/
InvestigationSummaryParse.yml
70 lines (70 loc) · 3.22 KB
/
InvestigationSummaryParse.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
args: []
comment: Retrieves information from previously run reputation commands and aggregates their results.
commonfields:
id: InvestigationSummaryParse
version: -1
enabled: false
name: InvestigationSummaryParse
outputs:
- contextPath: InvestigationSummary.EvidenceOfPersistence.Tactic
description: The tactic associated with the evidence of persistence finding.
type: String
- contextPath: InvestigationSummary.EvidenceOfPersistence.Result
description: The result of the evidence of persistence finding.
type: String
- contextPath: InvestigationSummary.EvidenceOfPersistence.Sources
description: The sources by which the evidence of persistence value was set.
type: String
- contextPath: InvestigationSummary.EvidenceOfDefenseEvasion.Tactic
description: The tactic associated with the evidence of defense evasion finding.
type: String
- contextPath: InvestigationSummary.EvidenceOfDefenseEvasion.Result
description: The result of the evidence of persistence finding.
type: String
- contextPath: InvestigationSummary.EvidenceOfDefenseEvasion.Sources
description: The sources by which the evidence of defense evasion value was set.
type: String
- contextPath: InvestigationSummary.EvidenceOfExecution.Tactic
description: The tactic associated with the evidence of execution finding.
type: String
- contextPath: InvestigationSummary.EvidenceOfExecution.Result
description: The result of the evidence of execution finding.
type: String
- contextPath: InvestigationSummary.EvidenceOfExecution.Sources
description: The sources by which the evidence of execution value was set.
type: String
- contextPath: InvestigationSummary.EvidenceOfLateralMovement.Tactic
description: The tactic associated with the evidence of lateral movement finding.
type: String
- contextPath: InvestigationSummary.EvidenceOfLateralMovement.Result
description: The Result of the evidence of lateral movement finding.
type: String
- contextPath: InvestigationSummary.EvidenceOfLateralMovement.Sources
description: The sources by which the evidence of lateral movement value was set.
type: String
- contextPath: InvestigationSummary.EvidenceOfPrivilegeEscalation.Tactic
description: The tactic associated with the evidence of privilege escalation finding.
type: String
- contextPath: InvestigationSummary.EvidenceOfPrivilegeEscalation.Result
description: The result of the evidence of privilege escalation finding.
type: String
- contextPath: InvestigationSummary.EvidenceOfPrivilegeEscalation.Sources
description: The sources by which the evidence of privilege escalation value was set.
type: String
- contextPath: InvestigationSummary.EvidenceOfCommandAndControl.Tactic
description: The tactic associated with the evidence of command and control finding.
type: String
- contextPath: InvestigationSummary.EvidenceOfCommandAndControl.Result
description: The result of the evidence of command and control finding.
type: String
- contextPath: InvestigationSummary.EvidenceOfCommandAndControl.Sources
description: The sources by which the evidence of command and control value was set.
type: String
script: '-'
system: false
type: python
subtype: python3
dockerimage: demisto/python3:3.10.10.48392
fromversion: 6.2.0
tests:
- No tests (auto formatted)