forked from demisto/content
-
Notifications
You must be signed in to change notification settings - Fork 13
/
C2sec.yml
204 lines (203 loc) · 6.65 KB
/
C2sec.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
commonfields:
id: C2sec irisk
version: -1
name: C2sec irisk
display: C2sec irisk
fromversion: 5.0.0
category: Data Enrichment & Threat Intelligence
description: Understand Your Cyber Exposure as Easy as a Google Search
configuration:
- display: API URL (e.g. https://api.c2sec.com/api)
name: endpointURL
defaultvalue: ""
type: 0
required: true
- display: API Key
name: apikey
defaultvalue: ""
type: 4
required: false
hidden: true
- name: apikey_creds
type: 9
required: false
displaypassword: API Key
hiddenusername: true
- display: Default domain name
name: domainName
type: 0
required: true
defaultvalue: ''
- display: Trust any certificate (not secure)
name: unsecure
required: false
type: 8
- display: Use system proxy settings
name: proxy
required: false
type: 8
script:
script: '-'
type: python
subtype: python3
commands:
- name: irisk-add-domain
arguments:
- name: domain
description: Domain to add to the portfolio. If empty, default domain will be used.
- name: newscan
required: true
auto: PREDEFINED
predefined:
- "true"
- "false"
description: Flag to indicate whether a new scan is always initiated for the specified domain.
defaultValue: "true"
outputs:
- contextPath: C2Sec.Domain.result
description: Result status of adding the new company.
- contextPath: C2Sec.Domain.Name
description: The name of the searched domain.
description: Adds a domain to portfolio.
- name: irisk-get-scan-status
arguments:
- name: id
required: true
description: Domain workitemid for which to check the status.
outputs:
- contextPath: C2sec.Domain.Scan.domain
description: The name of the scanned domain.
type: string
- contextPath: C2sec.Domain.Scan.workitemid
description: The ID of the current scan.
type: number
- contextPath: C2sec.Domain.Scan.completeTime
description: The time that the scan was completed.
type: date
- contextPath: C2sec.Domain.Scan.creationTime
description: The time that the scan was initiated.
type: date
- contextPath: C2sec.Domain.Scan.status
description: The status of the current scan ("processing"/"completed").
type: number
description: Queries the status of a scan.
- name: irisk-rescan-domain
arguments:
- name: domain
description: Domain to re-scan. If empty, the default domain will be used.
outputs:
- contextPath: C2sec.Domain.Scan.domain
description: The name of the scanned domain.
type: string
- contextPath: C2sec.Domain.Scan.workitemid
description: Scan ID.
type: number
- contextPath: C2sec.Domain.Scan.result
description: The scan result status.
type: string
description: Initiates a re-scan for a domain within a portfolio.
- name: irisk-get-domain-issues
arguments:
- name: domain
description: The domain to query. If empty, the default domain it will be used.
- name: severity
description: Filter query results by issue severity..
outputs:
- contextPath: C2sec.Domain.Name
description: The name of the domain against which it was checked.
type: string
- contextPath: C2sec.Domain.Issue.ID
description: Issue ID.
type: string
- contextPath: C2sec.Domain.Issue.Asset
description: Asset associated with the issues. For example, IP addresses, website URLs, and so on.
type: string
- contextPath: C2sec.Domain.Issue.Component
description: The component used in the issue.
type: string
- contextPath: C2sec.Domain.Issue.ComponentDisplay
description: The display name of the component being used.
type: string
- contextPath: C2sec.Domain.Issue.Details
description: The details for the issue.
type: string
- contextPath: C2sec.Domain.Issue.Issue
description: The name of the issue.
type: string
- contextPath: C2sec.Domain.Issue.Severity
description: The severity of the issue.
type: string
description: Returns the issues located under the specified domain.
- name: irisk-get-scan-results
arguments:
- name: domain
required: true
description: The domain to query. If empty, default domain will be used.
- name: component
required: true
auto: PREDEFINED
predefined:
- credential
- network
- application
description: The component to query.
outputs:
- contextPath: C2sec.Domain.application.result
description: Query status.
type: string
- contextPath: C2sec.Domain.application.Domain
description: The domain name being queried.
type: string
- contextPath: C2sec.Domain.application.data.appdetail
description: Details about the application being checked.
type: string
- contextPath: C2sec.Domain.application.data.info
description: Information regarding the data being processed.
type: string
- contextPath: C2sec.Domain.application.data.website
description: Website address being processed.
type: string
- contextPath: C2sec.Domain.credential.result
description: Query status.
type: string
- contextPath: C2sec.Domain.credential.Domain
description: The domain name being queried.
type: string
- contextPath: C2sec.Domain.credential.data.user
description: User name.
type: string
- contextPath: C2sec.Domain.credential.data.pw
description: User password.
type: string
- contextPath: C2sec.Domain.network.result
description: Query status.
type: string
- contextPath: C2sec.Domain.network.Domain
description: The domain name being queried.
type: string
- contextPath: C2sec.Domain.network.data.firewall
description: Firewall status.
type: string
- contextPath: C2sec.Domain.network.data.port
description: Port number.
type: string
- contextPath: C2sec.Domain.network.data.IP
description: IP address.
type: string
- contextPath: C2sec.Domain.network.data.Name
description: Name of the user.
type: string
- contextPath: C2sec.Domain.network.data.service
description: Name of the service being used.
type: string
- contextPath: C2sec.Domain.network.data.protocol
description: Name of the protocol being used.
type: string
- contextPath: C2sec.Domain.network.data.state
description: State of the network application ("open" or "closed").
type: string
description: Query Data for specific component for companies in the portfolio
runonce: false
dockerimage: demisto/python3:3.10.12.62631
tests:
- No tests (auto formatted)