Skip to content

Commit

Permalink
Fixed the url and IPv6 regex (#22466)
Browse files Browse the repository at this point in the history 
* url regex

* rn

* fixed rn

* Update 1_31_40.md

Done.

* docker

* fix

* fix

* fix ut

* rn

* rn

* domain

* hot fix demisto sdk (#22577)

* added the env

* added hotfix

* added demisto-sdk hot fix

* fixup! added demisto-sdk hot fix

* fixed lock file

* move var outside code

* XSIAM Impossible Traveler Enhancement (#22563)

* test

* test

* Enhancements

* New list and docs

* update RN

* fixes

Co-authored-by: evisochek <[email protected]>

* add alert_action_status arg to xdr-get-alerts command (#22526)

* add alert_action_status arg to xdr-get-alerts command

* update readme

* fix code review notes

* fix release notes

* update readme

* add secrets

* Modeling Rule Testing Test Data File Examples (#22567)

* feat(jamf): add modeling rule testdata example

* feat(ApacheTomcat): add syslog testdata example

Co-authored-by: avidan-H <>

* Googledrive fixes (#22021)

* fix

* fix

* README

* docker

* rn

* version

* cr fixes

* Update 1_2_20.md

changed formatting for argument from ** to *

* revert fix

* docker

* release-notes

* PAN-OS - Fix incorrect parsing of Panorama High-Availability state XML (#22124)

* PAN-OS - Fix incorrect parsing of Panorama High-Availability state XML (#20857)

* Bug reproduced

* Fixed by correcting xpath for panorama HA

* Add support for panorama HA in get-ha-status output

* Add panorama to HA peer serials dict

* Fixed get-ha-status bug

* Added conditional for extra safety

* Fix device-group bug when no hostname in entry

* Update release notes and metadata

* Update release notes and metadata

* Update Packs/PAN-OS/ReleaseNotes/1_15_2.md

* Update Packs/PAN-OS/ReleaseNotes/1_15_2.md

Co-authored-by: Spaghett <[email protected]>
Co-authored-by: Guy Afik <[email protected]>

* ReadPDFFileV2Permissions Fixes (Without Copy Protected) (#21856)

* Fixed the two bugs, need to handle the new ones that arised

* The script deals with the two problems

* Enhanced the flow of the script

* Fixed errors after enhancement

* Add release notes

* Fixed the 2 failing unit tests

* Fixed wrong expected value in unit test

* Added annotations and deleted tempfile

* Typo

* Fixed wrong args types in test

* Trying to fix Pylint error

* Added unit tests to test fixes

* Deleted functions that are not in use

* Fixed expected output

* Fixed where unit test would change pdf permissions

* Deleted pdf files that were used for testing

* Deleted redundant LOG

* Update PdfCopyingException

Co-authored-by: Jasmine Beilin <[email protected]>

* Update PdfCredentialsException

Co-authored-by: Jasmine Beilin <[email protected]>

* Added CR comments

* Fixed CR comments and test playbook

* Tried adding file to secrets-ignore

* Fixed unit tests imports

* Fixed unit tests imports

* Fixed unit tests

* Fixed unit tests

* Fixed unit tests

* Using PyPDF2.PdfReader

* Deleted copy protected file and corresponding unit test

* Deleted copy protected file

* Update .secrets-ignore

Co-authored-by: Jasmine Beilin <[email protected]>

* Misp add email object bug fix (#22088)

* fix bug

* add UT

* update docker image

* update RN

* update lint

* CR fixes

* fix test playbook

* Initial release of Stairwell integration (#21530) (#22117)

* Update readme

* Exclude known URLs from .secrets-ignore

* Increase testing coverage

* Updated README

* Updated README & Inception.yml

* Fix for LINT error using urllib3

* Improved test_module error handling

Co-authored-by: mikewilusz-stairwell <[email protected]>

* TaegisXDR - Add support for comments (#21379) (#21901)

* Adding Comment create, fetch, and update commands

* Adding tests for Comment commands

* Replacing readable_output with tableToMarkdown

* Updating tests

* Adding test for test-module command

* Updating example context data for reference

* Updating output for Comment create and update commands

* Updating valid Investigation statuses

* Updating test data url

* Adding release notes and bumping pack version to 4.1.0

* Correcting docker image location

* Updating to latest docker image

* Updating error checks

* Removing unneeded release note

* Correcting error messages in tests

* Adding alerts2, missed in previous version

* Ensuring the input passed into fetch-alerts is a string with no single quotes

* Correcting Flake8 linting

* Allowing for alert IDs to be a list or string of alert IDs, correct playbook runs

* Updating docker image for CI

* Removing unnecessary release note

* Updating docker image

* Removing unnecessary release note

Co-authored-by: Ryan Reed <[email protected]>

* temporary fix of VirusTotal offset 1 error in reputation (#22062)

* temporary fix of VirusTotal offset 1 error in reputation
scripts

* Latest docker image

* increment revision version

* Add release notes

* Add a period in end of release notes sentence.

* ignore VirusTotal as unknown word
in release notes.

* updated the JIRA ticket reference.

* use latest docker image

* PR changes

* remove duplicated import

* remove blank line contains whitespace

* revert changes to file

* update release notes.

* install demisto-sdk master correctly in staging (#22136)

* One Datamodel Ready 4 (#22020)

* Creating One Datamodel Ready 4 and adding guard duty to it.

* Uploaded OracleDBEventCollector_1_3

* Updated version to 1.0.1

* Added OktaOAG_1_3

* Added Cisco SMA 1.3

* Added Tenable_io 1.3

* Updated the pack_metadata

* Uploaded version 1.3 (ODM)

* Push Apache tomcat to One data model ready 4

* Updated readme

* Added Azure Event Hub 1.3

* Push Microsoft365Defender One data model ready 4

* add modeling rules 1.3

* Updated release notes for Abnormal Security

* Updated the release notes and version for 8 packs

* Fixed duplicated field for AWS GuardDuty, PR One Data Model Ready 4

* Updated the OracleDB release notes

* Updated version in metadata json

* Adding fields and fixing url field for ApacheTomcat, PR One Data Model Ready 4

* Delete TenableioEventCollector_1_3.yml

* Delete MicrosoftWSUSModelingRules_1_3.xif

* Remove wsus from pr 4

* add modeling rules 1.3

* add tenable io yml

* Uploaded MS WSUS to PR4

* Add box to PR 4

* Add netskope to PR 4

* Remove from xdr version from microsoft 365 defender

* Removed v1.3 data from Cisco SMA and Okta OAG

* updated Read.me file to origin

* Updated schema and version

* Removed 'to' - Not needed

* Add schema to box

* Add schema to box, v1

* Updated schema 'Type' error

* Fix schema tenable

* add toversion

* update RN

* update rn1

* Fix Schema to be compatible with dataset names.
Fix spaces in abnormal security pack

* Fix Schema to be compatible with dataset name  - AWS GuardDuty

* Adding two fileds to microsoft365defender pack

Co-authored-by: eepstain <[email protected]>
Co-authored-by: nkanon <[email protected]>
Co-authored-by: gtamir <[email protected]>
Co-authored-by: evisochek <[email protected]>
Co-authored-by: evisochek <[email protected]>

* Fix for ms graph mail (#22120)

* fix bug

* add rn

* api fix

* cr fix

* change rn

* Update Docker Image To demisto/py3-tools  (#22141)

* Updated Metadata Of Pack Elasticsearch

* Added release notes to pack Elasticsearch

* Packs/Elasticsearch/Integrations/Elasticsearch_v2/Elasticsearch_v2.yml Docker image update

* Updated Metadata Of Pack FeedAWS

* Added release notes to pack FeedAWS

* Packs/FeedAWS/Integrations/FeedAWS/FeedAWS.yml Docker image update

* Updated Metadata Of Pack OpenLDAP

* Added release notes to pack OpenLDAP

* Packs/OpenLDAP/Integrations/OpenLDAP/OpenLDAP.yml Docker image update

* add-CortexAttackSurfaceManagement-pack (#22133)

* add-CortexAttackSurfaceManagement-pack

* Update Tests/Marketplace/core_packs_mpv2_list.json

* Update Docker Image To demisto/python3  (#22139)

* Updated Metadata Of Pack AHA

* Added release notes to pack AHA

* Packs/AHA/Integrations/AHA/AHA.yml Docker image update

* Updated Metadata Of Pack BeyondTrust_Password_Safe

* Added release notes to pack BeyondTrust_Password_Safe

* Packs/BeyondTrust_Password_Safe/Integrations/BeyondTrust_Password_Safe/BeyondTrust_Password_Safe.yml Docker image update

* Updated Metadata Of Pack BitcoinAbuse

* Added release notes to pack BitcoinAbuse

* Packs/BitcoinAbuse/Integrations/BitcoinAbuse/BitcoinAbuse.yml Docker image update

* Updated Metadata Of Pack BluecatAddressManager

* Added release notes to pack BluecatAddressManager

* Packs/BluecatAddressManager/Integrations/BluecatAddressManager/BluecatAddressManager.yml Docker image update

* Updated Metadata Of Pack CarbonBlackEnterpriseEDR

* Added release notes to pack CarbonBlackEnterpriseEDR

* Packs/CarbonBlackEnterpriseEDR/Integrations/CarbonBlackEnterpriseEDR/CarbonBlackEnterpriseEDR.yml Docker image update

* Updated Metadata Of Pack Censys

* Added release notes to pack Censys

* Packs/Censys/Integrations/CensysV2/CensysV2.yml Docker image update

* Updated Metadata Of Pack Centreon

* Added release notes to pack Centreon

* Packs/Centreon/Integrations/Centreon/Centreon.yml Docker image update

* Updated Metadata Of Pack CheckPhish

* Added release notes to pack CheckPhish

* Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.yml Docker image update

* Updated Metadata Of Pack CircleCI

* Added release notes to pack CircleCI

* Packs/CircleCI/Integrations/CircleCI/CircleCI.yml Docker image update

* Updated Metadata Of Pack Cisco-umbrella-enforcement

* Added release notes to pack Cisco-umbrella-enforcement

* Packs/Cisco-umbrella-enforcement/Integrations/CiscoUmbrellaEnforcement/CiscoUmbrellaEnforcement.yml Docker image update

* Fixed Mypy Errors

Co-authored-by: sberman <[email protected]>

* Update Docker Image To demisto/boto3py3  (#22140)

* Updated Metadata Of Pack AWS-ACM

* Added release notes to pack AWS-ACM

* Packs/AWS-ACM/Integrations/AWS-ACM/AWS-ACM.yml Docker image update

* Updated Metadata Of Pack AWS-CloudWatchLogs

* Added release notes to pack AWS-CloudWatchLogs

* Packs/AWS-CloudWatchLogs/Integrations/AWS-CloudWatchLogs/AWS-CloudWatchLogs.yml Docker image update

* Updated Metadata Of Pack AWS-IAM

* Added release notes to pack AWS-IAM

* Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml Docker image update

* Updated Metadata Of Pack AWS-Lambda

* Added release notes to pack AWS-Lambda

* Packs/AWS-Lambda/Integrations/AWS-Lambda/AWS-Lambda.yml Docker image update

* Updated Metadata Of Pack AWS-S3

* Added release notes to pack AWS-S3

* Packs/AWS-S3/Integrations/AWS-S3/AWS-S3.yml Docker image update

* Updated Metadata Of Pack AWS-SQS

* Added release notes to pack AWS-SQS

* Packs/AWS-SQS/Integrations/AWS-SQS/AWS-SQS.yml Docker image update

* Updated Metadata Of Pack AWS-SecurityHub

* Added release notes to pack AWS-SecurityHub

* Packs/AWS-SecurityHub/Integrations/AWS_SecurityHub/AWS_SecurityHub.yml Docker image update

* Updated Metadata Of Pack AWS_DynamoDB

* Added release notes to pack AWS_DynamoDB

* Packs/AWS_DynamoDB/Integrations/AWS_DynamoDB/AWS_DynamoDB.yml Docker image update

* Updated Metadata Of Pack Aws-SecretsManager

* Added release notes to pack Aws-SecretsManager

* Packs/Aws-SecretsManager/Integrations/AwsSecretsManager/AwsSecretsManager.yml Docker image update

* Update Docker Image To demisto/smbprotocol  (#22144)

* Updated Metadata Of Pack SMB

* Added release notes to pack SMB

* Packs/SMB/Integrations/SMB_v2/SMB_v2.yml Docker image update

* [AquatoneDiscover] move to commonscripts, to py3 (#21715)

* move the script to commonscripts.
* update the script&docker to support python3

* GitLab new integration  (#21258)

* first commit

* add readme+playbook, fix  file_del and group_proj

* fix file_d & group_l add readme & playbook

* ignore secrets deesc.md added

* after format

* format gitlab test and py file

* remove unused imports gitlab_test

* pack ignore and changes to read me

* resize image and some unit test

* corrections after PR, only few more commands to fix

* project list and issue list after fixing

* after fixing according Pr1

* after fixing according Pr1 _ fixed lint

* adding get users command

* update output for merge request branch delete

* update playbook file

* update README

* update after PR

* Removing save cotext data from playbook

* adding pagination function, try on group_project, projects, issue_list commands

* adding response according pagination and fixing lists commands

* adding command example to README and small fixies in GitLab.py

* adding test validate pagination argumnets and fixing docker image

* adding unit tests

* adding unit tests 30% cover

* adding unit test. 40% cover

* adding unit test. 40% cover

* try fixing image

* fix after validate

* changing the devSecOps/GitLab docker image

* add mid unit test

* Delete GitLab.yml

* Revert "Delete GitLab.yml"

This reverts commit 04f39dff09ba41e93d6cea07d277821c674633a5.

* undo changes to Packs/DevSecOps/Integrations/GitLab/GitLab.yml

* putting the new test as a comments just to make sure the build is ok

* adding # pragma: no cover to main

* adding # pragma: no cover to if main

* cover 51 %

* unit test 62%

* unit tests 66%

* 70% cover unit test+ get_raw_file_command updated

* temp change to id in yml file

* Revert "temp change to id in yml file"

This reverts commit 0f49681ec2ff327610952d381524483f93372275.

* id in yml

* change in conf jason to Gitlab - check

* updating relevat fields to GitLab v2

* update relase notes

* delete uneeded files

* relelse note update

* adding the word use to 2_0_0 so the sentence would make sense

* adding partial_response paramter to yml and 2 func

* updating read me(adding partial_response arg)

* adding fixes for partial_response

* adding unit tests 70% from 67%

* 4 changes after pr

* only two PR notes left

* last PR notes+ updating playbook

* updating docker image

* fix after validate

* updating playbook id pack name

* code pan run try changing the name+adding test docstring explation

* Update GitLab.yml

Done.

* Update GitLab_description.md

Done.

* Update 2_0_0.md

Done.

* trailing white space

* doc review changes

* update fromversion

* pack metadata changed name

* changes after eli, regarding the name gitlabv2

* eli another try

* GitLab v2 to GitLabv2

* space to do build again

* adding
marketplaces:
- marketplacev2

* try build again

* update meket place

* scripts for playbook

* fixing suggestbranch

* delete irrlevent files and checking

* forgot to lint

* deleting scripts related to ci cd

* redone last changes

* small changes

* update tests

* add .

* .

* fgdfg

* conf.json and update test playbook

* deleting unused var

* update file changes, already changed it before

* project_id check and notes from demo fixed

* adding description to issue HR

* add merged to branch

* test update

* update tests

* adding tests

* update merge request merge

* change playbook

* adding fromvision

* adding explanation to api scopes

* adding title to partial list branch

* datetime param and add DeleteContext

* updating playbook prays and hopes for the build

* pr updates

* fix trailing white space

* fixing issues ollalal

* pretty file_path for folders

* demisto docker

* group project read me fixed

* fixed doc string

Co-authored-by: ShirleyDenkberg <[email protected]>
Co-authored-by: dorschw <[email protected]>

* Deprecate old gitlab (#21695)

* deprecat old GitLab pack

* update release notes

* updating pack version and release note name

* change vesrion

* change version

* changes

* try

* relase note

* Delete 1_d0445cb2-f325-4894-83e1-93ac42293504

delete it

* update the file name of the release note

* delete 1_2_0

* [VMware] to py3 (#21830)

* update to python3

* save tests (#21863)

* fix duplicates (#21996)

* fix duplicates

* fix test

* Contrib/CDS Cofense Vision 100 (#22018) (#22029)

* Updated deprecation description.

* [Marketplace Contribution] SplunkCIMFields (#14484)

* "pack contribution initial commit" (#14439)

* change the scrpt according to the contributor

* change the scrpt according to the contributor

Co-authored-by: xsoar-bot <[email protected]>
Co-authored-by: cshayner <[email protected]>

* setGridField: Allow column names to have underscores (#14469)

Grid column names can have underscores in them.

Co-authored-by: Dean Arbel <[email protected]>

* Add more dates, tags, and TLP to feed integration (#14483)

* Add more dates, tags, and TLP to feed integration (#14380)

* Add more dates, tags and TLP to feed integration

* Add release notes

* fixed rn

Co-authored-by: EvgeniyMeteliza <[email protected]>
Co-authored-by: abaumgarten <[email protected]>

* Fixed Custom Indicator context value key (#14422)

* Fixed context value key

* Fixed customIndicator test

* Fixed customIndicator test

* Merge branch 'master' into custom-indicator-value

# Conflicts:
#	Packs/Base/ReleaseNotes/1_13_22.md

* Update 1_13_23.md

Done.

Co-authored-by: ShirleyDenkberg <[email protected]>

* added ignore BA113,BA112 (#14465)

* GetFailedTasks - improve err msg of failure to retrieve tasks (#14442)

* improve err msg of failure to retrieve tasks

* rm new line

* Update Packs/IntegrationsAndIncidentsHealthCheck/Scripts/GetFailedTasks/README.md

Co-authored-by: Bar Katzir <[email protected]>

Co-authored-by: Bar Katzir <[email protected]>

* Fix generic APIModule feeds (#14490)

* setGridField: undo column name truncation (#14492)

allow column name truncation

Co-authored-by: Dean Arbel <[email protected]>

* fixed bug in pop ranks (#14493)

* fixed bug in pop ranks

* fixed bug in pop ranks

* Migrate bucket upload workflow to GitLab (#14130)

* Remove upload dev rules and env variable dev value assignment

* Show that it works with fixed demisto-sdk

* Revert "Show that it works with fixed demisto-sdk"

This reverts commit 0a813cdbe92fcd4c2840fb92d091661853e8339c.

* Enable bucket-upload trigger script to work against production bucket

Co-authored-by: ikeren <[email protected]>

* Added Iron Bank approved tag (#14489)

* Crowdstrike datetime bug (#14382)

* added test

* added test that fails

* fix for test

* added release notes

* Update Packs/FeedCrowdstrikeFalconIntel/ReleaseNotes/2_0_4.md

Co-authored-by: roysagi <[email protected]>

* Qss new pr (#14502)

* update README.md

* update README.md

* Rasterize improvements (#14124) (#14482)

* Added support for different filename

* Update the release notes

* fix mypy error

* Changed the naming from "filename" to "file_name"

* Rename 1_0_10.md to 1_0_11.md

* Update pack_metadata.json

Co-authored-by: Paul <[email protected]>
Co-authored-by: Yaakov Praisler <[email protected]>

Co-authored-by: Paul D <[email protected]>
Co-authored-by: Paul <[email protected]>
Co-authored-by: Yaakov Praisler <[email protected]>

* [Sixgill-195] dve bug (#14503)

* [Sixgill-195] dve bug (#14499)

* fixed tests

* fixed tests

* fixed tags

* fixed tags

* rn

Co-authored-by: tamarsix <[email protected]>
Co-authored-by: abaumgarten <[email protected]>

* metadata constants (#14466)

* metadata constants

* metadata constants

* metadata constants

* fix name

* typo fix

* typo fix

* Zip content packs step optimization (#12770)

* Testing download packs from gcs

* Deleting Skip Zip content packs so it can be tested

* Changed file download to gsutil

* Fixed bucket path

* Fixed gsutil flag

* Added dest path prints

* Old download

* Different url

* Changed gcp path

* Changed gcp path

* Created a bash script for gcp command

* Rerun

* Added newline

* Changed path and error message

* Added shell statement to file

* Added prints

* Changed os.walk

* Changed zip path

* Changed gcp path

* Changed gcp path

* added prints

* print entries

* print entries

* print entries

* print entries

* prints subprocess

* prints subprocess

* prints subprocess

* prints subprocess

* prints subprocess

* prints subprocess

* Changed set and added exception handler

* removed unnecessary mkdir

* print path of pack

* test

* test

* fixes

* fixes

* fixes

* fixes

* testing old step

* checks and prints

* checks and prints

* Added copy to other dir

* Added some comments

* removed script communication

* Added testing, changed parameters to general build

* Added docstring to tests

* Fixed flake8 issues

* Added packs list print - will be removed

* Removed print

* Added dir entries print

* Added check for circle_build

* Added src and dest path prints

* Added src path prints and check_output

* Added src path prints and check_output

* Removed trailing /

* Fixed zip path

* Added storage_base_path, bucket_name args. Removed prints, added logging. Added try except clause.

* Added missing arguments

* Moved to upload flow only

* Removed skip for non master branches - testing

* Moved sys.exit(1) to end of script, refactored search in blobs.

* Updated comment

* Fixed tests

* Added looseversion

* Added master check back

* Removed unnecessary bash script.

* Fixed PR comments

* Changed copy to artifacts to use the script's arguement

* Added gitlab support

* Testing gitlab's upload

* Added check back

* Fixed readme error

* Added back the upload check

* Fixed some todos

* Added todos

* Moved download to job

* Fixed tests

* Todo

* removing conditions for testing

* Added needed conditions

* Removed todo and added env var

* Changed packs src

* Removed conditions

* Updated sbp when bucket is dist-dev

* Changed to default storage_base_path

* Removed unnecessary conditions

* updated path

* Sharing variable between steps

* Added step to bucket-upload.yml

* Fixed flake8 issues

* commented out failing tests - for testing gitlab flow

* Fixed problem in unittest

* Fixed problem in unittest

* Changed bucket condition name

* Fixed yml file

* Removed unnecessary packs dir

* Added echo

* Added default storage_base_path value

* Fixed yml structure

* Fixing yml structure

* test

* Revert "test"

This reverts commit a340bfce

* Removed run validations

* Changed upload-to-marketplace rules

* Added gcloud login

* Added rule back, removed private zip folder creation

* Removed run validations

* Added requirement back

* Added run validations back

* StixParser - skip SSDEEP (#14501)

* add ssdeep to stix1 test file

* trigger ut

* skip ssdeep values

* Update Packs/Base/ReleaseNotes/1_13_24.md

Co-authored-by: Shahaf Ben Yakir <[email protected]>

Co-authored-by: Shahaf Ben Yakir <[email protected]>

* Ansible Integration Quality Improvements (#14375)

* Ansible Integration Quality Improvements (#12795)

* Ansible API Module

* Refactored Ansible Integrations using API Module

* HCloud Documentation

* Default values of [] and {} are invalid in Ansible

* Linux README. Work in progress.

* spelling

* Alibaba Cloud Readme

* typo

* typo

* commands for doco

* better acme banner

* better description

* ACME README WIP

* commands from debian server

* Windows ReadMe WIP

* docker tag bump

* docker version bump and displayname spacing

* remove commands with error outputs

* Release notes / Metadata

* validation issue resolution

* linting and formating corrections

* trimmed package listing

* MS Readme WIP

* aligning names in note to integrations

* MS Readme WIP

* get_md5 argument no longer exists on module

* More README WIP

* remove pester example, looks like it failed tests

* mypy and flake8 lint fixes

* docker image bump

* ignoring pylint errpr for specialised import

* typo

* pylint and pep8 errors use different ignore syntax

* dict2md revisions and unit tests

* rec_ansible_key_strip unit test

* Correct docker image for Ansible

* linting

* clean up loose demisto calls and add type hinting

* Inventory unit tests

* incorrect indentation

* remove unused value

* tidy up demisto calls

* generic_ansible unit test

* remove global var host_type

* linting

* mypy fixes, output_key field, and context camelCase

* regenerated integrations
* id/name prefixed with ansible
* removed whitespace on descriptions
* camelcase context
* corrected predefined args for bools
* outputs_key_field for targetbased integrations

* context path updated

* better error messages

* test-command functionality

* fix templating error

* correct logic for test-module

* version bump and linting

* linting

* docstring for generic_ansible

* Deprecating old pack
Adding new packs

* Alibaba Cloud Polish

* Documenetation for Alibaba Cloud

* Documentation for Azure Compute

* remove problematic module

* Documentation for Hetzner Cloud

* Partial documentation for Windows

* hcloud test playbook

* kubernetes documentation

* remove empty command example headings

* better explaination around ansible usage

* Linux doco

* Ansible naming

Co-authored-by: roysagi <[email protected]>

* Ansible naming

Co-authored-by: roysagi <[email protected]>

* Ansible naming

Co-authored-by: roysagi <[email protected]>

* Ansible naming

Co-authored-by: roysagi <[email protected]>

* Ansible naming

Co-authored-by: roysagi <[email protected]>

* Ansible naming

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* Better description

Co-authored-by: roysagi <[email protected]>

* remove todo

* Ansible branding + description clean up

* Ansible DNS Doco

* Formating

* Linux doco

* formating

* moved dns back to linux pack

* Cisco NXOS

* typo

* IOS requires a seperate become/enable password

* Cisco IOS documentation

* Azure Networking Doco

* VMware Doco

* deprecated notice

* deprecated notices

* ACME deprecated notice

* min version

* removed erronious output

* merge azure packages

* corrected context case

* Case corrections in Context

* Added privilege escalation options for Linux

* Documentation about complex command inputs

* Update Packs/AnsibleAlibabaCloud/Integrations/AnsibleAlibabaCloud/AnsibleAlibabaCloud.py

Co-authored-by: roysagi <[email protected]>

* Update Packs/AnsibleLinux/Integrations/AnsibleACME/AnsibleACME.yml

Co-authored-by: roysagi <[email protected]>

* editing azure readme

* editing azure readme

* editing ciscos readmes

* editing ciscos readmes

* Update Packs/AnsibleHetznerCloud/Integrations/AnsibleHCloud/README.md

* editing hcloud readme

* Update Packs/AnsibleKubernetes/Integrations/AnsibleKubernetes/README.md

* editing kubernetes readme

* editing linux readme

* editing windows readme

* editing windows readme

* editing vmware readme

* editing vmware readme

* editing vmware readme

* editing vmware readme

* editing vmware readme

* editing vmware readme

* editing vmware readme

* changing command examples

* fixing secrets

* fixing secrets and validations

* fixing secrets

* fixing secrets

* fixing secrets

* fixing rm108

* use title case for context

* fixing validations

* host argument collision fix

* whitespace

* revised doco for collided arg

* title case without underscores

* fix title case in documentation

* Title case in context path

* titlecase context paths

* correct display

* priv escalation details

* Capital letter in description

Co-authored-by: roysagi <[email protected]>
Co-authored-by: rsagi <[email protected]>

* reverting wrong changes

* fixing same playbook name

* skipping all integrations via conf.json

* fixing dependencies

* updating playbook-Windows_Application_Deployment_v2.yml

* updating playbook-Windows_Application_Deployment_v2.yml

* fixing names

* updating playbook-Wait_Until_Windows_Host_Online_v2.yml

* adding creds support

* adding creds support

* Merge branch 'master' into contrib/SergeBakharev_ansible_documentation&ApiModule

# Conflicts:
#	Tests/conf.json

* disabling guardrails false positive

* adding creds support for hcould

Co-authored-by: SergeBakharev <[email protected]>
Co-authored-by: roysagi <[email protected]>
Co-authored-by: rsagi <[email protected]>

* [Marketplace Contribution] SendGrid - Content Pack Update (#14350) (#14507)

* "contribution update to pack "SendGrid""

* pack resubmitted

* pack resubmitted

* pack resubmitted

* fix cr

* fix cr

* Update RN

Co-authored-by: bachen <[email protected]>

Co-authored-by: xsoar-bot <[email protected]>
Co-authored-by: bachen <[email protected]>

* Incidents test playbook (#13848)

* adding scripts

* changes

* adding test

* adding using instance

* fixed test

* changed health ckeck script

* new playbook

* changing the playbook

* new playbook

* new playbook

* changed playbook and added new scripts from indicators pr

* fixed typo

* added one more fetch incidents integraion

* changes from demo

* fixes from cr

* Apply suggestions from code review

Co-authored-by: Dan Tavori <[email protected]>

* added release notes

* adding test to test-conf

* added readme

* Update VerifyEnoughIncidents.yml

* Update 1_2_2.md

* Update VerifyEnoughIncidents.yml

* changed test conf

* changed VerifyContextFieldsList to VerifyObjectFieldsList

* save little changes

* Update README.md

Co-authored-by: Dan Tavori <[email protected]>
Co-authored-by: Richard Bluestone <[email protected]>

* Deprecated microsoft policy and compliance playbooks (#14378)

* Deprecated Azure and office365 playbooks, moving them to other pack.

* Updated release notes

* Updated release notes

* Wildfire polling enhancement (#13857)

* polling command

* report context

* report context

* report context

* report context

* report context

* report context

* UT

* UT

* Common Objects

* Common Objects

* deprecated: true

* upload assertment

* upload assertment

* TPB

* rn

* UT

* lint

* validtae

* validtae

* Delete lolo.xml

* Update Palo_Alto_Networks_WildFire_v2.yml

Done.

* Update 1_4_0.md

Done.

* RN

* yml fix

* Update Packs/Palo_Alto_Networks_WildFire/Integrations/Palo_Alto_Networks_WildFire_v2/Palo_Alto_Networks_WildFire_v2.py

Co-authored-by: Shai Yaakovi <[email protected]>

* RN

* server logs

* server logs

* server logs

* server logs

* TPB

* TPB

* TPB

* added toversion to playbook

* added toversion to playbook

* added toversion to playbook

* added toversion to playbook

* added toversion to playbook

* added toversion to playbook

* added toversion to playbook

* added toversion to playbook

* fix sha256

* fix sha256

* fix sha256

* fix sha256

* fix sha256

* Merge branch 'master' into upload_list_content_item

# Conflicts:
#	Tests/Marketplace/marketplace_constants.py
#	Tests/Marketplace/marketplace_services.py

* fstring fix

Co-authored-by: ShirleyDenkberg <[email protected]>
Co-authored-by: Shai Yaakovi <[email protected]>
Co-authored-by: yaakovi <[email protected]>

* [Marketplace Contribution] ConvertTimezoneFromUTC (#14512)

* "pack contribution initial commit" (#14384)

* fixed validate & lint

* Update Packs/ConvertTimezoneFromUTC/Scripts/ConvertTimezoneFromUTC/ConvertTimezoneFromUTC.py

* Update Packs/ConvertTimezoneFromUTC/Scripts/ConvertTimezoneFromUTC/ConvertTimezoneFromUTC.py

Co-authored-by: xsoar-bot <[email protected]>
Co-authored-by: cshayner <[email protected]>
Co-authored-by: ChanochShayner <[email protected]>

* fix typo (#14516)

* QRadar enhance ip commands (#14500)

* added support for ip arguments

* added args to readme

* Added rn

* small fixes to filter query

* reverted commenting

* Update Packs/QRadar/ReleaseNotes/2_0_22.md

Co-authored-by: roysagi <[email protected]>

* Update Docker Image To demisto/python3  (#14481)

* Updated Metadata Of Pack KasperskySecurityCenter

* Added release notes to pack KasperskySecurityCenter

* Packs/KasperskySecurityCenter/Integrations/KasperskySecurityCenter/KasperskySecurityCenter.yml Docker image update

* Updated Metadata Of Pack Shodan

* Added release notes to pack Shodan

* Packs/Shodan/Integrations/Shodan_v2/Shodan_v2.yml Docker image update

* Adding TPB of Kaspersky Security Center

* Updated Metadata Of Pack KasperskySecurityCenter

* Fixed build

* Added dbotscore to ip command + added readme file that was missing

* added dbotscore outputs to readme

* deleted use-case empty section

* removed unnecessary ignore

* Fixed cr comments

* added response_type to login

Co-authored-by: sberman <[email protected]>

* Upload list content item (#14464)

* removed the gke tag from run-validations job

* adding list item

* adding list item

* widget fix

* testing

* testing

* testing

* testing

* typo fix

* revert testing changes

* revert testing changes

* revert testing changes

* Update Docker Image To demisto/python3  (#14522)

* Updated Metadata Of Pack ExpanseV2

* Added release notes to pack ExpanseV2

* Packs/ExpanseV2/Integrations/FeedExpanse/FeedExpanse.yml Docker image update

* Content mgmt bug fixes (#14459)

* bug fixes

* bug fixes

* rn

* metadata

* Update pack_metadata.json

* Update Packs/ContentManagement/ReleaseNotes/1_0_3.md

Co-authored-by: roysagi <[email protected]>

* Typo fix constnats upload (#14525)

* fix typo

* fix typo

* fix typo

* Update Docker Image To demisto/chromium  (#14523)

* Updated Metadata Of Pack ExpanseV2

* Added release notes to pack ExpanseV2

* Packs/ExpanseV2/Scripts/ExpanseGenerateIssueMapWidgetScript/ExpanseGenerateIssueMapWidgetScript.yml Docker image update

* Fixed conflicts

Co-authored-by: sberman <[email protected]>
Co-authored-by: Shelly Berman <[email protected]>

* ParseEmailFiles - added code for multiple mime encoding (#14076)

* added code for multiple encoding

* added code for multiple encoding - rn tests

* added code for multiple encoding - rn tests

* added code for multiple encoding - rn tests

* docker

* rn

* add replace logic

* add replace logic

* meta data

* fix test

* lint

* fix

* rn

* added default and force arguments, added a verification null bytes not on encoded string

* rn

* change debug

* add debug

* update

* update

* Update Docker Image To demisto/python3  (#14532)

* Updated Metadata Of Pack Armis

* Added release notes to pack Armis

* Packs/Armis/Integrations/Armis/Armis.yml Docker image update

* Updated Metadata Of Pack AttackIQFireDrill

* Added release notes to pack AttackIQFireDrill

* Packs/AttackIQFireDrill/Integrations/AttackIQFireDrill/AttackIQFireDrill.yml Docker image update

* Updated Metadata Of Pack BPA

* Added release notes to pack BPA

* Packs/BPA/Integrations/BPA/BPA.yml Docker image update

* Updated Metadata Of Pack Barracuda

* Added release notes to pack Barracuda

* Packs/Barracuda/Integrations/BarracudaReputationBlockListBRBL/BarracudaReputationBlockListBRBL.yml Docker image update

* Updated Metadata Of Pack BastilleNetworks

* Added release notes to pack BastilleNetworks

* Packs/BastilleNetworks/Integrations/BastilleNetworks/BastilleNetworks.yml Docker image update

* Updated Metadata Of Pack BitDam

* Added release notes to pack BitDam

* Packs/BitDam/Integrations/BitDam/BitDam.yml Docker image update

* Updated Metadata Of Pack BitSight

* Added release notes to pack BitSight

* Packs/BitSight/Integrations/BitSightForSecurityPerformanceManagement/BitSightForSecurityPerformanceManagement.yml Docker image update

* Updated Metadata Of Pack BluelivThreatCompass

* Added release notes to pack BluelivThreatCompass

* Packs/BluelivThreatCompass/Integrations/BluelivThreatCompass/BluelivThreatCompass.yml Docker image update

* Updated Metadata Of Pack BluelivThreatContext

* Added release notes to pack BluelivThreatContext

* Packs/BluelivThreatContext/Integrations/BluelivThreatContext/BluelivThreatContext.yml Docker image update

* Updated Metadata Of Pack Bonusly

* Added release notes to pack Bonusly

* Packs/Bonusly/Integrations/Bonusly/Bonusly.yml Docker image update

* Updated the Microsoft Graph API README (#14368)

* Updated the Microsoft Graph API README

Added the authorization process commands - msgraph-api-auth-start, msgraph-api-auth-complete, msgraph-api-test

* Update Packs/MicrosoftGraphAPI/Integrations/MicrosoftGraphAPI/README.md

Co-authored-by: Itay Keren <[email protected]>

Co-authored-by: Itay Keren <[email protected]>
Co-authored-by: ikeren <[email protected]>

* Whois integration connectivity issue (#14519)

* test to recreate the bug

* bug fixed

* validate fix

* RN

* Update Packs/Whois/ReleaseNotes/1_2_4.md

Co-authored-by: Itay Keren <[email protected]>

* fixed proxy params in test.

Added more info to the proxy section in additional info

* Update Packs/Whois/Integrations/Whois/Whois.yml

Co-authored-by: Itay Keren <[email protected]>

* skip tests

* Revert "skip tests (#14455)"

This reverts commit 61bfafb9

* Indian domain test

* Indian domain fix

* rn

* Update Packs/Whois/ReleaseNotes/1_2_5.md

Co-authored-by: Itay Keren <[email protected]>

* checking for in tld in playbook-Whois-Test.yml

Co-authored-by: Itay Keren <[email protected]>

* Added several commands to Darktrace integration (#13905) (#14537)

* Added several commands to  darktrace

* Update Darktrace.yml

* lint fixes

* Update Darktrace.py

* lint fixes

* Added readme, and changed some details on the outp

* Added example commands

* Added additional details in readme-file

* lint fix

* Updated command argument desc.

* upgrade the docker image

* upgrade docker image

* bump version

* Added release notes

* added outputs

* Added tests for alle commends with output

* Added a single iteration to skip the first result

* removed all instances of add-comment

* Added outputs_key_field

* Added secrets to ignore

* Update Packs/Darktrace/Integrations/Darktrace/README.md

Co-authored-by: Yaakov Praisler <[email protected]>

* Update Packs/Darktrace/Integrations/Darktrace/README.md

Co-authored-by: Yaakov Praisler <[email protected]>

* fix test

* lint fix

* Updated docs

* lint fix

* lint fix

Co-authored-by: Yaakov Praisler <[email protected]>

Co-authored-by: Solli <[email protected]>
Co-authored-by: Yaakov Praisler <[email protected]>

* Update README.md (#14540)

* Update README.md (#14538)

* update README.md

Co-authored-by: Dorin-PM <[email protected]>
Co-authored-by: abaumgarten <[email protected]>

* Add Edit and Pin commands to SlackV3 (#14372)

* Add Edit and Pin commands to SlackV3

* Alexa v2 (#14072)

Added alexa v2 intgeration

* Unit42 sub-techniques (#14524)

* add parent to the sub thecnique name

* remove unrelated files

* RN

* version

* version

* Add UTs

* Fix UT

* Phishing - fixing dt + updating EWS/Gmail mappers (#14498)

* Strip labels and fix mail body dt script.

* Strip labels and fix mail body dt script.

* Adding fields to EWS mapper

* Fix dt on main playbook v5

* Changing Playbook inputs on "Process Email - Generic" from labels to fields

* Adding fields to Gmail mapper

* fixing EWS mapper name

* Phishing release notes

* Gmail release notes

* EWS release notes

* fixing EWS mapper id

* fix playbook id

* fix dt

* revert field to label in V6 playbook

* revert playbook inputs fields to labels in process email generic playbook

* release notes

* minor fix

* Update 2_4_1.md

Co-authored-by: Richard Bluestone <[email protected]>

* Added new transformer script - StringToArray (#14536)

* Added new transformer script

* Added rn + bumped version and fixed linting

* Fixed import

* Fixed cr's and added tpb

* Added test to yml

* changed uuid to transformer name in tpb

* upload_code_coverage_report.py, initial add (#14302)

* upload_code_coverage_report.py, initial add

* Formatted file

* upload code coverage report in nightly

* Update .gitlab/ci/global.yml

Co-authored-by: eli sharf <[email protected]>

* fix syntax

* fix script

* fixup! fix script

* upload_code_coverage_report.py, initial add

* Formatted file

* upload code coverage report in nightly

* Update .gitlab/ci/global.yml

Co-authored-by: eli sharf <[email protected]>

* fix syntax

* fix script

* fixup! fix script

* fixup! fixup! fix script

* fix

* final fix

* improve

* fixup! improve

* Undelete line

* Rearrange erinstated lines

* Unit test

* Test files

* Format file

* Pythonify

* Format

* Update Utils/upload_code_coverage_report.py

Co-authored-by: Shai Yaakovi <[email protected]>

* Use Tuple instead of Dict

* Format file

Co-authored-by: eli sharf <[email protected]>
Co-authored-by: esharf <[email protected]>
Co-authored-by: Shai Yaakovi <[email protected]>

* [Marketplace Contribution] Palo Alto Networks Cortex XDR - Investigation and Response - Content Pack Update (#14550)

* "contribution update to pack "Palo Alto Networks Cortex XDR - Investigation and Response"" (#14505)

* fixed

* fixed

Co-authored-by: xsoar-bot <[email protected]>
Co-authored-by: abaumgarten <[email protected]>

* AlienVault USM - handle alarms with timestamp_occured (#14542)

* add test for alarm with timestamp_occured

* use timestamp_occured as incident occurred time

* Update Packs/AlienVault_USM_Anywhere/Integrations/AlienVault_USM_Anywhere/AlienVault_USM_Anywhere.py

Co-authored-by: Bar Katzir <[email protected]>

* Update Packs/AlienVault_USM_Anywhere/Integrations/AlienVault_USM_Anywhere/AlienVault_USM_Anywhere.py

Co-authored-by: Bar Katzir <[email protected]>

Co-authored-by: Bar Katzir <[email protected]>

* Microsoft Graph Mail incoming mapper (#14468)

* new mapper + release notes

* Adding more fields

* removed the use-cases from all ansible packs (#14555)

* change channels:write to channels:manage scope SlackV3 (#14556)

* Cisco Umbrella Investigate - handle empty emails list returned in the domain command (#14541)

* add google.com to domain cmd test

* add support for multiple domains

* pass emails list instead of dict to tbtomd

* adjust test playbook

* build output per domain

* ignore type hint

* set isArray to true and add note about multiple domains to rn

* CommonServerPython - check if session exist before trying to close it (#14526)

* Cortex XDR - handle already blacklisted files (#14552)

* test blacklist-files

* handle err returned in case file already blacklistedd

* verify res is dict

* revert 3_0_25.md

* revert 3_0_25.md

* CrowdStrike API Integration (#12335)

* crowdstrike api integration initial commit

* call handle_proxy

* Update CrowdStrikeAPI.yml

Done.

* Update CrowdStrikeAPI.yml

Done.

* Update CrowdStrikeAPI_description.md

Done.

* Update README.md

Done.

* Update README.md

Done.

* bump docker image tag

* gco

* add test data

* fix test data filename

* bump docker image tag

* autopep8

* ignore E501

* rm config json

* add readme

* improve docs

Co-authored-by: ShirleyDenkberg <[email protected]>

* Zscaler - handle returned URLs protocols (#14529)

* replace res urls from given ones

* add rn

* improve condition for matching url

* Symantec DLP - fix handling of fetch limit (#14561)

* test fetch incidents with limit less than num of dlp incidents returned

* fix fetch limit handling

* fix W293

* fix W293

* PP rule support (#14470)

* pp rule support

* testing

* fix name

* testing

* typo fix

* revert testing changes

* revert testing changes

* revert testing changes

* fix typo

* scheme verification

* Merge branch 'master' into upload_preprocessing_rule_content_item

# Conflicts:
#	Tests/Marketplace/marketplace_constants.py
#	Tests/Marketplace/marketplace_services.py

* Merge branch 'master' into upload_preprocessing_rule_content_item

# Conflicts:
#	Tests/Marketplace/marketplace_constants.py
#	Tests/Marketplace/marketplace_services.py

* added login to gcp, fixed a default argument (#14331)

* replaced the contrib checkout to use github api (#13676)

* replaced the contrib checkout to use GitHub REST API
* update UT

Co-authored-by: esharf <[email protected]>

* Thycotic dsv (#14475)

* Thycotic dsv (#11589)

* Init revision

* Init revision

* Add integration Thycotic Secret Server

* Delete comment block

* Add TestPlaybook

* Modify Tests/conf.json
Delete error files

* Delete file

* Add Test Playbook

* Update Packs/Thycotic/TestPlaybooks/Thycotic-Test.yml

Co-authored-by: Bar Katzir <[email protected]>

* Update Tests/conf.json

Co-authored-by: Bar Katzir <[email protected]>

* Update Packs/Thycotic/pack_metadata.json

Co-authored-by: Bar Katzir <[email protected]>

* Update Packs/Thycotic/pack_metadata.json

Co-authored-by: Bar Katzir <[email protected]>

* Change support contacts

* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.py

Co-authored-by: Bar Katzir <[email protected]>

* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.py

Co-authored-by: Bar Katzir <[email protected]>

* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.py

Co-authored-by: Bar Katzir <[email protected]>

* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.yml

Co-authored-by: Bar Katzir <[email protected]>

* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.yml

Co-authored-by: Bar Katzir <[email protected]>

* Change description for output parameters

* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.yml

Co-authored-by: Bar Katzir <[email protected]>

* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.yml

Co-authored-by: Bar Katzir <[email protected]>

* Fix

* Change exception message for command test_command

* Change description, add version Secret Server

* Add param proxy

* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.py

Co-authored-by: Bar Katzir <[email protected]>

* Update Packs/Thycotic/Integrations/Thycotic/Thycotic.py

Co-authored-by: Bar Katzir <[email protected]>

* Generate documentation for integration

* Change version for Secret Server in documentation

* Add param verify to class Client

* Add files via upload

* Add files via upload

* Add files via upload

* Updated Thycotic Integration

* Delete conf.json

* Regenerate Thycotc-Test

* Update Thycotic_test.py

* Update Thycotic.yml

* Update pack_metadata.json

Change tags

* Update README.md

* Update conf.json

* Update pack_metadata.json

* Update Thycotic.yml

Change description

* Update Thycotic.py

Change test_module

* Update Thycotic.py

Fix syntax error

* Update Thycotic_test.py

Fix UT

* Modify test command fetch-credential

* running format

* Add files via upload

Change description

* Update Thycotic_description.md

* Update Thycotic_description.md

* Add files via upload

Updated description for output paramets

* Init release for Thycotic DevOps Storage Vault

* Change description

* Fixed errors in descriptions.

* Fixed

* Add files via upload

* Fixed

* Add files via upload

* Add files via upload

* Fix description

* Add files via upload

* Add files via upload

* Fixed

* Add files via upload

* Add files via upload

* Add files via upload

* Delete ThycoticDSV.yml

* Add files via upload

* Delete ThycoticDSV.py

* Delete ThycoticDSV.yml

* Delete Packs/Thycotic directory

* Update pack_metadata.json

* Update descriptions

* Update descriptions

* Fix

* Markdown output

Co-authored-by: Bar Katzir <[email protected]>
Co-authored-by: Guy Keller <[email protected]>
Co-authored-by: guykeller <g12k34ppp>

* fixing docs

* added author image

Co-authored-by: Andrey Nikolaev <[email protected]>
Co-authored-by: Bar Katzir <[email protected]>
Co-authored-by: Guy Keller <[email protected]>
Co-authored-by: guykeller <g12k34ppp>

* Splunk Fixes (#14568)

* fixed an issue in the outgoing mapper, fixed an issue in update-remote-system command

* improved documentation

* version bump

* cr fixes

* Fix Get endpoint details - Generic playbook (#14569)

* fix_playbook

* fix task

* Fix RN

* upload new image

* update image link

* Update 2_0_3.md

Done.

Co-authored-by: ShirleyDenkberg <[email protected]>

* LogsignSiem Pack PR (#14565)

* LogsignSiem Pack PR (#13875)

* created logsignsiem pack

* added logsignsiem classifiers mapper files and deleted dockerfile

* fixed [PA126] validation warning

* fixed some description in yaml file

* deleted override http_request method and updated unittests

* fixed last_fetch parameter and updated tests

* removed unused variable

* fixed logsignsiem api description

* fixed logsignsiem api description

* added query parameter and help section and fixed get-columns-query on api

* fixed unittest func name

* fixed Flake8 error

* Update Packs/LogsignSiem/README.md

* deleted logsign-get-incident method, added default param to query

* rm integration setup from detailed desc

* set default classifier and mapper

Co-authored-by: Itay Keren <[email protected]>

* add author_image

Co-authored-by: Kerem <[email protected]>
Co-authored-by: Itay Keren <[email protected]>
Co-authored-by: ikeren <[email protected]>

* Update Docker Image To demisto/python3  (#14558)

* Updated Metadata Of Pack C2sec

* Added release notes to pack C2sec

* Packs/C2sec/Integrations/C2sec/C2sec.yml Docker image update

* Updated Metadata Of Pack CTIX

* Added release notes to pack CTIX

* Packs/CTIX/Integrations/CTIX/CTIX.yml Docker image update

* Updated Metadata Of Pack CVESearch

* Added release notes to pack CVESearch

* Packs/CVESearch/Integrations/CVESearchV2/CVESearchV2.yml Docker image update

* Updated Metadata Of Pack CarbonBlackProtect

* Added release notes to pack CarbonBlackProtect

* Packs/CarbonBlackProtect/Integrations/CarbonBlackProtect/CarbonBlackProtect.yml Docker image update

* Updated Metadata Of Pack CentrifyVault

* Added release notes to pack CentrifyVault

* Packs/CentrifyVault/Integrations/CentrifyVault/CentrifyVault.yml Docker image update

* Updated Metadata Of Pack Cherwell

* Added release notes to pack Cherwell

* Packs/Cherwell/Integrations/Cherwell/Cherwell.yml Docker image update

* Updated Metadata Of Pack CiscoESAIronPortEmailAPI

* Added release notes to pack CiscoESAIronPortEmailAPI

* Packs/CiscoESAIronPortEmailAPI/Integrations/CiscoIronPortEMailAPI/CiscoIronPortEMailAPI.yml Docker image update

* Updated Metadata Of Pack CiscoEmailSecurity

* Added release notes to pack CiscoEmailSecurity

* Packs/CiscoEmailSecurity/Integrations/CiscoEmailSecurity/CiscoEmailSecurity.yml Docker image update

* Updated Metadata Of Pack Claroty

* Added release notes to pack Claroty

* Packs/Claroty/Integrations/Claroty/Claroty.yml Docker image update

* Updated Metadata Of Pack CloudConvert

* Added release notes to pack CloudConvert

* Packs/CloudConvert/Integrations/CloudConvert/CloudConvert.yml Docker image update

* Added dbotscore outputs to yml and readme

Co-authored-by: sberman <[email protected]>

* IAM Group Sync - Slack & Okta (#13550)

* changes

* fixes and changes

* fixes and changes

* RN

* remove test functions

* lint

* fix

* fix

* command result

* fix

* fix

* changes

* Merge branch 'master' into slack-iam

# Conflicts:
#	Packs/Okta/ReleaseNotes/2_2_2.md
#	Packs/Slack/ReleaseNotes/2_1_2.md

* in progress

* some minor changes

* RN conflicts fix

* RN conflicts fix

Co-authored-by: Dan Tavori <[email protected]>
Co-authored-by: Dan Tavori <[email protected]>

* fixing dups and typos (#14578)

* fix upload-flow bug in collect_content_items (#14579)

* qradar: fix aql link (#13902)

Co-authored-by: glicht <[email protected]>

* ran update conf script to generate full conf. Deleted from build call to script (#14583)

* Prisma Cloud playbooks bug fix (#14511)

* Prisma Cloud playbooks bug fix

* updated release notes

* Edited playbooks structure and added new photos

* Updated image names

* Added new links to images

* Nightly test failure skippings  (#14557)

* Skipped  the following tests: "iDefense_v2_Test", "EWS Mail Sender Test", "McAfee ESM v2 - Test v10.3.0", "AzureADTest", "AWS - IAM Test Playbook", "Feed iDefense Test", "FireEyeNX-Test", "McAfee ESM v2 - Test v10.2.0", "McAfee ESM Watchlists - Test v10.3.0", "McAfee ESM Watchlists - Test v10.2.0", "Microsoft Teams Management - Test"

* reverted integration changes

* reverted

* Skipped  the following tests: "Zscaler Test", "palo_alto_panorama_test_pb"

* Update from master

* Skipped  the following tests: "LogRhythm REST test", "Cisco Umbrella Test"

* Skipped  the following tests: "Cisco Umbrella Test", "LogRhythm REST test"

* Skipped  the following tests: "Detonate URL - WildFire v2.1 - Test", "LogRhythm REST test"

* Skipped  the following tests: "Detonate URL - WildFire v2.1 - Test", "LogRhythm REST test"

* merge from master

* merge from master

Co-authored-by: ShahafBenYakir <[email protected]>

* ParseEmailFiles -  roll back to multiple encoding part (#14585)

* roll back

* rn

* du

* test

* Update Packs/CommonScripts/Scripts/ParseEmailFiles/ParseEmailFiles_test.py

Co-authored-by: yuvalbenshalom <[email protected]>

Co-authored-by: yuvalbenshalom <[email protected]>

* Update Threat Intel objects and their score (#14587)

* Test DONT Merge

* Test DONT Merge

* test

* Add to Threat Intel

* Update Threat Intel Objs and Score

* remove unrelated files

* docker update

* CrowdStrike falcon enhancement  (#14476)

Added new commands for CrowdStrike falcon integration:
  - ***cs-falcon-create-host-group***
  - ***cs-falcon-update-host-group***
  - ***cs-falcon-list-host-group-members***
  - ***cs-falcon-add-host-group-members***
  - ***cs-falcon-remove-host-group-members***
  - ***cs-falcon-list-host-groups***
  - ***cs-falcon-delete-host-groups***

* Active Directory Query v2 - fixed an issue where group name includes parentheses (#14451)

* unskip LogRhythm REST test (#14596)

* ArcSight ESM - add the eventFieldsToStringify arg to get-case cmd (#14553)

* add the eventFieldsToStringify arg to get-case cmd

* fix W293

* rm fieldstostringify and cast to str every large int

* fix notes and docs

* bump docker image

* fix docker image

* [Bug] Maltiverse returns error when file command has no proccess_list  (#14517)

* adding test that fails

* replace [] with get

* added rn

* Update Packs/Maltiverse/ReleaseNotes/1_0_7.md

Co-authored-by: Andrew Shamah <[email protected]>

* fixed typo in rn

* added given when then to test

Co-authored-by: Andrew Shamah <[email protected]>

* Add markdown images support in sanePdfReport (#14508)

* Add markdown images support in sanePdfReport

* Verify server object before closing the server

* Start markdown server only if demisto version is ge 6.5

* Add markdown server unit test

* update sane-pdf-reports image version in RN

* Update 1_13_28.md

Co-authored-by: yaron-libman <[email protected]>

* Update Docker Image To demisto/carbon-black-cloud  (#14605)

* Updated Metadata Of Pack CarbonBlackDefense

* Added release notes to pack CarbonBlackDefense

* Packs/CarbonBlackDefense/Integrations/CarbonBlackLiveResponseCloud/CarbonBlackLiveResponseCloud.yml Docker image update

* Update Docker Image To demisto/boto3py3  (#14609)

* Updated Metadata Of Pack SecurityIntelligenceServicesFeed

* Added release notes to pack SecurityIntelligenceServicesFeed

* Packs/SecurityIntelligenceServicesFeed/Integrations/SecurityIntelligenceServicesFeed/SecurityIntelligenceServicesFeed.yml Docker image update

* Update Docker Image To demisto/cyjax  (#14607)

* Updated Metadata Of Pack FeedCyjax

* Added release notes to pack FeedCyjax

* Packs/FeedCyjax/Integrations/FeedCyjax/FeedCyjax.yml Docker image update

* Fixed fetch to include max fetch + time range as part of api query (#14599)

* GitHub Releases List Command (#14480)

* added command, yml, unit test

* added test file data

* added task of new command to TPB

* added rn

* add README command entry

* removed dor username from test data

* validation fix

* dan cr notes

* lint fixes

* Added extra check since some eml files where still passing (#14600)

* Added extra check since some eml files where still passing (#14545)

* Added extra check since some eml files where still passing

* - Update metadata
- Add releasenotes

Co-authored-by: Aviya Baumgarten <[email protected]>

* update RN

* update RN

Co-authored-by: Steven Goossens <[email protected]>
Co-authored-by: Aviya Baumgarten <[email protected]>
Co-authored-by: abaumgarten <[email protected]>

* Update Docker Image To demisto/google-api-py3  (#14608)

* Updated Metadata Of Pack GoogleCloudSCC

* Added release notes to pack GoogleCloudSCC

* Packs/GoogleCloudSCC/Integrations/GoogleCloudSCC/GoogleCloudSCC.yml Docker image update

* Update Docker Image To demisto/crypto  (#14604)

* Updated Metadata Of Pack AzureSQLManagement

* Added release notes to pack AzureSQLManagement

* Packs/AzureSQLManagement/Integrations/AzureSQLManagement/AzureSQLManagement.yml Docker image update

* Updated Metadata Of Pack X509Certificate

* Added release notes to pack X509Certificate

* Packs/X509Certificate/Scripts/CertificateExtract/CertificateExtract.yml Docker image update

* Added test to script yml

Co-authored-by: sberman <[email protected]>

* Microsoft Teams bug fixes and improvements (#14548)

* Microsoft Teams bug fixes and improvements (#14543)

* Add support for full width

* Add support for Informational threshold

* Fix bug with auto_notifications

* Update release notes

* Change default for 'auto_notifications' to false

* changed parameter to be disable instead of enable

* Update readme

* possible test fixes

* lint fixes for severity to float

Co-authored-by: tneeman <[email protected]>

* cr fixes

* added microsoft teams TPB to conf json, although skipepd (for validation)

Co-authored-by: Paul D <[email protected]>
Co-authored-by: tneeman <[email protected]>

* Update Docker Image To demisto/python3  (#14602…
  • Loading branch information
@MosheEichler @ShirleyDenkberg
@esharf @melamedbn @evisochek @anara123 @avidan-H @tschanfeld @content-bot @adambaumeister @GuyAfik @anas-yousef @JasBeilin @dansterenson @mikewilusz-stairwell @reedium @thefrieddan1 @ilaner @yasta5 @eepstain @nkanon @guytamir10 @ostolero @bakatzir @Shellyber @michal-dagan @maimorag @dorschw @daryakoval @yucohen @crestdatasystems @ShahafBenYakir @xsoar-bot @ChanochShayner @DeanArbel @EvgeniyMeteliza @abaumgarten @PA-Rweins @Itay4 @adi88d @jochman @roysagi @nb-pdragoi @pdragoi @yaakovpraisler @tamarsix @Noy-Maimon @SergeBakharev @dantavori @richardbluestone @altmannyarden @yaakovi @tomneeman151293 @teizenman @tallieber @iyeshaya @solli1 @Dorin-PM @amshamah419 @tomer-pan @tkatzir @guyfreund @AndyNikolaev @guykeller @keremvatandas @OrelHaim @glicht @mayagoldb @yuvalbenshalom @davidbinyamin @yaron-libman @stevengoossensB @jasonlo82 @Kaushal28 @moishce-zz @cbrake1 @shannon-holland @merit-maita @idovandijk @Bargenish @okaufman34 @tsachzim @EliorKedar @aamar88 @Ni-Knight @omerKarkKatz @epartington @Jyoti-Sophos @rshunim @johnnywilkes @capanw @roshani-delinea-github @YuvHayun
110 people committed Dec 4, 2022
1 parent db37676 commit 69f25d1
Show file tree
Hide file tree
Showing 33 changed files with 111 additions and 126 deletions.
4 changes: 2 additions & 2 deletions Packs/AccentureCTI/Integrations/ACTIIndicatorQuery/ACTIIndicatorQuery.py
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
from typing import Union
import urllib3
from CommonServerPython import *
# Disable insecure warnings
requests.packages.urllib3.disable_warnings()
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

'''CONSTANTS'''
DATE_FORMAT = '%Y-%m-%d %H:%M:%S'
Expand Down
2 changes: 1 addition & 1 deletion Packs/AccentureCTI/Integrations/ACTIIndicatorQuery/ACTIIndicatorQuery.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -404,7 +404,7 @@ script:
description: The actual score.
type: String

dockerimage: demisto/python3:3.10.5.31928
dockerimage: demisto/python3:3.10.8.39276
feed: false
isfetch: false
longRunning: false
Expand Down
26 changes: 13 additions & 13 deletions Packs/AccentureCTI/Integrations/ACTIIndicatorQuery/ACTIIndicatorQuery_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -371,12 +371,12 @@ def test_url_not_found():
"""

url = 'https://test.com/rest/threatindicator/v0/url?key.values=http://www.malware.com'
url = 'https://test.com/rest/threatindicator/v0/url?key.values=http://www.malware.com/path'
status_code = 200
json_data = {'total_size': 0, 'page': 1, 'page_size': 25, 'more': False}
expected_output = "No results were found for url http://www.malware.com"
expected_output = "No results were found for url http://www.malware.com/path"

url_to_check = {'url': 'http://www.malware.com'}
url_to_check = {'url': 'http://www.malware.com/path'}
with requests_mock.Mocker() as m:
m.get(url, status_code=status_code, json=json_data)
client = Client(API_URL, 'api_token', True, False, ENDPOINTS['threatindicator'])
Expand Down Expand Up @@ -476,18 +476,18 @@ def test_url_command():
"""

url = 'https://test.com/rest/threatindicator/v0/url?key.values=http://www.malware.com'
doc_url = 'https://test.com/rest/document/v0?links.display_text.values=http://www.malware.com&type.values=intelligence_alert&type.values=intelligence_report&links.display_text.match_all=true' # noqa: E501
url = 'https://test.com/rest/threatindicator/v0/url?key.values=http://www.malware.com/path'
doc_url = 'https://test.com/rest/document/v0?links.display_text.values=http://www.malware.com/path&type.values=intelligence_alert&type.values=intelligence_report&links.display_text.match_all=true' # noqa: E501
status_code = 200
json_data = URL_RES_JSON
intel_json_data = URL_INTEL_JSON

expected_output = {
'URL': [{'Data': 'http://www.malware.com'}],
'DBOTSCORE': [{'Indicator': 'http://www.malware.com', 'Type': 'url', 'Vendor': 'iDefense',
'URL': [{'Data': 'http://www.malware.com/path'}],
'DBOTSCORE': [{'Indicator': 'http://www.malware.com/path', 'Type': 'url', 'Vendor': 'iDefense',
'Score': 2, 'Reliability': 'B - Usually reliable'}]}

url_to_check = {'url': 'http://www.malware.com'}
url_to_check = {'url': 'http://www.malware.com/path'}
with requests_mock.Mocker() as m:
m.get(url, status_code=status_code, json=json_data)
m.get(doc_url, status_code=status_code, json=intel_json_data)
Expand Down Expand Up @@ -517,20 +517,20 @@ def test_url_command_when_api_key_not_authorized_for_document_search():
"""

url = 'https://test.com/rest/threatindicator/v0/url?key.values=http://www.malware.com'
doc_url = 'https://test.com/rest/document/v0?links.display_text.values=http://www.malware.com&type.values=intelligence_alert&type.values=intelligence_report&links.display_text.match_all=true' # noqa: E501
url = 'https://test.com/rest/threatindicator/v0/url?key.values=http://www.malware.com/path'
doc_url = 'https://test.com/rest/document/v0?links.display_text.values=http://www.malware.com/path&type.values=intelligence_alert&type.values=intelligence_report&links.display_text.match_all=true' # noqa: E501
status_code = 200
error_status_code = 403
json_data = URL_RES_JSON
doc_search_exception_response = {'timestamp': '2021-11-12T09:09:27.983Z', 'status': 403,
'error': 'Forbidden', 'message': 'Forbidden', 'path': '/rest/document/v0'}

expected_output = {
'URL': [{'Data': 'http://www.malware.com'}],
'DBOTSCORE': [{'Indicator': 'http://www.malware.com', 'Type': 'url', 'Vendor': 'iDefense',
'URL': [{'Data': 'http://www.malware.com/path'}],
'DBOTSCORE': [{'Indicator': 'http://www.malware.com/path', 'Type': 'url', 'Vendor': 'iDefense',
'Score': 2, 'Reliability': 'B - Usually reliable'}]}

url_to_check = {'url': 'http://www.malware.com'}
url_to_check = {'url': 'http://www.malware.com/path'}
with requests_mock.Mocker() as m:
m.get(url, status_code=status_code, json=json_data)
m.get(doc_url, status_code=error_status_code, json=doc_search_exception_response)
Expand Down
8 changes: 4 additions & 4 deletions Packs/AccentureCTI/Integrations/ACTIIndicatorQuery/test_data/response_constants.py
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@


URL_RES_JSON = {
'results': [{'confidence': 50, 'display_text': 'http://www.malware.com',
'results': [{'confidence': 50, 'display_text': 'http://www.malware.com/path',
'files': [{'confidence': 50, 'display_text': '934a72f37d861097c85dc3c2e16bca3c',
'key': '934a72f37d861097c85dc3c2e16bca3c', 'last_seen': '2020-10-07T20:26:30.000Z',
'relationship': 'contactsC2At', 'relationship_created_on': '2020-10-07T20:04:51.000Z',
Expand All @@ -28,7 +28,7 @@
'sha256': 'bc75daf4592c8aace308f72a6393927e2ae174784cbdaba1b6b641b60aa2c84d',
'href': '/rest/fundamental/v0/b96a5814-bf98-4ad9-9980-7632f5c6a20f'}],
'index_timestamp': '2020-10-26T09:29:54.600Z',
'key': 'http://www.malware.com',
'key': 'http://www.malware.com/path',
'last_modified': '2020-10-18T15:25:00.000Z',
'last_published': '2020-10-05T23:51:53.000Z', 'last_seen': '2020-10-06T00:59:33.000Z',
'last_seen_as': ['MALWARE_C2'], 'malware_family': [],
Expand All @@ -49,13 +49,13 @@

URL_INTEL_JSON = {'results': [
{
'key': 'http://www.malware.com',
'key': 'http://www.malware.com/path',
'title': 'my intelligence alert',
'type': 'intelligence_alert',
'uuid': '60a2ef03-8650-490b-9542-0f8cc21e5c6d'
},
{
'key': 'http://www.malware.com',
'key': 'http://www.malware.com/path',
'title': 'my intelligence report',
'type': 'intelligence_report',
'uuid': '70a2ef03-8650-490b-9542-0f8cc21e5c6d'
Expand Down
4 changes: 4 additions & 0 deletions Packs/AccentureCTI/ReleaseNotes/2_2_2.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@

#### Integrations
##### ACTI Indicator Query
- Updated the Docker image to: *demisto/python3:3.10.8.39276*.
2 changes: 1 addition & 1 deletion Packs/AccentureCTI/pack_metadata.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "Accenture CTI v2",
"description": "Accenture CTI provides intelligence regarding security threats and vulnerabilities.",
"support": "partner",
"currentVersion": "2.2.1",
"currentVersion": "2.2.2",
"author": "Accenture",
"url": "https://www.accenture.com/us-en/services/security/cyber-defense",
"email": "[email protected]",
Expand Down
6 changes: 3 additions & 3 deletions Packs/AutoFocus/Integrations/FeedAutofocus/FeedAutofocus.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -339,10 +339,10 @@ def find_indicator_type(indicator: str) -> str:
Returns:
str: The type of the indicator.
"""
if re.match(urlRegex, indicator):
return FeedIndicatorType.URL
elif ip_type := FeedIndicatorType.ip_to_indicator_type(indicator):
if ip_type := FeedIndicatorType.ip_to_indicator_type(indicator):
return ip_type
elif re.match(urlRegex, indicator):
return FeedIndicatorType.URL
elif re.match(sha256Regex, indicator):
return FeedIndicatorType.File
else:
Expand Down
2 changes: 1 addition & 1 deletion Packs/AutoFocus/Integrations/FeedAutofocus/FeedAutofocus.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ script:
description: Gets the indicators from AutoFocus.
execution: false
name: autofocus-get-indicators
dockerimage: demisto/python3:3.10.8.37753
dockerimage: demisto/python3:3.10.8.39276
feed: true
isfetch: false
longRunning: false
Expand Down
15 changes: 7 additions & 8 deletions Packs/AutoFocus/Integrations/FeedAutofocusDaily/FeedAutofocusDaily.py
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,11 @@
from typing import List, Tuple, Optional

# IMPORTS
import requests
from CommonServerUserPython import *

from typing import List, Tuple, Optional
import urllib3
from CommonServerPython import *

# Disable insecure warnings
requests.packages.urllib3.disable_warnings()
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)


class Client(BaseClient):
Expand Down Expand Up @@ -55,10 +53,11 @@ def find_indicator_type(indicator: str) -> str:
Returns:
str: The type of the indicator.
"""
if re.match(urlRegex, indicator):
return FeedIndicatorType.URL
elif ip_type := FeedIndicatorType.ip_to_indicator_type(indicator):
if ip_type := FeedIndicatorType.ip_to_indicator_type(indicator):
return ip_type
elif re.match(urlRegex, indicator):
return FeedIndicatorType.URL

elif re.match(sha256Regex, indicator):
return FeedIndicatorType.File
else:
Expand Down
8 changes: 8 additions & 0 deletions Packs/AutoFocus/ReleaseNotes/2_0_32.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@

#### Integrations
##### AutoFocus Daily Feed (Deprecated)
- Maintenance and stability enhancements.

##### AutoFocus Feed
- Updated the Docker image to: *demisto/python3:3.10.8.39276*.
- Maintenance and stability enhancements.
2 changes: 1 addition & 1 deletion Packs/AutoFocus/pack_metadata.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "AutoFocus by Palo Alto Networks",
"description": "Use the Palo Alto Networks AutoFocus integration to distinguish the most\n important threats from everyday commodity attacks.",
"support": "xsoar",
"currentVersion": "2.0.31",
"currentVersion": "2.0.32",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down
6 changes: 6 additions & 0 deletions Packs/Base/ReleaseNotes/1_31_41.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@

#### Scripts
##### CommonServerPython
- Updated the Docker image to: *demisto/python:2.7.18.37800*.
- Updated the URL regular expression.
- Updated the IPv6 regular expression.
4 changes: 2 additions & 2 deletions Packs/Base/Scripts/CommonServerPython/CommonServerPython.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7539,11 +7539,11 @@ def replace_str(src_str):

ipv4Regex = r'^(?P<ipv4>(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?P<port>:(?:6[0-5][\d]{3}|[1-5][\d]{4}|[1-9][\d]{,3}))?$' # noqa: E501
ipv4cidrRegex = r'^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))$'
ipv6Regex = r'\b(?:(?:[0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:(?:(:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\b' # noqa: E501
ipv6Regex = r'^(?:(?:[0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:(?:(:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$' # noqa: E501
ipv6cidrRegex = r'^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))$' # noqa: E501
emailRegex = r'''(?:[a-z0-9!#$%&'*+/=?^_\x60{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_\x60{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])''' # noqa: E501
hashRegex = r'\b[0-9a-fA-F]+\b'
urlRegex = r'(?i)((?:(?:https?|ftps?|hxxps?|sftp|meows):\/\/|www\[?\.\]?|ftp\[?\.\]?|(?:(?:https?|ftps?|hxxps?|sftp|meows):\/\/www\[?\.\]?))(((25[0-5]|2[0-4][0-9]|[0-1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9][0-9]?)(\[?\.\]?[A-Za-z]{2,6})?)|(([A-Za-z0-9\S]\.|[A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9]\[?\.\]?){1,3}[A-Za-z]{2,6})|(0\[?x\]?[0-9a-fA-F]{8})|([0-7]{4}\.[0-7]{4}\.[0-7]{4}\.[0-7]{4})|([0-9]{1,10}))($|\/\S+|\/$|:[0-9]{1,5}($|\/\S*))|^(((25[0-5]|2[0-4][0-9]|[0-1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9][0-9]?))(\/([0-9]|[12][0-9]|3[0-2])\/\S+|\/[A-Za-z]\S*|\/([3-9]{2}|[0-9]{3,})\S*|(:[0-9]{1,5}\/\S+))$)|(([A-Za-z0-9\S]\.|[A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9]\[?\.\]?){1,3}[A-Za-z]{2,6}(((\/\S+))|(:[0-9]{1,5}\/\S+))$)|\b(?:(?:[0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:(?:(:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\b((\/([0-9]|[1-5][0-9]|6[0-4])\/\S+|\/[A-Za-z]\S*|\/((6[5-9]|[7-9][0-9])|[0-9]{3,}|65)\S*|(:[0-9]{1,5}\/\S+))$))' # noqa: E501
urlRegex = r"(?i)^[\[({\"']*(?P<url>(?P<scheme>(?:https?|hxxps?|s?ftps?|meows?)[:-](?:\/\/|\\\\|3A__))?(?P<host>(?P<simple_domain>(?:[\w\-_]+\[?\.\]?)+[^\W\d]{2,})|(?P<ipv4>(?:(?:25[0-5]|2[0-4][\d]|[01]?[\d][\d]?)\.){3}(?:25[0-5]|2[0-4][\d]|[01]?[\d][\d]?)|[1])|(?P<HEXIPv4>0\[?x]?[\da-f]{8})|(?P<ipv6>\[?(?:(?:[\da-fA-F]{1,4}:){7,7}[\da-fA-F]{1,4}|(?:[\da-fA-F]{1,4}:){1,7}:|([\da-fA-F]{1,4}:){1,6}:[\da-fA-F]{1,4}|([\da-fA-F]{1,4}:){1,5}(:[\da-fA-F]{1,4}){1,2}|([\da-fA-F]{1,4}:){1,4}(:[\da-fA-F]{1,4}){1,3}|([\da-fA-F]{1,4}:){1,3}(:[\da-fA-F]{1,4}){1,4}|([\da-fA-F]{1,4}:){1,2}(:[\da-fA-F]{1,4}){1,5}|[\da-fA-F]{1,4}:(?:(:[\da-fA-F]{1,4}){1,6})|:(?:(:[\da-fA-F]{1,4}){1,7}|:)|fe80:(?::[\da-fA-F]{0,4}){0,4}%[\da-zA-Z]{1,}|::(?:ffff(?::0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[\d]){0,1}[\d])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[\d]){0,1}[\d])|([\da-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[\d]){0,1}[\d])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[\d]){0,1}[\d]))\]?))(?P<port>:(?:6[0-5][\d]{3}|[1-5][\d]{4}|[1-9][\d]{,3}))?(?P<path>\/(?:[^?#\s]+\/)*[^?#\s]+)(?P<query>\?[^\s#]*)?(?P<fragment>#[\w\d]*)?)[\[({\"']*$" # noqa: E501
domainRegex = r"(?i)(?:(?:http|ftp|hxxp)s?(?:://|-3A__|%3A%2F%2F))?((?:[^\\\.@\s\"',(\[:?=]+(?:\.|\[\.\]))+[a-zA-Z]{2,})(?:[_/\s\"',)\]]|[.]\s|%2F|$)"
cveRegex = r'(?i)^cve-\d{4}-([1-9]\d{4,}|\d{4})$'
md5Regex = re.compile(r'\b[0-9a-fA-F]{32}\b', regexFlags)
Expand Down
Loading

0 comments on commit 69f25d1

Please sign in to comment.