diff --git a/pack_catalog.json b/pack_catalog.json index 720165d..f53bcab 100644 --- a/pack_catalog.json +++ b/pack_catalog.json @@ -3,6 +3,7 @@ { "id": "SocFrameworkCrowdstrikeFalcon", "display_name": "SOC CrowdStrike Falcon Integration Enhancement for Cortex XSIAM", + "category": "End Point", "version": "1.0.44", "path": "Packs/SocFrameworkCrowdstrikeFalcon", "visible": true, @@ -11,6 +12,7 @@ { "id": "SocFrameworkMicrosoftDefender", "display_name": "SOC Microsoft Defender Integration Enhancement for Cortex XSIAM", + "category": "End Point", "version": "1.0.28", "path": "Packs/SocFrameworkMicrosoftDefender", "visible": true, @@ -19,6 +21,7 @@ { "id": "SocFrameworkOptimization", "display_name": "SOC Framework (DEPRECATED)", + "category": "Use Case", "version": "2.1.48", "path": "Packs/SocFrameworkOptimization", "visible": false, @@ -27,6 +30,7 @@ { "id": "SocFrameworkProofPointTap", "display_name": "SOC Proofpoint TAP Integration Enhancement for Cortex XSIAM", + "category": "Email Security", "version": "1.1.2", "path": "Packs/SocFrameworkProofPointTap", "visible": true, @@ -35,6 +39,7 @@ { "id": "SocFrameworkTrendMicroVisionOne", "display_name": "SOC Trend Micro Enhancement for Cortex XSIAM", + "category": "End Point", "version": "1.0.29", "path": "Packs/SocFrameworkTrendMicroVisionOne", "visible": true, @@ -43,6 +48,7 @@ { "id": "soc-common-playbooks", "display_name": "SOC Common Playbooks", + "category": "Utility", "version": "2.7.52", "path": "Packs/soc-common-playbooks", "visible": false, @@ -51,6 +57,7 @@ { "id": "soc-common-playbooks-unified", "display_name": "SOC Common Playbooks Unified", + "category": "Use Case", "version": "2.7.54", "path": "Packs/soc-common-playbooks-unified", "visible": false, @@ -59,6 +66,7 @@ { "id": "soc-framework-manager", "display_name": "SOC Framework Package Manager", + "category": "Utility", "version": "1.0.13", "path": "Packs/soc-framework-manager", "visible": false, @@ -67,6 +75,7 @@ { "id": "soc-framework-nist-ir", "display_name": "SOC Framework NIST IR (800-61)", + "category": "Utility", "version": "1.1.0", "path": "Packs/soc-framework-nist-ir", "visible": false, @@ -75,6 +84,7 @@ { "id": "soc-microsoft-graph-security", "display_name": "SOC Microsoft Graph Security Content Pack Enhancement for Cortex XSIAM", + "category": "End Point", "version": "1.0.11", "path": "Packs/soc-microsoft-graph-security", "visible": false, @@ -83,6 +93,7 @@ { "id": "soc-optimization-unified", "display_name": "SOC Framework Unified", + "category": "Use Case", "version": "3.4.0", "path": "Packs/soc-optimization-unified", "visible": true, diff --git a/tools/build_pack_catalog.py b/tools/build_pack_catalog.py index 25bfc66..966cf8f 100644 --- a/tools/build_pack_catalog.py +++ b/tools/build_pack_catalog.py @@ -79,6 +79,14 @@ def build_catalog_entry( if existing_entry is not None and isinstance(existing_entry.get("visible"), bool): visible = existing_entry["visible"] + # Preserve existing "category" if present; otherwise read from pack_metadata + category = None + if existing_entry is not None and existing_entry.get("category"): + category = existing_entry["category"] + elif meta.get("categories"): + cats = meta["categories"] + category = cats[0] if isinstance(cats, list) else cats + # Detect xsoar_config.json and build raw URL if it exists xsoar_config_path = pack_dir / "xsoar_config.json" if xsoar_config_path.is_file(): @@ -92,6 +100,7 @@ def build_catalog_entry( return { "id": pack_id, "display_name": display_name, + "category": category, "version": version, "path": str(pack_dir.as_posix()), "visible": visible,