[Microsoft Graph Security] Update msg-update-alert documentation (#32983

)

* update docs

* update dockers

* add "MSG-ediscovery-tpb" to skipped_tests

Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/MicrosoftGraphSecurity.yml

@@ -689,17 +689,15 @@ script:
       - unknown
       - truePositive
       - falsePositive
-      - benignPositive
+      - informationalExpectedActivity
     - auto: PREDEFINED
       description: Relevant only for Alerts v2. Use this field to update the alert's determination.
       name: determination
       predefined:
       - unknown
-      - apt
       - malware
       - phishing
       - other
-      - securityPersonnel
       - securityTesting
       - multiStagedAttack
       - maliciousUserActivity
@@ -2038,7 +2036,7 @@ script:
     - contextPath: MSGraphMail.AssessmentRequest.ResultMessage
       description: The result message of the assessment request.
       type: String
-  dockerimage: demisto/crypto:1.0.0.82826
+  dockerimage: demisto/crypto:1.0.0.87358
   isfetch: true
   runonce: false
   script: '-'

Packs/MicrosoftGraphSecurity/Integrations/MicrosoftGraphSecurity/README.md

@@ -377,19 +377,19 @@ Update an editable alert property within any integrated solution to keep alert s
 
 #### Input
 
-| **Argument Name** | **Description** | **Required** |
-| --- | --- | --- |
-| alert_id | The Alert ID. Provider-generated GUID/unique identifier. | Required | 
-| assigned_to | Name of the analyst the alert is assigned to for triage, investigation, or remediation. | Optional | 
-| closed_date_time | Relevant only for Legacy Alerts. Time the alert was closed in the string format MM/DD/YYYY. | Optional | 
-| comments | Relevant only for Legacy Alerts. Analyst comments on the alert (for customer alert management). | Optional | 
-| feedback | Relevant only for Legacy Alerts. Analyst feedback on the alert. Possible values are: unknown, truePositive, falsePositive, benignPositive. | Optional | 
-| status | Alert lifecycle status (stage). Possible values are: unknown, newAlert, inProgress, resolved, new. | Optional | 
-| tags | Relevant only for Legacy Alerts. User-definable labels that can be applied to an alert and can serve as filter conditions, for example "HVA", "SAW). | Optional | 
-| vendor_information | Relevant only for Legacy Alerts. Details about the security service vendor, for example Microsoft. | Optional | 
-| provider_information | Relevant only for Legacy Alerts. Details about the security service vendor, for example Windows Defender ATP. | Optional | 
-| classification | Relevant only for Alerts v2. Use this field to update the alert's classification. Possible values are: unknown, truePositive, falsePositive, benignPositive. | Optional | 
-| determination | Relevant only for Alerts v2. Use this field to update the alert's determination. Possible values are: unknown, apt, malware, phishing, other, securityPersonnel, securityTesting, multiStagedAttack, maliciousUserActivity, lineOfBusinessApplication, unwantedSoftware. | Optional | 
+| **Argument Name**    | **Description**                                                                                                                                                                                                                                  | **Required** |
+|----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|
+| alert_id             | The Alert ID. Provider-generated GUID/unique identifier.                                                                                                                                                                                         | Required     | 
+| assigned_to          | Name of the analyst the alert is assigned to for triage, investigation, or remediation.                                                                                                                                                          | Optional     | 
+| closed_date_time     | Relevant only for Legacy Alerts. Time the alert was closed in the string format MM/DD/YYYY.                                                                                                                                                      | Optional     | 
+| comments             | Relevant only for Legacy Alerts. Analyst comments on the alert (for customer alert management).                                                                                                                                                  | Optional     | 
+| feedback             | Relevant only for Legacy Alerts. Analyst feedback on the alert. Possible values are: unknown, truePositive, falsePositive, benignPositive.                                                                                                       | Optional     | 
+| status               | Alert lifecycle status (stage). Possible values are: unknown, newAlert, inProgress, resolved, new.                                                                                                                                               | Optional     | 
+| tags                 | Relevant only for Legacy Alerts. User-definable labels that can be applied to an alert and can serve as filter conditions, for example "HVA", "SAW).                                                                                             | Optional     | 
+| vendor_information   | Relevant only for Legacy Alerts. Details about the security service vendor, for example Microsoft.                                                                                                                                               | Optional     | 
+| provider_information | Relevant only for Legacy Alerts. Details about the security service vendor, for example Windows Defender ATP.                                                                                                                                    | Optional     | 
+| classification       | Relevant only for Alerts v2. Use this field to update the alert's classification. Possible values are: unknown, truePositive, falsePositive, informationalExpectedActivity.                                                                      | Optional     | 
+| determination        | Relevant only for Alerts v2. Use this field to update the alert's determination. Possible values are: unknown, malware, phishing, other, securityTesting, multiStagedAttack, maliciousUserActivity, lineOfBusinessApplication, unwantedSoftware. | Optional     | 
 
 #### Context Output
 

Packs/MicrosoftGraphSecurity/ReleaseNotes/2_2_8.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Microsoft Graph Security
+- Updated the documentation for the ***msg-update-alert*** command to include only the determination and classification options supported by Microsoft.
+- Updated the Docker image to: *demisto/crypto:1.0.0.87358*.

Packs/MicrosoftGraphSecurity/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Microsoft Graph Security",
     "description": "Unified gateway to security insights - all from a unified Microsoft Graph\n  Security API.",
     "support": "xsoar",
-    "currentVersion": "2.2.7",
+    "currentVersion": "2.2.8",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Tests/conf.json

@@ -5865,7 +5865,8 @@
         "ThreatStream-Test": "Issue CRTX-96526",
         "MSG-Threat-Assessment-test": "API limitation",
         "BambenekConsultingFeed_Test": "Issue CRTX-99480",
-        "AWS SNS Listener - Test": "Cant validate mock msg against AWS-SNS in TBP"
+        "AWS SNS Listener - Test": "Cant validate mock msg against AWS-SNS in TBP",
+        "MSG-ediscovery-tpb": "Issue CIAC-9763"
     },
     "skipped_integrations": {
         "EWS Mail Sender": "The integration is deprecated",