Merge pull request #2115 from SEKOIA-IO/fix/AutomationsDoc

Library: update automation documentation

_shared_content/automate/library/aws.md

@@ -65,4 +65,4 @@ Get the last records from FlowLog (deprecated in flavor of Fetch new logs on S3)
 
 ## Extra
 
-Module **`AWS` v1.31.6**
+Module **`AWS` v1.32.2**

_shared_content/automate/library/crowdstrike-falcon.md

@@ -18,6 +18,28 @@ Integrates with CrowdStrike Falcon EDR
 
 ## Actions
 
+### Add new comment to alert
+
+Appends a new comment to any existing comments for the specified alerts.
+
+**Arguments**
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `ids` | `array` | List of alert IDs to apply action to. |
+| `comment` | `string` | New comment to add to the alert. |
+
+### Update alert status
+
+Update the status for the specified alerts..
+
+**Arguments**
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `ids` | `array` | List of alert IDs to apply action to. |
+| `new_status` | `string` | The new status to apply to the alerts. |
+
 ### Block IOC
 
 Block the provided IOC
@@ -86,4 +108,4 @@ Enable detections on the provided IOCs: md5 / sha256 file hashes, IPv4/v6 addres
 
 ## Extra
 
-Module **`CrowdStrike Falcon` v1.21.0**
+Module **`CrowdStrike Falcon` v1.22.0**

_shared_content/automate/library/google.md

@@ -37,4 +37,4 @@ Execute the given query and return the results
 
 ## Extra
 
-Module **`Google` v1.20.9**
+Module **`Google` v1.21.3**

_shared_content/automate/library/harfanglab.md

@@ -17,6 +17,50 @@ HarfangLab is an Endpoint detection and response (EDR) solution certified by ANS
 
 ## Actions
 
+### Add comment to Threat
+
+Add comment to Threat
+
+**Arguments**
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `id` | `string` | Threat IDs |
+| `comment` | `string` | Comment to add |
+
+### Create IOCs
+
+Create IOCs
+
+**Arguments**
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `stix_objects_path` | `string` | Filepath of the STIX objects fetched from the collection |
+| `sekoia_base_url` | `string` | [Optional] Sekoia base url, used to generate direct links to IOCs |
+| `source_id` | `string` | Source ID |
+| `block_on_agent` | `boolean` | Block on agent |
+| `quarantine_on_agent` | `boolean` | Quarantine on agent |
+| `detect_on_agent` | `boolean` | Endpoint detection |
+
+### Download File from Endpoint
+
+Download an arbitrary file from an HarfangLab endpoint
+
+**Arguments**
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `id` | `string` | Identifier of the endpoint agent |
+| `path` | `string` | Absolute path to the file to download from the endpoint |
+
+
+**Outputs**
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `path` | `string` | Downloaded file's path |
+
 ### Deisolate an agent
 
 Deisolate an agent
@@ -152,7 +196,19 @@ Get the list of processes on the systems
 | `creationtime` | `string` | Creation date of the job |
 | `parameters` | `object` | Parameters of the job |
 
+### Update Threat status
+
+Update Threat status
+
+**Arguments**
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `threat_ids` | `array` | Threats IDs |
+| `new_status` | `string` | New status |
+| `update_by_query` | `boolean` | Update by query |
+
 
 ## Extra
 
-Module **`HarfangLab` v1.23.1**
+Module **`HarfangLab` v1.24.0**

_shared_content/automate/library/microsoft-active-directory.md

@@ -52,7 +52,26 @@ Reset a user's password. You will need a strong password for that otherwise enab
 | `basedn` | `string` | The starting point an LDAP server uses when searching for users authentication within your Directory. (e.g DC=example-domain,DC=com) |
 | `new_password` | `string` | New password, required to reset the old one of course. |
 
+### Search in AD
+
+Search in AD
+
+**Arguments**
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `search_filter` | `string` | LDAP filter to run your query on  see https://ldap3.readthedocs.io/en/latest/searches.html#the-ldap-filter) |
+| `basedn` | `string` | The starting point an LDAP server uses when searching for users authentication within your Directory. (e.g DC=example-domain,DC=com) |
+| `attributes` | `` | Attributes you want to retrieve (default will be ALL)  |
+
+
+**Outputs**
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `search_result` | `array` |  |
+
 
 ## Extra
 
-Module **`Microsoft Active Directory` v1.3.0**
+Module **`Microsoft Active Directory` v1.3.7**

_shared_content/automate/library/microsoft-entra-id.md

@@ -146,4 +146,4 @@ Invalidates all the refresh tokens issued to applications for a user. Requires t
 
 ## Extra
 
-Module **`Microsoft Entra ID` v2.8.4**
+Module **`Microsoft Entra ID` v2.8.5**