Merge branch 'master' into yc/Cloudflare

Packs/ApiModules/ReleaseNotes/2_2_39.md

@@ -0,0 +1,5 @@
+#### Scripts
+
+##### CoreXQLApiModule
+
+Documentation and metadata improvements.

Packs/ApiModules/Scripts/CoreXQLApiModule/CoreXQLApiModule.py

@@ -81,8 +81,10 @@ def _http_request(self, method, url_suffix='', full_url=None, headers=None, json
             default.
         '''
         if self.is_core and not IS_CORE_AVAILABLE:
-            raise DemistoException(f"Using the XQL Query Engine from the core Pack is available only from version "
-                                   f"{SERVER_VERSION}-{BUILD_VERSION}.")
+            raise DemistoException("Failed due to one of the following options: The integration is cloned, "
+                                   "please use only the built-in version since it can not be cloned."
+                                   " OR the Server version of the tenant is lower than"
+                                   f" {SERVER_VERSION}-{BUILD_VERSION}.")
         if (not IS_CORE_AVAILABLE):
             return BaseClient._http_request(self,  # we use the standard base_client http_request without overriding it
                                             method=method,

Packs/ApiModules/Scripts/CoreXQLApiModule/CoreXQLApiModule_test.py

@@ -989,34 +989,3 @@ def test_get_built_in_query_results_polling_command(mocker):
     )
     assert res.call_args.args[1]['tenants'] == ["tenantID", "tenantID"]
     assert res.call_args.args[1]['time_frame'] == '7 days'
-
-
-# @pytest.mark.parametrize('allow_bin_response', [True, False])
-# def test_request_for_bin_file_via_demisto_call(mocker, allow_bin_response):
-#     """
-#     Given:
-#         - An XSIAM machine with a build version that supports demisto._apiCall() with RBAC validations.
-#         - case 1 - build version that support response of binary files.
-#         - case 2 - build version that doesn't support response of binary files.
-#     When:
-#         - Calling the http_request method.
-#     Then:
-#         - case 1 - Make sure the response are as expected (base64 decoded).
-#         - case 2 - Make sure en DemistoException was thrown with details about the server version that allowed bin response.
-#     """
-#     from CoreXQLApiModule import CoreClient, ALLOW_BIN_CONTENT_RESPONSE_SERVER_VERSION, ALLOW_BIN_CONTENT_RESPONSE_BUILD_NUM
-#     test_bin_data = b'test bin data'
-#     client = CoreClient(
-#         base_url='some_url/public_api/v1', headers={},
-#     )
-#     mocker.patch("CoreXQLApiModule.FORWARD_USER_RUN_RBAC", new=True)
-#     mocker.patch("CoreXQLApiModule.ALLOW_RESPONSE_AS_BINARY", new=allow_bin_response)
-#     mocker.patch.object(demisto, "_apiCall", return_value={'name': '/api/webapp/public_api/v1',
-#                                                            'status': 200,
-#                                                            'data': test_bin_data})
-#     try:
-#         res = client._http_request(method="get",
-#                                    response_data_type='bin')
-#         assert res == test_bin_data
-#     except DemistoException as e:
-#         assert f'{ALLOW_BIN_CONTENT_RESPONSE_SERVER_VERSION}-{ALLOW_BIN_CONTENT_RESPONSE_BUILD_NUM}' in str(e)

Packs/ApiModules/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "ApiModules",
     "description": "API Modules",
     "support": "xsoar",
-    "currentVersion": "2.2.38",
+    "currentVersion": "2.2.39",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/Base/Scripts/CommonServerPython/CommonServerPython.yml

@@ -18,6 +18,8 @@ alt_dockerimages: # used for unit testing
 - demisto/python3:3.9.1.14969
 - demisto/python3:3.9.5.21272
 - demisto/python3:3.10.10.48392
+- demisto/python3:3.11.10.115186
+- demisto/python3:3.12.7.117934
 tests:
 - TestCommonPython
 - Test-debug-mode

Packs/CommonScripts/ReleaseNotes/1_19_12.md

@@ -0,0 +1,6 @@
+
+#### Scripts
+
+##### PcapHTTPExtractor
+
+- Updated the Docker image to: *demisto/pcap-http-extractor:1.0.0.2034848*.

Packs/CommonScripts/Scripts/PcapHTTPExtractor/PcapHTTPExtractor.yml

@@ -67,7 +67,7 @@ tags:
 - http
 timeout: '0'
 type: python
-dockerimage: demisto/pcap-http-extractor:1.0.0.117511
+dockerimage: demisto/pcap-http-extractor:1.0.0.2034848
 tests:
 - PcapHTTPExtractor-Test
 subtype: python3

Packs/CommonScripts/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Common Scripts",
     "description": "Frequently used scripts pack.",
     "support": "xsoar",
-    "currentVersion": "1.19.11",
+    "currentVersion": "1.19.12",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/CommunityCommonScripts/ReleaseNotes/1_3_14.md

@@ -0,0 +1,6 @@
+
+#### Scripts
+
+##### CreatePlbkDoc
+
+- Updated the Docker image to: *demisto/sane-doc-reports:1.0.0.2023828*.

Packs/CommunityCommonScripts/Scripts/CreatePlbkDoc/CreatePlbkDoc.yml

@@ -27,7 +27,7 @@ commonfields:
 contentitemexportablefields:
   contentitemfields:
     fromServerVersion: "6.0.0"
-dockerimage: demisto/sane-doc-reports:1.0.0.114696
+dockerimage: demisto/sane-doc-reports:1.0.0.2023828
 enabled: true
 name: CreatePlbkDoc
 runas: DBotWeakRole

Packs/CommunityCommonScripts/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Community Common Scripts",
     "description": "A pack that contains community scripts",
     "support": "community",
-    "currentVersion": "1.3.13",
+    "currentVersion": "1.3.14",
     "author": "",
     "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions",
     "email": "",

Packs/Core/Integrations/CortexCoreXQLQueryEngine/CortexCoreXQLQueryEngine.yml

@@ -12,16 +12,19 @@ configuration:
   type: 0
   hidden: true
   required: false
+  section: Connect
 - display: API Key ID
   name: apikey_id
   type: 4
   hidden: true
   required: false
+  section: Connect
 - display: API Key
   name: apikey
   type: 4
   hidden: true
   required: false
+  section: Connect
 description: XQL Query Engine enables you to run XQL queries on your data sources.
 display: XQL Query Engine
 name: XQL Query Engine

Packs/Core/Integrations/CortexCoreXQLQueryEngine/CortexCoreXQLQueryEngine_test.py

@@ -1079,7 +1079,14 @@ def test_get_xql_quota_is_core_available_false(mock_http_request):
                                       ' "eval_quota": 0.0}}'}
     with pytest.raises(DemistoException) as e:
         CLIENT.get_xql_quota({})
-    assert e.value.message == 'Using the XQL Query Engine from the core Pack is available only from version 8.7.0-1247804.'
+        ("Failed due to one of the following options: The integration is cloned, "
+         "please use only the built-in version since it can not be cloned."
+         " OR the Server version of the tenant is below"
+         " 8.7.0-1247804.")
+    assert e.value.message == ("Failed due to one of the following options: The integration is cloned, "
+                               "please use only the built-in version since it can not be cloned."
+                               " OR the Server version of the tenant is lower than"
+                               " 8.7.0-1247804.")
 
 
 @patch('CoreXQLApiModule.IS_CORE_AVAILABLE', False)
@@ -1101,7 +1108,10 @@ def test_start_xql_query_is_core_available_false(mock_api_call):
                                   'data': '{"reply": "aaa"}'}
     with pytest.raises(DemistoException) as e:
         CLIENT.start_xql_query({})
-    assert e.value.message == 'Using the XQL Query Engine from the core Pack is available only from version 8.7.0-1247804.'
+    assert e.value.message == ("Failed due to one of the following options: The integration is cloned, "
+                               "please use only the built-in version since it can not be cloned."
+                               " OR the Server version of the tenant is lower than"
+                               " 8.7.0-1247804.")
 
 
 @patch('CoreXQLApiModule.IS_CORE_AVAILABLE', False)
@@ -1123,7 +1133,10 @@ def test_get_xql_query_results_is_core_available_false(mock_api_call):
                                   'data': '{"reply": "aaa"}'}
     with pytest.raises(DemistoException) as e:
         CLIENT.get_xql_query_results({})
-    assert e.value.message == 'Using the XQL Query Engine from the core Pack is available only from version 8.7.0-1247804.'
+    assert e.value.message == ("Failed due to one of the following options: The integration is cloned, "
+                               "please use only the built-in version since it can not be cloned."
+                               " OR the Server version of the tenant is lower than"
+                               " 8.7.0-1247804.")
 
 
 @patch('CoreXQLApiModule.demisto.debug')

Packs/Core/ReleaseNotes/3_2_23.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### XQL Query Engine
+
+- Documentation and metadata improvements.

Packs/Core/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Core - Investigation and Response",
     "description": "Automates incident response",
     "support": "xsoar",
-    "currentVersion": "3.2.22",
+    "currentVersion": "3.2.23",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/CortexXDR/Integrations/XQLQueryingEngine/XQLQueryingEngine_test.py

@@ -975,30 +975,26 @@ def test_get_built_in_query_results_polling_command(mocker):
     assert res.call_args.args[1]['time_frame'] == '7 days'
 
 
+@patch('XQLQueryingEngine.Client')
+@patch('CoreXQLApiModule.demisto.params')
 @patch('XQLQueryingEngine.get_nonce')
 @patch('CoreXQLApiModule.demisto.debug')
 @patch('CoreXQLApiModule.demisto.command')
 @patch('CoreXQLApiModule.demisto.args')
-@patch('CoreXQLApiModule.demisto.params')
-@patch('XQLQueryingEngine.Client')
 @patch('CoreXQLApiModule.return_results')
 @patch('CoreXQLApiModule.return_error')
-def test_main_success(mock_return_error, mock_return_results, mock_Client, mock_demisto_params, mock_demisto_args,
-                      mock_demisto_command, mock_demisto_debug, mock_get_nonce):
+def test_main_success(mock_return_error, mock_return_results, mock_demisto_args,
+                      mock_demisto_command, mock_demisto_debug, mock_get_nonce,
+                      mock_demisto_params, mock_Client):
     """
     Given:
     - demisto.params().
-    - demisto.args().
-    - demisto.command()
-
-    When:
     - Calling main().
-
+    When:
+    - main() is called.
     Then:
     - Ensure the main() is called properly.
-
     """
-    import hashlib
     from XQLQueryingEngine import main
     mock_demisto_params.return_value = {
         'apikey': {'password': 'test_apikey'},
@@ -1014,23 +1010,18 @@ def test_main_success(mock_return_error, mock_return_results, mock_Client, mock_
     mock_demisto_command.return_value = 'test-module'
     mock_return_results.return_value = None
 
-    timestamp = str(int(datetime.now(timezone.utc).timestamp()) * 1000)
-    auth_key = f'test_apikeyrandom_nonce{timestamp}'.encode()
-    api_key_hash = hashlib.sha256(auth_key).hexdigest()
-
     main()
 
     mock_demisto_debug.assert_called_once_with('Command being called is test-module')
-    mock_Client.assert_called_once_with(
-        base_url='http://example.com/public_api/v1',
-        verify=True,
-        headers={'x-xdr-timestamp': timestamp,
-                 'x-xdr-nonce': 'random_nonce',
-                 'x-xdr-auth-id': 'test_apikey_id',
-                 'Authorization': api_key_hash},
-        proxy=False,
-        is_core=False
-    )
+    actual_call = mock_Client.call_args
+    filtered_kwargs = {k: v for k, v in actual_call.kwargs.items() if k != 'headers'}
+    expected_kwargs = {
+        'base_url': 'http://example.com/public_api/v1',
+        'verify': True,
+        'proxy': False,
+        'is_core': False,
+    }
+    assert filtered_kwargs == expected_kwargs
     mock_return_error.assert_not_called()
 
 

Packs/CortexXDR/ReleaseNotes/6_2_8.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Cortex XDR - XQL Query Engine
+
+No changes related directly to this integration.

Packs/CortexXDR/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Cortex XDR by Palo Alto Networks",
     "description": "Automates Cortex XDR incident response, and includes custom Cortex XDR incident views and layouts to aid analyst investigations.",
     "support": "xsoar",
-    "currentVersion": "6.2.7",
+    "currentVersion": "6.2.8",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/DeveloperTools/Integrations/CreateMockFeed/CreateMockFeed.yml

@@ -123,7 +123,7 @@ configuration:
 script:
   script: ''
   type: python
-  dockerimage: demisto/feed-performance-test:1.0.103518
+  dockerimage: demisto/feed-performance-test:1.0.117321
   feed: true
   subtype: python3
 tests:

Packs/DeveloperTools/ReleaseNotes/1_3_29.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Create-Mock-Feed-Relationships
+
+- Updated the Docker image to: *demisto/feed-performance-test:1.0.117321*.

Packs/DeveloperTools/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Developer Tools",
     "description": "Basic tools for content development.",
     "support": "community",
-    "currentVersion": "1.3.28",
+    "currentVersion": "1.3.29",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/ExodusIntelligence/Integrations/ExodusVulnerabilityEnrichment/ExodusVulnerabilityEnrichment.yml

@@ -123,7 +123,7 @@ script:
     - contextPath: ExodusVulnerabilityEnrichment.ResetDataStream.end_ts
       description: New date data stream is set to.
       type: String
-  dockerimage: demisto/exodusintelligence:1.0.0.113866
+  dockerimage: demisto/exodusintelligence:1.0.0.2027898
   feed: true
   isFetchSamples: true
   runonce: true

Packs/ExodusIntelligence/ReleaseNotes/1_0_3.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Exodus Intelligence Vulnerabilities
+
+- Updated the Docker image to: *demisto/exodusintelligence:1.0.0.2027898*.

Packs/ExodusIntelligence/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Exodus Intelligence EVE Platform",
     "description": "Built on original research from some of the best reverse engineers in the world as well as cutting edge machine learning technology,  [Exodus Intelligence’s EVE](https://vpx.exodusintel.com) platform provides deep intelligence about the latest vulnerabilities. This integration allows Cortex XSOAR users to add context regarding the nature of vulnerabilities and their likelihood to be exploited in the wild, identify platforms on which given vulnerabilities exist and have been verified to be exploitable, update incidents with specific mitigation guidance, and much more.",
     "support": "partner",
-    "currentVersion": "1.0.2",
+    "currentVersion": "1.0.3",
     "author": "Exodus Intelligence LLC",
     "url": "",
     "email": "[email protected]",

Packs/Exterro/Integrations/Exterro/Exterro.yml

@@ -58,7 +58,7 @@ script:
       description: The Status of the of workflow trigger.
       type: string
     description: Returns a boolean value.
-  dockerimage: demisto/accessdata:1.1.0.108229
+  dockerimage: demisto/accessdata:1.1.0.2005648
   script: '-'
   type: python
   subtype: python3

Packs/Exterro/ReleaseNotes/1_0_13.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Exterro FTK
+
+- Updated the Docker image to: *demisto/accessdata:1.1.0.2005648*.

Packs/Exterro/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Exterro/AccessData",
     "description": "Use the Exterro package to integrate with the Exterro FTK Suite, enabling the playbook automation of incident response workflows upon detection of a possible threat.",
     "support": "partner",
-    "currentVersion": "1.0.12",
+    "currentVersion": "1.0.13",
     "author": "Exterro",
     "url": "https://exterro.freshdesk.com/support/home",
     "email": "[email protected]",
@@ -17,4 +17,4 @@
         "xsoar",
         "marketplacev2"
     ]
-}
+}

Packs/FeedGreyNoiseIndicator/Integrations/GreyNoiseIndicator/GreyNoiseIndicator.yml

@@ -113,7 +113,7 @@ script:
     - contextPath: GreyNoiseFeed.Indicators.Tags
       description: 'The GreyNoise tags associated with the indicator.'
       type: String
-  dockerimage: demisto/greynoise:1.0.0.87524
+  dockerimage: demisto/greynoise:1.0.0.117184
   feed: true
   runonce: false
   script: '-'

Packs/FeedGreyNoiseIndicator/ReleaseNotes/1_0_1.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### GreyNoise Indicator Feed
+
+- Updated the Docker image to: *demisto/greynoise:1.0.0.117184*.

Packs/FeedGreyNoiseIndicator/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "GreyNoise Indicator Feed",
     "description": "This content pack fetches IPv4 Internet Scanner indicators from GreyNoise.",
     "support": "partner",
-    "currentVersion": "1.0.0",
+    "currentVersion": "1.0.1",
     "author": "GreyNoise",
     "url": "https://www.greynoise.io",
     "email": "[email protected]",