/
DragosWorldview.yml
88 lines (88 loc) · 2.33 KB
/
DragosWorldview.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
category: Data Enrichment & Threat Intelligence
commonfields:
id: Dragos Worldview
version: -1
configuration:
- defaultvalue: https://portal.dragos.com
display: Server URL (e.g. https://portal.dragos.com)
name: url
required: true
type: 0
- display: API Token
name: apitoken
required: true
type: 4
- display: API Key
name: apikey
required: true
type: 4
- defaultvalue: 3 days
display: First fetch time
name: first_fetch
type: 0
- display: Trust any certificate (not secure)
name: insecure
type: 8
- display: Use system proxy settings
name: proxy
type: 8
- defaultvalue: '1'
display: Incidents Fetch Interval
name: incidentFetchInterval
type: 19
- additionalinfo: The Traffic Light Protocol (TLP) designation to apply to indicators
display: Traffic Light Protocol Color
name: tlp_color
options:
- RED
- AMBER
- GREEN
- WHITE
type: 15
- display: Fetch incidents
name: isFetch
type: 8
- display: Incident type
name: incidentType
type: 13
- defaultvalue: '50'
display: Fetch Limit
name: max_fetch
type: 0
description: 'Custom integration designed to pull in reports from the Dragos Worldview API as incidents '
display: Dragos Worldview
name: Dragos Worldview
script:
commands:
- arguments:
- description: Report serial number to get indicators from, if no serial number provided command will retrieve all indicators from the last 48 hours
name: serial
description: Get Indicators from the Dragos WorldView API
name: dragos-get-indicators
- arguments:
- description: Serial number for the report to retrieve
name: serial
required: true
description: Get the report file from the given serial number
name: dragos-get-full-report
- arguments:
- description: Serial number of the report from which to get the file
name: serial
required: true
description: Get csv file with indicators from a given report
name: dragos-get-ioc-csv
- arguments:
- description: Serial number of the report from which to retrieve the file
name: serial
required: true
description: Get the stix2 json bundle of indicators from a given report
name: dragos-get-stix2
dockerimage: demisto/python3:3.10.12.63474
isFetchSamples: true
isfetch: true
script: ''
subtype: python3
type: python
fromversion: 6.2.0
tests:
- No tests (auto formatted)