From b87869fa7f07af8c90302c02ef1f7af6f67c4515 Mon Sep 17 00:00:00 2001 From: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> Date: Sun, 17 Dec 2023 14:28:39 +0200 Subject: [PATCH] CTF fixes (#31483) * - Fixed hints and tasks descriptions - added the "LastArrayElement" to all check your answers tasks ( in case the user will re-open the data collection task and submit the answer through it). * RN --- ...book-CTF_2_-_Classify_an_incident_RDP_Brute_force.yml | 9 ++++++++- Packs/CTF02/ReleaseNotes/1_0_1.md | 6 ++++++ Packs/CTF02/pack_metadata.json | 4 ++-- .../Playbooks/playbook-CTF_1_-_Get_to_know_XSOAR8.yml | 7 ++++++- Packs/ctf01/ReleaseNotes/1_0_3.md | 6 ++++++ Packs/ctf01/pack_metadata.json | 2 +- 6 files changed, 29 insertions(+), 5 deletions(-) create mode 100644 Packs/CTF02/ReleaseNotes/1_0_1.md create mode 100644 Packs/ctf01/ReleaseNotes/1_0_3.md diff --git a/Packs/CTF02/Playbooks/playbook-CTF_2_-_Classify_an_incident_RDP_Brute_force.yml b/Packs/CTF02/Playbooks/playbook-CTF_2_-_Classify_an_incident_RDP_Brute_force.yml index f86f73b51475..28f194352202 100644 --- a/Packs/CTF02/Playbooks/playbook-CTF_2_-_Classify_an_incident_RDP_Brute_force.yml +++ b/Packs/CTF02/Playbooks/playbook-CTF_2_-_Classify_an_incident_RDP_Brute_force.yml @@ -92,6 +92,7 @@ tasks: root: Classification.Answers accessor: "0" transformers: + - operator: LastArrayElement - operator: uniq separatecontext: false continueonerrortype: "" @@ -267,6 +268,7 @@ tasks: root: Check if there are any errors in the playbook?.Answers accessor: "0" transformers: + - operator: LastArrayElement - operator: uniq separatecontext: false continueonerrortype: "" @@ -375,7 +377,7 @@ tasks: id: da0e26b8-3acd-4ddd-8336-2fbb9339f26e version: -1 name: 'Check your answer #2' - description: "Question #2:\nAre there any playbook errors? " + description: "Question #2:\nWhat is the type of the malicious indicator? " scriptName: CTF_2_BF type: regular iscommand: false @@ -391,6 +393,7 @@ tasks: root: Check the various indicators that are extracted from the incident.Answers accessor: "0" transformers: + - operator: LastArrayElement - operator: uniq separatecontext: false continueonerrortype: "" @@ -434,6 +437,7 @@ tasks: root: Check the various indicators that are extracted from the incident.Answers accessor: "1" transformers: + - operator: LastArrayElement - operator: uniq separatecontext: false continueonerrortype: "" @@ -570,6 +574,7 @@ tasks: root: Threat Campaign.Answers accessor: "0" transformers: + - operator: LastArrayElement - operator: uniq separatecontext: false continueonerrortype: "" @@ -838,6 +843,7 @@ tasks: root: Threat Campaign.Answers accessor: "1" transformers: + - operator: LastArrayElement - operator: uniq separatecontext: false continueonerrortype: "" @@ -983,6 +989,7 @@ tasks: root: Check the tag associated with the malicious indicator.Answers accessor: "0" transformers: + - operator: LastArrayElement - operator: uniq separatecontext: false continueonerrortype: "" diff --git a/Packs/CTF02/ReleaseNotes/1_0_1.md b/Packs/CTF02/ReleaseNotes/1_0_1.md new file mode 100644 index 000000000000..c5c4ab112ecf --- /dev/null +++ b/Packs/CTF02/ReleaseNotes/1_0_1.md @@ -0,0 +1,6 @@ + +#### Playbooks + +##### CTF 2 - Classify an incident - RDP Brute force + +- Playbook improvements. diff --git a/Packs/CTF02/pack_metadata.json b/Packs/CTF02/pack_metadata.json index 5a9262db37f6..b36baa42fcdd 100644 --- a/Packs/CTF02/pack_metadata.json +++ b/Packs/CTF02/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Capture The Flag - 02", "description": "XSOAR's Capture the flag (CTF)", "support": "xsoar", - "currentVersion": "1.0.0", + "currentVersion": "1.0.1", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", @@ -23,4 +23,4 @@ "display_name": "Capture The Flag - 01" } } - } \ No newline at end of file +} \ No newline at end of file diff --git a/Packs/ctf01/Playbooks/playbook-CTF_1_-_Get_to_know_XSOAR8.yml b/Packs/ctf01/Playbooks/playbook-CTF_1_-_Get_to_know_XSOAR8.yml index 9edffc0d17d6..db07014634de 100644 --- a/Packs/ctf01/Playbooks/playbook-CTF_1_-_Get_to_know_XSOAR8.yml +++ b/Packs/ctf01/Playbooks/playbook-CTF_1_-_Get_to_know_XSOAR8.yml @@ -231,7 +231,7 @@ tasks: optionsarg: [] fieldassociated: "" placeholder: "" - tooltip: Try to check the integration's python, search for custom integration -> which starts with 'oh...' . Oh and remember that the answer isn't always on the wall.... + tooltip: Try to check the integration's python, search for enabled integration from the CTF packs -> which starts with 'oh...' . Oh and remember that the answer isn't always on the wall.... readonly: false title: Integration Settings description: "XSOAR 8 uses the same ingestion systems as previous versions. Integrations in each of the content packs are still the place to go! \n\nXSOAR (including version 8) can support multiple instances of each integration. We’ve hidden the flag in one of the already-configured integrations for you. \nSadly our attempt to hide it on a deserted island failed, so we put it here instead.\n\n**Did you know?**\n\nXSOAR 8 uses the same ingestion systems as previous versions. Integrations in each of the content packs are still the place to go!\n[Click here to read more.](https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Migration-Guide-From-V6-to-V8/Integration-Instance-Configuration)\n___\n![myfile](https://raw.githubusercontent.com/demisto/content/10b88c87c2954c3b97108b3c07596fcf3cf128b7/Packs/ctf01/doc_files/E.gif)\n___\n" @@ -466,6 +466,7 @@ tasks: root: Get to know the Marketplace.Answers accessor: "0" transformers: + - operator: LastArrayElement - operator: toLowerCase - operator: uniq separatecontext: false @@ -510,6 +511,7 @@ tasks: root: Check the Playbooks.Answers accessor: "0" transformers: + - operator: LastArrayElement - operator: toLowerCase - operator: uniq separatecontext: false @@ -554,6 +556,7 @@ tasks: root: Incident fields.Answers accessor: "0" transformers: + - operator: LastArrayElement - operator: uniq separatecontext: false continueonerrortype: "" @@ -673,6 +676,7 @@ tasks: root: Practicing with Reports.Answers accessor: "0" transformers: + - operator: LastArrayElement - operator: uniq separatecontext: false continueonerrortype: "" @@ -716,6 +720,7 @@ tasks: root: Integration Settings.Answers accessor: "0" transformers: + - operator: LastArrayElement - operator: uniq separatecontext: false continueonerrortype: "" diff --git a/Packs/ctf01/ReleaseNotes/1_0_3.md b/Packs/ctf01/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..35ab8e5a32d9 --- /dev/null +++ b/Packs/ctf01/ReleaseNotes/1_0_3.md @@ -0,0 +1,6 @@ + +#### Playbooks + +##### CTF 1 - Get to know XSOAR8 + +- Playbook improvements. diff --git a/Packs/ctf01/pack_metadata.json b/Packs/ctf01/pack_metadata.json index 9fa1f4abd10f..8812cb6a2b2c 100644 --- a/Packs/ctf01/pack_metadata.json +++ b/Packs/ctf01/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Capture The Flag - 01", "description": "XSOAR's Capture the flag (CTF)", "support": "xsoar", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "serverMinVersion": "8.2.0", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex",