Flashpoint Release 2.2.1

[crestdatasystems]

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

• In Progress
• Ready
• In Hold - (Reason for hold)

Description

Updated Flashpoint Ignite integration

• Added support for the Enable Exact Match for IOC Enrichment parameter. When enabled, the enrichment commands (ip, domain, file, and url) use exact matching for indicator values by default. This behavior can still be overridden for individual commands using the exact_match argument.

Must have

• Tests
• Documentation

relates: https://jira-dc.paloaltonetworks.com/browse/CIAC-16925

[content-bot]

Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @kamalq97 will know the proposed changes are ready to be reviewed.
For your convenience, here is a link to the contributions SLAs document.

[content-bot]

Hi @crestdatasystems, thanks for contributing to the XSOAR marketplace. To receive credit for your generous contribution please follow this link.

[content-bot]

🤖 AI-Powered Code Review Available

Hi @kamalq97, you can leverage AI-powered code review to assist with this PR!

Available Commands:

• @marketplace-ai-reviewer start review - Initiate a full AI code review
• @marketplace-ai-reviewer re-review - Incremental review for new commits

[marketplace-ai-reviewer]

🤖 Analysis started. Please wait for results...

[marketplace-ai-reviewer]

🤖 AI Review Disclaimer

This review was generated by an AI-powered tool and may contain inaccuracies. Please be advised, and we extend our sincere apologies for any inconvenience this may cause.

[marketplace-ai-reviewer]

Hi! Thanks for your contribution to the Flashpoint pack.

I've reviewed the PR and found a few items to address, most notably a critical bug where enabling the exact match parameter causes the email and filename commands to crash due to an argument mismatch. There are also some minor structural updates needed in the YAML and metadata files, along with a few documentation and release note styling tweaks to align with our guidelines.

Let me know if you have any questions!

Additionally, please address the following file-level notes:

• Packs/Flashpoint/Integrations/Ignite/Ignite.yml: The first key defined at the root level of the .yml file must always be name or display. Currently, the file starts with sectionorder. Please move name or display to the top of the file.
• Packs/Flashpoint/pack_metadata.json: The keywords list is empty. According to the pack metadata guidelines, the vendor's name (Flashpoint) must appear in the keywords list. Please add it.

@TheL0L please review and approve the results generated by the AI Reviewer by responding 👍 on this comment.

[marketplace-ai-reviewer]

The description for a boolean parameter must start with 'Whether...'.

Suggested change

	- additionalinfo: When enabled, enrichment commands (ip, domain, file, and url) use exact matching for indicator values by default. This behavior can be overridden for individual commands using the exact_match argument.
	additionalinfo: Whether to use exact matching for indicator values by default in enrichment commands (ip, domain, file, and url). This behavior can be overridden for individual commands using the exact_match argument.

Additionally, please note a critical bug in the Python implementation: enabling this parameter will cause the email and filename commands to crash. The REPUTATION_COMMAND_TO_FUNCTION loop appends exact_match to the arguments if it is True, but email_lookup_command and filename_lookup_command only accept 2 arguments. Please fix this in the Python code.

[marketplace-ai-reviewer]

Please update the entity styling to match the documentation guidelines:

• Parameters and arguments should be in *italics*
• Command names should be in ***bold-italics***

Suggested change

	- Added support for the **Enable Exact Match for IOC Enrichment** parameter. When enabled, the enrichment commands (ip, domain, file, and url) use exact matching for indicator values by default. This behavior can still be overridden for individual commands using the exact_match argument.
	- Added support for the *Enable Exact Match for IOC Enrichment* parameter. When enabled, the enrichment commands (***ip***, ***domain***, ***file***, and ***url***) use exact matching for indicator values by default. This behavior can still be overridden for individual commands using the *exact_match* argument.

[marketplace-ai-reviewer]

Please update the Docker image styling. Literal values should be in **bold**.

Suggested change

	- Updated the Docker image to: *demisto/python3:3.12.13.9059085*.
	- Updated the Docker image to: **demisto/python3:3.12.13.9059085**.

[TheL0L]

Thanks for the contribution, @crestdatasystems!

I've finished reviewing the PR and triggered the internal pipeline to run validations and tests on the changes. Please address the comments left by @marketplace-ai-reviewer, as well as the inline comment I left regarding a regression in !email and !filename when exact_match is enabled.

[TheL0L]

The YAML only declares exact_match on domain, ip, url, and file - not on email or filename. However, this loop appends it unconditionally, so when ioc_enrichment_exact_match is enabled, !email and !filename crash with TypeError: ... takes 2 positional arguments but 3 were given.

Could you restrict the exact_match argument to only the commands that actually support it?

Please also add parametrized exact_match tests for email and filename in Ignite_test.py to make sure these commands aren't broken by the config-level exact_match setting going forward.

I would really appreciate it if you could take care of this - thanks!