Merge branch 'Doppel-v1.0.0' into Updated-Mirroring

Packs/Doppel/Classifiers/classifier-Doppel_Incoming.json

@@ -0,0 +1,298 @@
+{
+	"brands": null,
+	"cacheVersn": 0,
+	"defaultIncidentType": "",
+	"definitionId": "",
+	"description": "",
+	"feed": false,
+	"fromServerVersion": "",
+	"id": "d1d1bfa4-c898-4eae-8a72-1e36d11ebbf2",
+	"incidentSamples": null,
+	"indicatorSamples": null,
+	"instanceIds": null,
+	"itemVersion": "",
+	"keyTypeMap": {},
+	"locked": false,
+	"logicalVersion": 13,
+	"mapping": {
+		"Doppel Alert": {
+			"dontMapEventToLabels": false,
+			"internalMapping": {
+				"Additional Indicators": {
+					"simple": "entity"
+				},
+				"Alert ID": {
+					"simple": "id"
+				},
+				"Alert Source": {
+					"simple": "source"
+				},
+				"Alert tags": {
+					"simple": "tags"
+				},
+				"Audit Log History": {
+					"simple": "audit_logs"
+				},
+				"Block Indicators Status": {
+					"simple": "entity_state"
+				},
+				"External Link": {
+					"simple": "doppel_link"
+				},
+				"External Severity": {
+					"simple": "severity"
+				},
+				"Selected Indicators": {
+					"simple": "entity"
+				},
+				"Source Created By": {
+					"simple": "uploaded_by"
+				},
+				"State": {
+					"simple": "queue_state"
+				},
+				"Vulnerable Product": {
+					"simple": "brand"
+				},
+				"created_at": {
+					"simple": "created_at"
+				},
+				"entity": {
+					"simple": "entity"
+				},
+				"entity_content.root_domain.contact_email": {
+					"simple": "entity_content.root_domain.contact_email"
+				},
+				"entity_content.root_domain.country_code": {
+					"simple": "entity_content.root_domain.country_code"
+				},
+				"entity_content.root_domain.domain": {
+					"simple": "entity_content.root_domain.domain"
+				},
+				"entity_content.root_domain.hosting_provider": {
+					"simple": "entity_content.root_domain.hosting_provider"
+				},
+				"entity_content.root_domain.ip_address": {
+					"simple": "entity_content.root_domain.ip_address"
+				},
+				"entity_content.root_domain.mx_records": {
+					"simple": "mx_records"
+				},
+				"entity_content.root_domain.nameservers\t": {
+					"simple": "nameservers"
+				},
+				"entity_content.root_domain.registrar\t": {
+					"simple": "entity_content.root_domain.registrar"
+				},
+				"entity_state": {
+					"simple": "entity_state"
+				},
+				"notes": {
+					"simple": "notes"
+				},
+				"platform": {
+					"simple": "platform"
+				},
+				"product": {
+					"simple": "product"
+				},
+				"queue_state": {
+					"simple": "queue_state"
+				},
+				"severity": {
+					"simple": "severity"
+				},
+				"source": {
+					"simple": "source"
+				},
+				"sourceBrand": {
+					"simple": "brand"
+				},
+				"uploaded_by": {
+					"simple": "uploaded_by"
+				}
+			}
+		},
+		"dbot_classification_incident_type_all": {
+			"dontMapEventToLabels": true,
+			"internalMapping": {
+				"Additional Indicators": {
+					"simple": "entity"
+				},
+				"Audit Logs": {
+					"simple": "audit_logs.[]."
+				},
+				"Audit_logs_History": {
+					"simple": "audit_logs.[]"
+				},
+				"Audit_logs_info": {
+					"simple": "audit_logs.[]"
+				},
+				"Block Indicators Status": {
+					"simple": "entity_state"
+				},
+				"Created At": {
+					"simple": "created_at"
+				},
+				"Doppel  Alert Brand": {
+					"simple": "brand"
+				},
+				"Doppel Alert ID": {
+					"simple": "id"
+				},
+				"Doppel Audit Logs": {
+					"simple": "audit_logs.[]."
+				},
+				"Doppel Brand": {
+					"simple": "brand"
+				},
+				"Doppel Created At": {
+					"simple": "created_at"
+				},
+				"Doppel Entity": {
+					"simple": "entity"
+				},
+				"Doppel Entity Content": {
+					"simple": "entity_content"
+				},
+				"Doppel Entity State": {
+					"simple": "entity_state"
+				},
+				"Doppel Link": {
+					"simple": "doppel_link"
+				},
+				"Doppel Notes": {
+					"simple": "notes"
+				},
+				"Doppel Platform": {
+					"simple": "platform"
+				},
+				"Doppel Product": {
+					"simple": "product"
+				},
+				"Doppel Queue State": {
+					"simple": "queue_state"
+				},
+				"Doppel Severity": {
+					"simple": "severity"
+				},
+				"Doppel Source": {
+					"simple": "source"
+				},
+				"Doppel Tags": {
+					"simple": "tags"
+				},
+				"Doppel Uploaded By": {
+					"simple": "uploaded_by"
+				},
+				"Entity": {
+					"simple": "entity"
+				},
+				"Entity Content": {
+					"simple": "entity_content"
+				},
+				"Entity State": {
+					"simple": "entity_state"
+				},
+				"External Link": {
+					"simple": "doppel_link"
+				},
+				"External Severity": {
+					"simple": "severity"
+				},
+				"Notes": {
+					"simple": "notes"
+				},
+				"Platform": {
+					"simple": "platform"
+				},
+				"Product": {
+					"simple": "product"
+				},
+				"Queue State": {
+					"simple": "queue_state"
+				},
+				"Selected Indicators": {
+					"simple": "entity"
+				},
+				"Source Created By": {
+					"simple": "uploaded_by"
+				},
+				"State": {
+					"simple": "queue_state"
+				},
+				"Tags": {
+					"simple": "tags"
+				},
+				"Uploaded By": {
+					"simple": "uploaded_by"
+				},
+				"Vulnerable Product": {
+					"simple": "brand"
+				},
+				"created_at": {
+					"simple": "created_at"
+				},
+				"dbotMirrorDirection": {
+					"simple": "mirror_direction"
+				},
+				"dbotMirrorId": {
+					"simple": "id"
+				},
+				"dbotMirrorInstance": {
+					"simple": "mirror_instance"
+				},
+				"entity": {
+					"simple": "entity"
+				},
+				"entity_content.root_domain.registrar\t": {
+					"simple": "entity_content.root_domain.registrar"
+				},
+				"entity_state": {
+					"simple": "entity_state"
+				},
+				"notes": {
+					"simple": "notes"
+				},
+				"occurred": {
+					"simple": "created_at"
+				},
+				"platform": {
+					"simple": "platform"
+				},
+				"product": {
+					"simple": "product"
+				},
+				"queue_state": {
+					"simple": "queue_state"
+				},
+				"severity": {
+					"simple": "severity"
+				},
+				"source": {
+					"simple": "source"
+				},
+				"sourceBrand": {
+					"simple": "brand"
+				},
+				"uploaded_by": {
+					"simple": "uploaded_by"
+				}
+			}
+		}
+	},
+	"name": "Doppel Incoming",
+	"nameRaw": "Doppel Incoming",
+	"packID": "c3beb3d4-5d11-46e9-85ec-87a0586dd624",
+	"packName": "Fields",
+	"propagationLabels": [
+		"all"
+	],
+	"sourceClassifierId": "",
+	"system": false,
+	"toServerVersion": "",
+	"transformer": {},
+	"type": "mapping-incoming",
+	"unclassifiedCases": null,
+	"version": -1
+}

Packs/Doppel/Classifiers/classifier-Doppel_Outgoing.json

@@ -0,0 +1,49 @@
+{
+	"brands": null,
+	"cacheVersn": 0,
+	"defaultIncidentType": "",
+	"definitionId": "",
+	"description": "",
+	"feed": false,
+	"fromServerVersion": "",
+	"id": "602a520c-d5d3-45c8-8cd8-5fbbaa6e93ed",
+	"incidentSamples": null,
+	"indicatorSamples": null,
+	"instanceIds": null,
+	"itemVersion": "",
+	"keyTypeMap": {},
+	"locked": false,
+	"logicalVersion": 2,
+	"mapping": {
+		"Doppel Alert": {
+			"dontMapEventToLabels": false,
+			"internalMapping": {
+				"queue_state": {
+					"simple": "queuestate"
+				}
+			}
+		},
+		"dbot_classification_incident_type_all": {
+			"dontMapEventToLabels": false,
+			"internalMapping": {
+				"Queue State": {
+					"simple": "labels.queue_state"
+				}
+			}
+		}
+	},
+	"name": "Doppel Outgoing",
+	"nameRaw": "Doppel Outgoing",
+	"packID": "c3beb3d4-5d11-46e9-85ec-87a0586dd624",
+	"packName": "Fields",
+	"propagationLabels": [
+		"all"
+	],
+	"sourceClassifierId": "",
+	"system": false,
+	"toServerVersion": "",
+	"transformer": {},
+	"type": "mapping-outgoing",
+	"unclassifiedCases": null,
+	"version": -1
+}