Slaesforce Parsing Rule Update (#38390)

* Updated ParsingRules * Updated ReleaseNotes * Updated ReleaseNotes * Update 2_1_2.md * Update 2_1_2.md * Update pack_metadata.json * Updated README * Reverted CyberArkEPV * Update Packs/Salesforce/ReleaseNotes/2_1_2.md Co-authored-by: ShirleyDenkberg <[email protected]> * Updated ParsingRules --------- Co-authored-by: ShirleyDenkberg <[email protected]>
demisto · Jan 30, 2025 · 4a9f187 · 4a9f187
1 parent c29b1a6
commit 4a9f187
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 12 deletions.
diff --git a/Packs/Salesforce/ParsingRules/SalesforceParsingRules/SalesforceParsingRules.xif b/Packs/Salesforce/ParsingRules/SalesforceParsingRules/SalesforceParsingRules.xif
@@ -11,14 +11,10 @@ filter CreatedDate ~= "\d{4}\-\d{2}\-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}[+-]\d{4}"
 
 
 [INGEST:vendor="salesforce", product="eventlogfile", target_dataset="salesforce_eventlogfile_raw", no_hit = keep]
-filter to_string(_TIMESTAMP_DERIVED_) ~= "\d{4}\-\d{2}\-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z"
-| alter tmp_time_string = arrayindex(regextract(to_string(_TIMESTAMP_DERIVED_) , "\d{4}\-\d{2}\-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z"),0)
-| alter _time = parse_timestamp("%Y-%m-%dT%H:%M:%E3SZ", tmp_time_string )
-| fields -tmp_time_string;
+filter to_string(TIMESTAMP_DERIVED) ~= "\d{4}\-\d{2}\-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z"
+| alter _time = TIMESTAMP_DERIVED;
 
 
 [INGEST:vendor="salesforce", product="login", target_dataset="salesforce_login_raw", no_hit = keep]
-filter to_string(_TIMESTAMP_DERIVED_) ~= "\d{4}\-\d{2}\-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z"
-| alter tmp_time_string = arrayindex(regextract(to_string(_TIMESTAMP_DERIVED_) , "\d{4}\-\d{2}\-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z"),0)
-| alter _time = parse_timestamp("%Y-%m-%dT%H:%M:%E3SZ", tmp_time_string )
-| fields -tmp_time_string;
+filter to_string(TIMESTAMP_DERIVED) ~= "\d{4}\-\d{2}\-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z"
+| alter _time = TIMESTAMP_DERIVED;
diff --git a/Packs/Salesforce/ReleaseNotes/2_1_2.md b/Packs/Salesforce/ReleaseNotes/2_1_2.md
@@ -0,0 +1,6 @@
+
+#### Parsing Rules
+
+##### Salesforce Parsing Rule
+
+Updated the Salesforce Parsing Rule parsing rule. Removed the underscores at the beginning and end of the **TIMESTAMP_DERIVED** field.
diff --git a/Packs/Salesforce/pack_metadata.json b/Packs/Salesforce/pack_metadata.json
@@ -2,20 +2,24 @@
     "name": "Salesforce",
     "description": "CRM Services",
     "support": "xsoar",
-    "currentVersion": "2.1.1",
+    "currentVersion": "2.1.2",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",
     "created": "2020-04-14T00:00:00Z",
     "categories": [
         "Case Management"
     ],
-    "tags": [],
+    "tags": [
+        "Security"
+    ],
     "useCases": [],
-    "keywords": [],
+    "keywords": [
+        "salesforce"
+    ],
     "marketplaces": [
         "xsoar",
         "marketplacev2"
     ],
     "defaultDataSource": "Salesforce"
-}
+}