diff --git a/Packs/Tanium/Integrations/Tanium_v2/Tanium_v2.py b/Packs/Tanium/Integrations/Tanium_v2/Tanium_v2.py index cc53d8e888ee..ed3ccc85d44e 100644 --- a/Packs/Tanium/Integrations/Tanium_v2/Tanium_v2.py +++ b/Packs/Tanium/Integrations/Tanium_v2/Tanium_v2.py @@ -269,6 +269,8 @@ def build_create_action_body(self, by_host, action_name, if not ip_address and not hostname: raise ValueError('hostname and ip address are missing, Please specify one of them.') + group_question = "" + demisto.debug(f"Initializing {group_question=}") if ip_address: group_question = f'Get Computer Name from all machines with ip address equals {ip_address}' if hostname: diff --git a/Packs/Tanium/Integrations/Tanium_v2/Tanium_v2.yml b/Packs/Tanium/Integrations/Tanium_v2/Tanium_v2.yml index cb3b0353d137..0824310336e0 100644 --- a/Packs/Tanium/Integrations/Tanium_v2/Tanium_v2.yml +++ b/Packs/Tanium/Integrations/Tanium_v2/Tanium_v2.yml @@ -1353,7 +1353,7 @@ script: - contextPath: Tanium.ActionResult.ID description: The action results ID. type: String - dockerimage: demisto/python3:3.11.10.115186 + dockerimage: demisto/python3:3.11.10.116949 script: '' subtype: python3 type: python diff --git a/Packs/Tanium/ReleaseNotes/1_0_36.md b/Packs/Tanium/ReleaseNotes/1_0_36.md new file mode 100644 index 000000000000..c59b52d1b401 --- /dev/null +++ b/Packs/Tanium/ReleaseNotes/1_0_36.md @@ -0,0 +1,5 @@ +#### Integrations + +##### Tanium v2 +- Code functionality improvements. +- Updated the Docker image to: *demisto/python3:3.11.10.116949*. \ No newline at end of file diff --git a/Packs/Tanium/pack_metadata.json b/Packs/Tanium/pack_metadata.json index d1d8416d1cf8..2abcee4a4e26 100644 --- a/Packs/Tanium/pack_metadata.json +++ b/Packs/Tanium/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Tanium", "description": "Tanium endpoint security and systems management", "support": "xsoar", - "currentVersion": "1.0.35", + "currentVersion": "1.0.36", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/ThreatQ/Integrations/ThreatQ_v2/ThreatQ_v2.py b/Packs/ThreatQ/Integrations/ThreatQ_v2/ThreatQ_v2.py index 5c98319a3770..388701708d3a 100644 --- a/Packs/ThreatQ/Integrations/ThreatQ_v2/ThreatQ_v2.py +++ b/Packs/ThreatQ/Integrations/ThreatQ_v2/ThreatQ_v2.py @@ -4,7 +4,6 @@ ''' IMPORTS ''' import json import shutil -from typing import Dict, List import urllib3 import requests @@ -137,7 +136,7 @@ def get_errors_string_from_bad_request(bad_request_results, status_code): if errors_dict: for error_num, (key, lst) in enumerate(errors_dict.items(), 1): curr_error_string = '\n'.join(lst) + '\n\n' - errors_string += 'Error #{0}. In \'{1}\':\n{2}'.format(error_num, key, curr_error_string) + errors_string += f'Error #{error_num}. In \'{key}\':\n{curr_error_string}' return errors_string # Second form @@ -145,13 +144,13 @@ def get_errors_string_from_bad_request(bad_request_results, status_code): if errors_list: for error_num, error in enumerate(errors_list, 1): if isinstance(error, str): - errors_string += 'Error #{0}: {1}\n'.format(error_num, error) + errors_string += f'Error #{error_num}: {error}\n' else: # error is a list for i in range(len(error)): - errors_string += 'Error #{0}.{1}: {2}\n'.format(error_num, i, error[i]) + errors_string += f'Error #{error_num}.{i}: {error[i]}\n' return errors_string - return str() # Service did not provide any errors. + return '' # Service did not provide any errors. def get_tlp_from_indicator(sources): @@ -206,7 +205,7 @@ def tq_request(method, url_suffix, params=None, files=None, retrieve_entire_resp if response.status_code >= 400: errors_string = get_errors_string_from_bad_request(response, response.status_code) - error_message = 'Received an error - status code [{0}].\n{1}'.format(response.status_code, errors_string) + error_message = f'Received an error - status code [{response.status_code}].\n{errors_string}' return_error(error_message) if retrieve_entire_response: @@ -247,7 +246,7 @@ def get_access_token(): def make_create_object_request(obj_type, params): - url_suffix = '/{0}'.format(OBJ_DIRECTORY[obj_type]) + url_suffix = f'/{OBJ_DIRECTORY[obj_type]}' res = tq_request('POST', url_suffix, params) # For some reason, only while creating an indicator, the response data is a list of dicts with size 1. @@ -257,7 +256,7 @@ def make_create_object_request(obj_type, params): entry_context = {CONTEXT_PATH[obj_type]: createContext(data, removeNull=True)} - readable_title = '{0} was successfully created.'.format(obj_type.title()) + readable_title = f'{obj_type.title()} was successfully created.' readable = build_readable(readable_title, obj_type, data) return_outputs(readable, entry_context, res) @@ -267,7 +266,7 @@ def make_edit_request_for_an_object(obj_id, obj_type, params): # Remove items with empty values. params = {k: v for k, v in params.items() if v is not None} - url_suffix = '/{0}/{1}?with=attributes,sources'.format(OBJ_DIRECTORY[obj_type], obj_id) + url_suffix = f'/{OBJ_DIRECTORY[obj_type]}/{obj_id}?with=attributes,sources' if obj_type == 'indicator': url_suffix += ',score' @@ -276,7 +275,7 @@ def make_edit_request_for_an_object(obj_id, obj_type, params): data = data_to_demisto_format(res['data'], obj_type) entry_context = {CONTEXT_PATH[obj_type]: createContext(data, removeNull=True)} - readable_title = 'Successfully edited {0} with ID {1}'.format(obj_type, obj_id) + readable_title = f'Successfully edited {obj_type} with ID {obj_id}' readable = build_readable(readable_title, obj_type, data) return_outputs(readable, entry_context, res) @@ -297,6 +296,9 @@ def make_indicator_reputation_request(indicator_type, value, generic_context): elif value.startswith('https://'): value_without_proto = value.replace('https://', '') is_httpx = True + else: + value_without_proto = value + demisto.debug("value doesn't start with either prefixes. Initializing value_without_proto to value.") if is_httpx: body = {"criteria": {"+or": [{"value": value}, {"value": value_without_proto}]}, @@ -331,7 +333,7 @@ def make_indicator_reputation_request(indicator_type, value, generic_context): params=body ) - indicators: List[Dict] = [] + indicators: list[dict] = [] for obj in res.get('data', []): if 'id' in obj: # Search for detailed information about the indicator @@ -496,7 +498,8 @@ def parse_date(text): return str(datetime.strptime(text, fmt)) except ValueError: pass - return_error('Time data \'{0}\' does not match any valid format.'.format(text)) + return_error(f'Time data \'{text}\' does not match any valid format.') + return None def data_to_demisto_format(data, obj_type): @@ -508,6 +511,7 @@ def data_to_demisto_format(data, obj_type): return adversary_data_to_demisto_format(data) elif obj_type == 'attachment': return file_data_to_demisto_format(data) + return None def indicator_data_to_demisto_format(data): @@ -518,7 +522,7 @@ def indicator_data_to_demisto_format(data): 'Value': data.get('value'), 'Status': status_id_to_status(data.get('status_id')), 'Type': type_id_to_indicator_type(data.get('type_id')), - 'URL': '{0}/indicators/{1}/details'.format(SERVER_URL, data.get('id')), + 'URL': '{}/indicators/{}/details'.format(SERVER_URL, data.get('id')), 'TQScore': get_tq_score_from_response(data.get('score')), 'Description': clean_html_from_string(data.get('description')), 'Source': sources_to_demisto_format(data.get('sources')), @@ -533,7 +537,7 @@ def adversary_data_to_demisto_format(data): 'UpdatedAt': data.get('updated_at'), 'CreatedAt': data.get('created_at'), 'Name': data.get('name'), - 'URL': '{0}/adversaries/{1}/details'.format(SERVER_URL, data.get('id')), + 'URL': '{}/adversaries/{}/details'.format(SERVER_URL, data.get('id')), 'Source': sources_to_demisto_format(data.get('sources')), 'Attribute': attributes_to_demisto_format(data.get('attributes')) } @@ -548,7 +552,7 @@ def event_data_to_demisto_format(data): 'Title': data.get('title'), 'Occurred': data.get('happened_at'), 'Type': type_id_to_event_type(data.get('type_id')), - 'URL': '{0}/events/{1}/details'.format(SERVER_URL, data.get('id')), + 'URL': '{}/events/{}/details'.format(SERVER_URL, data.get('id')), 'Description': clean_html_from_string(data.get('description')), 'Source': sources_to_demisto_format(data.get('sources')), 'Attribute': attributes_to_demisto_format(data.get('attributes')) @@ -564,7 +568,7 @@ def file_data_to_demisto_format(data): 'Size': data.get('file_size'), 'MD5': data.get('hash'), 'Type': type_id_to_file_type(data.get('type_id')), - 'URL': '{0}/files/{1}/details'.format(SERVER_URL, data.get('id')), + 'URL': '{}/files/{}/details'.format(SERVER_URL, data.get('id')), 'Name': data.get('name'), 'Title': data.get('title'), 'Description': data.get('description'), @@ -580,21 +584,21 @@ def file_data_to_demisto_format(data): def get_pivot_id(obj1_type, obj1_id, obj2_type, obj2_id): # A pivot id represents a connection between two objects. - url_suffix = '/{0}/{1}/{2}'.format(OBJ_DIRECTORY[obj1_type], obj1_id, OBJ_DIRECTORY[obj2_type]) + url_suffix = f'/{OBJ_DIRECTORY[obj1_type]}/{obj1_id}/{OBJ_DIRECTORY[obj2_type]}' res = tq_request('GET', url_suffix) for related_object in res['data']: # res['data'] contains all the related objects of obj_id1 if int(related_object.get('id')) == int(obj2_id): return int(related_object['pivot']['id']) - else: - return_error('Command failed - objects are not related.') + return_error('Command failed - objects are not related.') + return None def get_malicious_data(tq_score): malicious_data = { 'Malicious': { 'Vendor': 'ThreatQ v2', - 'Description': 'Score from ThreatQ is {0}'.format(tq_score) + 'Description': f'Score from ThreatQ is {tq_score}' } } return malicious_data @@ -664,7 +668,7 @@ def build_readable(readable_title, obj_type, data, metadata=None): metadata=metadata ) if 'URL' in data: - url_in_markdown_format = '[{0}]({1})'.format(data['URL'], data['URL']) + url_in_markdown_format = '[{}]({})'.format(data['URL'], data['URL']) readable = readable.replace(data['URL'], url_in_markdown_format) else: # 'data' is a list of objects @@ -679,7 +683,7 @@ def build_readable(readable_title, obj_type, data, metadata=None): metadata=metadata ) for elem in data: - url_in_markdown_format = '[{0}]({1})'.format(elem['URL'], elem['URL']) + url_in_markdown_format = '[{}]({})'.format(elem['URL'], elem['URL']) readable = readable.replace(elem['URL'], url_in_markdown_format) return readable @@ -725,7 +729,7 @@ def aggregate_search_results(indicators, default_indicator_type, generic_context generic_context=generic_context )) - aggregated: Dict = {} + aggregated: dict = {} for entry in entry_context: for key, value in entry.items(): if key in aggregated: @@ -781,7 +785,7 @@ def advance_search_command(): if not isinstance(search_results, list): search_results = [search_results] - indicators: List[Dict] = [] + indicators: list[dict] = [] for obj in search_results: # Search for detailed information about the indicator url_suffix = f"/indicators/{obj.get('id')}?with=attributes,sources,score,type" @@ -808,7 +812,7 @@ def search_by_name_command(): if limit and isinstance(limit, str) and not limit.isdigit(): return_error('limit argument must be an integer.') - url_suffix = '/search?query={0}&limit={1}'.format(name, limit) + url_suffix = f'/search?query={name}&limit={limit}' res = tq_request('GET', url_suffix) indicator_context = [{'ID': e['id'], 'Value': e['value']} for e in res['data'] if e['object'] == 'indicator'] @@ -840,7 +844,7 @@ def search_by_id_command(): if isinstance(obj_id, str) and not obj_id.isdigit(): return_error('obj_id argument must be an integer.') - url_suffix = '/{0}/{1}?with=attributes,sources'.format(OBJ_DIRECTORY[obj_type], obj_id) + url_suffix = f'/{OBJ_DIRECTORY[obj_type]}/{obj_id}?with=attributes,sources' if obj_type == 'indicator': url_suffix += ',score,type' @@ -854,7 +858,7 @@ def search_by_id_command(): if indicator_type is not None: ec['DBotScore'] = create_dbot_context(data['Value'], indicator_type, data.get('TQScore', -1)) - readable_title = 'Search results for {0} with ID {1}'.format(obj_type, obj_id) + readable_title = f'Search results for {obj_type} with ID {obj_id}' readable = build_readable(readable_title, obj_type, data) return_outputs(readable, ec, res) @@ -979,9 +983,9 @@ def delete_object_command(): if isinstance(obj_id, str) and not obj_id.isdigit(): return_error('obj_id argument must be an integer.') - url_suffix = '/{0}/{1}'.format(OBJ_DIRECTORY[obj_type], obj_id) + url_suffix = f'/{OBJ_DIRECTORY[obj_type]}/{obj_id}' tq_request('DELETE', url_suffix) - demisto.results('Successfully deleted {0} with ID {1}.'.format(obj_type, obj_id)) + demisto.results(f'Successfully deleted {obj_type} with ID {obj_id}.') def get_related_objs_command(related_type): @@ -992,7 +996,7 @@ def get_related_objs_command(related_type): if isinstance(obj_id, str) and not obj_id.isdigit(): return_error('obj_id argument must be an integer.') - url_suffix = '/{0}/{1}/{2}?with=sources'.format(OBJ_DIRECTORY[obj_type], obj_id, OBJ_DIRECTORY[related_type]) + url_suffix = f'/{OBJ_DIRECTORY[obj_type]}/{obj_id}/{OBJ_DIRECTORY[related_type]}?with=sources' if related_type == 'indicator': url_suffix += ',score' res = tq_request('GET', url_suffix) @@ -1005,7 +1009,7 @@ def get_related_objs_command(related_type): } ec = {CONTEXT_PATH[obj_type]: data} if info else {} - readable_title = 'Related {0} type objects of {1} with ID {2}'.format(related_type, obj_type, obj_id) + readable_title = f'Related {related_type} type objects of {obj_type} with ID {obj_id}' readable = build_readable(readable_title, related_type, data[RELATED_KEY[related_type]]) return_outputs(readable, ec, res) @@ -1024,13 +1028,13 @@ def link_objects_command(): if obj1_type == obj2_type and obj1_id == obj2_id: return_error('Cannot link an object to itself.') - url_suffix = '/{0}/{1}/{2}'.format(OBJ_DIRECTORY[obj1_type], obj1_id, OBJ_DIRECTORY[obj2_type]) + url_suffix = f'/{OBJ_DIRECTORY[obj1_type]}/{obj1_id}/{OBJ_DIRECTORY[obj2_type]}' params = { 'id': obj2_id } tq_request('POST', url_suffix, params) demisto.results( - 'Successfully linked {0} with ID {1} and {2} with ID {3}.'.format(obj1_type, obj1_id, obj2_type, obj2_id)) + f'Successfully linked {obj1_type} with ID {obj1_id} and {obj2_type} with ID {obj2_id}.') def unlink_objects_command(): @@ -1047,10 +1051,10 @@ def unlink_objects_command(): return_error('An object cannot be linked to itself.') p_id = get_pivot_id(obj1_type, obj1_id, obj2_type, obj2_id) - url_suffix = '/{0}/{1}/{2}'.format(OBJ_DIRECTORY[obj1_type], obj1_id, OBJ_DIRECTORY[obj2_type]) + url_suffix = f'/{OBJ_DIRECTORY[obj1_type]}/{obj1_id}/{OBJ_DIRECTORY[obj2_type]}' tq_request('DELETE', url_suffix, params=[p_id]) demisto.results( - 'Successfully unlinked {0} with ID {1} and {2} with ID {3}.'.format(obj1_type, obj1_id, obj2_type, obj2_id)) + f'Successfully unlinked {obj1_type} with ID {obj1_id} and {obj2_type} with ID {obj2_id}.') def update_score_command(): @@ -1067,7 +1071,7 @@ def update_score_command(): else: manual_score = int(score) - url_suffix = '/indicator/{0}/scores'.format(indicator_id) + url_suffix = f'/indicator/{indicator_id}/scores' params = {'manual_score': manual_score} res = tq_request('PUT', url_suffix, params) @@ -1079,7 +1083,7 @@ def update_score_command(): ec = {CONTEXT_PATH['indicator']: data} - readable = 'Successfully updated score of indicator with ID {0} to {1}. ' \ + readable = 'Successfully updated score of indicator with ID {} to {}. ' \ 'Notice that final score is the maximum between ' \ 'manual and generated scores.'.format(indicator_id, int(data['TQScore'])) @@ -1095,13 +1099,13 @@ def add_source_command(): if isinstance(obj_id, str) and not obj_id.isdigit(): return_error('obj_id argument must be an integer.') - url_suffix = '/{0}/{1}/sources'.format(OBJ_DIRECTORY[obj_type], obj_id) + url_suffix = f'/{OBJ_DIRECTORY[obj_type]}/{obj_id}/sources' params = { 'name': source } tq_request('POST', url_suffix, params) - demisto.results('Successfully added source {0} to {1} with ID {2}.'.format(source, obj_type, obj_id)) + demisto.results(f'Successfully added source {source} to {obj_type} with ID {obj_id}.') def delete_source_command(): @@ -1115,10 +1119,10 @@ def delete_source_command(): if isinstance(source_id, str) and not source_id.isdigit(): return_error('source_id argument must be an integer.') - url_suffix = '/{0}/{1}/sources/{2}'.format(OBJ_DIRECTORY[obj_type], obj_id, source_id) + url_suffix = f'/{OBJ_DIRECTORY[obj_type]}/{obj_id}/sources/{source_id}' tq_request('DELETE', url_suffix) - demisto.results('Successfully deleted source #{0} from {1} with ID {2}.'.format(source_id, obj_type, obj_id)) + demisto.results(f'Successfully deleted source #{source_id} from {obj_type} with ID {obj_id}.') def add_attribute_command(): @@ -1131,14 +1135,14 @@ def add_attribute_command(): if isinstance(obj_id, str) and not obj_id.isdigit(): return_error('obj_id argument must be an integer.') - url_suffix = '/{0}/{1}/attributes'.format(OBJ_DIRECTORY[obj_type], obj_id) + url_suffix = f'/{OBJ_DIRECTORY[obj_type]}/{obj_id}/attributes' params = { 'name': attribute_name, 'value': attribute_value } tq_request('POST', url_suffix, params) - demisto.results('Successfully added attribute to {0} with ID {1}.'.format(obj_type, obj_id)) + demisto.results(f'Successfully added attribute to {obj_type} with ID {obj_id}.') def modify_attribute_command(): @@ -1153,12 +1157,12 @@ def modify_attribute_command(): if isinstance(attribute_id, str) and not attribute_id.isdigit(): return_error('attribute_id argument must be an integer.') - url_suffix = '/{0}/{1}/attributes/{2}'.format(OBJ_DIRECTORY[obj_type], obj_id, attribute_id) + url_suffix = f'/{OBJ_DIRECTORY[obj_type]}/{obj_id}/attributes/{attribute_id}' params = {'value': attribute_value} tq_request('PUT', url_suffix, params) - demisto.results('Successfully modified attribute #{0} of {1} with ID {2}.'.format(attribute_id, obj_type, obj_id)) + demisto.results(f'Successfully modified attribute #{attribute_id} of {obj_type} with ID {obj_id}.') def delete_attribute_command(): @@ -1172,10 +1176,10 @@ def delete_attribute_command(): if isinstance(attribute_id, str) and not attribute_id.isdigit(): return_error('attribute_id argument must be an integer.') - url_suffix = '/{0}/{1}/attributes/{2}'.format(OBJ_DIRECTORY[obj_type], obj_id, attribute_id) + url_suffix = f'/{OBJ_DIRECTORY[obj_type]}/{obj_id}/attributes/{attribute_id}' tq_request('DELETE', url_suffix) - demisto.results('Successfully deleted attribute #{0} from {1} with ID {2}.'.format(attribute_id, obj_type, obj_id)) + demisto.results(f'Successfully deleted attribute #{attribute_id} from {obj_type} with ID {obj_id}.') def update_status_command(): @@ -1186,7 +1190,7 @@ def update_status_command(): if isinstance(indicator_id, str) and not indicator_id.isdigit(): return_error('id argument must be an integer.') - url_suffix = '/indicators/{0}'.format(indicator_id) + url_suffix = f'/indicators/{indicator_id}' params = {'status': status} res = tq_request('PUT', url_suffix, params) @@ -1198,7 +1202,7 @@ def update_status_command(): ec = {CONTEXT_PATH['indicator']: data} - readable = 'Successfully updated status of indicator with ID {0} to {1}.'.format(indicator_id, status) + readable = f'Successfully updated status of indicator with ID {indicator_id} to {status}.' return_outputs(readable, ec, res) @@ -1225,7 +1229,7 @@ def upload_file_command(): try: shutil.copy(file_info['path'], file_info['name']) except Exception as e: - return_error('Failed to prepare file for upload. Error message: {0}'.format(str(e))) + return_error(f'Failed to prepare file for upload. Error message: {str(e)}') try: with open(file_info['name'], 'rb') as f: @@ -1239,7 +1243,7 @@ def upload_file_command(): ec = {CONTEXT_PATH['attachment']: data} - readable_title = 'Successfully uploaded file {0}.'.format(file_info['name']) + readable_title = 'Successfully uploaded file {}.'.format(file_info['name']) readable = build_readable(readable_title, 'attachment', data) return_outputs(readable, ec, res) @@ -1252,13 +1256,13 @@ def download_file_command(): if isinstance(file_id, str) and not file_id.isdigit(): return_error('id argument must be an integer.') - url_suffix = '/attachments/{0}/download'.format(file_id) + url_suffix = f'/attachments/{file_id}/download' res = tq_request('GET', url_suffix, retrieve_entire_response=True) # 'Content-Disposition' value is of the form: attachment; filename="filename.txt" # Since we don't have the file name anywhere else in the response object, we parse it from this entry. - filename = res.headers.get('Content-Disposition', str()).split('\"')[1] + filename = res.headers.get('Content-Disposition', '').split('\"')[1] content = res.content demisto.results(fileResult(filename, content)) @@ -1271,7 +1275,7 @@ def get_all_objs_command(obj_type): if limit > 200: limit = 200 - url_suffix = '/{0}?with=attributes,sources'.format(OBJ_DIRECTORY[obj_type]) + url_suffix = f'/{OBJ_DIRECTORY[obj_type]}?with=attributes,sources' if obj_type == 'indicator': url_suffix += ',score' res = tq_request('GET', url_suffix) @@ -1282,8 +1286,8 @@ def get_all_objs_command(obj_type): data = [data_to_demisto_format(obj, obj_type) for obj in res['data'][from_index:to_index]] ec = {CONTEXT_PATH[obj_type]: createContext(data, removeNull=True)} if data else {} - readable_title = 'List of all objects of type {0} - {1}-{2}'.format(obj_type, from_index, to_index - 1) - metadata = 'Total number of objects is {0}'.format(len(res['data'])) + readable_title = f'List of all objects of type {obj_type} - {from_index}-{to_index - 1}' + metadata = 'Total number of objects is {}'.format(len(res['data'])) readable = build_readable(readable_title, obj_type, data, metadata=metadata) return_outputs(readable, ec, res) @@ -1295,7 +1299,7 @@ def get_ip_reputation(): for ip in ips: if not is_ip_valid(ip, accept_v6_ips=True): - return_error('{0} is not a valid IP address.'.format(ip)) + return_error(f'{ip} is not a valid IP address.') generic_context = {'Address': ip} @@ -1308,7 +1312,7 @@ def get_url_reputation(): for url in urls: if not REGEX_MAP['url'].match(url): - return_error('{0} is not a valid URL.'.format(url)) + return_error(f'{url} is not a valid URL.') generic_context = {'Data': url} @@ -1321,7 +1325,7 @@ def get_email_reputation(): for email in emails: if not REGEX_MAP['email'].match(email): - return_error('{0} is not a valid email address.'.format(email)) + return_error(f'{email} is not a valid email address.') generic_context = {'Address': email} @@ -1346,7 +1350,7 @@ def get_file_reputation(): if REGEX_MAP[fmt].match(file): break else: - return_error('{0} is not a valid file format.'.format(file)) + return_error(f'{file} is not a valid file format.') generic_context = createContext({ 'MD5': file if fmt == 'md5' else None, @@ -1359,7 +1363,7 @@ def get_file_reputation(): ''' EXECUTION CODE ''' command = demisto.command() -LOG('command is {0}'.format(demisto.command())) +LOG(f'command is {demisto.command()}') try: handle_proxy() if command == 'test-module': diff --git a/Packs/ThreatQ/Integrations/ThreatQ_v2/ThreatQ_v2.yml b/Packs/ThreatQ/Integrations/ThreatQ_v2/ThreatQ_v2.yml index 8a98e30dc076..cfcf7e6b4c20 100644 --- a/Packs/ThreatQ/Integrations/ThreatQ_v2/ThreatQ_v2.yml +++ b/Packs/ThreatQ/Integrations/ThreatQ_v2/ThreatQ_v2.yml @@ -163,7 +163,7 @@ script: type: String - arguments: - default: true - description: URL to check + description: URL to check. isArray: true name: url required: true @@ -232,7 +232,7 @@ script: type: String - arguments: - default: true - description: File MD5, SHA-1 or SHA-256 + description: File MD5, SHA-1 or SHA-256. isArray: true name: file required: true @@ -385,7 +385,7 @@ script: type: String - arguments: - default: true - description: Domain or FQDN + description: Domain or FQDN. isArray: true name: domain required: true @@ -686,7 +686,7 @@ script: - Login Compromise - Incident required: true - - description: 'Date that event happened. Can be: YYYY-mm-dd HH:MM:SS, YYYY-mm-dd' + - description: 'Date that event happened. Can be: YYYY-mm-dd HH:MM:SS, YYYY-mm-dd.' name: date required: true - description: List of sources names, separated by commas. @@ -1614,7 +1614,7 @@ script: required: true - description: The title of the new event. name: title - - description: 'Date that event happened. Can be: YYYY-mm-dd HH:MM:SS, YYYY-mm-dd' + - description: 'Date that event happened. Can be: YYYY-mm-dd HH:MM:SS, YYYY-mm-dd.' name: date - auto: PREDEFINED description: Type of the event, such as DoS Attack, Malware, Watchlist, and so on. @@ -1882,13 +1882,13 @@ script: - defaultValue: '10' description: The maximum number of results to return. Default is 10. name: limit - - description: 'The indicator type for which to search. Can be either the name or the ID. Possible values: Binary String, CIDR Block, CVE, Email Address, Email Attachment, Email Subject, File Mapping, File Path, Filename, FQDN, Fuzzy Hash, GOST Hash, Hash ION, IP Address, IPv6 Address, MD5, Mutex,Password, Registry Key, Service Name, SHA-1, SHA-256, SHA-384, SHA-512, String, x509 Serial, x509 Subject, URL, URL Path, User-agent, Username, X-Mailer' + - description: 'The indicator type for which to search. Can be either the name or the ID. Possible values: Binary String, CIDR Block, CVE, Email Address, Email Attachment, Email Subject, File Mapping, File Path, Filename, FQDN, Fuzzy Hash, GOST Hash, Hash ION, IP Address, IPv6 Address, MD5, Mutex,Password, Registry Key, Service Name, SHA-1, SHA-256, SHA-384, SHA-512, String, x509 Serial, x509 Subject, URL, URL Path, User-agent, Username, X-Mailer.' name: indicator_type required: true deprecated: true description: Runs an advanced indicator search. name: threatq-advanced-search - dockerimage: demisto/python3:3.11.10.115186 + dockerimage: demisto/python3:3.11.10.116949 script: '' subtype: python3 type: python diff --git a/Packs/ThreatQ/ReleaseNotes/1_0_28.md b/Packs/ThreatQ/ReleaseNotes/1_0_28.md new file mode 100644 index 000000000000..afe04dd0ec18 --- /dev/null +++ b/Packs/ThreatQ/ReleaseNotes/1_0_28.md @@ -0,0 +1,5 @@ +#### Integrations + +##### ThreatQ v2 +- Code functionality improvements. +- Updated the Docker image to: *demisto/python3:3.11.10.116949*. \ No newline at end of file diff --git a/Packs/ThreatQ/pack_metadata.json b/Packs/ThreatQ/pack_metadata.json index 183c2f0dbd03..842289eda29e 100644 --- a/Packs/ThreatQ/pack_metadata.json +++ b/Packs/ThreatQ/pack_metadata.json @@ -2,7 +2,7 @@ "name": "ThreatQ", "description": "Platform for collecting and interpreting intelligence data from open sources and managing indicator scores, types, and attributes.", "support": "xsoar", - "currentVersion": "1.0.27", + "currentVersion": "1.0.28", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/ThreatZone/Integrations/ThreatZone/ThreatZone.py b/Packs/ThreatZone/Integrations/ThreatZone/ThreatZone.py index ca76d102b1f2..8bd97a40e293 100644 --- a/Packs/ThreatZone/Integrations/ThreatZone/ThreatZone.py +++ b/Packs/ThreatZone/Integrations/ThreatZone/ThreatZone.py @@ -326,6 +326,9 @@ def extract_ioc(output: dict) -> dict: return command_result_list try: + readable_dict = {} + output = {} + demisto.debug("Initializing readable_dict & output") report_type = "" if result.get("reports", {}).get("dynamic", {}).get("enabled"): diff --git a/Packs/ThreatZone/Integrations/ThreatZone/ThreatZone.yml b/Packs/ThreatZone/Integrations/ThreatZone/ThreatZone.yml index f04a6d8a616e..9e6b83d319c8 100644 --- a/Packs/ThreatZone/Integrations/ThreatZone/ThreatZone.yml +++ b/Packs/ThreatZone/Integrations/ThreatZone/ThreatZone.yml @@ -322,7 +322,7 @@ script: - contextPath: ThreatZone.Limits.Daily_Submission_Limit description: The remaining/total daily submission limits of the current plan. type: String - dockerimage: demisto/python3:3.11.10.115186 + dockerimage: demisto/python3:3.11.10.116949 runonce: false subtype: python3 fromversion: 6.9.0 diff --git a/Packs/ThreatZone/ReleaseNotes/1_0_5.md b/Packs/ThreatZone/ReleaseNotes/1_0_5.md new file mode 100644 index 000000000000..114b16d25f02 --- /dev/null +++ b/Packs/ThreatZone/ReleaseNotes/1_0_5.md @@ -0,0 +1,5 @@ +#### Integrations + +##### ThreatZone +- Code functionality improvements. +- Updated the Docker image to: *demisto/python3:3.11.10.116949*. \ No newline at end of file diff --git a/Packs/ThreatZone/pack_metadata.json b/Packs/ThreatZone/pack_metadata.json index 4e52b7ca49af..e17da7e0da58 100644 --- a/Packs/ThreatZone/pack_metadata.json +++ b/Packs/ThreatZone/pack_metadata.json @@ -2,7 +2,7 @@ "name": "ThreatZone", "description": "ThreatZone malware analysis sandboxing", "support": "partner", - "currentVersion": "1.0.4", + "currentVersion": "1.0.5", "author": "Malwation", "url": "https://app.threat.zone", "email": "info@malwation.com", diff --git a/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.py b/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.py index 352e7dccf961..cb4980807a37 100644 --- a/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.py +++ b/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.py @@ -10,7 +10,7 @@ import hashlib import time import json -from datetime import datetime, timezone +from datetime import datetime, UTC from dateutil.parser import parse # Disable insecure warnings @@ -229,6 +229,7 @@ def udso_add(self, add_type=None, content=None, scan_action=None, notes='', expi raise ValueError(f'Operation failed - {response.get("Meta", {}).get("ErrorMsg")}') return response + return None def udso_add_file(self, file_content_base64_string, file_name, file_scan_action, note: str = ""): payload = { @@ -286,7 +287,7 @@ def prodagent_restore(self, multi_match=False, entity_id="", ip_add="", mac_add= def verify_format_and_convert_to_timestamp(since_time: str): if since_time == '0': # '0' is the default timestamp return since_time - if not (since_time.endswith('GMT+00:00') or since_time.endswith('Z')): + if not (since_time.endswith(('GMT+00:00', 'Z'))): raise ValueError("'since_time' argument should be in one of the following formats:" "'2020-06-21T08:00:00Z', 'Jun 21 2020 08:00:00 GMT+00:00'") @@ -326,7 +327,7 @@ def convert_timestamps_and_scan_type_to_readable(results_list): for result in results_list: for time_key in time_keys: if result.get(time_key): - result[time_key] = datetime.fromtimestamp(result.get(time_key), timezone.utc).isoformat() + result[time_key] = datetime.fromtimestamp(result.get(time_key), UTC).isoformat() for status_key in status_keys: if result.get(status_key): result[status_key] = INVESTIGATION_STATUS_NUM_TO_VALUE[result.get(status_key)] @@ -480,7 +481,7 @@ def fix_log_headers(log: dict): # fix the keys to their correct name new_log = log.copy() - for key in log.keys(): + for key in log: if key in keys_to_fix: new_log[CEF_HEADERS_TO_TREND_MICRO_HEADERS[key]] = new_log.pop(key) if key == 'rt': # this key is always referencing to 'Creation Time' header @@ -503,7 +504,7 @@ def parse_cef_logs_to_dict_logs(self, response): def update_agents_info_in_payload(payload_data, agent_guids): agent_guids_dict = json.loads(agent_guids) # this is a dict of { server_guids : [agent_guids] } payload_data["agentGuid"] = agent_guids_dict - payload_data["serverGuid"] = [server_guid for server_guid in agent_guids_dict.keys()] + payload_data["serverGuid"] = list(agent_guids_dict.keys()) return payload_data @@ -764,9 +765,8 @@ def list_logs_command(client: Client, args): response = client.logs_list(**assign_params(**args)) parsed_logs_list = [] - if response: - if response.get('Data', {}).get('Logs'): - parsed_logs_list = client.parse_cef_logs_to_dict_logs(response)[:limit] + if response and response.get('Data', {}).get('Logs'): + parsed_logs_list = client.parse_cef_logs_to_dict_logs(response)[:limit] log_type = args.get('log_type') headers = ['EventName', 'EventID', 'CreationTime', 'LogVersion', 'ApplianceVersion', 'ApplianceProduct', @@ -807,9 +807,8 @@ def servers_list_command(client: Client, args): item['ip_address_list'] = item.get('ip_address_list', '').split(',') context = human_readable_table = [] - if response: - if response.get('result_content'): - context = human_readable_table = response.get('result_content') + if response and response.get('result_content'): + context = human_readable_table = response.get('result_content') headers = ['entity_id', 'product', 'host_name', 'ip_address_list', 'capabilities'] readable_output = tableToMarkdown('Trend Micro Apex One Servers List', human_readable_table, headers, @@ -832,9 +831,8 @@ def agents_list_command(client: Client, args): item['ip_address_list'] = item.get('ip_address_list', '').split(',') context = human_readable_table = [] - if response: - if response.get('result_content'): - context = human_readable_table = response.get('result_content') + if response and response.get('result_content'): + context = human_readable_table = response.get('result_content') readable_output = tableToMarkdown('Trend Micro Apex One Agents List', human_readable_table, headerTransform=string_to_table_header, @@ -886,6 +884,8 @@ def create_historical_investigation(client: Client, args): headers = ['taskId', 'serverName', 'serverGuid'] readable_output = tableToMarkdown('The historical investigation was created successfully', context, headers=headers, removeNull=True) + else: + readable_output = '' return CommandResults( readable_output=readable_output, @@ -900,6 +900,7 @@ def investigation_result_list_command(client: Client, args): client.suffix = '/WebApp/OSCE_iES/OsceIes/ApiEntry' response = client.investigation_result_list(**assign_params(**args)) context = {} + readable_output = '' if response: content_list = response.get('Data', {}).get('Data', {}).get('content', []) if content_list: diff --git a/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.yml b/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.yml index b2c27fe40407..3b82f2abb88a 100644 --- a/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.yml +++ b/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.yml @@ -641,7 +641,7 @@ script: - contextPath: TrendMicroApex.InvestigationResult.errorServers description: Error response if server communication is unsuccessful. type: String - dockerimage: demisto/pycef:1.0.0.100362 + dockerimage: demisto/pycef:1.0.0.117223 runonce: false script: '-' subtype: python3 diff --git a/Packs/TrendMicroApex/ReleaseNotes/2_0_8.md b/Packs/TrendMicroApex/ReleaseNotes/2_0_8.md new file mode 100644 index 000000000000..ac40ec36f841 --- /dev/null +++ b/Packs/TrendMicroApex/ReleaseNotes/2_0_8.md @@ -0,0 +1,5 @@ +#### Integrations + +##### Trend Micro Apex One +- Code functionality improvements. +- Updated the Docker image to: *demisto/pycef:1.0.0.117223*. \ No newline at end of file diff --git a/Packs/TrendMicroApex/pack_metadata.json b/Packs/TrendMicroApex/pack_metadata.json index b5042d6bf2a5..71181119b86e 100644 --- a/Packs/TrendMicroApex/pack_metadata.json +++ b/Packs/TrendMicroApex/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Trend Micro Apex One", "description": "Trend Micro Apex One central automation to manage agents and User-Defined Suspicious Objects", "support": "xsoar", - "currentVersion": "2.0.7", + "currentVersion": "2.0.8", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOne/TrendMicroVisionOne.py b/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOne/TrendMicroVisionOne.py index 4470038fafa5..af98d5f33a04 100644 --- a/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOne/TrendMicroVisionOne.py +++ b/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOne/TrendMicroVisionOne.py @@ -8,8 +8,8 @@ import requests import urllib3 import re -from datetime import datetime, timezone, timedelta -from typing import Any, Dict, Union +from datetime import datetime, timedelta, UTC +from typing import Any from requests.models import HTTPError """CONSTANTS""" @@ -225,7 +225,7 @@ def http_request( :rtype: ``dict`` or ``str`` or ``requests.Response`` """ header = { - "Authorization": "Bearer {token}".format(token=self.api_key), + "Authorization": f"Bearer {self.api_key}", "Content-Type": f"{CONTENT_TYPE_JSON};charset=utf-8", "User-Agent": USER_AGENT, } @@ -260,8 +260,9 @@ def http_request( return response.json() else: return response + return None - def status_check(self, data: Dict[str, Any]) -> Any: + def status_check(self, data: dict[str, Any]) -> Any: """ Check the status of particular task. :type data: ``dict`` @@ -285,7 +286,7 @@ def status_check(self, data: Dict[str, Any]) -> Any: outputs=message, ) - def sandbox_submission_polling(self, data: Dict[str, Any]) -> Any: + def sandbox_submission_polling(self, data: dict[str, Any]) -> Any: """ Check the status of sandbox submission :type data: ``dict`` @@ -363,10 +364,10 @@ def lookup_type(self, param: Any) -> str: ) # Regex expression for validating IPv6 - regex1 = "((([0-9a-fA-F]){1,4})\\:){7}" "([0-9a-fA-F]){1,4}" + regex1 = "((([0-9a-fA-F]){1,4})\\:){7}" + "([0-9a-fA-F]){1,4}" # Regex expression for validating mac - regex2 = "([0-9A-Fa-f]{2}[:-]){5}" "([0-9A-Fa-f]{2})" + regex2 = "([0-9A-Fa-f]{2}[:-]){5}" + "([0-9A-Fa-f]{2})" p = re.compile(regex) p1 = re.compile(regex1) @@ -435,8 +436,8 @@ def get_workbench_histories(self, start, end, offset=None, size=None) -> str: start = start.astimezone() if not check_datetime_aware(end): end = end.astimezone() - start = start.astimezone(timezone.utc) - end = end.astimezone(timezone.utc) + start = start.astimezone(UTC) + end = end.astimezone(UTC) start = start.isoformat(timespec="milliseconds").replace("+00:00", "Z") end = end.isoformat(timespec="milliseconds").replace("+00:00", "Z") @@ -477,8 +478,8 @@ def incident_severity_to_dbot_score(self, severity: str): def run_polling_command( - args: Dict[str, Any], cmd: str, client: Client -) -> Union[str, CommandResults]: + args: dict[str, Any], cmd: str, client: Client +) -> str | CommandResults: """ Performs polling interval to check status of task or sandbox submission result. :type args: ``args`` @@ -524,7 +525,7 @@ def run_polling_command( return command_results -def get_task_status(args: Dict[str, Any], client: Client) -> Union[str, CommandResults]: +def get_task_status(args: dict[str, Any], client: Client) -> str | CommandResults: """ check status of task. @@ -538,8 +539,8 @@ def get_task_status(args: Dict[str, Any], client: Client) -> Union[str, CommandR def get_sandbox_submission_status( - args: Dict[str, Any], client: Client -) -> Union[str, CommandResults]: + args: dict[str, Any], client: Client +) -> str | CommandResults: """ call polling command to check status of sandbox submission. @@ -563,8 +564,8 @@ def test_module(client: Client) -> Any: def get_endpoint_info( - client: Client, args: Dict[str, Any] -) -> Union[str, CommandResults]: + client: Client, args: dict[str, Any] +) -> str | CommandResults: """ Retrieve information abouut the endpoint queried and sends the result to demisto war room. @@ -615,7 +616,7 @@ def get_endpoint_info( return results -def add_delete_block_list_mapping(data: Dict[str, Any]) -> Dict[str, Any]: +def add_delete_block_list_mapping(data: dict[str, Any]) -> dict[str, Any]: """ Mapping add to block list response data. @@ -631,8 +632,8 @@ def add_delete_block_list_mapping(data: Dict[str, Any]) -> Dict[str, Any]: def add_or_remove_from_block_list( - client: Client, command: str, args: Dict[str, Any] -) -> Union[str, CommandResults]: + client: Client, command: str, args: dict[str, Any] +) -> str | CommandResults: """ Retrieve data from the add or remove from block list and sends the result to demist war room. @@ -673,6 +674,9 @@ def add_or_remove_from_block_list( response = client.http_request( POST, REMOVE_BLOCKLIST_ENDPOINT, data=json.dumps(body) ) + else: + response = None + demisto.debug(f"{command} didn't mach any condition. {response=}") mapping_data = add_delete_block_list_mapping(response) results = CommandResults( @@ -693,7 +697,7 @@ def fetch_incidents(client: Client): """ offset = 0 size = demisto.params().get("max_fetch") - end = datetime.now(timezone.utc) + end = datetime.now(UTC) days = int(demisto.params().get("first_fetch")) last_run = demisto.getLastRun() @@ -729,7 +733,7 @@ def fetch_incidents(client: Client): return incidents -def quarantine_delete_email_mapping(data: Dict[str, Any]) -> Dict[str, Any]: +def quarantine_delete_email_mapping(data: dict[str, Any]) -> dict[str, Any]: """ Mapping quarantine email message response data. @@ -745,8 +749,8 @@ def quarantine_delete_email_mapping(data: Dict[str, Any]) -> Dict[str, Any]: def quarantine_or_delete_email_message( - client: Client, command: str, args: Dict[str, Any] -) -> Union[str, CommandResults]: + client: Client, command: str, args: dict[str, Any] +) -> str | CommandResults: """ Retrieve data from the quarantine or delete email message and sends the result to demist war room. @@ -788,6 +792,9 @@ def quarantine_or_delete_email_message( response = client.http_request( POST, DELETE_EMAIL_ENDPOINT, data=json.dumps(body) ) + else: + response = None + demisto.debug(f"{command=} didn't match any condition. {response=}") mapping_data = quarantine_delete_email_mapping(response) results = CommandResults( @@ -801,7 +808,7 @@ def quarantine_or_delete_email_message( return results -def isolate_restore_endpoint_mapping(data: Dict[str, Any]) -> Dict[str, Any]: +def isolate_restore_endpoint_mapping(data: dict[str, Any]) -> dict[str, Any]: """ Mapping isolate endpoint and restore endpoint response data. @@ -817,8 +824,8 @@ def isolate_restore_endpoint_mapping(data: Dict[str, Any]) -> Dict[str, Any]: def isolate_or_restore_connection( - client: Client, command: str, args: Dict[str, Any] -) -> Union[str, CommandResults]: + client: Client, command: str, args: dict[str, Any] +) -> str | CommandResults: """ Retrieve data from the isolate or restore endpoint connection and sends the result to demist war room. @@ -858,6 +865,9 @@ def isolate_or_restore_connection( response = client.http_request( POST, RESTORE_CONNECTION_ENDPOINT, data=json.dumps(body) ) + else: + response = {} + demisto.debug(f"The {command=} didn't match the conditions. {response=}") mapping_data = isolate_restore_endpoint_mapping(response) @@ -873,8 +883,8 @@ def isolate_or_restore_connection( def terminate_process( - client: Client, args: Dict[str, Any] -) -> Union[str, CommandResults]: + client: Client, args: dict[str, Any] +) -> str | CommandResults: """ Terminate the process running on the end point and sends the result to demist war room. @@ -926,8 +936,8 @@ def terminate_process( def add_or_delete_from_exception_list( - client: Client, command: str, args: Dict[str, Any] -) -> Union[str, CommandResults]: + client: Client, command: str, args: dict[str, Any] +) -> str | CommandResults: """ Add or Delete the exception object to exception list and sends the result to demist war room. @@ -978,8 +988,8 @@ def add_or_delete_from_exception_list( def add_to_suspicious_list( - client: Client, args: Dict[str, Any] -) -> Union[str, CommandResults]: + client: Client, args: dict[str, Any] +) -> str | CommandResults: """ Add suspicious object to suspicious list and sends the result to demist war room. @@ -1039,8 +1049,8 @@ def add_to_suspicious_list( def delete_from_suspicious_list( - client: Client, args: Dict[str, Any] -) -> Union[str, CommandResults]: + client: Client, args: dict[str, Any] +) -> str | CommandResults: """ Delete the suspicious object from suspicious list and sends the result to demist war room. @@ -1078,8 +1088,8 @@ def delete_from_suspicious_list( def get_file_analysis_status( - client: Client, args: Dict[str, Any] -) -> Union[str, CommandResults]: + client: Client, args: dict[str, Any] +) -> str | CommandResults: """ Get the status of file based on task id and sends the result to demist war room @@ -1155,8 +1165,8 @@ def get_file_analysis_status( def get_file_analysis_report( - client: Client, args: Dict[str, Any] -) -> Union[str, CommandResults]: + client: Client, args: dict[str, Any] +) -> str | CommandResults: """ Get the report of file based on report id and sends the result to demist war room :type client: ``Client`` @@ -1212,10 +1222,13 @@ def get_file_analysis_report( data, file_type=EntryType.ENTRY_INFO_FILE, ) + else: + results = CommandResults() + demisto.debug(f"The code didn't match any condition. {results=}") return results -def collect_file(client: Client, args: Dict[str, Any]) -> Union[str, CommandResults]: +def collect_file(client: Client, args: dict[str, Any]) -> str | CommandResults: """ Collect forensic file and sends the result to demist war room :type client: ``Client`` @@ -1256,8 +1269,8 @@ def collect_file(client: Client, args: Dict[str, Any]) -> Union[str, CommandResu def download_information_collected_file( - client: Client, args: Dict[str, Any] -) -> Union[str, CommandResults]: + client: Client, args: dict[str, Any] +) -> str | CommandResults: """ Gets the download information for collected forensic file and sends the result to demist war room :type client: ``Client`` @@ -1295,8 +1308,8 @@ def download_information_collected_file( def submit_file_to_sandbox( - client: Client, args: Dict[str, Any] -) -> Union[str, CommandResults]: + client: Client, args: dict[str, Any] +) -> str | CommandResults: """ submit file to sandbox and sends the result to demist war room :type client: ``Client`` @@ -1307,7 +1320,7 @@ def submit_file_to_sandbox( :rtype: ``dict` """ data = {} - params: Dict[Any, Any] = {} + params: dict[Any, Any] = {} file_url = args.get(FILE_URL) file_name = args.get(FILE_NAME) document_pass = args.get(DOCUMENT_PASSWORD) @@ -1361,15 +1374,15 @@ def submit_file_to_sandbox( def submit_file_entry_to_sandbox( - client: Client, args: Dict[str, Any] -) -> Union[str, CommandResults]: + client: Client, args: dict[str, Any] +) -> str | CommandResults: entry = args.get(ENTRY_ID) file_ = demisto.getFilePath(entry) file_name = file_.get("name") file_path = file_.get("path") archive_pass = args.get(ARCHIVE_PASSWORD) document_pass = args.get(DOCUMENT_PASSWORD) - query_params: Dict[Any, Any] = {} + query_params: dict[Any, Any] = {} headers = {AUTHORIZATION: f"{BEARER} {client.api_key}"} with open(file_path, "rb") as f: contents = f.read() @@ -1415,7 +1428,7 @@ def submit_file_entry_to_sandbox( return results -def add_note(client: Client, args: Dict[str, Any]) -> Union[str, CommandResults]: +def add_note(client: Client, args: dict[str, Any]) -> str | CommandResults: """ Adds a note to an existing workbench alert :type client: ``Client`` @@ -1451,7 +1464,7 @@ def add_note(client: Client, args: Dict[str, Any]) -> Union[str, CommandResults] return results -def update_status(client: Client, args: Dict[str, Any]) -> Union[str, CommandResults]: +def update_status(client: Client, args: dict[str, Any]) -> str | CommandResults: """ Updates the status of an existing workbench alert :type client: ``Client`` @@ -1472,6 +1485,9 @@ def update_status(client: Client, args: Dict[str, Any]) -> Union[str, CommandRes update_status = RESOLVED_TRUE_POSITIVE elif status == "resolved_false_positive": update_status = RESOLVED_FALSE_POSITIVE + else: + update_status = None + demisto.debug(f"{status=} didn't match any condition. {update_status=}") body = {"investigationStatus": update_status} response = client.http_request( diff --git a/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOne/TrendMicroVisionOne.yml b/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOne/TrendMicroVisionOne.yml index 2ca66de15343..fd881923c8ea 100644 --- a/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOne/TrendMicroVisionOne.yml +++ b/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOne/TrendMicroVisionOne.yml @@ -70,7 +70,7 @@ name: Trend Micro Vision One script: commands: - arguments: - - description: 'The type of object you would like to add to the block list: "file_sha1", "ip", "domain", "url" or "mailbox"' + - description: 'The type of object you would like to add to the block list: "file_sha1", "ip", "domain", "url" or "mailbox".' name: value_type required: true auto: PREDEFINED @@ -80,24 +80,24 @@ script: - ip - url - mailbox - - description: The object you would like to add that matches the value-type + - description: The object you would like to add that matches the value-type. name: target_value required: true - - description: Target product + - description: Target product. name: product_id - - description: Optional description for reference + - description: Optional description for reference. name: description - description: Adds a file SHA-1, IP address, domain, or URL object to the User-Defined Suspicious Objects List, which blocks the objects on subsequent detections + description: Adds a file SHA-1, IP address, domain, or URL object to the User-Defined Suspicious Objects List, which blocks the objects on subsequent detections. name: trendmicro-visionone-add-to-block-list outputs: - contextPath: VisionOne.BlockList.actionId - description: Action ID of task adding file SHA-1, IP address, domain, or URL to the User-Defined Suspicious Objects List + description: Action ID of task adding file SHA-1, IP address, domain, or URL to the User-Defined Suspicious Objects List. type: string - contextPath: VisionOne.BlockList.taskStatus - description: Task status of adding file SHA-1, IP address, domain, or URL object to the User-Defined Suspicious Objects List + description: Task status of adding file SHA-1, IP address, domain, or URL object to the User-Defined Suspicious Objects List. type: string - arguments: - - description: 'The type of object you would like to remove from the block list: "file_sha1", "ip", "domain", "url" or "mailbox"' + - description: 'The type of object you would like to remove from the block list: "file_sha1", "ip", "domain", "url" or "mailbox".' name: value_type auto: PREDEFINED predefined: @@ -107,79 +107,79 @@ script: - url - mailbox required: true - - description: The object you would like to add that matches the value-type + - description: The object you would like to add that matches the value-type. name: target_value required: true - - description: Target product + - description: Target product. name: product_id - - description: Optional description for reference + - description: Optional description for reference. name: description - description: Removes a file SHA-1, IP address, domain, or URL from the User-Defined Suspicious Objects List + description: Removes a file SHA-1, IP address, domain, or URL from the User-Defined Suspicious Objects List. name: trendmicro-visionone-remove-from-block-list outputs: - contextPath: VisionOne.BlockList.actionId - description: Action ID of task removing file SHA-1, IP address, domain, or URL object from the User-Defined Suspicious Objects List + description: Action ID of task removing file SHA-1, IP address, domain, or URL object from the User-Defined Suspicious Objects List. type: string - contextPath: VisionOne.BlockList.taskStatus - description: Task Status of removing file SHA-1, IP address, domain, or URL object that was added to the User-Defined Suspicious Objects List from block list + description: Task Status of removing file SHA-1, IP address, domain, or URL object that was added to the User-Defined Suspicious Objects List from block list. type: string - arguments: - - description: Email Message ID from Trend Micro Vision One message activity data + - description: Email Message ID from Trend Micro Vision One message activity data. name: message_id required: true - - description: Email mailbox where the message will be quarantined from + - description: Email mailbox where the message will be quarantined from. name: mailbox required: true - - description: Email message's original delivery time + - description: Email message's original delivery time. name: message_delivery_time required: true - default: true defaultValue: sca - description: Target product + description: Target product. name: product_id - - description: Optional description for reference + - description: Optional description for reference. name: description - description: Moves a message from a mailbox to the quarantine folder + description: Moves a message from a mailbox to the quarantine folder. name: trendmicro-visionone-quarantine-email-message outputs: - contextPath: VisionOne.Email.actionId - description: The Action Id of moving a message from a mailbox to the quarantine folder + description: The Action Id of moving a message from a mailbox to the quarantine folder. type: string - contextPath: VisionOne.Email.taskStatus - description: The status of moving a message from a mailbox to the quarantine folder + description: The status of moving a message from a mailbox to the quarantine folder. type: string - arguments: - - description: Email Message ID from Trend Micro Vision One message activity data + - description: Email Message ID from Trend Micro Vision One message activity data. name: message_id required: true - - description: Email mailbox where the message will be quarantined from + - description: Email mailbox where the message will be quarantined from. name: mailbox required: true - - description: Email message's delivery time + - description: Email message's delivery time. name: message_delivery_time required: true - default: true defaultValue: sca - description: Target product + description: Target product. name: product_id - - description: Optional description for reference + - description: Optional description for reference. name: description - description: Deletes a message from a mailbox + description: Deletes a message from a mailbox. name: trendmicro-visionone-delete-email-message outputs: - contextPath: VisionOne.Email.actionId - description: The action id of deleting a message from a mailbox + description: The action id of deleting a message from a mailbox. type: string - contextPath: VisionOne.Email.taskStatus - description: The task status of deleting a message from a mailbox + description: The task status of deleting a message from a mailbox. type: string - arguments: - - description: '"hostname", "macaddr" or "ip" of the endpoint to isolate' + - description: '"hostname", "macaddr" or "ip" of the endpoint to isolate.' name: endpoint required: true - default: true defaultValue: sao - description: 'Target product: "sao", "sds", or "xes"' + description: 'Target product: "sao", "sds", or "xes".' name: product_id auto: PREDEFINED predefined: @@ -187,24 +187,24 @@ script: - sds - xes required: true - - description: Description + - description: Description. name: description - description: Disconnects an endpoint from the network (but allows communication with the managing Trend Micro product) + description: Disconnects an endpoint from the network (but allows communication with the managing Trend Micro product). name: trendmicro-visionone-isolate-endpoint outputs: - contextPath: VisionOne.Endpoint_Connection.actionId - description: The action ID of isolate endpoint task + description: The action ID of isolate endpoint task. type: string - contextPath: VisionOne.Endpoint_Connection.taskStatus - description: 'The task status of isolate endpoint ' + description: 'The task status of isolate endpoint.' type: string - arguments: - - description: '"hostname", "macaddr" or "ip" of the endpoint to restore' + - description: '"hostname", "macaddr" or "ip" of the endpoint to restore.' name: endpoint required: true - default: true defaultValue: sao - description: 'Target product: "sao", "sds", or "xes"' + description: 'Target product: "sao", "sds", or "xes".' name: product_id auto: PREDEFINED predefined: @@ -212,16 +212,16 @@ script: - sds - xes required: true - - description: Description + - description: Description. name: description - description: Restores network connectivity to an endpoint that applied the "isolate endpoint" action + description: Restores network connectivity to an endpoint that applied the "isolate endpoint" action. name: trendmicro-visionone-restore-endpoint-connection outputs: - contextPath: VisionOne.Endpoint_Connection.actionId - description: The action ID of the restore endpoint connection + description: The action ID of the restore endpoint connection. type: string - contextPath: VisionOne.Endpoint_Connection.taskStatus - description: The task status of restore endpoint connection + description: The task status of restore endpoint connection. type: string - arguments: - description: 'Object type: "domain", "ip", "sha1", or "url".' @@ -233,22 +233,22 @@ script: - sha1 - url required: true - - description: The object value. Full and partial matches supported. Domain partial match, (with a wildcard as the subdomain, example, .example.com) IP partial match, (IP range example, 192.168.35.1-192.168.35.254, cidr example, 192.168.35.1/24) URL Partial match, (Supports wildcards 'http://.'', 'https://.'' at beginning, or ''' at the end. Multiple wild cards also supported, such as , https://.example.com/path1/) SHA1 Only full match" + - description: The object value. Full and partial matches supported. Domain partial match, (with a wildcard as the subdomain, example, .example.com) IP partial match, (IP range example, 192.168.35.1-192.168.35.254, cidr example, 192.168.35.1/24) URL Partial match, (Supports wildcards 'http://.'', 'https://.'' at beginning, or ''' at the end. Multiple wild cards also supported, such as , https://.example.com/path1/) SHA1 Only full match". name: value required: true - description: Exception description. name: description - description: Adds domains, file SHA-1 values, IP addresses, or URLs to the Exception List and prevents these objects from being added to the Suspicious Object List + description: Adds domains, file SHA-1 values, IP addresses, or URLs to the Exception List and prevents these objects from being added to the Suspicious Object List. name: trendmicro-visionone-add-objects-to-exception-list outputs: - contextPath: VisionOne.Exception_List.message - description: status message success after task completion + description: status message success after task completion. type: string - contextPath: VisionOne.Exception_List.status_code - description: status code of response + description: status code of response. type: string - contextPath: VisionOne.Exception_List.total_items - description: count of item present in exception list + description: count of item present in exception list. type: string - arguments: - description: 'Object type: "domain", "ip", "sha1", or "url".' @@ -267,13 +267,13 @@ script: name: trendmicro-visionone-delete-objects-from-exception-list outputs: - contextPath: VisionOne.Exception_List.message - description: status message success after task completion + description: status message success after task completion. type: string - contextPath: VisionOne.Exception_List.status_code - description: status code of response + description: status code of response. type: number - contextPath: VisionOne.Exception_List.total_items - description: count of item present in exception list + description: count of item present in exception list. type: string - arguments: - description: 'Object type: "domain", "ip", "sha1", or "url".' @@ -288,7 +288,7 @@ script: - description: The object value. name: value required: true - - description: Description + - description: Description. name: description - description: The action to take if object is found. If you don't use this parameter, the scan action specified in default_settings.riskLevel.type will be used instead. "block" or "log". name: scan_action @@ -309,13 +309,13 @@ script: name: trendmicro-visionone-add-objects-to-suspicious-list outputs: - contextPath: VisionOne.Suspicious_List.message - description: Status message of adding item to suspicious object list + description: Status message of adding item to suspicious object list. type: string - contextPath: VisionOne.Suspicious_List.status_code - description: Response code of adding item to suspicious object list + description: Response code of adding item to suspicious object list. type: number - contextPath: VisionOne.Suspicious_List.total_items - description: Number of items present in suspicious object list + description: Number of items present in suspicious object list. type: number - arguments: - description: 'Object type: "domain", "ip", "sha1", or "url".' @@ -330,106 +330,106 @@ script: - description: The object value. name: value required: true - description: Deletes domains, file SHA-1 values, IP addresses, or URLs from the Suspicious Object List + description: Deletes domains, file SHA-1 values, IP addresses, or URLs from the Suspicious Object List. name: trendmicro-visionone-delete-objects-from-suspicious-list outputs: - contextPath: VisionOne.Suspicious_List.message - description: Status message of removing item from suspicious object list + description: Status message of removing item from suspicious object list. type: string - contextPath: VisionOne.Suspicious_List.status_code - description: Response code of removing item from suspicious object list + description: Response code of removing item from suspicious object list. type: number - contextPath: VisionOne.Suspicious_List.total_items - description: Number of items present in suspicious object list + description: Number of items present in suspicious object list. type: number - arguments: - - description: '"hostname", "macaddr" or "ip" of the endpoint to query' + - description: '"hostname", "macaddr" or "ip" of the endpoint to query.' name: endpoint required: true - description: Retrieves information about a specific endpoint + description: Retrieves information about a specific endpoint. name: trendmicro-visionone-get-endpoint-info outputs: - contextPath: VisionOne.Endpoint_Info.message - description: Message information from the request + description: Message information from the request. type: string - contextPath: VisionOne.Endpoint_Info.errorCode - description: Error code + description: Error code. type: integer - contextPath: VisionOne.Endpoint_Info.status - description: Status of the request + description: Status of the request. type: string - contextPath: VisionOne.Endpoint_Info.logonAccount - description: Account currently logged on to the endpoint + description: Account currently logged on to the endpoint. type: string - contextPath: VisionOne.Endpoint_Info.hostname - description: Hostname + description: Hostname. type: string - contextPath: VisionOne.Endpoint_Info.macAddr - description: MAC address + description: MAC address. type: string - contextPath: VisionOne.Endpoint_Info.ip - description: IP address + description: IP address. type: string - contextPath: VisionOne.Endpoint_Info.osName - description: Operating System name + description: Operating System name. type: string - contextPath: VisionOne.Endpoint_Info.osVersion - description: Operating System nersion + description: Operating System nersion. type: string - contextPath: VisionOne.Endpoint_Info.osDescription - description: Description of the Operating System + description: Description of the Operating System. type: string - contextPath: VisionOne.Endpoint_Info.productCode - description: Product code of the Trend Micro product running on the endpoint + description: Product code of the Trend Micro product running on the endpoint. type: string - arguments: - - description: '"hostname", "macaddr" or "ip" of the endpoint to terminate process on' + - description: '"hostname", "macaddr" or "ip" of the endpoint to terminate process on.' name: endpoint required: true - - description: SHA1 hash of the process to terminate + - description: SHA1 hash of the process to terminate. name: file_sha1 required: true - default: true defaultValue: sao - description: Target product + description: Target product. auto: PREDEFINED predefined: - sao name: product_id - - description: Description + - description: Description. name: description - - description: Optional file name list for log + - description: Optional file name list for log. name: filename - description: Terminates a process that is running on an endpoint + description: Terminates a process that is running on an endpoint. name: trendmicro-visionone-terminate-process outputs: - contextPath: VisionOne.Terminate_Process.actionId - description: Action Id of the current running task + description: Action Id of the current running task. type: string - contextPath: VisionOne.Terminate_Process.taskStatus - description: Status of current running task + description: Status of current running task. type: string - arguments: - - description: task_id from the trendmicro-visionone-submit-file-to-sandbox command output + - description: task_id from the trendmicro-visionone-submit-file-to-sandbox command output. name: task_id required: true - description: Retrieves the status of a sandbox analysis submission + description: Retrieves the status of a sandbox analysis submission. name: trendmicro-visionone-get-file-analysis-status outputs: - contextPath: VisionOne.File_Analysis_Status.message - description: Status of the sandbox analysis + description: Status of the sandbox analysis. type: string - contextPath: VisionOne.File_Analysis_Status.code - description: Response code + description: Response code. type: string - contextPath: VisionOne.File_Analysis_Status.task_id - description: task_id of the task queried + description: task_id of the task queried. type: string - contextPath: VisionOne.File_Analysis_Status.taskStatus - description: Sandbox analysis status + description: Sandbox analysis status. type: string - contextPath: VisionOne.File_Analysis_Status.digest - description: The hash values of file analyzed + description: The hash values of file analyzed. type: string - contextPath: VisionOne.File_Analysis_Status.analysis_completion_time description: Sample analysis completed time. @@ -461,10 +461,10 @@ script: description: The Reliability level. type: string - arguments: - - description: report_id of the sandbox submission retrieved from the trendmicro-visionone-get-file-analysis-status command + - description: report_id of the sandbox submission retrieved from the trendmicro-visionone-get-file-analysis-status command. name: report_id required: true - - description: 'Type of report to retrieve: "vaReport", "investigationPackage", or "suspiciousObject"' + - description: 'Type of report to retrieve: "vaReport", "investigationPackage", or "suspiciousObject".' name: type auto: PREDEFINED predefined: @@ -472,38 +472,38 @@ script: - investigationPackage - suspiciousObject required: true - description: Retrieves the analysis report, investigation package, or Suspicious Object List of a submitted file + description: Retrieves the analysis report, investigation package, or Suspicious Object List of a submitted file. name: trendmicro-visionone-get-file-analysis-report outputs: - contextPath: VisionOne.File_Analysis_Report.message - description: Status message of file report + description: Status message of file report. type: string - contextPath: VisionOne.File_Analysis_Report.code - description: status code of file report + description: status code of file report. type: string - contextPath: VisionOne.File_Analysis_Report.type - description: Suspicious object type + description: Suspicious object type. type: string - contextPath: VisionOne.File_Analysis_Report.value - description: Suspicious object value + description: Suspicious object value. type: string - contextPath: VisionOne.File_Analysis_Report.risk_level - description: Risk Level of suspicious object + description: Risk Level of suspicious object. type: string - contextPath: VisionOne.File_Analysis_Report.analysis_completion_time - description: Analyze time of suspicious object + description: Analyze time of suspicious object. type: string - contextPath: VisionOne.File_Analysis_Report.expired_time - description: Expire time of suspicious object + description: Expire time of suspicious object. type: string - contextPath: VisionOne.File_Analysis_Report.root_file_sha1 - description: Sample sha1 generate this suspicious object + description: Sample sha1 generate this suspicious object. type: string - arguments: - - description: '"hostname", "macaddr" or "ip" of the endpoint to collect file from' + - description: '"hostname", "macaddr" or "ip" of the endpoint to collect file from.' name: endpoint required: true - - description: 'Product: "sao", "sds" or "xes"' + - description: 'Product: "sao", "sds" or "xes".' name: product_id auto: PREDEFINED predefined: @@ -514,44 +514,44 @@ script: - description: Path to the file to collect. name: file_path required: true - - description: Type of OS. "windows", "mac" or "linux" + - description: Type of OS. "windows", "mac" or "linux". name: os required: true - description: Description of the file. name: description - description: Compresses a file on an endpoint in a password-protected archive and then sends the archive to the XDR service platform + description: Compresses a file on an endpoint in a password-protected archive and then sends the archive to the XDR service platform. name: trendmicro-visionone-collect-forensic-file outputs: - contextPath: VisionOne.Collect_Forensic_File.actionId description: Action ID of the particular file. type: string - contextPath: VisionOne.Collect_Forensic_File.taskStatus - description: Task status of collected file + description: Task status of collected file. type: string - arguments: - description: actionId output from the collect command used to collect the file. name: actionId required: true - description: Retrieves a URL and other information required to download a collected file via the trendmicro-visionone-collect-forensic-file command + description: Retrieves a URL and other information required to download a collected file via the trendmicro-visionone-collect-forensic-file command. name: trendmicro-visionone-download-information-for-collected-forensic-file outputs: - contextPath: VisionOne.Download_Information_For_Collected_Forensic_File.url - description: URL of the collected file + description: URL of the collected file. type: string - contextPath: VisionOne.Download_Information_For_Collected_Forensic_File.expires - description: URL expiration date + description: URL expiration date. type: string - contextPath: VisionOne.Download_Information_For_Collected_Forensic_File.password - description: Archive password for the protected forensic file + description: Archive password for the protected forensic file. type: string - contextPath: VisionOne.Download_Information_For_Collected_Forensic_File.filename - description: Name of the collected file + description: Name of the collected file. type: string - arguments: - description: URL pointing to the location of the file to be submitted. name: file_url required: true - - description: Name of the file to be analyzed + - description: Name of the file to be analyzed. name: filename required: true - description: The Base64 encoded password for decrypting the submitted document. sample. @@ -565,13 +565,13 @@ script: description: Status message of the file submitted to sandbox. type: string - contextPath: VisionOne.Submit_File_to_Sandbox.code - description: status code of the file submitted to sandbox + description: status code of the file submitted to sandbox. type: string - contextPath: VisionOne.Submit_File_to_Sandbox.task_id - description: Task ID of the submitted file + description: Task ID of the submitted file. type: string - contextPath: VisionOne.Submit_File_to_Sandbox.digest - description: The hash value of the file + description: The hash value of the file. - arguments: - name: entry_id description: Entry ID of the file to be submitted. @@ -585,22 +585,22 @@ script: description: Status message of the file submitted to sandbox. type: string - contextPath: VisionOne.Submit_File_Entry_to_Sandbox.code - description: status code of the file submitted to sandbox + description: status code of the file submitted to sandbox. type: string - contextPath: VisionOne.Submit_File_Entry_to_Sandbox.task_id - description: Task ID of the submitted file + description: Task ID of the submitted file. type: string - contextPath: VisionOne.Submit_File_Entry_to_Sandbox.digest - description: The hash value of the file + description: The hash value of the file. type: string - contextPath: VisionOne.Submit_File_Entry_to_Sandbox.filename - description: The name of the file submitted + description: The name of the file submitted. type: string - contextPath: VisionOne.Submit_File_Entry_to_Sandbox.file_path - description: The path to the file associated to incident + description: The path to the file associated to incident. type: string - contextPath: VisionOne.Submit_File_Entry_to_Sandbox.entryId - description: The Entry ID for the file + description: The Entry ID for the file. type: string name: trendmicro-visionone-submit-file-entry-to-sandbox description: Submits the file corresponding to EntryID to the sandbox for analysis (Note. For more information about the supported file types, see the Trend Micro Vision One Online Help. Submissions require credits. Does not require credits in regions where Sandbox Analysis has not been officially released.) @@ -609,24 +609,24 @@ script: name: polling default: true defaultValue: 'true' - - description: task_id from the trendmicro-visionone-submit-file-to-sandbox or trendmicro-visionone-submit-file-entry-to-sandbox command output + - description: task_id from the trendmicro-visionone-submit-file-to-sandbox or trendmicro-visionone-submit-file-entry-to-sandbox command output. name: task_id required: true outputs: - contextPath: VisionOne.Sandbox_Submission_Polling.message - description: Status of the sandbox analysis + description: Status of the sandbox analysis. type: string - contextPath: VisionOne.Sandbox_Submission_Polling.code - description: Response code + description: Response code. type: string - contextPath: VisionOne.Sandbox_Submission_Polling.task_id - description: task_id of the task queried + description: task_id of the task queried. type: string - contextPath: VisionOne.Sandbox_Submission_Polling.taskStatus - description: Sandbox analysis status + description: Sandbox analysis status. type: string - contextPath: VisionOne.Sandbox_Submission_Polling.digest - description: The hash values of file analyzed + description: The hash values of file analyzed. type: string - contextPath: VisionOne.Sandbox_Submission_Polling.analysis_completion_time description: Sample analysis completed time. @@ -658,7 +658,7 @@ script: - contextPath: VisionOne.Sandbox_Submission_Polling.DBotScore.Reliability description: The Reliability level. type: string - description: Runs a polling command to retrieve the status of a sandbox analysis submission + description: Runs a polling command to retrieve the status of a sandbox analysis submission. name: trendmicro-visionone-run-sandbox-submission-polling polling: true - arguments: @@ -681,7 +681,7 @@ script: - description: ID of the workbench you would like to attach the note to. name: workbench_id required: true - - description: Contents of the note to be attached + - description: Contents of the note to be attached. name: content required: true outputs: @@ -692,18 +692,18 @@ script: description: The ID of the note that was added. type: string - contextPath: VisionOne.Add_Note.Response_Code - description: The response code from the command + description: The response code from the command. type: string - contextPath: VisionOne.Add_Note.Response_Msg - description: The response message from the command + description: The response message from the command. type: string - description: Attaches a note to a workbench alert + description: Attaches a note to a workbench alert. name: trendmicro-visionone-add-note - arguments: - description: ID of the workbench you would like to update the status for. name: workbench_id required: true - - description: Status to assign to the workbench alert + - description: Status to assign to the workbench alert. name: status required: true auto: PREDEFINED @@ -717,14 +717,14 @@ script: description: The ID of the workbench that had the status updated. type: string - contextPath: VisionOne.Update_Status.Response_Code - description: The response code from the command + description: The response code from the command. type: string - contextPath: VisionOne.Update_Status.Response_Msg - description: The response message from the command + description: The response message from the command. type: string - description: Updates the status of a workbench alert + description: Updates the status of a workbench alert. name: trendmicro-visionone-update-status - dockerimage: demisto/python3:3.10.14.90585 + dockerimage: demisto/python3:3.11.10.116949 isFetchSamples: true isfetch: true script: '' diff --git a/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOne/TrendMicroVisionOne_test.py b/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOne/TrendMicroVisionOne_test.py index 6662fcf8bfc7..848923cf41e3 100644 --- a/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOne/TrendMicroVisionOne_test.py +++ b/Packs/TrendMicroVisionOne/Integrations/TrendMicroVisionOne/TrendMicroVisionOne_test.py @@ -112,7 +112,7 @@ def test_quarantine_email_message(mocker): client = Client("https://api.xdr.trendmicro.com", api_key, proxy, verify) args = { "messageId": ( - "" + "" ), "mailBox": "kjshdfjksahd@trendenablement.com", "messageDeliveryTime": "2021-12-09T14:00:12.000Z", @@ -137,7 +137,7 @@ def test_delete_email_message(mocker): client = Client("https://api.xdr.trendmicro.com", api_key, proxy, verify) args = { "messageId": ( - "" + "" ), "mailBox": "kjshdfjksahd@trendenablement.com", "messageDeliveryTime": "2021-12-09T14:00:55.000Z", diff --git a/Packs/TrendMicroVisionOne/ReleaseNotes/4_2_1.md b/Packs/TrendMicroVisionOne/ReleaseNotes/4_2_1.md new file mode 100644 index 000000000000..0d2bfe1d9dea --- /dev/null +++ b/Packs/TrendMicroVisionOne/ReleaseNotes/4_2_1.md @@ -0,0 +1,5 @@ +#### Integrations + +##### Trend Micro Vision One +- Code functionality improvements. +- Updated the Docker image to: *demisto/python3:3.11.10.116949*. \ No newline at end of file diff --git a/Packs/TrendMicroVisionOne/pack_metadata.json b/Packs/TrendMicroVisionOne/pack_metadata.json index 6bc36dc1e8b4..e70d1a4affb3 100644 --- a/Packs/TrendMicroVisionOne/pack_metadata.json +++ b/Packs/TrendMicroVisionOne/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Trend Micro Vision One", "description": "Trend Micro Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response(XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—Trend Micro Vision One prevents the majority of attacks with automated protection.", "support": "partner", - "currentVersion": "4.2.0", + "currentVersion": "4.2.1", "serverMinVersion": "6.2.0", "author": "Trend Micro", "url": "https://success.trendmicro.com",