Merge branch 'contrib/zeekforit_master' into master

Packs/AWS-Enrichment-Remediation/ReleaseNotes/1_1_11.md

@@ -0,0 +1,6 @@
+
+#### Scripts
+
+##### AWSRecreateSG
+
+- Improved implementation to be backwards compatible with the **AWS - EC2** changes.

Packs/AWS-Enrichment-Remediation/Scripts/AWSRecreateSG/AWSRecreateSG.py

@@ -9,6 +9,28 @@
 ROLE_SESSION_NAME = "xsoar-session"
 
 
+def get_context_path(context: dict, path: str):
+    """Get a context output ignoring the DT suffix.
+
+    Args:
+        context (dict): The context output with DT paths as keys.
+        path (str): The outputs prefix path without the DT transform under which the required data is held.
+
+    Return:
+        (Any): The context data under the prefix.
+
+    Example:
+        >>> output = demisto.executeCommand('aws-ec2-describe-addresses')
+        >>> output
+        {'Contents': {'path.to.data(val.Id && val.Id == obj.Id)': [1, 2, 3, 4]}}
+        >>> get_context_path(output, 'path.to.data')
+        [1, 2, 3, 4]
+    """
+    return context.get(
+        next((key for key in context if key.partition('(')[0] == path), None)
+    )
+
+
 def split_rule(rule: dict, port: int, protocol: str) -> list[dict]:
     """
     If there are rules with ranges of ports, split them up
@@ -71,7 +93,7 @@ def sg_fix(sg_info: list, port: int, protocol: str, assume_role: str, instance_t
     Returns:
         Dict: Dict of the new SG to be used
     """
-    info = sg_info[0]['Contents']['AWS.EC2.SecurityGroups(val.GroupId === obj.GroupId)'][0]
+    info = get_context_path(sg_info[0]['Contents'], 'AWS.EC2.SecurityGroups')[0]  # type: ignore
     recreate_list = []
     # Keep track of change in SG or not.
     change = False
@@ -272,10 +294,8 @@ def instance_info(instance_id: str, public_ip: str, assume_role: str, region: st
     match = False
     for instance in instance_info:
         # Check if returned error, in the case of multiple integration instances only one should pass.
-        if not isError(instance) and \
-           instance.get('Contents').get('AWS.EC2.Instances(val.InstanceId === obj.InstanceId)')[0].get('NetworkInterfaces'):
-            interfaces = instance.get('Contents').get(
-                'AWS.EC2.Instances(val.InstanceId === obj.InstanceId)')[0].get('NetworkInterfaces')
+        interfaces = get_context_path(instance.get('Contents'), 'AWS.EC2.Instances')[0].get('NetworkInterfaces')  # type: ignore
+        if not isError(instance) and interfaces:
             mapping_dict = {}
             for interface in interfaces:
                 if interface.get('Association') and interface.get('Association').get('PublicIp') == public_ip:

Packs/AWS-Enrichment-Remediation/Scripts/AWSRecreateSG/AWSRecreateSG_test.py

@@ -137,3 +137,20 @@ def executeCommand(name, args):
     readable_output = command_results.readable_output
     correct_output = "For interface eni-00000000000000000: \r\nreplaced SG sg-00000000000000000 with sg-00000000000000001 \r\n"
     assert readable_output == correct_output
+
+
+def test_get_context_path():
+    """
+    Given:
+        An output from demisto.excuteCommand('some-command')['Context']
+    When:
+        Calling demisto.excuteCommand.
+    Then:
+        Get the context output.
+    """
+    from AWSRecreateSG import get_context_path
+
+    outputs = {'path.to.data(dt_path)': [1, 2, 3, 4]}
+
+    assert get_context_path(outputs, 'path.to.data') == [1, 2, 3, 4]
+    assert get_context_path(outputs, 'wrong.path') is None

Packs/AWS-Enrichment-Remediation/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "AWS Enrichment and Remediation",
     "description": "Playbooks using multiple AWS content packs for enrichment and remediation purposes",
     "support": "xsoar",
-    "currentVersion": "1.1.10",
+    "currentVersion": "1.1.11",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/Base/ReleaseNotes/1_33_14.md

@@ -0,0 +1,5 @@
+#### Scripts
+##### SanePdfReports
+- Updated the Docker image to: *demisto/sane-pdf-reports:1.0.0.84330*.
+- Fixed an issue where table fields were hidden.
+- Fixed an issue where report contained overlapping sections.

Packs/Base/Scripts/SanePdfReport/SanePdfReport.yml

@@ -45,7 +45,7 @@ tags:
 - pdf
 timeout: '0'
 type: python
-dockerimage: demisto/sane-pdf-reports:1.0.0.83846
+dockerimage: demisto/sane-pdf-reports:1.0.0.84330
 runas: DBotWeakRole
 tests:
 - No Test

Packs/Base/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Base",
     "description": "The base pack for Cortex XSOAR.",
     "support": "xsoar",
-    "currentVersion": "1.33.13",
+    "currentVersion": "1.33.14",
     "author": "Cortex XSOAR",
     "serverMinVersion": "6.0.0",
     "url": "https://www.paloaltonetworks.com/cortex",

Packs/CommonPlaybooks/Playbooks/playbook-GenericPolling.yml

@@ -35,12 +35,19 @@ tasks:
         }
       }
     note: false
+    continueonerrortype: ""
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: false
+    quietmode: 0
+    isoversize: false
+    isautoswitchedtoquietmode: false
   "1":
     id: "1"
-    taskid: c202a667-b138-4635-819f-56a7396cc7f8
+    taskid: 35c115cc-f926-48db-895a-c10a1dada76e
     type: regular
     task:
-      id: c202a667-b138-4635-819f-56a7396cc7f8
+      id: 35c115cc-f926-48db-895a-c10a1dada76e
       version: -1
       name: Schedule Polling Task
       description: Schedule Polling Task
@@ -68,7 +75,6 @@ tasks:
         simple: ${inputs.PollingCommandName}
       pollingCommandArgName:
         simple: ${inputs.PollingCommandArgName}
-      tag: {}
       timeout:
         simple: ${inputs.Timeout}
     separatecontext: false
@@ -80,12 +86,20 @@ tasks:
         }
       }
     note: false
+    reputationcalc: 1
+    continueonerrortype: ""
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: false
+    quietmode: 0
+    isoversize: false
+    isautoswitchedtoquietmode: false
   "2":
     id: "2"
-    taskid: 156abdbe-586e-4241-8ae6-364fe3d9d76a
+    taskid: 154b9a55-3d7c-412e-804c-c838cf7431c0
     type: condition
     task:
-      id: 156abdbe-586e-4241-8ae6-364fe3d9d76a
+      id: 154b9a55-3d7c-412e-804c-c838cf7431c0
       version: -1
       name: Waiting for polling to complete (Automated Task)
       description: This task will complete automatically when polling is complete.
@@ -108,12 +122,19 @@ tasks:
         }
       }
     note: false
+    continueonerrortype: ""
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: false
+    quietmode: 1
+    isoversize: false
+    isautoswitchedtoquietmode: false
   "3":
     id: "3"
-    taskid: bc152ecc-4c23-4296-844a-d21b32be0ec3
+    taskid: aaa21aff-02c5-4930-81fc-c8f8e9085884
     type: regular
     task:
-      id: bc152ecc-4c23-4296-844a-d21b32be0ec3
+      id: aaa21aff-02c5-4930-81fc-c8f8e9085884
       version: -1
       name: RunPollingCommand
       description: RunPollingCommand
@@ -144,6 +165,14 @@ tasks:
         }
       }
     note: false
+    reputationcalc: 1
+    continueonerrortype: ""
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: false
+    quietmode: 0
+    isoversize: false
+    isautoswitchedtoquietmode: false
   "5":
     id: "5"
     taskid: 778e1007-f7ea-4ff6-89c4-cffc067165c4
@@ -165,12 +194,19 @@ tasks:
         }
       }
     note: false
+    continueonerrortype: ""
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: false
+    quietmode: 0
+    isoversize: false
+    isautoswitchedtoquietmode: false
   "6":
     id: "6"
-    taskid: 62b13486-ae6a-49c1-8988-16765f35f1cc
+    taskid: db74b973-dc4a-499c-8d63-8df213685a1d
     type: regular
     task:
-      id: 62b13486-ae6a-49c1-8988-16765f35f1cc
+      id: db74b973-dc4a-499c-8d63-8df213685a1d
       version: -1
       name: Scheduled Task Failed
       description: Scheduled Task Failed
@@ -190,6 +226,14 @@ tasks:
         }
       }
     note: false
+    reputationcalc: 1
+    continueonerrortype: ""
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: false
+    quietmode: 0
+    isoversize: false
+    isautoswitchedtoquietmode: false
 view: |-
   {
     "linkLabelsPosition": {
@@ -209,37 +253,47 @@ inputs:
   value: {}
   required: true
   description: List of IDs to poll
+  playbookInputQuery:
 - key: PollingCommandName
   value: {}
   required: true
   description: Name of the polling command to run
+  playbookInputQuery:
 - key: PollingCommandArgName
   value:
     simple: ids
   required: true
   description: Argument name of the polling command.
+  playbookInputQuery:
 - key: Interval
   value:
     simple: "1"
   required: true
   description: Frequency that the polling command will run (minutes).
+  playbookInputQuery:
 - key: Timeout
   value:
     simple: "10"
   required: true
   description: Amount of time to poll before declaring a timeout and resuming the playbook (in minutes).
+  playbookInputQuery:
 - key: dt
   value: {}
   required: true
   description: "DT filter for polling IDs. Polling will stop when no results are returned. Use single quotes, for example: WildFire.Report(val.Status!=='Success').SHA256."
+  playbookInputQuery:
 - key: AdditionalPollingCommandArgNames
   value: {}
   required: false
   description: "Names of additional arguments for the polling command, for example: (arg1,arg2,...)."
+  playbookInputQuery:
 - key: AdditionalPollingCommandArgValues
   value: {}
   required: false
   description: "Values of the additional arguments for the polling command, for example: (value1,value2,...)."
+  playbookInputQuery:
 outputs: []
 tests:
 - No test
+contentitemexportablefields:
+  contentitemfields: {}

Packs/CommonPlaybooks/ReleaseNotes/2_5_5.md

@@ -0,0 +1,6 @@
+
+#### Playbooks
+
+##### GenericPolling
+
+- Improved the performance of the playbook.

Packs/CommonPlaybooks/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Common Playbooks",
     "description": "Frequently used playbooks pack.",
     "support": "xsoar",
-    "currentVersion": "2.5.4",
+    "currentVersion": "2.5.5",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/CommonScripts/Scripts/SetGridField/README.md

@@ -16,8 +16,8 @@ Update Grid Table from items or key value pairs.
 | context_path | Context path to list of items with similar properties or key value pairs.                                                                                                                                                                                                                             |
 | grid_id | Grid ID to modify. This argument can be either: 1) Grid name as it appears in the layout. 2) Grid "Machine name", as can be found in the grid incident field editor under Settings->Advanced->Fields (Incidents).                                                                                     |
 | overwrite | True if to overwrite Grid Data, False otherwise.                                                                                                                                                                                                                                                      |
-| columns | Comma-separated list of column header names, for example: columns="columnheader1,columnheader2,..". Make sure the column header names are lower case.                                                                                                                                                                                  |
-| keys | Keys to retrieve from items or "\*" for max keys \(limited when item list to columns amount\) \- Key will not be columns correlated. If you want to leave an empty column, please provide a place holder name that should not be in the context data such as "PLACE_HOLDER"                 |
+| columns | Comma-separated list of column header names, for example: columns="columnheader1,columnheader2,.."                                                                                                                                                                                  |
+| keys | Keys to retrieve from items or &quot;\*&quot; for max keys \(limited when item list to columns amount\) \- Key will not be columns correlated. If you want to leave an empty column, provide a place holder name that should not be in the context data such as "PLACE_HOLDER"<br>Make sure the key is lower case and does not contain spaces. For example, for a column header named USER ID, key="userid".               |
 | sort_by | Columns names by which to sort the rows.                                                                                                                                                                                                                                                              |
 | unpack_nested_elements | Set to 'true' to unpack nested elements.                                                                                                                                                                                                                                                              |
 | keys_from_nested | Keys to retrieve from nested dictionaries. Can be used only when the unpack_nested_elements argument is set to false. Keys will not be columns correlated. Default is all keys. **Note**: when the number of values exceeds the number of columns, it truncates the last values that are outside the range for table. |