diff --git a/Packs/AbnormalSecurity/Classifiers/classifier-Abnormal_Security_Mapper.json b/Packs/AbnormalSecurity/Classifiers/classifier-Abnormal_Security_Mapper.json new file mode 100644 index 000000000000..f543b4a34b90 --- /dev/null +++ b/Packs/AbnormalSecurity/Classifiers/classifier-Abnormal_Security_Mapper.json @@ -0,0 +1,172 @@ +{ + "description": "", + "feed": false, + "id": "Abnormal Security - Incoming Mapper", + "mapping": { + "AbnormalSecurity": { + "dontMapEventToLabels": true, + "internalMapping": { + "Abnormal Security Abuse Campaign Attack Type": { + "simple": "attackType" + }, + "Abnormal Security Abuse Campaign First Reported": { + "simple": "firstReported" + }, + "Abnormal Security Abuse Campaign From Address": { + "simple": "fromAddress" + }, + "Abnormal Security Abuse Campaign From Name": { + "simple": "fromName" + }, + "Abnormal Security Abuse Campaign ID": { + "simple": "campaignId" + }, + "Abnormal Security Abuse Campaign Judgement Status": { + "simple": "judgementStatus" + }, + "Abnormal Security Abuse Campaign Last Reported": { + "simple": "lastReported" + }, + "Abnormal Security Abuse Campaign Message ID": { + "simple": "messageId" + }, + "Abnormal Security Abuse Campaign Overall Status": { + "simple": "overallStatus" + }, + "Abnormal Security Abuse Campaign Recipient Address": { + "simple": "recipientAddress" + }, + "Abnormal Security Abuse Campaign Recipient Name": { + "simple": "recipientName" + }, + "Abnormal Security Abuse Campaign Subject": { + "simple": "subject" + }, + "Abnormal Security Affected Employee": { + "simple": "affectedEmployee" + }, + "Abnormal Security Analysis": { + "simple": "analysis" + }, + "Abnormal Security Attachment Count": { + "simple": "messages.attachmentCount" + }, + "Abnormal Security Attachment Names": { + "simple": "messages.attachmentNames" + }, + "Abnormal Security Attack Strategy": { + "simple": "messages.attackStrategy" + }, + "Abnormal Security Attack Type": { + "simple": "messages.attackType" + }, + "Abnormal Security Attack Vector": { + "simple": "messages.attackVector" + }, + "Abnormal Security Attacked Party": { + "simple": "messages.attackedParty" + }, + "Abnormal Security Auto Remediated": { + "simple": "messages.autoRemediated" + }, + "Abnormal Security CC Emails": { + "simple": "messages.ccEmails" + }, + "Abnormal Security Case ID": { + "simple": "caseId" + }, + "Abnormal Security Case Status": { + "simple": "case_status" + }, + "Abnormal Security Customer Visible Time": { + "simple": "customerVisibleTime" + }, + "Abnormal Security First Observed Time": { + "simple": "firstObserved" + }, + "Abnormal Security From Address": { + "simple": "messages.fromAddress" + }, + "Abnormal Security From Name": { + "simple": "messages.fromName" + }, + "Abnormal Security Impersonated Party": { + "simple": "messages.impersonatedParty" + }, + "Abnormal Security Internet Message ID": { + "simple": "messages.internetMessageId" + }, + "Abnormal Security Is Read": { + "simple": "messages.isRead" + }, + "Abnormal Security Message ID": { + "simple": "messages.abxMessageId" + }, + "Abnormal Security Portal URL": { + "simple": "messages.abxPortalUrl" + }, + "Abnormal Security Post Remediated": { + "simple": "messages.postRemediated" + }, + "Abnormal Security Received Time": { + "simple": "messages.receivedTime" + }, + "Abnormal Security Recipient Address": { + "simple": "messages.recipientAddress" + }, + "Abnormal Security Remediation Status": { + "simple": "messages.remediationStatus" + }, + "Abnormal Security Remediation Timestamp": { + "simple": "messages.remediationTimestamp" + }, + "Abnormal Security Reply To Emails": { + "simple": "messages.replyToEmails" + }, + "Abnormal Security Return Path": { + "simple": "messages.returnPath" + }, + "Abnormal Security Sender Domain": { + "simple": "messages.senderDomain" + }, + "Abnormal Security Sender IP Address": { + "simple": "messages.senderIpAddress" + }, + "Abnormal Security Sent Time": { + "simple": "messages.sentTime" + }, + "Abnormal Security Severity": { + "simple": "severity" + }, + "Abnormal Security Severity Level": { + "simple": "severity_level" + }, + "Abnormal Security Subject": { + "simple": "messages.subject" + }, + "Abnormal Security Summary Insights": { + "simple": "messages.summaryInsights" + }, + "Abnormal Security Threat ID": { + "simple": "messages.threatId" + }, + "Abnormal Security Threat IDs": { + "simple": "threatIds" + }, + "Abnormal Security To Addresses": { + "simple": "messages.toAddresses" + }, + "Abnormal Security Url Count": { + "simple": "messages.urlCount" + }, + "URLs": { + "simple": "messages.urls" + } + } + } + }, + "name": "Abnormal Security - Incoming Mapper", + "type": "mapping-incoming", + "version": -1, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Attack_Type.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Attack_Type.json new file mode 100644 index 000000000000..ca3265f06e79 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Attack_Type.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityabusecampaignattacktype", + "version": -1, + "modified": "2023-11-21T13:08:49.422094213Z", + "name": "Abnormal Security Abuse Campaign Attack Type", + "ownerOnly": false, + "cliName": "abnormalsecurityabusecampaignattacktype", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_First_Reported.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_First_Reported.json new file mode 100644 index 000000000000..db651460c54b --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_First_Reported.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityabusecampaignfirstreported", + "version": -1, + "modified": "2023-11-21T13:05:22.276839408Z", + "name": "Abnormal Security Abuse Campaign First Reported", + "ownerOnly": false, + "cliName": "abnormalsecurityabusecampaignfirstreported", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_From_Address.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_From_Address.json new file mode 100644 index 000000000000..cfb167c3918d --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_From_Address.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityabusecampaignfromaddress", + "version": -1, + "modified": "2023-11-21T13:06:55.200764198Z", + "name": "Abnormal Security Abuse Campaign From Address", + "ownerOnly": false, + "cliName": "abnormalsecurityabusecampaignfromaddress", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_From_Name.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_From_Name.json new file mode 100644 index 000000000000..fa463183e330 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_From_Name.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityabusecampaignfromname", + "version": -1, + "modified": "2023-11-21T13:06:39.326960647Z", + "name": "Abnormal Security Abuse Campaign From Name", + "ownerOnly": false, + "cliName": "abnormalsecurityabusecampaignfromname", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_ID.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_ID.json new file mode 100644 index 000000000000..f687d866860f --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_ID.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityabusecampaignid", + "version": -1, + "modified": "2023-11-21T13:05:02.620809663Z", + "name": "Abnormal Security Abuse Campaign ID", + "ownerOnly": false, + "cliName": "abnormalsecurityabusecampaignid", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Judgement_Status.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Judgement_Status.json new file mode 100644 index 000000000000..ac66590177a4 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Judgement_Status.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityabusecampaignjudgementstatus", + "version": -1, + "modified": "2023-11-21T13:08:10.092998231Z", + "name": "Abnormal Security Abuse Campaign Judgement Status", + "ownerOnly": false, + "cliName": "abnormalsecurityabusecampaignjudgementstatus", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Last_Reported.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Last_Reported.json new file mode 100644 index 000000000000..250f8da89e17 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Last_Reported.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityabusecampaignlastreported", + "version": -1, + "modified": "2023-11-21T13:05:41.084883709Z", + "name": "Abnormal Security Abuse Campaign Last Reported", + "ownerOnly": false, + "cliName": "abnormalsecurityabusecampaignlastreported", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Message_ID.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Message_ID.json new file mode 100644 index 000000000000..9c679322d8eb --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Message_ID.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityabusecampaignmessageid", + "version": -1, + "modified": "2023-11-21T13:06:04.201697173Z", + "name": "Abnormal Security Abuse Campaign Message ID", + "ownerOnly": false, + "cliName": "abnormalsecurityabusecampaignmessageid", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Overall_Status.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Overall_Status.json new file mode 100644 index 000000000000..c751d6fa3a7b --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Overall_Status.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityabusecampaignoverallstatus", + "version": -1, + "modified": "2023-11-21T13:08:26.982019641Z", + "name": "Abnormal Security Abuse Campaign Overall Status", + "ownerOnly": false, + "cliName": "abnormalsecurityabusecampaignoverallstatus", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Recipient_Address.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Recipient_Address.json new file mode 100644 index 000000000000..7075ef0321c4 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Recipient_Address.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityabusecampaignrecipientaddress", + "version": -1, + "modified": "2023-11-21T13:07:52.784194762Z", + "name": "Abnormal Security Abuse Campaign Recipient Address", + "ownerOnly": false, + "cliName": "abnormalsecurityabusecampaignrecipientaddress", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Recipient_Name.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Recipient_Name.json new file mode 100644 index 000000000000..6458c6b8fa09 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Recipient_Name.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityabusecampaignrecipientname", + "version": -1, + "modified": "2023-11-21T13:07:21.10397575Z", + "name": "Abnormal Security Abuse Campaign Recipient Name", + "ownerOnly": false, + "cliName": "abnormalsecurityabusecampaignrecipientname", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Subject.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Subject.json new file mode 100644 index 000000000000..f331d6316e6f --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Abuse_Campaign_Subject.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityabusecampaignsubject", + "version": -1, + "modified": "2023-11-21T13:06:19.347933636Z", + "name": "Abnormal Security Abuse Campaign Subject", + "ownerOnly": false, + "cliName": "abnormalsecurityabusecampaignsubject", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Affected_Employee.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Affected_Employee.json new file mode 100644 index 000000000000..af397714b094 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Affected_Employee.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityaffectedemployee", + "version": -1, + "modified": "2023-11-21T02:38:38.488970472Z", + "name": "Abnormal Security Affected Employee", + "ownerOnly": false, + "cliName": "abnormalsecurityaffectedemployee", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Analysis.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Analysis.json new file mode 100644 index 000000000000..cdc7b74238f5 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Analysis.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityanalysis", + "version": -1, + "modified": "2023-11-20T23:39:45.818163583Z", + "name": "Abnormal Security Analysis", + "ownerOnly": false, + "cliName": "abnormalsecurityanalysis", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Attachment_Count.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Attachment_Count.json new file mode 100644 index 000000000000..8da7a4c0a04b --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Attachment_Count.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityattachmentcount", + "version": -1, + "modified": "2023-11-20T19:18:52.918447507Z", + "name": "Abnormal Security Attachment Count", + "ownerOnly": false, + "cliName": "abnormalsecurityattachmentcount", + "type": "number", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Attachment_Names.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Attachment_Names.json new file mode 100644 index 000000000000..835b83184ef3 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Attachment_Names.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityattachmentnames", + "version": -1, + "modified": "2023-11-20T20:24:07.971026883Z", + "name": "Abnormal Security Attachment Names", + "ownerOnly": false, + "cliName": "abnormalsecurityattachmentnames", + "type": "multiSelect", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": true, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Attack_Strategy.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Attack_Strategy.json new file mode 100644 index 000000000000..41521ad9c394 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Attack_Strategy.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityattackstrategy", + "version": -1, + "modified": "2023-11-20T19:19:36.646461439Z", + "name": "Abnormal Security Attack Strategy", + "ownerOnly": false, + "cliName": "abnormalsecurityattackstrategy", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Attack_Type.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Attack_Type.json new file mode 100644 index 000000000000..5138165e9d16 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Attack_Type.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityattacktype", + "version": -1, + "modified": "2023-11-20T19:19:49.360967157Z", + "name": "Abnormal Security Attack Type", + "ownerOnly": false, + "cliName": "abnormalsecurityattacktype", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Attack_Vector.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Attack_Vector.json new file mode 100644 index 000000000000..94e0607a54fc --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Attack_Vector.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityattackvector", + "version": -1, + "modified": "2023-11-20T19:19:59.998476364Z", + "name": "Abnormal Security Attack Vector", + "ownerOnly": false, + "cliName": "abnormalsecurityattackvector", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Attacked_Party.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Attacked_Party.json new file mode 100644 index 000000000000..ec979652e5bb --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Attacked_Party.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityattackedparty", + "version": -1, + "modified": "2023-11-20T19:20:53.97196249Z", + "name": "Abnormal Security Attacked Party", + "ownerOnly": false, + "cliName": "abnormalsecurityattackedparty", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Auto_Remediated.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Auto_Remediated.json new file mode 100644 index 000000000000..eafa9c82798f --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Auto_Remediated.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityautoremediated", + "version": -1, + "modified": "2023-11-20T20:20:42.403737035Z", + "name": "Abnormal Security Auto Remediated", + "ownerOnly": false, + "cliName": "abnormalsecurityautoremediated", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_CC_Emails.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_CC_Emails.json new file mode 100644 index 000000000000..02dd752c089f --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_CC_Emails.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityccemails", + "version": -1, + "modified": "2023-11-20T19:40:57.353588516Z", + "name": "Abnormal Security CC Emails", + "ownerOnly": false, + "cliName": "abnormalsecurityccemails", + "type": "multiSelect", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": true, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Campaign_ID.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Campaign_ID.json new file mode 100644 index 000000000000..453ee85515f7 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Campaign_ID.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecuritycampaignid", + "version": -1, + "modified": "2023-11-20T23:57:58.075512311Z", + "name": "Abnormal Security Campaign ID", + "ownerOnly": false, + "cliName": "abnormalsecuritycampaignid", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Case_ID.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Case_ID.json new file mode 100644 index 000000000000..ed2555b31bb1 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Case_ID.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecuritycaseid", + "version": -1, + "modified": "2023-11-20T23:40:25.819650999Z", + "name": "Abnormal Security Case ID", + "ownerOnly": false, + "cliName": "abnormalsecuritycaseid", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Case_Status.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Case_Status.json new file mode 100644 index 000000000000..c9ed612de5b6 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Case_Status.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecuritycasestatus", + "version": -1, + "modified": "2023-11-20T23:41:37.684669712Z", + "name": "Abnormal Security Case Status", + "ownerOnly": false, + "cliName": "abnormalsecuritycasestatus", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Customer_Visible_Time.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Customer_Visible_Time.json new file mode 100644 index 000000000000..f346bb2c7bfe --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Customer_Visible_Time.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecuritycustomervisibletime", + "version": -1, + "modified": "2023-11-20T23:42:05.18957503Z", + "name": "Abnormal Security Customer Visible Time", + "ownerOnly": false, + "cliName": "abnormalsecuritycustomervisibletime", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_First_Observed_Time.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_First_Observed_Time.json new file mode 100644 index 000000000000..222b0a9820b2 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_First_Observed_Time.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityfirstobservedtime", + "version": -1, + "modified": "2023-11-20T23:42:37.64531755Z", + "name": "Abnormal Security First Observed Time", + "ownerOnly": false, + "cliName": "abnormalsecurityfirstobservedtime", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_First_Reported.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_First_Reported.json new file mode 100644 index 000000000000..572108913ea8 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_First_Reported.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityfirstreported", + "version": -1, + "modified": "2023-11-20T23:58:17.51694912Z", + "name": "Abnormal Security First Reported", + "ownerOnly": false, + "cliName": "abnormalsecurityfirstreported", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_From_Address.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_From_Address.json new file mode 100644 index 000000000000..0b640c293f00 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_From_Address.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityfromaddress", + "version": -1, + "modified": "2023-11-20T19:21:22.597922376Z", + "name": "Abnormal Security From Address", + "ownerOnly": false, + "cliName": "abnormalsecurityfromaddress", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_From_Name.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_From_Name.json new file mode 100644 index 000000000000..c1c5d109931b --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_From_Name.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityfromname", + "version": -1, + "modified": "2023-11-20T19:21:49.59753166Z", + "name": "Abnormal Security From Name", + "ownerOnly": false, + "cliName": "abnormalsecurityfromname", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Impersonated_Party.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Impersonated_Party.json new file mode 100644 index 000000000000..69f07f330afa --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Impersonated_Party.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityimpersonatedparty", + "version": -1, + "modified": "2023-11-20T19:22:00.183564608Z", + "name": "Abnormal Security Impersonated Party", + "ownerOnly": false, + "cliName": "abnormalsecurityimpersonatedparty", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Internet_Message_ID.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Internet_Message_ID.json new file mode 100644 index 000000000000..ac823f368ee6 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Internet_Message_ID.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityinternetmessageid", + "version": -1, + "modified": "2023-11-20T19:22:09.597215122Z", + "name": "Abnormal Security Internet Message ID", + "ownerOnly": false, + "cliName": "abnormalsecurityinternetmessageid", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Is_Read.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Is_Read.json new file mode 100644 index 000000000000..32bddcb1c462 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Is_Read.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityisread", + "version": -1, + "modified": "2023-11-20T20:21:02.246469572Z", + "name": "Abnormal Security Is Read", + "ownerOnly": false, + "cliName": "abnormalsecurityisread", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Judgement_Status.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Judgement_Status.json new file mode 100644 index 000000000000..ef27428bf6fa --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Judgement_Status.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityjudgementstatus", + "version": -1, + "modified": "2023-11-21T00:00:32.793779622Z", + "name": "Abnormal Security Judgement Status", + "ownerOnly": false, + "cliName": "abnormalsecurityjudgementstatus", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Last_Reported.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Last_Reported.json new file mode 100644 index 000000000000..4a48032547c3 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Last_Reported.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecuritylastreported", + "version": -1, + "modified": "2023-11-20T23:58:40.200774853Z", + "name": "Abnormal Security Last Reported", + "ownerOnly": false, + "cliName": "abnormalsecuritylastreported", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Message_ID.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Message_ID.json new file mode 100644 index 000000000000..87999cdfb5e8 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Message_ID.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecuritymessageid", + "version": -1, + "modified": "2023-11-20T19:22:19.573198075Z", + "name": "Abnormal Security Message ID", + "ownerOnly": false, + "cliName": "abnormalsecuritymessageid", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Overall_Status.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Overall_Status.json new file mode 100644 index 000000000000..5af0d625040f --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Overall_Status.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityoverallstatus", + "version": -1, + "modified": "2023-11-21T00:00:49.342001181Z", + "name": "Abnormal Security Overall Status", + "ownerOnly": false, + "cliName": "abnormalsecurityoverallstatus", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Portal_URL.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Portal_URL.json new file mode 100644 index 000000000000..80139ad3c96d --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Portal_URL.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityportalurl", + "version": -1, + "modified": "2023-11-20T19:22:29.012074997Z", + "name": "Abnormal Security Portal URL", + "ownerOnly": false, + "cliName": "abnormalsecurityportalurl", + "type": "longText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Post_Remediated.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Post_Remediated.json new file mode 100644 index 000000000000..fea8558a8d0e --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Post_Remediated.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecuritypostremediated", + "version": -1, + "modified": "2023-11-20T20:21:15.622642379Z", + "name": "Abnormal Security Post Remediated", + "ownerOnly": false, + "cliName": "abnormalsecuritypostremediated", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Received_Time.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Received_Time.json new file mode 100644 index 000000000000..2f7aeec58ca5 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Received_Time.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityreceivedtime", + "version": -1, + "modified": "2023-11-20T19:25:26.665967155Z", + "name": "Abnormal Security Received Time", + "ownerOnly": false, + "cliName": "abnormalsecurityreceivedtime", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Recipient_Address.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Recipient_Address.json new file mode 100644 index 000000000000..c0049181bcb5 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Recipient_Address.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityrecipientaddress", + "version": -1, + "modified": "2023-11-20T19:25:49.163073405Z", + "name": "Abnormal Security Recipient Address", + "ownerOnly": false, + "cliName": "abnormalsecurityrecipientaddress", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Recipient_Name.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Recipient_Name.json new file mode 100644 index 000000000000..b94d8a875c7f --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Recipient_Name.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityrecipientname", + "version": -1, + "modified": "2023-11-21T00:00:06.415223771Z", + "name": "Abnormal Security Recipient Name", + "ownerOnly": false, + "cliName": "abnormalsecurityrecipientname", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Remediation_Status.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Remediation_Status.json new file mode 100644 index 000000000000..6db9f2e81d6d --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Remediation_Status.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityremediationstatus", + "version": -1, + "modified": "2023-11-20T19:26:13.259549598Z", + "name": "Abnormal Security Remediation Status", + "ownerOnly": false, + "cliName": "abnormalsecurityremediationstatus", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Remediation_Timestamp.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Remediation_Timestamp.json new file mode 100644 index 000000000000..c0d46ffddb57 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Remediation_Timestamp.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityremediationtimestamp", + "version": -1, + "modified": "2023-11-20T19:26:54.588026698Z", + "name": "Abnormal Security Remediation Timestamp", + "ownerOnly": false, + "cliName": "abnormalsecurityremediationtimestamp", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Reply_To_Emails.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Reply_To_Emails.json new file mode 100644 index 000000000000..3c750c475c94 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Reply_To_Emails.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityreplytoemails", + "version": -1, + "modified": "2023-11-20T19:41:19.376168736Z", + "name": "Abnormal Security Reply To Emails", + "ownerOnly": false, + "cliName": "abnormalsecurityreplytoemails", + "type": "multiSelect", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": true, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Return_Path.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Return_Path.json new file mode 100644 index 000000000000..419cddbecdc9 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Return_Path.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityreturnpath", + "version": -1, + "modified": "2023-11-20T20:44:04.466100477Z", + "name": "Abnormal Security Return Path", + "ownerOnly": false, + "cliName": "abnormalsecurityreturnpath", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Sender_Domain.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Sender_Domain.json new file mode 100644 index 000000000000..ce125150e740 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Sender_Domain.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecuritysenderdomain", + "version": -1, + "modified": "2023-11-20T20:44:22.060429745Z", + "name": "Abnormal Security Sender Domain", + "ownerOnly": false, + "cliName": "abnormalsecuritysenderdomain", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Sender_IP_Address.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Sender_IP_Address.json new file mode 100644 index 000000000000..b9469c4c6e37 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Sender_IP_Address.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecuritysenderipaddress", + "version": -1, + "modified": "2023-11-20T20:45:08.450908622Z", + "name": "Abnormal Security Sender IP Address", + "ownerOnly": false, + "cliName": "abnormalsecuritysenderipaddress", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Sent_Time.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Sent_Time.json new file mode 100644 index 000000000000..a7f83cfd00f9 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Sent_Time.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecuritysenttime", + "version": -1, + "modified": "2023-11-20T19:27:20.097539284Z", + "name": "Abnormal Security Sent Time", + "ownerOnly": false, + "cliName": "abnormalsecuritysenttime", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Severity.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Severity.json new file mode 100644 index 000000000000..0b3df5b5ed9f --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Severity.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityseverity", + "version": -1, + "modified": "2023-11-20T23:43:17.240609743Z", + "name": "Abnormal Security Severity", + "ownerOnly": false, + "cliName": "abnormalsecurityseverity", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Severity_Level.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Severity_Level.json new file mode 100644 index 000000000000..500418e57ece --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Severity_Level.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityseveritylevel", + "version": -1, + "modified": "2023-11-20T23:43:35.259293149Z", + "name": "Abnormal Security Severity Level", + "ownerOnly": false, + "cliName": "abnormalsecurityseveritylevel", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Subject.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Subject.json new file mode 100644 index 000000000000..24c4150cf44e --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Subject.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecuritysubject", + "version": -1, + "modified": "2023-11-20T19:27:39.63581334Z", + "name": "Abnormal Security Subject", + "ownerOnly": false, + "cliName": "abnormalsecuritysubject", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Summary_Insights.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Summary_Insights.json new file mode 100644 index 000000000000..887351cf4c40 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Summary_Insights.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecuritysummaryinsights", + "version": -1, + "modified": "2023-11-20T20:45:47.801994393Z", + "name": "Abnormal Security Summary Insights", + "ownerOnly": false, + "cliName": "abnormalsecuritysummaryinsights", + "type": "multiSelect", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": true, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Threat_ID.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Threat_ID.json new file mode 100644 index 000000000000..cda07b83a407 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Threat_ID.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecuritythreatid", + "version": -1, + "modified": "2023-11-20T19:29:10.753895043Z", + "name": "Abnormal Security Threat ID", + "ownerOnly": false, + "cliName": "abnormalsecuritythreatid", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Threat_IDs.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Threat_IDs.json new file mode 100644 index 000000000000..f09599c64c3c --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Threat_IDs.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecuritythreatids", + "version": -1, + "modified": "2023-11-20T23:43:51.036960363Z", + "name": "Abnormal Security Threat IDs", + "ownerOnly": false, + "cliName": "abnormalsecuritythreatids", + "type": "multiSelect", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": true, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_To_Addresses.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_To_Addresses.json new file mode 100644 index 000000000000..5224c4ba78e4 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_To_Addresses.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecuritytoaddresses", + "version": -1, + "modified": "2023-11-20T19:30:53.522070035Z", + "name": "Abnormal Security To Addresses", + "ownerOnly": false, + "cliName": "abnormalsecuritytoaddresses", + "type": "multiSelect", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": true, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Url_Count.json b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Url_Count.json new file mode 100644 index 000000000000..32a4ebe25131 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentFields/incidentfields_Abnormal_Security_Url_Count.json @@ -0,0 +1,31 @@ +{ + "id": "incident_abnormalsecurityurlcount", + "version": -1, + "modified": "2023-11-20T20:46:14.377243705Z", + "name": "Abnormal Security Url Count", + "ownerOnly": false, + "cliName": "abnormalsecurityurlcount", + "type": "number", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "AbnormalSecurity" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.0.0" +} \ No newline at end of file diff --git a/Packs/AbnormalSecurity/IncidentTypes/Abnormal_Security_Custom_Incident_types.json b/Packs/AbnormalSecurity/IncidentTypes/Abnormal_Security_Custom_Incident_types.json new file mode 100644 index 000000000000..396e967d2b61 --- /dev/null +++ b/Packs/AbnormalSecurity/IncidentTypes/Abnormal_Security_Custom_Incident_types.json @@ -0,0 +1,28 @@ +{ + "id": "AbnormalSecurity", + "version": -1, + "vcShouldIgnore": false, + "locked": false, + "name": "AbnormalSecurity", + "prevName": "AbnormalSecurity", + "color": "#F8E7A5", + "hours": 0, + "days": 0, + "weeks": 0, + "hoursR": 0, + "daysR": 0, + "weeksR": 0, + "system": false, + "readonly": false, + "default": false, + "autorun": false, + "disabled": false, + "reputationCalc": 0, + "onChangeRepAlg": 0, + "detached": false, + "extractSettings": { + "mode": "Specific", + "fieldCliNameToExtractSettings": {} + }, + "fromVersion": "6.0.0" +} diff --git a/Packs/AbnormalSecurity/Integrations/AbnormalSecurity/AbnormalSecurity.py b/Packs/AbnormalSecurity/Integrations/AbnormalSecurity/AbnormalSecurity.py index 3ad943ef413f..ed874efcbd8d 100644 --- a/Packs/AbnormalSecurity/Integrations/AbnormalSecurity/AbnormalSecurity.py +++ b/Packs/AbnormalSecurity/Integrations/AbnormalSecurity/AbnormalSecurity.py @@ -89,7 +89,7 @@ def get_a_list_of_threats_request(self, filter_='', page_size=None, page_number= return response - def get_details_of_a_threat_request(self, threat_id, subtenant): + def get_details_of_a_threat_request(self, threat_id, subtenant=None): headers = self._headers params = assign_params(subtenant=subtenant) @@ -97,7 +97,7 @@ def get_details_of_a_threat_request(self, threat_id, subtenant): return response - def get_details_of_an_abnormal_case_request(self, case_id, subtenant): + def get_details_of_an_abnormal_case_request(self, case_id, subtenant=None): headers = self._headers params = assign_params(subtenant=subtenant) @@ -105,7 +105,7 @@ def get_details_of_an_abnormal_case_request(self, case_id, subtenant): return response - def get_details_of_an_abuse_mailbox_campaign_request(self, campaign_id, subtenant): + def get_details_of_an_abuse_mailbox_campaign_request(self, campaign_id, subtenant=None): headers = self._headers params = assign_params(subtenant=subtenant) @@ -730,29 +730,37 @@ def get_a_list_of_unanalyzed_abuse_mailbox_campaigns_command(client, args): return command_results -def generate_threat_incidents(threats, current_iso_format_time): +def generate_threat_incidents(client, threats, current_iso_format_time): incidents = [] for threat in threats: - incident = {"dbotMirrorId": str(threat["threatId"]), "name": "Threat", "occurred": current_iso_format_time, - 'details': "Threat"} + threat_details = client.get_details_of_a_threat_request(threat["threatId"]) + incident = { + "dbotMirrorId": str(threat["threatId"]), + "name": "Threat", + "occurred": current_iso_format_time, + "details": "Threat", + "rawJSON": json.dumps(threat_details) if threat_details else {} + } incidents.append(incident) return incidents -def generate_abuse_campaign_incidents(campaigns, current_iso_format_time): +def generate_abuse_campaign_incidents(client, campaigns, current_iso_format_time): incidents = [] for campaign in campaigns: + campaign_details = client.get_details_of_an_abuse_mailbox_campaign_request(campaign["campaignId"]) incident = {"dbotMirrorId": str(campaign["campaignId"]), "name": "Abuse Campaign", "occurred": current_iso_format_time, - 'details': "Abuse Campaign"} + 'details': "Abuse Campaign", "rawJSON": json.dumps(campaign_details) if campaign_details else {}} incidents.append(incident) return incidents -def generate_account_takeover_cases_incidents(cases, current_iso_format_time): +def generate_account_takeover_cases_incidents(client, cases, current_iso_format_time): incidents = [] for case in cases: + case_details = client.get_details_of_an_abnormal_case_request(case["caseId"]) incident = {"dbotMirrorId": str(case["caseId"]), "name": "Account Takeover Case", "occurred": current_iso_format_time, - 'details': case['description']} + 'details': case['description'], "rawJSON": json.dumps(case_details) if case_details else {}} incidents.append(incident) return incidents @@ -791,13 +799,13 @@ def fetch_incidents( if fetch_threats: threats_filter = f"receivedTime gte {last_fetch}" threats_response = client.get_a_list_of_threats_request(filter_=threats_filter, page_size=100) - all_incidents += generate_threat_incidents(threats_response.get('threats', []), current_iso_format_time) + all_incidents += generate_threat_incidents(client, threats_response.get('threats', []), current_iso_format_time) if fetch_abuse_campaigns: abuse_campaigns_filter = f"lastReportedTime gte {last_fetch}" abuse_campaigns_response = client.get_a_list_of_campaigns_submitted_to_abuse_mailbox_request( filter_=abuse_campaigns_filter, page_size=100) - all_incidents += generate_abuse_campaign_incidents(abuse_campaigns_response.get('campaigns', []), + all_incidents += generate_abuse_campaign_incidents(client, abuse_campaigns_response.get('campaigns', []), current_iso_format_time) if fetch_account_takeover_cases: @@ -805,7 +813,7 @@ def fetch_incidents( account_takeover_cases_response = client.get_a_list_of_abnormal_cases_identified_by_abnormal_security_request( filter_=account_takeover_cases_filter, page_size=100) all_incidents += generate_account_takeover_cases_incidents( - account_takeover_cases_response.get('cases', []), current_iso_format_time) + client, account_takeover_cases_response.get('cases', []), current_iso_format_time) except Exception as e: logging.error(f"Failed fetching incidents: {e}") diff --git a/Packs/AbnormalSecurity/Integrations/AbnormalSecurity/AbnormalSecurity.yml b/Packs/AbnormalSecurity/Integrations/AbnormalSecurity/AbnormalSecurity.yml index 57072b8c0795..d39ba66ac49f 100644 --- a/Packs/AbnormalSecurity/Integrations/AbnormalSecurity/AbnormalSecurity.yml +++ b/Packs/AbnormalSecurity/Integrations/AbnormalSecurity/AbnormalSecurity.yml @@ -431,7 +431,7 @@ script: description: The type of threat the message represents. type: String - # Employee commands + # Employee commands - arguments: - description: Email address of the employee you want to retrieve data for. name: email_address @@ -703,7 +703,7 @@ script: description: Get the latest threat intel feed. name: abnormal-security-get-latest-threat-intel-feed deprecated: true - dockerimage: demisto/python3:3.10.13.80593 + dockerimage: demisto/python3:3.10.13.81631 script: "" subtype: python3 type: python @@ -711,3 +711,4 @@ script: fromversion: 6.0.0 tests: - No tests (auto formatted) +defaultmapperin: Abnormal Security - Incoming Mapper diff --git a/Packs/AbnormalSecurity/ReleaseNotes/2_2_0.md b/Packs/AbnormalSecurity/ReleaseNotes/2_2_0.md new file mode 100644 index 000000000000..a6755cef5f0d --- /dev/null +++ b/Packs/AbnormalSecurity/ReleaseNotes/2_2_0.md @@ -0,0 +1,76 @@ + +#### Incident Fields + +- New: **Abnormal Security Abuse Campaign From Address** +- New: **Abnormal Security Post Remediated** +- New: **Abnormal Security Analysis** +- New: **Abnormal Security First Reported** +- New: **Abnormal Security Severity** +- New: **Abnormal Security Recipient Name** +- New: **Abnormal Security Abuse Campaign ID** +- New: **Abnormal Security Recipient Address** +- New: **Abnormal Security Portal URL** +- New: **Abnormal Security Attacked Party** +- New: **Abnormal Security First Observed Time** +- New: **Abnormal Security Subject** +- New: **Abnormal Security Internet Message ID** +- New: **Abnormal Security Severity Level** +- New: **Abnormal Security Attachment Count** +- New: **Abnormal Security Abuse Campaign From Name** +- New: **Abnormal Security Judgement Status** +- New: **Abnormal Security Abuse Campaign Subject** +- New: **Abnormal Security Abuse Campaign Overall Status** +- New: **Abnormal Security Message ID** +- New: **Abnormal Security Reply To Emails** +- New: **Abnormal Security Attack Strategy** +- New: **Abnormal Security Is Read** +- New: **Abnormal Security Abuse Campaign Judgement Status** +- New: **Abnormal Security Threat ID** +- New: **Abnormal Security Attachment Names** +- New: **Abnormal Security Received Time** +- New: **Abnormal Security Impersonated Party** +- New: **Abnormal Security Sender Domain** +- New: **Abnormal Security Remediation Timestamp** +- New: **Abnormal Security Case Status** +- New: **Abnormal Security From Name** +- New: **Abnormal Security Affected Employee** +- New: **Abnormal Security Abuse Campaign First Reported** +- New: **Abnormal Security Abuse Campaign Message ID** +- New: **Abnormal Security Case ID** +- New: **Abnormal Security Url Count** +- New: **Abnormal Security Remediation Status** +- New: **Abnormal Security Return Path** +- New: **Abnormal Security To Addresses** +- New: **Abnormal Security Campaign ID** +- New: **Abnormal Security Abuse Campaign Recipient Name** +- New: **Abnormal Security Attack Vector** +- New: **Abnormal Security From Address** +- New: **Abnormal Security Sent Time** +- New: **Abnormal Security Summary Insights** +- New: **Abnormal Security Attack Type** +- New: **Abnormal Security Threat IDs** +- New: **Abnormal Security Abuse Campaign Last Reported** +- New: **Abnormal Security Last Reported** +- New: **Abnormal Security Customer Visible Time** +- New: **Abnormal Security Auto Remediated** +- New: **Abnormal Security Sender IP Address** +- New: **Abnormal Security CC Emails** +- New: **Abnormal Security Abuse Campaign Recipient Address** +- New: **Abnormal Security Overall Status** +- New: **Abnormal Security Abuse Campaign Attack Type** + +#### Incident Types + +- New: **AbnormalSecurity** + +#### Integrations + +##### Abnormal Security + +- Updated the Docker image to: *demisto/python3:3.10.13.81631*. + +#### Mappers + +##### New: Abnormal Security - Incoming Mapper + +- New: Abnormal Security Mapper (Available from Cortex XSOAR 6.9.0). diff --git a/Packs/AbnormalSecurity/pack_metadata.json b/Packs/AbnormalSecurity/pack_metadata.json index c266c93a95e1..b9e4050acc22 100644 --- a/Packs/AbnormalSecurity/pack_metadata.json +++ b/Packs/AbnormalSecurity/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Abnormal Security", "description": "Abnormal Security detects and protects against the whole spectrum of email attacks", "support": "partner", - "currentVersion": "2.1.3", + "currentVersion": "2.2.0", "author": "Abnormal Security", "url": "", "email": "support@abnormalsecurity.com",