CTF fixes (demisto#31483)

* - Fixed hints and tasks descriptions - added the "LastArrayElement" to all check your answers tasks ( in case the user will re-open the data collection task and submit the answer through it). * RN
SEKOIA-IO · Dec 17, 2023 · b87869f · b87869f
1 parent 7ca7eeb
commit b87869f
Show file tree

Hide file tree

Showing 6 changed files with 29 additions and 5 deletions.
diff --git a/Packs/CTF02/Playbooks/playbook-CTF_2_-_Classify_an_incident_RDP_Brute_force.yml b/Packs/CTF02/Playbooks/playbook-CTF_2_-_Classify_an_incident_RDP_Brute_force.yml
@@ -92,6 +92,7 @@ tasks:
           root: Classification.Answers
           accessor: "0"
           transformers:
+          - operator: LastArrayElement
           - operator: uniq
     separatecontext: false
     continueonerrortype: ""
@@ -267,6 +268,7 @@ tasks:
           root: Check if there are any errors in the playbook?.Answers
           accessor: "0"
           transformers:
+          - operator: LastArrayElement
           - operator: uniq
     separatecontext: false
     continueonerrortype: ""
@@ -375,7 +377,7 @@ tasks:
       id: da0e26b8-3acd-4ddd-8336-2fbb9339f26e
       version: -1
       name: 'Check your answer #2'
-      description: "Question #2:\nAre there any playbook errors? "
+      description: "Question #2:\nWhat is the type of the malicious indicator? "
       scriptName: CTF_2_BF
       type: regular
       iscommand: false
@@ -391,6 +393,7 @@ tasks:
           root: Check the various indicators that are extracted from the incident.Answers
           accessor: "0"
           transformers:
+          - operator: LastArrayElement
           - operator: uniq
     separatecontext: false
     continueonerrortype: ""
@@ -434,6 +437,7 @@ tasks:
           root: Check the various indicators that are extracted from the incident.Answers
           accessor: "1"
           transformers:
+          - operator: LastArrayElement
           - operator: uniq
     separatecontext: false
     continueonerrortype: ""
@@ -570,6 +574,7 @@ tasks:
           root: Threat Campaign.Answers
           accessor: "0"
           transformers:
+          - operator: LastArrayElement
           - operator: uniq
     separatecontext: false
     continueonerrortype: ""
@@ -838,6 +843,7 @@ tasks:
           root: Threat Campaign.Answers
           accessor: "1"
           transformers:
+          - operator: LastArrayElement
           - operator: uniq
     separatecontext: false
     continueonerrortype: ""
@@ -983,6 +989,7 @@ tasks:
           root: Check the tag associated with the malicious indicator.Answers
           accessor: "0"
           transformers:
+          - operator: LastArrayElement
           - operator: uniq
     separatecontext: false
     continueonerrortype: ""

diff --git a/Packs/CTF02/ReleaseNotes/1_0_1.md b/Packs/CTF02/ReleaseNotes/1_0_1.md
@@ -0,0 +1,6 @@
+
+#### Playbooks
+
+##### CTF 2 - Classify an incident - RDP Brute force
+
+- Playbook improvements.
diff --git a/Packs/CTF02/pack_metadata.json b/Packs/CTF02/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Capture The Flag - 02",
     "description": "XSOAR's Capture the flag (CTF)",
     "support": "xsoar",
-    "currentVersion": "1.0.0",
+    "currentVersion": "1.0.1",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",
@@ -23,4 +23,4 @@
             "display_name": "Capture The Flag - 01"
         }
     }
-    }
+}
diff --git a/Packs/ctf01/Playbooks/playbook-CTF_1_-_Get_to_know_XSOAR8.yml b/Packs/ctf01/Playbooks/playbook-CTF_1_-_Get_to_know_XSOAR8.yml
@@ -231,7 +231,7 @@ tasks:
         optionsarg: []
         fieldassociated: ""
         placeholder: ""
-        tooltip: Try to check the integration's python, search for custom integration -> which starts with 'oh...' . Oh and remember that the answer isn't always on the wall....
+        tooltip: Try to check the integration's python, search for enabled integration from the CTF packs -> which starts with 'oh...' . Oh and remember that the answer isn't always on the wall....
         readonly: false
       title: Integration Settings
       description: "XSOAR 8 uses the same ingestion systems as previous versions. Integrations in each of the content packs are still the place to go! \n\nXSOAR (including version 8) can support multiple instances of each integration. We’ve hidden the flag in one of the already-configured integrations for you. \nSadly our attempt to hide it on a deserted island failed, so we put it here instead.\n\n**Did you know?**\n\nXSOAR 8 uses the same ingestion systems as previous versions. Integrations in each of the content packs are still the place to go!\n[Click here to read more.](https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Migration-Guide-From-V6-to-V8/Integration-Instance-Configuration)\n___\n![myfile](https://raw.githubusercontent.com/demisto/content/10b88c87c2954c3b97108b3c07596fcf3cf128b7/Packs/ctf01/doc_files/E.gif)\n___\n"
@@ -466,6 +466,7 @@ tasks:
           root: Get to know the Marketplace.Answers
           accessor: "0"
           transformers:
+          - operator: LastArrayElement
           - operator: toLowerCase
           - operator: uniq
     separatecontext: false
@@ -510,6 +511,7 @@ tasks:
           root: Check the Playbooks.Answers
           accessor: "0"
           transformers:
+          - operator: LastArrayElement
           - operator: toLowerCase
           - operator: uniq
     separatecontext: false
@@ -554,6 +556,7 @@ tasks:
           root: Incident fields.Answers
           accessor: "0"
           transformers:
+          - operator: LastArrayElement
           - operator: uniq
     separatecontext: false
     continueonerrortype: ""
@@ -673,6 +676,7 @@ tasks:
           root: Practicing with Reports.Answers
           accessor: "0"
           transformers:
+          - operator: LastArrayElement
           - operator: uniq
     separatecontext: false
     continueonerrortype: ""
@@ -716,6 +720,7 @@ tasks:
           root: Integration Settings.Answers
           accessor: "0"
           transformers:
+          - operator: LastArrayElement
           - operator: uniq
     separatecontext: false
     continueonerrortype: ""

diff --git a/Packs/ctf01/ReleaseNotes/1_0_3.md b/Packs/ctf01/ReleaseNotes/1_0_3.md
@@ -0,0 +1,6 @@
+
+#### Playbooks
+
+##### CTF 1 - Get to know XSOAR8
+
+- Playbook improvements.
diff --git a/Packs/ctf01/pack_metadata.json b/Packs/ctf01/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Capture The Flag - 01",
     "description": "XSOAR's Capture the flag (CTF)",
     "support": "xsoar",
-    "currentVersion": "1.0.2",
+    "currentVersion": "1.0.3",
     "serverMinVersion": "8.2.0",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",