updating for wf500 api key

wf500 appliance api key format is 64 chars, updating logic to add that as an option for an API key
demisto · Nov 18, 2024 · 37523cc · 37523cc
1 parent ded28f5
commit 37523cc
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 7 deletions.
diff --git a/...ks_WildFire/Integrations/Palo_Alto_Networks_WildFire_v2/Palo_Alto_Networks_WildFire_v2.py b/...ks_WildFire/Integrations/Palo_Alto_Networks_WildFire_v2/Palo_Alto_Networks_WildFire_v2.py
@@ -1530,7 +1530,7 @@ def get_agent(api_key_source: str, platform: str, token: str) -> str:
     # within XSOAR (both on-prem and cloud).
     if len(token) == 32:
         return ''
-    if api_key_source in ['pcc', 'prismaaccessapi', 'xsoartim', 'xdr']:
+    if api_key_source in ['pcc', 'prismaaccessapi', 'xsoartim', 'xdr', 'wf500']:
         return api_key_source
     if (platform == 'x2' or is_demisto_version_ge('8')) and not api_key_source:
         return 'xdr'
@@ -1566,6 +1566,7 @@ def main():  # pragma: no cover
         # get the source of the credentials to ensure the correct agent is set for all API calls
         # other = ngfw or wf api based keys that are 32 chars long and require no agent
         # pcc and prismaaccessapi are 64 char long and require the correct agent= value in the api call
+        # wf500 appliance is 64 char long and requires no agent= value
         if not token:
             # Added support for all platforms from version 2.1.42.
             with contextlib.suppress(Exception):
@@ -1596,6 +1597,7 @@ def main():  # pragma: no cover
         if len(token) > 32 and not agent_value:
             # the token is longer than 32 so one of pcc, prismaaccessapi, xsoartim, xdr needs to be set or a
             # license from XSIAM/XSOAR NG.
+            # WF500 Appliances need 64 char key but do not require agent field, WF500 API calls ignore the added agent=wf500
             raise DemistoException(
                 "API Key is longer than 32 characters. Select an 'API Key Type' in the integration's instance configuration.")
         set_http_params(token, agent_value)

diff --git a/...s_WildFire/Integrations/Palo_Alto_Networks_WildFire_v2/Palo_Alto_Networks_WildFire_v2.yml b/...s_WildFire/Integrations/Palo_Alto_Networks_WildFire_v2/Palo_Alto_Networks_WildFire_v2.yml
@@ -18,7 +18,7 @@ configuration:
   hiddenusername: true
   section: Connect
   required: false
-- additionalinfo: Source of WildFire API Key - other = NGFW, WildFire API - pcc = Prisma Cloud Compute - prismaaccessapi = Prisma Access - xsoartim = XSOAR TIM API Key
+- additionalinfo: Source of WildFire API Key - other = NGFW, WildFire API - pcc = Prisma Cloud Compute - prismaaccessapi = Prisma Access - xsoartim = XSOAR TIM API Key - wf500 = Wildfire WF-500 Appliance
   defaultvalue: other
   display: API Key Type
   name: credentials_source
@@ -28,6 +28,7 @@ configuration:
   - xsoartim
   - xdr
   - other
+  - wf500
   type: 15
   section: Connect
   advanced: true

diff --git a/...ns/Palo_Alto_Networks_WildFire_v2/Palo_Alto_Networks_WildFire_v2_description.md b/...ns/Palo_Alto_Networks_WildFire_v2/Palo_Alto_Networks_WildFire_v2_description.md
@@ -9,6 +9,7 @@ This API key is used in the *API Key* field in the integration configuration.
 - Prisma Cloud Compute
 - Prisma Access
 - XSOAR TIM
+- WildFire WF-500 Appliance
 
 Notice: Submitting indicators using the following commands of this integration might make the indicator data publicly available.
 - ***wildfire-upload-url***

diff --git a/...lo_Alto_Networks_WildFire/Integrations/Palo_Alto_Networks_WildFire_v2/README.md b/...lo_Alto_Networks_WildFire/Integrations/Palo_Alto_Networks_WildFire_v2/README.md
@@ -395,11 +395,11 @@ Retrieves results for a file hash using WildFire.
 | WildFire.Report.maec_report | string | MAEC report output | 
 
 #### Command Example
-```!wildfire-report url=https://www.demisto.com```
+```!wildfire-report url=https://www.paloaltonetworks.com```
 
 #### Human Readable Output
 
->### Wildfire URL report for https://www.demisto.com
+>### Wildfire URL report for https://www.paloaltonetworks.com
 >|sha256|type|verdict|
 >|---|---|---|
 >| 288cd35401e334a2defc0b428d709f58d4ea28c8e9c6e47fdba88da2d6bc88a7 | wf-report | benign |
@@ -582,14 +582,14 @@ Notice: Submitting indicators using this command might make the indicator data p
 
 
 #### Command Example
-```!wildfire-upload-url upload=https://www.demisto.com```
+```!wildfire-upload-url upload=https://www.paloaltonetworks.com```
 
 #### Human Readable Output
 
 >### WildFire Upload URL
 >|MD5|SHA256|Status|URL|
 >|---|---|---|---|
->| 67632f32e6af123aa8ffd1fe8765a783 | c51a8231d1be07a2545ac99e86a25c5d68f88380b7ebf7ac91501661e6d678bb | Pending | https://www.demisto.com |
+>| 67632f32e6af123aa8ffd1fe8765a783 | c51a8231d1be07a2545ac99e86a25c5d68f88380b7ebf7ac91501661e6d678bb | Pending | https://www.paloaltonetworks.com |
 
 
 ### wildfire-get-sample

diff --git a/Packs/Palo_Alto_Networks_WildFire/ReleaseNotes/2_1_54.md b/Packs/Palo_Alto_Networks_WildFire/ReleaseNotes/2_1_54.md
@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### Palo Alto Networks WildFire v2
+
+- Updated the integration to allow a 64 char API key from WildFire WF-500 Appliances to be used.
+- Updated the README file to remove keyword demisto and replace with paloaltonetworks.
diff --git a/Packs/Palo_Alto_Networks_WildFire/pack_metadata.json b/Packs/Palo_Alto_Networks_WildFire/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "WildFire by Palo Alto Networks",
     "description": "Perform malware dynamic analysis",
     "support": "xsoar",
-    "currentVersion": "2.1.53",
+    "currentVersion": "2.1.54",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",