Skip to content

Commit 9812e1e

Browse files
content-botchkp-christiangRosenbergYehuda
authored and
MichaelYochpaz
committed
New features for emails (#29400)
* New features for emails (#28916) * New features for emails * Fix validations * Fix lint and test * Increase coverage and fix validation * Increase test coverage * Manual report condition * Request changes * Fixes request changes * Fix last fetch * Skip event with last fetch time * Remove sensitive data * Change args from simple to complex format * Update notification endpoint * Minor fixes * Fix layout field * Fix condition for manual alerts * Update docker * Add button to get campaign result and fix scan info command output * Update release notes * fix Rn * fix rn * fix rn * remove an empty line * add a "." for validation to pass * one more period --------- Co-authored-by: Christian Gutierrez <[email protected]> Co-authored-by: Yehuda <[email protected]>
1 parent ec18f5d commit 9812e1e

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

46 files changed

+20176
-487
lines changed

Packs/CheckPointHEC/.pack-ignore

+22
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
[file:incidentfield-CheckPointHEC_Campaign_Task.json]
2+
ignore=IF113
3+
4+
[file:incidentfield-CheckPointHEC_Farm.json]
5+
ignore=IF113
6+
7+
[file:incidentfield-CheckPointHEC_Email_Sender.json]
8+
ignore=IF113
9+
10+
[file:incidentfield-CheckPointHEC_Email_Subject.json]
11+
ignore=IF113
12+
13+
[file:incidentfield-CheckPointHEC_Reported.json]
14+
ignore=IF113
15+
16+
[file:incidentfield-CheckPointHEC_Task.json]
17+
ignore=IF113
18+
19+
[known_words]
20+
HEC
21+
CP
22+
Saas

Packs/CheckPointHEC/.secrets-ignore

+5-2
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
11
[email protected]
2-
24dfc0f6bd9c7f2eaf5f8457b8c593d3
3-
54.240.9.35
2+
[email protected]
3+
https://yardiasp14.com
4+
http://operatf.xyz
5+
[email protected]
6+
[email protected]

Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Campaign_Task.json

+32
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
{
2+
"id": "incident_checkpointheccampaigntask",
3+
"version": -1,
4+
"modified": "2023-08-07T15:36:49.667762Z",
5+
"name": "CP HEC Campaign Task",
6+
"ownerOnly": false,
7+
"description": "Campaign task id to get results",
8+
"cliName": "checkpointheccampaigntask",
9+
"type": "shortText",
10+
"closeForm": false,
11+
"editForm": true,
12+
"required": false,
13+
"neverSetAsRequired": false,
14+
"isReadOnly": false,
15+
"useAsKpi": false,
16+
"locked": false,
17+
"system": false,
18+
"content": true,
19+
"group": 0,
20+
"hidden": false,
21+
"openEnded": false,
22+
"associatedTypes": [
23+
"CheckPointHEC Security Event"
24+
],
25+
"associatedToAll": false,
26+
"unmapped": false,
27+
"unsearchable": true,
28+
"caseInsensitive": true,
29+
"sla": 0,
30+
"threshold": 72,
31+
"fromVersion": "6.9.0"
32+
}

Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Customer.json

+2-2
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
{
22
"id": "incident_checkpointheccustomer",
33
"version": -1,
4-
"modified": "2023-07-02T03:39:22.498231281Z",
5-
"name": "CheckPointHEC Customer",
4+
"modified": "2023-08-01T19:26:46.346683Z",
5+
"name": "CP HEC Customer",
66
"ownerOnly": false,
77
"placeholder": "CP Customer",
88
"description": "Customer portal name",

Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Email_Sender.json

+33
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
{
2+
"id": "incident_checkpointhecemailsender",
3+
"version": -1,
4+
"modified": "2023-08-07T15:36:49.667762Z",
5+
"name": "CP HEC Email Sender",
6+
"ownerOnly": false,
7+
"placeholder": "Email Sender",
8+
"description": "Sender of the email",
9+
"cliName": "checkpointhecemailsender",
10+
"type": "shortText",
11+
"closeForm": false,
12+
"editForm": true,
13+
"required": false,
14+
"neverSetAsRequired": false,
15+
"isReadOnly": false,
16+
"useAsKpi": false,
17+
"locked": false,
18+
"system": false,
19+
"content": true,
20+
"group": 0,
21+
"hidden": false,
22+
"openEnded": false,
23+
"associatedTypes": [
24+
"CheckPointHEC Security Event"
25+
],
26+
"associatedToAll": false,
27+
"unmapped": false,
28+
"unsearchable": true,
29+
"caseInsensitive": true,
30+
"sla": 0,
31+
"threshold": 72,
32+
"fromVersion": "6.9.0"
33+
}

Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Email_Subject.json

+33
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
{
2+
"id": "incident_checkpointhecemailsubject",
3+
"version": -1,
4+
"modified": "2023-08-07T15:36:49.667762Z",
5+
"name": "CP HEC Email Subject",
6+
"ownerOnly": false,
7+
"placeholder": "Email Subject",
8+
"description": "Subject of the email",
9+
"cliName": "checkpointhecemailsubject",
10+
"type": "shortText",
11+
"closeForm": false,
12+
"editForm": true,
13+
"required": false,
14+
"neverSetAsRequired": false,
15+
"isReadOnly": false,
16+
"useAsKpi": false,
17+
"locked": false,
18+
"system": false,
19+
"content": true,
20+
"group": 0,
21+
"hidden": false,
22+
"openEnded": false,
23+
"associatedTypes": [
24+
"CheckPointHEC Security Event"
25+
],
26+
"associatedToAll": false,
27+
"unmapped": false,
28+
"unsearchable": true,
29+
"caseInsensitive": true,
30+
"sla": 0,
31+
"threshold": 72,
32+
"fromVersion": "6.9.0"
33+
}

Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Entity.json

+2-2
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
{
22
"id": "incident_checkpointhecentity",
33
"version": -1,
4-
"modified": "2023-07-02T04:30:15.829662037Z",
5-
"name": "CheckPointHEC Entity",
4+
"modified": "2023-08-01T19:26:46.346683Z",
5+
"name": "CP HEC Entity",
66
"ownerOnly": false,
77
"placeholder": "CP Entity ID",
88
"description": "Internal entity ID of email with leak",

Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Farm.json

+33
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
{
2+
"id": "incident_checkpointhecfarm",
3+
"version": -1,
4+
"modified": "2023-08-07T15:36:49.667762Z",
5+
"name": "CP HEC Farm",
6+
"ownerOnly": false,
7+
"placeholder": "CP Farm",
8+
"description": "Customer farm",
9+
"cliName": "checkpointhecfarm",
10+
"type": "shortText",
11+
"closeForm": false,
12+
"editForm": true,
13+
"required": false,
14+
"neverSetAsRequired": false,
15+
"isReadOnly": false,
16+
"useAsKpi": false,
17+
"locked": false,
18+
"system": false,
19+
"content": true,
20+
"group": 0,
21+
"hidden": false,
22+
"openEnded": false,
23+
"associatedTypes": [
24+
"CheckPointHEC Security Event"
25+
],
26+
"associatedToAll": false,
27+
"unmapped": false,
28+
"unsearchable": true,
29+
"caseInsensitive": true,
30+
"sla": 0,
31+
"threshold": 72,
32+
"fromVersion": "6.9.0"
33+
}

Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Saas.json

+2-2
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
{
22
"id": "incident_checkpointhecsaas",
33
"version": -1,
4-
"modified": "2023-07-02T04:30:00.142598958Z",
5-
"name": "CheckPointHEC Saas",
4+
"modified": "2023-08-01T19:26:46.346683Z",
5+
"name": "CP HEC Saas",
66
"ownerOnly": false,
77
"placeholder": "CP Saas Identifier",
88
"description": "Internal SaaS Identifier",

Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Task.json

+32
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
{
2+
"id": "incident_checkpointhectask",
3+
"version": -1,
4+
"modified": "2023-08-07T15:36:49.667762Z",
5+
"name": "CP HEC Task",
6+
"ownerOnly": false,
7+
"description": "Action task id to get results",
8+
"cliName": "checkpointhectask",
9+
"type": "shortText",
10+
"closeForm": false,
11+
"editForm": true,
12+
"required": false,
13+
"neverSetAsRequired": false,
14+
"isReadOnly": false,
15+
"useAsKpi": false,
16+
"locked": false,
17+
"system": false,
18+
"content": true,
19+
"group": 0,
20+
"hidden": false,
21+
"openEnded": false,
22+
"associatedTypes": [
23+
"CheckPointHEC Security Event"
24+
],
25+
"associatedToAll": false,
26+
"unmapped": false,
27+
"unsearchable": true,
28+
"caseInsensitive": true,
29+
"sla": 0,
30+
"threshold": 72,
31+
"fromVersion": "6.9.0"
32+
}

Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Type.json

+2-2
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
{
22
"id": "incident_checkpointhectype",
33
"version": -1,
4-
"modified": "2023-07-02T04:30:44.192922335Z",
5-
"name": "CheckPointHEC Type",
4+
"modified": "2023-08-01T19:26:46.346683Z",
5+
"name": "CP HEC Type",
66
"ownerOnly": false,
77
"placeholder": "CP Event Type",
88
"description": "Detection type (dlp, phishing, malware, spam)",

Packs/CheckPointHEC/IncidentTypes/incidenttype-CheckPointHEC_Security_Event.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
"disabled": false,
2020
"reputationCalc": 0,
2121
"onChangeRepAlg": 0,
22-
"layout": "CheckPointHEC Security Event Layout",
22+
"layout": "CP HEC Security Event Layout",
2323
"detached": false,
2424
"extractSettings": {
2525
"mode": "Specific",

0 commit comments

Comments
 (0)