Merge branch 'contrib/siscale_master' into master

siscale · Nov 4, 2024 · eb858e4 · eb858e4
2 parents 2b8977c + 4385af9
commit eb858e4
Show file tree

Hide file tree

Showing 399 changed files with 12,453 additions and 1,990 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -26,6 +26,7 @@
 /Packs/ContentManagement/* @adi88d
 /Packs/TAXIIServer/Integrations/TAXII2Server/* @Ni-Knight
 /Packs/FeedTAXII/Integrations/FeedTAXII2/* @Ni-Knight
+/Packs/rasterize/Integrations/rasterize/* @ilaredo
 
 # Important Scripts
 /Packs/CommonScripts/Scripts/SetGridField/* @altmannyarden

diff --git a/.github/content_roles.json b/.github/content_roles.json
@@ -11,11 +11,11 @@
         "aaron1535"
     ],
     "CONTRIBUTION_TL": "jbabazadeh",
-    "CONTRIBUTION_SECURITY_REVIEWER": ["tomer-pan"],
+    "CONTRIBUTION_SECURITY_REVIEWER": ["idovandijk"],
     "ON_CALL_DEVS": [
         "sshuker",
-        "acarmi"
+        "yhayun"
     ],
-    "DOC_REVIEWER": "ShirleyDenkberg",
+    "DOC_REVIEWER": "richardbluestone",
     "TIM_REVIEWER": "MLainer1"
 }
diff --git a/.github/github_workflow_scripts/handle_external_pr.py b/.github/github_workflow_scripts/handle_external_pr.py
@@ -589,9 +589,6 @@ def main():
             f'(https://xsoar.pan.dev/docs/packs/packs-format#contributorsjson).'
     if XSOAR_SUPPORT_LEVEL_LABEL or COMMUNITY_SUPPORT_LEVEL_LABEL in labels_to_add and ver != '1.0.0':
         pr.create_issue_comment(contributors_body)
-    pr.create_issue_comment('Hello,\nThank you for your contribution.\nUnfortunately, your PR review will be slightly delayed '
-                            'because of an Israeli holiday in the upcoming two weeks (16-26.10.24). Thank you in advance '
-                            'for the patience.')
 
 
 if __name__ == "__main__":

diff --git a/.pre-commit-config_template.yaml b/.pre-commit-config_template.yaml
@@ -16,7 +16,9 @@ repos:
     min_py_version: '3.7'
     files: .+_test.py$
   - id: check-added-large-files
-    args: ['--maxkb=5120']
+    args: ['--maxkb=5120', --enforce-all]
+    skip:nightly: true
+  - id: check-case-conflict
 - repo: https://github.com/python-poetry/poetry
   rev: 1.8.2
   hooks:

diff --git a/Documentation/doc-howto.json b/Documentation/doc-howto.json
diff --git a/Packs/AWS-Lambda/Integrations/AWS_Lambda/AWS_Lambda.py b/Packs/AWS-Lambda/Integrations/AWS_Lambda/AWS_Lambda.py
@@ -771,7 +771,7 @@ def main():
             case 'aws-lambda-list-aliases':
                 list_aliases(args, aws_client)
             case 'aws-lambda-invoke':
-                invoke(args, aws_client)
+                return_results(invoke(args, aws_client))
             case 'aws-lambda-remove-permission':
                 remove_permission(args, aws_client)
             case 'aws-lambda-get-account-settings':

diff --git a/Packs/AWS-Lambda/ReleaseNotes/1_3_9.md b/Packs/AWS-Lambda/ReleaseNotes/1_3_9.md
@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### AWS - Lambda
+
+Fixed an issue where the **aws-lambda-invoke** command did not return any results.
diff --git a/Packs/AWS-Lambda/pack_metadata.json b/Packs/AWS-Lambda/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "AWS - Lambda",
     "description": "Amazon Web Services Serverless Compute service (lambda)",
     "support": "xsoar",
-    "currentVersion": "1.3.8",
+    "currentVersion": "1.3.9",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/Algosec/Integrations/AlgoSec/AlgoSec.yml b/Packs/Algosec/Integrations/AlgoSec/AlgoSec.yml
@@ -5,7 +5,7 @@ name: AlgoSec
 display: AlgoSec
 system: true
 category: Network Security
-description: Algosec BusinessFlow(ABF), Firewall Analyzer (AFA) and FireFlow(AFF).
+description: Algosec AppViz, Firewall Analyzer (AFA) and FireFlow(AFF).
 configuration:
 - display: Server URL (e.g. https://192.168.0.1)
   name: server
@@ -34,91 +34,91 @@ script:
     - name: ticketId
       required: true
       default: true
-      description: ID of requested change request
+      description: ID of requested change request.
     description: Retrieves a FireFlow change request by its ID
   - name: algosec-create-ticket
     arguments:
     - name: description
-      description: A free text description of the issue
+      description: A free text description of the issue.
     - name: devices
-      description: A list of device names, on which the change should be made
+      description: A list of device names, on which the change should be made.
     - name: action
       required: true
       description: |
         The device action to perform for the traffic. This can be either
         of the following: \U0010FC00 1 - Allow the traffic \U0010FC00 0 - Block the
-        traffic
+        traffic.
       predefined:
       - "0"
       - "1"
     - name: destAddress
       required: true
-      description: The destination address to perform the action on
+      description: The destination address to perform the action on.
     - name: sourceAddress
       required: true
-      description: The source address to perform the action on
+      description: The source address to perform the action on.
     - name: requestor
       required: true
-      description: The email address of the requestor
+      description: The email address of the requestor.
     - name: subject
       required: true
-      description: The change request's title
+      description: The change request's title.
     - name: service
       required: true
-      description: The device service or port for the connection, for example, "http" or Mandatory "tcp/123"
+      description: The device service or port for the connection, for example, "http" or Mandatory "tcp/123".
     - name: user
       required: true
-      description: The user for the connection
+      description: The user for the connection.
     - name: application
       required: true
-      description: The application for the connection
+      description: The application for the connection.
     description: Creates a new FireFlow change request
   - name: algosec-get-applications
     arguments:
     - name: address
       required: true
       default: true
-      description: The IP/Subnet to search
+      description: The IP/Subnet to search.
     - name: type
       auto: PREDEFINED
       predefined:
       - INTERSECT
       - CONTAINED
       - CONTAINING
       - EXACT
-      description: The search method for the address
-    description: Find applications containing network objects related to IP address using BusinessFlow
+      description: The search method for the address.
+    description: Find applications containing network objects related to IP address using AppViz
   - name: algosec-get-network-object
     arguments:
     - name: address
       required: true
       default: true
-      description: The IP/Subnet to search
+      description: The IP/Subnet to search.
     - name: type
       auto: PREDEFINED
       predefined:
       - INTERSECT
       - CONTAINED
       - CONTAINING
       - EXACT
-      description: The search method for the address (default is INTERSECT)
+      description: The search method for the address (default is INTERSECT).
     description: Find network objects related to IP address
   - name: algosec-query
     arguments:
     - name: source
       required: true
       default: true
-      description: source(s) for the query. Multiple values are separated by commas (,)
+      description: source(s) for the query. Multiple values are separated by commas (,).
     - name: destination
       required: true
-      description: destination(s) for the query. Multiple values are separated by commas (,)
+      description: destination(s) for the query. Multiple values are separated by commas (,).
     - name: service
       required: true
-      description: service(s) for the query. Multiple values are separated by commas (,)
+      description: service(s) for the query. Multiple values are separated by commas (,).
     - name: user
-      description: user for the query
+      description: user for the query.
     - name: application
-      description: application for the query
+      description: application for the query.
     description: Performs a batch traffic simulation query using Firewall Analyzer
 tests:
 - No tests

diff --git a/Packs/Algosec/Integrations/AlgoSec/README.md b/Packs/Algosec/Integrations/AlgoSec/README.md
@@ -1,4 +1,4 @@
-Algosec BusinessFlow(ABF), Firewall Analyzer (AFA) and FireFlow(AFF).
+Algosec AppViz, Firewall Analyzer (AFA) and FireFlow(AFF).
 
 ## Configure AlgoSec on XSOAR
 ---
@@ -70,7 +70,7 @@ There is no context output for this command.
 
 ### 3. algosec-get-applications
 ---
-Find applications containing network objects related to IP address using BusinessFlow
+Find applications containing network objects related to IP address using AppViz
 
 ##### Base Command
 

diff --git a/Packs/Algosec/ReleaseNotes/1_0_14.md b/Packs/Algosec/ReleaseNotes/1_0_14.md
@@ -0,0 +1,12 @@
+
+#### Integrations
+
+##### AlgoSec
+
+- update description with new product name AppViz
+
+#### Scripts
+
+##### AlgosecGetApplications
+
+- update description with new product name AppViz
diff --git a/Packs/Algosec/Scripts/AlgosecGetApplications/AlgosecGetApplications.yml b/Packs/Algosec/Scripts/AlgosecGetApplications/AlgosecGetApplications.yml
@@ -7,7 +7,7 @@ type: python
 subtype: python3
 tags:
 - Algosec
-comment: Find applications containing network objects related to IP address using BusinessFlow.
+comment: Find applications containing network objects related to IP address using AppViz.
 system: true
 args:
 - name: address

diff --git a/Packs/Algosec/Scripts/AlgosecGetApplications/README.md b/Packs/Algosec/Scripts/AlgosecGetApplications/README.md
@@ -1,4 +1,4 @@
-Finds applications containing network objects related to IP address using BusinessFlow.
+Finds applications containing network objects related to IP address using AppViz.
 
 ## Script Data
 ---

diff --git a/Packs/Algosec/pack_metadata.json b/Packs/Algosec/pack_metadata.json
@@ -1,8 +1,8 @@
 {
     "name": "AlgoSec",
-    "description": "Algosec BusinessFlow(ABF), Firewall Analyzer (AFA) and FireFlow(AFF).",
+    "description": "Algosec AppViz, Firewall Analyzer (AFA) and FireFlow(AFF).",
     "support": "xsoar",
-    "currentVersion": "1.0.13",
+    "currentVersion": "1.0.14",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/ApiModules/ReleaseNotes/2_2_29.md b/Packs/ApiModules/ReleaseNotes/2_2_29.md
@@ -0,0 +1,5 @@
+#### Scripts
+
+##### OktaApiModule
+- Added the `key_id` parameter for environments configured with multiple keys.
+- Updated the Docker image to: *demisto/crypto:1.0.0.111961*.
diff --git a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py
@@ -2109,20 +2109,73 @@ def generate_endpoint_by_contex_standard(endpoints, ip_as_string, integration_na
     return standard_endpoints
 
 
+def retrieve_all_endpoints(client, endpoints, endpoint_id_list, dist_name, ip_list, public_ip_list,
+                           group_name, platform, alias_name, isolate, hostname, page_number,
+                           limit, first_seen_gte, first_seen_lte, last_seen_gte, last_seen_lte,
+                           sort_by_first_seen, sort_by_last_seen, status, username):
+    endpoints_page = endpoints
+    # Continue looping for as long as the latest page of endpoints retrieved is NOT empty
+    while endpoints_page:
+        page_number += 1
+        endpoints_page = client.get_endpoints(
+            endpoint_id_list=endpoint_id_list,
+            dist_name=dist_name,
+            ip_list=ip_list,
+            public_ip_list=public_ip_list,
+            group_name=group_name,
+            platform=platform,
+            alias_name=alias_name,
+            isolate=isolate,
+            hostname=hostname,
+            page_number=page_number,
+            limit=limit,
+            first_seen_gte=first_seen_gte,
+            first_seen_lte=first_seen_lte,
+            last_seen_gte=last_seen_gte,
+            last_seen_lte=last_seen_lte,
+            sort_by_first_seen=sort_by_first_seen,
+            sort_by_last_seen=sort_by_last_seen,
+            status=status,
+            username=username
+        )
+        endpoints += endpoints_page
+    return endpoints
+
+
+def convert_timestamps_to_datestring(endpoints):
+    for endpoint in endpoints:
+        if endpoint.get('content_release_timestamp'):
+            endpoint['content_release_timestamp'] = timestamp_to_datestring(endpoint.get('content_release_timestamp'))
+        if endpoint.get('first_seen'):
+            endpoint['first_seen'] = timestamp_to_datestring(endpoint.get('first_seen'))
+        if endpoint.get('install_date'):
+            endpoint['install_date'] = timestamp_to_datestring(endpoint.get('install_date'))
+        if endpoint.get('last_content_update_time'):
+            endpoint['last_content_update_time'] = timestamp_to_datestring(endpoint.get('last_content_update_time'))
+        if endpoint.get('last_seen'):
+            endpoint['last_seen'] = timestamp_to_datestring(endpoint.get('last_seen'))
+    return endpoints
+
+
 def get_endpoints_command(client, args):
     integration_context_brand = args.pop('integration_context_brand', 'CoreApiModule')
     integration_name = args.pop("integration_name", "CoreApiModule")
-    page_number = arg_to_int(
-        arg=args.get('page', '0'),
-        arg_name='Failed to parse "page". Must be a number.',
-        required=True
-    )
-
-    limit = arg_to_int(
-        arg=args.get('limit', '30'),
-        arg_name='Failed to parse "limit". Must be a number.',
-        required=True
-    )
+    all_results = argToBoolean(args.get('all_results', False))
+    # When we want to get all endpoints, start at page 0 and use the max limit supported by the API (100)
+    if all_results:
+        page_number = 0
+        limit = 100
+    else:
+        page_number = arg_to_int(
+            arg=args.get('page', '0'),
+            arg_name='Failed to parse "page". Must be a number.',
+            required=True
+        )
+        limit = arg_to_int(
+            arg=args.get('limit', '30'),
+            arg_name='Failed to parse "limit". Must be a number.',
+            required=True
+        )
 
     endpoint_id_list = argToList(args.get('endpoint_id_list'))
     dist_name = argToList(args.get('dist_name'))
@@ -2134,6 +2187,7 @@ def get_endpoints_command(client, args):
     isolate = args.get('isolate')
     hostname = argToList(args.get('hostname'))
     status = argToList(args.get('status'))
+    convert_timestamp_to_datestring = argToBoolean(args.get('convert_timestamp_to_datestring', False))
 
     first_seen_gte = arg_to_timestamp(
         arg=args.get('first_seen_gte'),
@@ -2182,6 +2236,17 @@ def get_endpoints_command(client, args):
         username=username
     )
 
+    if all_results:
+        endpoints = retrieve_all_endpoints(client, endpoints, endpoint_id_list, dist_name,
+                                           ip_list, public_ip_list, group_name, platform,
+                                           alias_name, isolate, hostname, page_number,
+                                           limit, first_seen_gte, first_seen_lte,
+                                           last_seen_gte, last_seen_lte, sort_by_first_seen,
+                                           sort_by_last_seen, status, username)
+
+    if convert_timestamp_to_datestring:
+        endpoints = convert_timestamps_to_datestring(endpoints)
+
     standard_endpoints = generate_endpoint_by_contex_standard(endpoints, False, integration_name)
     endpoint_context_list = []
     for endpoint in standard_endpoints: