diff --git a/Packs/soc-crowdstrike-falcon/pack_metadata.json b/Packs/soc-crowdstrike-falcon/pack_metadata.json index 2b5aca8..148ba43 100644 --- a/Packs/soc-crowdstrike-falcon/pack_metadata.json +++ b/Packs/soc-crowdstrike-falcon/pack_metadata.json @@ -3,7 +3,7 @@ "id": "soc-crowdstrike-falcon", "description": "This contains the content for XSIAM CrowdStrike Falcon. This includes layouts, playbooks and incident fields", "support": "xsoar", - "currentVersion": "1.0.36", + "currentVersion": "1.0.37", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/soc-crowdstrike-falcon/xsoar_config.json b/Packs/soc-crowdstrike-falcon/xsoar_config.json index 99b42cf..2e482e7 100644 --- a/Packs/soc-crowdstrike-falcon/xsoar_config.json +++ b/Packs/soc-crowdstrike-falcon/xsoar_config.json @@ -2,7 +2,7 @@ "custom_packs": [ { "id": "soc-crowdstrike-falcon.zip", - "url": "https://github.com/Palo-Cortex/secops-framework/releases/download/soc-crowdstrike-falcon-v1.0.36/soc-crowdstrike-falcon-v1.0.36.zip", + "url": "https://github.com/Palo-Cortex/secops-framework/releases/download/soc-crowdstrike-falcon-v1.0.37/soc-crowdstrike-falcon-v1.0.37.zip", "system": "yes" } ], diff --git a/Packs/soc-optimization-unified/README.md b/Packs/soc-optimization-unified/README.md index de41c69..14cb7f0 100644 --- a/Packs/soc-optimization-unified/README.md +++ b/Packs/soc-optimization-unified/README.md @@ -11,13 +11,13 @@ This repository outlines a scalable SOC optimization approach tailored for Palo --- ## 1. Enable Auto Triage -1. Read 👉 [Auto-Triage Usage](../../Documentation/Auto_Triage.md) To Understand How it Closes Cases +1. Read 👉 [Auto-Triage Usage](https://github.com/Palo-Cortex/soc-optimization/blob/main/Documentation/Documentation/Auto_Triage.md) To Understand How it Closes Cases 2. Investigation & Response → Automation → Jobs 3. Check Auto Triage 4. Click Enable Button -![Auto_Triage_Enable.png](../../docs/soc-optimization/Auto_Triage_Enable.png) +![Auto_Triage_Enable.png](https://github.com/Palo-Cortex/soc-optimization/tree/main/images/Auto_Triage_Enable.png) --- ## 2. Configure Automation Rules @@ -26,7 +26,7 @@ This repository outlines a scalable SOC optimization approach tailored for Palo 👉 [Learn more about Entry Point playbooks](https://github.com/Palo-Cortex/soc-optimization/blob/main/Documentation/EntryPoints.md) -![Default_Automation_Rules.png](../../docs/soc-optimization/Default_Automation_Rules.png) +![Default_Automation_Rules.png](https://github.com/Palo-Cortex/soc-optimization/tree/main/images/Default_Automation_Rules.png) - **EP_IR_NIST(800-61)** is the *Incident Response Catch-All*. - You can create more specific rules above this (e.g., Phishing based on MITRE Technique T1566). @@ -39,13 +39,13 @@ This repository outlines a scalable SOC optimization approach tailored for Palo - `Severity >= Medium` - `Has MITRE Tactic` -![Starring_NIST_IR.png](../../docs/soc-optimization/Starring_NIST_IR.png) +![Starring_NIST_IR.png](https://github.com/Palo-Cortex/soc-optimization/tree/main/images/Starring_NIST_IR.png) ## 4. XSIAM SOC Value Metric Dashboard ** Real-time metrics from PoV into production ** 1. Dashboards & Reports → Dashboard → XSIAM SOC Value Metrics 2. Select 7 Days (More realistic for SOC reporting) -![Value_Metrics.png](../../docs/soc-optimization/Value_Metrics.png) +![Value_Metrics.png](https://github.com/Palo-Cortex/soc-optimization/tree/main/images/Value_Metrics.png) *Tips:* - Alerts must fire playbooks and playbook tasks must run before this dash works. @@ -61,7 +61,7 @@ This repository outlines a scalable SOC optimization approach tailored for Palo - Incidents that are not marked with a star are automatically triaged using `JOB_-_Triage_Incidents.yml`. - Ensures that high-volume, low-risk alerts are handled without manual intervention. -👉 [Auto-Triage Usage](../../docs/soc-optimization/Auto_Triage.md) — Automatically closes non-priority incidents to reduce alert fatigue. +👉 [Auto-Triage Usage](https://github.com/Palo-Cortex/soc-optimization/tree/main/images/Auto_Triage.md) — Automatically closes non-priority incidents to reduce alert fatigue. ### 2. **Modular Playbooking with the `Upon Trigger`** - The `Upon Trigger` playbook is the engine of modular decision-making. diff --git a/Packs/soc-optimization-unified/pack_metadata.json b/Packs/soc-optimization-unified/pack_metadata.json index ba2928b..98a721b 100644 --- a/Packs/soc-optimization-unified/pack_metadata.json +++ b/Packs/soc-optimization-unified/pack_metadata.json @@ -3,7 +3,7 @@ "id": "soc-optimization-unified", "description": "This contents the content used to leverage processes that the Palo SOC uses including: Playbooks, integrations, layouts, etc.", "support": "xsoar", - "currentVersion": "3.0.20", + "currentVersion": "3.0.21", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/soc-optimization-unified/xsoar_config.json b/Packs/soc-optimization-unified/xsoar_config.json index 3768181..e7fa0b9 100644 --- a/Packs/soc-optimization-unified/xsoar_config.json +++ b/Packs/soc-optimization-unified/xsoar_config.json @@ -8,12 +8,12 @@ "custom_packs": [ { "id": "soc-optimization-unified.zip", - "url": "https://github.com/Palo-Cortex/secops-framework/releases/download/soc-optimization-unified-v3.0.20/soc-optimization-unified-v3.0.20.zip", + "url": "https://github.com/Palo-Cortex/secops-framework/releases/download/soc-optimization-unified-v3.0.21/soc-optimization-unified-v3.0.21.zip", "system": "yes" }, { "id": "soc-common-playbooks-unified.zip", - "url": "https://github.com/Palo-Cortex/secops-framework/releases/download/soc-common-playbooks-unified-v2.7.53/soc-common-playbooks-unified-v2.7.5", + "url": "https://github.com/Palo-Cortex/secops-framework/releases/download/soc-common-playbooks-unified-v2.7.53/soc-common-playbooks-unified-v2.7.53.zip", "system": "yes" } ], diff --git a/Packs/soc-proofpoint-tap/pack_metadata.json b/Packs/soc-proofpoint-tap/pack_metadata.json index b9cfb25..a994b05 100644 --- a/Packs/soc-proofpoint-tap/pack_metadata.json +++ b/Packs/soc-proofpoint-tap/pack_metadata.json @@ -3,7 +3,7 @@ "id": "soc-proofpoint-tap", "description": "This content adds the proper content to make the soc-phishing-investigation-response work with proofpoint.", "support": "xsoar", - "currentVersion": "1.0.9", + "currentVersion": "1.0.10", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/soc-proofpoint-tap/xsoar_config.json b/Packs/soc-proofpoint-tap/xsoar_config.json index 7510211..4050ad5 100644 --- a/Packs/soc-proofpoint-tap/xsoar_config.json +++ b/Packs/soc-proofpoint-tap/xsoar_config.json @@ -2,7 +2,7 @@ "custom_packs": [ { "id": "soc-proofpoint-tap.zip", - "url": "https://github.com/Palo-Cortex/secops-framework/releases/download/soc-proofpoint-tap-v1.0.9/soc-proofpoint-tap-v1.0.9.zip", + "url": "https://github.com/Palo-Cortex/secops-framework/releases/download/soc-proofpoint-tap-v1.0.10/soc-proofpoint-tap-v1.0.10.zip", "system": "yes" } ], diff --git a/pack_catalog.json b/pack_catalog.json index d8025da..fd26450 100644 --- a/pack_catalog.json +++ b/pack_catalog.json @@ -19,7 +19,7 @@ { "id": "soc-crowdstrike-falcon", "display_name": "SOC CrowdStrike Falcon Integration Enhancement for Cortex XSIAM", - "version": "1.0.36", + "version": "1.0.37", "path": "Packs/soc-crowdstrike-falcon", "visible": true, "xsoar_config": "https://raw.githubusercontent.com/Palo-Cortex/secops-framework/refs/heads/main/Packs/soc-crowdstrike-falcon/xsoar_config.json" @@ -59,7 +59,7 @@ { "id": "soc-optimization-unified", "display_name": "SOC Framework Unified", - "version": "3.0.20", + "version": "3.0.21", "path": "Packs/soc-optimization-unified", "visible": true, "xsoar_config": "https://raw.githubusercontent.com/Palo-Cortex/secops-framework/refs/heads/main/Packs/soc-optimization-unified/xsoar_config.json" @@ -67,7 +67,7 @@ { "id": "soc-proofpoint-tap", "display_name": "SOC Proofpoint TAP Integration Enhancement for Cortex XSIAM", - "version": "1.0.9", + "version": "1.0.10", "path": "Packs/soc-proofpoint-tap", "visible": true, "xsoar_config": "https://raw.githubusercontent.com/Palo-Cortex/secops-framework/refs/heads/main/Packs/soc-proofpoint-tap/xsoar_config.json"