From 9a626c68c0579cbe312875876410f6f121fba419 Mon Sep 17 00:00:00 2001 From: shahul-loginsoft <125359748+shahul-loginsoft@users.noreply.github.com> Date: Sun, 24 Dec 2023 18:58:11 +0530 Subject: [PATCH 1/9] Adding post url to cybersixgill sub alerts (#31632) * added post url to cybersixgill sub alerts * added release notes --------- Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> --- ...coming-Cybersixgill-Actionable-Alerts.json | 139 +- .../IncidentFields/Cybersixgill_Post_URL.json | 31 + ...ntfield-Cybersixgill_Triggered_Domain.json | 2 +- .../CybersixgillActionableAlerts/README.md | 10 + ...tainer-Cybersixgill_Actionable_Alerts.json | 1156 +++++++++-------- .../ReleaseNotes/1_2_12.md | 16 + ...ybersixgillActionableAlertStatusUpdate.yml | 2 +- .../README.md | 2 + .../pack_metadata.json | 2 +- 9 files changed, 752 insertions(+), 608 deletions(-) create mode 100644 Packs/Cybersixgill-ActionableAlerts/IncidentFields/Cybersixgill_Post_URL.json create mode 100644 Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md diff --git a/Packs/Cybersixgill-ActionableAlerts/Classifiers/classifier-mapper-incoming-Cybersixgill-Actionable-Alerts.json b/Packs/Cybersixgill-ActionableAlerts/Classifiers/classifier-mapper-incoming-Cybersixgill-Actionable-Alerts.json index df509b38f1bd..51361ffa8c9b 100644 --- a/Packs/Cybersixgill-ActionableAlerts/Classifiers/classifier-mapper-incoming-Cybersixgill-Actionable-Alerts.json +++ b/Packs/Cybersixgill-ActionableAlerts/Classifiers/classifier-mapper-incoming-Cybersixgill-Actionable-Alerts.json @@ -1,31 +1,114 @@ { - "description": "", - "feed": false, - "id": "Cybersixgill Actionable Alerts - Incoming Mapper", - "mapping": { - "Cybersixgill Actionable Alerts": { - "dontMapEventToLabels": true, - "internalMapping": { - "Cybersixgill CVSS 2.0": { - "simple": "additional_info.nvd.v3.current" - }, - "Cybersixgill CVSS 3.1": { - "simple": "additional_info.nvd.v2.current" - }, - "Cybersixgill DVE Score": { - "simple": "additional_info.score.current" - }, - "Cybersixgill Suspicious domain": { - "simple": "additional_info.tables.suspicious_domain" - }, - "Cybersixgill Triggered domain": { - "simple": "additional_info.tables.triggered_domain" - } - } - } - }, - "name": "Cybersixgill Actionable Alerts - Incoming Mapper", - "type": "mapping-incoming", - "version": -1, + "description": "", + "feed": false, + "id": "Cybersixgill Actionable Alerts - Incoming Mapper", + "mapping": { + "Cybersixgill Actionable Alerts": { + "dontMapEventToLabels": true, + "internalMapping": { + "Cybersixgill CVSS 2.0": { + "simple": "additional_info.nvd.v3.current" + }, + "Cybersixgill CVSS 3.1": { + "simple": "additional_info.nvd.v2.current" + }, + "Cybersixgill DVE Score": { + "simple": "additional_info.score.current" + }, + "Cybersixgill Suspicious domain": { + "simple": "additional_info.tables.suspicious_domain" + }, + "Cybersixgill Triggered domain": { + "simple": "additional_info.tables.triggered_domain" + }, + "Cybersixgill Post URL": { + "complex": { + "filters": [ + [ + { + "left": { + "isContext": true, + "value": { + "simple": "sub_alerts_length" + } + }, + "operator": "greaterThan", + "right": { + "value": { + "simple": "0" + } + } + } + ] + ], + "root": "sub_alerts_length", + "transformers": [ + { + "args": { + "limit": {}, + "replaceWith": {}, + "toReplace": { + "isContext": true, + "value": { + "simple": "sub_alerts_length" + } + } + }, + "operator": "replace" + }, + { + "args": { + "prefix": { + "value": { + "simple": "https://portal.cybersixgill.com/#/alerts?actionable_alert_content_id={id}\u0026aggregatedIndex={aggregate_alert_id}\u0026filters.alert_id={id}" + } + }, + "suffix": {} + }, + "operator": "concat" + }, + { + "args": { + "limit": {}, + "replaceWith": { + "isContext": true, + "value": { + "simple": "id" + } + }, + "toReplace": { + "value": { + "simple": "{id}" + } + } + }, + "operator": "replace" + }, + { + "args": { + "limit": {}, + "replaceWith": { + "isContext": true, + "value": { + "simple": "aggregate_alert_id" + } + }, + "toReplace": { + "value": { + "simple": "{aggregate_alert_id}" + } + } + }, + "operator": "replace" + } + ] + } + } + } + } + }, + "name": "Cybersixgill Actionable Alerts - Incoming Mapper", + "type": "mapping-incoming", + "version": -1, "fromVersion": "6.10.0" } \ No newline at end of file diff --git a/Packs/Cybersixgill-ActionableAlerts/IncidentFields/Cybersixgill_Post_URL.json b/Packs/Cybersixgill-ActionableAlerts/IncidentFields/Cybersixgill_Post_URL.json new file mode 100644 index 000000000000..2c3b9cfb1d2e --- /dev/null +++ b/Packs/Cybersixgill-ActionableAlerts/IncidentFields/Cybersixgill_Post_URL.json @@ -0,0 +1,31 @@ +{ + "id": "incident_cybersixgillposturl", + "version": -1, + "modified": "2023-12-11T13:18:50.541657402+05:30", + "name": "Cybersixgill Post URL", + "ownerOnly": false, + "cliName": "cybersixgillposturl", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "Cybersixgill Actionable Alerts" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.10.0" +} \ No newline at end of file diff --git a/Packs/Cybersixgill-ActionableAlerts/IncidentFields/incidentfield-Cybersixgill_Triggered_Domain.json b/Packs/Cybersixgill-ActionableAlerts/IncidentFields/incidentfield-Cybersixgill_Triggered_Domain.json index 982b99f96b97..e65f06036418 100644 --- a/Packs/Cybersixgill-ActionableAlerts/IncidentFields/incidentfield-Cybersixgill_Triggered_Domain.json +++ b/Packs/Cybersixgill-ActionableAlerts/IncidentFields/incidentfield-Cybersixgill_Triggered_Domain.json @@ -29,4 +29,4 @@ "sla": 0, "threshold": 72, "fromVersion": "6.10.0" -} +} \ No newline at end of file diff --git a/Packs/Cybersixgill-ActionableAlerts/Integrations/CybersixgillActionableAlerts/README.md b/Packs/Cybersixgill-ActionableAlerts/Integrations/CybersixgillActionableAlerts/README.md index 500661ee926a..2b400b686424 100644 --- a/Packs/Cybersixgill-ActionableAlerts/Integrations/CybersixgillActionableAlerts/README.md +++ b/Packs/Cybersixgill-ActionableAlerts/Integrations/CybersixgillActionableAlerts/README.md @@ -4,6 +4,7 @@ organization assets, and automatically alerts users in real time of any relevant The integration will focus on retrieving Cybersixgill's Actionable Alerts as incidents ## Use Cases + Fetch Incidents & Events ## Configure Cybersixgill on XSOAR @@ -20,11 +21,14 @@ Fetch Incidents & Events | threat_type | Filter by alert threat type | False | 4. Click **Test** to validate the URLs, token, and connection. + ## Fetch incidents + You can execute these commands from the XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details. ## output + ``` [{ 'name': "", @@ -49,9 +53,12 @@ After you successfully execute a command, a DBot message appears in the War Room ``` ## Commands + You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details. + ### cybersixgill-update-alert-status + *** updates the existing actionable alert status @@ -59,6 +66,7 @@ updates the existing actionable alert status #### Base Command `cybersixgill-update-alert-status` + #### Input | **Argument Name** | **Description** | **Required** | @@ -71,6 +79,8 @@ updates the existing actionable alert status #### Context Output There is no context output for this command. + ## Additional Information + Contact us: support@cybersixgill.com diff --git a/Packs/Cybersixgill-ActionableAlerts/Layouts/layoutscontainer-Cybersixgill_Actionable_Alerts.json b/Packs/Cybersixgill-ActionableAlerts/Layouts/layoutscontainer-Cybersixgill_Actionable_Alerts.json index 63b2b775dd35..2246d6141c6d 100644 --- a/Packs/Cybersixgill-ActionableAlerts/Layouts/layoutscontainer-Cybersixgill_Actionable_Alerts.json +++ b/Packs/Cybersixgill-ActionableAlerts/Layouts/layoutscontainer-Cybersixgill_Actionable_Alerts.json @@ -1,602 +1,602 @@ { "detailsV2": { "tabs": [ - { + { "hidden": false, "id": "1vduzkpmlh", "name": "Incident Info", "sections": [ - { - "displayType": "ROW", - "h": 2, - "hideName": false, - "i": "1vduzkpmlh-fce71720-98b0-11e9-97d7-ed26ef9e46c8", - "isVisible": true, - "items": [ - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "type", - "height": 22, - "id": "1cc0c4a0-9bd7-11e9-ba23-8723b1f1df6b", - "index": 0, - "listId": "fce71720-98b0-11e9-97d7-ed26ef9e46c8", - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "dbotsource", - "height": 22, - "id": "87e18ad0-9bd7-11e9-ba23-8723b1f1df6b", - "index": 1, - "sectionItemType": "field", - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "severity", - "height": 22, - "id": "20430d90-9bd7-11e9-ba23-8723b1f1df6b", - "index": 2, - "listId": "fce71720-98b0-11e9-97d7-ed26ef9e46c8", - "sectionItemType": "field", - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "owner", - "height": 22, - "id": "4fd2b640-a7d6-11e9-8433-9f52f2917950", - "index": 3, - "listId": "fce71720-98b0-11e9-97d7-ed26ef9e46c8", - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "playbookid", - "height": 22, - "id": "930bb7a0-a866-11e9-aeb8-c3448b5d692d", - "index": 4, - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "sourceinstance", - "height": 22, - "id": "43cfe2d0-9bee-11e9-9a3f-8b4b2158e260", - "index": 6, - "sectionItemType": "field", - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "sourcebrand", - "height": 22, - "id": "42f03130-9bee-11e9-9a3f-8b4b2158e260", - "index": 7, - "listId": "fce71720-98b0-11e9-97d7-ed26ef9e46c8", - "sectionItemType": "field", - "startCol": 0 - } - ], - "maxW": 3, - "minH": 1, - "minW": 1, - "moved": false, - "name": "Case Details", - "static": false, - "w": 1, - "x": 0, - "y": 0 - }, - { - "displayType": "ROW", - "h": 2, - "hideName": false, - "i": "1vduzkpmlh-61263cc0-98b1-11e9-97d7-ed26ef9e46c8", - "isVisible": true, - "items": [], - "maxW": 3, - "minH": 1, - "minW": 1, - "moved": false, - "name": "Notes", - "readOnly": true, - "static": false, - "type": "notes", - "w": 1, - "x": 1, - "y": 6 - }, - { - "displayType": "ROW", - "h": 2, - "hideName": false, - "i": "1vduzkpmlh-842632c0-98b1-11e9-97d7-ed26ef9e46c8", - "isVisible": true, - "items": [], - "maxW": 3, - "minH": 1, - "minW": 1, - "moved": false, - "name": "Child Incidents", - "readOnly": true, - "static": false, - "type": "childInv", - "w": 1, - "x": 2, - "y": 6 - }, - { - "displayType": "ROW", - "h": 2, - "hideName": false, - "i": "1vduzkpmlh-4a31afa0-98ba-11e9-a519-93a53c759fe0", - "isVisible": true, - "items": [], - "maxW": 3, - "minH": 1, - "minW": 1, - "moved": false, - "name": "Evidence", - "readOnly": true, - "static": false, - "type": "evidence", - "w": 1, - "x": 0, - "y": 8 - }, - { - "displayType": "ROW", - "h": 2, - "hideName": false, - "i": "1vduzkpmlh-7717e580-9bed-11e9-9a3f-8b4b2158e260", - "isVisible": true, - "items": [], - "maxW": 3, - "minH": 1, - "minW": 1, - "moved": false, - "name": "Team Members", - "readOnly": true, - "static": false, - "type": "team", - "w": 1, - "x": 1, - "y": 8 - }, - { - "displayType": "ROW", - "h": 2, - "hideName": false, - "i": "1vduzkpmlh-c9b7ded0-a863-11e9-aeb8-c3448b5d692d", - "isVisible": true, - "items": [ - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "dbotcreated", - "height": 24, - "id": "930bf0a0-a864-11e9-aeb8-c3448b5d692d", - "index": 0, - "listId": "c9b7ded0-a863-11e9-aeb8-c3448b5d692d", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "occurred", - "height": 24, - "id": "e92b52b0-a863-11e9-aeb8-c3448b5d692d", - "index": 1, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "dbotmodified", - "height": 24, - "id": "99cbd860-a864-11e9-aeb8-c3448b5d692d", - "index": 2, - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "dbotclosed", - "height": 24, - "id": "a1a67ef0-a864-11e9-aeb8-c3448b5d692d", - "index": 3, - "listId": "c9b7ded0-a863-11e9-aeb8-c3448b5d692d", - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "remediationsla", - "height": 24, - "id": "6cd9de10-9bee-11e9-9a3f-8b4b2158e260", - "index": 4, - "listId": "24257a20-98b1-11e9-97d7-ed26ef9e46c8", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "detectionsla", - "height": 24, - "id": "6b72acf0-9bee-11e9-9a3f-8b4b2158e260", - "index": 5, - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "dbotduedate", - "height": 24, - "id": "551d6320-a7d6-11e9-8433-9f52f2917950", - "index": 6, - "listId": "c9b7ded0-a863-11e9-aeb8-c3448b5d692d", - "startCol": 0 - } - ], - "maxW": 3, - "minH": 1, - "minW": 1, - "moved": false, - "name": "Timeline Information", - "static": false, - "w": 1, - "x": 1, - "y": 2 - }, - { - "displayType": "ROW", - "h": 2, - "hideName": false, - "i": "1vduzkpmlh-e462ffc0-a864-11e9-aeb8-c3448b5d692d", - "isVisible": true, - "items": [ - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "dbotclosed", - "height": 24, - "id": "427bf020-a866-11e9-aeb8-c3448b5d692d", - "index": 0, - "listId": "e462ffc0-a864-11e9-aeb8-c3448b5d692d", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "closereason", - "height": 24, - "id": "f23f6e30-a864-11e9-aeb8-c3448b5d692d", - "index": 1, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "closinguserid", - "height": 24, - "id": "f387a5a0-a864-11e9-aeb8-c3448b5d692d", - "index": 2, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "closenotes", - "height": 48, - "id": "f579ffc0-a864-11e9-aeb8-c3448b5d692d", - "index": 3, - "startCol": 0 - } - ], - "maxW": 3, - "minH": 1, - "minW": 1, - "moved": false, - "name": "Closing Information", - "static": false, - "w": 1, - "x": 2, - "y": 4 - }, - { - "displayType": "CARD", - "h": 2, - "hideName": false, - "i": "1vduzkpmlh-d8316060-ac70-11e9-a30b-53d47e1ea7d7", - "items": [ - { - "endCol": 2, - "fieldId": "incidentlink", - "height": 53, - "id": "21a4a950-4c65-11ec-9b4f-d370b97e00c8", - "index": 0, - "sectionItemType": "field", - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 1, - "fieldId": "cybersixgillstatus", - "height": 53, - "id": "3bf8dc80-4617-11ec-a3e6-073e7f7f29fa", - "index": 1, - "listId": "1vduzkpmlh-d8316060-ac70-11e9-a30b-53d47e1ea7d7", - "sectionItemType": "field", - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 1, - "fieldId": "cybersixgilltriggeredassets", - "height": 53, - "id": "96c217b0-46ff-11ec-a87f-9f90967a78ae", - "index": 2, - "listId": "1vduzkpmlh-d8316060-ac70-11e9-a30b-53d47e1ea7d7", - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "cyberthreatlevel", - "height": 53, - "id": "a58f34a0-41a0-11ea-ab50-c5b3863b3e71", - "index": 3, - "sectionItemType": "field", - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "cybersixgillthreatlevel", - "height": 53, - "id": "3ec2aae0-4617-11ec-a3e6-073e7f7f29fa", - "index": 1, - "listId": "1vduzkpmlh-d8316060-ac70-11e9-a30b-53d47e1ea7d7", - "sectionItemType": "field", - "startCol": 1 - }, - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "cybersixgillthreattype", - "height": 53, - "id": "3fbe48f0-4617-11ec-a3e6-073e7f7f29fa", - "index": 2, - "listId": "1vduzkpmlh-d8316060-ac70-11e9-a30b-53d47e1ea7d7", - "sectionItemType": "field", - "startCol": 1 - } - ], - "maxW": 3, - "minH": 1, - "minW": 1, - "moved": false, - "name": "Cybersixgill Alert Information", - "static": false, - "w": 1, - "x": 1, - "y": 0 - }, - { - "displayType": "ROW", - "h": 4, - "hideName": false, - "i": "1vduzkpmlh-a1d27840-4617-11ec-a3e6-073e7f7f29fa", - "items": [ - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "cybersixgillsite", - "height": 22, - "id": "2abe92a0-46ff-11ec-a87f-9f90967a78ae", - "index": 1, - "listId": "1vduzkpmlh-a1d27840-4617-11ec-a3e6-073e7f7f29fa", - "sectionItemType": "field", - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "cybersixgillactor", - "height": 22, - "id": "34185f20-46ff-11ec-a87f-9f90967a78ae", - "index": 1, - "listId": "1vduzkpmlh-a1d27840-4617-11ec-a3e6-073e7f7f29fa", - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "details", - "height": 44, - "id": "bb70d990-4617-11ec-a3e6-073e7f7f29fa", - "index": 3, - "sectionItemType": "field", - "startCol": 0 - } - ], - "maxW": 3, - "minH": 1, - "minW": 1, - "moved": false, - "name": "Investigation Data", - "static": false, - "w": 1, - "x": 0, - "y": 2 - }, - { - "h": 3, - "i": "1vduzkpmlh-0905b090-4618-11ec-a3e6-073e7f7f29fa", - "items": [], - "maxW": 3, - "minH": 1, - "minW": 3, - "moved": false, - "name": "Indicators", - "query": "", - "queryType": "input", - "static": false, - "type": "indicators", - "w": 3, - "x": 0, - "y": 10 - }, - { - "displayType": "CARD", - "h": 4, - "hideName": false, - "i": "1vduzkpmlh-43d0e090-46ff-11ec-a87f-9f90967a78ae", - "items": [ - { - "endCol": 2, - "fieldId": "cybersixgillassessment", - "height": 106, - "id": "5ba50930-46ff-11ec-a87f-9f90967a78ae", - "index": 0, - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "cybersixgillrecommendations", - "height": 22, - "id": "5d864c50-46ff-11ec-a87f-9f90967a78ae", - "index": 1, - "sectionItemType": "field", - "startCol": 0 - } - ], - "maxW": 3, - "minH": 1, - "minW": 1, - "moved": false, - "name": "Cybersixgill Assessment and Recommendations", - "static": false, - "w": 1, - "x": 2, - "y": 0 - }, - { - "h": 2, - "i": "1vduzkpmlh-6a8c8470-aa67-11ec-99a4-873a879bfdf2", - "items": [], - "maxW": 3, - "minH": 1, - "minW": 1, - "moved": false, - "name": "War Room Entries", - "query": null, - "queryType": "warRoomFilter", - "static": false, - "type": "invTimeline", - "w": 1, - "x": 0, - "y": 6 - }, - { - "displayType": "ROW", - "h": 2, - "hideName": false, - "i": "1vduzkpmlh-f284d860-b664-11ec-80cd-0f1330d55686", - "items": [ - { - "endCol": 2, - "fieldId": "cve", - "height": 22, - "id": "2b1dfb20-b665-11ec-80cd-0f1330d55686", - "index": 0, - "sectionItemType": "field", - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "cybersixgilldvescore", - "height": 22, - "id": "4f0f8770-a52a-11ec-8e55-0dece3c5f18c", - "index": 1, - "listId": "1vduzkpmlh-f284d860-b664-11ec-80cd-0f1330d55686", - "sectionItemType": "field", - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "cybersixgillcvss20", - "height": 22, - "id": "4d78e1e0-a52a-11ec-8e55-0dece3c5f18c", - "index": 2, - "listId": "1vduzkpmlh-f284d860-b664-11ec-80cd-0f1330d55686", - "sectionItemType": "field", - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "cybersixgillcvss31", - "height": 22, - "id": "43a810a0-a52a-11ec-8e55-0dece3c5f18c", - "index": 3, - "listId": "1vduzkpmlh-f284d860-b664-11ec-80cd-0f1330d55686", - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "cybersixgillattributes", - "height": 44, - "id": "36562ef0-a52a-11ec-8e55-0dece3c5f18c", - "index": 4, - "sectionItemType": "field", - "startCol": 0 - } - ], - "maxW": 3, - "minH": 1, - "minW": 1, - "moved": false, - "name": "CVE Details", - "static": false, - "w": 1, - "x": 1, - "y": 4 - } + { + "displayType": "ROW", + "h": 2, + "hideName": false, + "i": "1vduzkpmlh-fce71720-98b0-11e9-97d7-ed26ef9e46c8", + "isVisible": true, + "items": [ + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "type", + "height": 22, + "id": "1cc0c4a0-9bd7-11e9-ba23-8723b1f1df6b", + "index": 0, + "listId": "fce71720-98b0-11e9-97d7-ed26ef9e46c8", + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "dbotsource", + "height": 22, + "id": "87e18ad0-9bd7-11e9-ba23-8723b1f1df6b", + "index": 1, + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "severity", + "height": 22, + "id": "20430d90-9bd7-11e9-ba23-8723b1f1df6b", + "index": 2, + "listId": "fce71720-98b0-11e9-97d7-ed26ef9e46c8", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "owner", + "height": 22, + "id": "4fd2b640-a7d6-11e9-8433-9f52f2917950", + "index": 3, + "listId": "fce71720-98b0-11e9-97d7-ed26ef9e46c8", + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "playbookid", + "height": 22, + "id": "930bb7a0-a866-11e9-aeb8-c3448b5d692d", + "index": 4, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "sourceinstance", + "height": 22, + "id": "43cfe2d0-9bee-11e9-9a3f-8b4b2158e260", + "index": 6, + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "sourcebrand", + "height": 22, + "id": "42f03130-9bee-11e9-9a3f-8b4b2158e260", + "index": 7, + "listId": "fce71720-98b0-11e9-97d7-ed26ef9e46c8", + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "cybersixgillposturl", + "height": 53, + "id": "aff39d50-9809-11ee-8cb8-c9b8d635ed4b", + "index": 4, + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxW": 3, + "minH": 1, + "minW": 1, + "moved": false, + "name": "Case Details", + "static": false, + "w": 1, + "x": 0, + "y": 0 + }, + { + "displayType": "ROW", + "h": 2, + "hideName": false, + "i": "1vduzkpmlh-61263cc0-98b1-11e9-97d7-ed26ef9e46c8", + "isVisible": true, + "items": [], + "maxW": 3, + "minH": 1, + "minW": 1, + "moved": false, + "name": "Notes", + "readOnly": true, + "static": false, + "type": "notes", + "w": 1, + "x": 1, + "y": 6 + }, + { + "displayType": "ROW", + "h": 2, + "hideName": false, + "i": "1vduzkpmlh-842632c0-98b1-11e9-97d7-ed26ef9e46c8", + "isVisible": true, + "items": [], + "maxW": 3, + "minH": 1, + "minW": 1, + "moved": false, + "name": "Child Incidents", + "readOnly": true, + "static": false, + "type": "childInv", + "w": 1, + "x": 2, + "y": 6 + }, + { + "displayType": "ROW", + "h": 2, + "hideName": false, + "i": "1vduzkpmlh-4a31afa0-98ba-11e9-a519-93a53c759fe0", + "isVisible": true, + "items": [], + "maxW": 3, + "minH": 1, + "minW": 1, + "moved": false, + "name": "Evidence", + "readOnly": true, + "static": false, + "type": "evidence", + "w": 1, + "x": 0, + "y": 8 + }, + { + "displayType": "ROW", + "h": 2, + "hideName": false, + "i": "1vduzkpmlh-7717e580-9bed-11e9-9a3f-8b4b2158e260", + "isVisible": true, + "items": [], + "maxW": 3, + "minH": 1, + "minW": 1, + "moved": false, + "name": "Team Members", + "readOnly": true, + "static": false, + "type": "team", + "w": 1, + "x": 1, + "y": 8 + }, + { + "displayType": "ROW", + "h": 2, + "hideName": false, + "i": "1vduzkpmlh-c9b7ded0-a863-11e9-aeb8-c3448b5d692d", + "isVisible": true, + "items": [ + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "dbotcreated", + "height": 24, + "id": "930bf0a0-a864-11e9-aeb8-c3448b5d692d", + "index": 0, + "listId": "c9b7ded0-a863-11e9-aeb8-c3448b5d692d", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "occurred", + "height": 24, + "id": "e92b52b0-a863-11e9-aeb8-c3448b5d692d", + "index": 1, + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "dbotmodified", + "height": 24, + "id": "99cbd860-a864-11e9-aeb8-c3448b5d692d", + "index": 2, + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "dbotclosed", + "height": 24, + "id": "a1a67ef0-a864-11e9-aeb8-c3448b5d692d", + "index": 3, + "listId": "c9b7ded0-a863-11e9-aeb8-c3448b5d692d", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "remediationsla", + "height": 24, + "id": "6cd9de10-9bee-11e9-9a3f-8b4b2158e260", + "index": 4, + "listId": "24257a20-98b1-11e9-97d7-ed26ef9e46c8", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "detectionsla", + "height": 24, + "id": "6b72acf0-9bee-11e9-9a3f-8b4b2158e260", + "index": 5, + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "dbotduedate", + "height": 24, + "id": "551d6320-a7d6-11e9-8433-9f52f2917950", + "index": 6, + "listId": "c9b7ded0-a863-11e9-aeb8-c3448b5d692d", + "startCol": 0 + } + ], + "maxW": 3, + "minH": 1, + "minW": 1, + "moved": false, + "name": "Timeline Information", + "static": false, + "w": 1, + "x": 1, + "y": 2 + }, + { + "displayType": "ROW", + "h": 2, + "hideName": false, + "i": "1vduzkpmlh-e462ffc0-a864-11e9-aeb8-c3448b5d692d", + "isVisible": true, + "items": [ + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "dbotclosed", + "height": 24, + "id": "427bf020-a866-11e9-aeb8-c3448b5d692d", + "index": 0, + "listId": "e462ffc0-a864-11e9-aeb8-c3448b5d692d", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "closereason", + "height": 24, + "id": "f23f6e30-a864-11e9-aeb8-c3448b5d692d", + "index": 1, + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "closinguserid", + "height": 24, + "id": "f387a5a0-a864-11e9-aeb8-c3448b5d692d", + "index": 2, + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "closenotes", + "height": 48, + "id": "f579ffc0-a864-11e9-aeb8-c3448b5d692d", + "index": 3, + "startCol": 0 + } + ], + "maxW": 3, + "minH": 1, + "minW": 1, + "moved": false, + "name": "Closing Information", + "static": false, + "w": 1, + "x": 2, + "y": 4 + }, + { + "displayType": "CARD", + "h": 2, + "hideName": false, + "i": "1vduzkpmlh-d8316060-ac70-11e9-a30b-53d47e1ea7d7", + "items": [ + { + "endCol": 2, + "fieldId": "incidentlink", + "height": 53, + "id": "21a4a950-4c65-11ec-9b4f-d370b97e00c8", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 1, + "fieldId": "cybersixgillstatus", + "height": 53, + "id": "3bf8dc80-4617-11ec-a3e6-073e7f7f29fa", + "index": 1, + "listId": "1vduzkpmlh-d8316060-ac70-11e9-a30b-53d47e1ea7d7", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 1, + "fieldId": "cybersixgilltriggeredassets", + "height": 53, + "id": "96c217b0-46ff-11ec-a87f-9f90967a78ae", + "index": 2, + "listId": "1vduzkpmlh-d8316060-ac70-11e9-a30b-53d47e1ea7d7", + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "cybersixgillthreatlevel", + "height": 53, + "id": "3ec2aae0-4617-11ec-a3e6-073e7f7f29fa", + "index": 1, + "sectionItemType": "field", + "startCol": 1, + "dropEffect": "move", + "listId": "1vduzkpmlh-d8316060-ac70-11e9-a30b-53d47e1ea7d7" + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "cybersixgillthreattype", + "height": 53, + "id": "3fbe48f0-4617-11ec-a3e6-073e7f7f29fa", + "index": 2, + "listId": "1vduzkpmlh-d8316060-ac70-11e9-a30b-53d47e1ea7d7", + "sectionItemType": "field", + "startCol": 1 + } + ], + "maxW": 3, + "minH": 1, + "minW": 1, + "moved": false, + "name": "Cybersixgill Alert Information", + "static": false, + "w": 1, + "x": 1, + "y": 0 + }, + { + "displayType": "ROW", + "h": 4, + "hideName": false, + "i": "1vduzkpmlh-a1d27840-4617-11ec-a3e6-073e7f7f29fa", + "items": [ + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "cybersixgillsite", + "height": 22, + "id": "2abe92a0-46ff-11ec-a87f-9f90967a78ae", + "index": 1, + "listId": "1vduzkpmlh-a1d27840-4617-11ec-a3e6-073e7f7f29fa", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "cybersixgillactor", + "height": 22, + "id": "34185f20-46ff-11ec-a87f-9f90967a78ae", + "index": 1, + "listId": "1vduzkpmlh-a1d27840-4617-11ec-a3e6-073e7f7f29fa", + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "details", + "height": 44, + "id": "bb70d990-4617-11ec-a3e6-073e7f7f29fa", + "index": 3, + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxW": 3, + "minH": 1, + "minW": 1, + "moved": false, + "name": "Investigation Data", + "static": false, + "w": 1, + "x": 0, + "y": 2 + }, + { + "h": 3, + "i": "1vduzkpmlh-0905b090-4618-11ec-a3e6-073e7f7f29fa", + "items": [], + "maxW": 3, + "minH": 1, + "minW": 3, + "moved": false, + "name": "Indicators", + "query": "", + "queryType": "input", + "static": false, + "type": "indicators", + "w": 3, + "x": 0, + "y": 10 + }, + { + "displayType": "CARD", + "h": 4, + "hideName": false, + "i": "1vduzkpmlh-43d0e090-46ff-11ec-a87f-9f90967a78ae", + "items": [ + { + "endCol": 2, + "fieldId": "cybersixgillassessment", + "height": 106, + "id": "5ba50930-46ff-11ec-a87f-9f90967a78ae", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "cybersixgillrecommendations", + "height": 22, + "id": "5d864c50-46ff-11ec-a87f-9f90967a78ae", + "index": 1, + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxW": 3, + "minH": 1, + "minW": 1, + "moved": false, + "name": "Cybersixgill Assessment and Recommendations", + "static": false, + "w": 1, + "x": 2, + "y": 0 + }, + { + "h": 2, + "i": "1vduzkpmlh-6a8c8470-aa67-11ec-99a4-873a879bfdf2", + "items": [], + "maxW": 3, + "minH": 1, + "minW": 1, + "moved": false, + "name": "War Room Entries", + "query": null, + "queryType": "warRoomFilter", + "static": false, + "type": "invTimeline", + "w": 1, + "x": 0, + "y": 6 + }, + { + "displayType": "ROW", + "h": 2, + "hideName": false, + "i": "1vduzkpmlh-f284d860-b664-11ec-80cd-0f1330d55686", + "items": [ + { + "endCol": 2, + "fieldId": "cve", + "height": 22, + "id": "2b1dfb20-b665-11ec-80cd-0f1330d55686", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "cybersixgilldvescore", + "height": 22, + "id": "4f0f8770-a52a-11ec-8e55-0dece3c5f18c", + "index": 1, + "listId": "1vduzkpmlh-f284d860-b664-11ec-80cd-0f1330d55686", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "cybersixgillcvss20", + "height": 22, + "id": "4d78e1e0-a52a-11ec-8e55-0dece3c5f18c", + "index": 2, + "listId": "1vduzkpmlh-f284d860-b664-11ec-80cd-0f1330d55686", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "cybersixgillcvss31", + "height": 22, + "id": "43a810a0-a52a-11ec-8e55-0dece3c5f18c", + "index": 3, + "listId": "1vduzkpmlh-f284d860-b664-11ec-80cd-0f1330d55686", + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "cybersixgillattributes", + "height": 44, + "id": "36562ef0-a52a-11ec-8e55-0dece3c5f18c", + "index": 4, + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxW": 3, + "minH": 1, + "minW": 1, + "moved": false, + "name": "CVE Details", + "static": false, + "w": 1, + "x": 1, + "y": 4 + } ], "type": "custom" - }, - { + }, + { "id": "warRoom", "name": "War Room", "type": "warRoom" - }, - { + }, + { "id": "workPlan", "name": "Work Plan", "type": "workPlan" - }, - { + }, + { "id": "evidenceBoard", "name": "Evidence Board", "type": "evidenceBoard" - }, - { + }, + { "id": "relatedIncidents", "name": "Related Incidents", "type": "relatedIncidents" - }, - { + }, + { "id": "canvas", "name": "Canvas", "type": "canvas" - } + } ] }, "id": "Cybersixgill Actionable Alerts", @@ -605,6 +605,8 @@ "group": "incident", "system": false, "fromVersion": "6.0.0", - "description": "", - "marketplaces": ["xsoar"] + "marketplaces": [ + "xsoar" + ], + "description": "" } \ No newline at end of file diff --git a/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md b/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md new file mode 100644 index 000000000000..52c4474353f5 --- /dev/null +++ b/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md @@ -0,0 +1,16 @@ + +#### Incident Fields + +- New: **Cybersixgill Post URL** + +#### Layouts + +- New: Added **Cybersixgill Post URL** in Cybersixgill Alert Information Layout for only Sub Alerts. + +##### CybersixgillActionableAlertStatusUpdate + +- Updated the Docker image to: *demisto/sixgill:1.0.0.83420*. + +##### Cybersixgill Actionable Alerts + +- Updated the Docker image to: *demisto/sixgill:1.0.0.83420*. \ No newline at end of file diff --git a/Packs/Cybersixgill-ActionableAlerts/Scripts/CybersixgillActionableAlertStatusUpdate/CybersixgillActionableAlertStatusUpdate.yml b/Packs/Cybersixgill-ActionableAlerts/Scripts/CybersixgillActionableAlertStatusUpdate/CybersixgillActionableAlertStatusUpdate.yml index da9db3390740..84b24505c3c6 100644 --- a/Packs/Cybersixgill-ActionableAlerts/Scripts/CybersixgillActionableAlertStatusUpdate/CybersixgillActionableAlertStatusUpdate.yml +++ b/Packs/Cybersixgill-ActionableAlerts/Scripts/CybersixgillActionableAlertStatusUpdate/CybersixgillActionableAlertStatusUpdate.yml @@ -17,7 +17,7 @@ dependson: should: - Cybersixgill_Actionable_Alerts|||cybersixgill-update-alert-status timeout: 180ns -dockerimage: demisto/sixgill:1.0.0.28665 +dockerimage: demisto/sixgill:1.0.0.83420 runas: DBotWeakRole fromversion: 5.5.0 tests: diff --git a/Packs/Cybersixgill-ActionableAlerts/Scripts/CybersixgillActionableAlertStatusUpdate/README.md b/Packs/Cybersixgill-ActionableAlerts/Scripts/CybersixgillActionableAlertStatusUpdate/README.md index 6b0a39831da7..bb02bea3f6ed 100644 --- a/Packs/Cybersixgill-ActionableAlerts/Scripts/CybersixgillActionableAlertStatusUpdate/README.md +++ b/Packs/Cybersixgill-ActionableAlerts/Scripts/CybersixgillActionableAlertStatusUpdate/README.md @@ -1,5 +1,7 @@ Updates the Actionable alert status. + ## Script Data + --- | **Name** | **Description** | diff --git a/Packs/Cybersixgill-ActionableAlerts/pack_metadata.json b/Packs/Cybersixgill-ActionableAlerts/pack_metadata.json index f4e7bc0c1446..45165c7236a0 100644 --- a/Packs/Cybersixgill-ActionableAlerts/pack_metadata.json +++ b/Packs/Cybersixgill-ActionableAlerts/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cybersixgill Actionable Alerts", "description": "The integration allow retrieving Cybersixgill's actionable alerts based on organization assets", "support": "partner", - "currentVersion": "1.2.11", + "currentVersion": "1.2.12", "author": "Cybersixgill", "url": "https://www.cybersixgill.com/", "email": "getstarted@cybersixgill.com", From 7dddbbcda08f331e84598e9d85921706a6fb6826 Mon Sep 17 00:00:00 2001 From: adi88d Date: Sun, 24 Dec 2023 15:34:15 +0200 Subject: [PATCH 2/9] revert unnecessary files --- .../incidentfield-Cybersixgill_Triggered_Domain.json | 2 +- .../CybersixgillActionableAlerts/README.md | 10 ---------- .../CybersixgillActionableAlertStatusUpdate/README.md | 2 -- 3 files changed, 1 insertion(+), 13 deletions(-) diff --git a/Packs/Cybersixgill-ActionableAlerts/IncidentFields/incidentfield-Cybersixgill_Triggered_Domain.json b/Packs/Cybersixgill-ActionableAlerts/IncidentFields/incidentfield-Cybersixgill_Triggered_Domain.json index e65f06036418..982b99f96b97 100644 --- a/Packs/Cybersixgill-ActionableAlerts/IncidentFields/incidentfield-Cybersixgill_Triggered_Domain.json +++ b/Packs/Cybersixgill-ActionableAlerts/IncidentFields/incidentfield-Cybersixgill_Triggered_Domain.json @@ -29,4 +29,4 @@ "sla": 0, "threshold": 72, "fromVersion": "6.10.0" -} \ No newline at end of file +} diff --git a/Packs/Cybersixgill-ActionableAlerts/Integrations/CybersixgillActionableAlerts/README.md b/Packs/Cybersixgill-ActionableAlerts/Integrations/CybersixgillActionableAlerts/README.md index 2b400b686424..500661ee926a 100644 --- a/Packs/Cybersixgill-ActionableAlerts/Integrations/CybersixgillActionableAlerts/README.md +++ b/Packs/Cybersixgill-ActionableAlerts/Integrations/CybersixgillActionableAlerts/README.md @@ -4,7 +4,6 @@ organization assets, and automatically alerts users in real time of any relevant The integration will focus on retrieving Cybersixgill's Actionable Alerts as incidents ## Use Cases - Fetch Incidents & Events ## Configure Cybersixgill on XSOAR @@ -21,14 +20,11 @@ Fetch Incidents & Events | threat_type | Filter by alert threat type | False | 4. Click **Test** to validate the URLs, token, and connection. - ## Fetch incidents - You can execute these commands from the XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details. ## output - ``` [{ 'name': "", @@ -53,12 +49,9 @@ After you successfully execute a command, a DBot message appears in the War Room ``` ## Commands - You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details. - ### cybersixgill-update-alert-status - *** updates the existing actionable alert status @@ -66,7 +59,6 @@ updates the existing actionable alert status #### Base Command `cybersixgill-update-alert-status` - #### Input | **Argument Name** | **Description** | **Required** | @@ -79,8 +71,6 @@ updates the existing actionable alert status #### Context Output There is no context output for this command. - ## Additional Information - Contact us: support@cybersixgill.com diff --git a/Packs/Cybersixgill-ActionableAlerts/Scripts/CybersixgillActionableAlertStatusUpdate/README.md b/Packs/Cybersixgill-ActionableAlerts/Scripts/CybersixgillActionableAlertStatusUpdate/README.md index bb02bea3f6ed..6b0a39831da7 100644 --- a/Packs/Cybersixgill-ActionableAlerts/Scripts/CybersixgillActionableAlertStatusUpdate/README.md +++ b/Packs/Cybersixgill-ActionableAlerts/Scripts/CybersixgillActionableAlertStatusUpdate/README.md @@ -1,7 +1,5 @@ Updates the Actionable alert status. - ## Script Data - --- | **Name** | **Description** | From 9d03c065df1b8c7b7fc913df886b821450323cdd Mon Sep 17 00:00:00 2001 From: adi88d Date: Sun, 24 Dec 2023 15:39:11 +0200 Subject: [PATCH 3/9] update RN --- Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md b/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md index 52c4474353f5..804458a885d3 100644 --- a/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md +++ b/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md @@ -7,10 +7,9 @@ - New: Added **Cybersixgill Post URL** in Cybersixgill Alert Information Layout for only Sub Alerts. +#### Scripts + ##### CybersixgillActionableAlertStatusUpdate - Updated the Docker image to: *demisto/sixgill:1.0.0.83420*. -##### Cybersixgill Actionable Alerts - -- Updated the Docker image to: *demisto/sixgill:1.0.0.83420*. \ No newline at end of file From bac10c3a813a63eb1630154404a587acb6420306 Mon Sep 17 00:00:00 2001 From: adi88d Date: Sun, 24 Dec 2023 15:53:40 +0200 Subject: [PATCH 4/9] update RN --- .../ReleaseNotes/1_2_12.md | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md diff --git a/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md b/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md deleted file mode 100644 index 804458a885d3..000000000000 --- a/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md +++ /dev/null @@ -1,15 +0,0 @@ - -#### Incident Fields - -- New: **Cybersixgill Post URL** - -#### Layouts - -- New: Added **Cybersixgill Post URL** in Cybersixgill Alert Information Layout for only Sub Alerts. - -#### Scripts - -##### CybersixgillActionableAlertStatusUpdate - -- Updated the Docker image to: *demisto/sixgill:1.0.0.83420*. - From 5f11abd3b8f738d7239683e8d8cd20b2e41b9c7a Mon Sep 17 00:00:00 2001 From: Adi Daud <46249224+adi88d@users.noreply.github.com> Date: Sun, 24 Dec 2023 16:11:50 +0200 Subject: [PATCH 5/9] add RN --- .../ReleaseNotes/1_2_12.md | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md diff --git a/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md b/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md new file mode 100644 index 000000000000..c56d2304ef85 --- /dev/null +++ b/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md @@ -0,0 +1,22 @@ + +#### Incident Fields + +- New: **Cybersixgill Post URL** + +#### Layouts + +##### Cybersixgill Actionable Alerts + +- Added **Cybersixgill Post URL** in Cybersixgill Alert Information Layout for only Sub Alerts. + +#### Mappers + +##### Cybersixgill Actionable Alerts - Incoming Mapper + +- %%UPDATE_RN%% + +#### Scripts + +##### CybersixgillActionableAlertStatusUpdate + +- Updated the Docker image to: *demisto/sixgill:1.0.0.83420*. From c5c56eed913df03dba0f0ea6a8f4bbe021257a37 Mon Sep 17 00:00:00 2001 From: Kobbi Gal <85439776+kgal-pan@users.noreply.github.com> Date: Sun, 24 Dec 2023 16:19:00 +0200 Subject: [PATCH 6/9] Update Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md --- Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md b/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md index c56d2304ef85..d749c3fb7579 100644 --- a/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md +++ b/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md @@ -13,7 +13,7 @@ ##### Cybersixgill Actionable Alerts - Incoming Mapper -- %%UPDATE_RN%% +- Added mapping for the **Cybersixgill Post URL** field. #### Scripts From b7f4b652cce60da303d14426ce6922c7391c354e Mon Sep 17 00:00:00 2001 From: dorschw <81086590+dorschw@users.noreply.github.com> Date: Sun, 24 Dec 2023 17:20:05 +0200 Subject: [PATCH 7/9] NetskopeAPIv2 `alert_query` argument (#31690) --- Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.py | 2 +- .../Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.yml | 2 +- .../Integrations/NetskopeAPIv2/NetskopeAPIv2_test.py | 2 +- Packs/Netskope/ReleaseNotes/3_3_2.md | 7 +++++++ Packs/Netskope/pack_metadata.json | 2 +- 5 files changed, 11 insertions(+), 4 deletions(-) create mode 100644 Packs/Netskope/ReleaseNotes/3_3_2.md diff --git a/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.py b/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.py index ff29acbf394c..31a31a20a966 100644 --- a/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.py +++ b/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.py @@ -749,7 +749,7 @@ def fetch_incidents(client: Client, params: dict[str, Any]): last_run: dict[str, Any] = {} event_types = argToList(params.get("event_types")) - alert_query = params.get("alert_query") + alert_query = params.get("alerts_query") alert_max_fetch = arg_to_number(params["max_fetch"]) or MAX_LIMIT if ( diff --git a/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.yml b/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.yml index 29d5c5b703e2..fab33d6b4ddf 100644 --- a/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.yml +++ b/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.yml @@ -1026,7 +1026,7 @@ script: - contextPath: Netskope.Client.emails description: Netskope client emails. type: String - dockerimage: demisto/python3:3.10.13.75921 + dockerimage: demisto/python3:3.10.13.83255 feed: false isfetch: true longRunning: false diff --git a/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2_test.py b/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2_test.py index 886b34e2ab51..91f30d831dde 100644 --- a/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2_test.py +++ b/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2_test.py @@ -12,7 +12,7 @@ def util_load_json(file_name): with open( - os.path.join("test_data", f"{file_name}.json"), mode="r", encoding="utf-8" + os.path.join("test_data", f"{file_name}.json"), encoding="utf-8" ) as mock_file: return json.loads(mock_file.read()) diff --git a/Packs/Netskope/ReleaseNotes/3_3_2.md b/Packs/Netskope/ReleaseNotes/3_3_2.md new file mode 100644 index 000000000000..0fa820d04f99 --- /dev/null +++ b/Packs/Netskope/ReleaseNotes/3_3_2.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### Netskope (API v2) + +- Fixed an issue where the `alert_query` argument value was not used when provided. +- Updated the docker image to: *demisto/python3:3.10.13.83255*. \ No newline at end of file diff --git a/Packs/Netskope/pack_metadata.json b/Packs/Netskope/pack_metadata.json index 51a1f7e746e4..5299e29df0b0 100644 --- a/Packs/Netskope/pack_metadata.json +++ b/Packs/Netskope/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Netskope", "description": "Cloud access security broker that enables to find, understand, and secure cloud apps.", "support": "xsoar", - "currentVersion": "3.3.1", + "currentVersion": "3.3.2", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 3a52a7b54007fa836acb1ceb225b54511b4496de Mon Sep 17 00:00:00 2001 From: Moshe Galitzky <112559840+moishce@users.noreply.github.com> Date: Sun, 24 Dec 2023 18:12:10 +0200 Subject: [PATCH 8/9] ParseEmailFiles: Update docker (#31683) * update docker * update rn * update rn * revert * update version --- Packs/CommonScripts/ReleaseNotes/1_13_13.md | 8 ++++++++ .../Scripts/ParseEmailFilesV2/ParseEmailFilesV2.yml | 2 +- Packs/CommonScripts/pack_metadata.json | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 Packs/CommonScripts/ReleaseNotes/1_13_13.md diff --git a/Packs/CommonScripts/ReleaseNotes/1_13_13.md b/Packs/CommonScripts/ReleaseNotes/1_13_13.md new file mode 100644 index 000000000000..af7746f09249 --- /dev/null +++ b/Packs/CommonScripts/ReleaseNotes/1_13_13.md @@ -0,0 +1,8 @@ + +#### Scripts + +##### ParseEmailFilesV2 + +- Fixed a parsing issue when running on msg email files with headers only. +- Fixed an issue where EML multipart files were not parsed if they have a broken boundary. +- Updated the Docker image to: *demisto/parse-emails:1.0.0.83945*. diff --git a/Packs/CommonScripts/Scripts/ParseEmailFilesV2/ParseEmailFilesV2.yml b/Packs/CommonScripts/Scripts/ParseEmailFilesV2/ParseEmailFilesV2.yml index 759bcb0d076e..643f2d43029f 100644 --- a/Packs/CommonScripts/Scripts/ParseEmailFilesV2/ParseEmailFilesV2.yml +++ b/Packs/CommonScripts/Scripts/ParseEmailFilesV2/ParseEmailFilesV2.yml @@ -116,4 +116,4 @@ type: python fromversion: 5.0.0 tests: - ParseEmailFilesV2-test -dockerimage: demisto/parse-emails:1.0.0.83392 +dockerimage: demisto/parse-emails:1.0.0.83945 diff --git a/Packs/CommonScripts/pack_metadata.json b/Packs/CommonScripts/pack_metadata.json index 7c72f48d8d89..34e2d3fe869b 100644 --- a/Packs/CommonScripts/pack_metadata.json +++ b/Packs/CommonScripts/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Common Scripts", "description": "Frequently used scripts pack.", "support": "xsoar", - "currentVersion": "1.13.12", + "currentVersion": "1.13.13", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 195b031e63fdbdf94ee59fee5ff9090a4bed2a8b Mon Sep 17 00:00:00 2001 From: Sasha Sokolovich <88268646+ssokolovich@users.noreply.github.com> Date: Sun, 24 Dec 2023 18:47:38 +0200 Subject: [PATCH 9/9] Adding Cloud Alerts Layout (#31118) * Change the field to be searchable * RN * Added missing scripts * Added new layout rule Added new layout updated scripts * UPDATED SCRIPT * Fixed more pre-commit errors * Updated RN Fixed issue with the widget * Removed un-required script * Removed un-required script * Removed un-required script * Removed un-required script * Added tests * Added a test for main * Added a test for main * Added a test for main * Added a test for main * Updated main test * Updated main test * Updated main test * Updated main test * removed main tests * removed main tests * fixed tests * added MP * added MP * Updated README.md * Updated README.md * removed unrequited import * pre-commit * Updated RN description * Bump pack from version CloudIncidentResponse to 1.0.10. * alert source * Added missing scripts * Added new layout rule Added new layout updated scripts * UPDATED SCRIPT * Fixed more pre-commit errors * Removed un-required script * Removed un-required script * Removed un-required script * Removed un-required script * Added tests * Added a test for main * Added a test for main * Added a test for main * Added a test for main * Updated main test * Updated main test * Updated main test * Updated main test * removed main tests * removed main tests * fixed tests * added MP * added MP * Updated README.md * Updated README.md * removed unrequited import * pre-commit * Updated RN description * alert source * Bump pack from version CloudIncidentResponse to 1.0.10. * [SanePdfReport] - Increase resourceTimeout (#31513) * added random.randint * pre-commit * added a retry * added a retry2 * added a retry3 * flake8 * fixed * test * Reverted to master --------- Co-authored-by: MLainer1 <93524335+MLainer1@users.noreply.github.com> Co-authored-by: Content Bot Co-authored-by: michal-dagan <109464765+michal-dagan@users.noreply.github.com> --- .../LayoutRules/layoutrule-Cloud_Alerts.json | 46 + .../layoutscontainer-Cloud_Alerts.json | 1390 +++++++++++++++++ .../ReleaseNotes/1_0_10.md | 18 + .../README.md | 30 + .../XCloudAdditionalAlertInformationWidget.py | 72 + ...XCloudAdditionalAlertInformationWidget.yml | 21 + ...udAdditionalAlertInformationWidget_test.py | 62 + .../CloudIncidentResponse/pack_metadata.json | 2 +- 8 files changed, 1640 insertions(+), 1 deletion(-) create mode 100644 Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json create mode 100644 Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json create mode 100644 Packs/CloudIncidentResponse/ReleaseNotes/1_0_10.md create mode 100644 Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/README.md create mode 100644 Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py create mode 100644 Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml create mode 100644 Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py diff --git a/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json b/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json new file mode 100644 index 000000000000..b22984f07846 --- /dev/null +++ b/Packs/CloudIncidentResponse/LayoutRules/layoutrule-Cloud_Alerts.json @@ -0,0 +1,46 @@ +{ + "rule_id": "Cloud_Alerts_rule", + "layout_id": "Cloud Alerts", + "description": "Default display for Cloud Alerts generated by XDR Analytics.", + "rule_name": "Cloud Alerts Layout Rule", + "alerts_filter": { + "filter": { + "AND": [ + { + "OR": [ + { + "SEARCH_FIELD": "cloud_provider", + "SEARCH_TYPE": "EQ", + "SEARCH_VALUE": "AWS" + }, + { + "SEARCH_FIELD": "cloud_provider", + "SEARCH_TYPE": "EQ", + "SEARCH_VALUE": "AZURE" + }, + { + "SEARCH_FIELD": "cloud_provider", + "SEARCH_TYPE": "EQ", + "SEARCH_VALUE": "GCP" + } + ] + }, + { + "OR": [ + { + "SEARCH_FIELD": "alert_source", + "SEARCH_TYPE": "EQ", + "SEARCH_VALUE": "ANALYTICS_BIOC" + }, + { + "SEARCH_FIELD": "alert_source", + "SEARCH_TYPE": "EQ", + "SEARCH_VALUE": "MAGNIFIER" + } + ] + } + ] + } + }, + "fromVersion": "6.10.0" +} \ No newline at end of file diff --git a/Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json b/Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json new file mode 100644 index 000000000000..a0bb2f268d22 --- /dev/null +++ b/Packs/CloudIncidentResponse/Layouts/layoutscontainer-Cloud_Alerts.json @@ -0,0 +1,1390 @@ +{ + "detailsV2": { + "tabs": [ + { + "id": "summary", + "name": "Legacy Summary", + "type": "summary" + }, + { + "id": "caseinfoid", + "name": "Alert Details", + "sections": [ + { + "displayType": "ROW", + "h": 4, + "i": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-6aabad20-98b1-11e9-97d7-ed26ef9e46c8", + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Work Plan", + "static": false, + "type": "workplan", + "w": 1, + "x": 2, + "y": 0 + }, + { + "displayType": "ROW", + "h": 2, + "hideName": false, + "i": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9", + "items": [ + { + "dropEffect": "move", + "endCol": 3, + "fieldId": "details", + "height": 52, + "id": "df4e6650-ffa4-11ed-8065-135924776b58", + "index": 0, + "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "xdrdescription", + "height": 26, + "id": "a79303f0-0d99-11ec-83df-e184d3cc52d9", + "index": 1, + "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "xdrincidentid", + "height": 26, + "id": "c2e0ea00-0d99-11ec-83df-e184d3cc52d9", + "index": 1, + "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "xdrurl", + "height": 26, + "id": "b2f7e2b0-0d99-11ec-83df-e184d3cc52d9", + "index": 1, + "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "xdralertcategory", + "height": 26, + "id": "a3301f00-0d99-11ec-83df-e184d3cc52d9", + "index": 1, + "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "xdralertname", + "height": 26, + "id": "a5953820-0d99-11ec-83df-e184d3cc52d9", + "index": 1, + "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "xdrdetectiontime", + "height": 26, + "id": "a9356950-0d99-11ec-83df-e184d3cc52d9", + "index": 1, + "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "dbotcreated", + "height": 26, + "id": "incident-created-field", + "index": 1, + "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "categoryname", + "height": 26, + "id": "298513a0-ffa4-11ed-8065-135924776b58", + "index": 2, + "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "severity", + "height": 26, + "id": "incident-severity-field", + "index": 3, + "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "xdrhostcount", + "height": 26, + "id": "d50dc6d0-0d99-11ec-83df-e184d3cc52d9", + "index": 4, + "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9", + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "xdrusercount", + "height": 26, + "id": "cf9fda80-0d99-11ec-83df-e184d3cc52d9", + "index": 4, + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "xdralertcount", + "height": 26, + "id": "a4bba100-0d99-11ec-83df-e184d3cc52d9", + "index": 4, + "listId": "caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9", + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "xdrhighseverityalertcount", + "height": 26, + "id": "16aacde0-0d9a-11ec-83df-e184d3cc52d9", + "index": 4, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "xdrmediumseverityalertcount", + "height": 26, + "id": "23c76ec0-0d9a-11ec-83df-e184d3cc52d9", + "index": 4, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "xdrlowseverityalertcount", + "height": 26, + "id": "25413d80-0d9a-11ec-83df-e184d3cc52d9", + "index": 4, + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "playbookid", + "height": 26, + "id": "incident-playbookId-field", + "index": 4, + "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 6, + "fieldId": "mitreattcktactic", + "height": 26, + "id": "41242d10-ffa5-11ed-8065-135924776b58", + "index": 0, + "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9", + "sectionItemType": "field", + "startCol": 4 + }, + { + "dropEffect": "move", + "endCol": 6, + "fieldId": "mitreattcktechnique", + "height": 26, + "id": "42aceff0-ffa5-11ed-8065-135924776b58", + "index": 1, + "listId": "caseinfoid-psvkrie7fh-field-changed-caseinfoid-9d68c810-0d99-11ec-83df-e184d3cc52d9", + "sectionItemType": "field", + "startCol": 4 + } + ], + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Alert Information", + "static": false, + "w": 2, + "x": 0, + "y": 0 + }, + { + "displayType": "ROW", + "h": 2, + "hideName": false, + "i": "caseinfoid-1ef783c0-4012-11ed-bd56-1f5a2b2d17b4", + "items": [ + { + "endCol": 2, + "fieldId": "xdralerts", + "height": 26, + "id": "22a151e0-4012-11ed-bd56-1f5a2b2d17b4", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "cloudaccountid", + "height": 26, + "id": "45d156e0-ffa4-11ed-8065-135924776b58", + "index": 0, + "listId": "caseinfoid-1ef783c0-4012-11ed-bd56-1f5a2b2d17b4", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "cloudproject", + "height": 26, + "id": "671bd4b0-ffa4-11ed-8065-135924776b58", + "index": 1, + "listId": "caseinfoid-1ef783c0-4012-11ed-bd56-1f5a2b2d17b4", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "cloudidentitytype", + "height": 26, + "id": "38114a10-ffa4-11ed-8065-135924776b58", + "index": 2, + "listId": "caseinfoid-1ef783c0-4012-11ed-bd56-1f5a2b2d17b4", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "cloudoperationtype", + "height": 26, + "id": "5f71db10-ffa4-11ed-8065-135924776b58", + "index": 3, + "listId": "caseinfoid-1ef783c0-4012-11ed-bd56-1f5a2b2d17b4", + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "cloudresourcetype", + "height": 26, + "id": "74d59ff0-ffa4-11ed-8065-135924776b58", + "index": 4, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "cloudreferencedresource", + "height": 26, + "id": "6bc00860-ffa4-11ed-8065-135924776b58", + "index": 5, + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "cloudinstanceid", + "height": 26, + "id": "5cff5470-ffa4-11ed-8065-135924776b58", + "index": 6, + "listId": "caseinfoid-1ef783c0-4012-11ed-bd56-1f5a2b2d17b4", + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Cloud Extra Data", + "static": false, + "w": 1, + "x": 0, + "y": 2 + }, + { + "h": 4, + "hideName": true, + "i": "caseinfoid-3f0c19a0-4012-11ed-bd56-1f5a2b2d17b4", + "items": [], + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Alert Extended Information", + "query": "CortexXDRAdditionalAlertInformationWidget", + "queryType": "script", + "static": false, + "type": "dynamic", + "w": 3, + "x": 0, + "y": 4 + }, + { + "h": 2, + "hideName": true, + "i": "caseinfoid-76a49540-4012-11ed-bd56-1f5a2b2d17b4", + "items": [], + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Cloud Provider", + "query": "XCloudProviderWidget", + "queryType": "script", + "static": false, + "type": "dynamic", + "w": 1, + "x": 1, + "y": 2 + } + ], + "type": "custom" + }, + { + "hidden": false, + "id": "xmrrsnmlfj", + "name": "Technical Details", + "sections": [ + { + "displayType": "ROW", + "h": 2, + "hideName": false, + "i": "caseinfoid-be53e110-3992-11ed-9adb-83e728f46893", + "items": [ + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "hostip", + "height": 26, + "id": "aeeee620-ffbc-11ed-91cb-b704c053731a", + "index": 0, + "listId": "caseinfoid-be53e110-3992-11ed-9adb-83e728f46893", + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "isvpnipaddress", + "height": 26, + "id": "b65ebae0-141e-11ee-82aa-79d0d6f9a441", + "index": 1, + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "useragent", + "height": 26, + "id": "3e2d8e60-3fef-11ed-8b45-b1684b1bfc04", + "index": 2, + "listId": "caseinfoid-be53e110-3992-11ed-9adb-83e728f46893", + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "asnname", + "height": 26, + "id": "7bbf2660-ffbd-11ed-91cb-b704c053731a", + "index": 3, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "asn", + "height": 26, + "id": "74d9fc50-3fef-11ed-bd56-1f5a2b2d17b4", + "index": 4, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "country", + "height": 26, + "id": "4c8d5610-0f52-11ee-81b3-5b1a51073e91", + "index": 5, + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Attacker Extra Data", + "static": false, + "w": 1, + "x": 1, + "y": 0 + }, + { + "h": 1, + "hideName": false, + "i": "caseinfoid-90fd3b10-3e3f-11ed-ba28-af31a2402b20", + "items": [], + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Regions", + "query": "EntryWidgetRegionNameXCLOUD", + "queryType": "script", + "static": false, + "type": "dynamic", + "w": 1, + "x": 2, + "y": 0 + }, + { + "h": 3, + "i": "caseinfoid-944f47f0-3fce-11ed-81fb-f98f11f06b6f", + "items": [], + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Malicious or Suspicious Indicators", + "query": "reputation:Suspicious OR reputation:Malicious", + "queryType": "input", + "static": false, + "type": "indicators", + "w": 2, + "x": 0, + "y": 2 + }, + { + "h": 1, + "hideName": false, + "i": "caseinfoid-4d1a5360-4a0b-11ed-b8e1-8fa90b5d349b", + "items": [], + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Resource Type", + "query": "EntryWidgetResourceTypeXCLOUD", + "queryType": "script", + "static": false, + "type": "dynamic", + "w": 1, + "x": 2, + "y": 1 + }, + { + "description": "", + "h": 3, + "hideName": true, + "i": "caseinfoid-270d9710-ffbc-11ed-91cb-b704c053731a", + "items": [], + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Related Alerts", + "query": "XCloudRelatedAlertsWidget", + "queryType": "script", + "static": false, + "type": "dynamic", + "w": 3, + "x": 0, + "y": 5 + }, + { + "h": 2, + "hideName": true, + "i": "caseinfoid-eb9e4280-ffbe-11ed-8455-4ba42b17a94b", + "items": [], + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Identity Table", + "query": "XCloudIdentitiesWidget", + "queryType": "script", + "static": false, + "type": "dynamic", + "w": 1, + "x": 0, + "y": 0 + }, + { + "h": 3, + "i": "caseinfoid-738a28d0-ffd3-11ed-94b9-ab17767bb4e7", + "items": [], + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Hunting Results", + "query": { + "categories": [ + "tags" + ], + "preDefinedFilters": true, + "tags": [ + "PersistenceHunting" + ] + }, + "queryType": "warRoomFilter", + "static": false, + "type": "invTimeline", + "w": 1, + "x": 2, + "y": 2 + } + ], + "type": "custom" + }, + { + "id": "warRoom", + "name": "War Room", + "type": "warRoom" + }, + { + "id": "workPlan", + "name": "Work Plan", + "type": "workPlan" + } + ] + }, + "group": "incident", + "id": "Cloud Alerts", + "name": "Cloud Alerts", + "quickView": { + "sections": [ + { + "description": "", + "fields": [ + { + "fieldId": "incident_type", + "isVisible": true + }, + { + "fieldId": "incident_severity", + "isVisible": true + }, + { + "fieldId": "incident_owner", + "isVisible": true + }, + { + "fieldId": "incident_dbotstatus", + "isVisible": true + }, + { + "fieldId": "incident_sourcebrand", + "isVisible": true + }, + { + "fieldId": "incident_sourceinstance", + "isVisible": true + }, + { + "fieldId": "incident_playbookid", + "isVisible": true + }, + { + "fieldId": "incident_phase", + "isVisible": true + }, + { + "fieldId": "incident_roles", + "isVisible": true + } + ], + "isVisible": true, + "name": "Basic Information", + "query": null, + "queryType": "", + "readOnly": false, + "type": "" + }, + { + "description": "", + "fields": [ + { + "fieldId": "incident_occurred", + "isVisible": true + }, + { + "fieldId": "incident_dbotcreated", + "isVisible": true + }, + { + "fieldId": "incident_dbotduedate", + "isVisible": true + }, + { + "fieldId": "incident_dbotmodified", + "isVisible": true + }, + { + "fieldId": "incident_dbottotaltime", + "isVisible": true + } + ], + "isVisible": true, + "name": "Timeline Information", + "query": null, + "queryType": "", + "readOnly": false, + "type": "" + }, + { + "description": "", + "fields": [ + { + "fieldId": "incident_additionaldata", + "isVisible": true + }, + { + "fieldId": "incident_agentid", + "isVisible": true + }, + { + "fieldId": "incident_agentsid", + "isVisible": true + }, + { + "fieldId": "incident_agentversion", + "isVisible": true + }, + { + "fieldId": "incident_alertcategory", + "isVisible": true + }, + { + "fieldId": "incident_alerttypeid", + "isVisible": true + }, + { + "fieldId": "incident_app", + "isVisible": true + }, + { + "fieldId": "incident_appchannelname", + "isVisible": true + }, + { + "fieldId": "incident_appmessage", + "isVisible": true + }, + { + "fieldId": "incident_assigneduser", + "isVisible": true + }, + { + "fieldId": "incident_assignmentgroup", + "isVisible": true + }, + { + "fieldId": "incident_birthday", + "isVisible": true + }, + { + "fieldId": "incident_caller", + "isVisible": true + }, + { + "fieldId": "incident_categories", + "isVisible": true + }, + { + "fieldId": "incident_changed", + "isVisible": true + }, + { + "fieldId": "incident_childprocess", + "isVisible": true + }, + { + "fieldId": "incident_classification", + "isVisible": true + }, + { + "fieldId": "incident_cloudaccountid", + "isVisible": true + }, + { + "fieldId": "incident_cloudinstanceid", + "isVisible": true + }, + { + "fieldId": "incident_cmd", + "isVisible": true + }, + { + "fieldId": "incident_cmdline", + "isVisible": true + }, + { + "fieldId": "incident_commandline", + "isVisible": true + }, + { + "fieldId": "incident_comment", + "isVisible": true + }, + { + "fieldId": "incident_containmentsla", + "isVisible": true + }, + { + "fieldId": "incident_country", + "isVisible": true + }, + { + "fieldId": "incident_countrycode", + "isVisible": true + }, + { + "fieldId": "incident_countrycodenumber", + "isVisible": true + }, + { + "fieldId": "incident_destinationhostname", + "isVisible": true + }, + { + "fieldId": "incident_destinationip", + "isVisible": true + }, + { + "fieldId": "incident_destinationnetwork", + "isVisible": true + }, + { + "fieldId": "incident_destinationnetworks", + "isVisible": true + }, + { + "fieldId": "incident_destinationport", + "isVisible": true + }, + { + "fieldId": "incident_detectedendpoints", + "isVisible": true + }, + { + "fieldId": "incident_detecteduser", + "isVisible": true + }, + { + "fieldId": "incident_detectionsla", + "isVisible": true + }, + { + "fieldId": "incident_detectionurl", + "isVisible": true + }, + { + "fieldId": "incident_deviceexternalip", + "isVisible": true + }, + { + "fieldId": "incident_deviceexternalips", + "isVisible": true + }, + { + "fieldId": "incident_devicehash", + "isVisible": true + }, + { + "fieldId": "incident_deviceid", + "isVisible": true + }, + { + "fieldId": "incident_deviceinternalips", + "isVisible": true + }, + { + "fieldId": "incident_devicelocalip", + "isVisible": true + }, + { + "fieldId": "incident_devicemacaddress", + "isVisible": true + }, + { + "fieldId": "incident_devicemodel", + "isVisible": true + }, + { + "fieldId": "incident_devicename", + "isVisible": true + }, + { + "fieldId": "incident_deviceosname", + "isVisible": true + }, + { + "fieldId": "incident_deviceosversion", + "isVisible": true + }, + { + "fieldId": "incident_deviceou", + "isVisible": true + }, + { + "fieldId": "incident_deviceusername", + "isVisible": true + }, + { + "fieldId": "incident_domainname", + "isVisible": true + }, + { + "fieldId": "incident_dsts", + "isVisible": true + }, + { + "fieldId": "incident_escalation", + "isVisible": true + }, + { + "fieldId": "incident_eventid", + "isVisible": true + }, + { + "fieldId": "incident_eventtype", + "isVisible": true + }, + { + "fieldId": "incident_externalcategoryid", + "isVisible": true + }, + { + "fieldId": "incident_externalcategoryname", + "isVisible": true + }, + { + "fieldId": "incident_externalconfidence", + "isVisible": true + }, + { + "fieldId": "incident_externalendtime", + "isVisible": true + }, + { + "fieldId": "incident_externallink", + "isVisible": true + }, + { + "fieldId": "incident_externalseverity", + "isVisible": true + }, + { + "fieldId": "incident_externalstarttime", + "isVisible": true + }, + { + "fieldId": "incident_externalstatus", + "isVisible": true + }, + { + "fieldId": "incident_externalsubcategoryid", + "isVisible": true + }, + { + "fieldId": "incident_externalsubcategoryname", + "isVisible": true + }, + { + "fieldId": "incident_externalsystemid", + "isVisible": true + }, + { + "fieldId": "incident_filehash", + "isVisible": true + }, + { + "fieldId": "incident_filemd5", + "isVisible": true + }, + { + "fieldId": "incident_filename", + "isVisible": true + }, + { + "fieldId": "incident_filenames", + "isVisible": true + }, + { + "fieldId": "incident_filepath", + "isVisible": true + }, + { + "fieldId": "incident_filepaths", + "isVisible": true + }, + { + "fieldId": "incident_filesha1", + "isVisible": true + }, + { + "fieldId": "incident_filesha256", + "isVisible": true + }, + { + "fieldId": "incident_filesize", + "isVisible": true + }, + { + "fieldId": "incident_firstname", + "isVisible": true + }, + { + "fieldId": "incident_fullname", + "isVisible": true + }, + { + "fieldId": "incident_hostnames", + "isVisible": true + }, + { + "fieldId": "incident_incidentlink", + "isVisible": true + }, + { + "fieldId": "incident_incomingmirrorerror", + "isVisible": true + }, + { + "fieldId": "incident_investigationstage", + "isVisible": true + }, + { + "fieldId": "incident_isactive", + "isVisible": true + }, + { + "fieldId": "incident_lastname", + "isVisible": true + }, + { + "fieldId": "incident_logsource", + "isVisible": true + }, + { + "fieldId": "incident_lowlevelcategoriesevents", + "isVisible": true + }, + { + "fieldId": "incident_macaddress", + "isVisible": true + }, + { + "fieldId": "incident_md5", + "isVisible": true + }, + { + "fieldId": "incident_mitretacticid", + "isVisible": true + }, + { + "fieldId": "incident_mitretacticname", + "isVisible": true + }, + { + "fieldId": "incident_mitretechniqueid", + "isVisible": true + }, + { + "fieldId": "incident_mitretechniquename", + "isVisible": true + }, + { + "fieldId": "incident_mobiledevicemodel", + "isVisible": true + }, + { + "fieldId": "incident_objective", + "isVisible": true + }, + { + "fieldId": "incident_orglevel1", + "isVisible": true + }, + { + "fieldId": "incident_orglevel2", + "isVisible": true + }, + { + "fieldId": "incident_orglevel3", + "isVisible": true + }, + { + "fieldId": "incident_orgunit", + "isVisible": true + }, + { + "fieldId": "incident_os", + "isVisible": true + }, + { + "fieldId": "incident_ostype", + "isVisible": true + }, + { + "fieldId": "incident_osversion", + "isVisible": true + }, + { + "fieldId": "incident_outgoingmirrorerror", + "isVisible": true + }, + { + "fieldId": "incident_parentcmdline", + "isVisible": true + }, + { + "fieldId": "incident_parentprocess", + "isVisible": true + }, + { + "fieldId": "incident_parentprocesscmd", + "isVisible": true + }, + { + "fieldId": "incident_parentprocessfilepath", + "isVisible": true + }, + { + "fieldId": "incident_parentprocessids", + "isVisible": true + }, + { + "fieldId": "incident_parentprocessmd5", + "isVisible": true + }, + { + "fieldId": "incident_parentprocessname", + "isVisible": true + }, + { + "fieldId": "incident_parentprocesspath", + "isVisible": true + }, + { + "fieldId": "incident_parentprocesssha256", + "isVisible": true + }, + { + "fieldId": "incident_phonenumber", + "isVisible": true + }, + { + "fieldId": "incident_pid", + "isVisible": true + }, + { + "fieldId": "incident_policyactions", + "isVisible": true + }, + { + "fieldId": "incident_processcmd", + "isVisible": true + }, + { + "fieldId": "incident_processcreationtime", + "isVisible": true + }, + { + "fieldId": "incident_processid", + "isVisible": true + }, + { + "fieldId": "incident_processmd5", + "isVisible": true + }, + { + "fieldId": "incident_processname", + "isVisible": true + }, + { + "fieldId": "incident_processnames", + "isVisible": true + }, + { + "fieldId": "incident_processpath", + "isVisible": true + }, + { + "fieldId": "incident_processpaths", + "isVisible": true + }, + { + "fieldId": "incident_processsha256", + "isVisible": true + }, + { + "fieldId": "incident_protocol", + "isVisible": true + }, + { + "fieldId": "incident_protocolnames", + "isVisible": true + }, + { + "fieldId": "incident_registryhive", + "isVisible": true + }, + { + "fieldId": "incident_registrykey", + "isVisible": true + }, + { + "fieldId": "incident_registryvalue", + "isVisible": true + }, + { + "fieldId": "incident_registryvaluetype", + "isVisible": true + }, + { + "fieldId": "incident_remediationsla", + "isVisible": true + }, + { + "fieldId": "incident_renderedhtml", + "isVisible": true + }, + { + "fieldId": "incident_rulename", + "isVisible": true + }, + { + "fieldId": "incident_scenario", + "isVisible": true + }, + { + "fieldId": "incident_sha1", + "isVisible": true + }, + { + "fieldId": "incident_sha256", + "isVisible": true + }, + { + "fieldId": "incident_sha512", + "isVisible": true + }, + { + "fieldId": "incident_similarincidents", + "isVisible": true + }, + { + "fieldId": "incident_similarincidentsdbot", + "isVisible": true + }, + { + "fieldId": "incident_sourcecategory", + "isVisible": true + }, + { + "fieldId": "incident_sourcecreatedby", + "isVisible": true + }, + { + "fieldId": "incident_sourcecreatetime", + "isVisible": true + }, + { + "fieldId": "incident_sourceexternalips", + "isVisible": true + }, + { + "fieldId": "incident_sourcehostname", + "isVisible": true + }, + { + "fieldId": "incident_sourceip", + "isVisible": true + }, + { + "fieldId": "incident_sourcenetwork", + "isVisible": true + }, + { + "fieldId": "incident_sourcenetworks", + "isVisible": true + }, + { + "fieldId": "incident_sourceport", + "isVisible": true + }, + { + "fieldId": "incident_sourcepriority", + "isVisible": true + }, + { + "fieldId": "incident_sourcestatus", + "isVisible": true + }, + { + "fieldId": "incident_sourceusername", + "isVisible": true + }, + { + "fieldId": "incident_srcs", + "isVisible": true + }, + { + "fieldId": "incident_state", + "isVisible": true + }, + { + "fieldId": "incident_subcategory", + "isVisible": true + }, + { + "fieldId": "incident_tactic", + "isVisible": true + }, + { + "fieldId": "incident_tacticid", + "isVisible": true + }, + { + "fieldId": "incident_teamname", + "isVisible": true + }, + { + "fieldId": "incident_technique", + "isVisible": true + }, + { + "fieldId": "incident_techniqueid", + "isVisible": true + }, + { + "fieldId": "incident_tenantname", + "isVisible": true + }, + { + "fieldId": "incident_threatfamilyname", + "isVisible": true + }, + { + "fieldId": "incident_threathuntingdetectedhostnames", + "isVisible": true + }, + { + "fieldId": "incident_threathuntingdetectedip", + "isVisible": true + }, + { + "fieldId": "incident_threatname", + "isVisible": true + }, + { + "fieldId": "incident_ticketacknowledgeddate", + "isVisible": true + }, + { + "fieldId": "incident_ticketcloseddate", + "isVisible": true + }, + { + "fieldId": "incident_ticketnumber", + "isVisible": true + }, + { + "fieldId": "incident_ticketopeneddate", + "isVisible": true + }, + { + "fieldId": "incident_timetoassignment", + "isVisible": true + }, + { + "fieldId": "incident_triagesla", + "isVisible": true + }, + { + "fieldId": "incident_urls", + "isVisible": true + }, + { + "fieldId": "incident_urlsslverification", + "isVisible": true + }, + { + "fieldId": "incident_usecasedescription", + "isVisible": true + }, + { + "fieldId": "incident_useraccountcontrol", + "isVisible": true + }, + { + "fieldId": "incident_users", + "isVisible": true + }, + { + "fieldId": "incident_usersid", + "isVisible": true + } + ], + "isVisible": true, + "name": "Custom Fields", + "query": null, + "queryType": "", + "readOnly": false, + "type": "" + }, + { + "description": "", + "fields": [ + { + "fieldId": "incident_labels", + "isVisible": true + } + ], + "isVisible": true, + "name": "Labels", + "query": null, + "queryType": "", + "readOnly": true, + "type": "labels" + } + ] + }, + "system": false, + "version": -1, + "fromVersion": "6.10.0", + "marketplaces": ["marketplacev2"], + "description": "" +} \ No newline at end of file diff --git a/Packs/CloudIncidentResponse/ReleaseNotes/1_0_10.md b/Packs/CloudIncidentResponse/ReleaseNotes/1_0_10.md new file mode 100644 index 000000000000..587276b9f0dd --- /dev/null +++ b/Packs/CloudIncidentResponse/ReleaseNotes/1_0_10.md @@ -0,0 +1,18 @@ + +#### Layout Rules + +##### New: Cloud Alerts Layout Rule + +- New: Cloud Alerts layout Rule (Available from Cortex XSIAM 2.0). + +#### Layouts + +##### New: Cloud Alerts + +- New: Cloud Alerts layout (Available from Cortex XSIAM 2.0). + +#### Scripts + +##### New: XCloudAdditionalAlertInformationWidget + +- New: This script retrieves additional original alert information from the context. (Available from Cortex XCLOUD). diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/README.md b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/README.md new file mode 100644 index 000000000000..0e3c5c43a79e --- /dev/null +++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/README.md @@ -0,0 +1,30 @@ +This script retrieves additional original alert information from the context. + +## Script Data + +--- + +| **Name** | **Description** | +| --- | --- | +| Script Type | python3 | +| Tags | dynamic-section | +| Cortex XSOAR Version | 6.10.0 | + +## Dependencies + +--- +This script uses the following commands and scripts. + +* SetByIncidentId +* core-get-cloud-original-alerts +* Cortex Core - IR + +## Inputs + +--- +There are no inputs for this script. + +## Outputs + +--- +There are no outputs for this script. diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py new file mode 100644 index 000000000000..8354f6626322 --- /dev/null +++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.py @@ -0,0 +1,72 @@ +from CommonServerPython import * # noqa: F401 + + +''' COMMAND FUNCTION ''' + + +def get_additonal_info() -> List[Dict]: + alerts = demisto.context().get('Core', {}).get('OriginalAlert') + if not alerts: + raise DemistoException('Original Alert is not configured in context') + if not isinstance(alerts, list): + alerts = [alerts] + + results = [] + for alert in alerts: + alert_event = alert.get('event') + res = {'Alert Full Description': alert.get('alert_full_description'), + 'Detection Module': alert.get('detection_modules'), + 'Vendor': alert_event.get('vendor'), + 'Provider': alert_event.get('cloud_provider'), + 'Log Name': alert_event.get('log_name'), + 'Event Type': demisto.get(alert_event, 'raw_log.eventType'), + 'Caller IP': alert_event.get('caller_ip'), + 'Caller IP Geo Location': alert_event.get('caller_ip_geolocation'), + 'Resource Type': alert_event.get('resource_type'), + 'Identity Name': alert_event.get('identity_name'), + 'Operation Name': alert_event.get('operation_name'), + 'Operation Status': alert_event.get('operation_status'), + 'User Agent': alert_event.get('user_agent')} + results.append(res) + indicators = [res.get('Caller IP') for res in results] + indicators_callable = indicators_value_to_clickable(indicators) + for res in results: + res['Caller IP'] = indicators_callable.get(res.get('Caller IP')) + return results + + +def verify_list_type(original_alert_data): + if isinstance(original_alert_data, list): + res = original_alert_data[0].get('EntryContext') + res['OriginalAlert'] = res.pop('Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)') + if isinstance(res['OriginalAlert'], list): + res['OriginalAlert'] = res['OriginalAlert'][0] + return res + return None + + +''' MAIN FUNCTION ''' + + +def main(): # pragma: no cover + try: + alert_context = demisto.investigation() + core_alert_context = demisto.context().get('Core', {}) + if not core_alert_context.get('OriginalAlert'): + original_alert_data = demisto.executeCommand('core-get-cloud-original-alerts', {"alert_ids": alert_context.get('id')}) + if original_alert_data: + res = verify_list_type(original_alert_data) + demisto.executeCommand('SetByIncidentId', {"key": "Core", "value": res, "id": alert_context.get('id')}) + results = get_additonal_info() + command_results = CommandResults( + readable_output=tableToMarkdown('Original Alert Additional Information', results, + headers=list(results[0].keys()) if results else None)) + return_results(command_results) + except Exception as ex: + return_error(f'Failed to execute AdditionalAlertInformationWidget. Error: {str(ex)}') + + +''' ENTRY POINT ''' + +if __name__ in ('__main__', '__builtin__', 'builtins'): + main() diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml new file mode 100644 index 000000000000..1756f7738de6 --- /dev/null +++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget.yml @@ -0,0 +1,21 @@ +commonfields: + id: XCloudAdditionalAlertInformationWidget + version: -1 +name: XCloudAdditionalAlertInformationWidget +script: '' +type: python +tags: +- dynamic-section +comment: This script retrieves additional original alert information from the context. +enabled: true +scripttarget: 0 +subtype: python3 +runonce: false +dockerimage: demisto/python3:3.10.13.83255 +runas: DBotWeakRole +engineinfo: {} +fromversion: 6.10.0 +marketplaces: +- marketplacev2 +tests: +- No tests (auto formatted) diff --git a/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py new file mode 100644 index 000000000000..680a79d4c3c8 --- /dev/null +++ b/Packs/CloudIncidentResponse/Scripts/XCloudAdditionalAlertInformationWidget/XCloudAdditionalAlertInformationWidget_test.py @@ -0,0 +1,62 @@ +import unittest +from unittest.mock import patch +from XCloudAdditionalAlertInformationWidget import * + + +class TestXCloudAdditionalAlertInformationWidget(unittest.TestCase): + + @patch('demistomock.context', return_value={'Core': {'OriginalAlert': [{'event': {'alert_full_description': None, + 'detection_modules': None, + 'vendor': 'Vendor1', + 'cloud_provider': 'AWS', + 'log_name': 'SecurityLog', + 'raw_log': {'eventType': 'Event1'}, + 'caller_ip': '192.168.1.1', + 'caller_ip_geolocation': 'Location1', + 'resource_type': 'ResourceType1', + 'identity_name': 'User1', + 'operation_name': 'Operation1', + 'operation_status': 'Success', + 'user_agent': 'Browser1'}}]}}) + def test_get_additonal_info(self, mock_context): + # Test with a mock context containing one original alert + expected_result = [{'Alert Full Description': None, + 'Detection Module': None, + 'Vendor': 'Vendor1', + 'Provider': 'AWS', + 'Log Name': 'SecurityLog', + 'Event Type': 'Event1', + 'Caller IP': None, + 'Caller IP Geo Location': 'Location1', + 'Resource Type': 'ResourceType1', + 'Identity Name': 'User1', + 'Operation Name': 'Operation1', + 'Operation Status': 'Success', + 'User Agent': 'Browser1'}] + + result = get_additonal_info() # Corrected function name + assert result == expected_result + + def test_verify_list_type_dict(self): + input_dict = [{ + "EntryContext": {"Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)": {"id": "123"}}}] + expected_output = {"OriginalAlert": {"id": "123"}} + output = verify_list_type(input_dict) + assert output == expected_output + + def test_verify_list_type_list(self): + input_list = [ + {"EntryContext": {"Core.OriginalAlert(val.internal_id && val.internal_id == obj.internal_id)": {"id": "123"}}}] + expected_output = {"OriginalAlert": {"id": "123"}} + output = verify_list_type(input_list) + assert output == expected_output + + def test_verify_list_type_empty(self): + input = None + expected_output = None + output = verify_list_type(input) + assert output == expected_output + + +if __name__ == '__main__': + unittest.main() diff --git a/Packs/CloudIncidentResponse/pack_metadata.json b/Packs/CloudIncidentResponse/pack_metadata.json index da26f7874a52..a5009ba0f288 100644 --- a/Packs/CloudIncidentResponse/pack_metadata.json +++ b/Packs/CloudIncidentResponse/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cloud Incident Response", "description": "This content Pack helps you automate collection, investigation, and remediation of incidents related to cloud infrastructure activities in AWS, Azure, and GCP.", "support": "xsoar", - "currentVersion": "1.0.9", + "currentVersion": "1.0.10", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",