Crtx 205955 azure gov support #42286
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* update codeowners - platform automation (#40952) * update codeowners * Update CODEOWNERS * Update CODEOWNERS * Fix JiraV3 Issues Query using deprecated endpoint (#41025) * Update the issue query endpoint and replace start_at with next_page_token * Fix next page token output * Change to use old ep when start_at is given; add UTs * update rn * error message * Added BC note * Update 3_3_7.md * Apply suggestions from doc review Co-authored-by: Richard Bluestone <[email protected]> * log the actual error --------- Co-authored-by: Richard Bluestone <[email protected]> * Bump pack version. (#40999) * Nbensalmon/ciac 10618/collection app sentinels.ai (#39982) Appsentinels.ai offers a platform for collecting, analyzing, and managing security events to provide comprehensive application protection. * Updated Relationship names in Mandiant Enrich and Feed Mandiant Integ… (#40947) (#41113) * Updated Relationship names in Mandiant Enrich and Feed Mandiant Integration * Fixed typo in FeedMandiantThreatIntelligence.py * Increment pack version and Docker tags --------- Co-authored-by: adamlevymandiant <[email protected]> Co-authored-by: Adam Levy <[email protected]> * XSUP-54313 (#40991) * Initial implementation * Fix UT * ruff chagnes * UT * ruff * RN and UT * ruff * Update Packs/CrowdStrikeFalcon/ReleaseNotes/2_3_7.md Co-authored-by: Richard Bluestone <[email protected]> * Minor fix * Fix UT * Apply suggestion from @AradCarmi Co-authored-by: Arad Carmi <[email protected]> * Apply suggestion from @AradCarmi Co-authored-by: Arad Carmi <[email protected]> * Delete Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/integration-CrowdStrikeFalcon.yml * final CR * Change user key * Raise version * RN * Fix --------- Co-authored-by: Richard Bluestone <[email protected]> Co-authored-by: Arad Carmi <[email protected]> * Xsup 55040 (#41063) * required yml fields to allow mapping * yml changes * return results * return results * pre-commit * pre-commit * pr comments * pr comments * pre commot * Mark remaining internal scripts with isInternal (#41083) * Add missing isInternal to agentix scripts * Bump versions and RN * Update docker * Remove list notation from rn * Apply suggestions from doc review Co-authored-by: julieschwartz18 <[email protected]> * Fix rn * Bump pack from version CrowdStrikeFalcon to 2.3.9. * replace rn with generic message --------- Co-authored-by: julieschwartz18 <[email protected]> Co-authored-by: Content Bot <[email protected]> * fix get-endpoint-data action inputs (#41118) * bump version of aggregated scripts * Update 1_1_3.md * Whois - adding another regex for registrant_regexes (#41116) * add one log to see the raw-response as is * adding another regex for registrant_regexes * CRTX-165828 - Mapping Tigera Calico Secure (#40925) * create all files * remove unwanted files * update readme according to tech writer suggestions * update readme * create files * fix timestamp parsing rule * fix timestamp parsing rule * fix timestamp parsing rule * fix readme * fix readme * fix metadata - add platform * fix time parsing * fix time parsing * fix readme precommit error * fix readme precommit error * fix xif * readme file error * readme file error * fix xif * change ip_protocol * cisco umbrella - use risk score for domain verdict (#41000) * domaine verdict update to use risk score * update rn * Update Packs/Cisco-umbrella/ReleaseNotes/2_0_5.md Co-authored-by: yuvalbenshalom <[email protected]> * sectionOrder and docker image * add docker update to release note * send risk_score and improve threshold logic * update Threshold default value --------- Co-authored-by: yuvalbenshalom <[email protected]> * Updating Trend Micro Vision One pack (#41079) * Updating Trend Micro Vision One pack * Updating RN * fixing rn and md * fixing fields in modeling rules * TIM/Improve the removal of trailing characters in the format URL script (#41075) * TIM/Improve the removal of trailing characters in the format URL script * Bump pack from version CommonScripts to 1.20.7. * Bump pack from version CommonScripts to 1.20.8. * cr fixes * Bump pack from version CommonScripts to 1.20.9. * Bump pack from version CommonScripts to 1.20.10. * empty commit * fixes --------- Co-authored-by: Content Bot <[email protected]> * Microsoft Management Activity API (O365/Azure Events) integration request to have case insensitive for Operations to fetch (#41070) * Operation filter changed to lowercase * Operation filter changed to lowercase * formatter * formatter * formatter * back to doc change only * back to doc change only * Small change * Small change * Small change * Small change * merged from master * review changes * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity.yml Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity.yml Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity_description.md Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/MicrosoftManagementActivity/ReleaseNotes/1_3_60.md Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity_description.md Co-authored-by: julieschwartz18 <[email protected]> * Update Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity_description.md Co-authored-by: julieschwartz18 <[email protected]> * small changes * small changes * small changes * small changes * small changes * small changes * added to readme * added to readme * Update Packs/MicrosoftManagementActivity/ReleaseNotes/1_3_60.md Co-authored-by: Shelly Tzohar <[email protected]> --------- Co-authored-by: julieschwartz18 <[email protected]> Co-authored-by: Shelly Tzohar <[email protected]> * Fix get user data ad missing args (#41125) * fix the arg name username is directed to when calling ad-get-user * added rn --------- Co-authored-by: Dan Tavori <[email protected]> Co-authored-by: Sapir Malka <[email protected]> Co-authored-by: Richard Bluestone <[email protected]> Co-authored-by: Mike Rizzo <[email protected]> Co-authored-by: Niv Ben Salmon <[email protected]> Co-authored-by: content-bot <[email protected]> Co-authored-by: adamlevymandiant <[email protected]> Co-authored-by: Adam Levy <[email protected]> Co-authored-by: Tal Zichlinsky <[email protected]> Co-authored-by: Arad Carmi <[email protected]> Co-authored-by: Maya Goldman <[email protected]> Co-authored-by: julieschwartz18 <[email protected]> Co-authored-by: Content Bot <[email protected]> Co-authored-by: rshunim <[email protected]> Co-authored-by: akshotiamit-pa <[email protected]> Co-authored-by: yedidyacohenpalo <[email protected]> Co-authored-by: yuvalbenshalom <[email protected]> Co-authored-by: ellopez777 <[email protected]> Co-authored-by: Moshe Eichler <[email protected]> Co-authored-by: almog2296 <[email protected]> Co-authored-by: Shelly Tzohar <[email protected]> Co-authored-by: Yuval Hayun <[email protected]>
* CRTX-193174 * finish implemention py, add unit-test, add RN * Empty-Commit to trigger build * doc review fixes * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * doc review fixes * Empty-Commit to trigger build * add description * fix demo comments * fix UT, add contextpaths * add errors handling mechanism to the main * README fix * error hundling * RN change version number --------- Co-authored-by: talihaff <[email protected]>
* CRTX-192056 * implement commands * remove download and upload commands * fix yml contextpath, fix commands implemention, delete contextpath from README * add UT, doc review, little fix * Demo fixes * fix RM102 * reslove conflicts
* Empty-Commit - CRTX-187356
* add RN and commands template method
* update RN
* change RN, add commands templates, add command mapping, order REQUIRED_ACTIONS
* add yml commands, add methods
* add describe method, add quick actions, add contextpath
* fix pre-commit errors, change arguments names
* change supportsquickactions place in yml
* delete long context from yml fix describe command add readme
* fix pre-commit errors
* add arguments pretty names
* remove tag_specifications rewrite parse_filter_field
* change description of filter argument, limit filter regex, add RN
* add dot, add REQUIRED_ACTIONS, add tests
* fix error Using variable 'error_message' before assignment
* delete failed test
* add return to the delete_security_group_command
* fix regex
* fix regex
* error hundling
* fix method issue
* fix delete method and fix error entry
* fix parse_filter_field method
* improve regex
* add AWSErrorHandler, add pagination for describe_command,fix filter regexs, fix describe command
* fix aws-ec2-security-group-egress-authorize update README.md
* Empty-Commit - CRTX-187358
* change aws-ec2-security-group-describe to aws-ec2-security-groups-describe
* add quickaction prettypredefined
* fixed deleted ip_permissions arg
* change regex and errors hundling
* add COOC error handling
* replace *port* arg support, add bc RN
* fix UT
* error hundling
* error hundling
* remove quick action
* fix UT
* fix test_ec2_create_security_group_command_client_error test
* fix UT, add remove_encoded_authorization_message method
* fix UT
* change API Module, Fix UT, Fix README, Add ex to yml
* replace parse_resource_ids with argToList
* fix from argToList(args.get("group_ids",[]) to argToList(args.get("group_ids",[]))
* Update AWS.py
* remove AccountId context from aws-ec2-security-group-create command
* remove regex overlaps
* remove regex overlaps
* Update README.md
* change from_port to_port description, README Re-generated and doc-review fixes
* Update 3_0_0.md
* first implementation
* add describe_instances_command and fix yml
* Update AWS.py
* Update AWS.py
* change implementation, add more info to README
* fix tests according to new implemntion
* change yml for create command
* change ruff errors
* add parse_tag_field method
* Update AWS.py
* remove any CRTX-187356
* remove any CRTX-187356
* remove any CRTX-187356
* Add README for new commands, Delete yml not supported arguments, Add UT, Fix parse_tag_field method and add UT
* fix UT
* change AWSErrorHandler
* fix yml defaultvalue to defaultValue and change PREDEFINED from capital letters
* change defaultValue to defaultvalue in configuration AWS.yml
* change build_pagination_kwargs
* doc review
* doc review
* finish doc review
* add methods
* change process_instance_data
* fix CR review
* add tests form #40861 to here
* update docker, update RN, add errors handling mechanism to the main
* add tests and fix build_pagination_kwargs
* ruff format errors
* add errors handling mechanism to the main - aws error hundling
* ruff format errors
* change cotextpath
* change metadata version
* change context path
* Update AWS.py
* RM102 change
* Update README.md
* pre-commit fixes
* Update AWS.py
* Update AWS.py
* CR review fixes
* Update Packs/AWS/Integrations/AWS/AWS.yml
Co-authored-by: julieschwartz18 <[email protected]>
* fix error handling, fix UT
* reslove conflicts and CR review fixes
* reslove conflicts
* change metadata version
* CR review fixes
* reslove conflicts
---------
Co-authored-by: julieschwartz18 <[email protected]>
…41101) * feat: add AWS EKS, EC2 snapshot and ECS cluster management commands * style: reformat AWS integration YAML with consistent indentation and quotes * feat: add AWS EKS cluster management commands and update EC2 snapshot functionality * docs: relocate command descriptions to top of AWS integration command blocks * test: add AWS ECS/EKS/EC2 snapshot and cluster management tests * fix: add error handling and debug logs for AWS EC2, EKS and ECS operations, added tests * fix: update AWS region parameter and add missing EC2/EKS/ECS required actions * fix: update ECS cluster settings with correct parameter names and error handling * style: fix indentation in ECS cluster settings update method * refactor: move parse_tag_field function to module level and improve error handling - cr * refactor: simplify error handling in ECS cluster settings update + cr * cr * cr * cr * docs: add docstring and tests for EC2 snapshot permission modification * pc * feat: update AWS regions and remove redundant isArray flags in EKS commands * docs: consolidate AWS S3 bucket commands into v2.1.5 release notes * Changed context path to Snapshot * docs: update EC2 snapshot output paths from plural to singular form * fix: update EC2 snapshot test output prefix from plural to singular
* commands * unit tests and commands updates * error handling + fine tunning * removed iam unit tests + pre-commit updates * removed the iam commands * pre-commit updates * readme * yml + readme updates * rn * remove metadata-set command * review * pre-commit readme updates * unit tests and small fixes * small updates * small README update * remove debug statements * README pre-commit * labels-set add oprion and unit tests * pre-commit and small fixes * readme * xsoar * error handling explanation * cr updates * fixed unit tests * pre-commit * doc review * readme * add labels and labelFingerprint to hr * pre-commit * do106 * rn
* add pattern * add pattern * added commands to yml * added all commands * fixed yml * changes * fixed yml and py * added unittest beside the delete function * removed mock from publicip * fixed unittests * fixed pre commit errors * changed docker image, aligned readme and run precommit * fixed delete function * fixed conflicts * added command exmaples * fixed readme * fixed readme * added the permissions to the py file * Update pack_metadata.json * edited the permissions in the py file * run pre commit * fixed ai cr * added descriptions to functions * changes * added to readme * fixed readme * removed letter * fixed delete function * added unittest for delete * Added also the case of 200 in the delete command * Added patterns for the new 2 commands * added first command and permissions * added both commands * added to readme * added json and unttests for 2 commands * run pre commit * fixed permissions' * Apply suggestions from code review Co-authored-by: RotemAmit <[email protected]> * added 2 commands to rn * fixed errors in delete, commit before errors handeling change * Added a new dict and handle errors 401 and 403 * added unittests and fix error handling * added try-except to commands * run pre commit * fixed the delete function * fixed * added exmaples for 2 commands * removed the subsriptions list * removed the 2 additional commands * run pre commit * removed more in yml * removed jsons test and from commands examples * fixed handle_azure_error function * added descriptions * added a small test for etag * added return types * fixed delte rule functio * fixed delte rule functio * fixed issues after demo * fixed unittests * added more unittets * removed a file * added retuen statments * pre commit * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * fixed reture statments * added comments * fixed context paths * fixed readme * run pre commit * review and pre-commit * updated the doc strings * cr updates * doc review * README update * error entries --------- Co-authored-by: noydavidi <nodavidi.paloaltonetworks.com> Co-authored-by: RotemAmit <[email protected]>
* added the commands * added to readme * created rn * added the examples command and jsons * Added the util_load_json function * run pre commit * CR: extract Azure resource info parsing into dedicated function and simplify code * notes from demo * fix: move removeNull parameter to correct TableData constructor argument * pc * refactor: remove unused util_load_json function from Azure test file * doc review + pc --------- Co-authored-by: noydavidi <nodavidi.paloaltonetworks.com> Co-authored-by: MLainer1 <[email protected]>
* init aws-s3-delete-bucket-website command * delete_bucket_website_command done * wip modify_event_subscription_command * allign with naming convention and add aws-s3-bucket-ownership-controls-put * enforce OwnershipControls contain rules * put_bucket_ownership_controls_command validations * add aws-ec2-subnet-attribute-modify * fine tuning * wip modify_event_subscription_command * wip modify_event_subscription_command * wip * wip * add modify_subnet_attribute_command * wip * wip * done modify_subnet_attribute_command * add docstrings * delete expected bucket owner * create ownership control dict in code * add unit tests * fix unit tests * ruff format * ruff format * add rn, pack metadata and readme * revert pack metatadata * fix readme, output of aws-rds-event-subscription-modify * pre commit changes * fix arg_to_boolean_or_none * Update Packs/AWS/Integrations/AWS/AWS.py Co-authored-by: talihaff <[email protected]> * docs * Update Packs/AWS/Integrations/AWS/AWS.py Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * Update Packs/AWS/Integrations/AWS/AWS.yml Co-authored-by: talihaff <[email protected]> * ruff * ruff * add modify_event_subscription_command * empty commit * empty commit --------- Co-authored-by: talihaff <[email protected]>
* yml + .py * update after review * update after review * update after review * update after review * update after review * update after review * update after review * update after review * first commit * merged from dev-cloud * merged from dev-cloud * merged from dev-cloud * update * update
* add 2 qa's * add eks qa's * add iam qa * add rn * wrap code * fix qa's * add readme * Apply suggestions from code review Co-authored-by: RotemAmit <[email protected]> * pr comments * Apply suggestions from code review Co-authored-by: talihaff <[email protected]> * ruff format * ruff format * revert readme, format files * revert format * format yml * add new line in the end of file * fix qa name * revoke aws-iam-suspend-access-for-role-quick-action * remove empty line * revert Enable IMDSv2, Block S3 Public Access qa * merged * add rn --------- Co-authored-by: RotemAmit <[email protected]> Co-authored-by: talihaff <[email protected]>
…Traffic from Azure QA
* add commands * update rn * update rn * add unitests * changh yml path * changh yml path * readme fix * CR FIX * conflict solving * context solving * code review * code review * code review * Delete Packs/GCP/ReleaseNotes/1_1_1.md * code review * code review * code review * code review * code review * code review * code review
* feat: add Azure storage container and blob management endpoints * added yml * feat: add Azure blob storage tag management and deletion capabilities * feat: add Azure blob property management and public access control commands * style: add newlines between functions in AWS and Azure integration files * refactor: extract storage container headers into reusable method and standardize API calls * feat: reworked the azure commands * added 2 tests for check * Added tests * added tests * pc * ready to merge * rn * fix test + pc * pc * pc * pc * cr * added tests * added content_encoding list * pc * rn * fix tests with transform_response_to_context_format function * tests * cr * pc * fix test * rn * azure-storage-container-block-public-access to azure-storage-container-public-access-block in .py * azure-storage-container-block-public-access to azure-storage-container-public-access-block in .yml * azure-storage-container-block-public-access to azure-storage-container-public-access-block in README * azure-storage-container-block-public-access to azure-storage-container-public-access-block in rn
* is_gov account * small fixes and unit tests * removed a line * removed a line * removed the call to is_gov_account after testing * removed the call to is_gov_account after testing * rn * rn * rn * cr * removed the check for a single account * more debug logs * updated the debug logs * updated the debug logs
RotemAmit
reviewed
Dec 30, 2025
Contributor
RotemAmit
left a comment
RotemAmit
left a comment
There was a problem hiding this comment.
Nice work!
See my notes and questions.
| } | ||
| DEFAULT_SCOPE = "https://management.azure.com/.default" | ||
| DEFAULT_RESOURCE = "https://management.azure.com/" | ||
| DEFAULT_RESOURCE = "https://management.azure.com" |
Contributor
There was a problem hiding this comment.
Why did you removed the "/"?
It is also being used in get_command_resource function.
| global PREFIX_URL_AZURE | ||
| global PREFIX_URL_MS_GRAPH | ||
|
|
||
| BLOB_SERVICE_PREFIX = "blob.core.usgovcloudapi.net " |
Contributor
There was a problem hiding this comment.
Suggested change
| BLOB_SERVICE_PREFIX = "blob.core.usgovcloudapi.net " | |
| BLOB_SERVICE_PREFIX = "blob.core.usgovcloudapi.net" |
Is the extra space intentional?
| demisto.debug(f"Command being called is {command}") | ||
| connector_id = get_connector_id() | ||
| demisto.debug(f"{connector_id=}") | ||
| account_id = (get_from_args_or_params(params=params, args=args, key="subscription_id"),) |
Contributor
There was a problem hiding this comment.
Suggested change
| account_id = (get_from_args_or_params(params=params, args=args, key="subscription_id"),) | |
| account_id = get_from_args_or_params(params=params, args=args, key="subscription_id") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
fixes: link to the issue
Description
A few sentences describing the overall goals of the pull request's commits.
Must have