Merge branch 'contrib/SEKOIA-IO_Add/SekoiaXDR' into Add/SekoiaXDR

.circleci/config.yml

@@ -53,7 +53,7 @@ parameters:
   node-orb-version:
     type: string
     default: "5.0.1" # disable-secrets-detection
-  
+
 references:
   environment: &environment
     environment:
@@ -69,9 +69,9 @@ references:
       PULL_REQUEST_NUMBER: << pipeline.parameters.pr_number >>
       NIGHTLY_PARAMETER: << pipeline.parameters.nightly >>
       GCS_MARKET_BUCKET: << pipeline.parameters.gcs_market_bucket >>
-  
+
   install_build_dependencies: &install_build_dependencies
-    python/install-packages: 
+    python/install-packages:
         pkg-manager: "poetry"
         args: "--with ci"
         cache-version: << pipeline.parameters.cache-version >>
@@ -106,7 +106,7 @@ references:
           neo4j_conf_file="/etc/neo4j/neo4j.conf"
           sudo echo "dbms.security.procedures.unrestricted=apoc.*" >> $neo4j_conf_file
           sudo echo "dbms.security.procedures.allowlist=apoc.*" >> $neo4j_conf_file
-          sudo echo "dbms.memory.transaction.total.max=600m" >> $neo4j_conf_file
+          sudo echo "dbms.memory.transaction.total.max=2000m" >> $neo4j_conf_file
 
           apoc_conf_file="/etc/neo4j/apoc.conf"
           sudo echo "apoc.export.file.enabled=true" > $apoc_conf_file
@@ -116,7 +116,7 @@ references:
 
   container_config: &container_config
     docker:
-      - image: devdemisto/content-build:3.0.0.49685  # disable-secrets-detection
+      - image: devdemisto/content-build:3.0.0.93625  # disable-secrets-detection
         auth:
           username: $DOCKERHUB_USER
           password: $DOCKERHUB_PASSWORD
@@ -147,12 +147,9 @@ references:
         poetry --version
         # Check if CircleCI's config file and poetry files files are up to date
         # if poetry isn't up-to-date, checkout from origin/master.
-        ./Tests/scripts/is_file_up_to_date.sh .circleci/config.yml $CIRCLE_BRANCH
-        ./Tests/scripts/is_file_up_to_date.sh poetry.lock $CIRCLE_BRANCH true
-        ./Tests/scripts/is_file_up_to_date.sh pyproject.toml $CIRCLE_BRANCH true
-        ./Tests/scripts/is_file_up_to_date.sh Tests/Marketplace/core_packs_list.json $CIRCLE_BRANCH true
-        ./Tests/scripts/is_file_up_to_date.sh Tests/Marketplace/core_packs_mpv2_list.json $CIRCLE_BRANCH true
-        ./Tests/scripts/is_file_up_to_date.sh Tests/Marketplace/core_packs_xpanse_list.json $CIRCLE_BRANCH true
+        ./.circleci/is_file_up_to_date.sh .circleci/config.yml $CIRCLE_BRANCH
+        ./.circleci/is_file_up_to_date.sh poetry.lock $CIRCLE_BRANCH true
+        ./.circleci/is_file_up_to_date.sh pyproject.toml $CIRCLE_BRANCH true
 
         echo 'export CIRCLE_ARTIFACTS="/home/circleci/project/artifacts"' >> $BASH_ENV
         echo 'export PATH="/home/circleci/.local/bin:${PWD}/node_modules/.bin:${PATH}"' >> $BASH_ENV # disable-secrets-detection
@@ -282,7 +279,6 @@ references:
         python3 -m pytest ./Tests/scripts/infrastructure_tests/ -v
         python3 -m pytest ./Tests/Marketplace/Tests/ -v
         python3 -m pytest ./Tests/tests -v
-        python3 -m pytest ./Tests/private_build/tests -v
         python3 -m pytest Utils -v
 
         if [ -n "${DEMISTO_SDK_NIGHTLY}" ] ; then
@@ -300,7 +296,7 @@ references:
                 USERNAME=$(echo $CONTRIB_BRANCH | cut -d ":" -f 1)
                 BRANCH=$(echo $CONTRIB_BRANCH | cut -d ":" -f 2)
                 $CONTRIB_REPO="content"
-                python3 ./Utils/update_contribution_pack_in_base_branch.py -p $PULL_REQUEST_NUMBER -b $BRANCH -u $USERNAME -c $CONTRIB_REPO
+                python3 ./Utils/update_contribution_pack_in_base_branch.py -p $PULL_REQUEST_NUMBER -b $BRANCH -u $USERNAME -c $CONTRIB_REPO -gt $GITHUB_TOKEN
 
   comment_on_contrib_pr: &comment_on_contrib_pr
     when:

Tests/scripts/is_file_up_to_date.sh → .circleci/is_file_up_to_date.sh

@@ -4,7 +4,7 @@ BRANCH=$2
 SHOULD_CHECKOUT=$3
 
 if [[ -n $BRANCH ]]; then
-  BRANCH=$(git branch --show-current 2>/dev/null) || BRANCH=$(git rev-parse --head) 
+  BRANCH=$(git branch --show-current 2>/dev/null) || BRANCH=$(git rev-parse --head)
 fi
 
 # Checks if there's any diff from master

.devcontainer/Dockerfile

@@ -1,12 +1,14 @@
-FROM python:3.10-slim-bullseye
+FROM python:3.10-slim-bookworm
 
 ENV USERNAME demisto
 ENV HOME /home/$USERNAME
 ENV NODE_EXTRA_CA_CERTS /usr/local/share/ca-certificates/certs.crt
 ENV PATH $PATH:$HOME/.local/bin:/root/.local/bin:/usr/local/share/nvm/current/bin
+ENV FEATURES_COMMIT_HASH fc62e9abf47c5ea52e02de997c91c5d52a5edc3a
+
 
 ADD createCerts.sh .
-RUN apt-get update && apt-get install dos2unix git python2 curl -y \
+RUN apt-get update && apt-get install dos2unix git curl -y \
     && dos2unix /createCerts.sh \
     && chmod +x /createCerts.sh \ 
     && /createCerts.sh $NODE_EXTRA_CA_CERTS \
@@ -15,13 +17,14 @@ RUN apt-get update && apt-get install dos2unix git python2 curl -y \
     && git clone https://github.com/devcontainers/features.git /features \
     && cd /features \
     # locking to the latest master commit in this repo (https://github.com/devcontainers/features.git) to prevent breaking changes
-    # We should update this commit hash from time to time to
-    && git checkout 96bff0097028001e6e4126c5528d37cb8c13e785
+    # We should update this commit hash from time to time to time
+    && git checkout $FEATURES_COMMIT_HASH
 
 # This is a workaround for VSCode devcontainer features in self signed certificate
 RUN UID="1000" GID="1000" bash /features/src/common-utils/install.sh
 RUN VERSION="os-provided" bash /features/src/git/install.sh
-RUN VERSION="latest" bash /features/src/docker-in-docker/install.sh
+# Install a specific version of moby-buildx when using Moby. (2024-02-09: Microsoft's Package Manifest has mismatching filesize and SHA for 0.12.1;  0.12.0 is the last known good version)
+RUN VERSION="lts" MOBYBUILDXVERSION="0.12.0" bash /features/src/docker-in-docker/install.sh
 RUN VERSION="lts" bash /features/src/node/install.sh
 RUN bash /features/src/sshd/install.sh
 RUN bash /features/src/github-cli/install.sh

.github/CODEOWNERS

@@ -9,19 +9,19 @@
 /Tests/Marketplace/corepacks_override.json @yaakovpraisler
 
 # Docker native image
-/Tests/docker_native_image_config.json @GuyAfik @JudahSchwartz @samuelFain
+/Tests/docker_native_image_config.json @JudahSchwartz @samuelFain
 
 # Marketplace & Upload-Flow
-/Tests/scripts/create_artifacts_graph/create_artifacts.py @ilaner
+/Tests/scripts/create_artifacts_graph/create_artifacts.py @RosenbergYehuda
 /Tests/Marketplace/upload_git_snapshot.py @yaakovpraisler
 /Tests/Marketplace/install_packs.sh @yaakovpraisler
 /Tests/Marketplace/configure_and_install_packs.py @yaakovpraisler
 /Tests/Marketplace/copy_and_upload_packs.py @yaakovpraisler
-/Tests/Marketplace/marketplace_services.py @yaakovpraisler @ilaner
+/Tests/Marketplace/marketplace_services.py @yaakovpraisler @RosenbergYehuda
 /Tests/Marketplace/marketplace_statistics.py @yaakovpraisler
 /Tests/Marketplace/marketplace_constants.py @yaakovpraisler
 /Tests/Marketplace/zip_packs.py @yaakovpraisler
-/Tests/Marketplace/upload_packs.py @yaakovpraisler @ilaner
+/Tests/Marketplace/upload_packs.py @yaakovpraisler @RosenbergYehuda
 /Tests/Marketplace/packs_dependencies.py @yaakovpraisler
 /Tests/Marketplace/search_and_install_packs.py @yaakovpraisler
 /Tests/scripts/prepare_content_packs_for_testing.sh @yaakovpraisler
@@ -31,18 +31,15 @@
 /Utils/test_upload_flow/* @yaakovpraisler
 
 # Test Collection
-/Tests/scripts/collect_tests @dorschw
-/Tests/scripts/collect_tests/id_set.py @ilaner
+/Tests/scripts/collect_tests @dorschw @michal-dagan
 /Tests/conf.json @sapirshuker
 
 # PANW Products
 /Packs/Palo_Alto_Networks_Enterprise_DLP/ @DeanArbel
 /Packs/PAN-OS/Integrations/ @jlevypaloalto
-/Packs/PrismaCloudCompute/Integrations/ @GuyAfik
-/Packs/PrismaSaasSecurity/Integrations/ @GuyAfik
 
 # Important Integrations
-/Packs/QRadar/Integrations/QRadar_v3/* @ilaner
+/Packs/QRadar/Integrations/QRadar_v3/* @jbabazadeh
 /Packs/Slack/Integrations/* @amshamah419 @rshunim
 /Packs/SplunkPy/Integrations/SplunkPy/* @ilappe
 /Packs/MicrosoftExchangeOnPremise/Integrations @amshamah419
@@ -60,9 +57,9 @@
 /Packs/CommonScripts/Scripts/StixCreator/* @Ni-Knight
 
 # Common Packs
-/Packs/CommonTypes/ @michalgold @idovandijk
-/Packs/CommonPlaybooks/ @michalgold @idovandijk
-/Packs/CommonDashboards/ @michalgold @idovandijk
+/Packs/CommonTypes/ @altmannyarden @idovandijk
+/Packs/CommonPlaybooks/ @altmannyarden @idovandijk
+/Packs/CommonDashboards/ @altmannyarden @idovandijk
 /Packs/ContentManagement/ @mmhw
 /Packs/CommonTypes/IndicatorTypes/* @Ni-Knight
 /Packs/CommonTypes/Layouts/* @Ni-Knight
@@ -82,38 +79,33 @@
 .gitlab/ci/* @yucohen
 .gitlab/* @yucohen
 .gitlab-ci.yml @yucohen
-/Tests/scripts/wait_in_line_for_cloud_env.sh @daryakoval
-.gitlab/ci/.gitlab-ci.staging.yml @ilaner
-/Tests/scripts/uninstall_packs_and_reset_bucket_cloud.sh @daryakoval
-/Tests/Marketplace/search_and_uninstall_pack.py @daryakoval
-/Tests/scripts/install_content_and_test_integrations.sh @daryakoval
-/Tests/configure_and_test_integration_instances.py @daryakoval
-/Tests/scripts/print_cloud_machine_details.sh @daryakoval
-/Tests/scripts/run_tests.sh @daryakoval
-/Tests/scripts/download_demisto_conf.sh @daryakoval
-Tests/scripts/test_modeling_rules.sh @daryakoval
-Tests/scripts/lock_cloud_machines.py @daryakoval
+/Tests/scripts/wait_in_line_for_cloud_env.sh @yucohen
+/Tests/scripts/uninstall_packs_and_reset_bucket_cloud.sh @yucohen
+/Tests/Marketplace/search_and_uninstall_pack.py @yucohen
+/Tests/scripts/install_content_and_test_integrations.sh @yucohen
+/Tests/configure_and_test_integration_instances.py @yucohen
+/Tests/scripts/print_cloud_machine_details.sh @yucohen
+/Tests/scripts/run_tests.sh @yucohen
+/Tests/scripts/download_demisto_conf.sh @yucohen
+Tests/scripts/test_modeling_rules.sh @AradCarmi
+Tests/scripts/lock_cloud_machines.py @yucohen
 Tests/Marketplace/server_content_items.json @dantavori
+validation_config.toml @YuvHayun @JudahSchwartz @anara123 @SamuelFain
 
 # SDK Related
-.gitlab/ci/.gitlab-ci.sdk-nightly.yml @dorschw
-Utils/trigger_nightly_sdk_build.sh @dorschw
-.pre-commit-config_template.yaml @dorschw @ilaner
+.gitlab/ci/.gitlab-ci.sdk-nightly.yml @SamuelFain
+.pre-commit-config_template.yaml @SamuelFain
 
 # XDR Related
-/Packs/CortexXDR/Integrations/ @dansterenson
-/Packs/Core/Integrations/ @dansterenson
-/Packs/ApiModules/Scripts/CoreIRApiModule/* @dansterenson
+/Packs/CortexXDR/Integrations/ @maimorag
+/Packs/Core/Integrations/ @maimorag
+/Packs/ApiModules/Scripts/CoreIRApiModule/* @maimorag
 
 # Dependencies
-pyproject.toml @ilaner @dorschw
-poetry.lock @ilaner @dorschw
-
-# Devcontainers
-.devcontainer/* @ilaner
+poetry.lock @dorschw
 
 # Demisto Class
-Packs/ApiModules/Scripts/DemistoClassApiModule/DemistoClassApiModule.py @daryakoval
+Packs/ApiModules/Scripts/DemistoClassApiModule/DemistoClassApiModule.py @dantavori
 
 # TIM Related
 /Packs/TAXIIServer/Integrations/* @MLainer1
@@ -139,4 +131,4 @@ Packs/ApiModules/Scripts/DemistoClassApiModule/DemistoClassApiModule.py @daryako
 /Packs/Base/Scripts/DBotFindSimilarIncidentsByIndicators/ @jlevypaloalto
 /Packs/Base/Scripts/DBotSuggestClassifierMapping/ @jlevypaloalto
 /Packs/Base/Scripts/GetMLModelEvaluation/ @jlevypaloalto
-/Packs/Base/Scripts/DBotMLFetchData/ @jlevypaloalto
+/Packs/Base/Scripts/DBotMLFetchData/ @jlevypaloalto

.github/content_roles.json

@@ -1,14 +1,14 @@
 {
     "CONTRIBUTION_REVIEWERS": [
-        "YuvHayun",
-        "yucohen",
-        "shmuel44"
+        "RotemAmit",
+        "jlevypaloalto",
+        "Shellyber"
     ],
-    "CONTRIBUTION_TL": "AradCarmi",
-    "CONTRIBUTION_SECURITY_REVIEWER": "melamedbn",
+    "CONTRIBUTION_TL": "BEAdi",
+    "CONTRIBUTION_SECURITY_REVIEWER": "ssokolovich",
     "ON_CALL_DEVS": [
-        "dfried",
-        "meichler"
+        "AradCarmi",
+        "yaakovpraisler"
     ],
     "DOC_REVIEWER": "ShirleyDenkberg",
     "TIM_REVIEWER": "MLainer1"

.github/workflows/autobump_rn.yml

@@ -25,11 +25,11 @@ jobs:
           fetch-depth: 0
           token: ${{ secrets.CONTENTBOT_GH_ADMIN_TOKEN }}
       - name: Setup Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
-          python-version: '3.10'
+          python-version: "3.10"
       - name: Setup Poetry
-        uses: Gr1N/setup-poetry@v8
+        uses: Gr1N/setup-poetry@v9
       - name: Install python dependencies
         run: |
           poetry install --with ci

.github/workflows/check-contribution-form-filled.yml

@@ -15,14 +15,14 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Setup Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
-          python-version: '3.10'
+          python-version: "3.10"
       - name: Setup Poetry
-        uses: Gr1N/setup-poetry@v8
+        uses: Gr1N/setup-poetry@v9
       - name: Install Python Dependencies
         run: |
-           poetry install --with ci
+          poetry install --with ci
       - name: Check if contribution form needs to be filled
         env:
           PR_NUMBER: ${{ github.event.pull_request.number }}

.github/workflows/check-contributor-pack.yml

@@ -15,11 +15,11 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Setup Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
-          python-version: '3.8'
+          python-version: "3.8"
       - name: Setup Poetry
-        uses: Gr1N/setup-poetry@v8
+        uses: Gr1N/setup-poetry@v9
       - name: Install python dependencies
         run: |
           poetry install --with ci
@@ -34,5 +34,5 @@ jobs:
           echo "PR number is: $PR_NUMBER"
           echo "Target branch name is: $BRANCH_NAME"
           echo "Starting check of contributor packs"
-          poetry run python ./Utils/request_contributor_review.py --pr_number $PR_NUMBER --github_token $GITHUB_TOKEN --email_api_token $SENDGRID_EMAIL_API_KEY
+          poetry run python ./Utils/github_workflow_scripts/request_contributor_review.py --pr_number $PR_NUMBER --github_token $GITHUB_TOKEN --email_api_token $SENDGRID_EMAIL_API_KEY
           echo "Finished check of contributor packs"

.github/workflows/check-nightly-ok-label.yml

@@ -0,0 +1,51 @@
+name: Check nightly-ok label
+
+on:
+  pull_request:
+    types: [opened, synchronize, labeled, unlabeled]
+
+jobs:
+  check_label:
+    runs-on: ubuntu-latest
+    if: github.repository == 'demisto/content' && github.event.pull_request.head.repo.fork == false
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Check if files under .gitlab directory are changed
+        id: check-changes
+        run: |
+          CHANGED_FILES=$(git diff --name-only origin/master...origin/${{ github.head_ref || github.ref_name }})
+          echo "All changed files:"
+          echo "${CHANGED_FILES}"
+          GITLAB_CHANGED_FILES=$( [[ $CHANGED_FILES == *".gitlab/ci"* ]] && echo true || echo false)
+          echo "Files in the .gitlab folder have changed: ${GITLAB_CHANGED_FILES}"
+          echo "gitlab_changed_files=$GITLAB_CHANGED_FILES" >> $GITHUB_OUTPUT
+          if [[ $GITLAB_CHANGED_FILES == true ]]; then
+            echo 'Files under .gitlab folder has changed, Will check if the PR has the `nightly-ok` label.'
+          else
+            echo 'Files in the .gitlab folder have not been changed.'
+          fi
+
+      - name: Check if PR has the nightly-ok label
+        uses: actions/github-script@v7
+        id: check-label
+        with:
+          script: |
+            const gitlabChangedFiles = ${{ steps.check-changes.outputs.gitlab_changed_files }};
+            if(gitlabChangedFiles) {
+              console.log('Files under .gitlab folder has changed, Will check if the PR has the `nightly-ok` label.');
+              const labels = context.payload.pull_request.labels.map(label => label.name);
+              const hasLabel = labels.includes('nightly-ok');
+              if (hasLabel) {
+                console.log('All good, the PR has the `nightly-ok` label.');
+              } else {
+                console.log('PR does not have the `nightly-ok` label. It is required when changing files under the `.gitlab` directory. Please run nightly using the Utils/gitlab_triggers/trigger_content_nightly_build.sh script, check that succeeded, and add the `nightly-ok` label');
+                process.exit(1); // Exit with failure status if label is missing
+              }
+            } else {
+              console.log('Files in the .gitlab folder have not been changed.');
+            }

.github/workflows/check-partner-approved-label.yml

@@ -14,11 +14,11 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Set up Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
-          python-version: '3.10'
+          python-version: "3.10"
       - name: Setup Poetry
-        uses: Gr1N/setup-poetry@v8
+        uses: Gr1N/setup-poetry@v9
       - name: Install python dependencies
         run: |
           poetry install --with ci