add required field in command

shabina-metron · shabina-metron · commit 2baeb6535fdb · 2025-01-21T14:35:49.000+05:30
diff --git a/Packs/Cybereason/Integrations/Cybereason/Cybereason.py b/Packs/Cybereason/Integrations/Cybereason/Cybereason.py
@@ -64,7 +64,7 @@
     'GUID', 'Link', 'CreationTime', 'Status', 'LastUpdateTime', 'DecisionFailure', 'Suspects', 'AffectedMachine', 'InvolvedHash']
 
 SINGLE_MALOP_HEADERS = [
-    'GUID', 'Link', 'CreationTime', 'Status', 'LastUpdateTime', 'InvolvedHash']
+    'GUID', 'Link', 'CreationTime', 'Status', 'LastUpdateTime', 'InvolvedHash', 'Severity',  'Machines', 'Users', "DecisionStatuses", "DetectionTypes", "DetectionEngines" ,"MitreTechniques", "MalopCloserName"]
 
 DOMAIN_HEADERS = [
     'Name', 'Reputation', 'IsInternalDomain', 'WasEverResolved', 'WasEverResolvedAsASecondLevelDomain', 'Malicious',
@@ -2185,11 +2185,28 @@ def query_malop_management_command(client: Client, args: dict):
             involved_hashes = single_malop.get("rootCauseElementHashes", [])
             malop_severity = single_malop.get("severity","")
             machines = single_malop.get("machines",[])
+            filtered_machines = [
+                {
+                    "guid": machine.get("guid"),
+                    "displayName": machine.get("displayName"),
+                    "pylumId": machine.get("pylumId"),
+                }
+                for machine in machines
+            ]
+
             users = single_malop.get("users",[])
+            filtered_users = [
+                {
+                    "guid": user.get("guid"),
+                    "displayName": user.get("displayName"),
+                }
+                for user in users
+            ]
             decision_statuses = single_malop.get("decisionStatuses",[])
             dectection_types = single_malop.get("detectionTypes",[])
             detection_engines = single_malop.get("detectionEngines", [])
             mitre_techniques = single_malop.get("mitreTechniques")
+            closer_name = single_malop.get("closerName")
             if single_malop["isEdr"]:
                 link = SERVER + '/#/malop/' + guid
             else:
@@ -2202,12 +2219,13 @@ def query_malop_management_command(client: Client, args: dict):
                 'Status': management_status,
                 'InvolvedHash': involved_hashes,
                 'Severity' : malop_severity,
-                'Machines' : machines,
-                'Users' : users,
+                'Machines' : filtered_machines,
+                'Users' : filtered_users,
                 "DecisionStatuses" : decision_statuses,
                 "DetectionTypes" : dectection_types,
                 "DetectionEngines" : detection_engines,
                 "MitreTechniques" : mitre_techniques,
+                "MalopCloserName" : closer_name
 
             }
             outputs.append(malop_output)
diff --git a/Packs/Cybereason/Integrations/Cybereason/Cybereason.yml b/Packs/Cybereason/Integrations/Cybereason/Cybereason.yml
@@ -387,6 +387,29 @@ script:
     - contextPath: Cybereason.Malops.Status
       description: Malop managemant status.
       type: string
+    - contextPath: Cybereason.Malops.Severity
+      description: Severity of Malop.
+      type: string
+    - contextPath: Cybereason.Malops.Machines
+      description: List of Machines involved in this Malop.
+      type: string
+    - contextPath: Cybereason.Malops.Users
+      description: List of Users involved in this Malop.
+      type: string
+    - contextPath: Cybereason.Malops.DecisionStatuses
+      description: List of Decision Statuses involved in this Malop.
+      type: string
+    - contextPath: Cybereason.Malops.DetectionTypes
+      description: List of Detection Types involved in this Malop.
+      type: string
+    - contextPath: Cybereason.Malops.DetectionEngines
+      description: List of Detection Engines involved in this Malop.
+      type: string
+    - contextPath: Cybereason.Malops.MitreTechniques
+      description: List of Mitre Techniques involved in this Malop.
+    - contextPath: Cybereason.Malops.MalopCloserName
+      description: List of Malop Closer Name involved in this Malop.
+      type: string
   - arguments:
     - description: processGuid of the Cybereason Malop (can accept multiple guids separated by comma).
       name: processGuid
