-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
StixCreator.yml
47 lines (47 loc) · 1.81 KB
/
StixCreator.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
commonfields:
id: StixCreator
version: -1
name: StixCreator
script: ''
type: python
tags: []
comment: Gets a list of indicators from the indicators argument, and generates a JSON file in STIX 2.0 format.
enabled: true
args:
- name: indicators
required: true
description: A JSON object of all indicators and their fields, indicator index mapped to XSOAR common indicator fields. Indicator keys that don't match the XSOAR common indicator names are also supported, if their key contains a common indicator name (e.g. "special-ip" will be mapped to ip), or their value matches the expected indicator value (e.g. 8.8.8.8 for ip).
- name: doubleBackslash
default: true
description: Adds a second backslash to all existing backslashes in the value field.
defaultValue: "true"
outputs:
- contextPath: StixExportedIndicators.created
description: The date/time that the indicator was created.
type: date
- contextPath: StixExportedIndicators.firstSeen
description: The date/time that the indicator was first seen.
type: date
- contextPath: StixExportedIndicators.source
description: The source system for this indicator.
type: string
- contextPath: StixExportedIndicators.type
description: The STIX type (always exported as "indicator").
type: string
- contextPath: StixExportedIndicators.pattern
description: ' The type and value of indicators, for example: URL, IPv4, domain,email, and so on. '
type: string
- contextPath: StixExportedIndicators.score
description: The STIX impact score ("High", "Medium", "None", or "Not Specified")
type: string
- contextPath: StixExportedIndicators.modified
description: The date/time that the indicator was last seen.
type: date
scripttarget: 0
runonce: false
dockerimage: demisto/py3-tools:1.0.0.58222
subtype: python3
runas: DBotWeakRole
tests:
- StixCreator-Test
fromversion: 5.0.0