-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
KnowBe4KMSATEventCollector.yml
129 lines (129 loc) · 4.04 KB
/
KnowBe4KMSATEventCollector.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
category: Analytics & SIEM
sectionOrder:
- Connect
- Collect
commonfields:
id: KnowBe4 KMSAT Event Collector
version: -1
configuration:
- defaultvalue: https://api.events.knowbe4.com
display: Your server URL
name: url
required: true
type: 15
options:
- https://api.events.knowbe4.com
- https://api-eu.events.knowbe4.com
section: Connect
- displaypassword: API Key
additionalinfo: The API Key to use for connection.
name: credentials
required: true
hiddenusername: true
type: 9
section: Connect
- additionalinfo: The time range to consider for the initial data fetch. (<number> <unit>, e.g., 2 days, 2 months, 2 years). Default is 1 day.
defaultvalue: 1 day
display: First fetch time interval
name: first_fetch
type: 0
section: Collect
required: false
- additionalinfo: The fetch interval. It is recommended to set it to 5 hours as there are not many events for this API and there's an api-calls daily-limit for the basic API key.
defaultvalue: 300
display: Events Fetch Interval
name: eventFetchInterval
type: 19
section: Collect
advanced: true
required: false
- display: Trust any certificate (not secure)
name: insecure
type: 8
section: Connect
advanced: true
required: false
- display: Use system proxy settings
name: proxy
type: 8
section: Connect
advanced: true
required: false
description: KnowBe4_KMSAT allows you to push and pull your external data to and from the KnowBe4 console.
display: 'KnowBe4 KMSAT Event Collector'
name: KnowBe4 KMSAT Event Collector
script:
commands:
- description: Manual command to fetch and display events.
name: kms-get-events
arguments:
- name: occurred_date
description: Filter by the date the event occurred (YYYY-MM-DD).
- name: risk_level
description: Filter by the risk level by entering a value from -10 (low risk) to 10 (high risk).
- name: per_page
description: The number of results to display per page. The maximum and default is 100.
- name: page
description: The results page to display.
- auto: PREDEFINED
defaultValue: 'False'
description: Set this argument to True in order to create events, otherwise the command will only display them. If setting to 'False', the returned events will be lost.
name: should_push_events
predefined:
- 'True'
- 'False'
required: true
outputs:
- contextPath: KMSat.Event.id
description: Event ID.
type: Number
- contextPath: KMSat.Event.user.email
description: The target mail for this event.
type: String
- contextPath: KMSat.Event.user.id
description: The ID of the user the event is targeted to.
type: Number
- contextPath: KMSat.Event.user.archived
description: Whether the user is archived or not.
type: Boolean
- contextPath: KMSat.Event.external_id
description: The event's external ID.
type: String
- contextPath: KMSat.Event.source
description: The source of the event.
type: String
- contextPath: KMSat.Event.description
description: The event description.
type: String
- contextPath: KMSat.Event.occurred_date
description: The date the event occurred.
type: String
- contextPath: KMSat.Event.risk.level
description: The event's risk level.
type: Number
- contextPath: KMSat.Event.risk.factor
description: The event's risk factor.
type: Number
- contextPath: KMSat.Event.risk.decay_mode
description: The risk's decay mode.
type: String
- contextPath: KMSat.Event.risk.expire_date
description: The event's expiration date.
type: String
- contextPath: KMSat.Event.event_type.id
description: The ID of the event type.
type: Number
- contextPath: KMSat.Event.event_type.name
description: The name of the event type.
type: String
runonce: false
script: '-'
type: python
subtype: python3
dockerimage: demisto/python3:3.10.13.77674
isfetchevents: true
fromversion: 6.8.0
tests:
- No tests (auto formatted)
marketplaces:
- marketplacev2