Armorblox Cortex Integration (#15873)

* Armorblox Cortex Integration Initial Commit for Cortex Integration Added README Deleted www from Armorblox url Addition of a new command to check remediation actions Added playbook and changes Removal of extra space in Armorblox Outbound Threat and renaming MailBox to Mailbox in Armorblox Abuse MailBox Threat Removed default tenant name Added changes for testing script Removed MailBox incident type Removed unwanted Threat(MailBox and Armorblox Outbound) from mapper added github users in pack metadata Co-authored-by: Rajat Upadhyaya <[email protected]> * Validation-Fix - whitelisted secrets and set unsearchable key to true for all incidentfields (#4) Co-authored-by: Ankita Sharma <[email protected]> * added test-cases to increase coverage % to 77 * Review Changes * Removed unintentional '}' * Update Packs/Armorblox/Integrations/Armorblox/Armorblox.yml Co-authored-by: dorschw <[email protected]> * Removed custom script to send email.Added mail sender (new) integration in playbook * Playbook review Changes * Changed the pack category Co-authored-by: Ankita Sharma <[email protected]> Co-authored-by: dorschw <[email protected]>
demisto · Dec 7, 2021 · 105b813 · 105b813
1 parent a356e63
commit 105b813
Show file tree

Hide file tree

Showing 32 changed files with 2,170 additions and 0 deletions.
diff --git a/Packs/Armorblox/.pack-ignore b/Packs/Armorblox/.pack-ignore
diff --git a/Packs/Armorblox/.secrets-ignore b/Packs/Armorblox/.secrets-ignore
@@ -0,0 +1,13 @@
+https://www.armorblox.com
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+SJ0PR02MB7743A165338D03112AB9CA76B6619@SJ0PR02MB7743.namprd02.prod.outlook.com
+[email protected]
+[email protected]
+WloRAaQbQtuv2hMKf5f2AQ@geopod-ismtpd-1-1
+IJWZC9WxS9GHKPNelKCPIA@geopod-ismtpd-4-1
diff --git a/Packs/Armorblox/Author_image.png b/Packs/Armorblox/Author_image.png
diff --git a/Packs/Armorblox/Classifiers/classifier-Armorblox_-_Classifier.json b/Packs/Armorblox/Classifiers/classifier-Armorblox_-_Classifier.json
@@ -0,0 +1,62 @@
+{
+    "defaultIncidentType": "Armorblox",
+    "description": "Classifies Armorblox Incidents.",
+    "feed": false,
+    "id": "e8ded555-9409-4d33-842c-45d29b6ab31c",
+    "keyTypeMap": {
+        "Abuse Report": "Armorblox Abuse Mailbox Report",
+        "Extortion": "Armorblox Inbound Threat",
+        "Graymail": "Armorblox Inbound Threat",
+        "Impersonation: Employee": "Armorblox Inbound Threat",
+        "Impersonation: VIP": "Armorblox Inbound Threat",
+        "Impersonation: VIP (Requesting Gift Card)": "Armorblox Inbound Threat",
+        "Impersonation:Employee": "Armorblox Inbound Threat",
+        "Impersonation:VIP": "Armorblox Inbound Threat",
+        "PCI Bank Account Number": "Armorblox Outbound Threat",
+        "PCI Credit Card Number": "Armorblox Outbound Threat",
+        "PCI IBAN": "Armorblox Outbound Threat",
+        "PCI Routing Number": "Armorblox Outbound Threat",
+        "PII Passport": "Armorblox Outbound Threat",
+        "PII Social Security Number": "Armorblox Outbound Threat",
+        "PII Tax Number": "Armorblox Outbound Threat",
+        "Passwords": "Armorblox Outbound Threat",
+        "Payment Fraud (External)": "Armorblox Inbound Threat",
+        "Payment Fraud (Internal)": "Armorblox Inbound Threat",
+        "Payroll Fraud": "Armorblox Inbound Threat",
+        "Phish URL (Attachment)": "Armorblox Inbound Threat",
+        "Phish URL (Mail Body)": "Armorblox Inbound Threat",
+        "Potential Account Compromise": "Armorblox Inbound Threat",
+        "Ransomware": "Armorblox Inbound Threat",
+        "Social Engineering": "Armorblox Inbound Threat"
+    },
+    "name": "Armorblox - Classifier",
+    "transformer": {
+        "complex": {
+            "accessor": "",
+            "filters": [],
+            "root": "policy_names",
+            "transformers": [
+                {
+                    "args": {
+                        "descending": {
+                            "isContext": false,
+                            "value": {
+                                "complex": null,
+                                "simple": "false"
+                            }
+                        }
+                    },
+                    "operator": "sort"
+                },
+                {
+                    "args": {},
+                    "operator": "FirstArrayElement"
+                }
+            ]
+        },
+        "simple": ""
+    },
+    "type": "classification",
+    "version": -1,
+    "fromVersion": "6.0.0"
+}