Skip to content

Update supported modules: #39509

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Apr 22, 2025
Merged

Update supported modules: #39509

merged 12 commits into from
Apr 22, 2025

Conversation

ilappe
Copy link
Contributor

@ilappe ilappe commented Apr 8, 2025
edited
Loading

Description

Align supported modules according the sheet and requests from product

Changed files:

Config/core_packs_platform_list.json
Packs/AWS-IAM/Playbooks/playbook-AWS_IAM_-_User_enrichment.yml
Packs/AWS-IAM/pack_metadata.json
Packs/AbuseDB/pack_metadata.json
Packs/AzureLogAnalytics/Playbooks/AzureLogAnalytics_QuerySavedSearch.yml
Packs/AzureLogAnalytics/pack_metadata.json
Packs/CommonPlaybooks/Playbooks/Entity_Enrichment_-_Generic_v3.yml
Packs/CommonPlaybooks/Playbooks/Get_File_Sample_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/Get_Original_Email_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Account_Enrichment_-_Generic_v2.2.yml
Packs/CommonPlaybooks/Playbooks/playbook-Block_Account_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Block_Domain_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Block_Domain_-_Generic_v2.yml
Packs/CommonPlaybooks/Playbooks/playbook-Block_Email_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Block_Email_-_Generic_v2.yml
Packs/CommonPlaybooks/Playbooks/playbook-Block_File_-_Generic_v2.yml
Packs/CommonPlaybooks/Playbooks/playbook-Block_IP_-_Generic_v2.yml
Packs/CommonPlaybooks/Playbooks/playbook-Block_IP_-_Generic_v3.yml
Packs/CommonPlaybooks/Playbooks/playbook-Block_Indicators_-_Generic_v2_5_5.yml
Packs/CommonPlaybooks/Playbooks/playbook-Block_Indicators_-_Generic_v3.yml
Packs/CommonPlaybooks/Playbooks/playbook-Block_URL_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Block_URL_-_Generic_v2.yml
Packs/CommonPlaybooks/Playbooks/playbook-CVE_Enrichment_-_Generic_v2.yml
Packs/CommonPlaybooks/Playbooks/playbook-Calculate_Severity_-_3rd-party_integrations.yml
Packs/CommonPlaybooks/Playbooks/playbook-Calculate_Severity_-_Critical_Assets_v2.yml
Packs/CommonPlaybooks/Playbooks/playbook-Calculate_Severity_-_Generic_v2.yml
Packs/CommonPlaybooks/Playbooks/playbook-Calculate_Severity_-_Indicators_DBotScore.yml
Packs/CommonPlaybooks/Playbooks/playbook-Calculate_Severity_-_Standard.yml
Packs/CommonPlaybooks/Playbooks/playbook-Calculate_Severity_By_Highest_DBotScore_6_0.yml
Packs/CommonPlaybooks/Playbooks/playbook-Cloud_Compute_Enrichment_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Cloud_Credentials_Rotation_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Cloud_Enrichment_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Cloud_IAM_Enrichment_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Cloud_Response_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Command-Line_Analysis.yml
Packs/CommonPlaybooks/Playbooks/playbook-Containment_Plan.yml
Packs/CommonPlaybooks/Playbooks/playbook-Containment_Plan_-_Block_Indicators.yml
Packs/CommonPlaybooks/Playbooks/playbook-Containment_Plan_-_Disable_Account.yml
Packs/CommonPlaybooks/Playbooks/playbook-Containment_Plan_-_Isolate_Device.yml
Packs/CommonPlaybooks/Playbooks/playbook-Containment_Plan_-_Quarantine_File.yml
Packs/CommonPlaybooks/Playbooks/playbook-Context_Polling_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Convert_file_hash_to_corresponding_hashes.yml
Packs/CommonPlaybooks/Playbooks/playbook-DBot_Indicator_Enrichment_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Dedup_-_Generic_v2.yml
Packs/CommonPlaybooks/Playbooks/playbook-Dedup_-_Generic_v3.yml
Packs/CommonPlaybooks/Playbooks/playbook-Dedup_-_Generic_v4.yml
Packs/CommonPlaybooks/Playbooks/playbook-Detonate_File_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Detonate_URL_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Detonate_URL_-_Generic_v1.5.yml
Packs/CommonPlaybooks/Playbooks/playbook-Detonate_and_Analyze_File_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Domain_Enrichment_-_Generic_v2.yml
Packs/CommonPlaybooks/Playbooks/playbook-Email_Address_Enrichment_-_Generic_v2.1.yml
Packs/CommonPlaybooks/Playbooks/playbook-Email_Headers_Check_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Endpoint_Enrichment_-_Generic_v2.1.yml
Packs/CommonPlaybooks/Playbooks/playbook-Endpoint_Enrichment_-_Generic_v2.1_6_8.yml
Packs/CommonPlaybooks/Playbooks/playbook-Endpoint_Investigation_Plan.yml
Packs/CommonPlaybooks/Playbooks/playbook-Enrichment_for_Verdict.yml
Packs/CommonPlaybooks/Playbooks/playbook-Entity_Enrichment_-_Generic_v2.yml
Packs/CommonPlaybooks/Playbooks/playbook-Eradication_Plan.yml
Packs/CommonPlaybooks/Playbooks/playbook-Eradication_Plan_-_Delete_File.yml
Packs/CommonPlaybooks/Playbooks/playbook-Eradication_Plan_-_Reset_Password.yml
Packs/CommonPlaybooks/Playbooks/playbook-Eradication_Plan_-_Terminate_Process.yml
Packs/CommonPlaybooks/Playbooks/playbook-Extract_Indicators_From_File_-_Generic_v2_4_5.yml
Packs/CommonPlaybooks/Playbooks/playbook-Field_Polling.yml
Packs/CommonPlaybooks/Playbooks/playbook-File_Enrichment_-_File_reputation.yml
Packs/CommonPlaybooks/Playbooks/playbook-File_Enrichment_-_Generic_v2.yml
Packs/CommonPlaybooks/Playbooks/playbook-GenericPolling.yml
Packs/CommonPlaybooks/Playbooks/playbook-Get_Cloud_Account_Owner_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Get_Email_From_Email_Gateway_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Get_File_Sample_By_Hash_-_Generic_v2.yml
Packs/CommonPlaybooks/Playbooks/playbook-Get_File_Sample_By_Hash_-_Generic_v3.yml
Packs/CommonPlaybooks/Playbooks/playbook-Get_File_Sample_From_Path_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Get_File_Sample_From_Path_-_Generic_V2.yml
Packs/CommonPlaybooks/Playbooks/playbook-Get_File_Sample_From_Path_-_Generic_V3.yml
Packs/CommonPlaybooks/Playbooks/playbook-Get_User_Devices_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Get_User_Devices_by_Email_Address_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Get_User_Devices_by_Username_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Get_endpoint_details_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Get_host_forensics_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Get_prevalence_for_IOCs.yml
Packs/CommonPlaybooks/Playbooks/playbook-Handle_False_Positive_Alerts.yml
Packs/CommonPlaybooks/Playbooks/playbook-IP_Enrichment_-_External_-_Generic_v2.yml
Packs/CommonPlaybooks/Playbooks/playbook-IP_Enrichment_-_Generic_v2.yml
Packs/CommonPlaybooks/Playbooks/playbook-IP_Enrichment_-_Internal_-_Generic_v2.yml
Packs/CommonPlaybooks/Playbooks/playbook-Indicator_Registration_Polling_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Isolate_Endpoint_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Isolate_Endpoint_-_Generic_V2.yml
Packs/CommonPlaybooks/Playbooks/playbook-Isolate_Endpoint_-_Generic_V2_6_8.yml
Packs/CommonPlaybooks/Playbooks/playbook-Recovery_Plan.yml
Packs/CommonPlaybooks/Playbooks/playbook-Retrieve_File_from_Endpoint_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Retrieve_File_from_Endpoint_-_Generic_V2.yml
Packs/CommonPlaybooks/Playbooks/playbook-Retrieve_File_from_Endpoint_-_Generic_V3.yml
Packs/CommonPlaybooks/Playbooks/playbook-SIEM_-_Search_for_Failed_logins.yml
Packs/CommonPlaybooks/Playbooks/playbook-Search_And_Block_Software_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Search_And_Delete_Emails_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Search_And_Delete_Emails_-_Generic_-_v2_6_1.yml
Packs/CommonPlaybooks/Playbooks/playbook-Search_Endpoint_by_CVE_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Search_Endpoints_By_Hash_-_Generic_V2.yml
Packs/CommonPlaybooks/Playbooks/playbook-Search_and_Compare_Process_Executions_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Send_Investigation_Summary_Reports.yml
Packs/CommonPlaybooks/Playbooks/playbook-Threat_Hunting_-_Generic_6_5.yml
Packs/CommonPlaybooks/Playbooks/playbook-Ticket_Management_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-URL_Enrichment_-_Generic_v2.yml
Packs/CommonPlaybooks/Playbooks/playbook-Unisolate_Endpoint_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Unzip_File.yml
Packs/CommonPlaybooks/Playbooks/playbook-User_Investigation_-_Generic.yml
Packs/CommonPlaybooks/Playbooks/playbook-Wait_Until_Datetime.yml
Packs/CommonPlaybooks/pack_metadata.json
Packs/Core/Playbooks/playbook-AWS_IAM_User_Access_Investigation.yml
Packs/Core/Playbooks/playbook-AWS_IAM_User_Access_Investigation_-_Remediation.yml
Packs/Core/Playbooks/playbook-Get_entity_alerts_by_MITRE_tactics.yml
Packs/Core/Playbooks/playbook-IOC_Alert.yml
Packs/Core/Playbooks/playbook-Identity_Analytics_-_Alert_Handling.yml
Packs/Core/Playbooks/playbook-Impossible_Traveler.yml
Packs/Core/Playbooks/playbook-Impossible_Traveler_-_Enrichment.yml
Packs/Core/Playbooks/playbook-Large_Upload_Alert.yml
Packs/Core/Playbooks/playbook-Local_Analysis_alert_Investigation.yml
Packs/Core/Playbooks/playbook-NGFW_Internal_Scan.yml
Packs/Core/Playbooks/playbook-NGFW_Scan.yml
Packs/Core/Playbooks/playbook-Netcat_Makes_or_Gets_Connections.yml
Packs/Core/Playbooks/playbook-Possible_External_RDP_Brute-Force.yml
Packs/Core/Playbooks/playbook-Possible_External_RDP_Brute-Force_-_Set_Verdict.yml
Packs/Core/Playbooks/playbook-Ransomware_Advanced_Analysis.yml
Packs/Core/Playbooks/playbook-Ransomware_Enrich_and_Contain.yml
Packs/Core/Playbooks/playbook-Ransomware_Response.yml
Packs/Core/Playbooks/playbook-Remote_PsExec_with_Lolbin_Command_Execution_alert.yml
Packs/Core/Playbooks/playbook-T1036_-_Masquerading.yml
Packs/Core/Playbooks/playbook-T1059_-_Command_and_Scripting_Interpreter.yml
Packs/Core/Playbooks/playbook-WildFire_Malware.yml
Packs/CortexResponseAndRemediation/pack_metadata.json
Packs/GSuiteAdmin/pack_metadata.json
Packs/Microsoft365Defender/Classifiers/classifier-Microsoft_365_Defender_-_Incoming_Mapper.json
Packs/Microsoft365Defender/Classifiers/classifier-Microsoft_365_Defender_-_Outgoing_Mapper.json
Packs/Microsoft365Defender/IncidentFields/incidentfield-Microsoft_365_Defender_A.json
Packs/Microsoft365Defender/IncidentFields/incidentfield-Microsoft_365_Defender_Active.json
Packs/Microsoft365Defender/IncidentFields/incidentfield-Microsoft_365_Defender_Categories_count.json
Packs/Microsoft365Defender/IncidentFields/incidentfield-Microsoft_365_Defender_Classification.json
Packs/Microsoft365Defender/IncidentFields/incidentfield-Microsoft_365_Defender_Comments.json
Packs/Microsoft365Defender/IncidentFields/incidentfield-Microsoft_365_Defender_Devices.json
Packs/Microsoft365Defender/IncidentFields/incidentfield-Microsoft_365_Defender_Display_Name.json
Packs/Microsoft365Defender/IncidentFields/incidentfield-Microsoft_365_Defender_First_activity.json
Packs/Microsoft365Defender/IncidentFields/incidentfield-Microsoft_365_Defender_ID.json
Packs/Microsoft365Defender/IncidentFields/incidentfield-Microsoft_365_Defender_Last_activity.json
Packs/Microsoft365Defender/IncidentFields/incidentfield-Microsoft_365_Defender_Status.json
Packs/Microsoft365Defender/IncidentFields/incidentfield-Microsoft_365_Defender_Tags.json
Packs/Microsoft365Defender/IncidentFields/incidentfield-impacted_devices.json
Packs/Microsoft365Defender/IncidentFields/incidentfield-impacted_entities.json
Packs/Microsoft365Defender/IncidentTypes/incidenttype-Microsoft_365_Defender_Incident.json
Packs/Microsoft365Defender/Playbooks/playbook-Microsoft_365_Defender_-_Emails_Indicators_Hunt.yml
Packs/Microsoft365Defender/Playbooks/playbook-Microsoft_365_Defender_-_Get_Email_URL_Clicks.yml
Packs/Microsoft365Defender/Playbooks/playbook-Microsoft_365_Defender_-_Threat_Hunting_Generic.yml
Packs/Microsoft365Defender/pack_metadata.json
Packs/MicrosoftExchangeOnline/Integrations/EwsExtensionEXOPowershellV2/EwsExtensionEXOPowershellV2.yml
Packs/MicrosoftExchangeOnline/Integrations/SecurityAndCompliance/SecurityAndCompliance.yml
Packs/MicrosoftExchangeOnline/Playbooks/playbook-O365-SecurityAndCompliance-Search.yml
Packs/MicrosoftGraphGroups/pack_metadata.json
Packs/MicrosoftGraphSecurity/pack_metadata.json
Packs/MicrosoftManagementActivity/pack_metadata.json
Packs/Office365AndAzureAuditLog/pack_metadata.json
Packs/Oracle_IAM/pack_metadata.json
Packs/Orca/Classifiers/classifier-OrcaAlert.json
Packs/Orca/Classifiers/classifier-Orca_Mapper.json
Packs/Orca/IncidentFields/incidentfield-Orca_Alert_ID.json
Packs/Orca/IncidentFields/incidentfield-Orca_Asset_Unique_ID.json
Packs/Orca/IncidentFields/incidentfield-Orca_Cloud_Account.json
Packs/Orca/IncidentFields/incidentfield-Orca_Reason.json
Packs/Orca/IncidentTypes/incidenttype-OrcaAlert.json
Packs/Orca/Integrations/OrcaEventCollector/OrcaEventCollector.yml
Packs/Orca/ModelingRules/OrcaModelingRules_1_3/OrcaModelingRules_1_3.yml
Packs/Orca/pack_metadata.json
Packs/PAN-OS/Playbooks/playbook-PAN-OS_-_Block_IP.yml
Packs/PAN-OS/Playbooks/playbook-PAN-OS_-_Block_IPs_From_EDL_-_Custom_Block_Rule.yml
Packs/PAN-OS/Playbooks/playbook-PAN-OS_-_Block_URL_-_Custom_URL_Category_6_10.yml
Packs/Palo_Alto_Networks_WildFire/Playbooks/Detonate_File_From_URL_-_WildFire_v2.yml
Packs/Palo_Alto_Networks_WildFire/Playbooks/Detonate_URL_-_WildFire_v2.2.yml
Packs/Palo_Alto_Networks_WildFire/Playbooks/WildFire_-_Detonate_file_v2.yml
Packs/Palo_Alto_Networks_WildFire/Playbooks/playbook-Detonate_File_-_WildFire.yml
Packs/Palo_Alto_Networks_WildFire/Playbooks/playbook-Detonate_File_From_URL_-_WildFire.yml
Packs/Palo_Alto_Networks_WildFire/Playbooks/playbook-Detonate_URL_-_WildFire-v2.1.yml
Packs/Palo_Alto_Networks_WildFire/Playbooks/playbook-Detonate_URL_-_WildFire-v2.yml
Packs/Palo_Alto_Networks_WildFire/Playbooks/playbook-Wildfire_Detonate_and_Analyze_File.yml
Packs/Palo_Alto_Networks_WildFire/pack_metadata.json
Packs/Workday/Classifiers/classifier-IAM_Sync_User_-_Workday.json
Packs/Workday/Integrations/WorkdayEventCollector/WorkdayEventCollector.yml
Packs/Workday/Integrations/WorkdaySignOnEventCollector/WorkdaySignOnEventCollector.yml
Packs/Workday/ModelingRules/WorkdayEventCollector/WorkdayEventCollector.yml
Packs/Workday/ParsingRules/WorkdayParsingRules/WorkdayParsingRules.yml
Packs/Workday/pack_metadata.json
Packs/rasterize/pack_metadata.json

@ilappe ilappe requested a review from idovandijk as a code owner April 8, 2025 07:21
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 8, 2025
edited
Loading

Coverage

Coverage Report
FileStmtsMissCoverMissing
Packs/Orca/Integrations/OrcaEventCollector
   OrcaEventCollector.py832075%32, 40–41, 43–44, 78–83, 85, 133–134, 138, 146–147, 171, 174–175
Packs/Workday/Integrations/WorkdayEventCollector
   WorkdayEventCollector.py770100% 
Packs/Workday/Integrations/WorkdaySignOnEventCollector
   WorkdaySignOnEventCollector.py1623379%117, 243, 251, 253, 261, 270–272, 274, 276, 278, 293, 297–298, 304, 344, 351, 385, 387–393, 395–397, 446–448, 473–474
TOTAL3225383% 

Tests Skipped Failures Errors Time
36 0 💤 0 ❌ 0 🔥 5.325s ⏱️

@ilappe ilappe requested a review from ShahafBenYakir April 8, 2025 07:29
@ilappe ilappe self-assigned this Apr 8, 2025
@ShahafBenYakir
Copy link
Contributor

Need to get back to you about Azure

ShahafBenYakir
ShahafBenYakir approved these changes Apr 8, 2025
View reviewed changes
Copy link
Contributor

@ShahafBenYakir ShahafBenYakir left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ilappe Please remove also AzureLogAnalytics from c1, c3. x0

@ilappe ilappe added the ForceMerge Forcing the merge of the PR despite the build status label Apr 8, 2025
@ilappe
Copy link
Contributor Author

ilappe commented Apr 8, 2025
edited
Loading

can be force merged #39509 (comment)
expected failures

@content-bot
Copy link
Collaborator

⚠️ The PR is missing the ready-for-pipeline-running label. Please add the label when the PR is ready in order to proceed.

@content-bot
Copy link
Collaborator

Validate summary
The following errors were thrown as a part of this pr: ST111, RN106, PA114, PB119, PB118, DO106, RM116.
The following errors can be ignored: PB119, PB118, RM116.
The following errors cannot be ignored: ST111, RN106, PA114, DO106.
The following errors don't run as part of the nightly flow and therefore can be force merged: ST111, RN106, PA114, PB119, PB118, DO106, RM116.

Verdict: PR can be force merged from validate perspective? ✅

@ShahafBenYakir ShahafBenYakir merged commit 257ca35 into master Apr 22, 2025
15 of 17 checks passed
@ShahafBenYakir ShahafBenYakir deleted the ilappe/update_supported_modules branch April 22, 2025 12:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ShahafBenYakir ShahafBenYakir ShahafBenYakir approved these changes

@idovandijk idovandijk Awaiting requested review from idovandijk idovandijk is a code owner

@amshamah419 amshamah419 Awaiting requested review from amshamah419 amshamah419 is a code owner

@thefrieddan1 thefrieddan1 Awaiting requested review from thefrieddan1 thefrieddan1 is a code owner

Assignees

@ilappe ilappe

Labels
docs-approved ForceMerge Forcing the merge of the PR despite the build status
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ilappe @ShahafBenYakir @content-bot