Stamus integration v1.0.0 (#29426)

* Stamus integration v1.0.0 (#26286)

* packs: add stamus pack to xsoar content

Implement a new set of commands to interact with
Stamus Security Platform.

* Stamus: remove dummy test

* Stamus: use StamusIntegration prefix

* Stamus: fix some descriptions

* Stamus: update result to return markdown

* Stamus: rename commands

* Stamus: update pack metadata

* Stamus: homogeneize message

* Stamus: really basic README

* Stamus: fix some linters warning

* Stamus: import playbook and mapper

* Stamus: more import

Import Stamus' IncidentFields, IncidentFields and Layouts

* Stamus: add playbook documentation

* Stamus: more documentation

* Stamus: add generated docs

* Stamus: remove template comment

* Stamus: use f-string

* Stamus: simply test connection

* Stamus: remove commented code

* Stamus: docstring on escape function

* Stamus: fix to have one context for each command

* Stamus: refactoring

* Stamus: remove useless code

* Stamus: get default value in results if no results

* Stamus: run demisto format on yaml files

* Stamus: update README

* Stamus: fix missing description and format

* Stamus: fix following validation

* Stamus: add missing playbook image

* Stamus: remove marketplacev2 support

* Stamus: fix info extraction in get DoC command

* Stamus: use getter function

Co-authored-by: Guy Afik <[email protected]>

* Stamus: command should be lower case

* Stamus: avoid double read of event

* Stamus: little optimization

* Stamus: add docstring

* Stamus: remove not needed files

* Stamus: add basic integration doc

* Stamus: fix JSON format

* Stamus: fix some name in playbook

* Stamus: rename IOC params

* Stamus: fix demisto sdk validation

validation: demisto-sdk validate -i Packs/Stamus/IncidentTypes/incidenttype-Stamus_Networks.json
validation: fix: demisto-sdk format -i /home/snuser/cortex/Packs/Stamus/IncidentTypes/incidenttype-Stamus_Networks.json

* Stamus: fix params name gotten from conf

* Stamus: fix stamus extra data playbook following new naming

* Stamus: fix playbook ID

* Stamus: Add descriptions

* Stamus: move constants with other constants

* Stamus: use getter function + fix linter

* Stamus: use fstring

* Stamus: unit tests impl

* Stamus: remove template doc

Co-authored-by: Guy Afik <[email protected]>

* Stamus: add test data to secret-ignore

* Stamus: fix event type

* Stamus: update demisto docker image

* Stamus: fix reference in classifier

* Stamus: update README.md

Runned demisto-sdk generate-docs -i Packs/Stamus/Integrations/Stamus/Stamus.yml
and fixed the version string.

* Stamus: fix linter error

* Stamus: fix linter warning

* Stamus: fix a playbook param

* Stamus: fix key value

* Stamus: set default value for incident

* Stamus: update from version

* Stamus: set default incoming mapper

* Stamus: improve layout

* Stamus: some more layout work

* Stamus: use already defined fields

* Stamus: don't extract indicators

Most fields are information and we should not extract indicators.

* Stamus: display threat info in layout

* Stamus: don't try to display removed field

* Stamus: add host first seen

* Stamus: add host insight info in incident layout

This is the first pass, we need to add the role.

* Stamus: display major host insight information

* Stamus: retry policy and fix a field

Host insight info can be available after some time if ever the
host has not be seen before.

* Stamus: update to fix validation

* Stamus: add description to mapper

* Stamus: add integration as 'start time' user

---------

Co-authored-by: Nicolas Frisoni <[email protected]>
Co-authored-by: Guy Afik <[email protected]>
Co-authored-by: Peter <[email protected]>

* bump rn

* rn

* pre-commit

* Bump pack from version CommonTypes to 3.3.85.

* update mapper

* bump rn

* update rn

* Empty-Commit

* bump rn

* ds108 validation fixes

* fix validation

* ds108

---------

Co-authored-by: Eric Leblond <[email protected]>
Co-authored-by: Nicolas Frisoni <[email protected]>
Co-authored-by: Guy Afik <[email protected]>
Co-authored-by: Peter <[email protected]>
Co-authored-by: GuyAfik <[email protected]>
Co-authored-by: Content Bot <[email protected]>

Packs/CommonTypes/IncidentFields/incidentfield-Start_Time.json

@@ -12,7 +12,8 @@
         "Exabeam Incident",
         "Microsoft Sentinel Incident",
         "Graph Security Alert",
-        "CrowdStrike Falcon IDP Detection"
+        "CrowdStrike Falcon IDP Detection",
+        "Stamus Networks DoC"
     ],
     "breachScript": "",
     "caseInsensitive": true,

Packs/CommonTypes/ReleaseNotes/3_3_85.md

@@ -0,0 +1,4 @@
+
+#### Incident Fields
+Added the **Stamus Networks DoC** incident type to the following incident fields:
+- **Start Time**

Packs/CommonTypes/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Common Types",
     "description": "This Content Pack will get you up and running in no-time and provide you with the most commonly used incident & indicator fields and types.",
     "support": "xsoar",
-    "currentVersion": "3.3.84",
+    "currentVersion": "3.3.85",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/Stamus/.secrets-ignore

@@ -0,0 +1,7 @@
+10.11.13.101
+https://10.136.0.72
+10.136.0.72
+10.7.5.101
+95.142.46.236
+https://scs.my.org
+217.116.0.227

Packs/Stamus/Classifiers/classifier-Stamus_Networks_incoming_mapper.json

@@ -0,0 +1,62 @@
+{
+    "description": "Stamus Networks Incoming Mapper",
+    "feed": false,
+    "id": "Stamus Networks incoming mapper",
+    "mapping": {
+        "Stamus Networks DoC": {
+            "dontMapEventToLabels": false,
+            "internalMapping": {
+                "Threat Family Name": {
+                    "simple": "family"
+                },
+                "StamusFamilyDescription": {
+                    "simple": "family_description"
+                },
+                "StamusFamilyID": {
+                    "simple": "family_id"
+                },
+                "StamusFamilyLink": {
+                    "simple": "family_link"
+                },
+                "StamusID": {
+                    "simple": "id"
+                },
+                "StamusKillchain": {
+                    "simple": "kill_chain"
+                },
+                "StamusTarget": {
+                    "simple": "target"
+                },
+                "StamusTargettype": {
+                    "simple": "target_type"
+                },
+                "StamusTenant": {
+                    "simple": "tenant"
+                },
+                "StamusThreatDescription": {
+                    "simple": "threat_description"
+                },
+                "StamusThreatId": {
+                    "simple": "threat_id"
+                },
+                "StamusThreatLink": {
+                    "simple": "threat_link"
+                },
+                "Start Time": {
+                    "simple": "timestamp"
+                },
+                "Threat Name": {
+                    "simple": "threat"
+                }
+            }
+        },
+        "dbot_classification_incident_type_all": {
+            "dontMapEventToLabels": false,
+            "internalMapping": {}
+        }
+    },
+    "name": "Stamus Networks incoming mapper",
+    "type": "mapping-incoming",
+    "version": -1,
+    "fromVersion": "6.9.0"
+}

Packs/Stamus/IncidentFields/incidentfield-StamusFamilyDescription.json

@@ -0,0 +1,30 @@
+{
+    "associatedToAll": false,
+    "associatedTypes": [
+        "Stamus Networks DoC"
+    ],
+    "caseInsensitive": true,
+    "cliName": "stamusfamilydescription",
+    "closeForm": true,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_stamusfamilydescription",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "StamusFamilyDescription",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "shortText",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.9.0"
+}

Packs/Stamus/IncidentFields/incidentfield-StamusFamilyID.json

@@ -0,0 +1,30 @@
+{
+    "associatedToAll": false,
+    "associatedTypes": [
+        "Stamus Networks DoC"
+    ],
+    "caseInsensitive": true,
+    "cliName": "stamusfamilyid",
+    "closeForm": true,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_stamusfamilyid",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "StamusFamilyID",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "shortText",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.9.0"
+}

Packs/Stamus/IncidentFields/incidentfield-StamusFamilyLink.json

@@ -0,0 +1,30 @@
+{
+    "associatedToAll": false,
+    "associatedTypes": [
+        "Stamus Networks DoC"
+    ],
+    "caseInsensitive": true,
+    "cliName": "stamusfamilylink",
+    "closeForm": true,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_stamusfamilylink",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "StamusFamilyLink",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "shortText",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.9.0"
+}

Packs/Stamus/IncidentFields/incidentfield-StamusHostFirstSeen.json

@@ -0,0 +1,30 @@
+{
+    "associatedToAll": false,
+    "associatedTypes": [
+        "Stamus Networks DoC"
+    ],
+    "caseInsensitive": true,
+    "cliName": "stamushostfirstseen",
+    "closeForm": true,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_stamushostfirstseen",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "Stamus Host First Seen",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "date",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.9.0"
+}

Packs/Stamus/IncidentFields/incidentfield-StamusHostLastSeen.json

@@ -0,0 +1,30 @@
+{
+    "associatedToAll": false,
+    "associatedTypes": [
+        "Stamus Networks DoC"
+    ],
+    "caseInsensitive": true,
+    "cliName": "stamushostlastseen",
+    "closeForm": true,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_stamushostlastseen",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "Stamus Host Last Seen",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "date",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.9.0"
+}

Packs/Stamus/IncidentFields/incidentfield-StamusHostRoles.json

@@ -0,0 +1,30 @@
+{
+    "associatedToAll": false,
+    "associatedTypes": [
+        "Stamus Networks DoC"
+    ],
+    "caseInsensitive": true,
+    "cliName": "stamushostroles",
+    "closeForm": true,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_stamushostroles",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "Stamus Host Roles",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "shortText",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.9.0"
+}

Packs/Stamus/IncidentFields/incidentfield-StamusID.json

@@ -0,0 +1,30 @@
+{
+    "associatedToAll": false,
+    "associatedTypes": [
+        "Stamus Networks DoC"
+    ],
+    "caseInsensitive": true,
+    "cliName": "stamusid",
+    "closeForm": true,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_stamusid",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "StamusID",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "shortText",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.9.0"
+}

Packs/Stamus/IncidentFields/incidentfield-StamusKillchain.json

@@ -0,0 +1,30 @@
+{
+    "associatedToAll": false,
+    "associatedTypes": [
+        "Stamus Networks DoC"
+    ],
+    "caseInsensitive": true,
+    "cliName": "stamuskillchain",
+    "closeForm": true,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_stamuskillchain",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "StamusKillchain",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "shortText",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.9.0"
+}

Packs/Stamus/IncidentFields/incidentfield-StamusTarget.json

@@ -0,0 +1,30 @@
+{
+    "associatedToAll": false,
+    "associatedTypes": [
+        "Stamus Networks DoC"
+    ],
+    "caseInsensitive": true,
+    "cliName": "stamustarget",
+    "closeForm": true,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_stamustarget",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "StamusTarget",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "shortText",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.9.0"
+}