Xpanse api updates (#29464)

* Xpanse api updates (#29339)

* improve classifier setup

* release notes

* release notes style

* remove field applicability

* Apply suggestions from code review

Co-authored-by: johnnywilkes <[email protected]>

---------

Co-authored-by: johnnywilkes <[email protected]>

* Fix missing dot

* Revert "Bump markdownlint from 0.26.2 to 0.30.0 (#28899)" (#29481)

This reverts commit e169068.

* fix using deprecated -vvv argument when calling the demisto sdk (#29470)

Co-authored-by: kobymeir <[email protected]>

* Update Docker Image To demisto/oci  (#29488)

* Updated Metadata Of Pack OracleCloudInfrastructure

* Added release notes to pack OracleCloudInfrastructure

* Packs/OracleCloudInfrastructure/Integrations/OracleCloudInfrastructureEventCollector/OracleCloudInfrastructureEventCollector.yml Docker image update

* Update Docker Image To demisto/taxii2  (#29490)

* Updated Metadata Of Pack FeedUnit42v2

* Added release notes to pack FeedUnit42v2

* Packs/FeedUnit42v2/Integrations/FeedUnit42v2/FeedUnit42v2.yml Docker image update

* Update Docker Image To demisto/netmiko  (#29501)

* Updated Metadata Of Pack Netmiko

* Added release notes to pack Netmiko

* Packs/Netmiko/Integrations/Netmiko/Netmiko.yml Docker image update

* Deprecating block url generic (#29453)

* Release Notes

* enhance

* RN

* validation fix

* fix

* Bump pack from version CommonPlaybooks to 2.5.0.

* fix

* fix

* fix

---------

Co-authored-by: Content Bot <[email protected]>

* Fix dnstwistTest TPB (#29455)

* Change domain argument in task 6

* Update task 6 name

* Test different domain argument due to timeout

* Fix Get Original Email - Microsoft Graph Mail - test TPB (#29467)

* Update MessageID and SHA256 values in the TPB

* Update secrets-ignore

* New features for emails (#29400)

* New features for emails (#28916)

* New features for emails

* Fix validations

* Fix lint and test

* Increase coverage and fix validation

* Increase test coverage

* Manual report condition

* Request changes

* Fixes request changes

* Fix last fetch

* Skip event with last fetch time

* Remove sensitive data

* Change args from simple to complex format

* Update notification endpoint

* Minor fixes

* Fix layout field

* Fix condition for manual alerts

* Update docker

* Add button to get campaign result and fix scan info command output

* Update release notes

* fix Rn

* fix rn

* fix rn

* remove an empty line

* add a "." for validation to pass

* one more period

---------

Co-authored-by: Christian Gutierrez <[email protected]>
Co-authored-by: Yehuda <[email protected]>

* Security scans (#25915)

* added as a new build flow

* reverted gitlab

* changed ref to master

---------

Co-authored-by: Andrew Scott <[email protected]>
Co-authored-by: johnnywilkes <[email protected]>
Co-authored-by: Michael Yochpaz <[email protected]>
Co-authored-by: Koby Meir <[email protected]>
Co-authored-by: kobymeir <[email protected]>
Co-authored-by: ArikDay <[email protected]>
Co-authored-by: Content Bot <[email protected]>
Co-authored-by: samuelFain <[email protected]>
Co-authored-by: Christian Gutierrez <[email protected]>
Co-authored-by: Yehuda <[email protected]>
Co-authored-by: Yuval Cohen <[email protected]>

Author: 12 people

Packs/CortexXpanse/Classifiers/classifier-Xpanse_-_Incoming_Mapper.json

@@ -9,7 +9,7 @@
 				"Xpanse Alert ID": {
 					"complex": {
 						"filters": [],
-						"root": "external_id",
+						"root": "alert_id",
 						"transformers": []
 					}
 				},
@@ -78,19 +78,10 @@
 				"Xpanse IP": {
 					"complex": {
 						"filters": [],
-						"root": "action_remote_ip",
+						"root": "ipv4_addresses",
 						"transformers": [
 							{
-								"args": {
-									"applyIfEmpty": {},
-									"defaultValue": {
-										"isContext": true,
-										"value": {
-											"simple": "ipv4_addresses[0]"
-										}
-									}
-								},
-								"operator": "SetIfEmpty"
+								"operator": "FirstArrayElement"
 							}
 						]
 					}
@@ -175,14 +166,35 @@
         "dbot_classification_incident_type_all": {
             "dontMapEventToLabels": false,
             "internalMapping": {
-                "Tags": {
-                    "complex": {
+				"Description": {
+					"simple": "description"
+				},
+				"Destination IP": {
+					"complex": {
+						"filters": [],
+						"root": "ipv4_addresses",
+						"transformers": [
+							{
+								"operator": "FirstArrayElement"
+							}
+						]
+					}
+				},
+				"Protocol": {
+					"complex": {
+						"filters": [],
+						"root": "port_protocol",
+						"transformers": []
+					}
+				},
+				"Tags": {
+					"complex": {
                         "filters": [],
                         "root": "tags",
                         "transformers": []
                     }
-                }
-            }
+				}
+			}
         }
     },
     "name": "Xpanse - Incoming Mapper",

Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Tags.json

@@ -22,7 +22,7 @@
     "threshold": 72,
     "type": "shortText",
     "unmapped": false,
-    "unsearchable": true,
+    "unsearchable": false,
     "useAsKpi": true,
     "version": -1,
     "fromVersion": "6.5.0"

Packs/CortexXpanse/IncidentFields/incidentfields-Xpanse_Provider.json

@@ -19,9 +19,12 @@
     "group": 0,
     "hidden": false,
     "openEnded": false,
-    "associatedToAll": true,
+    "associatedToAll": false,
+    "associatedTypes": [
+        "Xpanse Alert"
+    ],
     "unmapped": false,
-    "unsearchable": true,
+    "unsearchable": false,
     "caseInsensitive": true,
     "sla": 0,
     "threshold": 72,

Packs/CortexXpanse/Integrations/CortexXpanse/CortexXpanse.yml

@@ -399,7 +399,7 @@ script:
       - resolved_contested_asset
       - resolved_remediated_automatically
       - resolved
-    - description: Comma-separated list of strings of the business units
+    - description: Comma-separated list of strings of the business units.
       name: business_units_list
     - description: A date in the format 2019-12-31T23:59:00. Only incidents that were created on or before the specified date/time will be retrieved.
       name: lte_creation_time
@@ -686,6 +686,8 @@ script:
   script: ''
   subtype: python3
   type: python
+defaultmapperin: Xpanse - Incoming Mapper
+defaultclassifier: Xpanse - Classifier
 fromversion: 6.5.0
 tests:
 - CortexXpanse_Test

Packs/CortexXpanse/ReleaseNotes/1_0_10.md

@@ -0,0 +1,18 @@
+
+#### Integrations
+##### Cortex Xpanse
+
+- Updated the default classifier and incoming mapper for the integration.
+
+#### Mappers
+##### Xpanse - Incoming Mapper
+
+- Updated the targets for several fields for improved accuracy and formatting.
+
+#### Incident Fields
+##### Xpanse Tags
+Updated the field to be searchable.
+
+##### Xpanse Provider
+Updated the field to be searchable and to not be scoped to all incident types.
+

Packs/CortexXpanse/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Cortex Xpanse",
     "description": "Content for working with Attack Surface Management (ASM).",
     "support": "xsoar",
-    "currentVersion": "1.0.9",
+    "currentVersion": "1.0.10",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",