Is 1447 exabeam fetch incidents (demisto#22664)

* New feature: exabeam fetch incidents

* New feature: exabeam fetch incidents

* New feature: exabeam fetch incidents

* Improvement: rsa

* Improvement: exabeam

* Improvement: exabeam

* Improvement: exabeam

* Improvement: exabeam

* Improvement: exabeam

* Improvement: exabeam

* Improvement: exabeam

* Improvement: exabeam

* Improvement: exabeam

* Improvement: exabeam

* Improvement: exabeam

* first commit for fetch

* commit

* commit

* first commit for fetch

* commit

* Added fetch incident command and list incidents command

* mypy and pylint

* commit

* Corrections UT and classifier

* fixed fthe Readme

* Add UT for fetch-incidents

* commit

* Fixed UT

* fix UT

* commit

* commit

* corrections

* commit

* corrections

* Update 3_3_40.md

Done.

* Update Exabeam.yml

Done.

* Update Exabeam.yml

Done.

* Update README.md

Done.

* Update 2_2_0.md

Done.

* commit

* corrections

* Update docker

* fix

* commit

* correction to RN

Co-authored-by: ishai <[email protected]>
Co-authored-by: israelpolishook <[email protected]>
Co-authored-by: ShirleyDenkberg <[email protected]>
Co-authored-by: dorschw <[email protected]>

Author: 5 people

Packs/CommonTypes/.pack-ignore

@@ -327,6 +327,7 @@ emailRep
 accountRep
 cveRep
 VerifyCIDR
+Exabeam
 
 [file:classifier-Mail-listener.json]
 ignore=BA101

Packs/CommonTypes/IncidentFields/incidentfield-Close_Time.json

@@ -7,7 +7,8 @@
 		"SysAid Request",
         "Qradar Generic",
         "Guardicore Incident",
-        "Saas Security Incident"
+        "Saas Security Incident",
+        "Exabeam Incident"
     ],
     "breachScript": "",
     "caseInsensitive": true,

Packs/CommonTypes/IncidentFields/incidentfield-Item_Owner.json

@@ -23,7 +23,8 @@
         "Symantec DLP Discover Incident",
         "Symantec DLP Endpoint Incident",
         "Symantec DLP Network Incident",
-        "ThreatConnect"
+        "ThreatConnect",
+        "Exabeam Incident"
     ],
     "unmapped": false,
     "unsearchable": false,

Packs/CommonTypes/IncidentFields/incidentfield-Source_Updated_By.json

@@ -0,0 +1,28 @@
+{
+    "id": "incident_sourceupdatedby",
+    "version": -1,
+    "modified": "2022-12-05T14:55:55.838824+02:00",
+    "name": "Source Updated by",
+    "ownerOnly": false,
+    "cliName": "sourceupdatedby",
+    "type": "shortText",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedToAll": true,
+    "unmapped": false,
+    "unsearchable": true,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "6.5.0"
+}

Packs/CommonTypes/IncidentFields/incidentfield-Start_Time.json

@@ -8,7 +8,8 @@
         "CrowdStrike Falcon Incident",
         "Microsoft Defender For Endpoint",
         "Skyhigh Security Alert",
-        "Skyhigh Security Threat"
+        "Skyhigh Security Threat",
+        "Exabeam Incident"
     ],
     "breachScript": "",
     "caseInsensitive": true,

Packs/CommonTypes/IncidentFields/incidentfield-Title.json

@@ -37,7 +37,8 @@
   "AWS Guard Duty IAM Finding",
   "AWS Guard Duty Kubernetes Finding",
   "AWS Guard Duty Malware Protection Finding",
-  "AWS Guard Duty S3 Finding"
+  "AWS Guard Duty S3 Finding",
+  "Exabeam Incident"
  ],
  "associatedToAll": false,
  "unmapped": false,

Packs/CommonTypes/ReleaseNotes/3_3_40.md

@@ -0,0 +1,10 @@
+
+#### Incident Fields
+Added the **Exabeam Incident** incident type to the following incident fields:
+- **Close Time**
+- **Item Owner**
+- **Start Time**
+- **Title**
+- **Source Updated by**
+
+Added the **Source Updated By** incident field.

Packs/CommonTypes/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Common Types",
     "description": "This Content Pack will get you up and running in no-time and provide you with the most commonly used incident & indicator fields and types.",
     "support": "xsoar",
-    "currentVersion": "3.3.39",
+    "currentVersion": "3.3.40",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/Exabeam/Classifiers/classifier-exabeam_mapping.json

@@ -0,0 +1,58 @@
+{
+    "description": "",
+    "feed": false,
+    "id": "Exabeam mapping",
+    "mapping": {
+        "Exabeam Incident": {
+            "dontMapEventToLabels": true,
+            "internalMapping": {
+                "Close Time": {
+                    "simple": "baseFields.closedDate"
+                },
+                "Description": {
+                    "simple": "baseFields.description"
+                },
+                "Exabeam Id": {
+                    "simple": "incidentId"
+                },
+                "Exabeam Queue": {
+                    "simple": "baseFields.queue"
+                },
+                "Item Owner": {
+                    "simple": "baseFields.owner"
+                },
+                "Last Update Time": {
+                    "simple": "baseFields.updatedAt"
+                },
+                "Source Category": {
+                    "simple": "baseFields.incidentType"
+                },
+                "Source Create time": {
+                    "simple": "baseFields.createdAt"
+                },
+                "Source Created By": {
+                    "simple": "baseFields.createdBy"
+                },
+                "Source Priority": {
+                    "simple": "baseFields.priority"
+                },
+                "Source Status": {
+                    "simple": "baseFields.status"
+                },
+                "Source Updated by": {
+                    "simple": "baseFields.updatedBy"
+                },
+                "Start Time": {
+                    "simple": "baseFields.startedDate"
+                },
+                "Title": {
+                    "simple": "name"
+                }
+            }
+        }
+    },
+    "name": "Exabeam mapping",
+    "type": "mapping-incoming",
+    "version": -1,
+    "fromVersion": "6.5.0"
+}

Packs/Exabeam/IncidentFields/incidentfields-exabeamid.json

@@ -0,0 +1,31 @@
+{
+    "id": "incident_exabeamid",
+    "version": -1,
+    "modified": "2022-11-30T14:33:28.322016+02:00",
+    "name": "Exabeam Id",
+    "ownerOnly": false,
+    "cliName": "exabeamid",
+    "type": "shortText",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Exabeam Incident"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": true,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "6.5.0"
+}