CIAC-9227 - 'Monday' [collection] new pack

Packs/Monday/.secrets-ignore

@@ -0,0 +1,6 @@
+https://test.monday.com
+https://api.monday.com
+debug_prefix=AUDIT_LOG_DEBUG_PREFIX
+https://auth.monday.com/oauth2/token
+https://localhost
+405000000

Packs/Monday/Integrations/MondayEventCollector/MondayEventCollector.yml

@@ -0,0 +1,116 @@
+category: Analytics & SIEM
+sectionOrder:
+- Connect
+- Collect
+commonfields:
+  id: MondayEventCollector
+  version: -1
+configuration:
+- display: Activity logs Server URL
+  defaultvalue: https://api.monday.com
+  name: activity_logs_url
+  required: false
+  type: 0
+  section: Connect
+- display: Client ID
+  name: client_id
+  type: 0
+  section: Connect
+  required: false
+- display: Client secret
+  name: secret
+  type: 9
+  section: Connect
+  required: false
+- display: Authorization code
+  name: auth_code
+  type: 9
+  section: Connect
+  required: false
+  additionalinfo: "The code received from the redirect URL after running the monday-generate-login-url command (needed for Activity Logs only)."
+- display: Board IDs
+  name: board_ids
+  required: false
+  additionalinfo: "Comma-separated list of board IDs (needed for Activity Logs only)."
+  type: 0
+  section: Connect
+- display: 'Events Fetch Interval'
+  defaultvalue: '1'
+  name: eventFetchInterval
+  type: 19
+  section: Collect
+  advanced: true
+  required: false
+- display: Maximum number of Activity Logs per board per fetch
+  defaultvalue: 10000
+  section: Collect
+  name: max_activity_logs_per_fetch
+  required: false
+  type: 0
+- display: Audit Server URL
+  name: audit_logs_url
+  required: false
+  type: 0
+  section: Connect
+- display: Audit API token
+  name: audit_token
+  type: 9
+  section: Connect
+  required: false
+  additionalinfo: "In the Admin section of your account, click the 'Security' section and then the 'Audit' tab. Select the 'Monitor by API' button."
+- display: Maximum number of Audit Logs per fetch
+  defaultvalue: 5000
+  section: Collect
+  name: max_audit_logs_per_fetch
+  required: false
+  type: 0
+- display: Fetch events
+  name: isFetchEvents
+  type: 8
+  section: Collect
+  required: false
+  defaultvalue: 'true'
+  hidden:
+  - xsoar
+- display: Event types
+  defaultvalue: 'Audit Logs,Activity Logs'
+  name: selected_event_types
+  type: 16
+  section: Collect
+  required: true
+  options:
+  - Audit Logs
+  - Activity Logs
+- display: Trust any certificate (not secure)
+  name: insecure
+  required: false
+  type: 8
+  section: Connect
+- display: Use system proxy settings
+  name: proxy
+  required: false
+  type: 8
+  section: Connect
+description: Collects Monday.com audit logs and activity events for Cortex XSIAM using OAuth 2.0 authentication.
+display: MondayEventCollector
+name: MondayEventCollector
+script:
+  commands:
+  - name: monday-generate-login-url
+    description: Generate the login url used for Authorization code flow.
+    arguments: []
+  - name: monday-auth-test
+    description: Run this command to test the connectivity to Monday.
+    arguments: []
+  dockerimage: demisto/python3:3.12.11.4508456
+  isfetchevents: true
+  runonce: false
+  script: '-'
+  subtype: python3
+  type: python
+marketplaces:
+- marketplacev2
+- platform
+fromversion: 8.3.0
+tests:
+- No tests (auto formatted)

Packs/Monday/Integrations/MondayEventCollector/MondayEventCollector_description.md

@@ -0,0 +1,26 @@
+### Activity log
+
+can be accessed using the OAuth [method](https://developer.monday.com/apps/docs/choosing-auth#method-2-using-oauth-to-issue-access-tokens).
+
+Create your Monday app [guidelines](https://developer.monday.com/apps/docs/create-an-app#creating-an-app-in-the-developer-center) and make sure the needed permissions are granted for the app registration:
+Required scope - boards:read 
+The Redirect URI - https://localhost.
+
+Enter your Client ID and Client Secret in the instance parameter fields.
+
+Run the ***!monday-generate-login-url*** command - command in the War Room and follow the instructions:
+
+To sign in, click the login URL and grant Cortex XSIAM permissions. You will be automatically redirected to a link with the following structure:
+REDIRECT_URI?code=AUTH_CODE&region=REGION&scope=boards%3Aread&state=
+
+Copy the AUTH_CODE (without the code= prefix) and paste it in your instance configuration under the Authorization code parameter.
+
+Save the instance.
+In the Playground, run the ***!monday-auth-test*** command. A 'Success' message is generated.
+
+### Audit log
+
+Generating the API token
+To generate the audit log API token, access the admin section of your account, click the "Security" section, and then the "Audit" tab. From there, select the "Monitor by API" button and copy it.
+
+Audit log is an advanced security feature and available on the Enterprise plan and can only be accessed by the account admin. [docs](https://support.monday.com/hc/en-us/articles/4406042650002-Audit-Log-API)