From 26983da8ad1bbce5a79ce3ddc4c2cd4cdba39e55 Mon Sep 17 00:00:00 2001
From: content-bot <55035720+content-bot@users.noreply.github.com>
Date: Wed, 25 Sep 2024 17:11:37 +0300
Subject: [PATCH] [ASM] - Parent Playbook Input Typo (#36450) (#36499)
* fix typo
* RN
* RN try 2
* Update Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_52.md
---------
Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Co-authored-by: israelpoli <72099621+israelpoli@users.noreply.github.com>
---
.../Playbooks/Cortex_ASM_-_ASM_Alert.yml | 6 +++---
.../Playbooks/Cortex_ASM_-_ASM_Alert_README.md | 4 ++--
Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_52.md | 6 ++++++
Packs/CortexAttackSurfaceManagement/pack_metadata.json | 2 +-
4 files changed, 12 insertions(+), 6 deletions(-)
create mode 100644 Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_52.md
diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert.yml b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert.yml
index 6633b85326e..78a7cbc25a7 100644
--- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert.yml
+++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert.yml
@@ -1966,7 +1966,7 @@ tasks:
right:
value:
complex:
- root: inputs.AcceptedRiskDs
+ root: inputs.AcceptedRiskIDs
iscontext: true
- operator: inList
left:
@@ -3517,7 +3517,7 @@ inputs:
Set to "True" if you want to bypass. Default is "False".
playbookInputQuery:
-- key: AcceptedRiskDs
+- key: AcceptedRiskIDs
value: {}
required: false
description: Comma-separated list of instance/VM IDs that are considered an accepted risk and that should be closed.
@@ -3560,7 +3560,7 @@ inputSections:
- RemediationNotificationSubject
- RemediationNotificationHTMLBody
- BypassDevCheck
- - AcceptedRiskDs
+ - AcceptedRiskIDs
- AcceptedRiskProjects
- AcceptedRiskOther
- JiraProjectKey
diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert_README.md b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert_README.md
index e1d1f3d08e6..13faa3e07d3 100644
--- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert_README.md
+++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert_README.md
@@ -44,8 +44,8 @@ This playbook does not use any integrations.
| RemediationNotificationSubject | Subject of the notification \(email or ticket\) sent to the service owner after remediation. | A new security risk was addressed on an external service owned by your team | Required |
| RemediationNotificationHTMLBody | Body of the notification \(email or ticket\) sent to the service owner after remediation. | <!DOCTYPE html>
<html lang="en">
<body>
<p>
Infosec identified a security risk on an external service potentially owned by your
team:<br><b>${alert.name}</b>
</p>
<p>
<b>Alert Details:</b> ${alert.details}<br>
<b>Action Taken:</b> ${alert.asmremediation.[0].action}<br>
<b>Action Outcome:</b> ${alert.asmremediation.[0].outcome}<br>
</p>
</body>
</html> | Required |
| BypassDevCheck | Determine whether to bypass the Dev Check in automated remediation criteria: https://docs-cortex.paloaltonetworks.com/r/Cortex-XPANSE/Cortex-Xpanse-Expander-User-Guide/Automated-Remediation-Capabilities-Matrix
Set to "True" if you want to bypass. Default is "False". | False | Optional |
-| AcceptedRiskDs | Comma-separated list of instance/VM IDs that are considered an accepted risk and that should be closed. | | Optional |
-| AcceptedRiskProjects | Comma-separated list of projects numbers that are considered an accepted risk and that should be closed. For example, a list of GCP projects and AWS accounts. | | Optional |
+| AcceptedRiskIDs | Comma-separated list of instance/VM IDs that are considered an accepted risk and that should be closed. | | Optional |
+| AcceptedRiskProjects | Comma-separated list of projects numbers that are considered an accepted risk and that should be closed. For example, a list of GCP projects, names of Azure Resource Groups, and AWS accounts. | | Optional |
| AcceptedRiskOther | Comma-separated list of other items that are considered an accepted risk and that should be closed. For example, a list of folders numbers in GCP and subscription IDs in Azure. | | Optional |
| JiraProjectKey | The Jira project key to associate with the issue. | | Required |
| AWSAssumeRoleName | If assuming roles for AWS, this is the name of the role to assume \(should be the same for all organizations\). | | Optional |
diff --git a/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_52.md b/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_52.md
new file mode 100644
index 00000000000..ce1e894ba73
--- /dev/null
+++ b/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_52.md
@@ -0,0 +1,6 @@
+
+#### Playbooks
+
+##### Cortex ASM - ASM Alert
+
+Fixed an issue with the spelling of a playbook input.
diff --git a/Packs/CortexAttackSurfaceManagement/pack_metadata.json b/Packs/CortexAttackSurfaceManagement/pack_metadata.json
index 445690fdd8d..b39fd695891 100644
--- a/Packs/CortexAttackSurfaceManagement/pack_metadata.json
+++ b/Packs/CortexAttackSurfaceManagement/pack_metadata.json
@@ -2,7 +2,7 @@
"name": "Cortex Attack Surface Management",
"description": "Content for working with Attack Surface Management (ASM).",
"support": "xsoar",
- "currentVersion": "1.7.51",
+ "currentVersion": "1.7.52",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",