Merge branch 'master' into zimperium-test-module-fix

.github/content_roles.json

@@ -1,8 +1,7 @@
 {
     "CONTRIBUTION_REVIEWERS": [
         "anas-yousef",
-        "mmhw",
-        "maimorag"
+        "mmhw"
     ],
     "CONTRIBUTION_TL": "JasBeilin",
     "CONTRIBUTION_SECURITY_REVIEWER": "ssokolovich",

Packs/AWS-EC2/ReleaseNotes/1_4_7.md

@@ -0,0 +1,3 @@
+## AWS - EC2
+
+- Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Packs/AWS-EC2/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "AWS - EC2",
     "description": "Amazon Web Services Elastic Compute Cloud (EC2)",
     "support": "xsoar",
-    "currentVersion": "1.4.6",
+    "currentVersion": "1.4.7",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/AWS-IAM/ReleaseNotes/1_1_61.md

@@ -0,0 +1,3 @@
+## AWS - IAM
+
+- Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Packs/AWS-IAM/pack_metadata.json

@@ -3,7 +3,7 @@
     "description": "Amazon Web Services Identity and Access Management (IAM)",
     "support": "xsoar",
     "author": "Cortex XSOAR",
-    "currentVersion": "1.1.60",
+    "currentVersion": "1.1.61",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",
     "created": "2020-04-14T00:00:00Z",

Packs/AWS-Route53/ReleaseNotes/1_1_33.md

@@ -0,0 +1,3 @@
+## AWS - Route53
+
+- Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Packs/AWS-Route53/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "AWS - Route53",
     "description": "Amazon Web Services Managed Cloud DNS Service.",
     "support": "xsoar",
-    "currentVersion": "1.1.32",
+    "currentVersion": "1.1.33",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/AWS-S3/ReleaseNotes/1_2_23.md

@@ -0,0 +1,3 @@
+## AWS - S3
+
+- Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Packs/AWS-S3/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "AWS - S3",
     "description": "Amazon Web Services Simple Storage Service (S3)",
     "support": "xsoar",
-    "currentVersion": "1.2.22",
+    "currentVersion": "1.2.23",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/AccessInvestigation/ReleaseNotes/1_2_8.md

@@ -0,0 +1,3 @@
+## Access Investigation
+
+- Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Packs/AccessInvestigation/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Access Investigation",
     "description": "This Content Pack automates response to unauthorised access incidents and contains customer access incident views and layouts to aid investigation.",
     "support": "xsoar",
-    "currentVersion": "1.2.7",
+    "currentVersion": "1.2.8",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/Akamai_SIEM/ModelingRules/Akamai_WAF/Akamai_WAF.xif

@@ -48,7 +48,7 @@ alter // pre-modeling extractions
     xdm.observer.name = type, // Characterizes the source of this report data. Value is always "akamai_siem".
     xdm.source.application.name = clientData -> appBundleId, 
     xdm.source.application.version = clientData -> appVersion,
-    xdm.source.asn.as_number = if(as_number ~= "\D", null, to_integer(as_number)), // The AS number or numbers that the IP belongs to.
+    xdm.source.asn.as_number = if(as_number ~= "\D|^\s*$", null, to_integer(as_number)), // The AS number or numbers that the IP belongs to.
     xdm.source.host.os_family = if(client_platform contains "WINDOWS", XDM_CONST.OS_FAMILY_WINDOWS, client_platform contains "MAC", XDM_CONST.OS_FAMILY_MACOS, client_platform contains "LINUX", XDM_CONST.OS_FAMILY_LINUX, client_platform contains "ANDROID", XDM_CONST.OS_FAMILY_ANDROID, client_platform contains "IOS", XDM_CONST.OS_FAMILY_IOS, client_platform contains "UBUNTU", XDM_CONST.OS_FAMILY_UBUNTU, client_platform contains "DEBIAN", XDM_CONST.OS_FAMILY_DEBIAN, client_platform contains "FEDORA", XDM_CONST.OS_FAMILY_FEDORA, client_platform contains "CENTOS", XDM_CONST.OS_FAMILY_CENTOS, client_platform contains "CHROME", XDM_CONST.OS_FAMILY_CHROMEOS, client_platform contains "SOLARIS", XDM_CONST.OS_FAMILY_SOLARIS, client_platform contains "SCADA", XDM_CONST.OS_FAMILY_SCADA, client_platform),
     xdm.source.ipv4 = if(client_ip ~= "(?:\d{1,3}\.){3}\d{1,3}", client_ip), // // The IPv4 address of the client making the request.
     xdm.source.ipv6 = if(client_ip ~= ":", client_ip), // // The IPv6 address of the client making the request.
@@ -61,4 +61,4 @@ alter // pre-modeling extractions
     xdm.target.port = port,
     xdm.target.resource.id = attackData -> apiId, // For attacks on API services, this is a unique identifier under which the API is protected. It corresponds to the apiEndPointId value in the API Endpoint Definition API.
     xdm.target.sent_bytes = to_integer(httpMessage -> bytes), // The number of bytes served in the response.
-    xdm.target.url = url;
+    xdm.target.url = url;

Packs/Akamai_SIEM/ReleaseNotes/1_1_3.md

@@ -0,0 +1,6 @@
+
+#### Modeling Rules
+
+##### Akamai WAF Modeling Rule
+
+Updated the Modeling Rule logic, ignoring empty string values for the xdm.source.asn.as_number field.

Packs/Akamai_SIEM/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Akamai WAF SIEM",
     "description": "Use the Akamai WAF SIEM integration to retrieve security events from Akamai Web Application Firewall (WAF) service.",
     "support": "xsoar",
-    "currentVersion": "1.1.2",
+    "currentVersion": "1.1.3",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/AnsibleKubernetes/Integrations/AnsibleKubernetes/AnsibleKubernetes_description.md

@@ -18,7 +18,21 @@ metadata:
 EOF
 ```
 
-2. Grant the service account an appropriate role. Refer to [Kubernetes RBAC docs](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) if granting more fine grain or scoped access.
+2. Create secret for the above service account.
+```
+kubectl apply -f - <<EOF
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/service-account-token
+metadata:
+  name: xsoar-secret
+  namespace: kube-system
+  annotations:
+    kubernetes.io/service-account.name: xsoar
+EOF
+```
+
+3. Grant the service account an appropriate role. Refer to [Kubernetes RBAC docs](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) if granting finer grain or scoped access.
 ```
 kubectl apply -f - <<EOF
 apiVersion: rbac.authorization.k8s.io/v1
@@ -35,15 +49,14 @@ subjects:
   namespace: kube-system
 EOF
 ```
-3. Retrieve the token object name created into a env var called TOKEN
-```
-TOKENNAME=`kubectl -n kube-system get serviceaccount/xsoar -o jsonpath='{.secrets[0].name}'`
-```
-4. Output the API token value
+
+4. Generate the service account token.
 ```
-kubectl -n kube-system get secret $TOKENNAME -o jsonpath='{.data.token}' | base64 -d
+kubectl create token xsoar -n kube-system
 ```
 
+5. Copy the output token and paste it into the API field.
+
 ## Testing
 
-This integration does not support testing from the integration management screen. Instead it is recommended to use the `!k8s-info` command querying a object `kind` allowed by the RBAC assigned. For example `!k8s-info kind="svc"`
+This integration does not support testing from the integration management screen. Instead it is recommended to use the `!k8s-info` command querying a object `kind` allowed by the RBAC assigned. For example `!k8s-info kind="svc"`

Packs/AnsibleKubernetes/Integrations/AnsibleKubernetes/README.md

@@ -17,7 +17,21 @@ metadata:
 EOF
 ```
 
-2. Grant the service account an appropriate role. Refer to [Kubernetes RBAC docs](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) if granting more fine grain or scoped access.
+2. Create secret for the above service account.
+```
+kubectl apply -f - <<EOF
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/service-account-token
+metadata:
+  name: xsoar-secret
+  namespace: kube-system
+  annotations:
+    kubernetes.io/service-account.name: xsoar
+EOF
+```
+
+3. Grant the service account an appropriate role. Refer to [Kubernetes RBAC docs](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) if granting more fine grain or scoped access.
 ```
 kubectl apply -f - <<EOF
 apiVersion: rbac.authorization.k8s.io/v1
@@ -34,14 +48,14 @@ subjects:
   namespace: kube-system
 EOF
 ```
-3. Retrieve the token object name created into a env var called TOKEN
-```
-TOKENNAME=`kubectl -n kube-system get serviceaccount/xsoar -o jsonpath='{.secrets[0].name}'`
-```
-4. Output the API token value
+
+4. Generate the service account token.
 ```
-kubectl -n kube-system get secret $TOKENNAME -o jsonpath='{.data.token}' | base64 -d
+kubectl create token xsoar -n kube-system
 ```
+
+5. Copy the output token and paste it into the API field.
+
 ## Configure Ansible Kubernetes on Cortex XSOAR
 
 1. Navigate to **Settings** > **Integrations** > **Servers & Services**.

Packs/AnsibleKubernetes/ReleaseNotes/1_0_7.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Ansible Kubernetes
+
+Updated the help with instructions for getting an API Token following the changes in Kubernetes 1.24 that Secrets are not automatically generated when Service Account are created.

Packs/AnsibleKubernetes/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Ansible Kubernetes",
     "description": "Manage and control Kubernetes clusters.",
     "support": "xsoar",
-    "currentVersion": "1.0.6",
+    "currentVersion": "1.0.7",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/Asset/ReleaseNotes/1_0_8.md

@@ -0,0 +1,3 @@
+## Asset
+
+- Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Packs/Asset/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Asset",
     "description": "Base pack for any packs using asset fields.",
     "support": "xsoar",
-    "currentVersion": "1.0.7",
+    "currentVersion": "1.0.8",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/AutoFocus/ReleaseNotes/2_2_1.md

@@ -0,0 +1,3 @@
+## AutoFocus by Palo Alto Networks
+
+- Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Packs/AutoFocus/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "AutoFocus by Palo Alto Networks",
     "description": "Use the Palo Alto Networks AutoFocus integration to distinguish the most\n  important threats from everyday commodity attacks.",
     "support": "xsoar",
-    "currentVersion": "2.2.0",
+    "currentVersion": "2.2.1",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/Azure-Enrichment-Remediation/ReleaseNotes/1_1_16.md

@@ -0,0 +1,3 @@
+## Azure Enrichment and Remediation
+
+- Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Packs/Azure-Enrichment-Remediation/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Azure Enrichment and Remediation",
     "description": "Playbooks using multiple Azure content packs for enrichment and remediation purposes",
     "support": "xsoar",
-    "currentVersion": "1.1.15",
+    "currentVersion": "1.1.16",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/AzureCompute/ReleaseNotes/1_2_23.md

@@ -0,0 +1,3 @@
+## Azure Compute
+
+- Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Packs/AzureCompute/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Azure Compute",
     "description": "Create and Manage Azure Virtual Machines",
     "support": "xsoar",
-    "currentVersion": "1.2.22",
+    "currentVersion": "1.2.23",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/AzureNetworkSecurityGroups/ReleaseNotes/1_2_27.md

@@ -0,0 +1,3 @@
+## Azure Network Security Groups
+
+- Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Packs/AzureNetworkSecurityGroups/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Azure Network Security Groups",
     "description": "Azure Network Security Groups are used to filter network traffic to and from Azure resources in an Azure virtual network",
     "support": "xsoar",
-    "currentVersion": "1.2.26",
+    "currentVersion": "1.2.27",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/Base/ReleaseNotes/1_33_53.md

@@ -0,0 +1,3 @@
+## Base
+
+- Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Packs/Base/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Base",
     "description": "The base pack for Cortex XSOAR.",
     "support": "xsoar",
-    "currentVersion": "1.33.52",
+    "currentVersion": "1.33.53",
     "author": "Cortex XSOAR",
     "serverMinVersion": "6.0.0",
     "url": "https://www.paloaltonetworks.com/cortex",

Packs/CommonDashboards/ReleaseNotes/1_4_2.md

@@ -0,0 +1,3 @@
+## Common Dashboards
+
+- Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Packs/CommonDashboards/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Common Dashboards",
     "description": "Frequently used dashboards pack.",
     "support": "xsoar",
-    "currentVersion": "1.4.1",
+    "currentVersion": "1.4.2",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/CommonPlaybooks/ReleaseNotes/2_6_31.md

@@ -0,0 +1,3 @@
+## Common Playbooks
+
+- Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Packs/CommonPlaybooks/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Common Playbooks",
     "description": "Frequently used playbooks pack.",
     "support": "xsoar",
-    "currentVersion": "2.6.30",
+    "currentVersion": "2.6.31",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/CommonReports/ReleaseNotes/1_0_8.md

@@ -0,0 +1,3 @@
+## Common Reports
+
+- Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Packs/CommonReports/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Common Reports",
     "description": "Frequently used reports pack.",
     "support": "xsoar",
-    "currentVersion": "1.0.7",
+    "currentVersion": "1.0.8",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/CommonScripts/ReleaseNotes/1_14_43.md

@@ -0,0 +1,3 @@
+## Common Scripts
+
+- Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Packs/CommonScripts/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Common Scripts",
     "description": "Frequently used scripts pack.",
     "support": "xsoar",
-    "currentVersion": "1.14.42",
+    "currentVersion": "1.14.43",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/CommonTypes/IndicatorFields/indicatorfield-Author.json

@@ -0,0 +1,28 @@
+{
+    "id": "indicator_author",
+    "version": -1,
+    "modified": "2024-03-18T15:43:53.640998055Z",
+    "name": "Author",
+    "ownerOnly": false,
+    "cliName": "author",
+    "type": "shortText",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 2,
+    "hidden": false,
+    "openEnded": false,
+    "associatedToAll": true,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "6.10.0"
+}

Packs/CommonTypes/ReleaseNotes/3_5_1.md

@@ -0,0 +1,3 @@
+## Common Types
+
+- Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Packs/CommonTypes/ReleaseNotes/3_5_2.md

@@ -0,0 +1,4 @@
+
+#### Indicator Fields
+
+- **Author**

Packs/CommonTypes/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Common Types",
     "description": "This Content Pack will get you up and running in no-time and provide you with the most commonly used incident & indicator fields and types.",
     "support": "xsoar",
-    "currentVersion": "3.5.0",
+    "currentVersion": "3.5.2",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/CommonWidgets/ReleaseNotes/1_2_49.md

@@ -0,0 +1,3 @@
+## Common Widgets
+
+- Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.