Change marketplace on Malware Investigation and response playbooks (#…

…37299)

* Restrict Playbooks only to XSOAR marketplace

* Updated RN

* RN

* Add BC notes

* fixed rn

* pack version update

* Fixed review comments

Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_-_False_Positive_Incident_Handling.yml

@@ -854,3 +854,5 @@ inputs:
 outputs: []
 tests:
 - No tests
+marketplaces:
+- xsoar

Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_-_True_Positive_Incident_Handling.yml

@@ -2010,3 +2010,5 @@ tests:
 contentitemexportablefields:
   contentitemfields: {}
 system: true
+marketplaces:
+- xsoar

Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_Malware_-_Incident_Enrichment.yml

@@ -1276,4 +1276,6 @@ tests:
 - No tests (auto formatted)
 contentitemexportablefields:
   contentitemfields: {}
-system: true
+system: true
+marketplaces:
+- xsoar

Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_Malware_-_Investigation_and_Response.yml

@@ -2215,3 +2215,5 @@ tests:
 contentitemexportablefields:
   contentitemfields: {}
 system: true
+marketplaces:
+- xsoar

Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_SIEM_ingestion_-_Get_Incident_Data.yml

@@ -870,3 +870,5 @@ tests:
 contentitemexportablefields:
   contentitemfields: {}
 system: true
+marketplaces:
+- xsoar

Packs/CrowdStrikeFalcon/ReleaseNotes/2_0_26.md

@@ -0,0 +1,22 @@
+
+#### Playbooks
+
+##### CrowdStrike Falcon - False Positive Incident Handling
+
+- Updated the playbook to be availble only for XSOAR marketplace.
+
+##### CrowdStrike Falcon Malware - Investigation and Response
+
+- Updated the playbook to be availble only for XSOAR marketplace.
+
+##### CrowdStrike Falcon - True Positive Incident Handling
+
+- Updated the playbook to be availble only for XSOAR marketplace.
+
+##### CrowdStrike Falcon - SIEM ingestion Get Incident Data
+
+- Updated the playbook to be availble only for XSOAR marketplace.
+
+##### CrowdStrike Falcon Malware - Incident Enrichment
+
+- Updated the playbook to be availble only for XSOAR marketplace.

Packs/CrowdStrikeFalcon/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "CrowdStrike Falcon",
     "description": "The CrowdStrike Falcon OAuth 2 API (formerly the Falcon Firehose API), enables fetching and resolving detections, searching devices, getting behaviors by ID, containing hosts, and lifting host containment.",
     "support": "xsoar",
-    "currentVersion": "2.0.25",
+    "currentVersion": "2.0.26",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_-_False_Positive_Incident_Handling.yml

@@ -867,3 +867,5 @@ tests:
 - Microsoft Defender Advanced Threat Protection - Test
 - Microsoft Defender - ATP - Indicators SC Test
 fromversion: 6.5.0
+marketplaces:
+- xsoar

Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_-_True_Positive_Incident_Handling.yml

@@ -2047,3 +2047,5 @@ tests:
 - Microsoft Defender - ATP - Indicators SC Test
 fromversion: 6.5.0
 system: true
+marketplaces:
+- xsoar

Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_Malware_-_Incident_Enrichment.yml

@@ -1619,3 +1619,5 @@ view: |-
 tests:
 - Test Playbook - MDE Malware - Incident Enrichment
 fromversion: 6.5.0
+marketplaces:
+- xsoar

Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_SIEM_ingestion_-_Get_Incident_Data.yml

@@ -426,3 +426,5 @@ view: |-
 tests:
 - Test Playbook - MDE SIEM ingestion - Get Incident Data
 fromversion: 6.5.0
+marketplaces:
+- xsoar

Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_17_4.json

@@ -0,0 +1,4 @@
+{
+    "breakingChanges": true,
+    "breakingChangesNotes": "The following playbooks will be removed from XSIAM Marketplace: MDE SIEM ingestion - Get Incident Data,MDE - True Positive Incident Handling,MDE - False Positive Incident Handling,MDE Malware - Incident Enrichment"
+}

Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_17_4.md

@@ -0,0 +1,15 @@
+
+#### Playbooks
+
+##### MDE - True Positive Incident Handling
+
+- Updated the playbook to be availble only for XSOAR marketplace.
+##### MDE SIEM ingestion - Get Incident Data
+
+- Updated the playbook to be availble only for XSOAR marketplace.
+##### MDE - False Positive Incident Handling
+
+- Updated the playbook to be availble only for XSOAR marketplace.
+##### MDE Malware - Incident Enrichment
+
+- Updated the playbook to be availble only for XSOAR marketplace.

Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Microsoft Defender for Endpoint",
     "description": "Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection (ATP)) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.",
     "support": "xsoar",
-    "currentVersion": "1.17.3",
+    "currentVersion": "1.17.4",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",