Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding post url to cybersixgill sub alerts #31698

Merged
merged 13 commits into from Dec 24, 2023
Merged

Adding post url to cybersixgill sub alerts #31698

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
9a626c6
Adding post url to cybersixgill sub alerts (#31632)
shahul-loginsoft Dec 24, 2023
7dddbbc
revert unnecessary files
adi88d Dec 24, 2023
9d03c06
update RN
adi88d Dec 24, 2023
d2a0395
Merge branch 'master' into contrib/shahul-loginsoft_adding_post_url_t…
adi88d Dec 24, 2023
bac10c3
update RN
adi88d Dec 24, 2023
e1fcbee
Merge remote-tracking branch 'origin/contrib/shahul-loginsoft_adding_…
adi88d Dec 24, 2023
5f11abd
add RN
adi88d Dec 24, 2023
c5c56ee
Update Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_12.md
kgal-pan Dec 24, 2023
4e01b87
Merge branch 'master' into contrib/shahul-loginsoft_adding_post_url_t…
adi88d Dec 24, 2023
b7f4b65
NetskopeAPIv2 `alert_query` argument (#31690)
dorschw Dec 24, 2023
3a52a7b
ParseEmailFiles: Update docker (#31683)
moishce Dec 24, 2023
195b031
Adding Cloud Alerts Layout (#31118)
ssokolovich Dec 24, 2023
3f9c2d5
Merge branch 'master' into contrib/shahul-loginsoft_adding_post_url_t…
kgal-pan Dec 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
139 changes: 111 additions & 28 deletions ...tionableAlerts/Classifiers/classifier-mapper-incoming-Cybersixgill-Actionable-Alerts.json
View file
Open in desktop
@@ -1,31 +1,114 @@
{
"description": "",
"feed": false,
"id": "Cybersixgill Actionable Alerts - Incoming Mapper",
"mapping": {
"Cybersixgill Actionable Alerts": {
"dontMapEventToLabels": true,
"internalMapping": {
"Cybersixgill CVSS 2.0": {
"simple": "additional_info.nvd.v3.current"
},
"Cybersixgill CVSS 3.1": {
"simple": "additional_info.nvd.v2.current"
},
"Cybersixgill DVE Score": {
"simple": "additional_info.score.current"
},
"Cybersixgill Suspicious domain": {
"simple": "additional_info.tables.suspicious_domain"
},
"Cybersixgill Triggered domain": {
"simple": "additional_info.tables.triggered_domain"
}
}
}
},
"name": "Cybersixgill Actionable Alerts - Incoming Mapper",
"type": "mapping-incoming",
"version": -1,
"description": "",
"feed": false,
"id": "Cybersixgill Actionable Alerts - Incoming Mapper",
"mapping": {
"Cybersixgill Actionable Alerts": {
"dontMapEventToLabels": true,
"internalMapping": {
"Cybersixgill CVSS 2.0": {
"simple": "additional_info.nvd.v3.current"
},
"Cybersixgill CVSS 3.1": {
"simple": "additional_info.nvd.v2.current"
},
"Cybersixgill DVE Score": {
"simple": "additional_info.score.current"
},
"Cybersixgill Suspicious domain": {
"simple": "additional_info.tables.suspicious_domain"
},
"Cybersixgill Triggered domain": {
"simple": "additional_info.tables.triggered_domain"
},
"Cybersixgill Post URL": {
"complex": {
"filters": [
[
{
"left": {
"isContext": true,
"value": {
"simple": "sub_alerts_length"
}
},
"operator": "greaterThan",
"right": {
"value": {
"simple": "0"
}
}
}
]
],
"root": "sub_alerts_length",
"transformers": [
{
"args": {
"limit": {},
"replaceWith": {},
"toReplace": {
"isContext": true,
"value": {
"simple": "sub_alerts_length"
}
}
},
"operator": "replace"
},
{
"args": {
"prefix": {
"value": {
"simple": "https://portal.cybersixgill.com/#/alerts?actionable_alert_content_id={id}\u0026aggregatedIndex={aggregate_alert_id}\u0026filters.alert_id={id}"
}
},
"suffix": {}
},
"operator": "concat"
},
{
"args": {
"limit": {},
"replaceWith": {
"isContext": true,
"value": {
"simple": "id"
}
},
"toReplace": {
"value": {
"simple": "{id}"
}
}
},
"operator": "replace"
},
{
"args": {
"limit": {},
"replaceWith": {
"isContext": true,
"value": {
"simple": "aggregate_alert_id"
}
},
"toReplace": {
"value": {
"simple": "{aggregate_alert_id}"
}
}
},
"operator": "replace"
}
]
}
}
}
}
},
"name": "Cybersixgill Actionable Alerts - Incoming Mapper",
"type": "mapping-incoming",
"version": -1,
"fromVersion": "6.10.0"
}
31 changes: 31 additions & 0 deletions Packs/Cybersixgill-ActionableAlerts/IncidentFields/Cybersixgill_Post_URL.json
View file
Open in desktop
@@ -0,0 +1,31 @@
{
"id": "incident_cybersixgillposturl",
"version": -1,
"modified": "2023-12-11T13:18:50.541657402+05:30",
"name": "Cybersixgill Post URL",
"ownerOnly": false,
"cliName": "cybersixgillposturl",
"type": "shortText",
"closeForm": false,
"editForm": true,
"required": false,
"neverSetAsRequired": false,
"isReadOnly": false,
"useAsKpi": false,
"locked": false,
"system": false,
"content": true,
"group": 0,
"hidden": false,
"openEnded": false,
"associatedTypes": [
"Cybersixgill Actionable Alerts"
],
"associatedToAll": false,
"unmapped": false,
"unsearchable": true,
"caseInsensitive": true,
"sla": 0,
"threshold": 72,
"fromVersion": "6.10.0"
}