Merge branch 'demisto:master' into PANW-Enterprise-DLP-Regions

.github/content_roles.json

@@ -6,15 +6,15 @@
         "TIM_REVIEWER": "The GitHub username for TIM reviews owner"
     },
     "CONTRIBUTION_REVIEWERS": [
-        "adi88d",
-        "israelpoli",
-        "rshunim"
+        "tcarmeli1",
+        "yaakovpraisler",
+        "aaron1535"
     ],
-    "CONTRIBUTION_TL": "thefrieddan1",
+    "CONTRIBUTION_TL": "jbabazadeh",
     "CONTRIBUTION_SECURITY_REVIEWER": ["tomer-pan"],
     "ON_CALL_DEVS": [
-        "skidorball",
-        "ipolishuk"
+        "sshuker",
+        "yhayun"
     ],
     "DOC_REVIEWER": "ShirleyDenkberg",
     "TIM_REVIEWER": "MLainer1"

.github/github_workflow_scripts/skip_conditions.py

@@ -1,5 +1,5 @@
 from abc import ABC, abstractmethod
-from datetime import datetime, timedelta
+from datetime import datetime, timedelta, timezone
 from enum import Enum
 from pathlib import Path
 from demisto_sdk.commands.common.tools import get_pack_names_from_files
@@ -261,7 +261,7 @@ def _check(
         Returns(ConditionResult): whether the condition check pass,
             or we should skip this pr from auto-bumping its release notes, with the reason why to skip.
         """
-        if self.pr.updated_at and self.pr.updated_at < datetime.now() - timedelta(
+        if self.pr.updated_at and self.pr.updated_at < datetime.now(timezone.utc) - timedelta(
             days=self.LAST_SUITABLE_UPDATE_TIME_DAYS
         ):
             return ConditionResult(

Packs/AgariPhishingDefense/.pack-ignore

@@ -16,3 +16,6 @@ ignore=BA101
 [known_words]
 agari
 
+[file:playbook-Agari_Message_Remediation_-_Agari_Phishing_Defense.yml]
+ignore=GR107
+

Packs/AnsibleAlibabaCloud/Integrations/AnsibleAlibabaCloud/AnsibleAlibabaCloud.yml

@@ -158,7 +158,7 @@ script:
     - contextPath: AlibabaCloud.AliInstanceInfo.ids
       description: List of ECS instance IDs
       type: unknown
-  dockerimage: demisto/ansible-runner:1.0.0.89756
+  dockerimage: demisto/ansible-runner:1.0.0.112234
   script: ''
   subtype: python3
   type: python

Packs/AnsibleAzure/Integrations/AnsibleAzure/AnsibleAzure.yml

@@ -2607,7 +2607,7 @@ script:
     - contextPath: Azure.AzureRmDnszoneInfo.dnszones
       description: List of zone dicts, which share the same layout as azure_rm_dnszone module parameter.
       type: unknown
-  dockerimage: demisto/ansible-runner:1.0.0.105371
+  dockerimage: demisto/ansible-runner:1.0.0.112234
   script: ''
   subtype: python3
   type: python

Packs/AnsibleCiscoIOS/Integrations/AnsibleCiscoIOS/AnsibleCiscoIOS.yml

@@ -922,7 +922,7 @@ script:
     - contextPath: CiscoIOS.IosVrf.delta
       description: The time elapsed to perform all operations.
       type: string
-  dockerimage: demisto/ansible-runner:1.0.0.96928
+  dockerimage: demisto/ansible-runner:1.0.0.112234
   script: ''
   subtype: python3
   type: python

Packs/AnsibleCiscoNXOS/Integrations/AnsibleCiscoNXOS/AnsibleCiscoNXOS.yml

@@ -3199,7 +3199,7 @@ script:
     - contextPath: CiscoNXOS.NxosVxlanVtepVni.commands
       description: commands sent to the device
       type: unknown
-  dockerimage: demisto/ansible-runner:1.0.0.89756
+  dockerimage: demisto/ansible-runner:1.0.0.112234
   script: ''
   subtype: python3
   type: python

Packs/AnsibleHetznerCloud/Integrations/AnsibleHCloud/AnsibleHCloud.yml

@@ -384,7 +384,7 @@ script:
     - contextPath: HCloud.HcloudVolumeInfo.hcloud_volume_info
       description: The volume infos as list
       type: unknown
-  dockerimage: demisto/ansible-runner:1.0.0.89756
+  dockerimage: demisto/ansible-runner:1.0.0.112234
   script: ''
   subtype: python3
   type: python

Packs/AnsibleKubernetes/Integrations/AnsibleKubernetes/AnsibleKubernetes.yml

@@ -202,7 +202,7 @@ script:
     - contextPath: Kubernetes.K8sService.result
       description: The created, patched, or otherwise present Service object. Will be empty in the case of a deletion.
       type: unknown
-  dockerimage: demisto/ansible-runner:1.0.0.89756
+  dockerimage: demisto/ansible-runner:1.0.0.112234
   script: ''
   subtype: python3
   type: python

Packs/AnsibleLinux/Integrations/AnsibleACME/AnsibleACME.yml

@@ -468,7 +468,7 @@ script:
     - contextPath: ACME.AcmeInspect.output_json
       description: The output parsed as JSON
       type: unknown
-  dockerimage: demisto/ansible-runner:1.0.0.89756
+  dockerimage: demisto/ansible-runner:1.0.0.112234
   script: ''
   subtype: python3
   type: python

Packs/AnsibleLinux/Integrations/AnsibleDNS/AnsibleDNS.yml

@@ -97,7 +97,7 @@ script:
     - contextPath: DNS.Nsupdate.dns_rc_str
       description: dnspython return code (string representation)
       type: string
-  dockerimage: demisto/ansible-runner:1.0.0.89756
+  dockerimage: demisto/ansible-runner:1.0.0.112234
   script: ''
   subtype: python3
   type: python

Packs/AnsibleLinux/Integrations/AnsibleLinux/AnsibleLinux.yml

@@ -5447,7 +5447,7 @@ script:
     - contextPath: Linux.GetUrl.url
       description: the actual URL used for the request
       type: string
-  dockerimage: demisto/ansible-runner:1.0.0.89756
+  dockerimage: demisto/ansible-runner:1.0.0.112234
   script: ''
   subtype: python3
   type: python

Packs/AnsibleLinux/Integrations/AnsibleOpenSSL/AnsibleOpenSSL.yml

@@ -1183,7 +1183,7 @@ script:
     - contextPath: OpenSSL.GetCertificate.version
       description: The version number of the certificate
       type: string
-  dockerimage: demisto/ansible-runner:1.0.0.89756
+  dockerimage: demisto/ansible-runner:1.0.0.112234
   script: ''
   subtype: python3
   type: python

Packs/AnsibleMicrosoftWindows/Integrations/AnsibleMicrosoftWindows/AnsibleMicrosoftWindows.yml

@@ -4534,7 +4534,7 @@ script:
     - contextPath: MicrosoftWindows.WinXml.err
       description: XML comparison exceptions.
       type: unknown
-  dockerimage: demisto/ansible-runner:1.0.0.89756
+  dockerimage: demisto/ansible-runner:1.0.0.112234
   script: ''
   subtype: python3
   type: python

Packs/AnsibleVMware/Integrations/AnsibleVMware/AnsibleVMware.yml

@@ -3333,7 +3333,7 @@ script:
     - contextPath: VMware.VcenterLicense.licenses
       description: list of license keys after module executed
       type: unknown
-  dockerimage: demisto/ansible-runner:1.0.0.89756
+  dockerimage: demisto/ansible-runner:1.0.0.112234
   script: ''
   subtype: python3
   type: python

Packs/ApiModules/Scripts/CSVFeedApiModule/CSVFeedApiModule.py

@@ -350,7 +350,7 @@ def create_fields_mapping(raw_json: Dict[str, Any], mapping: Dict[str, Union[Tup
 
 
 def fetch_indicators_command(client: Client, default_indicator_type: str, auto_detect: Optional[bool], limit: int = 0,
-                             create_relationships: bool = False, **kwargs):
+                             create_relationships: bool = False, enrichment_excluded: bool = False, **kwargs):
     iterator = client.build_iterator(**kwargs)
     relationships_of_indicator = []
     indicators = []
@@ -400,6 +400,9 @@ def fetch_indicators_command(client: Client, default_indicator_type: str, auto_d
                     if client.tlp_color:
                         indicator['fields']['trafficlightprotocol'] = client.tlp_color
 
+                    if enrichment_excluded:
+                        indicator['enrichmentExcluded'] = enrichment_excluded
+
                     indicators.append(indicator)
                     # exit the loop if we have more indicators than the limit
                     if limit and len(indicators) >= limit:
@@ -418,7 +421,8 @@ def get_indicators_command(client, args: dict, tags: Optional[List[str]] = None)
         raise ValueError('The limit argument must be a number.')
     auto_detect = demisto.params().get('auto_detect_type')
     relationships = demisto.params().get('create_relationships', False)
-    indicators_list, _ = fetch_indicators_command(client, itype, auto_detect, limit, relationships)
+    enrichment_excluded = demisto.params().get('enrichmentExcluded', False)
+    indicators_list, _ = fetch_indicators_command(client, itype, auto_detect, limit, relationships, enrichment_excluded)
     entry_result = indicators_list[:limit]
     hr = tableToMarkdown('Indicators', entry_result, headers=['value', 'type', 'fields'])
     return hr, {}, indicators_list
@@ -446,7 +450,8 @@ def feed_main(feed_name, params=None, prefix=''):   # pragma: no cover
                 params.get('indicator_type'),
                 params.get('auto_detect_type'),
                 params.get('limit'),
-                params.get('create_relationships')
+                params.get('create_relationships'),
+                params.get('enrichmentExcluded', False),
             )
 
             # check if the version is higher than 6.5.0 so we can use noUpdate parameter

Packs/ApiModules/Scripts/CSVFeedApiModule/CSVFeedApiModule_test.py

@@ -323,6 +323,56 @@ def test_get_indicators_with_relations():
         assert indicators == expected_res
 
 
+def test_fetch_indicators_with_enrichment_excluded(requests_mock):
+    """
+    Given:
+    - Raw json of the csv row extracted
+
+    When:
+    - Fetching indicators from csv rows
+    - enrichment_excluded param is set to True
+
+    Then:
+    - Validate the returned list of indicators have enrichment exclusion set.
+    """
+
+    feed_url_to_config = {
+        'https://ipstack.com': {
+            'fieldnames': ['value', 'a'],
+            'indicator_type': 'IP',
+            'relationship_entity_b_type': 'IP',
+            'relationship_name': 'resolved-from',
+            'mapping': {
+                'AAA': 'a',
+                'relationship_entity_b': ('a', r'.*used\s+by\s(.*?)\s', None),
+            }
+        }
+    }
+    expected_res = ([{'value': 'test.com', 'type': 'IP',
+                      'rawJSON': {'value': 'test.com', 'a': 'Domain used by Test c&c',
+                                  None: ['2021-04-22 06:03',
+                                         'https://test.com/manual/test-iplist.txt'],
+                                  'type': 'IP'},
+                      'fields': {'AAA': 'Domain used by Test c&c', 'relationship_entity_b': 'Test',
+                                 'tags': []},
+                      'relationships': [],
+                      'enrichmentExcluded': True,
+                      }],
+                    True)
+
+    ip_ranges = 'test.com,Domain used by Test c&c,2021-04-22 06:03,https://test.com/manual/test-iplist.txt'
+
+    itype = 'IP'
+    requests_mock.get('https://ipstack.com', content=ip_ranges.encode('utf8'))
+    client = Client(
+        url="https://ipstack.com",
+        feed_url_to_config=feed_url_to_config
+    )
+    indicators = fetch_indicators_command(client, default_indicator_type=itype, auto_detect=False,
+                                          limit=35, create_relationships=False, enrichment_excluded=True)
+    assert indicators == expected_res
+
+
 def test_get_indicators_without_relations():
     """
     Given: