From 7759d2bd46c831843338b35d28b21a8e36e9ccac Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Sun, 14 Jul 2024 14:44:54 +0300 Subject: [PATCH] [Marketplace Contribution] Common Scripts - Content Pack Update (#35178) * [Marketplace Contribution] Common Scripts - Content Pack Update (#35115) * "contribution update to pack 'Common Scripts'" * pack resubmitted --------- Co-authored-by: Jacob Levy <129657918+jlevypaloalto@users.noreply.github.com> * add typing * add typing * more fixes * more fixes * more fixes * more fixes * more stuff * build fixes * build fixes * UTs complete * docs * marketplace selection * RN * docker * Bump pack from version CommonScripts to 1.15.29. --------- Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: Jacob Levy <129657918+jlevypaloalto@users.noreply.github.com> Co-authored-by: jlevypaloalto Co-authored-by: Content Bot --- Packs/CommonScripts/ReleaseNotes/1_15_29.md | 6 + .../GenerateAsBuiltConfiguration.py | 724 ++++++ .../GenerateAsBuiltConfiguration.yml | 27 + .../GenerateAsBuiltConfiguration_test.py | 20 + .../GenerateAsBuiltConfiguration/README.md | 22 + .../test_data/execute_command.py | 1931 +++++++++++++++++ Packs/CommonScripts/pack_metadata.json | 2 +- 7 files changed, 2731 insertions(+), 1 deletion(-) create mode 100644 Packs/CommonScripts/ReleaseNotes/1_15_29.md create mode 100644 Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/GenerateAsBuiltConfiguration.py create mode 100644 Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/GenerateAsBuiltConfiguration.yml create mode 100644 Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/GenerateAsBuiltConfiguration_test.py create mode 100644 Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/README.md create mode 100644 Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/test_data/execute_command.py diff --git a/Packs/CommonScripts/ReleaseNotes/1_15_29.md b/Packs/CommonScripts/ReleaseNotes/1_15_29.md new file mode 100644 index 000000000000..46b0e0f471a7 --- /dev/null +++ b/Packs/CommonScripts/ReleaseNotes/1_15_29.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### New: GenerateAsBuiltConfiguration + +- New: Generate a JSON file that can be downloaded and used to create the As-Built document for Cortex XSOAR. (Available from Cortex XSOAR 6.10.0). diff --git a/Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/GenerateAsBuiltConfiguration.py b/Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/GenerateAsBuiltConfiguration.py new file mode 100644 index 000000000000..932020ba5899 --- /dev/null +++ b/Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/GenerateAsBuiltConfiguration.py @@ -0,0 +1,724 @@ +import demistomock as demisto # noqa: F401 +from CommonServerPython import * # noqa: F401 +# Defining global variables +layouts: list = [] +integrations: list = [] +classifiers: list = [] +incoming_mappers: list = [] +outgoing_mappers: list = [] +incident_types: list = [] +incident_fields: list = [] +playbooks: list = [] +automations: list = [] +ignore_playbook: list = [] +ignore_sub: list = [] +auto_script: dict = {} +configuration: dict = {} +autodata: bool = False + + +def create_context(data: Any, args: list) -> dict | list: + """ + This function accepts the raw data and creates new dict based on the values + in args. + + Args: + data: raw data to be filtered (can be list or dict) + args: list of items to fetch from raw data + + Returns: + list/dict : filtered data from the raw data + + """ + + if isinstance(data, list): + return [create_context(data_item, args) for data_item in data] + + filtered_data = {} + for arg in args: + filtered_data[arg] = data.get(arg) + return filtered_data + + +def merge_data(instance: list, configuration: list) -> None: + """ + This function accepts the integration instance and configuration data and populated the required fields into instance data + + Args: + instance: integraiton instance data (can be list or dict) + configuration: integration configuration data + + """ + + for ins_data in instance: + ins_data["incident_type"] = ins_data["configvalues"].get("incidentType") + del ins_data["configvalues"] + ins_data["instance_id"] = ins_data.pop("id") + ins_data["instance_name"] = ins_data.pop("name") + for conf_data in configuration: + if ins_data["brand"] in (conf_data["id"], conf_data["name"]): + ins_data.update(conf_data) + break + + +def separate_classfier_mapper(data: list) -> tuple: + """ + This function accepts the raw data and filters out classifer and mappers from it. + + Args: + data: raw data to be filtered (can be list or dict) + + Returns: + list : classifier data list + list: incoming mapper data list + list: outgoing mapper data list + + """ + + classifier_list = [] + incoming_mapper_list = [] + outgoing_mapper_list = [] + + for data_item in data: + if data_item["type"] == "mapping-outgoing": + outgoing_mapper_list.append(data_item) + elif data_item["type"] == "mapping-incoming": + incoming_mapper_list.append(data_item) + else: + classifier_list.append(data_item) + return classifier_list, incoming_mapper_list, outgoing_mapper_list + + +def post_api_request(url: str, body: dict) -> dict: + """Post API request. + + Args: + url (str): request url path + body (Dict): integration command / script arguments + + Returns: + Dict: dictionary representation of the response + """ + api_args = { + "uri": url, + "body": body + } + raw_res = demisto.executeCommand("core-api-post", api_args) + try: + res = raw_res[0]['Contents']['response'] + except (TypeError, KeyError): + demisto.debug(f'error with "core-api-post" {api_args=}') + return_error(f'API Request failed, unable to parse: {raw_res}') + return res + + +def get_api_request(url: str) -> list | str | None: + """Get API request. + + Args: + url (str): request url path + + Returns: + Dict: dictionary representation of the response + """ + raw_res = demisto.executeCommand("core-api-get", {"uri": url}) + try: + res = raw_res[0]['Contents']['response'] + # If it's a string and not an object response, means this command has failed. + if isinstance(res, str): + return res if autodata is True else None + except KeyError: + demisto.debug(f'error with "core-api-get" {url=}') + return_error(f'API Request failed, no response from API call to {url}') + return res + + +def get_custom_playbooks() -> list[str]: + """Return all the custom playbooks installed in XSOAR + + Returns: + TableData: TableData object with the custom playbooks. + """ + res: list = post_api_request("/playbook/search", {"query": "system:F AND hidden:F"}).get("playbooks", []) + return [pb["name"] for pb in res] + + +def get_layouts() -> list: + """Return the data for the custom Layouts. + + Returns: + dict: Filtered data for the custom layouts having the data only for the fields mentioned. + """ + fields = ['description', 'details', 'detailsV2', 'group', 'id', 'modified', 'name', 'packID', 'packName', 'system'] + resp = get_api_request("/layouts") + filtered_data = create_context(resp, fields) + return cast(list, filtered_data) + + +def get_incident_types() -> list: + """Return the data for the incident types. + + Returns: + dict: Filtered data for the incident types having the data only for the fields mentioned. + """ + fields = ['id', 'layout', 'modified', 'name', 'playbookId', 'system', 'packID', 'packName'] + resp = get_api_request("/incidenttype") + filtered_data = create_context(resp, fields) + return cast(list, filtered_data) + + +def get_incident_fields() -> list: + """Return the data for the custom incident fields. + + Returns: + dict: Filtered data for the custom incident fields having the data only for the fields mentioned. + """ + fields = ['associatedToAll', 'associatedTypes', 'cliName', 'description', + 'id', 'modified', 'name', 'type', 'system', 'locked', 'packID', 'packName'] + resp = get_api_request("/incidentfields") + filtered_data = create_context(resp, fields) + return cast(list, filtered_data) + + +def get_classifier_mapper() -> tuple[Any, Any, Any]: + """Return the data for the custom classifers, incoming mapper and outgoing mapper. + + Returns: + dict: Filtered data for the custom classifers, incoming mapper and outgoing mapper only for the fields mentioned. + """ + fields = ['description', 'id', 'modified', 'name', 'system', 'type', + 'defaultIncidentType', 'keyTypeMap', 'mapping', 'packID', 'packName'] + resp: list = post_api_request("/classifier/search", {}).get("classifiers", []) + if resp: + filtered_data = cast(list, create_context(resp, fields)) + class_data, i_mapper_data, o_mapper_data = separate_classfier_mapper(filtered_data) + else: + return_error("No classifier and mapper data found.") + return class_data, i_mapper_data, o_mapper_data + + +def get_playbooks() -> list: + """Return the data for the custom Playbooks + + Returns: + dict: Filtered data for the custom playbooks having the data only for the fields mentioned. + """ + fields = ['commands', 'id', 'inputs', 'modified', 'name', 'outputs', 'packID', 'packName', 'tasks', 'system', 'comment'] + resp = post_api_request("/playbook/search", {"query": "hidden:F"}).get("playbooks") + filtered_data = create_context(resp, fields) + return cast(list, filtered_data) + + +def get_automations() -> list: + """Return the data for the custom automation + + Returns: + dict: Filtered data for the custom automation, having the data only for the fields mentioned. + """ + fields = ['arguments', 'comment', 'contextKeys', 'id', 'modified', 'name', 'system', 'tags', 'type'] + resp = post_api_request("/automation/search", {"query": "hidden:F"}).get("scripts") + filtered_data = create_context(resp, fields) + return cast(list, filtered_data) + + +def get_integrations() -> tuple[list, dict]: + """ + This function provides the filtered integration data and the filtered instance data for that particular integration. + + Returns: + instance_data : dictionary containing the integration instance data + command_data : dictionary containing filtered configuration data + """ + command_data = {} + instance_fields = ['brand', 'category', 'id', 'incomingMapperId', 'isBuiltin', 'isSystemIntegration', 'mappingId', 'modified', + 'name', 'outgoingMapperId', 'packID', 'packName', 'configvalues'] + configuration_fields = ['description', 'detailedDescription', 'display', + 'id', 'name'] # if require script then add 'integrationScript' + + resp = post_api_request("/settings/integration/search", {}) + int_data: list = resp.get("configurations", []) + for data in int_data: + command_list = [] + command_value: dict[str, Union[str, list[str], None]] = { + 'id': None, + 'name': None, + 'display': None, + 'description': None, + 'commands': [] + } + command_data[data['display']] = command_value + if data is not None: + int_script = data.get("integrationScript") + if int_script is not None: + commands = int_script.get("commands") + if commands is not None: + for i_name in commands: + command_list.append(i_name.get("name")) + command_value["id"] = data['id'] + command_value["name"] = data['name'] + command_value["display"] = data['display'] + command_value["description"] = data['description'] + command_value["commands"] = command_list + instance_data = cast(list, create_context(resp.get("instances", []), instance_fields)) + configuration_data = cast(list, create_context(resp.get("configurations", []), configuration_fields)) + merge_data(instance_data, configuration_data) + return instance_data, command_data + + +def get_playbook_data(playbook_name: str) -> dict: + """ + This function accepts the playbook name and and provides the data for that specific playbook. + + Args: + playbook_name: Playbook name + + Returns: + dict : Playbook data dictionary + """ + for data_item in playbooks: + if data_item["name"] == playbook_name: + return dict(data_item) + demisto.debug(f'playbook {playbook_name} not found') + return {} + + +def get_playbook_dependencies(playbook: dict) -> dict: + """ + This function accepts the playbook and provides the subplaybook, integrations and automations for that particular playbook. + + Args: + playbook (dict): Playbook data for which the dependencies to be fetched + + Returns: + dependencies : Dictionary having subplaybooks, integrations and automations data for playbooks + """ + pb_id = playbook["id"] + pb_name = playbook["name"] + body = { + "items": [ + { + "id": f"{pb_id}", + "type": "playbook" + } + ], + "dependencyLevel": "optional" + } + resp = cast(list, dict_safe_get(post_api_request("/itemsdependencies", body), ("existing", "playbook", pb_id))) + if not resp: + raise DemistoException(f"Failed to retrieve dependencies for {pb_name}") + + dependencies: Dict[str, List] = { + "automation": [], + "playbook": [], + "integration": [] + } + if resp: + for resp_item in resp: + if resp_item["type"] in dependencies: + data = { + "name": resp_item["name"], + "system": resp_item["system"] + } + dependencies[resp_item["type"]].append(data) + return dependencies + + +def get_playbook_automation(playbook: dict, filter_auto: set) -> dict: + """ + This function accepts the playbook data and fetches the automation linked to that particular playbook. + + Args: + playbook (dict): playbook data + filter_auto (list): list having automation names that are configured for that specific playbook + + Returns: + pb_automation : dictionary having custom automation data for a specific playbook + """ + pb_automation = {} + if filter_auto: + for script in filter_auto: + for automation_data in automations: + if script in [automation_data["name"], automation_data["id"]] and not automation_data.get("system", False): + pb_automation[automation_data["name"]] = dict(automation_data) + break + return pb_automation + + +def get_playbook_subplaybook(playbook: dict, filter_play: set) -> dict: + """ + This function accepts the playbook data and fetches the subplaybooks for that particular playbook. + + Args: + playbook (dict): playbook data + filter_play (list): list having subplaybook names for that specific playbook + + Returns: + pb_subpplaybook : dictionary having subplaybook data for a specific playbook + """ + pb_subplaybook = {} + if filter_play: + for subplaybook in filter_play: + for pb in playbooks: + if subplaybook in [pb["name"], pb["id"]] and not pb.get("system", False): + pb_subplaybook[pb["name"]] = pb + break + return pb_subplaybook + + +def get_instance_classifier_incident_type(integration_instance: dict, incident_types: list, classifiers: list) -> tuple: + """ + This function accepts the integration instance, incident types and classifers and then establishes the mapping for the + classifier and incident type data for an interation instance and returns data only for those classifers and incident types. + + Args: + integration_instance (dict): integration instance data + incident_types (list): list containg incident types + classifiers (list): list containg classifiers + + Returns: + classifier_data : dictionary having classifier data mapped to an integration + incident_type_data : dictionary having incident types data mapped to an integration + """ + classifier_data = None + incident_type_data = {} + classifier_id = integration_instance.get("mappingId", None) + inc_type_id = integration_instance.get("incident_type", None) + if classifier_id: + for classifier in classifiers: + if classifier_id == classifier["id"]: + classifier_data = classifier + classifier_incident_types = classifier["keyTypeMap"].values() + for classifier_incident_type in classifier_incident_types: + for incident_type in incident_types: + if classifier_incident_type == incident_type["id"]: + incident_type_data[incident_type["name"]] = incident_type + break + break + + elif inc_type_id: + for incident_type in incident_types: + if inc_type_id == incident_type["id"]: + incident_type_data = {incident_type["name"]: incident_type} + break + + return classifier_data, incident_type_data + + +def get_instance_incoming_mapper(integration_instance: dict, mappers: list) -> dict | None: + """ + This function accepts the integration instance data and incomig mapper data, then establishes the mapping for the + incoming mapper for an interation instance and returns data only for those incoming mappers. + + Args: + integration_instance (dict): integration instance data + mappers (list): list containg incoming mappers data + + Returns: + in_mapper : dictionary having incoming mapper data mapped to an integration + """ + in_mapper = None + mapper_id = integration_instance.get("incomingMapperId", None) + if mapper_id: + for mapper in mappers: + if mapper["id"] == mapper_id: + in_mapper = mapper + break + + return in_mapper + + +def get_instance_outgoing_mapper(integration_instance: dict, mappers: list) -> dict | None: + """ + This function accepts the integration instance data and outgoing mapper data, then establishes the mapping for the + outgoing mapper for an interation instance and returns data only for those outgoing mappers. + + Args: + integration_instance (dict): integration instance data + mappers (list): list containg outgoing mappers data + + Returns: + out_mapper : dictionary having outgoing mapper data mapped to an integration + """ + out_mapper = None + mapper_id = integration_instance.get("outgoingMapperId", None) + if mapper_id: + for mapper in mappers: + if mapper["id"] == mapper_id: + out_mapper = mapper + break + + return out_mapper + + +def get_instance_layout_fields( + integration_instance: dict, instance_incident_types: dict, layouts: list, incident_fields: list +) -> tuple[dict | None, dict | None]: + """ + This function accepts the integration instance, incident types for that particular instance, layouts and incident fields, + then establishes the mapping for the layouts and the incident fields for an interation instance and returns data only for + those layouts and incident fields. + + Args: + integration_instance (dict): integration instance data + instance_incident_types (dict): incident types data for specific instance + layouts (list): list having layouts data + incident_fields (list): list having incident fields data + + Returns: + layouts_data : dictionary having layouts data mapped to an incident type + fields_data : dictionary having custom incident field data mapped to an incident type + """ + layout_data = {} + fields_data = {} + incident_types = instance_incident_types + if incident_types: + for type_name, type_data in incident_types.items(): + layout_id = type_data["layout"] + for layout in layouts: + if layout["id"] == layout_id: + l_d = {**layout} + l_d["incident_type"] = type_name + layout_data[layout["name"]] = l_d + break + + for incident_field in incident_fields: + _types = incident_field["associatedTypes"] + associated_types = _types if _types else [] + # if (type_data["id"] in associated_types or incident_field["associatedToAll"]) #and not incident_field["system"]: + if type_data["id"] in associated_types and not incident_field["locked"]: + fields_data[incident_field["name"]] = incident_field + + return layout_data, fields_data + + +def get_playbook_integration(playbook: dict, filter_int: list) -> dict: + """ + This function accepts the playbook data and fetches the integration for that particular playbook. + + Args: + playbook (dict): playbook data + filter_int (list): list having integration names for that specific playbook + + Returns: + pb_integration : dictionary having complete integration data for a specific playbook, containing classifiers, + incident types, field types, layout, incident fields, incoming mapper and outgoing mapper. + """ + pb_integration: dict = {} + section_data: list = [] + items: list = [] + field_t: dict = {} + field_type: dict = {} + field_list: list = [] + if filter_int: + int_names = list(filter_int) + for integration in integrations: + if integration.get("name") in int_names or integration["brand"] in int_names or integration.get("id") in int_names: + # get integration incident types + classifier_data, incident_types_data = get_instance_classifier_incident_type( + integration, incident_types, classifiers) + # get integration incoming mapper + incoming_mapper_data = get_instance_incoming_mapper(integration, incoming_mappers) + # get integration outgoing mapper + outgoing_mapper_data = get_instance_outgoing_mapper(integration, outgoing_mappers) + # get integration layouts and incident_fields + layout_data, fields_data = get_instance_layout_fields(integration, incident_types_data, layouts, incident_fields) + if integration["display"] not in pb_integration: + pb_integration[integration["display"]] = {integration["instance_name"]: integration.copy()} + else: + pb_integration[integration["display"]][integration["instance_name"]] = integration.copy() + + if layout_data is not None: + for _k, v in layout_data.items(): + field_t = {} + evidence_data = {} + field_list = [] + t = v.get('detailsV2') + if t is not None: + e = t.get("tabs") + for test in e: + if 'sections' in test: + section_data = test.get("sections") + for tab in section_data: + name = tab.get('name') + field_type = {} + field_t[name] = field_type + items = tab.get('items') + columns = tab.get('columns') + for a in incident_fields: + if items is not None: + for j in items: + if ( + j.get("fieldId") in (a.get("cliName"), a.get("name")) + ) and ( + j.get("fieldId") not in field_type.keys() + ): + field_type[j.get("fieldId")] = a.get("type") + if columns is not None: + for c_data in columns: + if c_data.get("key") == a.get( + "name" + ) or c_data.get("key") == a.get( + "cliName" + ): + field_type[c_data.get('key')] = a.get("type") + if tab.get('type') == 'evidence' and a.get("id").startswith("evidence_"): + evidence_data[a["name"]] = a["type"] + field_t[tab.get('name')] = evidence_data + field_list.append(field_t) + # adding additional data into integration + pb_integration[integration["display"]][integration["instance_name"]] |= { + "classifier": classifier_data, + "incident_type": incident_types_data, + "layout": layout_data, + "field_type": field_t, + "fields": fields_data, + "incoming_mapper": incoming_mapper_data, + "outgoing_mapper": outgoing_mapper_data + } + + return pb_integration + + +def sub_data(playbook: dict) -> tuple: + """ + This function accepts the playbook data and fetches the subplaybooks, automations and integrations for that playbook. + + Args: + playbook (dict): playbook data + + Returns: + test_d : set containing the subplaybook names + task_name : set containing the automation and integration names + int_data : list containing the integration names + """ + test_d = set() + task_name = set() + int_data: list = [] + task_dict: dict = {} + for data_key in playbook: + if data_key == "tasks": + task_data: dict = playbook.get('tasks', []) + for data in task_data: + task_dict = task_data[data] + for k in task_dict: + if k == 'task': + new = task_dict.get(k) + if new is not None and new.get('type') == 'playbook': + test_d.add(new.get('playbookId')) + # if 'brand' in new.keys(): + # int_name.add(new.get('brand')) + if new is not None and 'scriptId' in new: + task_name.add(new.get('scriptId')) + + command_list = playbook.get("commands", []) + if configuration is not None: + for command in command_list: + for k, v in configuration.items(): + if command in v["commands"]: + int_data.append(k) + return test_d, task_name, int_data + + +def create_config_file(pb_name: str, ignore_playbook: list) -> dict: + """ + This function accepts the playbook names and the name of the playbooks to be ignored to avoid the data repetition, as they + are already covered in the subplaybooks, and then create complete configuration data for those playbooks and subplaybooks + + Args: + pb_name: playbook name + ignore_playbook: list having the playbook names to be ignored + + Returns: + playbook : dictionary containing the complete data for playbooks, that is automtion, subplaybook and all the + configuration data of integration for that particular playbook + """ + global autodata + playbook = get_playbook_data(pb_name) + filter_play, filter_auto, filter_int = sub_data(playbook) + playbook["dependencies"] = get_playbook_dependencies(playbook) + playbook["automation"] = get_playbook_automation(playbook, filter_auto) # filter_auto + playbook["integration"] = get_playbook_integration(playbook, filter_int) + playbook["subplaybook"] = get_playbook_subplaybook(playbook, filter_play) + del playbook["dependencies"] + if playbook["automation"] is not None: + autodata = True + for _k, v in playbook["automation"].items(): + auto_id = v.get("id") + resp = json.dumps(get_api_request(f"/automation/export/{auto_id}")) + resp = (resp.split("script: |")[1]) + resp = (resp.split("type: python")[0]) + resp = resp.lstrip("\\n ") + resp = resp.rstrip("\\n") + auto_script[auto_id] = resp + playbook["scripts"] = auto_script + if playbook["subplaybook"] is not None: + for subplaybook_name in playbook["subplaybook"]: + if not playbook["subplaybook"][subplaybook_name]["system"]: + ignore_playbook.append(subplaybook_name) + playbook["subplaybook"][subplaybook_name] = create_config_file(subplaybook_name, ignore_playbook) + return dict(playbook) + else: + return dict(playbook) + + +def create_as_built(playbook_names: list, ignore_playbook: list) -> list: + """ + This function accepts the playbook names and the names of the playbook to be ignored and then append all the data for those + palybook that are not to be ignored, in a list. + + Args: + playbook_names (list): playbook names + ignore_playbook (list): playbooks to be ignored to avoid data repetition + + Returns: + configuration_data : list containing complete configuration data for all the playbooks + + """ + configuration_data = [] + for pb_name in playbook_names: + playbook = create_config_file(pb_name, ignore_playbook) + configuration_data.append(playbook) + return configuration_data + + +def main() -> None: # pragma: no cover + """ + This function creates a json file file for the complete configuration data. + """ + try: + args = demisto.args() + global layouts, incident_types, incident_fields, classifiers, incoming_mappers, outgoing_mappers + global playbooks, automations, integrations, ignore_playbook, configuration + incident_fields = get_incident_fields() + layouts = get_layouts() + incident_types = get_incident_types() + classifiers, incoming_mappers, outgoing_mappers = get_classifier_mapper() + playbooks = get_playbooks() + automations = get_automations() + integrations, configuration = get_integrations() + + # Given a playbook is passed, we generate a use case document, instead of the platform as build. + if args.get("playbook"): + pb_names = argToList(args.get("playbook")) + asbuilt = json.dumps(create_as_built(pb_names, ignore_playbook), indent=4) + else: + pb_names = get_custom_playbooks() + asbuilt_all = create_as_built(pb_names, ignore_playbook) + play_data = [] + + for data in range(len(asbuilt_all)): + if asbuilt_all[data] is not None and asbuilt_all[data].get("name") not in ignore_playbook: + play_data.append(asbuilt_all[data]) + asbuilt = json.dumps(play_data, indent=4) + + if asbuilt: + fr = fileResult("asbuilt.json", asbuilt, file_type=EntryType.ENTRY_INFO_FILE) + return_results(fr) + else: + return_error("No playbooks found. Please ensure that playbooks are present to generate the configuration file.") + except Exception as ex: + return_error(f'Failed to execute Script. Error: {ex}') + + +if __name__ in ('__builtin__', 'builtins'): + main() diff --git a/Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/GenerateAsBuiltConfiguration.yml b/Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/GenerateAsBuiltConfiguration.yml new file mode 100644 index 000000000000..1a79e18d3a3f --- /dev/null +++ b/Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/GenerateAsBuiltConfiguration.yml @@ -0,0 +1,27 @@ +args: +- description: A comma-separated list of playbook names for which to fetch custom data including automation, integration and sub-playbooks. + isArray: true + name: playbook +comment: Generate a JSON file that can be downloaded and used to create the As-Built document for Cortex XSOAR. +commonfields: + id: GenerateAsBuiltConfiguration + version: -1 +contentitemexportablefields: + contentitemfields: + fromServerVersion: '' +dockerimage: demisto/python3:3.11.9.103066 +enabled: true +engineinfo: {} +name: GenerateAsBuiltConfiguration +runas: DBotWeakRole +runonce: false +script: '' +scripttarget: 0 +subtype: python3 +tags: [] +type: python +fromversion: 6.10.0 +marketplaces: +- xsoar +tests: +- No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/GenerateAsBuiltConfiguration_test.py b/Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/GenerateAsBuiltConfiguration_test.py new file mode 100644 index 000000000000..d3e6859929a9 --- /dev/null +++ b/Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/GenerateAsBuiltConfiguration_test.py @@ -0,0 +1,20 @@ +import demistomock as demisto +from test_data.execute_command import execute_command + + +def test_main(mocker): + import GenerateAsBuiltConfiguration + + mocker.patch.object(demisto, 'executeCommand', side_effect=execute_command) + mocker.patch.object(demisto, 'args', return_value={'playbook': 'test-name'}) + return_results_mocked = mocker.patch.object(GenerateAsBuiltConfiguration, 'return_results') + + GenerateAsBuiltConfiguration.main() + + assert return_results_mocked.call_args.args[0]['File'] == 'asbuilt.json' + + mocker.patch.object(demisto, 'args', return_value={}) + + GenerateAsBuiltConfiguration.main() + + assert return_results_mocked.call_args.args[0]['File'] == 'asbuilt.json' diff --git a/Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/README.md b/Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/README.md new file mode 100644 index 000000000000..b0f7bdb8e3c3 --- /dev/null +++ b/Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/README.md @@ -0,0 +1,22 @@ +Generate a JSON file that can be downloaded and used to create the As-Built document for Cortex XSOAR. + +## Script Data + +--- + +| **Name** | **Description** | +| --- | --- | +| Script Type | python3 | + +## Inputs + +--- + +| **Argument Name** | **Description** | +| --- | --- | +| playbook | A comma-separated list of playbook names for which to fetch custom data including automation, integration and sub-playbooks. | + +## Outputs + +--- +There are no outputs for this script. diff --git a/Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/test_data/execute_command.py b/Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/test_data/execute_command.py new file mode 100644 index 000000000000..24b8f3a3d9a5 --- /dev/null +++ b/Packs/CommonScripts/Scripts/GenerateAsBuiltConfiguration/test_data/execute_command.py @@ -0,0 +1,1931 @@ +def execute_command(*args): + args = list(args) + if args == ["core-api-get", {"uri": "/incidentfields"}]: + return [ + { + "ModuleName": "Core REST API_instance_1", + "Brand": "Core REST API", + "Category": "Utilities", + "ID": "", + "Version": 0, + "Type": 1, + "Contents": { + "response": [ + { + "aliasTo": "", + "aliases": None, + "associatedToAll": False, + "associatedTypes": ["IP"], + "autoCompleteTags": None, + "breachScript": "", + "cacheVersn": 0, + "caseInsensitive": True, + "cliName": "asowner", + "closeForm": False, + "columns": None, + "commitMessage": "", + "content": True, + "defaultRows": None, + "definitionId": "", + "description": "", + "editForm": True, + "fieldCalcScript": "", + "fromServerVersion": "5.0.0", + "group": 2, + "hidden": False, + "id": "indicator_asowner", + "isReadOnly": False, + "itemVersion": "3.4.8", + "locked": False, + "mergeStrategy": "", + "modified": "2024-04-14T21:02:53.0554457Z", + "name": "AS Owner", + "neverSetAsRequired": False, + "openEnded": False, + "orgType": "shortText", + "ownerOnly": False, + "packID": "CommonTypes", + "packName": "Common Types", + "packPropagationLabels": ["all"], + "placeholder": "", + "prevName": "AS Owner", + "propagationLabels": [], + "required": False, + "runScriptAfterUpdate": False, + "script": "", + "selectValues": None, + "shouldCommit": False, + "sla": 0, + "system": False, + "systemAssociatedTypes": None, + "template": "", + "threshold": 72, + "toServerVersion": "", + "type": "shortText", + "unmapped": False, + "unsearchable": False, + "useAsKpi": False, + "validatedError": "", + "validationRegex": "", + "vcShouldIgnore": False, + "vcShouldKeepItemLegacyProdMachine": False, + "version": 14, + "x2_fields": "", + } + ] + }, + "HumanReadable": None, + "ImportantEntryContext": None, + "EntryContext": None, + "IgnoreAutoExtract": False, + "ReadableContentsFormat": "", + "ContentsFormat": "json", + "File": "", + "FileID": "", + "FileMetadata": None, + "System": "", + "Note": False, + "Evidence": False, + "EvidenceID": "", + "Tags": None, + "Metadata": { + "id": "", + "version": 0, + "cacheVersn": 0, + "modified": "0001-01-01T00:00:00Z", + "type": 1, + "created": "2024-07-03T13:14:52.775283532Z", + "incidentCreationTime": "0001-01-01T00:00:00Z", + "retryTime": "0001-01-01T00:00:00Z", + "user": "", + "errorSource": "", + "contents": "", + "format": "json", + "investigationId": "9dfe60aa-7485-4813-822a-03de171d38cb", + "file": "", + "fileID": "", + "parentId": "3363@9dfe60aa-7485-4813-822a-03de171d38cb", + "pinned": False, + "fileMetadata": None, + "parentContent": '!core-api-get uri="/incidentfields"', + "parentEntryTruncated": False, + "system": "", + "reputations": None, + "category": "", + "note": False, + "isTodo": False, + "tags": None, + "tagsRaw": None, + "startDate": "0001-01-01T00:00:00Z", + "times": 0, + "recurrent": False, + "endingDate": "0001-01-01T00:00:00Z", + "timezoneOffset": 0, + "cronView": False, + "scheduled": False, + "entryTask": None, + "taskId": "", + "playbookId": "", + "reputationSize": 0, + "contentsSize": 0, + "brand": "Core REST API", + "instance": "Core REST API_instance_1", + "InstanceID": "72f3d562-b3fa-4ef9-8c97-d60811a170f5", + "IndicatorTimeline": None, + "Relationships": None, + "mirrored": False, + }, + "IndicatorTimeline": None, + "NextRun": "", + "Timeout": "", + "PollingCommand": "", + "PollingArgs": None, + "PollingItemsRemaining": 0, + "Relationships": None, + "APIExecutionMetrics": None, + } + ] + if args == ["core-api-get", {"uri": "/layouts"}]: + return [ + { + "ModuleName": "Core REST API_instance_1", + "Brand": "Core REST API", + "Category": "Utilities", + "ID": "", + "Version": 0, + "Type": 1, + "Contents": { + "response": [ + { + "cacheVersn": 0, + "close": None, + "commitMessage": "", + "definitionId": "", + "description": "ASN Indicator Layout", + "detached": False, + "details": None, + "detailsV2": { + "tabs": [ + { + 'sections': [ + { + 'name': 'test-name', + 'items': [ + {'fieldId': 'asowner'} + ], + 'columns': [ + {'key': 'asowner'} + ], + 'type': 'evidence' + } + ] + } + ] + }, + "edit": { + "sections": [ + { + "description": "", + "fields": [ + { + "fieldId": "indicator_value", + "isVisible": True, + } + ], + "isVisible": True, + "name": "Basic Information", + "query": None, + "queryType": "", + "readOnly": False, + "type": "basicInformationSection", + } + ] + }, + "fromServerVersion": "6.10.0", + "group": "indicator", + "id": "ASN", + "indicatorsDetails": { + "TypeName": "", + "tabs": [ + { + "id": "main", + "name": "Summary", + "sections": [ + { + "columns": [ + { + "displayed": True, + "isDefault": False, + "key": "id", + "width": 110, + } + ], + "displayType": "ROW", + "h": 2, + "hideName": False, + "i": "main-c1f3f0d0-a09d-11e9-8956-390f602b039a", + "isVisible": True, + "items": None, + "maxW": 3, + "minH": 1, + "moved": False, + "name": "Related Incidents", + "readOnly": True, + "static": False, + "type": "relatedIncidents", + "w": 2, + "x": 0, + "y": 7, + } + ], + "type": "custom", + } + ], + }, + "indicatorsQuickView": { + "TypeName": "", + "tabs": [ + { + "id": "indicator-quick-view-info", + "name": "Info", + "sections": [ + { + "h": 1, + "hideName": True, + "i": "indicator-quick-view-info-expirationStatus", + "maxW": 3, + "moved": False, + "name": "Expiration Status", + "static": False, + "type": "expirationStatus", + "w": 1, + "x": 0, + "y": 0, + } + ], + "type": "custom", + } + ], + }, + "itemVersion": "3.4.8", + "locked": False, + "mobile": None, + "modified": "2024-04-14T21:02:54.574204883Z", + "name": "ASN", + "packID": "CommonTypes", + "packName": "Common Types", + "packPropagationLabels": ["all"], + "prevName": "ASN", + "propagationLabels": [], + "quickView": None, + "quickViewV2": None, + "shouldCommit": False, + "system": True, + "toServerVersion": "99.99.99", + "vcShouldIgnore": False, + "vcShouldKeepItemLegacyProdMachine": False, + "version": 14, + } + ] + }, + "HumanReadable": None, + "ImportantEntryContext": None, + "EntryContext": None, + "IgnoreAutoExtract": False, + "ReadableContentsFormat": "", + "ContentsFormat": "json", + "File": "", + "FileID": "", + "FileMetadata": None, + "System": "", + "Note": False, + "Evidence": False, + "EvidenceID": "", + "Tags": None, + "Metadata": { + "id": "", + "version": 0, + "cacheVersn": 0, + "modified": "0001-01-01T00:00:00Z", + "type": 1, + "created": "2024-07-03T13:14:55.524662778Z", + "incidentCreationTime": "0001-01-01T00:00:00Z", + "retryTime": "0001-01-01T00:00:00Z", + "user": "", + "errorSource": "", + "contents": "", + "format": "json", + "investigationId": "9dfe60aa-7485-4813-822a-03de171d38cb", + "file": "", + "fileID": "", + "parentId": "3363@9dfe60aa-7485-4813-822a-03de171d38cb", + "pinned": False, + "fileMetadata": None, + "parentContent": '!core-api-get uri="/layouts"', + "parentEntryTruncated": False, + "system": "", + "reputations": None, + "category": "", + "note": False, + "isTodo": False, + "tags": None, + "tagsRaw": None, + "startDate": "0001-01-01T00:00:00Z", + "times": 0, + "recurrent": False, + "endingDate": "0001-01-01T00:00:00Z", + "timezoneOffset": 0, + "cronView": False, + "scheduled": False, + "entryTask": None, + "taskId": "", + "playbookId": "", + "reputationSize": 0, + "contentsSize": 0, + "brand": "Core REST API", + "instance": "Core REST API_instance_1", + "InstanceID": "72f3d562-b3fa-4ef9-8c97-d60811a170f5", + "IndicatorTimeline": None, + "Relationships": None, + "mirrored": False, + }, + "IndicatorTimeline": None, + "NextRun": "", + "Timeout": "", + "PollingCommand": "", + "PollingArgs": None, + "PollingItemsRemaining": 0, + "Relationships": None, + "APIExecutionMetrics": None, + } + ] + if args == ["core-api-get", {"uri": "/incidenttype"}]: + return [ + { + "ModuleName": "Core REST API_instance_1", + "Brand": "Core REST API", + "Category": "Utilities", + "ID": "", + "Version": 0, + "Type": 1, + "Contents": { + "response": [ + { + "autorun": True, + "cacheVersn": 0, + "closureScript": "", + "color": "#2196F3", + "commitMessage": "", + "days": 0, + "daysR": 0, + "default": False, + "definitionId": "", + "detached": False, + "disabled": False, + "extractSettings": { + "fieldCliNameToExtractSettings": {}, + "mode": "All", + }, + "fromServerVersion": "5.0.0", + "hours": 0, + "hoursR": 0, + "id": "AWS CloudTrail Misconfiguration", + "itemVersion": "4.3.0", + "layout": "AWS CloudTrail Misconfiguration", + "locked": False, + "modified": "2024-03-07T16:06:29.680779269Z", + "name": "test-name", + "onChangeRepAlg": 1, + "packID": "PrismaCloud", + "packName": "Prisma Cloud by Palo Alto Networks", + "packPropagationLabels": ["all"], + "playbookId": "Prisma Cloud Remediation - AWS CloudTrail Misconfiguration v2", + "preProcessingScript": "", + "prevName": "AWS CloudTrail Misconfiguration", + "propagationLabels": [], + "readonly": False, + "reputationCalc": 0, + "shouldCommit": False, + "system": True, + "toServerVersion": "", + "vcShouldIgnore": False, + "vcShouldKeepItemLegacyProdMachine": False, + "version": 2, + "weeks": 0, + "weeksR": 0, + } + ] + }, + "HumanReadable": None, + "ImportantEntryContext": None, + "EntryContext": None, + "IgnoreAutoExtract": False, + "ReadableContentsFormat": "", + "ContentsFormat": "json", + "File": "", + "FileID": "", + "FileMetadata": None, + "System": "", + "Note": False, + "Evidence": False, + "EvidenceID": "", + "Tags": None, + "Metadata": { + "id": "", + "version": 0, + "cacheVersn": 0, + "modified": "0001-01-01T00:00:00Z", + "type": 1, + "created": "2024-07-03T13:14:57.620606924Z", + "incidentCreationTime": "0001-01-01T00:00:00Z", + "retryTime": "0001-01-01T00:00:00Z", + "user": "", + "errorSource": "", + "contents": "", + "format": "json", + "investigationId": "9dfe60aa-7485-4813-822a-03de171d38cb", + "file": "", + "fileID": "", + "parentId": "3363@9dfe60aa-7485-4813-822a-03de171d38cb", + "pinned": False, + "fileMetadata": None, + "parentContent": '!core-api-get uri="/incidenttype"', + "parentEntryTruncated": False, + "system": "", + "reputations": None, + "category": "", + "note": False, + "isTodo": False, + "tags": None, + "tagsRaw": None, + "startDate": "0001-01-01T00:00:00Z", + "times": 0, + "recurrent": False, + "endingDate": "0001-01-01T00:00:00Z", + "timezoneOffset": 0, + "cronView": False, + "scheduled": False, + "entryTask": None, + "taskId": "", + "playbookId": "", + "reputationSize": 0, + "contentsSize": 0, + "brand": "Core REST API", + "instance": "Core REST API_instance_1", + "InstanceID": "72f3d562-b3fa-4ef9-8c97-d60811a170f5", + "IndicatorTimeline": None, + "Relationships": None, + "mirrored": False, + }, + "IndicatorTimeline": None, + "NextRun": "", + "Timeout": "", + "PollingCommand": "", + "PollingArgs": None, + "PollingItemsRemaining": 0, + "Relationships": None, + "APIExecutionMetrics": None, + } + ] + if args == ["core-api-post", {"uri": "/classifier/search", "body": {}}]: + return [ + { + "ModuleName": "Core REST API_instance_1", + "Brand": "Core REST API", + "Category": "Utilities", + "ID": "", + "Version": 0, + "Type": 1, + "Contents": { + "response": { + "classifiers": [ + { + "brands": None, + "cacheVersn": 0, + "commitMessage": "", + "defaultIncidentType": "", + "definitionId": "", + "description": "", + "feed": False, + "fromServerVersion": "", + "id": "test-name", + "incidentSamples": None, + "indicatorSamples": None, + "instanceIds": None, + "itemVersion": "", + "keyTypeMap": {}, + "locked": False, + "logicalVersion": 0, + "mapping": None, + "modified": "2023-09-18T18:35:58.071985304Z", + "name": "test-name", + "nameRaw": "any", + "packID": "test-name", + "packName": "test-name", + "prevName": "any", + "propagationLabels": ["all"], + "shouldCommit": False, + "sourceClassifierId": "", + "system": False, + "toServerVersion": "", + "transformer": {}, + "type": "mapping-incoming", + "unclassifiedCases": {}, + "version": 1, + } + ], + "total": 61, + } + }, + "HumanReadable": None, + "ImportantEntryContext": None, + "EntryContext": None, + "IgnoreAutoExtract": False, + "ReadableContentsFormat": "", + "ContentsFormat": "json", + "File": "", + "FileID": "", + "FileMetadata": None, + "System": "", + "Note": False, + "Evidence": False, + "EvidenceID": "", + "Tags": None, + "Metadata": { + "id": "", + "version": 0, + "cacheVersn": 0, + "modified": "0001-01-01T00:00:00Z", + "type": 1, + "created": "2024-07-03T13:14:59.444418724Z", + "incidentCreationTime": "0001-01-01T00:00:00Z", + "retryTime": "0001-01-01T00:00:00Z", + "user": "", + "errorSource": "", + "contents": "", + "format": "json", + "investigationId": "9dfe60aa-7485-4813-822a-03de171d38cb", + "file": "", + "fileID": "", + "parentId": "3363@9dfe60aa-7485-4813-822a-03de171d38cb", + "pinned": False, + "fileMetadata": None, + "parentContent": '!core-api-post uri="/classifier/search" body="{}"', + "parentEntryTruncated": False, + "system": "", + "reputations": None, + "category": "", + "note": False, + "isTodo": False, + "tags": None, + "tagsRaw": None, + "startDate": "0001-01-01T00:00:00Z", + "times": 0, + "recurrent": False, + "endingDate": "0001-01-01T00:00:00Z", + "timezoneOffset": 0, + "cronView": False, + "scheduled": False, + "entryTask": None, + "brand": "Core REST API", + "instance": "Core REST API_instance_1", + "InstanceID": "72f3d562-b3fa-4ef9-8c97-d60811a170f5", + "IndicatorTimeline": None, + "Relationships": None, + "mirrored": False, + }, + "IndicatorTimeline": None, + "NextRun": "", + "Timeout": "", + "PollingCommand": "", + "PollingArgs": None, + "PollingItemsRemaining": 0, + "Relationships": None, + "APIExecutionMetrics": None, + } + ] + if args in [ + [ + "core-api-post", + {"uri": "/playbook/search", "body": {"query": "hidden:F"}}, + ], + [ + "core-api-post", + {"uri": "/playbook/search", "body": {"query": "system:F AND hidden:F"}}, + ], + ]: + return [ + { + "ModuleName": "Core REST API_instance_1", + "Brand": "Core REST API", + "Category": "Utilities", + "ID": "", + "Version": 0, + "Type": 1, + "Contents": { + "response": { + "playbooks": [ + { + "brands": ["OPSWAT Filescan"], + "cacheVersn": 0, + "commands": ["test-name"], + "comment": "Detonate file through active integrations that support file detonation", + "commitMessage": "", + "definitionId": "", + "fromServerVersion": "5.0.0", + "id": "test-name", + "inputs": [ + { + "description": "Entry ID of file to be detonated", + "key": "EntryID", + "value": { + "complex": { + "accessor": "EntryID", + "filters": None, + "root": "File", + "transformers": None, + } + }, + } + ], + "itemVersion": "2.3.57", + "modified": "2023-05-17T08:32:30.57488926Z", + "name": "test-name", + "nameRaw": "test-name", + "outputs": [ + { + "contextPath": "Joe.Analysis.Status", + "description": "Analysis Status", + "type": "string", + } + ], + "packID": "", + "packName": "Common Playbooks", + "prevName": "Detonate File - Generic_copy", + "propagationLabels": ["all"], + "scriptIds": [], + "shouldCommit": False, + "sourcePlaybookID": "Detonate File - Generic", + "startTaskId": "0", + "taskIds": ["3727eda2-2c84-4730-8739-b54bc07a36c3"], + "tasks": { + "0": { + "continueOnErrorType": "", + "evidenceData": {}, + "id": "0", + "nextTasks": {"#none#": ["8"]}, + "skipUnavailable": True, + "task": { + "cacheVersn": 0, + "description": "Playbook start point", + "id": "454650df-c42f-4915-84cf-9a908e1bff04", + "modified": "2023-05-22T08:32:46.190077263Z", + "version": 4, + }, + "taskId": "454650df-c42f-4915-84cf-9a908e1bff04", + "type": "start", + "view": {"position": {"x": 2830, "y": 50}}, + }, + "10": { + "continueOnErrorType": "", + "evidenceData": {}, + "id": "10", + "loop": {"wait": 1}, + "nextTasks": {"#none#": ["3"]}, + "scriptArguments": { + "File": { + "complex": { + "filters": None, + "root": "inputs.File", + "transformers": None, + } + }, + "FileName": { + "simple": "file-detonated-via-demisto" + }, + "Interval": {"simple": "1"}, + "Timeout": {"simple": "15"}, + "playbook": {"simple": "default"}, + }, + "separateContext": True, + "skipUnavailable": True, + "task": { + "cacheVersn": 0, + "description": "Detonate one or more files using the ThreatGrid integration. This playbook returns relevant reports to the War Room and file reputations to the context data. The detonation supports the following file types - EXE, DLL, JAR, JS, PDF, DOC, DOCX, RTF, XLS, PPT, PPTX, XML, ZIP, VBN, SEP, XZ, GZ, BZ2, TAR, MHTML, SWF, LNK, URL, MSI, JTD, JTT, JTDC, JTTC, HWP, HWT, HWPX, BAT, HTA, PS1, VBS, WSF, JSE, VBE, CHM", + "id": "e82f2557-2a9d-4e13-81b1-ad3f4d685f3d", + "modified": "2023-05-22T08:32:46.190477867Z", + "name": "Detonate File - ThreatGrid", + "playbookName": "Detonate File - ThreatGrid", + "type": "playbook", + "version": 4, + }, + "taskId": "e82f2557-2a9d-4e13-81b1-ad3f4d685f3d", + "type": "playbook", + "view": {"position": {"x": 910, "y": 545}}, + }, + "11": { + "continueOnErrorType": "", + "evidenceData": {}, + "id": "11", + "loop": {"wait": 1}, + "nextTasks": {"#none#": ["3"]}, + "scriptArguments": { + "EnvironmentID": {"simple": "100"}, + "File": { + "complex": { + "filters": None, + "root": "inputs.File", + "transformers": None, + } + }, + "Interval": {"simple": "5"}, + "Timeout": {"simple": "30"}, + }, + "separateContext": True, + "skipUnavailable": True, + "task": { + "cacheVersn": 0, + "description": "Detonate one or more files using the CrowdStrike Falcon Sandbox integration. This playbook returns relevant reports to the War Room and file reputations to the context data. The detonation supports the following file types - PE32, EXE, DLL, JAR, JS, PDF, DOC, DOCX, RTF, XLS, PPT, PPTX, XML, ZIP, VBN, SEP, XZ, GZ, BZ2, TAR, MHTML, SWF, LNK, URL, MSI, JTD, JTT, JTDC, JTTC, HWP, HWT, HWPX, BAT, HTA, PS1, VBS, WSF, JSE, VBE, CHM", + "id": "f1c56438-d1b6-4848-8608-c6292f3905b9", + "modified": "2023-05-22T08:32:46.190283867Z", + "name": "CrowdStrike Falcon Sandbox - Detonate file", + "playbookName": "CrowdStrike Falcon Sandbox - Detonate file", + "type": "playbook", + "version": 4, + }, + "taskId": "f1c56438-d1b6-4848-8608-c6292f3905b9", + "type": "playbook", + "view": {"position": {"x": 1340, "y": 545}}, + }, + "13": { + "continueOnErrorType": "", + "evidenceData": {}, + "id": "13", + "loop": {"wait": 1}, + "nextTasks": {"#none#": ["3"]}, + "scriptArguments": { + "File": { + "complex": { + "filters": None, + "root": "inputs.File", + "transformers": None, + } + }, + "Interval": {"simple": "1"}, + "Timeout": {"simple": "15"}, + }, + "separateContext": True, + "skipUnavailable": True, + "task": { + "cacheVersn": 0, + "description": "", + "id": "0a805640-8d5e-46d4-87f2-04a0781a6ca5", + "modified": "2023-05-22T08:32:46.190109937Z", + "name": "WildFire - Detonate file", + "playbookId": "WildFire - Detonate file", + "type": "playbook", + "version": 4, + }, + "taskId": "0a805640-8d5e-46d4-87f2-04a0781a6ca5", + "type": "playbook", + "view": {"position": {"x": 1770, "y": 545}}, + }, + "14": { + "continueOnErrorType": "", + "evidenceData": {}, + "id": "14", + "loop": {"wait": 1}, + "nextTasks": {"#none#": ["3"]}, + "scriptArguments": { + "File": { + "complex": { + "filters": None, + "root": "inputs.File", + "transformers": None, + } + }, + "Interval": {"simple": "1"}, + "Timeout": {"simple": "15"}, + }, + "separateContext": True, + "skipUnavailable": True, + "task": { + "cacheVersn": 0, + "description": "", + "id": "d8093197-7aa9-4b18-8774-563225e8c72b", + "modified": "2023-05-22T08:32:46.190509438Z", + "name": "Detonate File - Lastline v2", + "playbookName": "Detonate File - Lastline v2", + "type": "playbook", + "version": 4, + }, + "taskId": "d8093197-7aa9-4b18-8774-563225e8c72b", + "type": "playbook", + "view": {"position": {"x": 2200, "y": 545}}, + }, + "15": { + "continueOnErrorType": "", + "evidenceData": {}, + "id": "15", + "loop": {"wait": 1}, + "nextTasks": {"#none#": ["3"]}, + "scriptArguments": { + "File": { + "complex": { + "filters": None, + "root": "inputs.File", + "transformers": None, + } + }, + "interval": {"simple": "1"}, + "timeout": {"simple": "10"}, + }, + "separateContext": True, + "skipUnavailable": True, + "task": { + "cacheVersn": 0, + "description": "Detonates a file using Cuckoo sandbox", + "id": "0e879eba-0377-44bf-81c4-83468555fec4", + "modified": "2023-05-22T08:32:46.190396139Z", + "name": "Detonate File - Cuckoo", + "playbookName": "Detonate File - Cuckoo", + "type": "playbook", + "version": 4, + }, + "taskId": "0e879eba-0377-44bf-81c4-83468555fec4", + "type": "playbook", + "view": {"position": {"x": 2630, "y": 545}}, + }, + "17": { + "continueOnErrorType": "", + "evidenceData": {}, + "id": "17", + "nextTasks": {"#none#": ["3"]}, + "scriptArguments": { + "EnvironmentID": {"simple": "100"}, + "File": { + "complex": { + "filters": None, + "root": "inputs.File", + "transformers": None, + } + }, + "InternetAccess": {"simple": "True"}, + "Interval": {"simple": "1"}, + "Timeout": {"simple": "15"}, + }, + "separateContext": True, + "skipUnavailable": True, + "task": { + "cacheVersn": 0, + "description": "", + "id": "8bcf20e7-7f82-434b-8b21-200f3423a0ce", + "modified": "2023-05-22T08:32:46.190173761Z", + "name": "Detonate File - HybridAnalysis", + "playbookName": "Detonate File - HybridAnalysis", + "type": "playbook", + "version": 4, + }, + "taskId": "8bcf20e7-7f82-434b-8b21-200f3423a0ce", + "type": "playbook", + "view": {"position": {"x": 3060, "y": 545}}, + }, + "18": { + "continueOnErrorType": "", + "evidenceData": {}, + "id": "18", + "nextTasks": {"#none#": ["3"]}, + "scriptArguments": { + "File": { + "complex": { + "filters": None, + "root": "inputs.File", + "transformers": None, + } + }, + "Interval": {"simple": "1"}, + "Timeout": {"simple": "15"}, + }, + "separateContext": True, + "skipUnavailable": True, + "task": { + "cacheVersn": 0, + "description": "", + "id": "11d549c4-31e9-4cd9-8983-9e1a1c7c4baf", + "modified": "2023-05-22T08:32:46.190313127Z", + "name": "Detonate File - ANYRUN", + "playbookName": "Detonate File - ANYRUN", + "type": "playbook", + "version": 4, + }, + "taskId": "11d549c4-31e9-4cd9-8983-9e1a1c7c4baf", + "type": "playbook", + "view": {"position": {"x": 3490, "y": 545}}, + }, + "19": { + "continueOnErrorType": "", + "evidenceData": {}, + "id": "19", + "loop": {"wait": 1}, + "nextTasks": {"#none#": ["3"]}, + "scriptArguments": { + "File": { + "complex": { + "filters": None, + "root": "inputs.File", + "transformers": None, + } + }, + "Interval": {"simple": "1"}, + "Timeout": {"simple": "30"}, + }, + "separateContext": True, + "skipUnavailable": True, + "task": { + "cacheVersn": 0, + "description": "", + "id": "3727eda2-2c84-4730-8739-b54bc07a36c3", + "modified": "2023-05-22T08:32:46.190008738Z", + "name": "Detonate File - FireEye AX", + "playbookName": "Detonate File - FireEye AX", + "type": "playbook", + "version": 4, + }, + "taskId": "3727eda2-2c84-4730-8739-b54bc07a36c3", + "type": "playbook", + "view": {"position": {"x": 3920, "y": 545}}, + }, + "20": { + "continueOnErrorType": "", + "evidenceData": {}, + "id": "20", + "loop": {"wait": 1}, + "nextTasks": {"#none#": ["3"]}, + "scriptArguments": { + "File": { + "complex": { + "filters": None, + "root": "inputs.File", + "transformers": [ + {"operator": "uniq"} + ], + } + }, + "interval": {"simple": "1"}, + "timeout": {"simple": "10"}, + }, + "separateContext": True, + "skipUnavailable": True, + "task": { + "cacheVersn": 0, + "description": "Detonates a file using VMRay", + "id": "77b7e144-a6a2-4e93-8e69-1160f9921573", + "modified": "2023-05-22T08:32:46.190227888Z", + "name": "Detonate File - VMRay", + "playbookName": "Detonate File - VMRay", + "type": "playbook", + "version": 4, + }, + "taskId": "77b7e144-a6a2-4e93-8e69-1160f9921573", + "type": "playbook", + "view": {"position": {"x": 4350, "y": 545}}, + }, + "21": { + "continueOnErrorType": "", + "evidenceData": {}, + "id": "21", + "nextTasks": {"#none#": ["3"]}, + "scriptArguments": { + "Interval": {"simple": "1"}, + "Timeout": {"simple": "60"}, + "file_id": { + "complex": { + "filters": None, + "root": "inputs.EntryID", + "transformers": None, + } + }, + }, + "separateContext": True, + "skipUnavailable": True, + "task": { + "cacheVersn": 0, + "description": "", + "id": "d5fc7c74-18a2-47b3-884a-da98e6cf985c", + "modified": "2023-05-22T08:32:46.190042294Z", + "name": "Detonate File - Group-IB TDS Polygon", + "playbookName": "Detonate File - Group-IB TDS Polygon", + "type": "playbook", + "version": 4, + }, + "taskId": "d5fc7c74-18a2-47b3-884a-da98e6cf985c", + "type": "playbook", + "view": {"position": {"x": 4780, "y": 545}}, + }, + "22": { + "continueOnErrorType": "", + "evidenceData": {}, + "id": "22", + "nextTasks": {"#none#": ["3"]}, + "scriptArguments": { + "File": { + "complex": { + "filters": None, + "root": "inputs.File", + "transformers": None, + } + }, + "Interval": {"simple": "1"}, + "Timeout": {"simple": "15"}, + }, + "separateContext": True, + "skipUnavailable": True, + "task": { + "cacheVersn": 0, + "description": "", + "id": "eacb2317-3f4c-4677-81ea-2870527bab0d", + "modified": "2023-05-22T08:32:46.190340915Z", + "name": "Detonate File - CrowdStrike Falcon Intelligence Sandbox", + "playbookName": "Detonate File - CrowdStrike Falcon Intelligence Sandbox", + "type": "playbook", + "version": 4, + }, + "taskId": "eacb2317-3f4c-4677-81ea-2870527bab0d", + "type": "playbook", + "view": {"position": {"x": 5210, "y": 545}}, + }, + "23": { + "continueOnErrorType": "", + "evidenceData": {}, + "id": "23", + "nextTasks": {"#none#": ["3"]}, + "separateContext": True, + "skipUnavailable": True, + "task": { + "cacheVersn": 0, + "description": "", + "id": "424a0a83-0985-4401-8d3a-8040b957c728", + "modified": "2023-05-22T08:32:46.190367232Z", + "name": "Detonate File - SecneurX Analysis", + "playbookName": "Detonate File - SecneurX Analysis", + "type": "playbook", + "version": 4, + }, + "taskId": "424a0a83-0985-4401-8d3a-8040b957c728", + "type": "playbook", + "view": {"position": {"x": 5640, "y": 545}}, + }, + "25": { + "continueOnErrorType": "", + "evidenceData": {}, + "id": "25", + "nextTasks": {"#none#": ["3"]}, + "scriptArguments": { + "entry_id": { + "simple": "${inputs.File.EntryID}" + } + }, + "skipUnavailable": True, + "task": { + "brand": "OPSWAT Filescan", + "cacheVersn": 0, + "description": "", + "id": "6eee8d6f-cf93-492e-857b-e40ff9119171", + "isCommand": True, + "modified": "2023-05-17T07:23:51.462895403Z", + "name": "Detonate File - OPSWAT", + "scriptId": "OPSWAT Filescan|||test-name", + "type": "regular", + "version": 1, + }, + "taskId": "6eee8d6f-cf93-492e-857b-e40ff9119171", + "type": "regular", + "view": {"position": {"x": 6270, "y": 545}}, + }, + "26": { + "conditions": [ + { + "condition": [ + [ + { + "left": { + "isContext": True, + "value": { + "simple": "inputs.File.EntryID" + }, + }, + "operator": "isExists", + } + ] + ], + "label": "yes", + } + ], + "continueOnErrorType": "", + "evidenceData": {}, + "id": "26", + "nextTasks": { + "#default#": ["3"], + "yes": ["25"], + }, + "task": { + "cacheVersn": 0, + "description": "Checks if there is a file to detonate.", + "id": "de2e02d1-0bc3-45dc-8484-08de21e236dc", + "modified": "2023-05-17T07:23:51.423875118Z", + "name": "Check if file exists", + "type": "condition", + "version": 1, + }, + "taskId": "de2e02d1-0bc3-45dc-8484-08de21e236dc", + "type": "condition", + "view": {"position": {"x": 6060, "y": 330}}, + }, + "3": { + "continueOnErrorType": "", + "evidenceData": {}, + "id": "3", + "skipUnavailable": True, + "task": { + "cacheVersn": 0, + "description": "Done", + "id": "2a8f5bbb-7692-4ece-8abe-9801c7b05c3c", + "isTitleTask": True, + "modified": "2023-05-22T08:32:46.190202567Z", + "name": "Done", + "type": "title", + "version": 4, + }, + "taskId": "2a8f5bbb-7692-4ece-8abe-9801c7b05c3c", + "type": "title", + "view": {"position": {"x": 3490, "y": 720}}, + }, + "8": { + "continueOnErrorType": "", + "evidenceData": {}, + "id": "8", + "loop": {"wait": 1}, + "nextTasks": {"#none#": ["3"]}, + "scriptArguments": { + "File": { + "complex": { + "filters": None, + "root": "inputs.File", + "transformers": None, + } + }, + "InternetAccess": {"simple": "True"}, + "Interval": {"simple": "1"}, + "Timeout": {"simple": "15"}, + }, + "separateContext": True, + "skipUnavailable": True, + "task": { + "cacheVersn": 0, + "description": "", + "id": "f6627718-5952-4240-8fba-104c1350e79b", + "modified": "2023-05-22T08:32:46.190420094Z", + "name": "Detonate File - JoeSecurity", + "playbookId": "detonatefile_-_joesecurity", + "type": "playbook", + "version": 5, + }, + "taskId": "f6627718-5952-4240-8fba-104c1350e79b", + "type": "playbook", + "view": {"position": {"x": 50, "y": 545}}, + }, + "9": { + "continueOnErrorType": "", + "evidenceData": {}, + "id": "9", + "loop": {"wait": 1}, + "nextTasks": {"#none#": ["3"]}, + "scriptArguments": { + "File": { + "complex": { + "filters": None, + "root": "inputs.File", + "transformers": None, + } + }, + "Interval": {"simple": "1"}, + "Timeout": {"simple": "15"}, + }, + "separateContext": True, + "skipUnavailable": True, + "task": { + "cacheVersn": 0, + "description": "", + "id": "c04567fa-641d-4b51-8c94-561516554b3d", + "modified": "2023-05-22T08:32:46.190449601Z", + "name": "ATD - Detonate File", + "playbookName": "ATD - Detonate File", + "type": "playbook", + "version": 4, + }, + "taskId": "c04567fa-641d-4b51-8c94-561516554b3d", + "type": "playbook", + "view": {"position": {"x": 480, "y": 545}}, + }, + }, + "toServerVersion": "", + "vcShouldIgnore": False, + "vcShouldKeepItemLegacyProdMachine": False, + "version": 32, + "view": { + "linkLabelsPosition": {}, + "paper": { + "dimensions": { + "height": 735, + "width": 6600, + "x": 50, + "y": 50, + } + }, + }, + } + ], + "tags": ["ITDR"], + "total": 455, + } + }, + "HumanReadable": None, + "ImportantEntryContext": None, + "EntryContext": None, + "IgnoreAutoExtract": False, + "ReadableContentsFormat": "", + "ContentsFormat": "json", + "File": "", + "FileID": "", + "FileMetadata": None, + "System": "", + "Note": False, + "Evidence": False, + "EvidenceID": "", + "Tags": None, + "Metadata": { + "id": "", + "version": 0, + "cacheVersn": 0, + "modified": "0001-01-01T00:00:00Z", + "type": 1, + "created": "2024-07-03T13:15:02.88342401Z", + "incidentCreationTime": "0001-01-01T00:00:00Z", + "retryTime": "0001-01-01T00:00:00Z", + "user": "", + "errorSource": "", + "contents": "", + "format": "json", + "investigationId": "9dfe60aa-7485-4813-822a-03de171d38cb", + "file": "", + "fileID": "", + "parentId": "3363@9dfe60aa-7485-4813-822a-03de171d38cb", + "pinned": False, + "fileMetadata": None, + "parentContent": '!core-api-post uri="/playbook/search" body="{\\"query\\":\\"hidden:F\\"}"', + "parentEntryTruncated": False, + "system": "", + "reputations": None, + "category": "", + "note": False, + "isTodo": False, + "tags": None, + "tagsRaw": None, + "startDate": "0001-01-01T00:00:00Z", + "times": 0, + "recurrent": False, + "endingDate": "0001-01-01T00:00:00Z", + "timezoneOffset": 0, + "cronView": False, + "scheduled": False, + "entryTask": None, + "taskId": "", + "playbookId": "", + "reputationSize": 0, + "contentsSize": 0, + "brand": "Core REST API", + "instance": "Core REST API_instance_1", + "InstanceID": "72f3d562-b3fa-4ef9-8c97-d60811a170f5", + "IndicatorTimeline": None, + "Relationships": None, + "mirrored": False, + }, + "IndicatorTimeline": None, + "NextRun": "", + "Timeout": "", + "PollingCommand": "", + "PollingArgs": None, + "PollingItemsRemaining": 0, + "Relationships": None, + "APIExecutionMetrics": None, + } + ] + if args == [ + "core-api-post", + {"uri": "/automation/search", "body": {"query": "hidden:F"}}, + ]: + return [ + { + "ModuleName": "Core REST API_instance_1", + "Brand": "Core REST API", + "Category": "Utilities", + "ID": "", + "Version": 0, + "Type": 1, + "Contents": { + "response": { + "pythonEnabled": True, + "scripts": [ + { + "arguments": [ + { + "default": False, + "deprecated": False, + "description": "The indicator value (ex 1.1.1.1)", + "hidden": False, + "name": "indicator", + "required": True, + "secret": False, + "type": "", + } + ], + "comment": "Add DBot score to context for indicators with custom vendor, score, reliability, and type.", + "contextKeys": [], + "detached": False, + "dockerImage": "demisto/python3:3.10.13.86272", + "enabled": True, + "id": "AddDBotScoreToContext", + "locked": False, + "modified": "2024-05-27T14:22:57.994206625Z", + "name": "AddDBotScoreToContext", + "permitted": True, + "propagationLabels": None, + "roles": None, + "runAs": "DBotWeakRole", + "scriptTarget": 0, + "system": True, + "tags": [], + "type": "python", + "user": "", + "version": 24, + } + ], + "selectedScript": None, + "suggestions": ["Amazon Web Services"], + } + }, + "HumanReadable": None, + "ImportantEntryContext": None, + "EntryContext": None, + "IgnoreAutoExtract": False, + "ReadableContentsFormat": "", + "ContentsFormat": "json", + "File": "", + "FileID": "", + "FileMetadata": None, + "System": "", + "Note": False, + "Evidence": False, + "EvidenceID": "", + "Tags": None, + "Metadata": { + "id": "", + "version": 0, + "cacheVersn": 0, + "modified": "0001-01-01T00:00:00Z", + "type": 1, + "created": "2024-07-03T13:15:08.481329058Z", + "incidentCreationTime": "0001-01-01T00:00:00Z", + "retryTime": "0001-01-01T00:00:00Z", + "user": "", + "errorSource": "", + "contents": "", + "format": "json", + "investigationId": "9dfe60aa-7485-4813-822a-03de171d38cb", + "file": "", + "fileID": "", + "parentId": "3363@9dfe60aa-7485-4813-822a-03de171d38cb", + "pinned": False, + "fileMetadata": None, + "parentContent": '!core-api-post uri="/automation/search" body="{\\"query\\":\\"hidden:F\\"}"', + "parentEntryTruncated": False, + "system": "", + "reputations": None, + "category": "", + "note": False, + "isTodo": False, + "tags": None, + "tagsRaw": None, + "startDate": "0001-01-01T00:00:00Z", + "times": 0, + "recurrent": False, + "endingDate": "0001-01-01T00:00:00Z", + "timezoneOffset": 0, + "cronView": False, + "scheduled": False, + "entryTask": None, + "taskId": "", + "playbookId": "", + "reputationSize": 0, + "contentsSize": 0, + "brand": "Core REST API", + "instance": "Core REST API_instance_1", + "InstanceID": "72f3d562-b3fa-4ef9-8c97-d60811a170f5", + "IndicatorTimeline": None, + "Relationships": None, + "mirrored": False, + }, + "IndicatorTimeline": None, + "NextRun": "", + "Timeout": "", + "PollingCommand": "", + "PollingArgs": None, + "PollingItemsRemaining": 0, + "Relationships": None, + "APIExecutionMetrics": None, + } + ] + if args == ["core-api-post", {"uri": "/settings/integration/search", "body": {}}]: + return [ + { + "ModuleName": "Core REST API_instance_1", + "Brand": "test-name", + "Category": "Utilities", + "ID": "", + "Version": 0, + "Type": 1, + "Contents": { + "response": { + "configurations": [ + { + "brand": "test-name", + "cacheVersn": 0, + "canGetSamples": False, + "category": "Authentication", + "commitMessage": "", + "configuration": [ + { + "defaultValue": "", + "display": "Server IP (e.g. 0.0.0.0)", + "displayPassword": "", + "hidden": False, + "hiddenPassword": False, + "hiddenUsername": False, + "info": "", + "name": "test-name", + "options": None, + "required": True, + "type": 0, + } + ], + "definitionId": "", + "description": "Authenticate using Active Directory", + "detailedDescription": "To use test-name with STARTTLS, please use the generic 'LDAP Authentication' integration instead.", + "display": "test-name", + "fromServerVersion": "", + "hidden": False, + "icon": "activedirectory.png", + "id": "test-name", + "image": "", + "integrationScript": { + "commands": [ + {"name": "test-name"} + ] + }, + "itemVersion": "", + "modified": "2024-06-06T15:38:50.814677124Z", + "name": "test-name", + "packID": "", + "packName": "", + "prevName": "activedir-login", + "shouldCommit": False, + "toServerVersion": "", + "vcShouldIgnore": False, + "vcShouldKeepItemLegacyProdMachine": False, + "version": 13, + } + ], + "engines": { + "engineGroups": None, + "engines": [], + "pkgTypes": ["shell"], + "requestedLogs": {}, + "total": 0, + }, + "health": { + "XSOAR Mirroring_instance_1": { + "brand": "XSOAR Mirroring", + "cacheVersn": 0, + "creation_time": "2024-01-18T12:53:24.098299124Z", + "eventsPulled": 0, + "fetchDuration": 932303875, + "id": "XSOAR Mirroring.XSOAR Mirroring_instance_1", + "incidentsDropped": 0, + "incidentsPulled": 2, + "indicatorsPulled": 0, + "instance": "XSOAR Mirroring_instance_1", + "lastError": "", + "lastIngestionDuration": 160126217, + "lastPullTime": "2024-01-18T12:53:23.001642636Z", + "modified": "2024-01-18T12:53:24.098447308Z", + "sum_day": 0, + "sum_hour": 0, + "sum_week": 0, + "version": 1, + }, + }, + "instances": [ + { + "brand": "test-name", + "cacheVersn": 0, + "canSample": True, + "category": "Analytics & SIEM", + "cmdline": "", + "commandsPermissions": None, + "configtypes": { + "accessToken": 4, + "accesstoken_creds": 9, + "clientSecret": 4, + "clientToken": 4, + "clientsecret_creds": 9, + "clienttoken_creds": 9, + "configIds": 0, + "fetchLimit": 0, + "fetchTime": 0, + "host": 0, + "incidentFetchInterval": 19, + "incidentType": 13, + "insecure": 8, + "isFetch": 8, + "proxy": 8, + }, + "configuration": { + "brand": "", + "cacheVersn": 0, + "canGetSamples": False, + "category": "", + "commitMessage": "", + "configuration": None, + "definitionId": "", + "description": "", + "display": "", + "fromServerVersion": "", + "hidden": False, + "icon": "", + "id": "", + "integrationScript": { + "commands": [ + {"name": 'a name'} + ] + }, + "itemVersion": "", + "modified": "0001-01-01T00:00:00Z", + "name": "", + "packID": "", + "packName": "", + "prevName": "", + "shouldCommit": False, + "toServerVersion": "", + "vcShouldIgnore": False, + "vcShouldKeepItemLegacyProdMachine": False, + "version": 0, + }, + "configvalues": { + "accesstoken_creds": None, + "clientsecret_creds": None, + "clienttoken_creds": None, + "configIds": "50170", + "fetchLimit": "20", + "fetchTime": "1 hours", + "host": "", + "incidentFetchInterval": "1", + "incidentType": None, + "insecure": False, + "isFetch": False, + "proxy": False, + }, + "data": [ + { + "defaultValue": "", + "display": "Client secret", + "displayPassword": "", + "hasvalue": False, + "hidden": True, + "hiddenPassword": False, + "hiddenUsername": False, + "info": "", + "name": "clientSecret", + "options": None, + "required": False, + "type": 4, + "value": "", + } + ], + "debugMode": False, + "defaultIgnore": False, + "definitionId": "", + "displayPassword": "", + "enabled": "true", + "engine": "", + "engineGroup": "", + "eventFetchInterval": 0, + "executable": "", + "fromServerVersion": "", + "hidden": False, + "id": "test-name", + "incidentFetchInterval": 0, + "incomingMapperId": "", + "integrationLogLevel": "", + "isBuiltin": False, + "isFetchSamples": False, + "isIntegrationScript": True, + "isSystemIntegration": False, + "islongRunning": False, + "itemVersion": "", + "longRunningId": "", + "mappable": False, + "mappingId": "test-name", + "incident_type": "incident_type", + "modified": "2024-06-20T15:59:16.770092551Z", + "name": "test-name_instance_1", + "outgoingMapperId": "", + "packID": "", + "packName": "", + "password": "", + "passwordProtected": False, + "path": "", + "prevName": "", + "propagationLabels": ["all"], + "remoteSync": False, + "remoteSyncableIn": False, + "remoteSyncableOut": False, + "servicesID": "main", + "toServerVersion": "", + "version": 26, + } + ], + } + }, + "HumanReadable": None, + "ImportantEntryContext": None, + "EntryContext": None, + "IgnoreAutoExtract": False, + "ReadableContentsFormat": "", + "ContentsFormat": "json", + "File": "", + "FileID": "", + "FileMetadata": None, + "System": "", + "Note": False, + "Evidence": False, + "EvidenceID": "", + "Tags": None, + "Metadata": { + "id": "", + "version": 0, + "cacheVersn": 0, + "modified": "0001-01-01T00:00:00Z", + "type": 1, + "created": "2024-07-03T13:15:12.212056184Z", + "incidentCreationTime": "0001-01-01T00:00:00Z", + "retryTime": "0001-01-01T00:00:00Z", + "user": "", + "errorSource": "", + "contents": "", + "format": "json", + "investigationId": "9dfe60aa-7485-4813-822a-03de171d38cb", + "file": "", + "fileID": "", + "parentId": "3363@9dfe60aa-7485-4813-822a-03de171d38cb", + "pinned": False, + "fileMetadata": None, + "parentContent": '!core-api-post uri="/settings/integration/search" body="{}"', + "parentEntryTruncated": False, + "system": "", + "reputations": None, + "category": "", + "note": False, + "isTodo": False, + "tags": None, + "tagsRaw": None, + "startDate": "0001-01-01T00:00:00Z", + "times": 0, + "recurrent": False, + "endingDate": "0001-01-01T00:00:00Z", + "timezoneOffset": 0, + "cronView": False, + "scheduled": False, + "entryTask": None, + "taskId": "", + "playbookId": "test-name", + "reputationSize": 0, + "contentsSize": 0, + "brand": "Core REST API", + "instance": "Core REST API_instance_1", + "InstanceID": "72f3d562-b3fa-4ef9-8c97-d60811a170f5", + "IndicatorTimeline": None, + "Relationships": None, + "mirrored": False, + }, + "IndicatorTimeline": None, + "NextRun": "", + "Timeout": "", + "PollingCommand": "", + "PollingArgs": None, + "PollingItemsRemaining": 0, + "Relationships": None, + "APIExecutionMetrics": None, + } + ] + if args == [ + "core-api-post", + { + "uri": "/itemsdependencies", + "body": { + "items": [{"id": "test-name", "type": "playbook"}], + "dependencyLevel": "optional", + }, + }, + ]: + return [ + { + "ModuleName": "Core REST API_instance_1", + "Brand": "Core REST API", + "Category": "Utilities", + "ID": "", + "Version": 0, + "Type": 1, + "Contents": { + "response": { + "existing": { + "playbook": { + "test-name": [ + { + "LastModified": "2024-03-31T08:04:51.820403233Z", + "containsOverridableType": False, + "id": "test-name", + "locked": False, + "name": "test-name", + "overrideTenant": False, + "packID": "", + "system": False, + "type": "automation", + } + ] + } + }, + "missing": {}, + } + }, + "HumanReadable": None, + "ImportantEntryContext": None, + "EntryContext": None, + "IgnoreAutoExtract": False, + "ReadableContentsFormat": "", + "ContentsFormat": "json", + "File": "", + "FileID": "", + "FileMetadata": None, + "System": "", + "Note": False, + "Evidence": False, + "EvidenceID": "", + "Tags": None, + "Metadata": { + "id": "", + "version": 0, + "cacheVersn": 0, + "modified": "0001-01-01T00:00:00Z", + "type": 1, + "created": "2024-07-03T13:15:18.276939288Z", + "incidentCreationTime": "0001-01-01T00:00:00Z", + "retryTime": "0001-01-01T00:00:00Z", + "user": "", + "errorSource": "", + "contents": "", + "format": "json", + "investigationId": "9dfe60aa-7485-4813-822a-03de171d38cb", + "file": "", + "fileID": "", + "parentId": "3363@9dfe60aa-7485-4813-822a-03de171d38cb", + "pinned": False, + "fileMetadata": None, + "parentContent": '!core-api-post uri="/itemsdependencies" body="{\\"dependencyLevel\\":\\"optional\\",\\"items\\":[{\\"id\\":\\"test-name\\",\\"type\\":\\"playbook\\"}]}"', + "parentEntryTruncated": False, + "system": "", + "reputations": None, + "category": "", + "note": False, + "isTodo": False, + "tags": None, + "tagsRaw": None, + "startDate": "0001-01-01T00:00:00Z", + "times": 0, + "recurrent": False, + "endingDate": "0001-01-01T00:00:00Z", + "timezoneOffset": 0, + "cronView": False, + "scheduled": False, + "entryTask": None, + "taskId": "", + "playbookId": "", + "reputationSize": 0, + "contentsSize": 0, + "brand": "Core REST API", + "instance": "Core REST API_instance_1", + "InstanceID": "72f3d562-b3fa-4ef9-8c97-d60811a170f5", + "IndicatorTimeline": None, + "Relationships": None, + "mirrored": False, + }, + "IndicatorTimeline": None, + "NextRun": "", + "Timeout": "", + "PollingCommand": "", + "PollingArgs": None, + "PollingItemsRemaining": 0, + "Relationships": None, + "APIExecutionMetrics": None, + } + ] + if args == ["core-api-get", {"uri": "/automation/export/test-name"}]: + return [ + { + "ModuleName": "Core REST API_instance_1", + "Brand": "Core REST API", + "Category": "Utilities", + "ID": "", + "Version": 0, + "Type": 1, + "Contents": {"response": ""}, + "HumanReadable": None, + "ImportantEntryContext": None, + "EntryContext": None, + "IgnoreAutoExtract": False, + "ReadableContentsFormat": "", + "ContentsFormat": "json", + "File": "", + "FileID": "", + "FileMetadata": None, + "System": "", + "Note": False, + "Evidence": False, + "EvidenceID": "", + "Tags": None, + "Metadata": { + "id": "", + "version": 0, + "cacheVersn": 0, + "modified": "0001-01-01T00:00:00Z", + "type": 1, + "created": "2024-07-03T13:15:20.096195087Z", + "incidentCreationTime": "0001-01-01T00:00:00Z", + "retryTime": "0001-01-01T00:00:00Z", + "user": "", + "errorSource": "", + "contents": "", + "format": "json", + "investigationId": "9dfe60aa-7485-4813-822a-03de171d38cb", + "file": "", + "fileID": "", + "parentId": "3363@9dfe60aa-7485-4813-822a-03de171d38cb", + "pinned": False, + "fileMetadata": None, + "parentContent": '!core-api-get uri="/automation/export/test-name"', + "parentEntryTruncated": False, + "system": "", + "reputations": None, + "category": "", + "note": False, + "isTodo": False, + "tags": None, + "tagsRaw": None, + "startDate": "0001-01-01T00:00:00Z", + "times": 0, + "recurrent": False, + "endingDate": "0001-01-01T00:00:00Z", + "timezoneOffset": 0, + "cronView": False, + "scheduled": False, + "entryTask": None, + "taskId": "", + "playbookId": "", + "reputationSize": 0, + "contentsSize": 0, + "brand": "Core REST API", + "instance": "Core REST API_instance_1", + "InstanceID": "72f3d562-b3fa-4ef9-8c97-d60811a170f5", + "IndicatorTimeline": None, + "Relationships": None, + "mirrored": False, + }, + "IndicatorTimeline": None, + "NextRun": "", + "Timeout": "", + "PollingCommand": "", + "PollingArgs": None, + "PollingItemsRemaining": 0, + "Relationships": None, + "APIExecutionMetrics": None, + } + ] diff --git a/Packs/CommonScripts/pack_metadata.json b/Packs/CommonScripts/pack_metadata.json index 5330fcad4ab2..bcd23de15355 100644 --- a/Packs/CommonScripts/pack_metadata.json +++ b/Packs/CommonScripts/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Common Scripts", "description": "Frequently used scripts pack.", "support": "xsoar", - "currentVersion": "1.15.28", + "currentVersion": "1.15.29", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",