender python (new) ID

* fixed playbook trying to activate script by old name and failing

* changed deletecontext script back to original

* added google apps integration for mail sender (new)

* Added newline support for base64 images in html

* Fix missing release notes (#1767)

* print commands outputs

* check if files exist

* refactor

* print files

* add prints

* check if file is empty

* grep error

* update git hash

* add missing rn

* revert config.yml

* remove prints

* add missing space

* removed palo alto from conf.json (#1771)

* removed palo alto from conf.json

* add running-playbooks widget (#1755)

* add running-playbooks widget

* Update widget-RunningPlaybooks.json

* Crowdstrike falcon intel v2 support (#1768)

* added crowdstrike intel test playbook + v2 indicator integration

* fixed format (whitespace missing)

* extended playbook cs-indicators

* added test-module by version, more documentation

* added releaseNotes to crowdstrike falcon intel

* remove approve action from tanium playbook (#1769)

* TruSTAR integration enhancements (#1772)

* Enhanced Trustar integration (#1706)

* Enhanced trustar integration

* Enhanced trustar integration

* Enhanced trustar integration

* Revert "Enhanced trustar integration"

This reverts commit c7aa5c9.

* Enhanced trustar integration

* Incorporated review comments for trustar integration

* Incorporated review comment - added priority level in entry context

* Added priority level to software indicator & in output parameter

* Priority level key error handled for treding and search indicators command

* Added RN

* new widget should be predfined (#1773)

* Recorded Future integration (#1764)

* Recorded Future integration

* Made requested changes

* Skip Intezer test (#1777)

* Add delay to intezer test playbook

* Skip Intezer test

* avoid error in domain format script (#1774)

* AWS ec2  (#1770)

* AWS EC2 Integration

* add get-latest-ami outputs

* added aws connection function

* add test playbooks

* fix test playbook location

* Fix describe instances context issue

* fix #12097 & describe instances tags output

* fix #12097 for all aws integrations

* Added new commands

* added release notes

* Nexpose enhancements (#1714)

* paste

* python

* add commands

* fix char

* reports

* scans, fixes

* outputs, login, scan wait

* test playbook

* image

* fixes #1

* rn, fixed playbook test

* add report formats

* fix test playbook

* fix test playbook

* fix test playbook

* merge

* add cve output, add raw outputs, search by multiple hosts & ips

* Removed start-scan commands

* Clear release notes (#1780)

* Clear release notes

* Update git hash

* Add fromversion field to relevant playbooks

* Added empty RN

* Enable Intezer test (#1779)

* spelling fixes (#1781)

* fix wether to whether

* relase notes

* Moved qualys test to skipped due to expired account issues (#1783)

currently fails content build nightly

* Demisto REST API - new commands to upload and download files (#1748)

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added scripts to download logs bundle, and upload files to war room

* Convert Incident fields to array (#1784)

* convert to list

* skip validate

* add import json

* use seek and truncate

* revert config yml

* Fix domain rep (#1785)

* domain fix reputation

* fix RN

* fix RN

* Crowdstrike falcon intel (#1790)

* crowdstrike falcon intel  change report id to retrieve due to size

* updating default value of API version to 2.0 (#1782)

* updating default value of API version to 2.0

1.6 is no longer available, 2.0 is the default version in the hosted environment

* Clear release notes (#1789)

* Clear release notes

* Update git hash

* Add fromversion field to relevant playbooks

* Added empty RN

* clear release notes after 18.7.1 release

* update git hash

* Replace demisto lock logo (#1792)

* Updated integration name source (#1775)

* Ews readable errors (#1788)

* Changed default authentication method to "Basic" in accordance with instance defaults for office365.

* Beautified error messages in test_module

* Handled case where no error message is set

* secureworks add default url -https://api.secureworks.com (#1798)

* secureworks add default url -https://api.secureworks.com

- fixes https://github.com/demisto/etc/issues/12378

* Update integration-SecureWorks.yml

* fix ArcSight ESM addEntries (#1797)

* fix ArcSight ESM addEntries

- if entries had passed from context as JSON then we got exception

* Update integration-ArcSightESM.yml

* Added eventType fetch filter (#1796)

* remove  `runonce: true` from phish.ai (#1799)

* remove  `runonce: true` from phish.ai

* add rn

* scripts - deprecate checkwhitelist + add filterbywhite lists (#1708)

* scripts - deprecate checkwhitelist + add filterbywhite lists

* Change wording

* add support for array input + change whitelist ot list

* malicious ration reputation script (#1778)

* malicious ration reputation script

* change script logic to return score as reputation script & DBot score

* disable TE test playbook (#1802)

* disable TE test playbook

* ignore right test

* Top malicious ratio indicators (#1750)

* Top malicious ratio indicators

* Fix script schema validation

* remove script schema validatiom

* fix CR

* add widget to display script results

* add fromversion
filter 0 malicious ratio

* add widget from version

* fix file format

* Fix desc build (#1808)

* adding RN

* add desc

* Replace integrations logos (#1807)

* Replace integrations logos

* Add release notes

* Add release notes

* Fixed logos

* fix widget should be isPredefined (#1818)

* fix widget should be isPredefined

* Update widget-TopMaliciousRationIndicators.json

* Validate widget isPredefined property is true (#1819)

Output in case some widget has 
`isPredefined: false`

```bash
Starting validate Widgets...
Failed: Widgets/widget-IncidentInErrorNumber.json failed
<SchemaError: error code 2: Schema validation failed:
 - Enum 'False' does not exist. Path: '/isPredefined'.: Path: '/'>
Finished validate Widgets
validate_files_structure.sh exiting with error
```

* Added traceback import (#1806)

* Added traceback import

* Moved redlock test to nightly (#1804)

* check proxy parameter before client.connect() (#1824)

* check proxy parameter before client.connect()

Attempting to connect to the splunk server before checking for the proxy parameter causes a connection timeout if the splunk server is not accessible without using a proxy.

* add release notes

* Change the term investigation to incident in the layouts. (#1825)

* FireEye URL submissions (#1743) (#1820)

* FireEye URL submissions (#1743)

* FireEye URL submissions

Added functionality to submit URLs to FireEye and retrieve their status.
Functions created are fe-submit-url and fe-submit-url-status

* Modify integration description

Modified integration description to aligh with naming standards and help user understand how certain parameters should be passed.

* Reverted fe-submit and fe-submit-status back to original name

Reverted fe-submit and fe-submit-status back to original name from fe-submit-file and fe-submit-status

* deleting file that is not part of integration

* Update integration-fireeye.yml

* added predefined parameters for commands

added predefined parameters for commands

* Added release notes

* Fixed Twilio test function (#1826)

* Fixed Teilio test function
Fixes https://github.com/demisto/etc/issues/12214

* CR fixes

* Feature/widgets for engine and workers (#1689)

* Widgets for engine and workers

* Fixed unnamed attachments bug (#1822)

* Fixed unnamed attachments bug.

* Handled possible case where attachment name is not a string.

* Corrected comparison method according to PEP-8 recommendation.

* enable TE again (#1828)

* add note to schema (#1830)

* Passive Total - added proxy and insecure parameters (#1814)

* added insecure and proxy settings
* proxy defaults to true and insecure defaults to false
* Fixed URL command, added IP and Domain
* Added to release notes

* add widget description (#1823)

* Recorded Future bug fix (#1832)

* Vulnerability Management issue fix (#1815)

* RTIR integration (#1833)

* RTIR Integration

* add return_error function

* added docstring

* Updated the regex (#1801) (#1834)

* Updated the regex (#1801)

Updated the regex to properly pull the detection ID.

Sometimes the detection ID changes in length, but it's always a number from 0-9

* add release notes

* RTIR Spanish support (#1835)

* RTIR integration spanish support

* RTIR integration spanish support

* prettify common server doc python error (#1836)

* limit fetch incidents from netwitness (#1800)

- fixes https://github.com/demisto/etc/issues/12195

* Update process email + phishing layout (#1813)

* Update process email + phishing layout

* And `HTML Rendered Image` MD field to phishing layout
* Add Base64 output to the `rasterize-email` command
* Update rasterized image to the Phishing summary page

TODO:
* Remove the HTML field mapping in the relevant integrations

* Update incidentfields.json

Change field name

* Update layout-details-Phishing.json

Change field name

* Update playbook-Process_Email_-_Generic.yml

change field name

* Update playbook-Process_Email_-_Generic.yml

big scheme issue

* Update playbook-Process_Email_-_Generic.yml

really fixing it

* Update incidentfields.json

typo fix

* Add scheme

* add missing tag

* Add release notes

* move note up (#1838)

* Repopulate files (#1839)

* Repopulate files adds the File context based on file entries

* Removed some lines

* Skipped redlock test (#1840)

* Skipped redlock test

* Removed duplicate test

* Zoom support within Demisto (#1757)

* Zoom support within Demisto

* fix typo

* - added test playbook to test zoom commands
- added automation script to generate a random email

* fixed 2 bugs in the zoom-fetch-recording:

1. Fetch recording didn't work because the wrong arg key was used (id instead of meeting_id)
2. Recording delete didn't work because params and headers weren't passed to the delete request

* Updated zoom test playbook

* changes requested in code review

* changes requested in code review

* Removed obsolete file that made tests fail

* Added description to zoom integration

* Handle tanium/vmware timeout on errors issue (#1751)

* handle errors from tanium integration

* handle errors from vmware integration

* unskip tests

* vmware - verify logout is done even if there is an error

* vmware - verify logout is done even if there is an error

* added release notes

* skip vmware test

* Script helper python arg order fix (#1754)

* fix arg order of args in pythoncommonserver doc

* set automationOnly tag for commonServer commands using executeCommand

* fix null argument descriptions in script helper

* releasenotes

* Fix circleci2 (#1759)

* try fix curl bad characters

* try fix curl bad characters

* fix space

* skip anomali test (#1763)

* Hybrid Analysis Integration (#1745)

* Hybrid Analysis Integration

* fixed fromversion

* Made requested changes

* Single-setup adjustments (#1752)

* Wildfire getReport bug fix (#1753)

* getReport bug fix
getReport bug fix

* Added empty RN

* Improved implementation

* Cylance Protect v2 device data context path fix (#1661)

* Cylance Protect v2 device data context path fix

* Made requested changes

* Made requested changes

* Fixed test according to context changes

* use the added command (#1761)

* use the added command

* deprecate

* Postgres fix error (#1765)

* fix error on no rows returned

* test playbook

* fix exception

* Fixed move-between-mailboxes using impersonation (#1766)

* Archer add fields checks and full results for get-records-by-report (#1744)

* Archer add fields checks and full results for get-records-by-report

* CR fixes

* Access Investigation - Generic (#1760)

* Access Investigation - Generic

New playbooks:
* Access Investigation - Generic
* Access Investigation - QRadar

Updated playbooks:
* IP Enrichment - Generic

New script:
* IPToHost

Updated script:
* EmailAskUser

* Add description

* add description

* Update task scheme

* CR fixes

* add systemAssociatedTypes (#1758)

* Vulnerability Management - Nexpose: (#1762)

* Vulnerability Management - Nexpose:

New playbooks:
* Vulnerability Handling - Nexpose
* Vulnerability Management - Nexpose (Job)

Updated playbooks:
* Calculate Severity - Generic
* Calculate Severity - 3rd-party integrations

New scriptL
* NexposeCreateIncidentsFromAssets

* CR fixes

* Add description

* bug fix

* Email sender in Python with embedded images (#1671)

* Email sender in Python with embedded images

* Added template variables in ugly way

* Changed default value for sender address at email sender integration

* removed empty lines at EOF

* added Mail Sender (New) integration & playbook

* added Mail Sender (New) integration & playbook

* removed old integration file (difference only in name of integration)

* changed email sender python (new) ID

* fixed playbook trying to activate script by old name and failing

* changed deletecontext script back to original

* added google apps integration for mail sender (new)

* Added newline support for base64 images in html

* Fix missing release notes (#1767)

* print commands outputs

* check if files exist

* refactor

* print files

* add prints

* check if file is empty

* grep error

* update git hash

* add missing rn

* revert config.yml

* remove prints

* add missing space

* removed palo alto from conf.json (#1771)

* removed palo alto from conf.json

* add running-playbooks widget (#1755)

* add running-playbooks widget

* Update widget-RunningPlaybooks.json

* Crowdstrike falcon intel v2 support (#1768)

* added crowdstrike intel test playbook + v2 indicator integration

* fixed format (whitespace missing)

* extended playbook cs-indicators

* added test-module by version, more documentation

* added releaseNotes to crowdstrike falcon intel

* remove approve action from tanium playbook (#1769)

* TruSTAR integration enhancements (#1772)

* Enhanced Trustar integration (#1706)

* Enhanced trustar integration

* Enhanced trustar integration

* Enhanced trustar integration

* Revert "Enhanced trustar integration"

This reverts commit c7aa5c9.

* Enhanced trustar integration

* Incorporated review comments for trustar integration

* Incorporated review comment - added priority level in entry context

* Added priority level to software indicator & in output parameter

* Priority level key error handled for treding and search indicators command

* Added RN

* new widget should be predfined (#1773)

* Recorded Future integration (#1764)

* Recorded Future integration

* Made requested changes

* Skip Intezer test (#1777)

* Add delay to intezer test playbook

* Skip Intezer test

* avoid error in domain format script (#1774)

* AWS ec2  (#1770)

* AWS EC2 Integration

* add get-latest-ami outputs

* added aws connection function

* add test playbooks

* fix test playbook location

* Fix describe instances context issue

* fix #12097 & describe instances tags output

* fix #12097 for all aws integrations

* Added new commands

* added release notes

* Nexpose enhancements (#1714)

* paste

* python

* add commands

* fix char

* reports

* scans, fixes

* outputs, login, scan wait

* test playbook

* image

* fixes #1

* rn, fixed playbook test

* add report formats

* fix test playbook

* fix test playbook

* fix test playbook

* merge

* add cve output, add raw outputs, search by multiple hosts & ips

* Removed start-scan commands

* Clear release notes (#1780)

* Clear release notes

* Update git hash

* Add fromversion field to relevant playbooks

* Added empty RN

* Enable Intezer test (#1779)

* spelling fixes (#1781)

* fix wether to whether

* relase notes

* Moved qualys test to skipped due to expired account issues (#1783)

currently fails content build nightly

* Demisto REST API - new commands to upload and download files (#1748)

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added scripts to download logs bundle, and upload files to war room

* Convert Incident fields to array (#1784)

* convert to list

* skip validate

* add import json

* use seek and truncate

* revert config yml

* Fix domain rep (#1785)

* domain fix reputation

* fix RN

* fix RN

* Crowdstrike falcon intel (#1790)

* crowdstrike falcon intel  change report id to retrieve due to size

* updating default value of API version to 2.0 (#1782)

* updating default value of API version to 2.0

1.6 is no longer available, 2.0 is the default version in the hosted environment

* Clear release notes (#1789)

* Clear release notes

* Update git hash

* Add fromversion field to relevant playbooks

* Added empty RN

* clear release notes after 18.7.1 release

* update git hash

* Replace demisto lock logo (#1792)

* Updated integration name source (#1775)

* Ews readable errors (#1788)

* Changed default authentication method to "Basic" in accordance with instance defaults for office365.

* Beautified error messages in test_module

* Handled case where no error message is set

* secureworks add default url -https://api.secureworks.com (#1798)

* secureworks add default url -https://api.secureworks.com

- fixes https://github.com/demisto/etc/issues/12378

* Update integration-SecureWorks.yml

* fix ArcSight ESM addEntries (#1797)

* fix ArcSight ESM addEntries

- if entries had passed from context as JSON then we got exception

* Update integration-ArcSightESM.yml

* Added eventType fetch filter (#1796)

* remove  `runonce: true` from phish.ai (#1799)

* remove  `runonce: true` from phish.ai

* add rn

* scripts - deprecate checkwhitelist + add filterbywhite lists (#1708)

* scripts - deprecate checkwhitelist + add filterbywhite lists

* Change wording

* add support for array input + change whitelist ot list

* malicious ration reputation script (#1778)

* malicious ration reputation script

* change script logic to return score as reputation script & DBot score

* disable TE test playbook (#1802)

* disable TE test playbook

* ignore right test

* Top malicious ratio indicators (#1750)

* Top malicious ratio indicators

* Fix script schema validation

* remove script schema validatiom

* fix CR

* add widget to display script results

* add fromversion
filter 0 malicious ratio

* add widget from version

* fix file format

* Fix desc build (#1808)

* adding RN

* add desc

* Replace integrations logos (#1807)

* Replace integrations logos

* Add release notes

* Add release notes

* Fixed logos

* fix widget should be isPredefined (#1818)

* fix widget should be isPredefined

* Update widget-TopMaliciousRationIndicators.json

* Validate widget isPredefined property is true (#1819)

Output in case some widget has 
`isPredefined: false`

```bash
Starting validate Widgets...
Failed: Widgets/widget-IncidentInErrorNumber.json failed
<SchemaError: error code 2: Schema validation failed:
 - Enum 'False' does not exist. Path: '/isPredefined'.: Path: '/'>
Finished validate Widgets
validate_files_structure.sh exiting with error
```

* Added traceback import (#1806)

* Added traceback import

* Moved redlock test to nightly (#1804)

* check proxy parameter before client.connect() (#1824)

* check proxy parameter before client.connect()

Attempting to connect to the splunk server before checking for the proxy parameter causes a connection timeout if the splunk server is not accessible without using a proxy.

* add release notes

* Change the term investigation to incident in the layouts. (#1825)

* FireEye URL submissions (#1743) (#1820)

* FireEye URL submissions (#1743)

* FireEye URL submissions

Added functionality to submit URLs to FireEye and retrieve their status.
Functions created are fe-submit-url and fe-submit-url-status

* Modify integration description

Modified integration description to aligh with naming standards and help user understand how certain parameters should be passed.

* Reverted fe-submit and fe-submit-status back to original name

Reverted fe-submit and fe-submit-status back to original name from fe-submit-file and fe-submit-status

* deleting file that is not part of integration

* Update integration-fireeye.yml

* added predefined parameters for commands

added predefined parameters for commands

* Added release notes

* Fixed Twilio test function (#1826)

* Fixed Teilio test function
Fixes https://github.com/demisto/etc/issues/12214

* CR fixes

* Feature/widgets for engine and workers (#1689)

* Widgets for engine and workers

* Fixed unnamed attachments bug (#1822)

* Fixed unnamed attachments bug.

* Handled possible case where attachment name is not a string.

* Corrected comparison method according to PEP-8 recommendation.

* enable TE again (#1828)

* add note to schema (#1830)

* Passive Total - added proxy and insecure parameters (#1814)

* added insecure and proxy settings
* proxy defaults to true and insecure defaults to false
* Fixed URL command, added IP and Domain
* Added to release notes

* add widget description (#1823)

* Recorded Future bug fix (#1832)

* Vulnerability Management issue fix (#1815)

* RTIR integration (#1833)

* RTIR Integration

* add return_error function

* added docstring

* Updated the regex (#1801) (#1834)

* Updated the regex (#1801)

Updated the regex to properly pull the detection ID.

Sometimes the detection ID changes in length, but it's always a number from 0-9

* add release notes

* RTIR Spanish support (#1835)

* RTIR integration spanish support

* RTIR integration spanish support

* prettify common server doc python error (#1836)

* limit fetch incidents from netwitness (#1800)

- fixes https://github.com/demisto/etc/issues/12195

* Update process email + phishing layout (#1813)

* Update process email + phishing layout

* And `HTML Rendered Image` MD field to phishing layout
* Add Base64 output to the `rasterize-email` command
* Update rasterized image to the Phishing summary page

TODO:
* Remove the HTML field mapping in the relevant integrations

* Update incidentfields.json

Change field name

* Update layout-details-Phishing.json

Change field name

* Update playbook-Process_Email_-_Generic.yml

change field name

* Update playbook-Process_Email_-_Generic.yml

big scheme issue

* Update playbook-Process_Email_-_Generic.yml

really fixing it

* Update incidentfields.json

typo fix

* Add scheme

* add missing tag

* Add release notes

* move note up (#1838)

* Repopulate files (#1839)

* Repopulate files adds the File context based on file entries

* Removed some lines

* Skipped redlock test (#1840)

* Skipped redlock test

* Removed duplicate test

* rebased master

* Bug fix - Detonate playbooks (#1846)

* Alien Vault OTX DBot Score removal (#1844)

* Alien Vault OTX DBot Score removal

* Removed AlienVault instance from tests and added VirusTotal

* Parse email files enhancements (#1843)

* Added support for "SMTP mail text, ASCII text" files. Fixed bug in email address extraction.

* Added test case for multiline address

* Fixed release note format

* Fixed release note format

* Created playbook-TestQradar (#1842)

* Created playbook-TestQradar

* 1. Updated Test playbooks id and version
2. Added QRadar to conf.json

* Clear release notes (#1847)

* Clear release notes

* Update git hash

* Add fromversion field to relevant playbooks

* Added empty RN

* clear release notes after 18.7.1 release

* update git hash

* 18.7.2 clear rn

* 18.7.2 changed git hash

* DeleteContext - added the ability to provide keys to keep (#1787)

* added the ability to provide keys to keep

* improving argument description

* improving argument description

* Demisto lock description fix and increase default timeout (#1849)

* fixed description of param and argument

* default timeout changed to 600 second (10 min)

* default timeout changed to 600 second (10 min)

* default timeout changed to 600 second (10 min)

* enhance ExportToCSV script (#1669)

* - add option to add csv headers as script argument
- add parsing in case of string input

* remove runonce

* add newline at the end of file

* add releaseNotes

* add newline at the end of the file

* handle array of strings

* handle boolean and number values

* modify to except more input types as valid inputs for csvArray

* add release notes

* add test playbook

* fix scriptName reference

* add test playbook

* rn

* versions

* ES6 to ES5

* added usage of return_error_and_exit in http_request

* Update integration-FireEye_ETP.yml

* fixed time formatting for last_run

* change fetch incidents to poll alerts

* Update integration-SplunkPy.yml

* fix diff

* add last alert creation time stamp to last run, to prevent duplicate incidents
anara123 pushed a commit that referenced this pull request Dec 6, 2018
Crowdstrike falcon intel v2 support (#1768)
d4e58db 
* added crowdstrike intel test playbook + v2 indicator integration

* fixed format (whitespace missing)

* extended playbook cs-indicators

* added test-module by version, more documentation

* added releaseNotes to crowdstrike falcon intel
anara123 pushed a commit that referenced this pull request Dec 6, 2018
@slavikm @DeanArbel
Zoom support within Demisto (#1757)
4ddd80a 
* Zoom support within Demisto

* fix typo

* - added test playbook to test zoom commands
- added automation script to generate a random email

* fixed 2 bugs in the zoom-fetch-recording:

1. Fetch recording didn't work because the wrong arg key was used (id instead of meeting_id)
2. Recording delete didn't work because params and headers weren't passed to the delete request

* Updated zoom test playbook

* changes requested in code review

* changes requested in code review

* Removed obsolete file that made tests fail

* Added description to zoom integration

* Handle tanium/vmware timeout on errors issue (#1751)

* handle errors from tanium integration

* handle errors from vmware integration

* unskip tests

* vmware - verify logout is done even if there is an error

* vmware - verify logout is done even if there is an error

* added release notes

* skip vmware test

* Script helper python arg order fix (#1754)

* fix arg order of args in pythoncommonserver doc

* set automationOnly tag for commonServer commands using executeCommand

* fix null argument descriptions in script helper

* releasenotes

* Fix circleci2 (#1759)

* try fix curl bad characters

* try fix curl bad characters

* fix space

* skip anomali test (#1763)

* Hybrid Analysis Integration (#1745)

* Hybrid Analysis Integration

* fixed fromversion

* Made requested changes

* Single-setup adjustments (#1752)

* Wildfire getReport bug fix (#1753)

* getReport bug fix
getReport bug fix

* Added empty RN

* Improved implementation

* Cylance Protect v2 device data context path fix (#1661)

* Cylance Protect v2 device data context path fix

* Made requested changes

* Made requested changes

* Fixed test according to context changes

* use the added command (#1761)

* use the added command

* deprecate

* Postgres fix error (#1765)

* fix error on no rows returned

* test playbook

* fix exception

* Fixed move-between-mailboxes using impersonation (#1766)

* Archer add fields checks and full results for get-records-by-report (#1744)

* Archer add fields checks and full results for get-records-by-report

* CR fixes

* Access Investigation - Generic (#1760)

* Access Investigation - Generic

New playbooks:
* Access Investigation - Generic
* Access Investigation - QRadar

Updated playbooks:
* IP Enrichment - Generic

New script:
* IPToHost

Updated script:
* EmailAskUser

* Add description

* add description

* Update task scheme

* CR fixes

* add systemAssociatedTypes (#1758)

* Vulnerability Management - Nexpose: (#1762)

* Vulnerability Management - Nexpose:

New playbooks:
* Vulnerability Handling - Nexpose
* Vulnerability Management - Nexpose (Job)

Updated playbooks:
* Calculate Severity - Generic
* Calculate Severity - 3rd-party integrations

New scriptL
* NexposeCreateIncidentsFromAssets

* CR fixes

* Add description

* bug fix

* Email sender in Python with embedded images (#1671)

* Email sender in Python with embedded images

* Added template variables in ugly way

* Changed default value for sender address at email sender integration

* removed empty lines at EOF

* added Mail Sender (New) integration & playbook

* added Mail Sender (New) integration & playbook

* removed old integration file (difference only in name of integration)

* changed email sender python (new) ID

* fixed playbook trying to activate script by old name and failing

* changed deletecontext script back to original

* added google apps integration for mail sender (new)

* Added newline support for base64 images in html

* Fix missing release notes (#1767)

* print commands outputs

* check if files exist

* refactor

* print files

* add prints

* check if file is empty

* grep error

* update git hash

* add missing rn

* revert config.yml

* remove prints

* add missing space

* removed palo alto from conf.json (#1771)

* removed palo alto from conf.json

* add running-playbooks widget (#1755)

* add running-playbooks widget

* Update widget-RunningPlaybooks.json

* Crowdstrike falcon intel v2 support (#1768)

* added crowdstrike intel test playbook + v2 indicator integration

* fixed format (whitespace missing)

* extended playbook cs-indicators

* added test-module by version, more documentation

* added releaseNotes to crowdstrike falcon intel

* remove approve action from tanium playbook (#1769)

* TruSTAR integration enhancements (#1772)

* Enhanced Trustar integration (#1706)

* Enhanced trustar integration

* Enhanced trustar integration

* Enhanced trustar integration

* Revert "Enhanced trustar integration"

This reverts commit c7aa5c9.

* Enhanced trustar integration

* Incorporated review comments for trustar integration

* Incorporated review comment - added priority level in entry context

* Added priority level to software indicator & in output parameter

* Priority level key error handled for treding and search indicators command

* Added RN

* new widget should be predfined (#1773)

* Recorded Future integration (#1764)

* Recorded Future integration

* Made requested changes

* Skip Intezer test (#1777)

* Add delay to intezer test playbook

* Skip Intezer test

* avoid error in domain format script (#1774)

* AWS ec2  (#1770)

* AWS EC2 Integration

* add get-latest-ami outputs

* added aws connection function

* add test playbooks

* fix test playbook location

* Fix describe instances context issue

* fix #12097 & describe instances tags output

* fix #12097 for all aws integrations

* Added new commands

* added release notes

* Nexpose enhancements (#1714)

* paste

* python

* add commands

* fix char

* reports

* scans, fixes

* outputs, login, scan wait

* test playbook

* image

* fixes #1

* rn, fixed playbook test

* add report formats

* fix test playbook

* fix test playbook

* fix test playbook

* merge

* add cve output, add raw outputs, search by multiple hosts & ips

* Removed start-scan commands

* Clear release notes (#1780)

* Clear release notes

* Update git hash

* Add fromversion field to relevant playbooks

* Added empty RN

* Enable Intezer test (#1779)

* spelling fixes (#1781)

* fix wether to whether

* relase notes

* Moved qualys test to skipped due to expired account issues (#1783)

currently fails content build nightly

* Demisto REST API - new commands to upload and download files (#1748)

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added scripts to download logs bundle, and upload files to war room

* Convert Incident fields to array (#1784)

* convert to list

* skip validate

* add import json

* use seek and truncate

* revert config yml

* Fix domain rep (#1785)

* domain fix reputation

* fix RN

* fix RN

* Crowdstrike falcon intel (#1790)

* crowdstrike falcon intel  change report id to retrieve due to size

* updating default value of API version to 2.0 (#1782)

* updating default value of API version to 2.0

1.6 is no longer available, 2.0 is the default version in the hosted environment

* Clear release notes (#1789)

* Clear release notes

* Update git hash

* Add fromversion field to relevant playbooks

* Added empty RN

* clear release notes after 18.7.1 release

* update git hash

* Replace demisto lock logo (#1792)

* Updated integration name source (#1775)

* Ews readable errors (#1788)

* Changed default authentication method to "Basic" in accordance with instance defaults for office365.

* Beautified error messages in test_module

* Handled case where no error message is set

* secureworks add default url -https://api.secureworks.com (#1798)

* secureworks add default url -https://api.secureworks.com

- fixes demisto/etc#12378

* Update integration-SecureWorks.yml

* fix ArcSight ESM addEntries (#1797)

* fix ArcSight ESM addEntries

- if entries had passed from context as JSON then we got exception

* Update integration-ArcSightESM.yml

* Added eventType fetch filter (#1796)

* remove  `runonce: true` from phish.ai (#1799)

* remove  `runonce: true` from phish.ai

* add rn

* scripts - deprecate checkwhitelist + add filterbywhite lists (#1708)

* scripts - deprecate checkwhitelist + add filterbywhite lists

* Change wording

* add support for array input + change whitelist ot list

* malicious ration reputation script (#1778)

* malicious ration reputation script

* change script logic to return score as reputation script & DBot score

* disable TE test playbook (#1802)

* disable TE test playbook

* ignore right test

* Top malicious ratio indicators (#1750)

* Top malicious ratio indicators

* Fix script schema validation

* remove script schema validatiom

* fix CR

* add widget to display script results

* add fromversion
filter 0 malicious ratio

* add widget from version

* fix file format

* Fix desc build (#1808)

* adding RN

* add desc

* Replace integrations logos (#1807)

* Replace integrations logos

* Add release notes

* Add release notes

* Fixed logos

* fix widget should be isPredefined (#1818)

* fix widget should be isPredefined

* Update widget-TopMaliciousRationIndicators.json

* Validate widget isPredefined property is true (#1819)

Output in case some widget has 
`isPredefined: false`

```bash
Starting validate Widgets...
Failed: Widgets/widget-IncidentInErrorNumber.json failed
<SchemaError: error code 2: Schema validation failed:
 - Enum 'False' does not exist. Path: '/isPredefined'.: Path: '/'>
Finished validate Widgets
validate_files_structure.sh exiting with error
```

* Added traceback import (#1806)

* Added traceback import

* Moved redlock test to nightly (#1804)

* check proxy parameter before client.connect() (#1824)

* check proxy parameter before client.connect()

Attempting to connect to the splunk server before checking for the proxy parameter causes a connection timeout if the splunk server is not accessible without using a proxy.

* add release notes

* Change the term investigation to incident in the layouts. (#1825)

* FireEye URL submissions (#1743) (#1820)

* FireEye URL submissions (#1743)

* FireEye URL submissions

Added functionality to submit URLs to FireEye and retrieve their status.
Functions created are fe-submit-url and fe-submit-url-status

* Modify integration description

Modified integration description to aligh with naming standards and help user understand how certain parameters should be passed.

* Reverted fe-submit and fe-submit-status back to original name

Reverted fe-submit and fe-submit-status back to original name from fe-submit-file and fe-submit-status

* deleting file that is not part of integration

* Update integration-fireeye.yml

* added predefined parameters for commands

added predefined parameters for commands

* Added release notes

* Fixed Twilio test function (#1826)

* Fixed Teilio test function
Fixes demisto/etc#12214

* CR fixes

* Feature/widgets for engine and workers (#1689)

* Widgets for engine and workers

* Fixed unnamed attachments bug (#1822)

* Fixed unnamed attachments bug.

* Handled possible case where attachment name is not a string.

* Corrected comparison method according to PEP-8 recommendation.

* enable TE again (#1828)

* add note to schema (#1830)

* Passive Total - added proxy and insecure parameters (#1814)

* added insecure and proxy settings
* proxy defaults to true and insecure defaults to false
* Fixed URL command, added IP and Domain
* Added to release notes

* add widget description (#1823)

* Recorded Future bug fix (#1832)

* Vulnerability Management issue fix (#1815)

* RTIR integration (#1833)

* RTIR Integration

* add return_error function

* added docstring

* Updated the regex (#1801) (#1834)

* Updated the regex (#1801)

Updated the regex to properly pull the detection ID.

Sometimes the detection ID changes in length, but it's always a number from 0-9

* add release notes

* RTIR Spanish support (#1835)

* RTIR integration spanish support

* RTIR integration spanish support

* prettify common server doc python error (#1836)

* limit fetch incidents from netwitness (#1800)

- fixes demisto/etc#12195

* Update process email + phishing layout (#1813)

* Update process email + phishing layout

* And `HTML Rendered Image` MD field to phishing layout
* Add Base64 output to the `rasterize-email` command
* Update rasterized image to the Phishing summary page

TODO:
* Remove the HTML field mapping in the relevant integrations

* Update incidentfields.json

Change field name

* Update layout-details-Phishing.json

Change field name

* Update playbook-Process_Email_-_Generic.yml

change field name

* Update playbook-Process_Email_-_Generic.yml

big scheme issue

* Update playbook-Process_Email_-_Generic.yml

really fixing it

* Update incidentfields.json

typo fix

* Add scheme

* add missing tag

* Add release notes

* move note up (#1838)

* Repopulate files (#1839)

* Repopulate files adds the File context based on file entries

* Removed some lines

* Skipped redlock test (#1840)

* Skipped redlock test

* Removed duplicate test

* rebased master
anara123 pushed a commit that referenced this pull request Dec 6, 2018
@noaco
FireEye ETP integration (#1735)
2b13aa0 
* add etp integration

* add outputs description

* print response text and fix milliseconds when fetching

* Fireeye etp integration fixes (#1853)

* Clear release notes (#1733)

* clear rn

* git hash

* fix cylance test (#1740)

- make the test run in sequance instead of parallel
- command was failing because didnt found some threat

* Farsight DNSDB - Added handling for 404 and 400 responses (#1675)

* Added handling for 404 and 400 responses

graceful handling of no inforamaion found condition
Also improved humanreadable for results

* fix commonfields

fix commonfields

* Added test plybook for DNSDB

Farsight DNSDB test playbook

* Remove special support for EWS (#1736)

* Remove special support for EWS
Remove special playbook for custom fields (Use "setIncident" instead)

* Add release notes

* CR fixes

* move qualys test to nightly - it requires only single run of build in parallel (#1697)

* add connections to canvas suggestions (#1729)

* add connections to canvas suggestions

* fix schema validation

* Add vt connections (#1742)

add VT connections

* Ews untitled/empty attachments (#1728)

* Fixed handling untitled/empty attachments

* Added null checks for on attachment content.

* Implemented workaround for exchangelib not handling empty file attachments (zero bytes)

* Added empty attachment test playbook

* Support for RedLock alerts (#1721) (#1738)

* Support for RedLock alerts (#1721)

* Support for RedLock alerts

* Fixes issue with EWS Search and Delete (#1696)

* Fixes issue with EWS Search and Delete

* CR fixes
* Fix typo and releaseNotes
* Add Test playbook
* Remove forward/ replay prefixes only from beginning of Subject

* Update "Detonate File - Generic" (#1722)

* Update "Detonate File - Generic"
* Improve documentation
* Add supported file types
* Add support for updated Falcon integration

* Add outputs description

* Add output description

* Remove auto-log from QRadarFullSearch (#1715)

* Remove auto-log from QRadarFullSearch

Was automatically printing logs to the war-room

* Fix CR

* CrowdStrike Falcon Sandbox enhancements and fixes (#1635)

* Netskope integration test fix

* CrowdStrike Falcon Sandbox enhancements and fixes

* Made requested changes

* add context canvas connections (#1718)

* add context canvas connections

* add schema validation

* updated argument types (#1725)

* Update playbook-RedLockTest.yml

Fixed and rephrased some task names.

* Added fetch-incidents

* Splunkpy search (#1717)

* add enhancement script for splunk search

* add to indicator types SplunkSearchPy

* use cmd only in depnds on

* Reverted addition of threat-grid-detonate-file and threat-grid-url-to-file commands (#1726)

* Update Intezer integration (#1727)

* Update Intezer integration - Malicious should be added only for bad reputation hashes.

* Update outputs

* change the url for 'GET request test' task (#1731)

* add command line output to cb defense (#1730)

* remove minemeld for now (#1732)

* remove minemeld for now

* skip minemeld test

* Fixed comments from code review

* Update playbook-RedLockTest.yml

Removed old command arguments from playbook tasks

* Added RedLock test

* Unskip Cybereason test (#1746)

* remove releasenotes for SEPM14 (#1622)

* remove releasenotes

* Update integration-SymantecEndpointProtection.yml

* ipinfo.io - Added support to use API token for paid plans (#1673)

* Added support to use API token for paid plans

* Add token to ipinfo_field command

* token

* only send token parameter if token is set

* '

* Remove "command-timeout" command argument for 3.6.1 (#1749)

* Removed argument "command-timeout" as this is replaced wtih the global argument with the same name and (effective) functionality.

* Removed depracated argument

* Renamed problematic argument instead of removing it.

* Renamed problematic argument instead of removing it (in test playbook).

* Rename integration-Carbon_Black_Enterprise_Live_Response_old.yml to integration-Carbon_Black_Enterprise_Live_Response_3.6.0.yml

* Handle tanium/vmware timeout on errors issue (#1751)

* handle errors from tanium integration

* handle errors from vmware integration

* unskip tests

* vmware - verify logout is done even if there is an error

* vmware - verify logout is done even if there is an error

* added release notes

* skip vmware test

* Script helper python arg order fix (#1754)

* fix arg order of args in pythoncommonserver doc

* set automationOnly tag for commonServer commands using executeCommand

* fix null argument descriptions in script helper

* releasenotes

* Fix circleci2 (#1759)

* try fix curl bad characters

* try fix curl bad characters

* fix space

* skip anomali test (#1763)

* Hybrid Analysis Integration (#1745)

* Hybrid Analysis Integration

* fixed fromversion

* Made requested changes

* Single-setup adjustments (#1752)

* Wildfire getReport bug fix (#1753)

* getReport bug fix
getReport bug fix

* Added empty RN

* Improved implementation

* Cylance Protect v2 device data context path fix (#1661)

* Cylance Protect v2 device data context path fix

* Made requested changes

* Made requested changes

* Fixed test according to context changes

* use the added command (#1761)

* use the added command

* deprecate

* Postgres fix error (#1765)

* fix error on no rows returned

* test playbook

* fix exception

* Fixed move-between-mailboxes using impersonation (#1766)

* Archer add fields checks and full results for get-records-by-report (#1744)

* Archer add fields checks and full results for get-records-by-report

* CR fixes

* Access Investigation - Generic (#1760)

* Access Investigation - Generic

New playbooks:
* Access Investigation - Generic
* Access Investigation - QRadar

Updated playbooks:
* IP Enrichment - Generic

New script:
* IPToHost

Updated script:
* EmailAskUser

* Add description

* add description

* Update task scheme

* CR fixes

* add systemAssociatedTypes (#1758)

* Vulnerability Management - Nexpose: (#1762)

* Vulnerability Management - Nexpose:

New playbooks:
* Vulnerability Handling - Nexpose
* Vulnerability Management - Nexpose (Job)

Updated playbooks:
* Calculate Severity - Generic
* Calculate Severity - 3rd-party integrations

New scriptL
* NexposeCreateIncidentsFromAssets

* CR fixes

* Add description

* bug fix

* Email sender in Python with embedded images (#1671)

* Email sender in Python with embedded images

* Added template variables in ugly way

* Changed default value for sender address at email sender integration

* removed empty lines at EOF

* added Mail Sender (New) integration & playbook

* added Mail Sender (New) integration & playbook

* removed old integration file (difference only in name of integration)

* changed email sender python (new) ID

* fixed playbook trying to activate script by old name and failing

* changed deletecontext script back to original

* added google apps integration for mail sender (new)

* Added newline support for base64 images in html

* Fix missing release notes (#1767)

* print commands outputs

* check if files exist

* refactor

* print files

* add prints

* check if file is empty

* grep error

* update git hash

* add missing rn

* revert config.yml

* remove prints

* add missing space

* removed palo alto from conf.json (#1771)

* removed palo alto from conf.json

* add running-playbooks widget (#1755)

* add running-playbooks widget

* Update widget-RunningPlaybooks.json

* Crowdstrike falcon intel v2 support (#1768)

* added crowdstrike intel test playbook + v2 indicator integration

* fixed format (whitespace missing)

* extended playbook cs-indicators

* added test-module by version, more documentation

* added releaseNotes to crowdstrike falcon intel

* remove approve action from tanium playbook (#1769)

* TruSTAR integration enhancements (#1772)

* Enhanced Trustar integration (#1706)

* Enhanced trustar integration

* Enhanced trustar integration

* Enhanced trustar integration

* Revert "Enhanced trustar integration"

This reverts commit c7aa5c9.

* Enhanced trustar integration

* Incorporated review comments for trustar integration

* Incorporated review comment - added priority level in entry context

* Added priority level to software indicator & in output parameter

* Priority level key error handled for treding and search indicators command

* Added RN

* new widget should be predfined (#1773)

* Recorded Future integration (#1764)

* Recorded Future integration

* Made requested changes

* Skip Intezer test (#1777)

* Add delay to intezer test playbook

* Skip Intezer test

* avoid error in domain format script (#1774)

* AWS ec2  (#1770)

* AWS EC2 Integration

* add get-latest-ami outputs

* added aws connection function

* add test playbooks

* fix test playbook location

* Fix describe instances context issue

* fix #12097 & describe instances tags output

* fix #12097 for all aws integrations

* Added new commands

* added release notes

* Nexpose enhancements (#1714)

* paste

* python

* add commands

* fix char

* reports

* scans, fixes

* outputs, login, scan wait

* test playbook

* image

* fixes #1

* rn, fixed playbook test

* add report formats

* fix test playbook

* fix test playbook

* fix test playbook

* merge

* add cve output, add raw outputs, search by multiple hosts & ips

* Removed start-scan commands

* Clear release notes (#1780)

* Clear release notes

* Update git hash

* Add fromversion field to relevant playbooks

* Added empty RN

* Enable Intezer test (#1779)

* spelling fixes (#1781)

* fix wether to whether

* relase notes

* Moved qualys test to skipped due to expired account issues (#1783)

currently fails content build nightly

* Demisto REST API - new commands to upload and download files (#1748)

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added scripts to download logs bundle, and upload files to war room

* Convert Incident fields to array (#1784)

* convert to list

* skip validate

* add import json

* use seek and truncate

* revert config yml

* Fix domain rep (#1785)

* domain fix reputation

* fix RN

* fix RN

* Crowdstrike falcon intel (#1790)

* crowdstrike falcon intel  change report id to retrieve due to size

* updating default value of API version to 2.0 (#1782)

* updating default value of API version to 2.0

1.6 is no longer available, 2.0 is the default version in the hosted environment

* Clear release notes (#1789)

* Clear release notes

* Update git hash

* Add fromversion field to relevant playbooks

* Added empty RN

* clear release notes after 18.7.1 release

* update git hash

* Replace demisto lock logo (#1792)

* Updated integration name source (#1775)

* Ews readable errors (#1788)

* Changed default authentication method to "Basic" in accordance with instance defaults for office365.

* Beautified error messages in test_module

* Handled case where no error message is set

* secureworks add default url -https://api.secureworks.com (#1798)

* secureworks add default url -https://api.secureworks.com

- fixes https://github.com/demisto/etc/issues/12378

* Update integration-SecureWorks.yml

* fix ArcSight ESM addEntries (#1797)

* fix ArcSight ESM addEntries

- if entries had passed from context as JSON then we got exception

* Update integration-ArcSightESM.yml

* Added eventType fetch filter (#1796)

* remove  `runonce: true` from phish.ai (#1799)

* remove  `runonce: true` from phish.ai

* add rn

* scripts - deprecate checkwhitelist + add filterbywhite lists (#1708)

* scripts - deprecate checkwhitelist + add filterbywhite lists

* Change wording

* add support for array input + change whitelist ot list

* malicious ration reputation script (#1778)

* malicious ration reputation script

* change script logic to return score as reputation script & DBot score

* disable TE test playbook (#1802)

* disable TE test playbook

* ignore right test

* Top malicious ratio indicators (#1750)

* Top malicious ratio indicators

* Fix script schema validation

* remove script schema validatiom

* fix CR

* add widget to display script results

* add fromversion
filter 0 malicious ratio

* add widget from version

* fix file format

* Fix desc build (#1808)

* adding RN

* add desc

* Replace integrations logos (#1807)

* Replace integrations logos

* Add release notes

* Add release notes

* Fixed logos

* fix widget should be isPredefined (#1818)

* fix widget should be isPredefined

* Update widget-TopMaliciousRationIndicators.json

* Validate widget isPredefined property is true (#1819)

Output in case some widget has 
`isPredefined: false`

```bash
Starting validate Widgets...
Failed: Widgets/widget-IncidentInErrorNumber.json failed
<SchemaError: error code 2: Schema validation failed:
 - Enum 'False' does not exist. Path: '/isPredefined'.: Path: '/'>
Finished validate Widgets
validate_files_structure.sh exiting with error
```

* Added traceback import (#1806)

* Added traceback import

* Moved redlock test to nightly (#1804)

* check proxy parameter before client.connect() (#1824)

* check proxy parameter before client.connect()

Attempting to connect to the splunk server before checking for the proxy parameter causes a connection timeout if the splunk server is not accessible without using a proxy.

* add release notes

* Change the term investigation to incident in the layouts. (#1825)

* FireEye URL submissions (#1743) (#1820)

* FireEye URL submissions (#1743)

* FireEye URL submissions

Added functionality to submit URLs to FireEye and retrieve their status.
Functions created are fe-submit-url and fe-submit-url-status

* Modify integration description

Modified integration description to aligh with naming standards and help user understand how certain parameters should be passed.

* Reverted fe-submit and fe-submit-status back to original name

Reverted fe-submit and fe-submit-status back to original name from fe-submit-file and fe-submit-status

* deleting file that is not part of integration

* Update integration-fireeye.yml

* added predefined parameters for commands

added predefined parameters for commands

* Added release notes

* Fixed Twilio test function (#1826)

* Fixed Teilio test function
Fixes https://github.com/demisto/etc/issues/12214

* CR fixes

* Feature/widgets for engine and workers (#1689)

* Widgets for engine and workers

* Fixed unnamed attachments bug (#1822)

* Fixed unnamed attachments bug.

* Handled possible case where attachment name is not a string.

* Corrected comparison method according to PEP-8 recommendation.

* enable TE again (#1828)

* add note to schema (#1830)

* Passive Total - added proxy and insecure parameters (#1814)

* added insecure and proxy settings
* proxy defaults to true and insecure defaults to false
* Fixed URL command, added IP and Domain
* Added to release notes

* add widget description (#1823)

* Recorded Future bug fix (#1832)

* Vulnerability Management issue fix (#1815)

* RTIR integration (#1833)

* RTIR Integration

* add return_error function

* added docstring

* Updated the regex (#1801) (#1834)

* Updated the regex (#1801)

Updated the regex to properly pull the detection ID.

Sometimes the detection ID changes in length, but it's always a number from 0-9

* add release notes

* RTIR Spanish support (#1835)

* RTIR integration spanish support

* RTIR integration spanish support

* prettify common server doc python error (#1836)

* limit fetch incidents from netwitness (#1800)

- fixes https://github.com/demisto/etc/issues/12195

* Update process email + phishing layout (#1813)

* Update process email + phishing layout

* And `HTML Rendered Image` MD field to phishing layout
* Add Base64 output to the `rasterize-email` command
* Update rasterized image to the Phishing summary page

TODO:
* Remove the HTML field mapping in the relevant integrations

* Update incidentfields.json

Change field name

* Update layout-details-Phishing.json

Change field name

* Update playbook-Process_Email_-_Generic.yml

change field name

* Update playbook-Process_Email_-_Generic.yml

big scheme issue

* Update playbook-Process_Email_-_Generic.yml

really fixing it

* Update incidentfields.json

typo fix

* Add scheme

* add missing tag

* Add release notes

* move note up (#1838)

* Repopulate files (#1839)

* Repopulate files adds the File context based on file entries

* Removed some lines

* Skipped redlock test (#1840)

* Skipped redlock test

* Removed duplicate test

* Zoom support within Demisto (#1757)

* Zoom support within Demisto

* fix typo

* - added test playbook to test zoom commands
- added automation script to generate a random email

* fixed 2 bugs in the zoom-fetch-recording:

1. Fetch recording didn't work because the wrong arg key was used (id instead of meeting_id)
2. Recording delete didn't work because params and headers weren't passed to the delete request

* Updated zoom test playbook

* changes requested in code review

* changes requested in code review

* Removed obsolete file that made tests fail

* Added description to zoom integration

* Handle tanium/vmware timeout on errors issue (#1751)

* handle errors from tanium integration

* handle errors from vmware integration

* unskip tests

* vmware - verify logout is done even if there is an error

* vmware - verify logout is done even if there is an error

* added release notes

* skip vmware test

* Script helper python arg order fix (#1754)

* fix arg order of args in pythoncommonserver doc

* set automationOnly tag for commonServer commands using executeCommand

* fix null argument descriptions in script helper

* releasenotes

* Fix circleci2 (#1759)

* try fix curl bad characters

* try fix curl bad characters

* fix space

* skip anomali test (#1763)

* Hybrid Analysis Integration (#1745)

* Hybrid Analysis Integration

* fixed fromversion

* Made requested changes

* Single-setup adjustments (#1752)

* Wildfire getReport bug fix (#1753)

* getReport bug fix
getReport bug fix

* Added empty RN

* Improved implementation

* Cylance Protect v2 device data context path fix (#1661)

* Cylance Protect v2 device data context path fix

* Made requested changes

* Made requested changes

* Fixed test according to context changes

* use the added command (#1761)

* use the added command

* deprecate

* Postgres fix error (#1765)

* fix error on no rows returned

* test playbook

* fix exception

* Fixed move-between-mailboxes using impersonation (#1766)

* Archer add fields checks and full results for get-records-by-report (#1744)

* Archer add fields checks and full results for get-records-by-report

* CR fixes

* Access Investigation - Generic (#1760)

* Access Investigation - Generic

New playbooks:
* Access Investigation - Generic
* Access Investigation - QRadar

Updated playbooks:
* IP Enrichment - Generic

New script:
* IPToHost

Updated script:
* EmailAskUser

* Add description

* add description

* Update task scheme

* CR fixes

* add systemAssociatedTypes (#1758)

* Vulnerability Management - Nexpose: (#1762)

* Vulnerability Management - Nexpose:

New playbooks:
* Vulnerability Handling - Nexpose
* Vulnerability Management - Nexpose (Job)

Updated playbooks:
* Calculate Severity - Generic
* Calculate Severity - 3rd-party integrations

New scriptL
* NexposeCreateIncidentsFromAssets

* CR fixes

* Add description

* bug fix

* Email sender in Python with embedded images (#1671)

* Email sender in Python with embedded images

* Added template variables in ugly way

* Changed default value for sender address at email sender integration

* removed empty lines at EOF

* added Mail Sender (New) integration & playbook

* added Mail Sender (New) integration & playbook

* removed old integration file (difference only in name of integration)

* changed email sender python (new) ID

* fixed playbook trying to activate script by old name and failing

* changed deletecontext script back to original

* added google apps integration for mail sender (new)

* Added newline support for base64 images in html

* Fix missing release notes (#1767)

* print commands outputs

* check if files exist

* refactor

* print files

* add prints

* check if file is empty

* grep error

* update git hash

* add missing rn

* revert config.yml

* remove prints

* add missing space

* removed palo alto from conf.json (#1771)

* removed palo alto from conf.json

* add running-playbooks widget (#1755)

* add running-playbooks widget

* Update widget-RunningPlaybooks.json

* Crowdstrike falcon intel v2 support (#1768)

* added crowdstrike intel test playbook + v2 indicator integration

* fixed format (whitespace missing)

* extended playbook cs-indicators

* added test-module by version, more documentation

* added releaseNotes to crowdstrike falcon intel

* remove approve action from tanium playbook (#1769)

* TruSTAR integration enhancements (#1772)

* Enhanced Trustar integration (#1706)

* Enhanced trustar integration

* Enhanced trustar integration

* Enhanced trustar integration

* Revert "Enhanced trustar integration"

This reverts commit c7aa5c9.

* Enhanced trustar integration

* Incorporated review comments for trustar integration

* Incorporated review comment - added priority level in entry context

* Added priority level to software indicator & in output parameter

* Priority level key error handled for treding and search indicators command

* Added RN

* new widget should be predfined (#1773)

* Recorded Future integration (#1764)

* Recorded Future integration

* Made requested changes

* Skip Intezer test (#1777)

* Add delay to intezer test playbook

* Skip Intezer test

* avoid error in domain format script (#1774)

* AWS ec2  (#1770)

* AWS EC2 Integration

* add get-latest-ami outputs

* added aws connection function

* add test playbooks

* fix test playbook location

* Fix describe instances context issue

* fix #12097 & describe instances tags output

* fix #12097 for all aws integrations

* Added new commands

* added release notes

* Nexpose enhancements (#1714)

* paste

* python

* add commands

* fix char

* reports

* scans, fixes

* outputs, login, scan wait

* test playbook

* image

* fixes #1

* rn, fixed playbook test

* add report formats

* fix test playbook

* fix test playbook

* fix test playbook

* merge

* add cve output, add raw outputs, search by multiple hosts & ips

* Removed start-scan commands

* Clear release notes (#1780)

* Clear release notes

* Update git hash

* Add fromversion field to relevant playbooks

* Added empty RN

* Enable Intezer test (#1779)

* spelling fixes (#1781)

* fix wether to whether

* relase notes

* Moved qualys test to skipped due to expired account issues (#1783)

currently fails content build nightly

* Demisto REST API - new commands to upload and download files (#1748)

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added multipart and download commands

* added scripts to download logs bundle, and upload files to war room

* Convert Incident fields to array (#1784)

* convert to list

* skip validate

* add import json

* use seek and truncate

* revert config yml

* Fix domain rep (#1785)

* domain fix reputation

* fix RN

* fix RN

* Crowdstrike falcon intel (#1790)

* crowdstrike falcon intel  change report id to retrieve due to size

* updating default value of API version to 2.0 (#1782)

* updating default value of API version to 2.0

1.6 is no longer available, 2.0 is the default version in the hosted environment

* Clear release notes (#1789)

* Clear release notes

* Update git hash

* Add fromversion field to relevant playbooks

* Added empty RN

* clear release notes after 18.7.1 release

* update git hash

* Replace demisto lock logo (#1792)

* Updated integration name source (#1775)

* Ews readable errors (#1788)

* Changed default authentication method to "Basic" in accordance with instance defaults for office365.

* Beautified error messages in test_module

* Handled case where no error message is set

* secureworks add default url -https://api.secureworks.com (#1798)

* secureworks add default url -https://api.secureworks.com

- fixes https://github.com/demisto/etc/issues/12378

* Update integration-SecureWorks.yml

* fix ArcSight ESM addEntries (#1797)

* fix ArcSight ESM addEntries

- if entries had passed from context as JSON then we got exception

* Update integration-ArcSightESM.yml

* Added eventType fetch filter (#1796)

* remove  `runonce: true` from phish.ai (#1799)

* remove  `runonce: true` from phish.ai

* add rn

* scripts - deprecate checkwhitelist + add filterbywhite lists (#1708)

* scripts - deprecate checkwhitelist + add filterbywhite lists

* Change wording

* add support for array input + change whitelist ot list

* malicious ration reputation script (#1778)

* malicious ration reputation script

* change script logic to return score as reputation script & DBot score

* disable TE test playbook (#1802)

* disable TE test playbook

* ignore right test

* Top malicious ratio indicators (#1750)

* Top malicious ratio indicators

* Fix script schema validation

* remove script schema validatiom

* fix CR

* add widget to display script results

* add fromversion
filter 0 malicious ratio

* add widget from version

* fix file format

* Fix desc build (#1808)

* adding RN

* add desc

* Replace integrations logos (#1807)

* Replace integrations logos

* Add release notes

* Add release notes

* Fixed logos

* fix widget should be isPredefined (#1818)

* fix widget should be isPredefined

* Update widget-TopMaliciousRationIndicators.json

* Validate widget isPredefined property is true (#1819)

Output in case some widget has 
`isPredefined: false`

```bash
Starting validate Widgets...
Failed: Widgets/widget-IncidentInErrorNumber.json failed
<SchemaError: error code 2: Schema validation failed:
 - Enum 'False' does not exist. Path: '/isPredefined'.: Path: '/'>
Finished validate Widgets
validate_files_structure.sh exiting with error
```

* Added traceback import (#1806)

* Added traceback import

* Moved redlock test to nightly (#1804)

* check proxy parameter before client.connect() (#1824)

* check proxy parameter before client.connect()

Attempting to connect to the splunk server before checking for the proxy parameter causes a connection timeout if the splunk server is not accessible without using a proxy.

* add release notes

* Change the term investigation to incident in the layouts. (#1825)

* FireEye URL submissions (#1743) (#1820)

* FireEye URL submissions (#1743)

* FireEye URL submissions

Added functionality to submit URLs to FireEye and retrieve their status.
Functions created are fe-submit-url and fe-submit-url-status

* Modify integration description

Modified integration description to aligh with naming standards and help user understand how certain parameters should be passed.

* Reverted fe-submit and fe-submit-status back to original name

Reverted fe-submit and fe-submit-status back to original name from fe-submit-file and fe-submit-status

* deleting file that is not part of integration

* Update integration-fireeye.yml

* added predefined parameters for commands

added predefined parameters for commands

* Added release notes

* Fixed Twilio test function (#1826)

* Fixed Teilio test function
Fixes https://github.com/demisto/etc/issues/12214

* CR fixes

* Feature/widgets for engine and workers (#1689)

* Widgets for engine and workers

* Fixed unnamed attachments bug (#1822)

* Fixed unnamed attachments bug.

* Handled possible case where attachment name is not a string.

* Corrected comparison method according to PEP-8 recommendation.

* enable TE again (#1828)

* add note to schema (#1830)

* Passive Total - added proxy and insecure parameters (#1814)

* added insecure and proxy settings
* proxy defaults to true and insecure defaults to false
* Fixed URL command, added IP and Domain
* Added to release notes

* add widget description (#1823)

* Recorded Future bug fix (#1832)

* Vulnerability Management issue fix (#1815)

* RTIR integration (#1833)

* RTIR Integration

* add return_error function

* added docstring

* Updated the regex (#1801) (#1834)

* Updated the regex (#1801)

Updated the regex to properly pull the detection ID.

Sometimes the detection ID changes in length, but it's always a number from 0-9

* add release notes

* RTIR Spanish support (#1835)

* RTIR integration spanish support

* RTIR integration spanish support

* prettify common server doc python error (#1836)

* limit fetch incidents from netwitness (#1800)

- fixes https://github.com/demisto/etc/issues/12195

* Update process email + phishing layout (#1813)

* Update process email + phishing layout

* And `HTML Rendered Image` MD field to phishing layout
* Add Base64 output to the `rasterize-email` command
* Update rasterized image to the Phishing summary page

TODO:
* Remove the HTML field mapping in the relevant integrations

* Update incidentfields.json

Change field name

* Update layout-details-Phishing.json

Change field name

* Update playbook-Process_Email_-_Generic.yml

change field name

* Update playbook-Process_Email_-_Generic.yml

big scheme issue

* Update playbook-Process_Email_-_Generic.yml

really fixing it

* Update incidentfields.json

typo fix

* Add scheme

* add missing tag

* Add release notes

* move note up (#1838)

* Repopulate files (#1839)

* Repopulate files adds the File context based on file entries

* Removed some lines

* Skipped redlock test (#1840)

* Skipped redlock test

* Removed duplicate test

* rebased master

* Bug fix - Detonate playbooks (#1846)

* Alien Vault OTX DBot Score removal (#1844)

* Alien Vault OTX DBot Score removal

* Removed AlienVault instance from tests and added VirusTotal

* Parse email files enhancements (#1843)

* Added support for "SMTP mail text, ASCII text" files. Fixed bug in email address extraction.

* Added test case for multiline address

* Fixed release note format

* Fixed release note format

* Created playbook-TestQradar (#1842)

* Created playbook-TestQradar

* 1. Updated Test playbooks id and version
2. Added QRadar to conf.json

* Clear release notes (#1847)

* Clear release notes

* Update git hash

* Add fromversion field to relevant playbooks

* Added empty RN

* clear release notes after 18.7.1 release

* update git hash

* 18.7.2 clear rn

* 18.7.2 changed git hash

* DeleteContext - added the ability to provide keys to keep (#1787)

* added the ability to provide keys to keep

* improving argument description

* improving argument description

* Demisto lock description fix and increase default timeout (#1849)

* fixed description of param and argument

* default timeout changed to 600 second (10 min)

* default timeout changed to 600 second (10 min)

* default timeout changed to 600 second (10 min)

* enhance ExportToCSV script (#1669)

* - add option to add csv headers as script argument
- add parsing in case of string input

* remove runonce

* add newline at the end of file

* add releaseNotes

* add newline at the end of the file

* handle array of strings

* handle boolean and number values

* modify to except more input types as valid inputs for csvArray

* add release notes

* add test playbook

* fix scriptName reference

* add test playbook

* rn

* versions

* ES6 to ES5

* added usage of return_error_and_exit in http_request

* Update integration-FireEye_ETP.yml

* fixed time formatting for last_run

* change fetch incidents to poll alerts

* Update integration-SplunkPy.yml

* fix diff

* add last alert creation time stamp to last run, to prevent duplicate incidents
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anara123 anara123 anara123 approved these changes

Assignees

@yardensade yardensade

@JonathanMeler JonathanMeler

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@yardensade @anara123 @JonathanMeler