Ciac 14226 rebrand fire eye etp integrations

Packs/CommonScripts/Scripts/IsIntegrationAvailable/README.md

@@ -59,7 +59,7 @@ MITRE ATT&CK CoA - T1135 - Network Share Discovery
 MITRE ATT&CK CoA - T1083 - File and Directory Discovery
 Cyren Inbox Security Default
 Get User Devices by Email Address - Generic
-FireEye ETP - Indicators Hunting
+Trellix Email Security Cloud - Indicators Hunting
 FireEye HX - Isolate Endpoint
 MITRE ATT&CK CoA - T1133 - External Remote Services
 FireEye HX - Execution Flow Indicators Hunting

Packs/FireEyeETP/Integrations/FireEyeETP/FireEyeETP.py

@@ -314,7 +314,9 @@ def search_messages_command():
     # create readable data
     messages_readable_data = [readable_message_data(message) for message in messages_context]
     messages_md_headers = ["Message ID", "Accepted Time", "From", "Recipients", "Subject", "Message Status"]
-    md_table = tableToMarkdown("FireEye ETP - Search Messages", messages_readable_data, headers=messages_md_headers)
+    md_table = tableToMarkdown(
+        "Trellix Email Security - Cloud - Search Messages", messages_readable_data, headers=messages_md_headers
+    )
 
     entry = {
         "Type": entryTypes["note"],
@@ -346,7 +348,9 @@ def get_message_command():
         # create readable data
         message_readable_data = readable_message_data(context_data)
         messages_md_headers = ["Message ID", "Accepted Time", "From", "Recipients", "Subject", "Message Status"]
-        md_table = tableToMarkdown("FireEye ETP - Get Message", message_readable_data, headers=messages_md_headers)
+        md_table = tableToMarkdown(
+            "Trellix Email Security - Cloud - Get Message", message_readable_data, headers=messages_md_headers
+        )
 
         entry = {
             "Type": entryTypes["note"],
@@ -364,7 +368,7 @@ def get_message_command():
             "Contents": {},
             "ContentsFormat": formats["text"],
             "ReadableContentsFormat": formats["markdown"],
-            "HumanReadable": "### FireEye ETP - Get Message \n no results",
+            "HumanReadable": "### Trellix Email Security - Cloud - Get Message \n no results",
         }
         demisto.results(entry)
 
@@ -477,7 +481,9 @@ def get_alerts_command():
         "Email Status",
         "Threat Intel",
     ]
-    md_table = tableToMarkdown("FireEye ETP - Get Alerts", alerts_readable_data, headers=alerts_summery_headers)
+    md_table = tableToMarkdown(
+        "Trellix Email Security - Cloud - Get Alerts", alerts_readable_data, headers=alerts_summery_headers
+    )
     entry = {
         "Type": entryTypes["note"],
         "Contents": alerts_raw,
@@ -611,7 +617,7 @@ def get_alert_command():
             "Contents": alert_raw,
             "ContentsFormat": formats["json"],
             "ReadableContentsFormat": formats["markdown"],
-            "HumanReadable": f"## FireEye ETP - Get Alert\n{alert_md_table}\n{malware_md_table}",
+            "HumanReadable": f"## Trellix Email Security - Cloud - Get Alert\n{alert_md_table}\n{malware_md_table}",
             "EntryContext": {"FireEyeETP.Alerts(obj.id==val.id)": alert_context},
         }
         demisto.results(entry)
@@ -622,7 +628,7 @@ def get_alert_command():
             "Contents": {},
             "ContentsFormat": formats["json"],
             "ReadableContentsFormat": formats["markdown"],
-            "HumanReadable": "### FireEye ETP - Get Alert\nno results",
+            "HumanReadable": "### Trellix Email Security - Cloud - Get Alert\nno results",
         }
         demisto.results(entry)
 

Packs/FireEyeETP/Integrations/FireEyeETP/FireEyeETP.yml

@@ -2,9 +2,9 @@ commonfields:
   id: FireEye ETP
   version: -1
 name: FireEye ETP
-display: FireEye ETP
+display: Trellix Email Security - Cloud
 category: Network Security
-description: 'FireEye Email Threat Prevention (ETP Cloud) is a cloud-based platform that protects against advanced email attacks.'
+description: 'Trellix Email Security - Cloud is a cloud-based platform that protects against advanced email attacks.'
 configuration:
 - display: 'Server URL'
   name: server
@@ -366,7 +366,7 @@ script:
       Cloud message ID.
   isfetch: true
   subtype: python3
-  dockerimage: demisto/python3:3.12.8.3296088
+  dockerimage: demisto/python3:3.12.11.4508456
 tests:
 - No Test
 

Packs/FireEyeETP/Integrations/FireEyeETP/FireEyeETP_description.md

@@ -1 +1 @@
-FireEye Email Threat Prevention (ETP Cloud) is a cloud-based platform that protects against advanced email attacks.
+Trellix Email Security - Cloud is a cloud-based platform that protects against advanced email attacks.

Packs/FireEyeETP/Integrations/FireEyeETP/README.md

@@ -1,8 +1,8 @@
-# FireEye Email Threat Prevention (ETP)
+# Trellix Email Security - Cloud
 
 ## Overview
 
-Use the FireEye Email Threat Prevention (ETP) integration to import messages as incidents, search for messages with specific attributes, and retrieve alert data.
+Use the Trellix Email Security - Cloud integration to import messages as incidents, search for messages with specific attributes, and retrieve alert data.
 
 ## Use Cases
 
@@ -13,11 +13,11 @@ Use the FireEye Email Threat Prevention (ETP) integration to import messages as
 
 Make sure you obtain the following information.
 
-* Valid FireEye ETP account
+* Valid Trellix Email Security - Cloud account
 * Configure an API key on the ETP Web portal. Select the product as both *Email Threat Prevention* and *Identity Access Management*. Select all entitlements.
-* Upon Authentication errors, contact FireEye Technical Support to let them know the IP address of your Cortex XSOAR Server and the URL you are accessing , e.g. https://etp.us.fireeye.com. FireEye will add these details to their Firewall rules so that the bidirectional traffic can be allowed between Cortex XSOAR and FireEye ETP.
+* Upon Authentication errors, contact Trellix Email Security - Cloud Technical Support to let them know the IP address of your Cortex XSOAR Server and the URL you are accessing , e.g. https://etp.us.fireeye.com. Trellix will add these details to their Firewall rules so that the bidirectional traffic can be allowed between Cortex XSOAR and Trellix Email Security - Cloud.
 
-## Configure FireEye ETP in Cortex
+## Configure Trellix Email Security - Cloud in Cortex
 
 * *Name*: a textual name for the integration instance.
 * *Server URL*: ETP server URL. Use the endpoint in the region that hosts your ETP service:
@@ -358,7 +358,7 @@ Returns detailed information for any specified alert. Alerts that are more than
 |FireEyeETP.Alerts.email.source_ip|Email source IP address|
 |FireEyeETP.Alerts.email.smtp.rcpt_to|Recipient SMTP|
 |FireEyeETP.Alerts.email.smtp.mail_from|Sender SMTP|
-|FireEyeETP.Alerts.email.etp_message_id|FireEye ETP unique message ID|
+|FireEyeETP.Alerts.email.etp_message_id|Trellix Email Security - Cloud unique message ID|
 |FireEyeETP.Alerts.email.headers.cc|Email cc recipients|
 |FireEyeETP.Alerts.email.headers.to|Email recipients|
 |FireEyeETP.Alerts.email.headers.from|Email sender|

Packs/FireEyeETP/Integrations/FireEyeETPEventCollector/FireEyeETPEventCollector.yml

@@ -13,7 +13,7 @@ configuration:
   type: 0
   section: Connect
 - displaypassword: API Key
-  additionalinfo: The API Key allows you to integrate with the FireEye ETP.
+  additionalinfo: The API Key allows you to integrate with the Trellix Email Security - Cloud.
   name: credentials
   required: true
   hiddenusername: true
@@ -23,19 +23,19 @@ configuration:
   display: Maximum number of Alerts to fetch.
   name: alerts_max_fetch
   type: 0
-  additionalinfo: The maximum number of Alert events to fetch from FireEye ETP.
+  additionalinfo: The maximum number of Alert events to fetch from Trellix Email Security - Cloud.
   section: Collect
 - defaultvalue: "1000"
   display: Maximum number of Email Trace to fetch.
   name: email_trace_max_fetch
   type: 0
-  additionalinfo: The maximum number of Email Trace events to fetch from FireEye ETP.
+  additionalinfo: The maximum number of Email Trace events to fetch from Trellix Email Security - Cloud.
   section: Collect
 - defaultvalue: "1000"
   display: Maximum number of Activity Log fetch.
   name: activity_log_max_fetch
   type: 0
-  additionalinfo: The maximum number of Activity Log events to fetch from FireEye ETP.
+  additionalinfo: The maximum number of Activity Log events to fetch from Trellix Email Security - Cloud.
   section: Collect
 - display: Trust any certificate (not secure)
   name: insecure
@@ -60,8 +60,8 @@ configuration:
   advanced: true
   defaultvalue: 'true'
   additionalinfo: Hide subject and attachments details from emails.
-description: Use this integration to fetch email security incidents from FireEye ETP as XSIAM events.
-display: FireEye ETP Event Collector
+description: Use this integration to fetch email security incidents from Trellix Email Security - Cloud as XSIAM events.
+display: Trellix Email Security - Cloud Event Collector
 name: FireEye ETP Event Collector
 script:
   commands:
@@ -80,9 +80,9 @@ script:
       - "true"
       - "false"
       required: true
-    description: Gets events from FireEye ETP. This command is used for developing/ debugging and is to be used with caution, as it can create events, leading to events duplication and API request limitation exceeding.
+    description: Gets events from Trellix Email Security - Cloud. This command is used for developing/ debugging and is to be used with caution, as it can create events, leading to events duplication and API request limitation exceeding.
     name: fireeye-etp-get-events
-  dockerimage: demisto/python3:3.12.8.3296088
+  dockerimage: demisto/python3:3.12.11.4508456
   isfetchevents: true
   script: ""
   subtype: python3