[FeedsDomainTools] update feeds app description

Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.yml

@@ -8,32 +8,39 @@ configuration:
   required: true
   hidden: false
   type: 0
+  additionalinfo: The DomainTools API Username to use.
+  section: Connect
 - display: API Key
   name: api_key
   required: true
   hidden: false
   type: 4
+  additionalinfo: The DomainTools API Key to use.
+  section: Connect
 - display: Session ID
   name: session_id
   defaultvalue: dt-cortex-feeds
   required: false
   hidden: false
   type: 0
-  additionalinfo: The session id to serve as unique indentifier. On it's initial use, it will retrieve data from the past 5 days.
+  section: Collect
+  additionalinfo: The session id to serve as unique identifier. On it's initial use, it will retrieve data from the past 5 days. Defaults to 'dt-cortex-feeds'.
 - display: After
   name: after
   defaultvalue: "-3600"
   required: false
   hidden: false
   type: 0
-  additionalinfo: The start of the query window in seconds, relative to the current time, inclusive.
+  section: Collect
+  additionalinfo: The start of the query window in seconds, relative to the current time, inclusive. Defaults to -3600.
 - display: Top
   name: top
   defaultvalue: 5000
   required: false
   hidden: false
   type: 0
-  additionalinfo: Limits the number of results in the response payload.
+  additionalinfo: Limits the number of results in the response payload. Defaults to 5000.
+  section: Collect
 - display: Feed Type
   name: feed_type
   defaultvalue: ALL
@@ -45,11 +52,13 @@ configuration:
   - NOD
   - NAD
   additionalinfo: The DomainTools feed type fo fetch. Defaults to 'ALL'.
+  section: Collect
 - display: Fetch indicators
   name: feed
   defaultvalue: "true"
   type: 8
   required: false
+  section: Collect
 - display: Indicator Reputation
   name: feedReputation
   defaultvalue: feedInstanceReputationNotSet
@@ -61,6 +70,7 @@ configuration:
   - Suspicious
   - Bad
   additionalinfo: Indicators from this integration instance will be marked with this reputation.
+  section: Collect
 - display: Source Reliability
   name: feedReliability
   defaultvalue: F - Reliability cannot be judged
@@ -74,6 +84,7 @@ configuration:
   - E - Unreliable
   - F - Reliability cannot be judged
   additionalinfo: Reliability of the source providing the intelligence data.
+  section: Collect
 - display: ""
   name: feedExpirationPolicy
   defaultvalue: indicatorType
@@ -84,34 +95,41 @@ configuration:
   - interval
   - indicatorType
   - suddenDeath
+  section: Collect
 - display: ""
   name: feedExpirationInterval
   defaultvalue: "20160"
   type: 1
   required: false
+  section: Collect
 - display: Feed Fetch Interval
   name: feedFetchInterval
   defaultvalue: "240"
   type: 19
   required: false
+  section: Collect
 - display: Bypass exclusion list
   name: feedBypassExclusionList
   defaultvalue: "true"
   type: 8
   required: false
+  section: Collect
   additionalinfo: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.
 - display: Trust any certificate (not secure)
   name: insecure
   required: false
   type: 8
+  section: Connect
 - display: Use system proxy settings
   name: proxy
   type: 8
   required: false
+  section: Connect
 - name: feedTags
   display: Tags
   type: 0
   additionalinfo: Supports CSV values.
+  section: Collect
 - name: tlp_color
   display: Traffic Light Protocol Color
   options:
@@ -124,7 +142,7 @@ configuration:
   required: false
   section: Collect
 display: FeedDomainTools
-description: Real-Time Threat Intelligence Feeds provide data on the different stages of the domain lifecycle from first-observed in the wild, to newly re-activated after a period of quiet. Newly Active Domains (NAD) Apex-level domains (e.g. example.com but not www.example.com) that we observe based on the latest lifecycle of the domain. A domain may be seen either for the first time ever, or again after at least 10 days of inactivity (no observed resolutions in DNS). Populated with our global passive DNS (pDNS) sensor network. Newly Observed Domains (NOD) Apex-level domains (e.g. example.com but not www.example.com) that we observe for the first time, and have not observed previously with our global DNS sensor network.
+description: "Real-Time Threat Intelligence Feeds provide data on the different stages of the domain lifecycle: from first-observed in the wild, to newly re-activated after a period of quiet. Newly Active Domains surfaces apex-level domains seen for the first time or after ten or more days of inactivity. Newly Observed Domains surfaces domains that we observe for the first time."
 name: FeedDomainTools
 script:
   commands:
@@ -173,7 +191,7 @@ script:
       default: false
       required: false
       secret: false
-  dockerimage: demisto/vendors-sdk:1.0.0.2073752
+  dockerimage: demisto/vendors-sdk:1.0.0.2432953
   feed: true
   isfetch: false
   longRunning: false
@@ -183,6 +201,9 @@ script:
   subtype: python3
   type: python
 fromversion: 5.5.0
+sectionOrder:
+- Connect
+- Collect
 marketplaces:
 - xsoar
 - marketplacev2

Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools_description.md

@@ -1,3 +1,3 @@
 ## DomainTools Feed
 
-Real-Time Threat Intelligence Feeds provide data on the different stages of the domain lifecycle from first-observed in the wild, to newly re-activated after a period of quiet. Newly Active Domains (NAD) Apex-level domains (e.g. `example.com` but not `www.example.com`) that we observe based on the latest lifecycle of the domain. A domain may be seen either for the first time ever, or again after at least 10 days of inactivity (no observed resolutions in DNS). Populated with our global passive DNS (pDNS) sensor network. Newly Observed Domains (NOD) Apex-level domains (e.g. `example.com` but not `www.example.com`) that we observe for the first time, and have not observed previously with our global DNS sensor network.
+Real-Time Threat Intelligence Feeds provide data on the different stages of the domain lifecycle: from first-observed in the wild, to newly re-activated after a period of quiet. Newly Active Domains surfaces apex-level domains seen for the first time or after ten or more days of inactivity. Newly Observed Domains surfaces domains that we observe for the first time.

Packs/FeedDomainTools/Integrations/FeedDomainTools/README.md

@@ -1,16 +1,16 @@
-Real-Time Threat Intelligence Feeds provide data on the different stages of the domain lifecycle from first-observed in the wild, to newly re-activated after a period of quiet. Newly Active Domains (NAD) Apex-level domains (e.g. `example.com` but not `www.example.com`) that we observe based on the latest lifecycle of the domain. A domain may be seen either for the first time ever, or again after at least 10 days of inactivity (no observed resolutions in DNS). Populated with our global passive DNS (pDNS) sensor network. Newly Observed Domains (NOD) Apex-level domains (e.g. `example.com` but not `www.example.com`) that we observe for the first time, and have not observed previously with our global DNS sensor network.
+Real-Time Threat Intelligence Feeds provide data on the different stages of the domain lifecycle: from first-observed in the wild, to newly re-activated after a period of quiet. Newly Active Domains surfaces apex-level domains seen for the first time or after ten or more days of inactivity. Newly Observed Domains surfaces domains that we observe for the first time.
 This integration was integrated and tested with version 1.0.0 of FeedDomainTools.
 
 ## Configure FeedDomainTools in Cortex
 
 
 | **Parameter** | **Description** | **Required** |
 | --- | --- | --- |
-| API Username |  | True |
-| API Key |  | True |
-| Session ID | The session id to serve as unique indentifier. On it's initial use, it will retrieve data from the past 5 days. | False |
-| After | The start of the query window in seconds, relative to the current time, inclusive. | False |
-| Top | Limits the number of results in the response payload. | False |
+| API Username | The DomainTools API Username to use. | True |
+| API Key | The DomainTools API Key to use. | True |
+| Session ID | The session id to serve as unique identifier. On it's initial use, it will retrieve data from the past 5 days. Defaults to 'dt-cortex-feeds'. | False |
+| After | The start of the query window in seconds, relative to the current time, inclusive. Defaults to -3600. | False |
+| Top | Limits the number of results in the response payload. Defaults to 5000. | False |
 | Feed Type | The DomainTools feed type fo fetch. Defaults to 'ALL'. | False |
 | Fetch indicators |  | False |
 | Indicator Reputation | Indicators from this integration instance will be marked with this reputation. | False |

Packs/FeedDomainTools/README.md

@@ -1,9 +1,2 @@
-DomainTools NOD/NAD Feed integration.
-
-Real-Time Threat Intelligence Feeds provide data on the different stages of the domain lifecycle: from first-observed in the wild, to newly re-activated after a period of quiet.
-
-- Newly Active Domains (NAD)
-Apex-level domains (e.g. `example.com` but not `www.example.com`) that we observe based on the latest lifecycle of the domain. A domain may be seen either for the first time ever, or again after at least 10 days of inactivity (no observed resolutions in DNS). Populated with our global passive DNS (pDNS) sensor network.
-
-- Newly Observed Domains (NOD)
-Apex-level domains (e.g. `example.com` but not `www.example.com`) that we observe for the first time, and have not observed previously with our global DNS sensor network.
+Real-Time Threat Intelligence Feeds provide data on the different stages of the domain lifecycle: from first-observed in the wild, to newly re-activated after a period of quiet. Newly Active Domains surfaces apex-level domains seen for the first time or after ten or more days of inactivity. Newly Observed Domains surfaces domains that we observe for the first time.
+This integration was integrated and tested with version 1.0.0 of FeedDomainTools.