Add support for Sites to SentinelOne threat commands #15088
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
content-bot
changed the base branch from
master
to
contrib/Xantrion_sf/sentinelone_add_siteids
content-bot
added
Community
Contribution Form Filled
|
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @ChanochShayner will know he can start review the proposed changes. |
|
The CircleCI check from your latest pushed commit was unsuccessful. @StephenFerrero take a look at the build by clicking this link. Failed Build Steps
Try and address the listed CircleCI build step failures at your earliest convenience. This will greatly expedite the process of getting your proposed changes merged into master. Happy coding and may the force be with you. |
|
I took a look at the CircleCI validations and see the error:
I'm not sure what this means, hopefully someone can point me in the right direction. Thanks |
ShahafBenYakir
requested review from
ShahafBenYakir
and removed request for
ChanochShayner
Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml
Outdated
Show resolved
Hide resolved
Move description to additionalInfo Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com>
|
Great, I submitted that change, thanks! |
|
The CircleCI build failed again. @StephenFerrero take a look at the build details here - and try and fix the issues so that we can merge your proposed changes as soon as possible. Failed Build Steps
|
|
@StephenFerrero Tried to reach over slack to set up a short demo for this, can you check your DMs? |
|
This PR is starting to get a little stale. @StephenFerrero are there any changes you wanted to make since @ShahafBenYakir's last comment? |
ShahafBenYakir
merged commit 0d8d66f
into
demisto:contrib/Xantrion_sf/sentinelone_add_siteids
11 tasks
ShahafBenYakir
added a commit
that referenced
this pull request
Oct 10, 2021
* Add site_ids for fetching threats * Release notes, version bump * Update display text * Update type * Remove branch * cleanup * Documentation * Suggested changes Move description to additionalInfo Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> Co-authored-by: Stephen Ferrero <stephenferrero@gmail.com> Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com>
DeanArbel
pushed a commit
that referenced
this pull request
Oct 13, 2021
* Add site_ids for fetching threats * Release notes, version bump * Update display text * Update type * Remove branch * cleanup * Documentation * Suggested changes Move description to additionalInfo Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> Co-authored-by: Stephen Ferrero <stephenferrero@gmail.com> Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com>
DeanArbel
added a commit
that referenced
this pull request
Oct 13, 2021
) * move alt_targets arg to body * typo * Update Packs/Tenable_io/ReleaseNotes/1_1_5.md Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com> * Update Packs/Tenable_io/ReleaseNotes/1_1_5.md * Remove Problematic Echoing of Shell Version (#15227) * Move echo shell version to after node installation * Remove problematic echoing of shell version Co-authored-by: avidan-H <> * added the headers argument (#15213) * Cherwell enhancements (#14473) * MispV3 update attribute command added (#15194) * added the command to update attribute * update RN * update readme * update TPB * remove wrong outputs * remove wrong outputs * changes by CR * avoid using mutable in funcs * update RN * Fileorbis integration (#15234) * Fileorbis integration (#15202) * FileOrbis integration added * FileOrbis Pack metadata updated * FileOrbis integration output names fixed * FileOrbis integration readme file fixed * FileOrbis url added to .secrets-ignore * FileOrbis pack author image added * FileOrbis pack review suggestions fixed * FileOrbis pack readme.md suggestions implemented Co-authored-by: hüsrev beyazışık <husrev.beyazisik@gmail.com> * Update .pack-ignore * Update .pack-ignore Co-authored-by: hakcekoce <huseyinakcekoce@gmail.com> Co-authored-by: hüsrev beyazışık <husrev.beyazisik@gmail.com> Co-authored-by: Darya Koval <72339940+daryakoval@users.noreply.github.com> * Update README.md (#15196) (#15219) * Update README.md Updated description * Add files via upload * Update README.md * Update README.md * Update Packs/Druva/README.md Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> Co-authored-by: sahilgoyaldruva <67701610+sahilgoyaldruva@users.noreply.github.com> Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> Co-authored-by: ShahafBenYakir <shahaf.benyakir@demisto.com> * Update pack_metadata.json (#15197) (#15221) Updated pack name and description Co-authored-by: sahilgoyaldruva <67701610+sahilgoyaldruva@users.noreply.github.com> Co-authored-by: iyeshaya <iyeshaya@paloaltonetworks.com> * fix the ListUsedDockerImages to fine tune the output result. (#15193) * fix the ListUsedDockerImages to fine tune the output result. * update RN * Update description of Azure Sentinel integration (#15229) * update description * update description * update description - CR changes * Update AzureSentinel_description.md Made minor textual changes. * Update README.md Made same changes here. Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com> * SecurityAndCompliance: Added ref to MS limitations article (#15110) * Added a ref to the MS known eDiscovery limits article in the README.md * Bumped version and added rn * Changed polling args to be pb and sub pb inputs * RN * modified default polling commands inputd * Increased timeout * Trigger push * increased memory threshold * Timeout, timeouts everywhere. * Timeout, timeouts everywhere. * Add O365-SecurityAndCompliance-ContextResults-Test to skipped * Fix mock of time (#15011) * Fix mock of time * Add release notes * Retract release notes * Added control over which core packs are upgraded. (#15124) * Added control over which core packs are upgraded. * review fixes * fixed file structure * Update Tests/Marketplace/upload_packs.py Co-authored-by: Noy-Maimon <72340690+Noy-Maimon@users.noreply.github.com> * Update Tests/Marketplace/copy_and_upload_packs.py Co-authored-by: Noy-Maimon <72340690+Noy-Maimon@users.noreply.github.com> * fix lint * fix lint Co-authored-by: Noy-Maimon <72340690+Noy-Maimon@users.noreply.github.com> * Adding Classifiers, Mappers, Incident Type, Incident Fields (#15014) (#15233) * feat: added Lacework sub-account capability * feat: added Incident Type, Incident Fields, Classifier and Mapper * doc: Adding release notes and bumping version * fix: removed trailing whitespace * feat: added additional Incident Fields & Mappings for compliance * docs: noted new Incident Fields in the 1_1_0.md README * fix: updated 5.x classifier GUID * fix: added descriptions for all Incident Fields * docs: cleaned up v1.1 release notes * fix: updated the ID of the 5.x Classifier * fix: added default Classifier/Mapper * fix: updated to latest demisto/lacework docker image Co-authored-by: Alan Nix <65611624+alannix-lw@users.noreply.github.com> * XSOAR RF 2.3 release (#14780) (#15230) * Add two new comands to change alert status and add fetch incidents * Updated docker version and documentation * add types and fix mypy * fix bug for inteligence command when there was no data in ip location * change error message in test-module * Change error handling. Remove default value for rules * update release note * update license year * update docker image * rename setnote and writestatus command * update docker image version * fix docker image * PR fix. Added test. Added max_fetch for fetching incidents * fix secret * fix variable naming * bump release version * bump version. remove real email * update doc text * add RecordedFuture type and layout. Formatting. Context for alert cmd * add updates to release notes * Update Packs/RecordedFuture/ReleaseNotes/1_2_0.md * Update Packs/RecordedFuture/ReleaseNotes/1_2_0.md * update readme. Change the file name and the name of RF incident type * update release notes * bump the fromVersion for layout, incidenttype and fields * revert changes to indicatorfield fromVersion Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com> Co-authored-by: rderkachrf <86717829+rderkachrf@users.noreply.github.com> Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com> * Update README.md (#15218) (#15242) Co-authored-by: Rohan Puri <rohan@securityadvisor.io> * [malwarebytes-254] Fix for RTP Detections(EP) incident creation. (#15238) (#15246) * Fix for RTP Detections(EP) incident creation. * Update 1_1_4.md Co-authored-by: rskumar-mwb <48316606+rskumar-mwb@users.noreply.github.com> * add rbac support (#15245) * Reducing memory usage for DBotBuildPhishingClassifier (#15079) * Reducing memory usage for DBotBuildPhishingClassifier * ADDED RN * Update RN * Update RN * updated release notes * Moving playbook tests from Base pack to ML pack as playbooks fail without their ML dependencies Co-authored-by: yaakovi <syaakovi@paloaltonetworks.com> * Add support for Sites to SentinelOne threat commands (#15088) (#15249) * Add site_ids for fetching threats * Release notes, version bump * Update display text * Update type * Remove branch * cleanup * Documentation * Suggested changes Move description to additionalInfo Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> Co-authored-by: Stephen Ferrero <stephenferrero@gmail.com> Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> * F5 LTM Integration (#14914) (#15220) * List Pack Update * List Pack Update * LTM Integration * F5 LTM * Adding command * Additional Commands * Additional Commands * Adding LTM Commands * Additional Commands * Additional Commands * PR Commit * Linting Update * PR Update * PR Update 2 * PR Updates * Adding more inputs * Update README * Added F5 Version * A Lint fix * A Lint fix * Update pack metadata * Added my Github Rep as a metadata url * URL Field Co-authored-by: Ayman Mahmoud <57979775+ayman-m@users.noreply.github.com> * Kela radark (#15248) (#15250) * KELARaDark v1.0.0 * KELARaDark V1 after PR fixes * KELARaDark V1 add unit tests * KELARaDark V1 add unit tests * KELARaDark V1 add unit tests * Item purchase issue fix * KELA RaDark v1.0.1 item purchase bug fix * KELA RaDark v1.0.1 item purchase bug fix Co-authored-by: galm@ke-la.com <85884207+gal-mos@users.noreply.github.com> * Deprecate Largest Inputs And Outputs In Incidents and Largest Incidents by Storage Size (#15176) * deprecate largest_incidents * update no incident found message * add deprecate: true * update rn * remove toversion and replace with deprecate * add that system diagonistics is available from version 6.2.0 * Apply suggestions from code review Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * silverfront_pack_readme_file (#15244) * pack_readme_file * minor re-format * secret * crowdstrike falcon generate status fix (#15153) Fixed an issue where the predefined values of **status** argument in command **cs-falcon-search-device** were incorrect. * Update Docker Image To demisto/feed-performance-test (#15261) * Updated Metadata Of Pack DeveloperTools * Added release notes to pack DeveloperTools * Packs/DeveloperTools/Integrations/CreateMockFeed/CreateMockFeed.yml Docker image update * XDR - Port-Scan input validation fix (#15209) * Playbook fix * plabook docs * Release notes * Release notes * Playboook reformat * Docs fix * doc fix * EditServerConfig - new script (#15256) * added a new script * update RN * spelling issue * fix lint errors * update RN * spelling issues * spelling issues * added to conf.json * pan-os network objects on panorama (#15247) * pan-pos network objects on panorama * re phrase errors * add typing * add mocker * ass missing space * set template in the intialize_params func * add comment * OutOfOfficeListCleanup - cleanup OOO list only when the list changed (#15184) * use setList command only when modified * update RN * fix mypy * add unitests * update RN * Update Packs/ShiftManagement/ReleaseNotes/1_2_6.md Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com> * XDR xql docs improvement (#15251) * Added role to docs * added link * Update Packs/CortexXDR/Integrations/XQLQueryingEngine/README.md Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com> * All search tickets in Contents (#15136) (#15269) * All search tickets in Contents OTRS Integrations search command only contained the last raw ticket in "Contents". Fixed to store all of them in list like EntryContext. * Pack Notes * Update pack_metadata.json * Create 1_0_5.md * Update Packs/OTRS/ReleaseNotes/1_0_5.md Co-authored-by: Shachar Kidor <82749224+ShacharKidor@users.noreply.github.com> Co-authored-by: ckaadic <48683125+ckaadic@users.noreply.github.com> Co-authored-by: Shachar Kidor <82749224+ShacharKidor@users.noreply.github.com> Co-authored-by: h <skidorball@paloaltonetworks.com> * Update README.md (#15264) (#15284) * Update README.md * Update Packs/Sepio/README.md Co-authored-by: Darya Koval <72339940+daryakoval@users.noreply.github.com> Co-authored-by: Darya Koval <72339940+daryakoval@users.noreply.github.com> Co-authored-by: sepioGH <92291521+sepioGH@users.noreply.github.com> Co-authored-by: Darya Koval <72339940+daryakoval@users.noreply.github.com> * deprecate Devo integration (#15258) * update reputations command - is array 2 (#15146) * ignore IN144 error * update rn * update rn * update rn * update rn * update rn * update reputations command - is array 3 (#15148) * ignore IN144 error * update rn * update reputations command - is array 4 (#15149) * ignore IN144 error * update Guardicore * update rn * update reputations command - is array 1 (#15145) * ignore IN144 error * update rn * update CB * Update README.md Cofense Feed (#15130) (#15279) * Update README.md * Update pack_metadata.json * Create 1_0_14.md * Update Packs/FeedCofense/README.md Co-authored-by: Matt Chase <52938925+mchasepan@users.noreply.github.com> * Update README.md * Update Packs/FeedCofense/README.md Co-authored-by: Matt Chase <52938925+mchasepan@users.noreply.github.com> * Update README.md * Update Packs/FeedCofense/README.md Co-authored-by: Shachar Kidor <82749224+ShacharKidor@users.noreply.github.com> * Add files via upload * Update pack_metadata.json * Update pack_metadata.json * move author image file * trim description Co-authored-by: Matt Chase <52938925+mchasepan@users.noreply.github.com> Co-authored-by: Shachar Kidor <82749224+ShacharKidor@users.noreply.github.com> Co-authored-by: ShacharKidor <skidorball@paloaltonetworks.com> Co-authored-by: mjsaurbaugh <mjsaurbaugh@gmail.com> Co-authored-by: Matt Chase <52938925+mchasepan@users.noreply.github.com> Co-authored-by: Shachar Kidor <82749224+ShacharKidor@users.noreply.github.com> Co-authored-by: ShacharKidor <skidorball@paloaltonetworks.com> Co-authored-by: ShahafBenYakir <shahaf.benyakir@demisto.com> * fix ignore file (#15286) * fix bug when running using playbook (#15265) * fix bug when running using playbook * fix bug when running using playbook * fixed yml texts * Update Packs/ShiftManagement/Scripts/ManageOOOusers/ManageOOOusers.py Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> * Update Packs/ShiftManagement/Scripts/ManageOOOusers/ManageOOOusers.py Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> * fixed lint * ignore missing pb as it is redundent (approved by TL) * trying to add test playbook Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> * Initial commit of HYASProtect (#15108) (#15270) * Initial commit of HYASProtect * Adding missing files :-) Co-authored-by: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Co-authored-by: ShahafBenYakir <shahaf.benyakir@demisto.com> * update fields prefix (#15273) * Bump automation scripts to Python3 (#15240) * DumpJSON * update dumpjson readme * GetIndicatorDBotScore * InRange * update pipfiles and subtype * IsListExist * fix W292 and F401 * LoadJSON * RepopulateFiles * ReverseList * RunPollingCommand * update pipfiles * SetByIncidentId * SetIfEmpty * use str instead of basestr * adjust setifempty unicode test * Update Packs/CommonScripts/Scripts/DumpJSON/DumpJSON.py Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com> * Update Packs/CommonScripts/Scripts/IsListExist/IsListExist.yml Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com> * Update Packs/CommonScripts/Scripts/SetByIncidentId/SetByIncidentId.py Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com> * revert runpollingcommand Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com> * Update README.md (#15274) Added the following to the Listen Port description in light of demisto/etc#41066: You can use any available port except for 80, 443, or 9100. When the `instance.execute.external.<instance_name>` key is set to true, Cortex XSOAR redirects the endpoint from HTTPS to the container on the port that you specify here, using port 443 as the secured publicly open port. * bump version (#15298) * Adding Cyren Inbox Security cortex integration pack (#15294) * Adding Cyren Inbox Security cortex integration pack (#14074) * Adding Cyren Inbox Security cortex integration pack * fix review comments * fix review comments re simulation * fix review comments * fix review comments * latest fixes after integration demo * add pack and secret ignore files to fix failing build * fix readme images failed build * fix readme images failed build * fix readme relative path images * fix readme relative path images * fix review comments * fix review comments * fix additional reviews * fix doc reviews * Update Cyren_Inbox_Security_Default.yml Co-authored-by: Eran Levy <mceranlevy@gmail.com> Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com> * PAN-OS - Documentation and metadata improvements around push (#15297) * PAN-OS - Documentation and metadata improvements around push * Update Packs/PAN-OS/Integrations/Panorama/Panorama.yml Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * add whitespace Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * [Marketplace Contribution] Forward XSOAR Audit Logs to Splunk HEC (#15287) * [Marketplace Contribution] Forward XSOAR Audit Logs to Splunk HEC (#15119) * "pack contribution initial commit" * Update Packs/ForwardXSOARAuditLogsToSplunkHEC/Scripts/ForwardAuditLogsToSplunkHEC/ForwardAuditLogsToSplunkHEC.yml Co-authored-by: Darya Koval <72339940+daryakoval@users.noreply.github.com> * Update Packs/ForwardXSOARAuditLogsToSplunkHEC/Scripts/ForwardAuditLogsToSplunkHEC/ForwardAuditLogsToSplunkHEC.yml Co-authored-by: Darya Koval <72339940+daryakoval@users.noreply.github.com> * Update Packs/ForwardXSOARAuditLogsToSplunkHEC/Scripts/ForwardAuditLogsToSplunkHEC/ForwardAuditLogsToSplunkHEC.yml Co-authored-by: Darya Koval <72339940+daryakoval@users.noreply.github.com> * Update Packs/ForwardXSOARAuditLogsToSplunkHEC/Scripts/ForwardAuditLogsToSplunkHEC/ForwardAuditLogsToSplunkHEC.yml Co-authored-by: Darya Koval <72339940+daryakoval@users.noreply.github.com> * Update Packs/ForwardXSOARAuditLogsToSplunkHEC/pack_metadata.json Co-authored-by: Darya Koval <72339940+daryakoval@users.noreply.github.com> * Update pack_metadata.json * Update Packs/ForwardXSOARAuditLogsToSplunkHEC/Scripts/ForwardAuditLogsToSplunkHEC/ForwardAuditLogsToSplunkHEC.yml Co-authored-by: Darya Koval <72339940+daryakoval@users.noreply.github.com> * Update Packs/ForwardXSOARAuditLogsToSplunkHEC/Scripts/ForwardAuditLogsToSplunkHEC/ForwardAuditLogsToSplunkHEC.yml Co-authored-by: Darya Koval <72339940+daryakoval@users.noreply.github.com> * Update .pack-ignore * Update ForwardAuditLogsToSplunkHEC.yml Co-authored-by: Hruuttila <54942613+Hruuttila@users.noreply.github.com> Co-authored-by: Darya Koval <72339940+daryakoval@users.noreply.github.com> * Update Packs/ForwardXSOARAuditLogsToSplunkHEC/Scripts/ForwardAuditLogsToSplunkHEC/ForwardAuditLogsToSplunkHEC.yml Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: Hruuttila <54942613+Hruuttila@users.noreply.github.com> Co-authored-by: Darya Koval <72339940+daryakoval@users.noreply.github.com> * Added trigger for a secrets detection run (#15169) * added scripts * change to env * change to env * change to env * change to env * change to env * change to env * change to env * change to env * change to env * add fake secret for testing * add fake secret for testing * add fake secret for testing * add fake secret for testing * added checking result * added fake secret test * added print * added new step * added new step * added new step * added new step * added new step * added new step * added new step * added new step * added new step * added new step * added new step * remove installed packs * remove installed packs * debugging * debugging * debugging * debugging * debugging * debugging * debugging * remove secret * added api key arg * code improve * add fake secrets * make the pring better * revert changes with fake secrets * changed var name * change according to CR * changes according to CR * update link to layout not to playbook * update link to layout not to playbook * no change commit * no change commit * no change commit * no change commit * changes according to CR * add fake secret * remove temp changes * Disable sdk_nightly (#15302) Disable sdk_nightly * Add user ids to pagerduty (#15277) (#15305) * Add user IDs to responses When using the contact methods or notification command, it asks for User ID. Add UserID to context when returning incident data. * Add supporting things for code change * Update README.md * Update README.md * Update Packs/PagerDuty/ReleaseNotes/1_0_8.md Co-authored-by: Darya Koval <72339940+daryakoval@users.noreply.github.com> Co-authored-by: iyeshaya <81752898+iyeshaya@users.noreply.github.com> Co-authored-by: Darya Koval <72339940+daryakoval@users.noreply.github.com> Co-authored-by: Chris Schafer <51336089+upstart-swiss@users.noreply.github.com> Co-authored-by: iyeshaya <81752898+iyeshaya@users.noreply.github.com> Co-authored-by: Darya Koval <72339940+daryakoval@users.noreply.github.com> * ignore fork PRs (#15307) Co-authored-by: Bar Katzir <37335599+bakatzir@users.noreply.github.com> Co-authored-by: avidan-H <46294017+avidan-H@users.noreply.github.com> Co-authored-by: Shai Yaakovi <30797606+yaakovi@users.noreply.github.com> Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> Co-authored-by: Aviya Baumgarten <71635916+abaumgarten@users.noreply.github.com> Co-authored-by: content-bot <55035720+content-bot@users.noreply.github.com> Co-authored-by: hakcekoce <huseyinakcekoce@gmail.com> Co-authored-by: hüsrev beyazışık <husrev.beyazisik@gmail.com> Co-authored-by: Darya Koval <72339940+daryakoval@users.noreply.github.com> Co-authored-by: sahilgoyaldruva <67701610+sahilgoyaldruva@users.noreply.github.com> Co-authored-by: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> Co-authored-by: ShahafBenYakir <shahaf.benyakir@demisto.com> Co-authored-by: iyeshaya <iyeshaya@paloaltonetworks.com> Co-authored-by: Wissam Ghammashi <wghammashi@paloaltonetworks.com> Co-authored-by: Israel Lappe <79846863+ilappe@users.noreply.github.com> Co-authored-by: yaron-libman <43783884+yaron-libman@users.noreply.github.com> Co-authored-by: Bargenish <bgenish@paloaltonetworks.com> Co-authored-by: Agam More <agmore@paloaltonetworks.com> Co-authored-by: Dan Sterenson <38375556+dansterenson@users.noreply.github.com> Co-authored-by: Noy-Maimon <72340690+Noy-Maimon@users.noreply.github.com> Co-authored-by: Alan Nix <65611624+alannix-lw@users.noreply.github.com> Co-authored-by: rderkachrf <86717829+rderkachrf@users.noreply.github.com> Co-authored-by: Rohan Puri <rohan@securityadvisor.io> Co-authored-by: rskumar-mwb <48316606+rskumar-mwb@users.noreply.github.com> Co-authored-by: Itay Keren <ikeren@paloaltonetworks.com> Co-authored-by: Lior Perry <lperry@paloaltonetworks.com> Co-authored-by: yaakovi <syaakovi@paloaltonetworks.com> Co-authored-by: Stephen Ferrero <stephenferrero@gmail.com> Co-authored-by: Ayman Mahmoud <57979775+ayman-m@users.noreply.github.com> Co-authored-by: galm@ke-la.com <85884207+gal-mos@users.noreply.github.com> Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> Co-authored-by: iyeshaya <81752898+iyeshaya@users.noreply.github.com> Co-authored-by: ilaner <88267954+ilaner@users.noreply.github.com> Co-authored-by: EliorKedar <60568193+EliorKedar@users.noreply.github.com> Co-authored-by: ckaadic <48683125+ckaadic@users.noreply.github.com> Co-authored-by: Shachar Kidor <82749224+ShacharKidor@users.noreply.github.com> Co-authored-by: h <skidorball@paloaltonetworks.com> Co-authored-by: sepioGH <92291521+sepioGH@users.noreply.github.com> Co-authored-by: EyalPintzov <91007713+eyalpalo@users.noreply.github.com> Co-authored-by: Bar Chen <54398957+barchen1@users.noreply.github.com> Co-authored-by: mjsaurbaugh <mjsaurbaugh@gmail.com> Co-authored-by: Matt Chase <52938925+mchasepan@users.noreply.github.com> Co-authored-by: Jasmine Beilin <71636766+JasBeilin@users.noreply.github.com> Co-authored-by: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Co-authored-by: okaufman34 <88036406+okaufman34@users.noreply.github.com> Co-authored-by: MosheGalitzky <57589449+moishce@users.noreply.github.com> Co-authored-by: Eran Levy <mceranlevy@gmail.com> Co-authored-by: Yaakov Praisler <59408745+yaakovpraisler@users.noreply.github.com> Co-authored-by: xsoar-bot <67315154+xsoar-bot@users.noreply.github.com> Co-authored-by: Hruuttila <54942613+Hruuttila@users.noreply.github.com> Co-authored-by: tkatzir <tkatzir@paloaltonetworks.com> Co-authored-by: Chris Schafer <51336089+upstart-swiss@users.noreply.github.com>
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Description
This PR aims to add support for filtering by Site ID to the existing get-sentinelone-threats command as well as the fetch command for the SentinelOne integration.
Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have