From 8236b999a7df53d4fa09c85dd13e562250394f91 Mon Sep 17 00:00:00 2001 From: Meir Wahnon Date: Mon, 1 Aug 2016 19:49:53 +0300 Subject: [PATCH 1/5] elaborate scripts.json part elaborate scripts.json part --- CONTRIBUTING.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ef3096dedc3a..b893a49bb7ad 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -20,7 +20,6 @@ Here is a description of scripts.json fields and structure: "name": "RemoteExec", "script": "RemoteExec.js", "type": "javascript", - "visualScript": "", "tags": ["endpoint"], "arguments": [ { @@ -43,5 +42,19 @@ Here is a description of scripts.json fields and structure: }, ``` +* name: script name +* script: the script file name +* type: javascript or python +* tags: array of tags of the script +* arguments: array of script arguments + * name: argument name + * description: argument description + * required: does this argument must be fulfilled in order to run script, or is it optional + * default: if you can provide the argument value , without giving the argument key(name) in command +* comment: add comment +* system: +* scriptTarget: 0 for server script, 1 for agent script (to be run on endpoint) +* dependsOn: depdencies on other scripts/integrations + Enjoy and feel free to reach out to us on the DFIRCommunity Slack, or at using this repo issues. From 1c1785180ca13d83eb545f01c250ce31fd52b385 Mon Sep 17 00:00:00 2001 From: liorkol Date: Mon, 1 Aug 2016 13:27:20 -0400 Subject: [PATCH 2/5] Expanded on scripts.json --- CONTRIBUTING.md | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b893a49bb7ad..f4b5c64df35b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,9 +2,9 @@ ## Contributing Playbooks -Our playbooks are described in an open format which we released called [COPS](https://github.com/demisto/COPS) to drive collaboration and interoperability within the InfoSec community. +Our playbooks are described in an open format which we released called [COPS](https://github.com/demisto/COPS) to drive collaboration and interoperability within the InfoSec community. -In order to add playbooks you need to save them in the open playbook format(yaml file) and create a Pull Request. +In order to add playbooks you need to save them in the open playbook format(yaml file) and create a Pull Request. You can also edit them visually inside the Demisto Platform and export to a yaml file. @@ -12,7 +12,7 @@ Also you can create a PR to modify an existing playbook. ## Contributing Scripts -In addition to the actual scripts in a Py or JS file, you need to add a small section in the scripts.json file, with the script's display name, description, arguments and other metadata. +In addition to the actual scripts in a Py or JS file, you need to add a small section in the scripts.json file, with the script's display name, description, arguments and other metadata. Here is a description of scripts.json fields and structure: ``` json @@ -42,19 +42,18 @@ Here is a description of scripts.json fields and structure: }, ``` -* name: script name -* script: the script file name +* name: Name for the script, that will be displayed in the Automation page +* script: The actual file name * type: javascript or python * tags: array of tags of the script * arguments: array of script arguments * name: argument name - * description: argument description - * required: does this argument must be fulfilled in order to run script, or is it optional - * default: if you can provide the argument value , without giving the argument key(name) in command -* comment: add comment -* system: + * description: argument description - appears in automation page and in the CLI autocomplete + * required: Whether the user must provide this argument to run the script - yes for mandatory, no for optional + * default: (Only one "yes" per script) Argument can be provided without its name - e.g. !whois google.com instead of !whois domain=google.com +* comment: A brief description of the script's purpose and any other important things to know - appears in the Automation page and in the CLI autocomplete. +* system: "yes" if the script is provided with the platform and is locked and unmodifiable - set to "no" for scripts user creates from within the product. * scriptTarget: 0 for server script, 1 for agent script (to be run on endpoint) * dependsOn: depdencies on other scripts/integrations Enjoy and feel free to reach out to us on the DFIRCommunity Slack, or at using this repo issues. - From f6d273b2b3fe8713fd520d73b650ae2f425485ff Mon Sep 17 00:00:00 2001 From: liorkol Date: Mon, 1 Aug 2016 13:40:54 -0400 Subject: [PATCH 3/5] Final touches --- CONTRIBUTING.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f4b5c64df35b..7a05be5a8a88 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -43,7 +43,7 @@ Here is a description of scripts.json fields and structure: ``` * name: Name for the script, that will be displayed in the Automation page -* script: The actual file name +* script: The name of the file containing the script itself * type: javascript or python * tags: array of tags of the script * arguments: array of script arguments @@ -54,6 +54,7 @@ Here is a description of scripts.json fields and structure: * comment: A brief description of the script's purpose and any other important things to know - appears in the Automation page and in the CLI autocomplete. * system: "yes" if the script is provided with the platform and is locked and unmodifiable - set to "no" for scripts user creates from within the product. * scriptTarget: 0 for server script, 1 for agent script (to be run on endpoint) -* dependsOn: depdencies on other scripts/integrations +* dependsOn: The commands required for the script to be used - if these commands are unavailable (e.g. because no integration that implements them has been configured) then the script will not appear in the CLI's autocomplete (it can still be viewed and edited on the Automation page). -Enjoy and feel free to reach out to us on the DFIRCommunity Slack, or at using this repo issues. +If you have a suggestion or an opportunity for improvement that you've identified, please open an issue in this repo. +Enjoy and feel free to reach out to us on the DFIR Community Slack channel, or at info@demisto.com From ecda036762441dba1f60e3f38fadd1e0a18a27f9 Mon Sep 17 00:00:00 2001 From: liorkol Date: Mon, 1 Aug 2016 13:44:48 -0400 Subject: [PATCH 4/5] Phrasing. --- CONTRIBUTING.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7a05be5a8a88..b126d9857356 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,13 +2,13 @@ ## Contributing Playbooks -Our playbooks are described in an open format which we released called [COPS](https://github.com/demisto/COPS) to drive collaboration and interoperability within the InfoSec community. +Our playbooks are described in an open format we released called [COPS](https://github.com/demisto/COPS) to drive collaboration and interoperability within the InfoSec community. In order to add playbooks you need to save them in the open playbook format(yaml file) and create a Pull Request. -You can also edit them visually inside the Demisto Platform and export to a yaml file. +You can also edit them visually inside the Demisto Platform and then export to a yaml file. -Also you can create a PR to modify an existing playbook. +To add a new playbook, or modify and enhance an existing playbook - just open a Pull Request in this repo. ## Contributing Scripts From 9fd86531f6ecb421d9178712b65dce8b5a5d5143 Mon Sep 17 00:00:00 2001 From: liorkol Date: Mon, 1 Aug 2016 13:45:53 -0400 Subject: [PATCH 5/5] Phrasing --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b126d9857356..4c1d13914482 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -4,7 +4,7 @@ Our playbooks are described in an open format we released called [COPS](https://github.com/demisto/COPS) to drive collaboration and interoperability within the InfoSec community. -In order to add playbooks you need to save them in the open playbook format(yaml file) and create a Pull Request. +In order to contribute playbooks you need to save them in the COPS format (as a yaml file) and create a Pull Request. You can also edit them visually inside the Demisto Platform and then export to a yaml file.