From aac5808e8e7f3a62e9336dd282ad30ed4198ec52 Mon Sep 17 00:00:00 2001 From: GuyAfik Date: Tue, 22 Aug 2023 15:31:45 +0300 Subject: [PATCH 01/10] [crowdstrike] - update command description --- .../Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml | 2 +- .../CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml index 404e840c3cc5..0e12e81de293 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml @@ -392,7 +392,7 @@ script: - 'false' - description: Username to assign the detections to. (This is usually the user’s email address, but may vary based on your configuration). username and assigned_to_uuid are mutually exclusive. name: username - description: Resolves and updates a detection using the provided arguments. At least one optional argument must be passed, otherwise no change will take place. + description: Resolves and updates a detection using the provided arguments. At least one optional argument must be passed, otherwise no change will take place, does not support IDP detections. name: cs-falcon-resolve-detection - arguments: - description: The host agent ID (AID) of the host to contain. Get an agent ID from a detection. diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md index a78f4c0113a5..5cd15d2270ea 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md @@ -431,7 +431,7 @@ or by providing the IDs of the detections. * * * * * -Resolves and updates a detection using the provided arguments. At least one optional argument must be passed, otherwise no change will take place. +Resolves and updates a detection using the provided arguments. At least one optional argument must be passed, otherwise no change will take place, does not support IDP detections. #### Base Command From 786a0350fc6607c4e90703f95f9c9df3a44a89f2 Mon Sep 17 00:00:00 2001 From: GuyAfik Date: Tue, 22 Aug 2023 15:34:07 +0300 Subject: [PATCH 02/10] bump rn --- Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md | 6 ++++++ Packs/CrowdStrikeFalcon/pack_metadata.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md diff --git a/Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md b/Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md new file mode 100644 index 000000000000..c215769a3bcb --- /dev/null +++ b/Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### CrowdStrike Falcon + +- Updated the description of the **cs-falcon-resolve-detection** command to notify that *IDP* detections are not supported. diff --git a/Packs/CrowdStrikeFalcon/pack_metadata.json b/Packs/CrowdStrikeFalcon/pack_metadata.json index 0d828fa3421e..a7901a86ff65 100644 --- a/Packs/CrowdStrikeFalcon/pack_metadata.json +++ b/Packs/CrowdStrikeFalcon/pack_metadata.json @@ -2,7 +2,7 @@ "name": "CrowdStrike Falcon", "description": "The CrowdStrike Falcon OAuth 2 API (formerly the Falcon Firehose API), enables fetching and resolving detections, searching devices, getting behaviors by ID, containing hosts, and lifting host containment.", "support": "xsoar", - "currentVersion": "1.11.5", + "currentVersion": "1.11.6", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 734c1a2d4ade0c562875c0c3b6f00bbe1eeb4da7 Mon Sep 17 00:00:00 2001 From: GuyAfik Date: Tue, 22 Aug 2023 15:45:34 +0300 Subject: [PATCH 03/10] update docker image --- .../Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml | 2 +- Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml index 0e12e81de293..7795ae4a76d9 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml @@ -4375,7 +4375,7 @@ script: - contextPath: CrowdStrike.IDPEntity.EmailAddresses description: The identity entity email address. type: String - dockerimage: demisto/py3-tools:1.0.0.70543 + dockerimage: demisto/py3-tools:1.0.0.71964 isfetch: true ismappable: true isremotesyncin: true diff --git a/Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md b/Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md index c215769a3bcb..27ad7e100f9b 100644 --- a/Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md +++ b/Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md @@ -4,3 +4,4 @@ ##### CrowdStrike Falcon - Updated the description of the **cs-falcon-resolve-detection** command to notify that *IDP* detections are not supported. +- Updated the Docker image to: *demisto/py3-tools:1.0.0.71964*. \ No newline at end of file From 6cc51c8f72f79a08a0279db8ad41795fde812f77 Mon Sep 17 00:00:00 2001 From: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Date: Tue, 22 Aug 2023 15:50:25 +0300 Subject: [PATCH 04/10] Update Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com> --- .../Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml index 7795ae4a76d9..97c0aeccfa96 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml @@ -392,7 +392,7 @@ script: - 'false' - description: Username to assign the detections to. (This is usually the user’s email address, but may vary based on your configuration). username and assigned_to_uuid are mutually exclusive. name: username - description: Resolves and updates a detection using the provided arguments. At least one optional argument must be passed, otherwise no change will take place, does not support IDP detections. + description: Resolves and updates a detection using the provided arguments. At least one optional argument must be passed, otherwise no change will take place. Note that it does not support IDP detections. name: cs-falcon-resolve-detection - arguments: - description: The host agent ID (AID) of the host to contain. Get an agent ID from a detection. From 8dd2f9954e9cadd96f28600ccd9f6b5def7822f1 Mon Sep 17 00:00:00 2001 From: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Date: Tue, 22 Aug 2023 15:51:12 +0300 Subject: [PATCH 05/10] Update Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md --- .../CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md index 5cd15d2270ea..0e6e125da05a 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md @@ -431,7 +431,7 @@ or by providing the IDs of the detections. * * * * * -Resolves and updates a detection using the provided arguments. At least one optional argument must be passed, otherwise no change will take place, does not support IDP detections. +Resolves and updates a detection using the provided arguments. At least one optional argument must be passed, otherwise no change will take place, Note that it does not support IDP detections. #### Base Command From 0d85e9b7a0116dad542c1f08b89a220bf596227b Mon Sep 17 00:00:00 2001 From: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Date: Tue, 22 Aug 2023 16:41:39 +0300 Subject: [PATCH 06/10] Update Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml Co-authored-by: Judah Schwartz --- .../Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml index 97c0aeccfa96..3819503f4323 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml @@ -392,7 +392,7 @@ script: - 'false' - description: Username to assign the detections to. (This is usually the user’s email address, but may vary based on your configuration). username and assigned_to_uuid are mutually exclusive. name: username - description: Resolves and updates a detection using the provided arguments. At least one optional argument must be passed, otherwise no change will take place. Note that it does not support IDP detections. + description: Resolves and updates a detection using the provided arguments. At least one optional argument must be passed, otherwise no change will take place. Note: IDP detections are not supported. name: cs-falcon-resolve-detection - arguments: - description: The host agent ID (AID) of the host to contain. Get an agent ID from a detection. From 09a343d94e795d34e96c591582dda71d150b6cf2 Mon Sep 17 00:00:00 2001 From: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Date: Tue, 22 Aug 2023 16:41:50 +0300 Subject: [PATCH 07/10] Update Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md Co-authored-by: Judah Schwartz --- Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md b/Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md index 27ad7e100f9b..07c120543ccf 100644 --- a/Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md +++ b/Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md @@ -3,5 +3,5 @@ ##### CrowdStrike Falcon -- Updated the description of the **cs-falcon-resolve-detection** command to notify that *IDP* detections are not supported. +- Added a disclaimer to the description of the **cs-falcon-resolve-detection** command that IDP detections are not supported. - Updated the Docker image to: *demisto/py3-tools:1.0.0.71964*. \ No newline at end of file From 3c2aaca6d6fae7e13f72d7996b1aaebb7f81bc94 Mon Sep 17 00:00:00 2001 From: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Date: Tue, 22 Aug 2023 16:42:30 +0300 Subject: [PATCH 08/10] Update Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md --- .../CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md index 0e6e125da05a..dc6718996c2e 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md @@ -431,7 +431,7 @@ or by providing the IDs of the detections. * * * * * -Resolves and updates a detection using the provided arguments. At least one optional argument must be passed, otherwise no change will take place, Note that it does not support IDP detections. +Resolves and updates a detection using the provided arguments. At least one optional argument must be passed, otherwise no change will take place. Note: IDP detections are not supported. #### Base Command From d73af537ce52914e9157404e5947399542aa0daa Mon Sep 17 00:00:00 2001 From: GuyAfik Date: Tue, 22 Aug 2023 17:57:51 +0300 Subject: [PATCH 09/10] fix broken yml --- .../Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml index 3819503f4323..fdaf94d69154 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml @@ -392,7 +392,7 @@ script: - 'false' - description: Username to assign the detections to. (This is usually the user’s email address, but may vary based on your configuration). username and assigned_to_uuid are mutually exclusive. name: username - description: Resolves and updates a detection using the provided arguments. At least one optional argument must be passed, otherwise no change will take place. Note: IDP detections are not supported. + description: Resolves and updates a detection using the provided arguments. At least one optional argument must be passed, otherwise no change will take place. Note that IDP detections are not supported. name: cs-falcon-resolve-detection - arguments: - description: The host agent ID (AID) of the host to contain. Get an agent ID from a detection. From 2b807cffb4058e5eefabd38f514637d1f15615c6 Mon Sep 17 00:00:00 2001 From: GuyAfik Date: Tue, 22 Aug 2023 19:52:15 +0300 Subject: [PATCH 10/10] update docker image --- .../Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml | 2 +- Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml index fdaf94d69154..c2789489271b 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml @@ -4375,7 +4375,7 @@ script: - contextPath: CrowdStrike.IDPEntity.EmailAddresses description: The identity entity email address. type: String - dockerimage: demisto/py3-tools:1.0.0.71964 + dockerimage: demisto/py3-tools:1.0.0.72003 isfetch: true ismappable: true isremotesyncin: true diff --git a/Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md b/Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md index 07c120543ccf..dece01c470da 100644 --- a/Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md +++ b/Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_6.md @@ -4,4 +4,4 @@ ##### CrowdStrike Falcon - Added a disclaimer to the description of the **cs-falcon-resolve-detection** command that IDP detections are not supported. -- Updated the Docker image to: *demisto/py3-tools:1.0.0.71964*. \ No newline at end of file +- Updated the Docker image to: *demisto/py3-tools:1.0.0.72003*. \ No newline at end of file