From 27e05536b6c7e3f9731f9e53d9e0acdc30bf16cc Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Fri, 17 Feb 2023 08:34:10 +0200 Subject: [PATCH 01/16] Updated Metadata Of Pack AMP --- Packs/AMP/pack_metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/AMP/pack_metadata.json b/Packs/AMP/pack_metadata.json index 301c2a9e1ab2..5ff30078a0fe 100644 --- a/Packs/AMP/pack_metadata.json +++ b/Packs/AMP/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cisco AMP", "description": "Uses CISCO AMP Endpoint", "support": "xsoar", - "currentVersion": "2.0.1", + "currentVersion": "2.0.2", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From a1e5c909c39343d8c8b2be59808ed5bfee8a32ff Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Fri, 17 Feb 2023 08:34:13 +0200 Subject: [PATCH 02/16] Added release notes to pack AMP --- Packs/AMP/ReleaseNotes/2_0_2.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 Packs/AMP/ReleaseNotes/2_0_2.md diff --git a/Packs/AMP/ReleaseNotes/2_0_2.md b/Packs/AMP/ReleaseNotes/2_0_2.md new file mode 100644 index 000000000000..5a4fe56e3441 --- /dev/null +++ b/Packs/AMP/ReleaseNotes/2_0_2.md @@ -0,0 +1,3 @@ +#### Integrations +##### Cisco AMP v2 +- Updated the Docker image to: *demisto/python3:3.10.10.48392*. From f1c6c2d96b5221a17a426f5272c728937f8d2900 Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Fri, 17 Feb 2023 08:34:16 +0200 Subject: [PATCH 03/16] Packs/AMP/Integrations/AMPv2/AMPv2.yml Docker image update --- Packs/AMP/Integrations/AMPv2/AMPv2.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/AMP/Integrations/AMPv2/AMPv2.yml b/Packs/AMP/Integrations/AMPv2/AMPv2.yml index bd19ee74dcbb..f2e552528e6c 100644 --- a/Packs/AMP/Integrations/AMPv2/AMPv2.yml +++ b/Packs/AMP/Integrations/AMPv2/AMPv2.yml @@ -2003,7 +2003,7 @@ script: - contextPath: DBotScore.Score description: The actual score. type: Number - dockerimage: demisto/python3:3.10.9.46032 + dockerimage: demisto/python3:3.10.10.48392 feed: false isfetch: true longRunning: false From 6a2e6d3e581a9cd88bf0c080cfd95c1acbbfbbf3 Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Fri, 17 Feb 2023 08:34:21 +0200 Subject: [PATCH 04/16] Updated Metadata Of Pack AppNovi --- Packs/AppNovi/pack_metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/AppNovi/pack_metadata.json b/Packs/AppNovi/pack_metadata.json index de9d46c51914..1dfe218bc3b8 100644 --- a/Packs/AppNovi/pack_metadata.json +++ b/Packs/AppNovi/pack_metadata.json @@ -2,7 +2,7 @@ "name": "AppNovi", "description": "Search your combined security data in appNovi via simplified search or search via the appNovi security graph.", "support": "partner", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "appNovi", "url": "https://appnovi.com/support", "email": "", From e7c025c9e3bcc5fb1159c6f36daa6c113e4cd744 Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Fri, 17 Feb 2023 08:34:24 +0200 Subject: [PATCH 05/16] Added release notes to pack AppNovi --- Packs/AppNovi/ReleaseNotes/1_0_3.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 Packs/AppNovi/ReleaseNotes/1_0_3.md diff --git a/Packs/AppNovi/ReleaseNotes/1_0_3.md b/Packs/AppNovi/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..62e95e3dc089 --- /dev/null +++ b/Packs/AppNovi/ReleaseNotes/1_0_3.md @@ -0,0 +1,3 @@ +#### Integrations +##### appNovi +- Updated the Docker image to: *demisto/python3:3.10.10.48392*. From 37a102e859977b659cad564b607211309902df6d Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Fri, 17 Feb 2023 08:34:26 +0200 Subject: [PATCH 06/16] Packs/AppNovi/Integrations/appNovi/appNovi.yml Docker image update --- Packs/AppNovi/Integrations/appNovi/appNovi.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/AppNovi/Integrations/appNovi/appNovi.yml b/Packs/AppNovi/Integrations/appNovi/appNovi.yml index d012ac14b433..196893836fbf 100644 --- a/Packs/AppNovi/Integrations/appNovi/appNovi.yml +++ b/Packs/AppNovi/Integrations/appNovi/appNovi.yml @@ -401,7 +401,7 @@ script: type: textArea description: Server IP to search description: Search for servers using IP address - dockerimage: demisto/python3:3.10.9.46032 + dockerimage: demisto/python3:3.10.10.48392 tests: - No tests (auto formatted) fromversion: 6.5.0 From aba4b0f3c420f27e299d2b3bb49f6790c95767dd Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Fri, 17 Feb 2023 08:34:32 +0200 Subject: [PATCH 07/16] Updated Metadata Of Pack AtlassianConfluenceCloud --- Packs/AtlassianConfluenceCloud/pack_metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/AtlassianConfluenceCloud/pack_metadata.json b/Packs/AtlassianConfluenceCloud/pack_metadata.json index 4aa4fb8b7005..db8503ef8ab7 100644 --- a/Packs/AtlassianConfluenceCloud/pack_metadata.json +++ b/Packs/AtlassianConfluenceCloud/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Atlassian Confluence Cloud", "description": "Atlassian Confluence Cloud allows users to interact with confluence entities like content, space, users and groups. Users can also manage the space permissions.", "support": "xsoar", - "currentVersion": "1.0.6", + "currentVersion": "1.0.7", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 1a0bf6960e2215d3c947f19dfe1d3b2c05ea54a1 Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Fri, 17 Feb 2023 08:34:34 +0200 Subject: [PATCH 08/16] Added release notes to pack AtlassianConfluenceCloud --- Packs/AtlassianConfluenceCloud/ReleaseNotes/1_0_7.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 Packs/AtlassianConfluenceCloud/ReleaseNotes/1_0_7.md diff --git a/Packs/AtlassianConfluenceCloud/ReleaseNotes/1_0_7.md b/Packs/AtlassianConfluenceCloud/ReleaseNotes/1_0_7.md new file mode 100644 index 000000000000..ed9fdf8dad5c --- /dev/null +++ b/Packs/AtlassianConfluenceCloud/ReleaseNotes/1_0_7.md @@ -0,0 +1,3 @@ +#### Integrations +##### Atlassian Confluence Cloud +- Updated the Docker image to: *demisto/python3:3.10.10.48392*. From 69f9432b8fc89217cba2e776e210948afd13c7ba Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Fri, 17 Feb 2023 08:34:37 +0200 Subject: [PATCH 09/16] Packs/AtlassianConfluenceCloud/Integrations/AtlassianConfluenceCloud/AtlassianConfluenceCloud.yml Docker image update --- .../AtlassianConfluenceCloud/AtlassianConfluenceCloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/AtlassianConfluenceCloud/Integrations/AtlassianConfluenceCloud/AtlassianConfluenceCloud.yml b/Packs/AtlassianConfluenceCloud/Integrations/AtlassianConfluenceCloud/AtlassianConfluenceCloud.yml index 79ef8ee13410..8d6077d504c0 100644 --- a/Packs/AtlassianConfluenceCloud/Integrations/AtlassianConfluenceCloud/AtlassianConfluenceCloud.yml +++ b/Packs/AtlassianConfluenceCloud/Integrations/AtlassianConfluenceCloud/AtlassianConfluenceCloud.yml @@ -2140,7 +2140,7 @@ script: - contextPath: ConfluenceCloud.Group._links.self description: Link to the group. type: String - dockerimage: demisto/python3:3.10.9.46032 + dockerimage: demisto/python3:3.10.10.48392 feed: false isfetch: false longRunning: false From 2792e5f6c3f785767d87ac433abb9472f0ec0e48 Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Fri, 17 Feb 2023 08:34:43 +0200 Subject: [PATCH 10/16] Updated Metadata Of Pack Automox --- Packs/Automox/pack_metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/Automox/pack_metadata.json b/Packs/Automox/pack_metadata.json index b01252a0ca2b..374cfd6e7f85 100644 --- a/Packs/Automox/pack_metadata.json +++ b/Packs/Automox/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Automox", "description": "This pack empowers you with comprehensive solutions to manage your Automox device fleet with ease!", "support": "partner", - "currentVersion": "1.0.4", + "currentVersion": "1.0.5", "author": "Automox Inc.", "url": "https://www.automox.com/", "email": "support@automox.com", From 980b2e96754ab8424345fd8fa4d7a022022c77b3 Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Fri, 17 Feb 2023 08:34:45 +0200 Subject: [PATCH 11/16] Added release notes to pack Automox --- Packs/Automox/ReleaseNotes/1_0_5.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 Packs/Automox/ReleaseNotes/1_0_5.md diff --git a/Packs/Automox/ReleaseNotes/1_0_5.md b/Packs/Automox/ReleaseNotes/1_0_5.md new file mode 100644 index 000000000000..888942e5d720 --- /dev/null +++ b/Packs/Automox/ReleaseNotes/1_0_5.md @@ -0,0 +1,3 @@ +#### Integrations +##### Automox +- Updated the Docker image to: *demisto/python3:3.10.10.48392*. From 1d1b8a102f88162a615df407fb9e9e06d7b754d6 Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Fri, 17 Feb 2023 08:34:48 +0200 Subject: [PATCH 12/16] Packs/Automox/Integrations/Automox/Automox.yml Docker image update --- Packs/Automox/Integrations/Automox/Automox.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/Automox/Integrations/Automox/Automox.yml b/Packs/Automox/Integrations/Automox/Automox.yml index f91d730df10a..4fa21e028cff 100644 --- a/Packs/Automox/Integrations/Automox/Automox.yml +++ b/Packs/Automox/Integrations/Automox/Automox.yml @@ -1104,7 +1104,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.9.46032 + dockerimage: demisto/python3:3.10.10.48392 fromversion: 6.0.0 tests: - No tests From a1080650ff07515a315516377e422f518675a6d2 Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Fri, 17 Feb 2023 08:34:53 +0200 Subject: [PATCH 13/16] Updated Metadata Of Pack Cryptosim --- Packs/Cryptosim/pack_metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/Cryptosim/pack_metadata.json b/Packs/Cryptosim/pack_metadata.json index 49365c47e9c9..53e0044a5008 100644 --- a/Packs/Cryptosim/pack_metadata.json +++ b/Packs/Cryptosim/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cryptosim", "description": "CRYPTOSIM meets the SIEM needs of corporations by its unique correlation engine works, capable of hierarchical correlation.", "support": "partner", - "currentVersion": "1.0.1", + "currentVersion": "1.0.2", "itemPrefix": [ "CRYPTOSIM" ], From 70719648e1046d5ac03a20d640332d32c504ef77 Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Fri, 17 Feb 2023 08:34:56 +0200 Subject: [PATCH 14/16] Added release notes to pack Cryptosim --- Packs/Cryptosim/ReleaseNotes/1_0_2.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 Packs/Cryptosim/ReleaseNotes/1_0_2.md diff --git a/Packs/Cryptosim/ReleaseNotes/1_0_2.md b/Packs/Cryptosim/ReleaseNotes/1_0_2.md new file mode 100644 index 000000000000..18174573cd70 --- /dev/null +++ b/Packs/Cryptosim/ReleaseNotes/1_0_2.md @@ -0,0 +1,3 @@ +#### Integrations +##### Cryptosim +- Updated the Docker image to: *demisto/python3:3.10.10.48392*. From 92f68572f833862b374b9dd2c64b1ca65fb3a2bd Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Fri, 17 Feb 2023 08:34:59 +0200 Subject: [PATCH 15/16] Packs/Cryptosim/Integrations/Cryptosim/Cryptosim.yml Docker image update --- Packs/Cryptosim/Integrations/Cryptosim/Cryptosim.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/Cryptosim/Integrations/Cryptosim/Cryptosim.yml b/Packs/Cryptosim/Integrations/Cryptosim/Cryptosim.yml index 37b15bd056ae..39f472f46868 100644 --- a/Packs/Cryptosim/Integrations/Cryptosim/Cryptosim.yml +++ b/Packs/Cryptosim/Integrations/Cryptosim/Cryptosim.yml @@ -168,7 +168,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.4.27798 + dockerimage: demisto/python3:3.10.10.48392 fromversion: 5.5.0 tests: - No tests (auto formatted) From 5c2a8f30e4b98c1b6069ffd3cbb7be8a4d00c7fe Mon Sep 17 00:00:00 2001 From: sberman Date: Fri, 17 Feb 2023 11:50:23 +0200 Subject: [PATCH 16/16] Fix Mypy and added missing command to readme --- .../Integrations/Cryptosim/Cryptosim.py | 4 +-- .../Integrations/Cryptosim/README.md | 31 +++++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/Packs/Cryptosim/Integrations/Cryptosim/Cryptosim.py b/Packs/Cryptosim/Integrations/Cryptosim/Cryptosim.py index 4b434676cd13..b120751e230e 100644 --- a/Packs/Cryptosim/Integrations/Cryptosim/Cryptosim.py +++ b/Packs/Cryptosim/Integrations/Cryptosim/Cryptosim.py @@ -4,10 +4,10 @@ import traceback import json import base64 -import requests +import urllib3 # Disable insecure warnings -requests.packages.urllib3.disable_warnings() # pylint: disable=no-member +urllib3.disable_warnings() # pylint: disable=no-member ''' CONSTANTS ''' diff --git a/Packs/Cryptosim/Integrations/Cryptosim/README.md b/Packs/Cryptosim/Integrations/Cryptosim/README.md index bd32487498ec..ae6b2e401862 100644 --- a/Packs/Cryptosim/Integrations/Cryptosim/README.md +++ b/Packs/Cryptosim/Integrations/Cryptosim/README.md @@ -26,3 +26,34 @@ After you successfully execute a command, a DBot message appears in the War Room **Examples:** 1. !cryptosim-get-correlations limit=100 sortType=desc 2. !cryptosim-get-correlationalerts startDate=2022-01-01T12:00:00 endDate=2022-01-01T23:59:59 etc.(shown when command is written) +### cryptosim-get-correlation-alerts +*** +The command is used to get correlation alerts. + + +#### Base Command + +`cryptosim-get-correlation-alerts` +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| startDate | This denotes the start date of the search period. It must be used in all API fields. E.g.: “startDate”: “2021-04-24T12:00:00”. | Required | +| endDate | This denotes the end date of the search period. It must be used in all API fields. E.g.: endDate: “2021-04-24T24:00:00”. | Required | +| showSolved | Boolean, show only solved correlations if the parameter is true, otherwise take all correlations. | Optional | +| crrPluginId | If user want to take specific correlation, can take it when ID of correlation is given as parameter. | Optional | +| containStr | This is used to search for a word specified in the request. (Contains String) E.g.: “containStr”: “Unsuccessful”. | Optional | +| risk | The risk level of correlation rules to filter. Default: -1. Default get all. | Optional | +| srcIPPort | This used to search the source IP address in the request. E.g.: “srcIPPort”: “127.0.0.1”. | Optional | +| destIPPort | This used to search the destination IP address in the request. E.g.: “dest IPPort”: “127.0.0.1”. | Optional | +| srcPort | This is used to filter the responses using the source port. E.g.: “srcPort”: “6335”. | Optional | +| destPort | This is used to filter the responses using the source port. E.g.: “destPort”: “6335”. | Optional | +| riskOperatorID | risk operator name. It can be equal, greaternumber, greaterorequalnumber, lessnumber, lessnumberorequal, notequal. Default: equal. Default is equal. | Optional | +| limit | The limit to get how many correlation alerts get. Default: 100. | Optional | + + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| CorrelationAlerts.Output | Dictionary | Return StatusCode, Data or ErrorMessage and Outparameters. StatusCode represent html response code. If it is 200, return Data as list of desired Correlation object. If not, return ErrorMessage. OutParameters is empty. |