demisto · ShahafBenYakir · Nov 29, 2023 · Oct 26, 2023 · Nov 15, 2023 · Nov 16, 2023
diff --git a/Packs/Phishing/ReleaseNotes/3_6_2.md b/Packs/Phishing/ReleaseNotes/3_6_2.md
@@ -0,0 +1,8 @@
+
+#### Scripts
+
+##### FindDuplicateEmailIncidents
+
+- Fixed an issue where a permissions denied error was returned when the script tried to write to a temporary cache.
+- Added support for the *debug-mode* flag.
+- Updated the Docker image to: *demisto/sklearn:1.0.0.80783*.
@@ -13,7 +13,7 @@
 from urllib.parse import urlparse
 import re
 
-no_fetch_extract = tldextract.TLDExtract(suffix_list_urls=None)
+no_fetch_extract = tldextract.TLDExtract(suffix_list_urls=None, cache_dir=None)
 pd.options.mode.chained_assignment = None  # default='warn'
 
 SIMILARITY_THRESHOLD = float(demisto.args().get('threshold', 0.97))
@@ -79,10 +79,16 @@ def get_existing_incidents(input_args, current_incident_type):
         get_incidents_args['populateFields'] = ','.join([','.join(fields), input_args['populateFields']])
     else:
         get_incidents_args['populateFields'] = ','.join(fields)
+
+    demisto.debug(f'Calling GetIncidentsByQuery with {get_incidents_args=}')
     incidents_query_res = demisto.executeCommand('GetIncidentsByQuery', get_incidents_args)
     if is_error(incidents_query_res):
         return_error(get_error(incidents_query_res))
-    incidents = json.loads(incidents_query_res[-1]['Contents'])
+    incidents_query_contents = {}
+    for res in incidents_query_res:
+        if res['Contents']:
+            incidents_query_contents = res['Contents']
+    incidents = json.loads(incidents_query_contents)
     return incidents
 
 
@@ -97,6 +103,7 @@ def extract_domain(address):
     global no_fetch_extract
     if address == '':
         return ''
+    demisto.debug(f'Going to extract domain from {address=}')
     email_address = parseaddr(address)[1]
     ext = no_fetch_extract(email_address)
     return '{}.{}'.format(ext.domain, ext.suffix)
@@ -125,7 +132,10 @@ def eliminate_urls_extensions(text):
     formatted_urls_list_res = demisto.executeCommand('FormatURL', {'input': ','.join(urls_list)})
     if is_error(formatted_urls_list_res):
         return_error(formatted_urls_list_res)
-    formatted_urls_list = [entry["Contents"][-1] for entry in formatted_urls_list_res]
+    formatted_urls_list = []
+    for entry in formatted_urls_list_res:
+        if entry['Contents'] and isinstance(entry['Contents'], list):
+            formatted_urls_list.append(entry['Contents'][-1])
     for url, formatted_url in zip(urls_list, formatted_urls_list):
         parsed_uri = urlparse(formatted_url)
         url_with_no_path = '{uri.scheme}://{uri.netloc}/'.format(uri=parsed_uri)

@@ -109,7 +109,7 @@ tags:
 - phishing
 timeout: 600ns
 type: python
-dockerimage: demisto/sklearn:1.0.0.78931
+dockerimage: demisto/sklearn:1.0.0.80783
 tests:
 - No tests (auto formatted)
 fromversion: 5.0.0

diff --git a/Packs/Phishing/pack_metadata.json b/Packs/Phishing/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Phishing",
     "description": "Phishing emails still hooking your end users? This Content Pack can drastically reduce the time your security team spends on phishing alerts.",
     "support": "xsoar",
-    "currentVersion": "3.6.1",
+    "currentVersion": "3.6.2",
     "serverMinVersion": "6.0.0",
     "videos": [
         "https://www.youtube.com/watch?v=SY-3L348PoY"