Pulling latest code from official cortex repo by haribalaji-ravi · Pull Request #3 · cohesity/cortex-xsoar

haribalaji-ravi · 2026-04-09T05:14:08Z

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

In Progress
Ready
In Hold - (Reason for hold)

Related Issues

fixes: link to the issue

Description

A few sentences describing the overall goals of the pull request's commits.

Screenshots

Paste here any images that will help the reviewer

Minimum version of Cortex XSOAR

6.0.0
6.1.0
6.2.0
6.5.0

Does it break backward compatibility?

Yes
- Further details:
No

Must have

Tests
Documentation

* add to agents * Bump pack from version AIAgents to 1.0.16. * Update 1_0_16.md * Update 1_0_16.md --------- Co-authored-by: Content Bot <[email protected]>

* Modified get_properties_clientip * Removed redundant config case_sensitive * Added RN

…PI (#43198) * Add timeout argument to core-api-install-packs command in Core Rest API * Update version release notes after merge

* small fix * small fix * small fix * breaking changes note * breaking changes note * fix after review * merged from master * merged from master * merged from master * merged from master * merged from master * fix tests * fix tests * fix tests * small fixes * add readme * fix raw string * fix after ai review * fix after ai review * fix after ai review * small fixes * samll readme * samll readme * samll readme * small readme * docstring fix * docstring fix * small fix * small fix * small fix * small fix * fix after reviews * fix after doc-review * small fix * small fix * small fix * small fix * fixes after review * fixes after review * fix ip-enrichment * fix ip-enrichment * from version for tpb

* Added sleep after search creating * pre commit fix + bump version * fix validation

* Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes * Updated ModelingRules * Updated ParsingRules * Updated ReleaseNotes * Updated ReleaseNotes

* Fix 404 error handling in Abnormal Security fetch-incidents (#43187) * Fix 404 error handling in Abnormal Security threat incident fetching When a threat is deleted or archived, the API returns 404. Previously this aborted the entire fetch-incidents process. Now 404 errors are caught and the threat is skipped, allowing remaining threats to be processed. Co-Authored-By: Claude Opus 4.6 <[email protected]> * Extend error handling to all fetch-incidents entity loops - Added _is_skippable_error helper: skips all 4xx except 401, 403, 429 - Applied error handling to generate_abuse_campaign_incidents - Applied error handling to generate_account_takeover_cases_incidents - Updated generate_threat_incidents to use the new helper - Added comprehensive parametrized tests for all three functions Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * Add Divesh Kumar to CONTRIBUTORS.json Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * Use e.res.status_code instead of regex for error classification Address review feedback: extract HTTP status code directly from DemistoException.res.status_code rather than parsing the error string with regex. More reliable and cleaner. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * Add missing created field to pack_metadata.json Address content-bot review: add mandatory created timestamp (ISO 8601 format) based on original pack commit date. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> --------- Co-authored-by: Claude Opus 4.6 <[email protected]> * Update docker image --------- Co-authored-by: Divesh Kumar <[email protected]> Co-authored-by: Claude Opus 4.6 <[email protected]> Co-authored-by: Kamal Qarain <[email protected]>

* added the domain command * without the pipe char * fix validation * CR changes * update docker

* [SearchIndicatorInEvents] Add error handling * Improve time frame handling by passing it as a query parameter * Fix * Update docker image * Bump pack from version Core to 3.5.13. * Empty --------- Co-authored-by: Content Bot <[email protected]>

* init * improve * add * change filter timestamp * add test * remove comment * ruff * fix test * add retry * improve tests * add test * fix test * disable capfd * pre commit * cr * more cr * refactor * fix test * todo * tyopo * fixes * Apply suggestions from code review Co-authored-by: julieschwartz18 <[email protected]> * cr * empty line * fix test * improve comment * add image * Demo fixes * cr * fix test * add ignore --------- Co-authored-by: julieschwartz18 <[email protected]>

* changes to slack * changes to modeling rule of slack: * added release notes * changed to parsing rule due to AI reviewer * fixed docs due to CR * changes to modeling * commented out fields for check * commented out fields for check * added comments: * Bump pack from version Slack to 3.5.41. * Bump pack from version Slack to 3.5.42. * Bump pack from version Slack to 3.5.43. * changed id in yml * changed id in yml * updated release notes * updated release notes * opened new directory * revert to master: * change to yml * change to yml * changes to modeling rule * changes to id * changed yml version: * changed files --------- Co-authored-by: Content Bot <[email protected]>

* Fix for snapshot not sealed correctly.

* Initial release notes for itdr-refactor-excessive-user-account-lockouts * Sync release notes from GitLab (8b176997) * Sync release notes from GitLab (c04b019b) * Sync release notes from GitLab (032e5acf) * added GR109 to pack ignore * Sync release notes from GitLab (437bbfad) * Sync release notes from GitLab (397b88e5) * Sync release notes from GitLab (d490fc4e) * Sync release notes from GitLab (d3a88d0a) --------- Co-authored-by: CI Bot <[email protected]> Co-authored-by: idovandijk <[email protected]>

* Fix python * Fixed ruff * Update docker image

* Initial release notes for suspicious_CA_refactor * Sync release notes from GitLab (8d2ac984) * rn * ignore * Sync release notes from GitLab (c2c0273b) * Sync release notes from GitLab (02cf3ecd) * Sync release notes from GitLab (5e3d40d9) --------- Co-authored-by: CI Bot <[email protected]> Co-authored-by: ArikDay <[email protected]> Co-authored-by: ArikDay <[email protected]>

…ks (#43306) * Added GR109 to all affected playbooks * spaces * comment wording alignment * removed extra GR109 after merge from master --------- Co-authored-by: Sasha Sokolovich <[email protected]>

* Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes

…dule (#43214) * Initial release notes for ss_refactore_silent-Rundll32.exe-executes-a-rare-unsigned-module * Update .pack-ignore * Sync release notes from GitLab (c1b16203) * Sync release notes from GitLab (45eaf638) --------- Co-authored-by: CI Bot <[email protected]> Co-authored-by: Sasha Sokolovich <[email protected]> Co-authored-by: OmriItzhak <[email protected]>

* added xdm for citrix_daas_raw * Added Citrix_Daas fields to schema * added citrix daas integration to readme.md * release notes * validate + pre-commit + metadata * Trigger AI Reviewer * Trigger AI Reviewer * readme.md * fixed an issue where 'IsSuccessful' was vlassified as 'bool' * readme enhancement + metadata +yml + xif * revert yml back to original * removed supportedmodules from metadata, after consulting with Adi * removed 'xdm.event.operation' from mapping, as we currently can't assign enum --------- Co-authored-by: Content Bot <[email protected]>

* Initial release notes for fix-playbooks-bugs * revert hard-coded pipeline id * add explanation * add explanation --------- Co-authored-by: CI Bot <[email protected]> Co-authored-by: Tal <[email protected]>

* Fix/XSUP-64182/IPv6 regex with new line * Update Packs/CommonTypes/ReleaseNotes/3_10_3.md Co-authored-by: Richard Bluestone <[email protected]> --------- Co-authored-by: Richard Bluestone <[email protected]>

* unit 42 url encode issue * fix url split and encoding fragment issues * pty commit * fix ut

* Fix bug when iterating over results * Add CONTRIBUTORS.json * Bump pack version and add release notes Co-authored-by: Torbjørn Lium <[email protected]>

…modules. (#43229) * rn * Bump pack from version AIAgents to 1.0.17. --------- Co-authored-by: Content Bot <[email protected]>

* Initial release notes for ntds_playbooks_enhancement * Sync release notes from GitLab (782fd5dc) * Bump pack from version CortexResponseAndRemediation to 1.2.93. * Bump pack from version CortexResponseAndRemediation to 1.2.94. * Sync release notes from GitLab (46465636) * Bump pack from version CortexResponseAndRemediation to 1.2.96. * Sync release notes from GitLab (9d8d8a1d) * Sync release notes from GitLab (d85b6a4f) * Sync release notes from GitLab (34bde151) * Sync release notes from GitLab (379119a8) * Sync release notes from GitLab (63c9ab07) * Sync release notes from GitLab (c9b19432) * bump rn * bump * Sync release notes from GitLab (06d6d30a) * Sync release notes from GitLab (4202914e) * bump * Bump pack from version CortexResponseAndRemediation to 1.3.3. * Sync release notes from GitLab (f9c78f5b) * Sync release notes from GitLab (551cb49a) --------- Co-authored-by: CI Bot <[email protected]> Co-authored-by: OmriItzhak <[email protected]> Co-authored-by: Content Bot <[email protected]> Co-authored-by: OmriItzhak <[email protected]>

…ity) (#43033) * first commit * update docker * update RN * Trigger AI Reviewer * Bump pack from version CommonScripts to 1.20.79. * Bump pack from version Base to 1.41.62. * Bump pack from version CommonScripts to 1.20.80. * Bump pack from version Base to 1.41.63. * Bump pack from version CommonScripts to 1.20.81. * Bump pack from version CommonScripts to 1.20.82. * Bump pack from version Base to 1.41.64. * Update 1_20_82.md * Update GetDockerImageLatestTag.yml * pre commit * Update GetDockerImageLatestTag.yml * Bump pack from version CommonScripts to 1.20.83. * Bump pack from version Base to 1.41.65. * first commit --------- Co-authored-by: Content Bot <[email protected]> Co-authored-by: Content Bot <[email protected]>

* Perform agent heartbeat * change agent to endpoint * fix ai review * fix to send * RN * unittests * Update CortexPlatformCore.py * Update CortexPlatformCore_test.py * Bump pack from version Core to 3.5.13. * Bump pack from version Core to 3.5.14. * fix pre-commit --------- Co-authored-by: Content Bot <[email protected]>

* fix: TAXII2 partial labels - XSUP-65746 - Fix add_sdo_required_field_2_1 to map tags -> labels for TAXII 2.1 SDO types (indicator, malware, report, threat-actor, tool). Previously this mapping only existed for TAXII 2.0, causing all SDO labels to be missing when serving TAXII 2.1 (the default). - Fix convert_sco_to_indicator_sdo to merge score-based labels with custom tags from CustomFields.tags. Previously only a single score-based label was emitted, dropping all custom indicator tags. - Add unit tests for both fixes. - Add release notes for TAXIIServer 2.2.4 and ApiModules 2.4.3. * Delete RN * CRTX-217396 - aws quick actions (#43388) * first commit * add quickactions * agter demo * update RN * fixes * fixes * ai cr fixes * remove iam-role quickaction * rn fixes * cr fixes * cr fixes * cr fixes * fixes * fixes * pack ignore * doc review fixes * cr fixes --------- Co-authored-by: rshunim <[email protected]> * Specteropsbhe v1.0.0 (#43616) * Specteropsbhe v1.0.0 (#42281) * Initial Commit * Removed pack ignore content * This change was requested from XSOAR review team. Updating support type from xsoar to community * Incorporating fixes based on the PR comments from the XSOAR team * Adding some more fixes of PR comments from XSOAR team * Fixing minor pre-commit issues * Incorporating fixes based on the PR comments * Update validation_config.toml as main version * Update validation_config.toml as main version * Add SpecterOpsBHE Attack Path incident type JSON file * update YAML configurations, remove unused fields, and add documentation image * Update SpecterOpsBHE integration YAML configuration and fix image path in README * fix: update image paths in README and remove obsolete playbook screenshot --------- Co-authored-by: ishikap-metron <[email protected]> Co-authored-by: barryyosi-panw <[email protected]> Co-authored-by: barryyosi-panw <[email protected]> * Added support for override argument in the zscaler-edit-ip-destination command (#43619) * Added support for *override* argument in the **zscaler-edit-ip-destination-group** command. * revert * fixes * chore: delete old supported modules - part 4/4 (#43569) * chore: delete old supported modules - part 3/4 (#43568) * chore: delete old supported modules - part 3/4 * merge from master * merge from master * merge from master * merge from master * CRTX-235259_update_credentials_params (#43547) * first commit * tests fixes * build fixes * fixes * cr fixes * chore: delete old supported modules - part 1/4 (#43567) * chore: delete old supported modules - part 1/4 * merge from master * merge from master * Xsup 64556 fix nvd severity filter and timeouts (#43485) * Update NVD API integrations for FeedNVDv2 to support CVSS v4 severity and other improvements. * Add NVD API rate limits and primary CVSS entry selection. * test data * Add error handling and descriptive output for empty CVE results. * Update FeedNVDv2 integration to sort deduplicated CVEs by last-modified date for consistent batch trimming and trim batches based on remaining indicators. * Update FeedNVDv2 integration to use boolean values for proxy and hasKev parameters. * Update fetch indicators command to persist progress correctly. * Simplify setting of last run data in FeedNVDv2.py. * Trigger AI Reviewer * Update FeedNVDv2 integration to use CVE.ID and improve output schema. * Rename NistNVDv2.Indicators.id to CVE.ID * Update contextPath for various outputs to use CVE instead of NistNVDv2.Indicators * Trigger AI Reviewer * Update CVE data processing to include CVSS Version and Severity fields * Update Packs/FeedNVDv2/ReleaseNotes/1_1_0.md Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/FeedNVDv2/ReleaseNotes/1_1_0.md Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/FeedNVDv2.yml Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/FeedNVDv2.yml Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/FeedNVDv2.yml Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/FeedNVDv2.yml Co-authored-by: julieschwartz18 <[email protected]> * Update CVSS severity filter options and default value. * Add new CVSSv3 severity option. * Update CVSS severity filter to use default value from CVSSv3. * Update FeedNVDv2 integration to use NistNVDv2 indicators. * Renamed 'CVE' prefixes to 'NistNVDv2.Indicators' in FeedNVDv2.py and YAML file. * rever BC changes * revert output prefix * update docs * update docs * update RN * Update build_indicators function to use preferred CVSS versions and refactor CVSS data processing. * Fix: Use matched CVSS version when present in build_indicators and cves_to_war_room functions. * Add 'Include Rejected CVEs' option and improve timeout handling in fetch logic * fix: use DEFAULT_MANUAL_HISTORY for history argument in manual_get_indicators_command * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/README.md Co-authored-by: Marketplace AI reviewer <[email protected]> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/README.md Co-authored-by: Marketplace AI reviewer <[email protected]> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/README.md Co-authored-by: Marketplace AI reviewer <[email protected]> * Update Packs/FeedNVDv2/Integrations/FeedNVDv2/README.md Co-authored-by: Marketplace AI reviewer <[email protected]> --------- Co-authored-by: Content Bot <[email protected]> Co-authored-by: julieschwartz18 <[email protected]> Co-authored-by: Marketplace AI reviewer <[email protected]> * CRTX-229093 Agentix | Telemetry Failures | EnrichURL (#43408) * normalize urls * maintain same schema * not raising errors when all urls don't exist * rn * rn * rn * rn * rn + tests * rn + tests * pre commit * Bump pack from version Base to 1.41.68. * Bump pack from version AggregatedScripts to 1.3.30. * Bump pack from version AggregatedScripts to 1.3.31. * Bump pack from version Base to 1.41.69. * revert changes * revert changes * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) --------- Co-authored-by: Content Bot <[email protected]> Co-authored-by: CI Bot <[email protected]> * Remove unused arg from service desk plus docs (#43625) * Update README.md * Update release notes * Update docker image * XSUP 65733 azure security center update (#43636) * Updated ParsingRules * Updated ReleaseNotes * Updated ReleaseNotes * fix(review): address code review comments on TAXII2 labels fix - Use 'or []' instead of default=[] so explicitly-None tags are handled - Cast tags to str() before .lower().replace() to prevent AttributeError - Simplify fallback logic: 'tags or [type]' replaces the verbose 'tags if tags != [] else [type]' pattern * docs: update auto-generated RN stubs for TAXII2ApiModule dependents All packs that depend on TAXII2ApiModule received auto-generated stub release notes. Updated them to reflect the actual change: the module was enhanced to fix partial labels in TAXII 2.1 responses, with no direct impact on these integrations/scripts. * docs: fix RN prefixes for TAXII2ApiModule dependent packs Use 'Updated the' prefix and remove trailing 'no impact' sentence to comply with release note style guidelines. * Bump pack from version CommonScripts to 1.21.2. * pre-commit fixes * Bump pack from version CommonScripts to 1.21.3. * Add RN * Bump pack from version CommonScripts to 1.21.4. --------- Co-authored-by: masulin97 <[email protected]> Co-authored-by: rshunim <[email protected]> Co-authored-by: Content Bot <[email protected]> Co-authored-by: ishikap-metron <[email protected]> Co-authored-by: barryyosi-panw <[email protected]> Co-authored-by: barryyosi-panw <[email protected]> Co-authored-by: Shir Matathias <[email protected]> Co-authored-by: Content Bot <[email protected]> Co-authored-by: julieschwartz18 <[email protected]> Co-authored-by: Marketplace AI reviewer <[email protected]> Co-authored-by: Maya Goldman <[email protected]> Co-authored-by: Content Bot <[email protected]> Co-authored-by: CI Bot <[email protected]> Co-authored-by: Kamal Qarain <[email protected]> Co-authored-by: eepstain <[email protected]>

* poetry files * update validation config file --------- Co-authored-by: Content Bot <[email protected]> Co-authored-by: yedidyacohenpalo <[email protected]>

* Initial release notes for dra-pb-fix-WmiPrvSe * Bump pack from version CortexResponseAndRemediation to 1.3.31. * Bump pack from version CortexResponseAndRemediation to 1.3.32. * Bump pack from version CortexResponseAndRemediation to 1.3.33. * Bump pack from version CortexResponseAndRemediation to 1.3.34. * Bump pack from version CortexResponseAndRemediation to 1.3.35. * Bump pack from version CortexResponseAndRemediation to 1.3.36. * Sync release notes from GitLab (9408fb59) * rn bump * Sync release notes from GitLab (9ca202af) --------- Co-authored-by: CI Bot <[email protected]> Co-authored-by: Content Bot <[email protected]> Co-authored-by: Dror Avrahami <[email protected]>

* Initial release notes for mdagan-master-patch-96983 * ignore GR103 * Sync release notes from GitLab (899d4df9) --------- Co-authored-by: CI Bot <[email protected]> Co-authored-by: michal-dagan <[email protected]> Co-authored-by: michal-dagan <[email protected]>

* Initial support for view graph queries * Unit tests * Remove diff * Core - Add widget name and description parameters to XQL query command * Fix * Add log * Improve XQL query results retrieval with force_stream=False optimization * Fix * Fix * fix * Restore specific files to match master * Add ReleaseNotes * Trigger GitHub pipeline (user-created PR) * Bump pack from version Core to 3.5.26. * Bump pack from version Core to 3.5.27. * Bump pack from version Core to 3.5.28. * Trigger GitHub pipeline (user-created PR) --------- Co-authored-by: Sapir Malka <[email protected]> Co-authored-by: CI Bot <[email protected]> Co-authored-by: Content Bot <[email protected]> Co-authored-by: Dan Tavori <[email protected]>

* ServiceNow-XSUP-65101 * true * test * ruff * ruff * docker image * code review * revert teams * test

* Merge master to dev-cloud (#41128) * update codeowners - platform automation (#40952) * update codeowners * Update CODEOWNERS * Update CODEOWNERS * Fix JiraV3 Issues Query using deprecated endpoint (#41025) * Update the issue query endpoint and replace start_at with next_page_token * Fix next page token output * Change to use old ep when start_at is given; add UTs * update rn * error message * Added BC note * Update 3_3_7.md * Apply suggestions from doc review Co-authored-by: Richard Bluestone <[email protected]> * log the actual error --------- Co-authored-by: Richard Bluestone <[email protected]> * Bump pack version. (#40999) * Nbensalmon/ciac 10618/collection app sentinels.ai (#39982) Appsentinels.ai offers a platform for collecting, analyzing, and managing security events to provide comprehensive application protection. * Updated Relationship names in Mandiant Enrich and Feed Mandiant Integ… (#40947) (#41113) * Updated Relationship names in Mandiant Enrich and Feed Mandiant Integration * Fixed typo in FeedMandiantThreatIntelligence.py * Increment pack version and Docker tags --------- Co-authored-by: adamlevymandiant <[email protected]> Co-authored-by: Adam Levy <[email protected]> * XSUP-54313 (#40991) * Initial implementation * Fix UT * ruff chagnes * UT * ruff * RN and UT * ruff * Update Packs/CrowdStrikeFalcon/ReleaseNotes/2_3_7.md Co-authored-by: Richard Bluestone <[email protected]> * Minor fix * Fix UT * Apply suggestion from @AradCarmi Co-authored-by: Arad Carmi <[email protected]> * Apply suggestion from @AradCarmi Co-authored-by: Arad Carmi <[email protected]> * Delete Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/integration-CrowdStrikeFalcon.yml * final CR * Change user key * Raise version * RN * Fix --------- Co-authored-by: Richard Bluestone <[email protected]> Co-authored-by: Arad Carmi <[email protected]> * Xsup 55040 (#41063) * required yml fields to allow mapping * yml changes * return results * return results * pre-commit * pre-commit * pr comments * pr comments * pre commot * Mark remaining internal scripts with isInternal (#41083) * Add missing isInternal to agentix scripts * Bump versions and RN * Update docker * Remove list notation from rn * Apply suggestions from doc review Co-authored-by: julieschwartz18 <[email protected]> * Fix rn * Bump pack from version CrowdStrikeFalcon to 2.3.9. * replace rn with generic message --------- Co-authored-by: julieschwartz18 <[email protected]> Co-authored-by: Content Bot <[email protected]> * fix get-endpoint-data action inputs (#41118) * bump version of aggregated scripts * Update 1_1_3.md * Whois - adding another regex for registrant_regexes (#41116) * add one log to see the raw-response as is * adding another regex for registrant_regexes * CRTX-165828 - Mapping Tigera Calico Secure (#40925) * create all files * remove unwanted files * update readme according to tech writer suggestions * update readme * create files * fix timestamp parsing rule * fix timestamp parsing rule * fix timestamp parsing rule * fix readme * fix readme * fix metadata - add platform * fix time parsing * fix time parsing * fix readme precommit error * fix readme precommit error * fix xif * readme file error * readme file error * fix xif * change ip_protocol * cisco umbrella - use risk score for domain verdict (#41000) * domaine verdict update to use risk score * update rn * Update Packs/Cisco-umbrella/ReleaseNotes/2_0_5.md Co-authored-by: yuvalbenshalom <[email protected]> * sectionOrder and docker image * add docker update to release note * send risk_score and improve threshold logic * update Threshold default value --------- Co-authored-by: yuvalbenshalom <[email protected]> * Updating Trend Micro Vision One pack (#41079) * Updating Trend Micro Vision One pack * Updating RN * fixing rn and md * fixing fields in modeling rules * TIM/Improve the removal of trailing characters in the format URL script (#41075) * TIM/Improve the removal of trailing characters in the format URL script * Bump pack from version CommonScripts to 1.20.7. * Bump pack from version CommonScripts to 1.20.8. * cr fixes * Bump pack from version CommonScripts to 1.20.9. * Bump pack from version CommonScripts to 1.20.10. * empty commit * fixes --------- Co-authored-by: Content Bot <[email protected]> * Microsoft Management Activity API (O365/Azure Events) integration request to have case insensitive for Operations to fetch (#41070) * Operation filter changed to lowercase * Operation filter changed to lowercase * formatter * formatter * formatter * back to doc change only * back to doc change only * Small change * Small change * Small change * Small change * merged from master * review changes * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity.yml Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity.yml Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity_description.md Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/MicrosoftManagementActivity/ReleaseNotes/1_3_60.md Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity_description.md Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity_description.md Co-authored-by: julieschwartz18 <[email protected]> * small changes * small changes * small changes * small changes * small changes * small changes * added to readme * added to readme * Update Packs/MicrosoftManagementActivity/ReleaseNotes/1_3_60.md Co-authored-by: Shelly Tzohar <[email protected]> --------- Co-authored-by: julieschwartz18 <[email protected]> Co-authored-by: Shelly Tzohar <[email protected]> * Fix get user data ad missing args (#41125) * fix the arg name username is directed to when calling ad-get-user * added rn --------- Co-authored-by: Dan Tavori <[email protected]> Co-authored-by: Sapir Malka <[email protected]> Co-authored-by: Richard Bluestone <[email protected]> Co-authored-by: Mike Rizzo <[email protected]> Co-authored-by: Niv Ben Salmon <[email protected]> Co-authored-by: content-bot <[email protected]> Co-authored-by: adamlevymandiant <[email protected]> Co-authored-by: Adam Levy <[email protected]> Co-authored-by: Tal Zichlinsky <[email protected]> Co-authored-by: Arad Carmi <[email protected]> Co-authored-by: Maya Goldman <[email protected]> Co-authored-by: julieschwartz18 <[email protected]> Co-authored-by: Content Bot <[email protected]> Co-authored-by: rshunim <[email protected]> Co-authored-by: akshotiamit-pa <[email protected]> Co-authored-by: yedidyacohenpalo <[email protected]> Co-authored-by: yuvalbenshalom <[email protected]> Co-authored-by: ellopez777 <[email protected]> Co-authored-by: Moshe Eichler <[email protected]> Co-authored-by: almog2296 <[email protected]> Co-authored-by: Shelly Tzohar <[email protected]> Co-authored-by: Yuval Hayun <[email protected]> * Merge branch 'master' into dev-cloud * CRTX-193174 - CloudTrail describe command (#41105) * CRTX-193174 * finish implemention py, add unit-test, add RN * Empty-Commit to trigger build * doc review fixes * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * doc review fixes * Empty-Commit to trigger build * add description * fix demo comments * fix UT, add contextpaths * add errors handling mechanism to the main * README fix * error hundling * RN change version number --------- Co-authored-by: talihaff <[email protected]> * CRTX-192056 - S3 existing commands (#41129) * CRTX-192056 * implement commands * remove download and upload commands * fix yml contextpath, fix commands implemention, delete contextpath from README * add UT, doc review, little fix * Demo fixes * fix RM102 * reslove conflicts * CRTX-187358 - Instance commands (#40861) * Empty-Commit - CRTX-187356 * add RN and commands template method * update RN * change RN, add commands templates, add command mapping, order REQUIRED_ACTIONS * add yml commands, add methods * add describe method, add quick actions, add contextpath * fix pre-commit errors, change arguments names * change supportsquickactions place in yml * delete long context from yml fix describe command add readme * fix pre-commit errors * add arguments pretty names * remove tag_specifications rewrite parse_filter_field * change description of filter argument, limit filter regex, add RN * add dot, add REQUIRED_ACTIONS, add tests * fix error Using variable 'error_message' before assignment * delete failed test * add return to the delete_security_group_command * fix regex * fix regex * error hundling * fix method issue * fix delete method and fix error entry * fix parse_filter_field method * improve regex * add AWSErrorHandler, add pagination for describe_command,fix filter regexs, fix describe command * fix aws-ec2-security-group-egress-authorize update README.md * Empty-Commit - CRTX-187358 * change aws-ec2-security-group-describe to aws-ec2-security-groups-describe * add quickaction prettypredefined * fixed deleted ip_permissions arg * change regex and errors hundling * add COOC error handling * replace *port* arg support, add bc RN * fix UT * error hundling * error hundling * remove quick action * fix UT * fix test_ec2_create_security_group_command_client_error test * fix UT, add remove_encoded_authorization_message method * fix UT * change API Module, Fix UT, Fix README, Add ex to yml * replace parse_resource_ids with argToList * fix from argToList(args.get("group_ids",[]) to argToList(args.get("group_ids",[])) * Update AWS.py * remove AccountId context from aws-ec2-security-group-create command * remove regex overlaps * remove regex overlaps * Update README.md * change from_port to_port description, README Re-generated and doc-review fixes * Update 3_0_0.md * first implementation * add describe_instances_command and fix yml * Update AWS.py * Update AWS.py * change implementation, add more info to README * fix tests according to new implemntion * change yml for create command * change ruff errors * add parse_tag_field method * Update AWS.py * remove any CRTX-187356 * remove any CRTX-187356 * remove any CRTX-187356 * Add README for new commands, Delete yml not supported arguments, Add UT, Fix parse_tag_field method and add UT * fix UT * change AWSErrorHandler * fix yml defaultvalue to defaultValue and change PREDEFINED from capital letters * change defaultValue to defaultvalue in configuration AWS.yml * change build_pagination_kwargs * doc review * doc review * finish doc review * add methods * change process_instance_data * fix CR review * add tests form #40861 to here * update docker, update RN, add errors handling mechanism to the main * add tests and fix build_pagination_kwargs * ruff format errors * add errors handling mechanism to the main - aws error hundling * ruff format errors * change cotextpath * change metadata version * change context path * Update AWS.py * RM102 change * Update README.md * pre-commit fixes * Update AWS.py * Update AWS.py * CR review fixes * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: julieschwartz18 <[email protected]> * fix error handling, fix UT * reslove conflicts and CR review fixes * reslove conflicts * change metadata version * CR review fixes * reslove conflicts --------- Co-authored-by: julieschwartz18 <[email protected]> * feat: add AWS EKS, EC2 snapshot and ECS cluster management commands (#41101) * feat: add AWS EKS, EC2 snapshot and ECS cluster management commands * style: reformat AWS integration YAML with consistent indentation and quotes * feat: add AWS EKS cluster management commands and update EC2 snapshot functionality * docs: relocate command descriptions to top of AWS integration command blocks * test: add AWS ECS/EKS/EC2 snapshot and cluster management tests * fix: add error handling and debug logs for AWS EC2, EKS and ECS operations, added tests * fix: update AWS region parameter and add missing EC2/EKS/ECS required actions * fix: update ECS cluster settings with correct parameter names and error handling * style: fix indentation in ECS cluster settings update method * refactor: move parse_tag_field function to module level and improve error handling - cr * refactor: simplify error handling in ECS cluster settings update + cr * cr * cr * cr * docs: add docstring and tests for EC2 snapshot permission modification * pc * feat: update AWS regions and remove redundant isArray flags in EKS commands * docs: consolidate AWS S3 bucket commands into v2.1.5 release notes * Changed context path to Snapshot * docs: update EC2 snapshot output paths from plural to singular form * fix: update EC2 snapshot test output prefix from plural to singular * CRTX-187328: GCP commands (#41302) * commands * unit tests and commands updates * error handling + fine tunning * removed iam unit tests + pre-commit updates * removed the iam commands * pre-commit updates * readme * yml + readme updates * rn * remove metadata-set command * review * pre-commit readme updates * unit tests and small fixes * small updates * small README update * remove debug statements * README pre-commit * labels-set add oprion and unit tests * pre-commit and small fixes * readme * xsoar * error handling explanation * cr updates * fixed unit tests * pre-commit * doc review * readme * add labels and labelFingerprint to hr * pre-commit * do106 * rn * Add commands from Azure NSG to Azure integration (#41096) * add pattern * add pattern * added commands to yml * added all commands * fixed yml * changes * fixed yml and py * added unittest beside the delete function * removed mock from publicip * fixed unittests * fixed pre commit errors * changed docker image, aligned readme and run precommit * fixed delete function * fixed conflicts * added command exmaples * fixed readme * fixed readme * added the permissions to the py file * Update pack_metadata.json * edited the permissions in the py file * run pre commit * fixed ai cr * added descriptions to functions * changes * added to readme * fixed readme * removed letter * fixed delete function * added unittest for delete * Added also the case of 200 in the delete command * Added patterns for the new 2 commands * added first command and permissions * added both commands * added to readme * added json and unttests for 2 commands * run pre commit * fixed permissions' * Apply suggestions from code review Co-authored-by: RotemAmit <[email protected]> * added 2 commands to rn * fixed errors in delete, commit before errors handeling change * Added a new dict and handle errors 401 and 403 * added unittests and fix error handling * added try-except to commands * run pre commit * fixed the delete function * fixed * added exmaples for 2 commands * removed the subsriptions list * removed the 2 additional commands * run pre commit * removed more in yml * removed jsons test and from commands examples * fixed handle_azure_error function * added descriptions * added a small test for etag * added return types * fixed delte rule functio * fixed delte rule functio * fixed issues after demo * fixed unittests * added more unittets * removed a file * added retuen statments * pre commit * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * added comments * fixed context paths * fixed readme * run pre commit * review and pre-commit * updated the doc strings * cr updates * doc review * README update * error entries --------- Co-authored-by: noydavidi <nodavidi.paloaltonetworks.com> Co-authored-by: RotemAmit <[email protected]> * Add blob commands to Azure integration (#41147) * added the commands * added to readme * created rn * added the examples command and jsons * Added the util_load_json function * run pre commit * CR: extract Azure resource info parsing into dedicated function and simplify code * notes from demo * fix: move removeNull parameter to correct TableData constructor argument * pc * refactor: remove unused util_load_json function from Azure test file * doc review + pc --------- Co-authored-by: noydavidi <nodavidi.paloaltonetworks.com> Co-authored-by: MLainer1 <[email protected]> * Crtx 196562 add aws additional commands (#41466) * init aws-s3-delete-bucket-website command * delete_bucket_website_command done * wip modify_event_subscription_command * allign with naming convention and add aws-s3-bucket-ownership-controls-put * enforce OwnershipControls contain rules * put_bucket_ownership_controls_command validations * add aws-ec2-subnet-attribute-modify * fine tuning * wip modify_event_subscription_command * wip modify_event_subscription_command * wip * wip * add modify_subnet_attribute_command * wip * wip * done modify_subnet_attribute_command * add docstrings * delete expected bucket owner * create ownership control dict in code * add unit tests * fix unit tests * ruff format * ruff format * add rn, pack metadata and readme * revert pack metatadata * fix readme, output of aws-rds-event-subscription-modify * pre commit changes * fix arg_to_boolean_or_none * Update Packs/AWS/Integrations/AWS/AWS.py Co-authored-by: talihaff <[email protected]> * docs * Update Packs/AWS/Integrations/AWS/AWS.py Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * ruff * ruff * add modify_event_subscription_command * empty commit * empty commit --------- Co-authored-by: talihaff <[email protected]> * Aws additional commands s3 upload/download (#41599) * commands * working commands * release notes + readme * release notes + readme * release notes + readme * release notes + readme * minor change * minor change * Your commit message here * Your commit message here * minor change * added context path to yml * changed permission * Update Packs/AWS/Integrations/AWS/AWS_test.py Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS_test.py Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/README.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/README.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/README.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * empty commit --------- Co-authored-by: talihaff <[email protected]> * Add Azure VM commands (#41559) * Azure QA Batch1 (#41528) * add subscription id argument * commands * update release notes * add permission + update release notes * tests change * tests change * tests change * tests change * tests change * Update Packs/Azure/Integrations/Azure/Azure.yml Co-authored-by: Moish-Gilboa <[email protected]> * tests change * merged from master * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud --------- Co-authored-by: Moish-Gilboa <[email protected]> * Azure QA Batch2 (#41529) * add permission + update release notes * add permission + update release notes * add permission + update release notes * tests change * tests change * tests change * tests change * tests change * tests change * tests change * tests change * tests change * tests change * docs * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * Gcp quick actions (#41446) * added quick actions * fixed qa * rn and fix * added default values * fix qa's * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: RotemAmit <[email protected]> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <[email protected]> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <[email protected]> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <[email protected]> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <[email protected]> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <[email protected]> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <[email protected]> * fix pr comments * ruff format * ruff format * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * generate README * pre-commit updates --------- Co-authored-by: ilaredo <[email protected]> Co-authored-by: ilaredo <[email protected]> Co-authored-by: RotemAmit <[email protected]> Co-authored-by: talihaff <[email protected]> * Crtx 196222 support aws new quick actions v2 (#41509) * add aws ec2 revoke-security-group-ingress qa * wip * wip * add some qa's * add qa's * add qa's * add qa's * add qa's * merge * add qa's * fix identation * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * add description * add qa * add rn for aws * add rn for aws-iam * add rn for aws-iam * Update Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml Co-authored-by: RotemAmit <[email protected]> * fix rn * fix pr comments * update aws-iam tag * ruff format * handle int convertion error * Update Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS-IAM/ReleaseNotes/1_1_76.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Apply suggestions from code review Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.py Co-authored-by: RotemAmit <[email protected]> * generated docs * add readme * pre-commit updates * pre-commit updates * pre-commit updates * add 4 commands to readme --------- Co-authored-by: RotemAmit <[email protected]> Co-authored-by: talihaff <[email protected]> * Azure QA Batch3 (#41531) * add permission + update release notes * add permission + update release notes * add permission + update release notes * add permission + update release notes * tests change * tests change * tests change * tests change * tests change * merged from dev-cloud * merged from dev-cloud * small changes * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * Platform AWS & Azure Billing & Budgets (#41564) * Platform AWS & Azure Billing & Budgets * README (#41706) * Az CIAC 13916.2 (#41711) * AWS new commands Crtx 193217 (#41622) * first commit * first commit * add commands + tests * add readme+release notes * add ignore context depth above 5 * add ignore context depth above 5 * small readme fix * tests change * tests change * removed kms command * removed kms command * fixed tests * fixed tests * fixed tests * fixed tests * small changes * small changes * small changes * merged from dev-cloud * update after review * update after review * update after review * update after review * update after review * update after review * update after review * feat: add EC2 VPC and IPAM resource discovery commands to AWS pack (#41554) * feat: add EC2 VPC and IPAM resource discovery commands to AWS pack * feat: add commands to describe VPCs and subnets in AWS EC2 * feat: add EC2 IPAM resource discovery commands and VPC/subnet descriptions * demo notes: enhance AWS EC2 table formatting and standardize pagination parameters * demo notes * chore: remove BA109 ignore rule from AWS pack configuration * chore: remove unused EC2 VPC and IPAM permissions from required actions list * review notes * docs: clarify AWS account ID description in EC2 IPAM commands * refactor: rename AWS EC2 describe commands to follow consistent naming pattern * revert to origin before merge * pc * revert readme for merge * feat: add AWS subnet and IPAM resource discovery commands to AWS integration * docs: update AWS integration with expanded region list and context output fixes * revert before merge * docs: fix markdown escaping in AWS integration documentation * rm * feat: add AWS EC2 commands for VPC, subnet, and IPAM resource discovery management * CRTX-193821/AWSLambda (#41596) * Empty-Commit * RN, update YML, Update py methods * update YML, add README, add commands, add tests * update tests, fixs py, fix readme * reslove conflicts * generate README.md * update README.md * delete extra lambda class * add raw response to invoke command * CR review * fix get_policy_command context * fix demo comments * CR review * CR review * CR review * reslove conflicts * reslove conflicts * fix tests * fix tests * Update AWS_test.py * update get-policy README * CR review * reslove conflicts * Create GCP Storage commands (#41632) * Create GCP Storage commands * Add GCP Compute commands (#41672) * Add 7 GCP Compute commands `gcp-compute-firewall-insert` `gcp-compute-firewall-list` `gcp-compute-firewall-get` `gcp-compute-snapshots-list` `gcp-compute-snapshot-get` `gcp-compute-instances-aggregated-list-by-ip` `gcp-compute-network-tag-set` * lambda commad add region (#41870) * Crtx 188346 aws ec2 add additional commands (#41717) * get_latest_ami_command wip * add create_network_acl_command * wip * add command * add create tags command * wip * get_latest_ami_command * fix get_latest_ami_command * fix create_network_acl_command * fix get_ipam_discovered_public_addresses_command * fix create_tags_command * add get_bucket_website_command get_bucket_acl_command * add docstrings * support pagination * support pagination * support pagination * add unit tests * add unit tests * FIX TAGS * add tests * wip * wip * fix get_latest_ami_command * fix unit tests * add get_ipam_discovered_public_addresses_command tests * add rn,readme, and fix commands * fix tag specification * fix descriptions * fix readme * demo comments * Apply suggestions from code review Co-authored-by: RotemAmit <[email protected]> * fix pc comments * fix tests * fix conflict * add new rn * pre-commit fixes * pre-commit fixes * wip * wip * fix pr comment * ruff * fix max_results issues * remove whitespace from readme * remove whitespace from readme * remove whitespace from readme * remove limit and next token from latest-ami * Apply suggestions from code review Co-authored-by: RotemAmit <[email protected]> * pr comments * Apply suggestions from code review Co-authored-by: RotemAmit <[email protected]> * update readme for aws-ec2-tags-create * fix unit tests * ruff format * add empty line --------- Co-authored-by: RotemAmit <[email protected]> * fixed aws rn * fix azure rn * fix gcp rn * fixed the quick actions naming in the rn * removed the quick actions from readme * aws-iam update readme and rn * removed docker image update from rn * limit default value 50 in gcp * fix unit test * commands and quick actions renaming * CRTX-203967-aws-update-certificate (#41682) * new pr * first commit * first commit * first commit * merged from dev-cloud * merged from dev-cloud + readme removal * merged from dev-cloud + readme removal * update * Empty-Commit * Crtx 193217 batch4 (#41708) * yml + .py * update after review * update after review * update after review * update after review * update after review * update after review * update after review * update after review * first commit * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * update * update * Crtx 204150 additional aws qas (#41767) * add 2 qa's * add eks qa's * add iam qa * add rn * wrap code * fix qa's * add readme * Apply suggestions from code review Co-authored-by: RotemAmit <[email protected]> * pr comments * Apply suggestions from code review Co-authored-by: talihaff <[email protected]> * ruff format * ruff format * revert readme, format files * revert format * format yml * add new line in the end of file * fix qa name * revoke aws-iam-suspend-access-for-role-quick-action * remove empty line * revert Enable IMDSv2, Block S3 Public Access qa * merged * add rn --------- Co-authored-by: RotemAmit <[email protected]> Co-authored-by: talihaff <[email protected]> * removed Revoke NSG Rule to Stop Traffic which is Update NSG to Block Traffic from Azure QA * add Enable IMDSv2 and Block S3 Public Access qa's (#42006) * add gcp commands (#41592) * add commands * update rn * update rn * add unitests * changh yml path * changh yml path * readme fix * CR FIX * conflict solving * context solving * code review * code review * code review * Delete Packs/GCP/ReleaseNotes/1_1_1.md * code review * code review * code review * code review * code review * code review * code review * renamed the quick actions names * fixed the order of GCP RN * remove aws-iam from current pr * remove aws-iam from current pr * Add azure storage container additional commands CRTX 193146 (#41595) * feat: add Azure storage container and blob management endpoints * added yml * feat: add Azure blob storage tag management and deletion capabilities * feat: add Azure blob property management and public access control commands * style: add newlines between functions in AWS and Azure integration files * refactor: extract storage container headers into reusable method and standardize API calls * feat: reworked the azure commands * added 2 tests for check * Added tests * added tests * pc * ready to merge * rn * fix test + pc * pc * pc * pc * cr * added tests * added content_encoding list * pc * rn * fix tests with transform_response_to_context_format function * tests * cr * pc * fix test * rn * azure-storage-container-block-public-access to azure-storage-container-public-access-block in .py * azure-storage-container-block-public-access to azure-storage-container-public-access-block in .yml * azure-storage-container-block-public-access to azure-storage-container-public-access-block in README * azure-storage-container-block-public-access to azure-storage-container-public-access-block in rn * Support Gov accounts in Automation (#42004) * is_gov account * small fixes and unit tests * removed a line * removed a line * removed the call to is_gov_account after testing * removed the call to is_gov_account after testing * rn * rn * rn * cr * removed the check for a single account * more debug logs * updated the debug logs * updated the debug logs * CRTX-205952: Support GOV in AWS (#42306) * added region to the yml * removed the gov regions from the billings commands * add region to aws-kms-key-rotation-enable * removed the gov regions from the iam commands * rn and removed the required from the region in aws-kms-key-rotation-enable * readme updates * readme updates * rn refrase * readme update * Azure storage container blob create (#42445) * azure_storage_container_blob_create * test * pack version * ReleaseNotes * removed extra line * Moving dev-cloud to stable-cloud (#42523) * Merge master to dev-cloud (#41128) * update codeowners - platform automation (#40952) * update codeowners * Update CODEOWNERS * Update CODEOWNERS * Fix JiraV3 Issues Query using deprecated endpoint (#41025) * Update the issue query endpoint and replace start_at with next_page_token * Fix next page token output * Change to use old ep when start_at is given; add UTs * update rn * error message * Added BC note * Update 3_3_7.md * Apply suggestions from doc review Co-authored-by: Richard Bluestone <[email protected]> * log the actual error --------- Co-authored-by: Richard Bluestone <[email protected]> * Bump pack version. (#40999) * Nbensalmon/ciac 10618/collection app sentinels.ai (#39982) Appsentinels.ai offers a platform for collecting, analyzing, and managing security events to provide comprehensive application protection. * Updated Relationship names in Mandiant Enrich and Feed Mandiant Integ… (#40947) (#41113) * Updated Relationship names in Mandiant Enrich and Feed Mandiant Integration * Fixed typo in FeedMandiantThreatIntelligence.py * Increment pack version and Docker tags --------- Co-authored-by: adamlevymandiant <[email protected]> Co-authored-by: Adam Levy <[email protected]> * XSUP-54313 (#40991) * Initial implementation * Fix UT * ruff chagnes * UT * ruff * RN and UT * ruff * Update Packs/CrowdStrikeFalcon/ReleaseNotes/2_3_7.md Co-authored-by: Richard Bluestone <[email protected]> * Minor fix * Fix UT * Apply suggestion from @AradCarmi Co-authored-by: Arad Carmi <[email protected]> * Apply suggestion from @AradCarmi Co-authored-by: Arad Carmi <[email protected]> * Delete Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/integration-CrowdStrikeFalcon.yml * final CR * Change user key * Raise version * RN * Fix --------- Co-authored-by: Richard Bluestone <[email protected]> Co-authored-by: Arad Carmi <[email protected]> * Xsup 55040 (#41063) * required yml fields to allow mapping * yml changes * return results * return results * pre-commit * pre-commit * pr comments * pr comments * pre commot * Mark remaining internal scripts with isInternal (#41083) * Add missing isInternal to agentix scripts * Bump versions and RN * Update docker * Remove list notation from rn * Apply suggestions from doc review Co-authored-by: julieschwartz18 <[email protected]> * Fix rn * Bump pack from version CrowdStrikeFalcon to 2.3.9. * replace rn with generic message --------- Co-authored-by: julieschwartz18 <[email protected]> Co-authored-by: Content Bot <[email protected]> * fix get-endpoint-data action inputs (#41118) * bump version of aggregated scripts * Update 1_1_3.md * Whois - adding another regex for registrant_regexes (#41116) * add one log to see the raw-response as is * adding another regex for registrant_regexes * CRTX-165828 - Mapping Tigera Calico Secure (#40925) * create all files * remove unwanted files * update readme according to tech writer suggestions * update readme * create files * fix timestamp parsing rule * fix timestamp parsing rule * fix timestamp parsing rule * fix readme * fix readme * fix metadata - add platform * fix time parsing * fix time parsing * fix readme precommit error * fix readme precommit error * fix xif * readme file error * readme file error * fix xif * change ip_protocol * cisco umbrella - use risk score for domain verdict (#41000) * domaine verdict update to use risk score * update rn * Update Packs/Cisco-umbrella/ReleaseNotes/2_0_5.md Co-authored-by: yuvalbenshalom <[email protected]> * sectionOrder and docker image * add docker update to release note * send risk_score and improve threshold logic * update Threshold default value --------- Co-authored-by: yuvalbenshalom <[email protected]> * Updating Trend Micro Vision One pack (#41079) * Updating Trend Micro Vision One pack * Updating RN * fixing rn and md * fixing fields in modeling rules * TIM/Improve the removal of trailing characters in the format URL script (#41075) * TIM/Improve the removal of trailing characters in the format URL script * Bump pack from version CommonScripts to 1.20.7. * Bump pack from version CommonScripts to 1.20.8. * cr fixes * Bump pack from version CommonScripts to 1.20.9. * Bump pack from version CommonScripts to 1.20.10. * empty commit * fixes --------- Co-authored-by: Content Bot <[email protected]> * Microsoft Management Activity API (O365/Azure Events) integration request to have case insensitive for Operations to fetch (#41070) * Operation filter changed to lowercase * Operation filter changed to lowercase * formatter * formatter * formatter * back to doc change only * back to doc change only * Small change * Small change * Small change * Small change * merged from master * review changes * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity.yml Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity.yml Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity_description.md Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/MicrosoftManagementActivity/ReleaseNotes/1_3_60.md Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity_description.md Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity_description.md Co-authored-by: julieschwartz18 <[email protected]> * small changes * small changes * small changes * small changes * small changes * small changes * added to readme * added to readme * Update Packs/MicrosoftManagementActivity/ReleaseNotes/1_3_60.md Co-authored-by: Shelly Tzohar <[email protected]> --------- Co-authored-by: julieschwartz18 <[email protected]> Co-authored-by: Shelly Tzohar <[email protected]> * Fix get user data ad missing args (#41125) * fix the arg name username is directed to when calling ad-get-user * added rn --------- Co-authored-by: Dan Tavori <[email protected]> Co-authored-by: Sapir Malka <[email protected]> Co-authored-by: Richard Bluestone <[email protected]> Co-authored-by: Mike Rizzo <[email protected]> Co-authored-by: Niv Ben Salmon <[email protected]> Co-authored-by: content-bot <[email protected]> Co-authored-by: adamlevymandiant <[email protected]> Co-authored-by: Adam Levy <[email protected]> Co-authored-by: Tal Zichlinsky <[email protected]> Co-authored-by: Arad Carmi <[email protected]> Co-authored-by: Maya Goldman <[email protected]> Co-authored-by: julieschwartz18 <[email protected]> Co-authored-by: Content Bot <[email protected]> Co-authored-by: rshunim <[email protected]> Co-authored-by: akshotiamit-pa <[email protected]> Co-authored-by: yedidyacohenpalo <[email protected]> Co-authored-by: yuvalbenshalom <[email protected]> Co-authored-by: ellopez777 <[email protected]> Co-authored-by: Moshe Eichler <[email protected]> Co-authored-by: almog2296 <[email protected]> Co-authored-by: Shelly Tzohar <[email protected]> Co-authored-by: Yuval Hayun <[email protected]> * Merge branch 'master' into dev-cloud * CRTX-193174 - CloudTrail describe command (#41105) * CRTX-193174 * finish implemention py, add unit-test, add RN * Empty-Commit to trigger build * doc review fixes * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * doc review fixes * Empty-Commit to trigger build * add description * fix demo comments * fix UT, add contextpaths * add errors handling mechanism to the main * README fix * error hundling * RN change version number --------- Co-authored-by: talihaff <[email protected]> * CRTX-192056 - S3 existing commands (#41129) * CRTX-192056 * implement commands * remove download and upload commands * fix yml contextpath, fix commands implemention, delete contextpath from README * add UT, doc review, little fix * Demo fixes * fix RM102 * reslove conflicts * CRTX-187358 - Instance commands (#40861) * Empty-Commit - CRTX-187356 * add RN and commands template method * update RN * change RN, add commands templates, add command mapping, order REQUIRED_ACTIONS * add yml commands, add methods * add describe method, add quick actions, add contextpath * fix pre-commit errors, change arguments names * change supportsquickactions place in yml * delete long context from yml fix describe command add readme * fix pre-commit errors * add arguments pretty names * remove tag_specifications rewrite parse_filter_field * change description of filter argument, limit filter regex, add RN * add dot, add REQUIRED_ACTIONS, add tests * fix error Using variable 'error_message' before assignment * delete failed test * add return to the delete_security_group_command * fix regex * fix regex * error hundling * fix method issue * fix delete method and fix error entry * fix parse_filter_field method * improve regex * add AWSErrorHandler, add pagination for describe_command,fix filter regexs, fix describe command * fix aws-ec2-security-group-egress-authorize update README.md * Empty-Commit - CRTX-187358 * change aws-ec2-security-group-describe to aws-ec2-security-groups-describe * add quickaction prettypredefined * fixed deleted ip_permissions arg * change regex and errors hundling * add COOC error handling * replace *port* arg support, add bc RN * fix UT * error hundling * error hundling * remove quick action * fix UT * fix test_ec2_create_security_group_command_client_error test * fix UT, add remove_encoded_authorization_message method * fix UT * change API Module, Fix UT, Fix README, Add ex to yml * replace parse_resource_ids with argToList * fix from argToList(args.get("group_ids",[]) to argToList(args.get("group_ids",[])) * Update AWS.py * remove AccountId context from aws-ec2-security-group-create command * remove regex overlaps * remove regex overlaps * Update README.md * change from_port to_port description, README Re-generated and doc-review fixes * Update 3_0_0.md * first implementation * add describe_instances_command and fix yml * Update AWS.py * Update AWS.py * change implementation, add more info to README * fix tests according to new implemntion * change yml for create command * change ruff errors * add parse_tag_field method * Update AWS.py * remove any CRTX-187356 * remove any CRTX-187356 * remove any CRTX-187356 * Add README for new commands, Delete yml not supported arguments, Add UT, Fix parse_tag_field method and add UT * fix UT * change AWSErrorHandler * fix yml defaultvalue to defaultValue and change PREDEFINED from capital letters * change defaultValue to defaultvalue in configuration AWS.yml * change build_pagination_kwargs * doc review * doc review * finish doc review * add methods * change process_instance_data * fix CR review * add tests form #40861 to here * update docker, update RN, add errors handling mechanism to the main * add tests and fix build_pagination_kwargs * ruff format errors * add errors handling mechanism to the main - aws error hundling * ruff format errors * change cotextpath * change metadata version * change context path * Update AWS.py * RM102 change * Update README.md * pre-commit fixes * Update AWS.py * Update AWS.py * CR review fixes * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: julieschwartz18 <[email protected]> * fix error handling, fix UT * reslove conflicts and CR review fixes * reslove conflicts * change metadata version * CR review fixes * reslove conflicts --------- Co-authored-by: julieschwartz18 <[email protected]> * feat: add AWS EKS, EC2 snapshot and ECS cluster management commands (#41101) * feat: add AWS EKS, EC2 snapshot and ECS cluster management commands * style: reformat AWS integration YAML with consistent indentation and quotes * feat: add AWS EKS cluster management commands and update EC2 snapshot functionality * docs: relocate command descriptions to top of AWS integration command blocks * test: add AWS ECS/EKS/EC2 snapshot and cluster management tests * fix: add error handling and debug logs for AWS EC2, EKS and ECS operations, added tests * fix: update AWS region parameter and add missing EC2/EKS/ECS required actions * fix: update ECS cluster settings with correct parameter names and error handling * style: fix indentation in ECS cluster settings update method * refactor: move parse_tag_field function to module level and improve error handling - cr * refactor: simplify error handling in ECS cluster settings update + cr * cr * cr * cr * docs: add docstring and tests for EC2 snapshot permission modification * pc * feat: update AWS regions and remove redundant isArray flags in EKS commands * docs: consolidate AWS S3 bucket commands into v2.1.5 release notes * Changed context path to Snapshot * docs: update EC2 snapshot output paths from plural to singular form * fix: update EC2 snapshot test output prefix from plural to singular * CRTX-187328: GCP commands (#41302) * commands * unit tests and commands updates * error handling + fine tunning * removed iam unit tests + pre-commit updates * removed the iam commands * pre-commit updates * readme * yml + readme updates * rn * remove metadata-set command * review * pre-commit readme updates * unit tests and small fixes * small updates * small README update * remove debug statements * README pre-commit * labels-set add oprion and unit tests * pre-commit and small fixes * readme * xsoar * error handling explanation * cr updates * fixed unit tests * pre-commit * doc review * readme * add labels and labelFingerprint to hr * pre-commit * do106 * rn * Add commands from Azure NSG to Azure integration (#41096) * add pattern * add pattern * added commands to yml * added all commands * fixed yml * changes * fixed yml and py * added unittest beside the delete function * removed mock from publicip * fixed unittests * fixed pre commit errors * changed docker image, aligned readme and run precommit * fixed delete function * fixed conflicts * added command exmaples * fixed readme * fixed readme * added the permissions to the py file * Update pack_metadata.json * edited the permissions in the py file * run pre commit * fixed ai cr * added descriptions to functions * changes * added to readme * fixed readme * removed letter * fixed delete function * added unittest for delete * Added also the case of 200 in the delete command * Added patterns for the new 2 commands * added first command and permissions * added both commands * added to readme * added json and unttests for 2 commands * run pre commit * fixed permissions' * Apply suggestions from code review Co-authored-by: RotemAmit <[email protected]> * added 2 commands to rn * fixed errors in delete, commit before errors handeling change * Added a new dict and handle errors 401 and 403 * added unittests and fix error handling * added try-except to commands * run pre commit * fixed the delete function * fixed * added exmaples for 2 commands * removed the subsriptions list * removed the 2 additional commands * run pre commit * removed more in yml * removed jsons test and from commands examples * fixed handle_azure_error function * added descriptions * added a small test for etag * added return types * fixed delte rule functio * fixed delte rule functio * fixed issues after demo * fixed unittests * added more unittets * removed a file * added retuen statments * pre commit * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * added comments * fixed context paths * fixed readme * run pre commit * review and pre-commit * updated the doc strings * cr updates * doc review * README update * error entries --------- Co-authored-by: noydavidi <nodavidi.paloaltonetworks.com> Co-authored-by: RotemAmit <[email protected]> * Add blob commands to Azure integration (#41147) * added the commands * added to readme * created rn * added the examples command and jsons * Added the util_load_json function * run pre commit * CR: extract Azure resource info parsing into dedicated function and simplify code * notes from demo * fix: move removeNull parameter to correct TableData constructor argument * pc * refactor: remove unused util_load_json function from Azure test file * doc review + pc --------- Co-authored-by: noydavidi <nodavidi.paloaltonetworks.com> Co-authored-by: MLainer1 <[email protected]> * Crtx 196562 add aws additional commands (#41466) * init aws-s3-delete-bucket-website command * delete_bucket_website_command done * wip modify_event_subscription_command * allign with naming convention and add aws-s3-bucket-ownership-controls-put * enforce OwnershipControls contain rules * put_bucket_ownership_controls_command validations * add aws-ec2-subnet-attribute-modify * fine tuning * wip modify_event_subscription_command * wip modify_event_subscription_command * wip * wip * add modify_subnet_attribute_command * wip * wip * done modify_subnet_attribute_command * add docstrings * delete expected bucket owner * create ownership control dict in code * add unit tests * fix unit tests * ruff format * ruff format * add rn, pack metadata and readme * revert pack metatadata * fix readme, output of aws-rds-event-subscription-modify * pre commit changes * fix arg_to_boolean_or_none * Update Packs/AWS/Integrations/AWS/AWS.py Co-authored-by: talihaff <[email protected]> * docs * Update Packs/AWS/Integrations/AWS/AWS.py Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * ruff * ruff * add modify_event_subscription_command * empty commit * empty commit --------- Co-authored-by: talihaff <[email protected]> * Aws additional commands s3 upload/download (#41599) * commands * working commands * release notes + readme * release notes + readme * release notes + readme * release notes + readme * minor change * minor change * Your commit message here * Your commit message here * minor change * added context path to yml * changed permission * Update Packs/AWS/Integrations/AWS/AWS_test.py Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS_test.py Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/README.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/README.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/README.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * empty commit --------- Co-authored-by: talihaff <[email protected]> * Add Azure VM commands (#41559) * Azure QA Batch1 (#41528) * add subscription id argument * commands * update release notes * add permission + update release notes * tests change * tests change * tests change * tests change * tests change * Update Packs/Azure/Integrations/Azure/Azure.yml Co-authored-by: Moish-Gilboa <[email protected]> * tests change * merged from master * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud --------- Co-authored-by: Moish-Gilboa <[email protected]> * Azure QA Batch2 (#41529) * add permission + update release notes * add permission + update release notes * add permission + update release notes * tests change * tests change * tests change * tests change * tests change * tests change * tests change * tests change * tests change * tests change * docs * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * Gcp quick actions (#41446) * added quick actions * fixed qa * rn and fix * added default values * fix qa's * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: RotemAmit <[email protected]> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <[email protected]> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <[email protected]> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <[email protected]> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <[email protected]> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <[email protected]> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: RotemAmit <[email protected]> * fix pr comments * ruff format * ruff format * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/Integrations/GCP/GCP.yml Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/GCP/ReleaseNotes/1_2_0.md Co-authored-by: talihaff <[email protected]> * generate README * pre-commit updates --------- Co-authored-by: ilaredo <[email protected]> Co-authored-by: ilaredo <[email protected]> Co-authored-by: RotemAmit <[email protected]> Co-authored-by: talihaff <[email protected]> * Crtx 196222 support aws new quick actions v2 (#41509) * add aws ec2 revoke-security-group-ingress qa * wip * wip * add some qa's * add qa's * add qa's * add qa's * add qa's * merge * add qa's * fix identation * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * add description * add qa * add rn for aws * add rn for aws-iam * add rn for aws-iam * Update Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml Co-authored-by: RotemAmit <[email protected]> * fix rn * fix pr comments * update aws-iam tag * ruff format * handle int convertion error * Update Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/ReleaseNotes/2_2_0.md Co-authored-by: talihaff <thaffner@p…

* Modified time parsing to cover more formats and removed tmp fields on the parsing * Added RN

* rn * rn

* XMCyber Release 2.0.0 (#42866) * XMCyber Release 2.0.0 * Updated the pack metadata files and minor update in playbook. --------- Co-authored-by: crestdatasystems <[email protected]> * Fix validation errors * Update XMCyberCEM.yml --------- Co-authored-by: Crest Data <[email protected]> Co-authored-by: crestdatasystems <[email protected]> Co-authored-by: Kamal Qarain <[email protected]> Co-authored-by: Kamal Qarain <[email protected]>

Co-authored-by: Ata Berk Gümüş <[email protected]>

* fixed TeamCymru test_module compare to wrong string (#43701) * Fixed release notes and test data --------- Co-authored-by: Mitch Myers <[email protected]> Co-authored-by: Kamal Qarain <[email protected]>

* Fix BMC ITSM Incoming Mapper issues (#43448) * bug fix - XSOAR 6 does not map grid fields if there is a null value * Updated field mappings, and internal code maps --------- Co-authored-by: Kamal Qarain <[email protected]> * Update release notes and docker image tag --------- Co-authored-by: Ryan McVicar <[email protected]> Co-authored-by: Kamal Qarain <[email protected]> Co-authored-by: Kamal Qarain <[email protected]>

* Added follow_redirects flag to httpx * Added release notes * Fix tests * Fix test

#43766) * Add explicit agent header detection and handling for 32-character tokens in Palo Alto Networks WildFire v2 integration. * empty commit * empty commit

* Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes

* GetAIModelActivityPack * Trigger GitHub pipeline (user-created PR) * Bump pack from version Core to 3.5.27. * Bump pack from version Core to 3.5.28. * Bump pack from version Core to 3.5.29. * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * trigger build * trigger build * trigger build * trigger build * trigger build * Trigger GitHub pipeline (user-created PR) --------- Co-authored-by: CI Bot <[email protected]> Co-authored-by: Content Bot <[email protected]>

* CybrArk AIM v2 CCP update (#43661) * update parameters docs and use post instead of get * update release notes * revert required param for backward comp * update release notes * update readme * Fix validation and pre-commit errors --------- Co-authored-by: nitsan-tzur <[email protected]> Co-authored-by: Kamal Qarain <[email protected]>

* Add Fireye HX triage commands (#43427) * Added new triage commands * Code cleanup and fixes * lint fixes * Added additional tests * added documentation. * Linter * Updated verbiage * Add additional tests * removed old test * lint * lint * spell/type/lint fixes. * More requested fixes * Update verb for host acquisitions from get to list * Update FireEyeHXv2.yml * Update docker image * Update FireEyeHXv2.yml --------- Co-authored-by: Ryan McVicar <[email protected]> Co-authored-by: Kamal Qarain <[email protected]>

* CoreGetCases-XSUP-66385 * tests * add resolve_reason and rn * trigger build * trigger build * ai review * Trigger GitHub pipeline (user-created PR) * Trigger GitHub pipeline (user-created PR) * .lower() * Trigger GitHub pipeline (user-created PR) * rn * normalize time, deafult value for tags) * Trigger GitHub pipeline (user-created PR) * rn * rn * test * ruff * trigger build * trigger build * Trigger GitHub pipeline (user-created PR) * Bump pack from version Core to 3.5.30. * Trigger GitHub pipeline (user-created PR) * remove normalize_ts, set deafult start time to 0 when endtime is proivded * Trigger GitHub pipeline (user-created PR) --------- Co-authored-by: CI Bot <[email protected]> Co-authored-by: Content Bot <[email protected]>

+
+        assert request.total_valid_count == 2
+        assert "1.1.1.1" in request.valid_indicators_by_type[IndicatorType.IP]
+        assert "example.com" in request.valid_indicators_by_type[IndicatorType.DOMAIN]


* Initial release notes for ARES-1895 * Sync release notes from GitLab (52de69e4) * Sync release notes from GitLab (53ec0bd2) * Sync release notes from GitLab (d7bb58c1) --------- Co-authored-by: CI Bot <[email protected]> Co-authored-by: Shai Cohen Kadosh <[email protected]>

* Added cloud_posture support * release notes * Added to platform core pack list as well * release notes

* add unit tests to test command behavior when provided with expected/extra arguments * fix an issue where the integration commands failed when provided with unexpected arguments

hyaffe839 and others added 30 commits February 24, 2026 10:11

add to agents (#43212)

606b571

* add to agents * Bump pack from version AIAgents to 1.0.16. * Update 1_0_16.md * Update 1_0_16.md --------- Co-authored-by: Content Bot <[email protected]>

Azure WAF CRTX 231142 (#43245)

50107b0

* Modified get_properties_clientip * Removed redundant config case_sensitive * Added RN

Add timeout argument to core-api-install-packs command in Core Rest A…

9f567e9

…PI (#43198) * Add timeout argument to core-api-install-packs command in Core Rest API * Update version release notes after merge

QRadarV3: Added sleep after search creating (#43258)

4b7fb57

* Added sleep after search creating * pre commit fix + bump version * fix validation

bump corepacks platform (#43262)

7a154a9

XSUP-63750 Office 365 Email Update (#43197)

ba0b741

* Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes * Updated ModelingRules * Updated ParsingRules * Updated ReleaseNotes * Updated ReleaseNotes

Auto RN: ARES-1945 (#43213)

4ce2cb7

Zscaler: added the domain command (#42890)

50d0f8f

* added the domain command * without the pipe char * fix validation * CR changes * update docker

Fix collapsing into CIDRs and IP groups in EDL (#43251)

b2bd4b0

Tenable Fetch Assets fix for snapshot not sealed correctly (#43113)

e3dcdbe

* Fix for snapshot not sealed correctly.

Fix python (#43271)

f2f38b3

* Fix python * Fixed ruff * Update docker image

Added GR109 to all affected CortexResponseAndRemediation pack playboo…

2b18543

…ks (#43306) * Added GR109 to all affected playbooks * spaces * comment wording alignment * removed extra GR109 after merge from master --------- Co-authored-by: Sasha Sokolovich <[email protected]>

CRTX-229215 Graph Security Update (#43309)

1498abe

* Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes

Auto RN: fix-playbooks-bugs (#43311)

e1c3d4f

* Initial release notes for fix-playbooks-bugs * revert hard-coded pipeline id * add explanation * add explanation --------- Co-authored-by: CI Bot <[email protected]> Co-authored-by: Tal <[email protected]>

Fix/XSUP-64182/IPv6 regex with new line (#43284)

4fc0d3a

* Fix/XSUP-64182/IPv6 regex with new line * Update Packs/CommonTypes/ReleaseNotes/3_10_3.md Co-authored-by: Richard Bluestone <[email protected]> --------- Co-authored-by: Richard Bluestone <[email protected]>

Fix/XSUP-63627/Fix URL encoding and quoted URL parsing (#43291)

036ea84

* unit 42 url encode issue * fix url split and encoding fragment issues * pty commit * fix ut

Fix bug when iterating over results in GitHub (#43305) (#43307)

c55b202

* Fix bug when iterating over results * Add CONTRIBUTORS.json * Bump pack version and add release notes Co-authored-by: Torbjørn Lium <[email protected]>

Platform Automation - Add edr and agentix to support agent supported …

10d845c

…modules. (#43229) * rn * Bump pack from version AIAgents to 1.0.17. --------- Co-authored-by: Content Bot <[email protected]>

MosheEichler and others added 24 commits March 30, 2026 09:18

demisto-sdk-release 1.38.23 (#43736)

3d111f8

* poetry files * update validation config file --------- Co-authored-by: Content Bot <[email protected]> Co-authored-by: yedidyacohenpalo <[email protected]>

ServiceNow-XSUP-65101 (#43601)

989d78a

* ServiceNow-XSUP-65101 * true * test * ruff * ruff * docker image * code review * revert teams * test

Update validation_config.toml (#43747)

362a04d

VMware NSX Modification (#43745)

30ac75b

* Modified time parsing to cover more formats and removed tmp fields on the parsing * Added RN

CRTX-226145 (#43742)

b32ce59

* rn * rn

Update .pack-ignore (#43752)

9ddd7da

Update contact information for Picus Security Apps (#43645) (#43759)

11ccf57

Co-authored-by: Ata Berk Gümüş <[email protected]>

Fixed TeamCymru test_module compare to wrong string (#43750)

96099b5

* fixed TeamCymru test_module compare to wrong string (#43701) * Fixed release notes and test data --------- Co-authored-by: Mitch Myers <[email protected]> Co-authored-by: Kamal Qarain <[email protected]>

Added follow_redirects flag to httpx (#43762)

506aff7

* Added follow_redirects flag to httpx * Added release notes * Fix tests * Fix test

Add explicit agent header detection and handling for 32-character tok… (

c2e3b87

#43766) * Add explicit agent header detection and handling for 32-character tokens in Palo Alto Networks WildFire v2 integration. * empty commit * empty commit

CRTX 240218 office365 exchange emailsubject (#43765)

2440eef

* Updated ModelingRules * Updated ReleaseNotes * Updated ReleaseNotes

Fix reputation command enrichment in Unit 42 Intelligence (#43774)

6c1a7f2

Fix MISP Feed test-module command (#43772)

fe22394

github-advanced-security AI found potential problems Apr 9, 2026

View reviewed changes

Comment thread Packs/AggregatedScripts/Scripts/IndicatorEnrichment/IndicatorEnrichment_test.py

assert request.total_valid_count == 2

assert "1.1.1.1" in request.valid_indicators_by_type[IndicatorType.IP]

assert "example.com" in request.valid_indicators_by_type[IndicatorType.DOMAIN]

BarGali and others added 4 commits April 9, 2026 11:15

first commit (#43773)

f5a07bc

Xsup 66690 add license (#43785)

1104a44

* Added cloud_posture support * release notes * Added to platform core pack list as well * release notes

Fix command arguments handling in AbuseIPDB (#43789)

6604bfe

* add unit tests to test command behavior when provided with expected/extra arguments * fix an issue where the integration commands failed when provided with unexpected arguments

haribalaji-ravi merged commit 4da93ec into cohesity:master Apr 9, 2026
15 of 19 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Pulling latest code from official cortex repo#3

Pulling latest code from official cortex repo#3
haribalaji-ravi merged 10000 commits intocohesity:masterfrom
demisto:master

haribalaji-ravi commented Apr 9, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

20 participants

Conversation

haribalaji-ravi commented Apr 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Contributing to Cortex XSOAR Content

Status

Related Issues

Description

Screenshots

Minimum version of Cortex XSOAR

Does it break backward compatibility?

Must have

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

20 participants

haribalaji-ravi commented Apr 9, 2026 •

edited

Loading