Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding Rekall and Winpmem #7

Merged
merged 2 commits into from
Aug 9, 2016
Merged

Adding Rekall and Winpmem #7

merged 2 commits into from
Aug 9, 2016

Conversation

liorkol
Copy link
Contributor

@liorkol liorkol commented Aug 2, 2016

Added client-side D2 agent scripts in JS for both Rekall and Winpmem. Also added their descriptions and argument details into scripts.json.

Please review.

@meirwah
Copy link
Contributor

meirwah commented Aug 8, 2016

@liorkol is this ready?

@liorkol liorkol merged commit ab0506a into master Aug 9, 2016
@liorkol liorkol deleted the contribute-rekall-winpmem branch August 9, 2016 14:57
@idovandijk idovandijk mentioned this pull request Oct 29, 2019
Merged
5 tasks
bakatzir added a commit that referenced this pull request Jun 5, 2020
@bakatzir @elebow
[cofense-32] Two new commands and internal refactoring, second PR (#7… (
f88cb3e 
#7346)

* [cofense-32] Two new commands and internal refactoring, second PR (#7104)

* [CofenseTriage] Add new Triage commands

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] WIP tests

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Code style cleanup

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] assorted cleanup WIP

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add test fixtures WIP

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Refactor http_request

- Rename to `triage_request` and rename first parameter to `endpoint`
- Create new function `triage_api_url` to build full URL to a given endpoint
- Refactor and simplify response handling logic

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Refactor `fetch_reports`

No functional changes, except some speedups and a possible bug fix.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Break out TriageReport class

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Break out TriageInstance class

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add TriageReporter class

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Update tests and fixtures

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Rewrite get_report_by_id to use class

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move all classes into one file

The plugin architecture requires it.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Refactor and add test coverage for get_threat_indicators()

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Eleminate unnecessary get_attachment()

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Refactor search_reports and increase test coverage

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Assume /reports/:id always returns an array

Also eliminate unnecessary TriageReporter.from_json() and rename
Triage_reporter.from_id() to .fetch().

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Make test fixture more complicated

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Return actual JSON in to_json()

Also enhance test coverage.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Don't call fetch_reports() in test_function()

Triage always responds with a valid JSON object. There is no need to
perform a second request to test the integration---if Triage responsds
with an OK status, then everything is working.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Store last run data as a JSON blob

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Wrap incident attachment in single-element list

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Update metadata

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Clean up remnants in Legacy pack

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add mypy ignore comments

Mypy has trouble with decorators like lru_cache() in several situations.
Add inline comments to silence spurious linter complaints.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move import after stubs in test

We have to stub demistomock before we import CofenseTriage. That's just how
demistomock works, apparently.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Generate release notes

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move changes to new CofenseTriage 2

Both versions will exist in parallel

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move return_error to highest-level except block

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Update documentation

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Address various linter complaints

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move time constants inline

Also eliminate the time format string in favor of
datetime.datetime.fromisoformat().

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Pass a TriageInstance argument instead of using a module var

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Let exceptions bubble up to main()

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Address more linter complaints

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Rename module to CofenseTriagev2

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Centralize parameter fetching in main()

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add v2 to Tests/conf.json

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Rename more files to have v2 prefix

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add minimum Demisto version

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move test files to root dir of integration

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Remove tests from v1 integration

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Rename Cofense.ThreatIndicators context path

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Additional minor adjustments

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Merge all test files into one

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Stub fileResult more realistically

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Update release notes

on-behalf-of: @Cofense <oss@cofense.com>

Co-authored-by: Mike Saurbaugh <mike.saurbaugh@cofense.com>

* lgtm, docket tag, secrets

* skip, no instance

* pylint

* secrets 101

* rm coverage

* rm secrets

* contrib commits 102

* contrib commits 103

* contrib commits 104

* str -> num

* desc types

* add newline

* add cmd_ex file

* typo

* styling

* add to_json()

* add json.dumps

* add readme, add tpb

* linters

* linters2

* linters3

* mv cofense triage v1 to non circle tests

Co-authored-by: Eddie Lebow <elebow@users.noreply.github.com>
Co-authored-by: Mike Saurbaugh <mike.saurbaugh@cofense.com>
teizenman added a commit that referenced this pull request Jun 21, 2020
@DctrG @Itay4
@kirbles19 @yaakovi @yuvalbenshalom @bakatzir @elebow @Shellyber @toddm92 @idovandijk @altmannyarden @yaron-libman @orlichter1 @glicht @roysagi @David-BMS @ShahafBenYakir @liorblob @jochman @ronykoz @teizenman @amshamah419 @deepinstinctdev @reutshal @dantavori @liorkol @nericksen @anara123 @hod-alpert @guyfreund @orhovy @IkaDemisto @DeanArbel @GalRabin @avidan-H @moishce-zz @mayagoldb @barchen1 @antazoey @turbodog @fvigo @hstern
Zoom ips (#7413)
1e10610 
* FireEye Helix - fix headers arg processing in search cmd (#7411)

* add unit test for search command with headers arg given

* add unit test for search command with headers arg given

* pass to build_mql_query from search cmd only relevant args and not all

* add default empty string to query arg

* Updated

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Update config.yml (#7412)

* fix print bucket path (#7416)

* [cofense-32] Two new commands and internal refactoring, second PR (#7… (#7346)

* [cofense-32] Two new commands and internal refactoring, second PR (#7104)

* [CofenseTriage] Add new Triage commands

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] WIP tests

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Code style cleanup

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] assorted cleanup WIP

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add test fixtures WIP

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Refactor http_request

- Rename to `triage_request` and rename first parameter to `endpoint`
- Create new function `triage_api_url` to build full URL to a given endpoint
- Refactor and simplify response handling logic

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Refactor `fetch_reports`

No functional changes, except some speedups and a possible bug fix.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Break out TriageReport class

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Break out TriageInstance class

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add TriageReporter class

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Update tests and fixtures

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Rewrite get_report_by_id to use class

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move all classes into one file

The plugin architecture requires it.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Refactor and add test coverage for get_threat_indicators()

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Eleminate unnecessary get_attachment()

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Refactor search_reports and increase test coverage

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Assume /reports/:id always returns an array

Also eliminate unnecessary TriageReporter.from_json() and rename
Triage_reporter.from_id() to .fetch().

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Make test fixture more complicated

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Return actual JSON in to_json()

Also enhance test coverage.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Don't call fetch_reports() in test_function()

Triage always responds with a valid JSON object. There is no need to
perform a second request to test the integration---if Triage responsds
with an OK status, then everything is working.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Store last run data as a JSON blob

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Wrap incident attachment in single-element list

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Update metadata

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Clean up remnants in Legacy pack

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add mypy ignore comments

Mypy has trouble with decorators like lru_cache() in several situations.
Add inline comments to silence spurious linter complaints.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move import after stubs in test

We have to stub demistomock before we import CofenseTriage. That's just how
demistomock works, apparently.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Generate release notes

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move changes to new CofenseTriage 2

Both versions will exist in parallel

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move return_error to highest-level except block

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Update documentation

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Address various linter complaints

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move time constants inline

Also eliminate the time format string in favor of
datetime.datetime.fromisoformat().

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Pass a TriageInstance argument instead of using a module var

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Let exceptions bubble up to main()

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Address more linter complaints

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Rename module to CofenseTriagev2

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Centralize parameter fetching in main()

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add v2 to Tests/conf.json

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Rename more files to have v2 prefix

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add minimum Demisto version

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move test files to root dir of integration

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Remove tests from v1 integration

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Rename Cofense.ThreatIndicators context path

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Additional minor adjustments

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Merge all test files into one

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Stub fileResult more realistically

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Update release notes

on-behalf-of: @Cofense <oss@cofense.com>

Co-authored-by: Mike Saurbaugh <mike.saurbaugh@cofense.com>

* lgtm, docket tag, secrets

* skip, no instance

* pylint

* secrets 101

* rm coverage

* rm secrets

* contrib commits 102

* contrib commits 103

* contrib commits 104

* str -> num

* desc types

* add newline

* add cmd_ex file

* typo

* styling

* add to_json()

* add json.dumps

* add readme, add tpb

* linters

* linters2

* linters3

* mv cofense triage v1 to non circle tests

Co-authored-by: Eddie Lebow <elebow@users.noreply.github.com>
Co-authored-by: Mike Saurbaugh <mike.saurbaugh@cofense.com>

* Fixed server version calculation (#7419)

* Fixed server version calculation

* Fixed some LGTM and pylint comments

* Fix Thread Crash Print (#7417)

* Update test_content.py

* added space

* Fixed bug - CB-Live-Response (#7389)

* Fixed release notes

* Added rn

* Fixed version bump

* Removed unnecessary comment

* Updated.

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Fixed a bug in download malware (#7400)

* Fixed a bug in download malware

* added rn and fixed cr

* old changelog fix

* Updated

* added old changelog

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* new Prisma Cloud remediation additions to GCP playbooks (#7265) (#7395)

* new remediation additions

* update release notes

* update release notes

Co-authored-by: Todd Murchison <toddm92@gmail.com>
Co-authored-by: syaakovi <syaakovi@paloaltonetworks.com>

* CS falconhost threatgraph API support (#7054)

* cs threatgraph API support

* missing dot

* use tabletomarkdown

* cs falconhost threatgraph

* add rn marketplace format

* Updated

* Minor update

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Phishing - Core - Fixed URL screenshots tag + merged 2 conditions + updated pic (#7390)

* Fixed URL screenshots tag + merged 2 conditions + updated pic

* fixed changelogs / rn

* Added new playbook playbook-Illinois_-_Breach_Notification (#7253)

* Added new playbook playbook-Illinois_-_Breach_Notification.yml.
Fixed issues with breach notification playbook.
Added Readme files to breach notification playbooks.

* update release notes.

* update release notes.

* Added the edit layout.

* Added the edit layout.

* Added the edit layout.

* Added the edit layout.

* Added the edit layout.

* Update playbook-Illinois_-_Breach_Notification.yml

* Changed conflicts.

Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* Slack Ask - Add user and response template (#7386)

* change Pcap to PCAP + add "All" option for protocol output

* add changelog

* Updated.

* Updated

* README UPDATE

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* epo update doc with permission info (#7249)

* epo help images

* update images

* epo readme

* typo fix

* add link to epo docs

* fixes from @kirbles19

* Fixing content (#7388)

* fixing several pack validation errors

* fixing extra hop

* added test playbook for joe security playbook

* adding rn

* adding rn

* bumping pack metadata for common reports

* fixing content - additional BA101

* adding XDR iocs pack (#7144)

* adding XDR iocs pack

* code ready exept ioc from xdr to demisto

* last changes

* update YML

* fixup! last changes

* update pack format

* fixing code CR

* adding unit test and small changes

* adding README

* adding description

* adding playbooks

* adding test playbook

* adding test module command

* Updated

* Updated

* Update XDR_iocs_every_minute.yml

* Update XDR_iocs_nightly_job.yml

* Update XDR_iocs.yml

* add to description

* small test change

* adding feedIncremental

* last fix

* fixup! last fix

Co-authored-by: esharf <esahrf@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* Tim indicators exclusion by related incidents (#7127)

* Added new playbook

* Added new playbook

* Updated name.

* Update TIM_-_Indicators_Exclusion_By_Related_Incidents.yml

* Added description.

* Added description.

* Added description.

* Added description.

* Added description.

* Added description.

* Added description.

* Added description.

* Added description.

* Added readme and bumped pack version

* Added readme and bumped pack version

* Improved descriptions.

Co-authored-by: dbaumstein <dbaumstein@paloaltonetwork.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* Red lock token fix (#7408)

* Added support for multi environment instances

* Added RN

* Change RN

* fixed syntax

* fixed syntax

* Added error handling

* Updated

* Updated

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Access Investigation - deprecation & new playbook (#7315)

* Access Investigation - deprecation of old playbook, creation of new playbook

* Access Investigation - deprecation of old playbook, creation of new playbook

* img for readme

* manual RN

* removed rn

* back to old version

* Update Access_Investigation_-_Generic_4_5_CHANGELOG.md

* Update Access_Investigation_-_Generic_CHANGELOG.md

Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* Deprecated scripts comments (#7349)

* Deprecated scripts comments

* typo

* Update deprecated comment.

* Updated

* Updated

* Updated

* Updated

* Updated

* RN

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* JsonWhoIs - fixed error not returned from the integration (#7394)

* JsonWhoIs - fixed error not returned from the integration

* Fix CR

* move error to http request

* error handling

* Updated

* Updated

* Update Packs/JsonWhoIs/Integrations/JsonWhoIs/JsonWhoIs.py

Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>

* fix mypy

* rm mypy ignore

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>

* Added timestamp compare (#7195)

* Added timestamp compare

* fix CR

* Adding timeformat option

* Update TimeStampCompare.yml

* Updated

* Fix UT

* fix yml

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Carbon Black Response - changed dt for File (#7391)

* changed the dt for File

* RN

* Update 1_0_3.md

Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>

* Tim whois playbooks (#7039)

* Added new playbook.

* Update playbook-TIM_-_Process_Domain_Registrar_With_WHOIS.yml

* Added section headers.

* Added tech docs notes.

* Added input and description.

* Update playbook-TIM_-_Process_Domain_Registrar_With_WHOIS.yml

* Added descriptions.

* Added readme.

* Added readme.

* Added png link.

* Added png link.

* Removed changelog.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Change changelog

* Update RNs

* Update RNs

* Multiple playbook changes.

* Updated playbook.

* Updated playbook.

* Added new playbook

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* changed tag name.

* changed tag name.

* changed tag name.

* changed tag name.

* Minor logic change.

* Revert "Minor logic change."

This reverts commit dbfd9598

* Minor logic change.

* Removed list name.

* Removed default delimiter.

* Casing.

* Casing.

* Added description.

* Update playbook-TIM_-_Process_Domains_With_Whois.yml

* Update playbook-TIM_-_Process_Domain_Registrant_With_Whois_README.md

* Update playbook-TIM _-_Process_Domain_Age_With_Whois.yml

* Update playbook-TIM_-_Process_Domain_Registrant_With_Whois.yml

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added image.

Co-authored-by: dbaumstein <dbaumstein@paloaltonetwork.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>
Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* Added tests to phishing pack (#7345)

* Added tests to pack

* Added core

* Moved files back to where they need to be

* new MR for Deep Instinct Integration (#7415)

* new MR for Deep Instinct Integration (#7316)

* new MR for Deep Instinct Integration

* Update pack_metadata.json

* Delete CHANGELOG.md

Co-authored-by: Rony Kozakish <37589583+ronykoz@users.noreply.github.com>

* Update README.md

* Adding skip on the integration

* Fix file name

Co-authored-by: deepinstinctdev <dev@deepinstinct.com>
Co-authored-by: Rony Kozakish <37589583+ronykoz@users.noreply.github.com>
Co-authored-by: ronykoz <rkozakish@paloaltonetworks.com>

* Red Canary - bug fixes in fetch incidents (#7421)

* fetch only ack detections and remove timeline for detection in fetch

* Updated

* Updated

* consider detection as acknoledges if one of the fields exist, not both

* consider detection as acknoledges if one of the fields exist, not both

* consider detection as acknoledges if one of the fields exist, not both

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Updated playbook image (#7423)

* Add whois to autoprocessing (#7428)

* Added sub playbook.

* Added sub playbook.

* Added sub playbook.

* Added sub playbook.

* Added image.

* Added image.

* Removed space.

* Removed space.

Co-authored-by: dbaumstein <dbaumstein@paloaltonetwork.com>

* Fix content packs- Reut (#7341)

* CommonScripts fix

* CommonScripts fix

* CommonScripts fix

* Nist ignore

* sdk version

* Malware ignore errors

* Malware ignore errors

* ignore SC100

* Non-supported pack

* Non-supported pack

* Non-supported pack

* Non-supported pack

* Non-supported pack

Co-authored-by: rsagi <rsagi@paloaltonetworks.com>

* Marketplace step fix (#7425)

* test

* test

* small fix

* Prisma Access - Added tunnel health playbook (#7136) (#7431)

* Prisma Access - Added tunnel health playbook

* Add image file in doc_files

* Added playbook image to README

* Updating playbook image

* Fixes to playbook

Removed Slack task, added remediation recommendations on manual step.

* Updating README

* Update playbook-Prisma_Access_-_Connection_Health_Check_README.md

* Update playbook-Prisma_Access_-_Connection_Health_Check.yml

* Prisma Access - fix sdk validate

Tests conf - fix Prisma Access brand name to remove validate error. yml - fix multiline description.

Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

Co-authored-by: Lior Kolnik <liorkol@users.noreply.github.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>
Co-authored-by: syaakovi <syaakovi@paloaltonetworks.com>

* PCS (Redlock) remediation command (#7270) (#7392)

* Add remediation details command

* Add condition to gracefully handle no remediation details

* Update README.md; Add command_examples.txt

* Clean up context and entry format; Support multiple alert-ids

* Update README.md; Fix lint issues

* Refactor no remediation condition

* Update outputs and README

* Create ReleaseNotes; Update pack_metadata.json

* Fix human readable output; Update README; Update test playbook

* Update instances of RedLock to Prisma Cloud (RedLock)

* Update release notes

* Update Packs/RedLock/TestPlaybooks/playbook-RedLockTest.yml

* Updated

* Updated descriptions for new command

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

Co-authored-by: Nicholas Ericksen <59053722+nericksen@users.noreply.github.com>
Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Print server conf for bucket (#7436)

* removed TestFormatTableValues to check if it solve conflict

* fix typo

* fix typo

* fix new lines

* fix missing "

* fix missing -e

* Access Investigation Generic playbook - refactor filename (#7438)

* change toversion field name

* refactor new access investigation generic playbook name

* revert 4.5 trigger

* fix broken images (#7432)

* Access Investigation - ID fix (#7440)

* emergency ID fix

* empty RN

* Update Packs/AccessInvestigation/ReleaseNotes/1_1_1.md

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* Content additional fix validations (#7445)

* Content additional fix validations

* updating gmail docker image

* Update Packs/Digital_Defense_FrontlineVM/Playbooks/playbook-Digital_Defense_FrontlineVM_-_PAN-OS_block_assets.yml

Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>

* adding changelogs

Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>

* fix lintings (#7454)

* Improved empty response handling (#7296)

Co-authored-by: halpert <haplert@paloaltonetworks.com>

* [Enhancement] Search Search Endpoints By Hash - Carbon Black Response (#7399)

* Deprecated Search Search Endpoints By Hash - Carbon Black Response.
Created new playbook Search Search Endpoints By Hash - Carbon Black Response V2 instead.

* added the playbook image.

* added the playbook image.

* Updated playbook image

* Update playbook-Search_Endpoints_By_Hash_-_Carbon_Black_Response_V2.yml

* Update playbook-Search_Endpoints_By_Hash_-_Generic_V2.yml

* Update playbook-Hunt_Extracted_Hashes.yml

* Update playbook-Search_Endpoints_By_Hash_-_Carbon_Black_Response.yml

* updated release notes

Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* out of skipped tests (#7456)

* out of skipped

* parse email files out of skipped

* Auto detect api modules (#7257)

* changed docker image

* changed docker image

* changed docker image

* changed docker image

* changed docker image

* updated conf json for nightly tests on generic feeds

* updated None to ''

* updated None to ''

* updated conf json

* updated conf json

* updated conf json

* updated conf json

* updated rn

* updated rn

* updated pr

* updated pr

* fixed json ut

* fixed json ut

* fixed json ut

* fixed json ut

* updated pr

* updated pr

* updated pr

* updated pr

* updated pr

Co-authored-by: yorhov <Orekhova97229!>

* small fix in content (#7462)

* unskipping phishlabs (#7455)

* unskipping phishlabs

* fixing test playbook

* RTIR: fix ID header bug (#7453)

* RTIR: Fix ID header

* fix lint and format

* fix flake8

* added rns

* fix cr

* Update 1_0_2.md

Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>

* fortisiem bug fix (#7469)

* disabled the request to trigger an event, made queryData hardcoded

* changelog

* Updated.

* Updated

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* remove old regexes from content (#7398)

* remove old regexes from content

* use demisto-sdk from master

* Update dev-requirements-py3.txt

Co-authored-by: reut shalem <50294648+reutshal@users.noreply.github.com>

* Update dev-requirements-py3.txt

* replace old regexes

* sdk release 1-1-2 test

* sdk release 1-1-2 test

* sdk release 1-1-2 test

* sdk release 1-1-2

Co-authored-by: reut shalem <50294648+reutshal@users.noreply.github.com>
Co-authored-by: rshalem <rshalem@paloaltonetworks.com>

* changing playbook name (#7474)

* changing playbook name

* changing playbook name

* fix rastarize name in core packs list (#7471)

* Nightly Marketplace (#7467)

* remove old regexes from content

* use demisto-sdk from master

* Update dev-requirements-py3.txt

Co-authored-by: reut shalem <50294648+reutshal@users.noreply.github.com>

* Update dev-requirements-py3.txt

* replace old regexes

* use sdk master

* conflicts fix

* changed sdk branch

* changed sdk branch to master

* fixed config.yml, added developerTools pack to packs_to_install

* reduced flake8 version

* moved test playbooks to packs

* removed Extract Indicators From File - test from conf.json

* reverted changes in collect_tests and dev-requirements-py3

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: reut shalem <50294648+reutshal@users.noreply.github.com>
Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>
Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>

* bump content and sha1 versions (#7470)

* reverted instance tests to run on server 5.5 (#7465)

* Return of cofense feed (#7481)

* Updated Cortex XDR IOCs pack names - 20.6.0 (#7437) (#7457)

* Updated Cortex XDR IOCs pack names - 20.6.0 (#7437)

* updated pack name, integration name, and command names of "Cortex XDR - IOC"

* fixed bug

* update tests

* update pack & integration description

* update pack & integration description

* updated descriptions

* update integration format

* fixup! update integration format

* adding ioc triger to push command

* update README

* fix CR

* fixup! fix CR

* Update Packs/XDR_iocs/Integrations/XDR_iocs/XDR_iocs.yml

Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Guy Lichtman <1395797+glicht@users.noreply.github.com>

* update readme with a better description

* updated descriptions and display name in yml

* Update Packs/XDR_iocs/Integrations/XDR_iocs/XDR_iocs.yml

* Update Packs/XDR_iocs/Integrations/XDR_iocs/XDR_iocs.yml

* Apply suggestions from technical writer review

* fix

* fixup! fix

* fixinig

* last fix

* add sleep time

* add sleep time

Co-authored-by: eli sharf <esharf@paloaltonetworks.com>
Co-authored-by: esharf <esahrf@paloaltonetworks.com>
Co-authored-by: Guy Lichtman <1395797+glicht@users.noreply.github.com>

* adding empty release notes

* Update CHANGELOG.md

Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>
Co-authored-by: esharf <esahrf@paloaltonetworks.com>
Co-authored-by: Guy Lichtman <1395797+glicht@users.noreply.github.com>

* deleted Legacy pack (#7463)

* Delete Exchange pack (#7433)

* Add the GetShiftsPerUser automation (#7213)

* Add the GetShiftsPerUser automation

* Add current user to script and fix bad check for GetOnCallHoursPerUser

* Style guides

* Remove unusedimports

* Remove used vars

* Add a better output type

* Fix imports

* Release notes of bug in GetOnCallHoursPerUser

* Fix the tests

* Fix the eslint lines too long

* Fix eslint changelog

* release notes

* docker tags

* Fix the output

* Add related tests

* Add header for the markdown

* Update Packs/ShiftManagement/ReleaseNotes/1_1_0.md

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* Eslint

* Shifts per user

* Trailing whitespace

* RN

* Docker version

* Tests + imports

* Debug tests

* Debug tests 2

* Debug tests 3

* Debug 4

* Debug 5

* Debug 6

* Debug 7

* Debug 8

* Debug 9

* Debug 10

* Debug 12

* Fix mock result

* Fix mock result

* linting

* Flake8

* Updated

* Updated.

Co-authored-by: Agam More <agmore@paloaltonetworks.com>
Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* ignore missing CHANGELOG failures (#7482)

* Update config.yml

* Update config.yml

* demistomock.py formatting (#7483)

* Fixed print when GCS_MARKET_KEY is not set (#7486)

* Fixed print when GCS_MARKET_KEY is not set

* Skipping a step in contribution

Co-authored-by: halpert <haplert@paloaltonetworks.com>

* fixed build images paths (#7450)

* Packs changelog - added build number to display name (#7279)

* added build number to pack changelog

* switched brackets to dash in changelog version

* added versionInfo field

* fixed doc strings

* added versionInfo to unit test

* Nightly failures (#7317)

* Skipped nightly failures

* Un-skipped infoblox

* Skipped tonight's failing tests

* Skipping failing tests

* Skipping failing tests

* Skipped traps

* Skipped traps

* Added timeout to "Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Test - Cofense Intelligence

* Skipped Test - Cofense Intelligence

* Update XDR_iocs.yml (#7494)

* Uploader - changed upload corepacks.json logic (#7487)

* changed upload corepacks.json logic

* added sys.exit(1) in case of failure

* Updated video link for Crisus Management (#7496)

* Updated video link

* moved video to pack readme

* http = https

* fix RNs

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* [New Integration] EWS O365 (OAuth 2) (#7145)

* created new branch with files from original branch

* changed name to EWS O365

* changed app name

* fixed service based and item based commands

* fixed recover_soft_delete_item

* added external files (test playbook, picture detailed description)

* created readme and removed impersonation and mark_as_read fields

* added test infrastructure

* removed dev code

* updated fetch logic to use last_modified_time

* moved files to EWS pack

* added rn and test

* reformatted redame

* removed ews-search-mailboxes

* build fix

* changed insecure logic

* fixed test playbook

* added proxy support

* added constants and max incidents per fetch validation

* style changes + added support for target_mailbox in get_folder and create_folder

* Updated

* moved ews v1 to deprecated

* added docstrings

* added back ews v1 to ews pack - will be moved to deprecated in a future PR

* reverted changes to ewsv2

* removed ErrorInvalidPropertyRequest

* added descriptions for test playbook-EWS_O365_test.yml

* moved description a level deeper

* added test for public folders

* added descriptions to test playbook tasks

* added descriptions to test playbook tasks

* updated docker image

* added fromversion to test playbook

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Removed legacy from special handling in dependencies calculation  (#7493)

* removed legacy from special handling

* fixed unused import

* test_collect_tests_and_content_packs  - Improve packs collecting (#7477)

* sdk release 1-1-2

* sdk release 1-1-2

* sdk release 1-1-2

* check docs upload

* deleted comments

* linting

* linting

* linting

* Fixed UT

* Fixed UT

* Fixed UT

* Fixed UT

* Fixed UT

* Fixed UT

* CR fixes

* CR fixes

* Move default types to content (#7426)

* move system incident types to content

* add release notes

* moved types to correct packs

* updated pack versions

* add DefaultPlaybook to core packs

* update version

* Docs: remove possible errors section (#7381)

* Maltiverse: remove possible errors section

* remove troubleshooting and overview

* Update README.md

* update zabbix

* Securonix already fetched (#7025)

* securonix fetch offset

* changelog

* Added max parameter to the `securonix-list-incidents` command
Added the `max_fetch` parameter to the integration configuration, where the default and maximum value is 50.
Fixed an issue where duplicate incidents where fetched.

* linter 101

* linter 102

* linter 103

* set -> list, dumps the already_fetched

* update RN and README

* update dockerimage

* Update Packs/Securonix/Integrations/Securonix/CHANGELOG.md

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* Update Packs/Securonix/Integrations/Securonix/README.md

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* Update Packs/Securonix/Integrations/Securonix/README.md

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* Update Packs/Securonix/Integrations/Securonix/Securonix.yml

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* add HelloWorld, ExportIndicators, Malware, DefaultPlaybook to core packs (#7504)

* Fix collect tests and content packs  (#7468)

* replaced DocumentationTest with HelloWorld-Test

* test fix

* in progress

* added developertools to packs to install if no tests

* fixed test

* moved GenericSQL test script

* fix typo in DeleteContext file name

* moved auto-extract test script to base pack (next to auto-extract test playbook)

* moved CallTableToMarkdown test script to base pack (next to test playbook)

* UT fix

* UT fix
search_and_install - removed redundant packs from installation list

* reverted deletecontext renaming

* moved CallTableToMarkdown script back to DeveloperTools

* fixed conflicts

* reverted movement of scripts from DeveloperTools

Co-authored-by: syaakovi <syaakovi@paloaltonetworks.com>

* Fix common server python test: (#7311)

* skipping tests

* skipping tests

* Update Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py

Co-authored-by: hod <halpert@paloaltonetworks.com>

Co-authored-by: hod <halpert@paloaltonetworks.com>

* unskip wildfire-test (#7498)

* Add safe get dict to common server python (#7451)

* removed test pbs (#7524)

* increase sshd MaxStartups and restart sshd (#7434)

Co-authored-by: ikeren <itay@demisto.com>

* Create Troubleshooting Section for Packets and Logs README (#7429)

* add troubleshooting section to the RSA NetWitness Packets and Logs integration readme

* README addition minor changes

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* moved deprecated ews integration (#7532)

* added eula link support (#7525)

* demisto-sdk find-dependencies (#7502)

* demisto-sdk find-dependencies

* deleted images.

Co-authored-by: dbaumstein <dbaumstein@paloaltonetwork.com>

* SetGridField - sort columns alphabetically (#7533)

* sort columns alphabetically

* remove print

* update docker image tag and fix lint report in test

* Elasticsearch Feed - fix bug in feed type handling (#7490)

* pass feed type to get_scan_insight_format in fetch indicators cmd

* bump docker image tag

* added default to url arg in url command (#7514)

* fix bug in threat-grid-get-analysis-by-id (#7377)

* fix bug

* fix releasenote

* Joe security bug (#7362)

* Fixed testPlaybook & check if the DBotScore.indicator exists

* delete Joe Security from skipped

* delete Joe Security from skipped

* fix testplaybook

* added changelog

* fix

* fix test playbook

* added releasenote

* fix releasenote

* Update Packs/JoeSecurity/Integrations/JoeSecurity/CHANGELOG.md

Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com>

* BigFix - add get_endpoint_details arg to get-endpoints cmd (#7515)

* split bigfix yml into dir

* parse xml response with utf-8 encoding

* add get_endpoint_details arg to get endpoints cmd

* add get_endpoints_details arg to readme

* fixed lint reports

* Recorded Future Feed - handle sparse response in fetch indicators command (#7414)

* add test for fetch indicators cmd with sparse response

* handle missing fields in iterator

* handle score in case Risk is not returned from iterator

* add release notes

* Update Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture.py

Co-authored-by: Rony Kozakish <37589583+ronykoz@users.noreply.github.com>

Co-authored-by: Rony Kozakish <37589583+ronykoz@users.noreply.github.com>

* fix a bug that test module failed on a delegated mailbox (#7435)

* fix a bug in the test_module

* added releasenote

* added releasenote

* fix releasenote

Co-authored-by: ikeren <itay@demisto.com>

* fix for IsMaliciousIndicatorFound tpb (#7497)

* fix for IsMaliciousIndicatorFound tpb

* Added sleep in TPB

* another sleep

* unskip duo admin tpb (#7499)

* unskip duo admin tpb

* TPB sections now happens one after the other and not at the same time

* Proofpoint Protection Server - use html.parser instead of lxml parser and update required admin role (#7396)

* use html.parser instead of lxml parser and update required admin role

* Updated

* Updated

* Updated

* added 8.14.2 support for smart search

* add new param to readme

* verify pps version param is initialized in the condition

* Update Packs/ProofpointServerProtection/Integrations/ProofpointServerProtection/ProofpointServerProtection.py

Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>

* bump docker image tag

* bump pack version to 1.0.2

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>

* fix akamai instance (#7549)

* Labeled partner packs + cleared packs metadata (#7531)

* cleaned packs metadata json

* labeled partner packs

* Apply suggestions from code review

CR fixes

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>

* additional fixes

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>

* Nightly failures (#7547)

* Skipped nightly failures

* Un-skipped infoblox

* Skipped tonight's failing tests

* Skipping failing tests

* Skipping failing tests

* Skipped traps

* Skipped traps

* Added timeout to "Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Test - Cofense Intelligence

* Skipped Test - Cofense Intelligence

* Skipped nightly failures

* Fix collect packs (#7519)

* replaced DocumentationTest with HelloWorld-Test

* test fix

* in progress

* added developertools to packs to install if no tests

* fixed test

* moved GenericSQL test script

* fix typo in DeleteContext file name

* moved auto-extract test script to base pack (next to auto-extract test playbook)

* moved CallTableToMarkdown test script to base pack (next to test playbook)

* UT fix

* UT fix
search_and_install - removed redundant packs from installation list

* reverted deletecontext renaming

* moved CallTableToMarkdown script back to DeveloperTools

* testing fix

* fixed conflicts

* fix get_packs_of_tested_integrations

* fix get_packs_of_tested_integrations

* reverted movement of scripts from DeveloperTools

* merge from master

* renaming

Co-authored-by: syaakovi <syaakovi@paloaltonetworks.com>

* DefaultPlaybook dependency fixes (#7528)

* DefaultPlaybook dependency fixes

* RN

Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* Flake8 phase3 (#7522)

* Securonix flake8 fixes

* Securonix flake8 fixes

* CofenseTriage lint fixes

* FireEyeHelix lint fixes

* MongoDB lint fixes

* added dockerimage45

* Revert "added dockerimage45"

This reverts commit c882d3e0

* fix rns

* Malware dependency fixes (#7527)

* Malware dependency fixes

* common changed to mandatory

Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* Skip all detonation subplaybooks if unavailable (#7530)

* skip all subplaybooks if unavailable

* deleted random fields

* back to 1.0.0

* RN

* fixed mistake

* fixed mistake

Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* Base installation issue fix (marketplace) (#7544)

* fixed Base installation issue

* test fix

* change get entities timeframe from 1 hour to 1 day (#7557)

* Phishing dependency fixes (#7526)

* Phishing dependency fixes

* common changed to mandatory

Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* Move Redlock integration into PrismaCloud pack (#7464)

* Moved Redlock integration into PrismaCloud pack

* Updated pack release notes

* Updated pack release notes

* Common pb pack dependencies (#7568)

* add dependencies for commonPlaybooks pack

* add CalculateTimeDifference to core packs

* fix in collect_tests (#7565)

* migrate videos to content-assets (#7562)

* Add packs dependencies to all core packs (#7555)

* Add packs to all core packs

* remove display images

* fix json

* Update pack_metadata.json

fix metadata format

Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com>

* Common fixes (#7556)

* Moved folder to common.

* Updated command to SearchIncidentsV2.

* Release notes.

* Release notes.

* Release notes.

* Release notes.

* Release notes.

* Changed task to V2.

* Added to pack ignore.

* Added to pack ignore.

* Added to pack ignore.

* Added to pack ignore.

Co-authored-by: dbaumstein <dbaumstein@paloaltonetwork.com>
Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* Add RP104 to ignore errors for reputations.json file (#7550)

* New playbook for "Malware Playbook - Manual". (#7506)

* New playbook for "Malware Playbook - Manual".

* Changed release notes

* Changed Playbook name to "Malware Investigation - Manual"

* Changed Playbook name to "Malware Investigation - Manual"

* Updated release notes

* Updated release notes

* Changed playbook task names

* CHanged release notes

* Update playbook-Malware_Investigation_-_Manual.yml

Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* Association of fields to all (#7492)

* Associated some fields to all, added new common fields, and ensured everything moves/stays in CommonTypes

* Generate RNs

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>
Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* removed ews o365 from skipped (#7577)

* unskipd msg dvc mngmnt (#7574)

* Code42 fix spellings (#7536) (#7538)

* Correcty mispelling

* Correct misspelling

Co-authored-by: Juliya Smith <yingthi@live.com>

* Added to pack ignore (#7579)

* Powershell improvements (#7479)

* update pwsh tests to user pester 5.0 + allow returnoutputs to use object

* release notes

* release notes

* update docker

* set docker images to pwsh 7

* change to use also default docker

* fix test for pwsh 7

* test also on pwsh 7

* set dockeriamge to 6.2.4

* release notes bump

* bump release notes

* bump

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Skipping subplaybooks for packs if unavailable (#7558)

* Skipping many subplaybooks if unavailable

* Added & commented out unnecessary RN

* Added missing playbooks

* reverted old rn changes

* reverted old rn changes

* reverted old rn changes

* old rn back

* version bump

* version change

Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* sdk release 1-1-3 (#7543)

* sdk release 1-1-3 test

* release 1-1-3 test

* sdk 1-1-3 merge

* IsEnabled additions to playbooks for packs (CommonPlaybooks + Phishing changes) (#7560)

* isenabled fixes

* proper changelog and RN

* imgs

* new image links

* Added another skip and moved subplaybook so it doesn't hide the other

* Merge branch 'master' of https://github.com/demisto/content into playbook-isenabled-changes

# Conflicts:
#	Packs/CommonPlaybooks/Playbooks/playbook-Detonate_File_-_Generic.yml
#	Packs/CommonPlaybooks/pack_metadata.json
#	Packs/Phishing/pack_metadata.json

* Version bump & new RN

* reverted change to old RN (shouldnt change it)

Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* fix Microsoft-ATP test playbook and update readme file (#7575)

* New pack documentation suggestion (#7255)

* New suggested documentation

* triggers and small indentation fix

* link to playbook readme in pan dev

* Removed visualization title

* visualization = image

* added RN manually

* small change to allow version bump

* reverted

* No need to say that changed readme template

* tweak to how it was

* Skip dedup - generic test (#7590)

* skipping tpb

* Revert "skipping tpb"

This reverts commit 858f9a1b

* skipped test

* removed packs override (#7585)

* Revert "Update XDR_iocs.yml (#7494)" (#7495)

This reverts commit 8c85884a101b35f14589d1d12080118bca09ad60.

* unskip zerofox (#7584)

* unskip zerofox

* test pb update

* Get file sample TF fix (#7594)

* unskip

* moved to non circle tests dir

* moved to global non circle tests dir

* deleted from conf.json

* Nightly failures (#7589)

* Skipped nightly failures

* Un-skipped infoblox

* Skipped tonight's failing tests

* Skipping failing tests

* Skipping failing tests

* Skipped traps

* Skipped traps

* Added timeout to "Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Test - Cofense Intelligence

* Skipped Test - Cofense Intelligence

* Skipped nightly failures

* Skipped nightly test failures

* Un-mocked josecurity

* unskipped akamai

* Flake8 phase6 (#7546)

* vulndb and infoblox lint fixes

* feed azure"

* rns

* revert mispv2 docker update

* fix rns

* Flake8 phase4 (#7542)

* GoogleCloudTranslate lint fixes

* Okta v2 lint fixes

* Okta v2 lint fixes

* JsonWhoIs lint fixes

* GenericSQL lint fixes

* AKAMAI lint fixes

* added dockerimage45

* Revert "added dockerimage45"

This reverts commit f68ccd33

* fix rns

* unskip from nightly (#7596)

* TimeStampCompare empty tag fixed (#7598)

* drained all tags

* docker image update

* changelog update

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* added all level packs dependencies (#7563)

* ThreatX - increase test timeout (#7599)

* increase threatx test timeout

* change timeout to 600 secs

* Flake8 phase12 (#7605)

* OpenLDAP lint fixes

* KennaV2 lint fixes

* Forescout lint fixes

* Flake8 phase5 (#7545)

* Claroty lint fixes

* MongoDB lint fixes

* Tanium lint fixes

* added dockerimage45

* Hello world fixes

* revert dockerimage45

* fix rns

* Mongo lint fixes

* Office365 feed - Updated integration description. (#7606)

* Office 365 Feed - Updated integration description.

* update pack desc

* update dockerimage

* added Full Incident Enrichment (#7034)

* Add PA113 ignore error (#7611)

* Improved bad response handling (#7443)

* Improved bad response handling

Co-authored-by: halpert <haplert@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Uploader - summary fix (#7610)

* fixed summary print

* fixed pack author path

* minor print fixes

* Hod/rtir attachment parsing (#7424)


* Improved attachment parsing

Co-authored-by: halpert <haplert@paloaltonetworks.com>

* EWS v2 - handle exceptions in fetch incidents (#7559)

* raise error str in fetch incidents

* add traceback print

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* reverting unrelated changes (#7591)

* Deprecated old Dedup test playbook (#7586)

* moved tpb

* skipping tpb

* Revert "skipping tpb"

This reverts commit 858f9a1b

* changed test of scripts to v2

* unskipped dedup generic test

* Move RegPathReputationBasicLists test to D2 pack (#7619)

* skipping tpb

* Revert "skipping tpb"

This reverts commit 858f9a1b

* moved tpb to D2 pack

* skip validate files on nightly run (#7617)

* Run zipping packs only on master (#7616)

* run zip_packs only on master

* run zip_packs only on master changes

* skipped test playbooks remove

* cleaning mock debug prints (#7439)

* Changed integrations key to integration (#7566)

* Flake8 phase9 (#7602)

* lint fixes ExtractDomainAndFQDNFromUrlAndEmail_test

* Tanium_v2 lint fixes

* Panorama lint fixes

* ConvertFile_test lint fixes

* FidelisEndpoint lint fixes

* Flake8 phase11 (#7603)

* AttackIQFireDrill lint fixes

* CortexDataLake lint fixes

* ServiceNowv2 lint fixes

* Akamai_WAF lint fixes

* MongoDBLog lint fixes

* revert mongodb

* rm mongo

* Flake8 phase 7 (#7551)

* Crowdstrikefalcon, code42, ms graph calendaer, ms defender atp lint fixes

* Update Packs/Code42/Integrations/Code42/Code42.yml

Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>

* update code42 docker image

* revert code42 docker image

Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>

* Flake8 phase2 (#7521)

* fix rasterize lints

* AlienVault format fixes

* AlienVault and cherwell format fixes

* fix docker images

* remove unwanted changes

* fix rns

* added dockerimage45

* Revert "added dockerimage45"

This reverts commit cbc6487b

* Revert "Revert "added dockerimage45""

This reverts commit 35d3aff2

* fix rns

* remove dockerimage45

* Powershall howto cleanup (#7286)

* Added power-shell automation how-to

* Changed typo in integration key

* Intentionally failed infoblox test to have the machine running

* Intentionally failed infoblox test to have the machine running

* Un-skipped infoblox

* Failed infoblox intentionally

* Edited powershell automation howto

* Edited powershell integration howto

* Fixed typo

* Made sure Infoblox will not fail

* Hello world fetch incidents addition (#7214)

* Added a condition to prevent duplicates

* Changed the unit-test last fetch time

* changelog

* CR fixes

* validate fixes

* Added a new RN version

* Integration instance config (#7422)

* Added %%SERVER_HOST%% placeholder

* changed something in taxii to run test

* minor fix

* moved to the right place

* support for server keys

* support for server keys

* minor fix

* check if server_keys run

* check if server_keys run

* check if server_keys run

* pre-defined integration instance name

* fix for server_keys

* Changed TAXII tpb

* deleting instances by name before creating new ones

* Added logic to test instances as well

* removed the change from TAXII feed

* CR fixes

* merge from master

* Revert "merge from master"

This reverts commit fb869fd8

* Added sleep for TAXII tpb

* Make conf json redundant (#7124)

* Make conf json redundant

* Fix CR

* Fix CR comments

* Added a msg about the number of tests added to the conf.json

* adding artifact + removing from conf.json for testing purposes

* fixing yml structure

* removing old usage

* Update update_conf_json.py

* Update Gmail.yml

* adding nicer print to conf.json update output + reverting the changes to the conf.json

* Mongodb: nested dicts fix (#7625)

* Fixed an issue where nested dictionaries containing a datetime object were not parsed properly.

* fix cr"

* ServiceNow - added retry mechanism for status code 401 (#7614)

* added retry mechanism for status code 403

* remove blank line

* add 401 not authenticated test

* add negative unauthenticated test

* bump pack version

* Adding documentaion

* Support AWS Security Groups with only one ingress rule (#7592) (#7626)

* Support AWS Security Groups with only one inbound rule

* Add release notes to AWS-EC2 pack

* Bump docker image tag to latest

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

Co-authored-by: Lindsey Smith <lindsey.smith@gmail.com>
Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>
Co-authored-by: syaakovi <syaakovi@paloaltonetworks.com>

* Documentation fixes (#7507)

* add image

* update missing image

* fix link

* fix link

* fix links

* fix regexes

* fix links

* fix links

* fix links

* fix links

* fix typo

* secrets

* Fix cfw extra arg (#7628)

* Removed an unused argument ipname from **checkpoint-block-ip** command.

* Deprecate an unused argument ipname from **checkpoint-block-ip** command.

* removed deprecated arg from documentation

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Flake8 phase10 (#7604)

* AutoFocusV2 lint fixes

* MicrosoftGraphFiles_test.py lint fix

* CarbonBlackEnterpriseEDR lint fix

* FeedCofense lint fix

* AzureSentinel_test lint fixes

* csp bugfix (#7472)

* unit test is failing

* bug fix

* updated tests

* docs update

* 1.0.7 RN

* 1.0.8 RN

* 1.0.9 RN

* [HelloWorld] Minor yml update (#7448) (#7630)

* Added additionalinfo tooltip to integration parameters

* updated releasenotes to 1.1.4

* Update Packs/HelloWorld/Integrations/HelloWorld/HelloWorld.yml

* Updated

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

Co-authored-by: Francesco Vigo <fvigo@users.noreply.github.com>
Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Okta zones - playbook and enhancement (#7620)

* Okta zones - playbook and enhancement (#7137)

* Okta V2 - Add commands for Network Zones

* IP Whitelisting - add Okta Zone playbook

* Whitelist playbook - Add Okta

* Okta V2 - fix yaml and secrets ignore

* Added playbook image

* Uploading playbook image

* Added playbook image

* Setting author to Cortex XSOAR

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>

* Removing email contact

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>

* Setting URL in content pack metadata

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>

* Okta V2 Zones fixes + unit tests  + outputs

* Okta V2 test - fix linter error

* IP Whitelist pack - remove depe

* Okta Zone playbook - move to Okta pack and update  readme

* Updated whitelist language

* Updated new content

* Removing pack + okta code fixes

Removing IPWhitelist pack - sorting content into packs

* Commit playbook images

* Okta V2 code fixes

* Egress Playbook fixes

Renamed tasks,  moved group names into playbook inputs

* Update README and images

* Update Okta V2 README with new commands

* Added release notes, fixed integration name in conf.json

* Remove unused import

* Updated release notes.

* Release notes for Legacy pack

* Updating playbook images

* Modified playbook text and READMEs

* Update playbook-IP_Whitelist_-_AWS_Security_Group.yml

* Update playbook-IP_Whitelist_-_GCP_Firewall.yml

* Update Okta_v2.yml

* Update playbook-Allow_IP_-_Okta_Zone.yml

* Update playbook-Allow_IP_-_Okta_Zone_README.md

* Update playbook-Prisma_Access_Whitelist_Egress_IPs_on_SaaS_Services.yml

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* move comparelists

* delete Legacy pack

* fix build

* update version of CommonScripts

Co-authored-by: Lior Kolnik <liorkol@users.noreply.github.com>
Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* SentinelOne v2 - improve date string handling (#7612)

* add test for event with unexpected timeformat

* parse dateoccurred to datetime

* Updated

* bump docker image

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Add ML collect data script (#7621)

* Add ML collect data script

* Add ML collect data scriptAdd ML collect data script

Co-authored-by: eharush <erez@demisto.com>

* Update configure_and_test_integration_instances.py (#7645)

* RedCanary - improve endpoint context standard handling (#7636)

* add test for endpoint without mac address

* improved implementation of get_endpoint_context

* fix flake8 report in unit test

* add condition to check if address_attributes

* Updated.

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* removed resource class (#7642)

* set entities timeframe to 1 hour and skip in case no entities found (#7634)

* SecureWorks - enhance README with incident fetch details (#7595)

* update readme with fetch incidents notes

* update readme with fetch incidents notes

* Fixed recently created release notes files to new standard (#7644)

* Pcapminer v2 post fix (#7150)

* Reopening PR after fix

* revert to preplaybook

* revert to preplaybook + unit test fix

* description

* find path for testdata

* remove rsa_key + try to fix testdata unittest

* unittest fix

* move test file to folder

* unnittest fix

* remove iterate and packets to analyze

* run on a different docker each run

* change Pcap to PCAP + add "All" option for protocol output

* Updated

* Readme

* last additions

* David fixes

* uppercase

* rsa_key fix + Capital PCAP in README

* test fix

* join 2 tests into one

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Added client re-creation to prevent api-key expiration (#7648)

* Added https connection and SSL verification (#7631)

* Added https connection and SSL verification

* added rn

* removed unnecessary keys

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* timestamp_to_datestring uses `utcfromtimestamp` (#7488)

* timestamp_to_datestring uses `utcfromtimestamp` (#7407)

* timestamp_to_datestring uses `utcfromtimestamp`

`timestamp_to_datestring`'s default date format includes Z for the time
zone. However, it uses `datetime.fromtimestamp` which is in localtime.
This yields incorrect results when the default time zone is anything
other than UTC.

The `epochToTimestamp` function in the same file does correctly use
`utcfromtimestamp`. This commit corrects and normalizes the timestamp
processing.

* Added release notes

Co-authored-by: halpert <haplert@paloaltonetworks.com>

* Adding condition for timestamp format

Co-authored-by: Henry Stern <henry@stern.ca>
Co-authored-by: halpert <haplert@paloaltonetworks.com>

* Remove deprecated CloseInvestigation task from playbooks (#7653)

* skipping tpb

* Revert "skipping tpb"

This reverts commit 858f9a1b

* replaced CloseInvestigation tasks with Done section headers

* small fix in TestIsValueInArray

* Add a new pack for HIPAA (#7382)

* Add a new pack for HIPAA

* Changed playbook

* Changed playbook

* Added changelogs

* Created pack release notes.

* Cahngedrelease notes

* Update playbook-HIPAA_-_Breach_Notification.yml

* Updated playbook and layout

* Changed HIPAA pack metadata and change the location of the incident fields.

* Removed test changes

* Removed test changes

* Generated playbook readme

Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* Adding pagination mechanism for url logs request (#7277)

Co-authored-by: halpert <haplert@paloaltonetworks.com>

* symantec dlp: permissions section (#7581)

* dlp permissions section

* Updated

* upate troubleshooting

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Microsoft Defender ATP - set scope to default (#7647)

* updated scope to atp default

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Add Zoom Feed Integration

* Add Zoom Feed Integration

* Change Regex pattern for iipv4cidrRegex

* Add test_playbook id

* Implemented requested changes

* Modify gitignore

* Minor changes

* Update FeedZoom.yml

* Updated

* Updates

* Updated

* Updated validations

Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>
Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com>
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
Co-authored-by: Eddie Lebow <elebow@users.noreply.github.com>
Co-authored-by: Mike Saurbaugh <mike.saurbaugh@cofense.com>
Co-authored-by: Shelly Berman <45915502+Shellyber@users.noreply.github.com>
Co-authored-by: content-bot <55035720+content-bot@users.noreply.github.com>
Co-authored-by: Todd Murchison <toddm92@gmail.com>
Co-authored-by: syaakovi <syaakovi@paloaltonetworks.com>
Co-authored-by: Ido van Dijk <43602124+idovandijk@users.noreply.github.com>
Co-authored-by: altmannyarden <61933087+altmannyarden@users.noreply.github.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>
Co-authored-by: Or Lichter <50324325+orlichter1@users.noreply.github.com>
Co-authored-by: Guy Lichtman <1395797+glicht@users.noreply.github.com>
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
Co-authored-by: eli sharf <esharf@paloaltonetworks.com>
Co-authored-by: esharf <esahrf@paloaltonetworks.com>
Co-authored-by: David Baumstein <51712181+David-BMS@users.noreply.github.com>
Co-authored-by: dbaumstein <dbaumstein@paloaltonetwork.com>
Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com>
Co-authored-by: Lior Blobstein <lblobstein@paloaltonetworks.com>
Co-authored-by: Bar Hochman <11165655+jochman@users.noreply.github.com>
Co-authored-by: Rony Kozakish <37589583+ronykoz@users.noreply.github.com>
Co-authored-by: Timor Eizenman <50326704+teizenman@users.noreply.github.com>
Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>
Co-authored-by: deepinstinctdev <dev@deepinstinct.com>
Co-authored-by: ronykoz <rkozakish@paloaltonetworks.com>
Co-authored-by: reut shalem <50294648+reutshal@users.noreply.github.com>
Co-authored-by: rsagi <rsagi@paloaltonetworks.com>
Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com>
Co-authored-by: Lior Kolnik <liorkol@users.noreply.github.com>
Co-authored-by: Nicholas Ericksen <59053722+nericksen@users.noreply.github.com>
Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: hod <41257953+hod-alpert@users.noreply.github.com>
Co-authored-by: halpert <haplert@paloaltonetworks.com>
Co-authored-by: Guy Freund <53565845+guyfreund@users.noreply.github.com>
Co-authored-by: Yana Orhov <yorhov@paloaltonetworks.com>
Co-authored-by: rshalem <rshalem@paloaltonetworks.com>
Co-authored-by: Ika Gabashvili <45535078+IkaDemisto@users.noreply.github.com>
Co-authored-by: Agam <agam.more@demisto.com>
Co-authored-by: Agam More <agmore@paloaltonetworks.com>
Co-authored-by: hod <halpert@paloaltonetworks.com>
Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com>
Co-authored-by: Gal Rabin <53563021+GalRabin@users.noreply.github.com>
Co-authored-by: avidan-H <46294017+avidan-H@users.noreply.github.com>
Co-authored-by: ikeren <itay@demisto.com>
Co-authored-by: MosheGalitzky <57589449+moishce@users.noreply.github.com>
Co-authored-by: mayagoldb <43776787+mayagoldb@users.noreply.github.com>
Co-authored-by: Bar Chen <54398957+barchen1@users.noreply.github.com>
Co-authored-by: Juliya Smith <yingthi@live.com>
Co-authored-by: Lindsey Smith <lindsey.smith@gmail.com>
Co-authored-by: Francesco Vigo <fvigo@users.noreply.github.com>
Co-authored-by: erezh31 <eharush@paloaltonetworks.com>
Co-authored-by: eharush <erez@demisto.com>
Co-authored-by: Henry Stern <henry@stern.ca>
Co-authored-by: teizenman <teizenman@paloaltonetworks.com>
teizenman added a commit that referenced this pull request Jun 21, 2020
@DctrG @Itay4
@kirbles19 @yaakovi @yuvalbenshalom @bakatzir @elebow @Shellyber @toddm92 @idovandijk @altmannyarden @yaron-libman @orlichter1 @glicht @roysagi @David-BMS @ShahafBenYakir @liorblob @jochman @ronykoz @teizenman @amshamah419 @deepinstinctdev @reutshal @dantavori @liorkol @nericksen @anara123 @hod-alpert @guyfreund @orhovy @IkaDemisto @DeanArbel @GalRabin @avidan-H @moishce-zz @mayagoldb @barchen1 @antazoey @turbodog @fvigo @hstern
Zoom ips (#7413)
80115f4 
* FireEye Helix - fix headers arg processing in search cmd (#7411)

* add unit test for search command with headers arg given

* add unit test for search command with headers arg given

* pass to build_mql_query from search cmd only relevant args and not all

* add default empty string to query arg

* Updated

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Update config.yml (#7412)

* fix print bucket path (#7416)

* [cofense-32] Two new commands and internal refactoring, second PR (#7… (#7346)

* [cofense-32] Two new commands and internal refactoring, second PR (#7104)

* [CofenseTriage] Add new Triage commands

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] WIP tests

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Code style cleanup

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] assorted cleanup WIP

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add test fixtures WIP

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Refactor http_request

- Rename to `triage_request` and rename first parameter to `endpoint`
- Create new function `triage_api_url` to build full URL to a given endpoint
- Refactor and simplify response handling logic

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Refactor `fetch_reports`

No functional changes, except some speedups and a possible bug fix.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Break out TriageReport class

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Break out TriageInstance class

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add TriageReporter class

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Update tests and fixtures

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Rewrite get_report_by_id to use class

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move all classes into one file

The plugin architecture requires it.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Refactor and add test coverage for get_threat_indicators()

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Eleminate unnecessary get_attachment()

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Refactor search_reports and increase test coverage

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Assume /reports/:id always returns an array

Also eliminate unnecessary TriageReporter.from_json() and rename
Triage_reporter.from_id() to .fetch().

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Make test fixture more complicated

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Return actual JSON in to_json()

Also enhance test coverage.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Don't call fetch_reports() in test_function()

Triage always responds with a valid JSON object. There is no need to
perform a second request to test the integration---if Triage responsds
with an OK status, then everything is working.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Store last run data as a JSON blob

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Wrap incident attachment in single-element list

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Update metadata

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Clean up remnants in Legacy pack

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add mypy ignore comments

Mypy has trouble with decorators like lru_cache() in several situations.
Add inline comments to silence spurious linter complaints.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move import after stubs in test

We have to stub demistomock before we import CofenseTriage. That's just how
demistomock works, apparently.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Generate release notes

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move changes to new CofenseTriage 2

Both versions will exist in parallel

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move return_error to highest-level except block

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Update documentation

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Address various linter complaints

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move time constants inline

Also eliminate the time format string in favor of
datetime.datetime.fromisoformat().

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Pass a TriageInstance argument instead of using a module var

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Let exceptions bubble up to main()

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Address more linter complaints

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Rename module to CofenseTriagev2

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Centralize parameter fetching in main()

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add v2 to Tests/conf.json

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Rename more files to have v2 prefix

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add minimum Demisto version

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move test files to root dir of integration

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Remove tests from v1 integration

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Rename Cofense.ThreatIndicators context path

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Additional minor adjustments

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Merge all test files into one

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Stub fileResult more realistically

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Update release notes

on-behalf-of: @Cofense <oss@cofense.com>

Co-authored-by: Mike Saurbaugh <mike.saurbaugh@cofense.com>

* lgtm, docket tag, secrets

* skip, no instance

* pylint

* secrets 101

* rm coverage

* rm secrets

* contrib commits 102

* contrib commits 103

* contrib commits 104

* str -> num

* desc types

* add newline

* add cmd_ex file

* typo

* styling

* add to_json()

* add json.dumps

* add readme, add tpb

* linters

* linters2

* linters3

* mv cofense triage v1 to non circle tests

Co-authored-by: Eddie Lebow <elebow@users.noreply.github.com>
Co-authored-by: Mike Saurbaugh <mike.saurbaugh@cofense.com>

* Fixed server version calculation (#7419)

* Fixed server version calculation

* Fixed some LGTM and pylint comments

* Fix Thread Crash Print (#7417)

* Update test_content.py

* added space

* Fixed bug - CB-Live-Response (#7389)

* Fixed release notes

* Added rn

* Fixed version bump

* Removed unnecessary comment

* Updated.

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Fixed a bug in download malware (#7400)

* Fixed a bug in download malware

* added rn and fixed cr

* old changelog fix

* Updated

* added old changelog

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* new Prisma Cloud remediation additions to GCP playbooks (#7265) (#7395)

* new remediation additions

* update release notes

* update release notes

Co-authored-by: Todd Murchison <toddm92@gmail.com>
Co-authored-by: syaakovi <syaakovi@paloaltonetworks.com>

* CS falconhost threatgraph API support (#7054)

* cs threatgraph API support

* missing dot

* use tabletomarkdown

* cs falconhost threatgraph

* add rn marketplace format

* Updated

* Minor update

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Phishing - Core - Fixed URL screenshots tag + merged 2 conditions + updated pic (#7390)

* Fixed URL screenshots tag + merged 2 conditions + updated pic

* fixed changelogs / rn

* Added new playbook playbook-Illinois_-_Breach_Notification (#7253)

* Added new playbook playbook-Illinois_-_Breach_Notification.yml.
Fixed issues with breach notification playbook.
Added Readme files to breach notification playbooks.

* update release notes.

* update release notes.

* Added the edit layout.

* Added the edit layout.

* Added the edit layout.

* Added the edit layout.

* Added the edit layout.

* Update playbook-Illinois_-_Breach_Notification.yml

* Changed conflicts.

Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* Slack Ask - Add user and response template (#7386)

* change Pcap to PCAP + add "All" option for protocol output

* add changelog

* Updated.

* Updated

* README UPDATE

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* epo update doc with permission info (#7249)

* epo help images

* update images

* epo readme

* typo fix

* add link to epo docs

* fixes from @kirbles19

* Fixing content (#7388)

* fixing several pack validation errors

* fixing extra hop

* added test playbook for joe security playbook

* adding rn

* adding rn

* bumping pack metadata for common reports

* fixing content - additional BA101

* adding XDR iocs pack (#7144)

* adding XDR iocs pack

* code ready exept ioc from xdr to demisto

* last changes

* update YML

* fixup! last changes

* update pack format

* fixing code CR

* adding unit test and small changes

* adding README

* adding description

* adding playbooks

* adding test playbook

* adding test module command

* Updated

* Updated

* Update XDR_iocs_every_minute.yml

* Update XDR_iocs_nightly_job.yml

* Update XDR_iocs.yml

* add to description

* small test change

* adding feedIncremental

* last fix

* fixup! last fix

Co-authored-by: esharf <esahrf@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* Tim indicators exclusion by related incidents (#7127)

* Added new playbook

* Added new playbook

* Updated name.

* Update TIM_-_Indicators_Exclusion_By_Related_Incidents.yml

* Added description.

* Added description.

* Added description.

* Added description.

* Added description.

* Added description.

* Added description.

* Added description.

* Added description.

* Added readme and bumped pack version

* Added readme and bumped pack version

* Improved descriptions.

Co-authored-by: dbaumstein <dbaumstein@paloaltonetwork.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* Red lock token fix (#7408)

* Added support for multi environment instances

* Added RN

* Change RN

* fixed syntax

* fixed syntax

* Added error handling

* Updated

* Updated

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Access Investigation - deprecation & new playbook (#7315)

* Access Investigation - deprecation of old playbook, creation of new playbook

* Access Investigation - deprecation of old playbook, creation of new playbook

* img for readme

* manual RN

* removed rn

* back to old version

* Update Access_Investigation_-_Generic_4_5_CHANGELOG.md

* Update Access_Investigation_-_Generic_CHANGELOG.md

Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* Deprecated scripts comments (#7349)

* Deprecated scripts comments

* typo

* Update deprecated comment.

* Updated

* Updated

* Updated

* Updated

* Updated

* RN

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* JsonWhoIs - fixed error not returned from the integration (#7394)

* JsonWhoIs - fixed error not returned from the integration

* Fix CR

* move error to http request

* error handling

* Updated

* Updated

* Update Packs/JsonWhoIs/Integrations/JsonWhoIs/JsonWhoIs.py

Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>

* fix mypy

* rm mypy ignore

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>

* Added timestamp compare (#7195)

* Added timestamp compare

* fix CR

* Adding timeformat option

* Update TimeStampCompare.yml

* Updated

* Fix UT

* fix yml

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Carbon Black Response - changed dt for File (#7391)

* changed the dt for File

* RN

* Update 1_0_3.md

Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>

* Tim whois playbooks (#7039)

* Added new playbook.

* Update playbook-TIM_-_Process_Domain_Registrar_With_WHOIS.yml

* Added section headers.

* Added tech docs notes.

* Added input and description.

* Update playbook-TIM_-_Process_Domain_Registrar_With_WHOIS.yml

* Added descriptions.

* Added readme.

* Added readme.

* Added png link.

* Added png link.

* Removed changelog.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Change changelog

* Update RNs

* Update RNs

* Multiple playbook changes.

* Updated playbook.

* Updated playbook.

* Added new playbook

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* changed tag name.

* changed tag name.

* changed tag name.

* changed tag name.

* Minor logic change.

* Revert "Minor logic change."

This reverts commit dbfd9598

* Minor logic change.

* Removed list name.

* Removed default delimiter.

* Casing.

* Casing.

* Added description.

* Update playbook-TIM_-_Process_Domains_With_Whois.yml

* Update playbook-TIM_-_Process_Domain_Registrant_With_Whois_README.md

* Update playbook-TIM _-_Process_Domain_Age_With_Whois.yml

* Update playbook-TIM_-_Process_Domain_Registrant_With_Whois.yml

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added image.

Co-authored-by: dbaumstein <dbaumstein@paloaltonetwork.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>
Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* Added tests to phishing pack (#7345)

* Added tests to pack

* Added core

* Moved files back to where they need to be

* new MR for Deep Instinct Integration (#7415)

* new MR for Deep Instinct Integration (#7316)

* new MR for Deep Instinct Integration

* Update pack_metadata.json

* Delete CHANGELOG.md

Co-authored-by: Rony Kozakish <37589583+ronykoz@users.noreply.github.com>

* Update README.md

* Adding skip on the integration

* Fix file name

Co-authored-by: deepinstinctdev <dev@deepinstinct.com>
Co-authored-by: Rony Kozakish <37589583+ronykoz@users.noreply.github.com>
Co-authored-by: ronykoz <rkozakish@paloaltonetworks.com>

* Red Canary - bug fixes in fetch incidents (#7421)

* fetch only ack detections and remove timeline for detection in fetch

* Updated

* Updated

* consider detection as acknoledges if one of the fields exist, not both

* consider detection as acknoledges if one of the fields exist, not both

* consider detection as acknoledges if one of the fields exist, not both

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Updated playbook image (#7423)

* Add whois to autoprocessing (#7428)

* Added sub playbook.

* Added sub playbook.

* Added sub playbook.

* Added sub playbook.

* Added image.

* Added image.

* Removed space.

* Removed space.

Co-authored-by: dbaumstein <dbaumstein@paloaltonetwork.com>

* Fix content packs- Reut (#7341)

* CommonScripts fix

* CommonScripts fix

* CommonScripts fix

* Nist ignore

* sdk version

* Malware ignore errors

* Malware ignore errors

* ignore SC100

* Non-supported pack

* Non-supported pack

* Non-supported pack

* Non-supported pack

* Non-supported pack

Co-authored-by: rsagi <rsagi@paloaltonetworks.com>

* Marketplace step fix (#7425)

* test

* test

* small fix

* Prisma Access - Added tunnel health playbook (#7136) (#7431)

* Prisma Access - Added tunnel health playbook

* Add image file in doc_files

* Added playbook image to README

* Updating playbook image

* Fixes to playbook

Removed Slack task, added remediation recommendations on manual step.

* Updating README

* Update playbook-Prisma_Access_-_Connection_Health_Check_README.md

* Update playbook-Prisma_Access_-_Connection_Health_Check.yml

* Prisma Access - fix sdk validate

Tests conf - fix Prisma Access brand name to remove validate error. yml - fix multiline description.

Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

Co-authored-by: Lior Kolnik <liorkol@users.noreply.github.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>
Co-authored-by: syaakovi <syaakovi@paloaltonetworks.com>

* PCS (Redlock) remediation command (#7270) (#7392)

* Add remediation details command

* Add condition to gracefully handle no remediation details

* Update README.md; Add command_examples.txt

* Clean up context and entry format; Support multiple alert-ids

* Update README.md; Fix lint issues

* Refactor no remediation condition

* Update outputs and README

* Create ReleaseNotes; Update pack_metadata.json

* Fix human readable output; Update README; Update test playbook

* Update instances of RedLock to Prisma Cloud (RedLock)

* Update release notes

* Update Packs/RedLock/TestPlaybooks/playbook-RedLockTest.yml

* Updated

* Updated descriptions for new command

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

Co-authored-by: Nicholas Ericksen <59053722+nericksen@users.noreply.github.com>
Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Print server conf for bucket (#7436)

* removed TestFormatTableValues to check if it solve conflict

* fix typo

* fix typo

* fix new lines

* fix missing "

* fix missing -e

* Access Investigation Generic playbook - refactor filename (#7438)

* change toversion field name

* refactor new access investigation generic playbook name

* revert 4.5 trigger

* fix broken images (#7432)

* Access Investigation - ID fix (#7440)

* emergency ID fix

* empty RN

* Update Packs/AccessInvestigation/ReleaseNotes/1_1_1.md

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* Content additional fix validations (#7445)

* Content additional fix validations

* updating gmail docker image

* Update Packs/Digital_Defense_FrontlineVM/Playbooks/playbook-Digital_Defense_FrontlineVM_-_PAN-OS_block_assets.yml

Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>

* adding changelogs

Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>

* fix lintings (#7454)

* Improved empty response handling (#7296)

Co-authored-by: halpert <haplert@paloaltonetworks.com>

* [Enhancement] Search Search Endpoints By Hash - Carbon Black Response (#7399)

* Deprecated Search Search Endpoints By Hash - Carbon Black Response.
Created new playbook Search Search Endpoints By Hash - Carbon Black Response V2 instead.

* added the playbook image.

* added the playbook image.

* Updated playbook image

* Update playbook-Search_Endpoints_By_Hash_-_Carbon_Black_Response_V2.yml

* Update playbook-Search_Endpoints_By_Hash_-_Generic_V2.yml

* Update playbook-Hunt_Extracted_Hashes.yml

* Update playbook-Search_Endpoints_By_Hash_-_Carbon_Black_Response.yml

* updated release notes

Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* out of skipped tests (#7456)

* out of skipped

* parse email files out of skipped

* Auto detect api modules (#7257)

* changed docker image

* changed docker image

* changed docker image

* changed docker image

* changed docker image

* updated conf json for nightly tests on generic feeds

* updated None to ''

* updated None to ''

* updated conf json

* updated conf json

* updated conf json

* updated conf json

* updated rn

* updated rn

* updated pr

* updated pr

* fixed json ut

* fixed json ut

* fixed json ut

* fixed json ut

* updated pr

* updated pr

* updated pr

* updated pr

* updated pr

Co-authored-by: yorhov <Orekhova97229!>

* small fix in content (#7462)

* unskipping phishlabs (#7455)

* unskipping phishlabs

* fixing test playbook

* RTIR: fix ID header bug (#7453)

* RTIR: Fix ID header

* fix lint and format

* fix flake8

* added rns

* fix cr

* Update 1_0_2.md

Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>

* fortisiem bug fix (#7469)

* disabled the request to trigger an event, made queryData hardcoded

* changelog

* Updated.

* Updated

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* remove old regexes from content (#7398)

* remove old regexes from content

* use demisto-sdk from master

* Update dev-requirements-py3.txt

Co-authored-by: reut shalem <50294648+reutshal@users.noreply.github.com>

* Update dev-requirements-py3.txt

* replace old regexes

* sdk release 1-1-2 test

* sdk release 1-1-2 test

* sdk release 1-1-2 test

* sdk release 1-1-2

Co-authored-by: reut shalem <50294648+reutshal@users.noreply.github.com>
Co-authored-by: rshalem <rshalem@paloaltonetworks.com>

* changing playbook name (#7474)

* changing playbook name

* changing playbook name

* fix rastarize name in core packs list (#7471)

* Nightly Marketplace (#7467)

* remove old regexes from content

* use demisto-sdk from master

* Update dev-requirements-py3.txt

Co-authored-by: reut shalem <50294648+reutshal@users.noreply.github.com>

* Update dev-requirements-py3.txt

* replace old regexes

* use sdk master

* conflicts fix

* changed sdk branch

* changed sdk branch to master

* fixed config.yml, added developerTools pack to packs_to_install

* reduced flake8 version

* moved test playbooks to packs

* removed Extract Indicators From File - test from conf.json

* reverted changes in collect_tests and dev-requirements-py3

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: reut shalem <50294648+reutshal@users.noreply.github.com>
Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>
Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>

* bump content and sha1 versions (#7470)

* reverted instance tests to run on server 5.5 (#7465)

* Return of cofense feed (#7481)

* Updated Cortex XDR IOCs pack names - 20.6.0 (#7437) (#7457)

* Updated Cortex XDR IOCs pack names - 20.6.0 (#7437)

* updated pack name, integration name, and command names of "Cortex XDR - IOC"

* fixed bug

* update tests

* update pack & integration description

* update pack & integration description

* updated descriptions

* update integration format

* fixup! update integration format

* adding ioc triger to push command

* update README

* fix CR

* fixup! fix CR

* Update Packs/XDR_iocs/Integrations/XDR_iocs/XDR_iocs.yml

Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Guy Lichtman <1395797+glicht@users.noreply.github.com>

* update readme with a better description

* updated descriptions and display name in yml

* Update Packs/XDR_iocs/Integrations/XDR_iocs/XDR_iocs.yml

* Update Packs/XDR_iocs/Integrations/XDR_iocs/XDR_iocs.yml

* Apply suggestions from technical writer review

* fix

* fixup! fix

* fixinig

* last fix

* add sleep time

* add sleep time

Co-authored-by: eli sharf <esharf@paloaltonetworks.com>
Co-authored-by: esharf <esahrf@paloaltonetworks.com>
Co-authored-by: Guy Lichtman <1395797+glicht@users.noreply.github.com>

* adding empty release notes

* Update CHANGELOG.md

Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>
Co-authored-by: esharf <esahrf@paloaltonetworks.com>
Co-authored-by: Guy Lichtman <1395797+glicht@users.noreply.github.com>

* deleted Legacy pack (#7463)

* Delete Exchange pack (#7433)

* Add the GetShiftsPerUser automation (#7213)

* Add the GetShiftsPerUser automation

* Add current user to script and fix bad check for GetOnCallHoursPerUser

* Style guides

* Remove unusedimports

* Remove used vars

* Add a better output type

* Fix imports

* Release notes of bug in GetOnCallHoursPerUser

* Fix the tests

* Fix the eslint lines too long

* Fix eslint changelog

* release notes

* docker tags

* Fix the output

* Add related tests

* Add header for the markdown

* Update Packs/ShiftManagement/ReleaseNotes/1_1_0.md

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* Eslint

* Shifts per user

* Trailing whitespace

* RN

* Docker version

* Tests + imports

* Debug tests

* Debug tests 2

* Debug tests 3

* Debug 4

* Debug 5

* Debug 6

* Debug 7

* Debug 8

* Debug 9

* Debug 10

* Debug 12

* Fix mock result

* Fix mock result

* linting

* Flake8

* Updated

* Updated.

Co-authored-by: Agam More <agmore@paloaltonetworks.com>
Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* ignore missing CHANGELOG failures (#7482)

* Update config.yml

* Update config.yml

* demistomock.py formatting (#7483)

* Fixed print when GCS_MARKET_KEY is not set (#7486)

* Fixed print when GCS_MARKET_KEY is not set

* Skipping a step in contribution

Co-authored-by: halpert <haplert@paloaltonetworks.com>

* fixed build images paths (#7450)

* Packs changelog - added build number to display name (#7279)

* added build number to pack changelog

* switched brackets to dash in changelog version

* added versionInfo field

* fixed doc strings

* added versionInfo to unit test

* Nightly failures (#7317)

* Skipped nightly failures

* Un-skipped infoblox

* Skipped tonight's failing tests

* Skipping failing tests

* Skipping failing tests

* Skipped traps

* Skipped traps

* Added timeout to "Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Test - Cofense Intelligence

* Skipped Test - Cofense Intelligence

* Update XDR_iocs.yml (#7494)

* Uploader - changed upload corepacks.json logic (#7487)

* changed upload corepacks.json logic

* added sys.exit(1) in case of failure

* Updated video link for Crisus Management (#7496)

* Updated video link

* moved video to pack readme

* http = https

* fix RNs

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* [New Integration] EWS O365 (OAuth 2) (#7145)

* created new branch with files from original branch

* changed name to EWS O365

* changed app name

* fixed service based and item based commands

* fixed recover_soft_delete_item

* added external files (test playbook, picture detailed description)

* created readme and removed impersonation and mark_as_read fields

* added test infrastructure

* removed dev code

* updated fetch logic to use last_modified_time

* moved files to EWS pack

* added rn and test

* reformatted redame

* removed ews-search-mailboxes

* build fix

* changed insecure logic

* fixed test playbook

* added proxy support

* added constants and max incidents per fetch validation

* style changes + added support for target_mailbox in get_folder and create_folder

* Updated

* moved ews v1 to deprecated

* added docstrings

* added back ews v1 to ews pack - will be moved to deprecated in a future PR

* reverted changes to ewsv2

* removed ErrorInvalidPropertyRequest

* added descriptions for test playbook-EWS_O365_test.yml

* moved description a level deeper

* added test for public folders

* added descriptions to test playbook tasks

* added descriptions to test playbook tasks

* updated docker image

* added fromversion to test playbook

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Removed legacy from special handling in dependencies calculation  (#7493)

* removed legacy from special handling

* fixed unused import

* test_collect_tests_and_content_packs  - Improve packs collecting (#7477)

* sdk release 1-1-2

* sdk release 1-1-2

* sdk release 1-1-2

* check docs upload

* deleted comments

* linting

* linting

* linting

* Fixed UT

* Fixed UT

* Fixed UT

* Fixed UT

* Fixed UT

* Fixed UT

* CR fixes

* CR fixes

* Move default types to content (#7426)

* move system incident types to content

* add release notes

* moved types to correct packs

* updated pack versions

* add DefaultPlaybook to core packs

* update version

* Docs: remove possible errors section (#7381)

* Maltiverse: remove possible errors section

* remove troubleshooting and overview

* Update README.md

* update zabbix

* Securonix already fetched (#7025)

* securonix fetch offset

* changelog

* Added max parameter to the `securonix-list-incidents` command
Added the `max_fetch` parameter to the integration configuration, where the default and maximum value is 50.
Fixed an issue where duplicate incidents where fetched.

* linter 101

* linter 102

* linter 103

* set -> list, dumps the already_fetched

* update RN and README

* update dockerimage

* Update Packs/Securonix/Integrations/Securonix/CHANGELOG.md

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* Update Packs/Securonix/Integrations/Securonix/README.md

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* Update Packs/Securonix/Integrations/Securonix/README.md

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* Update Packs/Securonix/Integrations/Securonix/Securonix.yml

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* add HelloWorld, ExportIndicators, Malware, DefaultPlaybook to core packs (#7504)

* Fix collect tests and content packs  (#7468)

* replaced DocumentationTest with HelloWorld-Test

* test fix

* in progress

* added developertools to packs to install if no tests

* fixed test

* moved GenericSQL test script

* fix typo in DeleteContext file name

* moved auto-extract test script to base pack (next to auto-extract test playbook)

* moved CallTableToMarkdown test script to base pack (next to test playbook)

* UT fix

* UT fix
search_and_install - removed redundant packs from installation list

* reverted deletecontext renaming

* moved CallTableToMarkdown script back to DeveloperTools

* fixed conflicts

* reverted movement of scripts from DeveloperTools

Co-authored-by: syaakovi <syaakovi@paloaltonetworks.com>

* Fix common server python test: (#7311)

* skipping tests

* skipping tests

* Update Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py

Co-authored-by: hod <halpert@paloaltonetworks.com>

Co-authored-by: hod <halpert@paloaltonetworks.com>

* unskip wildfire-test (#7498)

* Add safe get dict to common server python (#7451)

* removed test pbs (#7524)

* increase sshd MaxStartups and restart sshd (#7434)

Co-authored-by: ikeren <itay@demisto.com>

* Create Troubleshooting Section for Packets and Logs README (#7429)

* add troubleshooting section to the RSA NetWitness Packets and Logs integration readme

* README addition minor changes

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* moved deprecated ews integration (#7532)

* added eula link support (#7525)

* demisto-sdk find-dependencies (#7502)

* demisto-sdk find-dependencies

* deleted images.

Co-authored-by: dbaumstein <dbaumstein@paloaltonetwork.com>

* SetGridField - sort columns alphabetically (#7533)

* sort columns alphabetically

* remove print

* update docker image tag and fix lint report in test

* Elasticsearch Feed - fix bug in feed type handling (#7490)

* pass feed type to get_scan_insight_format in fetch indicators cmd

* bump docker image tag

* added default to url arg in url command (#7514)

* fix bug in threat-grid-get-analysis-by-id (#7377)

* fix bug

* fix releasenote

* Joe security bug (#7362)

* Fixed testPlaybook & check if the DBotScore.indicator exists

* delete Joe Security from skipped

* delete Joe Security from skipped

* fix testplaybook

* added changelog

* fix

* fix test playbook

* added releasenote

* fix releasenote

* Update Packs/JoeSecurity/Integrations/JoeSecurity/CHANGELOG.md

Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com>

* BigFix - add get_endpoint_details arg to get-endpoints cmd (#7515)

* split bigfix yml into dir

* parse xml response with utf-8 encoding

* add get_endpoint_details arg to get endpoints cmd

* add get_endpoints_details arg to readme

* fixed lint reports

* Recorded Future Feed - handle sparse response in fetch indicators command (#7414)

* add test for fetch indicators cmd with sparse response

* handle missing fields in iterator

* handle score in case Risk is not returned from iterator

* add release notes

* Update Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture.py

Co-authored-by: Rony Kozakish <37589583+ronykoz@users.noreply.github.com>

Co-authored-by: Rony Kozakish <37589583+ronykoz@users.noreply.github.com>

* fix a bug that test module failed on a delegated mailbox (#7435)

* fix a bug in the test_module

* added releasenote

* added releasenote

* fix releasenote

Co-authored-by: ikeren <itay@demisto.com>

* fix for IsMaliciousIndicatorFound tpb (#7497)

* fix for IsMaliciousIndicatorFound tpb

* Added sleep in TPB

* another sleep

* unskip duo admin tpb (#7499)

* unskip duo admin tpb

* TPB sections now happens one after the other and not at the same time

* Proofpoint Protection Server - use html.parser instead of lxml parser and update required admin role (#7396)

* use html.parser instead of lxml parser and update required admin role

* Updated

* Updated

* Updated

* added 8.14.2 support for smart search

* add new param to readme

* verify pps version param is initialized in the condition

* Update Packs/ProofpointServerProtection/Integrations/ProofpointServerProtection/ProofpointServerProtection.py

Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>

* bump docker image tag

* bump pack version to 1.0.2

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>

* fix akamai instance (#7549)

* Labeled partner packs + cleared packs metadata (#7531)

* cleaned packs metadata json

* labeled partner packs

* Apply suggestions from code review

CR fixes

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>

* additional fixes

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>

* Nightly failures (#7547)

* Skipped nightly failures

* Un-skipped infoblox

* Skipped tonight's failing tests

* Skipping failing tests

* Skipping failing tests

* Skipped traps

* Skipped traps

* Added timeout to "Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Test - Cofense Intelligence

* Skipped Test - Cofense Intelligence

* Skipped nightly failures

* Fix collect packs (#7519)

* replaced DocumentationTest with HelloWorld-Test

* test fix

* in progress

* added developertools to packs to install if no tests

* fixed test

* moved GenericSQL test script

* fix typo in DeleteContext file name

* moved auto-extract test script to base pack (next to auto-extract test playbook)

* moved CallTableToMarkdown test script to base pack (next to test playbook)

* UT fix

* UT fix
search_and_install - removed redundant packs from installation list

* reverted deletecontext renaming

* moved CallTableToMarkdown script back to DeveloperTools

* testing fix

* fixed conflicts

* fix get_packs_of_tested_integrations

* fix get_packs_of_tested_integrations

* reverted movement of scripts from DeveloperTools

* merge from master

* renaming

Co-authored-by: syaakovi <syaakovi@paloaltonetworks.com>

* DefaultPlaybook dependency fixes (#7528)

* DefaultPlaybook dependency fixes

* RN

Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* Flake8 phase3 (#7522)

* Securonix flake8 fixes

* Securonix flake8 fixes

* CofenseTriage lint fixes

* FireEyeHelix lint fixes

* MongoDB lint fixes

* added dockerimage45

* Revert "added dockerimage45"

This reverts commit c882d3e0

* fix rns

* Malware dependency fixes (#7527)

* Malware dependency fixes

* common changed to mandatory

Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* Skip all detonation subplaybooks if unavailable (#7530)

* skip all subplaybooks if unavailable

* deleted random fields

* back to 1.0.0

* RN

* fixed mistake

* fixed mistake

Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* Base installation issue fix (marketplace) (#7544)

* fixed Base installation issue

* test fix

* change get entities timeframe from 1 hour to 1 day (#7557)

* Phishing dependency fixes (#7526)

* Phishing dependency fixes

* common changed to mandatory

Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* Move Redlock integration into PrismaCloud pack (#7464)

* Moved Redlock integration into PrismaCloud pack

* Updated pack release notes

* Updated pack release notes

* Common pb pack dependencies (#7568)

* add dependencies for commonPlaybooks pack

* add CalculateTimeDifference to core packs

* fix in collect_tests (#7565)

* migrate videos to content-assets (#7562)

* Add packs dependencies to all core packs (#7555)

* Add packs to all core packs

* remove display images

* fix json

* Update pack_metadata.json

fix metadata format

Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com>

* Common fixes (#7556)

* Moved folder to common.

* Updated command to SearchIncidentsV2.

* Release notes.

* Release notes.

* Release notes.

* Release notes.

* Release notes.

* Changed task to V2.

* Added to pack ignore.

* Added to pack ignore.

* Added to pack ignore.

* Added to pack ignore.

Co-authored-by: dbaumstein <dbaumstein@paloaltonetwork.com>
Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* Add RP104 to ignore errors for reputations.json file (#7550)

* New playbook for "Malware Playbook - Manual". (#7506)

* New playbook for "Malware Playbook - Manual".

* Changed release notes

* Changed Playbook name to "Malware Investigation - Manual"

* Changed Playbook name to "Malware Investigation - Manual"

* Updated release notes

* Updated release notes

* Changed playbook task names

* CHanged release notes

* Update playbook-Malware_Investigation_-_Manual.yml

Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* Association of fields to all (#7492)

* Associated some fields to all, added new common fields, and ensured everything moves/stays in CommonTypes

* Generate RNs

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>
Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* removed ews o365 from skipped (#7577)

* unskipd msg dvc mngmnt (#7574)

* Code42 fix spellings (#7536) (#7538)

* Correcty mispelling

* Correct misspelling

Co-authored-by: Juliya Smith <yingthi@live.com>

* Added to pack ignore (#7579)

* Powershell improvements (#7479)

* update pwsh tests to user pester 5.0 + allow returnoutputs to use object

* release notes

* release notes

* update docker

* set docker images to pwsh 7

* change to use also default docker

* fix test for pwsh 7

* test also on pwsh 7

* set dockeriamge to 6.2.4

* release notes bump

* bump release notes

* bump

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Skipping subplaybooks for packs if unavailable (#7558)

* Skipping many subplaybooks if unavailable

* Added & commented out unnecessary RN

* Added missing playbooks

* reverted old rn changes

* reverted old rn changes

* reverted old rn changes

* old rn back

* version bump

* version change

Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* sdk release 1-1-3 (#7543)

* sdk release 1-1-3 test

* release 1-1-3 test

* sdk 1-1-3 merge

* IsEnabled additions to playbooks for packs (CommonPlaybooks + Phishing changes) (#7560)

* isenabled fixes

* proper changelog and RN

* imgs

* new image links

* Added another skip and moved subplaybook so it doesn't hide the other

* Merge branch 'master' of https://github.com/demisto/content into playbook-isenabled-changes

# Conflicts:
#	Packs/CommonPlaybooks/Playbooks/playbook-Detonate_File_-_Generic.yml
#	Packs/CommonPlaybooks/pack_metadata.json
#	Packs/Phishing/pack_metadata.json

* Version bump & new RN

* reverted change to old RN (shouldnt change it)

Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* fix Microsoft-ATP test playbook and update readme file (#7575)

* New pack documentation suggestion (#7255)

* New suggested documentation

* triggers and small indentation fix

* link to playbook readme in pan dev

* Removed visualization title

* visualization = image

* added RN manually

* small change to allow version bump

* reverted

* No need to say that changed readme template

* tweak to how it was

* Skip dedup - generic test (#7590)

* skipping tpb

* Revert "skipping tpb"

This reverts commit 858f9a1b

* skipped test

* removed packs override (#7585)

* Revert "Update XDR_iocs.yml (#7494)" (#7495)

This reverts commit 8c85884a101b35f14589d1d12080118bca09ad60.

* unskip zerofox (#7584)

* unskip zerofox

* test pb update

* Get file sample TF fix (#7594)

* unskip

* moved to non circle tests dir

* moved to global non circle tests dir

* deleted from conf.json

* Nightly failures (#7589)

* Skipped nightly failures

* Un-skipped infoblox

* Skipped tonight's failing tests

* Skipping failing tests

* Skipping failing tests

* Skipped traps

* Skipped traps

* Added timeout to "Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Test - Cofense Intelligence

* Skipped Test - Cofense Intelligence

* Skipped nightly failures

* Skipped nightly test failures

* Un-mocked josecurity

* unskipped akamai

* Flake8 phase6 (#7546)

* vulndb and infoblox lint fixes

* feed azure"

* rns

* revert mispv2 docker update

* fix rns

* Flake8 phase4 (#7542)

* GoogleCloudTranslate lint fixes

* Okta v2 lint fixes

* Okta v2 lint fixes

* JsonWhoIs lint fixes

* GenericSQL lint fixes

* AKAMAI lint fixes

* added dockerimage45

* Revert "added dockerimage45"

This reverts commit f68ccd33

* fix rns

* unskip from nightly (#7596)

* TimeStampCompare empty tag fixed (#7598)

* drained all tags

* docker image update

* changelog update

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* added all level packs dependencies (#7563)

* ThreatX - increase test timeout (#7599)

* increase threatx test timeout

* change timeout to 600 secs

* Flake8 phase12 (#7605)

* OpenLDAP lint fixes

* KennaV2 lint fixes

* Forescout lint fixes

* Flake8 phase5 (#7545)

* Claroty lint fixes

* MongoDB lint fixes

* Tanium lint fixes

* added dockerimage45

* Hello world fixes

* revert dockerimage45

* fix rns

* Mongo lint fixes

* Office365 feed - Updated integration description. (#7606)

* Office 365 Feed - Updated integration description.

* update pack desc

* update dockerimage

* added Full Incident Enrichment (#7034)

* Add PA113 ignore error (#7611)

* Improved bad response handling (#7443)

* Improved bad response handling

Co-authored-by: halpert <haplert@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Uploader - summary fix (#7610)

* fixed summary print

* fixed pack author path

* minor print fixes

* Hod/rtir attachment parsing (#7424)


* Improved attachment parsing

Co-authored-by: halpert <haplert@paloaltonetworks.com>

* EWS v2 - handle exceptions in fetch incidents (#7559)

* raise error str in fetch incidents

* add traceback print

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* reverting unrelated changes (#7591)

* Deprecated old Dedup test playbook (#7586)

* moved tpb

* skipping tpb

* Revert "skipping tpb"

This reverts commit 858f9a1b

* changed test of scripts to v2

* unskipped dedup generic test

* Move RegPathReputationBasicLists test to D2 pack (#7619)

* skipping tpb

* Revert "skipping tpb"

This reverts commit 858f9a1b

* moved tpb to D2 pack

* skip validate files on nightly run (#7617)

* Run zipping packs only on master (#7616)

* run zip_packs only on master

* run zip_packs only on master changes

* skipped test playbooks remove

* cleaning mock debug prints (#7439)

* Changed integrations key to integration (#7566)

* Flake8 phase9 (#7602)

* lint fixes ExtractDomainAndFQDNFromUrlAndEmail_test

* Tanium_v2 lint fixes

* Panorama lint fixes

* ConvertFile_test lint fixes

* FidelisEndpoint lint fixes

* Flake8 phase11 (#7603)

* AttackIQFireDrill lint fixes

* CortexDataLake lint fixes

* ServiceNowv2 lint fixes

* Akamai_WAF lint fixes

* MongoDBLog lint fixes

* revert mongodb

* rm mongo

* Flake8 phase 7 (#7551)

* Crowdstrikefalcon, code42, ms graph calendaer, ms defender atp lint fixes

* Update Packs/Code42/Integrations/Code42/Code42.yml

Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>

* update code42 docker image

* revert code42 docker image

Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>

* Flake8 phase2 (#7521)

* fix rasterize lints

* AlienVault format fixes

* AlienVault and cherwell format fixes

* fix docker images

* remove unwanted changes

* fix rns

* added dockerimage45

* Revert "added dockerimage45"

This reverts commit cbc6487b

* Revert "Revert "added dockerimage45""

This reverts commit 35d3aff2

* fix rns

* remove dockerimage45

* Powershall howto cleanup (#7286)

* Added power-shell automation how-to

* Changed typo in integration key

* Intentionally failed infoblox test to have the machine running

* Intentionally failed infoblox test to have the machine running

* Un-skipped infoblox

* Failed infoblox intentionally

* Edited powershell automation howto

* Edited powershell integration howto

* Fixed typo

* Made sure Infoblox will not fail

* Hello world fetch incidents addition (#7214)

* Added a condition to prevent duplicates

* Changed the unit-test last fetch time

* changelog

* CR fixes

* validate fixes

* Added a new RN version

* Integration instance config (#7422)

* Added %%SERVER_HOST%% placeholder

* changed something in taxii to run test

* minor fix

* moved to the right place

* support for server keys

* support for server keys

* minor fix

* check if server_keys run

* check if server_keys run

* check if server_keys run

* pre-defined integration instance name

* fix for server_keys

* Changed TAXII tpb

* deleting instances by name before creating new ones

* Added logic to test instances as well

* removed the change from TAXII feed

* CR fixes

* merge from master

* Revert "merge from master"

This reverts commit fb869fd8

* Added sleep for TAXII tpb

* Make conf json redundant (#7124)

* Make conf json redundant

* Fix CR

* Fix CR comments

* Added a msg about the number of tests added to the conf.json

* adding artifact + removing from conf.json for testing purposes

* fixing yml structure

* removing old usage

* Update update_conf_json.py

* Update Gmail.yml

* adding nicer print to conf.json update output + reverting the changes to the conf.json

* Mongodb: nested dicts fix (#7625)

* Fixed an issue where nested dictionaries containing a datetime object were not parsed properly.

* fix cr"

* ServiceNow - added retry mechanism for status code 401 (#7614)

* added retry mechanism for status code 403

* remove blank line

* add 401 not authenticated test

* add negative unauthenticated test

* bump pack version

* Adding documentaion

* Support AWS Security Groups with only one ingress rule (#7592) (#7626)

* Support AWS Security Groups with only one inbound rule

* Add release notes to AWS-EC2 pack

* Bump docker image tag to latest

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

Co-authored-by: Lindsey Smith <lindsey.smith@gmail.com>
Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>
Co-authored-by: syaakovi <syaakovi@paloaltonetworks.com>

* Documentation fixes (#7507)

* add image

* update missing image

* fix link

* fix link

* fix links

* fix regexes

* fix links

* fix links

* fix links

* fix links

* fix typo

* secrets

* Fix cfw extra arg (#7628)

* Removed an unused argument ipname from **checkpoint-block-ip** command.

* Deprecate an unused argument ipname from **checkpoint-block-ip** command.

* removed deprecated arg from documentation

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Flake8 phase10 (#7604)

* AutoFocusV2 lint fixes

* MicrosoftGraphFiles_test.py lint fix

* CarbonBlackEnterpriseEDR lint fix

* FeedCofense lint fix

* AzureSentinel_test lint fixes

* csp bugfix (#7472)

* unit test is failing

* bug fix

* updated tests

* docs update

* 1.0.7 RN

* 1.0.8 RN

* 1.0.9 RN

* [HelloWorld] Minor yml update (#7448) (#7630)

* Added additionalinfo tooltip to integration parameters

* updated releasenotes to 1.1.4

* Update Packs/HelloWorld/Integrations/HelloWorld/HelloWorld.yml

* Updated

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

Co-authored-by: Francesco Vigo <fvigo@users.noreply.github.com>
Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Okta zones - playbook and enhancement (#7620)

* Okta zones - playbook and enhancement (#7137)

* Okta V2 - Add commands for Network Zones

* IP Whitelisting - add Okta Zone playbook

* Whitelist playbook - Add Okta

* Okta V2 - fix yaml and secrets ignore

* Added playbook image

* Uploading playbook image

* Added playbook image

* Setting author to Cortex XSOAR

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>

* Removing email contact

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>

* Setting URL in content pack metadata

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>

* Okta V2 Zones fixes + unit tests  + outputs

* Okta V2 test - fix linter error

* IP Whitelist pack - remove depe

* Okta Zone playbook - move to Okta pack and update  readme

* Updated whitelist language

* Updated new content

* Removing pack + okta code fixes

Removing IPWhitelist pack - sorting content into packs

* Commit playbook images

* Okta V2 code fixes

* Egress Playbook fixes

Renamed tasks,  moved group names into playbook inputs

* Update README and images

* Update Okta V2 README with new commands

* Added release notes, fixed integration name in conf.json

* Remove unused import

* Updated release notes.

* Release notes for Legacy pack

* Updating playbook images

* Modified playbook text and READMEs

* Update playbook-IP_Whitelist_-_AWS_Security_Group.yml

* Update playbook-IP_Whitelist_-_GCP_Firewall.yml

* Update Okta_v2.yml

* Update playbook-Allow_IP_-_Okta_Zone.yml

* Update playbook-Allow_IP_-_Okta_Zone_README.md

* Update playbook-Prisma_Access_Whitelist_Egress_IPs_on_SaaS_Services.yml

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* move comparelists

* delete Legacy pack

* fix build

* update version of CommonScripts

Co-authored-by: Lior Kolnik <liorkol@users.noreply.github.com>
Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* SentinelOne v2 - improve date string handling (#7612)

* add test for event with unexpected timeformat

* parse dateoccurred to datetime

* Updated

* bump docker image

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Add ML collect data script (#7621)

* Add ML collect data script

* Add ML collect data scriptAdd ML collect data script

Co-authored-by: eharush <erez@demisto.com>

* Update configure_and_test_integration_instances.py (#7645)

* RedCanary - improve endpoint context standard handling (#7636)

* add test for endpoint without mac address

* improved implementation of get_endpoint_context

* fix flake8 report in unit test

* add condition to check if address_attributes

* Updated.

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* removed resource class (#7642)

* set entities timeframe to 1 hour and skip in case no entities found (#7634)

* SecureWorks - enhance README with incident fetch details (#7595)

* update readme with fetch incidents notes

* update readme with fetch incidents notes

* Fixed recently created release notes files to new standard (#7644)

* Pcapminer v2 post fix (#7150)

* Reopening PR after fix

* revert to preplaybook

* revert to preplaybook + unit test fix

* description

* find path for testdata

* remove rsa_key + try to fix testdata unittest

* unittest fix

* move test file to folder

* unnittest fix

* remove iterate and packets to analyze

* run on a different docker each run

* change Pcap to PCAP + add "All" option for protocol output

* Updated

* Readme

* last additions

* David fixes

* uppercase

* rsa_key fix + Capital PCAP in README

* test fix

* join 2 tests into one

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Added client re-creation to prevent api-key expiration (#7648)

* Added https connection and SSL verification (#7631)

* Added https connection and SSL verification

* added rn

* removed unnecessary keys

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* timestamp_to_datestring uses `utcfromtimestamp` (#7488)

* timestamp_to_datestring uses `utcfromtimestamp` (#7407)

* timestamp_to_datestring uses `utcfromtimestamp`

`timestamp_to_datestring`'s default date format includes Z for the time
zone. However, it uses `datetime.fromtimestamp` which is in localtime.
This yields incorrect results when the default time zone is anything
other than UTC.

The `epochToTimestamp` function in the same file does correctly use
`utcfromtimestamp`. This commit corrects and normalizes the timestamp
processing.

* Added release notes

Co-authored-by: halpert <haplert@paloaltonetworks.com>

* Adding condition for timestamp format

Co-authored-by: Henry Stern <henry@stern.ca>
Co-authored-by: halpert <haplert@paloaltonetworks.com>

* Remove deprecated CloseInvestigation task from playbooks (#7653)

* skipping tpb

* Revert "skipping tpb"

This reverts commit 858f9a1b

* replaced CloseInvestigation tasks with Done section headers

* small fix in TestIsValueInArray

* Add a new pack for HIPAA (#7382)

* Add a new pack for HIPAA

* Changed playbook

* Changed playbook

* Added changelogs

* Created pack release notes.

* Cahngedrelease notes

* Update playbook-HIPAA_-_Breach_Notification.yml

* Updated playbook and layout

* Changed HIPAA pack metadata and change the location of the incident fields.

* Removed test changes

* Removed test changes

* Generated playbook readme

Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* Adding pagination mechanism for url logs request (#7277)

Co-authored-by: halpert <haplert@paloaltonetworks.com>

* symantec dlp: permissions section (#7581)

* dlp permissions section

* Updated

* upate troubleshooting

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Microsoft Defender ATP - set scope to default (#7647)

* updated scope to atp default

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Add Zoom Feed Integration

* Add Zoom Feed Integration

* Change Regex pattern for iipv4cidrRegex

* Add test_playbook id

* Implemented requested changes

* Modify gitignore

* Minor changes

* Update FeedZoom.yml

* Updated

* Updates

* Updated

* Updated validations

Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>
Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com>
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
Co-authored-by: Eddie Lebow <elebow@users.noreply.github.com>
Co-authored-by: Mike Saurbaugh <mike.saurbaugh@cofense.com>
Co-authored-by: Shelly Berman <45915502+Shellyber@users.noreply.github.com>
Co-authored-by: content-bot <55035720+content-bot@users.noreply.github.com>
Co-authored-by: Todd Murchison <toddm92@gmail.com>
Co-authored-by: syaakovi <syaakovi@paloaltonetworks.com>
Co-authored-by: Ido van Dijk <43602124+idovandijk@users.noreply.github.com>
Co-authored-by: altmannyarden <61933087+altmannyarden@users.noreply.github.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>
Co-authored-by: Or Lichter <50324325+orlichter1@users.noreply.github.com>
Co-authored-by: Guy Lichtman <1395797+glicht@users.noreply.github.com>
Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>
Co-authored-by: eli sharf <esharf@paloaltonetworks.com>
Co-authored-by: esharf <esahrf@paloaltonetworks.com>
Co-authored-by: David Baumstein <51712181+David-BMS@users.noreply.github.com>
Co-authored-by: dbaumstein <dbaumstein@paloaltonetwork.com>
Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com>
Co-authored-by: Lior Blobstein <lblobstein@paloaltonetworks.com>
Co-authored-by: Bar Hochman <11165655+jochman@users.noreply.github.com>
Co-authored-by: Rony Kozakish <37589583+ronykoz@users.noreply.github.com>
Co-authored-by: Timor Eizenman <50326704+teizenman@users.noreply.github.com>
Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>
Co-authored-by: deepinstinctdev <dev@deepinstinct.com>
Co-authored-by: ronykoz <rkozakish@paloaltonetworks.com>
Co-authored-by: reut shalem <50294648+reutshal@users.noreply.github.com>
Co-authored-by: rsagi <rsagi@paloaltonetworks.com>
Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com>
Co-authored-by: Lior Kolnik <liorkol@users.noreply.github.com>
Co-authored-by: Nicholas Ericksen <59053722+nericksen@users.noreply.github.com>
Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: hod <41257953+hod-alpert@users.noreply.github.com>
Co-authored-by: halpert <haplert@paloaltonetworks.com>
Co-authored-by: Guy Freund <53565845+guyfreund@users.noreply.github.com>
Co-authored-by: Yana Orhov <yorhov@paloaltonetworks.com>
Co-authored-by: rshalem <rshalem@paloaltonetworks.com>
Co-authored-by: Ika Gabashvili <45535078+IkaDemisto@users.noreply.github.com>
Co-authored-by: Agam <agam.more@demisto.com>
Co-authored-by: Agam More <agmore@paloaltonetworks.com>
Co-authored-by: hod <halpert@paloaltonetworks.com>
Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com>
Co-authored-by: Gal Rabin <53563021+GalRabin@users.noreply.github.com>
Co-authored-by: avidan-H <46294017+avidan-H@users.noreply.github.com>
Co-authored-by: ikeren <itay@demisto.com>
Co-authored-by: MosheGalitzky <57589449+moishce@users.noreply.github.com>
Co-authored-by: mayagoldb <43776787+mayagoldb@users.noreply.github.com>
Co-authored-by: Bar Chen <54398957+barchen1@users.noreply.github.com>
Co-authored-by: Juliya Smith <yingthi@live.com>
Co-authored-by: Lindsey Smith <lindsey.smith@gmail.com>
Co-authored-by: Francesco Vigo <fvigo@users.noreply.github.com>
Co-authored-by: erezh31 <eharush@paloaltonetworks.com>
Co-authored-by: eharush <erez@demisto.com>
Co-authored-by: Henry Stern <henry@stern.ca>
Co-authored-by: teizenman <teizenman@paloaltonetworks.com>
ronykoz added a commit that referenced this pull request Jun 21, 2020
@teizenman @Itay4
@kirbles19 @yaakovi @yuvalbenshalom @bakatzir @elebow @Shellyber @toddm92 @idovandijk @altmannyarden @yaron-libman @orlichter1 @glicht @roysagi @David-BMS @ShahafBenYakir @liorblob @jochman @ronykoz @amshamah419 @deepinstinctdev @reutshal @dantavori @liorkol @nericksen @anara123 @hod-alpert @guyfreund @orhovy @IkaDemisto @DeanArbel @GalRabin @avidan-H @moishce-zz @mayagoldb @barchen1 @antazoey @turbodog @fvigo @hstern @gal-berger @singlethreaded
Updates from master zoom ips (#7669)
79a2c22 
* FireEye Helix - fix headers arg processing in search cmd (#7411)

* add unit test for search command with headers arg given

* add unit test for search command with headers arg given

* pass to build_mql_query from search cmd only relevant args and not all

* add default empty string to query arg

* Updated

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Update config.yml (#7412)

* fix print bucket path (#7416)

* [cofense-32] Two new commands and internal refactoring, second PR (#7… (#7346)

* [cofense-32] Two new commands and internal refactoring, second PR (#7104)

* [CofenseTriage] Add new Triage commands

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] WIP tests

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Code style cleanup

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] assorted cleanup WIP

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add test fixtures WIP

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Refactor http_request

- Rename to `triage_request` and rename first parameter to `endpoint`
- Create new function `triage_api_url` to build full URL to a given endpoint
- Refactor and simplify response handling logic

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Refactor `fetch_reports`

No functional changes, except some speedups and a possible bug fix.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Break out TriageReport class

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Break out TriageInstance class

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add TriageReporter class

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Update tests and fixtures

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Rewrite get_report_by_id to use class

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move all classes into one file

The plugin architecture requires it.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Refactor and add test coverage for get_threat_indicators()

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Eleminate unnecessary get_attachment()

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Refactor search_reports and increase test coverage

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Assume /reports/:id always returns an array

Also eliminate unnecessary TriageReporter.from_json() and rename
Triage_reporter.from_id() to .fetch().

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Make test fixture more complicated

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Return actual JSON in to_json()

Also enhance test coverage.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Don't call fetch_reports() in test_function()

Triage always responds with a valid JSON object. There is no need to
perform a second request to test the integration---if Triage responsds
with an OK status, then everything is working.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Store last run data as a JSON blob

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Wrap incident attachment in single-element list

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Update metadata

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Clean up remnants in Legacy pack

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add mypy ignore comments

Mypy has trouble with decorators like lru_cache() in several situations.
Add inline comments to silence spurious linter complaints.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move import after stubs in test

We have to stub demistomock before we import CofenseTriage. That's just how
demistomock works, apparently.

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Generate release notes

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move changes to new CofenseTriage 2

Both versions will exist in parallel

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move return_error to highest-level except block

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Update documentation

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Address various linter complaints

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move time constants inline

Also eliminate the time format string in favor of
datetime.datetime.fromisoformat().

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Pass a TriageInstance argument instead of using a module var

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Let exceptions bubble up to main()

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Address more linter complaints

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Rename module to CofenseTriagev2

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Centralize parameter fetching in main()

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add v2 to Tests/conf.json

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Rename more files to have v2 prefix

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Add minimum Demisto version

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Move test files to root dir of integration

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Remove tests from v1 integration

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Rename Cofense.ThreatIndicators context path

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Additional minor adjustments

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Merge all test files into one

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Stub fileResult more realistically

on-behalf-of: @Cofense <oss@cofense.com>

* [CofenseTriage] Update release notes

on-behalf-of: @Cofense <oss@cofense.com>

Co-authored-by: Mike Saurbaugh <mike.saurbaugh@cofense.com>

* lgtm, docket tag, secrets

* skip, no instance

* pylint

* secrets 101

* rm coverage

* rm secrets

* contrib commits 102

* contrib commits 103

* contrib commits 104

* str -> num

* desc types

* add newline

* add cmd_ex file

* typo

* styling

* add to_json()

* add json.dumps

* add readme, add tpb

* linters

* linters2

* linters3

* mv cofense triage v1 to non circle tests

Co-authored-by: Eddie Lebow <elebow@users.noreply.github.com>
Co-authored-by: Mike Saurbaugh <mike.saurbaugh@cofense.com>

* Fixed server version calculation (#7419)

* Fixed server version calculation

* Fixed some LGTM and pylint comments

* Fix Thread Crash Print (#7417)

* Update test_content.py

* added space

* Fixed bug - CB-Live-Response (#7389)

* Fixed release notes

* Added rn

* Fixed version bump

* Removed unnecessary comment

* Updated.

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Fixed a bug in download malware (#7400)

* Fixed a bug in download malware

* added rn and fixed cr

* old changelog fix

* Updated

* added old changelog

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* new Prisma Cloud remediation additions to GCP playbooks (#7265) (#7395)

* new remediation additions

* update release notes

* update release notes

Co-authored-by: Todd Murchison <toddm92@gmail.com>
Co-authored-by: syaakovi <syaakovi@paloaltonetworks.com>

* CS falconhost threatgraph API support (#7054)

* cs threatgraph API support

* missing dot

* use tabletomarkdown

* cs falconhost threatgraph

* add rn marketplace format

* Updated

* Minor update

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Phishing - Core - Fixed URL screenshots tag + merged 2 conditions + updated pic (#7390)

* Fixed URL screenshots tag + merged 2 conditions + updated pic

* fixed changelogs / rn

* Added new playbook playbook-Illinois_-_Breach_Notification (#7253)

* Added new playbook playbook-Illinois_-_Breach_Notification.yml.
Fixed issues with breach notification playbook.
Added Readme files to breach notification playbooks.

* update release notes.

* update release notes.

* Added the edit layout.

* Added the edit layout.

* Added the edit layout.

* Added the edit layout.

* Added the edit layout.

* Update playbook-Illinois_-_Breach_Notification.yml

* Changed conflicts.

Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* Slack Ask - Add user and response template (#7386)

* change Pcap to PCAP + add "All" option for protocol output

* add changelog

* Updated.

* Updated

* README UPDATE

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* epo update doc with permission info (#7249)

* epo help images

* update images

* epo readme

* typo fix

* add link to epo docs

* fixes from @kirbles19

* Fixing content (#7388)

* fixing several pack validation errors

* fixing extra hop

* added test playbook for joe security playbook

* adding rn

* adding rn

* bumping pack metadata for common reports

* fixing content - additional BA101

* adding XDR iocs pack (#7144)

* adding XDR iocs pack

* code ready exept ioc from xdr to demisto

* last changes

* update YML

* fixup! last changes

* update pack format

* fixing code CR

* adding unit test and small changes

* adding README

* adding description

* adding playbooks

* adding test playbook

* adding test module command

* Updated

* Updated

* Update XDR_iocs_every_minute.yml

* Update XDR_iocs_nightly_job.yml

* Update XDR_iocs.yml

* add to description

* small test change

* adding feedIncremental

* last fix

* fixup! last fix

Co-authored-by: esharf <esahrf@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* Tim indicators exclusion by related incidents (#7127)

* Added new playbook

* Added new playbook

* Updated name.

* Update TIM_-_Indicators_Exclusion_By_Related_Incidents.yml

* Added description.

* Added description.

* Added description.

* Added description.

* Added description.

* Added description.

* Added description.

* Added description.

* Added description.

* Added readme and bumped pack version

* Added readme and bumped pack version

* Improved descriptions.

Co-authored-by: dbaumstein <dbaumstein@paloaltonetwork.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* Red lock token fix (#7408)

* Added support for multi environment instances

* Added RN

* Change RN

* fixed syntax

* fixed syntax

* Added error handling

* Updated

* Updated

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Access Investigation - deprecation & new playbook (#7315)

* Access Investigation - deprecation of old playbook, creation of new playbook

* Access Investigation - deprecation of old playbook, creation of new playbook

* img for readme

* manual RN

* removed rn

* back to old version

* Update Access_Investigation_-_Generic_4_5_CHANGELOG.md

* Update Access_Investigation_-_Generic_CHANGELOG.md

Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* Deprecated scripts comments (#7349)

* Deprecated scripts comments

* typo

* Update deprecated comment.

* Updated

* Updated

* Updated

* Updated

* Updated

* RN

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* JsonWhoIs - fixed error not returned from the integration (#7394)

* JsonWhoIs - fixed error not returned from the integration

* Fix CR

* move error to http request

* error handling

* Updated

* Updated

* Update Packs/JsonWhoIs/Integrations/JsonWhoIs/JsonWhoIs.py

Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>

* fix mypy

* rm mypy ignore

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>

* Added timestamp compare (#7195)

* Added timestamp compare

* fix CR

* Adding timeformat option

* Update TimeStampCompare.yml

* Updated

* Fix UT

* fix yml

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Carbon Black Response - changed dt for File (#7391)

* changed the dt for File

* RN

* Update 1_0_3.md

Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>

* Tim whois playbooks (#7039)

* Added new playbook.

* Update playbook-TIM_-_Process_Domain_Registrar_With_WHOIS.yml

* Added section headers.

* Added tech docs notes.

* Added input and description.

* Update playbook-TIM_-_Process_Domain_Registrar_With_WHOIS.yml

* Added descriptions.

* Added readme.

* Added readme.

* Added png link.

* Added png link.

* Removed changelog.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Multiple playbook changes.

* Change changelog

* Update RNs

* Update RNs

* Multiple playbook changes.

* Updated playbook.

* Updated playbook.

* Added new playbook

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* Added new playbook.

* changed tag name.

* changed tag name.

* changed tag name.

* changed tag name.

* Minor logic change.

* Revert "Minor logic change."

This reverts commit dbfd9598

* Minor logic change.

* Removed list name.

* Removed default delimiter.

* Casing.

* Casing.

* Added description.

* Update playbook-TIM_-_Process_Domains_With_Whois.yml

* Update playbook-TIM_-_Process_Domain_Registrant_With_Whois_README.md

* Update playbook-TIM _-_Process_Domain_Age_With_Whois.yml

* Update playbook-TIM_-_Process_Domain_Registrant_With_Whois.yml

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added readme and bumped pack version

* Added image.

Co-authored-by: dbaumstein <dbaumstein@paloaltonetwork.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>
Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* Added tests to phishing pack (#7345)

* Added tests to pack

* Added core

* Moved files back to where they need to be

* new MR for Deep Instinct Integration (#7415)

* new MR for Deep Instinct Integration (#7316)

* new MR for Deep Instinct Integration

* Update pack_metadata.json

* Delete CHANGELOG.md

Co-authored-by: Rony Kozakish <37589583+ronykoz@users.noreply.github.com>

* Update README.md

* Adding skip on the integration

* Fix file name

Co-authored-by: deepinstinctdev <dev@deepinstinct.com>
Co-authored-by: Rony Kozakish <37589583+ronykoz@users.noreply.github.com>
Co-authored-by: ronykoz <rkozakish@paloaltonetworks.com>

* Red Canary - bug fixes in fetch incidents (#7421)

* fetch only ack detections and remove timeline for detection in fetch

* Updated

* Updated

* consider detection as acknoledges if one of the fields exist, not both

* consider detection as acknoledges if one of the fields exist, not both

* consider detection as acknoledges if one of the fields exist, not both

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Updated playbook image (#7423)

* Add whois to autoprocessing (#7428)

* Added sub playbook.

* Added sub playbook.

* Added sub playbook.

* Added sub playbook.

* Added image.

* Added image.

* Removed space.

* Removed space.

Co-authored-by: dbaumstein <dbaumstein@paloaltonetwork.com>

* Fix content packs- Reut (#7341)

* CommonScripts fix

* CommonScripts fix

* CommonScripts fix

* Nist ignore

* sdk version

* Malware ignore errors

* Malware ignore errors

* ignore SC100

* Non-supported pack

* Non-supported pack

* Non-supported pack

* Non-supported pack

* Non-supported pack

Co-authored-by: rsagi <rsagi@paloaltonetworks.com>

* Marketplace step fix (#7425)

* test

* test

* small fix

* Prisma Access - Added tunnel health playbook (#7136) (#7431)

* Prisma Access - Added tunnel health playbook

* Add image file in doc_files

* Added playbook image to README

* Updating playbook image

* Fixes to playbook

Removed Slack task, added remediation recommendations on manual step.

* Updating README

* Update playbook-Prisma_Access_-_Connection_Health_Check_README.md

* Update playbook-Prisma_Access_-_Connection_Health_Check.yml

* Prisma Access - fix sdk validate

Tests conf - fix Prisma Access brand name to remove validate error. yml - fix multiline description.

Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

Co-authored-by: Lior Kolnik <liorkol@users.noreply.github.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>
Co-authored-by: syaakovi <syaakovi@paloaltonetworks.com>

* PCS (Redlock) remediation command (#7270) (#7392)

* Add remediation details command

* Add condition to gracefully handle no remediation details

* Update README.md; Add command_examples.txt

* Clean up context and entry format; Support multiple alert-ids

* Update README.md; Fix lint issues

* Refactor no remediation condition

* Update outputs and README

* Create ReleaseNotes; Update pack_metadata.json

* Fix human readable output; Update README; Update test playbook

* Update instances of RedLock to Prisma Cloud (RedLock)

* Update release notes

* Update Packs/RedLock/TestPlaybooks/playbook-RedLockTest.yml

* Updated

* Updated descriptions for new command

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

Co-authored-by: Nicholas Ericksen <59053722+nericksen@users.noreply.github.com>
Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Print server conf for bucket (#7436)

* removed TestFormatTableValues to check if it solve conflict

* fix typo

* fix typo

* fix new lines

* fix missing "

* fix missing -e

* Access Investigation Generic playbook - refactor filename (#7438)

* change toversion field name

* refactor new access investigation generic playbook name

* revert 4.5 trigger

* fix broken images (#7432)

* Access Investigation - ID fix (#7440)

* emergency ID fix

* empty RN

* Update Packs/AccessInvestigation/ReleaseNotes/1_1_1.md

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* Content additional fix validations (#7445)

* Content additional fix validations

* updating gmail docker image

* Update Packs/Digital_Defense_FrontlineVM/Playbooks/playbook-Digital_Defense_FrontlineVM_-_PAN-OS_block_assets.yml

Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>

* adding changelogs

Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>

* fix lintings (#7454)

* Improved empty response handling (#7296)

Co-authored-by: halpert <haplert@paloaltonetworks.com>

* [Enhancement] Search Search Endpoints By Hash - Carbon Black Response (#7399)

* Deprecated Search Search Endpoints By Hash - Carbon Black Response.
Created new playbook Search Search Endpoints By Hash - Carbon Black Response V2 instead.

* added the playbook image.

* added the playbook image.

* Updated playbook image

* Update playbook-Search_Endpoints_By_Hash_-_Carbon_Black_Response_V2.yml

* Update playbook-Search_Endpoints_By_Hash_-_Generic_V2.yml

* Update playbook-Hunt_Extracted_Hashes.yml

* Update playbook-Search_Endpoints_By_Hash_-_Carbon_Black_Response.yml

* updated release notes

Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* out of skipped tests (#7456)

* out of skipped

* parse email files out of skipped

* Auto detect api modules (#7257)

* changed docker image

* changed docker image

* changed docker image

* changed docker image

* changed docker image

* updated conf json for nightly tests on generic feeds

* updated None to ''

* updated None to ''

* updated conf json

* updated conf json

* updated conf json

* updated conf json

* updated rn

* updated rn

* updated pr

* updated pr

* fixed json ut

* fixed json ut

* fixed json ut

* fixed json ut

* updated pr

* updated pr

* updated pr

* updated pr

* updated pr

Co-authored-by: yorhov <Orekhova97229!>

* small fix in content (#7462)

* unskipping phishlabs (#7455)

* unskipping phishlabs

* fixing test playbook

* RTIR: fix ID header bug (#7453)

* RTIR: Fix ID header

* fix lint and format

* fix flake8

* added rns

* fix cr

* Update 1_0_2.md

Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com>

* fortisiem bug fix (#7469)

* disabled the request to trigger an event, made queryData hardcoded

* changelog

* Updated.

* Updated

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* remove old regexes from content (#7398)

* remove old regexes from content

* use demisto-sdk from master

* Update dev-requirements-py3.txt

Co-authored-by: reut shalem <50294648+reutshal@users.noreply.github.com>

* Update dev-requirements-py3.txt

* replace old regexes

* sdk release 1-1-2 test

* sdk release 1-1-2 test

* sdk release 1-1-2 test

* sdk release 1-1-2

Co-authored-by: reut shalem <50294648+reutshal@users.noreply.github.com>
Co-authored-by: rshalem <rshalem@paloaltonetworks.com>

* changing playbook name (#7474)

* changing playbook name

* changing playbook name

* fix rastarize name in core packs list (#7471)

* Nightly Marketplace (#7467)

* remove old regexes from content

* use demisto-sdk from master

* Update dev-requirements-py3.txt

Co-authored-by: reut shalem <50294648+reutshal@users.noreply.github.com>

* Update dev-requirements-py3.txt

* replace old regexes

* use sdk master

* conflicts fix

* changed sdk branch

* changed sdk branch to master

* fixed config.yml, added developerTools pack to packs_to_install

* reduced flake8 version

* moved test playbooks to packs

* removed Extract Indicators From File - test from conf.json

* reverted changes in collect_tests and dev-requirements-py3

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: reut shalem <50294648+reutshal@users.noreply.github.com>
Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>
Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>

* bump content and sha1 versions (#7470)

* reverted instance tests to run on server 5.5 (#7465)

* Return of cofense feed (#7481)

* Updated Cortex XDR IOCs pack names - 20.6.0 (#7437) (#7457)

* Updated Cortex XDR IOCs pack names - 20.6.0 (#7437)

* updated pack name, integration name, and command names of "Cortex XDR - IOC"

* fixed bug

* update tests

* update pack & integration description

* update pack & integration description

* updated descriptions

* update integration format

* fixup! update integration format

* adding ioc triger to push command

* update README

* fix CR

* fixup! fix CR

* Update Packs/XDR_iocs/Integrations/XDR_iocs/XDR_iocs.yml

Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Guy Lichtman <1395797+glicht@users.noreply.github.com>

* update readme with a better description

* updated descriptions and display name in yml

* Update Packs/XDR_iocs/Integrations/XDR_iocs/XDR_iocs.yml

* Update Packs/XDR_iocs/Integrations/XDR_iocs/XDR_iocs.yml

* Apply suggestions from technical writer review

* fix

* fixup! fix

* fixinig

* last fix

* add sleep time

* add sleep time

Co-authored-by: eli sharf <esharf@paloaltonetworks.com>
Co-authored-by: esharf <esahrf@paloaltonetworks.com>
Co-authored-by: Guy Lichtman <1395797+glicht@users.noreply.github.com>

* adding empty release notes

* Update CHANGELOG.md

Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>
Co-authored-by: esharf <esahrf@paloaltonetworks.com>
Co-authored-by: Guy Lichtman <1395797+glicht@users.noreply.github.com>

* deleted Legacy pack (#7463)

* Delete Exchange pack (#7433)

* Add the GetShiftsPerUser automation (#7213)

* Add the GetShiftsPerUser automation

* Add current user to script and fix bad check for GetOnCallHoursPerUser

* Style guides

* Remove unusedimports

* Remove used vars

* Add a better output type

* Fix imports

* Release notes of bug in GetOnCallHoursPerUser

* Fix the tests

* Fix the eslint lines too long

* Fix eslint changelog

* release notes

* docker tags

* Fix the output

* Add related tests

* Add header for the markdown

* Update Packs/ShiftManagement/ReleaseNotes/1_1_0.md

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* Eslint

* Shifts per user

* Trailing whitespace

* RN

* Docker version

* Tests + imports

* Debug tests

* Debug tests 2

* Debug tests 3

* Debug 4

* Debug 5

* Debug 6

* Debug 7

* Debug 8

* Debug 9

* Debug 10

* Debug 12

* Fix mock result

* Fix mock result

* linting

* Flake8

* Updated

* Updated.

Co-authored-by: Agam More <agmore@paloaltonetworks.com>
Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* ignore missing CHANGELOG failures (#7482)

* Update config.yml

* Update config.yml

* demistomock.py formatting (#7483)

* Fixed print when GCS_MARKET_KEY is not set (#7486)

* Fixed print when GCS_MARKET_KEY is not set

* Skipping a step in contribution

Co-authored-by: halpert <haplert@paloaltonetworks.com>

* fixed build images paths (#7450)

* Packs changelog - added build number to display name (#7279)

* added build number to pack changelog

* switched brackets to dash in changelog version

* added versionInfo field

* fixed doc strings

* added versionInfo to unit test

* Nightly failures (#7317)

* Skipped nightly failures

* Un-skipped infoblox

* Skipped tonight's failing tests

* Skipping failing tests

* Skipping failing tests

* Skipped traps

* Skipped traps

* Added timeout to "Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Test - Cofense Intelligence

* Skipped Test - Cofense Intelligence

* Update XDR_iocs.yml (#7494)

* Uploader - changed upload corepacks.json logic (#7487)

* changed upload corepacks.json logic

* added sys.exit(1) in case of failure

* Updated video link for Crisus Management (#7496)

* Updated video link

* moved video to pack readme

* http = https

* fix RNs

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* [New Integration] EWS O365 (OAuth 2) (#7145)

* created new branch with files from original branch

* changed name to EWS O365

* changed app name

* fixed service based and item based commands

* fixed recover_soft_delete_item

* added external files (test playbook, picture detailed description)

* created readme and removed impersonation and mark_as_read fields

* added test infrastructure

* removed dev code

* updated fetch logic to use last_modified_time

* moved files to EWS pack

* added rn and test

* reformatted redame

* removed ews-search-mailboxes

* build fix

* changed insecure logic

* fixed test playbook

* added proxy support

* added constants and max incidents per fetch validation

* style changes + added support for target_mailbox in get_folder and create_folder

* Updated

* moved ews v1 to deprecated

* added docstrings

* added back ews v1 to ews pack - will be moved to deprecated in a future PR

* reverted changes to ewsv2

* removed ErrorInvalidPropertyRequest

* added descriptions for test playbook-EWS_O365_test.yml

* moved description a level deeper

* added test for public folders

* added descriptions to test playbook tasks

* added descriptions to test playbook tasks

* updated docker image

* added fromversion to test playbook

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Removed legacy from special handling in dependencies calculation  (#7493)

* removed legacy from special handling

* fixed unused import

* test_collect_tests_and_content_packs  - Improve packs collecting (#7477)

* sdk release 1-1-2

* sdk release 1-1-2

* sdk release 1-1-2

* check docs upload

* deleted comments

* linting

* linting

* linting

* Fixed UT

* Fixed UT

* Fixed UT

* Fixed UT

* Fixed UT

* Fixed UT

* CR fixes

* CR fixes

* Move default types to content (#7426)

* move system incident types to content

* add release notes

* moved types to correct packs

* updated pack versions

* add DefaultPlaybook to core packs

* update version

* Docs: remove possible errors section (#7381)

* Maltiverse: remove possible errors section

* remove troubleshooting and overview

* Update README.md

* update zabbix

* Securonix already fetched (#7025)

* securonix fetch offset

* changelog

* Added max parameter to the `securonix-list-incidents` command
Added the `max_fetch` parameter to the integration configuration, where the default and maximum value is 50.
Fixed an issue where duplicate incidents where fetched.

* linter 101

* linter 102

* linter 103

* set -> list, dumps the already_fetched

* update RN and README

* update dockerimage

* Update Packs/Securonix/Integrations/Securonix/CHANGELOG.md

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* Update Packs/Securonix/Integrations/Securonix/README.md

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* Update Packs/Securonix/Integrations/Securonix/README.md

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* Update Packs/Securonix/Integrations/Securonix/Securonix.yml

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

* add HelloWorld, ExportIndicators, Malware, DefaultPlaybook to core packs (#7504)

* Fix collect tests and content packs  (#7468)

* replaced DocumentationTest with HelloWorld-Test

* test fix

* in progress

* added developertools to packs to install if no tests

* fixed test

* moved GenericSQL test script

* fix typo in DeleteContext file name

* moved auto-extract test script to base pack (next to auto-extract test playbook)

* moved CallTableToMarkdown test script to base pack (next to test playbook)

* UT fix

* UT fix
search_and_install - removed redundant packs from installation list

* reverted deletecontext renaming

* moved CallTableToMarkdown script back to DeveloperTools

* fixed conflicts

* reverted movement of scripts from DeveloperTools

Co-authored-by: syaakovi <syaakovi@paloaltonetworks.com>

* Fix common server python test: (#7311)

* skipping tests

* skipping tests

* Update Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py

Co-authored-by: hod <halpert@paloaltonetworks.com>

Co-authored-by: hod <halpert@paloaltonetworks.com>

* unskip wildfire-test (#7498)

* Add safe get dict to common server python (#7451)

* removed test pbs (#7524)

* increase sshd MaxStartups and restart sshd (#7434)

Co-authored-by: ikeren <itay@demisto.com>

* Create Troubleshooting Section for Packets and Logs README (#7429)

* add troubleshooting section to the RSA NetWitness Packets and Logs integration readme

* README addition minor changes

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* moved deprecated ews integration (#7532)

* added eula link support (#7525)

* demisto-sdk find-dependencies (#7502)

* demisto-sdk find-dependencies

* deleted images.

Co-authored-by: dbaumstein <dbaumstein@paloaltonetwork.com>

* SetGridField - sort columns alphabetically (#7533)

* sort columns alphabetically

* remove print

* update docker image tag and fix lint report in test

* Elasticsearch Feed - fix bug in feed type handling (#7490)

* pass feed type to get_scan_insight_format in fetch indicators cmd

* bump docker image tag

* added default to url arg in url command (#7514)

* fix bug in threat-grid-get-analysis-by-id (#7377)

* fix bug

* fix releasenote

* Joe security bug (#7362)

* Fixed testPlaybook & check if the DBotScore.indicator exists

* delete Joe Security from skipped

* delete Joe Security from skipped

* fix testplaybook

* added changelog

* fix

* fix test playbook

* added releasenote

* fix releasenote

* Update Packs/JoeSecurity/Integrations/JoeSecurity/CHANGELOG.md

Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com>

* BigFix - add get_endpoint_details arg to get-endpoints cmd (#7515)

* split bigfix yml into dir

* parse xml response with utf-8 encoding

* add get_endpoint_details arg to get endpoints cmd

* add get_endpoints_details arg to readme

* fixed lint reports

* Recorded Future Feed - handle sparse response in fetch indicators command (#7414)

* add test for fetch indicators cmd with sparse response

* handle missing fields in iterator

* handle score in case Risk is not returned from iterator

* add release notes

* Update Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture.py

Co-authored-by: Rony Kozakish <37589583+ronykoz@users.noreply.github.com>

Co-authored-by: Rony Kozakish <37589583+ronykoz@users.noreply.github.com>

* fix a bug that test module failed on a delegated mailbox (#7435)

* fix a bug in the test_module

* added releasenote

* added releasenote

* fix releasenote

Co-authored-by: ikeren <itay@demisto.com>

* fix for IsMaliciousIndicatorFound tpb (#7497)

* fix for IsMaliciousIndicatorFound tpb

* Added sleep in TPB

* another sleep

* unskip duo admin tpb (#7499)

* unskip duo admin tpb

* TPB sections now happens one after the other and not at the same time

* Proofpoint Protection Server - use html.parser instead of lxml parser and update required admin role (#7396)

* use html.parser instead of lxml parser and update required admin role

* Updated

* Updated

* Updated

* added 8.14.2 support for smart search

* add new param to readme

* verify pps version param is initialized in the condition

* Update Packs/ProofpointServerProtection/Integrations/ProofpointServerProtection/ProofpointServerProtection.py

Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>

* bump docker image tag

* bump pack version to 1.0.2

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>

* fix akamai instance (#7549)

* Labeled partner packs + cleared packs metadata (#7531)

* cleaned packs metadata json

* labeled partner packs

* Apply suggestions from code review

CR fixes

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>

* additional fixes

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>

* Nightly failures (#7547)

* Skipped nightly failures

* Un-skipped infoblox

* Skipped tonight's failing tests

* Skipping failing tests

* Skipping failing tests

* Skipped traps

* Skipped traps

* Added timeout to "Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Test - Cofense Intelligence

* Skipped Test - Cofense Intelligence

* Skipped nightly failures

* Fix collect packs (#7519)

* replaced DocumentationTest with HelloWorld-Test

* test fix

* in progress

* added developertools to packs to install if no tests

* fixed test

* moved GenericSQL test script

* fix typo in DeleteContext file name

* moved auto-extract test script to base pack (next to auto-extract test playbook)

* moved CallTableToMarkdown test script to base pack (next to test playbook)

* UT fix

* UT fix
search_and_install - removed redundant packs from installation list

* reverted deletecontext renaming

* moved CallTableToMarkdown script back to DeveloperTools

* testing fix

* fixed conflicts

* fix get_packs_of_tested_integrations

* fix get_packs_of_tested_integrations

* reverted movement of scripts from DeveloperTools

* merge from master

* renaming

Co-authored-by: syaakovi <syaakovi@paloaltonetworks.com>

* DefaultPlaybook dependency fixes (#7528)

* DefaultPlaybook dependency fixes

* RN

Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* Flake8 phase3 (#7522)

* Securonix flake8 fixes

* Securonix flake8 fixes

* CofenseTriage lint fixes

* FireEyeHelix lint fixes

* MongoDB lint fixes

* added dockerimage45

* Revert "added dockerimage45"

This reverts commit c882d3e0

* fix rns

* Malware dependency fixes (#7527)

* Malware dependency fixes

* common changed to mandatory

Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* Skip all detonation subplaybooks if unavailable (#7530)

* skip all subplaybooks if unavailable

* deleted random fields

* back to 1.0.0

* RN

* fixed mistake

* fixed mistake

Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* Base installation issue fix (marketplace) (#7544)

* fixed Base installation issue

* test fix

* change get entities timeframe from 1 hour to 1 day (#7557)

* Phishing dependency fixes (#7526)

* Phishing dependency fixes

* common changed to mandatory

Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* Move Redlock integration into PrismaCloud pack (#7464)

* Moved Redlock integration into PrismaCloud pack

* Updated pack release notes

* Updated pack release notes

* Common pb pack dependencies (#7568)

* add dependencies for commonPlaybooks pack

* add CalculateTimeDifference to core packs

* fix in collect_tests (#7565)

* migrate videos to content-assets (#7562)

* Add packs dependencies to all core packs (#7555)

* Add packs to all core packs

* remove display images

* fix json

* Update pack_metadata.json

fix metadata format

Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com>

* Common fixes (#7556)

* Moved folder to common.

* Updated command to SearchIncidentsV2.

* Release notes.

* Release notes.

* Release notes.

* Release notes.

* Release notes.

* Changed task to V2.

* Added to pack ignore.

* Added to pack ignore.

* Added to pack ignore.

* Added to pack ignore.

Co-authored-by: dbaumstein <dbaumstein@paloaltonetwork.com>
Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* Add RP104 to ignore errors for reputations.json file (#7550)

* New playbook for "Malware Playbook - Manual". (#7506)

* New playbook for "Malware Playbook - Manual".

* Changed release notes

* Changed Playbook name to "Malware Investigation - Manual"

* Changed Playbook name to "Malware Investigation - Manual"

* Updated release notes

* Updated release notes

* Changed playbook task names

* CHanged release notes

* Update playbook-Malware_Investigation_-_Manual.yml

Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* Association of fields to all (#7492)

* Associated some fields to all, added new common fields, and ensured everything moves/stays in CommonTypes

* Generate RNs

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>
Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* removed ews o365 from skipped (#7577)

* unskipd msg dvc mngmnt (#7574)

* Code42 fix spellings (#7536) (#7538)

* Correcty mispelling

* Correct misspelling

Co-authored-by: Juliya Smith <yingthi@live.com>

* Added to pack ignore (#7579)

* Powershell improvements (#7479)

* update pwsh tests to user pester 5.0 + allow returnoutputs to use object

* release notes

* release notes

* update docker

* set docker images to pwsh 7

* change to use also default docker

* fix test for pwsh 7

* test also on pwsh 7

* set dockeriamge to 6.2.4

* release notes bump

* bump release notes

* bump

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Skipping subplaybooks for packs if unavailable (#7558)

* Skipping many subplaybooks if unavailable

* Added & commented out unnecessary RN

* Added missing playbooks

* reverted old rn changes

* reverted old rn changes

* reverted old rn changes

* old rn back

* version bump

* version change

Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* sdk release 1-1-3 (#7543)

* sdk release 1-1-3 test

* release 1-1-3 test

* sdk 1-1-3 merge

* IsEnabled additions to playbooks for packs (CommonPlaybooks + Phishing changes) (#7560)

* isenabled fixes

* proper changelog and RN

* imgs

* new image links

* Added another skip and moved subplaybook so it doesn't hide the other

* Merge branch 'master' of https://github.com/demisto/content into playbook-isenabled-changes

# Conflicts:
#	Packs/CommonPlaybooks/Playbooks/playbook-Detonate_File_-_Generic.yml
#	Packs/CommonPlaybooks/pack_metadata.json
#	Packs/Phishing/pack_metadata.json

* Version bump & new RN

* reverted change to old RN (shouldnt change it)

Co-authored-by: ybenshalom <ybenshalom@paloaltonetworks.com>

* fix Microsoft-ATP test playbook and update readme file (#7575)

* New pack documentation suggestion (#7255)

* New suggested documentation

* triggers and small indentation fix

* link to playbook readme in pan dev

* Removed visualization title

* visualization = image

* added RN manually

* small change to allow version bump

* reverted

* No need to say that changed readme template

* tweak to how it was

* Skip dedup - generic test (#7590)

* skipping tpb

* Revert "skipping tpb"

This reverts commit 858f9a1b

* skipped test

* removed packs override (#7585)

* Revert "Update XDR_iocs.yml (#7494)" (#7495)

This reverts commit 8c85884a101b35f14589d1d12080118bca09ad60.

* unskip zerofox (#7584)

* unskip zerofox

* test pb update

* Get file sample TF fix (#7594)

* unskip

* moved to non circle tests dir

* moved to global non circle tests dir

* deleted from conf.json

* Nightly failures (#7589)

* Skipped nightly failures

* Un-skipped infoblox

* Skipped tonight's failing tests

* Skipping failing tests

* Skipping failing tests

* Skipped traps

* Skipped traps

* Added timeout to "Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Digital Defense FrontlineVM - Scan Asset Not Recently Scanned Test

* Skipped Test - Cofense Intelligence

* Skipped Test - Cofense Intelligence

* Skipped nightly failures

* Skipped nightly test failures

* Un-mocked josecurity

* unskipped akamai

* Flake8 phase6 (#7546)

* vulndb and infoblox lint fixes

* feed azure"

* rns

* revert mispv2 docker update

* fix rns

* Flake8 phase4 (#7542)

* GoogleCloudTranslate lint fixes

* Okta v2 lint fixes

* Okta v2 lint fixes

* JsonWhoIs lint fixes

* GenericSQL lint fixes

* AKAMAI lint fixes

* added dockerimage45

* Revert "added dockerimage45"

This reverts commit f68ccd33

* fix rns

* unskip from nightly (#7596)

* TimeStampCompare empty tag fixed (#7598)

* drained all tags

* docker image update

* changelog update

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* added all level packs dependencies (#7563)

* ThreatX - increase test timeout (#7599)

* increase threatx test timeout

* change timeout to 600 secs

* Flake8 phase12 (#7605)

* OpenLDAP lint fixes

* KennaV2 lint fixes

* Forescout lint fixes

* Flake8 phase5 (#7545)

* Claroty lint fixes

* MongoDB lint fixes

* Tanium lint fixes

* added dockerimage45

* Hello world fixes

* revert dockerimage45

* fix rns

* Mongo lint fixes

* Office365 feed - Updated integration description. (#7606)

* Office 365 Feed - Updated integration description.

* update pack desc

* update dockerimage

* added Full Incident Enrichment (#7034)

* Add PA113 ignore error (#7611)

* Improved bad response handling (#7443)

* Improved bad response handling

Co-authored-by: halpert <haplert@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Uploader - summary fix (#7610)

* fixed summary print

* fixed pack author path

* minor print fixes

* Hod/rtir attachment parsing (#7424)


* Improved attachment parsing

Co-authored-by: halpert <haplert@paloaltonetworks.com>

* EWS v2 - handle exceptions in fetch incidents (#7559)

* raise error str in fetch incidents

* add traceback print

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* reverting unrelated changes (#7591)

* Deprecated old Dedup test playbook (#7586)

* moved tpb

* skipping tpb

* Revert "skipping tpb"

This reverts commit 858f9a1b

* changed test of scripts to v2

* unskipped dedup generic test

* Move RegPathReputationBasicLists test to D2 pack (#7619)

* skipping tpb

* Revert "skipping tpb"

This reverts commit 858f9a1b

* moved tpb to D2 pack

* skip validate files on nightly run (#7617)

* Run zipping packs only on master (#7616)

* run zip_packs only on master

* run zip_packs only on master changes

* skipped test playbooks remove

* cleaning mock debug prints (#7439)

* Changed integrations key to integration (#7566)

* Flake8 phase9 (#7602)

* lint fixes ExtractDomainAndFQDNFromUrlAndEmail_test

* Tanium_v2 lint fixes

* Panorama lint fixes

* ConvertFile_test lint fixes

* FidelisEndpoint lint fixes

* Flake8 phase11 (#7603)

* AttackIQFireDrill lint fixes

* CortexDataLake lint fixes

* ServiceNowv2 lint fixes

* Akamai_WAF lint fixes

* MongoDBLog lint fixes

* revert mongodb

* rm mongo

* Flake8 phase 7 (#7551)

* Crowdstrikefalcon, code42, ms graph calendaer, ms defender atp lint fixes

* Update Packs/Code42/Integrations/Code42/Code42.yml

Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>

* update code42 docker image

* revert code42 docker image

Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>

* Flake8 phase2 (#7521)

* fix rasterize lints

* AlienVault format fixes

* AlienVault and cherwell format fixes

* fix docker images

* remove unwanted changes

* fix rns

* added dockerimage45

* Revert "added dockerimage45"

This reverts commit cbc6487b

* Revert "Revert "added dockerimage45""

This reverts commit 35d3aff2

* fix rns

* remove dockerimage45

* Powershall howto cleanup (#7286)

* Added power-shell automation how-to

* Changed typo in integration key

* Intentionally failed infoblox test to have the machine running

* Intentionally failed infoblox test to have the machine running

* Un-skipped infoblox

* Failed infoblox intentionally

* Edited powershell automation howto

* Edited powershell integration howto

* Fixed typo

* Made sure Infoblox will not fail

* Hello world fetch incidents addition (#7214)

* Added a condition to prevent duplicates

* Changed the unit-test last fetch time

* changelog

* CR fixes

* validate fixes

* Added a new RN version

* Integration instance config (#7422)

* Added %%SERVER_HOST%% placeholder

* changed something in taxii to run test

* minor fix

* moved to the right place

* support for server keys

* support for server keys

* minor fix

* check if server_keys run

* check if server_keys run

* check if server_keys run

* pre-defined integration instance name

* fix for server_keys

* Changed TAXII tpb

* deleting instances by name before creating new ones

* Added logic to test instances as well

* removed the change from TAXII feed

* CR fixes

* merge from master

* Revert "merge from master"

This reverts commit fb869fd8

* Added sleep for TAXII tpb

* Make conf json redundant (#7124)

* Make conf json redundant

* Fix CR

* Fix CR comments

* Added a msg about the number of tests added to the conf.json

* adding artifact + removing from conf.json for testing purposes

* fixing yml structure

* removing old usage

* Update update_conf_json.py

* Update Gmail.yml

* adding nicer print to conf.json update output + reverting the changes to the conf.json

* Mongodb: nested dicts fix (#7625)

* Fixed an issue where nested dictionaries containing a datetime object were not parsed properly.

* fix cr"

* ServiceNow - added retry mechanism for status code 401 (#7614)

* added retry mechanism for status code 403

* remove blank line

* add 401 not authenticated test

* add negative unauthenticated test

* bump pack version

* Adding documentaion

* Support AWS Security Groups with only one ingress rule (#7592) (#7626)

* Support AWS Security Groups with only one inbound rule

* Add release notes to AWS-EC2 pack

* Bump docker image tag to latest

Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>

Co-authored-by: Lindsey Smith <lindsey.smith@gmail.com>
Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>
Co-authored-by: syaakovi <syaakovi@paloaltonetworks.com>

* Documentation fixes (#7507)

* add image

* update missing image

* fix link

* fix link

* fix links

* fix regexes

* fix links

* fix links

* fix links

* fix links

* fix typo

* secrets

* Fix cfw extra arg (#7628)

* Removed an unused argument ipname from **checkpoint-block-ip** command.

* Deprecate an unused argument ipname from **checkpoint-block-ip** command.

* removed deprecated arg from documentation

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Flake8 phase10 (#7604)

* AutoFocusV2 lint fixes

* MicrosoftGraphFiles_test.py lint fix

* CarbonBlackEnterpriseEDR lint fix

* FeedCofense lint fix

* AzureSentinel_test lint fixes

* csp bugfix (#7472)

* unit test is failing

* bug fix

* updated tests

* docs update

* 1.0.7 RN

* 1.0.8 RN

* 1.0.9 RN

* [HelloWorld] Minor yml update (#7448) (#7630)

* Added additionalinfo tooltip to integration parameters

* updated releasenotes to 1.1.4

* Update Packs/HelloWorld/Integrations/HelloWorld/HelloWorld.yml

* Updated

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

Co-authored-by: Francesco Vigo <fvigo@users.noreply.github.com>
Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Okta zones - playbook and enhancement (#7620)

* Okta zones - playbook and enhancement (#7137)

* Okta V2 - Add commands for Network Zones

* IP Whitelisting - add Okta Zone playbook

* Whitelist playbook - Add Okta

* Okta V2 - fix yaml and secrets ignore

* Added playbook image

* Uploading playbook image

* Added playbook image

* Setting author to Cortex XSOAR

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>

* Removing email contact

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>

* Setting URL in content pack metadata

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>

* Okta V2 Zones fixes + unit tests  + outputs

* Okta V2 test - fix linter error

* IP Whitelist pack - remove depe

* Okta Zone playbook - move to Okta pack and update  readme

* Updated whitelist language

* Updated new content

* Removing pack + okta code fixes

Removing IPWhitelist pack - sorting content into packs

* Commit playbook images

* Okta V2 code fixes

* Egress Playbook fixes

Renamed tasks,  moved group names into playbook inputs

* Update README and images

* Update Okta V2 README with new commands

* Added release notes, fixed integration name in conf.json

* Remove unused import

* Updated release notes.

* Release notes for Legacy pack

* Updating playbook images

* Modified playbook text and READMEs

* Update playbook-IP_Whitelist_-_AWS_Security_Group.yml

* Update playbook-IP_Whitelist_-_GCP_Firewall.yml

* Update Okta_v2.yml

* Update playbook-Allow_IP_-_Okta_Zone.yml

* Update playbook-Allow_IP_-_Okta_Zone_README.md

* Update playbook-Prisma_Access_Whitelist_Egress_IPs_on_SaaS_Services.yml

Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* move comparelists

* delete Legacy pack

* fix build

* update version of CommonScripts

Co-authored-by: Lior Kolnik <liorkol@users.noreply.github.com>
Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* SentinelOne v2 - improve date string handling (#7612)

* add test for event with unexpected timeformat

* parse dateoccurred to datetime

* Updated

* bump docker image

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Add ML collect data script (#7621)

* Add ML collect data script

* Add ML collect data scriptAdd ML collect data script

Co-authored-by: eharush <erez@demisto.com>

* Update configure_and_test_integration_instances.py (#7645)

* RedCanary - improve endpoint context standard handling (#7636)

* add test for endpoint without mac address

* improved implementation of get_endpoint_context

* fix flake8 report in unit test

* add condition to check if address_attributes

* Updated.

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* removed resource class (#7642)

* set entities timeframe to 1 hour and skip in case no entities found (#7634)

* SecureWorks - enhance README with incident fetch details (#7595)

* update readme with fetch incidents notes

* update readme with fetch incidents notes

* Fixed recently created release notes files to new standard (#7644)

* Pcapminer v2 post fix (#7150)

* Reopening PR after fix

* revert to preplaybook

* revert to preplaybook + unit test fix

* description

* find path for testdata

* remove rsa_key + try to fix testdata unittest

* unittest fix

* move test file to folder

* unnittest fix

* remove iterate and packets to analyze

* run on a different docker each run

* change Pcap to PCAP + add "All" option for protocol output

* Updated

* Readme

* last additions

* David fixes

* uppercase

* rsa_key fix + Capital PCAP in README

* test fix

* join 2 tests into one

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Added client re-creation to prevent api-key expiration (#7648)

* Added https connection and SSL verification (#7631)

* Added https connection and SSL verification

* added rn

* removed unnecessary keys

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* timestamp_to_datestring uses `utcfromtimestamp` (#7488)

* timestamp_to_datestring uses `utcfromtimestamp` (#7407)

* timestamp_to_datestring uses `utcfromtimestamp`

`timestamp_to_datestring`'s default date format includes Z for the time
zone. However, it uses `datetime.fromtimestamp` which is in localtime.
This yields incorrect results when the default time zone is anything
other than UTC.

The `epochToTimestamp` function in the same file does correctly use
`utcfromtimestamp`. This commit corrects and normalizes the timestamp
processing.

* Added release notes

Co-authored-by: halpert <haplert@paloaltonetworks.com>

* Adding condition for timestamp format

Co-authored-by: Henry Stern <henry@stern.ca>
Co-authored-by: halpert <haplert@paloaltonetworks.com>

* Remove deprecated CloseInvestigation task from playbooks (#7653)

* skipping tpb

* Revert "skipping tpb"

This reverts commit 858f9a1b

* replaced CloseInvestigation tasks with Done section headers

* small fix in TestIsValueInArray

* Add a new pack for HIPAA (#7382)

* Add a new pack for HIPAA

* Changed playbook

* Changed playbook

* Added changelogs

* Created pack release notes.

* Cahngedrelease notes

* Update playbook-HIPAA_-_Breach_Notification.yml

* Updated playbook and layout

* Changed HIPAA pack metadata and change the location of the incident fields.

* Removed test changes

* Removed test changes

* Generated playbook readme

Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* Adding pagination mechanism for url logs request (#7277)

Co-authored-by: halpert <haplert@paloaltonetworks.com>

* symantec dlp: permissions section (#7581)

* dlp permissions section

* Updated

* upate troubleshooting

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Microsoft Defender ATP - set scope to default (#7647)

* updated scope to atp default

* Updated

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* Added logs for uncommited items (#7607)

Co-authored-by: hod-alpert <haplert@paloaltonetworks.com>

* Added support for exclude passed checks (#7501)

* Added support for exclude passed checks

* Updated

* Updated

* dockerimage

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* CDL - set temp creds dbfile (#7659)

* set temp creds dbfile

* use fixed temp file for caching between runs

* add packs tags (#7651)

* Added

* Skipped PerceptionPoint

Co-authored-by: dbaumstein <dbaumstein@paloaltonetwork.com>

* remove test playbook from skipped tests (#7548)

* remove test playbook from skipped tests

* remove Akamai_WAF_SIEM-Test from skipped

* [infocyte-604] Infocyte Pack (#7480) (#7666)

* wip infocyte integration

* fix format on yml file

* Add tests

* small update to yml

* bug fixes from testing

* Got tests running interactively (wip)

* Working with Returns functions (wip)

* Add test playbook

* simplify test playbook

* simplify test playbook

* All tests now pass

* Bug fixes and response to PR comments

* finished refining README + small format bug fixes

* remove api keys

* markdown formating updates

* update logo to spec

* Updated.

* small fix

* Passes the tests

* Add descriptions to playbook

* Updated

* Fixed a typo

* fix back the docker version

* Remove custom ReturnOutputs and fix typo

* fix fetch-incidents and playbook modifications

* fetch-incidents to use Demisto.incidents()

* add fromversion

* remove packages-microsoft-prod.deb

* add description field to task 1

* rename to *.Tests.ps1

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: Guy Lichtman <1395797+glicht@users.noreply.github.com>

Co-authored-by: Chris <chris@infocyte.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: Guy Lichtman <1395797+glicht@users.noreply.github.com>

* secret

* Cortex xdr enhancement (#7262)

* add comments again

* readd tests

* add unit testing files

* 1. fix dt problems 2. fix mardown

* fix unit testing

* fix generic playbook

* remove default params

* add get quarantine status polling playbook

* fix flake8 issues

* update docker image

* add changes to CHANGELOG

* add README to get-quarantine-status playbook 2. add release notes

* change release notes version

* 1. add commands examples 2. change fromversion in qaurantine playbook

* Update Packs/CortexXDR/Playbooks/Cortex_XDR_-_quarantine_file.yml

Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>

* 1. change playbook name 2. change from version value

* add back from version and change version to -1

* change playbook name

* change playbook name

* change playbook name

* update from version

* remove tests field from yml

* add test field to yml

* remove special character from docstring

* in get_quarantine_status add a check if the reply type before access its content

* change from version

* 1. add descriptions in yml 2. create another test playbook

* add descriptions

* add release notes

* add release notes

* Updated

* Updated

* Updated

* Updated

* Update Cortex_XDR_-_quarantine_file.yml

* update docker image

Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com>

* Instance test enhancments (#7624)

* Added failed instances to file artifact

* Added failed instances to file artifact

* Changed machine setup for debugging

* Added devops comment back

* Fixed slack message

* Added https

* Reverted config changes

* Indentation fix

* removed debugging

* removed debugging

* handled previous command error handling

* Microsoft Teams - handle notifications from server (#7661)

* handle notifications from server

* bump docker image tag

* Updated

* refactor unclassified to unknown

Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>

* tpb

* TPBs

Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com>
Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com>
Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com>
Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com>
Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com>
Co-authored-by: Eddie Lebow <elebow@users.noreply.github.com>
Co-authored-by: Mike Saurbaugh <mike.saurbaugh@cofense.com>
Co-authored-by: Shelly Berman <45915502+Shellyber@users.noreply.github.com>
Co-authored-by: content-bot <55035720+content-bot@users.noreply.github.com>
Co-authored-by: Todd Murchison <toddm92@gmail.com>
Co-authored-by: syaakovi <syaako…
avidan-H pushed a commit that referenced this pull request Jul 12, 2020
Merge pull request #7 from code42/field-mappings
09270bb
ShahafBenYakir pushed a commit that referenced this pull request Nov 11, 2021
@crestdatasystems
Merge pull request #7 from demisto/master
956ef69 
Pulled latest changes from demisto/content
ShahafBenYakir added a commit that referenced this pull request May 2, 2022
@ShahafBenYakir
Fixed correlation #7
7097724
@johnnywilkes johnnywilkes mentioned this pull request Oct 20, 2022
Merged
11 tasks
@darkushin darkushin mentioned this pull request Aug 6, 2023
Merged
darkushin added a commit that referenced this pull request Aug 8, 2023
@darkushin
Private upload mode - docs #7 (#28802)
41d4a47 
* Updated Docs

* added RNs
ostolero pushed a commit that referenced this pull request Aug 8, 2023
@darkushin @ostolero
Private upload mode - docs #7 (#28802)
0767a8e 
* Updated Docs

* added RNs
tkatzir pushed a commit that referenced this pull request Dec 20, 2023
@darkushin @ostolero
Private upload mode - docs #7 (#28802)
767e540 
* Updated Docs

* added RNs
samuelFain added a commit that referenced this pull request Apr 16, 2024
@samuelFain
Updated docker image to demisto/python3:3.10.14.92207. PR batch #7/30
31fb55b
maimorag pushed a commit that referenced this pull request May 9, 2024
@liormgem
Gem Security pack (#33434)
fa6cb54 
* Gem Security pack Commit

Pack includes:

1 Automation
3 Classifiers
16 Incident Fields
1 Incident Type
1 Integration
1 Layout
3 Playbooks
1 Pre-process Rule

* Ci fix (#5)

* Fix post commit validation issues

* Fix tests coverage

* Fix indent (#6)

* Cr fix (#7)

* Fix playbooks

* Format playbooks and fix Gem Alert Classifier

* Fix blank space in Gem Layout

* Fix incident fields

* Fix cr (#8)

* Fix double line

* Update playbooks (#9)
maimorag pushed a commit that referenced this pull request May 9, 2024
@liormgem
Gem Security pack (#33434) (#34311)
0b00fd2 
* Gem Security pack Commit

Pack includes:

1 Automation
3 Classifiers
16 Incident Fields
1 Incident Type
1 Integration
1 Layout
3 Playbooks
1 Pre-process Rule

* Ci fix (#5)

* Fix post commit validation issues

* Fix tests coverage

* Fix indent (#6)

* Cr fix (#7)

* Fix playbooks

* Format playbooks and fix Gem Alert Classifier

* Fix blank space in Gem Layout

* Fix incident fields

* Fix cr (#8)

* Fix double line

* Update playbooks (#9)

Co-authored-by: Lior Maman <155369912+liormgem@users.noreply.github.com>
pal-xmco pushed a commit to pal-xmco/content that referenced this pull request Jun 19, 2024
@liormgem @pal-xmco
Gem Security pack (demisto#33434) (demisto#34311)
875d06a 
* Gem Security pack Commit

Pack includes:

1 Automation
3 Classifiers
16 Incident Fields
1 Incident Type
1 Integration
1 Layout
3 Playbooks
1 Pre-process Rule

* Ci fix (demisto#5)

* Fix post commit validation issues

* Fix tests coverage

* Fix indent (demisto#6)

* Cr fix (demisto#7)

* Fix playbooks

* Format playbooks and fix Gem Alert Classifier

* Fix blank space in Gem Layout

* Fix incident fields

* Fix cr (#8)

* Fix double line

* Update playbooks (demisto#9)

Co-authored-by: Lior Maman <155369912+liormgem@users.noreply.github.com>
samuelFain added a commit that referenced this pull request Jul 4, 2024
@samuelFain
Updated docker image to demisto/python3:3.10.14.100715. PR batch #7/19
6841c62
inbalapt1 pushed a commit that referenced this pull request Jul 4, 2024
@samuelFain
Updated docker image to demisto/python3:3.10.14.100715. PR batch #7/19 (
86217ae 
#35240)
samuelFain added a commit that referenced this pull request Jul 9, 2024
@samuelFain @talzich @inbalapt1
[Auto Update Docker] AUD-demisto/auto_update_docker_staging_branch_9 (#…
01db570 
…35310)

* Updated docker image to demisto/python3:3.10.14.100715. PR batch #1/19 (#35234)

* Updated docker image to demisto/python3:3.10.14.100715. PR batch #9/19 (#35242)

* Updated docker image to demisto/python3:3.10.14.100715. PR batch #8/19 (#35241)

* Updated docker image to demisto/python3:3.10.14.100715. PR batch #7/19 (#35240)

* Updated docker image to demisto/python3:3.10.14.100715. PR batch #4/19 (#35237)

* Updated docker image to demisto/python3:3.10.14.100715. PR batch #11/19 (#35244)

* Updated docker image to demisto/python3:3.10.14.100715. PR batch #19/19 (#35252)

* Updated docker image to demisto/python3:3.10.14.100715. PR batch #3/19 (#35236)

* Updated docker image to demisto/python3:3.10.14.100715. PR batch #10/19 (#35243)

* Updated docker image to demisto/python3:3.10.14.100715. PR batch #12/19 (#35245)

Co-authored-by: Tal Zichlinsky <35036457+talzich@users.noreply.github.com>

* Updated docker image to demisto/python3:3.10.14.100715. PR batch #13/19 (#35246)

Co-authored-by: Tal Zichlinsky <35036457+talzich@users.noreply.github.com>

* Updated docker image to demisto/python3:3.10.14.100715. PR batch #14/19 (#35247)

Co-authored-by: Tal Zichlinsky <35036457+talzich@users.noreply.github.com>

* Updated docker image to demisto/python3:3.10.14.100715. PR batch #17/19 (#35250)

Co-authored-by: Tal Zichlinsky <35036457+talzich@users.noreply.github.com>

* demisto/python3:3.10.14.100715 | 0-100 | PR batch #15/19 (#35248)

* Updated docker image to demisto/python3:3.10.14.100715. PR batch #15/19

* Fix text encoding

* Update Pulsedive.yml

---------

Co-authored-by: Tal Zichlinsky <35036457+talzich@users.noreply.github.com>

* demisto/python3:3.10.14.100715 | 0-100 | PR batch #16/19 (#35249)

* Updated docker image to demisto/python3:3.10.14.100715. PR batch #16/19

* Update ThousandEyes.yml

---------

Co-authored-by: Tal Zichlinsky <35036457+talzich@users.noreply.github.com>

* demisto/python3:3.10.14.100715 | 0-100 | PR batch #2/19 (#35235)

* Updated docker image to demisto/python3:3.10.14.100715. PR batch #2/19

* pre-commit fixes

* fix

---------

Co-authored-by: iapt@paloaltonetworks.com <iapt@paloaltonetworks.com>

* demisto/python3:3.10.14.100715 | 0-100 | PR batch #6/19 (#35239)

* Updated docker image to demisto/python3:3.10.14.100715. PR batch #6/19

* Empty commit

* fixes

* fix

* space

* fix

---------

Co-authored-by: iapt@paloaltonetworks.com <iapt@paloaltonetworks.com>

* demisto/python3:3.10.14.100715 | 0-100 | PR batch #5/19 (#35238)

* Updated docker image to demisto/python3:3.10.14.100715. PR batch #5/19

* fixes

* Empty commit

* Empty commit

* Empty commit

* Empty commit

---------

Co-authored-by: iapt@paloaltonetworks.com <iapt@paloaltonetworks.com>
Co-authored-by: inbalapt1 <164751454+inbalapt1@users.noreply.github.com>

* Updated docker image to demisto/python3:3.10.14.100715. PR batch #18/19 (#35251)

Co-authored-by: Tal Zichlinsky <35036457+talzich@users.noreply.github.com>

* Update RN

* Empty commit to re-trigger build pipeline

---------

Co-authored-by: Tal Zichlinsky <35036457+talzich@users.noreply.github.com>
Co-authored-by: iapt@paloaltonetworks.com <iapt@paloaltonetworks.com>
Co-authored-by: inbalapt1 <164751454+inbalapt1@users.noreply.github.com>
inbalapt1 pushed a commit that referenced this pull request Oct 31, 2024
Updated docker image to demisto/python3:3.11.10.113941. PR batch #7/7 (
5e9720b 
…#36998)

Co-authored-by: root <root@1e2de18e0cc3>
inbalapt1 added a commit that referenced this pull request Nov 6, 2024
@inbalapt1
Aud demisto/auto update docker staging branch 23 (#37006)
cf6fdf3 
* Updated docker image to demisto/python3:3.11.10.113941. PR batch #4/7 (#36995)

Co-authored-by: root <root@1e2de18e0cc3>

* Updated docker image to demisto/python3:3.11.10.113941. PR batch #3/7 (#36994)

Co-authored-by: root <root@1e2de18e0cc3>

* Updated docker image to demisto/python3:3.11.10.113941. PR batch #7/7 (#36998)

Co-authored-by: root <root@1e2de18e0cc3>

* demisto/python3:3.11.10.113941 | 0-100 | PR batch #2/7 (#36993)

* Updated docker image to demisto/python3:3.11.10.113941. PR batch #2/7

* Update IPNetwork.yml

---------

Co-authored-by: root <root@1e2de18e0cc3>
Co-authored-by: inbalapt1 <164751454+inbalapt1@users.noreply.github.com>

* Updated docker image to demisto/python3:3.11.10.113941. PR batch #1/7 (#36992)

Co-authored-by: root <root@1e2de18e0cc3>

* demisto/python3:3.11.10.113941 | 0-100 | PR batch #6/7 (#36997)

* Updated docker image to demisto/python3:3.11.10.113941. PR batch #6/7

* fix UTC

* remove paloaltonetworks_iot

---------

Co-authored-by: root <root@1e2de18e0cc3>
Co-authored-by: iapt@paloaltonetworks.com <iapt@paloaltonetworks.com>

* update release notes

* Bump pack from version MicrosoftExchangeOnline to 1.5.13.

---------

Co-authored-by: content-bot <55035720+content-bot@users.noreply.github.com>
Co-authored-by: root <root@1e2de18e0cc3>
Co-authored-by: Content Bot <bot@demisto.com>
inbalapt1 pushed a commit that referenced this pull request Nov 7, 2024
Updated docker image to demisto/python3:3.11.10.115186. PR batch #7/7 (
37c7550 
…#37100)

Co-authored-by: root <root@1e2de18e0cc3>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@liorkol @meirwah