Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cryptojacking files to the Cloud Incident Response pack #28058

Merged
merged 28 commits into from Jul 13, 2023
Merged

Cryptojacking files to the Cloud Incident Response pack #28058

Show file tree
Hide file tree
Changes from 16 commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
9b85341
Move the Cryptojacking files to the CloudIncidentResponse pack
melamedbn Jul 11, 2023
d3293d6
Merge remote-tracking branch 'origin/master' into CloudIncidentRespon…
melamedbn Jul 11, 2023
07ce5ba
update CloudIncidentResponse RN
melamedbn Jul 11, 2023
21e0bde
update Core RN with BC
melamedbn Jul 11, 2023
2bfb873
added the Cloud Incident Response pack as a dependency to the Core pack
melamedbn Jul 11, 2023
232fef9
RN fixes
melamedbn Jul 11, 2023
614050f
pack ignore
melamedbn Jul 11, 2023
95fcc6f
Merge remote-tracking branch 'origin/master' into CloudIncidentRespon…
melamedbn Jul 11, 2023
d745c04
update RN with bc changes to Cortex XDR
melamedbn Jul 11, 2023
547fd0a
marketplace restrictions
melamedbn Jul 11, 2023
d817f01
update RN
melamedbn Jul 11, 2023
2b6ba51
Added the Cloud Incident Response pack as a dependency of the Cortex …
melamedbn Jul 11, 2023
46b1ce9
fix RN
melamedbn Jul 11, 2023
8fcc7ec
fix RN
melamedbn Jul 11, 2023
50122b4
fix RN
melamedbn Jul 11, 2023
9826174
bump RN
melamedbn Jul 11, 2023
26e040e
update RN
melamedbn Jul 11, 2023
1af7121
Alerts handling updates
melamedbn Jul 11, 2023
862e828
pack ignore
melamedbn Jul 11, 2023
72f4a44
Merge remote-tracking branch 'origin/master' into CloudIncidentRespon…
melamedbn Jul 11, 2023
4233c08
fix layout
melamedbn Jul 12, 2023
5b2b7c4
Merge remote-tracking branch 'origin/master' into CloudIncidentRespon…
melamedbn Jul 12, 2023
42b757f
Merge remote-tracking branch 'origin/master' into CloudIncidentRespon…
melamedbn Jul 13, 2023
ad4ec01
update RN
melamedbn Jul 13, 2023
059dc24
update RN
melamedbn Jul 13, 2023
86d6fba
Merge remote-tracking branch 'origin/master' into CloudIncidentRespon…
melamedbn Jul 13, 2023
52f89b2
update RN
melamedbn Jul 13, 2023
2f5d632
update RN
melamedbn Jul 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
8 changes: 7 additions & 1 deletion Packs/CloudIncidentResponse/.pack-ignore
View file
Open in desktop
Expand Up @@ -23,4 +23,10 @@ ignore=GR101
ignore=RM108

[file:incidentfield-Is_VPN_IP_Address.json]
ignore=IF113
ignore=IF113

[file:playbook-XCloud_Cryptomining_-_Set_Verdict.yml]
ignore=BA101

[file:playbook-XCloud_Cryptomining.yml]
ignore=BA101
1 change: 1 addition & 0 deletions ...ner-Cortex_XDR_-_XCLOUD_Cryptomining.json → ...ner-Cortex_XDR_-_XCLOUD_Cryptomining.json
View file
Open in desktop
Expand Up @@ -1491,5 +1491,6 @@
"system": false,
"version": -1,
"fromVersion": "6.5.0",
"marketplaces": ["xsoar"],
"description": ""
}
1 change: 1 addition & 0 deletions ...ybook-Cortex_XDR_-_Cloud_Cryptomining.yml → ...ybook-Cortex_XDR_-_Cloud_Cryptomining.yml
View file
Open in desktop
Expand Up @@ -1166,4 +1166,5 @@ inputs:
outputs: []
tests:
- No tests (auto formatted)
marketplaces: ["xsoar"]
fromversion: 6.5.0
1 change: 1 addition & 0 deletions ...DR_-_Cloud_Cryptomining_-_Set_Verdict.yml → ...DR_-_Cloud_Cryptomining_-_Set_Verdict.yml
View file
Open in desktop
Expand Up @@ -499,4 +499,5 @@ outputs:
quiet: true
tests:
- No tests (auto formatted)
marketplaces: ["xsoar"]
fromversion: 6.5.0
0 ...loud_Cryptomining_-_Set_Verdict_README.md → ...loud_Cryptomining_-_Set_Verdict_README.md
View file
Open in desktop
File renamed without changes.
0 ...Cortex_XDR_-_Cloud_Cryptomining_README.md → ...Cortex_XDR_-_Cloud_Cryptomining_README.md
View file
Open in desktop
File renamed without changes.
1 change: 1 addition & 0 deletions ...laybook-Cortex_XDR_-_Cloud_Enrichment.yml → ...laybook-Cortex_XDR_-_Cloud_Enrichment.yml
View file
Open in desktop
Expand Up @@ -986,4 +986,5 @@ outputs:
type: unknown
tests:
- No tests (auto formatted)
marketplaces: ["xsoar"]
fromversion: 6.5.0
0 ...k-Cortex_XDR_-_Cloud_Enrichment_README.md → ...k-Cortex_XDR_-_Cloud_Enrichment_README.md
View file
Open in desktop
File renamed without changes.
3 changes: 1 addition & 2 deletions ...ooks/playbook-XCloud_Alert_Enrichment.yml → ...ooks/playbook-XCloud_Alert_Enrichment.yml
View file
Open in desktop
Expand Up @@ -532,6 +532,5 @@ outputs:
type: unknown
tests:
- No tests (auto formatted)
marketplaces:
- marketplacev2
marketplaces: ["marketplacev2"]
fromversion: 6.6.0
0 ...laybook-XCloud_Alert_Enrichment_README.md → ...laybook-XCloud_Alert_Enrichment_README.md
View file
Open in desktop
File renamed without changes.
0 ...laybooks/playbook-XCloud_Cryptomining.yml → ...laybooks/playbook-XCloud_Cryptomining.yml
View file
Open in desktop
File renamed without changes.
0 ...ook-XCloud_Cryptomining_-_Set_Verdict.yml → ...ook-XCloud_Cryptomining_-_Set_Verdict.yml
View file
Open in desktop
File renamed without changes.
0 ...loud_Cryptomining_-_Set_Verdict_README.md → ...loud_Cryptomining_-_Set_Verdict_README.md
View file
Open in desktop
File renamed without changes.
0 ...ks/playbook-XCloud_Cryptomining_README.md → ...ks/playbook-XCloud_Cryptomining_README.md
View file
Open in desktop
File renamed without changes.
34 changes: 34 additions & 0 deletions Packs/CloudIncidentResponse/ReleaseNotes/1_0_4.md
View file
Open in desktop
@@ -0,0 +1,34 @@

#### Playbooks

##### New: Cortex XDR - Cloud Enrichment

- Moved the playbook from the Cortex XDR pack to the Cloud Incident Response pack.

##### New: Cortex XDR - XCloud Cryptojacking

- Moved the playbook from the Cortex XDR pack to the Cloud Incident Response pack.

##### New: Cortex XDR - XCloud Cryptojacking - Set Verdict

- Moved the playbook from the Cortex XDR pack to the Cloud Incident Response pack.

##### XCloud Cryptojacking

- Moved the playbook from the Core pack to the Cloud Incident Response pack.
##### XCloud Alert Enrichment

- Moved the playbook from the Core pack to the Cloud Incident Response pack.
##### XCloud Cryptojacking - Set Verdict

- Moved the playbook from the Core pack to the Cloud Incident Response pack.

#### Triggers Recommendations

**XCloud Cryptojacking**

#### Layouts

##### New: Cortex XDR - XCLOUD Cryptojacking

- Moved the playbook from the Cortex XDR pack to the Cloud Incident Response pack.
0 ...ggers/Trigger_-_XCloud_Cryptojacking.json → ...ggers/Trigger_-_XCloud_Cryptojacking.json
View file
Open in desktop
File renamed without changes.
0 ...files/Cortex_XDR_-_Cloud_Cryptomining.png → ...files/Cortex_XDR_-_Cloud_Cryptomining.png
View file
Open in desktop
File renamed without changes
0 ...c_files/Cortex_XDR_-_Cloud_Enrichment.png → ...c_files/Cortex_XDR_-_Cloud_Enrichment.png
View file
Open in desktop
File renamed without changes
0 ...rtex_XDR_-_Cryptomining_-_Set_Verdict.png → ...rtex_XDR_-_Cryptomining_-_Set_Verdict.png
View file
Open in desktop
File renamed without changes
0 ...ore/doc_files/XCloud_Alert_Enrichment.png → ...nse/doc_files/XCloud_Alert_Enrichment.png
View file
Open in desktop
File renamed without changes
0 Packs/Core/doc_files/XCloud_Cryptomining.png → ...esponse/doc_files/XCloud_Cryptomining.png
View file
Open in desktop
File renamed without changes
0 ...les/XCloud_Cryptomining_-_Set_Verdict.png → ...les/XCloud_Cryptomining_-_Set_Verdict.png
View file
Open in desktop
File renamed without changes
2 changes: 1 addition & 1 deletion Packs/CloudIncidentResponse/pack_metadata.json
View file
Open in desktop
Expand Up @@ -2,7 +2,7 @@
"name": "Cloud Incident Response",
"description": "This content Pack helps you automate collection, investigation, and remediation of incidents related to cloud infrastructure activities in AWS, Azure, and GCP.",
"support": "xsoar",
"currentVersion": "1.0.3",
"currentVersion": "1.0.4",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down
1 change: 1 addition & 0 deletions Packs/Core/ReleaseNotes/2_0_0.json
View file
Open in desktop
@@ -0,0 +1 @@
{"breakingChanges":true,"breakingChangesNotes":"**Important Note**:The following playbooks have been moved to the 'Cloud Incident Response' pack. The 'Cloud Incident Resopnse' pack will be installed as a dependency of the 'Core' pack."}
3 changes: 3 additions & 0 deletions Packs/Core/ReleaseNotes/2_0_0.md
View file
Open in desktop
@@ -0,0 +1,3 @@
##### Core

- **Important Note**: The following playbooks: **XCloud Cryptojacking**, **XCloud Cryptojacking - Set Verdict** and **XCloud Alert Enrichment**, and the **XCloud Cryptojacking trigger** have been moved to the 'Cloud Incident Response' pack. The 'Cloud Incident Response' pack will be installed as a dependency of the 'Core' pack.
8 changes: 7 additions & 1 deletion Packs/Core/pack_metadata.json
View file
Open in desktop
Expand Up @@ -2,13 +2,19 @@
"name": "Core - Investigation and Response",
"description": "Automates incident response",
"support": "xsoar",
"currentVersion": "1.4.4",
"currentVersion": "2.0.0",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
"categories": [
"Endpoint"
],
"dependencies": {
"CloudIncidentResponse": {
"mandatory": true,
"display_name": "Cloud Incident Response"
}
},
"excludedDependencies": [
"Dropbox"
],
Expand Down
1 change: 1 addition & 0 deletions Packs/CortexXDR/ReleaseNotes/5_0_0.json
View file
Open in desktop
@@ -0,0 +1 @@
{"breakingChanges":true,"breakingChangesNotes":"**Important Note**: The following playbooks: **Cortex XDR - Cloud Cryptojacking**, **Cortex XDR - Cloud Cryptojacking - Set Verdict** and **XCortex XDR - Cloud Enrichment**, and the **Cortex XDR - Cloud Cryptojacking layout** have been moved to the 'Cloud Incident Response' pack. The 'Cloud Incident Response' pack will be installed as a dependency of the 'Cortex XDR' pack."}
3 changes: 3 additions & 0 deletions Packs/CortexXDR/ReleaseNotes/5_0_0.md
View file
Open in desktop
@@ -0,0 +1,3 @@
##### CortexXDR

- **Important Note**: The following playbooks: **Cortex XDR - Cloud Cryptojacking**, **Cortex XDR - Cloud Cryptojacking - Set Verdict** and **XCortex XDR - Cloud Enrichment**, and the **Cortex XDR - Cloud Cryptojacking layout** have been moved to the 'Cloud Incident Response' pack. The 'Cloud Incident Response' pack will be installed as a dependency of the 'Cortex XDR' pack.
6 changes: 5 additions & 1 deletion Packs/CortexXDR/pack_metadata.json
View file
Open in desktop
Expand Up @@ -2,7 +2,7 @@
"name": "Cortex XDR by Palo Alto Networks",
"description": "Automates Cortex XDR incident response, and includes custom Cortex XDR incident views and layouts to aid analyst investigations.",
"support": "xsoar",
"currentVersion": "4.11.8",
"currentVersion": "5.0.0",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down Expand Up @@ -70,6 +70,10 @@
"Jira": {
"mandatory": false,
"display_name": "Atlassian Jira"
},
"CloudIncidentResponse": {
"mandatory": true,
"display_name": "Cloud Incident Response"
}
},
"marketplaces": [
Expand Down