Ctf For MP (demisto#26499)

* Fixed validations * Updated 1 of the tasks. * Updated 1 of the tasks. * Added default mapper and classifier * Fixed review comments * fixed review comments * fixed review comments * fixed conflicts * Added additional hard input * Added a review comment * Added a review comment * Added more incidents * Added more incidents to the flow * Fixed issue with value for brute force RDP * Changed timeRange for additional alerts * update threshold * Fixed answer for CTF1 * Fixed answers and hints for CTF1 * Fixed answers and hints for CTF2 * Added gif - let's do this * fixed issues + added some more comments * fixed issues * Add additional items * Dixed review comments * False was changed to 0 * Added feedback from users * Fixed issues with the CTF3 - Changed the client in the command to be overwritten - Added missing mapper items * Fixed layout issue * Removed Logs questions section * Updated some items per feedbacks * Updated some items per feedbacks * Updated some items per feedbacks * Updated some items per feedbacks * Fixed typo issue * Fixed scripts * Added function to support multiple incidents * fixed conflicts * fixed fetch issue * Added delete context task * Added delete context task * Added gif * Fixed bugs / other stuff * fixed review comments * fixed review comments * fixed other issues * fixed other issues * fixed other issues * fixed other issues * Fixed typos + missing items * fixed conflicts * Updated the file name * Pushed additional possible answers * Added validation for the file retrival command * Fixed ctf3 issues * Fixed ctf3 issues * fixed conflicts * Updated gif in the welcome message * removed dedup from ctf3 * fixed fetch to 201 * bypass for the phishing layout - to display the email body as an image * fixed conflicts * Fixed typo on error message * CTF * Updated content to support custom XDR integration * Restore Cortex XDR content from Master * Format * Removed un-required commands + added default mapper and classifier * Fixed PlaybookID key * Fixed the Get-Alerts-Command * Fixed UserEngagementThreshold * Fixed an issue with the user engament input * Fixed validation issues * Removed Q8 from Ctf 2 about EDL Added the docs links to each CTF ( Lab Guid + walkthrough cheatsheet) * remove student from the incident's name * Added indicators extraction * Added indicators extraction * Added thirteen * Added mitre Tactic name so the investigation panel will be displayed * removed all the guides * removed un required hashes * removed un required hashes * Added missing question * Removed additional PB item * Fixed review comments * Fixed review comments * Fixed review comments * added gif * added gif * Script improvement * Updated Gifs in Scripts and PBs to new ones * Updated PB descriptions * Updated Images * Updated Pack MetaData * Fixed all the issues added preparation playbook Added min server version for the packs * Moved inc field * Removed incident for ctf3 * Format * Format * Fixed issue with prepare ctf playbook * Removed CTF 3 and changed ctf 2 last task to notify the user on finishing the CTF * Feedbacks * Updated ReadMe files in both packs. * Update links in the questions' description * added dashboard * Removed the special character * Added more images * Changed the gifs in the items * Changed the gifs in the items * Changed the Dashboard * Removed un-required gifs * Updated README.md * added image for the "prepare your CTF" playbook * Updated README.md * Updated the time range for the CTF dashboard * Changed image url in ReadME * Reverted phishing layout * Removed un required gifs * Test images * Added gif to README.md * Removed min server requirement * READ me change again * READ me change again * READ me change again * Fix validations * Fix validations * Fix validations * Fix validations * Fix validations * Updated gifs on CTF2BF.py * push fix for the investigation tab and the rdp brute force tab * Fixing validations * Format + Generate docs * Format / Validations * Format / Validations * Format / Validations * Format / Validations * python fixes + tests skeleton * Format / Validations * Format / Validations * Format / Validations * Format / Validations * Format / Validations * Format / Validations * Format / Validations * Format / Validations * Format / Validations * Format / Validations * Format / Validations * Format / Validations * Format / Validations * Format / Validations * Format / Validations * Format / Validations * Format / Validations * Format / Validations * Format / Validations * Format / Validations * Format / Validations * Format / Validations * fix test * fix test * fix test * Fix predefined values * Changed malicious hashes * Changed the size of the presented gif * Review fixes * Review fixes * Review fixes * Review fixes * Review fixes * Review fixes * Updated docker image * Removed threat hunting section to avoid polling mechanism * Fixed the incident field association with an incident type * Fixed the incident field association with an incident type * fixed default fromversion on all content items * fixed default fromversion on all content items * Format * Format * Format * Format * Format * updated pack MP * update pack ignore * reverted pack ignore + changed fromVersion 6.9/6.10 to 8.2 + changed MP to xsoar * fix * Reverted changes on test_content.py --------- Co-authored-by: Jas Beilin <[email protected]> Co-authored-by: yucohen <[email protected]>
SEKOIA-IO · Nov 5, 2023 · fefbbae · fefbbae
1 parent c59e6ae
commit fefbbae
Show file tree

Hide file tree

Showing 78 changed files with 15,967 additions and 0 deletions.
diff --git a/Packs/CTF02/.pack-ignore b/Packs/CTF02/.pack-ignore
@@ -0,0 +1,5 @@
+[file:playbook-CTF_2_-_Classify_an_incident_RDP_Brute_force.yml]
+ignore=PB105
+
+[file:incidentfield-CTF02.json]
+ignore=IF113,IF115
diff --git a/Packs/CTF02/.secrets-ignore b/Packs/CTF02/.secrets-ignore
@@ -0,0 +1 @@
+137.184.208.116
diff --git a/Packs/CTF02/IncidentFields/incidentfield-CTF02.json b/Packs/CTF02/IncidentFields/incidentfield-CTF02.json
@@ -0,0 +1,33 @@
+{
+    "associatedToAll": false,
+    "associatedTypes": [
+        "CTF02"
+    ],
+    "caseInsensitive": true,
+    "cliName": "ctf02",
+    "closeForm": false,
+    "content": true,
+    "editForm": false,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_ctf02",
+    "isReadOnly": true,
+    "locked": false,
+    "name": "CTF02",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "propagationLabels": [
+        "all"
+    ],
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "timer",
+    "unmapped": false,
+    "unsearchable": false,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "8.2.0"
+}
diff --git a/Packs/CTF02/IncidentTypes/ctf02.json b/Packs/CTF02/IncidentTypes/ctf02.json
@@ -0,0 +1,29 @@
+{
+    "id": "CTF02",
+    "version": -1,
+    "vcShouldIgnore": false,
+    "locked": false,
+    "name": "CTF02",
+    "prevName": "CTF02",
+    "color": "#B1EE95",
+    "playbookId": "CTF 2 - Classify an incident - RDP Brute force",
+    "hours": 0,
+    "days": 0,
+    "weeks": 0,
+    "hoursR": 0,
+    "daysR": 0,
+    "weeksR": 0,
+    "system": false,
+    "readonly": false,
+    "default": false,
+    "autorun": false,
+    "disabled": false,
+    "reputationCalc": 0,
+    "onChangeRepAlg": 0,
+    "detached": false,
+    "extractSettings": {
+        "mode": "All",
+        "fieldCliNameToExtractSettings": {}
+    },
+    "fromVersion": "8.2.0"
+}
diff --git a/Packs/CTF02/Playbooks/CTF-X.yml b/Packs/CTF02/Playbooks/CTF-X.yml
@@ -0,0 +1,86 @@
+id: CTF-X
+version: -1
+name: CTF-X
+description: Not so easy...
+starttaskid: "0"
+tasks:
+  "0":
+    id: "0"
+    taskid: d38d5ce9-a270-402b-891d-246790a39f56
+    type: start
+    task:
+      id: d38d5ce9-a270-402b-891d-246790a39f56
+      version: -1
+      name: ""
+      iscommand: false
+      brand: ""
+      description: ''
+    nexttasks:
+      '#none#':
+      - "1"
+    separatecontext: false
+    continueonerrortype: ""
+    view: |-
+      {
+        "position": {
+          "x": 450,
+          "y": 50
+        }
+      }
+    note: false
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: false
+    quietmode: 0
+    isoversize: false
+    isautoswitchedtoquietmode: false
+  "1":
+    id: "1"
+    taskid: 30113f7f-a14d-4383-80fe-68af175c88e0
+    type: regular
+    task:
+      id: 30113f7f-a14d-4383-80fe-68af175c88e0
+      version: -1
+      name: Print me
+      description: Prints text to war room (Markdown supported)
+      scriptName: Print
+      type: regular
+      iscommand: false
+      brand: ""
+    scriptarguments:
+      value:
+        simple: "the flag is: playbooksareawesome"
+    separatecontext: false
+    continueonerrortype: ""
+    view: |-
+      {
+        "position": {
+          "x": 450,
+          "y": 200
+        }
+      }
+    note: false
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: false
+    quietmode: 0
+    isoversize: false
+    isautoswitchedtoquietmode: false
+view: |-
+  {
+    "linkLabelsPosition": {},
+    "paper": {
+      "dimensions": {
+        "height": 245,
+        "width": 380,
+        "x": 450,
+        "y": 50
+      }
+    }
+  }
+inputs: []
+outputs: []
+quiet: true
+tests:
+- No tests (auto formatted)
+fromversion: 8.2.0
diff --git a/Packs/CTF02/Playbooks/CTF-X_README.md b/Packs/CTF02/Playbooks/CTF-X_README.md
@@ -0,0 +1,38 @@
+Not so easy...
+This Playbook has only one task and is part of the CTF challange.
+
+## Dependencies
+
+This playbook uses the following sub-playbooks, integrations, and scripts.
+
+### Sub-playbooks
+
+This playbook does not use any sub-playbooks.
+
+### Integrations
+
+This playbook does not use any integrations.
+
+### Scripts
+
+* Print
+
+### Commands
+
+This playbook does not use any commands.
+
+## Playbook Inputs
+
+---
+There are no inputs for this playbook.
+
+## Playbook Outputs
+
+---
+There are no outputs for this playbook.
+
+## Playbook Image
+
+---
+
+![CTF-X](../doc_files/CTF-X.png)