changed memberof with members (#37812)

* changed memberof with members

* release notes

* Delete invalid file (#38111)

* Fix MISPV3 that returned indicator with DBot score unknown (#38106)

* commit

* commit

* update RN

* remove all debug

* Update Packs/MISP/ReleaseNotes/2_1_50.md

Co-authored-by: ShirleyDenkberg <[email protected]>

---------

Co-authored-by: ShirleyDenkberg <[email protected]>

* Change all paths in Readme and Description file-part6 (#38099)

* fix

* Fix Pylint errors in AWS (#38042)

* aws pylint

* apimodule

* aws secret manager

* apimodule_test

* fix unit test

* pylint fix

* response

* update dynamo test playbook

* fromversion: 5.0.0

* Fix Pylint errors in C packs (#38048)

* c packs pylint

* fix rn

* pack version

* Fix Pylint errors in S part 1 packs (#38082)

* pylint S1 packs

* rn

* docker image update

* Fix Pylint errors in S part 2 packs (#38084)

* pylint S2 packs

* docker image update

* AlibabaActionTrail Event Collector - Fixed a parsing error related to the  First fetch time interval parameter (#38074)

* Fixed the first fetch param parsing error

* pre-commit fixes

* Ignored the specific my py error

* Updated the docker image tag to the latest

* Updated the RN file

* XSUP 45126 Cyberark Identity Update (#38071)

* Updated ModelingRules ParsingRules

* Updated pack_metadata

* Updated README

* Updated README

* Updated README

* Update Packs/CyberArkIdentity/README.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update pack_metadata.json

* Updated ReleaseNotes

* Updated ReleaseNotes

---------

Co-authored-by: ShirleyDenkberg <[email protected]>

* Nozomi make result per run configurble (#37531) (#38057)

* NNPANXSOAR-6
* use record_created_at to paginate
* fix tests

* NNPANXSOAR-6
* use requests as http client to fix verify SSL issues
* make code more stable

* NNPANXSOAR-6
* updated documentation

* NNPANXSOAR-6
* make linter happy

* * add form Incidents per run
* add logic to return every run the incidents size passed

* * add form Incidents per run
* add logic to return every run the incidents size passed

* * add release notes
* bump version

* * add release notes
* bump version

* * update release notes
* make linter happy

* * make linter happy again

* * make linter happy again

* * use bearer token to auth every http call
* add sign_in
* fallback to basic auth

* * fix default error response

* * make app more robust
* add more case

* * fix proxy issue
* add tests

* * bumpversion
* update readme
* update release notes

* * wip new pagination

* * refactoring
* make linter happy
* remove dev logs

* * refactoring
* make linter happy
* remove dev logs

* * fix yml

* * fix yml

* * remove secrets

* * remove secrets

* * executed demisto-sdk split command on yml
* fix linter issues

* * fix release notes format

* * bump docker image version

Co-authored-by: Nicolò <[email protected]>

* part 7 - fixing relative files (#38083)

* part 7 - fixing relative files

* fix

* Fix Pylint errors in O packs (#38067)

* remove o

* skip CRTX-116483

* [EWS v2] Fix issue with files not opening (#37963)

* [EWS v2] Fix issue with files not opening

* Fix in fetch_attachments_for_message

* CRTX-146122-ProofPoint-Email-Security (#37954)

* added support for audit log type

* added release notes

* added release notes

* added release notes

* fix

* fix

* fix

* fix

* fix

* added parsing

* fix yml

* fix notes

* added tags

* New Playbook - Suspicious Local Administrator Login (#37933)

* new playbook

* added trigger and RN

* c

* added error to pack ignore

* trigger fixed

* namefix

* fix

* fix for the trigger

* Bump pack from version CortexResponseAndRemediation to 1.0.2.

* fix RN

* fix

* fixx

* fix for disable command

* Update Packs/CortexResponseAndRemediation/Playbooks/playbook-Suspicious_Local_Administrator_Login.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexResponseAndRemediation/Playbooks/playbook-Suspicious_Local_Administrator_Login.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexResponseAndRemediation/Playbooks/playbook-Suspicious_Local_Administrator_Login_README.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexResponseAndRemediation/ReleaseNotes/1_0_2.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexResponseAndRemediation/Playbooks/playbook-Suspicious_Local_Administrator_Login_README.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/CortexResponseAndRemediation/ReleaseNotes/1_0_2.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* fix for read me

* fix

* fix for command

* new image

* Adi's review changes

* Bump pack from version CortexResponseAndRemediation to 1.0.3.

* fixes

* Bump pack from version CortexResponseAndRemediation to 1.0.4.

* fix

* last version

* added description

* white image of the playbook

* read me fix

---------

Co-authored-by: Content Bot <[email protected]>
Co-authored-by: ShirleyDenkberg <[email protected]>

* remove native (#38098)

* fix

* fix

* fix

* fix

* Bump pack from version ThreatIntelReports to 1.0.21.

* Bump pack from version Whois to 1.5.21.

* cr

* cr

---------

Co-authored-by: RotemAmit <[email protected]>
Co-authored-by: Shachar Kidor <[email protected]>
Co-authored-by: eepstain <[email protected]>
Co-authored-by: ShirleyDenkberg <[email protected]>
Co-authored-by: content-bot <[email protected]>
Co-authored-by: Nicolò <[email protected]>
Co-authored-by: Menachem Weinfeld <[email protected]>
Co-authored-by: sdaniel6 <[email protected]>
Co-authored-by: Karina Fishman <[email protected]>
Co-authored-by: Content Bot <[email protected]>

* fix (#38104)

* change all paths in readme and description - part 8 (#38107)

* change all paths in readme and description - part 8

* fix

* Fix remote-access documentation (#38081)

* init

* Shirley

Co-authored-by: ShirleyDenkberg <[email protected]>

---------

Co-authored-by: ShirleyDenkberg <[email protected]>

* a pylint (#38093)

* pylint n packs (#38064)

* [Panorama] MyPy In Docker (#37932)

* mypy

* rn

* pylint

* [McAfeeNSMv2] MyPy In Docker (#37995)

* fix

* fix

* RN

* E501 Line too long

* autopep8

* Change all paths in Readme and Description file-part9 (#38108)

* fix

* fix

* CIAC-12287/Add-Extract-Indicators-to-Suspicious-msiexec-execution-PB (#38047)

* Add extract indicators for the playbook

* Update release notes

* Update release notes

* Bump pack from version CortexResponseAndRemediation to 1.0.4.

* Bump pack from version CortexResponseAndRemediation to 1.0.5.

* Fix review comments

---------

Co-authored-by: Content Bot <[email protected]>

* Add logs to xql query (#38097)

* add logs

* add rn

* fix log

* [EWSO365] MyPy In Docker (#37990)

* fix

* RN

* autopep8

* add retry (#38105)

* add retry

* RN

* update RN

* Aud demisto/auto update docker staging branch 89 (#37977)

* Updated docker image to demisto/sklearn:1.0.0.1858294. PR batch #1/1 (#37961)

Co-authored-by: root <root@1e2de18e0cc3>

* Updated docker image to demisto/netutils:1.0.0.118055. PR batch #1/1 (#37959)

Co-authored-by: root <root@1e2de18e0cc3>

* Updated docker image to demisto/chromium:131.0.6778.117810. PR batch #1/1 (#37957)

Co-authored-by: root <root@1e2de18e0cc3>

* Add RN

* .

* Bump pack from version CommonScripts to 1.19.5.

* Bump pack from version Mattermost to 2.0.7.

* Bump pack from version CommonScripts to 1.19.6.

* Bump pack from version CommonScripts to 1.19.7.

* Bump pack from version CommonScripts to 1.19.8.

* Bump pack from version CommonScripts to 1.19.9.

* .

* .

* .

---------

Co-authored-by: content-bot <[email protected]>
Co-authored-by: root <root@1e2de18e0cc3>
Co-authored-by: Content Bot <[email protected]>

* Enhancement for Exchange forwarding rule  (#38063)

* new

* fix

* Added RN

* Update Packs/CortexResponseAndRemediation/ReleaseNotes/1_0_4.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Bump pack from version CortexResponseAndRemediation to 1.0.5.

* fix

* Bump pack from version CortexResponseAndRemediation to 1.0.6.

* Tomer's review fix

* fix

* skip if added

* fix

* RN

* RN update

* fixed rn

* fixed rn

* fixed rn

---------

Co-authored-by: ShirleyDenkberg <[email protected]>
Co-authored-by: Content Bot <[email protected]>

* Change all paths in Readme and Description file-part10 (#38122)

* Ciac 10837/content path (#37898)

* InvalidMarkdownFileName - CIAC-10840

* InvalidDepthOneFolder - CIAC-10839

* InvalidIntegrationScriptFileName - CIAC-10841

* test

* test

* test

* test

* InvalidIntegrationScriptFileName - CIAC-10841

* fix paths and readme

* fix paths

* ignore validation

* remove change

* remove change added rn

* added test

* removed

* pre-commit

* pre-commit

* remove rn

* integration in skip

* commit

* XSUP-45578 (#38109)

* fix bug

* fix pre-commit

* fix pre-commit

* Update Packs/CommonScripts/ReleaseNotes/1_19_9.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Bump pack from version CommonScripts to 1.19.10.

---------

Co-authored-by: ShirleyDenkberg <[email protected]>
Co-authored-by: Content Bot <[email protected]>

* A small fix in CSP, FireEye, O365 for supporting python 3.12 (#38051)

* make the docstring a raw str

* RN

* add some more fixes

* rn

* rn

---------

Co-authored-by: RotemAmit <[email protected]>

* Fix Pylint errors in R packs (#38077)

* pylint R packs

* remove native from pytest-in-docker

* update docker image

* update test playbook Rundeck_test

* update Rundeck_test to run only in xsoar saas

* convert to relative - fm (#38056)

* convert to relative

* fix

* fix

* Fix remote-access documentation (#38081)

* init

* Shirley

Co-authored-by: ShirleyDenkberg <[email protected]>

---------

Co-authored-by: ShirleyDenkberg <[email protected]>

* a pylint (#38093)

* pylint n packs (#38064)

* [Panorama] MyPy In Docker (#37932)

* mypy

* rn

* pylint

* [McAfeeNSMv2] MyPy In Docker (#37995)

* fix

* fix

* RN

* E501 Line too long

* autopep8

* Change all paths in Readme and Description file-part9 (#38108)

* fix

* fix

* CIAC-12287/Add-Extract-Indicators-to-Suspicious-msiexec-execution-PB (#38047)

* Add extract indicators for the playbook

* Update release notes

* Update release notes

* Bump pack from version CortexResponseAndRemediation to 1.0.4.

* Bump pack from version CortexResponseAndRemediation to 1.0.5.

* Fix review comments

---------

Co-authored-by: Content Bot <[email protected]>

* Add logs to xql query (#38097)

* add logs

* add rn

* fix log

* revert

* Bump pack from version Phishing to 3.6.31.

---------

Co-authored-by: Yehuda Rosenberg <[email protected]>
Co-authored-by: ShirleyDenkberg <[email protected]>
Co-authored-by: RotemAmit <[email protected]>
Co-authored-by: Shmuel Kroizer <[email protected]>
Co-authored-by: Erez FelmanDar <[email protected]>
Co-authored-by: Content Bot <[email protected]>
Co-authored-by: Tal Carmeli <[email protected]>

* AUD-demisto/auto_update_docker_staging_branch_88 (#38052)

* Updated docker image to demisto/xsoar-tools:1.0.0.1902141. PR batch #1/1 (#37927)

Co-authored-by: root <root@1e2de18e0cc3>
Co-authored-by: azonenfeld <[email protected]>

* Add RN

* Bump pack from version CommonScripts to 1.19.7.

* Bump pack from version CommonScripts to 1.19.8.

* Bump pack from version Base to 1.39.13.

* Bump pack from version CommonScripts to 1.19.9.

* .

* .

* Bump pack from version Base to 1.39.14.

* Bump pack from version Base to 1.39.15.

---------

Co-authored-by: content-bot <[email protected]>
Co-authored-by: root <root@1e2de18e0cc3>
Co-authored-by: Content Bot <[email protected]>

* Update ruff version to 0.8.0 (#37930)

* update ruff

* [tool.ruff]

* [BoxV2] MyPy In Docker (#38133)

* fix

* update docker

* RN

* [SymantecEmailSecurity] MyPy In Docker (#38137)

* fix

* docker

* RN

* Add ErrorReasons to 'core-action-status-get' Command (#37483)

* add errorReasons

* add error_description to HR

* add outputs

* add RN

* add polling output

* change to No Tests

* change output path

* UT

* readme

* precommit

* doc review

* fix build fail (#38146)

* fix

* fix

* Revert "Update ruff version to 0.8.0 (#37930)" (#38138)

This reverts commit cb44cac.

* Fix-cs-t1059-playbook (#38148)

* Fixed playbook conditional task for creating new incident + added additional endpoint fields to the layout

* RN

* Update Packs/CrowdStrikeFalcon/ReleaseNotes/2_1_6.md

Co-authored-by: ShirleyDenkberg <[email protected]>

---------

Co-authored-by: ShirleyDenkberg <[email protected]>

* Create new 1Password pack for Cortex XSIAM (#37730)

* Fix additional ruff errors (#38144)

* E721

* rn

* update rn

* 10611 finshes part 3 1 (#38150)

* convert to relative

* fix

* fix

* [MongoDBAtlasEventCollector] MyPy In Docker (#38139)

* fix

* docker

* RN

* [FindEmailCampaign] MyPy In Docker (#38140)

* fix

* RN

* [Alibaba] MyPy In Docker (#38136)

* Alibaba

* docker

* RN

* unfreeze autoupdate flow cyberark (#38154)

* unfreeze

* rn

* undo rn

* 10611 finshes part 3_3 (#38161)

* 10611 finshes part 3_3

* 10611 finshes part 3_3

* Fix protectwise uploaded file README image (#38157)

* Fix Microsoft Defender incoming mapper / XSUP-45575 (#38155)

* init

* rn

* rn

* Fix CS Falcon outgoing mapper (#38087)

* fix

* rn

* improves

* Bump pack from version CrowdStrikeFalcon to 2.1.6.

* works

* rn

* add test

* add test

* pre commit

* Bump pack from version CrowdStrikeFalcon to 2.1.7.

---------

Co-authored-by: Content Bot <[email protected]>

* [ASM] - UVEM-790 - RankServiceOwners Update (#38091) (#38164)

* Update RankSO Script and Release Notes

* Update alertsource to ownerrelatedfield

* Refactor output logic to write_output_to_context_key function

* Refactor variables and update ReadMe

* add error for wrong tenant

* predefined/stringify

* Apply suggestions from code review



* changed wording

---------

Co-authored-by: John <[email protected]>
Co-authored-by: johnnywilkes <[email protected]>
Co-authored-by: jwilkes <[email protected]>
Co-authored-by: ShirleyDenkberg <[email protected]>

* ReversingLabs A1000 v2.4.4 (#38112) (#38170)

* Update version to 2.4.4

* Update readme

* Fix minor bugs in classification commands.

* Add the contributors file

* Add release notes

Co-authored-by: Mislav Sever <[email protected]>

* Fix Pylint errors in P packs (#38069)

* pylint p packs

* docker image updates

* rn

* Bump pack from version ProofpointThreatResponse to 2.0.21.

* Bump pack from version PrismaCloudCompute to 1.7.11.

* fix error

* pylint error

* revert some changes

* added memory_threshold to PAN-OS - Block IP - Custom Block Rule Test

* added memory_threshold to PAN-OS - Block IP - Static Address Group Test

* added memory_threshold PAN-OS - Block URL - Custom URL Category Test

* added memroty_treshold to all panorama test playbooks

---------

Co-authored-by: Content Bot <[email protected]>

* 10611 finshes part 3_4 (#38162)

* 10611 finshes part 3_4

* 10611 finshes part 3_4

* 10611 finshes part 3_4

* reverrt change

* 10611 finshes part 3_2 (#38160)

* 10611 finshes part 3_2

* wop

* poetry files (#38171)

Co-authored-by: Content Bot <[email protected]>

* fix ruff warnings (#38143)

* Update content before upgrading pylint (#37732)

* pylint errors

* more pylint and rn

* Bump pack from version EmailCommunication to 2.0.37.

* more pylint and rn

* pylint errors and rn

* Bump pack from version Base to 1.39.3.

* pylint errors and rn

* pylint errors and rn

* Bump pack from version Zoom to 1.6.20.

* Bump pack from version CommonScripts to 1.18.4.

* pylint errors and rn

* pylint errors and rn

* pylint errors and rn

* run on the my sdk branch

* remove changes from autofocus

* ruff pre-commit fixes

* delete some changes

* Bump pack from version Base to 1.39.4.

* fix validations

* pylint and mypy errors

* Bump pack from version CheckpointFirewall to 2.3.25.

* fixes

* pycln updates

* rn and updates

* autopop8 and fixes

* Bump pack from version cisco-ise to 1.0.24.

* Bump pack from version Netskope to 4.0.4.

* Bump pack from version Base to 1.39.5.

* fixes

* Bump pack from version SuspiciousDomainHunting to 1.0.10.

* Bump pack from version PrismaCloudCompute to 1.7.10.

* Bump pack from version PAN-OS to 2.3.2.

* Bump pack from version Palo_Alto_Networks_Enterprise_DLP to 2.0.15.

* fixed missing pylint and errors

* fixes

* validations

* autopop8 reco and poly

* fix

* docker image PolySwarm

* fix line too long

* pre-commit updates

* Bump pack from version PaloAltoNetworks_SecurityAdvisories to 1.0.9.

* use INFRA_BRANCH

* docker images

* fixed rn

* Bump pack from version Base to 1.39.6.

* base version update

* docker images

* Bump pack from version CommunityCommonScripts to 1.3.10.

* Bump pack from version ctf01 to 1.0.36.

* Bump pack from version ApiModules to 2.2.36.

* Bump pack from version CrowdStrikeFalcon to 2.1.2.

* updating version and release notes for apimodules

* Bump pack from version TrendMicroVisionOne to 4.2.1.

* updated the version of base

* updated the docker image to 3.11

* pre-commit updates

* removed code duplications

* remove no longer needed pylint fix

* remove duplications

* fix rn

* fix uptycs

* pack version

* Bump pack from version CrowdStrikeFalcon to 2.1.3.

* Bump pack from version AWS-SecurityHub to 1.3.41.

* remove aws

* awsapimodule+secret manager

* remove base

* remove commonscripts + common community scripts + cs falcon

* remove mattermost

* pre-commit updates

* remove c packs

* remove e packs

* remove f

* remove

* remove i + j

* remove m

* remove n

* remove o

* remove p

* remove r

* remove s1

* remove s2

* remove vmware

* remove t

* remove a

* remove native from pylint-in-docker

* Bump pack from version Whois to 1.5.21.

* Bump pack from version Whois to 1.5.22.

* update the test playbook Whois A new layout implemented with python-whois service

* add Whois A new layout implemented with python-whois service to the tests of the integration

* Bump pack from version ctf01 to 1.0.37.

---------

Co-authored-by: Content Bot <[email protected]>

* revert docker (#38169)

* revert docker

* revert docker

* Update Packs/RTIR/ReleaseNotes/1_0_22.md

Co-authored-by: Dan Tavori <[email protected]>

* empty

* empty

* added section to the .yml

* removed unrelated changes

* update the docker image

---------

Co-authored-by: Menachem Weinfeld <[email protected]>
Co-authored-by: israelpoli <[email protected]>
Co-authored-by: ShirleyDenkberg <[email protected]>
Co-authored-by: Mai Morag <[email protected]>
Co-authored-by: RotemAmit <[email protected]>
Co-authored-by: Shachar Kidor <[email protected]>
Co-authored-by: eepstain <[email protected]>
Co-authored-by: content-bot <[email protected]>
Co-authored-by: Nicolò <[email protected]>
Co-authored-by: sdaniel6 <[email protected]>
Co-authored-by: Karina Fishman <[email protected]>
Co-authored-by: Content Bot <[email protected]>
Co-authored-by: Yehuda Rosenberg <[email protected]>
Co-authored-by: Shmuel Kroizer <[email protected]>
Co-authored-by: Erez FelmanDar <[email protected]>
Co-authored-by: Tal Carmeli <[email protected]>
Co-authored-by: barryyosi-panw <[email protected]>
Co-authored-by: azonenfeld <[email protected]>
Co-authored-by: root <root@1e2de18e0cc3>
Co-authored-by: Yuval Cohen <[email protected]>
Co-authored-by: rshunim <[email protected]>
Co-authored-by: Adi Bamberger Edri <[email protected]>
Co-authored-by: Sasha Sokolovich <[email protected]>
Co-authored-by: Kamal Qarain <[email protected]>
Co-authored-by: Judah Schwartz <[email protected]>
Co-authored-by: Moshe Eichler <[email protected]>
Co-authored-by: John <[email protected]>
Co-authored-by: johnnywilkes <[email protected]>
Co-authored-by: jwilkes <[email protected]>
Co-authored-by: Mislav Sever <[email protected]>
Co-authored-by: Sapir Shuker <[email protected]>
Co-authored-by: Dan Tavori <[email protected]>

Packs/RTIR/Integrations/RTIR/RTIR.py

@@ -267,7 +267,7 @@ def create_ticket():
     referred_to_by = args.get('referred-to-by')
 
     if members or member_of or depends_on or depended_on_by or refers_to or referred_to_by:
-        edit_links(ticket_id, members, member_of, depends_on, depended_on_by, refers_to, referred_to_by)
+        edit_links(ticket_id, member_of, members, depends_on, depended_on_by, refers_to, referred_to_by)
 
     ticket_context = ({
         'ID': ticket_id,
@@ -534,7 +534,7 @@ def edit_ticket():
     referred_to_by = args.get('referred-to-by')
 
     if members or member_of or depends_on or depended_on_by or refers_to or referred_to_by:
-        links = edit_links(ticket_id, members, member_of, depends_on, depended_on_by, refers_to, referred_to_by)
+        links = edit_links(ticket_id, member_of, members, depends_on, depended_on_by, refers_to, referred_to_by)
         if "200 Ok" in links.text:
             edit_succeeded = True
 
@@ -934,8 +934,7 @@ def get_ticket_id(ticket):
 def fetch_incidents():
     last_run = demisto.getLastRun()
     last_ticket_id = last_run['ticket_id'] if (last_run and last_run['ticket_id']) else 0
-    raw_query = 'id>{}+AND+Priority>{}+AND+Queue={}{}{}'.format(last_ticket_id, FETCH_PRIORITY, apostrophe, FETCH_QUEUE,
-                                                                apostrophe)
+    raw_query = f'id>{last_ticket_id}+AND+Priority>{FETCH_PRIORITY}+AND+Queue={apostrophe}{FETCH_QUEUE}{apostrophe}'
     if FETCH_STATUS:
         status_list = FETCH_STATUS.split(',')
         status_query = '+AND+('

Packs/RTIR/Integrations/RTIR/RTIR.yml

@@ -2,64 +2,80 @@ category: Case Management
 commonfields:
   id: RTIR
   version: -1
+sectionOrder:
+- Connect
+- Collect
 configuration:
 - display: Server URL (e.g. http://192.168.0.1)
   name: server
   required: true
   type: 0
+  section: Connect
 - display: Username
   name: credentials
   required: false
   type: 9
+  section: Connect
 - name: token
   type: 9
   displaypassword: Token
   hiddenusername: true
+  section: Connect
 - display: Certificate
   name: certificate
   type: 9
   required: false
+  section: Connect
   displaypassword: Private Key
 - display: 'Trust any certificate (not secure)'
   name: unsecure
   type: 8
   required: false
+  section: Connect
 - display: 'Use system proxy settings'
   name: proxy
   type: 8
   required: false
+  section: Connect
 - display: 'Fetch incidents'
   name: isFetch
   type: 8
   required: false
+  section: Collect
 - display: 'Incident type'
   name: incidentType
   type: 13
   required: false
+  section: Collect
 - defaultvalue: 'new,open'
   display: 'Fetch incidents of the following status:'
   name: fetch_status
   type: 0
   required: false
+  section: Collect
 - display: 'Fetch incidents with priority greater or equal to:'
   name: fetch_priority
   type: 0
   required: false
   defaultvalue: '0'
+  section: Collect
 - defaultvalue: 'Incident Reports'
   display: Queue name to fetch incidents from
   name: fetch_queue
   type: 0
   required: false
+  section: Collect
 - display: Referer request header
   name: referer
   type: 0
   required: false
+  section: Collect
 - defaultvalue: '0'
   display: Fetch incidents limit (the max amount of incidents per fetch iteration)
   name: fetch_limit
   type: 0
   required: false
+  section: Collect
 description: Request Tracker for Incident Response is a ticketing system which provides pre-configured queues and workflows designed for incident response teams.
 display: RTIR
 name: RTIR
@@ -432,7 +448,7 @@ script:
   script: '-'
   type: python
   subtype: python3
-  dockerimage: demisto/python3:3.11.10.115186
+  dockerimage: demisto/python3:3.12.8.1983910
 tests:
 - RTIR Test
 fromversion: 5.0.0

Packs/RTIR/Integrations/RTIR/RTIR_test.py

@@ -128,7 +128,7 @@ def test_build_ticket_contains_id_in_headers():
     """
     from RTIR import build_ticket
     ticket = build_ticket(['ThisIsAID: ofNotID'])
-    assert {} == ticket
+    assert ticket == {}
 
 
 RAW_ATTACHMENTS_LIST = """

Packs/RTIR/ReleaseNotes/1_0_22.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### RTIR
+- Updated the Docker image to: *demisto/python3:3.12.8.1983910*.
+- Fixed an issue where the *member-of* and the *members* arguments were not handled properly in the ***rtir-edit-ticket*** and the ***rtir-create-ticket*** commands.

Packs/RTIR/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "RTIR",
     "description": "Request Tracker for Incident Response is a ticketing system which provides pre-configured queues and workflows designed for incident response teams.",
     "support": "xsoar",
-    "currentVersion": "1.0.21",
+    "currentVersion": "1.0.22",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",