/
PICUS.yml
194 lines (194 loc) · 7.57 KB
/
PICUS.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
category: Network Security
commonfields:
id: PICUS
version: -1
configuration:
- additionalinfo: 'For example : https://192.168.100.100/'
defaultvalue: https://|HOST|
display: PICUS URL
name: server
required: true
type: 0
- additionalinfo: Picus Interface - SETTINGS - ADVANCED - API TOKEN - Generate and Show Token
display: API Key - Refresh Token
name: apikey
required: true
type: 4
- defaultvalue: "false"
display: Trust any certificate (not secure)
name: insecure
type: 8
required: false
- defaultvalue: "false"
display: Use system proxy settings
name: proxy
type: 8
required: false
description: Deprecated. Use PicusAutomation instead.
display: PICUS (Deprecated)
name: PICUS
deprecated: true
script:
commands:
- arguments:
- description: Result begin date
name: begin_date
required: true
- description: Result end date
name: end_date
required: true
- description: Victem Peer
name: trusted
required: true
- description: Attacker Peer
name: untrusted
required: true
description: 'Attack Result - Makes a comparison of the given vector''s results. Example Command: !picus-vector-compare begin_date=2020-01-20 end_date=2021-01-20 trusted=Trusted_Peer1 untrusted=Untrusted_Peer1'
name: picus-vector-compare
- arguments:
- auto: PREDEFINED
defaultValue: insecure
description: Attack results that should be filtered. Secure or Insecure
name: attack_result
predefined:
- secure
- insecure
required: true
- description: Threat release date filter start of the date range
name: begin_date
required: true
- defaultValue: "False"
description: 'Default: false - Process Results of Scenario Details have console output information which can be in large sizes so this data is disabled by default'
name: console_output_info
- description: "\t string Default: \"Today's date formatted YYYY-mm-dd\" Threat release date filter end of the date range if a begin date is given and end date not, default will be used"
name: end_date
required: true
- defaultValue: "null"
description: 'Default: "null" allowed time formats RFC822, RFC822Z, RFC1123, RFC1123Z, RFC850, RFC3339'
name: from_time
- defaultValue: "1"
description: 'Default: 1 Requested page number'
name: page
- default: true
defaultValue: "50"
description: 'Default: 50 Requested data size'
name: size
- description: '"threat_parameters": { "begin_date": "2018-10-29", "categories": [ [ "Malicious Code" ], [ "Attack Scenario", "Defense Evasion", "Indicator Removal from Tools" ] ],'
name: threat_parameters
- description: ' Array of objects (PeerPairParams) Vectors.(Trusted Peer)'
name: vector1
required: true
- description: ' Array of objects (PeerPairParams) Vectors.(Untrusted Peer)'
name: vector2
required: true
description: Returns the list of the attack results have optional parameters for pagination and filtration. \nExample Command:\n !picus-attack-result-list attack_result=insecure begin_date=2020-01-01 end_date=2020-09-05 vector1=Trusted-Peer1 vector2=Untrusted-Peer1
name: picus-attack-result-list
- arguments:
- description: CVE code of the threat to be filtered
name: cve
- description: The md5 of the threat
name: md5
- defaultValue: "1"
description: 'integer <int64> - Default: 1 Requested page number'
name: page
- description: SHA256 hash of the threat
name: sha256
- defaultValue: "50"
description: 'integer <int64> - Default: 50 Requested data size'
name: size
- description: integer <int64> PID of the threat
name: threat_id
required: true
description: 'Returns the list of the attack results of a single threat have optional parameters for pagination and filtration. Example Command: !picus-specific-threats-results threat_id=666059'
name: picus-specific-threats-results
- arguments: []
description: Returns the peer list with current statuses
name: picus-peer-list
- arguments:
- description: 'Example: threat_id=100682 PID of the threat'
name: threat_id
required: true
description: Schedules given attack on all possible vectors
name: picus-attack-all-vectors
- arguments:
- description: 'Example: threat_id=666059 PID of the threat'
name: threat_id
required: true
- description: 'Example: variant=HTTP'
name: variant
required: true
- description: 'Example: trusted=Trusted-Peer-Name Trusted peer name, if type is overall, it is not necessary'
name: vector1
required: true
- description: 'Example: untrusted=Untrusted-Peer-Name Untrusted peer name, if type is overall, it is not necessary'
name: vector2
required: true
description: Schedules a single attack on requested vector
name: picus-attack-single
- arguments: []
description: Triggers the update mechanism manually, returns if the update-command is taken successfully
name: picus-trigger-update
- arguments: []
description: Returns the current version and the update time config
name: picus-version
- arguments:
- description: Threat release date filter start of the date range
name: begin_date
required: true
- description: 'Default: "Today''s date formatted YYYY-mm-dd" Threat release date filter end of the date range if a begin date is given and end date not, default will be used'
name: end_date
required: true
- defaultValue: "1"
description: "integer <int64> Default: 1 Requested page number"
name: page
- auto: PREDEFINED
description: Array of strings - Products info of the mitigation
isArray: true
name: products
predefined:
- ""
- ""
required: true
- description: ID of the signature
name: signature_id
required: true
- defaultValue: "50"
description: "integer <int64> - Default: 50 Requested data size"
name: size
- description: integer <int64> - PID of the threat
name: threat_id
required: true
description: 'Returns the list of the mitigations of threats\nhave optional parameters for pagination and filtration, this route may not be used associated with your license. Example Command: !picus-mitigation-list begin_date=2021-01-01 end_date=2021-02-01 threat_id=528370 products="McAfee IPS" signature_id=0x40208a00'
name: picus-mitigation-list
- arguments: []
description: Returns the mitre matrix metadata takes no parameters
name: picus-mitre-matrix
- arguments:
- defaultValue: "100"
description: Size of Displayed Rule
name: size
- default: true
defaultValue: "1"
description: Page of Displayed Rule
name: page
description: Returns the list of the sigma rules of scenario actions have optional parameters for pagination and filtration, this route may not be used associated with your license
name: picus-sigma-rules-list
- arguments:
- defaultValue: "True"
description: boolean - Add vectors' assigned user details to the response
name: add_user_details
- defaultValue: "1"
description: 'Default: 1 Requested page number'
name: page
- defaultValue: "50"
description: 'Default: 50 Requested data size'
name: size
description: Returns the list of the vectors all disabled and enabled ones have optional parameters for pagination
name: picus-vector-list
dockerimage: demisto/python3:3.10.12.63474
script: ''
subtype: python3
type: python
fromversion: 6.0.0
tests:
- No tests (auto formatted)