Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Cybersixgill alerts typosquatting (#31386)
* Cybersixgill alerts typosquatting (#30787) * Added mapper for 2 custom incident fields * Updated release notes. * Added typosquatting to known words * new Incident fields and incomming mapper formated * Release notes reviewed. * setting unseachable to true. * Suspicious and Triggered domain as tables. * Moved 3 mappings from code to mapper. * Updated test case * Updated test case * Added default mapper and updated docker image version * Added breaking change note * Removed breaking change note * Renamed files as per suggestion * renamed mapper as per suggestion * Added new release note. * Changed id and name for incident fields and updated docker image name * update RN * update RN, update fields names, update mapper * update id, update RN * Update 1_2_10.md * Update incidentfield-Cybersixgill_Triggered_Domain.json * update docker * ID value contained invalid caps character. * changing type in fields to tagselect --------- Co-authored-by: Sapir Shuker <49246861+sapirshuker@users.noreply.github.com> Co-authored-by: sapirshuker <sshuker@paloaltonetworks.com> * docker image update --------- Co-authored-by: syed-loginsoft <97145640+syed-loginsoft@users.noreply.github.com> Co-authored-by: Sapir Shuker <49246861+sapirshuker@users.noreply.github.com> Co-authored-by: sapirshuker <sshuker@paloaltonetworks.com>
- Loading branch information
1 parent
07b8c1b
commit c6f93b9
Showing
10 changed files
with
124 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -20,4 +20,5 @@ ignore=IF115 | |
ignore=BA124 | ||
|
||
[known_words] | ||
Cybersixgill | ||
Cybersixgill | ||
typosquatting |
31 changes: 31 additions & 0 deletions
31
...tionableAlerts/Classifiers/classifier-mapper-incoming-Cybersixgill-Actionable-Alerts.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
{ | ||
"description": "", | ||
"feed": false, | ||
"id": "Cybersixgill Actionable Alerts - Incoming Mapper", | ||
"mapping": { | ||
"Cybersixgill Actionable Alerts": { | ||
"dontMapEventToLabels": true, | ||
"internalMapping": { | ||
"Cybersixgill CVSS 2.0": { | ||
"simple": "additional_info.nvd.v3.current" | ||
}, | ||
"Cybersixgill CVSS 3.1": { | ||
"simple": "additional_info.nvd.v2.current" | ||
}, | ||
"Cybersixgill DVE Score": { | ||
"simple": "additional_info.score.current" | ||
}, | ||
"Cybersixgill Suspicious domain": { | ||
"simple": "additional_info.tables.suspicious_domain" | ||
}, | ||
"Cybersixgill Triggered domain": { | ||
"simple": "additional_info.tables.triggered_domain" | ||
} | ||
} | ||
} | ||
}, | ||
"name": "Cybersixgill Actionable Alerts - Incoming Mapper", | ||
"type": "mapping-incoming", | ||
"version": -1, | ||
"fromVersion": "6.10.0" | ||
} |
31 changes: 31 additions & 0 deletions
31
...sixgill-ActionableAlerts/IncidentFields/incidentfield-Cybersixgill_Suspicious_Domain.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
{ | ||
"id": "incident_cybersixgillsuspiciousdomain", | ||
"version": -1, | ||
"modified": "2023-11-09T22:08:56.499540505+05:30", | ||
"name": "Cybersixgill Suspicious domain", | ||
"ownerOnly": false, | ||
"description": "Suspicious Domain", | ||
"cliName": "cybersixgillsuspiciousdomain", | ||
"type": "tagsSelect", | ||
"closeForm": false, | ||
"editForm": true, | ||
"required": false, | ||
"neverSetAsRequired": false, | ||
"isReadOnly": true, | ||
"useAsKpi": false, | ||
"locked": false, | ||
"system": false, | ||
"content": true, | ||
"group": 0, | ||
"hidden": false, | ||
"associatedTypes": [ | ||
"Cybersixgill Actionable Alerts" | ||
], | ||
"associatedToAll": false, | ||
"unmapped": false, | ||
"unsearchable": true, | ||
"caseInsensitive": true, | ||
"sla": 0, | ||
"threshold": 72, | ||
"fromVersion": "6.10.0" | ||
} |
32 changes: 32 additions & 0 deletions
32
...rsixgill-ActionableAlerts/IncidentFields/incidentfield-Cybersixgill_Triggered_Domain.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
{ | ||
"id": "incident_cybersixgilltriggereddomain", | ||
"version": -1, | ||
"modified": "2023-11-09T22:08:00.46683194+05:30", | ||
"name": "Cybersixgill Triggered domain", | ||
"ownerOnly": false, | ||
"description": "Triggered domain", | ||
"cliName": "cybersixgilltriggereddomain", | ||
"type": "tagsSelect", | ||
"closeForm": false, | ||
"editForm": true, | ||
"required": false, | ||
"neverSetAsRequired": false, | ||
"isReadOnly": true, | ||
"useAsKpi": false, | ||
"locked": false, | ||
"system": false, | ||
"content": true, | ||
"group": 0, | ||
"hidden": false, | ||
"openEnded": false, | ||
"associatedTypes": [ | ||
"Cybersixgill Actionable Alerts" | ||
], | ||
"associatedToAll": false, | ||
"unmapped": false, | ||
"unsearchable": true, | ||
"caseInsensitive": true, | ||
"sla": 0, | ||
"threshold": 72, | ||
"fromVersion": "6.10.0" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
{ | ||
"breakingChanges": true, | ||
"breakingChangesNotes": "Field mapping moved from code to incoming mapper (classifier-mapper-incoming-Cybersixgill-Actionable-Alerts). Please select the mentioned mapper on integration instance configuration to ensure smooth transition." | ||
} |
20 changes: 20 additions & 0 deletions
20
Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_10.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
|
||
#### Integrations | ||
|
||
##### Cybersixgill Actionable Alerts | ||
|
||
- The *cybersixgillcvss31*, *cybersixgillcvss20*, *cybersixgilldvescore* incident fields are now mapped by the mapper. | ||
- Updated the Docker image to: *demisto/sixgill:1.0.0.83225*. | ||
|
||
#### Mappers | ||
|
||
##### New: Cybersixgill Actionable Alerts - Incoming Mapper | ||
|
||
- New: Added the mapper for incident type Cybersixgill Actionable Alert (Available from Cortex XSOAR 6.10.0). | ||
|
||
#### Incident Fields | ||
|
||
- New: **Cybersixgill Suspicious domain** | ||
|
||
- New: **Cybersixgill Triggered domain** | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters