Rapid Breach Response | Added FireEye playbook #10664
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
David-BMS
reviewed
Jan 3, 2021
...tigationandResponse/Playbooks/playbook-FireEye_Red_Team_Tools_Investigation_and_Response.yml
Outdated
Show resolved
Hide resolved
...tigationandResponse/Playbooks/playbook-FireEye_Red_Team_Tools_Investigation_and_Response.yml
Outdated
Show resolved
Hide resolved
...tigationandResponse/Playbooks/playbook-FireEye_Red_Team_Tools_Investigation_and_Response.yml
Show resolved
Hide resolved
...tigationandResponse/Playbooks/playbook-FireEye_Red_Team_Tools_Investigation_and_Response.yml
Outdated
Show resolved
Hide resolved
...tigationandResponse/Playbooks/playbook-FireEye_Red_Team_Tools_Investigation_and_Response.yml
Show resolved
Hide resolved
...tigationandResponse/Playbooks/playbook-FireEye_Red_Team_Tools_Investigation_and_Response.yml
Show resolved
Hide resolved
…to/content into FireEyeRedTeamTools
Done.
|
@David-BMS @michalgold Doc review completed. |
David-BMS
approved these changes
Jan 3, 2021
DeanArbel
pushed a commit
that referenced
this pull request
Jan 10, 2021
* Added FireEye playbook * Added tasks descriptions + Made few changes according to the review * Update playbook-FireEye_Red_Team_Tools_Investigation_and_Response.yml Done. * Update README.md Done. * Updated RN + RM Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
DeanArbel
added a commit
that referenced
this pull request
Jan 10, 2021
* [Sixgill-195] - added sixgill reputation commands (#10410) * added sixgill reputation commands * added sixgill reputation commands * fix * fix * fix * fix * fix * fix * fix * fix based on feedback * added commands.txt * Update Sixgill_Darkfeed_Enrichment.yml Done * Update Sixgill_Darkfeed_description.md Done * Update Sixgill_Darkfeed_Enrichment_description.md Updated * Update README.md Updated * Update README.md Updated. * Update README.md Updated * Update Sixgill_Darkfeed_Enrichment_description.md Updated * Update 1_2_3.md Updated. * Fixed an issue where setting the proxy configuration to True was ignored (#10550) Co-authored-by: hod-alpert <haplert@paloaltonetworks.com> * rm fetch param (#10665) * remove dependencies (#10654) * Traps - rm fetch param (#10666) * rm fetch param * bump docker image * Removed VxStream from skipped and from Detonate File - Generic Test reqs (#10668) * Sophos central param (#10670) * add fromversion * Sophos Central - Fixed an issue where the *First fetch* parameter * do * Update Packs/SophosCentral/ReleaseNotes/1_0_1.md Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * PCAP Analysis documentation improvement (#10004) * Improved documentation and added video link. * Improved video link * Updated Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com> * QRadar bugfix (#10641) * bugfix * cr fixes * Update 1_2_6.md * rn file Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com> * fix archer fetch-incidents time to use xmlConvertedValue (#10397) * fix archer fetch-incidents * fix time aware/naive * Update 1_1_7.md * fix cr and documentation * added debug statements * update docker image * update rns Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com> * Added support for multiple credentials (#10555) * Added support for multiple credentials * Small changes * Key name * Fixed test * Added RN * Added RN * fixed errors in commands names (#10623) * fixed firepower * fixed telegram * fixed cloudShare - infinipoint * fixed bigFix * fixed WootCloud * added release notes * Upgraded the Docker image * fixed fp - rss * fixed infinipoint * fixed wootcloud * fixed * fixed * fixed * fixed release notes * Update 1_0_3.md * Update 1_0_2.md * Update 1_0_3.md * Update 1_0_2.md * Update 1_0_1.md * Update 1_0_4.md * Update 1_0_1.md * Update 1_0_2.md * Update 1_0_6.md * Update 2_1_1.md * Update 1_0_1.md * Update 1_0_2.md Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com> * Updating demisto-client to not cache last response (#10672) Co-authored-by: hod-alpert <haplert@paloaltonetworks.com> * ZipFile: Added support for multiple file zips (#10660) * Added support for multiple file zips * Update 1_3_8.md * Update 1_3_8.md * added testplaybook * fixed test pbook * Update Packs/CommonScripts/Scripts/ZipFile/ZipFile.yml Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * Update Packs/CommonScripts/ReleaseNotes/1_3_8.md Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * Update Packs/CommonScripts/ReleaseNotes/1_3_8.md Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * added readme and outputs Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com> Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * New Shadow IT pack (#10554) * New Shadow IT pack (#10355) * First commit of new ShadowIT pack * formatting fixes * final playbook * added documentation * set fromversion * fixed image link * Adds new inputs to the playbook * Adds sshot of the playbook * Updated Playbook with review suggestions * Added Playbook image links Co-authored-by: Luigi Mori <lmori@paloaltonetworks.com> * Update README.md Done. * Update playbook-Handle_Shadow_IT_Incident_README.md Done. Co-authored-by: Francesco Vigo <fvigo@users.noreply.github.com> Co-authored-by: Luigi Mori <lmori@paloaltonetworks.com> Co-authored-by: bgenish <bgenish@paloaltonetworks.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Bitcoin abuse integration (#10473) * created bitcoin abuse pack * wip * wip * wip * wip * wip * wip * wip * wip * Wip * Wip * Wip * Wip * Wip * Wip * Wip * Wip * Wip * Wip * Wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * fixed failing tests, added secret ignore * changed from_version to 5.0.0 * fixed failing validations * fixing branch test failures * fixing branch test failures * added fromversion of 5.5.0 to bitcoin test playbook * added fromversion of 5.5.0 to bitcoin pack meta data * Changed Bitcoin Abuse image * updated release notes * updated release notes * fixing build * fixing build fixing build * fixing build * Update BitcoinAbuse.yml Done. * Update README.md Done. * fixing document review * fixed test playbook to run only on 5.5.0 and higher versions of server * fixed test playbook to run only on 5.5.0 and higher versions of server * fixing validations * wip * Update Packs/Cryptocurrency/ReleaseNotes/1_1_0.md Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> * cr fixes * cr fixes * cr fixes * cr fixes * cr fixes * cr fixes * cr fixes * changed bitcoin address from invalid to valid to pass test playbook * removed from readme bitcoin abuse description field as it is not needed * edited layout * wip * wip * wip * wip * wip * wip * wip * wip * added some docstring comments * added some docstring comments * added crypto dependency * added crypto raw address field * added raw address to layout * added raw address to layout * added raw address * cr fixes * cr fixes - added unit tests * cr fixes * cr fixes * cr fixes, and changed abuse type indicator field from short text to single select * wip * wip * wip * Update Packs/BitcoinAbuse/Integrations/BitcoinAbuse/BitcoinAbuse_description.md Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> * Update Packs/BitcoinAbuse/Integrations/BitcoinAbuse/README.md Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> * cr fixes * Update Packs/BitcoinAbuse/Integrations/BitcoinAbuse/README.md * layout fixes * layout fixes * layout fixes * layout fixes * layout fixes * wip * wip * wip * wip * Wip * added dependecy of common tyes to bitcoin abuse * wip * wip * wip * wip * wip * wip * wip Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> * CiscoASA argument fix (#10676) * fixed argument * added release notes * Update 1_0_3.md Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com> * Illusive networks argument fix (#10673) * fixed Wrong argument * added releasenotes * Update 1_0_6.md Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com> * removed unneccessery arg of an old command (#10684) * Cleaning logs (#10669) Co-authored-by: hod-alpert <haplert@paloaltonetworks.com> * Search Incidents Enhancement (#10663) * Search Incidents Enhancement * Updated RN * Updated RN after merge * Update Packs/CommonScripts/ReleaseNotes/1_3_9.md Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * set extended and include_elements to false (#10686) * Add a playback run after record * unskipping HashiCorp Vault (#10693) Co-authored-by: hod-alpert <haplert@paloaltonetworks.com> * MobileIron UEM Integration (#10615) * MobileIron UEM Integration (#10154) Co-authored-by: Darko Grozdanovski <darkogrozdanovski@gmail.com> Co-authored-by: esharf <esahrf@paloaltonetworks.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * sdk-1.2.13 (#10696) * sdk-1.2.13 * update sdk version to 1.2.13 * fixing bug with premium non paid packs (#10625) * fixing bug with premium non paid packs * added some debug logs * getting safer * adding additional logs * V2 * adding shell * removing prints and unnecessary statements * removing prints and unnecessary statements * removing prints and unnecessary statements * removing prints and unnecessary statements Co-authored-by: guykeller <g12k34ppp> * JoeSecurity - rm backslashes from filename (#10695) * rm backslashes from filename * Update 1_0_3.md * add test for submit file sample with backslash * revert fromversion removal * unskip the test Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com> * Expanse v2 parameter fix (#10675) * fixed parameter * added release note * Sentinel one v2 arguments fix (#10692) * fixed arguments * added release notes * added release notes * Windows Remote Management - Changed image to match standards (#10677) * Changed image to match standards * Added RN * Update 1_0_2.md Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com> * Maltiverse rm arguments (#10699) * rm fullResponse from all commands * added releae notes * fixed releae notes * Cloudshare fixed (#10682) * fixed * added release notes * fixed release notes * rm URL from metadata * CertificateTroubleshoot: add openssl client support (#10632) * CertificateTroubleshoot: add openssl client support * mypy fixes * Update Packs/Troubleshoot/ReleaseNotes/1_1_1.md Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * Update Packs/Troubleshoot/Scripts/CertificatesTroubleshoot/CertificatesTroubleshoot.yml Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * Update Packs/Troubleshoot/Scripts/CertificatesTroubleshoot/README.md Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * Update Packs/Troubleshoot/Scripts/CertificatesTroubleshoot/README.md Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * Update Packs/Troubleshoot/Scripts/CertificatesTroubleshoot/README.md Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * update doc string * fix flake8 Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * update deps and support py 3.9 in bootstrap (#10702) * AWS Lambda: add support for retries and timeout (#10687) * add support for retries and timeout * test playbook and change connect timeout to 10 sec * fix unit test * aws lambda doc * update docker image * Update Packs/AWS-Lambda/ReleaseNotes/1_1_0.md Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * Update Packs/AWS-Lambda/ReleaseNotes/1_1_0.md Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * Update Packs/AWS-Lambda/Integrations/AWS-Lambda/AWS-Lambda.yml Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * Update Packs/AWS-Lambda/Integrations/AWS-Lambda/AWS-Lambda.yml Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * Update Packs/AWS-Lambda/Integrations/AWS-Lambda/AWS-Lambda.yml Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * skip akamai waf (#10709) * DNS Feed bug fixes (#10701) * add to skip list (#10711) * Misp v2 argument fix (#10674) * fixed Wrong argument * added release notes * test * fixed release notes * fixed release notes * Uptycs rm argument (#10698) * rm argument * added release notes * Update Packs/Uptycs/ReleaseNotes/1_0_3.md Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> * Update 1_0_3.md * Update 1_0_3.md Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com> Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> * Archer v2 fixed argument and rm parameter (#10691) * fixed argument typo * added release notes * added release notes * fixed releae notes * fixed releae notes * Updated Docker image * SolarStorm SUNBURST playbook enhancements | Added Expanse checks to the playbook (#10567) * Added Expanse checks to the playbook * updated playbook image * updated playbook image * Updated playbook * added another XDR check and added more descriptions * new playbook image * new playbook image * Added tasks descriptions * Made few changes according to the review * Made few changes according to the review * Updated RN + RM * IAM Test palybooks (#10645) * test playbook * Rapid Breach Response | Added FireEye playbook (#10664) * Added FireEye playbook * Added tasks descriptions + Made few changes according to the review * Update playbook-FireEye_Red_Team_Tools_Investigation_and_Response.yml Done. * Update README.md Done. * Updated RN + RM Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Login to docker on behalf of demisto user (#10708) Co-authored-by: hod-alpert <haplert@paloaltonetworks.com> * CommonServerPython: add handler for py warnings (#10688) * add test for python warnings * add support for handling warnings * doc gen improvements * ignore warnings from logging * fix lint + test on py 3.9.1 * Fixed the 'database' parameter (#10718) * Fixed parameter * Update 1_0_1.md Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com> * Ms graph docs refactor (#9953) * refactor commands' arguments description * refactor readme and add change log * change version * change packs version * 1. remove old readme 2. update RN * Update Packs/MicrosoftGraphFiles/Integrations/MicrosoftGraphFiles/MicrosoftGraphFiles.py Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * Update README.md Done. * Update 1_0_3.md Done. * Update README.md Done. * Update MicrosoftGraphFiles.yml Done. Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Fix disable sdk pylint check for 3.9 version (#10730) * use finally-fixed-3.9 demisto-sdk branch * dummy change in hello world * dummy change in ServiceNow_IAM * fix dummy changes * fix secrets * Fixed an issue where proxy wasn't ignored when configured (#10620) * Fixed an issue where proxy wasn't ignored when configured Co-authored-by: hod-alpert <haplert@paloaltonetworks.com> Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com> * Added slack capabilities (#10385) * Added slack capabilities * Debug change * Update send_slack_message.py * Debug change * Indentation * Added dev env install * Changed condition * Changed condition * Changed condition * testing * Added markdown parsing * Added the right formatting * Divided into sub-functions to arrange logic * Reverted workflow changes * Reverted workflow changes * replaced json.dumps with pformat. Replaces "list" occurrences with "List" * Update Utils/github_workflow_scripts/send_slack_message.py Co-authored-by: avidan-H <46294017+avidan-H@users.noreply.github.com> * Replaced slack channel * 2nd CR Co-authored-by: avidan-H <46294017+avidan-H@users.noreply.github.com> * skip unstable test UT (#10735) * dummy change to trigger tests * Revert "dummy change to trigger tests" This reverts commit 921552c. * dummy change to trigger tests * fix lint * Autofocus: readme to use video from content-assets (#10705) * Autofocus: readme to use video from content-assets * Delete AutoFocus_Feed_demo.mp4 * Fix instance and nightly config (#10712) * Github IAM - IAM test playbook (#10728) * change user profile * skip * Type rule extraction (#10502) * Updated original Malware incident type and added new for 6.1. * Release notes. * Release notes. * Added Phising 6.1 indicator extraction rules. * SDK format * x * Added extractsetting to json * Fixed To version * Apply suggestions from code review Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com> * CSMalquery - unimplemented arguments fix (#10726) * fixed unimplemented arguments in the hunt and the exact-search commands. Added additional File outputs to the file reputation command. * Update 1_0_2.md Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com> * Oktav2 - Unimplemented argument fix (#10738) * fixed typo in arg name * Update Packs/Okta/ReleaseNotes/2_1_3.md Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com> * SumoLogic - set last fetch to now time for agg records (#10697) * set last fetch to now time for agg records * Update 1_0_4.md Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com> * removed redundant test files (#10739) * O365 - EWS - Extension (#10281) * O365 - Security And Compliance - Validate sc-auth-start run before sc-auth-complete (#10707) * Threat Vault - Handle errors gracefully, add outputs (#10722) * Threat Vault - Handle errors gracefully, add outputs * add outptus to readme * add outptus to readme2 * lint fixes * rn update * Cognni integration (#10633) * Cognni integration (#9772) * initial commit * fix unit tests * add ping command and remove HelloWorld related code * add fetch_incidents, fetch_insights, get_event, get_insight * fix configuration * update logo * Add more unit tests * add unit tests * Add playbook * added more unit tests * Bug fixes * Add min_sevrity and from_date filters to fetch-incident-command * --no-verify * Fixed bug on the severity filter - fetch-incident command * Add functions notes Please enter the commit message for your changes. Lines starting * Add command example file * update comments * update command examples * add missing field conversion * Add readme * Fix readme files * Remove unecessary command * Add Cognni description for the marketplace * Removed 'ping' command * Modified email * Add the current Coggni version number * Refactor 'get_event' function * remove ping command * remove ping command unit test * fix offset and start time calculation for fetch incidents function * fix fetch incidents mock data * remove redundant fetch incidents command * fix variable value in fetch incidents unit test * fix commands configuration, examples and REAMDE * Added description for the marketplace * Add test_module call to the main function * Bug fix on fetch incidents command * Fix offset bug- in fetch incident command * Add more explanations on test module command * Fix the date testing in test-module command * Add api key description Co-authored-by: Tal Z <tal@cognni.ai> * remove files and add tags. Also move testplaybook * delete unneccassary test files * added IDs to ignored secrets * Updated * Updated * Readme update Co-authored-by: VeredRozen <44163051+VeredRozen@users.noreply.github.com> Co-authored-by: Tal Z <tal@cognni.ai> Co-authored-by: olichter <olichter@paloaltonetworks.com> Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com> Co-authored-by: Michal-Vardi <76096767+Michal-Vardi@users.noreply.github.com> * bump version (#10749) * Added api key to get requests to avoid rate limit violation (#10594) * Added api key to get requests to avoid rate limit violation Co-authored-by: hod-alpert <haplert@paloaltonetworks.com> Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com> * Logs aren't return as we expect from common server python (#10752) * logs issue * Added network security use-case (#10757) * Skipped the following tests: "Google_Vault-Search_And_Display_Results_test", "FeedThreatConnect-Test", "Phishing v2 - Test - Incident Starter", "Phishing - Core - Test - Incident Starter" (#10753) * Added additional tags (#10756) * Added additional tags New tags for MITRE ATT&CK Courses of Action pack * Update approved_tags.json * Humio/query allow timestamps (#10740) * Humio/query allow timestamps (#10732) * Allow humio_query to accept timestamps for start and end parameters * Get ready to update version of Humio * Update docker image * Updated * Added updated docker image Co-authored-by: Alexander Brandborg <alexander.brandborg@hotmail.com> Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com> Co-authored-by: abaumgarten <abaumgarten@paloaltonetworks.com> * BluecatAddressManager enhancement- fix exceptions issue (#10751) * fix issue * fixes * warnnings * Bumped HWP timeout (#10755) Co-authored-by: guykeller <g12k34ppp> * Workday long running - Testing (#10656) * IAM lung running test * IAM lung running test * changed emails mock data and added rn * Fixed secrets * fixed validate step * Updated the integration according to review * Moved the integration to Workday pack Renamed the integration. Reverted DeveloperTools pack. * Moved secrets ignore * Updated mock reports * fixed secrets * Added readme file * refactoring the name * refactoring the name * added another note to the readme. * Fixed yml description. * Fixed readme reviews * Fixed all readme notes * Slack UT - removed skip (#10764) * removed skip * removed flake8 * removed ignore * skip crowdstrike integrations (#10761) * Added file format #!/usr/bin/env python3 (#10768) * XMCyber timeId argument fix (#10737) * timeId argument fix * release notes change * Update 1_0_3.md Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com> * change cognni pack to be certified (#10770) * Fix x509 certificate folders (#10771) * fixed folder name * added release notes * slack ignore lines mypy (#10773) * skack ignore lines mypy * Update 1_3_10.md Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com> * Merge private and public id sets (#10189) * download private_id_set script, add to the build * fix file name * fix file name * fix file name * fix file name * fix file name * some tests * some tests * add service account * add service account * add GOOGLE_APPLICATION_CREDENTIALS * add artifacts * add artifacts * xsoar-ci-artifacts * merge id sets * merge id sets * change sdk to use merge id sets command * change sdk to use merge id sets command * change sdk to use merge id sets command * add prepare_private_id_set_for_merge and upload_private_id_set scripts * add test files * add test * add test * fix test * fix test * fix test * remove test * add test, (remove changes from build) * fix test and validation * fix path * try another bucket * try another file * some test * some test * some test * service_account * public_and_private_id_sets file * remove public_and_private_id_sets file * remove cp to artifacts * remove cp to artifacts * $CIRCLE_ARTIFACTS * add file * merge to id_set file * CR changes * CR changes * fix validation * fix validation * change private id set path in bucket * fix test, try download with gsutil * try download with gsutil * try download with gsutil * try download with gsutil * download with script * try to decode gcs creds * try with gsutil * try with gsutil * add file unified_id_sets * remove file * change path of unified id sets * replace sdk branch * add id_set_private_test file to bucket * remove scripts use gsutil instead * use another branch * remove script from this PR * add script and test * remove ref for demisto sdk * some fixes * some fixes * fix artifacts * unified id set file * fixes * fixes * open new file * fixes * fixes * fixes * try to download with script * some fixes * some fixes * ref sdk * fixes * comment * remove ref * fixes * try with prints * add ref * comment * comment * comment * comment * remove ref * comment * ref * cache * comment * try to remove duplicates * fix duplicate id * fix duplicate ID issue * add check that id sets merge successfully * add check that id sets merge successfully * fix duplicate * add check in sdk command * comment * add duplicates for test * fix duplicates for test * duplicates for test * typo * fix duplicates - ready * fix ref * unified ID set just in validate * check with ref sdk * add id set path to validate script * comment * comment * ref sdk to master * add artifacts to run validation step * add merge to create step * fixes * fixes * ref to sdk validate mappers * comment * add step for merge id sets * remove changes * remove changes * CR changes * XDR - Removed the extra-data parameter (#10744) * ï¿¿Removed unnecessary parameter * Update 2_7_4.md Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com> * Upload Flow - Reduce API Calls (#10584) * copying added/modified images only * slack notifier fix * returning all images * cr fixes * cr fixes - phase 2 * cr fixes & ut fixes * ID SET initiate check (#10766) * check 101 * check 102 * add post-commit * change branch name * change branch name2 * fix indent * 1.2.14 * Merge remote-tracking branch 'origin/master' into id_set_check # Conflicts: # Tests/scripts/validate.sh * add -s * coloredlogs==15.0 * update build req for slackclient * clickable url (#10747) * clickable url * rn * rn * docker image * docker image * master pull * master pull * Revert "master pull" This reverts commit c5ea4e0 * Revert "master pull" This reverts commit 901b67c * revert * revert * Update FeediDefense.py * Update FeediDefense.py * Update 2_0_3.md * test proxy * test proxy * Update 2_0_3.md Co-authored-by: reut shalem <50294648+reutshal@users.noreply.github.com> Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com> * Skipping Preparing Content Packs For Testing in nightly builds (#10754) * Skipping Preparing Content Packs For Testing in nightly builds Co-authored-by: hod-alpert <haplert@paloaltonetworks.com> Co-authored-by: guyfreund <gfreund@paloaltonetworks.com> * Update email ask user readme (#10774) * Update email ask user readme * Update Packs/CommonScripts/Scripts/script-EmailAskUser_README.md Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com> * fix mdx Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com> * Carbon Black Protectmax_incidents_per_fetch fix (#10743) * max_incidents_per_fetch fix * Update Packs/CarbonBlackProtect/ReleaseNotes/1_0_4.md * update docker image Co-authored-by: Bargenish <bgenish@paloaltonetworks.com> * Revert "Upload Flow - Reduce API Calls (#10584)" (#10778) This reverts commit 512dda6. * XM Cyber - fix wrong default PB, BmcHelixRemedyForce update DO to re create id_set (#10776) * XM Cyber - fix wrong default PB * fix rn * update DO * bump * bump * add pack ignore ID101 * fix 1 more docker image * change to 1.2.15 * using a commithash instead * add ignore to needed files * use another commit hash * fix ignored file * Making the playbook single branch (#10780) Co-authored-by: hod-alpert <haplert@paloaltonetworks.com> * FailedInstances: added testmodule to excluded instances (#10777) * added testmodule to excluded instances * updated test playbook check * Adding photos for CoA pr (#10784) * changed file permissions (#10785) * Install Pack Fix (#10759) * Install Pack Fix * Supporting minimum server version * Added comments * cleaned code * updated after CR * Update validate.sh (#10787) * Archer: Skipping old incidents in fetch (#10758) * Archer: Skipped old incidents * fix incidents times * Update Packs/ArcherRSA/ReleaseNotes/1_1_9.md Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com> * Supporting new slack client (#10783) Co-authored-by: hod-alpert <haplert@paloaltonetworks.com> * Skipped the following tests: "Process Email - Generic - Test - Incident Starter" (#10796) * updated certification of partner packs (#10805) * Cognni: fixed pack description and README (#10808) * fixed pack description and README * update support details * PANW IoT: updated API configuration link (#10809) * update API configuration link * Updated * Updated * Changed heading name. Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com> * RunPollingCommand: Updated the script to execute using the DBot role. (#10772) * Updated the script to execute using the DBot role. * updated release notes * Updated docker image and README.md * Revert "RunPollingCommand: Updated the script to execute using the DBot role. (#10772)" This reverts commit 1c41fdd. * Updated docker image * test instance * removed test Co-authored-by: Ben Sterenson <ben@cybersixgill.com> Co-authored-by: Michal-Vardi <76096767+Michal-Vardi@users.noreply.github.com> Co-authored-by: Hod Alpert <halpert@paloaltonetworks.com> Co-authored-by: hod-alpert <haplert@paloaltonetworks.com> Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com> Co-authored-by: ChanochShayner <57212002+ChanochShayner@users.noreply.github.com> Co-authored-by: Dean Arbel <darbel@paloaltonetworks.com> Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com> Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> Co-authored-by: David Baumstein <51712181+David-BMS@users.noreply.github.com> Co-authored-by: Alex Fiedler <38628621+kirbles19@users.noreply.github.com> Co-authored-by: Guy Freund <53565845+guyfreund@users.noreply.github.com> Co-authored-by: roysagi <50295826+roysagi@users.noreply.github.com> Co-authored-by: Bar Hochman <11165655+jochman@users.noreply.github.com> Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> Co-authored-by: MosheGalitzky <57589449+moishce@users.noreply.github.com> Co-authored-by: Francesco Vigo <fvigo@users.noreply.github.com> Co-authored-by: Luigi Mori <lmori@paloaltonetworks.com> Co-authored-by: bgenish <bgenish@paloaltonetworks.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: tomneeman151293 <70005542+tomneeman151293@users.noreply.github.com> Co-authored-by: Yana Orhov <yorhov@paloaltonetworks.com> Co-authored-by: darkushin <61732335+darkushin@users.noreply.github.com> Co-authored-by: Darko Grozdanovski <darkogrozdanovski@gmail.com> Co-authored-by: esharf <esahrf@paloaltonetworks.com> Co-authored-by: Bar Chen <54398957+barchen1@users.noreply.github.com> Co-authored-by: Guy Keller <33782301+guykeller@users.noreply.github.com> Co-authored-by: Guy Lichtman <1395797+glicht@users.noreply.github.com> Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> Co-authored-by: altmannyarden <61933087+altmannyarden@users.noreply.github.com> Co-authored-by: Orel Haim <60567860+ohaim1008@users.noreply.github.com> Co-authored-by: reut shalem <50294648+reutshal@users.noreply.github.com> Co-authored-by: gal-berger <36194510+gal-berger@users.noreply.github.com> Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> Co-authored-by: avidan-H <46294017+avidan-H@users.noreply.github.com> Co-authored-by: Gal Rabin <53563021+GalRabin@users.noreply.github.com> Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com> Co-authored-by: VeredRozen <44163051+VeredRozen@users.noreply.github.com> Co-authored-by: Tal Z <tal@cognni.ai> Co-authored-by: olichter <olichter@paloaltonetworks.com> Co-authored-by: mayagoldb <43776787+mayagoldb@users.noreply.github.com> Co-authored-by: Alexander Brandborg <alexander.brandborg@hotmail.com> Co-authored-by: abaumgarten <abaumgarten@paloaltonetworks.com> Co-authored-by: Shelly Berman <45915502+Shellyber@users.noreply.github.com> Co-authored-by: Or Lichter <50324325+orlichter1@users.noreply.github.com> Co-authored-by: Noy-Maimon <72340690+Noy-Maimon@users.noreply.github.com> Co-authored-by: guyfreund <gfreund@paloaltonetworks.com> Co-authored-by: Anar Azadaliyev <aazadaliyev@paloaltonetworks.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
Related Issues
will update the release notes after this pr will merge:
#10567
Description
Added a new playbook for the pack, the new playbook will search for the breached FireEye red team tools IOCs.
Screenshots
Minimum version of Demisto
Does it break backward compatibility?
Must have