From 26983da8ad1bbce5a79ce3ddc4c2cd4cdba39e55 Mon Sep 17 00:00:00 2001
From: content-bot <55035720+content-bot@users.noreply.github.com>
Date: Wed, 25 Sep 2024 17:11:37 +0300
Subject: [PATCH] [ASM] - Parent Playbook Input Typo (#36450) (#36499)

* fix typo

* RN

* RN try 2

* Update Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_52.md



---------

Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Co-authored-by: israelpoli <72099621+israelpoli@users.noreply.github.com>
---
 .../Playbooks/Cortex_ASM_-_ASM_Alert.yml                    | 6 +++---
 .../Playbooks/Cortex_ASM_-_ASM_Alert_README.md              | 4 ++--
 Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_52.md  | 6 ++++++
 Packs/CortexAttackSurfaceManagement/pack_metadata.json      | 2 +-
 4 files changed, 12 insertions(+), 6 deletions(-)
 create mode 100644 Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_52.md

diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert.yml b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert.yml
index 6633b85326e..78a7cbc25a7 100644
--- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert.yml
+++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert.yml
@@ -1966,7 +1966,7 @@ tasks:
           right:
             value:
               complex:
-                root: inputs.AcceptedRiskDs
+                root: inputs.AcceptedRiskIDs
             iscontext: true
         - operator: inList
           left:
@@ -3517,7 +3517,7 @@ inputs:
 
     Set to "True" if you want to bypass.  Default is "False".
   playbookInputQuery:
-- key: AcceptedRiskDs
+- key: AcceptedRiskIDs
   value: {}
   required: false
   description: Comma-separated list of instance/VM IDs that are considered an accepted risk and that should be closed.
@@ -3560,7 +3560,7 @@ inputSections:
   - RemediationNotificationSubject
   - RemediationNotificationHTMLBody
   - BypassDevCheck
-  - AcceptedRiskDs
+  - AcceptedRiskIDs
   - AcceptedRiskProjects
   - AcceptedRiskOther
   - JiraProjectKey
diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert_README.md b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert_README.md
index e1d1f3d08e6..13faa3e07d3 100644
--- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert_README.md
+++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_ASM_Alert_README.md
@@ -44,8 +44,8 @@ This playbook does not use any integrations.
 | RemediationNotificationSubject | Subject of the notification \(email or ticket\) sent to the service owner after remediation. | A new security risk was addressed on an external service owned by your team | Required |
 | RemediationNotificationHTMLBody | Body of the notification \(email or ticket\) sent to the service owner after remediation. | &lt;!DOCTYPE html&gt;<br/>&lt;html lang="en"&gt;<br/>&lt;body&gt;<br/>    &lt;p&gt;<br/>        Infosec identified a security risk on an external service potentially owned by your<br/>        team:&lt;br&gt;&lt;b&gt;${alert.name}&lt;/b&gt;<br/>    &lt;/p&gt;<br/>    &lt;p&gt;<br/>        &lt;b&gt;Alert Details:&lt;/b&gt; ${alert.details}&lt;br&gt;<br/>        &lt;b&gt;Action Taken:&lt;/b&gt; ${alert.asmremediation.[0].action}&lt;br&gt;<br/>        &lt;b&gt;Action Outcome:&lt;/b&gt; ${alert.asmremediation.[0].outcome}&lt;br&gt;<br/>    &lt;/p&gt;<br/>&lt;/body&gt;<br/>&lt;/html&gt; | Required |
 | BypassDevCheck | Determine whether to bypass the Dev Check in automated remediation criteria: https://docs-cortex.paloaltonetworks.com/r/Cortex-XPANSE/Cortex-Xpanse-Expander-User-Guide/Automated-Remediation-Capabilities-Matrix<br/><br/>Set to "True" if you want to bypass.  Default is "False". | False | Optional |
-| AcceptedRiskDs | Comma-separated list of instance/VM IDs that are considered an accepted risk and that should be closed. |  | Optional |
-| AcceptedRiskProjects | Comma-separated list of projects numbers that are considered an accepted risk and that should be closed.  For example, a list of GCP projects and AWS accounts. |  | Optional |
+| AcceptedRiskIDs | Comma-separated list of instance/VM IDs that are considered an accepted risk and that should be closed. |  | Optional |
+| AcceptedRiskProjects | Comma-separated list of projects numbers that are considered an accepted risk and that should be closed.  For example, a list of GCP projects, names of Azure Resource Groups, and AWS accounts. |  | Optional |
 | AcceptedRiskOther | Comma-separated list of other items that are considered an accepted risk and that should be closed. For example, a list of folders numbers in GCP and subscription IDs in Azure. |  | Optional |
 | JiraProjectKey | The Jira project key to associate with the issue. |  | Required |
 | AWSAssumeRoleName | If assuming roles for AWS, this is the name of the role to assume \(should be the same for all organizations\). |  | Optional |
diff --git a/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_52.md b/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_52.md
new file mode 100644
index 00000000000..ce1e894ba73
--- /dev/null
+++ b/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_52.md
@@ -0,0 +1,6 @@
+
+#### Playbooks
+
+##### Cortex ASM - ASM Alert
+
+Fixed an issue with the spelling of a playbook input.
diff --git a/Packs/CortexAttackSurfaceManagement/pack_metadata.json b/Packs/CortexAttackSurfaceManagement/pack_metadata.json
index 445690fdd8d..b39fd695891 100644
--- a/Packs/CortexAttackSurfaceManagement/pack_metadata.json
+++ b/Packs/CortexAttackSurfaceManagement/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Cortex Attack Surface Management",
     "description": "Content for working with Attack Surface Management (ASM).",
     "support": "xsoar",
-    "currentVersion": "1.7.51",
+    "currentVersion": "1.7.52",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",