demisto · RotemAmit · Jan 12, 2025 · Jan 9, 2025 · Jan 12, 2025 · Jan 12, 2025
diff --git a/Packs/Tanium/Integrations/Tanium_v2/Tanium_v2.py b/Packs/Tanium/Integrations/Tanium_v2/Tanium_v2.py
@@ -269,6 +269,8 @@ def build_create_action_body(self, by_host, action_name,
             if not ip_address and not hostname:
                 raise ValueError('hostname and ip address are missing, Please specify one of them.')
 
+            group_question = ""
+            demisto.debug(f"Initializing {group_question=}")
             if ip_address:
                 group_question = f'Get Computer Name from all machines with ip address equals {ip_address}'
             if hostname:

diff --git a/Packs/Tanium/Integrations/Tanium_v2/Tanium_v2.yml b/Packs/Tanium/Integrations/Tanium_v2/Tanium_v2.yml
@@ -1353,7 +1353,7 @@ script:
     - contextPath: Tanium.ActionResult.ID
       description: The action results ID.
       type: String
-  dockerimage: demisto/python3:3.11.10.115186
+  dockerimage: demisto/python3:3.11.10.116949
   script: ''
   subtype: python3
   type: python

diff --git a/Packs/Tanium/ReleaseNotes/1_0_36.md b/Packs/Tanium/ReleaseNotes/1_0_36.md
@@ -0,0 +1,5 @@
+#### Integrations
+
+##### Tanium v2
+- Code functionality improvements.
+- Updated the Docker image to: *demisto/python3:3.11.10.116949*.
diff --git a/Packs/Tanium/pack_metadata.json b/Packs/Tanium/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Tanium",
     "description": "Tanium endpoint security and systems management",
     "support": "xsoar",
-    "currentVersion": "1.0.35",
+    "currentVersion": "1.0.36",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/ThreatQ/Integrations/ThreatQ_v2/ThreatQ_v2.py b/Packs/ThreatQ/Integrations/ThreatQ_v2/ThreatQ_v2.py
diff --git a/Packs/ThreatQ/Integrations/ThreatQ_v2/ThreatQ_v2.yml b/Packs/ThreatQ/Integrations/ThreatQ_v2/ThreatQ_v2.yml
@@ -163,7 +163,7 @@ script:
       type: String
   - arguments:
     - default: true
-      description: URL to check
+      description: URL to check.
       isArray: true
       name: url
       required: true
@@ -232,7 +232,7 @@ script:
       type: String
   - arguments:
     - default: true
-      description: File MD5, SHA-1 or SHA-256
+      description: File MD5, SHA-1 or SHA-256.
       isArray: true
       name: file
       required: true
@@ -385,7 +385,7 @@ script:
       type: String
   - arguments:
     - default: true
-      description: Domain or FQDN
+      description: Domain or FQDN.
       isArray: true
       name: domain
       required: true
@@ -686,7 +686,7 @@ script:
       - Login Compromise
       - Incident
       required: true
-    - description: 'Date that event happened. Can be: YYYY-mm-dd HH:MM:SS, YYYY-mm-dd'
+    - description: 'Date that event happened. Can be: YYYY-mm-dd HH:MM:SS, YYYY-mm-dd.'
       name: date
       required: true
     - description: List of sources names, separated by commas.
@@ -1614,7 +1614,7 @@ script:
       required: true
     - description: The title of the new event.
       name: title
-    - description: 'Date that event happened. Can be: YYYY-mm-dd HH:MM:SS, YYYY-mm-dd'
+    - description: 'Date that event happened. Can be: YYYY-mm-dd HH:MM:SS, YYYY-mm-dd.'
       name: date
     - auto: PREDEFINED
       description: Type of the event, such as DoS Attack, Malware, Watchlist, and so on.
@@ -1882,13 +1882,13 @@ script:
     - defaultValue: '10'
       description: The maximum number of results to return. Default is 10.
       name: limit
-    - description: 'The indicator type for which to search. Can be either the name or the ID. Possible values: Binary String, CIDR Block, CVE, Email Address, Email Attachment, Email Subject, File Mapping, File Path, Filename, FQDN, Fuzzy Hash, GOST Hash, Hash ION, IP Address, IPv6 Address, MD5, Mutex,Password, Registry Key, Service Name, SHA-1, SHA-256, SHA-384, SHA-512, String, x509 Serial, x509 Subject, URL, URL Path, User-agent, Username, X-Mailer'
+    - description: 'The indicator type for which to search. Can be either the name or the ID. Possible values: Binary String, CIDR Block, CVE, Email Address, Email Attachment, Email Subject, File Mapping, File Path, Filename, FQDN, Fuzzy Hash, GOST Hash, Hash ION, IP Address, IPv6 Address, MD5, Mutex,Password, Registry Key, Service Name, SHA-1, SHA-256, SHA-384, SHA-512, String, x509 Serial, x509 Subject, URL, URL Path, User-agent, Username, X-Mailer.'
       name: indicator_type
       required: true
     deprecated: true
     description: Runs an advanced indicator search.
     name: threatq-advanced-search
-  dockerimage: demisto/python3:3.11.10.115186
+  dockerimage: demisto/python3:3.11.10.116949
   script: ''
   subtype: python3
   type: python

diff --git a/Packs/ThreatQ/ReleaseNotes/1_0_28.md b/Packs/ThreatQ/ReleaseNotes/1_0_28.md
@@ -0,0 +1,5 @@
+#### Integrations
+
+##### ThreatQ v2
+- Code functionality improvements.
+- Updated the Docker image to: *demisto/python3:3.11.10.116949*.
diff --git a/Packs/ThreatQ/pack_metadata.json b/Packs/ThreatQ/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "ThreatQ",
     "description": "Platform for collecting and interpreting intelligence data from open sources and managing indicator scores, types, and attributes.",
     "support": "xsoar",
-    "currentVersion": "1.0.27",
+    "currentVersion": "1.0.28",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/ThreatZone/Integrations/ThreatZone/ThreatZone.py b/Packs/ThreatZone/Integrations/ThreatZone/ThreatZone.py
@@ -326,6 +326,9 @@ def extract_ioc(output: dict) -> dict:
         return command_result_list
 
     try:
+        readable_dict = {}
+        output = {}
+        demisto.debug("Initializing readable_dict & output")
 
         report_type = ""
         if result.get("reports", {}).get("dynamic", {}).get("enabled"):

diff --git a/Packs/ThreatZone/Integrations/ThreatZone/ThreatZone.yml b/Packs/ThreatZone/Integrations/ThreatZone/ThreatZone.yml
@@ -322,7 +322,7 @@ script:
         - contextPath: ThreatZone.Limits.Daily_Submission_Limit
           description: The remaining/total daily submission limits of the current plan.
           type: String
-  dockerimage: demisto/python3:3.11.10.115186
+  dockerimage: demisto/python3:3.11.10.116949
   runonce: false
   subtype: python3
 fromversion: 6.9.0

diff --git a/Packs/ThreatZone/ReleaseNotes/1_0_5.md b/Packs/ThreatZone/ReleaseNotes/1_0_5.md
@@ -0,0 +1,5 @@
+#### Integrations
+
+##### ThreatZone
+- Code functionality improvements.
+- Updated the Docker image to: *demisto/python3:3.11.10.116949*.
diff --git a/Packs/ThreatZone/pack_metadata.json b/Packs/ThreatZone/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "ThreatZone",
     "description": "ThreatZone malware analysis sandboxing",
     "support": "partner",
-    "currentVersion": "1.0.4",
+    "currentVersion": "1.0.5",
     "author": "Malwation",
     "url": "https://app.threat.zone",
     "email": "[email protected]",

diff --git a/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.py b/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.py
@@ -10,7 +10,7 @@
 import hashlib
 import time
 import json
-from datetime import datetime, timezone
+from datetime import datetime, UTC
 from dateutil.parser import parse
 
 # Disable insecure warnings
@@ -229,6 +229,7 @@ def udso_add(self, add_type=None, content=None, scan_action=None, notes='', expi
                 raise ValueError(f'Operation failed - {response.get("Meta", {}).get("ErrorMsg")}')
 
             return response
+        return None
 
     def udso_add_file(self, file_content_base64_string, file_name, file_scan_action, note: str = ""):
         payload = {
@@ -286,7 +287,7 @@ def prodagent_restore(self, multi_match=False, entity_id="", ip_add="", mac_add=
     def verify_format_and_convert_to_timestamp(since_time: str):
         if since_time == '0':  # '0' is the default timestamp
             return since_time
-        if not (since_time.endswith('GMT+00:00') or since_time.endswith('Z')):
+        if not (since_time.endswith(('GMT+00:00', 'Z'))):
             raise ValueError("'since_time' argument should be in one of the following formats:"
                              "'2020-06-21T08:00:00Z', 'Jun 21 2020 08:00:00 GMT+00:00'")
 
@@ -326,7 +327,7 @@ def convert_timestamps_and_scan_type_to_readable(results_list):
         for result in results_list:
             for time_key in time_keys:
                 if result.get(time_key):
-                    result[time_key] = datetime.fromtimestamp(result.get(time_key), timezone.utc).isoformat()
+                    result[time_key] = datetime.fromtimestamp(result.get(time_key), UTC).isoformat()
             for status_key in status_keys:
                 if result.get(status_key):
                     result[status_key] = INVESTIGATION_STATUS_NUM_TO_VALUE[result.get(status_key)]
@@ -480,7 +481,7 @@ def fix_log_headers(log: dict):
 
         # fix the keys to their correct name
         new_log = log.copy()
-        for key in log.keys():
+        for key in log:
             if key in keys_to_fix:
                 new_log[CEF_HEADERS_TO_TREND_MICRO_HEADERS[key]] = new_log.pop(key)
             if key == 'rt':  # this key is always referencing to 'Creation Time' header
@@ -503,7 +504,7 @@ def parse_cef_logs_to_dict_logs(self, response):
     def update_agents_info_in_payload(payload_data, agent_guids):
         agent_guids_dict = json.loads(agent_guids)  # this is a dict of { server_guids : [agent_guids] }
         payload_data["agentGuid"] = agent_guids_dict
-        payload_data["serverGuid"] = [server_guid for server_guid in agent_guids_dict.keys()]
+        payload_data["serverGuid"] = list(agent_guids_dict.keys())
 
         return payload_data
 
@@ -764,9 +765,8 @@ def list_logs_command(client: Client, args):
     response = client.logs_list(**assign_params(**args))
     parsed_logs_list = []
 
-    if response:
-        if response.get('Data', {}).get('Logs'):
-            parsed_logs_list = client.parse_cef_logs_to_dict_logs(response)[:limit]
+    if response and response.get('Data', {}).get('Logs'):
+        parsed_logs_list = client.parse_cef_logs_to_dict_logs(response)[:limit]
 
     log_type = args.get('log_type')
     headers = ['EventName', 'EventID', 'CreationTime', 'LogVersion', 'ApplianceVersion', 'ApplianceProduct',
@@ -807,9 +807,8 @@ def servers_list_command(client: Client, args):
         item['ip_address_list'] = item.get('ip_address_list', '').split(',')
 
     context = human_readable_table = []
-    if response:
-        if response.get('result_content'):
-            context = human_readable_table = response.get('result_content')
+    if response and response.get('result_content'):
+        context = human_readable_table = response.get('result_content')
 
     headers = ['entity_id', 'product', 'host_name', 'ip_address_list', 'capabilities']
     readable_output = tableToMarkdown('Trend Micro Apex One Servers List', human_readable_table, headers,
@@ -832,9 +831,8 @@ def agents_list_command(client: Client, args):
         item['ip_address_list'] = item.get('ip_address_list', '').split(',')
 
     context = human_readable_table = []
-    if response:
-        if response.get('result_content'):
-            context = human_readable_table = response.get('result_content')
+    if response and response.get('result_content'):
+        context = human_readable_table = response.get('result_content')
 
     readable_output = tableToMarkdown('Trend Micro Apex One Agents List', human_readable_table,
                                       headerTransform=string_to_table_header,
@@ -886,6 +884,8 @@ def create_historical_investigation(client: Client, args):
         headers = ['taskId', 'serverName', 'serverGuid']
         readable_output = tableToMarkdown('The historical investigation was created successfully',
                                           context, headers=headers, removeNull=True)
+    else:
+        readable_output = ''
 
     return CommandResults(
         readable_output=readable_output,
@@ -900,6 +900,7 @@ def investigation_result_list_command(client: Client, args):
     client.suffix = '/WebApp/OSCE_iES/OsceIes/ApiEntry'
     response = client.investigation_result_list(**assign_params(**args))
     context = {}
+    readable_output = ''
     if response:
         content_list = response.get('Data', {}).get('Data', {}).get('content', [])
         if content_list:

diff --git a/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.yml b/Packs/TrendMicroApex/Integrations/TrendMicroApex/TrendMicroApex.yml
@@ -641,7 +641,7 @@ script:
     - contextPath: TrendMicroApex.InvestigationResult.errorServers
       description: Error response if server communication is unsuccessful.
       type: String
-  dockerimage: demisto/pycef:1.0.0.100362
+  dockerimage: demisto/pycef:1.0.0.117223
   runonce: false
   script: '-'
   subtype: python3

diff --git a/Packs/TrendMicroApex/ReleaseNotes/2_0_8.md b/Packs/TrendMicroApex/ReleaseNotes/2_0_8.md
@@ -0,0 +1,5 @@
+#### Integrations
+
+##### Trend Micro Apex One
+- Code functionality improvements.
+- Updated the Docker image to: *demisto/pycef:1.0.0.117223*.
diff --git a/Packs/TrendMicroApex/pack_metadata.json b/Packs/TrendMicroApex/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Trend Micro Apex One",
     "description": "Trend Micro Apex One central automation to manage agents and User-Defined Suspicious Objects",
     "support": "xsoar",
-    "currentVersion": "2.0.7",
+    "currentVersion": "2.0.8",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",