You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: Packs/AzureResourceGraph/Integrations/AzureResourceGraph/README.md
+9-12
Original file line number
Diff line number
Diff line change
@@ -12,20 +12,19 @@ For more details about the authentication used in this integration, see [Microso
12
12
13
13
- After authorizing the Self-Deployed Application, you will get an ID, Token, and Key, which should be inserted in the integration instance configuration's corresponding fields. After giving consent, the application has to have a role assigned so it can access the relevant resources per subscription.
14
14
- In order to assign a role to the application after consent was given:
15
-
- Go to the Azure Portal UI.
16
-
- Go to **Subscriptions**, and then **Access Control (IAM)**.
17
-
- Click "Add role assignment".
15
+
- Go to the Azure Portal UI.
16
+
- Go to **Subscriptions**, and then **Access Control (IAM)**.
17
+
- Click "Add role assignment".
18
18
- Create a new role or select a role that includes permissions for the queries you plan to run.
19
19
- Select the Azure Resource Graph application. By default, Azure Applications aren't displayed in the available options. To find your application, search for the name and select it.
20
20
21
-
22
21
### Client Credentials Flow
23
22
24
23
---
25
24
Follow these steps for [client-credentials configuration:](https://xsoar.pan.dev/docs/reference/articles/microsoft-integrations---authentication#client-credentials-flow).
26
25
27
26
1. In the instance configuration, select the **Use a self-deployed Azure application - Client Credentials Authorization Flow** checkbox.
28
-
2. Enter your Client ID in the **ID (Client ID)** parameter.
27
+
2. Enter your Client ID in the **ID (Client ID)** parameter.
29
28
3. Enter your Client Secret in the **Key (Client Secret)** parameter.
30
29
4. Enter your Tenant ID in the **Token (Tenant ID)** parameter.
31
30
5. Click **Test** to validate the URLs, token, and connection.
@@ -34,7 +33,6 @@ To use The Azure Resource Graph, you must have appropriate rights in Azure role-
34
33
35
34
## Configure Azure Resource Graph in Cortex
36
35
37
-
38
36
|**Parameter**|**Description**|**Required**|
39
37
| --- | --- | --- |
40
38
| Token / Tenant ID | Received from the authorization process or from the self-deployed configuration process \(find the tenant ID in your app overview page in the Azure portal\)| False |
@@ -63,13 +61,13 @@ After you successfully execute a command, a DBot message appears in the War Room
63
61
64
62
|**Argument Name**|**Description**|**Required**|
65
63
| --- | --- | --- |
66
-
| limit | The maximum number of operations to return (Default is 50). | Optional |
64
+
| limit | The maximum number of operations to return (Default is 50). | Optional |
67
65
68
66
#### Context Output
69
67
70
68
|**Path**|**Type**|**Description**|
71
69
| --- | --- | --- |
72
-
| AzureResourceGraph.Operations | String | A list of available Azure Resource Graph operations permissions and descriptions.|
70
+
| AzureResourceGraph.Operations | String | A list of available Azure Resource Graph operations permissions and descriptions.|
73
71
74
72
#### Command Example
75
73
@@ -109,7 +107,6 @@ After you successfully execute a command, a DBot message appears in the War Room
109
107
| provider: Microsoft Resource Graph<br>resource: Operation<br>operation: Get Operations<br>description: Gets the list of supported operations | Microsoft.ResourceGraph/operations/read |
110
108
| provider: Microsoft Resource Graph<br>resource: Resources<br>operation: Query resources<br>description: Submits a query on resources within specified subscriptions, management groups or tenant scope | Microsoft.ResourceGraph/resources/read |
111
109
112
-
113
110
### azure-rg-query
114
111
115
112
---
@@ -122,13 +119,13 @@ After you successfully execute a command, a DBot message appears in the War Room
122
119
123
120
|**Argument Name**|**Description**|**Required**|
124
121
| --- | --- | --- |
125
-
| query | The query to execute. | Required |
122
+
| query | The query to execute. | Required |
126
123
127
124
#### Context Output
128
125
129
126
|**Path**|**Type**|**Description**|
130
127
| --- | --- | --- |
131
-
| AzureResourceGraph.Query | String | Data returned from query. |
128
+
| AzureResourceGraph.Query | String | Data returned from query. |
132
129
133
130
#### Command Example
134
131
@@ -192,4 +189,4 @@ There are no input arguments for this command.
Copy file name to clipboardExpand all lines: Packs/AzureResourceGraph/README.md
+1-1
Original file line number
Diff line number
Diff line change
@@ -20,4 +20,4 @@ You can use Azure Resource Graph queries to:
20
20
>
21
21
> As a free service, queries to Resource Graph are throttled to provide the best experience and response time for all customers. If your organization wants to use the Resource Graph API for large-scale and frequent queries, use portal Feedback from the [Resource Graph portal page](https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade).
22
22
>
23
-
> For more information, see [Guidance for throttled requests](https://learn.microsoft.com/en-us/azure/governance/resource-graph/concepts/guidance-for-throttled-requests).
23
+
> For more information, see [Guidance for throttled requests](https://learn.microsoft.com/en-us/azure/governance/resource-graph/concepts/guidance-for-throttled-requests).
Copy file name to clipboardExpand all lines: Packs/Base/Scripts/CheckDockerImageAvailable/README.md
+3
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,7 @@
1
1
Check if a docker image is available for performing docker pull. Script simulates the docker pull flow but doesn't actually pull the image. Returns an entry with 'ok' if all is good otherwise will return an error.
2
2
3
3
## Script Data
4
+
4
5
---
5
6
6
7
|**Name**|**Description**|
@@ -9,6 +10,7 @@ Check if a docker image is available for performing docker pull. Script simulate
9
10
| Cortex XSOAR Version | 5.0.0 |
10
11
11
12
## Inputs
13
+
12
14
---
13
15
14
16
|**Argument Name**|**Description**|
@@ -18,5 +20,6 @@ Check if a docker image is available for performing docker pull. Script simulate
18
20
| trust_any_certificate | Trust any certificate \(not secure\)|
Copy file name to clipboardExpand all lines: Packs/Base/Scripts/DBotBuildPhishingClassifier/README.md
+3
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,7 @@
1
1
Create a phishing classifier using machine learning technique, based on email content.
2
2
3
3
## Script Data
4
+
4
5
---
5
6
6
7
|**Name**|**Description**|
@@ -10,6 +11,7 @@ Create a phishing classifier using machine learning technique, based on email co
10
11
| Cortex XSOAR Version | 5.0.0 |
11
12
12
13
## Inputs
14
+
13
15
---
14
16
15
17
|**Argument Name**|**Description**|
@@ -34,5 +36,6 @@ Create a phishing classifier using machine learning technique, based on email co
34
36
| trainingAlgorithm | The training algorithm to use for training the model. Default is "auto". If "auto" is selected, the training algorithm will be chosen automatically based on the number of incidents per each label. Use "from_scratch" to train a new model from scratch, based on your incidents only. In general, "from_scratch" will perform better where the number of incidents is high \(500 incidents or more per each verdict\). "fine-tune" trains a model based on the out-of-the-box model. "fine-tune" will perform better when the number of incidents is relatively low. It's possible to train multiple models using different algorithms options, and compare their results. |
Copy file name to clipboardExpand all lines: Packs/Base/Scripts/DBotPredictPhishingWords/README.md
+5
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,7 @@
1
1
Predict text label using a pre-trained machine learning phishing model, and get the most important words used in the classification decision.
2
2
3
3
## Script Data
4
+
4
5
---
5
6
6
7
|**Name**|**Description**|
@@ -10,11 +11,14 @@ Predict text label using a pre-trained machine learning phishing model, and get
10
11
| Cortex XSOAR Version | 5.0.0 |
11
12
12
13
## Used In
14
+
13
15
---
14
16
This script is used in the following playbooks and scripts.
17
+
15
18
* Phishing Investigation - Generic v2
16
19
17
20
## Inputs
21
+
18
22
---
19
23
20
24
|**Argument Name**|**Description**|
@@ -36,6 +40,7 @@ This script is used in the following playbooks and scripts.
36
40
| tokenizationMethod | Tokenization method for text. Only required when the language argument is set to "Other". Can be "tokenizer", "byWords", or "byLetters". |
Copy file name to clipboardExpand all lines: Packs/Base/Scripts/DBotPreprocessTextData/README.md
+5
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,7 @@
1
1
Pre-process text data for the machine learning text classifier.
2
2
3
3
## Script Data
4
+
4
5
---
5
6
6
7
|**Name**|**Description**|
@@ -10,14 +11,17 @@ Pre-process text data for the machine learning text classifier.
10
11
| Cortex XSOAR Version | 5.0.0 |
11
12
12
13
## Used In
14
+
13
15
---
14
16
This script is used in the following playbooks and scripts.
17
+
15
18
* DBot Create Phishing Classifier V2
16
19
* DBot Create Phishing Classifier V2 From File
17
20
* Get Mails By Folder Pathes
18
21
* Get Mails By Folder Paths
19
22
20
23
## Inputs
24
+
21
25
---
22
26
23
27
|**Argument Name**|**Description**|
@@ -37,6 +41,7 @@ This script is used in the following playbooks and scripts.
37
41
| tokenizationMethod | Tokenization method for text. Only required when the language argument is set to "Other". Can be "tokenizer", "byWords", or "byLetters". Default is "tokenizer". |
Copy file name to clipboardExpand all lines: Packs/Base/Scripts/DBotTrainTextClassifierV2/README.md
+5
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,7 @@
1
1
Train a machine learning text classifier.
2
2
3
3
## Script Data
4
+
4
5
---
5
6
6
7
|**Name**|**Description**|
@@ -10,12 +11,15 @@ Train a machine learning text classifier.
10
11
| Cortex XSOAR Version | 5.0.0 |
11
12
12
13
## Used In
14
+
13
15
---
14
16
This script is used in the following playbooks and scripts.
17
+
15
18
* DBot Create Phishing Classifier V2
16
19
* DBot Create Phishing Classifier V2 From File
17
20
18
21
## Inputs
22
+
19
23
---
20
24
21
25
|**Argument Name**|**Description**|
@@ -40,6 +44,7 @@ This script is used in the following playbooks and scripts.
40
44
| trainingAlgorithm | The training algorithm to use for training the model. Default is "auto". If "auto" is selected, the training algorithm will be chosen automatically based on the number of incidents per each label. Use "from_scratch" to train a new model from scratch, based on your incidents only. In general, "from_scratch" will perform better where the number of incidents is high \(500 incidents or more per each verdict\). "fine-tune" trains a model based on the out-of-the-box model. "fine-tune" will perform better when the number of incidents is relatively low. It's possible to train multiple models using different algorithms options, and compare their results. |
Copy file name to clipboardExpand all lines: Packs/Base/Scripts/GetIncidentsByQuery/README.md
+5
Original file line number
Diff line number
Diff line change
@@ -5,6 +5,7 @@ This automation runs using the default Limited User role, unless you explicitly
5
5
For more information, see the section about permissions here: For Cortex XSOAR 6, see the https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations for Cortex XSOAR 8 Cloud, see the https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script for Cortex XSOAR 8 On-prem, see the https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script.
6
6
7
7
## Script Data
8
+
8
9
---
9
10
10
11
|**Name**|**Description**|
@@ -14,11 +15,14 @@ For more information, see the section about permissions here: For Cortex XSOAR 6
14
15
| Cortex XSOAR Version | 5.0.0 |
15
16
16
17
## Used In
18
+
17
19
---
18
20
This script is used in the following playbooks and scripts.
21
+
19
22
* DBot Create Phishing Classifier V2
20
23
21
24
## Inputs
25
+
22
26
---
23
27
24
28
|**Argument Name**|**Description**|
@@ -36,6 +40,7 @@ This script is used in the following playbooks and scripts.
Copy file name to clipboardExpand all lines: Packs/Base/Scripts/GetIndicatorsByQuery/README.md
+3
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,7 @@
1
1
Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file.
2
2
3
3
## Script Data
4
+
4
5
---
5
6
6
7
|**Name**|**Description**|
@@ -10,6 +11,7 @@ Gets a list of indicator objects and the associated indicator outputs that match
10
11
| Cortex XSOAR Version | 5.5.0 |
11
12
12
13
## Inputs
14
+
13
15
---
14
16
15
17
|**Argument Name**|**Description**|
@@ -23,5 +25,6 @@ Gets a list of indicator objects and the associated indicator outputs that match
23
25
| populateFields | A comma-separated list of fields in the object to poplulate. Defaults are id, score, and investigationIDs. |
@@ -18,5 +19,6 @@ Highlights words inside a given text.
18
19
| terms | Terms to highlight in the text. Can be words or sentences (without commas ","). Note: if you use a sentences and word, the word shouldn't be as part of a sentence. For example, "thank,thank you" is an invalid input. (Comma-separated value). |
0 commit comments