Skip to content
This repository contains all Demisto content and from here we share content updates
Python Rich Text Format Other
Branch: master
Clone or download
idovandijk Phishing - Core - playbok + test fix (#4861)
* Fixed scheduled command that closes manual task

* Fixed an issue where Rasterize would attempt to run even if inactive

* Attempting to lower the frequency of cron job in order to prevent closing of a task before the time and preventing the test from closing successfully.
Latest commit b97029d Nov 12, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci changed git sha1 Nov 12, 2019
.github add tech writer review to pr template (#4373) Sep 12, 2019
.guardrails AD Query: fix error message with faulty server (#3338) Apr 11, 2019
.hooks Getting started setup (#4665) Oct 30, 2019
Beta_Integrations Added more commands and fixed some code review issues Sep 23, 2019
Classifiers clear RN Oct 29, 2019
Connections Add vt connections (#1742) Jul 2, 2018
Dashboards Added new SLA OOB content: (#2671) Jan 6, 2019
DockerImageFiles Fixes May 28, 2019
Documentation PowerShell content support (#4552) Nov 11, 2019
IncidentFields clear RN Nov 12, 2019
IncidentTypes clear RN Nov 12, 2019
IndicatorFields Small cleanup / fix for fields (#4298) Sep 3, 2019
Integrations Jsonwhois integration (#4078) Nov 12, 2019
Layouts clear RN Nov 12, 2019
Misc Revert "Regex and Formatting - url domain forwardslash (#4708)" Nov 10, 2019
Packs/CortexXDR clear RN Nov 12, 2019
Playbooks Phishing - Core - playbok + test fix (#4861) Nov 12, 2019
Releases Merge branch 'master' into qualys-add-scanner-name Nov 6, 2019
Reports change json format to new (#4685) Oct 29, 2019
Scripts Merge branch 'master' of github.com:demisto/content into clear_rn_19.… Nov 12, 2019
Templates lint fix (#4693) Oct 28, 2019
TestData moved test-data to package Aug 22, 2019
TestPlaybooks
Tests Phishing - Core - playbok + test fix (#4861) Nov 12, 2019
Tools Adding o365 with agent tools in new content update ready structure. P… Nov 20, 2016
Utils Merge pull request #4518 from demisto/fix-update_playbooks.py Oct 29, 2019
Widgets clear RN Nov 12, 2019
docs separate dockerimage for 4.5 and 5.0+ (#4803) Nov 11, 2019
.gitignore
.lgtm.yaml lgtm config. define test files (#4855) Nov 12, 2019
CODE_OF_CONDUCT.md Create CODE_OF_CONDUCT.md Feb 11, 2018
CONTRIBUTING.md fix links in content documentation pages (#4758) Nov 4, 2019
LICENSE Create LICENSE Nov 23, 2016
README.md fix links in content documentation pages (#4758) Nov 4, 2019
__init__.py OOP validate hook Feb 23, 2019
content-descriptor.json clear release notes Jun 25, 2019
content_creator.py fixed CR notes Nov 11, 2019
demisto_content_logo.png add logo Mar 5, 2018
dev-requirements-py2.txt Circle build: use virtual env (#4753) Nov 3, 2019
dev-requirements-py3.txt Circle build: use virtual env (#4753) Nov 3, 2019
package_creator.py fixed bug Nov 11, 2019
package_extractor.py Redlock improvements (#4571) Oct 14, 2019
release_notes.py
release_notes_clear.py add created files to git Aug 28, 2019
requirements.txt SecurityAdvisor1.0 (#4810) Nov 11, 2019
tox.ini Parse email raw to/from/cc headers (#3441) Apr 29, 2019

README.md

Content logo

CircleCI

Demisto Platform - Content Repository

This repo contains content provided by Demisto to automate and orchestrate your Security Operations. Here we will share our ever-growing list of playbooks, automation scripts, report templates and other useful content.

We security folks love to tinker, keep enhancing and sharpening our toolset and we decided to open up everything and make it a collaborative process for the entire security community. We want to create useful knowledge and build flexible, customizable tools, sharing them with each other as we go along.

We invite you to use the playbooks and scripts, modify them to suit your needs and see what works for you, get involved in the community discussion and of course remember to give back and contribute so that others can enjoy and learn from your hard work and build upon it to enhance it even further.

Playbooks

The Demisto Platform includes a visual playbook editor - you can add and modify tasks, create control flow according to answers returned by your queries, and automate everything with your existing security tools, services and products. You can also export your work to a file in the COPS format, and import playbooks shared by your peers who have done the same.

We will be releasing more and more playbooks for interesting scenarios, so stay tuned. If you are working on an interesting playbook of your own, feel free to send us a Pull Request and let's build it together.

The spec for our open playbook format, COPS, can be found here.

Scripts

These scripts written in Python or Javascript perform Security Operations tasks. The scripts are built to run inside the Demisto Platform - they can query or send commands to a long list of existing security products, and react based on the output.

You can take your logic and the way you want to work and write your own scripts, allowing for maximum flexibility. The services and products you use can be online Cloud-based or on-premises setups, and we have tools to support more complex topologies such as when the product's subnet is firewalled off.

Integrations

Integrations written in Javascript or Python enable the Demisto Platform to orchestrate security and IT products. Each integration provides capabilities in the form of commands and each command usually reflects a product capability (API) and returns both a human readable and computer readable response.

Creating an Integration

Let's look at Demisto and get started on your first integration.

Follow the steps here to learn about the Demisto IDE

Code Conventions

The Demisto Code Conventions will help you understand how we format our Integrations and some of the tips and tricks we have developed over the years.

Learn about the Demisto Code Conventions

Context and Outputs

The Demisto platform relies heavily on collecting data from various endpoints (integrations) and creating a "Context" for them. This allows customers to be able to use the data to perform various tasks they may need to accomplish.

Click here to learn about Context and Outputs

Context Standards

When we are working with data that is generic across all platforms, we format them according to our context standards. This helps integrations work interchangeably inside other playbooks.

Learn about our Context Standards here

Docker

In some cases, it will be necessary to create a docker image to enable your integration to run. When this happens, we must create a new docker image using the steps outlined here:

Create a Docker Image

Reports

Demisto Platform support flexible reports written in JSON. All of our standard reports calculating various incident statistics and metrics are stored in this repo.

Contributing Content

For instructions about adding/modifying playbooks and scripts please see our contributor guide.

Enjoy and feel free to reach out to us on the DFIR Community Slack channel, or at info@demisto.com

Release Notes

For information about content release notes conventions, refer to our release notes documentation.

Git configuration

Copy the pre-commit hook from .hooks to .git/hooks. Run the following command from the repository root:

cp .hooks/* .git/hooks

Documentation Directory

Link Description
Tutorial Video A step-by-step introduction to creating an integration
Getting Started A brief explanation of the Demisto IDE
Package directory Explanation of Python integration / automation script package directory structure
Code Conventions Our Code Conventions
Linting How to run linting on Demisto integrations/scripts
Unit Testing Explanation of How to Perform Unit Testing on Integrations/Scripts
Integration Parameter Types Description of the various integration parameter types
Context and Outputs Brief overview of Context and Outputs
Context Conventions Conventions for the Demisto Standard Context
Contributing How to contribute to the Content Repo
Creating Playbooks How to create a Playbook
DBot Score How the DBot Score works
Demisto Transform Language (DT) Understanding Demisto Transform Language (DT)
Docker How to use Docker
Fetching Incidents How to Fetch Incidents
Fetching Credentials How to Fetch Credentials
Integration Documentation How to generate documentation for an integration
YAML File Explanation of the Demisto YAML structure
Testing The Demisto Content Repo Testing Methods
CircleCI How we test using CircleCI
Mocks Explanation of how to test using mocked data
GenericPolling Playbook Explanation of how and when to use the GenericPolling playbook
You can’t perform that action at this time.