/
InvestigationDetailedSummaryParse.yml
34 lines (34 loc) · 1.29 KB
/
InvestigationDetailedSummaryParse.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
args: []
comment: Parses attacks from context, and shows them according to the MITRE technique they use.
commonfields:
id: InvestigationDetailedSummaryParse
version: -1
enabled: false
name: InvestigationDetailedSummaryParse
outputs:
- contextPath: InvestigationDetailedSummary.Execution.Command and Scripting Interpreter
description: whether Command and Scripting Interpreter technique was detected
type: bool
- contextPath: InvestigationDetailedSummary.Privilege Escalation.Boot or Logon Autostart Execution
description: whether the Boot or Logon Autostart Execution technique was detected
type: bool
- contextPath: InvestigationDetailedSummary.Lateral Movement.Command and Scripting Interpreter
description: whether Indicator Removal on Host technique was detected
type: bool
- contextPath: InvestigationDetailedSummary.Defense Evasion.Remote Services
description: whether the Remote Services technique was detected
type: bool
- contextPath: InvestigationDetailedSummary.Persistence.Boot or Logon Autostart Execution
description: whether the Boot or Logon Autostart Execution technique was detected
type: bool
script: '-'
system: false
tags:
- basescript
timeout: '0'
type: python
subtype: python3
dockerimage: demisto/python3:3.10.10.48392
fromversion: 6.2.0
tests:
- No tests (auto formatted)