Merge branch 'contrib/CyberInt_feature/sync-indicators' into feature/…

…sync-indicators
demisto · Nov 22, 2024 · 27cd0a8 · 27cd0a8
2 parents c884ffb + e4c9305
commit 27cd0a8
Show file tree

Hide file tree

Showing 2,322 changed files with 48,281 additions and 14,373 deletions.
diff --git a/.github/content_roles.json b/.github/content_roles.json
@@ -6,16 +6,16 @@
         "TIM_REVIEWER": "The GitHub username for TIM reviews owner"
     },
     "CONTRIBUTION_REVIEWERS": [
-        "tcarmeli1",
-        "yaakovpraisler",
-        "aaron1535"
+        "MLainer1",
+        "YairGlik",
+        "amshamah419"
     ],
-    "CONTRIBUTION_TL": "jbabazadeh",
+    "CONTRIBUTION_TL": "samuelFain",
     "CONTRIBUTION_SECURITY_REVIEWER": ["idovandijk"],
     "ON_CALL_DEVS": [
         "sshuker",
-        "yhayun"
+        "sberman"
     ],
-    "DOC_REVIEWER": "richardbluestone",
+    "DOC_REVIEWER": "ShirleyDenkberg",
     "TIM_REVIEWER": "MLainer1"
 }
diff --git a/.github/workflows/security-label-check.yml b/.github/workflows/security-label-check.yml
@@ -0,0 +1,27 @@
+name: Security Label Check
+on:
+  pull_request:
+    types: [opened, edited, labeled, synchronize, unlabeled]
+jobs:
+  security-check:
+    runs-on: ubuntu-latest
+    if: github.repository == 'demisto/content' && github.event.pull_request.head.repo.fork == true && contains(github.head_ref, 'xsoar-bot-contrib-ContributionTestPack') == false
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v3
+    - name: Check if PR base branch starts with "contrib" and labels are correct
+      id: security_check
+      run: |
+        BASE_BRANCH=$(jq --raw-output .pull_request.base.ref "$GITHUB_EVENT_PATH")
+        LABELS=$(jq --raw-output '.pull_request.labels | map(.name) | join(",")' "$GITHUB_EVENT_PATH")
+          if [[ "$LABELS" == *"Security Review"* ]]; then
+            echo "Security Review label present. Checking if Security Approved label is added..."
+            if [[ "$LABELS" != *"Security Approved"* ]]; then
+              echo "Security Approved label is missing. The PR still requires a review from the security team."
+              exit 1
+            else
+              echo "Security Approved label is present."
+            fi
+          else
+            echo "Security Review label is not added. Security review is not required."
+          fi
diff --git a/Packs/AHA/Integrations/AHA/README.md b/Packs/AHA/Integrations/AHA/README.md
@@ -142,4 +142,4 @@ Edit an idea status to Shipped.
 | AHA.Idea.created_at | Date | The idea creation date. | 
 
 #### Command example
-```!aha-edit-idea idea_name=DEMO-I-2895```
+```!aha-edit-idea idea_name=DEMO-I-2895```
diff --git a/Packs/AMP/Integrations/AMPv2/README.md b/Packs/AMP/Integrations/AMPv2/README.md
@@ -1,28 +1,24 @@
 Cisco Advanced Malware Protection software is designed to prevent, detect, and help remove threats in an efficient manner from computer systems. Threats can take the form of software viruses and other malware such as ransomware, worms, Trojans, spyware, adware, and fileless malware.
 This integration was integrated and tested with version 1 of CiscoAMP.
 
-## Configure Cisco AMP Secure Endpoint on Cortex XSOAR
-
-1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
-2. Search for Cisco AMP Secure Endpoint.
-3. Click **Add instance** to create and configure a new integration instance.
-
-    | **Parameter** | **Description** | **Required** |
-    | --- | --- | --- |
-    | Server URL |  | True |
-    | 3rd Party API Client ID |  | True |
-    | API Key |  | True |
-    | Trust any certificate (unsecure) |  | False |
-    | Use system proxy |  | False |
-    | Maximum incidents to fetch. | Maximum number of incidents per fetch. The maximum is 200. | False |
-    | Incident severity to fetch. |  | False |
-    | First fetch time | First alert created date to fetch. e.g., "1 min ago","2 weeks ago","3 months ago" | False |
-    | Event types | Comma-separated list of Event Type IDs. | False |
-    | Create relationships | Create relationships between indicators as part of Enrichment. | False |
-
-4. Click **Test** to validate the URLs, token, and connection.
+## Configure Cisco AMP Secure Endpoint in Cortex
+
+
+| **Parameter** | **Description** | **Required** |
+| --- | --- | --- |
+| Server URL |  | True |
+| 3rd Party API Client ID |  | True |
+| API Key |  | True |
+| Trust any certificate (unsecure) |  | False |
+| Use system proxy |  | False |
+| Maximum incidents to fetch. | Maximum number of incidents per fetch. The maximum is 200. | False |
+| Incident severity to fetch. |  | False |
+| First fetch time | First alert created date to fetch. e.g., "1 min ago","2 weeks ago","3 months ago" | False |
+| Event types | Comma-separated list of Event Type IDs. | False |
+| Create relationships | Create relationships between indicators as part of Enrichment. | False |
+
 ## Commands
-You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
+You can execute these commands from the CLI, as part of an automation, or in a playbook.
 After you successfully execute a command, a DBot message appears in the War Room with the command details.
 ### cisco-amp-computer-list
 ***
@@ -5058,4 +5054,4 @@ Runs reputation on files.
 ### Cisco AMP - Hash Reputation for: 4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F
 >|Hashes|Hostname|Name|SHA256|
 >|---|---|---|---|
->| {'type': 'SHA256', 'value': '4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F'} | Demo_AMP_Exploit_Prevention | firefox.exe | 4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F |
+>| {'type': 'SHA256', 'value': '4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F'} | Demo_AMP_Exploit_Prevention | firefox.exe | 4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F |
diff --git a/Packs/AMP/Integrations/CiscoAMPEventCollector/README.md b/Packs/AMP/Integrations/CiscoAMPEventCollector/README.md
@@ -3,26 +3,22 @@ This integration was integrated and tested with version v1 of CiscoAMPEventColle
 
 This is the default integration for this content pack when configured by the Data Onboarder in Cortex XSIAM.
 
-## Configure Cisco AMP Event Collector on Cortex XSIAM
+## Configure Cisco AMP Event Collector in Cortex
 
-1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
-2. Search for Cisco AMP Event Collector.
-3. Click **Add instance** to create and configure a new integration instance.
 
-    | **Parameter**                           | **Required** |
-    |-----------------------------------------| --- |
-    | Server URL (e.g., https://some_url.com) | True |
-    | Client ID                               | True |
-    | API Key                                 | True |
-    | Max events number per fetch             | False |
-    | Trust any certificate (not secure)      | False |
-    | Use system proxy settings               | False |
+| **Parameter**                           | **Required** |
+|-----------------------------------------| --- |
+| Server URL (e.g., https://some_url.com) | True |
+| Client ID                               | True |
+| API Key                                 | True |
+| Max events number per fetch             | False |
+| Trust any certificate (not secure)      | False |
+| Use system proxy settings               | False |
 
-4. Click **Test** to validate the URLs, token, and connection.
 
 ## Commands
 
-You can execute these commands from the Cortex XSIAM CLI, as part of an automation, or in a playbook.
+You can execute these commands from the CLI, as part of an automation, or in a playbook.
 After you successfully execute a command, a DBot message appears in the War Room with the command details.
 
 ### cisco-amp-get-events
@@ -44,4 +40,4 @@ Gets events from Cisco AMP.
 
 #### Context Output
 
-There is no context output for this command.
+There is no context output for this command.
diff --git a/Packs/APIVoid/Integrations/APIVoid/APIVoid.yml b/Packs/APIVoid/Integrations/APIVoid/APIVoid.yml
@@ -1639,7 +1639,7 @@ script:
       description: ''
       type: boolean
     description: A smart API that accurately checks a website's trustworthiness.
-  dockerimage: demisto/python3:3.10.13.72123
+  dockerimage: demisto/python3:3.11.10.116439
   runonce: false
   subtype: python3
 fromversion: 5.0.0

diff --git a/Packs/APIVoid/Integrations/APIVoid/README.md b/Packs/APIVoid/Integrations/APIVoid/README.md
@@ -1,24 +1,20 @@
 APIVoid wraps up a number of services such as ipvoid & urlvoid.
 
-## Configure APIVoid on Cortex XSOAR
-
-1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
-2. Search for APIVoid.
-3. Click **Add instance** to create and configure a new integration instance.
-
-    | **Parameter** | **Description** | **Required** |
-    | --- | --- | --- |
-    | API KEY |  | True |
-    | Benign Reputation (Percentage) | If the percentage of detections is BELOW this value, the indicator is considered Benign | True |
-    | Suspicious Reputation (Percentage) | If the percentage of detections is ABOVE this value, the indicator is considered Suspicious | True |
-    | Malicious Reputation (Percentage) | If the percentage of detections is ABOVE this value, the indicator is considered Malicious | True |
-    | Malicious | Consider the indicator malicious if either Suspicious or Malicious | True |
-    | Trust any certificate (not secure) |  | False |
-    | Use system proxy settings |  | False |
-
-4. Click **Test** to validate the URLs, token, and connection.
+## Configure APIVoid in Cortex
+
+
+| **Parameter** | **Description** | **Required** |
+| --- | --- | --- |
+| API KEY |  | True |
+| Benign Reputation (Percentage) | If the percentage of detections is BELOW this value, the indicator is considered Benign | True |
+| Suspicious Reputation (Percentage) | If the percentage of detections is ABOVE this value, the indicator is considered Suspicious | True |
+| Malicious Reputation (Percentage) | If the percentage of detections is ABOVE this value, the indicator is considered Malicious | True |
+| Malicious | Consider the indicator malicious if either Suspicious or Malicious | True |
+| Trust any certificate (not secure) |  | False |
+| Use system proxy settings |  | False |
+
 ## Commands
-You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
+You can execute these commands from the CLI, as part of an automation, or in a playbook.
 After you successfully execute a command, a DBot message appears in the War Room with the command details.
 ### apivoid-ip
 ***
@@ -816,4 +812,4 @@ A smart API that accurately checks a website's trustworthiness.
 | APIVoid.SiteTrust.targeted_brands.gucci | boolean |  | 
 | APIVoid.SiteTrust.targeted_brands.salomon | boolean |  | 
 | APIVoid.SiteTrust.targeted_brands.liujo | boolean |  | 
-| APIVoid.SiteTrust.targeted_brands.truereligion | boolean |  | 
+| APIVoid.SiteTrust.targeted_brands.truereligion | boolean |  | 
diff --git a/Packs/APIVoid/ReleaseNotes/1_0_37.md b/Packs/APIVoid/ReleaseNotes/1_0_37.md
@@ -0,0 +1,10 @@
+
+#### Integrations
+
+##### APIVoid
+- Updated the Docker image to: *demisto/python3:3.11.10.116439*.
+
+
+
+
+
diff --git a/Packs/APIVoid/pack_metadata.json b/Packs/APIVoid/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "APIVoid",
     "description": "APIVoid wraps up a number of services such as ipvoid & urlvoid",
     "support": "xsoar",
-    "currentVersion": "1.0.36",
+    "currentVersion": "1.0.37",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/ARIAPacketIntelligence/Integrations/ARIAPacketIntelligence/README.md b/Packs/ARIAPacketIntelligence/Integrations/ARIAPacketIntelligence/README.md
@@ -1,20 +1,16 @@
 The ARIA Cybesecurity Solutions Software-Defined Security (SDS) platform integrates with Cortex XSOAR to add robustness when responding to incidents. The combination of ARIA hardware, in the form of a Secure Intelligent Adapter (SIA), and software, specifically Packet Intelligence and SDS orchestrator (SDSo), provides the elements required to react instantly when an incident is detected. When integrated with the ARIA solution, you can create playbooks that instruct one or more SIAs to add, modify, or delete rules automatically. These rule changes, which take effect immediately, can block conversations, redirect packets to a recorder or VLAN, or perform a variety of other actions.
 This integration was integrated and tested with version 1.0.9 of ARIA Packet Intelligence
-## Configure ARIA Packet Intelligence on Cortex XSOAR
+## Configure ARIA Packet Intelligence in Cortex
 
-1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
-2. Search for ARIA Packet Intelligence.
-3. Click **Add instance** to create and configure a new integration instance.
 
 | **Parameter** | **Description** | **Required** |
 | --- | --- | --- |
 | sdso | SDSo Base URL \(e.g. http://&lt;IP address or FQDN of SDSo Node&gt;:7443\) | True |
 | proxy | Use system proxy settings | False |
 | insecure | Trust any certificate \(not secure\) | False |
 
-4. Click **Test** to validate the URLs, token, and connection.
 ## Commands
-You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
+You can execute these commands from the CLI, as part of an automation, or in a playbook.
 After you successfully execute a command, a DBot message appears in the War Room with the command details.
 
 Note that all commands support a remediation configuration string (RCS). It is a set of parameters that defines how and 
@@ -2308,4 +2304,4 @@ equivalent to using the wildcard. For example, MA.all.all is equivalent to "MA.\
 > | securityDomain@ARIA-NORTH@<br/>[email protected]1,sia2,^ARIA-SOUTH| This RCS will select the SIA with a region label of "MA", group label of "HR", and name label of "sia1". It will also select the SIA named "sia2" as well as any SIAs that are members of both domains (i.e., ARIA-NORTH and ARIA-SOUTH). |
 
 ## Additional Information
-For more information, please see the ARIA_SOAR_Integration_Guide_XSOAR.
+For more information, please see the ARIA_SOAR_Integration_Guide_XSOAR.
diff --git a/Packs/AWS-ACM/Integrations/AWS-ACM/AWS-ACM.yml b/Packs/AWS-ACM/Integrations/AWS-ACM/AWS-ACM.yml
@@ -469,7 +469,7 @@ script:
       description: The certificate chain that contains the root certificate issued by the certificate authority (CA).
       type: string
     description: Retrieves a certificate specified by an ARN and its certificate chain . The chain is an ordered list of certificates that contains the end entity certificate, intermediate certificates of subordinate CAs, and the root certificate in that order. The certificate and certificate chain are base64 encoded. If you want to decode the certificate to see the individual fields, you can use OpenSSL.
-  dockerimage: demisto/boto3py3:1.0.0.100496
+  dockerimage: demisto/boto3py3:1.0.0.115129
   subtype: python3
 tests:
 - ACM-Test

diff --git a/Packs/AWS-ACM/Integrations/AWS-ACM/README.md b/Packs/AWS-ACM/Integrations/AWS-ACM/README.md
@@ -4,28 +4,24 @@ For more information regarding the AWS ACM service, please visit the official do
 
 For detailed instructions about setting up authentication, see: [AWS Integrations - Authentication](https://xsoar.pan.dev/docs/reference/articles/aws-integrations---authentication).
 
-## Configure AWS - ACM on Cortex XSOAR
-
-1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
-2. Search for AWS - ACM.
-3. Click **Add instance** to create and configure a new integration instance.
-
-    | **Parameter** | **Description** | **Required** |
-    | --- | --- | --- |
-    | roleArn | role ARN | False |
-    | roleSessionName | Role Session Name | False |
-    | defaultRegion | AWS Default Region | False |
-    | sessionDuration | Role Session Duration | False |
-    | access_key | Access Key | False |
-    | secret_key | Secret Key | False |
-    | timeout | The time in seconds till a timeout exception is reached. You can specify just the read timeout (for example 60) or also the connect timeout followed after a comma (for example 60,10). If a connect timeout is not specified a default of 10 second will be used. | False |
-    | retries | The maximum number of retry attempts when connection or throttling errors are encountered. Set to 0 to disable retries. The default value is 5 and the limit is 10. Note: Increasing the number of retries will increase the execution time. More details about the retries strategy is available [here](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/retries.html). | False |
-    | Trust any certificate (not secure) |  | False |
-    | Use system proxy settings |  | False |
-
-4. Click **Test** to validate the URLs, token, and connection.
+## Configure AWS - ACM in Cortex
+
+
+| **Parameter** | **Description** | **Required** |
+| --- | --- | --- |
+| roleArn | role ARN | False |
+| roleSessionName | Role Session Name | False |
+| defaultRegion | AWS Default Region | False |
+| sessionDuration | Role Session Duration | False |
+| access_key | Access Key | False |
+| secret_key | Secret Key | False |
+| timeout | The time in seconds till a timeout exception is reached. You can specify just the read timeout (for example 60) or also the connect timeout followed after a comma (for example 60,10). If a connect timeout is not specified a default of 10 second will be used. | False |
+| retries | The maximum number of retry attempts when connection or throttling errors are encountered. Set to 0 to disable retries. The default value is 5 and the limit is 10. Note: Increasing the number of retries will increase the execution time. More details about the retries strategy is available [here](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/retries.html). | False |
+| Trust any certificate (not secure) |  | False |
+| Use system proxy settings |  | False |
+
 ## Commands
-You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
+You can execute these commands from the CLI, as part of an automation, or in a playbook.
 After you successfully execute a command, a DBot message appears in the War Room with the command details.
 ### aws-acm-describe-certificate
 ***
@@ -228,4 +224,3 @@ Retrieves a certificate specified by an ARN and its certificate chain . The chai
 | AWS.ACM.Certificates.Certificate | string | String that contains the ACM certificate represented by the ARN specified at input. | 
 | AWS.ACM.Certificates.CertificateChain | string | The certificate chain that contains the root certificate issued by the certificate authority \(CA\). | 
 
-
diff --git a/Packs/AWS-ACM/ReleaseNotes/1_1_39.md b/Packs/AWS-ACM/ReleaseNotes/1_1_39.md
@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### AWS - ACM
+
+
+- Updated the Docker image to: *demisto/boto3py3:1.0.0.115129*.
diff --git a/Packs/AWS-ACM/pack_metadata.json b/Packs/AWS-ACM/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "AWS - ACM",
     "description": "Amazon Web Services Certificate Manager Service (acm)",
     "support": "xsoar",
-    "currentVersion": "1.1.38",
+    "currentVersion": "1.1.39",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/AWS-AccessAnalyzer/Integrations/AWS-AccessAnalyzer/AWS-AccessAnalyzer.yml b/Packs/AWS-AccessAnalyzer/Integrations/AWS-AccessAnalyzer/AWS-AccessAnalyzer.yml
@@ -310,7 +310,7 @@ script:
       name: roleSessionDuration
     description: Updates findings with the new values provided in the request.
     name: aws-access-analyzer-update-findings
-  dockerimage: demisto/boto3py3:1.0.0.100468
+  dockerimage: demisto/boto3py3:1.0.0.115129
   isfetch: true
   runonce: false
   script: '-'