forked from demisto/content
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Enhancement/ciac 9358/ibm resilient (demisto#35286)
* integration config parameters update * configuration update * commands * commands * upload-incident-attachment command * upload-incident-attachment command * upload-incident-attachment command * list task instructions command * List task instructions command * delete task member command * delete tasks command * list tasks command * pagination fix * pagination fixes * date_to_timestamp changes * Incoming mirroring * Incoming mirroring * layout * layout & incoming mapper fixes * prettify incident notes fix * unittests * test_test_module * test test module * unittests * unit tests * Update readme * classifiers * fix incoming mapper * Incoming mirror fix * outgoing mapper * layout update * Outgoing mirror * ruff * Mirroring fixes * Mirroring fixes * Integration logo * Integration logo * Documentation * search-incidents fixes * Release notes template * unittests * list-scripts docs and fixes * unittest * list-scripts unittest * revert redundant changes * execute remote scripts * revert redundant changes * version bump * fixes * content format fix * layout functionallity * add notes from layout * add notes from layout * Bump pack from version CommonScripts to 1.15.58. * Tasks layout * notes mirroring completed * tasks mirroring completed * tasks & notes mirroring completed * attachments mirroring * mirroring fixes * notes mirroring finishes * Bump pack from version CommonScripts to 1.15.59. * tasks mirroring finishes * Bump pack from version CommonScripts to 1.15.60. * Working layouts * Format layout * update readme * layout fix * fetch incidents fix * fetch incidents fix * layout scripts update * remove todo * Layout updates * Fetch fixes * unifying tags * Removing todos * Bump pack from version CommonScripts to 1.15.61. * logging and config fixes * command exapmles and unit tests * unit tests * Bump pack from version CommonScripts to 1.15.62. * increase unit tests coverage * unit tests coverage * unit tests coverage * update release notes * unit tests coverage * Scripts test coverage * Scripts test coverage * convertartifactstotable_test fixes * pre commit fixes * incident fields fixes * incident fields fixes * pre-commit fixes * pre-commit fixes * pre-commit fixes * pre-commit fixes * pre-commit fixes * incident fields version fix * incident fields fromversion fix * precommit fixes * TPB * pre commit fixes * pre commit fixes * pre commit fixes * format * update conf.json * logo resize * hide credentials * default tags * default tags * resolve conflicts * fix tags * ruff * ruff * format .yml * update readme * layout fixes * formats * update readme * update incident fields * update incident fields * update incident fields * pre-commit * format * update readme * updated RN * updated RN * fix associated types * format incident type * update rn * mapper format * bc * formats * IN116 validation * TPB * TPB * TPB update * TPB update * TPB update * Update Packs/IBMResilientSystems/Scripts/IbmUpdateTask/IbmUpdateTask.yml Co-authored-by: ShirleyDenkberg <[email protected]> * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * Apply code review suggestions. * Apply code review suggestions. * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <[email protected]> --------- Co-authored-by: Content Bot <[email protected]> Co-authored-by: ShirleyDenkberg <[email protected]>
- Loading branch information
3 people
authored
Sep 23, 2024
1 parent
a980eff
commit 66735e8
Showing
86 changed files
with
7,907 additions
and
880 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
|
|
||
| #### Incident Fields | ||
|
|
||
| ##### Breach Confirmation | ||
|
|
||
| Added support for `IBM QRadar SOAR Incident` in the `Breach Confirmation` field. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
|
|
||
| #### Incident Fields | ||
|
|
||
| ##### Last Modified On | ||
|
|
||
| Made available to `IBM QRadar SOAR Incident`. | ||
|
|
||
| ##### Zip Code | ||
|
|
||
| Made available to `IBM QRadar SOAR Incident`. | ||
|
|
||
| ##### City | ||
|
|
||
| Made available to `IBM QRadar SOAR Incident`. | ||
|
|
||
| ##### Street Address | ||
|
|
||
| Made available to `IBM QRadar SOAR Incident`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
15 changes: 15 additions & 0 deletions
15
Packs/IBMResilientSystems/Classifiers/classifier-IBM_QRadar_Soar-_Classifier.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| { | ||
| "defaultIncidentType": "IBM QRadar SOAR Incident", | ||
| "description": "", | ||
| "feed": false, | ||
| "id": "IBM QRadar SOAR - Classifier", | ||
| "keyTypeMap": {}, | ||
| "name": "IBM QRadar SOAR - Classifier", | ||
| "propagationLabels": [ | ||
| "all" | ||
| ], | ||
| "transformer": {}, | ||
| "type": "classification", | ||
| "version": -1, | ||
| "fromVersion": "6.10.0" | ||
| } |
226 changes: 226 additions & 0 deletions
226
Packs/IBMResilientSystems/Classifiers/classifier-mapper-incomming-IBM_QRadar_SOAR.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,226 @@ | ||
| { | ||
| "description": "", | ||
| "feed": false, | ||
| "id": "IBM QRadar SOAR Incoming Mapper", | ||
| "mapping": { | ||
| "IBM QRadar SOAR Incident": { | ||
| "dontMapEventToLabels": true, | ||
| "internalMapping": { | ||
| "Alert Type ID": { | ||
| "simple": "incident_type_ids" | ||
| }, | ||
| "Breach Confirmation": { | ||
| "simple": "confirmed" | ||
| }, | ||
| "IBM Security QRadar SOAR Phase": { | ||
| "simple": "phase" | ||
| }, | ||
| "City": { | ||
| "simple": "city" | ||
| }, | ||
| "Department": { | ||
| "simple": "exposure_dept_id" | ||
| }, | ||
| "Description": { | ||
| "simple": "description" | ||
| }, | ||
| "Display Name": { | ||
| "simple": "creator.display_name" | ||
| }, | ||
| "Email": { | ||
| "simple": "creator.email" | ||
| }, | ||
| "IBM Security QRadar SOAR Discovered Date": { | ||
| "simple": "discovered_date" | ||
| }, | ||
| "IBM Security QRadar SOAR Exposure Type": { | ||
| "complex": { | ||
| "filters": [], | ||
| "root": "exposure_type_id", | ||
| "transformers": [ | ||
| { | ||
| "args": { | ||
| "input_values": { | ||
| "isContext": false, | ||
| "value": { | ||
| "simple": "1,2,3" | ||
| } | ||
| }, | ||
| "mapped_values": { | ||
| "isContext": false, | ||
| "value": { | ||
| "simple": "Unknown,Individual,External Party" | ||
| } | ||
| } | ||
| }, | ||
| "operator": "MapValuesTransformer" | ||
| } | ||
| ] | ||
| } | ||
| }, | ||
| "IBM Security QRadar SOAR NIST Attack Vectors": { | ||
| "complex": { | ||
| "filters": [], | ||
| "root": "nist_attack_vectors", | ||
| "transformers": [ | ||
| { | ||
| "args": { | ||
| "input_values": { | ||
| "isContext": false, | ||
| "value": { | ||
| "simple": "1,2,3,4,5,6,7,8" | ||
| } | ||
| }, | ||
| "mapped_values": { | ||
| "isContext": false, | ||
| "value": { | ||
| "simple": "External/RemovableMedia, Attrition, Web, Email, Impersonation, ImproperUsage, Loss/TheftOfEquipment, Other" | ||
| } | ||
| } | ||
| }, | ||
| "operator": "MapValuesTransformer" | ||
| } | ||
| ] | ||
| } | ||
| }, | ||
| "IBM Security QRadar SOAR Negative PR": { | ||
| "simple": "negative_pr_likely" | ||
| }, | ||
| "IBM Security QRadar SOAR Reporter Name": { | ||
| "simple": "reporter" | ||
| }, | ||
| "IBM Security QRadar SOAR Resolution": { | ||
| "complex": { | ||
| "filters": [], | ||
| "root": "resolution_id", | ||
| "transformers": [ | ||
| { | ||
| "args": { | ||
| "input_values": { | ||
| "isContext": false, | ||
| "value": { | ||
| "simple": "7,8,9,10" | ||
| } | ||
| }, | ||
| "mapped_values": { | ||
| "isContext": false, | ||
| "value": { | ||
| "simple": "Unresolved, Duplicate, Not an Issue, Resolved" | ||
| } | ||
| } | ||
| }, | ||
| "operator": "MapValuesTransformer" | ||
| } | ||
| ] | ||
| } | ||
| }, | ||
| "IBM Security QRadar SOAR Resolution Summary": { | ||
| "complex": { | ||
| "filters": [], | ||
| "root": "resolution_summary", | ||
| "transformers": [ | ||
| { | ||
| "args": { | ||
| "action_dt": { | ||
| "isContext": false | ||
| }, | ||
| "ignore_case": { | ||
| "isContext": false | ||
| }, | ||
| "multi_line": { | ||
| "isContext": false | ||
| }, | ||
| "output_format": { | ||
| "isContext": false | ||
| }, | ||
| "period_matches_newline": { | ||
| "isContext": false | ||
| }, | ||
| "regex": { | ||
| "isContext": false, | ||
| "value": { | ||
| "simple": "<.*?>" | ||
| } | ||
| } | ||
| }, | ||
| "operator": "RegexReplace" | ||
| } | ||
| ] | ||
| } | ||
| }, | ||
| "IBM Security QRadar SOAR Name": { | ||
| "simple": "name" | ||
| }, | ||
| "Last Modified On": { | ||
| "simple": "inc_last_modified_date" | ||
| }, | ||
| "Mobile Phone": { | ||
| "simple": "creator.cell" | ||
| }, | ||
| "Phone Number": { | ||
| "simple": "artifacts.[0].creator.phone" | ||
| }, | ||
| "Street Address": { | ||
| "simple": "addr" | ||
| }, | ||
| "Zip Code": { | ||
| "simple": "zip" | ||
| }, | ||
| "severity": { | ||
| "complex": { | ||
| "root": "severity_code", | ||
| "transformers": [ | ||
| { | ||
| "args": { | ||
| "input_values": { | ||
| "isContext": false, | ||
| "value": { | ||
| "complex": null, | ||
| "simple": "4,5,6" | ||
| } | ||
| }, | ||
| "mapped_values": { | ||
| "isContext": false, | ||
| "value": { | ||
| "complex": null, | ||
| "simple": "1,2,3" | ||
| } | ||
| } | ||
| }, | ||
| "operator": "MapValuesTransformer" | ||
| } | ||
| ] | ||
| } | ||
| }, | ||
| "IBM Security QRadar SOAR Notes": { | ||
| "simple": "notes" | ||
| }, | ||
| "IBM Security QRadar SOAR Tasks": { | ||
| "simple": "tasks" | ||
| }, | ||
| "IBM Security QRadar SOAR Attachments": { | ||
| "simple": "attachments" | ||
| }, | ||
| "IBM Security QRadar SOAR Artifacts": { | ||
| "simple": "artifacts" | ||
| }, | ||
| "dbotMirrorDirection": { | ||
| "simple": "mirror_direction" | ||
| }, | ||
| "dbotMirrorId": { | ||
| "simple": "id" | ||
| }, | ||
| "dbotMirrorInstance": { | ||
| "simple": "mirror_instance" | ||
| }, | ||
| "dbotMirrorTags": { | ||
| "simple": "mirror_tags" | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "name": "IBM QRadar SOAR Incoming Mapper", | ||
| "type": "mapping-incoming", | ||
| "version": -1, | ||
| "fromVersion": "6.10.0" | ||
| } |
Oops, something went wrong.