Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
* add rawJSON field to incidents * release notes * update docker image tag * nit * fetching incident details * mapper + incident fields * remove incorrect incident field files * new incident field files, new mapper * sdk validate command changes * update release noteS * validation errors * fix validation errors * undo release notes changes * undo release notes change * undo release notes * undo release notes * undo release notes * nit * new release notes * remove playbook id * update docker image tag * revert release notes * revert RN * nit- remove filters used for testing * add details field to threats * remove try/except blocks * changing version * Update Abnormal_Security_Custom_Incident_types.json change from version * nit - remove changes used for demo * updating docker image * update docker image tag --------- Co-authored-by: William Olyslager <wolyslager@abnormalsecurity.com> Co-authored-by: sapirshuker <sshuker@paloaltonetworks.com> Co-authored-by: Sapir Shuker <49246861+sapirshuker@users.noreply.github.com>
- Loading branch information
1 parent
052aa61
commit 2515b8b
Showing
63 changed files
with
2,068 additions
and
16 deletions.
There are no files selected for viewing
172 changes: 172 additions & 0 deletions
172
Packs/AbnormalSecurity/Classifiers/classifier-Abnormal_Security_Mapper.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,172 @@ | ||
{ | ||
"description": "", | ||
"feed": false, | ||
"id": "Abnormal Security - Incoming Mapper", | ||
"mapping": { | ||
"AbnormalSecurity": { | ||
"dontMapEventToLabels": true, | ||
"internalMapping": { | ||
"Abnormal Security Abuse Campaign Attack Type": { | ||
"simple": "attackType" | ||
}, | ||
"Abnormal Security Abuse Campaign First Reported": { | ||
"simple": "firstReported" | ||
}, | ||
"Abnormal Security Abuse Campaign From Address": { | ||
"simple": "fromAddress" | ||
}, | ||
"Abnormal Security Abuse Campaign From Name": { | ||
"simple": "fromName" | ||
}, | ||
"Abnormal Security Abuse Campaign ID": { | ||
"simple": "campaignId" | ||
}, | ||
"Abnormal Security Abuse Campaign Judgement Status": { | ||
"simple": "judgementStatus" | ||
}, | ||
"Abnormal Security Abuse Campaign Last Reported": { | ||
"simple": "lastReported" | ||
}, | ||
"Abnormal Security Abuse Campaign Message ID": { | ||
"simple": "messageId" | ||
}, | ||
"Abnormal Security Abuse Campaign Overall Status": { | ||
"simple": "overallStatus" | ||
}, | ||
"Abnormal Security Abuse Campaign Recipient Address": { | ||
"simple": "recipientAddress" | ||
}, | ||
"Abnormal Security Abuse Campaign Recipient Name": { | ||
"simple": "recipientName" | ||
}, | ||
"Abnormal Security Abuse Campaign Subject": { | ||
"simple": "subject" | ||
}, | ||
"Abnormal Security Affected Employee": { | ||
"simple": "affectedEmployee" | ||
}, | ||
"Abnormal Security Analysis": { | ||
"simple": "analysis" | ||
}, | ||
"Abnormal Security Attachment Count": { | ||
"simple": "messages.attachmentCount" | ||
}, | ||
"Abnormal Security Attachment Names": { | ||
"simple": "messages.attachmentNames" | ||
}, | ||
"Abnormal Security Attack Strategy": { | ||
"simple": "messages.attackStrategy" | ||
}, | ||
"Abnormal Security Attack Type": { | ||
"simple": "messages.attackType" | ||
}, | ||
"Abnormal Security Attack Vector": { | ||
"simple": "messages.attackVector" | ||
}, | ||
"Abnormal Security Attacked Party": { | ||
"simple": "messages.attackedParty" | ||
}, | ||
"Abnormal Security Auto Remediated": { | ||
"simple": "messages.autoRemediated" | ||
}, | ||
"Abnormal Security CC Emails": { | ||
"simple": "messages.ccEmails" | ||
}, | ||
"Abnormal Security Case ID": { | ||
"simple": "caseId" | ||
}, | ||
"Abnormal Security Case Status": { | ||
"simple": "case_status" | ||
}, | ||
"Abnormal Security Customer Visible Time": { | ||
"simple": "customerVisibleTime" | ||
}, | ||
"Abnormal Security First Observed Time": { | ||
"simple": "firstObserved" | ||
}, | ||
"Abnormal Security From Address": { | ||
"simple": "messages.fromAddress" | ||
}, | ||
"Abnormal Security From Name": { | ||
"simple": "messages.fromName" | ||
}, | ||
"Abnormal Security Impersonated Party": { | ||
"simple": "messages.impersonatedParty" | ||
}, | ||
"Abnormal Security Internet Message ID": { | ||
"simple": "messages.internetMessageId" | ||
}, | ||
"Abnormal Security Is Read": { | ||
"simple": "messages.isRead" | ||
}, | ||
"Abnormal Security Message ID": { | ||
"simple": "messages.abxMessageId" | ||
}, | ||
"Abnormal Security Portal URL": { | ||
"simple": "messages.abxPortalUrl" | ||
}, | ||
"Abnormal Security Post Remediated": { | ||
"simple": "messages.postRemediated" | ||
}, | ||
"Abnormal Security Received Time": { | ||
"simple": "messages.receivedTime" | ||
}, | ||
"Abnormal Security Recipient Address": { | ||
"simple": "messages.recipientAddress" | ||
}, | ||
"Abnormal Security Remediation Status": { | ||
"simple": "messages.remediationStatus" | ||
}, | ||
"Abnormal Security Remediation Timestamp": { | ||
"simple": "messages.remediationTimestamp" | ||
}, | ||
"Abnormal Security Reply To Emails": { | ||
"simple": "messages.replyToEmails" | ||
}, | ||
"Abnormal Security Return Path": { | ||
"simple": "messages.returnPath" | ||
}, | ||
"Abnormal Security Sender Domain": { | ||
"simple": "messages.senderDomain" | ||
}, | ||
"Abnormal Security Sender IP Address": { | ||
"simple": "messages.senderIpAddress" | ||
}, | ||
"Abnormal Security Sent Time": { | ||
"simple": "messages.sentTime" | ||
}, | ||
"Abnormal Security Severity": { | ||
"simple": "severity" | ||
}, | ||
"Abnormal Security Severity Level": { | ||
"simple": "severity_level" | ||
}, | ||
"Abnormal Security Subject": { | ||
"simple": "messages.subject" | ||
}, | ||
"Abnormal Security Summary Insights": { | ||
"simple": "messages.summaryInsights" | ||
}, | ||
"Abnormal Security Threat ID": { | ||
"simple": "messages.threatId" | ||
}, | ||
"Abnormal Security Threat IDs": { | ||
"simple": "threatIds" | ||
}, | ||
"Abnormal Security To Addresses": { | ||
"simple": "messages.toAddresses" | ||
}, | ||
"Abnormal Security Url Count": { | ||
"simple": "messages.urlCount" | ||
}, | ||
"URLs": { | ||
"simple": "messages.urls" | ||
} | ||
} | ||
} | ||
}, | ||
"name": "Abnormal Security - Incoming Mapper", | ||
"type": "mapping-incoming", | ||
"version": -1, | ||
"fromVersion": "6.0.0" | ||
} |
31 changes: 31 additions & 0 deletions
31
...lSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Attack_Type.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
{ | ||
"id": "incident_abnormalsecurityabusecampaignattacktype", | ||
"version": -1, | ||
"modified": "2023-11-21T13:08:49.422094213Z", | ||
"name": "Abnormal Security Abuse Campaign Attack Type", | ||
"ownerOnly": false, | ||
"cliName": "abnormalsecurityabusecampaignattacktype", | ||
"type": "shortText", | ||
"closeForm": false, | ||
"editForm": true, | ||
"required": false, | ||
"neverSetAsRequired": false, | ||
"isReadOnly": false, | ||
"useAsKpi": false, | ||
"locked": false, | ||
"system": false, | ||
"content": true, | ||
"group": 0, | ||
"hidden": false, | ||
"openEnded": false, | ||
"associatedTypes": [ | ||
"AbnormalSecurity" | ||
], | ||
"associatedToAll": false, | ||
"unmapped": false, | ||
"unsearchable": true, | ||
"caseInsensitive": true, | ||
"sla": 0, | ||
"threshold": 72, | ||
"fromVersion": "6.0.0" | ||
} |
31 changes: 31 additions & 0 deletions
31
...curity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_First_Reported.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
{ | ||
"id": "incident_abnormalsecurityabusecampaignfirstreported", | ||
"version": -1, | ||
"modified": "2023-11-21T13:05:22.276839408Z", | ||
"name": "Abnormal Security Abuse Campaign First Reported", | ||
"ownerOnly": false, | ||
"cliName": "abnormalsecurityabusecampaignfirstreported", | ||
"type": "shortText", | ||
"closeForm": false, | ||
"editForm": true, | ||
"required": false, | ||
"neverSetAsRequired": false, | ||
"isReadOnly": false, | ||
"useAsKpi": false, | ||
"locked": false, | ||
"system": false, | ||
"content": true, | ||
"group": 0, | ||
"hidden": false, | ||
"openEnded": false, | ||
"associatedTypes": [ | ||
"AbnormalSecurity" | ||
], | ||
"associatedToAll": false, | ||
"unmapped": false, | ||
"unsearchable": true, | ||
"caseInsensitive": true, | ||
"sla": 0, | ||
"threshold": 72, | ||
"fromVersion": "6.0.0" | ||
} |
31 changes: 31 additions & 0 deletions
31
...Security/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_From_Address.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
{ | ||
"id": "incident_abnormalsecurityabusecampaignfromaddress", | ||
"version": -1, | ||
"modified": "2023-11-21T13:06:55.200764198Z", | ||
"name": "Abnormal Security Abuse Campaign From Address", | ||
"ownerOnly": false, | ||
"cliName": "abnormalsecurityabusecampaignfromaddress", | ||
"type": "shortText", | ||
"closeForm": false, | ||
"editForm": true, | ||
"required": false, | ||
"neverSetAsRequired": false, | ||
"isReadOnly": false, | ||
"useAsKpi": false, | ||
"locked": false, | ||
"system": false, | ||
"content": true, | ||
"group": 0, | ||
"hidden": false, | ||
"openEnded": false, | ||
"associatedTypes": [ | ||
"AbnormalSecurity" | ||
], | ||
"associatedToAll": false, | ||
"unmapped": false, | ||
"unsearchable": true, | ||
"caseInsensitive": true, | ||
"sla": 0, | ||
"threshold": 72, | ||
"fromVersion": "6.0.0" | ||
} |
31 changes: 31 additions & 0 deletions
31
...malSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_From_Name.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
{ | ||
"id": "incident_abnormalsecurityabusecampaignfromname", | ||
"version": -1, | ||
"modified": "2023-11-21T13:06:39.326960647Z", | ||
"name": "Abnormal Security Abuse Campaign From Name", | ||
"ownerOnly": false, | ||
"cliName": "abnormalsecurityabusecampaignfromname", | ||
"type": "shortText", | ||
"closeForm": false, | ||
"editForm": true, | ||
"required": false, | ||
"neverSetAsRequired": false, | ||
"isReadOnly": false, | ||
"useAsKpi": false, | ||
"locked": false, | ||
"system": false, | ||
"content": true, | ||
"group": 0, | ||
"hidden": false, | ||
"openEnded": false, | ||
"associatedTypes": [ | ||
"AbnormalSecurity" | ||
], | ||
"associatedToAll": false, | ||
"unmapped": false, | ||
"unsearchable": true, | ||
"caseInsensitive": true, | ||
"sla": 0, | ||
"threshold": 72, | ||
"fromVersion": "6.0.0" | ||
} |
31 changes: 31 additions & 0 deletions
31
...s/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_ID.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
{ | ||
"id": "incident_abnormalsecurityabusecampaignid", | ||
"version": -1, | ||
"modified": "2023-11-21T13:05:02.620809663Z", | ||
"name": "Abnormal Security Abuse Campaign ID", | ||
"ownerOnly": false, | ||
"cliName": "abnormalsecurityabusecampaignid", | ||
"type": "shortText", | ||
"closeForm": false, | ||
"editForm": true, | ||
"required": false, | ||
"neverSetAsRequired": false, | ||
"isReadOnly": false, | ||
"useAsKpi": false, | ||
"locked": false, | ||
"system": false, | ||
"content": true, | ||
"group": 0, | ||
"hidden": false, | ||
"openEnded": false, | ||
"associatedTypes": [ | ||
"AbnormalSecurity" | ||
], | ||
"associatedToAll": false, | ||
"unmapped": false, | ||
"unsearchable": true, | ||
"caseInsensitive": true, | ||
"sla": 0, | ||
"threshold": 72, | ||
"fromVersion": "6.0.0" | ||
} |
31 changes: 31 additions & 0 deletions
31
...rity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Judgement_Status.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
{ | ||
"id": "incident_abnormalsecurityabusecampaignjudgementstatus", | ||
"version": -1, | ||
"modified": "2023-11-21T13:08:10.092998231Z", | ||
"name": "Abnormal Security Abuse Campaign Judgement Status", | ||
"ownerOnly": false, | ||
"cliName": "abnormalsecurityabusecampaignjudgementstatus", | ||
"type": "shortText", | ||
"closeForm": false, | ||
"editForm": true, | ||
"required": false, | ||
"neverSetAsRequired": false, | ||
"isReadOnly": false, | ||
"useAsKpi": false, | ||
"locked": false, | ||
"system": false, | ||
"content": true, | ||
"group": 0, | ||
"hidden": false, | ||
"openEnded": false, | ||
"associatedTypes": [ | ||
"AbnormalSecurity" | ||
], | ||
"associatedToAll": false, | ||
"unmapped": false, | ||
"unsearchable": true, | ||
"caseInsensitive": true, | ||
"sla": 0, | ||
"threshold": 72, | ||
"fromVersion": "6.0.0" | ||
} |
Oops, something went wrong.