From 6ad91983b8d9a87f31b3781315af74033b229c90 Mon Sep 17 00:00:00 2001 From: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> Date: Mon, 25 Nov 2024 17:57:07 +0200 Subject: [PATCH] Change marketplace on Malware Investigation and response playbooks (#37299) * Restrict Playbooks only to XSOAR marketplace * Updated RN * RN * Add BC notes * fixed rn * pack version update * Fixed review comments --- ...con_-_False_Positive_Incident_Handling.yml | 2 ++ ...lcon_-_True_Positive_Incident_Handling.yml | 2 ++ ...e_Falcon_Malware_-_Incident_Enrichment.yml | 4 +++- ...n_Malware_-_Investigation_and_Response.yml | 2 ++ ...con_SIEM_ingestion_-_Get_Incident_Data.yml | 2 ++ .../CrowdStrikeFalcon/ReleaseNotes/2_0_26.md | 22 +++++++++++++++++++ Packs/CrowdStrikeFalcon/pack_metadata.json | 2 +- ...MDE_-_False_Positive_Incident_Handling.yml | 2 ++ ...-MDE_-_True_Positive_Incident_Handling.yml | 2 ++ ...book-MDE_Malware_-_Incident_Enrichment.yml | 2 ++ ...MDE_SIEM_ingestion_-_Get_Incident_Data.yml | 2 ++ .../ReleaseNotes/1_17_4.json | 4 ++++ .../ReleaseNotes/1_17_4.md | 15 +++++++++++++ .../pack_metadata.json | 2 +- 14 files changed, 62 insertions(+), 3 deletions(-) create mode 100644 Packs/CrowdStrikeFalcon/ReleaseNotes/2_0_26.md create mode 100644 Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_17_4.json create mode 100644 Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_17_4.md diff --git a/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_-_False_Positive_Incident_Handling.yml b/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_-_False_Positive_Incident_Handling.yml index 84479ec2219..293e33002b8 100644 --- a/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_-_False_Positive_Incident_Handling.yml +++ b/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_-_False_Positive_Incident_Handling.yml @@ -854,3 +854,5 @@ inputs: outputs: [] tests: - No tests +marketplaces: +- xsoar diff --git a/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_-_True_Positive_Incident_Handling.yml b/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_-_True_Positive_Incident_Handling.yml index 2ecb6122774..057e88859de 100644 --- a/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_-_True_Positive_Incident_Handling.yml +++ b/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_-_True_Positive_Incident_Handling.yml @@ -2010,3 +2010,5 @@ tests: contentitemexportablefields: contentitemfields: {} system: true +marketplaces: +- xsoar diff --git a/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_Malware_-_Incident_Enrichment.yml b/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_Malware_-_Incident_Enrichment.yml index 081583031ad..9f1f07906ef 100644 --- a/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_Malware_-_Incident_Enrichment.yml +++ b/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_Malware_-_Incident_Enrichment.yml @@ -1276,4 +1276,6 @@ tests: - No tests (auto formatted) contentitemexportablefields: contentitemfields: {} -system: true \ No newline at end of file +system: true +marketplaces: +- xsoar \ No newline at end of file diff --git a/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_Malware_-_Investigation_and_Response.yml b/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_Malware_-_Investigation_and_Response.yml index 8a85aa39a4f..dffa22d971d 100644 --- a/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_Malware_-_Investigation_and_Response.yml +++ b/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_Malware_-_Investigation_and_Response.yml @@ -2215,3 +2215,5 @@ tests: contentitemexportablefields: contentitemfields: {} system: true +marketplaces: +- xsoar diff --git a/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_SIEM_ingestion_-_Get_Incident_Data.yml b/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_SIEM_ingestion_-_Get_Incident_Data.yml index 72aaaeeae0d..1cfd05b4a2a 100644 --- a/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_SIEM_ingestion_-_Get_Incident_Data.yml +++ b/Packs/CrowdStrikeFalcon/Playbooks/playbook-CrowdStrike_Falcon_SIEM_ingestion_-_Get_Incident_Data.yml @@ -870,3 +870,5 @@ tests: contentitemexportablefields: contentitemfields: {} system: true +marketplaces: +- xsoar \ No newline at end of file diff --git a/Packs/CrowdStrikeFalcon/ReleaseNotes/2_0_26.md b/Packs/CrowdStrikeFalcon/ReleaseNotes/2_0_26.md new file mode 100644 index 00000000000..544107687ff --- /dev/null +++ b/Packs/CrowdStrikeFalcon/ReleaseNotes/2_0_26.md @@ -0,0 +1,22 @@ + +#### Playbooks + +##### CrowdStrike Falcon - False Positive Incident Handling + +- Updated the playbook to be availble only for XSOAR marketplace. + +##### CrowdStrike Falcon Malware - Investigation and Response + +- Updated the playbook to be availble only for XSOAR marketplace. + +##### CrowdStrike Falcon - True Positive Incident Handling + +- Updated the playbook to be availble only for XSOAR marketplace. + +##### CrowdStrike Falcon - SIEM ingestion Get Incident Data + +- Updated the playbook to be availble only for XSOAR marketplace. + +##### CrowdStrike Falcon Malware - Incident Enrichment + +- Updated the playbook to be availble only for XSOAR marketplace. diff --git a/Packs/CrowdStrikeFalcon/pack_metadata.json b/Packs/CrowdStrikeFalcon/pack_metadata.json index f02aeaf2e1b..96a60ddc495 100644 --- a/Packs/CrowdStrikeFalcon/pack_metadata.json +++ b/Packs/CrowdStrikeFalcon/pack_metadata.json @@ -2,7 +2,7 @@ "name": "CrowdStrike Falcon", "description": "The CrowdStrike Falcon OAuth 2 API (formerly the Falcon Firehose API), enables fetching and resolving detections, searching devices, getting behaviors by ID, containing hosts, and lifting host containment.", "support": "xsoar", - "currentVersion": "2.0.25", + "currentVersion": "2.0.26", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_-_False_Positive_Incident_Handling.yml b/Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_-_False_Positive_Incident_Handling.yml index 74b2cb8d49c..2e7e6eaa693 100644 --- a/Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_-_False_Positive_Incident_Handling.yml +++ b/Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_-_False_Positive_Incident_Handling.yml @@ -867,3 +867,5 @@ tests: - Microsoft Defender Advanced Threat Protection - Test - Microsoft Defender - ATP - Indicators SC Test fromversion: 6.5.0 +marketplaces: +- xsoar diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_-_True_Positive_Incident_Handling.yml b/Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_-_True_Positive_Incident_Handling.yml index 9fb39d79bec..cbbcbcbb102 100644 --- a/Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_-_True_Positive_Incident_Handling.yml +++ b/Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_-_True_Positive_Incident_Handling.yml @@ -2047,3 +2047,5 @@ tests: - Microsoft Defender - ATP - Indicators SC Test fromversion: 6.5.0 system: true +marketplaces: +- xsoar diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_Malware_-_Incident_Enrichment.yml b/Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_Malware_-_Incident_Enrichment.yml index ed067ed4907..4206fafb150 100644 --- a/Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_Malware_-_Incident_Enrichment.yml +++ b/Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_Malware_-_Incident_Enrichment.yml @@ -1619,3 +1619,5 @@ view: |- tests: - Test Playbook - MDE Malware - Incident Enrichment fromversion: 6.5.0 +marketplaces: +- xsoar diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_SIEM_ingestion_-_Get_Incident_Data.yml b/Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_SIEM_ingestion_-_Get_Incident_Data.yml index 5a3af266936..add8244985e 100644 --- a/Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_SIEM_ingestion_-_Get_Incident_Data.yml +++ b/Packs/MicrosoftDefenderAdvancedThreatProtection/Playbooks/playbook-MDE_SIEM_ingestion_-_Get_Incident_Data.yml @@ -426,3 +426,5 @@ view: |- tests: - Test Playbook - MDE SIEM ingestion - Get Incident Data fromversion: 6.5.0 +marketplaces: +- xsoar diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_17_4.json b/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_17_4.json new file mode 100644 index 00000000000..bf6fc619358 --- /dev/null +++ b/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_17_4.json @@ -0,0 +1,4 @@ +{ + "breakingChanges": true, + "breakingChangesNotes": "The following playbooks will be removed from XSIAM Marketplace: MDE SIEM ingestion - Get Incident Data,MDE - True Positive Incident Handling,MDE - False Positive Incident Handling,MDE Malware - Incident Enrichment" +} \ No newline at end of file diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_17_4.md b/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_17_4.md new file mode 100644 index 00000000000..5777b754b1f --- /dev/null +++ b/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_17_4.md @@ -0,0 +1,15 @@ + +#### Playbooks + +##### MDE - True Positive Incident Handling + +- Updated the playbook to be availble only for XSOAR marketplace. +##### MDE SIEM ingestion - Get Incident Data + +- Updated the playbook to be availble only for XSOAR marketplace. +##### MDE - False Positive Incident Handling + +- Updated the playbook to be availble only for XSOAR marketplace. +##### MDE Malware - Incident Enrichment + +- Updated the playbook to be availble only for XSOAR marketplace. diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json b/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json index 5f879a01fd9..f6927b089d0 100644 --- a/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json +++ b/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Microsoft Defender for Endpoint", "description": "Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection (ATP)) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.", "support": "xsoar", - "currentVersion": "1.17.3", + "currentVersion": "1.17.4", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",