/
get_incident_extra_data_new_status.json
100 lines (100 loc) · 4.01 KB
/
get_incident_extra_data_new_status.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
{
"reply": {
"incidents":
[
{
"incident": {
"incident_id": "2",
"creation_time": 1575806909185,
"modification_time": 1575813875168,
"detection_time": null,
"status": "new",
"severity": "medium",
"description": "'Local Analysis Malware' generated by XDR Agent detected on host BBBBB involving user Administrator",
"assigned_user_mail": null,
"assigned_user_pretty_name": null,
"alert_count": 1,
"low_severity_alert_count": 0,
"med_severity_alert_count": 1,
"high_severity_alert_count": 0,
"user_count": 1,
"host_count": 1,
"notes": null,
"resolve_comment": null,
"manual_severity": null,
"manual_description": null,
"xdr_url": "https://demisto.hello.com/incident-view/1",
"starred": false
},
"alerts": {
"total_count": 1,
"data": [
{
"alert_id": "1",
"detection_timestamp": 1575806904222,
"source": "XDR Agent",
"severity": "medium",
"name": "Local Analysis Malware",
"category": "Malware",
"action": "BLOCKED",
"action_pretty": "Prevented (Blocked)",
"description": "Suspicious executable detected",
"host_ip": "1.1.1.1.",
"host_name": "AAAAAA",
"user_name": "Administrator",
"event_type": "Process Execution",
"actor_process_image_name": "wildfire-test-pe-file.exe",
"actor_process_command_line": "\"C:\\Users\\Administrator\\Downloads\\wildfire-test-pe-file.exe\"",
"actor_process_signature_status": "N/A",
"actor_process_signature_vendor": "N/A",
"causality_actor_process_image_name": null,
"causality_actor_process_command_line": null,
"causality_actor_process_signature_status": "N/A",
"causality_actor_process_signature_vendor": "N/A",
"causality_actor_causality_id": null,
"action_process_image_name": null,
"action_process_image_command_line": null,
"action_process_image_sha256": null,
"action_process_signature_status": "N/A",
"action_process_signature_vendor": "N/A",
"action_file_path": null,
"action_file_md5": null,
"action_file_sha256": null,
"action_registry_data": null,
"action_registry_full_key": null,
"action_local_ip": null,
"action_local_port": null,
"action_remote_ip": null,
"action_remote_port": null,
"action_external_hostname": null,
"fw_app_id": null,
"is_whitelisted": "No",
"starred": false
}
]
},
"network_artifacts": {
"total_count": 0,
"data": []
},
"file_artifacts": {
"total_count": 1,
"data": [
{
"type": "HASH",
"alert_count": 1,
"is_manual": false,
"is_malicious": false,
"is_process": true,
"file_name": "wildfire-test-pe-file.exe",
"file_sha256": "8d5aec85593c85ecdc8d5ac601e163a1cc26d877f88c03e9e0e94c9dd4a38fca",
"file_signature_status": "SIGNATURE_UNAVAILABLE",
"file_signature_vendor_name": null,
"file_wildfire_verdict": "UNKNOWN"
}
]
}
}
]
}
}