Skip to content

Commit

Permalink
"Cloud Response - generic" Fixes (demisto#33122)
Browse files Browse the repository at this point in the history 
* Updated MP dependency

* added manual step for choosing the cloud provider

* Fixed alertjson values + changed email communication subject

* fixed validations

* RN

* fixed validations

* fixed validations

* Bump pack from version CommonPlaybooks to 2.6.17.

* Bump pack from version CommonPlaybooks to 2.6.18.

* Bump pack from version CommonPlaybooks to 2.6.19.

* Bump pack from version CommonPlaybooks to 2.6.20.

* Bump pack from version CommonPlaybooks to 2.6.21.

* Bump pack from version CommonPlaybooks to 2.6.22.

* Removed alertJson values

* Removed un-required dot.

* Bump pack from version CommonPlaybooks to 2.6.23.

* Bump pack from version CommonPlaybooks to 2.6.24.

* updated PB image

* Apply suggestions from code review

* Bump pack from version CommonPlaybooks to 2.6.25.

* Fixed review comments

* fix review comments

* fix review comments

* Update 2_6_25.md

* Update 1_1_17.md

* Update 1_1_17.md

* Update playbook-Cloud_Response_-_Generic.yml

---------

Co-authored-by: Content Bot <[email protected]>
Co-authored-by: Richard Bluestone <[email protected]>
  • Loading branch information
@ssokolovich @richardbluestone
3 people authored Mar 24, 2024
1 parent 166eccb commit 56357fd
Show file tree
Hide file tree
Showing 12 changed files with 363 additions and 249 deletions.
107 changes: 10 additions & 97 deletions Packs/AWS-Enrichment-Remediation/Playbooks/playbook-Cloud_Response_-_AWS.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -595,32 +595,7 @@ tasks:
iscontext: true
region:
complex:
root: alertJson._all_events
filters:
- - operator: in
left:
value:
simple: alertJson._all_events.referenced_resource_name
iscontext: true
right:
value:
simple: remediateResourceList
iscontext: true
ignorecase: true
accessor: region
transformers:
- operator: split
args:
delimiter:
value:
simple: ','
- operator: SetIfEmpty
args:
applyIfEmpty: {}
defaultValue:
value:
simple: inputs.region
iscontext: true
root: inputs.region
separatecontext: false
continueonerrortype: ""
view: |-
Expand Down Expand Up @@ -672,31 +647,7 @@ tasks:
iscontext: true
region:
complex:
root: alertJson._all_events
filters:
- - operator: in
left:
value:
simple: alertJson._all_events.referenced_resource_name
iscontext: true
right:
value:
simple: remediateResourceList
iscontext: true
accessor: region
transformers:
- operator: split
args:
delimiter:
value:
simple: ','
- operator: SetIfEmpty
args:
applyIfEmpty: {}
defaultValue:
value:
simple: inputs.region
iscontext: true
root: inputs.region
separatecontext: false
continueonerrortype: ""
view: |-
Expand Down Expand Up @@ -881,26 +832,7 @@ tasks:
scriptarguments:
accessKeyId:
complex:
root: alertJson._all_events
filters:
- - operator: containsGeneral
left:
value:
simple: alertJson._all_events.actor_effective_username
iscontext: true
right:
value:
simple: Manual access key remediation.Answers.0
iscontext: true
accessor: _aws_specific_fields.access_key_id
transformers:
- operator: SetIfEmpty
args:
applyIfEmpty: {}
defaultValue:
value:
simple: inputs.accessKeyId
iscontext: true
root: inputs.accessKeyId
status:
simple: Inactive
userName:
Expand Down Expand Up @@ -1010,26 +942,7 @@ tasks:
scriptarguments:
AccessKeyId:
complex:
root: alertJson._all_events
filters:
- - operator: containsGeneral
left:
value:
simple: alertJson._all_events.actor_effective_username
iscontext: true
right:
value:
simple: Manual access key remediation.Answers.0
iscontext: true
accessor: _aws_specific_fields.access_key_id
transformers:
- operator: SetIfEmpty
args:
applyIfEmpty: {}
defaultValue:
value:
simple: inputs.accessKeyId
iscontext: true
root: inputs.accessKeyId
userName:
complex:
root: Manual access key remediation.Answers
Expand Down Expand Up @@ -1115,9 +1028,9 @@ tasks:
ignoreworker: false
message:
to:
simple: Administrator,Analyst,Read-Only
simple: ${incident.assigneduser}
subject:
simple: XCLOUD Cryptominig Alert - Credentials Remediation
simple: Cloud Response - AWS - Credentials Remediation
body:
simple: Analyst interaction is needed for the credentials remediation.
methods: []
Expand Down Expand Up @@ -1235,7 +1148,7 @@ tasks:
to:
simple: ${incident.assigneduser}
subject:
simple: XCLOUD Cryptominig Alert - Resource Remediation
simple: Cloud Response - AWS - Resource Remediation
body:
simple: Analyst interaction is needed for the resource remediation.
methods:
Expand Down Expand Up @@ -1412,7 +1325,7 @@ tasks:
to:
simple: ${incident.assigneduser}
subject:
simple: XCLOUD Cryptominig Alert - User Remediation
simple: Cloud Response - AWS - User Remediation
body:
simple: Analyst interaction is needed for the user remediation.
methods:
Expand Down Expand Up @@ -1665,9 +1578,9 @@ tasks:
ignoreworker: false
message:
to:
simple: Administrator,Analyst,Read-Only
simple: ${incident.assigneduser}
subject:
simple: XCLOUD Cryptominig Alert - Block Indicators
simple: Cloud Response - AWS - Block Indicators
body:
simple: Analyst interaction is needed for the indicators remediation.
methods: []
Expand Down
7 changes: 7 additions & 0 deletions Packs/AWS-Enrichment-Remediation/ReleaseNotes/1_1_17.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@

#### Playbooks

##### Cloud Response - AWS

- Fixed Data Collection titles.
- Fixed tasks that use the `alertJson` context path.
2 changes: 1 addition & 1 deletion Packs/AWS-Enrichment-Remediation/pack_metadata.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "AWS Enrichment and Remediation",
"description": "Playbooks using multiple AWS content packs for enrichment and remediation purposes",
"support": "xsoar",
"currentVersion": "1.1.16",
"currentVersion": "1.1.17",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down
Loading

0 comments on commit 56357fd

Please sign in to comment.