-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
ZerohackXDR.yml
64 lines (64 loc) · 2.03 KB
/
ZerohackXDR.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
commonfields:
id: Zerohack XDR
version: -1
name: Zerohack XDR
display: Zerohack XDR
category: Network Security
description: The companion integration for Zerohack XDR. Current versions allow the user to collect data from the XDR and later versions will support data exfiltration to XDR.
configuration:
- display: Fetch incidents
name: isFetch
type: 8
required: false
- display: Incident type
name: incidentType
type: 13
required: false
- display: Maximum number of incidents per fetch
name: max_fetch
defaultvalue: "10"
type: 0
additionalinfo: This number determines how many incidents must be fetched with each API call. It is suggested you keep it below 100.
required: false
- display: Zerohack XDR API Key
name: apikey
type: 4
required: true
additionalinfo: This API key can be generated from your zerohack XDR account. Please ensure that you fill this field before you test the integration.
- display: First fetch time
name: first_fetch
defaultvalue: 1 day
type: 0
additionalinfo: This parameter decides how many old events you want to fetch when starting the integration.
required: false
- display: Trust any certificate (not secure)
name: insecure
type: 8
required: false
- display: Incidents Fetch Interval
name: incidentFetchInterval
defaultvalue: "1"
type: 19
required: true
- display: Minimum Severity
name: min_severity
defaultvalue: "4"
type: 0
required: true
additionalinfo: This parameter defines the lowest severity level (xdr) to use for fetching incidents.
script:
script: '-'
type: python
commands:
- name: zerohack-get-latest-incident
arguments:
- name: severity_level
required: true
description: The severity level helps in extracting latest incident of a specific severity.
description: Fetch a single incident of your choice of severity level to study the incidents structure before you start continously fecthing incidents.
dockerimage: demisto/python3:3.10.13.87159
isfetch: true
subtype: python3
fromversion: 5.0.0
tests:
- No tests (auto formatted)