Skip to content

Containment plan fix #44089

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
OmriItzhak wants to merge 32 commits into
base: master
Choose a base branch
from
Open

Containment plan fix #44089

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
9cc885a
fix for containment plan and core playbooks
OmriItzhak Apr 29, 2026
d16196d
RN
OmriItzhak Apr 29, 2026
5dd0545
updated pack ignore for GR109
OmriItzhak Apr 29, 2026
70478fd
Merge branch 'master' into containment_plan_fix
OmriItzhak Apr 29, 2026
4bacaae
Merge branch 'master' into containment_plan_fix
OmriItzhak Apr 30, 2026
b594c31
Merge branch 'master' into containment_plan_fix
melamedbn Apr 30, 2026
2fbcf67
Merged master into current branch.
May 5, 2026
9ebfed3
Bump pack from version CommonPlaybooks to 2.7.35.
May 5, 2026
3977ed4
Merge branch 'master' into containment_plan_fix
melamedbn May 6, 2026
65ef8b5
Merged master into current branch.
May 6, 2026
44e5048
Bump pack from version Core to 3.5.41.
May 6, 2026
635aa15
Merged master into current branch.
May 6, 2026
c4db488
Bump pack from version Core to 3.5.42.
May 6, 2026
fa75e9f
Merged master into current branch.
May 7, 2026
920a179
Bump pack from version Core to 3.5.43.
May 7, 2026
5ddf11c
Merge branch 'master' into containment_plan_fix
melamedbn May 7, 2026
8f4a5e6
Merged master into current branch.
May 10, 2026
6e327cd
Bump pack from version Core to 3.5.44.
May 10, 2026
8f887ad
Trigger build
melamedbn May 10, 2026
492de88
Merge branch 'master' into containment_plan_fix
melamedbn May 10, 2026
82d20c4
Merged master into current branch.
May 10, 2026
9636452
Bump pack from version Core to 3.5.45.
May 10, 2026
d43b703
Merged master into current branch.
May 10, 2026
1acaa0c
Bump pack from version Core to 3.5.46.
May 10, 2026
796fe89
Merged master into current branch.
May 14, 2026
266a8cd
Bump pack from version Core to 3.5.47.
May 14, 2026
85d6919
Bump pack from version CommonPlaybooks to 2.7.36.
May 14, 2026
012f1b7
Merge branch 'master' into containment_plan_fix
efelmandar May 14, 2026
13fa88f
Merged master into current branch.
May 14, 2026
ddb490d
Bump pack from version Core to 3.5.48.
May 14, 2026
4001f36
Merged master into current branch.
May 14, 2026
5c2ae69
Bump pack from version Core to 3.5.49.
May 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 24 additions & 8 deletions Packs/CommonPlaybooks/Playbooks/playbook-Containment_Plan.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -506,7 +506,9 @@ tasks:
simple: inputs.AutoContainment
iscontext: true
lhsB: {}
options: {}
options:
value:
simple: case_insensitive
optionsB: {}
rhs:
value:
Expand Down Expand Up @@ -584,7 +586,9 @@ tasks:
simple: inputs.AutoContainment
iscontext: true
lhsB: {}
options: {}
options:
value:
simple: case_insensitive
optionsB: {}
rhs:
value:
Expand Down Expand Up @@ -615,7 +619,9 @@ tasks:
simple: inputs.AutoContainment
iscontext: true
lhsB: {}
options: {}
options:
value:
simple: case_insensitive
optionsB: {}
rhs:
value:
Expand Down Expand Up @@ -727,7 +733,9 @@ tasks:
simple: inputs.AutoContainment
iscontext: true
lhsB: {}
options: {}
options:
value:
simple: case_insensitive
optionsB: {}
rhs:
value:
Expand Down Expand Up @@ -761,7 +769,9 @@ tasks:
simple: inputs.AutoContainment
iscontext: true
lhsB: {}
options: {}
options:
value:
simple: case_insensitive
optionsB: {}
rhs:
value:
Expand Down Expand Up @@ -873,7 +883,9 @@ tasks:
simple: inputs.AutoContainment
iscontext: true
lhsB: {}
options: {}
options:
value:
simple: case_insensitive
optionsB: {}
rhs:
value:
Expand Down Expand Up @@ -942,7 +954,9 @@ tasks:
simple: inputs.AutoContainment
iscontext: true
lhsB: {}
options: {}
options:
value:
simple: case_insensitive
optionsB: {}
rhs:
value:
Expand Down Expand Up @@ -973,7 +987,9 @@ tasks:
simple: inputs.AutoContainment
iscontext: true
lhsB: {}
options: {}
options:
value:
simple: case_insensitive
optionsB: {}
rhs:
value:
Expand Down
30 changes: 17 additions & 13 deletions Packs/CommonPlaybooks/Playbooks/playbook-Containment_Plan_-_Isolate_Device.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ tasks:
{
"position": {
"x": 490,
"y": -782
"y": -812
}
}
note: false
Expand Down Expand Up @@ -176,7 +176,7 @@ tasks:
{
"position": {
"x": 30,
"y": -454
"y": -484
}
}
note: false
Expand Down Expand Up @@ -403,31 +403,35 @@ tasks:
nexttasks:
'#default#':
- "10"
"yes":
- "24"
Endpoint ID:
- "13"
Endpoint Name:
- "24"
separatecontext: false
conditions:
- label: "yes"
- label: Endpoint ID
condition:
- - operator: isNotEmpty
left:
value:
complex:
root: inputs.EndpointID
iscontext: true
- operator: isNotEmpty
right:
value: {}
- label: Endpoint Name
condition:
- - operator: isNotEmpty
left:
value:
complex:
root: inputs.EndpointHostName
simple: inputs.EndpointHostName
iscontext: true
continueonerrortype: ""
view: |-
{
"position": {
"x": 490,
"y": -653
"y": -683
}
}
note: false
Expand Down Expand Up @@ -470,7 +474,7 @@ tasks:
{
"position": {
"x": 490,
"y": -454
"y": -484
}
}
note: false
Expand Down Expand Up @@ -536,10 +540,10 @@ view: |-
},
"paper": {
"dimensions": {
"height": 1286,
"width": 841,
"height": 1316,
"width": 840,
"x": 30,
"y": -782
"y": -812
}
}
}
Expand Down
10 changes: 10 additions & 0 deletions Packs/CommonPlaybooks/ReleaseNotes/2_7_36.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@

#### Playbooks

##### Containment Plan - Isolate Device

- Fixed endpoint isolation condition logic: isolation now triggers when **either** an Endpoint ID **or** an Endpoint Hostname is provided, instead of requiring both simultaneously.

##### Containment Plan

- Added case-insensitive comparison for the **AutoContainment** input condition checks, ensuring the playbook correctly handles 'True or 'False' values regardless of casing.
2 changes: 1 addition & 1 deletion Packs/CommonPlaybooks/pack_metadata.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "Common Playbooks",
"description": "Frequently used playbooks pack.",
"support": "xsoar",
"currentVersion": "2.7.35",
"currentVersion": "2.7.36",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down
6 changes: 6 additions & 0 deletions Packs/Core/.pack-ignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,12 @@ ignore=SC105
[file:CoreUnisolateEndpoint.yml]
ignore=SC105

[file:playbook-T1059_-_Command_and_Scripting_Interpreter.yml]
ignore=GR109

[file:playbook-T1036_-_Masquerading.yml]
ignore=GR109

[known_words]
xsiam
coreirapimodule
Expand Down
2 changes: 1 addition & 1 deletion Packs/Core/Playbooks/playbook-T1036_-_Masquerading.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -813,7 +813,7 @@ tasks:
applyIfEmpty: {}
defaultValue:
value:
simple: "true"
simple: "false"
BlockIndicators:
simple: "True"
ClearUserSessions:
Expand Down
4 changes: 2 additions & 2 deletions Packs/Core/Playbooks/playbook-T1059_-_Command_and_Scripting_Interpreter.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -839,7 +839,7 @@ tasks:
applyIfEmpty: {}
defaultValue:
value:
simple: "true"
simple: "false"
BlockIndicators:
simple: "True"
ClearUserSessions:
Expand Down Expand Up @@ -879,7 +879,7 @@ tasks:
applyIfEmpty: {}
defaultValue:
value:
simple: "true"
simple: "false"
BlockIndicators:
simple: "True"
ClearUserSessions:
Expand Down
10 changes: 10 additions & 0 deletions Packs/Core/ReleaseNotes/3_5_49.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@

#### Playbooks

##### T1059 - Command and Scripting Interpreter

- Fixed the default value of the **AutoContainment** input passed to the *Containment Plan* sub-playbook from 'true' to 'false'.

##### T1036 - Masquerading

- Fixed the default value of the **AutoContainment** input passed to the *Containment Plan* sub-playbook from 'true' to 'false'.
2 changes: 1 addition & 1 deletion Packs/Core/pack_metadata.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "Core",
"description": "Automates incident response",
"support": "xsoar",
"currentVersion": "3.5.48",
"currentVersion": "3.5.49",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down
Loading