Merge branch 'master' into CIAC-12065-qualysfim-api-v2-support

demisto · Nov 18, 2024 · 9ffd900 · 9ffd900
2 parents f42a419 + b8d83be
commit 9ffd900
Show file tree

Hide file tree

Showing 51 changed files with 1,102 additions and 116 deletions.
diff --git a/Packs/Base/ReleaseNotes/1_35_0.md b/Packs/Base/ReleaseNotes/1_35_0.md
@@ -0,0 +1,18 @@
+
+#### Scripts
+
+##### CommonServerPython
+
+Added new fields to `Common.File`, `Common.URL`, `Common.Domain`, `Common.IP` indicator classes: 
+
+- `organization_prevalence`
+
+- `globally_prevalence`
+
+- `organization_first_seen`
+
+- `organization_last_seen`
+
+- `first_seen_by_source`
+
+- `last_seen_by_source`
diff --git a/Packs/Base/ReleaseNotes/1_35_1.md b/Packs/Base/ReleaseNotes/1_35_1.md
@@ -0,0 +1,22 @@
+
+#### Scripts
+
+##### DBotFindSimilarIncidents
+
+- Updated the Docker image to: *demisto/ml:1.0.0.105874*.
+
+##### GetMLModelEvaluation
+
+- Updated the Docker image to: *demisto/ml:1.0.0.105874*.
+
+##### DBotPredictPhishingWords
+
+- Updated the Docker image to: *demisto/ml:1.0.0.105874*.
+
+##### DBotPreProcessTextData
+
+- Updated the Docker image to: *demisto/ml:1.0.0.105874*.
+
+##### DBotTrainTextClassifierV2
+
+- Updated the Docker image to: *demisto/ml:1.0.0.105874*.
diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py
diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py
@@ -5819,6 +5819,7 @@ def test_create_domain(self):
             dns='dns.somedomain',
             detection_engines=10,
             positive_detections=5,
+            first_seen_by_source='2024-10-06T09:50:50.555Z',
             organization='Some Organization',
             admin_phone='18000000',
             admin_email='[email protected]',
@@ -5896,6 +5897,7 @@ def test_create_domain(self):
                         'Registrar': {'Name': 'Mr Registrar', 'AbuseEmail': '[email protected]', 'AbusePhone': None},
                         'Registrant': {'Name': 'Mr Registrant', 'Email': None, 'Phone': None, 'Country': None},
                         'Admin': {'Name': None, 'Email': '[email protected]', 'Phone': '18000000', 'Country': None},
+                        'FirstSeenBySource': '2024-10-06T09:50:50.555Z',
                         'Organization': 'Some Organization',
                         'Subdomains': ['sub-domain1.somedomain.com', 'sub-domain2.somedomain.com',
                                        'sub-domain3.somedomain.com'], 'DomainStatus': 'ACTIVE',
@@ -5994,6 +5996,7 @@ def test_create_url(self):
             certificates=None,
             description='description test',
             stix_id='stix_id',
+            organization_first_seen='2024-11-04T14:48:23.456Z',
         )
 
         results = CommandResults(
@@ -6033,6 +6036,7 @@ def test_create_url(self):
                         'ASOwner': 'test_as_owner',
                         'Geo': {'Country': 'test_geo_country'},
                         'Organization': 'test_organization',
+                        'OrganizationFirstSeen': '2024-11-04T14:48:23.456Z',
                         'CommunityNotes': [{'note': 'note', 'timestamp': '2019-01-01T00:00:00'}],
                         'Publications': [
                             {'source': 'source',
@@ -6118,7 +6122,8 @@ def test_create_file(self):
             creation_date='test_creation_date',
             description='test_description',
             hashes=None,
-            stix_id='test_stix_id'
+            stix_id='test_stix_id',
+            organization_prevalence=0,
         )
 
         results = CommandResults(
@@ -6164,6 +6169,7 @@ def test_create_file(self):
                                       'threatcategoryconfidence': 'threat_category_confidence'}],
                      'Imphash': 'test_imphash',
                      'Organization': 'test_organization',
+                     'OrganizationPrevalence': 0,
                      'Malicious': {'Vendor': 'Test', 'Description': 'malicious!'}
                      }
                 ],

diff --git a/Packs/Base/Scripts/DBotFindSimilarIncidents/DBotFindSimilarIncidents.yml b/Packs/Base/Scripts/DBotFindSimilarIncidents/DBotFindSimilarIncidents.yml
@@ -86,7 +86,7 @@ script: '-'
 subtype: python3
 timeout: '0'
 type: python
-dockerimage: demisto/ml:1.0.0.112949
+dockerimage: demisto/ml:1.0.0.105874
 runas: DBotWeakRole
 tests:
 - DBotFindSimilarIncidents-test
@@ -110,3 +110,4 @@ outputs:
 - contextPath: DBotFindSimilarIncidents.similarIncident.details
   description: The details of the linked incident.
   type: string
+autoUpdateDockerImage: false
diff --git a/Packs/Base/Scripts/DBotPredictPhishingWords/DBotPredictPhishingWords.yml b/Packs/Base/Scripts/DBotPredictPhishingWords/DBotPredictPhishingWords.yml
@@ -98,9 +98,10 @@ tags:
 - phishing
 timeout: 60µs
 type: python
-dockerimage: demisto/ml:1.0.0.112949
+dockerimage: demisto/ml:1.0.0.105874
 tests:
 - Create Phishing Classifier V2 ML Test
 fromversion: 5.0.0
 marketplaces:
 - xsoar
+autoUpdateDockerImage: false
diff --git a/Packs/Base/Scripts/DBotPreprocessTextData/DBotPreprocessTextData.yml b/Packs/Base/Scripts/DBotPreprocessTextData/DBotPreprocessTextData.yml
@@ -104,7 +104,8 @@ tags:
 - ml
 timeout: 120µs
 type: python
-dockerimage: demisto/ml:1.0.0.112949
+dockerimage: demisto/ml:1.0.0.105874
 tests:
 - Create Phishing Classifier V2 ML Test
 fromversion: 5.0.0
+autoUpdateDockerImage: false
diff --git a/Packs/Base/Scripts/DBotTrainTextClassifierV2/DBotTrainTextClassifierV2.yml b/Packs/Base/Scripts/DBotTrainTextClassifierV2/DBotTrainTextClassifierV2.yml
@@ -121,9 +121,10 @@ tags:
 - ml
 timeout: 12µs
 type: python
-dockerimage: demisto/ml:1.0.0.112949
+dockerimage: demisto/ml:1.0.0.105874
 tests:
 - Create Phishing Classifier V2 ML Test
 fromversion: 5.0.0
 marketplaces:
 - xsoar
+autoUpdateDockerImage: false
diff --git a/Packs/Base/Scripts/GetMLModelEvaluation/GetMLModelEvaluation.yml b/Packs/Base/Scripts/GetMLModelEvaluation/GetMLModelEvaluation.yml
@@ -43,8 +43,9 @@ tags:
 - ml
 timeout: 60µs
 type: python
-dockerimage: demisto/ml:1.0.0.112949
+dockerimage: demisto/ml:1.0.0.105874
 tests:
 - Create Phishing Classifier V2 ML Test
 fromversion: 5.0.0
 runas: DBotWeakRole
+autoUpdateDockerImage: false
diff --git a/Packs/Base/pack_metadata.json b/Packs/Base/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Base",
     "description": "The base pack for Cortex XSOAR.",
     "support": "xsoar",
-    "currentVersion": "1.34.47",
+    "currentVersion": "1.35.1",
     "author": "Cortex XSOAR",
     "serverMinVersion": "6.0.0",
     "url": "https://www.paloaltonetworks.com/cortex",

diff --git a/Packs/CheckpointFirewall/Playbooks/Checkpoint_-_Publish&Install_configuration.yml b/Packs/CheckpointFirewall/Playbooks/Checkpoint_-_Publish&Install_configuration.yml
@@ -2,8 +2,7 @@ id: Checkpoint - Publish&Install configuration
 version: -1
 fromversion: 5.0.0
 name: Checkpoint - Publish&Install configuration
-description: "Publish the Check Point Firewall configuration and install policy on\
-  \ all available gateways."
+description: "Publish the Check Point Firewall configuration and install policy on all available gateways."
 starttaskid: '0'
 tasks:
   '0':
@@ -152,8 +151,7 @@ tasks:
       id: d211fef6-b869-4518-8788-66323f2512d7
       version: -1
       name: Is there policy to install?
-      description: Check whether the values provided in arguments are equal. If either
-        of the arguments is missing, no is returned.
+      description: Check whether the values provided in arguments are equal. If either of the arguments is missing, no is returned.
       type: condition
       iscommand: false
       brand: ''
@@ -282,8 +280,7 @@ tasks:
       id: 7775d6f5-83b4-46ba-83e2-562e496320cf
       version: -1
       name: Check Point show gateways and servers command
-      description: List of all gateways and server available in Check Point device.
-        .
+      description: List of all gateways and server available in Check Point device. .
       script: '|||checkpoint-gateways-list'
       type: regular
       iscommand: true
@@ -318,12 +315,7 @@ tasks:
       id: 5b935b74-d33d-4fd2-8484-845f2fa8a61f
       version: -1
       name: GenericPolling
-      description: "Use this playbook as a sub-playbook to block execution of the\
-        \ master playbook until a remote action is complete.\nThis playbook implements\
-        \ polling by continuously running the command in Step \\#2 until the operation\
-        \ completes.\nThe remote action should have the following structure:\n\n1.\
-        \ Initiate the operation.\n2. Poll to check if the operation completed.\n\
-        3. (optional) Get the results of the operation."
+      description: "Use this playbook as a sub-playbook to block execution of the master playbook until a remote action is complete.\nThis playbook implements polling by continuously running the command in Step \\#2 until the operation completes.\nThe remote action should have the following structure:\n\n1. Initiate the operation.\n2. Poll to check if the operation completed.\n3. (optional) Get the results of the operation."
       playbookName: GenericPolling
       type: playbook
       iscommand: false
@@ -346,6 +338,10 @@ tasks:
         simple: '10'
       dt:
         simple: CheckPoint.ShowTask(val.progress-percentage != '100').task-id
+      AdditionalPollingCommandArgNames:
+        simple: session_id
+      AdditionalPollingCommandArgValues:
+        simple: ${inputs.sid}
     separatecontext: true
     loop:
       iscommand: false
@@ -374,12 +370,7 @@ tasks:
       id: 2d49366e-ead7-4da0-8bde-9ba7c47e45ae
       version: -1
       name: GenericPolling
-      description: "Use this playbook as a sub-playbook to block execution of the\
-        \ master playbook until a remote action is complete.\nThis playbook implements\
-        \ polling by continuously running the command in Step \\#2 until the operation\
-        \ completes.\nThe remote action should have the following structure:\n\n1.\
-        \ Initiate the operation.\n2. Poll to check if the operation completed.\n\
-        3. (optional) Get the results of the operation."
+      description: "Use this playbook as a sub-playbook to block execution of the master playbook until a remote action is complete.\nThis playbook implements polling by continuously running the command in Step \\#2 until the operation completes.\nThe remote action should have the following structure:\n\n1. Initiate the operation.\n2. Poll to check if the operation completed.\n3. (optional) Get the results of the operation."
       playbookName: GenericPolling
       type: playbook
       iscommand: false
@@ -402,6 +393,10 @@ tasks:
         simple: '10'
       dt:
         simple: CheckPoint.ShowTask(val.progress-percentage != '100').task-id
+      AdditionalPollingCommandArgNames:
+        simple: session_id
+      AdditionalPollingCommandArgValues:
+        simple: ${inputs.sid}
     separatecontext: true
     loop:
       iscommand: false
@@ -748,8 +743,7 @@ tasks:
       id: ff470de6-f208-4c38-8dea-a19b0319fdb6
       version: -1
       name: Is action manual handling enabled?
-      description: If action manual handling is enabled, the playbook will pause and
-        wait for manual review.
+      description: If action manual handling is enabled, the playbook will pause and wait for manual review.
       type: condition
       iscommand: false
       brand: ''
@@ -901,16 +895,13 @@ inputs:
 - key: sid
   value: {}
   required: true
-  description: SID - Session unique identifier as returned by the login request required
-    for publish /install changes. Change configuration is seen by all users only after
-    publishing and policy install is complete.
+  description: SID - Session unique identifier as returned by the login request required for publish /install changes. Change configuration is seen by all users only after publishing and policy install is complete.
   playbookInputQuery:
 - key: install_policy
   value:
     simple: 'False'
   required: true
-  description: Whether the playbook should continue install policy process for Check
-    Point Firewall.
+  description: Whether the playbook should continue install policy process for Check Point Firewall.
   playbookInputQuery:
 - key: policy_package
   value:
@@ -922,8 +913,7 @@ inputs:
   value:
     simple: 'True'
   required: true
-  description: If one of the actions for the publish/install policy fails due to a
-    problem or error, the playbook will pause for manual review.
+  description: If one of the actions for the publish/install policy fails due to a problem or error, the playbook will pause for manual review.
   playbookInputQuery:
 outputs: []
 tests:

diff --git a/Packs/CheckpointFirewall/ReleaseNotes/2_3_22.md b/Packs/CheckpointFirewall/ReleaseNotes/2_3_22.md
@@ -0,0 +1,6 @@
+
+#### Playbooks
+
+##### Checkpoint - Publish&Install configuration
+
+Fixed an issue with the Push And Install flow by adding the "SID" input to the polling playbooks as an argument.
diff --git a/Packs/CheckpointFirewall/pack_metadata.json b/Packs/CheckpointFirewall/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Check Point Firewall",
     "description": "Manage Check Point firewall via API",
     "support": "xsoar",
-    "currentVersion": "2.3.21",
+    "currentVersion": "2.3.22",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/CommonScripts/ReleaseNotes/1_15_89.md b/Packs/CommonScripts/ReleaseNotes/1_15_89.md
@@ -0,0 +1,7 @@
+
+#### Scripts
+
+##### ConvertXmlFileToJson
+
+
+- Updated the Docker image to: *demisto/xml-feed:1.0.0.116765*.
diff --git a/Packs/CommonScripts/Scripts/ConvertXmlFileToJson/ConvertXmlFileToJson.yml b/Packs/CommonScripts/Scripts/ConvertXmlFileToJson/ConvertXmlFileToJson.yml
@@ -25,6 +25,6 @@ args:
   defaultValue: "True"
 scripttarget: 0
 fromversion: 5.0.0
-dockerimage: demisto/xml-feed:1.0.0.86490
+dockerimage: demisto/xml-feed:1.0.0.116765
 tests:
 - No tests (auto formatted)
diff --git a/Packs/CommonScripts/pack_metadata.json b/Packs/CommonScripts/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Common Scripts",
     "description": "Frequently used scripts pack.",
     "support": "xsoar",
-    "currentVersion": "1.15.88",
+    "currentVersion": "1.15.89",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/CommonTypes/IndicatorFields/indicatorfield-globalprevalence.json b/Packs/CommonTypes/IndicatorFields/indicatorfield-globalprevalence.json
@@ -0,0 +1,36 @@
+{
+    "id": "indicator_globalprevalence",
+    "version": -1,
+    "modified": "2024-10-30T12:05:32.803043623Z",
+    "name": "Global Prevalence",
+    "ownerOnly": false,
+    "cliName": "globalprevalence",
+    "type": "number",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 2,
+    "hidden": false,
+    "openEnded": false,
+    "description": "The number of times the indicator is detected across all organizations.",
+    "associatedTypes": [
+        "Domain",
+        "IP",
+        "IPv6",
+        "URL",
+        "File"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "5.0.0"
+}
diff --git a/Packs/CommonTypes/IndicatorFields/indicatorfield-organizationfirstseen.json b/Packs/CommonTypes/IndicatorFields/indicatorfield-organizationfirstseen.json
@@ -0,0 +1,36 @@
+{
+    "id": "indicator_organizationfirstseen",
+    "version": -1,
+    "modified": "2024-10-30T12:05:32.803043623Z",
+    "name": "Organization First Seen",
+    "ownerOnly": false,
+    "cliName": "organizationfirstseen",
+    "type": "date",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 2,
+    "hidden": false,
+    "openEnded": false,
+    "description": "Date and time when the indicator was first seen in the organization.",
+    "associatedTypes": [
+        "Domain",
+        "IP",
+        "IPv6",
+        "URL",
+        "File"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "5.0.0"
+}