/
HYASProtect.yml
executable file
·130 lines (130 loc) · 4.16 KB
/
HYASProtect.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
category: Data Enrichment & Threat Intelligence
commonfields:
id: HYAS Protect
version: -1
configuration:
- display: HYAS Protect Api Key
name: X-API-Key
required: true
type: 4
- display: Trust any certificate (not secure)
name: insecure
type: 8
required: false
- display: Use system proxy settings
name: proxy
type: 8
required: false
description: Use the HYAS Protect integration to get the verdict information for FQDN, IP Address and NameServer – either as playbook tasks or through API calls in the War Room.
display: HYAS Protect
name: HYAS Protect
script:
commands:
- arguments:
- description: Domain value to query.
name: domain
required: true
description: Returns verdict information for the provided Domain.
name: hyas-get-domain-verdict
outputs:
- contextPath: DBotScore.Indicator
description: The indicator that was tested.
type: String
- contextPath: DBotScore.Score
description: The actual score.
type: Number
- contextPath: DBotScore.Type
description: The indicator type.
type: String
- contextPath: DBotScore.Vendor
description: The vendor used to calculate the indicator score.
type: String
- contextPath: HYAS.DomainVerdict.verdict
description: Verdict for the provided Domain.
type: String
- contextPath: HYAS.DomainVerdict.reasons
description: Verdict Reasons the provided Domain.
type: Unknown
- arguments:
- description: IP value to query.
name: ip
required: true
description: Returns verdict information for the provided IP Address.
name: hyas-get-ip-verdict
outputs:
- contextPath: DBotScore.Indicator
description: The indicator that was tested.
type: String
- contextPath: DBotScore.Score
description: The actual score.
type: Number
- contextPath: DBotScore.Type
description: The indicator type.
type: String
- contextPath: DBotScore.Vendor
description: The vendor used to calculate the indicator score.
type: String
- contextPath: HYAS.IPVerdict.verdict
description: Verdict for the provided IP Address.
type: String
- contextPath: HYAS.IPVerdict.reasons
description: Verdict Reasons for the provided IP Address.
type: Unknown
- arguments:
- description: FQDN value to query.
name: fqdn
required: true
description: Returns verdict information for the provided FQDN.
name: hyas-get-fqdn-verdict
outputs:
- contextPath: DBotScore.Indicator
description: The indicator that was tested.
type: String
- contextPath: DBotScore.Score
description: The actual score.
type: Number
- contextPath: DBotScore.Type
description: The indicator type.
type: String
- contextPath: DBotScore.Vendor
description: The vendor used to calculate the indicator score.
type: String
- contextPath: HYAS.FQDNVerdict.verdict
description: Verdict for for the provided FQDN.
type: String
- contextPath: HYAS.FQDNVerdict.reasons
description: Verdict Reasons for the provided FQDN.
type: Unknown
- arguments:
- description: Nameserver value to query.
name: nameserver
required: true
description: Returns verdict information for the provided Nameserver.
name: hyas-get-nameserver-verdict
outputs:
- contextPath: DBotScore.Indicator
description: The indicator that was tested.
type: String
- contextPath: DBotScore.Score
description: The actual score.
type: Number
- contextPath: DBotScore.Type
description: The indicator type.
type: String
- contextPath: DBotScore.Vendor
description: The vendor used to calculate the indicator score.
type: String
- contextPath: HYAS.NameserverVerdict.verdict
description: Verdict for the provided Nameserver.
type: String
- contextPath: HYAS.NameserverVerdict.reasons
description: Verdict Reasons for the provided Nameserver.
type: Unknown
dockerimage: demisto/python3:3.10.13.80014
runonce: false
script: '-'
subtype: python3
type: python
fromversion: 6.0.0
tests:
- No tests (auto formatted)