Merge branch 'master' into MW/Build_Machines_Cleanup/Fix_issue_in_uni…

…nstall_packs

Packs/Active_Directory_Query/.pack-ignore

@@ -18,4 +18,4 @@ ldap
 tls
 useraccountcontrol
 zipprotectwithpassword
-
+cn

Packs/Active_Directory_Query/Integrations/Active_Directory_Query/Active_Directory_Query.py

@@ -1597,7 +1597,7 @@ def add_member_to_group(default_base_dn):
     if not success:
         raise Exception("Failed to add {} to group {}".format(
             args.get('username') or args.get('computer-name'),
-            args.get('group_name')
+            args.get('group-cn')
         ))
 
     demisto_entry = {
@@ -1634,7 +1634,7 @@ def remove_member_from_group(default_base_dn):
     if not success:
         raise Exception("Failed to remove {} from group {}".format(
             args.get('username') or args.get('computer-name'),
-            args.get('group_name')
+            args.get('group-cn')
         ))
 
     demisto_entry = {

Packs/Active_Directory_Query/ReleaseNotes/1_6_33.md

@@ -0,0 +1,3 @@
+#### Integrations
+##### Active Directory Query v2
+- Fixed an issue where *group-cn* argument should have been used for error message in ***ad-add-to-group*** and ***ad-remove-from-group*** commands.

Packs/Active_Directory_Query/TestPlaybooks/Active_Directory_-_manual_pagination_check.yml

@@ -312,6 +312,9 @@ tasks:
       type: regular
       iscommand: false
       brand: ""
+    scriptarguments:
+      message:
+        simple: '"page-cookie is not set currently, or it returns no data" '
     separatecontext: false
     view: |-
       {
@@ -347,7 +350,7 @@ tasks:
     conditions:
     - label: "yes"
       condition:
-      - - operator: isEqualNumber
+      - - operator: greaterThanOrEqual
           left:
             value:
               complex:
@@ -357,7 +360,7 @@ tasks:
             iscontext: true
           right:
             value:
-              simple: "2"
+              simple: "1"
     view: |-
       {
         "position": {
@@ -965,7 +968,7 @@ tasks:
     conditions:
     - label: "yes"
       condition:
-      - - operator: isEqualNumber
+      - - operator: greaterThanOrEqual
           left:
             value:
               complex:
@@ -976,7 +979,7 @@ tasks:
             iscontext: true
           right:
             value:
-              simple: "2"
+              simple: "1"
     view: |-
       {
         "position": {

Packs/Active_Directory_Query/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Active Directory Query",
     "description": "Active Directory Query integration enables you to access and manage Active Directory objects (users, contacts, and computers).",
     "support": "xsoar",
-    "currentVersion": "1.6.32",
+    "currentVersion": "1.6.33",
     "author": "Cortex XSOAR",
     "url": "",
     "email": "",

Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR.py

@@ -432,8 +432,8 @@ def get_multiple_incidents_extra_data(self, incident_id_list=[], fields_to_exclu
 
 
 def get_headers(params: dict) -> dict:
-    api_key = params.get('apikey') or params.get('apikey_creds', {}).get('password', '')
-    api_key_id = params.get('apikey_id') or params.get('apikey_id_creds', {}).get('password', '')
+    api_key = params.get('apikey_creds', {}).get('password', '') or params.get('apikey', '')
+    api_key_id = params.get('apikey_id_creds', {}).get('password', '') or params.get('apikey_id')
     nonce: str = "".join([secrets.choice(string.ascii_letters + string.digits) for _ in range(64)])
     timestamp: str = str(int(datetime.now(timezone.utc).timestamp()) * 1000)
     auth_key = f"{api_key}{nonce}{timestamp}"

Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR.yml

@@ -3492,7 +3492,7 @@ script:
       isArray: true
     name: xdr-remove-user-role
     description: Remove one or more users from a role.
-  dockerimage: demisto/python3:3.10.14.90585
+  dockerimage: demisto/python3:3.10.14.91134
   isfetch: true
   isfetch:xpanse: false
   script: ''

Packs/CortexXDR/ReleaseNotes/6_1_26.md

@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### Palo Alto Networks Cortex XDR - Investigation and Response
+
+- Fixed an issue where authentication failed due to deprecated authentication configuration.
+- Updated the Docker image to: *demisto/python3.10.14.91134*.

Packs/CortexXDR/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Cortex XDR by Palo Alto Networks",
     "description": "Automates Cortex XDR incident response, and includes custom Cortex XDR incident views and layouts to aid analyst investigations.",
     "support": "xsoar",
-    "currentVersion": "6.1.25",
+    "currentVersion": "6.1.26",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/GoogleDrive/Integrations/GoogleDrive/GoogleDrive_description.md

@@ -15,3 +15,50 @@ Provide at least one of the following scopes for each command.
 	* https://www.googleapis.com/auth/drive.appdata
 	* https://www.googleapis.com/auth/drive.metadata
 	* https://www.googleapis.com/auth/drive.photos.readonly
+
+
+* ***google-drive-drives-list***
+* ***google-drive-drive-get***
+* ***google-drive-drive-delete***
+	*  https://www.googleapis.com/auth/drive 
+    *  https://www.googleapis.com/auth/drive.readonly
+
+* ***google-drive-files-list***
+* ***google-drive-file-get***
+* ***google-drive-file-upload***
+* ***google-drive-file-copy***
+* ***google-drive-file-get-parents***
+	*  https://www.googleapis.com/auth/drive
+	*  https://www.googleapis.com/auth/drive.file
+	*  https://www.googleapis.com/auth/drive.readonly
+	*  https://www.googleapis.com/auth/drive.metadata.readonly
+	*  https://www.googleapis.com/auth/drive.appdata
+	*  https://www.googleapis.com/auth/drive.metadata
+	*  https://www.googleapis.com/auth/drive.photos.readonly
+
+
+* ***google-drive-file-delete***
+	*  https://www.googleapis.com/auth/drive
+	*  https://www.googleapis.com/auth/drive.file
+	*  https://www.googleapis.com/auth/drive.appdata
+
+* ***google-drive-file-permissions-list***
+	*  https://www.googleapis.com/auth/drive
+	*  https://www.googleapis.com/auth/drive.file
+	*  https://www.googleapis.com/auth/drive.readonly
+	*  https://www.googleapis.com/auth/drive.metadata.readonly
+	*  https://www.googleapis.com/auth/drive.metadata
+	*  https://www.googleapis.com/auth/drive.photos.readonly
+
+* ***google-drive-file-permission-create***
+* ***google-drive-file-permission-update***
+* ***google-drive-file-permission-delete***
+	*  https://www.googleapis.com/auth/drive
+	*  https://www.googleapis.com/auth/drive.file
+
+* ***google-drive-file-modify-label***
+* ***google-drive-get-labels***
+* ***google-drive-get-file-labels***
+	*  https://www.googleapis.com/auth/drive
+	*  https://www.googleapis.com/auth/drive.labels
+

Packs/GoogleDrive/ReleaseNotes/1_3_6.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Google Drive
+
+Documentation and metadata improvements.

Packs/GoogleDrive/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Google Drive",
     "description": "Google Drive allows users to store files on their servers, synchronize files across devices, and share files. This integration helps you to create a new drive, query past activity and view change logs performed by the users, as well as list drives and files, and manage their permissions.",
     "support": "xsoar",
-    "currentVersion": "1.3.5",
+    "currentVersion": "1.3.6",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/NetscoutAED/README.md

@@ -1,3 +1,5 @@
+Note: Support for this Pack was moved to Partner starting MArch 31st, 2023. In case of any issues arise, please contact the Partner directly at [email protected].
+
 The Netscout Arbor Edge Defense (AED) integration enables you to block and allow outbound and inbound traffic.
 
 ## What does this pack do?

Packs/NetscoutAED/ReleaseNotes/1_0_26.md

@@ -0,0 +1,5 @@
+#### Integrations
+
+##### Netscout Arbor Edge Defense
+- Finished adoption process.
+

Packs/NetscoutAED/pack_metadata.json

@@ -1,11 +1,11 @@
 {
     "name": "Netscout Arbor Edge Defense - AED",
     "description": "Use the Netscout Arbor Edge Defense integration to detect and stop both inbound threats and outbound malicious communication from compromised internal devices.",
-    "support": "xsoar",
-    "currentVersion": "1.0.25",
-    "author": "Cortex XSOAR",
-    "url": "https://www.paloaltonetworks.com/cortex",
-    "email": "",
+    "support": "partner",
+    "currentVersion": "1.0.26",
+    "author": "Netscout",
+    "url": "https://www.netscout.com/product/arbor-aed-aem",
+    "email": "[email protected]",
     "categories": [
         "Network Security"
     ],
@@ -16,4 +16,4 @@
         "xsoar",
         "marketplacev2"
     ]
-}
+}

Packs/NetscoutArborSightline/README.md

@@ -1,3 +1,5 @@
+Note: Support for this Pack will be moved to Partner starting February 26, 2024.
+
 Arbor Sightline provides network visibility and reporting capabilities to help you identify and manage the mitigation of threats to your network. 
 
 

Packs/NetscoutArborSightline/ReleaseNotes/1_0_18.md

@@ -0,0 +1,5 @@
+#### Integrations
+
+##### Netscout Arbor Sightline (Peakflow)
+- Finished adoption process.
+

Packs/NetscoutArborSightline/pack_metadata.json

@@ -1,11 +1,11 @@
 {
     "name": "Netscout Arbor Sightline",
     "description": "Identify Potential Network Outages & Gain Business Insights to Solve Your Problems",
-    "support": "xsoar",
-    "currentVersion": "1.0.17",
-    "author": "Cortex XSOAR",
-    "url": "https://www.paloaltonetworks.com/cortex",
-    "email": "",
+    "support": "partner",
+    "currentVersion": "1.0.18",
+    "author": "Netscout",
+    "url": "https://www.netscout.com/product/arbor-sightline",
+    "email": "[email protected]",
     "created": "2021-01-13T15:10:51Z",
     "categories": [
         "Network Security"
@@ -17,4 +17,4 @@
         "xsoar",
         "marketplacev2"
     ]
-}
+}

Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.py

@@ -1,10 +1,10 @@
+import demistomock as demisto  # noqa: F401
+from CommonServerPython import *  # noqa: F401
 import copy
 from http import HTTPStatus
 from typing import Any, NamedTuple
 from collections.abc import Callable
 
-import demistomock as demisto  # noqa: F401
-from CommonServerPython import *  # noqa: F401
 
 MIN_PAGE_NUM = 1
 MAX_PAGE_SIZE = 50
@@ -253,6 +253,31 @@ def update_url_list(
             "PUT", f"api/v2/policy/urllist/{url_list_id}", json_data=data
         )
 
+    def patch_url_list(
+        self,
+        url_list_id: str,
+        urls: list[str] = None,
+        list_type: str = None,
+    ) -> dict[str, Any]:
+        """Update the given URL list.
+
+        Args:
+            url_list_id (str): URL list ID.
+            urls (List[str]): URL lists.
+            list_type (str): URL list type.
+
+        Returns:
+            Dict[str, Any]: API response from Netskope.
+        """
+
+        data = {
+            "data": {"type": list_type, "urls": urls}
+        }
+
+        return self._http_request(
+            "PATCH", f"api/v2/policy/urllist/{url_list_id}/append", json_data=data
+        )
+
     def create_url_list(
         self,
         name: str,
@@ -547,6 +572,48 @@ def update_url_list_command(
     )
 
 
+def add_url_list_command(
+    client: Client,
+    args: dict[str, Any],
+) -> CommandResults:
+    """Update URL List.
+
+    Args:
+        client (Client): Netskope API client.
+        args (Dict[str, Any]): command arguments.
+
+    Returns:
+        CommandResults: outputs, readable outputs and raw response for XSOAR.
+    """
+    url_list_id = args["url_list_id"]
+    urls = argToList(args.get("urls"))
+    list_type = args.get("list_type", '').lower() or None
+
+    response = client.patch_url_list(
+        url_list_id,
+        urls,
+        list_type
+    )
+
+    deploy_url_list_if_required(args, client.deploy_url_list)
+    output = get_updated_url_list(response)
+
+    readable_output = tableToMarkdown(
+        name="URL list was updated successfully",
+        t=remove_empty_elements(output),
+        headers=URL_HEADER,
+        headerTransform=string_to_table_header,
+    )
+
+    return CommandResults(
+        readable_output=readable_output,
+        outputs_prefix="Netskope.URLList",
+        outputs_key_field="id",
+        outputs=output,
+        raw_response=response,
+    )
+
+
 def create_url_list_command(
     client: Client,
     args: dict[str, Any],
@@ -1182,7 +1249,7 @@ def optional_arg_to_boolean(arg: str | bool | None) -> bool | None:
     return argToBoolean(arg) if arg is not None else None
 
 
-def main() -> None:
+def main() -> None:  # pragma: no cover
     params: dict[str, Any] = demisto.params()
     args: dict[str, Any] = demisto.args()
 
@@ -1210,6 +1277,7 @@ def main() -> None:
             "netskope-url-lists-list": lists_url_list_command,
             "netskope-url-list-delete": delete_url_list_command,
             "netskope-client-list": list_client_command,
+            "netskope-url-list-add": add_url_list_command
         }
 
         if command == "test-module":