Add TIM Processing pack to XSIAM (demisto#27653)

* Added TIM to marketplacev2

* update RN

* excluded incident types

* added docs where missing

* fix marketplaces field

* fix marketplaces field

* validation

* pack ignore

* pack ignore

* update RN

* pack ignore

* pack ignore

Packs/TIM_Processing/.pack-ignore

@@ -59,4 +59,4 @@ ignore=PB115
 ignore=PB110
 
 [file:playbook-TIM_-_Run_Enrichment_For_IP_Indicators_6_0_0.yml]
-ignore=RM109
+ignore=RM109

Packs/TIM_Processing/IncidentTypes/incidenttype-Review_Indicators_Manually.json

@@ -1,6 +1,9 @@
 {
     "fromVersion": "5.5.0",
 	"id": "Review Indicators Manually",
+    "marketplaces": [
+    "xsoar"
+    ],
 	"version": -1,
 	"sortValues": null,
 	"locked": false,

Packs/TIM_Processing/IncidentTypes/incidenttype-Review_Indicators_Manually_For_Whitelisting.json

@@ -1,6 +1,9 @@
 {
 	"id": "Review Indicators Manually For Whitelisting",
     "fromVersion": "5.5.0",
+    "marketplaces": [
+    "xsoar"
+    ],
 	"version": -1,
 	"sortValues": null,
 	"locked": false,

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Indicator_Auto_Processing.yml

@@ -776,5 +776,7 @@ outputs:
     playbook or tagged using approved black, approved white etc.
   type: string
 quiet: true
+marketplaces:
+- xsoar
 tests:
 - No test

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Indicators_Exclusion_By_Related_Incidents.yml

@@ -1,6 +1,8 @@
 id: TIM - Indicators Exclusion By Related Incidents
 version: -1
 fromversion: 6.0.0
+marketplaces:
+- xsoar
 name: TIM - Indicators Exclusion By Related Incidents
 description: This playbooks allows you to exclude indicators according to the number of
   incidents the indicator is related to. The indicator query is "investigationsCount:>=X"

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Process_CIDR_Indicators_By_Size.yml

@@ -1,6 +1,8 @@
 id: TIM - Process CIDR Indicators By Size
 version: -1
 fromversion: 5.5.0
+marketplaces:
+- xsoar
 name: TIM - Process CIDR Indicators By Size
 description: This playbook processes CIDR indicators of both IPV4 and IPV6. By specifying
   in the inputs the maximum number of hosts allowed per CIDR, the playbook tags

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Process_File_Indicators_With_File_Hash_Type.yml

@@ -1,6 +1,8 @@
 id: TIM - Process File Indicators With File Hash Type
 version: -1
 fromversion: 5.5.0
+marketplaces:
+- xsoar
 name: TIM - Process File Indicators With File Hash Type
 description: This playbook processes file indicator by tagging them
   with the relevant file hash type tag, such as Sha256, Sha1, and Md5.

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Process_Indicators_-_Fully_Automated.yml

@@ -1,6 +1,8 @@
 id: TIM - Process Indicators - Fully Automated
 version: -1
 fromversion: 5.5.0
+marketplaces:
+- xsoar
 name: TIM - Process Indicators - Fully Automated
 description: This playbook tags indicators ingested from high reliability feeds. The
   playbook is triggered due to a Cortex XSOAR job. The indicators are tagged as approved_white,

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Process_Indicators_Against_Approved_Hash_List.yml

@@ -1,6 +1,8 @@
 id: TIM - Process Indicators Against Approved Hash List
 version: -1
 fromversion: 5.5.0
+marketplaces:
+- xsoar
 name: TIM - Process Indicators Against Approved Hash List
 description: This playbook checks if file hash indicators exist in
   a Cortex XSOAR list. If the indicators exist in the list, they are tagged as approved_hash.

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Process_Indicators_Against_Business_Partners_Domains.yml

@@ -1,6 +1,8 @@
 id: TIM - Process Indicators Against Business Partners Domains List
 version: -1
-fromversion: 5.5.0 
+fromversion: 5.5.0
+marketplaces:
+- xsoar
 name: TIM - Process Indicators Against Business Partners Domains List
 description: This playbook processes indicators to check if they exist
   in a Cortex XSOAR list containing the business partner domains, and tags the indicators

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Process_Indicators_Against_Business_Partners_IP_List.yml

@@ -1,6 +1,8 @@
 id: TIM - Process Indicators Against Business Partners IP List
 version: -1
 fromversion: 5.5.0
+marketplaces:
+- xsoar
 name: TIM - Process Indicators Against Business Partners IP List
 description: This playbook processes indicators to check if they exist
   in a Cortex XSOAR list containing business partner IP addresses, and tags the indicators

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Process_Indicators_Against_Business_Partners_URL_List.yml

@@ -1,6 +1,8 @@
 id: TIM - Process Indicators Against Business Partners URL List
 version: -1
 fromversion: 5.5.0
+marketplaces:
+- xsoar
 name: TIM - Process Indicators Against Business Partners URL List
 description: This playbook processes indicators to check if they exist
   in a Cortex XSOAR list containing business partner urls, and tags the indicators accordingly.

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Process_Indicators_Against_Organizations_External_IP.yml

@@ -428,6 +428,8 @@ inputs:
   playbookInputQuery:
 outputs: []
 quiet: true
+marketplaces:
+- xsoar
 tests:
 - No tests (auto formatted)
 fromversion: 5.5.0

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Process_Indicators_Manual_Review.yml

@@ -1,6 +1,8 @@
 id: TIM - Process Indicators - Manual Review
 version: -1
 fromversion: 5.5.0
+marketplaces:
+- xsoar
 name: TIM - Process Indicators - Manual Review
 description: |-
   This playbook tags indicators ingested by feeds that require manual approval. The playbook is triggered due to a job. The indicators are tagged as requiring a manual review. The playbook optionally concludes with creating a new incident that includes all of the indicators that the analyst must review.

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Review_Indicators_Manually.yml

@@ -1,6 +1,8 @@
 id: TIM - Review Indicators Manually
 version: -1
 fromversion: 5.5.0
+marketplaces:
+- xsoar
 name: TIM - Review Indicators Manually
 description: This playbook helps analysts manage the manual process of reviewing indicators.
   The playbook indicator query is set to search for indicators that have the 'pending

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Review_Indicators_Manually_For_Whitelisting.yml

@@ -1,6 +1,8 @@
 id: TIM - Review Indicators Manually For Whitelisting
 version: -1
 fromversion: 5.5.0
+marketplaces:
+- xsoar
 name: TIM - Review Indicators Manually For Whitelisting
 description: This playbook helps analysts manage the manual process of adding
   indicators from cloud providers, apps, services etc. to an allow list. The playbook indicator query

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Run_Enrichment_For_All__Indicator_Types.yml

@@ -1,6 +1,8 @@
 id: TIM - Run Enrichment For All Indicator Types
 version: -1
 fromversion: 5.5.0
+marketplaces:
+- xsoar
 name: TIM - Run Enrichment For All Indicator Types
 description: |-
   This playbook performs enrichment on indicators

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Run_Enrichment_For_Domain_Indicators_6_0_0_.yml

@@ -1,6 +1,8 @@
 id: TIM - Run Enrichment For Domain Indicators
 version: -1
 fromversion: 6.0.0
+marketplaces:
+- xsoar
 name: TIM - Run Enrichment For Domain Indicators
 description: This playbook processes indicators by enriching indicators based on the
   indicator feed's reputation, as specified in the playbook inputs. This playbook

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Run_Enrichment_For_Domain_Indicators_6_0_0__README.md

@@ -0,0 +1,44 @@
+This playbook processes indicators by enriching indicators based on the indicator feed's reputation, as specified in the playbook inputs. This playbook needs to be used with caution as it might use up the user enrichment integration's API license when running enrichment for large amounts of indicators.
+
+## Dependencies
+
+This playbook uses the following sub-playbooks, integrations, and scripts.
+
+### Sub-playbooks
+
+This playbook does not use any sub-playbooks.
+
+### Integrations
+
+This playbook does not use any integrations.
+
+### Scripts
+
+This playbook does not use any scripts.
+
+### Commands
+
+* enrichIndicators
+
+## Playbook Inputs
+
+---
+
+| **Name** | **Description** | **Default Value** | **Required** |
+| --- | --- | --- | --- |
+| Indicator Query | Indicators matching the indicator query will be used as playbook input |  | Optional |
+| EnrichBadIndicators | Enter a value of true to enrich indicators whose reputation from the feed is bad. |  | Optional |
+| EnrichGoodIndicators | Enter a value of true to enrich indicators whose reputation from the feed is good. |  | Optional |
+| EnrichSuspiciousIndicators | Enter a value of true to enrich indicators whose reputation from the feed is suspicious. |  | Optional |
+| EnrichUnknownIndicators | Enter a value of true to enrich indicators whose reputation from the feed is unknown. |  | Optional |
+
+## Playbook Outputs
+
+---
+There are no outputs for this playbook.
+
+## Playbook Image
+
+---
+
+![TIM - Run Enrichment For Domain Indicators](../doc_files/TIM_-_Run_Enrichment_For_Domain_Indicators.png)

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Run_Enrichment_For_Hash_Indicators_6_0_0.yml

@@ -1,6 +1,8 @@
 id: TIM - Run Enrichment For Hash Indicators
 version: -1
 fromversion: 6.0.0
+marketplaces:
+- xsoar
 name: TIM - Run Enrichment For Hash Indicators
 description: |-
     This playbook processes indicators by enriching indicators

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Run_Enrichment_For_Hash_Indicators_6_0_0_README.md

@@ -0,0 +1,48 @@
+This playbook processes indicators by enriching indicators
+based on the indicator feed's reputation, as specified in the playbook
+inputs. This playbook needs to be used with caution as it might use up the user
+enrichment integration's API license when running enrichment for large amounts of
+indicators.
+
+## Dependencies
+
+This playbook uses the following sub-playbooks, integrations, and scripts.
+
+### Sub-playbooks
+
+This playbook does not use any sub-playbooks.
+
+### Integrations
+
+This playbook does not use any integrations.
+
+### Scripts
+
+This playbook does not use any scripts.
+
+### Commands
+
+* enrichIndicators
+
+## Playbook Inputs
+
+---
+
+| **Name** | **Description** | **Default Value** | **Required** |
+| --- | --- | --- | --- |
+| Indicator Query | Indicators matching the indicator query will be used as playbook input |  | Optional |
+| EnrichBadIndicators | Enter a value of true to enrich indicators whose reputation from the feed is bad. |  | Optional |
+| EnrichGoodIndicators | Enter a value of true to enrich indicators whose reputation from the feed is good. |  | Optional |
+| EnrichSuspiciousIndicators | Enter a value of true to enrich indicators whose reputation from the feed is suspicious. |  | Optional |
+| EnrichUnknownIndicators | Enter a value of true to enrich indicators whose reputation from the feed is unknown. |  | Optional |
+
+## Playbook Outputs
+
+---
+There are no outputs for this playbook.
+
+## Playbook Image
+
+---
+
+![TIM - Run Enrichment For Hash Indicators](../doc_files/TIM_-_Run_Enrichment_For_Hash_Indicators.png)

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Run_Enrichment_For_IP_Indicators_6_0_0.yml

@@ -1,6 +1,8 @@
 id: TIM - Run Enrichment For IP Indicators
 version: -1
 fromversion: 6.0.0
+marketplaces:
+- xsoar
 name: TIM - Run Enrichment For IP Indicators
 description: |-
     This playbook processes indicators by enriching indicators

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Run_Enrichment_For_Url_Indicators_6_0_0.yml

@@ -1,6 +1,8 @@
 id: TIM - Run Enrichment For Url Indicators
 version: -1
 fromversion: 6.0.0
+marketplaces:
+- xsoar
 name: TIM - Run Enrichment For Url Indicators
 description: |-
     This playbook processes indicators by enriching indicators

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Run_Enrichment_For_Url_Indicators_6_0_0_README.md

@@ -0,0 +1,48 @@
+This playbook processes indicators by enriching indicators
+based on the indicator feed's reputation, as specified in the playbook
+inputs. This playbook needs to be used with caution as it might use up the user
+enrichment integration's API license when running enrichment for large amounts of
+indicators.
+
+## Dependencies
+
+This playbook uses the following sub-playbooks, integrations, and scripts.
+
+### Sub-playbooks
+
+This playbook does not use any sub-playbooks.
+
+### Integrations
+
+This playbook does not use any integrations.
+
+### Scripts
+
+This playbook does not use any scripts.
+
+### Commands
+
+* enrichIndicators
+
+## Playbook Inputs
+
+---
+
+| **Name** | **Description** | **Default Value** | **Required** |
+| --- | --- | --- | --- |
+| Indicator Query | Indicators matching the indicator query will be used as playbook input |  | Optional |
+| EnrichBadIndicators | Enter a value of true to enrich indicators whose reputation from the feed is bad. |  | Optional |
+| EnrichGoodIndicators | Enter a value of true to enrich indicators whose reputation from the feed is good. |  | Optional |
+| EnrichSuspiciousIndicators | Enter a value of true to enrich indicators whose reputation from the feed is suspicious. |  | Optional |
+| EnrichUnknownIndicators | Enter a value of true to enrich indicators whose reputation from the feed is unknown. |  | Optional |
+
+## Playbook Outputs
+
+---
+There are no outputs for this playbook.
+
+## Playbook Image
+
+---
+
+![TIM - Run Enrichment For Url Indicators](../doc_files/TIM_-_Run_Enrichment_For_Url_Indicators.png)

Packs/TIM_Processing/Playbooks/playbook-TIM_-_Update_Indicators_Organizational_External_IP_Tag.yml

@@ -546,6 +546,8 @@ inputs:
   playbookInputQuery:
 outputs: []
 quiet: true
+marketplaces:
+- xsoar
 tests:
 - No tests (auto formatted)
 fromversion: 5.5.0