diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py b/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py index 073161afa858..57d37e1b6a37 100644 --- a/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py +++ b/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py @@ -2918,6 +2918,7 @@ def get_machine_action_by_id_command(client: MsClient, args: dict): machine_id = remove_duplicates_from_list_arg(args, 'machine_id') type = args.get('type', '') requestor = args.get('requestor', '') + filters = args.get('filters', '') limit = arg_to_number(args.get('limit', 50)) if action_id: for index in range(3): @@ -2943,7 +2944,7 @@ def get_machine_action_by_id_command(client: MsClient, args: dict): 'type': type, 'requestor': requestor } - filter_req = reformat_filter_with_list_arg(fields_to_filter_by, "machineId") + filter_req = filters or reformat_filter_with_list_arg(fields_to_filter_by, "machineId") response = client.get_machine_actions(filter_req, limit) machine_actions_list = [] for machine_action in response['value']: diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.yml b/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.yml index 61f2f17eec1f..13efd54ef684 100644 --- a/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.yml +++ b/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.yml @@ -1284,6 +1284,8 @@ script: - deprecated: true description: Flag for the rate limit retry. name: ran_once_flag + - name: filters + description: String representation of filters (Override every other filters). description: |- Return the machine's actions. If you set an action ID, it returns the info on the specific action. Filtering can be done only on one argument. @@ -1495,7 +1497,7 @@ script: name: machine_id required: true - description: |- - The file SHA1 hash to stop and quarantine on the machine. + The file SHA1 hash to stop and quarantine on the machine. When providing multiple values, each value is checked for the same machine_id. isArray: true name: file_hash @@ -5532,7 +5534,7 @@ script: execution: false name: microsoft-atp-auth-reset arguments: [] - dockerimage: demisto/crypto:1.0.0.79207 + dockerimage: demisto/crypto:1.0.0.79610 isfetch: true runonce: false script: '-' diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/README.md b/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/README.md index a5119861cc21..f67cd3b80680 100644 --- a/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/README.md +++ b/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/README.md @@ -1683,6 +1683,7 @@ Machine.ReadWrite.All | type | The machine action type. Possible values are: RunAntiVirusScan, Offboard, CollectInvestigationPackage, Isolate, Unisolate, StopAndQuarantineFile, RestrictCodeExecution, UnrestrictCodeExecution. | Optional | | requestor | The ID of the user that executed the action, only one can be added. | Optional | | limit | The maximum number of machines to return. Default is 50. | Optional | +| filters | String representation of filters (Override every other filters). | Optional | #### Context Output @@ -7172,4 +7173,4 @@ There are no input arguments for this command. #### Context Output -There is no context output for this command. \ No newline at end of file +There is no context output for this command. diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_16_16.md b/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_16_16.md new file mode 100644 index 000000000000..d0413b758b72 --- /dev/null +++ b/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_16_16.md @@ -0,0 +1,4 @@ +#### Integrations +##### Microsoft Defender for Endpoint +- Added the *filters* argument to the ***microsoft-atp-list-machine-actions-details*** command. +- Updated the Docker image to: *demisto/crypto:1.0.0.79610*. diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json b/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json index 6a1f16d82375..b08709d14bc1 100644 --- a/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json +++ b/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Microsoft Defender for Endpoint", "description": "Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection (ATP)) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.", "support": "xsoar", - "currentVersion": "1.16.15", + "currentVersion": "1.16.16", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", @@ -66,4 +66,4 @@ "CommonPlaybooks", "CommonTypes" ] -} \ No newline at end of file +}