demisto · MosheEichler · Jun 15, 2023 · Jun 14, 2023 · Jun 14, 2023 · Jun 15, 2023
diff --git a/Packs/AlibabaActionTrail/.pack-ignore b/Packs/AlibabaActionTrail/.pack-ignore
@@ -10,3 +10,5 @@ ignore=PR101
 [file:AlibabaModelingRules_1_3.yml]
 ignore=MR108
 
+[known_words]
+Alibaba
diff --git a/Packs/AlibabaActionTrail/CorrelationRules/AlibabaActionTrail_Correlation.yml b/Packs/AlibabaActionTrail/CorrelationRules/AlibabaActionTrail_Correlation.yml
@@ -30,3 +30,4 @@ suppression_fields:
 user_defined_category:
 user_defined_severity:
 xql_query: "datamodel \r\n|filter xdm.observer.vendor=\"alibaba\" and  xdm.observer.product=\"action-trail\"\r\n|filter  xdm.event.type=\"ApiCall\"\r\n|filter xdm.event.outcome in (\"This API is not authorized for caller.\",\"no permission\",\"The user has no permission\",\"caller has no permission\")\r\n|comp count() as TotalCount by xdm.source.user.username, xdm.source.ipv4, xdm.source.user.user_type\r\n|filter TotalCount > 5"
+fromversion: 6.10.0
diff --git a/Packs/AlibabaActionTrail/ReleaseNotes/1_0_15.md b/Packs/AlibabaActionTrail/ReleaseNotes/1_0_15.md
@@ -0,0 +1,12 @@
+
+#### Correlation Rules
+
+##### Alibaba ActionTrail - multiple unauthorized action attempts detected by a user
+
+Updated the fromversion to 6.10.0.
+
+#### XSIAM Dashboards
+
+##### Alibaba Overview Dashboard
+
+Updated the fromversion to 6.8.0.
diff --git a/Packs/AlibabaActionTrail/XSIAMDashboards/AlibabaActionTrail_Dashboard.json b/Packs/AlibabaActionTrail/XSIAMDashboards/AlibabaActionTrail_Dashboard.json
@@ -546,5 +546,6 @@
                 "query_uses_library": false
             }
         }
-    ]
+    ],
+    "fromVersion": "6.8.0"
 }
diff --git a/Packs/AlibabaActionTrail/pack_metadata.json b/Packs/AlibabaActionTrail/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Alibaba Action Trail",
     "description": "An Integration Pack to fetch Alibaba action trail events.",
     "support": "xsoar",
-    "currentVersion": "1.0.14",
+    "currentVersion": "1.0.15",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/CyberArkIdentity/CorrelationRules/CyberArkIdentity_Correlation_0.yml b/Packs/CyberArkIdentity/CorrelationRules/CyberArkIdentity_Correlation_0.yml
@@ -30,3 +30,4 @@ suppression_fields:
 user_defined_category:
 user_defined_severity:
 xql_query: "datamodel \r\n|filter xdm.observer.vendor=\"cyberark\" and  xdm.observer.product=\"identity\"\r\n|filter xdm.event.type=\"Cloud.Core.LoginFail\"\r\n|comp count(xdm.event.type) as `Failed Logins` by xdm.target.user.username, xdm.source.ipv4 \r\n|filter  `Failed Logins` >=4 "
+fromversion: 6.10.0
diff --git a/Packs/CyberArkIdentity/ReleaseNotes/1_0_23.md b/Packs/CyberArkIdentity/ReleaseNotes/1_0_23.md
@@ -0,0 +1,12 @@
+
+#### Correlation Rules
+
+##### CyberArk Failed Logins
+
+Updated the fromversion to 6.10.0.
+
+#### XSIAM Dashboards
+
+##### CyberArk Posture Overview
+
+Updated the fromversion to 6.8.0.
diff --git a/Packs/CyberArkIdentity/XSIAMDashboards/CyberArkIdentity_Dashboard.json b/Packs/CyberArkIdentity/XSIAMDashboards/CyberArkIdentity_Dashboard.json
@@ -455,5 +455,6 @@
                 "query_uses_library": false
             }
         }
-    ]
+    ],
+    "fromVersion": "6.8.0"
 }
diff --git a/Packs/CyberArkIdentity/pack_metadata.json b/Packs/CyberArkIdentity/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "CyberArk Identity",
     "description": "This integration collects events from the Idaptive Next-Gen Access (INGA) using REST APIs.",
     "support": "xsoar",
-    "currentVersion": "1.0.22",
+    "currentVersion": "1.0.23",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/Dropbox/CorrelationRules/Dropbox_-_Massive_File_Alterations.yml b/Packs/Dropbox/CorrelationRules/Dropbox_-_Massive_File_Alterations.yml
@@ -48,3 +48,4 @@ xql_query: 'datamodel
   | comp values(xdm.source.ipv4) as SourceIP, values(xdm.source.location.country) as Countries, max(_time) as lastTime, values(xdm.target.resource.name) as Files, count() as NumberOfFiles by user
 
   | filter NumberOfFiles > 100'
+fromversion: 6.10.0
diff --git a/Packs/Dropbox/CorrelationRules/Dropbox_-_Massive_File_Downloads.yml b/Packs/Dropbox/CorrelationRules/Dropbox_-_Massive_File_Downloads.yml
@@ -46,3 +46,4 @@ xql_query: 'datamodel
   | comp values(xdm.source.ipv4) as SourceIP, values(xdm.source.location.country) as Countries, max(_time) as lastTime, values(xdm.target.resource.name) as Files, count() as NumberOfFiles by user
 
   | filter NumberOfFiles > 100'
+fromversion: 6.10.0
diff --git a/Packs/Dropbox/ReleaseNotes/1_0_21.md b/Packs/Dropbox/ReleaseNotes/1_0_21.md
@@ -0,0 +1,16 @@
+
+#### Correlation Rules
+
+##### DropBox - Massive File Downloads
+
+Updated the fromversion to 6.10.0.
+
+##### DropBox - Massive File Alterations
+
+Updated the fromversion to 6.10.0.
+
+#### XSIAM Dashboards
+
+##### DropBox Dashboard
+
+Updated the fromversion to 6.8.0.
diff --git a/Packs/Dropbox/XSIAMDashboards/Dropbox_Dashboard.json b/Packs/Dropbox/XSIAMDashboards/Dropbox_Dashboard.json
@@ -494,5 +494,6 @@
                 "query_uses_library": false
             }
         }
-    ]
+    ],
+    "fromVersion": "6.8.0"
 }
diff --git a/Packs/Dropbox/pack_metadata.json b/Packs/Dropbox/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Dropbox",
     "description": "Use the Dropbox integration to fetch events",
     "support": "xsoar",
-    "currentVersion": "1.0.20",
+    "currentVersion": "1.0.21",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/GitLab/CorrelationRules/GitLab_Guest_user_permission_change_correlations.yml b/Packs/GitLab/CorrelationRules/GitLab_Guest_user_permission_change_correlations.yml
@@ -30,3 +30,4 @@ suppression_fields: xdm.source.user.username
 user_defined_category:
 user_defined_severity:
 xql_query: "datamodel\r\n| filter xdm.observer.vendor = \"gitlab\" and xdm.observer.product = \"gitlab\"\r\n| fields _time\r\n,xdm.event.id \r\n,xdm.source.user.identifier \r\n,xdm.target.resource.id \r\n,xdm.target.resource.type \r\n,xdm.source.user.username \r\n,xdm.target.resource.sub_type \r\n,xdm.target.resource.name \r\n,xdm.event.description \r\n,xdm.source.ipv4 \r\n,xdm.target.resource_before.value \r\n,xdm.target.resource.value \r\n,xdm.event.operation \r\n,xdm.event.type \r\n,xdm.event.operation_sub_type \r\n| filter xdm.event.operation = \"change_access_level\" and xdm.target.resource_before.value = \"Guest\" and xdm.target.resource.value = \"Owner\""
+fromversion: 6.10.0
diff --git a/Packs/GitLab/ReleaseNotes/2_2_8.md b/Packs/GitLab/ReleaseNotes/2_2_8.md
@@ -0,0 +1,12 @@
+
+#### Correlation Rules
+
+##### Gitlab - User Permission Changed
+
+Updated the fromversion to 6.10.0.
+
+#### XSIAM Dashboards
+
+##### Gitlab Overview Dashboard
+
+Updated the fromversion to 6.8.0.
diff --git a/Packs/GitLab/XSIAMDashboards/GitLab_Overview_-_Dashboard.json b/Packs/GitLab/XSIAMDashboards/GitLab_Overview_-_Dashboard.json
@@ -485,5 +485,6 @@
                 "query_uses_library": false
             }
         }
-    ]
+    ],
+    "fromVersion": "6.8.0"
 }
diff --git a/Packs/GitLab/pack_metadata.json b/Packs/GitLab/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "GitLab",
     "description": "Pack for handling gitlab operations",
     "support": "xsoar",
-    "currentVersion": "2.2.7",
+    "currentVersion": "2.2.8",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/IronPort/.pack-ignore b/Packs/IronPort/.pack-ignore
@@ -1,2 +1,5 @@
 [file:CiscoEmailSecurityApplianceIronPort_image.png]
-ignore=IM111
+ignore=IM111
+
+[file:IronPort_1_3.yml]
+ignore=MR108
diff --git a/...rotection/CorrelationRules/MicrosoftDefenderAdvancedThreatProtection_correlation-rule.yml b/...rotection/CorrelationRules/MicrosoftDefenderAdvancedThreatProtection_correlation-rule.yml
@@ -30,3 +30,4 @@ suppression_fields:
 user_defined_category:
 user_defined_severity:
 xql_query: "datamodel\r\n|filter xdm.observer.vendor=\"Microsoft 365\" and  xdm.observer.product=\"Defender\"\r\n|filter (xdm.alert.category = \"Malware\") and xdm.target.file.sha256 != null\r\n|fields \r\n    xdm.event.id,\r\n    xdm.alert.original_alert_id,\r\n    xdm.alert.severity,\r\n    xdm.alert.subcategory,\r\n    xdm.alert.name,\r\n    xdm.alert.description,\r\n    xdm.target.host.device_id,\r\n    xdm.target.host.fqdn,\r\n    xdm.alert.mitre_techniques,\r\n    xdm.target.file.sha256,\r\n    xdm.target.file.filename,\r\n    xdm.target.file.path,\r\n    xdm.target.process.pid,\r\n    xdm.target.process.command_line,\r\n    xdm.target.process.parent_id,\r\n    xdm.target.host.ipv4_addresses,\r\n    xdm.target.registry.key,\r\n    xdm.target.registry.value_type,\r\n    xdm.target.registry.value,\r\n    xdm.source.user.username,\r\n    xdm.source.user.domain,\r\n    xdm.source.user.identifier,\r\n    xdm.target.ipv4,\r\n    xdm.event.outcome"
+fromversion: 6.10.0
diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_15_25.md b/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_15_25.md
@@ -0,0 +1,12 @@
+
+#### Correlation Rules
+
+##### Microsoft Defender for Endpoint - Malware Detected
+
+Updated the fromversion to 6.10.0.
+
+#### XSIAM Dashboards
+
+##### Microsoft Defender for Endpoint Overview Dashboard
+
+Updated the fromversion to 6.8.0.
diff --git a/...ThreatProtection/XSIAMDashboards/MicrosoftDefenderAdvancedThreatProtection_Dashboard.json b/...ThreatProtection/XSIAMDashboards/MicrosoftDefenderAdvancedThreatProtection_Dashboard.json
@@ -562,5 +562,6 @@
                 "query_uses_library": false
             }
         }
-    ]
+    ],
+    "fromVersion": "6.8.0"
 }
diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json b/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Microsoft Defender for Endpoint",
     "description": "Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection (ATP)) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.",
     "support": "xsoar",
-    "currentVersion": "1.15.24",
+    "currentVersion": "1.15.25",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/MicrosoftWindowsEvents/ReleaseNotes/1_0_2.md b/Packs/MicrosoftWindowsEvents/ReleaseNotes/1_0_2.md
@@ -0,0 +1,6 @@
+
+#### XSIAM Dashboards
+
+##### Microsoft Windows Events
+
+Updated the fromversion to 6.8.0.
-Original file line number
+Diff line change
@@ Expand Up / @@ -546,5 +546,6 @@ @@
                     "query_uses_library": false
                 }
             }
-        ]
+        ],
+        "fromVersion": "6.8.0"
     }
Original file line number	Diff line number	Diff line change
Expand Up		@@ -48,3 +48,4 @@ xql_query: 'datamodel
		\| comp values(xdm.source.ipv4) as SourceIP, values(xdm.source.location.country) as Countries, max(_time) as lastTime, values(xdm.target.resource.name) as Files, count() as NumberOfFiles by user

		\| filter NumberOfFiles > 100'
		fromversion: 6.10.0
Original file line number	Diff line number	Diff line change
Expand Up		@@ -46,3 +46,4 @@ xql_query: 'datamodel
		\| comp values(xdm.source.ipv4) as SourceIP, values(xdm.source.location.country) as Countries, max(_time) as lastTime, values(xdm.target.resource.name) as Files, count() as NumberOfFiles by user

		\| filter NumberOfFiles > 100'
		fromversion: 6.10.0