Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(sekoiaiocti): fix returned information for unknown indicator #3

Closed
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -549,7 +549,7 @@ def parse_filter_field(string_filters) -> dict:
try:
filters_list = string_filters.split(';')
filters = {split_str[0].split('=')[1]: [{'Value': split_str[1].split('=')[1],
'Comparison':split_str[2].split('=')[1].upper()}]
'Comparison': split_str[2].split('=')[1].upper()}]
for split_str in [filter_str.split(',') for filter_str in filters_list]}
except Exception:
demisto.error(f'Failed parsing filters: {string_filters}\n error: {Exception}')
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,7 @@ script:
- description: The identifier of the finding that was specified by the finding. Can be retrieved using the 'aws-securityhub-get-findings' command provider.
name: finding_identifiers_id
required: true
- description: The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration. Can be retrieved using the 'aws-securityhub-get-findings' command
- description: The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration. Can be retrieved using the 'aws-securityhub-get-findings' command.
name: finding_identifiers_product_arn
required: true
- description: The updated note text.
Expand All @@ -260,7 +260,7 @@ script:
- TRUE_POSITIVE
- FALSE_POSITIVE
- BENIGN_POSITIVE
- description: "One or more finding types in the format of namespace/category/classifier that classify a finding. Valid namespace values are as follows. * Software and Configuration Checks * TTPs * Effects * Unusual Behaviors * Sensitive Data Identifications"
- description: "One or more finding types in the format of namespace/category/classifier that classify a finding. Valid namespace values are as follows. * Software and Configuration Checks * TTPs * Effects * Unusual Behaviors * Sensitive Data Identifications."
name: types
- description: A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
name: user_defined_fields
Expand Down Expand Up @@ -308,7 +308,7 @@ script:
name: roleSessionDuration
- description: Override arguments and send a formatted JSON file.
name: raw_json
- description: 'List of Tags separated by Key Value. For example: "key=key1,value=value1;key=key2,value=value2"'
- description: 'List of Tags separated by Key Value. For example: "key=key1,value=value1;key=key2,value=value2".'
name: tags
description: Enables Security Hub for your account in the current Region or the Region you specify in the request. Enabling Security Hub also enables the CIS AWS Foundations standard. When you enable Security Hub, you grant to Security Hub the permissions necessary to gather findings from AWS Config, Amazon GuardDuty, Amazon Inspector, and Amazon Macie. To learn more, see Setting Up AWS Security Hub.
name: aws-securityhub-enable-security-hub
Expand All @@ -326,7 +326,7 @@ script:
- description: The string filter value.
name: product_arn_value
- auto: PREDEFINED
description: The condition to be applied to a string value when querying for findings
description: The condition to be applied to a string value when querying for findings.
name: product_arn_comparison
predefined:
- EQUALS
Expand Down Expand Up @@ -875,7 +875,7 @@ script:
description: The AWS account ID that a finding is generated in.
type: string
- contextPath: AWS-SecurityHub.Findings.Types
description: 'One or more finding types in the format of namespace/category/classifier that classify a finding. Valid namespace values are as follows. Software and Configuration Checks, TTPs, Effects, Unusual Behaviors, Sensitive Data Identifications'
description: 'One or more finding types in the format of namespace/category/classifier that classify a finding. Valid namespace values are as follows. Software and Configuration Checks, TTPs, Effects, Unusual Behaviors, Sensitive Data Identifications.'
type: Unknown
- contextPath: AWS-SecurityHub.Findings.FirstObservedAt
description: An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.
Expand Down Expand Up @@ -1476,7 +1476,7 @@ script:
- description: Override arguments and send a formatted JSON file.
name: raw_json
- auto: PREDEFINED
description: <p>Specifies which member accounts the response includes based on their relationship status with the master account. The default value is <code>TRUE</code>. If <code>onlyAssociated</code> is set to <code>TRUE</code>, the response includes member accounts whose relationship status with the master is set to <code>ENABLED</code> or <code>DISABLED</code>. If <code>onlyAssociated</code> is set to <code>FALSE</code>, the response includes all existing member accounts. </p>
description: <p>Specifies which member accounts the response includes based on their relationship status with the master account. The default value is <code>TRUE</code>. If <code>onlyAssociated</code> is set to <code>TRUE</code>, the response includes member accounts whose relationship status with the master is set to <code>ENABLED</code> or <code>DISABLED</code>. If <code>onlyAssociated</code> is set to <code>FALSE</code>, the response includes all existing member accounts. </p>.
name: only_associated
predefined:
- 'True'
Expand Down Expand Up @@ -2068,7 +2068,7 @@ script:
description: The UTC timestamp in seconds since the last update. The incident is only updated if it was modified after the last update time.
- name: get-mapping-fields
description: Returns the list of fields to map in outgoing mirroring. This command is only used for debugging purposes.
dockerimage: demisto/boto3py3:1.0.0.72851
dockerimage: demisto/boto3py3:1.0.0.79189
isfetch: true
ismappable: true
isremotesyncin: true
Expand Down
6 changes: 6 additions & 0 deletions Packs/AWS-SecurityHub/ReleaseNotes/1_3_15.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@

#### Integrations

##### AWS - Security Hub

- Updated the Docker image to: *demisto/boto3py3:1.0.0.79189*.
2 changes: 1 addition & 1 deletion Packs/AWS-SecurityHub/pack_metadata.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "AWS - Security Hub",
"description": "Amazon Web Services Security Hub Service.",
"support": "xsoar",
"currentVersion": "1.3.14",
"currentVersion": "1.3.15",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down
6 changes: 6 additions & 0 deletions Packs/CommunityCommonScripts/ReleaseNotes/1_1_1.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@

#### Scripts

##### ExtFilter

- Updated the Docker image to: *demisto/python3:3.10.13.78960*.
Original file line number Diff line number Diff line change
Expand Up @@ -483,7 +483,7 @@
:param dx: The demisto context.
:param node: The current node.
:return: The value extracted.
"""

Check failure on line 486 in Packs/CommunityCommonScripts/Scripts/ExtFilter/ExtFilter.py

View workflow job for this annotation

GitHub Actions / pre-commit

Ruff (E501)

Packs/CommunityCommonScripts/Scripts/ExtFilter/ExtFilter.py:486:131: E501 Line too long (165 > 130 characters)
return Formatter('${', '}', False).build(source, extract_dt, dx, node)


Expand Down Expand Up @@ -936,7 +936,7 @@
r, conds, path, True) for r in root] if v])
elif not isinstance(root, dict):
return None
(parent, parent_path),\
(parent, parent_path), \
(child, child_name) = get_parent_child(root, path)

for x in self.__conds_items(conds, root):
Expand Down
10 changes: 5 additions & 5 deletions Packs/CommunityCommonScripts/Scripts/ExtFilter/ExtFilter.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,10 @@ system: true
args:
- name: value
required: true
description: Value to be filtered
description: Value to be filtered.
isArray: true
- name: path
description: Context Path to which to filter
description: Context Path to which to filter.
- name: operation
required: true
auto: PREDEFINED
Expand Down Expand Up @@ -149,11 +149,11 @@ args:
- 'wildcard: matches caseless'
- is individually transformed with
- is collectively transformed with
description: 'Filter Operation: value is filtered by,is filtered by,keeps,doesn''t keep,is,isn''t,equals,doesn''t equal,greater or equal,greater than,less or equal,less than,in range,starts with,starts with caseless,doesn''t start with,doesn''t start with caseless,email-header: decode,ends with,ends with caseless,doesn''t end with,doesn''t end with caseless,includes,includes caseless,doesn''t include,doesn''t include caseless,finds,finds caseless,doesn''t find,doesn''t find caseless,matches,matches caseless,doesn''t match,doesn''t match caseless,matches wildcard,matches caseless wildcard,doesn''t match wildcard,doesn''t match caseless wildcard,matches regex,matches caseless regex,doesn''t match regex,doesn''t match caseless regex,in list,in caseless list,not in list,not in caseless list,contains,contains caseless,doesn''t contain,doesn''t contain caseless,contains any match with wildcard,contains any match with caseless wildcard,doesn''t contain any match with wildcard,doesn''t contain any match with caseless wildcard,contains any match with regex,contains any match with caseless regex,doesn''t contain any match with regex,doesn''t contain any match with caseless regex,matches wildcard,matches caseless wildcard,doesn''t match wildcard,doesn''t match caseless wildcard,matches regex,matches caseless regex,doesn''t match regex,doesn''t match caseless regex,matches any string of,matches any caseless string of,doesn''t match any string of,doesn''t match any caseless string of,,matches any line of,,matches any caseless line of,,doesn''t match any line of,,doesn''t match any caseless line of,matches any wildcard of,matches any caseless wildcard of,doesn''t match any wildcard of,doesn''t match any caseless wildcard of,matches any regex of,matches any caseless regex of,doesn''t match any regex of,doesn''t match any caseless regex of,matches conditions of,matches custom conditions of,value matches conditions of,value matches custom conditions of,===,!==,==,!=,>=,>,<=,<'
description: 'Filter Operation: value is filtered by,is filtered by,keeps,doesn''t keep,is,isn''t,equals,doesn''t equal,greater or equal,greater than,less or equal,less than,in range,starts with,starts with caseless,doesn''t start with,doesn''t start with caseless,email-header: decode,ends with,ends with caseless,doesn''t end with,doesn''t end with caseless,includes,includes caseless,doesn''t include,doesn''t include caseless,finds,finds caseless,doesn''t find,doesn''t find caseless,matches,matches caseless,doesn''t match,doesn''t match caseless,matches wildcard,matches caseless wildcard,doesn''t match wildcard,doesn''t match caseless wildcard,matches regex,matches caseless regex,doesn''t match regex,doesn''t match caseless regex,in list,in caseless list,not in list,not in caseless list,contains,contains caseless,doesn''t contain,doesn''t contain caseless,contains any match with wildcard,contains any match with caseless wildcard,doesn''t contain any match with wildcard,doesn''t contain any match with caseless wildcard,contains any match with regex,contains any match with caseless regex,doesn''t contain any match with regex,doesn''t contain any match with caseless regex,matches wildcard,matches caseless wildcard,doesn''t match wildcard,doesn''t match caseless wildcard,matches regex,matches caseless regex,doesn''t match regex,doesn''t match caseless regex,matches any string of,matches any caseless string of,doesn''t match any string of,doesn''t match any caseless string of,,matches any line of,,matches any caseless line of,,doesn''t match any line of,,doesn''t match any caseless line of,matches any wildcard of,matches any caseless wildcard of,doesn''t match any wildcard of,doesn''t match any caseless wildcard of,matches any regex of,matches any caseless regex of,doesn''t match any regex of,doesn''t match any caseless regex of,matches conditions of,matches custom conditions of,value matches conditions of,value matches custom conditions of,===,!==,==,!=,>=,>,<=,<.'
isArray: true
- name: filter
required: true
description: Filter Value
description: Filter Value.
- name: ctx_demisto
description: '`demisto` context: Input . (single dot) on `From previous tasks` to enable to extract the context data.'
- name: ctx_inputs
Expand All @@ -164,7 +164,7 @@ args:
description: '`demisto` context: Input ''incident'' (no quotation) on `From previous tasks` to enable ${incident.} expression in DT.'
scripttarget: 0
subtype: python3
dockerimage: demisto/python3:3.10.12.63474
dockerimage: demisto/python3:3.10.13.78960
runas: DBotWeakRole
fromversion: 5.0.0
tests:
Expand Down
2 changes: 1 addition & 1 deletion Packs/CommunityCommonScripts/pack_metadata.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "Community Common Scripts",
"description": "A pack that contains community scripts",
"support": "community",
"currentVersion": "1.1.0",
"currentVersion": "1.1.1",
"author": "",
"url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions",
"email": "",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ def initialise_scrolls_and_rules():

def initialize_global_values():

global URL, MAX_INCIDENTS_TO_FETCH, COOKIE, AUTH_HEADERS,\
global URL, MAX_INCIDENTS_TO_FETCH, COOKIE, AUTH_HEADERS, \
CLIENT_ID, CLIENT_SECRET, AUTH_HEADERS, DOMAIN, AUTHORIZATION

CLIENT_ID = demisto.getParam('client_id')
Expand Down
22 changes: 11 additions & 11 deletions Packs/ConcentricAI/Integrations/ConcentricAI/ConcentricAI.yml
Original file line number Diff line number Diff line change
Expand Up @@ -61,13 +61,13 @@ name: ConcentricAI
script:
commands:
- arguments:
- description: Path of the file
- description: Path of the file.
name: path
required: true
- description: Name of File
- description: Name of File.
name: file-name
required: true
description: Get's file information
description: Get's file information.
name: concentricai-get-file-details
outputs:
- contextPath: ConcentricAI.FileInfo.risk_names
Expand All @@ -77,29 +77,29 @@ script:
description: owner Details.
type: String
- contextPath: ConcentricAI.FileInfo.pii
description: PII present in file or not
description: PII present in file or not.
type: String
- contextPath: ConcentricAI.FileInfo.cid
description: File ID
description: File ID.
type: String
- arguments:
- default: true
defaultValue: '50'
description: Maximum no. of users fetched per category.
name: max_users
description: Get overview of Users involved
description: Get overview of Users involved.
name: concentricai-get-users-overview
- arguments:
- description: Enter user name
- description: Enter user name.
name: user
required: true
description: Get's user details
description: Get's user details.
name: concentricai-get-user-details
- arguments:
- description: File ID
- description: File ID.
name: cid
required: true
description: Get's file sharing details
description: Get's file sharing details.
name: concentricai-get-file-sharing-details
outputs:
- contextPath: ConcentricAI.FileSharingInfo.type
Expand All @@ -108,7 +108,7 @@ script:
- contextPath: ConcentricAI.FileSharingInfo.user_name
description: User name.
type: Array
dockerimage: demisto/python3:3.10.12.68714
dockerimage: demisto/python3:3.10.13.78960
isfetch: true
runonce: false
script: '-'
Expand Down
6 changes: 6 additions & 0 deletions Packs/ConcentricAI/ReleaseNotes/1_2_9.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@

#### Integrations

##### ConcentricAI

- Updated the Docker image to: *demisto/python3:3.10.13.78960*.
4 changes: 2 additions & 2 deletions Packs/ConcentricAI/pack_metadata.json
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
{
"name": "ConcentricAI",
"description": "Plugin for Concentric.ai Concentric\u2019s Semantic Intelligence\u2122 solution discovers and protects business critical, unstructured data.\nWe use deep learning to identify risky sharing, inappropriate third party access, assets in the wrong location, \nmis-classified documents, or lateral movement of data \u2013 all without rules or complex upfront configuration.",
"description": "Plugin for Concentric.ai Concentric’s Semantic Intelligence solution discovers and protects business critical, unstructured data.\nWe use deep learning to identify risky sharing, inappropriate third party access, assets in the wrong location, \nmis-classified documents, or lateral movement of data all without rules or complex upfront configuration.",
"support": "partner",
"currentVersion": "1.2.8",
"currentVersion": "1.2.9",
"author": "Shams Hasan Rizvi",
"url": "https://concentric.ai",
"email": "[email protected]",
Expand Down
8 changes: 4 additions & 4 deletions Packs/Cybereason/Integrations/Cybereason/Cybereason.py
Original file line number Diff line number Diff line change
Expand Up @@ -666,7 +666,7 @@ def malop_processes_command(client: Client, args: dict):
raise DemistoException("dateTime could not be parsed. Please enter a valid time parameter.")
date_time_parser = date_time_parser.timestamp()
milliseconds = int(date_time_parser * 1000)
filter_input = [{"facetName": "creationTime", "filterType": "GreaterThan", "values": [milliseconds], "isResult":True}]
filter_input = [{"facetName": "creationTime", "filterType": "GreaterThan", "values": [milliseconds], "isResult": True}]

if isinstance(malop_guids, str):
malop_guids = malop_guids.split(',')
Expand Down Expand Up @@ -1620,16 +1620,16 @@ def fetch_malop_processes(client: Client, malop_id: str) -> list:
{
"requestedType": "MalopProcess",
"filters": [],
"guidList":[malop_id],
"connectionFeature":{
"guidList": [malop_id],
"connectionFeature": {
"elementInstanceType": "MalopProcess",
"featureName": "suspects"
}
},
{
"requestedType": "Process",
"filters": [],
"isResult":True
"isResult": True
}
],
"totalResultLimit": 1000,
Expand Down
Loading
Loading