Xpanse api updates (#29464)

* Xpanse api updates (#29339) * improve classifier setup * release notes * release notes style * remove field applicability * Apply suggestions from code review Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> --------- Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> * Fix missing dot * Revert "Bump markdownlint from 0.26.2 to 0.30.0 (#28899)" (#29481) This reverts commit fc25003. * fix using deprecated -vvv argument when calling the demisto sdk (#29470) Co-authored-by: kobymeir <ymeir@paloaltonetworks.com> * Update Docker Image To demisto/oci (#29488) * Updated Metadata Of Pack OracleCloudInfrastructure * Added release notes to pack OracleCloudInfrastructure * Packs/OracleCloudInfrastructure/Integrations/OracleCloudInfrastructureEventCollector/OracleCloudInfrastructureEventCollector.yml Docker image update * Update Docker Image To demisto/taxii2 (#29490) * Updated Metadata Of Pack FeedUnit42v2 * Added release notes to pack FeedUnit42v2 * Packs/FeedUnit42v2/Integrations/FeedUnit42v2/FeedUnit42v2.yml Docker image update * Update Docker Image To demisto/netmiko (#29501) * Updated Metadata Of Pack Netmiko * Added release notes to pack Netmiko * Packs/Netmiko/Integrations/Netmiko/Netmiko.yml Docker image update * Deprecating block url generic (#29453) * Release Notes * enhance * RN * validation fix * fix * Bump pack from version CommonPlaybooks to 2.5.0. * fix * fix * fix --------- Co-authored-by: Content Bot <bot@demisto.com> * Fix dnstwistTest TPB (#29455) * Change domain argument in task 6 * Update task 6 name * Test different domain argument due to timeout * Fix Get Original Email - Microsoft Graph Mail - test TPB (#29467) * Update MessageID and SHA256 values in the TPB * Update secrets-ignore * New features for emails (#29400) * New features for emails (#28916) * New features for emails * Fix validations * Fix lint and test * Increase coverage and fix validation * Increase test coverage * Manual report condition * Request changes * Fixes request changes * Fix last fetch * Skip event with last fetch time * Remove sensitive data * Change args from simple to complex format * Update notification endpoint * Minor fixes * Fix layout field * Fix condition for manual alerts * Update docker * Add button to get campaign result and fix scan info command output * Update release notes * fix Rn * fix rn * fix rn * remove an empty line * add a "." for validation to pass * one more period --------- Co-authored-by: Christian Gutierrez <138159801+chkp-christiang@users.noreply.github.com> Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com> * Security scans (#25915) * added as a new build flow * reverted gitlab * changed ref to master --------- Co-authored-by: Andrew Scott <77340714+andrew-paloalto@users.noreply.github.com> Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com> Co-authored-by: Koby Meir <kobymeir@users.noreply.github.com> Co-authored-by: kobymeir <ymeir@paloaltonetworks.com> Co-authored-by: ArikDay <115150768+ArikDay@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: samuelFain <65926551+samuelFain@users.noreply.github.com> Co-authored-by: Christian Gutierrez <138159801+chkp-christiang@users.noreply.github.com> Co-authored-by: Yehuda <yrosenberg@paloaltonetworks.com> Co-authored-by: Yuval Cohen <86777474+yucohen@users.noreply.github.com>
demisto · Sep 14, 2023 · d2c359a · d2c359a
1 parent 7da58bd
commit d2c359a
Show file tree

Hide file tree

Showing 6 changed files with 56 additions and 21 deletions.
diff --git a/Packs/CortexXpanse/Classifiers/classifier-Xpanse_-_Incoming_Mapper.json b/Packs/CortexXpanse/Classifiers/classifier-Xpanse_-_Incoming_Mapper.json
@@ -9,7 +9,7 @@
 				"Xpanse Alert ID": {
 					"complex": {
 						"filters": [],
-						"root": "external_id",
+						"root": "alert_id",
 						"transformers": []
 					}
 				},
@@ -78,19 +78,10 @@
 				"Xpanse IP": {
 					"complex": {
 						"filters": [],
-						"root": "action_remote_ip",
+						"root": "ipv4_addresses",
 						"transformers": [
 							{
-								"args": {
-									"applyIfEmpty": {},
-									"defaultValue": {
-										"isContext": true,
-										"value": {
-											"simple": "ipv4_addresses[0]"
-										}
-									}
-								},
-								"operator": "SetIfEmpty"
+								"operator": "FirstArrayElement"
 							}
 						]
 					}
@@ -175,14 +166,35 @@
         "dbot_classification_incident_type_all": {
             "dontMapEventToLabels": false,
             "internalMapping": {
-                "Tags": {
-                    "complex": {
+				"Description": {
+					"simple": "description"
+				},
+				"Destination IP": {
+					"complex": {
+						"filters": [],
+						"root": "ipv4_addresses",
+						"transformers": [
+							{
+								"operator": "FirstArrayElement"
+							}
+						]
+					}
+				},
+				"Protocol": {
+					"complex": {
+						"filters": [],
+						"root": "port_protocol",
+						"transformers": []
+					}
+				},
+				"Tags": {
+					"complex": {
                         "filters": [],
                         "root": "tags",
                         "transformers": []
                     }
-                }
-            }
+				}
+			}
         }
     },
     "name": "Xpanse - Incoming Mapper",

diff --git a/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Tags.json b/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Tags.json
@@ -22,7 +22,7 @@
     "threshold": 72,
     "type": "shortText",
     "unmapped": false,
-    "unsearchable": true,
+    "unsearchable": false,
     "useAsKpi": true,
     "version": -1,
     "fromVersion": "6.5.0"

diff --git a/Packs/CortexXpanse/IncidentFields/incidentfields-Xpanse_Provider.json b/Packs/CortexXpanse/IncidentFields/incidentfields-Xpanse_Provider.json
@@ -19,9 +19,12 @@
     "group": 0,
     "hidden": false,
     "openEnded": false,
-    "associatedToAll": true,
+    "associatedToAll": false,
+    "associatedTypes": [
+        "Xpanse Alert"
+    ],
     "unmapped": false,
-    "unsearchable": true,
+    "unsearchable": false,
     "caseInsensitive": true,
     "sla": 0,
     "threshold": 72,

diff --git a/Packs/CortexXpanse/Integrations/CortexXpanse/CortexXpanse.yml b/Packs/CortexXpanse/Integrations/CortexXpanse/CortexXpanse.yml
@@ -399,7 +399,7 @@ script:
       - resolved_contested_asset
       - resolved_remediated_automatically
       - resolved
-    - description: Comma-separated list of strings of the business units
+    - description: Comma-separated list of strings of the business units.
       name: business_units_list
     - description: A date in the format 2019-12-31T23:59:00. Only incidents that were created on or before the specified date/time will be retrieved.
       name: lte_creation_time
@@ -686,6 +686,8 @@ script:
   script: ''
   subtype: python3
   type: python
+defaultmapperin: Xpanse - Incoming Mapper
+defaultclassifier: Xpanse - Classifier
 fromversion: 6.5.0
 tests:
 - CortexXpanse_Test
diff --git a/Packs/CortexXpanse/ReleaseNotes/1_0_10.md b/Packs/CortexXpanse/ReleaseNotes/1_0_10.md
@@ -0,0 +1,18 @@
+
+#### Integrations
+##### Cortex Xpanse
+
+- Updated the default classifier and incoming mapper for the integration.
+
+#### Mappers
+##### Xpanse - Incoming Mapper
+
+- Updated the targets for several fields for improved accuracy and formatting.
+
+#### Incident Fields
+##### Xpanse Tags
+Updated the field to be searchable.
+
+##### Xpanse Provider
+Updated the field to be searchable and to not be scoped to all incident types.
+
diff --git a/Packs/CortexXpanse/pack_metadata.json b/Packs/CortexXpanse/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Cortex Xpanse",
     "description": "Content for working with Attack Surface Management (ASM).",
     "support": "xsoar",
-    "currentVersion": "1.0.9",
+    "currentVersion": "1.0.10",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",