From 0e8e0f656199c57db0fbdd711d77caa63428f60f Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Mon, 29 Jun 2020 18:59:08 +0000
Subject: [PATCH 01/24] Client create user

---
 Packs/Code42/Integrations/Code42/Code42.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/Packs/Code42/Integrations/Code42/Code42.py b/Packs/Code42/Integrations/Code42/Code42.py
index 806acf1a9d54..b857e2e2bb05 100644
--- a/Packs/Code42/Integrations/Code42/Code42.py
+++ b/Packs/Code42/Integrations/Code42/Code42.py
@@ -261,6 +261,21 @@ def get_user_id(self, username):
             raise Exception("No user found with username {0}.".format(username))
         return res[0]["userUid"]
 
+    def create_user(self, org_name, username, email):
+        org_uid = self.get_org_uid(org_name)
+        return self._get_sdk().users.create_user(org_uid, username, email)
+
+    def block_user(self, username):
+
+
+    def get_org_uid(self, org_name):
+        org_pages = self._get_sdk().orgs.get_all()
+        for org_page in org_pages:
+            for org in org_page["orgs"]:
+                if org["orgName"] == org_name:
+                    return org["orgUid"]
+        raise Exception("No org found with name {0}.".format(org_name))
+
     def search_file_events(self, payload):
         res = self._get_sdk().securitydata.search_file_events(payload)
         return res["fileEvents"]

From f8d733a6f94383b6dd1b3aa7bf66536bd42ca13b Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Mon, 29 Jun 2020 19:34:50 +0000
Subject: [PATCH 02/24] Save

---
 Packs/Code42/Integrations/Code42/Code42.py    |  39 +-
 Packs/Code42/Integrations/Code42/Code42.yml   | 373 +++++++++++++-----
 .../Code42/Integrations/Code42/Code42_test.py |  36 +-
 3 files changed, 333 insertions(+), 115 deletions(-)

diff --git a/Packs/Code42/Integrations/Code42/Code42.py b/Packs/Code42/Integrations/Code42/Code42.py
index b857e2e2bb05..df76e5a25757 100644
--- a/Packs/Code42/Integrations/Code42/Code42.py
+++ b/Packs/Code42/Integrations/Code42/Code42.py
@@ -174,7 +174,7 @@ def _get_sdk(self):
         return self._sdk
 
     def add_user_to_departing_employee(self, username, departure_date=None, note=None):
-        user_id = self.get_user_id(username)
+        user_id = self.get_user(username)["userUid"]
         self._get_sdk().detectionlists.departing_employee.add(
             user_id, departure_date=departure_date
         )
@@ -183,7 +183,7 @@ def add_user_to_departing_employee(self, username, departure_date=None, note=Non
         return user_id
 
     def remove_user_from_departing_employee(self, username):
-        user_id = self.get_user_id(username)
+        user_id = self.get_user(username)["userUid"]
         self._get_sdk().detectionlists.departing_employee.remove(user_id)
         return user_id
 
@@ -200,26 +200,26 @@ def get_all_departing_employees(self, results):
         return res
 
     def add_user_to_high_risk_employee(self, username, note=None):
-        user_id = self.get_user_id(username)
+        user_id = self.get_user(username)["userUid"]
         self._get_sdk().detectionlists.high_risk_employee.add(user_id)
         if note:
             self._get_sdk().detectionlists.update_user_notes(user_id, note)
         return user_id
 
     def remove_user_from_high_risk_employee(self, username):
-        user_id = self.get_user_id(username)
+        user_id = self.get_user(username)["userUid"]
         self._get_sdk().detectionlists.high_risk_employee.remove(user_id)
         return user_id
 
     def add_user_risk_tags(self, username, risk_tags):
         risk_tags = _try_convert_str_list_to_list(risk_tags)
-        user_id = self.get_user_id(username)
+        user_id = self.get_user(username)["userUid"]
         self._get_sdk().detectionlists.add_user_risk_tags(user_id, risk_tags)
         return user_id
 
     def remove_user_risk_tags(self, username, risk_tags):
         risk_tags = _try_convert_str_list_to_list(risk_tags)
-        user_id = self.get_user_id(username)
+        user_id = self.get_user(username)["userUid"]
         self._get_sdk().detectionlists.remove_user_risk_tags(user_id, risk_tags)
         return user_id
 
@@ -255,25 +255,30 @@ def get_current_user(self):
         res = self._get_sdk().users.get_current()
         return res
 
-    def get_user_id(self, username):
+    def get_user(self, username):
         res = self._get_sdk().users.get_by_username(username)["users"]
         if not res:
             raise Exception("No user found with username {0}.".format(username))
-        return res[0]["userUid"]
+        return res[0]
 
     def create_user(self, org_name, username, email):
-        org_uid = self.get_org_uid(org_name)
+        org_uid = self.get_org(org_name)["orgUid"]
         return self._get_sdk().users.create_user(org_uid, username, email)
 
     def block_user(self, username):
+        user_id = self.get_user(username)["userId"]
+        return self._get_sdk().users.block(user_id)
 
+    def deactivate_user(self, username):
+        user_id = self.get_user(username)["userId"]
+        return self._get_sdk().users.deactivate(user_id)
 
-    def get_org_uid(self, org_name):
+    def get_org(self, org_name):
         org_pages = self._get_sdk().orgs.get_all()
         for org_page in org_pages:
             for org in org_page["orgs"]:
                 if org["orgName"] == org_name:
-                    return org["orgUid"]
+                    return org
         raise Exception("No org found with name {0}.".format(org_name))
 
     def search_file_events(self, payload):
@@ -786,6 +791,18 @@ def securitydata_search_command(client, args):
         return "No results found", {}, {}
 
 
+def code42_user_create_command():
+    pass
+
+
+def code42_user_block_command():
+    pass
+
+
+def code42_user_deactivate_command():
+    pass
+
+
 """Fetching"""
 
 
diff --git a/Packs/Code42/Integrations/Code42/Code42.yml b/Packs/Code42/Integrations/Code42/Code42.yml
index 2dcf45befea1..1faa4b9926e3 100644
--- a/Packs/Code42/Integrations/Code42/Code42.yml
+++ b/Packs/Code42/Integrations/Code42/Code42.yml
@@ -1,70 +1,87 @@
+category: Endpoint
 commonfields:
   id: Code42
   version: -1
-name: Code42
-display: Code42
-category: Endpoint
-description: Use the Code42 integration to identify potential data exfiltration from insider threats while speeding investigation and response by providing fast access to file events and metadata across physical and cloud environments.
 configuration:
-- display: Code42 Console URL for the pod your Code42 instance is running in
+- defaultvalue: console.us.code42.com
+  display: Code42 Console URL for the pod your Code42 instance is running in
   name: console_url
-  defaultvalue: console.us.code42.com
-  type: 0
   required: true
-- display: "Username"
+  type: 0
+- display: Username
   name: credentials
-  defaultvalue: ""
-  type: 9
   required: true
+  type: 9
 - display: Fetch incidents
   name: isFetch
-  type: 8
   required: false
+  type: 8
 - display: Incident type
   name: incidentType
-  type: 13
   required: false
+  type: 13
 - display: Alert severities to fetch when fetching incidents
   name: alert_severity
-  defaultvalue: ""
-  type: 16
-  required: false
   options:
   - High
   - Medium
   - Low
-- display: First fetch time range (<number> <time unit>, e.g., 1 hour, 30 minutes)
+  required: false
+  type: 16
+- defaultvalue: 24 hours
+  display: First fetch time range (<number> <time unit>, e.g., 1 hour, 30 minutes)
   name: fetch_time
-  defaultvalue: 24 hours
-  type: 0
   required: false
-- display: Alerts to fetch per run; note that increasing this value may result in
+  type: 0
+- defaultvalue: '10'
+  display: Alerts to fetch per run; note that increasing this value may result in
     slow performance if too many results are returned at once
   name: fetch_limit
-  defaultvalue: "10"
-  type: 0
   required: false
-- display: Include the list of files in returned incidents.
+  type: 0
+- defaultvalue: 'false'
+  display: Include the list of files in returned incidents.
   name: include_files
-  defaultvalue: "false"
-  type: 8
   required: false
+  type: 8
+description: Use the Code42 integration to identify potential data exfiltration from
+  insider threats while speeding investigation and response by providing fast access
+  to file events and metadata across physical and cloud environments.
+display: Code42
+name: Code42
 script:
-  script: ''
-  type: python
   commands:
-  - name: code42-securitydata-search
-    arguments:
-    - name: json
+  - arguments:
+    - default: false
       description: JSON query payload using Code42 query syntax.
-    - name: hash
+      isArray: false
+      name: json
+      required: false
+      secret: false
+    - default: false
       description: MD5 or SHA256 hash of the file to search for.
-    - name: username
+      isArray: false
+      name: hash
+      required: false
+      secret: false
+    - default: false
       description: Username to search for.
-    - name: hostname
+      isArray: false
+      name: username
+      required: false
+      secret: false
+    - default: false
       description: Hostname to search for.
-    - name: exposure
-      auto: PREDEFINED
+      isArray: false
+      name: hostname
+      required: false
+      secret: false
+    - auto: PREDEFINED
+      default: false
+      description: Exposure types to search for. Can be "RemovableMedia", "ApplicationRead",
+        "CloudStorage", "IsPublic", "SharedViaLink", or "SharedViaDomain".
+      isArray: true
+      name: exposure
       predefined:
       - RemovableMedia
       - ApplicationRead
@@ -72,11 +89,23 @@ script:
       - IsPublic
       - SharedViaLink
       - SharedViaDomain
-      description: Exposure types to search for. Can be "RemovableMedia", "ApplicationRead", "CloudStorage", "IsPublic", "SharedViaLink", or "SharedViaDomain".
-      isArray: true
-    - name: results
+      required: false
+      secret: false
+    - default: false
+      defaultValue: '100'
       description: The number of results to return. The default is 100.
-      defaultValue: "100"
+      isArray: false
+      name: results
+      required: false
+      secret: false
+    deprecated: false
+    description: Searches for a file in Security Data by JSON query, hash, username,
+      device hostname, exfiltration type, or a combination of parameters. At least
+      one argument must be passed in the command. If a JSON argument is passed, it
+      will be used to the exclusion of other parameters, otherwise parameters will
+      be combined with an AND clause.
+    execution: false
+    name: code42-securitydata-search
     outputs:
     - contextPath: Code42.SecurityData.EventTimestamp
       description: Timestamp for the event.
@@ -204,17 +233,18 @@ script:
     - contextPath: File.Hostname
       description: The hostname where the file event was captured.
       type: string
-    description: Searches for a file in Security Data by JSON query, hash, username,
-      device hostname, exfiltration type, or a combination of parameters. At least
-      one argument must be passed in the command. If a JSON argument is passed,
-      it will be used to the exclusion of other parameters, otherwise parameters will
-      be combined with an AND clause.
-  - name: code42-alert-get
-    arguments:
-    - name: id
+  - arguments:
+    - default: false
+      description: The alert ID to retrieve. Alert IDs are associated with alerts
+        that are fetched via fetch-incidents.
+      isArray: false
+      name: id
       required: true
-      description: The alert ID to retrieve. Alert IDs are associated with alerts that
-        are fetched via fetch-incidents.
+      secret: false
+    deprecated: false
+    description: Retrieve alert details by alert ID
+    execution: false
+    name: code42-alert-get
     outputs:
     - contextPath: Code42.SecurityAlert.Username
       description: The username associated with the alert.
@@ -240,27 +270,45 @@ script:
     - contextPath: Code42.SecurityAlert.Severity
       description: The severity of the alert.
       type: string
-    description: Retrieve alert details by alert ID
-  - name: code42-alert-resolve
-    arguments:
-    - name: id
-      required: true
+  - arguments:
+    - default: false
       description: The alert ID to resolve. Alert IDs are associated with alerts that
         are fetched via fetch-incidents.
+      isArray: false
+      name: id
+      required: true
+      secret: false
+    deprecated: false
+    description: Resolves a Code42 Security alert.
+    execution: false
+    name: code42-alert-resolve
     outputs:
     - contextPath: Code42.SecurityAlert.ID
       description: The alert ID of the resolved alert.
       type: string
-    description: Resolves a Code42 Security alert.
-  - name: code42-departingemployee-add
-    arguments:
-    - name: username
-      required: true
+  - arguments:
+    - default: false
       description: The username to add to the Departing Employee List.
-    - name: departuredate
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    - default: false
       description: The departure date for the employee, in the format YYYY-MM-DD.
-    - name: note
+      isArray: false
+      name: departuredate
+      required: false
+      secret: false
+    - default: false
       description: Note to attach to the Departing Employee.
+      isArray: false
+      name: note
+      required: false
+      secret: false
+    deprecated: false
+    description: Adds a user to the Departing Employee List.
+    execution: false
+    name: code42-departingemployee-add
     outputs:
     - contextPath: Code42.DepartingEmployee.UserID
       description: Internal Code42 User ID for the Departing Employee.
@@ -273,12 +321,18 @@ script:
       type: string
     - contextPath: Code42.DepartingEmployee.DepartureDate
       description: The departure date for the Departing Employee.
-    description: Adds a user to the Departing Employee List.
-  - name: code42-departingemployee-remove
-    arguments:
-    - name: username
-      required: true
+      type: Unknown
+  - arguments:
+    - default: false
       description: The username to remove from the Departing Employee List.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    deprecated: false
+    description: Removes a user from the Departing Employee List.
+    execution: false
+    name: code42-departingemployee-remove
     outputs:
     - contextPath: Code42.DepartingEmployee.UserID
       description: Internal Code42 User ID for the Departing Employee.
@@ -286,13 +340,17 @@ script:
     - contextPath: Code42.DepartingEmployee.Username
       description: The username of the Departing Employee.
       type: string
-    description: Removes a user from the Departing Employee List.
-  - name: code42-departingemployee-get-all
-    arguments:
-    - name: results
+  - arguments:
+    - default: false
       description: The number of items to return.
-      defaultvalue: "50"
-      type: number
+      isArray: false
+      name: results
+      required: false
+      secret: false
+    deprecated: false
+    description: Get all employees on the Departing Employee List.
+    execution: false
+    name: code42-departingemployee-get-all
     outputs:
     - contextPath: Code42.DepartingEmployee.UserID
       description: Internal Code42 User ID for the Departing Employee.
@@ -305,14 +363,24 @@ script:
       type: string
     - contextPath: Code42.DepartingEmployee.DepartureDate
       description: The departure date for the Departing Employee.
-    description: Get all employees on the Departing Employee List.
-  - name: code42-highriskemployee-add
-    arguments:
-    - name: username
-      required: true
+      type: Unknown
+  - arguments:
+    - default: false
       description: The username to add to the High Risk Employee List.
-    - name: note
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    - default: false
       description: Note to attach to the High Risk Employee.
+      isArray: false
+      name: note
+      required: false
+      secret: false
+    deprecated: false
+    description: Adds a user from the High Risk Employee List.
+    execution: false
+    name: code42-highriskemployee-add
     outputs:
     - contextPath: Code42.HighRiskEmployee.UserID
       description: Internal Code42 User ID for the High Risk Employee.
@@ -323,26 +391,42 @@ script:
     - contextPath: Code42.HighRiskEmployee.Note
       description: Note associated with the High Risk Employee.
       type: string
-    description: Adds a user from the High Risk Employee List.
-  - name: code42-highriskemployee-remove
-    arguments:
-    - name: username
-      required: true
+  - arguments:
+    - default: false
       description: The username to remove from the High Risk Employee List.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    deprecated: false
+    description: Removes a user from the High Risk Employee List.
+    execution: false
+    name: code42-highriskemployee-remove
     outputs:
     - contextPath: Code42.HighRiskEmployee.UserID
       description: Internal Code42 User ID for the High Risk Employee.
+      type: Unknown
     - contextPath: Code42.HighRiskEmployee.Username
       description: The username of the High Risk Employee.
-    description: Removes a user from the High Risk Employee List.
-  - name: code42-highriskemployee-get-all
-    arguments:
-    - name: risktags
-      description: To filter results by employees who have these risk tags. Space delimited.
-    - name: results
+      type: Unknown
+  - arguments:
+    - default: false
+      description: To filter results by employees who have these risk tags. Space
+        delimited.
+      isArray: false
+      name: risktags
+      required: false
+      secret: false
+    - default: false
       description: The number of items to return.
-      defaultvalue: 50
-      type: number
+      isArray: false
+      name: results
+      required: false
+      secret: false
+    deprecated: false
+    description: Get all employees on the High Risk Employee List.
+    execution: false
+    name: code42-highriskemployee-get-all
     outputs:
     - contextPath: Code42.HighRiskEmployee.UserID
       description: Internal Code42 User ID for the High Risk Employee.
@@ -353,15 +437,22 @@ script:
     - contextPath: Code42.HighRiskEmployee.Note
       description: Note associated with the High Risk Employee.
       type: string
-    description: Get all employees on the High Risk Employee List.
-  - name: code42-highriskemployee-add-risk-tags
-    arguments:
-    - name: username
-      required: true
+  - arguments:
+    - default: false
       description: The username of the High Risk Employee.
-    - name: risktags
+      isArray: false
+      name: username
       required: true
+      secret: false
+    - default: false
       description: Space-delimited risk tags to associate with the High Risk Employee.
+      isArray: false
+      name: risktags
+      required: true
+      secret: false
+    deprecated: false
+    execution: false
+    name: code42-highriskemployee-add-risk-tags
     outputs:
     - contextPath: Code42.HighRiskEmployee.UserID
       description: Internal Code42 User ID for the Departing Employee.
@@ -371,14 +462,23 @@ script:
       type: string
     - contextPath: Code42.HighRiskEmployee.RiskTags
       description: Risk tags to associate with the High Risk Employee.
-  - name: code42-highriskemployee-remove-risk-tags
-    arguments:
-    - name: username
-      required: true
+      type: Unknown
+  - arguments:
+    - default: false
       description: The username of the High Risk Employee.
-    - name: risktags
+      isArray: false
+      name: username
       required: true
+      secret: false
+    - default: false
       description: Space-delimited risk tags to disassociate from the High Risk Employee.
+      isArray: false
+      name: risktags
+      required: true
+      secret: false
+    deprecated: false
+    execution: false
+    name: code42-highriskemployee-remove-risk-tags
     outputs:
     - contextPath: Code42.HighRiskEmployee.UserID
       description: Internal Code42 User ID for the Departing Employee.
@@ -388,7 +488,78 @@ script:
       type: string
     - contextPath: Code42.HighRiskEmployee.RiskTags
       description: Risk tags to disassociate from the High Risk Employee.
+      type: Unknown
+  - arguments:
+    - default: false
+      description: The name of the Code42 organization from which to add the user.
+      isArray: false
+      name: orgname
+      required: true
+      secret: false
+    - default: false
+      description: The username to give to the user.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    - default: false
+      defaultValue: The email to give to the user.
+      isArray: false
+      name: email
+      required: true
+      secret: false
+    deprecated: false
+    description: Creates a Code42 user.
+    execution: false
+    name: code42-user-create
+    outputs:
+    - contextPath: Code42.User.Username
+      description: A username for a Code42 user.
+      type: String
+    - contextPath: Code42.User.Email
+      description: An email for a Code42 user.
+      type: String
+    - contextPath: Code42.User.UserID
+      description: An ID for a Code42 user.
+      type: String
+  - arguments:
+    - default: false
+      description: The username of the user to block.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    deprecated: false
+    description: Blocks a user in Code42.  A blocked user is not allowed to log in
+      or restore files. Backups will continue if the user is still active.
+    execution: false
+    name: code42-user-block
+    outputs:
+    - contextPath: Code42.User.UserID
+      description: An ID for a Code42 user.
+      type: String
+  - arguments:
+    - default: false
+      description: The username of the user to deactivate.
+      isArray: false
+      name: username
+      required: false
+      secret: false
+    deprecated: false
+    description: Deactivate a user in Code42; signing them out of their devices. Backups
+      discontinue for a deactivated user, and their archives go to cold storage.
+    execution: false
+    name: code42-user-deactivate
+    outputs:
+    - contextPath: Code42.User.UserID
+      description: The ID of a Code42 User.
+      type: String
   dockerimage: demisto/py42:1.0.0.9242
+  feed: false
   isfetch: true
+  longRunning: false
+  longRunningPort: false
   runonce: false
+  script: '-'
   subtype: python3
+  type: python
diff --git a/Packs/Code42/Integrations/Code42/Code42_test.py b/Packs/Code42/Integrations/Code42/Code42_test.py
index bb58b476e9dc..243f1fba05dd 100644
--- a/Packs/Code42/Integrations/Code42/Code42_test.py
+++ b/Packs/Code42/Integrations/Code42/Code42_test.py
@@ -988,6 +988,36 @@
 """
 
 
+CREATE_USER_RESPONSE = """
+{
+    "userId": 291999,
+    "userUid": "960849588659999999",
+    "status": "Active",
+    "username": "new.user@example.com",
+    "email": "new.user@example.com",
+    "firstName": null,
+    "lastName": null,
+    "quotaInBytes": -1,
+    "orgId": 2689,
+    "orgUid": "890854247383106706",
+    "orgName": "New Users Org",
+    "userExtRef": null,
+    "notes": null,
+    "active": true,
+    "blocked": false,
+    "emailPromo": true,
+    "invited": true,
+    "orgType": "ENTERPRISE",
+    "usernameIsAnEmail": null,
+    "creationDate": "2020-06-29T19:23:04.285Z",
+    "modificationDate": "2020-06-29T19:23:04.306Z",
+    "passwordReset": false,
+    "localAuthenticationOnly": false,
+    "licenses": []
+}
+"""
+
+
 _TEST_USER_ID = "123412341234123412"  # value found in GET_USER_RESPONSE
 _TEST_USERNAME = "user1@example.com"
 
@@ -1097,11 +1127,11 @@ def test_client_lazily_inits_sdk(mocker):
     mocker.patch("py42.sdk.from_local_account")
 
     # test that sdk does not init during ctor
-    client = Code42Client(sdk=None, base_url=MOCK_URL, auth=MOCK_AUTH, verify=False, proxy=None)
+    client = Code42Client(sdk=None, base_url=MOCK_URL, auth=MOCK_AUTH, verify=False, proxy=False)
     assert client._sdk is None
 
     # test that sdk init from first method call
-    client.get_user_id("Test")
+    client.get_user("Test")
     assert client._sdk is not None
 
 
@@ -1118,7 +1148,7 @@ def test_client_when_no_user_found_raises_exception(code42_sdk_mock):
     code42_sdk_mock.users.get_by_username.return_value = """{'totalCount': 0, 'users': []}"""
     client = create_client(code42_sdk_mock)
     with pytest.raises(Exception):
-        client.get_user_id("test@example.com")
+        client.get_user("test@example.com")
 
 
 def test_build_query_payload():

From 709a44fc864a96b30baaecf829db0c0770cb0d17 Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Mon, 29 Jun 2020 20:08:45 +0000
Subject: [PATCH 03/24] Save

---
 Packs/Code42/Integrations/Code42/Code42.py    |  8 +-
 .../Code42/Integrations/Code42/Code42_test.py | 81 ++++++++++++++++++-
 2 files changed, 84 insertions(+), 5 deletions(-)

diff --git a/Packs/Code42/Integrations/Code42/Code42.py b/Packs/Code42/Integrations/Code42/Code42.py
index 19decb33dabf..dda3489ffba2 100644
--- a/Packs/Code42/Integrations/Code42/Code42.py
+++ b/Packs/Code42/Integrations/Code42/Code42.py
@@ -791,15 +791,15 @@ def securitydata_search_command(client, args):
         return "No results found", {}, {}
 
 
-def code42_user_create_command():
-    pass
+def user_create_command(client, args):
+
 
 
-def code42_user_block_command():
+def user_block_command(client, args):
     pass
 
 
-def code42_user_deactivate_command():
+def user_deactivate_command(client, args):
     pass
 
 
diff --git a/Packs/Code42/Integrations/Code42/Code42_test.py b/Packs/Code42/Integrations/Code42/Code42_test.py
index 75212fc49b57..0fa0e40e2533 100644
--- a/Packs/Code42/Integrations/Code42/Code42_test.py
+++ b/Packs/Code42/Integrations/Code42/Code42_test.py
@@ -20,8 +20,11 @@
     highriskemployee_get_all_command,
     highriskemployee_add_risk_tags_command,
     highriskemployee_remove_risk_tags_command,
-    fetch_incidents,
     securitydata_search_command,
+    user_create_command,
+    user_block_command,
+    user_deactivate_command,
+    fetch_incidents,
 )
 import time
 
@@ -857,6 +860,57 @@
     ]
 }"""
 
+
+MOCK_GET_ALL_ORGS_RESPONSE = """
+{
+    "totalCount": 1,
+    "orgs":
+    [
+        {
+            "orgId": 9999,
+            "orgUid": "890854247383109999",
+            "orgName": "Partner SaaS Cloud - Backup",
+            "orgExtRef": null,
+            "notes": null,
+            "status": "Active",
+            "active": true,
+            "blocked": false,
+            "parentOrgId": 2686,
+            "parentOrgUid": "00007871952600000",
+            "type": "ENTERPRISE",
+            "classification": "BASIC",
+            "externalId": "000054247383100000",
+            "hierarchyCounts": {},
+            "configInheritanceCounts": {},
+            "creationDate": "2019-03-04T22:21:49.749Z",
+            "modificationDate": "2020-02-26T19:21:57.684Z",
+            "deactivationDate": null,
+            "registrationKey": "0000-H74U-0000-8MMM",
+            "reporting":
+            {
+                "orgManagers": []
+            },
+            "customConfig": true,
+            "settings":
+            {
+                "maxSeats": null,
+                "maxBytes": null
+            },
+            "settingsInherited":
+            {
+                "maxSeats": "",
+                "maxBytes": ""
+            },
+            "settingsSummary":
+            {
+                "maxSeats": "",
+                "maxBytes": ""
+            }
+        }
+    ]
+}"""
+
+
 MOCK_GET_ALL_DEPARTING_EMPLOYEES_RESPONSE = """
 {
     "items": [
@@ -905,6 +959,7 @@
 }
 """
 
+
 MOCK_GET_ALL_HIGH_RISK_EMPLOYEES_RESPONSE = """
 {
   "type$": "HIGH_RISK_SEARCH_RESPONSE_V2",
@@ -1026,6 +1081,7 @@
 def code42_sdk_mock(mocker):
     code42_mock = mocker.MagicMock(spec=SDKClient)
     get_user_response = create_mock_code42_sdk_response(mocker, MOCK_GET_USER_RESPONSE)
+    get_org_response =
     code42_mock.users.get_by_username.return_value = get_user_response
     return code42_mock
 
@@ -1047,6 +1103,11 @@ def code42_fetch_incidents_mock(code42_sdk_mock, mocker):
     return code42_mock
 
 
+@pytest.fixture
+def code42_users_mock(code42_sdk_mock, mocker):
+    create_user_response = mocker.
+
+
 def create_alerts_mock(c42_sdk_mock, mocker):
     alert_details_response = create_mock_code42_sdk_response(mocker, MOCK_ALERT_DETAILS_RESPONSE)
     c42_sdk_mock.alerts.get_details.return_value = alert_details_response
@@ -1476,6 +1537,24 @@ def test_highriskemployee_remove_risk_tags_command(code42_sdk_mock):
     )
 
 
+def test_user_create_command():
+    client = create_client(code42_sdk_mock)
+    cmd_res = user_create_command(
+        client,
+        {"orgid": "TEST_ORG_ID", "username": "new.user@example.com", "email": "new.user@example.com"}
+    )
+
+
+def test_user_block_command():
+    client = create_client(code42_sdk_mock)
+    cmd_res = user_block_command(client, {"username": "new.user@example.com"})
+
+
+def test_user_deactivate_command():
+    client = create_client(code42_sdk_mock)
+    cmd_res = user_deactivate_command(client, {"username": "new.user@example.com"})
+
+
 def test_security_data_search_command(code42_file_events_mock):
     client = create_client(code42_file_events_mock)
     cmd_res = securitydata_search_command(client, MOCK_SECURITY_DATA_SEARCH_QUERY)

From d17f75ced3e86eddaa431d35eb835379a289fe1b Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Mon, 29 Jun 2020 20:45:08 +0000
Subject: [PATCH 04/24] Add new commands

---
 Packs/Code42/Integrations/Code42/Code42.py    |   73 +-
 .../Code42/Integrations/Code42/Code42_test.py |   59 +-
 .../Code42/integration-Code42.yml             | 2486 +++++++++--------
 3 files changed, 1466 insertions(+), 1152 deletions(-)

diff --git a/Packs/Code42/Integrations/Code42/Code42.py b/Packs/Code42/Integrations/Code42/Code42.py
index a23ee72b0852..4549e6c6f5ef 100644
--- a/Packs/Code42/Integrations/Code42/Code42.py
+++ b/Packs/Code42/Integrations/Code42/Code42.py
@@ -165,7 +165,11 @@ def __init__(self, sdk, base_url, auth, verify=True, proxy=False):
         # Allow sdk parameter for unit testing.
         # Otherwise, lazily load the SDK so that the TEST Command can effectively check auth.
         self._sdk = sdk
-        self._sdk_factory = lambda: py42.sdk.from_local_account(base_url, auth[0], auth[1]) if not self._sdk else None
+        self._sdk_factory = (
+            lambda: py42.sdk.from_local_account(base_url, auth[0], auth[1])
+            if not self._sdk
+            else None
+        )
         py42.settings.set_user_agent_suffix("Cortex XSOAR")
 
     def _get_sdk(self):
@@ -263,15 +267,18 @@ def get_user(self, username):
 
     def create_user(self, org_name, username, email):
         org_uid = self.get_org(org_name)["orgUid"]
-        return self._get_sdk().users.create_user(org_uid, username, email)
+        response = self._get_sdk().users.create_user(org_uid, username, email)
+        return json.loads(response.text)
 
     def block_user(self, username):
         user_id = self.get_user(username)["userId"]
-        return self._get_sdk().users.block(user_id)
+        self._get_sdk().users.block(user_id)
+        return user_id
 
     def deactivate_user(self, username):
         user_id = self.get_user(username)["userId"]
-        return self._get_sdk().users.deactivate(user_id)
+        self._get_sdk().users.deactivate(user_id)
+        return user_id
 
     def get_org(self, org_name):
         org_pages = self._get_sdk().orgs.get_all()
@@ -782,12 +789,10 @@ def securitydata_search_command(client, args):
             outputs_key_field="EventID",
             outputs=code42_security_data_context,
             readable_output=readable_outputs,
-            raw_response=file_events
+            raw_response=file_events,
         )
         file_results = CommandResults(
-            outputs_prefix="File",
-            outputs_key_field=None,
-            outputs=file_context,
+            outputs_prefix="File", outputs_key_field=None, outputs=file_context
         )
         return code42_results, file_results
 
@@ -796,15 +801,56 @@ def securitydata_search_command(client, args):
 
 
 def user_create_command(client, args):
-
+    org_name = args.get("orgname")
+    username = args.get("username")
+    email = args.get("email")
+    try:
+        res = client.create_user(org_name, username, email)
+        outputs = {"Username": res["username"], "UserID": res["userUid"], "Email": res["email"]}
+        readable_outputs = tableToMarkdown("Code42 User Created", outputs)
+        return CommandResults(
+            outputs_prefix="Code42.User",
+            outputs_key_field="UserID",
+            outputs=outputs,
+            readable_output=readable_outputs,
+            raw_response=res,
+        )
+    except Exception as e:
+        return_error(create_command_error_message(demisto.command(), e))
 
 
 def user_block_command(client, args):
-    pass
+    username = args.get("username")
+    try:
+        user_id = client.block_user(username)
+        outputs = {"UserID": user_id}
+        readable_outputs = tableToMarkdown("Code42 User Blocked", outputs)
+        return CommandResults(
+            outputs_prefix="Code42.User",
+            outputs_key_field="UserID",
+            outputs=outputs,
+            readable_output=readable_outputs,
+            raw_response=user_id,
+        )
+    except Exception as e:
+        return_error(create_command_error_message(demisto.command(), e))
 
 
 def user_deactivate_command(client, args):
-    pass
+    username = args.get("username")
+    try:
+        user_id = client.deactivate_user(username)
+        outputs = {"UserID": user_id}
+        readable_outputs = tableToMarkdown("Code42 User Blocked", outputs)
+        return CommandResults(
+            outputs_prefix="Code42.User",
+            outputs_key_field="UserID",
+            outputs=outputs,
+            readable_output=readable_outputs,
+            raw_response=user_id,
+        )
+    except Exception as e:
+        return_error(create_command_error_message(demisto.command(), e))
 
 
 """Fetching"""
@@ -868,7 +914,7 @@ def _fetch_remaining_incidents_from_last_run(self):
             if remaining_incidents:
                 return (
                     self._last_run,
-                    remaining_incidents[:self._fetch_limit],
+                    remaining_incidents[: self._fetch_limit],
                     remaining_incidents[self._fetch_limit:],
                 )
 
@@ -980,6 +1026,9 @@ def main():
             "code42-highriskemployee-get-all": highriskemployee_get_all_command,
             "code42-highriskemployee-add-risk-tags": highriskemployee_add_risk_tags_command,
             "code42-highriskemployee-remove-risk-tags": highriskemployee_remove_risk_tags_command,
+            "code42-user-create": user_create_command,
+            "code42-user-block": user_block_command,
+            "code42-user-deactivate": user_deactivate_command,
         }
         command = demisto.command()
         if command == "test-module":
diff --git a/Packs/Code42/Integrations/Code42/Code42_test.py b/Packs/Code42/Integrations/Code42/Code42_test.py
index 98adb6ae3e82..0274eb575108 100644
--- a/Packs/Code42/Integrations/Code42/Code42_test.py
+++ b/Packs/Code42/Integrations/Code42/Code42_test.py
@@ -869,7 +869,7 @@
         {
             "orgId": 9999,
             "orgUid": "890854247383109999",
-            "orgName": "Partner SaaS Cloud - Backup",
+            "orgName": "TestCortexOrg",
             "orgExtRef": null,
             "notes": null,
             "status": "Active",
@@ -1043,7 +1043,7 @@
 """
 
 
-CREATE_USER_RESPONSE = """
+MOCK_CREATE_USER_RESPONSE = """
 {
     "userId": 291999,
     "userUid": "960849588659999999",
@@ -1075,14 +1075,18 @@
 
 _TEST_USER_ID = "123412341234123412"  # value found in GET_USER_RESPONSE
 _TEST_USERNAME = "user1@example.com"
+_TEST_ORG_NAME = "TestCortexOrg"
 
 
 @pytest.fixture
 def code42_sdk_mock(mocker):
     code42_mock = mocker.MagicMock(spec=SDKClient)
     get_user_response = create_mock_code42_sdk_response(mocker, MOCK_GET_USER_RESPONSE)
-    get_org_response =
+    get_org_response = create_mock_code42_sdk_response_generator(
+        mocker, [MOCK_GET_ALL_ORGS_RESPONSE]
+    )
     code42_mock.users.get_by_username.return_value = get_user_response
+    code42_mock.orgs.get_all.return_value = get_org_response
     return code42_mock
 
 
@@ -1105,7 +1109,9 @@ def code42_fetch_incidents_mock(code42_sdk_mock, mocker):
 
 @pytest.fixture
 def code42_users_mock(code42_sdk_mock, mocker):
-    create_user_response = mocker.
+    create_user_response = create_mock_code42_sdk_response(mocker, MOCK_CREATE_USER_RESPONSE)
+    code42_sdk_mock.users.create_user.return_value = create_user_response
+    return code42_sdk_mock
 
 
 def create_alerts_mock(c42_sdk_mock, mocker):
@@ -1157,7 +1163,7 @@ def create_mock_code42_sdk_response_generator(mocker, response_pages):
 
 
 def create_client(sdk):
-    return Code42Client(sdk=sdk, base_url=MOCK_URL, auth=MOCK_AUTH, verify=False, proxy=None)
+    return Code42Client(sdk=sdk, base_url=MOCK_URL, auth=MOCK_AUTH, verify=False, proxy=False)
 
 
 def get_empty_detectionlist_response(mocker, base_text):
@@ -1279,9 +1285,8 @@ def test_departingemployee_add_command(code42_sdk_mock):
     date = "2020-01-01"
     note = "Dummy note"
     cmd_res = departingemployee_add_command(
-        client,
-        {"username": _TEST_USERNAME, "departuredate": date, "note": note},
-     )
+        client, {"username": _TEST_USERNAME, "departuredate": date, "note": note}
+    )
     add_func = code42_sdk_mock.detectionlists.departing_employee.add
     assert cmd_res.raw_response == _TEST_USER_ID
     assert cmd_res.outputs_prefix == "Code42.DepartingEmployee"
@@ -1423,7 +1428,7 @@ def test_highriskemployee_get_all_command(code42_high_risk_employee_mock):
     cmd_res = highriskemployee_get_all_command(client, {})
     expected_response = json.loads(MOCK_GET_ALL_HIGH_RISK_EMPLOYEES_RESPONSE)["items"]
     assert cmd_res.outputs_key_field == "UserID"
-    assert  cmd_res.outputs_prefix == "Code42.HighRiskEmployee"
+    assert cmd_res.outputs_prefix == "Code42.HighRiskEmployee"
     assert cmd_res.raw_response == expected_response
     assert code42_high_risk_employee_mock.detectionlists.high_risk_employee.get_all.call_count == 1
     assert_detection_list_outputs_match_response_items(cmd_res.outputs, expected_response)
@@ -1495,9 +1500,7 @@ def test_highriskemployee_get_all_command_when_no_employees(code42_high_risk_emp
     client = create_client(code42_high_risk_employee_mock)
     cmd_res = highriskemployee_get_all_command(
         client,
-        {
-            "risktags": "PERFORMANCE_CONCERNS SUSPICIOUS_SYSTEM_ACTIVITY POOR_SECURITY_PRACTICES"
-        },
+        {"risktags": "PERFORMANCE_CONCERNS SUSPICIOUS_SYSTEM_ACTIVITY POOR_SECURITY_PRACTICES"},
     )
     assert cmd_res.outputs_prefix == "Code42.HighRiskEmployee"
     assert cmd_res.outputs_key_field == "UserID"
@@ -1539,22 +1542,38 @@ def test_highriskemployee_remove_risk_tags_command(code42_sdk_mock):
     )
 
 
-def test_user_create_command():
-    client = create_client(code42_sdk_mock)
+def test_user_create_command(code42_users_mock):
+    client = create_client(code42_users_mock)
     cmd_res = user_create_command(
         client,
-        {"orgid": "TEST_ORG_ID", "username": "new.user@example.com", "email": "new.user@example.com"}
+        {
+            "orgname": _TEST_ORG_NAME,
+            "username": "new.user@example.com",
+            "email": "new.user@example.com",
+        },
     )
+    assert cmd_res.outputs_prefix == "Code42.User"
+    assert cmd_res.outputs_key_field == "UserID"
+    assert cmd_res.raw_response == json.loads(MOCK_CREATE_USER_RESPONSE)
+    assert cmd_res.outputs["UserID"] == "960849588659999999"
+    assert cmd_res.outputs["Username"] == "new.user@example.com"
+    assert cmd_res.outputs["Email"] == "new.user@example.com"
 
 
-def test_user_block_command():
-    client = create_client(code42_sdk_mock)
+def test_user_block_command(code42_users_mock):
+    client = create_client(code42_users_mock)
     cmd_res = user_block_command(client, {"username": "new.user@example.com"})
+    assert cmd_res.raw_response == 123456
+    assert cmd_res.outputs["UserID"] == 123456
+    assert cmd_res.outputs_prefix == "Code42.User"
 
 
-def test_user_deactivate_command():
-    client = create_client(code42_sdk_mock)
+def test_user_deactivate_command(code42_users_mock):
+    client = create_client(code42_users_mock)
     cmd_res = user_deactivate_command(client, {"username": "new.user@example.com"})
+    assert cmd_res.raw_response == 123456
+    assert cmd_res.outputs["UserID"] == 123456
+    assert cmd_res.outputs_prefix == "Code42.User"
 
 
 def test_security_data_search_command(code42_file_events_mock):
@@ -1573,7 +1592,7 @@ def test_security_data_search_command(code42_file_events_mock):
         ("md5Checksum", "d41d8cd98f00b204e9800998ecf8427e"),
         ("osHostName", "DESKTOP-0001"),
         ("deviceUserName", "user3@example.com"),
-        ("exposure", "ApplicationRead")
+        ("exposure", "ApplicationRead"),
     ]
     expected_file_events = json.loads(MOCK_SECURITY_EVENT_RESPONSE)["fileEvents"]
 
diff --git a/Packs/Code42/Integrations/Code42/integration-Code42.yml b/Packs/Code42/Integrations/Code42/integration-Code42.yml
index 9438b9b66774..697e1e6964ef 100644
--- a/Packs/Code42/Integrations/Code42/integration-Code42.yml
+++ b/Packs/Code42/Integrations/Code42/integration-Code42.yml
@@ -1,1094 +1,83 @@
+category: Endpoint
 commonfields:
   id: Code42
   version: -1
-name: Code42
-display: Code42
-category: Endpoint
-description: Use the Code42 integration to identify potential data exfiltration from insider threats while speeding investigation and response by providing fast access to file events and metadata across physical and cloud environments.
 configuration:
-- display: Code42 Console URL for the pod your Code42 instance is running in
+- defaultvalue: console.us.code42.com
+  display: Code42 Console URL for the pod your Code42 instance is running in
   name: console_url
-  defaultvalue: console.us.code42.com
-  type: 0
   required: true
-- display: "Username"
+  type: 0
+- display: Username
   name: credentials
-  defaultvalue: ""
-  type: 9
   required: true
+  type: 9
 - display: Fetch incidents
   name: isFetch
-  type: 8
   required: false
+  type: 8
 - display: Incident type
   name: incidentType
-  type: 13
   required: false
+  type: 13
 - display: Alert severities to fetch when fetching incidents
   name: alert_severity
-  defaultvalue: ""
-  type: 16
-  required: false
   options:
   - High
   - Medium
   - Low
-- display: First fetch time range (<number> <time unit>, e.g., 1 hour, 30 minutes)
+  required: false
+  type: 16
+- defaultvalue: 24 hours
+  display: First fetch time range (<number> <time unit>, e.g., 1 hour, 30 minutes)
   name: fetch_time
-  defaultvalue: 24 hours
-  type: 0
   required: false
-- display: Alerts to fetch per run; note that increasing this value may result in slow performance if too many results are returned at once
-  name: fetch_limit
-  defaultvalue: "10"
   type: 0
+- defaultvalue: '10'
+  display: Alerts to fetch per run; note that increasing this value may result in slow performance if too many results are returned at once
+  name: fetch_limit
   required: false
-- display: Include the list of files in returned incidents.
+  type: 0
+- defaultvalue: 'false'
+  display: Include the list of files in returned incidents.
   name: include_files
-  defaultvalue: "false"
-  type: 8
   required: false
+  type: 8
+description: Use the Code42 integration to identify potential data exfiltration from insider threats while speeding investigation and response by providing fast access to file events and metadata across physical and cloud environments.
+display: Code42
+name: Code42
 script:
-  script: >2
-
-
-
-    """ IMPORTS """
-
-    import json
-
-    import requests
-
-    import py42.sdk
-
-    import py42.settings
-
-    from datetime import datetime
-
-    from py42.sdk.queries.fileevents.file_event_query import FileEventQuery
-
-    from py42.sdk.queries.fileevents.filters import (
-        MD5,
-        SHA256,
-        Actor,
-        EventTimestamp,
-        OSHostname,
-        DeviceUsername,
-        ExposureType,
-        EventType,
-        FileCategory,
-    )
-
-    from py42.sdk.queries.alerts.alert_query import AlertQuery
-
-    from py42.sdk.queries.alerts.filters import DateObserved, Severity, AlertState
-
-
-    # Disable insecure warnings
-
-    requests.packages.urllib3.disable_warnings()
-
-
-    """ CONSTANTS """
-
-    CODE42_EVENT_CONTEXT_FIELD_MAPPER = {
-        "eventTimestamp": "EventTimestamp",
-        "createTimestamp": "FileCreated",
-        "deviceUid": "EndpointID",
-        "deviceUserName": "DeviceUsername",
-        "emailFrom": "EmailFrom",
-        "emailRecipients": "EmailTo",
-        "emailSubject": "EmailSubject",
-        "eventId": "EventID",
-        "eventType": "EventType",
-        "fileCategory": "FileCategory",
-        "fileOwner": "FileOwner",
-        "fileName": "FileName",
-        "filePath": "FilePath",
-        "fileSize": "FileSize",
-        "modifyTimestamp": "FileModified",
-        "md5Checksum": "FileMD5",
-        "osHostName": "FileHostname",
-        "privateIpAddresses": "DevicePrivateIPAddress",
-        "publicIpAddresses": "DevicePublicIPAddress",
-        "removableMediaBusType": "RemovableMediaType",
-        "removableMediaCapacity": "RemovableMediaCapacity",
-        "removableMediaMediaName": "RemovableMediaMediaName",
-        "removableMediaName": "RemovableMediaName",
-        "removableMediaSerialNumber": "RemovableMediaSerialNumber",
-        "removableMediaVendor": "RemovableMediaVendor",
-        "sha256Checksum": "FileSHA256",
-        "shared": "FileShared",
-        "sharedWith": "FileSharedWith",
-        "source": "Source",
-        "tabUrl": "ApplicationTabURL",
-        "url": "FileURL",
-        "processName": "ProcessName",
-        "processOwner": "ProcessOwner",
-        "windowTitle": "WindowTitle",
-        "exposure": "Exposure",
-        "sharingTypeAdded": "SharingTypeAdded",
-    }
-
-
-    CODE42_ALERT_CONTEXT_FIELD_MAPPER = {
-        "actor": "Username",
-        "createdAt": "Occurred",
-        "description": "Description",
-        "id": "ID",
-        "name": "Name",
-        "state": "State",
-        "type": "Type",
-        "severity": "Severity",
-    }
-
-
-    FILE_CONTEXT_FIELD_MAPPER = {
-        "fileName": "Name",
-        "filePath": "Path",
-        "fileSize": "Size",
-        "md5Checksum": "MD5",
-        "sha256Checksum": "SHA256",
-        "osHostName": "Hostname",
-    }
-
-
-    CODE42_FILE_TYPE_MAPPER = {
-        "SourceCode": "SOURCE_CODE",
-        "Audio": "AUDIO",
-        "Executable": "EXECUTABLE",
-        "Document": "DOCUMENT",
-        "Image": "IMAGE",
-        "PDF": "PDF",
-        "Presentation": "PRESENTATION",
-        "Script": "SCRIPT",
-        "Spreadsheet": "SPREADSHEET",
-        "Video": "VIDEO",
-        "VirtualDiskImage": "VIRTUAL_DISK_IMAGE",
-        "Archive": "ARCHIVE",
-    }
-
-
-    SECURITY_EVENT_HEADERS = [
-        "EventType",
-        "FileName",
-        "FileSize",
-        "FileHostname",
-        "FileOwner",
-        "FileCategory",
-        "DeviceUsername",
-    ]
-
-
-    SECURITY_ALERT_HEADERS = ["Type", "Occurred", "Username", "Name", "Description", "State", "ID"]
-
-
-
-    def _get_severity_filter_value(severity_arg):
-        """Converts single str to upper case. If given list of strs, converts all to upper case."""
-        if severity_arg:
-            return (
-                [severity_arg.upper()]
-                if isinstance(severity_arg, str)
-                else list(map(lambda x: x.upper(), severity_arg))
-            )
-
-
-    def _create_alert_query(event_severity_filter, start_time):
-        """Creates an alert query for the given severity (or severities) and start time."""
-        alert_filters = AlertQueryFilters()
-        severity = event_severity_filter
-        alert_filters.append_result(_get_severity_filter_value(severity), Severity.is_in)
-        alert_filters.append(AlertState.eq(AlertState.OPEN))
-        alert_filters.append_result(start_time, DateObserved.on_or_after)
-        alert_query = alert_filters.to_all_query()
-        return alert_query
-
-
-    def _get_all_high_risk_employees_from_page(page, risk_tags):
-        res = []
-        for employee in page["items"]:
-            if not risk_tags:
-                res.append(employee)
-                continue
-
-            employee_tags = employee.get("riskFactors")
-            # If the employee risk tags contain all the given risk tags
-            if employee_tags and set(risk_tags) <= set(employee_tags):
-                res.append(employee)
-        return res
-
-
-    def _try_convert_str_list_to_list(str_list):
-        if isinstance(str_list, str):
-            return str_list.split()
-        return str_list
-
-
-    class Code42Client(BaseClient):
-        """
-        Client will implement the service API, should not contain Cortex XSOAR logic.
-        Should do requests and return data
-        """
-
-        def __init__(self, sdk, base_url, auth, verify=True, proxy=False):
-            super().__init__(base_url, verify=verify, proxy=proxy)
-            # Allow sdk parameter for unit testing.
-            # Otherwise, lazily load the SDK so that the TEST Command can effectively check auth.
-            self._sdk = sdk
-            self._sdk_factory = lambda: py42.sdk.from_local_account(base_url, auth[0], auth[1]) if not self._sdk else None
-            py42.settings.set_user_agent_suffix("Cortex XSOAR")
-
-        def _get_sdk(self):
-            if self._sdk is None:
-                self._sdk = self._sdk_factory()
-            return self._sdk
-
-        def add_user_to_departing_employee(self, username, departure_date=None, note=None):
-            user_id = self.get_user_id(username)
-            self._get_sdk().detectionlists.departing_employee.add(
-                user_id, departure_date=departure_date
-            )
-            if note:
-                self._get_sdk().detectionlists.update_user_notes(user_id, note)
-            return user_id
-
-        def remove_user_from_departing_employee(self, username):
-            user_id = self.get_user_id(username)
-            self._get_sdk().detectionlists.departing_employee.remove(user_id)
-            return user_id
-
-        def get_all_departing_employees(self, results):
-            res = []
-            results = int(results) if results else None
-            pages = self._get_sdk().detectionlists.departing_employee.get_all()
-            for page in pages:
-                employees = page["items"]
-                for employee in employees:
-                    res.append(employee)
-                    if results and len(res) == results:
-                        return res
-            return res
-
-        def add_user_to_high_risk_employee(self, username, note=None):
-            user_id = self.get_user_id(username)
-            self._get_sdk().detectionlists.high_risk_employee.add(user_id)
-            if note:
-                self._get_sdk().detectionlists.update_user_notes(user_id, note)
-            return user_id
-
-        def remove_user_from_high_risk_employee(self, username):
-            user_id = self.get_user_id(username)
-            self._get_sdk().detectionlists.high_risk_employee.remove(user_id)
-            return user_id
-
-        def add_user_risk_tags(self, username, risk_tags):
-            risk_tags = _try_convert_str_list_to_list(risk_tags)
-            user_id = self.get_user_id(username)
-            self._get_sdk().detectionlists.add_user_risk_tags(user_id, risk_tags)
-            return user_id
-
-        def remove_user_risk_tags(self, username, risk_tags):
-            risk_tags = _try_convert_str_list_to_list(risk_tags)
-            user_id = self.get_user_id(username)
-            self._get_sdk().detectionlists.remove_user_risk_tags(user_id, risk_tags)
-            return user_id
-
-        def get_all_high_risk_employees(self, risk_tags, results):
-            risk_tags = _try_convert_str_list_to_list(risk_tags)
-            results = int(results) if results else None
-            res = []
-            pages = self._get_sdk().detectionlists.high_risk_employee.get_all()
-            for page in pages:
-                employees = _get_all_high_risk_employees_from_page(page, risk_tags)
-                for employee in employees:
-                    res.append(employee)
-                    if results and len(res) == results:
-                        return res
-            return res
-
-        def fetch_alerts(self, start_time, event_severity_filter):
-            query = _create_alert_query(event_severity_filter, start_time)
-            res = self._get_sdk().alerts.search(query)
-            return res["alerts"]
-
-        def get_alert_details(self, alert_id):
-            res = self._get_sdk().alerts.get_details(alert_id)["alerts"]
-            if not res:
-                raise Exception("No alert found with ID {0}.".format(alert_id))
-            return res[0]
-
-        def resolve_alert(self, id):
-            self._get_sdk().alerts.resolve(id)
-            return id
-
-        def get_current_user(self):
-            res = self._get_sdk().users.get_current()
-            return res
-
-        def get_user_id(self, username):
-            res = self._get_sdk().users.get_by_username(username)["users"]
-            if not res:
-                raise Exception("No user found with username {0}.".format(username))
-            return res[0]["userUid"]
-
-        def search_file_events(self, payload):
-            res = self._get_sdk().securitydata.search_file_events(payload)
-            return res["fileEvents"]
-
-
-    class Code42SearchFilters(object):
-        def __init__(self):
-            self._filters = []
-
-        @property
-        def filters(self):
-            return self._filters
-
-        def to_all_query(self):
-            """Override"""
-
-        def append(self, _filter):
-            if _filter:
-                self._filters.append(_filter)
-
-        def extend(self, _filters):
-            if _filters:
-                self._filters.extend(_filters)
-
-        def append_result(self, value, create_filter):
-            """Safely creates and appends the filter to the working list."""
-            if not value:
-                return
-            _filter = create_filter(value)
-            self.append(_filter)
-
-
-    class FileEventQueryFilters(Code42SearchFilters):
-        """Class for simplifying building up a file event search query"""
-
-        def __init__(self, pg_size=None):
-            self._pg_size = pg_size
-            super(FileEventQueryFilters, self).__init__()
-
-        def to_all_query(self):
-            """Convert list of search criteria to *args"""
-            query = FileEventQuery.all(*self._filters)
-            if self._pg_size:
-                query.page_size = self._pg_size
-            return query
-
-
-    class AlertQueryFilters(Code42SearchFilters):
-        """Class for simplifying building up an alert search query"""
-
-        def to_all_query(self):
-            query = AlertQuery.all(*self._filters)
-            query.page_size = 500
-            query.sort_direction = "asc"
-            return query
-
-
-    @logger
-
-    def build_query_payload(args):
-        """Build a query payload combining passed args"""
-
-        pg_size = args.get("results")
-        _hash = args.get("hash")
-        hostname = args.get("hostname")
-        username = args.get("username")
-        exposure = args.get("exposure")
-
-        search_args = FileEventQueryFilters(pg_size)
-        search_args.append_result(_hash, _create_hash_filter)
-        search_args.append_result(hostname, OSHostname.eq)
-        search_args.append_result(username, DeviceUsername.eq)
-        search_args.append_result(exposure, _create_exposure_filter)
-
-        query = search_args.to_all_query()
-        LOG("File Event Query: {}".format(str(query)))
-        return query
-
-
-    def _create_hash_filter(hash_arg):
-        if not hash_arg:
-            return None
-        elif len(hash_arg) == 32:
-            return MD5.eq(hash_arg)
-        elif len(hash_arg) == 64:
-            return SHA256.eq(hash_arg)
-
-
-    def _create_exposure_filter(exposure_arg):
-        # Because the CLI can't accept lists, convert the args to a list if the type is string.
-        if isinstance(exposure_arg, str):
-            exposure_arg = exposure_arg.split(",")
-        return ExposureType.is_in(exposure_arg)
-
-
-    def _create_category_filter(file_type):
-        category_value = CODE42_FILE_TYPE_MAPPER.get(file_type["category"], "UNCATEGORIZED")
-        return FileCategory.eq(category_value)
-
-
-    class ObservationToSecurityQueryMapper(object):
-        """Class to simplify the process of mapping observation data to query objects."""
-
-        # Exfiltration consts
-        _ENDPOINT_TYPE = "FedEndpointExfiltration"
-        _CLOUD_TYPE = "FedCloudSharePermissions"
-
-        # Query consts
-        _PUBLIC_SEARCHABLE = "PublicSearchableShare"
-        _PUBLIC_LINK = "PublicLinkShare"
-        _OUTSIDE_TRUSTED_DOMAINS = "SharedOutsideTrustedDomain"
-
-        exposure_type_map = {
-            "PublicSearchableShare": ExposureType.IS_PUBLIC,
-            "PublicLinkShare": ExposureType.SHARED_VIA_LINK,
-            "SharedOutsideTrustedDomain": "OutsideTrustedDomains",
-        }
-
-        def __init__(self, observation, actor):
-            self._obs = observation
-            self._actor = actor
-
-        @property
-        def _observation_data(self):
-            return self._obs["data"]
-
-        @property
-        def _exfiltration_type(self):
-            return self._obs["type"]
-
-        @property
-        def _is_endpoint_exfiltration(self):
-            return self._exfiltration_type == self._ENDPOINT_TYPE
-
-        @property
-        def _is_cloud_exfiltration(self):
-            return self._exfiltration_type == self._CLOUD_TYPE
-
-        def _create_user_filter(self):
-            return (
-                DeviceUsername.eq(self._actor)
-                if self._is_endpoint_exfiltration
-                else Actor.eq(self._actor)
-            )
-
-        def map(self):
-            search_args = self._create_search_args()
-            query = search_args.to_all_query()
-            LOG("Alert Observation Query: {}".format(query))
-            return query
-
-        def _create_search_args(self):
-            filters = FileEventQueryFilters()
-            exposure_types = self._observation_data["exposureTypes"]
-            begin_time = _convert_date_arg_to_epoch(self._observation_data["firstActivityAt"])
-            end_time = _convert_date_arg_to_epoch(self._observation_data["lastActivityAt"])
-
-            filters.append(self._create_user_filter())
-            filters.append(EventTimestamp.on_or_after(begin_time))
-            filters.append(EventTimestamp.on_or_before(end_time))
-            filters.extend(self._create_exposure_filters(exposure_types))
-            filters.append(self._create_file_category_filters())
-
-            return filters
-
-        @logger
-        def _create_exposure_filters(self, exposure_types):
-            """Determine exposure types based on alert type"""
-            exp_types = []
-            if self._is_cloud_exfiltration:
-                for t in exposure_types:
-                    exp_type = self.exposure_type_map.get(t)
-                    if exp_type:
-                        exp_types.append(exp_type)
-                    else:
-                        LOG("Received unsupported exposure type {0}.".format(t))
-                if exp_types:
-                    return [ExposureType.is_in(exp_types)]
-                else:
-                    # If not given a support exposure type, search for all unsupported exposure types
-                    supported_exp_types = list(self.exposure_type_map.values())
-                    return [ExposureType.not_in(supported_exp_types)]
-            elif self._is_endpoint_exfiltration:
-                return [
-                    EventType.is_in([EventType.CREATED, EventType.MODIFIED, EventType.READ_BY_APP]),
-                    ExposureType.is_in(exposure_types),
-                ]
-            return []
-
-        def _create_file_category_filters(self):
-            """Determine if file categorization is significant"""
-            observed_file_categories = self._observation_data["fileCategories"]
-            categories = [c["category"].upper() for c in observed_file_categories if c["isSignificant"]]
-            if categories:
-                return FileCategory.is_in(categories)
-
-
-    def map_observation_to_security_query(observation, actor):
-        mapper = ObservationToSecurityQueryMapper(observation, actor)
-        return mapper.map()
-
-
-    def _convert_date_arg_to_epoch(date_arg):
-        date_arg = date_arg[:25]
-        return (
-            datetime.strptime(date_arg, "%Y-%m-%dT%H:%M:%S.%f") - datetime.utcfromtimestamp(0)
-        ).total_seconds()
-
-
-    @logger
-
-    def map_to_code42_event_context(obj):
-        code42_context = _map_obj_to_context(obj, CODE42_EVENT_CONTEXT_FIELD_MAPPER)
-        # FileSharedWith is a special case and needs to be converted to a list
-        if code42_context.get("FileSharedWith"):
-            shared_list = [u["cloudUsername"] for u in code42_context["FileSharedWith"]]
-            code42_context["FileSharedWith"] = str(shared_list)
-        return code42_context
-
-
-    @logger
-
-    def map_to_code42_alert_context(obj):
-        return _map_obj_to_context(obj, CODE42_ALERT_CONTEXT_FIELD_MAPPER)
-
-
-    @logger
-
-    def map_to_file_context(obj):
-        return _map_obj_to_context(obj, FILE_CONTEXT_FIELD_MAPPER)
-
-
-    @logger
-
-    def _map_obj_to_context(obj, context_mapper):
-        return {v: obj.get(k) for k, v in context_mapper.items() if obj.get(k)}
-
-
-    def create_command_error_message(cmd, ex):
-        return "Failed to execute command {0} command. Error: {1}".format(cmd, str(ex))
-
-
-    """Commands"""
-
-
-
-    @logger
-
-    def alert_get_command(client, args):
-        code42_securityalert_context = []
-        try:
-            alert = client.get_alert_details(args["id"])
-            if not alert:
-                return "No results found", {}, {}
-
-            code42_context = map_to_code42_alert_context(alert)
-            code42_securityalert_context.append(code42_context)
-            readable_outputs = tableToMarkdown(
-                "Code42 Security Alert Results",
-                code42_securityalert_context,
-                headers=SECURITY_ALERT_HEADERS,
-            )
-            return CommandResults(
-                outputs_prefix="Code42.SecurityAlert",
-                outputs_key_field="ID",
-                outputs=code42_securityalert_context,
-                readable_output=readable_outputs,
-                raw_response=alert,
-            )
-        except Exception as e:
-            return_error(create_command_error_message(demisto.command(), e))
-
-
-    @logger
-
-    def alert_resolve_command(client, args):
-        code42_securityalert_context = []
-
-        try:
-            alert_id = client.resolve_alert(args["id"])
-
-            if not alert_id:
-                return "No results found", {}, {}
-
-            # Retrieve new alert details
-            alert_details = client.get_alert_details(alert_id)
-            if not alert_details:
-                return "Error retrieving updated alert", {}, {}
-
-            code42_context = map_to_code42_alert_context(alert_details)
-            code42_securityalert_context.append(code42_context)
-            readable_outputs = tableToMarkdown(
-                "Code42 Security Alert Resolved",
-                code42_securityalert_context,
-                headers=SECURITY_ALERT_HEADERS,
-            )
-            return CommandResults(
-                outputs_prefix="Code42.SecurityAlert",
-                outputs_key_field="ID",
-                outputs=code42_securityalert_context,
-                readable_output=readable_outputs,
-                raw_response=alert_details,
-            )
-        except Exception as e:
-            return_error(create_command_error_message(demisto.command(), e))
-
-
-    @logger
-
-    def departingemployee_add_command(client, args):
-        departing_date = args.get("departuredate")
-        username = args["username"]
-        note = args.get("note")
-        try:
-            user_id = client.add_user_to_departing_employee(username, departing_date, note)
-            # CaseID included but it deprecated.
-            de_context = {
-                "CaseID": user_id,
-                "UserID": user_id,
-                "Username": username,
-                "DepartureDate": departing_date,
-                "Note": note,
-            }
-            readable_outputs = tableToMarkdown("Code42 Departing Employee List User Added", de_context)
-            return CommandResults(
-                outputs_prefix="Code42.DepartingEmployee",
-                outputs_key_field="UserID",
-                outputs=de_context,
-                readable_output=readable_outputs,
-                raw_response=user_id,
-            )
-        except Exception as e:
-            return_error(create_command_error_message(demisto.command(), e))
-
-
-    @logger
-
-    def departingemployee_remove_command(client, args):
-        username = args["username"]
-        try:
-            user_id = client.remove_user_from_departing_employee(username)
-            # CaseID included but is deprecated.
-            de_context = {"CaseID": user_id, "UserID": user_id, "Username": username}
-            readable_outputs = tableToMarkdown(
-                "Code42 Departing Employee List User Removed", de_context
-            )
-            return CommandResults(
-                outputs_prefix="Code42.DepartingEmployee",
-                outputs_key_field="UserID",
-                outputs=de_context,
-                readable_output=readable_outputs,
-                raw_response=user_id,
-            )
-        except Exception as e:
-            return_error(create_command_error_message(demisto.command(), e))
-
-
-    @logger
-
-    def departingemployee_get_all_command(client, args):
-        results = args.get("results") or 50
-        try:
-            employees = client.get_all_departing_employees(results)
-            employees_context = [
-                {
-                    "UserID": e["userId"],
-                    "Username": e["userName"],
-                    "DepartureDate": e.get("departureDate"),
-                    "Note": e["notes"],
-                }
-                for e in employees
-            ]
-            readable_outputs = tableToMarkdown("All Departing Employees", employees_context)
-            return CommandResults(
-                outputs_prefix="Code42.DepartingEmployee",
-                outputs_key_field="UserID",
-                outputs=employees_context,
-                readable_output=readable_outputs,
-                raw_response=employees,
-            )
-        except Exception as e:
-            return_error(create_command_error_message(demisto.command(), e))
-
-
-    @logger
-
-    def highriskemployee_add_command(client, args):
-        username = args["username"]
-        note = args.get("note")
-        try:
-            user_id = client.add_user_to_high_risk_employee(username, note)
-            hr_context = {"UserID": user_id, "Username": username}
-            readable_outputs = tableToMarkdown("Code42 High Risk Employee List User Added", hr_context)
-            return CommandResults(
-                outputs_prefix="Code42.HighRiskEmployee",
-                outputs_key_field="UserID",
-                outputs=hr_context,
-                readable_output=readable_outputs,
-                raw_response=user_id,
-            )
-        except Exception as e:
-            return_error(create_command_error_message(demisto.command(), e))
-
-
-    @logger
-
-    def highriskemployee_remove_command(client, args):
-        username = args["username"]
-        try:
-            user_id = client.remove_user_from_high_risk_employee(username)
-            hr_context = {"UserID": user_id, "Username": username}
-            readable_outputs = tableToMarkdown(
-                "Code42 High Risk Employee List User Removed", hr_context
-            )
-            return CommandResults(
-                outputs_prefix="Code42.HighRiskEmployee",
-                outputs_key_field="UserID",
-                outputs=hr_context,
-                readable_output=readable_outputs,
-                raw_response=user_id,
-            )
-        except Exception as e:
-            return_error(create_command_error_message(demisto.command(), e))
-
-
-    @logger
-
-    def highriskemployee_get_all_command(client, args):
-        tags = args.get("risktags")
-        results = args.get("results") or 50
-        try:
-            employees = client.get_all_high_risk_employees(tags, results)
-            employees_context = [
-                {"UserID": e.get("userId"), "Username": e.get("userName"), "Note": e.get("notes")}
-                for e in employees
-            ]
-            readable_outputs = tableToMarkdown("Retrieved All High Risk Employees", employees_context)
-            return CommandResults(
-                outputs_prefix="Code42.HighRiskEmployee",
-                outputs_key_field="UserID",
-                outputs=employees_context,
-                readable_output=readable_outputs,
-                raw_response=employees,
-            )
-
-        except Exception as e:
-            return_error(create_command_error_message(demisto.command(), e))
-
-
-    @logger
-
-    def highriskemployee_add_risk_tags_command(client, args):
-        username = args.get("username")
-        tags = args.get("risktags")
-        try:
-            user_id = client.add_user_risk_tags(username, tags)
-            rt_context = {"UserID": user_id, "Username": username, "RiskTags": tags}
-            readable_outputs = tableToMarkdown("Code42 Risk Tags Added", rt_context)
-            return CommandResults(
-                outputs_prefix="Code42.HighRiskEmployee",
-                outputs_key_field="UserID",
-                outputs=rt_context,
-                readable_output=readable_outputs,
-                raw_response=user_id,
-            )
-        except Exception as e:
-            return_error(create_command_error_message(demisto.command(), e))
-
-
-    @logger
-
-    def highriskemployee_remove_risk_tags_command(client, args):
-        username = args.get("username")
-        tags = args.get("risktags")
-        try:
-            user_id = client.remove_user_risk_tags(username, tags)
-            rt_context = {"UserID": user_id, "Username": username, "RiskTags": tags}
-            readable_outputs = tableToMarkdown("Code42 Risk Tags Removed", rt_context)
-            return CommandResults(
-                outputs_prefix="Code42.HighRiskEmployee",
-                outputs_key_field="UserID",
-                outputs=rt_context,
-                readable_output=readable_outputs,
-                raw_response=user_id,
-            )
-        except Exception as e:
-            return_error(create_command_error_message(demisto.command(), e))
-
-
-    @logger
-
-    def securitydata_search_command(client, args):
-        code42_security_data_context = []
-        _json = args.get("json")
-        file_context = []
-        # If JSON payload is passed as an argument, ignore all other args and search by JSON payload
-        if _json is not None:
-            file_events = client.search_file_events(_json)
-        else:
-            # Build payload
-            payload = build_query_payload(args)
-            file_events = client.search_file_events(payload)
-        if file_events:
-            for file_event in file_events:
-                code42_context_event = map_to_code42_event_context(file_event)
-                code42_security_data_context.append(code42_context_event)
-                file_context_event = map_to_file_context(file_event)
-                file_context.append(file_context_event)
-            readable_outputs = tableToMarkdown(
-                "Code42 Security Data Results",
-                code42_security_data_context,
-                headers=SECURITY_EVENT_HEADERS,
-            )
-            code42_results = CommandResults(
-                outputs_prefix="Code42.SecurityData",
-                outputs_key_field="EventID",
-                outputs=code42_security_data_context,
-                readable_output=readable_outputs,
-                raw_response=file_events
-            )
-            file_results = CommandResults(
-                outputs_prefix="File",
-                outputs_key_field=None,
-                outputs=file_context,
-            )
-            return code42_results, file_results
-
-        else:
-            return "No results found", {}, {}
-
-
-    """Fetching"""
-
-
-
-    def _create_incident_from_alert_details(details):
-        return {"name": "Code42 - {}".format(details["name"]), "occurred": details["createdAt"]}
-
-
-    def _stringify_lists_if_needed(event):
-        # We need to convert certain fields to a stringified list or React.JS will throw an error
-        shared_with = event.get("sharedWith")
-        private_ip_addresses = event.get("privateIpAddresses")
-        if shared_with:
-            shared_list = [u.get("cloudUsername") for u in shared_with if u.get("cloudUsername")]
-            event["sharedWith"] = str(shared_list)
-        if private_ip_addresses:
-            event["privateIpAddresses"] = str(private_ip_addresses)
-        return event
-
-
-    def _process_event_from_observation(event):
-        return _stringify_lists_if_needed(event)
-
-
-    class Code42SecurityIncidentFetcher(object):
-        def __init__(
-            self,
-            client,
-            last_run,
-            first_fetch_time,
-            event_severity_filter,
-            fetch_limit,
-            include_files,
-            integration_context=None,
-        ):
-            self._client = client
-            self._last_run = last_run
-            self._first_fetch_time = first_fetch_time
-            self._event_severity_filter = event_severity_filter
-            self._fetch_limit = fetch_limit
-            self._include_files = (include_files,)
-            self._integration_context = integration_context
-
-        @logger
-        def fetch(self):
-            remaining_incidents_from_last_run = self._fetch_remaining_incidents_from_last_run()
-            if remaining_incidents_from_last_run:
-                return remaining_incidents_from_last_run
-            start_query_time = self._get_start_query_time()
-            alerts = self._fetch_alerts(start_query_time)
-            incidents = [self._create_incident_from_alert(a) for a in alerts]
-            save_time = datetime.utcnow().timestamp()
-            next_run = {"last_fetch": save_time}
-            return next_run, incidents[: self._fetch_limit], incidents[self._fetch_limit:]
-
-        def _fetch_remaining_incidents_from_last_run(self):
-            if self._integration_context:
-                remaining_incidents = self._integration_context.get("remaining_incidents")
-                # return incidents if exists in context.
-                if remaining_incidents:
-                    return (
-                        self._last_run,
-                        remaining_incidents[:self._fetch_limit],
-                        remaining_incidents[self._fetch_limit:],
-                    )
-
-        def _get_start_query_time(self):
-            start_query_time = self._try_get_last_fetch_time()
-
-            # Handle first time fetch, fetch incidents retroactively
-            if not start_query_time:
-                start_query_time, _ = parse_date_range(
-                    self._first_fetch_time, to_timestamp=True, utc=True
-                )
-                start_query_time /= 1000
-
-            return start_query_time
-
-        def _try_get_last_fetch_time(self):
-            return self._last_run.get("last_fetch")
-
-        def _fetch_alerts(self, start_query_time):
-            return self._client.fetch_alerts(start_query_time, self._event_severity_filter)
-
-        def _create_incident_from_alert(self, alert):
-            details = self._client.get_alert_details(alert["id"])
-            incident = _create_incident_from_alert_details(details)
-            details = self._relate_files_to_alert(details)
-            incident["rawJSON"] = json.dumps(details)
-            return incident
-
-        def _relate_files_to_alert(self, alert_details):
-            observations = alert_details.get("observations")
-            if not observations:
-                alert_details["fileevents"] = []
-                return
-            for obs in observations:
-                file_events = self._get_file_events_from_alert_details(obs, alert_details)
-                alert_details["fileevents"] = [_process_event_from_observation(e) for e in file_events]
-            return alert_details
-
-        def _get_file_events_from_alert_details(self, observation, alert_details):
-            security_data_query = map_observation_to_security_query(observation, alert_details["actor"])
-            return self._client.search_file_events(security_data_query)
-
-
-    def fetch_incidents(
-        client,
-        last_run,
-        first_fetch_time,
-        event_severity_filter,
-        fetch_limit,
-        include_files,
-        integration_context=None,
-    ):
-        fetcher = Code42SecurityIncidentFetcher(
-            client,
-            last_run,
-            first_fetch_time,
-            event_severity_filter,
-            fetch_limit,
-            include_files,
-            integration_context,
-        )
-        return fetcher.fetch()
-
-
-    """Main and test"""
-
-
-
-    def test_module(client):
-        try:
-            # Will fail if unauthorized
-            client.get_current_user()
-            return "ok"
-        except Exception:
-            return (
-                "Invalid credentials or host address. Check that the username and password are correct, that the host "
-                "is available and reachable, and that you have supplied the full scheme, domain, and port "
-                "(e.g. https://myhost.code42.com:4285)."
-            )
-
-
-    def main():
-        """
-        PARSE AND VALIDATE INTEGRATION PARAMS
-        """
-        username = demisto.params().get("credentials").get("identifier")
-        password = demisto.params().get("credentials").get("password")
-        base_url = demisto.params().get("console_url")
-        # Remove trailing slash to prevent wrong URL path to service
-        verify_certificate = not demisto.params().get("insecure", False)
-        proxy = demisto.params().get("proxy", False)
-        LOG("Command being called is {0}.".format(demisto.command()))
-        try:
-            client = Code42Client(
-                base_url=base_url,
-                sdk=None,
-                auth=(username, password),
-                verify=verify_certificate,
-                proxy=proxy,
-            )
-            commands = {
-                "code42-alert-get": alert_get_command,
-                "code42-alert-resolve": alert_resolve_command,
-                "code42-securitydata-search": securitydata_search_command,
-                "code42-departingemployee-add": departingemployee_add_command,
-                "code42-departingemployee-remove": departingemployee_remove_command,
-                "code42-departingemployee-get-all": departingemployee_get_all_command,
-                "code42-highriskemployee-add": highriskemployee_add_command,
-                "code42-highriskemployee-remove": highriskemployee_remove_command,
-                "code42-highriskemployee-get-all": highriskemployee_get_all_command,
-                "code42-highriskemployee-add-risk-tags": highriskemployee_add_risk_tags_command,
-                "code42-highriskemployee-remove-risk-tags": highriskemployee_remove_risk_tags_command,
-            }
-            command = demisto.command()
-            if command == "test-module":
-                # This is the call made when pressing the integration Test button.
-                result = test_module(client)
-                demisto.results(result)
-            elif command == "fetch-incidents":
-                integration_context = demisto.getIntegrationContext()
-                # Set and define the fetch incidents command to run after activated via integration settings.
-                next_run, incidents, remaining_incidents = fetch_incidents(
-                    client=client,
-                    last_run=demisto.getLastRun(),
-                    first_fetch_time=demisto.params().get("fetch_time"),
-                    event_severity_filter=demisto.params().get("alert_severity"),
-                    fetch_limit=int(demisto.params().get("fetch_limit")),
-                    include_files=demisto.params().get("include_files"),
-                    integration_context=integration_context,
-                )
-                demisto.setLastRun(next_run)
-                demisto.incidents(incidents)
-                # Store remaining incidents in integration context
-                integration_context["remaining_incidents"] = remaining_incidents
-                demisto.setIntegrationContext(integration_context)
-            elif command in commands:
-                results = commands[command](client, demisto.args())
-                if not isinstance(results, tuple) and not isinstance(results, list):
-                    results = [results]
-                for result in results:
-                    return_results(result)
-
-        # Log exceptions
-        except Exception as e:
-            return_error("Failed to execute {0} command. Error: {1}".format(demisto.command(), str(e)))
-
-
-    if __name__ in ("__main__", "__builtin__", "builtins"):
-        main()
-  type: python
   commands:
-  - name: code42-securitydata-search
-    arguments:
-    - name: json
+  - arguments:
+    - default: false
       description: JSON query payload using Code42 query syntax.
-    - name: hash
+      isArray: false
+      name: json
+      required: false
+      secret: false
+    - default: false
       description: MD5 or SHA256 hash of the file to search for.
-    - name: username
+      isArray: false
+      name: hash
+      required: false
+      secret: false
+    - default: false
       description: Username to search for.
-    - name: hostname
+      isArray: false
+      name: username
+      required: false
+      secret: false
+    - default: false
       description: Hostname to search for.
-    - name: exposure
-      auto: PREDEFINED
+      isArray: false
+      name: hostname
+      required: false
+      secret: false
+    - auto: PREDEFINED
+      default: false
+      description: Exposure types to search for. Can be "RemovableMedia", "ApplicationRead", "CloudStorage", "IsPublic", "SharedViaLink", or "SharedViaDomain".
+      isArray: true
+      name: exposure
       predefined:
       - RemovableMedia
       - ApplicationRead
@@ -1096,11 +85,19 @@ script:
       - IsPublic
       - SharedViaLink
       - SharedViaDomain
-      description: Exposure types to search for. Can be "RemovableMedia", "ApplicationRead", "CloudStorage", "IsPublic", "SharedViaLink", or "SharedViaDomain".
-      isArray: true
-    - name: results
+      required: false
+      secret: false
+    - default: false
+      defaultValue: '100'
       description: The number of results to return. The default is 100.
-      defaultValue: "100"
+      isArray: false
+      name: results
+      required: false
+      secret: false
+    deprecated: false
+    description: Searches for a file in Security Data by JSON query, hash, username, device hostname, exfiltration type, or a combination of parameters. At least one argument must be passed in the command. If a JSON argument is passed, it will be used to the exclusion of other parameters, otherwise parameters will be combined with an AND clause.
+    execution: false
+    name: code42-securitydata-search
     outputs:
     - contextPath: Code42.SecurityData.EventTimestamp
       description: Timestamp for the event.
@@ -1228,12 +225,17 @@ script:
     - contextPath: File.Hostname
       description: The hostname where the file event was captured.
       type: string
-    description: Searches for a file in Security Data by JSON query, hash, username, device hostname, exfiltration type, or a combination of parameters. At least one argument must be passed in the command. If a JSON argument is passed, it will be used to the exclusion of other parameters, otherwise parameters will be combined with an AND clause.
-  - name: code42-alert-get
-    arguments:
-    - name: id
-      required: true
+  - arguments:
+    - default: false
       description: The alert ID to retrieve. Alert IDs are associated with alerts that are fetched via fetch-incidents.
+      isArray: false
+      name: id
+      required: true
+      secret: false
+    deprecated: false
+    description: Retrieve alert details by alert ID
+    execution: false
+    name: code42-alert-get
     outputs:
     - contextPath: Code42.SecurityAlert.Username
       description: The username associated with the alert.
@@ -1259,26 +261,44 @@ script:
     - contextPath: Code42.SecurityAlert.Severity
       description: The severity of the alert.
       type: string
-    description: Retrieve alert details by alert ID
-  - name: code42-alert-resolve
-    arguments:
-    - name: id
-      required: true
+  - arguments:
+    - default: false
       description: The alert ID to resolve. Alert IDs are associated with alerts that are fetched via fetch-incidents.
+      isArray: false
+      name: id
+      required: true
+      secret: false
+    deprecated: false
+    description: Resolves a Code42 Security alert.
+    execution: false
+    name: code42-alert-resolve
     outputs:
     - contextPath: Code42.SecurityAlert.ID
       description: The alert ID of the resolved alert.
       type: string
-    description: Resolves a Code42 Security alert.
-  - name: code42-departingemployee-add
-    arguments:
-    - name: username
-      required: true
+  - arguments:
+    - default: false
       description: The username to add to the Departing Employee List.
-    - name: departuredate
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    - default: false
       description: The departure date for the employee, in the format YYYY-MM-DD.
-    - name: note
+      isArray: false
+      name: departuredate
+      required: false
+      secret: false
+    - default: false
       description: Note to attach to the Departing Employee.
+      isArray: false
+      name: note
+      required: false
+      secret: false
+    deprecated: false
+    description: Adds a user to the Departing Employee List.
+    execution: false
+    name: code42-departingemployee-add
     outputs:
     - contextPath: Code42.DepartingEmployee.CaseID
       description: Internal Code42 Case ID for the Departing Employee. Deprecated. Use Code42.DepartingEmployee.UserID.
@@ -1293,12 +313,18 @@ script:
       type: string
     - contextPath: Code42.DepartingEmployee.DepartureDate
       description: The departure date for the Departing Employee.
-    description: Adds a user to the Departing Employee List.
-  - name: code42-departingemployee-remove
-    arguments:
-    - name: username
-      required: true
+      type: Unknown
+  - arguments:
+    - default: false
       description: The username to remove from the Departing Employee List.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    deprecated: false
+    description: Removes a user from the Departing Employee List.
+    execution: false
+    name: code42-departingemployee-remove
     outputs:
     - contextPath: Code42.DepartingEmployee.CaseID
       description: Internal Code42 Case ID for the Departing Employee. Deprecated. Use Code42.DepartingEmployee.UserID.
@@ -1308,13 +334,17 @@ script:
     - contextPath: Code42.DepartingEmployee.Username
       description: The username of the Departing Employee.
       type: string
-    description: Removes a user from the Departing Employee List.
-  - name: code42-departingemployee-get-all
-    arguments:
-    - name: results
+  - arguments:
+    - default: false
       description: The number of items to return.
-      defaultvalue: "50"
-      type: number
+      isArray: false
+      name: results
+      required: false
+      secret: false
+    deprecated: false
+    description: Get all employees on the Departing Employee List.
+    execution: false
+    name: code42-departingemployee-get-all
     outputs:
     - contextPath: Code42.DepartingEmployee.UserID
       description: Internal Code42 User ID for the Departing Employee.
@@ -1327,14 +357,24 @@ script:
       type: string
     - contextPath: Code42.DepartingEmployee.DepartureDate
       description: The departure date for the Departing Employee.
-    description: Get all employees on the Departing Employee List.
-  - name: code42-highriskemployee-add
-    arguments:
-    - name: username
-      required: true
+      type: Unknown
+  - arguments:
+    - default: false
       description: The username to add to the High Risk Employee List.
-    - name: note
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    - default: false
       description: Note to attach to the High Risk Employee.
+      isArray: false
+      name: note
+      required: false
+      secret: false
+    deprecated: false
+    description: Adds a user from the High Risk Employee List.
+    execution: false
+    name: code42-highriskemployee-add
     outputs:
     - contextPath: Code42.HighRiskEmployee.UserID
       description: Internal Code42 User ID for the High Risk Employee.
@@ -1345,26 +385,41 @@ script:
     - contextPath: Code42.HighRiskEmployee.Note
       description: Note associated with the High Risk Employee.
       type: string
-    description: Adds a user from the High Risk Employee List.
-  - name: code42-highriskemployee-remove
-    arguments:
-    - name: username
-      required: true
+  - arguments:
+    - default: false
       description: The username to remove from the High Risk Employee List.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    deprecated: false
+    description: Removes a user from the High Risk Employee List.
+    execution: false
+    name: code42-highriskemployee-remove
     outputs:
     - contextPath: Code42.HighRiskEmployee.UserID
       description: Internal Code42 User ID for the High Risk Employee.
+      type: Unknown
     - contextPath: Code42.HighRiskEmployee.Username
       description: The username of the High Risk Employee.
-    description: Removes a user from the High Risk Employee List.
-  - name: code42-highriskemployee-get-all
-    arguments:
-    - name: risktags
+      type: Unknown
+  - arguments:
+    - default: false
       description: To filter results by employees who have these risk tags. Space delimited.
-    - name: results
+      isArray: false
+      name: risktags
+      required: false
+      secret: false
+    - default: false
       description: The number of items to return.
-      defaultvalue: 50
-      type: number
+      isArray: false
+      name: results
+      required: false
+      secret: false
+    deprecated: false
+    description: Get all employees on the High Risk Employee List.
+    execution: false
+    name: code42-highriskemployee-get-all
     outputs:
     - contextPath: Code42.HighRiskEmployee.UserID
       description: Internal Code42 User ID for the High Risk Employee.
@@ -1375,15 +430,22 @@ script:
     - contextPath: Code42.HighRiskEmployee.Note
       description: Note associated with the High Risk Employee.
       type: string
-    description: Get all employees on the High Risk Employee List.
-  - name: code42-highriskemployee-add-risk-tags
-    arguments:
-    - name: username
-      required: true
+  - arguments:
+    - default: false
       description: The username of the High Risk Employee.
-    - name: risktags
+      isArray: false
+      name: username
       required: true
+      secret: false
+    - default: false
       description: Space-delimited risk tags to associate with the High Risk Employee.
+      isArray: false
+      name: risktags
+      required: true
+      secret: false
+    deprecated: false
+    execution: false
+    name: code42-highriskemployee-add-risk-tags
     outputs:
     - contextPath: Code42.HighRiskEmployee.UserID
       description: Internal Code42 User ID for the Departing Employee.
@@ -1393,14 +455,23 @@ script:
       type: string
     - contextPath: Code42.HighRiskEmployee.RiskTags
       description: Risk tags to associate with the High Risk Employee.
-  - name: code42-highriskemployee-remove-risk-tags
-    arguments:
-    - name: username
-      required: true
+      type: Unknown
+  - arguments:
+    - default: false
       description: The username of the High Risk Employee.
-    - name: risktags
+      isArray: false
+      name: username
       required: true
+      secret: false
+    - default: false
       description: Space-delimited risk tags to disassociate from the High Risk Employee.
+      isArray: false
+      name: risktags
+      required: true
+      secret: false
+    deprecated: false
+    execution: false
+    name: code42-highriskemployee-remove-risk-tags
     outputs:
     - contextPath: Code42.HighRiskEmployee.UserID
       description: Internal Code42 User ID for the Departing Employee.
@@ -1410,10 +481,1185 @@ script:
       type: string
     - contextPath: Code42.HighRiskEmployee.RiskTags
       description: Risk tags to disassociate from the High Risk Employee.
+      type: Unknown
+  - arguments:
+    - default: false
+      description: The name of the Code42 organization from which to add the user.
+      isArray: false
+      name: orgname
+      required: true
+      secret: false
+    - default: false
+      description: The username to give to the user.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    - default: false
+      defaultValue: The email to give to the user.
+      isArray: false
+      name: email
+      required: true
+      secret: false
+    deprecated: false
+    description: Creates a Code42 user.
+    execution: false
+    name: code42-user-create
+    outputs:
+    - contextPath: Code42.User.Username
+      description: A username for a Code42 user.
+      type: String
+    - contextPath: Code42.User.Email
+      description: An email for a Code42 user.
+      type: String
+    - contextPath: Code42.User.UserID
+      description: An ID for a Code42 user.
+      type: String
+  - arguments:
+    - default: false
+      description: The username of the user to block.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    deprecated: false
+    description: Blocks a user in Code42.  A blocked user is not allowed to log in or restore files. Backups will continue if the user is still active.
+    execution: false
+    name: code42-user-block
+    outputs:
+    - contextPath: Code42.User.UserID
+      description: An ID for a Code42 user.
+      type: String
+  - arguments:
+    - default: false
+      description: The username of the user to deactivate.
+      isArray: false
+      name: username
+      required: false
+      secret: false
+    deprecated: false
+    description: Deactivate a user in Code42; signing them out of their devices. Backups discontinue for a deactivated user, and their archives go to cold storage.
+    execution: false
+    name: code42-user-deactivate
+    outputs:
+    - contextPath: Code42.User.UserID
+      description: The ID of a Code42 User.
+      type: String
   dockerimage: demisto/py42:1.0.0.9242
+  feed: false
   isfetch: true
+  longRunning: false
+  longRunningPort: false
   runonce: false
+  script: >2
+
+
+
+    """ IMPORTS """
+
+    import json
+
+    import requests
+
+    import py42.sdk
+
+    import py42.settings
+
+    from datetime import datetime
+
+    from py42.sdk.queries.fileevents.file_event_query import FileEventQuery
+
+    from py42.sdk.queries.fileevents.filters import (
+        MD5,
+        SHA256,
+        Actor,
+        EventTimestamp,
+        OSHostname,
+        DeviceUsername,
+        ExposureType,
+        EventType,
+        FileCategory,
+    )
+
+    from py42.sdk.queries.alerts.alert_query import AlertQuery
+
+    from py42.sdk.queries.alerts.filters import DateObserved, Severity, AlertState
+
+
+    # Disable insecure warnings
+
+    requests.packages.urllib3.disable_warnings()
+
+
+    """ CONSTANTS """
+
+    CODE42_EVENT_CONTEXT_FIELD_MAPPER = {
+        "eventTimestamp": "EventTimestamp",
+        "createTimestamp": "FileCreated",
+        "deviceUid": "EndpointID",
+        "deviceUserName": "DeviceUsername",
+        "emailFrom": "EmailFrom",
+        "emailRecipients": "EmailTo",
+        "emailSubject": "EmailSubject",
+        "eventId": "EventID",
+        "eventType": "EventType",
+        "fileCategory": "FileCategory",
+        "fileOwner": "FileOwner",
+        "fileName": "FileName",
+        "filePath": "FilePath",
+        "fileSize": "FileSize",
+        "modifyTimestamp": "FileModified",
+        "md5Checksum": "FileMD5",
+        "osHostName": "FileHostname",
+        "privateIpAddresses": "DevicePrivateIPAddress",
+        "publicIpAddresses": "DevicePublicIPAddress",
+        "removableMediaBusType": "RemovableMediaType",
+        "removableMediaCapacity": "RemovableMediaCapacity",
+        "removableMediaMediaName": "RemovableMediaMediaName",
+        "removableMediaName": "RemovableMediaName",
+        "removableMediaSerialNumber": "RemovableMediaSerialNumber",
+        "removableMediaVendor": "RemovableMediaVendor",
+        "sha256Checksum": "FileSHA256",
+        "shared": "FileShared",
+        "sharedWith": "FileSharedWith",
+        "source": "Source",
+        "tabUrl": "ApplicationTabURL",
+        "url": "FileURL",
+        "processName": "ProcessName",
+        "processOwner": "ProcessOwner",
+        "windowTitle": "WindowTitle",
+        "exposure": "Exposure",
+        "sharingTypeAdded": "SharingTypeAdded",
+    }
+
+
+    CODE42_ALERT_CONTEXT_FIELD_MAPPER = {
+        "actor": "Username",
+        "createdAt": "Occurred",
+        "description": "Description",
+        "id": "ID",
+        "name": "Name",
+        "state": "State",
+        "type": "Type",
+        "severity": "Severity",
+    }
+
+
+    FILE_CONTEXT_FIELD_MAPPER = {
+        "fileName": "Name",
+        "filePath": "Path",
+        "fileSize": "Size",
+        "md5Checksum": "MD5",
+        "sha256Checksum": "SHA256",
+        "osHostName": "Hostname",
+    }
+
+
+    CODE42_FILE_TYPE_MAPPER = {
+        "SourceCode": "SOURCE_CODE",
+        "Audio": "AUDIO",
+        "Executable": "EXECUTABLE",
+        "Document": "DOCUMENT",
+        "Image": "IMAGE",
+        "PDF": "PDF",
+        "Presentation": "PRESENTATION",
+        "Script": "SCRIPT",
+        "Spreadsheet": "SPREADSHEET",
+        "Video": "VIDEO",
+        "VirtualDiskImage": "VIRTUAL_DISK_IMAGE",
+        "Archive": "ARCHIVE",
+    }
+
+
+    SECURITY_EVENT_HEADERS = [
+        "EventType",
+        "FileName",
+        "FileSize",
+        "FileHostname",
+        "FileOwner",
+        "FileCategory",
+        "DeviceUsername",
+    ]
+
+
+    SECURITY_ALERT_HEADERS = ["Type", "Occurred", "Username", "Name", "Description", "State", "ID"]
+
+
+
+    def _get_severity_filter_value(severity_arg):
+        """Converts single str to upper case. If given list of strs, converts all to upper case."""
+        if severity_arg:
+            return (
+                [severity_arg.upper()]
+                if isinstance(severity_arg, str)
+                else list(map(lambda x: x.upper(), severity_arg))
+            )
+
+
+    def _create_alert_query(event_severity_filter, start_time):
+        """Creates an alert query for the given severity (or severities) and start time."""
+        alert_filters = AlertQueryFilters()
+        severity = event_severity_filter
+        alert_filters.append_result(_get_severity_filter_value(severity), Severity.is_in)
+        alert_filters.append(AlertState.eq(AlertState.OPEN))
+        alert_filters.append_result(start_time, DateObserved.on_or_after)
+        alert_query = alert_filters.to_all_query()
+        return alert_query
+
+
+    def _get_all_high_risk_employees_from_page(page, risk_tags):
+        res = []
+        for employee in page["items"]:
+            if not risk_tags:
+                res.append(employee)
+                continue
+
+            employee_tags = employee.get("riskFactors")
+            # If the employee risk tags contain all the given risk tags
+            if employee_tags and set(risk_tags) <= set(employee_tags):
+                res.append(employee)
+        return res
+
+
+    def _try_convert_str_list_to_list(str_list):
+        if isinstance(str_list, str):
+            return str_list.split()
+        return str_list
+
+
+    class Code42Client(BaseClient):
+        """
+        Client will implement the service API, should not contain Cortex XSOAR logic.
+        Should do requests and return data
+        """
+
+        def __init__(self, sdk, base_url, auth, verify=True, proxy=False):
+            super().__init__(base_url, verify=verify, proxy=proxy)
+            # Allow sdk parameter for unit testing.
+            # Otherwise, lazily load the SDK so that the TEST Command can effectively check auth.
+            self._sdk = sdk
+            self._sdk_factory = (
+                lambda: py42.sdk.from_local_account(base_url, auth[0], auth[1])
+                if not self._sdk
+                else None
+            )
+            py42.settings.set_user_agent_suffix("Cortex XSOAR")
+
+        def _get_sdk(self):
+            if self._sdk is None:
+                self._sdk = self._sdk_factory()
+            return self._sdk
+
+        def add_user_to_departing_employee(self, username, departure_date=None, note=None):
+            user_id = self.get_user(username)["userUid"]
+            self._get_sdk().detectionlists.departing_employee.add(
+                user_id, departure_date=departure_date
+            )
+            if note:
+                self._get_sdk().detectionlists.update_user_notes(user_id, note)
+            return user_id
+
+        def remove_user_from_departing_employee(self, username):
+            user_id = self.get_user(username)["userUid"]
+            self._get_sdk().detectionlists.departing_employee.remove(user_id)
+            return user_id
+
+        def get_all_departing_employees(self, results):
+            res = []
+            results = int(results) if results else None
+            pages = self._get_sdk().detectionlists.departing_employee.get_all()
+            for page in pages:
+                employees = page["items"]
+                for employee in employees:
+                    res.append(employee)
+                    if results and len(res) == results:
+                        return res
+            return res
+
+        def add_user_to_high_risk_employee(self, username, note=None):
+            user_id = self.get_user(username)["userUid"]
+            self._get_sdk().detectionlists.high_risk_employee.add(user_id)
+            if note:
+                self._get_sdk().detectionlists.update_user_notes(user_id, note)
+            return user_id
+
+        def remove_user_from_high_risk_employee(self, username):
+            user_id = self.get_user(username)["userUid"]
+            self._get_sdk().detectionlists.high_risk_employee.remove(user_id)
+            return user_id
+
+        def add_user_risk_tags(self, username, risk_tags):
+            risk_tags = _try_convert_str_list_to_list(risk_tags)
+            user_id = self.get_user(username)["userUid"]
+            self._get_sdk().detectionlists.add_user_risk_tags(user_id, risk_tags)
+            return user_id
+
+        def remove_user_risk_tags(self, username, risk_tags):
+            risk_tags = _try_convert_str_list_to_list(risk_tags)
+            user_id = self.get_user(username)["userUid"]
+            self._get_sdk().detectionlists.remove_user_risk_tags(user_id, risk_tags)
+            return user_id
+
+        def get_all_high_risk_employees(self, risk_tags, results):
+            risk_tags = _try_convert_str_list_to_list(risk_tags)
+            results = int(results) if results else None
+            res = []
+            pages = self._get_sdk().detectionlists.high_risk_employee.get_all()
+            for page in pages:
+                employees = _get_all_high_risk_employees_from_page(page, risk_tags)
+                for employee in employees:
+                    res.append(employee)
+                    if results and len(res) == results:
+                        return res
+            return res
+
+        def fetch_alerts(self, start_time, event_severity_filter):
+            query = _create_alert_query(event_severity_filter, start_time)
+            res = self._get_sdk().alerts.search(query)
+            return res["alerts"]
+
+        def get_alert_details(self, alert_id):
+            res = self._get_sdk().alerts.get_details(alert_id)["alerts"]
+            if not res:
+                raise Exception("No alert found with ID {0}.".format(alert_id))
+            return res[0]
+
+        def resolve_alert(self, id):
+            self._get_sdk().alerts.resolve(id)
+            return id
+
+        def get_current_user(self):
+            res = self._get_sdk().users.get_current()
+            return res
+
+        def get_user(self, username):
+            res = self._get_sdk().users.get_by_username(username)["users"]
+            if not res:
+                raise Exception("No user found with username {0}.".format(username))
+            return res[0]
+
+        def create_user(self, org_name, username, email):
+            org_uid = self.get_org(org_name)["orgUid"]
+            response = self._get_sdk().users.create_user(org_uid, username, email)
+            return json.loads(response.text)
+
+        def block_user(self, username):
+            user_id = self.get_user(username)["userId"]
+            self._get_sdk().users.block(user_id)
+            return user_id
+
+        def deactivate_user(self, username):
+            user_id = self.get_user(username)["userId"]
+            self._get_sdk().users.deactivate(user_id)
+            return user_id
+
+        def get_org(self, org_name):
+            org_pages = self._get_sdk().orgs.get_all()
+            for org_page in org_pages:
+                for org in org_page["orgs"]:
+                    if org["orgName"] == org_name:
+                        return org
+            raise Exception("No org found with name {0}.".format(org_name))
+
+        def search_file_events(self, payload):
+            res = self._get_sdk().securitydata.search_file_events(payload)
+            return res["fileEvents"]
+
+
+    class Code42SearchFilters(object):
+        def __init__(self):
+            self._filters = []
+
+        @property
+        def filters(self):
+            return self._filters
+
+        def to_all_query(self):
+            """Override"""
+
+        def append(self, _filter):
+            if _filter:
+                self._filters.append(_filter)
+
+        def extend(self, _filters):
+            if _filters:
+                self._filters.extend(_filters)
+
+        def append_result(self, value, create_filter):
+            """Safely creates and appends the filter to the working list."""
+            if not value:
+                return
+            _filter = create_filter(value)
+            self.append(_filter)
+
+
+    class FileEventQueryFilters(Code42SearchFilters):
+        """Class for simplifying building up a file event search query"""
+
+        def __init__(self, pg_size=None):
+            self._pg_size = pg_size
+            super(FileEventQueryFilters, self).__init__()
+
+        def to_all_query(self):
+            """Convert list of search criteria to *args"""
+            query = FileEventQuery.all(*self._filters)
+            if self._pg_size:
+                query.page_size = self._pg_size
+            return query
+
+
+    class AlertQueryFilters(Code42SearchFilters):
+        """Class for simplifying building up an alert search query"""
+
+        def to_all_query(self):
+            query = AlertQuery.all(*self._filters)
+            query.page_size = 500
+            query.sort_direction = "asc"
+            return query
+
+
+    @logger
+
+    def build_query_payload(args):
+        """Build a query payload combining passed args"""
+
+        pg_size = args.get("results")
+        _hash = args.get("hash")
+        hostname = args.get("hostname")
+        username = args.get("username")
+        exposure = args.get("exposure")
+
+        search_args = FileEventQueryFilters(pg_size)
+        search_args.append_result(_hash, _create_hash_filter)
+        search_args.append_result(hostname, OSHostname.eq)
+        search_args.append_result(username, DeviceUsername.eq)
+        search_args.append_result(exposure, _create_exposure_filter)
+
+        query = search_args.to_all_query()
+        LOG("File Event Query: {}".format(str(query)))
+        return query
+
+
+    def _create_hash_filter(hash_arg):
+        if not hash_arg:
+            return None
+        elif len(hash_arg) == 32:
+            return MD5.eq(hash_arg)
+        elif len(hash_arg) == 64:
+            return SHA256.eq(hash_arg)
+
+
+    def _create_exposure_filter(exposure_arg):
+        # Because the CLI can't accept lists, convert the args to a list if the type is string.
+        if isinstance(exposure_arg, str):
+            exposure_arg = exposure_arg.split(",")
+        return ExposureType.is_in(exposure_arg)
+
+
+    def _create_category_filter(file_type):
+        category_value = CODE42_FILE_TYPE_MAPPER.get(file_type["category"], "UNCATEGORIZED")
+        return FileCategory.eq(category_value)
+
+
+    class ObservationToSecurityQueryMapper(object):
+        """Class to simplify the process of mapping observation data to query objects."""
+
+        # Exfiltration consts
+        _ENDPOINT_TYPE = "FedEndpointExfiltration"
+        _CLOUD_TYPE = "FedCloudSharePermissions"
+
+        # Query consts
+        _PUBLIC_SEARCHABLE = "PublicSearchableShare"
+        _PUBLIC_LINK = "PublicLinkShare"
+        _OUTSIDE_TRUSTED_DOMAINS = "SharedOutsideTrustedDomain"
+
+        exposure_type_map = {
+            "PublicSearchableShare": ExposureType.IS_PUBLIC,
+            "PublicLinkShare": ExposureType.SHARED_VIA_LINK,
+            "SharedOutsideTrustedDomain": "OutsideTrustedDomains",
+        }
+
+        def __init__(self, observation, actor):
+            self._obs = observation
+            self._actor = actor
+
+        @property
+        def _observation_data(self):
+            return self._obs["data"]
+
+        @property
+        def _exfiltration_type(self):
+            return self._obs["type"]
+
+        @property
+        def _is_endpoint_exfiltration(self):
+            return self._exfiltration_type == self._ENDPOINT_TYPE
+
+        @property
+        def _is_cloud_exfiltration(self):
+            return self._exfiltration_type == self._CLOUD_TYPE
+
+        def _create_user_filter(self):
+            return (
+                DeviceUsername.eq(self._actor)
+                if self._is_endpoint_exfiltration
+                else Actor.eq(self._actor)
+            )
+
+        def map(self):
+            search_args = self._create_search_args()
+            query = search_args.to_all_query()
+            LOG("Alert Observation Query: {}".format(query))
+            return query
+
+        def _create_search_args(self):
+            filters = FileEventQueryFilters()
+            exposure_types = self._observation_data["exposureTypes"]
+            begin_time = _convert_date_arg_to_epoch(self._observation_data["firstActivityAt"])
+            end_time = _convert_date_arg_to_epoch(self._observation_data["lastActivityAt"])
+
+            filters.append(self._create_user_filter())
+            filters.append(EventTimestamp.on_or_after(begin_time))
+            filters.append(EventTimestamp.on_or_before(end_time))
+            filters.extend(self._create_exposure_filters(exposure_types))
+            filters.append(self._create_file_category_filters())
+
+            return filters
+
+        @logger
+        def _create_exposure_filters(self, exposure_types):
+            """Determine exposure types based on alert type"""
+            exp_types = []
+            if self._is_cloud_exfiltration:
+                for t in exposure_types:
+                    exp_type = self.exposure_type_map.get(t)
+                    if exp_type:
+                        exp_types.append(exp_type)
+                    else:
+                        LOG("Received unsupported exposure type {0}.".format(t))
+                if exp_types:
+                    return [ExposureType.is_in(exp_types)]
+                else:
+                    # If not given a support exposure type, search for all unsupported exposure types
+                    supported_exp_types = list(self.exposure_type_map.values())
+                    return [ExposureType.not_in(supported_exp_types)]
+            elif self._is_endpoint_exfiltration:
+                return [
+                    EventType.is_in([EventType.CREATED, EventType.MODIFIED, EventType.READ_BY_APP]),
+                    ExposureType.is_in(exposure_types),
+                ]
+            return []
+
+        def _create_file_category_filters(self):
+            """Determine if file categorization is significant"""
+            observed_file_categories = self._observation_data["fileCategories"]
+            categories = [c["category"].upper() for c in observed_file_categories if c["isSignificant"]]
+            if categories:
+                return FileCategory.is_in(categories)
+
+
+    def map_observation_to_security_query(observation, actor):
+        mapper = ObservationToSecurityQueryMapper(observation, actor)
+        return mapper.map()
+
+
+    def _convert_date_arg_to_epoch(date_arg):
+        date_arg = date_arg[:25]
+        return (
+            datetime.strptime(date_arg, "%Y-%m-%dT%H:%M:%S.%f") - datetime.utcfromtimestamp(0)
+        ).total_seconds()
+
+
+    @logger
+
+    def map_to_code42_event_context(obj):
+        code42_context = _map_obj_to_context(obj, CODE42_EVENT_CONTEXT_FIELD_MAPPER)
+        # FileSharedWith is a special case and needs to be converted to a list
+        if code42_context.get("FileSharedWith"):
+            shared_list = [u["cloudUsername"] for u in code42_context["FileSharedWith"]]
+            code42_context["FileSharedWith"] = str(shared_list)
+        return code42_context
+
+
+    @logger
+
+    def map_to_code42_alert_context(obj):
+        return _map_obj_to_context(obj, CODE42_ALERT_CONTEXT_FIELD_MAPPER)
+
+
+    @logger
+
+    def map_to_file_context(obj):
+        return _map_obj_to_context(obj, FILE_CONTEXT_FIELD_MAPPER)
+
+
+    @logger
+
+    def _map_obj_to_context(obj, context_mapper):
+        return {v: obj.get(k) for k, v in context_mapper.items() if obj.get(k)}
+
+
+    def create_command_error_message(cmd, ex):
+        return "Failed to execute command {0} command. Error: {1}".format(cmd, str(ex))
+
+
+    """Commands"""
+
+
+
+    @logger
+
+    def alert_get_command(client, args):
+        code42_securityalert_context = []
+        try:
+            alert = client.get_alert_details(args["id"])
+            if not alert:
+                return "No results found", {}, {}
+
+            code42_context = map_to_code42_alert_context(alert)
+            code42_securityalert_context.append(code42_context)
+            readable_outputs = tableToMarkdown(
+                "Code42 Security Alert Results",
+                code42_securityalert_context,
+                headers=SECURITY_ALERT_HEADERS,
+            )
+            return CommandResults(
+                outputs_prefix="Code42.SecurityAlert",
+                outputs_key_field="ID",
+                outputs=code42_securityalert_context,
+                readable_output=readable_outputs,
+                raw_response=alert,
+            )
+        except Exception as e:
+            return_error(create_command_error_message(demisto.command(), e))
+
+
+    @logger
+
+    def alert_resolve_command(client, args):
+        code42_securityalert_context = []
+
+        try:
+            alert_id = client.resolve_alert(args["id"])
+
+            if not alert_id:
+                return "No results found", {}, {}
+
+            # Retrieve new alert details
+            alert_details = client.get_alert_details(alert_id)
+            if not alert_details:
+                return "Error retrieving updated alert", {}, {}
+
+            code42_context = map_to_code42_alert_context(alert_details)
+            code42_securityalert_context.append(code42_context)
+            readable_outputs = tableToMarkdown(
+                "Code42 Security Alert Resolved",
+                code42_securityalert_context,
+                headers=SECURITY_ALERT_HEADERS,
+            )
+            return CommandResults(
+                outputs_prefix="Code42.SecurityAlert",
+                outputs_key_field="ID",
+                outputs=code42_securityalert_context,
+                readable_output=readable_outputs,
+                raw_response=alert_details,
+            )
+        except Exception as e:
+            return_error(create_command_error_message(demisto.command(), e))
+
+
+    @logger
+
+    def departingemployee_add_command(client, args):
+        departing_date = args.get("departuredate")
+        username = args["username"]
+        note = args.get("note")
+        try:
+            user_id = client.add_user_to_departing_employee(username, departing_date, note)
+            # CaseID included but it deprecated.
+            de_context = {
+                "CaseID": user_id,
+                "UserID": user_id,
+                "Username": username,
+                "DepartureDate": departing_date,
+                "Note": note,
+            }
+            readable_outputs = tableToMarkdown("Code42 Departing Employee List User Added", de_context)
+            return CommandResults(
+                outputs_prefix="Code42.DepartingEmployee",
+                outputs_key_field="UserID",
+                outputs=de_context,
+                readable_output=readable_outputs,
+                raw_response=user_id,
+            )
+        except Exception as e:
+            return_error(create_command_error_message(demisto.command(), e))
+
+
+    @logger
+
+    def departingemployee_remove_command(client, args):
+        username = args["username"]
+        try:
+            user_id = client.remove_user_from_departing_employee(username)
+            # CaseID included but is deprecated.
+            de_context = {"CaseID": user_id, "UserID": user_id, "Username": username}
+            readable_outputs = tableToMarkdown(
+                "Code42 Departing Employee List User Removed", de_context
+            )
+            return CommandResults(
+                outputs_prefix="Code42.DepartingEmployee",
+                outputs_key_field="UserID",
+                outputs=de_context,
+                readable_output=readable_outputs,
+                raw_response=user_id,
+            )
+        except Exception as e:
+            return_error(create_command_error_message(demisto.command(), e))
+
+
+    @logger
+
+    def departingemployee_get_all_command(client, args):
+        results = args.get("results") or 50
+        try:
+            employees = client.get_all_departing_employees(results)
+            employees_context = [
+                {
+                    "UserID": e["userId"],
+                    "Username": e["userName"],
+                    "DepartureDate": e.get("departureDate"),
+                    "Note": e["notes"],
+                }
+                for e in employees
+            ]
+            readable_outputs = tableToMarkdown("All Departing Employees", employees_context)
+            return CommandResults(
+                outputs_prefix="Code42.DepartingEmployee",
+                outputs_key_field="UserID",
+                outputs=employees_context,
+                readable_output=readable_outputs,
+                raw_response=employees,
+            )
+        except Exception as e:
+            return_error(create_command_error_message(demisto.command(), e))
+
+
+    @logger
+
+    def highriskemployee_add_command(client, args):
+        username = args["username"]
+        note = args.get("note")
+        try:
+            user_id = client.add_user_to_high_risk_employee(username, note)
+            hr_context = {"UserID": user_id, "Username": username}
+            readable_outputs = tableToMarkdown("Code42 High Risk Employee List User Added", hr_context)
+            return CommandResults(
+                outputs_prefix="Code42.HighRiskEmployee",
+                outputs_key_field="UserID",
+                outputs=hr_context,
+                readable_output=readable_outputs,
+                raw_response=user_id,
+            )
+        except Exception as e:
+            return_error(create_command_error_message(demisto.command(), e))
+
+
+    @logger
+
+    def highriskemployee_remove_command(client, args):
+        username = args["username"]
+        try:
+            user_id = client.remove_user_from_high_risk_employee(username)
+            hr_context = {"UserID": user_id, "Username": username}
+            readable_outputs = tableToMarkdown(
+                "Code42 High Risk Employee List User Removed", hr_context
+            )
+            return CommandResults(
+                outputs_prefix="Code42.HighRiskEmployee",
+                outputs_key_field="UserID",
+                outputs=hr_context,
+                readable_output=readable_outputs,
+                raw_response=user_id,
+            )
+        except Exception as e:
+            return_error(create_command_error_message(demisto.command(), e))
+
+
+    @logger
+
+    def highriskemployee_get_all_command(client, args):
+        tags = args.get("risktags")
+        results = args.get("results") or 50
+        try:
+            employees = client.get_all_high_risk_employees(tags, results)
+            employees_context = [
+                {"UserID": e.get("userId"), "Username": e.get("userName"), "Note": e.get("notes")}
+                for e in employees
+            ]
+            readable_outputs = tableToMarkdown("Retrieved All High Risk Employees", employees_context)
+            return CommandResults(
+                outputs_prefix="Code42.HighRiskEmployee",
+                outputs_key_field="UserID",
+                outputs=employees_context,
+                readable_output=readable_outputs,
+                raw_response=employees,
+            )
+
+        except Exception as e:
+            return_error(create_command_error_message(demisto.command(), e))
+
+
+    @logger
+
+    def highriskemployee_add_risk_tags_command(client, args):
+        username = args.get("username")
+        tags = args.get("risktags")
+        try:
+            user_id = client.add_user_risk_tags(username, tags)
+            rt_context = {"UserID": user_id, "Username": username, "RiskTags": tags}
+            readable_outputs = tableToMarkdown("Code42 Risk Tags Added", rt_context)
+            return CommandResults(
+                outputs_prefix="Code42.HighRiskEmployee",
+                outputs_key_field="UserID",
+                outputs=rt_context,
+                readable_output=readable_outputs,
+                raw_response=user_id,
+            )
+        except Exception as e:
+            return_error(create_command_error_message(demisto.command(), e))
+
+
+    @logger
+
+    def highriskemployee_remove_risk_tags_command(client, args):
+        username = args.get("username")
+        tags = args.get("risktags")
+        try:
+            user_id = client.remove_user_risk_tags(username, tags)
+            rt_context = {"UserID": user_id, "Username": username, "RiskTags": tags}
+            readable_outputs = tableToMarkdown("Code42 Risk Tags Removed", rt_context)
+            return CommandResults(
+                outputs_prefix="Code42.HighRiskEmployee",
+                outputs_key_field="UserID",
+                outputs=rt_context,
+                readable_output=readable_outputs,
+                raw_response=user_id,
+            )
+        except Exception as e:
+            return_error(create_command_error_message(demisto.command(), e))
+
+
+    @logger
+
+    def securitydata_search_command(client, args):
+        code42_security_data_context = []
+        _json = args.get("json")
+        file_context = []
+        # If JSON payload is passed as an argument, ignore all other args and search by JSON payload
+        if _json is not None:
+            file_events = client.search_file_events(_json)
+        else:
+            # Build payload
+            payload = build_query_payload(args)
+            file_events = client.search_file_events(payload)
+        if file_events:
+            for file_event in file_events:
+                code42_context_event = map_to_code42_event_context(file_event)
+                code42_security_data_context.append(code42_context_event)
+                file_context_event = map_to_file_context(file_event)
+                file_context.append(file_context_event)
+            readable_outputs = tableToMarkdown(
+                "Code42 Security Data Results",
+                code42_security_data_context,
+                headers=SECURITY_EVENT_HEADERS,
+            )
+            code42_results = CommandResults(
+                outputs_prefix="Code42.SecurityData",
+                outputs_key_field="EventID",
+                outputs=code42_security_data_context,
+                readable_output=readable_outputs,
+                raw_response=file_events,
+            )
+            file_results = CommandResults(
+                outputs_prefix="File", outputs_key_field=None, outputs=file_context
+            )
+            return code42_results, file_results
+
+        else:
+            return "No results found", {}, {}
+
+
+    def user_create_command(client, args):
+        org_name = args.get("orgname")
+        username = args.get("username")
+        email = args.get("email")
+        try:
+            res = client.create_user(org_name, username, email)
+            outputs = {"Username": res["username"], "UserID": res["userUid"], "Email": res["email"]}
+            readable_outputs = tableToMarkdown("Code42 User Created", outputs)
+            return CommandResults(
+                outputs_prefix="Code42.User",
+                outputs_key_field="UserID",
+                outputs=outputs,
+                readable_output=readable_outputs,
+                raw_response=res,
+            )
+        except Exception as e:
+            return_error(create_command_error_message(demisto.command(), e))
+
+
+    def user_block_command(client, args):
+        username = args.get("username")
+        try:
+            user_id = client.block_user(username)
+            outputs = {"UserID": user_id}
+            readable_outputs = tableToMarkdown("Code42 User Blocked", outputs)
+            return CommandResults(
+                outputs_prefix="Code42.User",
+                outputs_key_field="UserID",
+                outputs=outputs,
+                readable_output=readable_outputs,
+                raw_response=user_id,
+            )
+        except Exception as e:
+            return_error(create_command_error_message(demisto.command(), e))
+
+
+    def user_deactivate_command(client, args):
+        username = args.get("username")
+        try:
+            user_id = client.deactivate_user(username)
+            outputs = {"UserID": user_id}
+            readable_outputs = tableToMarkdown("Code42 User Blocked", outputs)
+            return CommandResults(
+                outputs_prefix="Code42.User",
+                outputs_key_field="UserID",
+                outputs=outputs,
+                readable_output=readable_outputs,
+                raw_response=user_id,
+            )
+        except Exception as e:
+            return_error(create_command_error_message(demisto.command(), e))
+
+
+    """Fetching"""
+
+
+
+    def _create_incident_from_alert_details(details):
+        return {"name": "Code42 - {}".format(details["name"]), "occurred": details["createdAt"]}
+
+
+    def _stringify_lists_if_needed(event):
+        # We need to convert certain fields to a stringified list or React.JS will throw an error
+        shared_with = event.get("sharedWith")
+        private_ip_addresses = event.get("privateIpAddresses")
+        if shared_with:
+            shared_list = [u.get("cloudUsername") for u in shared_with if u.get("cloudUsername")]
+            event["sharedWith"] = str(shared_list)
+        if private_ip_addresses:
+            event["privateIpAddresses"] = str(private_ip_addresses)
+        return event
+
+
+    def _process_event_from_observation(event):
+        return _stringify_lists_if_needed(event)
+
+
+    class Code42SecurityIncidentFetcher(object):
+        def __init__(
+            self,
+            client,
+            last_run,
+            first_fetch_time,
+            event_severity_filter,
+            fetch_limit,
+            include_files,
+            integration_context=None,
+        ):
+            self._client = client
+            self._last_run = last_run
+            self._first_fetch_time = first_fetch_time
+            self._event_severity_filter = event_severity_filter
+            self._fetch_limit = fetch_limit
+            self._include_files = (include_files,)
+            self._integration_context = integration_context
+
+        @logger
+        def fetch(self):
+            remaining_incidents_from_last_run = self._fetch_remaining_incidents_from_last_run()
+            if remaining_incidents_from_last_run:
+                return remaining_incidents_from_last_run
+            start_query_time = self._get_start_query_time()
+            alerts = self._fetch_alerts(start_query_time)
+            incidents = [self._create_incident_from_alert(a) for a in alerts]
+            save_time = datetime.utcnow().timestamp()
+            next_run = {"last_fetch": save_time}
+            return next_run, incidents[: self._fetch_limit], incidents[self._fetch_limit:]
+
+        def _fetch_remaining_incidents_from_last_run(self):
+            if self._integration_context:
+                remaining_incidents = self._integration_context.get("remaining_incidents")
+                # return incidents if exists in context.
+                if remaining_incidents:
+                    return (
+                        self._last_run,
+                        remaining_incidents[: self._fetch_limit],
+                        remaining_incidents[self._fetch_limit:],
+                    )
+
+        def _get_start_query_time(self):
+            start_query_time = self._try_get_last_fetch_time()
+
+            # Handle first time fetch, fetch incidents retroactively
+            if not start_query_time:
+                start_query_time, _ = parse_date_range(
+                    self._first_fetch_time, to_timestamp=True, utc=True
+                )
+                start_query_time /= 1000
+
+            return start_query_time
+
+        def _try_get_last_fetch_time(self):
+            return self._last_run.get("last_fetch")
+
+        def _fetch_alerts(self, start_query_time):
+            return self._client.fetch_alerts(start_query_time, self._event_severity_filter)
+
+        def _create_incident_from_alert(self, alert):
+            details = self._client.get_alert_details(alert["id"])
+            incident = _create_incident_from_alert_details(details)
+            details = self._relate_files_to_alert(details)
+            incident["rawJSON"] = json.dumps(details)
+            return incident
+
+        def _relate_files_to_alert(self, alert_details):
+            observations = alert_details.get("observations")
+            if not observations:
+                alert_details["fileevents"] = []
+                return
+            for obs in observations:
+                file_events = self._get_file_events_from_alert_details(obs, alert_details)
+                alert_details["fileevents"] = [_process_event_from_observation(e) for e in file_events]
+            return alert_details
+
+        def _get_file_events_from_alert_details(self, observation, alert_details):
+            security_data_query = map_observation_to_security_query(observation, alert_details["actor"])
+            return self._client.search_file_events(security_data_query)
+
+
+    def fetch_incidents(
+        client,
+        last_run,
+        first_fetch_time,
+        event_severity_filter,
+        fetch_limit,
+        include_files,
+        integration_context=None,
+    ):
+        fetcher = Code42SecurityIncidentFetcher(
+            client,
+            last_run,
+            first_fetch_time,
+            event_severity_filter,
+            fetch_limit,
+            include_files,
+            integration_context,
+        )
+        return fetcher.fetch()
+
+
+    """Main and test"""
+
+
+
+    def test_module(client):
+        try:
+            # Will fail if unauthorized
+            client.get_current_user()
+            return "ok"
+        except Exception:
+            return (
+                "Invalid credentials or host address. Check that the username and password are correct, that the host "
+                "is available and reachable, and that you have supplied the full scheme, domain, and port "
+                "(e.g. https://myhost.code42.com:4285)."
+            )
+
+
+    def main():
+        """
+        PARSE AND VALIDATE INTEGRATION PARAMS
+        """
+        username = demisto.params().get("credentials").get("identifier")
+        password = demisto.params().get("credentials").get("password")
+        base_url = demisto.params().get("console_url")
+        # Remove trailing slash to prevent wrong URL path to service
+        verify_certificate = not demisto.params().get("insecure", False)
+        proxy = demisto.params().get("proxy", False)
+        LOG("Command being called is {0}.".format(demisto.command()))
+        try:
+            client = Code42Client(
+                base_url=base_url,
+                sdk=None,
+                auth=(username, password),
+                verify=verify_certificate,
+                proxy=proxy,
+            )
+            commands = {
+                "code42-alert-get": alert_get_command,
+                "code42-alert-resolve": alert_resolve_command,
+                "code42-securitydata-search": securitydata_search_command,
+                "code42-departingemployee-add": departingemployee_add_command,
+                "code42-departingemployee-remove": departingemployee_remove_command,
+                "code42-departingemployee-get-all": departingemployee_get_all_command,
+                "code42-highriskemployee-add": highriskemployee_add_command,
+                "code42-highriskemployee-remove": highriskemployee_remove_command,
+                "code42-highriskemployee-get-all": highriskemployee_get_all_command,
+                "code42-highriskemployee-add-risk-tags": highriskemployee_add_risk_tags_command,
+                "code42-highriskemployee-remove-risk-tags": highriskemployee_remove_risk_tags_command,
+                "code42-user-create": user_create_command,
+                "code42-user-block": user_block_command,
+                "code42-user-deactivate": user_deactivate_command,
+            }
+            command = demisto.command()
+            if command == "test-module":
+                # This is the call made when pressing the integration Test button.
+                result = test_module(client)
+                demisto.results(result)
+            elif command == "fetch-incidents":
+                integration_context = demisto.getIntegrationContext()
+                # Set and define the fetch incidents command to run after activated via integration settings.
+                next_run, incidents, remaining_incidents = fetch_incidents(
+                    client=client,
+                    last_run=demisto.getLastRun(),
+                    first_fetch_time=demisto.params().get("fetch_time"),
+                    event_severity_filter=demisto.params().get("alert_severity"),
+                    fetch_limit=int(demisto.params().get("fetch_limit")),
+                    include_files=demisto.params().get("include_files"),
+                    integration_context=integration_context,
+                )
+                demisto.setLastRun(next_run)
+                demisto.incidents(incidents)
+                # Store remaining incidents in integration context
+                integration_context["remaining_incidents"] = remaining_incidents
+                demisto.setIntegrationContext(integration_context)
+            elif command in commands:
+                results = commands[command](client, demisto.args())
+                if not isinstance(results, tuple) and not isinstance(results, list):
+                    results = [results]
+                for result in results:
+                    return_results(result)
+
+        # Log exceptions
+        except Exception as e:
+            return_error("Failed to execute {0} command. Error: {1}".format(demisto.command(), str(e)))
+
+
+    if __name__ in ("__main__", "__builtin__", "builtins"):
+        main()
   subtype: python3
+  type: python
 image: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHgAAAAyCAYAAACXpx/YAAAHjElEQVR4nO2aeYxV1R3HP/e+h2wyoCxalhkQpFJpUcQ2LijRLsE9ikutUjCh44poWzUqalyitmqiQdM0rfsSlbjVuFsXlChVaaWKSnBBBnDsMAwyFpiZd815871wuNztDTP4B+eT3Hn3nv2e3zm/3+/87uBwOBwOh8PhcDgcDofD4XA4HA6Hw7EteKXjqAMGA9908kz2AVYDY4B6O8ML4GN/ANOKU/AJ6EGrE2IXUZQgsH47E9Omb7fn6fdef19Wen3YM2igtCnV0dn4XTyjga4tUhb7g3i6MIYhwVon3C6mqwW8BaEo7/b3pZEe9Kbl+3rvHYbidn3RAD7wB/Fs4YdUB020bbl7+wIHAbsBG4CFwOIKWt8f2AsoAMuA+cD6jDo1wE5Am549XQ1AY44+ewDDgNJWmmoz3YAmYFVGWz3VVpvaMu+xUe+S1LbZoPsBo3T/KfC2xlOmUgG3qrNuFdazbO941tCT3fmGtnYFYgZ3E3CMVSzkE2Am8HxK05cBFwD9I+lmcu4GLgbWxNQzE/gmMCSh3c+AF4AbgM8TyvwUeC1lbCHPAEdmlLkROC+SZhZFNWyl6nYBrgJO173NWuDPwLVUoKL/BkzQ7hoEjANuzVm3nQAW+bvxTGE0NUFjKNxTgCXAsRKuWb11lkc/GngOuDqmxSpgkV4kFG6DtVPMzvwdsBzYp6KxtjMCqJWgoxPf2RxUQR8n63QyM0a44bxcA7xIDgF/K8HOAN5Vw2Y3vA/Mkkr8X9aIwm35lD+GRnqFx6JfAg9ZxWYDuwJDNcjJUk9h3mmRZs3uGqv7f2gxDAB+oIU4R3m9tcsGpwxxLrCzjnSmnfGapGbl3wZcmPGaf5CaHRu5jAo9K6PuLRn5NuNi0pq0c21+DlyUJeBfSbBJfAxMSrERm2jxfBb4wxgYNIee8+1W9gHaifYgn5NdNbv0PuCfVt5FwM90f7PU+xIrv147Yrqeq1QuidUS5kdqx9j/K4CR0ihhP3untLFMNv+DyPWetVDj+L1UPaq3KGMqLzWWTvePaTH1kw9zQaTsMWkCNmr5jYzOwkHdmJDnl68Alnr9qaOKncv+EyfJ9houB95KqF+vFTsVWGGlT9XvJ9o5SRgb/KTyjGobnlAu6az2FTDNep6R0ldHqA5tpZgtJymL2TJrJ2j+Q+ZE5mlAmpP1YAUD/gvQXd5vGJYy6mpdaE+Xe1Ws83aiT1AW8C9UpmStxiSi2mGstZOeyDG2RywbPzHFYUriJe3C8aqfRLXeeWQk33jaX2qxRLle+UhjPQ6cmWNMyxK0woSIKVqVJOBWqd+8fJFkozz9ubMwgSIlCgRGYuFOWqyXr4Q9rLIf5qj3X+s+aQfnaWO8hNgj4fh1k644jIa7JJJ+NHCq9TxLvz07OEbjfzwcSZubpqIz7WoltFDA29xk2G9HgtAF6z5PffuIUUgpl0bYj99JwSE/4hPUWhuqI/P+Y9WvttJeNio7aQcX5U2uzNnBUA1yozUZZqU3B3C7F9A8ve0dZhWPKjtYHkF4lBku56Cpgpeps+7z7EhbZeZ9nyh76rleJ4s4ZsnbHhXJ6x4T5LjCahPVuUyevD3eKpkwc+S5M6HfM4C/R9IW6BSSGuj4dc5DPBLu5THprfKAm4cGa8uhSRO9KhLMl3rqK/uYZYdtFsqRGCwv/7qM8pOt+39V0E/IOMv2vpNSboV235KUMiHRc/kfE8r1UqxgYIKAH5ScbO4Azgmf09RNreW+pzFa0aI4SuXLg5pgDQOCZr5tD4I9IgcMeZFVCfV9BVROsdJa5IygiZ+aUNdgjlln636enKVKucMq/0AH6ncFP5KTFRXuGZZwy2HXLHvyfMbZz8RyX8kTuuwbrGefYCVfe73NuelrqSkUf/1PzKo2bT6qiM1D1pkWhelW6/4e4PyYLs3OfcV6np01Rgtfnr6xawcq+S55uklU8lnsbcUXnrSux7XwG6xyG7QoX7XSJupoNCzSpqk3RWOuU0zhffPBf22Ob8HGtvxVR4ySjPlvFXBIc1w2quxX5iP/y4WRzCgez/CgMXS45tjqRBGyfysceqjlUb6mgIrNgYolh6zSuX2DgiC2LazV+G0K8v6HKMhRr7RA/dverIl0nRjzfodYZqxBvkR0sQ/TIpwWUz+O1y2TEBeL/g1wf862mvJ+bJipa70E3Ctnvc14cHjbUg7xP+NNv6Ys5BLeuVrNtyka8xNdNn9KMAHzdWS6X8LeXSvY5nOp8HkZo+ut2HMUcwy7UgJOeKtN9I/54BEyKM8UxbS5zeTdwR1l0w5G/6rzUmEUtcXjqA7WtIe42jEq8QjgYE3SBqmauTk9X3NMOEq7paD+zDEhzUn0FOI08e//W+lFecrv5QiKDNRXoo32J7oIVQqBvp5zDg/Xwm1R3P+pSNs1Mh/NGUcq472v274Cpn1I07tNYZ5fw4j2XdxFXTvY3v/RES6300sLy+Ju3b7d75B09Qx7W9kUDw5rW8qk0qfUeVV2dMvRBRTl+fVJ+K+HbaGf2tzCNgWS+LS2d1ngDy2HMIuJ5svhcDgcDofD4XA4HA6Hw+FwOBwOh8Px/QF8B+pZzTnuPtCMAAAAAElFTkSuQmCC
 detaileddescription: >
   ## Code42

From 039565bacf48f5cced661ae41881548d5952f87a Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Mon, 29 Jun 2020 22:36:35 +0000
Subject: [PATCH 05/24] Save

---
 Packs/Code42/Integrations/Code42/Code42.yml   |   2 +
 Packs/Code42/Integrations/Code42/README.md    | 328 +++++++++---
 .../Code42/Integrations/Code42/README_temp.md | 492 ++++++++++++++++++
 .../Integrations/Code42/command_examples.txt  |  10 +
 4 files changed, 771 insertions(+), 61 deletions(-)
 create mode 100644 Packs/Code42/Integrations/Code42/README_temp.md
 create mode 100644 Packs/Code42/Integrations/Code42/command_examples.txt

diff --git a/Packs/Code42/Integrations/Code42/Code42.yml b/Packs/Code42/Integrations/Code42/Code42.yml
index 247ab3585df7..7f93a6b02ace 100644
--- a/Packs/Code42/Integrations/Code42/Code42.yml
+++ b/Packs/Code42/Integrations/Code42/Code42.yml
@@ -312,6 +312,7 @@ script:
     outputs:
     - contextPath: Code42.DepartingEmployee.CaseID
       description: Internal Code42 Case ID for the Departing Employee. Deprecated. Use Code42.DepartingEmployee.UserID.
+      type: string
     - contextPath: Code42.DepartingEmployee.UserID
       description: Internal Code42 User ID for the Departing Employee.
       type: string
@@ -338,6 +339,7 @@ script:
     outputs:
     - contextPath: Code42.DepartingEmployee.CaseID
       description: Internal Code42 Case ID for the Departing Employee. Deprecated. Use Code42.DepartingEmployee.UserID.
+      type: string
     - contextPath: Code42.DepartingEmployee.UserID
       description: Internal Code42 User ID for the Departing Employee.
       type: string
diff --git a/Packs/Code42/Integrations/Code42/README.md b/Packs/Code42/Integrations/Code42/README.md
index f14c1c322cf5..c3ba5a7e73d3 100644
--- a/Packs/Code42/Integrations/Code42/README.md
+++ b/Packs/Code42/Integrations/Code42/README.md
@@ -1,23 +1,5 @@
-## Overview
----
-
-Code42 provides simple, fast detection and response to everyday data loss from insider threats by focusing on customer data on endpoints and the cloud to answer questions like:
-
-* Where is my data?
-* Where has my data been?
-* When did my data leave?
-* What data exactly left my organization?
-
-This integration was integrated and tested with the fully-hosted SaaS implementation of Code42 and requires a Platinum level subscription.
-
-## Use Cases
----
-
-* Ingesting File Exfiltration alerts from Code42
-* Management of Departing Employees within Code42
-* General file event and metadata search
-
-
+Use the Code42 integration to identify potential data exfiltration from insider threats while speeding investigation and response by providing fast access to file events and metadata across physical and cloud environments.
+This integration was integrated and tested with version xx of Code42
 ## Configure Code42 on Cortex XSOAR
 
 1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
@@ -27,7 +9,7 @@ This integration was integrated and tested with the fully-hosted SaaS implementa
 | **Parameter** | **Description** | **Required** |
 | --- | --- | --- |
 | console_url | Code42 Console URL for the pod your Code42 instance is running in | True |
-| credentials |  | True |
+| credentials | Username | True |
 | isFetch | Fetch incidents | False |
 | incidentType | Incident type | False |
 | alert_severity | Alert severities to fetch when fetching incidents | False |
@@ -209,10 +191,11 @@ Adds a user to the Departing Employee List.
 
 | **Path** | **Type** | **Description** |
 | --- | --- | --- |
+| Code42.DepartingEmployee.CaseID | string | Internal Code42 Case ID for the Departing Employee. Deprecated. Use Code42.DepartingEmployee.UserID. | 
 | Code42.DepartingEmployee.UserID | string | Internal Code42 User ID for the Departing Employee. | 
 | Code42.DepartingEmployee.Username | string | The username of the Departing Employee. | 
 | Code42.DepartingEmployee.Note | string | Note associated with the Departing Employee. | 
-| Code42.DepartingEmployee.DepartureDate | unknown | The departure date for the Departing Employee. | 
+| Code42.DepartingEmployee.DepartureDate | Unknown | The departure date for the Departing Employee. | 
 
 
 #### Command Example
@@ -220,9 +203,9 @@ Adds a user to the Departing Employee List.
 
 #### Human Readable Output
 
-| **UserID** | **DepartureDate** | **Note** | **Username** |
+| **UserID** | **DepartureDate** | **Note** | **Username** | **CaseID** |
 | --- | --- | --- | --- |
-| 123 | 2020-02-28 | Leaving for competitor | john.user@example.com |
+| 123 | 2020-02-28 | Leaving for competitor | john.user@example.com | 123 |
 
 
 ### code42-departingemployee-remove
@@ -244,18 +227,16 @@ Removes a user from the Departing Employee List.
 
 | **Path** | **Type** | **Description** |
 | --- | --- | --- |
+| Code42.DepartingEmployee.CaseID | unknown | Internal Code42 Case ID for the Departing Employee. Deprecated. Use Code42.DepartingEmployee.UserID. | 
 | Code42.DepartingEmployee.UserID | string | Internal Code42 User ID for the Departing Employee. | 
 | Code42.DepartingEmployee.Username | string | The username of the Departing Employee. | 
 
 
 #### Command Example
-```!code42-departingemployee-remove username="john.user@example.com"```
+``` ```
 
 #### Human Readable Output
 
-| **UserID** | **Username** |
-| --- | --- | 
-| 123 | john.user@example.com |
 
 
 ### code42-departingemployee-get-all
@@ -268,7 +249,10 @@ Get all employees on the Departing Employee List.
 `code42-departingemployee-get-all`
 #### Input
 
-There are no input arguments for this command.
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| results | The number of items to return. | Optional | 
+
 
 #### Context Output
 
@@ -277,22 +261,61 @@ There are no input arguments for this command.
 | Code42.DepartingEmployee.UserID | string | Internal Code42 User ID for the Departing Employee. | 
 | Code42.DepartingEmployee.Username | string | The username of the Departing Employee. | 
 | Code42.DepartingEmployee.Note | string | Note associated with the Departing Employee. | 
-| Code42.DepartingEmployee.DepartureDate | unknown | The departure date for the Departing Employee. | 
+| Code42.DepartingEmployee.DepartureDate | Unknown | The departure date for the Departing Employee. | 
 
 
 #### Command Example
 ```!code42-departingemployee-get-all```
 
+#### Context Example
+```
+{
+    "Code42": {
+        "DepartingEmployee": [
+            {
+                "DepartureDate": null,
+                "Note": "test",
+                "UserID": "921333907298179098",
+                "Username": "user1@example.com"
+            },
+            {
+                "DepartureDate": "2020-07-20",
+                "Note": "This is added using csv file to test bulk adding of users to high risk employee list",
+                "UserID": "948333588694228306",
+                "Username": "user2@example.com"
+            },
+            {
+                "DepartureDate": null,
+                "Note": "",
+                "UserID": "912211111144144039",
+                "Username": "user3@example.com"
+            }
+        ]
+    }
+}
+```
+
 #### Human Readable Output
 
-| **UserID** | **DepartureDate** | **Note** | **Username** |
-| --- | --- | --- | --- |
-| 123 | 2020-02-28 | Leaving for competitor | john.user@example.com |
+>### All Departing Employees
+>|DepartureDate|Note|UserID|Username|
+>|---|---|---|---|
+>|  | test | 921286907298179098 | user1@example.com |
+>| 2020-07-20 | This is added using csv file to test bulk adding of users to high risk employee list | 948938588694228306 | sagar.patel+l2@code42.com |
+>|  |  | 912249223544144039 | unicode@example.com |
+>|  |  | 894165832411107815 | testuser@example.com |
+>|  | L3 security risk | 949093399968329042 | sagar.patel+l3@code42.com |
+>|  | tests and more tests | 942897397520286581 | kiran.chaudhary+partner@code42.com |
+>|  |  | 906619740182876328 | resilient.ibm.user@example.com |
+>|  |  | 906619632003387560 | resilient.ibm.admin@example.com |
+>|  |  | 912338501981077099 | mike.mccollow+testair@code42.com |
+>|  | leaving for competition | 951984198921509692 | john.anderson@qrstinc.com |
+>|  | Leaving for competitor | 895005723650937319 | alan.grgic+sacumen@code42.com |
 
 
 ### code42-highriskemployee-add
 ***
-Removes a user from the High Risk Employee List.
+Adds a user from the High Risk Employee List.
 
 
 #### Base Command
@@ -316,13 +339,30 @@ Removes a user from the High Risk Employee List.
 
 
 #### Command Example
-```!code42-highriskemployee-add username="john.user@123.org" note="Risky activity"```
+```!code42-highriskemployee-add username="partner.demisto@example.com" note="Risky activity"```
+
+#### Context Example
+```
+{
+    "Code42": {
+        "HighRiskEmployee": {
+            "UserID": "942876157732602741",
+            "Username": "partner.demisto@example.com"
+        }
+    }
+}
+```
 
 #### Human Readable Output
 
-| **UserID** | **Note** | **Username** |
-| --- | --- | --- |
-| 123 | Leaving for competitor | john.user@example.com |
+>### Code42 High Risk Employee List User Added
+>|UserID|Username|
+>|---|---|
+>| 942876157732602741 | partner.demisto@example.com |
+>### Code42 High Risk Employee List User Added
+>|UserID|Username|
+>|---|---|
+>| 942876157732602741 | partner.demisto@example.com |
 
 
 ### code42-highriskemployee-remove
@@ -344,18 +384,35 @@ Removes a user from the High Risk Employee List.
 
 | **Path** | **Type** | **Description** |
 | --- | --- | --- |
-| Code42.HighRiskEmployee.UserID | unknown | Internal Code42 User ID for the High Risk Employee. | 
-| Code42.HighRiskEmployee.Username | unknown | The username of the High Risk Employee. | 
+| Code42.HighRiskEmployee.UserID | Unknown | Internal Code42 User ID for the High Risk Employee. | 
+| Code42.HighRiskEmployee.Username | Unknown | The username of the High Risk Employee. | 
 
 
 #### Command Example
-```!code42-highriskemployee-remove username="john.user@example.com"```
+```!code42-highriskemployee-remove username="partner.demisto@example.com" note="Risky activity"```
+
+#### Context Example
+```
+{
+    "Code42": {
+        "HighRiskEmployee": {
+            "UserID": "942876157732602741",
+            "Username": "partner.demisto@example.com"
+        }
+    }
+}
+```
 
 #### Human Readable Output
 
-| **UserID** | **Username** |
-| --- | --- |
-| 123 | john.user@example.com |
+>### Code42 High Risk Employee List User Removed
+>|UserID|Username|
+>|---|---|
+>| 942876157732602741 | partner.demisto@example.com |
+>### Code42 High Risk Employee List User Removed
+>|UserID|Username|
+>|---|---|
+>| 942876157732602741 | partner.demisto@example.com |
 
 
 ### code42-highriskemployee-get-all
@@ -370,7 +427,8 @@ Get all employees on the High Risk Employee List.
 
 | **Argument Name** | **Description** | **Required** |
 | --- | --- | --- |
-| risktags | To filter results by employees who have these risk tags. | Optional | 
+| risktags | To filter results by employees who have these risk tags. Space delimited. | Optional | 
+| results | The number of items to return. | Optional | 
 
 
 #### Context Output
@@ -383,19 +441,58 @@ Get all employees on the High Risk Employee List.
 
 
 #### Command Example
-```!code42-highriskemployee-get-all risktags="PERFORMANCE_CONCERNS"```
+```!code42-highriskemployee-get-all```
+
+#### Context Example
+```
+{
+    "Code42": {
+        "HighRiskEmployee": [
+            {
+                "Note": "tests and more tests",
+                "UserID": "111117397520286581",
+                "Username": "user1@example.com"
+            },
+            {
+                "Note": "Leaving for competitor",
+                "UserID": "822222723650937319",
+                "Username": "user2@example.com"
+            },
+            {
+                "Note": "Test user addition from XSOAR",
+                "UserID": "913333363086307495",
+                "Username": "user3@example.com"
+            }
+        ]
+    }
+}
+```
 
 #### Human Readable Output
 
-| **UserID** | **Note** | **Username** |
-| --- | --- | --- |
-| 123 | Leaving for competitor | john.user@example.com |
+>### Retrieved All High Risk Employees
+>|Note|UserID|Username|
+>|---|---|---|
+>| tests and more tests | 942897397520286581 | kiran.chaudhary+partner@code42.com |
+>| Leaving for competitor | 895005723650937319 | alan.grgic+sacumen@code42.com |
+>| Test user addition from XSOAR | 912098363086307495 | spatel@code42.com |
+>| test | 921286907298179098 | juliya.smith+partners@code42.com |
+>| Risky activity | 942876157732602741 | partner.demisto@example.com |
+>### Retrieved All High Risk Employees
+>|Note|UserID|Username|
+>|---|---|---|
+>| tests and more tests | 942897397520286581 | kiran.chaudhary+partner@code42.com |
+>| Leaving for competitor | 895005723650937319 | alan.grgic+sacumen@code42.com |
+>| Test user addition from XSOAR | 912098363086307495 | spatel@code42.com |
+>| test | 921286907298179098 | juliya.smith+partners@code42.com |
+>| Risky activity | 942876157732602741 | partner.demisto@example.com |
 
 
 ### code42-highriskemployee-add-risk-tags
 ***
  
 
+
 #### Base Command
 
 `code42-highriskemployee-add-risk-tags`
@@ -404,7 +501,7 @@ Get all employees on the High Risk Employee List.
 | **Argument Name** | **Description** | **Required** |
 | --- | --- | --- |
 | username | The username of the High Risk Employee. | Required | 
-| risktags | Risk tags to associate with the High Risk Employee. | Required | 
+| risktags | Space-delimited risk tags to associate with the High Risk Employee. | Required | 
 
 
 #### Context Output
@@ -413,22 +510,19 @@ Get all employees on the High Risk Employee List.
 | --- | --- | --- |
 | Code42.HighRiskEmployee.UserID | string | Internal Code42 User ID for the Departing Employee. | 
 | Code42.HighRiskEmployee.Username | string | The username of the High Risk Employee. | 
-| Code42.HighRiskEmployee.RiskTags | unknown | Risk tags to associate with the High Risk Employee. | 
+| Code42.HighRiskEmployee.RiskTags | Unknown | Risk tags to associate with the High Risk Employee. | 
 
 
 #### Command Example
-```!code42-highriskemployee-add-risk-tags username="john.user@example.com" risktags="PERFORMANCE_CONCERNS"```
+``` ```
 
 #### Human Readable Output
 
-| **UserID** | **RiskTags** | **Username** |
-| --- | --- | --- |
-| 123 | FLIGHT_RISK | john.user@example.com |
 
 
 ### code42-highriskemployee-remove-risk-tags
 ***
-
+ 
 
 
 #### Base Command
@@ -439,7 +533,7 @@ Get all employees on the High Risk Employee List.
 | **Argument Name** | **Description** | **Required** |
 | --- | --- | --- |
 | username | The username of the High Risk Employee. | Required | 
-| risktags | Risk tags to disassociate from the High Risk Employee. | Required | 
+| risktags | Space-delimited risk tags to disassociate from the High Risk Employee. | Required | 
 
 
 #### Context Output
@@ -448,14 +542,126 @@ Get all employees on the High Risk Employee List.
 | --- | --- | --- |
 | Code42.HighRiskEmployee.UserID | string | Internal Code42 User ID for the Departing Employee. | 
 | Code42.HighRiskEmployee.Username | string | The username of the High Risk Employee. | 
-| Code42.HighRiskEmployee.RiskTags | unknown | Risk tags to disassociate from the High Risk Employee. | 
+| Code42.HighRiskEmployee.RiskTags | Unknown | Risk tags to disassociate from the High Risk Employee. | 
+
+
+#### Command Example
+```!code42-highriskemployee-remove-risk-tags username="partner.demisto@example.com" risktags="PERFORMANCE_CONCERNS"```
+
+#### Context Example
+```
+{
+    "Code42": {
+        "HighRiskEmployee": [
+            {
+                "RiskTags": "PERFORMANCE_CONCERNS",
+                "UserID": "942876157732602741",
+                "Username": "partner.demisto@example.com"
+            }
+        ]
+    }
+}
+```
+
+#### Human Readable Output
+
+>### Code42 Risk Tags Removed
+>|RiskTags|UserID|Username|
+>|---|---|---|
+>| PERFORMANCE_CONCERNS | 942876157732602741 | partner.demisto@example.com |
+>### Code42 Risk Tags Removed
+>|RiskTags|UserID|Username|
+>|---|---|---|
+>| PERFORMANCE_CONCERNS | 942876157732602741 | partner.demisto@example.com |
+
+
+### code42-user-create
+***
+Creates a Code42 user.
+
+
+#### Base Command
+
+`code42-user-create`
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| orgname | The name of the Code42 organization from which to add the user. | Required | 
+| username | The username to give to the user. | Required | 
+| email |  | Required | 
+
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| Code42.User.Username | String | A username for a Code42 user. | 
+| Code42.User.Email | String | An email for a Code42 user. | 
+| Code42.User.UserID | String | An ID for a Code42 user. | 
+
+
+#### Command Example
+``` ```
+
+#### Human Readable Output
+
+
+
+### code42-user-block
+***
+Blocks a user in Code42.  A blocked user is not allowed to log in or restore files. Backups will continue if the user is still active.
+
+
+#### Base Command
+
+`code42-user-block`
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| username | The username of the user to block. | Required | 
+
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| Code42.User.UserID | String | An ID for a Code42 user. | 
 
 
 #### Command Example
-```!code42-highriskemployee-remove-risk-tags username="john.user@example.com" risktags="PERFORMANCE_CONCERNS"```
+``` ```
 
 #### Human Readable Output
 
-| **UserID** | **RiskTags** | **Username** |
+
+
+### code42-user-deactivate
+***
+Deactivate a user in Code42; signing them out of their devices. Backups discontinue for a deactivated user, and their archives go to cold storage.
+
+
+#### Base Command
+
+`code42-user-deactivate`
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| username | The username of the user to deactivate. | Optional | 
+
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
 | --- | --- | --- |
-| 123 | FLIGHT_RISK | john.user@example.com |
+| Code42.User.UserID | String | The ID of a Code42 User. | 
+
+
+#### Command Example
+``` ```
+
+#### Human Readable Output
+
+
diff --git a/Packs/Code42/Integrations/Code42/README_temp.md b/Packs/Code42/Integrations/Code42/README_temp.md
new file mode 100644
index 000000000000..7874572045f2
--- /dev/null
+++ b/Packs/Code42/Integrations/Code42/README_temp.md
@@ -0,0 +1,492 @@
+## Overview
+---
+
+Code42 provides simple, fast detection and response to everyday data loss from insider threats by focusing on customer data on endpoints and the cloud to answer questions like:
+
+* Where is my data?
+* Where has my data been?
+* When did my data leave?
+* What data exactly left my organization?
+
+This integration was integrated and tested with the fully-hosted SaaS implementation of Code42 and requires a Platinum level subscription.
+
+## Use Cases
+---
+
+* Ingesting File Exfiltration alerts from Code42
+* Management of Departing Employees within Code42
+* General file event and metadata search
+
+
+## Configure Code42 on Cortex XSOAR
+
+1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
+2. Search for Code42.
+3. Click **Add instance** to create and configure a new integration instance.
+
+| **Parameter** | **Description** | **Required** |
+| --- | --- | --- |
+| console_url | Code42 Console URL for the pod your Code42 instance is running in | True |
+| credentials |  | True |
+| isFetch | Fetch incidents | False |
+| incidentType | Incident type | False |
+| alert_severity | Alert severities to fetch when fetching incidents | False |
+| fetch_time | First fetch time range \(&lt;number&gt; &lt;time unit&gt;, e.g., 1 hour, 30 minutes\) | False |
+| fetch_limit | Alerts to fetch per run; note that increasing this value may result in slow performance if too many results are returned at once | False |
+| include_files | Include the list of files in returned incidents. | False |
+
+4. Click **Test** to validate the URLs, token, and connection.
+## Commands
+You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook.
+After you successfully execute a command, a DBot message appears in the War Room with the command details.
+### code42-securitydata-search
+***
+Searches for a file in Security Data by JSON query, hash, username, device hostname, exfiltration type, or a combination of parameters. At least one argument must be passed in the command. If a JSON argument is passed, it will be used to the exclusion of other parameters, otherwise parameters will be combined with an AND clause.
+
+
+#### Base Command
+
+`code42-securitydata-search`
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| json | JSON query payload using Code42 query syntax. | Optional | 
+| hash | MD5 or SHA256 hash of the file to search for. | Optional | 
+| username | Username to search for. | Optional | 
+| hostname | Hostname to search for. | Optional | 
+| exposure | Exposure types to search for. Can be "RemovableMedia", "ApplicationRead", "CloudStorage", "IsPublic", "SharedViaLink", or "SharedViaDomain". | Optional | 
+| results | The number of results to return. The default is 100. | Optional | 
+
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| Code42.SecurityData.EventTimestamp | date | Timestamp for the event. | 
+| Code42.SecurityData.FileCreated | date | File creation date. | 
+| Code42.SecurityData.EndpointID | string | Code42 device ID. | 
+| Code42.SecurityData.DeviceUsername | string | The username that the device is associated with in Code42. | 
+| Code42.SecurityData.EmailFrom | string | The sender email address for email exfiltration events. | 
+| Code42.SecurityData.EmailTo | string | The recipient email address for email exfiltration events. | 
+| Code42.SecurityData.EmailSubject | string | The email subject line for email exfiltration events. | 
+| Code42.SecurityData.EventID | string | The Security Data event ID. | 
+| Code42.SecurityData.EventType | string | The type of Security Data event. | 
+| Code42.SecurityData.FileCategory | string | The file type, as determined by Code42 engine. | 
+| Code42.SecurityData.FileOwner | string | The owner of the file. | 
+| Code42.SecurityData.FileName | string | The file name. | 
+| Code42.SecurityData.FilePath | string | The path to file. | 
+| Code42.SecurityData.FileSize | number | The size of the file \(in bytes\). | 
+| Code42.SecurityData.FileModified | date | The date the file was last modified. | 
+| Code42.SecurityData.FileMD5 | string | MD5 hash of the file. | 
+| Code42.SecurityData.FileHostname | string | Hostname where the file event was captured. | 
+| Code42.SecurityData.DevicePrivateIPAddress | string | Private IP addresses of the device where the event was captured. | 
+| Code42.SecurityData.DevicePublicIPAddress | string | Public IP address of the device where the event was captured. | 
+| Code42.SecurityData.RemovableMediaType | string | Type of removable media. | 
+| Code42.SecurityData.RemovableMediaCapacity | number | Total capacity of removable media \(in bytes\). | 
+| Code42.SecurityData.RemovableMediaMediaName | string | The full name of the removable media. | 
+| Code42.SecurityData.RemovableMediaName | string | The name of the removable media. | 
+| Code42.SecurityData.RemovableMediaSerialNumber | string | The serial number for the removable medial device. | 
+| Code42.SecurityData.RemovableMediaVendor | string | The vendor name for removable device. | 
+| Code42.SecurityData.FileSHA256 | string | The SHA256 hash of the file. | 
+| Code42.SecurityData.FileShared | boolean | Whether the file is shared using a cloud file service. | 
+| Code42.SecurityData.FileSharedWith | string | Accounts that the file is shared with on a cloud file service. | 
+| Code42.SecurityData.Source | string | The source of the file event. Can be "Cloud" or "Endpoint". | 
+| Code42.SecurityData.ApplicationTabURL | string | The URL associated with the application read event. | 
+| Code42.SecurityData.ProcessName | string | The process name for the application read event. | 
+| Code42.SecurityData.ProcessOwner | string | The process owner for the application read event. | 
+| Code42.SecurityData.WindowTitle | string | The process name for the application read event. | 
+| Code42.SecurityData.FileURL | string | The URL of the file on a cloud file service. | 
+| Code42.SecurityData.Exposure | string | The event exposure type. | 
+| Code42.SecurityData.SharingTypeAdded | string | The type of sharing added to the file. | 
+| File.Name | string | The file name. | 
+| File.Path | string | The file path. | 
+| File.Size | number | The file size \(in bytes\). | 
+| File.MD5 | string | The MD5 hash of the file. | 
+| File.SHA256 | string | The SHA256 hash of the file. | 
+| File.Hostname | string | The hostname where the file event was captured. | 
+
+
+#### Command Example
+```!code42-securitydata-search hash=eef8b12d2ed0d6a69fe77699d5640c7b exposure=CloudStorage,ApplicationRead```
+
+#### Human Readable Output
+
+| **EventType** | **FileName** | **FileSize** | **FileHostname** | **FileOwner** | **FileCategory** |
+| --- | --- | --- | --- | --- | --- |
+| READ\_BY\_APP | ProductPhoto.jpg | 333114 | DESKTOP-001 | john.user | IMAGE |
+
+
+### code42-alert-get
+***
+Retrieve alert details by alert ID
+
+
+#### Base Command
+
+`code42-alert-get`
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| id | The alert ID to retrieve. Alert IDs are associated with alerts that are fetched via fetch-incidents. | Required | 
+
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| Code42.SecurityAlert.Username | string | The username associated with the alert. | 
+| Code42.SecurityAlert.Occurred | date | The timestamp when the alert occurred. | 
+| Code42.SecurityAlert.Description | string | The description of the alert. | 
+| Code42.SecurityAlert.ID | string | The alert ID. | 
+| Code42.SecurityAlert.Name | string | The alert rule name that generated the alert. | 
+| Code42.SecurityAlert.State | string | The alert state. | 
+| Code42.SecurityAlert.Type | string | The alert type. | 
+| Code42.SecurityAlert.Severity | string | The severity of the alert. | 
+
+
+#### Command Example
+```!code42-alert-get id="a23557a7-8ca9-4ec6-803f-6a46a2aeca62"```
+
+#### Human Readable Output
+
+| **Type** | **Occurred** | **Username** | **Name** | **Description** | **State** | **ID** |
+| --- | --- | --- | --- | --- | --- | --- |
+| FED\_CLOUD\_SHARE_PERMISSIONS | 2019-10-08T17:38:19.0801650Z | john.user@123.org | Google Drive - Public via Direct Link |  Alert for public Google Drive files | OPEN | a23557a7-8ca9-4ec6-803f-6a46a2aeca62 |
+
+
+### code42-alert-resolve
+***
+Resolves a Code42 Security alert.
+
+
+#### Base Command
+
+`code42-alert-resolve`
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| id | The alert ID to resolve. Alert IDs are associated with alerts that are fetched via fetch-incidents. | Required | 
+
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| Code42.SecurityAlert.ID | string | The alert ID of the resolved alert. | 
+
+
+#### Command Example
+```!code42-alert-resolve id="eb272d18-bc82-4680-b570-ac5d61c6cca6"```
+
+#### Human Readable Output
+
+| **ID** |
+| --- |
+| eb272d18-bc82-4680-b570-ac5d61c6cca6 |
+
+
+### code42-departingemployee-add
+***
+Adds a user to the Departing Employee List.
+
+
+#### Base Command
+
+`code42-departingemployee-add`
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| username | The username to add to the Departing Employee List. | Required | 
+| departuredate | The departure date for the employee, in the format YYYY-MM-DD. | Optional | 
+| note | Note to attach to the Departing Employee. | Optional | 
+
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| Code42.DepartingEmployee.UserID | string | Internal Code42 User ID for the Departing Employee. | 
+| Code42.DepartingEmployee.Username | string | The username of the Departing Employee. | 
+| Code42.DepartingEmployee.Note | string | Note associated with the Departing Employee. | 
+| Code42.DepartingEmployee.DepartureDate | unknown | The departure date for the Departing Employee. | 
+
+
+#### Command Example
+```!code42-departingemployee-add username="john.user@123.org" departuredate="2020-02-28" note="Leaving for competitor"```
+
+#### Human Readable Output
+
+| **UserID** | **DepartureDate** | **Note** | **Username** |
+| --- | --- | --- | --- |
+| 123 | 2020-02-28 | Leaving for competitor | john.user@example.com |
+
+
+### code42-departingemployee-remove
+***
+Removes a user from the Departing Employee List.
+
+
+#### Base Command
+
+`code42-departingemployee-remove`
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| username | The username to remove from the Departing Employee List. | Required | 
+
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| Code42.DepartingEmployee.UserID | string | Internal Code42 User ID for the Departing Employee. | 
+| Code42.DepartingEmployee.Username | string | The username of the Departing Employee. | 
+
+
+#### Command Example
+```!code42-departingemployee-remove username="john.user@example.com"```
+
+#### Human Readable Output
+
+| **UserID** | **Username** |
+| --- | --- | 
+| 123 | john.user@example.com |
+
+
+### code42-departingemployee-get-all
+***
+Get all employees on the Departing Employee List.
+
+
+#### Base Command
+
+`code42-departingemployee-get-all`
+#### Input
+
+There are no input arguments for this command.
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| Code42.DepartingEmployee.UserID | string | Internal Code42 User ID for the Departing Employee. | 
+| Code42.DepartingEmployee.Username | string | The username of the Departing Employee. | 
+| Code42.DepartingEmployee.Note | string | Note associated with the Departing Employee. | 
+| Code42.DepartingEmployee.DepartureDate | unknown | The departure date for the Departing Employee. | 
+
+
+#### Command Example
+```!code42-departingemployee-get-all```
+
+#### Human Readable Output
+
+| **UserID** | **DepartureDate** | **Note** | **Username** |
+| --- | --- | --- | --- |
+| 123 | 2020-02-28 | Leaving for competitor | john.user@example.com |
+
+
+### code42-highriskemployee-add
+***
+Removes a user from the High Risk Employee List.
+
+
+#### Base Command
+
+`code42-highriskemployee-add`
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| username | The username to add to the High Risk Employee List. | Required | 
+| note | Note to attach to the High Risk Employee. | Optional | 
+
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| Code42.HighRiskEmployee.UserID | string | Internal Code42 User ID for the High Risk Employee. | 
+| Code42.HighRiskEmployee.Username | string | The username of the High Risk Employee. | 
+| Code42.HighRiskEmployee.Note | string | Note associated with the High Risk Employee. | 
+
+
+#### Command Example
+```!code42-highriskemployee-add username="john.user@123.org" note="Risky activity"```
+
+#### Human Readable Output
+
+| **UserID** | **Note** | **Username** |
+| --- | --- | --- |
+| 123 | Leaving for competitor | john.user@example.com |
+
+
+### code42-highriskemployee-remove
+***
+Removes a user from the High Risk Employee List.
+
+
+#### Base Command
+
+`code42-highriskemployee-remove`
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| username | The username to remove from the High Risk Employee List. | Required | 
+
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| Code42.HighRiskEmployee.UserID | unknown | Internal Code42 User ID for the High Risk Employee. | 
+| Code42.HighRiskEmployee.Username | unknown | The username of the High Risk Employee. | 
+
+
+#### Command Example
+```!code42-highriskemployee-remove username="john.user@example.com"```
+
+#### Human Readable Output
+
+| **UserID** | **Username** |
+| --- | --- |
+| 123 | john.user@example.com |
+
+
+### code42-highriskemployee-get-all
+***
+Get all employees on the High Risk Employee List.
+
+
+#### Base Command
+
+`code42-highriskemployee-get-all`
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| risktags | To filter results by employees who have these risk tags. | Optional | 
+
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| Code42.HighRiskEmployee.UserID | string | Internal Code42 User ID for the High Risk Employee. | 
+| Code42.HighRiskEmployee.Username | string | The username of the High Risk Employee. | 
+| Code42.HighRiskEmployee.Note | string | Note associated with the High Risk Employee. | 
+
+
+#### Command Example
+```!code42-highriskemployee-get-all risktags="PERFORMANCE_CONCERNS"```
+
+#### Human Readable Output
+
+| **UserID** | **Note** | **Username** |
+| --- | --- | --- |
+| 123 | Leaving for competitor | john.user@example.com |
+
+
+### code42-highriskemployee-add-risk-tags
+***
+ 
+
+#### Base Command
+
+`code42-highriskemployee-add-risk-tags`
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| username | The username of the High Risk Employee. | Required | 
+| risktags | Risk tags to associate with the High Risk Employee. | Required | 
+
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| Code42.HighRiskEmployee.UserID | string | Internal Code42 User ID for the Departing Employee. | 
+| Code42.HighRiskEmployee.Username | string | The username of the High Risk Employee. | 
+| Code42.HighRiskEmployee.RiskTags | unknown | Risk tags to associate with the High Risk Employee. | 
+
+
+#### Command Example
+```!code42-highriskemployee-add-risk-tags username="john.user@example.com" risktags="PERFORMANCE_CONCERNS"```
+
+#### Human Readable Output
+
+| **UserID** | **RiskTags** | **Username** |
+| --- | --- | --- |
+| 123 | FLIGHT_RISK | john.user@example.com |
+
+
+### code42-highriskemployee-remove-risk-tags
+***
+
+
+
+#### Base Command
+
+`code42-highriskemployee-remove-risk-tags`
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| username | The username of the High Risk Employee. | Required | 
+| risktags | Risk tags to disassociate from the High Risk Employee. | Required | 
+
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| Code42.HighRiskEmployee.UserID | string | Internal Code42 User ID for the Departing Employee. | 
+| Code42.HighRiskEmployee.Username | string | The username of the High Risk Employee. | 
+| Code42.HighRiskEmployee.RiskTags | unknown | Risk tags to disassociate from the High Risk Employee. | 
+
+
+#### Command Example
+```!code42-highriskemployee-remove-risk-tags username="john.user@example.com" risktags="PERFORMANCE_CONCERNS"```
+
+#### Human Readable Output
+
+| **UserID** | **RiskTags** | **Username** |
+| --- | --- | --- |
+| 123 | FLIGHT_RISK | john.user@example.com |
+
+
+
+#### Base Command
+
+`code42-highriskemployee-remove-risk-tags`
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| username | The username of the High Risk Employee. | Required | 
+| risktags | Risk tags to disassociate from the High Risk Employee. | Required | 
+
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| Code42.HighRiskEmployee.UserID | string | Internal Code42 User ID for the Departing Employee. | 
+| Code42.HighRiskEmployee.Username | string | The username of the High Risk Employee. | 
+| Code42.HighRiskEmployee.RiskTags | unknown | Risk tags to disassociate from the High Risk Employee. | 
+
+
+#### Command Example
+```!code42-highriskemployee-remove-risk-tags username="john.user@example.com" risktags="PERFORMANCE_CONCERNS"```
+
+#### Human Readable Output
+
+| **UserID** | **RiskTags** | **Username** |
+| --- | --- | --- |
+| 123 | FLIGHT_RISK | john.user@example.com |
\ No newline at end of file
diff --git a/Packs/Code42/Integrations/Code42/command_examples.txt b/Packs/Code42/Integrations/Code42/command_examples.txt
new file mode 100644
index 000000000000..5aa88cec593e
--- /dev/null
+++ b/Packs/Code42/Integrations/Code42/command_examples.txt
@@ -0,0 +1,10 @@
+!code42-alert-get id="a23557a7-8ca9-4ec6-803f-6a46a2aeca62"
+!code42-alert-resolve id="eb272d18-bc82-4680-b570-ac5d61c6cca6"
+!code42-departingemployee-add username="partner.demisto@example.com" departuredate="2020-010-28" note="Leaving for competitor"
+!code42-departingemployee-remove username="partner.demisto@example.com"
+!code42-departingemployee-get-all
+!code42-highriskemployee-add username="partner.demisto@example.com" note="Risky activity"
+!code42-highriskemployee-remove username="partner.demisto@example.com" note="Risky activity"
+!code42-highriskemployee-get-all
+!code42-highriskemployee-add-risk-tags username="partner.demisto@example.com" note="PERFORMANCE_CONCERN"
+!code42-highriskemployee-remove-risk-tags username="partner.demisto@example.com" risktags="PERFORMANCE_CONCERNS"

From 71788c07ecefdeb02a1842d9edb02a6996c83cbc Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Mon, 29 Jun 2020 23:04:43 +0000
Subject: [PATCH 06/24] Gen readme

---
 Packs/Code42/Integrations/Code42/Code42.py    |   2 +-
 Packs/Code42/Integrations/Code42/README.md    | 129 +++--
 .../Code42/Integrations/Code42/README_temp.md | 492 ------------------
 .../Integrations/Code42/command_examples.txt  |   3 +
 4 files changed, 63 insertions(+), 563 deletions(-)
 delete mode 100644 Packs/Code42/Integrations/Code42/README_temp.md

diff --git a/Packs/Code42/Integrations/Code42/Code42.py b/Packs/Code42/Integrations/Code42/Code42.py
index 4549e6c6f5ef..f55ed62dcfce 100644
--- a/Packs/Code42/Integrations/Code42/Code42.py
+++ b/Packs/Code42/Integrations/Code42/Code42.py
@@ -841,7 +841,7 @@ def user_deactivate_command(client, args):
     try:
         user_id = client.deactivate_user(username)
         outputs = {"UserID": user_id}
-        readable_outputs = tableToMarkdown("Code42 User Blocked", outputs)
+        readable_outputs = tableToMarkdown("Code42 User Deactivated", outputs)
         return CommandResults(
             outputs_prefix="Code42.User",
             outputs_key_field="UserID",
diff --git a/Packs/Code42/Integrations/Code42/README.md b/Packs/Code42/Integrations/Code42/README.md
index c3ba5a7e73d3..4878275e02a4 100644
--- a/Packs/Code42/Integrations/Code42/README.md
+++ b/Packs/Code42/Integrations/Code42/README.md
@@ -227,16 +227,19 @@ Removes a user from the Departing Employee List.
 
 | **Path** | **Type** | **Description** |
 | --- | --- | --- |
-| Code42.DepartingEmployee.CaseID | unknown | Internal Code42 Case ID for the Departing Employee. Deprecated. Use Code42.DepartingEmployee.UserID. | 
+| Code42.DepartingEmployee.CaseID | string | Internal Code42 Case ID for the Departing Employee. Deprecated. Use Code42.DepartingEmployee.UserID. | 
 | Code42.DepartingEmployee.UserID | string | Internal Code42 User ID for the Departing Employee. | 
 | Code42.DepartingEmployee.Username | string | The username of the Departing Employee. | 
 
 
 #### Command Example
-``` ```
+```!code42-departingemployee-remove username="john.user@example.com"```
 
 #### Human Readable Output
 
+| **UserID** | **Username** |
+| --- | --- | 
+| 123 | john.user@example.com |
 
 
 ### code42-departingemployee-get-all
@@ -296,21 +299,20 @@ Get all employees on the Departing Employee List.
 ```
 
 #### Human Readable Output
-
->### All Departing Employees
->|DepartureDate|Note|UserID|Username|
->|---|---|---|---|
->|  | test | 921286907298179098 | user1@example.com |
->| 2020-07-20 | This is added using csv file to test bulk adding of users to high risk employee list | 948938588694228306 | sagar.patel+l2@code42.com |
->|  |  | 912249223544144039 | unicode@example.com |
->|  |  | 894165832411107815 | testuser@example.com |
->|  | L3 security risk | 949093399968329042 | sagar.patel+l3@code42.com |
->|  | tests and more tests | 942897397520286581 | kiran.chaudhary+partner@code42.com |
->|  |  | 906619740182876328 | resilient.ibm.user@example.com |
->|  |  | 906619632003387560 | resilient.ibm.admin@example.com |
->|  |  | 912338501981077099 | mike.mccollow+testair@code42.com |
->|  | leaving for competition | 951984198921509692 | john.anderson@qrstinc.com |
->|  | Leaving for competitor | 895005723650937319 | alan.grgic+sacumen@code42.com |
+### All Departing Employees
+|DepartureDate|Note|UserID|Username|
+|---|---|---|---|
+|  | test | 921286907298179098 | user1@example.com |
+| 2020-07-20 | This is added using csv file to test bulk adding of users to high risk employee list | 948938588694228306 | sagar.patel+l2@code42.com |
+|  |  | 912249223544144039 | unicode@example.com |
+|  |  | 894165832411107815 | testuser@example.com |
+|  | L3 security risk | 949093399968329042 | sagar.patel+l3@code42.com |
+|  | tests and more tests | 942897397520286581 | kiran.chaudhary+partner@code42.com |
+|  |  | 906619740182876328 | resilient.ibm.user@example.com |
+|  |  | 906619632003387560 | resilient.ibm.admin@example.com |
+|  |  | 912338501981077099 | mike.mccollow+testair@code42.com |
+|  | leaving for competition | 951984198921509692 | john.anderson@qrstinc.com |
+|  | Leaving for competitor | 895005723650937319 | alan.grgic+sacumen@code42.com |
 
 
 ### code42-highriskemployee-add
@@ -354,15 +356,10 @@ Adds a user from the High Risk Employee List.
 ```
 
 #### Human Readable Output
-
->### Code42 High Risk Employee List User Added
->|UserID|Username|
->|---|---|
->| 942876157732602741 | partner.demisto@example.com |
->### Code42 High Risk Employee List User Added
->|UserID|Username|
->|---|---|
->| 942876157732602741 | partner.demisto@example.com |
+### Code42 High Risk Employee List User Added
+|UserID|Username|
+|---|---|
+| 942876157732602741 | partner.demisto@example.com |
 
 
 ### code42-highriskemployee-remove
@@ -404,15 +401,11 @@ Removes a user from the High Risk Employee List.
 ```
 
 #### Human Readable Output
+### Code42 High Risk Employee List User Removed
+|UserID|Username|
+|---|---|
+| 942876157732602741 | partner.demisto@example.com |
 
->### Code42 High Risk Employee List User Removed
->|UserID|Username|
->|---|---|
->| 942876157732602741 | partner.demisto@example.com |
->### Code42 High Risk Employee List User Removed
->|UserID|Username|
->|---|---|
->| 942876157732602741 | partner.demisto@example.com |
 
 
 ### code42-highriskemployee-get-all
@@ -469,23 +462,14 @@ Get all employees on the High Risk Employee List.
 ```
 
 #### Human Readable Output
-
->### Retrieved All High Risk Employees
->|Note|UserID|Username|
->|---|---|---|
->| tests and more tests | 942897397520286581 | kiran.chaudhary+partner@code42.com |
->| Leaving for competitor | 895005723650937319 | alan.grgic+sacumen@code42.com |
->| Test user addition from XSOAR | 912098363086307495 | spatel@code42.com |
->| test | 921286907298179098 | juliya.smith+partners@code42.com |
->| Risky activity | 942876157732602741 | partner.demisto@example.com |
->### Retrieved All High Risk Employees
->|Note|UserID|Username|
->|---|---|---|
->| tests and more tests | 942897397520286581 | kiran.chaudhary+partner@code42.com |
->| Leaving for competitor | 895005723650937319 | alan.grgic+sacumen@code42.com |
->| Test user addition from XSOAR | 912098363086307495 | spatel@code42.com |
->| test | 921286907298179098 | juliya.smith+partners@code42.com |
->| Risky activity | 942876157732602741 | partner.demisto@example.com |
+### Retrieved All High Risk Employees
+|Note|UserID|Username|
+|---|---|---|
+| tests and more tests | 942897397520286581 | kiran.chaudhary+partner@code42.com |
+| Leaving for competitor | 895005723650937319 | alan.grgic+sacumen@code42.com |
+| Test user addition from XSOAR | 912098363086307495 | spatel@code42.com |
+| test | 921286907298179098 | juliya.smith+partners@code42.com |
+| Risky activity | 942876157732602741 | partner.demisto@example.com |
 
 
 ### code42-highriskemployee-add-risk-tags
@@ -514,10 +498,13 @@ Get all employees on the High Risk Employee List.
 
 
 #### Command Example
-``` ```
+```!code42-highriskemployee-add-risk-tags username="partner.demisto@example.com" note="PERFORMANCE_CONCERN"```
 
 #### Human Readable Output
-
+### Code42 Risk Tags Added
+| RiskTags | UserID | Username |
+| -------- | ------ | -------- |
+| PERFORMANCE_CONCERNS | 1234567890 | partners.demisto@example.com |
 
 
 ### code42-highriskemployee-remove-risk-tags
@@ -564,15 +551,10 @@ Get all employees on the High Risk Employee List.
 ```
 
 #### Human Readable Output
-
->### Code42 Risk Tags Removed
->|RiskTags|UserID|Username|
->|---|---|---|
->| PERFORMANCE_CONCERNS | 942876157732602741 | partner.demisto@example.com |
->### Code42 Risk Tags Removed
->|RiskTags|UserID|Username|
->|---|---|---|
->| PERFORMANCE_CONCERNS | 942876157732602741 | partner.demisto@example.com |
+### Code42 Risk Tags Removed
+|RiskTags|UserID|Username|
+|---|---|---|
+| PERFORMANCE_CONCERNS | 942876157732602741 | partner.demisto@example.com |
 
 
 ### code42-user-create
@@ -602,10 +584,13 @@ Creates a Code42 user.
 
 
 #### Command Example
-``` ```
+```!code42-user-create orgname="TestOrg" username="new.user@example.com" email="new.user@example.com"```
 
 #### Human Readable Output
-
+### Code42 User Created
+| Email | UserID | Username |
+| ----- | ------ | -------- |
+| created.in.cortex.xsoar@example.com | 1111158111459014270 | created.in.cortex.xsoar@example.com |
 
 
 ### code42-user-block
@@ -631,11 +616,13 @@ Blocks a user in Code42.  A blocked user is not allowed to log in or restore fil
 
 
 #### Command Example
-``` ```
+```!code42-user-block username="partner.demisto@example.com"```
 
 #### Human Readable Output
-
-
+### Code42 User Blocked
+|UserID|
+| --- |
+| C2345 | 
 
 ### code42-user-deactivate
 ***
@@ -660,8 +647,10 @@ Deactivate a user in Code42; signing them out of their devices. Backups disconti
 
 
 #### Command Example
-``` ```
+```!code42-user-deactivate username="partner.demisto@example.com"```
 
 #### Human Readable Output
-
-
+### Code42 User Deactivated
+| UserID |
+| ------ |
+| 123456790 |
diff --git a/Packs/Code42/Integrations/Code42/README_temp.md b/Packs/Code42/Integrations/Code42/README_temp.md
deleted file mode 100644
index 7874572045f2..000000000000
--- a/Packs/Code42/Integrations/Code42/README_temp.md
+++ /dev/null
@@ -1,492 +0,0 @@
-## Overview
----
-
-Code42 provides simple, fast detection and response to everyday data loss from insider threats by focusing on customer data on endpoints and the cloud to answer questions like:
-
-* Where is my data?
-* Where has my data been?
-* When did my data leave?
-* What data exactly left my organization?
-
-This integration was integrated and tested with the fully-hosted SaaS implementation of Code42 and requires a Platinum level subscription.
-
-## Use Cases
----
-
-* Ingesting File Exfiltration alerts from Code42
-* Management of Departing Employees within Code42
-* General file event and metadata search
-
-
-## Configure Code42 on Cortex XSOAR
-
-1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
-2. Search for Code42.
-3. Click **Add instance** to create and configure a new integration instance.
-
-| **Parameter** | **Description** | **Required** |
-| --- | --- | --- |
-| console_url | Code42 Console URL for the pod your Code42 instance is running in | True |
-| credentials |  | True |
-| isFetch | Fetch incidents | False |
-| incidentType | Incident type | False |
-| alert_severity | Alert severities to fetch when fetching incidents | False |
-| fetch_time | First fetch time range \(&lt;number&gt; &lt;time unit&gt;, e.g., 1 hour, 30 minutes\) | False |
-| fetch_limit | Alerts to fetch per run; note that increasing this value may result in slow performance if too many results are returned at once | False |
-| include_files | Include the list of files in returned incidents. | False |
-
-4. Click **Test** to validate the URLs, token, and connection.
-## Commands
-You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook.
-After you successfully execute a command, a DBot message appears in the War Room with the command details.
-### code42-securitydata-search
-***
-Searches for a file in Security Data by JSON query, hash, username, device hostname, exfiltration type, or a combination of parameters. At least one argument must be passed in the command. If a JSON argument is passed, it will be used to the exclusion of other parameters, otherwise parameters will be combined with an AND clause.
-
-
-#### Base Command
-
-`code42-securitydata-search`
-#### Input
-
-| **Argument Name** | **Description** | **Required** |
-| --- | --- | --- |
-| json | JSON query payload using Code42 query syntax. | Optional | 
-| hash | MD5 or SHA256 hash of the file to search for. | Optional | 
-| username | Username to search for. | Optional | 
-| hostname | Hostname to search for. | Optional | 
-| exposure | Exposure types to search for. Can be "RemovableMedia", "ApplicationRead", "CloudStorage", "IsPublic", "SharedViaLink", or "SharedViaDomain". | Optional | 
-| results | The number of results to return. The default is 100. | Optional | 
-
-
-#### Context Output
-
-| **Path** | **Type** | **Description** |
-| --- | --- | --- |
-| Code42.SecurityData.EventTimestamp | date | Timestamp for the event. | 
-| Code42.SecurityData.FileCreated | date | File creation date. | 
-| Code42.SecurityData.EndpointID | string | Code42 device ID. | 
-| Code42.SecurityData.DeviceUsername | string | The username that the device is associated with in Code42. | 
-| Code42.SecurityData.EmailFrom | string | The sender email address for email exfiltration events. | 
-| Code42.SecurityData.EmailTo | string | The recipient email address for email exfiltration events. | 
-| Code42.SecurityData.EmailSubject | string | The email subject line for email exfiltration events. | 
-| Code42.SecurityData.EventID | string | The Security Data event ID. | 
-| Code42.SecurityData.EventType | string | The type of Security Data event. | 
-| Code42.SecurityData.FileCategory | string | The file type, as determined by Code42 engine. | 
-| Code42.SecurityData.FileOwner | string | The owner of the file. | 
-| Code42.SecurityData.FileName | string | The file name. | 
-| Code42.SecurityData.FilePath | string | The path to file. | 
-| Code42.SecurityData.FileSize | number | The size of the file \(in bytes\). | 
-| Code42.SecurityData.FileModified | date | The date the file was last modified. | 
-| Code42.SecurityData.FileMD5 | string | MD5 hash of the file. | 
-| Code42.SecurityData.FileHostname | string | Hostname where the file event was captured. | 
-| Code42.SecurityData.DevicePrivateIPAddress | string | Private IP addresses of the device where the event was captured. | 
-| Code42.SecurityData.DevicePublicIPAddress | string | Public IP address of the device where the event was captured. | 
-| Code42.SecurityData.RemovableMediaType | string | Type of removable media. | 
-| Code42.SecurityData.RemovableMediaCapacity | number | Total capacity of removable media \(in bytes\). | 
-| Code42.SecurityData.RemovableMediaMediaName | string | The full name of the removable media. | 
-| Code42.SecurityData.RemovableMediaName | string | The name of the removable media. | 
-| Code42.SecurityData.RemovableMediaSerialNumber | string | The serial number for the removable medial device. | 
-| Code42.SecurityData.RemovableMediaVendor | string | The vendor name for removable device. | 
-| Code42.SecurityData.FileSHA256 | string | The SHA256 hash of the file. | 
-| Code42.SecurityData.FileShared | boolean | Whether the file is shared using a cloud file service. | 
-| Code42.SecurityData.FileSharedWith | string | Accounts that the file is shared with on a cloud file service. | 
-| Code42.SecurityData.Source | string | The source of the file event. Can be "Cloud" or "Endpoint". | 
-| Code42.SecurityData.ApplicationTabURL | string | The URL associated with the application read event. | 
-| Code42.SecurityData.ProcessName | string | The process name for the application read event. | 
-| Code42.SecurityData.ProcessOwner | string | The process owner for the application read event. | 
-| Code42.SecurityData.WindowTitle | string | The process name for the application read event. | 
-| Code42.SecurityData.FileURL | string | The URL of the file on a cloud file service. | 
-| Code42.SecurityData.Exposure | string | The event exposure type. | 
-| Code42.SecurityData.SharingTypeAdded | string | The type of sharing added to the file. | 
-| File.Name | string | The file name. | 
-| File.Path | string | The file path. | 
-| File.Size | number | The file size \(in bytes\). | 
-| File.MD5 | string | The MD5 hash of the file. | 
-| File.SHA256 | string | The SHA256 hash of the file. | 
-| File.Hostname | string | The hostname where the file event was captured. | 
-
-
-#### Command Example
-```!code42-securitydata-search hash=eef8b12d2ed0d6a69fe77699d5640c7b exposure=CloudStorage,ApplicationRead```
-
-#### Human Readable Output
-
-| **EventType** | **FileName** | **FileSize** | **FileHostname** | **FileOwner** | **FileCategory** |
-| --- | --- | --- | --- | --- | --- |
-| READ\_BY\_APP | ProductPhoto.jpg | 333114 | DESKTOP-001 | john.user | IMAGE |
-
-
-### code42-alert-get
-***
-Retrieve alert details by alert ID
-
-
-#### Base Command
-
-`code42-alert-get`
-#### Input
-
-| **Argument Name** | **Description** | **Required** |
-| --- | --- | --- |
-| id | The alert ID to retrieve. Alert IDs are associated with alerts that are fetched via fetch-incidents. | Required | 
-
-
-#### Context Output
-
-| **Path** | **Type** | **Description** |
-| --- | --- | --- |
-| Code42.SecurityAlert.Username | string | The username associated with the alert. | 
-| Code42.SecurityAlert.Occurred | date | The timestamp when the alert occurred. | 
-| Code42.SecurityAlert.Description | string | The description of the alert. | 
-| Code42.SecurityAlert.ID | string | The alert ID. | 
-| Code42.SecurityAlert.Name | string | The alert rule name that generated the alert. | 
-| Code42.SecurityAlert.State | string | The alert state. | 
-| Code42.SecurityAlert.Type | string | The alert type. | 
-| Code42.SecurityAlert.Severity | string | The severity of the alert. | 
-
-
-#### Command Example
-```!code42-alert-get id="a23557a7-8ca9-4ec6-803f-6a46a2aeca62"```
-
-#### Human Readable Output
-
-| **Type** | **Occurred** | **Username** | **Name** | **Description** | **State** | **ID** |
-| --- | --- | --- | --- | --- | --- | --- |
-| FED\_CLOUD\_SHARE_PERMISSIONS | 2019-10-08T17:38:19.0801650Z | john.user@123.org | Google Drive - Public via Direct Link |  Alert for public Google Drive files | OPEN | a23557a7-8ca9-4ec6-803f-6a46a2aeca62 |
-
-
-### code42-alert-resolve
-***
-Resolves a Code42 Security alert.
-
-
-#### Base Command
-
-`code42-alert-resolve`
-#### Input
-
-| **Argument Name** | **Description** | **Required** |
-| --- | --- | --- |
-| id | The alert ID to resolve. Alert IDs are associated with alerts that are fetched via fetch-incidents. | Required | 
-
-
-#### Context Output
-
-| **Path** | **Type** | **Description** |
-| --- | --- | --- |
-| Code42.SecurityAlert.ID | string | The alert ID of the resolved alert. | 
-
-
-#### Command Example
-```!code42-alert-resolve id="eb272d18-bc82-4680-b570-ac5d61c6cca6"```
-
-#### Human Readable Output
-
-| **ID** |
-| --- |
-| eb272d18-bc82-4680-b570-ac5d61c6cca6 |
-
-
-### code42-departingemployee-add
-***
-Adds a user to the Departing Employee List.
-
-
-#### Base Command
-
-`code42-departingemployee-add`
-#### Input
-
-| **Argument Name** | **Description** | **Required** |
-| --- | --- | --- |
-| username | The username to add to the Departing Employee List. | Required | 
-| departuredate | The departure date for the employee, in the format YYYY-MM-DD. | Optional | 
-| note | Note to attach to the Departing Employee. | Optional | 
-
-
-#### Context Output
-
-| **Path** | **Type** | **Description** |
-| --- | --- | --- |
-| Code42.DepartingEmployee.UserID | string | Internal Code42 User ID for the Departing Employee. | 
-| Code42.DepartingEmployee.Username | string | The username of the Departing Employee. | 
-| Code42.DepartingEmployee.Note | string | Note associated with the Departing Employee. | 
-| Code42.DepartingEmployee.DepartureDate | unknown | The departure date for the Departing Employee. | 
-
-
-#### Command Example
-```!code42-departingemployee-add username="john.user@123.org" departuredate="2020-02-28" note="Leaving for competitor"```
-
-#### Human Readable Output
-
-| **UserID** | **DepartureDate** | **Note** | **Username** |
-| --- | --- | --- | --- |
-| 123 | 2020-02-28 | Leaving for competitor | john.user@example.com |
-
-
-### code42-departingemployee-remove
-***
-Removes a user from the Departing Employee List.
-
-
-#### Base Command
-
-`code42-departingemployee-remove`
-#### Input
-
-| **Argument Name** | **Description** | **Required** |
-| --- | --- | --- |
-| username | The username to remove from the Departing Employee List. | Required | 
-
-
-#### Context Output
-
-| **Path** | **Type** | **Description** |
-| --- | --- | --- |
-| Code42.DepartingEmployee.UserID | string | Internal Code42 User ID for the Departing Employee. | 
-| Code42.DepartingEmployee.Username | string | The username of the Departing Employee. | 
-
-
-#### Command Example
-```!code42-departingemployee-remove username="john.user@example.com"```
-
-#### Human Readable Output
-
-| **UserID** | **Username** |
-| --- | --- | 
-| 123 | john.user@example.com |
-
-
-### code42-departingemployee-get-all
-***
-Get all employees on the Departing Employee List.
-
-
-#### Base Command
-
-`code42-departingemployee-get-all`
-#### Input
-
-There are no input arguments for this command.
-
-#### Context Output
-
-| **Path** | **Type** | **Description** |
-| --- | --- | --- |
-| Code42.DepartingEmployee.UserID | string | Internal Code42 User ID for the Departing Employee. | 
-| Code42.DepartingEmployee.Username | string | The username of the Departing Employee. | 
-| Code42.DepartingEmployee.Note | string | Note associated with the Departing Employee. | 
-| Code42.DepartingEmployee.DepartureDate | unknown | The departure date for the Departing Employee. | 
-
-
-#### Command Example
-```!code42-departingemployee-get-all```
-
-#### Human Readable Output
-
-| **UserID** | **DepartureDate** | **Note** | **Username** |
-| --- | --- | --- | --- |
-| 123 | 2020-02-28 | Leaving for competitor | john.user@example.com |
-
-
-### code42-highriskemployee-add
-***
-Removes a user from the High Risk Employee List.
-
-
-#### Base Command
-
-`code42-highriskemployee-add`
-#### Input
-
-| **Argument Name** | **Description** | **Required** |
-| --- | --- | --- |
-| username | The username to add to the High Risk Employee List. | Required | 
-| note | Note to attach to the High Risk Employee. | Optional | 
-
-
-#### Context Output
-
-| **Path** | **Type** | **Description** |
-| --- | --- | --- |
-| Code42.HighRiskEmployee.UserID | string | Internal Code42 User ID for the High Risk Employee. | 
-| Code42.HighRiskEmployee.Username | string | The username of the High Risk Employee. | 
-| Code42.HighRiskEmployee.Note | string | Note associated with the High Risk Employee. | 
-
-
-#### Command Example
-```!code42-highriskemployee-add username="john.user@123.org" note="Risky activity"```
-
-#### Human Readable Output
-
-| **UserID** | **Note** | **Username** |
-| --- | --- | --- |
-| 123 | Leaving for competitor | john.user@example.com |
-
-
-### code42-highriskemployee-remove
-***
-Removes a user from the High Risk Employee List.
-
-
-#### Base Command
-
-`code42-highriskemployee-remove`
-#### Input
-
-| **Argument Name** | **Description** | **Required** |
-| --- | --- | --- |
-| username | The username to remove from the High Risk Employee List. | Required | 
-
-
-#### Context Output
-
-| **Path** | **Type** | **Description** |
-| --- | --- | --- |
-| Code42.HighRiskEmployee.UserID | unknown | Internal Code42 User ID for the High Risk Employee. | 
-| Code42.HighRiskEmployee.Username | unknown | The username of the High Risk Employee. | 
-
-
-#### Command Example
-```!code42-highriskemployee-remove username="john.user@example.com"```
-
-#### Human Readable Output
-
-| **UserID** | **Username** |
-| --- | --- |
-| 123 | john.user@example.com |
-
-
-### code42-highriskemployee-get-all
-***
-Get all employees on the High Risk Employee List.
-
-
-#### Base Command
-
-`code42-highriskemployee-get-all`
-#### Input
-
-| **Argument Name** | **Description** | **Required** |
-| --- | --- | --- |
-| risktags | To filter results by employees who have these risk tags. | Optional | 
-
-
-#### Context Output
-
-| **Path** | **Type** | **Description** |
-| --- | --- | --- |
-| Code42.HighRiskEmployee.UserID | string | Internal Code42 User ID for the High Risk Employee. | 
-| Code42.HighRiskEmployee.Username | string | The username of the High Risk Employee. | 
-| Code42.HighRiskEmployee.Note | string | Note associated with the High Risk Employee. | 
-
-
-#### Command Example
-```!code42-highriskemployee-get-all risktags="PERFORMANCE_CONCERNS"```
-
-#### Human Readable Output
-
-| **UserID** | **Note** | **Username** |
-| --- | --- | --- |
-| 123 | Leaving for competitor | john.user@example.com |
-
-
-### code42-highriskemployee-add-risk-tags
-***
- 
-
-#### Base Command
-
-`code42-highriskemployee-add-risk-tags`
-#### Input
-
-| **Argument Name** | **Description** | **Required** |
-| --- | --- | --- |
-| username | The username of the High Risk Employee. | Required | 
-| risktags | Risk tags to associate with the High Risk Employee. | Required | 
-
-
-#### Context Output
-
-| **Path** | **Type** | **Description** |
-| --- | --- | --- |
-| Code42.HighRiskEmployee.UserID | string | Internal Code42 User ID for the Departing Employee. | 
-| Code42.HighRiskEmployee.Username | string | The username of the High Risk Employee. | 
-| Code42.HighRiskEmployee.RiskTags | unknown | Risk tags to associate with the High Risk Employee. | 
-
-
-#### Command Example
-```!code42-highriskemployee-add-risk-tags username="john.user@example.com" risktags="PERFORMANCE_CONCERNS"```
-
-#### Human Readable Output
-
-| **UserID** | **RiskTags** | **Username** |
-| --- | --- | --- |
-| 123 | FLIGHT_RISK | john.user@example.com |
-
-
-### code42-highriskemployee-remove-risk-tags
-***
-
-
-
-#### Base Command
-
-`code42-highriskemployee-remove-risk-tags`
-#### Input
-
-| **Argument Name** | **Description** | **Required** |
-| --- | --- | --- |
-| username | The username of the High Risk Employee. | Required | 
-| risktags | Risk tags to disassociate from the High Risk Employee. | Required | 
-
-
-#### Context Output
-
-| **Path** | **Type** | **Description** |
-| --- | --- | --- |
-| Code42.HighRiskEmployee.UserID | string | Internal Code42 User ID for the Departing Employee. | 
-| Code42.HighRiskEmployee.Username | string | The username of the High Risk Employee. | 
-| Code42.HighRiskEmployee.RiskTags | unknown | Risk tags to disassociate from the High Risk Employee. | 
-
-
-#### Command Example
-```!code42-highriskemployee-remove-risk-tags username="john.user@example.com" risktags="PERFORMANCE_CONCERNS"```
-
-#### Human Readable Output
-
-| **UserID** | **RiskTags** | **Username** |
-| --- | --- | --- |
-| 123 | FLIGHT_RISK | john.user@example.com |
-
-
-
-#### Base Command
-
-`code42-highriskemployee-remove-risk-tags`
-#### Input
-
-| **Argument Name** | **Description** | **Required** |
-| --- | --- | --- |
-| username | The username of the High Risk Employee. | Required | 
-| risktags | Risk tags to disassociate from the High Risk Employee. | Required | 
-
-
-#### Context Output
-
-| **Path** | **Type** | **Description** |
-| --- | --- | --- |
-| Code42.HighRiskEmployee.UserID | string | Internal Code42 User ID for the Departing Employee. | 
-| Code42.HighRiskEmployee.Username | string | The username of the High Risk Employee. | 
-| Code42.HighRiskEmployee.RiskTags | unknown | Risk tags to disassociate from the High Risk Employee. | 
-
-
-#### Command Example
-```!code42-highriskemployee-remove-risk-tags username="john.user@example.com" risktags="PERFORMANCE_CONCERNS"```
-
-#### Human Readable Output
-
-| **UserID** | **RiskTags** | **Username** |
-| --- | --- | --- |
-| 123 | FLIGHT_RISK | john.user@example.com |
\ No newline at end of file
diff --git a/Packs/Code42/Integrations/Code42/command_examples.txt b/Packs/Code42/Integrations/Code42/command_examples.txt
index 5aa88cec593e..9de7fdbfdc09 100644
--- a/Packs/Code42/Integrations/Code42/command_examples.txt
+++ b/Packs/Code42/Integrations/Code42/command_examples.txt
@@ -8,3 +8,6 @@
 !code42-highriskemployee-get-all
 !code42-highriskemployee-add-risk-tags username="partner.demisto@example.com" note="PERFORMANCE_CONCERN"
 !code42-highriskemployee-remove-risk-tags username="partner.demisto@example.com" risktags="PERFORMANCE_CONCERNS"
+!code42-user-create orgname="TestOrg" username="new.user@example.com" email="new.user@example.com"
+!code42-user-block username="partner.demisto@example.com"
+!code42-user-deactivate username="partner.demisto@example.com"

From b0115710c65a44ae17d070e0bfc73cf7ce29b78e Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Tue, 30 Jun 2020 01:29:23 +0000
Subject: [PATCH 07/24] Unblock and reactivate

---
 Packs/Code42/Integrations/Code42/Code42.py    | 46 +++++++++++
 Packs/Code42/Integrations/Code42/Code42.yml   | 37 ++++++++-
 .../Code42/Integrations/Code42/Code42_test.py | 22 +++++
 Packs/Code42/Integrations/Code42/README.md    | 67 +++++++++++++++-
 .../Code42/integration-Code42.yml             | 80 ++++++++++++++++++-
 5 files changed, 247 insertions(+), 5 deletions(-)

diff --git a/Packs/Code42/Integrations/Code42/Code42.py b/Packs/Code42/Integrations/Code42/Code42.py
index f55ed62dcfce..43d57b02c701 100644
--- a/Packs/Code42/Integrations/Code42/Code42.py
+++ b/Packs/Code42/Integrations/Code42/Code42.py
@@ -275,11 +275,21 @@ def block_user(self, username):
         self._get_sdk().users.block(user_id)
         return user_id
 
+    def unblock_user(self, username):
+        user_id = self.get_user(username)["userId"]
+        self._get_sdk().users.unblock(user_id)
+        return user_id
+
     def deactivate_user(self, username):
         user_id = self.get_user(username)["userId"]
         self._get_sdk().users.deactivate(user_id)
         return user_id
 
+    def reactivate_user(self, username):
+        user_id = self.get_user(username)["userId"]
+        self._get_sdk().users.reactivate(user_id)
+        return user_id
+
     def get_org(self, org_name):
         org_pages = self._get_sdk().orgs.get_all()
         for org_page in org_pages:
@@ -836,6 +846,23 @@ def user_block_command(client, args):
         return_error(create_command_error_message(demisto.command(), e))
 
 
+def user_unblock_command(client, args):
+    username = args.get("username")
+    try:
+        user_id = client.unblock_user(username)
+        outputs = {"UserID": user_id}
+        readable_outputs = tableToMarkdown("Code42 User Unblocked", outputs)
+        return CommandResults(
+            outputs_prefix="Code42.User",
+            outputs_key_field="UserID",
+            outputs=outputs,
+            readable_output=readable_outputs,
+            raw_response=user_id,
+        )
+    except Exception as e:
+        return_error(create_command_error_message(demisto.command(), e))
+
+
 def user_deactivate_command(client, args):
     username = args.get("username")
     try:
@@ -853,6 +880,23 @@ def user_deactivate_command(client, args):
         return_error(create_command_error_message(demisto.command(), e))
 
 
+def user_reactivate_command(client, args):
+    username = args.get("username")
+    try:
+        user_id = client.reactivate_user(username)
+        outputs = {"UserID": user_id}
+        readable_outputs = tableToMarkdown("Code42 User Reactivated", outputs)
+        return CommandResults(
+            outputs_prefix="Code42.User",
+            outputs_key_field="UserID",
+            outputs=outputs,
+            readable_output=readable_outputs,
+            raw_response=user_id,
+        )
+    except Exception as e:
+        return_error(create_command_error_message(demisto.command(), e))
+
+
 """Fetching"""
 
 
@@ -1028,7 +1072,9 @@ def main():
             "code42-highriskemployee-remove-risk-tags": highriskemployee_remove_risk_tags_command,
             "code42-user-create": user_create_command,
             "code42-user-block": user_block_command,
+            "code42-user-unblock": user_unblock_command,
             "code42-user-deactivate": user_deactivate_command,
+            "code42_user-reactivate": user_reactivate_command,
         }
         command = demisto.command()
         if command == "test-module":
diff --git a/Packs/Code42/Integrations/Code42/Code42.yml b/Packs/Code42/Integrations/Code42/Code42.yml
index 7f93a6b02ace..15b1b52b3b16 100644
--- a/Packs/Code42/Integrations/Code42/Code42.yml
+++ b/Packs/Code42/Integrations/Code42/Code42.yml
@@ -311,7 +311,8 @@ script:
     name: code42-departingemployee-add
     outputs:
     - contextPath: Code42.DepartingEmployee.CaseID
-      description: Internal Code42 Case ID for the Departing Employee. Deprecated. Use Code42.DepartingEmployee.UserID.
+      description: Internal Code42 Case ID for the Departing Employee. Deprecated.
+        Use Code42.DepartingEmployee.UserID.
       type: string
     - contextPath: Code42.DepartingEmployee.UserID
       description: Internal Code42 User ID for the Departing Employee.
@@ -338,7 +339,8 @@ script:
     name: code42-departingemployee-remove
     outputs:
     - contextPath: Code42.DepartingEmployee.CaseID
-      description: Internal Code42 Case ID for the Departing Employee. Deprecated. Use Code42.DepartingEmployee.UserID.
+      description: Internal Code42 Case ID for the Departing Employee. Deprecated.
+        Use Code42.DepartingEmployee.UserID.
       type: string
     - contextPath: Code42.DepartingEmployee.UserID
       description: Internal Code42 User ID for the Departing Employee.
@@ -560,6 +562,37 @@ script:
     - contextPath: Code42.User.UserID
       description: The ID of a Code42 User.
       type: String
+  - arguments:
+    - default: false
+      description: The username of the user to unblock.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    deprecated: false
+    description: Removes a block, if one exists, on the user with the given user ID.
+      Unblocked users are allowed to log in and restore.
+    execution: false
+    name: code42-user-unblock
+    outputs:
+    - contextPath: Code42.User.UserID
+      description: An ID for a Code42 user.
+      type: String
+  - arguments:
+    - default: false
+      description: The username of the user to reactivate.
+      isArray: false
+      name: username
+      required: false
+      secret: true
+    deprecated: false
+    description: Reactivates the user with the given username.
+    execution: false
+    name: code42-user-reactivate
+    outputs:
+    - contextPath: Code42.User.UserID
+      description: The ID of a Code42 User.
+      type: String
   dockerimage: demisto/py42:1.0.0.9242
   feed: false
   isfetch: true
diff --git a/Packs/Code42/Integrations/Code42/Code42_test.py b/Packs/Code42/Integrations/Code42/Code42_test.py
index 0274eb575108..deae575a103b 100644
--- a/Packs/Code42/Integrations/Code42/Code42_test.py
+++ b/Packs/Code42/Integrations/Code42/Code42_test.py
@@ -23,7 +23,9 @@
     securitydata_search_command,
     user_create_command,
     user_block_command,
+    user_unblock_command,
     user_deactivate_command,
+    user_reactivate_command,
     fetch_incidents,
 )
 import time
@@ -1566,6 +1568,16 @@ def test_user_block_command(code42_users_mock):
     assert cmd_res.raw_response == 123456
     assert cmd_res.outputs["UserID"] == 123456
     assert cmd_res.outputs_prefix == "Code42.User"
+    code42_users_mock.users.block.assert_called_once_with(123456)
+
+
+def test_user_unblock_command(code42_users_mock):
+    client = create_client(code42_users_mock)
+    cmd_res = user_unblock_command(client, {"username": "new.user@example.com"})
+    assert cmd_res.raw_response == 123456
+    assert cmd_res.outputs["UserID"] == 123456
+    assert cmd_res.outputs_prefix == "Code42.User"
+    code42_users_mock.users.unblock.assert_called_once_with(123456)
 
 
 def test_user_deactivate_command(code42_users_mock):
@@ -1574,6 +1586,16 @@ def test_user_deactivate_command(code42_users_mock):
     assert cmd_res.raw_response == 123456
     assert cmd_res.outputs["UserID"] == 123456
     assert cmd_res.outputs_prefix == "Code42.User"
+    code42_users_mock.users.deactivate.assert_called_once_with(123456)
+
+
+def test_user_reactivate_command(code42_users_mock):
+    client = create_client(code42_users_mock)
+    cmd_res = user_reactivate_command(client, {"username": "new.user@example.com"})
+    assert cmd_res.raw_response == 123456
+    assert cmd_res.outputs["UserID"] == 123456
+    assert cmd_res.outputs_prefix == "Code42.User"
+    code42_users_mock.users.reactivate.assert_called_once_with(123456)
 
 
 def test_security_data_search_command(code42_file_events_mock):
diff --git a/Packs/Code42/Integrations/Code42/README.md b/Packs/Code42/Integrations/Code42/README.md
index 4878275e02a4..32d7d7447883 100644
--- a/Packs/Code42/Integrations/Code42/README.md
+++ b/Packs/Code42/Integrations/Code42/README.md
@@ -591,7 +591,7 @@ Creates a Code42 user.
 | Email | UserID | Username |
 | ----- | ------ | -------- |
 | created.in.cortex.xsoar@example.com | 1111158111459014270 | created.in.cortex.xsoar@example.com |
-
+ 
 
 ### code42-user-block
 ***
@@ -622,7 +622,39 @@ Blocks a user in Code42.  A blocked user is not allowed to log in or restore fil
 ### Code42 User Blocked
 |UserID|
 | --- |
-| C2345 | 
+| C2345 |
+
+
+### code42-user-unblock
+***
+Removes a block, if one exists, on the user with the given user ID. Unblocked users are allowed to log in and restore.
+
+#### Base Command
+
+`code42-user-unblock`
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| username | The username of the user to unblock. | Required | 
+
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| Code42.User.UserID | String | An ID for a Code42 user. | 
+
+
+#### Command Example
+```!code42-user-unblock username="partner.demisto@example.com"```
+
+#### Human Readable Output
+### Code42 User Blocked
+|UserID|
+| --- |
+| C2345 |
+
 
 ### code42-user-deactivate
 ***
@@ -654,3 +686,34 @@ Deactivate a user in Code42; signing them out of their devices. Backups disconti
 | UserID |
 | ------ |
 | 123456790 |
+
+
+### code42-user-reactivate
+***
+Reactivates the user with the given username.
+
+#### Base Command
+
+`code42-user-reactivate`
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| username | The username of the user to reactivate. | Optional | 
+
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| Code42.User.UserID | String | The ID of a Code42 User. | 
+
+
+#### Command Example
+```!code42-user-reactivate username="partner.demisto@example.com"```
+
+#### Human Readable Output
+### Code42 User Deactivated
+| UserID |
+| ------ |
+| 123456790 |
diff --git a/Packs/Code42/Integrations/Code42/integration-Code42.yml b/Packs/Code42/Integrations/Code42/integration-Code42.yml
index 697e1e6964ef..0b3ffd7e7adc 100644
--- a/Packs/Code42/Integrations/Code42/integration-Code42.yml
+++ b/Packs/Code42/Integrations/Code42/integration-Code42.yml
@@ -302,6 +302,7 @@ script:
     outputs:
     - contextPath: Code42.DepartingEmployee.CaseID
       description: Internal Code42 Case ID for the Departing Employee. Deprecated. Use Code42.DepartingEmployee.UserID.
+      type: string
     - contextPath: Code42.DepartingEmployee.UserID
       description: Internal Code42 User ID for the Departing Employee.
       type: string
@@ -328,6 +329,7 @@ script:
     outputs:
     - contextPath: Code42.DepartingEmployee.CaseID
       description: Internal Code42 Case ID for the Departing Employee. Deprecated. Use Code42.DepartingEmployee.UserID.
+      type: string
     - contextPath: Code42.DepartingEmployee.UserID
       description: Internal Code42 User ID for the Departing Employee.
       type: string
@@ -545,6 +547,36 @@ script:
     - contextPath: Code42.User.UserID
       description: The ID of a Code42 User.
       type: String
+  - arguments:
+    - default: false
+      description: The username of the user to unblock.
+      isArray: false
+      name: username
+      required: true
+      secret: false
+    deprecated: false
+    description: Removes a block, if one exists, on the user with the given user ID. Unblocked users are allowed to log in and restore.
+    execution: false
+    name: code42-user-unblock
+    outputs:
+    - contextPath: Code42.User.UserID
+      description: An ID for a Code42 user.
+      type: String
+  - arguments:
+    - default: false
+      description: The username of the user to reactivate.
+      isArray: false
+      name: username
+      required: false
+      secret: true
+    deprecated: false
+    description: Reactivates the user with the given username.
+    execution: false
+    name: code42-user-reactivate
+    outputs:
+    - contextPath: Code42.User.UserID
+      description: The ID of a Code42 User.
+      type: String
   dockerimage: demisto/py42:1.0.0.9242
   feed: false
   isfetch: true
@@ -848,11 +880,21 @@ script:
             self._get_sdk().users.block(user_id)
             return user_id
 
+        def unblock_user(self, username):
+            user_id = self.get_user(username)["userId"]
+            self._get_sdk().users.unblock(user_id)
+            return user_id
+
         def deactivate_user(self, username):
             user_id = self.get_user(username)["userId"]
             self._get_sdk().users.deactivate(user_id)
             return user_id
 
+        def reactivate_user(self, username):
+            user_id = self.get_user(username)["userId"]
+            self._get_sdk().users.reactivate(user_id)
+            return user_id
+
         def get_org(self, org_name):
             org_pages = self._get_sdk().orgs.get_all()
             for org_page in org_pages:
@@ -1426,12 +1468,46 @@ script:
             return_error(create_command_error_message(demisto.command(), e))
 
 
+    def user_unblock_command(client, args):
+        username = args.get("username")
+        try:
+            user_id = client.unblock_user(username)
+            outputs = {"UserID": user_id}
+            readable_outputs = tableToMarkdown("Code42 User Unblocked", outputs)
+            return CommandResults(
+                outputs_prefix="Code42.User",
+                outputs_key_field="UserID",
+                outputs=outputs,
+                readable_output=readable_outputs,
+                raw_response=user_id,
+            )
+        except Exception as e:
+            return_error(create_command_error_message(demisto.command(), e))
+
+
     def user_deactivate_command(client, args):
         username = args.get("username")
         try:
             user_id = client.deactivate_user(username)
             outputs = {"UserID": user_id}
-            readable_outputs = tableToMarkdown("Code42 User Blocked", outputs)
+            readable_outputs = tableToMarkdown("Code42 User Deactivated", outputs)
+            return CommandResults(
+                outputs_prefix="Code42.User",
+                outputs_key_field="UserID",
+                outputs=outputs,
+                readable_output=readable_outputs,
+                raw_response=user_id,
+            )
+        except Exception as e:
+            return_error(create_command_error_message(demisto.command(), e))
+
+
+    def user_reactivate_command(client, args):
+        username = args.get("username")
+        try:
+            user_id = client.reactivate_user(username)
+            outputs = {"UserID": user_id}
+            readable_outputs = tableToMarkdown("Code42 User Reactivated", outputs)
             return CommandResults(
                 outputs_prefix="Code42.User",
                 outputs_key_field="UserID",
@@ -1620,7 +1696,9 @@ script:
                 "code42-highriskemployee-remove-risk-tags": highriskemployee_remove_risk_tags_command,
                 "code42-user-create": user_create_command,
                 "code42-user-block": user_block_command,
+                "code42-user-unblock": user_unblock_command,
                 "code42-user-deactivate": user_deactivate_command,
+                "code42_user-reactivate": user_reactivate_command,
             }
             command = demisto.command()
             if command == "test-module":

From e6ab37041733ca66c9d86b3d6b957dc6205f213f Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Tue, 30 Jun 2020 01:33:16 +0000
Subject: [PATCH 08/24] Finish adding commands

---
 Packs/Code42/Integrations/Code42/CHANGELOG.md         | 5 +++++
 Packs/Code42/Integrations/Code42/command_examples.txt | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/Packs/Code42/Integrations/Code42/CHANGELOG.md b/Packs/Code42/Integrations/Code42/CHANGELOG.md
index 244b5e76f237..d30648e07019 100644
--- a/Packs/Code42/Integrations/Code42/CHANGELOG.md
+++ b/Packs/Code42/Integrations/Code42/CHANGELOG.md
@@ -7,6 +7,11 @@ Added new commands:
         Optionally takes a list of risk tags and only gets employees who have those risk tags.
     - **code42-highriskemployee-add-risk-tags** that takes a username and risk tags and associates the risk tags with the user.
     - **code42-highriskemployee-remove-risk-tags** that takes a username and risk tags and disassociates the risk tags from the user.
+    - **code42-user-deactivate** that deactivates a user in Code42.
+    - **code42-user-reactivate** that reactivates a user in Code42.
+    - **code42-user-block** that blocks a user in Code42.
+    - **code42-user-unblock** that unblocks a user in Code42.
+    - **code42-user-create** that creates a user in Code42.
 Improve error messages for all Commands to include exception detail.
 
 ## [20.3.3] - 2020-03-18
diff --git a/Packs/Code42/Integrations/Code42/command_examples.txt b/Packs/Code42/Integrations/Code42/command_examples.txt
index 9de7fdbfdc09..d7bb4697e6ae 100644
--- a/Packs/Code42/Integrations/Code42/command_examples.txt
+++ b/Packs/Code42/Integrations/Code42/command_examples.txt
@@ -10,4 +10,6 @@
 !code42-highriskemployee-remove-risk-tags username="partner.demisto@example.com" risktags="PERFORMANCE_CONCERNS"
 !code42-user-create orgname="TestOrg" username="new.user@example.com" email="new.user@example.com"
 !code42-user-block username="partner.demisto@example.com"
+!code42-user-unblock username="partner.demisto@example.com"
 !code42-user-deactivate username="partner.demisto@example.com"
+!code42-user-reactivate username="partner.demisto@example.com"
\ No newline at end of file

From ebd36b8246faf3848a7802efd1a18b5f88bf4af7 Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Tue, 30 Jun 2020 15:12:37 +0000
Subject: [PATCH 09/24] Fix tests

---
 Packs/Code42/Integrations/Code42/Code42.py      | 17 +++++++++--------
 Packs/Code42/Integrations/Code42/Code42_test.py |  8 ++++----
 .../Integrations/Code42/integration-Code42.yml  | 17 +++++++++--------
 3 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/Packs/Code42/Integrations/Code42/Code42.py b/Packs/Code42/Integrations/Code42/Code42.py
index 173f7d23290d..45eb153e2644 100644
--- a/Packs/Code42/Integrations/Code42/Code42.py
+++ b/Packs/Code42/Integrations/Code42/Code42.py
@@ -510,8 +510,9 @@ def _convert_date_arg_to_epoch(date_arg):
 def map_to_code42_event_context(obj):
     code42_context = _map_obj_to_context(obj, CODE42_EVENT_CONTEXT_FIELD_MAPPER)
     # FileSharedWith is a special case and needs to be converted to a list
-    if code42_context.get("FileSharedWith"):
-        shared_list = [u["cloudUsername"] for u in code42_context["FileSharedWith"]]
+    shared_with_list = code42_context.get("FileSharedWith")
+    if shared_with_list:
+        shared_list = [u.get("cloudUsername") for u in shared_with_list if u.get("cloudUsername")]
         code42_context["FileSharedWith"] = str(shared_list)
     return code42_context
 
@@ -541,7 +542,7 @@ def create_command_error_message(cmd, ex):
 @logger
 def alert_get_command(client, args):
     code42_securityalert_context = []
-    alert = client.get_alert_details(args["id"])
+    alert = client.get_alert_details(args.get("id"))
     if not alert:
         return CommandResults(
             readable_output="No results found",
@@ -570,7 +571,7 @@ def alert_get_command(client, args):
 @logger
 def alert_resolve_command(client, args):
     code42_securityalert_context = []
-    alert_id = client.resolve_alert(args["id"])
+    alert_id = client.resolve_alert(args.get("id"))
     if not alert_id:
         return CommandResults(
             readable_output="No results found",
@@ -601,7 +602,7 @@ def alert_resolve_command(client, args):
 @logger
 def departingemployee_add_command(client, args):
     departing_date = args.get("departuredate")
-    username = args["username"]
+    username = args.get("username")
     note = args.get("note")
     user_id = client.add_user_to_departing_employee(username, departing_date, note)
     # CaseID included but is deprecated.
@@ -624,7 +625,7 @@ def departingemployee_add_command(client, args):
 
 @logger
 def departingemployee_remove_command(client, args):
-    username = args["username"]
+    username = args.get("username")
     user_id = client.remove_user_from_departing_employee(username)
     # CaseID included but is deprecated.
     de_context = {"CaseID": user_id, "UserID": user_id, "Username": username}
@@ -672,7 +673,7 @@ def departingemployee_get_all_command(client, args):
 
 @logger
 def highriskemployee_add_command(client, args):
-    username = args["username"]
+    username = args.get("username")
     note = args.get("note")
     user_id = client.add_user_to_high_risk_employee(username, note)
     hr_context = {"UserID": user_id, "Username": username}
@@ -688,7 +689,7 @@ def highriskemployee_add_command(client, args):
 
 @logger
 def highriskemployee_remove_command(client, args):
-    username = args["username"]
+    username = args.get("username")
     user_id = client.remove_user_from_high_risk_employee(username)
     hr_context = {"UserID": user_id, "Username": username}
     readable_outputs = tableToMarkdown("Code42 High Risk Employee List User Removed", hr_context)
diff --git a/Packs/Code42/Integrations/Code42/Code42_test.py b/Packs/Code42/Integrations/Code42/Code42_test.py
index deae575a103b..7425e0357965 100644
--- a/Packs/Code42/Integrations/Code42/Code42_test.py
+++ b/Packs/Code42/Integrations/Code42/Code42_test.py
@@ -1391,8 +1391,8 @@ def test_departingemployee_get_all_command_when_no_employees(
     )
     assert cmd_res.outputs_prefix == "Code42.DepartingEmployee"
     assert cmd_res.outputs_key_field == "UserID"
-    assert cmd_res.raw_response == []
-    assert cmd_res.outputs == []
+    assert cmd_res.raw_response == {}
+    assert cmd_res.outputs == {"Results": []}
     assert code42_departing_employee_mock.detectionlists.departing_employee.get_all.call_count == 1
 
 
@@ -1506,8 +1506,8 @@ def test_highriskemployee_get_all_command_when_no_employees(code42_high_risk_emp
     )
     assert cmd_res.outputs_prefix == "Code42.HighRiskEmployee"
     assert cmd_res.outputs_key_field == "UserID"
-    assert cmd_res.outputs == []
-    assert cmd_res.raw_response == []
+    assert cmd_res.outputs == {'Results': []}
+    assert cmd_res.raw_response == {}
     assert code42_high_risk_employee_mock.detectionlists.high_risk_employee.get_all.call_count == 1
 
 
diff --git a/Packs/Code42/Integrations/Code42/integration-Code42.yml b/Packs/Code42/Integrations/Code42/integration-Code42.yml
index 66c45b71b765..09846572ce2c 100644
--- a/Packs/Code42/Integrations/Code42/integration-Code42.yml
+++ b/Packs/Code42/Integrations/Code42/integration-Code42.yml
@@ -1117,8 +1117,9 @@ script:
     def map_to_code42_event_context(obj):
         code42_context = _map_obj_to_context(obj, CODE42_EVENT_CONTEXT_FIELD_MAPPER)
         # FileSharedWith is a special case and needs to be converted to a list
-        if code42_context.get("FileSharedWith"):
-            shared_list = [u["cloudUsername"] for u in code42_context["FileSharedWith"]]
+        shared_with_list = code42_context.get("FileSharedWith")
+        if shared_with_list:
+            shared_list = [u.get("cloudUsername") for u in shared_with_list if u.get("cloudUsername")]
             code42_context["FileSharedWith"] = str(shared_list)
         return code42_context
 
@@ -1153,7 +1154,7 @@ script:
 
     def alert_get_command(client, args):
         code42_securityalert_context = []
-        alert = client.get_alert_details(args["id"])
+        alert = client.get_alert_details(args.get("id"))
         if not alert:
             return CommandResults(
                 readable_output="No results found",
@@ -1183,7 +1184,7 @@ script:
 
     def alert_resolve_command(client, args):
         code42_securityalert_context = []
-        alert_id = client.resolve_alert(args["id"])
+        alert_id = client.resolve_alert(args.get("id"))
         if not alert_id:
             return CommandResults(
                 readable_output="No results found",
@@ -1215,7 +1216,7 @@ script:
 
     def departingemployee_add_command(client, args):
         departing_date = args.get("departuredate")
-        username = args["username"]
+        username = args.get("username")
         note = args.get("note")
         user_id = client.add_user_to_departing_employee(username, departing_date, note)
         # CaseID included but is deprecated.
@@ -1239,7 +1240,7 @@ script:
     @logger
 
     def departingemployee_remove_command(client, args):
-        username = args["username"]
+        username = args.get("username")
         user_id = client.remove_user_from_departing_employee(username)
         # CaseID included but is deprecated.
         de_context = {"CaseID": user_id, "UserID": user_id, "Username": username}
@@ -1289,7 +1290,7 @@ script:
     @logger
 
     def highriskemployee_add_command(client, args):
-        username = args["username"]
+        username = args.get("username")
         note = args.get("note")
         user_id = client.add_user_to_high_risk_employee(username, note)
         hr_context = {"UserID": user_id, "Username": username}
@@ -1306,7 +1307,7 @@ script:
     @logger
 
     def highriskemployee_remove_command(client, args):
-        username = args["username"]
+        username = args.get("username")
         user_id = client.remove_user_from_high_risk_employee(username)
         hr_context = {"UserID": user_id, "Username": username}
         readable_outputs = tableToMarkdown("Code42 High Risk Employee List User Removed", hr_context)

From 646fd9efc8fa05c2b16144deb8f60325c275beb9 Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Tue, 30 Jun 2020 15:19:37 +0000
Subject: [PATCH 10/24] Use get as much as possible, per feedback

---
 Packs/Code42/Integrations/Code42/Code42.py    | 61 ++++++++++++-------
 .../Code42/integration-Code42.yml             | 61 ++++++++++++-------
 2 files changed, 76 insertions(+), 46 deletions(-)

diff --git a/Packs/Code42/Integrations/Code42/Code42.py b/Packs/Code42/Integrations/Code42/Code42.py
index 45eb153e2644..a841966c2d5d 100644
--- a/Packs/Code42/Integrations/Code42/Code42.py
+++ b/Packs/Code42/Integrations/Code42/Code42.py
@@ -136,7 +136,9 @@ def _create_alert_query(event_severity_filter, start_time):
 
 def _get_all_high_risk_employees_from_page(page, risk_tags):
     res = []
-    for employee in page["items"]:
+    # Note: page is a `Py42Response` and has no `get()` method.
+    employees = page["items"]
+    for employee in employees:
         if not risk_tags:
             res.append(employee)
             continue
@@ -178,7 +180,7 @@ def _get_sdk(self):
         return self._sdk
 
     def add_user_to_departing_employee(self, username, departure_date=None, note=None):
-        user_id = self.get_user(username)["userUid"]
+        user_id = self.get_user(username).get("userUid")
         self._get_sdk().detectionlists.departing_employee.add(
             user_id, departure_date=departure_date
         )
@@ -187,7 +189,7 @@ def add_user_to_departing_employee(self, username, departure_date=None, note=Non
         return user_id
 
     def remove_user_from_departing_employee(self, username):
-        user_id = self.get_user(username)["userUid"]
+        user_id = self.get_user(username).get("userUid")
         self._get_sdk().detectionlists.departing_employee.remove(user_id)
         return user_id
 
@@ -196,34 +198,36 @@ def get_all_departing_employees(self, results):
         results = int(results) if results else None
         pages = self._get_sdk().detectionlists.departing_employee.get_all()
         for page in pages:
+            # Note: page is a `Py42Response` and has no `get()` method.
             employees = page["items"]
-            for employee in employees:
-                res.append(employee)
-                if results and len(res) == results:
-                    return res
+            if employees:
+                for employee in employees:
+                    res.append(employee)
+                    if results and len(res) == results:
+                        return res
         return res
 
     def add_user_to_high_risk_employee(self, username, note=None):
-        user_id = self.get_user(username)["userUid"]
+        user_id = self.get_user(username).get("userUid")
         self._get_sdk().detectionlists.high_risk_employee.add(user_id)
         if note:
             self._get_sdk().detectionlists.update_user_notes(user_id, note)
         return user_id
 
     def remove_user_from_high_risk_employee(self, username):
-        user_id = self.get_user(username)["userUid"]
+        user_id = self.get_user(username).get("userUid")
         self._get_sdk().detectionlists.high_risk_employee.remove(user_id)
         return user_id
 
     def add_user_risk_tags(self, username, risk_tags):
         risk_tags = _try_convert_str_list_to_list(risk_tags)
-        user_id = self.get_user(username)["userUid"]
+        user_id = self.get_user(username).get("userUid")
         self._get_sdk().detectionlists.add_user_risk_tags(user_id, risk_tags)
         return user_id
 
     def remove_user_risk_tags(self, username, risk_tags):
         risk_tags = _try_convert_str_list_to_list(risk_tags)
-        user_id = self.get_user(username)["userUid"]
+        user_id = self.get_user(username).get("userUid")
         self._get_sdk().detectionlists.remove_user_risk_tags(user_id, risk_tags)
         return user_id
 
@@ -393,7 +397,7 @@ def _create_exposure_filter(exposure_arg):
 
 
 def _create_category_filter(file_type):
-    category_value = CODE42_FILE_TYPE_MAPPER.get(file_type["category"], "UNCATEGORIZED")
+    category_value = CODE42_FILE_TYPE_MAPPER.get(file_type.get("category"), "UNCATEGORIZED")
     return FileCategory.eq(category_value)
 
 
@@ -421,11 +425,11 @@ def __init__(self, observation, actor):
 
     @property
     def _observation_data(self):
-        return self._obs["data"]
+        return self._obs.get("data")
 
     @property
     def _exfiltration_type(self):
-        return self._obs["type"]
+        return self._obs.get("type")
 
     @property
     def _is_endpoint_exfiltration(self):
@@ -450,13 +454,23 @@ def map(self):
 
     def _create_search_args(self):
         filters = FileEventQueryFilters()
-        exposure_types = self._observation_data["exposureTypes"]
-        begin_time = _convert_date_arg_to_epoch(self._observation_data["firstActivityAt"])
-        end_time = _convert_date_arg_to_epoch(self._observation_data["lastActivityAt"])
+        begin_time = None
+        end_time = None
+        exposure_types = self._observation_data.get("exposureTypes")
+        first_activity = self._observation_data.get("firstActivityAt")
+        last_activity = self._observation_data.get("lastActivityAt")
+        if first_activity:
+            begin_time = _convert_date_arg_to_epoch(self._observation_data.get("firstActivityAt"))
+
+        if last_activity:
+            end_time = _convert_date_arg_to_epoch(self._observation_data["lastActivityAt"])
 
         filters.append(self._create_user_filter())
-        filters.append(EventTimestamp.on_or_after(begin_time))
-        filters.append(EventTimestamp.on_or_before(end_time))
+
+        if begin_time:
+            filters.append(EventTimestamp.on_or_after(begin_time))
+        if end_time:
+            filters.append(EventTimestamp.on_or_before(end_time))
         filters.extend(self._create_exposure_filters(exposure_types))
         filters.append(self._create_file_category_filters())
 
@@ -488,10 +502,11 @@ def _create_exposure_filters(self, exposure_types):
 
     def _create_file_category_filters(self):
         """Determine if file categorization is significant"""
-        observed_file_categories = self._observation_data["fileCategories"]
-        categories = [c["category"].upper() for c in observed_file_categories if c["isSignificant"]]
-        if categories:
-            return FileCategory.is_in(categories)
+        observed_file_categories = self._observation_data.get("fileCategories")
+        if observed_file_categories:
+            categories = [c.get("category").upper() for c in observed_file_categories if c.get("isSignificant") and c.get("category")]
+            if categories:
+                return FileCategory.is_in(categories)
 
 
 def map_observation_to_security_query(observation, actor):
diff --git a/Packs/Code42/Integrations/Code42/integration-Code42.yml b/Packs/Code42/Integrations/Code42/integration-Code42.yml
index 09846572ce2c..dad89d6b0ff3 100644
--- a/Packs/Code42/Integrations/Code42/integration-Code42.yml
+++ b/Packs/Code42/Integrations/Code42/integration-Code42.yml
@@ -741,7 +741,9 @@ script:
 
     def _get_all_high_risk_employees_from_page(page, risk_tags):
         res = []
-        for employee in page["items"]:
+        # Note: page is a `Py42Response` and has no `get()` method.
+        employees = page["items"]
+        for employee in employees:
             if not risk_tags:
                 res.append(employee)
                 continue
@@ -783,7 +785,7 @@ script:
             return self._sdk
 
         def add_user_to_departing_employee(self, username, departure_date=None, note=None):
-            user_id = self.get_user(username)["userUid"]
+            user_id = self.get_user(username).get("userUid")
             self._get_sdk().detectionlists.departing_employee.add(
                 user_id, departure_date=departure_date
             )
@@ -792,7 +794,7 @@ script:
             return user_id
 
         def remove_user_from_departing_employee(self, username):
-            user_id = self.get_user(username)["userUid"]
+            user_id = self.get_user(username).get("userUid")
             self._get_sdk().detectionlists.departing_employee.remove(user_id)
             return user_id
 
@@ -801,34 +803,36 @@ script:
             results = int(results) if results else None
             pages = self._get_sdk().detectionlists.departing_employee.get_all()
             for page in pages:
+                # Note: page is a `Py42Response` and has no `get()` method.
                 employees = page["items"]
-                for employee in employees:
-                    res.append(employee)
-                    if results and len(res) == results:
-                        return res
+                if employees:
+                    for employee in employees:
+                        res.append(employee)
+                        if results and len(res) == results:
+                            return res
             return res
 
         def add_user_to_high_risk_employee(self, username, note=None):
-            user_id = self.get_user(username)["userUid"]
+            user_id = self.get_user(username).get("userUid")
             self._get_sdk().detectionlists.high_risk_employee.add(user_id)
             if note:
                 self._get_sdk().detectionlists.update_user_notes(user_id, note)
             return user_id
 
         def remove_user_from_high_risk_employee(self, username):
-            user_id = self.get_user(username)["userUid"]
+            user_id = self.get_user(username).get("userUid")
             self._get_sdk().detectionlists.high_risk_employee.remove(user_id)
             return user_id
 
         def add_user_risk_tags(self, username, risk_tags):
             risk_tags = _try_convert_str_list_to_list(risk_tags)
-            user_id = self.get_user(username)["userUid"]
+            user_id = self.get_user(username).get("userUid")
             self._get_sdk().detectionlists.add_user_risk_tags(user_id, risk_tags)
             return user_id
 
         def remove_user_risk_tags(self, username, risk_tags):
             risk_tags = _try_convert_str_list_to_list(risk_tags)
-            user_id = self.get_user(username)["userUid"]
+            user_id = self.get_user(username).get("userUid")
             self._get_sdk().detectionlists.remove_user_risk_tags(user_id, risk_tags)
             return user_id
 
@@ -999,7 +1003,7 @@ script:
 
 
     def _create_category_filter(file_type):
-        category_value = CODE42_FILE_TYPE_MAPPER.get(file_type["category"], "UNCATEGORIZED")
+        category_value = CODE42_FILE_TYPE_MAPPER.get(file_type.get("category"), "UNCATEGORIZED")
         return FileCategory.eq(category_value)
 
 
@@ -1027,11 +1031,11 @@ script:
 
         @property
         def _observation_data(self):
-            return self._obs["data"]
+            return self._obs.get("data")
 
         @property
         def _exfiltration_type(self):
-            return self._obs["type"]
+            return self._obs.get("type")
 
         @property
         def _is_endpoint_exfiltration(self):
@@ -1056,13 +1060,23 @@ script:
 
         def _create_search_args(self):
             filters = FileEventQueryFilters()
-            exposure_types = self._observation_data["exposureTypes"]
-            begin_time = _convert_date_arg_to_epoch(self._observation_data["firstActivityAt"])
-            end_time = _convert_date_arg_to_epoch(self._observation_data["lastActivityAt"])
+            begin_time = None
+            end_time = None
+            exposure_types = self._observation_data.get("exposureTypes")
+            first_activity = self._observation_data.get("firstActivityAt")
+            last_activity = self._observation_data.get("lastActivityAt")
+            if first_activity:
+                begin_time = _convert_date_arg_to_epoch(self._observation_data.get("firstActivityAt"))
+
+            if last_activity:
+                end_time = _convert_date_arg_to_epoch(self._observation_data["lastActivityAt"])
 
             filters.append(self._create_user_filter())
-            filters.append(EventTimestamp.on_or_after(begin_time))
-            filters.append(EventTimestamp.on_or_before(end_time))
+
+            if begin_time:
+                filters.append(EventTimestamp.on_or_after(begin_time))
+            if end_time:
+                filters.append(EventTimestamp.on_or_before(end_time))
             filters.extend(self._create_exposure_filters(exposure_types))
             filters.append(self._create_file_category_filters())
 
@@ -1094,10 +1108,11 @@ script:
 
         def _create_file_category_filters(self):
             """Determine if file categorization is significant"""
-            observed_file_categories = self._observation_data["fileCategories"]
-            categories = [c["category"].upper() for c in observed_file_categories if c["isSignificant"]]
-            if categories:
-                return FileCategory.is_in(categories)
+            observed_file_categories = self._observation_data.get("fileCategories")
+            if observed_file_categories:
+                categories = [c.get("category").upper() for c in observed_file_categories if c.get("isSignificant") and c.get("category")]
+                if categories:
+                    return FileCategory.is_in(categories)
 
 
     def map_observation_to_security_query(observation, actor):

From 983a34220a2f81e907dc67fbd7642bbc98847cce Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Tue, 30 Jun 2020 16:09:55 +0000
Subject: [PATCH 11/24] Add simple playbooks

---
 Packs/Code42/Integrations/Code42/Code42.yml   |   8 +-
 .../Code42/integration-Code42.yml             |   2 +-
 .../playbook-Code42_Change_Blocked_Status.yml | 239 +++++++++++++++++
 ...-Code42_Change_Blocked_Status_CHANGELOG.md |   2 +
 ...ook-Code42_Change_Blocked_Status_README.md |  33 +++
 ...playbook-Code42_Change_User_Activation.yml | 242 ++++++++++++++++++
 ...Code42_Change_User_Activation_CHANGELOG.md |   2 +
 ...ok-Code42_Change_User_Activation_README.md |  33 +++
 .../playbook-Code42_Create_User_Playbook.yml  | 153 +++++++++++
 9 files changed, 710 insertions(+), 4 deletions(-)
 create mode 100644 Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status.yml
 create mode 100644 Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status_CHANGELOG.md
 create mode 100644 Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status_README.md
 create mode 100644 Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation.yml
 create mode 100644 Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation_CHANGELOG.md
 create mode 100644 Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation_README.md
 create mode 100644 Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook.yml

diff --git a/Packs/Code42/Integrations/Code42/Code42.yml b/Packs/Code42/Integrations/Code42/Code42.yml
index 6166b77f8d7a..c852a4773c36 100644
--- a/Packs/Code42/Integrations/Code42/Code42.yml
+++ b/Packs/Code42/Integrations/Code42/Code42.yml
@@ -311,7 +311,8 @@ script:
     name: code42-departingemployee-add
     outputs:
     - contextPath: Code42.DepartingEmployee.CaseID
-      description: Internal Code42 Case ID for the Departing Employee. Deprecated. Use Code42.DepartingEmployee.UserID.
+      description: Internal Code42 Case ID for the Departing Employee. Deprecated.
+        Use Code42.DepartingEmployee.UserID.
       type: string
     - contextPath: Code42.DepartingEmployee.UserID
       description: Internal Code42 User ID for the Departing Employee.
@@ -338,7 +339,8 @@ script:
     name: code42-departingemployee-remove
     outputs:
     - contextPath: Code42.DepartingEmployee.CaseID
-      description: Internal Code42 Case ID for the Departing Employee. Deprecated. Use Code42.DepartingEmployee.UserID.
+      description: Internal Code42 Case ID for the Departing Employee. Deprecated.
+        Use Code42.DepartingEmployee.UserID.
       type: string
     - contextPath: Code42.DepartingEmployee.UserID
       description: Internal Code42 User ID for the Departing Employee.
@@ -582,7 +584,7 @@ script:
       isArray: false
       name: username
       required: false
-      secret: true
+      secret: false
     deprecated: false
     description: Reactivates the user with the given username.
     execution: false
diff --git a/Packs/Code42/Integrations/Code42/integration-Code42.yml b/Packs/Code42/Integrations/Code42/integration-Code42.yml
index dad89d6b0ff3..b98cb4bd565a 100644
--- a/Packs/Code42/Integrations/Code42/integration-Code42.yml
+++ b/Packs/Code42/Integrations/Code42/integration-Code42.yml
@@ -568,7 +568,7 @@ script:
       isArray: false
       name: username
       required: false
-      secret: true
+      secret: false
     deprecated: false
     description: Reactivates the user with the given username.
     execution: false
diff --git a/Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status.yml b/Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status.yml
new file mode 100644
index 000000000000..190709a79157
--- /dev/null
+++ b/Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status.yml
@@ -0,0 +1,239 @@
+id: 13e6c86c-ae18-4074-8a8c-acfec29b1fbc
+description: A simple playbook for blocking or unblocking a user in Code42.
+inputs:
+- description: Either the string "block" or "unblock".
+  key: Action
+  playbookInputQuery:
+  required: false
+  value: {}
+- description: The username of the user to block or unblock in Code42.
+  key: username
+  playbookInputQuery:
+  required: false
+  value: {}
+name: Code42 Change Blocked Status
+outputs: []
+starttaskid: "0"
+tasks:
+  "0":
+    id: "0"
+    ignoreworker: false
+    nexttasks:
+      '#none#':
+      - "1"
+    note: false
+    quietmode: 0
+    separatecontext: false
+    skipunavailable: false
+    task:
+      brand: ""
+      id: 9a342074-7df0-4dd1-8a82-d7804e6082b3
+      iscommand: false
+      name: ""
+      version: -1
+    taskid: 9a342074-7df0-4dd1-8a82-d7804e6082b3
+    timertriggers: []
+    type: start
+    view: |-
+      {
+        "position": {
+          "x": 602.5,
+          "y": 50
+        }
+      }
+  "1":
+    id: "1"
+    ignoreworker: false
+    nexttasks:
+      '#default#':
+      - "5"
+      "yes":
+      - "2"
+    note: false
+    quietmode: 0
+    scriptarguments:
+      brandname:
+        simple: Code42
+    separatecontext: false
+    skipunavailable: false
+    task:
+      brand: ""
+      description: Returns 'yes' if integration brand is available. Otherwise returns
+        'no'
+      id: a63a96d0-a534-48ce-8e6f-83861753e106
+      iscommand: false
+      name: Is Code42 Available?
+      script: IsIntegrationAvailable
+      type: condition
+      version: -1
+    taskid: a63a96d0-a534-48ce-8e6f-83861753e106
+    timertriggers: []
+    type: condition
+    view: |-
+      {
+        "position": {
+          "x": 602.5,
+          "y": 195
+        }
+      }
+  "2":
+    conditions:
+    - condition:
+      - - left:
+            iscontext: true
+            value:
+              complex:
+                root: inputs.action
+                transformers:
+                - operator: toUpperCase
+          operator: isEqualString
+          right:
+            value:
+              simple: BLOCK
+      label: block
+    - condition:
+      - - left:
+            iscontext: true
+            value:
+              complex:
+                root: inputs.action
+                transformers:
+                - operator: toUpperCase
+          operator: isEqualString
+          right:
+            value:
+              simple: UNBLOCK
+      label: unblock
+    id: "2"
+    ignoreworker: false
+    nexttasks:
+      '#default#':
+      - "5"
+      block:
+      - "3"
+      unblock:
+      - "4"
+    note: false
+    quietmode: 0
+    separatecontext: false
+    skipunavailable: false
+    task:
+      brand: ""
+      id: 435ab4db-7c90-42fe-8c5c-4d195b5d52a4
+      iscommand: false
+      name: Is Block or Unblock?
+      type: condition
+      version: -1
+    taskid: 435ab4db-7c90-42fe-8c5c-4d195b5d52a4
+    timertriggers: []
+    type: condition
+    view: |-
+      {
+        "position": {
+          "x": 480,
+          "y": 370
+        }
+      }
+  "3":
+    id: "3"
+    ignoreworker: false
+    nexttasks:
+      '#none#':
+      - "5"
+    note: false
+    quietmode: 0
+    scriptarguments:
+      username:
+        simple: ${inputs.username}
+    separatecontext: false
+    skipunavailable: false
+    task:
+      brand: Code42
+      description: Blocks a user in Code42.  A blocked user is not allowed to log
+        in or restore files. Backups will continue if the user is still active.
+      id: fcfd80be-6e52-409f-8d89-8d38a18b56c9
+      iscommand: true
+      name: Block User
+      script: Code42|||code42-user-block
+      type: regular
+      version: -1
+    taskid: fcfd80be-6e52-409f-8d89-8d38a18b56c9
+    timertriggers: []
+    type: regular
+    view: |-
+      {
+        "position": {
+          "x": 50,
+          "y": 545
+        }
+      }
+  "4":
+    id: "4"
+    ignoreworker: false
+    nexttasks:
+      '#none#':
+      - "5"
+    note: false
+    quietmode: 0
+    scriptarguments:
+      username:
+        simple: ${inputs.username}
+    separatecontext: false
+    skipunavailable: false
+    task:
+      brand: Code42
+      description: Removes a block, if one exists, on the user with the given user
+        ID. Unblocked users are allowed to log in and restore.
+      id: a92925e8-749c-4d05-8ef1-f68f72ed4d98
+      iscommand: true
+      name: Unblock User
+      script: Code42|||code42-user-unblock
+      type: regular
+      version: -1
+    taskid: a92925e8-749c-4d05-8ef1-f68f72ed4d98
+    timertriggers: []
+    type: regular
+    view: |-
+      {
+        "position": {
+          "x": 480,
+          "y": 545
+        }
+      }
+  "5":
+    id: "5"
+    ignoreworker: false
+    note: false
+    quietmode: 0
+    separatecontext: false
+    skipunavailable: false
+    task:
+      brand: ""
+      id: d9a6c88f-b5e1-4c92-850a-99b4f59908aa
+      iscommand: false
+      name: Done
+      type: title
+      version: -1
+    taskid: d9a6c88f-b5e1-4c92-850a-99b4f59908aa
+    timertriggers: []
+    type: title
+    view: |-
+      {
+        "position": {
+          "x": 490,
+          "y": 720
+        }
+      }
+version: -1
+view: |-
+  {
+    "linkLabelsPosition": {},
+    "paper": {
+      "dimensions": {
+        "height": 735,
+        "width": 932.5,
+        "x": 50,
+        "y": 50
+      }
+    }
+  }
diff --git a/Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status_CHANGELOG.md b/Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status_CHANGELOG.md
new file mode 100644
index 000000000000..cfe7a08d89dc
--- /dev/null
+++ b/Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status_CHANGELOG.md
@@ -0,0 +1,2 @@
+## [Unreleased]
+A simple playbook for blocking or unblocking a user in Code42.
diff --git a/Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status_README.md b/Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status_README.md
new file mode 100644
index 000000000000..97617effeaed
--- /dev/null
+++ b/Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status_README.md
@@ -0,0 +1,33 @@
+A simple playbook for blocking or unblocking a user in Code42.
+
+## Dependencies
+This playbook uses the following sub-playbooks, integrations, and scripts.
+
+### Sub-playbooks
+This playbook does not use any sub-playbooks.
+
+### Integrations
+* Code42
+
+### Scripts
+This playbook does not use any scripts.
+
+### Commands
+* code42-user-unblock
+* code42-user-block
+
+## Playbook Inputs
+---
+
+| **Name** | **Description** | **Default Value** | **Required** |
+| --- | --- | --- | --- |
+| Action | Either the string "block" or "unblock". |  | Optional |
+| username | The username of the user to block or unblock in Code42. |  | Optional |
+
+## Playbook Outputs
+---
+There are no outputs for this playbook.
+
+## Playbook Image
+---
+![Code42 Change Blocked Status](Insert the link to your image here)
\ No newline at end of file
diff --git a/Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation.yml b/Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation.yml
new file mode 100644
index 000000000000..4ad10520e130
--- /dev/null
+++ b/Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation.yml
@@ -0,0 +1,242 @@
+id: a2335ce7-17b0-42d4-8f69-48bcfeb28a4d
+description: A simple playbook for deactivating or reactivating a user in Code42.
+inputs:
+- description: Either "deactivate" or "reactivate"; the action you want to be done
+    to the user.
+  key: Action
+  playbookInputQuery: null
+  required: true
+  value: {}
+- description: The username of the user to deactivate or reactivate.
+  key: Username
+  playbookInputQuery: null
+  required: true
+  value: {}
+name: Code42 Change User Activation
+outputs: []
+starttaskid: "0"
+tasks:
+  "0":
+    id: "0"
+    ignoreworker: false
+    nexttasks:
+      '#none#':
+      - "1"
+    note: false
+    quietmode: 0
+    separatecontext: false
+    skipunavailable: false
+    task:
+      brand: ""
+      id: 94f6760d-eacc-498d-8b1c-0d9aff499a08
+      iscommand: false
+      name: ""
+      version: -1
+    taskid: 94f6760d-eacc-498d-8b1c-0d9aff499a08
+    timertriggers: []
+    type: start
+    view: |-
+      {
+        "position": {
+          "x": 152.5,
+          "y": 50
+        }
+      }
+  "1":
+    id: "1"
+    ignoreworker: false
+    nexttasks:
+      "no":
+      - "3"
+      "yes":
+      - "2"
+    note: false
+    quietmode: 0
+    scriptarguments:
+      brandname:
+        simple: Code42
+    separatecontext: false
+    skipunavailable: false
+    task:
+      brand: ""
+      description: Returns 'yes' if integration brand is available. Otherwise returns
+        'no'
+      id: 38d4eed0-6ed4-4720-8c7f-7ea2f73f26d3
+      iscommand: false
+      name: Is Code42 Available?
+      script: IsIntegrationAvailable
+      type: condition
+      version: -1
+    taskid: 38d4eed0-6ed4-4720-8c7f-7ea2f73f26d3
+    timertriggers: []
+    type: condition
+    view: |-
+      {
+        "position": {
+          "x": 152.5,
+          "y": 195
+        }
+      }
+  "2":
+    conditions:
+    - condition:
+      - - left:
+            iscontext: true
+            value:
+              complex:
+                root: inputs.Action
+                transformers:
+                - operator: toUpperCase
+          operator: isEqualString
+          right:
+            value:
+              simple: DEACTIVATE
+      label: DEACTIVATE
+    - condition:
+      - - left:
+            iscontext: true
+            value:
+              complex:
+                root: inputs.Action
+                transformers:
+                - operator: toUpperCase
+          operator: isEqualString
+          right:
+            value:
+              simple: REACTIVATE
+      label: REACTIVATE
+    id: "2"
+    ignoreworker: false
+    nexttasks:
+      '#default#':
+      - "3"
+      DEACTIVATE:
+      - "5"
+      REACTIVATE:
+      - "4"
+    note: false
+    quietmode: 0
+    separatecontext: false
+    skipunavailable: false
+    task:
+      brand: ""
+      id: 013b9275-f36c-49f4-8ad5-d3989cd6b088
+      iscommand: false
+      name: Is Deactivate or Reactivate?
+      type: condition
+      version: -1
+    taskid: 013b9275-f36c-49f4-8ad5-d3989cd6b088
+    timertriggers: []
+    type: condition
+    view: |-
+      {
+        "position": {
+          "x": 480,
+          "y": 370
+        }
+      }
+  "3":
+    id: "3"
+    ignoreworker: false
+    note: false
+    quietmode: 0
+    separatecontext: false
+    skipunavailable: false
+    task:
+      brand: ""
+      id: 7d22084e-bc48-4c9c-8af9-1e83d8901002
+      iscommand: false
+      name: Done
+      type: title
+      version: -1
+    taskid: 7d22084e-bc48-4c9c-8af9-1e83d8901002
+    timertriggers: []
+    type: title
+    view: |-
+      {
+        "position": {
+          "x": 265,
+          "y": 720
+        }
+      }
+  "4":
+    id: "4"
+    ignoreworker: false
+    nexttasks:
+      '#none#':
+      - "3"
+    note: false
+    quietmode: 0
+    scriptarguments:
+      username:
+        simple: ${inputs.Username}
+    separatecontext: false
+    skipunavailable: false
+    task:
+      brand: Code42
+      description: Reactivates the user with the given username.
+      id: acd35060-92e6-4b7e-86b1-a2445679689a
+      iscommand: true
+      name: Code42 Reactivate User
+      script: Code42|||code42-user-reactivate
+      type: regular
+      version: -1
+    taskid: acd35060-92e6-4b7e-86b1-a2445679689a
+    timertriggers: []
+    type: regular
+    view: |-
+      {
+        "position": {
+          "x": 50,
+          "y": 545
+        }
+      }
+  "5":
+    id: "5"
+    ignoreworker: false
+    nexttasks:
+      '#none#':
+      - "3"
+    note: false
+    quietmode: 0
+    scriptarguments:
+      username:
+        simple: ${inputs.Username}
+    separatecontext: false
+    skipunavailable: false
+    task:
+      brand: Code42
+      description: Deactivate a user in Code42; signing them out of their devices.
+        Backups discontinue for a deactivated user, and their archives go to cold
+        storage.
+      id: 410c35b8-5506-4b98-89e8-1f7602cc66bd
+      iscommand: true
+      name: Code42 Deactivate User
+      script: Code42|||code42-user-deactivate
+      type: regular
+      version: -1
+    taskid: 410c35b8-5506-4b98-89e8-1f7602cc66bd
+    timertriggers: []
+    type: regular
+    view: |-
+      {
+        "position": {
+          "x": 480,
+          "y": 545
+        }
+      }
+version: -1
+view: |-
+  {
+    "linkLabelsPosition": {
+      "1_2_yes": 0.83
+    },
+    "paper": {
+      "dimensions": {
+        "height": 735,
+        "width": 810,
+        "x": 50,
+        "y": 50
+      }
+    }
+  }
diff --git a/Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation_CHANGELOG.md b/Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation_CHANGELOG.md
new file mode 100644
index 000000000000..9625441480af
--- /dev/null
+++ b/Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation_CHANGELOG.md
@@ -0,0 +1,2 @@
+## [Unreleased]
+A simple playbook for deactivating or reactivating a user in Code42.
diff --git a/Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation_README.md b/Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation_README.md
new file mode 100644
index 000000000000..ccb4b7a59f26
--- /dev/null
+++ b/Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation_README.md
@@ -0,0 +1,33 @@
+A simple playbook for deactivating or reactivating a user in Code42.
+
+## Dependencies
+This playbook uses the following sub-playbooks, integrations, and scripts.
+
+### Sub-playbooks
+This playbook does not use any sub-playbooks.
+
+### Integrations
+* Code42
+
+### Scripts
+This playbook does not use any scripts.
+
+### Commands
+* code42-user-reactivate
+* code42-user-deactivate
+
+## Playbook Inputs
+---
+
+| **Name** | **Description** | **Default Value** | **Required** |
+| --- | --- | --- | --- |
+| Action | Either "deactivate" or "reactivate"; the action you want to be done to the user. |  | Required |
+| Username | The username of the user to deactivate or reactivate. |  | Required |
+
+## Playbook Outputs
+---
+There are no outputs for this playbook.
+
+## Playbook Image
+---
+![Code42 Change User Activation](Insert the link to your image here)
\ No newline at end of file
diff --git a/Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook.yml b/Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook.yml
new file mode 100644
index 000000000000..ff41b2382335
--- /dev/null
+++ b/Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook.yml
@@ -0,0 +1,153 @@
+id: f1a0cdb1-feb8-4752-8502-0e5e8587c81f
+inputs:
+- description: The username to give to the newly created user.
+  key: Username
+  playbookInputQuery:
+  required: true
+  value: {}
+- description: The email of the user to create.
+  key: Email
+  playbookInputQuery:
+  required: true
+  value: {}
+- description: The name of the Code42 organization to create the user in.
+  key: OrgName
+  playbookInputQuery:
+  required: true
+  value: {}
+name: Code42 Create User Playbook
+outputs: []
+starttaskid: "0"
+tasks:
+  "0":
+    id: "0"
+    ignoreworker: false
+    nexttasks:
+      '#none#':
+      - "1"
+    note: false
+    quietmode: 0
+    separatecontext: false
+    skipunavailable: false
+    task:
+      brand: ""
+      id: b1876bae-e1fa-400e-8bd3-97ed9762ce39
+      iscommand: false
+      name: ""
+      version: -1
+    taskid: b1876bae-e1fa-400e-8bd3-97ed9762ce39
+    timertriggers: []
+    type: start
+    view: |-
+      {
+        "position": {
+          "x": 450,
+          "y": 50
+        }
+      }
+  "1":
+    id: "1"
+    ignoreworker: false
+    nexttasks:
+      '#none#':
+      - "2"
+    note: false
+    quietmode: 0
+    scriptarguments:
+      brandname:
+        simple: Code42
+    separatecontext: false
+    skipunavailable: false
+    task:
+      brand: ""
+      description: Returns 'yes' if integration brand is available. Otherwise returns
+        'no'
+      id: 35bc6954-feef-4e12-86b7-f57173635f0b
+      iscommand: false
+      name: Is Code42 Available?
+      script: IsIntegrationAvailable
+      type: condition
+      version: -1
+    taskid: 35bc6954-feef-4e12-86b7-f57173635f0b
+    timertriggers: []
+    type: condition
+    view: |-
+      {
+        "position": {
+          "x": 450,
+          "y": 210
+        }
+      }
+  "2":
+    id: "2"
+    ignoreworker: false
+    nexttasks:
+      '#none#':
+      - "3"
+    note: false
+    quietmode: 0
+    scriptarguments:
+      email:
+        simple: ${inputs.Email}
+      orgname:
+        simple: ${inputs.OrgName}
+      username:
+        simple: ${inputs.Username}
+    separatecontext: false
+    skipunavailable: false
+    task:
+      brand: Code42
+      description: Creates a Code42 user.
+      id: 4734acef-5883-4e4b-85a1-0e36008c2ced
+      iscommand: true
+      name: Create User
+      script: Code42|||code42-user-create
+      type: regular
+      version: -1
+    taskid: 4734acef-5883-4e4b-85a1-0e36008c2ced
+    timertriggers: []
+    type: regular
+    view: |-
+      {
+        "position": {
+          "x": 450,
+          "y": 410
+        }
+      }
+  "3":
+    id: "3"
+    ignoreworker: false
+    note: false
+    quietmode: 0
+    separatecontext: false
+    skipunavailable: false
+    task:
+      brand: ""
+      id: 532d230b-7312-4430-8f2a-e1c8108c17fa
+      iscommand: false
+      name: Done
+      type: title
+      version: -1
+    taskid: 532d230b-7312-4430-8f2a-e1c8108c17fa
+    timertriggers: []
+    type: title
+    view: |-
+      {
+        "position": {
+          "x": 450,
+          "y": 580
+        }
+      }
+version: -1
+view: |-
+  {
+    "linkLabelsPosition": {},
+    "paper": {
+      "dimensions": {
+        "height": 595,
+        "width": 380,
+        "x": 450,
+        "y": 50
+      }
+    }
+  }

From 8e7c9a91f4e1bd51abef03ca6d4ab94f7b635fb3 Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Tue, 30 Jun 2020 16:12:29 +0000
Subject: [PATCH 12/24] Lint

---
 Packs/Code42/Integrations/Code42/Code42.py    | 50 +++++++++++--------
 .../Code42/Integrations/Code42/Code42_test.py |  2 +-
 .../Code42/integration-Code42.yml             | 50 +++++++++++--------
 3 files changed, 59 insertions(+), 43 deletions(-)

diff --git a/Packs/Code42/Integrations/Code42/Code42.py b/Packs/Code42/Integrations/Code42/Code42.py
index a841966c2d5d..62cf4f30e61c 100644
--- a/Packs/Code42/Integrations/Code42/Code42.py
+++ b/Packs/Code42/Integrations/Code42/Code42.py
@@ -504,7 +504,11 @@ def _create_file_category_filters(self):
         """Determine if file categorization is significant"""
         observed_file_categories = self._observation_data.get("fileCategories")
         if observed_file_categories:
-            categories = [c.get("category").upper() for c in observed_file_categories if c.get("isSignificant") and c.get("category")]
+            categories = [
+                c.get("category").upper()
+                for c in observed_file_categories
+                if c.get("isSignificant") and c.get("category")
+            ]
             if categories:
                 return FileCategory.is_in(categories)
 
@@ -664,7 +668,7 @@ def departingemployee_get_all_command(client, args):
             outputs_prefix="Code42.DepartingEmployee",
             outputs_key_field="UserID",
             outputs={"Results": []},
-            raw_response={}
+            raw_response={},
         )
 
     employees_context = [
@@ -728,7 +732,7 @@ def highriskemployee_get_all_command(client, args):
             outputs_prefix="Code42.HighRiskEmployee",
             outputs_key_field="UserID",
             outputs={"Results": []},
-            raw_response={}
+            raw_response={},
         )
     employees_context = [
         {"UserID": e.get("userId"), "Username": e.get("userName"), "Note": e.get("notes")}
@@ -828,7 +832,11 @@ def user_create_command(client, args):
     email = args.get("email")
     try:
         res = client.create_user(org_name, username, email)
-        outputs = {"Username": res.get("username"), "UserID": res.get("userUid"), "Email": res.get("email")}
+        outputs = {
+            "Username": res.get("username"),
+            "UserID": res.get("userUid"),
+            "Email": res.get("email"),
+        }
         readable_outputs = tableToMarkdown("Code42 User Created", outputs)
         return CommandResults(
             outputs_prefix="Code42.User",
@@ -1053,23 +1061,23 @@ def test_module(client):
 
 def get_command_map():
     return {
-            "code42-alert-get": alert_get_command,
-            "code42-alert-resolve": alert_resolve_command,
-            "code42-securitydata-search": securitydata_search_command,
-            "code42-departingemployee-add": departingemployee_add_command,
-            "code42-departingemployee-remove": departingemployee_remove_command,
-            "code42-departingemployee-get-all": departingemployee_get_all_command,
-            "code42-highriskemployee-add": highriskemployee_add_command,
-            "code42-highriskemployee-remove": highriskemployee_remove_command,
-            "code42-highriskemployee-get-all": highriskemployee_get_all_command,
-            "code42-highriskemployee-add-risk-tags": highriskemployee_add_risk_tags_command,
-            "code42-highriskemployee-remove-risk-tags": highriskemployee_remove_risk_tags_command,
-            "code42-user-create": user_create_command,
-            "code42-user-block": user_block_command,
-            "code42-user-unblock": user_unblock_command,
-            "code42-user-deactivate": user_deactivate_command,
-            "code42_user-reactivate": user_reactivate_command,
-        }
+        "code42-alert-get": alert_get_command,
+        "code42-alert-resolve": alert_resolve_command,
+        "code42-securitydata-search": securitydata_search_command,
+        "code42-departingemployee-add": departingemployee_add_command,
+        "code42-departingemployee-remove": departingemployee_remove_command,
+        "code42-departingemployee-get-all": departingemployee_get_all_command,
+        "code42-highriskemployee-add": highriskemployee_add_command,
+        "code42-highriskemployee-remove": highriskemployee_remove_command,
+        "code42-highriskemployee-get-all": highriskemployee_get_all_command,
+        "code42-highriskemployee-add-risk-tags": highriskemployee_add_risk_tags_command,
+        "code42-highriskemployee-remove-risk-tags": highriskemployee_remove_risk_tags_command,
+        "code42-user-create": user_create_command,
+        "code42-user-block": user_block_command,
+        "code42-user-unblock": user_unblock_command,
+        "code42-user-deactivate": user_deactivate_command,
+        "code42_user-reactivate": user_reactivate_command,
+    }
 
 
 def handle_test_command(client):
diff --git a/Packs/Code42/Integrations/Code42/Code42_test.py b/Packs/Code42/Integrations/Code42/Code42_test.py
index 7425e0357965..a3698087000d 100644
--- a/Packs/Code42/Integrations/Code42/Code42_test.py
+++ b/Packs/Code42/Integrations/Code42/Code42_test.py
@@ -1506,7 +1506,7 @@ def test_highriskemployee_get_all_command_when_no_employees(code42_high_risk_emp
     )
     assert cmd_res.outputs_prefix == "Code42.HighRiskEmployee"
     assert cmd_res.outputs_key_field == "UserID"
-    assert cmd_res.outputs == {'Results': []}
+    assert cmd_res.outputs == {"Results": []}
     assert cmd_res.raw_response == {}
     assert code42_high_risk_employee_mock.detectionlists.high_risk_employee.get_all.call_count == 1
 
diff --git a/Packs/Code42/Integrations/Code42/integration-Code42.yml b/Packs/Code42/Integrations/Code42/integration-Code42.yml
index b98cb4bd565a..d3ec73257e2f 100644
--- a/Packs/Code42/Integrations/Code42/integration-Code42.yml
+++ b/Packs/Code42/Integrations/Code42/integration-Code42.yml
@@ -1110,7 +1110,11 @@ script:
             """Determine if file categorization is significant"""
             observed_file_categories = self._observation_data.get("fileCategories")
             if observed_file_categories:
-                categories = [c.get("category").upper() for c in observed_file_categories if c.get("isSignificant") and c.get("category")]
+                categories = [
+                    c.get("category").upper()
+                    for c in observed_file_categories
+                    if c.get("isSignificant") and c.get("category")
+                ]
                 if categories:
                     return FileCategory.is_in(categories)
 
@@ -1280,7 +1284,7 @@ script:
                 outputs_prefix="Code42.DepartingEmployee",
                 outputs_key_field="UserID",
                 outputs={"Results": []},
-                raw_response={}
+                raw_response={},
             )
 
         employees_context = [
@@ -1347,7 +1351,7 @@ script:
                 outputs_prefix="Code42.HighRiskEmployee",
                 outputs_key_field="UserID",
                 outputs={"Results": []},
-                raw_response={}
+                raw_response={},
             )
         employees_context = [
             {"UserID": e.get("userId"), "Username": e.get("userName"), "Note": e.get("notes")}
@@ -1450,7 +1454,11 @@ script:
         email = args.get("email")
         try:
             res = client.create_user(org_name, username, email)
-            outputs = {"Username": res.get("username"), "UserID": res.get("userUid"), "Email": res.get("email")}
+            outputs = {
+                "Username": res.get("username"),
+                "UserID": res.get("userUid"),
+                "Email": res.get("email"),
+            }
             readable_outputs = tableToMarkdown("Code42 User Created", outputs)
             return CommandResults(
                 outputs_prefix="Code42.User",
@@ -1677,23 +1685,23 @@ script:
 
     def get_command_map():
         return {
-                "code42-alert-get": alert_get_command,
-                "code42-alert-resolve": alert_resolve_command,
-                "code42-securitydata-search": securitydata_search_command,
-                "code42-departingemployee-add": departingemployee_add_command,
-                "code42-departingemployee-remove": departingemployee_remove_command,
-                "code42-departingemployee-get-all": departingemployee_get_all_command,
-                "code42-highriskemployee-add": highriskemployee_add_command,
-                "code42-highriskemployee-remove": highriskemployee_remove_command,
-                "code42-highriskemployee-get-all": highriskemployee_get_all_command,
-                "code42-highriskemployee-add-risk-tags": highriskemployee_add_risk_tags_command,
-                "code42-highriskemployee-remove-risk-tags": highriskemployee_remove_risk_tags_command,
-                "code42-user-create": user_create_command,
-                "code42-user-block": user_block_command,
-                "code42-user-unblock": user_unblock_command,
-                "code42-user-deactivate": user_deactivate_command,
-                "code42_user-reactivate": user_reactivate_command,
-            }
+            "code42-alert-get": alert_get_command,
+            "code42-alert-resolve": alert_resolve_command,
+            "code42-securitydata-search": securitydata_search_command,
+            "code42-departingemployee-add": departingemployee_add_command,
+            "code42-departingemployee-remove": departingemployee_remove_command,
+            "code42-departingemployee-get-all": departingemployee_get_all_command,
+            "code42-highriskemployee-add": highriskemployee_add_command,
+            "code42-highriskemployee-remove": highriskemployee_remove_command,
+            "code42-highriskemployee-get-all": highriskemployee_get_all_command,
+            "code42-highriskemployee-add-risk-tags": highriskemployee_add_risk_tags_command,
+            "code42-highriskemployee-remove-risk-tags": highriskemployee_remove_risk_tags_command,
+            "code42-user-create": user_create_command,
+            "code42-user-block": user_block_command,
+            "code42-user-unblock": user_unblock_command,
+            "code42-user-deactivate": user_deactivate_command,
+            "code42_user-reactivate": user_reactivate_command,
+        }
 
 
     def handle_test_command(client):

From 37475bb2e602a5051baceeb906cd1186fc6c8ef7 Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Tue, 30 Jun 2020 16:40:19 +0000
Subject: [PATCH 13/24] Fix from validate command

---
 .../incidentfield-Code42_Alert_Type.json      |  2 +-
 ...eld-Code42_SecurityAlert_Description.json} |  7 ++--
 ...ncidentfield-Code42_SecurityAlert_ID.json} |  7 ++--
 ...identfield-Code42_SecurityAlert_Name.json} |  7 ++--
 ...dentfield-Code42_SecurityAlert_State.json} |  7 ++--
 ...field-Code42_SecurityAlert_Timestamp.json} |  7 ++--
 .../incidentfield-Code42_Severity.json        |  5 +--
 .../incidentfield-Code42_Username.json        |  5 +--
 Packs/Code42/Integrations/Code42/Code42.yml   |  5 ++-
 .../Code42/integration-Code42.yml             |  5 ++-
 ...yout-details-Code42_Security_Alert-V2.json |  4 +--
 .../playbook-Code42_Change_Blocked_Status.yml |  8 ++++-
 ...playbook-Code42_Change_User_Activation.yml |  8 ++++-
 .../playbook-Code42_Create_User_Playbook.yml  |  8 ++++-
 ...k-Code42_Create_User_Playbook_CHANGELOG.md |  2 ++
 ...book-Code42_Create_User_Playbook_README.md | 33 +++++++++++++++++++
 16 files changed, 93 insertions(+), 27 deletions(-)
 rename Packs/Code42/IncidentFields/{incidentfield-Code42_Alert_Description.json => incidentfield-Code42_SecurityAlert_Description.json} (88%)
 rename Packs/Code42/IncidentFields/{incidentfield-Code42_Alert_ID.json => incidentfield-Code42_SecurityAlert_ID.json} (89%)
 rename Packs/Code42/IncidentFields/{incidentfield-Code42_Alert_Name.json => incidentfield-Code42_SecurityAlert_Name.json} (89%)
 rename Packs/Code42/IncidentFields/{incidentfield-Code42_Alert_State.json => incidentfield-Code42_SecurityAlert_State.json} (88%)
 rename Packs/Code42/IncidentFields/{incidentfield-Code42_Alert_Timestamp.json => incidentfield-Code42_SecurityAlert_Timestamp.json} (88%)
 create mode 100644 Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook_CHANGELOG.md
 create mode 100644 Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook_README.md

diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Type.json b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Type.json
index 378fbc913cc9..2edb759f0a99 100644
--- a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Type.json
+++ b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Type.json
@@ -18,7 +18,7 @@
 	"id": "incident_code42alerttype",
 	"isReadOnly": false,
 	"locked": false,
-	"name": "Code42 Alert Type",
+	"name": "Code42 SecurityAlert Type",
 	"neverSetAsRequired": false,
 	"ownerOnly": false,
 	"placeholder": "",
diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Description.json b/Packs/Code42/IncidentFields/incidentfield-Code42_SecurityAlert_Description.json
similarity index 88%
rename from Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Description.json
rename to Packs/Code42/IncidentFields/incidentfield-Code42_SecurityAlert_Description.json
index b114c9bbdd23..c509509a29f0 100644
--- a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Description.json
+++ b/Packs/Code42/IncidentFields/incidentfield-Code42_SecurityAlert_Description.json
@@ -8,7 +8,7 @@
   "cliName": "code42alertdescription",
   "closeForm": false,
   "columns": null,
-  "content": false,
+  "content": true,
   "defaultRows": null,
   "description": "",
   "editForm": true,
@@ -19,7 +19,7 @@
   "isReadOnly": false,
   "locked": false,
   "mergeStrategy": "",
-  "name": "Code42 Alert Description",
+  "name": "Code42 SecurityAlert Description",
   "neverSetAsRequired": false,
   "ownerOnly": false,
   "placeholder": "",
@@ -37,5 +37,6 @@
   "useAsKpi": false,
   "validatedError": "",
   "validationRegex": "",
-  "version": -1
+  "version": -1,
+  "fromVersion": "5.0.0"
 }
\ No newline at end of file
diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_ID.json b/Packs/Code42/IncidentFields/incidentfield-Code42_SecurityAlert_ID.json
similarity index 89%
rename from Packs/Code42/IncidentFields/incidentfield-Code42_Alert_ID.json
rename to Packs/Code42/IncidentFields/incidentfield-Code42_SecurityAlert_ID.json
index 42678525e03e..d4f90b763f38 100644
--- a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_ID.json
+++ b/Packs/Code42/IncidentFields/incidentfield-Code42_SecurityAlert_ID.json
@@ -8,7 +8,7 @@
   "cliName": "code42alertid",
   "closeForm": false,
   "columns": null,
-  "content": false,
+  "content": true,
   "defaultRows": null,
   "description": "",
   "editForm": true,
@@ -19,7 +19,7 @@
   "isReadOnly": false,
   "locked": false,
   "mergeStrategy": "",
-  "name": "Code42 Alert ID",
+  "name": "Code42 SecurityAlert ID",
   "neverSetAsRequired": false,
   "ownerOnly": false,
   "placeholder": "",
@@ -37,5 +37,6 @@
   "useAsKpi": false,
   "validatedError": "",
   "validationRegex": "",
-  "version": -1
+  "version": -1,
+  "fromVersion": "5.0.0"
 }
\ No newline at end of file
diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Name.json b/Packs/Code42/IncidentFields/incidentfield-Code42_SecurityAlert_Name.json
similarity index 89%
rename from Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Name.json
rename to Packs/Code42/IncidentFields/incidentfield-Code42_SecurityAlert_Name.json
index 5ef96b82c37b..cfdce3b994c8 100644
--- a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Name.json
+++ b/Packs/Code42/IncidentFields/incidentfield-Code42_SecurityAlert_Name.json
@@ -8,7 +8,7 @@
   "cliName": "code42alertname",
   "closeForm": false,
   "columns": null,
-  "content": false,
+  "content": true,
   "defaultRows": null,
   "description": "",
   "editForm": true,
@@ -19,7 +19,7 @@
   "isReadOnly": false,
   "locked": false,
   "mergeStrategy": "",
-  "name": "Code42 Alert Name",
+  "name": "Code42 SecurityAlert Name",
   "neverSetAsRequired": false,
   "ownerOnly": false,
   "placeholder": "",
@@ -37,5 +37,6 @@
   "useAsKpi": false,
   "validatedError": "",
   "validationRegex": "",
-  "version": -1
+  "version": -1,
+  "fromVersion": "5.0.0"
 }
\ No newline at end of file
diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_State.json b/Packs/Code42/IncidentFields/incidentfield-Code42_SecurityAlert_State.json
similarity index 88%
rename from Packs/Code42/IncidentFields/incidentfield-Code42_Alert_State.json
rename to Packs/Code42/IncidentFields/incidentfield-Code42_SecurityAlert_State.json
index 45137a284f20..cd82f6f5e238 100644
--- a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_State.json
+++ b/Packs/Code42/IncidentFields/incidentfield-Code42_SecurityAlert_State.json
@@ -8,7 +8,7 @@
 	"cliName": "code42alertstate",
 	"closeForm": false,
 	"columns": null,
-	"content": false,
+	"content": true,
 	"defaultRows": null,
 	"description": "",
 	"editForm": true,
@@ -19,7 +19,7 @@
 	"isReadOnly": false,
 	"locked": false,
 	"mergeStrategy": "",
-	"name": "Code42 Alert State",
+	"name": "Code42 SecurityAlert State",
 	"neverSetAsRequired": false,
 	"ownerOnly": false,
 	"placeholder": "",
@@ -37,5 +37,6 @@
 	"useAsKpi": false,
 	"validatedError": "",
 	"validationRegex": "",
-	"version": -1
+	"version": -1,
+	"fromVersion": "5.0.0"
 }
\ No newline at end of file
diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Timestamp.json b/Packs/Code42/IncidentFields/incidentfield-Code42_SecurityAlert_Timestamp.json
similarity index 88%
rename from Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Timestamp.json
rename to Packs/Code42/IncidentFields/incidentfield-Code42_SecurityAlert_Timestamp.json
index 37b7f0083720..b0e5558f2162 100644
--- a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Timestamp.json
+++ b/Packs/Code42/IncidentFields/incidentfield-Code42_SecurityAlert_Timestamp.json
@@ -8,7 +8,7 @@
   "cliName": "code42alerttimestamp",
   "closeForm": false,
   "columns": null,
-  "content": false,
+  "content": true,
   "defaultRows": null,
   "description": "",
   "editForm": true,
@@ -19,7 +19,7 @@
   "isReadOnly": false,
   "locked": false,
   "mergeStrategy": "",
-  "name": "Code42 Alert Timestamp",
+  "name": "Code42 SecurityAlert Timestamp",
   "neverSetAsRequired": false,
   "ownerOnly": false,
   "placeholder": "",
@@ -37,5 +37,6 @@
   "useAsKpi": false,
   "validatedError": "",
   "validationRegex": "",
-  "version": -1
+  "version": -1,
+  "fromVersion": "5.0.0"
 }
\ No newline at end of file
diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Severity.json b/Packs/Code42/IncidentFields/incidentfield-Code42_Severity.json
index 45eb4f6ad9c5..a964da81c299 100644
--- a/Packs/Code42/IncidentFields/incidentfield-Code42_Severity.json
+++ b/Packs/Code42/IncidentFields/incidentfield-Code42_Severity.json
@@ -8,7 +8,7 @@
   "cliName": "code42severity",
   "closeForm": false,
   "columns": null,
-  "content": false,
+  "content": true,
   "defaultRows": null,
   "description": "",
   "editForm": true,
@@ -37,5 +37,6 @@
   "useAsKpi": false,
   "validatedError": "",
   "validationRegex": "",
-  "version": -1
+  "version": -1,
+  "fromVersion": "5.0.0"
 }
\ No newline at end of file
diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Username.json b/Packs/Code42/IncidentFields/incidentfield-Code42_Username.json
index 3d7d05ba707f..16292af7b787 100644
--- a/Packs/Code42/IncidentFields/incidentfield-Code42_Username.json
+++ b/Packs/Code42/IncidentFields/incidentfield-Code42_Username.json
@@ -6,7 +6,7 @@
  "cliName": "code42username",
  "closeForm": false,
  "columns": null,
- "content": false,
+ "content": true,
  "defaultRows": null,
  "description": "",
  "editForm": true,
@@ -35,5 +35,6 @@
  "useAsKpi": false,
  "validatedError": "",
  "validationRegex": "",
- "version": -1
+ "version": -1,
+ "fromVersion": "5.0.0"
 }
\ No newline at end of file
diff --git a/Packs/Code42/Integrations/Code42/Code42.yml b/Packs/Code42/Integrations/Code42/Code42.yml
index c852a4773c36..c8536bdbe8d1 100644
--- a/Packs/Code42/Integrations/Code42/Code42.yml
+++ b/Packs/Code42/Integrations/Code42/Code42.yml
@@ -459,6 +459,7 @@ script:
       required: true
       secret: false
     deprecated: false
+    description: Associates risk tags with the employee with the given username.
     execution: false
     name: code42-highriskemployee-add-risk-tags
     outputs:
@@ -485,6 +486,7 @@ script:
       required: true
       secret: false
     deprecated: false
+    description: Disassociates risk tags from the user with the given username.
     execution: false
     name: code42-highriskemployee-remove-risk-tags
     outputs:
@@ -512,6 +514,7 @@ script:
       secret: false
     - default: false
       defaultValue: The email to give to the user.
+      description: The email of the employee to create.
       isArray: false
       name: email
       required: true
@@ -593,7 +596,7 @@ script:
     - contextPath: Code42.User.UserID
       description: The ID of a Code42 User.
       type: String
-  dockerimage: demisto/py42:1.0.0.9242
+  dockerimage: demisto/py42:1.0.0.9323
   feed: false
   isfetch: true
   longRunning: false
diff --git a/Packs/Code42/Integrations/Code42/integration-Code42.yml b/Packs/Code42/Integrations/Code42/integration-Code42.yml
index d3ec73257e2f..6bf67288bd1e 100644
--- a/Packs/Code42/Integrations/Code42/integration-Code42.yml
+++ b/Packs/Code42/Integrations/Code42/integration-Code42.yml
@@ -446,6 +446,7 @@ script:
       required: true
       secret: false
     deprecated: false
+    description: Associates risk tags with the employee with the given username.
     execution: false
     name: code42-highriskemployee-add-risk-tags
     outputs:
@@ -472,6 +473,7 @@ script:
       required: true
       secret: false
     deprecated: false
+    description: Disassociates risk tags from the user with the given username.
     execution: false
     name: code42-highriskemployee-remove-risk-tags
     outputs:
@@ -499,6 +501,7 @@ script:
       secret: false
     - default: false
       defaultValue: The email to give to the user.
+      description: The email of the employee to create.
       isArray: false
       name: email
       required: true
@@ -577,7 +580,7 @@ script:
     - contextPath: Code42.User.UserID
       description: The ID of a Code42 User.
       type: String
-  dockerimage: demisto/py42:1.0.0.9242
+  dockerimage: demisto/py42:1.0.0.9323
   feed: false
   isfetch: true
   longRunning: false
diff --git a/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json b/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json
index d741790c8118..d33aea2ec4e3 100644
--- a/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json
+++ b/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json
@@ -468,6 +468,6 @@
               }
        ],
        "typeId": "Code42 Security Alert",
-       "version": -1,
-       "fromVersion": "5.0.0"
+       "fromVersion": "5.0.0",
+       "version": -1
 }
\ No newline at end of file
diff --git a/Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status.yml b/Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status.yml
index 190709a79157..9f150de37e6e 100644
--- a/Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status.yml
+++ b/Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status.yml
@@ -1,4 +1,4 @@
-id: 13e6c86c-ae18-4074-8a8c-acfec29b1fbc
+id: Code42 Change Blocked Status
 description: A simple playbook for blocking or unblocking a user in Code42.
 inputs:
 - description: Either the string "block" or "unblock".
@@ -31,6 +31,7 @@ tasks:
       iscommand: false
       name: ""
       version: -1
+      description: ""
     taskid: 9a342074-7df0-4dd1-8a82-d7804e6082b3
     timertriggers: []
     type: start
@@ -124,6 +125,7 @@ tasks:
       name: Is Block or Unblock?
       type: condition
       version: -1
+      description: ""
     taskid: 435ab4db-7c90-42fe-8c5c-4d195b5d52a4
     timertriggers: []
     type: condition
@@ -214,6 +216,7 @@ tasks:
       name: Done
       type: title
       version: -1
+      description: ""
     taskid: d9a6c88f-b5e1-4c92-850a-99b4f59908aa
     timertriggers: []
     type: title
@@ -225,6 +228,9 @@ tasks:
         }
       }
 version: -1
+fromversion: 5.0.0
+tests:
+- No Test
 view: |-
   {
     "linkLabelsPosition": {},
diff --git a/Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation.yml b/Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation.yml
index 4ad10520e130..25f43943ea4a 100644
--- a/Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation.yml
+++ b/Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation.yml
@@ -1,4 +1,4 @@
-id: a2335ce7-17b0-42d4-8f69-48bcfeb28a4d
+id: Code42 Change User Activation
 description: A simple playbook for deactivating or reactivating a user in Code42.
 inputs:
 - description: Either "deactivate" or "reactivate"; the action you want to be done
@@ -32,6 +32,7 @@ tasks:
       iscommand: false
       name: ""
       version: -1
+      description: ""
     taskid: 94f6760d-eacc-498d-8b1c-0d9aff499a08
     timertriggers: []
     type: start
@@ -125,6 +126,7 @@ tasks:
       name: Is Deactivate or Reactivate?
       type: condition
       version: -1
+      description: ""
     taskid: 013b9275-f36c-49f4-8ad5-d3989cd6b088
     timertriggers: []
     type: condition
@@ -149,6 +151,7 @@ tasks:
       name: Done
       type: title
       version: -1
+      description: ""
     taskid: 7d22084e-bc48-4c9c-8af9-1e83d8901002
     timertriggers: []
     type: title
@@ -226,6 +229,9 @@ tasks:
         }
       }
 version: -1
+fromversion: 5.0.0
+tests:
+- No Test
 view: |-
   {
     "linkLabelsPosition": {
diff --git a/Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook.yml b/Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook.yml
index ff41b2382335..84da67c4b6b4 100644
--- a/Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook.yml
+++ b/Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook.yml
@@ -1,4 +1,5 @@
-id: f1a0cdb1-feb8-4752-8502-0e5e8587c81f
+id: Code42 Create User Playbook
+description: A simple playbook for creating a user in Code42.
 inputs:
 - description: The username to give to the newly created user.
   key: Username
@@ -35,6 +36,7 @@ tasks:
       iscommand: false
       name: ""
       version: -1
+      description: ""
     taskid: b1876bae-e1fa-400e-8bd3-97ed9762ce39
     timertriggers: []
     type: start
@@ -128,6 +130,7 @@ tasks:
       name: Done
       type: title
       version: -1
+      description: ""
     taskid: 532d230b-7312-4430-8f2a-e1c8108c17fa
     timertriggers: []
     type: title
@@ -139,6 +142,9 @@ tasks:
         }
       }
 version: -1
+fromversion: 5.0.0
+tests:
+- No Test
 view: |-
   {
     "linkLabelsPosition": {},
diff --git a/Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook_CHANGELOG.md b/Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook_CHANGELOG.md
new file mode 100644
index 000000000000..9c2e275d34ca
--- /dev/null
+++ b/Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook_CHANGELOG.md
@@ -0,0 +1,2 @@
+## [Unreleased]
+A simple playbook for creating a user in Code42.
diff --git a/Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook_README.md b/Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook_README.md
new file mode 100644
index 000000000000..aa7c58362947
--- /dev/null
+++ b/Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook_README.md
@@ -0,0 +1,33 @@
+A simple playbook for creating a user in Code42.
+
+## Dependencies
+This playbook uses the following sub-playbooks, integrations, and scripts.
+
+### Sub-playbooks
+This playbook does not use any sub-playbooks.
+
+### Integrations
+* Code42
+
+### Scripts
+This playbook does not use any scripts.
+
+### Commands
+* code42-user-create
+
+## Playbook Inputs
+---
+
+| **Name** | **Description** | **Default Value** | **Required** |
+| --- | --- | --- | --- |
+| Username | The username to give to the newly created user. |  | Required |
+| Email | The email of the user to create. |  | Required |
+| OrgName | The name of the Code42 organization to create the user in. |  | Required |
+
+## Playbook Outputs
+---
+There are no outputs for this playbook.
+
+## Playbook Image
+---
+![Code42 Create User Playbook](Insert the link to your image here)
\ No newline at end of file

From 4bdc692e15333cf6322363a62ca8bff516760e33 Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Tue, 30 Jun 2020 16:42:14 +0000
Subject: [PATCH 14/24] Put back name

---
 .../Code42/IncidentFields/incidentfield-Code42_Alert_Type.json  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Type.json b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Type.json
index 2edb759f0a99..378fbc913cc9 100644
--- a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Type.json
+++ b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Type.json
@@ -18,7 +18,7 @@
 	"id": "incident_code42alerttype",
 	"isReadOnly": false,
 	"locked": false,
-	"name": "Code42 SecurityAlert Type",
+	"name": "Code42 Alert Type",
 	"neverSetAsRequired": false,
 	"ownerOnly": false,
 	"placeholder": "",

From 9b15713e0b5df1683af298bc5cbc4548410d36fd Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Tue, 30 Jun 2020 16:55:35 +0000
Subject: [PATCH 15/24] More straightening up

---
 Packs/Code42/Integrations/Code42/Code42.py    | 46 +++++++++++++------
 .../Code42/integration-Code42.yml             | 46 +++++++++++++------
 2 files changed, 64 insertions(+), 28 deletions(-)

diff --git a/Packs/Code42/Integrations/Code42/Code42.py b/Packs/Code42/Integrations/Code42/Code42.py
index 62cf4f30e61c..7504beed0ada 100644
--- a/Packs/Code42/Integrations/Code42/Code42.py
+++ b/Packs/Code42/Integrations/Code42/Code42.py
@@ -180,7 +180,7 @@ def _get_sdk(self):
         return self._sdk
 
     def add_user_to_departing_employee(self, username, departure_date=None, note=None):
-        user_id = self.get_user(username).get("userUid")
+        user_id = self._get_user_id(username)
         self._get_sdk().detectionlists.departing_employee.add(
             user_id, departure_date=departure_date
         )
@@ -189,7 +189,7 @@ def add_user_to_departing_employee(self, username, departure_date=None, note=Non
         return user_id
 
     def remove_user_from_departing_employee(self, username):
-        user_id = self.get_user(username).get("userUid")
+        user_id = self._get_user_id(username)
         self._get_sdk().detectionlists.departing_employee.remove(user_id)
         return user_id
 
@@ -208,26 +208,26 @@ def get_all_departing_employees(self, results):
         return res
 
     def add_user_to_high_risk_employee(self, username, note=None):
-        user_id = self.get_user(username).get("userUid")
+        user_id = self._get_user_id(username)
         self._get_sdk().detectionlists.high_risk_employee.add(user_id)
         if note:
             self._get_sdk().detectionlists.update_user_notes(user_id, note)
         return user_id
 
     def remove_user_from_high_risk_employee(self, username):
-        user_id = self.get_user(username).get("userUid")
+        user_id = self._get_user_id(username)
         self._get_sdk().detectionlists.high_risk_employee.remove(user_id)
         return user_id
 
     def add_user_risk_tags(self, username, risk_tags):
         risk_tags = _try_convert_str_list_to_list(risk_tags)
-        user_id = self.get_user(username).get("userUid")
+        user_id = self._get_user_id(username)
         self._get_sdk().detectionlists.add_user_risk_tags(user_id, risk_tags)
         return user_id
 
     def remove_user_risk_tags(self, username, risk_tags):
         risk_tags = _try_convert_str_list_to_list(risk_tags)
-        user_id = self.get_user(username).get("userUid")
+        user_id = self._get_user_id(username)
         self._get_sdk().detectionlists.remove_user_risk_tags(user_id, risk_tags)
         return user_id
 
@@ -246,8 +246,7 @@ def get_all_high_risk_employees(self, risk_tags, results):
 
     def fetch_alerts(self, start_time, event_severity_filter):
         query = _create_alert_query(event_severity_filter, start_time)
-        res = self._get_sdk().alerts.search(query)
-        return res["alerts"]
+        return self._get_sdk().alerts.search(query)["alerts"]
 
     def get_alert_details(self, alert_id):
         res = self._get_sdk().alerts.get_details(alert_id)["alerts"]
@@ -270,34 +269,35 @@ def get_user(self, username):
         return res[0]
 
     def create_user(self, org_name, username, email):
-        org_uid = self.get_org(org_name)["orgUid"]
+        org_uid = self._get_org_id(org_name)
         response = self._get_sdk().users.create_user(org_uid, username, email)
         return json.loads(response.text)
 
     def block_user(self, username):
-        user_id = self.get_user(username)["userId"]
+        user_id = self._get_legacy_user_id(username)
         self._get_sdk().users.block(user_id)
         return user_id
 
     def unblock_user(self, username):
-        user_id = self.get_user(username)["userId"]
+        user_id = self._get_legacy_user_id(username)
         self._get_sdk().users.unblock(user_id)
         return user_id
 
     def deactivate_user(self, username):
-        user_id = self.get_user(username)["userId"]
+        user_id = self._get_legacy_user_id(username)
         self._get_sdk().users.deactivate(user_id)
         return user_id
 
     def reactivate_user(self, username):
-        user_id = self.get_user(username)["userId"]
+        user_id = self._get_legacy_user_id(username)
         self._get_sdk().users.reactivate(user_id)
         return user_id
 
     def get_org(self, org_name):
         org_pages = self._get_sdk().orgs.get_all()
         for org_page in org_pages:
-            for org in org_page["orgs"]:
+            orgs = org_page["orgs"] or []
+            for org in orgs:
                 if org["orgName"] == org_name:
                     return org
         raise Exception("No org found with name {0}.".format(org_name))
@@ -306,6 +306,24 @@ def search_file_events(self, payload):
         res = self._get_sdk().securitydata.search_file_events(payload)
         return res["fileEvents"]
 
+    def _get_user_id(self, username):
+        user_id = self.get_user(username).get("userUid")
+        if user_id:
+            return user_id
+        raise Exception("No user ID found for username {0}.".format(username))
+
+    def _get_legacy_user_id(self, username):
+        user_id = self.get_user(username).get("userId")
+        if user_id:
+            return user_id
+        raise Exception("No user ID found for username {0}.".format(username))
+
+    def _get_org_id(self, org_name):
+        org_uid = self.get_org(org_name).get("orgUid")
+        if org_uid:
+            return org_uid
+        raise Exception("No organization ID found for organization with name {0}.".format(org_name))
+
 
 class Code42SearchFilters(object):
     def __init__(self):
diff --git a/Packs/Code42/Integrations/Code42/integration-Code42.yml b/Packs/Code42/Integrations/Code42/integration-Code42.yml
index 6bf67288bd1e..a62db37adc23 100644
--- a/Packs/Code42/Integrations/Code42/integration-Code42.yml
+++ b/Packs/Code42/Integrations/Code42/integration-Code42.yml
@@ -788,7 +788,7 @@ script:
             return self._sdk
 
         def add_user_to_departing_employee(self, username, departure_date=None, note=None):
-            user_id = self.get_user(username).get("userUid")
+            user_id = self._get_user_id(username)
             self._get_sdk().detectionlists.departing_employee.add(
                 user_id, departure_date=departure_date
             )
@@ -797,7 +797,7 @@ script:
             return user_id
 
         def remove_user_from_departing_employee(self, username):
-            user_id = self.get_user(username).get("userUid")
+            user_id = self._get_user_id(username)
             self._get_sdk().detectionlists.departing_employee.remove(user_id)
             return user_id
 
@@ -816,26 +816,26 @@ script:
             return res
 
         def add_user_to_high_risk_employee(self, username, note=None):
-            user_id = self.get_user(username).get("userUid")
+            user_id = self._get_user_id(username)
             self._get_sdk().detectionlists.high_risk_employee.add(user_id)
             if note:
                 self._get_sdk().detectionlists.update_user_notes(user_id, note)
             return user_id
 
         def remove_user_from_high_risk_employee(self, username):
-            user_id = self.get_user(username).get("userUid")
+            user_id = self._get_user_id(username)
             self._get_sdk().detectionlists.high_risk_employee.remove(user_id)
             return user_id
 
         def add_user_risk_tags(self, username, risk_tags):
             risk_tags = _try_convert_str_list_to_list(risk_tags)
-            user_id = self.get_user(username).get("userUid")
+            user_id = self._get_user_id(username)
             self._get_sdk().detectionlists.add_user_risk_tags(user_id, risk_tags)
             return user_id
 
         def remove_user_risk_tags(self, username, risk_tags):
             risk_tags = _try_convert_str_list_to_list(risk_tags)
-            user_id = self.get_user(username).get("userUid")
+            user_id = self._get_user_id(username)
             self._get_sdk().detectionlists.remove_user_risk_tags(user_id, risk_tags)
             return user_id
 
@@ -854,8 +854,7 @@ script:
 
         def fetch_alerts(self, start_time, event_severity_filter):
             query = _create_alert_query(event_severity_filter, start_time)
-            res = self._get_sdk().alerts.search(query)
-            return res["alerts"]
+            return self._get_sdk().alerts.search(query)["alerts"]
 
         def get_alert_details(self, alert_id):
             res = self._get_sdk().alerts.get_details(alert_id)["alerts"]
@@ -878,34 +877,35 @@ script:
             return res[0]
 
         def create_user(self, org_name, username, email):
-            org_uid = self.get_org(org_name)["orgUid"]
+            org_uid = self._get_org_id(org_name)
             response = self._get_sdk().users.create_user(org_uid, username, email)
             return json.loads(response.text)
 
         def block_user(self, username):
-            user_id = self.get_user(username)["userId"]
+            user_id = self._get_legacy_user_id(username)
             self._get_sdk().users.block(user_id)
             return user_id
 
         def unblock_user(self, username):
-            user_id = self.get_user(username)["userId"]
+            user_id = self._get_legacy_user_id(username)
             self._get_sdk().users.unblock(user_id)
             return user_id
 
         def deactivate_user(self, username):
-            user_id = self.get_user(username)["userId"]
+            user_id = self._get_legacy_user_id(username)
             self._get_sdk().users.deactivate(user_id)
             return user_id
 
         def reactivate_user(self, username):
-            user_id = self.get_user(username)["userId"]
+            user_id = self._get_legacy_user_id(username)
             self._get_sdk().users.reactivate(user_id)
             return user_id
 
         def get_org(self, org_name):
             org_pages = self._get_sdk().orgs.get_all()
             for org_page in org_pages:
-                for org in org_page["orgs"]:
+                orgs = org_page["orgs"] or []
+                for org in orgs:
                     if org["orgName"] == org_name:
                         return org
             raise Exception("No org found with name {0}.".format(org_name))
@@ -914,6 +914,24 @@ script:
             res = self._get_sdk().securitydata.search_file_events(payload)
             return res["fileEvents"]
 
+        def _get_user_id(self, username):
+            user_id = self.get_user(username).get("userUid")
+            if user_id:
+                return user_id
+            raise Exception("No user ID found for username {0}.".format(username))
+
+        def _get_legacy_user_id(self, username):
+            user_id = self.get_user(username).get("userId")
+            if user_id:
+                return user_id
+            raise Exception("No user ID found for username {0}.".format(username))
+
+        def _get_org_id(self, org_name):
+            org_uid = self.get_org(org_name).get("orgUid")
+            if org_uid:
+                return org_uid
+            raise Exception("No organization ID found for organization with name {0}.".format(org_name))
+
 
     class Code42SearchFilters(object):
         def __init__(self):

From 0fa1238a52c547ea1111fc9708c752dab5b0f6f6 Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Tue, 30 Jun 2020 17:01:25 +0000
Subject: [PATCH 16/24] Clean up

---
 Packs/Code42/Integrations/Code42/Code42.py    | 36 ++++++++-----------
 .../Code42/integration-Code42.yml             | 36 ++++++++-----------
 2 files changed, 30 insertions(+), 42 deletions(-)

diff --git a/Packs/Code42/Integrations/Code42/Code42.py b/Packs/Code42/Integrations/Code42/Code42.py
index 7504beed0ada..d2d129d1a05d 100644
--- a/Packs/Code42/Integrations/Code42/Code42.py
+++ b/Packs/Code42/Integrations/Code42/Code42.py
@@ -200,11 +200,10 @@ def get_all_departing_employees(self, results):
         for page in pages:
             # Note: page is a `Py42Response` and has no `get()` method.
             employees = page["items"]
-            if employees:
-                for employee in employees:
-                    res.append(employee)
-                    if results and len(res) == results:
-                        return res
+            for employee in employees:
+                res.append(employee)
+                if results and len(res) == results:
+                    return res
         return res
 
     def add_user_to_high_risk_employee(self, username, note=None):
@@ -246,7 +245,8 @@ def get_all_high_risk_employees(self, risk_tags, results):
 
     def fetch_alerts(self, start_time, event_severity_filter):
         query = _create_alert_query(event_severity_filter, start_time)
-        return self._get_sdk().alerts.search(query)["alerts"]
+        res = self._get_sdk().alerts.search(query)
+        return res["alerts"]
 
     def get_alert_details(self, alert_id):
         res = self._get_sdk().alerts.get_details(alert_id)["alerts"]
@@ -296,9 +296,9 @@ def reactivate_user(self, username):
     def get_org(self, org_name):
         org_pages = self._get_sdk().orgs.get_all()
         for org_page in org_pages:
-            orgs = org_page["orgs"] or []
+            orgs = org_page["orgs"]
             for org in orgs:
-                if org["orgName"] == org_name:
+                if org.get("orgName") == org_name:
                     return org
         raise Exception("No org found with name {0}.".format(org_name))
 
@@ -472,26 +472,20 @@ def map(self):
 
     def _create_search_args(self):
         filters = FileEventQueryFilters()
-        begin_time = None
-        end_time = None
         exposure_types = self._observation_data.get("exposureTypes")
         first_activity = self._observation_data.get("firstActivityAt")
         last_activity = self._observation_data.get("lastActivityAt")
+        filters.append(self._create_user_filter())
         if first_activity:
-            begin_time = _convert_date_arg_to_epoch(self._observation_data.get("firstActivityAt"))
-
+            begin_time = _convert_date_arg_to_epoch(first_activity)
+            if begin_time:
+                filters.append(EventTimestamp.on_or_after(begin_time))
         if last_activity:
-            end_time = _convert_date_arg_to_epoch(self._observation_data["lastActivityAt"])
-
-        filters.append(self._create_user_filter())
-
-        if begin_time:
-            filters.append(EventTimestamp.on_or_after(begin_time))
-        if end_time:
-            filters.append(EventTimestamp.on_or_before(end_time))
+            end_time = _convert_date_arg_to_epoch(last_activity)
+            if end_time:
+                filters.append(EventTimestamp.on_or_before(end_time))
         filters.extend(self._create_exposure_filters(exposure_types))
         filters.append(self._create_file_category_filters())
-
         return filters
 
     @logger
diff --git a/Packs/Code42/Integrations/Code42/integration-Code42.yml b/Packs/Code42/Integrations/Code42/integration-Code42.yml
index a62db37adc23..b2413adbad67 100644
--- a/Packs/Code42/Integrations/Code42/integration-Code42.yml
+++ b/Packs/Code42/Integrations/Code42/integration-Code42.yml
@@ -808,11 +808,10 @@ script:
             for page in pages:
                 # Note: page is a `Py42Response` and has no `get()` method.
                 employees = page["items"]
-                if employees:
-                    for employee in employees:
-                        res.append(employee)
-                        if results and len(res) == results:
-                            return res
+                for employee in employees:
+                    res.append(employee)
+                    if results and len(res) == results:
+                        return res
             return res
 
         def add_user_to_high_risk_employee(self, username, note=None):
@@ -854,7 +853,8 @@ script:
 
         def fetch_alerts(self, start_time, event_severity_filter):
             query = _create_alert_query(event_severity_filter, start_time)
-            return self._get_sdk().alerts.search(query)["alerts"]
+            res = self._get_sdk().alerts.search(query)
+            return res["alerts"]
 
         def get_alert_details(self, alert_id):
             res = self._get_sdk().alerts.get_details(alert_id)["alerts"]
@@ -904,9 +904,9 @@ script:
         def get_org(self, org_name):
             org_pages = self._get_sdk().orgs.get_all()
             for org_page in org_pages:
-                orgs = org_page["orgs"] or []
+                orgs = org_page["orgs"]
                 for org in orgs:
-                    if org["orgName"] == org_name:
+                    if org.get("orgName") == org_name:
                         return org
             raise Exception("No org found with name {0}.".format(org_name))
 
@@ -1081,26 +1081,20 @@ script:
 
         def _create_search_args(self):
             filters = FileEventQueryFilters()
-            begin_time = None
-            end_time = None
             exposure_types = self._observation_data.get("exposureTypes")
             first_activity = self._observation_data.get("firstActivityAt")
             last_activity = self._observation_data.get("lastActivityAt")
+            filters.append(self._create_user_filter())
             if first_activity:
-                begin_time = _convert_date_arg_to_epoch(self._observation_data.get("firstActivityAt"))
-
+                begin_time = _convert_date_arg_to_epoch(first_activity)
+                if begin_time:
+                    filters.append(EventTimestamp.on_or_after(begin_time))
             if last_activity:
-                end_time = _convert_date_arg_to_epoch(self._observation_data["lastActivityAt"])
-
-            filters.append(self._create_user_filter())
-
-            if begin_time:
-                filters.append(EventTimestamp.on_or_after(begin_time))
-            if end_time:
-                filters.append(EventTimestamp.on_or_before(end_time))
+                end_time = _convert_date_arg_to_epoch(last_activity)
+                if end_time:
+                    filters.append(EventTimestamp.on_or_before(end_time))
             filters.extend(self._create_exposure_filters(exposure_types))
             filters.append(self._create_file_category_filters())
-
             return filters
 
         @logger

From 09e457a7204805fe31998b81ab8eb2ee246de074 Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Tue, 30 Jun 2020 17:03:37 +0000
Subject: [PATCH 17/24] Share exception

---
 Packs/Code42/Integrations/Code42/Code42.py              | 7 +++++--
 Packs/Code42/Integrations/Code42/integration-Code42.yml | 7 +++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/Packs/Code42/Integrations/Code42/Code42.py b/Packs/Code42/Integrations/Code42/Code42.py
index d2d129d1a05d..39858d25f5a2 100644
--- a/Packs/Code42/Integrations/Code42/Code42.py
+++ b/Packs/Code42/Integrations/Code42/Code42.py
@@ -310,13 +310,13 @@ def _get_user_id(self, username):
         user_id = self.get_user(username).get("userUid")
         if user_id:
             return user_id
-        raise Exception("No user ID found for username {0}.".format(username))
+        raise Code42UserIDNotFoundError(username)
 
     def _get_legacy_user_id(self, username):
         user_id = self.get_user(username).get("userId")
         if user_id:
             return user_id
-        raise Exception("No user ID found for username {0}.".format(username))
+        raise Code42UserIDNotFoundError(username)
 
     def _get_org_id(self, org_name):
         org_uid = self.get_org(org_name).get("orgUid")
@@ -325,6 +325,9 @@ def _get_org_id(self, org_name):
         raise Exception("No organization ID found for organization with name {0}.".format(org_name))
 
 
+class Code42UserIDNotFoundError(Exception):
+    def __init__(self, username):
+        super(Code42UserIDNotFoundError, self).__init__("No user ID found for username {0}.".format(username))
 class Code42SearchFilters(object):
     def __init__(self):
         self._filters = []
diff --git a/Packs/Code42/Integrations/Code42/integration-Code42.yml b/Packs/Code42/Integrations/Code42/integration-Code42.yml
index b2413adbad67..7288c8b863a6 100644
--- a/Packs/Code42/Integrations/Code42/integration-Code42.yml
+++ b/Packs/Code42/Integrations/Code42/integration-Code42.yml
@@ -918,13 +918,13 @@ script:
             user_id = self.get_user(username).get("userUid")
             if user_id:
                 return user_id
-            raise Exception("No user ID found for username {0}.".format(username))
+            raise Code42UserIDNotFoundError(username)
 
         def _get_legacy_user_id(self, username):
             user_id = self.get_user(username).get("userId")
             if user_id:
                 return user_id
-            raise Exception("No user ID found for username {0}.".format(username))
+            raise Code42UserIDNotFoundError(username)
 
         def _get_org_id(self, org_name):
             org_uid = self.get_org(org_name).get("orgUid")
@@ -933,6 +933,9 @@ script:
             raise Exception("No organization ID found for organization with name {0}.".format(org_name))
 
 
+    class Code42UserIDNotFoundError(Exception):
+        def __init__(self, username):
+            super(Code42UserIDNotFoundError, self).__init__("No user ID found for username {0}.".format(username))
     class Code42SearchFilters(object):
         def __init__(self):
             self._filters = []

From 8c34de907eb051aef3fc03722ba23b3ac172c53b Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Tue, 30 Jun 2020 17:04:24 +0000
Subject: [PATCH 18/24] Format

---
 Packs/Code42/Integrations/Code42/Code42.py              | 6 +++++-
 Packs/Code42/Integrations/Code42/integration-Code42.yml | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/Packs/Code42/Integrations/Code42/Code42.py b/Packs/Code42/Integrations/Code42/Code42.py
index 39858d25f5a2..88daae23c71a 100644
--- a/Packs/Code42/Integrations/Code42/Code42.py
+++ b/Packs/Code42/Integrations/Code42/Code42.py
@@ -327,7 +327,11 @@ def _get_org_id(self, org_name):
 
 class Code42UserIDNotFoundError(Exception):
     def __init__(self, username):
-        super(Code42UserIDNotFoundError, self).__init__("No user ID found for username {0}.".format(username))
+        super(Code42UserIDNotFoundError, self).__init__(
+            "No user ID found for username {0}.".format(username)
+        )
+
+
 class Code42SearchFilters(object):
     def __init__(self):
         self._filters = []
diff --git a/Packs/Code42/Integrations/Code42/integration-Code42.yml b/Packs/Code42/Integrations/Code42/integration-Code42.yml
index 7288c8b863a6..c946ccd3abba 100644
--- a/Packs/Code42/Integrations/Code42/integration-Code42.yml
+++ b/Packs/Code42/Integrations/Code42/integration-Code42.yml
@@ -935,7 +935,11 @@ script:
 
     class Code42UserIDNotFoundError(Exception):
         def __init__(self, username):
-            super(Code42UserIDNotFoundError, self).__init__("No user ID found for username {0}.".format(username))
+            super(Code42UserIDNotFoundError, self).__init__(
+                "No user ID found for username {0}.".format(username)
+            )
+
+
     class Code42SearchFilters(object):
         def __init__(self):
             self._filters = []

From 8375a47acc2cbb4aa7ade143e47ea613ca6d653f Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Tue, 30 Jun 2020 18:09:23 +0000
Subject: [PATCH 19/24] Make params required

---
 Packs/Code42/Integrations/Code42/Code42.yml             | 4 ++--
 Packs/Code42/Integrations/Code42/integration-Code42.yml | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Packs/Code42/Integrations/Code42/Code42.yml b/Packs/Code42/Integrations/Code42/Code42.yml
index c8536bdbe8d1..1315f1bff0f0 100644
--- a/Packs/Code42/Integrations/Code42/Code42.yml
+++ b/Packs/Code42/Integrations/Code42/Code42.yml
@@ -554,7 +554,7 @@ script:
       description: The username of the user to deactivate.
       isArray: false
       name: username
-      required: false
+      required: true
       secret: false
     deprecated: false
     description: Deactivate a user in Code42; signing them out of their devices. Backups
@@ -586,7 +586,7 @@ script:
       description: The username of the user to reactivate.
       isArray: false
       name: username
-      required: false
+      required: true
       secret: false
     deprecated: false
     description: Reactivates the user with the given username.
diff --git a/Packs/Code42/Integrations/Code42/integration-Code42.yml b/Packs/Code42/Integrations/Code42/integration-Code42.yml
index c946ccd3abba..fde1cc85c9b4 100644
--- a/Packs/Code42/Integrations/Code42/integration-Code42.yml
+++ b/Packs/Code42/Integrations/Code42/integration-Code42.yml
@@ -540,7 +540,7 @@ script:
       description: The username of the user to deactivate.
       isArray: false
       name: username
-      required: false
+      required: true
       secret: false
     deprecated: false
     description: Deactivate a user in Code42; signing them out of their devices. Backups discontinue for a deactivated user, and their archives go to cold storage.
@@ -570,7 +570,7 @@ script:
       description: The username of the user to reactivate.
       isArray: false
       name: username
-      required: false
+      required: true
       secret: false
     deprecated: false
     description: Reactivates the user with the given username.

From a1a1afad5560bd2691a29c5a77a64693fa88d3ca Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Tue, 30 Jun 2020 18:22:41 +0000
Subject: [PATCH 20/24] Remove unneeded try catches

---
 Packs/Code42/Integrations/Code42/Code42.py | 123 +++++++++------------
 1 file changed, 54 insertions(+), 69 deletions(-)

diff --git a/Packs/Code42/Integrations/Code42/Code42.py b/Packs/Code42/Integrations/Code42/Code42.py
index 88daae23c71a..d41e088ea299 100644
--- a/Packs/Code42/Integrations/Code42/Code42.py
+++ b/Packs/Code42/Integrations/Code42/Code42.py
@@ -849,91 +849,76 @@ def user_create_command(client, args):
     org_name = args.get("orgname")
     username = args.get("username")
     email = args.get("email")
-    try:
-        res = client.create_user(org_name, username, email)
-        outputs = {
-            "Username": res.get("username"),
-            "UserID": res.get("userUid"),
-            "Email": res.get("email"),
-        }
-        readable_outputs = tableToMarkdown("Code42 User Created", outputs)
-        return CommandResults(
-            outputs_prefix="Code42.User",
-            outputs_key_field="UserID",
-            outputs=outputs,
-            readable_output=readable_outputs,
-            raw_response=res,
-        )
-    except Exception as e:
-        return_error(create_command_error_message(demisto.command(), e))
+    res = client.create_user(org_name, username, email)
+    outputs = {
+        "Username": res.get("username"),
+        "UserID": res.get("userUid"),
+        "Email": res.get("email"),
+    }
+    readable_outputs = tableToMarkdown("Code42 User Created", outputs)
+    return CommandResults(
+        outputs_prefix="Code42.User",
+        outputs_key_field="UserID",
+        outputs=outputs,
+        readable_output=readable_outputs,
+        raw_response=res,
+    )
 
 
 def user_block_command(client, args):
     username = args.get("username")
-    try:
-        user_id = client.block_user(username)
-        outputs = {"UserID": user_id}
-        readable_outputs = tableToMarkdown("Code42 User Blocked", outputs)
-        return CommandResults(
-            outputs_prefix="Code42.User",
-            outputs_key_field="UserID",
-            outputs=outputs,
-            readable_output=readable_outputs,
-            raw_response=user_id,
-        )
-    except Exception as e:
-        return_error(create_command_error_message(demisto.command(), e))
+    user_id = client.block_user(username)
+    outputs = {"UserID": user_id}
+    readable_outputs = tableToMarkdown("Code42 User Blocked", outputs)
+    return CommandResults(
+        outputs_prefix="Code42.User",
+        outputs_key_field="UserID",
+        outputs=outputs,
+        readable_output=readable_outputs,
+        raw_response=user_id,
+    )
 
 
 def user_unblock_command(client, args):
     username = args.get("username")
-    try:
-        user_id = client.unblock_user(username)
-        outputs = {"UserID": user_id}
-        readable_outputs = tableToMarkdown("Code42 User Unblocked", outputs)
-        return CommandResults(
-            outputs_prefix="Code42.User",
-            outputs_key_field="UserID",
-            outputs=outputs,
-            readable_output=readable_outputs,
-            raw_response=user_id,
-        )
-    except Exception as e:
-        return_error(create_command_error_message(demisto.command(), e))
+    user_id = client.unblock_user(username)
+    outputs = {"UserID": user_id}
+    readable_outputs = tableToMarkdown("Code42 User Unblocked", outputs)
+    return CommandResults(
+        outputs_prefix="Code42.User",
+        outputs_key_field="UserID",
+        outputs=outputs,
+        readable_output=readable_outputs,
+        raw_response=user_id,
+    )
 
 
 def user_deactivate_command(client, args):
     username = args.get("username")
-    try:
-        user_id = client.deactivate_user(username)
-        outputs = {"UserID": user_id}
-        readable_outputs = tableToMarkdown("Code42 User Deactivated", outputs)
-        return CommandResults(
-            outputs_prefix="Code42.User",
-            outputs_key_field="UserID",
-            outputs=outputs,
-            readable_output=readable_outputs,
-            raw_response=user_id,
-        )
-    except Exception as e:
-        return_error(create_command_error_message(demisto.command(), e))
+    user_id = client.deactivate_user(username)
+    outputs = {"UserID": user_id}
+    readable_outputs = tableToMarkdown("Code42 User Deactivated", outputs)
+    return CommandResults(
+        outputs_prefix="Code42.User",
+        outputs_key_field="UserID",
+        outputs=outputs,
+        readable_output=readable_outputs,
+        raw_response=user_id,
+    )
 
 
 def user_reactivate_command(client, args):
     username = args.get("username")
-    try:
-        user_id = client.reactivate_user(username)
-        outputs = {"UserID": user_id}
-        readable_outputs = tableToMarkdown("Code42 User Reactivated", outputs)
-        return CommandResults(
-            outputs_prefix="Code42.User",
-            outputs_key_field="UserID",
-            outputs=outputs,
-            readable_output=readable_outputs,
-            raw_response=user_id,
-        )
-    except Exception as e:
-        return_error(create_command_error_message(demisto.command(), e))
+    user_id = client.reactivate_user(username)
+    outputs = {"UserID": user_id}
+    readable_outputs = tableToMarkdown("Code42 User Reactivated", outputs)
+    return CommandResults(
+        outputs_prefix="Code42.User",
+        outputs_key_field="UserID",
+        outputs=outputs,
+        readable_output=readable_outputs,
+        raw_response=user_id,
+    )
 
 
 """Fetching"""

From cd793e7487cdb37088b274ff81f5787d4fc2785c Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Tue, 30 Jun 2020 18:22:52 +0000
Subject: [PATCH 21/24] gen yml

---
 .../Code42/integration-Code42.yml             | 123 ++++++++----------
 1 file changed, 54 insertions(+), 69 deletions(-)

diff --git a/Packs/Code42/Integrations/Code42/integration-Code42.yml b/Packs/Code42/Integrations/Code42/integration-Code42.yml
index fde1cc85c9b4..8354226e02df 100644
--- a/Packs/Code42/Integrations/Code42/integration-Code42.yml
+++ b/Packs/Code42/Integrations/Code42/integration-Code42.yml
@@ -1474,91 +1474,76 @@ script:
         org_name = args.get("orgname")
         username = args.get("username")
         email = args.get("email")
-        try:
-            res = client.create_user(org_name, username, email)
-            outputs = {
-                "Username": res.get("username"),
-                "UserID": res.get("userUid"),
-                "Email": res.get("email"),
-            }
-            readable_outputs = tableToMarkdown("Code42 User Created", outputs)
-            return CommandResults(
-                outputs_prefix="Code42.User",
-                outputs_key_field="UserID",
-                outputs=outputs,
-                readable_output=readable_outputs,
-                raw_response=res,
-            )
-        except Exception as e:
-            return_error(create_command_error_message(demisto.command(), e))
+        res = client.create_user(org_name, username, email)
+        outputs = {
+            "Username": res.get("username"),
+            "UserID": res.get("userUid"),
+            "Email": res.get("email"),
+        }
+        readable_outputs = tableToMarkdown("Code42 User Created", outputs)
+        return CommandResults(
+            outputs_prefix="Code42.User",
+            outputs_key_field="UserID",
+            outputs=outputs,
+            readable_output=readable_outputs,
+            raw_response=res,
+        )
 
 
     def user_block_command(client, args):
         username = args.get("username")
-        try:
-            user_id = client.block_user(username)
-            outputs = {"UserID": user_id}
-            readable_outputs = tableToMarkdown("Code42 User Blocked", outputs)
-            return CommandResults(
-                outputs_prefix="Code42.User",
-                outputs_key_field="UserID",
-                outputs=outputs,
-                readable_output=readable_outputs,
-                raw_response=user_id,
-            )
-        except Exception as e:
-            return_error(create_command_error_message(demisto.command(), e))
+        user_id = client.block_user(username)
+        outputs = {"UserID": user_id}
+        readable_outputs = tableToMarkdown("Code42 User Blocked", outputs)
+        return CommandResults(
+            outputs_prefix="Code42.User",
+            outputs_key_field="UserID",
+            outputs=outputs,
+            readable_output=readable_outputs,
+            raw_response=user_id,
+        )
 
 
     def user_unblock_command(client, args):
         username = args.get("username")
-        try:
-            user_id = client.unblock_user(username)
-            outputs = {"UserID": user_id}
-            readable_outputs = tableToMarkdown("Code42 User Unblocked", outputs)
-            return CommandResults(
-                outputs_prefix="Code42.User",
-                outputs_key_field="UserID",
-                outputs=outputs,
-                readable_output=readable_outputs,
-                raw_response=user_id,
-            )
-        except Exception as e:
-            return_error(create_command_error_message(demisto.command(), e))
+        user_id = client.unblock_user(username)
+        outputs = {"UserID": user_id}
+        readable_outputs = tableToMarkdown("Code42 User Unblocked", outputs)
+        return CommandResults(
+            outputs_prefix="Code42.User",
+            outputs_key_field="UserID",
+            outputs=outputs,
+            readable_output=readable_outputs,
+            raw_response=user_id,
+        )
 
 
     def user_deactivate_command(client, args):
         username = args.get("username")
-        try:
-            user_id = client.deactivate_user(username)
-            outputs = {"UserID": user_id}
-            readable_outputs = tableToMarkdown("Code42 User Deactivated", outputs)
-            return CommandResults(
-                outputs_prefix="Code42.User",
-                outputs_key_field="UserID",
-                outputs=outputs,
-                readable_output=readable_outputs,
-                raw_response=user_id,
-            )
-        except Exception as e:
-            return_error(create_command_error_message(demisto.command(), e))
+        user_id = client.deactivate_user(username)
+        outputs = {"UserID": user_id}
+        readable_outputs = tableToMarkdown("Code42 User Deactivated", outputs)
+        return CommandResults(
+            outputs_prefix="Code42.User",
+            outputs_key_field="UserID",
+            outputs=outputs,
+            readable_output=readable_outputs,
+            raw_response=user_id,
+        )
 
 
     def user_reactivate_command(client, args):
         username = args.get("username")
-        try:
-            user_id = client.reactivate_user(username)
-            outputs = {"UserID": user_id}
-            readable_outputs = tableToMarkdown("Code42 User Reactivated", outputs)
-            return CommandResults(
-                outputs_prefix="Code42.User",
-                outputs_key_field="UserID",
-                outputs=outputs,
-                readable_output=readable_outputs,
-                raw_response=user_id,
-            )
-        except Exception as e:
-            return_error(create_command_error_message(demisto.command(), e))
+        user_id = client.reactivate_user(username)
+        outputs = {"UserID": user_id}
+        readable_outputs = tableToMarkdown("Code42 User Reactivated", outputs)
+        return CommandResults(
+            outputs_prefix="Code42.User",
+            outputs_key_field="UserID",
+            outputs=outputs,
+            readable_output=readable_outputs,
+            raw_response=user_id,
+        )
 
 
     """Fetching"""

From bfd4a06273ad519840d60b941166c503696143e1 Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Tue, 30 Jun 2020 23:00:11 +0000
Subject: [PATCH 22/24] Shared errors

---
 Packs/Code42/Integrations/Code42/Code42.py | 29 +++++++++++++++-------
 1 file changed, 20 insertions(+), 9 deletions(-)

diff --git a/Packs/Code42/Integrations/Code42/Code42.py b/Packs/Code42/Integrations/Code42/Code42.py
index d41e088ea299..cc66da7bb198 100644
--- a/Packs/Code42/Integrations/Code42/Code42.py
+++ b/Packs/Code42/Integrations/Code42/Code42.py
@@ -251,7 +251,7 @@ def fetch_alerts(self, start_time, event_severity_filter):
     def get_alert_details(self, alert_id):
         res = self._get_sdk().alerts.get_details(alert_id)["alerts"]
         if not res:
-            raise Exception("No alert found with ID {0}.".format(alert_id))
+            raise Code42AlertNotFoundError(alert_id)
         return res[0]
 
     def resolve_alert(self, id):
@@ -265,7 +265,7 @@ def get_current_user(self):
     def get_user(self, username):
         res = self._get_sdk().users.get_by_username(username)["users"]
         if not res:
-            raise Exception("No user found with username {0}.".format(username))
+            raise Code42UserNotFoundError(username)
         return res[0]
 
     def create_user(self, org_name, username, email):
@@ -300,7 +300,7 @@ def get_org(self, org_name):
             for org in orgs:
                 if org.get("orgName") == org_name:
                     return org
-        raise Exception("No org found with name {0}.".format(org_name))
+        raise Code42OrgNotFoundError(org_name)
 
     def search_file_events(self, payload):
         res = self._get_sdk().securitydata.search_file_events(payload)
@@ -310,28 +310,39 @@ def _get_user_id(self, username):
         user_id = self.get_user(username).get("userUid")
         if user_id:
             return user_id
-        raise Code42UserIDNotFoundError(username)
+        raise Code42UserNotFoundError(username)
 
     def _get_legacy_user_id(self, username):
         user_id = self.get_user(username).get("userId")
         if user_id:
             return user_id
-        raise Code42UserIDNotFoundError(username)
+        raise Code42UserNotFoundError(username)
 
     def _get_org_id(self, org_name):
         org_uid = self.get_org(org_name).get("orgUid")
         if org_uid:
             return org_uid
-        raise Exception("No organization ID found for organization with name {0}.".format(org_name))
+        raise Code42OrgNotFoundError(org_name)
 
 
-class Code42UserIDNotFoundError(Exception):
+class Code42AlertNotFoundError(Exception):
+    def __init__(self, alert_id):
+        super(Code42AlertNotFoundError, self).__init__("No alert found with ID {0}.".format(alert_id))
+
+
+class Code42UserNotFoundError(Exception):
     def __init__(self, username):
-        super(Code42UserIDNotFoundError, self).__init__(
-            "No user ID found for username {0}.".format(username)
+        super(Code42UserNotFoundError, self).__init__(
+            "No user found with username {0}.".format(username)
         )
 
 
+class Code42OrgNotFoundError(Exception):
+    def __init__(self, org_name):
+        super(Code42OrgNotFoundError, self).__init__(
+            "No organization found with name {0}.".format(org_name)
+        )
+
 class Code42SearchFilters(object):
     def __init__(self):
         self._filters = []

From 52079122586972af4830b8698288ebff9eafff08 Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Tue, 30 Jun 2020 23:04:01 +0000
Subject: [PATCH 23/24] Anomalize

---
 Packs/Code42/Integrations/Code42/Code42.py    |  5 ++-
 Packs/Code42/Integrations/Code42/README.md    | 26 +++++++--------
 .../Code42/integration-Code42.yml             | 32 +++++++++++++------
 3 files changed, 40 insertions(+), 23 deletions(-)

diff --git a/Packs/Code42/Integrations/Code42/Code42.py b/Packs/Code42/Integrations/Code42/Code42.py
index cc66da7bb198..23dfcbe25f12 100644
--- a/Packs/Code42/Integrations/Code42/Code42.py
+++ b/Packs/Code42/Integrations/Code42/Code42.py
@@ -327,7 +327,9 @@ def _get_org_id(self, org_name):
 
 class Code42AlertNotFoundError(Exception):
     def __init__(self, alert_id):
-        super(Code42AlertNotFoundError, self).__init__("No alert found with ID {0}.".format(alert_id))
+        super(Code42AlertNotFoundError, self).__init__(
+            "No alert found with ID {0}.".format(alert_id)
+        )
 
 
 class Code42UserNotFoundError(Exception):
@@ -343,6 +345,7 @@ def __init__(self, org_name):
             "No organization found with name {0}.".format(org_name)
         )
 
+
 class Code42SearchFilters(object):
     def __init__(self):
         self._filters = []
diff --git a/Packs/Code42/Integrations/Code42/README.md b/Packs/Code42/Integrations/Code42/README.md
index 32d7d7447883..5ad1a1e2e4ca 100644
--- a/Packs/Code42/Integrations/Code42/README.md
+++ b/Packs/Code42/Integrations/Code42/README.md
@@ -303,16 +303,16 @@ Get all employees on the Departing Employee List.
 |DepartureDate|Note|UserID|Username|
 |---|---|---|---|
 |  | test | 921286907298179098 | user1@example.com |
-| 2020-07-20 | This is added using csv file to test bulk adding of users to high risk employee list | 948938588694228306 | sagar.patel+l2@code42.com |
+| 2020-07-20 | This is added using csv file to test bulk adding of users to high risk employee list | 948938588694228306 | user1@example.com |
 |  |  | 912249223544144039 | unicode@example.com |
 |  |  | 894165832411107815 | testuser@example.com |
-|  | L3 security risk | 949093399968329042 | sagar.patel+l3@code42.com |
-|  | tests and more tests | 942897397520286581 | kiran.chaudhary+partner@code42.com |
-|  |  | 906619740182876328 | resilient.ibm.user@example.com |
-|  |  | 906619632003387560 | resilient.ibm.admin@example.com |
-|  |  | 912338501981077099 | mike.mccollow+testair@code42.com |
-|  | leaving for competition | 951984198921509692 | john.anderson@qrstinc.com |
-|  | Leaving for competitor | 895005723650937319 | alan.grgic+sacumen@code42.com |
+|  | L3 security risk | 949093399968329042 | user2@example.com |
+|  | tests and more tests | 942897397520286581 | user3@example.com |
+|  |  | 906619740182876328 | user4@example.com |
+|  |  | 906619632003387560 | user5@example.com |
+|  |  | 912338501981077099 | user6@example.com |
+|  | leaving for competition | 951984198921509692 | user7@example.com.com |
+|  | Leaving for competitor | 895005723650937319 | user8@example.com |
 
 
 ### code42-highriskemployee-add
@@ -465,11 +465,11 @@ Get all employees on the High Risk Employee List.
 ### Retrieved All High Risk Employees
 |Note|UserID|Username|
 |---|---|---|
-| tests and more tests | 942897397520286581 | kiran.chaudhary+partner@code42.com |
-| Leaving for competitor | 895005723650937319 | alan.grgic+sacumen@code42.com |
-| Test user addition from XSOAR | 912098363086307495 | spatel@code42.com |
-| test | 921286907298179098 | juliya.smith+partners@code42.com |
-| Risky activity | 942876157732602741 | partner.demisto@example.com |
+| tests and more tests | 942897397520286581 | user1@example.com |
+| Leaving for competitor | 895005723650937319 | user2@example.com |
+| Test user addition from XSOAR | 912098363086307495 | user3@example.com |
+| test | 921286907298179098 | user4@example.com |
+| Risky activity | 942876157732602741 | user5@example.com |
 
 
 ### code42-highriskemployee-add-risk-tags
diff --git a/Packs/Code42/Integrations/Code42/integration-Code42.yml b/Packs/Code42/Integrations/Code42/integration-Code42.yml
index 8354226e02df..80c39d1cad62 100644
--- a/Packs/Code42/Integrations/Code42/integration-Code42.yml
+++ b/Packs/Code42/Integrations/Code42/integration-Code42.yml
@@ -859,7 +859,7 @@ script:
         def get_alert_details(self, alert_id):
             res = self._get_sdk().alerts.get_details(alert_id)["alerts"]
             if not res:
-                raise Exception("No alert found with ID {0}.".format(alert_id))
+                raise Code42AlertNotFoundError(alert_id)
             return res[0]
 
         def resolve_alert(self, id):
@@ -873,7 +873,7 @@ script:
         def get_user(self, username):
             res = self._get_sdk().users.get_by_username(username)["users"]
             if not res:
-                raise Exception("No user found with username {0}.".format(username))
+                raise Code42UserNotFoundError(username)
             return res[0]
 
         def create_user(self, org_name, username, email):
@@ -908,7 +908,7 @@ script:
                 for org in orgs:
                     if org.get("orgName") == org_name:
                         return org
-            raise Exception("No org found with name {0}.".format(org_name))
+            raise Code42OrgNotFoundError(org_name)
 
         def search_file_events(self, payload):
             res = self._get_sdk().securitydata.search_file_events(payload)
@@ -918,25 +918,39 @@ script:
             user_id = self.get_user(username).get("userUid")
             if user_id:
                 return user_id
-            raise Code42UserIDNotFoundError(username)
+            raise Code42UserNotFoundError(username)
 
         def _get_legacy_user_id(self, username):
             user_id = self.get_user(username).get("userId")
             if user_id:
                 return user_id
-            raise Code42UserIDNotFoundError(username)
+            raise Code42UserNotFoundError(username)
 
         def _get_org_id(self, org_name):
             org_uid = self.get_org(org_name).get("orgUid")
             if org_uid:
                 return org_uid
-            raise Exception("No organization ID found for organization with name {0}.".format(org_name))
+            raise Code42OrgNotFoundError(org_name)
 
 
-    class Code42UserIDNotFoundError(Exception):
+    class Code42AlertNotFoundError(Exception):
+        def __init__(self, alert_id):
+            super(Code42AlertNotFoundError, self).__init__(
+                "No alert found with ID {0}.".format(alert_id)
+            )
+
+
+    class Code42UserNotFoundError(Exception):
         def __init__(self, username):
-            super(Code42UserIDNotFoundError, self).__init__(
-                "No user ID found for username {0}.".format(username)
+            super(Code42UserNotFoundError, self).__init__(
+                "No user found with username {0}.".format(username)
+            )
+
+
+    class Code42OrgNotFoundError(Exception):
+        def __init__(self, org_name):
+            super(Code42OrgNotFoundError, self).__init__(
+                "No organization found with name {0}.".format(org_name)
             )
 
 

From 7af93fb55c65eef396fb12c28a3643e3fcddff73 Mon Sep 17 00:00:00 2001
From: Juliya Smith <juliya.smith@code42.com>
Date: Tue, 30 Jun 2020 23:07:07 +0000
Subject: [PATCH 24/24] Add links to image

---
 .../Playbooks/playbook-Code42_Change_Blocked_Status_README.md   | 2 +-
 .../Playbooks/playbook-Code42_Change_User_Activation_README.md  | 2 +-
 .../Playbooks/playbook-Code42_Create_User_Playbook_README.md    | 2 +-
 .../Playbooks/playbook-Code42_Exfiltration_Playbook_README.md   | 2 +-
 Packs/Code42/Playbooks/playbook-Code42_File_Search_README.md    | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status_README.md b/Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status_README.md
index 97617effeaed..85a73e984686 100644
--- a/Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status_README.md
+++ b/Packs/Code42/Playbooks/playbook-Code42_Change_Blocked_Status_README.md
@@ -30,4 +30,4 @@ There are no outputs for this playbook.
 
 ## Playbook Image
 ---
-![Code42 Change Blocked Status](Insert the link to your image here)
\ No newline at end of file
+![Code42 Change Blocked Status](../Integrations/Code42/Code42_image.png)
\ No newline at end of file
diff --git a/Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation_README.md b/Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation_README.md
index ccb4b7a59f26..b2f5151306ab 100644
--- a/Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation_README.md
+++ b/Packs/Code42/Playbooks/playbook-Code42_Change_User_Activation_README.md
@@ -30,4 +30,4 @@ There are no outputs for this playbook.
 
 ## Playbook Image
 ---
-![Code42 Change User Activation](Insert the link to your image here)
\ No newline at end of file
+![Code42 Change User Activation](../Integrations/Code42/Code42_image.png)
\ No newline at end of file
diff --git a/Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook_README.md b/Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook_README.md
index aa7c58362947..02e8452d243e 100644
--- a/Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook_README.md
+++ b/Packs/Code42/Playbooks/playbook-Code42_Create_User_Playbook_README.md
@@ -30,4 +30,4 @@ There are no outputs for this playbook.
 
 ## Playbook Image
 ---
-![Code42 Create User Playbook](Insert the link to your image here)
\ No newline at end of file
+![Code42 Create User Playbook](../Integrations/Code42/Code42_image.png)
\ No newline at end of file
diff --git a/Packs/Code42/Playbooks/playbook-Code42_Exfiltration_Playbook_README.md b/Packs/Code42/Playbooks/playbook-Code42_Exfiltration_Playbook_README.md
index d99283b652ad..c24562a01ecc 100644
--- a/Packs/Code42/Playbooks/playbook-Code42_Exfiltration_Playbook_README.md
+++ b/Packs/Code42/Playbooks/playbook-Code42_Exfiltration_Playbook_README.md
@@ -38,4 +38,4 @@ There are no outputs for this playbook.
 
 ## Playbook Image
 ---
-![Code42 Exfiltration Playbook](Insert the link to your image here)
\ No newline at end of file
+![Code42 Exfiltration Playbook](../Integrations/Code42/Code42_image.png)
\ No newline at end of file
diff --git a/Packs/Code42/Playbooks/playbook-Code42_File_Search_README.md b/Packs/Code42/Playbooks/playbook-Code42_File_Search_README.md
index fdc7ee39b468..4c7201673fe5 100644
--- a/Packs/Code42/Playbooks/playbook-Code42_File_Search_README.md
+++ b/Packs/Code42/Playbooks/playbook-Code42_File_Search_README.md
@@ -75,4 +75,4 @@ This playbook does not use any scripts.
 
 ## Playbook Image
 ---
-![Code42 File Search](Insert the link to your image here)
\ No newline at end of file
+![Code42 File Search](../Integrations/Code42/Code42_image.png)
\ No newline at end of file