Skip to content

Commit

Permalink
Fixes for 'NGFW Scan' and 'WildFire Malware' XSIAM playbooks (#29774)
Browse files Browse the repository at this point in the history 
* Fixes for 'NGFW Scan' and 'WildFire Malware' XSIAM playbooks

* RN

* fixed RN and 'NGFW Scan playbook'
  • Loading branch information
@TalNos @maimorag
TalNos authored and maimorag committed Sep 28, 2023
1 parent 4e0e3ed commit db88c97
Show file tree
Hide file tree
Showing 8 changed files with 111 additions and 165 deletions.
160 changes: 65 additions & 95 deletions Packs/Core/Playbooks/playbook-NGFW_Scan.yml
View file
Expand Up @@ -131,7 +131,7 @@ tasks:
{
"position": {
"x": 20,
"y": 3190
"y": 3010
}
}
note: false
Expand Down Expand Up @@ -249,7 +249,7 @@ tasks:
brand: ""
nexttasks:
'#default#':
- "43"
- "46"
"yes":
- "19"
separatecontext: false
Expand Down Expand Up @@ -316,7 +316,7 @@ tasks:
{
"position": {
"x": 1000,
"y": 1860
"y": 1840
}
}
note: false
Expand Down Expand Up @@ -657,7 +657,7 @@ tasks:
brand: ""
nexttasks:
'#none#':
- "43"
- "46"
scriptarguments:
AutoContainment:
complex:
Expand Down Expand Up @@ -718,7 +718,7 @@ tasks:
{
"position": {
"x": 1000,
"y": 2030
"y": 2010
}
}
note: false
Expand Down Expand Up @@ -750,7 +750,7 @@ tasks:
{
"position": {
"x": 480,
"y": 3020
"y": 2840
}
}
note: false
Expand All @@ -775,7 +775,7 @@ tasks:
brand: ""
nexttasks:
'#default#':
- "41"
- "60"
"yes":
- "45"
separatecontext: false
Expand All @@ -796,84 +796,7 @@ tasks:
{
"position": {
"x": 480,
"y": 2675
}
}
note: false
timertriggers: []
ignoreworker: false
skipunavailable: false
quietmode: 0
isoversize: false
isautoswitchedtoquietmode: false
continueonerrortype: ""
"43":
id: "43"
taskid: 603b1088-07d0-4656-8b8d-ce58e06cf7e6
type: condition
task:
id: 603b1088-07d0-4656-8b8d-ce58e06cf7e6
version: -1
name: Should close alert automatically?
description: Whether to close the alert automatically.
type: condition
iscommand: false
brand: ""
nexttasks:
'#default#':
- "44"
"yes":
- "46"
separatecontext: false
conditions:
- label: "yes"
condition:
- - operator: isEqualString
left:
value:
complex:
root: inputs.AutoCloseAlert
iscontext: true
right:
value:
simple: "true"
ignorecase: true
view: |-
{
"position": {
"x": 480,
"y": 2200
}
}
note: false
timertriggers: []
ignoreworker: false
skipunavailable: false
quietmode: 0
isoversize: false
isautoswitchedtoquietmode: false
continueonerrortype: ""
"44":
id: "44"
taskid: 0efdf166-59cc-4539-8732-ce0aa4c08d3e
type: regular
task:
id: 0efdf166-59cc-4539-8732-ce0aa4c08d3e
version: -1
name: Continue with the alert investigation
description: Manual continuation of the investigation.
type: regular
iscommand: false
brand: ""
nexttasks:
'#none#':
- "46"
separatecontext: false
view: |-
{
"position": {
"x": 1000,
"y": 2370
"y": 2315
}
}
note: false
Expand Down Expand Up @@ -905,7 +828,7 @@ tasks:
brand: ""
nexttasks:
'#none#':
- "41"
- "60"
scriptarguments:
releaseFile:
simple: "false"
Expand All @@ -921,7 +844,7 @@ tasks:
{
"position": {
"x": 1000,
"y": 2850
"y": 2490
}
}
note: false
Expand Down Expand Up @@ -952,7 +875,7 @@ tasks:
{
"position": {
"x": 480,
"y": 2540
"y": 2180
}
}
note: false
Expand Down Expand Up @@ -1478,30 +1401,75 @@ tasks:
quietmode: 0
isoversize: false
isautoswitchedtoquietmode: false
"60":
id: "60"
taskid: c0b99b5f-80b6-4423-8e16-a2f9ce2e2a1e
type: condition
task:
id: c0b99b5f-80b6-4423-8e16-a2f9ce2e2a1e
version: -1
name: Should close alert automatically?
description: Whether to close the alert automatically.
type: condition
iscommand: false
brand: Builtin
nexttasks:
'#default#':
- "5"
"yes":
- "41"
separatecontext: false
conditions:
- label: "yes"
condition:
- - operator: isEqualString
left:
value:
complex:
root: inputs.AutoCloseAlert
iscontext: true
right:
value:
simple: "true"
ignorecase: true
continueonerrortype: ""
view: |-
{
"position": {
"x": 480,
"y": 2665
}
}
note: false
timertriggers: []
ignoreworker: false
skipunavailable: false
quietmode: 0
isoversize: false
isautoswitchedtoquietmode: false
view: |-
{
"linkLabelsPosition": {
"17_19_yes": 0.49,
"17_43_#default#": 0.16,
"26_28_#default#": 0.47,
"26_57_yes": 0.48,
"28_47_#default#": 0.51,
"28_57_yes": 0.36,
"42_41_#default#": 0.53,
"42_45_yes": 0.49,
"43_44_#default#": 0.48,
"47_48_Yes": 0.58,
"47_5_#default#": 0.12,
"4_11_#default#": 0.41,
"4_33_Internal": 0.72,
"55_14_#default#": 0.28,
"55_56_yes": 0.48,
"56_14_#default#": 0.43,
"56_54_yes": 0.5
"56_54_yes": 0.5,
"60_41_yes": 0.63,
"60_5_#default#": 0.43
},
"paper": {
"dimensions": {
"height": 4395,
"height": 4215,
"width": 1620,
"x": -240,
"y": -1140
Expand Down Expand Up @@ -1673,6 +1641,8 @@ inputs:
playbookInputQuery:
outputs: []
tests:
- No tests (auto formatted).
- No tests (auto formatted)
marketplaces: ["marketplacev2"]
fromversion: 6.6.0
fromversion: 6.6.0
contentitemexportablefields:
contentitemfields: {}
16 changes: 8 additions & 8 deletions Packs/Core/Playbooks/playbook-NGFW_Scan_README.md
View file
Expand Up @@ -41,29 +41,29 @@ This playbook uses the following sub-playbooks, integrations, and scripts.
### Sub-playbooks

* Containment Plan
* Endpoint Investigation Plan
* Recovery Plan
* Handle False Positive Alerts
* Block IP - Generic v3
* Ticket Management - Generic
* Handle False Positive Alerts
* Endpoint Investigation Plan
* NGFW Internal Scan
* Ticket Management - Generic
* Recovery Plan

### Integrations

* CoreIOCs
* CortexCoreIR
* CoreIOCs

### Scripts

* SearchIncidentsV2

### Commands

* setParentIncidentFields
* ip
* abuseipdb-report-ip
* send-mail
* closeInvestigation
* send-mail
* ip
* setParentIncidentFields

## Playbook Inputs

Expand Down

0 comments on commit db88c97

Please sign in to comment.