Skip to content

Commit

Permalink
Private upload mode docs #3 (demisto#28648)
Browse files Browse the repository at this point in the history
* Updated Docs

* Added RNs

* updated known words

* updated known words

* Bump pack from version ThreatConnect to 3.0.8.

* Bump pack from version CrowdStrikeFalconX to 1.2.33.

---------

Co-authored-by: Content Bot <[email protected]>
  • Loading branch information
darkushin and Content Bot authored Aug 7, 2023
1 parent a85937b commit 836117a
Show file tree
Hide file tree
Showing 21 changed files with 76 additions and 9 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,5 @@ First we upload the file and retrieve its SHA256 hash. Then, we use that ID to u
If you want to upload a file to the sandbox in a single command, use the cs-fx-upload-file and supply the following argument and value: submit_file=yes.

For more information on CrowdStrike Falcon Intelligence Sandbox, see the [CrowdStrike Falcon Intelligence Sandbox FAQ](https://www.crowdstrike.com/endpoint-security-products/falcon-x-threat-intelligence/crowdstrike-falcon-x-faq/).

Notice: Submitting indicators using the **cs-fx-submit-url** command of this integration might make the indicator data publicly available. See the vendor’s documentation for more details
Original file line number Diff line number Diff line change
Expand Up @@ -1887,6 +1887,8 @@ Gets reputation info for one or more files, by their sha256 hash.
***
Submits a URL or FTP for sandbox analysis.

Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.


#### Base Command

Expand Down
6 changes: 6 additions & 0 deletions Packs/CrowdStrikeFalconX/ReleaseNotes/1_2_33.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@

#### Integrations

##### CrowdStrike Falcon Intelligence Sandbox

Documentation and metadata improvements.
2 changes: 1 addition & 1 deletion Packs/CrowdStrikeFalconX/pack_metadata.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"description": "Fully automated malware analysis",
"support": "xsoar",
"serverMinVersion": "5.0.0",
"currentVersion": "1.2.32",
"currentVersion": "1.2.33",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down
Original file line number Diff line number Diff line change
@@ -1,2 +1,4 @@
#### Authenticate with an API token
In new Cuckoo installations, a random API token is automatically generated for you, and located in the cuckoo.conf file. In order to authenticate with an API token, insert '__token' in the "Username" textbox, and the token itself in the "Password" textbox.
In new Cuckoo installations, a random API token is automatically generated for you, and located in the cuckoo.conf file. In order to authenticate with an API token, insert '__token' in the "Username" textbox, and the token itself in the "Password" textbox.

Notice: Submitting indicators using the **cuckoo-create-task-from-url** command of this integration might make the indicator data publicly available. See the vendor’s documentation for more details
1 change: 1 addition & 0 deletions Packs/CuckooSandbox/Integrations/CuckooSandbox/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -416,6 +416,7 @@
<h3 id="h_9023664726051543479018156">4. Submit a URL for analysis</h3>
<hr>
<p>Submits a URL to Cuckoo Sandbox for analysis.</p>
<p>Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.</p>
<h5>Base Command</h5>
<pre><code>cuckoo-create-task-from-url</code></pre>
<h5>Input</h5>
Expand Down
6 changes: 6 additions & 0 deletions Packs/CuckooSandbox/ReleaseNotes/1_1_4.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@

#### Integrations

##### Cuckoo Sandbox

Documentation and metadata improvements.
2 changes: 1 addition & 1 deletion Packs/CuckooSandbox/pack_metadata.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "Cuckoo Sandbox",
"description": "Malware dynamic analysis sandboxing",
"support": "xsoar",
"currentVersion": "1.1.3",
"currentVersion": "1.1.4",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down
6 changes: 5 additions & 1 deletion Packs/FortiSandbox/.pack-ignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,8 @@
ignore=RM104

[file:FortiSandbox_image.png]
ignore=IM111
ignore=IM111

[known_words]
FortiSandbox
Forti
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
If no hostname use IP address in URL in the http://IP/ format. Please make sure XSOAR server can connect to FortiSandbox server.

Recommended playbook to use to upload file for analysis and get report:
Detonate File - FortiSandbox
Detonate File - FortiSandbox

Notice: Submitting indicators using the following commands of this integration might make the indicator data publicly available.
- ***fortisandbox-url-rating***
- ***fortisandbox-upload-urls***
See the vendor’s documentation for more details.
4 changes: 4 additions & 0 deletions Packs/FortiSandbox/Integrations/FortiSandbox/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,8 @@ There is no context output for this command.
***
Get URL Rating from FortiSandbox

Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.


#### Base Command

Expand Down Expand Up @@ -246,6 +248,8 @@ There is no context output for this command.
***
Upload CSV URLs

Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.


#### Base Command

Expand Down
6 changes: 6 additions & 0 deletions Packs/FortiSandbox/ReleaseNotes/1_0_5.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@

#### Integrations

##### FortiSandbox

Documentation and metadata improvements.
2 changes: 1 addition & 1 deletion Packs/FortiSandbox/pack_metadata.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "Forti Sandbox",
"description": "Pack contains integration with playbooks to upload file for malware analysis, retrieve the results and get file rating for previously scanned files from FortiSandbox",
"support": "community",
"currentVersion": "1.0.4",
"currentVersion": "1.0.5",
"author": "vibhuabharadwaj",
"url": "",
"email": "",
Expand Down
4 changes: 4 additions & 0 deletions Packs/Synapse/Integrations/Synapse/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,8 @@ Returns IP information and reputation.
***
Returns URL information and reputation.

Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.


#### Base Command

Expand Down Expand Up @@ -157,6 +159,8 @@ Returns URL information and reputation.
***
Returns Domain information and reputation.

Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.


#### Base Command

Expand Down
7 changes: 6 additions & 1 deletion Packs/Synapse/Integrations/Synapse/Synapse_description.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,9 @@
2. Configure the **Server URL** to match that of your remote cortex instance.
3. Configure the **port** that was used for the REST API (default is `:4443`).
4. Use your **username** and **password** for remote authentication.
5. Set **use_optic** if your instance is running Synapse Optic.
5. Set **use_optic** if your instance is running Synapse Optic.

Notice: Submitting indicators using the following commands of this integration might make the indicator data publicly available.
- ***url***
- ***domain***
See the vendor’s documentation for more details.
6 changes: 6 additions & 0 deletions Packs/Synapse/ReleaseNotes/1_0_5.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@

#### Integrations

##### Synapse

Documentation and metadata improvements.
2 changes: 1 addition & 1 deletion Packs/Synapse/pack_metadata.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "Synapse",
"description": "Vertex Synapse intelligence analysis framework.",
"support": "community",
"currentVersion": "1.0.4",
"currentVersion": "1.0.5",
"author": "Jordan Berry",
"url": "",
"email": "",
Expand Down
4 changes: 4 additions & 0 deletions Packs/ThreatConnect/Integrations/ThreatConnectV3/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,8 @@ Searches for an indicator of type IP address.
***
Searches for an indicator of type URL.

Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.

#### Base Command

`url`
Expand Down Expand Up @@ -550,6 +552,8 @@ Associates an indicator with an existing incident. The indicator must exist befo
***
Searches for an indicator of type domain.

Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.

#### Base Command

`domain`
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@
2. Go to **Membership** and click **Create API User** to add a new API user.
3. Finish the configuration as shown [here](https://training.threatconnect.com/learn/article/creating-user-accounts-kb-article#2).

Notice: Submitting indicators using the following commands of this integration might make the indicator data publicly available.
- ***url***
- ***domain***
See the vendor’s documentation for more details.

---
[View API Documentation](https://docs.threatconnect.com/en/latest/rest_api/rest_api.html#v3-api)
6 changes: 6 additions & 0 deletions Packs/ThreatConnect/ReleaseNotes/3_0_8.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@

#### Integrations

##### ThreatConnect v3

Documentation and metadata improvements.
2 changes: 1 addition & 1 deletion Packs/ThreatConnect/pack_metadata.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "ThreatConnect",
"description": "Threat intelligence platform.",
"support": "xsoar",
"currentVersion": "3.0.7",
"currentVersion": "3.0.8",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down

0 comments on commit 836117a

Please sign in to comment.