Skip to content

Commit

Permalink
PrismaCloudV2XSIAM (#31187)
Browse files Browse the repository at this point in the history 
* AWS CloudTrail Misconfiguration

* ReleaseNotes

* AWS IAM Policy Misconfiguration

* ReleaseNotes

* ReleaseNotes

* changing trigger ID

* Azure AKS Misconfiguration

* ReleaseNotes

* Small fix

* AWS EC2 Instance Misconfiguration

* fix

* rn fix

* small fix

* Azure Network Misconfiguration

* rn and trigger

* Azure SQL Misconfiguration

* Azure SQL Misconfiguration

* Azure Storage Misconfiguration

* GCP Compute Engine Misconfiguration

* GCP Kubernetes Engine Misconfiguration

* Prisma Cloud - VM Alert Prioritization

* fix

* fix

* Review Fixes

* classifier update

* ReleaseNotes

* add ons

* addons

* ReleaseNotes

* new layoutscontainer

* rn

* fix

* fix validation error

* rn fix

* fix

* fix rn

* AWS CloudTrail Misconfiguration

* ReleaseNotes

* AWS IAM Policy Misconfiguration

* ReleaseNotes

* ReleaseNotes

* changing trigger ID

* Azure AKS Misconfiguration

* ReleaseNotes

* Small fix

* AWS EC2 Instance Misconfiguration

* fix

* rn fix

* small fix

* Azure Network Misconfiguration

* rn and trigger

* Azure SQL Misconfiguration

* Azure SQL Misconfiguration

* Azure Storage Misconfiguration

* GCP Compute Engine Misconfiguration

* GCP Kubernetes Engine Misconfiguration

* Prisma Cloud - VM Alert Prioritization

* fix

* fix

* Review Fixes

* classifier update

* ReleaseNotes

* add ons

* addons

* ReleaseNotes

* new layoutscontainer

* rn

* fix

* fix validation error

* rn fix

* fix

* fix rn

* Merge branch 'master' of github.com:demisto/content

* fix

* ReleaseNotes

* rn

* fixed rn

* rn

* fix prev rn

* bump

* bump

* Bump pack from version CommonTypes to 3.3.98.

---------

Co-authored-by: Content Bot <bot@demisto.com>
Co-authored-by: Sapir Shuker <49246861+sapirshuker@users.noreply.github.com>
  • Loading branch information
@ArikDay @sapirshuker
3 people committed Jan 2, 2024
1 parent b742f0f commit 8e9b3e8
Show file tree
Hide file tree
Showing 36 changed files with 1,611 additions and 337 deletions.
27 changes: 27 additions & 0 deletions Packs/CommonTypes/IncidentFields/incidentfield-Status_Reason.json
View file
@@ -0,0 +1,27 @@
{
"associatedToAll": true,
"caseInsensitive": true,
"cliName": "statusreason",
"closeForm": false,
"content": true,
"editForm": true,
"group": 0,
"hidden": false,
"id": "incident_statusreason",
"isReadOnly": false,
"locked": false,
"name": "Status Reason",
"neverSetAsRequired": false,
"openEnded": false,
"ownerOnly": false,
"required": false,
"sla": 0,
"system": false,
"threshold": 72,
"type": "shortText",
"unmapped": false,
"unsearchable": true,
"useAsKpi": false,
"version": -1,
"fromVersion": "6.10.0"
}
4 changes: 4 additions & 0 deletions Packs/CommonTypes/ReleaseNotes/3_3_98.md
View file
@@ -0,0 +1,4 @@

#### Incident Fields

- New: **Status Reason**
2 changes: 1 addition & 1 deletion Packs/CommonTypes/pack_metadata.json
View file
Expand Up @@ -2,7 +2,7 @@
"name": "Common Types",
"description": "This Content Pack will get you up and running in no-time and provide you with the most commonly used incident & indicator fields and types.",
"support": "xsoar",
"currentVersion": "3.3.97",
"currentVersion": "3.3.98",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down
19 changes: 17 additions & 2 deletions Packs/PrismaCloud/Classifiers/classifier-mapper-incoming-Prisma_Cloud.json
View file
Expand Up @@ -1949,7 +1949,11 @@
"accessor": "lastModifiedOn",
"filters": [],
"root": "policy",
"transformers": []
"transformers": [
{
"operator": "TimeStampToDate"
}
]
}
},
"Last Seen": {
Expand Down Expand Up @@ -2073,7 +2077,11 @@
"complex": {
"filters": [],
"root": "alertTime",
"transformers": []
"transformers": [
{
"operator": "TimeStampToDate"
}
]
}
},
"RRN": {
Expand Down Expand Up @@ -2159,6 +2167,13 @@
"transformers": []
}
},
"Status Reason": {
"complex": {
"filters": [],
"root": "reason",
"transformers": []
}
},
"Subscription Assigned By": {
"complex": {
"accessor": "data.properties.metadata.assignedBy",
Expand Down
68 changes: 68 additions & 0 deletions Packs/PrismaCloud/LayoutRules/Prisma_Cloud_V2.json
View file
@@ -0,0 +1,68 @@
{
"rule_id": "Prisma_Cloud_V2_Layout_Rule",
"layout_id": "Prisma Cloud V2",
"description": "display for Prisma Cloud alerts.",
"rule_name": "Prisma Cloud V2 Layout Rule",
"alerts_filter": {
"filter": {
"OR": [
{
"SEARCH_FIELD": "alert_type",
"SEARCH_TYPE": "EQ",
"SEARCH_VALUE": "AWS CloudTrail Misconfiguration"
},
{
"SEARCH_FIELD": "alert_type",
"SEARCH_TYPE": "EQ",
"SEARCH_VALUE": "AWS EC2 Instance Misconfiguration"
},
{
"SEARCH_FIELD": "alert_type",
"SEARCH_TYPE": "EQ",
"SEARCH_VALUE": "AWS IAM Policy Misconfiguration"
},
{
"SEARCH_FIELD": "alert_type",
"SEARCH_TYPE": "EQ",
"SEARCH_VALUE": "Azure AKS Misconfiguration"
},
{
"SEARCH_FIELD": "alert_type",
"SEARCH_TYPE": "EQ",
"SEARCH_VALUE": "Azure Network Misconfiguration"
},
{
"SEARCH_FIELD": "alert_type",
"SEARCH_TYPE": "EQ",
"SEARCH_VALUE": "Azure SQL Misconfiguration"
},
{
"SEARCH_FIELD": "alert_type",
"SEARCH_TYPE": "EQ",
"SEARCH_VALUE": "Azure Storage Misconfiguration"
},
{
"SEARCH_FIELD": "alert_type",
"SEARCH_TYPE": "EQ",
"SEARCH_VALUE": "GCP Compute Engine Misconfiguration"
},
{
"SEARCH_FIELD": "alert_type",
"SEARCH_TYPE": "EQ",
"SEARCH_VALUE": "GCP Kubernetes Engine Misconfiguration"
},
{
"SEARCH_FIELD": "alert_type",
"SEARCH_TYPE": "EQ",
"SEARCH_VALUE": "Prisma Cloud - VM Alert Prioritization"
},
{
"SEARCH_FIELD": "alert_type",
"SEARCH_TYPE": "EQ",
"SEARCH_VALUE": "Prisma Cloud"
}
]
}
},
"fromVersion": "6.10.0"
}

0 comments on commit 8e9b3e8

Please sign in to comment.