From 41d9bad917632029af0e86ac4915160d3b1220d1 Mon Sep 17 00:00:00 2001 From: TOUFIKI Zakarya Date: Wed, 10 Jul 2024 09:17:15 +0200 Subject: [PATCH] Add incident fields --- ...ncident_sekoia_xdr_alertdetails_field.json | 65 +++++++++++++ ...incident_sekoia_xdr_alertstatus_field.json | 65 +++++++++++++ .../incident_sekoia_xdr_ctiurl_field.json | 65 +++++++++++++ .../incident_sekoia_xdr_firstseen_field.json | 65 +++++++++++++ .../incident_sekoia_xdr_killchain_field.json | 96 +++++++++++++++++++ .../incident_sekoia_xdr_lastsseen_field.json | 65 +++++++++++++ 6 files changed, 421 insertions(+) create mode 100644 Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_alertdetails_field.json create mode 100644 Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_alertstatus_field.json create mode 100644 Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_ctiurl_field.json create mode 100644 Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_firstseen_field.json create mode 100644 Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_killchain_field.json create mode 100644 Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_lastsseen_field.json diff --git a/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_alertdetails_field.json b/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_alertdetails_field.json new file mode 100644 index 000000000000..abb43d1444d1 --- /dev/null +++ b/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_alertdetails_field.json @@ -0,0 +1,65 @@ +{ + "incidentFields": [ + { + "id": "incident_sekoiaalertdetails", + "version": 1, + "cacheVersn": 0, + "modified": "2024-07-02T13:34:47.794510655Z", + "created": "2024-07-02T13:34:47.791018285Z", + "sizeInBytes": 0, + "packID": "", + "packName": "", + "itemVersion": "", + "fromServerVersion": "", + "toServerVersion": "", + "definitionId": "", + "vcShouldIgnore": false, + "vcShouldKeepItemLegacyProdMachine": false, + "commitMessage": "", + "shouldCommit": false, + "name": "Sekoia Alert Details", + "prevName": "Sekoia Alert Details", + "ownerOnly": false, + "placeholder": "", + "template": "", + "description": "", + "cliName": "sekoiaalertdetails", + "type": "markdown", + "orgType": "markdown", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "runScriptAfterUpdate": false, + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": [], + "autoCompleteTags": null, + "validationRegex": "", + "x2_fields": "", + "useAsKpi": false, + "locked": false, + "system": false, + "content": false, + "group": 0, + "mergeStrategy": "", + "hidden": false, + "openEnded": false, + "associatedTypes": [], + "systemAssociatedTypes": null, + "associatedToAll": true, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "columns": null, + "defaultRows": null, + "sla": 0, + "threshold": 72, + "breachScript": "", + "validatedError": "", + "aliases": null, + "aliasTo": "" + } + ] +} \ No newline at end of file diff --git a/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_alertstatus_field.json b/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_alertstatus_field.json new file mode 100644 index 000000000000..cb7645b41a9f --- /dev/null +++ b/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_alertstatus_field.json @@ -0,0 +1,65 @@ +{ + "incidentFields": [ + { + "id": "incident_sekoiaalertstatus", + "version": 1, + "cacheVersn": 0, + "modified": "2024-07-02T13:34:47.866877854Z", + "created": "2024-07-02T13:34:47.863529049Z", + "sizeInBytes": 0, + "packID": "", + "packName": "", + "itemVersion": "", + "fromServerVersion": "", + "toServerVersion": "", + "definitionId": "", + "vcShouldIgnore": false, + "vcShouldKeepItemLegacyProdMachine": false, + "commitMessage": "", + "shouldCommit": false, + "name": "Sekoia Alert Status", + "prevName": "Sekoia Alert Status", + "ownerOnly": false, + "placeholder": "", + "template": "", + "description": "", + "cliName": "sekoiaalertstatus", + "type": "shortText", + "orgType": "singleSelect", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "runScriptAfterUpdate": false, + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": [], + "autoCompleteTags": null, + "validationRegex": "", + "x2_fields": "", + "useAsKpi": false, + "locked": false, + "system": false, + "content": false, + "group": 0, + "mergeStrategy": "", + "hidden": false, + "openEnded": false, + "associatedTypes": [], + "systemAssociatedTypes": null, + "associatedToAll": true, + "unmapped": false, + "unsearchable": false, + "caseInsensitive": true, + "columns": null, + "defaultRows": null, + "sla": 0, + "threshold": 72, + "breachScript": "", + "validatedError": "", + "aliases": null, + "aliasTo": "" + } + ] +} \ No newline at end of file diff --git a/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_ctiurl_field.json b/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_ctiurl_field.json new file mode 100644 index 000000000000..0bfa06eba880 --- /dev/null +++ b/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_ctiurl_field.json @@ -0,0 +1,65 @@ +{ + "incidentFields": [ + { + "id": "incident_sekoiactiurl", + "version": 1, + "cacheVersn": 0, + "modified": "2024-07-09T08:31:43.252403414Z", + "created": "0001-01-01T00:00:00Z", + "sizeInBytes": 0, + "packID": "", + "packName": "", + "itemVersion": "", + "fromServerVersion": "", + "toServerVersion": "", + "definitionId": "", + "vcShouldIgnore": false, + "vcShouldKeepItemLegacyProdMachine": false, + "commitMessage": "", + "shouldCommit": false, + "name": "Sekoia CTI URL", + "prevName": "Sekoia CTI URL", + "ownerOnly": false, + "placeholder": "", + "template": "", + "description": "", + "cliName": "sekoiactiurl", + "type": "url", + "orgType": "url", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "runScriptAfterUpdate": false, + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "autoCompleteTags": null, + "validationRegex": "", + "x2_fields": "", + "useAsKpi": false, + "locked": false, + "system": false, + "content": false, + "group": 0, + "mergeStrategy": "", + "hidden": false, + "openEnded": false, + "associatedTypes": null, + "systemAssociatedTypes": null, + "associatedToAll": true, + "unmapped": false, + "unsearchable": false, + "caseInsensitive": true, + "columns": null, + "defaultRows": null, + "sla": 0, + "threshold": 72, + "breachScript": "", + "validatedError": "", + "aliases": null, + "aliasTo": "" + } + ] +} \ No newline at end of file diff --git a/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_firstseen_field.json b/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_firstseen_field.json new file mode 100644 index 000000000000..77ed1489e84a --- /dev/null +++ b/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_firstseen_field.json @@ -0,0 +1,65 @@ +{ + "incidentFields": [ + { + "id": "incident_sekoiafirstseen", + "version": 1, + "cacheVersn": 0, + "modified": "2024-07-02T13:34:47.978554181Z", + "created": "2024-07-02T13:34:47.975167972Z", + "sizeInBytes": 0, + "packID": "", + "packName": "", + "itemVersion": "", + "fromServerVersion": "", + "toServerVersion": "", + "definitionId": "", + "vcShouldIgnore": false, + "vcShouldKeepItemLegacyProdMachine": false, + "commitMessage": "", + "shouldCommit": false, + "name": "Sekoia First Seen", + "prevName": "Sekoia First Seen", + "ownerOnly": false, + "placeholder": "", + "template": "", + "description": "", + "cliName": "sekoiafirstseen", + "type": "shortText", + "orgType": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "runScriptAfterUpdate": false, + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "autoCompleteTags": null, + "validationRegex": "", + "x2_fields": "", + "useAsKpi": false, + "locked": false, + "system": false, + "content": false, + "group": 0, + "mergeStrategy": "", + "hidden": false, + "openEnded": false, + "associatedTypes": null, + "systemAssociatedTypes": null, + "associatedToAll": true, + "unmapped": false, + "unsearchable": false, + "caseInsensitive": true, + "columns": null, + "defaultRows": null, + "sla": 0, + "threshold": 72, + "breachScript": "", + "validatedError": "", + "aliases": null, + "aliasTo": "" + } + ] +} \ No newline at end of file diff --git a/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_killchain_field.json b/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_killchain_field.json new file mode 100644 index 000000000000..16f8a07bdbc6 --- /dev/null +++ b/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_killchain_field.json @@ -0,0 +1,96 @@ +{ + "incidentFields": [ + { + "id": "incident_sekoiakillchain", + "version": 1, + "cacheVersn": 0, + "sequenceNumber": 9963502, + "primaryTerm": 1, + "modified": "2024-07-02T13:34:48.058774798Z", + "created": "2024-07-02T13:34:48.055405793Z", + "sizeInBytes": 0, + "packID": "", + "packName": "", + "itemVersion": "", + "fromServerVersion": "", + "toServerVersion": "", + "definitionId": "", + "vcShouldIgnore": false, + "vcShouldKeepItemLegacyProdMachine": false, + "commitMessage": "", + "shouldCommit": false, + "name": "Sekoia Kill Chain", + "prevName": "Sekoia Kill Chain", + "ownerOnly": false, + "placeholder": "", + "template": "", + "description": "", + "cliName": "sekoiakillchain", + "type": "grid", + "orgType": "grid", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "runScriptAfterUpdate": false, + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": true, + "selectValues": [], + "autoCompleteTags": null, + "validationRegex": "", + "x2_fields": "", + "useAsKpi": false, + "locked": false, + "system": false, + "content": false, + "group": 0, + "mergeStrategy": "", + "hidden": false, + "openEnded": false, + "associatedTypes": [], + "systemAssociatedTypes": null, + "associatedToAll": true, + "unmapped": false, + "unsearchable": false, + "caseInsensitive": true, + "columns": [ + { + "key": "name", + "displayName": "Name", + "type": "shortText", + "orgType": "shortText", + "required": false, + "script": "", + "width": 150, + "isDefault": true, + "fieldCalcScript": "", + "isReadOnly": false, + "selectValues": null + }, + { + "key": "description", + "displayName": "Description", + "type": "shortText", + "orgType": "shortText", + "required": false, + "script": "", + "width": 150, + "isDefault": true, + "fieldCalcScript": "", + "isReadOnly": false, + "selectValues": null + } + ], + "defaultRows": [ + {} + ], + "sla": 0, + "threshold": 72, + "breachScript": "", + "validatedError": "", + "aliases": null, + "aliasTo": "" + } + ] +} \ No newline at end of file diff --git a/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_lastsseen_field.json b/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_lastsseen_field.json new file mode 100644 index 000000000000..99e09689a9b3 --- /dev/null +++ b/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_lastsseen_field.json @@ -0,0 +1,65 @@ +{ + "incidentFields": [ + { + "id": "incident_sekoialastseen", + "version": 1, + "cacheVersn": 0, + "modified": "2024-07-02T13:34:48.098958091Z", + "created": "2024-07-02T13:34:48.095662621Z", + "sizeInBytes": 0, + "packID": "", + "packName": "", + "itemVersion": "", + "fromServerVersion": "", + "toServerVersion": "", + "definitionId": "", + "vcShouldIgnore": false, + "vcShouldKeepItemLegacyProdMachine": false, + "commitMessage": "", + "shouldCommit": false, + "name": "Sekoia Last Seen", + "prevName": "Sekoia Last Seen", + "ownerOnly": false, + "placeholder": "", + "template": "", + "description": "", + "cliName": "sekoialastseen", + "type": "shortText", + "orgType": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "runScriptAfterUpdate": false, + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "autoCompleteTags": null, + "validationRegex": "", + "x2_fields": "", + "useAsKpi": false, + "locked": false, + "system": false, + "content": false, + "group": 0, + "mergeStrategy": "", + "hidden": false, + "openEnded": false, + "associatedTypes": null, + "systemAssociatedTypes": null, + "associatedToAll": true, + "unmapped": false, + "unsearchable": false, + "caseInsensitive": true, + "columns": null, + "defaultRows": null, + "sla": 0, + "threshold": 72, + "breachScript": "", + "validatedError": "", + "aliases": null, + "aliasTo": "" + } + ] +} \ No newline at end of file