diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py b/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py index fc941c8f9f92..ee01be7f0e5e 100644 --- a/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py +++ b/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py @@ -6129,8 +6129,8 @@ def main(): # pragma: no cover params_endpoint_type = params.get("endpoint_type") or "Worldwide" params_url = params.get("url") is_gcc = params.get("is_gcc", False) - tenant_id = params.get("tenant_id") or params.get("_tenant_id") - auth_id = params.get("_auth_id") or params.get("auth_id") + tenant_id = params.get("tenant_id") or params.get("_tenant_id") or params.get("_tenant_id_encrypted", {}).get("password") + auth_id = params.get("_auth_id") or params.get("auth_id") or params.get("_auth_id_encrypted", {}).get("password") enc_key = (params.get("credentials") or {}).get("password") or params.get("enc_key") use_ssl: bool = not params.get("insecure", False) proxy: bool = params.get("proxy", False) diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.yml b/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.yml index 45322f4b1ac3..36248e743988 100644 --- a/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.yml +++ b/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.yml @@ -24,16 +24,30 @@ configuration: - Custom advanced: true required: false +- displaypassword: ID + name: _auth_id_encrypted + type: 9 + hiddenusername: true + section: Connect + required: false +- displaypassword: Token + name: _tenant_id_encrypted + type: 9 + hiddenusername: true + section: Connect + required: false - display: ID name: _auth_id type: 0 section: Connect required: false + hidden: true - display: Token name: _tenant_id type: 0 section: Connect required: false + hidden: true - displaypassword: Key section: Connect name: credentials @@ -5815,7 +5829,7 @@ script: - contextPath: MicrosoftATP.PublicVulnerability.UpdatedOn description: The date and time when this vulnerability was last updated. type: String - dockerimage: demisto/crypto:1.0.0.3539024 + dockerimage: demisto/crypto:1.0.0.4578119 isfetch: true runonce: false script: '-' diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection_test.py b/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection_test.py index 65c87e97543d..67916da24f86 100644 --- a/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection_test.py +++ b/Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection_test.py @@ -5,7 +5,6 @@ import demistomock as demisto import pytest import requests_mock -from _pytest.python_api import raises from CommonServerPython import DemistoException, snakify from freezegun import freeze_time from MicrosoftDefenderAdvancedThreatProtection import ( @@ -1081,7 +1080,9 @@ def test_add_error_message(failed_devices, all_requested_devices, expected_resul def test_add_error_message_raise_error(failed_devices, all_requested_devices): from MicrosoftDefenderAdvancedThreatProtection import add_error_message - with raises(DemistoException, match=f"Microsoft Defender ATP The command was failed with the errors: {failed_devices}"): + with pytest.raises( + DemistoException, match=f"Microsoft Defender ATP The command was failed with the errors: {failed_devices}" + ): add_error_message(failed_devices, all_requested_devices) diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_20_9.md b/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_20_9.md new file mode 100644 index 000000000000..a603ec74fe2b --- /dev/null +++ b/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_20_9.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### Microsoft Defender for Endpoint + +- Updated the Docker image to: *demisto/crypto:1.0.0.4578119*. +- Updated the Microsoft Defender Advanced Threat Protection integration parameters: *ID* and *Token* to be encrypted. diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json b/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json index 5e87352f4325..2b74dfd88685 100644 --- a/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json +++ b/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Microsoft Defender for Endpoint", "description": "Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection (ATP)) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.", "support": "xsoar", - "currentVersion": "1.20.8", + "currentVersion": "1.20.9", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",