diff --git a/Packs/FeedBambenekConsulting/.secrets-ignore b/Packs/FeedBambenekConsulting/.secrets-ignore index b319a38cd80b..bc752abfd3f8 100644 --- a/Packs/FeedBambenekConsulting/.secrets-ignore +++ b/Packs/FeedBambenekConsulting/.secrets-ignore @@ -25,3 +25,6 @@ e::Ba /feeds/dga/c2-masterlist.txt https://us-cert.cisa.gov https://osint.bambenekconsulting.com/feeds/ +sales@bambenekconsulting.com +23.82.12.29 +http://osint.bambenekconsulting.com diff --git a/Packs/FeedBambenekConsulting/Integrations/FeedBambenekConsulting/FeedBambenekConsulting.py b/Packs/FeedBambenekConsulting/Integrations/FeedBambenekConsulting/FeedBambenekConsulting.py index a315df206047..1599ff1588d2 100644 --- a/Packs/FeedBambenekConsulting/Integrations/FeedBambenekConsulting/FeedBambenekConsulting.py +++ b/Packs/FeedBambenekConsulting/Integrations/FeedBambenekConsulting/FeedBambenekConsulting.py @@ -1,153 +1,164 @@ from CommonServerPython import * name_to_url = { - 'C2 IP Feed': 'https://faf.bambenekconsulting.com/feeds/dga/c2-ipmasterlist.txt', - 'High-Confidence C2 IP Feed': 'http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist-high.txt', - 'C2 Domain Feed': 'https://faf.bambenekconsulting.com/feeds/dga/c2-dommasterlist.txt', - 'High-Confidence C2 Domain Feed': 'http://osint.bambenekconsulting.com/feeds/c2-dommasterlist-high.txt', - 'DGA Domain Feed': 'https://faf.bambenekconsulting.com/feeds/dga-feed.gz', - 'High-Confidence DGA Domain Feed': 'https://faf.bambenekconsulting.com/feeds/dga-feed-high.gz', - 'C2 All Indicator Feed': 'https://faf.bambenekconsulting.com/feeds/dga/c2-masterlist.txt', - 'High-Confidence C2 All Indicator Feed': 'https://faf.bambenekconsulting.com/feeds/dga/c2-masterlist-high.txt', - 'Sinkhole Feed': 'https://faf.bambenekconsulting.com/feeds/sinkhole/latest.csv' + "C2 IP Feed": "https://faf.bambenekconsulting.com/feeds/dga/c2-ipmasterlist.txt", + "High-Confidence C2 IP Feed": "http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist-high.txt", + "C2 Domain Feed": "https://faf.bambenekconsulting.com/feeds/dga/c2-dommasterlist.txt", + "High-Confidence C2 Domain Feed": "http://osint.bambenekconsulting.com/feeds/c2-dommasterlist-high.txt", + "DGA Domain Feed": "https://faf.bambenekconsulting.com/feeds/dga-feed.gz", + "High-Confidence DGA Domain Feed": "https://faf.bambenekconsulting.com/feeds/dga-feed-high.gz", + "C2 All Indicator Feed": "https://faf.bambenekconsulting.com/feeds/dga/c2-masterlist.txt", + "High-Confidence C2 All Indicator Feed": "https://faf.bambenekconsulting.com/feeds/dga/c2-masterlist-high.txt", + "Sinkhole Feed": "https://faf.bambenekconsulting.com/feeds/sinkhole/latest.csv", + "Malware Domains Feed": "https://faf.bambenekconsulting.com/feeds/maldomainml/malware-master.txt", + "Phishing Domains Feed": "https://faf.bambenekconsulting.com/feeds/maldomainml/phishing-master.txt", } def main(): feed_url_to_config = { - 'https://faf.bambenekconsulting.com/feeds/dga/c2-ipmasterlist.txt': { - 'fieldnames': ['value', 'description', - 'date_created', - 'info'], - 'indicator_type': FeedIndicatorType.IP, - 'relationship_name': EntityRelationship.Relationships.INDICATOR_OF, - 'relationship_entity_b_type': 'STIX Malware', - 'mapping': { - 'description': 'description', - 'malwarefamily': ('description', r'.*used\s+by\s(.*?)\s', None), - 'relationship_entity_b': ('description', r'.*used\s+by\s(.*?)\s', None), - } + "https://faf.bambenekconsulting.com/feeds/dga/c2-ipmasterlist.txt": { + "fieldnames": ["value", "description", "date_created", "info"], + "indicator_type": FeedIndicatorType.IP, + "relationship_name": EntityRelationship.Relationships.INDICATOR_OF, + "relationship_entity_b_type": "STIX Malware", + "mapping": { + "description": "description", + "malwarefamily": ("description", r".*used\s+by\s(.*?)\s", None), + "relationship_entity_b": ("description", r".*used\s+by\s(.*?)\s", None), + }, }, - - 'https://faf.bambenekconsulting.com/feeds/dga/c2-dommasterlist.txt': { - 'fieldnames': ['value', 'description', - 'date_created', - 'info'], - 'indicator_type': FeedIndicatorType.Domain, - 'relationship_name': EntityRelationship.Relationships.INDICATOR_OF, - 'relationship_entity_b_type': 'STIX Malware', - 'mapping': { - 'description': 'description', - 'malwarefamily': ('description', r'.*used\s+by\s(.*?)\s', None), - 'relationship_entity_b': ('description', r'.*used\s+by\s(.*?)$', None) - } + "https://faf.bambenekconsulting.com/feeds/dga/c2-dommasterlist.txt": { + "fieldnames": ["value", "description", "date_created", "info"], + "indicator_type": FeedIndicatorType.Domain, + "relationship_name": EntityRelationship.Relationships.INDICATOR_OF, + "relationship_entity_b_type": "STIX Malware", + "mapping": { + "description": "description", + "malwarefamily": ("description", r".*used\s+by\s(.*?)\s", None), + "relationship_entity_b": ("description", r".*used\s+by\s(.*?)$", None), + }, }, - 'http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist-high.txt': { - 'fieldnames': ['value', 'description', - 'date_created', - 'info'], - 'indicator_type': FeedIndicatorType.IP, - 'relationship_name': EntityRelationship.Relationships.INDICATOR_OF, - 'relationship_entity_b_type': 'STIX Malware', - 'mapping': { - 'description': 'description', - 'malwarefamily': ('description', r'.*used\s+by\s(.*?)\s', None), - 'relationship_entity_b': ('description', r'.*used\s+by\s(.*?)\s', None) - } + "http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist-high.txt": { + "fieldnames": ["value", "description", "date_created", "info"], + "indicator_type": FeedIndicatorType.IP, + "relationship_name": EntityRelationship.Relationships.INDICATOR_OF, + "relationship_entity_b_type": "STIX Malware", + "mapping": { + "description": "description", + "malwarefamily": ("description", r".*used\s+by\s(.*?)\s", None), + "relationship_entity_b": ("description", r".*used\s+by\s(.*?)\s", None), + }, }, - 'http://osint.bambenekconsulting.com/feeds/c2-dommasterlist-high.txt': { - 'fieldnames': ['value', 'description', - 'date_created', - 'info'], - 'indicator_type': FeedIndicatorType.Domain, - 'relationship_name': EntityRelationship.Relationships.INDICATOR_OF, - 'relationship_entity_b_type': 'STIX Malware', - 'mapping': { - 'description': 'description', - 'malwarefamily': ('description', r'.*used\s+by\s(.*?)\s', None), - 'relationship_entity_b': ('description', r'.*used\s+by\s(.*?)\s', None), - - } + "http://osint.bambenekconsulting.com/feeds/c2-dommasterlist-high.txt": { + "fieldnames": ["value", "description", "date_created", "info"], + "indicator_type": FeedIndicatorType.Domain, + "relationship_name": EntityRelationship.Relationships.INDICATOR_OF, + "relationship_entity_b_type": "STIX Malware", + "mapping": { + "description": "description", + "malwarefamily": ("description", r".*used\s+by\s(.*?)\s", None), + "relationship_entity_b": ("description", r".*used\s+by\s(.*?)\s", None), + }, }, - 'https://faf.bambenekconsulting.com/feeds/dga-feed.gz': { - 'fieldnames': ['value', 'description', - 'date_created', - 'info'], - 'indicator_type': FeedIndicatorType.Domain, - 'relationship_name': EntityRelationship.Relationships.INDICATOR_OF, - 'relationship_entity_b_type': 'STIX Malware', - 'mapping': { - 'description': 'description', - 'malwarefamily': ('description', r'.*used\s+by\s(.*?)(\(|DGA)', None), - 'relationship_entity_b': ('description', r'.*used\s+by\s(.*?)(\(|DGA)', None), + "https://faf.bambenekconsulting.com/feeds/dga-feed.gz": { + "fieldnames": ["value", "description", "date_created", "info"], + "indicator_type": FeedIndicatorType.Domain, + "relationship_name": EntityRelationship.Relationships.INDICATOR_OF, + "relationship_entity_b_type": "STIX Malware", + "mapping": { + "description": "description", + "malwarefamily": ("description", r".*used\s+by\s(.*?)(\(|DGA)", None), + "relationship_entity_b": ( + "description", + r".*used\s+by\s(.*?)(\(|DGA)", + None, + ), }, - 'is_zipped_file': True + "is_zipped_file": True, }, - 'https://faf.bambenekconsulting.com/feeds/dga-feed-high.gz': { - 'fieldnames': ['value', 'description', - 'date_created', - 'info'], - 'indicator_type': FeedIndicatorType.Domain, - 'relationship_name': EntityRelationship.Relationships.INDICATOR_OF, - 'relationship_entity_b_type': 'STIX Malware', - 'mapping': { - 'description': 'description', - 'malwarefamily': ('description', r'.*used\s+by\s(.*?)\s', None), - 'relationship_entity_b': ('description', r'.*used\s+by\s(.*?)\s', None) + "https://faf.bambenekconsulting.com/feeds/dga-feed-high.gz": { + "fieldnames": ["value", "description", "date_created", "info"], + "indicator_type": FeedIndicatorType.Domain, + "relationship_name": EntityRelationship.Relationships.INDICATOR_OF, + "relationship_entity_b_type": "STIX Malware", + "mapping": { + "description": "description", + "malwarefamily": ("description", r".*used\s+by\s(.*?)\s", None), + "relationship_entity_b": ("description", r".*used\s+by\s(.*?)\s", None), }, - 'is_zipped_file': True + "is_zipped_file": True, }, - 'https://faf.bambenekconsulting.com/feeds/dga/c2-masterlist.txt': { - 'fieldnames': ['value', - 'ip', - 'nsname', - 'nsip', - 'description', - 'info'], - 'indicator_type': FeedIndicatorType.Domain, - 'relationship_entity_b_type': FeedIndicatorType.IP, - 'relationship_name': EntityRelationship.Relationships.RESOLVED_FROM, - 'mapping': { - 'ipaddress': 'ip', - 'relationship_entity_b': 'ip' - } + "https://faf.bambenekconsulting.com/feeds/dga/c2-masterlist.txt": { + "fieldnames": ["value", "ip", "nsname", "nsip", "description", "info"], + "indicator_type": FeedIndicatorType.Domain, + "relationship_entity_b_type": FeedIndicatorType.IP, + "relationship_name": EntityRelationship.Relationships.RESOLVED_FROM, + "mapping": {"ipaddress": "ip", "relationship_entity_b": "ip"}, }, - 'https://faf.bambenekconsulting.com/feeds/dga/c2-masterlist-high.txt': { - 'fieldnames': ['value', - 'ip', - 'nsname', - 'nsip', - 'description', - 'info'], - 'indicator_type': FeedIndicatorType.Domain, - 'relationship_name': EntityRelationship.Relationships.RESOLVED_FROM, - 'relationship_entity_b_type': FeedIndicatorType.IP, - 'mapping': { - 'ipaddress': 'ip', - 'relationship_entity_b': 'ip' - } + "https://faf.bambenekconsulting.com/feeds/dga/c2-masterlist-high.txt": { + "fieldnames": ["value", "ip", "nsname", "nsip", "description", "info"], + "indicator_type": FeedIndicatorType.Domain, + "relationship_name": EntityRelationship.Relationships.RESOLVED_FROM, + "relationship_entity_b_type": FeedIndicatorType.IP, + "mapping": {"ipaddress": "ip", "relationship_entity_b": "ip"}, + }, + "https://faf.bambenekconsulting.com/feeds/sinkhole/latest.csv": { + "fieldnames": ["value", "owner"], + "indicator_type": FeedIndicatorType.IP, + "mapping": {"description": ("owner", None, "Sinkholed by {}")}, + }, + "https://faf.bambenekconsulting.com/feeds/maldomainml/malware-master.txt": { + "fieldnames": [ + "hostname", + "registered_domain", + "ipv4 address", + "asn", + "netblock", + "description", + ], + "indicator_type": FeedIndicatorType.Domain, + "relationship_name": EntityRelationship.Relationships.INDICATOR_OF, + "relationship_entity_b_type": "STIX Malware", + "mapping": { + "description": "description", + "ipaddress": "ipv4 address", + "malwarefamily": ("description", r".*used\s+by\s(.*?)\s", None), + "relationship_entity_b": ("description", r".*used\s+by\s(.*?)$", None), + }, + }, + "https://faf.bambenekconsulting.com/feeds/maldomainml/phishing-master.txt": { + "fieldnames": [ + "hostname", + "registered_domain", + "ipv4 address", + "asn", + "netblock", + "description", + ], + "indicator_type": FeedIndicatorType.Domain, + "relationship_name": EntityRelationship.Relationships.INDICATOR_OF, + "relationship_entity_b_type": "STIX Malware", + "mapping": { + "description": "description", + "ipaddress": "ipv4 address", + "malwarefamily": ("description", r".*used\s+by\s(.*?)\s", None), + "relationship_entity_b": ("description", r".*used\s+by\s(.*?)$", None), + }, }, - 'https://faf.bambenekconsulting.com/feeds/sinkhole/latest.csv': { - 'fieldnames': ['value', - 'owner'], - 'indicator_type': FeedIndicatorType.IP, - 'mapping': { - 'description': ('owner', None, 'Sinkholed by {}') - } - } } params = {k: v for k, v in demisto.params().items() if v is not None} - params['url'] = [name_to_url.get(url) for url in argToList(params.get('url'))] - params['feed_url_to_config'] = feed_url_to_config - params['ignore_regex'] = r'^#' - params['delimiter'] = ',' + params["url"] = [name_to_url.get(url) for url in argToList(params.get("url"))] + params["feed_url_to_config"] = feed_url_to_config + params["ignore_regex"] = r"^#" + params["delimiter"] = "," # Main execution of the CSV API Module. # This function allows to add to or override this execution. - feed_main('Bambenek Consulting Feed', params, 'bambenek') + feed_main("Bambenek Consulting Feed", params, "bambenek") from CSVFeedApiModule import * # noqa: E402 -if __name__ in ('__builtin__', 'builtins', '__main__'): +if __name__ in ("__builtin__", "builtins", "__main__"): main() diff --git a/Packs/FeedBambenekConsulting/Integrations/FeedBambenekConsulting/FeedBambenekConsulting.yml b/Packs/FeedBambenekConsulting/Integrations/FeedBambenekConsulting/FeedBambenekConsulting.yml index 0ac5ecf7a04f..959b393aa707 100644 --- a/Packs/FeedBambenekConsulting/Integrations/FeedBambenekConsulting/FeedBambenekConsulting.yml +++ b/Packs/FeedBambenekConsulting/Integrations/FeedBambenekConsulting/FeedBambenekConsulting.yml @@ -92,6 +92,8 @@ configuration: - DGA Domain Feed - High-Confidence DGA Domain Feed - Sinkhole Feed + - Malware Domains Feed + - Phishing Domains Feed required: true type: 16 - display: Username @@ -123,7 +125,7 @@ script: name: indicator_type description: Gets the feed indicators. name: bambenek-get-indicators - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 feed: true runonce: false script: '-' diff --git a/Packs/FeedBambenekConsulting/Integrations/FeedBambenekConsulting/FeedBambenekConsulting_test.py b/Packs/FeedBambenekConsulting/Integrations/FeedBambenekConsulting/FeedBambenekConsulting_test.py new file mode 100644 index 000000000000..1501df5bf846 --- /dev/null +++ b/Packs/FeedBambenekConsulting/Integrations/FeedBambenekConsulting/FeedBambenekConsulting_test.py @@ -0,0 +1,86 @@ +import demistomock as demisto +from unittest.mock import MagicMock + +import csv +from io import StringIO + +data = { + "value": "23.82.12.29", + "description": "IP used by beebone C&C", + "date_created": "2023-12-18 08:06", + "info": "http://osint.bambenekconsulting.com/manual/beebone.txt", +} + +# Convert the dictionary to a CSV string +csv_string = StringIO() +csv_writer = csv.DictWriter(csv_string, fieldnames=data.keys()) +csv_writer.writeheader() +csv_writer.writerow(data) +csv_data = csv_string.getvalue() +csv_string.close() + +# Convert the CSV string to a csv.DictReader object +csv_stringio = StringIO(csv_data) +csv_reader = csv.DictReader(csv_stringio) + + +def test_fetch_indicators_main(mocker): + """ + Given + - indicators response from bambenek consulting feed + + When + - Running main flow for fetching indicators command + + Then + - Ensure that all indicators values exist and are not 'None' + """ + from FeedBambenekConsulting import main + + mocker.patch.object( + demisto, + "params", + return_value={ + "feed": True, + "feedBypassExclusionList": False, + "feedExpirationInterval": "20160", + "feedExpirationPolicy": "suddenDeath", + "feedFetchInterval": 1, + "feedReliability": "A - Completely reliable", + "feedReputation": "None", + "feedTags": None, + "insecure": True, + "proxy": False, + "tlp_color": None, + "url": "https://faf.bambenekconsulting.com/", + }, + ) + mocker.patch.object(demisto, "command", return_value="fetch-indicators") + create_indicators_mocker = mocker.patch.object(demisto, "createIndicators") + API_CLIENT_MOCK = MagicMock() + API_CLIENT_MOCK.build_iterator.return_value = [ + { + "https://faf.bambenekconsulting.com/feeds/dga/c2-ipmasterlist.txt": { + "result": csv_reader, + "no_update": False, + } + } + ] + mocker.patch("CSVFeedApiModule.Client", return_value=API_CLIENT_MOCK) + main() + assert ( + create_indicators_mocker.call_args.args[0][0]["rawJSON"]["value"] + == "23.82.12.29" + ) + assert ( + create_indicators_mocker.call_args.args[0][0]["rawJSON"]["description"] + == "IP used by beebone C&C" + ) + assert ( + create_indicators_mocker.call_args.args[0][0]["rawJSON"]["date_created"] + == "2023-12-18 08:06" + ) + assert ( + create_indicators_mocker.call_args.args[0][0]["rawJSON"]["info"] + == "http://osint.bambenekconsulting.com/manual/beebone.txt" + ) diff --git a/Packs/FeedBambenekConsulting/Integrations/FeedBambenekConsulting/README.md b/Packs/FeedBambenekConsulting/Integrations/FeedBambenekConsulting/README.md index bc45b0681220..542c51ff9cbe 100644 --- a/Packs/FeedBambenekConsulting/Integrations/FeedBambenekConsulting/README.md +++ b/Packs/FeedBambenekConsulting/Integrations/FeedBambenekConsulting/README.md @@ -1,10 +1,12 @@ ## Overview + --- Use the Bambenek Consulting feed integration to fetch indicators from the feed. ## Configure Bambenek Consulting Feed on Cortex XSOAR + --- 1. Navigate to __Settings__ > __Integrations__ > __Servers & Services__. @@ -18,16 +20,18 @@ Use the Bambenek Consulting feed integration to fetch indicators from the feed. * High-Confidence C2 Domain Feed - Master Feed of known, active, and non-sinkholed C&Cs domain names (high-confidence only). * C2 All Indicator Feed - Master list feed of all current C&C domains using DGAs. * High-Confidence C2 All Indicator Feed - Master list feed of all current C&C domains using DGAs (high-confidence only). - * DGA Domain Feed - Domain feed of known DGA domains from -2 to +3 days. - * High-Confidence DGA Domain Feed - Domain feed of known DGA domains from -2 to +3 days (high-confidence only). - * Sinkhole Feed - Manually curated list of IPs known to be sinkholes, provided by Bambenek Consulting. Sinkholing is a technique where security researchers or security companies take over network infrastructure used by malware. - * **Username + Password** - Credentials to access services that require basic authentication. + * DGA Domain Feed - A self-curating feed that monitors malicious networks to observe current criminal activity. All domains are actionable. Live data of between 750 and 1,500 domains. which are used by 65 malware families and nearly 1 million domains. Limited to current relevance. + * High-Confidence DGA Domain Feed - A self-curating feed that monitors malicious networks to observe current criminal activity. All domains are actionable. Live data of between 750 and 1,500 domains. which are used by 65 malware families and nearly 1 million domains. Limited to current relevance. High-confidence data, extremely low false-positives. + * Sinkhole Feed - A manually-curated list of over 1,500 known sinkholes. The feed is used to capture traffic headed toward criminal destinations. Catch traffic headed toward them, and you know you have an infected machine. + * Malware Domains Feed - A feed based on machine learning and analytic methods of DNS telemetry developed in Bambenek Labs. Identifies malware hostnames used primarily for criminal purposes. Data is extremely safe to use to proactively protect networks. + * Phishing Domains Feed - A feed based on machine learning and analytic methods of DNS telemetry developed in Bambenek Labs. Identifies phishing hostnames used primarily for criminal purposes. Data is extremely safe to use to proactively protect networks. + * __Username + Password__ - Credentials to access services that require basic authentication. These fields also support the use of API key headers. To use API key headers, specify the header name and value in the following format: - `_header:` in the **Username** field and the header value in the **Password** field. + `_header:` in the __Username__ field and the header value in the __Password__ field. * __Fetch indicators__: boolean flag. If set to true will fetch indicators. * __Fetch Interval__: Interval of the fetches. * __Reliability__: Reliability of the feed. - * __Traffic Light Protocol color__: The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. More information about the protocol can be found at https://us-cert.cisa.gov/tlp + * __Traffic Light Protocol color__: The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. More information about the protocol can be found at * __Skip Exclusion List__: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system. @@ -36,21 +40,6 @@ Use the Bambenek Consulting feed integration to fetch indicators from the feed. * __Request Timeout__: Timeout of the polling request in seconds. 4. Click __Test__ to validate the URLs, token, and connection. -## Troubleshooting ---- -Bambenek Consulting has two license types: Commercial and Non-Commercial, each of which have specific feeds available. - -List of commercial feeds: -* DGA Domain Feed -* High-Confidence DGA Domain Feed -* C2 All Indicator Feed -* High-Confidence C2 All Indicator Feed -* Sinkhole Feed - -List of non-commercial feeds: -* C2 IP Feed -* High-Confidence C2 IP Feed -* C2 Domain Feed -* High-Confidence C2 Domain Feed - -For more information visit [Bambenek Consulting Feeds](https://osint.bambenekconsulting.com/feeds/) +## Gain Access + +Get a quote and subscribe: sales@bambenekconsulting.com \ No newline at end of file diff --git a/Packs/FeedBambenekConsulting/ReleaseNotes/1_2_0.md b/Packs/FeedBambenekConsulting/ReleaseNotes/1_2_0.md new file mode 100644 index 000000000000..83fb80de9887 --- /dev/null +++ b/Packs/FeedBambenekConsulting/ReleaseNotes/1_2_0.md @@ -0,0 +1,8 @@ + +#### Integrations + +##### Bambenek Consulting Feed + +- Added support for **Malware Domains** Feed. +- Added support for **Phishing Domains** Feed. +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/FeedBambenekConsulting/TestPlaybooks/playbook-FeedBambenekConsulting.yml b/Packs/FeedBambenekConsulting/TestPlaybooks/playbook-FeedBambenekConsulting.yml index e19e72eda19e..0ecc56821d8f 100644 --- a/Packs/FeedBambenekConsulting/TestPlaybooks/playbook-FeedBambenekConsulting.yml +++ b/Packs/FeedBambenekConsulting/TestPlaybooks/playbook-FeedBambenekConsulting.yml @@ -15,6 +15,7 @@ tasks: name: "" iscommand: false brand: "" + description: '' nexttasks: '#none#': - "4" @@ -188,3 +189,4 @@ inputs: [] outputs: [] sourceplaybookid: BambenekConsultingFeed_Test fromversion: 5.5.0 +description: '' diff --git a/Packs/FeedBambenekConsulting/pack_metadata.json b/Packs/FeedBambenekConsulting/pack_metadata.json index d0fd33e68325..53dbafb288c7 100644 --- a/Packs/FeedBambenekConsulting/pack_metadata.json +++ b/Packs/FeedBambenekConsulting/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Bambenek Consulting Feed", "description": "Indicators feed from Bambenek Consulting", "support": "xsoar", - "currentVersion": "1.1.27", + "currentVersion": "1.2.0", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",