Align credentials stores - part 32 (demisto#27756)

* Align credentials stores - part 32

* adding Recorded Future Feed

* fix test

* Bump pack from version FeedCrowdstrikeFalconIntel to 2.1.9.

* revert change

* adding ignore

* removing from conf.json

* fix

* fix test

* cred invalid

---------

Co-authored-by: Content Bot <bot@demisto.com>

Packs/FeedCrowdstrikeFalconIntel/.pack-ignore

@@ -1,5 +1,5 @@
 [file:FeedCrowdstrikeFalconIntel.yml]
-ignore=IN135,IN122,IN145
+ignore=IN135,IN122
 
 [file:CrowdStrikeIndicatorFeed.yml]
 ignore=IN122

Packs/FeedCrowdstrikeFalconIntel/Integrations/FeedCrowdstrikeFalconIntel/FeedCrowdstrikeFalconIntel.py

@@ -28,10 +28,12 @@
 class Client(BaseClient):
 
     def __init__(self, params):
-        self._client_id = params.get('client_id')
-        self._client_secret = params.get('client_secret')
+        self._client_id = params.get('credentials_client', {}).get('identifier') or params.get('client_id')
+        self._client_secret = params.get('credentials_client', {}).get('password') or params.get('client_secret')
         self._verify_certificate = not demisto.params().get('insecure', False)
         self._server_url = params.get('server_url', "https://api.crowdstrike.com/")
+        if not(self._client_id and self._client_secret):
+            raise DemistoException('API client ID and API client secret must be provided.')
         super().__init__(base_url=self._server_url, verify=self._verify_certificate,
                          ok_codes=tuple(), proxy=params.get('proxy', False))
         self._token = self._get_access_token()

Packs/FeedCrowdstrikeFalconIntel/Integrations/FeedCrowdstrikeFalconIntel/FeedCrowdstrikeFalconIntel.yml

@@ -15,8 +15,9 @@ configuration:
   type: 8
 - display: CrowdStrike API client ID
   name: client_id
-  required: true
+  required: false
   type: 4
+  hidden : true
 - additionalinfo: Indicators from this integration instance will be marked with this reputation.
   display: Indicator Reputation
   name: feedReputation
@@ -103,8 +104,15 @@ configuration:
   type: 0
 - display: CrowdStrike API client secret
   name: client_secret
-  required: true
+  required: false
   type: 4
+  hidden: true
+- display: CrowdStrike API client ID
+  name: credentials_client
+  required: false
+  type: 9
+  displaypassword: CrowdStrike API client secret
+  section: Connect
 - additionalinfo: "A comma-separated list of the threat actor's target industries. For example: Aerospace,Academic."
   display: Filter by the threat actor's target industries.
   name: target_industries
@@ -160,7 +168,7 @@ script:
     description: Gets indicators from CrowdStrike Falcon Intel Feed.
     execution: false
     name: crowdstrike-falcon-intel-get-indicators
-  dockerimage: demisto/python3:3.10.11.56082
+  dockerimage: demisto/python3:3.10.12.63474
   feed: true
   isfetch: false
   longRunning: false

Packs/FeedCrowdstrikeFalconIntel/Integrations/FeedCrowdstrikeFalconIntel/FeedCrowdstrikeFalconIntel_test.py

@@ -80,7 +80,8 @@ def test_fetch_indicators_with_limit(mocker, requests_mock):
     from FeedCrowdstrikeFalconIntel import main
     mocker.patch.object(Client, '_get_access_token', return_value='test_token')
     mocker.patch.object(demisto, 'command', return_value='fetch-indicators')
-    mocker.patch.object(demisto, 'params', return_value={'limit': '2'})
+    mocker.patch.object(demisto, 'params', return_value={'limit': '2', 'credentials_client': {
+                        'identifier': 'test_identifier', 'password': 'test_password'}})
     mocker.patch.object(demisto, 'setLastRun')
     requests_mock.get(re.compile('.*api.crowdstrike.com.*'),
                       json=indicators['list_data_cs'])

Packs/FeedCrowdstrikeFalconIntel/ReleaseNotes/2_1_9.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### CrowdStrike Falcon Intel Feed Actors
+-  Added the *CrowdStrike API client ID* and *CrowdStrike API client secret* integration parameters to support credentials fetching object.
+- Updated the Docker image to: *demisto/python3:3.10.12.63474*.

Packs/FeedCrowdstrikeFalconIntel/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Crowdstrike Falcon Intel Feed",
     "description": "Tracks the activities of threat actor groups and advanced persistent threats (APTs) to understand as much as possible about their known aliases, targets, methods, and more.",
     "support": "xsoar",
-    "currentVersion": "2.1.8",
+    "currentVersion": "2.1.9",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/FeedRecordedFuture/.pack-ignore

@@ -1,5 +1,2 @@
-[file:FeedRecordedFuture.yml]
-ignore=IN145
-
 [known_words]
 RiskList

Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture.py

@@ -142,7 +142,7 @@ def build_iterator(self, service, indicator_type, risk_rule: Optional[str] = Non
         )
         rkwargs['stream'] = True
         rkwargs['verify'] = self._verify
-        rkwargs['timeout'] = self.polling_timeout
+        rkwargs['timeout'] = self.polling_timeout  # type:ignore[typeddict-item]
 
         try:
             response = _session.send(prepared_request, **rkwargs)
@@ -500,7 +500,10 @@ def get_risk_rules_command(client: Client, args) -> Tuple[str, dict, dict]:
 
 def main():  # pragma: no cover
     params = demisto.params()
-    client = Client(RF_INDICATOR_TYPES[params.get('indicator_type')], params.get('api_token'), params.get('services'),
+    api_token = params.get('credentials_api_token', {}).get('password') or params.get('api_token')
+    if not api_token:
+        raise DemistoException('API Token must be provided.')
+    client = Client(RF_INDICATOR_TYPES[params.get('indicator_type')], api_token, params.get('services'),
                     params.get('risk_rule'), params.get('fusion_file_path'), params.get('insecure'),
                     params.get('polling_timeout'), params.get('proxy'), params.get('threshold'),
                     params.get('risk_score_threshold'), argToList(params.get('feedTags')), params.get('tlp_color'))

Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture.yml

@@ -89,8 +89,14 @@ configuration:
   type: 15
 - display: API token
   name: api_token
-  required: true
+  required: false
   type: 4
+  hidden: true
+- displaypassword: API Token
+  name:  credentials_api_token
+  required: false
+  hiddenusername: true
+  type: 9
 - defaultvalue: connectApi
   display: Services
   name: services
@@ -202,7 +208,7 @@ script:
     - contextPath: RecordedFutureFeed.RiskRule.Criticality
       description: The risk rule criticality.
       type: String
-  dockerimage: demisto/python3:3.10.4.31492
+  dockerimage: demisto/python3:3.10.12.63474
   feed: true
   isfetch: false
   longRunning: false

Packs/FeedRecordedFuture/ReleaseNotes/1_0_28.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Recorded Future RiskList Feed
+- Added the *API Token* integration parameters to support credentials fetching object.
+- Updated the Docker image to: *demisto/python3:3.10.12.63474*.

Packs/FeedRecordedFuture/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Recorded Future Feed",
     "description": "Ingests indicators from Recorded Future feeds into Demisto.",
     "support": "xsoar",
-    "currentVersion": "1.0.27",
+    "currentVersion": "1.0.28",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/ProtectWise/.pack-ignore

@@ -1,5 +1,5 @@
 [file:ProtectWise.yml]
-ignore=IN126,IN145
+ignore=IN126
 
 [file:ProtectWise_image.png]
 ignore=IM111

Packs/ProtectWise/Integrations/ProtectWise/ProtectWise.js

@@ -7,20 +7,19 @@ var TIME_FIELDS = ['startedAt', 'occurredAt', 'endedAt', 'observedAt'];
 var serverUrl = params.url.replace(/[\/]+$/, '') + '/';
 
 var getToken = function() {
-    var token = '';
-    if ((params.token) && (params.token.length > 0)) {
-        token = params.token;
-    }
-    if (token.length === 0) {
-        if (params.email.length === 0 || params.password.length === 0){
+    let token = params.credentials_api_token ? params.credentials_api_token.password : params.token;
+    let email = params.credentials_login ? params.credentials_login.identifier : params.email;
+    let password = params.credentials_login ? params.credentials_login.password : params.password;
+    if (token && token.length === 0) {
+        if ((email&&email.length === 0) || (password&&password.length === 0)){
             throw 'If token configuration is empty , you must provide email+password configuration params for auth';
         }
         var tokResult = http(
             serverUrl + 'token',
             {
                 Headers: {'Content-Type': ['application/json']},
                 Method: 'POST',
-                Body: JSON.stringify({'email': params.email, 'password': params.password}),
+                Body: JSON.stringify({'email': email, 'password': password}),
             },
             params.insecure,
             params.proxy

Packs/ProtectWise/Integrations/ProtectWise/ProtectWise.yml

@@ -16,15 +16,29 @@ configuration:
   defaultvalue: ""
   type: 0
   required: false
+  hidden: true
 - display: Password
   name: password
   defaultvalue: ""
   type: 4
   required: false
+  hidden: true
+- display: Email
+  name: credentials_login
+  required: false
+  type: 9
+  displaypassword: Password
+  section: Connect
 - display: API Token
   name: token
   type: 4
   required: false
+  hidden: true
+- displaypassword: API Token
+  name:  credentials_api_token
+  required: false
+  hiddenusername: true
+  type: 9
 - display: Trust any certificate (not secure)
   name: insecure
   type: 8

Packs/ProtectWise/ReleaseNotes/1_0_8.md

@@ -0,0 +1,5 @@
+
+#### Integrations
+
+##### ProtectWise
+Added the *Email*, *Password* and *API Token* integration parameters to support credentials fetching object.