diff --git a/Packs/CovalenceManagedSecurity/.pack-ignore b/Packs/CovalenceManagedSecurity/.pack-ignore index e69de29bb2d1..f06aab041e93 100644 --- a/Packs/CovalenceManagedSecurity/.pack-ignore +++ b/Packs/CovalenceManagedSecurity/.pack-ignore @@ -0,0 +1,2 @@ +[known_words] +Covalence \ No newline at end of file diff --git a/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/CovalenceManagedSecurity.py b/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/CovalenceManagedSecurity.py index 2bd3e69184b6..41944440954d 100644 --- a/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/CovalenceManagedSecurity.py +++ b/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/CovalenceManagedSecurity.py @@ -1,5 +1,7 @@ import demistomock as demisto # noqa: F401 from CommonServerPython import * # noqa: F401 + + import os import requests import traceback @@ -35,7 +37,7 @@ def __init__(self, bearer=None, portal_url="https://services.fieldeffect.net/v1" else: raise ValueError('Bearer is missing') - class AuthScheme(object): + class AuthScheme: FES = 'FieldEffectAuth' BEARER = 'Bearer' KEY = 'FieldEffectKey' @@ -59,6 +61,9 @@ def get(self, uri, query=None, headers=None, remove_subdomain=False, **kwargs): return self._request(uri, method='GET', query=query, headers=headers, remove_subdomain=remove_subdomain, **kwargs) + def post(self, uri, query=None, headers=None, remove_subdomain=False, **kwargs): + return self._request(uri, method='POST', query=query, headers=headers, remove_subdomain=remove_subdomain, **kwargs) + def _request(self, uri, method='GET', query=None, json=None, data=None, files=None, headers=None, remove_subdomain=False, **kwargs): all_headers = { @@ -76,7 +81,7 @@ def _request(self, uri, method='GET', query=None, json=None, data=None, files=No url = url.replace('services.', '') if self.verbose: - sys.stdout.write('{} {} '.format(method, url)) + sys.stdout.write(f'{method} {url} ') if method == 'GET': r = requests.get(url, headers=all_headers, params=query) @@ -87,7 +92,7 @@ def _request(self, uri, method='GET', query=None, json=None, data=None, files=No elif method == 'DELETE': r = requests.delete(url, headers=all_headers, params=query) else: - raise AssertionError('Unsupported HTTP method: {}'.format(method)) + raise AssertionError(f'Unsupported HTTP method: {method}') if self.verbose: sys.stdout.write(str(r.status_code) + '\n') @@ -140,6 +145,17 @@ def get_active_response_profile(self, org_id): org_details = r.json() return org_details.get('active_response_profile', None) + def transition_aro(self, aro_id, resolution, comment="", is_comment_sensitive=False): + request = { + "status": "Open", + "resolution": resolution + } + if comment: + request["comment"] = {"text": comment, "sensitive": is_comment_sensitive} + + r = self.post("aros/{aro_id}/transition", aro_id=aro_id, json=request) + return r.json() + ''' Commands ''' @@ -158,8 +174,7 @@ def portal_check(): def fetch_incidents(last_run, first_run_time_range): last_fetch = last_run.get('last_fetch', None) - last_aro_id = last_run.get('last_aro_id', None) - aro_time_max = datetime.utcnow() + aro_time_max = datetime.utcnow() - timedelta(seconds=1) if last_fetch is None: aro_time_min = aro_time_max - timedelta(days=first_run_time_range) @@ -175,14 +190,13 @@ def fetch_incidents(last_run, first_run_time_range): incidents = [] - latest_created_time = aro_time_min - # aros is ordered by most recent ARO + # AROs are ordered by most recent ARO # it's required to traverse aros in chronological order (so last element first) # to avoid duplicating incidents for a in reversed(aros): - if a['ID'] != last_aro_id: - created_time = dateparser.parse(a['creation_time']) - assert created_time is not None, f'could not parse {a["creation_time"]}' + created_time = dateparser.parse(a['creation_time']) + assert created_time is not None, f'could not parse {a["creation_time"]}' + if created_time != last_fetch: created_time_str = created_time.strftime(DATE_FORMAT) if a.get('organization', None): @@ -226,11 +240,10 @@ def fetch_incidents(last_run, first_run_time_range): incident['severity'] = 0 if a.get('details', None): incident['details'] = a['details'] - if a.get('steps', None): - if len(a['steps']) > 0: - incident['details'] += '\n\nMitigation Steps\n' - for step in a['steps']: - incident['details'] += f'''- {step['label']}\n''' + if a.get('steps', None) and len(a['steps']) > 0: + incident['details'] += '\n\nMitigation Steps\n' + for step in a['steps']: + incident['details'] += f'''- {step['label']}\n''' if org_id: active_response_profile = p.get_active_response_profile(org_id) if active_response_profile: @@ -242,12 +255,7 @@ def fetch_incidents(last_run, first_run_time_range): incidents.append(incident) - if created_time > latest_created_time: - latest_created_time = created_time - last_aro_id = a['ID'] - - next_run = {'last_fetch': latest_created_time.strftime(DATE_FORMAT), - 'last_aro_id': last_aro_id} + next_run = {'last_fetch': aro_time_max.strftime(DATE_FORMAT)} return next_run, incidents @@ -299,6 +307,12 @@ def list_organizations(): return p.get_organizations() +def transition_aro_command(): + p = Portal(bearer=API_KEY) + args = demisto.args() + return p.transition_aro(**args) + + def main(): demisto.info(f'{demisto.command()} is called') try: @@ -338,6 +352,21 @@ def main(): else: readable_output = 'No organizations found' + results = CommandResults( + outputs_prefix='FESPortal.Org', + outputs_key_field='ID', + outputs=r, + readable_output=readable_output + ) + return_results(results) + elif demisto.command() == 'cov-mgsec-transition-aro': + r = transition_aro_command() + if r: + readable_output = tableToMarkdown('ARO', r, removeNull=True, + headerTransform=string_to_table_header) + else: + readable_output = 'Error transitioning ARO.' + results = CommandResults( outputs_prefix='FESPortal.Org', outputs_key_field='ID', diff --git a/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/CovalenceManagedSecurity.yml b/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/CovalenceManagedSecurity.yml index 573df029926e..2d86110b7d9a 100644 --- a/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/CovalenceManagedSecurity.yml +++ b/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/CovalenceManagedSecurity.yml @@ -42,122 +42,234 @@ name: Covalence Managed Security script: commands: - arguments: - - description: if details=true, will return the complete response from Covalence API + - description: if details=true, will return the complete response from Covalence API. name: details - - description: |- - Portal query, for example: "resolution=Unresolved&type=Recommendation" - Available Keys to filter on: - - id; eg: "id= - - status; eg: "status=In Triage" or "status=Open" or "status=Closed" - - resolution; eg: "resolution=Unresolved" or "resolution=Resolved" or "resolution=Help Requested" or "resolution=Dismissed" - - type; eg: "type=Action" or "type=Recommendation" or "type=Observation" - - org; eg: "org=" - - since; eg: "since=2021-01-31 14:00:00" - - until; eg: "until=2021-01-31 14:00:00" + default: false + isArray: false + required: false + secret: false + - description: "Portal query, for example: \"resolution=Unresolved&type=Recommendation\"\nAvailable Keys to filter on:\n- id; eg: \"id=\n- status; eg: \"status=In Triage\" or \"status=Open\" or \"status=Closed\"\n- resolution; eg: \"resolution=Unresolved\" or \"resolution=Resolved\" or \"resolution=Help Requested\" or \"resolution=Dismissed\"\n- type; eg: \"type=Action\" or \"type=Recommendation\" or \"type=Observation\"\n- org; eg: \"org=\"\n- since; eg: \"since=2021-01-31 14:00:00\"\n- until; eg: \"until=2021-01-31 14:00:00\"." name: query required: true - description: Query FES Portal for ARO + default: false + isArray: false + secret: false + description: Query FES Portal for ARO. name: cov-mgsec-get-aro outputs: - contextPath: FESPortal.Aro.ID - description: ID + description: ID. type: String - contextPath: FESPortal.Aro.alert_key - description: Alert_key + description: Alert_key. type: String - contextPath: FESPortal.Aro.analyst_notes - description: Analyst_notes + description: Analyst_notes. type: String - contextPath: FESPortal.Aro.count - description: Count + description: Count. type: Number - contextPath: FESPortal.Aro.creation_time - description: Creation_time + description: Creation_time. type: Date - contextPath: FESPortal.Aro.details - description: Details + description: Details. type: String - contextPath: FESPortal.Aro.details_markdown - description: Details_markdown + description: Details_markdown. type: String - contextPath: FESPortal.Aro.display_url - description: Display_url + description: Display_url. type: String - contextPath: FESPortal.Aro.external_bug_id - description: External_bug_id + description: External_bug_id. type: String - contextPath: FESPortal.Aro.last_updated_time - description: Last_updated_time + description: Last_updated_time. type: Date - contextPath: FESPortal.Aro.notes - description: Notes + description: Notes. type: String - contextPath: FESPortal.Aro.organization.ID - description: ID + description: ID. type: String - contextPath: FESPortal.Aro.organization.email - description: Email + description: Email. type: String - contextPath: FESPortal.Aro.organization.name - description: Name + description: Name. type: String - contextPath: FESPortal.Aro.resolution - description: Resolution + description: Resolution. type: String - contextPath: FESPortal.Aro.serial_id - description: Serial_id + description: Serial_id. type: String - contextPath: FESPortal.Aro.severity - description: Severity + description: Severity. type: String - contextPath: FESPortal.Aro.status - description: Status + description: Status. type: String - contextPath: FESPortal.Aro.steps.ID - description: ID + description: ID. type: String - contextPath: FESPortal.Aro.steps.completed - description: Completed + description: Completed. type: Boolean - contextPath: FESPortal.Aro.steps.label - description: Label + description: Label. type: String - contextPath: FESPortal.Aro.steps.last_updated_time - description: Last_updated_time + description: Last_updated_time. type: Date - contextPath: FESPortal.Aro.template_id - description: Template_id + description: Template_id. type: String - contextPath: FESPortal.Aro.title - description: Title + description: Title. type: String - contextPath: FESPortal.Aro.triage_id - description: Triage_id + description: Triage_id. type: String - contextPath: FESPortal.Aro.type - description: Type + description: Type. type: String - - description: List organizations + deprecated: false + execution: false + - description: List organizations. name: cov-mgsec-list-org outputs: - contextPath: FESPortal.Org.ID - description: ID + description: ID. type: String - contextPath: FESPortal.Org.email - description: Email + description: Email. type: String - contextPath: FESPortal.Org.email_aro_details - description: Email_aro_details + description: Email_aro_details. type: Boolean - contextPath: FESPortal.Org.name - description: Name + description: Name. type: String - dockerimage: demisto/python3:3.10.13.72123 + deprecated: false + execution: false + - description: Transition an ARO. + name: cov-mgsec-transition-aro + arguments: + - name: aro_id + required: true + default: false + isArray: false + secret: false + description: This ARO ID to transition. + - name: resolution + required: true + default: false + isArray: false + secret: false + description: 'Resolution to transition the ARO to. Options include: Unresolved, Help Requested, Resolved, or Dismissed.' + - name: comment + required: false + default: false + isArray: false + secret: false + description: Optional comment to leave on the ARO. + - name: is_comment_sensitive + required: false + default: false + isArray: false + secret: false + description: Optionally mark the comment as sensitive. + outputs: + - contextPath: FESPortal.Aro.ID + description: ID. + type: String + - contextPath: FESPortal.Aro.alert_key + description: Alert_key. + type: String + - contextPath: FESPortal.Aro.analyst_notes + description: Analyst_notes. + type: String + - contextPath: FESPortal.Aro.count + description: Count. + type: Number + - contextPath: FESPortal.Aro.creation_time + description: Creation_time. + type: Date + - contextPath: FESPortal.Aro.details + description: Details. + type: String + - contextPath: FESPortal.Aro.details_markdown + description: Details_markdown. + type: String + - contextPath: FESPortal.Aro.display_url + description: Display_url. + type: String + - contextPath: FESPortal.Aro.external_bug_id + description: External_bug_id. + type: String + - contextPath: FESPortal.Aro.last_updated_time + description: Last_updated_time. + type: Date + - contextPath: FESPortal.Aro.notes + description: Notes. + type: String + - contextPath: FESPortal.Aro.organization.ID + description: ID. + type: String + - contextPath: FESPortal.Aro.organization.email + description: Email. + type: String + - contextPath: FESPortal.Aro.organization.name + description: Name. + type: String + - contextPath: FESPortal.Aro.resolution + description: Resolution. + type: String + - contextPath: FESPortal.Aro.serial_id + description: Serial_id. + type: String + - contextPath: FESPortal.Aro.severity + description: Severity. + type: String + - contextPath: FESPortal.Aro.status + description: Status. + type: String + - contextPath: FESPortal.Aro.steps.ID + description: ID. + type: String + - contextPath: FESPortal.Aro.steps.completed + description: Completed. + type: Boolean + - contextPath: FESPortal.Aro.steps.label + description: Label. + type: String + - contextPath: FESPortal.Aro.steps.last_updated_time + description: Last_updated_time. + type: Date + - contextPath: FESPortal.Aro.template_id + description: Template_id. + type: String + - contextPath: FESPortal.Aro.title + description: Title. + type: String + - contextPath: FESPortal.Aro.triage_id + description: Triage_id. + type: String + - contextPath: FESPortal.Aro.type + description: Type. + type: String + dockerimage: demisto/python3:3.10.13.82467 isfetch: true runonce: false - script: '-' + script: '' subtype: python3 type: python + feed: false + longRunning: false + longRunningPort: false tests: - No tests (auto formatted) fromversion: 5.0.0 +beta: false diff --git a/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/README.md b/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/README.md index e74187c462dc..455a0eb9e34e 100644 --- a/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/README.md +++ b/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/README.md @@ -1,5 +1,5 @@ Triggers by triaged alerts from endpoint, cloud, and network security monitoring. Contains event details and easy-to-follow mitigation steps. -This integration was integrated and tested with version 3.0 of Covalence Managed Security +This integration was integrated and tested with version 1.1.10 of Covalence Managed Security. ## Configure Covalence Managed Security on Cortex XSOAR @@ -16,20 +16,24 @@ This integration was integrated and tested with version 3.0 of Covalence Managed | Incident type | | False | | Fetch incidents | | False | | First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days) | | False | - | None | | False | + | Fetch Limit | the maximum number of incidents to fetch | False | 4. Click **Test** to validate the URLs, token, and connection. + ## Commands + You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details. + ### cov-mgsec-get-aro -*** -Query FES Portal for ARO +*** +Query FES Portal for ARO. #### Base Command `cov-mgsec-get-aro` + #### Input | **Argument Name** | **Description** | **Required** | @@ -37,42 +41,39 @@ Query FES Portal for ARO | details | if details=true, will return the complete response from Covalence API. | Optional | | query | Portal query, for example: "resolution=Unresolved&type=Recommendation"
Available Keys to filter on:
- id; eg: "id=<ARO_id>
- status; eg: "status=In Triage" or "status=Open" or "status=Closed"
- resolution; eg: "resolution=Unresolved" or "resolution=Resolved" or "resolution=Help Requested" or "resolution=Dismissed"
- type; eg: "type=Action" or "type=Recommendation" or "type=Observation"
- org; eg: "org=<organization_name>"
- since; eg: "since=2021-01-31 14:00:00"
- until; eg: "until=2021-01-31 14:00:00". | Required | - #### Context Output | **Path** | **Type** | **Description** | | --- | --- | --- | -| FESPortal.Aro.ID | String | ID | -| FESPortal.Aro.alert_key | String | Alert_key | -| FESPortal.Aro.analyst_notes | String | Analyst_notes | -| FESPortal.Aro.count | Number | Count | -| FESPortal.Aro.creation_time | Date | Creation_time | -| FESPortal.Aro.details | String | Details | -| FESPortal.Aro.details_markdown | String | Details_markdown | -| FESPortal.Aro.display_url | String | Display_url | -| FESPortal.Aro.external_bug_id | String | External_bug_id | -| FESPortal.Aro.last_updated_time | Date | Last_updated_time | -| FESPortal.Aro.notes | String | Notes | -| FESPortal.Aro.organization.ID | String | ID | -| FESPortal.Aro.organization.email | String | Email | -| FESPortal.Aro.organization.name | String | Name | -| FESPortal.Aro.resolution | String | Resolution | -| FESPortal.Aro.serial_id | String | Serial_id | -| FESPortal.Aro.severity | String | Severity | -| FESPortal.Aro.status | String | Status | -| FESPortal.Aro.steps.ID | String | ID | -| FESPortal.Aro.steps.completed | Boolean | Completed | -| FESPortal.Aro.steps.label | String | Label | -| FESPortal.Aro.steps.last_updated_time | Date | Last_updated_time | -| FESPortal.Aro.template_id | String | Template_id | -| FESPortal.Aro.title | String | Title | -| FESPortal.Aro.triage_id | String | Triage_id | -| FESPortal.Aro.type | String | Type | - - -#### Command Example -```!cov-mgsec-get-aro query="resolution=Unresolved"``` +| FESPortal.Aro.ID | String | ID. | +| FESPortal.Aro.alert_key | String | Alert_key. | +| FESPortal.Aro.analyst_notes | String | Analyst_notes. | +| FESPortal.Aro.count | Number | Count. | +| FESPortal.Aro.creation_time | Date | Creation_time. | +| FESPortal.Aro.details | String | Details. | +| FESPortal.Aro.details_markdown | String | Details_markdown. | +| FESPortal.Aro.display_url | String | Display_url. | +| FESPortal.Aro.external_bug_id | String | External_bug_id. | +| FESPortal.Aro.last_updated_time | Date | Last_updated_time. | +| FESPortal.Aro.notes | String | Notes. | +| FESPortal.Aro.organization.ID | String | ID. | +| FESPortal.Aro.organization.email | String | Email. | +| FESPortal.Aro.organization.name | String | Name. | +| FESPortal.Aro.resolution | String | Resolution. | +| FESPortal.Aro.serial_id | String | Serial_id. | +| FESPortal.Aro.severity | String | Severity. | +| FESPortal.Aro.status | String | Status. | +| FESPortal.Aro.steps.ID | String | ID. | +| FESPortal.Aro.steps.completed | Boolean | Completed. | +| FESPortal.Aro.steps.label | String | Label. | +| FESPortal.Aro.steps.last_updated_time | Date | Last_updated_time. | +| FESPortal.Aro.template_id | String | Template_id. | +| FESPortal.Aro.title | String | Title. | +| FESPortal.Aro.triage_id | String | Triage_id. | +| FESPortal.Aro.type | String | Type. | +#### Command example +```!cov-mgsec-get-aro query="since=2023-11-30 18:00:00"``` #### Context Example ```json { @@ -117,32 +118,29 @@ Query FES Portal for ARO ### cov-mgsec-list-org -*** -List organizations +*** +List organizations. #### Base Command `cov-mgsec-list-org` -#### Input -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | +#### Input +There are no input arguments for this command. #### Context Output | **Path** | **Type** | **Description** | | --- | --- | --- | -| FESPortal.Org.ID | String | ID | -| FESPortal.Org.email | String | Email | -| FESPortal.Org.email_aro_details | Boolean | Email_aro_details | -| FESPortal.Org.name | String | Name | - +| FESPortal.Org.ID | String | ID. | +| FESPortal.Org.email | String | Email. | +| FESPortal.Org.email_aro_details | Boolean | Email_aro_details. | +| FESPortal.Org.name | String | Name. | -#### Command Example +#### Command example ```!cov-mgsec-list-org``` - #### Context Example ```json { @@ -173,3 +171,109 @@ List organizations >| 9d4297ea-089e-42bd-884d-51744e31a471 | foo@bar.com | false | Acme | >| e0e04c8b-d50c-4379-bfd6-5e0f2b1037cd | foo@bar.com | false | Capsule Corp | + +### cov-mgsec-transition-aro + +*** +Transition an ARO. + +#### Base Command + +`cov-mgsec-transition-aro` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| aro_id | This ARO ID to transition. | Required | +| resolution | Resolution to transition the ARO to. Options include: Unresolved, Help Requested, Resolved, or Dismissed. | Required | +| comment | Optional comment to leave on the ARO. | Optional | +| is_comment_sensitive | Optionally mark the comment as sensitive. | Optional | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| FESPortal.Aro.ID | String | ID. | +| FESPortal.Aro.alert_key | String | Alert_key. | +| FESPortal.Aro.analyst_notes | String | Analyst_notes. | +| FESPortal.Aro.count | Number | Count. | +| FESPortal.Aro.creation_time | Date | Creation_time. | +| FESPortal.Aro.details | String | Details. | +| FESPortal.Aro.details_markdown | String | Details_markdown. | +| FESPortal.Aro.display_url | String | Display_url. | +| FESPortal.Aro.external_bug_id | String | External_bug_id. | +| FESPortal.Aro.last_updated_time | Date | Last_updated_time. | +| FESPortal.Aro.notes | String | Notes. | +| FESPortal.Aro.organization.ID | String | ID. | +| FESPortal.Aro.organization.email | String | Email. | +| FESPortal.Aro.organization.name | String | Name. | +| FESPortal.Aro.resolution | String | Resolution. | +| FESPortal.Aro.serial_id | String | Serial_id. | +| FESPortal.Aro.severity | String | Severity. | +| FESPortal.Aro.status | String | Status. | +| FESPortal.Aro.steps.ID | String | ID. | +| FESPortal.Aro.steps.completed | Boolean | Completed. | +| FESPortal.Aro.steps.label | String | Label. | +| FESPortal.Aro.steps.last_updated_time | Date | Last_updated_time. | +| FESPortal.Aro.template_id | String | Template_id. | +| FESPortal.Aro.title | String | Title. | +| FESPortal.Aro.triage_id | String | Triage_id. | +| FESPortal.Aro.type | String | Type. | + +#### Command example +```!cov-mgsec-transition-aro aro_id="7ea9b17d-7529-4b17-b0e7-92334d6c674b" resolution="Resolved" comment="Risk mitigated."``` +#### Context Example +```json +{ + "FESPortal": { + "Org": { + "ID": "7ea9b17d-7529-4b17-b0e7-92334d6c674b", + "alert_key": "test_alert_key", + "attachments": [], + "count": 1, + "creation_time": "2023-08-16 19:48:02", + "data": null, + "details": "ARO Details", + "details_markdown": null, + "display_url": "test_url", + "external_ticket": null, + "frameworks": [], + "insights": {}, + "last_updated_time": "2023-11-30 19:01:59", + "organization": { + "ID": "test_ID", + "email": null, + "name": "test_org_id" + }, + "references": [], + "resolution": "Resolved", + "resolution_duration_seconds": 9155637, + "resolution_time": "2023-11-30 19:01:59", + "serial_id": "15", + "severity": "Low", + "status": "Open", + "steps": [ + { + "ID": "test_id", + "completed": true, + "label": "test_resolution_step", + "last_updated_time": "2023-10-24 20:53:45" + } + ], + "template_id": null, + "title": "test_aro_title", + "triage_id": null, + "type": "Observation" + } + } +} +``` + +#### Human Readable Output + +>### ARO +>|Id|Alert Key|Count|Creation Time|Details|Display Url|Last Updated Time|Organization|Resolution|Resolution Duration Seconds|Resolution Time|Serial Id|Severity|Status| Steps|Title|Type| +>|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---| +>| 7ea9b17d-7529-4b17-b0e7-92334d6c674b | test_alert_key | 1 | 2023-08-16 19:48:02 | ARO Details | test_url | 2023-11-30 19:01:59 | ID: test_ID
email: null
name: test_org_id | Resolved | 9155637 | 2023-11-30 19:01:59 | 15 | Low | Open | {'ID': 'test_id', 'completed': True, 'label': 'test_resolution_step', 'last_updated_time': '2023-10-24 20:53:45'} | test_aro_title | Observation | + diff --git a/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/command_examples b/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/command_examples index 912bfd257cb3..2ff6b9515dff 100644 --- a/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/command_examples +++ b/Packs/CovalenceManagedSecurity/Integrations/CovalenceManagedSecurity/command_examples @@ -1,2 +1,3 @@ -!cov-mgsec-get-aro query="resolution=Unresolved" +!cov-mgsec-get-aro query="since=2023-11-30 18:00:00" !cov-mgsec-list-org +!cov-mgsec-transition-aro aro_id="7ea9b17d-7529-4b17-b0e7-92334d6c674b" resolution="Resolved" comment="Risk mitigated." diff --git a/Packs/CovalenceManagedSecurity/ReleaseNotes/1_1_10.md b/Packs/CovalenceManagedSecurity/ReleaseNotes/1_1_10.md new file mode 100644 index 000000000000..2d3ebea5f225 --- /dev/null +++ b/Packs/CovalenceManagedSecurity/ReleaseNotes/1_1_10.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### Covalence Managed Security +- Updated the Docker image to: *demisto/python3:3.10.13.82467*. +- Added support for transitioning AROs in the Field Effect Portal with a new ***cov-mgsec-transition-aro*** command. +- Fixed an issue in *fetch_incidents* that could cause duplicate incidents to be created. \ No newline at end of file diff --git a/Packs/CovalenceManagedSecurity/pack_metadata.json b/Packs/CovalenceManagedSecurity/pack_metadata.json index 837ee5df22ed..62cd07f3a720 100644 --- a/Packs/CovalenceManagedSecurity/pack_metadata.json +++ b/Packs/CovalenceManagedSecurity/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Covalence Managed Security", "description": "Triggers by triaged alerts from endpoint, cloud, and network security monitoring. Contains event details and easy-to-follow mitigation steps.", "support": "partner", - "currentVersion": "1.1.9", + "currentVersion": "1.1.10", "author": "Field Effect Security", "url": "https://fieldeffect.com/products/covalence-cyber-security/", "email": "support@fieldeffect.com",