Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stamus integration v1.0.0 #26286

Merged
merged 76 commits into from
Sep 4, 2023
Merged

Stamus integration v1.0.0 #26286

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
76 commits
Select commit Hold shift + click to select a range
d7b24e0
packs: add stamus pack to xsoar content
sonicold Jan 31, 2023
203465c
Stamus: remove dummy test
regit Mar 22, 2023
a794b00
Stamus: use StamusIntegration prefix
regit Mar 22, 2023
0374686
Stamus: fix some descriptions
regit Mar 22, 2023
f5a5af6
Stamus: update result to return markdown
regit Mar 24, 2023
99dca2e
Stamus: rename commands
regit Mar 24, 2023
187ccd6
Stamus: update pack metadata
regit Mar 24, 2023
bf89474
Stamus: homogeneize message
regit Mar 24, 2023
c7af961
Stamus: really basic README
regit Mar 24, 2023
97dce0f
Stamus: fix some linters warning
regit Mar 24, 2023
8644fff
Stamus: import playbook and mapper
regit Apr 26, 2023
d9041f2
Stamus: more import
regit Apr 26, 2023
1b5e225
Stamus: add playbook documentation
regit May 3, 2023
bfa9e03
Stamus: more documentation
regit May 3, 2023
e430dd6
Stamus: add generated docs
regit May 3, 2023
b27a744
Stamus: remove template comment
regit May 5, 2023
a36172d
Stamus: use f-string
regit May 5, 2023
31fcd77
Stamus: simply test connection
regit May 5, 2023
26a0efe
Stamus: remove commented code
regit May 5, 2023
7764567
Stamus: docstring on escape function
sonicold May 5, 2023
eec10e7
Stamus: fix to have one context for each command
sonicold May 5, 2023
401fd75
Stamus: refactoring
sonicold May 5, 2023
08bce63
Stamus: remove useless code
sonicold May 5, 2023
e7892ba
Stamus: get default value in results if no results
sonicold May 5, 2023
14be8f1
Stamus: run demisto format on yaml files
regit May 9, 2023
7766da9
Stamus: update README
regit May 9, 2023
d8a7eba
Stamus: fix missing description and format
regit May 9, 2023
67b8cbc
Stamus: fix following validation
regit May 9, 2023
dfe013a
Stamus: add missing playbook image
regit May 9, 2023
948950e
Stamus: remove marketplacev2 support
regit May 9, 2023
94fd1f4
Stamus: fix info extraction in get DoC command
regit May 9, 2023
da28e26
Stamus: use getter function
regit May 16, 2023
c8103ff
Stamus: command should be lower case
regit May 16, 2023
803c319
Stamus: avoid double read of event
regit May 17, 2023
ea3be34
Stamus: little optimization
regit May 17, 2023
b3a605c
Stamus: add docstring
regit May 17, 2023
595bf7e
Stamus: remove not needed files
regit May 17, 2023
eb5c649
Stamus: add basic integration doc
regit May 17, 2023
760af1d
Stamus: fix JSON format
regit May 17, 2023
d013485
Stamus: fix some name in playbook
regit May 17, 2023
76c49e0
Stamus: rename IOC params
regit May 17, 2023
ee4de9a
Stamus: fix demisto sdk validation
sonicold Jul 5, 2023
dbb6491
Stamus: fix params name gotten from conf
sonicold Jul 5, 2023
2e8e30e
Stamus: fix stamus extra data playbook following new naming
sonicold Jul 5, 2023
6422b93
Stamus: fix playbook ID
regit Jul 10, 2023
112e602
Stamus: Add descriptions
pevma Jul 20, 2023
1595028
Stamus: move constants with other constants
sonicold Jul 25, 2023
9113ef8
Stamus: use getter function + fix linter
sonicold Jul 25, 2023
c1ea45a
Stamus: use fstring
sonicold Jul 25, 2023
e388226
Stamus: unit tests impl
sonicold Jul 25, 2023
d20059e
Stamus: remove template doc
regit Jul 26, 2023
8d1c51b
Stamus: add test data to secret-ignore
regit Jul 26, 2023
7cfedfa
Stamus: fix event type
regit Jul 26, 2023
bd3edad
Stamus: update demisto docker image
regit Jul 26, 2023
88bd672
Stamus: fix reference in classifier
regit Jul 26, 2023
4c21929
Stamus: update README.md
regit Jul 26, 2023
4fd9831
Stamus: fix linter error
regit Jul 26, 2023
41b880e
Stamus: fix linter warning
regit Jul 26, 2023
a9e9db8
Stamus: fix a playbook param
regit Aug 2, 2023
04d563a
Stamus: fix key value
regit Aug 2, 2023
ea7e97c
Stamus: set default value for incident
regit Aug 2, 2023
4b1e7ed
Stamus: update from version
regit Aug 2, 2023
4f24607
Stamus: set default incoming mapper
regit Aug 2, 2023
489cfdc
Stamus: improve layout
regit Aug 3, 2023
93c5e0a
Stamus: some more layout work
regit Aug 3, 2023
2968027
Stamus: use already defined fields
regit Aug 17, 2023
fe4c1c2
Stamus: don't extract indicators
regit Aug 24, 2023
0393292
Stamus: display threat info in layout
regit Aug 24, 2023
74d673a
Stamus: don't try to display removed field
regit Aug 24, 2023
e351212
Stamus: add host first seen
regit Aug 18, 2023
9ff14f5
Stamus: add host insight info in incident layout
regit Aug 30, 2023
293788b
Stamus: display major host insight information
regit Aug 30, 2023
34d88f9
Stamus: retry policy and fix a field
regit Aug 30, 2023
3b325c4
Stamus: update to fix validation
regit Aug 30, 2023
1c006a1
Stamus: add description to mapper
regit Aug 30, 2023
60eb556
Stamus: add integration as 'start time' user
regit Aug 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion Packs/CommonTypes/IncidentFields/incidentfield-Start_Time.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@
"Exabeam Incident",
"Microsoft Sentinel Incident",
"Graph Security Alert",
"CrowdStrike Falcon IDP Detection"
"CrowdStrike Falcon IDP Detection",
"Stamus Networks DoC"
],
"breachScript": "",
"caseInsensitive": true,
Expand Down
Empty file added Packs/Stamus/.pack-ignore
View file
Open in desktop
Empty file.
7 changes: 7 additions & 0 deletions Packs/Stamus/.secrets-ignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
10.11.13.101
https://10.136.0.72
10.136.0.72
10.7.5.101
95.142.46.236
https://scs.my.org
217.116.0.227
Binary file added Packs/Stamus/Author_image.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
66 changes: 66 additions & 0 deletions Packs/Stamus/Classifiers/classifier-Stamus_Networks_incoming_mapper.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
{
"description": "Stamus Networks Incoming Mapper",
"feed": false,
"id": "Stamus Networks incoming mapper",
"mapping": {
"Stamus Networks DoC": {
"dontMapEventToLabels": true,
"internalMapping": {
"Threat Family Name": {
"simple": "family"
},
"StamusFamilyDescription": {
"simple": "family_description"
},
"StamusFamilyID": {
"simple": "family_id"
},
"StamusFamilyLink": {
"simple": "family_link"
},
"StamusID": {
"simple": "id"
},
"StamusKillchain": {
"simple": "kill_chain"
},
"StamusTarget": {
"simple": "target"
},
"StamusTargettype": {
"simple": "target_type"
},
"StamusTenant": {
"simple": "tenant"
},
"StamusThreatDescription": {
"simple": "threat_description"
},
"StamusThreatId": {
"simple": "threat_id"
},
"StamusThreatLink": {
"simple": "threat_link"
},
"Start Time": {
"simple": "timestamp"
},
"Threat Name": {
"simple": "threat"
}
}
},
"dbot_classification_incident_type_all": {
"dontMapEventToLabels": false,
"internalMapping": {
"StamusThreat": {
"simple": "threat"
}
}
}
},
"name": "Stamus Networks incoming mapper",
"type": "mapping-incoming",
"version": -1,
"fromVersion": "6.9.0"
}
30 changes: 30 additions & 0 deletions Packs/Stamus/IncidentFields/incidentfield-StamusFamilyDescription.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"associatedToAll": false,
"associatedTypes": [
"Stamus Networks DoC"
],
"caseInsensitive": true,
"cliName": "stamusfamilydescription",
"closeForm": true,
"content": true,
"editForm": true,
"group": 0,
"hidden": false,
"id": "incident_stamusfamilydescription",
"isReadOnly": false,
"locked": false,
"name": "StamusFamilyDescription",
"neverSetAsRequired": false,
"openEnded": false,
"ownerOnly": false,
"required": false,
"sla": 0,
"system": false,
"threshold": 72,
"type": "shortText",
"unmapped": false,
"unsearchable": true,
"useAsKpi": false,
"version": -1,
"fromVersion": "6.9.0"
}
30 changes: 30 additions & 0 deletions Packs/Stamus/IncidentFields/incidentfield-StamusFamilyID.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"associatedToAll": false,
"associatedTypes": [
"Stamus Networks DoC"
],
"caseInsensitive": true,
"cliName": "stamusfamilyid",
"closeForm": true,
"content": true,
"editForm": true,
"group": 0,
"hidden": false,
"id": "incident_stamusfamilyid",
"isReadOnly": false,
"locked": false,
"name": "StamusFamilyID",
"neverSetAsRequired": false,
"openEnded": false,
"ownerOnly": false,
"required": false,
"sla": 0,
"system": false,
"threshold": 72,
"type": "shortText",
"unmapped": false,
"unsearchable": true,
"useAsKpi": false,
"version": -1,
"fromVersion": "6.9.0"
}
30 changes: 30 additions & 0 deletions Packs/Stamus/IncidentFields/incidentfield-StamusFamilyLink.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"associatedToAll": false,
"associatedTypes": [
"Stamus Networks DoC"
],
"caseInsensitive": true,
"cliName": "stamusfamilylink",
"closeForm": true,
"content": true,
"editForm": true,
"group": 0,
"hidden": false,
"id": "incident_stamusfamilylink",
"isReadOnly": false,
"locked": false,
"name": "StamusFamilyLink",
"neverSetAsRequired": false,
"openEnded": false,
"ownerOnly": false,
"required": false,
"sla": 0,
"system": false,
"threshold": 72,
"type": "shortText",
"unmapped": false,
"unsearchable": true,
"useAsKpi": false,
"version": -1,
"fromVersion": "6.9.0"
}
30 changes: 30 additions & 0 deletions Packs/Stamus/IncidentFields/incidentfield-StamusHostFirstSeen.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"associatedToAll": false,
"associatedTypes": [
"Stamus Networks DoC"
],
"caseInsensitive": true,
"cliName": "stamushostfirstseen",
"closeForm": true,
"content": true,
"editForm": true,
"group": 0,
"hidden": false,
"id": "incident_stamushostfirstseen",
"isReadOnly": false,
"locked": false,
"name": "Stamus Host First Seen",
"neverSetAsRequired": false,
"openEnded": false,
"ownerOnly": false,
"required": false,
"sla": 0,
"system": false,
"threshold": 72,
"type": "date",
"unmapped": false,
"unsearchable": true,
"useAsKpi": false,
"version": -1,
"fromVersion": "6.9.0"
}
30 changes: 30 additions & 0 deletions Packs/Stamus/IncidentFields/incidentfield-StamusHostLastSeen.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"associatedToAll": false,
"associatedTypes": [
"Stamus Networks DoC"
],
"caseInsensitive": true,
"cliName": "stamushostlastseen",
"closeForm": true,
"content": true,
"editForm": true,
"group": 0,
"hidden": false,
"id": "incident_stamushostlastseen",
"isReadOnly": false,
"locked": false,
"name": "Stamus Host Last Seen",
"neverSetAsRequired": false,
"openEnded": false,
"ownerOnly": false,
"required": false,
"sla": 0,
"system": false,
"threshold": 72,
"type": "date",
"unmapped": false,
"unsearchable": true,
"useAsKpi": false,
"version": -1,
"fromVersion": "6.9.0"
}
30 changes: 30 additions & 0 deletions Packs/Stamus/IncidentFields/incidentfield-StamusHostRoles.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"associatedToAll": false,
"associatedTypes": [
"Stamus Networks DoC"
],
"caseInsensitive": true,
"cliName": "stamushostroles",
"closeForm": true,
"content": true,
"editForm": true,
"group": 0,
"hidden": false,
"id": "incident_stamushostroles",
"isReadOnly": false,
"locked": false,
"name": "Stamus Host Roles",
"neverSetAsRequired": false,
"openEnded": false,
"ownerOnly": false,
"required": false,
"sla": 0,
"system": false,
"threshold": 72,
"type": "shortText",
"unmapped": false,
"unsearchable": true,
"useAsKpi": false,
"version": -1,
"fromVersion": "6.9.0"
}
30 changes: 30 additions & 0 deletions Packs/Stamus/IncidentFields/incidentfield-StamusID.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"associatedToAll": false,
"associatedTypes": [
"Stamus Networks DoC"
],
"caseInsensitive": true,
"cliName": "stamusid",
"closeForm": true,
"content": true,
"editForm": true,
"group": 0,
"hidden": false,
"id": "incident_stamusid",
"isReadOnly": false,
"locked": false,
"name": "StamusID",
"neverSetAsRequired": false,
"openEnded": false,
"ownerOnly": false,
"required": false,
"sla": 0,
"system": false,
"threshold": 72,
"type": "shortText",
"unmapped": false,
"unsearchable": true,
"useAsKpi": false,
"version": -1,
"fromVersion": "6.9.0"
}
30 changes: 30 additions & 0 deletions Packs/Stamus/IncidentFields/incidentfield-StamusKillchain.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"associatedToAll": false,
"associatedTypes": [
"Stamus Networks DoC"
],
"caseInsensitive": true,
"cliName": "stamuskillchain",
"closeForm": true,
"content": true,
"editForm": true,
"group": 0,
"hidden": false,
"id": "incident_stamuskillchain",
"isReadOnly": false,
"locked": false,
"name": "StamusKillchain",
"neverSetAsRequired": false,
"openEnded": false,
"ownerOnly": false,
"required": false,
"sla": 0,
"system": false,
"threshold": 72,
"type": "shortText",
"unmapped": false,
"unsearchable": true,
"useAsKpi": false,
"version": -1,
"fromVersion": "6.9.0"
}
30 changes: 30 additions & 0 deletions Packs/Stamus/IncidentFields/incidentfield-StamusTarget.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"associatedToAll": false,
"associatedTypes": [
"Stamus Networks DoC"
],
"caseInsensitive": true,
"cliName": "stamustarget",
"closeForm": true,
"content": true,
"editForm": true,
"group": 0,
"hidden": false,
"id": "incident_stamustarget",
"isReadOnly": false,
"locked": false,
"name": "StamusTarget",
"neverSetAsRequired": false,
"openEnded": false,
"ownerOnly": false,
"required": false,
"sla": 0,
"system": false,
"threshold": 72,
"type": "shortText",
"unmapped": false,
"unsearchable": true,
"useAsKpi": false,
"version": -1,
"fromVersion": "6.9.0"
}
Loading