Merge branch 'contrib/SEKOIA-IO_Add/SekoiaXDR' into Add/SekoiaXDR

Packs/GoogleChrome/ParsingRules/GoogleChrome/GoogleChrome.xif

@@ -7,7 +7,10 @@ call GOOGLE_WORKSPACE_CHROME_PARSING_RULE;
 [RULE: GOOGLE_WORKSPACE_CHROME_PARSING_RULE]
 alter
 // Getting the JSON from either event OR events.
-    tmp_get_field = if(events = null, null, arrayindex(events -> [], 0) -> parameters[])
+    tmp_get_events_json = if(events = null, null, to_string(events) !~= "^\[", to_string(events) -> parameters[]),
+    tmp_get_events_jsonarray = if(events = null, null, to_string(events) ~= "^\[", arrayindex(to_string(events) -> [], 0) -> parameters[])
+| alter
+    tmp_get_field = coalesce(tmp_get_events_json, tmp_get_events_jsonarray)
 | alter
 // Get all of the keys and values.
     // Get all of the object names to a regex format.
@@ -19,14 +22,18 @@ alter
     parameters = if(event =null, to_string(regexcapture(tmp_get_values, tmp_get_keys)), event)
 
 // -------------- TIME --------------
-| alter tmp_time_stamp_string = replace(coalesce(parameters -> timestamp, parameters -> time), ".", "")
-| alter tmp_time_stamp_integer = to_integer(tmp_time_stamp_string)
-| alter tmp_len = len(tmp_time_stamp_string)
+| alter
+    tmp_get_timestamp_afterdot = arrayindex(regextract(coalesce(parameters -> timestamp, parameters -> time), "\.(\d+)"), 0),
+    tmp_get_timestamp_clean = replace(coalesce(parameters -> timestamp, parameters -> time), ".", "")
+| alter
+    tmp_check_afterdot = if(tmp_get_timestamp_afterdot = null, "", tmp_get_timestamp_afterdot ~= "^\d$", "00", tmp_get_timestamp_afterdot ~= "^\d{2}$", "0", tmp_get_timestamp_afterdot ~= "^\d{3}$", "")
+| alter
+    tmp_updated_timestamp_format = to_integer(concat(tmp_get_timestamp_clean, tmp_check_afterdot)),
+    tmp_updated_timestamp_len = len(concat(tmp_get_timestamp_clean, tmp_check_afterdot))
 // convert epoch representation to a datetime type timestamp
 // in_case of nanoseconds, we convert them to microseconds since to_timestamp does not support nanoseconds
 | alter _time = if( 
-    tmp_len = 10, to_timestamp(tmp_time_stamp_integer, "SECONDS"), 
-    tmp_len = 13, to_timestamp(tmp_time_stamp_integer, "MILLIS"),  
-    tmp_len = 16, to_timestamp(tmp_time_stamp_integer, "MICROS"),  
-    tmp_len = 19, to_timestamp(to_integer(divide(tmp_time_stamp_integer, 1000)), "MICROS")) 
-| fields -tmp*;
+    tmp_updated_timestamp_len = 10, to_timestamp(tmp_updated_timestamp_format, "SECONDS"), 
+    tmp_updated_timestamp_len = 13, to_timestamp(tmp_updated_timestamp_format, "MILLIS"),  
+    tmp_updated_timestamp_len = 16, to_timestamp(tmp_updated_timestamp_format, "MICROS"),  
+    tmp_updated_timestamp_len = 19, to_timestamp(to_integer(divide(tmp_updated_timestamp_format, 1000)), "MICROS"));

Packs/GoogleChrome/ReleaseNotes/1_0_3.md

@@ -0,0 +1,6 @@
+
+#### Parsing Rules
+
+##### Google Chrome Parsing Rule
+
+Updated the Parsing Rule logic, Added logic to support epoch time with missing digits representing Millis or Micros.

Packs/GoogleChrome/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Google Chrome",
     "description": "The official browser from Google. Chrome is a cross-platform web browser which brings you the best of Google.",
     "support": "xsoar",
-    "currentVersion": "1.0.2",
+    "currentVersion": "1.0.3",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/Maltiverse/Integrations/Maltiverse/README.md

@@ -71,7 +71,7 @@ Checks the reputation of an IP address
 ```!ip ip=8.8.8.8```
 
 ##### Human Readable Output
-![image](https://user-images.githubusercontent.com/61732335/79124252-98ce8000-7da4-11ea-9fdb-2534acebeeae.png)
+![image](../../doc_files/79124252-98ce8000-7da4-11ea-9fdb-2534acebeeae.png)
 
 ### 2. domain
 ---
@@ -120,7 +120,7 @@ Notice: Submitting indicators using this command might make the indicator data p
 ```!domain domain=google.com```
 
 ##### Human Readable Output
-![image](https://user-images.githubusercontent.com/61732335/79124344-ca474b80-7da4-11ea-8beb-cfeb362749c9.png)
+![image](../../doc_files/79124344-ca474b80-7da4-11ea-8beb-cfeb362749c9.png)
 
 
 
@@ -173,7 +173,7 @@ Notice: Submitting indicators using this command might make the indicator data p
 ```!url url=https://dv-expert.org```
 
 ##### Human Readable Output
-![image](https://user-images.githubusercontent.com/61732335/79124473-0d092380-7da5-11ea-9db6-145daec1dae1.png)
+![image](../../doc_files/79124473-0d092380-7da5-11ea-9db6-145daec1dae1.png)
 
 
 
@@ -233,7 +233,7 @@ Check the reputation of a file
 ```!file file=edb2f88c29844117cd74acf8bb357edf92487a1b142fe6f60b6ac5e15d2d718f```
 
 ##### Human Readable Output
-![image](https://user-images.githubusercontent.com/61732335/79423383-30abb400-7fc7-11ea-8fd5-4b8d3574d953.png)
+![image](../../doc_files/79423383-30abb400-7fc7-11ea-8fd5-4b8d3574d953.png)
 
 
 ## Additional Information

Packs/McAfee-MAR/Integrations/McAfee-MAR/README.md

@@ -21,13 +21,13 @@
 <h4>Prerequisite</h4>
 <p>Before you create a McAfee DXL certificate, make sure you have a Broker CA certificate (<code>brokercerts.crt</code>).</p>
 <ol>
-<li>Generate a certificate signing request (CSR) with a tool such as <a href="https://csrgenerator.com/" target="_blank" rel="noopener">CSR generator.</a><br><img src="https://user-images.githubusercontent.com/46249224/51332801-15c95780-1a85-11e9-9c10-9c80ce2644a5.png" alt="image">
+<li>Generate a certificate signing request (CSR) with a tool such as <a href="https://csrgenerator.com/" target="_blank" rel="noopener">CSR generator.</a><br><img src="../../doc_files/51332801-15c95780-1a85-11e9-9c10-9c80ce2644a5.png" alt="image">
 </li>
 <li>Save the CSR and the private key as separate files.</li>
 <li>Access your McAfee ePolicy Orchestrator environment.</li>
-<li>Navigate to <strong>Server Settings</strong>.<br><img src="https://user-images.githubusercontent.com/46249224/51327213-7eaad280-1a79-11e9-98a4-f38eaac9eb5f.png" alt="image">
+<li>Navigate to <strong>Server Settings</strong>.<br><img src="../../doc_files/51327213-7eaad280-1a79-11e9-98a4-f38eaac9eb5f.png" alt="image">
 </li>
-<li>Select <strong>DXL Certificates</strong> and click <strong>Edit</strong>.<br><img src="https://user-images.githubusercontent.com/46249224/51330887-237cde00-1a81-11e9-9cbf-e748467a1e87.png" alt="image">
+<li>Select <strong>DXL Certificates</strong> and click <strong>Edit</strong>.<br><img src="../../doc_files/51330887-237cde00-1a81-11e9-9cbf-e748467a1e87.png" alt="image">
 </li>
 <li>Click <strong>Import CSR</strong> and select the CSR file you created previously.</li>
 <li>Select your certificate and click <strong>Export Certificate</strong>.<br>This generates a CRT file.</li>
@@ -48,7 +48,7 @@
 </ul>
 </li>
 </ol>
-<p class="wysiwyg-indent3"><img src="https://raw.githubusercontent.com/demisto/content/ca13780e216a39751600dcb1e386d12f52fc8f25/docs/images/Integrations/integration-McAfee-MAR_McAfee_Active_Response.png" alt="McAfee_Active_Response.png"></p>
+<p class="wysiwyg-indent3"><img src="../../doc_files/integration-McAfee-MAR_McAfee_Active_Response.png" alt="McAfee_Active_Response.png"></p>
 <div class="cl-preview-section">
 <h2 id="configure-mcafee-active-response-on-demisto">Configure McAfee Active Response on Cortex XSOAR</h2>
 </div>
@@ -227,7 +227,7 @@
 <h5 id="human-readable-output">Human Readable Output</h5>
 </div>
 <div class="cl-preview-section">
-<p><img src="https://user-images.githubusercontent.com/46249224/53962321-6f4c1b00-40f3-11e9-9694-46e36aa9a85c.png" alt="image"></p>
+<p><img src="../../doc_files/53962321-6f4c1b00-40f3-11e9-9694-46e36aa9a85c.png" alt="image"></p>
 </div>
 <div class="cl-preview-section">
 <h3 id="get-a-list-of-collectors">2. Get a list of collectors</h3>
@@ -264,7 +264,7 @@
 <h5 id="human-readable-output-1">Human Readable Output</h5>
 </div>
 <div class="cl-preview-section">
-<p><img src="https://user-images.githubusercontent.com/46249224/53962359-8c80e980-40f3-11e9-95ec-01be67333154.png" alt="image"></p>
+<p><img src="../../doc_files/53962359-8c80e980-40f3-11e9-95ec-01be67333154.png" alt="image"></p>
 </div>
 <div class="cl-preview-section">
 <h3 id="search-endpoint-data-crossed-by-multiple-collectors">3. Search endpoint data crossed by multiple collectors</h3>
@@ -391,7 +391,7 @@
 <h5 id="human-readable-output-2">Human Readable Output</h5>
 </div>
 <div class="cl-preview-section">
-<p><img src="https://user-images.githubusercontent.com/46249224/53962402-a7535e00-40f3-11e9-90d7-65d334ae475f.png" alt="image"></p>
+<p><img src="../../doc_files/53962402-a7535e00-40f3-11e9-90d7-65d334ae475f.png" alt="image"></p>
 </div>
 <div class="cl-preview-section">
 <h3 id="get-information-for-services">4. Get information for services</h3>
@@ -530,7 +530,7 @@
 <h5 id="human-readable-output-3">Human Readable Output</h5>
 </div>
 <div class="cl-preview-section">
-<p><img src="https://user-images.githubusercontent.com/46249224/53962439-c18d3c00-40f3-11e9-9716-4876d3291139.png" alt="image"></p>
+<p><img src="../../doc_files/53962439-c18d3c00-40f3-11e9-9716-4876d3291139.png" alt="image"></p>
 </div>
 <div class="cl-preview-section">
 <h3 id="get-information-for-processes">5. Get information for processes</h3>
@@ -717,7 +717,7 @@
 <h5 id="human-readable-output-4">Human Readable Output</h5>
 </div>
 <div class="cl-preview-section">
-<p><img src="https://user-images.githubusercontent.com/46249224/53962484-db2e8380-40f3-11e9-80d6-a3b6b5b3f688.png" alt="image"></p>
+<p><img src="../../doc_files/53962484-db2e8380-40f3-11e9-80d6-a3b6b5b3f688.png" alt="image"></p>
 </div>
 <div class="cl-preview-section">
 <h3 id="get-information-for-winregistry">6. Get information for WinRegistry</h3>
@@ -1209,7 +1209,7 @@
 <h5 id="human-readable-output-5">Human Readable Output</h5>
 </div>
 <div class="cl-preview-section">
-<p><img src="https://user-images.githubusercontent.com/46249224/53962572-192ba780-40f4-11e9-8e89-f8b1bd3bb2d4.png" alt="image"></p>
+<p><img src="../../doc_files/53962572-192ba780-40f4-11e9-8e89-f8b1bd3bb2d4.png" alt="image"></p>
 </div>
 <div class="cl-preview-section">
 <h3 id="get-information-for-scheduled-tasks">10. Get information for scheduled tasks</h3>
@@ -1347,7 +1347,7 @@
 <h5 id="human-readable-output-6">Human Readable Output</h5>
 </div>
 <div class="cl-preview-section">
-<p><img src="https://user-images.githubusercontent.com/46249224/53962702-6e67b900-40f4-11e9-825a-06f1e377c323.png" alt="image"></p>
+<p><img src="../../doc_files/53962702-6e67b900-40f4-11e9-825a-06f1e377c323.png" alt="image"></p>
 </div>
 <div class="cl-preview-section">
 <h3 id="get-information-for-hosts">11. Get information for hosts</h3>
@@ -1458,6 +1458,6 @@
 <h5 id="human-readable-output-7">Human Readable Output</h5>
 </div>
 <div class="cl-preview-section">
-<p><img src="https://user-images.githubusercontent.com/46249224/53962741-88a19700-40f4-11e9-8443-73e9bba8badb.png" alt="image"></p>
+<p><img src="../../doc_files/53962741-88a19700-40f4-11e9-8443-73e9bba8badb.png" alt="image"></p>
 </div>
 </div>

Packs/McAfee-TIE/Integrations/McAfee-TIE/README.md

@@ -135,7 +135,7 @@
 <pre>!file file=3d720dc2b8b0ff23f616aa850447e702eb89047e</pre>
 <h5 class="code-line" data-line-start="67" data-line-end="68">
 <a id="Human_Readable_Output_67"></a>Human Readable Output</h5>
-<p class="has-line-data" data-line-start="68" data-line-end="69"><img src="https://user-images.githubusercontent.com/50324325/62193823-43228680-b381-11e9-94c6-1a31e905b14e.png" alt="image"></p>
+<p class="has-line-data" data-line-start="68" data-line-end="69"><img src="../../doc_files/62193823-43228680-b381-11e9-94c6-1a31e905b14e.png" alt="image"></p>
 <h3 id="h_e37c9af6-dce4-4198-bd27-2c152fc253b1" class="code-line" data-line-start="70" data-line-end="71">
 <a id="2_Set_the_enterprise_reputation_for_a_file_70"></a>2. Set the enterprise reputation for a file</h3>
 <hr>
@@ -186,7 +186,7 @@
 </pre>
 <h5 class="code-line" data-line-start="95" data-line-end="96">
 <a id="Human_Readable_Output_95"></a>Human Readable Output</h5>
-<p class="has-line-data" data-line-start="96" data-line-end="97"><img src="https://user-images.githubusercontent.com/50324325/62193925-7402bb80-b381-11e9-948e-a9467a62b61b.png" alt="image"></p>
+<p class="has-line-data" data-line-start="96" data-line-end="97"><img src="../../doc_files/62193925-7402bb80-b381-11e9-948e-a9467a62b61b.png" alt="image"></p>
 <h3 id="h_f459cc8b-6849-4afa-be3c-2aaa5c96a7d0" class="code-line" data-line-start="99" data-line-end="100">
 <a id="3_Get_the_systems_that_referenced_a_file_99"></a>3. Get the systems that referenced a file</h3>
 <hr>
@@ -258,4 +258,4 @@
 </pre>
 <h5 class="code-line" data-line-start="128" data-line-end="129">
 <a id="Human_Readable_Output_128"></a>Human Readable Output</h5>
-<p class="has-line-data" data-line-start="129" data-line-end="130"><img src="https://user-images.githubusercontent.com/50324325/62193959-8e3c9980-b381-11e9-8f6a-c2c90c57118a.png" alt="image"></p>
+<p class="has-line-data" data-line-start="129" data-line-end="130"><img src="../../doc_files/62193959-8e3c9980-b381-11e9-8f6a-c2c90c57118a.png" alt="image"></p>

Packs/McAfeeNSM/Integrations/McAfeeNSM/README.md

@@ -102,7 +102,7 @@
 }
 </pre>
 <h5>Human Readable Output</h5>
-<p><a href="https://user-images.githubusercontent.com/35098543/46800139-7565e780-cd5f-11e8-81d6-02f79db8dddf.png" target="_blank" rel="noopener noreferrer"><img src="https://user-images.githubusercontent.com/35098543/46800139-7565e780-cd5f-11e8-81d6-02f79db8dddf.png" alt="image" width="751" height="274"></a></p>
+<p><a href="../../doc_files/46800139-7565e780-cd5f-11e8-81d6-02f79db8dddf.png" target="_blank" rel="noopener noreferrer"><img src="../../doc_files/46800139-7565e780-cd5f-11e8-81d6-02f79db8dddf.png" alt="image" width="751" height="274"></a></p>
 <h3 id="h_104113752811539684881373">2. Get all domains</h3>
 <hr>
 <p>Returns all domains.</p>
@@ -162,7 +162,7 @@
 }
 </pre>
 <h5>Human Readable Output</h5>
-<p><a href="https://user-images.githubusercontent.com/35098543/46800212-a5ad8600-cd5f-11e8-8f11-86ebf0f2ca56.png" target="_blank" rel="noopener noreferrer"><img src="https://user-images.githubusercontent.com/35098543/46800212-a5ad8600-cd5f-11e8-8f11-86ebf0f2ca56.png" alt="image" width="751" height="128"></a></p>
+<p><a href="../../doc_files/46800212-a5ad8600-cd5f-11e8-8f11-86ebf0f2ca56.png" target="_blank" rel="noopener noreferrer"><img src="../../doc_files/46800212-a5ad8600-cd5f-11e8-8f11-86ebf0f2ca56.png" alt="image" width="751" height="128"></a></p>
 <h3 id="h_1631259691571539684929078">3. Get alerts</h3>
 <hr>
 <p>Returns alerts according to query parameters.</p>
@@ -651,7 +651,7 @@
 }
 </pre>
 <h5>Human Readable Output</h5>
-<p><a href="https://user-images.githubusercontent.com/35098543/46800465-6cc1e100-cd60-11e8-972a-35871783836f.png" target="_blank" rel="noopener noreferrer"><img src="https://user-images.githubusercontent.com/35098543/46800465-6cc1e100-cd60-11e8-972a-35871783836f.png" alt="image" width="753" height="328"></a></p>
+<p><a href="../../doc_files/46800465-6cc1e100-cd60-11e8-972a-35871783836f.png" target="_blank" rel="noopener noreferrer"><img src="../../doc_files/46800465-6cc1e100-cd60-11e8-972a-35871783836f.png" alt="image" width="753" height="328"></a></p>
 <h3 id="h_135223014451539685246613">7. Get policy details for a single IPS policy</h3>
 <hr>
 <p>Returns policy details for the specified IPS policy.</p>
@@ -741,7 +741,7 @@
 <h5>Command Example</h5>
 <pre><code>!nsm-get-ips-policy-details policy_id=0</code></pre>
 <h5>Human Readable Output</h5>
-<p><a href="https://user-images.githubusercontent.com/35098543/46800954-ead2b780-cd61-11e8-90d5-b2ee2a75980e.png" target="_blank" rel="noopener noreferrer"><img src="https://user-images.githubusercontent.com/35098543/46800954-ead2b780-cd61-11e8-90d5-b2ee2a75980e.png" alt="image" width="750" height="248"></a></p>
+<p><a href="../../doc_files/46800954-ead2b780-cd61-11e8-90d5-b2ee2a75980e.png" target="_blank" rel="noopener noreferrer"><img src="../../doc_files/46800954-ead2b780-cd61-11e8-90d5-b2ee2a75980e.png" alt="image" width="750" height="248"></a></p>
 <h3 id="h_3782375735151539685390349">8. Get all attack definitions</h3>
 <hr>
 <p>Returns all available attack definitions in McAfee NSM.</p>
@@ -819,7 +819,7 @@
 }
 </pre>
 <h5>Human Readable Output</h5>
-<p><a href="https://user-images.githubusercontent.com/35098543/46801086-4bfa8b00-cd62-11e8-90f6-f292a615d366.png" target="_blank" rel="noopener noreferrer"><img src="https://user-images.githubusercontent.com/35098543/46801086-4bfa8b00-cd62-11e8-90f6-f292a615d366.png" alt="image" width="751" height="226"></a></p>
+<p><a href="../../doc_files/46801086-4bfa8b00-cd62-11e8-90f6-f292a615d366.png" target="_blank" rel="noopener noreferrer"><img src="../../doc_files/46801086-4bfa8b00-cd62-11e8-90f6-f292a615d366.png" alt="image" width="751" height="226"></a></p>
 <h2>Troubleshooting</h2>
 <hr>
 <p>If you receive an <code>401 Unauthorized</code> error, the user credentials may be incorrect.</p>